<?php

declare(strict_types=1);

namespace Tests\Browser\Support;

use App\Models\AlertDelivery;
use App\Models\AlertDestination;
use App\Models\AlertRule;
use App\Models\AuditLog;
use App\Models\EnvironmentReview;
use App\Models\EvidenceSnapshot;
use App\Models\Finding;
use App\Models\FindingException;
use App\Models\FindingExceptionDecision;
use App\Models\ManagedEnvironment;
use App\Models\OperationRun;
use App\Models\ProviderConnection;
use App\Models\User;
use App\Models\Workspace;
use App\Support\EnvironmentReviewStatus;
use App\Support\Evidence\EvidenceSnapshotStatus;
use App\Support\Workspaces\WorkspaceContext;

final class Spec322WorkspaceEnvironmentBrowserHarness
{
    /**
     * @return array{
     *     user: User,
     *     workspace: Workspace,
     *     environmentA: ManagedEnvironment,
     *     environmentB: ManagedEnvironment,
     *     runA: OperationRun,
     *     runB: OperationRun,
     *     connectionA: ProviderConnection,
     *     connectionB: ProviderConnection,
     *     exceptionA: FindingException,
     *     exceptionB: FindingException,
     *     snapshotA: EvidenceSnapshot,
     *     snapshotB: EvidenceSnapshot,
     *     reviewA: EnvironmentReview,
     *     reviewB: EnvironmentReview,
     *     deliveryA: AlertDelivery,
     *     deliveryB: AlertDelivery,
     *     auditA: AuditLog,
     *     auditB: AuditLog,
     *     auditWorkspace: AuditLog
     * }
     */
    public static function fixture(): array
    {
        $environmentA = ManagedEnvironment::factory()->active()->create([
            'name' => 'Spec322 Browser Environment A',
            'external_id' => 'spec322-browser-environment-a',
        ]);
        [$user, $environmentA] = \createUserWithTenant(tenant: $environmentA, role: 'owner', workspaceRole: 'owner');

        $environmentB = ManagedEnvironment::factory()->active()->create([
            'workspace_id' => (int) $environmentA->workspace_id,
            'name' => 'Spec322 Browser Environment B',
            'external_id' => 'spec322-browser-environment-b',
        ]);
        \createUserWithTenant(tenant: $environmentB, user: $user, role: 'owner', workspaceRole: 'owner');

        $workspace = $environmentA->workspace()->firstOrFail();

        $runA = OperationRun::factory()->forTenant($environmentA)->create(['type' => 'policy.sync']);
        $runB = OperationRun::factory()->forTenant($environmentB)->create(['type' => 'inventory_sync']);

        $exceptionA = self::findingException($environmentA, $user, 'Spec322 Browser Governance A', 'Spec322 Browser Decision A');
        $exceptionB = self::findingException($environmentB, $user, 'Spec322 Browser Governance B', 'Spec322 Browser Decision B');

        $connectionA = ProviderConnection::factory()->create([
            'workspace_id' => (int) $workspace->getKey(),
            'managed_environment_id' => (int) $environmentA->getKey(),
            'display_name' => 'Spec322 Browser Provider A',
        ]);
        $connectionB = ProviderConnection::factory()->create([
            'workspace_id' => (int) $workspace->getKey(),
            'managed_environment_id' => (int) $environmentB->getKey(),
            'display_name' => 'Spec322 Browser Provider B',
        ]);

        $snapshotA = self::evidenceSnapshot($environmentA);
        $snapshotB = self::evidenceSnapshot($environmentB);

        $reviewA = self::publishedReview($environmentA, $user, $snapshotA);
        $reviewB = self::publishedReview($environmentB, $user, $snapshotB);

        $rule = AlertRule::factory()->create(['workspace_id' => (int) $workspace->getKey()]);
        $destination = AlertDestination::factory()->create(['workspace_id' => (int) $workspace->getKey()]);

