localgpt_core/config/

mod.rs

mod migrate;
mod schema;
pub mod watcher;

pub use migrate::check_openclaw_detected;
pub use schema::*;
pub use watcher::{ConfigWatcher, spawn_sighup_handler};

use anyhow::Result;
use serde::{Deserialize, Serialize};
use std::fs;
use std::path::PathBuf;

use crate::env::LOCALGPT_WORKSPACE;
use crate::paths::Paths;
use crate::paths::{DEFAULT_DATA_DIR_STR, DEFAULT_STATE_DIR_STR};

/// Memory search backend kind.
///
/// Determines which storage engine is used for the memory search index:
/// - `sqlite` (default): Full-featured FTS5 + optional vector search via SQLite
/// - `markdown`: Lightweight grep-based search over workspace `.md` files
/// - `none`: Memory search disabled (workspace file reading still works)
#[derive(Debug, Clone, Copy, Default, PartialEq, Eq, Serialize, Deserialize)]
#[serde(rename_all = "lowercase")]
pub enum MemoryBackendKind {
    #[default]
    Sqlite,
    Markdown,
    None,
}

impl std::fmt::Display for MemoryBackendKind {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        match self {
            Self::Sqlite => write!(f, "sqlite"),
            Self::Markdown => write!(f, "markdown"),
            Self::None => write!(f, "none"),
        }
    }
}

#[derive(Debug, Clone, Default, Serialize, Deserialize)]
pub struct Config {
    /// Resolved XDG-compliant paths (not serialized)
    #[serde(skip)]
    pub paths: Paths,

    #[serde(default)]
    pub agent: AgentConfig,

    #[serde(default)]
    pub providers: ProvidersConfig,

    #[serde(default)]
    pub heartbeat: HeartbeatConfig,

    #[serde(default)]
    pub memory: MemoryConfig,

    #[serde(default)]
    pub server: ServerConfig,

    #[serde(default)]
    pub logging: LoggingConfig,

    #[serde(default)]
    pub tools: ToolsConfig,

    #[serde(default)]
    pub security: SecurityConfig,

    #[serde(default)]
    pub sandbox: SandboxConfig,

    #[serde(default)]
    pub telegram: Option<TelegramConfig>,

    #[serde(default)]
    pub cron: CronConfig,

    #[serde(default)]
    pub hooks: HooksConfig,

    #[serde(default)]
    pub mcp: McpConfig,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct AgentConfig {
    #[serde(default = "default_model")]
    pub default_model: String,

    #[serde(default = "default_context_window")]
    pub context_window: usize,

    #[serde(default = "default_reserve_tokens")]
    pub reserve_tokens: usize,

    /// Maximum tokens for LLM response
    #[serde(default = "default_max_tokens")]
    pub max_tokens: usize,

    /// Maximum depth for spawn_agent tool (default: 1, no nested spawning)
    /// - 0: spawn_agent tool disabled
    /// - 1: single level only (subagents cannot spawn more agents)
    /// - 2+: limited nesting allowed (not recommended)
    #[serde(default)]
    pub max_spawn_depth: Option<u8>,

    /// Model to use for spawned subagents (default: same as default_model or claude-cli/sonnet)
    #[serde(default)]
    pub subagent_model: Option<String>,

    /// Fallback models to try if primary provider fails with retryable errors
    /// (rate limits, server errors, timeouts). Providers are tried in order.
    /// Example: ["openai/gpt-4o", "ollama/llama3"]
    #[serde(default)]
    pub fallback_models: Vec<String>,

    /// Maximum times the same tool can be called with identical arguments before
    /// loop detection triggers. Default: 3. Set to 0 to disable loop detection.
    #[serde(default = "default_max_tool_repeats")]
    pub max_tool_repeats: usize,

    /// Maximum consecutive failures of the same tool before blocking it.
    /// Default: 3. Set to 0 to disable tool error tracking.
    #[serde(default = "default_max_tool_errors")]
    pub max_tool_errors: u32,

    /// Allow one retry when a tool call has malformed arguments.
    /// Default: true. Set to false to fail immediately.
    #[serde(default = "default_true")]
    pub tool_retry_on_malformed: bool,

    /// Maximum age for session files before pruning (in seconds).
    /// 0 = keep forever. Default: 30 days.
    #[serde(default = "default_session_max_age")]
    pub session_max_age: u64,

    /// Maximum number of sessions to keep per agent.
    /// 0 = unlimited. Default: 500.
    #[serde(default = "default_session_max_count")]
    pub session_max_count: usize,

    /// Sections from AGENTS.md (or SOUL.md) to re-inject after session compaction.
    /// Default: ["Session Startup", "Red Lines"]. Empty array disables injection.
    #[serde(default = "default_post_compaction_sections")]
    pub post_compaction_sections: Vec<String>,

    /// Save checkpoint of session transcript before compaction (enables restore).
    /// Default: true.
    #[serde(default = "default_true")]
    pub checkpoints_enabled: bool,

    /// Maximum compaction checkpoints to keep per session. Default: 5.
    #[serde(default = "default_max_checkpoints")]
    pub max_checkpoints: usize,

    /// Active memory recall configuration — automatically search memory before replies
    #[serde(default)]
    pub active_memory: crate::memory::active_recall::ActiveMemoryConfig,

    /// Session permission level. Tools requiring a higher level need approval.
    /// Default: "elevated" (all tools run without prompting, matching current behavior).
    /// Set to "safe" to require approval for dangerous tools (bash, file write, etc.).
    #[serde(default = "default_permission_level")]
    pub permission_level: crate::agent::tools::PermissionLevel,

    /// Auto-approve elevated tool calls from loopback connections (localhost).
    /// Default: true (backward compatible — CLI and local HTTP skip approval).
    #[serde(default = "default_true")]
    pub auto_approve_loopback: bool,
}

fn default_max_tool_repeats() -> usize {
    3
}

fn default_max_tool_errors() -> u32 {
    3
}

fn default_session_max_age() -> u64 {
    30 * 24 * 60 * 60 // 30 days in seconds
}

fn default_session_max_count() -> usize {
    500
}

fn default_max_checkpoints() -> usize {
    5
}

fn default_permission_level() -> crate::agent::tools::PermissionLevel {
    // Elevated = all tools run without prompting (backward compatible)
    crate::agent::tools::PermissionLevel::Elevated
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ToolsConfig {
    /// Bash command timeout in milliseconds
    #[serde(default = "default_bash_timeout")]
    pub bash_timeout_ms: u64,

    /// Maximum bytes to return from web_fetch
    #[serde(default = "default_web_fetch_max_bytes")]
    pub web_fetch_max_bytes: usize,

    /// Tools that require user approval before execution
    /// e.g., ["bash", "write_file", "edit_file"]
    #[serde(default)]
    pub require_approval: Vec<String>,

    /// Maximum characters for tool output (0 = unlimited)
    #[serde(default = "default_tool_output_max_chars")]
    pub tool_output_max_chars: usize,

