<?php

declare(strict_types=1);

namespace App\Filament\Pages\Reviews;

use App\Filament\Concerns\CleansAdminTenantQueryParameter;
use App\Filament\Concerns\ClearsWorkspaceHubEnvironmentFilterState;
use App\Filament\Resources\EnvironmentReviewResource;
use App\Models\EnvironmentReview;
use App\Models\EvidenceSnapshot;
use App\Models\FindingException;
use App\Models\ManagedEnvironment;
use App\Models\ReviewPack;
use App\Models\User;
use App\Models\Workspace;
use App\Services\Audit\WorkspaceAuditLogger;
use App\Services\EnvironmentReviews\EnvironmentReviewRegisterService;
use App\Services\ReviewPackService;
use App\Support\Audit\AuditActionId;
use App\Support\Auth\Capabilities;
use App\Support\EnvironmentReviewCompletenessState;
use App\Support\Filament\TablePaginationProfiles;
use App\Support\Findings\FindingOutcomeSemantics;
use App\Support\Governance\Controls\ComplianceEvidenceMappingV1;
use App\Support\Navigation\CanonicalNavigationContext;
use App\Support\Navigation\WorkspaceHubEnvironmentFilter;
use App\Support\ReviewPackStatus;
use App\Support\Ui\ActionSurface\ActionSurfaceDeclaration;
use App\Support\Ui\ActionSurface\Enums\ActionSurfaceInspectAffordance;
use App\Support\Ui\ActionSurface\Enums\ActionSurfaceProfile;
use App\Support\Ui\ActionSurface\Enums\ActionSurfaceSlot;
use App\Support\Ui\ActionSurface\Enums\ActionSurfaceType;
use App\Support\Ui\GovernanceArtifactTruth\ArtifactTruthEnvelope;
use App\Support\Ui\GovernanceArtifactTruth\ArtifactTruthPresenter;
use App\Support\Ui\GovernanceArtifactTruth\CompressedGovernanceOutcome;
use App\Support\Ui\GovernanceArtifactTruth\SurfaceCompressionContext;
use App\Support\Workspaces\WorkspaceContext;
use BackedEnum;
use Filament\Actions\Action;
use Filament\Pages\Page;
use Filament\Tables\Columns\TextColumn;
use Filament\Tables\Concerns\InteractsWithTable;
use Filament\Tables\Contracts\HasTable;
use Filament\Tables\Filters\SelectFilter;
use Filament\Tables\Table;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Support\Str;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
use UnitEnum;

class CustomerReviewWorkspace extends Page implements HasTable
{
    use CleansAdminTenantQueryParameter;
    use ClearsWorkspaceHubEnvironmentFilterState;
    use InteractsWithTable;

    public const string DETAIL_CONTEXT_QUERY_KEY = 'customer_workspace';

    public const string SOURCE_SURFACE = 'customer_review_workspace';

    protected static bool $isDiscovered = false;

    protected static string|BackedEnum|null $navigationIcon = 'heroicon-o-document-text';

    protected static string|UnitEnum|null $navigationGroup = 'Reporting';

    protected static ?string $navigationLabel = 'Customer reviews';

    protected static ?int $navigationSort = 44;

    protected static ?string $title = 'Customer Review Workspace';

    protected static ?string $slug = 'reviews/workspace';

    protected string $view = 'filament.pages.reviews.customer-review-workspace';

    public static function actionSurfaceDeclaration(): ActionSurfaceDeclaration
    {
        return ActionSurfaceDeclaration::forPage(ActionSurfaceProfile::RunLog, ActionSurfaceType::ReadOnlyRegistryReport)
            ->satisfy(ActionSurfaceSlot::ListHeader, 'Header actions provide a single Clear filters action for the customer review workspace.')
            ->satisfy(ActionSurfaceSlot::InspectAffordance, ActionSurfaceInspectAffordance::PrimaryLinkColumn->value)
            ->withPrimaryLinkColumnReason('Only the dedicated review-open column should navigate away; the rest of the row stays comparative workspace context.')
            ->exempt(ActionSurfaceSlot::ListBulkMoreGroup, 'The customer review workspace remains scan-first and does not expose bulk actions.')
            ->satisfy(ActionSurfaceSlot::ListEmptyState, 'The empty state keeps exactly one Clear filters CTA when filters are active.')
            ->exempt(ActionSurfaceSlot::DetailHeader, 'The dedicated open link column opens the latest published review detail instead of an inline canonical detail panel.');
    }

    public static function getNavigationGroup(): string
    {
        return __('localization.review.reporting');
    }

    public static function getNavigationLabel(): string
    {
        return __('localization.review.customer_reviews');
    }

    public function getTitle(): string
    {
        return __('localization.review.customer_review_workspace');
    }

    public static function environmentFilterUrl(ManagedEnvironment $tenant): string
    {
        return static::getUrl(panel: 'admin').'?'.http_build_query([
            'environment_id' => (int) $tenant->getKey(),
        ]);
    }

    /**
     * @var array<int, ManagedEnvironment>|null
     */
    private ?array $authorizedTenants = null;

    public function mount(): void
    {
        $this->authorizePageAccess();
        $this->resetWorkspaceHubEnvironmentFilterStateForCleanEntry(request());
        $this->applyRequestedTenantPrefilter();
        $this->mountInteractsWithTable();
        $this->resetWorkspaceHubEnvironmentFilterStateForCleanEntry(request());
        $this->auditWorkspaceOpen();
    }

    protected function getHeaderActions(): array
    {
        $actions = [];

        $governanceContext = $this->incomingGovernanceContext();

        if ($governanceContext?->backLinkUrl !== null) {
            $actions[] = Action::make('return_to_governance_inbox')
                ->label($governanceContext->backLinkLabel ?? 'Back to governance inbox')
                ->icon('heroicon-o-arrow-left')
                ->color('gray')
                ->url($governanceContext->backLinkUrl);
        }

