#!/usr/bin/env bash
set -euo pipefail

# === METADATA ===
SCRIPT_NAME="$(basename "$0")"
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
SKILL_ROOT="$(dirname "$SCRIPT_DIR")"
CHECKS_DIR="$SKILL_ROOT/checks"

# === CONFIGURATION ===
: "${OUTPUT_DIR:=$SKILL_ROOT/outputs}"
: "${NODE_NAME:=node-a}"

# === FUNCTIONS ===
log_info() { echo "[INFO]  $(date -Iseconds) $*"; }
die()      { echo "[ERROR] $(date -Iseconds) $*" >&2; exit 1; }

run_check() {
    local script="$1"
    if [[ -x "$CHECKS_DIR/$script" ]]; then
        if "$CHECKS_DIR/$script" &>/dev/null; then
            echo "true"
        else
            echo "false"
        fi
    else
        echo "skip"
    fi
}

main() {
    local last_run_file="$OUTPUT_DIR/last_run_dir.txt"
    [[ -f "$last_run_file" ]] || die "No last run pointer. Run 11_backup_apply.sh first."

    local run_dir
    run_dir="$(cat "$last_run_file")"

    mkdir -p "$OUTPUT_DIR"
    local status="$OUTPUT_DIR/status_matrix.json"

    # Check artifacts
    local has_archive has_encrypted has_manifest has_proof has_root has_restore

    [[ -f "$run_dir/archive.tar.gz" ]] && has_archive="true" || has_archive="false"
    [[ -f "$run_dir/archive.tar.gz.age" ]] && has_encrypted="true" || has_encrypted="false"
    [[ -f "$run_dir/manifest.json" ]] && has_manifest="true" || has_manifest="false"
    [[ -f "$run_dir/PROOF.json" ]] && has_proof="true" || has_proof="false"
    [[ -f "$run_dir/ROOT.txt" ]] && has_root="true" || has_root="false"
    [[ -f "$run_dir/last_restore_dir.txt" ]] && has_restore="true" || has_restore="false"

    # Run check scripts
    local tools_ok space_ok restore_ok
    tools_ok=$(run_check "check_tools.sh")
    space_ok=$(run_check "check_space.sh")
    restore_ok=$(run_check "check_restore.sh")

    # Determine blockers and warnings
    local blockers="" warnings="" next_steps=""

    if [[ "$has_restore" == "false" ]]; then
        blockers="${blockers}\"Restore drill not completed\","
    fi
    if [[ "$has_encrypted" == "false" ]]; then
        blockers="${blockers}\"Archive not encrypted\","
    fi
    if [[ "$has_manifest" == "false" ]]; then
        warnings="${warnings}\"Manifest missing\","
    fi
    if [[ "$has_proof" == "false" ]]; then
        warnings="${warnings}\"Proof receipts missing\","
    fi

    # Determine next steps
    if [[ "$has_restore" == "true" && "$has_encrypted" == "true" ]]; then
        next_steps="${next_steps}\"Store encrypted bundle off-node\","
        next_steps="${next_steps}\"Anchor ROOT.txt with rfc3161-anchor\","
        next_steps="${next_steps}\"Proceed to disaster-recovery skill\","
    else
        if [[ "$has_encrypted" == "false" ]]; then
            next_steps="${next_steps}\"Run 21_encrypt_apply.sh\","
        fi
        if [[ "$has_restore" == "false" ]]; then
            next_steps="${next_steps}\"Run 50_restore_drill.sh (MANDATORY)\","
        fi
    fi

    # Remove trailing commas
    blockers="[${blockers%,}]"
    warnings="[${warnings%,}]"
    next_steps="[${next_steps%,}]"

    # Get ROOT value if exists
    local root_value="null"
    if [[ -f "$run_dir/ROOT.txt" ]]; then
        root_value="\"$(cat "$run_dir/ROOT.txt")\""
    fi

    cat > "$status" <<EOF
{
  "skill": "backup-sovereign",
  "node": "$NODE_NAME",
  "timestamp": "$(date -Iseconds)",
  "run_dir": "$run_dir",
  "root": $root_value,
  "checks": {
    "archive": $has_archive,
    "encrypted": $has_encrypted,
    "manifest": $has_manifest,
    "proof": $has_proof,
    "root": $has_root,
    "restore_drill": $has_restore,
    "tools": $tools_ok,
    "space": $space_ok
  },
  "blockers": $blockers,
  "warnings": $warnings,
  "next_steps": $next_steps
}
EOF

    log_info "Wrote status matrix: $status"
    echo ""
    echo "============================================"
    echo "  VERIFICATION SUMMARY"
    echo "============================================"
    echo ""
    echo "  Archive:       $has_archive"
    echo "  Encrypted:     $has_encrypted"
    echo "  Manifest:      $has_manifest"
    echo "  Proof:         $has_proof"
    echo "  ROOT:          $has_root"
    echo "  Restore Drill: $has_restore"
    echo ""

    # Return success only if restore drill passed
    [[ "$has_restore" == "true" ]]
}

[[ "${BASH_SOURCE[0]}" == "$0" ]] && main "$@"