#!/usr/bin/env bash
set -euo pipefail

usage() {
  cat <<'EOF'
Usage:
  guard_apply_patch.sh PATCH_FILE [--cwd DIR] [--allow-deletes] [--max-files N] [--max-changed-lines N] [--allow-path-prefix PREFIX ...]

Description:
  Validates a patch and applies it only if policy checks pass.
EOF
}

if [[ "${1:-}" == "-h" || "${1:-}" == "--help" || "${#}" -lt 1 ]]; then
  usage
  exit 0
fi

PATCH_FILE="$1"
shift

CWD="$(pwd)"
VALIDATOR_ARGS=()

while [[ $# -gt 0 ]]; do
  case "$1" in
    --cwd)
      CWD="$2"
      shift 2
      ;;
    --allow-deletes)
      VALIDATOR_ARGS+=("$1")
      shift
      ;;
    --max-files|--max-changed-lines|--allow-path-prefix)
      VALIDATOR_ARGS+=("$1" "$2")
      shift 2
      ;;
    *)
      VALIDATOR_ARGS+=("$1")
      shift
      ;;
  esac
done

if [[ ! -f "$PATCH_FILE" ]]; then
  echo "Patch file not found: $PATCH_FILE" >&2
  exit 1
fi

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
VALIDATOR="$SCRIPT_DIR/guard_validate_patch.py"

python3 "$VALIDATOR" "$PATCH_FILE" --cwd "$CWD" "${VALIDATOR_ARGS[@]}"

echo "Validation passed. Running dry-run apply..."
patch -p1 --dry-run -d "$CWD" < "$PATCH_FILE"

echo "Applying patch..."
patch -p1 -d "$CWD" < "$PATCH_FILE"

echo "Done."