mirror of
https://github.com/BigBodyCobain/Shadowbroker.git
synced 2026-06-21 13:30:09 +02:00
Shadowbroker
cfbeabda1e
* feat(telegram): auto-translate OSINT channel posts to English Cherry-picked from @Bobpick PR #391 (telegram-only slice): server-side translation during fetch, SHOW ORIGINAL toggle in TelegramOsintPopup, and on-demand /api/telegram-feed?lang=. Co-authored-by: Robert Pickett <bobpickettsr@yahoo.com> Co-authored-by: Cursor <cursoragent@cursor.com> * feat(gt): experimental Derived OSINT analytics with lean-node safeguards Cherry-picked from @Bobpick PR #391 (GT + OpenClaw slice): Bayesian strategic-risk engine, map overlay, OpenClaw commands, and telegram_rhetoric watchdog. Off by default (GT_ANALYTICS_ENABLED=false, gt_risk layer false). 1 vCPU nodes get cgroup detection, UI warning on layer toggle, and lean profile that skips scheduled ingest/Louvain unless GT_ANALYTICS_ACK_LOW_CPU=true. Backtest HUD removed from dashboard (OpenClaw/API regression only). Co-authored-by: Robert Pickett <bobpickettsr@yahoo.com> Co-authored-by: Cursor <cursoragent@cursor.com> --------- Co-authored-by: Robert Pickett <bobpickettsr@yahoo.com> Co-authored-by: Cursor <cursoragent@cursor.com>
