# Airlock environment variables
# Copy this file to .env and fill in your values.

# --- LLM Provider API Keys ---
ANTHROPIC_API_KEY=sk-ant-...
OPENAI_API_KEY=sk-...

# --- Airlock Proxy ---
AIRLOCK_MASTER_KEY=sk-airlock-change-me
# Bind address — defaults to loopback. Set to 0.0.0.0 to expose externally
# (e.g. inside Docker/Kubernetes pods that need to accept off-host traffic).
AIRLOCK_HOST=127.0.0.1
AIRLOCK_PORT=4000

# --- Logging ---
# Where to write structured JSON logs (directory path)
AIRLOCK_LOG_DIR=./logs

# Optional: S3 bucket for log archival
# AIRLOCK_S3_BUCKET=my-company-llm-logs
# AWS_DEFAULT_REGION=us-east-1

# --- Guardrails ---
# Comma-separated list of blocked keywords/phrases (case-insensitive)
AIRLOCK_BLOCKED_KEYWORDS=Project Manhattan,Operation Bluebook,INTERNAL ONLY

# PII entity types to redact (comma-separated)
# See: https://microsoft.github.io/presidio/supported_entities/
AIRLOCK_PII_ENTITIES=CREDIT_CARD,US_SSN,EMAIL_ADDRESS,PHONE_NUMBER,US_BANK_NUMBER,IBAN_CODE

# PII hydration: restore redacted values in tool-call arguments on the
# response path.  Set to 'off' to disable (placeholders stay as-is).
# AIRLOCK_PII_HYDRATION=tools

# --- Dynamic Processing (Fast subsystem) ---
# Model failover map — JSON mapping model name → ordered fallback list.
# Omit to use built-in defaults derived from config.yaml models.
# AIRLOCK_FAILOVER_MAP={"claude-sonnet":["claude-haiku","gpt-4o"],"gpt-4o":["claude-sonnet","gpt-4o-mini"]}

# --- Response Scanner ---
# Mode: observe (log only, default) or enforce (block suspicious responses)
AIRLOCK_RESPONSE_SCAN_MODE=observe
# Composite score threshold for blocking (0.0-1.0, default 0.5)
# AIRLOCK_RESPONSE_SCAN_THRESHOLD=0.5

# --- MCP Tool Access Control ---
# Comma-separated tool allowlist (empty = allow all configured tools)
# AIRLOCK_MCP_ALLOWED_TOOLS=read_file,search,query_db
# Comma-separated tool blocklist (takes precedence when both set)
# AIRLOCK_MCP_BLOCKED_TOOLS=execute_command,delete_file