        $actions[] = Action::make('clear_filters')
            ->label(__('localization.review.clear_filters'))
            ->icon('heroicon-o-x-mark')
            ->color('gray')
            ->visible(fn (): bool => $this->hasActiveFilters())
            ->action(function (): void {
                $this->clearWorkspaceFilters();
            });

        return $actions;
    }

    public function table(Table $table): Table
    {
        return $table
            ->query(fn (): Builder => $this->workspaceQuery())
            ->defaultSort('name')
            ->paginated(TablePaginationProfiles::customPage())
            ->persistFiltersInSession()
            ->persistSearchInSession()
            ->persistSortInSession()
            ->recordUrl(null)
            ->columns([
                TextColumn::make('name')->label('Environment')->searchable(),
                TextColumn::make('package_availability')
                    ->label(__('localization.review.governance_package'))
                    ->width('9rem')
                    ->extraHeaderAttributes(['class' => 'whitespace-normal'])
                    ->badge()
                    ->getStateUsing(fn (ManagedEnvironment $record): string => $this->governancePackageAvailabilityLabel($record))
                    ->color(fn (ManagedEnvironment $record): string => $this->governancePackageAvailabilityColor($record))
                    ->tooltip(fn (ManagedEnvironment $record): string => $this->governancePackageAvailability($record)['description']),
                TextColumn::make('latest_review')
                    ->label(__('localization.review.status'))
                    ->width('9rem')
                    ->badge()
                    ->getStateUsing(fn (ManagedEnvironment $record): string => $this->latestReviewStateLabel($record))
                    ->color(fn (ManagedEnvironment $record): string => $this->latestReviewStateColor($record)),
                TextColumn::make('evidence_proof_state')
                    ->label(__('localization.review.evidence_status'))
                    ->width('8rem')
                    ->badge()
                    ->getStateUsing(fn (ManagedEnvironment $record): string => $this->evidenceStatusLabel($record))
                    ->color(fn (ManagedEnvironment $record): string => $this->evidenceStatusColor($record)),
                TextColumn::make('recommended_next_action')
                    ->label(__('localization.review.next_step'))
                    ->width('10rem')
                    ->extraHeaderAttributes(['class' => 'whitespace-normal'])
                    ->getStateUsing(fn (ManagedEnvironment $record): string => $this->controlRecommendedNextAction($record))
                    ->wrap(),
                TextColumn::make('open_review')
                    ->label(__('localization.review.open'))
                    ->width('8rem')
                    ->getStateUsing(fn (): string => __('localization.review.open_review'))
                    ->url(fn (ManagedEnvironment $record): ?string => $this->latestReviewUrl($record))
                    ->color('primary'),
            ])
            ->filters([
                SelectFilter::make('managed_environment_id')
                    ->label('Environment')
                    ->options(fn (): array => $this->tenantFilterOptions())
                    ->default(fn (): ?string => $this->defaultTenantFilter())
                    ->query(function (Builder $query, array $data): Builder {
                        $tenantId = $data['value'] ?? null;

                        return is_numeric($tenantId)
                            ? $query->whereKey((int) $tenantId)
                            : $query;
                    })
                    ->searchable(),
            ])
            ->actions([])
            ->bulkActions([])
            ->emptyStateHeading(fn (): string => $this->workspaceEmptyStateHeading())
            ->emptyStateDescription(fn (): string => $this->workspaceEmptyStateDescription())
            ->emptyStateActions([
                Action::make('clear_filters_empty')
                    ->label(__('localization.review.clear_filters'))
                    ->icon('heroicon-o-x-mark')
                    ->color('gray')
                    ->visible(fn (): bool => $this->hasActiveFilters())
                    ->action(fn (): mixed => $this->clearWorkspaceFilters()),
            ]);
    }

    /**
     * @return array<int, ManagedEnvironment>
     */
    public function authorizedTenants(): array
    {
        if ($this->authorizedTenants !== null) {
            return $this->authorizedTenants;
        }

        $user = auth()->user();
        $workspace = $this->workspace();

        if (! $user instanceof User || ! $workspace instanceof Workspace) {
            return $this->authorizedTenants = [];
        }

        return $this->authorizedTenants = app(EnvironmentReviewRegisterService::class)->authorizedTenants($user, $workspace);
    }

    public function activeEnvironmentFilterLabel(): ?string
    {
        return $this->filteredTenant()?->name;
    }

    /**
     * @return array{label: string, clear_url: string}|null
     */
    public function environmentFilterChip(): ?array
    {
        $tenant = $this->filteredTenant();

        if (! $tenant instanceof ManagedEnvironment) {
            return null;
        }

        return [
            'label' => (string) $tenant->name,
            'clear_url' => $this->cleanWorkspaceHubUrl(static::getUrl(panel: 'admin')),
        ];
    }

    /**
     * @return array<string, mixed>|null
     */
    public function latestReviewConsumptionPayload(): ?array
    {
        $tenant = $this->latestReleasedTenant();

        if (! $tenant instanceof ManagedEnvironment) {
            return null;
        }

        $review = $this->latestPublishedReview($tenant);

        if (! $review instanceof EnvironmentReview) {
            return null;
        }

        $publishedAt = $review->published_at ?? $review->generated_at ?? $review->created_at;
        $packageAvailability = $this->governancePackageAvailability($tenant);
        $downloadUrl = $this->reviewPackDownloadUrl($review, $tenant);
        $reviewUrl = $this->latestReviewUrl($tenant);

        return [
            'latest' => [
                'review_label' => __('localization.review.released_review_for_environment', [
                    'environment' => $tenant->name,
                ]),
                'environment_label' => $tenant->name,
                'status_label' => $this->latestReviewStateLabel($tenant),
                'status_color' => $this->latestReviewStateColor($tenant),
                'published_label' => $publishedAt instanceof \DateTimeInterface
                    ? $publishedAt->format('M j, Y H:i')
                    : __('localization.review.unavailable'),
                'package_label' => $packageAvailability['label'],
                'package_badge_label' => $this->governancePackageAvailabilityLabel($tenant),
                'package_color' => $this->governancePackageAvailabilityColor($tenant),
                'package_description' => $packageAvailability['description'],
                'primary_action_label' => $downloadUrl !== null
                    ? __('localization.review.download_review_pack')
                    : __('localization.review.open_latest_review'),
                'primary_action_url' => $downloadUrl ?? $reviewUrl,
                'primary_action_icon' => $downloadUrl !== null
                    ? 'heroicon-o-arrow-down-tray'
                    : 'heroicon-o-arrow-top-right-on-square',
                'secondary_action_label' => $downloadUrl !== null ? __('localization.review.open_review') : null,
                'secondary_action_url' => $downloadUrl !== null ? $reviewUrl : null,
            ],
            'decision' => $this->decisionSummaryForReview($review),
            'accepted_risks' => $this->acceptedRisksForReview($review),
            'evidence_basis' => $this->evidenceBasisForReview($review, $packageAvailability),
        ];
    }

    private function authorizePageAccess(): void
    {
        $user = auth()->user();
        $workspace = $this->workspace();

        if (! $user instanceof User) {
            abort(403);
        }

        if (! $workspace instanceof Workspace) {
            throw new NotFoundHttpException;
        }