    /// Log warnings for suspicious injection patterns detected in tool outputs
    #[serde(default = "default_true")]
    pub log_injection_warnings: bool,

    /// Wrap tool outputs and memory content with XML-style delimiters
    #[serde(default = "default_true")]
    pub use_content_delimiters: bool,

    /// Web search configuration (disabled by default)
    #[serde(default)]
    pub web_search: Option<WebSearchConfig>,

    /// Document loader overrides: extension → shell command (e.g., "pdf" → "pdftotext $1 -")
    #[serde(default)]
    pub document_loaders: Option<std::collections::HashMap<String, String>>,

    /// Maximum document file size in bytes (default: 10MB)
    #[serde(default = "default_document_max_bytes")]
    pub document_max_bytes: usize,

    /// Audio transcription (STT) configuration
    #[serde(default)]
    pub stt: Option<crate::media::SttConfig>,

    /// Maximum image dimension (width or height) before resizing for vision models.
    /// 0 = disabled (send original). Default: 1568px.
    #[serde(default = "default_image_max_dimension")]
    pub image_max_dimension: u32,

    /// Enable media result caching for document_load/transcribe_audio (default: true)
    #[serde(default = "default_true")]
    pub media_cache_enabled: bool,

    /// Maximum media cache size in MB (default: 100)
    #[serde(default = "default_media_cache_max_mb")]
    pub media_cache_max_mb: u64,

    /// Enable browser automation tool via Chrome DevTools Protocol (default: false)
    #[serde(default)]
    pub browser_enabled: bool,

    /// Chrome CDP debug port (default: 9222)
    #[serde(default = "default_browser_port")]
    pub browser_port: u16,

    /// Per-tool input filters (deny/allow patterns and substrings).
    /// Keys are tool names (e.g. "bash", "web_fetch").
    #[serde(default)]
    pub filters: std::collections::HashMap<String, crate::agent::tool_filters::ToolFilter>,
}

#[derive(Debug, Clone, Default, Serialize, Deserialize)]
#[serde(rename_all = "lowercase")]
pub enum SearchProviderType {
    Searxng,
    Brave,
    Tavily,
    Perplexity,
    #[default]
    None,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct WebSearchConfig {
    #[serde(default)]
    pub provider: SearchProviderType,

    #[serde(default = "default_true")]
    pub cache_enabled: bool,

    /// Cache TTL in seconds (default: 900 = 15 minutes)
    #[serde(default = "default_cache_ttl")]
    pub cache_ttl: u64,

    /// Maximum results per query (1-10, default: 5)
    #[serde(default = "default_max_results")]
    pub max_results: u8,

    /// Prefer provider-native search when supported (e.g., Anthropic web_search tool)
    #[serde(default = "default_true")]
    pub prefer_native: bool,

    #[serde(default)]
    pub searxng: Option<SearxngConfig>,

    #[serde(default)]
    pub brave: Option<BraveConfig>,

    #[serde(default)]
    pub tavily: Option<TavilyConfig>,

    #[serde(default)]
    pub perplexity: Option<PerplexityConfig>,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct SearxngConfig {
    pub base_url: String,

    #[serde(default)]
    pub categories: String,

    #[serde(default)]
    pub language: String,

    #[serde(default)]
    pub time_range: String,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct BraveConfig {
    pub api_key: String,

    #[serde(default)]
    pub country: String,

    #[serde(default)]
    pub freshness: String,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct TavilyConfig {
    pub api_key: String,

    #[serde(default = "default_basic")]
    pub search_depth: String,

    #[serde(default = "default_true")]
    pub include_answer: bool,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct PerplexityConfig {
    pub api_key: String,

    #[serde(default = "default_sonar")]
    pub model: String,
}

#[derive(Debug, Clone, Default, Serialize, Deserialize)]
pub struct SecurityConfig {
    /// Abort agent startup on tamper or suspicious content (default: false).
    ///
    /// When true, `TamperDetected` and `SuspiciousContent` are fatal errors
    /// that prevent the agent from starting. When false (default), the agent
    /// warns and falls back to hardcoded-only security.
    #[serde(default)]
    pub strict_policy: bool,

    /// Skip loading and injecting the `LocalGPT.md` workspace security policy
    /// (default: false).
    ///
    /// When true, the user's signed `LocalGPT.md` content is not loaded or
    /// injected into the context window. The hardcoded security suffix still
    /// applies unless [`disable_suffix`] is also set.
    #[serde(default)]
    pub disable_policy: bool,

    /// Skip injecting the hardcoded security suffix (default: false).
    ///
    /// The suffix is a compiled-in reminder that tells the model to treat
    /// tool outputs and retrieved content as data, not instructions. When
    /// disabled, the user policy (if any) still applies.
    ///
    /// **Warning:** Setting both `disable_policy` and `disable_suffix` to
    /// `true` removes all end-of-context security reinforcement. The system
    /// prompt safety section still exists, but may lose effectiveness in
    /// long sessions due to attention decay ("lost in the middle" effect).
    #[serde(default)]
    pub disable_suffix: bool,

    /// Restrict file tools to these directories (empty = unrestricted).
    /// Paths are canonicalized at startup. Symlinks are resolved before checking.
    #[serde(default)]
    pub allowed_directories: Vec<String>,

    /// Enable encryption at rest for sessions and config secrets (default: false).
    #[serde(default)]
    pub encryption: bool,

    /// Path to the encryption key file.
    /// Default: data_dir/encryption.key (~/.local/share/localgpt/encryption.key)
    #[serde(default)]
    pub encryption_key_path: Option<String>,

    /// Container sandbox backend: "disabled" (default), "auto", "docker", "podman"
    /// "auto" tries Docker then Podman, falls back to kernel sandbox.
    #[serde(default = "default_sandbox_backend")]
    pub sandbox_backend: String,

    /// Docker image for container sandbox (default: "ubuntu:24.04")
    #[serde(default)]
    pub sandbox_image: Option<String>,

    /// Memory limit for sandbox container (e.g., "512m", "1g")
    #[serde(default)]
    pub sandbox_memory: Option<String>,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct SandboxConfig {
    /// Enable shell command sandboxing (default: true)
    #[serde(default = "default_true")]
    pub enabled: bool,

    /// Sandbox level: "auto" | "full" | "standard" | "minimal" | "none"
    #[serde(default = "default_sandbox_level")]
    pub level: String,

    /// Command timeout in seconds (default: 120)
    #[serde(default = "default_sandbox_timeout")]
    pub timeout_secs: u64,

    /// Maximum output bytes (default: 1MB)
    #[serde(default = "default_sandbox_max_output")]
    pub max_output_bytes: u64,

    /// Maximum file size in bytes (RLIMIT_FSIZE, default: 50MB)
    #[serde(default = "default_sandbox_max_file_size")]
    pub max_file_size_bytes: u64,

    /// Maximum child processes (RLIMIT_NPROC, default: 64)
    #[serde(default = "default_sandbox_max_processes")]
    pub max_processes: u32,

