#!/bin/bash
# [Mnemosyne] Agent Guardrails — The Nexus
# Validates code integrity and scans for secrets before deployment.

echo "--- [Mnemosyne] Running Guardrails ---"

# 1. Syntax Checks
echo "[1/3] Validating syntax..."
for f in ; do
  node --check "$f" || { echo "Syntax error in $f"; exit 1; }
done
echo "Syntax OK."

# 2. JSON/YAML Validation
echo "[2/3] Validating configs..."
for f in ; do
  node -e "JSON.parse(require('fs').readFileSync('$f'))" || { echo "Invalid JSON: $f"; exit 1; }
done
echo "Configs OK."

# 3. Secret Scan
echo "[3/3] Scanning for secrets..."
grep -rE "AI_|TOKEN|KEY|SECRET" . --exclude-dir=node_modules --exclude=guardrails.sh | grep -v "process.env" && {
  echo "WARNING: Potential secrets found!"
} || echo "No secrets detected."

echo "--- Guardrails Passed ---"