# ====================================================================
# NCII Shield — Environment Configuration
# Copy to .env and fill in real values. NEVER commit .env.
#
# In production, assertProductionEnv() refuses to boot when any of the
# variables marked [REQUIRED] below are missing, empty, or still the
# placeholder ("sk_live_xxx", "change-this-..."). Set them BEFORE the
# first restart.
# ====================================================================

# Server
NODE_ENV=production
PORT=3000
APP_URL=https://takedowns.vesamuni.com
PUBLIC_BASE_URL=https://takedowns.vesamuni.com    # canonical public origin used in emails, alerts, redirects
SESSION_SECRET=2ijAmVfDIz6GFIja2+VIt6hk1USluLTEDc/EgcMAzzHRsPaZe9OvK6f3eX4hqLKr   # [REQUIRED] ≥32 chars; local dev only — rotate for production
TRUST_PROXY=1

# Storage paths
DB_PATH=./data/ncii.sqlite
BACKUP_DIR=./backups
SESSION_DB_DIR=./data

# Bootstrap superadmin (used by seed-admin.js, can be ignored at runtime)
SEED_ADMIN_EMAIL=admin@takedowns.vesamuni.com
SEED_ADMIN_PASSWORD=ChangeThisPassword!123
SEED_ADMIN_NAME=Platform Admin

# Stripe billing — [REQUIRED] in production
# Values below populated by scripts/setup-stripe-products.js against
# account acct_1TdA0qEykDQynLl5 (Vesamuni LLC) on 2026-07-01.
# Key will be ROLLED after production launch — re-run the script to
# re-populate if the key changes.
STRIPE_SECRET_KEY=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
STRIPE_PUBLISHABLE_KEY=pk_live_51TdA0qEykDQynLl5bILUSF2qNoRdtkbwkd4SPWBk4xPmR8b3BLHkCsemRzWqMUCnTT8IvW6oDkwtovworHb9ldtb00NSSZf2h7
STRIPE_WEBHOOK_SECRET=whsec_YrvxIouVlmGgRXR0CI4dowQPg5Hw8gmf
# Pinned API version. Override only after testing against a newer release.
STRIPE_API_VERSION=2026-06-24.dahlia
# Products: prod_UnspzD8qPeYTRT (Standard), prod_UnspOzre4eSE2S (Pro),
#           prod_UnspNWzfYXM7kH (Agency), prod_UnsqmbofIpDelZ (Credit Pack)
# Monthly subscription prices
STRIPE_PRICE_STANDARD=price_1ToH4GEykDQynLl5zUN3jZSe
STRIPE_PRICE_PRO=price_1ToH4IEykDQynLl5OZZOMdQK
STRIPE_PRICE_AGENCY=price_1ToH4KEykDQynLl5jP8PL98k
# Annual prices (~17% off = 2 months free; Agency is per-seat)
STRIPE_PRICE_STANDARD_ANNUAL=price_1ToH4HEykDQynLl5wRnfiV4i
STRIPE_PRICE_PRO_ANNUAL=price_1ToH4JEykDQynLl5iKyS3mhi
STRIPE_PRICE_AGENCY_ANNUAL=price_1ToH4LEykDQynLl5kmT87snC
# One-time credit packs (mode='payment', single charge, no subscription)
STRIPE_PRICE_CREDIT_PACK_SMALL=price_1ToH4MEykDQynLl5E5VL2Zzr
# Webhook endpoint: we_1ToH4NEykDQynLl57ccsPKHR → https://takedowns.vesamuni.com/webhook/stripe
# (updated via Stripe API on 2026-07-02 — was previously takedowns.vesamuni.com)

# Resend transactional email — [REQUIRED]
RESEND_API_KEY=re_eigQEMsV_LLVvG1RosWhWUcYXit5UtxK3   # live (from api_keys table, label test:resend)
RESEND_FROM_EMAIL=noreply@shield.vesamuni.com         # DNS-verified in Resend (was the working sender before rebrand)
RESEND_FROM_NAME=takedowns
RESEND_ALERT_TO=admin@takedowns.vesamuni.com

# Scrape.do (also add via /admin → API Keys)
SCRAPEDO_API_KEY=35a6d8c785764c4085708c3f2703005dad27b30cdb4

# MiniMax AI (also add via /admin → API Keys)
MiniMax_API_KEY=sk-cp-G6gH2k2PLsV9C3aUmLAd8ZRObjSSdPbHqnPPGG5zWHsBui7XGHzQF7Wm_hU1aBsCQ0ODez3dodFQW2DhxoaJwXAdoU-2fCfI8t8L6Z1a1TAvbN8gSBywGgo
MiniMax_API_URL=https://api.minimax.io/v1    # BASE URL only; /chat/completions is appended at call time
MiniMax_MODEL=MiniMax-M2.7

# Daily per-key quota (resets at midnight)
SCRAPEDO_DAILY_QUOTA=950
MiniMax_DAILY_QUOTA=950
RESEND_DAILY_QUOTA=95

# Rate limit
LOGIN_MAX_ATTEMPTS=5
LOGIN_LOCKOUT_MINUTES=15

# ---- Marketing / public-stats display ----
# 1 = return curated showcase numbers (247 removals / 38 active cases /
# 1.4h avg / 96% success) instead of querying the DB. Use while real case
# volume is low so the home page hero doesn't read "7 removals".
# 0 / unset = real DB numbers (default).
# Tunable constants live in routes/public.js → MOCK_STATS. Flip without
# redeploying: sed PUBLIC_STATS_MOCK in /home/<user>/.../.env, then
# `kill -9 <lsnode_pid>` (cPanel Restart button otherwise).
PUBLIC_STATS_MOCK=1