package sdk

// PluginPermissions defines what a plugin is allowed to do.
type PluginPermissions struct {
	NetworkAllowed bool     `json:"networkAllowed"`
	AllowedHosts   []string `json:"allowedHosts,omitempty"`
	IoTRead        bool     `json:"iotRead"`
	IoTWrite       bool     `json:"iotWrite"`
	MemoryRead     bool     `json:"memoryRead"`
	MemoryWrite    bool     `json:"memoryWrite"`
	FileRead       bool     `json:"fileRead"`
	FileWrite      bool     `json:"fileWrite"`
	AllowedPaths   []string `json:"allowedPaths,omitempty"`
	ExecAllowed    bool     `json:"execAllowed"`
	MaxCPUPercent  float64  `json:"maxCPUPercent"`
	MaxMemoryMB    int      `json:"maxMemoryMB"`
}

// DefaultPermissions returns a safe default permission set.
func DefaultPermissions() PluginPermissions {
	return PluginPermissions{
		NetworkAllowed: false,
		AllowedHosts:   []string{},
		IoTRead:        false,
		IoTWrite:       false,
		MemoryRead:     false,
		MemoryWrite:    false,
		FileRead:       false,
		FileWrite:      false,
		AllowedPaths:   []string{},
		ExecAllowed:    false,
		MaxCPUPercent:  10.0,
		MaxMemoryMB:    128,
	}
}