        $deliveryA = AlertDelivery::factory()->create([
            'workspace_id' => (int) $workspace->getKey(),
            'managed_environment_id' => (int) $environmentA->getKey(),
            'alert_rule_id' => (int) $rule->getKey(),
            'alert_destination_id' => (int) $destination->getKey(),
            'status' => AlertDelivery::STATUS_FAILED,
            'created_at' => now()->subHour(),
        ]);
        $deliveryB = AlertDelivery::factory()->create([
            'workspace_id' => (int) $workspace->getKey(),
            'managed_environment_id' => (int) $environmentB->getKey(),
            'alert_rule_id' => (int) $rule->getKey(),
            'alert_destination_id' => (int) $destination->getKey(),
            'status' => AlertDelivery::STATUS_SENT,
            'created_at' => now()->subHour(),
        ]);

        $auditA = self::auditRecord($environmentA, 'Spec322 browser audit A');
        $auditB = self::auditRecord($environmentB, 'Spec322 browser audit B');
        $auditWorkspace = self::auditRecord(null, 'Spec322 browser workspace audit', [
            'workspace_id' => (int) $workspace->getKey(),
        ]);

        return compact(
            'user',
            'workspace',
            'environmentA',
            'environmentB',
            'runA',
            'runB',
            'connectionA',
            'connectionB',
            'exceptionA',
            'exceptionB',
            'snapshotA',
            'snapshotB',
            'reviewA',
            'reviewB',
            'deliveryA',
            'deliveryB',
            'auditA',
            'auditB',
            'auditWorkspace',
        );
    }

    public static function authenticate(object $testCase, User $user, Workspace $workspace, ?ManagedEnvironment $rememberedEnvironment = null): void
    {
        $session = [
            WorkspaceContext::SESSION_KEY => (int) $workspace->getKey(),
        ];

        if ($rememberedEnvironment instanceof ManagedEnvironment) {
            $session[WorkspaceContext::LAST_ENVIRONMENT_IDS_SESSION_KEY] = [
                (string) $workspace->getKey() => (int) $rememberedEnvironment->getKey(),
            ];
        }

        $testCase->actingAs($user)->withSession($session);

        foreach ($session as $key => $value) {
            session()->put($key, $value);
        }

        \setAdminPanelContext($rememberedEnvironment);
    }

    public static function assertWorkspaceOnly(mixed $page, ?string $wideText = null, ?string $environmentName = null): mixed
    {
        $page
            ->waitForText(__('localization.shell.no_environment_selected'))
            ->assertDontSee('Environment filter:')
            ->assertNoJavaScriptErrors()
            ->assertNoConsoleLogs();

        if ($wideText !== null) {
            $page->assertSee($wideText);
        }

        if ($environmentName !== null) {
            $page->assertDontSee(__('localization.shell.environment_scope').': '.$environmentName);
        }

        return self::assertNoLegacyQuery($page);
    }

    public static function assertFilteredWorkspaceHub(mixed $page, ManagedEnvironment $environment, ?string $hiddenText = null): mixed
    {
        $page
            ->waitForText('Environment filter:')
            ->assertSee($environment->name)
            ->assertDontSee(__('localization.shell.environment_scope').': '.$environment->name)
            ->assertSee('Clear filter')
            ->assertScript('window.location.search.includes("environment_id=")', true)
            ->assertScript('! window.location.search.includes("tenant=")', true)
            ->assertScript('! window.location.search.includes("tenant_id=")', true)
            ->assertScript('! window.location.search.includes("managed_environment_id=")', true)
            ->assertScript('! window.location.search.includes("tenant_scope=")', true)
            ->assertScript('! window.location.search.includes("tableFilters")', true)
            ->assertNoJavaScriptErrors()
            ->assertNoConsoleLogs();

        if ($hiddenText !== null) {
            $page->assertDontSee($hiddenText);
        }

        return $page;
    }

    public static function assertNoLegacyQuery(mixed $page): mixed
    {
        return $page
            ->assertScript('! window.location.search.includes("environment_id=")', true)
            ->assertScript('! window.location.search.includes("tenant=")', true)
            ->assertScript('! window.location.search.includes("tenant_id=")', true)
            ->assertScript('! window.location.search.includes("managed_environment_id=")', true)
            ->assertScript('! window.location.search.includes("tenant_scope=")', true)
            ->assertScript('! window.location.search.includes("tableFilters")', true);
    }

