Wire production stack: Clerk + Postgres + Anthropic + per-user containers

Brings the backend from a scaffold to a working end-to-end MVP — real auth,
persistent actor registry, Anthropic tool-use loop in the Grow Agent, and
per-user Gitea+OpenCode provisioning. Also adds the client-facing
architecture diagram under docs/architecture.html.

.env.example

@@ -1,20 +1,44 @@
 PORT=4000
 LOG_LEVEL=info
+NODE_ENV=development
+
+# Postgres (started by docker-compose; defaults match the compose service)
+DATABASE_URL=postgres://growqr:growqr@localhost:5432/growqr
+POSTGRES_USER=growqr
+POSTGRES_PASSWORD=growqr
+POSTGRES_DB=growqr
+
+# Clerk auth — get from dashboard.clerk.com → API Keys
+CLERK_SECRET_KEY=sk_test_REPLACE_ME
+CLERK_PUBLISHABLE_KEY=pk_test_REPLACE_ME
+
+# Anthropic — get from console.anthropic.com → API Keys
+ANTHROPIC_API_KEY=sk-ant-REPLACE_ME
+GROW_AGENT_MODEL=claude-opus-4-7
+SUB_AGENT_MODEL=claude-sonnet-4-6
+MAX_AGENT_TOKENS=4096
+
+# Shared secret for actor → backend service calls (rotate in prod)
+SERVICE_TOKEN=dev-service-token-REPLACE_ME
 
 # Rivet Kit engine (self-hosted in docker-compose)
 RIVET_ENDPOINT=http://localhost:6420
 
-# Docker images used for per-user containers
+# Per-user container images
 GITEA_IMAGE=gitea/gitea:1.22
 OPENCODE_IMAGE=ghcr.io/sst/opencode:latest
 
-# Host where spawned containers expose their ports (usually localhost in dev)
+# Host where spawned containers expose their ports.
+# - localhost in dev
+# - host.docker.internal when the backend runs inside docker-compose
 USER_CONTAINER_HOST=127.0.0.1
 
-# Workspace root on the host that gets bind-mounted into per-user containers.
-# Each user gets a subdir: ${USER_DATA_ROOT}/<userId>/{gitea,workspace}
+# Workspace root on the host. Each user gets a subdir.
 USER_DATA_ROOT=./.data/users
 
 # Port range allocated to spawned per-user containers
 USER_PORT_RANGE_START=20000
 USER_PORT_RANGE_END=29999
+
+# CORS origin(s) for the Next.js frontend (comma-separated for multiple)
+FRONTEND_ORIGIN=http://localhost:3000