param(
    [Parameter(Mandatory = $true)]
    [string]$RdpHost,
    [int]$RdpPort = 3389,
    [Parameter(Mandatory = $true)]
    [string]$RdpUsername,
    [Parameter(Mandatory = $true)]
    [string]$RdpPassword,
    [string]$RdpDomain = "",
    [ValidateSet("strict", "ignore")]
    [string]$CertificateVerificationMode = "strict"
)

Set-StrictMode -Version Latest
$ErrorActionPreference = "Stop"

$userId = [guid]::NewGuid().ToString()
$deviceId = [guid]::NewGuid().ToString()
$resourceId = [guid]::NewGuid().ToString()
$userEmail = "smoke-user-$userId@example.local"

$metadata = @{
    rdp_host = $RdpHost
    rdp_port = $RdpPort
    username = $RdpUsername
    password = $RdpPassword
    domain   = $RdpDomain
    certificate_verification_mode = $CertificateVerificationMode
} | ConvertTo-Json -Compress

$sql = @"
INSERT INTO users (id, email, password_hash, mfa_enabled)
VALUES ('$userId'::uuid, '$userEmail', '`$2a`$10`$7EqJtq98hPqEX7fNZaFWoOHi6s6i.5NQ32mibXwjlzAIXazhbugzu', FALSE)
ON CONFLICT (email) DO NOTHING;

INSERT INTO organization_memberships (
    id, organization_id, user_id, role_id, status, invited_by_user_id, created_at, updated_at
)
SELECT
    gen_random_uuid(),
    (SELECT id FROM organizations WHERE slug = 'default'),
    '$userId'::uuid,
    'org_member',
    'active',
    NULL,
    NOW(),
    NOW()
ON CONFLICT (organization_id, user_id) DO UPDATE SET
    status = 'active',
    updated_at = EXCLUDED.updated_at;

INSERT INTO devices (id, user_id, device_fingerprint, device_label, trust_status, trusted_at, last_seen_at, created_at, updated_at)
VALUES (
    '$deviceId'::uuid,
    '$userId'::uuid,
    'smoke-device-1',
    'Smoke Device 1',
    'trusted',
    NOW(),
    NOW(),
    NOW(),
    NOW()
)
ON CONFLICT (user_id, device_fingerprint) DO UPDATE SET
    trust_status = 'trusted',
    trusted_at = NOW(),
    last_seen_at = NOW(),
    updated_at = NOW();

INSERT INTO resources (id, organization_id, name, address, protocol, certificate_verification_mode, metadata, created_at, updated_at)
SELECT
    '$resourceId'::uuid,
    (SELECT id FROM organizations WHERE slug = 'default'),
    'Smoke RDP Resource',
    '$RdpHost',
    'rdp',
    '$CertificateVerificationMode',
    '$metadata'::jsonb,
    NOW(),
    NOW()
ON CONFLICT (id) DO NOTHING;

INSERT INTO resource_policies (
    resource_id, max_concurrent_sessions, takeover_policy, require_trusted_device,
    detach_grace_period_seconds, clipboard_enabled, file_transfer_enabled, created_at, updated_at
)
VALUES (
    '$resourceId'::uuid,
    1,
    'trusted_device',
    TRUE,
    1800,
    FALSE,
    FALSE,
    NOW(),
    NOW()
)
ON CONFLICT (resource_id) DO UPDATE SET
    updated_at = NOW();
"@

$sql | docker exec -i rap_postgres psql -U rap_user -d remote_access_platform -v ON_ERROR_STOP=1 -f -

Write-Host "Seed complete"
Write-Host "email=$userEmail"
Write-Host "user_id=$userId"
Write-Host "device_id=$deviceId"
Write-Host "resource_id=$resourceId"