#!/usr/bin/env bash
set -euo pipefail

workspace_root="$(git rev-parse --show-toplevel)"
cd "${workspace_root}"

ok=0
warn=0
fail=0

pass() {
  ok=$((ok + 1))
  printf 'PASS %s\n' "$1"
}

note() {
  warn=$((warn + 1))
  printf 'WARN %s\n' "$1"
}

bad() {
  fail=$((fail + 1))
  printf 'FAIL %s\n' "$1"
}

job_has_line() {
  local file="$1"
  local job="$2"
  local needle="$3"
  awk -v job="  ${job}:" -v needle="${needle}" '
    $0 == job {
      in_job = 1
      next
    }
    in_job && $0 ~ /^  [[:alnum:]_-]+:/ {
      in_job = 0
    }
    in_job && index($0, needle) {
      found = 1
    }
    END {
      exit found ? 0 : 1
    }
  ' "${file}"
}

has_buildbuddy_key() {
  if [[ -n "${BUILDBUDDY_API_KEY:-}" ]]; then
    return 0
  fi
  if [[ -f "${HOME}/.zshrc" ]] &&
    grep -q -E '^[[:space:]]*(export[[:space:]]+)?BUILDBUDDY_API_KEY=' "${HOME}/.zshrc"; then
    return 0
  fi
  return 1
}

if has_buildbuddy_key; then
  pass "BuildBuddy API key is configured"
else
  bad "BuildBuddy API key is not configured; set BUILDBUDDY_API_KEY or add it to ~/.zshrc"
fi

bb_bin=""
if [[ -n "${BUILDBUDDY_BB:-}" && -x "${BUILDBUDDY_BB}" ]]; then
  bb_bin="${BUILDBUDDY_BB}"
  pass "BuildBuddy CLI found via BUILDBUDDY_BB"
elif command -v bb >/dev/null 2>&1; then
  bb_bin="$(command -v bb)"
  pass "BuildBuddy CLI found on PATH"
elif [[ -x "${XDG_CACHE_HOME:-${HOME}/.cache}/meerkat/buildbuddy-cli/5.0.350/bin/bb" ]]; then
  bb_bin="${XDG_CACHE_HOME:-${HOME}/.cache}/meerkat/buildbuddy-cli/5.0.350/bin/bb"
  pass "BuildBuddy CLI found in pinned repo cache"
elif [[ -x /tmp/buildbuddy-poc/bin/bb ]]; then
  bb_bin="/tmp/buildbuddy-poc/bin/bb"
  pass "BuildBuddy CLI found at /tmp/buildbuddy-poc/bin/bb"
else
  bad "BuildBuddy CLI not found; run make buildbuddy-install or set BUILDBUDDY_BB"
fi

if [[ -f .bazelrc ]] && grep -q 'build:buildbuddy-macos-rbe' .bazelrc; then
  pass ".bazelrc has buildbuddy-macos-rbe config"
else
  bad ".bazelrc is missing buildbuddy-macos-rbe config"
fi

if grep -q 'platforms=//platforms:macos_arm64' .bazelrc &&
  grep -q 'OSFamily=darwin' .bazelrc &&
  grep -q 'Arch=arm64' .bazelrc; then
  pass "BuildBuddy RBE config targets macOS arm64 executors"
else
  bad "BuildBuddy RBE config is not pinned to macOS arm64"
fi

if [[ -f MODULE.bazel ]] &&
  grep -q 'toolchains_buildbuddy' MODULE.bazel &&
  grep -q 'rules_rust' MODULE.bazel; then
  pass "Bazel module declares BuildBuddy toolchain and rules_rust"
else
  bad "MODULE.bazel is missing BuildBuddy/rules_rust dependencies"
fi

generate_check_log="${TMPDIR:-/tmp}/meerkat-buildbuddy-generate-check.$$"
if node scripts/generate-bazel-rust-builds.mjs --check >"${generate_check_log}" 2>&1; then
  pass "Generated Bazel BUILD files are up to date"
else
  bad "Generated Bazel BUILD files are stale"
  cat "${generate_check_log}" >&2
fi
rm -f "${generate_check_log}"

