#!/bin/bash
# Git Pre-Push Hook - Security Audit
# Install: cp scripts/git-hooks/pre-push .git/hooks/ && chmod +x .git/hooks/pre-push

echo "Running security audit before push..."

cd frontend
AUDIT=$(npm audit --json 2>/dev/null || true)
CRITICAL=$(echo "$AUDIT" | grep -o '"critical":[0-9]*' | head -1 | cut -d: -f2)

if [ "${CRITICAL:-0}" -gt 0 ]; then
    echo ""
    echo "========================================"
    echo "  PUSH BLOCKED: Critical vulnerabilities found!"
    echo "========================================"
    npm audit 2>/dev/null | grep -A 3 "critical"
    echo ""
    echo "Run 'npm audit fix' or update packages manually."
    echo "To bypass: git push --no-verify"
    exit 1
fi

echo "Security check passed."
exit 0