    public static function clearWorkspaceHubEnvironmentFilter(mixed $page): mixed
    {
        $page->assertScript('document.querySelector(\'[data-testid="workspace-hub-environment-filter-clear"]\') instanceof HTMLAnchorElement', true);
        $page->script('window.location.assign(document.querySelector(\'[data-testid="workspace-hub-environment-filter-clear"]\').href);');

        return $page->waitForText(__('localization.shell.no_environment_selected'));
    }

    private static function findingException(
        ManagedEnvironment $environment,
        User $actor,
        string $requestReason,
        string $decisionReason,
    ): FindingException {
        $finding = Finding::factory()->for($environment)->riskAccepted()->create([
            'workspace_id' => (int) $environment->workspace_id,
            'subject_external_id' => str()->slug($requestReason),
        ]);

        $exception = FindingException::query()->create([
            'workspace_id' => (int) $environment->workspace_id,
            'managed_environment_id' => (int) $environment->getKey(),
            'finding_id' => (int) $finding->getKey(),
            'requested_by_user_id' => (int) $actor->getKey(),
            'owner_user_id' => (int) $actor->getKey(),
            'status' => FindingException::STATUS_PENDING,
            'current_validity_state' => FindingException::VALIDITY_MISSING_SUPPORT,
            'request_reason' => $requestReason,
            'requested_at' => now()->subDay(),
            'review_due_at' => now()->addDay(),
            'evidence_summary' => ['reference_count' => 0],
        ]);

        $decision = $exception->decisions()->create([
            'workspace_id' => (int) $environment->workspace_id,
            'managed_environment_id' => (int) $environment->getKey(),
            'actor_user_id' => (int) $actor->getKey(),
            'decision_type' => FindingExceptionDecision::TYPE_REQUESTED,
            'reason' => $decisionReason,
            'metadata' => [],
            'decided_at' => now()->subDay(),
        ]);

        $exception->forceFill(['current_decision_id' => (int) $decision->getKey()])->save();

        return $exception->fresh(['currentDecision']);
    }

    private static function evidenceSnapshot(ManagedEnvironment $environment): EvidenceSnapshot
    {
        return EvidenceSnapshot::query()->create([
            'managed_environment_id' => (int) $environment->getKey(),
            'workspace_id' => (int) $environment->workspace_id,
            'status' => EvidenceSnapshotStatus::Active->value,
            'summary' => ['missing_dimensions' => 0, 'stale_dimensions' => 0],
            'generated_at' => now(),
        ]);
    }

    private static function publishedReview(ManagedEnvironment $environment, User $user, EvidenceSnapshot $snapshot): EnvironmentReview
    {
        $review = \composeEnvironmentReviewForTest($environment, $user, $snapshot);
        $review->forceFill([
            'status' => EnvironmentReviewStatus::Published->value,
            'published_at' => now(),
            'published_by_user_id' => (int) $user->getKey(),
        ])->save();

        return $review->fresh();
    }

    /**
     * @param  array<string, mixed>  $attributes
     */
    private static function auditRecord(?ManagedEnvironment $environment, string $summary, array $attributes = []): AuditLog
    {
        $workspaceId = array_key_exists('workspace_id', $attributes)
            ? (int) $attributes['workspace_id']
            : (int) ($environment?->workspace_id);

        return AuditLog::query()->create(array_merge([
            'workspace_id' => $workspaceId,
            'managed_environment_id' => $environment?->getKey(),
            'actor_email' => 'spec322-browser@example.test',
            'actor_name' => 'Spec322 Browser Operator',
            'action' => 'operation.completed',
            'status' => 'success',
            'resource_type' => 'operation_run',
            'resource_id' => '322',
            'summary' => $summary,
            'metadata' => [],
            'recorded_at' => now(),
        ], $attributes));
    }
}