#!/bin/bash
set -e

echo "=================================================="
echo "DERIOX GUARD - AGENT SERVICE INSTALL MANUAL MODE M9.9"
echo "=================================================="
echo "This creates a systemd unit and placeholder executable."
echo "It does NOT enable the service and does NOT start the service."
echo "It does NOT scan cameras and does NOT send camera passwords, streams or media."
echo ""

if [ "$(id -u)" -ne 0 ]; then
  echo "EROARE: rulează cu sudo sau ca root pe mini PC."
  exit 1
fi

CONF="/etc/deriox-guard/agent.env"
GUARD_URL="https://guard.deriox.ro"
AGENT_NAME="mini-pc-pilot-01"
GATEWAY_UUID=""

if [ -f "$CONF" ]; then
  # shellcheck disable=SC1090
  source "$CONF" || true
  if [ -n "${DERIOX_GUARD_URL:-}" ]; then GUARD_URL="$DERIOX_GUARD_URL"; fi
  if [ -n "${DERIOX_AGENT_NAME:-}" ]; then AGENT_NAME="$DERIOX_AGENT_NAME"; fi
  if [ -n "${DERIOX_GATEWAY_UUID:-}" ]; then GATEWAY_UUID="$DERIOX_GATEWAY_UUID"; fi
fi

HOST_NAME="$(hostname 2>/dev/null || echo unknown)"
MACHINE_ID="$(cat /etc/machine-id 2>/dev/null || hostname)"
MACHINE_HASH="$(printf "%s" "$MACHINE_ID" | sha256sum | awk '{print $1}')"

if [ -z "$GATEWAY_UUID" ]; then
  GATEWAY_UUID="manual-${HOST_NAME}-$(printf "%s" "$MACHINE_HASH" | awk '{print substr($1,1,16)}')"
fi

BASE="/opt/deriox-guard/agent"
BIN="$BASE/bin"
EXEC="$BIN/deriox-agent-service-placeholder.sh"
UNIT="/etc/systemd/system/deriox-guard-agent.service"
LOG_DIR="/var/log/deriox-guard"

mkdir -p "$BIN" "$LOG_DIR" /var/lib/deriox-guard/state /var/lib/deriox-guard/queue/outbox
chmod 755 /opt/deriox-guard "$BASE" "$BIN" 2>/dev/null || true
chmod 750 "$LOG_DIR" 2>/dev/null || true

cat > "$EXEC" <<'EOF'
#!/bin/bash
echo "Deriox Guard Agent placeholder M9.9"
echo "This placeholder intentionally exits without heartbeat, pairing, cameras, stream or media."
echo "Future M9.10/M10 phases will replace this with real controlled logic."
exit 0
EOF
chmod 755 "$EXEC"

if [ -f "$UNIT" ]; then
  cp -f "$UNIT" "$UNIT.$(date +%Y%m%d_%H%M%S).bak"
fi

cat > "$UNIT" <<EOF
[Unit]
Description=Deriox Guard Agent - Manual Mode M9.9
After=network-online.target
Wants=network-online.target

[Service]
Type=oneshot
EnvironmentFile=-/etc/deriox-guard/agent.env
ExecStart=$EXEC
User=root
Group=root
WorkingDirectory=$BASE
StandardOutput=append:/var/log/deriox-guard/agent-service.log
StandardError=append:/var/log/deriox-guard/agent-service.err
# M9.9 safety: no Restart policy, no autostart enabled by this script.

[Install]
WantedBy=multi-user.target
EOF

chmod 644 "$UNIT"

DAEMON_RELOAD_DONE=0
if command -v systemctl >/dev/null 2>&1; then
  systemctl daemon-reload
  DAEMON_RELOAD_DONE=1
fi

SERVICE_ENABLED=0
SERVICE_STARTED=0

PAYLOAD=$(cat <<JSON
{
  "gateway_uuid": "$GATEWAY_UUID",
  "agent_name": "$AGENT_NAME",
  "agent_version": "m9.9-service-manual-mode",
  "host_name": "$HOST_NAME",
  "unit_name": "deriox-guard-agent.service",
  "unit_path": "$UNIT",
  "exec_path": "$EXEC",
  "unit_file_created": 1,
  "daemon_reload_done": $DAEMON_RELOAD_DONE,
  "service_enabled": $SERVICE_ENABLED,
  "service_started": $SERVICE_STARTED,
  "manual_run": 1,
  "service_autostart_enabled": 0,
  "cron_enabled": 0,
  "production_go_live_enabled": 0,
  "real_camera_access_enabled": 0,
  "camera_discovery_enabled": 0,
  "stream_link_enabled": 0,
  "media_enabled": 0,
  "billing_enabled": 0
}
JSON
)

echo "Gateway UUID: $GATEWAY_UUID"
echo "Unit file:    $UNIT"
echo "Exec file:    $EXEC"
echo "Endpoint:     $GUARD_URL/api/gateway/mini-pc/agent-service/report"
echo ""

curl -k -sS \
  -H "Content-Type: application/json" \
  -X POST "$GUARD_URL/api/gateway/mini-pc/agent-service/report" \
  --data "$PAYLOAD"

echo ""
echo "M9.9 manual service install complete."
echo "Service was NOT enabled and NOT started."
echo "Verification:"
systemctl is-enabled deriox-guard-agent.service 2>/dev/null || true
systemctl is-active deriox-guard-agent.service 2>/dev/null || true