#!/usr/bin/env bash
set -euo pipefail

REPO_DIR="${REPO_DIR:-$(pwd)}"
TARGET_BRANCH="${TARGET_BRANCH:-thirdparty/skill}"
SNAPSHOT_DIR="${SNAPSHOT_DIR:-superpowers}"
SOURCE_FILE="${SOURCE_FILE:-${SNAPSHOT_DIR}/SOURCE.md}"
UPSTREAM_REPO="${UPSTREAM_REPO:-https://github.com/obra/superpowers.git}"
UPSTREAM_REF="${UPSTREAM_REF:-main}"
UI_UX_REPO="${UI_UX_REPO:-https://github.com/nextlevelbuilder/ui-ux-pro-max-skill.git}"
UI_UX_REF="${UI_UX_REF:-main}"
UI_UX_SKILL_NAME="${UI_UX_SKILL_NAME:-ui-ux-pro-max}"
UI_UX_SOURCE_FILE="${UI_UX_SOURCE_FILE:-${SNAPSHOT_DIR}/skills/${UI_UX_SKILL_NAME}/SOURCE.md}"
COMMIT_AUTHOR_NAME="${COMMIT_AUTHOR_NAME:-ci[bot]}"
COMMIT_AUTHOR_EMAIL="${COMMIT_AUTHOR_EMAIL:-ci-bot@local}"

retry_cmd() {
  local retries="$1"
  shift
  local delay="$1"
  shift

  local attempt=1
  while true; do
    if "$@"; then
      return 0
    fi
    if [ "$attempt" -ge "$retries" ]; then
      return 1
    fi
    echo "Retry ($attempt/$retries): $*" >&2
    sleep "$delay"
    attempt=$((attempt + 1))
  done
}

github_owner_repo() {
  case "$1" in
    https://github.com/*)
      echo "$1" | sed -E 's#^https://github.com/([^/]+/[^/.]+)(\.git)?$#\1#'
      ;;
    http://github.com/*)
      echo "$1" | sed -E 's#^http://github.com/([^/]+/[^/.]+)(\.git)?$#\1#'
      ;;
    git@github.com:*)
      echo "$1" | sed -E 's#^git@github.com:([^/]+/[^/.]+)(\.git)?$#\1#'
      ;;
    *)
      return 1
      ;;
  esac
}

resolve_latest_sha() {
  local repo="$1"
  local ref="$2"
  local tmp_json="$3"
  local gh_repo="$4"
  local sha=""

  # Prefer GitHub API when possible to avoid git+gnutls handshake failures.
  if [ -n "$gh_repo" ]; then
    local api_url="https://api.github.com/repos/${gh_repo}/commits/${ref}"
    if retry_cmd 3 2 curl -fsSL --retry 3 --retry-delay 2 "$api_url" -o "$tmp_json"; then
      sha="$(sed -n 's/^[[:space:]]*"sha":[[:space:]]*"\([0-9a-f]\{40\}\)".*/\1/p' "$tmp_json" | head -n 1)"
      if [ -n "$sha" ]; then
        echo "$sha"
        return 0
      fi
    fi
  fi

  # Fallback to git transport.
  sha="$(retry_cmd 3 2 git -c http.version=HTTP/1.1 ls-remote "$repo" "refs/heads/$ref" | awk 'NR==1 {print $1}')"
  if [ -n "$sha" ]; then
    echo "$sha"
    return 0
  fi
  return 1
}

read_current_sha() {
  local source_file="$1"
  if [ ! -f "$source_file" ]; then
    return 0
  fi
  sed -n 's/^- Ref:[[:space:]]*//p' "$source_file" | head -n 1
}

write_source_file() {
  local source_file="$1"
  local repo="$2"
  local sha="$3"
  local snapshot_date="$4"
  local notes="$5"

  mkdir -p "$(dirname "$source_file")"
  cat > "$source_file" <<EOF
# Source

- Repo: ${repo%".git"}
- Ref: $sha
- Snapshot: $snapshot_date
- Notes: $notes
EOF
}

populate_snapshot_dir() {
  local repo="$1"
  local sha="$2"
  local gh_repo="$3"
  local dest_dir="$4"
  local prefix="$5"

  rm -rf "$dest_dir"
  mkdir -p "$dest_dir"

  local snapshot_loaded=0
  local tar_path="$tmp_dir/${prefix}.tar.gz"

  if [ -n "$gh_repo" ]; then
    local tar_url="https://codeload.github.com/${gh_repo}/tar.gz/${sha}"
    if retry_cmd 3 2 curl -fsSL --retry 3 --retry-delay 2 "$tar_url" -o "$tar_path"; then
      tar -xzf "$tar_path" -C "$dest_dir" --strip-components=1
      snapshot_loaded=1
    fi
  fi

  if [ "$snapshot_loaded" -eq 0 ]; then
    local upstream_dir="$tmp_dir/${prefix}-upstream"
    git init "$upstream_dir" >/dev/null
    git -C "$upstream_dir" remote add origin "$repo"
    retry_cmd 3 2 git -C "$upstream_dir" fetch --depth 1 origin "$sha"
    git -C "$upstream_dir" checkout --detach FETCH_HEAD
    git -C "$upstream_dir" archive --format=tar HEAD | tar -xf - -C "$dest_dir"
  fi
}

resolve_python_bin() {
  if [ -n "${PYTHON_BIN:-}" ]; then
    echo "$PYTHON_BIN"
    return 0
  fi
  if command -v python3 >/dev/null 2>&1; then
    echo "python3"
    return 0
  fi
  if command -v python >/dev/null 2>&1; then
    echo "python"
    return 0
  fi
  return 1
}

render_ui_ux_skill() {
  local upstream_root="$1"
  local skill_dir="$2"
  local python_bin="$3"

