from app.core.command_analyzer import CommandAnalyzer
from app.core.permission_service import PermissionService


def _permission_service() -> PermissionService:
    return PermissionService(
        config={
            "settings": {},
            "command_categories": {
                "no_always": {
                    "allow_once": True,
                    "allow_always": False,
                    "commands": ["apt", "apt-get", "dpkg", "systemctl"],
                }
            },
            "path_settings": {},
        }
    )


def test_detects_unelevated_root_required_segment_after_sudo_chain() -> None:
    analyzer = CommandAnalyzer(_permission_service())

    diagnosis = analyzer.analyze(
        command="sudo apt update && apt upgrade -y",
        task_id="task-1",
        session_id="session-1",
    )

    assert diagnosis["type"] == "privilege_scope_error"
    assert diagnosis["root_required_segments"] == ["apt update", "apt upgrade -y"]
    assert diagnosis["elevated_segments"] == ["apt update"]
    assert diagnosis["unelevated_root_segments"] == ["apt upgrade -y"]


def test_accepts_each_root_required_segment_when_each_is_elevated() -> None:
    analyzer = CommandAnalyzer(_permission_service())

    diagnosis = analyzer.analyze(
        command="sudo apt update && sudo apt upgrade -y",
        task_id="task-1",
        session_id="session-1",
    )

    assert diagnosis["type"] == "ok"
    assert diagnosis["unelevated_root_segments"] == []