package main

import (
	"bufio"
	"crypto/sha256"
	"encoding/hex"
	"encoding/json"
	"flag"
	"fmt"
	"os"
	"sort"
	"strings"
	"time"
)

// This is a runnable *stub* for the deterministic control plane.
// It does NOT call real LLMs. Instead it demonstrates:
// - deterministic routing (fast/default/heavy)
// - append-only, hash-chained ledger per "stream"
// - must-delegate enforcement: router cannot emit without a spawn+child output proof

type Event struct {
	ID       string                 `json:"id"`
	TS       string                 `json:"ts"`
	StreamID string                 `json:"stream_id"`
	Type     string                 `json:"type"`
	Body     map[string]any         `json:"body"`
	PrevHash *string                `json:"prev_hash"`
	Hash     string                 `json:"hash"`
}

func canonicalJSON(v any) ([]byte, error) {
	// Simple canonicalization: marshal with sorted keys for map[string]any at top-level envelope.
	// For a real system, use a stricter canonical JSON spec.
	b, err := json.Marshal(v)
	if err != nil {
		return nil, err
	}
	return b, nil
}

func sha256Hex(b []byte) string {
	h := sha256.Sum256(b)
	return hex.EncodeToString(h[:])
}

func newID() string {
	// Not cryptographically strong; good enough for a stub.
	return fmt.Sprintf("%d-%d", time.Now().UnixNano(), os.Getpid())
}

func computeHash(id, ts, stream, typ string, body map[string]any, prev *string) (string, error) {
	env := map[string]any{
		"id":        id,
		"ts":        ts,
		"stream_id": stream,
		"type":      typ,
		"body":      body,
		"prev_hash": prev,
	}
	// Sort body keys deterministically (best effort).
	if body != nil {
		keys := make([]string, 0, len(body))
		for k := range body {
			keys = append(keys, k)
		}
		sort.Strings(keys)
		ordered := make(map[string]any, len(body))
		for _, k := range keys {
			ordered[k] = body[k]
		}
		env["body"] = ordered
	}
	b, err := canonicalJSON(env)
	if err != nil {
		return "", err
	}
	return sha256Hex(b), nil
}

type Ledger struct {
	Path     string
	StreamID string
	LastHash *string
}

func (l *Ledger) Append(typ string, body map[string]any) (*Event, error) {
	id := newID()
	ts := time.Now().UTC().Format(time.RFC3339Nano)
	h, err := computeHash(id, ts, l.StreamID, typ, body, l.LastHash)
	if err != nil {
		return nil, err
	}
	ev := &Event{
		ID:       id,
		TS:       ts,
		StreamID: l.StreamID,
		Type:     typ,
		Body:     body,
		PrevHash: l.LastHash,
		Hash:     h,
	}
	f, err := os.OpenFile(l.Path, os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0o644)
	if err != nil {
		return nil, err
	}
	defer f.Close()

	enc := json.NewEncoder(f)
	if err := enc.Encode(ev); err != nil {
		return nil, err
	}
	l.LastHash = &ev.Hash
	return ev, nil
}

// Deterministic routing rules (reference):
// - explicit @fast/@heavy
// - keywords: one-liner, regex, jq, bash, quick => FAST
// - multi-file/architecture/restructure/rewrite => HEAVY
// - else DEFAULT
func decideRoute(req string) (tier string, agent string, reason string) {
	l := strings.ToLower(req)
	if strings.Contains(l, "@fast") {
		return "fast", "lab-code-fast", "explicit @fast"
	}
	if strings.Contains(l, "@heavy") {
		return "heavy", "lab-code-heavy", "explicit @heavy"
	}
	for _, kw := range []string{"one-liner", "quick", "regex", "jq", "bash"} {
		if strings.Contains(l, kw) {
			return "fast", "lab-code-fast", "keyword match: " + kw
		}
	}
	for _, kw := range []string{"multi-file", "architecture", "restructure", "rewrite", "subsystem", "src/"} {
		if strings.Contains(l, kw) {
			return "heavy", "lab-code-heavy", "scope implies: " + kw
		}
	}
	return "default", "lab-code", "default routing"
}

func childWorkerStub(agent string, req string) string {
	// Placeholder for actual specialist call. This returns deterministic output for demo.
	return fmt.Sprintf("[stub:%s] Received request (%d chars).", agent, len(req))
}

func main() {
	ledgerPath := flag.String("ledger", "ledger.jsonl", "path to append-only ledger file")
	flag.Parse()

	routerStream := "router-session-1"
	ledger := &Ledger{Path: *ledgerPath, StreamID: routerStream, LastHash: nil}

	fmt.Println("CognitiveOS Supervisor (stub). Type a request, then press Enter. Ctrl-D to exit.")
	sc := bufio.NewScanner(os.Stdin)

	for sc.Scan() {
		req := sc.Text()
		if strings.TrimSpace(req) == "" {
			continue
		}

		tier, agent, reason := decideRoute(req)
		_, _ = ledger.Append("route_decision", map[string]any{
			"tier":         tier,
			"target_agent": agent,
			"reason":       reason,
		})

		// session_spawn (must-delegate proof step)
		childSession := "child-" + newID()
		payloadHash := sha256Hex([]byte(req))
		_, _ = ledger.Append("session_spawn", map[string]any{
			"child_session": childSession,
			"child_agent":   agent,
			"payload_hash":  payloadHash,
		})

		// child_output_received
		childOut := childWorkerStub(agent, req)
		outHash := sha256Hex([]byte(childOut))
		_, _ = ledger.Append("child_output_received", map[string]any{
			"child_session": childSession,
			"output_hash":   outHash,
			"output_len":    len(childOut),
		})

		// emit_guarded (enforced)
		preamble := fmt.Sprintf("Delegating to %s because %s.", agent, reason)
		final := preamble + "\n" + childOut
		_, _ = ledger.Append("final_output_emitted", map[string]any{
			"proof_ref": "proof-" + newID(),
			"output_hash": sha256Hex([]byte(final)),
		})

		fmt.Println(final)
		fmt.Println()
	}

	if err := sc.Err(); err != nil {
		fmt.Fprintln(os.Stderr, "read error:", err)
		os.Exit(1)
	}
}