{% from "partials/_macros.html" import card_header, pagination_bar %}

{% set verdict_cls = {
  'malicious':  'bg-red-900/40 text-red-300 border border-red-900/60',
  'suspicious': 'bg-amber-900/40 text-amber-300 border border-amber-900/60',
  'unknown':    'bg-slate-700/40 text-slate-300 border border-slate-600',
  'benign':     'bg-emerald-900/30 text-emerald-300 border border-emerald-900/50',
} %}

{% macro verdict_pill(row) %}
  {% if row.verdict %}
    <span class="inline-flex items-center px-2 py-0.5 rounded-full text-[10px]
                 font-semibold uppercase tracking-wider
                 {{ verdict_cls.get(row.verdict, verdict_cls['unknown']) }}">
      {{ row.verdict }}{% if row.confidence is not none %}
        <span class="ml-1 opacity-70">{{ "%.0f"|format(row.confidence * 100) }}%</span>
      {% endif %}
    </span>
  {% else %}
    <span class="text-slate-600 text-[10px] uppercase tracking-wider">—</span>
  {% endif %}
{% endmacro %}

{% macro subhead(title, c) %}
  <div class="flex items-center gap-2 mt-4 mb-2">
    <h4 class="text-[11px] uppercase tracking-wider text-slate-400 font-semibold">{{ title }}</h4>
    <span class="text-[10px] text-slate-500">{{ c.total }}</span>
    {% if c.malicious %}<span class="text-[10px] px-1.5 rounded bg-red-900/40 text-red-300">{{ c.malicious }} malicious</span>{% endif %}
    {% if c.suspicious %}<span class="text-[10px] px-1.5 rounded bg-amber-900/40 text-amber-300">{{ c.suspicious }} suspicious</span>{% endif %}
  </div>
{% endmacro %}

<div class="bg-slate-900 border border-slate-800 rounded-lg p-5">
  {{ card_header("persistence & tampering — SSH keys · hosts file · privileges") }}

  {% if data %}
  {# ----- filter bar ----- #}
  <form id="persistence-filters"
        class="mb-4 flex flex-wrap items-center gap-2 text-xs"
        onsubmit="return false;">
    <input type="hidden" name="ssh_page"   value="{{ data.pagination.ssh.page }}">
    <input type="hidden" name="hosts_page" value="{{ data.pagination.hosts.page }}">
    <input type="hidden" name="priv_page"  value="{{ data.pagination.priv.page }}">

    <input type="search"
           name="q"
           value="{{ data.q }}"
           placeholder="search keys / hosts / rules"
           autocomplete="off"
           class="bg-slate-800 border border-slate-700 rounded px-2 py-1 w-48 focus:outline-none focus:border-slate-500 placeholder:text-slate-600"
           hx-get="/fragments/persistence"
           hx-target="#persistence"
           hx-include="#persistence-filters"
           hx-trigger="keyup changed delay:300ms, search"
           hx-vals='{"ssh_page": 1, "hosts_page": 1, "priv_page": 1}'>

    <select name="verdict"
            class="bg-slate-800 border border-slate-700 rounded px-2 py-1 focus:outline-none focus:border-slate-500"
            hx-get="/fragments/persistence"
            hx-target="#persistence"
            hx-include="#persistence-filters"
            hx-trigger="change"
            hx-vals='{"ssh_page": 1, "hosts_page": 1, "priv_page": 1}'>
      <option value=""           {% if data.verdict == "" %}selected{% endif %}>all non-benign</option>
      <option value="malicious"  {% if data.verdict == "malicious" %}selected{% endif %}>malicious</option>
      <option value="suspicious" {% if data.verdict == "suspicious" %}selected{% endif %}>suspicious</option>
      <option value="unknown"    {% if data.verdict == "unknown" %}selected{% endif %}>unknown</option>
      <option value="benign"     {% if data.verdict == "benign" %}selected{% endif %}>benign (all)</option>
    </select>

    <select name="per_page"
            class="bg-slate-800 border border-slate-700 rounded px-2 py-1 focus:outline-none focus:border-slate-500"
            hx-get="/fragments/persistence"
            hx-target="#persistence"
            hx-include="#persistence-filters"
            hx-trigger="change"
            hx-vals='{"ssh_page": 1, "hosts_page": 1, "priv_page": 1}'>
      {% for n in per_page_options %}
        <option value="{{ n }}" {% if n == data.per_page %}selected{% endif %}>{{ n }} / page</option>
      {% endfor %}
    </select>
  </form>
  {% endif %}

