#!/usr/bin/env python3
"""Trigger the integrity check inside the AtoCore container.

The scan itself lives in the container (needs direct DB access via the
already-loaded sqlite connection). This host-side wrapper just POSTs to
/admin/integrity-check so the nightly cron can kick it off from bash
without needing the container's Python deps on the host.

Usage:
  python3 scripts/integrity_check.py [--base-url URL] [--dry-run]
"""

from __future__ import annotations

import argparse
import json
import os
import sys
import urllib.parse
import urllib.request


def main() -> None:
    parser = argparse.ArgumentParser()
    parser.add_argument("--base-url", default=os.environ.get("ATOCORE_BASE_URL", "http://127.0.0.1:8100"))
    parser.add_argument("--dry-run", action="store_true",
                        help="Report without persisting findings to state")
    args = parser.parse_args()

    url = args.base_url.rstrip("/") + "/admin/integrity-check"
    if args.dry_run:
        url += "?persist=false"

    req = urllib.request.Request(url, method="POST")
    try:
        with urllib.request.urlopen(req, timeout=30) as resp:
            result = json.loads(resp.read().decode("utf-8"))
    except Exception as e:
        print(f"ERROR: could not reach {url}: {e}", file=sys.stderr)
        sys.exit(1)

    print(json.dumps(result, indent=2))
    if not result.get("ok", True):
        # Non-zero exit so cron logs flag it
        sys.exit(2)


if __name__ == "__main__":
    main()