[server]
host = "0.0.0.0"
port = 3000

[database]
url = "__MUST_SET_VIA_ENV__"
max_connections = 20
min_connections = 5

[redis]
url = "__MUST_SET_VIA_ENV__"

[jwt]
secret = "__MUST_SET_VIA_ENV__"
access_token_ttl = "15m"
refresh_token_ttl = "7d"

[auth]
super_admin_password = "__MUST_SET_VIA_ENV__"

[log]
level = "info"

[cors]
# Comma-separated allowed origins. Use "*" for development only.
allowed_origins = "http://localhost:5173,http://localhost:5174,http://localhost:5175,http://localhost:5176,http://localhost:3000"

[wechat]
appid = "__MUST_SET_VIA_ENV__"
secret = "__MUST_SET_VIA_ENV__"
# dev_mode = true 跳过 jscode2session，允许微信开发者工具模拟器登录
# 生产环境必须为 false（默认）
dev_mode = false

[health]
aes_key = "__MUST_SET_VIA_ENV__"
hmac_key = "__MUST_SET_VIA_ENV__"

[crypto]
kek = "__MUST_SET_VIA_ENV__"

[ai]
default_provider = "ollama"
# AI API 密钥。留空则禁用 AI 功能；生产环境必须通过 ERP__AI__API_KEY 设置。
api_key = ""
model = "qwen3:4b"
max_tokens = 2048
temperature = 0.3
cache_ttl_seconds = 604800
rate_limit_patient_daily = 10

[ai.providers.ollama]
provider_type = "ollama"
base_url = "http://localhost:11434"
default_model = "qwen3:4b"
max_tokens = 2048
temperature = 0.3
is_enabled = true

[storage]
upload_dir = "./uploads"
max_file_size = "10MB"
# 签名 URL 密钥（生产环境必须通过 ERP__STORAGE__SECRET_KEY 环境变量设置）
secret_key = "dev-only-secret-key-change-in-production"

[rate_limit]
# Redis 不可达时是否拒绝请求（fail-close）。默认 true = 安全优先。
# 开发环境可设为 false 以避免 Redis 依赖：ERP__RATE_LIMIT__FAIL_CLOSE=false
fail_close = true