using ZB.MOM.WW.Audit;

namespace ZB.MOM.WW.OtOpcUa.ControlPlane.Audit;

/// <summary>
/// Maps OtOpcUa's audit <c>Action</c> vocabulary onto the canonical
/// <see cref="AuditOutcome"/>. The vocabulary is the set of values documented on
/// <c>ConfigAuditLog.EventType</c>: config verbs are <see cref="AuditOutcome.Success"/>,
/// the two authorization-rejection events are <see cref="AuditOutcome.Denied"/>. OtOpcUa
/// emits no <see cref="AuditOutcome.Failure"/> events today.
/// </summary>
/// <remarks>
/// Pure function — no live emit sites construct an <see cref="AuditEvent"/> in production
/// (the structured audit path is dormant; all live audit flows through the bespoke stored
/// procedure path). This helper exists so that when the structured path is wired up, the
/// required <c>Outcome</c> field is derived consistently from the action verb. Tested, not
/// yet exercised in production.
/// </remarks>
public static class AuditOutcomeMapper
{
    /// <summary>
    /// Derives the canonical <see cref="AuditOutcome"/> for an OtOpcUa audit action verb.
    /// Unknown verbs default to <see cref="AuditOutcome.Success"/> (config writes are the
    /// overwhelming majority and the only non-success cases are the two explicit
    /// authorization rejections enumerated below).
    /// </summary>
    /// <param name="action">The audit action verb (e.g. <c>DraftCreated</c>, <c>OpcUaAccessDenied</c>).</param>
    /// <returns>The mapped outcome.</returns>
    public static AuditOutcome FromAction(string action) => action switch
    {
        "OpcUaAccessDenied" or "CrossClusterNamespaceAttempt" => AuditOutcome.Denied,
        "DraftCreated"
            or "DraftEdited"
            or "Published"
            or "RolledBack"
            or "NodeApplied"
            or "ClusterCreated"
            or "NodeAdded"
            or "CredentialAdded"
            or "CredentialDisabled"
            or "ExternalIdReleased" => AuditOutcome.Success,
        _ => AuditOutcome.Success,
    };
}