#!/usr/bin/env bash
# PreToolUse guardrail for EQDEV-620.
# Receives the tool call as JSON on stdin. Blocks (exit 2) any Edit/Write whose
# target is production code or a pom.xml. This fires even in bypassPermissions
# mode, so it is the hard backstop behind the settings.json deny rules.
set -euo pipefail

INPUT="$(cat)"

# Extract the target file path from tool_input.file_path (Edit/Write) or
# tool_input.path (some tools). Falls back to empty string.
FILE="$(printf '%s' "$INPUT" | python3 -c '
import sys, json
try:
    d = json.load(sys.stdin)
    ti = d.get("tool_input", {}) or {}
    print(ti.get("file_path") or ti.get("path") or "")
except Exception:
    print("")
' 2>/dev/null || true)"

# Normalize and test against forbidden locations.
case "$FILE" in
  */src/main/*|src/main/*|*/pom.xml|pom.xml)
    echo "GUARDRAIL BLOCK (EQDEV-620): '$FILE' is production code or pom.xml." >&2
    echo "Only tests under src/test/** may be modified. Edit refused." >&2
    exit 2
    ;;
esac

exit 0