#import <Foundation/Foundation.h>

@class ZSMError;
@class NetworkClient;
@class ZSMConfig;

NS_ASSUME_NONNULL_BEGIN

@interface RelyingParty : NSObject

@property (nonatomic, strong, nullable) NSString *customerDefinedIdentifier;
@property (nonatomic, strong, nullable) NSString *credentialID;  // MPC credential ID
@property (nonatomic, strong, nullable) NSString *passkeyCredentialID;  // Passkey credential ID (for PasskeysPlus)
@property (nonatomic, strong) NSDictionary *publicKey;
@property (nonatomic, strong, nullable) NSString *identityID;
@property (nonatomic, strong, readonly) NetworkClient *networkClient;
@property (nonatomic, strong, readonly) NSString *bundleIdentifier;
@property (nonatomic, assign, readonly) BOOL usePasskeys;  // Whether PasskeysPlus mode is enabled

// Backward compatibility - access to base URL
@property (nonatomic, strong, readonly) NSURL *host;

- (instancetype)initWithConfig:(ZSMConfig *)config;
- (instancetype)initWithConfig:(ZSMConfig *)config usePasskeys:(BOOL)usePasskeys;

// **Deprecated constructors - use initWithConfig: instead**
- (instancetype)initWithHost:(NSURL *)host apiKey:(NSUUID *)apiKey applicationId:(NSUUID *)applicationId DEPRECATED_MSG_ATTRIBUTE("Use initWithConfig: instead");
- (instancetype)initWithHost:(NSURL *)host apiKey:(NSUUID *)apiKey applicationId:(NSUUID *)applicationId usePasskeys:(BOOL)usePasskeys DEPRECATED_MSG_ATTRIBUTE("Use initWithConfig:usePasskeys: instead");

// **Authentication Start**
- (void)authenticationStart:(NSString *)userId credentialId:(NSString *)credentialId
                 completion:(void (^)(NSDictionary * _Nullable, ZSMError * _Nullable))completion;

// **Create Identity & Start Registration**
- (void)createIdentityThenRegistrationStart:(NSString *)userId
                                 completion:(void (^)(NSDictionary * _Nullable, ZSMError * _Nullable))completion;

// **Complete Registration & Start Authentication**
- (void)registrationFinishAuthenticationStart:(NSString *)userId
                                   credential:(NSDictionary *)credential
                                   completion:(void (^)(NSDictionary * _Nullable, ZSMError * _Nullable))completion;

// **Unbind current credential
- (void)unbind;

// **Get and Set Identity ID**
- (NSString * _Nullable)getIdentityID;
- (void)setIdentityID:(NSString * _Nullable)identityID;

// **Identity Mapping Methods**
- (void)storeIdentityMapping:(NSString *)userId identityId:(NSString *)identityId;
- (NSString *)lookupIdentityMapping:(NSString *)userId;
- (void)clearIdentityMapping:(NSString *)userId;
- (NSString *)getConsumerIdForMPC:(NSString *)userId;
- (NSString * _Nullable)getUserIdForConsumerId:(NSString *)consumerId;

// **Credential ID Normalization**
+ (NSString *)normalizeCredentialId:(NSString *)credentialId;

// **Passkey Credential ID Persistence**
- (void)storePasskeyCredentialID:(NSString *)passkeyCredentialId forUser:(NSString *)userId;
- (NSString * _Nullable)lookupPasskeyCredentialID:(NSString *)userId;

// **MPC Credential ID Persistence**
- (void)storeMpcCredentialID:(NSString *)mpcCredentialId forUser:(NSString *)userId;
- (NSString * _Nullable)lookupMpcCredentialID:(NSString *)userId;

// **Networking Methods**
- (void)makePostRequest:(NSString *)endpoint
                   body:(NSDictionary *)body
                traceId:(NSString *)traceId
             completion:(void (^)(NSDictionary * _Nullable response, ZSMError * _Nullable error))completion;

// **PasskeysPlus Methods**
- (void)pkpRegistrationStart:(NSString *)userId
                  completion:(void (^)(NSDictionary * _Nullable, ZSMError * _Nullable))completion;

- (void)pkpRegistrationStartForExistingIdentity:(NSString *)userId
                                     identityId:(NSString *)identityId
                              chainCredentialId:(NSString * _Nullable)chainCredentialId
                                     completion:(void (^)(NSDictionary * _Nullable, ZSMError * _Nullable))completion;

- (void)pkpRegistrationFinish:(NSDictionary *)paCredential
                       userId:(NSString *)userId
                   completion:(void (^)(NSDictionary * _Nullable, ZSMError * _Nullable))completion;

- (void)pkpAuthenticationStart:(NSString *)userId credentialId:(NSString *)credentialId
                    completion:(void (^)(NSDictionary * _Nullable, ZSMError * _Nullable))completion;

- (void)pkpAuthenticationFinish:(NSString *)userId
                   paCredential:(NSDictionary *)paCredential
                     completion:(void (^)(NSDictionary * _Nullable, ZSMError * _Nullable))completion;

// **Server Credential State**
- (void)checkServerCredentialState:(NSString *)userId
                        completion:(void (^)(NSDictionary * _Nullable state, ZSMError * _Nullable error))completion;

// **Remote Enrollment Details (POST /api/v1/enrollment-details)**
// Mirrors the browser SDK's RelyingPartyBase.getRemoteEnrollmentDetails — returns the
// raw server response so callers can read identity_id, zsm_active, passkey_active, rcr, etc.
- (void)getRemoteEnrollmentDetails:(NSString *)userId
                           traceId:(NSString * _Nullable)traceId
                        completion:(void (^)(NSDictionary * _Nullable response, ZSMError * _Nullable error))completion;

@end

NS_ASSUME_NONNULL_END