#!/usr/bin/env bash
# Run all Next Steps that can be executed from this environment.
# Steps requiring LAN, Proxmox host, or UI are printed at the end.
# Refs: docs/00-meta/NEXT_STEPS_OPERATOR.md, CONTINUE_AND_COMPLETE.md, NEXT_STEPS_ALL.md

set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
EVIDENCE_DIR="$PROJECT_ROOT/docs/04-configuration/verification-evidence"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
REPORT_FILE="$EVIDENCE_DIR/NEXT_STEPS_RUN_$TIMESTAMP.md"

RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'

log_ok()   { echo -e "${GREEN}[OK]${NC} $1"; }
log_fail() { echo -e "${RED}[FAIL]${NC} $1"; }
log_skip() { echo -e "${YELLOW}[SKIP]${NC} $1"; }
log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }

cd "$PROJECT_ROOT"
mkdir -p "$EVIDENCE_DIR"

echo ""
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "Run all Next Steps (automated from workspace)"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""

{
  echo "# Next Steps — Automated Run"
  echo ""
  echo "**Date:** $(date -Iseconds)"
  echo "**Report:** \`$REPORT_FILE\`"
  echo ""
  echo "## Automated steps run"
  echo ""
} > "$REPORT_FILE"

FAILED=0

# 1. Dependencies
log_info "1. Check dependencies"
if bash "$SCRIPT_DIR/verify/check-dependencies.sh" >> "$REPORT_FILE" 2>&1; then
  log_ok "Dependencies"
  echo "| Dependencies | OK | \`check-dependencies.sh\` |" >> "$REPORT_FILE"
else
  log_skip "Dependencies (some optional tools missing)"
  echo "| Dependencies | WARN | \`check-dependencies.sh\` (optional tools may be missing) |" >> "$REPORT_FILE"
fi
echo "" >> "$REPORT_FILE"

# 2. Config validation
log_info "2. Validate config files"
if bash "$PROJECT_ROOT/scripts/validation/validate-config-files.sh" >> "$REPORT_FILE" 2>&1; then
  log_ok "Config validation"
  echo "| Config validation | OK | \`validate-config-files.sh\` |" >> "$REPORT_FILE"
else
  log_fail "Config validation"
  echo "| Config validation | FAIL | \`validate-config-files.sh\` |" >> "$REPORT_FILE"
  ((FAILED++)) || true
fi
echo "" >> "$REPORT_FILE"

# 3. Run all validation (skip genesis if no RPC)
log_info "3. Run all validation (--skip-genesis)"
if bash "$SCRIPT_DIR/verify/run-all-validation.sh" --skip-genesis >> "$REPORT_FILE" 2>&1; then
  log_ok "Run all validation"
  echo "| Run all validation | OK | \`run-all-validation.sh --skip-genesis\` |" >> "$REPORT_FILE"
else
  log_fail "Run all validation"
  echo "| Run all validation | FAIL | \`run-all-validation.sh --skip-genesis\` |" >> "$REPORT_FILE"
  ((FAILED++)) || true
fi
echo "" >> "$REPORT_FILE"

# 4. E2E routing (may have RPC/Blockscout skip when off-LAN)
log_info "4. End-to-end routing verification"
if E2E_SUCCESS_IF_ONLY_RPC_BLOCKED=1 bash "$SCRIPT_DIR/verify/verify-end-to-end-routing.sh" --profile=public >> "$REPORT_FILE" 2>&1; then
  log_ok "E2E routing"
  echo "| E2E routing | OK | \`verify-end-to-end-routing.sh --profile=public\` (RPC may skip off-LAN) |" >> "$REPORT_FILE"
else
  log_skip "E2E routing (check report in verification-evidence/e2e-verification-*)"
  echo "| E2E routing | WARN/FAIL | \`verify-end-to-end-routing.sh --profile=public\` — see latest e2e-verification-* |" >> "$REPORT_FILE"
fi
echo "" >> "$REPORT_FILE"

# 5. Explorer + block production quick check
log_info "5. Explorer and block production quick check"
if bash "$SCRIPT_DIR/verify/verify-explorer-and-block-production.sh" >> "$REPORT_FILE" 2>&1; then
  log_ok "Explorer + block production"
  echo "| Explorer + block production | OK | \`verify-explorer-and-block-production.sh\` |" >> "$REPORT_FILE"
else
  log_skip "Explorer + block (RPC/block check may fail off-LAN)"
  echo "| Explorer + block production | WARN | \`verify-explorer-and-block-production.sh\` (block production needs LAN) |" >> "$REPORT_FILE"
fi
echo "" >> "$REPORT_FILE"

