# Actor session roles — typed contract for role definitions used by the
# ontoref daemon actor registry.
#
# The `role` field in ActorSession is validated against this file when present.
# A role defines which UI capabilities are granted and what UI defaults apply.
#
# Load example:
#   nickel export --format json .ontoref/roles.ncl

let permission_type = [|
  'read_backlog,
  'write_backlog,
  'read_adrs,
  'write_adrs,
  'run_modes,
  'emit_notifications,
  'manage_projects,
  'manage_sessions,
|] in

let nav_mode_type = [| 'icons, 'icons_text, 'text |] in

let theme_type = [| 'dark, 'light, 'system |] in

let role_def_type = {
  id          | String,
  label       | String,
  description | String | default = "",
  permissions | Array permission_type,
  ui_defaults | {
    theme    | theme_type    | default = 'system,
    nav_mode | nav_mode_type | default = 'icons_text,
  } | default = {},
} in

{
  roles | Array role_def_type = [
    {
      id          = "admin",
      label       = "Admin",
      description = "Full access — manage projects, sessions, ADRs, backlog, and emit notifications.",
      permissions = [
        'read_backlog,
        'write_backlog,
        'read_adrs,
        'write_adrs,
        'run_modes,
        'emit_notifications,
        'manage_projects,
        'manage_sessions,
      ],
      ui_defaults = { theme = 'dark, nav_mode = 'icons_text },
    },
    {
      id          = "developer",
      label       = "Developer",
      description = "Standard development access — read/write backlog and ADRs, run modes.",
      permissions = [
        'read_backlog,
        'write_backlog,
        'read_adrs,
        'write_adrs,
        'run_modes,
        'emit_notifications,
      ],
      ui_defaults = { theme = 'system, nav_mode = 'icons_text },
    },
    {
      id          = "viewer",
      label       = "Viewer",
      description = "Read-only access — view backlog, ADRs, notifications.",
      permissions = [
        'read_backlog,
        'read_adrs,
      ],
      ui_defaults = { theme = 'system, nav_mode = 'icons },
    },
    {
      id          = "agent",
      label       = "Agent",
      description = "Automated agent — run modes, read/write backlog, emit notifications.",
      permissions = [
        'read_backlog,
        'write_backlog,
        'read_adrs,
        'run_modes,
        'emit_notifications,
      ],
      ui_defaults = { theme = 'dark, nav_mode = 'icons },
    },
    {
      id          = "ci",
      label       = "CI",
      description = "Continuous integration actor — read backlog and ADRs, run modes.",
      permissions = [
        'read_backlog,
        'read_adrs,
        'run_modes,
      ],
      ui_defaults = { theme = 'dark, nav_mode = 'icons },
    },
  ],
}