<?php

/**
 * Name: VS-01 Vital Signs
 * Description: Public civic diagnostic — the ten structural preconditions of an HOA association.
 * Version: 0.3.0
 * MinVersion: 11.0
 * MaxVersion: 12.0
 */

use Zotlabs\Extend\Widget;

require_once 'addon/vs01/vs01_renderer.php';
require_once 'addon/vs01/vs01_spool.php';

function vs01_module() {}

function vs01_load() {
    register_hook('load_pdl', 'addon/vs01/vs01.php', 'vs01_load_pdl');
    Widget::register('addon/vs01/Widget/Vs01.php', 'vs01');
    Widget::register('addon/vs01/Widget/CivicNav.php', 'civicnav');
}

function vs01_unload() {
    unregister_hook('load_pdl', 'addon/vs01/vs01.php', 'vs01_load_pdl');
    Widget::unregister('addon/vs01/Widget/Vs01.php', 'vs01');
    Widget::unregister('addon/vs01/Widget/CivicNav.php', 'civicnav');
}

function vs01_load_pdl(&$b) {
    if (!is_array($b) || empty($b['module'])) {
        return;
    }

    // On association channel pages: read core mod_channel.pdl and inject
    // civicnav widget as first widget in right_aside.
    if ($b['module'] === 'channel') {
        $addr = App::$profile['channel_address'] ?? '';
        $slug = $addr ? explode('@', $addr)[0] : '';
        if (!$slug) return;

        $raw = @file_get_contents('addon/vs01/config.json');
        if ($raw === false) return;
        $cfg = json_decode($raw, true);
        if (json_last_error() !== JSON_ERROR_NONE) return;
        if (!isset($cfg['associations'][$slug])) return;

        // Read core channel PDL. theme_include() checks theme overrides first,
        // then falls back to view/pdl/. We mirror that lookup here.
        $p = theme_include('mod_channel.pdl');
        $layout = $p ? @file_get_contents($p) : '';
        if (!$layout) {
            $layout = @file_get_contents('view/pdl/mod_channel.pdl');
        }
        if (!$layout) return;

        // Inject civicnav as first widget in right_aside.
        $b['layout'] = str_replace(
            '[region=right_aside]',
            '[region=right_aside]' . "\n" . '[widget=civicnav][/widget]',
            $layout
        );
        return;
    }

    // Load vs01 PDL for vs01 module pages.
    if ($b['module'] !== 'vs01') {
        return;
    }
    $layout = @file_get_contents('addon/vs01/mod_vs01.pdl');
    if ($layout !== false) {
        $b['layout'] = $layout;
    }
}

// ----------------------------------------------------------------------------
// HELPERS
// ----------------------------------------------------------------------------

function vs01_h($value) {
    return htmlspecialchars((string) $value, ENT_QUOTES, 'UTF-8');
}

// ----------------------------------------------------------------------------
// ACCESS
// ----------------------------------------------------------------------------

function vs01_access_state($association_slug = '') {
    $config = vs01_load_config();

    // Operator check — association channel owner (local channel only)
    if (local_channel()) {
        $channel = App::get_channel();
        if (local_channel() === intval($channel['channel_id'])) {
            return 'operator';
        }
    }

    if (!$association_slug) {
        return 'public';
    }

    $assoc = $config['associations'][$association_slug] ?? null;
    if (!$assoc) return 'public';

    // get_observer_hash() works for both local channels and guest token visitors
    $observer = get_observer_hash();
    if (!$observer) return 'public';

    $groups = $assoc['groups'] ?? [];

    // Direct pgrp_member query — works for guest tokens because it does not
    // call local_channel(). The group IDs come from config.json per association.

    // Corpus Builder — highest participant tier
    $cb_gid = intval($groups['corpus_builder'] ?? 0);
    if ($cb_gid) {
        $r = q("SELECT xchan FROM pgrp_member WHERE gid = %d AND xchan = '%s' LIMIT 1",
            intval($cb_gid),
            dbesc($observer)
        );
        if ($r) return 'participant';
    }

    // SASE Participant
    $sase_gid = intval($groups['sase_participant'] ?? 0);
    if ($sase_gid) {
        $r = q("SELECT xchan FROM pgrp_member WHERE gid = %d AND xchan = '%s' LIMIT 1",
            intval($sase_gid),
            dbesc($observer)
        );
        if ($r) return 'participant';
    }

