web-hosts/domains/coppertone.tech/scripts/audit/05-infrastructure-audit.sh

#!/bin/bash
# =============================================================================
# INFRASTRUCTURE AUDIT SCRIPT
# Containers, Networking, CI/CD, Configuration, and Deployment
# =============================================================================

set -e

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
OUTPUT_DIR="$PROJECT_ROOT/audit-reports/infrastructure-audit"
TIMESTAMP=$(date +%Y%m%d-%H%M%S)

# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'

echo -e "${BLUE}========================================${NC}"
echo -e "${BLUE}   INFRASTRUCTURE AUDIT${NC}"
echo -e "${BLUE}========================================${NC}"
echo ""

mkdir -p "$OUTPUT_DIR"

# =============================================================================
# 1. CONTAINER CONFIGURATION AUDIT
# =============================================================================
echo -e "${YELLOW}[1/12] Auditing container configurations...${NC}"
CONTAINER_OUTPUT="$OUTPUT_DIR/containers-$TIMESTAMP.txt"
echo "# Container Configuration Audit - $TIMESTAMP" > "$CONTAINER_OUTPUT"

echo "== Containerfiles Found ==" >> "$CONTAINER_OUTPUT"
find "$PROJECT_ROOT" -name "Containerfile" -o -name "Dockerfile" 2>/dev/null | grep -v node_modules >> "$CONTAINER_OUTPUT" || echo "None found" >> "$CONTAINER_OUTPUT"
echo "" >> "$CONTAINER_OUTPUT"

echo "== Base Images Used ==" >> "$CONTAINER_OUTPUT"
grep -rn "^FROM" "$PROJECT_ROOT" --include="Containerfile" --include="Dockerfile" 2>/dev/null >> "$CONTAINER_OUTPUT" || echo "None found" >> "$CONTAINER_OUTPUT"
echo "" >> "$CONTAINER_OUTPUT"

echo "== Multi-stage Builds ==" >> "$CONTAINER_OUTPUT"
for cf in $(find "$PROJECT_ROOT" -name "Containerfile" -o -name "Dockerfile" 2>/dev/null | grep -v node_modules); do
    count=$(grep -c "^FROM" "$cf" 2>/dev/null || echo "0")
    if [ "$count" -gt 1 ]; then
        echo "[GOOD] $cf uses multi-stage build ($count stages)" >> "$CONTAINER_OUTPUT"
    else
        echo "[WARN] $cf is single-stage (consider multi-stage for smaller images)" >> "$CONTAINER_OUTPUT"
    fi
done
echo "" >> "$CONTAINER_OUTPUT"

echo "== USER Directive (non-root) ==" >> "$CONTAINER_OUTPUT"
for cf in $(find "$PROJECT_ROOT" -name "Containerfile" -o -name "Dockerfile" 2>/dev/null | grep -v node_modules); do
    if grep -q "^USER" "$cf" 2>/dev/null; then
        echo "[GOOD] $cf sets USER" >> "$CONTAINER_OUTPUT"
    else
        echo "[CRITICAL] $cf runs as root!" >> "$CONTAINER_OUTPUT"
    fi
done
echo "" >> "$CONTAINER_OUTPUT"

echo "== HEALTHCHECK Directive ==" >> "$CONTAINER_OUTPUT"
grep -rn "HEALTHCHECK" "$PROJECT_ROOT" --include="Containerfile" --include="Dockerfile" 2>/dev/null >> "$CONTAINER_OUTPUT" || echo "No HEALTHCHECK found in Containerfiles" >> "$CONTAINER_OUTPUT"
echo "" >> "$CONTAINER_OUTPUT"

echo "== Exposed Ports ==" >> "$CONTAINER_OUTPUT"
grep -rn "^EXPOSE" "$PROJECT_ROOT" --include="Containerfile" --include="Dockerfile" 2>/dev/null >> "$CONTAINER_OUTPUT" || echo "None found" >> "$CONTAINER_OUTPUT"
echo -e "${GREEN}  Output: $CONTAINER_OUTPUT${NC}"

# =============================================================================
# 2. DOCKER/PODMAN COMPOSE AUDIT
# =============================================================================
echo -e "${YELLOW}[2/12] Auditing compose configuration...${NC}"
COMPOSE_OUTPUT="$OUTPUT_DIR/compose-$TIMESTAMP.txt"
echo "# Docker/Podman Compose Audit - $TIMESTAMP" > "$COMPOSE_OUTPUT"

