// Package domain contains core business entities.
package domain

import "time"

// Credential represents a stored secret/credential for infrastructure adapters.
// Credentials are encrypted at rest and accessed by key name.
type Credential struct {
	// Key is the unique identifier (e.g., "GITEA_TOKEN", "CLOUDFLARE_API_TOKEN")
	Key string

	// Value is the credential value (stored encrypted in database)
	Value string

	// Description explains what this credential is for
	Description string

	// Category groups related credentials (e.g., "gitea", "cloudflare", "woodpecker")
	Category string

	// CreatedAt is when the credential was first stored
	CreatedAt time.Time

	// UpdatedAt is when the credential was last modified
	UpdatedAt time.Time

	// UpdatedBy tracks who last modified the credential
	UpdatedBy string
}

// CredentialCategories for grouping.
const (
	CredentialCategoryGitea      = "gitea"
	CredentialCategoryCloudflare = "cloudflare"
	CredentialCategoryWoodpecker = "woodpecker"
	CredentialCategoryDatabase   = "database"
	CredentialCategoryRegistry   = "registry"
	CredentialCategoryWorker     = "worker"
	CredentialCategoryStorage    = "storage"
)

// Known credential keys.
const (
	// Gitea
	CredKeyGiteaToken = "GITEA_TOKEN"
	CredKeyGiteaURL   = "GITEA_URL"

	// Cloudflare
	CredKeyCloudflareAPIToken = "CLOUDFLARE_API_TOKEN"
	CredKeyCloudflareZoneID   = "CLOUDFLARE_ZONE_ID"

	// Woodpecker
	CredKeyWoodpeckerURL           = "WOODPECKER_URL"
	CredKeyWoodpeckerAPIToken      = "WOODPECKER_API_TOKEN"
	CredKeyWoodpeckerWebhookSecret = "WOODPECKER_WEBHOOK_SECRET"

	// Registry
	CredKeyRegistryURL = "REGISTRY_URL"

	// GCS
	CredKeyGCSBucket             = "GCS_BUCKET"
	CredKeyGCSServiceAccountJSON = "GCS_SERVICE_ACCOUNT_JSON"
)