# copy this to .env and fill in your values
# don't commit your actual .env file

APP_NAME=SecureLens AI
APP_VERSION=1.1.0
DEBUG=true

HOST=0.0.0.0
PORT=8000

# comma-separated, add your frontend origin here
CORS_ORIGINS=http://localhost:3000,http://localhost:5173

RATE_LIMIT=30/minute

# how long to wait when scanning a URL (seconds)
SCAN_TIMEOUT=5
PATH_CHECK_TIMEOUT=3

DATABASE_URL=postgresql+asyncpg://securelens:securelens@localhost:5433/securelens

# change this in production, use something long and random
JWT_SECRET=change-me-in-production-use-a-long-random-string

# AI provider - uses LiteLLM so you can swap models by changing these two lines
# gemini (default)
AI_MODEL=gemini/gemini-2.0-flash
AI_API_KEY=your-api-key-here

# openai — uncomment to use instead
# AI_MODEL=gpt-4o-mini
# AI_API_KEY=sk-...

# anthropic claude — uncomment to use instead
# AI_MODEL=claude-3-5-haiku-20241022
# AI_API_KEY=sk-ant-...

# openrouter — one key for all models
# AI_MODEL=openrouter/google/gemini-2.0-flash-exp:free
# AI_API_KEY=sk-or-...

# ollama (local, no key needed)
# AI_MODEL=ollama/llama3.1
# AI_API_KEY=

# old gemini key still works if you haven't migrated yet
# GEMINI_API_KEY=

# threat intelligence — both have free tiers, leave blank to skip
# virustotal.com — 500 lookups/day free
VIRUSTOTAL_API_KEY=
# abuseipdb.com — 1000 lookups/day free
ABUSEIPDB_API_KEY=

# nuclei active scanner — leave blank if nuclei isn't installed
# it'll search PATH automatically, or set an explicit path here
# install: go install github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
NUCLEI_BINARY_PATH=

# slack alerts — paste your incoming webhook URL here to get notified on scan completion
# and score regressions. leave blank to skip
# create one at: https://api.slack.com/messaging/webhooks
SLACK_WEBHOOK_URL=

# email alerts via SMTP — leave SMTP_HOST blank to skip
# works with gmail app passwords, sendgrid, etc.
SMTP_HOST=
SMTP_PORT=587
SMTP_USERNAME=
SMTP_PASSWORD=
SMTP_FROM_EMAIL=
# set to true if your provider uses port 465 (SSL), false for port 587 (STARTTLS)
SMTP_USE_SSL=false