package trust

import (
	"os"
	"testing"
)

func TestStoreGrantPersists(t *testing.T) {
	dir := t.TempDir()
	t.Setenv("XDG_DATA_HOME", dir)

	s1, err := Open("projkey")
	if err != nil {
		t.Fatalf("open: %v", err)
	}
	if s1.IsTrusted("vitest") {
		t.Fatalf("fresh store should not trust anything")
	}
	if err := s1.Grant("vitest"); err != nil {
		t.Fatalf("grant: %v", err)
	}
	if !s1.IsTrusted("vitest") {
		t.Fatalf("grant didn't take effect")
	}

	// Re-open and confirm persistence.
	s2, err := Open("projkey")
	if err != nil {
		t.Fatalf("reopen: %v", err)
	}
	if !s2.IsTrusted("vitest") {
		t.Fatalf("grant did not persist across reopen")
	}
	if s2.IsTrusted("bun-dev") {
		t.Fatalf("unrelated preset should not be trusted")
	}

	// Verify the file exists at the expected path.
	if _, err := os.Stat(s2.Path()); err != nil {
		t.Fatalf("stat trust.json: %v", err)
	}
}

func TestStoreRevokeWithoutGrantIsNoop(t *testing.T) {
	dir := t.TempDir()
	t.Setenv("XDG_DATA_HOME", dir)

	s, err := Open("projkey")
	if err != nil {
		t.Fatalf("open: %v", err)
	}
	if err := s.Revoke("never-granted"); err != nil {
		t.Fatalf("revoke noop should succeed: %v", err)
	}
}

func TestStoreOpenRequiresProjectKey(t *testing.T) {
	if _, err := Open(""); err == nil {
		t.Fatalf("open with empty project key should fail")
	}
}