#!/usr/bin/env bash set -euo pipefail ROOT="$(git rev-parse --show-toplevel 2>/dev/null || echo ".")" cd "$ROOT" # -------- collect staged files ---------- mapfile -t STAGED < <(git diff --cached --name-only --diff-filter=AM || true) [ "${#STAGED[@]}" -eq 0 ] && exit 0 # -------- tiny secret scan (fast, regex only) ---------- DIFF="$(git diff --cached)" if echo "$DIFF" | grep -Eqi '(api[_-]?key|secret|access[_-]?token|private[_-]?key)[:=]\s*[A-Za-z0-9_\-]{12,}'; then echo >&2 "[pre-commit] Possible secret detected in staged changes." echo >&2 " If false positive, commit with --no-verify and add an allowlist later." exit 11 fi # -------- ensure discussion summaries exist (companion files) ---------- ensure_summary() { local disc="$1" local dir; dir="$(dirname "$disc")" local sum="$dir/$(basename "$disc" .md).sum.md" if [ ! -f "$sum" ]; then cat > "$sum" <<'EOF' # Summary — ## Decisions (ADR-style) - (none yet) ## Open Questions - (none yet) ## Awaiting Replies - (none yet) ## Action Items - (none yet) ## Votes (latest per participant) READY: 0 • CHANGES: 0 • REJECT: 0 - (no votes yet) ## Timeline (most recent first) - : ## Links - Related PRs: – - Commits: – - Design/Plan: ../design/design.md EOF git add "$sum" fi } for f in "${STAGED[@]}"; do case "$f" in Docs/features/*/discussions/*.discussion.md) ensure_summary "$f";; esac done # -------- future orchestration (non-blocking status) ---------- if [ -x "automation/workflow.py" ]; then python3 automation/workflow.py --status || true fi exit 0