localgpt_core/config/

mod.rs

mod migrate;
mod schema;
pub mod watcher;

pub use migrate::check_openclaw_detected;
pub use schema::*;
pub use watcher::{ConfigWatcher, spawn_sighup_handler};

use anyhow::Result;
use serde::{Deserialize, Serialize};
use std::fs;
use std::path::PathBuf;

use crate::env::LOCALGPT_WORKSPACE;
use crate::paths::Paths;
use crate::paths::{DEFAULT_DATA_DIR_STR, DEFAULT_STATE_DIR_STR};

#[derive(Debug, Clone, Default, Serialize, Deserialize)]
pub struct Config {
    /// Resolved XDG-compliant paths (not serialized)
    #[serde(skip)]
    pub paths: Paths,

    #[serde(default)]
    pub agent: AgentConfig,

    #[serde(default)]
    pub providers: ProvidersConfig,

    #[serde(default)]
    pub heartbeat: HeartbeatConfig,

    #[serde(default)]
    pub memory: MemoryConfig,

    #[serde(default)]
    pub server: ServerConfig,

    #[serde(default)]
    pub logging: LoggingConfig,

    #[serde(default)]
    pub tools: ToolsConfig,

    #[serde(default)]
    pub security: SecurityConfig,

    #[serde(default)]
    pub sandbox: SandboxConfig,

    #[serde(default)]
    pub telegram: Option<TelegramConfig>,

    #[serde(default)]
    pub cron: CronConfig,

    #[serde(default)]
    pub hooks: HooksConfig,

    #[serde(default)]
    pub mcp: McpConfig,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct AgentConfig {
    #[serde(default = "default_model")]
    pub default_model: String,

    #[serde(default = "default_context_window")]
    pub context_window: usize,

    #[serde(default = "default_reserve_tokens")]
    pub reserve_tokens: usize,

    /// Maximum tokens for LLM response
    #[serde(default = "default_max_tokens")]
    pub max_tokens: usize,

    /// Maximum depth for spawn_agent tool (default: 1, no nested spawning)
    /// - 0: spawn_agent tool disabled
    /// - 1: single level only (subagents cannot spawn more agents)
    /// - 2+: limited nesting allowed (not recommended)
    #[serde(default)]
    pub max_spawn_depth: Option<u8>,

    /// Model to use for spawned subagents (default: same as default_model or claude-cli/sonnet)
    #[serde(default)]
    pub subagent_model: Option<String>,

    /// Fallback models to try if primary provider fails with retryable errors
    /// (rate limits, server errors, timeouts). Providers are tried in order.
    /// Example: ["openai/gpt-4o", "ollama/llama3"]
    #[serde(default)]
    pub fallback_models: Vec<String>,

    /// Maximum times the same tool can be called with identical arguments before
    /// loop detection triggers. Default: 3. Set to 0 to disable loop detection.
    #[serde(default = "default_max_tool_repeats")]
    pub max_tool_repeats: usize,

    /// Maximum age for session files before pruning (in seconds).
    /// 0 = keep forever. Default: 30 days.
    #[serde(default = "default_session_max_age")]
    pub session_max_age: u64,

    /// Maximum number of sessions to keep per agent.
    /// 0 = unlimited. Default: 500.
    #[serde(default = "default_session_max_count")]
    pub session_max_count: usize,
}

fn default_max_tool_repeats() -> usize {
    3
}

fn default_session_max_age() -> u64 {
    30 * 24 * 60 * 60 // 30 days in seconds
}

fn default_session_max_count() -> usize {
    500
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ToolsConfig {
    /// Bash command timeout in milliseconds
    #[serde(default = "default_bash_timeout")]
    pub bash_timeout_ms: u64,

    /// Maximum bytes to return from web_fetch
    #[serde(default = "default_web_fetch_max_bytes")]
    pub web_fetch_max_bytes: usize,

    /// Tools that require user approval before execution
    /// e.g., ["bash", "write_file", "edit_file"]
    #[serde(default)]
    pub require_approval: Vec<String>,

    /// Maximum characters for tool output (0 = unlimited)
    #[serde(default = "default_tool_output_max_chars")]
    pub tool_output_max_chars: usize,

    /// Log warnings for suspicious injection patterns detected in tool outputs
    #[serde(default = "default_true")]
    pub log_injection_warnings: bool,

    /// Wrap tool outputs and memory content with XML-style delimiters
    #[serde(default = "default_true")]
    pub use_content_delimiters: bool,

    /// Web search configuration (disabled by default)
    #[serde(default)]
    pub web_search: Option<WebSearchConfig>,

    /// Per-tool input filters (deny/allow patterns and substrings).
    /// Keys are tool names (e.g. "bash", "web_fetch").
    #[serde(default)]
    pub filters: std::collections::HashMap<String, crate::agent::tool_filters::ToolFilter>,
}

