package sshutilquality

import (
	"bytes"
	"context"
	"errors"
	"log"
	"os"
	"path/filepath"
	"strings"
	"testing"

	"scm.bstein.dev/bstein/ananke/internal/sshutil"
)

// TestSSHHeuristicAdditionalBranches runs one orchestration or CLI step.
// Signature: TestSSHHeuristicAdditionalBranches(t *testing.T).
// Why: expands host-key heuristic coverage for marker-in-error and nil-error paths.
func TestSSHHeuristicAdditionalBranches(t *testing.T) {
	if !sshutil.IsHostKeyError("", errors.New("REMOTE HOST IDENTIFICATION HAS CHANGED")) {
		t.Fatalf("expected marker in error text to be detected")
	}
	if sshutil.ShouldAttemptKnownHostsRepair("", nil) {
		t.Fatalf("expected nil error to skip repair")
	}
}

// TestRepairKnownHostsNoopAndNilLogger runs one orchestration or CLI step.
// Signature: TestRepairKnownHostsNoopAndNilLogger(t *testing.T).
// Why: validates no-op and dedupe handling with nil logger and mixed file inputs.
func TestRepairKnownHostsNoopAndNilLogger(t *testing.T) {
	dir := t.TempDir()
	scriptPath := filepath.Join(dir, "ssh-keygen")
	tracePath := filepath.Join(dir, "trace.log")
	script := "#!/usr/bin/env sh\necho $* >>" + tracePath + "\nexit 0\n"
	if err := os.WriteFile(scriptPath, []byte(script), 0o755); err != nil {
		t.Fatalf("write fake ssh-keygen: %v", err)
	}
	t.Setenv("PATH", dir+":"+os.Getenv("PATH"))

	// No hosts means immediate no-op.
	sshutil.RepairKnownHosts(context.Background(), nil, []string{"", "   "}, []string{"", "   "}, 22)

	knownHosts := filepath.Join(dir, "known_hosts")
	if err := os.WriteFile(knownHosts, []byte("seed"), 0o644); err != nil {
		t.Fatalf("write known_hosts: %v", err)
	}
	dirEntry := filepath.Join(dir, "is-dir")
	if err := os.MkdirAll(dirEntry, 0o755); err != nil {
		t.Fatalf("mkdir dir entry: %v", err)
	}

	var logs bytes.Buffer
	sshutil.RepairKnownHosts(
		context.Background(),
		log.New(&logs, "", 0),
		[]string{knownHosts, knownHosts, dirEntry},
		[]string{"titan-db", "titan-db", " "},
		22,
	)

	trace, err := os.ReadFile(tracePath)
	if err != nil {
		t.Fatalf("read trace: %v", err)
	}
	traceText := string(trace)
	if strings.Count(traceText, "titan-db") == 0 {
		t.Fatalf("expected ssh-keygen to be called for deduped host, trace=%q", traceText)
	}
}