diff --git a/.env.example b/.env.example
new file mode 100644
index 0000000..25671ee
--- /dev/null
+++ b/.env.example
@@ -0,0 +1,133 @@
+# =============================================
+# DeepAudit 部署全局环境变量配置模板
+# =============================================
+# 复制此文件为 .env 并填入实际配置
+# .env 文件已加入 .gitignore，不会被提交到版本库
+# =============================================
+
+# =============================================
+# 1. 数据库配置 (PostgreSQL)
+# =============================================
+POSTGRES_SERVER=db
+POSTGRES_USER=postgres
+POSTGRES_PASSWORD=postgres
+POSTGRES_DB=deepaudit
+
+# 完整连接字符串 (由 Compose 自动拼接，如需手动覆盖请取消注释)
+# DATABASE_URL=postgresql+asyncpg://postgres:postgres@db/deepaudit
+
+# =============================================
+# 2. 安全与认证配置 (JWT)
+# =============================================
+# 生产环境务必修改，可运行 `openssl rand -hex 32` 生成
+SECRET_KEY=your-secret-key
+ALGORITHM=HS256
+ACCESS_TOKEN_EXPIRE_MINUTES=11520
+
+# =============================================
+# 3. LLM 通用配置 (后端核心引擎)
+# =============================================
+# 提供商: openai, gemini, claude, qwen, deepseek, zhipu, ollama
+# 原生适配器: baidu, minimax, doubao
+LLM_PROVIDER=openai
+# API 密钥 (通用)
+LLM_API_KEY=your-api-key
+# 模型名称
+LLM_MODEL=qwen3-coder-flash
+# 自定义端点
+LLM_BASE_URL=https://dashscope.aliyuncs.com/compatible-mode/v1
+# 超时时间 (秒)
+LLM_TIMEOUT=300
+# 生成温度 (0-1)
+LLM_TEMPERATURE=0.7
+# 最大生成 Token
+LLM_MAX_TOKENS=32768
+# 并发请求数
+LLM_CONCURRENCY=20
+# 请求间隔 (ms)
+LLM_GAP_MS=0
+
+# =============================================
+# 4. LLM 各平台独立配置 (可选)
+# =============================================
+OPENAI_API_KEY=
+OPENAI_BASE_URL=
+GEMINI_API_KEY=
+CLAUDE_API_KEY=
+QWEN_API_KEY=
+DEEPSEEK_API_KEY=
+ZHIPU_API_KEY=
+MOONSHOT_API_KEY=
+BAIDU_API_KEY=
+MINIMAX_API_KEY=
+DOUBAO_API_KEY=
+OLLAMA_BASE_URL=
+
+# =============================================
+# 5. RAG 嵌入模型配置 (知识库检索)
+# =============================================
+EMBEDDING_PROVIDER=openai
+EMBEDDING_MODEL=text-embedding-v4
+EMBEDDING_DIMENSION=1024
+EMBEDDING_API_KEY=your-api-key
+EMBEDDING_BASE_URL=https://dashscope.aliyuncs.com/compatible-mode/v1
+
+# =============================================
+# 6. 向量数据库配置 (RAG 功能)
+# =============================================
+VECTOR_DB_TYPE=chroma
+CHROMA_PERSIST_DIRECTORY=./data/chroma
+
+# =============================================
+# 7. Agent 核心服务配置 (任务调度)
+# =============================================
+AGENT_ENABLED=true
+AGENT_MAX_ITERATIONS=5
+AGENT_TIMEOUT=1800
+
+# Redis 配置
+REDIS_HOST=redis
+REDIS_URL=redis://redis:6379/0
+REDIS_PORT=6379
+
+# =============================================
+# 8. 沙箱配置 (验证器)
+# =============================================
+SANDBOX_ENABLED=true
+SANDBOX_IMAGE=deepaudit/sandbox:latest
+SANDBOX_MEMORY_LIMIT=512m
+SANDBOX_CPU_LIMIT=1.0
+SANDBOX_NETWORK_DISABLED=true
+SANDBOX_TIMEOUT=30
+
+# =============================================
+# 9. Git 仓库集成配置
+# =============================================
+# Gitea 地址 (如果是宿主机 Gitea，请填写宿主机 IP)
+GITEA_HOST_URL=your-gitea-url
+# Gitea 用户访问令牌 (个人)，使用ai-bot账号token即可
+GITEA_TOKEN=your-gitea-token
+# AI Bot 访问令牌 (Issue/PR 回复)
+GITEA_BOT_TOKEN=your-bot-token
+# Webhook 认证密钥
+GITEA_WEBHOOK_SECRET=your-webhook-secret
+
+# 其他平台 (可选)
+GITHUB_TOKEN=
+GITLAB_TOKEN=
+
+# =============================================
+# 10. 存储与输出配置
+# =============================================
+ZIP_STORAGE_PATH=./uploads/zip_files
+OUTPUT_LANGUAGE=zh-CN
+MAX_ANALYZE_FILES=500
+MAX_FILE_SIZE_BYTES=204800
+
+# =============================================
+# 11. 前端专用配置
+# =============================================
+# 前端访问 API 的基础路径
+VITE_API_BASE_URL=/api/v1
+# 应用标识
+VITE_APP_ID=deepaudit
\ No newline at end of file
diff --git a/backend/.env.bak b/backend/.env.example
similarity index 94%
rename from backend/.env.bak
rename to backend/.env.example
index 22143ab..812374b 100644
--- a/backend/.env.bak
+++ b/backend/.env.example
@@ -21,7 +21,7 @@ POSTGRES_DB=deepaudit
 # =============================================
 # JWT 签名密钥 - 生产环境必须修改为随机字符串！
 # 建议使用: openssl rand -hex 32
-SECRET_KEY=44c222c64424e93e41a12b74e85f800a8a87608a30bc18ce7dd722be48e61b6c
+SECRET_KEY=
 
