"""
ARF OSS v3.3.9 - Enterprise Lead Generation Engine
Compatible with Gradio 4.44.1 and Pydantic V2
"""

import os
import json
import uuid
import hmac
import hashlib
import logging
import asyncio
import sqlite3
import requests
from datetime import datetime, timedelta
from typing import Dict, List, Optional, Any, Tuple
from contextlib import contextmanager
from dataclasses import dataclass, asdict
from enum import Enum

import gradio as gr
from fastapi import FastAPI, HTTPException, Depends
from fastapi.middleware.cors import CORSMiddleware
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
from pydantic import BaseModel, Field, field_validator  # Changed from validator
from gradio import mount_gradio_app

# ============== CONFIGURATION ==============
class Settings:
    """Centralized configuration - easy to modify"""
    
    # Hugging Face settings
    HF_SPACE_ID = os.environ.get('SPACE_ID', 'local')
    HF_TOKEN = os.environ.get('HF_TOKEN', '')
    
    # Persistence - HF persistent storage
    DATA_DIR = '/data' if os.path.exists('/data') else './data'
    os.makedirs(DATA_DIR, exist_ok=True)
    
    # Lead generation
    LEAD_EMAIL = "petter2025us@outlook.com"
    CALENDLY_URL = "https://calendly.com/petter2025us/arf-demo"
    
    # Webhook for lead alerts (set in HF secrets)
    SLACK_WEBHOOK = os.environ.get('SLACK_WEBHOOK', '')
    SENDGRID_API_KEY = os.environ.get('SENDGRID_API_KEY', '')
    
    # Security
    API_KEY = os.environ.get('ARF_API_KEY', str(uuid.uuid4()))
    
    # ARF defaults
    DEFAULT_CONFIDENCE_THRESHOLD = 0.9
    DEFAULT_MAX_RISK = "MEDIUM"

settings = Settings()

# ============== LOGGING ==============
logging.basicConfig(
    level=logging.INFO,
    format='%(asctime)s - %(name)s - %(levelname)s - %(message)s',
    handlers=[
        logging.FileHandler(f'{settings.DATA_DIR}/arf.log'),
        logging.StreamHandler()
    ]
)
logger = logging.getLogger('arf.oss')

# ============== ENUMS & TYPES ==============
class RiskLevel(str, Enum):
    LOW = "LOW"
    MEDIUM = "MEDIUM"
    HIGH = "HIGH"
    CRITICAL = "CRITICAL"

class ExecutionLevel(str, Enum):
    AUTONOMOUS_LOW = "AUTONOMOUS_LOW"
    AUTONOMOUS_HIGH = "AUTONOMOUS_HIGH"
    SUPERVISED = "SUPERVISED"
    OPERATOR_REVIEW = "OPERATOR_REVIEW"

class LeadSignal(str, Enum):
    HIGH_RISK_BLOCKED = "high_risk_blocked"
    NOVEL_ACTION = "novel_action"
    POLICY_VIOLATION = "policy_violation"
    CONFIDENCE_LOW = "confidence_low"
    REPEATED_FAILURE = "repeated_failure"

# ============== REAL ARF BAYESIAN ENGINE ==============
class BayesianRiskEngine:
    """
    True Bayesian inference with conjugate priors
    Matches ARF OSS production implementation
    """
    
    def __init__(self):
        # Beta-Binomial conjugate prior
        # Prior represents belief about risk before seeing evidence
        self.prior_alpha = 2.0  # Pseudocounts for "safe" outcomes
        self.prior_beta = 5.0    # Pseudocounts for "risky" outcomes
        
        # Action type priors (learned from industry data)
        self.action_priors = {
            'database': {'alpha': 1.5, 'beta': 8.0},    # DB ops are risky
            'network': {'alpha': 3.0, 'beta': 4.0},     # Network ops medium risk
            'compute': {'alpha': 4.0, 'beta': 3.0},      # Compute ops safer
            'security': {'alpha': 2.0, 'beta': 6.0},     # Security ops risky
            'default': {'alpha': 2.0, 'beta': 5.0}
        }
        
        # Load historical evidence from persistent storage
        self.evidence_db = f"{settings.DATA_DIR}/evidence.db"
        self._init_db()
    
    def _init_db(self):
        """Initialize SQLite DB for evidence storage"""
        with self._get_db() as conn:
            conn.execute('''
                CREATE TABLE IF NOT EXISTS evidence (
                    id TEXT PRIMARY KEY,
                    action_type TEXT,
                    action_hash TEXT,
                    success INTEGER,
                    total INTEGER,
                    timestamp TEXT,
                    metadata TEXT
                )
            ''')
            conn.execute('''
                CREATE INDEX IF NOT EXISTS idx_action_hash 
                ON evidence(action_hash)
            ''')
    