    // Civic Professional
    $prof_gid = intval($groups['civic_professional'] ?? 0);
    if ($prof_gid) {
        $r = q("SELECT xchan FROM pgrp_member WHERE gid = %d AND xchan = '%s' LIMIT 1",
            intval($prof_gid),
            dbesc($observer)
        );
        if ($r) return 'participant';
    }

    return 'public';
}

function vs01_is_professional() {
    // Works for both local channels and guest token visitors via get_observer_hash()
    $observer = get_observer_hash();
    if (!$observer) return false;
    $listings = vs01_load_listings();
    foreach (['tier1', 'tier2'] as $tier) {
        foreach ($listings[$tier] ?? [] as $entry) {
            if (($entry['xchain'] ?? '') === $observer
                && ($entry['status'] ?? '') === 'active') {
                return true;
            }
        }
    }
    return false;
}

function vs01_access_wall($association_slug = '') {
    $config = vs01_load_config();
    $assoc  = $association_slug
        ? ($config['associations'][$association_slug] ?? null)
        : null;
    $name   = $assoc ? vs01_h($assoc['name']) : 'this association';
    return '
        <div class="vs01-content">
            <div class="alert alert-info" role="alert">
                <strong>HOA_MEMBER standing required to submit a record for ' . $name . '.</strong>
                Vital Signs are public and readable by anyone.
                To submit a record, you must complete the SASE process.
                Visit <a href="https://directory.diagnostics.kane-il.us/channel/theron">
                    directory.diagnostics.kane-il.us
                </a> to begin.
            </div>
        </div>
    ';
}

// ----------------------------------------------------------------------------
// CONTENT ROUTER
// ----------------------------------------------------------------------------

function vs01_content() {
    if (function_exists('head_add_css')) {
        head_add_css('/addon/vs01/view/css/vs01.css');
    }
    if (function_exists('head_add_js')) {
        head_add_js('/addon/vs01/view/js/vs01.js');
    }

    $association_slug = argv(1) ?? '';
    $vs_code          = strtoupper(argv(2) ?? '');

    // Index — list registered associations
    if (!$association_slug) {
        return vs01_render_index();
    }

    $config = vs01_load_config();
    if (!isset($config['associations'][$association_slug])) {
        return vs01_render_not_found();
    }

    $access = vs01_access_state($association_slug);
    if (vs01_is_professional()) {
        $access = 'professional';
    }

    // Manage route — operator only
    if ($vs_code === 'MANAGE') {
        if ($access !== 'operator') {
            return vs01_access_wall($association_slug);
        }
        return vs01_render_manage($association_slug);
    }

    // VS form route
    if ($vs_code && preg_match('/^VS-\d{2}$/', $vs_code)) {
        if ($_SERVER['REQUEST_METHOD'] === 'POST') {
            if ($access === 'public') {
                return vs01_access_wall($association_slug);
            }
            if (!vs01_verify_csrf()) {
                return '<div class="alert alert-danger">Invalid form token. Please reload and try again.</div>';
            }
            return vs01_handle_post($association_slug, $vs_code, $access);
        }
        return vs01_render_vs_form($association_slug, $vs_code, $access);
    }

    // Association landing
    return vs01_render_landing($association_slug, $access);
}

// ----------------------------------------------------------------------------
// RENDER — INDEX
// ----------------------------------------------------------------------------

function vs01_render_index() {
    $config       = vs01_load_config();
    $associations = $config['associations'] ?? [];

    if (empty($associations)) {
        return '<div class="vs01-content"><p class="text-muted">No associations registered.</p></div>';
    }

    $out  = '<div class="vs01-content">';
    $out .= '<h2>Vital Signs</h2>';
    $out .= '<p class="text-muted">Select an association to view or submit its diagnostic record.</p>';
    $out .= '<ul class="vs01-association-list list-group">';
    foreach ($associations as $slug => $assoc) {
        $name    = vs01_h($assoc['name'] ?? $slug);
        $address = vs01_h($assoc['address'] ?? '');
        $out .= '<li class="list-group-item">';
        $out .= '<a href="' . z_root() . '/vs01/' . vs01_h($slug) . '">' . $name . '</a>';
        if ($address) {
            $out .= ' <span class="text-muted small">— ' . $address . '</span>';
        }
        $out .= '</li>';
    }
    $out .= '</ul></div>';
    return $out;
}

// ----------------------------------------------------------------------------
// RENDER — ASSOCIATION LANDING
// ----------------------------------------------------------------------------

function vs01_render_landing($association_slug, $access) {
    $config  = vs01_load_config();
    $assoc   = $config['associations'][$association_slug];
    $name    = vs01_h($assoc['name'] ?? $association_slug);
    $schemas = vs01_load_schemas();

    $out  = '<div class="vs01-content">';
    $out .= '<div class="vs01-header mb-3">';
    $out .= '<h2>' . $name . '</h2>';
    $out .= '<p class="text-muted">Vital Signs diagnostic record.</p>';
    $out .= '</div>';

