// Package scanner defines shared types for the ATCR scanner service.
// These types are self-contained with no imports from the root module.
package scanner

import "encoding/json"

// ScanJob represents a vulnerability scanning job received from the hold service
type ScanJob struct {
	Seq            int64           `json:"seq"`
	ManifestDigest string          `json:"manifestDigest"`
	Repository     string          `json:"repository"`
	Tag            string          `json:"tag"`
	UserDID        string          `json:"userDid"`
	UserHandle     string          `json:"userHandle"`
	HoldDID        string          `json:"holdDid"`
	HoldEndpoint   string          `json:"holdEndpoint"`
	Tier           string          `json:"tier"`
	Config         BlobDescriptor  `json:"config"`
	Layers         []BlobDescriptor `json:"layers"`
}

// ScanJobRaw is the raw WebSocket message with JSON config/layers
type ScanJobRaw struct {
	Type           string          `json:"type"` // "job"
	Seq            int64           `json:"seq"`
	ManifestDigest string          `json:"manifestDigest"`
	Repository     string          `json:"repository"`
	Tag            string          `json:"tag"`
	UserDID        string          `json:"userDid"`
	UserHandle     string          `json:"userHandle"`
	HoldDID        string          `json:"holdDid"`
	HoldEndpoint   string          `json:"holdEndpoint"`
	Tier           string          `json:"tier"`
	Config         json.RawMessage `json:"config"`
	Layers         json.RawMessage `json:"layers"`
}

// BlobDescriptor describes a blob (layer or config) in a container image
type BlobDescriptor struct {
	Digest    string `json:"digest"`
	Size      int64  `json:"size"`
	MediaType string `json:"mediaType"`
}

// ScanResult contains the output of a completed scan
type ScanResult struct {
	ManifestDigest string                `json:"manifestDigest"`
	SBOM           []byte                `json:"sbom,omitempty"`
	SBOMDigest     string                `json:"sbomDigest,omitempty"`
	VulnReport     []byte                `json:"vulnReport,omitempty"`
	VulnDigest     string                `json:"vulnDigest,omitempty"`
	Summary        *VulnerabilitySummary `json:"summary,omitempty"`
}

// VulnerabilitySummary contains counts of vulnerabilities by severity
type VulnerabilitySummary struct {
	Critical int `json:"critical"`
	High     int `json:"high"`
	Medium   int `json:"medium"`
	Low      int `json:"low"`
	Total    int `json:"total"`
}

// AckMessage is sent from scanner to hold to acknowledge job receipt
type AckMessage struct {
	Type string `json:"type"` // "ack"
	Seq  int64  `json:"seq"`
}

// ResultMessage is sent from scanner to hold with scan results
type ResultMessage struct {
	Type       string                `json:"type"` // "result"
	Seq        int64                 `json:"seq"`
	SBOM       string                `json:"sbom,omitempty"`
	VulnReport string                `json:"vulnReport,omitempty"`
	Summary    *VulnerabilitySummary `json:"summary,omitempty"`
}

// ErrorMessage is sent from scanner to hold when a scan fails
type ErrorMessage struct {
	Type  string `json:"type"` // "error"
	Seq   int64  `json:"seq"`
	Error string `json:"error"`
}