#!/usr/bin/env python3
"""Validate tamper-evident Aegis audit log integrity."""

from __future__ import annotations

import argparse
import sys
from pathlib import Path

from aegis_gitea_mcp.audit import validate_audit_log_integrity


def parse_args() -> argparse.Namespace:
    """Parse command line arguments."""
    parser = argparse.ArgumentParser(description="Validate Aegis audit log hash chain")
    parser.add_argument(
        "--path",
        type=Path,
        default=Path("/var/log/aegis-mcp/audit.log"),
        help="Path to audit log file",
    )
    return parser.parse_args()


def main() -> int:
    """Validate audit chain and return process exit code."""
    args = parse_args()
    is_valid, errors = validate_audit_log_integrity(args.path)

    if is_valid:
        print(f"Audit log integrity OK: {args.path}")
        return 0

    print(f"Audit log integrity FAILED: {args.path}")
    for error in errors:
        print(f"- {error}")
    return 1


if __name__ == "__main__":
    raise SystemExit(main())