Base Settings

Smarter base settings module, shared by all environments.

This module provides the base Django settings for all Smarter environments. For strongly-typed, project-specific settings overrides, see smarter_settings.

Notes:

smarter.settings.base.ALLOWED_HOSTS = ['testserver', '.api.localhost', 'localhost:9357', 'api.localhost', '.api.localhost:9357', 'localhost', 'api.localhost:9357']

A list of strings representing the host/domain names that this Django site can serve.

Smarter implements its own middleware to validate host names. See smarter.apps.llm_client.middleware.security.SmarterSecurityMiddleware.

See:

[
    'testserver',
    '.api.localhost',
    'localhost:9357',
    'api.localhost',
    '.api.localhost:9357',
    'localhost',
    'api.localhost:9357',
]
smarter.settings.base.ASCII_CONTROL_CHAR_REGEX = re.compile('[\\x00-\\x1F\\x7F]')

Process environment variables to override settings values.

This allows for 12-factor style configuration via environment variables. Environment variable values are cast to the same data type as the existing Django or Smarter setting value.

The basic process is:

  1. Set default settings values.

  2. Load environment variables from a .env file (if present) and os.environ.

  3. Map environment variables to Django settings by removing the DJANGO_ prefix. For any environment variable that matches an existing Django setting, cast the value to the same type as the existing setting value and override the default.

    For anything else, analyze the passed value to infer the intended data type and create a new setting if it does not already exist.

Note: Django settings are prefixed with DJANGO_ and Smarter settings are prefixed with SMARTER_.

smarter.settings.base.AUTHENTICATION_BACKENDS = ['smarter.lib.social_core.backends.multitenant.GoogleOAuth2Multitenant', 'smarter.lib.social_core.backends.multitenant.GithubOAuth2Multitenant', 'smarter.lib.social_core.backends.multitenant.DjangoModelBackendMultitenant']

The authentication backends for Smarter, including social authentication.

backends for Google, GitHub, and LinkedIn, as well as the default Django model backend.

Note that Smarter additionally implements its own custom key-based REST API authentication backend.

See:

[
    'smarter.lib.social_core.backends.multitenant.GoogleOAuth2Multitenant',
    'smarter.lib.social_core.backends.multitenant.GithubOAuth2Multitenant',
    'smarter.lib.social_core.backends.multitenant.DjangoModelBackendMultitenant',
]
smarter.settings.base.AUTH_PASSWORD_VALIDATORS = [{'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator'}, {'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator'}, {'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator'}, {'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator'}]

The password validation settings for Smarter, using Django’s built-in.

password validators. These validators help ensure that user passwords meet minimum security requirements. These rules should be sufficient for most use cases, but can be customized as needed.

See: https://docs.djangoproject.com/en/5.0/ref/settings/#auth-password-validators

[
    {
        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
    },
    {'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator'},
    {
        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
    },
]
smarter.settings.base.AWS_ACCESS_KEY_ID = None

Supplemental setting for configuring AWS support.

The AWS access key ID is retrieved and validated in smarter_settings.

For production deployments the chain of custody should be:

GitHub Secrets -> GitHub Actions -> environment variable -> smarter_settings -> Django AWS_ACCESS_KEY_ID.

See: smarter_settings.aws_access_key_id

smarter.settings.base.AWS_QUERYSTRING_AUTH = False

Supplemental setting for configuring AWS S3 storage support.

Disables querystring authentication for public files in favor of public-read ACL that is configured in the Smarter Terraform scripts.

See:

smarter.settings.base.AWS_S3_REGION_NAME = 'ca-central-1'

Supplemental setting for configuring AWS support.

The AWS region is retrieved and validated in smarter_settings.

See:

  • smarter_settings.aws_region

smarter.settings.base.AWS_SECRET_ACCESS_KEY = None

Supplemental setting for configuring AWS support.

The AWS secret access key is retrieved and validated in smarter_settings.

For production deployments the chain of custody should be:

GitHub Secrets -> GitHub Actions -> environment variable -> smarter_settings -> Django AWS_SECRET_ACCESS_KEY.

See: smarter_settings.aws_secret_access_key

smarter.settings.base.AWS_STORAGE_BUCKET_NAME = 'local.smarter.sh'

Supplemental setting for configuring AWS S3 storage support.

The S3 bucket name is derived in smarter_settings.

See:

  • smarter_settings.aws_s3_bucket_name

smarter.settings.base.CACHES = {'default': {'BACKEND': 'django_redis.cache.RedisCache', 'LOCATION': 'redis://:smarter@smarter-redis:6379/1', 'OPTIONS': {'CLIENT_CLASS': 'django_redis.client.DefaultClient'}}}

The Django cache configuration for Smarter, using Redis as the cache backend.

