#compdef vlz

autoload -U is-at-least

_vlz() {
    typeset -A opt_args
    typeset -a _arguments_options
    local ret=1

    if is-at-least 5.2; then
        _arguments_options=(-s -S -C)
    else
        _arguments_options=(-s -C)
    fi

    local context curcontext="$curcontext" state line
    _arguments "${_arguments_options[@]}" : \
'-c+[Override configuration file location]:PATH:_default' \
'--config=[Override configuration file location]:PATH:_default' \
'*--env-overrides=[Set environment variable overrides (VLZ_*)]:ENV_OVERRIDES:_default' \
'*-v[Increase verbosity (multiple times = more detail)]' \
'*--verbose[Increase verbosity (multiple times = more detail)]' \
'-h[Print help]' \
'--help[Print help]' \
'-V[Print version]' \
'--version[Print version]' \
":: :_vlz_commands" \
"*::: :->vlz" \
&& ret=0
    case $state in
    (vlz)
        words=($line[1] "${words[@]}")
        (( CURRENT += 1 ))
        curcontext="${curcontext%:*:*}:vlz-command-$line[1]:"
        case $line[1] in
            (scan)
_arguments "${_arguments_options[@]}" : \
'--format=[Output format (plain, json, sarif, cyclonedx, spdx)]:FORMAT:_default' \
'*--summary-file=[Generate additional files\: e.g. html\:/tmp/out.html,cyclonedx\:/tmp/sbom.json]:TYPE:PATH:_default' \
'--provider=[Force a particular CVE provider]:PROVIDER:_default' \
'--parallel=[Parallel query limit (default 10, max 50)]:PARALLEL:_default' \
'--cache-db=[Override cache database path]:PATH:_default' \
'--ignore-db=[Override ignore (false-positive) database path]:PATH:_default' \
'*--scan-exclude-dir=[Exclude directory name from manifest discovery (repeatable)]:DIR:_default' \
'--cache-ttl-secs=[Default TTL in seconds for new cache entries (default\: 432000 = 5 days). Does not change existing entries; use \`vlz db set-ttl\` to update those]:SECS:_default' \
'--min-score=[Minimum CVSS score to count toward exit code]:SCORE:_default' \
'--min-count=[Minimum count of CVEs meeting min-score to trigger CVE exit code (0 = any)]:N:_default' \
'--exit-code-on-cve=[Exit code when CVEs meet threshold (default 86)]:CODE:_default' \
'--fp-exit-code=[Exit code when only false-positives are present (default 0)]:CODE:_default' \
'--project-id=[Project ID for false-positive scoping (FR-015); only FPs for this project or global apply]:ID:_default' \
'--backoff-base=[Base delay in ms for retry backoff (default 100)]:MS:_default' \
'--backoff-max=[Maximum delay in ms for retry backoff (default 30000)]:MS:_default' \
'--max-retries=[Maximum retries for transient errors (default 5)]:N:_default' \
'--provider-http-connect-timeout-secs=[CVE provider HTTPS connect timeout in seconds (default 15)]:SECS:_default' \
'--provider-http-request-timeout-secs=[CVE provider HTTPS total request timeout in seconds (default 120)]:SECS:_default' \
'--tls-crl-bundle=[PEM file of CRLs for optional Linux TLS certificate revocation (SEC-021)]:PATH:_default' \
'--reachability-mode=[Reachability analysis mode]:MODE:(off tier-b best-available)' \
'--severity-v2-critical-min=[CVSS v2 critical severity minimum score (default 9.0)]:SCORE:_default' \
'--severity-v2-high-min=[CVSS v2 high severity minimum score (default 7.0)]:SCORE:_default' \
'--severity-v2-medium-min=[CVSS v2 medium severity minimum score (default 4.0)]:SCORE:_default' \
'--severity-v2-low-min=[CVSS v2 low severity minimum score (default 0.1)]:SCORE:_default' \
'--severity-v3-critical-min=[CVSS v3 critical severity minimum score (default 9.0)]:SCORE:_default' \
'--severity-v3-high-min=[CVSS v3 high severity minimum score (default 7.0)]:SCORE:_default' \
'--severity-v3-medium-min=[CVSS v3 medium severity minimum score (default 4.0)]:SCORE:_default' \
'--severity-v3-low-min=[CVSS v3 low severity minimum score (default 0.1)]:SCORE:_default' \
'--severity-v4-critical-min=[CVSS v4 critical severity minimum score (default 9.0)]:SCORE:_default' \
'--severity-v4-high-min=[CVSS v4 high severity minimum score (default 7.0)]:SCORE:_default' \
'--severity-v4-medium-min=[CVSS v4 medium severity minimum score (default 4.0)]:SCORE:_default' \
'--severity-v4-low-min=[CVSS v4 low severity minimum score (default 0.1)]:SCORE:_default' \
'-c+[Override configuration file location]:PATH:_default' \
'--config=[Override configuration file location]:PATH:_default' \
'--offline[Disable network access]' \
'--benchmark[Benchmark mode (no cache, no network, parallel=1)]' \
'--package-manager-required[Require package manager on PATH; exit 3 with hint if missing]' \
'-h[Print help]' \
'--help[Print help]' \
'::root -- Root directory (defaults to current working dir):_default' \
&& ret=0
;;
(list)
_arguments "${_arguments_options[@]}" : \
'-c+[Override configuration file location]:PATH:_default' \
'--config=[Override configuration file location]:PATH:_default' \
'-h[Print help]' \
'--help[Print help]' \
&& ret=0
;;
(config)
_arguments "${_arguments_options[@]}" : \
'--set=[Set a key (e.g. python.regex="^requirements\\\\.txt\$")]:KEY=VALUE:_default' \
'-c+[Override configuration file location]:PATH:_default' \
'--config=[Override configuration file location]:PATH:_default' \
'--list[]' \
'--example[Output verilyze.conf.example with effective values for this environment]' \
'-h[Print help]' \
'--help[Print help]' \
&& ret=0
;;
(db)
_arguments "${_arguments_options[@]}" : \
'--cache-ttl-secs=[Default TTL in seconds when opening the cache (default\: 432000 = 5 days). Does not change existing entries; use \`vlz db set-ttl\` to update those]:SECS:_default' \
'-c+[Override configuration file location]:PATH:_default' \
'--config=[Override configuration file location]:PATH:_default' \
'-h[Print help]' \
'--help[Print help]' \
":: :_vlz__subcmd__db_commands" \
"*::: :->db" \
&& ret=0

