"""应用配置。

通过环境变量加载，区分 dev / prod 运行环境。
prod 环境强制执行"数据零出域"红线：禁用任何公网 LLM Provider。
"""

from __future__ import annotations

from enum import Enum

from pydantic_settings import BaseSettings, SettingsConfigDict


class AppEnv(str, Enum):
    dev = "dev"
    prod = "prod"


class LLMProviderName(str, Enum):
    dashscope = "dashscope"  # 公网千问，仅 dev
    vllm = "vllm"  # 本地，prod
    mock = "mock"  # 本地确定性 Mock，开发/测试，不出域


# 被认定为"公网/出域"的 Provider，prod 下禁止使用
EGRESS_PROVIDERS: frozenset[LLMProviderName] = frozenset({LLMProviderName.dashscope})


class Settings(BaseSettings):
    model_config = SettingsConfigDict(
        env_prefix="",
        env_file=".env",
        extra="ignore",
        case_sensitive=False,
    )

    aiaudit_env: AppEnv = AppEnv.dev

    database_url: str = "postgresql+psycopg://freedak@localhost:5432/aiaudit"
    redis_url: str = "redis://localhost:6379/0"

    llm_provider: LLMProviderName = LLMProviderName.dashscope
    dashscope_api_key: str = ""
    dashscope_model: str = "qwen-plus"
    vllm_base_url: str = "http://localhost:8001/v1"
    vllm_model: str = "qwen2.5-72b-instruct"

    @property
    def is_prod(self) -> bool:
        return self.aiaudit_env == AppEnv.prod

    def validate_egress_policy(self) -> None:
        """数据零出域红线校验：prod 环境禁用公网 Provider。

        在应用启动时调用；违反则抛出异常阻断启动。
        """
        if self.is_prod and self.llm_provider in EGRESS_PROVIDERS:
            raise RuntimeError(
                f"数据零出域红线违规：prod 环境禁止使用公网 LLM Provider "
                f"'{self.llm_provider.value}'。请改用本地 Provider（如 vllm）。"
            )


_settings: Settings | None = None


def get_settings() -> Settings:
    global _settings
    if _settings is None:
        _settings = Settings()
    return _settings