See:

{
    'default': {
        'BACKEND': 'django_redis.cache.RedisCache',
        'LOCATION': 'redis://:smarter@smarter-redis:6379/1',
        'OPTIONS': {'CLIENT_CLASS': 'django_redis.client.DefaultClient'},
    },
}
smarter.settings.base.CELERY_BROKER_URL = 'redis://:smarter@smarter-redis:6379/1'

The Celery broker URL for Smarter, using Redis as the message broker.

See:

smarter.settings.base.CELERY_TASK_TIME_LIMIT = 1800

The maximum time limit (in seconds) for Celery tasks in Smarter.

Default is 30 minutes. Smarter sets this primarily due to indeterminate AWS Route53 DNS resolution and propagation times when deploying LLMClients/Agents.

See: https://docs.celeryq.dev/en/stable/userguide/configuration.html#std:setting-task_time_limit

smarter.settings.base.CELERY_WORKER_HIJACK_ROOT_LOGGER = False

A Celery setting that prevents Celery workers from hijacking the root logger.

This is set to False to allow Celery logs to be integrated with the overall Smarter logging configuration without interference.

See: https://docs.celeryq.dev/en/stable/userguide/configuration.html#std:setting-worker_hijack_root_logger

smarter.settings.base.CORS_ALLOWED_ORIGINS = ['http://127.0.0.1:3000', 'http://localhost:3000', 'http://127.0.0.1:5173', 'http://localhost:5173', 'http://127.0.0.1:9357', 'http://localhost:9357', 'http://cdn.local.smarter.sh', 'https://cdn.local.smarter.sh', 'http://localhost:9357', 'http://api.localhost:9357', 'http://cdn.local.smarter.sh', 'https://localhost:9357', 'https://api.localhost:9357', 'https://cdn.local.smarter.sh']

A list of origins that are allowed to make cross-site HTTP requests.

This is initialized here as an empty list because base_aws.py and other environment-specific settings files will append to this list based on derived settings values in smarter_settings.

See React Integration

[
    'http://127.0.0.1:3000',
    'http://localhost:3000',
    'http://127.0.0.1:5173',
    'http://localhost:5173',
    'http://127.0.0.1:9357',
    'http://localhost:9357',
    'http://cdn.local.smarter.sh',
    'https://cdn.local.smarter.sh',
    'http://localhost:9357',
    'http://api.localhost:9357',
    'http://cdn.local.smarter.sh',
    'https://localhost:9357',
    'https://api.localhost:9357',
    'https://cdn.local.smarter.sh',
]
smarter.settings.base.CORS_ALLOWED_ORIGIN_REGEXES = ['^https?://[\\w-]+\\.(\\d+-\\d+-\\d+)\\.api\\.localhost:\\d+$', '^https?://[\\w-]+\\.localhost:\\d+$', '^https?://[\\w-]\\.api\\.localhost:\\d+$']

A list of regular expressions representing the origins that are allowed to make cross-site HTTP requests.

Smarter uses this setting to restrict allowed origins for CORS requests from smarter-prompt React frontends.

See React Integration

[
    '^https?://[\\w-]+\\.(\\d+-\\d+-\\d+)\\.api\\.localhost:\\d+$',
    '^https?://[\\w-]+\\.localhost:\\d+$',
    '^https?://[\\w-]\\.api\\.localhost:\\d+$',
]
smarter.settings.base.CORS_ALLOW_CREDENTIALS = True

A boolean that determines whether to allow cookies to be included in cross-site HTTP requests.

Smarter defaults this to True to allow session cookies to be sent by smarter-prompt React frontends.

See React Integration

smarter.settings.base.CORS_ALLOW_HEADERS = ['accept', 'authorization', 'content-type', 'user-agent', 'x-csrftoken', 'x-requested-with', 'x-api-key', 'accept-encoding', 'dnt', 'origin']

A list of non-standard HTTP headers that are allowed in cross-site HTTP requests.

Smarter Prompt frontends pass the Smarter API key in the ‘x-api-key’ header.

See React Integration

[
    'accept',
    'authorization',
    'content-type',
    'user-agent',
    'x-csrftoken',
    'x-requested-with',
    'x-api-key',
    'accept-encoding',
    'dnt',
    'origin',
]
smarter.settings.base.CORS_ORIGIN_ALLOW_ALL = False

A boolean that determines whether to allow all origins to make cross-site HTTP requests.

Smarter defaults this to False and uses CORS_ALLOWED_ORIGIN_REGEXES to restrict allowed origins. See smarter.lib.django.middleware.cors.SmarterCorsMiddleware.

