package host

import (
	"context"
	"os"
	"path/filepath"
	"testing"
	"time"
)

func TestSandboxExec(t *testing.T) {
	cfg := DefaultSandboxConfig()
	cfg.AllowedDirs = []string{os.TempDir()}
	sandbox := NewSandbox(cfg)

	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
	defer cancel()

	result, err := sandbox.Exec(ctx, "echo hello cyrene", os.TempDir(), 5*time.Second)
	if err != nil {
		t.Fatalf("exec failed: %v", err)
	}
	if result.ExitCode != 0 {
		t.Fatalf("unexpected exit code: %d, stderr=%s", result.ExitCode, result.Stderr)
	}
	if result.Stdout == "" {
		t.Fatal("expected output, got empty")
	}
	t.Logf("exec OK: stdout=%q, duration=%s", result.Stdout, result.Duration)
}

func TestSandboxBlockedCommand(t *testing.T) {
	cfg := DefaultSandboxConfig()
	sandbox := NewSandbox(cfg)

	ctx := context.Background()
	_, err := sandbox.Exec(ctx, "rm -rf /", os.TempDir(), 5*time.Second)
	if err == nil {
		t.Fatal("expected 'rm' to be blocked")
	}
	t.Logf("blocked command OK: %v", err)
}

func TestSandboxTimeout(t *testing.T) {
	cfg := DefaultSandboxConfig()
	cfg.AllowedCommands = append(cfg.AllowedCommands, "sleep")
	sandbox := NewSandbox(cfg)

	ctx := context.Background()
	result, err := sandbox.Exec(ctx, "sleep 10", os.TempDir(), 1*time.Second)
	if err == nil {
		t.Fatal("expected timeout error")
	}
	if !result.TimedOut {
		t.Fatal("expected TimedOut=true")
	}
	t.Logf("timeout OK: exit=%d, timed_out=%v", result.ExitCode, result.TimedOut)
}

func TestManagerFileOps(t *testing.T) {
	cfg := DefaultSandboxConfig()
	tmpDir := os.TempDir()
	cfg.AllowedDirs = []string{tmpDir}
	sandbox := NewSandbox(cfg)
	mgr := NewManager(sandbox)
	mgr.SetAllowedDirs([]string{tmpDir})

	testPath := filepath.Join(tmpDir, "cyrene-test-file.txt")

	err := mgr.WriteFile(testPath, "Hello from Cyrene host manager!", 1024*1024)
	if err != nil {
		t.Fatalf("write failed: %v", err)
	}
	defer os.Remove(testPath)

	content, err := mgr.ReadFile(testPath, 1024*1024)
	if err != nil {
		t.Fatalf("read failed: %v", err)
	}
	if content != "Hello from Cyrene host manager!" {
		t.Fatalf("content mismatch: %q", content)
	}
	t.Logf("file read/write OK: %q", content)

	entries, err := mgr.ListDir(tmpDir)
	if err != nil {
		t.Fatalf("listdir failed: %v", err)
	}
	found := false
	for _, e := range entries {
		if e.Name == "cyrene-test-file.txt" {
			found = true
			break
		}
	}
	if !found {
		t.Fatal("expected test file in directory listing")
	}
	t.Logf("listdir OK: %d entries", len(entries))
}

func TestManagerSystemInfo(t *testing.T) {
	cfg := DefaultSandboxConfig()
	sandbox := NewSandbox(cfg)
	mgr := NewManager(sandbox)

	info := mgr.SystemInfo()
	if info["hostname"] == nil || info["hostname"] == "" {
		t.Fatal("expected hostname in system info")
	}
	if info["os"] == nil || info["os"] == "" {
		t.Fatal("expected os in system info")
	}
	if info["arch"] == nil || info["arch"] == "" {
		t.Fatal("expected arch in system info")
	}
	t.Logf("system info OK: os=%v arch=%v num_cpu=%v", info["os"], info["arch"], info["num_cpu"])
}

func TestPathValidation(t *testing.T) {
	cfg := DefaultSandboxConfig()
	cfg.AllowedDirs = []string{os.TempDir()}
	sandbox := NewSandbox(cfg)
	mgr := NewManager(sandbox)
	mgr.SetAllowedDirs([]string{os.TempDir()})

	// Should fail: access outside allowed dirs
	_, err := mgr.ReadFile("/etc/passwd", 1024)
	if err == nil {
		t.Fatal("expected path validation to block /etc/passwd")
	}
	t.Logf("path validation OK: blocked access to /etc/passwd")
}