:80 {
    # Set root to the built site files
    root * /usr/share/caddy

    # Enable file serving
    file_server

    # Enable compression
    encode gzip

    # Security headers
    header {
        X-Frame-Options "SAMEORIGIN"
        X-XSS-Protection "1; mode=block"
        X-Content-Type-Options "nosniff"
        Referrer-Policy "no-referrer-when-downgrade"
        Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self'; connect-src 'self';"
        X-TigerStyle-Docs "Whiskers Privacy Compliance Documentation"
    }

    # Cache static assets
    @static {
        path *.js *.css *.png *.jpg *.jpeg *.gif *.ico *.svg *.woff *.woff2 *.ttf *.eot
    }
    header @static {
        Cache-Control "public, max-age=31536000, immutable"
    }

    # Health check endpoint
    handle /health {
        header Content-Type "text/plain"
        respond "healthy" 200
    }

    # Handle SPA routing - try files first, then fallback to index.html
    try_files {path} {path}/ /index.html

    # Logging for debugging
    log {
        output stdout
        format console
    }
}