#!/usr/bin/env bash
set -euo pipefail

SELF_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd)"
# shellcheck source=/usr/local/libexec/brixcli/common.sh
source "${SELF_DIR%/bin}/libexec/brixcli/common.sh"

usage() {
  cat <<'EOF'
Usage:
  remove-agent <agent-name> [--keep-home]

Default behavior removes the Linux user and /home/<agent>.
EOF
}

main() {
  require_root
  load_config
  ensure_runtime_dirs

  local agent=""
  local keep_home=0

  while [[ $# -gt 0 ]]; do
    case "$1" in
      --keep-home)
        keep_home=1
        ;;
      -h|--help)
        usage
        exit 0
        ;;
      *)
        [[ -z "${agent}" ]] || die "unexpected argument: $1"
        agent="$1"
        ;;
    esac
    shift
  done

  [[ -n "${agent}" ]] || { usage; exit 1; }
  validate_agent_name "${agent}"
  agent_must_exist "${agent}"

  systemctl disable --now "brixcli-agent@${agent}.service" 2>/dev/null || true
  systemctl disable --now "brixcli-session@${agent}.service" 2>/dev/null || true

  rm -f "${AGENTS_DIR}/${agent}.env" "${AUTH_DIR}/${agent}.htpasswd"

  awk -F: -v agent="${agent}" '$1 != agent { print $0 }' "${AGENTS_DB}" >"${AGENTS_DB}.tmp"
  mv "${AGENTS_DB}.tmp" "${AGENTS_DB}"

  rebuild_nginx_map
  rebuild_index
  reload_nginx

  if [[ "${keep_home}" -eq 1 ]]; then
    userdel "${agent}"
    printf 'Removed agent %s. Home directory kept at /home/%s (ownership is now numeric/orphaned).\n' "${agent}" "${agent}"
  else
    userdel -r "${agent}"
    printf 'Removed agent %s and deleted /home/%s.\n' "${agent}" "${agent}"
  fi
}

main "$@"