#[derive(Debug, Clone, Default, Serialize, Deserialize)]
#[serde(rename_all = "lowercase")]
pub enum SearchProviderType {
    Searxng,
    Brave,
    Tavily,
    Perplexity,
    #[default]
    None,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct WebSearchConfig {
    #[serde(default)]
    pub provider: SearchProviderType,

    #[serde(default = "default_true")]
    pub cache_enabled: bool,

    /// Cache TTL in seconds (default: 900 = 15 minutes)
    #[serde(default = "default_cache_ttl")]
    pub cache_ttl: u64,

    /// Maximum results per query (1-10, default: 5)
    #[serde(default = "default_max_results")]
    pub max_results: u8,

    /// Prefer provider-native search when supported (e.g., Anthropic web_search tool)
    #[serde(default = "default_true")]
    pub prefer_native: bool,

    #[serde(default)]
    pub searxng: Option<SearxngConfig>,

    #[serde(default)]
    pub brave: Option<BraveConfig>,

    #[serde(default)]
    pub tavily: Option<TavilyConfig>,

    #[serde(default)]
    pub perplexity: Option<PerplexityConfig>,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct SearxngConfig {
    pub base_url: String,

    #[serde(default)]
    pub categories: String,

    #[serde(default)]
    pub language: String,

    #[serde(default)]
    pub time_range: String,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct BraveConfig {
    pub api_key: String,

    #[serde(default)]
    pub country: String,

    #[serde(default)]
    pub freshness: String,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct TavilyConfig {
    pub api_key: String,

    #[serde(default = "default_basic")]
    pub search_depth: String,

    #[serde(default = "default_true")]
    pub include_answer: bool,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct PerplexityConfig {
    pub api_key: String,

    #[serde(default = "default_sonar")]
    pub model: String,
}

#[derive(Debug, Clone, Default, Serialize, Deserialize)]
pub struct SecurityConfig {
    /// Abort agent startup on tamper or suspicious content (default: false).
    ///
    /// When true, `TamperDetected` and `SuspiciousContent` are fatal errors
    /// that prevent the agent from starting. When false (default), the agent
    /// warns and falls back to hardcoded-only security.
    #[serde(default)]
    pub strict_policy: bool,

    /// Skip loading and injecting the `LocalGPT.md` workspace security policy
    /// (default: false).
    ///
    /// When true, the user's signed `LocalGPT.md` content is not loaded or
    /// injected into the context window. The hardcoded security suffix still
    /// applies unless [`disable_suffix`] is also set.
    #[serde(default)]
    pub disable_policy: bool,

    /// Skip injecting the hardcoded security suffix (default: false).
    ///
    /// The suffix is a compiled-in reminder that tells the model to treat
    /// tool outputs and retrieved content as data, not instructions. When
    /// disabled, the user policy (if any) still applies.
    ///
    /// **Warning:** Setting both `disable_policy` and `disable_suffix` to
    /// `true` removes all end-of-context security reinforcement. The system
    /// prompt safety section still exists, but may lose effectiveness in
    /// long sessions due to attention decay ("lost in the middle" effect).
    #[serde(default)]
    pub disable_suffix: bool,

    /// Restrict file tools to these directories (empty = unrestricted).
    /// Paths are canonicalized at startup. Symlinks are resolved before checking.
    #[serde(default)]
    pub allowed_directories: Vec<String>,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct SandboxConfig {
    /// Enable shell command sandboxing (default: true)
    #[serde(default = "default_true")]
    pub enabled: bool,

    /// Sandbox level: "auto" | "full" | "standard" | "minimal" | "none"
    #[serde(default = "default_sandbox_level")]
    pub level: String,

    /// Command timeout in seconds (default: 120)
    #[serde(default = "default_sandbox_timeout")]
    pub timeout_secs: u64,

    /// Maximum output bytes (default: 1MB)
    #[serde(default = "default_sandbox_max_output")]
    pub max_output_bytes: u64,

    /// Maximum file size in bytes (RLIMIT_FSIZE, default: 50MB)
    #[serde(default = "default_sandbox_max_file_size")]
    pub max_file_size_bytes: u64,

    /// Maximum child processes (RLIMIT_NPROC, default: 64)
    #[serde(default = "default_sandbox_max_processes")]
    pub max_processes: u32,

    /// Additional path allowances
    #[serde(default)]
    pub allow_paths: AllowPathsConfig,

    /// Network policy
    #[serde(default)]
    pub network: SandboxNetworkConfig,
}

#[derive(Debug, Clone, Default, Serialize, Deserialize)]
pub struct AllowPathsConfig {
    /// Additional read-only paths
    #[serde(default)]
    pub read: Vec<String>,

