# Pre-commit hooks for ops-jrz1 Matrix platform repository
# Install: pre-commit install
# Run manually: pre-commit run --all-files

repos:
  # Nix formatting and linting
  - repo: https://github.com/nix-community/nixpkgs-fmt
    rev: v1.3.0
    hooks:
      - id: nixpkgs-fmt

  # Secret scanning with gitleaks
  - repo: https://github.com/gitleaks/gitleaks
    rev: v8.18.0
    hooks:
      - id: gitleaks

  # General file checks
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v4.5.0
    hooks:
      - id: trailing-whitespace
      - id: end-of-file-fixer
      - id: check-yaml
      - id: check-added-large-files
        args: ['--maxkb=500']
      - id: check-merge-conflict

  # Custom hooks for ops-jrz1
  - repo: local
    hooks:
      # Validate sanitization before commit
      - id: validate-sanitization
        name: Validate sanitization rules
        entry: scripts/hooks/validate-sanitization-hook.sh
        language: script
        files: '\.(nix|md)$'
        pass_filenames: false

      # Nix flake check (expensive, runs on pre-push)
      - id: nix-flake-check
        name: Nix flake check
        entry: scripts/hooks/nix-flake-check-hook.sh
        language: script
        stages: [push]
        pass_filenames: false

      # Build validation (expensive, runs on pre-push)
      - id: nix-build-validation
        name: Nix build validation
        entry: scripts/hooks/nix-build-hook.sh
        language: script
        stages: [push]
        pass_filenames: false