cockpitctl_render/

lib.rs

//! PR comment rendering for cockpitctl.
//!
//! Renderer must:
//! - be deterministic
//! - be budgeted
//! - link to artifacts rather than dumping content
//!
//! It should not parse sensor-specific markdown. Link only.

use cockpitctl_types::{
    BuildfixApplyStatus, BuildfixApplySummary, BuildfixSummary, CockpitConfig, CockpitReport,
    Highlight, PolicySignatureAlgorithm, PolicySignatureEvidence, SafetyLevel, Severity,
    TrendDelta, VerdictStatus, severity_rank,
};

/// Result of annotation rendering, tracking whether truncation occurred.
pub struct AnnotationRenderResult {
    /// The rendered markdown content for annotations.
    pub content: String,
    /// Whether the annotations were truncated due to max_annotations cap.
    pub truncated: bool,
    /// Total number of annotations before truncation.
    pub total_count: usize,
    /// Number of annotations actually rendered.
    pub rendered_count: usize,
}

fn status_badge(s: &VerdictStatus) -> &'static str {
    match s {
        VerdictStatus::Pass => "✅ pass",
        VerdictStatus::Warn => "⚠️ warn",
        VerdictStatus::Fail => "❌ fail",
        VerdictStatus::Skip => "⏭ skip",
    }
}

fn severity_badge(s: &Severity) -> &'static str {
    match s {
        Severity::Error => "❌",
        Severity::Warn => "⚠️",
        Severity::Info => "ℹ️",
    }
}

fn extract_buildfix_summary(report: &CockpitReport) -> Option<BuildfixSummary> {
    let data = report.data.as_ref()?;
    let raw = data.get("_buildfix")?;
    serde_json::from_value(raw.clone()).ok()
}

fn extract_buildfix_apply_summary(report: &CockpitReport) -> Option<BuildfixApplySummary> {
    let data = report.data.as_ref()?;
    let raw = data.get("_buildfix_apply")?;
    serde_json::from_value(raw.clone()).ok()
}

fn extract_policy_signature(report: &CockpitReport) -> Option<PolicySignatureEvidence> {
    let data = report.data.as_ref()?;
    let raw = data.get("_policy_signature")?;
    serde_json::from_value(raw.clone()).ok()
}

pub fn render_comment(report: &CockpitReport, cfg: &CockpitConfig) -> String {
    let mut out = String::new();

    out.push_str("<!-- cockpit:begin -->\n");
    out.push_str("## Cockpit\n\n");
    out.push_str("This comment is generated by `cockpitctl`. Details live in `artifacts/`.\n\n");

    out.push_str("### Summary\n\n");
    out.push_str("| Sensor | Status | Blocking | Notes |\n");
    out.push_str("|---|---:|---:|---|\n");

    for s in &report.sensors {
        let blocking = if s.blocking { "yes" } else { "no" };
        let mut notes = format!("`{}`", s.report_path);
        if let Some(c) = &s.comment_path {
            notes.push_str(&format!(" · `{}`", c));
        }
        if s.truncated {
            notes.push_str(" · _truncated_");
        }
        out.push_str(&format!(
            "| `{}` | {} | {} | {} |\n",
            s.id,
            status_badge(&s.verdict.status),
            blocking,
            notes
        ));
    }

    out.push('\n');

    // Highlights
    out.push_str("### Highlights\n\n");
    if report.highlights.is_empty() {
        out.push_str("_No highlights._\n\n");
    } else {
        let max = cfg.policy.max_highlights;
        out.push_str(&format!("(showing up to **{}**)\n\n", max));

        for (i, h) in report.highlights.iter().enumerate() {
            let f = &h.finding;
            let loc = match &f.location {
                Some(l) => {
                    let mut s = String::new();
                    if let Some(p) = &l.path {
                        s.push_str(p);
                    }
                    if let Some(line) = l.line {
                        s.push_str(&format!(":{}", line));
                    }
                    if s.is_empty() { None } else { Some(s) }
                }
                None => None,
            };

            let loc_str = loc.map(|x| format!(" at `{}`", x)).unwrap_or_default();
            out.push_str(&format!(
                "{}. {} **{}**: `{}`{} — {}\n",
                i + 1,
                severity_badge(&f.severity),
                h.sensor_id,
                f.code,
                loc_str,
                f.message.replace('\n', " ")
            ));
        }
        out.push('\n');
    }

