"""
System Configuration Schema for Provisioning Platform (SIMPLIFIED)

Defines all configuration categories with clear override rules.
Note: This is a simplified version focusing on compilable schemas.
Complex union types and nested structures have been flattened.

Version: 1.0.0
Last Updated: 2025-12-11
"""

import regex

# ============================================================================
# CORE SCHEMAS (Simplified for KCL 0.11.3 compatibility)
# ============================================================================

schema SystemConfig:
    """System-level immutable configuration"""
    version: str = "1.0.0"
    install_path: str
    os_name: "macos" | "linux" | "windows" = "linux"
    os_version: str
    config_base_path: str
    cache_base_path: str
    workspaces_dir: str
    system_architecture: str
    cpu_count: int
    memory_total_gb: int
    disk_total_gb: int
    setup_date: str  # ISO 8601 timestamp
    setup_by_user: str
    setup_hostname: str

    check:
        len(install_path) > 0, "install_path cannot be empty"
        len(config_base_path) > 0, "config_base_path cannot be empty"
        cpu_count > 0 and cpu_count <= 1024, "cpu_count must be 1-1024"
        memory_total_gb > 0 and memory_total_gb <= 4096, "memory must be 1-4096 GB"
        disk_total_gb > 0 and disk_total_gb <= 100000, "disk must be 1-100000 GB"

schema OrchestratorConfig:
    """Orchestrator service configuration"""
    enabled: bool = True
    endpoint: str = "http://localhost:9090"
    port: int = 9090
    timeout_seconds: int = 30
    health_check_interval_seconds: int = 5

    check:
        port > 0 and port <= 65535, "port must be 1-65535"
        timeout_seconds > 0 and timeout_seconds <= 300, "timeout must be 1-300 seconds"

schema DatabaseConfig:
    """Database configuration"""
    backend: "memory" | "surrealdb" = "memory"
    url?: str

schema ControlCenterConfig:
    """Control Center service configuration"""
    enabled: bool = True
    url: str = "http://localhost:3000"
    port: int = 3000
    timeout_seconds: int = 30
    database: DatabaseConfig

    check:
        port > 0 and port <= 65535, "port must be 1-65535"
        timeout_seconds > 0 and timeout_seconds <= 300, "timeout must be 1-300 seconds"

schema KMSConfig:
    """Key Management System configuration"""
    enabled: bool = True
    backend: "rustyvault" | "age" | "vault" | "aws-kms" = "age"
    endpoint?: str
    port?: int
    rotation_days?: int = 90

    check:
        port == Undefined or (port > 0 and port <= 65535), "port must be 1-65535 if specified"
        rotation_days == Undefined or (rotation_days > 0 and rotation_days <= 3650), \
            "rotation_days must be 1-3650 if specified"

schema PlatformServicesConfig:
    """Platform services configuration"""
    orchestrator: OrchestratorConfig
    control_center: ControlCenterConfig
    kms_service: KMSConfig

schema ProviderCredentialsReference:
    """Reference to credentials stored in RustyVault"""
    credentials_source: str  # rustyvault://workspace_prod/providers/upcloud
    credentials_source_type: "rustyvault" | "vault" | "kms" = "rustyvault"

    check:
        len(credentials_source) > 0, "credentials_source cannot be empty"
        credentials_source.startswith("rustyvault://") or credentials_source.startswith("vault://") or credentials_source.startswith("kms://"), \
            "credentials_source must start with rustyvault://, vault://, or kms://"

schema UpCloudConfig:
    """UpCloud provider configuration"""
    api_url: str = "https://api.upcloud.com/1.3"
    interface: "API" | "CLI" = "API"
    credentials: ProviderCredentialsReference
    timeout_seconds: int = 30

    check:
        len(api_url) > 0, "api_url cannot be empty"
        timeout_seconds > 0 and timeout_seconds <= 300, "timeout must be 1-300 seconds"

schema AWSConfig:
    """AWS provider configuration"""
    region: str = "us-east-1"
    credentials: ProviderCredentialsReference
    timeout_seconds: int = 30

    check:
        len(region) > 0, "region cannot be empty"
        timeout_seconds > 0 and timeout_seconds <= 300, "timeout must be 1-300 seconds"

schema HetznerConfig:
    """Hetzner provider configuration"""
    api_url: str = "https://api.hetzner.cloud/v1"
    credentials: ProviderCredentialsReference
    timeout_seconds: int = 30

    check:
        len(api_url) > 0, "api_url cannot be empty"
        timeout_seconds > 0 and timeout_seconds <= 300, "timeout must be 1-300 seconds"

schema LocalConfig:
    """Local provider configuration"""
    base_path: str = "/tmp/provisioning-local"
    timeout_seconds: int = 10

    check:
        len(base_path) > 0, "base_path cannot be empty"
        timeout_seconds > 0 and timeout_seconds <= 300, "timeout must be 1-300 seconds"

schema RustyVaultBootstrap:
    """RustyVault bootstrap key configuration"""
    encrypted_key_path: str
    encrypted_key_format: "age" | "sops" = "age"

    check:
        len(encrypted_key_path) > 0, "encrypted_key_path cannot be empty"

schema ProviderConfig:
    """Provider configuration with RustyVault references"""
    upcloud?: UpCloudConfig
    aws?: AWSConfig
    hetzner?: HetznerConfig
    local?: LocalConfig
    rustyvault_bootstrap?: RustyVaultBootstrap

schema UserPreferences:
    """User preferences for provisioning operations"""
    preferred_editor: "vim" | "nano" | "code" = "vim"
    preferred_output_format: "text" | "json" | "yaml" = "text"
    auto_confirm_operations: bool = False
    log_level: "error" | "warn" | "info" | "debug" = "info"
    default_timeout_seconds: int = 300

    check:
        default_timeout_seconds > 0 and default_timeout_seconds <= 3600, \
            "default_timeout_seconds must be 1-3600"

schema WorkspaceConfig:
    """Workspace-specific configuration"""
    workspace_name: str
    workspace_path: str
    active_infrastructure: str
    active_providers: [str]  # ["upcloud", "aws"]
    provider_config: ProviderConfig

    check:
        len(workspace_name) > 0, "workspace_name cannot be empty"
        len(workspace_path) > 0, "workspace_path cannot be empty"
        len(active_infrastructure) > 0, "active_infrastructure cannot be empty"
        len(active_providers) > 0, "at least one active provider required"

# ============================================================================
# FINAL EXPORT
# ============================================================================

_system_config: SystemConfig = {
    version = "1.0.0"
    install_path = "/opt/provisioning"
    os_name = "linux"
    os_version = "5.15.0"
    config_base_path = "/etc/provisioning"
    cache_base_path = "/var/cache/provisioning"
    workspaces_dir = "/opt/workspaces"
    system_architecture = "x86_64"
    cpu_count = 8
    memory_total_gb = 32
    disk_total_gb = 500
    setup_date = "2025-12-11T00:00:00Z"
    setup_by_user = "provisioning"
    setup_hostname = "provisioning-host"
}

# Export for use in other modules
system_config_schema = _system_config