#!/bin/sh
# cometbft-common.sh — reusable CometBFT-node bootstrap helpers (family C).
#
# Source this from a chain-specific init.sh. It encapsulates the operations every
# CometBFT-consensus node needs (init, fetch config artifacts, patch config.toml /
# app.toml, seed priv_validator_state), extracted verbatim from the proven berachain
# beacon-kit entrypoint so callers inherit known-good behavior.
#
# Each function takes explicit arguments (paths/values) — it is binary-agnostic. The
# caller owns the binary name, the `<binary> init` invocation, the artifact URLs, and
# the final `exec <binary> start ...`. EL-driven chains (beacon-kit, morph) also call
# the JWT / engine-dial helpers; pure-consensus chains (gaiad) skip them.
#
# Conventions: POSIX sh (alpine). Config dir is conventionally $HOME_DIR/config.
# Used by: morph-node, gaiad (cosmos batch), and any future family-C chain.
# beacon-kit (berachain) keeps its own bespoke init.sh on purpose — do not retrofit it.

set -e

ct_log() { echo "[cometbft-init] $*"; }

# Ensure curl exists (alpine base images often omit it). Idempotent.
ct_require_curl() {
  if ! command -v curl >/dev/null 2>&1; then
    ct_log "installing curl"
    apk add --no-cache curl
  fi
}

# ct_fetch URL DEST [required]
#   Download URL -> DEST. If the 3rd arg is "required", a failure is fatal;
#   otherwise a missing/failed fetch is logged and skipped (returns 0).
ct_fetch() {
  _url="$1"; _dest="$2"; _req="${3:-optional}"
  [ -n "$_url" ] || { [ "$_req" = required ] && { ct_log "FATAL: empty URL for $_dest"; exit 1; }; return 0; }
  if curl -fsSL "$_url" -o "$_dest"; then
    ct_log "fetched $_url -> $_dest"
  else
    if [ "$_req" = required ]; then
      ct_log "FATAL: failed to fetch required $_url"; exit 1
    fi
    ct_log "skip: could not fetch optional $_url"
  fi
}

# ct_patch_p2p CONFIG_TOML IP P2P_PORT
#   Bind p2p to 0.0.0.0:PORT and advertise IP:PORT (only within the [p2p] section).
ct_patch_p2p() {
  _cfg="$1"; _ip="$2"; _port="$3"
  [ -f "$_cfg" ] || { ct_log "patch_p2p: $_cfg missing, skipping"; return 0; }
  _laddr="tcp:\\/\\/0\\.0\\.0\\.0\\:${_port}"
  sed -i "/^\[p2p\]/,/^\[/{s|^laddr = .*|laddr = \"$_laddr\"|}" "$_cfg"
  sed -i "/^\[p2p\]/,/^\[/{s|^external_address = .*|external_address = \"${_ip}:${_port}\"|}" "$_cfg"
}

# ct_merge_seeds CONFIG_TOML CONFIGURED_SEEDS [SEEDS_URL]
#   Merge operator-configured seeds with an optional official seed list (1 entry per
#   line, first line skipped like the berachain cl-seeds.txt header), dedupe, write.
ct_merge_seeds() {
  _cfg="$1"; _seeds="$2"; _url="$3"
  [ -f "$_cfg" ] || return 0
  if [ -n "$_url" ]; then
    _official=$(curl -f -s "$_url" | tail -n +2 | tr '\n' ',' | sed 's/,$//' || true)
    if [ -n "$_official" ]; then
      ct_log "merging official seeds from $_url"
      _seeds=$(echo "${_seeds},${_official}" | tr ',' '\n' | sed '/^$/d' | sort -u | paste -sd,)
    else
      ct_log "no official seeds fetched from $_url (continuing with configured)"
    fi
  fi
  if [ -n "$_seeds" ]; then
    sed -i "s/^seeds = \".*\"/seeds = \"${_seeds}\"/" "$_cfg"
  fi
}