    /// Additional writable paths
    #[serde(default)]
    pub write: Vec<String>,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct SandboxNetworkConfig {
    /// Network policy: "deny" | "proxy"
    #[serde(default = "default_sandbox_network_policy")]
    pub policy: String,
}

impl Default for SandboxConfig {
    fn default() -> Self {
        Self {
            enabled: default_true(),
            level: default_sandbox_level(),
            timeout_secs: default_sandbox_timeout(),
            max_output_bytes: default_sandbox_max_output(),
            max_file_size_bytes: default_sandbox_max_file_size(),
            max_processes: default_sandbox_max_processes(),
            allow_paths: AllowPathsConfig::default(),
            network: SandboxNetworkConfig::default(),
        }
    }
}

impl Default for SandboxNetworkConfig {
    fn default() -> Self {
        Self {
            policy: default_sandbox_network_policy(),
        }
    }
}

#[derive(Debug, Clone, Default, Serialize, Deserialize)]
pub struct ProvidersConfig {
    #[serde(default)]
    pub openai: Option<OpenAIConfig>,

    #[serde(default)]
    pub xai: Option<XaiConfig>,

    #[serde(default)]
    pub anthropic: Option<AnthropicConfig>,

    #[serde(default)]
    pub ollama: Option<OllamaConfig>,

    #[serde(default)]
    pub claude_cli: Option<ClaudeCliConfig>,

    #[serde(default)]
    pub gemini_cli: Option<GeminiCliConfig>,

    #[serde(default)]
    pub codex_cli: Option<CodexCliConfig>,

    #[serde(default)]
    pub glm: Option<GlmConfig>,

    #[serde(default)]
    pub gemini: Option<GeminiConfig>,

    /// Generic OpenAI-compatible provider for any endpoint speaking the OpenAI Chat Completions API
    /// (OpenRouter, DeepSeek, Groq, vLLM, LiteLLM, Together AI, Fireworks, etc.)
    #[serde(default)]
    pub openai_compatible: Option<OpenAICompatibleConfig>,

    /// Google Vertex AI (service account key authentication)
    #[serde(default)]
    pub vertex: Option<VertexAiConfig>,
}

/// Configuration for OpenAI-compatible providers (OpenRouter, DeepSeek, Groq, etc.)
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct OpenAICompatibleConfig {
    /// Base URL for the API endpoint (e.g., "https://openrouter.ai/api/v1")
    pub base_url: String,

    /// API key for authentication (supports ${ENV_VAR} expansion)
    pub api_key: String,

    /// Extra headers to include in every request (e.g., OpenRouter attribution)
    #[serde(default)]
    pub extra_headers: std::collections::HashMap<String, String>,
}

/// Configuration for Google Vertex AI (service account key authentication)
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct VertexAiConfig {
    /// Path to service account JSON key file (supports ~ and ${ENV_VAR} expansion)
    pub service_account_key: String,

    /// Google Cloud project ID (supports ${ENV_VAR} expansion)
    pub project_id: String,

    /// Regional endpoint location (default: "us-central1")
    #[serde(default = "default_vertex_location")]
    pub location: String,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct OpenAIConfig {
    pub api_key: String,

    #[serde(default = "default_openai_base_url")]
    pub base_url: String,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct XaiConfig {
    pub api_key: String,

    #[serde(default = "default_xai_base_url")]
    pub base_url: String,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct AnthropicConfig {
    pub api_key: String,

    #[serde(default = "default_anthropic_base_url")]
    pub base_url: String,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct OllamaConfig {
    #[serde(default = "default_ollama_endpoint")]
    pub endpoint: String,

    #[serde(default = "default_ollama_model")]
    pub model: String,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ClaudeCliConfig {
    #[serde(default = "default_claude_cli_command")]
    pub command: String,

    #[serde(default = "default_claude_cli_model")]
    pub model: String,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct GeminiCliConfig {
    #[serde(default = "default_gemini_cli_command")]
    pub command: String,

    #[serde(default = "default_gemini_cli_model")]
    pub model: String,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct CodexCliConfig {
    #[serde(default = "default_codex_cli_command")]
    pub command: String,

    #[serde(default = "default_codex_cli_model")]
    pub model: String,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct GlmConfig {
    pub api_key: String,

    #[serde(default = "default_glm_base_url")]
    pub base_url: String,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct GeminiConfig {
    pub api_key: String,

    #[serde(default = "default_gemini_base_url")]
    pub base_url: String,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct HeartbeatConfig {
    #[serde(default = "default_true")]
    pub enabled: bool,

    #[serde(default = "default_interval")]
    pub interval: String,

    #[serde(default = "default_overdue_delay")]
    pub overdue_delay: String,

    /// Maximum duration for a single heartbeat run.
    /// If not set, defaults to half the heartbeat interval.
    /// Accepts the same format as `interval` (e.g., "15m", "1h").
    #[serde(default)]
    pub timeout: Option<String>,

    #[serde(default)]
    pub active_hours: Option<ActiveHours>,

    #[serde(default)]
    pub timezone: Option<String>,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ActiveHours {
    pub start: String,
    pub end: String,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct MemoryConfig {
    #[serde(default = "default_workspace")]
    pub workspace: String,

