# CSM Server Configuration Template
# Copy this file to config.toml and edit before starting the server.

[server]
# HTTP API + WebSocket listener (also serves the web UI)
http_addr = "0.0.0.0:9998"
# TCP listener for client agent connections
tcp_addr = "0.0.0.0:9999"
# CORS origins (empty = same-origin only; set to ["http://localhost:9997"] for dev proxy)
cors_origins = []

# [server.tls]  # Uncomment to enable TLS on the TCP listener
# cert_path = "cert.pem"
# key_path = "key.pem"

[database]
# SQLite database path (relative to working directory)
path = "./csm.db"

[auth]
# JWT signing secret. Leave empty to auto-generate on first run.
# Override with CSM_JWT_SECRET environment variable.
jwt_secret = ""
access_token_ttl_secs = 1800    # 30 minutes
refresh_token_ttl_secs = 604800  # 7 days

# Device registration token. Leave empty to auto-generate on first run.
# Override with CSM_REGISTRATION_TOKEN environment variable.
# Clients must present this token when registering.
registration_token = ""

[retention]
# Data retention periods in days
status_history_days = 7
usb_events_days = 90
asset_changes_days = 365
alert_records_days = 90
audit_log_days = 365

# [notify]  # Uncomment to enable notifications
# [notify.smtp]
# host = "smtp.example.com"
# port = 587
# username = "user@example.com"
# password = "secret"
# from = "csm@example.com"
# webhook_urls = []