#!/usr/bin/env python3
"""
프로젝트별 코드 격리 시스템

Usage:
    python3 memory/project-isolation.py check <team_id> <project_id> <file_path>
    python3 memory/project-isolation.py init
    python3 memory/project-isolation.py status
"""

import json
import os
from pathlib import Path
from typing import Dict, List, Optional


class ProjectIsolation:
    """프로젝트 격리 관리자"""

    def __init__(self, workspace_path: str = "/home/jay/workspace"):
        self.workspace_path = Path(workspace_path)
        self.config_path = self.workspace_path / "memory" / "project-isolation-config.json"
        self.config = self._load_config()

    def _load_config(self) -> Dict:
        """설정 로드"""

        if self.config_path.exists():
            with open(self.config_path, "r", encoding="utf-8") as f:
                return json.load(f)
        else:
            # 기본 설정
            default_config = {"projects": {}, "teams": {}, "rules": []}
            return default_config

    def _save_config(self):
        """설정 저장"""

        self.config_path.parent.mkdir(parents=True, exist_ok=True)
        with open(self.config_path, "w", encoding="utf-8") as f:
            json.dump(self.config, f, ensure_ascii=False, indent=2)

    def register_project(self, project_id: str, project_path: str, allowed_teams: List[str]):
        """프로젝트 등록"""

        self.config["projects"][project_id] = {
            "path": project_path,
            "allowed_teams": allowed_teams,
            "created_at": str(Path(project_path).stat().st_mtime) if Path(project_path).exists() else "pending",
        }
        self._save_config()

    def register_team(self, team_id: str, assigned_projects: List[str]):
        """팀 등록"""

        self.config["teams"][team_id] = {"assigned_projects": assigned_projects}
        self._save_config()

    def check_access(self, team_id: str, project_id: str, file_path: str) -> Dict:
        """접근 권한 체크"""

        result = {"allowed": False, "reason": "", "project_id": project_id, "team_id": team_id, "file_path": file_path}

        # 1. 팀 존재 확인
        if team_id not in self.config["teams"]:
            result["reason"] = f"팀 '{team_id}'이(가) 등록되지 않음"
            return result

        # 2. 프로젝트 존재 확인
        if project_id not in self.config["projects"]:
            result["reason"] = f"프로젝트 '{project_id}'이(가) 등록되지 않음"
            return result

        # 3. 팀에 프로젝트 할당 확인
        team_config = self.config["teams"][team_id]
        if project_id not in team_config["assigned_projects"]:
            result["reason"] = f"팀 '{team_id}'은(는) 프로젝트 '{project_id}'에 할당되지 않음"
            return result

        # 4. 파일 경로 확인
        project_config = self.config["projects"][project_id]
        project_path = Path(project_config["path"])
        target_file = Path(file_path)

        # ⭐ 상대경로 → 절대경로 자동 변환 (프로젝트 경로 기준)
        if not target_file.is_absolute():
            target_file = project_path / target_file
            file_path = str(target_file)
            result["file_path"] = file_path  # 변환된 경로로 업데이트

        # 파일이 프로젝트 경로 내에 있는지 확인
        try:
            target_file.relative_to(project_path)
        except ValueError:
            result["reason"] = f"파일 '{file_path}'이(가) 프로젝트 '{project_id}' 경로 외부"
            return result

        # 모든 검사 통과
        result["allowed"] = True
        result["reason"] = "접근 허용"
        return result

    def get_team_projects(self, team_id: str) -> List[str]:
        """팀에 할당된 프로젝트 목록"""

        if team_id not in self.config["teams"]:
            return []

        return self.config["teams"][team_id]["assigned_projects"]

    def get_project_teams(self, project_id: str) -> List[str]:
        """프로젝트에 할당된 팀 목록"""

        if project_id not in self.config["projects"]:
            return []

        return self.config["projects"][project_id]["allowed_teams"]

    def status(self) -> Dict:
        """현재 상태"""

        return {"projects": len(self.config["projects"]), "teams": len(self.config["teams"]), "config": self.config}


def init_default_config():
    """기본 설정 초기화"""

    isolation = ProjectIsolation()

    # 샘플 프로젝트 등록
    isolation.register_project(
        project_id="project-a", project_path="/home/jay/workspace/project-a", allowed_teams=["dev1-team"]
    )

    isolation.register_project(
        project_id="project-b", project_path="/home/jay/workspace/project-b", allowed_teams=["dev2-team"]
    )

    isolation.register_project(
        project_id="project-c", project_path="/home/jay/workspace/project-c", allowed_teams=["dev3-team"]
    )

    # 팀 등록
    isolation.register_team("dev1-team", ["project-a"])
    isolation.register_team("dev2-team", ["project-b"])
    isolation.register_team("dev3-team", ["project-c"])

    print("✅ 기본 설정 초기화 완료")
    print(json.dumps(isolation.status(), ensure_ascii=False, indent=2))


def main():
    """CLI 인터페이스"""
    import sys

    if len(sys.argv) < 2:
        print("Usage:")
        print("  python3 memory/project-isolation.py init")
        print("  python3 memory/project-isolation.py status")
        print("  python3 memory/project-isolation.py check <team_id> <project_id> <file_path>")
        sys.exit(1)

    command = sys.argv[1]
    isolation = ProjectIsolation()

    if command == "init":
        init_default_config()

    elif command == "status":
        print(json.dumps(isolation.status(), ensure_ascii=False, indent=2))

    elif command == "check":
        if len(sys.argv) < 5:
            print("Error: team_id, project_id, file_path를 입력하세요")
            sys.exit(1)

        team_id = sys.argv[2]
        project_id = sys.argv[3]
        file_path = sys.argv[4]

        result = isolation.check_access(team_id, project_id, file_path)
        print(json.dumps(result, ensure_ascii=False, indent=2))

        if not result["allowed"]:
            sys.exit(1)

    else:
        print(f"Unknown command: {command}")
        sys.exit(1)


if __name__ == "__main__":
    main()