# Audit Trail Configuration
#
# Configures change tracking and audit logging including:
# - What events to track
# - Audit retention policies
# - Compliance settings

[audit]
# Enable audit trail feature
enabled = true

# What to track
[audit.tracking]
# Track project changes
track_projects = true

# Track task changes
track_tasks = true

# Track phase transitions
track_phases = true

# Track user actions
track_user_actions = true

# Track configuration changes
track_config_changes = true

# Track authentication events
track_auth_events = true

# Audit log retention
[audit.retention]
# Retention period in days (0 = forever)
retention_days = 0

# Archive logs after days
archive_after_days = 90

# Automatically delete old logs (requires explicit setting)
auto_delete_enabled = false

# Days before auto-deletion
delete_after_days = 365

# Audit log storage
[audit.storage]
# Store audit logs in database
store_in_database = true

# Also write to file (for redundancy)
write_to_file = false

# Audit log file location (relative to data dir)
log_file_path = "audit.log"

# Rotate log files
rotate_logs = true

# Maximum log file size in MB
max_log_size_mb = 100

# Audit filtering
[audit.filtering]
# Exclude system users from audit
exclude_system_users = true

# Exclude routine operations (e.g., status checks)
exclude_routine_ops = false

# Only log specified event types (empty = all)
whitelist_events = []

# Exclude specified event types
blacklist_events = []

# Audit reporting
[audit.reporting]
# Enable audit reports
reports_enabled = true

# Schedule audit report generation
report_schedule = "daily"  # Options: hourly, daily, weekly, monthly

# Email audit reports
email_reports = false

# Compliance mode (stricter logging)
[audit.compliance]
# Enable compliance mode
enabled = false

# Require audit signatures
require_signatures = false

# Tamper detection
enable_tamper_detection = false

# Encryption key for audit logs (if using tamper detection)
# encryption_key = "..."