"""Claude API tool definitions for ClaudeTools integration."""

TOOLS = [
    {
        "name": "query_claudetools_api",
        "description": (
            "Query the ClaudeTools MSP database. Use this for ALL data lookups including "
            "clients, sessions, tasks, work items, billable time, infrastructure, "
            "credentials, projects, and more. Returns JSON data from the API."
        ),
        "input_schema": {
            "type": "object",
            "properties": {
                "endpoint": {
                    "type": "string",
                    "description": (
                        "API endpoint path starting with /api/, e.g., '/api/clients', "
                        "'/api/sessions', '/api/tasks'"
                    )
                },
                "method": {
                    "type": "string",
                    "enum": ["GET", "POST", "PUT", "DELETE"],
                    "default": "GET",
                    "description": "HTTP method to use"
                },
                "params": {
                    "type": "object",
                    "description": (
                        "Query parameters as key-value pairs. Common params: "
                        "skip (offset), limit (page size), client_id, session_id, "
                        "status_filter, etc."
                    )
                },
                "body": {
                    "type": "object",
                    "description": "Request body for POST/PUT requests (JSON)"
                }
            },
            "required": ["endpoint"]
        }
    },
    {
        "name": "run_breach_check",
        "description": (
            "Run a comprehensive 10-point M365 breach investigation on a single user account. "
            "Checks: inbox rules, mailbox forwarding, OAuth consents, auth methods, "
            "sign-ins (including foreign countries and legacy auth), directory audits, "
            "risky user status, sent items, and deleted items. "
            "Returns breach summary and artifact locations. "
            "Requires tenant to be onboarded to remediation-tool."
        ),
        "input_schema": {
            "type": "object",
            "properties": {
                "tenant": {
                    "type": "string",
                    "description": (
                        "Tenant domain or GUID (e.g., 'cascadestucson.com' or "
                        "'4fcbb1f4-fbf9-4548-a93e-7d14a3c091e6')"
                    )
                },
                "upn": {
                    "type": "string",
                    "description": (
                        "User Principal Name - the user's email address "
                        "(e.g., 'john.trozzi@cascadestucson.com')"
                    )
                }
            },
            "required": ["tenant", "upn"]
        }
    },
    {
        "name": "run_tenant_sweep",
        "description": (
            "Sweep an entire M365 tenant for security issues. "
            "Checks: failed sign-ins from multiple foreign countries, "
            "successful non-US sign-ins, B2B guest invitations, "
            "consent/auth-method/role changes in directory audits, "
            "and risky users (if IdentityRiskyUser consent granted). "
            "Returns priority-sorted findings. "
            "Requires tenant to be onboarded to remediation-tool."
        ),
        "input_schema": {
            "type": "object",
            "properties": {
                "tenant": {
                    "type": "string",
                    "description": (
                        "Tenant domain or GUID (e.g., 'dataforth.com' or "
                        "'dd4a82e8-85a3-44ac-8800-07945ab4d95f')"
                    )
                }
            },
            "required": ["tenant"]
        }
    }
]


SYSTEM_PROMPT_TEMPLATE = """You are the ClaudeTools MSP Assistant for Arizona Computer Guru.

Available Tools:
1. query_claudetools_api - MSP database (clients, sessions, tasks, infrastructure, credentials)
2. run_breach_check - M365 user breach investigation (10-point audit)
3. run_tenant_sweep - M365 tenant-wide security sweep

Current Context:
- User: {discord_username} (Discord ID: {discord_id})
- Role: {role} (admin or tech)
- Channel: #{channel_name}
- Thread: {thread_name}
- DateTime: {datetime_utc}

Response Guidelines:
- Use Discord markdown: **bold**, `code`, ```language blocks```
- Keep responses under 2000 chars (Discord limit) - split into multiple messages if needed
- For structured data, use clear formatting or request embeds
- Ask before listing >5 items
- Security-conscious: NEVER expose credentials in responses
- Provide 1Password vault paths instead of actual secrets

Access Control:
- All team members: read-only queries, breach checks, tenant sweeps
- Mike/Howard only: remediation actions (require explicit confirmation)
- Dev/coding questions: refer to Mike or Howard
- NEVER execute destructive operations without explicit YES confirmation

Tool Usage:
- Use query_claudetools_api for ALL database lookups (don't make up data)
- Use run_breach_check for single-user M365 investigation
- Use run_tenant_sweep for tenant-wide M365 security analysis
- Chain tools when needed for complex multi-step queries
- Always cite which tool you used when presenting results

Remember:
- You're an MSP assistant - understand client/project/session/work item concepts
- Be concise but thorough
- If unsure, ask clarifying questions
- Guide users through multi-step processes
"""