This affects the Access-Control-Allow-Origin header in responses to cross-site requests. It affects the behavior for smarter-prompt React frontend applications making requests to the Smarter API.

Modifications to this will require comensurate changes to the CORS headers sent by a Smarter Prompt host (e.g. AWS CloudFront distribution) to avoid CORS errors in browsers.

See React Integration

The age of the CSRF cookie, in seconds.

Default is 60 * 60 * 24 (1 day). This is a placeholder for Smarter-specific functionality in smarter.lib.django.middleware.csrf.SmarterCsrfViewMiddleware. The default value should be sufficient for most use cases, unless your use case involves e-commerce checkouts that need a shorter CSRF token lifetime.

See:

The domain to use for the CSRF cookie.

This is set to the Smarter platform domain derived from smarter_settings.

See:

A boolean that determines whether the CSRF cookie should be marked as “HttpOnly”.

Default is False because the smarter-prompt React frontend needs to read the CSRF cookie value via JavaScript to include it in the ‘X-CSRFToken’ header of HTTP requests.

See:

The name of the CSRF cookie.

Default is ‘csrftoken’. This is a placeholder for Smarter-specific functionality in smarter.lib.django.middleware.csrf.SmarterCsrfViewMiddleware.

See:

The path to use for the CSRF cookie.

Default is ‘/’.

See:

The value for the SameSite flag on the CSRF cookie.

Default is ‘Lax’. Smarters needs this to be ‘Lax’ to support cross-site requests from smarter-prompt React frontends.

See:

A boolean that determines whether the CSRF cookie should be marked as “secure”.

This is set to False in base settings but should be set to True in production environments. Note that there are challenges with setting this to True if the Smarter platform is behind a load balancer or reverse proxy that terminates SSL.

See:

smarter.settings.base.CSRF_HEADER_NAME = 'HTTP_X_CSRFTOKEN'

The name of the HTTP header that carries the CSRF token value.

Default is ‘HTTP_X_CSRFTOKEN’, which corresponds to the ‘X-CSRFToken’ header sent by smarter-prompt React frontends.

See:

smarter.settings.base.CSRF_TRUSTED_ORIGINS = ['localhost:9357', 'api.localhost:9357']

A list of trusted origins for cross-site request forgery protection.

This is initialized here with the Smarter platform and API domains derived from smarter_settings.

See:

['localhost:9357', 'api.localhost:9357']
smarter.settings.base.CSRF_USE_SESSIONS = False

A boolean that determines whether to store the CSRF token in the user session instead of.

a cookie. Default is False because smarter-prompt React frontends rely on the CSRF cookie.

See:

smarter.settings.base.DATABASES = {'default': {'ATOMIC_REQUESTS': False, 'AUTOCOMMIT': True, 'CONN_HEALTH_CHECKS': False, 'CONN_MAX_AGE': 0, 'ENGINE': 'django.db.backends.mysql', 'HOST': 'smarter-mysql', 'NAME': 'smarter', 'OPTIONS': {}, 'PASSWORD': 'smarter', 'PORT': '3306', 'TEST': {'CHARSET': None, 'COLLATION': None, 'MIGRATE': True, 'MIRROR': None, 'NAME': None}, 'TIME_ZONE': None, 'USER': 'smarter'}}

The Django database configuration for Smarter, using MySQL as the database backend.

Smarter should be able to support other common Sql databases supported by Django with minimal or no changes, but MySQL is the recommended and tested database backend.

This setting is environment specific and will typically be overridden in smarter/smarter/settings/base_aws.py or other environment-specific settings files.

These credentials are created for you by the Smarter Terraform scripts when deploying the Smarter platform.

For cloud deployments the chain of custody for database credentials should be:

Kubernetes Secret -> environment variable -> smarter_settings -> Django DATABASES.

See:

{
    'default': {
        'ATOMIC_REQUESTS': False,
        'AUTOCOMMIT': True,
        'CONN_HEALTH_CHECKS': False,
        'CONN_MAX_AGE': 0,
        'ENGINE': 'django.db.backends.mysql',
        'HOST': 'smarter-mysql',
        'NAME': 'smarter',
        'OPTIONS': {},
        'PASSWORD': 'smarter',
        'PORT': '3306',
        'TEST': {
            'CHARSET': None,
            'COLLATION': None,
            'MIGRATE': True,
            'MIRROR': None,
            'NAME': None,
        },
        'TIME_ZONE': None,
        'USER': 'smarter',
    },
}
smarter.settings.base.DEBUG = True

A boolean that turns on/off debug mode for Django.

This is retrieved from smarter_settings.debug_mode.

