app.py

import os
import sys
import time
import uuid
import json
import re
import sqlite3
import numpy as np
import tempfile
import smtplib
import secrets
import math
import traceback
from flask import Flask, request, jsonify, send_from_directory, render_template, redirect
from flask_cors import CORS
# Replace direct ollama import with OpenAI client
from openai import OpenAI
from dotenv import load_dotenv
from werkzeug.security import generate_password_hash, check_password_hash
from datetime import datetime
from werkzeug.utils import secure_filename
from typing import Dict, List, Tuple, Optional
from translation_service import translation_service
from sms_service import initialize_sms_service, get_sms_service

from config import current_config

# Initialize OpenAI client for Ollama
openai_client = OpenAI(
    base_url=current_config.OLLAMA_BASE_URL,
    api_key=current_config.OLLAMA_API_KEY
)

# --- Minimal retry helpers for OpenAI calls ---
def _retry_openai_call(func, *args, _retries=1, _delay=0.5, **kwargs):
    last_err = None
    for attempt in range(_retries + 1):
        try:
            return func(*args, **kwargs)
        except Exception as e:
            last_err = e
            app.logger.warning(f"OpenAI call attempt {attempt + 1} failed: {e}")
            if attempt < _retries:
                time.sleep(_delay * (attempt + 1))
            else:
                app.logger.error(f"All {_retries + 1} OpenAI call attempts failed")
                raise last_err

# --- Minimal retry helper for Ollama style calls (keeps API parity with older code) ---
def _retry_ollama_call(func, *args, _retries=1, _delay=0.5, **kwargs):
    """
    Retry wrapper for OpenAI API calls that maintains compatibility with old Ollama calls.
    Maps Ollama-style parameters to OpenAI format.
    """
    last_err = None
    for attempt in range(_retries + 1):
        try:
            # Map Ollama chat parameters to OpenAI format
            if func == openai_client.chat.completions.create:
                # Extract options if present
                options = kwargs.pop('options', {})
                # Merge options into kwargs
                kwargs.update({
                    'temperature': options.get('temperature', 0.7),
                    'top_p': options.get('top_p', 0.9),
                    'max_tokens': options.get('max_tokens', 1024)
                })
                response = func(*args, **kwargs)
                # Map OpenAI response to Ollama format
                return {
                    'message': {
                        'content': response.choices[0].message.content
                    }
                }
            return func(*args, **kwargs)
        except Exception as e:
            last_err = e
            try:
                app.logger.error(f"API call failed (attempt {attempt + 1}): {str(e)}")
            except Exception:
                pass
            if attempt < _retries:
                time.sleep(_delay * (attempt + 1))
            else:
                app.logger.error(f"All {_retries + 1} API call attempts failed")
                raise last_err

# --- Helper Functions ---
def get_time_ago(timestamp):
    """Convert timestamp to human-readable time ago format"""
    if not timestamp:
        return "Unknown"
    
    now = time.time()
    diff = now - timestamp
    
    if diff < 60:
        return f"{int(diff)}s ago"
    elif diff < 3600:
        return f"{int(diff/60)}m ago"
    elif diff < 86400:
        return f"{int(diff/3600)}h ago"
    elif diff < 604800:
        return f"{int(diff/86400)}d ago"
    else:
        return f"{int(diff/604800)}w ago"

# --- Constants ---
DATA_DIR = "data"  # knowledgebase directory containing source files
STORAGE_DIR = "storage"
DB_FILE = current_config.DB_FILE
EMBED_FILE = current_config.EMBED_FILE
CHAT_MODEL = current_config.CHAT_MODEL
EMBED_MODEL = current_config.EMBED_MODEL
# sentence-level embedder used for query / semantic search (prefer sentence-transformers by default)
SENT_EMBED_MODEL = current_config.SENT_EMBED_MODEL

# lazy-loaded SentenceTransformer instance (only used when SENT_EMBED_MODEL points to a sentence-transformers model)
SENT_MODEL = None
USE_SENT_TRANSFORMERS = SENT_EMBED_MODEL.startswith("sentence-transformers/")

# --- Email Configuration ---
SMTP_SERVER = current_config.SMTP_SERVER
SMTP_PORT = current_config.SMTP_PORT
SMTP_USERNAME = current_config.SMTP_USERNAME
SMTP_PASSWORD = current_config.SMTP_PASSWORD
FROM_EMAIL = current_config.FROM_EMAIL

# --- SMS Configuration ---
HDEV_SMS_API_ID = current_config.HDEV_SMS_API_ID
HDEV_SMS_API_KEY = current_config.HDEV_SMS_API_KEY

def send_password_reset_email(to_email, username, reset_code):
    """
    Send password reset email with the reset code.
    """
    if not SMTP_USERNAME or not SMTP_PASSWORD:
        # If no email credentials are configured, just log the code
        app.logger.info(f"Password reset code for {username} ({to_email}): {reset_code}")
        raise Exception("Email service not configured")
    
    try:
        # Create message
        msg = MIMEMultipart('alternative')
        msg['Subject'] = "AIMHSA - Password Reset Code"
        msg['From'] = FROM_EMAIL
        msg['To'] = to_email
        
        # Create HTML email content
        html_content = f"""
        <html>
        <body style="font-family: Arial, sans-serif; line-height: 1.6; color: #333;">
            <div style="max-width: 600px; margin: 0 auto; padding: 20px;">
                <div style="text-align: center; margin-bottom: 30px;">
                    <h1 style="color: #2c5aa0;">AIMHSA</h1>
                    <p style="color: #666;">Mental Health Companion for Rwanda</p>
                </div>
                
                <div style="background-color: #f8f9fa; padding: 30px; border-radius: 8px; margin-bottom: 20px;">
                    <h2 style="color: #2c5aa0; margin-top: 0;">Password Reset Request</h2>
                    <p>Hello {username},</p>
                    <p>You have requested to reset your password for your AIMHSA account. Use the code below to reset your password:</p>
                    
                    <div style="text-align: center; margin: 30px 0;">
                        <div style="background-color: #2c5aa0; color: white; padding: 15px 30px; border-radius: 5px; font-size: 24px; font-weight: bold; letter-spacing: 3px; display: inline-block;">
                            {reset_code}
                        </div>
                    </div>
                    
                    <p><strong>Important:</strong></p>
                    <ul>
                        <li>This code will expire in 15 minutes</li>
                        <li>This code can only be used once</li>
                        <li>If you didn't request this reset, please ignore this email</li>
                    </ul>
                </div>
                
                <div style="text-align: center; color: #666; font-size: 12px;">
                    <p>© 2024 AIMHSA - Mental Health Companion for Rwanda</p>
                    <p>This is an automated message, please do not reply to this email.</p>
                </div>
            </div>
        </body>
        </html>
        """
        
        # Create plain text version
        text_content = f"""
        AIMHSA - Password Reset Code
        
        Hello {username},
        
        You have requested to reset your password for your AIMHSA account.
        
        Your reset code is: {reset_code}
        
        Important:
        - This code will expire in 15 minutes
        - This code can only be used once
        - If you didn't request this reset, please ignore this email
        
        © 2024 AIMHSA - Mental Health Companion for Rwanda
        """
        
        # Attach parts
        part1 = MIMEText(text_content, 'plain')
        part2 = MIMEText(html_content, 'html')
        
        msg.attach(part1)
        msg.attach(part2)
        
        # Send email
        server = smtplib.SMTP(SMTP_SERVER, SMTP_PORT)
        server.starttls()
        server.login(SMTP_USERNAME, SMTP_PASSWORD)
        server.send_message(msg)
        server.quit()
        
        app.logger.info(f"Password reset email sent to {to_email}")
        
    except Exception as e:
        app.logger.error(f"Failed to send password reset email: {e}")
        raise

def init_storage():
    os.makedirs(os.path.dirname(DB_FILE), exist_ok=True)
    # ensure embeddings storage dir exists too
    os.makedirs(os.path.dirname(EMBED_FILE), exist_ok=True)
    conn = sqlite3.connect(DB_FILE)
    try:
        conn.execute("""
            CREATE TABLE IF NOT EXISTS messages (
                id INTEGER PRIMARY KEY AUTOINCREMENT,
                conv_id TEXT NOT NULL,
                role TEXT NOT NULL,
                content TEXT NOT NULL,
                ts REAL NOT NULL
            )
        """)
        # attachments table: stores extracted text per uploaded file
        conn.execute("""
            CREATE TABLE IF NOT EXISTS attachments (
                id INTEGER PRIMARY KEY AUTOINCREMENT,
                conv_id TEXT NOT NULL,
                filename TEXT NOT NULL,
                text TEXT NOT NULL,
                ts REAL NOT NULL
            )
        """)
        # sessions table: map an ip/account key to a conversation id
        conn.execute("""
            CREATE TABLE IF NOT EXISTS sessions (
                id INTEGER PRIMARY KEY AUTOINCREMENT,
                key TEXT UNIQUE NOT NULL,
                conv_id TEXT NOT NULL,
                ts REAL NOT NULL
            )
        """)
        # users table: store user information
        conn.execute("""
            CREATE TABLE IF NOT EXISTS users (
                username TEXT PRIMARY KEY,
                password_hash TEXT NOT NULL,
                created_ts REAL NOT NULL
            )
        """)
        
        # Check if new columns exist and add them if they don't
        cursor = conn.execute("PRAGMA table_info(users)")
        columns = [column[1] for column in cursor.fetchall()]
        
        if 'email' not in columns:
            conn.execute("ALTER TABLE users ADD COLUMN email TEXT")
        if 'fullname' not in columns:
            conn.execute("ALTER TABLE users ADD COLUMN fullname TEXT")
        if 'telephone' not in columns:
            conn.execute("ALTER TABLE users ADD COLUMN telephone TEXT")
        if 'province' not in columns:
            conn.execute("ALTER TABLE users ADD COLUMN province TEXT")
        if 'district' not in columns:
            conn.execute("ALTER TABLE users ADD COLUMN district TEXT")
        
        # Update existing records with default values if they have NULL values
        conn.execute("""
            UPDATE users 
            SET email = 'user@example.com', 
                fullname = 'User', 
                telephone = '+250000000000', 
                province = 'Kigali', 
                district = 'Gasabo'
            WHERE email IS NULL OR fullname IS NULL OR telephone IS NULL OR province IS NULL OR district IS NULL
        """)
        
        # Make email unique for new records only
        try:
            conn.execute("CREATE UNIQUE INDEX IF NOT EXISTS users_email_unique ON users(email)")
        except:
            pass  # Index might already exist
        # password resets: username + token + expiry
        conn.execute("""
            CREATE TABLE IF NOT EXISTS password_resets (
                id INTEGER PRIMARY KEY AUTOINCREMENT,
                username TEXT NOT NULL,
                token TEXT UNIQUE NOT NULL,
                expires_ts REAL NOT NULL,
                used INTEGER DEFAULT 0
            )
        """)
        # conversations table: metadata for user-visible conversation list
        conn.execute("""
            CREATE TABLE IF NOT EXISTS conversations (
                conv_id TEXT PRIMARY KEY,
                owner_key TEXT,
                preview TEXT,
                ts REAL
            )
        """)
        # Add archived column if missing
        try:
            cur = conn.execute("PRAGMA table_info(conversations)")
            cols = [r[1] for r in cur.fetchall()]
            if "archived" not in cols:
                conn.execute("ALTER TABLE conversations ADD COLUMN archived INTEGER DEFAULT 0")
            if "archive_pw_hash" not in cols:
                conn.execute("ALTER TABLE conversations ADD COLUMN archive_pw_hash TEXT")
            if "booking_prompt_shown" not in cols:
                conn.execute("ALTER TABLE conversations ADD COLUMN booking_prompt_shown INTEGER DEFAULT 0")
        except Exception:
            pass
        
        # --- NEW TABLES FOR THERAPY BOOKING SYSTEM ---
        # Professionals table (doctors, therapists, counselors)
        conn.execute("""
            CREATE TABLE IF NOT EXISTS professionals (
                id INTEGER PRIMARY KEY AUTOINCREMENT,
                username TEXT UNIQUE NOT NULL,
                password_hash TEXT NOT NULL,
                first_name TEXT NOT NULL,
                last_name TEXT NOT NULL,
                email TEXT NOT NULL,
                phone TEXT,
                license_number TEXT,
                specialization TEXT NOT NULL,
                expertise_areas TEXT NOT NULL,
                location_latitude REAL,
                location_longitude REAL,
                location_address TEXT,
                district TEXT,
                availability_schedule TEXT,
                max_patients_per_day INTEGER DEFAULT 10,
                consultation_fee REAL,
                languages TEXT,
                qualifications TEXT,
                experience_years INTEGER,
                bio TEXT,
                profile_picture TEXT,
                is_active BOOLEAN DEFAULT 1,
                created_ts REAL NOT NULL,
                updated_ts REAL NOT NULL
            )
        """)
        
        # Risk assessment table for conversation monitoring
        conn.execute("""
            CREATE TABLE IF NOT EXISTS risk_assessments (
                id INTEGER PRIMARY KEY AUTOINCREMENT,
                conv_id TEXT NOT NULL,
                user_query TEXT NOT NULL,
                risk_score REAL NOT NULL,
                risk_level TEXT NOT NULL,
                detected_indicators TEXT,
                assessment_timestamp REAL NOT NULL,
                processed BOOLEAN DEFAULT 0,
                booking_created BOOLEAN DEFAULT 0
            )
        """)
        
        # Automated bookings table
        conn.execute("""
            CREATE TABLE IF NOT EXISTS automated_bookings (
                id INTEGER PRIMARY KEY AUTOINCREMENT,
                booking_id TEXT UNIQUE NOT NULL,
                conv_id TEXT NOT NULL,
                user_account TEXT,
                user_ip TEXT,
                professional_id INTEGER NOT NULL,
                risk_level TEXT NOT NULL,
                risk_score REAL NOT NULL,
                detected_indicators TEXT,
                conversation_summary TEXT,
                booking_status TEXT DEFAULT 'pending',
                scheduled_datetime REAL,
                session_duration INTEGER DEFAULT 60,
                session_type TEXT DEFAULT 'emergency',
                location_preference TEXT,
                notes TEXT,
                created_ts REAL NOT NULL,
                updated_ts REAL NOT NULL,
                FOREIGN KEY (professional_id) REFERENCES professionals (id)
            )
        """)
        
        # Professional notifications
        conn.execute("""
            CREATE TABLE IF NOT EXISTS professional_notifications (
                id INTEGER PRIMARY KEY AUTOINCREMENT,
                professional_id INTEGER NOT NULL,
                booking_id TEXT NOT NULL,
                notification_type TEXT NOT NULL,
                title TEXT NOT NULL,
                message TEXT NOT NULL,
                is_read BOOLEAN DEFAULT 0,
                priority TEXT DEFAULT 'normal',
                created_ts REAL NOT NULL,
                FOREIGN KEY (professional_id) REFERENCES professionals (id)
            )
        """)
        
        # Session records
        conn.execute("""
            CREATE TABLE IF NOT EXISTS therapy_sessions (
                id INTEGER PRIMARY KEY AUTOINCREMENT,
                booking_id TEXT NOT NULL,
                professional_id INTEGER NOT NULL,
                conv_id TEXT NOT NULL,
                session_start REAL,
                session_end REAL,
                session_notes TEXT,
                treatment_plan TEXT,
                follow_up_required BOOLEAN DEFAULT 0,
                follow_up_date REAL,
                session_rating INTEGER,
                session_feedback TEXT,
                created_ts REAL NOT NULL,
                FOREIGN KEY (professional_id) REFERENCES professionals (id)
            )
        """)
        
        # Admin users table
        conn.execute("""
            CREATE TABLE IF NOT EXISTS admin_users (
                id INTEGER PRIMARY KEY AUTOINCREMENT,
                username TEXT UNIQUE NOT NULL,
                password_hash TEXT NOT NULL,
                email TEXT NOT NULL,
                role TEXT DEFAULT 'admin',
                permissions TEXT,
                created_ts REAL NOT NULL
            )
        """)
        
        # Ensure default admin user exists
        cur = conn.execute("SELECT 1 FROM admin_users WHERE username = 'eliasfeza@gmail.com'")
        if not cur.fetchone():
            # Create default admin user
            default_password_hash = generate_password_hash("EliasFeza@12301")
            conn.execute("""
                INSERT INTO admin_users (username, password_hash, email, role, created_ts)
                VALUES (?, ?, ?, ?, ?)
            """, ("eliasfeza@gmail.com", default_password_hash, "eliasfeza@gmail.com", "admin", time.time()))
        
        conn.commit()
    finally:
        conn.close()

def create_conversation(owner_key: str = None, conv_id: str = None, preview: str = "New chat"):
    if not conv_id:
        conv_id = str(uuid.uuid4())
    conn = sqlite3.connect(DB_FILE)
    try:
        conn.execute(
            "INSERT OR IGNORE INTO conversations (conv_id, owner_key, preview, ts, booking_prompt_shown) VALUES (?, ?, ?, ?, ?)",
            (conv_id, owner_key, preview, time.time(), 0),
        )
        # if a row existed with no owner_key and we received one, update it
        if owner_key:
            conn.execute(
                "UPDATE conversations SET owner_key = ?, ts = ? WHERE conv_id = ? AND (owner_key IS NULL OR owner_key = '')",
                (owner_key, time.time(), conv_id),
            )
        conn.commit()
    finally:
        conn.close()
    return conv_id

# helper: map conv_id -> owner_key (if any) using sessions table
def get_owner_key_for_conv(conv_id: str):
    conn = sqlite3.connect(DB_FILE)
    try:
        cur = conn.execute("SELECT key FROM sessions WHERE conv_id = ? LIMIT 1", (conv_id,))
        row = cur.fetchone()
        return row[0] if row else None
    finally:
        conn.close()

def save_message(conv_id: str, role: str, content: str):
    conn = sqlite3.connect(DB_FILE)
    try:
        conn.execute(
            "INSERT INTO messages (conv_id, role, content, ts) VALUES (?, ?, ?, ?)",
            (conv_id, role, content, time.time()),
        )
        # update conversation preview/timestamp for owner-visible list
        try:
            if role == "user":
                snippet = _extract_question_from_prompt(content)
                snippet = (snippet.strip().replace("\n", " ") if snippet else "").strip()
                if snippet:
                    # find existing conversation row
                    cur = conn.execute("SELECT preview FROM conversations WHERE conv_id = ?", (conv_id,))
                    row = cur.fetchone()
                    # determine owner_key if needed
                    owner_key = get_owner_key_for_conv(conv_id)
                    if row is None:
                        conn.execute(
                            "INSERT OR IGNORE INTO conversations (conv_id, owner_key, preview, ts) VALUES (?, ?, ?, ?)",
                            (conv_id, owner_key, snippet[:120], time.time()),
                        )
                    else:
                        conn.execute("UPDATE conversations SET preview = ?, ts = ? WHERE conv_id = ?", (snippet[:120], time.time(), conv_id))
        except Exception:
            # don't break saving messages if preview update fails
            pass
        conn.commit()
    finally:
        conn.close()

def load_history(conv_id: str):
    conn = sqlite3.connect(DB_FILE)
    try:
        cur = conn.execute(
            "SELECT role, content FROM messages WHERE conv_id = ? ORDER BY id ASC",
            (conv_id,),
        )
        rows = cur.fetchall()
        return [{"role": r[0], "content": r[1]} for r in rows]
    finally:
        conn.close()

def reset_db():
    conn = sqlite3.connect(DB_FILE)
    try:
        # remove all conversation messages, attachments and session mappings
        conn.execute("DELETE FROM messages")
        conn.execute("DELETE FROM attachments")
        conn.execute("DELETE FROM sessions")
        conn.execute("DELETE FROM conversations")
        conn.execute("DELETE FROM users")
        conn.commit()
    finally:
        conn.close()
# --- end DB helpers ---

# --- THERAPY BOOKING SYSTEM CLASSES ---
class RiskDetector:
    def __init__(self):
        # Risk indicators patterns
        self.critical_indicators = [
            r'\b(suicide|kill myself|end it all)\b',
        ]
        self.high_risk_indicators = [
            r'\b(hopeless|worthless|burden|better off without)\b',
            r'\b(can\'t go on|can\'t take it|end this pain)\b',
            r'\b(no point|nothing matters|give up)\b',
            r'\b(severe depression|major depression)\b'
        ]
        
        self.medium_risk_indicators = [
            r'\b(depressed|sad|anxious|panic)\b',
            r'\b(can\'t sleep|insomnia|nightmares)\b',
            r'\b(stress|overwhelmed|burnout)\b',
            r'\b(isolation|lonely|withdraw)\b'
        ]
        
        # Specialized indicators for Rwanda context
        self.rwanda_specific_indicators = [
            r'\b(genocide|trauma|ptsd|flashback)\b',
            r'\b(orphan|widow|survivor)\b',
            r'\b(community violence|domestic violence)\b'
        ]

    def assess_risk(self, user_query: str, conversation_history: List[Dict]) -> Dict:
        """Comprehensive risk assessment"""
        risk_score = 0.0
        detected_indicators = []
        
        # Text-based pattern matching
        text_score, text_indicators = self._analyze_text_patterns(user_query)
        risk_score += text_score
        detected_indicators.extend(text_indicators)
        
        # AI-powered sentiment and context analysis
        ai_score, ai_indicators = self._ai_risk_analysis(user_query, conversation_history)
        risk_score += ai_score
        detected_indicators.extend(ai_indicators)
        
        # Conversation pattern analysis
        pattern_score, pattern_indicators = self._analyze_conversation_patterns(conversation_history)
        risk_score += pattern_score
        detected_indicators.extend(pattern_indicators)
        
        # Normalize score to 0-1 range
        risk_score = min(1.0, risk_score / 3.0)
        
        # Determine risk level
        if risk_score >= 0.8:
            risk_level = 'critical'
        elif risk_score >= 0.6:
            risk_level = 'high'
        elif risk_score >= 0.4:
            risk_level = 'medium'
        else:
            risk_level = 'low'
        
        return {
            'risk_score': risk_score,
            'risk_level': risk_level,
            'detected_indicators': list(set(detected_indicators)),
            'assessment_timestamp': time.time()
        }

    def _analyze_text_patterns(self, text: str) -> Tuple[float, List[str]]:
        """Analyze text for risk indicators"""
        score = 0.0
        indicators = []
        
        text_lower = text.lower()
        
        # Critical indicators (highest weight)
        for pattern in self.critical_indicators:
            if re.search(pattern, text_lower):
                score += 0.8
                indicators.append(f"critical_pattern: {pattern}")
        
