# Whitelist of allowed commands for ops-agent.
# Copy to /etc/ops-agent/commands.yml on the host.
# Restart ops-agent after changes.
#
# Schema per command:
#   cmd:         required — command + static args as array (no shell, no interpolation)
#   cwd:         optional — working directory for the subprocess
#   cwd_pattern: optional — working directory as a glob/pattern (resolved at runtime)
#   args:
#     allowed:   optional — whitelist of argument values accepted from the caller
#                If absent or empty, the command takes no extra arguments.
#   description: optional — human-readable description

commands:
  docker_ps:
    cmd: ["docker", "ps", "--format", "table"]
    description: "List running Docker containers"

  git_status:
    cmd: ["git", "status", "--short"]
    cwd: "/srv/ops"
    description: "Git status of the ops directory"

  systemctl_status:
    cmd: ["systemctl", "status"]
    args:
      allowed:
        - ops-agent
        - caddy
        - docker
        - nginx
        - postgresql
    description: "Show systemctl status for an allowed service"

  caddy_show_config:
    cmd: ["caddy", "fmt", "/etc/caddy/Caddyfile"]
    description: "Print the formatted Caddy config"