# Globals; [profile.<name>] overrides them when --profile <name> is passed.
# CLI flags override both.

whitelist = true
# blacklist = true
# hardened = true         # implied by whitelist
# unshare-net = true
# seccomp = false         # default: true
# env-filter = false      # default: true
# dry-run = true
# chdir = "~/projects/my-repo"

ro = [
    "~/.local/share/claude-code",
    "~/.local/share/codex-cli",
    "~/dev/agent-config/AGENTS.md",
    "/etc/alsa",
    "/run/user/1000/pulse",
    "/run/user/1000/pipewire-0",
    # "/host/path:/sandbox/path",  # SRC:DST -> mount host SRC at a different target
]
rw = [
    "~/.config/claude",
    "~/.cargo",
    "~/.rustup",
]
# mask = ["~/.ssh"]        # hide path with tmpfs/over /dev/null

env = [
    "XDG_RUNTIME_DIR",          # KEY         -> pass through from host if set
    # "DEBUG=",                 # KEY=        -> set to empty string
    # "DATABASE_URL=dev",       # KEY=VALUE   -> set explicitly
]
# unsetenv = ["SOME_LEAKED_VAR"]

entrypoint = ["claude", "--dangerously-skip-permissions"]
# command = ["--model", "opus"]   # default trailing args
# bwrap-args = ["--tmpfs /opt/scratch"]  # raw bwrap escape hatch

# Profiles inherit all globals above and override keys they set. Select one at
# runtime with `--profile <name>`. Vec fields (ro/rw/mask/env/unsetenv) append
# to the globals; scalar fields replace. Profile-less runs use just the globals.
[profile.blacklist]
blacklist = true