# =============================================================================
# Unla MCP Gateway Configuration Example
# Copy this file to .env and fill in your actual values
# =============================================================================

# =============================================================================
# LOGGING CONFIGURATION
# =============================================================================

# API Server Logger Configuration
# Level options: debug, info, warn, error
APISERVER_LOGGER_LEVEL=info
# Format options: json, console
APISERVER_LOGGER_FORMAT=json
# Output options: stdout, file
APISERVER_LOGGER_OUTPUT=stdout
APISERVER_LOGGER_FILE_PATH=/var/log/unla/apiserver.log
# Log file size in MB before rotation
APISERVER_LOGGER_MAX_SIZE=100
# Number of backup log files to keep
APISERVER_LOGGER_MAX_BACKUPS=3
# Maximum age of backup files in days
APISERVER_LOGGER_MAX_AGE=7
# Whether to compress rotated log files
APISERVER_LOGGER_COMPRESS=true
# Enable colored output for console format
APISERVER_LOGGER_COLOR=false
# Include stacktrace in error logs
APISERVER_LOGGER_STACKTRACE=true

# MCP Gateway Logger Configuration
# Level options: debug, info, warn, error
LOGGER_LEVEL=info
# Format options: json, console
LOGGER_FORMAT=json
# Output options: stdout, file
LOGGER_OUTPUT=stdout
LOGGER_FILE_PATH=/var/log/unla/mcp-gateway.log
# Log file size in MB before rotation
LOGGER_MAX_SIZE=100
# Number of backup log files to keep
LOGGER_MAX_BACKUPS=3
# Maximum age of backup files in days
LOGGER_MAX_AGE=7
# Whether to compress rotated log files
LOGGER_COMPRESS=true
# Enable colored output for console format
LOGGER_COLOR=false
# Include stacktrace in error logs
LOGGER_STACKTRACE=true

# =============================================================================
# DATABASE CONFIGURATION
# =============================================================================

# API Server Database Configuration
# Database type options: sqlite, mysql, postgres
APISERVER_DB_TYPE=sqlite
APISERVER_DB_HOST=localhost
APISERVER_DB_PORT=5432
APISERVER_DB_USER=
APISERVER_DB_PASSWORD=
# For SQLite: file path (e.g., ./data/unla.db)
# For MySQL/PostgreSQL: database name
APISERVER_DB_NAME=./data/unla.db
# SSL mode for PostgreSQL: disable, require, verify-ca, verify-full
APISERVER_DB_SSL_MODE=disable

# =============================================================================
# GATEWAY STORAGE CONFIGURATION
# =============================================================================

# Storage type options: db, api
GATEWAY_STORAGE_TYPE=db
# Number of configuration versions to keep for rollback
GATEWAY_STORAGE_REVISION_HISTORY_LIMIT=10

# Gateway Database Configuration (when GATEWAY_STORAGE_TYPE=db)
# Database type options: sqlite, mysql, postgres
GATEWAY_DB_TYPE=sqlite
GATEWAY_DB_HOST=localhost
GATEWAY_DB_PORT=5432
GATEWAY_DB_USER=
GATEWAY_DB_PASSWORD=
# For SQLite: file path (e.g., ./data/unla.db)
# For MySQL/PostgreSQL: database name
GATEWAY_DB_NAME=./data/unla.db
# SSL mode for PostgreSQL: disable, require, verify-ca, verify-full
GATEWAY_DB_SSL_MODE=disable

# API Storage Configuration (when GATEWAY_STORAGE_TYPE=api)
GATEWAY_STORAGE_API_URL=
GATEWAY_STORAGE_API_CONFIG_JSON_PATH=
GATEWAY_STORAGE_API_TIMEOUT=5s

# =============================================================================
# NOTIFICATION SYSTEM
# =============================================================================

# API Server Notifier Configuration (sends reload signals to gateway)
# Role: sender (API server) or receiver (gateway)
APISERVER_NOTIFIER_ROLE=sender
# Type options: signal, api, redis, composite
APISERVER_NOTIFIER_TYPE=signal

# Signal-based notification (Linux/Unix systems)
APISERVER_NOTIFIER_SIGNAL=SIGHUP
APISERVER_NOTIFIER_SIGNAL_PID=/var/run/mcp-gateway.pid

# HTTP API-based notification
APISERVER_NOTIFIER_API_PORT=5335
APISERVER_NOTIFIER_API_TARGET_URL=http://localhost:5335/_reload

# Redis-based notification (for distributed deployments)
APISERVER_NOTIFIER_REDIS_ADDR=localhost:6379
APISERVER_NOTIFIER_REDIS_PASSWORD=UseStrongPasswordIsAGoodPractice
APISERVER_NOTIFIER_REDIS_DB=0
APISERVER_NOTIFIER_REDIS_TOPIC=mcp-gateway:reload

# Gateway Notifier Configuration (receives reload signals)
# Role: sender (API server) or receiver (gateway)
NOTIFIER_ROLE=receiver
# Type options: signal, api, redis, composite
NOTIFIER_TYPE=signal

# Signal-based notification (Linux/Unix systems)
NOTIFIER_SIGNAL=SIGHUP
NOTIFIER_SIGNAL_PID=/var/run/mcp-gateway.pid

# HTTP API-based notification
NOTIFIER_API_PORT=5335
NOTIFIER_API_TARGET_URL=http://localhost:5335/_reload

# Redis-based notification (for distributed deployments)
NOTIFIER_REDIS_ADDR=localhost:6379
NOTIFIER_REDIS_USERNAME=
NOTIFIER_REDIS_PASSWORD=UseStrongPasswordIsAGoodPractice
NOTIFIER_REDIS_DB=0
NOTIFIER_REDIS_TOPIC=mcp-gateway:reload

