namespace StellaOps.AirGap.Controller.Options;

public sealed class AirGapStartupOptions
{
    /// <summary>
    /// Tenant to validate at startup. Defaults to single-tenant controller deployment.
    /// </summary>
    public string TenantId { get; set; } = "default";

    /// <summary>
    /// Optional egress allowlist. When null, startup diagnostics consider it missing.
    /// </summary>
    public string[]? EgressAllowlist { get; set; }
        = null;

    /// <summary>
    /// Trust material required to prove bundles and egress policy inputs are present.
    /// </summary>
    public TrustMaterialOptions Trust { get; set; } = new();

    /// <summary>
    /// Pending root rotation metadata; validated when pending keys exist.
    /// </summary>
    public RotationOptions Rotation { get; set; } = new();
}

public sealed class TrustMaterialOptions
{
    public string RootJsonPath { get; set; } = string.Empty;
    public string SnapshotJsonPath { get; set; } = string.Empty;
    public string TimestampJsonPath { get; set; } = string.Empty;

    public bool IsConfigured =>
        !string.IsNullOrWhiteSpace(RootJsonPath)
        && !string.IsNullOrWhiteSpace(SnapshotJsonPath)
        && !string.IsNullOrWhiteSpace(TimestampJsonPath);
}

public sealed class RotationOptions
{
    public Dictionary<string, string> ActiveKeys { get; set; } = new(StringComparer.Ordinal);
    public Dictionary<string, string> PendingKeys { get; set; } = new(StringComparer.Ordinal);
    public List<string> ApproverIds { get; set; } = new();
}