"""Application configuration. Twelve-factor: everything is read from the environment. Defaults are development-friendly; production supplies real values via the compose `.env`. No secrets or endpoints are hard-coded. """ from functools import lru_cache from pydantic import Field from pydantic_settings import BaseSettings, SettingsConfigDict class Settings(BaseSettings): model_config = SettingsConfigDict( env_file=".env", env_file_encoding="utf-8", extra="ignore", ) app_name: str = "Provenance" version: str = "0.0.0" app_env: str = Field(default="development", description="development | production") # --- Instance owner / operator --- # Email(s) of the instance owner(s) — the operator(s) who run this server. # The matching account(s) get instance-admin rights (instance-wide settings; # see /api/v1/admin). Comma-separated for several. Empty = no designated # owner (the instance has no operator account). Derived at request time, so # changing it takes effect immediately with no migration or DB state. owner_email: str = "" def owner_emails(self) -> frozenset[str]: """Normalized (lowercased, trimmed) owner emails; empty if none set.""" return frozenset(e.strip().lower() for e in self.owner_email.split(",") if e.strip()) # SQLAlchemy async URL, e.g. postgresql+asyncpg://user:pass@host:5432/db database_url: str = Field( default="postgresql+asyncpg://provenance:provenance@localhost:5432/provenance", ) # --- Auth / sessions --- session_ttl_days: int = 30 token_ttl_hours: int = 24 # email-verify / password-reset token lifetime cookie_name: str = "provenance_session" cookie_secure: bool = True # set false for local http; true behind TLS # Base URL used to build links in outbound email. app_base_url: str = "http://localhost" # --- Object storage (S3-compatible / MinIO) --- s3_endpoint_url: str = "http://minio:9000" s3_bucket: str = "provenance" s3_access_key: str = "provenance" s3_secret_key: str = "change-me-too" s3_region: str = "us-east-1" s3_presign_ttl: int = 3600 # seconds # --- Worker --- purge_interval_seconds: int = 3600 # how often to run the soft-delete purge purge_after_days: int = 30 # soft-deleted rows older than this are purged # --- Email (SMTP) --- # When true, a user with no verified email gets no active session (login is # refused and existing sessions stop resolving). Default false so self-hosts # without SMTP — and accounts created before this gate existed — aren't # locked out; operators turn it on once mail works and accounts are verified. require_email_verification: bool = False mailer: str = Field(default="console", description="console | smtp") smtp_host: str | None = None smtp_port: int = 587 smtp_username: str | None = None smtp_password: str | None = None smtp_from: str = "Provenance " # --- Model providers (AI assistant + match-ranking embeddings) --- # Configure as many as you like; each is enabled when its credentials are # present. `default_*_provider` picks which one is used by default. LLM and # embeddings are independent (Anthropic has no embeddings endpoint). default_llm_provider: str = "null" # null | anthropic | openai | xai | ollama default_embedding_provider: str = "null" # null | openai | ollama llm_max_tokens: int = 4096 embedding_dimensions: int = 1536 # must match the embedding model + pgvector column # Anthropic (LLM only) anthropic_api_key: str | None = None anthropic_model: str = "claude-opus-4-8" # OpenAI (LLM + embeddings) openai_api_key: str | None = None openai_base_url: str = "https://api.openai.com/v1" openai_model: str = "gpt-4o" openai_embedding_model: str = "text-embedding-3-small" # xAI / Grok — OpenAI-compatible (LLM) xai_api_key: str | None = None xai_base_url: str = "https://api.x.ai/v1" xai_model: str = "grok-2-latest" # set to your account's current Grok model # Ollama — local, OpenAI-compatible, no key (LLM + embeddings) ollama_enabled: bool = False ollama_base_url: str = "http://localhost:11434/v1" ollama_model: str = "llama3.1" ollama_embedding_model: str = "nomic-embed-text" @lru_cache def get_settings() -> Settings: return Settings()