//! Fetches live WorkloadRiskScore from the cluster corpus-operator.

use crate::traits::WorkloadRiskScore;
use std::process::Command;

/// Fetch the risk score for a corpus entry from the live cluster.
pub fn fetch_score(entry_name: &str) -> WorkloadRiskScore {
    let output = Command::new("kubectl")
        .args([
            "get",
            "corpusentry",
            entry_name,
            "-o",
            "jsonpath={.status.riskScore.composite}|{.status.riskScore.capabilityCeiling}|{.status.riskScore.bomTriadComplete}",
        ])
        .output();

    match output {
        Ok(out) if out.status.success() => {
            let s = String::from_utf8_lossy(&out.stdout);
            let parts: Vec<&str> = s.trim().split('|').collect();
            let composite = parts.first().and_then(|v| v.parse().ok()).unwrap_or(0u8);
            let ceiling = parts.get(1).unwrap_or(&"CAP_READ").to_string();
            let bom_complete = parts.get(2).map(|v| *v == "true").unwrap_or(false);

            WorkloadRiskScore {
                hardware_score: 0,
                software_score: 0,
                ai_score: 0,
                attestation_score: 0,
                composite,
                capability_ceiling: ceiling,
                bom_triad_complete: bom_complete,
            }
        }
        _ => WorkloadRiskScore {
            hardware_score: 0,
            software_score: 0,
            ai_score: 0,
            attestation_score: 0,
            composite: 0,
            capability_ceiling: "UNKNOWN".into(),
            bom_triad_complete: false,
        },
    }
}

/// Fetch the cluster's best Tier A corpus entry score.
pub fn fetch_cluster_score() -> WorkloadRiskScore {
    fetch_score("bxnet-ops")
}