COMPOSE_FILE="$PROJECT_ROOT/podman-compose.yml"
if [ -f "$COMPOSE_FILE" ]; then
    echo "== Compose File Content ==" >> "$COMPOSE_OUTPUT"
    cat "$COMPOSE_FILE" >> "$COMPOSE_OUTPUT"
    echo "" >> "$COMPOSE_OUTPUT"

    echo "== Services Defined ==" >> "$COMPOSE_OUTPUT"
    grep -E "^\s+[a-z].*:" "$COMPOSE_FILE" | grep -v "^\s*#" | head -20 >> "$COMPOSE_OUTPUT" || true
    echo "" >> "$COMPOSE_OUTPUT"

    echo "== Volume Mounts ==" >> "$COMPOSE_OUTPUT"
    grep -A 5 "volumes:" "$COMPOSE_FILE" 2>/dev/null >> "$COMPOSE_OUTPUT" || echo "None found" >> "$COMPOSE_OUTPUT"
    echo "" >> "$COMPOSE_OUTPUT"

    echo "== Environment Variables Exposed ==" >> "$COMPOSE_OUTPUT"
    grep -E "^\s+-\s+[A-Z_]+=|environment:" "$COMPOSE_FILE" 2>/dev/null >> "$COMPOSE_OUTPUT" || echo "None found" >> "$COMPOSE_OUTPUT"
    echo "" >> "$COMPOSE_OUTPUT"

    echo "== Port Mappings ==" >> "$COMPOSE_OUTPUT"
    grep -E "ports:" -A 5 "$COMPOSE_FILE" 2>/dev/null >> "$COMPOSE_OUTPUT" || echo "None found" >> "$COMPOSE_OUTPUT"
    echo "" >> "$COMPOSE_OUTPUT"

    echo "== Network Configuration ==" >> "$COMPOSE_OUTPUT"
    grep -E "networks:" -A 10 "$COMPOSE_FILE" 2>/dev/null >> "$COMPOSE_OUTPUT" || echo "Using default network" >> "$COMPOSE_OUTPUT"
    echo "" >> "$COMPOSE_OUTPUT"

    echo "== Restart Policies ==" >> "$COMPOSE_OUTPUT"
    grep "restart:" "$COMPOSE_FILE" 2>/dev/null >> "$COMPOSE_OUTPUT" || echo "No restart policies defined" >> "$COMPOSE_OUTPUT"
    echo "" >> "$COMPOSE_OUTPUT"

    echo "== Resource Limits ==" >> "$COMPOSE_OUTPUT"
    grep -E "mem_limit|cpus|resources:" "$COMPOSE_FILE" 2>/dev/null >> "$COMPOSE_OUTPUT" || echo "NO RESOURCE LIMITS - consider adding" >> "$COMPOSE_OUTPUT"
else
    echo "No podman-compose.yml found" >> "$COMPOSE_OUTPUT"
fi
echo -e "${GREEN}  Output: $COMPOSE_OUTPUT${NC}"

# =============================================================================
# 3. CI/CD PIPELINE AUDIT
# =============================================================================
echo -e "${YELLOW}[3/12] Auditing CI/CD configuration...${NC}"
CICD_OUTPUT="$OUTPUT_DIR/cicd-$TIMESTAMP.txt"
echo "# CI/CD Pipeline Audit - $TIMESTAMP" > "$CICD_OUTPUT"

echo "== CI/CD Configurations Found ==" >> "$CICD_OUTPUT"
find "$PROJECT_ROOT" -name "*.yml" -o -name "*.yaml" 2>/dev/null | xargs grep -l "workflow\|pipeline\|job\|stage" 2>/dev/null | grep -v node_modules >> "$CICD_OUTPUT" || echo "None found" >> "$CICD_OUTPUT"
echo "" >> "$CICD_OUTPUT"

echo "== Gitea Actions ==" >> "$CICD_OUTPUT"
if [ -d "$PROJECT_ROOT/.gitea/workflows" ]; then
    ls -la "$PROJECT_ROOT/.gitea/workflows/" >> "$CICD_OUTPUT"
    echo "" >> "$CICD_OUTPUT"
    for workflow in "$PROJECT_ROOT/.gitea/workflows"/*.yml; do
        if [ -f "$workflow" ]; then
            echo "=== $(basename "$workflow") ===" >> "$CICD_OUTPUT"
            cat "$workflow" >> "$CICD_OUTPUT"
            echo "" >> "$CICD_OUTPUT"
        fi
    done
else
    echo "No Gitea Actions found" >> "$CICD_OUTPUT"
fi
echo "" >> "$CICD_OUTPUT"

