; ─────────────────────────────────────────────────────────────
; WASL — Production PHP settings
; Conservative limits, security-focused, opcache optimized
; ─────────────────────────────────────────────────────────────

; Errors: NEVER display in production (financial system)
display_errors = Off
display_startup_errors = Off
log_errors = On
error_log = /dev/stderr
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT

; Performance
memory_limit = 512M
max_execution_time = 30
max_input_time = 60
max_input_vars = 3000
post_max_size = 20M
upload_max_filesize = 10M

; OPcache — critical for production performance
opcache.enable = 1
opcache.enable_cli = 1
opcache.memory_consumption = 256
opcache.max_accelerated_files = 20000
opcache.validate_timestamps = 0
opcache.revalidate_freq = 2
opcache.interned_strings_buffer = 32
opcache.fast_shutdown = 1
opcache.jit = tracing
opcache.jit_buffer_size = 64M

; Realpath cache (improves file inclusion performance)
realpath_cache_size = 4096K
realpath_cache_ttl = 600

; Session hardening
session.cookie_httponly = 1
session.cookie_secure = 1
session.cookie_samesite = "Strict"
session.use_strict_mode = 1
session.gc_maxlifetime = 1200

; Exposure
expose_php = Off

; Date
date.timezone = Asia/Damascus

; Swoole runtime config
swoole.enable_library = On
swoole.enable_preemptive_scheduler = On

; Disable functions that could be abused
disable_functions = exec,passthru,shell_exec,system,proc_open,popen,curl_multi_exec,parse_ini_file,show_source