        $service = app(EnvironmentReviewRegisterService::class);

        if (! $service->canAccessWorkspace($user, $workspace)) {
            throw new NotFoundHttpException;
        }

        if ($this->authorizedTenants() === []) {
            throw new NotFoundHttpException;
        }
    }

    private function auditWorkspaceOpen(): void
    {
        $user = auth()->user();
        $workspace = $this->workspace();

        if (! $user instanceof User || ! $workspace instanceof Workspace) {
            return;
        }

        app(WorkspaceAuditLogger::class)->log(
            workspace: $workspace,
            action: AuditActionId::CustomerReviewWorkspaceOpened,
            context: [
                'metadata' => [
                    'source_surface' => self::SOURCE_SURFACE,
                    'tenant_filter_id' => $this->currentTenantFilterId(),
                    'entitled_tenant_count' => count($this->authorizedTenants()),
                    'interpretation_version' => $this->currentTenantFilterInterpretationVersion(),
                    'interpretation_versions' => $this->visibleInterpretationVersions(),
                ],
            ],
            actor: $user,
            resourceType: 'customer_review_workspace',
            resourceId: (string) $workspace->getKey(),
            targetLabel: __('localization.review.customer_review_workspace'),
        );
    }

    private function workspaceQuery(): Builder
    {
        $user = auth()->user();
        $workspace = $this->workspace();

        if (! $user instanceof User || ! $workspace instanceof Workspace) {
            return ManagedEnvironment::query()->whereRaw('1 = 0');
        }

        return app(EnvironmentReviewRegisterService::class)->customerWorkspaceTenantQuery($user, $workspace);
    }

    /**
     * @return array<string, string>
     */
    private function tenantFilterOptions(): array
    {
        return collect($this->authorizedTenants())
            ->mapWithKeys(static fn (ManagedEnvironment $tenant): array => [
                (string) $tenant->getKey() => $tenant->name,
            ])
            ->all();
    }

    private function defaultTenantFilter(): ?string
    {
        return null;
    }

    private function applyRequestedTenantPrefilter(): void
    {
        $workspace = $this->workspace();

        if (! $workspace instanceof Workspace) {
            return;
        }

        $filter = WorkspaceHubEnvironmentFilter::fromRequest(request(), $workspace);

        if (! $filter instanceof WorkspaceHubEnvironmentFilter) {
            return;
        }

        $environmentId = $filter->environmentId();

        foreach ($this->authorizedTenants() as $tenant) {
            if ((int) $tenant->getKey() === $environmentId) {
                $this->tableFilters['managed_environment_id']['value'] = (string) $environmentId;
                $this->tableDeferredFilters['managed_environment_id']['value'] = (string) $environmentId;

                return;
            }
        }

        throw new NotFoundHttpException;
    }

    private function hasActiveFilters(): bool
    {
        return $this->currentTenantFilterId() !== null;
    }

    private function clearWorkspaceFilters(): void
    {
        $hadEnvironmentFilter = $this->currentTenantFilterId() !== null;

        $this->removeTableFilters();
        $this->clearWorkspaceHubEnvironmentFilterState(request());

        if ($hadEnvironmentFilter) {
            $this->redirectToCleanWorkspaceHubUrl(static::getUrl(panel: 'admin'), request());
        }
    }

    private function workspaceEmptyStateHeading(): string
    {
        return $this->filteredViewHasNoReleasedReviewsButWorkspaceHasMatches()
            ? __('localization.review.filtered_no_released_customer_reviews')
            : __('localization.review.no_released_customer_reviews');
    }

    private function workspaceEmptyStateDescription(): string
    {
        if ($this->filteredViewHasNoReleasedReviewsButWorkspaceHasMatches()) {
            return __('localization.review.filtered_no_released_customer_reviews_description');
        }

        return __('localization.review.no_released_customer_reviews_description');
    }

    private function filteredViewHasNoReleasedReviewsButWorkspaceHasMatches(): bool
    {
        $tenantFilterId = $this->currentTenantFilterId();
        $user = auth()->user();
        $workspace = $this->workspace();

        if ($tenantFilterId === null || ! $user instanceof User || ! $workspace instanceof Workspace) {
            return false;
        }

        $selectedTenantHasReleasedReview = EnvironmentReview::query()
            ->forWorkspace((int) $workspace->getKey())
            ->where('managed_environment_id', $tenantFilterId)
            ->published()
            ->exists();

        if ($selectedTenantHasReleasedReview) {
            return false;
        }

        return app(EnvironmentReviewRegisterService::class)
            ->latestPublishedQuery($user, $workspace)
            ->exists();
    }

    private function currentTenantFilterId(): ?int
    {
        $tenantFilter = data_get($this->tableFilters, 'managed_environment_id.value');

        if (! is_numeric($tenantFilter)) {
            $tenantFilter = data_get(session()->get($this->getTableFiltersSessionKey(), []), 'managed_environment_id.value');
        }

        return is_numeric($tenantFilter) ? (int) $tenantFilter : null;
    }

    private function filteredTenant(): ?ManagedEnvironment
    {
        $tenantId = $this->currentTenantFilterId();

        if (! is_int($tenantId)) {
            return null;
        }

        foreach ($this->authorizedTenants() as $tenant) {
            if ((int) $tenant->getKey() === $tenantId) {
                return $tenant;
            }
        }

        return null;
    }

    private function workspace(): ?Workspace
    {
        $workspaceId = app(WorkspaceContext::class)->currentWorkspaceId(request());

        return is_numeric($workspaceId)
            ? Workspace::query()->whereKey((int) $workspaceId)->first()
            : null;
    }

    private function latestReleasedTenant(): ?ManagedEnvironment
    {
        $user = auth()->user();
        $workspace = $this->workspace();

        if (! $user instanceof User || ! $workspace instanceof Workspace) {
            return null;
        }

