#!/usr/bin/env bash
set -euo pipefail

ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"

PVE_HOST="${MEV_BACKEND_PVE_HOST:-192.168.11.14}"
CT_VMID="${MEV_BACKEND_CT_VMID:-2421}"
CT_CONFIG_PATH="${MEV_BACKEND_CT_CONFIG_PATH:-/opt/proxmox/MEV_Bot/mev-platform/config.dev.toml}"
SOURCE_CONFIG="${MEV_SOURCE_CONFIG:-$ROOT/MEV_Bot/mev-platform/config.dev.toml}"
ARTIFACT_PATH="${MEV_EXECUTION_DEPLOY_ARTIFACT:-}"
UNISWAP_V2_ROUTER="${MEV_UNISWAP_V2_ROUTER:-}"
SUSHISWAP_ROUTER="${MEV_SUSHISWAP_ROUTER:-}"
RELAY_URL="${MEV_RELAY_URL:-}"
API_KEY="${MEV_API_KEY:-}"
RPC_URL="${MEV_RPC_URL:-https://eth.llamarpc.com}"
APPLY=0

usage() {
  cat <<'EOF'
Usage: run-mev-post-deploy-cutover-ct2421.sh [options]

Prepares the exact post-deploy cutover for the MEV backend CT (default VMID 2421):
1. patch config.dev.toml from a deployment artifact
2. copy the patched config into CT 2421
3. restart mev-supervisor / mev-admin-api / mev-start-all
4. run local and public verification probes

Defaults to dry-run and prints the exact commands that would be executed.

Options:
  --artifact PATH           Deployment artifact JSON from deploy-mev-execution-contracts.sh
  --uniswap-v2-router ADR   Router address for uniswap_v2
  --sushiswap-router ADR    Router address for sushiswap
  --relay-url URL           Optional relay_url override
  --api-key KEY             API key used for protected verification routes
  --pve-host HOST           Proxmox host running CT 2421 (default: 192.168.11.14)
  --ct-vmid VMID            CT VMID (default: 2421)
  --source-config PATH      Local source config to patch (default: MEV_Bot/mev-platform/config.dev.toml)
  --ct-config PATH          Target config path inside CT (default: /opt/proxmox/MEV_Bot/mev-platform/config.dev.toml)
  --rpc-url URL             RPC URL for readiness checks (default: https://eth.llamarpc.com)
  --apply                   Execute the cutover
  -h, --help                Show this help
EOF
}

while [[ $# -gt 0 ]]; do
  case "$1" in
    --artifact)
      ARTIFACT_PATH="$2"
      shift 2
      ;;
    --uniswap-v2-router)
      UNISWAP_V2_ROUTER="$2"
      shift 2
      ;;
    --sushiswap-router)
      SUSHISWAP_ROUTER="$2"
      shift 2
      ;;
    --relay-url)
      RELAY_URL="$2"
      shift 2
      ;;
    --api-key)
      API_KEY="$2"
      shift 2
      ;;
    --pve-host)
      PVE_HOST="$2"
      shift 2
      ;;
    --ct-vmid)
      CT_VMID="$2"
      shift 2
      ;;
    --source-config)
      SOURCE_CONFIG="$2"
      shift 2
      ;;
    --ct-config)
      CT_CONFIG_PATH="$2"
      shift 2
      ;;
    --rpc-url)
      RPC_URL="$2"
      shift 2
      ;;
    --apply)
      APPLY=1
      shift
      ;;
    -h|--help)
      usage
      exit 0
      ;;
    *)
      echo "Unknown argument: $1" >&2
      usage >&2
      exit 2
      ;;
  esac
done

require_cmd() {
  command -v "$1" >/dev/null 2>&1 || {
    echo "Required command missing: $1" >&2
    exit 2
  }
}

require_cmd ssh
require_cmd mktemp
require_cmd bash
require_cmd sed

if [[ -z "$ARTIFACT_PATH" ]]; then
  echo "--artifact is required" >&2
  exit 2
fi

if [[ -z "$UNISWAP_V2_ROUTER" || -z "$SUSHISWAP_ROUTER" ]]; then
  echo "--uniswap-v2-router and --sushiswap-router are required" >&2
  exit 2
fi

if [[ ! -f "$SOURCE_CONFIG" ]]; then
  echo "Source config not found: $SOURCE_CONFIG" >&2
  exit 2
fi

if [[ ! -f "$ARTIFACT_PATH" ]]; then
  echo "Artifact not found: $ARTIFACT_PATH" >&2
  exit 2
fi

