#!/usr/bin/env bash
set -euo pipefail

log() {
  printf '[verify] %s\n' "$*"
}

cleanup() {
  if [[ -z "${VM_JSON:-}" || ! -f "$VM_JSON" ]]; then
    return
  fi
  pid="$(jq -r '.meta.pid // empty' "$VM_JSON")"
  tap="$(jq -r '.meta.tap // empty' "$VM_JSON")"
  vm_dir="$(dirname "$VM_JSON")"
  if [[ -n "$pid" ]]; then
    sudo kill "$pid" 2>/dev/null || true
  fi
  if [[ -n "$tap" ]]; then
    sudo ip link del "$tap" 2>/dev/null || true
  fi
  if [[ -n "$vm_dir" ]]; then
    rm -rf "$vm_dir"
  fi
}

trap cleanup EXIT

log "starting VM"
if ! ./run.sh; then
  log "run.sh failed"
  exit 1
fi

VM_DIR="$(find state/vms -maxdepth 1 -mindepth 1 -type d -printf '%T@ %p\n' 2>/dev/null | sort -nr | head -n 1 | awk '{print $2}')"
if [[ -z "$VM_DIR" ]]; then
  log "no VM state directory found"
  exit 1
fi
VM_JSON="$VM_DIR/vm.json"
if [[ ! -f "$VM_JSON" ]]; then
  log "vm.json not found: $VM_JSON"
  exit 1
fi

name="$(jq -r '.meta.name // empty' "$VM_JSON")"
created_at="$(jq -r '.meta.created_at // empty' "$VM_JSON")"
guest_ip="$(jq -r '.meta.guest_ip // empty' "$VM_JSON")"
tap="$(jq -r '.meta.tap // empty' "$VM_JSON")"
pid="$(jq -r '.meta.pid // empty' "$VM_JSON")"
vm_dir="$VM_DIR"

if [[ -z "$name" || -z "$created_at" || -z "$guest_ip" ]]; then
  log "missing name or created_at in vm.json"
  exit 1
fi

log "asserting VM is reachable via SSH"
ssh -i "./id_ed25519" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
  "root@${guest_ip}" "uname -a" >/dev/null

log "cleaning up VM"
cleanup

log "asserting cleanup success"
if ip link show "$tap" >/dev/null 2>&1; then
  log "tap still exists: $tap"
  exit 1
fi
if [[ -d "$vm_dir" ]]; then
  log "vm dir still exists: $vm_dir"
  exit 1
fi

log "ok"