import { pool } from '../../../db/pool.js';

const TABLE = { page: 'pages', ref: 'refs', task: 'tasks', project: 'projects', space: 'spaces', resource: 'resources' };

// Explicit column projection per entity type (defaults to '*'). Resources carry
// monitoring/metadata JSON that can hold connection hints / vault_path pointers,
// so we never surface those blobs to an agent — see docs/security-sweep-2026-06-01.md.
const SAFE_COLUMNS = {
  resource: 'id, space_id, slug, name, runtime_type, host, url, version, status, last_check, maintenance_until'
};

export const contextTool = {
  name: 'context',
  description: "Resolve what the owner is currently looking at (the active view). Call this first to ground your answer in the right entity.",
  input_schema: { type: 'object', properties: {} },
  async handler(_args, ctx) {
    const view = ctx.view;
    if (!view?.entityType || !view?.entityId) {
      return { note: 'No specific entity is active; only the Space context is available.', space_id: ctx.space_id };
    }
    const table = TABLE[view.entityType];
    if (!table) return { entityType: view.entityType, entityId: view.entityId, note: 'unrecognised entity type' };
    const cols = SAFE_COLUMNS[view.entityType] || '*';
    const { rows: [row] } = await pool.query(`SELECT ${cols} FROM ${table} WHERE id=$1`, [view.entityId]);
    if (!row) return { entityType: view.entityType, entityId: view.entityId, error: 'not found' };
    return { entityType: view.entityType, ...row };
  }
};