    @contextmanager
    def _get_db(self):
        conn = sqlite3.connect(self.evidence_db)
        try:
            yield conn
        finally:
            conn.close()
    
    def classify_action(self, action_text: str) -> str:
        """Classify action type for appropriate prior"""
        action_lower = action_text.lower()
        
        if any(word in action_lower for word in ['database', 'db', 'sql', 'table', 'drop', 'delete']):
            return 'database'
        elif any(word in action_lower for word in ['network', 'firewall', 'load balancer']):
            return 'network'
        elif any(word in action_lower for word in ['pod', 'container', 'deploy', 'scale']):
            return 'compute'
        elif any(word in action_lower for word in ['security', 'cert', 'key', 'access']):
            return 'security'
        else:
            return 'default'
    
    def get_prior(self, action_type: str) -> Tuple[float, float]:
        """Get prior parameters for action type"""
        prior = self.action_priors.get(action_type, self.action_priors['default'])
        return prior['alpha'], prior['beta']
    
    def get_evidence(self, action_hash: str) -> Tuple[int, int]:
        """Get historical evidence for similar actions"""
        with self._get_db() as conn:
            cursor = conn.execute(
                'SELECT SUM(success), SUM(total) FROM evidence WHERE action_hash = ?',
                (action_hash[:50],)
            )
            row = cursor.fetchone()
            return (row[0] or 0, row[1] or 0) if row else (0, 0)
    
    def calculate_posterior(self, 
                           action_text: str,
                           context: Dict[str, Any]) -> Dict[str, Any]:
        """
        True Bayesian posterior calculation
        P(risk | action, context) ∝ P(action, context | risk) * P(risk)
        """
        # 1. Classify action for appropriate prior
        action_type = self.classify_action(action_text)
        alpha0, beta0 = self.get_prior(action_type)
        
        # 2. Get historical evidence
        action_hash = hashlib.sha256(action_text.encode()).hexdigest()
        successes, trials = self.get_evidence(action_hash)
        
        # 3. Update prior with evidence → posterior
        alpha_n = alpha0 + successes
        beta_n = beta0 + (trials - successes)
        
        # 4. Posterior mean (expected risk)
        posterior_mean = alpha_n / (alpha_n + beta_n)
        
        # 5. Incorporate context as likelihood adjustment
        context_multiplier = self._context_likelihood(context)
        
        # 6. Final risk score (posterior predictive)
        risk_score = posterior_mean * context_multiplier
        risk_score = min(0.99, max(0.01, risk_score))
        
        # 7. 95% credible interval (Beta distribution quantiles)
        # Using approximation for computational efficiency
        variance = (alpha_n * beta_n) / ((alpha_n + beta_n)**2 * (alpha_n + beta_n + 1))
        std_dev = variance ** 0.5
        ci_lower = max(0.01, posterior_mean - 1.96 * std_dev)
        ci_upper = min(0.99, posterior_mean + 1.96 * std_dev)
        
        # 8. Risk level
        if risk_score > 0.8:
            risk_level = RiskLevel.CRITICAL
        elif risk_score > 0.6:
            risk_level = RiskLevel.HIGH
        elif risk_score > 0.4:
            risk_level = RiskLevel.MEDIUM
        else:
            risk_level = RiskLevel.LOW
        
        return {
            "score": risk_score,
            "level": risk_level,
            "credible_interval": [ci_lower, ci_upper],
            "posterior_parameters": {"alpha": alpha_n, "beta": beta_n},
            "prior_used": {"alpha": alpha0, "beta": beta0, "type": action_type},
            "evidence_used": {"successes": successes, "trials": trials},
            "context_multiplier": context_multiplier,
            "calculation": f"""
                Posterior = Beta(α={alpha_n:.1f}, β={beta_n:.1f})
                Mean = {alpha_n:.1f} / ({alpha_n:.1f} + {beta_n:.1f}) = {posterior_mean:.3f}
                × Context multiplier {context_multiplier:.2f} = {risk_score:.3f}
            """
        }
    
    def _context_likelihood(self, context: Dict) -> float:
        """Calculate likelihood multiplier from context"""
        multiplier = 1.0
        
        # Environment
        if context.get('environment') == 'production':
            multiplier *= 1.5
        elif context.get('environment') == 'staging':
            multiplier *= 0.8
        
        # Time
        hour = datetime.now().hour
        if hour < 6 or hour > 22:  # Off-hours
            multiplier *= 1.3
        
        # User seniority
        if context.get('user_role') == 'junior':
            multiplier *= 1.4
        elif context.get('user_role') == 'senior':
            multiplier *= 0.9
        
