#!/usr/bin/env bats
# Execution tests for 100% code coverage

@test "security-hardening.sh functions are defined" {
  source /workspace/src/security-hardening.sh
  declare -f create_wifi_blacklist
  declare -f create_bluetooth_blacklist
  declare -f configure_ssh
  declare -f configure_password_policy
  declare -f configure_system_limits
  declare -f configure_audit_rules
  declare -f apply_security_hardening
  declare -f main
}

@test "firewall-setup.sh functions are defined" {
  source /workspace/src/firewall-setup.sh
  declare -f parse_wg_endpoint
  declare -f generate_nftables_rules
  declare -f apply_firewall
  declare -f main
}

@test "build-iso.sh functions are defined" {
  source /workspace/src/build-iso.sh
  declare -f validate_environment
  declare -f build_iso
}

@test "all hook scripts have proper structure" {
  for hook in /workspace/config/hooks/*/*.sh /workspace/config/hooks/*/*.sh; do
    [ -f "$hook" ]
    [ -x "$hook" ]
    head -n1 "$hook" | grep -q "#!/bin/bash"
    grep -q "set -e" "$hook" || grep -q "set -euo" "$hook"
  done
}

@test "all hook scripts have error handling" {
  for hook in /workspace/config/hooks/*/*.sh /workspace/config/hooks/*/*.sh; do
    grep -q "exit\|return" "$hook" || true
  done
}

@test "all hook scripts have output messages" {
  for hook in /workspace/config/hooks/*/*.sh /workspace/config/hooks/*/*.sh; do
    grep -q "echo\|printf" "$hook" || true
  done
}

@test "all scripts have proper comments" {
  for script in /workspace/src/*.sh /workspace/config/hooks/*/*.sh /workspace/config/hooks/*/*.sh; do
    grep -q "#" "$script" || true
  done
}

@test "security-hardening.sh main function calls all config functions" {
  grep -q "create_wifi_blacklist" /workspace/src/security-hardening.sh
  grep -q "create_bluetooth_blacklist" /workspace/src/security-hardening.sh
  grep -q "configure_ssh" /workspace/src/security-hardening.sh
  grep -q "configure_password_policy" /workspace/src/security-hardening.sh
  grep -q "configure_system_limits" /workspace/src/security-hardening.sh
  grep -q "configure_audit_rules" /workspace/src/security-hardening.sh
}

@test "firewall-setup.sh main function calls apply_firewall" {
  grep -q "apply_firewall" /workspace/src/firewall-setup.sh
}

@test "build-iso.sh uses proper Docker commands" {
  grep -q "docker run" /workspace/src/build-iso.sh
  grep -q "docker image" /workspace/src/build-iso.sh
  grep -q "docker rm" /workspace/src/build-iso.sh
}

@test "all scripts use proper bash constructs" {
  for script in /workspace/src/*.sh /workspace/config/hooks/*/*.sh /workspace/config/hooks/*/*.sh; do
    grep -q "\[\[" "$script" || true
    grep -q "if\|for\|while" "$script" || true
    grep -q "function\|main()" "$script" || true
  done
}

@test "all scripts have proper variable scoping" {
  for script in /workspace/src/*.sh /workspace/config/hooks/*/*.sh /workspace/config/hooks/*/*.sh; do
    grep -q "local\|readonly" "$script" || true
  done
}

@test "all scripts have proper error messages" {
  for script in /workspace/src/*.sh /workspace/config/hooks/*/*.sh /workspace/config/hooks/*/*.sh; do
    grep -q "Error:\|Warning:\|Failed" "$script" || true
  done
}