profile: developer
description: Developer access profile with moderate restrictions
version: 1.0.0
restricted: true

# Developer permissions
allowed:
  commands:
    - "server list"
    - "server create"
    - "server delete"
    - "server status"
    - "server ssh"
    - "taskserv list"
    - "taskserv create"
    - "taskserv delete"
    - "taskserv status"
    - "cluster status"
    - "generate"
    - "show"
    - "context"

  providers:
    - "local"
    - "digitalocean"

  taskservs:
    - "kubernetes"
    - "monitoring"
    - "gitea"
    - "postgres"

  profiles:
    - "development"
    - "staging"

# Restricted operations
blocked:
  commands:
    - "sops edit production/*"
    - "cluster delete production"

  providers: []

  taskservs: []

  profiles:
    - "production"

# Resource limits for developers
environment:
  max_servers: 10
  allowed_regions:
    - "nyc1"
    - "nyc3"
    - "ams3"
    - "fra1"
  allowed_sizes:
    - "s-1vcpu-1gb"
    - "s-1vcpu-2gb"
    - "s-2vcpu-2gb"
    - "s-2vcpu-4gb"

# Audit settings
audit:
  log_commands: true
  require_justification: false
  notify_webhook: "${DEV_AUDIT_WEBHOOK_URL}"

# Flexible schedule for developers
schedule:
  allowed_hours: "00:00-23:59"
  allowed_days: ["mon", "tue", "wed", "thu", "fri", "sat", "sun"]
  timezone: "UTC"