/**
 * Risk taxonomy for the GateRunner control plane.
 *
 * GateCheckpoint  – all lifecycle points where policies are evaluated.
 * GateSeverity    – how a finding affects the gate decision.
 *
 * IMPORTANT: "allow" is NOT a severity.  Permission is expressed by
 * `GateDecision.allowed === true` with no blocking findings.
 */

// ── Checkpoints ──────────────────────────────────────────────────────────────

export type GateCheckpoint =
	| "pre-input"
	| "pre-plan"
	| "pre-phase-transition"
	| "pre-tool"
	| "post-tool"
	| "pre-write"
	| "post-write"
	| "pre-verify-command"
	| "post-verify-result"
	| "pre-delegation"
	| "post-delegation"
	| "pre-context-compile"
	| "post-context-compile";

/**
 * Ordered list of every checkpoint value.
 * Useful for iteration, validation, and coverage audits.
 */
export const ALL_GATE_CHECKPOINTS: readonly GateCheckpoint[] = [
	"pre-input",
	"pre-plan",
	"pre-phase-transition",
	"pre-tool",
	"post-tool",
	"pre-write",
	"post-write",
	"pre-verify-command",
	"post-verify-result",
	"pre-delegation",
	"post-delegation",
	"pre-context-compile",
	"post-context-compile",
] as const;

// ── Severities ───────────────────────────────────────────────────────────────

export type GateSeverity =
	| "hard-deny"
	| "soft-deny"
	| "evidence-required"
	| "warning";

/**
 * Ordered list of every severity value, most severe first.
 * Used for deterministic deduplication and display.
 */
export const ALL_GATE_SEVERITIES: readonly GateSeverity[] = [
	"hard-deny",
	"soft-deny",
	"evidence-required",
	"warning",
] as const;

/**
 * Numeric severity rank for comparison.
 * Higher number = more severe.
 */
export const SEVERITY_RANK: Record<GateSeverity, number> = {
	"hard-deny": 4,
	"soft-deny": 3,
	"evidence-required": 2,
	"warning": 1,
};