        $query = app(EnvironmentReviewRegisterService::class)->latestPublishedQuery($user, $workspace);
        $tenantFilterId = $this->currentTenantFilterId();

        if ($tenantFilterId !== null) {
            $query->where('managed_environment_id', $tenantFilterId);
        }

        $review = $query->first();

        if (! $review instanceof EnvironmentReview || ! $review->tenant instanceof ManagedEnvironment) {
            return null;
        }

        $tenant = $review->tenant;
        $tenant->setRelation('environmentReviews', $review->newCollection([$review]));

        return $tenant;
    }

    private function latestPublishedReview(ManagedEnvironment $tenant): ?EnvironmentReview
    {
        $review = $tenant->environmentReviews->first();

        return $review instanceof EnvironmentReview ? $review : null;
    }

    private function latestReviewUrl(ManagedEnvironment $tenant): ?string
    {
        $review = $this->latestPublishedReview($tenant);

        if (! $review instanceof EnvironmentReview) {
            return null;
        }

        $query = array_filter(
            array_replace(
                [self::DETAIL_CONTEXT_QUERY_KEY => 1],
                [
                    'source_surface' => self::SOURCE_SURFACE,
                    'tenant_filter_id' => $this->currentTenantFilterId(),
                ],
                $this->navigationContext()?->toQuery() ?? [],
            ),
            static fn (mixed $value): bool => $value !== null && $value !== '',
        );

        return $this->appendQuery(EnvironmentReviewResource::environmentScopedUrl('view', ['record' => $review], $tenant), $query);
    }

    private function reviewPackDownloadUrl(EnvironmentReview $review, ManagedEnvironment $tenant): ?string
    {
        $pack = $review->currentExportReviewPack;
        $user = auth()->user();

        if (! $pack instanceof ReviewPack || ! $user instanceof User) {
            return null;
        }

        if ($this->governancePackageAvailability($tenant)['state'] !== 'available') {
            return null;
        }

        if (! $user->can(Capabilities::REVIEW_PACK_VIEW, $tenant)) {
            return null;
        }

        if ($pack->status !== ReviewPackStatus::Ready->value) {
            return null;
        }

        if ($pack->expires_at !== null && $pack->expires_at->isPast()) {
            return null;
        }

        if (! filled($pack->file_path) || ! filled($pack->file_disk)) {
            return null;
        }

        return app(ReviewPackService::class)->generateDownloadUrl($pack, [
            'source_surface' => self::SOURCE_SURFACE,
            'review_id' => (int) $review->getKey(),
            'tenant_filter_id' => (string) ($this->currentTenantFilterId() ?? $tenant->getKey()),
            'interpretation_version' => $review->controlInterpretationVersion(),
        ]);
    }

    private function latestPublishedAt(ManagedEnvironment $tenant): ?\Illuminate\Support\Carbon
    {
        return $this->latestPublishedReview($tenant)?->published_at;
    }

    private function reviewTruth(ManagedEnvironment $tenant): ?ArtifactTruthEnvelope
    {
        $review = $this->latestPublishedReview($tenant);

        return $review instanceof EnvironmentReview
            ? app(ArtifactTruthPresenter::class)->forEnvironmentReview($review)
            : null;
    }

    private function reviewOutcome(ManagedEnvironment $tenant): ?CompressedGovernanceOutcome
    {
        $presenter = app(ArtifactTruthPresenter::class);
        $review = $this->latestPublishedReview($tenant);
        $truth = $this->reviewTruth($tenant);

        if (! $review instanceof EnvironmentReview || ! $truth instanceof ArtifactTruthEnvelope) {
            return null;
        }

        return $presenter->compressedOutcomeFor($review, SurfaceCompressionContext::reviewRegister())
            ?? $presenter->compressedOutcomeFromEnvelope($truth, SurfaceCompressionContext::reviewRegister());
    }

    private function latestReviewStateLabel(ManagedEnvironment $tenant): string
    {
        $review = $this->latestPublishedReview($tenant);

        if (! $review instanceof EnvironmentReview) {
            return __('localization.review.no_published_review');
        }

        return $this->workspaceReviewNeedsAttention($tenant)
            ? __('localization.review.review_requires_attention')
            : __('localization.review.ready_for_release');
    }

    private function latestReviewStateColor(ManagedEnvironment $tenant): string
    {
        $review = $this->latestPublishedReview($tenant);

        if (! $review instanceof EnvironmentReview) {
            return 'gray';
        }

        $packageState = $this->governancePackageAvailability($tenant)['state'];

        if (! $this->workspaceReviewNeedsAttention($tenant)) {
            return 'success';
        }

        return in_array($packageState, ['expired', 'unavailable'], true)
            ? 'danger'
            : 'warning';
    }

    private function latestReviewStateIcon(ManagedEnvironment $tenant): ?string
    {
        return $this->reviewOutcome($tenant)?->primaryBadge->icon;
    }

    private function latestReviewStateIconColor(ManagedEnvironment $tenant): ?string
    {
        return $this->reviewOutcome($tenant)?->primaryBadge->iconColor;
    }

    private function reviewOutcomeDescription(ManagedEnvironment $tenant): ?string
    {
        $review = $this->latestPublishedReview($tenant);

        if (! $review instanceof EnvironmentReview) {
            return __('localization.review.no_published_review_available');
        }

        $primaryReason = $this->reviewOutcome($tenant)?->primaryReason;
        $summary = is_array($review->summary) ? $review->summary : [];
        $findingOutcomes = $summary['finding_outcomes'] ?? null;

        if (! is_array($findingOutcomes)) {
            return $primaryReason;
        }

        $findingOutcomeSummary = app(FindingOutcomeSemantics::class)->compactOutcomeSummary($findingOutcomes);

        if ($findingOutcomeSummary === null) {
            return $primaryReason;
        }

        return trim($primaryReason.' '.__('localization.review.terminal_outcomes').': '.$findingOutcomeSummary.'.');
    }

    private function controlReadinessLabel(ManagedEnvironment $tenant): string
    {
        $control = $this->primaryControlSummary($tenant);

        if ($control === null) {
            return __('localization.review.control_readiness_unmapped');
        }