 # JWT 加密算法
 ALGORITHM=HS256
@@ -38,7 +38,7 @@ ACCESS_TOKEN_EXPIRE_MINUTES=11520
 LLM_PROVIDER=openai
 
 # API 密钥
-LLM_API_KEY=sk-efd56221e9d4497e831e43398ee535ed
+LLM_API_KEY=
 
 # 模型名称（留空使用 provider 默认模型）
 # OpenAI: gpt-4o-mini, gpt-4o, gpt-3.5-turbo
@@ -140,7 +140,7 @@ EMBEDDING_MODEL=text-embedding-v4
 EMBEDDING_DIMENSION=1024
 
 # 嵌入模型 API Key（留空则使用 LLM_API_KEY）
-EMBEDDING_API_KEY=sk-efd56221e9d4497e831e43398ee535ed
+EMBEDDING_API_KEY=
 
 # 注意在生产环境中，在docker-compose.yml中配置
 # 嵌入模型 Base URL（留空则使用默认值）
@@ -196,10 +196,10 @@ GITLAB_TOKEN=
 # 权限要求: read_repository
 # GITEA_TOKEN=f02b82fa51f26f2b13ed2ca67afe3faee49892b7 # http://sl.vrgon.com:3000/ 账号vinland100
 # GITEA_TOKEN=896be9e332f3c60933a5eb931973db450b69b842 # http://182.96.17.140:82/
-GITEA_TOKEN=379a049b8d78965fdff474fc8676bca7e9c70248 # http://sl.vrgon.com:3000/ 账号ai-bot
+GITEA_TOKEN=   # http://sl.vrgon.com:3000/ 账号ai-bot
 
 # Gitea Webhook Secret
-GITEA_WEBHOOK_SECRET=zheke@703
+GITEA_WEBHOOK_SECRET=
 
 # =============================================
 # 扫描配置
@@ -235,4 +235,4 @@ OUTPUT_LANGUAGE=zh-CN
 ## gitea host url，用于自动在PR下面回复
 GITEA_HOST_URL=http://127.0.0.1:82
 ## ai-bot账号issue读写权限token
-GITEA_BOT_TOKEN=7d6c0192fd3ea285e36822d62851138d2b872b23
+GITEA_BOT_TOKEN=379a049b8d78965fdff474fc8676bca7e9c70248
diff --git a/backend/app/core/config.py b/backend/app/core/config.py
index 09e4c84..87a9e2d 100644
--- a/backend/app/core/config.py
+++ b/backend/app/core/config.py
@@ -93,7 +93,9 @@ class Settings(BaseSettings):
     EMBEDDING_DIMENSION: int = 0  # 嵌入模型维度（0 表示自动检测或由代码逻辑根据模型确定）
     
