#!/usr/bin/env bash
# bms-logging.sh — Action logging for BMS skill
# Centralized logging of user-initiated actions for audit/review

set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"

# Log directory (can be overridden)
BMS_LOG_DIR="${BMS_LOG_DIR:-$HOME/.bms-actions}"

# Ensure log directory exists
mkdir -p "$BMS_LOG_DIR"

# Compute log file dynamically based on current BMS_LOG_DIR

# Sanitize arguments: strip any sensitive values from a JSON object
# Usage: sanitized=$(sanitize_args '{"password":"secret","token":"abc"}')
sanitize_args() {
  local input="$1"
  # Remove known sensitive keys; preserve structure; output compact JSON to avoid newline issues
  jq -c 'del(.["BMS_PASSWORD"], .["BMS_MFA_CODE"], .["BMS_CLIENT_SECRET"], .["access_token"], .["refresh_token"], .["token"], .["Authorization"])' 2>/dev/null <<<"$input" || echo "$input"
}

# Log an action
# Arguments: command, args_json, result_json, status (success|error)
log_action() {
  local command="$1"
  local args_json="${2:-{\}}"
  local result_json="${3:-{\}}"
  local status="${4:-success}"

  # Ensure we have valid JSON; if pretty-printed, re-compact to a single line
  local args_compact result_compact
  args_compact=$(echo "$args_json" | jq -c . 2>/dev/null || echo "$args_json")
  result_compact=$(echo "$result_json" | jq -c . 2>/dev/null || echo "$result_json")

  local timestamp
  timestamp=$(date -u +%Y-%m-%dT%H:%M:%SZ)

  # Compute log file path dynamically
  local log_dir="${BMS_LOG_DIR:-$HOME/.bms-actions}"
  mkdir -p "$log_dir" 2>/dev/null
  local log_file="$log_dir/$(date -u +%Y-%m-%d).jsonl"

  # Use --arg to pass JSON as string, then parse with fromjson inside jq
  local entry
  entry=$(jq -nc \
    --arg ts "$timestamp" \
    --arg cmd "$command" \
    --arg args "$args_compact" \
    --arg result "$result_compact" \
    --arg stat "$status" \
    '{timestamp: $ts, command: $cmd, args: ($args|fromjson), result: ($result|fromjson), status: $stat}')

  echo "$entry" >> "$log_file"
}

# Get current log file path
get_log_path() {
  local log_dir="${BMS_LOG_DIR:-$HOME/.bms-actions}"
  echo "$log_dir/$(date -u +%Y-%m-%d).jsonl"
}