# smart-ide-sso-gateway — copy to .env, do not commit .env
# Or merge into config/services.local.env (repo root)

SSO_GATEWAY_HOST=127.0.0.1
SSO_GATEWAY_PORT=37148
# Optional: browser SPA origin for CORS on JSON and proxied responses
# SSO_CORS_ORIGIN=https://app.example.test
# SSO_GATEWAY_MAX_BODY_BYTES=33554432

# Upstream allowlist (comma-separated). Default is "orchestrator".
# Use "*" or "all" to allow every upstream key.
# SSO_ALLOWED_UPSTREAMS=orchestrator

# Required: docv / Enso OpenID issuer URL (JWKS discovery)
OIDC_ISSUER=https://docv.example.test
# Optional: validate access_token audience
# OIDC_AUDIENCE=smart-ide-gateway
# Optional: override JWKS URL
# OIDC_JWKS_URI=https://docv.example.test/.well-known/jwks.json

# smart-ide-global-api (must be running; same secret on both sides)
GLOBAL_API_URL=http://127.0.0.1:37149
GLOBAL_API_INTERNAL_TOKEN=

# Optional: monorepo root for .logs/sso-gateway/
# SMART_IDE_MONOREPO_ROOT=

# Micro-service tokens and hosts are read by smart-ide-global-api, not this process.
# See services/smart-ide-global-api/.env.example