        # High risk indicators
        for pattern in self.high_risk_indicators:
            if re.search(pattern, text_lower):
                score += 0.6
                indicators.append(f"high_risk_pattern: {pattern}")
        
        # Medium risk indicators
        for pattern in self.medium_risk_indicators:
            if re.search(pattern, text_lower):
                score += 0.3
                indicators.append(f"medium_risk_pattern: {pattern}")
        
        # Rwanda-specific indicators
        for pattern in self.rwanda_specific_indicators:
            if re.search(pattern, text_lower):
                score += 0.4
                indicators.append(f"rwanda_context: {pattern}")
        
        return score, indicators

    def _ai_risk_analysis(self, query: str, history: List[Dict]) -> Tuple[float, List[str]]:
        """Use AI to analyze emotional state and risk"""
        try:
            # Build context for AI analysis
            context = f"Analyze this mental health conversation for risk indicators:\n\n"
            context += f"Current message: {query}\n\n"
            
            if history:
                context += "Recent conversation:\n"
                for msg in history[-5:]:  # Last 5 messages
                    context += f"{msg['role']}: {msg['content']}\n"
            
            # AI prompt for risk assessment
            ai_prompt = f"""
            {context}
            
            Assess the risk level (0.0-1.0) and identify specific indicators.
            Consider: suicidal ideation, self-harm, severe depression, trauma, crisis situations.
            Respond in JSON format: {{"risk_score": 0.0-1.0, "indicators": ["indicator1", "indicator2"]}}
            """
            
            response = _retry_openai_call(openai_client.chat.completions.create, model=CHAT_MODEL, messages=[
                {"role": "system", "content": "You are a mental health risk assessment AI. Analyze conversations for risk indicators and provide structured JSON responses."},
                {"role": "user", "content": ai_prompt}
            ])
            
            # Parse AI response robustly (extract JSON if wrapper text present)
            raw = response.choices[0].message.content if response.choices else ""
            ai_result = {}
            try:
                ai_result = json.loads(raw)
            except Exception:
                # Attempt to extract JSON substring
                start = raw.find('{')
                end = raw.rfind('}')
                if start != -1 and end != -1 and end > start:
                    snippet = raw[start:end+1]
                    try:
                        ai_result = json.loads(snippet)
                    except Exception:
                        ai_result = {}
                else:
                    ai_result = {}

            return ai_result.get("risk_score", 0.0), ai_result.get("indicators", [])
            
        except Exception as e:
            app.logger.error(f"AI risk analysis failed: {e}")
            return 0.0, []

    def _analyze_conversation_patterns(self, history: List[Dict]) -> Tuple[float, List[str]]:
        """Analyze conversation patterns for escalating risk"""
        if len(history) < 3:
            return 0.0, []
        
        score = 0.0
        indicators = []
        
        # Check for escalating negative sentiment
        recent_messages = history[-3:]
        negative_count = 0
        
        for msg in recent_messages:
            if msg['role'] == 'user':
                if any(word in msg['content'].lower() for word in ['worse', 'getting worse', 'can\'t handle', 'breaking down']):
                    negative_count += 1
        
        if negative_count >= 2:
            score += 0.5
            indicators.append("escalating_negative_sentiment")
        
        # Check for repeated crisis mentions
        crisis_mentions = 0
        for msg in history:
            if msg['role'] == 'user':
                if any(word in msg['content'].lower() for word in ['crisis', 'emergency', 'urgent', 'help now']):
                    crisis_mentions += 1
        
        if crisis_mentions >= 2:
            score += 0.4
            indicators.append("repeated_crisis_mentions")
        
        return score, indicators

class ProfessionalMatcher:
    def __init__(self):
        self.specialization_mapping = {
            'suicide': ['psychiatrist', 'psychologist'],
            'depression': ['psychiatrist', 'psychologist', 'counselor'],
            'anxiety': ['psychologist', 'counselor'],
            'ptsd': ['psychiatrist', 'psychologist', 'counselor'],
            'trauma': ['psychologist', 'counselor', 'social_worker'],
            'crisis': ['psychiatrist', 'psychologist'],
            'general': ['counselor', 'social_worker']
        }

    def find_best_professional(self, risk_assessment: Dict, user_location: Optional[Dict] = None) -> Optional[Dict]:
        """Find the most suitable professional based on risk and availability"""
        
        # Get detected indicators
        indicators = risk_assessment.get('detected_indicators', [])
        risk_level = risk_assessment.get('risk_level', 'low')
        
        # Determine required specializations
        required_specializations = self._get_required_specializations(indicators, risk_level)
        
        # Query available professionals
        available_professionals = self._get_available_professionals(required_specializations)
        
        if not available_professionals:
            return None
        
        # Score and rank professionals
        scored_professionals = []
        for prof in available_professionals:
            score = self._calculate_match_score(prof, indicators, risk_level, user_location)
            scored_professionals.append((prof, score))
        
        # Sort by score (highest first)
        scored_professionals.sort(key=lambda x: x[1], reverse=True)
        
        return scored_professionals[0][0] if scored_professionals else None

    def _get_required_specializations(self, indicators: List[str], risk_level: str) -> List[str]:
        """Determine required specializations based on risk indicators"""
        specializations = set()
        
        # Map indicators to specializations
        for indicator in indicators:
            if 'suicide' in indicator or 'critical' in indicator:
                specializations.update(['psychiatrist', 'psychologist'])
            elif 'depression' in indicator:
                specializations.update(['psychiatrist', 'psychologist', 'counselor'])
            elif 'anxiety' in indicator:
                specializations.update(['psychologist', 'counselor'])
            elif 'ptsd' in indicator or 'trauma' in indicator:
                specializations.update(['psychiatrist', 'psychologist', 'counselor'])
            elif 'crisis' in indicator:
                specializations.update(['psychiatrist', 'psychologist'])
        
        # For high/critical risk, prioritize psychiatrists
        if risk_level in ['high', 'critical']:
            specializations.add('psychiatrist')
        
        return list(specializations) if specializations else ['counselor']

    def _get_available_professionals(self, specializations: List[str]) -> List[Dict]:
        """Get available professionals matching specializations"""
        conn = sqlite3.connect(DB_FILE)
        try:
            placeholders = ','.join(['?' for _ in specializations])
            query = f"""
                SELECT * FROM professionals 
                WHERE specialization IN ({placeholders}) 
                AND is_active = 1
                ORDER BY experience_years DESC, created_ts ASC
            """
            cur = conn.execute(query, specializations)
            rows = cur.fetchall()
            
            # Convert to dict format
            professionals = []
            columns = [desc[0] for desc in cur.description]
            for row in rows:
                prof = dict(zip(columns, row))
                professionals.append(prof)
            
            return professionals
        finally:
            conn.close()

    def _calculate_match_score(self, professional: Dict, indicators: List[str], risk_level: str, user_location: Optional[Dict]) -> float:
        """Calculate matching score for a professional"""
        score = 0.0
        
        # Base score for specialization match
        score += 0.3
        
        # Experience bonus
        experience_years = professional.get('experience_years', 0)
        score += min(0.2, experience_years * 0.01)
        
        # Expertise areas match
        expertise_areas = json.loads(professional.get('expertise_areas', '[]'))
        matching_expertise = 0
        for indicator in indicators:
            for area in expertise_areas:
                if area.lower() in indicator.lower():
                    matching_expertise += 1
        
        if matching_expertise > 0:
            score += min(0.3, matching_expertise * 0.1)
        
        # Location proximity (if user location provided)
        if user_location and professional.get('location_latitude') and professional.get('location_longitude'):
            distance = self._calculate_distance(
                user_location['latitude'], user_location['longitude'],
                professional['location_latitude'], professional['location_longitude']
            )
            # Closer professionals get higher scores
            if distance < 10:  # Within 10km
                score += 0.2
            elif distance < 25:  # Within 25km
                score += 0.1
        
        # Availability bonus
        if self._is_professional_available_now(professional):
            score += 0.2
        
        return score

    def _calculate_distance(self, lat1: float, lon1: float, lat2: float, lon2: float) -> float:
        """Calculate distance between two coordinates in kilometers"""
        R = 6371  # Earth's radius in kilometers
        
        dlat = math.radians(lat2 - lat1)
        dlon = math.radians(lon2 - lon1)
        
        a = (math.sin(dlat/2) * math.sin(dlat/2) + 
             math.cos(math.radians(lat1)) * math.cos(math.radians(lat2)) * 
             math.sin(dlon/2) * math.sin(dlon/2))
        
        c = 2 * math.atan2(math.sqrt(a), math.sqrt(1-a))
        return R * c

    def _is_professional_available_now(self, professional: Dict) -> bool:
        """Check if professional is available for immediate booking"""
        # Check today's assigned sessions vs capacity (max_patients_per_day)
        capacity = professional.get('max_patients_per_day') or 10
        prof_id = professional.get('id')
        if not prof_id:
            return True
        try:
            conn = sqlite3.connect(DB_FILE)
            start_of_day = time.time() - (time.time() % 86400)
            cur = conn.execute(
                """
                SELECT COUNT(*) FROM automated_bookings
                WHERE professional_id = ? AND created_ts >= ? AND booking_status IN ('pending','confirmed')
                """,
                (prof_id, start_of_day)
            )
            count = cur.fetchone()[0] or 0
            return count < capacity
        except Exception:
            return True
        finally:
            try:
                conn.close()
            except Exception:
                pass

app = Flask(__name__)
# Broaden CORS for development to prevent "Failed to fetch" when loading from different ports
# In production, restrict origins to your actual domains
CORS(app, resources={r"/*": {"origins": "*"}},
     methods=["GET", "POST", "PUT", "DELETE", "OPTIONS"],
     allow_headers=["Content-Type", "Authorization", "X-Professional-ID"],
     supports_credentials=False)

# Initialize SMS service
initialize_sms_service(HDEV_SMS_API_ID, HDEV_SMS_API_KEY)

# --- Public landing page routes (serve files from chatbot/without affecting APIs) ---
_CHATBOT_STATIC_DIR = os.path.join(os.path.dirname(os.path.abspath(__file__)), 'chatbot')

@app.route('/')
def landing_root():
    return send_from_directory(_CHATBOT_STATIC_DIR, 'landing.html')

@app.route('/landing')
@app.route('/landing.html')
def landing_page():
    return send_from_directory(_CHATBOT_STATIC_DIR, 'landing.html')

@app.route('/landing.css')
def landing_css():
    return send_from_directory(_CHATBOT_STATIC_DIR, 'landing.css')

@app.route('/landing.js')
def landing_js():
    return send_from_directory(_CHATBOT_STATIC_DIR, 'landing.js')

# --- Auth and dashboard static routes (serve files directly from chatbot/) ---
@app.route('/login')
def login_page():
    return send_from_directory(_CHATBOT_STATIC_DIR, 'login.html')

@app.route('/login.html')
def login_html():
    return send_from_directory(_CHATBOT_STATIC_DIR, 'login.html')

@app.route('/register')
def register_page():
    return send_from_directory(_CHATBOT_STATIC_DIR, 'register.html')

@app.route('/register.html')
def register_html():
    return send_from_directory(_CHATBOT_STATIC_DIR, 'register.html')

@app.route('/index.html')
def index_html():
    return send_from_directory(_CHATBOT_STATIC_DIR, 'index.html')

@app.route('/admin_dashboard.html')
def admin_dashboard_html():
    return send_from_directory(_CHATBOT_STATIC_DIR, 'admin_dashboard.html')

@app.route('/professional_dashboard.html')
def professional_dashboard_html():
    return send_from_directory(_CHATBOT_STATIC_DIR, 'professional_dashboard.html')

# Common JS/CSS assets referenced by the above pages
@app.route('/login.js')
def login_js_asset():
    return send_from_directory(_CHATBOT_STATIC_DIR, 'login.js')

@app.route('/register.js')
def register_js_asset():
    return send_from_directory(_CHATBOT_STATIC_DIR, 'register.js')

@app.route('/admin.js')
def admin_js_asset():
    return send_from_directory(_CHATBOT_STATIC_DIR, 'admin.js')

@app.route('/professional.js')
def professional_js_asset():
    return send_from_directory(_CHATBOT_STATIC_DIR, 'professional.js')

@app.route('/admin.css')
def admin_css_asset():
    return send_from_directory(_CHATBOT_STATIC_DIR, 'admin.css')

@app.route('/professional.css')
def professional_css_asset():
    return send_from_directory(_CHATBOT_STATIC_DIR, 'professional.css')

@app.route('/auth.css')
def auth_css_asset():
    return send_from_directory(_CHATBOT_STATIC_DIR, 'auth.css')

@app.route('/style.css')
def style_css_asset():
    return send_from_directory(_CHATBOT_STATIC_DIR, 'style.css')

@app.route('/app.js')
def app_js_asset():
    return send_from_directory(_CHATBOT_STATIC_DIR, 'app.js')

@app.route('/config-ui.js')
def config_ui_js_asset():
    return send_from_directory(_CHATBOT_STATIC_DIR, 'config-ui.js')

@app.route('/config.js')
def config_js_asset():
    return send_from_directory(_CHATBOT_STATIC_DIR, 'config.js')

@app.route('/api.js')
def api_js_asset():
    return send_from_directory(_CHATBOT_STATIC_DIR, 'api.js')

@app.route('/admin_advanced.js')
def admin_advanced_js_asset():
    return send_from_directory(_CHATBOT_STATIC_DIR, 'admin_advanced.js')

@app.route('/professional_advanced.js')
def professional_advanced_js_asset():
    return send_from_directory(_CHATBOT_STATIC_DIR, 'professional_advanced.js')

@app.route('/js/api.js')
def js_api_js_asset():
    return send_from_directory(_CHATBOT_STATIC_DIR, 'js/api.js')

@app.route('/js/config.js')
def js_config_js_asset():
    return send_from_directory(_CHATBOT_STATIC_DIR, 'js/config.js')

SYSTEM_PROMPT = """You are AIMHSA (AI Mental Health Support Assistant), a professional multilingual mental health chatbot specifically designed for Rwanda. You provide culturally-sensitive, evidence-based mental health support in four languages: English, French, Kiswahili, and Kinyarwanda.

## SCOPE BOUNDARIES - CRITICAL
- You are a mental health support assistant - ONLY respond to mental health, emotional well-being, and psychological support questions
- If asked about topics outside mental health (technology, politics, general knowledge, etc.), politely explain that you specialize in mental health support and gently redirect the conversation to mental health topics
- NEVER provide detailed answers to non-mental health questions
- Always maintain your role as a mental health support assistant
- When redirecting, be warm and empathetic, then ask about their emotional well-being or mental health concerns

## Professional Identity & Mission
- You are a professional mental health support assistant for Rwanda
- Your mission is to provide immediate, culturally-appropriate mental health support
- You understand Rwanda's unique context, including post-genocide mental health needs and cultural considerations
- You maintain the highest standards of professional mental health support

## Language Capabilities & Rules
- AUTOMATICALLY detect the user's language and respond EXCLUSIVELY in that same language
- NEVER mix multiple languages in one response
- If user writes in English → respond in English
- If user writes in French → respond in French  
- If user writes in Kiswahili → respond in Kiswahili
- If user writes in Kinyarwanda → respond in pure Kinyarwanda
- Maintain professional, empathetic tone in all languages

## Professional Boundaries
- Do NOT diagnose mental health conditions or prescribe medications
- Do NOT provide medical advice beyond general wellness guidance
- Always encourage professional care when appropriate
- Refer to qualified mental health professionals for clinical concerns
- Maintain professional confidentiality and ethical standards

## Emergency Response Protocol
- If user mentions self-harm, suicidal ideation, or immediate danger:
  * Express genuine care and concern in their language
  * Provide immediate emergency contacts: Mental Health Hotline 105, CARAES Ndera Hospital +250 788 305 703
  * For immediate danger, advise calling 112 (Rwanda National Police)
  * Stay with the user and provide emotional support in their language

## Professional Response Guidelines
- Be warm, empathetic, and culturally appropriate
- Use evidence-based information and practical coping strategies
- Maintain consistent terminology across all languages
- Include relevant Rwanda-specific resources and contacts
- Keep responses professional, concise, and comprehensive
- Ensure cultural sensitivity in all interactions

## Available Resources (Use When Relevant)
- Emergency Contacts: Mental Health Hotline 105, Youth Helpline 116
- Key Facilities: CARAES Ndera Hospital, HDI Rwanda Counseling, ARCT Ruhuka Trauma Counseling
- Coverage: Mental health services available in all districts across Rwanda
- Policy: Rwanda's National Mental Health Policy (2022) provides free counseling in public hospitals

## Cultural Sensitivity
- Acknowledge Rwanda's history and its impact on mental health
- Respect cultural practices and beliefs
- Use appropriate language and terminology for each culture
- Be sensitive to trauma-related concerns, especially post-genocide experiences
- Maintain professional respect for cultural diversity

## Scope Enforcement Examples
- If asked about technology: "I'm a mental health support assistant, so I can't help with technical issues. However, I'm here to support your emotional well-being. How are you feeling today? Is there anything on your mind that's causing you stress or concern?"
- If asked about politics: "I specialize in mental health support rather than political topics. I'm here to help with your emotional well-being and mental health. What's been on your mind lately? How are you coping with current events?"
- If asked about general knowledge: "I'm focused on mental health support. I'd be happy to help with any emotional concerns or mental health questions you might have. How are you feeling today?"

Remember: You are a professional mental health support system designed to provide immediate, culturally-appropriate assistance while connecting users to professional care when needed. Always respond in the user's detected language with professional empathy and cultural sensitivity. Gently redirect out-of-scope questions to mental health topics.
"""

def rebuild_vector_store():
    """
    Rebuild vector store from documents in /data directory.
    - Process all .txt files in /data
    - Split into chunks with overlap
    - Embed chunks using EMBED_MODEL
    - Save to storage/embeddings.json
    """
    app.logger.info("Rebuilding vector store from /data...")
    
    # ensure storage dir exists
    os.makedirs(STORAGE_DIR, exist_ok=True)
    
    chunks = []
    chunk_id = 0
    
    # process all .txt files in data directory
    for root, _, files in os.walk(DATA_DIR):
        for fname in files:
            if not fname.endswith('.txt'):
                continue
            
            fpath = os.path.join(root, fname)
            rel_path = os.path.relpath(fpath, DATA_DIR)
            
            with open(fpath, 'r', encoding='utf-8') as f:
                text = f.read()
            
            # split into chunks (~500 chars with 100 char overlap)
            words = text.split()
            chunk_words = []
            chunk_size = 500
            overlap = 100
            
            for i in range(0, len(words), chunk_size - overlap):
                chunk = ' '.join(words[i:i + chunk_size])
                if not chunk.strip():
                    continue
                    
                chunks.append({
                    "text": chunk,
                    "source": rel_path,
                    "chunk": chunk_id
                })
                chunk_id += 1
    
    if not chunks:
        app.logger.warning("No chunks found in /data directory")
        return
    
    # embed chunks using EMBED_MODEL
    try:
        app.logger.info(f"Embedding {len(chunks)} chunks...")
        texts = [c["text"] for c in chunks]
        
        # batch embed to avoid memory issues (32 chunks per batch)
        batch_size = 32
        all_embeddings = []
        
        for i in range(0, len(texts), batch_size):
            batch = texts[i:i + batch_size]
            # Note: ollama.embeddings is for single prompt, for batch we need to call individually
            batch_embeddings = []
            for text in batch:
                resp = _retry_ollama_call(ollama.embeddings, model=EMBED_MODEL, prompt=text)
                batch_embeddings.append(resp["embedding"])
            all_embeddings.extend(batch_embeddings)
            
        # add embeddings to chunks
        for chunk, embedding in zip(chunks, all_embeddings):
            chunk["embedding"] = embedding
            
        # save to storage/embeddings.json
        with open(EMBED_FILE, 'w', encoding='utf-8') as f:
            json.dump(chunks, f, ensure_ascii=False, indent=2)
            
        app.logger.info(f"Saved {len(chunks)} embedded chunks to {EMBED_FILE}")
        return chunks
            
    except Exception as e:
        app.logger.exception("Failed to embed chunks")
        raise

# --- Load embeddings into memory ---
chunks_data = None
if os.path.exists(EMBED_FILE):
    try:
        with open(EMBED_FILE, "r", encoding="utf-8") as f:
            chunks_data = json.load(f)
        app.logger.info(f"Loaded {len(chunks_data)} chunks from {EMBED_FILE}")
    except Exception:
        app.logger.exception(f"Failed to load {EMBED_FILE}")

if not chunks_data:
    # rebuild if no valid embeddings found
    chunks_data = rebuild_vector_store()
    if not chunks_data:
        raise RuntimeError("Failed to initialize vector store")

# prepare numpy arrays for retrieval
chunk_texts = [c["text"] for c in chunks_data]
chunk_sources = [{"source": c["source"], "chunk": c["chunk"]} for c in chunks_data]
chunk_embeddings = np.array([c["embedding"] for c in chunks_data], dtype=np.float32)

# --- Cosine similarity function ---
def cosine_similarity(a, b):
    a_norm = a / np.linalg.norm(a, axis=1, keepdims=True)
    b_norm = b / np.linalg.norm(b, axis=1, keepdims=True)
    return np.dot(a_norm, b_norm.T)

def _mmr_selection(doc_embs: np.ndarray, query_emb: np.ndarray, k: int = 4, lambda_param: float = 0.6):
    """
    Maximal Marginal Relevance selection for diversity+relevance.
    doc_embs: (n_docs, dim)
    query_emb: (1, dim) or (dim,)
    returns: list of selected indices (len <= k)
    """
    if doc_embs.size == 0:
        return []
    # normalize
    doc_norm = doc_embs / np.linalg.norm(doc_embs, axis=1, keepdims=True)
    q = query_emb.reshape(-1)
    q_norm = q / np.linalg.norm(q)

    # relevance scores to query
    sims_q = np.dot(doc_norm, q_norm)
    selected = []
    # pick highest relevance first
    first = int(np.argmax(sims_q))
    selected.append(first)
    if k == 1:
        return selected

    candidates = set(range(doc_embs.shape[0])) - set(selected)
    # precompute doc-doc similarities for speed
    doc_doc_sims = np.dot(doc_norm, doc_norm.T)

    while len(selected) < k and candidates:
        best_score = None
        best_idx = None
        for cand in candidates:
            # relevance
            rel = sims_q[cand]
            # redundancy = max similarity to already selected
            red = max(doc_doc_sims[cand, s] for s in selected) if selected else 0.0
            score = lambda_param * rel - (1.0 - lambda_param) * red
            if best_score is None or score > best_score:
                best_score = score
                best_idx = cand
        if best_idx is None:
            break
        selected.append(best_idx)
        candidates.remove(best_idx)
    return selected

def retrieve(query: str, k: int = 4, lambda_param: float = 0.6):
    """
    Semantic retrieval: embed the query with a sentence embedding model and
    select top-k chunks using MMR for a balance of relevance and diversity.