    /// Embedding provider: "local" (fastembed, default), "openai", or "none"
    #[serde(default = "default_embedding_provider")]
    pub embedding_provider: String,

    #[serde(default = "default_embedding_model")]
    pub embedding_model: String,

    /// Cache directory for local embedding models (optional)
    /// Default: ~/.cache/localgpt/models
    /// Can also be set via FASTEMBED_CACHE_DIR environment variable
    #[serde(default = "default_embedding_cache_dir")]
    pub embedding_cache_dir: String,

    #[serde(default = "default_chunk_size")]
    pub chunk_size: usize,

    #[serde(default = "default_chunk_overlap")]
    pub chunk_overlap: usize,

    /// Additional paths to index (relative to workspace or absolute)
    /// Each path uses a glob pattern for file matching
    #[serde(default = "default_index_paths")]
    pub paths: Vec<MemoryIndexPath>,

    /// Maximum messages to save in session memory files (0 = unlimited)
    /// Similar to OpenClaw's hooks.session-memory.messages (default: 15)
    #[serde(default = "default_session_max_messages")]
    pub session_max_messages: usize,

    /// Maximum characters per message in session memory (0 = unlimited)
    /// Set to 0 to preserve full message content like OpenClaw
    #[serde(default)]
    pub session_max_chars: usize,

    /// Temporal decay factor for search scoring.
    /// Older memories get lower scores using: score * exp(-lambda * age_days)
    /// Default: 0.0 (disabled)
    /// 0.1 = ~50% penalty for 7-day old memory
    /// 0.05 = ~50% penalty for 14-day old memory
    #[serde(default)]
    pub temporal_decay_lambda: f64,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct MemoryIndexPath {
    pub path: String,
    #[serde(default = "default_pattern")]
    pub pattern: String,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ServerConfig {
    #[serde(default = "default_true")]
    pub enabled: bool,

    #[serde(default = "default_port")]
    pub port: u16,

    #[serde(default = "default_bind")]
    pub bind: String,

    /// Bearer token for API authentication.
    /// If set, all /api/* routes require Authorization: Bearer <token>.
    /// Supports ${ENV_VAR} expansion.
    /// If unset, auth is disabled (backward compatible for local-only use).
    #[serde(default)]
    pub auth_token: Option<String>,

    #[serde(default)]
    pub rate_limit: RateLimitConfig,

    /// Allowed CORS origins. If empty, defaults to local access.
    #[serde(default)]
    pub cors_origins: Vec<String>,

    /// Maximum request body size in bytes.
    /// Requests larger than this return 413 Payload Too Large.
    /// Default: 10MB
    #[serde(default = "default_max_request_body")]
    pub max_request_body: usize,
}

fn default_max_request_body() -> usize {
    10 * 1024 * 1024 // 10MB
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct RateLimitConfig {
    #[serde(default = "default_true")]
    pub enabled: bool,

    /// Maximum requests per minute per IP
    #[serde(default = "default_requests_per_minute")]
    pub requests_per_minute: u32,

    /// Burst allowance (extra requests above steady rate)
    #[serde(default = "default_burst")]
    pub burst: u32,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct LoggingConfig {
    #[serde(default = "default_log_level")]
    pub level: String,

    #[serde(default = "default_log_file")]
    pub file: String,

    /// Days to keep log files (0 = keep forever, no auto-deletion)
    #[serde(default)]
    pub retention_days: u32,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct TelegramConfig {
    #[serde(default)]
    pub enabled: bool,

    pub api_token: String,
}

#[derive(Debug, Clone, Default, Serialize, Deserialize)]
pub struct CronConfig {
    #[serde(default)]
    pub jobs: Vec<CronJob>,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct CronJob {
    pub name: String,

    /// Cron expression ("0 */6 * * *") or interval ("every 30m", "every 2h", "every 1d")
    pub schedule: String,

    /// Prompt to send to a fresh agent session
    pub prompt: String,

    /// Optional Telegram channel/chat to route output to
    #[serde(default)]
    pub channel: Option<String>,

    #[serde(default = "default_true")]
    pub enabled: bool,

    /// Timeout for the job (e.g., "5m", "1h"). Default: 10m
    #[serde(default = "default_cron_timeout")]
    pub timeout: String,
}

#[derive(Debug, Clone, Default, Serialize, Deserialize)]
pub struct HooksConfig {
    #[serde(default)]
    pub hooks: Vec<HookConfig>,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct HookConfig {
    /// Unique name for this hook
    pub name: String,

    /// Event type: onMessage, onToolCall, onSessionStart, onSessionEnd, beforeToolCall, afterToolCall
    pub event: String,

    /// Command to execute (shell command)
    pub command: String,

    /// Optional filter (e.g., "tool:bash" for beforeToolCall)
    #[serde(default)]
    pub filter: Option<String>,

    /// Whether this hook is enabled
    #[serde(default = "default_true")]
    pub enabled: bool,
}

