#!/usr/bin/env pwsh
# Dependency vulnerability audit cho SOLUTION_ERP
# Usage: pwsh scripts/deps-audit.ps1 [-FailOnHigh]
#
# Scan:
#   1. NuGet vulnerable (BE) — dotnet list package --vulnerable --include-transitive
#   2. npm audit (fe-admin + fe-user) — level >= moderate
#
# Exit code:
#   0 — clean
#   1 — vulnerabilities found (only fail with -FailOnHigh)
#
# Skill reference: .claude/skills/dependency-audit-erp/SKILL.md

param(
    [switch]$FailOnHigh
)

$ErrorActionPreference = "Continue"
$script:hasIssues = $false

function Write-Section($title) {
    Write-Host ""
    Write-Host "===== $title =====" -ForegroundColor Cyan
}

# ========= 1. NuGet =========
Write-Section "NuGet vulnerabilities (BE .NET 10)"

Push-Location $PSScriptRoot/..
try {
    $output = dotnet list SolutionErp.slnx package --vulnerable --include-transitive 2>&1 | Out-String
    Write-Host $output
    if ($output -match 'has the following vulnerable packages') {
        $script:hasIssues = $true
        Write-Host "[!] NuGet vulnerable packages found" -ForegroundColor Red
    } else {
        Write-Host "[OK] No NuGet vulnerabilities" -ForegroundColor Green
    }
} catch {
    Write-Host "[!] dotnet list failed: $_" -ForegroundColor Red
    $script:hasIssues = $true
}
Pop-Location

# ========= 2. npm fe-admin =========
Write-Section "npm audit fe-admin"

Push-Location $PSScriptRoot/../fe-admin
try {
    if (-not (Test-Path node_modules)) {
        Write-Host "node_modules missing — chạy npm install trước." -ForegroundColor Yellow
    } else {
        $auditOutput = npm audit --audit-level=moderate 2>&1 | Out-String
        Write-Host $auditOutput
        if ($LASTEXITCODE -ne 0) {
            $script:hasIssues = $true
            Write-Host "[!] fe-admin npm audit found issues" -ForegroundColor Red
        } else {
            Write-Host "[OK] fe-admin npm clean" -ForegroundColor Green
        }
    }
} catch {
    Write-Host "[!] npm audit fe-admin failed: $_" -ForegroundColor Red
    $script:hasIssues = $true
}
Pop-Location

# ========= 3. npm fe-user =========
Write-Section "npm audit fe-user"

Push-Location $PSScriptRoot/../fe-user
try {
    if (-not (Test-Path node_modules)) {
        Write-Host "node_modules missing — chạy npm install trước." -ForegroundColor Yellow
    } else {
        $auditOutput = npm audit --audit-level=moderate 2>&1 | Out-String
        Write-Host $auditOutput
        if ($LASTEXITCODE -ne 0) {
            $script:hasIssues = $true
            Write-Host "[!] fe-user npm audit found issues" -ForegroundColor Red
        } else {
            Write-Host "[OK] fe-user npm clean" -ForegroundColor Green
        }
    }
} catch {
    Write-Host "[!] npm audit fe-user failed: $_" -ForegroundColor Red
    $script:hasIssues = $true
}
Pop-Location

# ========= Summary =========
Write-Section "Summary"
if ($script:hasIssues) {
    Write-Host "[!] Vulnerabilities or issues found." -ForegroundColor Red
    Write-Host "Tham khao .claude/skills/dependency-audit-erp/SKILL.md cho workflow fix."
    Write-Host "Nho check pin constraints (MediatR 12.4.1, Swashbuckle 6.9.0, Node 20) truoc khi npm audit fix."
    if ($FailOnHigh) {
        exit 1
    }
} else {
    Write-Host "[OK] All clean." -ForegroundColor Green
}