cryptic_tui/

main.rs

#![doc = include_str!("../README.md")]
//!
//! ## Module Organization
//!
//! The application is structured into several modules:
//! - [`app`] - Application state and data structures
//! - [`cli`] - Command-line argument parsing
//! - [`erlang`] - Erlang node connectivity, RPC, and message history loading
//! - [`dist_node`] - Distributed Erlang message receiver
//! - [`formatting`] - Emoji and markdown text formatting
//! - [`ui`] - Terminal UI rendering

// Note: The main README content above is included via include_str!
// This section adds module-specific navigation for rustdoc

//! ```bash
//! tail -f ~/.cryptic/$CRYPTIC_USERNAME/${CRYPTIC_SERVER_HOST}_${CRYPTIC_SERVER_PORT}/logs/cryptic-tui.log.$(date +%Y-%m-%d)
//! ```

mod app;
mod cli;
mod dist_node;
mod erlang;
mod formatting;
mod ui;

use anyhow::Result;
use app::{App, AppScreen, Secret, Tab, User};
use cli::CliArgs;
use crossterm::{
    event::{self, Event, KeyCode, KeyEventKind, KeyModifiers},
    execute,
    terminal::{disable_raw_mode, enable_raw_mode, EnterAlternateScreen, LeaveAlternateScreen},
};
use erlang::{ConnectionStatus, ErlangConnection};
use ratatui::{backend::CrosstermBackend, Terminal};
use std::{
    io,
    sync::Arc,
    time::{Duration, Instant},
};
use tracing::{error, info, warn};

/// Handle events received from Erlang event bus
fn handle_erlang_event(
    app: &mut App,
    json_str: &str,
    _refresh_online_users: &mut bool,
    refresh_detailed_users: &mut bool,
) {
    match serde_json::from_str::<serde_json::Value>(json_str) {
        Ok(event) => {
            // Check event type
            if let Some(event_type) = event.get("type").and_then(|t| t.as_str()) {
                info!("Handling event type: {}", event_type);

                match event_type {
                    "websocket_message" => {
                        // Extract nested message
                        if let Some(message) = event.get("message") {
                            if let Some(msg_type) = message.get("type").and_then(|t| t.as_str()) {
                                match msg_type {
                                    "online_users" => {
                                        // Extract users array and update online status
                                        if let Some(users) =
                                            message.get("users").and_then(|u| u.as_array())
                                        {
                                            let online_users: Vec<String> = users
                                                .iter()
                                                .filter_map(|u| u.as_str().map(|s| s.to_string()))
                                                .collect();
                                            info!("Updating online users: {:?}", online_users);
                                            app.update_online_users(online_users);
                                            // Receiving online_users means server is up
                                            app.server_connection_up = true;
                                        }
                                    }
                                    "user_registered" => {
                                        // Handle successful user registration notification
                                        let gpg_fp = message
                                            .get("gpg_fp")
                                            .and_then(|v| v.as_str())
                                            .unwrap_or("unknown");
                                        let registered_by = message
                                            .get("registered_by")
                                            .and_then(|v| v.as_str())
                                            .unwrap_or("unknown");
                                        
                                        info!("User registered: {} by {}", gpg_fp, registered_by);
                                        app.set_status_message(format!(
                                            "✓ User registered successfully: {}",
                                            &gpg_fp[gpg_fp.len().saturating_sub(16)..]
                                        ));
                                        
                                        // Clear the form and refresh user list
                                        app.admin_clear_inputs();
                                        *refresh_detailed_users = true;
                                    }
                                    "error" => {
                                        // Extract and display error message
                                        if let Some(error_msg) =
                                            message.get("message").and_then(|m| m.as_str())
                                        {
                                            error!("Server error: {}", error_msg);
                                            app.set_status_message(format!("Error: {}", error_msg));
                                        }
                                    }
                                    _ => {
                                        info!("Unhandled websocket_message type: {}", msg_type);
                                    }
                                }
                            }
                        }
                    }
                    "ca_response" => {
                        // Handle Cryptic Admin responses
                        // Receiving any ca_response means server is up
                        app.server_connection_up = true;
                        
                        if let Some(response) = event.get("response") {
                            if let Some(resp_type) = response.get("type").and_then(|t| t.as_str()) {
                                match resp_type {
                                    "list_users_response" => {
                                        info!("Received list_users_response in ca_response");

                                        // Convert the response to JSON string for parsing
                                        if let Ok(json_str) = serde_json::to_string(response) {
                                            info!("User list response JSON: {}", json_str);
                                            match parse_list_users(&json_str) {
                                                Ok(users) => {
                                                    let user_count = users.len();
                                                    app.update_detailed_users(users);
                                                    info!("User list updated successfully with {} users", user_count);
                                                }
                                                Err(e) => {
                                                    error!(
                                                        "Failed to parse user list response: {}",
                                                        e
                                                    );
                                                }
                                            }
                                        } else {
                                            error!("Failed to serialize response to JSON");
                                        }
                                    }
                                    "register_user_response" => {
                                        if let Some(status) =
                                            response.get("status").and_then(|s| s.as_str())
                                        {
                                            let gpg_fp = response
                                                .get("gpg_fp")
                                                .and_then(|v| v.as_str())
                                                .unwrap_or("unknown");
                                            if status == "success" {
                                                info!("User registration succeeded for {}", gpg_fp);
                                                app.set_status_message(format!(
                                                    "Registration succeeded for {}",
                                                    gpg_fp
                                                ));
                                                app.admin_clear_inputs();
                                                *refresh_detailed_users = true;
                                            } else {
                                                let message = response
                                                    .get("message")
                                                    .and_then(|v| v.as_str())
                                                    .unwrap_or("unknown error");
                                                error!(
                                                    "Registration failed for {}: {}",
                                                    gpg_fp, message
                                                );
                                                app.set_status_message(format!(
                                                    "Registration failed for {}: {}",
                                                    gpg_fp, message
                                                ));
                                            }
                                        }
                                    }
                                    "list_certificates_response" => {
                                        info!("Received list_certificates_response");
                                        if let Ok(json_str) = serde_json::to_string(response) {
                                            info!("Certificate list response JSON: {}", json_str);
                                            match parse_certificates(&json_str) {
                                                Ok(certs) => {
                                                    let cert_count = certs.len();
                                                    app.certificates = Some(certs);
                                                    info!("Certificate list updated with {} certificates", cert_count);
                                                    app.set_status_message(format!("Loaded {} certificate(s)", cert_count));
                                                }
                                                Err(e) => {
                                                    error!("Failed to parse certificate list: {}", e);
                                                    app.set_status_message(format!("Failed to parse certificates: {}", e));
                                                }
                                            }
                                        } else {
                                            error!("Failed to serialize certificate response to JSON");
                                        }
                                    }
                                    _ => {
                                        info!("Unhandled ca_response type: {}", resp_type);
                                    }
                                }
                            }
                        }
                    }
                    "deliver_message" => {
                        // Extract message details
                        if let (Some(from), Some(message), Some(timestamp)) = (
                            event.get("from").and_then(|f| f.as_str()),
                            event.get("message").and_then(|m| m.as_str()),
                            event.get("timestamp").and_then(|t| t.as_str()),
                        ) {
                            // Receiving messages means server is up
                            app.server_connection_up = true;
                            
                            info!(
                                "Received message from {}: {} (timestamp: {})",
                                from, message, timestamp
                            );