echo "== GitHub Actions ==" >> "$CICD_OUTPUT"
if [ -d "$PROJECT_ROOT/.github/workflows" ]; then
    ls -la "$PROJECT_ROOT/.github/workflows/" >> "$CICD_OUTPUT"
else
    echo "No GitHub Actions found" >> "$CICD_OUTPUT"
fi
echo "" >> "$CICD_OUTPUT"

echo "== Security in CI/CD ==" >> "$CICD_OUTPUT"
grep -rn "secret\|SECRET\|token\|TOKEN" "$PROJECT_ROOT/.gitea" "$PROJECT_ROOT/.github" --include="*.yml" 2>/dev/null >> "$CICD_OUTPUT" || echo "None found" >> "$CICD_OUTPUT"
echo -e "${GREEN}  Output: $CICD_OUTPUT${NC}"

# =============================================================================
# 4. CONFIGURATION FILES AUDIT
# =============================================================================
echo -e "${YELLOW}[4/12] Auditing configuration files...${NC}"
CONFIG_OUTPUT="$OUTPUT_DIR/config-files-$TIMESTAMP.txt"
echo "# Configuration Files Audit - $TIMESTAMP" > "$CONFIG_OUTPUT"

echo "== Configuration Files Found ==" >> "$CONFIG_OUTPUT"
find "$PROJECT_ROOT" \( -name "*.conf" -o -name "*.config.*" -o -name "*.json" -o -name "*.yml" -o -name "*.yaml" -o -name "*.toml" \) 2>/dev/null | grep -v node_modules | grep -v ".git" >> "$CONFIG_OUTPUT" || echo "None found" >> "$CONFIG_OUTPUT"
echo "" >> "$CONFIG_OUTPUT"

echo "== .env Files ==" >> "$CONFIG_OUTPUT"
find "$PROJECT_ROOT" -name ".env*" 2>/dev/null | grep -v node_modules >> "$CONFIG_OUTPUT" || echo "None found" >> "$CONFIG_OUTPUT"
echo "" >> "$CONFIG_OUTPUT"

echo "== Environment Variable Usage ==" >> "$CONFIG_OUTPUT"
grep -rn "os.Getenv\|process.env\|import.meta.env" "$PROJECT_ROOT" --include="*.go" --include="*.ts" --include="*.vue" 2>/dev/null | head -50 >> "$CONFIG_OUTPUT" || echo "None found" >> "$CONFIG_OUTPUT"
echo -e "${GREEN}  Output: $CONFIG_OUTPUT${NC}"

# =============================================================================
# 5. NETWORK SECURITY AUDIT
# =============================================================================
echo -e "${YELLOW}[5/12] Auditing network configuration...${NC}"
NETWORK_OUTPUT="$OUTPUT_DIR/network-$TIMESTAMP.txt"
echo "# Network Security Audit - $TIMESTAMP" > "$NETWORK_OUTPUT"

echo "== Listening Ports (if containers running) ==" >> "$NETWORK_OUTPUT"
if command -v podman &> /dev/null; then
    podman ps --format "{{.Names}}: {{.Ports}}" 2>&1 >> "$NETWORK_OUTPUT" || echo "No containers running" >> "$NETWORK_OUTPUT"
fi
echo "" >> "$NETWORK_OUTPUT"

echo "== TLS/SSL Configuration ==" >> "$NETWORK_OUTPUT"
grep -rn "tls\|TLS\|ssl\|SSL\|https\|HTTPS\|certificate\|cert" "$PROJECT_ROOT" --include="*.go" --include="*.yml" --include="*.conf" 2>/dev/null | head -30 >> "$NETWORK_OUTPUT" || echo "None found" >> "$NETWORK_OUTPUT"
echo "" >> "$NETWORK_OUTPUT"

echo "== Internal vs External Services ==" >> "$NETWORK_OUTPUT"
grep -rn "localhost\|127.0.0.1\|0.0.0.0" "$PROJECT_ROOT" --include="*.go" --include="*.yml" --include="*.ts" 2>/dev/null | head -30 >> "$NETWORK_OUTPUT" || echo "None found" >> "$NETWORK_OUTPUT"
echo -e "${GREEN}  Output: $NETWORK_OUTPUT${NC}"