    /// Additional path allowances
    #[serde(default)]
    pub allow_paths: AllowPathsConfig,

    /// Network policy
    #[serde(default)]
    pub network: SandboxNetworkConfig,
}

#[derive(Debug, Clone, Default, Serialize, Deserialize)]
pub struct AllowPathsConfig {
    /// Additional read-only paths
    #[serde(default)]
    pub read: Vec<String>,

    /// Additional writable paths
    #[serde(default)]
    pub write: Vec<String>,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct SandboxNetworkConfig {
    /// Network policy: "deny" | "proxy"
    #[serde(default = "default_sandbox_network_policy")]
    pub policy: String,
}

impl Default for SandboxConfig {
    fn default() -> Self {
        Self {
            enabled: default_true(),
            level: default_sandbox_level(),
            timeout_secs: default_sandbox_timeout(),
            max_output_bytes: default_sandbox_max_output(),
            max_file_size_bytes: default_sandbox_max_file_size(),
            max_processes: default_sandbox_max_processes(),
            allow_paths: AllowPathsConfig::default(),
            network: SandboxNetworkConfig::default(),
        }
    }
}

impl Default for SandboxNetworkConfig {
    fn default() -> Self {
        Self {
            policy: default_sandbox_network_policy(),
        }
    }
}

#[derive(Debug, Clone, Default, Serialize, Deserialize)]
pub struct ProvidersConfig {
    #[serde(default)]
    pub openai: Option<OpenAIConfig>,

    #[serde(default)]
    pub xai: Option<XaiConfig>,

    #[serde(default)]
    pub anthropic: Option<AnthropicConfig>,

    #[serde(default)]
    pub ollama: Option<OllamaConfig>,

    #[serde(default)]
    pub claude_cli: Option<ClaudeCliConfig>,

    #[serde(default)]
    pub gemini_cli: Option<GeminiCliConfig>,

    #[serde(default)]
    pub codex_cli: Option<CodexCliConfig>,

    #[serde(default)]
    pub glm: Option<GlmConfig>,

    #[serde(default)]
    pub gemini: Option<GeminiConfig>,

    /// Generic OpenAI-compatible provider for any endpoint speaking the OpenAI Chat Completions API
    /// (OpenRouter, DeepSeek, Groq, vLLM, LiteLLM, Together AI, Fireworks, etc.)
    #[serde(default)]
    pub openai_compatible: Option<OpenAICompatibleConfig>,

    /// Google Vertex AI (service account key authentication)
    #[serde(default)]
    pub vertex: Option<VertexAiConfig>,

    /// OpenRouter convenience provider (auto-sets base_url)
    #[serde(default)]
    pub openrouter: Option<OpenRouterConfig>,
}

/// OpenRouter provider config — convenience wrapper for OpenAI-compatible
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct OpenRouterConfig {
    pub api_key: String,
}

/// Configuration for OpenAI-compatible providers (OpenRouter, DeepSeek, Groq, etc.)
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct OpenAICompatibleConfig {
    /// Base URL for the API endpoint (e.g., "https://openrouter.ai/api/v1")
    pub base_url: String,

    /// API key for authentication (supports ${ENV_VAR} expansion)
    pub api_key: String,

    /// Extra headers to include in every request (e.g., OpenRouter attribution)
    #[serde(default)]
    pub extra_headers: std::collections::HashMap<String, String>,
}

/// Configuration for Google Vertex AI (service account key authentication)
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct VertexAiConfig {
    /// Path to service account JSON key file (supports ~ and ${ENV_VAR} expansion)
    pub service_account_key: String,

    /// Google Cloud project ID (supports ${ENV_VAR} expansion)
    pub project_id: String,

    /// Regional endpoint location (default: "us-central1")
    #[serde(default = "default_vertex_location")]
    pub location: String,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct OpenAIConfig {
    pub api_key: String,

    #[serde(default = "default_openai_base_url")]
    pub base_url: String,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct XaiConfig {
    pub api_key: String,

    #[serde(default = "default_xai_base_url")]
    pub base_url: String,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct AnthropicConfig {
    pub api_key: String,

    #[serde(default = "default_anthropic_base_url")]
    pub base_url: String,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct OllamaConfig {
    #[serde(default = "default_ollama_endpoint")]
    pub endpoint: String,

    #[serde(default = "default_ollama_model")]
    pub model: String,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ClaudeCliConfig {
    #[serde(default = "default_claude_cli_command")]
    pub command: String,

    #[serde(default = "default_claude_cli_model")]
    pub model: String,

    /// Effort level passed to Claude CLI via --effort flag.
    /// Valid values: "low", "medium", "high", "max".
    #[serde(default = "default_claude_cli_effort")]
    pub effort: String,

    /// Optional MCP config JSON passed to Claude CLI via --strict-mcp-config --mcp-config.
    /// When set, overrides Claude CLI's own MCP server configuration, preventing it from
    /// spawning processes that may conflict with the caller (e.g., a second Bevy window
    /// when localgpt-gen is already running).
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub mcp_config_override: Option<String>,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct GeminiCliConfig {
    #[serde(default = "default_gemini_cli_command")]
    pub command: String,

    #[serde(default = "default_gemini_cli_model")]
    pub model: String,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct CodexCliConfig {
    #[serde(default = "default_codex_cli_command")]
    pub command: String,

    #[serde(default = "default_codex_cli_model")]
    pub model: String,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct GlmConfig {
    pub api_key: String,

    #[serde(default = "default_glm_base_url")]
    pub base_url: String,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct GeminiConfig {
    pub api_key: String,

    #[serde(default = "default_gemini_base_url")]
    pub base_url: String,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct HeartbeatConfig {
    #[serde(default = "default_true")]
    pub enabled: bool,

    #[serde(default = "default_interval")]
    pub interval: String,

    #[serde(default = "default_overdue_delay")]
    pub overdue_delay: String,

    /// Maximum duration for a single heartbeat run.
    /// If not set, defaults to half the heartbeat interval.
    /// Accepts the same format as `interval` (e.g., "15m", "1h").
    #[serde(default)]
    pub timeout: Option<String>,

    #[serde(default)]
    pub active_hours: Option<ActiveHours>,

    #[serde(default)]
    pub timezone: Option<String>,

    /// Dreaming configuration — background memory consolidation
    #[serde(default)]
    pub dreaming: crate::memory::dreaming::DreamingConfig,

    /// MCP server allowlist for heartbeat. Empty = all servers. Case-insensitive.
    #[serde(default)]
    pub mcp_servers: Vec<String>,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ActiveHours {
    pub start: String,
    pub end: String,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct MemoryConfig {
    /// Memory search backend: "sqlite" (default), "markdown", or "none"
    #[serde(default)]
    pub backend: MemoryBackendKind,

    #[serde(default = "default_workspace")]
    pub workspace: String,

    /// Embedding provider: "local" (fastembed, default), "openai", "gemini", or "none"
    #[serde(default = "default_embedding_provider")]
    pub embedding_provider: String,

