import {
    Credentials,
    Env,
    LogLevel,
    Skyflow,
    VaultConfig,
    SkyflowConfig,
    UpdateRequest,
    UpdateOptions,
    UpdateResponse,
    TokenMode,
    SkyflowError
} from 'skyflow-node';

/**
 * Skyflow Secure Data Update Example
 * 
 * This example demonstrates how to:
 * 1. Configure credentials
 * 2. Set up vault configuration
 * 3. Create an update request
 * 4. Handle response and errors
 */
async function performSecureDataUpdate() {
    try {
        // Step 1: Configure Credentials
        const credentials: Credentials = {
            // Using API Key authentication
            apiKey: 'your-skyflow-api-key',
        };

        // Step 2: Configure Vault 
        const primaryVaultConfig: VaultConfig = {
            vaultId: 'your-vault-id',          // Unique vault identifier
            clusterId: 'your-cluster-id',      // From vault URL
            env: Env.PROD,                     // Deployment environment
            credentials: credentials           // Authentication method
        };

        // Step 3: Configure Skyflow Client
        const skyflowConfig: SkyflowConfig = {
            vaultConfigs: [primaryVaultConfig],
            logLevel: LogLevel.INFO            // Logging verbosity
        };

        // Initialize Skyflow Client
        const skyflowClient: Skyflow = new Skyflow(skyflowConfig);

        // Step 4: Prepare Update Data
        const updateData: Record<string, unknown> = {
            skyflowId: 'your-skyflow-id',          // Skyflow ID of the record to update
            card_number: '1234567890123456'        // Updated sensitive data
        };

        // Step 5: Create Update Request
        const updateReq: UpdateRequest = new UpdateRequest(
            'sensitive_data_table',               // Replace with your actual table name
            updateData
        );

        // Step 6: Configure Update Options
        const updateOptions: UpdateOptions = new UpdateOptions();

        // Return tokens for the updated fields (default: false — returns skyflowId only)
        updateOptions.setReturnTokens(true);

        // --- BYOT (Bring Your Own Token) options ---
        // Provide pre-existing tokens to associate with the updated fields
        // updateOptions.setTokens({ card_number: '<YOUR_TOKEN>' });

        // Control tokenization mode when using BYOT:
        //   TokenMode.DISABLE      — vault generates tokens (default)
        //   TokenMode.ENABLE       — use provided tokens as-is
        //   TokenMode.ENABLE_STRICT — validate provided tokens before accepting
        // updateOptions.setTokenMode(TokenMode.ENABLE);

        // Step 7: Perform Secure Update
        const response: UpdateResponse = await skyflowClient
            .vault(primaryVaultConfig.vaultId)
            .update(updateReq, updateOptions);

        // Handle Successful Response
        console.log('Update successful:', response);

    } catch (error) {
        // Comprehensive Error Handling
        if (error instanceof SkyflowError) {
            console.error('Skyflow Specific Error:', {
                httpCode: error.error?.httpCode,
                grpcCode: error.error?.grpcCode,
                httpStatus: error.error?.httpStatus,
                message: error.message,
                details: error.error?.details,
            });
        } else {
            console.error('Unexpected Error:', error);
        }
    }
}

// Invoke the secure data update function
performSecureDataUpdate();