module_lock_check_log="${TMPDIR:-/tmp}/meerkat-bazel-module-lock-check.$$"
if [[ -n "${bb_bin}" ]]; then
  if "${bb_bin}" mod deps --lockfile_mode=error >"${module_lock_check_log}" 2>&1; then
    pass "Bazel module lockfile is up to date"
  else
    bad "Bazel module lockfile is stale; run make buildbuddy-lock-update"
    cat "${module_lock_check_log}" >&2
  fi
fi
rm -f "${module_lock_check_log}"

fast_parity_output="$(node scripts/buildbuddy-fast-parity.mjs 2>&1 || true)"
if [[ "${fast_parity_output}" == "BuildBuddy fast parity ok:"* ]]; then
  pass "${fast_parity_output}"
else
  bad "BuildBuddy fast parity check failed"
  printf '%s\n' "${fast_parity_output}" >&2
fi

for tag in local e2e system live integration slow required-feature trybuild snapshot fixture; do
  if ! grep -q -- "fast_test_tag_filters=.*-${tag}" scripts/buildbuddy-bazel-poc; then
    bad "workspace-fast-rbe does not exclude ${tag} tests"
  fi
done
if ! grep -q 'fast_test_tag_filters=' scripts/buildbuddy-bazel-poc; then
  bad "workspace fast tag filters are not centralized"
elif grep -q -- '--test_tag_filters="${fast_test_tag_filters}"' scripts/buildbuddy-bazel-poc; then
  pass "BuildBuddy workspace fast lanes exclude non-fast test tags"
else
  bad "BuildBuddy workspace fast lanes do not use the centralized non-fast tag filter"
fi

build_label_count="$(./scripts/bazel-affected-fast-tests.mjs --all --build | wc -w | tr -d ' ')"
if [[ "${build_label_count}" =~ ^[0-9]+$ && "${build_label_count}" -gt 0 ]]; then
  pass "Bazel selector can enumerate ${build_label_count} build labels"
else
  bad "Bazel selector did not enumerate build labels"
fi

support_test_labels="$(./scripts/bazel-affected-fast-tests.mjs --owned --test meerkat/tests/support/test_session_store.rs)"
if [[ "${support_test_labels}" == *"//meerkat:sdk_agentfactory_test"* ]] &&
  [[ "${support_test_labels}" == *"//meerkat:sdk_structured_output_test"* ]]; then
  pass "Bazel selector narrows integration support edits to importing tests"
else
  bad "Bazel selector did not select exact importing integration tests"
  printf '%s\n' "${support_test_labels}" >&2
fi

required_feature_test_labels="$(./scripts/bazel-affected-fast-tests.mjs --owned --test --empty-if-no-labels meerkat-cli/tests/cli_mobpack_live_smoke.rs)"
if [[ -z "${required_feature_test_labels}" ]]; then
  pass "Bazel selector avoids broad fast tests for required-feature test edits"
else
  bad "Bazel selector broadened required-feature test edits to unrelated tests"
  printf '%s\n' "${required_feature_test_labels}" >&2
fi

required_feature_build_labels="$(./scripts/bazel-affected-fast-tests.mjs --owned --build meerkat-cli/tests/cli_mobpack_live_smoke.rs)"
required_feature_clippy_labels="$(./scripts/bazel-affected-fast-tests.mjs --owned --clippy meerkat-cli/tests/cli_mobpack_live_smoke.rs)"
if [[ "${required_feature_build_labels}" == "//meerkat-cli:cli_mobpack_live_smoke_test" ]] &&
  [[ "${required_feature_clippy_labels}" == "//meerkat-cli:cli_mobpack_live_smoke_test" ]]; then
  pass "Bazel selector narrows required-feature build/clippy edits to the exact test target"
else
  bad "Bazel selector did not narrow required-feature build/clippy edits"
  printf 'build: %s\nclippy: %s\n' "${required_feature_build_labels}" "${required_feature_clippy_labels}" >&2
fi

