#!/usr/bin/env bash
set -euo pipefail

BOT_TOKEN="${SKILLFENCE_TG_BOT_TOKEN:-}"
CHAT_ID="${SKILLFENCE_TG_CHAT_ID:-}"
MONITOR="/home/openclaw/.openclaw/workspace/skills/skillfence/monitor.js"

if ! command -v node >/dev/null 2>&1; then
  exit 0
fi

if [ -z "$BOT_TOKEN" ] || [ -z "$CHAT_ID" ]; then
  exit 0
fi

TMP_JSON="$(mktemp)"
node "$MONITOR" --scan > "$TMP_JSON" || exit 0

CRIT=$(jq -r '.summary.critical // 0' "$TMP_JSON")
HIGH=$(jq -r '.summary.high // 0' "$TMP_JSON")
MED=$(jq -r '.summary.medium // 0' "$TMP_JSON")
TOTAL=$((CRIT + HIGH + MED))
VERDICT=$(jq -r '.summary.verdict // "UNKNOWN"' "$TMP_JSON")

if [ "$TOTAL" -gt 0 ]; then
  TOP=$(jq -r '([.skill_scan.findings[]?, .network_check[]?, .process_check[]?, .credential_check[]?] | .[:5] | map("• [" + (.severity // "?") + "] " + (.type // "finding") + " — " + (.detail // .action // "") ) | join("\n"))' "$TMP_JSON")
  TEXT="🛡️ SkillFence daily alert\nVerdict: $VERDICT\nCritical: $CRIT | High: $HIGH | Medium: $MED\n\nTop findings:\n$TOP"

  curl -sS -X POST "https://api.telegram.org/bot${BOT_TOKEN}/sendMessage" \
    -d chat_id="$CHAT_ID" \
    --data-urlencode text="$TEXT" \
    -d disable_web_page_preview=true >/dev/null || true
fi

rm -f "$TMP_JSON"