NODE_ENV=development
PORT=3000
DATABASE_URL=file:./data/medassist.db
CORS_ORIGINS=http://localhost:4173,http://localhost:5173
LOG_LEVEL=info

# Auth (use strong secrets; min 10 chars required)
JWT_SECRET=change-me-now-with-stronger-secret
REFRESH_SECRET=change-me-refresh-strong-secret
COOKIE_SECRET=change-me-cookie-strong-secret
CSRF_SECRET=change-me-csrf-strong-secret
ACCESS_TOKEN_TTL_MIN=15
REFRESH_TOKEN_TTL_DAYS=14

# SMTP (optional)
SMTP_HOST=
SMTP_PORT=587
SMTP_USER=
SMTP_PASS=
SMTP_FROM=
SMTP_SECURE=false

# Planner limits
EMAILS_PER_DAY=3

# Container registry (used by scripts/push-images.sh)
REGISTRY_HOST=git.danielvolz.org
REGISTRY_TOKEN=
REGISTRY_USER=  # optional; defaults to token if empty
PROJECT_PATH=daniel/medassist
# IMAGE_TAG can stay empty; override via -v flag