#!/bin/sh

#
# SecuBox CLI - Main Entrypoint
# Unified command-line interface for SecuBox operations
#

SECUBOX_VERSION="0.9.0"

# Color output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
BOLD='\033[1m'
NC='\033[0m' # No Color

usage() {
	cat <<EOF
${BOLD}SecuBox CLI${NC} v${SECUBOX_VERSION}
Modular OpenWrt Security Appliance Framework

${BOLD}Usage:${NC} secubox <command> [subcommand] [options]

${BOLD}Commands:${NC}
  ${GREEN}app${NC}          Manage modules and AppStore
  ${GREEN}feed${NC}         Manage catalog feed sources
  ${GREEN}profile${NC}      Manage profiles and templates
  ${GREEN}skill${NC}        Discover and manage skills
  ${GREEN}feedback${NC}     Report issues and find resolutions
  ${GREEN}device${NC}       Device information and management
  ${GREEN}net${NC}          Network management
  ${GREEN}diag${NC}         Diagnostics and health checks
  ${GREEN}landing${NC}      Generate landing pages from vhosts
  ${GREEN}clone${NC}        Station cloning and deployment
  ${GREEN}master-link${NC}  Mesh network management
  ${GREEN}ai${NC}           AI copilot (optional)

${BOLD}Examples:${NC}
  secubox app list
  secubox app install wireguard-vpn
  secubox feed list
  secubox profile export --name "My Setup"
  secubox diag health
  secubox device status
  secubox clone build && secubox clone serve --start
  secubox master-link status

Run ${BOLD}secubox <command> help${NC} for command-specific help.
EOF
}

# Feed commands
cmd_feed() {
	case "$1" in
		list)
			/usr/sbin/secubox-feed-manager list
			;;
		add)
			shift
			/usr/sbin/secubox-feed-manager add "$@"
			;;
		remove)
			/usr/sbin/secubox-feed-manager remove "$2"
			;;
		share)
			/usr/sbin/secubox-feed-manager share "$2"
			;;
		import)
			shift
			/usr/sbin/secubox-feed-manager import "$@"
			;;
		sync)
			/usr/sbin/secubox-catalog-sync sync
			;;
		help|*)
			cat <<EOF
${BOLD}secubox feed${NC} - Catalog feed source management

${BOLD}Usage:${NC}
  secubox feed list                          List feeds with type badges
  secubox feed add <name> <url> [options]    Add a new feed source
  secubox feed remove <name>                 Remove a feed source
  secubox feed share <name>                  Generate share URL for feed
  secubox feed import <url|file>             Import shared feed
  secubox feed sync                          Sync all enabled feeds

${BOLD}Options for add:${NC}
  --type <type>       published|unpublished|development (default: unpublished)
  --priority <n>      Feed priority (lower = higher priority)
  --description <d>   Feed description

${BOLD}Feed Types:${NC}
  ${GREEN}published${NC}     Public feed (official, community-maintained)
  ${YELLOW}unpublished${NC}   Private feed (requires auth token to share)
  ${BLUE}development${NC}   Local development feed (not shareable)

${BOLD}Examples:${NC}
  secubox feed add my-feed https://example.com/catalog.json --type unpublished
  secubox feed share my-feed   # Generate share URL with token
  secubox feed import secubox://feed/abc123?token=xyz
EOF
			;;
	esac
}

# Skill commands
cmd_skill() {
	case "$1" in
		list)
			/usr/sbin/secubox-skill list
			;;
		providers)
			/usr/sbin/secubox-skill providers "$2"
			;;
		install)
			/usr/sbin/secubox-skill install "$2"
			;;
		check)
			/usr/sbin/secubox-skill check "$2"
			;;
		help|*)
			cat <<EOF
${BOLD}secubox skill${NC} - Capability discovery and management

${BOLD}Usage:${NC}
  secubox skill list               List all available skills
  secubox skill providers <skill>  Show apps that provide a skill
  secubox skill install <skill>    Install best provider for skill
  secubox skill check [profile]    Verify skills in profile/system

${BOLD}Examples:${NC}
  secubox skill list                    # List: captive-portal, vpn, etc.
  secubox skill providers captive-portal # Shows: auth-guardian, nodogsplash
  secubox skill install vpn             # Installs wireguard-dashboard
EOF
			;;
	esac
}

