#!/usr/bin/env bash
# ============================================================================
# INFRA INVARIANTS CHECKER
# ============================================================================
# Enforces infrastructure law for VaultMesh.
# Run from repo root: bash scripts/infra-invariants.sh
#
# Exit codes:
#   0 = All invariants pass
#   1 = One or more invariants violated
#
# Governed by: RED-BOOK.md
# ============================================================================

set -euo pipefail

REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
cd "$REPO_ROOT"

# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
NC='\033[0m'

echo "============================================"
echo "  VaultMesh Infrastructure Invariants Check"
echo "============================================"
echo ""

FAILED=0

# ============================================================================
# 1. TERRAFORM FORMAT CHECK
# ============================================================================

echo "── 1. Terraform Formatting ──"

cd terraform
if terraform fmt -check -recursive > /dev/null 2>&1; then
    echo -e "${GREEN}✓${NC} 1.1 All .tf files are properly formatted"
else
    echo -e "${RED}✗${NC} 1.1 Terraform files need formatting"
    echo "    Run: cd terraform && terraform fmt -recursive"
    FAILED=1
fi

# ============================================================================
# 2. TERRAFORM VALIDATE
# ============================================================================

echo ""
echo "── 2. Terraform Validation ──"

terraform init -backend=false > /dev/null 2>&1
if terraform validate > /dev/null 2>&1; then
    echo -e "${GREEN}✓${NC} 2.1 Terraform configuration is valid"
else
    echo -e "${RED}✗${NC} 2.1 Terraform validation failed"
    terraform validate
    FAILED=1
fi

cd "$REPO_ROOT"

# ============================================================================
# 3. REQUIRED FILES
# ============================================================================

echo ""
echo "── 3. Required Terraform Files ──"

REQUIRED_TF_FILES=(
    "terraform/main.tf"
    "terraform/variables.tf"
)

for tf in "${REQUIRED_TF_FILES[@]}"; do
    if [[ -f "$tf" ]]; then
        echo -e "${GREEN}✓${NC} 3.1 $tf exists"
    else
        echo -e "${RED}✗${NC} 3.1 Missing required file: $tf"
        FAILED=1
    fi
done

# ============================================================================
# SUMMARY
# ============================================================================

echo ""
echo "============================================"
echo "  Summary"
echo "============================================"

if [[ $FAILED -gt 0 ]]; then
    echo -e "${RED}Infra invariants violated. Fix before merging.${NC}"
    exit 1
else
    echo -e "${GREEN}All infra invariants pass. ✓${NC}"
    exit 0
fi