package handlers

import (
	"net/http"

	"github.com/breakpilot/ai-compliance-sdk/internal/iace"
	"github.com/gin-gonic/gin"
	"github.com/google/uuid"
)

// GetRiskSuggestion returns BreakPilot's justified dual-model risk suggestion
// for a hazard: the EN-62061-style F/W/P/S model and the Fine-Kinney P/E/C
// model, each with suggested values, justifications and the visible formula.
// Read-only and computed from public-data anchors — the professional adjusts
// the values; no norm table is stored or reproduced.
//
// GET /projects/:id/hazards/:hid/risk-suggestion
func (h *IACEHandler) GetRiskSuggestion(c *gin.Context) {
	hid, err := uuid.Parse(c.Param("hid"))
	if err != nil {
		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid hazard ID"})
		return
	}
	hz, err := h.store.GetHazard(c.Request.Context(), hid)
	if err != nil || hz == nil {
		c.JSON(http.StatusNotFound, gin.H{"error": "hazard not found"})
		return
	}
	c.JSON(http.StatusOK, iace.BuildRiskSuggestion(hz))
}

// GetRiskMatrix handles GET /projects/:id/risk-matrix.
// Project-wide confidence-aware risk view computed on read from each hazard (no
// persistence): per-hazard risk list + a Severity×Probability aggregation grid.
// Uses the same model as the GT benchmark, so matrix numbers match the
// comparison. Lets a customer see risk for EVERY project, not only GT ones.
func (h *IACEHandler) GetRiskMatrix(c *gin.Context) {
	projectID, err := uuid.Parse(c.Param("id"))
	if err != nil {
		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid project ID"})
		return
	}
	hazards, err := h.store.ListHazards(c.Request.Context(), projectID)
	if err != nil {
		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
		return
	}
	c.JSON(http.StatusOK, iace.BuildRiskMatrix(hazards))
}

// GetRiskDataSources handles GET /risk-data-sources.
// Returns the license-tagged public-statistics evidence register (Eurostat ESAW,
// CC BY 4.0) that anchors the risk-frequency tiers, plus the overall attribution
// note — so an auditor can see WHERE the risk numbers come from.
func (h *IACEHandler) GetRiskDataSources(c *gin.Context) {
	c.JSON(http.StatusOK, gin.H{
		"note":     iace.RiskDataSourcesNote,
		"evidence": iace.AllRiskEvidence(),
	})
}

// GetArchitecture handles GET /architecture.
// Data-driven self-description of the IACE engine (pipeline stages, libraries
// with LIVE counts, data sources + licenses, norm-matching logic) for the
// "Architektur & Datenfluss" auditability tab.
func (h *IACEHandler) GetArchitecture(c *gin.Context) {
	c.JSON(http.StatusOK, iace.BuildArchitecture())
}