# Maintainer: Akhil Sharma <akhilsails@gmail.com>
#
# This PKGBUILD is mirrored in the upstream repo at:
#   https://github.com/Armur-Ai/Pentest-Swarm-AI/tree/main/packaging/aur/pentestswarm-bin
#
# Submission lives at https://aur.archlinux.org/packages/pentestswarm-bin
# Install: yay -S pentestswarm-bin   (or paru -S pentestswarm-bin)

pkgname=pentestswarm-bin
pkgver=0.1.0
pkgrel=1
pkgdesc="Swarm of AI agents for authorized penetration testing (binary release)"
arch=('x86_64' 'aarch64')
url="https://github.com/Armur-Ai/Pentest-Swarm-AI"
license=('AGPL-3.0-only')
provides=('pentestswarm')
conflicts=('pentestswarm')

# Optional runtime deps — the swarm calls out to these tools when present.
# Each is a hint, not a hard requirement; `pentestswarm doctor` reports
# what's missing and `pentestswarm doctor --fix` auto-installs the
# Go-installable ones. Or use the bundled Docker image for everything.
optdepends=(
    'nmap: network port + service scanning'
    'sqlmap: SQL injection testing'
    'gobuster: directory / DNS / vhost brute-forcing'
    'ffuf: HTTP fuzzer'
    'nuclei-bin: template-based vulnerability scanner (AUR)'
    'amass-bin: subdomain enumeration (AUR)'
    'subfinder-bin: passive subdomain discovery (AUR)'
    'httpx-bin: fast HTTP toolkit (AUR)'
    'naabu-bin: fast port scanner (AUR)'
    'trufflehog: secret scanning'
    'gitleaks: secret scanning'
    'docker: pre-bundled image with all 16 security tools (ghcr.io/armur-ai/pentestswarm)'
)

# Use raw GitHub-release binaries (no tarball); rename to a stable
# filename so package() doesn't have to know arch-suffix names.
source_x86_64=("pentestswarm-${pkgver}-amd64::${url}/releases/download/v${pkgver}/pentestswarm-linux-amd64")
source_aarch64=("pentestswarm-${pkgver}-arm64::${url}/releases/download/v${pkgver}/pentestswarm-linux-arm64")

# SHA-256 of the upstream release artifacts. Verify with:
#   curl -sSL https://github.com/Armur-Ai/Pentest-Swarm-AI/releases/download/v0.1.0/checksums.txt
sha256sums_x86_64=('bcb1ae28d60e9b6e599f2bc9ca59218806924d485563f69cad05902617f85f9e')
sha256sums_aarch64=('53fb618522e0f6f3b99287f7bfd9f8e968a54b3b9c88d3bdb44d388a0c5ebaa3')

package() {
    cd "$srcdir"
    case "$CARCH" in
        x86_64)
            install -Dm755 "pentestswarm-${pkgver}-amd64" "${pkgdir}/usr/bin/pentestswarm"
            ;;
        aarch64)
            install -Dm755 "pentestswarm-${pkgver}-arm64" "${pkgdir}/usr/bin/pentestswarm"
            ;;
    esac

    # Shell completions — invoke the just-installed binary to produce
    # completion scripts for each shell, then install to the canonical
    # Arch paths. The binary is a self-contained Go executable so this
    # works inside the package staging dir.
    local _bin="${pkgdir}/usr/bin/pentestswarm"
    install -Dm644 <("${_bin}" completion bash) "${pkgdir}/usr/share/bash-completion/completions/pentestswarm"
    install -Dm644 <("${_bin}" completion zsh)  "${pkgdir}/usr/share/zsh/site-functions/_pentestswarm"
    install -Dm644 <("${_bin}" completion fish) "${pkgdir}/usr/share/fish/vendor_completions.d/pentestswarm.fish"

    # Per Arch packaging guidelines, install a copy of the license alongside
    # the binary. We can't ship the LICENSE file from the release archive
    # (binaries are raw), so write a minimal notice pointing at upstream.
    install -dm755 "${pkgdir}/usr/share/licenses/${pkgname}"
    cat > "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" <<EOF
This binary is distributed under the GNU Affero General Public License v3.0
(AGPL-3.0-only). See the full license text at:

  https://www.gnu.org/licenses/agpl-3.0.txt
  https://github.com/Armur-Ai/Pentest-Swarm-AI/blob/main/LICENSE

The AGPL's network-use clause means: if you modify Pentest Swarm and run
the modified version as a network service, you must release your
modifications under AGPL. Internal / individual / authorized-engagement
use carries no obligations.
EOF
}
