#!/usr/bin/env bash
# F16 — felaket yüzeyi (canlıya zarar vermeden mümkün olanlar).
set -euo pipefail
ROOT="$(cd "$(dirname "$0")/.." && pwd)"
LOG="$ROOT/frontend/qa/logs/f16"
API="${FAUNAMIX_QA_API:-https://faunamix-production.up.railway.app}"
SITE="${FAUNAMIX_QA_SITE:-https://www.faunamix.com}"
mkdir -p "$LOG"
TS=$(date +%s)
OUT="$LOG/f16-run-$TS.txt"

exec > >(tee "$OUT") 2>&1

echo "=== F16 disaster probes $TS ==="

echo "--- 1) API healthy baseline ---"
curl -sS -w "\nHTTP %{http_code}\n" "$API/health.php"

echo "--- 2) API unavailable (invalid Railway host) ---"
curl -sS -w "\nHTTP %{http_code}\n" --connect-timeout 8 \
  "https://faunamix-invalid-nonexistent.up.railway.app/health.php" || echo "curl failed (expected)"

echo "--- 3) Vitrin listing (SSR may cache) ---"
curl -sS -o /dev/null -w "listing HTTP %{http_code}\n" "$SITE/listing"

echo "--- 4) checkout_create validation (DB up) ---"
curl -sS -X POST "$API/api/checkout_create.php" \
  -H "Content-Type: application/json" \
  -H "Idempotency-Key: f16-$TS" \
  -d '{"items":[],"customer":{"full_name":"x","email":"not-an-email","phone":"1","identity_no":"1","city":"x","address_line":"x"},"legal_acceptances":{"mesafeli":true,"on_bilgilendirme":true,"iade":true,"gizlilik":true}}' \
  -w "\nHTTP %{http_code}\n"

echo "--- 5) DR readiness script ---"
if command -v php >/dev/null 2>&1; then
  FAUNAMIX_ENV_FILE="$ROOT/api/.env.railway" php "$ROOT/scripts/verify-disaster-recovery.php" 2>&1 | tail -20 || true
else
  echo "php not available locally"
fi

echo ""
echo "DB unavailable + checkout-DB-down: canlıda kasıtlı kesim yapılmadı (veri riski)."
echo "Onaylı pencerede: Railway MySQL pause veya yanlış DB_HOST → health 503, checkout güvenli JSON hata."
echo "Runbook: scripts/RUNBOOK-disaster-recovery.md"