95358448e6
Replace hardwired Anthropic API calls with a pluggable provider system. Each deployment configures its AI provider in instance.yaml — switching between Anthropic, LiteLLM, OpenRouter, or any OpenAI-compatible proxy is a config change, not a code change. New connectors/llm/ module: - StructuredExtractor Protocol with extract_json() interface - AnthropicExtractor: direct Anthropic SDK with retry + backoff - OpenAICompatExtractor: any OpenAI-compatible proxy with three-layer structured output fallback (json_schema -> json_object -> prompt) - Configurable structured_output policy (strict/json/auto) - Custom exception hierarchy (auth/rate_limit/timeout/format/refusal) - Zero secrets in logs: no API keys, prompts, or responses logged Reviewed by: Google Gemini, Claude Sonnet, OpenAI GPT-5.4. Security audit passed with all critical findings resolved.
25 lines
763 B
Text
25 lines
763 B
Text
# AI Data Analyst - Environment Variables
|
|
# ========================================
|
|
# Secret values referenced by ${VAR} in config/instance.yaml.
|
|
# Copy to .env: cp config/.env.template .env
|
|
# .env is gitignored - NEVER commit it.
|
|
|
|
# Required for webapp
|
|
WEBAPP_SECRET_KEY= # python -c "import secrets; print(secrets.token_hex(32))"
|
|
GOOGLE_CLIENT_ID=
|
|
GOOGLE_CLIENT_SECRET=
|
|
|
|
# Keboola adapter (skip if using CSV)
|
|
# KEBOOLA_STORAGE_TOKEN=
|
|
|
|
# Optional
|
|
# SENDGRID_API_KEY=
|
|
# TELEGRAM_BOT_TOKEN=
|
|
# DESKTOP_JWT_SECRET=
|
|
# JIRA_API_TOKEN=
|
|
# JIRA_WEBHOOK_SECRET=
|
|
# JIRA_SLA_API_TOKEN=
|
|
# ANTHROPIC_API_KEY=
|
|
# LLM API key for proxy routing (referenced as ${LLM_API_KEY} in instance.yaml)
|
|
# Provider and model configured in instance.yaml ai: section
|
|
# LLM_API_KEY=
|