188 lines
8.2 KiB
Bash
188 lines
8.2 KiB
Bash
# ShadowBroker — Docker Compose Environment Variables
|
|
# Copy this file to .env and fill in your keys:
|
|
# cp .env.example .env
|
|
|
|
# ── Required for backend container ─────────────────────────────
|
|
# OpenSky Network OAuth2 — REQUIRED for airplane telemetry.
|
|
# Free registration at https://opensky-network.org/index.php?option=com_users&view=registration
|
|
# Without these the flights layer falls back to ADS-B-only with major gaps in Africa, Asia, and LatAm.
|
|
OPENSKY_CLIENT_ID=
|
|
OPENSKY_CLIENT_SECRET=
|
|
AIS_API_KEY=
|
|
|
|
# Global Fishing Watch — fishing vessel activity events (Fishing Activity map layer).
|
|
# Free API token from https://globalfishingwatch.org/our-apis/tokens
|
|
# Without this the fishing_activity layer stays empty.
|
|
# GFW_API_TOKEN=
|
|
# Optional tuning — GFW can return 40k+ global events; defaults cap fetch for map paint.
|
|
# GFW_EVENTS_PAGE_SIZE=500
|
|
# GFW_EVENTS_MAX_PAGES=10
|
|
# GFW_EVENTS_LOOKBACK_DAYS=7
|
|
# GFW_EVENTS_TIMEOUT_S=90
|
|
|
|
# Windy Webcams global CCTV layer — free key from https://api.windy.com/webcams/docs
|
|
# WINDY_API_KEY=
|
|
|
|
# Telegram OSINT map layer — scrapes public t.me/s channel previews (no bot token).
|
|
# TELEGRAM_OSINT_ENABLED=true
|
|
# TELEGRAM_OSINT_CHANNELS=osintdefender,insiderpaper,aljazeeraenglish,nexta_live,war_monitor
|
|
# TELEGRAM_OSINT_TRANSLATE=true
|
|
# TELEGRAM_OSINT_TRANSLATE_TO=en
|
|
|
|
# Strategic Risk Analytics (experimental derived OSINT — off by default)
|
|
# GT_ANALYTICS_ENABLED=false
|
|
# GT_ANALYTICS_PROFILE=lean
|
|
# On 1 vCPU nodes (fleet VPS), leave disabled or set profile=lean. Scheduled ingest
|
|
# and Louvain clustering stay off until GT_ANALYTICS_ACK_LOW_CPU=true.
|
|
# GT_ANALYTICS_ACK_LOW_CPU=false
|
|
# GT_ANALYTICS_BASE_PRIOR=0.15
|
|
# GT_ANALYTICS_HIGH_RISK_THRESHOLD=0.6
|
|
# GT_ANALYTICS_SIGNAL_WEIGHTS=payroll_loan=3.0,purge=3.5,troop_movement=3.0
|
|
# GT_ANALYTICS_WATCHED_CHANNELS=osintdefender,war_monitor,nexta_live
|
|
# GT_ANALYTICS_LOUVAIN_INTERVAL_MINUTES=30
|
|
|
|
# Admin key to protect sensitive endpoints (settings, updates).
|
|
# If blank, loopback/localhost requests still work for local single-host dev.
|
|
# Remote/non-loopback admin access requires ADMIN_KEY, or ALLOW_INSECURE_ADMIN=true in debug-only setups.
|
|
ADMIN_KEY=
|
|
|
|
# Allow insecure admin access without ADMIN_KEY (local dev only, beyond loopback).
|
|
# Requires MESH_DEBUG_MODE=true on the backend; do not enable this for normal use.
|
|
# ALLOW_INSECURE_ADMIN=false
|
|
|
|
# User-Agent for Nominatim geocoding requests (per OSM usage policy).
|
|
# NOMINATIM_USER_AGENT=ShadowBroker/1.0 (https://github.com/BigBodyCobain/Shadowbroker)
|
|
|
|
# ── Optional ───────────────────────────────────────────────────
|
|
|
|
# LTA (Singapore traffic cameras) — leave blank to skip
|
|
# LTA_ACCOUNT_KEY=
|
|
|
|
# NASA FIRMS country-scoped fire data — enriches global CSV with conflict-zone hotspots.
|
|
# Free MAP_KEY from https://firms.modaps.eosdis.nasa.gov/
|
|
# FIRMS_MAP_KEY=
|
|
|
|
# Ukraine air raid alerts — free token from https://alerts.in.ua/
|
|
# ALERTS_IN_UA_TOKEN=
|
|
|
|
# Optional NUFORC UAP sighting map enrichment via Mapbox Tilequery.
|
|
# Leave blank to skip this optional enrichment.
|
|
# NUFORC_MAPBOX_TOKEN=
|
|
|
|
# Optional startup-risk controls.
|
|
# On Windows, external curl fallback is off by default. LiveUAMap uses UI consent
|
|
# when you enable Global Incidents (or set SHADOWBROKER_ENABLE_LIVEUAMAP_SCRAPER=true).
|
|
# SHADOWBROKER_ENABLE_WINDOWS_CURL_FALLBACK=false
|
|
# SHADOWBROKER_ENABLE_LIVEUAMAP_SCRAPER=false
|
|
# AIS starts by default when AIS_API_KEY is set. Set to 0/false to force-disable.
|
|
# SHADOWBROKER_ENABLE_AIS_STREAM_PROXY=true
|
|
# Minimum visible satellite catalog before forcing a CelesTrak refresh.
|
|
# SHADOWBROKER_MIN_VISIBLE_SATELLITES=350
|
|
# Upper bound for TLE fallback satellite search when CelesTrak is unreachable.
|
|
# SHADOWBROKER_MAX_VISIBLE_SATELLITES=450
|
|
# NUFORC fallback uses the Hugging Face mirror when live NUFORC is unavailable.
|
|
# NUFORC_HF_FALLBACK_LIMIT=250
|
|
# NUFORC_HF_GEOCODE_LIMIT=150
|
|
|
|
# First-paint cache age budgets. These let the map and Global Threat Intercept
|
