from __future__ import annotations

from fastapi import FastAPI
from fastapi.testclient import TestClient

from src.api.v1.agents import router


def test_dependency_risk_policy_endpoint_returns_committed_snapshot():
    app = FastAPI()
    app.include_router(router, prefix="/api/v1")
    client = TestClient(app)

    response = client.get("/api/v1/agents/dependency-risk-policy")

    assert response.status_code == 200
    data = response.json()
    assert data["schema_version"] == "dependency_risk_policy_v1"
    assert data["program_status"]["overall_completion_percent"] == 98
    assert data["program_status"]["read_only_mode"] is True
    assert data["program_status"]["current_task_id"] == "P1-204"
    assert data["program_status"]["next_task_id"] == "P1-205"
    assert data["rollups"]["total_rules"] == len(data["severity_rules"]) == 12
    assert data["rollups"]["by_severity"]["critical"] == 1
    assert data["rollups"]["by_status"]["action_required"] == 8
    assert data["operation_boundaries"]["read_only_policy_allowed"] is True
    assert data["operation_boundaries"]["external_cve_lookup_allowed"] is False
    assert data["operation_boundaries"]["external_license_lookup_allowed"] is False
    assert data["operation_boundaries"]["package_upgrade_allowed"] is False
    assert data["operation_boundaries"]["docker_build_allowed"] is False
    assert data["operation_boundaries"]["registry_push_allowed"] is False
    assert data["operation_boundaries"]["paid_api_call_allowed"] is False
    assert data["approval_boundaries"]["shadow_or_canary_allowed"] is False
    assert any(rule["rule_id"] == "cve_critical_known_exploited" for rule in data["severity_rules"])
    assert any(rule["rule_id"] == "docker_base_not_digest_pinned" for rule in data["severity_rules"])
    assert any(policy["policy_id"] == "external_source_policy" for policy in data["domain_policies"])