    // Annotations section
    let sensor_blocking: std::collections::BTreeMap<String, bool> = report
        .sensors
        .iter()
        .map(|s| (s.id.clone(), s.blocking))
        .collect();
    out.push_str(&render_annotations_section(
        &report.highlights,
        cfg,
        &sensor_blocking,
    ));

    if let Some(buildfix) = extract_buildfix_summary(report) {
        out.push_str(&render_buildfix_section(&buildfix));
    }
    if let Some(apply) = extract_buildfix_apply_summary(report) {
        out.push_str(&render_buildfix_apply_section(&apply));
    }
    if let Some(signature) = extract_policy_signature(report) {
        out.push_str(&render_policy_signature_section(&signature));
    }

    // Sections: group sensors by section label, render in cfg.policy.section_order order.
    let mut by_section: std::collections::BTreeMap<String, Vec<&cockpitctl_types::SensorSummary>> =
        std::collections::BTreeMap::new();

    for s in &report.sensors {
        let section = cfg
            .sensors
            .get(&s.id)
            .and_then(|p| p.section.clone())
            .unwrap_or_else(|| "Other".to_string());
        by_section.entry(section).or_default().push(s);
    }

    for section in &cfg.policy.section_order {
        let Some(sensors) = by_section.get(section) else {
            continue;
        };
        out.push_str(&format!("### {}\n\n", section));
        for s in sensors {
            // Minimal, link-first line.
            let mut line = format!("- `{}`: {}", s.id, status_badge(&s.verdict.status));
            line.push_str(&format!(" · report `{}`", s.report_path));
            if let Some(c) = &s.comment_path {
                line.push_str(&format!(" · comment `{}`", c));
            }
            if let Some(p) = cfg.sensors.get(&s.id)
                && let Some(repro) = &p.repro
            {
                line.push_str(&format!("\n  - repro: `{}`", repro));
            }
            out.push_str(&format!("{}\n", line));
        }
        out.push('\n');
    }

    out.push_str("<!-- cockpit:end -->\n");
    out
}

/// Append externally supplied comment sections before the cockpit end marker.
///
/// This is used by post-processing hooks to contribute extra markdown sections
/// while preserving stable sticky markers.
pub fn append_comment_sections(comment_md: &str, sections: &[(String, String)]) -> String {
    if sections.is_empty() {
        return comment_md.to_string();
    }

    let mut rendered_sections = String::new();
    for (name, content) in sections {
        rendered_sections.push_str(&format!("### {}\n\n", name.trim()));
        rendered_sections.push_str(content.trim_end());
        rendered_sections.push_str("\n\n");
    }

    const END_MARKER: &str = "<!-- cockpit:end -->";
    if let Some(idx) = comment_md.rfind(END_MARKER) {
        let (head, tail) = comment_md.split_at(idx);
        let mut out = String::new();
        out.push_str(head);
        if !head.ends_with("\n\n") {
            if head.ends_with('\n') {
                out.push('\n');
            } else {
                out.push_str("\n\n");
            }
        }
        out.push_str(&rendered_sections);
        out.push_str(tail);
        return out;
    }

    let mut out = comment_md.trim_end().to_string();
    out.push_str("\n\n");
    out.push_str(&rendered_sections);
    out
}

/// Render annotations (file-level or inline findings) with capping.
///
/// Annotations are rendered as a markdown list of findings with file locations.
/// The total number of annotations is capped by `max_annotations` from policy.
/// Deterministic ordering is maintained: severity desc -> blocking-first -> sensor_id -> path -> line -> code.
pub fn render_annotations(
    highlights: &[Highlight],
    cfg: &CockpitConfig,
    sensor_blocking: &std::collections::BTreeMap<String, bool>,
) -> AnnotationRenderResult {
    let max = cfg.policy.max_annotations;
    let total_count = highlights.len();

