#!/bin/bash
# claudomator-fix-perms — Fix ownership and permissions for Claudomator components
set -euo pipefail

SITE_DIR="/site/doot.terst.org"
GIT_REPOS_DIR="/site/git.terst.org/repos"
WORKSPACE_DIR="/workspace"

echo "==> Fixing site ownership (www-data:www-data)..."
chown -R www-data:www-data "${SITE_DIR}"

echo "==> Ensuring binaries are executable..."
if [ -d "${SITE_DIR}/bin" ]; then
    find "${SITE_DIR}/bin" -type f -exec chmod +x {} +
fi
if [ -f "/usr/local/bin/claudomator" ]; then
    chmod +x /usr/local/bin/claudomator
fi

echo "==> Ensuring scripts are executable..."
if [ -d "${SITE_DIR}/scripts" ]; then
    find "${SITE_DIR}/scripts" -type f -exec chmod +x {} +
fi
if [ -d "${WORKSPACE_DIR}/claudomator/scripts" ]; then
    find "${WORKSPACE_DIR}/claudomator/scripts" -type f -exec chmod +x {} +
fi

echo "==> Fixing git bare repo permissions..."
# Specifically fix object permissions that might be corrupted by root runs
if [ -d "${GIT_REPOS_DIR}" ]; then
    chown -R www-data:www-data "${GIT_REPOS_DIR}"
    find "${GIT_REPOS_DIR}" -type d -exec chmod 775 {} +
    find "${GIT_REPOS_DIR}" -type f -exec chmod 664 {} +
fi

echo "==> Fixing database permissions..."
if [ -f "${SITE_DIR}/data/claudomator.db" ]; then
    chmod 664 "${SITE_DIR}/data/claudomator.db"
    # Ensure the data directory is writable for WAL mode
    chmod 775 "${SITE_DIR}/data"
fi

echo "==> Done!"