#!/bin/bash
# Pre-commit 檢查 - 自動驗證是否違反 HARD_RULES

echo "🔍 檢查 HARD_RULES 違規..."

ERRORS=0

# 1. GitHub Workflows - 禁止 ubuntu-latest
if grep -r "runs-on: ubuntu-latest" .github/workflows/ 2>/dev/null; then
    echo "❌ 違規: 發現 ubuntu-latest (必須用 self-hosted)"
    ERRORS=$((ERRORS + 1))
fi

# 2. SQLite 檢查
if grep -r "sqlite" apps/api/ --include="*.py" 2>/dev/null | grep -v "#" | grep -v "禁止"; then
    echo "❌ 違規: 發現 SQLite (必須用 PostgreSQL)"
    ERRORS=$((ERRORS + 1))
fi

# 3. CORS * 檢查
if grep -rE "CORS.*['\"]?\*['\"]?" apps/api/ --include="*.py" 2>/dev/null; then
    echo "❌ 違規: 發現 CORS * (必須用白名單)"
    ERRORS=$((ERRORS + 1))
fi

if [ $ERRORS -gt 0 ]; then
    echo ""
    echo "🚨 發現 $ERRORS 個違規，請修正後再提交"
    exit 1
fi

echo "✅ HARD_RULES 檢查通過"
exit 0