# Runtime Environment
ENVIRONMENT=production

# Gitea Configuration
GITEA_URL=https://gitea.example.com
GITEA_TOKEN=your-bot-user-token-here

# MCP Server Configuration
# Secure default: bind only localhost unless explicitly overridden.
MCP_HOST=127.0.0.1
MCP_PORT=8080
ALLOW_INSECURE_BIND=false

# Authentication Configuration (REQUIRED unless AUTH_ENABLED=false)
AUTH_ENABLED=true
MCP_API_KEYS=your-generated-api-key-here
# MCP_API_KEYS=key1,key2,key3

# Authentication failure controls
MAX_AUTH_FAILURES=5
AUTH_FAILURE_WINDOW=300

# Request rate limiting
RATE_LIMIT_PER_MINUTE=60
TOKEN_RATE_LIMIT_PER_MINUTE=120

# Logging / observability
LOG_LEVEL=INFO
AUDIT_LOG_PATH=/var/log/aegis-mcp/audit.log
METRICS_ENABLED=true
EXPOSE_ERROR_DETAILS=false

# Tool output limits
MAX_FILE_SIZE_BYTES=1048576
MAX_TOOL_RESPONSE_ITEMS=200
MAX_TOOL_RESPONSE_CHARS=20000
REQUEST_TIMEOUT_SECONDS=30

# Security controls
SECRET_DETECTION_MODE=mask  # off|mask|block
POLICY_FILE_PATH=policy.yaml

# Write mode (disabled by default)
WRITE_MODE=false
WRITE_REPOSITORY_WHITELIST=

# Automation mode (disabled by default)
AUTOMATION_ENABLED=false
AUTOMATION_SCHEDULER_ENABLED=false
AUTOMATION_STALE_DAYS=30