08ce228df1
Some checks failed
DSS Project Analysis / dss-context-update (push) Has been cancelled
- Remove legacy admin-ui/js/ vanilla JS components - Add .dss/ directory with core tokens, skins, themes - Add Storybook configuration and generated stories - Add DSS management scripts (dss-services, dss-init, dss-setup, dss-reset) - Add MCP command definitions for DSS plugin - Add Figma sync architecture and scripts - Update pre-commit hooks with documentation validation - Fix JSON trailing commas in skin files 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
163 lines
4.9 KiB
Bash
Executable File
163 lines
4.9 KiB
Bash
Executable File
#!/bin/bash
|
|
# DSS Immutability Guard - Simplified Version
|
|
# Protects core principle files from accidental modification
|
|
|
|
echo "🛡️ DSS Immutability Check..."
|
|
|
|
# List of protected files (core principles and config)
|
|
PROTECTED_FILES=(
|
|
".knowledge/dss-principles.json"
|
|
".knowledge/dss-architecture.json"
|
|
".clauderc"
|
|
"PROJECT_CONFIG.md"
|
|
".dss/config/figma.json"
|
|
)
|
|
|
|
# DSS Core Structure - ONLY modifiable by Figma sync
|
|
# These paths require ALLOW_FIGMA_SYNC=true to modify
|
|
DSS_CORE_PATHS=(
|
|
".dss/data/_system/"
|
|
".dss/schema/"
|
|
"dss-claude-plugin/core/skins/"
|
|
"dss/core_tokens/"
|
|
)
|
|
|
|
# Check if any protected files are being modified
|
|
MODIFIED_PROTECTED=()
|
|
for file in "${PROTECTED_FILES[@]}"; do
|
|
if git diff --cached --name-only | grep -q "^${file}$"; then
|
|
MODIFIED_PROTECTED+=("$file")
|
|
fi
|
|
done
|
|
|
|
# If protected files are modified, require confirmation
|
|
if [ ${#MODIFIED_PROTECTED[@]} -gt 0 ]; then
|
|
echo ""
|
|
echo "⚠️ WARNING: You are modifying protected core files:"
|
|
for file in "${MODIFIED_PROTECTED[@]}"; do
|
|
echo " - $file"
|
|
done
|
|
echo ""
|
|
echo "These files define DSS core architecture and should rarely change."
|
|
echo ""
|
|
echo "To proceed with this commit, set: ALLOW_CORE_CHANGES=true"
|
|
echo "Example: ALLOW_CORE_CHANGES=true git commit -m 'your message'"
|
|
echo ""
|
|
|
|
# Check if user has explicitly allowed the change
|
|
if [ "$ALLOW_CORE_CHANGES" != "true" ]; then
|
|
echo "❌ Commit blocked. Set ALLOW_CORE_CHANGES=true to proceed."
|
|
exit 1
|
|
fi
|
|
|
|
echo "✅ ALLOW_CORE_CHANGES=true detected. Proceeding with commit."
|
|
fi
|
|
|
|
# Check DSS Core paths (Figma sync only)
|
|
MODIFIED_DSS_CORE=()
|
|
for path in "${DSS_CORE_PATHS[@]}"; do
|
|
if git diff --cached --name-only | grep -q "^${path}"; then
|
|
while IFS= read -r file; do
|
|
MODIFIED_DSS_CORE+=("$file")
|
|
done < <(git diff --cached --name-only | grep "^${path}")
|
|
fi
|
|
done
|
|
|
|
if [ ${#MODIFIED_DSS_CORE[@]} -gt 0 ]; then
|
|
echo ""
|
|
echo "🔒 DSS CORE STRUCTURE PROTECTION"
|
|
echo " The following paths can ONLY be modified via Figma sync:"
|
|
for file in "${MODIFIED_DSS_CORE[@]}"; do
|
|
echo " - $file"
|
|
done
|
|
echo ""
|
|
echo " Source of truth: Figma → DSS Pipeline → These files"
|
|
echo ""
|
|
echo " To proceed (Figma sync only): ALLOW_FIGMA_SYNC=true"
|
|
echo ""
|
|
|
|
if [ "$ALLOW_FIGMA_SYNC" != "true" ]; then
|
|
echo "❌ Commit blocked. DSS core structure is Figma-sync only."