See:

smarter.settings.base.DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'

The default primary key field type for Django models in Smarter.

This is set to ‘BigAutoField’, which is a 64-bit integer that automatically increments. This is suitable for most use cases and provides a large range of values for primary keys.

See: https://docs.djangoproject.com/en/5.0/ref/settings/#default-auto-field

smarter.settings.base.DEFAULT_FILE_STORAGE = 'storages.backends.s3boto3.S3Boto3Storage'

The default file storage backend for Django.

Uses AWS S3 if AWS is configured, otherwise uses local filesystem storage. smarter_settings determines the appropriate value based on whether or not it detects AWS authentication configuration in the running environment.

See:

smarter.settings.base.DEFAULT_HOST = 'local'

The default host name for django-hosts.

This is set to the Smarter platform subdomain.

See: https://django-hosts.readthedocs.io/en/latest/

smarter.settings.base.KNOX_TOKEN_MODEL = 'knox.AuthToken'

The Django model to use for Knox authentication tokens.

Smarter uses the default.

smarter.settings.base.LANGUAGE_CODE = 'en-us'

The default language code for Smarter.

Default is ‘en-us’.

See: https://docs.djangoproject.com/en/5.0/ref/settings/#language-code

smarter.settings.base.LOCAL_HOSTS = ['localhost', '127.0.0.1', 'localhost:9357', '127.0.0.1:9357', 'testserver']

Supplemental list of local host/domain names that this Django site can serve.

This is specicific to Smarter and not officially part of Django settings.

See: smarter_settings.local_hosts

['localhost', '127.0.0.1', 'localhost:9357', '127.0.0.1:9357', 'testserver']
smarter.settings.base.LOGGING = {'disable_existing_loggers': False, 'filters': {'health_check': {'()': 'smarter.lib.logging.filters.HealthCheckFilter'}}, 'formatters': {'truncated': {'datefmt': '[%Y-%m-%d %H:%M:%S]', 'format': '%(asctime)s %(levelname)s %(message)s'}, 'verbose': {'datefmt': '[%Y-%m-%d %H:%M:%S %z]', 'format': '%(asctime)s - %(levelname)s - %(processName)s - %(message)s'}}, 'handlers': {'default': {'class': 'logging.StreamHandler', 'formatter': 'verbose', 'level': 'DEBUG'}, 'redis': {'class': 'smarter.lib.logging.RedisLogHandler', 'formatter': 'truncated', 'level': 20}, 'uvicorn': {'class': 'logging.StreamHandler', 'filters': ['health_check'], 'formatter': 'truncated', 'level': 20}}, 'loggers': {'celery': {'level': 'DEBUG', 'propagate': True}, 'celery.task': {'level': 'DEBUG', 'propagate': True}, 'uvicorn.access': {'handlers': ['uvicorn'], 'level': 20, 'propagate': False}}, 'root': {'handlers': ['default', 'redis'], 'level': 'DEBUG'}, 'version': 1}

Comprehensive logging configuration for the Smarter platform.

This dictionary configures Python’s built-in logging system for the Smarter application. It defines log formatters, handlers, filters, and loggers to control how log messages are processed and where they are sent.

Formatters

verbose

Includes timestamp, log level, process name, and message. Used for detailed logs.

truncated

Shorter format with timestamp, log level, and message. Used for Redis logs.

Filters

health_check

Uses smarter.lib.logging.filters.HealthCheckFilter to suppress log entries for health check endpoints (e.g., /healthz/, /readiness/).

Handlers

default

Console handler (logging.StreamHandler) for standard output. Uses the ‘verbose’ formatter and applies the health_check filter. Log level is set by smarter_settings.log_level_name.

redis

Custom handler (smarter.lib.logging.RedisLogHandler) for sending logs to Redis. Uses the ‘truncated’ formatter and applies the health_check filter. Log level is hardcoded to INFO.

Root Logger

Handlers: [‘default’, ‘redis’] Level: Set by smarter_settings.log_level_name All log messages are sent to both the console and Redis unless filtered out.

Loggers

celery, celery.task

Both propagate to the root logger and use the same log level as the rest of the application.

Log Level

The log level for all handlers and loggers is dynamically set by smarter_settings.log_level_name (e.g., ‘INFO’, ‘DEBUG’, ‘WARNING’).

References

This configuration ensures that health check requests do not clutter logs, and that logs are available both in the console and in Redis for further processing or monitoring.