     # 向量数据库配置
-    VECTOR_DB_PATH: str = "./data/vector_db"  # 向量数据库持久化目录
+    VECTOR_DB_TYPE: str = "chroma"
+    VECTOR_DB_PATH: str = "./data/vector_db"  # 向量数据库持久化目录 (ChromaDB)
+    CHROMA_PERSIST_DIRECTORY: Optional[str] = None # 显式指定的 Chroma 持久化目录 (由于向后兼容保留 PATH)
 
     # SSH配置
     SSH_CONFIG_PATH: str = "./data/ssh"  # SSH配置目录（存储known_hosts等）
diff --git a/docker-compose.yml b/docker-compose.yml
index d3a7c4d..705d0dc 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,9 +1,65 @@
 # =============================================
-# DeepAudit Docker Compose 配置
+# DeepAudit Docker Compose 配置 (Dify Style)
 # =============================================
-# 部署: docker compose up -d
-# 查看日志: docker compose logs -f
-# 注意: Agent 服务和沙箱环境是必须的核心组件
+
+# 共享环境变量定义
+x-shared-env:
+  # 基础信息
+  &shared-env
+  PROJECT_NAME: DeepAudit
+  SECRET_KEY: ${SECRET_KEY}
+  ALGORITHM: ${ALGORITHM:-HS256}
+  # 数据库
+  POSTGRES_SERVER: ${POSTGRES_SERVER:-db}
+  POSTGRES_USER: ${POSTGRES_USER:-postgres}
+  POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-postgres}
+  POSTGRES_DB: ${POSTGRES_DB:-deepaudit}
+  # LLM
+  LLM_PROVIDER: ${LLM_PROVIDER:-openai}
+  LLM_MODEL: ${LLM_MODEL:-qwen3-coder-flash}
+  LLM_API_KEY: ${LLM_API_KEY}
+  LLM_BASE_URL: ${LLM_BASE_URL}
+  LLM_TIMEOUT: ${LLM_TIMEOUT:-300}
+  LLM_TEMPERATURE: ${LLM_TEMPERATURE:-0.7}
+  LLM_MAX_TOKENS: ${LLM_MAX_TOKENS:-32768}
+  LLM_CONCURRENCY: ${LLM_CONCURRENCY:-20}
+  LLM_GAP_MS: ${LLM_GAP_MS:-0}
+  # LLM 各平台独立配置
+  OPENAI_API_KEY: ${OPENAI_API_KEY}
+  OPENAI_BASE_URL: ${OPENAI_BASE_URL}
+  GEMINI_API_KEY: ${GEMINI_API_KEY}
+  CLAUDE_API_KEY: ${CLAUDE_API_KEY}
+  QWEN_API_KEY: ${QWEN_API_KEY}
+  DEEPSEEK_API_KEY: ${DEEPSEEK_API_KEY}
+  ZHIPU_API_KEY: ${ZHIPU_API_KEY}
+  MOONSHOT_API_KEY: ${MOONSHOT_API_KEY}
+  BAIDU_API_KEY: ${BAIDU_API_KEY}
+  MINIMAX_API_KEY: ${MINIMAX_API_KEY}
+  DOUBAO_API_KEY: ${DOUBAO_API_KEY}
+  OLLAMA_BASE_URL: ${OLLAMA_BASE_URL}
+  # Agent & Redis
+  AGENT_ENABLED: ${AGENT_ENABLED:-true}
+  AGENT_MAX_ITERATIONS: ${AGENT_MAX_ITERATIONS:-5}
+  AGENT_TIMEOUT: ${AGENT_TIMEOUT:-1800}
+  REDIS_URL: ${REDIS_URL:-redis://redis:6379/0}
+  # Embedding
+  EMBEDDING_PROVIDER: ${EMBEDDING_PROVIDER:-openai}
+  EMBEDDING_MODEL: ${EMBEDDING_MODEL:-text-embedding-v4}
+  EMBEDDING_DIMENSION: ${EMBEDDING_DIMENSION:-1024}
+  EMBEDDING_API_KEY: ${EMBEDDING_API_KEY}
+  EMBEDDING_BASE_URL: ${EMBEDDING_BASE_URL}
+  # 向量数据库
+  VECTOR_DB_TYPE: ${VECTOR_DB_TYPE:-chroma}
+  CHROMA_PERSIST_DIRECTORY: ${CHROMA_PERSIST_DIRECTORY:-./data/chroma}
+  # Gitea
+  GITEA_HOST_URL: ${GITEA_HOST_URL}
+  GITEA_TOKEN: ${GITEA_TOKEN}
+  GITEA_BOT_TOKEN: ${GITEA_BOT_TOKEN}
+  GITEA_WEBHOOK_SECRET: ${GITEA_WEBHOOK_SECRET}
+  # 沙箱
+  SANDBOX_MEMORY_LIMIT: ${SANDBOX_MEMORY_LIMIT:-512m}
+  SANDBOX_CPU_LIMIT: ${SANDBOX_CPU_LIMIT:-1.0}
+  SANDBOX_TIMEOUT: ${SANDBOX_TIMEOUT:-30}
 