    // Sort deterministically: severity desc, blocking sensors first, then sensor_id/path/line/code/message.
    let mut sorted: Vec<&Highlight> = highlights.iter().collect();
    sorted.sort_by(|a, b| {
        annotation_sort_key(a, sensor_blocking).cmp(&annotation_sort_key(b, sensor_blocking))
    });

    let truncated = total_count > max;
    let rendered_count = total_count.min(max);

    let mut out = String::new();

    if sorted.is_empty() {
        out.push_str("_No annotations._\n");
    } else {
        for (i, h) in sorted.iter().take(max).enumerate() {
            let f = &h.finding;
            let loc = match &f.location {
                Some(l) => {
                    let mut s = String::new();
                    if let Some(p) = &l.path {
                        s.push_str(p);
                    }
                    if let Some(line) = l.line {
                        s.push_str(&format!(":{}", line));
                    }
                    if s.is_empty() { None } else { Some(s) }
                }
                None => None,
            };

            let loc_str = loc.map(|x| format!(" at `{}`", x)).unwrap_or_default();
            out.push_str(&format!(
                "{}. {} **{}**: `{}`{} — {}\n",
                i + 1,
                severity_badge(&f.severity),
                h.sensor_id,
                f.code,
                loc_str,
                f.message.replace('\n', " ")
            ));
        }

        if truncated {
            out.push_str(&format!(
                "\n_Showing {} of {} annotations (capped by `max_annotations`)._\n",
                rendered_count, total_count
            ));
        }
    }

    AnnotationRenderResult {
        content: out,
        truncated,
        total_count,
        rendered_count,
    }
}

/// Render annotations section for the PR comment.
///
/// This is a convenience function that wraps `render_annotations` with a section header.
pub fn render_annotations_section(
    highlights: &[Highlight],
    cfg: &CockpitConfig,
    sensor_blocking: &std::collections::BTreeMap<String, bool>,
) -> String {
    let result = render_annotations(highlights, cfg, sensor_blocking);
    let mut out = String::new();
    out.push_str("### Annotations\n\n");
    out.push_str(&result.content);
    out.push('\n');
    out
}

// ============================================================================
// Trend section rendering
// ============================================================================

/// Render a trend delta as a markdown section for the PR comment.
pub fn render_trend_section(trend: &TrendDelta) -> String {
    let mut out = String::new();
    out.push_str("### Trend\n\n");

    if let Some(vc) = &trend.verdict_change {
        out.push_str(&format!(
            "Verdict: {} → {}\n\n",
            status_badge(&vc.before),
            status_badge(&vc.after)
        ));
    }

    let cd = &trend.count_deltas;
    if cd.info_delta != 0 || cd.warn_delta != 0 || cd.error_delta != 0 {
        out.push_str("| Severity | Delta |\n|---|---:|\n");
        if cd.error_delta != 0 {
            out.push_str(&format!("| Error | {:+} |\n", cd.error_delta));
        }
        if cd.warn_delta != 0 {
            out.push_str(&format!("| Warn | {:+} |\n", cd.warn_delta));
        }
        if cd.info_delta != 0 {
            out.push_str(&format!("| Info | {:+} |\n", cd.info_delta));
        }
        out.push('\n');
    }

    if !trend.new_findings.is_empty() {
        out.push_str(&format!(
            "**{} new finding(s)**:\n",
            trend.new_findings.len()
        ));
        for f in &trend.new_findings {
            let loc = f
                .path
                .as_ref()
                .map(|p| {
                    if let Some(line) = f.line {
                        format!(" at `{}:{}`", p, line)
                    } else {
                        format!(" at `{}`", p)
                    }
                })
                .unwrap_or_default();
            out.push_str(&format!(
                "- {} **{}**: `{}`{}\n",
                severity_badge(&f.severity),
                f.sensor_id,
                f.code,
                loc
            ));
        }
        out.push('\n');
    }

    if !trend.fixed_findings.is_empty() {
        out.push_str(&format!(
            "**{} fixed finding(s)**:\n",
            trend.fixed_findings.len()
        ));
        for f in &trend.fixed_findings {
            out.push_str(&format!(
                "- ~**{}**: `{}`~ — {}\n",
                f.sensor_id, f.code, f.message
            ));
        }
        out.push('\n');
    }

    if !trend.sensors_added.is_empty() {
        out.push_str(&format!(
            "Sensors added: {}\n",
            trend
                .sensors_added
                .iter()
                .map(|s| format!("`{}`", s))
                .collect::<Vec<_>>()
                .join(", ")
        ));
    }
    if !trend.sensors_removed.is_empty() {
        out.push_str(&format!(
            "Sensors removed: {}\n",
            trend
                .sensors_removed
                .iter()
                .map(|s| format!("`{}`", s))
                .collect::<Vec<_>>()
                .join(", ")
        ));
    }

    if trend.verdict_change.is_none()
        && trend.new_findings.is_empty()
        && trend.fixed_findings.is_empty()
        && trend.sensors_added.is_empty()
        && trend.sensors_removed.is_empty()
        && cd.info_delta == 0
        && cd.warn_delta == 0
        && cd.error_delta == 0
    {
        out.push_str("_No changes from baseline._\n");
    }

    out.push('\n');
    out
}

// ============================================================================
// Buildfix section rendering
// ============================================================================

fn safety_badge(s: &SafetyLevel) -> &'static str {
    match s {
        SafetyLevel::Safe => "🟢 safe",
        SafetyLevel::Guarded => "🟡 guarded",
        SafetyLevel::Unsafe => "🔴 unsafe",
    }
}