  "$python_bin" - "$upstream_root" "$skill_dir" <<'PY'
from pathlib import Path
import json
import shutil
import sys

upstream_root = Path(sys.argv[1])
skill_dir = Path(sys.argv[2])

config = json.loads(
    (upstream_root / "templates" / "platforms" / "codex.json").read_text(encoding="utf-8")
)
template = (upstream_root / "templates" / "base" / "skill-content.md").read_text(
    encoding="utf-8"
)

frontmatter = config.get("frontmatter") or {}
lines: list[str] = []
if frontmatter:
    lines.append("---")
    for key, value in frontmatter.items():
        if ":" in value or '"' in value or "\n" in value:
            escaped_value = value.replace('"', '\\"')
            lines.append(f'{key}: "{escaped_value}"')
        else:
            lines.append(f"{key}: {value}")
    lines.extend(["---", ""])

content = (
    template.replace("{{TITLE}}", config["title"])
    .replace("{{DESCRIPTION}}", config["description"])
    .replace("{{QUICK_REFERENCE}}", "")
)
content = content.replace(
    "python3 skills/ui-ux-pro-max/scripts/search.py",
    "python3 scripts/search.py",
)

skill_dir.mkdir(parents=True, exist_ok=True)
(skill_dir / "SKILL.md").write_text("\n".join(lines) + content, encoding="utf-8")

for name in ("data", "scripts"):
    source_dir = upstream_root / name
    if source_dir.exists():
        shutil.copytree(source_dir, skill_dir / name, dirs_exist_ok=True)
PY
}

cd "$REPO_DIR"

git config user.name "$COMMIT_AUTHOR_NAME"
git config user.email "$COMMIT_AUTHOR_EMAIL"

git fetch origin "$TARGET_BRANCH"
git checkout -B "$TARGET_BRANCH" "origin/$TARGET_BRANCH"

tmp_dir="$(mktemp -d)"
cleanup() {
  rm -rf "$tmp_dir"
}
trap cleanup EXIT

gh_repo=""
if gh_repo="$(github_owner_repo "$UPSTREAM_REPO" 2>/dev/null)"; then
  :
fi

ui_gh_repo=""
if ui_gh_repo="$(github_owner_repo "$UI_UX_REPO" 2>/dev/null)"; then
  :
fi

latest_sha="$(resolve_latest_sha "$UPSTREAM_REPO" "$UPSTREAM_REF" "$tmp_dir/latest.json" "$gh_repo" || true)"
if [ -z "$latest_sha" ]; then
  echo "ERROR: failed to resolve upstream ref: $UPSTREAM_REPO $UPSTREAM_REF" >&2
  exit 1
fi

ui_latest_sha="$(resolve_latest_sha "$UI_UX_REPO" "$UI_UX_REF" "$tmp_dir/ui-latest.json" "$ui_gh_repo" || true)"
if [ -z "$ui_latest_sha" ]; then
  echo "ERROR: failed to resolve upstream ref: $UI_UX_REPO $UI_UX_REF" >&2
  exit 1
fi

current_sha="$(read_current_sha "$SOURCE_FILE")"
current_ui_sha="$(read_current_sha "$UI_UX_SOURCE_FILE")"

if [ "$latest_sha" = "$current_sha" ] && [ "$ui_latest_sha" = "$current_ui_sha" ]; then
  echo "Third-party snapshots are up to date: superpowers=$latest_sha, ${UI_UX_SKILL_NAME}=$ui_latest_sha"
  exit 0
fi

python_bin="$(resolve_python_bin || true)"
if [ -z "$python_bin" ]; then
  echo "ERROR: python3 or python is required to render ${UI_UX_SKILL_NAME}" >&2
  exit 1
fi

populate_snapshot_dir "$UPSTREAM_REPO" "$latest_sha" "$gh_repo" "$SNAPSHOT_DIR" "superpowers"
populate_snapshot_dir "$UI_UX_REPO" "$ui_latest_sha" "$ui_gh_repo" "$tmp_dir/ui-ux-pro-max" "ui-ux-pro-max"

ui_skill_upstream="$tmp_dir/ui-ux-pro-max/src/ui-ux-pro-max"
if [ ! -d "$ui_skill_upstream" ]; then
  echo "ERROR: ui-ux-pro-max skill source not found at $ui_skill_upstream" >&2
  exit 1
fi

ui_skill_dir="$SNAPSHOT_DIR/skills/$UI_UX_SKILL_NAME"
rm -rf "$ui_skill_dir"
render_ui_ux_skill "$ui_skill_upstream" "$ui_skill_dir" "$python_bin"

snapshot_date="$(date -u +%Y-%m-%d)"
write_source_file \
  "$SOURCE_FILE" \
  "$UPSTREAM_REPO" \
  "$latest_sha" \
  "$snapshot_date" \
  "vendored into playbook branch $TARGET_BRANCH"
write_source_file \
  "$UI_UX_SOURCE_FILE" \
  "$UI_UX_REPO" \
  "$ui_latest_sha" \
  "$snapshot_date" \
  "generated from upstream Codex template for playbook self-contained skill packaging"

git add "$SNAPSHOT_DIR"

if git diff --cached --quiet; then
  echo "No changes detected after snapshot refresh."
  exit 0
fi

git commit -m ":package: deps(superpowers): vendor snapshot"

TOKEN="${WORKFLOW:-}"
if [ -n "$TOKEN" ] && [ -n "${GITHUB_SERVER_URL:-}" ] && [ -n "${GITHUB_REPOSITORY:-}" ]; then
  git remote set-url origin "https://oauth2:${TOKEN}@${GITHUB_SERVER_URL#https://}/${GITHUB_REPOSITORY}.git"
fi

git push origin "$TARGET_BRANCH"