import { describe, it, expect, beforeAll } from 'vitest';
import request from 'supertest';
import { setup } from './helpers.js';
import * as agentsRepo from '../../lib/db/repos/agents.js';

let app, ownerHeaders;
const owner = { kind: 'user', id: null };

beforeAll(async () => { ({ app, ownerHeaders } = await setup()); });

describe('agent_or_owner bearer auth', () => {
  it('missing header → 401', async () => {
    const res = await request(app).get('/api/spaces');
    expect(res.status).toBe(401);
  });

  it('wrong token → 401', async () => {
    const res = await request(app).get('/api/spaces').set('Authorization', 'Bearer wrong');
    expect(res.status).toBe(401);
  });

  it('owner token → 200', async () => {
    const res = await request(app).get('/api/spaces').set(ownerHeaders);
    expect(res.status).toBe(200);
  });

  it('valid agent token → 200 and req.actor.kind=agent', async () => {
    const agent = await agentsRepo.create({
      slug: `a-${Date.now()}`,
      name: 'Test',
      kind: 'claude',
      model: 'sonnet',
      capabilities: { read: 'allow', write: 'suggest' },
      scopes: {}
    }, owner);
    const { token } = await agentsRepo.createToken(agent.id, 'test');
    const res = await request(app).get('/api/spaces').set('Authorization', `Bearer ${token}`);
    expect(res.status).toBe(200);
  });

  it('revoked agent token → 401', async () => {
    const agent = await agentsRepo.create({
      slug: `b-${Date.now()}`,
      name: 'Revoked',
      kind: 'claude',
      model: 'sonnet',
      capabilities: {},
      scopes: {}
    }, owner);
    const { token, id: tokenId } = await agentsRepo.createToken(agent.id, 'rev');
    await agentsRepo.revokeToken(tokenId);
    const res = await request(app).get('/api/spaces').set('Authorization', `Bearer ${token}`);
    expect(res.status).toBe(401);
  });
});