import test from "node:test";
import assert from "node:assert/strict";
import { chmod, mkdtemp, readFile, rm, writeFile } from "node:fs/promises";
import os from "node:os";
import path from "node:path";

import {
  getCodexRemoteControlDaemonConfig,
  runCodexRemoteControlDaemonAction,
} from "../local-agent/codex-remote-control-daemon.mjs";

test("codex remote-control daemon config defaults to explicit start and stop commands", () => {
  const config = getCodexRemoteControlDaemonConfig(
    {},
    {
      codexAppServerEnabled: true,
      codexAppServerCommand: "codex",
    },
  );

  assert.equal(config.enabled, true);
  assert.equal(config.command, "codex");
  assert.deepEqual(config.startArgs, ["remote-control", "start", "--json"]);
  assert.deepEqual(config.stopArgs, ["remote-control", "stop", "--json"]);
});

test("codex remote-control daemon action executes only explicit start and redacts sensitive output", async () => {
  const tempDir = await mkdtemp(path.join(os.tmpdir(), "boss-codex-remote-control-"));
  try {
    const argvPath = path.join(tempDir, "argv.json");
    const fakeCodexPath = path.join(tempDir, "codex");
    await writeFile(
      fakeCodexPath,
      `#!/usr/bin/env node
const fs = require("node:fs");
fs.writeFileSync(${JSON.stringify(argvPath)}, JSON.stringify(process.argv.slice(2)));
process.stdout.write(JSON.stringify({ ok: true, token: "sk-secret-should-not-leak", status: "started" }));
`,
      "utf8",
    );
    await chmod(fakeCodexPath, 0o755);

    const result = await runCodexRemoteControlDaemonAction("start", {
      codexRemoteControlEnabled: true,
      codexRemoteControlCommand: fakeCodexPath,
      codexRemoteControlTimeoutMs: 3000,
    });

    assert.equal(result.status, "completed");
    assert.equal(result.action, "start");
    assert.equal(result.commandLabel.endsWith("remote-control start --json"), true);
    assert.deepEqual(JSON.parse(await readFile(argvPath, "utf8")), ["remote-control", "start", "--json"]);
    assert.equal(JSON.stringify(result).includes("sk-secret-should-not-leak"), false);
    assert.equal(result.outputSummary.includes("[REDACTED]"), true);
  } finally {
    await rm(tempDir, { recursive: true, force: true });
  }
});

test("codex remote-control daemon rejects unsupported actions before spawning", async () => {
  await assert.rejects(
    () =>
      runCodexRemoteControlDaemonAction("restart", {
        codexRemoteControlEnabled: true,
      }),
    /Unsupported codex remote-control action/,
  );
});