#!/usr/bin/env bash
# Build, deploy, and fix permissions on the damocles-lab state tree.
# Run from the damocles-daemon repo root (or anywhere - resolves paths absolutely).

set -euo pipefail

REPO="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
TARGET=/persist/damocles-lab
STATE="$TARGET/state"

echo "==> checking for running daemon in lab"
if RUNNING=$(~/lab.sh "pgrep -af damocles-daemon" 2>/dev/null); then
    echo "ERROR: daemon is running in lab - won't overwrite live binary." >&2
    echo "$RUNNING" >&2
    echo "Stop it first: ~/lab.sh \"pkill damocles-daemon\"" >&2
    exit 1
fi

echo "==> building"
cd "$REPO"
nix develop --command cargo build --bin damocles-daemon --bin damocles-mcp 2>&1 | tail -3

echo "==> deploying binaries to $TARGET"
for bin in damocles-daemon damocles-mcp; do
    cp "$REPO/target/debug/$bin" "$TARGET/$bin.new"
    chown muede:users "$TARGET/$bin.new"
    mv "$TARGET/$bin.new" "$TARGET/$bin"
done
ls -la "$TARGET/damocles-daemon" "$TARGET/damocles-mcp"

echo "==> fixing state tree ownership (muede:users)"
# Anything touched by full-Damocles from the (root-running) damocles container
# ends up root-owned and unwritable by the daemon. Bulk-fix every time we deploy.
chown -R muede:users "$STATE"

# SYSTEM.md is the harness contract. Daemon must read it but not write it -
# it ships as part of the system prompt on each shard spawn. Restore root:root 644.
if [ -f "$STATE/identity/SYSTEM.md" ]; then
    chown root:root "$STATE/identity/SYSTEM.md"
    chmod 644 "$STATE/identity/SYSTEM.md"
fi
echo "    state tree fixed"

echo "==> done. restart daemon to pick up new binary:"
echo "    ~/lab.sh \"cd /workspace && RUST_LOG=info ./damocles-daemon\""