#!/usr/bin/env bash
# check-tokens.sh — valideer credentials VOORDAT de daemon-loop start
#
# Tests:
#   1. CLAUDE_CODE_OAUTH_TOKEN of ANTHROPIC_API_KEY aanwezig
#   2. SCRUM4ME_TOKEN aanwezig en werkt tegen ${SCRUM4ME_BASE_URL}/api/products
#   3. DATABASE_URL bereikbaar (best-effort: lege psql-style connect via node)
#
# Exit 0 op success, 1 bij elke fout.

set -uo pipefail

source /opt/agent/bin/_lib.sh

ok=true

# ----- 1. Anthropic credentials ----------------------------------------
if [[ -z "${CLAUDE_CODE_OAUTH_TOKEN:-}" && -z "${ANTHROPIC_API_KEY:-}" ]]; then
    log "FAIL: neither CLAUDE_CODE_OAUTH_TOKEN nor ANTHROPIC_API_KEY is set"
    ok=false
else
    if [[ -n "${CLAUDE_CODE_OAUTH_TOKEN:-}" && -n "${ANTHROPIC_API_KEY:-}" ]]; then
        log "WARN: both CLAUDE_CODE_OAUTH_TOKEN and ANTHROPIC_API_KEY are set; Claude Code will pick one and warn"
    fi
    log "OK: anthropic credential present"
fi

# ----- 2. Scrum4Me API token -------------------------------------------
if [[ -z "${SCRUM4ME_TOKEN:-}" ]]; then
    log "FAIL: SCRUM4ME_TOKEN is not set"
    ok=false
elif [[ -z "${SCRUM4ME_BASE_URL:-}" ]]; then
    log "WARN: SCRUM4ME_BASE_URL not set — skipping API token validation"
else
    log "checking SCRUM4ME_TOKEN against ${SCRUM4ME_BASE_URL}/api/products"
    http_code=$(curl -sS -o /tmp/check-products.out -w '%{http_code}' \
        -H "Authorization: Bearer ${SCRUM4ME_TOKEN}" \
        "${SCRUM4ME_BASE_URL}/api/products" || echo "000")
    case "$http_code" in
        200)
            count=$(jq 'length' /tmp/check-products.out 2>/dev/null || echo "?")
            log "OK: SCRUM4ME_TOKEN works (${count} accessible products)"
            ;;
        401)
            log "FAIL: SCRUM4ME_TOKEN returned 401 — token revoked or wrong"
            ok=false
            ;;
        403)
            log "FAIL: SCRUM4ME_TOKEN returned 403 — likely a demo-token; create a non-demo agent-user"
            ok=false
            ;;
        000)
            log "FAIL: could not reach ${SCRUM4ME_BASE_URL} — network or DNS issue"
            ok=false
            ;;
        *)
            log "FAIL: unexpected status ${http_code} from ${SCRUM4ME_BASE_URL}/api/products"
            cat /tmp/check-products.out >&2 || true
            ok=false
            ;;
    esac
    rm -f /tmp/check-products.out
fi

# ----- 3. Database bereikbaarheid --------------------------------------
# We hebben geen psql geinstalleerd om dependency-bloat te vermijden.
# Best-effort: parse host+port uit DATABASE_URL en doe een TCP-connect.
if [[ -z "${DATABASE_URL:-}" ]]; then
    log "FAIL: DATABASE_URL not set"
    ok=false
else
    db_host=$(echo "$DATABASE_URL" | sed -E 's#.*@([^:/?]+).*#\1#')
    db_port=$(echo "$DATABASE_URL" | sed -nE 's#.*@[^:/]+:([0-9]+).*#\1#p')
    db_port=${db_port:-5432}
    if [[ -z "$db_host" ]]; then
        log "WARN: could not parse host from DATABASE_URL — skipping reachability check"
    else
        log "checking TCP connect to ${db_host}:${db_port}"
        if timeout 5 bash -c "</dev/tcp/${db_host}/${db_port}" 2>/dev/null; then
            log "OK: ${db_host}:${db_port} reachable"
        else
            log "FAIL: cannot reach ${db_host}:${db_port}"
            ok=false
        fi
    fi
fi

if $ok; then
    log "all pre-flight checks passed"
    exit 0
else
    log "pre-flight failed"
    exit 1
fi