        $label = $control['readiness_label'] ?? null;

        return is_string($label) && trim($label) !== ''
            ? $label
            : ComplianceEvidenceMappingV1::readinessLabel((string) ($control['readiness_bucket'] ?? 'review_recommended'));
    }

    /**
     * @return array<string, mixed>
     */
    private function governancePackageSummary(ManagedEnvironment $tenant): array
    {
        $review = $this->latestPublishedReview($tenant);

        if (! $review instanceof EnvironmentReview) {
            return [];
        }

        return $this->governancePackageSummaryForReview($review);
    }

    /**
     * @return array<string, mixed>
     */
    private function governancePackageSummaryForReview(EnvironmentReview $review): array
    {
        $summary = is_array($review->summary) ? $review->summary : [];
        $package = is_array($summary['governance_package'] ?? null) ? $summary['governance_package'] : [];

        return $package;
    }

    /**
     * @return array{state:string,label:string,description:string}
     */
    private function governancePackageAvailability(ManagedEnvironment $tenant): array
    {
        $review = $this->latestPublishedReview($tenant);

        if (! $review instanceof EnvironmentReview) {
            return [
                'state' => 'unavailable',
                'label' => __('localization.review.governance_package_unavailable'),
                'description' => __('localization.review.no_published_review_available'),
            ];
        }

        $pack = $review->currentExportReviewPack;
        $user = auth()->user();
        $decisionSummary = data_get($this->governancePackageSummaryForReview($review), 'decision_summary');
        $isPartialReview = is_array($decisionSummary) && (
            in_array((string) ($decisionSummary['status'] ?? ''), ['unavailable', 'incomplete'], true)
            || (string) ($decisionSummary['decision_data_state'] ?? '') === 'incomplete'
            || in_array((string) ($decisionSummary['evidence_state'] ?? ''), [
                EnvironmentReviewCompletenessState::Partial->value,
                EnvironmentReviewCompletenessState::Stale->value,
                EnvironmentReviewCompletenessState::Missing->value,
            ], true)
        );

        if (! $pack instanceof ReviewPack) {
            return [
                'state' => 'not_available',
                'label' => __('localization.review.review_pack_not_available_yet'),
                'description' => __('localization.review.review_pack_not_available_yet_description'),
            ];
        }

        if (! $user instanceof User || ! $user->can(Capabilities::REVIEW_PACK_VIEW, $tenant)) {
            return [
                'state' => 'unavailable',
                'label' => __('localization.review.unavailable'),
                'description' => __('localization.review.review_pack_unavailable_customer_description'),
            ];
        }

        if ($pack->status === ReviewPackStatus::Expired->value || ($pack->expires_at !== null && $pack->expires_at->isPast())) {
            return [
                'state' => 'expired',
                'label' => __('localization.review.governance_package_expired'),
                'description' => __('localization.review.governance_package_expired_description'),
            ];
        }

        if (in_array($pack->status, [ReviewPackStatus::Queued->value, ReviewPackStatus::Generating->value], true)) {
            return [
                'state' => 'preparing',
                'label' => __('localization.review.review_pack_preparing'),
                'description' => __('localization.review.review_pack_preparing_description'),
            ];
        }

        if ($pack->status !== ReviewPackStatus::Ready->value) {
            return [
                'state' => 'unavailable',
                'label' => __('localization.review.unavailable'),
                'description' => __('localization.review.review_pack_unavailable_customer_description'),
            ];
        }

        if (! filled($pack->file_path) || ! filled($pack->file_disk)) {
            return [
                'state' => 'not_available',
                'label' => __('localization.review.review_pack_not_available_yet'),
                'description' => __('localization.review.review_pack_not_available_yet_description'),
            ];
        }

        if ($isPartialReview) {
            return [
                'state' => 'evidence_incomplete',
                'label' => __('localization.review.review_pack_evidence_incomplete'),
                'description' => __('localization.review.review_pack_evidence_incomplete_description'),
            ];
        }

        return [
            'state' => 'available',
            'label' => __('localization.review.available'),
            'description' => __('localization.review.review_pack_available_customer_description'),
        ];
    }

    private function governancePackageAvailabilityLabel(ManagedEnvironment $tenant): string
    {
        return match ($this->governancePackageAvailability($tenant)['state']) {
            'available' => __('localization.review.available'),
            'evidence_incomplete' => __('localization.review.review_pack_evidence_incomplete'),
            'not_available' => __('localization.review.review_pack_not_available_yet'),
            'preparing' => __('localization.review.review_pack_preparing'),
            'expired' => __('localization.review.expired'),
            default => __('localization.review.unavailable'),
        };
    }

    private function governancePackageAvailabilityColor(ManagedEnvironment $tenant): string
    {
        return match ($this->governancePackageAvailability($tenant)['state']) {
            'available' => 'success',
            'evidence_incomplete', 'preparing' => 'warning',
            'expired', 'unavailable' => 'danger',
            default => 'gray',
        };
    }

    private function governancePackageTeaser(ManagedEnvironment $tenant): string
    {
        $package = $this->governancePackageSummary($tenant);

        $executiveSummary = $package['executive_summary'] ?? null;

        if (is_string($executiveSummary) && trim($executiveSummary) !== '') {
            return $executiveSummary;
        }

        return $this->governancePackageAvailability($tenant)['description'];
    }

    /**
     * @return array<string, mixed>
     */
    private function decisionSummaryForReview(EnvironmentReview $review): array
    {
        $package = $this->governancePackageSummaryForReview($review);
        $decisionSummary = is_array($package['decision_summary'] ?? null) ? $package['decision_summary'] : [];

        if ($decisionSummary === []) {
            return [
                'status' => 'unavailable',
                'label' => __('localization.review.decision_evidence_unavailable'),
                'color' => 'warning',
                'total_count' => 0,
                'summary' => __('localization.review.decision_summary_unavailable_description'),
                'next_action' => __('localization.review.decision_summary_unavailable_next_action'),
                'entries' => [],
            ];
        }

        $status = (string) ($decisionSummary['status'] ?? 'unavailable');

        if (! in_array($status, ['none', 'requires_awareness', 'unavailable', 'incomplete'], true)) {
            $status = 'unavailable';
        }