    Supports two modes:
      - If SENT_EMBED_MODEL is "sentence-transformers/<model-name>", uses the
        local sentence-transformers library (SentenceTransformer).
      - Otherwise falls back to ollama.embed with the configured model.
    """
    global SENT_MODEL
    
    # Force clear any loaded sentence-transformers model if not using it
    if not USE_SENT_TRANSFORMERS and SENT_MODEL is not None:
        app.logger.info("Clearing loaded sentence-transformers model")
        SENT_MODEL = None

    app.logger.info(f"USE_SENT_TRANSFORMERS: {USE_SENT_TRANSFORMERS}, SENT_EMBED_MODEL: {SENT_EMBED_MODEL}, EMBED_MODEL: {EMBED_MODEL}")
    app.logger.info(f"chunk_embeddings shape: {chunk_embeddings.shape}")

    # compute query embedding
    if USE_SENT_TRANSFORMERS:
        app.logger.info("Attempting to use sentence-transformers")
        # model name format: sentence-transformers/<model-id>
        model_id = SENT_EMBED_MODEL.split("/", 1)[1]
        try:
            if SENT_MODEL is None:
                app.logger.info(f"Loading SentenceTransformer model: {model_id}")
                from sentence_transformers import SentenceTransformer
                SENT_MODEL = SentenceTransformer(model_id)
            # encode returns (dim,) or (1,dim) depending on args; ensure numpy array (1,dim)
            q_emb = SENT_MODEL.encode(query, convert_to_numpy=True)
            if q_emb.ndim == 1:
                q_emb = q_emb.reshape(1, -1)
            q_emb = q_emb.astype(np.float32)
            app.logger.info("Successfully embedded query with sentence-transformers")
        except Exception as e:
            app.logger.error(f"Failed to use sentence-transformers: {e}")
            # fallback to ollama if local model not available
            try:
                app.logger.info(f"Falling back to openai embeddings with model: {EMBED_MODEL}")
                response = openai_client.embeddings.create(model=EMBED_MODEL, input=query)
                q_emb = np.array([response.data[0].embedding], dtype=np.float32)
                app.logger.info("Successfully embedded query with openai fallback")
            except Exception as e2:
                app.logger.error(f"OpenAI fallback also failed: {e2}")
                raise
    else:
        app.logger.info(f"Using openai embeddings API with model: {SENT_EMBED_MODEL}")
        # default: use openai embeddings API
        try:
            response = openai_client.embeddings.create(model=SENT_EMBED_MODEL, input=query)
            q_emb = np.array([response.data[0].embedding], dtype=np.float32)
            app.logger.info(f"Successfully embedded query with openai, shape: {q_emb.shape}")
        except Exception as e:
            app.logger.error(f"Failed to embed query with {SENT_EMBED_MODEL}: {e}")
            # Return empty results if embedding fails
            return []

    # Harmonize embedding dimensions with stored chunk embeddings to avoid runtime errors
    try:
        if chunk_embeddings.size > 0:
            doc_dim = int(chunk_embeddings.shape[1])
            q_dim = int(q_emb.shape[1]) if q_emb.ndim == 2 else int(q_emb.reshape(1, -1).shape[1])
            if q_dim != doc_dim:
                app.logger.warning(
                    f"Query emb dim {q_dim} != chunk dim {doc_dim}. Using nomic-embed-text to match."
                )
                # Always use nomic-embed-text to match the stored chunks
                try:
                    response = openai_client.embeddings.create(model="nomic-embed-text", input=query)
                    q_emb2 = np.array([response.data[0].embedding], dtype=np.float32)
                    q_dim2 = int(q_emb2.shape[1])
                    if q_dim2 == doc_dim:
                        q_emb = q_emb2
                        app.logger.info(f"Successfully re-embedded with nomic-embed-text, shape: {q_emb.shape}")
                    else:
                        app.logger.error(f"Even nomic-embed-text dimension {q_dim2} doesn't match chunk dim {doc_dim}")
                        return []
                except Exception as re_err:
                    app.logger.error(f"Re-embedding with nomic-embed-text failed: {re_err}")
                    return []
    except Exception as dim_err:
        app.logger.error(f"Dimension harmonization error: {dim_err}")
        return []

    # ensure chunk_embeddings shape OK
    if chunk_embeddings.size == 0:
        return []

    # select indices via MMR (works with doc embeddings and query embedding)
    idxs = _mmr_selection(chunk_embeddings, q_emb, k=k, lambda_param=lambda_param)
    return [(chunk_texts[i], chunk_sources[i]) for i in idxs]

def build_context(snippets):
    lines = []
    for i, (doc, meta) in enumerate(snippets, 1):
        src = f"{meta.get('source','unknown')}#chunk{meta.get('chunk')}"
        lines.append(f"[{i}] ({src}) {doc}")
    return "\n\n".join(lines)

# --- THERAPY BOOKING SYSTEM HELPER FUNCTIONS ---
def create_automated_booking(conv_id: str, risk_assessment: Dict, user_account: str = None) -> Optional[Dict]:
    """Create automated booking for high-risk cases with SMS notifications"""
    
    # Find best professional
    matcher = ProfessionalMatcher()
    professional = matcher.find_best_professional(risk_assessment)
    
    if not professional:
        app.logger.warning(f"No available professional found for high-risk case: {conv_id}")
        return None
    
    # Get user data for SMS notifications
    user_data = None
    if user_account:
        user_data = get_user_data(user_account)
    
    # Verify SMS capability before creating booking
    sms_service = get_sms_service()
    if not sms_service:
        app.logger.error("SMS service not initialized - cannot create booking with SMS notifications")
        return None
    
    # Check if we can send SMS to both parties
    can_send_user_sms = user_data and user_data.get('telephone')
    can_send_prof_sms = professional.get('phone')
    
    app.logger.info(f"📱 SMS Capability Check:")
    app.logger.info(f"   User SMS: {'✅ Ready' if can_send_user_sms else '❌ No phone number'}")
    app.logger.info(f"   Professional SMS: {'✅ Ready' if can_send_prof_sms else '❌ No phone number'}")
    
    if not can_send_user_sms and not can_send_prof_sms:
        app.logger.warning("⚠️ Neither user nor professional has phone number - booking created without SMS")
    elif not can_send_user_sms:
        app.logger.warning("⚠️ User has no phone number - only professional will receive SMS")
    elif not can_send_prof_sms:
        app.logger.warning("⚠️ Professional has no phone number - only user will receive SMS")
    
    # Generate booking ID
    booking_id = str(uuid.uuid4())
    
    # Create conversation summary
    conversation_summary = generate_conversation_summary(conv_id)
    
    # Determine session timing (immediate for critical, within 24h for high)
    if risk_assessment['risk_level'] == 'critical':
        scheduled_datetime = time.time() + 3600  # 1 hour from now
        session_type = 'emergency'
    else:
        scheduled_datetime = time.time() + 86400  # 24 hours from now
        session_type = 'urgent'
    
    # Create booking record
    conn = sqlite3.connect(DB_FILE)
    try:
        conn.execute("""
            INSERT INTO automated_bookings 
            (booking_id, conv_id, user_account, user_ip, professional_id, risk_level, 
             risk_score, detected_indicators, conversation_summary, booking_status, 
             scheduled_datetime, session_type, created_ts, updated_ts)
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
        """, (
            booking_id, conv_id, user_account, request.remote_addr,
            professional['id'], risk_assessment['risk_level'],
            risk_assessment['risk_score'], 
            json.dumps(risk_assessment['detected_indicators']),
            conversation_summary, 'pending', scheduled_datetime,
            session_type, time.time(), time.time()
        ))
        
        # Create comprehensive notification for professional with user contact info
        user_contact_info = ""
        if user_data:
            user_contact_info = f"\n\nUser Contact Information:\n"
            user_contact_info += f"Name: {user_data.get('fullname', 'Not provided')}\n"
            user_contact_info += f"Phone: {user_data.get('telephone', 'Not provided')}\n"
            user_contact_info += f"Email: {user_data.get('email', 'Not provided')}\n"
            user_contact_info += f"Location: {user_data.get('district', 'Unknown')}, {user_data.get('province', 'Unknown')}"
        
        conn.execute("""
            INSERT INTO professional_notifications 
            (professional_id, booking_id, notification_type, title, message, priority, created_ts)
            VALUES (?, ?, ?, ?, ?, ?, ?)
        """, (
            professional['id'], booking_id, 'new_booking',
            f"URGENT: {risk_assessment['risk_level'].upper()} Risk Case - {user_data.get('fullname', 'Anonymous User') if user_data else 'Anonymous User'}",
            f"Automated booking created for {risk_assessment['risk_level']} risk case. "
            f"Risk indicators: {', '.join(risk_assessment['detected_indicators'][:3])}"
            f"{user_contact_info}",
            'urgent' if risk_assessment['risk_level'] == 'critical' else 'high',
            time.time()
        ))
        
        conn.commit()
        
        # Prepare booking data for SMS
        booking_data = {
            'booking_id': booking_id,
            'scheduled_time': scheduled_datetime,
            'session_type': session_type,
            'risk_level': risk_assessment['risk_level']
        }
        
        # Send SMS notifications to both user and professional
        sms_service = get_sms_service()
        sms_results = {'user_sms': None, 'professional_sms': None}
        
        if sms_service:
            app.logger.info(f"Starting SMS notifications for booking {booking_id}")
            
            # Send SMS to user if we have their data and phone number
            if user_data and user_data.get('telephone'):
                try:
                    app.logger.info(f"Sending SMS to user {user_account} at {user_data.get('telephone')}")
                    user_sms_result = sms_service.send_booking_notification(
                        user_data, professional, booking_data
                    )
                    sms_results['user_sms'] = user_sms_result
                    
                    if user_sms_result.get('success'):
                        app.logger.info(f"✅ SMS sent successfully to user {user_account}: {user_sms_result.get('phone')}")
                    else:
                        app.logger.warning(f"❌ Failed to send SMS to user {user_account}: {user_sms_result.get('error', 'Unknown error')}")
                except Exception as e:
                    app.logger.error(f"❌ Error sending SMS to user: {str(e)}")
                    sms_results['user_sms'] = {'success': False, 'error': str(e)}
            else:
                app.logger.warning(f"⚠️ Cannot send SMS to user {user_account}: No phone number or user data")
                if not user_data:
                    app.logger.warning(f"User data not found for {user_account}")
                elif not user_data.get('telephone'):
                    app.logger.warning(f"User {user_account} has no phone number: {user_data}")
            
            # Send SMS to professional if they have a phone number
            if professional.get('phone'):
                try:
                    app.logger.info(f"Sending SMS to professional {professional['username']} at {professional.get('phone')}")
                    prof_sms_result = sms_service.send_professional_notification(
                        professional, user_data or {}, booking_data
                    )
                    sms_results['professional_sms'] = prof_sms_result
                    
                    if prof_sms_result.get('success'):
                        app.logger.info(f"✅ SMS sent successfully to professional {professional['username']}: {prof_sms_result.get('phone')}")
                    else:
                        app.logger.warning(f"❌ Failed to send SMS to professional: {prof_sms_result.get('error', 'Unknown error')}")
                except Exception as e:
                    app.logger.error(f"❌ Error sending SMS to professional: {str(e)}")
                    sms_results['professional_sms'] = {'success': False, 'error': str(e)}
            else:
                app.logger.warning(f"⚠️ Cannot send SMS to professional {professional['username']}: No phone number")
                app.logger.warning(f"Professional data: {professional}")
            
            # Log summary of SMS sending results
            user_success = sms_results['user_sms'] and sms_results['user_sms'].get('success', False)
            prof_success = sms_results['professional_sms'] and sms_results['professional_sms'].get('success', False)
            
            app.logger.info(f"📱 SMS Summary for booking {booking_id}:")
            app.logger.info(f"   User SMS: {'✅ Sent' if user_success else '❌ Failed'}")
            app.logger.info(f"   Professional SMS: {'✅ Sent' if prof_success else '❌ Failed'}")
            
        else:
            app.logger.error("❌ SMS service not initialized - no SMS notifications sent")
            app.logger.error("Please check SMS configuration and restart the application")
        
        return {
            'booking_id': booking_id,
            'professional_name': f"{professional['first_name']} {professional['last_name']}",
            'specialization': professional['specialization'],
            'scheduled_time': scheduled_datetime,
            'session_type': session_type,
            'risk_level': risk_assessment['risk_level']
        }
        
    finally:
        conn.close()

def get_user_data(username: str) -> Optional[Dict]:
    """Get user data by username for SMS notifications"""
    conn = sqlite3.connect(DB_FILE)
    try:
        cursor = conn.execute("""
            SELECT username, email, fullname, telephone, province, district
            FROM users 
            WHERE username = ?
        """, (username,))
        
        row = cursor.fetchone()
        if row:
            return {
                'username': row[0],
                'email': row[1],
                'fullname': row[2],
                'telephone': row[3],
                'province': row[4],
                'district': row[5]
            }
        return None
    finally:
        conn.close()

def generate_conversation_summary(conv_id: str) -> str:
    """Generate AI summary of conversation for professional"""
    try:
        # Load conversation history
        history = load_history(conv_id)
        
        if not history:
            return "No conversation history available."
        
        # Build context for AI summary
        context = "Recent conversation:\n"
        for msg in history[-10:]:  # Last 10 messages
            context += f"{msg['role']}: {msg['content']}\n"
        
        # AI prompt for summary
        ai_prompt = f"""
        {context}
        
        Create a brief professional summary of this mental health conversation.
        Focus on: main concerns, emotional state, risk factors, and key issues.
        Keep it concise and professional for a mental health professional.
        """
        
        response = _retry_ollama_call(ollama.chat, model=CHAT_MODEL, messages=[
            {"role": "system", "content": "You are a mental health AI assistant. Create professional summaries of conversations for mental health professionals."},
            {"role": "user", "content": ai_prompt}
        ])
        
        return response["message"]["content"]
        
    except Exception as e:
        app.logger.error(f"Failed to generate conversation summary: {e}")
        return "Summary generation failed."

def get_professional_by_id(professional_id: int) -> Optional[Dict]:
    """Get professional details by ID"""
    conn = sqlite3.connect(DB_FILE)
    try:
        cur = conn.execute("SELECT * FROM professionals WHERE id = ?", (professional_id,))
        row = cur.fetchone()
        
        if row:
            columns = [desc[0] for desc in cur.description]
            return dict(zip(columns, row))
        return None
    finally:
        conn.close()

@app.get("/healthz")
def healthz():
    return {"ok": True}

@app.get("/debug/login")
def debug_login():
    """Debug endpoint to check login status"""
    conn = sqlite3.connect(DB_FILE)
    try:
        cur = conn.execute("SELECT username FROM users LIMIT 5")
        users = [row[0] for row in cur.fetchall()]
        return {
            "ok": True,
            "users_available": users,
            "total_users": len(users),
            "message": "Login debug info"
        }
    finally:
        conn.close()

# initialize DB on startup
init_storage()

# --- helper to normalize older saved "user_prompt" shapes so we don't re-save CONTEXT ---
def _extract_question_from_prompt(content: str) -> str:
    """
    If content looks like the constructed user_prompt with "QUESTION:" and "CONTEXT:",
    extract and return only the QUESTION text. Otherwise return content unchanged.
    """
    if not isinstance(content, str):
        return content
    low = content
    q_marker = "QUESTION:"
    c_marker = "CONTEXT:"
    if q_marker in low and c_marker in low:
        try:
            q_start = low.index(q_marker) + len(q_marker)
            c_start = low.index(c_marker)
            question = low[q_start:c_start].strip()
            if question:
                return question
        except Exception:
            pass
    return content
# --- end helper ---

# --- conversation helpers ---
def create_conversation(owner_key: str = None, conv_id: str = None, preview: str = "New chat"):
    if not conv_id:
        conv_id = str(uuid.uuid4())
    conn = sqlite3.connect(DB_FILE)
    try:
        conn.execute(
            "INSERT OR IGNORE INTO conversations (conv_id, owner_key, preview, ts, booking_prompt_shown) VALUES (?, ?, ?, ?, ?)",
            (conv_id, owner_key, preview, time.time(), 0),
        )
        # if a row existed with no owner_key and we received one, update it
        if owner_key:
            conn.execute(
                "UPDATE conversations SET owner_key = ?, ts = ? WHERE conv_id = ? AND (owner_key IS NULL OR owner_key = '')",
                (owner_key, time.time(), conv_id),
            )
        conn.commit()
    finally:
        conn.close()
    return conv_id

def list_conversations(owner_key: str):
    conn = sqlite3.connect(DB_FILE)
    try:
        cur = conn.execute(
            "SELECT conv_id, preview, ts FROM conversations WHERE owner_key = ? AND IFNULL(archived,0) = 0 ORDER BY ts DESC",
            (owner_key,),
        )
        rows = cur.fetchall()
        return [{"id": r[0], "preview": r[1] or "New chat", "timestamp": r[2]} for r in rows]
    finally:
        conn.close()
# --- end conversation helpers ---

# --- Language detection helpers ---
def create_language_specific_prompt(target_language: str) -> str:
    """
    Create a system prompt in the target language for direct AI response generation
    """
    prompts = {
        'en': """You are AIMHSA, a professional mental health support assistant for Rwanda.

Professional Guidelines:
- Be warm, empathetic, and culturally sensitive
- Provide evidence-based information from the context when available
- ALWAYS respond in English - do not mix languages
- Do NOT diagnose or prescribe medications
- Encourage professional care when appropriate
- For emergencies, always mention Rwanda's Mental Health Hotline: 105
- Keep responses professional, concise, and helpful
- Use the provided context to give accurate, relevant information
- Maintain a natural, conversational tone in English
- Ensure professional mental health support standards

Remember: You are a professional mental health support system designed to provide immediate, culturally-appropriate assistance while connecting users to professional care when needed.""",

        'fr': """Vous êtes AIMHSA, un assistant professionnel de soutien en santé mentale pour le Rwanda.

Directives professionnelles:
- Soyez chaleureux, empathique et culturellement sensible
- Fournissez des informations basées sur des preuves du contexte quand disponible
- RÉPONDEZ TOUJOURS en français - ne mélangez pas les langues
- NE diagnostiquez PAS et ne prescrivez PAS de médicaments
- Encouragez les soins professionnels quand approprié
- Pour les urgences, mentionnez toujours la ligne d'assistance en santé mentale du Rwanda: 105
- Gardez les réponses professionnelles, concises mais utiles
- Utilisez le contexte fourni pour donner des informations précises et pertinentes
- Maintenez un ton naturel et conversationnel en français
- Assurez des standards professionnels de soutien en santé mentale

Rappelez-vous: Vous êtes un système professionnel de soutien en santé mentale conçu pour fournir une assistance immédiate et culturellement appropriée tout en connectant les utilisateurs aux soins professionnels quand nécessaire.""",

        'rw': """Uri AIMHSA, umufasha w'ubuzima bw'ubwoba bw'u Rwanda w'ubuhanga.

Amabwiriza y'ubuhanga:
- Ube umuntu w'umutima mwiza, w'umutima mwiza, kandi w'umutima mwiza
- Tanga amakuru yashyizweho ku bik
- Ku bihano, tanga umutwe wa Ligne d'assistance en santé mentale y'u Rwanda: 105
- Komeza amajwi make ariko akunze
- Koresha icyerekezo cyatanzwe kugira ngo utange amakuru y'ukuri kandi yihariye
- VUGURA BURI GIHE mu Kinyarwanda - NTUVUGE mu ndimi zindi
- Koresha amagambo y'ukuri mu Kinyarwanda gusa
- NTUVUGE mu ndimi zindi cyangwa utangire amagambo y'icyongereza
- Komeza uko uvuga mu Kinyarwanda gusa, ube w'ubuhanga

Wibuke: Uri hano kugira ngo ushyigikire, si kugira ngo usimbure ubuvuzi bw'ubuzima bw'ubwoba bw'ubuhanga. Vugura mu Kinyarwanda gusa, ube w'ubuhanga.""",

        'sw': """Wewe ni AIMHSA, msaidizi wa kitaaluma wa afya ya akili wa Rwanda.

Miongozo ya kitaaluma:
- Kuwa mtu wa moyo mzuri, wa huruma, na wa utamaduni
- Toa taarifa zilizotolewa kwa mazingira wakati wa muda wowote
- JIBU KILA WAKATI kwa Kiswahili - usichanganye lugha
- USITOE utambuzi au USITOE dawa
- Himiza huduma ya kitaaluma wakati wowote
- Kwa dharura, sema daima Ligne d'assistance en santé mentale ya Rwanda: 105
- Weka majibu ya kitaaluma, mafupi lakini ya manufaa
- Tumia mazingira yaliyotolewa kutoa taarifa sahihi na muhimu
- Endelea kuzungumza kwa Kiswahili tu
- Hakikisha viwango vya kitaaluma vya msaada wa afya ya akili

Kumbuka: Wewe ni mfumo wa kitaaluma wa msaada wa afya ya akili ulioundwa kutoa msaada wa haraka na wa kitamaduni wakati wa kuhusisha watumiaji na huduma za kitaaluma wakati zinahitajika."""
    }
    
    return prompts.get(target_language, prompts['en'])

def determine_target_language(current_query: str, server_history: List[Dict], max_history_samples: int = 5) -> str:
    """
    Determine the target reply language with improved accuracy
    - Prioritizes current query language detection
    - Uses conversation history for consistency
    - Returns one of: 'en', 'fr', 'rw', 'sw'
    """
    app.logger.info(f"Determining language for query: '{current_query[:50]}...'")
    
