# =============================================================================
#  .zshrc — Julian's Zsh configuration
#  Generated from Pop!_OS "thinkpad" machine audit.
# =============================================================================
#  This file is managed by the linux-provision repo.
#
#  API keys and secrets are loaded from Bitwarden on shell startup.
#  If Bitwarden is unlocked, keys are available immediately.
#  If locked, bw-env fails silently and you just won't have env vars
#  (run `bw && bw-env` when you need them).
#
#  To set up: bw-env --setup  (one-time interactive)
#  See config/scripts/bw-env.sh for details.
# =============================================================================

# ---- Powerlevel10k instant prompt ----
# Must stay close to the top.
if [[ -r "${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-${(%):-%n}.zsh" ]]; then
  source "${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-${(%):-%n}.zsh"
fi

# ---- PATH setup ----
export PATH=$HOME/bin:$HOME/.local/bin:/usr/local/bin:$PATH

# ---- SSH agent socket ----
# Match the socket used by ssh-agent.socket (OpenSSH), not GCR/gnome-keyring.
export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/ssh-agent.socket"

# ---- Oh My Zsh ----
export ZSH="$HOME/.oh-my-zsh"
ZSH_THEME="powerlevel10k/powerlevel10k"

# ---- Plugins ----
plugins=(git zsh-autosuggestions)

source $ZSH/oh-my-zsh.sh

# ---- Custom Aliases ----

# Bluetooth hard reset (ath11k WiFi/Bluetooth adapter hang workaround)
alias bt-reset='rfkill block bluetooth && sleep 1 && rfkill unblock bluetooth && sleep 1 && systemctl restart bluetooth'

# ---- Key bindings ----
# Ctrl+Backspace → delete word before cursor
bindkey "^H" backward-kill-word

# ---- Powerlevel10k config ----
[[ ! -f ~/.p10k.zsh ]] || source ~/.p10k.zsh

# ---- NVM (Node Version Manager) ----
export NVM_DIR="$HOME/.nvm"
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"

# ---- Custom completions ----
fpath+=~/.zfunc; autoload -Uz compinit; compinit

# =============================================================================
#  Secrets — API keys and tokens
#  Loaded from Bitwarden on every shell start.
#  Fetches the "Environment" item and exports all custom fields as env vars.
#  Falls back silently if vault is locked or item doesn't exist.
#
#  Prerequisites: bw (Bitwarden CLI), jq
#  To set up:
#    1. bw login
#    2. bw unlock --raw > ~/.config/Bitwarden\ CLI/.session
#    3. Create a Bitwarden item named "Environment" (type: Secure Note)
#       with custom fields for each API key (name = VAR_NAME, value = the_key)
# =============================================================================
if [ -z "${BW_SESSION:-}" ] && [ -f "$HOME/.config/Bitwarden CLI/.session" ]; then
  export BW_SESSION=$(cat "$HOME/.config/Bitwarden CLI/.session")
fi
if [ -n "${BW_SESSION:-}" ]; then
  eval "$(bw get item Environment 2>/dev/null | jq -r '
    .fields[] | select(.type == 0) |
    "export " + (.name | gsub(" "; "_")) + "=" + (.value | @sh)
  ' 2>/dev/null)" 2>/dev/null
fi

# Signal porridge daemon to reload config (picks up newly loaded env vars)
_pidfile="$HOME/.local/state/porridge/daemon.pid"
[[ -f "$_pidfile" ]] && kill -HUP "$(cat "$_pidfile")" 2>/dev/null || true