    case $state in
    (db)
        words=($line[1] "${words[@]}")
        (( CURRENT += 1 ))
        curcontext="${curcontext%:*:*}:vlz-db-command-$line[1]:"
        case $line[1] in
            (stats)
_arguments "${_arguments_options[@]}" : \
'-c+[Override configuration file location]:PATH:_default' \
'--config=[Override configuration file location]:PATH:_default' \
'-h[Print help]' \
'--help[Print help]' \
&& ret=0
;;
(verify)
_arguments "${_arguments_options[@]}" : \
'-c+[Override configuration file location]:PATH:_default' \
'--config=[Override configuration file location]:PATH:_default' \
'-h[Print help]' \
'--help[Print help]' \
&& ret=0
;;
(migrate)
_arguments "${_arguments_options[@]}" : \
'-c+[Override configuration file location]:PATH:_default' \
'--config=[Override configuration file location]:PATH:_default' \
'-h[Print help]' \
'--help[Print help]' \
&& ret=0
;;
(list-providers)
_arguments "${_arguments_options[@]}" : \
'-c+[Override configuration file location]:PATH:_default' \
'--config=[Override configuration file location]:PATH:_default' \
'-h[Print help]' \
'--help[Print help]' \
&& ret=0
;;
(show)
_arguments "${_arguments_options[@]}" : \
'--format=[Output format (e.g. json for full payload)]:FORMAT:_default' \
'-c+[Override configuration file location]:PATH:_default' \
'--config=[Override configuration file location]:PATH:_default' \
'--full[Include full CVE payload for each entry]' \
'-h[Print help]' \
'--help[Print help]' \
&& ret=0
;;
(set-ttl)
_arguments "${_arguments_options[@]}" : \
'--entry=[Update a single entry by key (e.g. "name\:\:version")]:KEY:_default' \
'--pattern=[Update entries matching pattern]:PATTERN:_default' \
'--entries=[Update multiple entries (comma-separated keys)]:KEYS:_default' \
'-c+[Override configuration file location]:PATH:_default' \
'--config=[Override configuration file location]:PATH:_default' \
'--all[Update all entries]' \
'-h[Print help]' \
'--help[Print help]' \
':secs -- New TTL in seconds:_default' \
&& ret=0
;;
        esac
    ;;
esac
;;
(fp)
_arguments "${_arguments_options[@]}" : \
'-c+[Override configuration file location]:PATH:_default' \
'--config=[Override configuration file location]:PATH:_default' \
'-h[Print help]' \
'--help[Print help]' \
":: :_vlz__subcmd__fp_commands" \
"*::: :->fp" \
&& ret=0

