refactor: consolidate environment configuration and add production genesis tooling

- Replace verbose .env.example with concise production-ready template - Add blockchain core, coordinator API, and marketplace web sections - Remove development/production split in favor of single config file - Add create-keystore command to genesis CLI for encrypted key generation - Add init-production command to initialize production chain DB from genesis - Add create_keystore helper function in scripts/keystore.py -
2026-03-20 09:39:52 +01:00
parent eef496b70a
commit 74ab1657f7
5 changed files with 190 additions and 59 deletions
--- a/.env.example
+++ b/.env.example
@@ -1,63 +1,58 @@
-# AITBC Environment Configuration
-# SECURITY NOTICE: Use service-specific environment files
-# 
-# For development, copy from:
-#   config/environments/development/coordinator.env
-#   config/environments/development/wallet-daemon.env
-#
-# For production, use AWS Secrets Manager and Kubernetes secrets
-# Templates available in config/environments/production/
+# AITBC Central Environment Example
+# SECURITY NOTICE: Use a secrets manager for production. Do not commit real secrets.
+# Run: python config/security/environment-audit.py --format text

-# =============================================================================
-# BASIC CONFIGURATION ONLY
-# =============================================================================
-# Application Environment
-APP_ENV=development
-DEBUG=false
-LOG_LEVEL=INFO
+# =========================
+# Blockchain core
+# =========================
+chain_id=ait-mainnet
+supported_chains=ait-mainnet
+rpc_bind_host=0.0.0.0
+rpc_bind_port=8006
+p2p_bind_host=0.0.0.0
+p2p_bind_port=8005
+proposer_id=aitbc1genesis
+proposer_key=changeme_hex_private_key
+keystore_path=/opt/aitbc/keystore
+keystore_password_file=/opt/aitbc/keystore/.password
+gossip_backend=broadcast
+gossip_broadcast_url=redis://127.0.0.1:6379
+db_path=/opt/aitbc/apps/blockchain-node/data/ait-mainnet/chain.db
+mint_per_unit=0
+coordinator_ratio=0.05
+block_time_seconds=60
+enable_block_production=true

-# =============================================================================
-# SECURITY REQUIREMENTS
-# =============================================================================
-# IMPORTANT: Do NOT store actual secrets in this file
-# Use AWS Secrets Manager for production
-# Generate secure keys with: openssl rand -hex 32
+# =========================
+# Coordinator API
+# =========================
+APP_ENV=production
+APP_HOST=127.0.0.1
+APP_PORT=8011
+DATABASE__URL=sqlite:///./data/coordinator.db
+BLOCKCHAIN_RPC_URL=http://127.0.0.1:8026
+ALLOW_ORIGINS=["http://localhost:8011","http://localhost:8000","http://8026"]
+JOB_TTL_SECONDS=900
+HEARTBEAT_INTERVAL_SECONDS=10
+HEARTBEAT_TIMEOUT_SECONDS=30
+RATE_LIMIT_REQUESTS=60
+RATE_LIMIT_WINDOW_SECONDS=60
+CLIENT_API_KEYS=["client_prod_key_use_real_value"]
+MINER_API_KEYS=["miner_prod_key_use_real_value"]
+ADMIN_API_KEYS=["admin_prod_key_use_real_value"]
+HMAC_SECRET=change_this_to_a_32_byte_random_secret
+JWT_SECRET=change_this_to_another_32_byte_random_secret

-# =============================================================================
-# SERVICE CONFIGURATION
-# =============================================================================
-# Choose your service configuration:
-# 1. Copy service-specific .env file from config/environments/
-# 2. Fill in actual values (NEVER commit secrets)
-# 3. Run: python config/security/environment-audit.py
+# =========================
+# Marketplace Web
+# =========================
+VITE_MARKETPLACE_DATA_MODE=live
+VITE_MARKETPLACE_API=/api
+VITE_MARKETPLACE_ENABLE_BIDS=true
+VITE_MARKETPLACE_REQUIRE_AUTH=false

-# =============================================================================
-# DEVELOPMENT QUICK START
-# =============================================================================
-# For quick development setup:
-# cp config/environments/development/coordinator.env .env
-# cp config/environments/development/wallet-daemon.env .env.wallet
-#
-# Then edit the copied files with your values
-
-# =============================================================================
-# PRODUCTION DEPLOYMENT
-# =============================================================================
-# For production deployment:
-# 1. Use AWS Secrets Manager for all sensitive values
-# 2. Reference secrets as: secretRef:secret-name:key
-# 3. Run security audit before deployment
-# 4. Use templates in config/environments/production/
-
-# =============================================================================
-# SECURITY VALIDATION
-# =============================================================================
-# Validate your configuration:
-# python config/security/environment-audit.py --format text
-
-# =============================================================================
-# FOR MORE INFORMATION
-# =============================================================================
-# See: config/security/secret-validation.yaml
-# See: config/security/environment-audit.py
-# See: config/environments/ directory
+# =========================
+# Notes
+# =========================
+# For production: move secrets to a secrets manager and reference via secretRef
+# Validate config: python config/security/environment-audit.py --format text