# ct_set_persistent_peers CONFIG_TOML PEERS
#   Handles both cometbft-classic `persistent_peers` (underscore) and forks that use
#   `persistent-peers` (hyphen, e.g. sei) — patches whichever key is present.
ct_set_persistent_peers() {
  _cfg="$1"; _peers="$2"
  [ -f "$_cfg" ] || return 0
  [ -n "$_peers" ] || return 0
  sed -i "s/^persistent_peers = \".*\"/persistent_peers = \"${_peers}\"/" "$_cfg"
  sed -i "s/^persistent-peers = \".*\"/persistent-peers = \"${_peers}\"/" "$_cfg"
  return 0
}

# ct_set_moniker CONFIG_TOML MONIKER
ct_set_moniker() {
  _cfg="$1"; _mon="$2"
  [ -f "$_cfg" ] || return 0
  [ -n "$_mon" ] && sed -i "s/^moniker = \".*\"/moniker = \"$_mon\"/" "$_cfg"
  return 0
}

# ct_set_addrbook CONFIG_DIR ADDRBOOK_URL
#   Optional: cosmos chains often seed an addrbook.json for faster peer discovery.
ct_set_addrbook() {
  _dir="$1"; _url="$2"
  [ -n "$_url" ] || return 0
  ct_fetch "$_url" "$_dir/addrbook.json" optional
}

# ct_write_jwt CONFIG_DIR  [JWT_SRC]
#   EL-driven chains: copy the shared engine JWT (default /jwtsecret) into the config
#   dir as jwt.hex so the CL can authenticate to the EL engine API.
ct_write_jwt() {
  _dir="$1"; _src="${2:-/jwtsecret}"
  [ -f "$_src" ] || { ct_log "write_jwt: $_src missing, skipping"; return 0; }
  cat "$_src" > "$_dir/jwt.hex"
}

# ct_set_rpc_dial_url APP_TOML AUTH_RPC
#   beacon-kit / app.toml-style EL engine endpoint (e.g. http://<el>:8551).
ct_set_rpc_dial_url() {
  _app="$1"; _rpc="$2"
  [ -f "$_app" ] || return 0
  [ -n "$_rpc" ] && sed -i "s|^rpc-dial-url = \".*\"|rpc-dial-url = \"$_rpc\"|" "$_app"
  return 0
}

# ct_seed_priv_validator_state HOME_DIR
#   Ensure data/priv_validator_state.json exists (cometbft refuses to start without it
#   when one is present in config/). Mirrors the berachain init.sh behavior.
ct_seed_priv_validator_state() {
  _home="$1"
  if [ -e "$_home/config/priv_validator_state.json" ] && [ ! -e "$_home/data/priv_validator_state.json" ]; then
    mkdir -p "$_home/data"
    cp "$_home/config/priv_validator_state.json" "$_home/data/priv_validator_state.json"
  fi
  return 0
}

# ct_apk PKG...
#   Install alpine packages idempotently (most cosmos init scripts need curl, some jq).
ct_apk() {
  apk add --no-cache "$@"
}

# ct_localize_home CONFIG_DIR
#   Rewrite `~/` to `/root/` in config.toml + app.toml. Cosmos `init` writes home-relative
#   paths; the container runs as root with a static home, so make paths absolute.
ct_localize_home() {
  _dir="$1"
  [ -f "$_dir/config.toml" ] && sed -i 's|~/|/root/|g' "$_dir/config.toml"
  [ -f "$_dir/app.toml" ]    && sed -i 's|~/|/root/|g' "$_dir/app.toml"
  return 0
}

# ct_set_min_gas_prices APP_TOML PRICE
#   Cosmos chains reject txs (and sometimes refuse to start) with an empty
#   minimum-gas-prices. PRICE e.g. "0.01usei", "0.0025uatom", "0.01hqq".
ct_set_min_gas_prices() {
  _app="$1"; _price="$2"
  [ -f "$_app" ] || return 0
  [ -n "$_price" ] || return 0
  sed -i "s/minimum-gas-prices = \"\"/minimum-gas-prices = \"${_price}\"/g" "$_app"
  return 0
}

