diff --git a/config/backend.yaml.example b/config/backend.yaml.example new file mode 100644 index 00000000..4b9bebee --- /dev/null +++ b/config/backend.yaml.example @@ -0,0 +1,110 @@ +# ============================================================================= +# TFM aInventory - Backend Configuration Schema (v1.12.0) +# ============================================================================= +# Purpose: Configuration for the FastAPI backend, database, AI, and logging. +# Load order: system environment variables > config/backend.yaml > code defaults. +# Required/Optional: Most are optional; defaults in code provide sensible behavior. +# ============================================================================= + +# --- Database & Storage --- +database: + # Path to SQLite database file (relative to backend/ folder) + # Default: data/inventory.db + # Environment: BACKEND_DATABASE_SQLITE_PATH + sqlite_path: "data/inventory.db" + + # Keep database logs for performance auditing? + # Default: true + # Environment: BACKEND_DATABASE_WAL_MODE + wal_mode: true + + # How many days of audit logs to keep? + # Default: 30 + # Environment: BACKEND_DATABASE_LOG_RETENTION_DAYS + log_retention_days: 30 + +# --- AI & Vision Services --- +ai: + # Primary provider for image OCR and classification (gemini|claude) + # Default: gemini + # Environment: BACKEND_AI_PRIMARY_AI_PROVIDER + primary_ai_provider: "gemini" + + # Fallback provider if primary fails + # Default: claude + # Environment: BACKEND_AI_FALLBACK_PROVIDER + fallback_provider: "claude" + + # Gemini API Key (obtain from https://aistudio.google.com/) + # Environment: BACKEND_AI_GEMINI_API_KEY or GEMINI_API_KEY + gemini_api_key: "your-gemini-api-key" + + # Claude API Key (obtain from Anthropic Console) + # Environment: BACKEND_AI_CLAUDE_API_KEY or CLAUDE_API_KEY + claude_api_key: "your-claude-api-key" + +# --- Authentication & LDAP --- +auth: + # JWT Secret Key (min 32 chars) + # Generate with: openssl rand -hex 32 + # Environment: BACKEND_AUTH_JWT_SECRET_KEY or JWT_SECRET_KEY + jwt_secret_key: "change_me_in_production" + + # LDAP Server address (optional) + # Example: "ldap://192.168.1.100" + # Environment: BACKEND_AUTH_LDAP_SERVER + ldap_server: "" + + # LDAP Base DN for user search + # Example: "dc=example,dc=com" + # Environment: BACKEND_AUTH_LDAP_BASE_DN + ldap_base_dn: "" + + # Path to store hashed passwords for offline use + # Environment: BACKEND_AUTH_PASSWORD_CACHE_PATH + password_cache_path: "data/.passwords" + +# --- Logging & Diagnostics --- +logging: + # Log level (DEBUG|INFO|WARNING|ERROR) + # Default: INFO + # Environment: BACKEND_LOGGING_LOG_LEVEL or LOG_LEVEL + log_level: "INFO" + + # Log file rotation size in megabytes + # Default: 10 + # Environment: BACKEND_LOGGING_LOG_ROTATION_SIZE_MB + log_rotation_size_mb: 10 + + # Number of rotated log files to keep + # Default: 5 + # Environment: BACKEND_LOGGING_LOG_ROTATION_COUNT + log_rotation_count: 5 + +# --- Application --- +application: + # Directory for persistent data + # Environment: BACKEND_APPLICATION_DATA_DIR or DATA_DIR + data_dir: "./data" + + # Directory for log files + # Environment: BACKEND_APPLICATION_LOGS_DIR or LOGS_DIR + logs_dir: "./logs" + + # Comma-separated list of extra allowed CORS origins (IPs/FQDNs) + # Environment: BACKEND_APPLICATION_CORS_ORIGINS or EXTRA_ALLOWED_ORIGINS + cors_origins: "http://localhost:8917" + +# --- Feature Flags --- +features: + # Enable AI image extraction and OCR? + # Default: true + ai_extraction_enabled: true + + # Enable offline synchronization features? + # Default: true + offline_sync_enabled: true + + # Enable detailed audit logging for each API request? + # Default: true + audit_logging_enabled: true diff --git a/config/docker.yaml.example b/config/docker.yaml.example new file mode 100644 index 00000000..4b38b7e9 --- /dev/null +++ b/config/docker.yaml.example @@ -0,0 +1,61 @@ +# ============================================================================= +# TFM aInventory - Docker Configuration Schema (v1.12.0) +# ============================================================================= +# Purpose: Resource limits, image tags, and volume management for Docker. +# ============================================================================= + +# --- Image Management --- +images: + # Backend container image name and tag + # Default: backend:latest + backend_image: "backend:latest" + + # Frontend container image name and tag + # Default: frontend:latest + frontend_image: "frontend:latest" + + # Proxy container image name and tag + # Default: caddy:latest + proxy_image: "caddy:latest" + +# --- Resource Constraints --- +resources: + # CPU limit for the backend container + # Default: 1.0 (1 core) + backend_cpu_limit: "1.0" + + # Memory limit for the backend container + # Default: 1G + backend_memory_limit: "1G" + + # CPU limit for the frontend container + # Default: 0.5 (0.5 core) + frontend_cpu_limit: "0.5" + + # Memory limit for the frontend container + # Default: 512M + frontend_memory_limit: "512M" + +# --- Volume Management --- +volumes: + # Driver to use for data volume + # Default: local + data_volume_driver: "local" + + # Driver to use for logs volume + # Default: local + logs_volume_driver: "local" + + # Use named volumes instead of bind mounts for persistence? + # Default: true + use_named_volumes: true + +# --- Networking --- +network: + # Internal Docker network name + # Default: inventory-net + network_name: "inventory-net" + + # Internal Docker network driver + # Default: bridge + network_driver: "bridge" diff --git a/config/frontend.yaml.example b/config/frontend.yaml.example new file mode 100644 index 00000000..a4de88a9 --- /dev/null +++ b/config/frontend.yaml.example @@ -0,0 +1,63 @@ +# ============================================================================= +# TFM aInventory - Frontend Configuration Schema (v1.12.0) +# ============================================================================= +# Purpose: Configuration for the Next.js frontend application. +# ============================================================================= + +# --- API Connection --- +api: + # Base URL of the backend API + # Default: http://localhost:8916 + # Environment: FRONTEND_API_BACKEND_URL or BACKEND_URL + backend_url: "http://localhost:8916" + + # API timeout in milliseconds + # Default: 30000 (30 seconds) + # Environment: FRONTEND_API_TIMEOUT_MS + timeout_ms: 30000 + +# --- Feature Flags & PWA --- +features: + # Enable PWA service worker? + # Default: true + service_worker_enabled: true + + # Enable offline functionality? + # Default: true + offline_enabled: true + + # Enable AI image extraction UI features? + # Default: true + ai_extraction_ui_enabled: true + +# --- PWA Branding --- +pwa: + # Application long name + # Default: TFM aInventory + app_name: "TFM aInventory" + + # Application short name for home screen + # Default: aInventory + short_name: "aInventory" + + # Initial URL to open on launch + # Default: / + start_url: "/" + + # Display mode (standalone|browser|minimal-ui|fullscreen) + # Default: standalone + display_mode: "standalone" + +# --- Feature Toggles --- +toggles: + # Enable built-in QR code scanner? + # Default: true + enable_qr_scanner: true + + # Enable built-in barcode scanner? + # Default: true + enable_barcode_scanner: true + + # Enable batch import functionality? + # Default: true + enable_batch_import: true diff --git a/config/network.yaml.example b/config/network.yaml.example new file mode 100644 index 00000000..c3543fff --- /dev/null +++ b/config/network.yaml.example @@ -0,0 +1,73 @@ +# ============================================================================= +# TFM aInventory - Network Configuration Schema (v1.12.0) +# ============================================================================= +# Purpose: Network ports, SSL settings, and proxy configuration. +# ============================================================================= + +# --- Port Assignments --- +ports: + # Host-side port for HTTP backend + # Default: 8916 + # Environment: NETWORK_PORTS_BACKEND_PORT or BACKEND_PORT + backend_port: 8916 + + # Host-side port for HTTP frontend + # Default: 8917 + # Environment: NETWORK_PORTS_FRONTEND_PORT or FRONTEND_PORT + frontend_port: 8917 + + # Host-side port for HTTPS backend (via Caddy) + # Default: 8918 + # Environment: NETWORK_PORTS_BACKEND_SSL_PORT or BACKEND_SSL_PORT + backend_ssl_port: 8918 + + # Host-side port for HTTPS frontend (via Caddy) + # Default: 8919 + # Environment: NETWORK_PORTS_FRONTEND_SSL_PORT or FRONTEND_SSL_PORT + frontend_ssl_port: 8919 + +# --- SSL & Security --- +ssl: + # Enable SSL/TLS termination via reverse proxy? + # Default: true + # Environment: NETWORK_SSL_ENABLED + ssl_enabled: true + + # Path to SSL certificate (if not using Caddy's auto-HTTPS) + # Environment: NETWORK_SSL_CERTIFICATE_PATH + certificate_path: "" + + # Path to SSL private key + # Environment: NETWORK_SSL_KEY_PATH + key_path: "" + +# --- Proxy (Caddy) Configuration --- +proxy: + # Caddy log level (debug|info|warn|error) + # Default: info + # Environment: NETWORK_PROXY_CADDY_LOG_LEVEL + caddy_log_level: "info" + + # Maximum timeout for reading requests in seconds + # Default: 60 + # Environment: NETWORK_PROXY_READ_TIMEOUT_S + proxy_read_timeout_s: 60 + + # Maximum request body size in MB + # Default: 10 + # Environment: NETWORK_PROXY_MAX_REQUEST_SIZE_MB + max_request_size_mb: 10 + +# --- CORS Policies --- +cors: + # Comma-separated list of allowed origins + # Environment: NETWORK_CORS_ALLOWED_ORIGINS or EXTRA_ALLOWED_ORIGINS + allowed_origins: "*" + + # Allowed HTTP methods + # Environment: NETWORK_CORS_ALLOWED_METHODS + allowed_methods: "GET,POST,PUT,DELETE,OPTIONS" + + # Allowed HTTP headers + # Environment: NETWORK_CORS_ALLOWED_HEADERS + allowed_headers: "Authorization,Content-Type,Accept" diff --git a/config/secrets.yaml.example b/config/secrets.yaml.example new file mode 100644 index 00000000..4c08b906 --- /dev/null +++ b/config/secrets.yaml.example @@ -0,0 +1,34 @@ +# ============================================================================= +# TFM aInventory - Secrets Configuration Template (v1.12.0) +# ============================================================================= +# Purpose: Sensitive configuration (API keys, passwords, secret keys). +# Security: 'config/secrets.yaml' is ignored by Git. Do NOT commit actual secrets. +# Setup: Copy this file to 'config/secrets.yaml' and fill in actual values. +# ============================================================================= + +# --- JWT Secrets --- +# Secret key used for signing JSON Web Tokens. +# Generate a strong random key for production use: +# python3 -c "import secrets; print(secrets.token_urlsafe(64))" +# Environment override: BACKEND_AUTH_JWT_SECRET_KEY or JWT_SECRET_KEY +JWT_SECRET_KEY: "CHANGE_ME_IN_PRODUCTION_MIN_32_CHARS" + +# --- AI API Keys --- +# Google Gemini API Key (Required for AI image processing) +# Get one at: https://aistudio.google.com/ +# Environment override: BACKEND_AI_GEMINI_API_KEY or GEMINI_API_KEY +GEMINI_API_KEY: "your-gemini-api-key" + +# Anthropic Claude API Key (Required for fallback/enhanced processing) +# Get one at: https://console.anthropic.com/ +# Environment override: BACKEND_AI_CLAUDE_API_KEY or CLAUDE_API_KEY +CLAUDE_API_KEY: "your-claude-api-key" + +# --- External Services --- +# Database password (if using an external DB instead of SQLite) +# Environment override: BACKEND_DATABASE_PASSWORD +DATABASE_PASSWORD: "" + +# LDAP password for the service account +# Environment override: BACKEND_AUTH_LDAP_PASSWORD +LDAP_PASSWORD: ""