# SecuBox AI Gateway Configuration
# Data Classifier (Sovereignty Engine) for ANSSI CSPN Compliance

config ai-gateway 'main'
	option enabled '1'
	option proxy_port '4050'
	option proxy_host '127.0.0.1'
	option default_classification 'local_only'
	option offline_mode '0'

config classifier 'classifier'
	option enabled '1'
	option strict_mode '1'

# LOCAL_ONLY patterns - data that NEVER leaves the device
config patterns 'local_only_patterns'
	# IPv4 addresses
	list pattern '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'
	# IPv6 addresses
	list pattern '[0-9a-fA-F:]{8,39}'
	# MAC addresses
	list pattern '[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}'
	# Credentials
	list pattern 'password|passwd|secret|token|api[_-]?key|private[_-]?key'
	# Private keys
	list pattern 'BEGIN.*PRIVATE KEY'
	# System paths
	list pattern '/var/log|/etc/config|/etc/shadow|/etc/passwd'
	# Security tools
	list pattern 'crowdsec|iptables|nftables|firewall|wireguard'
	# WireGuard references
	list pattern 'wg[0-9]+|AllowedIPs|Endpoint'

# Patterns that CAN be sanitized for EU providers
config patterns 'sanitizable_patterns'
	list pattern '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'
	list pattern '[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}'

# Provider: LocalAI (on-device, always enabled)
config provider 'localai'
	option enabled '1'
	option priority '0'
	option classification 'local_only'
	option endpoint 'http://127.0.0.1:8081'
	option model 'tinyllama-1.1b-chat-v1.0.Q4_K_M'

# Provider: Mistral (EU sovereign, GDPR compliant)
config provider 'mistral'
	option enabled '0'
	option priority '1'
	option classification 'sanitized'
	option endpoint 'https://api.mistral.ai/v1'
	option api_key ''
	option model 'mistral-small-latest'
	option region 'eu'

# Provider: Claude (Anthropic)
config provider 'claude'
	option enabled '0'
	option priority '2'
	option classification 'cloud_direct'
	option endpoint 'https://api.anthropic.com/v1'
	option api_key ''
	option model 'claude-sonnet-4-20250514'

# Provider: OpenAI
config provider 'openai'
	option enabled '0'
	option priority '3'
	option classification 'cloud_direct'
	option endpoint 'https://api.openai.com/v1'
	option api_key ''
	option model 'gpt-4o'

# Provider: Gemini (Google)
config provider 'gemini'
	option enabled '0'
	option priority '4'
	option classification 'cloud_direct'
	option endpoint 'https://generativelanguage.googleapis.com/v1beta'
	option api_key ''
	option model 'gemini-pro'

# Provider: xAI
config provider 'xai'
	option enabled '0'
	option priority '5'
	option classification 'cloud_direct'
	option endpoint 'https://api.x.ai/v1'
	option api_key ''
	option model 'grok-2'

# Audit configuration
config audit 'audit'
	option enabled '1'
	option log_requests '1'
	option log_responses '0'
	option log_classifications '1'
	option audit_path '/var/log/ai-gateway/audit.jsonl'
	option retention_days '90'
	option max_log_size_mb '100'