using System.Security.Cryptography;

namespace StellaOps.Scanner.Analyzers.Lang.Bun.Internal;

internal static class BunEvidenceHasher
{
    internal const int MaxPackageJsonEvidenceBytes = 1024 * 1024; // 1 MiB
    internal const int MaxLockfileEvidenceBytes = 50 * 1024 * 1024; // 50 MiB (matches BunLockParser cap)

    internal static string? TryComputeBoundedSha256(string path, int maxBytes, out string? skipReason)
    {
        skipReason = null;

        try
        {
            var info = new FileInfo(path);
            if (!info.Exists)
            {
                skipReason = "missing";
                return null;
            }

            if (info.Length > maxBytes)
            {
                skipReason = $"size>{maxBytes}";
                return null;
            }

            using var stream = File.OpenRead(path);
            var hash = SHA256.HashData(stream);
            return Convert.ToHexString(hash).ToLowerInvariant();
        }
        catch (UnauthorizedAccessException)
        {
            skipReason = "unauthorized";
            return null;
        }
        catch (IOException)
        {
            skipReason = "io";
            return null;
        }
    }
}