# === Postgres ===
DATABASE_URL=postgres://USER:PASS@192.168.0.210:5432/whatsapp_bot_dev

# === App data paths (inside containers) ===
DATA_DIR=/data
SESSIONS_DIR=/data/sessions
MEDIA_DIR=/data/media

# === Bot service ===
BOT_HEALTH_PORT=8081
BOT_LOG_LEVEL=info

# Reminder fan-out tuning. Defaults aim for an established WhatsApp
# account (~30-60 msg/min safe band). Bump cautiously.
#   BOT_FIRE_CONCURRENCY     pg-boss workers; max accounts firing in parallel.
#   BOT_GROUP_CONCURRENCY    per-account parallel group sends; parts within a
#                            group stay serial.
#   BOT_MAX_SEND_PER_MINUTE  per-account token-bucket rate.
BOT_FIRE_CONCURRENCY=8
BOT_GROUP_CONCURRENCY=3
BOT_MAX_SEND_PER_MINUTE=40

# === Seed (used by scripts/db.sh seed) ===
# The bootstrap operator's username. After seed, set their password
# via:  echo 'change-me-now' | scripts/set-password.sh admin
SEED_OPERATOR_USERNAME=admin
SEED_OPERATOR_NAME=Operator

# === Web / Auth ===
# Port the Next.js container exposes on the host. Production deployment
# (wabot.04080616.xyz) uses 8100; dev/staging (test.04080616.xyz) uses 9000.
WEB_PORT=9000

# 32-byte secret used to derive the AES-256-GCM key for session cookies.
# DO NOT leave blank — the web container will refuse to issue cookies.
# Generate via: scripts/gen_auth_secret.sh --write
AUTH_SECRET=

# Bumping this invalidates every outstanding session cookie globally on
# the next request. Treat it as a kill switch (e.g. after a key leak)
# rather than a routine value.
OPERATOR_TOKEN_VERSION=1

# === Docker Registry (used by scripts/publish.sh) ===
# Tag pushed alongside latest. Override with the CLI arg or
# DOCKER_IMAGE_TAG=v1.2.3 scripts/publish.sh.
DOCKER_IMAGE_TAG=latest
# Buildx target platforms. linux/amd64 is the prod host arch; add
# linux/arm64 if you cross-build for an Apple-silicon runner.
CM_IMAGE_PLATFORMS=linux/amd64