#[derive(Debug, Clone, Default, Serialize, Deserialize)]
pub struct McpConfig {
    #[serde(default)]
    pub servers: Vec<McpServerConfig>,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct McpServerConfig {
    /// Unique name for this MCP server (used in tool namespacing)
    pub name: String,

    /// Transport type: "stdio" or "sse"
    #[serde(default = "default_mcp_transport")]
    pub transport: String,

    /// Command to run for stdio transport
    pub command: Option<String>,

    /// Arguments for the stdio command
    #[serde(default)]
    pub args: Vec<String>,

    /// Environment variables for the subprocess
    #[serde(default)]
    pub env: std::collections::HashMap<String, String>,

    /// URL for SSE transport
    pub url: Option<String>,
}

fn default_mcp_transport() -> String {
    "stdio".to_string()
}

// Default value functions
fn default_model() -> String {
    // Default to Claude CLI (uses existing Claude Code auth, no API key needed)
    "claude-cli/opus".to_string()
}
fn default_context_window() -> usize {
    128000
}
fn default_reserve_tokens() -> usize {
    8000
}
fn default_max_tokens() -> usize {
    4096
}
fn default_bash_timeout() -> u64 {
    30000 // 30 seconds
}
fn default_web_fetch_max_bytes() -> usize {
    10000
}
fn default_tool_output_max_chars() -> usize {
    50000 // 50k characters max for tool output by default
}
fn default_openai_base_url() -> String {
    "https://api.openai.com/v1".to_string()
}
fn default_xai_base_url() -> String {
    "https://api.x.ai/v1".to_string()
}
fn default_anthropic_base_url() -> String {
    "https://api.anthropic.com".to_string()
}
fn default_ollama_endpoint() -> String {
    "http://localhost:11434".to_string()
}
fn default_ollama_model() -> String {
    "llama3".to_string()
}
fn default_claude_cli_command() -> String {
    "claude".to_string()
}
fn default_claude_cli_model() -> String {
    "opus".to_string()
}
fn default_gemini_cli_command() -> String {
    "gemini".to_string()
}
fn default_gemini_cli_model() -> String {
    "gemini-3.1-pro-preview".to_string()
}
fn default_codex_cli_command() -> String {
    "codex".to_string()
}
fn default_codex_cli_model() -> String {
    "o4-mini".to_string()
}
fn default_glm_base_url() -> String {
    "https://api.z.ai/api/coding/paas/v4".to_string()
}
fn default_gemini_base_url() -> String {
    "https://generativelanguage.googleapis.com".to_string()
}
fn default_vertex_location() -> String {
    "us-central1".to_string()
}
fn default_true() -> bool {
    true
}
fn default_interval() -> String {
    "30m".to_string()
}

fn default_overdue_delay() -> String {
    "1m".to_string()
}
fn default_workspace() -> String {
    format!("{}/workspace", DEFAULT_DATA_DIR_STR)
}
fn default_embedding_provider() -> String {
    "local".to_string() // Local embeddings via fastembed (no API key needed)
}
fn default_embedding_model() -> String {
    "all-MiniLM-L6-v2".to_string() // Local model via fastembed (no API key needed)
}
fn default_embedding_cache_dir() -> String {
    crate::paths::DEFAULT_CACHE_DIR_STR.to_string() + "/embeddings"
}
fn default_chunk_size() -> usize {
    400
}
fn default_chunk_overlap() -> usize {
    80
}
fn default_index_paths() -> Vec<MemoryIndexPath> {
    vec![MemoryIndexPath {
        path: "knowledge".to_string(),
        pattern: "**/*.md".to_string(),
    }]
}
fn default_pattern() -> String {
    "**/*.md".to_string()
}
fn default_session_max_messages() -> usize {
    15 // Match OpenClaw's default
}
fn default_port() -> u16 {
    31327
}
fn default_cron_timeout() -> String {
    "10m".to_string()
}
fn default_requests_per_minute() -> u32 {
    60
}
fn default_burst() -> u32 {
    10
}
fn default_bind() -> String {
    "127.0.0.1".to_string()
}
fn default_log_level() -> String {
    "info".to_string()
}
fn default_log_file() -> String {
    format!("{}/logs/agent.log", DEFAULT_STATE_DIR_STR)
}
fn default_sandbox_level() -> String {
    "auto".to_string()
}
fn default_sandbox_timeout() -> u64 {
    120
}
fn default_sandbox_max_output() -> u64 {
    1_048_576 // 1MB
}
fn default_sandbox_max_file_size() -> u64 {
    52_428_800 // 50MB
}
fn default_sandbox_max_processes() -> u32 {
    64
}
fn default_sandbox_network_policy() -> String {
    "deny".to_string()
}
fn default_cache_ttl() -> u64 {
    900 // 15 minutes
}
fn default_max_results() -> u8 {
    5
}
fn default_basic() -> String {
    "basic".to_string()
}
fn default_sonar() -> String {
    "sonar".to_string()
}

