use secrets_core::error::AppError;

/// Map a structured `AppError` to an MCP protocol error.
///
/// This replaces the previous pattern of swallowing all errors into `-32603`.
pub fn app_error_to_mcp(err: &AppError) -> rmcp::ErrorData {
    match err {
        AppError::ConflictSecretName { secret_name } => rmcp::ErrorData::invalid_request(
            format!(
                "A secret with the name '{secret_name}' already exists for your account. \
                 Secret names must be unique per user."
            ),
            None,
        ),
        AppError::ConflictEntryName { folder, name } => rmcp::ErrorData::invalid_request(
            format!(
                "An entry with folder='{folder}' and name='{name}' already exists. \
                 The combination of folder and name must be unique."
            ),
            None,
        ),
        AppError::NotFoundEntry => rmcp::ErrorData::invalid_request(
            "Entry not found. Use secrets_find to discover existing entries.",
            None,
        ),
        AppError::Validation { message } => rmcp::ErrorData::invalid_request(message.clone(), None),
        AppError::ConcurrentModification => rmcp::ErrorData::invalid_request(
            "The entry was modified by another request. Please refresh and try again.",
            None,
        ),
        AppError::Internal(_) => rmcp::ErrorData::internal_error(
            "Request failed due to a server error. Check service logs if you need details.",
            None,
        ),
    }
}