#!/bin/sh
# Project X CLI installer — https://get.flow-ai.io
#
#   curl -fsSL https://get.flow-ai.io | sh
#
# Detects OS/arch, downloads the matching `px` release from this same host,
# verifies its SHA-256, and installs it under ~/.local/bin (no sudo). The
# artifacts are laid out by tools/release/publish_px.sh as:
#
#   /VERSION                          the published version + git rev
#   /bin/<target-triple>/px.tar.gz    the binary, tarred
#   /bin/<target-triple>/px.sha256    "<hex>  px.tar.gz"
#
# Overrides (mostly for testing / packaging):
#   PX_DIST_BASE     alternate artifact host   (default https://get.flow-ai.io)
#   PX_INSTALL_DIR   alternate install dir     (default ~/.local/bin)
#
# POSIX sh on purpose: this must run on a stock macOS or minimal Linux box
# with nothing but curl/wget + tar + a shasum tool.
set -eu

base="${PX_DIST_BASE:-https://get.flow-ai.io}"
install_dir="${PX_INSTALL_DIR:-$HOME/.local/bin}"

say()  { printf '%s\n' "$*"; }
fail() { printf 'install failed: %s\n' "$*" >&2; exit 1; }

# --- 1. pick the target triple -------------------------------------------------
os="$(uname -s)"
arch="$(uname -m)"
case "$os/$arch" in
  Darwin/arm64)          target="aarch64-apple-darwin" ;;
  Darwin/x86_64)         target="x86_64-apple-darwin" ;;
  Linux/x86_64)          target="x86_64-unknown-linux-musl" ;;
  Linux/aarch64)         target="aarch64-unknown-linux-musl" ;;
  *) fail "no prebuilt px for $os/$arch yet — build from source: cargo build -p px-cli (Rust >= 1.88)" ;;
esac

# --- 2. fetch ------------------------------------------------------------------
if command -v curl >/dev/null 2>&1; then
  fetch() { curl -fsSL "$1" -o "$2"; }
elif command -v wget >/dev/null 2>&1; then
  fetch() { wget -q "$1" -O "$2"; }
else
  fail "need curl or wget"
fi

tmp="$(mktemp -d)"
trap 'rm -rf "$tmp"' EXIT INT TERM

version="unknown"
if fetch "$base/VERSION" "$tmp/VERSION" 2>/dev/null; then
  version="$(head -n1 "$tmp/VERSION")"
fi

say "installing px ($version, $target) from $base"
fetch "$base/bin/$target/px.tar.gz" "$tmp/px.tar.gz" \
  || fail "download failed: $base/bin/$target/px.tar.gz (is this platform published yet?)"
fetch "$base/bin/$target/px.sha256" "$tmp/px.sha256" \
  || fail "download failed: $base/bin/$target/px.sha256"

# --- 3. verify -----------------------------------------------------------------
want="$(awk '{print $1}' "$tmp/px.sha256")"
if command -v sha256sum >/dev/null 2>&1; then
  got="$(sha256sum "$tmp/px.tar.gz" | awk '{print $1}')"
elif command -v shasum >/dev/null 2>&1; then
  got="$(shasum -a 256 "$tmp/px.tar.gz" | awk '{print $1}')"
else
  fail "need sha256sum or shasum to verify the download"
fi
[ -n "$want" ] && [ "$want" = "$got" ] \
  || fail "checksum mismatch (want $want, got $got) — refusing to install"

# --- 4. install ----------------------------------------------------------------
tar -xzf "$tmp/px.tar.gz" -C "$tmp" px
mkdir -p "$install_dir"
# Install atomically: extracted to a temp dir, moved into place in one rename.
mv -f "$tmp/px" "$install_dir/px"
chmod +x "$install_dir/px"

say "installed: $install_dir/px"
"$install_dir/px" --version || true

case ":$PATH:" in
  *":$install_dir:"*) ;;
  *)
    say ""
    say "note: $install_dir is not on your PATH. Add it, e.g.:"
    say "  export PATH=\"$install_dir:\$PATH\""
    ;;
esac

say ""
say "next steps:"
say "  px login --oauth       # sign in with a passkey (browser: add --web)"
say "  px new                 # create your first sandbox"
say "  px billing balance     # your credit, burn rate, and runway"
