diff --git a/.env.example b/.env.example new file mode 100644 index 0000000..c4bfd6a --- /dev/null +++ b/.env.example @@ -0,0 +1,9 @@ +# Copy to .env (gitignored) and fill in. The probe auto-loads .env at startup. +# A committed/pushed key is permanently compromised — keep it only in .env. +DEEPSEEK_API_KEY= + +# Optional overrides (defaults shown): +# DEEPSEEK_MODEL=deepseek-chat +# DEEPSEEK_ENDPOINT=https://api.deepseek.com/chat/completions +# COLIBRI_HOST=domedog +# COLIBRI_AGENT=claude-domedog diff --git a/.gitignore b/.gitignore index 787aa48..b13e287 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,5 @@ /target /tmp + +# local secrets — never commit (a pushed key is permanently compromised) +.env diff --git a/Cargo.lock b/Cargo.lock index 31b9879..e760da6 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -85,6 +85,7 @@ name = "colibri" version = "0.0.1" dependencies = [ "colibri-deepseek", + "dotenvy", "serde", "serde_json", "tokio", @@ -127,6 +128,12 @@ dependencies = [ "syn", ] +[[package]] +name = "dotenvy" +version = "0.15.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1aaf95b3e5c8f23aa320147307562d361db0ae0d51242340f558153b4eb2439b" + [[package]] name = "find-msvc-tools" version = "0.1.9" diff --git a/Cargo.toml b/Cargo.toml index 46e404c..e9a544e 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -19,6 +19,7 @@ path = "src/bin/runtime_inventory.rs" [dependencies] # Probe logic lives in colibri-deepseek (which pulls reqwest/rustls, chrono…). colibri-deepseek = { path = "crates/colibri-deepseek" } +dotenvy = "0.15" tokio = { version = "1", features = ["macros", "rt-multi-thread"] } serde = { version = "1", features = ["derive"] } serde_json = "1" diff --git a/src/main.rs b/src/main.rs index f698828..0b5a7ab 100644 --- a/src/main.rs +++ b/src/main.rs @@ -13,6 +13,8 @@ const EVENT_LOG: &str = "tmp/colibri-deepseek-events.jsonl"; #[tokio::main] async fn main() -> Result<(), Box> { + // Load .env (gitignored) so a pasted DEEPSEEK_API_KEY is picked up. + let _ = dotenvy::dotenv(); let cfg = ProbeConfig::from_env(); let smoke = run_cache_probe(&cfg).await; let manifest = build_run_manifest(&smoke);