"""Shared bluesky-pds P4 data-integrity helpers.

The marker is a DETERMINISTIC atproto account (recipe-aware data living in the PDS's sqlite store
under /pds), NOT a loose file — so the restore assertion genuinely catches a restore that fails to
bring the account back (e.g. if the running PDS holds its sqlite open and never reloads the restored
files, the same data-loss class cc-ci caught in immich/mattermost). The handle is derived from the
per-run domain so ops.py (seed/wipe) and the test_<op>.py overlays agree without passing state.
"""

from __future__ import annotations

import os
import re
import shlex
import sys

sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "..", "runner"))
from harness import http as harness_http, lifecycle  # noqa: E402

PDS_HOST_LOCAL = "http://localhost:3000"
_PW = "ccci-P4-marker-pw-2026"


def _handle(domain: str) -> str:
    return f"ccci-p4.{domain}"


def _email(domain: str) -> str:
    return f"ccci-p4@{domain}"


def _goat_admin(domain: str, args: str) -> str:
    """`goat pds admin <args>` inside the PDS `app` container (admin bypasses invite requirement)."""
    cmd = (
        f"goat pds admin {args} "
        f'--admin-password "$(cat /run/secrets/pds_admin_password)" '
        f"--pds-host {PDS_HOST_LOCAL} 2>&1"
    )
    return lifecycle.exec_in_app(domain, ["sh", "-c", cmd], timeout=120)


def account_did(domain: str) -> str | None:
    """The marker account's DID if it exists (public XRPC describeRepo by handle), else None."""
    st, body = harness_http.http_get(
        f"https://{domain}/xrpc/com.atproto.repo.describeRepo?repo={_handle(domain)}"
    )
    if st == 200 and isinstance(body, dict):
        return body.get("did")
    return None


def account_exists(domain: str) -> bool:
    return account_did(domain) is not None


def create_account(domain: str) -> str:
    """Idempotently create the deterministic marker account; return its DID."""
    did = account_did(domain)
    if did:
        return did
    out = _goat_admin(
        domain,
        f"account create --handle {shlex.quote(_handle(domain))} "
        f"--email {shlex.quote(_email(domain))} --password {shlex.quote(_PW)}",
    )
    m = re.search(r"did:plc:[a-z0-9]+", out)
    assert m, f"goat account create produced no DID. Output:\n{out[:400]!r}"
    return m.group(0)


def delete_account(domain: str) -> None:
    """Delete the marker account (so a successful restore is observable). No-op if already gone."""
    did = account_did(domain)
    if did:
        _goat_admin(domain, f"account delete {did}")