provisioning/taskservs/nushell/default/config.nu.j2

# Secure Nushell Configuration for Infrastructure Servers
# Auto-generated by provisioning system

# Security-first configuration
$env.config = {
    show_banner: false
    use_ansi_coloring: true
    edit_mode: emacs

    # Security settings
    shell_integration: false
    cd_with_abbreviations: false
    filesize_metric: true
    table_mode: rounded

    # History settings (limited for security)
    history: {
        max_size: 1000
        sync_on_enter: true
        file_format: "plaintext"
        isolation: true
    }

    # Completion settings
    completions: {
        case_sensitive: false
        quick: true
        partial: true
        algorithm: "prefix"
        external: {
            enable: {% if taskserv.nushell_external_completions | default(false) %}true{% else %}false{% endif %}
            max_results: 100
            completer: null
        }
    }

    # Performance limits
    table: {
        mode: rounded
        index_mode: always
        trim: {
            methodology: wrapping
            wrapping_try_keep_words: true
            truncating_suffix: "..."
        }
    }

    # Error handling
    error_style: "fancy"

    # Hooks for security and audit
    hooks: {
        pre_prompt: [{
            condition: {|| true }
            code: {||
                # Audit logging
                if ($env.NUSHELL_AUDIT_ENABLED? | default false) {
                    $"(date now | format date '%Y-%m-%d %H:%M:%S') - Session active" | save -a $env.NUSHELL_AUDIT_FILE
                }
            }
        }]

        pre_execution: [{
            condition: {|| true }
            code: {|| |cmd|
                # Command validation and audit
                if ($env.NUSHELL_AUDIT_ENABLED? | default false) {
                    $"(date now | format date '%Y-%m-%d %H:%M:%S') - Command: ($cmd)" | save -a $env.NUSHELL_AUDIT_FILE
                }

                # Security check for blocked commands
                let blocked = ($env.NUSHELL_BLOCKED_COMMANDS? | default "" | split row ",")
                let cmd_name = ($cmd | split row " " | first)
                if $cmd_name in $blocked {
                    error make {msg: $"Command '($cmd_name)' is blocked for security reasons"}
                }
            }
        }]

        command_not_found: [{
            condition: {|| true }
            code: {|| |cmd_name|
                $"Command '($cmd_name)' not found. Available commands are restricted for security."
            }
        }]
    }

    # Menus disabled for security
    menus: []

    # Keybindings (minimal for security)
    keybindings: [
        {
            name: completion_menu
            modifier: none
            keycode: tab
            mode: [emacs vi_normal vi_insert]
            event: {
                until: [
                    { send: menu name: completion_menu }
                    { send: menunext }
                ]
            }
        }
    ]
}

# Security aliases (read-only operations)
alias ll = ls -la
alias df = df -h
alias free = free -h
alias pstree = ps aux --forest

# Restricted environment setup
{% if taskserv.nushell_readonly | default(true) %}
# Read-only mode - disable write operations
def rm [] { error make {msg: "rm command disabled in read-only mode"} }
def mv [] { error make {msg: "mv command disabled in read-only mode"} }
def cp [] { error make {msg: "cp command disabled in read-only mode"} }
def chmod [] { error make {msg: "chmod command disabled in read-only mode"} }
def chown [] { error make {msg: "chown command disabled in read-only mode"} }
{% endif %}

# Load observability modules if enabled
{% if taskserv.nushell_metrics | default(true) %}
source $"($env.NUSHELL_HOME)/observability/collect.nu"
{% endif %}

# Session timeout warning
def session-check [] {
    let start_time = (date now)
    let timeout = ($env.NUSHELL_SESSION_TIMEOUT? | default 900 | into int)
    if ((date now) - $start_time) > ($timeout * 1sec) {
        print "⚠️  Session timeout approaching. Please complete your tasks."
    }
}

# Initialize secure environment
print $"🛡️  Nushell secure mode active - execution mode: ($env.NUSHELL_EXECUTION_MODE? | default 'restricted')"
if ($env.NUSHELL_READONLY_MODE? | default true) {
    print "📖 Read-only mode enabled"
}
print $"⏱️  Session timeout: ($env.NUSHELL_SESSION_TIMEOUT? | default 900) seconds"
feat(taskserv): implement real-time version checking with configurable HTTP client - Add: GitHub API integration for live version checking in taskserv management - Add: HTTP client configuration option (http.use_curl) in config.defaults.toml - Add: Helper function fetch_latest_version with curl/http get support - Fix: Settings path structure for prov_data_dirpath access pattern - Remove: Legacy simulation code for version checking - Update: Core configuration name from "provisioning-system" to "provisioning" - Clean: Remove obsolete example configs and infrastructure files 2025-09-24 00:55:06 +00:00			`# Secure Nushell Configuration for Infrastructure Servers`
			`# Auto-generated by provisioning system`

