import { describe, expect, it } from "vitest";
import { PermissionKey, SystemRole } from "@capakraken/shared";

import {
  executeTool,
  getAvailableAssistantToolsForContext,
} from "../router/assistant-tools.js";

function createToolContext(
  userRole: SystemRole,
  permissions: PermissionKey[] = [],
) {
  return {
    db: {} as never,
    userId: "user_1",
    userRole,
    permissions: new Set(permissions),
    session: {
      user: { email: "user@example.com", name: "User", image: null },
      expires: "2099-01-01T00:00:00.000Z",
    },
    dbUser: {
      id: "user_1",
      systemRole: userRole,
      permissionOverrides: null,
    },
    roleDefaults: null,
  };
}

describe("assistant tool registry access", () => {
  it("derives admin-only settings tools directly from tool metadata", () => {
    const adminNames = getAvailableAssistantToolsForContext(new Set(), SystemRole.ADMIN)
      .map((tool) => tool.function.name);
    const managerNames = getAvailableAssistantToolsForContext(new Set(), SystemRole.MANAGER)
      .map((tool) => tool.function.name);

    expect(adminNames).toContain("get_ai_configured");
    expect(adminNames).toContain("list_system_role_configs");
    expect(managerNames).not.toContain("get_ai_configured");
    expect(managerNames).not.toContain("list_system_role_configs");
  });

  it("keeps cost-sensitive registry tools hidden until viewCosts is granted", () => {
    const managerWithoutCosts = getAvailableAssistantToolsForContext(
      new Set(),
      SystemRole.MANAGER,
    ).map((tool) => tool.function.name);
    const managerWithCosts = getAvailableAssistantToolsForContext(
      new Set([PermissionKey.VIEW_COSTS]),
      SystemRole.MANAGER,
    ).map((tool) => tool.function.name);

    expect(managerWithoutCosts).not.toContain("get_budget_forecast");
    expect(managerWithoutCosts).not.toContain("lookup_rate");
    expect(managerWithCosts).toContain("get_budget_forecast");
    expect(managerWithCosts).toContain("lookup_rate");
  });

  it("enforces metadata-derived permission checks before executing cost tools", async () => {
    const result = await executeTool(
      "lookup_rate",
      JSON.stringify({ chapter: "Animation" }),
      createToolContext(SystemRole.MANAGER),
    );

    expect(JSON.parse(result.content)).toEqual({
      error: `Permission denied: you need the "${PermissionKey.VIEW_COSTS}" permission to perform this action.`,
    });
  });
});