#!/usr/bin/env python3
"""Import all existing attestation files into a clean database.
Does NOT run policy evaluation — that's done via the reeval queue."""

import base64
import json
import os
import re
import sqlite3
import sys
from pathlib import Path

sys.path.insert(0, str(Path(__file__).parent))
from server import DB_PATH, ATTESTATION_DIR, init_db, get_db, extract_metrics

def main():
    init_db()

    att_dir = ATTESTATION_DIR
    scan_dirs = sorted(att_dir.glob("scan-*"))
    print(f"Found {len(scan_dirs)} attestation directories")

    imported = 0
    skipped = 0

    for scan_dir in scan_dirs:
        # Extract scan ID from dir name
        match = re.match(r"scan-(\d+)", scan_dir.name)
        if not match:
            continue

        # Find attestation JSON
        att_files = list(scan_dir.glob("scan-*.json"))
        if not att_files:
            skipped += 1
            continue

        att_path = str(att_files[0])
        pre_analysis = scan_dir / "pre-analysis.json"
        pre_path = str(pre_analysis) if pre_analysis.exists() else None

        # Extract package/version from attestation
        try:
            with open(att_path) as f:
                envelope = json.load(f)
            payload = json.loads(base64.b64decode(envelope["payload"]))
            step_name = payload.get("predicate", {}).get("name", "")

            # Parse package name from step name (e.g., "scan-123" or "pip-install-requests")
            package = step_name.replace("scan-", "").replace("pip-install-", "")

            # Try to get version from pip-install attestation
            version = None
            atts = payload.get("predicate", {}).get("attestations", [])
            for att in atts:
                data = att.get("attestation", {})
                if "packages" in data:
                    # Find the "main" package (not pip, setuptools, etc.)
                    for pkg in data["packages"]:
                        name = pkg.get("name", "")
                        if name.lower() not in ("pip", "setuptools", "wheel"):
                            package = name
                            version = pkg.get("version")
                            break

            metrics = extract_metrics(att_path)

        except Exception as e:
            skipped += 1
            continue

        if not package or package.isdigit():
            skipped += 1
            continue

        # Insert into DB
        db = get_db()
        try:
            db.execute("""
                INSERT INTO scans (package, version, status, completed_at,
                    attestation_path, pre_analysis_path,
                    network_connections, files_opened, processes_spawned,
                    dns_lookups, sockets_created, packages_installed)
                VALUES (?, ?, 'completed', datetime('now'), ?, ?, ?, ?, ?, ?, ?, ?)
            """, (package, version, att_path, pre_path,
                  metrics["network_connections"], metrics["files_opened"],
                  metrics["processes_spawned"], metrics["dns_lookups"],
                  metrics["sockets_created"], metrics["packages_installed"]))
            db.commit()
            imported += 1
        except Exception as e:
            print(f"  Error importing {scan_dir.name}: {e}")
            skipped += 1
        finally:
            db.close()

    print(f"\nImported: {imported}")
    print(f"Skipped: {skipped}")
    print(f"\nNow start the server and call POST /api/reeval-all to evaluate all with current policies.")


if __name__ == "__main__":
    main()