<?php

declare(strict_types=1);

use App\Framework\DDoS\ValueObjects\ThreatScore;

describe('ThreatScore Value Object', function () {

    it('creates threat score from float', function () {
        $threatScore = ThreatScore::fromFloat(0.8);

        expect($threatScore->getScore()->value())->toBe(0.8);
        expect($threatScore->requiresBlocking())->toBeTrue();
    });

    it('creates safe threat score', function () {
        $safe = ThreatScore::safe();

        expect($safe->getScore()->value())->toBe(0.0);
        expect($safe->requiresBlocking())->toBeFalse();
        expect($safe->getRecommendedAction())->toBe('allow');
    });

    it('creates critical threat score', function () {
        $critical = ThreatScore::critical();

        expect($critical->getScore()->isCritical())->toBeTrue();
        expect($critical->requiresBlocking())->toBeTrue();
        expect($critical->getRecommendedAction())->toBe('block_immediately');
    });

    it('determines correct actions based on level', function () {
        $low = ThreatScore::fromFloat(0.1);
        $medium = ThreatScore::fromFloat(0.5);
        $high = ThreatScore::fromFloat(0.8);
        $critical = ThreatScore::fromFloat(0.95);

        expect($low->getRecommendedAction())->toBe('allow');
        expect($medium->getRecommendedAction())->toBe('rate_limit');
        expect($high->getRecommendedAction())->toBe('enhanced_monitoring');
        expect($critical->getRecommendedAction())->toBe('block_immediately');
    });

    it('creates from multiple analyses', function () {
        $analyses = [
            'traffic_patterns' => ['threat_score' => 0.8, 'indicators' => ['high_volume']],
            'geo_anomalies' => ['threat_score' => 0.6, 'indicators' => ['unusual_location']],
            'waf_analysis' => ['threat_score' => 0.9, 'indicators' => ['malicious_payload']],
        ];

        $threatScore = ThreatScore::fromAnalyses($analyses);

        expect($threatScore->getScore()->value())->toBeGreaterThan(0.7);
        expect($threatScore->getIndicators())->toContain('high_volume');
        expect($threatScore->getSources())->toContain('traffic_patterns');
    });

    it('combines threat scores correctly', function () {
        $score1 = ThreatScore::fromFloat(0.8);
        $score2 = ThreatScore::fromFloat(0.6);

        $combined = $score1->combineWith($score2, 0.7);

        expect($combined->getScore()->value())->toBe(0.74); // 0.8 * 0.7 + 0.6 * 0.3
    });

    it('provides detailed description', function () {
        $threatScore = ThreatScore::fromFloat(0.75);
        $description = $threatScore->getDescription();

        expect($description)->toContain('High threat level');
        expect($description)->toContain('75.0%');
    });

    it('serializes and deserializes correctly', function () {
        $original = ThreatScore::fromFloat(0.8);
        $array = $original->toArray();
        $restored = ThreatScore::fromArray($array);

        expect($restored->getScore()->value())->toBe($original->getScore()->value());
        expect($restored->requiresBlocking())->toBe($original->requiresBlocking());
    });

});