#!/usr/bin/env bash

# 1. Resolve the absolute path of opencode from your Nix environment
OPENCODE_PATH=$(command -v opencode)

if [ -z "$OPENCODE_PATH" ]; then
    echo "❌ Error: 'opencode' not found in your PATH."
    exit 1
fi

echo "🛡️  Engaging Bubblewrap Sandbox..."
echo "📍 Using binary: $OPENCODE_PATH"

# 2. Run bwrap using the absolute path
bwrap \
  --ro-bind /bin /bin \
  --ro-bind /usr /usr \
  --ro-bind /lib /lib \
  --ro-bind /lib64 /lib64 \
  --ro-bind /nix /nix \
  --ro-bind /home/pan/.nix-profile/bin /home/pan/.nix-profile/bin \
  --ro-bind /home/pan/.config/opencode /home/pan/.config/opencode \
  --ro-bind /etc/resolv.conf /etc/resolv.conf \
  --ro-bind /etc/hosts /etc/hosts \
  --ro-bind-try /etc/ssl/certs /etc/ssl/certs \
  --ro-bind-try /etc/static/ssl/certs /etc/static/ssl/certs \
  --bind /home/pan/.local/share/opencode /home/pan/.local/share/opencode \
  --proc /proc \
  --dev-bind /dev /dev \
  --tmpfs /tmp \
  --unshare-all \
  --share-net \
  --die-with-parent \
  --bind "$(pwd)" "$(pwd)" \
  --chdir "$(pwd)" \
  --setenv PATH "$PATH" \
  --setenv HOME "$HOME" \
  --setenv TASKRC "$TASKRC" \
  --setenv TASKDATA "$TASKDATA" \
  "$OPENCODE_PATH" "$@"