/// Render a buildfix summary as a markdown section for the PR comment.
pub fn render_buildfix_section(summary: &BuildfixSummary) -> String {
    let mut out = String::new();
    out.push_str("### Buildfix\n\n");

    if summary.fixes.is_empty() {
        out.push_str("_No fixes available._\n\n");
        return out;
    }

    out.push_str(&format!(
        "{} fix(es) available ({} matched, {} unmatched)\n\n",
        summary.total_fixes, summary.matched_count, summary.unmatched_count
    ));

    out.push_str("| Fix | Safety | Matched | Description |\n");
    out.push_str("|---|---|---:|---|\n");

    for fix in &summary.fixes {
        let matched = if fix.unmatched { "no" } else { "yes" };
        out.push_str(&format!(
            "| `{}` | {} | {} | {} |\n",
            fix.fix_id,
            safety_badge(&fix.safety),
            matched,
            fix.description.replace('\n', " ")
        ));
    }

    out.push('\n');
    out
}

fn apply_status_badge(status: BuildfixApplyStatus) -> &'static str {
    match status {
        BuildfixApplyStatus::Skipped => "⏭ skipped",
        BuildfixApplyStatus::Applied => "✅ applied",
        BuildfixApplyStatus::Failed => "❌ failed",
    }
}

/// Render buildfix apply evidence (if present) as a markdown section.
pub fn render_buildfix_apply_section(summary: &BuildfixApplySummary) -> String {
    let mut out = String::new();
    out.push_str("### Buildfix Apply\n\n");
    out.push_str(&format!(
        "Status: {} · max safety: `{}` · require matched finding: `{}`\n\n",
        apply_status_badge(summary.status),
        match summary.max_auto_apply_safety {
            SafetyLevel::Safe => "safe",
            SafetyLevel::Guarded => "guarded",
            SafetyLevel::Unsafe => "unsafe",
        },
        summary.require_matched_finding
    ));

    if let Some(reason) = &summary.reason {
        out.push_str(&format!("Reason: `{}`\n\n", reason));
    }

    if !summary.selected_fix_ids.is_empty() {
        out.push_str(&format!(
            "Selected fixes: {}\n\n",
            summary
                .selected_fix_ids
                .iter()
                .map(|id| format!("`{}`", id))
                .collect::<Vec<_>>()
                .join(", ")
        ));
    }

    if !summary.applied_fix_ids.is_empty() {
        out.push_str(&format!(
            "Applied fixes: {}\n\n",
            summary
                .applied_fix_ids
                .iter()
                .map(|id| format!("`{}`", id))
                .collect::<Vec<_>>()
                .join(", ")
        ));
    }

    if !summary.errors.is_empty() {
        out.push_str("Errors:\n");
        for e in &summary.errors {
            out.push_str(&format!("- {}\n", e.replace('\n', " ")));
        }
        out.push('\n');
    }

    out
}

fn policy_signature_algorithm_label(algorithm: PolicySignatureAlgorithm) -> &'static str {
    match algorithm {
        PolicySignatureAlgorithm::HmacSha256 => "hmac_sha256",
    }
}

/// Render policy signature evidence as a markdown section for the PR comment.
pub fn render_policy_signature_section(signature: &PolicySignatureEvidence) -> String {
    let mut out = String::new();
    out.push_str("### Policy Signature\n\n");
    out.push_str(&format!(
        "- algorithm: `{}`\n",
        policy_signature_algorithm_label(signature.algorithm)
    ));
    if let Some(key_id) = &signature.key_id {
        out.push_str(&format!("- key_id: `{}`\n", key_id));
    }
    out.push_str(&format!("- policy_sha256: `{}`\n", signature.policy_sha256));
    out.push_str(&format!("- signature: `{}`\n\n", signature.signature));
    out
}

