```

feat(auth): make JWT token expiration configurable via environment variable- Add JWT_LIFETIME_SECONDS environment variable to configure token expiration
- Set default expiration to3600 seconds (1 hour) for both API and client auth backends
- Remove hardcoded expiration values in favor of environment-based configuration
- Add documentation comments explaining the JWT strategy configuration

feat(auth): make cookie domain configurable via environment variable

- Add AUTH_TOKEN_COOKIE_DOMAIN environment variable to configure cookie domain
- When not set or empty, cookie domain defaults to None allowing cross-domain usage
- Add documentation explaining cookie expiration is handled by JWT strategy
- Update default_transport to use environment-based cookie domainfeat(docker): add CORS_ALLOWED_ORIGINS environment variable

- Add CORS_ALLOWED_ORIGINS environment variable with default value of '*'
- Configure frontend to use NEXT_PUBLIC_BACKEND_API_URL environment variable
- Set default backend API URL to http://localhost:8000

feat(docker): add restart policy to all services

- Add restart: always policy to cognee, frontend, neo4j, chromadb, and postgres services
- This ensures services automatically restart on failure or system reboot
- Improves container reliability and uptime```

cognee/modules/users/authentication/default/default_transport.py

@@ -1,12 +1,22 @@
 import os
 from fastapi_users.authentication import CookieTransport
 
+# Get cookie domain from environment variable
+# If not set or empty, use None to allow cookie to work on any domain
+cookie_domain = os.getenv("AUTH_TOKEN_COOKIE_DOMAIN")
+if cookie_domain == "":
+    cookie_domain = None
+
+# Note: Cookie expiration is automatically set by FastAPI Users based on JWT Strategy's lifetime_seconds
+# The JWT Strategy lifetime_seconds is configured in get_client_auth_backend.py
+# and reads from JWT_LIFETIME_SECONDS environment variable
+
 default_transport = CookieTransport(
     cookie_name=os.getenv("AUTH_TOKEN_COOKIE_NAME", "auth_token"),
     cookie_secure=False,
     cookie_httponly=True,
     cookie_samesite="Lax",
-    cookie_domain="localhost",
+    cookie_domain=cookie_domain,  # None allows cookie to work on any domain
 )
 
 default_transport.name = "cookie"

cognee/modules/users/authentication/get_api_auth_backend.py

@@ -16,8 +16,10 @@ def get_api_auth_backend():
 
     def get_jwt_strategy() -> JWTStrategy[models.UP, models.ID]:
         secret = os.getenv("FASTAPI_USERS_JWT_SECRET", "super_secret")
-
-        return APIJWTStrategy(secret, lifetime_seconds=36000)
+        # 使用环境变量配置过期时间，默认与 client_auth_backend 保持一致（3600秒）
+        lifetime_seconds = int(os.getenv("JWT_LIFETIME_SECONDS", "3600"))
+        
+        return APIJWTStrategy(secret, lifetime_seconds=lifetime_seconds)
 
     auth_backend = AuthenticationBackend(
         name=transport.name,

cognee/modules/users/authentication/get_client_auth_backend.py

@@ -18,8 +18,10 @@ def get_client_auth_backend():
         from .default.default_jwt_strategy import DefaultJWTStrategy
 
         secret = os.getenv("FASTAPI_USERS_JWT_SECRET", "super_secret")
+        # 使用环境变量配置过期时间，默认 3600 秒（1小时）
+        lifetime_seconds = int(os.getenv("JWT_LIFETIME_SECONDS", "3600"))
 
-        return DefaultJWTStrategy(secret, lifetime_seconds=3600)
+        return DefaultJWTStrategy(secret, lifetime_seconds=lifetime_seconds)
 
     auth_backend = AuthenticationBackend(
         name=transport.name,

docker-compose.yml

@@ -1,6 +1,7 @@
 services:
   cognee:
     container_name: cognee
+    restart: always
     networks:
       - cognee-network
     build:
@@ -14,6 +15,7 @@ services:
       - HOST=0.0.0.0
       - ENVIRONMENT=local
       - LOG_LEVEL=INFO
+      - CORS_ALLOWED_ORIGINS=${CORS_ALLOWED_ORIGINS:-*}
     extra_hosts:
       # Allows the container to reach your local machine using "host.docker.internal" instead of "localhost"
       - "host.docker.internal:host-gateway"
@@ -68,6 +70,9 @@ services:
   # If you want to use Cognee with a UI environment you can integrate the Cognee MCP Server into Cursor / Claude Desktop / Visual Studio Code (through Cline/Roo)
   frontend:
     container_name: frontend
+    restart: always
+    environment:
+      - NEXT_PUBLIC_BACKEND_API_URL=${NEXT_PUBLIC_BACKEND_API_URL:-http://localhost:8000}
     profiles:
         - ui
     build:
@@ -85,6 +90,7 @@ services:
   neo4j:
     image: neo4j:latest
     container_name: neo4j
+    restart: always
     profiles:
       - neo4j
     ports:
@@ -99,6 +105,7 @@ services:
   chromadb:
     image: chromadb/chroma:0.6.3
     container_name: chromadb
+    restart: always
     profiles:
       - chromadb
     environment:
@@ -117,6 +124,7 @@ services:
   postgres:
     image: pgvector/pgvector:pg17
     container_name: postgres
+    restart: always
     profiles:
       - postgres
     environment: