package services

import (
	"context"
	"os"
	"strings"
	"testing"

	"github.com/openai/openai-go/v3"
)

func TestSecurity_9_1_3_APIKeyLoadedFromEnvironment(t *testing.T) {
	envKey := "env-key-for-test"
	t.Setenv("OPENAI_API_KEY", envKey)

	withMockChatCompletion(t, func(_ context.Context, apiKey string, _ openai.ChatCompletionNewParams) (*openai.ChatCompletion, error) {
		if apiKey != envKey {
			t.Fatalf("expected API key from environment, got %q", apiKey)
		}
		return completionWithContent(validLLMJSON), nil
	})

	if _, err := callLLM("resume", "job"); err != nil {
		t.Fatalf("expected successful call with env key, got: %v", err)
	}
}

func TestSecurity_9_1_3_NoHardcodedAPIKeyPatternsInSource(t *testing.T) {
	data, err := os.ReadFile("analyzer.go")
	if err != nil {
		t.Fatalf("failed to read analyzer.go: %v", err)
	}
	content := string(data)
	if strings.Contains(content, "sk-") {
		t.Fatalf("analyzer.go appears to contain hardcoded key-like pattern")
	}
	if !strings.Contains(content, "os.Getenv(\"OPENAI_API_KEY\")") {
		t.Fatalf("expected OPENAI_API_KEY environment lookup in analyzer.go")
	}
}