export interface BossAdminMenuItem {
  key: string;
  label: string;
  children?: BossAdminMenuItem[];
}

export interface BossAdminTaskSlaRow extends Record<string, unknown> {
  taskId: string;
  riskId: string;
  projectId: string;
  deviceId: string;
  taskType: string;
  status: string;
  phase: string;
  summary: string;
  slaLevel: "ok" | "watch" | "breached" | "recoverable" | "terminal";
  severity: "info" | "warning" | "critical";
  slaDueAt: string;
  lastProgressAt: string;
  attemptLabel: string;
  stale: boolean;
  recoverable: boolean;
  autoRecoverable: boolean;
  recommendedAction: string;
}

export interface BossAdminTaskSlaPanel {
  generatedAt: string;
  summary: Record<string, number>;
  rows: BossAdminTaskSlaRow[];
}

export interface BossAdminBackofficePayload {
  ok: boolean;
  surface: "platform" | "enterprise";
  currentCompany: Record<string, unknown> | null;
  menuTree: BossAdminMenuItem[];
  insights: {
    onboardingSteps: string[];
    serviceStatuses: Array<Record<string, unknown>>;
    openingPreview: Array<Record<string, unknown>>;
    deliveryChecklist: Array<Record<string, unknown>>;
    recentCompanies: Array<Record<string, unknown>>;
    customerHealthRows: Array<Record<string, unknown>>;
    riskAggregates: Array<Record<string, unknown>>;
    customerFollowups: Array<Record<string, unknown>>;
    enterpriseGoals: Array<Record<string, unknown>>;
    organizationUnits: string[];
    departmentProgress: Array<Record<string, unknown>>;
    masterAgentSummary: string[];
    permissionHighlights: string[];
    agentFlowSteps: string[];
    skillUsageAudit: Array<Record<string, unknown>>;
    recoveryActions: string[];
    backupStatus: Record<string, unknown>;
    dataSafetySummary: Record<string, unknown>;
    taskRiskSummary: Record<string, unknown>;
    taskSlaPanel: BossAdminTaskSlaPanel;
    capabilitySummary: Record<string, number>;
    surface: "platform" | "enterprise";
  };
  workbench: {
    summary: Record<string, number>;
    companies: Array<Record<string, unknown>>;
    devices: Array<Record<string, unknown>>;
    risks: Array<Record<string, unknown>>;
    notifications: Array<Record<string, unknown>>;
    grantsSummary: Record<string, number>;
  };
  tenants: Array<Record<string, unknown>>;
  users: Array<Record<string, unknown>>;
  roles: {
    builtInRoles: Array<Record<string, unknown>>;
    permissionTemplates: Array<Record<string, unknown>>;
  };
  resourceGroups: {
    devices: Array<Record<string, unknown>>;
    projects: Array<Record<string, unknown>>;
    skills: Array<Record<string, unknown>>;
    grants: Record<string, Array<Record<string, unknown>>>;
  };
  audit: {
    risks: Array<Record<string, unknown>>;
    notifications: Array<Record<string, unknown>>;
    riskTimeline: Array<Record<string, unknown>>;
    permissionLogs: Array<Record<string, unknown>>;
  };
  yudaoMapping: Record<string, string>;
}

export interface BossAdminBackupSnapshot {
  snapshotId: string;
  fileName: string;
  absolutePath: string;
  bytes: number;
  sha256: string;
  createdAt: string;
  actorAccount?: string;
  reason?: string;
  schemaVersion?: number;
}

export interface BossAdminBackupStatus {
  mode: "file";
  backupDir: string;
  stateFile: string;
  restorePointCount: number;
  lastBackupAt?: string;
  status: "ready" | "empty" | "error";
  detail?: string;
}

export interface BossAdminBackupsPayload {
  ok: boolean;
  status: BossAdminBackupStatus;
  snapshots: BossAdminBackupSnapshot[];
}

export interface BossAdminSkillLifecycleRequest extends Record<string, unknown> {
  requestId: string;
  action: string;
  status: string;
  deviceId: string;
  skillId?: string;
  sourceUrl?: string;
  targetVersion?: string;
  rollbackToVersion?: string;
  lockedVersion?: string;
  requestedAt?: string;
  completedAt?: string;
  resultSummary?: string;
  error?: string;
}

export interface BossAdminSkillLifecycleRequestsPayload {
  ok: boolean;
  requests: BossAdminSkillLifecycleRequest[];
}

async function requestJson<T>(url: string, init: RequestInit = {}): Promise<T> {
  const response = await fetch(url, {
    credentials: "include",
    ...init,
    headers: {
      Accept: "application/json",
      ...(init.body ? { "Content-Type": "application/json" } : {}),
      ...(init.headers ?? {}),
    },
  });
  if (response.status === 401) {
    window.location.href = "/auth/login";
    throw new Error("UNAUTHORIZED");
  }
  if (!response.ok) {
    const payload = await response.json().catch(() => null);
    throw new Error(payload?.message ?? `HTTP_${response.status}`);
  }
  return response.json();
}

export async function fetchBossAdminBackoffice(scope: "platform" | "enterprise" = "platform"): Promise<BossAdminBackofficePayload> {
  return requestJson<BossAdminBackofficePayload>(`/api/v1/admin/backoffice?scope=${scope}`);
}

export async function postAdminAccess(payload: Record<string, unknown>) {
  return requestJson<Record<string, unknown>>("/api/v1/admin/access", {
    method: "POST",
    body: JSON.stringify(payload),
  });
}

export async function postRiskAction(payload: Record<string, unknown>) {
  return requestJson<Record<string, unknown>>("/api/v1/admin/risks/actions", {
    method: "POST",
    body: JSON.stringify(payload),
  });
}

export async function postSkillLifecycleRequest(payload: Record<string, unknown>) {
  return requestJson<Record<string, unknown>>("/api/v1/admin/skills/requests", {
    method: "POST",
    body: JSON.stringify(payload),
  });
}

export async function fetchSkillLifecycleRequests(): Promise<BossAdminSkillLifecycleRequestsPayload> {
  return requestJson<BossAdminSkillLifecycleRequestsPayload>("/api/v1/admin/skills/requests", {
    method: "GET",
  });
}

export async function postDeviceCodexRemoteControl(
  deviceId: string,
  payload: { action: "start" | "stop"; reason?: string },
) {
  return requestJson<Record<string, unknown>>(
    `/api/v1/devices/${encodeURIComponent(deviceId)}/codex-remote-control`,
    {
      method: "POST",
      body: JSON.stringify({
        ...payload,
        confirmed: true,
      }),
    },
  );
}

export async function fetchAdminBackups(): Promise<BossAdminBackupsPayload> {
  return requestJson<BossAdminBackupsPayload>("/api/v1/admin/backups");
}

export async function createAdminBackup(reason: string) {
  return requestJson<Record<string, unknown>>("/api/v1/admin/backups", {
    method: "POST",
    body: JSON.stringify({
      action: "create_snapshot",
      reason,
    }),
  });
}

export async function restoreAdminBackup(snapshotId: string) {
  return requestJson<Record<string, unknown>>("/api/v1/admin/backups", {
    method: "POST",
    body: JSON.stringify({
      action: "restore_snapshot",
      snapshotId,
    }),
  });
}