import { describe, it } from 'node:test';
import assert from 'node:assert/strict';
import { resolve } from 'node:path';
import { fileURLToPath } from 'node:url';
import { resetCounter } from '../../scanners/lib/output.mjs';
import { scan } from '../../scanners/disabled-in-schema-scanner.mjs';
import { discoverConfigFiles } from '../../scanners/lib/file-discovery.mjs';

const __dirname = fileURLToPath(new URL('.', import.meta.url));
const FIXTURES = resolve(__dirname, '../fixtures');

async function runScanner(fixtureName) {
  resetCounter();
  const path = resolve(FIXTURES, fixtureName);
  const discovery = await discoverConfigFiles(path);
  return scan(path, discovery);
}

describe('DIS scanner — basic structure', () => {
  it('reports scanner prefix DIS', async () => {
    const result = await runScanner('denied-tools-in-schema');
    assert.equal(result.scanner, 'DIS');
  });

  it('finding IDs match CA-DIS-NNN pattern', async () => {
    const result = await runScanner('denied-tools-in-schema');
    for (const f of result.findings) {
      assert.match(f.id, /^CA-DIS-\d{3}$/);
    }
  });
});

describe('DIS scanner — Bash in both arrays → finding', () => {
  it('flags Bash overlap with low severity', async () => {
    const result = await runScanner('denied-tools-in-schema');
    const f = result.findings.find(x => /both permissions\.deny and permissions\.allow/i.test(x.title || ''));
    assert.ok(f, `expected DIS finding; got: ${result.findings.map(x => x.title).join(' | ')}`);
    assert.equal(f.severity, 'low', `expected low, got ${f.severity}`);
    assert.match(String(f.evidence || ''), /Bash/);
  });

  it('evidence references the allow + deny entries', async () => {
    const result = await runScanner('denied-tools-in-schema');
    const f = result.findings.find(x => /both permissions/i.test(x.title || ''));
    assert.ok(f);
    assert.match(String(f.evidence || ''), /allow=/);
    assert.match(String(f.evidence || ''), /deny=/);
  });
});

describe('DIS scanner — clean settings → no finding', () => {
  it('healthy-project has no DIS findings', async () => {
    const result = await runScanner('healthy-project');
    const f = result.findings.find(x => /both permissions/i.test(x.title || ''));
    assert.equal(f, undefined,
      `expected no DIS finding for healthy-project; got: ${f?.title}`);
  });
});

describe('DIS scanner — orchestrator wiring', () => {
  it('DIS appears in scan-orchestrator scanner list', async () => {
    const orch = await import('../../scanners/scan-orchestrator.mjs');
    const path = resolve(FIXTURES, 'denied-tools-in-schema');
    const env = await orch.runAllScanners(path, { filterFixtures: false });
    const dis = env.scanners.find(r => r.scanner === 'DIS');
    assert.ok(dis, `expected DIS in orchestrator results; got: ${env.scanners.map(r => r.scanner).join(', ')}`);
  });
});