optional_required_feature_build_labels="$(./scripts/bazel-affected-fast-tests.mjs --owned --build xtask/tests/machines_contracts.rs)"
optional_required_feature_clippy_labels="$(./scripts/bazel-affected-fast-tests.mjs --owned --clippy xtask/tests/machines_contracts.rs)"
if [[ "${optional_required_feature_build_labels}" == "//xtask:machines_contracts_test" ]] &&
  [[ "${optional_required_feature_clippy_labels}" == "//xtask:machines_contracts_test" ]]; then
  pass "Bazel selector narrows optional-dependency required-feature edits"
else
  bad "Bazel selector did not narrow optional-dependency required-feature edits"
  printf 'build: %s\nclippy: %s\n' "${optional_required_feature_build_labels}" "${optional_required_feature_clippy_labels}" >&2
fi

changed_gate_dry_run="$(./scripts/buildbuddy-agent-gate --dry-run --working-tree xtask/tests/machines_contracts.rs 2>&1 || true)"
if [[ "${changed_gate_dry_run}" == *"build-targets: //xtask:machines_contracts_test"* ]] &&
  [[ "${changed_gate_dry_run}" == *"clippy-targets: //xtask:machines_contracts_test"* ]] &&
  [[ "${changed_gate_dry_run}" == *"plan: combined build+clippy"* ]]; then
  pass "BuildBuddy dry-run explains required-feature exact target routing"
else
  bad "BuildBuddy dry-run did not explain required-feature exact routing"
  printf '%s\n' "${changed_gate_dry_run}" >&2
fi

mixed_changed_gate_dry_run="$(./scripts/buildbuddy-changed-gate --owned --dry-run meerkat/tests/support/test_session_store.rs xtask/tests/machines_contracts.rs 2>&1 || true)"
if [[ "${mixed_changed_gate_dry_run}" == *"test-targets: //meerkat:sdk_agentfactory_test //meerkat:sdk_structured_output_test"* ]] &&
  [[ "${mixed_changed_gate_dry_run}" == *"clippy-targets: //meerkat:sdk_agentfactory_test //meerkat:sdk_structured_output_test //xtask:machines_contracts_test"* ]] &&
  [[ "${mixed_changed_gate_dry_run}" == *"plan: split test + clippy"* ]]; then
  pass "BuildBuddy mixed fast/non-fast edits keep exact clippy coverage"
else
  bad "BuildBuddy mixed fast/non-fast edit routing lost exact coverage"
  printf '%s\n' "${mixed_changed_gate_dry_run}" >&2
fi

broad_changed_gate_dry_run="$(./scripts/buildbuddy-changed-gate --owned --dry-run meerkat-cli/src/main.rs meerkat-store/src/realm.rs 2>&1 || true)"
if [[ "${broad_changed_gate_dry_run}" == *"plan: split test + clippy"* ]] &&
  [[ "${broad_changed_gate_dry_run}" == *"split-execution: serial"* ]]; then
  pass "BuildBuddy broad source edits use serial split cache warmup"
else
  bad "BuildBuddy broad source edit routing is not cache-aware"
  printf '%s\n' "${broad_changed_gate_dry_run}" >&2
fi

if grep -Fq -- '--lockfile_mode="${BUILDBUDDY_LOCKFILE_MODE:-error}"' scripts/buildbuddy-bazel-poc &&
  ! grep -Fq -- '--lockfile_mode=refresh' scripts/buildbuddy-bazel-poc &&
  grep -Fq 'module_lock_backup=' scripts/buildbuddy-bazel-poc &&
  grep -Fq 'cp -p "${module_lock_backup}" "${lockfile}"' scripts/buildbuddy-bazel-poc &&
  ! grep -Fq '/vendor/oai-rt-rs' scripts/buildbuddy-bazel-poc &&
  ! grep -Fq 'local_oai_vendor' scripts/buildbuddy-bazel-poc; then
  pass "BuildBuddy launcher restores MODULE.bazel.lock without vendored oai-rt-rs path rewrites"
else
  bad "BuildBuddy launcher still carries stale vendored oai-rt-rs lock handling"
fi

