#!/bin/bash
# Configure OpenClaw agent authentication for NVIDIA API
# Usage: ./configure_agent_auth.sh <agent_name> <nvidia_api_key> [remote_host]

set -euo pipefail

# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m'

usage() {
    echo "Usage: $0 <agent_name> <nvidia_api_key> [remote_host]"
    echo ""
    echo "Examples:"
    echo "  # Local configuration:"
    echo "  $0 bob nvapi-xxx..."
    echo ""
    echo "  # Remote Jetson configuration:"
    echo "  $0 bob nvapi-xxx... howsa@100.x.x.x"
    exit 1
}

if [[ $# -lt 2 ]]; then
    usage
fi

AGENT_NAME="$1"
NVIDIA_API_KEY="$2"
REMOTE_HOST="${3:-}"

# Validate NVIDIA API key format
if [[ ! "$NVIDIA_API_KEY" =~ ^nvapi- ]]; then
    echo -e "${RED}❌ Invalid NVIDIA API key (must start with 'nvapi-')${NC}"
    exit 1
fi

# Create auth-profiles.json content
AUTH_PROFILES_JSON=$(cat <<EOF
{
  "nvidia": {
    "api_key": "$NVIDIA_API_KEY",
    "provider": "nvidia_nim"
  }
}
EOF
)

if [[ -z "$REMOTE_HOST" ]]; then
    # Local configuration
    AGENT_DIR="/home/howsa/openclaw/agents/$AGENT_NAME/agent"

    echo -e "${YELLOW}Setting up local agent: $AGENT_NAME${NC}"
    mkdir -p "$AGENT_DIR"

    echo "$AUTH_PROFILES_JSON" > "$AGENT_DIR/auth-profiles.json"
    chmod 600 "$AGENT_DIR/auth-profiles.json"

    echo -e "${GREEN}✓ Agent auth configured: $AGENT_DIR/auth-profiles.json${NC}"
else
    # Remote configuration via SSH
    echo -e "${YELLOW}Setting up remote agent on $REMOTE_HOST: $AGENT_NAME${NC}"

    # Create auth profiles on remote host
    ssh "$REMOTE_HOST" bash -s <<SSHEOF
set -euo pipefail
AGENT_DIR="/home/howsa/openclaw/agents/$AGENT_NAME/agent"
mkdir -p "\$AGENT_DIR"

cat > "\$AGENT_DIR/auth-profiles.json" <<'AUTH'
$AUTH_PROFILES_JSON
AUTH

chmod 600 "\$AGENT_DIR/auth-profiles.json"
echo "✓ Agent auth configured: \$AGENT_DIR/auth-profiles.json"
SSHEOF

    echo -e "${GREEN}✓ Remote agent configured${NC}"
fi

# Verify configuration
echo ""
echo -e "${YELLOW}Verifying configuration...${NC}"
if [[ -z "$REMOTE_HOST" ]]; then
    if [[ -f "$AGENT_DIR/auth-profiles.json" ]]; then
        echo -e "${GREEN}✓ auth-profiles.json exists${NC}"
        echo "Contents (key redacted):"
        cat "$AGENT_DIR/auth-profiles.json" | sed 's/"api_key": "[^"]*"/"api_key": "[REDACTED]"/g'
    else
        echo -e "${RED}❌ auth-profiles.json not found${NC}"
        exit 1
    fi
else
    ssh "$REMOTE_HOST" bash -c "
        if [[ -f /home/howsa/openclaw/agents/$AGENT_NAME/agent/auth-profiles.json ]]; then
            echo '✓ auth-profiles.json exists'
            echo 'Contents (key redacted):'
            cat /home/howsa/openclaw/agents/$AGENT_NAME/agent/auth-profiles.json | sed 's/\"api_key\": \"[^\"]*\"/\"api_key\": \"[REDACTED]\"/g'
        else
            echo 'ERROR: auth-profiles.json not found'
            exit 1
        fi
    "
fi

echo ""
echo -e "${GREEN}✓ Agent authentication configured successfully${NC}"
echo ""
echo "Next steps:"
echo "1. Restart the OpenClaw agent service:"
echo "   sudo systemctl restart engram-agents"
echo ""
echo "2. Check agent logs:"
echo "   journalctl -u engram-agents -f"