        # Backup status
        if not context.get('backup_available', True):
            multiplier *= 1.6
        
        return multiplier
    
    def record_outcome(self, action_text: str, success: bool):
        """Record actual outcome for future Bayesian updates"""
        action_hash = hashlib.sha256(action_text.encode()).hexdigest()
        action_type = self.classify_action(action_text)
        
        with self._get_db() as conn:
            conn.execute('''
                INSERT INTO evidence (id, action_type, action_hash, success, total, timestamp)
                VALUES (?, ?, ?, ?, ?, ?)
            ''', (
                str(uuid.uuid4()),
                action_type,
                action_hash[:50],
                1 if success else 0,
                1,
                datetime.utcnow().isoformat()
            ))
            conn.commit()
        
        logger.info(f"Recorded outcome for {action_type}: success={success}")

# ============== POLICY ENGINE ==============
class PolicyEngine:
    """
    Deterministic OSS policies - advisory only
    Matches ARF OSS healing_policies.py
    """
    
    def __init__(self):
        self.config = {
            "confidence_threshold": settings.DEFAULT_CONFIDENCE_THRESHOLD,
            "max_autonomous_risk": settings.DEFAULT_MAX_RISK,
            "risk_thresholds": {
                RiskLevel.LOW: 0.7,
                RiskLevel.MEDIUM: 0.5,
                RiskLevel.HIGH: 0.3,
                RiskLevel.CRITICAL: 0.1
            },
            "destructive_patterns": [
                r'\bdrop\s+database\b',
                r'\bdelete\s+from\b',
                r'\btruncate\b',
                r'\balter\s+table\b',
                r'\bdrop\s+table\b',
                r'\bshutdown\b',
                r'\bterminate\b',
                r'\brm\s+-rf\b'
            ],
            "require_human": [RiskLevel.CRITICAL, RiskLevel.HIGH],
            "require_rollback": True
        }
    
    def evaluate(self,
                action: str,
                risk: Dict[str, Any],
                confidence: float) -> Dict[str, Any]:
        """
        Evaluate action against policies
        Returns gate results and final decision
        """
        gates = []
        
        # Gate 1: Confidence threshold
        confidence_passed = confidence >= self.config["confidence_threshold"]
        gates.append({
            "gate": "confidence_threshold",
            "passed": confidence_passed,
            "threshold": self.config["confidence_threshold"],
            "actual": confidence,
            "reason": f"Confidence {confidence:.2f} {'≥' if confidence_passed else '<'} threshold {self.config['confidence_threshold']}",
            "type": "numerical"
        })
        
        # Gate 2: Risk level
        risk_levels = list(RiskLevel)
        max_idx = risk_levels.index(RiskLevel(self.config["max_autonomous_risk"]))
        action_idx = risk_levels.index(risk["level"])
        risk_passed = action_idx <= max_idx
        
        gates.append({
            "gate": "risk_assessment",
            "passed": risk_passed,
            "max_allowed": self.config["max_autonomous_risk"],
            "actual": risk["level"].value,
            "reason": f"Risk level {risk['level'].value} {'≤' if risk_passed else '>'} max autonomous {self.config['max_autonomous_risk']}",
            "type": "categorical",
            "metadata": {
                "risk_score": risk["score"],
                "credible_interval": risk["credible_interval"]
            }
        })
        
        # Gate 3: Destructive check
        import re
        is_destructive = any(
            re.search(pattern, action.lower()) 
            for pattern in self.config["destructive_patterns"]
        )
        
        gates.append({
            "gate": "destructive_check",
            "passed": not is_destructive,
            "is_destructive": is_destructive,
            "reason": "Non-destructive operation" if not is_destructive else "Destructive operation detected",
            "type": "boolean",
            "metadata": {"requires_rollback": is_destructive}
        })
        
        # Gate 4: Human review requirement
        requires_human = risk["level"] in self.config["require_human"]
        
        gates.append({
            "gate": "human_review",
            "passed": not requires_human,
            "requires_human": requires_human,
            "reason": "Human review not required" if not requires_human else f"Human review required for {risk['level'].value} risk",
            "type": "boolean"
        })
        
        # Gate 5: OSS license (always passes in OSS)
        gates.append({
            "gate": "license_check",
            "passed": True,
            "edition": "OSS",
            "reason": "OSS edition - advisory only",
            "type": "license"
        })
        
        # Overall decision
        all_passed = all(g["passed"] for g in gates)
        
        # Determine required level
        if not all_passed:
            required_level = ExecutionLevel.OPERATOR_REVIEW
        elif risk["level"] == RiskLevel.LOW:
            required_level = ExecutionLevel.AUTONOMOUS_LOW
        elif risk["level"] == RiskLevel.MEDIUM:
            required_level = ExecutionLevel.AUTONOMOUS_HIGH
        else:
            required_level = ExecutionLevel.SUPERVISED
        
        return {
            "allowed": all_passed,
            "required_level": required_level.value,
            "gates": gates,
            "advisory_only": True,
            "oss_disclaimer": "OSS edition provides advisory only. Enterprise adds execution."
        }
    
    def update_config(self, key: str, value: Any):
        """Live policy updates"""
        if key in self.config:
            self.config[key] = value
            logger.info(f"Policy updated: {key} = {value}")
            return True
        return False

