{ pkgs
, chromium
, gpuProfile ? "intel-mesa-hd-620"
, drmProfile ? "widevine"
}:

let
  pythonEnv = pkgs.python3.withPackages (ps: [ ps.websockets ]);
  detectionSmokeRunner = ./detection-smoke-runner.py;
in
pkgs.runCommand "cultguard-detect-test-result"
  {
    nativeBuildInputs = [ pythonEnv pkgs.xorg.xorgserver pkgs.jq ];
    CULTGUARD_BROWSER_BINARY = "${chromium}/bin/chromium";
    BASTION_CHROMIUM_GPU_PROFILE = gpuProfile;
    BASTION_CHROMIUM_DRM_PROFILE = drmProfile;
    # Xvfb spawns xkbcomp via /bin/sh, so this local runtime smoke test
    # needs the host filesystem view instead of a strict chroot sandbox.
    __noChroot = true;
  }
''
  set -euo pipefail

  # Create output directory
  mkdir -p "$out"

  # Create temporary directory for test artifacts
  result_dir=$(mktemp -d)
  trap 'rm -rf "$result_dir"' EXIT

  echo "Running detection tests with: $CULTGUARD_BROWSER_BINARY"
  echo "Browser version: $($CULTGUARD_BROWSER_BINARY --version)"
  echo ""

  # Run the detection smoke test
  ${pythonEnv}/bin/python ${detectionSmokeRunner} \
    smoke \
    --launch \
    --headful \
    --artifacts-dir "$result_dir"

  # Copy results to output
  cp -r "$result_dir"/* "$out/"

  # Print summary to stdout (for user feedback)
  echo ""
  echo "=== Test Results ==="
  ${pkgs.jq}/bin/jq '{
    target: .results[0].target.label,
    browser: .results[0].browserVersion.Browser,
    counts: .results[0].evaluation.counts,
    passRate: ((.results[0].evaluation.counts.pass / (.results[0].evaluation.counts.pass + .results[0].evaluation.counts.warn + .results[0].evaluation.counts.fail)) * 100 | floor)
  }' "$out/summary.json"
''