git.stella-ops.org/src/Policy/__Libraries/StellaOps.Policy/ToolLattice/ToolLatticeDefaults.cs

using System.Collections.Generic;

namespace StellaOps.Policy.ToolLattice;

internal static class ToolLatticeDefaults
{
    public static IReadOnlyList<ToolAccessRule> CreateDefaults()
    {
        return new[]
        {
            new ToolAccessRule
            {
                Id = "default-vex-query",
                Tool = "vex.query",
                Action = "read",
                Effect = ToolAccessEffect.Allow,
                Priority = -100,
                Scopes = { "vex:read" }
            },
            new ToolAccessRule
            {
                Id = "default-sbom-read",
                Tool = "sbom.read",
                Action = "read",
                Effect = ToolAccessEffect.Allow,
                Priority = -100,
                Scopes = { "sbom:read" }
            },
            new ToolAccessRule
            {
                Id = "default-scanner-findings-topk",
                Tool = "scanner.findings.topk",
                Action = "read",
                Effect = ToolAccessEffect.Allow,
                Priority = -100,
                Scopes = { "scanner:read", "findings:read" }
            }
        };
    }
}