oai_rt_rs_version="$(awk -F'"' '/^oai-rt-rs = / { print $2; exit }' Cargo.toml)"
if [[ -n "${oai_rt_rs_version}" ]] &&
  [[ ! -e vendor/oai-rt-rs ]] &&
  ! grep -Fq '//vendor/oai-rt-rs:package_runfiles' BUILD.bazel xtask/BUILD.bazel &&
  ! grep -Fq 'crate = "oai-rt-rs"' MODULE.bazel &&
  ! grep -Fq 'additive_build_file_content' MODULE.bazel &&
  ! grep -Fq 'vendor/oai-rt-rs' MODULE.bazel.lock &&
  ! grep -Fq 'crates__oai-rt-rs-0.2.1' MODULE.bazel.lock &&
  grep -Fq "crates__oai-rt-rs-${oai_rt_rs_version}" MODULE.bazel.lock; then
  pass "oai-rt-rs resolves from crates.io without vendored runfiles plumbing"
else
  bad "oai-rt-rs still appears to use vendored runfiles plumbing"
fi

if grep -Fq -- '--retry 5' scripts/install-buildbuddy-cli &&
  grep -Fq -- '--retry-delay 2' scripts/install-buildbuddy-cli &&
  grep -Fq -- '--retry-max-time 120' scripts/install-buildbuddy-cli &&
  grep -Fq -- '--connect-timeout 20' scripts/install-buildbuddy-cli; then
  pass "BuildBuddy CLI installer retries transient release download failures"
else
  bad "BuildBuddy CLI installer does not retry transient release download failures"
fi

if grep -Fq 'Restore Bazel external repositories' .github/actions/setup-buildbuddy-ci/action.yml &&
  grep -Fq 'actions/cache/restore@v5' .github/actions/setup-buildbuddy-ci/action.yml &&
  grep -Fq "env.MEERKAT_BAZEL_BACKEND == 'gcp-buildbuddy'" .github/actions/setup-buildbuddy-ci/action.yml &&
  grep -Fq 'Cache Bazel external repositories' .github/actions/setup-buildbuddy-ci/action.yml &&
  grep -Fq "env.MEERKAT_BAZEL_BACKEND != 'gcp-buildbuddy'" .github/actions/setup-buildbuddy-ci/action.yml &&
  grep -Fq -- '--repository_cache=' scripts/buildbuddy-bazel-poc &&
  grep -Fq 'MEERKAT_BUILDBUDDY_FETCH_RETRIES' scripts/buildbuddy-ci-lane &&
  grep -Fq 'No registered executors in pool' scripts/buildbuddy-ci-lane &&
  grep -Fq 'Retrying %s after transient BuildBuddy remote/cache failure' scripts/buildbuddy-ci-lane; then
  pass "BuildBuddy CI caches and retries transient remote/cache failures"
else
  bad "BuildBuddy CI does not guard against transient remote/cache failures"
fi

if [[ -x scripts/run-surface-feature-matrix ]] &&
  grep -Fq 'scripts/cargo-agent-gate' .github/workflows/cargo.yml &&
  grep -Fq -- '-p meerkat-rpc \' scripts/run-surface-feature-matrix &&
  grep -Fq -- '-p meerkat-rest \' scripts/run-surface-feature-matrix &&
  grep -Fq -- '-p meerkat-mcp-server' scripts/run-surface-feature-matrix &&
  grep -Fq 'default_target="//:surface_feature_matrix_builds"' scripts/buildbuddy-bazel-poc &&
  ! grep -Fq 'test-feature-matrix-surface-checks)' tools/buildbuddy/cargo_lane_test.sh; then
  pass "Surface feature matrix keeps Cargo checks for Cargo CI and uses Bazel-native targets for BuildBuddy CI"
else
  bad "Surface feature matrix is not split cleanly between Cargo and BuildBuddy CI"
fi

