// Copyright 2026 MarketAlly. All rights reserved.
// SPDX-License-Identifier: MIT

package setting

// SecretScanSettings represents the secret scanning configuration
var SecretScan = struct {
	Enabled               bool
	BlockOnDetection      bool
	BlockSeverity         string // "critical", "high", "medium", "low"
	ScanNewBranches       bool
	IgnoredRepos          []string
	IgnoredFiles          []string
	AllowlistPatterns     []string
	EnableVaultSuggestion bool
}{
	Enabled:               true,
	BlockOnDetection:      true,
	BlockSeverity:         "high", // Block on high and critical
	ScanNewBranches:       true,
	IgnoredRepos:          []string{},
	IgnoredFiles:          []string{},
	AllowlistPatterns:     []string{},
	EnableVaultSuggestion: true,
}

func loadSecretScanFrom(rootCfg ConfigProvider) {
	sec := rootCfg.Section("secret_scan")
	SecretScan.Enabled = sec.Key("ENABLED").MustBool(true)
	SecretScan.BlockOnDetection = sec.Key("BLOCK_ON_DETECTION").MustBool(true)
	SecretScan.BlockSeverity = sec.Key("BLOCK_SEVERITY").MustString("high")
	SecretScan.ScanNewBranches = sec.Key("SCAN_NEW_BRANCHES").MustBool(true)
	SecretScan.IgnoredRepos = sec.Key("IGNORED_REPOS").Strings(",")
	SecretScan.IgnoredFiles = sec.Key("IGNORED_FILES").Strings(",")
	SecretScan.AllowlistPatterns = sec.Key("ALLOWLIST_PATTERNS").Strings(",")
	SecretScan.EnableVaultSuggestion = sec.Key("ENABLE_VAULT_SUGGESTION").MustBool(true)
}