/*
 * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT.
 */

import * as z from "zod/v3";
import {
  KeyCreditsData,
  KeyCreditsData$Outbound,
  KeyCreditsData$outboundSchema,
} from "./keycreditsdata.js";
import {
  RatelimitRequest,
  RatelimitRequest$Outbound,
  RatelimitRequest$outboundSchema,
} from "./ratelimitrequest.js";

export type V2KeysMigrateKeyData = {
  /**
   * The current hash of the key on your side
   */
  hash: string;
  /**
   * Sets a human-readable identifier for internal organization and dashboard display.
   *
   * @remarks
   * Never exposed to end users, only visible in management interfaces and API responses.
   * Avoid generic names like "API Key" when managing multiple keys for the same user or service.
   */
  name?: string | undefined;
  /**
   * Links this key to a user or entity in your system using your own identifier.
   *
   * @remarks
   * Returned during verification to identify the key owner without additional database lookups.
   * Essential for user-specific analytics, billing, and multi-tenant key management.
   * Use your primary user ID, organization ID, or tenant ID for best results.
   * Accepts letters, numbers, underscores, dots, and hyphens for flexible identifier formats.
   */
  externalId?: string | undefined;
  /**
   * Stores arbitrary JSON metadata returned during key verification for contextual information.
   *
   * @remarks
   * Eliminates additional database lookups during verification, improving performance for stateless services.
   * Avoid storing sensitive data here as it's returned in verification responses.
   * Large metadata objects increase verification latency and should stay under 10KB total size.
   */
  meta?: { [k: string]: any } | undefined;
  /**
   * Assigns existing roles to this key for permission management through role-based access control.
   *
   * @remarks
   * Roles must already exist in your workspace before assignment.
   * During verification, all permissions from assigned roles are checked against requested permissions.
   * Roles provide a convenient way to group permissions and apply consistent access patterns across multiple keys.
   */
  roles?: Array<string> | undefined;
  /**
   * Grants specific permissions directly to this key without requiring role membership.
   *
   * @remarks
   * Wildcard permissions like `documents.*` grant access to all sub-permissions including `documents.read` and `documents.write`.
   * Direct permissions supplement any permissions inherited from assigned roles.
   */
  permissions?: Array<string> | undefined;
  /**
   * Sets when this key automatically expires as a Unix timestamp in milliseconds.
   *
   * @remarks
   * Verification fails with code=EXPIRED immediately after this time passes.
   * Omitting this field creates a permanent key that never expires.
   *
   * Avoid setting timestamps in the past as they immediately invalidate the key.
   * Keys expire based on server time, not client time, which prevents timezone-related issues.
   * Essential for trial periods, temporary access, and security compliance requiring key rotation.
   */
  expires?: number | undefined;
  /**
   * Controls whether the key is active immediately upon creation.
   *
   * @remarks
   * When set to `false`, the key exists but all verification attempts fail with `code=DISABLED`.
   * Useful for pre-creating keys that will be activated later or for keys requiring manual approval.
   * Most keys should be created with `enabled=true` for immediate use.
   */
  enabled?: boolean | undefined;
  /**
   * Credit configuration and remaining balance for this key.
   */
  credits?: KeyCreditsData | undefined;
  /**
   * Defines time-based rate limits that protect against abuse by controlling request frequency.
   *
   * @remarks
   * Unlike credits which track total usage, rate limits reset automatically after each window expires.
   * Multiple rate limits can control different operation types with separate thresholds and windows.
   * Essential for preventing API abuse while maintaining good performance for legitimate usage.
   */
  ratelimits?: Array<RatelimitRequest> | undefined;
};

/** @internal */
export type V2KeysMigrateKeyData$Outbound = {
  hash: string;
  name?: string | undefined;
  externalId?: string | undefined;
  meta?: { [k: string]: any } | undefined;
  roles?: Array<string> | undefined;
  permissions?: Array<string> | undefined;
  expires?: number | undefined;
  enabled: boolean;
  credits?: KeyCreditsData$Outbound | undefined;
  ratelimits?: Array<RatelimitRequest$Outbound> | undefined;
};

/** @internal */
export const V2KeysMigrateKeyData$outboundSchema: z.ZodType<
  V2KeysMigrateKeyData$Outbound,
  z.ZodTypeDef,
  V2KeysMigrateKeyData
> = z.object({
  hash: z.string(),
  name: z.string().optional(),
  externalId: z.string().optional(),
  meta: z.record(z.any()).optional(),
  roles: z.array(z.string()).optional(),
  permissions: z.array(z.string()).optional(),
  expires: z.number().int().optional(),
  enabled: z.boolean().default(true),
  credits: KeyCreditsData$outboundSchema.optional(),
  ratelimits: z.array(RatelimitRequest$outboundSchema).optional(),
});

export function v2KeysMigrateKeyDataToJSON(
  v2KeysMigrateKeyData: V2KeysMigrateKeyData,
): string {
  return JSON.stringify(
    V2KeysMigrateKeyData$outboundSchema.parse(v2KeysMigrateKeyData),
  );
}