			`# Security-first configuration`
			`$env.config = {`
			`show_banner: false`
			`use_ansi_coloring: true`
			`edit_mode: emacs`

			`# Security settings`
			`shell_integration: false`
			`cd_with_abbreviations: false`
			`filesize_metric: true`
			`table_mode: rounded`

			`# History settings (limited for security)`
			`history: {`
			`max_size: 1000`
			`sync_on_enter: true`
			`file_format: "plaintext"`
			`isolation: true`
			`}`

			`# Completion settings`
			`completions: {`
			`case_sensitive: false`
			`quick: true`
			`partial: true`
			`algorithm: "prefix"`
			`external: {`
			`enable: {% if taskserv.nushell_external_completions \| default(false) %}true{% else %}false{% endif %}`
			`max_results: 100`
			`completer: null`
			`}`
			`}`

			`# Performance limits`
			`table: {`
			`mode: rounded`
			`index_mode: always`
			`trim: {`
			`methodology: wrapping`
			`wrapping_try_keep_words: true`
			`truncating_suffix: "..."`
			`}`
			`}`

			`# Error handling`
			`error_style: "fancy"`

			`# Hooks for security and audit`
			`hooks: {`
			`pre_prompt: [{`
			`condition: {\|\| true }`
			`code: {\|\|`
			`# Audit logging`
			`if ($env.NUSHELL_AUDIT_ENABLED? \| default false) {`
			`$"(date now \| format date '%Y-%m-%d %H:%M:%S') - Session active" \| save -a $env.NUSHELL_AUDIT_FILE`
			`}`
			`}`
			`}]`

			`pre_execution: [{`
			`condition: {\|\| true }`
			`code: {\|\| \|cmd\|`
			`# Command validation and audit`
			`if ($env.NUSHELL_AUDIT_ENABLED? \| default false) {`
			`$"(date now \| format date '%Y-%m-%d %H:%M:%S') - Command: ($cmd)" \| save -a $env.NUSHELL_AUDIT_FILE`
			`}`

			`# Security check for blocked commands`
			`let blocked = ($env.NUSHELL_BLOCKED_COMMANDS? \| default "" \| split row ",")`
			`let cmd_name = ($cmd \| split row " " \| first)`
			`if $cmd_name in $blocked {`
			`error make {msg: $"Command '($cmd_name)' is blocked for security reasons"}`
			`}`
			`}`
			`}]`

			`command_not_found: [{`
			`condition: {\|\| true }`
			`code: {\|\| \|cmd_name\|`
			`$"Command '($cmd_name)' not found. Available commands are restricted for security."`
			`}`
			`}]`
			`}`

			`# Menus disabled for security`
			`menus: []`

			`# Keybindings (minimal for security)`
			`keybindings: [`
			`{`
			`name: completion_menu`
			`modifier: none`
			`keycode: tab`
			`mode: [emacs vi_normal vi_insert]`
			`event: {`
			`until: [`
			`{ send: menu name: completion_menu }`
			`{ send: menunext }`
			`]`
			`}`
			`}`
			`]`
			`}`

			`# Security aliases (read-only operations)`
			`alias ll = ls -la`
			`alias df = df -h`
			`alias free = free -h`
			`alias pstree = ps aux --forest`

			`# Restricted environment setup`
			`{% if taskserv.nushell_readonly \| default(true) %}`
			`# Read-only mode - disable write operations`
			`def rm [] { error make {msg: "rm command disabled in read-only mode"} }`
			`def mv [] { error make {msg: "mv command disabled in read-only mode"} }`
			`def cp [] { error make {msg: "cp command disabled in read-only mode"} }`
			`def chmod [] { error make {msg: "chmod command disabled in read-only mode"} }`
			`def chown [] { error make {msg: "chown command disabled in read-only mode"} }`
			`{% endif %}`

			`# Load observability modules if enabled`
			`{% if taskserv.nushell_metrics \| default(true) %}`
			`source $"($env.NUSHELL_HOME)/observability/collect.nu"`
			`{% endif %}`

			`# Session timeout warning`
			`def session-check [] {`
			`let start_time = (date now)`
			`let timeout = ($env.NUSHELL_SESSION_TIMEOUT? \| default 900 \| into int)`
			`if ((date now) - $start_time) > ($timeout * 1sec) {`
			`print "⚠️ Session timeout approaching. Please complete your tasks."`
			`}`
			`}`

			`# Initialize secure environment`
			`print $"🛡️ Nushell secure mode active - execution mode: ($env.NUSHELL_EXECUTION_MODE? \| default 'restricted')"`
			`if ($env.NUSHELL_READONLY_MODE? \| default true) {`
			`print "📖 Read-only mode enabled"`
			`}`
			`print $"⏱️ Session timeout: ($env.NUSHELL_SESSION_TIMEOUT? \| default 900) seconds"`