<?php

// === WEVAL SECRETS LOADER ===
$_WEVAL_SECRETS = [];
if (file_exists('/etc/weval/secrets.env')) {
    foreach (file('/etc/weval/secrets.env', FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES) as $line) {
        if (strpos($line, '#') === 0) continue;
        if (strpos($line, '=') !== false) {
            list($k, $v) = explode('=', $line, 2);
            $_WEVAL_SECRETS[trim($k)] = trim($v);
        }
    }
}
function weval_secret_DISABLED($key, $default='') {
    global $_WEVAL_SECRETS;
    return $_WEVAL_SECRETS[$key] ?? getenv($key) ?: $default;
}

/**
 * WEDROID Chain-of-Thought Executor v1.0
 * Multi-step autonomous reasoning + execution
 * Called by WEDROID Brain API for complex tasks
 */

function chainExecute($task, $context = []) {
    $steps = [];
    $results = [];
    
    // Step 1: Analyze task → decompose into steps
    $analysis = callBrain("Décompose cette tâche en 3-5 étapes bash exécutables sur S95 (95.216.167.89). "
        . "Format: une commande bash par ligne, préfixée par STEP:. "
        . "Contexte infra: Apache ports 5821-5823,5880,5890. DB: PGPASSWORD=W3v4l_2026_S3cur3 psql -h 127.0.0.1 -U admin -d adx_system. "
        . "Tâche: " . $task);
    
    // Extract steps
    if (preg_match_all('/STEP:\s*(.+)/m', $analysis, $m)) {
        $steps = $m[1];
    }
    if (empty($steps)) {
        // Fallback: try single command
        $steps = [trim($analysis)];
    }
    
    // Step 2: Execute each step, feed result to next
    foreach ($steps as $i => $cmd) {
        $cmd = trim($cmd);
        if (empty($cmd) || strlen($cmd) < 3) continue;
        
        // Security check
        $blocked = ['rm -rf','mkfs','shutdown','reboot','passwd','dd if='];
        $skip = false;
        foreach ($blocked as $b) { if (stripos($cmd, $b) !== false) { $skip = true; break; } }
        if ($skip) { $results[] = ['step'=>$i+1, 'cmd'=>$cmd, 'output'=>'BLOCKED: dangerous command', 'status'=>'blocked']; continue; }
        
        // Execute on S95 via Droid
        $b64 = base64_encode($cmd);
        $ch = curl_init("https://weval-consulting.com/api/droid");
        curl_setopt_array($ch, [CURLOPT_POST=>true, CURLOPT_RETURNTRANSFER=>true, CURLOPT_TIMEOUT=>20,
            CURLOPT_POSTFIELDS=>"k=DROID2026&c=$b64"]);
        $r = curl_exec($ch); curl_close($ch);
        $d = json_decode($r, true);
        $output = $d['output'] ?? $r;
        
        $results[] = [
            'step' => $i + 1,
            'cmd' => $cmd,
            'output' => is_string($output) ? substr($output, 0, 500) : '',
            'status' => ($d['ok'] ?? false) ? 'ok' : 'error',
            'duration_ms' => $d['duration_ms'] ?? 0
        ];
        
        // Sleep between steps
        usleep(300000);
    }
    
    // Step 3: Synthesize results
    $summary = callBrain("Voici les résultats d'exécution de " . count($results) . " étapes pour la tâche: '$task'\n\n"
        . json_encode($results, JSON_PRETTY_PRINT|JSON_UNESCAPED_UNICODE) 
        . "\n\nSynthétise les résultats en 3-5 lignes. Si erreur, propose la correction.");
    
    return [
        'ok' => true,
        'task' => $task,
        'steps' => count($results),
        'results' => $results,
        'summary' => $summary,
        'provider' => 'chain-of-thought'
    ];
}

function callBrain($msg) {
    // Use Cerebras for reasoning
    $ch = curl_init("https://api.cerebras.ai/v1/chat/completions");
    curl_setopt_array($ch, [
        CURLOPT_POST => true, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 15,
        CURLOPT_HTTPHEADER => [
            "Content-Type: application/json",
            "Authorization: Bearer csk-4wrrhkpr568ry9xx49k9mcynwdx483nx53dd62yh5xedfckh"
        ],
        CURLOPT_POSTFIELDS => json_encode([
            "model" => "qwen-3-235b-a22b-instruct-2507",
            "messages" => [
                ["role"=>"system","content"=>"Tu es WEDROID, agent DevOps autonome WEVAL. Tu exécutes via Droid API sur S95 (commandes DIRECTES, pas SSH).

INFRA:
- S95: 95.216.167.89, SSH port 49222 (JAMAIS 22), clé wevads_key
- S204: 204.168.152.13, local
- S151: 151.80.235.110, user=ubuntu, pass=REDACTED_SSH
- PMTA: 38.47.117.86/38.60.250.135/38.60.250.106/38.47.117.117, sshpass Yacine.123
- DB S95: PGPASSWORD=W3v4l_2026_S3cur3 psql -h 127.0.0.1 -U admin -d adx_system
- DB S204: psql -U postgres -d adx_system (trust local)
- Ports S95: 5821(WEVADS/403=login) 5822(FMG) 5823(BCG) 5880(WEVIA) 5890(Arsenal)

EMAILS: TOUJOURS envoyer aux 2: ymahboub@weval-consulting.com + yacineutt@gmail.com
PDF: minimum 15 pages, 8+ sections, 6+ tableaux, 3+ graphiques (add_radar_chart/add_bar_chart/add_pie_chart)
NGINX: /products/ doit avoir try_files propre. /wevia-ia/downloads/ auth_basic off. JAMAIS modifier Apache vhosts S95.
AUTH: Pages protégées S204 = weval/YacineWeval2026. Ethica = ethica/Eth1caWEVAL2026. iResponse = yacine@wevads/YacineWeval2026.
THEME: workspace+tech-radar+academy = fond blanc.
ACCENTS: TOUS les textes FR doivent avoir accents (Génère, résolution, qualité, sécurité).

Génère des commandes bash DIRECTES."],
                ["role"=>"user","content"=>$msg]
            ],
            "max_tokens" => 500,
            "temperature" => 0.3
        ])
    ]);
    $r = curl_exec($ch); curl_close($ch);
    $d = json_decode($r, true);
    return $d['choices'][0]['message']['content'] ?? '';
}