# Dealix — Staging environment template (NO REAL SECRETS IN GIT)
# انسخ إلى إعدادات المنصة (Railway/Render) أو ملف .env محلي غير متتبع.
#
# Principles:
# - Use a dedicated staging Supabase project and staging LLM keys/budget caps.
# - Moyasar: sandbox keys only until explicit live cutover runbook.
# - No live outbound WhatsApp/Gmail/Calendar automation unless explicitly enabled.

# ── Core ───────────────────────────────────────────────────────
APP_ENV=staging
APP_DEBUG=false
APP_URL=https://YOUR-STAGING-HOST.example.com
DATABASE_URL=postgresql://user:pass@host:5432/dealix_staging
APP_SECRET_KEY=GENERATE_new_hex_for_staging

# ── Safety flags (keep conservative) ────────────────────────────
WHATSAPP_ALLOW_LIVE_SEND=false

# ── Observability (staging-only projects recommended) ─────────
SENTRY_DSN=
LANGFUSE_PUBLIC_KEY=
LANGFUSE_SECRET_KEY=
LANGFUSE_HOST=https://cloud.langfuse.com

# ── Supabase staging ───────────────────────────────────────────
SUPABASE_URL=https://YOUR_PROJECT.supabase.co
SUPABASE_ANON_KEY=
# Service role: server-side only, never in frontend
SUPABASE_SERVICE_ROLE_KEY=

# ── Moyasar sandbox ────────────────────────────────────────────
MOYASAR_SECRET_KEY=sk_test_REPLACE
MOYASAR_WEBHOOK_SECRET=REPLACE_from_Moyasar_dashboard

# ── WhatsApp Meta (optional on staging; verify webhook before enabling) ──
WHATSAPP_VERIFY_TOKEN=
WHATSAPP_APP_SECRET=
WHATSAPP_ACCESS_TOKEN=
WHATSAPP_PHONE_NUMBER_ID=

# ── LLM (staging keys / quotas separate from production) ────────
ANTHROPIC_API_KEY=
OPENAI_API_KEY=
GOOGLE_API_KEY=
GROQ_API_KEY=

# ── Redis (optional — idempotency / DLQ) ───────────────────────
REDIS_URL=

CORS_ORIGINS=https://YOUR-STAGING-HOST.example.com,http://localhost:3000