[server]
host = "0.0.0.0"
port = 3000

[database]
url = "__MUST_SET_VIA_ENV__"
max_connections = 20
min_connections = 5

[redis]
url = "__MUST_SET_VIA_ENV__"

[jwt]
secret = "__MUST_SET_VIA_ENV__"
access_token_ttl = "15m"
refresh_token_ttl = "7d"

[auth]
super_admin_password = "__MUST_SET_VIA_ENV__"

[log]
level = "info"

[cors]
# Comma-separated allowed origins. Use "*" for development only.
allowed_origins = "http://localhost:5173,http://localhost:5174,http://localhost:5175,http://localhost:5176,http://localhost:3000"

[wechat]
appid = "__MUST_SET_VIA_ENV__"
secret = "__MUST_SET_VIA_ENV__"
# dev_mode = true 跳过 jscode2session，允许微信开发者工具模拟器登录
# 生产环境必须为 false（默认）
dev_mode = false

[health]
aes_key = "__MUST_SET_VIA_ENV__"
hmac_key = "__MUST_SET_VIA_ENV__"

[crypto]
kek = "__MUST_SET_VIA_ENV__"

[ai]
default_provider = "claude"
# AI API 密钥。留空则禁用 AI 功能；生产环境必须通过 ERP__AI__API_KEY 设置。
api_key = ""
model = "claude-sonnet-4-6"
max_tokens = 2048
temperature = 0.3
cache_ttl_seconds = 604800
rate_limit_patient_daily = 10

[storage]
upload_dir = "./uploads"
max_file_size = "10MB"

[rate_limit]
# Redis 不可达时是否拒绝请求。生产环境必须设置为 true。
# 可通过 ERP__RATE_LIMIT__FAIL_CLOSE=true 环境变量覆盖。
fail_close = false