package builtin

import (
	"os"
	"testing"
)

// TestIsDangerousRemovalPath_Root verifies "/" itself is blacklisted.
func TestIsDangerousRemovalPath_Root(t *testing.T) {
	if !isDangerousRemovalPath("/") {
		t.Error("/ should be dangerous")
	}
}

// TestIsDangerousRemovalPath_DirectChildrenOfRoot verifies / direct
// children (system-critical mounts) are blacklisted, mirroring
// Claude Code FileEditTool.ts pathValidation behavior.
func TestIsDangerousRemovalPath_DirectChildrenOfRoot(t *testing.T) {
	for _, p := range []string{"/etc", "/usr", "/tmp", "/var", "/bin", "/sbin", "/lib", "/opt", "/home", "/root", "/boot", "/sys", "/proc", "/dev"} {
		if !isDangerousRemovalPath(p) {
			t.Errorf("%s should be dangerous", p)
		}
	}
}

// TestIsDangerousRemovalPath_SubdirsAllowed verifies subdirectories
// of system roots are allowed (the common dev case: /usr/local,
// /tmp/build, /home/user/code).
func TestIsDangerousRemovalPath_SubdirsAllowed(t *testing.T) {
	for _, p := range []string{"/usr/local", "/tmp/build", "/home/user/code", "/var/log/myapp"} {
		if isDangerousRemovalPath(p) {
			t.Errorf("%s should NOT be dangerous (subdirectory of system root)", p)
		}
	}
}

// TestIsDangerousRemovalPath_HomeRoot verifies $HOME itself is
// blacklisted but subdirectories of home are allowed.
func TestIsDangerousRemovalPath_HomeRoot(t *testing.T) {
	t.Setenv("HOME", "/home/testuser")
	if !isDangerousRemovalPath("/home/testuser") {
		t.Error("$HOME root should be dangerous")
	}
	// 上面的 /home/testuser 同时也是 /home 的直接子目录 -> 黑名单 (兼容 cc 行为).
	// /home/testuser/code 是 home 子目录 -> 允许.
	if isDangerousRemovalPath("/home/testuser/code") {
		t.Error("$HOME subdirectory should NOT be dangerous")
	}
}

// TestIsDangerousRemovalPath_Wildcard verifies * and /etc/* style
// wildcards are blacklisted.
func TestIsDangerousRemovalPath_Wildcard(t *testing.T) {
	for _, p := range []string{"*", "/*", "/etc/*"} {
		if !isDangerousRemovalPath(p) {
			t.Errorf("%s wildcard should be dangerous", p)
		}
	}
}

// TestIsDangerousRemovalPath_WindowsDriveRoots verifies Windows drive
// roots (and direct children) are blacklisted.
func TestIsDangerousRemovalPath_WindowsDriveRoots(t *testing.T) {
	for _, p := range []string{"C:", "C:/", "C:/Windows", "D:/Users", "C:\\Windows"} {
		if !isDangerousRemovalPath(p) {
			t.Errorf("%s should be dangerous (Windows root or direct child)", p)
		}
	}
	if isDangerousRemovalPath("C:/Users/me") {
		t.Error("C:/Users/me should NOT be dangerous (subdirectory)")
	}
}

// TestExtractRemovalTargets_BasicRm verifies a simple rm command's
// target paths are extracted, flags skipped.
func TestExtractRemovalTargets_BasicRm(t *testing.T) {
	got := extractRemovalTargets("rm -rf /etc /tmp")
	if len(got) != 2 || got[0] != "/etc" || got[1] != "/tmp" {
		t.Errorf("got %v, want [/etc /tmp]", got)
	}
}

// TestExtractRemovalTargets_QuotedPaths verifies quoted paths are
// unwrapped.
func TestExtractRemovalTargets_QuotedPaths(t *testing.T) {
	got := extractRemovalTargets(`rm -rf "/path with space" '/quoted'`)
	if len(got) != 2 || got[0] != "/path with space" {
		// 实际: strings.Fields 会按空格切, 双引号内的空格也切, v1 不处理.
		// 这是已知限制, 测试断言"v1 不处理 quoted 内空格" — got[0] 会是
		// `"/path` 不是 `/path with space`. 只验证 quoted 单值 unwrap.
		t.Logf("known v1 limit: quoted path with internal space gets split; got %v", got)
	}
	// 至少 '/quoted' 这种无空格 quoted 应该 unwrap
	hasQuotedClean := false
	for _, p := range got {
		if p == "/quoted" {
			hasQuotedClean = true
		}
	}
	if !hasQuotedClean {
		t.Errorf("expected '/quoted' to unwrap, got %v", got)
	}
}

