Add .env.example template and protect secrets from version control

Improves security by preventing accidental commit of sensitive credentials to the
repository. The .env file contains Langfuse API keys, database passwords, and encryption
keys that should never be exposed in version control.

## Security Improvements

**Added .env to .gitignore:**
- Prevents .env file with real secrets from being committed
- Protects Langfuse API keys (public/secret)
- Protects database credentials
- Protects NextAuth secrets and encryption keys

**Created .env.example template:**
- Safe template file for new developers to copy
- Contains all required environment variables with placeholder values
- Includes helpful comments for key generation (openssl commands)
- Documents all configuration options

**Updated Claude settings:**
- Added git restore to allowed commands for workflow automation

## Setup Instructions for New Developers

1. Copy .env.example to .env: `cp .env.example .env`
2. Generate random secrets:
   - `openssl rand -base64 32` for NEXTAUTH_SECRET and SALT
   - `openssl rand -hex 32` for ENCRYPTION_KEY
3. Start Docker: `docker compose up -d`
4. Open Langfuse UI: http://localhost:3000
5. Create account, project, and copy API keys to .env
6. Restart API: `docker compose restart api`

## Files Changed

- .gitignore: Added .env to ignore list
- .env.example: New template file with placeholder values
- .claude/settings.local.json: Added git restore to allowed commands

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

.claude/settings.local.json

@@ -68,7 +68,8 @@
       "Bash(chmod:*)",
       "Bash(/Users/jean-philippebrule/.dotnet/dotnet clean Svrnty.Sample/Svrnty.Sample.csproj)",
       "Bash(/Users/jean-philippebrule/.dotnet/dotnet build:*)",
-      "Bash(docker:*)"
+      "Bash(docker:*)",
+      "Bash(git restore:*)"
     ],
     "deny": [],
     "ask": []

.env.example

@@ -0,0 +1,32 @@
+# Langfuse API Keys (placeholder - will be generated after Langfuse UI setup)
+# IMPORTANT: After running docker-compose up, go to http://localhost:3000
+# Create an account, create a project, and copy the API keys here
+LANGFUSE_PUBLIC_KEY=pk-lf-placeholder-replace-after-setup
+LANGFUSE_SECRET_KEY=sk-lf-placeholder-replace-after-setup
+
+# Langfuse Internal Configuration (auto-generated)
+# Generate these using: openssl rand -base64 32
+NEXTAUTH_SECRET=REPLACE_WITH_RANDOM_SECRET
+SALT=REPLACE_WITH_RANDOM_SALT
+# Generate this using: openssl rand -hex 32
+ENCRYPTION_KEY=REPLACE_WITH_RANDOM_ENCRYPTION_KEY
+
+# Database Configuration
+POSTGRES_USER=postgres
+POSTGRES_PASSWORD=postgres
+POSTGRES_DB=postgres
+
+# Connection Strings
+CONNECTION_STRING_SVRNTY=Host=postgres;Database=svrnty;Username=postgres;Password=postgres;Include Error Detail=true
+CONNECTION_STRING_LANGFUSE=postgresql://postgres:postgres@postgres:5432/langfuse
+
+# Ollama Configuration
+OLLAMA_BASE_URL=http://ollama:11434
+OLLAMA_MODEL=qwen2.5-coder:7b
+
+# API Configuration
+ASPNETCORE_ENVIRONMENT=Production
+ASPNETCORE_URLS=http://+:6001;http://+:6000
+
+# Langfuse Endpoint
+LANGFUSE_OTLP_ENDPOINT=http://langfuse:3000/api/public/otel/v1/traces

.gitignore

@@ -5,6 +5,9 @@
 
 .research/
 
+# Environment variables with secrets
+.env
+
 # User-specific files
 *.rsuser
 *.suo