# Feedback commands
cmd_feedback() {
	case "$1" in
		report)
			shift
			/usr/sbin/secubox-feedback report "$@"
			;;
		resolve)
			shift
			/usr/sbin/secubox-feedback resolve "$@"
			;;
		search)
			/usr/sbin/secubox-feedback search "$2"
			;;
		list)
			/usr/sbin/secubox-feedback list
			;;
		submit)
			/usr/sbin/secubox-feedback submit
			;;
		help|*)
			cat <<EOF
${BOLD}secubox feedback${NC} - Issue reporting and resolution tracking

${BOLD}Usage:${NC}
  secubox feedback report <app> [options]   Report an issue
  secubox feedback resolve <issue-id> [options]  Record a resolution
  secubox feedback search <keyword>         Search known resolutions
  secubox feedback list                     List local issues
  secubox feedback submit                   Share resolutions upstream (opt-in)

${BOLD}Options for report:${NC}
  --type <type>      bug|feature|question (default: bug)
  --summary <text>   Issue summary
  --details <text>   Detailed description

${BOLD}Examples:${NC}
  secubox feedback report luci-app-example --type bug --summary "Crash on load"
  secubox feedback resolve 1 --description "Fixed by updating config"
  secubox feedback search "vpn connection"
EOF
			;;
	esac
}

# App commands
cmd_app() {
	case "$1" in
		list)
			/usr/sbin/secubox-appstore list
			;;
		search)
			/usr/sbin/secubox-appstore search "$2"
			;;
		info)
			/usr/sbin/secubox-appstore info "$2"
			;;
		install)
			shift
			/usr/sbin/secubox-appstore install "$@"
			;;
		remove)
			/usr/sbin/secubox-appstore remove "$2"
			;;
		update)
			/usr/sbin/secubox-appstore update "$2"
			;;
		health)
			/usr/sbin/secubox-appstore health
			;;
		help|*)
			cat <<EOF
${BOLD}secubox app${NC} - Module and AppStore management

${BOLD}Usage:${NC}
  secubox app list              List all available modules
  secubox app search <query>    Search for modules
  secubox app info <module>     Show module details
  secubox app install <module>  Install a module
  secubox app remove <module>   Remove a module
  secubox app update [module]   Update module(s)
  secubox app health            Check module health
EOF
			;;
	esac
}

# Profile commands
cmd_profile() {
	case "$1" in
		list)
			/usr/sbin/secubox-profile list
			;;
		show)
			/usr/sbin/secubox-profile show "$2"
			;;
		apply)
			shift
			/usr/sbin/secubox-profile apply "$@"
			;;
		validate)
			/usr/sbin/secubox-profile validate "$2"
			;;
		export)
			/usr/sbin/secubox-profile export "$2"
			;;
		help|*)
			cat <<EOF
${BOLD}secubox profile${NC} - Profile and template management

${BOLD}Usage:${NC}
  secubox profile list                List available profiles
  secubox profile show <profile>      Show profile details
  secubox profile apply <profile>     Apply a profile
  secubox profile validate <profile>  Validate profile syntax
  secubox profile export [file]       Export current config as profile
EOF
			;;
	esac
}

# Device commands
cmd_device() {
	case "$1" in
		info)
			ubus call system board 2>/dev/null | jsonfilter \
				-e 'Hostname: @.hostname' \
				-e 'Model: @.model' \
				-e 'Board: @.board_name' \
				-e 'Release: @.release.distribution @.release.version' \
				-e 'Kernel: @.kernel' \
				-e 'Architecture: @.system'
			;;
		status)
			/usr/sbin/secubox-core status | jsonfilter \
				-e 'Version: @.version' \
				-e 'Uptime: @.uptime' \
				-e 'CPU Load: @.resources.cpu_load' \
				-e 'Memory: @.resources.memory_percent%' \
				-e 'Storage: @.resources.storage_percent%' \
				-e 'WAN: @.network.wan.ipaddr (@.network.wan.device)' \
				-e 'LAN: @.network.lan.ipaddr'
			;;
		reboot)
			echo -e "${YELLOW}Rebooting in 3 seconds...${NC}"
			sleep 3
			reboot
			;;
		factory-reset)
			echo -e "${RED}${BOLD}WARNING: This will erase all configuration!${NC}"
			read -p "Type 'YES' to confirm: " confirm
			if [ "$confirm" = "YES" ]; then
				firstboot -y && reboot
			else
				echo "Cancelled"
			fi
			;;
		backup)
			output="${2:-/tmp/secubox-backup-$(date +%Y%m%d-%H%M%S).tar.gz}"
			sysupgrade -b "$output"
			echo -e "${GREEN}Backup saved: $output${NC}"
			;;
		help|*)
			cat <<EOF
${BOLD}secubox device${NC} - Device information and management

