#!/bin/bash
set -e

# Bootstrap installer - Universal kickstart script
# Decrypts and executes target-specific setup scripts

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"

# Default target is nbmain (nbase2)
TARGET="${1:-nbmain}"

ENC_FILE="${SCRIPT_DIR}/${TARGET}.sh.enc"
NBCRYPT="${SCRIPT_DIR}/nbcrypt"

echo "🚀 Bootstrap: Starting ${TARGET}..."

# Check if encrypted script exists
if [ ! -f "$ENC_FILE" ]; then
    echo "❌ Error: Target '${TARGET}' not found."
    echo "   Expected file: ${ENC_FILE}"
    exit 1
fi

# Check if nbcrypt exists
if [ ! -f "$NBCRYPT" ]; then
    echo "❌ Error: nbcrypt not found at ${NBCRYPT}"
    exit 1
fi

# Decrypt and execute
echo "🔐 Decrypting ${TARGET}.sh..."
TEMP_SCRIPT="/tmp/${TARGET}-$$.sh"

if "$NBCRYPT" decrypt "$ENC_FILE" "$TEMP_SCRIPT"; then
    chmod +x "$TEMP_SCRIPT"
    
    # Load SSH Agent environment if it was created by nbcrypt/BWS setup
    # Only load if we don't already have a valid Agent Forward
    AGENT_ENV_FILE="/tmp/.nb_agent_env_${USER:-$(id -un)}"
    if [ -f "$AGENT_ENV_FILE" ]; then
        # Check if we already have a valid SSH_AUTH_SOCK (Agent Forward)
        if [ -z "${SSH_AUTH_SOCK:-}" ] || [ ! -S "${SSH_AUTH_SOCK}" ]; then
            # No valid agent, safe to load from file
            echo "🔑 Loading SSH Agent environment..."
            source "$AGENT_ENV_FILE"
        else
            # Agent Forward exists, preserve it and skip file loading
            echo "🔑 Using existing SSH Agent Forward (preserved)"
        fi
    fi
    
    echo "✅ Executing ${TARGET} setup..."
    exec bash "$TEMP_SCRIPT"
else
    echo "❌ Decryption failed."
    echo "   Please ensure your Ed25519 key is loaded in SSH Agent."
    rm -f "$TEMP_SCRIPT"
    exit 1
fi