#!/bin/sh
# Customer install — one credential (Alias API key).
# This file is published verbatim as https://aliasrobotics.com/get_csi.
set -e

REGISTRY_HOST="${CSI_REGISTRY_HOST:-registry.aliasrobotics.com:663}"
IMAGE="${CSI_REGISTRY:-$REGISTRY_HOST/csi}:latest"

read_secret() {
  prompt=$1
  var_name=$2
  eval "current=\${$var_name:-}"
  if [ -n "$current" ]; then
    return 0
  fi
  printf "%s" "$prompt"
  stty -echo </dev/tty
  read value </dev/tty
  stty echo </dev/tty
  echo
  eval "$var_name=\$value"
}

load_alias_api_key() {
  if [ -n "${ALIAS_API_KEY:-}" ]; then
    return 0
  fi
  if [ -f "$HOME/.cai_env" ]; then
    # shellcheck disable=SC1090
    . "$HOME/.cai_env"
  fi
  if [ -z "${ALIAS_API_KEY:-}" ] && [ -f "$HOME/.csi/run.sh" ]; then
    ALIAS_API_KEY=$(grep -o 'ALIAS_API_KEY="[^"]*"' "$HOME/.csi/run.sh" 2>/dev/null | head -1 | cut -d'"' -f2 || true)
  fi
}

registry_login() {
  echo "$ALIAS_API_KEY" | docker login "$REGISTRY_HOST" -u none --password-stdin >/dev/null 2>&1
}

write_cai_env_setup() {
  mkdir -p "$HOME/.csi"
  cat > "$HOME/.csi/setup-cai-env.sh" <<'SETUP_EOF'
#!/usr/bin/env bash
# Configure ~/.csi/workspace/.env for CSI_BACKEND=cai (symlink to repo or defaults).
set -e

CSI_WORKSPACE_ENV="${HOME}/.csi/workspace/.env"
CSI_CAI_REPO_FILE="${HOME}/.csi/cai_repo"

load_alias_key_from_run_sh() {
  if [ -n "${ALIAS_API_KEY:-}" ]; then
    return 0
  fi
  if [ -f "${HOME}/.csi/run.sh" ]; then
    ALIAS_API_KEY=$(grep -o 'ALIAS_API_KEY="[^"]*"' "${HOME}/.csi/run.sh" 2>/dev/null | head -1 | cut -d'"' -f2 || true)
  fi
}

expand_tilde() {
  case "$1" in
    ~/*) printf '%s\n' "$HOME/${1#~/}" ;;
    ~)   printf '%s\n' "$HOME" ;;
    *)   printf '%s\n' "$1" ;;
  esac
}

cai_env_is_linked() {
  [ -L "$CSI_WORKSPACE_ENV" ] || return 1
  local target
  target=$(readlink -f "$CSI_WORKSPACE_ENV" 2>/dev/null) || return 1
  [ -f "$target" ]
}

ensure_csi_workspace_writable() {
  mkdir -p "${HOME}/.csi/workspace"
  if [ -w "${HOME}/.csi/workspace" ]; then
    return 0
  fi
  echo "csi: ${HOME}/.csi/workspace is not writable (often created as root by Docker)." >&2
  if command -v sudo >/dev/null 2>&1; then
    echo "csi: trying: sudo chown -R $(id -un):$(id -gn) ${HOME}/.csi/workspace" >&2
    if sudo chown -R "$(id -un):$(id -gn)" "${HOME}/.csi/workspace" 2>/dev/null; then
      [ -w "${HOME}/.csi/workspace" ] && return 0
    fi
  fi
  echo "csi: fix manually, then re-run: sudo chown -R \$USER:\$USER ${HOME}/.csi/workspace" >&2
  return 1
}

write_default_cai_env() {
  load_alias_key_from_run_sh
  if [ -z "${ALIAS_API_KEY:-}" ]; then
    echo "csi: ALIAS_API_KEY not set; cannot create default .env" >&2
    return 1
  fi
  ensure_csi_workspace_writable || return 1
  if [ -L "$CSI_WORKSPACE_ENV" ] || [ -e "$CSI_WORKSPACE_ENV" ]; then
    rm -f "$CSI_WORKSPACE_ENV"
  fi
  cat > "$CSI_WORKSPACE_ENV" <<EOF
OPENAI_API_KEY="sk-1234"
ALIAS_API_KEY="${ALIAS_API_KEY}"
CAI_COMPACT_REPL=0
EOF
  rm -f "$CSI_CAI_REPO_FILE"
  echo "Created default CAI config: ${CSI_WORKSPACE_ENV}"
}

