use thiserror::Error;
#[derive(Debug, Error)]
pub enum SafeError {
#[error("vault not found: {path}")]
VaultNotFound { path: String },
#[error("vault already exists: {path}")]
VaultAlreadyExists { path: String },
#[error("secret not found: {key}")]
SecretNotFound { key: String },
#[error("secret already exists: {key}")]
SecretAlreadyExists { key: String },
#[error("profile not found: {name}")]
ProfileNotFound { name: String },
#[error("decryption failed — wrong password or corrupted vault")]
DecryptionFailed,
#[error("crypto error: {context}")]
Crypto { context: String },
#[error("invalid vault: {reason}")]
InvalidVault { reason: String },
#[error("import parse error in {file}: {reason}")]
ImportParse { file: String, reason: String },
#[error("no snapshots available to restore profile '{profile}'")]
NoSnapshotAvailable { profile: String },
#[error("snapshot not found: {path}")]
SnapshotNotFound { path: String },
#[error("vault schema migration failed: {reason}")]
MigrationFailed { reason: String },
#[error("vault is corrupted and could not be auto-healed: {reason}")]
VaultCorrupted { reason: String },
#[error(
"stale biometric credential: the stored credential no longer matches the vault (password \
was rotated or biometric enrollment changed). Run `tsafe biometric re-enroll` to \
restore password-free unlock."
)]
StaleBiometricCredential,
#[error("Windows Hello verification was canceled by the user")]
BiometricCanceled,
#[error("Windows Hello verification failed: {0}")]
BiometricFailed(String),
#[error("io error: {0}")]
Io(#[from] std::io::Error),
#[error("serialization error: {0}")]
Serialization(#[from] serde_json::Error),
#[error("audit-trail error: {0}")]
Audit(#[from] axiom_audit::AuditError),
}
pub type SafeResult<T> = Result<T, SafeError>;