// Little Blue's infra sanity check. Runs in the MCP child (no infra creds) — it
// calls the main server's read-only /api/infra/audit, which probes wiki-referenced
// endpoints + registered service URLs and reports anything unreachable (e.g. a
// doc/registry pointing at a stale IP) plus inventory hosts missing a MAC.
function api(env = process.env) { return { base: env.VOID_API_URL, token: env.VOID_AGENT_TOKEN }; }

export const infraAuditTool = {
  name: 'infra_audit',
  description: 'Run a homelab sanity check: probe every IP:port the wiki references and every monitored service, and report unreachable endpoints (stale/incorrect IPs or ports) plus inventory hosts missing a MAC. Read-only — use to verify the docs/registry match reality.',
  input_schema: { type: 'object', properties: {} },
  async handler(_args, _ctx, { fetchImpl = fetch } = {}) {
    const { base, token } = api();
    const res = await fetchImpl(`${base}/api/infra/audit`, { headers: { Authorization: `Bearer ${token}` } });
    if (!res.ok) return { error: `infra_audit ${res.status}` };
    return res.json();
  }
};