if [[ -x scripts/run-build-backend-lane ]] &&
  [[ -x scripts/buildbuddy-dev ]] &&
  grep -Fq 'scripts/run-build-backend-lane build' Makefile &&
  grep -Fq 'scripts/run-build-backend-lane check' Makefile &&
  grep -Fq 'scripts/run-build-backend-lane test' Makefile &&
  grep -Fq 'scripts/run-build-backend-lane test-unit' Makefile &&
  grep -Fq 'scripts/run-build-backend-lane test-int' Makefile &&
  grep -Fq 'scripts/run-build-backend-lane e2e-fast' Makefile &&
  grep -Fq 'scripts/run-build-backend-lane e2e-system' Makefile &&
  grep -Fq 'scripts/run-build-backend-lane e2e-live' Makefile &&
  grep -Fq 'scripts/run-build-backend-lane e2e-smoke' Makefile &&
  grep -Fq 'scripts/run-build-backend-lane e2e-auth' Makefile &&
  grep -Fq 'scripts/run-build-backend-lane lint' Makefile &&
  grep -Fq 'scripts/run-build-backend-lane test-all' Makefile &&
  grep -Fq 'buildbuddy-dev" build' scripts/run-build-backend-lane &&
  grep -Fq 'buildbuddy-dev" check' scripts/run-build-backend-lane &&
  grep -Fq 'buildbuddy-dev" clippy' scripts/run-build-backend-lane &&
  grep -Fq 'buildbuddy-dev" test-unit' scripts/run-build-backend-lane &&
  grep -Fq 'buildbuddy-dev" test-int' scripts/run-build-backend-lane &&
  grep -Fq 'workspace-build-clippy-rbe' scripts/buildbuddy-dev &&
  grep -Fq 'workspace-unit-rbe' scripts/buildbuddy-dev &&
  grep -Fq 'workspace-integration-fast-rbe' scripts/buildbuddy-dev &&
  grep -Fq 'e2e-fast-rbe' scripts/buildbuddy-dev &&
  grep -Fq 'e2e-system-rbe' scripts/buildbuddy-dev &&
  grep -Fq 'e2e-live-rbe' scripts/buildbuddy-dev &&
  grep -Fq 'e2e-smoke-rbe' scripts/buildbuddy-dev &&
  grep -Fq 'e2e-auth-rbe' scripts/buildbuddy-dev &&
  grep -Fq 'BUILDBUDDY_DRY_RUN' scripts/buildbuddy-dev &&
  grep -Fq 'BUILDBUDDY_DRY_RUN=1' docs/reference/build-and-ci.mdx; then
  pass "Developer build, check, lint, and test lanes use BuildBuddy when MEERKAT_BUILDBUDDY is enabled"
else
  bad "Developer build, lint, or test lanes do not honor the BuildBuddy opt-in"
fi

if grep -Fq -- '--macos_sdk_version=' scripts/buildbuddy-bazel-poc &&
  grep -Fq -- '--macos_minimum_os=' scripts/buildbuddy-bazel-poc &&
  grep -Fq 'BUILDBUDDY_MACOS_SDK_VERSION' scripts/buildbuddy-bazel-poc; then
  pass "BuildBuddy macOS lanes pin executor SDK selection with overrides"
else
  bad "BuildBuddy macOS lanes do not pin executor SDK selection"
fi

dispatch_log_root="$(mktemp -d "${TMPDIR:-/tmp}/meerkat-buildbuddy-dispatch-doctor.XXXXXX")"
dispatch_dry_run="$(
  MEERKAT_BUILDBUDDY_LOG_ROOT="${dispatch_log_root}" \
    ./scripts/buildbuddy-ci-dispatch --mode changed-paths --paths meerkat-runtime/src/input_ledger.rs --dry-run 2>&1 || true
)"
if [[ -s "${dispatch_log_root}/dispatch-context.txt" ]] &&
  [[ -s "${dispatch_log_root}/dispatch-inputs.txt" ]] &&
  grep -q '^mode=changed-paths$' "${dispatch_log_root}/dispatch-inputs.txt" &&
  grep -q '^dry_run=1$' "${dispatch_log_root}/dispatch-inputs.txt" &&
  [[ "${dispatch_dry_run}" == *"BuildBuddy changed gate dry-run (owned)"* ]]; then
  pass "BuildBuddy CI dispatch writes changed-path context artifacts"
else
  bad "BuildBuddy CI dispatch did not write changed-path context artifacts"
  printf '%s\n' "${dispatch_dry_run}" >&2
  find "${dispatch_log_root}" -maxdepth 1 -type f -print >&2 || true
fi
rm -rf "${dispatch_log_root}"