    # First priority: Current query language detection
    try:
        current_lang = translation_service.detect_language(current_query or "")
        app.logger.info(f"Detected current query language: {current_lang}")
        
        # If current query language is detected with high confidence, use it immediately
        if current_lang and current_lang != 'en':
            app.logger.info(f"Using non-English current query language: {current_lang}")
            return current_lang
        elif current_lang == 'en':
            # Check if this might be a false positive for English
            # Look for non-English patterns in the query
            non_english_indicators = [
                'muraho', 'murakoze', 'ndabishimye',  # Kinyarwanda
                'bonjour', 'merci', 'je suis',  # French  
                'hujambo', 'asante', 'nina'  # Kiswahili
            ]
            
            query_lower = current_query.lower()
            for indicator in non_english_indicators:
                if indicator in query_lower:
                    # Re-detect with more aggressive pattern matching
                    pattern_lang = translation_service._detect_by_patterns(current_query)
                    if pattern_lang and pattern_lang != 'en':
                        app.logger.info(f"Pattern override detected: {pattern_lang}")
                        return pattern_lang
    except Exception as e:
        app.logger.warning(f"Language detection error for current query: {e}")
        current_lang = "en"

    # Second priority: Check recent conversation history for consistency
    recent_user_texts: List[str] = []
    for entry in reversed(server_history):
        try:
            if entry.get("role") == "user":
                text = (entry.get("content") or "").strip()
                if text:
                    recent_user_texts.append(text)
        except Exception:
            continue
        if len(recent_user_texts) >= max_history_samples:
            break

    # Analyze recent messages for language consistency
    if recent_user_texts:
        language_votes: Dict[str, int] = {}
        
        for text in recent_user_texts:
            try:
                detected_lang = translation_service.detect_language(text)
                if detected_lang:
                    language_votes[detected_lang] = language_votes.get(detected_lang, 0) + 1
            except Exception:
                continue
        
        # Find the most common language in recent history
        if language_votes:
            most_common_lang = max(language_votes.items(), key=lambda kv: kv[1])[0]
            app.logger.info(f"Most common language in history: {most_common_lang} (votes: {language_votes})")
            
            # If current query is English but history shows another language, 
            # and current query is short or ambiguous, prefer history language
            if (current_lang == 'en' and 
                most_common_lang != 'en' and 
                len(current_query.strip()) < 30):
                app.logger.info(f"Using history language {most_common_lang} due to short/ambiguous current query")
                return most_common_lang

    # Final fallback: Use current query language or default to English
    final_lang = current_lang if current_lang else "en"
    app.logger.info(f"Final language determination: {final_lang}")
    return final_lang

def validate_mental_health_scope(query: str) -> bool:
    """
    Validate if the user query is within mental health scope.
    Returns True if within scope, False if outside scope.
    """
    query_lower = query.lower().strip()
    
    # Mental health related keywords
    mental_health_keywords = [
        'mental', 'emotional', 'psychological', 'depression', 'anxiety', 'stress',
        'sad', 'happy', 'angry', 'frustrated', 'overwhelmed', 'lonely', 'isolated',
        'therapy', 'counseling', 'support', 'help', 'feel', 'feeling', 'mood',
        'sleep', 'insomnia', 'nightmare', 'trauma', 'ptsd', 'panic', 'worry',
        'cope', 'coping', 'self-care', 'wellness', 'wellbeing', 'mind', 'thoughts',
        'suicide', 'self-harm', 'hopeless', 'worthless', 'burden', 'crisis',
        'professional', 'therapist', 'psychologist', 'psychiatrist', 'counselor',
        'session', 'treatment', 'recovery', 'healing', 'grief', 'loss', 'bereavement',
        'relationship', 'family', 'friends', 'social', 'communication', 'conflict',
        'work', 'job', 'career', 'school', 'study', 'academic', 'performance',
        'health', 'medical', 'doctor', 'hospital', 'medication', 'medicine',
        'exercise', 'fitness', 'diet', 'nutrition', 'lifestyle', 'habits',
        'addiction', 'substance', 'alcohol', 'drug', 'smoking', 'gambling',
        'anger', 'rage', 'violence', 'abuse', 'domestic', 'bullying', 'harassment',
        'fear', 'phobia', 'worry', 'concern', 'problem', 'issue', 'challenge',
        'goal', 'motivation', 'inspiration', 'hope', 'future', 'plan', 'dream',
        'memory', 'concentration', 'focus', 'attention', 'learning', 'development',
        'child', 'teen', 'adolescent', 'adult', 'elderly', 'aging', 'retirement',
        'pregnancy', 'postpartum', 'parenting', 'childcare', 'family planning',
        'lgbtq', 'gender', 'identity', 'sexuality', 'orientation', 'discrimination',
        'culture', 'tradition', 'belief', 'religion', 'spiritual', 'faith',
        'community', 'society', 'social', 'isolation', 'connection', 'belonging',
        'purpose', 'meaning', 'value', 'worth', 'self-esteem', 'confidence',
        'boundary', 'limit', 'respect', 'consent', 'safety', 'security',
        'emergency', 'crisis', 'urgent', 'immediate', 'danger', 'risk', 'harm'
    ]
    
    # Check if query contains mental health related terms
    for keyword in mental_health_keywords:
        if keyword in query_lower:
            return True
    
    # Check for greetings and general mental health inquiries
    greetings = ['hello', 'hi', 'hey', 'good morning', 'good afternoon', 'good evening']
    if any(greeting in query_lower for greeting in greetings):
        return True
    
    # Check for general help requests
    help_requests = ['help', 'support', 'assistance', 'advice', 'guidance', 'information']
    if any(request in query_lower for request in help_requests):
        return True
    
    # If no mental health keywords found, likely outside scope
    return False

@app.post("/ask")
def ask():
    data = request.get_json(force=True)
    query = (data.get("query") or "").strip()
    if not query:
        return jsonify({"error": "Missing 'query'"}), 400

    # Let the AI model handle scope enforcement naturally

    # conversation id handling: if none provided, create one and return it
    conv_id = data.get("id")
    new_conv = False
    if not conv_id:
        conv_id = str(uuid.uuid4())
        new_conv = True

    # if new conv created server-side, make sure we have a conversations entry (owner inferred from account or ip)
    if new_conv:
        owner = None
        account = (data.get("account") or "").strip()
        if account:
            owner = f"acct:{account}"
        else:
            ip = request.remote_addr or "unknown"
            owner = f"ip:{ip}"
        create_conversation(owner_key=owner, conv_id=conv_id, preview="New chat")

    # client may supply recent history; ensure it's a list
    client_history = data.get("history", [])
    if not isinstance(client_history, list):
        client_history = []

    # load server-side history for this conv_id
    server_history = load_history(conv_id)

    # load attachments for this conv_id (won't be persisted into messages table;
    # attachments are provided as separate CONTEXT blocks to the model)
    attachments = load_attachments(conv_id)

    # build a set of existing (role, content) pairs to avoid duplicates; normalize saved user prompts
    existing_set = set()
    normalized_server = []
    for entry in server_history:
        role = entry.get("role", "user")
        content = entry.get("content", "")
        if role == "user":
            content = _extract_question_from_prompt(content)
        normalized_server.append({"role": role, "content": content})
        existing_set.add((role, content))

    # merge histories: system prompt, then attachments as SYSTEM CONTEXT, then server_history, then client_history
    messages = [{"role": "system", "content": SYSTEM_PROMPT}]
    # include attachments as separate system-context blocks (kept short-ish)
    for att in attachments:
        att_text = att.get("text", "")
        if att_text:
            # truncate very long attachments to a safe limit to avoid blowing token budget
            SHORT = 40_000
            if len(att_text) > SHORT:
                att_text = att_text[:SHORT] + "\n\n...[truncated]"
            messages.append({"role": "system", "content": f"PDF CONTEXT ({att.get('filename')}):\n{att_text}"})

    for entry in normalized_server:
        role = entry.get("role", "user")
        if role not in ("user", "assistant"):
            role = "user"
        content_val = entry.get("content", "") or ""
        if not isinstance(content_val, str):
            content_val = str(content_val)
        if not content_val.strip():
            continue  # skip empty messages to satisfy model API
        messages.append({"role": role, "content": content_val})

    # If client provided additional history, append it (and persist only if not already present)
    for entry in client_history:
        role = entry.get("role", "user")
        if role not in ("user", "assistant"):
            role = "user"
        content = entry.get("content", "") or ""
        if not isinstance(content, str):
            content = str(content)
        if content.strip():
            # normalize client's user entries when comparing against existing saved entries
            cmp_content = _extract_question_from_prompt(content) if role == "user" else content
            if (role, cmp_content) not in existing_set:
                messages.append({"role": role, "content": content})
                save_message(conv_id, role, cmp_content)  # persist the normalized/raw client content
                existing_set.add((role, cmp_content))
            else:
                # already present server-side; still include in messages so model has recent context
                messages.append({"role": role, "content": content})

    # retrieval-based context
    # Retrieve more context for better grounded answers
    top = retrieve(query, k=6)
    context = build_context(top)

    user_prompt = f"""Answer the user's question using the CONTEXT below when relevant.
You are a mental health support assistant. If the question is about mental health, provide helpful support.
If the question is outside mental health scope, politely explain your specialization and redirect to mental health topics.
If the context is insufficient, be honest and provide safe, general guidance.
If the user greets you or asks for general help, respond helpfully without requiring context.

QUESTION:
{query}

CONTEXT:
{context}
"""

    # Determine stable target language from this query and recent history
    target_language = determine_target_language(query, server_history)
    app.logger.info(f"Target language determined: {target_language}")
    
    # Create language-specific system prompt for direct AI response generation
    system_prompt = create_language_specific_prompt(target_language)

    # Add system prompt and user question to messages
    messages.insert(0, {"role": "system", "content": system_prompt})
    messages.append({"role": "user", "content": user_prompt})

    # Get conversation message count
    conn = sqlite3.connect(DB_FILE)
    try:
        message_count = conn.execute("""
            SELECT COUNT(*) FROM messages WHERE conv_id = ?
        """, (conv_id,)).fetchone()[0]
    finally:
        conn.close()
    
    # NEW: Risk Assessment Integration
    risk_detector = RiskDetector()
    risk_assessment = risk_detector.assess_risk(query, server_history)
    
    # Store risk assessment
    conn = sqlite3.connect(DB_FILE)
    try:
        conn.execute("""
            INSERT INTO risk_assessments 
            (conv_id, user_query, risk_score, risk_level, detected_indicators, assessment_timestamp)
            VALUES (?, ?, ?, ?, ?, ?)
        """, (
            conv_id, 
            query, 
            risk_assessment['risk_score'],
            risk_assessment['risk_level'],
            json.dumps(risk_assessment['detected_indicators']),
            risk_assessment['assessment_timestamp']
        ))
        conn.commit()
    finally:
        conn.close()
    
    # NEW: Dual Booking Triggers
    booking_result = None
    ask_booking = None
    
    # Check if booking prompt was already shown for this conversation
    conn = sqlite3.connect(DB_FILE)
    try:
        booking_prompt_shown = conn.execute("""
            SELECT booking_prompt_shown FROM conversations WHERE conv_id = ?
        """, (conv_id,)).fetchone()
        booking_prompt_shown = booking_prompt_shown[0] if booking_prompt_shown else False
    finally:
        conn.close()
    
    # Trigger 1: After 5 messages - ask user if they want to book (only once per conversation)
    if message_count >= 5 and not booking_prompt_shown:
        ask_booking = {
            'message': 'I notice we\'ve been chatting for a while. Would you like me to connect you with a mental health professional for additional support?',
            'options': ['Yes, I\'d like to book a session', 'No, I\'m okay for now']
        }
        
        # Mark that booking prompt was shown
        conn = sqlite3.connect(DB_FILE)
        try:
            conn.execute("""
                UPDATE conversations SET booking_prompt_shown = 1 WHERE conv_id = ?
            """, (conv_id,))
            conn.commit()
        finally:
            conn.close()
    
    # Trigger 2: High risk assessment - automatically book
    if risk_assessment['risk_level'] in ['high', 'critical']:
        booking_result = create_automated_booking(conv_id, risk_assessment, data.get("account"))
        if booking_result:
            # Add emergency response to system prompt
            emergency_prompt = f"""
            URGENT: High-risk situation detected. Professional help has been automatically scheduled.
            Professional: {booking_result['professional_name']} ({booking_result['specialization']})
            Session Type: {booking_result['session_type']}
            Please provide immediate support and reassurance while professional help is arranged.
            """
            messages.append({"role": "system", "content": emergency_prompt})

    try:
        # Select chat model: allow per-request override, fallback to env CHAT_MODEL
        req_model = (data.get("model") or "").strip()
        chat_model = req_model or CHAT_MODEL
        # Use a conservative decoding config for accuracy and stability
        app.logger.info(f"Calling Ollama chat with model: {chat_model}")
        
        # Use retry wrapper (now fixed to remove timeout parameter)
        app.logger.info(f"Sending messages to Ollama: {len(messages)} messages")
        reply = _retry_ollama_call(
            openai_client.chat.completions.create,
            model=chat_model,
            messages=messages,
            options={"temperature": 0.2, "top_p": 0.9}
        )
        answer = reply.get("message", {}).get("content", "") or ""
        app.logger.info(f"Ollama response received: {answer[:100]}...")
        
        # Check if answer is empty or too short
        if not answer or len(answer.strip()) < 10:
            app.logger.warning(f"Answer too short or empty: '{answer}'")
            # Try a simpler prompt with just the query
            simple_messages = [
                {"role": "system", "content": f"You are AIMHSA, a supportive mental-health companion for Rwanda. Respond warmly and helpfully in {translation_service.get_language_name(target_language)}."},
                {"role": "user", "content": query}
            ]
            app.logger.info("Trying simpler prompt...")
            reply = _retry_ollama_call(ollama.chat, model=chat_model, messages=simple_messages, options={"temperature": 0.2, "top_p": 0.9})
            answer = reply.get("message", {}).get("content", "") or ""
            app.logger.info(f"Simple prompt response: {answer[:100]}...")
            
            # If still empty, provide a helpful default response
            if not answer or len(answer.strip()) < 10:
                if target_language == 'en':
                    answer = f"Hello! I'm AIMHSA, your mental health companion for Rwanda. How can I support you today? If you need immediate help, contact the Mental Health Hotline at 105."
                elif target_language == 'fr':
                    answer = f"Bonjour! Je suis AIMHSA, votre compagnon de santé mentale pour le Rwanda. Comment puis-je vous aider aujourd'hui? Pour une aide immédiate, contactez la ligne d'assistance en santé mentale au 105."
                elif target_language == 'rw':
                    answer = f"Muraho! Nitwa AIMHSA, umufasha wawe w'ubuzima bw'ubwoba bw'u Rwanda. Nakora iki ngo ngufashe uyu munsi? Niba ukeneye ubufasha bwihuse, hamagara Ligne d'assistance en santé mentale ku 105."
        if not isinstance(answer, str) or not answer.strip():
            app.logger.warning("Empty answer received, using language-specific fallback")
            
            # Language-specific fallback responses
            fallback_responses = {
                'en': "I'm here to help. Could you please rephrase your question? If this is an emergency, contact Rwanda's Mental Health Hotline at 105 or CARAES Ndera Hospital at +250 788 305 703.",
                'fr': "Je suis là pour vous aider. Pourriez-vous reformuler votre question? En cas d'urgence, contactez la ligne d'assistance en santé mentale du Rwanda au 105 ou l'hôpital CARAES Ndera au +250 788 305 703.",
                'rw': "Ndi hano kugira ngo nkufashe. Murakoze muvugurure icyibazo cyanyu? Ku bihano, hamagara Ligne d'assistance en santé mentale y'u Rwanda ku 105 cyangwa CARAES Ndera Hospital ku +250 788 305 703.",
                'sw': "Niko hapa kusaidia. Tafadhali rudia swali lako? Kwa dharura, piga simu ya Ligne d'assistance en santé mentale ya Rwanda 105 au CARAES Ndera Hospital +250 788 305 703."
            }
            
            answer = fallback_responses.get(target_language, fallback_responses['en'])
        else:
            app.logger.info(f"Got valid answer: {answer[:50]}...")
                
    except Exception as e:
        app.logger.error(f"Failed to get chat response with {CHAT_MODEL}: {e}")
        app.logger.error(f"Exception type: {type(e).__name__}")
        app.logger.error(f"Exception details: {str(e)}")
        import traceback
        app.logger.error(f"Traceback: {traceback.format_exc()}")
        
        # Provide language-specific fallback response when the model is not available
        fallback_responses = {
            'en': "I'm sorry, I'm having trouble accessing my AI model right now. However, I can still help you with mental health resources in Rwanda. Please contact the Mental Health Hotline at 105 or CARAES Ndera Hospital at +250 788 305 703 for immediate support. You can also try refreshing the page or contacting support if this issue persists.",
            'fr': "Je suis désolé, j'ai des difficultés à accéder à mon modèle IA en ce moment. Cependant, je peux toujours vous aider avec les ressources de santé mentale au Rwanda. Veuillez contacter la ligne d'assistance en santé mentale au 105 ou l'hôpital CARAES Ndera au +250 788 305 703 pour un soutien immédiat. Vous pouvez aussi essayer de rafraîchir la page ou contacter le support si ce problème persiste.",
            'rw': "Ndamukanya, nfite ibibazo bwo kugera ku modere yanjye ya AI ubu. Icyakora, narakomeje gufasha ku bikoresho by'ubuzima bw'ubwoba mu Rwanda. Murakoze hamagara Ligne d'assistance en santé mentale ku 105 cyangwa CARAES Ndera Hospital ku +250 788 305 703 kugira ngo mubone ubufasha buhagije. Murashobora kandi kugerageza gusubiramo urupapuro cyangwa guhamagara ubufasha niba iki kibazo gikomeje.",
            'sw': "Samahani, nina shida ya kufikia moduli yangu ya AI sasa. Hata hivyo, bado naweza kukusaidia na rasilimali za afya ya akili Rwanda. Tafadhali piga simu ya Ligne d'assistance en santé mentale 105 au CARAES Ndera Hospital +250 788 305 703 kwa msaada wa haraka. Unaweza pia kujaribu kurudisha ukurasa au kuwasiliana na msaada iki tatizo likaendelea."
        }
        
        answer = fallback_responses.get(target_language, fallback_responses['en'])

    # persist the current user RAW query (not the constructed user_prompt) and assistant reply
    save_message(conv_id, "user", query)
    save_message(conv_id, "assistant", answer)

    sources = [{"source": m["source"], "chunk": m["chunk"]} for (_, m) in top]
    resp = {"answer": answer, "sources": sources, "id": conv_id}
    
    # Add risk assessment and booking info to response
    resp["risk_assessment"] = {
        "risk_level": risk_assessment['risk_level'],
        "risk_score": risk_assessment['risk_score'],
        "detected_indicators": risk_assessment['detected_indicators'][:3]  # Show top 3 indicators
    }
    
    if ask_booking:
        resp["ask_booking"] = ask_booking
    
    if booking_result:
        resp["emergency_booking"] = booking_result
    
    # if newly created conv, client will need to store/use this id
    if new_conv:
        resp["new"] = True
    return jsonify(resp)

@app.post("/booking_response")
def booking_response():
    """
    Handle user response to booking question
    POST /booking_response
    Body: { "conversation_id": "...", "response": "yes"|"no", "account": "..." }
    """
    try:
        data = request.get_json(force=True)
    except Exception:
        return jsonify({"error": "Invalid JSON"}), 400
    
    conversation_id = data.get("conversation_id")
    response = data.get("response", "").lower()
    account = data.get("account")
    
    if not conversation_id or not response:
        return jsonify({"error": "conversation_id and response required"}), 400
    
    if response == "yes":
        # Create a booking for the user
        try:
            # Create a moderate risk assessment for booking
            risk_assessment = {
                'risk_level': 'medium',
                'risk_score': 0.5,
                'detected_indicators': ['user_requested_booking'],
                'assessment_timestamp': time.time()
            }
            
            booking_result = create_automated_booking(conversation_id, risk_assessment, account)
            if booking_result:
                return jsonify({
                    "ok": True,
                    "message": "Booking created successfully!",
                    "booking": booking_result
                })
            else:
                return jsonify({"error": "Failed to create booking"}), 500
        except Exception as e:
            app.logger.error(f"Failed to create booking: {e}")
            return jsonify({"error": "Failed to create booking"}), 500
    else:
        return jsonify({
            "ok": True,
            "message": "No problem! I'm here whenever you need support."
        })

@app.post("/reset")
def reset():
    # clear stored conversations, attachments and sessions
    reset_db()
    return jsonify({"ok": True})

# --- attachment helpers ---
def save_attachment(conv_id: str, filename: str, text: str):
    conn = sqlite3.connect(DB_FILE)
    try:
        conn.execute(
            "INSERT INTO attachments (conv_id, filename, text, ts) VALUES (?, ?, ?, ?)",
            (conv_id, filename, text, time.time()),
        )
        conn.commit()
    finally:
        conn.close()

def load_attachments(conv_id: str):
    conn = sqlite3.connect(DB_FILE)
    try:
        cur = conn.execute(
            "SELECT filename, text FROM attachments WHERE conv_id = ? ORDER BY id ASC",
            (conv_id,),
        )
        rows = cur.fetchall()
        return [{"filename": r[0], "text": r[1]} for r in rows]
    finally:
        conn.close()

# --- session helpers (new) ---
def get_or_create_session(key: str):
    """Return (conv_id, was_created_bool) for the given session key."""
    conn = sqlite3.connect(DB_FILE)
    try:
        cur = conn.execute("SELECT conv_id FROM sessions WHERE key = ?", (key,))
        row = cur.fetchone()
        if row:
            conv_id = row[0]
            conn.execute("UPDATE sessions SET ts = ? WHERE key = ?", (time.time(), key))
            # ensure conversations entry exists and is associated with this owner key
            try:
                # create conversation row if missing
                conn.execute(
                    "INSERT OR IGNORE INTO conversations (conv_id, owner_key, preview, ts) VALUES (?, ?, ?, ?)",
                    (conv_id, key, "New chat", time.time()),
                )
                # if conversation exists without owner_key, set it
                conn.execute(
                    "UPDATE conversations SET owner_key = ? WHERE conv_id = ? AND (owner_key IS NULL OR owner_key = '')",
                    (key, conv_id),
                )
            except Exception:
                pass
            conn.commit()
            return conv_id, False
        conv_id = str(uuid.uuid4())
        conn.execute(
            "INSERT INTO sessions (key, conv_id, ts) VALUES (?, ?, ?)",
            (key, conv_id, time.time()),
        )
        # also create a conversations row bound to this owner key
        try:
            conn.execute(
                "INSERT OR IGNORE INTO conversations (conv_id, owner_key, preview, ts) VALUES (?, ?, ?, ?)",
                (conv_id, key, "New chat", time.time()),
            )
        except Exception:
            pass
        conn.commit()
        return conv_id, True
    finally:
        conn.close()

