<?php

declare(strict_types=1);

use App\Filament\Resources\EvidenceSnapshotResource;
use App\Models\ManagedEnvironment;
use App\Models\ManagedEnvironmentPermission;
use App\Models\PlatformUser;
use App\Models\ProviderConnection;
use App\Models\User;
use App\Models\Workspace;
use App\Support\Auth\PlatformCapabilities;
use App\Support\ManagedEnvironmentLinks;
use App\Support\Providers\ProviderVerificationStatus;
use Illuminate\Foundation\Testing\RefreshDatabase;

pest()->browser()->timeout(60_000);

uses(RefreshDatabase::class);

beforeEach(function (): void {
    config()->set('graph.client_id', 'spec376-platform-client');
    config()->set('graph.client_secret', 'spec376-platform-secret');
    config()->set('graph.managed_environment_id', 'organizations');
});

it('Spec376 smokes admin evidence, required permissions, and provider connection detail fixtures', function (): void {
    $fixture = spec376AdminFixture();

    $evidencePath = spec376BrowserPath(EvidenceSnapshotResource::getUrl(
        'view',
        ['record' => $fixture['snapshot']],
        tenant: $fixture['environment'],
        panel: 'admin',
    ));
    $requiredPermissionsPath = spec376BrowserPath(ManagedEnvironmentLinks::requiredPermissionsUrl($fixture['environment']));
    $providerConnectionPath = spec376BrowserPath(ManagedEnvironmentLinks::providerConnectionUrl(
        $fixture['connection'],
        'view',
        $fixture['environment'],
    ));

    visit(spec376BrowserLoginUrl($fixture['user'], $fixture['environment'], $evidencePath))
        ->resize(1440, 1100)
        ->waitForText('Outcome summary')
        ->assertSee('Evidence basis and readiness')
        ->assertSee('Evidence dimensions')
        ->assertNoJavaScriptErrors()
        ->assertNoConsoleLogs()
        ->screenshot(true, spec376BrowserScreenshot('001-evidence-snapshot-view'));
    spec376BrowserCopyScreenshot('001-evidence-snapshot-view');

    visit($requiredPermissionsPath)
        ->resize(1440, 1100)
        ->waitForText(__('localization.provider_guidance.required_permissions_missing_title'))
        ->assertSee(__('localization.provider_guidance.action_open_admin_consent'))
        ->assertNoJavaScriptErrors()
        ->assertNoConsoleLogs()
        ->screenshot(true, spec376BrowserScreenshot('002-required-permissions'));
    spec376BrowserCopyScreenshot('002-required-permissions');

    visit($providerConnectionPath)
        ->resize(1440, 1100)
        ->waitForText(__('localization.provider_guidance.provider_readiness_blocked_title'))
        ->assertSee($fixture['connection']->display_name)
        ->assertNoJavaScriptErrors()
        ->assertNoConsoleLogs()
        ->screenshot(true, spec376BrowserScreenshot('005-provider-connection-detail'));
    spec376BrowserCopyScreenshot('005-provider-connection-detail');
});

it('Spec376 smokes system dashboard and operations through platform guard fixtures', function (): void {
    $platformUser = PlatformUser::factory()->create([
        'capabilities' => [
            PlatformCapabilities::ACCESS_SYSTEM_PANEL,
            PlatformCapabilities::CONSOLE_VIEW,
            PlatformCapabilities::OPERATIONS_VIEW,
        ],
        'is_active' => true,
    ]);

    auth('web')->logout();
    $this->flushSession();
    $this->actingAs($platformUser, 'platform');

    visit('/system')
        ->resize(1440, 1100)
        ->waitForText(__('localization.dashboard.system_title'))
        ->assertNoJavaScriptErrors()
        ->assertNoConsoleLogs()
        ->screenshot(true, spec376BrowserScreenshot('003-system-dashboard'));
    spec376BrowserCopyScreenshot('003-system-dashboard');

    visit('/system/ops/runs')
        ->resize(1440, 1100)
        ->waitForText('Operations')
        ->assertSee('No operations yet')
        ->assertNoJavaScriptErrors()
        ->assertNoConsoleLogs()
        ->screenshot(true, spec376BrowserScreenshot('004-system-operations'));
    spec376BrowserCopyScreenshot('004-system-operations');
});