                            // Check current message count before adding
                            let count_before = app.messages.get(from).map(|v| v.len()).unwrap_or(0);

                            // Add message to chat history
                            app.receive_message(from, message);

                            let count_after = app.messages.get(from).map(|v| v.len()).unwrap_or(0);
                            info!(
                                "Message count for {}: {} -> {}",
                                from, count_before, count_after
                            );

                            // If this is the current peer, reset scroll to show new message
                            if app.current_peer.as_deref() == Some(from) {
                                if let Some(conv) = app.conversations.get_mut(from) {
                                    conv.scroll_offset = 0; // Jump to bottom to show new message
                                }
                            }

                            // Mark sender as online immediately (but not ourselves)
                            let current_username = app.get_current_username();
                            if Some(from) != current_username {
                                if let Some(user) = app.users.iter_mut().find(|u| u.name == from) {
                                    user.online = true;
                                    info!("Marked {} as online", from);
                                } else {
                                    // Add new user if not in list
                                    app.users.push(User {
                                        name: from.to_string(),
                                        online: true,
                                    });
                                    info!("Added new user {} as online", from);
                                }
                            }

                            // If no current peer, or message is from a different peer,
                            // switch to the sender to show the new message
                            if app.current_peer.is_none()
                                || app.current_peer.as_deref() != Some(from)
                            {
                                info!("Switching to peer: {}", from);
                                app.current_peer = Some(from.to_string());

                                // Update selected_user to match the sender
                                if let Some(index) = app.users.iter().position(|u| u.name == from) {
                                    app.selected_user = index;
                                }
                            }
                        } else {
                            error!("deliver_message event missing required fields");
                        }
                    }
                    "system_message" => {
                        info!("system_message event: {:?}", event);
                        
                        // Extract sys_code if present (as string or byte array)
                        let sys_code = if let Some(code) = event.get("sys_code").and_then(|c| c.as_str()) {
                            Some(code.to_string())
                        } else if let Some(bytes) = event.get("sys_code").and_then(|c| c.as_array()) {
                            let byte_vec: Vec<u8> = bytes
                                .iter()
                                .filter_map(|v| v.as_u64().map(|n| n as u8))
                                .collect();
                            String::from_utf8(byte_vec).ok()
                        } else {
                            None
                        };
                        
                        // Try to extract message as string first, then as byte array
                        let msg_text = if let Some(msg) = event.get("message").and_then(|m| m.as_str()) {
                            Some(msg.to_string())
                        } else if let Some(bytes) = event.get("message").and_then(|m| m.as_array()) {
                            // Message came as array of byte values (from Erlang binary)
                            let byte_vec: Vec<u8> = bytes
                                .iter()
                                .filter_map(|v| v.as_u64().map(|n| n as u8))
                                .collect();
                            
                            String::from_utf8(byte_vec).ok()
                        } else {
                            None
                        };
                        
                        if let Some(msg) = msg_text {
                            info!("System message extracted: {} (sys_code: {:?})", msg, sys_code);
                            app.add_system_message(msg, sys_code);
                        } else {
                            error!("Failed to extract message field from system_message event");
                        }
                    }
                    _ => {
                        info!("Unhandled event type: {}", event_type);
                    }
                }
            }
        }
        Err(e) => {
            error!("Failed to parse event JSON: {}", e);
        }
    }
}

/// Parse engine status from JSON response
fn parse_engine_status(json_str: &str) -> Result<app::EngineStatus> {
    use app::{EngineStatus, SessionDetail};

    let value: serde_json::Value = serde_json::from_str(json_str)?;

    let username = value
        .get("username")
        .and_then(|v| v.as_str())
        .unwrap_or("unknown")
        .to_string();

    let active_sessions = value
        .get("active_sessions")
        .and_then(|v| v.as_u64())
        .unwrap_or(0) as u32;

    let message_count = value
        .get("message_count")
        .and_then(|v| v.as_u64())
        .unwrap_or(0) as u32;

    let error_count = value
        .get("error_count")
        .and_then(|v| v.as_u64())
        .unwrap_or(0) as u32;

    let uptime_ms = value.get("uptime").and_then(|v| v.as_u64()).unwrap_or(0);

    let mut session_details = Vec::new();

    if let Some(sessions) = value.get("session_details").and_then(|v| v.as_array()) {
        for session in sessions {
            let detail = SessionDetail {
                peer_username: session
                    .get("peer_username")
                    .and_then(|v| v.as_str())
                    .unwrap_or("unknown")
                    .to_string(),
                message_count: session
                    .get("message_count")
                    .and_then(|v| v.as_u64())
                    .unwrap_or(0) as u32,
                error_count: session
                    .get("error_count")
                    .and_then(|v| v.as_u64())
                    .unwrap_or(0) as u32,
                dh_ratchet_step: session
                    .get("dh_ratchet_step")
                    .and_then(|v| v.as_u64())
                    .unwrap_or(0) as u32,
                send_msg_number: session
                    .get("send_msg_number")
                    .and_then(|v| v.as_u64())
                    .unwrap_or(0) as u32,
                recv_msg_number: session
                    .get("recv_msg_number")
                    .and_then(|v| v.as_u64())
                    .unwrap_or(0) as u32,
                prev_recv_chain_length: session
                    .get("prev_recv_chain_length")
                    .and_then(|v| v.as_u64())
                    .unwrap_or(0) as u32,
                skipped_keys_count: session
                    .get("skipped_keys_count")
                    .and_then(|v| v.as_u64())
                    .unwrap_or(0) as u32,
                current_state: session
                    .get("current_state")
                    .and_then(|v| v.as_str())
                    .unwrap_or("unknown")
                    .to_string(),
                transition_count: session
                    .get("transition_count")
                    .and_then(|v| v.as_u64())
                    .unwrap_or(0) as u32,
                created_at: session
                    .get("created_at")
                    .and_then(|v| v.as_u64())
                    .unwrap_or(0),
                last_updated: session
                    .get("last_updated")
                    .and_then(|v| v.as_u64())
                    .unwrap_or(0),
                receiving_chain_active: session
                    .get("receiving_chain_active")
                    .and_then(|v| v.as_bool())
                    .unwrap_or(false),
                sending_chain_active: session
                    .get("sending_chain_active")
                    .and_then(|v| v.as_bool())
                    .unwrap_or(false),
                has_remote_dh: session
                    .get("has_remote_dh")
                    .and_then(|v| v.as_bool())
                    .unwrap_or(false),
            };
            session_details.push(detail);
        }
    }

    // Parse certificate renewal info - it's at the top level, not nested
    let cert_expires_at = value
        .get("cert_expires_at")
        .and_then(|v| v.as_i64());
    
    let cert_renewal_in_progress = value
        .get("renewal_in_progress")
        .and_then(|v| v.as_bool())
        .unwrap_or(false);
    
    let cert_time_until_expiry = value
        .get("time_until_expiry")
        .and_then(|v| v.as_i64());

    Ok(EngineStatus {
        username,
        active_sessions,
        message_count,
        error_count,
        uptime_ms,
        session_details,
        cert_expires_at,
        cert_renewal_in_progress,
        cert_time_until_expiry,
    })
}

