"""Vault credential-verify: spec parsing + dispatch (no live network)."""

from __future__ import annotations

from pathlib import Path

from claire import vault_verify as vv


def test_parse_spec_variants():
    assert vv.parse_spec("verify: imap://10.9.0.1:993\n") == ("imap", "10.9.0.1", 993, "/")
    assert vv.parse_spec("verify: smtps://10.9.0.1:465")[0] == "smtps"
    s = vv.parse_spec("verify: https://10.0.0.11/api/health")
    assert s == ("https", "10.0.0.11", None, "/api/health")


def test_parse_spec_none_when_absent_or_garbage():
    assert vv.parse_spec("account: a\npassword: b\n") is None
    assert vv.parse_spec("verify: not-a-url") is None


def test_verify_file_no_spec(tmp_path: Path):
    (tmp_path / "x.txt").write_text("account: a\npassword: b\n")
    r = vv.verify_file("x.txt", vault_dir=tmp_path)
    assert r.status == "no-spec"


def test_verify_file_unsupported_scheme(tmp_path: Path):
    (tmp_path / "x.txt").write_text("account: a\npassword: b\nverify: postgres://10.0.0.11:5432\n")
    r = vv.verify_file("x.txt", vault_dir=tmp_path)
    assert r.status == "unsupported"
    assert "postgres" in r.detail


def test_verify_all_skips_specless(tmp_path: Path):
    (tmp_path / "a.txt").write_text("password: x\n")             # no verify
    (tmp_path / "b.txt").write_text("verify: imap://h:993\naccount: u\npassword: p\n")
    (tmp_path / "c.prev.txt").write_text("verify: imap://h:993\n")  # prev excluded
    names = {r.file for r in vv.verify_all(vault_dir=tmp_path)}
    assert names == {"b.txt"}  # only the spec'd, non-prev file