namespace StellaOps.EvidenceLocker.Storage;

/// <summary>
/// Repository for storing and retrieving verdict attestations.
/// </summary>
public interface IVerdictRepository
{
    /// <summary>
    /// Stores a verdict attestation.
    /// </summary>
    Task<string> StoreVerdictAsync(
        VerdictAttestationRecord record,
        CancellationToken cancellationToken = default);

    /// <summary>
    /// Retrieves a verdict attestation by ID.
    /// </summary>
    Task<VerdictAttestationRecord?> GetVerdictAsync(
        string verdictId,
        CancellationToken cancellationToken = default);

    /// <summary>
    /// Lists verdict attestations for a policy run.
    /// </summary>
    Task<IReadOnlyList<VerdictAttestationSummary>> ListVerdictsForRunAsync(
        string runId,
        VerdictListOptions options,
        CancellationToken cancellationToken = default);

    /// <summary>
    /// Lists verdict attestations for a tenant with filters.
    /// </summary>
    Task<IReadOnlyList<VerdictAttestationSummary>> ListVerdictsAsync(
        string tenantId,
        VerdictListOptions options,
        CancellationToken cancellationToken = default);

    /// <summary>
    /// Counts verdict attestations for a policy run.
    /// </summary>
    Task<int> CountVerdictsForRunAsync(
        string runId,
        VerdictListOptions options,
        CancellationToken cancellationToken = default);
}

/// <summary>
/// Complete verdict attestation record (includes DSSE envelope).
/// </summary>
public sealed record VerdictAttestationRecord
{
    public required string VerdictId { get; init; }
    public required string TenantId { get; init; }
    public required string RunId { get; init; }
    public required string PolicyId { get; init; }
    public required int PolicyVersion { get; init; }
    public required string FindingId { get; init; }
    public required string VerdictStatus { get; init; }
    public required string VerdictSeverity { get; init; }
    public required decimal VerdictScore { get; init; }
    public required DateTimeOffset EvaluatedAt { get; init; }
    public required string Envelope { get; init; } // JSONB as string
    public required string PredicateDigest { get; init; }
    public string? DeterminismHash { get; init; }
    public long? RekorLogIndex { get; init; }
    public required DateTimeOffset CreatedAt { get; init; }
}

/// <summary>
/// Summary of a verdict attestation (without full envelope).
/// </summary>
public sealed record VerdictAttestationSummary
{
    public required string VerdictId { get; init; }
    public required string TenantId { get; init; }
    public required string RunId { get; init; }
    public required string PolicyId { get; init; }
    public required int PolicyVersion { get; init; }
    public required string FindingId { get; init; }
    public required string VerdictStatus { get; init; }
    public required string VerdictSeverity { get; init; }
    public required decimal VerdictScore { get; init; }
    public required DateTimeOffset EvaluatedAt { get; init; }
    public required string PredicateDigest { get; init; }
    public string? DeterminismHash { get; init; }
    public long? RekorLogIndex { get; init; }
    public DateTimeOffset CreatedAt { get; init; }
}

/// <summary>
/// Options for filtering verdict lists.
/// </summary>
public sealed class VerdictListOptions
{
    public string? Status { get; set; }
    public string? Severity { get; set; }
    public int Limit { get; set; } = 50;
    public int Offset { get; set; } = 0;
}