<?php
header("Content-Type: application/json");
$file = $_POST["file"] ?? "";
$action = $_POST["action"] ?? "read";
$search = $_POST["search"] ?? "";
$replace = $_POST["replace"] ?? "";
$append = $_POST["append"] ?? "";

$allowed = [
    "/var/www/html/api/wevia-smart-router.php",
    "/var/www/html/api/wevia-exec.php",
    "/var/www/html/api/wevia-brain-orchestrator.php",
    "/var/www/html/api/wevia-autowire.php",
    "/var/www/html/api/architecture-index.json",
];

if(!in_array($file, $allowed)) die(json_encode(["error"=>"file not allowed","allowed"=>$allowed]));

if($action === "read") {
    die(json_encode(["content"=>file_get_contents($file),"lines"=>count(file($file))]));
}

if($action === "replace" && $search && $replace) {
    shell_exec("sudo chattr -i $file 2>/dev/null");
    $content = file_get_contents($file);
    if(strpos($content, $search) === false) die(json_encode(["error"=>"search string not found"]));
    $new = str_replace($search, $replace, $content);
    file_put_contents($file.".bak", $content);
    file_put_contents($file, $new);
    $lint = trim(shell_exec("php -l $file 2>&1"));
    if(strpos($lint,"No syntax errors") === false) {
        copy($file.".bak", $file);
        die(json_encode(["error"=>"PHP error, rolled back","lint"=>$lint]));
    }
    die(json_encode(["status"=>"replaced","lint"=>$lint]));
}

if($action === "exec") {
    $cmd = $_POST["cmd"] ?? "";
    $safe_cmds = ["php -l","grep","wc","cat","head","tail","git","python3 /opt/weval-l99"];
    $ok = false;
    foreach($safe_cmds as $s) if(strpos($cmd,$s) === 0) $ok = true;
    if(!$ok) die(json_encode(["error"=>"cmd not allowed"]));
    die(json_encode(["output"=>trim(shell_exec($cmd." 2>&1"))]));
}

echo json_encode(["error"=>"unknown action"]);