# Bugsink (Sentry-compatible DSN from bugsink.aexoradao.com project settings)
BUGSINK_DSN=

# Authentik / OIDC (configured on Coolify proxy; app trusts forwarded headers)
AUTHENTIK_ISSUER=https://auth.aexoradao.com/application/o/quant-web/
OIDC_ISSUER=https://auth.aexoradao.com/application/o/quant-web/
AUTHENTIK_OUTPOST_URL=https://auth.aexoradao.com/outpost.goauthentik.io/auth/traefik
OIDC_CLIENT_ID=quant-web
AUTH_USERNAME_HEADER=X-Forwarded-User
AUTH_UID_HEADER=X-Authentik-Uid
AUTH_EMAIL_HEADER=X-Forwarded-Email
AUTH_REQUIRED=true

# Local dev only when AUTH_REQUIRED=false
DEV_USER=dev@local

# Core tickers (comma-separated)
CORE_TICKERS=SPY,QQQ,AAPL,MSFT,GOOGL,AMZN,NVDA,META,IWM,TLT

# Historical seed window (years)
SEED_YEARS=5