docs: translate SESSION_STATE to English + add DEPLOYMENT section to README
Session state fully in English (following STRICT ENGLISH POLICY for production docs). Added comprehensive Production Deployment section to README with: - Environment variables table (JWT_SECRET_KEY, ALLOWED_ORIGINS) - Critical deployment checklist - Docker production setup example - Reference to SECURITY_REPORT.md Addresses: 1. Documentation in English for production files ✓ 2. Details on JWT_SECRET_KEY and ALLOWED_ORIGINS for production users ✓ Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
31
README.md
31
README.md
@@ -49,5 +49,36 @@ For more details, see [PROJECT_ARCHITECTURE.md](PROJECT_ARCHITECTURE.md).
|
||||
|
||||
---
|
||||
|
||||
## 🔐 Security & Production Deployment
|
||||
|
||||
### Critical Environment Variables
|
||||
The application requires the following environment variables for production deployment:
|
||||
|
||||
| Variable | Purpose | Example |
|
||||
|----------|---------|---------|
|
||||
| **JWT_SECRET_KEY** | JWT token signing key (REQUIRED for production) | `openssl rand -hex 32` |
|
||||
| **ALLOWED_ORIGINS** | CORS-allowed domain origins (comma-separated) | `https://inventory.example.com,https://api.example.com` |
|
||||
| **DATA_DIR** | SQLite database location | `/app/data` |
|
||||
| **LOGS_DIR** | Application logs directory | `/app/logs` |
|
||||
|
||||
**⚠️ IMPORTANT:**
|
||||
- In development, `JWT_SECRET_KEY` defaults to an ephemeral random value, which is reset on restart.
|
||||
- For production, set `JWT_SECRET_KEY` to a stable, long random string and store it in a secrets manager (AWS Secrets, HashiCorp Vault, etc.).
|
||||
- `ALLOWED_ORIGINS` **must** be set to your actual production domain(s). Wildcard origins (`*`) are rejected when `allow_credentials=True`.
|
||||
|
||||
### Docker Production Deployment
|
||||
```bash
|
||||
# Set environment variables
|
||||
export JWT_SECRET_KEY="$(openssl rand -hex 32)"
|
||||
export ALLOWED_ORIGINS="https://your-domain.com"
|
||||
|
||||
# Launch stack
|
||||
docker-compose up -d --build
|
||||
```
|
||||
|
||||
For detailed security audit report, see [dev_docs/SECURITY_REPORT.md](dev_docs/SECURITY_REPORT.md).
|
||||
|
||||
---
|
||||
|
||||
## 📜 AI Operational Rules
|
||||
AI agents working on this project MUST follow the guidelines in [AI_RULES.md](AI_RULES.md).
|
||||
|
||||
Reference in New Issue
Block a user