import { Router } from 'express';
import { asyncWrap } from '../errors.js';
import { pool } from '../../db/pool.js';
import * as monitored from '../../db/repos/monitored_services.js';
import * as networkHosts from '../../db/repos/network_hosts.js';
import { runAudit, tcpProbe } from '../../infra/audit.js';

// Read-only infra sanity check: probe every IP:port referenced in the wiki and
// every enabled service URL, and surface hosts missing a recorded MAC. Available
// to the owner or any authed agent (no mutations, just TCP connects).
export const router = Router();

const probe = (host, port) => tcpProbe(host, port, 1500);

router.get('/audit', asyncWrap(async (_req, res) => {
  const { rows: pages } = await pool.query(
    `SELECT p.title, p.body_md FROM pages p JOIN spaces s ON s.id = p.space_id WHERE s.slug = 'wiki'`);
  const services = (await monitored.listEnabled()).filter(s => /^https?:\/\//.test(s.url || ''));
  const report = await runAudit({ pages, services, probe });
  const missingMac = (await networkHosts.missingMac()).map(h => h.id);
  res.json({ ...report, inventory: { missing_mac: missingMac } });
}));

router.get('/hosts', asyncWrap(async (_req, res) => {
  res.json({ hosts: await networkHosts.all() });
}));