# Backend Configuration
PORT=3000

# REQUIRED. Long random string. Generate with `openssl rand -hex 32`.
# Used as the admin token; stored as an HttpOnly cookie after login.
ADMIN_TOKEN=

DATA_DIR=/app/data

# Cookie hardening. Default is true; set to false for local HTTP development
# only. In production with HTTPS, leave this true.
COOKIE_SECURE=true

# CORS allow-list. Leave empty unless you expose the backend directly to
# browsers. With the default Astro proxy setup, no CORS is needed.
FRONTEND_ORIGIN=

# Frontend Configuration
# URL of the backend API accessible from the frontend container.
PUBLIC_API_URL=http://backend:3000