// Package auditlog defines the immutable audit log types and the Logger interface
// for recording every LLM request processed by the proxy.
package auditlog

import "time"

// AuditEntry holds all metadata for a single proxied LLM request.
// It is written to ClickHouse asynchronously via BatchWriter.
// prompt_anonymized is stored encrypted (AES-256-GCM) and is never
// returned to API callers.
type AuditEntry struct {
	RequestID        string    `json:"request_id"`
	TenantID         string    `json:"tenant_id"`
	UserID           string    `json:"user_id"`
	Timestamp        time.Time `json:"timestamp"`
	ModelRequested   string    `json:"model_requested"`
	ModelUsed        string    `json:"model_used"`
	Provider         string    `json:"provider"`
	Department       string    `json:"department"`
	UserRole         string    `json:"user_role"`
	PromptHash       string    `json:"prompt_hash"`
	ResponseHash     string    `json:"response_hash"`
	PromptAnonymized string    `json:"-"` // AES-256-GCM base64-encoded anonymized prompt — never returned to API callers
	SensitivityLevel string    `json:"sensitivity_level"` // "none"|"low"|"medium"|"high"|"critical"
	TokenInput       int       `json:"token_input"`
	TokenOutput      int       `json:"token_output"`
	TokenTotal       int       `json:"token_total"`
	CostUSD          float64   `json:"cost_usd"`
	LatencyMs        int       `json:"latency_ms"`
	Status           string    `json:"status"` // "ok"|"error"
	ErrorType        string    `json:"error_type"`
	PIIEntityCount   int       `json:"pii_entity_count"`
	Stream           bool      `json:"stream"`
}

// AuditQuery filters audit log entries for the GET /v1/admin/logs endpoint.
type AuditQuery struct {
	TenantID       string
	UserID         string // filter by specific user (GDPR Art. 15)
	StartTime      time.Time
	EndTime        time.Time
	Provider       string
	MinSensitivity string // "none"|"low"|"medium"|"high"|"critical"
	Limit          int    // default 50, max 200
	Offset         int
}

// AuditResult is the paginated response for AuditQuery.
type AuditResult struct {
	Data  []AuditEntry `json:"data"`
	Total int          `json:"total"`
}

// CostQuery filters cost aggregation for the GET /v1/admin/costs endpoint.
type CostQuery struct {
	TenantID  string
	StartTime time.Time
	EndTime   time.Time
	GroupBy   string // "provider"|"model"|"department"
}

// CostSummary is one row in a cost aggregation result.
type CostSummary struct {
	Key          string  `json:"key"`
	TotalTokens  int     `json:"total_tokens"`
	TotalCostUSD float64 `json:"total_cost_usd"`
	RequestCount int     `json:"request_count"`
}

// CostResult is the response for CostQuery.
type CostResult struct {
	Data []CostSummary `json:"data"`
}