/**
 * Shared shapes for the client-side auth state owned by `AuthContext`.
 *
 * These types describe the JSON payload returned by `/api/auth/me`,
 * `/api/auth/sign-in`, and `/api/auth/sign-up` (post-OTP), and are deliberately
 * conservative: every field that any consumer of `useAuth()` reads today is
 * present, but nothing more. Adding fields here without also adding them to
 * the matching server response will create silent runtime `undefined`s.
 */

export type AuthRole =
  | 'owner'
  | 'manager'
  | 'staff'
  | 'superadmin'
  | 'support'
  | 'admin'
  | (string & {});

export interface AuthRestaurant {
  id: string | null;
  name: string | null;
  slug: string | null;
  logo_url: string | null;
  cuisine_type: string | null;
  phone: string | null;
  address: string | null;
  description: string | null;
  seating_capacity: number | null;
  currency: string | null;
  currency_locked: boolean;
}

export interface AuthBranchSummary {
  id: string;
  name: string | null;
}

/** CRUD permissions for a single section (e.g. `{ create: true, read: true, update: false, delete: false }`). */
export interface SectionPerms {
  create: boolean;
  read: boolean;
  update: boolean;
  delete: boolean;
}

export interface AuthUser {
  id: string;
  email: string;
  name: string | null;
  role: AuthRole | null;
  restaurant_id: string | null;
  branch_id: string | null;
  /**
   * Literal branch on the JWT session. `null` means the owner is in the
   * "All branches" view; non-owners always have this populated.
   */
  session_branch_id: string | null;
  preferred_language: string;
  /**
   * Section-level CRUD permissions for the current staff member.
   * `null` for owners/superadmins/support (they bypass all checks).
   * Keyed by section name (e.g. `ai_config`, `telephone`, `loyalty`).
   */
  staff_permissions: Record<string, SectionPerms> | null;
  restaurants: AuthRestaurant | null;
  branches: AuthBranchSummary | null;
}

export interface AuthSession {
  user: AuthUser;
}

export interface SignUpMetadata {
  ownerName?: string;
  restaurantName?: string;
  plan?: string;
}

export type SignUpResult =
  | { requiresOtp: true; email: string }
  | { user: AuthUser; session: AuthSession };

export interface SignInResult {
  user: AuthUser;
  session: AuthSession;
}