    #[serde(default = "default_embedding_model")]
    pub embedding_model: String,

    /// Gemini API key for embeddings (supports ${ENV_VAR} syntax)
    #[serde(default)]
    pub gemini_api_key: Option<String>,

    /// Index completed session transcripts for memory_search (default: false)
    #[serde(default)]
    pub index_sessions: bool,

    /// Enable multimodal embeddings for images (requires gemini-embedding-2-preview model)
    #[serde(default)]
    pub multimodal_embeddings: bool,

    /// Cache directory for local embedding models (optional)
    /// Default: ~/.cache/localgpt/models
    /// Can also be set via FASTEMBED_CACHE_DIR environment variable
    #[serde(default = "default_embedding_cache_dir")]
    pub embedding_cache_dir: String,

    #[serde(default = "default_chunk_size")]
    pub chunk_size: usize,

    #[serde(default = "default_chunk_overlap")]
    pub chunk_overlap: usize,

    /// Additional paths to index (relative to workspace or absolute)
    /// Each path uses a glob pattern for file matching
    #[serde(default = "default_index_paths")]
    pub paths: Vec<MemoryIndexPath>,

    /// Maximum messages to save in session memory files (0 = unlimited)
    /// Similar to OpenClaw's hooks.session-memory.messages (default: 15)
    #[serde(default = "default_session_max_messages")]
    pub session_max_messages: usize,

    /// Maximum characters per message in session memory (0 = unlimited)
    /// Set to 0 to preserve full message content like OpenClaw
    #[serde(default)]
    pub session_max_chars: usize,

    /// Temporal decay factor for search scoring.
    /// Older memories get lower scores using: score * exp(-lambda * age_days)
    /// Default: 0.0 (disabled)
    /// 0.1 = ~50% penalty for 7-day old memory
    /// 0.05 = ~50% penalty for 14-day old memory
    #[serde(default)]
    pub temporal_decay_lambda: f64,

    /// Enable LLM-based query expansion for memory search.
    /// Costs one extra LLM call per search but produces better keywords
    /// from conversational queries. Default: false.
    #[serde(default)]
    pub llm_query_expansion: bool,

    /// Enable the Memory Wiki structured knowledge layer (claims, evidence, staleness).
    /// Default: false.
    #[serde(default)]
    pub wiki_enabled: bool,

    /// Days after last update before a wiki claim transitions from Fresh to Aging.
    /// Default: 30.
    #[serde(default = "default_wiki_fresh_days")]
    pub wiki_fresh_days: u32,

    /// Days after last update before a wiki claim transitions from Aging to Stale.
    /// Default: 90.
    #[serde(default = "default_wiki_stale_days")]
    pub wiki_stale_days: u32,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct MemoryIndexPath {
    pub path: String,
    #[serde(default = "default_pattern")]
    pub pattern: String,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ServerConfig {
    #[serde(default = "default_true")]
    pub enabled: bool,

    #[serde(default = "default_port")]
    pub port: u16,

    #[serde(default = "default_bind")]
    pub bind: String,

    /// Bearer token for API authentication.
    /// If set, all /api/* routes require Authorization: Bearer <token>.
    /// Supports ${ENV_VAR} expansion.
    /// If unset, auth is disabled (backward compatible for local-only use).
    #[serde(default)]
    pub auth_token: Option<String>,

    #[serde(default)]
    pub rate_limit: RateLimitConfig,

    /// Allowed CORS origins. If empty, defaults to localhost only (any port,
    /// http/https, 127.0.0.1, localhost, and [::1]).
    #[serde(default)]
    pub cors_origins: Vec<String>,

    /// Maximum request body size in bytes.
    /// Requests larger than this return 413 Payload Too Large.
    /// Default: 10MB
    #[serde(default = "default_max_request_body")]
    pub max_request_body: usize,

    /// HMAC-SHA256 secret for webhook signature verification.
    /// When set, incoming webhook requests must include X-Signature-256 header.
    /// Supports ${ENV_VAR} expansion.
    #[serde(default)]
    pub webhook_secret: Option<String>,

    /// Enable durable outbound message queue with retry on send failure.
    /// Default: false.
    #[serde(default)]
    pub outbox_enabled: bool,

    /// Maximum retry attempts for outbox messages. Default: 5.
    #[serde(default = "default_outbox_max_attempts")]
    pub outbox_max_attempts: i64,

    /// Days to retain delivered messages before cleanup. Default: 7.
    #[serde(default = "default_outbox_retain_days")]
    pub outbox_retain_days: u32,

    /// Enable auto-generated TLS certificates for HTTPS. Default: false.
    /// Requires the `tls` feature on localgpt-server.
    #[serde(default)]
    pub tls_enabled: bool,

    /// Directory for TLS certificate storage. Default: ~/.config/localgpt/certs
    #[serde(default = "default_tls_cert_dir")]
    pub tls_cert_dir: String,

    /// Regenerate certificates when they expire within this many days. Default: 30.
    #[serde(default = "default_tls_renew_threshold")]
    pub tls_renew_threshold_days: u32,
}

fn default_max_request_body() -> usize {
    10 * 1024 * 1024 // 10MB
}
fn default_outbox_max_attempts() -> i64 {
    5
}
fn default_outbox_retain_days() -> u32 {
    7
}
fn default_tls_cert_dir() -> String {
    if let Some(proj) = directories::ProjectDirs::from("app", "LocalGPT", "localgpt") {
        proj.config_dir()
            .join("certs")
            .to_string_lossy()
            .to_string()
    } else {
        "~/.config/localgpt/certs".to_string()
    }
}
fn default_tls_renew_threshold() -> u32 {
    30
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct RateLimitConfig {
    #[serde(default = "default_true")]
    pub enabled: bool,

    /// Maximum requests per minute per IP
    #[serde(default = "default_requests_per_minute")]
    pub requests_per_minute: u32,

    /// Burst allowance (extra requests above steady rate)
    #[serde(default = "default_burst")]
    pub burst: u32,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct LoggingConfig {
    #[serde(default = "default_log_level")]
    pub level: String,

    #[serde(default = "default_log_path", alias = "file")]
    pub path: String,

    /// Days to keep log files (0 = keep forever, no auto-deletion)
    #[serde(default)]
    pub retention_days: u32,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct TelegramConfig {
    #[serde(default)]
    pub enabled: bool,

    pub api_token: String,

    /// Optional Telegram forum topic ID for heartbeat/cron results.
    /// When set, heartbeat alerts are routed to this topic instead of the general thread.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub heartbeat_topic_id: Option<i32>,
}

#[derive(Debug, Clone, Default, Serialize, Deserialize)]
pub struct CronConfig {
    #[serde(default)]
    pub jobs: Vec<CronJob>,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct CronJob {
    pub name: String,

    /// Cron expression ("0 */6 * * *") or interval ("every 30m", "every 2h", "every 1d")
    pub schedule: String,

