feat(#37-41): Add domains, ideas, relationships, agents, widgets schema

Schema additions for issues #37-41: New models: - Domain (#37): Life domains (work, marriage, homelab, etc.) - Idea (#38): Brain dumps with pgvector embeddings - Relationship (#39): Generic entity linking (blocks, depends_on) - Agent (#40): ClawdBot agent tracking with metrics - AgentSession (#40): Conversation session tracking - WidgetDefinition (#41): HUD widget registry - UserLayout (#41): Per-user dashboard configuration Updated models: - Task, Event, Project: Added domainId foreign key - User, Workspace: Added new relations New enums: - IdeaStatus: CAPTURED, PROCESSING, ACTIONABLE, ARCHIVED, DISCARDED - RelationshipType: BLOCKS, BLOCKED_BY, DEPENDS_ON, etc. - AgentStatus: IDLE, WORKING, WAITING, ERROR, TERMINATED - EntityType: Added IDEA, DOMAIN Migration: 20260129182803_add_domains_ideas_agents_widgets
2026-01-29 12:29:21 -06:00
parent a220c2dc0a
commit 973502f26e
308 changed files with 18374 additions and 113 deletions
--- a/.env.example
+++ b/.env.example
@@ -1,30 +1,132 @@
-# API Configuration
+# ==============================================
+# Mosaic Stack Environment Configuration
+# ==============================================
+# Copy this file to .env and customize for your environment
+
+# ======================
+# Application Ports
+# ======================
 API_PORT=3001
 API_HOST=0.0.0.0
+WEB_PORT=3000

+# ======================
 # Web Configuration
+# ======================
 NEXT_PUBLIC_API_URL=http://localhost:3001

-# Database
-DATABASE_URL=postgresql://mosaic:mosaic_dev_password@localhost:5432/mosaic
+# ======================
+# PostgreSQL Database
+# ======================
+# SECURITY: Change POSTGRES_PASSWORD to a strong random password in production
+DATABASE_URL=postgresql://mosaic:REPLACE_WITH_SECURE_PASSWORD@localhost:5432/mosaic
 POSTGRES_USER=mosaic
-POSTGRES_PASSWORD=mosaic_dev_password
+POSTGRES_PASSWORD=REPLACE_WITH_SECURE_PASSWORD
 POSTGRES_DB=mosaic
 POSTGRES_PORT=5432

-# Valkey (Redis-compatible cache)
+# PostgreSQL Performance Tuning (Optional)
+POSTGRES_SHARED_BUFFERS=256MB
+POSTGRES_EFFECTIVE_CACHE_SIZE=1GB
+POSTGRES_MAX_CONNECTIONS=100
+
+# ======================
+# Valkey Cache (Redis-compatible)
+# ======================
 VALKEY_URL=redis://localhost:6379
 VALKEY_PORT=6379
+VALKEY_MAXMEMORY=256mb

+# ======================
 # Authentication (Authentik OIDC)
+# ======================
+# Authentik Server URLs
 OIDC_ISSUER=https://auth.example.com/application/o/mosaic-stack/
-OIDC_CLIENT_ID=your-client-id
-OIDC_CLIENT_SECRET=your-client-secret
+OIDC_CLIENT_ID=your-client-id-here
+OIDC_CLIENT_SECRET=your-client-secret-here
 OIDC_REDIRECT_URI=http://localhost:3001/auth/callback

+# Authentik PostgreSQL Database
+AUTHENTIK_POSTGRES_USER=authentik
+AUTHENTIK_POSTGRES_PASSWORD=REPLACE_WITH_SECURE_PASSWORD
+AUTHENTIK_POSTGRES_DB=authentik
+
+# Authentik Configuration
+# CRITICAL: Generate a random secret key with at least 50 characters
+# Example: openssl rand -base64 50
+AUTHENTIK_SECRET_KEY=REPLACE_WITH_RANDOM_SECRET_MINIMUM_50_CHARS
+AUTHENTIK_ERROR_REPORTING=false
+# SECURITY: Change bootstrap password immediately after first login
+AUTHENTIK_BOOTSTRAP_PASSWORD=REPLACE_WITH_SECURE_PASSWORD
+AUTHENTIK_BOOTSTRAP_EMAIL=admin@localhost
+AUTHENTIK_COOKIE_DOMAIN=.localhost
+
+# Authentik Ports
+AUTHENTIK_PORT_HTTP=9000
+AUTHENTIK_PORT_HTTPS=9443
+
+# ======================
 # JWT Configuration
-JWT_SECRET=change-this-to-a-random-secret-in-production
+# ======================
+# CRITICAL: Generate a random secret key with at least 32 characters
+# Example: openssl rand -base64 32
+JWT_SECRET=REPLACE_WITH_RANDOM_SECRET_MINIMUM_32_CHARS
 JWT_EXPIRATION=24h

-# Development
+# ======================
+# Ollama (Optional AI Service)
+# ======================
+# Set OLLAMA_ENDPOINT to use local or remote Ollama
+# For bundled Docker service: http://ollama:11434
+# For external service: http://your-ollama-server:11434
+OLLAMA_ENDPOINT=http://ollama:11434
+OLLAMA_PORT=11434
+
+# ======================
+# Application Environment
+# ======================
 NODE_ENV=development
+
+# ======================
+# Docker Compose Profiles
+# ======================
+# Uncomment to enable optional services:
+# COMPOSE_PROFILES=authentik,ollama  # Enable both Authentik and Ollama
+# COMPOSE_PROFILES=full              # Enable all optional services
+# COMPOSE_PROFILES=authentik         # Enable only Authentik
+# COMPOSE_PROFILES=ollama            # Enable only Ollama
+# COMPOSE_PROFILES=traefik-bundled   # Enable bundled Traefik reverse proxy
+
+# ======================
+# Traefik Reverse Proxy
+# ======================
+# TRAEFIK_MODE options:
+#   - bundled:  Use bundled Traefik (requires traefik-bundled profile)
+#   - upstream: Connect to external Traefik instance
+#   - none:     Direct port exposure without reverse proxy (default)
+TRAEFIK_MODE=none
+
+# Domain configuration for Traefik routing
+MOSAIC_API_DOMAIN=api.mosaic.local
+MOSAIC_WEB_DOMAIN=mosaic.local
+MOSAIC_AUTH_DOMAIN=auth.mosaic.local
+
+# External Traefik network name (for upstream mode)
+# Must match the network name of your existing Traefik instance
+TRAEFIK_NETWORK=traefik-public
+
+# TLS/SSL Configuration
+TRAEFIK_TLS_ENABLED=true
+# For Let's Encrypt (production):
+TRAEFIK_ACME_EMAIL=admin@example.com
+# For self-signed certificates (development), leave TRAEFIK_ACME_EMAIL empty
+
+# Traefik Dashboard (bundled mode only)
+TRAEFIK_DASHBOARD_ENABLED=true
+TRAEFIK_DASHBOARD_PORT=8080
+
+# ======================
+# Logging & Debugging
+# ======================
+LOG_LEVEL=info
+DEBUG=false