# 6. Bridge dry-run
log_info "6. Bridge dry-run"
if bash "$SCRIPT_DIR/bridge/run-send-cross-chain.sh" 0.01 --dry-run >> "$REPORT_FILE" 2>&1; then
  log_ok "Bridge dry-run"
  echo "| Bridge dry-run | OK | \`run-send-cross-chain.sh 0.01 --dry-run\` |" >> "$REPORT_FILE"
else
  log_skip "Bridge dry-run (RPC/keys may be unreachable)"
  echo "| Bridge dry-run | SKIP/FAIL | \`run-send-cross-chain.sh 0.01 --dry-run\` (needs RPC from LAN) |" >> "$REPORT_FILE"
fi
echo "" >> "$REPORT_FILE"

# 7. Security dry-run (no --apply)
log_info "7. Security dry-run (no --apply)"
if bash "$SCRIPT_DIR/security/run-security-on-proxmox-hosts.sh" >> "$REPORT_FILE" 2>&1; then
  log_ok "Security dry-run"
  echo "| Security dry-run | OK | \`run-security-on-proxmox-hosts.sh\` (no --apply) |" >> "$REPORT_FILE"
else
  log_skip "Security dry-run (SSH to hosts may fail)"
  echo "| Security dry-run | SKIP | \`run-security-on-proxmox-hosts.sh\` (SSH to .10/.11/.12) |" >> "$REPORT_FILE"
fi
echo "" >> "$REPORT_FILE"

# 8. Cron --show
log_info "8. Cron schedules (--show)"
bash "$SCRIPT_DIR/maintenance/schedule-npmplus-backup-cron.sh" --show >> "$REPORT_FILE" 2>&1 || true
bash "$SCRIPT_DIR/maintenance/schedule-daily-weekly-cron.sh" --show >> "$REPORT_FILE" 2>&1 || true
echo "| Cron (show) | — | \`schedule-npmplus-backup-cron.sh --show\`, \`schedule-daily-weekly-cron.sh --show\` |" >> "$REPORT_FILE"
echo "" >> "$REPORT_FILE"

# Append "Run from LAN" and "Manual" sections
cat >> "$REPORT_FILE" << 'EOF'

---

## Run from LAN / Proxmox (when ready)

| # | What | Command |
|---|------|---------|
| 7 | Bridge (real) | `bash scripts/bridge/run-send-cross-chain.sh 0.01` |
| 8 | Security apply | `bash scripts/security/run-security-on-proxmox-hosts.sh --apply` |
| 13a | Deploy contracts | `cd smom-dbis-138 && source .env && bash scripts/deployment/deploy-all-contracts.sh` |
| 13c | Verify contracts (Blockscout) | `source smom-dbis-138/.env && ./scripts/verify/run-contract-verification-with-proxy.sh` |
| NPMplus backup | Backup NPMplus | `bash scripts/verify/backup-npmplus.sh` |
| Wave 0 from LAN | NPMplus RPC fix + backup | `bash scripts/run-wave0-from-lan.sh` |
| Validators + block production | Fix validators / tx-pool | `bash scripts/fix-all-validators-and-txpool.sh` then `scripts/monitoring/monitor-blockchain-health.sh` |

---

## Manual / UI

| # | What | Where |
|---|------|--------|
| 9 | ~~2506–2508~~ Destroyed 2026-02-08 (RPC 2500–2505 only) | N/A |
| 10 | Explorer SSL | NPMplus https://192.168.11.167:81 → SSL → Let's Encrypt explorer.d-bis.org |
| 11 | NPMplus cert 134 | NPMplus → SSL Certificates → cross-all.defi-oracle.io re-request/re-save |
| 12 | Wave 2 & 3 | [WAVE2_WAVE3_OPERATOR_CHECKLIST.md](../../00-meta/WAVE2_WAVE3_OPERATOR_CHECKLIST.md) |

---

## References

- [NEXT_STEPS_OPERATOR.md](../../00-meta/NEXT_STEPS_OPERATOR.md)
- [CONTINUE_AND_COMPLETE.md](../../00-meta/CONTINUE_AND_COMPLETE.md)
- [NEXT_STEPS_ALL.md](../../00-meta/NEXT_STEPS_ALL.md)
- [FULL_FIXES_PREPARED.md](../FULL_FIXES_PREPARED.md)
EOF

echo ""
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
if [ "$FAILED" -eq 0 ]; then
  log_ok "Automated next steps complete. Report: $REPORT_FILE"
else
  log_fail "Automated next steps: $FAILED failure(s). Report: $REPORT_FILE"
fi
echo "Run-from-LAN and Manual sections are in the report."
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""

exit "$FAILED"