// ============================================================================
// GitHub Actions workflow command annotations
// ============================================================================

/// Result of GitHub annotation rendering.
pub struct GitHubAnnotationResult {
    /// Rendered `::error`/`::warning`/`::notice` lines.
    pub lines: Vec<String>,
    /// Whether annotations were truncated due to cap.
    pub truncated: bool,
    /// Total number of annotations before capping.
    pub total_count: usize,
    /// Number of annotations actually rendered.
    pub rendered_count: usize,
}

/// Escape a string for GitHub Actions workflow command parameters.
fn gh_escape(s: &str) -> String {
    s.replace('%', "%25")
        .replace('\n', "%0A")
        .replace('\r', "%0D")
}

/// Map severity to GitHub Actions annotation level.
fn gh_level(s: &Severity) -> &'static str {
    match s {
        Severity::Error => "error",
        Severity::Warn => "warning",
        Severity::Info => "notice",
    }
}

/// Render GitHub Actions workflow command annotations from highlights.
///
/// Produces lines like:
/// `::error file={path},line={line},col={col},title=[{sensor_id}] {code}::{message}`
///
/// Capped by `max_annotations` from policy. Same deterministic sort as markdown annotations.
pub fn render_github_annotations(
    highlights: &[Highlight],
    cfg: &CockpitConfig,
    sensor_blocking: &std::collections::BTreeMap<String, bool>,
) -> GitHubAnnotationResult {
    let max = cfg.policy.max_annotations;
    let total_count = highlights.len();

    let mut sorted: Vec<&Highlight> = highlights.iter().collect();
    sorted.sort_by(|a, b| {
        annotation_sort_key(a, sensor_blocking).cmp(&annotation_sort_key(b, sensor_blocking))
    });

    let truncated = total_count > max;
    let rendered_count = total_count.min(max);

    let mut lines = Vec::with_capacity(rendered_count);
    for h in sorted.iter().take(max) {
        let f = &h.finding;
        let level = gh_level(&f.severity);
        let title = gh_escape(&format!("[{}] {}", h.sensor_id, f.code));

        let mut params = Vec::new();
        if let Some(loc) = &f.location {
            if let Some(path) = &loc.path {
                params.push(format!("file={}", path));
            }
            if let Some(line) = loc.line {
                params.push(format!("line={}", line));
            }
            if let Some(col) = loc.col {
                params.push(format!("col={}", col));
            }
        }
        params.push(format!("title={}", title));

        let message = gh_escape(&f.message);
        lines.push(format!("::{} {}::{}", level, params.join(","), message));
    }

    GitHubAnnotationResult {
        lines,
        truncated,
        total_count,
        rendered_count,
    }
}

/// Shared sort key for annotation ordering (severity desc, blocking first, then sensor_id/path/line/code/message).
fn annotation_sort_key<'a>(
    h: &'a Highlight,
    sensor_blocking: &std::collections::BTreeMap<String, bool>,
) -> (
    u8,
    u8,
    &'a str,
    Option<&'a str>,
    Option<u32>,
    &'a str,
    &'a str,
) {
    let blocking = sensor_blocking.get(&h.sensor_id).cloned().unwrap_or(false);
    (
        severity_rank(&h.finding.severity),
        if blocking { 0u8 } else { 1u8 },
        &h.sensor_id,
        h.finding.location.as_ref().and_then(|l| l.path.as_deref()),
        h.finding.location.as_ref().and_then(|l| l.line),
        &h.finding.code,
        &h.finding.message,
    )
}

#[cfg(test)]
mod tests {
    use super::*;
    use cockpitctl_types::{Finding, Location, Severity};

    fn make_highlight(
        sensor_id: &str,
        code: &str,
        path: Option<&str>,
        line: Option<u32>,
        severity: Severity,
    ) -> Highlight {
        Highlight {
            sensor_id: sensor_id.to_string(),
            finding: Finding {
                severity,
                check_id: None,
                code: code.to_string(),
                message: format!("Message for {}", code),
                location: Some(Location {
                    path: path.map(String::from),
                    line,
                    col: None,
                }),
                help: None,
                url: None,
                fingerprint: None,
                data: None,
            },
        }
    }