{
    'disable_existing_loggers': False,
    'filters': {
        'health_check': {
            '()': 'smarter.lib.logging.filters.HealthCheckFilter',
        },
    },
    'formatters': {
        'truncated': {
            'datefmt': '[%Y-%m-%d %H:%M:%S]',
            'format': '%(asctime)s %(levelname)s %(message)s',
        },
        'verbose': {
            'datefmt': '[%Y-%m-%d %H:%M:%S %z]',
            'format': '%(asctime)s - %(levelname)s - %(processName)s - %(message)s',
        },
    },
    'handlers': {
        'default': {
            'class': 'logging.StreamHandler',
            'formatter': 'verbose',
            'level': 'DEBUG',
        },
        'redis': {
            'class': 'smarter.lib.logging.RedisLogHandler',
            'formatter': 'truncated',
            'level': 20,
        },
        'uvicorn': {
            'class': 'logging.StreamHandler',
            'filters': ['health_check'],
            'formatter': 'truncated',
            'level': 20,
        },
    },
    'loggers': {
        'celery': {'level': 'DEBUG', 'propagate': True},
        'celery.task': {'level': 'DEBUG', 'propagate': True},
        'uvicorn.access': {'handlers': ['uvicorn'], 'level': 20, 'propagate': False},
    },
    'root': {'handlers': ['default', 'redis'], 'level': 'DEBUG'},
    'version': 1,
}
smarter.settings.base.LOGIN_REDIRECT_URL = '/'

The URL to redirect users to after successful login.

Default is ‘/’. Do not change this value unless you know what you are doing.

See: https://docs.djangoproject.com/en/5.0/ref/settings/#login-redirect-url

smarter.settings.base.LOGIN_URL = '/login/'

The URL to redirect users to for login.

Default is ‘/login/’. Do not change this value unless you know what you are doing.

See: https://docs.djangoproject.com/en/5.0/ref/settings/#login-url

smarter.settings.base.LOGOUT_REDIRECT_URL = '/'

The URL to redirect users to after logout.

Default is ‘/’. Do not change this value unless you know what you are doing.

See: https://docs.djangoproject.com/en/5.0/ref/settings/#logout-redirect-url

smarter.settings.base.REST_FRAMEWORK = {'DEFAULT_AUTHENTICATION_CLASSES': ['smarter.lib.drf.token_authentication.SmarterTokenAuthentication'], 'DEFAULT_PARSER_CLASSES': ['rest_framework.parsers.JSONParser', 'smarter.lib.drf.parsers.YAMLParser', 'rest_framework.parsers.FormParser', 'rest_framework.parsers.MultiPartParser'], 'DEFAULT_PERMISSION_CLASSES': ['rest_framework.permissions.IsAuthenticated']}

The Django REST Framework configuration for Smarter, including default authentication classes,.

permission classes, and parser classes.

Do not change these values unless you know what you are doing. Even then, it’s probably a bad idea.

See: https://www.django-rest-framework.org/api-guide/settings/

{
    'DEFAULT_AUTHENTICATION_CLASSES': [
        'smarter.lib.drf.token_authentication.SmarterTokenAuthentication',
    ],
    'DEFAULT_PARSER_CLASSES': [
        'rest_framework.parsers.JSONParser',
        'smarter.lib.drf.parsers.YAMLParser',
        'rest_framework.parsers.FormParser',
        'rest_framework.parsers.MultiPartParser',
    ],
    'DEFAULT_PERMISSION_CLASSES': [
        'rest_framework.permissions.IsAuthenticated',
    ],
}
smarter.settings.base.ROOT_HOSTCONF = 'smarter.hosts'

The root host configuration module for django-hosts.

Smarter hosts multiple subdomains for platform, API, and llm_client apps. These are defined in smarter.hosts.

See: https://django-hosts.readthedocs.io/en/latest/

smarter.settings.base.ROOT_URLCONF = 'smarter.urls.console'

The root URL configuration module for Smarter.

This points to smarter.urls.console, which defines the URL patterns for the Smarter web platform console.

See: https://docs.djangoproject.com/en/5.0/ref/settings/#root-urlconf

smarter.settings.base.SECRET_KEY = 'H_A3Zjyv7A4qv8s5'

The secret key for this Django installation.

This is retrieved and validated from smarter_settings. If not set, a random key is generated and logged as a warning.

For production deployments the chain of custody should be:

GitHub Secrets -> GitHub Actions -> environment variable -> smarter_settings -> Django SECRET_KEY.

See:

smarter.settings.base.SECURE_PROXY_SSL_HEADER = None

A tuple representing a header/value combination that signifies a request is secure.

This is set to None in base settings and should be set appropriately in production environments if the Smarter platform is behind a load balancer or reverse proxy that terminates SSL.

See: https://docs.djangoproject.com/en/5.0/ref/settings/#secure-proxy-ssl-header

The age of the session cookie, in seconds.

