{# Adapted from packages/web/src/governor_web/templates/configurations/new.html @ 19455c57c5a9
   Stripped to the single difference governor-audit cares about: GCP project +
   BigQuery region as plain text inputs. No manifest source picker, no GCS
   bucket picker, no GitHub repo, no schedule fields, no detection-rule
   pickers. Submit POSTs to /admin/configurations which runs the same ADC
   probe + save_config code path the CLI's `init` command runs. #}
{% extends "layout.html" %}

{% block content %}
<section class="ui-shell">
  <p class="ui-eyebrow">Setup</p>
  <div class="mt-3 flex items-start justify-between gap-4">
    <div>
      <h1 class="ui-page-title">Configure Audit Target</h1>
      <p class="ui-page-subtitle">
        Set the GCP project and BigQuery region governor-audit will scan.
        Submitting runs one read-only <code class="font-mono">INFORMATION_SCHEMA.SCHEMATA</code> query
        against your project to verify Application Default Credentials work.
      </p>
    </div>
  </div>

  {% if errors and errors.get('_general') %}
    <div class="mt-4 border border-red-300 dark:border-red-500/30 bg-red-50 dark:bg-red-950/40 px-4 py-3 text-sm text-red-600 dark:text-red-300 whitespace-pre-line">
      {{ errors['_general'] }}
    </div>
  {% endif %}

  {% if active_principal %}
    <div class="mt-6 rounded-none border border-emerald-300 dark:border-emerald-500/30 bg-emerald-50 dark:bg-emerald-950/40 p-4 text-sm text-emerald-700 dark:text-emerald-300">
      <span class="font-semibold">Signed in as <code class="font-mono">{{ active_principal }}</code></span>
      <span class="text-emerald-600/80 dark:text-emerald-400/80"> · governor-audit will use these gcloud Application Default Credentials.</span>
    </div>
  {% else %}
    <div class="mt-6 rounded-none border border-amber-300 dark:border-amber-500/30 bg-amber-50 dark:bg-amber-950/40 p-4 text-sm text-amber-700 dark:text-amber-300">
      Run <code class="font-mono">gcloud auth application-default login</code> in your terminal first, then reload this page. governor-audit reads ADC; no service-account JSON, no GitHub auth, no GCS bucket.
    </div>
  {% endif %}

  {% if discovery_error %}
    <div class="mt-3 rounded-none border border-amber-300 dark:border-amber-500/30 bg-amber-50 dark:bg-amber-950/40 p-3 text-sm text-amber-700 dark:text-amber-300">
      {{ discovery_error }}
    </div>
  {% endif %}

  <form method="post" action="/admin/configurations" class="ui-form-scope mt-6 space-y-6">
    <div>
      <label for="gcp_project_id" class="block text-sm font-medium text-slate-600 dark:text-slate-300">
        GCP Project
        {% if gcp_projects %}
          <span class="ml-2 text-sm font-normal text-slate-400 dark:text-slate-500">
            {{ gcp_projects | length }} project{{ "s" if gcp_projects | length != 1 else "" }} accessible
          </span>
        {% endif %}
      </label>
      <input
        type="text"
        name="gcp_project_id"
        id="gcp_project_id"
        required
        autofocus
        autocomplete="off"
        list="gcp-project-options"
        value="{{ form_data.gcp_project_id if form_data else '' }}"
        placeholder="{% if gcp_projects %}start typing — pick from your projects{% else %}prod-warehouse-123{% endif %}"
        class="mt-1 w-full border border-slate-300 dark:border-slate-700 bg-white dark:bg-slate-800 px-3 py-2 text-sm font-mono text-slate-900 dark:text-slate-100 focus:border-brand-500 focus:outline-hidden"
      />
      {% if gcp_projects %}
        <datalist id="gcp-project-options">
          {% for project in gcp_projects %}
            <option value="{{ project.project_id }}">{% if project.display_name %}{{ project.display_name }} · {% endif %}{{ project.project_id }}</option>
          {% endfor %}
        </datalist>
      {% endif %}
      <p class="mt-1 text-sm text-slate-400 dark:text-slate-500">
        {% if gcp_projects %}
          Pick from the list (sourced from your gcloud ADC) or type any project ID. Manual entry always works.
        {% else %}
          Must match the GCP project ID grammar
          (<code class="font-mono">^[a-z][-a-z0-9]&#123;4,28&#125;[a-z0-9]$</code>).
        {% endif %}
      </p>
      {% if errors and errors.get('gcp_project_id') %}
        <p class="mt-1 text-sm text-red-500 dark:text-red-400">{{ errors['gcp_project_id'] }}</p>
      {% endif %}
    </div>