  {% if data and data.any %}

    {# ---------- SSH authorized keys ---------- #}
    {{ subhead("SSH authorized keys", data.counts.ssh_keys) }}
    {% if data.ssh_keys %}
      <table class="w-full text-xs">
        <thead>
          <tr class="text-slate-500 uppercase tracking-wider text-[10px]">
            <th class="text-left font-semibold pb-2">verdict</th>
            <th class="text-left font-semibold pb-2">account</th>
            <th class="text-left font-semibold pb-2">type</th>
            <th class="text-left font-semibold pb-2">fingerprint</th>
            <th class="text-left font-semibold pb-2">comment</th>
            <th class="text-left font-semibold pb-2">restrictions</th>
          </tr>
        </thead>
        <tbody class="divide-y divide-slate-800/80">
          {% for k in data.ssh_keys %}
            <tr class="hover:bg-slate-800/40 transition-colors" title="{{ k.path }}{% if k.reasoning %} — {{ k.reasoning }}{% endif %}">
              <td class="py-2">{{ verdict_pill(k) }}</td>
              <td class="py-2 text-slate-200 font-mono">{{ k.owner }}</td>
              <td class="py-2 text-slate-400 font-mono">{{ k.key_type }}</td>
              <td class="py-2 text-slate-400 font-mono break-all">{{ k.fingerprint or "—" }}</td>
              <td class="py-2 text-slate-300">{{ k.comment or "—" }}</td>
              <td class="py-2 font-mono {{ 'text-amber-300' if not k.options else 'text-slate-400' }}">{{ k.options or "none" }}</td>
            </tr>
          {% endfor %}
        </tbody>
      </table>
      {% if data.pagination.ssh.total_pages > 1 %}
      <div class="flex items-center gap-3 mt-2 text-xs">
        <button type="button"
                class="px-2 py-1 rounded border border-slate-700 text-slate-300 hover:bg-slate-800 disabled:opacity-30 transition-colors text-[10px]"
                {% if data.pagination.ssh.page <= 1 %}disabled{% endif %}
                hx-get="/fragments/persistence"
                hx-target="#persistence"
                hx-include="#persistence-filters"
                hx-vals='{"ssh_page": {{ data.pagination.ssh.page - 1 }}}'>← prev</button>
        <span class="text-slate-500 font-mono">{{ data.pagination.ssh.page }} / {{ data.pagination.ssh.total_pages }}</span>
        <button type="button"
                class="px-2 py-1 rounded border border-slate-700 text-slate-300 hover:bg-slate-800 disabled:opacity-30 transition-colors text-[10px]"
                {% if data.pagination.ssh.page >= data.pagination.ssh.total_pages %}disabled{% endif %}
                hx-get="/fragments/persistence"
                hx-target="#persistence"
                hx-include="#persistence-filters"
                hx-vals='{"ssh_page": {{ data.pagination.ssh.page + 1 }}}'>next →</button>
        <span class="text-slate-500">{{ data.pagination.ssh.total }} total</span>
      </div>
      {% endif %}
    {% else %}
      <div class="text-slate-600 text-xs italic">no authorized keys found</div>
    {% endif %}

