<?php

use App\Services\Providers\ProviderOperationRegistry;
use App\Support\Providers\Boundary\ProviderBoundaryCatalog;
use App\Support\Providers\Boundary\ProviderBoundaryOwner;

it('blocks undocumented provider terms in platform-core seams', function (): void {
    $result = app(ProviderBoundaryCatalog::class)->evaluateChange(
        seamKey: 'provider.identity_resolution',
        filePath: 'app/Services/Providers/ProviderIdentityResolution.php',
        proposedOwner: ProviderBoundaryOwner::PlatformCore,
        providerSpecificTerms: ['client_request_id'],
    );

    expect($result['status'])->toBe(ProviderBoundaryCatalog::STATUS_BLOCKED)
        ->and($result['violation_code'])->toBe(ProviderBoundaryCatalog::VIOLATION_PLATFORM_CORE_PROVIDER_LEAK)
        ->and($result['suggested_follow_up'])->toBe('follow-up-spec');
});

it('requires review for documented current-release exceptions on platform-core seams', function (): void {
    $result = app(ProviderBoundaryCatalog::class)->evaluateChange(
        seamKey: 'provider.identity_resolution',
        filePath: 'app/Services/Providers/ProviderIdentityResolver.php',
        proposedOwner: 'platform_core',
        providerSpecificTerms: ['entra_tenant_id'],
    );

    expect($result['status'])->toBe(ProviderBoundaryCatalog::STATUS_REVIEW_REQUIRED)
        ->and($result['violation_code'])->toBe(ProviderBoundaryCatalog::VIOLATION_NONE)
        ->and($result['suggested_follow_up'])->toBe('follow-up-spec');
});

it('allows provider-specific terms inside provider-owned seams', function (): void {
    $result = app(ProviderBoundaryCatalog::class)->evaluateChange(
        seamKey: 'provider.gateway_runtime',
        filePath: 'app/Services/Providers/ProviderGateway.php',
        proposedOwner: ProviderBoundaryOwner::ProviderOwned,
        providerSpecificTerms: ['client_request_id', 'client_secret'],
    );

    expect($result['status'])->toBe(ProviderBoundaryCatalog::STATUS_ALLOWED)
        ->and($result['violation_code'])->toBe(ProviderBoundaryCatalog::VIOLATION_NONE);
});

it('keeps operation definitions separate from provider bindings', function (): void {
    $registry = app(ProviderOperationRegistry::class);

    $definition = $registry->get('provider.connection.check');
    $binding = $registry->bindingFor('provider.connection.check', 'microsoft');

    expect($definition)->toMatchArray([
        'operation_type' => 'provider.connection.check',
        'module' => 'health_check',
        'label' => 'Provider connection check',
        'required_capability' => \App\Support\Auth\Capabilities::PROVIDER_RUN,
    ]);

    expect($binding)->toMatchArray([
        'provider' => 'microsoft',
        'binding_status' => ProviderOperationRegistry::BINDING_ACTIVE,
    ]);
});

it('blocks provider binding metadata when it is proposed as platform-core truth', function (): void {
    $result = app(ProviderBoundaryCatalog::class)->evaluateChange(
        seamKey: 'provider.operation_registry',
        filePath: 'app/Services/Providers/ProviderOperationRegistry.php',
        proposedOwner: ProviderBoundaryOwner::PlatformCore,
        providerSpecificTerms: ['microsoft'],
        introducesNewBinding: true,
    );

    expect($result['status'])->toBe(ProviderBoundaryCatalog::STATUS_BLOCKED)
        ->and($result['violation_code'])->toBe(ProviderBoundaryCatalog::VIOLATION_PROVIDER_BINDING_AS_PRIMARY_TRUTH);
});