-- config.lua — model registry, routing rules, user preferences.
-- Loaded with dofile() at startup; returns a plain Lua table.
-- See docs/PHASE0.md §10 for resolution order and full schema.
--
-- Per issue #12: hossenfelder is the canonical single-URL broker. It does
-- model-aware routing server-side (local models on boltzmann; cloud routes
-- through OpenRouter using its own bearer auth — no client-side key here).
-- Discovery: GET http://hossenfelder.fritz.box:8082/v1/models.

local HOSSENFELDER = "http://hossenfelder.fritz.box:8082"

return {
    default_model = "fast",

    models = {
        fast = {
            endpoint    = HOSSENFELDER,
            model       = "qwen2.5-coder-1.5b-q4_k_m.gguf",
            temperature = 0.2,
        },
        deep = {
            endpoint    = HOSSENFELDER,
            model       = "qwen3-30b-a3b-instruct",
            timeout_ms  = 1800000,   -- 10 min; Nemo on RK3588 is patient work
            temperature = 0.1,
        },
        cloud = {
            endpoint    = HOSSENFELDER,
            model       = "anthropic/claude-haiku-4.5",
            temperature = 0.2,
        },
    },

    shell = {
        known_commands = {
            "ls", "cat", "cd", "grep", "find", "cp", "mv", "rm",
            "mkdir", "rmdir", "git", "make", "cmake", "gcc", "clang",
            "python3", "luajit", "ssh", "scp", "curl", "wget",
        },
        capture_output = true,    -- inject exec output into context
        confirm_cmd    = true,    -- prompt before executing CMD: suggestions
    },

    context = {
        max_turns    = 40,
        token_budget = 4096,
    },

    history = {
        dir = (os.getenv("HOME") or ".") .. "/.local/share/aish",
    },

    -- Phase 2 (docs/PHASE2.md): MCP server registry + tool-call policy.
    -- The block is OFF by default — connect-at-startup happens only when
    -- `servers` is non-empty. Uncomment + adjust per your fleet.
    --
    -- mcp = {
    --     servers = {
    --         -- Each entry: alias = { url = "...", auth_token = "..." | auth_env = "..." }
    --         -- auth_token literal > auth_env env-var indirection > nil (no auth).
    --         -- Aliases become the namespace prefix on tool names sent to the model
    --         -- ("<alias>__<tool>" — e.g. "boltzmann__list_dir"). The separator is
    --         -- "__" (two underscores) because Anthropic via Bedrock validates tool
    --         -- names against ^[a-zA-Z0-9_-]{1,128}$ — dots are rejected.
    --         -- Aliases themselves must not contain "__".
    --         boltzmann = {
    --             url      = "http://boltzmann.fritz.box:8080/mcp",
    --             auth_env = "BOLTZMANN_MCP_TOKEN",
    --         },
    --         hertz = {
    --             url      = "http://hertz.fritz.box:8080/mcp",
    --             auth_env = "HERTZ_MCP_TOKEN",
    --         },
    --         broglie = {
    --             url = "http://broglie.fritz.box:8080/mcp",  -- LAN-only, no auth
    --         },
    --     },
    --
    --     -- Per-call confirm gate auto-approve policy.
    --     -- Key forms:
    --     --   "<alias>__<tool>" — auto-approve one specific tool
    --     --   "<alias>__*"      — auto-approve every tool on that server
    --     -- Anything not matched falls back to the [y/N] prompt.
    --     auto_approve = {
    --         ["boltzmann__read_file"]    = true,
    --         ["boltzmann__list_dir"]     = true,
    --         ["boltzmann__search_files"] = true,
    --         ["hertz__*"]                = true,   -- trust the hub fully
    --     },
    --
    --     -- Tool-call sub-loop budget per ask_ai turn. Hitting the cap surfaces
    --     -- a status and breaks; default 8 if absent.
    --     max_tool_depth = 8,
    -- },
}