/**
 * @return array{
 *     user: User,
 *     workspace: Workspace,
 *     environment: ManagedEnvironment,
 *     snapshot: \App\Models\EvidenceSnapshot,
 *     connection: ProviderConnection,
 * }
 */
function spec376AdminFixture(): array
{
    [$user, $environment] = createUserWithTenant(
        role: 'owner',
        workspaceRole: 'owner',
        ensureDefaultMicrosoftProviderConnection: false,
    );

    $environment->forceFill([
        'name' => 'Spec376 Browser Evidence Environment',
    ])->save();

    $workspace = $environment->workspace()->firstOrFail();
    $snapshot = seedEnvironmentReviewEvidence($environment, findingCount: 1, driftCount: 0);
    $missingPermissionKey = spec376FirstApplicationPermissionKey();

    spec376SeedPermissionRows($environment, missingKeys: [$missingPermissionKey]);

    $connection = ProviderConnection::factory()->platform()->verifiedHealthy()->create([
        'managed_environment_id' => (int) $environment->getKey(),
        'workspace_id' => (int) $workspace->getKey(),
        'display_name' => 'Spec376 Provider Connection Detail',
        'is_default' => true,
        'verification_status' => ProviderVerificationStatus::Healthy->value,
    ]);

    return [
        'user' => $user,
        'workspace' => $workspace,
        'environment' => $environment,
        'snapshot' => $snapshot,
        'connection' => $connection,
    ];
}

function spec376FirstApplicationPermissionKey(): string
{
    $permission = collect(spec283ConfiguredPermissionRows())
        ->first(static fn (mixed $row): bool => is_array($row) && ($row['type'] ?? null) === 'application');

    expect($permission)->not->toBeNull();

    return (string) $permission['key'];
}

/**
 * @param  array<int, string>  $missingKeys
 * @param  array<int, string>  $errorKeys
 */
function spec376SeedPermissionRows(
    ManagedEnvironment $environment,
    array $missingKeys = [],
    array $errorKeys = [],
): void {
    foreach (spec283ConfiguredPermissionRows() as $permission) {
        if (! is_array($permission)) {
            continue;
        }

        $permissionKey = (string) ($permission['key'] ?? '');

        if ($permissionKey === '') {
            continue;
        }

        ManagedEnvironmentPermission::query()->updateOrCreate(
            [
                'managed_environment_id' => (int) $environment->getKey(),
                'permission_key' => $permissionKey,
                'workspace_id' => (int) $environment->workspace_id,
            ],
            [
                'status' => in_array($permissionKey, $errorKeys, true)
                    ? 'error'
                    : (in_array($permissionKey, $missingKeys, true) ? 'missing' : 'granted'),
                'details' => ['source' => 'spec-376-browser-fixture'],
                'last_checked_at' => now(),
            ],
        );
    }
}

function spec376BrowserLoginUrl(User $user, ManagedEnvironment $environment, string $redirect): string
{
    return route('admin.local.smoke-login', [
        'email' => $user->email,
        'tenant' => $environment->external_id,
        'workspace' => $environment->workspace->slug,
        'redirect' => $redirect,
    ]);
}

function spec376BrowserPath(string $url): string
{
    $path = parse_url($url, PHP_URL_PATH) ?: '/admin';
    $query = parse_url($url, PHP_URL_QUERY);

    return is_string($query) && $query !== '' ? $path.'?'.$query : $path;
}

function spec376BrowserScreenshot(string $name): string
{
    return $name;
}

function spec376BrowserCopyScreenshot(string $name): void
{
    $filename = spec376BrowserScreenshot($name).'.png';
    $source = base_path('tests/Browser/Screenshots/'.$filename);
    $targetDirectory = repo_path('specs/376-browser-audit-fixture-coverage-evidence-system-surfaces/artifacts/screenshots');

    if (! is_dir($targetDirectory)) {
        @mkdir($targetDirectory, 0755, true);
    }

    if (! is_file($source)) {
        $source = \Pest\Browser\Support\Screenshot::path($filename);
    }

    for ($attempt = 0; $attempt < 10 && ! is_file($source); $attempt++) {
        usleep(100_000);
        clearstatcache(true, $source);
    }

    if (is_file($source) && is_dir($targetDirectory) && is_writable($targetDirectory)) {
        @copy($source, $targetDirectory.DIRECTORY_SEPARATOR.$filename);
    }
}