"""Tests for muse.core.provenance — AgentIdentity, Ed25519 signing."""

import datetime

import pytest
from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat

from muse.core.types import decode_pubkey, decode_sig, encode_sig, split_id
from muse.core.provenance import (
    AgentIdentity,
    encode_public_key,
    make_agent_identity,
    provenance_payload,
    sign_commit_ed25519,
    sign_commit_record,
    verify_commit_ed25519,
)
from muse.core.commits import CommitRecord


def _gen_key() -> Ed25519PrivateKey:
    return Ed25519PrivateKey.generate()


def _pub_bytes(key: Ed25519PrivateKey) -> bytes:
    return key.public_key().public_bytes(Encoding.Raw, PublicFormat.Raw)


# ---------------------------------------------------------------------------
# AgentIdentity factory
# ---------------------------------------------------------------------------


class TestMakeAgentIdentity:
    def test_required_fields_present(self) -> None:
        identity = make_agent_identity(
            agent_id="test-agent",
            model_id="gpt-5",
            toolchain_id="muse-v2",
        )
        assert identity["agent_id"] == "test-agent"
        assert identity.get("model_id") == "gpt-5"
        assert identity.get("toolchain_id") == "muse-v2"

    def test_prompt_hash_is_hex(self) -> None:
        identity = make_agent_identity(
            agent_id="a",
            model_id="m",
            toolchain_id="t",
            prompt="system: you are a music agent",
        )
        prompt_hash = identity.get("prompt_hash", "")
        assert isinstance(prompt_hash, str)
        assert prompt_hash.startswith("sha256:") and len(prompt_hash) == 71
        assert all(c in "0123456789abcdef" for c in split_id(prompt_hash)[1])

    def test_no_prompt_gives_no_hash_key(self) -> None:
        identity = make_agent_identity(agent_id="a", model_id="m", toolchain_id="t")
        assert identity.get("prompt_hash", "") == ""

    def test_execution_context_hash_populated(self) -> None:
        identity = make_agent_identity(
            agent_id="a",
            model_id="m",
            toolchain_id="t",
            execution_context='{"env": "ci", "version": "1.2.3"}',
        )
        ec_hash = identity.get("execution_context_hash", "")
        assert isinstance(ec_hash, str)
        assert ec_hash.startswith("sha256:") and len(ec_hash) == 71


# ---------------------------------------------------------------------------
# Ed25519 signing / verification
# ---------------------------------------------------------------------------


class TestEd25519Signing:
    def test_sign_and_verify_succeed(self) -> None:
        key = _gen_key()
        payload = provenance_payload("abc123def456" * 4)
        sig = sign_commit_ed25519(payload, key)
        pub_bytes = _pub_bytes(key)
        assert verify_commit_ed25519(payload, sig, pub_bytes)

    def test_wrong_key_fails(self) -> None:
        key1 = _gen_key()
        key2 = _gen_key()
        payload = provenance_payload("abc123")
        sig = sign_commit_ed25519(payload, key1)
        assert not verify_commit_ed25519(payload, sig, _pub_bytes(key2))

    def test_wrong_payload_fails(self) -> None:
        key = _gen_key()
        sig = sign_commit_ed25519(provenance_payload("commit-a"), key)
        assert not verify_commit_ed25519(provenance_payload("commit-b"), sig, _pub_bytes(key))

    def test_tampered_signature_fails(self) -> None:
        key = _gen_key()
        payload = provenance_payload("abc")
        sig = sign_commit_ed25519(payload, key)
        # Flip a byte in the middle of the raw signature.
        _, raw = decode_sig(sig)
        sig_bytes = bytearray(raw)
        sig_bytes[32] ^= 0xFF
        tampered = encode_sig("ed25519", bytes(sig_bytes))
        assert not verify_commit_ed25519(payload, tampered, _pub_bytes(key))

