# Private npm registry for @bytelyst/* packages (Gitea)
# Required for: pnpm install (dev + CI), Docker builds, Vercel builds
GITEA_NPM_TOKEN=

# Shared product identity
PRODUCT_ID=invttrdg
PRODUCT_DISPLAY_NAME=ByteLyst Trading

# Shared platform-service endpoint
PLATFORM_API_URL=http://localhost:4003/api
PLATFORM_AUTH_ENABLED=true
PLATFORM_JWT_ISSUER=bytelyst-platform
JWT_SECRET=
PLATFORM_JWT_PUBLIC_KEY=
PLATFORM_JWT_JWKS_URL=

# Product backend endpoint (no /api suffix — used by backend-side runtime only)
TRADING_API_URL=http://localhost:4018

# Azure Key Vault — set to enable secret resolution at startup (uses Azure CLI in dev, Managed Identity in prod)
AZURE_KEYVAULT_URL=https://kv-mywisprai.vault.azure.net/

# Cosmos DB control-plane storage (populated from Key Vault if AZURE_KEYVAULT_URL is set)
COSMOS_ENDPOINT=
COSMOS_KEY=
COSMOS_DATABASE=invttrdg

# Azure OpenAI (AI Foundry) — populated from Key Vault if AZURE_KEYVAULT_URL is set
# When set, takes precedence over direct OPENAI_API_KEY for the openai provider slot
AZURE_OPENAI_ENDPOINT=https://swedencentral.api.cognitive.microsoft.com/
AZURE_OPENAI_KEY=
AZURE_OPENAI_DEPLOYMENT=gpt-4o

# Web-specific public envs
# IMPORTANT: VITE_TRADING_API_URL must NOT include /api — web code appends /api/... itself.
NEXT_PUBLIC_PRODUCT_ID=invttrdg
NEXT_PUBLIC_PLATFORM_URL=http://localhost:4003/api
NEXT_PUBLIC_TRADING_API_URL=http://localhost:4018
VITE_PRODUCT_ID=invttrdg
VITE_PLATFORM_URL=http://localhost:4003/api
VITE_TRADING_API_URL=http://localhost:4018

# Mobile public envs
# IMPORTANT: EXPO_PUBLIC_TRADING_API_URL MUST include /api — mobile strips it for socket, uses it for API calls.
EXPO_PUBLIC_PRODUCT_ID=invttrdg
EXPO_PUBLIC_PLATFORM_URL=http://localhost:4003/api
EXPO_PUBLIC_TRADING_API_URL=http://localhost:4018/api

# Backend envs
PORT=4018
NODE_ENV=development
CORS_ALLOWED_ORIGINS=http://localhost:3048,http://localhost:8081

# Feature flags — backend (opt-out model: omit or set =true to enable, set =false to disable)
ENABLE_BACKTEST=false
BACKTEST_CUSTOMER_ENABLED=false
# Tab visibility for non-admin users (defaults to enabled; set =false to hide)
TAB_MARKETPLACE_ENABLED=true
TAB_MEMBERSHIP_ENABLED=true
# Legacy data-plane fallback only. Backend auth prefers platform JWTs.
SUPABASE_URL=
SUPABASE_ANON_KEY=
SUPABASE_SERVICE_ROLE_KEY=