# Security Environment Configuration
# Copy this to .env and fill in the values

# Critical: Set these in production
LIFERPG_JWT_SECRET=your_super_secure_jwt_secret_here_minimum_64_chars_long
ENVIRONMENT=production

# Database Configuration
DATABASE_URL=postgresql+psycopg2://liferpg_user:your_secure_password@localhost:5432/liferpg_production
DB_USER=liferpg_user
DB_PASSWORD=your_secure_database_password_here
DB_NAME=liferpg_production
DB_PORT=5432

# Redis Configuration  
REDIS_URL=redis://:your_secure_redis_password@localhost:6379/0
REDIS_PASSWORD=your_secure_redis_password_here
REDIS_PORT=6379

# Application Configuration
FRONTEND_ORIGIN=https://yourdomain.com
BACKEND_PORT=8000
FRONTEND_PORT=5173

# Security Settings
COOKIE_SECURE=true
COOKIE_SAMESITE=strict
CSRF_ENABLE=true
FORCE_HTTPS=true

# Encryption Key (generate with: python -c "import secrets; print(secrets.token_urlsafe(32))")
ENCRYPTION_KEY=your_encryption_key_here

# Google OAuth (if used)
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=
GOOGLE_REDIRECT_URI=https://yourdomain.com/api/v1/oauth/google/callback

# Email Configuration
LIFERPG_EMAIL_TRANSPORT=smtp # console|smtp|disabled
SMTP_HOST=your_smtp_host
SMTP_PORT=587
SMTP_USERNAME=your_smtp_username
SMTP_PASSWORD=your_smtp_password
SMTP_USE_TLS=true
SMTP_FROM=noreply@yourdomain.com

# Rate Limiting
RATE_LIMIT_PER_MINUTE=60

# Logging
LOG_LEVEL=INFO
LOG_FORMAT=json

# Health Check
HEALTH_CHECK_TOKEN=your_health_check_token

# Sync orchestration
SYNC_MAX_CONCURRENCY_PER_PROVIDER=4
# Optional per-provider caps as JSON mapping
# SYNC_PROVIDER_CAPS={"todoist":2,"github":3}