update

README.md

@@ -75,7 +75,6 @@ Calling all developers and GenAI innovators! The **DocsGPT Lighthouse Program**
 
 [Learn More & Apply →](https://docs.google.com/forms/d/1KAADiJinUJ8EMQyfTXUIGyFbqINNClNR3jBNWq7DgTE)
 
-
 ## QuickStart
 
 > [!Note]
@@ -115,6 +114,7 @@ To stop DocsGPT, open a terminal in the `DocsGPT` directory and run:
 ```bash
 docker compose -f deployment/docker-compose.yaml down
 ```
+
 (or use the specific `docker compose down` command shown after running the setup script).
 
 > [!Note]
@@ -142,7 +142,6 @@ Please refer to the [CONTRIBUTING.md](CONTRIBUTING.md) file for information abou
 
 We as members, contributors, and leaders, pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation. Please refer to the [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md) file for more information about contributing.
 
-
 ## Many Thanks To Our Contributors⚡
 
 <a href="https://github.com/arc53/DocsGPT/graphs/contributors" alt="View Contributors">

docs/pages/Deploying/DocsGPT-Settings.mdx

@@ -99,45 +99,76 @@ In this case, even though you are using Ollama locally, `LLM_PROVIDER` is set to
 
 DocsGPT includes a JWT (JSON Web Token) based authentication feature for managing sessions or securing local deployments while allowing access.
 
-- **`AUTH_TYPE`**: This setting in your `.env` file or `settings.py` determines the authentication method.
+### `AUTH_TYPE` Overview
 
-    - **Possible values:**
-        - `None` (or not set): No authentication is used.
-        - `simple_jwt`: A single, long-lived JWT token is generated and used for all authenticated requests. This is useful for securing a local deployment with a shared secret.
-        - `session_jwt`: Unique JWT tokens are generated for sessions, typically for individual users or temporary access.
-    - If `AUTH_TYPE` is set to `simple_jwt` or `session_jwt`, then a `JWT_SECRET_KEY` is required.
-- **`JWT_SECRET_KEY`**: This is a crucial secret key used to sign and verify JWTs.
+The `AUTH_TYPE` setting in your `.env` file or `settings.py` determines the authentication method used by DocsGPT. This allows you to control how users authenticate with your DocsGPT instance.
 
-    - It can be set directly in your `.env` file or `settings.py`.
-    - **Automatic Key Generation**: If `AUTH_TYPE` is `simple_jwt` or `session_jwt` and `JWT_SECRET_KEY` is _not_ set in your environment variables or `settings.py`, DocsGPT will attempt to:
-        1. Read the key from a file named `.jwt_secret_key` in the project's root directory.
-        2. If the file doesn't exist, it will generate a new 32-byte random key, save it to `.jwt_secret_key`, and use it for the session. This ensures that the key persists across application restarts.
-    - **Security Note**: It's vital to keep this key secure. If you set it manually, choose a strong, random string.
+| Value         | Description                                                                                 |
+| ------------- | ------------------------------------------------------------------------------------------- |
+| `None`        | No authentication is used. Anyone can access the app.                                       |
+| `simple_jwt`  | A single, long-lived JWT token is generated at startup. All requests use this shared token. |
+| `session_jwt` | Unique JWT tokens are generated for each session/user.                                      |
 
-**How it works:**
+#### How to Configure
 
-- When `AUTH_TYPE` is set to `simple_jwt`, a token is generated at startup (if not already present or configured) and printed to the console. This token should be included in the `Authorization` header of your API requests as a Bearer token (e.g., `Authorization: Bearer YOUR_SIMPLE_JWT_TOKEN`).
-- When `AUTH_TYPE` is set to `session_jwt`:
-    - Clients can request a new token from the `/api/generate_token` endpoint.
-    - This token should then be included in the `Authorization` header for subsequent requests.
-- The backend verifies the JWT token provided in the `Authorization` header for protected routes.
-- The `/api/config` endpoint can be used to check the current `auth_type` and whether authentication is required.
+Add the following to your `.env` file (or set in `settings.py`):
 
-**Frontend Token Input for `simple_jwt`:**
+```env
+# No authentication (default)
+AUTH_TYPE=None
+
+# OR: Simple JWT (shared token)
+AUTH_TYPE=simple_jwt
+JWT_SECRET_KEY=your_secret_key_here
+
+# OR: Session JWT (per-user/session tokens)
+AUTH_TYPE=session_jwt
+JWT_SECRET_KEY=your_secret_key_here
+```
+
+- If `AUTH_TYPE` is set to `simple_jwt` or `session_jwt`, a `JWT_SECRET_KEY` is required.
+- If `JWT_SECRET_KEY` is not set, DocsGPT will generate one and store it in `.jwt_secret_key` in the project root.
+
+#### How Each Method Works
+
+- **None**: No authentication. All API and UI access is open.
+- **simple_jwt**:
+  - A single JWT token is generated at startup and printed to the console.
+  - Use this token in the `Authorization` header for all API requests:
+    ```http
+    Authorization: Bearer <SIMPLE_JWT_TOKEN>
+    ```
+  - The frontend will prompt for this token if not already set.
+- **session_jwt**:
+  - Clients can request a new token from `/api/generate_token`.
+  - Use the received token in the `Authorization` header for subsequent requests.
+  - Each user/session gets a unique token.
+
+#### Security Notes
+
+- Always keep your `JWT_SECRET_KEY` secure and private.
+- If you set it manually, use a strong, random string.
+- If not set, DocsGPT will generate a secure key and persist it in `.jwt_secret_key`.
+
+#### Checking Current Auth Type
+
+- Use the `/api/config` endpoint to check the current `auth_type` and whether authentication is required.
+
+#### Frontend Token Input for `simple_jwt`
+
+If you have configured `AUTH_TYPE=simple_jwt`, the DocsGPT frontend will prompt you to enter the JWT token if it's not already set or is invalid. Paste the `SIMPLE_JWT_TOKEN` (printed to your console when the backend starts) into this field to access the application.
 
 <img
   src="/jwt-input.png"
   alt="Frontend prompt for JWT Token"
   style={{
-    width: '500px', 
-    maxWidth: '100%', 
-    display: 'block', 
-    margin: '1em auto' 
+    width: "500px",
+    maxWidth: "100%",
+    display: "block",
+    margin: "1em auto",
   }}
 />
 
-If you have configured `AUTH_TYPE=simple_jwt`, the DocsGPT frontend will prompt you to enter the JWT token if it's not already set or is invalid. You'll need to paste the `SIMPLE_JWT_TOKEN` (which is printed to your console when the backend starts) into this field to access the application.
-
 ## Exploring More Settings
 
 These are just the basic settings to get you started. The `settings.py` file contains many more advanced options that you can explore to further customize DocsGPT, such as:

package-lock.json

@@ -0,0 +1,6 @@
+{
+  "name": "DocsGPT",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {}
+}