import { BadRequestException, Controller, Get, Param, Query, Request } from '@nestjs/common';
import type { Request as ExpressRequest } from 'express';
import { RequirePermissions } from '@common/decorators/permissions.decorator';
import { TrajectoryService } from '../trajectory/trajectory.service';
import { resolveOrgId } from '../utils/auth-resolution.util';

/**
 * GET /api/v1/agent/trajectory/events?sessionId=...
 * GET /api/v1/agent/trajectory/verify/:sessionId
 *
 * PR4c 审计 endpoint。前者列事件，后者校验整链。
 */
@Controller('agent/trajectory')
export class AgentTrajectoryController {
  constructor(private readonly trajectory: TrajectoryService) {}

  @Get('events')
  @RequirePermissions('system:admin')
  async listEvents(@Query() query: { sessionId?: string }, @Request() req: ExpressRequest) {
    if (!query.sessionId) throw new BadRequestException('sessionId required');
    const orgId = resolveOrgId(req);
    if (!orgId) throw new BadRequestException('organizationId required');
    const items = await this.trajectory.listForSession(query.sessionId, orgId);
    return { items };
  }

  @Get('verify/:sessionId')
  @RequirePermissions('system:admin')
  async verify(@Param('sessionId') sessionId: string, @Request() req: ExpressRequest) {
    const orgId = resolveOrgId(req);
    if (!orgId) throw new BadRequestException('organizationId required');
    return this.trajectory.verifyChain(sessionId, orgId);
  }
}