"""AgentRegistrar protocol — abstract interface for agent identity registration.

Implementations:
  KeycloakRegistrar  — Keycloak Admin REST API (§4.1)
  EntraRegistrar     — Microsoft Entra Agent ID platform (§4.2)
  StubRegistrar      — dev mode without a real IdP
"""

from dataclasses import dataclass
from typing import Protocol, runtime_checkable


@dataclass
class AgentCredentials:
    """Credentials returned after registering an agent identity."""
    client_id: str
    client_secret: str
    agent_display_name: str
    idp_backend: str  # "keycloak" | "entra" | "stub"


@runtime_checkable
class AgentRegistrar(Protocol):
    async def register_agent(
        self,
        delegation_id: str,
        agent_type: str,
        delegator_id: str,
        display_name: str,
        expires_at: str,
        metadata: dict | None = None,
    ) -> AgentCredentials: ...

    async def delete_agent(self, client_id: str) -> bool: ...

    async def get_agent_token(self, client_id: str) -> str | None: ...