"""
DSS Configuration Management

Public configuration values are safe to expose to the client via /api/config.
Private configuration values (secrets, API keys) must NEVER be exposed.

Configuration follows 12-Factor App methodology:
- Load from environment variables first
- Fallback to sensible defaults for local development
"""

import os

# ========== PUBLIC CONFIGURATION ==========
# These values are safe to expose to the client browser

DSS_HOST = os.environ.get("DSS_HOST", "localhost")
"""
The DSS host/domain where the application is running.
Used by clients to access Storybook and other external services.
Examples: "localhost", "dss.example.com", "dss.overbits.luz.uy"
"""

DSS_PORT = os.environ.get("DSS_PORT", "3456")
"""The port DSS API is running on (for API calls from client)."""

STORYBOOK_PORT = 6006
"""Storybook runs on standard port 6006 (derived from DSS_HOST in frontend)."""


# ========== PRIVATE CONFIGURATION ==========
# These values must NEVER be exposed to the client

FIGMA_API_KEY = os.environ.get("FIGMA_API_KEY")
"""Figma API key - kept server-side, never exposed to client."""

DATABASE_URL = os.environ.get("DATABASE_URL", "sqlite:///.dss/design_system.db")
"""Database connection string."""

DEBUG = os.environ.get("DEBUG", "false").lower() == "true"
"""Enable debug mode."""


def get_public_config():
    """
    Returns a dictionary of public configuration safe for the client.
    This is the ONLY function that exposes config to /api/config endpoint.
    """
    return {
        "dssHost": DSS_HOST,
        "dssPort": DSS_PORT,
        "storybookPort": STORYBOOK_PORT,
    }