package auth

import (
	"testing"
	"time"
)

func TestAccessTrackerRecordAndSnapshot(t *testing.T) {
	tracker := NewAccessTracker()
	older := time.Date(2026, 4, 4, 10, 0, 0, 0, time.UTC)
	newer := older.Add(2 * time.Minute)

	tracker.Record("client-a", "/files", "10.0.0.1:1234", "agent-a", older)
	tracker.Record("client-b", "/mcp", "10.0.0.2:1234", "agent-b", newer)
	tracker.Record("client-a", "/files/1", "10.0.0.1:1234", "agent-a2", newer.Add(30*time.Second))

	snap := tracker.Snapshot()
	if len(snap) != 2 {
		t.Fatalf("len(snapshot) = %d, want 2", len(snap))
	}
	if snap[0].KeyID != "client-a" {
		t.Fatalf("snapshot[0].KeyID = %q, want client-a", snap[0].KeyID)
	}
	if snap[0].RequestCount != 2 {
		t.Fatalf("snapshot[0].RequestCount = %d, want 2", snap[0].RequestCount)
	}
	if snap[0].LastPath != "/files/1" {
		t.Fatalf("snapshot[0].LastPath = %q, want /files/1", snap[0].LastPath)
	}
	if snap[0].UserAgent != "agent-a2" {
		t.Fatalf("snapshot[0].UserAgent = %q, want agent-a2", snap[0].UserAgent)
	}
}

func TestAccessTrackerConnectedCount(t *testing.T) {
	tracker := NewAccessTracker()
	now := time.Date(2026, 4, 4, 12, 0, 0, 0, time.UTC)

	tracker.Record("recent", "/mcp", "", "", now.Add(-2*time.Minute))
	tracker.Record("stale", "/mcp", "", "", now.Add(-11*time.Minute))

	if got := tracker.ConnectedCount(now, 10*time.Minute); got != 1 {
		t.Fatalf("ConnectedCount() = %d, want 1", got)
	}
}