# Andina Textil — MeshCentral Agent Installer
# Uso:    irm https://mesh.andinatextil.mx/install | iex
# Grupo:  "Andina Textil - PCs" en mesh.yellowknife.software

$ErrorActionPreference = 'Continue'
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

function Pause-OnExit {
    Write-Host ''
    Write-Host '═══════════════════════════════════════════════════' -ForegroundColor Gray
    Write-Host 'Presiona Enter para cerrar esta ventana...' -ForegroundColor Gray
    try { Read-Host | Out-Null } catch {}
}

# Auto-elevate to admin with -NoExit so errors stay visible
if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
    Write-Host "Elevando permisos admin..." -ForegroundColor Yellow
    $cmd = "irm https://mesh.andinatextil.mx/install | iex"
    Start-Process PowerShell -ArgumentList "-NoExit", "-NoProfile", "-ExecutionPolicy", "Bypass", "-Command", $cmd -Verb RunAs
    exit
}

Write-Host ''
Write-Host '══════════════════════════════════════════════════════════' -ForegroundColor Cyan
Write-Host ' Andina Textil — MeshCentral Agent Installer' -ForegroundColor Cyan
Write-Host '══════════════════════════════════════════════════════════' -ForegroundColor Cyan
Write-Host "Hostname: $env:COMPUTERNAME  |  Usuario: $env:USERNAME"
Write-Host ''

$is64 = [Environment]::Is64BitOperatingSystem
Write-Host "Sistema: Windows $(if ($is64) {'64-bit'} else {'32-bit'})"
Write-Host "Grupo:   Andina Textil - PCs"
Write-Host ''

# [1/5] Defender exclusions
Write-Host "[1/5] Exclusiones Defender..." -ForegroundColor Green
try {
    Add-MpPreference -ExclusionPath 'C:\Program Files\Mesh Agent' -ErrorAction SilentlyContinue
    Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Mesh Agent' -ErrorAction SilentlyContinue
    Add-MpPreference -ExclusionProcess 'MeshAgent.exe' -ErrorAction SilentlyContinue
    Add-MpPreference -ExclusionProcess 'MeshAgent64.exe' -ErrorAction SilentlyContinue
    Write-Host "  OK" -ForegroundColor Green
} catch {
    Write-Host "  Defender no disponible — continuando" -ForegroundColor Yellow
}

# Install dir (exe + msh juntos en TEMP, despues fullinstall los copia al final)
$installDir = "$env:TEMP\mesh-install"
if (Test-Path $installDir) { Remove-Item $installDir -Recurse -Force }
New-Item -ItemType Directory -Path $installDir -Force | Out-Null
$agentExe = "$installDir\meshagent.exe"
$agentMsh = "$installDir\meshagent.msh"

# [2/5] Download agent exe (generic)
Write-Host ""
Write-Host "[2/5] Descargando agent..." -ForegroundColor Green
try {
    $agentFile = if ($is64) { "meshagent64.exe" } else { "meshagent32.exe" }
    $urlExe = "https://mesh.andinatextil.mx/$agentFile"
    Invoke-WebRequest -Uri $urlExe -OutFile $agentExe -UseBasicParsing
    $sizeMB = [math]::Round((Get-Item $agentExe).Length / 1MB, 2)
    Write-Host "  OK agent ($sizeMB MB)" -ForegroundColor Green
} catch {
    Write-Host "  ERROR descargando agent: $_" -ForegroundColor Red
    Pause-OnExit
    exit 1
}

# [3/5] Download msh config (pre-generated, served from nginx)
Write-Host ""
Write-Host "[3/5] Descargando config .msh..." -ForegroundColor Green
try {
    $urlMsh = "https://mesh.andinatextil.mx/meshagent.msh"
    Invoke-WebRequest -Uri $urlMsh -OutFile $agentMsh -UseBasicParsing
    $mshSize = (Get-Item $agentMsh).Length
    Write-Host "  OK msh ($mshSize bytes)" -ForegroundColor Green
    if ($mshSize -lt 200) {
        Write-Host "  ADVERTENCIA: .msh muy chico. Contenido:" -ForegroundColor Yellow
        Get-Content $agentMsh | Write-Host -ForegroundColor DarkGray
    }
} catch {
    Write-Host "  ERROR descargando msh: $_" -ForegroundColor Red
    Pause-OnExit
    exit 1
}