    <div>
      <label for="bigquery_region" class="block text-sm font-medium text-slate-600 dark:text-slate-300">BigQuery Region</label>
      <input
        type="text"
        name="bigquery_region"
        id="bigquery_region"
        required
        autocomplete="off"
        list="bq-region-options"
        value="{{ form_data.bigquery_region if form_data else '' }}"
        placeholder="us"
        class="mt-1 w-full border border-slate-300 dark:border-slate-700 bg-white dark:bg-slate-800 px-3 py-2 text-sm font-mono text-slate-900 dark:text-slate-100 focus:border-brand-500 focus:outline-hidden"
      />
      <datalist id="bq-region-options">
        <option value="us">us · multi-region (United States)</option>
        <option value="eu">eu · multi-region (European Union)</option>
        <option value="us-central1">us-central1 · Iowa</option>
        <option value="us-east1">us-east1 · South Carolina</option>
        <option value="us-east4">us-east4 · Northern Virginia</option>
        <option value="us-east5">us-east5 · Columbus</option>
        <option value="us-south1">us-south1 · Dallas</option>
        <option value="us-west1">us-west1 · Oregon</option>
        <option value="us-west2">us-west2 · Los Angeles</option>
        <option value="us-west3">us-west3 · Salt Lake City</option>
        <option value="us-west4">us-west4 · Las Vegas</option>
        <option value="northamerica-northeast1">northamerica-northeast1 · Montréal</option>
        <option value="northamerica-northeast2">northamerica-northeast2 · Toronto</option>
        <option value="northamerica-south1">northamerica-south1 · Querétaro</option>
        <option value="southamerica-east1">southamerica-east1 · São Paulo</option>
        <option value="southamerica-west1">southamerica-west1 · Santiago</option>
        <option value="europe-central2">europe-central2 · Warsaw</option>
        <option value="europe-north1">europe-north1 · Finland</option>
        <option value="europe-north2">europe-north2 · Stockholm</option>
        <option value="europe-southwest1">europe-southwest1 · Madrid</option>
        <option value="europe-west1">europe-west1 · Belgium</option>
        <option value="europe-west2">europe-west2 · London</option>
        <option value="europe-west3">europe-west3 · Frankfurt</option>
        <option value="europe-west4">europe-west4 · Netherlands</option>
        <option value="europe-west6">europe-west6 · Zürich</option>
        <option value="europe-west8">europe-west8 · Milan</option>
        <option value="europe-west9">europe-west9 · Paris</option>
        <option value="europe-west10">europe-west10 · Berlin</option>
        <option value="europe-west12">europe-west12 · Turin</option>
        <option value="me-central1">me-central1 · Doha</option>
        <option value="me-central2">me-central2 · Dammam</option>
        <option value="me-west1">me-west1 · Tel Aviv</option>
        <option value="africa-south1">africa-south1 · Johannesburg</option>
        <option value="asia-east1">asia-east1 · Taiwan</option>
        <option value="asia-east2">asia-east2 · Hong Kong</option>
        <option value="asia-northeast1">asia-northeast1 · Tokyo</option>
        <option value="asia-northeast2">asia-northeast2 · Osaka</option>
        <option value="asia-northeast3">asia-northeast3 · Seoul</option>
        <option value="asia-south1">asia-south1 · Mumbai</option>
        <option value="asia-south2">asia-south2 · Delhi</option>
        <option value="asia-southeast1">asia-southeast1 · Singapore</option>
        <option value="asia-southeast2">asia-southeast2 · Jakarta</option>
        <option value="australia-southeast1">australia-southeast1 · Sydney</option>
        <option value="australia-southeast2">australia-southeast2 · Melbourne</option>
      </datalist>
      <p class="mt-1 text-sm text-slate-400 dark:text-slate-500">
        BigQuery location slug — e.g. <code class="font-mono">us</code>, <code class="font-mono">eu</code>, <code class="font-mono">australia-southeast1</code>. Lowercased on save.
      </p>
      {% if errors and errors.get('bigquery_region') %}
        <p class="mt-1 text-sm text-red-500 dark:text-red-400">{{ errors['bigquery_region'] }}</p>
      {% endif %}
    </div>

    <div class="flex items-start gap-2">
      <input
        type="checkbox"
        name="dbt_only_default"
        id="dbt_only_default"
        {% if form_data and form_data.dbt_only_default %}checked{% endif %}
        class="mt-0.5"
      />
      <label for="dbt_only_default" class="text-sm text-slate-700 dark:text-slate-300">
        Default to dbt-only scans
        <p class="text-sm text-slate-400 dark:text-slate-500 mt-0.5">
          When checked, scans narrow to queries starting with <code class="font-mono">/* {"app": "dbt"</code> by default. Per-scan override always wins; toggle later by editing <code class="font-mono">~/.governor-audit/config.json</code>.
        </p>
      </label>
    </div>

    <div class="flex items-center gap-3 pt-2">
      <button type="submit" class="ui-btn-primary transition-colors">
        Probe ADC and save
      </button>
      <p class="text-sm text-slate-400 dark:text-slate-500">
        ~2s — runs one INFORMATION_SCHEMA.SCHEMATA query against your project.
      </p>
    </div>
  </form>
</section>
{% endblock %}