|
# paint from the last local snapshot while live feeds refresh in the background.
|
|
# FAST_STARTUP_CACHE_MAX_AGE_S=21600
|
|
# INTEL_STARTUP_CACHE_MAX_AGE_S=21600
|
|
|
|
# Docker resource tuning. The backend synthesizes large geospatial feeds; keep
|
|
# this at 4G or higher on hosts that run AIS, OpenSky, CCTV, satellites, and
|
|
# threat feeds together. Lower caps can cause Docker OOM restarts and empty
|
|
# slow layers such as news, UAP sightings, military bases, and wastewater.
|
|
# BACKEND_MEMORY_LIMIT=4G
|
|
# SHADOWBROKER_FETCH_WORKERS=8
|
|
# SHADOWBROKER_SLOW_FETCH_CONCURRENCY=4
|
|
# SHADOWBROKER_STARTUP_HEAVY_CONCURRENCY=2
|
|
|
|
# Infonet bootstrap/sync responsiveness. Defaults favor fast seed failure
|
|
# detection so stale onion peers do not make the terminal look hung.
|
|
# MESH_SYNC_TIMEOUT_S=5
|
|
# MESH_SYNC_MAX_PEERS_PER_CYCLE=3
|
|
# MESH_BOOTSTRAP_SEED_FAILURE_COOLDOWN_S=15
|
|
|
|
# Google Earth Engine for VIIRS night lights change detection (optional).
|
|
# pip install earthengine-api
|
|
# GEE_SERVICE_ACCOUNT_KEY=
|
|
|
|
# Copernicus CDSE — Sentinel-2 imagery (Settings → Imagery, or backend .env).
|
|
# Free OAuth app at https://dataspace.copernicus.eu/
|
|
# SENTINEL_CLIENT_ID=
|
|
# SENTINEL_CLIENT_SECRET=
|
|
|
|
# Sentinel-2 road corridor freight trends (DrishX engine port — opt-in slow layer).
|
|
# pip install -e backend[road-corridor] (or uv sync --extra road-corridor)
|
|
# ROAD_CORRIDOR_SAT_ENABLED=false
|
|
# ROAD_CORRIDOR_SCHEDULED_PRESETS=laredo_i35
|
|
# ROAD_CORRIDOR_MONTHS=2
|
|
# ROAD_CORRIDOR_MAX_FRAMES=6
|
|
# ROAD_CORRIDOR_REFRESH_HOURS=24
|
|
|
|
# Override the backend URL the frontend uses (leave blank for auto-detect)
|
|
# NEXT_PUBLIC_API_URL=http://192.168.1.50:8000
|
|
|
|
# ── Mesh / Reticulum (RNS) ─────────────────────────────────────
|
|
# MESH_RNS_ENABLED=false
|
|
# MESH_RNS_APP_NAME=shadowbroker
|
|
# MESH_RNS_ASPECT=infonet
|
|
# MESH_RNS_IDENTITY_PATH=
|
|
# MESH_RNS_PEERS=
|
|
# MESH_RNS_DANDELION_HOPS=2
|
|
# MESH_RNS_DANDELION_DELAY_MS=400
|
|
# MESH_RNS_CHURN_INTERVAL_S=300
|
|
# MESH_RNS_MAX_PEERS=32
|
|
# MESH_RNS_MAX_PAYLOAD=8192
|
|
# MESH_RNS_PEER_BUCKET_PREFIX=4
|
|
# MESH_RNS_MAX_PEERS_PER_BUCKET=4
|
|
# MESH_RNS_PEER_FAIL_THRESHOLD=3
|
|
# MESH_RNS_PEER_COOLDOWN_S=300
|
|
# MESH_RNS_SHARD_ENABLED=false
|
|
# MESH_RNS_SHARD_DATA_SHARDS=3
|
|
# MESH_RNS_SHARD_PARITY_SHARDS=1
|
|
# MESH_RNS_SHARD_TTL_S=30
|
|
# MESH_RNS_FEC_CODEC=xor
|
|
# MESH_RNS_BATCH_MS=200
|
|
# MESH_RNS_COVER_INTERVAL_S=0
|
|
# MESH_RNS_COVER_SIZE=64
|
|
# MESH_RNS_IBF_WINDOW=256
|
|
# MESH_RNS_IBF_TABLE_SIZE=64
|
|
# MESH_RNS_IBF_MINHASH_SIZE=16
|
|
# MESH_RNS_IBF_MINHASH_THRESHOLD=0.25
|
|
# MESH_RNS_IBF_WINDOW_JITTER=32
|
|
# MESH_RNS_IBF_INTERVAL_S=120
|
|
# MESH_RNS_IBF_SYNC_PEERS=3
|
|
# MESH_RNS_IBF_QUORUM_TIMEOUT_S=6
|
|
# MESH_RNS_IBF_MAX_REQUEST_IDS=64
|
|
# MESH_RNS_IBF_MAX_EVENTS=64
|
|
# MESH_RNS_SESSION_ROTATE_S=0
|
|
# MESH_RNS_IBF_FAIL_THRESHOLD=3
|
|
# MESH_RNS_IBF_COOLDOWN_S=120
|
|
# MESH_VERIFY_INTERVAL_S=600
|
|
# MESH_VERIFY_SIGNATURES=false
|
|
|
|
# ── Mesh DM Relay ──────────────────────────────────────────────
|
|
# MESH_DM_TOKEN_PEPPER=change-me
|
|
# Optional local-dev DM root external assurance bridge.
|
|
# These stay commented because they are machine-local file paths, not safe global defaults.
|
|
# MESH_DM_ROOT_EXTERNAL_WITNESS_IMPORT_PATH=backend/../ops/root_witness_receipt_import.json
|
|
# MESH_DM_ROOT_TRANSPARENCY_LEDGER_EXPORT_PATH=backend/../ops/root_transparency_ledger.json
|
|
# MESH_DM_ROOT_TRANSPARENCY_LEDGER_READBACK_URI=backend/../ops/root_transparency_ledger.json
|
|
|
|
# ── Self Update ────────────────────────────────────────────────
|
|
# Optional ZIP updater digest pin. The updater checks this first, then
|
|
# backend/data/release_digests.json, then the release SHA256SUMS.txt asset.
|
|
# MESH_UPDATE_SHA256=
|
|
|
|
# Optional strict nonce-only frontend CSP. Leave unset unless the exact build
|
|
# has been verified to hydrate cleanly in your deployment.
|
|
# SHADOWBROKER_STRICT_CSP=1
|
|
|
|
# ── Wormhole (Local Agent) ─────────────────────────────────────
|
|
# WORMHOLE_URL=http://127.0.0.1:8787
|
|
# WORMHOLE_TRANSPORT=direct
|
|
# WORMHOLE_SOCKS_PROXY=127.0.0.1:9050
|
|
# WORMHOLE_SOCKS_DNS=true
|