/// Parse list_users response from JSON
fn parse_list_users(json_str: &str) -> Result<Vec<app::DetailedUser>> {
    use app::{DetailedUser, UserMetadata};

    let value: serde_json::Value = serde_json::from_str(json_str)?;

    let mut users = Vec::new();

    if let Some(user_array) = value.get("users").and_then(|v| v.as_array()) {
        for user in user_array {
            let username = user
                .get("username")
                .and_then(|v| v.as_str())
                .unwrap_or("unknown")
                .to_string();

            let gpg_fp = user
                .get("gpg_fp")
                .and_then(|v| v.as_str())
                .unwrap_or("")
                .to_string();

            let online = user
                .get("online")
                .and_then(|v| v.as_bool())
                .unwrap_or(false);

            let status = user
                .get("status")
                .and_then(|v| v.as_str())
                .unwrap_or("unknown")
                .to_string();

            let registered_at = user
                .get("registered_at")
                .and_then(|v| v.as_u64())
                .unwrap_or(0);

            let last_seen = user.get("last_seen").and_then(|v| v.as_u64()).unwrap_or(0);

            let registered_by = user
                .get("registered_by")
                .and_then(|v| v.as_str())
                .unwrap_or("undefined")
                .to_string();

            // Parse optional metadata - extract all key-value pairs
            let metadata = user.get("metadata").and_then(|m| {
                if let Some(obj) = m.as_object() {
                    let mut fields = std::collections::HashMap::new();
                    for (key, value) in obj {
                        if let Some(val_str) = value.as_str() {
                            fields.insert(key.clone(), val_str.to_string());
                        } else {
                            // Handle non-string values by converting to string
                            fields.insert(key.clone(), value.to_string());
                        }
                    }
                    if !fields.is_empty() {
                        Some(UserMetadata { fields })
                    } else {
                        None
                    }
                } else {
                    None
                }
            });

            users.push(DetailedUser {
                username,
                gpg_fp,
                online,
                status,
                registered_at,
                last_seen,
                registered_by,
                metadata,
            });
        }
    }

    Ok(users)
}

/// Parse certificate list from JSON response
fn parse_certificates(json_str: &str) -> Result<Vec<app::Certificate>> {
    use app::Certificate;

    let value: serde_json::Value = serde_json::from_str(json_str)?;

    let mut certificates = Vec::new();

    if let Some(cert_array) = value.get("certificates").and_then(|v| v.as_array()) {
        for cert in cert_array {
            let serial = cert
                .get("serial")
                .and_then(|v| v.as_str())
                .unwrap_or("")
                .to_string();

            let issued_at = cert
                .get("issued_at")
                .and_then(|v| v.as_i64())
                .unwrap_or(0);

            let expires_at = cert
                .get("expires_at")
                .and_then(|v| v.as_i64())
                .unwrap_or(0);

            let status = cert
                .get("status")
                .and_then(|v| v.as_str())
                .unwrap_or("unknown")
                .to_string();

            let revoked_at = cert
                .get("revoked_at")
                .and_then(|v| v.as_i64());

            let revoked_by = cert
                .get("revoked_by")
                .and_then(|v| v.as_str())
                .map(|s| s.to_string());

            let revoked_reason = cert
                .get("revoked_reason")
                .and_then(|v| v.as_str())
                .map(|s| s.to_string());

            certificates.push(Certificate {
                serial,
                issued_at,
                expires_at,
                status,
                revoked_at,
                revoked_by,
                revoked_reason,
            });
        }
    }

    Ok(certificates)
}

/// Initialize logging to a file in `~/.cryptic/<username>/<server>_<port>/logs/`
fn init_logging() -> Result<()> {
    let home = std::env::var("HOME").unwrap_or_else(|_| ".".to_string());
    
    // Get connection info from environment variables set by bin/cryptic script
    let username = std::env::var("CRYPTIC_USERNAME").unwrap_or_else(|_| "default".to_string());
    let server_host = std::env::var("CRYPTIC_SERVER_HOST").unwrap_or_else(|_| "localhost".to_string());
    let server_port = std::env::var("CRYPTIC_SERVER_PORT").unwrap_or_else(|_| "8443".to_string());
    
    let log_dir = format!("{}/.cryptic/{}/{}_{}/logs", home, username, server_host, server_port);
    std::fs::create_dir_all(&log_dir)?;

    let file_appender = tracing_appender::rolling::daily(&log_dir, "cryptic-tui.log");

    tracing_subscriber::fmt()
        .with_writer(file_appender)
        .with_ansi(false)
        .with_target(true)
        .with_thread_ids(true)
        .init();

    info!("Cryptic TUI started - logging to {}", log_dir);
    Ok(())
}

fn main() -> Result<()> {
    // Initialize logging first
    init_logging()?;

    // Run the async main in smol runtime
    smol::block_on(async_main())
}

async fn async_main() -> Result<()> {
    // Parse CLI arguments
    let args = CliArgs::parse_args();
    info!(
        "CLI arguments parsed: node={:?}, cookie_provided={}",
        args.get_node_name(),
        args.get_cookie().is_some()
    );

    // Initialize terminal UI
    let mut terminal = init_terminal()?;

    // Create app - use empty app if connecting to Erlang, mock data otherwise
    let mut app = if args.get_node_name().is_some() {
        App::new() // Empty app, users will come from Erlang
    } else {
        App::with_mock_data() // Mock data for testing without Erlang
    };

    // If node specified, store it for later connection
    if let Some(node_name) = args.get_node_name() {
        app.erlang_node_name = Some(node_name.to_string());
        app.is_mock_mode = false;
    }

    // Create Erlang connection if node specified
    let erlang_conn: Option<Arc<ErlangConnection>> = if let Some(node_name) = args.get_node_name() {
        let cookie = args
            .get_cookie()
            .map(String::from)
            .or_else(|| read_erlang_cookie().ok())
            .unwrap_or_else(|| "nocookie".to_string());

        info!("Creating Erlang connection to node: {}", node_name);
        if args.get_cookie().is_some() {
            info!("Using cookie from command line");
        } else {
            info!("Using cookie from ~/.erlang.cookie");
        }

        Some(Arc::new(ErlangConnection::new(
            node_name.to_string(),
            cookie,
        )))
    } else {
        info!("No Erlang node specified, running in mock mode");
        None
    };

    let res = run(&mut terminal, &mut app, erlang_conn).await;

    // Always restore terminal state
    restore_terminal()?;

    info!("Cryptic TUI shutting down");

    // Propagate any run errors
    res
}

fn init_terminal() -> Result<Terminal<CrosstermBackend<io::Stdout>>> {
    enable_raw_mode()?;
    let mut stdout = io::stdout();
    execute!(stdout, EnterAlternateScreen)?;
    let backend = CrosstermBackend::new(stdout);
    Ok(Terminal::new(backend)?)
}

fn restore_terminal() -> Result<()> {
    disable_raw_mode()?;
    execute!(io::stdout(), LeaveAlternateScreen)?;
    Ok(())
}

async fn run(
    terminal: &mut Terminal<CrosstermBackend<io::Stdout>>,
    app: &mut App,
    erlang_conn: Option<Arc<ErlangConnection>>,
) -> Result<()> {
    let mut connected = false;
    let mut dist_node: Option<dist_node::DistNode> = None;
    let mut message_to_send: Option<(String, String)> = None; // (peer, message)
    let mut admin_register_to_send: Option<(String, String, String)> = None;
    let mut admin_suspend_to_send: Option<String> = None;
    let mut admin_reactivate_to_send: Option<String> = None;
    let mut admin_revoke_to_send: Option<String> = None;
    let mut refresh_certificates = false; // Flag to trigger certificate list refresh
    let mut certificates_fingerprint: Option<String> = None; // Fingerprint for certificate request
    let mut refresh_engine_status = false; // Flag to trigger engine status refresh
    let mut refresh_detailed_users = false; // Flag to trigger detailed user list refresh
    let mut refresh_online_users = false; // Flag to trigger online users refresh
    let mut last_online_check = Instant::now(); // Timer for periodic online users check
    let online_check_interval = Duration::from_secs(10); // Check online users every 10 seconds

    while !app.should_exit {
        // Update system message display (check if we can advance to next message)
        app.update_system_message();
        
        terminal.draw(|f| ui::draw(f, app))?;