# --- API: create/retrieve session by IP or account ---
@app.post("/session")
def session():
    """
    Request JSON: { "account": "<optional account id>" }
    If account is provided, session is bound to account:<account>.
    Otherwise session is bound to ip:<remote_addr>.
    Returns: { "id": "<conv_id>", "new": true|false }
    """
    try:
        data = request.get_json(silent=True) or {}
    except Exception:
        data = {}
    account = (data.get("account") or "").strip()
    if account:
        key = f"acct:{account}"
    else:
        # request.remote_addr may be proxied; frontends should pass account when available
        ip = request.remote_addr or "unknown"
        key = f"ip:{ip}"
    conv_id, new = get_or_create_session(key)
    return jsonify({"id": conv_id, "new": new})

# --- API: get conversation history (messages + attachments) ---
@app.get("/history")
def history():
    """
    Query params: ?id=<conv_id>
    Returns: { "id": "<conv_id>", "history": [ {role, content}, ... ], "attachments": [ {filename,text}, ... ] }
    """
    conv_id = request.args.get("id")
    password = (request.args.get("password") or "").strip()
    if not conv_id:
        return jsonify({"error": "Missing 'id' parameter"}), 400
    try:
        # if conversation is archived and locked, require password to view history
        try:
            conn = sqlite3.connect(DB_FILE)
            cur = conn.execute("SELECT IFNULL(archived,0), archive_pw_hash FROM conversations WHERE conv_id = ?", (conv_id,))
            row = cur.fetchone()
        finally:
            conn.close()
        if row and int(row[0]) == 1 and row[1]:
            if not password or not check_password_hash(row[1], password):
                return jsonify({"error": "password required"}), 403
        hist = load_history(conv_id)
        atts = load_attachments(conv_id)
        return jsonify({"id": conv_id, "history": hist, "attachments": atts})
    except Exception as e:
        app.logger.exception("history endpoint failed")
        return jsonify({"error": str(e)}), 500

# --- file upload endpoint (unchanged) ---
@app.post("/upload_pdf")
def upload_pdf():
    """
    Initial upload:
    Accepts multipart/form-data:
      - file: PDF file (required, .pdf only)
      - id: optional conversation id (if omitted, a new id is created)
    Returns JSON:
      { "id": "<conv_id>", "filename": "...", "new": true|false }

    Question about uploaded PDF will be handled by /ask endpoint using the stored text
    """
    if "file" not in request.files:
        return jsonify({"error": "Missing 'file'"}), 400
    f = request.files["file"]
    filename = secure_filename(f.filename or "")
    if not filename.lower().endswith(".pdf"):
        return jsonify({"error": "Only PDF files allowed"}), 400

    conv_id = request.form.get("id")
    new_conv = False
    if not conv_id:
        conv_id = str(uuid.uuid4())
        new_conv = True

    # if server created a conv for this upload, persist conversation metadata with owner
    if new_conv:
        account = (request.form.get("account") or "").strip()
        if account:
            owner = f"acct:{account}"
        else:
            owner = f"ip:{request.remote_addr or 'unknown'}"
        create_conversation(owner_key=owner, conv_id=conv_id, preview="New chat")

    # save uploaded PDF to a temp file
    with tempfile.NamedTemporaryFile(suffix=".pdf", delete=False) as tmp:
        tmp_path = tmp.name
        f.save(tmp_path)

    extracted_text = ""
    extraction_errors = []

    try:
        # Try to render PDF pages to images using pdf2image -> pytesseract
        try:
            from pdf2image import convert_from_path
            pages = convert_from_path(tmp_path, dpi=300)
            texts = []
            for img in pages:
                try:
                    texts.append(pytesseract.image_to_string(img))
                except Exception as e_img:
                    extraction_errors.append(f"pytesseract on pdf2image image error: {e_img}")
                    app.logger.exception("pytesseract error on pdf2image image")
            extracted_text = "\n\n".join(t for t in texts if t).strip()
            if not extracted_text:
                extraction_errors.append("pdf2image+pytesseract produced empty text")
        except Exception as e_pdf2:
            extraction_errors.append(f"pdf2image error: {e_pdf2}")
            app.logger.exception("pdf2image extraction failed")

        # fallback to PyMuPDF (fitz) if first approach failed to produce text
        if not extracted_text:
            try:
                import fitz
                doc = fitz.open(tmp_path)
                texts = []
                for page in doc:
                    try:
                        pix = page.get_pixmap(dpi=300)
                        img = pix.tobytes("png")
                        from PIL import Image
                        import io
                        img_obj = Image.open(io.BytesIO(img))
                        texts.append(pytesseract.image_to_string(img_obj))
                    except Exception as e_page:
                        extraction_errors.append(f"pytesseract on fitz image error: {e_page}")
                        app.logger.exception("pytesseract error on fitz image")
                extracted_text = "\n\n".join(t for t in texts if t).strip()
                if not extracted_text:
                    extraction_errors.append("PyMuPDF+pytesseract produced empty text")
            except Exception as e_fitz:
                extraction_errors.append(f"PyMuPDF (fitz) error: {e_fitz}")
                app.logger.exception("PyMuPDF extraction failed")

        # fallback to text extraction using PyPDF2 (no OCR)
        if not extracted_text:
            try:
                from PyPDF2 import PdfReader
                reader = PdfReader(tmp_path)
                texts = []
                for p in reader.pages:
                    try:
                        texts.append(p.extract_text() or "")
                    except Exception as e_page_text:
                        extraction_errors.append(f"PyPDF2 page extract error: {e_page_text}")
                        app.logger.exception("PyPDF2 page extraction error")
                extracted_text = "\n\n".join(t for t in texts if t).strip()
                if not extracted_text:
                    extraction_errors.append("PyPDF2 produced empty text")
            except Exception as e_pypdf2:
                extraction_errors.append(f"PyPDF2 error: {e_pypdf2}")
                app.logger.exception("PyPDF2 extraction failed")

    finally:
        try:
            os.remove(tmp_path)
        except Exception:
            pass

    if not extracted_text:
        # Build user-friendly, actionable details from collected errors
        hints = []
        for err in extraction_errors:
            hints.append(err)
            # common issues -> suggested fixes
            if "Unable to get page count" in err or "pdf2image error" in err or "pdf2image" in err:
                hints.append(
                    "pdf2image needs poppler (pdftoppm). Install poppler and ensure it's in PATH "
                    "(e.g. 'apt-get install poppler-utils' or 'brew install poppler' on macOS)."
                )
            if "No module named 'fitz'" in err or "PyMuPDF (fitz) error" in err:
                hints.append("Install PyMuPDF: pip install pymupdf")
            if "No module named 'PyPDF2'" in err or "PyPDF2 error" in err:
                hints.append("Install PyPDF2: pip install PyPDF2")
            if "pytesseract" in err and ("No such file or directory" in err or "Tesseract" in err):
                hints.append(
                    "Tesseract binary not found. Install Tesseract OCR and ensure it's in PATH "
                    "(e.g. 'apt-get install tesseract-ocr' or 'brew install tesseract')."
                )

        details = " | ".join(hints) if hints else "unknown error"
        app.logger.warning("PDF extraction failed: %s", details)
        return jsonify({
            "error": "Could not extract text from PDF (no supported tool available or file empty)",
            "details": details
        }), 400

    # persist attachment
    save_attachment(conv_id, filename, extracted_text)

    resp = {"id": conv_id, "filename": filename}
    if new_conv:
        resp["new"] = True

    return jsonify(resp)

# new endpoints: create and list conversations
@app.post("/conversations")
def create_conversations_endpoint():
    """
    POST /conversations
    Body JSON: { "account": "<required account id>" }
    Returns: { "id": "<conv_id>", "new": true }
    """
    try:
        data = request.get_json(silent=True) or {}
    except Exception:
        data = {}
    account = (data.get("account") or "").strip()
    if not account:
        return jsonify({"error": "Account required to create server-backed conversations"}), 403
    key = f"acct:{account}"
    conv_id = create_conversation(owner_key=key, preview="New chat")
    return jsonify({"id": conv_id, "new": True})

@app.get("/conversations")
def get_conversations_endpoint():
    """
    GET /conversations?account=<required>
    Returns: { "conversations": [ {id, preview, timestamp}, ... ] }
    """
    account = (request.args.get("account") or "").strip()
    if not account:
        return jsonify({"error": "Account required to list conversations"}), 403
    key = f"acct:{account}"
    try:
        rows = list_conversations(key)
        return jsonify({"conversations": rows})
    except Exception as e:
        app.logger.exception("failed to list conversations")
        return jsonify({"error": str(e)}), 500

@app.post("/conversations/rename")
def rename_conversation():
    """
    POST /conversations/rename
    JSON: { "account": "...", "id": "<conv_id>", "preview": "<new title>" }
    """
    try:
        data = request.get_json(force=True)
    except Exception:
        return jsonify({"error": "Invalid JSON"}), 400
    account = (data.get("account") or "").strip()
    conv_id = (data.get("id") or "").strip()
    preview = (data.get("preview") or "").strip()
    if not account or not conv_id or not preview:
        return jsonify({"error": "account, id and preview required"}), 400
    owner_key = f"acct:{account}"
    conn = sqlite3.connect(DB_FILE)
    try:
        cur = conn.execute("SELECT owner_key, IFNULL(archived,0) FROM conversations WHERE conv_id = ?", (conv_id,))
        row = cur.fetchone()
        if not row:
            return jsonify({"error": "conversation not found"}), 404
        if (row[0] or "") != owner_key:
            return jsonify({"error": "forbidden"}), 403
        if int(row[1]) == 1:
            return jsonify({"error": "cannot rename archived conversation"}), 403
        conn.execute("UPDATE conversations SET preview = ?, ts = ? WHERE conv_id = ?", (preview[:120], time.time(), conv_id))
        conn.commit()
        return jsonify({"ok": True})
    except Exception as e:
        conn.rollback()
        return jsonify({"error": str(e)}), 500
    finally:
        conn.close()

@app.get("/conversations/archived")
def get_archived_conversations_endpoint():
    """
    GET /conversations/archived?account=<required>
    Returns archived conversations for this account
    """
    account = (request.args.get("account") or "").strip()
    if not account:
        return jsonify({"error": "Account required to list conversations"}), 403
    key = f"acct:{account}"
    conn = sqlite3.connect(DB_FILE)
    try:
        cur = conn.execute(
            "SELECT conv_id, preview, ts, CASE WHEN archive_pw_hash IS NULL OR archive_pw_hash = '' THEN 0 ELSE 1 END AS locked FROM conversations WHERE owner_key = ? AND IFNULL(archived,0) = 1 ORDER BY ts DESC",
            (key,),
        )
        rows = cur.fetchall()
        items = [{"id": r[0], "preview": r[1] or "New chat", "timestamp": r[2], "locked": bool(r[3])} for r in rows]
        return jsonify({"conversations": items})
    except Exception as e:
        app.logger.exception("failed to list archived conversations")
        return jsonify({"error": str(e)}), 500
    finally:
        conn.close()

@app.post("/conversations/archive")
def archive_conversation():
    """
    POST /conversations/archive
    JSON: { "account": "...", "id": "<conv_id>", "archived": true|false }
    """
    try:
        data = request.get_json(force=True)
    except Exception:
        return jsonify({"error": "Invalid JSON"}), 400
    account = (data.get("account") or "").strip()
    conv_id = (data.get("id") or "").strip()
    archived = bool(data.get("archived", True))
    password = (data.get("password") or "").strip()
    if not account or not conv_id:
        return jsonify({"error": "account and id required"}), 400
    owner_key = f"acct:{account}"
    conn = sqlite3.connect(DB_FILE)
    try:
        cur = conn.execute("SELECT owner_key FROM conversations WHERE conv_id = ?", (conv_id,))
        row = cur.fetchone()
        if not row:
            return jsonify({"error": "conversation not found"}), 404
        if (row[0] or "") != owner_key:
            return jsonify({"error": "forbidden"}), 403
        # when archiving, password is REQUIRED; when unarchiving, password MUST match
        if archived:
            if not password:
                return jsonify({"error": "password required to archive"}), 400
            pw_hash = generate_password_hash(password)
            conn.execute("UPDATE conversations SET archive_pw_hash = ? WHERE conv_id = ?", (pw_hash, conv_id))
        else:
            cur = conn.execute("SELECT archive_pw_hash FROM conversations WHERE conv_id = ?", (conv_id,))
            row = cur.fetchone()
            if row and row[0]:
                if not password or not check_password_hash(row[0], password):
                    return jsonify({"error": "invalid password"}), 403
            # clear hash on successful unarchive
            conn.execute("UPDATE conversations SET archive_pw_hash = NULL WHERE conv_id = ?", (conv_id,))
        conn.execute("UPDATE conversations SET archived = ? WHERE conv_id = ?", (1 if archived else 0, conv_id))
        conn.commit()
        return jsonify({"ok": True})
    except Exception as e:
        conn.rollback()
        return jsonify({"error": str(e)}), 500
    finally:
        conn.close()

@app.post("/api/register")
def register():
    """
    POST /register
    JSON: { "username": "...", "email": "...", "fullname": "...", "telephone": "...", "province": "...", "district": "...", "password": "..." }
    """
    try:
        data = request.get_json(force=True)
    except Exception:
        return jsonify({"error": "Invalid JSON"}), 400
    
    # Extract and validate all fields
    username = (data.get("username") or "").strip()
    email = (data.get("email") or "").strip()
    fullname = (data.get("fullname") or "").strip()
    telephone = (data.get("telephone") or "").strip()
    province = (data.get("province") or "").strip()
    district = (data.get("district") or "").strip()
    password = (data.get("password") or "")
    
    # Collect validation errors
    errors = {}
    
    # Validate required fields
    if not username:
        errors['username'] = 'Username is required'
    if not email:
        errors['email'] = 'Email is required'
    if not fullname:
        errors['fullname'] = 'Full name is required'
    if not telephone:
        errors['telephone'] = 'Phone number is required'
    if not province:
        errors['province'] = 'Province is required'
    if not district:
        errors['district'] = 'District is required'
    if not password:
        errors['password'] = 'Password is required'
    
    # Email validation
    import re
    if email:
        email_pattern = r'^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$'
        if not re.match(email_pattern, email):
            errors['email'] = 'Please enter a valid email address'
    
    # Phone validation (Rwanda format)
    if telephone:
        phone_pattern = r'^(\+250|0)[0-9]{9}$'
        if not re.match(phone_pattern, telephone):
            errors['telephone'] = 'Please enter a valid Rwanda phone number (+250XXXXXXXXX or 07XXXXXXXX)'
    
    # Username validation
    if username:
        if len(username) < 3:
            errors['username'] = 'Username must be at least 3 characters'
        elif len(username) > 50:
            errors['username'] = 'Username must be less than 50 characters'
        elif not re.match(r'^[a-zA-Z0-9_]+$', username):
            errors['username'] = 'Username can only contain letters, numbers, and underscores'
    
    # Full name validation
    if fullname:
        if len(fullname) < 2:
            errors['fullname'] = 'Full name must be at least 2 characters'
        elif len(fullname) > 100:
            errors['fullname'] = 'Full name must be less than 100 characters'
        elif not re.match(r'^[a-zA-Z\s\-\'\.]+$', fullname):
            errors['fullname'] = 'Full name can only contain letters, spaces, hyphens, apostrophes, and periods'
        elif len(fullname.strip().split()) < 2:
            errors['fullname'] = 'Please enter your complete name (first and last name)'
    
    # Password validation
    if password:
        if len(password) < 8:
            errors['password'] = 'Password must be at least 8 characters long'
        elif len(password) > 128:
            errors['password'] = 'Password must be less than 128 characters'
        elif not re.search(r'[a-zA-Z]', password):
            errors['password'] = 'Password must contain at least one letter'
        elif not re.search(r'[0-9]', password):
            errors['password'] = 'Password must contain at least one number'
    
    # Province validation
    if province:
        valid_provinces = ['Kigali', 'Eastern', 'Northern', 'Southern', 'Western']
        if province not in valid_provinces:
            errors['province'] = 'Please select a valid province'
    
    # District validation
    if district and province:
        province_districts = {
            'Kigali': ['Gasabo', 'Kicukiro', 'Nyarugenge'],
            'Eastern': ['Bugesera', 'Gatsibo', 'Kayonza', 'Kirehe', 'Ngoma', 'Nyagatare', 'Rwamagana'],
            'Northern': ['Burera', 'Gakenke', 'Gicumbi', 'Musanze', 'Rulindo'],
            'Southern': ['Gisagara', 'Huye', 'Kamonyi', 'Muhanga', 'Nyamagabe', 'Nyanza', 'Nyaruguru', 'Ruhango'],
            'Western': ['Karongi', 'Ngororero', 'Nyabihu', 'Nyamasheke', 'Rubavu', 'Rusizi', 'Rutsiro']
        }
        if province in province_districts and district not in province_districts[province]:
            errors['district'] = 'Please select a valid district for the selected province'
    
    # Return field-specific errors if any
    if errors:
        return jsonify({"errors": errors, "message": "Please correct the errors below"}), 400
    
    # Check if user already exists before attempting to insert
    conn = sqlite3.connect(DB_FILE)
    try:
        # Check if username already exists
        cur = conn.execute("SELECT 1 FROM users WHERE username = ?", (username,))
        if cur.fetchone():
            return jsonify({"errors": {"username": "This username is already taken. Please choose another."}, "message": "Please correct the errors below"}), 409
        
        # Check if email already exists
        cur = conn.execute("SELECT 1 FROM users WHERE email = ?", (email,))
        if cur.fetchone():
            return jsonify({"errors": {"email": "This email is already registered. Please use a different email."}, "message": "Please correct the errors below"}), 409
        
        # Check if telephone already exists
        cur = conn.execute("SELECT 1 FROM users WHERE telephone = ?", (telephone,))
        if cur.fetchone():
            return jsonify({"errors": {"telephone": "This phone number is already registered. Please use a different phone number."}, "message": "Please correct the errors below"}), 409
        
        # All validations passed, create the user
        pw_hash = generate_password_hash(password)
        conn.execute(
            "INSERT INTO users (username, email, fullname, telephone, province, district, password_hash, created_ts) VALUES (?, ?, ?, ?, ?, ?, ?, ?)",
            (username, email, fullname, telephone, province, district, pw_hash, time.time()),
        )
        conn.commit()
        
    except sqlite3.IntegrityError as e:
        # Fallback error handling in case of race conditions
        if "username" in str(e):
            return jsonify({"errors": {"username": "This username is already taken. Please choose another."}, "message": "Please correct the errors below"}), 409
        elif "email" in str(e):
            return jsonify({"errors": {"email": "This email is already registered. Please use a different email."}, "message": "Please correct the errors below"}), 409
        elif "telephone" in str(e):
            return jsonify({"errors": {"telephone": "This phone number is already registered. Please use a different phone number."}, "message": "Please correct the errors below"}), 409
        else:
            return jsonify({"error": "Registration failed. Please try again."}), 409
    except Exception as e:
        app.logger.error(f"Registration error: {e}")
        return jsonify({"error": "Registration failed. Please try again."}), 500
    finally:
        conn.close()
    
    return jsonify({"ok": True, "account": username, "message": "Account created successfully"})

# API endpoint for user login
@app.post("/api/login")
def login():
    """
    POST /login
    JSON: { "email": "...", "password": "..." }
    """
    try:
        data = request.get_json(force=True)
    except Exception:
        return jsonify({"error": "Invalid JSON"}), 400
    email = (data.get("email") or "").strip()
    password = (data.get("password") or "")
    if not email or not password:
        return jsonify({"error": "email and password required"}), 400
    
    # Email validation
    import re
    email_pattern = r'^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$'
    if not re.match(email_pattern, email):
        return jsonify({"error": "Invalid email format"}), 400
    
    conn = sqlite3.connect(DB_FILE)
    try:
        cur = conn.execute("SELECT username, password_hash FROM users WHERE email = ?", (email,))
        row = cur.fetchone()
        if not row:
            return jsonify({"error": "invalid credentials"}), 401
        username, stored = row
        if not check_password_hash(stored, password):
            return jsonify({"error": "invalid credentials"}), 401
    finally:
        conn.close()
    return jsonify({"ok": True, "account": username})

# --- Forgot/Reset Password (Users) ---
@app.post("/forgot_password")
def forgot_password():
    """
    POST /forgot_password
    JSON: { "email": "..." }
    Creates a short-lived reset token and sends it via email.
    """
    try:
        data = request.get_json(force=True)
    except Exception:
        return jsonify({"error": "Invalid JSON"}), 400
    email = (data.get("email") or "").strip()
    if not email:
        return jsonify({"error": "email required"}), 400
    
    # Email validation
    import re
    email_pattern = r'^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$'
    if not re.match(email_pattern, email):
        return jsonify({"error": "Invalid email format"}), 400
    
    # verify user exists
    conn = sqlite3.connect(DB_FILE)
    try:
        cur = conn.execute("SELECT username, fullname FROM users WHERE email = ?", (email,))
        user_row = cur.fetchone()
        if not user_row:
            # do not reveal whether the user exists; still return ok
            return jsonify({"ok": True, "message": "If the email exists, a reset code has been sent."})
        
        username, fullname = user_row
        
        # Check if there's already an active reset token for this user
        cur = conn.execute(
            "SELECT id FROM password_resets WHERE username = ? AND used = 0 AND expires_ts > ?",
            (username, time.time())
        )
        existing_token = cur.fetchone()
        
        if existing_token:
            # Invalidate the existing token
            conn.execute("UPDATE password_resets SET used = 1 WHERE id = ?", (existing_token[0],))
        
        # Generate new reset token
        token = uuid.uuid4().hex[:6].upper()  # 6-char code
        expires = time.time() + 15 * 60  # 15 minutes
        
        # Store the reset token
        conn.execute(
            "INSERT INTO password_resets (username, token, expires_ts, used) VALUES (?, ?, ?, 0)",
            (username, token, expires),
        )
        conn.commit()
        
        # Send email with reset code
        try:
            send_password_reset_email(email, username, token)
            return jsonify({
                "ok": True, 
                "message": "Password reset code sent to your email.",
                "user_info": {
                    "username": username,
                    "fullname": fullname
                }
            })
        except Exception as e:
            # If email fails, still return the token for demo purposes
            app.logger.error(f"Failed to send email: {e}")
            return jsonify({
                "ok": True, 
                "token": token, 
                "expires_in": 900, 
                "message": "Email service unavailable. Use this code for testing.",
                "user_info": {
                    "username": username,
                    "fullname": fullname
                }
            })
            
    finally:
        conn.close()

