v0.0.1 (#8)

Co-authored-by: Tasnim Kabir Sadik <tksadik92@gmail.com>
Reviewed-on: wrenn/sandbox#8

.env.example

@@ -5,14 +5,13 @@ DATABASE_URL=postgres://wrenn:wrenn@localhost:5432/wrenn?sslmode=disable
 REDIS_URL=redis://localhost:6379/0
 
 # Control Plane
-CP_LISTEN_ADDR=:8000
-CP_HOST_AGENT_ADDR=localhost:50051
+WRENN_CP_LISTEN_ADDR=:8080
 
 # Host Agent
-AGENT_LISTEN_ADDR=:50051
-AGENT_FILES_ROOTDIR=/var/lib/wrenn
-AGENT_HOST_INTERFACE=eth0
-AGENT_CP_URL=http://localhost:8000
+WRENN_HOST_LISTEN_ADDR=:50051
+WRENN_DIR=/var/lib/wrenn
+WRENN_HOST_INTERFACE=eth0
+WRENN_CP_URL=http://localhost:8080
 
 # Lago (billing — external service)
 LAGO_API_URL=http://localhost:3000
@@ -28,6 +27,18 @@ AWS_SECRET_ACCESS_KEY=
 # Auth
 JWT_SECRET=
 
+# mTLS — CP→Agent channel
+# Generate a self-signed CA with:
+#   openssl ecparam -genkey -name P-256 -noout -out ca.key
+#   openssl req -new -x509 -key ca.key -days 3650 -out ca.crt -subj "/CN=wrenn-internal-ca"
+# Then set these to the file contents (newlines replaced with \n or use multiline env).
+WRENN_CA_CERT=
+WRENN_CA_KEY=
+
+# Channels (notification destinations)
+# AES-256-GCM key for encrypting channel secrets. Generate with: openssl rand -hex 32
+WRENN_ENCRYPTION_KEY=
+
 # OAuth
 OAUTH_GITHUB_CLIENT_ID=
 OAUTH_GITHUB_CLIENT_SECRET=