"""
Default-deny configuration for container mode.

In container mode:
- Shell tool is disabled entirely
- File tool is restricted to /data/ and /config/ (read-only)
- Fetch tool only allows declared LLM backend domains
- All tools require explicit per-listener allowlist

In development mode:
- All tools available (current behavior preserved)
- No filesystem restrictions
- No network restrictions
"""

from __future__ import annotations

import logging
import os
from typing import Optional

logger = logging.getLogger(__name__)

# Module-level mode state
_organism_mode: Optional[str] = None


def get_organism_mode() -> str:
    """Get the current organism mode."""
    global _organism_mode
    if _organism_mode is None:
        _organism_mode = os.environ.get("ORGANISM_MODE", "development")
    return _organism_mode


def set_organism_mode(mode: str) -> None:
    """Set the organism mode explicitly."""
    global _organism_mode
    if mode not in ("container", "development"):
        raise ValueError(f"Invalid mode: {mode}. Must be 'container' or 'development'.")
    _organism_mode = mode
    logger.info(f"Organism mode set to: {mode}")


def is_container_mode() -> bool:
    """Check if running in container (default-deny) mode."""
    return get_organism_mode() == "container"


def apply_container_defaults() -> None:
    """
    Apply default-deny security posture for container mode.

    This configures all tool modules with restrictive defaults:
    - Shell: disabled
    - Files: restricted to /data (rw) and /config (ro)
    - Fetch: blocks all non-LLM-backend domains by default
    """
    set_organism_mode("container")

    # Lock down shell tool
    from xml_pipeline.tools.shell import set_container_mode as shell_lock

    shell_lock(True)
    logger.info("Shell tool: DISABLED (container mode)")

    # Lock down file tool to /data and /config
    from xml_pipeline.tools.files import configure_allowed_paths

    configure_allowed_paths(["/data", "/config"])
    logger.info("File tool: restricted to /data (rw), /config (ro)")

    # Lock down fetch tool
    from xml_pipeline.tools.fetch import set_container_mode as fetch_lock

    fetch_lock(True)
    logger.info("Fetch tool: egress restricted to allowlisted domains")

    # Enable permission gate
    from xml_pipeline.tools.permission_gate import enable_permission_gate

    enable_permission_gate()
    logger.info("Permission gate: ENABLED (tools require explicit allowlist)")

    logger.info("Container security lockdowns applied")