#!/usr/bin/env bash
# task-2461 Phase 3 P2-2: gh pr merge 단일 wrapper
# 모든 머지 호출은 본 wrapper를 통해 실행되어야 한다.
# 직접 `gh pr merge` 호출은 hidden-path-audit + pre-push에서 차단된다.
#
# 사용법:
#   MERGE_CALLER=<caller_name> bash scripts/safe_pr_merge.sh <pr_number> <task_id> [merge_method]
#
# 예: MERGE_CALLER=worktree_manager.py bash scripts/safe_pr_merge.sh 42 task-2461 squash
set -euo pipefail

PR_NUMBER="${1:?pr_number required}"
TASK_ID="${2:?task_id required}"
MERGE_METHOD="${3:-merge}"
WORKSPACE="${WORKSPACE:-$(git rev-parse --show-toplevel 2>/dev/null || echo /home/jay/workspace)}"

# 1) MERGE_CALLER 환경변수 강제
if [[ -z "${MERGE_CALLER:-}" ]]; then
    echo "[BLOCKED] safe_pr_merge.sh: MERGE_CALLER 환경변수 미설정 — wrapper 우회 시도 차단" >&2
    exit 1
fi

# 2) taskctl_verify 통과
TASKCTL_VERIFY="$WORKSPACE/scripts/taskctl_verify.py"
if [[ -f "$TASKCTL_VERIFY" ]]; then
    if ! python3 "$TASKCTL_VERIFY" "$TASK_ID"; then
        echo "[BLOCKED] safe_pr_merge.sh: taskctl_verify FAIL (task=$TASK_ID)" >&2
        exit 1
    fi
fi

# 3) Gemini 리뷰 존재 확인
REVIEWS=$(gh api "repos/$(gh repo view --json nameWithOwner --jq .nameWithOwner)/pulls/${PR_NUMBER}/reviews" 2>/dev/null || echo "[]")
HAS_GEMINI=$(echo "$REVIEWS" | python3 -c "
import json, sys
try:
    data = json.loads(sys.stdin.read())
    has = any('gemini-code-assist' in (r.get('user', {}).get('login', '') or '').lower() for r in data)
    print('1' if has else '0')
except Exception:
    print('0')
")
if [[ "$HAS_GEMINI" != "1" ]]; then
    echo "[BLOCKED] safe_pr_merge.sh: gemini-code-assist 리뷰 0건 — merge 차단 (PR=$PR_NUMBER)" >&2
    exit 1
fi

# 4) MERGE_CALLER 박제 (evidence)
EVIDENCE_DIR="$WORKSPACE/.tasks/evidence/${TASK_ID}"
mkdir -p "$EVIDENCE_DIR"
TS=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
EVIDENCE_FILE="$EVIDENCE_DIR/merge-${TS}.json"
python3 -c "
import json
data = {
    'task_id': '$TASK_ID',
    'pr_number': '$PR_NUMBER',
    'merge_method': '$MERGE_METHOD',
    'merge_caller': '${MERGE_CALLER}',
    'timestamp': '$TS',
    'wrapper': 'scripts/safe_pr_merge.sh',
}
json.dump(data, open('$EVIDENCE_FILE', 'w'), ensure_ascii=False, indent=2)
"

# 5) gh pr merge 실행
case "$MERGE_METHOD" in
    merge|squash|rebase) ;;
    *)
        echo "[BLOCKED] safe_pr_merge.sh: invalid merge method: $MERGE_METHOD" >&2
        exit 1
        ;;
esac

echo "[safe_pr_merge] caller=$MERGE_CALLER pr=$PR_NUMBER method=$MERGE_METHOD evidence=$EVIDENCE_FILE"
exec gh pr merge "$PR_NUMBER" "--$MERGE_METHOD" --delete-branch