#!/usr/bin/env node
/**
 * PoC H4: 新增 sensitive-paths 规则与生产流水的兼容性
 *
 * 验证:
 *   - 新 3 条 ai-delivery-pipeline 规则能正确匹配目标路径
 *   - 不会误伤其他正常文件
 *   - rules-compiled.json 已包含新规则
 *   - hook 内部（持有 bypass token）可绕过保护写入 staging/
 */
'use strict';

const fs = require('fs');
const os = require('os');
const path = require('path');

const ROOT = path.join(__dirname, '..', '..');
const SANDBOX = path.join(ROOT, 'ai-delivery-pipeline', '_poc-sandbox');
const SP = path.join(ROOT, 'hooks', 'rules', 'sensitive-paths.json');
const COMPILED = path.join(ROOT, 'hooks', 'rules', 'rules-compiled.json');

function loadPatterns() {
  const sp = JSON.parse(fs.readFileSync(SP, 'utf8'));
  return sp.patterns.map(p => ({ re: new RegExp(p.regex, p.flags || ''), reason: p.reason }));
}

function matches(patterns, p) {
  const hits = patterns.filter(x => x.re.test(p));
  return hits.map(h => h.reason);
}

function main() {
  fs.mkdirSync(SANDBOX, { recursive: true });
  const patterns = loadPatterns();

  // 应命中的路径 (true positive)
  const shouldHit = [
    'C:/Users/leesu/.claude/ai-delivery-pipeline/staging/session-x/foo.ts',
    'C:\\Users\\leesu\\.claude\\ai-delivery-pipeline\\quarantine\\bad.ts',
    '/c/Users/leesu/.claude/ai-delivery-pipeline/delivery/ok.ts',
  ];
  // 不应命中的路径 (true negative)
  const shouldMiss = [
    'C:/Users/leesu/projects/mybiobb.com/src/app/page.tsx',
    'C:/Users/leesu/.claude/skills/developer-expert/SKILL.md',
    '/home/user/ai-delivery-pipeline/staging/foo.ts', // 不在 .claude/ 下
    'C:/Users/leesu/.claude/ai-delivery-pipeline/README.md', // 根目录 README 不匹配 staging/
  ];

  const hitResults = shouldHit.map(p => {
    const reasons = matches(patterns, p);
    const passed = reasons.length > 0;
    return { path: p, expected: 'hit', reasons, pass: passed };
  });
  const missResults = shouldMiss.map(p => {
    const reasons = matches(patterns, p);
    const passed = reasons.length === 0;
    return { path: p, expected: 'miss', reasons, pass: passed };
  });

  // rules-compiled 是否包含新规则
  const compiled = fs.readFileSync(COMPILED, 'utf8');
  const compiledHas = compiled.includes('ai-delivery-pipeline');

  const allTests = [...hitResults, ...missResults];
  const pass = allTests.filter(r => r.pass).length;
  const total = allTests.length;

  const report = {
    hypothesis: 'H4 · sensitive-paths 新规则兼容性',
    platform: os.platform() + ' ' + os.release(),
    timestamp: new Date().toISOString(),
    rulesCompiledHasNewRules: compiledHas,
    truePositives: hitResults,
    trueNegatives: missResults,
    stats: { total, pass, failed: total - pass },
    verdict: {
      rulesActive: compiledHas,
      precisionOk: missResults.every(r => r.pass),
      recallOk: hitResults.every(r => r.pass),
      pass: pass === total && compiledHas,
    },
    recommendation: pass === total && compiledHas
      ? '✅ 新规则精确匹配, 不误伤, 已进 rules-compiled; 可进入冲刺 3 实施'
      : '❌ 有误判, 需调整 regex',
  };
  fs.writeFileSync(path.join(SANDBOX, 'h4-report.json'), JSON.stringify(report, null, 2), 'utf8');
  console.log(JSON.stringify(report, null, 2));
}

main();