APP_NAME="ESGCast"
APP_ENV=local
APP_KEY=base64:YiNqjWsOVazVmLjsWFVAjn6sNX9ooKGNJSMt/RtJSX0=
APP_DEBUG=false
APP_URL=http://localhost:8000
APP_DOMAIN=localhost
CORS_ALLOWED_ORIGINS=http://localhost:3000,http://localhost:8000,http://127.0.0.1:8000,http://127.0.0.1:3000

APP_LOCALE=en
APP_FALLBACK_LOCALE=en
APP_FAKER_LOCALE=en_US

# Multi-server safe: cache driver allows coordinated maintenance across all nodes
APP_MAINTENANCE_DRIVER=file
APP_MAINTENANCE_STORE=file

PHP_CLI_SERVER_WORKERS=4

BCRYPT_ROUNDS=12

# --- Logging: daily rotation prevents unbounded log growth ---
LOG_CHANNEL=stack
LOG_STACK=daily
LOG_STACK_CHANNELS=daily
LOG_DEPRECATIONS_CHANNEL=null
LOG_LEVEL=error
LOG_DAILY_DAYS=14

# --- Database (MySQL required for production) ---
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=esg
DB_USERNAME=root
DB_PASSWORD=

# Increase memory limit for local development (PHP built-in server doesn't free memory well)
MEMORY_LIMIT=1024M
DB_CHARSET=utf8mb4
DB_COLLATION=utf8mb4_unicode_ci
# Read replica (uncomment when available — zero code changes needed)
# DB_READ_HOST=read-replica.your-rds.amazonaws.com

# --- Session: file driver for local (Redis recommended for prod) ---
SESSION_DRIVER=file
SESSION_LIFETIME=120
SESSION_ENCRYPT=true
SESSION_PATH=/
SESSION_DOMAIN=null
SESSION_CONNECTION=sessions

# --- Performance: file/sync for local (Redis recommended for prod) ---
QUEUE_CONNECTION=sync
# Laravel reads CACHE_DRIVER in config/cache.php (not CACHE_STORE)
CACHE_DRIVER=file
CACHE_PREFIX=esg_

# --- Redis: use predis client (pure PHP, no extension required) ---
# To use phpredis extension instead: set REDIS_CLIENT=phpredis and install ext-redis
REDIS_CLIENT=predis
REDIS_HOST=127.0.0.1
# REQUIRED in production — Redis without auth is a critical security risk
REDIS_PASSWORD=CHANGE_ME_STRONG_REDIS_PASSWORD_USE_OPENSSL_RAND_HEX_32
REDIS_PORT=6379
REDIS_PERSISTENT=true

# Dedicated Redis databases (isolates cache/session/queue/horizon data)
REDIS_DB=0
REDIS_CACHE_DB=1
REDIS_SESSION_DB=2
REDIS_QUEUE_DB=3
REDIS_HORIZON_DB=4

# Redis queue connection alias
REDIS_QUEUE=default
REDIS_QUEUE_CONNECTION=queue
REDIS_CACHE_CONNECTION=cache

BROADCAST_CONNECTION=pusher
FILESYSTEM_DISK=local
# For multi-server deployments switch to S3 (requires: composer require league/flysystem-aws-s3-v3):
# FILESYSTEM_DISK=s3

MEMCACHED_HOST=127.0.0.1

# --- Horizon queue dashboard ---
HORIZON_DARK_MODE=false

# Dev tools (MUST be false in production — only loaded in require-dev)
DEBUGBAR_ENABLED=false
QUERY_DETECTOR_ENABLED=false
# Spatie Ray — disabled (no Ray.app installed locally; otherwise hangs every request)
RAY_ENABLED=false
SEND_LOG_CALLS_TO_RAY=false
SEND_DUMPS_TO_RAY=false

# --- Mail ---
MAIL_MAILER=smtp
MAIL_SCHEME=tls
MAIL_HOST=smtp.mailgun.org
MAIL_PORT=587
MAIL_USERNAME=
MAIL_PASSWORD=
MAIL_FROM_ADDRESS="noreply@yourdomain.com"
MAIL_FROM_NAME="${APP_NAME}"

# --- AWS (required for S3 file storage and SES mail) ---
AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_DEFAULT_REGION=us-east-1
AWS_USE_PATH_STYLE_ENDPOINT=false

