#!/usr/bin/env bash
# ============================================================================
# Agent Audit — install bootstrap (Linux / macOS)
#
# Usage:
#   curl -fsSL https://www.agentaudit.co.uk/install.sh | bash
#
# What it does (in order):
#   1. Verify Python 3.10+ and pip are present
#   2. Create or reuse ~/.agentaudit/venv
#   3. pip install --upgrade agentaudit
#   4. Prompt for your API key (or read $AGENTAUDIT_API_KEY)
#   5. Write ~/.agentaudit/env with the key, mode 0600
#   6. Send a test receipt and report whether the chain accepted it
#
# Re-running is safe. It only updates the SDK and re-verifies the chain.
# Source: https://www.agentaudit.co.uk/download/
# ============================================================================
set -euo pipefail

BLUE='\033[0;34m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
RED='\033[0;31m'
DIM='\033[2m'
RESET='\033[0m'

AA_HOME="${AGENTAUDIT_HOME:-$HOME/.agentaudit}"
AA_VENV="$AA_HOME/venv"
AA_ENV_FILE="$AA_HOME/env"
AA_INGEST="https://www.agentaudit.co.uk"

say()  { printf "${BLUE}==>${RESET} %s\n" "$*"; }
ok()   { printf "${GREEN}\xE2\x9C\x93${RESET}  %s\n" "$*"; }
warn() { printf "${YELLOW}!${RESET}  %s\n" "$*"; }
err()  { printf "${RED}\xE2\x9C\x97${RESET}  %s\n" "$*" >&2; }

# --- 1. Python check --------------------------------------------------------
say "Checking Python"
if ! command -v python3 >/dev/null 2>&1; then
  err "python3 is not on PATH. Install Python 3.10+ and re-run."
  exit 1
fi
PYV=$(python3 -c 'import sys; print("%d.%d" % sys.version_info[:2])')
PYMAJ=$(echo "$PYV" | cut -d. -f1)
PYMIN=$(echo "$PYV" | cut -d. -f2)
if [ "$PYMAJ" -lt 3 ] || { [ "$PYMAJ" -eq 3 ] && [ "$PYMIN" -lt 10 ]; }; then
  err "Python 3.10+ required (found $PYV)."
  exit 1
fi
ok  "Python $PYV"

# --- 2. Virtualenv ---------------------------------------------------------
say "Preparing virtualenv at $AA_VENV"
mkdir -p "$AA_HOME"
chmod 700 "$AA_HOME"
if [ ! -d "$AA_VENV" ]; then
  python3 -m venv "$AA_VENV"
  ok "Created $AA_VENV"
else
  ok "Reusing $AA_VENV"
fi
# shellcheck disable=SC1091
. "$AA_VENV/bin/activate"

# --- 3. Install the SDK ----------------------------------------------------
say "Installing agentaudit"
python -m pip install --quiet --upgrade pip
python -m pip install --quiet --upgrade agentaudit
SDK_VER=$(python -c 'import agentaudit, sys; print(getattr(agentaudit, "__version__", "unknown"))' 2>/dev/null || echo "unknown")
ok  "agentaudit $SDK_VER installed"

# --- 4. API key ------------------------------------------------------------
KEY="${AGENTAUDIT_API_KEY:-}"
if [ -z "$KEY" ] && [ -f "$AA_ENV_FILE" ]; then
  # shellcheck disable=SC1090
  . "$AA_ENV_FILE"
  KEY="${AGENTAUDIT_API_KEY:-}"
fi
if [ -z "$KEY" ]; then
  printf "${BLUE}==>${RESET} Paste your API key (or get one at %s/dashboard/settings/keys/):\n   " "$AA_INGEST"
  read -r KEY
fi
if [[ ! "$KEY" =~ ^aa_(live|test)_[A-Za-z0-9]{16,}$ ]]; then
  err "That doesn't look like an Agent Audit key (expected aa_live_… or aa_test_…)."
  exit 1
fi

# --- 5. Write env file -----------------------------------------------------
say "Writing $AA_ENV_FILE"
umask 077
cat > "$AA_ENV_FILE" <<EOF
# Agent Audit configuration — keep this file private.
AGENTAUDIT_API_KEY="$KEY"
AGENTAUDIT_INGEST_URL="$AA_INGEST"
AGENTAUDIT_HOME="$AA_HOME"
EOF
ok "Wrote env (mode 0600)"

# --- 6. Test receipt -------------------------------------------------------
say "Sending a test receipt to verify the chain"
TEST_OUTPUT=$(python - <<'PY' 2>&1 || true
import os, sys, json, urllib.request, time, uuid

key = os.environ.get("AGENTAUDIT_API_KEY", "")
base = os.environ.get("AGENTAUDIT_INGEST_URL", "https://www.agentaudit.co.uk")
body = {
    "agent_id": "agentaudit-bootstrap",
    "session_id": f"bootstrap-{int(time.time())}",
    "event_id": str(uuid.uuid4()),
    "action_type": "system",
    "action_name": "install_verify",
    "ts": time.strftime("%Y-%m-%dT%H:%M:%SZ", time.gmtime()),
}
data = json.dumps({"receipts": [body]}).encode("utf-8")
req = urllib.request.Request(
    f"{base}/api/v1/receipts",
    data=data,
    headers={
        "Authorization": f"Bearer {key}",
        "Content-Type": "application/json",
        "User-Agent": "agentaudit-bootstrap/1.0",
    },
    method="POST",
)
try:
    with urllib.request.urlopen(req, timeout=8) as r:
        print(f"HTTP {r.status}")
except Exception as e:
    print(f"ERROR {e}")
PY
)
if echo "$TEST_OUTPUT" | grep -qE "HTTP 20[01]"; then
  ok "Test receipt accepted — check the dashboard."
else
  warn "Test receipt did not confirm (got: $TEST_OUTPUT). Dashboard will still show the SDK as installed once you send a real one."
fi

printf "\n${GREEN}\xE2\x9C\x93 Agent Audit installed.${RESET}\n"
printf "  ${DIM}env:${RESET} %s\n"          "$AA_ENV_FILE"
printf "  ${DIM}sdk:${RESET} %s (venv)\n"   "$SDK_VER"
printf "  ${DIM}docs:${RESET} %s/docs/\n"   "$AA_INGEST"
printf "  ${DIM}dashboard:${RESET} %s/dashboard/\n\n" "$AA_INGEST"
printf "Next: import agentaudit in your agent code, or run:\n"
printf "  ${DIM}source %s/bin/activate && agentaudit doctor${RESET}\n\n" "$AA_VENV"