/**
 * DNS provider interface.
 *
 * Vibn supports multiple authoritative DNS backends so a workspace can opt
 * into stricter residency (CIRA D-Zone) without changing the REST/MCP
 * surface. All providers implement the same contract.
 *
 * Default provider today: cloud-dns (Google Cloud DNS). Global anycast,
 * configuration replicated inside Google's infrastructure. Acceptable for
 * public records; not Canadian-pinned at the config layer.
 *
 * Future provider: cira-dzone (CIRA D-Zone, Canadian-operated). Activated
 * per-workspace via `dns_provider = 'cira_dzone'`.
 */

export interface DnsRecord {
  /** Relative name (e.g. "@", "www", "app"). */
  name: string;
  type: 'A' | 'AAAA' | 'CNAME' | 'TXT' | 'MX' | 'NS' | 'CAA';
  /** RRDATA lines — e.g. ["1.2.3.4"] or ["10 mail.example.com."]. */
  rrdatas: string[];
  ttl?: number;
}

export interface DnsZone {
  apex: string;          // "example.com"
  zoneId: string;        // provider-side zone identifier
  nameservers: string[]; // delegation set the registrant should set at the registrar
  createdAt?: string;
}

export interface DnsProvider {
  readonly id: 'cloud_dns' | 'cira_dzone';
  createZone(apex: string): Promise<DnsZone>;
  getZone(apex: string): Promise<DnsZone | null>;
  setRecords(apex: string, records: DnsRecord[]): Promise<void>;
  deleteZone(apex: string): Promise<void>;
}

export class DnsNotConfiguredError extends Error {
  constructor(providerId: string) {
    super(
      `DNS provider "${providerId}" is not configured. ` +
      `Check that the service account has required permissions and env vars are set.`,
    );
    this.name = 'DnsNotConfiguredError';
  }
}