|
|
exit 1
|
|
fi
|
|
|
|
echo "✅ ALLOW_FIGMA_SYNC=true detected. Proceeding with Figma sync commit."
|
|
|
|
# Verify hash manifest is also being updated
|
|
if ! git diff --cached --name-only | grep -q "^.dss/core-hashes.sha256$"; then
|
|
echo ""
|
|
echo "⚠️ WARNING: core-hashes.sha256 not updated!"
|
|
echo " Figma sync should regenerate: .dss/core-hashes.sha256"
|
|
echo " Run: scripts/regenerate-core-hashes.sh"
|
|
fi
|
|
fi
|
|
|
|
# Hash verification for DSS core files
|
|
HASH_FILE=".dss/core-hashes.sha256"
|
|
if [ -f "$HASH_FILE" ] && [ ${#MODIFIED_DSS_CORE[@]} -gt 0 ]; then
|
|
echo ""
|
|
echo "🔐 Verifying DSS core file hashes..."
|
|
HASH_FAILURES=()
|
|
|
|
for file in "${MODIFIED_DSS_CORE[@]}"; do
|
|
if grep -q " ${file}$" "$HASH_FILE" 2>/dev/null; then
|
|
EXPECTED=$(grep " ${file}$" "$HASH_FILE" | cut -d' ' -f1)
|
|
# Get hash from staged version
|
|
ACTUAL=$(git show ":${file}" 2>/dev/null | sha256sum | cut -d' ' -f1)
|
|
if [ "$EXPECTED" != "$ACTUAL" ] && [ "$ALLOW_FIGMA_SYNC" != "true" ]; then
|
|
HASH_FAILURES+=("$file")
|
|
fi
|
|
fi
|
|
done
|
|
|
|
if [ ${#HASH_FAILURES[@]} -gt 0 ]; then
|
|
echo "❌ Hash verification failed for:"
|
|
for file in "${HASH_FAILURES[@]}"; do
|
|
echo " - $file"
|
|
done
|
|
echo ""
|
|
echo " These files have been modified outside Figma sync pipeline."
|
|
echo " Revert changes or run Figma sync to update properly."
|
|
exit 1
|
|
fi
|
|
echo "✅ Hash verification passed."
|
|
fi
|
|
|
|
echo "✅ Immutability check passed."
|
|
echo ""
|
|
|
|
# Run DSS code quality verification
|
|
echo "🔍 Running DSS Code Quality Checks..."
|
|
if [ -f "./scripts/verify-quality.sh" ]; then
|
|
if ! ./scripts/verify-quality.sh; then
|
|
echo ""
|
|
echo "❌ Code quality checks failed. Please fix the errors above."
|
|
echo "To bypass (not recommended): git commit --no-verify"
|
|
exit 1
|
|
fi
|
|
else
|
|
echo "⚠️ Warning: scripts/verify-quality.sh not found, skipping quality checks"
|
|
fi
|
|
|
|
# Run Python validation hook (documentation, schemas, terminology)
|
|
echo ""
|
|
echo "📚 Running Documentation & Schema Checks..."
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
if [ -f "${SCRIPT_DIR}/pre-commit-python" ]; then
|
|
if ! python3 "${SCRIPT_DIR}/pre-commit-python"; then
|
|
echo ""
|
|
echo "❌ Validation checks failed. Please fix the errors above."
|
|
echo "To bypass (not recommended): git commit --no-verify"
|
|
exit 1
|
|
fi
|
|
elif [ -f ".git/hooks/pre-commit" ] && file ".git/hooks/pre-commit" | grep -q Python; then
|
|
if ! python3 ".git/hooks/pre-commit"; then
|
|
echo "❌ Python validation checks failed."
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
echo ""
|
|
echo "✅ All pre-commit checks passed!"
|
|
exit 0
|