Default is 1209600 (2 weeks).

The domain to use for the session cookie.

This is set to the Smarter platform domain derived from smarter_settings.

See:

A boolean that determines whether the session cookie should be marked as “HttpOnly”.

Default is True.

See:

The name of the session cookie.

Default is ‘sessionid’. This is a placeholder for Smarter-specific functionality in smarter.apps.prompt.views.PromptWorkbenchView.

See:

The path to use for the session cookie.

Default is ‘/’. This is a placeholder.

See:

The value for the SameSite flag on the session cookie.

Default is ‘Lax’. Smarters needs this to be ‘Lax’ to support cross-site requests from smarter-prompt React frontends.

See:

A boolean that determines whether the session cookie should be marked as “secure”.

This is set to False in base settings but should be set to True in production environments. Note that there are challenges with setting this to True if the Smarter platform is behind a load balancer or reverse proxy that terminates SSL.

See:

smarter.settings.base.SESSION_ENGINE = 'django.contrib.sessions.backends.cache'

The Django session engine configuration for Smarter, using the cache backend.

(Redis) for session storage. Storing sessions in Redis will preserve user sessions across multiple web server instances in a load-balanced environment, and also insulates from sessions being lost due to redeployments or restarts of web server.

See: https://docs.djangoproject.com/en/5.0/ref/settings/#session-engine

smarter.settings.base.SMTP_FROM_EMAIL = 'no-reply@local.smarter.sh'

The default “from” email address for outgoing emails from Smarter.

This is derived from smarter_settings.

See:

smarter.settings.base.SMTP_HOST = 'email-smtp.ca-central-1.amazonaws.com'

The SMTP host for outgoing emails from Smarter.

This is derived from smarter_settings.

See:
smarter.settings.base.SMTP_PASSWORD = 'BCuzeVxE8J1hWTUa5pE3C/f00VC9WCul51bIVrOKhHPt'

The SMTP password for outgoing emails from Smarter.

This is derived from smarter_settings. When using AWS SES as the SMTP service, this is the SMTP password generated from the AWS SES console. Note that this is NOT the AWS secret access key, nor is it the AWS IAM user password.

This credential is created for you when using the Smarter Terraform scripts to deploy the Smarter cloud platform with AWS SES as the SMTP service.

For production deployments the chain of custody should be:

Kubernetes Secret -> environment variable -> smarter_settings -> Django SMTP_PASSWORD.

See:

smarter.settings.base.SMTP_PORT = 587

The SMTP port for outgoing emails from Smarter.

This is derived from smarter_settings.

See:
smarter.settings.base.SMTP_SENDER = 'no-reply@smarter.sh'

The default sender email address for outgoing emails from Smarter.

This is derived from smarter_settings.

See:

smarter.settings.base.SMTP_USERNAME = 'AKIARKEXDU3EZIJVLI35'

The SMTP username for outgoing emails from Smarter.

This is derived from smarter_settings. When using AWS SES as the SMTP service, this is the SMTP password generated from the AWS SES console. Note that this is NOT the AWS secret access key, nor is it the AWS IAM user password.

This credential is created for you when using the Smarter Terraform scripts to deploy the Smarter cloud platform with AWS SES as the SMTP service.

For production deployments the chain of custody should be:

Kubernetes Secret -> environment variable -> smarter_settings -> Django SMTP_PASSWORD.

See:

smarter.settings.base.SMTP_USE_SSL = False

A boolean that specifies whether to use SSL for SMTP connections in Smarter.

This is derived from smarter_settings.

See:

smarter.settings.base.SMTP_USE_TLS = True

A boolean that specifies whether to use TLS for SMTP connections in Smarter.

This is derived from smarter_settings.

See:
smarter.settings.base.SOCIAL_AUTH_ADMIN_USER_SEARCH_FIELDS = ['username', 'first_name', 'email']

The user fields that can be searched in the Django admin interface for social authentication users.

See: https://python-social-auth.readthedocs.io/en/latest/configuration/django.html#admin-integration

['username', 'first_name', 'email']
smarter.settings.base.SOCIAL_AUTH_CREATE_USERS = False

A boolean that determines whether to automatically create user accounts.

when a user authenticates via a social authentication provider.

IMPORTANT: Smarter defaults this to False for security reasons to prevent what is effectively random virtually-anonymous user account creation via social authentication. User accounts should be created via the Smarter platform console by an administrator, then linked to social authentication providers as needed.

