# Copy to .env and set your keys. Do not commit .env. # OPENAI_API_KEY=sk-your-key-here # # ── Two LLM lanes (different keys / providers) ───────────────────────────── # 1) EMBEDDINGS = Meaning search + indexer (vectors). NOT Anthropic — use Ollama, # OpenAI, Voyage, or DeepInfra. Set in config/local.yaml embedding: { provider, model } and/or: # EMBEDDING_PROVIDER=ollama|openai|voyage|deepinfra EMBEDDING_MODEL=... # Voyage (cloud, non-OpenAI): EMBEDDING_PROVIDER=voyage + VOYAGE_API_KEY # DeepInfra (single-key with chat above; OpenAI-compatible API): # EMBEDDING_PROVIDER=deepinfra + DEEPINFRA_API_KEY # EMBEDDING_MODEL=BAAI/bge-large-en-v1.5 # default; 1024-dim # Other options: Qwen/Qwen3-Embedding-8B (4096), intfloat/multilingual-e5-large-instruct (1024) # NOTE: Switching embedding provider OR dimension requires a vault re-index. # 2) CHAT = proposal Enrich / review hints / completeChat. # Provider order (lib/llm-complete.mjs): # a) KNOWTATION_CHAT_PROVIDER=deepinfra → DeepInfra (Qwen/Llama/Mistral) with # OpenAI/Anthropic fallback if their keys are also set. Single OpenAI-compatible bill; # same DEEPINFRA_API_KEY also works for OpenClaw orchestration (image gen, embeddings, TTS). # b) KNOWTATION_CHAT_PROVIDER=openrouter → OpenRouter (BYO key, OpenAI-compatible). # Requires OPENROUTER_API_KEY. NO fallback to a managed lane on failure: this is a # "bring your own provider" lane (you pay OpenRouter directly; never metered against # Knowtation packs), so an error surfaces instead of silently re-routing your note # text to a metered provider. Explicit-only: adding OPENROUTER_API_KEY alone never # changes the provider for an existing deploy. See # docs/COMPANION-APP-MODEL-ROUTING-AND-ENRICHMENT-ARCHITECTURE.md §4/§6. # c) KNOWTATION_CHAT_PROVIDER=openai|anthropic → lock to that provider (no fallback). # d) Implicit DeepInfra: DEEPINFRA_API_KEY set AND no OpenAI/Anthropic key → DeepInfra. # e) Default: OpenAI → Anthropic → Ollama (unchanged for existing deploys). # KNOWTATION_CHAT_PREFER_ANTHROPIC=1 flips OpenAI/Anthropic order when both are set. # ANTHROPIC_API_KEY= # ANTHROPIC_CHAT_MODEL=claude-3-5-haiku-20241022 # KNOWTATION_CHAT_PREFER_ANTHROPIC=1 # DEEPINFRA_API_KEY= # DEEPINFRA_CHAT_MODEL=Qwen/Qwen2.5-72B-Instruct # default; cheaper hint model: meta-llama/Meta-Llama-3.1-8B-Instruct # KNOWTATION_CHAT_PROVIDER=deepinfra # explicit lock; omit for default OpenAI-first behavior # OPENROUTER_API_KEY= # BYO key for KNOWTATION_CHAT_PROVIDER=openrouter # OPENROUTER_CHAT_MODEL=openai/gpt-4o-mini # default; any OpenRouter model slug, e.g. anthropic/claude-3.5-haiku # OPENROUTER_SITE_URL= # optional attribution → HTTP-Referer header # OPENROUTER_APP_TITLE= # optional attribution → X-Title header # VOYAGE_API_KEY= # when embedding.provider is voyage (see docs/setup.md) # Hub (Phase 11): required for npm run hub (self-hosted). See docs/TWO-PATHS-HOSTED-AND-SELF-HOSTED.md#quick-start-self-hosted # HUB_JWT_SECRET=your-long-random-secret # KNOWTATION_VAULT_PATH=/absolute/path/to/vault (or set in config/local.yaml) # # Gateway → canister authentication (required for production). # Set a strong random secret (64+ hex chars), then call admin_set_gateway_auth_secret on the canister. # CANISTER_AUTH_SECRET= # # Full operator export (all users; hub canister must have secret set — see docs/OPERATOR-BACKUP.md) # KNOWTATION_OPERATOR_EXPORT_URL=https://.icp0.io # KNOWTATION_OPERATOR_EXPORT_KEY=long-random-secret-matching-admin_set_operator_export_secret # KNOWTATION_OPERATOR_EXPORT_DIR=./backups # # Optional: before `dfx deploy hub --network ic`, `npm run canister:release-prep` can export vault(s) to ./backups/ # (same script as `npm run canister:export-backup` and scheduled HTTP vault export — see docs/DEPLOY-HOSTED.md §6) # KNOWTATION_CANISTER_BACKUP_USER_ID=google:123 # KNOWTATION_CANISTER_URL=https://.icp0.io # KNOWTATION_CANISTER_BACKUP_URL= # alias for CANISTER_URL (e.g. CI secret name) # KNOWTATION_CANISTER_BACKUP_VAULT_ID=default # KNOWTATION_CANISTER_BACKUP_VAULT_IDS=default,second # comma-separated; overrides VAULT_ID when set # KNOWTATION_CANISTER_BACKUP_DIR=./backups # KNOWTATION_CANISTER_BACKUP_ENCRYPT_KEY_HEX= # 64 hex chars → AES-256-GCM .json.enc output # KNOWTATION_CANISTER_BACKUP_S3_BUCKET= # KNOWTATION_CANISTER_BACKUP_S3_PREFIX=knowtation-canister-backups/ # KNOWTATION_CANISTER_BACKUP_SKIP_S3=1 # local: skip S3 even if bucket set # AWS_ACCESS_KEY_ID= AWS_SECRET_ACCESS_KEY= AWS_REGION=us-east-1 # # CLI / curl / repo scripts (verify-hosted-hub-api, seed:*, `knowtation propose`) read KNOWTATION_HUB_URL, # KNOWTATION_HUB_TOKEN, KNOWTATION_HUB_VAULT_ID — not *_LOCAL / *_HOSTED. If you use suffixed names in .env, # after `source .env` run exports, e.g. for hosted: # export KNOWTATION_HUB_URL="$KNOWTATION_HUB_URL_HOSTED" # export KNOWTATION_HUB_TOKEN="$KNOWTATION_HUB_TOKEN_HOSTED" # export KNOWTATION_HUB_VAULT_ID="$KNOWTATION_HUB_VAULT_ID_HOSTED" # # Optional proposal LLM (exact names; env locks Settings → Backup checkboxes when set to 1/0 or true/false): # KNOWTATION_HUB_PROPOSAL_REVIEW_HINTS=1 # KNOWTATION_HUB_PROPOSAL_ENRICH=1 # # AIR Improvement D: built-in attestation endpoint (hosted gateway). # When set (32+ chars), the gateway auto-configures KNOWTATION_AIR_ENDPOINT to its own # /api/v1/attest route. All hosted note writes are then attested (HMAC-signed, stored in # Netlify Blobs). Verify any attestation via GET /api/v1/attest/:id. # ATTESTATION_SECRET=your-long-random-secret-min-32-chars # # Hosted memory consolidation (Session 10 / Stream 1 — bridge + gateway). # CONSOLIDATION_LLM_API_KEY: LLM key for hosted consolidation passes; falls back to OPENAI_API_KEY. # CONSOLIDATION_LLM_MODEL: Model to use (default: gpt-4o-mini). # CONSOLIDATION_COST_CAP_USD: Optional daily spend cap per user on the bridge (no cap if unset). # CONSOLIDATION_LLM_API_KEY= # CONSOLIDATION_LLM_MODEL=gpt-4o-mini # CONSOLIDATION_COST_CAP_USD=