impl Default for AgentConfig {
    fn default() -> Self {
        Self {
            default_model: default_model(),
            context_window: default_context_window(),
            reserve_tokens: default_reserve_tokens(),
            max_tokens: default_max_tokens(),
            max_spawn_depth: Some(1),    // Single-level spawning by default
            subagent_model: None,        // Use default_model if not specified
            fallback_models: Vec::new(), // No fallbacks by default
            max_tool_repeats: default_max_tool_repeats(), // Loop detection threshold
            session_max_age: default_session_max_age(), // 30 days
            session_max_count: default_session_max_count(), // 500 sessions
        }
    }
}

impl Default for ToolsConfig {
    fn default() -> Self {
        Self {
            bash_timeout_ms: default_bash_timeout(),
            web_fetch_max_bytes: default_web_fetch_max_bytes(),
            require_approval: Vec::new(),
            tool_output_max_chars: default_tool_output_max_chars(),
            log_injection_warnings: default_true(),
            use_content_delimiters: default_true(),
            web_search: None,
            filters: std::collections::HashMap::new(),
        }
    }
}

impl Default for HeartbeatConfig {
    fn default() -> Self {
        Self {
            enabled: default_true(),
            interval: default_interval(),
            overdue_delay: default_overdue_delay(),
            timeout: None,
            active_hours: None,
            timezone: None,
        }
    }
}

impl Default for MemoryConfig {
    fn default() -> Self {
        Self {
            workspace: default_workspace(),
            embedding_provider: default_embedding_provider(),
            embedding_model: default_embedding_model(),
            embedding_cache_dir: default_embedding_cache_dir(),
            chunk_size: default_chunk_size(),
            chunk_overlap: default_chunk_overlap(),
            paths: default_index_paths(),
            session_max_messages: default_session_max_messages(),
            session_max_chars: 0, // 0 = unlimited (preserve full content like OpenClaw)
            temporal_decay_lambda: 0.0, // Disabled by default
        }
    }
}

impl Default for ServerConfig {
    fn default() -> Self {
        Self {
            enabled: default_true(),
            port: default_port(),
            bind: default_bind(),
            auth_token: None,
            rate_limit: RateLimitConfig::default(),
            cors_origins: Vec::new(),
            max_request_body: default_max_request_body(),
        }
    }
}

impl Default for RateLimitConfig {
    fn default() -> Self {
        Self {
            enabled: default_true(),
            requests_per_minute: default_requests_per_minute(),
            burst: default_burst(),
        }
    }
}

impl Default for LoggingConfig {
    fn default() -> Self {
        Self {
            level: default_log_level(),
            file: default_log_file(),
            retention_days: 0, // 0 = keep forever
        }
    }
}

impl Config {
    pub fn load() -> Result<Self> {
        let paths = Paths::resolve()?;
        paths.ensure_dirs()?;
        let path = paths.config_file();

        if !path.exists() {
            // Create default config file on first run
            let config = Config {
                paths,
                ..Config::default()
            };
            config.save_with_template()?;
            return Ok(config);
        }

        let content = fs::read_to_string(&path)?;
        let mut config: Config = toml::from_str(&content)?;
        config.paths = paths;

        // Expand environment variables in API keys
        config.expand_env_vars();

        // Apply deprecated memory.workspace override if set and LOCALGPT_WORKSPACE not set
        if config.memory.workspace != default_workspace()
            && std::env::var(LOCALGPT_WORKSPACE).is_err()
        {
            let expanded = shellexpand::tilde(&config.memory.workspace);
            let ws_path = PathBuf::from(expanded.to_string());
            if ws_path.is_absolute() {
                config.paths.workspace = ws_path;
            }
        }

        Ok(config)
    }

    /// Load (or create default) config with all directories rooted under `data_dir`.
    ///
    /// Mobile apps use this instead of `load()` since they don't have XDG dirs.
    pub fn load_from_dir(data_dir: &str) -> Result<Self> {
        let paths = Paths::from_root(data_dir);
        paths.ensure_dirs()?;
        let path = paths.config_file();

        if !path.exists() {
            let config = Config {
                paths,
                ..Config::default()
            };
            config.save()?;
            return Ok(config);
        }

        let content = fs::read_to_string(&path)?;
        let mut config: Config = toml::from_str(&content)?;
        config.paths = paths;
        config.expand_env_vars();
        Ok(config)
    }

    pub fn save(&self) -> Result<()> {
        let path = self.paths.config_file();

        // Create parent directories
        if let Some(parent) = path.parent() {
            fs::create_dir_all(parent)?;
        }

        let content = toml::to_string_pretty(self)?;
        fs::write(&path, content)?;

        Ok(())
    }

    /// Save config with a helpful template (for first-time setup)
    pub fn save_with_template(&self) -> Result<()> {
        let path = self.paths.config_file();

