#!/usr/bin/env bash
#MISE description="Deploy to bigblack with safety gates + playbook patterns (v1.1)"
#MISE depends=["release:build-all"]
#
# Implements: odb-ship Phases 3-4 + sidecar-restart-zero-overlap-zero-gap-recovery-playbook Pattern 1
# Sequence: git sync → staging venv → monit unmonitor → stop → atomic swap → systemd sync → start sidecar → verify → start kintsugi → monit monitor

set -euo pipefail

REMOTE="bigblack"
VERSION=$(grep -A5 '\[workspace.package\]' Cargo.toml | grep '^version' | head -1 | sed 's/.*= "\(.*\)"/\1/')

echo "=== Deploy v${VERSION} to $REMOTE ==="

# ─────────────────────────────────────────────────────────────
# DEPL-02: Resolve deploy directory from systemd WorkingDirectory
# ─────────────────────────────────────────────────────────────
DEPLOY_DIR=$(ssh "$REMOTE" 'grep -oP "(?<=WorkingDirectory=).*" ~/.config/systemd/user/opendeviationbar-sidecar.service 2>/dev/null' \
  || echo "/home/tca/opendeviationbar-py")
echo "✓ Deploy directory: $DEPLOY_DIR"

# ─────────────────────────────────────────────────────────────
# DEPL-01: Wheel freshness assertion (stale wheel detection)
# ─────────────────────────────────────────────────────────────
WHEEL=$(ls -t dist/*manylinux*.whl 2>/dev/null | head -1)
if [ -z "$WHEEL" ]; then
    echo "❌ No Linux wheel found in dist/. Run 'mise run release:build-all' first."
    exit 1
fi

WHEEL_MTIME=$(stat -f %m "$WHEEL" 2>/dev/null || stat -c %Y "$WHEEL" 2>/dev/null)
NOW=$(date +%s)
WHEEL_AGE=$((NOW - WHEEL_MTIME))
if [ "$WHEEL_AGE" -gt 300 ]; then
    echo "⚠  Wheel is ${WHEEL_AGE}s old (>5 min). Rebuilding..."
    BUILD_START=$(date +%s)
    mise run release:build-all
    BUILD_END=$(date +%s)
    BUILD_TIME=$((BUILD_END - BUILD_START))
    if [ "$BUILD_TIME" -lt 30 ]; then
        echo "❌ ABORT: Build completed in ${BUILD_TIME}s (<30s = stale cached wheel)"
        echo "   Run: cargo clean && mise run release:build-all"
        exit 1
    fi
    echo "✓ Fresh build: ${BUILD_TIME}s"
    WHEEL=$(ls -t dist/*manylinux*.whl | head -1)
fi
echo "✓ Wheel: $(basename "$WHEEL")"

# ─────────────────────────────────────────────────────────────
# Phase 3.1: Git sync on bigblack
# ─────────────────────────────────────────────────────────────
echo "→ Git sync on $REMOTE..."
ssh "$REMOTE" "cd $DEPLOY_DIR && git fetch origin main --tags && git reset --hard origin/main && git clean -fd" 2>&1 | tail -3

# ─────────────────────────────────────────────────────────────
# Phase 3.3-3.5: Build + verify staging venv (BEFORE stopping services)
# ─────────────────────────────────────────────────────────────
echo "→ Building staging venv..."
REMOTE_PYTHON=$(ssh "$REMOTE" "ls -d ~/.local/share/mise/installs/python/3.13*/bin/python3 2>/dev/null | tail -1")
ssh "$REMOTE" "cd $DEPLOY_DIR && rm -rf .venv-staging && ~/.local/bin/uv venv --python $REMOTE_PYTHON .venv-staging" 2>&1 | tail -1

echo "→ Installing v${VERSION} into staging venv..."
ssh "$REMOTE" "~/.local/bin/uv pip install --python $DEPLOY_DIR/.venv-staging/bin/python3 --refresh-package opendeviationbar opendeviationbar==$VERSION" 2>&1 | tail -3

# Verify staging before proceeding
echo "→ Verifying staging venv..."
ssh "$REMOTE" "$DEPLOY_DIR/.venv-staging/bin/python3 -c '
import opendeviationbar; v = opendeviationbar.__version__
from opendeviationbar import OpenDeviationBarProcessor
from pathlib import Path
import opendeviationbar.clickhouse.cache as ch
assert (Path(ch.__file__).parent / \"schema.sql\").exists()
import opendeviationbar.symbol_registry as sr
assert (Path(sr.__file__).parent / \"data\" / \"symbols.toml\").exists()
print(f\"✓ Staging verified: v{v}\")
'"

# Nuke .pth shadowing artifacts
ssh "$REMOTE" "
SITE_PKG=\$($DEPLOY_DIR/.venv-staging/bin/python3 -c 'import site; print(site.getsitepackages()[0])')
PTH=\"\$SITE_PKG/opendeviationbar.pth\"
[ -f \"\$PTH\" ] && rm -f \"\$PTH\" && echo '⚠ Removed .pth shadowing' || true
"

# ─────────────────────────────────────────────────────────────
# Phase 4.1: Monit unmonitor THEN stop (CRITICAL: playbook Pattern 1)
# Without unmonitor, monit auto-restarts services within 120s
# ─────────────────────────────────────────────────────────────
echo "→ Unmonitoring from monit..."
ssh "$REMOTE" 'sudo monit unmonitor sidecar 2>/dev/null; sudo monit unmonitor kintsugi 2>/dev/null; true'

echo "→ Stopping services..."
ssh "$REMOTE" 'systemctl --user stop opendeviationbar-sidecar opendeviationbar-kintsugi opendeviationbar-kintsugi-catchup 2>/dev/null; true'
sleep 2

