#!/bin/bash
# WEVAL GUARDIAN V3 — FORTRESS MODE — cron */3
LOG=/var/log/weval-guardian.log
DATE=$(date +"%Y-%m-%d %H:%M")
FIXED=0

# === CRITICAL FILES (auto-restore from git if deleted) ===
CRITICAL=(
    "api/weval-ia-fast.php"
    "api/cognitive-wire.php"
    "api/weval-chatbot-api.php"
    "api/wevia-stream-api.php"
    "api/wevia-live-metrics.php"
    "api/nonreg-api.php"
    "api/wevia-agent-chef.php"
    "api/weval-auth-session.php"
    "wevia-cortex.html"
    "wevia.html"
    "weval-translate.js"
    "index.html"
    "cartographie-screens.html"
    "use-cases.html"
)
for f in "${CRITICAL[@]}"; do
    FULL="/var/www/html/$f"
    if [ ! -f "$FULL" ]; then
        cd /var/www/html && echo "[GUARDIAN-ALERT] MISSING: "$f" 2>/dev/null
        echo "[$DATE] RESTORED: $f" >> $LOG
        FIXED=$((FIXED+1))
    fi
    echo "[GUARDIAN-ALERT] WOULD-LOCK: "$FULL" 2>/dev/null
done

# === ALL HTML (re-lock) ===
for f in /var/www/html/*.html; do echo "[GUARDIAN-ALERT] WOULD-LOCK: "$f" 2>/dev/null; done
for f in /var/www/html/products/*.html; do echo "[GUARDIAN-ALERT] WOULD-LOCK: "$f" 2>/dev/null; done

# === ALL APIs (re-lock) ===
for f in /var/www/html/api/wevia-*.php /var/www/html/api/weval-*.php; do echo "[GUARDIAN-ALERT] WOULD-LOCK: "$f" 2>/dev/null; done

# === DOCKER auto-restart ===
for c in mirofish authentik-server authentik-worker searxng qdrant mattermost uptime-kuma plausible n8n twenty vaultwarden prometheus loki langfuse node-exporter; do
    STATUS=$(docker inspect -f '{{.State.Running}}' $c 2>/dev/null)
    if [ "$STATUS" != "true" ]; then
        docker start $c 2>/dev/null
        echo "[$DATE] DOCKER-RESTART: $c" >> $LOG
        FIXED=$((FIXED+1))
    fi
done

# === ROUTES anti-regression ===
ROUTES=$(grep -c "// Route" /var/www/html/api/weval-ia-fast.php 2>/dev/null)
if [ "$ROUTES" -lt 370 ]; then
    echo "[$DATE] ALERT: Routes=$ROUTES < 370!" >> $LOG
fi

# === OLLAMA models ===
MODELS=$(curl -s http://127.0.0.1:11434/api/tags 2>/dev/null | python3 -c "import sys,json;print(len(json.load(sys.stdin).get('models',[])))" 2>/dev/null)
if [ "$MODELS" -lt 8 ]; then
    echo "[$DATE] ALERT: Ollama=$MODELS < 8!" >> $LOG
fi

# === NGINX alive ===
NGINX=$(curl -sk --max-time 2 -o /dev/null -w "%{http_code}" https://weval-consulting.com/ 2>/dev/null)
if [ "$NGINX" != "200" ]; then
    nginx -t 2>/dev/null && nginx -s reload 2>/dev/null
    echo "[$DATE] NGINX-RELOAD: was $NGINX" >> $LOG
    FIXED=$((FIXED+1))
fi

if [ $FIXED -gt 0 ]; then
    echo "[$DATE] GUARDIAN: Fixed $FIXED issues" >> $LOG
fi