package validator

import "context"

// AlwaysApprove is an explicit opt-out Validator: it ignores the diff
// and always returns Approved=true. Its sole purpose is to make "no
// validation applied" an auditable, code-reviewable choice rather than
// an implicit default. Industries that deliberately want a Tool to run
// without real validation MUST wire AlwaysApprove{} as the Validator,
// so that the absence of a real policy is explicit at the call site
// and visible in logs (ValidatorName = "always-approve").
//
// Pairs with NewValidatedTool panicking on nil Validator: together
// they eliminate the "I thought approval was on but it wasn't"
// failure mode by making opt-out both mandatory and visible.
//
// AlwaysApprove 是显式 opt-out Validator: 忽略 diff, 永远返回
// Approved=true. 唯一目的是让 "不做审批" 变成可审计 / code-review 能
// 抓到的显式选择, 而非隐式默认. 行业 platform 刻意想让某个 Tool 不走
// 审批时, 必须显式 wire AlwaysApprove{} 作为 Validator, 这样 "没审批"
// 在调用点就写清楚, 日志里也能看到 (ValidatorName = "always-approve").
//
// 与 NewValidatedTool 对 nil Validator panic 搭配 -- 两者一起消灭
// "以为开了审批其实没开" 的故障模式, 方式是强制 opt-out 必须显式且
// 可见.
type AlwaysApprove struct{}

// Name returns "always-approve" -- the sentinel ValidatorName that
// audit logs and dashboards filter on to surface opt-out usage.
//
// Name 返回 "always-approve" -- 审计日志和 dashboard 以此 ValidatorName
// 过滤暴露 opt-out 使用情况.
func (AlwaysApprove) Name() string { return "always-approve" }

// Validate ignores diff and returns an approved Verdict whose Reason
// and ValidatorName make the opt-out posture explicit downstream.
// Severity is left empty deliberately: AlwaysApprove asserts "no
// judgement", not "advisory warn", so a VerdictSink (e.g. the circuit
// breaker) can treat it as a clean success sample rather than a warn.
//
// Validate 忽略 diff, 返回 approved Verdict, 其 Reason 和 ValidatorName
// 让 opt-out 姿态在下游显式可见. Severity 刻意留空: AlwaysApprove 断言
// "不做评价" 而非 "advisory warn", 让 VerdictSink (如熔断器) 能把它当
// 成干净 success 样本而非 warn 样本.
func (AlwaysApprove) Validate(_ context.Context, _ DiffInput) (Verdict, error) {
	return Verdict{
		Approved:      true,
		Score:         1.0,
		Reason:        "explicit opt-out: no validation applied",
		ValidatorName: "always-approve",
		PolicyVersion: "v1",
	}, nil
}