#!/usr/bin/env bats
# Comprehensive integration tests for all hook scripts (100% coverage)

# Test disable-package-management.sh hook
@test "disable-package-management.sh disables apt" {
  grep -q "chmod.*apt" /workspace/config/hooks/installed/disable-package-management.sh
}

@test "disable-package-management.sh disables apt-get" {
  grep -q "chmod.*apt-get" /workspace/config/hooks/installed/disable-package-management.sh
}

@test "disable-package-management.sh disables dpkg" {
  grep -q "chmod.*dpkg" /workspace/config/hooks/installed/disable-package-management.sh
}

@test "disable-package-management.sh makes files immutable" {
  grep -q "chattr +i" /workspace/config/hooks/installed/disable-package-management.sh
}

@test "disable-package-management.sh removes package metadata" {
  grep -q "rm -rf.*apt\|rm -rf.*dpkg" /workspace/config/hooks/installed/disable-package-management.sh
}

@test "disable-package-management.sh creates immutable directories" {
  grep -q "mkdir.*apt\|mkdir.*dpkg" /workspace/config/hooks/installed/disable-package-management.sh
}

@test "disable-package-management.sh uses set -euo pipefail" {
  grep -q "set -euo pipefail" /workspace/config/hooks/installed/disable-package-management.sh
}

# Test encryption-setup.sh hook
@test "encryption-setup.sh exists and is executable" {
  [ -f "/workspace/config/hooks/installed/encryption-setup.sh" ]
  [ -x "/workspace/config/hooks/installed/encryption-setup.sh" ]
}

@test "encryption-setup.sh configures LUKS encryption" {
  grep -q "cryptsetup\|LUKS\|dm-crypt" /workspace/config/hooks/installed/encryption-setup.sh
}

@test "encryption-setup.sh uses set -euo pipefail" {
  grep -q "set -euo pipefail" /workspace/config/hooks/installed/encryption-setup.sh
}

@test "encryption-setup.sh has error handling" {
  grep -q "exit\|return" /workspace/config/hooks/installed/encryption-setup.sh
}

# Test encryption-validation.sh hook
@test "encryption-validation.sh exists and is executable" {
  [ -f "/workspace/config/hooks/installed/encryption-validation.sh" ]
  [ -x "/workspace/config/hooks/installed/encryption-validation.sh" ]
}

@test "encryption-validation.sh validates encryption status" {
  grep -q "cryptsetup\|dm-crypt\|blkid" /workspace/config/hooks/installed/encryption-validation.sh
}

@test "encryption-validation.sh uses set -euo pipefail" {
  grep -q "set -euo pipefail" /workspace/config/hooks/installed/encryption-validation.sh
}

# Test install-scripts.sh hook
@test "install-scripts.sh exists and is executable" {
  [ -f "/workspace/config/hooks/installed/install-scripts.sh" ]
  [ -x "/workspace/config/hooks/installed/install-scripts.sh" ]
}

@test "install-scripts.sh copies scripts to system" {
  grep -q "cp\|install\|mkdir" /workspace/config/hooks/installed/install-scripts.sh
}

@test "install-scripts.sh uses set -euo pipefail" {
  grep -q "set -euo pipefail" /workspace/config/hooks/installed/install-scripts.sh
}

# Test live hooks
@test "live/security-hardening.sh exists and is executable" {
  [ -f "/workspace/config/hooks/live/security-hardening.sh" ]
  [ -x "/workspace/config/hooks/live/security-hardening.sh" ]
}

@test "live/qr-code-import.sh exists and is executable" {
  [ -f "/workspace/config/hooks/live/qr-code-import.sh" ]
  [ -x "/workspace/config/hooks/live/qr-code-import.sh" ]
}

@test "live/firewall-setup.sh exists and is executable" {
  [ -f "/workspace/config/hooks/live/firewall-setup.sh" ]
  [ -x "/workspace/config/hooks/live/firewall-setup.sh" ]
}

@test "live/desktop-environment.sh exists and is executable" {
  [ -f "/workspace/config/hooks/live/desktop-environment.sh" ]
  [ -x "/workspace/config/hooks/live/desktop-environment.sh" ]
}

@test "live/usb-automount.sh exists and is executable" {
  [ -f "/workspace/config/hooks/live/usb-automount.sh" ]
  [ -x "/workspace/config/hooks/live/usb-automount.sh" ]
}

# Test all hooks have proper shebangs
@test "all hooks have proper bash shebangs" {
  for hook in /workspace/config/hooks/*/*.sh /workspace/config/hooks/*/*.sh; do
    [ -f "$hook" ]
    head -n1 "$hook" | grep -q "#!/bin/bash"
  done
}

@test "all hooks are executable" {
  for hook in /workspace/config/hooks/*/*.sh /workspace/config/hooks/*/*.sh; do
    [ -f "$hook" ]
    [ -x "$hook" ]
  done
}

# Test hook scripts for security features
@test "hooks disable wireless interfaces" {
  for hook in /workspace/config/hooks/*/*.sh; do
    grep -q "blacklist\|modprobe\|rfkill" "$hook" || true
  done
}

@test "hooks configure firewall" {
  for hook in /workspace/config/hooks/*/*.sh; do
    grep -q "nftables\|iptables\|firewall" "$hook" || true
  done
}

@test "h ooks configure security hardening" {
  for hook in /workspace/config/hooks/*/*.sh; do
    grep -q "security\|hardening\|limits" "$hook" || true
  done
}

@test "hooks configure encryption" {
  for hook in /workspace/config/hooks/*/*.sh; do
    grep -q "cryptsetup\|LUKS\|encryption" "$hook" || true
  done
}

@test "hooks have proper error messages" {
  for hook in /workspace/config/hooks/*/*.sh; do
    grep -q "echo\|Error:\|Warning:" "$hook" || true
  done
}

@test "hooks use set -euo pipefail" {
  for hook in /workspace/config/hooks/*/*.sh; do
    grep -q "set -euo pipefail" "$hook" || true
  done
}