    /// Prompt to send to a fresh agent session
    pub prompt: String,

    /// Optional Telegram channel/chat to route output to
    #[serde(default)]
    pub channel: Option<String>,

    #[serde(default = "default_true")]
    pub enabled: bool,

    /// Timeout for the job (e.g., "5m", "1h"). Default: 10m
    #[serde(default = "default_cron_timeout")]
    pub timeout: String,

    /// MCP server allowlist for this job. Empty = all servers. Case-insensitive.
    #[serde(default)]
    pub mcp_servers: Vec<String>,
}

#[derive(Debug, Clone, Default, Serialize, Deserialize)]
pub struct HooksConfig {
    #[serde(default)]
    pub hooks: Vec<HookConfig>,
}

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct HookConfig {
    /// Unique name for this hook
    pub name: String,

    /// Event type: onMessage, onToolCall, onSessionStart, onSessionEnd, beforeToolCall, afterToolCall
    pub event: String,

    /// Command to execute (shell command)
    pub command: String,

    /// Optional filter (e.g., "tool:bash" for beforeToolCall)
    #[serde(default)]
    pub filter: Option<String>,

    /// Whether this hook is enabled
    #[serde(default = "default_true")]
    pub enabled: bool,
}

#[derive(Debug, Clone, Default, Serialize, Deserialize)]
pub struct McpConfig {
    #[serde(default)]
    pub servers: Vec<McpServerConfig>,
}

impl McpConfig {
    /// Filter servers by an allowlist. Empty allowlist returns all servers.
    /// Matching is case-insensitive.
    pub fn filter_servers(&self, allowlist: &[String]) -> Vec<McpServerConfig> {
        if allowlist.is_empty() {
            return self.servers.clone();
        }
        self.servers
            .iter()
            .filter(|s| {
                allowlist
                    .iter()
                    .any(|name| name.eq_ignore_ascii_case(&s.name))
            })
            .cloned()
            .collect()
    }
}

#[derive(Debug, Clone, Default, Serialize, Deserialize)]
pub struct McpServerConfig {
    /// Unique name for this MCP server (used in tool namespacing)
    #[serde(default)]
    pub name: String,

    /// Transport type: "stdio" or "sse"
    #[serde(default = "default_mcp_transport")]
    pub transport: String,

    /// Command to run for stdio transport
    pub command: Option<String>,

    /// Arguments for the stdio command
    #[serde(default)]
    pub args: Vec<String>,

    /// Environment variables for the subprocess
    #[serde(default)]
    pub env: std::collections::HashMap<String, String>,

    /// URL for SSE transport
    pub url: Option<String>,

    /// Whether this MCP server is enabled (default: true)
    #[serde(default = "default_true")]
    pub enabled: bool,
}

fn default_mcp_transport() -> String {
    "stdio".to_string()
}

// Default value functions
fn default_model() -> String {
    // Default to Claude CLI (uses existing Claude Code auth, no API key needed)
    "claude-cli/opus".to_string()
}
fn default_context_window() -> usize {
    128000
}
fn default_reserve_tokens() -> usize {
    8000
}
fn default_max_tokens() -> usize {
    4096
}
fn default_bash_timeout() -> u64 {
    30000 // 30 seconds
}
fn default_web_fetch_max_bytes() -> usize {
    10000
}
fn default_tool_output_max_chars() -> usize {
    50000 // 50k characters max for tool output by default
}
fn default_document_max_bytes() -> usize {
    10_485_760 // 10MB
}
fn default_media_cache_max_mb() -> u64 {
    100
}
fn default_browser_port() -> u16 {
    9222
}
fn default_sandbox_backend() -> String {
    "disabled".to_string()
}
fn default_image_max_dimension() -> u32 {
    1568 // Moltis-compatible, conservative for token cost
}
fn default_post_compaction_sections() -> Vec<String> {
    vec!["Session Startup".to_string(), "Red Lines".to_string()]
}
fn default_openai_base_url() -> String {
    "https://api.openai.com/v1".to_string()
}
fn default_xai_base_url() -> String {
    "https://api.x.ai/v1".to_string()
}
fn default_anthropic_base_url() -> String {
    "https://api.anthropic.com".to_string()
}
fn default_ollama_endpoint() -> String {
    "http://localhost:11434".to_string()
}
fn default_ollama_model() -> String {
    "llama3".to_string()
}
fn default_claude_cli_command() -> String {
    "claude".to_string()
}
fn default_claude_cli_model() -> String {
    "opus".to_string()
}
fn default_claude_cli_effort() -> String {
    "max".to_string()
}
fn default_gemini_cli_command() -> String {
    "gemini".to_string()
}
fn default_gemini_cli_model() -> String {
    "gemini-3.1-pro-preview".to_string()
}
fn default_codex_cli_command() -> String {
    "codex".to_string()
}
fn default_codex_cli_model() -> String {
    "o4-mini".to_string()
}
fn default_glm_base_url() -> String {
    "https://api.z.ai/api/coding/paas/v4".to_string()
}
fn default_gemini_base_url() -> String {
    "https://generativelanguage.googleapis.com".to_string()
}
fn default_vertex_location() -> String {
    "us-central1".to_string()
}
fn default_true() -> bool {
    true
}
fn default_interval() -> String {
    "30m".to_string()
}

fn default_overdue_delay() -> String {
    "1m".to_string()
}
fn default_workspace() -> String {
    format!("{}/workspace", DEFAULT_DATA_DIR_STR)
}
fn default_embedding_provider() -> String {
    "local".to_string() // Local embeddings via fastembed (no API key needed)
}
fn default_embedding_model() -> String {
    "all-MiniLM-L6-v2".to_string() // Local model via fastembed (no API key needed)
}
fn default_embedding_cache_dir() -> String {
    crate::paths::DEFAULT_CACHE_DIR_STR.to_string() + "/embeddings"
}
fn default_chunk_size() -> usize {
    400
}
fn default_chunk_overlap() -> usize {
    80
}
fn default_index_paths() -> Vec<MemoryIndexPath> {
    vec![MemoryIndexPath {
        path: "knowledge".to_string(),
        pattern: "**/*.md".to_string(),
    }]
}
fn default_pattern() -> String {
    "**/*.md".to_string()
}
fn default_session_max_messages() -> usize {
    15 // Match OpenClaw's default
}
fn default_wiki_fresh_days() -> u32 {
    30
}
fn default_wiki_stale_days() -> u32 {
    90
}
fn default_port() -> u16 {
    31327
}
fn default_cron_timeout() -> String {
    "10m".to_string()
}
fn default_requests_per_minute() -> u32 {
    60
}
fn default_burst() -> u32 {
    10
}
fn default_bind() -> String {
    "127.0.0.1".to_string()
}
fn default_log_level() -> String {
    "info".to_string()
}
fn default_log_path() -> String {
    format!("{}/logs", DEFAULT_STATE_DIR_STR)
}
fn default_sandbox_level() -> String {
    "auto".to_string()
}
fn default_sandbox_timeout() -> u64 {
    120
}
fn default_sandbox_max_output() -> u64 {
    1_048_576 // 1MB
}
fn default_sandbox_max_file_size() -> u64 {
    52_428_800 // 50MB
}
fn default_sandbox_max_processes() -> u32 {
    64
}
fn default_sandbox_network_policy() -> String {
    "deny".to_string()
}
fn default_cache_ttl() -> u64 {
    900 // 15 minutes
}
fn default_max_results() -> u8 {
    5
}
fn default_basic() -> String {
    "basic".to_string()
}
fn default_sonar() -> String {
    "sonar".to_string()
}