        // If just transitioned to Main screen and have Erlang connection, connect
        if app.screen == AppScreen::Main && !connected && erlang_conn.is_some() {
            if let Some(ref conn) = erlang_conn {
                info!(
                    "Attempting to connect to Erlang node: {}",
                    conn.get_remote_node_name()
                );
                app.connection_status = ConnectionStatus::Connecting;
                terminal.draw(|f| ui::draw(f, app))?; // Redraw to show "Connecting..."

                match conn.connect().await {
                    Ok(_) => {
                        info!(
                            "Successfully connected to Erlang node: {}",
                            conn.get_remote_node_name()
                        );
                        app.connection_status = ConnectionStatus::Connected;
                        connected = true;

                        // Subscribe to event bus
                        info!("Subscribing to event bus");
                        match conn.subscribe_to_event_bus().await {
                            Ok(_event_rx) => {
                                info!("Successfully subscribed to event bus");
                                // TODO Phase 3: Spawn task to handle events from event_rx
                                // For Phase 2, events visible in logs as RegSend
                            }
                            Err(e) => {
                                error!("Failed to subscribe to event bus: {}", e);
                            }
                        }

                        // Start dist_node to receive RegSend messages
                        info!("Starting distributed Erlang node for receiving messages");
                        match dist_node::DistNode::connect(
                            format!("cryptic_tui@{}", "127.0.0.1"),
                            conn.get_remote_node_name().to_string(),
                            conn.get_cookie().to_string(),
                        )
                        .await
                        {
                            Ok(node) => {
                                info!("DistNode connected successfully: {}", node.node_name());
                                let rust_node_name = node.node_name();
                                dist_node = Some(node);

                                // Start the bridge on the Erlang side to forward events to us
                                info!("Starting cryptic_tui_bridge on Erlang node");

                                // Get passphrase from app state
                                let passphrase =
                                    app.passphrase.as_ref().map(|s| s.as_str()).unwrap_or("");

                                match conn.start_tui_bridge(&rust_node_name, passphrase).await {
                                    Ok(bridge_result) => {
                                        info!("Bridge started successfully: {:?}", bridge_result);

                                        // Request the list of online users to populate the UI
                                        info!("Requesting online users list");
                                        match conn.request_online_users().await {
                                            Ok(_) => {
                                                info!("Online users request sent successfully");
                                            }
                                            Err(e) => {
                                                error!("Failed to request online users: {}", e);
                                            }
                                        }
                                    }
                                    Err(e) => {
                                        error!("Failed to start bridge: {}", e);
                                        // Not fatal - continue anyway
                                    }
                                }
                            }
                            Err(e) => {
                                error!("Failed to start DistNode: {}", e);
                            }
                        }
                    }
                    Err(e) => {
                        error!("Failed to connect to Erlang node: {}", e);
                        app.connection_status = ConnectionStatus::Error;
                        app.splash_error = Some(format!("Connection failed: {}", e));
                        // Optionally: fall back to mock mode or retry
                    }
                }
            }
        }

        // Check for messages from dist_node
        if let Some(ref mut node) = dist_node {
            while let Ok(msg) = node.try_recv() {
                use erl_dist::term::Term; // Use erl_dist's Term type

                // Skip Tick messages (they're handled automatically)
                if matches!(msg, dist_node::Message::Tick) {
                    continue;
                }

                info!("Received message from Erlang: {:?}", msg);

                // Parse RegSend messages to extract events
                if let dist_node::Message::RegSend(regsend) = msg {
                    // Message format: {tui_event, JsonBinary}
                    if let Term::Tuple(tuple) = &regsend.message {
                        if tuple.elements.len() == 2 {
                            if let Term::Atom(atom) = &tuple.elements[0] {
                                if atom.name == "tui_event" {
                                    if let Term::Binary(binary) = &tuple.elements[1] {
                                        // Convert bytes to string
                                        match String::from_utf8(binary.bytes.clone()) {
                                            Ok(json_str) => {
                                                info!("Received TUI event JSON: {}", json_str);
                                                handle_erlang_event(
                                                    app,
                                                    &json_str,
                                                    &mut refresh_online_users,
                                                    &mut refresh_detailed_users,
                                                );
                                            }
                                            Err(e) => {
                                                error!("Failed to decode UTF-8 from binary: {}", e)
                                            }
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }

        // Poll for input with timeout to allow periodic redraws / future background tasks
        if event::poll(Duration::from_millis(120))? {
            if let Event::Key(key) = event::read()? {
                // Ignore key repeats on some terminals
                if key.kind == KeyEventKind::Repeat {
                    continue;
                }
                if app.screen == AppScreen::Splash {
                    handle_splash_key(app, key)?;
                } else {
                    // Check if user is sending a message
                    if key.code == KeyCode::Enter
                        && matches!(app.active_tab, Tab::Chat)
                        && !app.input_buffer.is_empty()
                        && app.current_peer.is_some()
                    {
                        // Capture message for sending
                        if let Some(peer) = &app.current_peer {
                            message_to_send = Some((peer.clone(), app.input_buffer.clone()));
                        }
                    }
                    let (result, should_refresh_status, should_refresh_users, admin_action) =
                        handle_main_key(app, key);
                    result?;
                    if should_refresh_status {
                        refresh_engine_status = true;
                    }
                    if should_refresh_users {
                        refresh_detailed_users = true;
                    }
                    match admin_action {
                        Some(AdminAction::RegisterUser { gpg_fp, key_path, metadata }) => {
                            admin_register_to_send = Some((gpg_fp, key_path, metadata));
                        }
                        Some(AdminAction::SuspendUser { gpg_fp }) => {
                            admin_suspend_to_send = Some(gpg_fp);
                        }
                        Some(AdminAction::ReactivateUser { gpg_fp }) => {
                            admin_reactivate_to_send = Some(gpg_fp);
                        }
                        Some(AdminAction::RevokeUser { gpg_fp }) => {
                            admin_revoke_to_send = Some(gpg_fp);
                        }
                        Some(AdminAction::ListCertificates { gpg_fp }) => {
                            // Store the fingerprint and request certificates
                            if let Some(user) = app.admin_get_selected_user() {
                                app.certificates_for_user = Some(user.username.clone());
                            }
                            refresh_certificates = true;
                            certificates_fingerprint = Some(gpg_fp);
                        }
                        Some(AdminAction::RenewCertificate) => {
                            // Trigger certificate renewal
                            if let Some(ref conn) = erlang_conn {
                                match conn.renew_certificate().await {
                                    Ok(()) => {
                                        app.set_status_message("Certificate renewal initiated - check system messages for progress".to_string());
                                        // Refresh status to show renewal progress
                                        refresh_engine_status = true;
                                    }
                                    Err(e) => {
                                        app.set_status_message(format!("Failed to renew certificate: {}", e));
                                    }
                                }
                            } else {
                                app.set_status_message("Not connected to Erlang node".to_string());
                            }
                        }
                        None => {}
                    }
                }
            }
        }