    {# ---------- /etc/hosts ---------- #}
    {{ subhead("/etc/hosts mappings", data.counts.hosts) }}
    {% if data.hosts %}
      <table class="w-full text-xs">
        <thead>
          <tr class="text-slate-500 uppercase tracking-wider text-[10px]">
            <th class="text-left font-semibold pb-2">verdict</th>
            <th class="text-left font-semibold pb-2">ip</th>
            <th class="text-left font-semibold pb-2">hostnames</th>
            <th class="text-left font-semibold pb-2 w-1/3">why</th>
          </tr>
        </thead>
        <tbody class="divide-y divide-slate-800/80">
          {% for hrow in data.hosts %}
            <tr class="hover:bg-slate-800/40 transition-colors">
              <td class="py-2">{{ verdict_pill(hrow) }}</td>
              <td class="py-2 text-slate-200 font-mono">{{ hrow.ip }}</td>
              <td class="py-2 text-slate-300 font-mono break-all">{{ hrow.hostnames }}</td>
              <td class="py-2 text-slate-400 line-clamp-2">{{ hrow.reasoning }}</td>
            </tr>
          {% endfor %}
        </tbody>
      </table>
      {% if data.pagination.hosts.total_pages > 1 %}
      <div class="flex items-center gap-3 mt-2 text-xs">
        <button type="button"
                class="px-2 py-1 rounded border border-slate-700 text-slate-300 hover:bg-slate-800 disabled:opacity-30 transition-colors text-[10px]"
                {% if data.pagination.hosts.page <= 1 %}disabled{% endif %}
                hx-get="/fragments/persistence"
                hx-target="#persistence"
                hx-include="#persistence-filters"
                hx-vals='{"hosts_page": {{ data.pagination.hosts.page - 1 }}}'>← prev</button>
        <span class="text-slate-500 font-mono">{{ data.pagination.hosts.page }} / {{ data.pagination.hosts.total_pages }}</span>
        <button type="button"
                class="px-2 py-1 rounded border border-slate-700 text-slate-300 hover:bg-slate-800 disabled:opacity-30 transition-colors text-[10px]"
                {% if data.pagination.hosts.page >= data.pagination.hosts.total_pages %}disabled{% endif %}
                hx-get="/fragments/persistence"
                hx-target="#persistence"
                hx-include="#persistence-filters"
                hx-vals='{"hosts_page": {{ data.pagination.hosts.page + 1 }}}'>next →</button>
        <span class="text-slate-500">{{ data.pagination.hosts.total }} total</span>
      </div>
      {% endif %}
    {% else %}
      <div class="text-slate-600 text-xs italic">no host mappings found</div>
    {% endif %}

    {# ---------- privilege config ---------- #}
    {{ subhead("privilege config", data.counts.privilege) }}
    {% if data.privilege %}
      <table class="w-full text-xs">
        <thead>
          <tr class="text-slate-500 uppercase tracking-wider text-[10px]">
            <th class="text-left font-semibold pb-2">verdict</th>
            <th class="text-left font-semibold pb-2">kind</th>
            <th class="text-left font-semibold pb-2">subject</th>
            <th class="text-left font-semibold pb-2 w-2/5">detail</th>
            <th class="text-left font-semibold pb-2">source</th>
          </tr>
        </thead>
        <tbody class="divide-y divide-slate-800/80">
          {% for p in data.privilege %}
            <tr class="hover:bg-slate-800/40 transition-colors" title="{{ p.reasoning }}">
              <td class="py-2">{{ verdict_pill(p) }}</td>
              <td class="py-2 text-slate-400 font-mono">{{ p.kind }}</td>
              <td class="py-2 text-slate-200 font-mono">{{ p.subject }}</td>
              <td class="py-2 text-slate-300 font-mono break-all">{{ p.detail }}</td>
              <td class="py-2 text-slate-500 font-mono break-all">{{ p.source_path }}</td>
            </tr>
          {% endfor %}
        </tbody>
      </table>
      {% if data.pagination.priv.total_pages > 1 %}
      <div class="flex items-center gap-3 mt-2 text-xs">
        <button type="button"
                class="px-2 py-1 rounded border border-slate-700 text-slate-300 hover:bg-slate-800 disabled:opacity-30 transition-colors text-[10px]"
                {% if data.pagination.priv.page <= 1 %}disabled{% endif %}
                hx-get="/fragments/persistence"
                hx-target="#persistence"
                hx-include="#persistence-filters"
                hx-vals='{"priv_page": {{ data.pagination.priv.page - 1 }}}'>← prev</button>
        <span class="text-slate-500 font-mono">{{ data.pagination.priv.page }} / {{ data.pagination.priv.total_pages }}</span>
        <button type="button"
                class="px-2 py-1 rounded border border-slate-700 text-slate-300 hover:bg-slate-800 disabled:opacity-30 transition-colors text-[10px]"
                {% if data.pagination.priv.page >= data.pagination.priv.total_pages %}disabled{% endif %}
                hx-get="/fragments/persistence"
                hx-target="#persistence"
                hx-include="#persistence-filters"
                hx-vals='{"priv_page": {{ data.pagination.priv.page + 1 }}}'>next →</button>
        <span class="text-slate-500">{{ data.pagination.priv.total }} total</span>
      </div>
      {% endif %}
    {% else %}
      <div class="text-slate-600 text-xs italic">no privilege entries found</div>
    {% endif %}

  {% else %}
    <div class="text-slate-500 italic">
      no persistence data yet — these collectors read SSH
      <span class="font-mono">authorized_keys</span>,
      <span class="font-mono">/etc/hosts</span> and privilege config; run the
      monitor (with <span class="font-mono">sudo</span> for full visibility)
      and let a cycle complete.
    </div>
  {% endif %}
</div>