|
| 1 | +# Zenvra Configuration & Hardcoded Values |
| 2 | + |
| 3 | +## Current State |
| 4 | + |
| 5 | +### ✅ Already Configurable via Environment Variables |
| 6 | + |
| 7 | +1. **Backend API URL** — `PUBLIC_API_URL` (default: `http://localhost:8080`) |
| 8 | + - Used in: `apps/web/src/lib/api.ts`, `apps/web/src/lib/stores/aiConfig.svelte.ts` |
| 9 | + - Allows pointing to different API endpoints (local dev, staging, production) |
| 10 | + |
| 11 | +2. **AI Provider Configuration** — Persisted in localStorage |
| 12 | + - **Provider**: anthropic, openai, google, custom (user-selected) |
| 13 | + - **API Key**: User-provided via Settings UI |
| 14 | + - **Model**: User-selected from available models for provider |
| 15 | + - **Endpoint**: Optional, user-provided for custom providers |
| 16 | + - Allows bring-your-own-key pattern ✓ |
| 17 | + |
| 18 | +3. **Database URL** — `DATABASE_URL` in `.env` (for server) |
| 19 | + - Allows local dev, Docker, or cloud databases |
| 20 | + |
| 21 | +4. **CVE Data Feeds** — `NVD_API_KEY` in `.env` |
| 22 | + - Synced on server startup or manual trigger |
| 23 | + |
| 24 | +### ⚠️ Hardcoded Values to Consider |
| 25 | + |
| 26 | +1. **Server Port** — `8080` (hardcoded in server) |
| 27 | + - Suggestion: Make configurable via `PORT` env var |
| 28 | + |
| 29 | +2. **Web Dev Port** — `5173` (Vite default) |
| 30 | + - Vite automatically uses next available port if occupied |
| 31 | + |
| 32 | +3. **Database Credentials** — `postgres:postgres@localhost:5433/zenvra` |
| 33 | + - Should be parameterized in `.env` |
| 34 | + |
| 35 | +4. **Scan Engines** — Hardcoded in CLI/server (sast, sca, secrets, ai_code) |
| 36 | + - Already configurable per-request via `--disable` flag and API |
| 37 | + |
| 38 | +5. **Severity Thresholds** — Default `low` in CLI |
| 39 | + - Already configurable via `--severity` flag |
| 40 | + |
| 41 | +### 📋 Recommended Next Steps |
| 42 | + |
| 43 | +1. **Server** — Add `PORT` and `HOST` env vars |
| 44 | +2. **Web** — Consider `PUBLIC_APP_NAME`, `PUBLIC_VERSION` for UI |
| 45 | +3. **Database** — Already parametrized in `.env` |
| 46 | +4. **AI Config** — Already per-user via localStorage + Settings UI |
| 47 | + |
| 48 | +## How to Use Development Environment |
| 49 | + |
| 50 | +```bash |
| 51 | +# Terminal 1: Start PostgreSQL + Redis |
| 52 | +docker compose up -d postgres redis |
| 53 | + |
| 54 | +# Terminal 2: Start API Server |
| 55 | +set -a && source .env && set +a |
| 56 | +cargo run -p zenvra-server |
| 57 | + |
| 58 | +# Terminal 3: Sync CVE data |
| 59 | +cargo run -p zenvra-server -- sync |
| 60 | + |
| 61 | +# Terminal 4: Start Web Frontend |
| 62 | +cd apps/web |
| 63 | +pnpm dev |
| 64 | + |
| 65 | +# Open http://localhost:5174 in browser |
| 66 | +``` |
| 67 | + |
| 68 | +## API Endpoints |
| 69 | + |
| 70 | +- `/health` — Health check |
| 71 | +- `/api/v1/scan` — Submit code scan (returns scan ID) |
| 72 | +- `/api/v1/scan/:id/events` — Stream scan results via SSE |
| 73 | +- `/api/v1/history` — Get scan history |
| 74 | +- `/api/v1/sync` — Trigger manual CVE sync |
| 75 | +- `/api/v1/ai/models` — Fetch available AI models for provider |
0 commit comments