config cve-triage 'main'
	option enabled '1'
	option interval '3600'
	option localai_url 'http://127.0.0.1:8081'
	option localai_model 'tinyllama-1.1b-chat-v1.0.Q4_K_M'

	# Only triage CVEs with severity >= this level (low/medium/high/critical)
	option min_severity 'high'

	# Only report CVEs affecting installed packages
	option affected_only '1'

	# Auto-apply patches (0=queue for approval, 1=auto-apply)
	option auto_apply_patches '0'

	# Minimum confidence score (0-100) for auto-actions
	option min_confidence '80'

	# Maximum recommendations per cycle
	option max_recommendations '10'

# CVE data sources
config source 'nvd'
	option enabled '1'
	option type 'nvd_api'
	option url 'https://services.nvd.nist.gov/rest/json/cves/2.0'
	option cache_hours '24'

config source 'crowdsec_cve'
	option enabled '1'
	option type 'crowdsec'
	option filter_cve '1'

config source 'openwrt_sa'
	option enabled '1'
	option type 'openwrt_security'
	option url 'https://openwrt.org/advisory/start'

# Package sources to monitor
config packages 'opkg'
	option enabled '1'
	option type 'opkg'

config packages 'lxc'
	option enabled '1'
	option type 'lxc_packages'

config packages 'docker'
	option enabled '1'
	option type 'docker_images'

# Output targets
config target 'recommendations'
	option enabled '1'
	option path '/var/lib/cve-triage/recommendations.json'

config target 'alerts'
	option enabled '1'
	option path '/var/lib/cve-triage/alerts.json'

# Queue for pending actions (approval workflow)
config queue 'pending'
	option path '/var/lib/cve-triage/pending_actions.json'