    case $state in
    (fp)
        words=($line[1] "${words[@]}")
        (( CURRENT += 1 ))
        curcontext="${curcontext%:*:*}:vlz-fp-command-$line[1]:"
        case $line[1] in
            (mark)
_arguments "${_arguments_options[@]}" : \
'--comment=[Optional comment]:COMMENT:_default' \
'--project-id=[Optional project scope]:ID:_default' \
'-c+[Override configuration file location]:PATH:_default' \
'--config=[Override configuration file location]:PATH:_default' \
'-h[Print help]' \
'--help[Print help]' \
':cve_id -- CVE ID (e.g. CVE-2023-1234):_default' \
&& ret=0
;;
(unmark)
_arguments "${_arguments_options[@]}" : \
'-c+[Override configuration file location]:PATH:_default' \
'--config=[Override configuration file location]:PATH:_default' \
'-h[Print help]' \
'--help[Print help]' \
':cve_id -- CVE ID (e.g. CVE-2023-1234):_default' \
&& ret=0
;;
        esac
    ;;
esac
;;
(preload)
_arguments "${_arguments_options[@]}" : \
'-c+[Override configuration file location]:PATH:_default' \
'--config=[Override configuration file location]:PATH:_default' \
'-h[Print help]' \
'--help[Print help]' \
&& ret=0
;;
(help)
_arguments "${_arguments_options[@]}" : \
'-c+[Override configuration file location]:PATH:_default' \
'--config=[Override configuration file location]:PATH:_default' \
'-h[Print help]' \
'--help[Print help]' \
'::subcommand:_default' \
&& ret=0
;;
(generate-completions)
_arguments "${_arguments_options[@]}" : \
'-c+[Override configuration file location]:PATH:_default' \
'--config=[Override configuration file location]:PATH:_default' \
'-h[Print help]' \
'--help[Print help]' \
':shell -- Shell (bash, zsh, fish):(bash elvish fish powershell zsh)' \
&& ret=0
;;
        esac
    ;;
esac
}

