#!/bin/bash
# Comprehensive project verification script
set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
cd "$SCRIPT_DIR"

PASS=0
FAIL=0
RESULTS=""

log_pass() { PASS=$((PASS+1)); RESULTS+="  [PASS] $1\n"; }
log_fail() { FAIL=$((FAIL+1)); RESULTS+="  [FAIL] $1\n"; }
log_info() { RESULTS+="  [INFO] $1\n"; }

echo "=== KNEL-Football Project Verification ==="
echo ""

# 1. Docker available
echo "Phase 1: Environment checks..."
if docker info &>/dev/null; then
    log_pass "Docker daemon running"
else
    log_fail "Docker daemon not running"
fi

# 2. Docker image exists
if docker images --format '{{.Repository}}' | grep -q 'knel-football-dev'; then
    log_pass "Docker build image exists"
else
    log_fail "Docker build image missing (run: ./run.sh build)"
fi

# 3. Lint (warning level only)
echo "Phase 2: Lint checks..."
LINT_OUTPUT=$(docker run --rm -v "$SCRIPT_DIR":/workspace knel-football-dev:latest bash -c \
    'shellcheck --severity=warning /workspace/src/*.sh /workspace/config/hooks/installed/*.sh /workspace/config/hooks/live/*.sh' 2>&1 || true)
if [ -z "$LINT_OUTPUT" ]; then
    log_pass "Shellcheck (warning level) clean"
else
    log_fail "Shellcheck warnings found:"
    echo "$LINT_OUTPUT" | while read -r line; do log_info "  $line"; done
fi

# 4. Run full test suite
echo "Phase 3: Test suite..."
TEST_OUTPUT=$(./run.sh test 2>&1)
TEST_COUNT=$(echo "$TEST_OUTPUT" | grep -c "^ok" || true)
TEST_FAIL=$(echo "$TEST_OUTPUT" | grep -c "^not ok" || true)
if [ "$TEST_FAIL" -eq 0 ]; then
    log_pass "All $TEST_COUNT tests passing"
else
    log_fail "$TEST_FAIL tests failing out of $((TEST_COUNT+TEST_FAIL))"
    echo "$TEST_OUTPUT" | grep "^not ok" | while read -r line; do log_info "  $line"; done
fi

# 5. ISO artifact check
echo "Phase 4: ISO artifact..."
if ls output/*.iso &>/dev/null; then
    ISO_FILE=$(ls output/*.iso | head -1)
    ISO_SIZE=$(du -h "$ISO_FILE" | cut -f1)
    log_pass "ISO exists: $ISO_FILE ($ISO_SIZE)"
    # Check checksums
    if [ -f "${ISO_FILE}.sha256" ]; then
        log_pass "SHA256 checksum file exists"
    else
        log_fail "SHA256 checksum file missing"
    fi
else
    log_info "No ISO artifact found (build with: ./run.sh iso)"
fi

# 6. VM testing capability
echo "Phase 5: VM test capability..."
if command -v virsh &>/dev/null; then
    log_pass "virsh available for VM testing"
    if virsh list --all &>/dev/null; then
        log_pass "libvirt daemon accessible"
        # Check for any existing test VMs
        EXISTING_VMS=$(virsh list --all --name 2>/dev/null | grep -c 'knel-test' || true)
        if [ "$EXISTING_VMS" -gt 0 ]; then
            log_info "Found $EXISTING_VMS existing test VM(s)"
        else
            log_info "No existing test VMs"
        fi
    else
        log_info "libvirt daemon not accessible (may need sudo/libvirtd group)"
    fi
else
    log_info "virsh not installed - VM testing not available on this host"
fi

# 7. Git status
echo "Phase 6: Git status..."
if git diff --quiet && git diff --cached --quiet; then
    log_pass "Working tree clean"
else
    log_fail "Uncommitted changes present"
fi
AHEAD=$(git rev-list --count '@{u}..HEAD' 2>/dev/null || echo "?")
log_info "Branch is $AHEAD commit(s) ahead of origin/main"

# 8. Source file integrity
echo "Phase 7: Source file integrity..."
for f in src/build-iso.sh src/security-hardening.sh src/firewall-setup.sh; do
    if [ -f "$f" ] && [ -x "$f" ]; then
        log_pass "$f exists and is executable"
    else
        log_fail "$f missing or not executable"
    fi
done

# 9. Config file integrity
echo "Phase 8: Config integrity..."
for f in config/preseed.cfg config/hooks/installed/encryption-setup.sh config/hooks/installed/encryption-validation.sh config/hooks/live/security-hardening.sh config/hooks/live/firewall-setup.sh; do
    if [ -f "$f" ]; then
        log_pass "$f exists"
    else
        log_fail "$f missing"
    fi
done

# 10. Check for Unicode characters that break shellcheck
echo "Phase 9: Unicode check..."
UNICODE_FILES=$(grep -rl '✓\|✗\|✔\|✘' src/ config/ 2>/dev/null || true)
if [ -z "$UNICODE_FILES" ]; then
    log_pass "No problematic Unicode characters in shell scripts"
else
    log_fail "Unicode characters found in: $UNICODE_FILES"
fi

# Summary
echo ""
echo "=== RESULTS ==="
echo -e "$RESULTS"
echo ""
echo "Summary: $PASS passed, $FAIL failed"
if [ "$FAIL" -gt 0 ]; then
    echo "STATUS: ACTION REQUIRED"
    exit 1
else
    echo "STATUS: ALL GOOD"
    exit 0
fi