#!/usr/bin/env bash
set -euo pipefail

MODEL_PROVIDER="OpenAI"
MODEL="gpt-5.5"
BASE_URL="https://www.lenovo-ai.cn"
CONFIG_DIR="${HOME}/.codex"
CONFIG_FILE="${CONFIG_DIR}/config.toml"
ZSHRC="${HOME}/.zshrc"
MARKER_BEGIN="# >>> codex openai config >>>"
MARKER_END="# <<< codex openai config <<<"

read_secret() {
  if [[ -n "${OPENAI_API_KEY:-}" ]]; then
    printf '%s' "${OPENAI_API_KEY}"
    return
  fi

  printf "Paste OPENAI_API_KEY, then press Enter: " >&2
  stty -echo
  read -r key
  stty echo
  printf "\n" >&2

  if [[ -z "${key}" ]]; then
    echo "OPENAI_API_KEY is required." >&2
    exit 1
  fi

  printf '%s' "${key}"
}

escape_for_sed_replacement() {
  printf '%s' "$1" | sed 's/[\/&]/\\&/g'
}

backup_file() {
  local path="$1"
  if [[ -f "${path}" ]]; then
    cp "${path}" "${path}.bak.$(date +%Y%m%d%H%M%S)"
  fi
}

write_codex_config() {
  mkdir -p "${CONFIG_DIR}"
  chmod 700 "${CONFIG_DIR}"
  backup_file "${CONFIG_FILE}"

  cat > "${CONFIG_FILE}" <<EOF
model_provider = "${MODEL_PROVIDER}"
model = "${MODEL}"
review_model = "${MODEL}"
model_reasoning_effort = "xhigh"
disable_response_storage = true
network_access = "enabled"
windows_wsl_setup_acknowledged = true
model_context_window = 1000000
model_auto_compact_token_limit = 900000

[model_providers.${MODEL_PROVIDER}]
name = "${MODEL_PROVIDER}"
base_url = "${BASE_URL}"
wire_api = "responses"
requires_openai_auth = true
EOF

  chmod 600 "${CONFIG_FILE}"
}

write_shell_env() {
  local key="$1"
  local escaped_key
  escaped_key="$(escape_for_sed_replacement "${key}")"

  touch "${ZSHRC}"
  backup_file "${ZSHRC}"

  if grep -qF "${MARKER_BEGIN}" "${ZSHRC}"; then
    sed -i '' "/${MARKER_BEGIN}/,/${MARKER_END}/c\\
${MARKER_BEGIN}\\
export OPENAI_API_KEY=\"${escaped_key}\"\\
${MARKER_END}
" "${ZSHRC}"
  else
    {
      printf "\n%s\n" "${MARKER_BEGIN}"
      printf "export OPENAI_API_KEY=\"%s\"\n" "${key}"
      printf "%s\n" "${MARKER_END}"
    } >> "${ZSHRC}"
  fi
}

write_launchctl_env() {
  local key="$1"
  if command -v launchctl >/dev/null 2>&1; then
    launchctl setenv OPENAI_API_KEY "${key}"
  fi
}

main() {
  if [[ "$(uname -s)" != "Darwin" ]]; then
    echo "This script is intended for macOS." >&2
    exit 1
  fi

  local key
  key="$(read_secret)"

  write_codex_config
  write_shell_env "${key}"
  write_launchctl_env "${key}"

  echo "Codex config written: ${CONFIG_FILE}"
  echo "OPENAI_API_KEY added to: ${ZSHRC}"
  echo "OPENAI_API_KEY set for GUI apps via launchctl."
  echo
  echo "Restart Codex Desktop if it is open."
  echo "For terminal Codex, run: source ~/.zshrc"
}

main "$@"