TMP_CONFIG="$(mktemp)"
cleanup() {
  rm -f "$TMP_CONFIG"
}
trap cleanup EXIT

cp "$SOURCE_CONFIG" "$TMP_CONFIG"

PATCH_CMD=(
  bash "$ROOT/scripts/deployment/apply-mev-execution-config-from-artifact.sh"
  --artifact "$ARTIFACT_PATH"
  --config "$TMP_CONFIG"
  --uniswap-v2-router "$UNISWAP_V2_ROUTER"
  --sushiswap-router "$SUSHISWAP_ROUTER"
)
if [[ -n "$RELAY_URL" ]]; then
  PATCH_CMD+=(--relay-url "$RELAY_URL")
fi
PATCH_CMD+=(--apply)
"${PATCH_CMD[@]}" >/tmp/mev-cutover-patch.log

CT_VERIFY_CMD=$(cat <<EOF
set -euo pipefail
printf '== env ==\n'
grep -E '^(MEV_CONFIG|MEV_ADMIN_PORT|MEV_SUPERVISOR_PORT|MEV_SUBMIT_DISABLED|MEV_ADMIN_API_KEY|MEV_EXECUTOR_PRIVATE_KEY)=' /etc/mev-platform/backend.env || true
printf '\n== services ==\n'
systemctl restart mev-supervisor.service
systemctl restart mev-admin-api.service
systemctl restart mev-start-all.service || systemctl start mev-start-all.service || true
systemctl --no-pager --full status mev-supervisor.service mev-admin-api.service --lines=0 || true
printf '\n== local api ==\n'
curl -fsS http://127.0.0.1:9090/api/health | jq .
curl -fsS http://127.0.0.1:9090/api/auth/check | jq .
if [ -n "${API_KEY:-}" ]; then
  curl -fsS -H "X-API-Key: ${API_KEY}" http://127.0.0.1:9090/api/infra | jq .
  curl -fsS -H "X-API-Key: ${API_KEY}" http://127.0.0.1:9090/api/safety/signer | jq .
  cd /opt/proxmox/MEV_Bot/mev-platform
  MEV_ADMIN_API_KEY="${API_KEY}" BASE=http://127.0.0.1:9090 ./scripts/e2e_admin_api.sh
fi
printf '\n== readiness ==\n'
bash /opt/proxmox/scripts/verify/check-mev-execution-readiness.sh --config "$CT_CONFIG_PATH" --env-file /etc/mev-platform/backend.env --rpc-url "$RPC_URL"
EOF
)

echo "MEV post-deploy cutover for CT $CT_VMID"
echo "PVE host:       $PVE_HOST"
echo "CT config path: $CT_CONFIG_PATH"
echo "Source config:  $SOURCE_CONFIG"
echo "Artifact:       $ARTIFACT_PATH"
echo ""
echo "Prepared patched config diff:"
sed -n '1,160p' /tmp/mev-cutover-patch.log
echo ""
echo "Planned remote copy command:"
echo "ssh root@$PVE_HOST \"pct exec $CT_VMID -- bash -lc 'cat > $CT_CONFIG_PATH'\" < $TMP_CONFIG"
echo ""
echo "Planned remote restart/verify command:"
echo "ssh root@$PVE_HOST \"pct exec $CT_VMID -- bash -lc $(printf '%q' "$CT_VERIFY_CMD")\""
echo ""
echo "Planned public verification:"
echo "curl -fsS https://mev.defi-oracle.io/api/auth/check | jq ."
if [[ -n "$API_KEY" ]]; then
  echo "curl -fsS -H \"X-API-Key: $API_KEY\" https://mev.defi-oracle.io/api/infra | jq ."
  echo "curl -fsS -H \"X-API-Key: $API_KEY\" https://mev.defi-oracle.io/api/safety/signer | jq ."
fi

if [[ "$APPLY" -ne 1 ]]; then
  echo ""
  echo "Dry-run only. Re-run with --apply to execute."
  exit 0
fi

cat "$TMP_CONFIG" | ssh "root@$PVE_HOST" "pct exec $CT_VMID -- bash -lc 'cat > \"$CT_CONFIG_PATH\"'"
ssh "root@$PVE_HOST" "pct exec $CT_VMID -- bash -lc $(printf '%q' "$CT_VERIFY_CMD")"

echo ""
echo "== public verification =="
curl -fsS https://mev.defi-oracle.io/api/auth/check | jq .
if [[ -n "$API_KEY" ]]; then
  curl -fsS -H "X-API-Key: $API_KEY" https://mev.defi-oracle.io/api/infra | jq .
  curl -fsS -H "X-API-Key: $API_KEY" https://mev.defi-oracle.io/api/safety/signer | jq .
fi