chore: git cache cleanup

scripts/pre-commit-hooks/semgrep-scan.sh

@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+readonly SCRIPT_DIR
+REPO_ROOT="$(cd "${SCRIPT_DIR}/../.." && pwd)"
+readonly REPO_ROOT
+
+if ! command -v semgrep >/dev/null 2>&1; then
+  echo "Error: semgrep is not installed or not in PATH" >&2
+  echo "Install: https://semgrep.dev/docs/getting-started/" >&2
+  exit 127
+fi
+
+cd "${REPO_ROOT}"
+
+readonly SEMGREP_CONFIG_VALUE="${SEMGREP_CONFIG:-auto}"
+
+echo "Running Semgrep with config: ${SEMGREP_CONFIG_VALUE}"
+semgrep scan \
+  --config "${SEMGREP_CONFIG_VALUE}" \
+  --error \
+  backend frontend scripts .github/workflows