#!/usr/bin/env bash set -euo pipefail source "$(dirname "$0")/lib/common.sh" ROOT="$(vmcc_root)" CMD="${1:-}" RUN_ID="${VMCC_RUN_ID:-$(run_id)}" DAY="$(date -u "+%Y-%m-%d")" EVID_DIR="$ROOT/30-evidence/$DAY/$RUN_ID" RULE_DIR="$ROOT/50-reports/$DAY/$RUN_ID/rules" REP_DIR="$ROOT/50-reports/$DAY/$RUN_ID" mkdir -p "$EVID_DIR" "$RULE_DIR" "$REP_DIR" case "$CMD" in collect) echo "[vmcc] run_id=$RUN_ID" echo "[vmcc] collecting evidence -> $EVID_DIR" "$ROOT/20-collectors/collect_ledger_verify.sh" "$EVID_DIR" "$ROOT/20-collectors/collect_constitution_hash.sh" "$EVID_DIR" "$ROOT/20-collectors/collect_backup_restore_drill.sh" "$EVID_DIR" ;; evaluate) echo "[vmcc] evaluating rules -> $RULE_DIR" "$ROOT/40-rules/ledger_hash_chain_intact.sh" "$EVID_DIR" > "$RULE_DIR/ledger.hash_chain_intact.json" "$ROOT/40-rules/governance_constitution_pinned.sh" "$EVID_DIR" > "$RULE_DIR/governance.constitution_pinned.json" "$ROOT/40-rules/backup_restore_drill_recent.sh" "$EVID_DIR" > "$RULE_DIR/backup.restore_drill_recent.json" ;; report) require_cmd jq echo "[vmcc] assembling report -> $REP_DIR/report.json" TS="$(iso_utc_now)" PASSED_COUNT="$(jq -s '[.[] | select(.passed==true)] | length' "$RULE_DIR"/*.json)" FAILED_COUNT="$(jq -s '[.[] | select(.passed==false)] | length' "$RULE_DIR"/*.json)" jq -n \ --arg version "1.0.0" \ --arg timestamp "$TS" \ --arg run_id "$RUN_ID" \ --arg day "$DAY" \ --slurpfile rules <(cat "$RULE_DIR"/*.json) \ --argjson passed "$PASSED_COUNT" \ --argjson failed "$FAILED_COUNT" \ '{ version: $version, timestamp: $timestamp, period: "run", run_id: $run_id, day: $day, summary: { rules_passed: $passed, rules_failed: $failed, status: (if $failed == 0 then "COMPLIANT" else "NONCOMPLIANT" end) }, rules: $rules }' > "$REP_DIR/report.json" ;; *) echo "Usage: $0 {collect|evaluate|report}" >&2 exit 1 ;; esac