@app.get("/forgot_password/available_emails")
def get_available_emails():
    """
    GET /forgot_password/available_emails
    Returns list of available emails for testing purposes
    """
    conn = sqlite3.connect(DB_FILE)
    try:
        cur = conn.execute("SELECT DISTINCT email, username, fullname FROM users ORDER BY email")
        users = cur.fetchall()
        
        emails = []
        for user in users:
            emails.append({
                "email": user[0],
                "username": user[1], 
                "fullname": user[2]
            })
        
        return jsonify({
            "ok": True,
            "available_emails": emails,
            "count": len(emails)
        })
    finally:
        conn.close()

@app.post("/reset_password")
def reset_password():
    """
    POST /reset_password
    JSON: { "email": "...", "token": "ABC123", "new_password": "..." }
    Validates token and updates the user's password.
    """
    try:
        data = request.get_json(force=True)
    except Exception:
        return jsonify({"error": "Invalid JSON"}), 400
    email = (data.get("email") or "").strip()
    token = (data.get("token") or "").strip().upper()
    new_password = (data.get("new_password") or "")
    if not email or not token or not new_password:
        return jsonify({"error": "email, token, and new_password required"}), 400
    if len(new_password) < 6:
        return jsonify({"error": "new_password too short"}), 400
    
    # Email validation
    import re
    email_pattern = r'^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$'
    if not re.match(email_pattern, email):
        return jsonify({"error": "Invalid email format"}), 400
    
    conn = sqlite3.connect(DB_FILE)
    try:
        # First get the username from email
        cur = conn.execute("SELECT username FROM users WHERE email = ?", (email,))
        user_row = cur.fetchone()
        if not user_row:
            return jsonify({"error": "invalid email"}), 400
        username = user_row[0]
        
        # Then validate the token
        cur = conn.execute(
            "SELECT id, expires_ts, used FROM password_resets WHERE username = ? AND token = ?",
            (username, token),
        )
        row = cur.fetchone()
        if not row:
            return jsonify({"error": "invalid token"}), 400
        reset_id, expires_ts, used = row
        if used:
            return jsonify({"error": "token already used"}), 400
        if time.time() > float(expires_ts):
            return jsonify({"error": "token expired"}), 400
        # Update password and mark token used
        pw_hash = generate_password_hash(new_password)
        conn.execute("UPDATE users SET password_hash = ? WHERE username = ?", (pw_hash, username))
        conn.execute("UPDATE password_resets SET used = 1 WHERE id = ?", (reset_id,))
        conn.commit()
        
        # Get user info for confirmation
        cur = conn.execute("SELECT email, fullname FROM users WHERE username = ?", (username,))
        user_info = cur.fetchone()
        
        return jsonify({
            "ok": True, 
            "message": "Password reset successfully. You can now login with your new password.",
            "user_info": {
                "username": username,
                "email": user_info[0] if user_info else email,
                "fullname": user_info[1] if user_info else "User"
            }
        })
    finally:
        conn.close()

@app.post("/clear_chat")
def clear_chat():
    """Clear messages and attachments for a conversation."""
    data = request.get_json(force=True)
    conv_id = data.get("id")
    if not conv_id:
        return jsonify({"error": "Missing conversation id"}), 400

    conn = sqlite3.connect(DB_FILE)
    try:
        # Delete messages and attachments for this conversation
        conn.execute("DELETE FROM messages WHERE conv_id = ?", (conv_id,))
        conn.execute("DELETE FROM attachments WHERE conv_id = ?", (conv_id,))
        # Reset conversation preview
        conn.execute(
            "UPDATE conversations SET preview = ? WHERE conv_id = ?",
            ("New chat", conv_id),
        )
        conn.commit()
        return jsonify({"ok": True})
    except Exception as e:
        return jsonify({"error": str(e)}), 500
    finally:
        conn.close()

# --- delete a conversation (requires account owner) ---
@app.post("/conversations/delete")
def delete_conversation():
    """
    POST /conversations/delete
    JSON: { "account": "...", "id": "<conv_id>" }
    Only allows deletion when the conversation owner matches acct:<account>.
    """
    try:
        data = request.get_json(force=True)
    except Exception:
        return jsonify({"error": "Invalid JSON"}), 400

    account = (data.get("account") or "").strip()
    conv_id = (data.get("id") or "").strip()
    password = (data.get("password") or "").strip()
    if not account or not conv_id:
        return jsonify({"error": "account and id required"}), 400

    owner_key = f"acct:{account}"

    conn = sqlite3.connect(DB_FILE)
    try:
        cur = conn.execute("SELECT owner_key, IFNULL(archived,0), archive_pw_hash FROM conversations WHERE conv_id = ?", (conv_id,))
        row = cur.fetchone()
        if not row:
            return jsonify({"error": "conversation not found"}), 404
        if (row[0] or "") != owner_key:
            return jsonify({"error": "forbidden"}), 403
        # If archived and locked, require correct password to delete
        if int(row[1]) == 1 and row[2]:
            if not password or not check_password_hash(row[2], password):
                return jsonify({"error": "invalid password"}), 403

        # delete related rows
        conn.execute("DELETE FROM messages WHERE conv_id = ?", (conv_id,))
        conn.execute("DELETE FROM attachments WHERE conv_id = ?", (conv_id,))
        conn.execute("DELETE FROM sessions WHERE conv_id = ?", (conv_id,))
        conn.execute("DELETE FROM conversations WHERE conv_id = ?", (conv_id,))
        conn.commit()
        return jsonify({"ok": True})
    except Exception as e:
        conn.rollback()
        return jsonify({"error": str(e)}), 500
    finally:
        conn.close()

# --- NEW API ENDPOINTS FOR THERAPY BOOKING SYSTEM ---

# Admin endpoints
@app.post("/admin/professionals")
def create_professional():
    """Create a new professional"""
    try:
        data = request.get_json(force=True)
    except Exception:
        return jsonify({"error": "Invalid JSON"}), 400
    
    required_fields = ['username', 'password', 'first_name', 'last_name', 'email', 'specialization', 'expertise_areas']
    for field in required_fields:
        if not data.get(field):
            return jsonify({"error": f"Missing required field: {field}"}), 400
    
    # Hash password
    password_hash = generate_password_hash(data['password'])
    
    # Prepare expertise areas as JSON
    expertise_areas = json.dumps(data.get('expertise_areas', []))
    languages = json.dumps(data.get('languages', ['english']))
    qualifications = json.dumps(data.get('qualifications', []))
    availability_schedule = json.dumps(data.get('availability_schedule', {}))
    
    conn = sqlite3.connect(DB_FILE)
    try:
        # Check if username already exists
        existing_username = conn.execute(
            "SELECT username FROM professionals WHERE username = ?", 
            (data['username'],)
        ).fetchone()
        
        if existing_username:
            return jsonify({
                "error": "Username already exists", 
                "details": f"Username '{data['username']}' is already taken. Please choose a different username."
            }), 409
        
        # Check if email already exists
        existing_email = conn.execute(
            "SELECT email FROM professionals WHERE email = ?", 
            (data['email'],)
        ).fetchone()
        
        if existing_email:
            return jsonify({
                "error": "Email already exists", 
                "details": f"Email '{data['email']}' is already registered. Please use a different email."
            }), 409
        
        conn.execute("""
            INSERT INTO professionals 
            (username, password_hash, first_name, last_name, email, phone, license_number,
             specialization, expertise_areas, location_latitude, location_longitude, 
             location_address, district, availability_schedule, max_patients_per_day,
             consultation_fee, languages, qualifications, experience_years, bio,
             profile_picture, created_ts, updated_ts)
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
        """, (
            data['username'], password_hash, data['first_name'], data['last_name'],
            data['email'], data.get('phone'), data.get('license_number'),
            data['specialization'], expertise_areas, data.get('location_latitude'),
            data.get('location_longitude'), data.get('location_address'), data.get('district'),
            availability_schedule, data.get('max_patients_per_day', 10),
            data.get('consultation_fee'), languages, qualifications,
            data.get('experience_years', 0), data.get('bio'), data.get('profile_picture'),
            time.time(), time.time()
        ))
        conn.commit()
        return jsonify({"ok": True, "message": "Professional created successfully"})
    except sqlite3.IntegrityError as e:
        return jsonify({
            "error": "Database constraint violation", 
            "details": str(e)
        }), 409
    except Exception as e:
        return jsonify({"error": str(e)}), 500
    finally:
        conn.close()

@app.get("/admin/professionals/check-availability")
def check_professional_availability():
    """Check if username or email is available"""
    username = request.args.get('username')
    email = request.args.get('email')
    
    if not username and not email:
        return jsonify({"error": "Provide either username or email to check"}), 400
    
    conn = sqlite3.connect(DB_FILE)
    try:
        result = {"username_available": True, "email_available": True}
        
        if username:
            existing_username = conn.execute(
                "SELECT username FROM professionals WHERE username = ?", 
                (username,)
            ).fetchone()
            result["username_available"] = existing_username is None
            result["username"] = username
        
        if email:
            existing_email = conn.execute(
                "SELECT email FROM professionals WHERE email = ?", 
                (email,)
            ).fetchone()
            result["email_available"] = existing_email is None
            result["email"] = email
        
        return jsonify(result)
    finally:
        conn.close()

@app.get("/admin/professionals")
def list_professionals():
    """List all professionals with filtering"""
    specialization = request.args.get('specialization')
    is_active = request.args.get('is_active')  # Remove default value to show all
    
    conn = sqlite3.connect(DB_FILE)
    try:
        query = "SELECT * FROM professionals"
        params = []
        conditions = []
        
        if is_active is not None:
            conditions.append("is_active = ?")
            params.append(is_active)
        
        if specialization:
            conditions.append("specialization = ?")
            params.append(specialization)
        
        if conditions:
            query += " WHERE " + " AND ".join(conditions)
        
        query += " ORDER BY created_ts DESC"
        
        cur = conn.execute(query, params)
        rows = cur.fetchall()
        
        professionals = []
        columns = [desc[0] for desc in cur.description]
        for row in rows:
            prof = dict(zip(columns, row))
            # Parse JSON fields
            prof['expertise_areas'] = json.loads(prof.get('expertise_areas', '[]'))
            prof['languages'] = json.loads(prof.get('languages', '[]'))
            prof['qualifications'] = json.loads(prof.get('qualifications', '[]'))
            prof['availability_schedule'] = json.loads(prof.get('availability_schedule', '{}'))
            professionals.append(prof)
        
        return jsonify({"professionals": professionals})
    finally:
        conn.close()

@app.put("/admin/professionals/<int:prof_id>")
def update_professional(prof_id: int):
    """Update a professional's information"""
    try:
        data = request.get_json(force=True)
    except Exception:
        return jsonify({"error": "Invalid JSON"}), 400
    
    conn = sqlite3.connect(DB_FILE)
    try:
        # Debug: Log received data
        print(f"Update professional {prof_id} - Received data: {data}")
        
        # Check if professional exists
        cur = conn.execute("SELECT id FROM professionals WHERE id = ?", (prof_id,))
        if not cur.fetchone():
            return jsonify({"error": "Professional not found"}), 404
        
        # Prepare update fields
        update_fields = []
        update_values = []
        
        # Handle password update separately
        if 'password' in data and data['password']:
            password_hash = generate_password_hash(data['password'])
            update_fields.append("password_hash = ?")
            update_values.append(password_hash)
        
        # Handle other fields
        allowed_fields = [
            'username', 'first_name', 'last_name', 'email', 'phone', 'license_number',
            'specialization', 'location_latitude', 'location_longitude',
            'location_address', 'district', 'max_patients_per_day',
            'consultation_fee', 'experience_years', 'bio', 'profile_picture'
        ]
        
        for field in allowed_fields:
            if field in data:
                update_fields.append(f"{field} = ?")
                update_values.append(data[field])
                print(f"Processing field: {field} = {data[field]}")
        
        print(f"Update fields: {update_fields}")
        
        # Handle JSON fields
        if 'expertise_areas' in data:
            update_fields.append("expertise_areas = ?")
            update_values.append(json.dumps(data['expertise_areas']))
        
        if 'languages' in data:
            update_fields.append("languages = ?")
            update_values.append(json.dumps(data['languages']))
        
        if 'qualifications' in data:
            update_fields.append("qualifications = ?")
            update_values.append(json.dumps(data['qualifications']))
        
        if 'availability_schedule' in data:
            update_fields.append("availability_schedule = ?")
            update_values.append(json.dumps(data['availability_schedule']))
        
        if not update_fields:
            return jsonify({"error": "No fields to update"}), 400
        
        # Add updated timestamp
        update_fields.append("updated_ts = ?")
        update_values.append(time.time())
        
        # Add professional ID for WHERE clause
        update_values.append(prof_id)
        
        # Execute update
        query = f"UPDATE professionals SET {', '.join(update_fields)} WHERE id = ?"
        conn.execute(query, update_values)
        conn.commit()
        
        return jsonify({"ok": True, "message": "Professional updated successfully"})
    except Exception as e:
        return jsonify({"error": str(e)}), 500
    finally:
        conn.close()

@app.delete("/admin/professionals/<int:prof_id>")
def delete_professional(prof_id: int):
    """Delete a professional account"""
    conn = sqlite3.connect(DB_FILE)
    try:
        # Check if professional exists
        cur = conn.execute("SELECT id, username FROM professionals WHERE id = ?", (prof_id,))
        professional = cur.fetchone()
        if not professional:
            return jsonify({"error": "Professional not found"}), 404
        
        # Check if professional has any active bookings
        cur = conn.execute("""
            SELECT COUNT(*) FROM automated_bookings 
            WHERE professional_id = ? AND booking_status IN ('pending', 'confirmed')
        """, (prof_id,))
        active_bookings = cur.fetchone()[0]
        
        if active_bookings > 0:
            return jsonify({
                "error": "Cannot delete professional with active bookings",
                "details": f"Professional has {active_bookings} active booking(s). Please resolve these bookings first."
            }), 409
        
        # Delete the professional
        conn.execute("DELETE FROM professionals WHERE id = ?", (prof_id,))
        conn.commit()
        
        return jsonify({
            "ok": True, 
            "message": f"Professional '{professional[1]}' deleted successfully"
        })
    except Exception as e:
        return jsonify({"error": str(e)}), 500
    finally:
        conn.close()

@app.post("/admin/professionals/<int:prof_id>/status")
def toggle_professional_status(prof_id: int):
    """Activate/Deactivate a professional account"""
    try:
        data = request.get_json(force=True)
    except Exception:
        return jsonify({"error": "Invalid JSON"}), 400

    if 'is_active' not in data:
        return jsonify({"error": "Missing is_active"}), 400

    is_active = 1 if bool(data['is_active']) else 0

    conn = sqlite3.connect(DB_FILE)
    try:
        cur = conn.execute("SELECT id FROM professionals WHERE id = ?", (prof_id,))
        if not cur.fetchone():
            return jsonify({"error": "Professional not found"}), 404

        conn.execute(
            "UPDATE professionals SET is_active = ?, updated_ts = ? WHERE id = ?",
            (is_active, time.time(), prof_id)
        )
        conn.commit()
        return jsonify({"ok": True, "id": prof_id, "is_active": bool(is_active)})
    finally:
        conn.close()

@app.get("/admin/bookings")
def list_bookings():
    """List all automated bookings with user and professional information"""
    status = request.args.get('status')
    risk_level = request.args.get('risk_level')
    limit = int(request.args.get('limit', 100))
    
    conn = sqlite3.connect(DB_FILE)
    try:
        # Get all bookings with user and professional information
        query = """
            SELECT 
                ab.*,
                u.fullname as user_fullname,
                u.email as user_email,
                u.telephone as user_phone,
                u.province as user_province,
                u.district as user_district,
                (u.district || ', ' || u.province) as user_location,
                u.created_ts as user_created_ts,
                p.first_name as professional_first_name,
                p.last_name as professional_last_name,
                p.specialization as professional_specialization,
                p.email as professional_email,
                p.phone as professional_phone,
                p.experience_years as professional_experience,
                (p.first_name || ' ' || p.last_name) as professional_name
            FROM automated_bookings ab
            LEFT JOIN users u ON ab.user_account = u.username
            LEFT JOIN professionals p ON ab.professional_id = p.id
        """
        params = []
        conditions = []
        
        if status:
            conditions.append("ab.booking_status = ?")
            params.append(status)
        
        if risk_level:
            conditions.append("ab.risk_level = ?")
            params.append(risk_level)
        
        if conditions:
            query += " WHERE " + " AND ".join(conditions)
        
        query += " ORDER BY ab.created_ts DESC LIMIT ?"
        params.append(limit)
        
        cur = conn.execute(query, params)
        rows = cur.fetchall()
        
        bookings = []
        columns = [desc[0] for desc in cur.description]
        for row in rows:
            booking = dict(zip(columns, row))
            booking['detected_indicators'] = json.loads(booking.get('detected_indicators', '[]'))
            
            # Handle professional name
            if booking.get('professional_first_name') and booking.get('professional_last_name'):
                booking['professional_name'] = f"{booking['professional_first_name']} {booking['professional_last_name']}"
            else:
                booking['professional_name'] = 'Unassigned'
            
            # Handle user name
            if not booking.get('user_fullname'):
                booking['user_fullname'] = booking.get('user_account', 'Guest User')
            
            bookings.append(booking)
        
        # Calculate statistics
        stats_query = """
            SELECT 
                COUNT(*) as total,
                SUM(CASE WHEN booking_status = 'confirmed' THEN 1 ELSE 0 END) as confirmed,
                SUM(CASE WHEN booking_status = 'pending' THEN 1 ELSE 0 END) as pending,
                SUM(CASE WHEN risk_level = 'critical' THEN 1 ELSE 0 END) as critical
            FROM automated_bookings
        """
        
        stats_cur = conn.execute(stats_query)
        stats_row = stats_cur.fetchone()
        stats = {
            'total': stats_row[0] if stats_row[0] else 0,
            'confirmed': stats_row[1] if stats_row[1] else 0,
            'pending': stats_row[2] if stats_row[2] else 0,
            'critical': stats_row[3] if stats_row[3] else 0
        }
        
        return jsonify({
            "bookings": bookings,
            "total": stats['total'],
            "confirmed": stats['confirmed'],
            "pending": stats['pending'],
            "critical": stats['critical']
        })
    finally:
        conn.close()

@app.get("/admin/risk-assessments")
def list_risk_assessments():
    """List recent risk assessments"""
    limit = int(request.args.get('limit', 50))
    
    conn = sqlite3.connect(DB_FILE)
    try:
        cur = conn.execute("""
            SELECT * FROM risk_assessments 
            ORDER BY assessment_timestamp DESC 
            LIMIT ?
        """, (limit,))
        rows = cur.fetchall()
        
        assessments = []
        columns = [desc[0] for desc in cur.description]
        for row in rows:
            assessment = dict(zip(columns, row))
            assessment['detected_indicators'] = json.loads(assessment.get('detected_indicators', '[]'))
            assessments.append(assessment)
        
        return jsonify({"assessments": assessments})
    finally:
        conn.close()

@app.get("/admin/users")
def list_users():
    """List all users for admin dashboard"""
    limit = int(request.args.get('limit', 100))
    search = request.args.get('search', '')
    
    conn = sqlite3.connect(DB_FILE)
    try:
        # Build query with optional search
        query = """
            SELECT u.username, u.email, u.fullname, u.telephone, u.province, u.district, u.created_ts,
                   COALESCE(ra.risk_level, 'low') as latest_risk_level,
                   COALESCE(ra.risk_score, 0.0) as latest_risk_score,
                   COALESCE(ra.assessment_timestamp, 0) as last_assessment_time
            FROM users u
            LEFT JOIN (
                SELECT user_account, risk_level, risk_score, assessment_timestamp,
                       ROW_NUMBER() OVER (PARTITION BY user_account ORDER BY assessment_timestamp DESC) as rn
                FROM risk_assessments
            ) ra ON u.username = ra.user_account AND ra.rn = 1
        """
        
        params = []
        if search:
            query += " WHERE (u.username LIKE ? OR u.fullname LIKE ? OR u.email LIKE ?)"
            search_term = f"%{search}%"
            params.extend([search_term, search_term, search_term])
        
        query += " ORDER BY u.created_ts DESC LIMIT ?"
        params.append(limit)
        
        cur = conn.execute(query, params)
        rows = cur.fetchall()
        
        users = []
        columns = [desc[0] for desc in cur.description]
        for row in rows:
            user = dict(zip(columns, row))
            # Format last active time
            if user['last_assessment_time'] > 0:
                user['last_active'] = datetime.fromtimestamp(user['last_assessment_time']).strftime('%Y-%m-%d %H:%M')
            else:
                user['last_active'] = 'Never'
            
            # Determine status based on recent activity
            if user['last_assessment_time'] > 0:
                days_since_active = (time.time() - user['last_assessment_time']) / 86400
                user['status'] = 'Active' if days_since_active < 7 else 'Inactive'
            else:
                user['status'] = 'New'
                
            users.append(user)
        
        return jsonify({"users": users})
    finally:
        conn.close()

# Professional endpoints
@app.post("/professional/login")
def professional_login():
    """Professional login"""
    try:
        data = request.get_json(force=True)
    except Exception:
        return jsonify({"error": "Invalid JSON"}), 400
    
    # Accept either username or email for convenience
    username = (data.get("username") or "").strip()
    email = (data.get("email") or "").strip()
    password = (data.get("password") or "")
    
    if (not username and not email) or not password:
        return jsonify({"error": "username/email and password required"}), 400
    
    conn = sqlite3.connect(DB_FILE)
    try:
        if username:
            cur = conn.execute(
                "SELECT id, password_hash, first_name, last_name, username, email FROM professionals WHERE username = ? AND is_active = 1",
                (username,)
            )
        else:
            cur = conn.execute(
                "SELECT id, password_hash, first_name, last_name, username, email FROM professionals WHERE email = ? AND is_active = 1",
                (email,)
            )
        row = cur.fetchone()
        if not row:
            return jsonify({"error": "invalid credentials"}), 401
        
        prof_id, stored_hash, first_name, last_name, uname, uemail = row
        if not check_password_hash(stored_hash, password):
            return jsonify({"error": "invalid credentials"}), 401
        
        return jsonify({
            "ok": True, 
            "professional_id": prof_id,
            "name": f"{first_name} {last_name}",
            "username": uname,
            "email": uemail
        })
    finally:
        conn.close()

