# Path to SQLite database (file: URL for Prisma)
DATABASE_URL="file:./data/app.db"

# Directory for uploaded files (STEP, PDF, DXF, SVG, images)
UPLOAD_DIR="./data/uploads"

# Public URL where this app is reachable (used in QR code payloads)
# In production set to your subdomain, e.g. https://mrp.example.com
APP_URL="http://localhost:3000"

# Secret used to sign session cookies and QR tokens. MUST be set in production.
# Generate with: node -e "console.log(require('crypto').randomBytes(48).toString('base64url'))"
APP_SECRET="dev-only-change-me-dev-only-change-me-dev-only-change-me"

# Session TTL in hours
ADMIN_SESSION_HOURS=8
OPERATOR_SESSION_HOURS=12

# Bootstrap admin created on first boot if no admin exists.
# After first login, change this password via the admin UI.
BOOTSTRAP_ADMIN_EMAIL="admin@example.com"
BOOTSTRAP_ADMIN_PASSWORD="changeme"
BOOTSTRAP_ADMIN_NAME="Administrator"

# PIN lockout policy
PIN_MAX_ATTEMPTS=5
PIN_LOCKOUT_MINUTES=15