/**
 * Federation capabilities verb (FED-M3-07).
 *
 * Returns the read-only capability envelope for the active grant attached by
 * FederationAuthGuard. This endpoint intentionally does not invoke native RBAC
 * or ScopeService: an active grant is enough to ask what the grant allows.
 */

import { Controller, Get, Req, UseGuards } from '@nestjs/common';
import type { FastifyRequest } from 'fastify';
import {
  FEDERATION_VERBS,
  type FederationCapabilitiesResponse,
  type FederationVerb,
} from '@mosaicstack/types';
import { parseFederationScope } from '../../scope-schema.js';
import { FederationAuthGuard } from '../federation-auth.guard.js';
import '../federation-context.js';

@Controller('api/federation/v1/capabilities')
@UseGuards(FederationAuthGuard)
export class CapabilitiesController {
  @Get()
  getCapabilities(@Req() request: FastifyRequest): FederationCapabilitiesResponse {
    if (!request.federationContext) {
      throw new Error('Federation context missing after auth guard');
    }

    const scope = parseFederationScope(request.federationContext.scope);

    return {
      resources: [...scope.resources],
      excluded_resources: [...scope.excluded_resources],
      max_rows_per_query: scope.max_rows_per_query,
      supported_verbs: [...FEDERATION_VERBS] satisfies FederationVerb[],
    };
  }
}