        // Create parent directories
        if let Some(parent) = path.parent() {
            fs::create_dir_all(parent)?;
        }

        fs::write(&path, DEFAULT_CONFIG_TEMPLATE)?;
        eprintln!("Created default config at {}", path.display());

        Ok(())
    }

    pub fn config_path() -> Result<PathBuf> {
        let paths = Paths::resolve()?;
        Ok(paths.config_file())
    }

    fn expand_env_vars(&mut self) {
        if let Some(ref mut openai) = self.providers.openai {
            openai.api_key = expand_env(&openai.api_key);
        }
        if let Some(ref mut xai) = self.providers.xai {
            xai.api_key = expand_env(&xai.api_key);
        }
        if let Some(ref mut anthropic) = self.providers.anthropic {
            anthropic.api_key = expand_env(&anthropic.api_key);
        }
        if let Some(ref mut telegram) = self.telegram {
            telegram.api_token = expand_env(&telegram.api_token);
        }
        if let Some(ref mut ws) = self.tools.web_search
            && let Some(ref mut brave) = ws.brave
        {
            brave.api_key = expand_env(&brave.api_key);
        }
        if let Some(ref mut ws) = self.tools.web_search
            && let Some(ref mut tavily) = ws.tavily
        {
            tavily.api_key = expand_env(&tavily.api_key);
        }
        if let Some(ref mut ws) = self.tools.web_search
            && let Some(ref mut perplexity) = ws.perplexity
        {
            perplexity.api_key = expand_env(&perplexity.api_key);
        }
        if let Some(ref mut gemini) = self.providers.gemini {
            gemini.api_key = expand_env(&gemini.api_key);
        }
        if let Some(ref mut openai_compat) = self.providers.openai_compatible {
            openai_compat.api_key = expand_env(&openai_compat.api_key);
            openai_compat.base_url = expand_env(&openai_compat.base_url);
        }
        if let Some(ref mut vertex) = self.providers.vertex {
            vertex.service_account_key = expand_env(&vertex.service_account_key);
            vertex.project_id = expand_env(&vertex.project_id);
        }
        if let Some(ref mut auth_token) = self.server.auth_token {
            *auth_token = expand_env(auth_token);
        }
    }

    pub fn get_value(&self, key: &str) -> Result<String> {
        let parts: Vec<&str> = key.split('.').collect();

        match parts.as_slice() {
            ["agent", "default_model"] => Ok(self.agent.default_model.clone()),
            ["agent", "context_window"] => Ok(self.agent.context_window.to_string()),
            ["agent", "reserve_tokens"] => Ok(self.agent.reserve_tokens.to_string()),
            ["heartbeat", "enabled"] => Ok(self.heartbeat.enabled.to_string()),
            ["heartbeat", "interval"] => Ok(self.heartbeat.interval.clone()),
            ["server", "enabled"] => Ok(self.server.enabled.to_string()),
            ["server", "port"] => Ok(self.server.port.to_string()),
            ["server", "bind"] => Ok(self.server.bind.clone()),
            ["memory", "workspace"] => Ok(self.memory.workspace.clone()),
            ["logging", "level"] => Ok(self.logging.level.clone()),
            _ => anyhow::bail!("Unknown config key: {}", key),
        }
    }

    pub fn set_value(&mut self, key: &str, value: &str) -> Result<()> {
        let parts: Vec<&str> = key.split('.').collect();

        match parts.as_slice() {
            ["agent", "default_model"] => self.agent.default_model = value.to_string(),
            ["agent", "context_window"] => self.agent.context_window = value.parse()?,
            ["agent", "reserve_tokens"] => self.agent.reserve_tokens = value.parse()?,
            ["heartbeat", "enabled"] => self.heartbeat.enabled = value.parse()?,
            ["heartbeat", "interval"] => self.heartbeat.interval = value.to_string(),
            ["server", "enabled"] => self.server.enabled = value.parse()?,
            ["server", "port"] => self.server.port = value.parse()?,
            ["server", "bind"] => self.server.bind = value.to_string(),
            ["memory", "workspace"] => self.memory.workspace = value.to_string(),
            ["logging", "level"] => self.logging.level = value.to_string(),
            _ => anyhow::bail!("Unknown config key: {}", key),
        }

        Ok(())
    }

    /// Get workspace path from resolved Paths.
    ///
    /// Resolution is handled by `Paths::resolve()`:
    /// 1. LOCALGPT_WORKSPACE env var (absolute path override)
    /// 2. LOCALGPT_PROFILE env var (creates workspace-{profile} under data_dir)
    /// 3. memory.workspace from config file (deprecated compat)
    /// 4. Default: data_dir/workspace
    pub fn workspace_path(&self) -> PathBuf {
        self.paths.workspace.clone()
    }
}

fn expand_env(s: &str) -> String {
    if let Some(var_name) = s.strip_prefix("${").and_then(|s| s.strip_suffix('}')) {
        std::env::var(var_name).unwrap_or_else(|_| s.to_string())
    } else if let Some(var_name) = s.strip_prefix('$') {
        std::env::var(var_name).unwrap_or_else(|_| s.to_string())
    } else {
        s.to_string()
    }
}

/// Default config template with helpful comments (used for first-time setup)
const DEFAULT_CONFIG_TEMPLATE: &str = r#"# LocalGPT Configuration
# Auto-created on first run. Edit as needed.