(( $+functions[_vlz_commands] )) ||
_vlz_commands() {
    local commands; commands=(
'scan:Scan a directory tree for manifests and CVEs' \
'list:List registered language/plugin names' \
'config:Show or set configuration values' \
'db:Database sub‑commands (stats, verify, migrate, list-providers, …)' \
'fp:False-positive markings' \
'preload:Pre-populate CVE cache from remote provider (placeholder)' \
'help:Show manual page' \
'generate-completions:Generate shell completion scripts' \
    )
    _describe -t commands 'vlz commands' commands "$@"
}
(( $+functions[_vlz__subcmd__config_commands] )) ||
_vlz__subcmd__config_commands() {
    local commands; commands=()
    _describe -t commands 'vlz config commands' commands "$@"
}
(( $+functions[_vlz__subcmd__db_commands] )) ||
_vlz__subcmd__db_commands() {
    local commands; commands=(
'stats:' \
'verify:' \
'migrate:' \
'list-providers:List supported CVE providers' \
'show:Display cache entries with TTL and added timestamp' \
'set-ttl:Update TTL for existing cache entries' \
    )
    _describe -t commands 'vlz db commands' commands "$@"
}
(( $+functions[_vlz__subcmd__db__subcmd__list-providers_commands] )) ||
_vlz__subcmd__db__subcmd__list-providers_commands() {
    local commands; commands=()
    _describe -t commands 'vlz db list-providers commands' commands "$@"
}
(( $+functions[_vlz__subcmd__db__subcmd__migrate_commands] )) ||
_vlz__subcmd__db__subcmd__migrate_commands() {
    local commands; commands=()
    _describe -t commands 'vlz db migrate commands' commands "$@"
}
(( $+functions[_vlz__subcmd__db__subcmd__set-ttl_commands] )) ||
_vlz__subcmd__db__subcmd__set-ttl_commands() {
    local commands; commands=()
    _describe -t commands 'vlz db set-ttl commands' commands "$@"
}
(( $+functions[_vlz__subcmd__db__subcmd__show_commands] )) ||
_vlz__subcmd__db__subcmd__show_commands() {
    local commands; commands=()
    _describe -t commands 'vlz db show commands' commands "$@"
}
(( $+functions[_vlz__subcmd__db__subcmd__stats_commands] )) ||
_vlz__subcmd__db__subcmd__stats_commands() {
    local commands; commands=()
    _describe -t commands 'vlz db stats commands' commands "$@"
}
(( $+functions[_vlz__subcmd__db__subcmd__verify_commands] )) ||
_vlz__subcmd__db__subcmd__verify_commands() {
    local commands; commands=()
    _describe -t commands 'vlz db verify commands' commands "$@"
}
(( $+functions[_vlz__subcmd__fp_commands] )) ||
_vlz__subcmd__fp_commands() {
    local commands; commands=(
'mark:Mark a CVE as false positive' \
'unmark:Remove false-positive marking for a CVE' \
    )
    _describe -t commands 'vlz fp commands' commands "$@"
}
(( $+functions[_vlz__subcmd__fp__subcmd__mark_commands] )) ||
_vlz__subcmd__fp__subcmd__mark_commands() {
    local commands; commands=()
    _describe -t commands 'vlz fp mark commands' commands "$@"
}
(( $+functions[_vlz__subcmd__fp__subcmd__unmark_commands] )) ||
_vlz__subcmd__fp__subcmd__unmark_commands() {
    local commands; commands=()
    _describe -t commands 'vlz fp unmark commands' commands "$@"
}
(( $+functions[_vlz__subcmd__generate-completions_commands] )) ||
_vlz__subcmd__generate-completions_commands() {
    local commands; commands=()
    _describe -t commands 'vlz generate-completions commands' commands "$@"
}
(( $+functions[_vlz__subcmd__help_commands] )) ||
_vlz__subcmd__help_commands() {
    local commands; commands=()
    _describe -t commands 'vlz help commands' commands "$@"
}
(( $+functions[_vlz__subcmd__list_commands] )) ||
_vlz__subcmd__list_commands() {
    local commands; commands=()
    _describe -t commands 'vlz list commands' commands "$@"
}
(( $+functions[_vlz__subcmd__preload_commands] )) ||
_vlz__subcmd__preload_commands() {
    local commands; commands=()
    _describe -t commands 'vlz preload commands' commands "$@"
}
(( $+functions[_vlz__subcmd__scan_commands] )) ||
_vlz__subcmd__scan_commands() {
    local commands; commands=()
    _describe -t commands 'vlz scan commands' commands "$@"
}

if [ "$funcstack[1]" = "_vlz" ]; then
    _vlz "$@"
else
    compdef _vlz vlz
fi
