withvibe 0.1.9 → 0.1.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -28,7 +28,9 @@ services:
|
|
|
28
28
|
restart: unless-stopped
|
|
29
29
|
environment:
|
|
30
30
|
POSTGRES_USER: ${POSTGRES_USER:-withvibe}
|
|
31
|
-
|
|
31
|
+
# Required — no weak default. `docker compose up` fails fast if unset
|
|
32
|
+
# so an install can never silently come up on a guessable password.
|
|
33
|
+
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?POSTGRES_PASSWORD is required — set a strong value in .env (e.g. openssl rand -hex 24)}
|
|
32
34
|
POSTGRES_DB: ${POSTGRES_DB:-withvibe}
|
|
33
35
|
volumes:
|
|
34
36
|
- postgres-data:/var/lib/postgresql/data
|
|
@@ -49,8 +51,11 @@ services:
|
|
|
49
51
|
postgres:
|
|
50
52
|
condition: service_healthy
|
|
51
53
|
environment:
|
|
52
|
-
DATABASE_URL: postgresql://${POSTGRES_USER:-withvibe}:${POSTGRES_PASSWORD
|
|
53
|
-
|
|
54
|
+
DATABASE_URL: postgresql://${POSTGRES_USER:-withvibe}:${POSTGRES_PASSWORD:?POSTGRES_PASSWORD is required}@postgres:5432/${POSTGRES_DB:-withvibe}
|
|
55
|
+
# Signs every session + bridge/MCP/WS token. Required, no default —
|
|
56
|
+
# the api ALSO refuses to boot in production on a weak/placeholder
|
|
57
|
+
# value (see common/startup-secrets.ts). Generate: openssl rand -hex 32
|
|
58
|
+
INTERNAL_JWT_SECRET: "${INTERNAL_JWT_SECRET:?INTERNAL_JWT_SECRET is required - generate with openssl rand -hex 32}"
|
|
54
59
|
ANTHROPIC_API_KEY: ${ANTHROPIC_API_KEY}
|
|
55
60
|
GOOGLE_CLIENT_ID: ${GOOGLE_CLIENT_ID}
|
|
56
61
|
GOOGLE_CLIENT_SECRET: ${GOOGLE_CLIENT_SECRET}
|