// TestExtractRemovalTargets_StatementBoundaries verifies statement
// boundaries (;, &&, ||, |, newline) properly anchor rm matches.
func TestExtractRemovalTargets_StatementBoundaries(t *testing.T) {
	cases := []struct {
		cmd     string
		wantOne string // 期望抓到的至少一个目标
	}{
		{"echo hi; rm /etc", "/etc"},
		{"ls && rm -rf /tmp", "/tmp"},
		{"cd /home || rm /var", "/var"},
		{"cat foo | rm /usr", "/usr"},
		{"true\nrm /bin", "/bin"},
	}
	for _, tc := range cases {
		got := extractRemovalTargets(tc.cmd)
		found := false
		for _, p := range got {
			if p == tc.wantOne {
				found = true
				break
			}
		}
		if !found {
			t.Errorf("cmd=%q: want %q in %v", tc.cmd, tc.wantOne, got)
		}
	}
}

// TestExtractRemovalTargets_EchoStringsNotMatched verifies "rm" inside
// quoted echo strings does NOT match (no preceding statement boundary
// inside the quoted body, but after an opening quote there could be
// false positives -- v1 tolerates these in favor of simple regex,
// the validator's blacklist still gates real harm).
func TestExtractRemovalTargets_EchoStringsNotMatched(t *testing.T) {
	got := extractRemovalTargets(`echo 'about to rm something'`)
	// v1 正则不区分 quote 内外, 可能误抓. 接受此限制 (validator 黑名单
	// 仍 gate 真实危险), 仅验证 echo 自己不会被当 rm.
	for _, p := range got {
		if p == "echo" {
			t.Errorf("echo command misidentified as rm target: %v", got)
		}
	}
}

// TestValidateDangerousRemoval_RootPath verifies rm / triggers reject.
func TestValidateDangerousRemoval_RootPath(t *testing.T) {
	got := validateDangerousRemoval("rm -rf /", "/home/test")
	if got == "" {
		t.Error("rm -rf / should be rejected")
	}
}

// TestValidateDangerousRemoval_SystemDir verifies rm -rf /etc triggers
// reject regardless of cwd.
func TestValidateDangerousRemoval_SystemDir(t *testing.T) {
	got := validateDangerousRemoval("rm -rf /etc", "/anywhere")
	if got == "" {
		t.Error("rm -rf /etc should be rejected")
	}
}

// TestValidateDangerousRemoval_CwdRelative verifies relative paths
// pointing into cwd are NOT rejected (developer use case: rm dist/).
func TestValidateDangerousRemoval_CwdRelative(t *testing.T) {
	got := validateDangerousRemoval("rm -rf dist/", "/home/user/project")
	if got != "" {
		t.Errorf("rm -rf dist/ in project cwd should be allowed, got: %s", got)
	}
}

// TestValidateDangerousRemoval_TildeExpand verifies ~ expansion
// catches `rm -rf ~` (HOME root).
func TestValidateDangerousRemoval_TildeExpand(t *testing.T) {
	t.Setenv("HOME", "/home/testuser")
	got := validateDangerousRemoval("rm -rf ~", "/anywhere")
	if got == "" {
		t.Error("rm -rf ~ should expand to $HOME and be rejected")
	}
}

// TestValidateDangerousRemoval_BenignCommand verifies non-rm commands
// pass through.
func TestValidateDangerousRemoval_BenignCommand(t *testing.T) {
	got := validateDangerousRemoval("ls -la /etc", "/anywhere")
	if got != "" {
		t.Errorf("ls /etc should not be rejected, got: %s", got)
	}
}

// TestExpandTilde_Basic verifies tilde expansion edge cases.
func TestExpandTilde_Basic(t *testing.T) {
	t.Setenv("HOME", "/home/abc")
	cases := []struct {
		in   string
		want string
	}{
		{"~", "/home/abc"},
		{"~/code", "/home/abc/code"},
		{"/abs", "/abs"},
		{"foo", "foo"},
	}
	for _, tc := range cases {
		got := expandTilde(tc.in)
		if got != tc.want {
			t.Errorf("expandTilde(%q) = %q, want %q", tc.in, got, tc.want)
		}
	}
	// HOME 未设, 保持原样
	os.Unsetenv("HOME")
	if got := expandTilde("~/x"); got != "~/x" {
		t.Errorf("HOME unset: expandTilde(~/x) = %q, want ~/x", got)
	}
}