        // Send message via Erlang if queued
        if let Some((peer, message)) = message_to_send.take() {
            if let Some(ref conn) = erlang_conn {
                info!("Sending message to {}: {}", peer, message);
                match send_message_via_erlang(conn, &peer, &message).await {
                    Ok(_) => {
                        info!("Message sent successfully to {}", peer);
                    }
                    Err(e) => {
                        error!("Failed to send message to {}: {}", peer, e);
                        // TODO: Show error in UI
                    }
                }
            } else {
                warn!("Cannot send message - no Erlang connection");
            }
        }

        // Submit admin registration if requested
        if let Some((gpg_fp, key_path, metadata)) = admin_register_to_send.take() {
            if let Some(ref conn) = erlang_conn {
                info!(
                    "Submitting admin_register for fingerprint {} with key path {} and metadata '{}'",
                    gpg_fp, key_path, metadata
                );
                app.set_status_message(format!("Registering {} (waiting for response)...", gpg_fp));
                match conn.admin_register_user(&gpg_fp, &key_path, &metadata).await {
                    Ok(_) => {
                        info!("admin_register RPC accepted for {}", gpg_fp);
                    }
                    Err(e) => {
                        error!("admin_register RPC failed: {}", e);
                        app.set_status_message(format!("Registration failed: {}", e));
                    }
                }
            } else {
                warn!("Cannot register user - no Erlang connection");
                app.set_status_message("Cannot register user: not connected".to_string());
            }
        }

        // Submit admin suspend if requested
        if let Some(gpg_fp) = admin_suspend_to_send.take() {
            if let Some(ref conn) = erlang_conn {
                info!("Submitting admin_suspend for fingerprint {}", gpg_fp);
                match conn.admin_suspend_user(&gpg_fp).await {
                    Ok(_) => {
                        info!("admin_suspend RPC accepted for {}", gpg_fp);
                        app.set_status_message(format!("User suspended successfully"));
                        refresh_detailed_users = true;
                    }
                    Err(e) => {
                        error!("admin_suspend RPC failed: {}", e);
                        app.set_status_message(format!("Suspend failed: {}", e));
                    }
                }
            } else {
                warn!("Cannot suspend user - no Erlang connection");
                app.set_status_message("Cannot suspend user: not connected".to_string());
            }
        }

        // Submit admin reactivate if requested
        if let Some(gpg_fp) = admin_reactivate_to_send.take() {
            if let Some(ref conn) = erlang_conn {
                info!("Submitting admin_reactivate for fingerprint {}", gpg_fp);
                match conn.admin_reactivate_user(&gpg_fp).await {
                    Ok(_) => {
                        info!("admin_reactivate RPC accepted for {}", gpg_fp);
                        app.set_status_message(format!("User reactivated successfully"));
                        refresh_detailed_users = true;
                    }
                    Err(e) => {
                        error!("admin_reactivate RPC failed: {}", e);
                        app.set_status_message(format!("Reactivate failed: {}", e));
                    }
                }
            } else {
                warn!("Cannot reactivate user - no Erlang connection");
                app.set_status_message("Cannot reactivate user: not connected".to_string());
            }
        }

        // Submit admin revoke if requested
        if let Some(gpg_fp) = admin_revoke_to_send.take() {
            if let Some(ref conn) = erlang_conn {
                info!("Submitting admin_revoke for fingerprint {}", gpg_fp);
                match conn.admin_revoke_user(&gpg_fp).await {
                    Ok(_) => {
                        info!("admin_revoke RPC accepted for {}", gpg_fp);
                        app.set_status_message(format!("User revoked successfully"));
                        refresh_detailed_users = true;
                    }
                    Err(e) => {
                        error!("admin_revoke RPC failed: {}", e);
                        app.set_status_message(format!("Revoke failed: {}", e));
                    }
                }
            } else {
                warn!("Cannot revoke user - no Erlang connection");
                app.set_status_message("Cannot revoke user: not connected".to_string());
            }
        }

        // Periodic online users check (every 10 seconds)
        if connected
            && erlang_conn.is_some()
            && last_online_check.elapsed() >= online_check_interval
        {
            last_online_check = Instant::now();
            refresh_online_users = true;
            info!("Triggering periodic online users check");
        }

        // Refresh engine status if requested
        if refresh_engine_status {
            refresh_engine_status = false;
            if let Some(ref conn) = erlang_conn {
                info!("Refreshing engine status");
                match conn.request_engine_status().await {
                    Ok(term) => {
                        // The response format is {ok, JsonBinary} from Erlang
                        match term {
                            eetf::Term::Tuple(tuple) if tuple.elements.len() == 2 => {
                                // Check if first element is 'ok' atom
                                if let eetf::Term::Atom(atom) = &tuple.elements[0] {
                                    if atom.name == "ok" {
                                        // Extract the binary from the second element
                                        if let eetf::Term::Binary(binary) = &tuple.elements[1] {
                                            match String::from_utf8(binary.bytes.clone()) {
                                                Ok(json_str) => {
                                                    info!(
                                                        "Received engine status JSON: {}",
                                                        json_str
                                                    );
                                                    match parse_engine_status(&json_str) {
                                                        Ok(status) => {
                                                            app.update_engine_status(status);
                                                            info!("Engine status updated successfully");
                                                        }
                                                        Err(e) => {
                                                            error!(
                                                                "Failed to parse engine status: {}",
                                                                e
                                                            );
                                                        }
                                                    }
                                                }
                                                Err(e) => {
                                                    error!(
                                                        "Failed to decode engine status UTF-8: {}",
                                                        e
                                                    );
                                                }
                                            }
                                        } else {
                                            error!(
                                                "Second element of tuple is not a binary: {:?}",
                                                tuple.elements[1]
                                            );
                                        }
                                    } else {
                                        error!("First element is not 'ok' atom: {:?}", atom.name);
                                    }
                                } else {
                                    error!(
                                        "First element of tuple is not an atom: {:?}",
                                        tuple.elements[0]
                                    );
                                }
                            }
                            eetf::Term::Binary(binary) => {
                                // Fallback: handle direct binary response (for backward compatibility)
                                match String::from_utf8(binary.bytes) {
                                    Ok(json_str) => {
                                        info!(
                                            "Received engine status JSON (direct binary): {}",
                                            json_str
                                        );
                                        match parse_engine_status(&json_str) {
                                            Ok(status) => {
                                                app.update_engine_status(status);
                                                info!("Engine status updated successfully");
                                            }
                                            Err(e) => {
                                                error!("Failed to parse engine status: {}", e);
                                            }
                                        }
                                    }
                                    Err(e) => {
                                        error!("Failed to decode engine status UTF-8: {}", e);
                                    }
                                }
                            }
                            _ => {
                                error!("Unexpected engine status response format: {:?}", term);
                            }
                        }
                    }
                    Err(e) => {
                        error!("Failed to request engine status: {}", e);
                    }
                }
            } else {
                warn!("Cannot refresh engine status - no Erlang connection");
            }
        }

        // Refresh detailed user list if requested
        if refresh_detailed_users {
            refresh_detailed_users = false;
            if let Some(ref conn) = erlang_conn {
                info!("Requesting detailed user list");
                match conn.request_list_users().await {
                    Ok(_) => {
                        info!("User list request sent successfully");
                    }
                    Err(e) => {
                        error!("Failed to request user list: {}", e);
                    }
                }
            } else {
                warn!("Cannot refresh user list - no Erlang connection");
            }
        }

