# CIS490 receiver — copy to /etc/cis490/receiver.toml and edit.

listen_addr = "127.0.0.1:8444"
store_root = "/var/lib/cis490/episodes"
incoming_root = "/var/lib/cis490/incoming"
index_path = "/var/lib/cis490/index.jsonl"

[limits]
max_episode_bytes = 268_435_456    # 256 MiB

# Optional: require a bearer token on every PUT.
# In production, prefer mTLS via Caddy (see docs/deploy.md). The bearer token
# is for dev testing or as a belt-and-suspenders alongside mTLS.
# [auth]
# bearer_token = "REPLACE_ME_WITH_SECRET"

# Code-version gate. Every PUT must carry X-Cis490-Code-Commit and that
# commit must be in the receiver's allow-list. The allow-list is the
# last `window` commits of `repo_path` (auto-refreshed every 5s, so a
# `git pull` on the Pi makes new commits acceptable instantly). This
# keeps episodes from out-of-date lab hosts out of the index.
[version_gate]
enabled = true
window  = 100
# Production: hit the local Forgejo for the canonical commit list. The
# maintainer pushes to this repo; lab hosts pull from it. When the
# receiver checks each PUT it sees the same commits the lab hosts
# would see if they pulled at the same instant.
forgejo_url = "http://10.100.0.1:3000"
repo_owner  = "spectral"
repo_name   = "CIS490"
branch      = "main"
# Optional Forgejo token for private repos; remove for public.
# auth_token = "..."
#
# Optional local-git fallback. When BOTH forgejo_url and
# local_repo_path are set, the gate first asks Forgejo; if that fails
# (e.g. simultaneous restart of receiver + Forgejo on the same Pi) it
# falls back to `git log` against this checkout instead of locking
# out every shipper. When forgejo_url is unset, this is the only
# backend.
#
# Auto-detected: if you don't set this, the receiver checks for
# /opt/cis490/.git at startup and uses that path when present.
# local_repo_path = "/opt/cis490"