        $entries = collect($decisionSummary['entries'] ?? [])
            ->filter(static fn (mixed $entry): bool => is_array($entry))
            ->map(fn (array $entry): array => [
                'title' => $this->customerSafeText($entry['title'] ?? null, __('localization.review.governance_decisions')),
                'summary' => $this->customerSafeText($entry['summary'] ?? null, __('localization.review.decision_entry_customer_safe_summary')),
                'next_action' => $this->customerSafeText($entry['next_action'] ?? null, __('localization.review.decision_summary_requires_awareness_next_action')),
            ])
            ->take(3)
            ->values()
            ->all();

        return [
            'status' => $status,
            'label' => $this->decisionSummaryLabel($status),
            'color' => $this->decisionSummaryColor($status),
            'total_count' => (int) ($decisionSummary['total_count'] ?? count($entries)),
            'summary' => $this->customerSafeText(
                $decisionSummary['summary'] ?? null,
                $this->decisionSummaryFallbackText($status),
            ),
            'next_action' => $this->customerSafeText(
                $decisionSummary['next_action'] ?? null,
                $this->decisionSummaryFallbackNextAction($status),
            ),
            'entries' => $entries,
        ];
    }

    private function decisionSummaryLabel(string $status): string
    {
        return match ($status) {
            'requires_awareness' => __('localization.review.governance_decisions_requiring_awareness'),
            'none' => __('localization.review.no_decisions_require_awareness'),
            'incomplete' => __('localization.review.decision_evidence_incomplete'),
            default => __('localization.review.decision_evidence_unavailable'),
        };
    }

    private function decisionSummaryColor(string $status): string
    {
        return match ($status) {
            'requires_awareness' => 'warning',
            'none' => 'success',
            default => 'gray',
        };
    }

    private function decisionSummaryFallbackText(string $status): string
    {
        return match ($status) {
            'requires_awareness' => __('localization.review.decision_summary_requires_awareness_description'),
            'none' => __('localization.review.no_decisions_require_awareness_description'),
            'incomplete' => __('localization.review.decision_summary_incomplete_description'),
            default => __('localization.review.decision_summary_unavailable_description'),
        };
    }

    private function decisionSummaryFallbackNextAction(string $status): string
    {
        return match ($status) {
            'requires_awareness' => __('localization.review.decision_summary_requires_awareness_next_action'),
            'none' => __('localization.review.no_decisions_require_awareness_next_action'),
            'incomplete' => __('localization.review.decision_summary_incomplete_next_action'),
            default => __('localization.review.decision_summary_unavailable_next_action'),
        };
    }

    /**
     * @return array{count:int,entries:list<array<string, string>>,empty_state:string}
     */
    private function acceptedRisksForReview(EnvironmentReview $review): array
    {
        $package = $this->governancePackageSummaryForReview($review);
        $entries = collect($package['accepted_risks'] ?? [])
            ->filter(static fn (mixed $entry): bool => is_array($entry))
            ->map(fn (array $entry): array => [
                'title' => $this->customerSafeText($entry['title'] ?? null, __('localization.review.accepted_risk_state_on_record')),
                'state_label' => $this->acceptedRiskStateLabel(is_string($entry['governance_state'] ?? null) ? $entry['governance_state'] : null),
                'summary' => $this->customerSafeText(
                    $entry['customer_summary'] ?? null,
                    __('localization.review.accepted_risk_customer_safe_summary'),
                ),
            ])
            ->values();

        return [
            'count' => $entries->count(),
            'entries' => $entries->take(3)->all(),
            'empty_state' => __('localization.review.no_accepted_risks_recorded'),
        ];
    }

    private function acceptedRiskStateLabel(?string $state): string
    {
        return match ($state) {
            'valid_exception' => __('localization.review.accepted_risk_state_current'),
            'expiring_exception' => __('localization.review.accepted_risk_state_review_due'),
            default => __('localization.review.accepted_risk_state_on_record'),
        };
    }

    /**
     * @param  array{state:string,label:string,description:string}  $packageAvailability
     * @return array<string, string>
     */
    private function evidenceBasisForReview(EnvironmentReview $review, array $packageAvailability): array
    {
        $package = $this->governancePackageSummaryForReview($review);
        $decision = $this->decisionSummaryForReview($review);
        $pack = $review->currentExportReviewPack;

        $state = match (true) {
            $package === [] => 'unavailable',
            ! $pack instanceof ReviewPack => 'not_generated',
            $packageAvailability['state'] === 'evidence_incomplete' || $decision['status'] === 'incomplete' => 'incomplete',
            $decision['status'] === 'unavailable' => 'unavailable',
            $decision['status'] === 'none' => 'no_awareness_required',
            default => 'complete',
        };

        return [
            'state' => $state,
            'label' => $this->evidenceBasisLabel($state),
            'summary' => $this->evidenceBasisSummary($state),
            'color' => $this->evidenceBasisColor($state),
        ];
    }

    private function evidenceBasisLabel(string $state): string
    {
        return match ($state) {
            'complete' => __('localization.review.evidence_basis_complete'),
            'no_awareness_required' => __('localization.review.evidence_basis_no_awareness_required'),
            'incomplete' => __('localization.review.evidence_basis_incomplete'),
            'not_generated' => __('localization.review.evidence_basis_not_generated'),
            default => __('localization.review.evidence_basis_unavailable'),
        };
    }

    private function evidenceBasisSummary(string $state): string
    {
        return match ($state) {
            'complete' => __('localization.review.evidence_basis_complete_description'),
            'no_awareness_required' => __('localization.review.evidence_basis_no_awareness_required_description'),
            'incomplete' => __('localization.review.evidence_basis_incomplete_description'),
            'not_generated' => __('localization.review.evidence_basis_not_generated_description'),
            default => __('localization.review.evidence_basis_unavailable_description'),
        };
    }

    private function evidenceBasisColor(string $state): string
    {
        return match ($state) {
            'complete', 'no_awareness_required' => 'success',
            'incomplete' => 'warning',
            default => 'gray',
        };
    }

    private function customerSafeText(mixed $value, string $fallback, int $limit = 220): string
    {
        if (! is_string($value) || trim($value) === '') {
            return $fallback;
        }

        return Str::limit(trim($value), $limit);
    }

    private function controlReadinessColor(ManagedEnvironment $tenant): string
    {
        return match ((string) ($this->primaryControlSummary($tenant)['readiness_bucket'] ?? 'unmapped')) {
            'follow_up_required' => 'warning',
            'review_recommended' => 'info',
            'evidence_on_record' => 'success',
            default => 'gray',
        };
    }

    private function controlReadinessDescription(ManagedEnvironment $tenant): string
    {
        $review = $this->latestPublishedReview($tenant);

        if (! $review instanceof EnvironmentReview) {
            return __('localization.review.no_published_review_available');
        }