@app.post("/logout")
def logout():
    """Logout endpoint - clears all sessions"""
    return jsonify({"ok": True, "message": "Logged out successfully"})

@app.post("/admin/login")
def admin_login():
    """Admin login - redirects to dashboard"""
    try:
        data = request.get_json(force=True)
    except Exception:
        return jsonify({"error": "Invalid JSON"}), 400
    
    username = (data.get("username") or "").strip()
    password = (data.get("password") or "")
    
    if not username or not password:
        return jsonify({"error": "username and password required"}), 400
    
    conn = sqlite3.connect(DB_FILE)
    try:
        cur = conn.execute("SELECT id, password_hash, email, role FROM admin_users WHERE username = ?", (username,))
        row = cur.fetchone()
        if not row:
            return jsonify({"error": "invalid credentials"}), 401
        
        admin_id, stored_hash, email, role = row
        if not check_password_hash(stored_hash, password):
            return jsonify({"error": "invalid credentials"}), 401
        
        # Create admin session token
        import secrets
        session_token = secrets.token_urlsafe(32)
        
        return jsonify({
            "ok": True,
            "redirect": "/admin_dashboard.html",
            "admin_id": admin_id,
            "username": username,
            "email": email,
            "role": role,
            "session_token": session_token
        })
    finally:
        conn.close()


@app.get("/admin_dashboard.html")
def admin_dashboard():
    """Serve admin dashboard page"""
    return send_from_directory(_CHATBOT_STATIC_DIR, 'admin_dashboard.html')





@app.put("/professional/sessions/<booking_id>/status")
def update_session_status(booking_id):
    """Update session status (accept/decline)"""
    try:
        data = request.get_json(force=True)
    except Exception:
        return jsonify({"error": "Invalid JSON"}), 400
    
    new_status = data.get('status')
    professional_id = data.get('professional_id')
    
    if not new_status or not professional_id:
        return jsonify({"error": "status and professional_id required"}), 400
    
    if new_status not in ['confirmed', 'declined', 'completed']:
        return jsonify({"error": "Invalid status"}), 400
    
    conn = sqlite3.connect(DB_FILE)
    try:
        # Verify professional owns this booking
        cur = conn.execute("SELECT professional_id FROM automated_bookings WHERE booking_id = ?", (booking_id,))
        row = cur.fetchone()
        if not row or row[0] != professional_id:
            return jsonify({"error": "Unauthorized"}), 403
        
        # Update booking status
        conn.execute("UPDATE automated_bookings SET booking_status = ?, updated_ts = ? WHERE booking_id = ?", 
                    (new_status, time.time(), booking_id))
        
        # If confirmed, create session record
        if new_status == 'confirmed':
            conn.execute("""
                INSERT INTO therapy_sessions 
                (booking_id, professional_id, conv_id, created_ts)
                SELECT booking_id, professional_id, conv_id, ?
                FROM automated_bookings WHERE booking_id = ?
            """, (time.time(), booking_id))
        
        conn.commit()
        return jsonify({"ok": True})
    finally:
        conn.close()

@app.post("/professional/sessions/<booking_id>/notes")
def add_session_notes(booking_id):
    """Add notes to a session"""
    try:
        data = request.get_json(force=True)
    except Exception:
        return jsonify({"error": "Invalid JSON"}), 400
    
    notes = data.get('notes', '')
    professional_id = data.get('professional_id')
    
    if not professional_id:
        return jsonify({"error": "professional_id required"}), 400
    
    conn = sqlite3.connect(DB_FILE)
    try:
        # Verify professional owns this booking
        cur = conn.execute("SELECT professional_id FROM automated_bookings WHERE booking_id = ?", (booking_id,))
        row = cur.fetchone()
        if not row or row[0] != professional_id:
            return jsonify({"error": "Unauthorized"}), 403
        
        # Update session notes
        conn.execute("""
            UPDATE therapy_sessions 
            SET session_notes = ?, session_start = COALESCE(session_start, ?)
            WHERE booking_id = ?
        """, (notes, time.time(), booking_id))
        
        conn.commit()
        return jsonify({"ok": True})
    finally:
        conn.close()

# Real-time monitoring endpoints
@app.get("/monitor/risk-stats")
def get_risk_stats():
    """Get real-time risk statistics"""
    conn = sqlite3.connect(DB_FILE)
    try:
        # Get counts by risk level for last 24 hours
        cur = conn.execute("""
            SELECT risk_level, COUNT(*) as count
            FROM risk_assessments 
            WHERE assessment_timestamp > ?
            GROUP BY risk_level
        """, (time.time() - 86400,))
        rows = cur.fetchall()
        
        stats = {'critical': 0, 'high': 0, 'medium': 0, 'low': 0}
        for row in rows:
            stats[row[0]] = row[1]
        
        return jsonify({"risk_stats": stats})
    finally:
        conn.close()

@app.get("/monitor/recent-assessments")
def get_recent_assessments():
    """Get recent risk assessments"""
    limit = int(request.args.get('limit', 10))
    
    conn = sqlite3.connect(DB_FILE)
    try:
        cur = conn.execute("""
            SELECT ra.*, c.owner_key
            FROM risk_assessments ra
            LEFT JOIN conversations c ON ra.conv_id = c.conv_id
            ORDER BY ra.assessment_timestamp DESC 
            LIMIT ?
        """, (limit,))
        rows = cur.fetchall()
        
        assessments = []
        columns = [desc[0] for desc in cur.description]
        for row in rows:
            assessment = dict(zip(columns, row))
            assessment['detected_indicators'] = json.loads(assessment.get('detected_indicators', '[]'))
            assessments.append(assessment)
        
        return jsonify({"recent_assessments": assessments})
    finally:
        conn.close()

# Update run configuration to use port 7860 for API only
# --- PROFESSIONAL DASHBOARD API ENDPOINTS ---

@app.put("/professional/profile")
def update_professional_profile():
    """Update professional profile information"""
    try:
        data = request.get_json(force=True)
    except Exception:
        return jsonify({"error": "Invalid JSON"}), 400
    
    professional_id = request.headers.get('X-Professional-ID')
    if not professional_id:
        return jsonify({"error": "Professional ID required"}), 400
    
    # Optional fields that can be updated
    update_fields = []
    update_values = []
    
    # Check which fields are provided and prepare update query
    if 'first_name' in data:
        update_fields.append("first_name = ?")
        update_values.append(data['first_name'])
    
    if 'last_name' in data:
        update_fields.append("last_name = ?")
        update_values.append(data['last_name'])
    
    if 'email' in data:
        update_fields.append("email = ?")
        update_values.append(data['email'])
    
    if 'phone' in data:
        update_fields.append("phone = ?")
        update_values.append(data['phone'])
    
    if 'license_number' in data:
        update_fields.append("license_number = ?")
        update_values.append(data['license_number'])
    
    if 'specialization' in data:
        update_fields.append("specialization = ?")
        update_values.append(data['specialization'])
    
    if 'expertise_areas' in data:
        update_fields.append("expertise_areas = ?")
        update_values.append(json.dumps(data['expertise_areas']))
    
    if 'location_latitude' in data:
        update_fields.append("location_latitude = ?")
        update_values.append(data['location_latitude'])
    
    if 'location_longitude' in data:
        update_fields.append("location_longitude = ?")
        update_values.append(data['location_longitude'])
    
    if 'location_address' in data:
        update_fields.append("location_address = ?")
        update_values.append(data['location_address'])
    
    if 'district' in data:
        update_fields.append("district = ?")
        update_values.append(data['district'])
    
    if 'availability_schedule' in data:
        update_fields.append("availability_schedule = ?")
        update_values.append(json.dumps(data['availability_schedule']))
    
    if 'max_patients_per_day' in data:
        update_fields.append("max_patients_per_day = ?")
        update_values.append(data['max_patients_per_day'])
    
    if 'consultation_fee' in data:
        update_fields.append("consultation_fee = ?")
        update_values.append(data['consultation_fee'])
    
    if 'languages' in data:
        update_fields.append("languages = ?")
        update_values.append(json.dumps(data['languages']))
    
    if 'qualifications' in data:
        update_fields.append("qualifications = ?")
        update_values.append(json.dumps(data['qualifications']))
    
    if 'experience_years' in data:
        update_fields.append("experience_years = ?")
        update_values.append(data['experience_years'])
    
    if 'bio' in data:
        update_fields.append("bio = ?")
        update_values.append(data['bio'])
    
    if 'profile_picture' in data:
        update_fields.append("profile_picture = ?")
        update_values.append(data['profile_picture'])
    
    if not update_fields:
        return jsonify({"error": "No fields to update"}), 400
    
    # Add updated timestamp
    update_fields.append("updated_ts = ?")
    update_values.append(time.time())
    
    # Add professional_id for WHERE clause
    update_values.append(professional_id)
    
    conn = sqlite3.connect(DB_FILE)
    try:
        # Check if professional exists
        cur = conn.execute("SELECT id FROM professionals WHERE id = ?", (professional_id,))
        if not cur.fetchone():
            return jsonify({"error": "Professional not found"}), 404
        
        # Check for email conflicts if email is being updated
        if 'email' in data:
            existing_email = conn.execute(
                "SELECT id FROM professionals WHERE email = ? AND id != ?", 
                (data['email'], professional_id)
            ).fetchone()
            if existing_email:
                return jsonify({
                    "error": "Email already exists", 
                    "details": f"Email '{data['email']}' is already registered by another professional."
                }), 409
        
        # Build and execute update query
        update_query = f"UPDATE professionals SET {', '.join(update_fields)} WHERE id = ?"
        conn.execute(update_query, update_values)
        conn.commit()
        
        return jsonify({"ok": True, "message": "Professional profile updated successfully"})
        
    except sqlite3.IntegrityError as e:
        return jsonify({
            "error": "Database constraint violation", 
            "details": str(e)
        }), 409
    except Exception as e:
        return jsonify({"error": str(e)}), 500
    finally:
        conn.close()

@app.get("/professional/profile")
def get_professional_profile():
    """Get current professional's profile information"""
    professional_id = request.headers.get('X-Professional-ID')
    if not professional_id:
        return jsonify({"error": "Professional ID required"}), 400
    
    conn = sqlite3.connect(DB_FILE)
    try:
        cur = conn.execute("""
            SELECT id, username, first_name, last_name, email, phone, license_number,
                   specialization, expertise_areas, location_latitude, location_longitude,
                   location_address, district, availability_schedule, max_patients_per_day,
                   consultation_fee, languages, qualifications, experience_years, bio,
                   profile_picture, is_active, created_ts, updated_ts
            FROM professionals WHERE id = ?
        """, (professional_id,))
        
        row = cur.fetchone()
        if not row:
            return jsonify({"error": "Professional not found"}), 404
        
        # Parse JSON fields
        expertise_areas = json.loads(row[8]) if row[8] else []
        availability_schedule = json.loads(row[13]) if row[13] else {}
        languages = json.loads(row[16]) if row[16] else []
        qualifications = json.loads(row[17]) if row[17] else []
        
        profile = {
            "id": row[0],
            "username": row[1],
            "first_name": row[2],
            "last_name": row[3],
            "email": row[4],
            "phone": row[5],
            "license_number": row[6],
            "specialization": row[7],
            "expertise_areas": expertise_areas,
            "location_latitude": row[9],
            "location_longitude": row[10],
            "location_address": row[11],
            "district": row[12],
            "availability_schedule": availability_schedule,
            "max_patients_per_day": row[14],
            "consultation_fee": row[15],
            "languages": languages,
            "qualifications": qualifications,
            "experience_years": row[18],
            "bio": row[19],
            "profile_picture": row[20],
            "is_active": bool(row[21]),
            "created_ts": row[22],
            "updated_ts": row[23]
        }
        
        return jsonify(profile)
        
    except Exception as e:
        return jsonify({"error": str(e)}), 500
    finally:
        conn.close()

@app.get("/professional/dashboard-stats")
def get_professional_dashboard_stats():
    """Get dashboard statistics for professional"""
    try:
        conn = sqlite3.connect(DB_FILE)
        
        # Get professional ID from session or request
        professional_id = request.headers.get('X-Professional-ID', '1')  # Default to Jean Ntwari for testing
        
        # Total sessions
        total_sessions = conn.execute("""
            SELECT COUNT(*) FROM automated_bookings WHERE professional_id = ?
        """, (professional_id,)).fetchone()[0]
        
        # Active users (users with recent sessions)
        active_users = conn.execute("""
            SELECT COUNT(DISTINCT user_account) FROM automated_bookings 
            WHERE professional_id = ? AND booking_status IN ('confirmed', 'completed')
        """, (professional_id,)).fetchone()[0]
        
        # High risk cases
        high_risk_cases = conn.execute("""
            SELECT COUNT(*) FROM automated_bookings 
            WHERE professional_id = ? AND risk_level IN ('high', 'critical')
        """, (professional_id,)).fetchone()[0]
        
        # Unread notifications
        unread_notifications = conn.execute("""
            SELECT COUNT(*) FROM professional_notifications 
            WHERE professional_id = ? AND is_read = 0
        """, (professional_id,)).fetchone()[0]
        
        conn.close()
        
        return jsonify({
            'totalSessions': total_sessions,
            'activeUsers': active_users,
            'highRiskCases': high_risk_cases,
            'unreadNotifications': unread_notifications
        })
        
    except Exception as e:
        app.logger.error(f"Error getting dashboard stats: {e}")
        return jsonify({'error': 'Failed to get dashboard stats'}), 500

@app.get("/professional/sessions")
def get_professional_sessions():
    """Get sessions for professional"""
    try:
        limit = request.args.get('limit', 50)
        professional_id = request.headers.get('X-Professional-ID', '1')  # Default to Jean Ntwari for testing
        
        conn = sqlite3.connect(DB_FILE)
        
        sessions = conn.execute("""
            SELECT ab.booking_id, ab.conv_id, ab.user_account, ab.user_ip, ab.risk_level, ab.risk_score,
                   ab.detected_indicators, ab.conversation_summary, ab.booking_status, 
                   ab.scheduled_datetime, ab.session_type, ab.created_ts, ab.updated_ts,
                   u.fullname, u.email, u.telephone, u.province, u.district
            FROM automated_bookings ab
            LEFT JOIN users u ON ab.user_account = u.username
            WHERE ab.professional_id = ?
            ORDER BY ab.created_ts DESC
            LIMIT ?
        """, (professional_id, limit)).fetchall()
        
        conn.close()
        
        sessions_data = []
        for session in sessions:
            # Format user location
            user_location = None
            if session[16] and session[17]:  # province and district
                user_location = f"{session[17]}, {session[16]}"
            elif session[16]:  # only province
                user_location = session[16]
            elif session[17]:  # only district
                user_location = session[17]
            
            sessions_data.append({
                'bookingId': session[0],
                'convId': session[1],
                'userAccount': session[2],
                'userName': session[13] or session[2],  # Use fullname if available, otherwise account
                'userIp': session[3],
                'riskLevel': session[4],
                'riskScore': session[5],
                'detectedIndicators': session[6],
                'conversationSummary': session[7],
                'bookingStatus': session[8],
                'scheduledDatetime': session[9],
                'sessionType': session[10],
                'createdTs': session[11],
                'updatedTs': session[12],
                'userPhone': session[15],  # telephone
                'userEmail': session[14],  # email
                'userLocation': user_location
            })
        
        return jsonify(sessions_data)
        
    except Exception as e:
        app.logger.error(f"Error getting sessions: {e}")
        return jsonify({'error': 'Failed to get sessions'}), 500

@app.get("/debug/test")
def debug_test():
    """Debug endpoint to test if new code is loaded"""
    return jsonify({
        'message': 'New code is loaded!',
        'timestamp': time.time(),
        'version': '2.0'
    })

@app.get("/professional/sessions/<booking_id>")
def get_professional_session_details(booking_id):
    """Get detailed session information for professional"""
    try:
        professional_id = request.headers.get('X-Professional-ID', '1')  # Default to Jean Ntwari for testing
        
        conn = sqlite3.connect(DB_FILE)
        
        # Get session details with complete user information
        session = conn.execute("""
            SELECT ab.booking_id, ab.conv_id, ab.user_account, ab.user_ip, ab.risk_level, ab.risk_score,
                   ab.detected_indicators, ab.conversation_summary, ab.booking_status, 
                   ab.scheduled_datetime, ab.session_type, ab.created_ts, ab.updated_ts,
                   u.fullname, u.email, u.telephone, u.province, u.district, u.created_at
            FROM automated_bookings ab
            LEFT JOIN users u ON ab.user_account = u.username
            WHERE ab.booking_id = ? AND ab.professional_id = ?
        """, (booking_id, professional_id)).fetchone()
        
        if not session:
            conn.close()
            return jsonify({'error': 'Session not found'}), 404
        
        # Format user location
        user_location = None
        if session[17] and session[16]:  # district and province
            user_location = f"{session[17]}, {session[16]}"
        elif session[16]:  # only province
            user_location = session[16]
        elif session[17]:  # only district
            user_location = session[17]
        
        # Get user's session history
        user_sessions = conn.execute("""
            SELECT booking_id, session_type, booking_status, risk_level, risk_score, 
                   scheduled_datetime, created_ts
            FROM automated_bookings 
            WHERE user_account = ? AND professional_id = ?
            ORDER BY created_ts DESC
            LIMIT 10
        """, (session[2], professional_id)).fetchall()
        
        # Get user's risk assessment history
        risk_history = conn.execute("""
            SELECT risk_level, risk_score, created_ts
            FROM automated_bookings 
            WHERE user_account = ? AND professional_id = ?
            ORDER BY created_ts DESC
            LIMIT 10
        """, (session[2], professional_id)).fetchall()
        
        # Get conversation history for this session
        conversation_history = conn.execute("""
            SELECT role, content, ts
            FROM messages 
            WHERE conv_id = ?
            ORDER BY ts ASC
        """, (session[1],)).fetchall()
        
        # Get session notes if any (table may not exist)
        session_notes = None
        try:
            session_notes = conn.execute("""
                SELECT notes, treatment_plan, follow_up_required, follow_up_date
                FROM session_notes 
                WHERE booking_id = ?
            """, (booking_id,)).fetchone()
        except sqlite3.OperationalError:
            # session_notes table doesn't exist, that's okay
            pass
        
        conn.close()
        
        # Format session data
        session_data = {
            'bookingId': session[0],
            'convId': session[1],
            'userAccount': session[2],
            'userName': session[13] or session[2],  # Use fullname if available, otherwise account
            'userIp': session[3],
            'riskLevel': session[4],
            'riskScore': session[5],
            'detectedIndicators': session[6],
            'conversationSummary': session[7],
            'bookingStatus': session[8],
            'scheduledDatetime': session[9],
            'sessionType': session[10],
            'createdTs': session[11],
            'updatedTs': session[12],
            'userPhone': session[15],  # telephone
            'userEmail': session[14],  # email
            'userLocation': user_location,
            'userFullName': session[13],
            'userProvince': session[16],
            'userDistrict': session[17],
            'userCreatedAt': session[18],
            'sessions': [
                {
                    'bookingId': s[0],
                    'sessionType': s[1],
                    'bookingStatus': s[2],
                    'riskLevel': s[3],
                    'riskScore': s[4],
                    'scheduledDatetime': s[5],
                    'createdTs': s[6]
                } for s in user_sessions
            ],
            'riskAssessments': [
                {
                    'riskLevel': r[0],
                    'riskScore': r[1],
                    'timestamp': r[2]
                } for r in risk_history
            ],
            'conversationHistory': [
                {
                    'sender': c[0],  # role
                    'content': c[1],
                    'timestamp': c[2]  # ts
                } for c in conversation_history
            ],
            'sessionNotes': {
                'notes': session_notes[0] if session_notes else None,
                'treatmentPlan': session_notes[1] if session_notes else None,
                'followUpRequired': session_notes[2] if session_notes else False,
                'followUpDate': session_notes[3] if session_notes else None
            } if session_notes else None
        }
        
        return jsonify(session_data)
        
    except Exception as e:
        app.logger.error(f"Error getting session details: {e}")
        import traceback
        error_details = traceback.format_exc()
        app.logger.error(f"Full error traceback: {error_details}")
        return jsonify({
            'error': 'Failed to get session details',
            'details': str(e),
            'traceback': error_details
        }), 500

@app.get("/professional/users/<username>")
def get_professional_user_details(username: str):
    """Get detailed user information for professional"""
    try:
        professional_id = request.headers.get('X-Professional-ID', '1')  # Default to Jean Ntwari for testing
        
        conn = sqlite3.connect(DB_FILE)
        
        # Get user details
        user = conn.execute("""
            SELECT username, fullname, email, telephone, province, district, created_at
            FROM users 
            WHERE username = ?
        """, (username,)).fetchone()
        
        if not user:
            conn.close()
            return jsonify({'error': 'User not found'}), 404
        
        # Get user's session statistics
        session_stats = conn.execute("""
            SELECT COUNT(*) as total_bookings,
                   MAX(risk_score) as highest_risk_score,
                   MIN(created_ts) as first_booking_time,
                   MAX(created_ts) as last_booking_time
            FROM automated_bookings 
            WHERE user_account = ? AND professional_id = ?
        """, (username, professional_id)).fetchone()
        
        # Get highest risk level
        highest_risk = conn.execute("""
            SELECT risk_level 
            FROM automated_bookings 
            WHERE user_account = ? AND professional_id = ? AND risk_score = ?
            ORDER BY created_ts DESC
            LIMIT 1
        """, (username, professional_id, session_stats[1] or 0)).fetchone()
        
        # Get user's sessions
        sessions = conn.execute("""
            SELECT booking_id, session_type, booking_status, risk_level, risk_score, 
                   scheduled_datetime, created_ts
            FROM automated_bookings 
            WHERE user_account = ? AND professional_id = ?
            ORDER BY created_ts DESC
            LIMIT 10
        """, (username, professional_id)).fetchall()
        
        # Get risk assessment history
        risk_assessments = conn.execute("""
            SELECT risk_level, risk_score, created_ts
            FROM automated_bookings 
            WHERE user_account = ? AND professional_id = ?
            ORDER BY created_ts DESC
            LIMIT 10
        """, (username, professional_id)).fetchall()
        
