<?php
header("Content-Type: application/json; charset=utf-8");
$secrets=[];foreach(file("/etc/weval/secrets.env",2|4) as $l){if(strpos($l,'=')!==false){list($k,$v)=explode('=',$l,2);$secrets[trim($k)]=trim($v," \t\"'");}}

$action=$_GET["action"]??"";
if($action=="renew_ssl"){echo json_encode(["result"=>shell_exec("certbot renew 2>&1 | tail -3")]);exit;}
if($action=="cleanup"){shell_exec("journalctl --vacuum-size=50M 2>/dev/null;find /tmp -mtime +2 -delete 2>/dev/null;docker system prune -f 2>/dev/null");echo json_encode(["disk"=>trim(shell_exec("df / | awk 'NR==2{print \$5}'"))]);exit;}

$checks=[];

// GitHub PAT
$gh=$secrets["GITHUB_TOKEN"]??"";
if($gh){$ch=curl_init("https://api.github.com/user");curl_setopt_array($ch,[CURLOPT_HTTPHEADER=>["Authorization: token $gh","User-Agent: WEVIA"],CURLOPT_RETURNTRANSFER=>1,CURLOPT_TIMEOUT=>5]);curl_exec($ch);$c=curl_getinfo($ch,CURLINFO_HTTP_CODE);curl_close($ch);$checks["github_pat"]=["status"=>$c==200?"valid":"expired","action"=>"github.com/settings/tokens","deadline"=>"2026-04-15"];}
else $checks["github_pat"]=["status"=>"missing","action"=>"Add GITHUB_TOKEN"];

// WhatsApp
$wa=$secrets["WHATSAPP_TOKEN"]??"";$checks["whatsapp"]=["status"=>$wa?"check":"missing","action"=>"Meta Business App 1264346192224693"];

// HuggingFace
$hf=$secrets["HF_TOKEN"]??"";
if($hf){$ch=curl_init("https://huggingface.co/api/whoami");curl_setopt_array($ch,[CURLOPT_HTTPHEADER=>["Authorization: Bearer $hf"],CURLOPT_RETURNTRANSFER=>1,CURLOPT_TIMEOUT=>5]);curl_exec($ch);$c=curl_getinfo($ch,CURLINFO_HTTP_CODE);curl_close($ch);$checks["huggingface"]=["status"=>$c==200?"valid":"expired","action"=>"huggingface.co/settings/tokens"];}
else $checks["huggingface"]=["status"=>"missing"];

// Claude API
$cl=$secrets["ANTHROPIC_API_KEY"]??"";$checks["claude_api"]=["status"=>$cl?"check_credits":"missing","action"=>"console.anthropic.com"];

// Disk
$disk=intval(trim(shell_exec("df / | awk 'NR==2{print $5}' | tr -d '%'")));
$checks["disk"]=["status"=>$disk<85?"ok":($disk<90?"warning":"critical"),"usage"=>$disk."%"];

// SSL
$ssl=trim(shell_exec("echo|openssl s_client -connect weval-consulting.com:443 -servername weval-consulting.com 2>/dev/null|openssl x509 -noout -checkend 604800 2>/dev/null && echo ok || echo expiring"));
$checks["ssl"]=["status"=>$ssl=="ok"?"ok":"warning"];

// O365
$checks["o365"]=["status"=>"pending","accounts"=>5,"action"=>"Rotate passwords: rodolftripp,sfgb518,phyleciaamato,kamrynnbonilla,jolineweatherly"];

// Blade
$checks["blade"]=["status"=>"offline","action"=>"Reboot Windows Razer Blade"];

$urgent=0;$ok=0;
foreach($checks as $c){if(in_array($c["status"],["expired","missing","critical","offline","pending"]))$urgent++;else $ok++;}
echo json_encode(["date"=>date("Y-m-d H:i"),"checks"=>$checks,"summary"=>["ok"=>$ok,"urgent"=>$urgent,"total"=>count($checks)]],JSON_UNESCAPED_UNICODE|JSON_PRETTY_PRINT);