// Package domain contains core business entities.
package domain

import "time"

// Credential represents a stored secret/credential for infrastructure adapters.
// Credentials are encrypted at rest and accessed by key name.
type Credential struct {
	// Key is the unique identifier (e.g., "GITEA_TOKEN", "CLOUDFLARE_API_TOKEN")
	Key string

	// Value is the credential value (stored encrypted in database)
	Value string

	// Description explains what this credential is for
	Description string

	// Category groups related credentials (e.g., "gitea", "cloudflare", "woodpecker")
	Category string

	// CreatedAt is when the credential was first stored
	CreatedAt time.Time

	// UpdatedAt is when the credential was last modified
	UpdatedAt time.Time

	// UpdatedBy tracks who last modified the credential
	UpdatedBy string
}

// CredentialCategories for grouping.
const (
	CredentialCategoryGitea      = "gitea"
	CredentialCategoryCloudflare = "cloudflare"
	CredentialCategoryWoodpecker = "woodpecker"
	CredentialCategoryDatabase   = "database"
	CredentialCategoryRegistry   = "registry"
	CredentialCategoryWorker     = "worker"
	CredentialCategoryStorage    = "storage"
	CredentialCategoryAI         = "ai"
	CredentialCategoryNotify     = "notify"
	CredentialCategoryCache      = "cache"
)

// Known credential keys.
const (
	// Gitea
	CredKeyGiteaToken = "GITEA_TOKEN"
	CredKeyGiteaURL   = "GITEA_URL"

	// Cloudflare
	CredKeyCloudflareAPIToken = "CLOUDFLARE_API_TOKEN"
	CredKeyCloudflareZoneID   = "CLOUDFLARE_ZONE_ID"

	// Woodpecker
	CredKeyWoodpeckerURL           = "WOODPECKER_URL"
	CredKeyWoodpeckerAPIToken      = "WOODPECKER_API_TOKEN"
	CredKeyWoodpeckerWebhookSecret = "WOODPECKER_WEBHOOK_SECRET"

	// Registry
	CredKeyRegistryURL = "REGISTRY_URL"

	// GCS
	CredKeyGCSBucket             = "GCS_BUCKET"
	CredKeyGCSServiceAccountJSON = "GCS_SERVICE_ACCOUNT_JSON"

	// AI Providers
	CredKeyLaozhangAPIKey = "LAOZHANG_API_KEY"
	CredKeyGeminiAPIKey   = "GEMINI_API_KEY"

	// Notify service (email delivery)
	CredKeyNotifyURL            = "NOTIFY_URL"
	CredKeyNotifyAdminKey       = "NOTIFY_ADMIN_KEY"
	CredKeyNotifyAPIKey         = "NOTIFY_API_KEY"
	CredKeyNotifyHost           = "NOTIFY_HOST"
	CredKeyNotifyFrom           = "NOTIFY_FROM"
	CredKeyNotifyResendDomainID = "NOTIFY_RESEND_DOMAIN_ID"

	// Resend (email provider for per-project domain provisioning)
	CredKeyResendAPIKey = "RESEND_API_KEY"

	// Project-scoped auth secret (unique per project, auto-generated on first code component)
	CredKeyJWTSecret = "JWT_SECRET"
)