#!/bin/bash
# DSS Immutability Guard - Simplified Version
# Protects core principle files from accidental modification

echo "🛡️  DSS Immutability Check..."

# List of protected files (core principles only)
PROTECTED_FILES=(
  ".knowledge/dss-principles.json"
  ".knowledge/dss-architecture.json"
  ".clauderc"
)

# Check if any protected files are being modified
MODIFIED_PROTECTED=()
for file in "${PROTECTED_FILES[@]}"; do
  if git diff --cached --name-only | grep -q "^${file}$"; then
    MODIFIED_PROTECTED+=("$file")
  fi
done

# If protected files are modified, require confirmation
if [ ${#MODIFIED_PROTECTED[@]} -gt 0 ]; then
  echo ""
  echo "⚠️  WARNING: You are modifying protected core files:"
  for file in "${MODIFIED_PROTECTED[@]}"; do
    echo "  - $file"
  done
  echo ""
  echo "These files define DSS core architecture and should rarely change."
  echo ""
  echo "To proceed with this commit, set: ALLOW_CORE_CHANGES=true"
  echo "Example: ALLOW_CORE_CHANGES=true git commit -m 'your message'"
  echo ""

  # Check if user has explicitly allowed the change
  if [ "$ALLOW_CORE_CHANGES" != "true" ]; then
    echo "❌ Commit blocked. Set ALLOW_CORE_CHANGES=true to proceed."
    exit 1
  fi

  echo "✅ ALLOW_CORE_CHANGES=true detected. Proceeding with commit."
fi

echo "✅ Immutability check passed."
exit 0