[agent]
# Default model: claude-cli/opus, anthropic/claude-sonnet-4-5, openai/gpt-4o, xai/grok-3-mini, etc.
default_model = "claude-cli/opus"
context_window = 128000
reserve_tokens = 8000

# Spawn agent (subagent) configuration
# max_spawn_depth = 1            # 0 = disabled, 1 = single level (default)
# subagent_model = "claude-cli/sonnet"  # Model for subagents (default: same as default_model)

# Failover configuration (optional)
# Automatically try fallback models if primary fails with retryable errors
# (rate limits, server errors, timeouts). Providers tried in order.
# fallback_models = ["openai/gpt-4o", "ollama/llama3"]

# Loop detection (optional)
# Maximum times the same tool can be called with identical arguments
# before detection triggers. Default: 3. Set to 0 to disable.
# max_tool_repeats = 3

# Anthropic API (for anthropic/* models)
# [providers.anthropic]
# api_key = "${ANTHROPIC_API_KEY}"

# OpenAI API (for openai/* models)
# [providers.openai]
# api_key = "${OPENAI_API_KEY}"

# xAI API (for xai/* models)
# [providers.xai]
# api_key = "${XAI_API_KEY}"
# base_url = "https://api.x.ai/v1"

# OpenAI-Compatible provider (OpenRouter, DeepSeek, Groq, vLLM, LiteLLM, etc.)
# [providers.openai_compatible]
# base_url = "https://openrouter.ai/api/v1"
# api_key = "${OPENROUTER_API_KEY}"
# # Optional extra headers (e.g., OpenRouter attribution)
# extra_headers = { "HTTP-Referer" = "https://localgpt.app", "X-Title" = "LocalGPT" }
# # Use with: localgpt chat --model openai-compat/deepseek-chat

# Claude CLI (for claude-cli/* models, requires claude CLI installed)
[providers.claude_cli]
command = "claude"

[heartbeat]
enabled = true
interval = "30m"

# Maximum wall-clock time for a single heartbeat run (optional).
# If the heartbeat LLM turn exceeds this deadline it is cancelled and
# a TimedOut event is recorded so the next interval can run on schedule.
# Defaults to half the interval (e.g., "15m" when interval = "30m").
# timeout = "15m"

# Only run during these hours (optional)
# [heartbeat.active_hours]
# start = "09:00"
# end = "22:00"

[memory]
# Workspace directory for memory files (MEMORY.md, HEARTBEAT.md, etc.)
# Default: XDG data dir (~/.local/share/localgpt/workspace)
# Override with environment variables:
#   LOCALGPT_WORKSPACE=/path/to/workspace  - absolute path override
#   LOCALGPT_PROFILE=work                  - uses data_dir/workspace-work
# workspace = "~/.local/share/localgpt/workspace"

# Session memory settings (for /new command)
# session_max_messages = 15    # Max messages to save (0 = unlimited)
# session_max_chars = 0        # Max chars per message (0 = unlimited, preserves full content)

[server]
enabled = true
port = 31327
bind = "127.0.0.1"
# Optional bearer token for API authentication
# auth_token = "${LOCALGPT_AUTH_TOKEN}"

[logging]
level = "info"

# Shell sandbox (kernel-enforced isolation for LLM-generated commands)
# [sandbox]
# enabled = true                        # default: true
# level = "auto"                        # auto | full | standard | minimal | none
# timeout_secs = 120                    # default: 120
# max_output_bytes = 1048576            # default: 1MB
#
# [sandbox.allow_paths]
# read = ["/data/datasets"]             # additional read-only paths
# write = ["/tmp/builds"]               # additional writable paths
#
# [sandbox.network]
# policy = "deny"                       # deny | proxy

# Web search (optional)
# [tools.web_search]
# provider = "searxng"            # searxng | brave | tavily | perplexity | none
# cache_enabled = true
# cache_ttl = 900                 # seconds (default: 15 min)
# max_results = 5                 # 1-10
# prefer_native = true            # prefer native provider search when available
#
# [tools.web_search.searxng]
# base_url = "http://localhost:8080"
# categories = "general"
# language = "en"
#
# [tools.web_search.brave]
# api_key = "${BRAVE_API_KEY}"
#
# [tools.web_search.tavily]
# api_key = "${TAVILY_API_KEY}"
# search_depth = "basic"          # basic | advanced
# include_answer = true
#
# [tools.web_search.perplexity]
# api_key = "${PERPLEXITY_API_KEY}"
# model = "sonar"

# Telegram bot (optional)
# [telegram]
# enabled = true
# api_token = "${TELEGRAM_BOT_TOKEN}"
"#;