// Snitch Security Scan - Jenkins Declarative Pipeline
//
// Runs a Snitch security audit on pull request builds.
//
// Setup:
//   1. Copy this file to your repository root as Jenkinsfile
//      (or load it from your existing pipeline).
//   2. Add ANTHROPIC_API_KEY as a credential in Jenkins
//      under Manage Jenkins > Credentials (type: Secret text).
//   3. Configure your job to build on pull requests
//      (e.g., via the GitHub Branch Source or Bitbucket Branch Source plugin).

pipeline {
    agent {
        docker {
            image 'node:20'
        }
    }

    when {
        changeRequest()
    }

    stages {
        stage('Install') {
            steps {
                sh 'npm install -g @anthropic-ai/claude-code'
            }
        }

        stage('Snitch Security Scan') {
            steps {
                withCredentials([string(credentialsId: 'ANTHROPIC_API_KEY', variable: 'ANTHROPIC_API_KEY')]) {
                    sh 'claude -p "/snitch diff"'
                }
            }
        }
    }
}
