.PHONY: help test smoke redteam batch demo-aws-incident demo-aws-incident-docker demo-aws-incident-console-docker demo-deep-queue demo-deep-queue-docker demo-aws-readonly-pilot-docker package docker-build

PYTHON ?= python3
OUT ?= /tmp/gifts_smoke
DEMO_OUT ?= examples/aws_cloudtrail_identity_incident_demo
DEMO_INPUT ?= examples/aws_cloudtrail_identity_incident_demo/cloudtrail_records.json
DEEP_DEMO_OUT ?= /tmp/gifts_deep_queue_demo
DEEP_DEMO_INPUT ?= examples/gifts_session_contract_example.jsonl
AWS_PILOT_OUT ?= /tmp/gifts_aws_readonly_lookup_pilot

help:
	@echo "GIFTS reference tasks"
	@echo "  make test         Run unit/regression tests"
	@echo "  make smoke        Validate, generate red-team sessions, score, train tiny model, reconstruct"
	@echo "  make redteam      Generate and score red-team sessions"
	@echo "  make batch        Run offline batch workflow"
	@echo "  make demo-aws-incident  Run the AWS CloudTrail identity-incident demo"
	@echo "  make demo-aws-incident-docker  Run the AWS demo through Docker"
	@echo "  make demo-aws-incident-console-docker  Serve the AWS demo analyst console through Docker"
	@echo "  make demo-deep-queue  Run the deep-queue completion demo"
	@echo "  make demo-deep-queue-docker  Run the deep-queue completion demo through Docker"
	@echo "  make demo-aws-readonly-pilot-docker  Run the AWS read-only LookupEvents pilot through Docker"
	@echo "  make package      Build a local release tarball"
	@echo "  make docker-build Build the container image"

test:
	$(PYTHON) -m unittest discover -s tests -v

smoke:
	$(PYTHON) -m gifts --help
	$(PYTHON) -m gifts --validate-policy config/gifts_policy.yml
	$(PYTHON) -m gifts --validate-policy config/policies/conservative.yml
	$(PYTHON) -m gifts --validate-policy config/policies/balanced.yml
	$(PYTHON) -m gifts --validate-policy config/policies/aggressive.yml
	$(PYTHON) -m gifts --validate-policy config/baselines/aws_dev_build.yml
	$(PYTHON) -m gifts --validate-policy config/baselines/okta_helpdesk_recovery.yml
	$(PYTHON) -m gifts --validate-policy config/baselines/entra_identity_response.yml
	$(PYTHON) -m gifts --validate-policy config/baselines/github_release_engineering.yml
	$(PYTHON) -m gifts --validate-session-file examples/gifts_session_contract_example.jsonl
	$(PYTHON) -m gifts --validate-session-file examples/gifts_evaluation_benchmark_v0.jsonl
	$(PYTHON) -m gifts --validate-session-file examples/gifts_benign_admin_workflows_v0.jsonl
	$(PYTHON) -m gifts --corpus-manifest examples --corpus-manifest-path $(OUT)/corpus_manifest.json --corpus-report-path $(OUT)/corpus_manifest.md
	$(PYTHON) -m gifts --dataset-manifest examples/public_log_sources_v1/dataset_sources.json --dataset-manifest-path $(OUT)/dataset_manifest.json --dataset-report-path $(OUT)/dataset_manifest.md
	$(PYTHON) -m gifts --convert-public-cloudtrail-csv examples/public_log_sources_v1/cloudtrail_flattened_sample.csv --output $(OUT)/public_cloudtrail_sessions.jsonl --public-cloudtrail-source-id public_log_sources_v1_sample --public-cloudtrail-loss-path $(OUT)/public_cloudtrail_loss.json --public-cloudtrail-report-path $(OUT)/public_cloudtrail_loss.md
	$(PYTHON) -m gifts --evaluate-session-file examples/gifts_evaluation_benchmark_v0.jsonl --policy config/policies/balanced.yml --metrics-path $(OUT)/evaluation_metrics.json --evaluation-report-path $(OUT)/evaluation_report.md
	$(PYTHON) -m gifts --generate-attack-sessions --attack-family all --attack-count 4 --redteam-seed 7 --blackout-probability 1.0 --output $(OUT)/redteam_sessions.jsonl --redteam-report-path $(OUT)/redteam_report.md --redteam-expectations-path $(OUT)/redteam_expectations.json
	$(PYTHON) -m gifts --validate-session-file $(OUT)/redteam_sessions.jsonl
	$(PYTHON) -m gifts --score-session-file $(OUT)/redteam_sessions.jsonl --policy config/gifts_policy.yml --findings-path $(OUT)/findings.jsonl --findings-csv $(OUT)/findings.csv --workflow-report-path $(OUT)/workflow_report.md
	$(PYTHON) -m gifts --export-findings $(OUT)/findings.jsonl --export-profile splunk_hec --export-path $(OUT)/splunk_hec.jsonl
	$(PYTHON) -m gifts --plan-response $(OUT)/findings.jsonl --response-plan-path $(OUT)/response_plan.json --response-report-path $(OUT)/response_plan.md
	$(PYTHON) -m gifts --train-model examples/gifts_session_contract_example.jsonl --model-dir $(OUT)/model --epochs-mlm 1 --epochs-diff 1 --epochs-dec 1 --diff-t 5 --batch-size 4
	$(PYTHON) -m gifts --reconstruct-session-file examples/gifts_session_contract_example.jsonl --model-dir $(OUT)/model --reconstruction-path $(OUT)/reconstruction.jsonl --reconstruction-report-path $(OUT)/reconstruction_report.md