# ============== RAG MEMORY WITH PERSISTENCE ==============
class RAGMemory:
    """
    Persistent RAG memory using SQLite + vector embeddings
    Survives HF Space restarts
    """
    
    def __init__(self):
        self.db_path = f"{settings.DATA_DIR}/memory.db"
        self._init_db()
        self.embedding_cache = {}
    
    def _init_db(self):
        """Initialize memory tables"""
        with self._get_db() as conn:
            # Incidents table
            conn.execute('''
                CREATE TABLE IF NOT EXISTS incidents (
                    id TEXT PRIMARY KEY,
                    action TEXT,
                    action_hash TEXT,
                    risk_score REAL,
                    risk_level TEXT,
                    confidence REAL,
                    allowed BOOLEAN,
                    gates TEXT,
                    timestamp TEXT,
                    embedding TEXT
                )
            ''')
            
            # Enterprise signals table
            conn.execute('''
                CREATE TABLE IF NOT EXISTS signals (
                    id TEXT PRIMARY KEY,
                    signal_type TEXT,
                    action TEXT,
                    risk_score REAL,
                    metadata TEXT,
                    timestamp TEXT,
                    contacted BOOLEAN DEFAULT 0
                )
            ''')
            
            # Create indexes
            conn.execute('CREATE INDEX IF NOT EXISTS idx_action_hash ON incidents(action_hash)')
            conn.execute('CREATE INDEX IF NOT EXISTS idx_signal_type ON signals(signal_type)')
            conn.execute('CREATE INDEX IF NOT EXISTS idx_signal_contacted ON signals(contacted)')
    
    @contextmanager
    def _get_db(self):
        conn = sqlite3.connect(self.db_path)
        conn.row_factory = sqlite3.Row
        try:
            yield conn
        finally:
            conn.close()
    
    def _simple_embedding(self, text: str) -> List[float]:
        """Simple bag-of-words embedding for demo"""
        # Cache embeddings
        if text in self.embedding_cache:
            return self.embedding_cache[text]
        
        # Simple character trigram embedding
        words = text.lower().split()
        trigrams = set()
        for word in words:
            for i in range(len(word) - 2):
                trigrams.add(word[i:i+3])
        
        # Convert to fixed-size vector (simplified)
        # In production, use sentence-transformers
        vector = [hash(t) % 1000 / 1000.0 for t in sorted(trigrams)[:100]]
        # Pad to fixed length
        while len(vector) < 100:
            vector.append(0.0)
        vector = vector[:100]
        
        self.embedding_cache[text] = vector
        return vector
    
    def store_incident(self, 
                      action: str,
                      risk_score: float,
                      risk_level: RiskLevel,
                      confidence: float,
                      allowed: bool,
                      gates: List[Dict]):
        """Store incident in persistent memory"""
        action_hash = hashlib.sha256(action.encode()).hexdigest()[:50]
        embedding = json.dumps(self._simple_embedding(action))
        
        with self._get_db() as conn:
            conn.execute('''
                INSERT INTO incidents 
                (id, action, action_hash, risk_score, risk_level, confidence, allowed, gates, timestamp, embedding)
                VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
            ''', (
                str(uuid.uuid4()),
                action[:500],
                action_hash,
                risk_score,
                risk_level.value,
                confidence,
                1 if allowed else 0,
                json.dumps(gates),
                datetime.utcnow().isoformat(),
                embedding
            ))
            conn.commit()
    
    def find_similar(self, action: str, limit: int = 5) -> List[Dict]:
        """Find similar incidents using cosine similarity"""
        query_embedding = self._simple_embedding(action)
        
        with self._get_db() as conn:
            # Get all recent incidents
            cursor = conn.execute('''
                SELECT * FROM incidents 
                ORDER BY timestamp DESC 
                LIMIT 100
            ''')
            
            incidents = []
            for row in cursor.fetchall():
                stored_embedding = json.loads(row['embedding'])
                
                # Cosine similarity
                dot = sum(q * s for q, s in zip(query_embedding, stored_embedding))
                norm_q = sum(q*q for q in query_embedding) ** 0.5
                norm_s = sum(s*s for s in stored_embedding) ** 0.5
                
                if norm_q > 0 and norm_s > 0:
                    similarity = dot / (norm_q * norm_s)
                else:
                    similarity = 0
                
                incidents.append({
                    'id': row['id'],
                    'action': row['action'],
                    'risk_score': row['risk_score'],
                    'risk_level': row['risk_level'],
                    'confidence': row['confidence'],
                    'allowed': bool(row['allowed']),
                    'timestamp': row['timestamp'],
                    'similarity': similarity
                })
            