# --- Stripe ---
STRIPE_SECRET=
STRIPE_WEBHOOK_SECRET=
STRIPE_CURRENCY=USD

# --- PayPal ---
PAYPAL_CLIENT_ID=
PAYPAL_SECRET=
PAYPAL_WEBHOOK_ID=
PAYPAL_MODE=live
PAYPAL_CURRENCY=USD

# --- Ethereum / Blockchain ---
ETHEREUM_ENABLED=false
ETHEREUM_NETWORK=mainnet
ETHEREUM_RPC_URL=
ETHEREUM_CHAIN_ID=1
ETHEREUM_CONTRACT_ADDRESS=
ETHEREUM_PRIVATE_KEY=
ETHEREUM_WALLET_ADDRESS=
ETHEREUM_USE_NODE_SIGNING=false
ETHEREUM_GAS_LIMIT=3000000
ETHEREUM_GAS_PRICE=20000000000

VITE_APP_NAME="${APP_NAME}"

# --- AI Providers ---
# CodaNova — unified AI router (OpenRouter-backed, cost-optimized)
CODANOVA_API_KEY=
CODANOVA_ENABLED=true
CODANOVA_MODEL=google/gemini-2.0-flash-001
CODANOVA_ENDPOINT=https://openrouter.ai/api/v1
CODANOVA_MAX_TOKENS=4096
CODANOVA_TEMPERATURE=0.7
CODANOVA_TIMEOUT=120

# DeepInfra (fallback AI provider)
DEEPINFRA_ENABLED=false
DEEPINFRA_API_KEY=
DEEPINFRA_MODEL=meta-llama/Meta-Llama-3.1-70B-Instruct

# AI Service Manager
AI_DEFAULT_PROVIDER=codanova
AI_FALLBACK_ENABLED=true
AI_FALLBACK_PROVIDERS=gemini,deepinfra,openai,anthropic,mistral

# --- External service endpoints ---
# EEM (Egyptian Environment Ministry)
EEM_BASE_URL=https://api.eem.gov.eg
EEM_API_TIMEOUT=300

# Local AI (Ollama) — only needed if running local inference
# OLLAMA_HOST=http://localhost:11434
# LOCAL_AI_HOST=http://localhost:8080
# ML_SERVICE_URL=http://localhost:8000/api/v1

# N8N workflow automation
# N8N_URL=http://localhost:5678
# N8N_API_KEY=

# IPFS (blockchain document storage)
# IPFS_API_URL=http://localhost:5001/api/v0/

# --- Security ---
# Health check endpoint secret (set to a long random string in production)
# Generate with: openssl rand -hex 16
HEALTH_CHECK_SECRET=CHANGE_ME_RANDOM_32CHAR_SECRET

# Error Tracking (Sentry)
SENTRY_LARAVEL_DSN=
SENTRY_TRACES_SAMPLE_RATE=0.1
SENTRY_PROFILES_SAMPLE_RATE=0.1

# Content Security Policy
CSP_ENABLED=true
CSP_REPORT_ONLY=false
CSP_REPORT_URI=

# --- Feature Flags ---
FEATURE_ML_PREDICTIONS=false
FEATURE_CBAM=true
FEATURE_CSRD_ESRS=true
FEATURE_EU_TAXONOMY=true
FEATURE_IFRS_S2=true
FEATURE_SUPPLIER_PORTAL=true
FEATURE_ANOMALY_DETECTION=true
FEATURE_IOT=false
FEATURE_SMART_BUILDINGS=false
FEATURE_CDP_AUTOFILL=false
FEATURE_WIZARDS_V2=true
FEATURE_AI_COPILOT=true
FEATURE_DOUBLE_MATERIALITY=true

# S3 / File Storage (required for multi-server deployments)
AWS_BUCKET=esg-lumina-uploads

# Pusher (required for realtime: anomaly alerts, workflow notifications)
PUSHER_APP_ID=
PUSHER_APP_KEY=
PUSHER_APP_SECRET=
PUSHER_APP_CLUSTER=mt1
PUSHER_HOST=
PUSHER_PORT=443
PUSHER_SCHEME=https

# Session security (MUST be true in production, false for local HTTP)
# Local development: false (allows HTTP)
# Production: MUST be true (requires HTTPS)
SESSION_SECURE_COOKIE=false

