name: WAF Intelligence Guardrail

on:
  push:
    paths:
      - 'terraform/**'
      - 'mcp/waf_intelligence/**'
      - '.github/workflows/waf_intel.yml'
  pull_request:
    paths:
      - 'terraform/**'
      - 'mcp/waf_intelligence/**'

jobs:
  waf-intel:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: '3.11'

      - name: Install dependencies
        run: |
          if [ -f requirements.txt ]; then
            pip install -r requirements.txt
          fi

      - name: Run WAF Intelligence
        run: |
          python -m mcp.waf_intelligence \
            --file terraform/waf.tf \
            --format json \
            --limit 5 \
            --fail-on-error