if grep -Fq 'name: CI' .github/workflows/ci.yml &&
  grep -Fq 'name: GHA Cargo' .github/workflows/ci.yml &&
  grep -Fq 'name: GCP BuildBuddy' .github/workflows/ci.yml &&
  job_has_line .github/workflows/ci.yml gate 'name: CI gate' &&
  job_has_line .github/workflows/ci.yml gate 'name: Check selected CI backend' &&
  job_has_line .github/workflows/ci.yml gate 'CARGO_RESULT:' &&
  job_has_line .github/workflows/ci.yml gate 'GCP_BUILDBUDDY_RESULT:' &&
  job_has_line .github/workflows/ci.yml gate 'No CI backend completed successfully.' &&
  grep -Fq "github.actor == 'lukacf'" .github/workflows/ci.yml &&
  grep -Fq 'Only lukacf can run the secret-backed GCP BuildBuddy lane.' .github/workflows/ci.yml &&
  grep -Fq 'uses: ./.github/workflows/cargo.yml' .github/workflows/ci.yml &&
  grep -Fq 'uses: ./.github/workflows/buildbuddy.yml' .github/workflows/ci.yml &&
  grep -Fq 'name: Cargo CI' .github/workflows/cargo.yml &&
  grep -Fq 'workflow_call:' .github/workflows/cargo.yml &&
  grep -Fq 'scripts/cargo-agent-gate' .github/workflows/cargo.yml &&
  grep -Fq 'name: GCP BuildBuddy CI' .github/workflows/buildbuddy.yml &&
  grep -Fq 'workflow_call:' .github/workflows/buildbuddy.yml &&
  ! grep -Fq 'pull_request:' .github/workflows/cargo.yml &&
  ! grep -Fq 'push:' .github/workflows/cargo.yml &&
  ! grep -Fq 'pull_request:' .github/workflows/buildbuddy.yml &&
  ! grep -Fq 'push:' .github/workflows/buildbuddy.yml &&
  grep -Fq 'gcp-buildbuddy' .github/workflows/buildbuddy.yml &&
  ! grep -Fq 'buildbuddy-hosted' .github/workflows/ci.yml &&
  ! grep -Fq 'buildbuddy-hosted' .github/workflows/buildbuddy.yml &&
  grep -Fq 'GCP BuildBuddy gate' .github/workflows/buildbuddy.yml; then
  pass "Top-level CI exposes default Cargo and owner-gated GCP BuildBuddy lanes"
else
  bad "Top-level CI two-lane routing is not wired correctly"
fi