            # Sort by similarity and return top k
            incidents.sort(key=lambda x: x['similarity'], reverse=True)
            return incidents[:limit]
    
    def track_enterprise_signal(self, 
                               signal_type: LeadSignal,
                               action: str,
                               risk_score: float,
                               metadata: Dict = None):
        """Track enterprise interest signals with persistence"""
        
        signal = {
            'id': str(uuid.uuid4()),
            'signal_type': signal_type.value,
            'action': action[:200],
            'risk_score': risk_score,
            'metadata': json.dumps(metadata or {}),
            'timestamp': datetime.utcnow().isoformat(),
            'contacted': 0
        }
        
        with self._get_db() as conn:
            conn.execute('''
                INSERT INTO signals 
                (id, signal_type, action, risk_score, metadata, timestamp, contacted)
                VALUES (?, ?, ?, ?, ?, ?, ?)
            ''', (
                signal['id'],
                signal['signal_type'],
                signal['action'],
                signal['risk_score'],
                signal['metadata'],
                signal['timestamp'],
                signal['contacted']
            ))
            conn.commit()
        
        logger.info(f"🔔 Enterprise signal: {signal_type.value} - {action[:50]}...")
        
        # Trigger immediate notification for high-value signals
        if signal_type in [LeadSignal.HIGH_RISK_BLOCKED, LeadSignal.NOVEL_ACTION]:
            self._notify_sales_team(signal)
        
        return signal
    
    def _notify_sales_team(self, signal: Dict):
        """Real-time notification to sales team"""
        
        # Slack webhook
        if settings.SLACK_WEBHOOK:
            try:
                requests.post(settings.SLACK_WEBHOOK, json={
                    "text": f"🚨 *Enterprise Lead Signal*\n"
                           f"Type: {signal['signal_type']}\n"
                           f"Action: {signal['action']}\n"
                           f"Risk Score: {signal['risk_score']:.2f}\n"
                           f"Time: {signal['timestamp']}\n"
                           f"Contact: {settings.LEAD_EMAIL}"
                })
            except:
                pass
        
        # Email via SendGrid (if configured)
        if settings.SENDGRID_API_KEY:
            # Send email logic here
            pass
    
    def get_uncontacted_signals(self) -> List[Dict]:
        """Get signals that haven't been followed up"""
        with self._get_db() as conn:
            cursor = conn.execute('''
                SELECT * FROM signals 
                WHERE contacted = 0 
                ORDER BY timestamp DESC
            ''')
            
            signals = []
            for row in cursor.fetchall():
                signals.append({
                    'id': row['id'],
                    'signal_type': row['signal_type'],
                    'action': row['action'],
                    'risk_score': row['risk_score'],
                    'metadata': json.loads(row['metadata']),
                    'timestamp': row['timestamp']
                })
            return signals
    
    def mark_contacted(self, signal_id: str):
        """Mark signal as contacted"""
        with self._get_db() as conn:
            conn.execute('UPDATE signals SET contacted = 1 WHERE id = ?', (signal_id,))
            conn.commit()

# ============== AUTHENTICATION ==============
security = HTTPBearer()

def verify_api_key(credentials: HTTPAuthorizationCredentials = Depends(security)):
    """Simple API key authentication for enterprise endpoints"""
    if credentials.credentials != settings.API_KEY:
        raise HTTPException(status_code=403, detail="Invalid API key")
    return credentials.credentials

# ============== PYDANTIC MODELS ==============
class ActionRequest(BaseModel):
    proposedAction: str = Field(..., min_length=1, max_length=1000)
    confidenceScore: float = Field(..., ge=0.0, le=1.0)
    riskLevel: RiskLevel
    description: Optional[str] = None
    requiresHuman: bool = False
    rollbackFeasible: bool = True
    user_role: str = "devops"
    session_id: Optional[str] = None
    
    # FIXED: Using Pydantic V2 field_validator instead of deprecated validator
    @field_validator('proposedAction')
    @classmethod
    def validate_action(cls, v: str) -> str:
        if len(v.strip()) == 0:
            raise ValueError('Action cannot be empty')
        return v

class ConfigUpdateRequest(BaseModel):
    confidenceThreshold: Optional[float] = Field(None, ge=0.5, le=1.0)
    maxAutonomousRisk: Optional[RiskLevel] = None

class GateResult(BaseModel):
    gate: str
    reason: str
    passed: bool
    threshold: Optional[float] = None
    actual: Optional[float] = None
    type: str = "boolean"
    metadata: Optional[Dict] = None

class EvaluationResponse(BaseModel):
    allowed: bool
    requiredLevel: str
    gatesTriggered: List[GateResult]
    shouldEscalate: bool
    escalationReason: Optional[str] = None
    executionLadder: Optional[Dict] = None
    oss_disclaimer: str = "OSS edition provides advisory only. Enterprise adds mechanical gates and execution."

