import { describe, it, expect, beforeEach, afterEach } from 'vitest';
import * as fs from 'node:fs';
import * as path from 'node:path';
import * as os from 'node:os';
import { checkReports } from './enforce-policy.js';

describe('enforce-policy', () => {
    let tempDir: string;

    beforeEach(() => {
        tempDir = fs.mkdtempSync(path.join(os.tmpdir(), 'reports-'));
    });

    afterEach(() => {
        fs.rmSync(tempDir, { recursive: true, force: true });
    });

    it('should find vulnerabilities above threshold in SARIF', () => {
        const sarifData = {
            runs: [{
                results: [
                    { properties: { 'security-severity': '8.5' } },
                    { properties: { 'security-severity': '5.0' } }
                ]
            }]
        };
        fs.writeFileSync(path.join(tempDir, 'test.sarif'), JSON.stringify(sarifData));

        const findings = checkReports(tempDir, 7.0);
        expect(findings).toHaveLength(1);
        expect(findings[0].name).toBe('test.sarif');
        expect(findings[0].score).toBe(8.5);
    });

    it('should find vulnerabilities above threshold in JSON', () => {
        const jsonData = {
            findings: [
                { cvss: 9.0 },
                { score: 6.5 }
            ]
        };
        fs.writeFileSync(path.join(tempDir, 'test.json'), JSON.stringify(jsonData));

        const findings = checkReports(tempDir, 7.0);
        expect(findings).toHaveLength(1);
        expect(findings[0].name).toBe('test.json');
        expect(findings[0].score).toBe(9.0);
    });

    it('should set process.exitCode = 1 for invalid JSON', () => {
        fs.writeFileSync(path.join(tempDir, 'invalid.json'), '{ "bad": json');

        const findings = checkReports(tempDir, 7.0);
        expect(findings).toHaveLength(0);
        expect(process.exitCode).toBe(1);
        process.exitCode = 0; // reset for other tests
    });
});