"""
Pydantic schemas for CredentialAuditLog model.

Request and response schemas for credential audit logging.
"""

from datetime import datetime
from typing import Optional
from uuid import UUID

from pydantic import BaseModel, Field


class CredentialAuditLogBase(BaseModel):
    """Base schema with shared CredentialAuditLog fields."""

    credential_id: UUID = Field(..., description="Reference to the credential")
    action: str = Field(..., description="Type of action: view, create, update, delete, rotate, decrypt")
    user_id: str = Field(..., description="User who performed the action (JWT sub claim)")
    ip_address: Optional[str] = Field(None, description="IP address (IPv4 or IPv6)")
    user_agent: Optional[str] = Field(None, description="Browser/client user agent string")
    details: Optional[str] = Field(None, description="JSON string with additional context (what changed, why, etc.)")


class CredentialAuditLogCreate(CredentialAuditLogBase):
    """Schema for creating a new CredentialAuditLog entry."""
    pass


class CredentialAuditLogUpdate(BaseModel):
    """
    Schema for updating an existing CredentialAuditLog.

    NOTE: Audit logs should be immutable in most cases. This schema is provided
    for completeness but should rarely be used.
    """

    details: Optional[str] = Field(None, description="JSON string with additional context")


class CredentialAuditLogResponse(CredentialAuditLogBase):
    """Schema for CredentialAuditLog responses with ID and timestamp."""

    id: UUID = Field(..., description="Unique identifier for the audit log entry")
    timestamp: datetime = Field(..., description="When the action was performed")

    model_config = {"from_attributes": True}