#!/usr/bin/env bash
# BooControl forced-command wrapper (embedding / Linux).
#
# Bound to the BooControl SSH key via authorized_keys:
#   command="/home/samkintop/llama-swap/boocontrol-edit.sh",restrict ssh-ed25519 AAAA... boocontrol@embedding
#
# The key can do NOTHING but the verbs below, all hardcoded to
# /home/samkintop/llama-swap and /home/samkintop/models. The only client-supplied
# value is the HF repo id, regex-validated. Place at the path above and chmod +x.

set -euo pipefail

CFG=/home/samkintop/llama-swap/config.yaml
MODELS=/home/samkintop/models
SERVICE=llama-swap   # systemctl --user unit name

read -r verb arg <<<"${SSH_ORIGINAL_COMMAND:-}"

case "$verb" in
  read)
    [ -f "$CFG" ] && cat "$CFG" || true
    ;;
  backup)
    bak="$CFG.bak-$(date -u +%Y%m%dT%H%M%SZ)"
    cp "$CFG" "$bak"
    echo "$bak"
    ;;
  write)
    cat > "$CFG"
    ;;
  restart)
    systemctl --user restart "$SERVICE"
    ;;
  pull)
    if [[ ! "$arg" =~ ^[A-Za-z0-9][A-Za-z0-9._-]*/[A-Za-z0-9][A-Za-z0-9._-]*$ ]]; then
      echo "bad repo id: $arg" >&2; exit 1
    fi
    huggingface-cli download "$arg" --local-dir "$MODELS/${arg//\//__}"
    ;;
  *)
    echo "denied: $verb" >&2; exit 1
    ;;
esac