#!/usr/bin/env bash
# COMP-04: refuse any runtime dep under AGPL / SSPL / BSL / Elastic / Commons Clause.
# Usage: scripts/license_scan.sh    (exit 0 clean; exit 1 violation)
set -euo pipefail

FORBIDDEN_REGEX='AGPL|SSPL|BSL|Business Source|Elastic-2\.0|ElasticLicense|Commons Clause'

echo "scanning runtime deps via pip-licenses..."
OUT="$(uv run --with pip-licenses pip-licenses --format=plain-vertical 2>/dev/null)"

if echo "$OUT" | grep -Ei "$FORBIDDEN_REGEX" >&2; then
    echo ""
    echo "❌ FORBIDDEN LICENSE DETECTED — see lines above."
    echo "   Policy: main chain must be MIT / BSD / Apache-2.0 / PSF / PostgreSQL only."
    exit 1
fi

echo "✅ no AGPL / SSPL / BSL / Elastic / Commons Clause in runtime deps."