#!/usr/bin/env bash
# Run TCP probes inside Railway API container (read-only diagnostic).
set -euo pipefail
ROOT="$(cd "$(dirname "$0")/.." && pwd)"
cd "$ROOT/api"
EVID="$ROOT/frontend/qa/evidence/smtp-verify/$(date -u +%Y%m%dT%H%M%SZ)-railway-php-tcp-matrix.txt"
mkdir -p "$(dirname "$EVID")"
{
  echo "# Railway container PHP TCP matrix — $(date -u +%Y-%m-%dT%H:%M:%SZ)"
  echo "# cwd=$(pwd) service linked via railway.toml in api/"
  echo
} >"$EVID"

probe() {
  local host=$1 port=$2
  echo "=== $host:$port ===" | tee -a "$EVID"
  # Single-line -r: railway ssh remote shell is dash; multiline -r breaks.
  railway ssh -- php -r '$h="'${host}'";$p='${port}';$t=microtime(true);$fp=@stream_socket_client("tcp://$h:$p",$e,$s,15);$ms=(int)round((microtime(true)-$t)*1000);echo json_encode(["host"=>$h,"port"=>$p,"ok"=>$fp!==false,"errno"=>$e,"errstr"=>$s,"ms"=>$ms]);if($fp){echo "\nbanner:".trim((string)fgets($fp,200));fclose($fp);}echo "\n";' 2>&1 | tee -a "$EVID"
  echo | tee -a "$EVID"
}

probe smtp.gmail.com 587
probe smtp.gmail.com 465
probe smtp-relay.gmail.com 587
probe smtp-relay.gmail.com 465
probe smtp.office365.com 587
probe smtp.office365.com 465
probe www.google.com 443

echo "Wrote $EVID"