// -----------------------------------------------------------------------------
// PolicyDecisionAttestationOptions.cs
// Sprint: SPRINT_3801_0001_0001_policy_decision_attestation
// Description: Configuration options for policy decision attestation service.
// -----------------------------------------------------------------------------

using System;
using System.ComponentModel.DataAnnotations;

namespace StellaOps.Policy.Engine.Attestation;

/// <summary>
/// Configuration options for <see cref="PolicyDecisionAttestationService"/>.
/// </summary>
public sealed class PolicyDecisionAttestationOptions
{
    /// <summary>
    /// Configuration section name.
    /// </summary>
    public const string SectionName = "PolicyDecisionAttestation";

    /// <summary>
    /// Whether attestation creation is enabled.
    /// </summary>
    public bool Enabled { get; set; } = true;

    /// <summary>
    /// Whether to use the Signer service for signing.
    /// If false, attestations will be created unsigned (for dev/test only).
    /// </summary>
    public bool UseSignerService { get; set; } = true;

    /// <summary>
    /// Default key ID to use for signing (null = use signer default).
    /// </summary>
    public string? DefaultKeyId { get; set; }

    /// <summary>
    /// Whether to submit attestations to Rekor by default.
    /// </summary>
    public bool SubmitToRekorByDefault { get; set; } = false;

    /// <summary>
    /// Rekor server URL (null = use default Sigstore Rekor).
    /// </summary>
    public string? RekorUrl { get; set; }

    /// <summary>
    /// Default TTL for attestation validity (hours).
    /// </summary>
    [Range(1, 8760)] // 1 hour to 1 year
    public int DefaultTtlHours { get; set; } = 24;

    /// <summary>
    /// Whether to include evidence references by default.
    /// </summary>
    public bool IncludeEvidenceRefs { get; set; } = true;

    /// <summary>
    /// Whether to include gate details in attestations.
    /// </summary>
    public bool IncludeGateDetails { get; set; } = true;

    /// <summary>
    /// Whether to include violation details in attestations.
    /// </summary>
    public bool IncludeViolationDetails { get; set; } = true;

    /// <summary>
    /// Maximum number of violations to include in an attestation.
    /// </summary>
    [Range(1, 1000)]
    public int MaxViolationsToInclude { get; set; } = 100;

    /// <summary>
    /// Whether to log attestation creation events.
    /// </summary>
    public bool EnableAuditLogging { get; set; } = true;

    /// <summary>
    /// Timeout for signer service calls (seconds).
    /// </summary>
    [Range(1, 300)]
    public int SignerTimeoutSeconds { get; set; } = 30;

    /// <summary>
    /// Timeout for Rekor submissions (seconds).
    /// </summary>
    [Range(1, 300)]
    public int RekorTimeoutSeconds { get; set; } = 60;
}