redteam:
	$(PYTHON) -m gifts --generate-attack-sessions --attack-family all --attack-count 4 --redteam-seed 7 --blackout-probability 1.0 --output $(OUT)/redteam_sessions.jsonl --redteam-report-path $(OUT)/redteam_report.md --redteam-expectations-path $(OUT)/redteam_expectations.json
	$(PYTHON) -m gifts --score-session-file $(OUT)/redteam_sessions.jsonl --policy config/gifts_policy.yml --findings-path $(OUT)/findings.jsonl --findings-csv $(OUT)/findings.csv --workflow-report-path $(OUT)/workflow_report.md

batch:
	$(PYTHON) -m gifts --run-batch examples/gifts_redteam_sessions_example.jsonl --batch-output-dir $(OUT)/batch --policy config/gifts_policy.yml --batch-export-profiles splunk_hec,ticket_json

demo-aws-incident:
	$(PYTHON) -m gifts --convert-cloudtrail-jsonl $(DEMO_INPUT) --output $(DEMO_OUT)/sessions.jsonl
	$(PYTHON) -m gifts --validate-session-file $(DEMO_OUT)/sessions.jsonl
	$(PYTHON) -m gifts --score-session-file $(DEMO_OUT)/sessions.jsonl --policy config/policies/balanced.yml --findings-path $(DEMO_OUT)/findings.jsonl --findings-csv $(DEMO_OUT)/findings.csv --workflow-report-path $(DEMO_OUT)/workflow_report.md
	$(PYTHON) -m gifts --export-findings $(DEMO_OUT)/findings.jsonl --export-profile splunk_hec --export-path $(DEMO_OUT)/splunk_hec.jsonl
	$(PYTHON) -m gifts --plan-response $(DEMO_OUT)/findings.jsonl --response-min-risk high --response-plan-path $(DEMO_OUT)/response_plan.json --response-report-path $(DEMO_OUT)/response_plan.md
	rm -f $(DEMO_OUT)/gifts_aws_identity_runs.db $(DEMO_OUT)/gifts_aws_identity_runs.db-*
	$(PYTHON) -m gifts --store-findings-sqlite $(DEMO_OUT)/findings.jsonl --output $(DEMO_OUT)/gifts_aws_identity_runs.db --store-source-path $(DEMO_OUT)/sessions.jsonl --store-run-kind aws_identity_incident_demo --store-run-id aws-identity-incident-demo
	$(PYTHON) -m gifts --enqueue-deep-enrichment $(DEMO_OUT)/gifts_aws_identity_runs.db --deep-min-risk high
	$(PYTHON) -m gifts --preview-response-actions $(DEMO_OUT)/gifts_aws_identity_runs.db --response-min-risk high --output $(DEMO_OUT)/response_previews.json
	$(PYTHON) -m gifts --create-alerts $(DEMO_OUT)/gifts_aws_identity_runs.db --response-min-risk high --alert-channel local_file --alert-destination aws_identity_demo_outbox --output $(DEMO_OUT)/alerts.json
	$(PYTHON) -m gifts --triage-snapshot $(DEMO_OUT)/gifts_aws_identity_runs.db --triage-snapshot-path $(DEMO_OUT)/triage_snapshot.json --triage-report-path $(DEMO_OUT)/triage_snapshot.md
	$(PYTHON) -m gifts --dashboard $(DEMO_OUT)/gifts_aws_identity_runs.db --dashboard-title "GIFTS AWS Identity Incident Dashboard" --output $(DEMO_OUT)/dashboard.html
	$(PYTHON) -m gifts --aws-demo-evidence-bundle $(DEMO_OUT) --pilot-demo-source $(DEMO_INPUT) --output $(DEMO_OUT)/evidence