# ct_configure_statesync CONFIG_TOML RPC_SERVERS [TRUST_OFFSET]
#   Enable cometbft state-sync so a fresh node bootstraps near chainhead instead of
#   replaying from genesis — the single biggest lever for "can't keep it at chainhead"
#   chains. RPC_SERVERS = comma list of trusted RPC endpoints (>=2 recommended; a single
#   endpoint is duplicated). TRUST_OFFSET = blocks below head to trust (default 2000).
#   Requires jq + curl. No-op (logged) if head height can't be fetched.
ct_configure_statesync() {
  _cfg="$1"; _rpc="$2"; _offset="${3:-2000}"
  [ -f "$_cfg" ] || return 0
  # NEVER re-arm statesync on a node that already has application state (a restored
  # snapshot or a prior sync). Re-statesyncing over it leaves a broken/partial datadir and,
  # for wasm chains, drops the wasm files -> startup panic. _cfg is $HOME/config/config.toml,
  # so application state lives at $HOME/data/application.db.
  _home=$(dirname "$(dirname "$_cfg")")
  if [ -e "$_home/data/application.db" ]; then
    ct_log "statesync: existing data dir, skipping"
    return 0
  fi
  [ -n "$_rpc" ] || { ct_log "statesync: no RPC servers given, skipping"; return 0; }
  _primary=$(echo "$_rpc" | cut -d, -f1)
  _latest=$(curl -s "$_primary/block" | jq -r '.result.block.header.height // .block.header.height' 2>/dev/null || true)
  if [ -z "$_latest" ] || [ "$_latest" = null ]; then
    ct_log "statesync: could not read head height from $_primary, skipping"; return 0
  fi
  _trust_h=$((_latest - _offset))
  _trust_hash=$(curl -s "$_primary/block?height=$_trust_h" | jq -r '.result.block_id.hash // .block_id.hash' 2>/dev/null || true)
  [ -n "$_trust_hash" ] && [ "$_trust_hash" != null ] || { ct_log "statesync: no trust hash, skipping"; return 0; }
  # second server defaults to the first (cometbft wants >=2 for light-client cross-check)
  echo "$_rpc" | grep -q ',' || _rpc="$_rpc,$_rpc"
  ct_log "statesync: enable trust_height=$_trust_h trust_hash=$_trust_hash"
  # Patch ONLY the [statesync] section. CometBFT config.toml uses underscore keys
  # (rpc_servers/trust_height/trust_hash); tolerate hyphen variants with [_-].
  sed -i.bak -E "/^\[statesync\]/,/^\[/{
    s|^([[:space:]]*enable[[:space:]]*=[[:space:]]*).*|\1true|
    s|^([[:space:]]*rpc[_-]servers[[:space:]]*=[[:space:]]*).*|\1\"$_rpc\"|
    s|^([[:space:]]*trust[_-]height[[:space:]]*=[[:space:]]*).*|\1$_trust_h|
    s|^([[:space:]]*trust[_-]hash[[:space:]]*=[[:space:]]*).*|\1\"$_trust_hash\"|
  }" "$_cfg"
  return 0
}

# ct_ensure_wasm HOME_DIR WASM_SNAPSHOT_URL
#   CosmWasm + IBC 08-wasm bytecode are FILES on disk that state-sync does NOT restore, so
#   a state-synced wasm chain panics at startup ("wasmlckeeper failed initialize pinned codes
#   / Error opening Wasm file"). Seed them from a wasm-only snapshot (e.g. polkachu
#   cosmos_wasmonly.tar.lz4) when the wasm dir is missing/empty. No-op if URL unset or wasm
#   already present. Best-effort (logs on failure); the fully robust path for wasm chains is a
#   FULL snapshot restore. Requires lz4 + tar (installed here).
ct_ensure_wasm() {
  _home="$1"; _url="$2"
  [ -n "$_url" ] || return 0
  if [ -d "$_home/wasm" ] && [ -n "$(ls -A "$_home/wasm" 2>/dev/null)" ]; then
    return 0   # wasm already present
  fi
  ct_log "wasm: empty, fetching snapshot $_url"
  ct_apk lz4 tar
  if curl -sL "$_url" | lz4 -dc | tar -xf - -C "$_home"; then
    ct_log "wasm: extracted into $_home"
  else
    ct_log "WARN wasm: fetch/extract failed ($_url)"
  fi
  return 0
}