"""
Audit: Welche Capabilities sind an Endpoints angebunden?

Für Admin-Matrix (Rollen & Rechte) und Roadmap — bei neuem probe_capability hier eintragen.
"""
from __future__ import annotations

from typing import Any, Dict

# Endpoints rufen probe_capability auf (Log; Block nur bei CAPABILITY_ENFORCE=1)
WIRED_PROBE = frozenset(
    {
        "exercises.ai.suggest",
        "exercises.ai.regenerate",
        "exercises.create",
        "exercises.media.upload",
        "planning.ai.suggest",
        "planning.ai.progression_path",
        "club.creation_request.read_own",
        "club.creation_request.create",
        "club.creation_request.withdraw",
        "platform.club_creation.approve",
    }
)

# Kontingent-Verbrauch nach Erfolg (consume_club_feature_with_usage)
FEATURE_CONSUME_WIRED = frozenset(
    {
        "ai_calls",
    }
)


def enforcement_status_for_capability(capability_id: str) -> Dict[str, Any]:
    """
    Anzeige-Status für Superadmin-Matrix.

    level: probe | legacy | platform | open | none
    """
    cid = (capability_id or "").strip()
    if cid in WIRED_PROBE:
        return {
            "level": "probe",
            "label": "API vorbereitet (Log)",
            "detail": "probe_capability am Endpoint; Hard-Block erst mit CAPABILITY_ENFORCE=1",
            "implemented": True,
        }
    if cid.startswith("platform."):
        if cid == "platform.admin.access":
            return {
                "level": "platform",
                "label": "Plattform (Router-Guard)",
                "detail": "RequireAdmin / Superadmin-Checks",
                "implemented": True,
            }
        if cid in WIRED_PROBE:
            pass
        return {
            "level": "platform",
            "label": "Plattform (teilweise)",
            "detail": "Meist Router-Guard; Capability-Probe nur wo eingetragen",
            "implemented": cid in WIRED_PROBE,
        }
    if cid.startswith("club."):
        return {
            "level": "open",
            "label": "Onboarding",
            "detail": "Account-State / eigene Flows",
            "implemented": cid in WIRED_PROBE,
        }
    # Vereins-Capabilities ohne Probe: Legacy club_tenancy (can_plan_in_club, has_club_role, …)
    return {
        "level": "legacy",
        "label": "Nur Legacy-Rollen",
        "detail": "Noch kein probe_capability — prüft can_plan_in_club / club_admin im Code",
        "implemented": False,
    }


def feature_consume_status(feature_id: str) -> Dict[str, Any]:
    fid = (feature_id or "").strip()
    if fid in FEATURE_CONSUME_WIRED:
        return {
            "level": "consume",
            "label": "Verbrauch aktiv",
            "detail": "consume_club_feature_with_usage + feature_usage in Response",
            "implemented": True,
        }
    return {
        "level": "inventory",
        "label": "Bestand / Probe",
        "detail": "Probe oder Live-Zählung; kein Consume nach Aktion",
        "implemented": False,
    }