# =============================================================================
# SESSION STORAGE
# =============================================================================

# Session storage type options: memory, redis
# Use 'memory' for single-instance deployments
# Use 'redis' for distributed/clustered deployments
SESSION_STORAGE_TYPE=memory

# Redis Session Storage Configuration (when SESSION_STORAGE_TYPE=redis)
SESSION_REDIS_ADDR=localhost:6379
SESSION_REDIS_USERNAME=
SESSION_REDIS_PASSWORD=
SESSION_REDIS_DB=0
SESSION_REDIS_TOPIC=mcp-gateway:session
SESSION_REDIS_PREFIX=
# Session TTL (time to live) - examples: 1h, 24h, 7d
SESSION_REDIS_TTL=24h

# =============================================================================
# MCP GATEWAY CONFIGURATION
# =============================================================================

# Process ID file for the MCP gateway service
MCP_GATEWAY_PID=/var/run/mcp-gateway.pid
# Port for MCP gateway service
MCP_GATEWAY_PORT=5235
# Interval for automatic configuration reload checks
MCP_GATEWAY_RELOAD_INTERVAL=600s
# Enable/disable automatic configuration reloading
MCP_GATEWAY_RELOAD_SWITCH=true

# =============================================================================
# FORWARD HEADERS CONFIGURATION
# =============================================================================

# Enable forward headers functionality (default: false for backward compatibility)
FORWARD_ENABLED=false

# Key name for forward headers in MCP tool arguments
# This is the parameter name that tools will use to pass headers to be forwarded
FORWARD_MCP_ARG_KEY_FOR_HEADER=__forwardHeaders

# Comma-separated list of headers to allow (empty means allow all)
FORWARD_ALLOW_HEADERS=

# Comma-separated list of headers to ignore during forwarding
# These headers will be filtered out and not forwarded to downstream services
FORWARD_IGNORE_HEADERS=Accept, Accept-Encoding, Accept-Language, Host, Cookie, Connection, User-Agent, Content-Length, Content-Type

# Case insensitive header matching (default: true)
FORWARD_HEADER_CASE_INSENSITIVE=true

# Override existing headers instead of adding to them (default: false)
FORWARD_HEADER_OVERRIDE_EXISTING=false

# =============================================================================
# WEB INTERFACE CONFIGURATION
# =============================================================================

# Frontend API endpoints configuration
# Base URL for API requests from the web interface
VITE_API_BASE_URL=/api
# Base URL for WebSocket connections
VITE_WS_BASE_URL=/api/ws
# Base URL for MCP Gateway proxy requests
VITE_MCP_GATEWAY_BASE_URL=/gateway
VITE_DIRECT_MCP_GATEWAY_MODIFIER=:5235
# Base URL for the web application
VITE_BASE_URL=/
# Enable debug mode for additional logging and development features
DEBUG_MODE=false
# Enable experimental features that may be unstable
ENABLE_EXPERIMENTAL=false
# Restrict LLM configuration access to admin users only (true/false)
LLM_CONFIG_ADMIN_ONLY=false

# =============================================================================
# AUTHENTICATION & SECURITY
# =============================================================================

# JWT Configuration
# IMPORTANT: Change this secret key in production! Use a secure random string
APISERVER_JWT_SECRET_KEY=changeme-please-generate-a-random-secret
# JWT token expiration time - examples: 1h, 24h, 7d
APISERVER_JWT_DURATION=24h

# Super Admin Account (initial admin user)
# IMPORTANT: Change these credentials after first setup
SUPER_ADMIN_USERNAME=admin
SUPER_ADMIN_PASSWORD=changeme-please-use-a-secure-password

# =============================================================================
# OAUTH2 CONFIGURATION
# =============================================================================

# OAuth2 issuer URL for token validation
OAUTH2_ISSUER=https://github.com/amoylab/unla

# OAuth2 storage type options: memory, redis
# Use 'memory' for single-instance deployments
# Use 'redis' for distributed/clustered deployments
OAUTH2_STORAGE_TYPE=memory

# Redis OAuth2 Storage Configuration (when OAUTH2_STORAGE_TYPE=redis)
OAUTH2_REDIS_ADDR=localhost:6379
OAUTH2_REDIS_PASSWORD=
OAUTH2_REDIS_DB=0

# =============================================================================
# INTERNATIONALIZATION
# =============================================================================

# Path to translation files for multi-language support
APISERVER_I18N_PATH=/etc/unla/i18n

# =============================================================================
# EXTERNAL OAUTH PROVIDERS
# =============================================================================

# Google OAuth Configuration
# Get these from Google Cloud Console: https://console.cloud.google.com/
# 1. Create a new project or select existing one
# 2. Enable Google+ API
# 3. Create OAuth 2.0 credentials
# 4. Add authorized redirect URIs: http://localhost:5234/api/auth/oauth/google/callback
GOOGLE_OAUTH_CLIENT_ID=
GOOGLE_OAUTH_CLIENT_SECRET=
GOOGLE_OAUTH_REDIRECT_URI=http://localhost:5234/api/auth/oauth/google/callback

# GitHub OAuth Configuration
# Get these from GitHub Settings: https://github.com/settings/developers
# 1. Register a new OAuth App
# 2. Set Authorization callback URL: http://localhost:5234/api/auth/oauth/github/callback
GITHUB_OAUTH_CLIENT_ID=
GITHUB_OAUTH_CLIENT_SECRET=
GITHUB_OAUTH_REDIRECT_URI=http://localhost:5234/api/auth/oauth/github/callback

# =============================================================================
# MISCELLANEOUS
# =============================================================================

# System timezone setting
TZ=UTC