# =============================================================================
# 6. SECRETS MANAGEMENT AUDIT
# =============================================================================
echo -e "${YELLOW}[6/12] Auditing secrets management...${NC}"
SECRETS_OUTPUT="$OUTPUT_DIR/secrets-management-$TIMESTAMP.txt"
echo "# Secrets Management Audit - $TIMESTAMP" > "$SECRETS_OUTPUT"

echo "== Environment-based Secrets (podman-compose) ==" >> "$SECRETS_OUTPUT"
grep -E "SECRET|PASSWORD|KEY|TOKEN" "$PROJECT_ROOT/podman-compose.yml" 2>/dev/null >> "$SECRETS_OUTPUT" || echo "None found" >> "$SECRETS_OUTPUT"
echo "" >> "$SECRETS_OUTPUT"

echo "== Secret Injection Pattern ==" >> "$SECRETS_OUTPUT"
grep -rn '\${.*SECRET\|:-.*secret' "$PROJECT_ROOT" --include="*.yml" --include="*.yaml" 2>/dev/null >> "$SECRETS_OUTPUT" || echo "None found" >> "$SECRETS_OUTPUT"
echo "" >> "$SECRETS_OUTPUT"

echo "== Vault/Secret Manager Usage ==" >> "$SECRETS_OUTPUT"
grep -rn "vault\|Vault\|secretmanager\|SecretManager\|AWS.*Secret" "$PROJECT_ROOT" --include="*.go" --include="*.ts" 2>/dev/null >> "$SECRETS_OUTPUT" || echo "No secret manager integration found" >> "$SECRETS_OUTPUT"
echo -e "${GREEN}  Output: $SECRETS_OUTPUT${NC}"

# =============================================================================
# 7. LOGGING & MONITORING AUDIT
# =============================================================================
echo -e "${YELLOW}[7/12] Auditing logging and monitoring...${NC}"
LOGGING_OUTPUT="$OUTPUT_DIR/logging-monitoring-$TIMESTAMP.txt"
echo "# Logging & Monitoring Audit - $TIMESTAMP" > "$LOGGING_OUTPUT"

echo "== Logging Libraries Used ==" >> "$LOGGING_OUTPUT"
grep -rn "log\|logger\|Logger\|zap\|logrus\|zerolog" "$PROJECT_ROOT/backend" --include="*.go" 2>/dev/null | head -30 >> "$LOGGING_OUTPUT" || echo "None found" >> "$LOGGING_OUTPUT"
echo "" >> "$LOGGING_OUTPUT"

echo "== Health Check Endpoints ==" >> "$LOGGING_OUTPUT"
grep -rn "health\|Health\|healthz\|ready\|live" "$PROJECT_ROOT/backend" --include="*.go" 2>/dev/null >> "$LOGGING_OUTPUT" || echo "None found" >> "$LOGGING_OUTPUT"
echo "" >> "$LOGGING_OUTPUT"

echo "== Metrics Endpoints ==" >> "$LOGGING_OUTPUT"
grep -rn "metrics\|Metrics\|prometheus\|Prometheus" "$PROJECT_ROOT" --include="*.go" --include="*.yml" 2>/dev/null >> "$LOGGING_OUTPUT" || echo "No metrics endpoints found" >> "$LOGGING_OUTPUT"
echo "" >> "$LOGGING_OUTPUT"

echo "== Tracing Implementation ==" >> "$LOGGING_OUTPUT"
grep -rn "trace\|Trace\|opentelemetry\|jaeger\|zipkin" "$PROJECT_ROOT" --include="*.go" 2>/dev/null >> "$LOGGING_OUTPUT" || echo "No tracing found" >> "$LOGGING_OUTPUT"
echo -e "${GREEN}  Output: $LOGGING_OUTPUT${NC}"

# =============================================================================
# 8. BACKUP & DISASTER RECOVERY AUDIT
# =============================================================================
echo -e "${YELLOW}[8/12] Auditing backup and DR...${NC}"
BACKUP_OUTPUT="$OUTPUT_DIR/backup-dr-$TIMESTAMP.txt"
echo "# Backup & Disaster Recovery Audit - $TIMESTAMP" > "$BACKUP_OUTPUT"

echo "== Backup Scripts ==" >> "$BACKUP_OUTPUT"
find "$PROJECT_ROOT" -name "*backup*" -o -name "*dump*" -o -name "*restore*" 2>/dev/null | grep -v node_modules >> "$BACKUP_OUTPUT" || echo "No backup scripts found" >> "$BACKUP_OUTPUT"
echo "" >> "$BACKUP_OUTPUT"