${BOLD}Usage:${NC}
  secubox device info           Show device information
  secubox device status         Show system status
  secubox device reboot         Reboot device
  secubox device factory-reset  Factory reset (WARNING: destructive)
  secubox device backup [file]  Backup configuration
EOF
			;;
	esac
}

# Network commands
cmd_net() {
	case "$1" in
		status)
			echo -e "${BOLD}Network Interfaces:${NC}"
			ip -br addr show
			;;
		interfaces)
			ubus call network.interface dump | jsonfilter -e '@.interface[@.interface,@.proto,@.up,@.device]'
			;;
		restart)
			if [ -n "$2" ]; then
				echo "Restarting interface: $2"
				ifdown "$2" && ifup "$2"
			else
				echo "Restarting network..."
				/etc/init.d/network restart
			fi
			;;
		test-connectivity)
			echo -n "Testing internet connectivity... "
			if ping -c 3 -W 5 8.8.8.8 >/dev/null 2>&1; then
				echo -e "${GREEN}✓ OK${NC}"
			else
				echo -e "${RED}✗ Failed${NC}"
			fi
			;;
		help|*)
			cat <<EOF
${BOLD}secubox net${NC} - Network management

${BOLD}Usage:${NC}
  secubox net status              Show network status
  secubox net interfaces          List network interfaces
  secubox net restart [interface] Restart network/interface
  secubox net test-connectivity   Test internet connectivity
EOF
			;;
	esac
}

# Diagnostics commands
cmd_diag() {
	case "$1" in
		health)
			/usr/sbin/secubox-diagnostics health
			;;
		logs)
			shift
			if [ -n "$1" ]; then
				logread -e "$1"
			else
				logread | tail -100
			fi
			;;
		trace)
			if [ -n "$2" ]; then
				traceroute -n "$2"
			else
				echo "Usage: secubox diag trace <target>"
			fi
			;;
		report)
			/usr/sbin/secubox-diagnostics report
			;;
		help|*)
			cat <<EOF
${BOLD}secubox diag${NC} - Diagnostics and health checks

${BOLD}Usage:${NC}
  secubox diag health         Run health check
  secubox diag logs [service] View system logs
  secubox diag trace <target> Network trace to target
  secubox diag report         Generate diagnostic report
EOF
			;;
	esac
}

# Landing page commands
cmd_landing() {
	case "$1" in
		generate|gen)
			shift
			/usr/sbin/secubox-landing generate "$@"
			;;
		list|ls)
			/usr/sbin/secubox-landing list
			;;
		show)
			/usr/sbin/secubox-landing show "$2"
			;;
		regenerate|regen)
			/usr/sbin/secubox-landing regenerate
			;;
		help|*)
			cat <<EOF
${BOLD}secubox landing${NC} - Landing page generator

${BOLD}Usage:${NC}
  secubox landing list              List all zones and service counts
  secubox landing show <zone>       Show services for a zone
  secubox landing generate [zone]   Generate landing page(s)
  secubox landing regenerate        Regenerate all landing pages

${BOLD}Examples:${NC}
  secubox landing list
  secubox landing generate gk2.secubox.in
  secubox landing regenerate
EOF
			;;
	esac
}

# AI commands (optional)
cmd_ai() {
	# Check if AI is enabled
	local ai_enabled=$(uci -q get secubox.main.ai_enabled)
	if [ "$ai_enabled" != "1" ]; then
		echo -e "${YELLOW}AI copilot is disabled.${NC}"
		echo "Enable with: uci set secubox.main.ai_enabled=1 && uci commit"
		exit 1
	fi

	case "$1" in
		suggest)
			shift
			/usr/sbin/secubox-ai suggest "$@"
			;;
		explain)
			/usr/sbin/secubox-ai explain "$2"
			;;
		generate)
			/usr/sbin/secubox-ai generate "$2"
			;;
		help|*)
			cat <<EOF
${BOLD}secubox ai${NC} - AI copilot (optional)

