From 954d382b5409490576cb116050cad4c1e59dec79 Mon Sep 17 00:00:00 2001
From: yiekheng <yiekheng@04080616.xyz>
Date: Sun, 10 May 2026 22:03:27 +0800
Subject: [PATCH] docs(env): refresh envs/.env.example for v1 + publish.sh

- Drop SEED_OPERATOR_TELEGRAM_ID (legacy from the Telegram era).
- Add SEED_OPERATOR_USERNAME + a comment pointing to
  scripts/set-password.sh as the bootstrap path.
- Add OPERATOR_TOKEN_VERSION as the documented kill switch for the
  AES-GCM session cookie.
- Document AUTH_SECRET more explicitly: refuse to leave blank, and
  point at scripts/gen_auth_secret.sh as the generator.
- Add the bot fan-out tuning trio that's been in env.ts but not in
  the example: BOT_FIRE_CONCURRENCY / BOT_GROUP_CONCURRENCY /
  BOT_MAX_SEND_PER_MINUTE with the same comments as the schema.
- Add a Docker Registry section for scripts/publish.sh:
  DOCKER_IMAGE_TAG and CM_IMAGE_PLATFORMS, mirroring the
  cm_bot_v2 .env.example shape.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 envs/.env.example | 35 ++++++++++++++++++++++++++++++++---
 1 file changed, 32 insertions(+), 3 deletions(-)

diff --git a/envs/.env.example b/envs/.env.example
index e603b71..6a10106 100644
--- a/envs/.env.example
+++ b/envs/.env.example
@@ -10,12 +10,41 @@ MEDIA_DIR=/data/media
 BOT_HEALTH_PORT=8081
 BOT_LOG_LEVEL=info
 
+# Reminder fan-out tuning. Defaults aim for an established WhatsApp
+# account (~30-60 msg/min safe band). Bump cautiously.
+#   BOT_FIRE_CONCURRENCY     pg-boss workers; max accounts firing in parallel.
+#   BOT_GROUP_CONCURRENCY    per-account parallel group sends; parts within a
+#                            group stay serial.
+#   BOT_MAX_SEND_PER_MINUTE  per-account token-bucket rate.
+BOT_FIRE_CONCURRENCY=8
+BOT_GROUP_CONCURRENCY=3
+BOT_MAX_SEND_PER_MINUTE=40
+
 # === Seed (used by scripts/db.sh seed) ===
-SEED_OPERATOR_TELEGRAM_ID=
+# The bootstrap operator's username. After seed, set their password
+# via:  echo 'change-me-now' | scripts/set-password.sh admin
+SEED_OPERATOR_USERNAME=admin
 SEED_OPERATOR_NAME=Operator
 
-# === Web ===
+# === Web / Auth ===
 # Port the Next.js container exposes on the host. Production deployment
-# (rexwa.04080616.xyz) uses 8100; dev/staging (test.04080616.xyz) uses 9000.
+# (wabot.04080616.xyz) uses 8100; dev/staging (test.04080616.xyz) uses 9000.
 WEB_PORT=9000
+
+# 32-byte secret used to derive the AES-256-GCM key for session cookies.
+# DO NOT leave blank — the web container will refuse to issue cookies.
+# Generate via: scripts/gen_auth_secret.sh --write
 AUTH_SECRET=
+
+# Bumping this invalidates every outstanding session cookie globally on
+# the next request. Treat it as a kill switch (e.g. after a key leak)
+# rather than a routine value.
+OPERATOR_TOKEN_VERSION=1
+
+# === Docker Registry (used by scripts/publish.sh) ===
+# Tag pushed alongside latest. Override with the CLI arg or
+# DOCKER_IMAGE_TAG=v1.2.3 scripts/publish.sh.
+DOCKER_IMAGE_TAG=latest
+# Buildx target platforms. linux/amd64 is the prod host arch; add
+# linux/arm64 if you cross-build for an Apple-silicon runner.
+CM_IMAGE_PLATFORMS=linux/amd64