demo-aws-incident-docker:
	scripts/run_aws_identity_demo_docker.sh $(DEMO_OUT)

demo-aws-incident-console-docker:
	scripts/serve_aws_identity_console_docker.sh $(DEMO_OUT)

demo-deep-queue:
	mkdir -p $(DEEP_DEMO_OUT)
	rm -f $(DEEP_DEMO_OUT)/gifts_deep_queue_runs.db $(DEEP_DEMO_OUT)/gifts_deep_queue_runs.db-*
	$(PYTHON) -m gifts --validate-session-file $(DEEP_DEMO_INPUT)
	$(PYTHON) -m gifts --score-session-file $(DEEP_DEMO_INPUT) --policy config/policies/balanced.yml --findings-path $(DEEP_DEMO_OUT)/findings.jsonl --findings-csv $(DEEP_DEMO_OUT)/findings.csv --workflow-report-path $(DEEP_DEMO_OUT)/workflow_report.md
	$(PYTHON) -m gifts --store-findings-sqlite $(DEEP_DEMO_OUT)/findings.jsonl --output $(DEEP_DEMO_OUT)/gifts_deep_queue_runs.db --store-source-path $(DEEP_DEMO_INPUT) --store-run-kind deep_queue_completion_demo --store-run-id deep-queue-completion-demo
	$(PYTHON) -m gifts --enqueue-deep-enrichment $(DEEP_DEMO_OUT)/gifts_deep_queue_runs.db --deep-min-risk high
	$(PYTHON) -m gifts --deep-status $(DEEP_DEMO_OUT)/gifts_deep_queue_runs.db --deep-status-path $(DEEP_DEMO_OUT)/deep_status_before.json --deep-status-report-path $(DEEP_DEMO_OUT)/deep_status_before.md
	$(PYTHON) -m gifts --train-model $(DEEP_DEMO_INPUT) --model-dir $(DEEP_DEMO_OUT)/deep_model --epochs-mlm 1 --epochs-diff 1 --epochs-dec 1 --diff-t 5 --batch-size 4
	$(PYTHON) -m gifts --register-model-bundle $(DEEP_DEMO_OUT)/gifts_deep_queue_runs.db --model-dir $(DEEP_DEMO_OUT)/deep_model --output $(DEEP_DEMO_OUT)/model_registration.json
	$(PYTHON) -m gifts --process-deep-enrichment-queue $(DEEP_DEMO_OUT)/gifts_deep_queue_runs.db --model-dir $(DEEP_DEMO_OUT)/deep_model --output $(DEEP_DEMO_OUT)/deep_enrichment --policy config/policies/balanced.yml --deep-limit 1 --deep-top-k 3
	$(PYTHON) -m gifts --deep-status $(DEEP_DEMO_OUT)/gifts_deep_queue_runs.db --deep-status-path $(DEEP_DEMO_OUT)/deep_status_after.json --deep-status-report-path $(DEEP_DEMO_OUT)/deep_status_after.md
	$(PYTHON) -m gifts --triage-snapshot $(DEEP_DEMO_OUT)/gifts_deep_queue_runs.db --triage-snapshot-path $(DEEP_DEMO_OUT)/triage_snapshot.json --triage-report-path $(DEEP_DEMO_OUT)/triage_snapshot.md
	$(PYTHON) -m gifts --dashboard $(DEEP_DEMO_OUT)/gifts_deep_queue_runs.db --dashboard-title "GIFTS Deep Queue Completion Demo" --output $(DEEP_DEMO_OUT)/dashboard.html

demo-deep-queue-docker:
	scripts/run_deep_queue_demo_docker.sh $(DEEP_DEMO_OUT)

demo-aws-readonly-pilot-docker:
	scripts/run_aws_readonly_lookup_pilot_docker.sh $(AWS_PILOT_OUT)

package:
	bash scripts/release_package.sh

docker-build:
	docker build -t gifts-reference:local .