        // Refresh certificates list if requested
        if refresh_certificates {
            refresh_certificates = false;
            if let (Some(ref conn), Some(ref fingerprint)) = (&erlang_conn, &certificates_fingerprint) {
                info!("Requesting certificate list for fingerprint {}", fingerprint);
                match conn.admin_list_certificates(fingerprint).await {
                    Ok(_) => {
                        info!("Certificate list request sent successfully");
                    }
                    Err(e) => {
                        error!("Failed to request certificate list: {}", e);
                        app.set_status_message(format!("Failed to load certificates: {}", e));
                    }
                }
            } else {
                warn!("Cannot refresh certificate list - no Erlang connection or fingerprint");
            }
        }

        // Refresh online users list if requested
        if refresh_online_users {
            refresh_online_users = false;
            if let Some(ref conn) = erlang_conn {
                info!("Requesting online users list");
                match conn.request_online_users().await {
                    Ok(_) => {
                        info!("Online users request sent successfully");
                    }
                    Err(e) => {
                        error!("Failed to request online users: {}", e);
                    }
                }
            } else {
                warn!("Cannot refresh online users - no Erlang connection");
            }
        }

        // Load message history if requested
        if app.should_load_history {
            app.should_load_history = false;

            if let (Some(peer), Some(ref conn)) = (&app.current_peer, &erlang_conn) {
                let peer_clone = peer.clone();

                // Check if this is initial load or scrolling up
                let is_initial = {
                    let conv = app.get_conversation(&peer_clone);
                    conv.map(|c| c.messages.is_empty()).unwrap_or(true)
                };

                if is_initial {
                    // Initial load: get recent messages
                    info!("Loading initial history for peer: {}", peer_clone);

                    match conn.load_recent_messages(&peer_clone, 50).await {
                        Ok(messages) => {
                            info!("Loaded {} recent messages", messages.len());
                            for (idx, msg) in messages.iter().enumerate() {
                                info!(
                                    "Recent history [{}] peer={} from={} sent={} ts={} content={}",
                                    idx,
                                    peer_clone,
                                    msg.from,
                                    msg.is_sent,
                                    msg.timestamp,
                                    msg.content
                                );
                            }
                            let conv = app.get_conversation_mut(&peer_clone);
                            conv.append_messages(messages);
                            conv.is_loading = false;
                        }
                        Err(e) => {
                            error!("Failed to load recent messages: {}", e);
                            if let Some(conv) = app.conversations.get_mut(&peer_clone) {
                                conv.is_loading = false;
                            }
                        }
                    }
                } else {
                    // Scrolling up: load older messages
                    let oldest_ts = {
                        let conv = app.get_conversation(&peer_clone);
                        conv.and_then(|c| c.get_oldest_timestamp())
                    };

                    if let Some(ts) = oldest_ts {
                        info!(
                            "Loading messages before timestamp {} for peer: {}",
                            ts, peer_clone
                        );

                        // Mark as loading
                        if let Some(conv) = app.conversations.get_mut(&peer_clone) {
                            conv.is_loading = true;
                        }

                        match conn.load_messages_before(&peer_clone, ts, 50).await {
                            Ok(messages) => {
                                if messages.is_empty() {
                                    info!("No more history available for {}", peer_clone);
                                    if let Some(conv) = app.conversations.get_mut(&peer_clone) {
                                        conv.has_more_history = false;
                                        conv.is_loading = false;
                                    }
                                } else {
                                    info!(
                                        "Loaded {} older messages for {}",
                                        messages.len(),
                                        peer_clone
                                    );
                                    for (idx, msg) in messages.iter().enumerate() {
                                        info!(
                                            "Older history [{}] peer={} from={} sent={} ts={} content={}",
                                            idx,
                                            peer_clone,
                                            msg.from,
                                            msg.is_sent,
                                            msg.timestamp,
                                            msg.content
                                        );
                                    }
                                    if let Some(conv) = app.conversations.get_mut(&peer_clone) {
                                        conv.prepend_messages(messages);
                                        conv.is_loading = false;
                                    }
                                }
                            }
                            Err(e) => {
                                error!("Failed to load older messages: {}", e);
                                if let Some(conv) = app.conversations.get_mut(&peer_clone) {
                                    conv.is_loading = false;
                                }
                            }
                        }
                    }
                }
            } else if app.current_peer.is_none() {
                warn!("Cannot load history - no peer selected");
            } else {
                warn!("Cannot load history - no Erlang connection");
            }
        }
    }
    Ok(())
}

async fn send_message_via_erlang(
    conn: &ErlangConnection,
    to_user: &str,
    message: &str,
) -> Result<()> {
    // Build JSON message for cryptic_rpc:send_message/1
    // The function expects a single JSON binary argument
    let json_msg = serde_json::json!({
        "type": "send_message",
        "to_user": to_user,
        "plaintext": message
    });

    let json_string = serde_json::to_string(&json_msg)?;
    let json_bytes = json_string.as_bytes().to_vec();

    // Call cryptic_rpc:send_message with a single JSON binary argument
    let args = eetf::List::from(vec![eetf::Term::Binary(eetf::Binary::from(json_bytes))]);

    conn.rpc_call("cryptic_rpc", "send_message", args).await?;
    Ok(())
}

fn handle_splash_key(app: &mut App, key: crossterm::event::KeyEvent) -> Result<()> {
    match key.code {
        KeyCode::Char('q') if ctrl(&key) => {
            info!("User quit from splash screen");
            app.should_exit = true;
        }
        KeyCode::Esc => {
            app.passphrase_input.clear();
            app.splash_error = None;
        }
        KeyCode::Backspace => {
            app.passphrase_input.pop();
        }
        KeyCode::Char(c) if no_mods(&key) || shift_only(&key) => {
            // Basic printable filtering
            if !c.is_control() {
                app.passphrase_input.push(c);
            }
        }
        KeyCode::Enter => {
            if app.passphrase_input.trim().is_empty() {
                app.splash_error = Some("Passphrase cannot be empty".into());
            } else if app.passphrase_input.len() < 4 {
                app.splash_error = Some("Passphrase too short (min 4 chars)".into());
            } else {
                info!("Passphrase accepted, transitioning to main screen");
                // Store secret and transition
                let secret = Secret::new(app.passphrase_input.clone());
                app.passphrase = Some(secret);
                app.passphrase_input.clear();
                app.splash_error = None;
                app.screen = AppScreen::Main;
            }
        }
        _ => {}
    }
    Ok(())
}

enum AdminAction {
    RegisterUser { gpg_fp: String, key_path: String, metadata: String },
    SuspendUser { gpg_fp: String },
    ReactivateUser { gpg_fp: String },
    RevokeUser { gpg_fp: String },
    ListCertificates { gpg_fp: String },
    RenewCertificate,
}

fn handle_main_key(
    app: &mut App,
    key: crossterm::event::KeyEvent,
) -> (Result<()>, bool, bool, Option<AdminAction>) {
    let mut refresh_status = false;
    let mut refresh_users = false;
    let mut admin_action = None;

