<?php

declare(strict_types=1);

namespace App\Mcp\Tool\TaskMeta;

use App\Mcp\Tool\Serializer;
use App\Repository\TaskGroupRepository;
use Mcp\Capability\Attribute\McpTool;
use Symfony\Bundle\SecurityBundle\Security;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;

#[McpTool(name: 'list-groups', description: 'List task groups, optionally filtered by project. Groups are per-project (each group belongs to one project).')]
class ListGroupsTool
{
    public function __construct(
        private readonly TaskGroupRepository $taskGroupRepository,
        private readonly Security $security,
    ) {}

    public function __invoke(?int $projectId = null, bool $archived = false): string
    {
        if (!$this->security->isGranted('ROLE_USER')) {
            throw new AccessDeniedException('Access denied: ROLE_USER required.');
        }

        $criteria = ['archived' => $archived];
        if (null !== $projectId) {
            $criteria['project'] = $projectId;
        }

        $groups = $this->taskGroupRepository->findBy($criteria, ['title' => 'ASC']);

        return json_encode(array_map(Serializer::groupFull(...), $groups));
    }
}