# DSS Boundary Configuration
# This file defines what external APIs and operations are allowed
# All AI interactions MUST go through DSS tools, not direct external access

version: "1.0"

# Blocked external APIs - AI cannot access these directly
blocked_external_apis:
  - "api.figma.com"
  - "figma.com/api"

# Blocked direct imports - Prevent bypassing DSS tools
blocked_imports:
  - "requests"  # Use DSS HTTP client wrapper
  - "playwright"  # Use DSS browser strategies only
  - "httpx"  # Use DSS HTTP client wrapper

# Required DSS tools for specific operations
required_dss_tools:
  figma_operations:
    - "dss_sync_figma"
    - "dss_figma_discover"
    - "dss_project_add_figma_file"
    - "dss_project_add_figma_team"

  browser_operations:
    - "dss_browser_init"
    - "dss_browser_get_logs"
    - "dss_browser_screenshot"
    - "dss_browser_dom_snapshot"

  token_operations:
    - "dss_extract_tokens"
    - "dss_generate_theme"
    - "dss_transform_tokens"

  project_operations:
    - "dss_project_init"
    - "dss_project_build"
    - "dss_project_sync"

# Emergency overrides (admin only, all logged)
emergency_overrides:
  enabled: false
  requires_justification: true
  audit_log: ".dss/logs/boundary-overrides.jsonl"

# Enforcement settings
enforcement:
  mode: "strict"  # Options: strict, warn, disabled
  log_violations: true
  violation_log: ".dss/logs/boundary-violations.jsonl"