echo "== Volume Persistence ==" >> "$BACKUP_OUTPUT"
grep -A 5 "volumes:" "$PROJECT_ROOT/podman-compose.yml" 2>/dev/null >> "$BACKUP_OUTPUT" || echo "Check compose file" >> "$BACKUP_OUTPUT"
echo "" >> "$BACKUP_OUTPUT"

echo "== Database Backup Configuration ==" >> "$BACKUP_OUTPUT"
grep -rn "pg_dump\|mysqldump\|backup" "$PROJECT_ROOT" --include="*.sh" --include="*.yml" 2>/dev/null >> "$BACKUP_OUTPUT" || echo "No database backup config found" >> "$BACKUP_OUTPUT"
echo -e "${GREEN}  Output: $BACKUP_OUTPUT${NC}"

# =============================================================================
# 9. RESOURCE MANAGEMENT AUDIT
# =============================================================================
echo -e "${YELLOW}[9/12] Auditing resource management...${NC}"
RESOURCES_OUTPUT="$OUTPUT_DIR/resources-$TIMESTAMP.txt"
echo "# Resource Management Audit - $TIMESTAMP" > "$RESOURCES_OUTPUT"

echo "== Container Resource Limits ==" >> "$RESOURCES_OUTPUT"
grep -E "mem_limit|cpu|resources|limits|reservations" "$PROJECT_ROOT/podman-compose.yml" 2>/dev/null >> "$RESOURCES_OUTPUT" || echo "NO RESOURCE LIMITS DEFINED" >> "$RESOURCES_OUTPUT"
echo "" >> "$RESOURCES_OUTPUT"

echo "== Current Container Resource Usage ==" >> "$RESOURCES_OUTPUT"
if command -v podman &> /dev/null; then
    podman stats --no-stream 2>&1 >> "$RESOURCES_OUTPUT" || echo "No containers running" >> "$RESOURCES_OUTPUT"
fi
echo "" >> "$RESOURCES_OUTPUT"

echo "== Connection Pool Settings ==" >> "$RESOURCES_OUTPUT"
grep -rn "MaxOpenConns\|MaxIdleConns\|pool\|Pool" "$PROJECT_ROOT/backend" --include="*.go" 2>/dev/null >> "$RESOURCES_OUTPUT" || echo "No pool settings found" >> "$RESOURCES_OUTPUT"
echo -e "${GREEN}  Output: $RESOURCES_OUTPUT${NC}"

# =============================================================================
# 10. DEPENDENCY MANAGEMENT AUDIT
# =============================================================================
echo -e "${YELLOW}[10/12] Auditing dependency management...${NC}"
DEP_OUTPUT="$OUTPUT_DIR/dependency-mgmt-$TIMESTAMP.txt"
echo "# Dependency Management Audit - $TIMESTAMP" > "$DEP_OUTPUT"

echo "== Go Module Files ==" >> "$DEP_OUTPUT"
find "$PROJECT_ROOT/backend" -name "go.mod" 2>/dev/null >> "$DEP_OUTPUT" || echo "None found" >> "$DEP_OUTPUT"
echo "" >> "$DEP_OUTPUT"

echo "== NPM Package Files ==" >> "$DEP_OUTPUT"
find "$PROJECT_ROOT" -name "package.json" 2>/dev/null | grep -v node_modules >> "$DEP_OUTPUT" || echo "None found" >> "$DEP_OUTPUT"
echo "" >> "$DEP_OUTPUT"

echo "== Lock Files (version pinning) ==" >> "$DEP_OUTPUT"
find "$PROJECT_ROOT" \( -name "go.sum" -o -name "package-lock.json" -o -name "pnpm-lock.yaml" -o -name "yarn.lock" \) 2>/dev/null | grep -v node_modules >> "$DEP_OUTPUT" || echo "None found - VERSION PINNING CRITICAL" >> "$DEP_OUTPUT"
echo -e "${GREEN}  Output: $DEP_OUTPUT${NC}"

