# Microsoft Azure App Registration Credentials
# Get these from Azure Portal > App Registrations > Your App

# Application (client) ID from Azure Portal
OUTLOOK_CLIENT_ID=your-client-id-here

# Client secret VALUE (not the secret ID) from Azure Portal > Certificates & secrets
OUTLOOK_CLIENT_SECRET=your-client-secret-here

# Backwards-compatible aliases (also accepted):
# MS_CLIENT_ID=your-client-id-here
# MS_CLIENT_SECRET=your-client-secret-here

# Optional: Enable test mode with mock data (true/false)
USE_TEST_MODE=false

# Optional: Safety controls for send-email
# Maximum emails that can be sent per server session (0 = unlimited)
# OUTLOOK_MAX_EMAILS_PER_SESSION=10

# Restrict sending to specific domains/addresses (comma-separated)
# OUTLOOK_ALLOWED_RECIPIENTS=mycompany.com,partner@example.com

# Optional: Enable immutable IDs (IDs persist through folder moves)
# OUTLOOK_IMMUTABLE_IDS=true

# Optional: Default authentication method (device-code or browser)
# device-code: No auth server needed, works remotely/headless
# browser: Traditional OAuth redirect via localhost:3333
# OUTLOOK_AUTH_METHOD=device-code

# Optional: OAuth audience — controls which Microsoft Identity Platform
# endpoint is used. Must match the Azure app registration's "Supported
# account types" setting:
#   common         — personal AND work/school accounts (default; multi-tenant + personal apps)
#   consumers      — personal Microsoft accounts only
#   organizations  — work/school accounts only
#   <tenant-guid>  — single-tenant
# Example: OUTLOOK_AUTH_AUDIENCE=consumers   (for personal-account-only apps)
# OUTLOOK_AUTH_AUDIENCE=common

# Optional: Default timezone for calendar events when not explicitly
# specified by the caller. Use any IANA timezone identifier.
# Default: Australia/Melbourne
# Examples:
#   OUTLOOK_DEFAULT_TIMEZONE=Europe/London
#   OUTLOOK_DEFAULT_TIMEZONE=America/New_York
#   OUTLOOK_DEFAULT_TIMEZONE=Asia/Tokyo
# OUTLOOK_DEFAULT_TIMEZONE=Australia/Melbourne