 services:
   # =============================================
@@ -16,9 +72,9 @@ services:
     volumes:
       - postgres_data:/var/lib/postgresql/data
     environment:
-      - POSTGRES_USER=postgres
-      - POSTGRES_PASSWORD=postgres
-      - POSTGRES_DB=deepaudit
+      POSTGRES_USER: ${POSTGRES_USER:-postgres}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-postgres}
+      POSTGRES_DB: ${POSTGRES_DB:-deepaudit}
     ports:
       - "5432:5432"
     healthcheck:
@@ -38,7 +94,6 @@ services:
     extra_hosts:
       - "host.docker.internal:host-gateway"
     volumes:
-      - ./backend/app:/app/app:ro # 挂载代码目录，修改后自动生效
       - backend_uploads:/app/uploads
       - chroma_data:/app/data/vector_db
       - ci_workspace:/app/data/ci_workspace
@@ -47,28 +102,18 @@ services:
     ports:
       - "8000:8000"
     env_file:
-      - ./backend/.env
+      - .env
     environment:
-      - DATABASE_URL=postgresql+asyncpg://postgres:postgres@db:5432/deepaudit
-      - REDIS_URL=redis://redis:6379/0
-      - AGENT_ENABLED=true
-      - SANDBOX_ENABLED=true
-      - SANDBOX_IMAGE=code-review:sandbox # 使用本地构建的沙箱镜像
-      # 指定 embedding 服务地址
-      - EMBEDDING_PROVIDER=openai
-      - EMBEDDING_MODEL=text-embedding-v4
-      - EMBEDDING_DIMENSION=1024
-      - EMBEDDING_BASE_URL=https://dashscope.aliyuncs.com/compatible-mode/v1
-      # Gitea 配置
-      - GITEA_HOST_URL=http://sl.vrgon.com:3000
-      - GITEA_BOT_TOKEN=379a049b8d78965fdff474fc8676bca7e9c70248
+      <<: *shared-env
+      DATABASE_URL: postgresql+asyncpg://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-postgres}@db:5432/${POSTGRES_DB:-deepaudit}
+      SANDBOX_ENABLED: ${SANDBOX_ENABLED:-true}
+      SANDBOX_IMAGE: ${SANDBOX_IMAGE:-deepaudit/sandbox:latest}
+      OUTPUT_LANGUAGE: ${OUTPUT_LANGUAGE:-zh-CN}
     depends_on:
       db:
         condition: service_healthy
       redis:
         condition: service_healthy
-    # 开发模式下，可以启用 --reload 热重载
-    command: sh -c ".venv/bin/alembic upgrade head && .venv/bin/uvicorn app.main:app --host 0.0.0.0 --port 8000"
     networks:
       - deepaudit-network
 
@@ -83,7 +128,8 @@ services:
     ports:
       - "83:80" # Nginx 监听 80 端口
     environment:
-      - VITE_API_BASE_URL=/api/v1
+      VITE_API_BASE_URL: ${VITE_API_BASE_URL:-/api/v1}
+      VITE_APP_ID: ${VITE_APP_ID:-deepaudit}
     depends_on:
       - backend
     networks:
@@ -93,12 +139,11 @@ services:
   # Agent 服务必须组件
   # =============================================
 
-  # Redis (Agent 任务队列 - 必须)
   redis:
     image: redis:7-alpine
     restart: unless-stopped
     ports:
-      - "6379:6379"
+      - "${REDIS_PORT:-6379}:6379"
     volumes:
       - redis_data:/data
     healthcheck:
diff --git a/frontend/.env.bak b/frontend/.env.bak
deleted file mode 100644
index cc384f0..0000000
--- a/frontend/.env.bak
+++ /dev/null
@@ -1,4 +0,0 @@
-# 核心 API 配置 (必填)
-VITE_API_BASE_URL=/api/v1
-# 应用标识 (可选)
-VITE_APP_ID=deepaudit
\ No newline at end of file