param(
    [string]$DockerContext = "test-ubuntu",
    [string]$PostgresContainer = "rap_test_postgres",
    [string]$Database = "remote_access_platform",
    [string]$User = "rap_user",
    [string]$ExpectedVersion = "0.2.369-fabric-artifact-chunks"
)

Set-StrictMode -Version Latest
$ErrorActionPreference = "Stop"

function Invoke-PsqlScalar {
    param([string]$Sql)
    $output = & docker --context $DockerContext exec $PostgresContainer psql -U $User -d $Database -At -c $Sql
    if ($LASTEXITCODE -ne 0) {
        throw "psql failed for query: $Sql"
    }
    return [int]($output | Select-Object -First 1)
}

$violations = @()

$httpReleaseArtifacts = Invoke-PsqlScalar @"
select count(*)
from release_artifacts
where url like 'http://%'
   or url like 'https://%'
   or metadata::text like '%http://%'
   or metadata::text like '%https://%';
"@
if ($httpReleaseArtifacts -ne 0) {
    $violations += "release_artifacts contain HTTP references: $httpReleaseArtifacts"
}

$httpUpdateStatuses = Invoke-PsqlScalar @"
select count(*)
from node_update_status_reports
where payload::text like '%http://%'
   or payload::text like '%https://%';
"@
if ($httpUpdateStatuses -ne 0) {
    $violations += "node_update_status_reports contain HTTP references: $httpUpdateStatuses"
}

$nonFabricCurrentArtifacts = Invoke-PsqlScalar @"
select count(*)
from release_artifacts
where version = '$ExpectedVersion'
  and url not like 'fabric-artifact://%';
"@
if ($nonFabricCurrentArtifacts -ne 0) {
    $violations += "current release artifacts are not fabric-artifact URLs: $nonFabricCurrentArtifacts"
}

$unexpectedActiveReleases = Invoke-PsqlScalar @"
select count(*)
from release_versions
where status = 'active'
  and version <> '$ExpectedVersion';
"@
if ($unexpectedActiveReleases -ne 0) {
    $violations += "unexpected active releases outside ${ExpectedVersion}: $unexpectedActiveReleases"
}

$legacyNodeMetadata = Invoke-PsqlScalar @"
select count(*)
from nodes
where metadata::text like '%relay_control%'
   or metadata::text like '%http://%'
   or metadata::text like '%https://%';
"@
if ($legacyNodeMetadata -ne 0) {
    $violations += "node metadata contains retired transport hints: $legacyNodeMetadata"
}

if ($violations.Count -gt 0) {
    Write-Error ("Live farm fabric standard violated:`n" + ($violations -join "`n"))
    exit 1
}

Write-Host "Live farm fabric standard check passed."