/**
 * Confirm Destructive Actions
 *
 * Two layers of protection:
 *
 * 1. Bash commands — intercepts tool_call for bash and prompts before running
 *    patterns that are hard or impossible to undo.
 *
 * 2. Session actions — prompts before /new (clear), /resume (switch), and
 *    /fork so you don't accidentally throw away work.
 */

import type { ExtensionAPI, SessionBeforeSwitchEvent, SessionMessageEntry } from "@earendil-works/pi-coding-agent";

// ── Dangerous bash patterns ───────────────────────────────────────────────────

const DANGEROUS: { pattern: RegExp; label: string }[] = [
  { pattern: /\brm\s+(-[a-z]*r[a-z]*f?[a-z]*|-[a-z]*f[a-z]*r[a-z]*)\b/i, label: "recursive remove" },
  { pattern: /\bsudo\b/i,                                                   label: "sudo" },
  { pattern: /\b(chmod|chown)\b.*\b777\b/i,                                 label: "chmod/chown 777" },
  { pattern: /\bdd\b.*\bif=/i,                                              label: "dd (disk operation)" },
  { pattern: /\bmkfs\b/i,                                                   label: "mkfs (format)" },
  { pattern: /\bgit\s+push\b.*\s(-f|--force)\b/i,                          label: "git force push" },
  { pattern: />\s*\/dev\//i,                                                label: "write to device" },
  { pattern: /\btruncate\b.*--size\s+0/i,                                   label: "truncate to zero" },
];

function matchesDangerous(command: string): string | null {
  for (const { pattern, label } of DANGEROUS) {
    if (pattern.test(command)) return label;
  }
  return null;
}

// ── Extension ─────────────────────────────────────────────────────────────────

export default function (pi: ExtensionAPI) {

  // ── 1. Dangerous bash commands ─────────────────────────────────────────────

  pi.on("tool_call", async (event, ctx) => {
    if (event.toolName !== "bash") return;

    const command = event.input.command as string;
    const match = matchesDangerous(command);
    if (!match) return;

    if (!ctx.hasUI) {
      return { block: true, reason: `Dangerous command blocked (${match}) — no UI for confirmation` };
    }

    const choice = await ctx.ui.select(
      `⚠️  ${match}\n\n  ${command.slice(0, 200)}${command.length > 200 ? "…" : ""}\n\nAllow?`,
      ["Yes, run it", "No, block it"],
    );

    if (choice !== "Yes, run it") {
      ctx.ui.notify("Command blocked", "info");
      return { block: true, reason: "Blocked by user" };
    }
  });

  // ── 2. Session clear / switch ──────────────────────────────────────────────

  pi.on("session_before_switch", async (event: SessionBeforeSwitchEvent, ctx) => {
    if (!ctx.hasUI) return;

    if (event.reason === "new") {
      const ok = await ctx.ui.confirm("Clear session?", "All messages in this session will be deleted.");
      if (!ok) {
        ctx.ui.notify("Clear cancelled", "info");
        return { cancel: true };
      }
      return;
    }

    // resume — only confirm if there's unsaved user work
    const entries = ctx.sessionManager.getEntries();
    const hasUnsaved = entries.some(
      (e): e is SessionMessageEntry => e.type === "message" && e.message.role === "user",
    );
    if (!hasUnsaved) return;

    const ok = await ctx.ui.confirm("Switch session?", "Current session has messages. Switch anyway?");
    if (!ok) {
      ctx.ui.notify("Switch cancelled", "info");
      return { cancel: true };
    }
  });

  // ── 3. Fork ────────────────────────────────────────────────────────────────

  pi.on("session_before_fork", async (event, ctx) => {
    if (!ctx.hasUI) return;

    const choice = await ctx.ui.select(
      `Fork from entry ${event.entryId.slice(0, 8)}?`,
      ["Yes, create fork", "No, stay here"],
    );

    if (choice !== "Yes, create fork") {
      ctx.ui.notify("Fork cancelled", "info");
      return { cancel: true };
    }
  });
}