// Header assembly and the proxied model. The app ships no API key; these
// headers are how the Worker authorizes the caller before injecting the real
// credential.
//
// EXAMPLE CODE. Placeholders only.

import Foundation
import ClaudeForFoundationModels

extension ClaudeBFF {
    /// Pure header assembly, so it can be tested without StoreKit or a device.
    /// The App Attest assertion is bound to the same request line the Worker
    /// reconstructs: "POST\n/v1/messages\n<jws>".
    static func headers(jws: String, attestation: Assertion?) -> [String: String] {
        var headers = [transactionHeader: jws]
        if let attestation {
            headers[assertionHeader] = attestation.assertion
            headers[keyIdHeader] = attestation.keyId
        }
        return headers
    }

    /// Gather the entitlement JWS and (when available) an App Attest assertion,
    /// then assemble the proxy headers.
    static func proxyHeaders() async throws -> [String: String] {
        let jws = try await currentEntitlementJWS()
        let clientData = "POST\n/v1/messages\n\(jws)"
        let attestation = try await appAttestAssertion(clientData: clientData)
        return headers(jws: jws, attestation: attestation)
    }

    /// A Claude model that routes through the BFF using `.proxied` auth.
    static func model(_ name: ClaudeModel = .opus4_8) async throws -> ClaudeLanguageModel {
        ClaudeLanguageModel(
            name: name,
            auth: .proxied(headers: try await proxyHeaders()),
            baseURL: baseURL
        )
    }
}