    #[test]
    fn test_annotation_capping_respects_max() {
        let mut cfg = CockpitConfig::default();
        cfg.policy.max_annotations = 3;

        let highlights = vec![
            make_highlight(
                "sensor_a",
                "code1",
                Some("src/a.rs"),
                Some(10),
                Severity::Error,
            ),
            make_highlight(
                "sensor_a",
                "code2",
                Some("src/a.rs"),
                Some(20),
                Severity::Warn,
            ),
            make_highlight(
                "sensor_b",
                "code3",
                Some("src/b.rs"),
                Some(5),
                Severity::Info,
            ),
            make_highlight(
                "sensor_b",
                "code4",
                Some("src/b.rs"),
                Some(15),
                Severity::Error,
            ),
            make_highlight(
                "sensor_c",
                "code5",
                Some("src/c.rs"),
                Some(1),
                Severity::Warn,
            ),
        ];

        let blocking = std::collections::BTreeMap::new();
        let result = render_annotations(&highlights, &cfg, &blocking);

        assert!(result.truncated);
        assert_eq!(result.total_count, 5);
        assert_eq!(result.rendered_count, 3);
        assert!(result.content.contains("Showing 3 of 5 annotations"));
    }

    #[test]
    fn test_annotation_capping_no_truncation_when_under_limit() {
        let mut cfg = CockpitConfig::default();
        cfg.policy.max_annotations = 10;

        let highlights = vec![
            make_highlight(
                "sensor_a",
                "code1",
                Some("src/a.rs"),
                Some(10),
                Severity::Error,
            ),
            make_highlight(
                "sensor_a",
                "code2",
                Some("src/a.rs"),
                Some(20),
                Severity::Warn,
            ),
        ];

        let blocking = std::collections::BTreeMap::new();
        let result = render_annotations(&highlights, &cfg, &blocking);

        assert!(!result.truncated);
        assert_eq!(result.total_count, 2);
        assert_eq!(result.rendered_count, 2);
        assert!(!result.content.contains("truncated"));
        assert!(!result.content.contains("capped"));
    }

    #[test]
    fn test_annotation_ordering_is_deterministic() {
        let mut cfg = CockpitConfig::default();
        cfg.policy.max_annotations = 25;

        // Create highlights in non-sorted order
        let highlights = vec![
            make_highlight(
                "sensor_z",
                "code1",
                Some("src/z.rs"),
                Some(100),
                Severity::Info,
            ),
            make_highlight(
                "sensor_a",
                "code2",
                Some("src/a.rs"),
                Some(10),
                Severity::Error,
            ),
            make_highlight(
                "sensor_m",
                "code3",
                Some("src/m.rs"),
                Some(50),
                Severity::Warn,
            ),
            make_highlight(
                "sensor_a",
                "code4",
                Some("src/a.rs"),
                Some(5),
                Severity::Error,
            ),
        ];

        let blocking = std::collections::BTreeMap::new();
        let result = render_annotations(&highlights, &cfg, &blocking);

        // Errors should come first (sorted by severity desc)
        // Then within same severity, sorted by sensor_id, path, line
        let lines: Vec<&str> = result.content.lines().collect();

        // First should be sensor_a error at line 5
        assert!(lines[0].contains("sensor_a") && lines[0].contains("code4"));
        // Second should be sensor_a error at line 10
        assert!(lines[1].contains("sensor_a") && lines[1].contains("code2"));
        // Third should be sensor_m warning
        assert!(lines[2].contains("sensor_m") && lines[2].contains("code3"));
        // Fourth should be sensor_z info
        assert!(lines[3].contains("sensor_z") && lines[3].contains("code1"));
    }

    #[test]
    fn test_annotation_ordering_blocking_sensors_first() {
        let mut cfg = CockpitConfig::default();
        cfg.policy.max_annotations = 25;

        let highlights = vec![
            make_highlight(
                "non_blocking",
                "code1",
                Some("src/a.rs"),
                Some(10),
                Severity::Error,
            ),
            make_highlight(
                "blocking_sensor",
                "code2",
                Some("src/b.rs"),
                Some(10),
                Severity::Error,
            ),
        ];

        let mut blocking = std::collections::BTreeMap::new();
        blocking.insert("blocking_sensor".to_string(), true);
        blocking.insert("non_blocking".to_string(), false);

        let result = render_annotations(&highlights, &cfg, &blocking);

        let lines: Vec<&str> = result.content.lines().collect();
        // Blocking sensor should come first even though both are errors
        assert!(lines[0].contains("blocking_sensor"));
        assert!(lines[1].contains("non_blocking"));
    }

