#!/usr/bin/env python3
"""
SendBlue inbound webhook receiver.

Runs a tiny HTTP server on PORT (default 8787). Expose via cloudflared/ngrok,
paste the public URL into SendBlue dashboard webhook settings.

Flow:
  1. SendBlue POSTs inbound iMessage JSON to /webhook
  2. Verify HMAC signature (if SENDBLUE_WEBHOOK_SECRET set)
  3. Check from_number is in SENDBLUE_AUTHORIZED_NUMBERS
  4. Run Chairman agent loop on the content
  5. POST reply via SendBlue send API
  6. Log to logs/webhook.log

Start:
  python3 webhook.py
"""
import hashlib
import hmac
import json
import logging
import os
import sys
import threading
from datetime import datetime, timezone
from http.server import BaseHTTPRequestHandler, ThreadingHTTPServer
from pathlib import Path

ROOT = Path(__file__).resolve().parent
sys.path.insert(0, str(ROOT))
from agent import agent_loop, load_env  # noqa
from sendblue import send, verify_webhook, authorized  # noqa

load_env()
PORT = int(os.environ.get("CHAIRMAN_WEBHOOK_PORT", "8787"))
LOG_DIR = ROOT / "logs"
LOG_DIR.mkdir(parents=True, exist_ok=True)

logging.basicConfig(
    level=logging.INFO,
    format="%(asctime)s [%(levelname)s] %(message)s",
    handlers=[
        logging.FileHandler(LOG_DIR / "webhook.log"),
        logging.StreamHandler(),
    ],
)
log = logging.getLogger("chairman-webhook")


OUTBOUND_LOG = LOG_DIR / "outbound.log"


def log_outbound(payload):
    """Delivery-status event for a message Chairman sent."""
    line = {
        "ts": datetime.now(timezone.utc).isoformat(),
        "status": payload.get("status"),
        "handle": payload.get("message_handle"),
        "to": payload.get("to_number") or payload.get("number"),
        "from": payload.get("from_number") or payload.get("sendblue_number"),
        "was_downgraded": payload.get("was_downgraded"),
        "error_code": payload.get("error_code"),
        "error_message": payload.get("error_message"),
        "service": payload.get("service"),
    }
    with OUTBOUND_LOG.open("a") as f:
        f.write(json.dumps(line) + "\n")
    log.info(
        "outbound %s %s → %s (%s)",
        line["status"],
        line["handle"],
        line["to"],
        line["service"],
    )
    if payload.get("error_code"):
        log.warning("outbound error: %s %s", payload.get("error_code"), payload.get("error_message"))


def handle_message(payload):
    """Route SendBlue webhook: outbound = delivery status, inbound = run Chairman."""
    if payload.get("is_outbound"):
        log_outbound(payload)
        return
    content = (payload.get("content") or "").strip()
    from_num = payload.get("number") or payload.get("from_number")
    if not content or not from_num:
        log.info("skip: empty content or missing from")
        return
    if os.environ.get("SENDBLUE_AUTHORIZED_NUMBERS") and not authorized(from_num):
        log.warning("unauthorized sender: %s", from_num)
        return
    log.info("inbound from %s: %s", from_num, content[:120])
    try:
        reply = agent_loop(f"Inbound iMessage from {from_num}:\n\n{content}")
    except Exception as e:
        log.exception("agent error")
        reply = f"(agent error: {e})"
    reply = (reply or "(no reply)")[:3000]
    result = send(from_num, reply)
    log.info("sent reply to %s: %s", from_num, json.dumps(result)[:200])


class Handler(BaseHTTPRequestHandler):
    def log_message(self, fmt, *args):
        log.info("%s %s", self.address_string(), fmt % args)

    def do_GET(self):
        if self.path == "/health":
            self.send_response(200)
            self.send_header("content-type", "text/plain")
            self.end_headers()
            self.wfile.write(b"ok\n")
            return
        self.send_response(404)
        self.end_headers()

    def do_POST(self):
        if self.path not in ("/webhook", "/inbound"):
            self.send_response(404)
            self.end_headers()
            return
        length = int(self.headers.get("content-length", "0"))
        raw = self.rfile.read(length) if length else b""
        secret = os.environ.get("SENDBLUE_WEBHOOK_SECRET", "")
        if secret:
            sig = (
                self.headers.get("x-sendblue-signature")
                or self.headers.get("sb-signature")
                or self.headers.get("x-signature")
                or ""
            )
            if not verify_webhook(raw, sig, secret):
                log.warning("signature mismatch")
                self.send_response(401)
                self.end_headers()
                self.wfile.write(b"bad signature")
                return
        try:
            payload = json.loads(raw.decode("utf-8"))
        except Exception:
            self.send_response(400)
            self.end_headers()
            self.wfile.write(b"bad json")
            return
        self.send_response(200)
        self.send_header("content-type", "application/json")
        self.end_headers()
        self.wfile.write(b'{"ok":true}')
        threading.Thread(target=handle_message, args=(payload,), daemon=True).start()


def main():
    log.info("Chairman webhook listening on :%d  (POST /webhook, GET /health)", PORT)
    ThreadingHTTPServer(("0.0.0.0", PORT), Handler).serve_forever()


if __name__ == "__main__":
    main()
