from core_shared import JSONValue
from core_shared.secrets import EncryptedSecret, SecretCipher

from app.db.models import ToolBinding, ToolCredential, ToolDefinition, ToolVersion
from app.domain.repositories import (
    ToolBindingRepository,
    ToolCredentialRepository,
    ToolDefinitionRepository,
    ToolVersionRepository,
)
from app.schemas.tool import (
    ToolBindingCreateRequest,
    ToolCredentialCreateRequest,
    ToolCreateRequest,
    ToolVersionCreateRequest,
)


class ToolApplicationService:
    def __init__(
        self,
        tool_definition_repository: ToolDefinitionRepository,
        tool_version_repository: ToolVersionRepository,
        tool_binding_repository: ToolBindingRepository,
        tool_credential_repository: ToolCredentialRepository,
        secret_cipher: SecretCipher,
    ) -> None:
        self.tool_definition_repository = tool_definition_repository
        self.tool_version_repository = tool_version_repository
        self.tool_binding_repository = tool_binding_repository
        self.tool_credential_repository = tool_credential_repository
        self.secret_cipher = secret_cipher

    def create_tool_definition(self, payload: ToolCreateRequest) -> ToolDefinition:
        return self.tool_definition_repository.create(
            tenant_id=payload.tenant_id,
            plugin_id=payload.plugin_id,
            code=payload.code,
            name=payload.name,
            tool_type=payload.tool_type,
            description=payload.description,
        )

    def list_tool_definitions(self, tenant_id: str) -> list[ToolDefinition]:
        return self.tool_definition_repository.list_by_tenant(tenant_id)

    def create_tool_version(self, payload: ToolVersionCreateRequest) -> ToolVersion:
        return self.tool_version_repository.create(
            tenant_id=payload.tenant_id,
            tool_id=payload.tool_id,
            input_schema_json=payload.input_schema_json,
            output_schema_json=payload.output_schema_json,
            invoke_config_json=payload.invoke_config_json,
            timeout_ms=payload.timeout_ms,
            retry_policy_json=payload.retry_policy_json,
        )

    def list_tool_versions(self, tenant_id: str, tool_id: str) -> list[ToolVersion]:
        return self.tool_version_repository.list_by_tool(tenant_id=tenant_id, tool_id=tool_id)

    def create_tool_binding(self, payload: ToolBindingCreateRequest) -> ToolBinding:
        if payload.credential_id is not None:
            credential = self.tool_credential_repository.get_by_id(
                tenant_id=payload.tenant_id,
                credential_id=payload.credential_id,
            )
            if credential is None:
                raise ValueError(f"tool credential not found: {payload.credential_id}")
        return self.tool_binding_repository.create(
            tenant_id=payload.tenant_id,
            app_id=payload.app_id,
            tool_version_id=payload.tool_version_id,
            credential_id=payload.credential_id,
            binding_scope=payload.binding_scope,
            enabled=payload.enabled,
            config_json=payload.config_json,
        )

    def list_tool_bindings(self, tenant_id: str, app_id: str | None = None) -> list[ToolBinding]:
        return self.tool_binding_repository.list_by_scope(tenant_id=tenant_id, app_id=app_id)

    def create_tool_credential(self, payload: ToolCredentialCreateRequest) -> ToolCredential:
        encrypted = self.secret_cipher.encrypt_json(payload.secret_json)
        return self.tool_credential_repository.create(
            tenant_id=payload.tenant_id,
            name=payload.name,
            credential_type=payload.credential_type,
            encrypted_payload_text=encrypted.ciphertext,
            secret_fingerprint=encrypted.fingerprint,
            encryption_algorithm=encrypted.algorithm,
            metadata_json=payload.metadata_json,
        )

    def list_tool_credentials(self, tenant_id: str) -> list[ToolCredential]:
        return self.tool_credential_repository.list_by_tenant(tenant_id=tenant_id)

    def reveal_tool_credential(
        self,
        *,
        tenant_id: str,
        credential_id: str,
    ) -> tuple[ToolCredential, dict[str, JSONValue]] | None:
        credential = self.tool_credential_repository.get_by_id(
            tenant_id=tenant_id,
            credential_id=credential_id,
        )
        if credential is None:
            return None
        secret_json = self.secret_cipher.decrypt_json(
            EncryptedSecret(
                ciphertext=credential.encrypted_payload_text,
                fingerprint=credential.secret_fingerprint,
                algorithm=credential.encryption_algorithm,
            )
        )
        return credential, secret_json

    def get_tool_binding_detail(
        self,
        *,
        tenant_id: str,
        binding_id: str,
    ) -> tuple[ToolBinding, ToolVersion, ToolDefinition] | None:
        binding = self.tool_binding_repository.get_by_id(tenant_id=tenant_id, binding_id=binding_id)
        if binding is None:
            return None

        tool_version = self.tool_version_repository.get_by_id(
            tenant_id=tenant_id,
            tool_version_id=binding.tool_version_id,
        )
        if tool_version is None:
            return None

        tool_definition = self.tool_definition_repository.get_by_id(
            tenant_id=tenant_id,
            tool_id=tool_version.tool_id,
        )
        if tool_definition is None:
            return None

        return binding, tool_version, tool_definition