# ─────────────────────────────────────────────────────────────
# Phase 4.2: Atomic venv swap (same-filesystem mv is atomic)
# ─────────────────────────────────────────────────────────────
echo "→ Atomic venv swap..."
ssh "$REMOTE" "cd $DEPLOY_DIR && rm -rf .venv-old && mv .venv .venv-old 2>/dev/null; mv .venv-staging .venv && rm -rf .venv-old"
echo "✓ Venv swapped"

# ─────────────────────────────────────────────────────────────
# Phase 4.3: Sync systemd units + reload
# ─────────────────────────────────────────────────────────────
echo "→ Syncing systemd units..."
ssh "$REMOTE" "
cp $DEPLOY_DIR/scripts/systemd/opendeviationbar-sidecar.service ~/.config/systemd/user/
cp $DEPLOY_DIR/scripts/systemd/opendeviationbar-kintsugi.service ~/.config/systemd/user/
cp $DEPLOY_DIR/scripts/systemd/opendeviationbar-kintsugi-catchup.service ~/.config/systemd/user/
cp $DEPLOY_DIR/scripts/systemd/opendeviationbar-heartbeat.service ~/.config/systemd/user/
cp $DEPLOY_DIR/scripts/systemd/opendeviationbar-heartbeat.timer ~/.config/systemd/user/
cp $DEPLOY_DIR/scripts/systemd/opendeviationbar-seeder.service ~/.config/systemd/user/
cp $DEPLOY_DIR/scripts/systemd/opendeviationbar-seeder.timer ~/.config/systemd/user/
systemctl --user daemon-reload
systemctl --user enable --now opendeviationbar-heartbeat.timer
systemctl --user enable --now opendeviationbar-seeder.timer
echo '✓ 5 services + 2 timers synced'
"

# ─────────────────────────────────────────────────────────────
# Phase 4.5: Start sidecar FIRST (provides health endpoint + real-time data)
# ─────────────────────────────────────────────────────────────
echo "→ Starting sidecar..."
ssh "$REMOTE" 'systemctl --user start opendeviationbar-sidecar'

# DEPL-03: Post-start telemetry gate — wait for sidecar startup confirmation
echo "→ Waiting for sidecar startup marker..."
for i in $(seq 1 12); do
    if ssh "$REMOTE" "journalctl --user -u opendeviationbar-sidecar --since '60s ago' --no-pager 2>/dev/null | grep -q 'sidecar_startup\|StreamManager started\|engine started'" 2>/dev/null; then
        echo "✓ Sidecar confirmed running (attempt $i)"
        break
    fi
    if [ "$i" -eq 12 ]; then
        echo "❌ ABORT: Sidecar not started after 60s. Check logs:"
        echo "   ssh $REMOTE 'journalctl --user -u opendeviationbar-sidecar -n 50 --no-pager'"
        echo ""
        echo "Rollback: ssh $REMOTE 'cd $DEPLOY_DIR && mv .venv .venv-bad && mv .venv-old .venv 2>/dev/null'"
        exit 1
    fi
    sleep 5
done

# Verify sidecar health endpoint
ssh "$REMOTE" 'curl -sf http://localhost:8081/health | python3 -c "
import sys,json; d=json.load(sys.stdin)
print(f\"✓ Sidecar health: {d.get(chr(115)+chr(116)+chr(97)+chr(116)+chr(117)+chr(115),chr(63))}\")" 2>/dev/null' || echo "⚠ Health endpoint not ready (may need a few more seconds)"

# ─────────────────────────────────────────────────────────────
# Phase 4.5: Start kintsugi AFTER sidecar is confirmed running
# ─────────────────────────────────────────────────────────────
echo "→ Starting kintsugi..."
ssh "$REMOTE" 'systemctl --user start opendeviationbar-kintsugi'
sleep 3

# ─────────────────────────────────────────────────────────────
# Phase 4.6: Re-monitor in monit
# ─────────────────────────────────────────────────────────────
echo "→ Re-monitoring in monit..."
ssh "$REMOTE" 'sudo monit monitor sidecar 2>/dev/null; sudo monit monitor kintsugi 2>/dev/null; true'

# ─────────────────────────────────────────────────────────────
# Phase 4.7: Final service status
# ─────────────────────────────────────────────────────────────
echo ""
ssh "$REMOTE" '
for svc in opendeviationbar-sidecar opendeviationbar-kintsugi opendeviationbar-heartbeat.timer opendeviationbar-seeder.timer; do
  svc_state=$(systemctl --user is-active $svc 2>/dev/null || echo "inactive")
  echo "  $svc: $svc_state"
done
'

echo ""
echo "==========================================="
echo " Deploy v${VERSION} complete!"
echo "==========================================="
echo ""
echo "Monitor:"
echo "  ssh $REMOTE 'journalctl --user -u opendeviationbar-sidecar -f --no-pager'"
echo "  ssh $REMOTE 'journalctl --user -u opendeviationbar-kintsugi -f --no-pager'"
echo ""
echo "Verify overlap self-heal (wait ~5 min):"
echo "  ssh $REMOTE 'journalctl --user -u opendeviationbar-sidecar --since \"10 min ago\" --no-pager | grep overlap_heal'"
