namespace StellaOps.AdvisoryAI.Attestation;

/// <summary>
/// Result of verifying an attestation.
/// </summary>
public sealed record AiAttestationVerificationResult
{
    /// <summary>Whether verification succeeded.</summary>
    public required bool Valid { get; init; }

    /// <summary>Verification timestamp.</summary>
    public required DateTimeOffset VerifiedAt { get; init; }

    /// <summary>Signing key ID if signed.</summary>
    public string? SigningKeyId { get; init; }

    /// <summary>Key expiration if applicable.</summary>
    public DateTimeOffset? KeyExpiresAt { get; init; }

    /// <summary>Digest verification result.</summary>
    public bool DigestValid { get; init; }

    /// <summary>Signature verification result.</summary>
    public bool? SignatureValid { get; init; }

    /// <summary>Verification failure reason if invalid.</summary>
    public string? FailureReason { get; init; }

    /// <summary>
    /// Creates a successful verification result.
    /// </summary>
    public static AiAttestationVerificationResult Success(
        DateTimeOffset verifiedAt,
        string? signingKeyId = null,
        DateTimeOffset? keyExpiresAt = null) => new()
    {
        Valid = true,
        VerifiedAt = verifiedAt,
        SigningKeyId = signingKeyId,
        KeyExpiresAt = keyExpiresAt,
        DigestValid = true,
        SignatureValid = signingKeyId != null ? true : null
    };

    /// <summary>
    /// Creates a failed verification result.
    /// </summary>
    public static AiAttestationVerificationResult Failure(
        DateTimeOffset verifiedAt,
        string reason,
        bool digestValid = false,
        bool? signatureValid = null) => new()
    {
        Valid = false,
        VerifiedAt = verifiedAt,
        DigestValid = digestValid,
        SignatureValid = signatureValid,
        FailureReason = reason
    };
}