${BOLD}Usage:${NC}
  secubox ai suggest <context>  Get AI suggestions
  secubox ai explain <config>   Explain configuration
  secubox ai generate <type>    Generate config/macro

${YELLOW}Note: AI features are experimental and require explicit user approval${NC}
EOF
			;;
	esac
}

# Clone commands
cmd_clone() {
	case "$1" in
		build)
			shift
			/usr/sbin/secubox-cloner build "$@"
			;;
		serve)
			shift
			/usr/sbin/secubox-cloner serve "$@"
			;;
		token)
			shift
			/usr/sbin/secubox-cloner token "$@"
			;;
		status)
			/usr/sbin/secubox-cloner status
			;;
		list)
			/usr/sbin/secubox-cloner list
			;;
		export)
			shift
			/usr/sbin/secubox-cloner export "$@"
			;;
		help|*)
			cat <<EOF
${BOLD}secubox clone${NC} - Station cloning and deployment

${BOLD}Usage:${NC}
  secubox clone build [--resize SIZE]   Build clone image for current device
  secubox clone serve [--start|--stop]  Manage TFTP clone server
  secubox clone token [--auto-approve]  Generate clone join token
  secubox clone status                  Show cloner status
  secubox clone list                    List pending/joined clones
  secubox clone export [FILE]           Export clone image

${BOLD}Clone Workflow:${NC}
  1. ${GREEN}secubox clone build${NC}        Build clone image for same device type
  2. ${GREEN}secubox clone serve --start${NC} Start TFTP server
  3. Boot target from TFTP (see U-Boot commands)
  4. ${GREEN}secubox clone list${NC}         Verify clone joined mesh

${BOLD}Examples:${NC}
  secubox clone build
  secubox clone token --auto-approve
  secubox clone serve --start
EOF
			;;
	esac
}

# Master-link shortcut commands
cmd_master_link() {
	case "$1" in
		status)
			/usr/lib/secubox/master-link.sh status
			;;
		peers)
			/usr/lib/secubox/master-link.sh peers
			;;
		token)
			/usr/lib/secubox/master-link.sh token-generate
			;;
		clone-token)
			/usr/lib/secubox/master-link.sh clone-token
			;;
		join)
			shift
			/usr/lib/secubox/master-link.sh join "$@"
			;;
		approve)
			/usr/lib/secubox/master-link.sh join-approve "$2"
			;;
		pending)
			ls -la /var/lib/secubox-master-link/requests/ 2>/dev/null || echo "No pending requests"
			;;
		help|*)
			cat <<EOF
${BOLD}secubox master-link${NC} - Mesh network management

${BOLD}Usage:${NC}
  secubox master-link status        Show mesh status
  secubox master-link peers         List mesh peers
  secubox master-link token         Generate join token
  secubox master-link clone-token   Generate auto-approve clone token
  secubox master-link join <ip>     Join a mesh (as peer)
  secubox master-link approve <fp>  Approve pending join request
  secubox master-link pending       List pending join requests

${BOLD}Examples:${NC}
  secubox master-link status
  secubox master-link token
  secubox master-link approve abc123
EOF
			;;
	esac
}

# Main command router
case "$1" in
	app)
		shift
		cmd_app "$@"
		;;
	feed)
		shift
		cmd_feed "$@"
		;;
	profile)
		shift
		cmd_profile "$@"
		;;
	skill)
		shift
		cmd_skill "$@"
		;;
	feedback)
		shift
		cmd_feedback "$@"
		;;
	device)
		shift
		cmd_device "$@"
		;;
	net)
		shift
		cmd_net "$@"
		;;
	diag)
		shift
		cmd_diag "$@"
		;;
	landing)
		shift
		cmd_landing "$@"
		;;
	ai)
		shift
		cmd_ai "$@"
		;;
	clone|cloner)
		shift
		cmd_clone "$@"
		;;
	master-link|mesh)
		shift
		cmd_master_link "$@"
		;;
	-v|--version|version)
		echo "SecuBox v${SECUBOX_VERSION}"
		;;
	-h|--help|help|"")
		usage
		;;
	*)
		echo -e "${RED}Unknown command: $1${NC}"
		echo ""
		usage
		exit 1
		;;
esac