    def test_signature_is_prefixed_base64url_string(self) -> None:
        key = _gen_key()
        sig = sign_commit_ed25519(provenance_payload("test-commit"), key)
        assert isinstance(sig, str)
        assert sig.startswith("ed25519:")
        # Ed25519 signature is 64 bytes → 86 base64url chars + 8-char prefix
        assert len(sig) == len("ed25519:") + 86

    def test_empty_signature_fails(self) -> None:
        key = _gen_key()
        assert not verify_commit_ed25519(provenance_payload("x"), "", _pub_bytes(key))

    def test_garbage_signature_fails(self) -> None:
        key = _gen_key()
        assert not verify_commit_ed25519(provenance_payload("x"), "!!not-base64!!", _pub_bytes(key))

    def test_truncated_signature_fails(self) -> None:
        key = _gen_key()
        payload = provenance_payload("commit-x")
        sig = sign_commit_ed25519(payload, key)
        assert not verify_commit_ed25519(payload, sig[:40], _pub_bytes(key))

    def test_different_keys_produce_different_sigs(self) -> None:
        key1 = _gen_key()
        key2 = _gen_key()
        payload = provenance_payload("same-commit")
        assert sign_commit_ed25519(payload, key1) != sign_commit_ed25519(payload, key2)


# ---------------------------------------------------------------------------
# Public key helpers
# ---------------------------------------------------------------------------


class TestPublicKeyHelpers:
    def test_fingerprint_is_prefixed_and_71_chars(self) -> None:
        from muse.core.types import public_key_fingerprint
        key = _gen_key()
        fp = public_key_fingerprint(_pub_bytes(key))
        assert fp.startswith("sha256:")
        assert len(fp) == 71

    def test_fingerprint_is_deterministic(self) -> None:
        from muse.core.types import public_key_fingerprint
        key = _gen_key()
        pub = _pub_bytes(key)
        assert public_key_fingerprint(pub) == public_key_fingerprint(pub)

    def test_different_keys_different_fingerprints(self) -> None:
        from muse.core.types import public_key_fingerprint
        k1, k2 = _gen_key(), _gen_key()
        assert public_key_fingerprint(_pub_bytes(k1)) != public_key_fingerprint(_pub_bytes(k2))

    def test_encode_public_key_returns_32_bytes_and_prefixed_b64(self) -> None:
        key = _gen_key()
        raw_bytes, b64 = encode_public_key(key)
        assert len(raw_bytes) == 32
        assert isinstance(b64, str)
        assert b64.startswith("ed25519:")
        # No padding in the base64 part
        assert "=" not in b64
        # Stripping prefix + decoding returns the raw bytes
        _, decoded = decode_pubkey(b64)
        assert decoded == raw_bytes


# ---------------------------------------------------------------------------
# sign_commit_record
# ---------------------------------------------------------------------------


class TestSignCommitRecord:
    def test_sign_commit_record_returns_three_tuple(self) -> None:
        key = _gen_key()
        commit_id = "deadbeef" * 8
        result = sign_commit_record(commit_id, "test-agent", key)
        assert result is not None
        sig, pub_b64, fprint = result
        assert sig != ""
        assert pub_b64 != ""
        assert fprint.startswith("sha256:") and len(fprint) == 71

    def test_sign_commit_record_verifiable(self) -> None:
        key = _gen_key()
        commit_id = "cafebabe" * 8
        agent_id = "verify-agent"
        result = sign_commit_record(commit_id, agent_id, key, model_id="claude-sonnet-4-6")
        assert result is not None
        sig, pub_b64, _ = result
        _, pub_bytes = decode_pubkey(pub_b64)
        payload = provenance_payload(commit_id, agent_id=agent_id, model_id="claude-sonnet-4-6")
        assert verify_commit_ed25519(payload, sig, pub_bytes)

    def test_sign_commit_record_public_key_matches_private(self) -> None:
        key = _gen_key()
        result = sign_commit_record("aabbccdd" * 8, "agent", key)
        assert result is not None
        _, pub_b64, _ = result
        raw, expected_b64 = encode_public_key(key)
        assert pub_b64 == expected_b64