class LeadSignalResponse(BaseModel):
    id: str
    signal_type: str
    action: str
    risk_score: float
    timestamp: str
    metadata: Dict

# ============== FASTAPI SETUP ==============
app = FastAPI(
    title="ARF OSS Real Engine",
    version="3.3.9",
    description="Real ARF OSS components for enterprise lead generation",
    contact={
        "name": "ARF Sales",
        "email": settings.LEAD_EMAIL,
    }
)

app.add_middleware(
    CORSMiddleware,
    allow_origins=["*"],
    allow_credentials=True,
    allow_methods=["*"],
    allow_headers=["*"],
)

# Initialize ARF components
risk_engine = BayesianRiskEngine()
policy_engine = PolicyEngine()
memory = RAGMemory()

# ============== API ENDPOINTS ==============
@app.get("/api/v1/config")
async def get_config():
    """Get current ARF configuration"""
    return {
        "confidenceThreshold": policy_engine.config["confidence_threshold"],
        "maxAutonomousRisk": policy_engine.config["max_autonomous_risk"],
        "riskScoreThresholds": policy_engine.config["risk_thresholds"],
        "version": "3.3.9",
        "edition": "OSS"
    }

@app.post("/api/v1/config")
async def update_config(config: ConfigUpdateRequest):
    """Update ARF configuration (live)"""
    if config.confidenceThreshold:
        policy_engine.update_config("confidence_threshold", config.confidenceThreshold)
    if config.maxAutonomousRisk:
        policy_engine.update_config("max_autonomous_risk", config.maxAutonomousRisk.value)
    return await get_config()

@app.post("/api/v1/evaluate", response_model=EvaluationResponse)
async def evaluate_action(request: ActionRequest):
    """
    Real ARF OSS evaluation pipeline
    Used by Replit UI frontend
    """
    try:
        # Build context
        context = {
            "environment": "production",
            "user_role": request.user_role,
            "backup_available": request.rollbackFeasible,
            "requires_human": request.requiresHuman
        }
        
        # 1. Bayesian risk assessment
        risk = risk_engine.calculate_posterior(
            action_text=request.proposedAction,
            context=context
        )
        
        # 2. Policy evaluation
        policy = policy_engine.evaluate(
            action=request.proposedAction,
            risk=risk,
            confidence=request.confidenceScore
        )
        
        # 3. RAG memory recall
        similar = memory.find_similar(request.proposedAction, limit=3)
        
        # 4. Track enterprise signals
        if not policy["allowed"] and risk["score"] > 0.7:
            memory.track_enterprise_signal(
                signal_type=LeadSignal.HIGH_RISK_BLOCKED,
                action=request.proposedAction,
                risk_score=risk["score"],
                metadata={
                    "confidence": request.confidenceScore,
                    "risk_level": risk["level"].value,
                    "failed_gates": [g["gate"] for g in policy["gates"] if not g["passed"]]
                }
            )
        
        if len(similar) < 2 and risk["score"] > 0.6:
            memory.track_enterprise_signal(
                signal_type=LeadSignal.NOVEL_ACTION,
                action=request.proposedAction,
                risk_score=risk["score"],
                metadata={"similar_count": len(similar)}
            )
        
        # 5. Store in memory
        memory.store_incident(
            action=request.proposedAction,
            risk_score=risk["score"],
            risk_level=risk["level"],
            confidence=request.confidenceScore,
            allowed=policy["allowed"],
            gates=policy["gates"]
        )
        
        # 6. Format gates for response
        gates = []
        for g in policy["gates"]:
            gates.append(GateResult(
                gate=g["gate"],
                reason=g["reason"],
                passed=g["passed"],
                threshold=g.get("threshold"),
                actual=g.get("actual"),
                type=g.get("type", "boolean"),
                metadata=g.get("metadata")
            ))
        
        # 7. Build execution ladder
        execution_ladder = {
            "levels": [
                {"name": "AUTONOMOUS_LOW", "required": gates[0].passed and gates[1].passed},
                {"name": "AUTONOMOUS_HIGH", "required": all(g.passed for g in gates[:3])},
                {"name": "SUPERVISED", "required": all(g.passed for g in gates[:4])},
                {"name": "OPERATOR_REVIEW", "required": True}
            ],
            "current": policy["required_level"]
        }
        
        return EvaluationResponse(
            allowed=policy["allowed"],
            requiredLevel=policy["required_level"],
            gatesTriggered=gates,
            shouldEscalate=not policy["allowed"],
            escalationReason=None if policy["allowed"] else "Failed mechanical gates",
            executionLadder=execution_ladder
        )
        
    except Exception as e:
        logger.error(f"Evaluation failed: {e}", exc_info=True)
        raise HTTPException(status_code=500, detail=str(e))

