# Environment, Test Env, and Security ## Test environment (prevent data loss) **.env is production/live.** Changes to `.env` can affect real tickets, Discord, Gmail, and MongoDB. To try config changes safely: 1. **Copy the test template:** `cp .env.test.example .env.test` 2. **Edit `.env.test`** with test-only values (e.g. test guild, test MongoDB database name, test API URL). Use a separate test DB in `MONGODB_URI` to avoid touching production data. 3. **Run the bot with the test env:** `npm run start:test` Or: `ENV_FILE=.env.test node broccolini-discord.js` 4. **Other scripts with test env:** - `npm run test-mongodb:test` — test MongoDB connection using `.env.test` 5. **After confirming behavior**, migrate only the desired variables from `.env.test` into `.env` (manually). Do not overwrite `.env` blindly. **Rule:** New or risky env changes are done in `.env.test` first; only after confirmation are they applied to `.env`. --- ## Agent / AI rules - **Changes to `.env` by an agent (e.g. Cursor) must require explicit user confirmation.** Do not modify `.env` automatically. Prefer proposing changes to `.env.test` or listing the exact edits for the user to apply to `.env`. - **Do not commit `.env` or `.env.test`.** Only `.env.example` and `.env.test.example` are committed (no secrets). --- ## Security checklist - **Secrets:** All secrets live in `.env` (or `.env.test` for test). Never commit them. `.gitignore` excludes `.env` and `.env.*` except `.env.example` and `.env.test.example`. - **Code:** No `eval()` or `new Function()` of user input. No hardcoded tokens, passwords, or API keys in source. - **Config:** Credentials are read from `process.env` via `config.js`; config is loaded once at startup from the file specified by `ENV_FILE` or default `.env`. - **MongoDB:** Use a dedicated user and database; bind Mongo to loopback or docker network only; firewall 27017 from public interfaces. For test, use a separate DB or cluster. - **Discord / Google:** Use tokens with minimal required scopes; rotate if compromised. - **HTML in emails:** `LOGO_URL`, `EMAIL_SIGNATURE`, and closure messages are escaped in outbound HTML to prevent injection. - **Healthcheck:** Optional `HEALTHCHECK_HOST=127.0.0.1` in `.env` binds the healthcheck server to localhost only; omit to listen on all interfaces. - **Dependencies:** Run `npm audit` periodically and fix or accept risk for reported vulnerabilities. --- ## Cleanup and redundancy - **Single source of truth for env keys:** `.env.example` and `.env.test.example` list all supported variables. Defaults for optional vars live in `config.js`; do not duplicate default values in both `.env.example` and `config.js` for the same value (`.env.example` documents, `config.js` implements). - **No duplicate env files:** Use `.env` for live, `.env.test` for test; do not commit `.env.local`, `.env.production`, etc. unless documented and gitignored as needed. - **Parent repo (IB-Discord-Bot):** Broccolini Bot does not reference sibling paths (e.g. `../ngrok`) in code. Run order and ports are documented in `~/IB-Discord-Bot/README.md`. --- ## Connection to IB-Discord-Bot stack Broccolini Bot is a subproject of **IB-Discord-Bot**. It does not import or require files outside `broccolini-bot/`. Integration is via: - **Ports:** Broccolini Bot healthcheck uses `DISCORD_ONLY_PORT` (default 5000). Use a different port in `.env.test` (e.g. 5001) if running bot and test bot on the same machine. See parent **~/IB-Discord-Bot/README.md** for run order, ports, and troubleshooting. --- ## Quick reference | File / command | Purpose | |-----------------------|--------| | `.env` | Live config (never commit). | | `.env.test` | Test config (never commit). | | `.env.example` | Template for `.env` (committed). | | `.env.test.example` | Template for `.env.test` (committed). | | `ENV_FILE=.env.test` | Load `.env.test` instead of `.env`. | | `npm run start:test` | Run bot with `.env.test`. | | `npm run test-mongodb:test` | Test MongoDB using `.env.test`. |