<?php

use App\Models\Finding;
use App\Models\Policy;
use App\Models\PolicyVersion;

it('shows an explicit diff unavailable message when policy version references are missing', function (): void {
    [$user, $tenant] = createUserWithTenant(role: 'owner');

    $finding = Finding::factory()->create([
        'tenant_id' => (int) $tenant->getKey(),
        'finding_type' => Finding::FINDING_TYPE_DRIFT,
        'source' => 'baseline.compare',
        'subject_type' => 'policy',
        'subject_external_id' => 'policy-alpha-uuid',
        'evidence_fidelity' => 'meta',
        'evidence_jsonb' => [
            'change_type' => 'different_version',
            'policy_type' => 'deviceConfiguration',
            'subject_key' => 'policy alpha',
            'summary' => [
                'kind' => 'policy_snapshot',
            ],
            'baseline' => [
                'policy_version_id' => null,
            ],
            'current' => [
                'policy_version_id' => null,
            ],
            'fidelity' => 'meta',
            'provenance' => [
                'baseline_profile_id' => 1,
                'baseline_snapshot_id' => 1,
                'compare_operation_run_id' => 1,
                'inventory_sync_run_id' => null,
            ],
        ],
    ]);

    $this->actingAs($user)
        ->get(route('filament.tenant.resources.findings.view', array_merge(
            filamentTenantRouteParams($tenant),
            ['record' => $finding],
        )))
        ->assertOk()
        ->assertSee('Diff unavailable')
        ->assertDontSee('No normalized changes were found');
});

it('renders a diff against an empty baseline for unexpected_policy findings with a current policy version reference', function (): void {
    [$user, $tenant] = createUserWithTenant(role: 'owner');

    $policy = Policy::factory()->create([
        'tenant_id' => (int) $tenant->getKey(),
        'external_id' => 'policy-unexpected-uuid',
        'policy_type' => 'deviceCompliancePolicy',
        'platform' => 'windows',
        'display_name' => 'Bitlocker Require',
    ]);

    $currentVersion = PolicyVersion::factory()->create([
        'tenant_id' => (int) $tenant->getKey(),
        'policy_id' => (int) $policy->getKey(),
        'policy_type' => 'deviceCompliancePolicy',
        'platform' => 'windows',
        'snapshot' => [
            '@odata.type' => '#microsoft.graph.windows10CompliancePolicy',
            'passwordRequired' => true,
        ],
        'assignments' => [],
        'scope_tags' => [],
    ]);

    $finding = Finding::factory()->create([
        'tenant_id' => (int) $tenant->getKey(),
        'finding_type' => Finding::FINDING_TYPE_DRIFT,
        'source' => 'baseline.compare',
        'subject_type' => 'policy',
        'subject_external_id' => 'policy-unexpected-uuid',
        'evidence_fidelity' => 'mixed',
        'evidence_jsonb' => [
            'change_type' => 'unexpected_policy',
            'policy_type' => 'deviceCompliancePolicy',
            'subject_key' => 'bitlocker require',
            'summary' => [
                'kind' => 'policy_snapshot',
            ],
            'baseline' => [
                'policy_version_id' => null,
            ],
            'current' => [
                'policy_version_id' => (int) $currentVersion->getKey(),
            ],
            'fidelity' => 'mixed',
            'provenance' => [
                'baseline_profile_id' => 1,
                'baseline_snapshot_id' => 1,
                'compare_operation_run_id' => 1,
                'inventory_sync_run_id' => null,
            ],
        ],
    ]);

    $this->actingAs($user)
        ->get(route('filament.tenant.resources.findings.view', array_merge(
            filamentTenantRouteParams($tenant),
            ['record' => $finding],
        )))
        ->assertOk()
        ->assertDontSee('Diff unavailable')
        ->assertSee('1 added')
        ->assertSee('Password required');
});

it('renders a diff against an empty current side for missing_policy findings with a baseline policy version reference', function (): void {
    [$user, $tenant] = createUserWithTenant(role: 'owner');

    $policy = Policy::factory()->create([
        'tenant_id' => (int) $tenant->getKey(),
        'external_id' => 'policy-missing-uuid',
        'policy_type' => 'deviceCompliancePolicy',
        'platform' => 'windows',
        'display_name' => 'Bitlocker Require',
    ]);

    $baselineVersion = PolicyVersion::factory()->create([
        'tenant_id' => (int) $tenant->getKey(),
        'policy_id' => (int) $policy->getKey(),
        'policy_type' => 'deviceCompliancePolicy',
        'platform' => 'windows',
        'snapshot' => [
            '@odata.type' => '#microsoft.graph.windows10CompliancePolicy',
            'passwordRequired' => true,
        ],
        'assignments' => [],
        'scope_tags' => [],
    ]);

    $finding = Finding::factory()->create([
        'tenant_id' => (int) $tenant->getKey(),
        'finding_type' => Finding::FINDING_TYPE_DRIFT,
        'source' => 'baseline.compare',
        'subject_type' => 'policy',
        'subject_external_id' => 'policy-missing-uuid',
        'evidence_fidelity' => 'mixed',
        'evidence_jsonb' => [
            'change_type' => 'missing_policy',
            'policy_type' => 'deviceCompliancePolicy',
            'subject_key' => 'bitlocker require',
            'summary' => [
                'kind' => 'policy_snapshot',
            ],
            'baseline' => [
                'policy_version_id' => (int) $baselineVersion->getKey(),
            ],
            'current' => [
                'policy_version_id' => null,
            ],
            'fidelity' => 'mixed',
            'provenance' => [
                'baseline_profile_id' => 1,
                'baseline_snapshot_id' => 1,
                'compare_operation_run_id' => 1,
                'inventory_sync_run_id' => null,
            ],
        ],
    ]);

    $this->actingAs($user)
        ->get(route('filament.tenant.resources.findings.view', array_merge(
            filamentTenantRouteParams($tenant),
            ['record' => $finding],
        )))
        ->assertOk()
        ->assertDontSee('Diff unavailable')
        ->assertSee('1 removed')
        ->assertSee('Password required');
});