#!/usr/bin/env bash
set -euo pipefail

# Force GPG to use terminal-based pinentry (required for SSH sessions)
export GPG_TTY=$(tty)

echo "Checking production secrets for Dispatch..." >&2
echo "" >&2

# --- OpenCode Go API Key (shared across environments) ---

if gopass show -o projects/ai-api/opencode_go_key &>/dev/null; then
  echo "[ok] OpenCode Go API key exists" >&2
else
  echo "OpenCode Go API key not found in gopass." >&2
  echo "" >&2
  echo "  1. Go to https://opencode.ai/auth" >&2
  echo "  2. Sign in and copy your API key" >&2
  echo "  3. Paste it below" >&2
  echo "" >&2
  read -rp "Enter your OpenCode Go API key: " OPENCODE_KEY
  echo "$OPENCODE_KEY" | gopass insert -f projects/ai-api/opencode_go_key
  echo "[ok] OpenCode Go API key stored" >&2
fi

echo "" >&2
echo "All production secrets are configured. Outputting .env:" >&2
echo "" >&2

# --- Output .env format to stdout ---

echo "OPENCODE_API_KEY=$(gopass show -o projects/ai-api/opencode_go_key)"
echo "DISPATCH_MODEL=deepseek-v4-flash-free"
