"""Run all read-only audit checks for a tenant domain."""

from __future__ import annotations

from typing import Any

from . import dns, vm112, webmail

CHECK_LABELS = {
    "carbonio": "Carbonio domain",
    "nginx_vhost": "carbonio-nginx vhost",
    "cert_le": "Let's Encrypt certificate",
    "dns_mx": "MX record",
    "dns_spf": "SPF",
    "dns_dkim": "DKIM",
    "dns_dmarc": "DMARC",
    "webmail_http": "Webmail HTTPS",
}

TENANT_API_BASE = {
    1: None,  # filled from env in run_audit
}


def run_audit(
    tenant_id: int,
    domain: str,
    *,
    vm112_api: str | None = None,
    mail_public_ip: str | None = None,
) -> dict[str, dict[str, Any]]:
    domain = domain.lower().strip()
    results: dict[str, dict[str, Any]] = {}

    if tenant_id == 1:
        api_base = vm112_api or "http://10.10.10.112:8090"
        results.update(vm112.collect(domain, api_base))

    results.update(dns.collect(domain, mail_public_ip=mail_public_ip))
    results.update(webmail.collect(domain))

    for check_id, label in CHECK_LABELS.items():
        results.setdefault(
            check_id,
            {
                "check_id": check_id,
                "label": label,
                "status": "skip",
                "message": "Check not run",
                "evidence": {},
            },
        )
        results[check_id]["label"] = label

    return results