    // VS navigation
    $out .= '<nav class="vs01-vs-nav" aria-label="Vital Signs">';
    $out .= '<ul class="list-group list-group-flush">';
    foreach ($schemas as $code => $schema) {
        $title  = vs01_h($schema['_meta']['title'] ?? $code);
        $dq     = vs01_h($schema['_meta']['diagnostic_question'] ?? '');
        $url    = z_root() . '/vs01/' . vs01_h($association_slug) . '/' . vs01_h($code);
        $out   .= '<li class="list-group-item">';
        $out   .= '<a href="' . $url . '"><strong>' . vs01_h($code) . '</strong> — ' . $title . '</a>';
        if ($dq) {
            $out .= '<p class="small text-muted mb-0">' . $dq . '</p>';
        }
        $out .= '</li>';
    }
    $out .= '</ul></nav>';

    if ($access === 'operator') {
        $manage_url = z_root() . '/vs01/' . vs01_h($association_slug) . '/manage';
        $out .= '<div class="mt-3"><a href="' . $manage_url . '" class="btn btn-sm btn-outline-secondary">Manage TMP</a></div>';
    }

    $out .= '</div>';
    return $out;
}

// ----------------------------------------------------------------------------
// RENDER — VS FORM
// ----------------------------------------------------------------------------

function vs01_render_vs_form($association_slug, $vs_code, $access) {
    $schemas = vs01_load_schemas();
    if (!isset($schemas[$vs_code])) {
        return '<div class="alert alert-warning">VS code ' . vs01_h($vs_code) . ' not found.</div>';
    }

    $schema  = $schemas[$vs_code];
    $config  = vs01_load_config();
    $assoc   = $config['associations'][$association_slug];
    $name    = vs01_h($assoc['name'] ?? $association_slug);

    // Determine perspective from access state
    $perspective_map = [
        'participant'  => 'homeowner',
        'professional' => 'professional',
        'operator'     => 'public_record',
        'public'       => 'homeowner',
    ];
    $perspective_key = $perspective_map[$access] ?? 'homeowner';
    $perspective     = $schema['perspectives'][$perspective_key] ?? null;

    if (!$perspective) {
        return '<div class="alert alert-warning">No perspective defined for access state: ' . vs01_h($access) . '</div>';
    }

    $form_url = z_root() . '/vs01/' . vs01_h($association_slug) . '/' . vs01_h($vs_code);
    $meta     = $schema['_meta'];

    $out  = '<div class="vs01-content">';

    // Breadcrumb
    $out .= '<nav aria-label="breadcrumb"><ol class="breadcrumb">';
    $out .= '<li class="breadcrumb-item"><a href="' . z_root() . '/vs01/' . vs01_h($association_slug) . '">' . $name . '</a></li>';
    $out .= '<li class="breadcrumb-item active">' . vs01_h($vs_code) . ' — ' . vs01_h($meta['title'] ?? '') . '</li>';
    $out .= '</ol></nav>';

    // VS header
    $out .= '<div class="vs01-vs-header mb-3">';
    $out .= '<h3>' . vs01_h($vs_code) . ' — ' . vs01_h($meta['title'] ?? '') . '</h3>';
    $out .= '<p class="vs01-diagnostic-question">' . vs01_h($meta['diagnostic_question'] ?? '') . '</p>';
    $out .= '</div>';

    // Compound condition banners
    $out .= vs01_render_compound_banners($association_slug);

    // Verification sources
    $out .= vs01_render_verification_sources($meta);

    // Perspective note for VS-07 and VS-09 homeowner slot
    $out .= vs01_render_perspective_note($schema, $perspective_key);

    // Public access — show read-only content, no form
    if ($access === 'public') {
        $out .= '<div class="alert alert-info mt-3">';
        $out .= 'Vital Signs are public. ';
        $out .= '<a href="https://directory.diagnostics.kane-il.us/channel/theron">Complete the SASE process</a> ';
        $out .= 'to submit a record for this association.';
        $out .= '</div>';
        $out .= '</div>';
        return $out;
    }

    // Immutable check for public record perspective
    if ($perspective_key === 'public_record'
        && ($perspective['immutable_after_submit'] ?? false)
        && vs01_public_record_exists($vs_code, $association_slug)) {
        $out .= '<div class="vs01-immutable-notice alert alert-secondary">';
        $out .= 'Public record — immutable. Contact the operator to correct spelling or citation errors.';
        $out .= '</div>';
        $out .= vs01_render_public_record_readonly($perspective, []);
        $out .= '</div>';
        return $out;
    }

