# Dealix — Environment Variables Template
# انسخ هذا الملف إلى .env وعبّي القيم الحقيقية.
# NEVER commit .env with real values.

# ── Required for Production ────────────────────────────────────
ENVIRONMENT=production
LOG_LEVEL=INFO

# Secret key for signing (64-byte hex)
# Generate: python -c "import secrets; print(secrets.token_hex(32))"
APP_SECRET_KEY=CHANGE_ME_to_64_byte_hex

# Database (Railway/Render/Heroku auto-normalize postgres:// → postgresql+asyncpg://)
DATABASE_URL=postgresql://user:pass@host:5432/dealix

# Public URL (for Moyasar checkout callback)
APP_URL=https://dealix.sa

# ── Moyasar Payments ───────────────────────────────────────────
MOYASAR_SECRET_KEY=sk_live_REPLACE_ME
MOYASAR_WEBHOOK_SECRET=REPLACE_with_shared_secret_from_dashboard

# ── PostHog Analytics ──────────────────────────────────────────
POSTHOG_API_KEY=phc_REPLACE_ME
POSTHOG_HOST=https://us.i.posthog.com

# ── Calendly ───────────────────────────────────────────────────
CALENDLY_URL=https://calendly.com/sami-assiri11/dealix-demo
CALENDLY_WEBHOOK_SECRET=REPLACE_ME

# ── WhatsApp (Meta) ────────────────────────────────────────────
WHATSAPP_VERIFY_TOKEN=REPLACE_ME
WHATSAPP_APP_SECRET=REPLACE_ME
WHATSAPP_ACCESS_TOKEN=REPLACE_ME

# ── CORS ───────────────────────────────────────────────────────
CORS_ORIGINS=https://dealix.sa,https://www.dealix.sa,http://localhost:3000

# ── Security (optional but recommended) ────────────────────────
API_KEYS=REPLACE_with_comma_separated_keys

# ── Observability (optional) ───────────────────────────────────
SENTRY_DSN=

# ──────────────────────────────────────────────────────────────────
# Lead machine — Provider chains (see docs/ops/LEAD_MACHINE_TOOLING.md)
# Each layer is additive: chains fall back gracefully when keys are absent.
# ──────────────────────────────────────────────────────────────────

# ── Layer 1 — LLM (pick at least one) ──────────────────────────
GROQ_API_KEY=
ANTHROPIC_API_KEY=
OPENAI_API_KEY=

# ── Layer 2 — Web search (Google CSE primary, Tavily fallback) ─
GOOGLE_SEARCH_API_KEY=
GOOGLE_SEARCH_CX=
TAVILY_API_KEY=

# ── Layer 2 — Local discovery (Saudi sectors via Google Places) ─
GOOGLE_MAPS_API_KEY=
SERPAPI_API_KEY=
APIFY_TOKEN=

# ── Layer 2 — Crawler (markdown extraction for prospect sites) ─
FIRECRAWL_API_KEY=

# ── Layer 2 — Email intelligence (PDPL-aware) ──────────────────
HUNTER_API_KEY=
ABSTRACT_API_KEY=

# ── Layer 2 — Tech detection (internal is free + always-on) ────
WAPPALYZER_API_KEY=

# ── Layer 3 — Daily Email Automation (Gmail OAuth, no password) ─
# See docs/ops/GMAIL_OAUTH_SETUP_CHECKLIST.md for the 8-step setup
GMAIL_CLIENT_ID=
GMAIL_CLIENT_SECRET=
GMAIL_REFRESH_TOKEN=
GMAIL_SENDER_EMAIL=
GMAIL_LIST_UNSUBSCRIBE=
DAILY_EMAIL_LIMIT=50
EMAIL_BATCH_SIZE=10
EMAIL_BATCH_INTERVAL_MINUTES=90

# ── Layer 3 — WhatsApp Multi-Provider (smart fallback) ─────────
# Chain: Green API → Ultramsg → Fonnte → Meta Cloud
# Recommended: Green API for free dev tier (5-min QR setup)
GREEN_API_INSTANCE_ID=
GREEN_API_TOKEN=
ULTRAMSG_INSTANCE_ID=
ULTRAMSG_TOKEN=
FONNTE_TOKEN=
META_WHATSAPP_PHONE_NUMBER_ID=
META_WHATSAPP_ACCESS_TOKEN=
WHATSAPP_MOCK_MODE=false
WHATSAPP_TEST_ALLOWLIST=

# ── Layer 3 — Channels ─────────────────────────────────────────
SENDGRID_API_KEY=
SENDGRID_INBOUND_SECRET=
WHATSAPP_PROVIDER=
WHATSAPP_PHONE_NUMBER_ID=
WHATSAPP_PROVIDER_API_KEY=
WHATSAPP_PROVIDER_BASE_URL=
GOOGLE_LEAD_FORM_WEBHOOK_KEY=
META_APP_SECRET=
META_PAGE_ACCESS_TOKEN=