    match key.code {
        KeyCode::Char('q') if ctrl(&key) => {
            app.should_exit = true;
        }
        KeyCode::Tab if no_mods(&key) => {
            // In Admin register mode, Tab cycles between form fields
            if matches!(app.active_tab, Tab::Admin) && matches!(app.admin_mode, app::AdminMode::RegisterUser) {
                app.admin_focus_next();
            } else {
                app.next_tab();
            }
        }
        KeyCode::BackTab => {
            // In Admin register mode, Shift+Tab cycles backward between fields
            if matches!(app.active_tab, Tab::Admin) && matches!(app.admin_mode, app::AdminMode::RegisterUser) {
                app.admin_focus_previous();
            } else {
                app.previous_tab();
            }
        }
        KeyCode::Char('h') if ctrl(&key) && !key.modifiers.contains(KeyModifiers::SHIFT) => {
            app.previous_tab()
        }
        KeyCode::Char('l') if ctrl(&key) && !key.modifiers.contains(KeyModifiers::SHIFT) => {
            app.next_tab()
        }
        KeyCode::Char('r') if no_mods(&key) && matches!(app.active_tab, Tab::Status) => {
            // Refresh engine status when on Status tab
            refresh_status = true;
            app.status_reset_scroll();
        }
        KeyCode::Char('n') if no_mods(&key) && matches!(app.active_tab, Tab::Status) => {
            // Trigger certificate renewal
            admin_action = Some(AdminAction::RenewCertificate);
        }
        // Admin menu shortcuts
        KeyCode::Char('l') if no_mods(&key) && matches!(app.active_tab, Tab::Admin) && matches!(app.admin_mode, app::AdminMode::Menu) => {
            // List users
            refresh_users = true;
            app.admin_reset_scroll();
        }
        KeyCode::Char('r') if no_mods(&key) && matches!(app.active_tab, Tab::Admin) && matches!(app.admin_mode, app::AdminMode::Menu) => {
            // Show register form
            app.admin_mode = app::AdminMode::RegisterUser;
            app.admin_clear_inputs();
            app.admin_reset_scroll();
        }
        KeyCode::Char('s') if no_mods(&key) && matches!(app.active_tab, Tab::Admin) && matches!(app.admin_mode, app::AdminMode::Menu) => {
            // Show suspend confirmation
            app.admin_mode = app::AdminMode::SuspendUser;
            app.clear_status_message();
            app.admin_reset_scroll();
        }
        KeyCode::Char('a') if no_mods(&key) && matches!(app.active_tab, Tab::Admin) && matches!(app.admin_mode, app::AdminMode::Menu) => {
            // Show reactivate confirmation
            app.admin_mode = app::AdminMode::ReactivateUser;
            app.clear_status_message();
            app.admin_reset_scroll();
        }
        KeyCode::Char('v') if no_mods(&key) && matches!(app.active_tab, Tab::Admin) && matches!(app.admin_mode, app::AdminMode::Menu) => {
            // Show revoke confirmation
            app.admin_mode = app::AdminMode::RevokeUser;
            app.clear_status_message();
            app.admin_reset_scroll();
        }
        KeyCode::Char('c') if no_mods(&key) && matches!(app.active_tab, Tab::Admin) && matches!(app.admin_mode, app::AdminMode::Menu) => {
            // Show certificate list
            app.admin_mode = app::AdminMode::ListCertificates;
            app.clear_status_message();
            app.admin_reset_scroll();
        }

        // Scroll handling for Chat tab and Admin tab
        // PageUp/PageDown (or Fn+Up/Down on MacBook)
        KeyCode::PageUp => match app.active_tab {
            Tab::Chat if app.current_peer.is_some() => {
                if let Some(peer) = &app.current_peer.clone() {
                    let conv = app.get_conversation_mut(peer);

                    // Scroll up by 10 lines
                    conv.scroll_offset = conv.scroll_offset.saturating_add(10);

                    // Trigger history load if at top and more history available
                    if conv.is_at_top() && !conv.is_loading && conv.has_more_history {
                        app.should_load_history = true;
                    }
                }
            }
            Tab::Admin => {
                // Scroll up by 5 lines in admin views
                for _ in 0..5 {
                    app.admin_scroll_up();
                }
            }
            Tab::Status => {
                // Scroll up by 5 lines in status view
                for _ in 0..5 {
                    app.status_scroll_up();
                }
            }
            Tab::Help => {
                // Scroll up by 5 lines in help view
                for _ in 0..5 {
                    app.help_scroll_up();
                }
            }
            _ => {}
        },
        KeyCode::PageDown => match app.active_tab {
            Tab::Chat if app.current_peer.is_some() => {
                if let Some(peer) = &app.current_peer.clone() {
                    let conv = app.get_conversation_mut(peer);
                    conv.scroll_offset = conv.scroll_offset.saturating_sub(10);
                }
            }
            Tab::Admin => {
                // Scroll down by 5 lines in admin views
                for _ in 0..5 {
                    app.admin_scroll_down();
                }
            }
            Tab::Status => {
                // Scroll down by 5 lines in status view
                for _ in 0..5 {
                    app.status_scroll_down();
                }
            }
            Tab::Help => {
                // Scroll down by 5 lines in help view
                for _ in 0..5 {
                    app.help_scroll_down();
                }
            }
            _ => {}
        },
        // Ctrl+U/D for scrolling (vim-style, works great on MacBooks)
        KeyCode::Char('u') if ctrl(&key) => match app.active_tab {
            Tab::Chat if app.current_peer.is_some() => {
                if let Some(peer) = &app.current_peer.clone() {
                    let conv = app.get_conversation_mut(peer);

                    // Scroll up by 10 lines
                    conv.scroll_offset = conv.scroll_offset.saturating_add(10);

                    // Trigger history load if at top and more history available
                    if conv.is_at_top() && !conv.is_loading && conv.has_more_history {
                        app.should_load_history = true;
                    }
                }
            }
            Tab::Admin => {
                // Scroll up by 5 lines in admin views
                for _ in 0..5 {
                    app.admin_scroll_up();
                }
            }
            Tab::Status => {
                // Scroll up by 5 lines in status view
                for _ in 0..5 {
                    app.status_scroll_up();
                }
            }
            Tab::Help => {
                // Scroll up by 5 lines in help view
                for _ in 0..5 {
                    app.help_scroll_up();
                }
            }
            _ => {}
        },
        KeyCode::Char('d') if ctrl(&key) => match app.active_tab {
            Tab::Chat if app.current_peer.is_some() => {
                if let Some(peer) = &app.current_peer.clone() {
                    let conv = app.get_conversation_mut(peer);
                    conv.scroll_offset = conv.scroll_offset.saturating_sub(10);
                }
            }
            Tab::Admin => {
                // Scroll down by 5 lines in admin views
                for _ in 0..5 {
                    app.admin_scroll_down();
                }
            }
            Tab::Status => {
                // Scroll down by 5 lines in status view
                for _ in 0..5 {
                    app.status_scroll_down();
                }
            }
            Tab::Help => {
                // Scroll down by 5 lines in help view
                for _ in 0..5 {
                    app.help_scroll_down();
                }
            }
            _ => {}
        },
        KeyCode::Home if matches!(app.active_tab, Tab::Chat) && app.current_peer.is_some() => {
            if let Some(peer) = &app.current_peer.clone() {
                let conv = app.get_conversation_mut(peer);
                conv.scroll_offset = conv.messages.len().saturating_sub(1);

