# tau-rag production environment variables
# Copy to .env (gitignored) and fill in real values before `docker compose up`.

# ==================================================== CORE
# Preset: mock | no_llm | hebrew_legal | hebrew_legal_prod | hebrew_dense
TAU_RAG_PRESET=hebrew_legal_prod

# Bind address / port (inside container; map via compose)
TAU_RAG_HOST=0.0.0.0
TAU_RAG_PORT=8000

# Number of uvicorn workers (rule of thumb: 2 × cores)
TAU_RAG_WORKERS=4

# Log level: DEBUG | INFO | WARNING | ERROR
TAU_RAG_LOG_LEVEL=INFO

# Request timeout (seconds) — hard kill above this
TAU_RAG_REQUEST_TIMEOUT_S=30

# ==================================================== AUTH
# Require API keys on all /v1/* endpoints. Highly recommended in prod.
TAU_RAG_AUTH_REQUIRED=true

# Seed an admin API key on first boot (delete after rotating in-app).
# Leave empty to disable auto-seed.
TAU_RAG_SEED_ADMIN_KEY=

# HMAC signing secret (32+ chars, hex or random). Required if hmac enabled.
TAU_RAG_HMAC_SECRET=

# ==================================================== DATA
# Root of the legal corpus. Mount as read-only volume.
LAWDBHEB_ROOT=/data/LawDBHeb

# Which subfolder under LAWDBHEB_ROOT to load (legal_rag_index_hybrid, etc.)
LAWDBHEB_INDEX_SUBFOLDER=legal_rag_index_hybrid

# Persistent runtime directory (signals, snapshots, metrics). Mount as volume.
TAU_RAG_RUNTIME_DIR=/app/runtime

# ==================================================== LLM PROVIDERS
# Only set the one(s) you actually use.
ANTHROPIC_API_KEY=
OPENAI_API_KEY=

# Default generation model (override via preset)
TAU_RAG_LLM_MODEL=claude-sonnet-4-6
TAU_RAG_LLM_TEMPERATURE=0.2
TAU_RAG_LLM_MAX_TOKENS=800

# ==================================================== OBSERVABILITY
# Prometheus scrape endpoint exposed at /metrics when true
TAU_RAG_PROMETHEUS_ENABLED=true

# OpenTelemetry OTLP endpoint (empty = disabled)
OTEL_EXPORTER_OTLP_ENDPOINT=
OTEL_SERVICE_NAME=tau-rag

# Sentry DSN for error tracking (empty = disabled)
SENTRY_DSN=

# ==================================================== HUGGING FACE
# Cache dir for transformers/sentence-transformers (mount as named volume)
HF_HOME=/root/.cache/huggingface

# Optional HF token for gated models
HF_TOKEN=

# ==================================================== RATE LIMITING
# Per-key QPS (0 = unlimited)
TAU_RAG_RATE_LIMIT_QPS=10
TAU_RAG_RATE_LIMIT_BURST=20

# ==================================================== FEATURE FLAGS
# Toggle entire middleware families (per v3.x module)
TAU_RAG_FEAT_SEMANTIC_CACHE=true
TAU_RAG_FEAT_DIVERSITY_RANKER=true
TAU_RAG_FEAT_ANSWER_GROUNDING=true
TAU_RAG_FEAT_ANSWER_HEDGING_DETECTOR=true
TAU_RAG_FEAT_ANSWER_NUMERIC_CONSISTENCY=true
TAU_RAG_FEAT_RANK_STABILITY=true
TAU_RAG_FEAT_QUERY_THROUGHPUT=true