# [4/5] Install
Write-Host ""
Write-Host "[4/5] Instalando MeshAgent (puede tardar 30-60 s)..." -ForegroundColor Green
try {
    $proc = Start-Process $agentExe -ArgumentList "-fullinstall" -Wait -NoNewWindow -PassThru
    Write-Host "  Installer exit: $($proc.ExitCode)" -ForegroundColor DarkGray
} catch {
    Write-Host "  ERROR instalando: $_" -ForegroundColor Red
    Pause-OnExit
    exit 1
}

# [5/5] Verificar + arreglar .msh + restart si hace falta
# (Bug conocido: -fullinstall a veces no copia el .msh al directorio de instalacion)
Write-Host ""
Write-Host "[5/5] Verificando .msh y conexion..." -ForegroundColor Green

$installPaths = @(
    "C:\Program Files\Mesh Agent",
    "C:\Program Files (x86)\Mesh Agent"
)
$installedDir = $null
foreach ($p in $installPaths) {
    if (Test-Path "$p\MeshAgent.exe") { $installedDir = $p; break }
}

if ($installedDir) {
    Write-Host "  Install dir detectado: $installedDir"
    $targetMsh = Join-Path $installedDir "MeshAgent.msh"
    $needsCopy = $true
    if (Test-Path $targetMsh) {
        $existingSize = (Get-Item $targetMsh).Length
        if ($existingSize -ge 200) {
            Write-Host "  .msh ya esta presente ($existingSize bytes)"
            $needsCopy = $false
        } else {
            Write-Host "  .msh existente parece truncado ($existingSize bytes), reemplazando" -ForegroundColor Yellow
        }
    } else {
        Write-Host "  .msh FALTA en install dir, copiando..." -ForegroundColor Yellow
    }
    if ($needsCopy) {
        try {
            Copy-Item $agentMsh $targetMsh -Force
            Write-Host "  .msh copiado: $targetMsh"
            # Borrar MeshAgent.db cache (evita que el agent use MeshID viejo cached)
            $dbPath = Join-Path $installedDir "MeshAgent.db"
            if (Test-Path $dbPath) {
                Stop-Service "Mesh Agent" -Force -EA SilentlyContinue
                Start-Sleep 2
                Remove-Item $dbPath -Force -EA SilentlyContinue
                Write-Host "  MeshAgent.db cache borrado"
            }
            Restart-Service "Mesh Agent" -Force -ErrorAction SilentlyContinue
            Start-Sleep 5
            Write-Host "  Servicio reiniciado para leer nuevo .msh"
        } catch {
            Write-Host "  ERROR copiando .msh: $_" -ForegroundColor Red
        }
    }
} else {
    Write-Host "  ADVERTENCIA: No se detecto install dir de MeshAgent" -ForegroundColor Yellow
}

# Verify service final
Start-Sleep 3
$svc = Get-Service -Name 'Mesh Agent' -ErrorAction SilentlyContinue
Write-Host ""
if ($svc -and $svc.Status -eq 'Running') {
    Write-Host "✓ Mesh Agent corriendo. Aparecera en el dashboard en 30-60 s" -ForegroundColor Green
    Write-Host "  https://mesh.yellowknife.software  →  grupo 'Andina Textil - PCs'" -ForegroundColor Gray

    # Verificacion de conexion outbound (1 muestra)
    Start-Sleep 5
    $mp = (Get-Process MeshAgent -ErrorAction SilentlyContinue).Id
    if ($mp) {
        $conns = Get-NetTCPConnection -OwningProcess $mp -State Established -ErrorAction SilentlyContinue
        if ($conns) {
            Write-Host "  Conexion activa al server: SI ($(($conns | Measure-Object).Count) sockets)" -ForegroundColor Green
        } else {
            Write-Host "  Conexion activa al server: PENDIENTE (puede tardar otros 30s)" -ForegroundColor Yellow
        }
    }
} else {
    Write-Host "⚠ Servicio Mesh Agent no detectado. Diagnostico:" -ForegroundColor Yellow
    Write-Host "  Get-Service 'Mesh Agent' | Format-List *"
    Write-Host "  Get-EventLog -LogName Application -Source 'MeshAgent*' -Newest 10"
}

# Cleanup
Remove-Item $installDir -Recurse -Force -ErrorAction SilentlyContinue

Write-Host ""
$cs = Get-CimInstance Win32_ComputerSystem -ErrorAction SilentlyContinue
if ($cs) { Write-Host "Dominio: $($cs.Domain)" }
Pause-OnExit