@app.get("/api/v1/enterprise/signals", dependencies=[Depends(verify_api_key)])
async def get_enterprise_signals(contacted: bool = False):
    """
    Get enterprise lead signals (protected endpoint)
    Requires API key from HF secrets
    """
    if contacted:
        signals = memory.get_uncontacted_signals()
    else:
        # Get all signals from last 30 days
        with memory._get_db() as conn:
            cursor = conn.execute('''
                SELECT * FROM signals 
                WHERE datetime(timestamp) > datetime('now', '-30 days')
                ORDER BY timestamp DESC
            ''')
            signals = []
            for row in cursor.fetchall():
                signals.append({
                    'id': row['id'],
                    'signal_type': row['signal_type'],
                    'action': row['action'],
                    'risk_score': row['risk_score'],
                    'metadata': json.loads(row['metadata']),
                    'timestamp': row['timestamp'],
                    'contacted': bool(row['contacted'])
                })
    
    return {"signals": signals, "count": len(signals)}

@app.post("/api/v1/enterprise/signals/{signal_id}/contact")
async def mark_signal_contacted(signal_id: str):
    """Mark a lead signal as contacted"""
    memory.mark_contacted(signal_id)
    return {"status": "success", "message": "Signal marked as contacted"}

@app.get("/api/v1/memory/similar")
async def get_similar_actions(action: str, limit: int = 5):
    """Find similar historical actions"""
    similar = memory.find_similar(action, limit=limit)
    return {"similar": similar, "count": len(similar)}

@app.post("/api/v1/feedback")
async def record_outcome(action: str, success: bool):
    """
    Record actual outcome for Bayesian updating
    This is how ARF learns
    """
    risk_engine.record_outcome(action, success)
    return {"status": "success", "message": "Outcome recorded"}

@app.get("/health")
async def health_check():
    """Health check endpoint"""
    return {
        "status": "healthy",
        "version": "3.3.9",
        "edition": "OSS",
        "memory_entries": len(memory.get_uncontacted_signals()),
        "timestamp": datetime.utcnow().isoformat()
    }

# ============== GRADIO LEAD GENERATION UI ==============
def create_lead_gen_ui():
    """Professional lead generation interface"""
    
    # FIXED: Moved theme and css to launch() method
    with gr.Blocks(title="ARF OSS - Enterprise Reliability Intelligence") as ui:
        
        # Header
        gr.HTML(f"""
        <div style="padding: 2rem; border-radius: 1rem; background: linear-gradient(135deg, #667eea 0%, #764ba2 100%); color: white; text-align: center;">
            <h1 style="font-size: 3em; margin-bottom: 0.5rem;">🤖 ARF OSS v3.3.9</h1>
            <h2 style="font-size: 1.5em; font-weight: 300; margin-bottom: 2rem;">
                Real Bayesian Reliability Intelligence
            </h2>
            <div style="display: inline-block; background: rgba(255,255,255,0.2); padding: 0.5rem 1rem; 
                        border-radius: 2rem; margin-bottom: 2rem;">
                ⚡ Running REAL ARF OSS Components • No Simulation
            </div>
        </div>
        """)
        
        # Value Proposition
        with gr.Row():
            with gr.Column():
                gr.HTML("""
                <div style="text-align: center; padding: 2rem;">
                    <h3 style="color: #333; font-size: 2em;">From Bayesian Analysis to Autonomous Execution</h3>
                    <p style="color: #666; font-size: 1.2em; max-width: 800px; margin: 1rem auto;">
                        This demo uses real ARF OSS components for risk assessment. 
                        Enterprise adds mechanical gates, learning loops, and governed execution.
                    </p>
                </div>
                """)
        
