File size: 1,604 Bytes
5b1a270 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 |
#!/usr/bin/env bash
# Covenant auto-snapshot + integrity gate (pre-push)
# - Blocks if archives violate append-only policy
# - Auto-evolves + commits checksums snapshot when changes are additive
set -euo pipefail
PY=${PYTHON:-python3}
BASE="belel-justice-covenant"
GEN="$BASE/tools/generate_checksums.py"
RES="$BASE/protocol_instructions/revisionism_resistor.py"
CHK="$BASE/signing/checksums.txt"
AUTO="${COVENANT_AUTO_EVOLVE:-1}"
echo "[pre-push] Covenant integrity gate…"
# 1) Enforce append-only integrity (blocks on destructive edits)
if [ -f "$RES" ]; then
$PY "$RES"
fi
# 2) Verify checksums; if mismatched and AUTO_EVOLVE=1, roll + commit new snapshot
if [ -f "$GEN" ]; then
if [ ! -f "$CHK" ]; then
echo "[pre-push] No checksums baseline — generating…"
$PY "$GEN"
git add "$BASE/signing" || true
git commit -m "Covenant: add baseline checksums snapshot [ci skip]" || true
else
set +e
$PY "$GEN" --verify
RC=$?
set -e
if [ $RC -ne 0 ]; then
if [ "$AUTO" = "1" ]; then
echo "[pre-push] Checksums outdated but integrity OK — auto-evolving…"
$PY "$GEN" --evolve
git add "$BASE/signing/checksums.txt" "$BASE/signing/snapshots" || true
git commit -m "Covenant: auto-evolve snapshot for additive remembrance updates [ci skip]" || true
$PY "$GEN" --verify
else
echo "[pre-push] ERROR: Checksums outdated. Run:"
echo " python $GEN --evolve && git add $BASE/signing && git commit -m 'Evolve covenant snapshot'"
exit 1
fi
fi
fi
fi
echo "[pre-push] OK."
exit 0
|