/**
 * Bundle IDs that are escalations-in-disguise. The approval UI shows a warning
 * badge for these; they are NOT blocked. Power users may legitimately want the
 * model controlling a terminal.
 *
 * Imported by the renderer via the `./sentinelApps` subpath (package.json
 * `exports`), which keeps Next.js from reaching index.ts → mcpServer.ts →
 * @modelcontextprotocol/sdk (devDep, would fail module resolution). Keep
 * this file import-free so the subpath stays clean.
 */

/** These apps can execute arbitrary shell commands. */
const SHELL_ACCESS_BUNDLE_IDS = new Set([
  "com.apple.Terminal",
  "com.googlecode.iterm2",
  "com.microsoft.VSCode",
  "dev.warp.Warp-Stable",
  "com.github.wez.wezterm",
  "io.alacritty",
  "net.kovidgoyal.kitty",
  "com.jetbrains.intellij",
  "com.jetbrains.pycharm",
]);

/** Finder in the allowlist ≈ browse + open-any-file. */
const FILESYSTEM_ACCESS_BUNDLE_IDS = new Set(["com.apple.finder"]);

const SYSTEM_SETTINGS_BUNDLE_IDS = new Set(["com.apple.systempreferences"]);

export const SENTINEL_BUNDLE_IDS: ReadonlySet<string> = new Set([
  ...SHELL_ACCESS_BUNDLE_IDS,
  ...FILESYSTEM_ACCESS_BUNDLE_IDS,
  ...SYSTEM_SETTINGS_BUNDLE_IDS,
]);

export type SentinelCategory = "shell" | "filesystem" | "system_settings";

export function getSentinelCategory(bundleId: string): SentinelCategory | null {
  if (SHELL_ACCESS_BUNDLE_IDS.has(bundleId)) return "shell";
  if (FILESYSTEM_ACCESS_BUNDLE_IDS.has(bundleId)) return "filesystem";
  if (SYSTEM_SETTINGS_BUNDLE_IDS.has(bundleId)) return "system_settings";
  return null;
}