import type { GuardConfig } from "./types.ts";

export const DEFAULT_CONFIG = {
	enabled: true,
	matchers: {
		bash: { param: "command", type: "bash" },
		read: { param: "path", type: "glob" },
		write: { param: "path", type: "glob" },
		edit: { param: "path", type: "glob" },
		grep: { param: "path", type: "glob" },
		find: { param: "path", type: "glob" },
		ls: { param: "path", type: "glob" },
	},
	rules: {
		bash: {
			"*": "ask",
			basename: "allow",
			cat: "allow",
			cd: "allow",
			column: "allow",
			cut: "allow",
			date: "allow",
			dirname: "allow",
			echo: "allow",
			env: "allow",
			expand: "allow",
			fd: "allow",
			file: "allow",
			find: "allow",
			"find -exec": "ask",
			fold: "allow",
			fmt: "allow",
			"gh issue list": "allow",
			"gh issue view": "allow",
			"gh pr diff": "allow",
			"gh pr list": "allow",
			"gh pr view": "allow",
			"gh repo view": "allow",
			"git blame": "allow",
			"git branch --show-current": "allow",
			"git diff": "allow",
			"git log": "allow",
			"git show": "allow",
			"git status": "allow",
			grep: "allow",
			head: "allow",
			hostname: "allow",
			id: "allow",
			jq: "allow",
			ls: "allow",
			md5sum: "allow",
			nl: "allow",
			pwd: "allow",
			readlink: "allow",
			realpath: "allow",
			rev: "allow",
			rg: "allow",
			seq: "allow",
			shasum: "allow",
			sha256sum: "allow",
			shuf: "allow",
			sort: "allow",
			stat: "allow",
			tac: "allow",
			tail: "allow",
			tr: "allow",
			true: "allow",
			uname: "allow",
			unexpand: "allow",
			uniq: "allow",
			wc: "allow",
			which: "allow",
			whoami: "allow",
			yq: "allow",
		},
		read: {
			"*": "allow",
			"**/*.env": "deny",
			"**/*.pem": "deny",
		},
		write: {
			"*": "ask",
		},
		edit: {
			"*": "ask",
		},
		grep: {
			"*": "allow",
		},
		find: {
			"*": "allow",
		},
		ls: {
			"*": "allow",
		},
	},
} as const satisfies GuardConfig;