        # Get recent conversations
        conversations = conn.execute("""
            SELECT DISTINCT cm.conv_id, cm.content, cm.timestamp
            FROM conversation_messages cm
            JOIN automated_bookings ab ON cm.conv_id = ab.conv_id
            WHERE ab.user_account = ? AND ab.professional_id = ?
            ORDER BY cm.timestamp DESC
            LIMIT 5
        """, (username, professional_id)).fetchall()
        
        conn.close()
        
        # Format user data
        user_data = {
            'userAccount': user[0],
            'fullName': user[1],
            'email': user[2],
            'telephone': user[3],
            'province': user[4],
            'district': user[5],
            'userCreatedAt': user[6],
            'totalBookings': session_stats[0] or 0,
            'highestRiskScore': session_stats[1] or 0,
            'highestRiskLevel': highest_risk[0] if highest_risk else 'unknown',
            'firstBookingTime': session_stats[2],
            'lastBookingTime': session_stats[3],
            'sessions': [
                {
                    'bookingId': s[0],
                    'sessionType': s[1],
                    'bookingStatus': s[2],
                    'riskLevel': s[3],
                    'riskScore': s[4],
                    'scheduledDatetime': s[5],
                    'createdTs': s[6]
                } for s in sessions
            ],
            'riskAssessments': [
                {
                    'riskLevel': r[0],
                    'riskScore': r[1],
                    'timestamp': r[2]
                } for r in risk_assessments
            ],
            'conversations': [
                {
                    'convId': c[0],
                    'preview': c[1][:100] + '...' if len(c[1]) > 100 else c[1],
                    'timestamp': c[2]
                } for c in conversations
            ]
        }
        
        return jsonify(user_data)
        
    except Exception as e:
        app.logger.error(f"Error getting user details: {e}")
        return jsonify({'error': 'Failed to get user details'}), 500

@app.get("/professional/users")
def get_professional_users():
    """Get users for professional"""
    try:
        professional_id = request.headers.get('X-Professional-ID', '1')  # Default to Jean Ntwari for testing
        conn = sqlite3.connect(DB_FILE)
        
        # Get users who have sessions with this professional
        users = conn.execute("""
            SELECT DISTINCT ab.user_account, 
                   COUNT(*) as total_sessions,
                   MAX(ab.created_ts) as last_active,
                   MAX(ab.risk_level) as highest_risk_level,
                   COUNT(DISTINCT ab.conv_id) as total_conversations
            FROM automated_bookings ab
            WHERE ab.professional_id = ?
            GROUP BY ab.user_account
            ORDER BY last_active DESC
        """, (professional_id,)).fetchall()
        
        conn.close()
        
        users_data = []
        for user in users:
            users_data.append({
                'username': user[0],
                'email': f"{user[0]}@example.com",  # Placeholder
                'totalSessions': user[1],
                'lastActive': user[2],
                'highestRiskLevel': user[3],
                'totalConversations': user[4],
                'status': 'active'
            })
        
        return jsonify(users_data)
        
    except Exception as e:
        app.logger.error(f"Error getting users: {e}")
        return jsonify({'error': 'Failed to get users'}), 500

@app.get("/notifications")
def get_notifications():
    """Get all notifications for dashboard"""
    try:
        conn = sqlite3.connect(DB_FILE)
        
        # Get notification counts and recent notifications
        stats = {}
        
        # Professional notifications count
        prof_notifications = conn.execute("""
            SELECT COUNT(*) FROM professional_notifications 
            WHERE is_read = 0
        """).fetchone()[0]
        
        # Recent bookings count (last 24 hours)
        recent_bookings = conn.execute("""
            SELECT COUNT(*) FROM automated_bookings 
            WHERE created_ts > ?
        """, (time.time() - 86400,)).fetchone()[0]
        
        # Critical risk assessments count
        critical_risks = conn.execute("""
            SELECT COUNT(*) FROM risk_assessments 
            WHERE risk_level = 'critical' AND assessment_timestamp > ?
        """, (time.time() - 86400,)).fetchone()[0]
        
        # New users count (last 24 hours)
        new_users = conn.execute("""
            SELECT COUNT(*) FROM users 
            WHERE created_ts > ?
        """, (time.time() - 86400,)).fetchone()[0]
        
        # Recent notifications (last 10)
        recent_notifications = conn.execute("""
            SELECT 
                pn.id,
                pn.title,
                pn.message,
                pn.notification_type,
                pn.is_read,
                pn.created_ts,
                (p.first_name || ' ' || p.last_name) as professional_name
            FROM professional_notifications pn
            LEFT JOIN professionals p ON pn.professional_id = p.id
            ORDER BY pn.created_ts DESC 
            LIMIT 10
        """).fetchall()
        
        notifications_data = []
        for notification in recent_notifications:
            time_ago = get_time_ago(notification[5])
            notifications_data.append({
                'id': notification[0],
                'title': notification[1],
                'message': notification[2],
                'type': notification[3],
                'isRead': bool(notification[4]),
                'createdAt': notification[5],
                'timeAgo': time_ago,
                'professionalName': notification[6] or 'System'
            })
        
        stats = {
            'totalNotifications': prof_notifications,
            'recentBookings': recent_bookings,
            'criticalRisks': critical_risks,
            'newUsers': new_users,
            'notifications': notifications_data
        }
        
        conn.close()
        return jsonify(stats)
        
    except Exception as e:
        app.logger.error(f"Error getting notifications: {e}")
        return jsonify({'error': 'Failed to get notifications'}), 500

@app.get("/professional/notifications")
def get_professional_notifications():
    """Get notifications for professional"""
    try:
        limit = request.args.get('limit', 50)
        professional_id = request.headers.get('X-Professional-ID', '1')  # Default to Jean Ntwari for testing
        
        conn = sqlite3.connect(DB_FILE)
        
        notifications = conn.execute("""
            SELECT id, title, message, notification_type, is_read, created_at
            FROM professional_notifications 
            WHERE professional_id = ?
            ORDER BY created_at DESC
            LIMIT ?
        """, (professional_id, limit)).fetchall()
        
        conn.close()
        
        notifications_data = []
        for notification in notifications:
            notifications_data.append({
                'id': notification[0],
                'title': notification[1],
                'message': notification[2],
                'type': notification[3],
                'isRead': bool(notification[4]),
                'createdAt': notification[5]
            })
        
        return jsonify(notifications_data)
        
    except Exception as e:
        app.logger.error(f"Error getting notifications: {e}")
        return jsonify({'error': 'Failed to get notifications'}), 500


@app.get("/professional/users/<username>")
def get_user_profile(username):
    """Get detailed user profile"""
    try:
        conn = sqlite3.connect(DB_FILE)
        
        # Get user's sessions
        sessions = conn.execute("""
            SELECT booking_id, risk_level, risk_score, detected_indicators, 
                   scheduled_datetime, booking_status, session_type
            FROM automated_bookings 
            WHERE user_account = ?
            ORDER BY created_ts DESC
        """, (username,)).fetchall()
        
        # Get user's conversations
        conversations = conn.execute("""
            SELECT conv_id, preview, ts
            FROM conversations 
            WHERE owner_key = ?
            ORDER BY ts DESC
            LIMIT 10
        """, (username,)).fetchall()
        
        conn.close()
        
        # Calculate stats
        total_sessions = len(sessions)
        total_conversations = len(conversations)
        highest_risk_level = max([s[1] for s in sessions], default='low')
        last_active = max([s[4] for s in sessions], default=0) if sessions else 0
        
        # Build risk history
        risk_history = []
        for session in sessions[:10]:  # Last 10 sessions
            risk_history.append({
                'level': session[1],
                'score': session[2],
                'indicators': json.loads(session[3]) if session[3] else [],
                'timestamp': session[4]
            })
        
        user_profile = {
            'username': username,
            'email': f"{username}@example.com",  # Placeholder
            'totalSessions': total_sessions,
            'totalConversations': total_conversations,
            'highestRiskLevel': highest_risk_level,
            'lastActive': last_active,
            'recentConversations': [
                {
                    'title': conv[1] or 'Conversation',
                    'preview': conv[1] or 'No preview available',
                    'timestamp': conv[2]
                } for conv in conversations
            ],
            'riskHistory': risk_history
        }
        
        return jsonify(user_profile)
        
    except Exception as e:
        app.logger.error(f"Error getting user profile: {e}")
        return jsonify({'error': 'Failed to get user profile'}), 500

@app.get("/professional/booked-users")
def get_all_booked_users():
    """Get comprehensive information for all booked users"""
    try:
        professional_id = request.headers.get('X-Professional-ID', '6')
        
        conn = sqlite3.connect(DB_FILE)
        
        # Get all booked users with comprehensive information
        booked_users = conn.execute("""
            SELECT DISTINCT 
                ab.user_account,
                ab.user_ip,
                u.fullname,
                u.email,
                u.telephone,
                u.province,
                u.district,
                u.created_ts as user_created_at,
                COUNT(ab.booking_id) as total_bookings,
                MAX(ab.risk_level) as highest_risk_level,
                MAX(ab.risk_score) as highest_risk_score,
                MAX(ab.created_ts) as last_booking_time,
                MIN(ab.created_ts) as first_booking_time
            FROM automated_bookings ab
            LEFT JOIN users u ON ab.user_account = u.username
            WHERE ab.professional_id = ?
            GROUP BY ab.user_account, ab.user_ip, u.fullname, u.email, u.telephone, u.province, u.district, u.created_ts
            ORDER BY last_booking_time DESC
        """, (professional_id,)).fetchall()
        
        # Get detailed session information for each user
        users_data = []
        for user in booked_users:
            user_account = user[0]
            
            # Get all sessions for this user
            sessions = conn.execute("""
                SELECT booking_id, conv_id, risk_level, risk_score, detected_indicators,
                       conversation_summary, booking_status, scheduled_datetime, session_type,
                       created_ts, updated_ts
                FROM automated_bookings 
                WHERE user_account = ? AND professional_id = ?
                ORDER BY created_ts DESC
            """, (user_account, professional_id)).fetchall()
            
            # Get conversation history
            conversations = conn.execute("""
                SELECT conv_id, preview, ts
                FROM conversations 
                WHERE owner_key = ?
                ORDER BY ts DESC
                LIMIT 5
            """, (user_account,)).fetchall()
            
            # Get risk assessment history
            risk_assessments = conn.execute("""
                SELECT risk_level, risk_score, detected_indicators, created_ts
                FROM risk_assessments 
                WHERE user_account = ?
                ORDER BY created_ts DESC
                LIMIT 10
            """, (user_account,)).fetchall()
            
            user_data = {
                'userAccount': user[0],
                'userIp': user[1],
                'fullName': user[2] or 'Not provided',
                'email': user[3] or 'Not provided',
                'telephone': user[4] or 'Not provided',
                'province': user[5] or 'Not provided',
                'district': user[6] or 'Not provided',
                'userCreatedAt': user[7],
                'totalBookings': user[8],
                'highestRiskLevel': user[9],
                'highestRiskScore': user[10],
                'lastBookingTime': user[11],
                'firstBookingTime': user[12],
                'sessions': [],
                'conversations': [],
                'riskAssessments': []
            }
            
            # Add session details
            for session in sessions:
                user_data['sessions'].append({
                    'bookingId': session[0],
                    'convId': session[1],
                    'riskLevel': session[2],
                    'riskScore': session[3],
                    'detectedIndicators': session[4],
                    'conversationSummary': session[5],
                    'bookingStatus': session[6],
                    'scheduledDatetime': session[7],
                    'sessionType': session[8],
                    'createdTs': session[9],
                    'updatedTs': session[10]
                })
            
            # Add conversation details
            for conv in conversations:
                user_data['conversations'].append({
                    'convId': conv[0],
                    'preview': conv[1],
                    'timestamp': conv[2]
                })
            
            # Add risk assessment details
            for risk in risk_assessments:
                user_data['riskAssessments'].append({
                    'riskLevel': risk[0],
                    'riskScore': risk[1],
                    'detectedIndicators': risk[2],
                    'timestamp': risk[3]
                })
            
            users_data.append(user_data)
        
        conn.close()
        
        return jsonify({
            'users': users_data,
            'totalUsers': len(users_data),
            'professionalId': professional_id
        })
        
    except Exception as e:
        app.logger.error(f"Error getting booked users: {e}")
        return jsonify({'error': 'Failed to get booked users'}), 500

@app.post("/professional/sessions/<booking_id>/accept")
def accept_session(booking_id):
    """Accept a session"""
    try:
        conn = sqlite3.connect(DB_FILE)
        
        conn.execute("""
            UPDATE automated_bookings 
            SET booking_status = 'confirmed', updated_ts = ?
            WHERE booking_id = ?
        """, (time.time(), booking_id))
        
        conn.commit()
        conn.close()
        
        return jsonify({'success': True, 'message': 'Session accepted'})
        
    except Exception as e:
        app.logger.error(f"Error accepting session: {e}")
        return jsonify({'error': 'Failed to accept session'}), 500

@app.post("/professional/sessions/<booking_id>/decline")
def decline_session(booking_id):
    """Decline a session"""
    try:
        conn = sqlite3.connect(DB_FILE)
        conn.execute(
            """
            UPDATE automated_bookings 
            SET booking_status = 'declined', updated_ts = ?
            WHERE booking_id = ?
            """,
            (time.time(), booking_id)
        )
        conn.commit()
        conn.close()
        return jsonify({'success': True, 'message': 'Session declined'})
    except Exception as e:
        app.logger.error(f"Error declining session: {e}")
        return jsonify({'error': 'Failed to decline session'}), 500

@app.post("/professional/notifications/mark-all-read")
def mark_all_notifications_read():
    """Mark all notifications as read"""
    try:
        professional_id = request.headers.get('X-Professional-ID', '1')
        
        conn = sqlite3.connect(DB_FILE)
        
        conn.execute("""
            UPDATE professional_notifications 
            SET is_read = 1 
            WHERE professional_id = ?
        """, (professional_id,))
        
        conn.commit()
        conn.close()
        
        return jsonify({'success': True, 'message': 'All notifications marked as read'})
        
    except Exception as e:
        app.logger.error(f"Error marking notifications as read: {e}")
        return jsonify({'error': 'Failed to mark notifications as read'}), 500

@app.post("/professional/notifications/<notification_id>/read")
def mark_notification_read(notification_id):
    """Mark a specific notification as read"""
    try:
        conn = sqlite3.connect(DB_FILE)
        
        conn.execute("""
            UPDATE professional_notifications 
            SET is_read = 1 
            WHERE id = ?
        """, (notification_id,))
        
        conn.commit()
        conn.close()
        
        return jsonify({'success': True, 'message': 'Notification marked as read'})
        
    except Exception as e:
        app.logger.error(f"Error marking notification as read: {e}")
        return jsonify({'error': 'Failed to mark notification as read'}), 500

@app.post("/professional/reports/generate")
def generate_professional_report():
    """Generate comprehensive report for professional"""
    try:
        data = request.get_json()
        period = data.get('period', 30)
        professional_id = request.headers.get('X-Professional-ID', '1')
        
        conn = sqlite3.connect(DB_FILE)
        
        # Calculate date range
        end_date = time.time()
        start_date = end_date - (int(period) * 24 * 60 * 60)
        
        # Get session statistics
        sessions = conn.execute("""
            SELECT user_account, risk_level, booking_status, scheduled_datetime, session_type
            FROM automated_bookings 
            WHERE professional_id = ? AND created_ts >= ?
            ORDER BY created_ts DESC
        """, (professional_id, start_date)).fetchall()
        
        conn.close()
        
        # Calculate statistics
        total_sessions = len(sessions)
        unique_users = len(set(s[0] for s in sessions))
        high_risk_cases = len([s for s in sessions if s[1] in ['high', 'critical']])
        average_response_time = 15  # Placeholder - would need actual calculation
        
        # Build session breakdown
        session_breakdown = []
        for session in sessions[:20]:  # Last 20 sessions
            session_breakdown.append({
                'userName': session[0],
                'sessionType': session[4],
                'status': session[2],
                'date': session[3],
                'duration': 60,  # Placeholder
                'riskLevel': session[1]
            })
        
        report = {
            'totalSessions': total_sessions,
            'uniqueUsers': unique_users,
            'highRiskCases': high_risk_cases,
            'averageResponseTime': average_response_time,
            'sessionBreakdown': session_breakdown
        }
        
        return jsonify(report)
        
    except Exception as e:
        app.logger.error(f"Error generating report: {e}")
        return jsonify({'error': 'Failed to generate report'}), 500


# --- User intake for professionals ---
@app.post("/professional/users/intake")
def professional_user_intake():
    """Create or update user profile based on professional intake form."""
    try:
        data = request.get_json(force=True)
    except Exception:
        return jsonify({"error": "Invalid JSON"}), 400

    username = (data.get('username') or '').strip()
    email = (data.get('email') or '').strip()
    full_name = (data.get('full_name') or '').strip()
    phone = (data.get('phone') or '').strip()
    province = (data.get('province') or '').strip()
    district = (data.get('district') or '').strip()
    password = data.get('password') or ''
    confirm_password = data.get('confirm_password') or ''

    if not username and not email:
        return jsonify({"error": "username or email is required"}), 400

    if password and password != confirm_password:
        return jsonify({"error": "passwords do not match"}), 400

    conn = sqlite3.connect(DB_FILE)
    try:
        cur = conn.execute("SELECT username FROM users WHERE username = ? OR email = ?", (username, email))
        row = cur.fetchone()
        if row:
            # Update existing user
            if password:
                pw_hash = generate_password_hash(password)
                conn.execute(
                    "UPDATE users SET email = ?, fullname = ?, phone = ?, province = ?, district = ?, password_hash = ? WHERE username = ?",
                    (email, full_name, phone, province, district, pw_hash, row[0])
                )
            else:
                conn.execute(
                    "UPDATE users SET email = ?, fullname = ?, phone = ?, province = ?, district = ? WHERE username = ?",
                    (email, full_name, phone, province, district, row[0])
                )
            conn.commit()
            return jsonify({"ok": True, "updated": True, "username": row[0]})
        else:
            # Create new user
            if not username or not email:
                return jsonify({"error": "username and email are required for new users"}), 400
            pw_hash = generate_password_hash(password) if password else generate_password_hash(uuid.uuid4().hex[:10])
            conn.execute(
                "INSERT INTO users (username, email, fullname, phone, province, district, password_hash, created_ts) VALUES (?, ?, ?, ?, ?, ?, ?, ?)",
                (username, email, full_name, phone, province, district, pw_hash, time.time())
            )
            conn.commit()
            return jsonify({"ok": True, "created": True, "username": username})
    except Exception as e:
        app.logger.error(f"User intake failed: {e}")
        return jsonify({"error": "Failed to save user"}), 500
    finally:
        conn.close()


# --- SMS Testing and Management Endpoints ---
@app.post("/admin/sms/test")
def test_sms_service():
    """Test SMS service connection and send test message"""
    try:
        sms_service = get_sms_service()
        if not sms_service:
            return jsonify({'error': 'SMS service not initialized'}), 500
        
        data = request.get_json()
        test_phone = data.get('phone', '+250000000000')
        test_message = data.get('message', 'AIMHSA SMS Test - Service is working correctly')
        
        result = sms_service.send_sms(
            sender_id="AIMHSA",
            phone_number=test_phone,
            message=test_message
        )
        
        return jsonify({
            'success': result.get('success', False),
            'message': 'SMS test completed',
            'result': result
        })
        
    except Exception as e:
        app.logger.error(f"SMS test failed: {e}")
        return jsonify({'error': f'SMS test failed: {str(e)}'}), 500

@app.post("/admin/sms/send-booking-notification")
def send_booking_sms():
    """Manually send booking notification SMS"""
    try:
        data = request.get_json()
        booking_id = data.get('booking_id')
        
        if not booking_id:
            return jsonify({'error': 'Booking ID required'}), 400
        
        # Get booking details
        conn = sqlite3.connect(DB_FILE)
        try:
            booking = conn.execute("""
                SELECT ab.*, p.first_name, p.last_name, p.specialization, p.phone as prof_phone,
                       u.fullname, u.telephone as user_phone
                FROM automated_bookings ab
                LEFT JOIN professionals p ON ab.professional_id = p.id
                LEFT JOIN users u ON ab.user_account = u.username
                WHERE ab.booking_id = ?
            """, (booking_id,)).fetchone()
            
            if not booking:
                return jsonify({'error': 'Booking not found'}), 404
            
            # Prepare data for SMS
            professional_data = {
                'first_name': booking[12],
                'last_name': booking[13],
                'specialization': booking[14],
                'phone': booking[15]
            }
            
            user_data = {
                'fullname': booking[16],
                'telephone': booking[17]
            }
            
            booking_data = {
                'booking_id': booking[1],
                'scheduled_time': booking[10],
                'session_type': booking[11],
                'risk_level': booking[6]
            }
            
            # Send SMS notifications
            sms_service = get_sms_service()
            results = {}
            
            if sms_service:
                # Send to user
                if user_data.get('telephone'):
                    user_result = sms_service.send_booking_notification(
                        user_data, professional_data, booking_data
                    )
                    results['user_sms'] = user_result
                
                # Send to professional
                if professional_data.get('phone'):
                    prof_result = sms_service.send_professional_notification(
                        professional_data, user_data, booking_data
                    )
                    results['professional_sms'] = prof_result
                
                return jsonify({
                    'success': True,
                    'message': 'SMS notifications sent',
                    'results': results
                })
            else:
                return jsonify({'error': 'SMS service not available'}), 500
                
        finally:
            conn.close()
            
    except Exception as e:
        app.logger.error(f"Failed to send booking SMS: {e}")
        return jsonify({'error': f'Failed to send SMS: {str(e)}'}), 500

@app.get("/admin/sms/status")
def get_sms_status():
    """Get SMS service status and configuration"""
    try:
        sms_service = get_sms_service()
        
        if not sms_service:
            return jsonify({
                'status': 'not_initialized',
                'message': 'SMS service not initialized'
            })
        
        # Test connection
        connection_test = sms_service.test_connection()
        
        return jsonify({
            'status': 'initialized',
            'api_id': HDEV_SMS_API_ID,
            'api_key_masked': HDEV_SMS_API_KEY[:10] + '...' if HDEV_SMS_API_KEY else 'Not set',
            'connection_test': connection_test,
            'message': 'SMS service is ready' if connection_test else 'SMS service initialized but connection test failed'
        })
        
    except Exception as e:
        app.logger.error(f"Failed to get SMS status: {e}")
        return jsonify({'error': f'Failed to get SMS status: {str(e)}'}), 500

if __name__ == "__main__":
    app.run(host="0.0.0.0", port=7860, debug=True)