//! Integration tests for SessionManager (stateful API) in the vault crate

#[cfg(not(target_arch = "wasm32"))]
use vault::{Vault, KeyType, KeyMetadata, SessionManager};
#[cfg(not(target_arch = "wasm32"))]
use kvstore::NativeStore;

#[cfg(not(target_arch = "wasm32"))]
#[tokio::test]
async fn session_manager_end_to_end() {
    use tempfile::TempDir;
    let tmp_dir = TempDir::new().expect("create temp dir");
    let store = NativeStore::open(tmp_dir.path().to_str().unwrap()).expect("open NativeStore");
    let mut vault = Vault::new(store);
    let keyspace = "personal";
    let password = b"testpass";

    // Create session manager
    let mut session = SessionManager::new(vault);
    // Create and unlock keyspace in one step
    session.create_keyspace(keyspace, password, None).await.expect("create_keyspace via session");
    // Add keypair using session API
    let key_id = session.add_keypair(Some(KeyType::Secp256k1), Some(KeyMetadata { name: Some("main".to_string()), created_at: None, tags: None })).await.expect("add_keypair via session");
    session.select_keypair(&key_id).expect("select_keypair");

    // Test add_keypair with metadata via SessionManager
    let meta = KeyMetadata { name: Some("user1-key".to_string()), created_at: None, tags: Some(vec!["tag1".to_string()]) };
    let key_id2 = session.add_keypair(Some(KeyType::Ed25519), Some(meta.clone())).await.expect("add_keypair via session");
    // List keypairs and check metadata
    let keypairs = session.list_keypairs().expect("list_keypairs");
    assert!(keypairs.iter().any(|k| k.id == key_id2 && k.metadata.as_ref().unwrap().name.as_deref() == Some("user1-key")), "metadata name should be present");

    // Sign and verify
    let msg = b"hello world";
    let sig = session.sign(msg).await.expect("sign");
    let _keypair = session.current_keypair().expect("current_keypair");
    // Use stateless API for verify: get password from test context, not from private fields
    let password = b"testpass";
    let verified = session
        .get_vault()
        .verify(keyspace, password, &key_id, msg, &sig)
        .await
        .expect("verify");
    assert!(verified, "signature should verify");

    // Logout wipes secrets
    session.logout();
    assert!(session.current_keyspace().is_none());
    assert!(session.current_keypair().is_none());
    // No public API for unlocked_keyspaces, but behavior is covered by above asserts
}

#[cfg(not(target_arch = "wasm32"))]
#[tokio::test]
async fn session_manager_errors() {
    use tempfile::TempDir;
    let tmp_dir = TempDir::new().expect("create temp dir");
    let store = NativeStore::open(tmp_dir.path().to_str().unwrap()).expect("open NativeStore");
    let vault = Vault::new(store);
    let mut session = SessionManager::new(vault);
    // No keyspace unlocked
    // select_keyspace removed; test unlocking a non-existent keyspace or selecting a keypair from an empty keyspace instead.
assert!(session.select_keypair("none").is_err());
    assert!(session.select_keypair("none").is_err());
    assert!(session.sign(b"fail").await.is_err());
}