// Package governance provides a gRPC client for the Guildhouse GovernanceService
// and CeremonyService, used by SPIRE plugins to participate in governed mutations.
package governance

import (
	"context"
	"fmt"
)

// Config holds governance client configuration.
type Config struct {
	// GovernanceAddr is the gRPC address of the GovernanceService.
	GovernanceAddr string

	// CeremonyAddr is the gRPC address of the CeremonyService.
	CeremonyAddr string

	// NotaryAddr is the gRPC address of the NotaryService.
	NotaryAddr string
}

// IntentResult holds the result of a CreateIntent call.
type IntentResult struct {
	IntentID   string
	CeremonyID string // non-empty if ceremony required
	Denied     bool
	Error      string
}

// RedeemResult holds the result of a RedeemIntent call.
type RedeemResult struct {
	Success bool
	SatHash []byte
	Status  string
	Error   string
}

// Client wraps gRPC clients for GovernanceService, CeremonyService, and NotaryService.
type Client struct {
	config Config
}

// NewClient creates a governance client.
func NewClient(cfg Config) (*Client, error) {
	if cfg.GovernanceAddr == "" {
		return nil, fmt.Errorf("governance: governance address is required")
	}
	// TODO: implement — establish gRPC connections with mTLS
	return &Client{config: cfg}, nil
}

// CreateIntent creates a MutationIntent for a credential operation.
func (c *Client) CreateIntent(ctx context.Context, registryType, verb, artifactScope, tenantID string) (*IntentResult, error) {
	// TODO: implement — call GovernanceService.CreateIntent
	return nil, fmt.Errorf("governance: CreateIntent not yet implemented")
}

// RedeemIntent redeems a MutationIntent to obtain a SAT.
func (c *Client) RedeemIntent(ctx context.Context, intentID string) (*RedeemResult, error) {
	// TODO: implement — call GovernanceService.RedeemIntent
	return nil, fmt.Errorf("governance: RedeemIntent not yet implemented")
}

// CreateCeremony creates a governance ceremony.
func (c *Client) CreateCeremony(ctx context.Context, ceremonyType, intentID string, requiredApprovals uint32) (string, error) {
	// TODO: implement — call CeremonyService.CreateCeremony
	return "", fmt.Errorf("governance: CreateCeremony not yet implemented")
}

// SubmitMerkleLeaf submits a credential event as a merkle leaf to the NotaryService.
func (c *Client) SubmitMerkleLeaf(ctx context.Context, clusterID string, leaf []byte) (string, error) {
	// TODO: implement — call NotaryService.CreateAnchor
	return "", fmt.Errorf("governance: SubmitMerkleLeaf not yet implemented")
}