docs: translate SESSION_STATE to English + add DEPLOYMENT section to README

Session state fully in English (following STRICT ENGLISH POLICY for production docs).
Added comprehensive Production Deployment section to README with:
- Environment variables table (JWT_SECRET_KEY, ALLOWED_ORIGINS)
- Critical deployment checklist
- Docker production setup example
- Reference to SECURITY_REPORT.md

Addresses:
1. Documentation in English for production files ✓
2. Details on JWT_SECRET_KEY and ALLOWED_ORIGINS for production users ✓

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Daniel Bedeleanu
2026-04-11 14:18:34 +03:00
parent 2574726f78
commit 29dee921f9
2 changed files with 151 additions and 101 deletions

View File

@@ -49,5 +49,36 @@ For more details, see [PROJECT_ARCHITECTURE.md](PROJECT_ARCHITECTURE.md).
---
## 🔐 Security & Production Deployment
### Critical Environment Variables
The application requires the following environment variables for production deployment:
| Variable | Purpose | Example |
|----------|---------|---------|
| **JWT_SECRET_KEY** | JWT token signing key (REQUIRED for production) | `openssl rand -hex 32` |
| **ALLOWED_ORIGINS** | CORS-allowed domain origins (comma-separated) | `https://inventory.example.com,https://api.example.com` |
| **DATA_DIR** | SQLite database location | `/app/data` |
| **LOGS_DIR** | Application logs directory | `/app/logs` |
**⚠️ IMPORTANT:**
- In development, `JWT_SECRET_KEY` defaults to an ephemeral random value, which is reset on restart.
- For production, set `JWT_SECRET_KEY` to a stable, long random string and store it in a secrets manager (AWS Secrets, HashiCorp Vault, etc.).
- `ALLOWED_ORIGINS` **must** be set to your actual production domain(s). Wildcard origins (`*`) are rejected when `allow_credentials=True`.
### Docker Production Deployment
```bash
# Set environment variables
export JWT_SECRET_KEY="$(openssl rand -hex 32)"
export ALLOWED_ORIGINS="https://your-domain.com"
# Launch stack
docker-compose up -d --build
```
For detailed security audit report, see [dev_docs/SECURITY_REPORT.md](dev_docs/SECURITY_REPORT.md).
---
## 📜 AI Operational Rules
AI agents working on this project MUST follow the guidelines in [AI_RULES.md](AI_RULES.md).