from fastapi import FastAPI, Header, HTTPException
from datetime import datetime
import hashlib

app = FastAPI(
    title="Codex ReflexGuard Enterprise API",
    version="1.0.0",
    description="Enterprise Reflex Intelligence API"
)

# ---------------- SECURITY ----------------
VALID_KEYS = {
    "codex-enterprise-demo-key"
}

def verify_key(key: str | None):
    if key not in VALID_KEYS:
        raise HTTPException(status_code=401, detail="Invalid API Key")

# ---------------- ROOT ----------------
@app.get("/")
def root():
    return {
        "service": "Codex ReflexGuard Enterprise",
        "status": "RUNNING",
        "docs": "/docs",
        "health": "/health",
        "endpoint": "/v1/reflex/check"
    }

# ---------------- HEALTH ----------------
@app.get("/health")
def health():
    return {"status": "ok", "time": datetime.utcnow().isoformat()}

# ---------------- CORE API ----------------
@app.post("/v1/reflex/check")
def reflex_check(payload: dict, x_api_key: str = Header(None)):
    verify_key(x_api_key)

    scenario = payload.get("scenario", "")
    source = payload.get("source", "unknown")

    score = min(len(scenario) / 100.0, 1.0)
    state = "BLOCK" if score > 0.6 else "ALLOW"

    return {
        "timestamp": datetime.utcnow().isoformat(),
        "scenario_hash": hashlib.sha256(scenario.encode()).hexdigest(),
        "score": score,
        "decision": state,
        "source": source
    }