    #[test]
    fn test_annotation_ordering_blocking_branch_reverse_input() {
        let mut cfg = CockpitConfig::default();
        cfg.policy.max_annotations = 25;

        let highlights = vec![
            make_highlight(
                "blocking_sensor",
                "code_block",
                Some("src/b.rs"),
                Some(10),
                Severity::Error,
            ),
            make_highlight(
                "non_blocking",
                "code_non",
                Some("src/a.rs"),
                Some(10),
                Severity::Error,
            ),
        ];

        let mut blocking = std::collections::BTreeMap::new();
        blocking.insert("blocking_sensor".to_string(), true);
        blocking.insert("non_blocking".to_string(), false);

        let result = render_annotations(&highlights, &cfg, &blocking);

        let lines: Vec<&str> = result.content.lines().collect();
        assert!(lines[0].contains("blocking_sensor"));
        assert!(lines[1].contains("non_blocking"));
    }

    #[test]
    fn test_empty_annotations() {
        let cfg = CockpitConfig::default();
        let highlights: Vec<Highlight> = vec![];
        let blocking = std::collections::BTreeMap::new();

        let result = render_annotations(&highlights, &cfg, &blocking);

        assert!(!result.truncated);
        assert_eq!(result.total_count, 0);
        assert_eq!(result.rendered_count, 0);
        assert!(result.content.contains("No annotations"));
    }

    #[test]
    fn test_annotation_at_exact_limit() {
        let mut cfg = CockpitConfig::default();
        cfg.policy.max_annotations = 2;

        let highlights = vec![
            make_highlight(
                "sensor_a",
                "code1",
                Some("src/a.rs"),
                Some(10),
                Severity::Error,
            ),
            make_highlight(
                "sensor_b",
                "code2",
                Some("src/b.rs"),
                Some(20),
                Severity::Warn,
            ),
        ];

        let blocking = std::collections::BTreeMap::new();
        let result = render_annotations(&highlights, &cfg, &blocking);

        assert!(!result.truncated);
        assert_eq!(result.total_count, 2);
        assert_eq!(result.rendered_count, 2);
        assert!(!result.content.contains("capped"));
    }

    #[test]
    fn test_annotation_without_location_omits_loc_string() {
        let cfg = CockpitConfig::default();
        let highlights = vec![Highlight {
            sensor_id: "sensor_a".to_string(),
            finding: Finding {
                severity: Severity::Warn,
                check_id: None,
                code: "code1".to_string(),
                message: "message".to_string(),
                location: None,
                help: None,
                url: None,
                fingerprint: None,
                data: None,
            },
        }];

        let blocking = std::collections::BTreeMap::new();
        let result = render_annotations(&highlights, &cfg, &blocking);

        assert!(result.content.contains("`code1`"));
        assert!(!result.content.contains(" at `"));
    }

    #[test]
    fn test_annotation_with_empty_location_omits_loc_string() {
        let cfg = CockpitConfig::default();
        let highlights = vec![Highlight {
            sensor_id: "sensor_a".to_string(),
            finding: Finding {
                severity: Severity::Info,
                check_id: None,
                code: "code2".to_string(),
                message: "message".to_string(),
                location: Some(Location {
                    path: None,
                    line: None,
                    col: None,
                }),
                help: None,
                url: None,
                fingerprint: None,
                data: None,
            },
        }];

        let blocking = std::collections::BTreeMap::new();
        let result = render_annotations(&highlights, &cfg, &blocking);

        assert!(result.content.contains("`code2`"));
        assert!(!result.content.contains(" at `"));
    }

    #[test]
    fn append_comment_sections_inserts_before_end_marker() {
        let base = "<!-- cockpit:begin -->\n## Cockpit\n\n<!-- cockpit:end -->\n";
        let sections = vec![("Hook".to_string(), "From hook".to_string())];

        let out = append_comment_sections(base, &sections);
        let hook_idx = out.find("### Hook").expect("hook section");
        let end_idx = out.find("<!-- cockpit:end -->").expect("end marker");

        assert!(hook_idx < end_idx, "hook section must be before end marker");
        assert!(out.contains("From hook"));
    }

    #[test]
    fn append_comment_sections_appends_when_marker_missing() {
        let base = "## Cockpit\n";
        let sections = vec![("Extra".to_string(), "Section body".to_string())];

        let out = append_comment_sections(base, &sections);
        assert!(out.contains("### Extra"));
        assert!(out.ends_with("Section body\n\n"));
    }
}