# =============================================================================
# 11. DOCUMENTATION AUDIT
# =============================================================================
echo -e "${YELLOW}[11/12] Auditing documentation...${NC}"
DOCS_OUTPUT="$OUTPUT_DIR/documentation-$TIMESTAMP.txt"
echo "# Documentation Audit - $TIMESTAMP" > "$DOCS_OUTPUT"

echo "== README Files ==" >> "$DOCS_OUTPUT"
find "$PROJECT_ROOT" -name "README*" 2>/dev/null | grep -v node_modules >> "$DOCS_OUTPUT" || echo "None found" >> "$DOCS_OUTPUT"
echo "" >> "$DOCS_OUTPUT"

echo "== API Documentation ==" >> "$DOCS_OUTPUT"
find "$PROJECT_ROOT" \( -name "*api*" -o -name "*swagger*" -o -name "*openapi*" \) -type f 2>/dev/null | grep -v node_modules >> "$DOCS_OUTPUT" || echo "No API docs found" >> "$DOCS_OUTPUT"
echo "" >> "$DOCS_OUTPUT"

echo "== Architecture Documentation ==" >> "$DOCS_OUTPUT"
find "$PROJECT_ROOT/docs" -type f 2>/dev/null >> "$DOCS_OUTPUT" || echo "No docs directory" >> "$DOCS_OUTPUT"
echo "" >> "$DOCS_OUTPUT"

echo "== Code Comments Density ==" >> "$DOCS_OUTPUT"
echo "Go files:" >> "$DOCS_OUTPUT"
total_lines=$(find "$PROJECT_ROOT/backend" -name "*.go" -exec cat {} \; 2>/dev/null | wc -l)
comment_lines=$(find "$PROJECT_ROOT/backend" -name "*.go" -exec grep -c "^\s*//" {} \; 2>/dev/null | awk '{sum+=$1} END {print sum}')
echo "Total lines: $total_lines, Comment lines: ~$comment_lines" >> "$DOCS_OUTPUT"
echo -e "${GREEN}  Output: $DOCS_OUTPUT${NC}"

# =============================================================================
# 12. LIVE INFRASTRUCTURE CHECK
# =============================================================================
echo -e "${YELLOW}[12/12] Checking live infrastructure...${NC}"
LIVE_OUTPUT="$OUTPUT_DIR/live-infra-$TIMESTAMP.txt"
echo "# Live Infrastructure Check - $TIMESTAMP" > "$LIVE_OUTPUT"

echo "== Running Containers ==" >> "$LIVE_OUTPUT"
if command -v podman &> /dev/null; then
    podman ps -a --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" 2>&1 >> "$LIVE_OUTPUT" || echo "Error listing containers" >> "$LIVE_OUTPUT"
fi
echo "" >> "$LIVE_OUTPUT"

echo "== Container Images ==" >> "$LIVE_OUTPUT"
if command -v podman &> /dev/null; then
    podman images --format "table {{.Repository}}\t{{.Tag}}\t{{.Size}}" 2>&1 >> "$LIVE_OUTPUT" || echo "Error listing images" >> "$LIVE_OUTPUT"
fi
echo "" >> "$LIVE_OUTPUT"

echo "== Volumes ==" >> "$LIVE_OUTPUT"
if command -v podman &> /dev/null; then
    podman volume ls 2>&1 >> "$LIVE_OUTPUT" || echo "Error listing volumes" >> "$LIVE_OUTPUT"
fi
echo "" >> "$LIVE_OUTPUT"

echo "== Networks ==" >> "$LIVE_OUTPUT"
if command -v podman &> /dev/null; then
    podman network ls 2>&1 >> "$LIVE_OUTPUT" || echo "Error listing networks" >> "$LIVE_OUTPUT"
fi
echo "" >> "$LIVE_OUTPUT"

echo "== Service Health Checks ==" >> "$LIVE_OUTPUT"
for port in 8082 8083 8084 8085 8086 8087 8088; do
    response=$(curl -s -o /dev/null -w "%{http_code}" "http://localhost:$port/healthz" 2>/dev/null || echo "000")
    echo "Port $port: HTTP $response" >> "$LIVE_OUTPUT"
done
echo -e "${GREEN}  Output: $LIVE_OUTPUT${NC}"

# =============================================================================
# SUMMARY
# =============================================================================
echo ""
echo -e "${BLUE}========================================${NC}"
echo -e "${BLUE}   INFRASTRUCTURE AUDIT COMPLETE${NC}"
echo -e "${BLUE}========================================${NC}"
echo ""
echo -e "Reports generated in: ${GREEN}$OUTPUT_DIR${NC}"
echo ""
echo "Files generated:"
ls -la "$OUTPUT_DIR"/*$TIMESTAMP* 2>/dev/null || echo "No files generated"