impl Default for AgentConfig {
    fn default() -> Self {
        Self {
            default_model: default_model(),
            context_window: default_context_window(),
            reserve_tokens: default_reserve_tokens(),
            max_tokens: default_max_tokens(),
            max_spawn_depth: Some(1),    // Single-level spawning by default
            subagent_model: None,        // Use default_model if not specified
            fallback_models: Vec::new(), // No fallbacks by default
            max_tool_repeats: default_max_tool_repeats(), // Loop detection threshold
            max_tool_errors: default_max_tool_errors(), // Error spiral detection
            tool_retry_on_malformed: true,
            session_max_age: default_session_max_age(), // 30 days
            session_max_count: default_session_max_count(), // 500 sessions
            post_compaction_sections: default_post_compaction_sections(),
            checkpoints_enabled: true,
            max_checkpoints: default_max_checkpoints(),
            active_memory: Default::default(),
            permission_level: default_permission_level(),
            auto_approve_loopback: true,
        }
    }
}

impl Default for ToolsConfig {
    fn default() -> Self {
        Self {
            bash_timeout_ms: default_bash_timeout(),
            web_fetch_max_bytes: default_web_fetch_max_bytes(),
            require_approval: Vec::new(),
            tool_output_max_chars: default_tool_output_max_chars(),
            log_injection_warnings: default_true(),
            use_content_delimiters: default_true(),
            web_search: None,
            document_loaders: None,
            document_max_bytes: default_document_max_bytes(),
            stt: None,
            image_max_dimension: default_image_max_dimension(),
            media_cache_enabled: true,
            media_cache_max_mb: default_media_cache_max_mb(),
            browser_enabled: false,
            browser_port: default_browser_port(),
            filters: std::collections::HashMap::new(),
        }
    }
}

impl Default for HeartbeatConfig {
    fn default() -> Self {
        Self {
            enabled: default_true(),
            interval: default_interval(),
            overdue_delay: default_overdue_delay(),
            timeout: None,
            active_hours: None,
            timezone: None,
            dreaming: Default::default(),
            mcp_servers: Vec::new(),
        }
    }
}

impl Default for MemoryConfig {
    fn default() -> Self {
        Self {
            backend: MemoryBackendKind::default(),
            workspace: default_workspace(),
            embedding_provider: default_embedding_provider(),
            embedding_model: default_embedding_model(),
            embedding_cache_dir: default_embedding_cache_dir(),
            chunk_size: default_chunk_size(),
            chunk_overlap: default_chunk_overlap(),
            paths: default_index_paths(),
            session_max_messages: default_session_max_messages(),
            session_max_chars: 0, // 0 = unlimited (preserve full content like OpenClaw)
            temporal_decay_lambda: 0.0, // Disabled by default
            gemini_api_key: None,
            index_sessions: false,
            multimodal_embeddings: false,
            llm_query_expansion: false,
            wiki_enabled: false,
            wiki_fresh_days: default_wiki_fresh_days(),
            wiki_stale_days: default_wiki_stale_days(),
        }
    }
}

impl Default for ServerConfig {
    fn default() -> Self {
        Self {
            enabled: default_true(),
            port: default_port(),
            bind: default_bind(),
            auth_token: None,
            rate_limit: RateLimitConfig::default(),
            cors_origins: Vec::new(),
            max_request_body: default_max_request_body(),
            webhook_secret: None,
            outbox_enabled: false,
            outbox_max_attempts: default_outbox_max_attempts(),
            outbox_retain_days: default_outbox_retain_days(),
            tls_enabled: false,
            tls_cert_dir: default_tls_cert_dir(),
            tls_renew_threshold_days: default_tls_renew_threshold(),
        }
    }
}

impl Default for RateLimitConfig {
    fn default() -> Self {
        Self {
            enabled: default_true(),
            requests_per_minute: default_requests_per_minute(),
            burst: default_burst(),
        }
    }
}

impl Default for LoggingConfig {
    fn default() -> Self {
        Self {
            level: default_log_level(),
            path: default_log_path(),
            retention_days: 0, // 0 = keep forever
        }
    }
}

impl Config {
    pub fn load() -> Result<Self> {
        let paths = Paths::resolve()?;
        paths.ensure_dirs()?;
        let path = paths.config_file();

        if !path.exists() {
            // Create default config file on first run
            let config = Config {
                paths,
                ..Config::default()
            };
            config.save_with_template()?;
            return Ok(config);
        }

        let content = fs::read_to_string(&path)?;
        let mut config: Config = toml::from_str(&content)?;
        config.paths = paths;

        // Expand environment variables in API keys
        config.expand_env_vars();

        // Apply deprecated memory.workspace override if set and LOCALGPT_WORKSPACE not set
        if config.memory.workspace != default_workspace()
            && std::env::var(LOCALGPT_WORKSPACE).is_err()
        {
            let expanded = shellexpand::tilde(&config.memory.workspace);
            let ws_path = PathBuf::from(expanded.to_string());
            if ws_path.is_absolute() {
                config.paths.workspace = ws_path;
            }
        }

        Ok(config)
    }

    /// Load (or create default) config with all directories rooted under `data_dir`.
    ///
    /// Mobile apps use this instead of `load()` since they don't have XDG dirs.
    pub fn load_from_dir(data_dir: &str) -> Result<Self> {
        let paths = Paths::from_root(data_dir);
        paths.ensure_dirs()?;
        let path = paths.config_file();

        if !path.exists() {
            let config = Config {
                paths,
                ..Config::default()
            };
            config.save()?;
            return Ok(config);
        }

        let content = fs::read_to_string(&path)?;
        let mut config: Config = toml::from_str(&content)?;
        config.paths = paths;
        config.expand_env_vars();
        Ok(config)
    }

    pub fn save(&self) -> Result<()> {
        let path = self.paths.config_file();

        // Create parent directories
        if let Some(parent) = path.parent() {
            fs::create_dir_all(parent)?;
        }

        let content = toml::to_string_pretty(self)?;
        fs::write(&path, content)?;

        Ok(())
    }

    /// Save config with a helpful template (for first-time setup)
    pub fn save_with_template(&self) -> Result<()> {
        let path = self.paths.config_file();

        // Create parent directories
        if let Some(parent) = path.parent() {
            fs::create_dir_all(parent)?;
        }

        fs::write(&path, DEFAULT_CONFIG_TEMPLATE)?;
        eprintln!("Created default config at {}", path.display());