link_cai_repo_env() {
  local repo="$1"
  repo=$(expand_tilde "$repo")
  if [ ! -d "$repo" ]; then
    echo "Directory not found: $repo" >&2
    return 1
  fi
  if [ ! -f "$repo/.env" ]; then
    echo "No .env in repo root: $repo" >&2
    return 1
  fi
  ensure_csi_workspace_writable || return 1
  if [ -L "$CSI_WORKSPACE_ENV" ] || [ -e "$CSI_WORKSPACE_ENV" ]; then
    rm -f "$CSI_WORKSPACE_ENV"
  fi
  if ! ln -sfn "$repo/.env" "$CSI_WORKSPACE_ENV"; then
    echo "csi: could not create symlink at ${CSI_WORKSPACE_ENV}" >&2
    return 1
  fi
  if ! printf '%s\n' "$repo" > "$CSI_CAI_REPO_FILE"; then
    rm -f "$CSI_WORKSPACE_ENV"
    echo "csi: could not save repo path to ${CSI_CAI_REPO_FILE}" >&2
    return 1
  fi
  echo "Linked ${CSI_WORKSPACE_ENV} -> $(readlink -f "$repo/.env")"
}

prompt_cai_env_setup() {
  if [ ! -t 0 ] || [ ! -t 1 ]; then
    return 0
  fi
  echo ""
  echo "CAI environment (.env)"
  echo "If you have a local CAI git clone with a configured .env at its root,"
  echo "CSI can use that file inside Docker (same keys and CAI_* settings)."
  echo "Press Enter to skip and use a minimal default .env instead."
  printf "Path to your CAI repo (optional): "
  read -r cai_repo || cai_repo=""
  cai_repo=$(printf '%s' "$cai_repo" | sed 's/^[[:space:]]*//;s/[[:space:]]*$//')
  if [ -n "$cai_repo" ]; then
    link_cai_repo_env "$cai_repo" || {
      echo "Could not link repo .env; creating default instead."
      write_default_cai_env
    }
  else
    write_default_cai_env
  fi
}

maybe_prompt_cai_env_on_update() {
  if cai_env_is_linked; then
    return 0
  fi
  if [ ! -t 0 ] || [ ! -t 1 ]; then
    return 0
  fi
  echo ""
  echo "CAI .env is not linked to a local repo."
  if [ -f "$CSI_WORKSPACE_ENV" ]; then
    echo "Current file: ${CSI_WORKSPACE_ENV}"
  else
    echo "No ${CSI_WORKSPACE_ENV} found."
  fi
  echo "Link your CAI repo .env now? [y/N] "
  read -r answer || answer=""
  case "$answer" in
    y|Y|yes|Yes|YES)
      prompt_cai_env_setup
      ;;
    *)
      if [ ! -f "$CSI_WORKSPACE_ENV" ]; then
        write_default_cai_env
      fi
      ;;
  esac
}

case "${1:-}" in
  --check-linked)
    cai_env_is_linked
    ;;
  --prompt-if-needed)
    maybe_prompt_cai_env_on_update
    ;;
  --write-default)
    write_default_cai_env
    ;;
  --link)
    if [ -z "${2:-}" ]; then
      echo "Usage: $0 --link /path/to/cai/repo" >&2
      exit 1
    fi
    link_cai_repo_env "$2"
    ;;
  --configure)
    prompt_cai_env_setup
    ;;
  *)
    echo "Usage: $0 --configure | --write-default | --link REPO | --prompt-if-needed | --check-linked" >&2
    exit 1
    ;;
esac
SETUP_EOF
  chmod +x "$HOME/.csi/setup-cai-env.sh"
}

fix_csi_workspace_permissions() {
  mkdir -p "$HOME/.csi/logs" "$HOME/.csi/docker-history" "$HOME/.csi/docker-config" "$HOME/.csi/burp" "$HOME/.csi/workspace"
  if [ -d "$HOME/.csi/workspace" ] && [ ! -w "$HOME/.csi/workspace" ]; then
    echo "Fixing ~/.csi/workspace permissions (Docker may have created it as root)..."
    if command -v sudo >/dev/null 2>&1; then
      sudo chown -R "$(id -un):$(id -gn)" "$HOME/.csi/workspace" 2>/dev/null || true
    fi
  fi
}

write_run_sh() {
  fix_csi_workspace_permissions
  cat > "$HOME/.csi/run.sh" <<EOF
#!/usr/bin/env bash
REGISTRY_HOST="$REGISTRY_HOST"
IMAGE="$IMAGE"
ALIAS_API_KEY="$ALIAS_API_KEY"

registry_login() {
  echo "\$ALIAS_API_KEY" | docker login "\$REGISTRY_HOST" -u none --password-stdin >/dev/null 2>&1
}

csi_expand_path() {
  case "\$1" in
    ~/*) printf '%s\\n' "\$HOME/\${1#~/}" ;;
    ~)   printf '%s\\n' "\$HOME" ;;
    *)   printf '%s\\n' "\$1" ;;
  esac
}

