import pytest

from nova_plan.contracts import (
    PlanDelta,
    CaCContract,
    sign_ca_contract,
    GoCRegistry,
    SignerStore,
    sign_plan_delta,
    verify_plan_delta_signature,
)


def test_ca_contract_sign_and_registry_roundtrip():
    # register signer key
    SignerStore.register("alice", "alice-key-123")

    contract = CaCContract(contract_id="ic-contract-1", version=1, content={"name": "Test"})
    signed = sign_ca_contract(contract, "alice-key-123")
    # store in GoC registry
    GoCRegistry.register_signed_contract(contract, signer="alice", signature=signed.signature)
    assert GoCRegistry.get_signed_contract("ic-contract-1")["signature"] == signed.signature


def test_plan_delta_sign_and_verify():
    SignerStore.register("alice", "alice-key-123")
    delta = PlanDelta(agent_id="alice", delta={"task": 1}, contract_id="ic-contract-1")
    signed_delta = sign_plan_delta(delta, signer_id="alice")
    assert signed_delta.signature is not None
    assert verify_plan_delta_signature(signed_delta)

    # push to provenance registry
    GoCRegistry.push_delta("ic-contract-1", signed_delta)
    prov = GoCRegistry.get_provenance("ic-contract-1")
    assert len(prov) >= 1 and prov[-1].agent_id == "alice"

    # tamper should fail verification
    tampered = PlanDelta(
        agent_id="alice",
        delta={"task": 999},
        contract_id="ic-contract-1",
        timestamp=signed_delta.timestamp,
        signature=signed_delta.signature,
    )
    # mutate the delta content after signing should invalidate signature
    tampered.delta["task"] = 1000
    assert not verify_plan_delta_signature(tampered)