#!/usr/bin/env bats
# Unit tests for security-hardening.sh (general security tests)
# Reference: PRD.md FR-001, FR-006, FR-007

@test "security-hardening.sh exists" {
    [ -f "/workspace/src/security-hardening.sh" ]
}

@test "security-hardening.sh uses strict mode" {
    grep -q "set -euo pipefail" /workspace/src/security-hardening.sh
}

@test "WiFi blacklist function is defined" {
    grep -q "create_wifi_blacklist()" /workspace/src/security-hardening.sh
}

@test "Bluetooth blacklist function is defined" {
    grep -q "create_bluetooth_blacklist()" /workspace/src/security-hardening.sh
}

@test "SSH client configuration function is defined" {
    grep -q "configure_ssh_client()" /workspace/src/security-hardening.sh
}

@test "Password policy function is defined" {
    grep -q "configure_password_policy()" /workspace/src/security-hardening.sh
}

@test "FIM configuration function is defined" {
    grep -q "configure_fim()" /workspace/src/security-hardening.sh
}

@test "System limits function is defined" {
    grep -q "configure_system_limits()" /workspace/src/security-hardening.sh
}

@test "Audit rules function is defined" {
    grep -q "configure_audit_rules()" /workspace/src/security-hardening.sh
}

@test "Main function applies all hardening" {
    grep -q "apply_security_hardening()" /workspace/src/security-hardening.sh
}