path = '/home/rastreador/api/app.py'
with open(path) as f: code = f.read()

new = '''# --- Pages (server-side rendered con nav sticky) ---

import html as _html
def h(s):
    if s is None: return ""
    return _html.escape(str(s))


def render_nav(current: str, is_admin: bool, username: str = "") -> str:
    admin_link = '<a href="users">Usuarios</a>' if is_admin else ""
    if username:
        right = (
            '<div class="nav-user">'
            f'<span class="nav-user-name">{h(username)}</span>'
            f'<span class="nav-user-role">{"admin" if is_admin else "user"}</span>'
            '<button class="nav-btn-secondary" onclick="showChangePw()">Mi pass</button>'
            '<button class="nav-btn-secondary" onclick="logoutUser()">Salir</button>'
            '</div>'
        )
    else:
        right = '<a class="nav-btn-primary" href="login">Login</a>'

    def link(key, label, path):
        active = ' class="active"' if current == key else ""
        return f'<a href="{path}"{active}>{label}</a>'

    return (
        '<nav class="topnav">'
        '<div class="topnav-inner">'
        '<a class="topnav-brand" href=".">MSC Tracker</a>'
        '<div class="topnav-links">'
        + link("panel", "Panel", ".")
        + link("docs", "Docs", "docs")
        + admin_link
        + '</div>'
        + right
        + '</div>'
        '</nav>'
    )


def render_page(title: str, current: str, body: str, username: str = "", is_admin: bool = False) -> str:
    return (
        '<!doctype html><html lang="es-AR"><head>'
        '<meta charset="utf-8">'
        '<meta name="viewport" content="width=device-width,initial-scale=1">'
        f'<title>{h(title)} - MSC Tracker</title>'
        '<link rel="stylesheet" href="static/style.css">'
        '</head><body>'
        + render_nav(current, is_admin, username)
        + '<main class="page">'
        + body
        + '</main>'
        + '<div id="toast" class="toast hidden"></div>'
        + '<div id="pw-modal" class="modal-bg hidden" onclick="closePw(event)">'
        + '<div class="modal" onclick="event.stopPropagation()">'
        + '<span class="close" onclick="closePw()">X cerrar</span>'
        + '<h3>Cambiar mi password</h3>'
        + '<label>Actual</label><input id="pw-old" type="password">'
        + '<label>Nuevo (min 6)</label><input id="pw-new" type="password">'
        + '<label>Repetir</label><input id="pw-new2" type="password">'
        + '<button class="btn-primary" onclick="submitChangePw()">Cambiar</button>'
        + '<div id="pw-err"></div>'
        + '</div></div>'
        + '<script src="static/app.js"></script>'
        + '</body></html>'
    )


def get_user_from_cookie(request: Request) -> dict:
    token = request.cookies.get(SESSION_COOKIE)
    if not token:
        return {"username": None, "role": None}
    sess = get_session_user(token)
    if not sess:
        return {"username": None, "role": None}
    return sess


@app.get("/login", response_class=HTMLResponse)
def login_page():
    return HTMLResponse((STATIC_DIR / "login.html").read_text())


@app.get("/", response_class=HTMLResponse)
def index(request: Request):
    user = get_user_from_cookie(request)
    if not user["username"]:
        return RedirectResponse(url="/login", status_code=302)
    body = (STATIC_DIR / "index.html").read_text()
    import re
    m = re.search(r"<body[^>]*>(.*?)</body>", body, re.DOTALL)
    if m:
        body = m.group(1)
    return HTMLResponse(render_page("Panel", "panel", body, user["username"], user["role"] == "admin"))


@app.get("/docs", response_class=HTMLResponse)
def docs_index(request: Request):
    user = get_user_from_cookie(request)
    body = (
        '<h1>Centro de documentacion</h1>'
        '<p class="lead">Guia completa de uso del MSC Tracker. Todo lo que necesitas saber para usar el panel y la API.</p>'
        '<div class="doc-grid">'
        '<a class="doc-card" href="docs/start"><h3>Para empezar</h3><p>Login, cambiar password, agregar containers, cambiar intervalo.</p></a>'
        '<a class="doc-card" href="docs/andres"><h3>Para Andres (cron PHP)</h3><p>Codigo PHP listo para copiar. El caso de uso principal.</p></a>'
        '<a class="doc-card" href="docs/api"><h3>Referencia de API</h3><p>Todos los endpoints con ejemplos curl.</p></a>'
        '<a class="doc-card" href="docs/errors"><h3>Errores y troubleshooting</h3><p>Que hacer cuando algo se rompe o MSC bloquea.</p></a>'
        '<a class="doc-card" href="docs/ops"><h3>Operacion y estructura</h3><p>Archivos, logs, backup, que pasa si se cae.</p></a>'
        '<a class="doc-card" href="llms.txt" target="_blank"><h3>Docs para AI (llms.txt)</h3><p>Formato OpenAI-friendly. Pensado para LLM crawlers.</p></a>'
        '</div>'
    )
    return HTMLResponse(render_page("Docs", "docs", body, user["username"] or "", user["role"] == "admin"))


def _read_doc(name: str) -> str:
    p = STATIC_DIR / "doc" / name
    if not p.exists():
        return f"<h1>{h(name)}</h1><p>En construccion. Volve mas tarde.</p>"
    return p.read_text()


@app.get("/docs/{name}", response_class=HTMLResponse)
def doc_page(name: str, request: Request):
    user = get_user_from_cookie(request)
    allowed = {"start", "andres", "api", "errors", "ops"}
    if name not in allowed:
        return HTMLResponse(
            render_page("404", "docs", "<h1>404</h1><p>Esa pagina no existe. Volve a <a href=\\'docs\\'>docs</a>.</p>", user["username"] or ""),
            status_code=404,
        )
    body = _read_doc(name + ".html")
    return HTMLResponse(render_page(name.capitalize(), "docs", body, user["username"] or "", user["role"] == "admin"))


@app.get("/users", response_class=HTMLResponse)
def users_page(request: Request):
    user = get_user_from_cookie(request)
    if not user["username"]:
        return RedirectResponse(url="/login", status_code=302)
    if user["role"] != "admin":
        return HTMLResponse(
            render_page("Sin permisos", "users", "<h1>Acceso denegado</h1><p>Solo admins pueden ver esta seccion.</p>", user["username"], False),
            status_code=403,
        )
    body = (STATIC_DIR / "users.html").read_text()
    return HTMLResponse(render_page("Usuarios", "users", body, user["username"], True))


@app.get("/logout", response_class=HTMLResponse)
def logout_page(response: Response, request: Request):
    token = request.cookies.get(SESSION_COOKIE)
    if token:
        delete_session(token)
    r = RedirectResponse(url="/login", status_code=302)
    r.delete_cookie(SESSION_COOKIE)
    return r
'''

old = '''# --- Pages ---
@app.get("/", response_class=HTMLResponse)
def index():
    return HTMLResponse((STATIC_DIR / "index.html").read_text())


@app.get("/login", response_class=HTMLResponse)
def login_page():
    return HTMLResponse((STATIC_DIR / "login.html").read_text())'''

if old in code:
    code = code.replace(old, new)
    with open(path, 'w') as f: f.write(code)
    print('OK')
else:
    print('marker not found')