        $controls = $review->controlInterpretationControls();

        if ($controls === []) {
            return __('localization.review.control_readiness_unmapped_description');
        }

        $summary = collect($controls)
            ->take(2)
            ->map(function (array $control): string {
                $name = is_string($control['control_name'] ?? null) ? $control['control_name'] : __('localization.review.control');
                $label = is_string($control['readiness_label'] ?? null)
                    ? $control['readiness_label']
                    : ComplianceEvidenceMappingV1::readinessLabel((string) ($control['readiness_bucket'] ?? 'review_recommended'));

                return $name.': '.$label;
            })
            ->implode(' · ');

        $remaining = count($controls) - 2;

        if ($remaining > 0) {
            $summary .= ' · '.__('localization.review.additional_controls', ['count' => $remaining]);
        }

        $limitations = $this->controlLimitationSummary($review);

        return trim($summary.($limitations !== null ? ' '.$limitations : ''));
    }

    private function controlEvidenceBasisSummary(ManagedEnvironment $tenant): string
    {
        $control = $this->primaryControlSummary($tenant);

        if ($control === null) {
            return __('localization.review.control_evidence_unmapped');
        }

        $summary = $control['evidence_basis_summary'] ?? null;

        return is_string($summary) && trim($summary) !== ''
            ? $summary
            : __('localization.review.control_evidence_unavailable');
    }

    private function controlRecommendedNextAction(ManagedEnvironment $tenant): string
    {
        if ($this->primaryControlSummary($tenant) === null) {
            return __('localization.review.workspace_next_step_control_mapping');
        }

        if ($this->evidenceStatusState($tenant) !== 'available') {
            return __('localization.review.workspace_next_step_evidence_review');
        }

        return match ($this->governancePackageAvailability($tenant)['state']) {
            'available' => __('localization.review.workspace_next_step_package_review'),
            'evidence_incomplete' => __('localization.review.workspace_next_step_evidence_review'),
            default => __('localization.review.workspace_next_step_review_open'),
        };
    }

    private function workspaceReviewNeedsAttention(ManagedEnvironment $tenant): bool
    {
        $review = $this->latestPublishedReview($tenant);

        if (! $review instanceof EnvironmentReview) {
            return true;
        }

        if ($this->primaryControlSummary($tenant) === null) {
            return true;
        }

        if ($this->evidenceStatusState($tenant) !== 'available') {
            return true;
        }

        return $this->governancePackageAvailability($tenant)['state'] !== 'available';
    }

    private function evidenceStatusState(ManagedEnvironment $tenant): string
    {
        $review = $this->latestPublishedReview($tenant);

        if (! $review instanceof EnvironmentReview) {
            return 'pending';
        }

        $snapshot = $review->evidenceSnapshot;
        $user = auth()->user();

        if (! $snapshot instanceof EvidenceSnapshot) {
            return 'pending';
        }

        if (! $user instanceof User || ! $user->can(Capabilities::EVIDENCE_VIEW, $tenant)) {
            return 'restricted';
        }

        if ((string) $snapshot->status === 'expired' || ($snapshot->expires_at !== null && $snapshot->expires_at->isPast())) {
            return 'expired';
        }

        return 'available';
    }

    private function evidenceStatusLabelForState(string $state): string
    {
        return match ($state) {
            'available' => __('localization.review.available'),
            'restricted' => __('localization.review.restricted'),
            'expired' => __('localization.review.expired'),
            default => __('localization.review.pending'),
        };
    }

    private function evidenceStatusColorForState(string $state): string
    {
        return match ($state) {
            'available' => 'success',
            'restricted', 'expired' => 'danger',
            default => 'gray',
        };
    }

    private function controlRecommendedNextActionDescription(ManagedEnvironment $tenant): string
    {
        $control = $this->primaryControlSummary($tenant);

        if ($control === null) {
            return __('localization.review.control_recommendation_unmapped');
        }

        $action = $control['recommended_next_action'] ?? null;

        return is_string($action) && trim($action) !== ''
            ? $action
            : __('localization.review.no_action_needed');
    }

    /**
     * @return array<string, mixed>|null
     */
    private function primaryControlSummary(ManagedEnvironment $tenant): ?array
    {
        $review = $this->latestPublishedReview($tenant);

        if (! $review instanceof EnvironmentReview) {
            return null;
        }

        $controls = collect($review->controlInterpretationControls());

        return $controls
            ->sortBy(static fn (array $control): int => match ((string) ($control['readiness_bucket'] ?? '')) {
                'follow_up_required' => 0,
                'review_recommended' => 1,
                'evidence_on_record' => 2,
                default => 3,
            })
            ->first();
    }

    private function controlLimitationSummary(EnvironmentReview $review): ?string
    {
        $counts = $review->controlInterpretationLimitationCounts();

        if ($counts === []) {
            return null;
        }

        $labels = collect($counts)
            ->filter(static fn (int $count): bool => $count > 0)
            ->keys()
            ->map(static fn (string $flag): string => ComplianceEvidenceMappingV1::limitationLabel($flag))
            ->values()
            ->all();

        return $labels === []
            ? null
            : __('localization.review.control_limitations_summary', ['limitations' => implode(', ', $labels)]);
    }

    private function findingSummary(ManagedEnvironment $tenant): string
    {
        $review = $this->latestPublishedReview($tenant);

        if (! $review instanceof EnvironmentReview) {
            return __('localization.review.no_published_review_available');
        }