        # Features Grid
        with gr.Row():
            with gr.Column():
                gr.HTML("""
                <div style="padding: 1.5rem; border-radius: 0.5rem; background: #f8f9fa; border-left: 4px solid #667eea; height: 100%;">
                    <h4>🧮 True Bayesian Inference</h4>
                    <p>Beta-Binomial conjugate priors with evidence updates</p>
                </div>
                """)
            with gr.Column():
                gr.HTML("""
                <div style="padding: 1.5rem; border-radius: 0.5rem; background: #f8f9fa; border-left: 4px solid #667eea; height: 100%;">
                    <h4>🛡️ Deterministic Policies</h4>
                    <p>5 mechanical gates with live configuration</p>
                </div>
                """)
        
        with gr.Row():
            with gr.Column():
                gr.HTML("""
                <div style="padding: 1.5rem; border-radius: 0.5rem; background: #f8f9fa; border-left: 4px solid #667eea; height: 100%;">
                    <h4>💾 Persistent RAG Memory</h4>
                    <p>SQLite + vector embeddings for incident recall</p>
                </div>
                """)
            with gr.Column():
                gr.HTML("""
                <div style="padding: 1.5rem; border-radius: 0.5rem; background: #f8f9fa; border-left: 4px solid #667eea; height: 100%;">
                    <h4>📊 Lead Intelligence</h4>
                    <p>Automatic enterprise signal detection</p>
                </div>
                """)
        
        # Live Demo Stats - FIXED: Removed 'every' parameter for Gradio 4.x
        demo_stats = gr.JSON(
            label="📊 Live Demo Statistics",
            value={
                "active_since": datetime.utcnow().strftime("%Y-%m-%d %H:%M"),
                "bayesian_prior": "Beta(2.0, 5.0)",
                "memory_size": len(memory.get_uncontacted_signals()),
                "enterprise_signals": len(memory.get_uncontacted_signals())
            }
        )
        
        # CTA Section
        gr.HTML(f"""
        <div style="margin: 3rem 0; padding: 3rem; background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
                    border-radius: 1rem; text-align: center; color: white;">
            <h2 style="font-size: 2.5em; margin-bottom: 1rem;">🚀 Ready for Autonomous Operations?</h2>
            <p style="font-size: 1.3em; margin-bottom: 2rem;">
                See ARF Enterprise with mechanical gates and execution
            </p>
            
            <div style="display: flex; gap: 1rem; justify-content: center; flex-wrap: wrap;">
                <a href="mailto:{settings.LEAD_EMAIL}?subject=ARF%20Enterprise%20Demo%20Request&body=I%20saw%20the%20real%20ARF%20OSS%20demo%20and%20would%20like%20to%20discuss%20Enterprise%20capabilities." 
                   style="background: white; color: #667eea; padding: 1rem 2rem; border-radius: 2rem; font-weight: bold; text-decoration: none; display: inline-block; margin: 0.5rem;">
                    📧 {settings.LEAD_EMAIL}
                </a>
                <a href="{settings.CALENDLY_URL}" target="_blank" 
                   style="background: #FFD700; color: #333; padding: 1rem 2rem; border-radius: 2rem; font-weight: bold; text-decoration: none; display: inline-block; margin: 0.5rem;">
                    📅 Schedule Technical Demo
                </a>
            </div>
            
            <p style="margin-top: 2rem; font-size: 0.9em; opacity: 0.9;">
                ⚡ 30-min technical deep-dive • Live autonomous execution • Enterprise pricing<br>
                🔒 All demos confidential and tailored to your infrastructure
            </p>
        </div>
        """)
        
        # Footer
        gr.HTML(f"""
        <div style="text-align: center; padding: 2rem; color: #666; border-top: 1px solid #eee;">
            <p>
                📧 <a href="mailto:{settings.LEAD_EMAIL}" style="color: #667eea;">{settings.LEAD_EMAIL}</a> • 
                🐙 <a href="https://github.com/petterjuan/agentic-reliability-framework" style="color: #667eea;">GitHub</a>
            </p>
            <p style="font-size: 0.9rem;">
                © 2026 ARF - Open Source Intelligence, Enterprise Execution<br>
                <span style="font-size: 0.8rem; color: #999;">
                    v3.3.9 • Real Bayesian Inference • Persistent RAG • Lead Intelligence
                </span>
            </p>
        </div>
        """)
    
    return ui

# ============== MOUNT GRADIO ON FASTAPI ==============
gradio_ui = create_lead_gen_ui()
app = mount_gradio_app(app, gradio_ui, path="/")

# ============== MAIN ENTRY POINT ==============
if __name__ == "__main__":
    import uvicorn
    port = int(os.environ.get('PORT', 7860))
    
    logger.info("="*60)
    logger.info("🚀 ARF OSS v3.3.9 Starting")
    logger.info(f"📊 Data directory: {settings.DATA_DIR}")
    logger.info(f"📧 Lead email: {settings.LEAD_EMAIL}")
    logger.info(f"🔑 API Key: {settings.API_KEY[:8]}... (set in HF secrets)")
    logger.info(f"🌐 Serving at: http://0.0.0.0:{port}")
    logger.info("="*60)
    
    # ✅ REMOVE gradio_ui.launch() - FastAPI serves Gradio
    uvicorn.run(
        app, 
        host="0.0.0.0", 
        port=port,
        log_level="info"
    )