                // Trigger history load when jumping to top
                if !conv.is_loading && conv.has_more_history {
                    app.should_load_history = true;
                }
            }
        }
        KeyCode::End if matches!(app.active_tab, Tab::Chat) && app.current_peer.is_some() => {
            if let Some(peer) = &app.current_peer.clone() {
                let conv = app.get_conversation_mut(peer);
                conv.scroll_offset = 0; // Jump to bottom (newest messages)
            }
        }

        KeyCode::Up => match app.active_tab {
            Tab::Chat => app.previous_user(),
            Tab::Admin if matches!(app.admin_mode, app::AdminMode::Menu) => app.admin_previous_user(),
            _ => {}
        },
        KeyCode::Down => match app.active_tab {
            Tab::Chat => app.next_user(),
            Tab::Admin if matches!(app.admin_mode, app::AdminMode::Menu) => app.admin_next_user(),
            _ => {}
        },
        KeyCode::Enter => match app.active_tab {
            Tab::Chat => {
                if !app.input_buffer.is_empty() && app.current_peer.is_some() {
                    app.send_message();
                } else {
                    app.open_selected_chat();
                }
            }
            Tab::Admin => {
                if matches!(app.admin_mode, app::AdminMode::RegisterUser) && app.admin_form_complete() {
                    let gpg_fp = app.admin_form.gpg_fp.trim().to_string();
                    let key_path = app.admin_form.key_path.trim().to_string();
                    let metadata = app.admin_form.metadata.trim().to_string();
                    app.set_status_message(format!("Registering {}...", gpg_fp));
                    admin_action = Some(AdminAction::RegisterUser { gpg_fp, key_path, metadata });
                    // Return to menu after submission
                    app.admin_mode = app::AdminMode::Menu;
                    app.admin_reset_scroll();
                } else if matches!(app.admin_mode, app::AdminMode::SuspendUser) {
                    if let Some(user) = app.admin_get_selected_user() {
                        if user.status == "active" {
                            let username = user.username.clone();
                            let gpg_fp = user.gpg_fp.clone();
                            app.set_status_message(format!("Suspending {}...", username));
                            admin_action = Some(AdminAction::SuspendUser { gpg_fp });
                            app.admin_mode = app::AdminMode::Menu;
                            app.admin_reset_scroll();
                        } else {
                            app.set_status_message(format!("Cannot suspend user with status: {}", user.status));
                        }
                    }
                } else if matches!(app.admin_mode, app::AdminMode::ReactivateUser) {
                    if let Some(user) = app.admin_get_selected_user() {
                        if user.status == "suspended" {
                            let username = user.username.clone();
                            let gpg_fp = user.gpg_fp.clone();
                            app.set_status_message(format!("Reactivating {}...", username));
                            admin_action = Some(AdminAction::ReactivateUser { gpg_fp });
                            app.admin_mode = app::AdminMode::Menu;
                            app.admin_reset_scroll();
                        } else {
                            app.set_status_message(format!("Cannot reactivate user with status: {}", user.status));
                        }
                    }
                } else if matches!(app.admin_mode, app::AdminMode::RevokeUser) {
                    if let Some(user) = app.admin_get_selected_user() {
                        if user.status != "revoked" {
                            let username = user.username.clone();
                            let gpg_fp = user.gpg_fp.clone();
                            app.set_status_message(format!("Revoking {}...", username));
                            admin_action = Some(AdminAction::RevokeUser { gpg_fp });
                            app.admin_mode = app::AdminMode::Menu;
                            app.admin_reset_scroll();
                        } else {
                            app.set_status_message(format!("User is already revoked"));
                        }
                    }
                } else if matches!(app.admin_mode, app::AdminMode::ListCertificates) {
                    if let Some(user) = app.admin_get_selected_user() {
                        let username = user.username.clone();
                        let gpg_fp = user.gpg_fp.clone();
                        app.set_status_message(format!("Loading certificates for {}...", username));
                        admin_action = Some(AdminAction::ListCertificates { gpg_fp });
                        // Stay in ListCertificates mode to show results
                    }
                }
            }
            _ => {}
        },
        KeyCode::Esc => match app.active_tab {
            Tab::Chat => app.clear_input(),
            Tab::Admin => {
                // In any admin sub-mode, Esc returns to menu
                if !matches!(app.admin_mode, app::AdminMode::Menu) {
                    app.admin_mode = app::AdminMode::Menu;
                    app.admin_reset_scroll();
                }
                app.admin_clear_inputs();
                app.clear_status_message();
            }
            _ => {}
        },

        // Text editing - Emacs-style navigation
        KeyCode::Char('a') if ctrl(&key) && matches!(app.active_tab, Tab::Chat) => {
            app.input_move_home()
        }
        KeyCode::Char('e') if ctrl(&key) && matches!(app.active_tab, Tab::Chat) => {
            app.input_move_end()
        }
        KeyCode::Char('b') if ctrl(&key) && matches!(app.active_tab, Tab::Chat) => {
            app.input_move_left()
        }
        KeyCode::Char('f') if ctrl(&key) && matches!(app.active_tab, Tab::Chat) => {
            app.input_move_right()
        }
        KeyCode::Char('d') if ctrl(&key) && !matches!(app.active_tab, Tab::Chat) => {
            match app.active_tab {
                Tab::Admin => app.admin_backspace(),
                _ => app.input_delete(),
            }
        }

        // Arrow key navigation in input
        KeyCode::Left if !ctrl(&key) && matches!(app.active_tab, Tab::Chat) => {
            app.input_move_left()
        }
        KeyCode::Right if !ctrl(&key) && matches!(app.active_tab, Tab::Chat) => {
            app.input_move_right()
        }

        // Text editing
        KeyCode::Delete => match app.active_tab {
            Tab::Chat => app.input_delete(),
            Tab::Admin if matches!(app.admin_mode, app::AdminMode::RegisterUser) => app.admin_backspace(),
            _ => {}
        },
        KeyCode::Char(c) if no_mods(&key) || shift_only(&key) => match app.active_tab {
            Tab::Chat => app.input_char(c),
            Tab::Admin if matches!(app.admin_mode, app::AdminMode::RegisterUser) => app.admin_input_char(c),
            _ => {}
        },
        KeyCode::Backspace => match app.active_tab {
            Tab::Chat => app.input_backspace(),
            Tab::Admin if matches!(app.admin_mode, app::AdminMode::RegisterUser) => app.admin_backspace(),
            _ => {}
        },
        _ => {}
    }
    (Ok(()), refresh_status, refresh_users, admin_action)
}

#[inline]
fn no_mods(key: &crossterm::event::KeyEvent) -> bool {
    key.modifiers.is_empty()
}

#[inline]
fn shift_only(key: &crossterm::event::KeyEvent) -> bool {
    key.modifiers == KeyModifiers::SHIFT
}

#[inline]
fn ctrl(key: &crossterm::event::KeyEvent) -> bool {
    key.modifiers.contains(KeyModifiers::CONTROL)
}

/// Read Erlang cookie from ~/.erlang.cookie
fn read_erlang_cookie() -> Result<String> {
    let home = std::env::var("HOME").unwrap_or_else(|_| ".".to_string());
    let cookie_path = format!("{}/.erlang.cookie", home);
    match std::fs::read_to_string(&cookie_path) {
        Ok(cookie) => {
            info!("Successfully read Erlang cookie from {}", cookie_path);
            Ok(cookie.trim().to_string())
        }
        Err(e) => {
            warn!("Failed to read Erlang cookie from {}: {}", cookie_path, e);
            Err(anyhow::anyhow!("Failed to read .erlang.cookie: {}", e))
        }
    }
}