SETTING THIS TO TRUE IS A SECURITY AND A FINANCIAL RISK BECAUSE IT WILL ALLOW ANY USERS (E.G. BOTNETS) TO CREATE ACCOUNTS AND ACCESS PAID SERVICES WITHOUT RESTRICTION OR OVERSIGHT.

smarter.settings.base.SOCIAL_AUTH_GITHUB_KEY = 'Ov23liKDO9eaVpgLLpUH'

Python Social Auth GitHub OAuth2 client ID for Smarter.

The chain of custody for this secret should be:

GitHub Secrets -> GitHub Actions -> environment variable -> smarter_settings -> Django SOCIAL_AUTH_GITHUB_KEY.

See:

smarter.settings.base.SOCIAL_AUTH_GITHUB_SECRET = 'b6dcd55cb13b2d0c277a93e910934a99d8adea20'

Python Social Auth GitHub OAuth2 client secret for Smarter.

The chain of custody for this secret should be:

GitHub Secrets -> GitHub Actions -> environment variable -> smarter_settings -> Django SOCIAL_AUTH_GITHUB_SECRET.

See:

smarter.settings.base.SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = '231536848926-v63gulrk8u01s1uodjlp0e0vbib8u93r.apps.googleusercontent.com'

Python Social Auth Google OAuth2 client ID for Smarter.

The chain of custody for this secret should be:

GitHub Secrets -> GitHub Actions -> environment variable -> smarter_settings -> Django SOCIAL_AUTH_GOOGLE_OAUTH2_KEY.

See:

smarter.settings.base.SOCIAL_AUTH_GOOGLE_OAUTH2_REDIRECT_URI = 'http://localhost:9357/social-auth/complete/google-oauth2/'

The redirect URI for Google OAuth2 social authentication in Smarter.

Do not change this value unless you know what you are doing.

See:

smarter.settings.base.SOCIAL_AUTH_GOOGLE_OAUTH2_SCOPE = ['openid', 'email', 'profile']

The OAuth2 scopes for Google social authentication in Smarter.

See: https://python-social-auth.readthedocs.io/en/latest/backends/google.html

['openid', 'email', 'profile']
smarter.settings.base.SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = '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'

Python Social Auth Google OAuth2 client secret for Smarter.

The chain of custody for this secret should be:

GitHub Secrets -> GitHub Actions -> environment variable -> smarter_settings -> Django SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET.

See:

smarter.settings.base.SOCIAL_AUTH_LINKEDIN_OAUTH2_EXTRA_DATA = [('id', 'id'), ('firstName', 'first_name'), ('lastName', 'last_name'), ('emailAddress', 'email_address')]

The extra data fields to retrieve from LinkedIn during social authentication in Smarter.

NOTE: (Nov-2025) LinkedIn has deprecated OAuth2 client secrets for security reasons. The Smarter reference cloud platform is no longer using LinkedIn OAuth2 for social authentication, but the configuration settings remain here for backward compatibility with existing Smarter deployments that may still be using LinkedIn OAuth2.

See: https://python-social-auth.readthedocs.io/en/latest/backends/linkedin.html

[
    ('id', 'id'),
    ('firstName', 'first_name'),
    ('lastName', 'last_name'),
    ('emailAddress', 'email_address'),
]
smarter.settings.base.SOCIAL_AUTH_LINKEDIN_OAUTH2_FIELD_SELECTORS = ['id', 'first-name', 'last-name', 'email-address']

The OAuth2 field selectors for LinkedIn social authentication in Smarter.

NOTE: (Nov-2025) LinkedIn has deprecated OAuth2 client secrets for security reasons. The Smarter reference cloud platform is no longer using LinkedIn OAuth2 for social authentication, but the configuration settings remain here for backward compatibility with existing Smarter deployments that may still be using LinkedIn OAuth2.

See: https://python-social-auth.readthedocs.io/en/latest/backends/linkedin.html

['id', 'first-name', 'last-name', 'email-address']
smarter.settings.base.SOCIAL_AUTH_LINKEDIN_OAUTH2_KEY = '789avvhr1upfjd'

Python Social Auth LinkedIn OAuth2 client ID for Smarter.

The chain of custody for this secret should be:

GitHub Secrets -> GitHub Actions -> environment variable -> smarter_settings -> Django SOCIAL_AUTH_LINKEDIN_OAUTH2_KEY.

See:

smarter.settings.base.SOCIAL_AUTH_LINKEDIN_OAUTH2_REDIRECT_URI = 'http://localhost:9357/social-auth/complete/linkedin-oauth2/'

The redirect URI for LinkedIn OAuth2 social authentication in Smarter.

NOTE: (Nov-2025) LinkedIn has deprecated OAuth2 client secrets for security reasons. The Smarter reference cloud platform is no longer using LinkedIn OAuth2 for social authentication, but the configuration settings remain here for backward compatibility with existing Smarter deployments that may still be using LinkedIn OAuth2.

