# AWOOOI Pre-commit Configuration
# =================================
# Phase 5: 全自動防禦網
#
# Install: pre-commit install
# Run:     pre-commit run --all-files
#
# Exit Codes:
#   0 = All checks passed
#   1 = Check failed (commit blocked)

default_language_version:
  python: python3.11

repos:
  # ==========================================================================
  # Python Linting (Ruff)
  # ==========================================================================
  - repo: https://github.com/astral-sh/ruff-pre-commit
    rev: v0.3.0
    hooks:
      - id: ruff
        name: 🐍 Ruff Lint (Python)
        args: [--fix, --exit-non-zero-on-fix]
        files: ^apps/api/
        types: [python]

      - id: ruff-format
        name: 🐍 Ruff Format (Python)
        files: ^apps/api/
        types: [python]

  # ==========================================================================
  # TypeScript Linting (ESLint)
  # ==========================================================================
  - repo: local
    hooks:
      - id: eslint
        name: 🟦 ESLint (TypeScript)
        entry: pnpm --filter @awoooi/web exec eslint --fix
        language: system
        files: ^apps/web/.*\.(ts|tsx)$
        pass_filenames: false

      - id: tsc-typecheck
        name: 🔷 TypeScript Type Check
        entry: pnpm --filter @awoooi/web exec tsc --noEmit
        language: system
        files: ^apps/web/.*\.(ts|tsx)$
        pass_filenames: false

  # ==========================================================================
  # General Checks
  # ==========================================================================
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v4.5.0
    hooks:
      - id: trailing-whitespace
        name: 🧹 Trailing Whitespace
        exclude: ^(.*\.md|.*\.diff)$

      - id: end-of-file-fixer
        name: 📄 End of File Fixer
        exclude: ^(.*\.md)$

      - id: check-yaml
        name: 📋 YAML Syntax Check

      - id: check-json
        name: 📋 JSON Syntax Check

      - id: check-added-large-files
        name: 📦 Large File Check
        args: ['--maxkb=1000']

      - id: detect-private-key
        name: 🔐 Private Key Detection

  # ==========================================================================
  # Secrets Detection
  # ==========================================================================
  - repo: https://github.com/Yelp/detect-secrets
    rev: v1.4.0
    hooks:
      - id: detect-secrets
        name: 🔒 Secrets Detection
        args: ['--baseline', '.secrets.baseline']
        exclude: (pnpm-lock.yaml|package-lock.json)

  # ==========================================================================
  # AI Code Review (Ollama)
  # ==========================================================================
  - repo: local
    hooks:
      - id: ai-code-reviewer
        name: 🤖 AI Code Reviewer (Ollama)
        entry: python scripts/ai_code_reviewer.py
        language: python
        pass_filenames: false
        additional_dependencies: [httpx]
        stages: [commit]
        # 僅在有 Python 或 TypeScript 變更時執行
        files: \.(py|ts|tsx)$
        # fail-open: AI 審查失敗不阻止 commit
        verbose: true