package main

import (
	"context"
	"flag"
	"fmt"
	"log"
	"os"
	"time"

	"github.com/fraktal/mev-beta/tools/security-audit/internal"
)

func main() {
	var (
		scanType        = flag.String("scan", "all", "Scan type: code, dependencies, secrets, permissions, network, all")
		outputDir       = flag.String("output", "reports/security", "Output directory")
		verbose         = flag.Bool("verbose", false, "Enable verbose output")
		deepScan        = flag.Bool("deep", false, "Perform deep security analysis")
		includeTests    = flag.Bool("include-tests", false, "Include test files in security scan")
		riskThreshold   = flag.String("risk-threshold", "medium", "Risk threshold: low, medium, high, critical")
		reportFormat    = flag.String("format", "json", "Report format: json, sarif, txt")
		timeout         = flag.Duration("timeout", 10*time.Minute, "Timeout for security operations")
		baseline        = flag.String("baseline", "", "Baseline security report for comparison")
		remediationMode = flag.Bool("remediation", false, "Include remediation suggestions")
		complianceCheck = flag.Bool("compliance", false, "Include compliance checks")
	)
	flag.Parse()

	// Create output directory
	if err := os.MkdirAll(*outputDir, 0755); err != nil {
		log.Fatalf("Failed to create output directory: %v", err)
	}

	// Initialize security auditor
	auditor, err := internal.NewSecurityAuditor(&internal.SecurityAuditConfig{
		ScanType:        *scanType,
		OutputDir:       *outputDir,
		Verbose:         *verbose,
		DeepScan:        *deepScan,
		IncludeTests:    *includeTests,
		RiskThreshold:   *riskThreshold,
		ReportFormat:    *reportFormat,
		Timeout:         *timeout,
		Baseline:        *baseline,
		RemediationMode: *remediationMode,
		ComplianceCheck: *complianceCheck,
	})
	if err != nil {
		log.Fatalf("Failed to initialize security auditor: %v", err)
	}

	ctx := context.Background()
	ctx, cancel := context.WithTimeout(ctx, *timeout)
	defer cancel()

	fmt.Printf("Starting security audit: %s scan...\n", *scanType)
	if err := auditor.RunSecurityAudit(ctx); err != nil {
		log.Fatalf("Security audit failed: %v", err)
	}

	if err := auditor.GenerateReport(); err != nil {
		log.Fatalf("Report generation failed: %v", err)
	}

	fmt.Printf("Security audit complete. Reports saved to: %s\n", *outputDir)
}