        $summary = is_array($review->summary) ? $review->summary : [];
        $findingCount = (int) ($summary['finding_count'] ?? 0);
        $findingOutcomes = is_array($summary['finding_outcomes'] ?? null) ? $summary['finding_outcomes'] : [];
        $terminalOutcomes = app(FindingOutcomeSemantics::class)->compactOutcomeSummary($findingOutcomes);

        if ($findingCount === 0) {
            return __('localization.review.no_findings_recorded');
        }

        if ($terminalOutcomes === null) {
            return __('localization.review.findings_count_summary', ['count' => $findingCount]);
        }

        return __('localization.review.findings_count_with_outcomes', [
            'count' => $findingCount,
            'outcomes' => $terminalOutcomes,
        ]);
    }

    private function acceptedRiskSummary(ManagedEnvironment $tenant): string
    {
        $review = $this->latestPublishedReview($tenant);

        if (! $review instanceof EnvironmentReview) {
            return __('localization.review.no_published_review_available');
        }

        $summary = is_array($review->summary) ? $review->summary : [];
        $riskAcceptance = is_array($summary['risk_acceptance'] ?? null) ? $summary['risk_acceptance'] : [];
        $statusMarkedCount = (int) ($riskAcceptance['status_marked_count'] ?? 0);
        $validGovernedCount = (int) ($riskAcceptance['valid_governed_count'] ?? 0);
        $warningCount = (int) ($riskAcceptance['warning_count'] ?? 0);

        $countSummary = match (true) {
            $statusMarkedCount === 0 => __('localization.review.no_accepted_risks_recorded'),
            $warningCount > 0 => __('localization.review.accepted_risks_need_follow_up', ['warnings' => $warningCount, 'total' => $statusMarkedCount]),
            $validGovernedCount > 0 => __('localization.review.accepted_risks_governed', ['count' => $validGovernedCount]),
            default => __('localization.review.accepted_risks_on_record', ['count' => $statusMarkedCount]),
        };

        $accountability = $this->acceptedRiskAccountability($tenant);

        return $accountability === null
            ? $countSummary
            : $countSummary.' '.$accountability;
    }

    private function evidenceProofAvailability(ManagedEnvironment $tenant): string
    {
        $review = $this->latestPublishedReview($tenant);

        if (! $review instanceof EnvironmentReview) {
            return __('localization.review.no_published_review_available');
        }

        $snapshot = $review->evidenceSnapshot;
        $user = auth()->user();

        if (! $snapshot instanceof EvidenceSnapshot) {
            return __('localization.review.evidence_proof_absent');
        }

        if (! $user instanceof User || ! $user->can(Capabilities::EVIDENCE_VIEW, $tenant)) {
            return __('localization.review.evidence_proof_access_unavailable');
        }

        if ((string) $snapshot->status === 'expired' || ($snapshot->expires_at !== null && $snapshot->expires_at->isPast())) {
            return __('localization.review.evidence_proof_expired');
        }

        return __('localization.review.evidence_proof_available');
    }

    private function evidenceStatusLabel(ManagedEnvironment $tenant): string
    {
        return $this->evidenceStatusLabelForState($this->evidenceStatusState($tenant));
    }

    private function evidenceStatusColor(ManagedEnvironment $tenant): string
    {
        return $this->evidenceStatusColorForState($this->evidenceStatusState($tenant));
    }

    /**
     * @return list<string>
     */
    private function visibleInterpretationVersions(): array
    {
        $user = auth()->user();
        $workspace = $this->workspace();

        if (! $user instanceof User || ! $workspace instanceof Workspace) {
            return [];
        }

        return app(EnvironmentReviewRegisterService::class)
            ->latestPublishedQuery($user, $workspace)
            ->get()
            ->map(static fn (EnvironmentReview $review): ?string => $review->controlInterpretationVersion())
            ->filter()
            ->unique()
            ->values()
            ->all();
    }

    private function currentTenantFilterInterpretationVersion(): ?string
    {
        $tenant = $this->filteredTenant();

        if (! $tenant instanceof ManagedEnvironment) {
            return null;
        }

        return $tenant->environmentReviews()->published()
            ->latest('published_at')
            ->latest('generated_at')
            ->latest('id')
            ->first()
            ?->controlInterpretationVersion();
    }

    private function acceptedRiskAccountability(ManagedEnvironment $tenant): ?string
    {
        $exception = FindingException::query()
            ->with(['owner', 'approver', 'currentDecision'])
            ->where('workspace_id', (int) $tenant->workspace_id)
            ->where('managed_environment_id', (int) $tenant->getKey())
            ->current()
            ->orderByRaw("case when current_validity_state in ('valid', 'expiring') then 0 else 1 end")
            ->latest('approved_at')
            ->latest('requested_at')
            ->latest('id')
            ->first();

        if (! $exception instanceof FindingException) {
            return null;
        }

        $accountable = $exception->owner?->name
            ?? $exception->approver?->name;
        $decisionType = $exception->currentDecision?->decision_type;
        $reviewDue = $exception->review_due_at ?? $exception->expires_at;
        $reason = is_string($exception->request_reason) ? trim($exception->request_reason) : '';
        $parts = [];

        if (is_string($accountable) && trim($accountable) !== '') {
            $parts[] = $reviewDue === null
                ? __('localization.review.accepted_risk_accountable', ['name' => $accountable])
                : __('localization.review.accepted_risk_accountable_until', [
                    'name' => $accountable,
                    'date' => $reviewDue->toDateString(),
                ]);
        } elseif (is_string($decisionType) && trim($decisionType) !== '') {
            $parts[] = __('localization.review.accepted_risk_partial_accountability');
        }

        if ($reason !== '') {
            $parts[] = __('localization.review.accepted_risk_reason', [
                'reason' => Str::limit($reason, 160),
            ]);
        }

        return $parts === [] ? null : implode(' ', $parts);
    }

    private function navigationContext(): ?CanonicalNavigationContext
    {
        return CanonicalNavigationContext::fromRequest(request());
    }

    private function incomingGovernanceContext(): ?CanonicalNavigationContext
    {
        $context = $this->navigationContext();

        return $context?->sourceSurface === 'governance.inbox'
            ? $context
            : null;
    }

    /**
     * @param  array<string, mixed>  $query
     */
    private function appendQuery(string $url, array $query): string
    {
        if ($query === []) {
            return $url;
        }

        return $url.(str_contains($url, '?') ? '&' : '?').http_build_query($query);
    }
}