Do not change this value unless you know what you are doing.

See:

smarter.settings.base.SOCIAL_AUTH_LINKEDIN_OAUTH2_SCOPE = ['openid', 'profile', 'email']

The OAuth2 scopes for LinkedIn social authentication in Smarter.

NOTE: (Nov-2025) LinkedIn has deprecated OAuth2 client secrets for security reasons. The Smarter reference cloud platform is no longer using LinkedIn OAuth2 for social authentication, but the configuration settings remain here for backward compatibility with existing Smarter deployments that may still be using LinkedIn OAuth2.

See: https://python-social-auth.readthedocs.io/en/latest/backends/linkedin.html

['openid', 'profile', 'email']
smarter.settings.base.SOCIAL_AUTH_LINKEDIN_OAUTH2_SECRET = 'WPL_AP1.bbZGoEfjfJsz3ffW.UWL6Xg=='

Python Social Auth LinkedIn OAuth2 client secret for Smarter.

NOTE: (Nov-2025) LinkedIn has deprecated OAuth2 client secrets for security reasons. The Smarter reference cloud platform is no longer using LinkedIn OAuth2 for social authentication, but the configuration settings remain here for backward compatibility with existing Smarter deployments that may still be using LinkedIn OAuth2.

The chain of custody for this secret should be: GitHub Secrets -> GitHub Actions -> environment variable -> smarter_settings -> Django SOCIAL_AUTH_LINKEDIN_OAUTH2_SECRET.

See:

smarter.settings.base.STATICFILES_DIRS = [PosixPath('/Users/mcdaniel/Desktop/gh/smarter-sh/smarter/smarter/smarter/static')]

A list of directories where Django will also look for static files, in addition.

to each app’s ‘static’ subdirectory. This is set to the ‘static’ directory in the BASE_DIR. This allows for global static files that are not tied to a specific app.

See: https://docs.djangoproject.com/en/5.0/ref/settings/#staticfiles-dirs

[
    PosixPath('/Users/mcdaniel/Desktop/gh/smarter-sh/smarter/smarter/smarter/static'),
]
smarter.settings.base.STATIC_ROOT = PosixPath('/Users/mcdaniel/Desktop/gh/smarter-sh/smarter/smarter/staticfiles')

The absolute file system path to the directory where static files will be collected.

This is set to the ‘staticfiles’ directory in the project root. This directory is used by the ‘collectstatic’ management command to gather all static files from the various Django apps and store them in a single location for serving.

See: https://docs.djangoproject.com/en/5.0/ref/settings/#static-root

smarter.settings.base.STATIC_URL = '/static/'

The URL prefix for static files in Smarter.

Default is ‘/static/’. This values needs to be consistent with the STATICFILES_DIRS and STATIC_ROOT settings, and also needs to consider how the Dockerfile file system is structured for serving static files.

Do not change this value unless you know what you are doing.

See:

smarter.settings.base.TAGGIT_CASE_INSENSITIVE = True

A boolean that specifies whether to make taggit tags case insensitive. This is.

derived from the environment variable “TAGGIT_CASE_INSENSITIVE”, which defaults to “True”. If set to True, tags will be treated as case insensitive (e.g. “Tag” and “tag” will be considered the same tag).

smarter.settings.base.TAGGIT_STRIP_UNICODE_WHEN_SLUGIFYING = True

If True, strips unicode characters when slugifying tags.

smarter.settings.base.TIME_ZONE = 'UTC'

The default time zone for Smarter.

Default is ‘UTC’.

See: https://docs.djangoproject.com/en/5.0/ref/settings/#time-zone

smarter.settings.base.USE_I18N = True

A boolean that specifies whether Django’s internationalization system.

should be enabled. Default is True. I18N support is important for Smarter to support multiple languages and locales.

See: https://docs.djangoproject.com/en/5.0/ref/settings/#use-i18n

smarter.settings.base.USE_TZ = True

A boolean that specifies whether Django should use timezone-aware datetimes.

Default is True. Timezone support is important for Smarter to handle date and time data correctly across different time zones.

timezone-aware datetimes help ensure that timestamps are accurate and consistent regardless of the user’s location. These were released in Django 1.4 and are now standard practice for web applications.

See: https://docs.djangoproject.com/en/5.0/ref/settings/#use-tz

smarter.settings.base.WAFFLE_CREATE_MISSING_SWITCHES = True

If True, enables automatic creation of missing waffle switches in the database during deployment.

jobs. This is intended to simplify management of waffle switches in Smarter deployments.