DOCKER_EXTRA=()
DOCKER_NETWORK=""
CSI_ARGS=()

csi_add_mount() {
  local spec=\$1
  local host=\${spec%%:*}
  if [ "\$host" = "\$spec" ]; then
    echo "csi: invalid --mount '\$spec' (expected host:container)" >&2
    exit 1
  fi
  local rest=\${spec#*:}
  host=\$(csi_expand_path "\$host")
  DOCKER_EXTRA+=(-v "\$host:\$rest")
}

while [ \$# -gt 0 ]; do
  case "\$1" in
    --update|--upgrade)
      echo "Updating CSI..."
      registry_login
      docker pull --platform linux/amd64 "\$IMAGE"
      if [ -x "\$HOME/.csi/setup-cai-env.sh" ]; then
        "\$HOME/.csi/setup-cai-env.sh" --prompt-if-needed || true
      fi
      echo "Done."
      exit 0
      ;;
    --mount)
      if [ -z "\${2:-}" ]; then
        echo "csi: --mount requires host:container" >&2
        exit 1
      fi
      csi_add_mount "\$2"
      shift 2
      ;;
    --mount=*)
      csi_add_mount "\${1#--mount=}"
      shift
      ;;
    --network)
      if [ -z "\${2:-}" ]; then
        echo "csi: --network requires a mode (e.g. host)" >&2
        exit 1
      fi
      DOCKER_NETWORK="\$2"
      shift 2
      ;;
    --network=*)
      DOCKER_NETWORK="\${1#--network=}"
      shift
      ;;
    *)
      CSI_ARGS+=("\$1")
      shift
      ;;
  esac
done

NETWORK_ARG=()
if [ -n "\$DOCKER_NETWORK" ]; then
  NETWORK_ARG=(--network="\$DOCKER_NETWORK")
fi

exec docker run --cap-add=NET_RAW --cap-add=NET_ADMIN -it --rm \\
    --platform linux/amd64 \\
    "\${NETWORK_ARG[@]}" \\
    --tmpfs /tmp:exec,size=2g \\
    --add-host=host.docker.internal:host-gateway \\
    -e ALIAS_API_KEY="\$ALIAS_API_KEY" \\
    -e OPENAI_API_KEY="\${OPENAI_API_KEY:-\$ALIAS_API_KEY}" \\
    -e ANTHROPIC_MODEL=alias2-mini \\
    -v "\$HOME/.csi/logs:/home/vscode/.csi/logs" \\
    -v "\$HOME/.csi/docker-history:/commandhistory" \\
    -v "\$HOME/.csi/docker-config:/home/vscode/.claude" \\
    -v "\$HOME/.csi/workspace:/workspace" -w /workspace \\
    -e CSI_BACKEND="\${CSI_BACKEND:-claude}" \\
    "\${DOCKER_EXTRA[@]}" \\
    "\$IMAGE" \\
    csi "\${CSI_ARGS[@]}"
EOF
  chmod +x "$HOME/.csi/run.sh"
  mkdir -p "$HOME/.local/bin"
  ln -sf "$HOME/.csi/run.sh" "$HOME/.local/bin/csi"
}

load_alias_api_key
if [ -z "${ALIAS_API_KEY:-}" ]; then
  echo "Please paste your Alias API key (input will not be visible)"
  read_secret "" ALIAS_API_KEY
fi

echo "Logging into docker..."
registry_login

echo "Downloading docker image..."
docker pull --platform linux/amd64 "$IMAGE"

write_cai_env_setup
write_run_sh

if [ -t 0 ] && [ -t 1 ]; then
  if "$HOME/.csi/setup-cai-env.sh" --check-linked 2>/dev/null; then
    linked=$(readlink -f "$HOME/.csi/workspace/.env" 2>/dev/null || true)
    echo "CAI .env already linked: ${linked}"
  else
    "$HOME/.csi/setup-cai-env.sh" --configure
  fi
else
  # Non-interactive install: default .env unless already linked
  if ! "$HOME/.csi/setup-cai-env.sh" --check-linked 2>/dev/null; then
    ALIAS_API_KEY="$ALIAS_API_KEY" "$HOME/.csi/setup-cai-env.sh" --write-default
  fi
fi

echo "Done! Run 'csi' to start. Update anytime: csi --update"