#!/bin/sh
# Global pre-commit hook: print effective identity and ask to continue.
# Set BYPASS_COMMIT_IDENTITY_CHECK=1 to skip (e.g., in CI).

[ -n "$BYPASS_COMMIT_IDENTITY_CHECK" ] && exit 0

# Resolve effective identity (prefer repo-local config, fall back to global)
name="$(git config --get user.name)"
[ -z "$name" ] && name="$(git config --global --get user.name)"
email="$(git config --get user.email)"
[ -z "$email" ] && email="$(git config --global --get user.email)"

branch="$(git rev-parse --abbrev-ref HEAD 2>/dev/null || echo '?')"
remote="$(git remote -v | awk '/\(push\)/{print $2; exit}' | sed 's#^https\?://##; s#git@##' )"

# Optional: block specific identities unless overridden
# Add your alt(s) here, comma-separated (exact match on email or name).
BLOCKED_EMAILS="${BLOCKED_EMAILS:-alt@example.com}"
BLOCKED_NAMES="${BLOCKED_NAMES:-Alt Name}"

is_blocked() {
  needle="$1" haystack="$2"
  printf '%s' "$haystack" | tr ',' '\n' | grep -Fxq "$needle"
}

printf '\n\033[1;33m⚠ Committing as:\033[0m \033[1m%s\033[0m <\033[1m%s\033[0m>\n' "$name" "$email"
[ -n "$branch" ] && printf '   Branch: %s\n' "$branch"
[ -n "$remote" ] && printf '   Remote: %s\n' "$remote"
printf '   Double-check this is the right account.\n\n'

if is_blocked "$email" "$BLOCKED_EMAILS" || is_blocked "$name" "$BLOCKED_NAMES"; then
  printf '\033[1;31mBlocked identity detected.\033[0m Set BYPASS_COMMIT_IDENTITY_CHECK=1 to override just this commit.\n'
  exit 1
fi

# Interactive confirm (skip if no TTY, e.g., merge drivers)
if [ -t 0 ]; then
  printf 'Continue with commit? [y/N] '
  read ans
  case "$ans" in
    y|Y) ;;
    *) echo "Commit aborted."; exit 1 ;;
  esac
fi
