mirror of
https://github.com/bytedance/deer-flow.git
synced 2026-05-04 07:48:26 +00:00
0691c4dda3
* fix(security): allow disabling API docs in production via GATEWAY_ENABLE_DOCS Expose /docs, /redoc, and /openapi.json only when GATEWAY_ENABLE_DOCS=true (default). Setting GATEWAY_ENABLE_DOCS=false disables all three endpoints, preventing unauthorized API surface discovery in production deployments. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * test(security): add unit tests and docs for GATEWAY_ENABLE_DOCS Add 7 tests covering default behavior, env var parsing (case-insensitive, fail-closed), endpoint visibility, and health endpoint independence. Update CONFIGURATION.md and CLAUDE.md with the new toggle. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * style(security): apply ruff formatting to gateway app.py Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Willem Jiang <willem.jiang@gmail.com>
46 lines
1.6 KiB
Plaintext
46 lines
1.6 KiB
Plaintext
# TAVILY API Key
|
|
TAVILY_API_KEY=your-tavily-api-key
|
|
|
|
# Jina API Key
|
|
JINA_API_KEY=your-jina-api-key
|
|
|
|
# InfoQuest API Key
|
|
INFOQUEST_API_KEY=your-infoquest-api-key
|
|
# CORS Origins (comma-separated) - e.g., http://localhost:3000,http://localhost:3001
|
|
# CORS_ORIGINS=http://localhost:3000
|
|
|
|
# Optional:
|
|
# FIRECRAWL_API_KEY=your-firecrawl-api-key
|
|
# VOLCENGINE_API_KEY=your-volcengine-api-key
|
|
# OPENAI_API_KEY=your-openai-api-key
|
|
# GEMINI_API_KEY=your-gemini-api-key
|
|
# DEEPSEEK_API_KEY=your-deepseek-api-key
|
|
# NOVITA_API_KEY=your-novita-api-key # OpenAI-compatible, see https://novita.ai
|
|
# MINIMAX_API_KEY=your-minimax-api-key # OpenAI-compatible, see https://platform.minimax.io
|
|
# VLLM_API_KEY=your-vllm-api-key # OpenAI-compatible
|
|
# FEISHU_APP_ID=your-feishu-app-id
|
|
# FEISHU_APP_SECRET=your-feishu-app-secret
|
|
|
|
# SLACK_BOT_TOKEN=your-slack-bot-token
|
|
# SLACK_APP_TOKEN=your-slack-app-token
|
|
# TELEGRAM_BOT_TOKEN=your-telegram-bot-token
|
|
# DISCORD_BOT_TOKEN=your-discord-bot-token
|
|
|
|
# Enable LangSmith to monitor and debug your LLM calls, agent runs, and tool executions.
|
|
# LANGSMITH_TRACING=true
|
|
# LANGSMITH_ENDPOINT=https://api.smith.langchain.com
|
|
# LANGSMITH_API_KEY=your-langsmith-api-key
|
|
# LANGSMITH_PROJECT=your-langsmith-project
|
|
|
|
# GitHub API Token
|
|
# GITHUB_TOKEN=your-github-token
|
|
|
|
# Database (only needed when config.yaml has database.backend: postgres)
|
|
# DATABASE_URL=postgresql://deerflow:password@localhost:5432/deerflow
|
|
#
|
|
# WECOM_BOT_ID=your-wecom-bot-id
|
|
# WECOM_BOT_SECRET=your-wecom-bot-secret
|
|
|
|
# Set to "false" to disable Swagger UI, ReDoc, and OpenAPI schema in production
|
|
# GATEWAY_ENABLE_DOCS=false
|