        Ok(())
    }

    pub fn config_path() -> Result<PathBuf> {
        let paths = Paths::resolve()?;
        Ok(paths.config_file())
    }

    fn expand_env_vars(&mut self) {
        if let Some(ref mut openai) = self.providers.openai {
            openai.api_key = expand_env(&openai.api_key);
        }
        if let Some(ref mut xai) = self.providers.xai {
            xai.api_key = expand_env(&xai.api_key);
        }
        if let Some(ref mut anthropic) = self.providers.anthropic {
            anthropic.api_key = expand_env(&anthropic.api_key);
        }
        if let Some(ref mut telegram) = self.telegram {
            telegram.api_token = expand_env(&telegram.api_token);
        }
        if let Some(ref mut ws) = self.tools.web_search
            && let Some(ref mut brave) = ws.brave
        {
            brave.api_key = expand_env(&brave.api_key);
        }
        if let Some(ref mut ws) = self.tools.web_search
            && let Some(ref mut tavily) = ws.tavily
        {
            tavily.api_key = expand_env(&tavily.api_key);
        }
        if let Some(ref mut ws) = self.tools.web_search
            && let Some(ref mut perplexity) = ws.perplexity
        {
            perplexity.api_key = expand_env(&perplexity.api_key);
        }
        if let Some(ref mut gemini) = self.providers.gemini {
            gemini.api_key = expand_env(&gemini.api_key);
        }
        if let Some(ref mut openrouter) = self.providers.openrouter {
            openrouter.api_key = expand_env(&openrouter.api_key);
        }
        if let Some(ref mut openai_compat) = self.providers.openai_compatible {
            openai_compat.api_key = expand_env(&openai_compat.api_key);
            openai_compat.base_url = expand_env(&openai_compat.base_url);
        }
        if let Some(ref mut vertex) = self.providers.vertex {
            vertex.service_account_key = expand_env(&vertex.service_account_key);
            vertex.project_id = expand_env(&vertex.project_id);
        }
        if let Some(ref mut gemini_key) = self.memory.gemini_api_key {
            *gemini_key = expand_env(gemini_key);
        }
        if let Some(ref mut auth_token) = self.server.auth_token {
            *auth_token = expand_env(auth_token);
        }
        if let Some(ref mut webhook_secret) = self.server.webhook_secret {
            *webhook_secret = expand_env(webhook_secret);
        }
    }

    pub fn get_value(&self, key: &str) -> Result<String> {
        let parts: Vec<&str> = key.split('.').collect();

        match parts.as_slice() {
            ["agent", "default_model"] => Ok(self.agent.default_model.clone()),
            ["agent", "context_window"] => Ok(self.agent.context_window.to_string()),
            ["agent", "reserve_tokens"] => Ok(self.agent.reserve_tokens.to_string()),
            ["heartbeat", "enabled"] => Ok(self.heartbeat.enabled.to_string()),
            ["heartbeat", "interval"] => Ok(self.heartbeat.interval.clone()),
            ["server", "enabled"] => Ok(self.server.enabled.to_string()),
            ["server", "port"] => Ok(self.server.port.to_string()),
            ["server", "bind"] => Ok(self.server.bind.clone()),
            ["memory", "workspace"] => Ok(self.memory.workspace.clone()),
            ["logging", "level"] => Ok(self.logging.level.clone()),
            _ => anyhow::bail!("Unknown config key: {}", key),
        }
    }

    pub fn set_value(&mut self, key: &str, value: &str) -> Result<()> {
        let parts: Vec<&str> = key.split('.').collect();

        match parts.as_slice() {
            ["agent", "default_model"] => self.agent.default_model = value.to_string(),
            ["agent", "context_window"] => self.agent.context_window = value.parse()?,
            ["agent", "reserve_tokens"] => self.agent.reserve_tokens = value.parse()?,
            ["heartbeat", "enabled"] => self.heartbeat.enabled = value.parse()?,
            ["heartbeat", "interval"] => self.heartbeat.interval = value.to_string(),
            ["server", "enabled"] => self.server.enabled = value.parse()?,
            ["server", "port"] => self.server.port = value.parse()?,
            ["server", "bind"] => self.server.bind = value.to_string(),
            ["memory", "workspace"] => self.memory.workspace = value.to_string(),
            ["logging", "level"] => self.logging.level = value.to_string(),
            _ => anyhow::bail!("Unknown config key: {}", key),
        }

        Ok(())
    }

    /// Get workspace path from resolved Paths.
    ///
    /// Resolution is handled by `Paths::resolve()`:
    /// 1. LOCALGPT_WORKSPACE env var (absolute path override)
    /// 2. LOCALGPT_PROFILE env var (creates workspace-{profile} under data_dir)
    /// 3. memory.workspace from config file (deprecated compat)
    /// 4. Default: data_dir/workspace
    pub fn workspace_path(&self) -> PathBuf {
        self.paths.workspace.clone()
    }
}

fn expand_env(s: &str) -> String {
    if let Some(var_name) = s.strip_prefix("${").and_then(|s| s.strip_suffix('}')) {
        std::env::var(var_name).unwrap_or_else(|_| s.to_string())
    } else if let Some(var_name) = s.strip_prefix('$') {
        std::env::var(var_name).unwrap_or_else(|_| s.to_string())
    } else {
        s.to_string()
    }
}

/// Default config template with helpful comments (used for first-time setup)
const DEFAULT_CONFIG_TEMPLATE: &str = r#"# LocalGPT Configuration
# Auto-created on first run. Edit as needed.

[agent]
# Default model: claude-cli/opus, anthropic/claude-sonnet-4-5, openai/gpt-4o, xai/grok-3-mini, etc.
default_model = "claude-cli/opus"
context_window = 128000
reserve_tokens = 8000

# Spawn agent (subagent) configuration
# max_spawn_depth = 1            # 0 = disabled, 1 = single level (default)
# subagent_model = "claude-cli/sonnet"  # Model for subagents (default: same as default_model)

# Failover configuration (optional)
# Automatically try fallback models if primary fails with retryable errors
# (rate limits, server errors, timeouts). Providers tried in order.
# fallback_models = ["openai/gpt-4o", "ollama/llama3"]

# Loop detection (optional)
# Maximum times the same tool can be called with identical arguments
# before detection triggers. Default: 3. Set to 0 to disable.
# max_tool_repeats = 3

# Anthropic API (for anthropic/* models)
# [providers.anthropic]
# api_key = "${ANTHROPIC_API_KEY}"

# OpenAI API (for openai/* models)
# [providers.openai]
# api_key = "${OPENAI_API_KEY}"

# xAI API (for xai/* models)
# [providers.xai]
# api_key = "${XAI_API_KEY}"
# base_url = "https://api.x.ai/v1"

# OpenAI-Compatible provider (OpenRouter, DeepSeek, Groq, vLLM, LiteLLM, etc.)
# [providers.openai_compatible]
# base_url = "https://openrouter.ai/api/v1"
# api_key = "${OPENROUTER_API_KEY}"
# # Optional extra headers (e.g., OpenRouter attribution)
# extra_headers = { "HTTP-Referer" = "https://localgpt.app", "X-Title" = "LocalGPT" }
# # Use with: localgpt chat --model openai-compat/deepseek-chat

