#!/usr/bin/env bash
set -euo pipefail

if [[ $# -eq 0 ]]; then
  printf 'usage: sloppodman <pull|build|tag|run|ps|logs|stop|rm|inspect> ...\n' >&2
  exit 2
fi

subcommand=$1
shift

case "$subcommand" in
  pull|build|tag|run|ps|logs|stop|rm|inspect)
    ;;
  *)
    printf 'sloppodman: unsupported subcommand %s\n' "$subcommand" >&2
    exit 2
    ;;
esac

workspace_root=${SLOPTRAP_WORKDIR:-/workspace}
podman_root=${SLOPTRAP_INNER_PODMAN_ROOT:-/codex/capabilities/podman/storage}
podman_runroot=${SLOPTRAP_INNER_PODMAN_RUNROOT:-/codex/capabilities/podman/run}
runtime_dir=${XDG_RUNTIME_DIR:-/codex/capabilities/podman/runtime}
mkdir -p "$podman_root" "$podman_runroot" "$runtime_dir"

resolve_inner_path() {
  local raw=$1
  if command -v realpath >/dev/null 2>&1; then
    realpath -m "$raw"
    return
  fi
  case "$raw" in
    /*) printf '%s\n' "$raw" ;;
    *) printf '%s/%s\n' "$(pwd -P)" "$raw" ;;
  esac
}

validate_workspace_path() {
  local path=$1
  path=$(resolve_inner_path "$path")
  case "$path" in
    "$workspace_root"|"${workspace_root}/"*) ;;
    *)
      printf 'sloppodman: path must stay within %s (%s)\n' "$workspace_root" "$path" >&2
      exit 2
      ;;
  esac
}

if [[ $subcommand == "build" ]]; then
  args=("$@")
  context=""
  idx=0
  while (( idx < ${#args[@]} )); do
    arg=${args[$idx]}
    case "$arg" in
      -f|--file)
        ((idx+=1))
        (( idx < ${#args[@]} )) || { printf 'sloppodman: %s requires a path\n' "$arg" >&2; exit 2; }
        validate_workspace_path "${args[$idx]}"
        ;;
      --network)
        ((idx+=1))
        (( idx < ${#args[@]} )) || { printf 'sloppodman: --network requires a value\n' >&2; exit 2; }
        if [[ ${args[$idx]} == "host" && ${SLOPTRAP_INNER_PODMAN_HOST_NETWORK:-0} != 1 ]]; then
          printf 'sloppodman: host networking is not available in this session\n' >&2
          exit 2
        fi
        ;;
    esac
    ((idx+=1))
  done
  if [[ ${#args[@]} -gt 0 ]]; then
    context=${args[$(( ${#args[@]} - 1 ))]}
    validate_workspace_path "$context"
  fi
fi

if [[ $subcommand == "run" ]]; then
  args=("$@")
  idx=0
  while (( idx < ${#args[@]} )); do
    arg=${args[$idx]}
    if [[ $arg == "--network" ]]; then
      ((idx+=1))
      (( idx < ${#args[@]} )) || { printf 'sloppodman: --network requires a value\n' >&2; exit 2; }
      if [[ ${args[$idx]} == "host" && ${SLOPTRAP_INNER_PODMAN_HOST_NETWORK:-0} != 1 ]]; then
        printf 'sloppodman: host networking is not available in this session\n' >&2
        exit 2
      fi
    fi
    ((idx+=1))
  done
fi

exec podman --root "$podman_root" --runroot "$podman_runroot" "$subcommand" "$@"