package cockpit

import (
	"strings"
	"testing"
)

func TestSelfConsistency_CleanCursor(t *testing.T) {
	pb := loadHandover(t)
	res, err := CheckSelfConsistency(pb, "cursor")
	if err != nil {
		t.Fatal(err)
	}
	if !res.OK {
		t.Errorf("clean cursor render should pass self-consistency: %v", res.Notes)
	}
}

func TestSelfConsistency_CleanAggregate(t *testing.T) {
	res, err := CheckSelfConsistencyAll(twoPlaybooks(t), "agents")
	if err != nil {
		t.Fatal(err)
	}
	if !res.OK {
		t.Errorf("clean aggregate render should pass: %v", res.Notes)
	}
}

// TestSelfConsistency_FailsOnStrippedForbidden: removing the Forbidden block
// lines (the `git <verb>` bullets) makes a denylisted verb disappear, which
// self-consistency must catch.
func TestSelfConsistency_FailsOnStrippedForbidden(t *testing.T) {
	pb := loadHandover(t)
	out, err := cursorRenderer{}.Render(pb)
	if err != nil {
		t.Fatal(err)
	}
	var kept []string
	for _, line := range strings.Split(string(out), "\n") {
		if strings.Contains(line, "`git ") { // drop the Forbidden-block verb bullets
			continue
		}
		kept = append(kept, line)
	}
	tampered := []byte(strings.Join(kept, "\n"))
	res := checkSelfConsistencyBytes(tampered, []Playbook{pb})
	if res.OK {
		t.Error("self-consistency passed bytes with the Forbidden block stripped")
	}
}

// TestSelfConsistency_FailsOnLeakedWriteVerb: injecting a write-git verb into
// an Allowed block must fail the defense-in-depth scan.
func TestSelfConsistency_FailsOnLeakedWriteVerb(t *testing.T) {
	pb := loadHandover(t)
	out, err := cursorRenderer{}.Render(pb)
	if err != nil {
		t.Fatal(err)
	}
	marker := "## " + headingAllowed + "\n"
	idx := strings.Index(string(out), marker)
	if idx < 0 {
		t.Fatal("Allowed heading not found")
	}
	injected := string(out[:idx+len(marker)]) + "- Bash(git commit:*)\n" + string(out[idx+len(marker):])
	res := checkSelfConsistencyBytes([]byte(injected), []Playbook{pb})
	if res.OK {
		t.Error("self-consistency passed a leaked write-git verb in the Allowed block")
	}
}