//! Integration tests for SessionManager (stateful API) in the vault crate

#[cfg(not(target_arch = "wasm32"))]
use vault::{Vault, KeyType, KeyMetadata, SessionManager};
#[cfg(not(target_arch = "wasm32"))]
use kvstore::NativeStore;

#[cfg(not(target_arch = "wasm32"))]
#[tokio::test]
async fn session_manager_end_to_end() {
    use tempfile::TempDir;
    let tmp_dir = TempDir::new().expect("create temp dir");
    let store = NativeStore::open(tmp_dir.path().to_str().unwrap()).expect("open NativeStore");
    let mut vault = Vault::new(store);
    let keyspace = "personal";
    let password = b"testpass";

    // Create keyspace
    vault.create_keyspace(keyspace, password, None).await.expect("create_keyspace");
    // Add keypair
    let key_id = vault.add_keypair(keyspace, password, Some(KeyType::Secp256k1), Some(KeyMetadata { name: Some("main".to_string()), created_at: None, tags: None })).await.expect("add_keypair");

    // Create session manager
    let mut session = SessionManager::new(vault);
    session.unlock_keyspace(keyspace, password).await.expect("unlock_keyspace");
    session.select_keyspace(keyspace).expect("select_keyspace");
    session.select_keypair(&key_id).expect("select_keypair");

    // Sign and verify
    let msg = b"hello world";
    let sig = session.sign(msg).await.expect("sign");
    let _keypair = session.current_keypair().expect("current_keypair");
    // Use stateless API for verify: get password from test context, not from private fields
    let password = b"testpass";
    let verified = session
        .get_vault()
        .verify(keyspace, password, &key_id, msg, &sig)
        .await
        .expect("verify");
    assert!(verified, "signature should verify");

    // Logout wipes secrets
    session.logout();
    assert!(session.current_keyspace().is_none());
    assert!(session.current_keypair().is_none());
    // No public API for unlocked_keyspaces, but behavior is covered by above asserts
}

#[cfg(not(target_arch = "wasm32"))]
#[tokio::test]
async fn session_manager_errors() {
    use tempfile::TempDir;
    let tmp_dir = TempDir::new().expect("create temp dir");
    let store = NativeStore::open(tmp_dir.path().to_str().unwrap()).expect("open NativeStore");
    let vault = Vault::new(store);
    let mut session = SessionManager::new(vault);
    // No keyspace unlocked
    assert!(session.select_keyspace("none").is_err());
    assert!(session.select_keypair("none").is_err());
    assert!(session.sign(b"fail").await.is_err());
}