# Claude CLI (for claude-cli/* models, requires claude CLI installed)
[providers.claude_cli]
command = "claude"

[heartbeat]
enabled = true
interval = "30m"

# Maximum wall-clock time for a single heartbeat run (optional).
# If the heartbeat LLM turn exceeds this deadline it is cancelled and
# a TimedOut event is recorded so the next interval can run on schedule.
# Defaults to half the interval (e.g., "15m" when interval = "30m").
# timeout = "15m"

# Only run during these hours (optional)
# [heartbeat.active_hours]
# start = "09:00"
# end = "22:00"

[memory]
# Workspace directory for memory files (MEMORY.md, HEARTBEAT.md, etc.)
# Default: XDG data dir (~/.local/share/localgpt/workspace)
# Override with environment variables:
#   LOCALGPT_WORKSPACE=/path/to/workspace  - absolute path override
#   LOCALGPT_PROFILE=work                  - uses data_dir/workspace-work
# workspace = "~/.local/share/localgpt/workspace"

# Session memory settings (for /new command)
# session_max_messages = 15    # Max messages to save (0 = unlimited)
# session_max_chars = 0        # Max chars per message (0 = unlimited, preserves full content)

[server]
enabled = true
port = 31327
bind = "127.0.0.1"
# Optional bearer token for API authentication
# auth_token = "${LOCALGPT_AUTH_TOKEN}"
# Allowed CORS origins. If empty (default), allows localhost only (any port).
# cors_origins = ["https://myapp.example.com", "http://localhost:5173"]

[logging]
level = "info"

# Shell sandbox (kernel-enforced isolation for LLM-generated commands)
# [sandbox]
# enabled = true                        # default: true
# level = "auto"                        # auto | full | standard | minimal | none
# timeout_secs = 120                    # default: 120
# max_output_bytes = 1048576            # default: 1MB
#
# [sandbox.allow_paths]
# read = ["/data/datasets"]             # additional read-only paths
# write = ["/tmp/builds"]               # additional writable paths
#
# [sandbox.network]
# policy = "deny"                       # deny | proxy

# Web search (optional)
# [tools.web_search]
# provider = "searxng"            # searxng | brave | tavily | perplexity | none
# cache_enabled = true
# cache_ttl = 900                 # seconds (default: 15 min)
# max_results = 5                 # 1-10
# prefer_native = true            # prefer native provider search when available
#
# [tools.web_search.searxng]
# base_url = "http://localhost:8080"
# categories = "general"
# language = "en"
#
# [tools.web_search.brave]
# api_key = "${BRAVE_API_KEY}"
#
# [tools.web_search.tavily]
# api_key = "${TAVILY_API_KEY}"
# search_depth = "basic"          # basic | advanced
# include_answer = true
#
# [tools.web_search.perplexity]
# api_key = "${PERPLEXITY_API_KEY}"
# model = "sonar"

# Telegram bot (optional)
# [telegram]
# enabled = true
# api_token = "${TELEGRAM_BOT_TOKEN}"
"#;

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_mcp_server_config_enabled_default() {
        // Deserialize without 'enabled' field — should default to true
        let toml_str = r#"
            name = "test-server"
            transport = "stdio"
            command = "echo"
        "#;
        let config: McpServerConfig = toml::from_str(toml_str).unwrap();
        assert_eq!(config.name, "test-server");
        assert!(config.enabled);
    }

    #[test]
    fn test_mcp_server_config_enabled_explicit_false() {
        let toml_str = r#"
            name = "disabled-server"
            transport = "stdio"
            command = "echo"
            enabled = false
        "#;
        let config: McpServerConfig = toml::from_str(toml_str).unwrap();
        assert_eq!(config.name, "disabled-server");
        assert!(!config.enabled);
    }

    #[test]
    fn test_mcp_server_config_enabled_explicit_true() {
        let toml_str = r#"
            name = "enabled-server"
            transport = "stdio"
            command = "echo"
            enabled = true
        "#;
        let config: McpServerConfig = toml::from_str(toml_str).unwrap();
        assert!(config.enabled);
    }

    #[test]
    fn test_mcp_server_config_roundtrip() {
        let config = McpServerConfig {
            name: "roundtrip".to_string(),
            transport: "stdio".to_string(),
            command: Some("test-cmd".to_string()),
            args: vec!["--flag".to_string()],
            env: std::collections::HashMap::new(),
            url: None,
            enabled: false,
        };
        let serialized = toml::to_string(&config).unwrap();
        assert!(serialized.contains("enabled = false"));

        let deserialized: McpServerConfig = toml::from_str(&serialized).unwrap();
        assert_eq!(deserialized.name, "roundtrip");
        assert!(!deserialized.enabled);
    }

    #[test]
    fn test_mcp_config_with_mixed_enabled() {
        let toml_str = r#"
            [[servers]]
            name = "active"
            transport = "stdio"
            command = "echo"
            enabled = true

            [[servers]]
            name = "inactive"
            transport = "stdio"
            command = "echo"
            enabled = false

            [[servers]]
            name = "default"
            transport = "sse"
            url = "http://localhost:8080"
        "#;
        let config: McpConfig = toml::from_str(toml_str).unwrap();
        assert_eq!(config.servers.len(), 3);
        assert!(config.servers[0].enabled);
        assert!(!config.servers[1].enabled);
        assert!(config.servers[2].enabled); // default
    }

    #[test]
    fn test_mcp_filter_servers_empty_allows_all() {
        let config = McpConfig {
            servers: vec![
                McpServerConfig {
                    name: "server-a".to_string(),
                    ..Default::default()
                },
                McpServerConfig {
                    name: "server-b".to_string(),
                    ..Default::default()
                },
            ],
        };
        let filtered = config.filter_servers(&[]);
        assert_eq!(filtered.len(), 2);
    }

    #[test]
    fn test_mcp_filter_servers_allowlist() {
        let config = McpConfig {
            servers: vec![
                McpServerConfig {
                    name: "memory-server".to_string(),
                    ..Default::default()
                },
                McpServerConfig {
                    name: "bash-server".to_string(),
                    ..Default::default()
                },
                McpServerConfig {
                    name: "web-server".to_string(),
                    ..Default::default()
                },
            ],
        };
        let filtered = config.filter_servers(&["memory-server".to_string()]);
        assert_eq!(filtered.len(), 1);
        assert_eq!(filtered[0].name, "memory-server");
    }

    #[test]
    fn test_mcp_filter_servers_case_insensitive() {
        let config = McpConfig {
            servers: vec![McpServerConfig {
                name: "Memory-Server".to_string(),
                ..Default::default()
            }],
        };
        let filtered = config.filter_servers(&["memory-server".to_string()]);
        assert_eq!(filtered.len(), 1);
    }
}