    // Form
    $out .= '<p class="vs01-instruction">' . vs01_h($perspective['instruction'] ?? '') . '</p>';
    $out .= '<form method="post" action="' . $form_url . '" class="vs01-form" novalidate>';
    $out .= vs01_csrf_token();
    $out .= '<input type="hidden" name="vs_code" value="' . vs01_h($vs_code) . '">';
    $out .= '<input type="hidden" name="perspective" value="' . vs01_h($perspective_key) . '">';

    foreach ($perspective['fields'] ?? [] as $field) {
        $field_html = vs01_render_field($field, []);
        if (!empty($field['depends_on'])) {
            $field_html = vs01_wrap_depends_on($field, $field_html);
        }
        $out .= $field_html;
    }

    // THROWAWAY — bare minimum confirmation target; replace with full TMP workflow
    $out .= '<div class="mt-3">';
    $out .= '<button type="submit" class="btn btn-primary">Submit</button>';
    $out .= '</div>';
    $out .= '</form>';

    // VS navigation — previous / next
    $out .= vs01_render_vs_nav($association_slug, $vs_code);

    $out .= '</div>';
    return $out;
}

// ----------------------------------------------------------------------------
// RENDER — VS NAVIGATION
// ----------------------------------------------------------------------------

function vs01_render_vs_nav($association_slug, $current_code) {
    $schemas = vs01_load_schemas();
    $codes   = array_keys($schemas);
    $idx     = array_search($current_code, $codes, true);
    $base    = z_root() . '/vs01/' . vs01_h($association_slug) . '/';

    $out = '<nav class="vs01-vs-nav-arrows mt-4 d-flex justify-content-between">';
    if ($idx > 0) {
        $prev = $codes[$idx - 1];
        $out .= '<a href="' . $base . vs01_h($prev) . '" class="btn btn-sm btn-outline-secondary">&larr; ' . vs01_h($prev) . '</a>';
    } else {
        $out .= '<span></span>';
    }
    if ($idx !== false && $idx < count($codes) - 1) {
        $next = $codes[$idx + 1];
        $out .= '<a href="' . $base . vs01_h($next) . '" class="btn btn-sm btn-outline-secondary">' . vs01_h($next) . ' &rarr;</a>';
    } else {
        $out .= '<span></span>';
    }
    $out .= '</nav>';
    return $out;
}

// ----------------------------------------------------------------------------
// RENDER — MANAGE (TMP REVIEW)
// ----------------------------------------------------------------------------

function vs01_render_manage($association_slug) {
    $config = vs01_load_config();
    $assoc  = $config['associations'][$association_slug];
    $name   = vs01_h($assoc['name'] ?? $association_slug);

    $out  = '<div class="vs01-content">';
    $out .= '<h2>Manage — ' . $name . '</h2>';
    // TODO: load TMP submissions from orchestrator and render review interface
    $out .= '<p class="text-muted fst-italic">TMP review forthcoming.</p>';
    $out .= '</div>';
    return $out;
}

// ----------------------------------------------------------------------------
// RENDER — NOT FOUND
// ----------------------------------------------------------------------------

function vs01_render_not_found() {
    return '<div class="vs01-content"><div class="alert alert-warning">Association not found.</div></div>';
}

// ----------------------------------------------------------------------------
// CONFIG
// ----------------------------------------------------------------------------

function vs01_load_config() {
    $path = 'addon/vs01/config.json';
    $raw  = @file_get_contents($path);
    if ($raw === false) return [];
    $data = json_decode($raw, true);
    return (json_last_error() === JSON_ERROR_NONE) ? $data : [];
}

// ----------------------------------------------------------------------------
// LISTINGS
// ----------------------------------------------------------------------------

function vs01_load_listings() {
    $config = vs01_load_config();
    $path   = $config['listings_file'] ?? 'addon/vs01/listings.json';
    $raw    = @file_get_contents($path);
    if ($raw === false) {
        return ['core' => [], 'tier1' => [], 'tier2' => [], 'other' => []];
    }
    $data = json_decode($raw, true);
    if (json_last_error() !== JSON_ERROR_NONE) {
        return ['core' => [], 'tier1' => [], 'tier2' => [], 'other' => []];
    }
    return $data;
}

// ----------------------------------------------------------------------------
// CSRF
// ----------------------------------------------------------------------------

function vs01_csrf_token() {
    if (empty($_SESSION['vs01_csrf'])) {
        $_SESSION['vs01_csrf'] = bin2hex(random_bytes(16));
    }
    return '<input type="hidden" name="vs01_csrf" value="'
         . vs01_h($_SESSION['vs01_csrf']) . '">';
}

function vs01_verify_csrf() {
    return isset($_POST['vs01_csrf'], $_SESSION['vs01_csrf'])
        && hash_equals($_SESSION['vs01_csrf'], $_POST['vs01_csrf']);
}