if grep -Fq 'MEERKAT_GCP_BUILDBUDDY_CI_MAX_SECONDS' .github/workflows/buildbuddy.yml &&
  grep -Fq 'buildbuddy-gcp-executors' .github/workflows/buildbuddy.yml &&
  grep -Fq 'queue: max' .github/workflows/buildbuddy.yml &&
  grep -Fq 'MEERKAT_GCP_BUILDBUDDY_WAIT_ON_DOWN' .github/workflows/buildbuddy.yml &&
  grep -Fq 'scripts/gcp-buildbuddy-executor-pool down' .github/workflows/buildbuddy.yml &&
  grep -Fq 'MEERKAT_GCP_BUILDBUDDY_DOWN_MODE' .github/workflows/buildbuddy.yml &&
  grep -Fq 'MEERKAT_GCP_BUILDBUDDY_CACHE_DISK_GB' .github/workflows/buildbuddy.yml &&
  grep -Fq -- '--stateful-disk "device-name=${cache_disk_device},auto-delete=never"' scripts/gcp-buildbuddy-executor-pool &&
  grep -Fq -- '--stopped-size "${parked_size}"' scripts/gcp-buildbuddy-executor-pool &&
  grep -Fq 'Parking executor pool with' scripts/gcp-buildbuddy-executor-pool &&
  ! grep -Fq "mode: \${{ (github.event_name == 'workflow_dispatch'" .github/workflows/buildbuddy.yml &&
  grep -Fq 'MEERKAT_BUILDBUDDY=1' CLAUDE.md &&
  grep -Fq 'MEERKAT_BUILDBUDDY=1' AGENTS.md &&
  grep -Fq 'MEERKAT_BUILDBUDDY=1' docs/reference/build-and-ci.mdx &&
  grep -Fq 'scripts/buildbuddy-dev' docs/reference/build-and-ci.mdx &&
  grep -Fq 'MEERKAT_BUILDBUDDY=1' scripts/agent-gate &&
  ! grep -Fq 'MEERKAT_AGENT_GATE_BACKEND' scripts/build-backend-env &&
  ! grep -Fq 'MEERKAT_AGENT_GATE_BACKEND=buildbuddy' README.md &&
  ! grep -Fq 'MEERKAT_AGENT_GATE_BACKEND=buildbuddy' docs/reference/build-and-ci.mdx &&
  grep -Fq '. ./scripts/build-backend-env' Makefile &&
  grep -Fq 'source "${ROOT}/scripts/build-backend-env"' scripts/pre-push-unit.sh &&
  grep -Fq 'scripts/agent-gate" --staged' scripts/test-changed-crates.sh &&
  grep -Fq 'scripts/agent-gate" --committed --clippy-only' scripts/pre-push-clippy.sh; then
  pass "CI and local BuildBuddy opt-in switches are wired consistently"
else
  bad "CI or BuildBuddy opt-in switch is not wired consistently"
fi

if job_has_line .github/workflows/ci.yml cargo 'name: GHA Cargo' &&
  job_has_line .github/workflows/ci.yml gcp-buildbuddy 'name: GCP BuildBuddy' &&
  job_has_line .github/workflows/ci.yml gate 'name: CI gate' &&
  job_has_line .github/workflows/buildbuddy.yml prebuild-submit 'name: Prebuild submitter' &&
  job_has_line .github/workflows/buildbuddy.yml prebuild-submit 'group: gcp-prebuild' &&
  job_has_line .github/workflows/buildbuddy.yml prebuild-submit 'ci-prebuild' &&
  job_has_line .github/workflows/buildbuddy.yml static-submit 'name: Static submitter' &&
  job_has_line .github/workflows/buildbuddy.yml static-submit 'needs: [control-plane-up, executors-up]' &&
  job_has_line .github/workflows/buildbuddy.yml static-submit 'group: gcp-static' &&
  job_has_line .github/workflows/buildbuddy.yml static-submit 'fmt-static' &&
  job_has_line .github/workflows/buildbuddy.yml native-submit 'name: Native submitter' &&
  job_has_line .github/workflows/buildbuddy.yml governance-submit 'name: Governance submitter' &&
  job_has_line .github/workflows/buildbuddy.yml wasm-feature-changes 'name: WASM, SDK, and feature change detection' &&
  job_has_line .github/workflows/buildbuddy.yml wasm-sdk-submit 'name: SDK suites submitter' &&
  job_has_line .github/workflows/buildbuddy.yml wasm-check-submit 'name: WASM check submitter' &&
  job_has_line .github/workflows/buildbuddy.yml minimal-feature-submit 'name: Minimal feature submitter' &&
  job_has_line .github/workflows/buildbuddy.yml feature-submit 'name: Feature matrix submitter' &&
  job_has_line .github/workflows/buildbuddy.yml audit-submit 'name: Security audit submitter' &&
  job_has_line .github/workflows/buildbuddy.yml native-submit 'needs: [control-plane-up, executors-up, prebuild-submit]' &&
  job_has_line .github/workflows/buildbuddy.yml governance-submit 'needs: [control-plane-up, executors-up]' &&
  job_has_line .github/workflows/buildbuddy.yml wasm-feature-changes 'needs: [control-plane-up]' &&
  job_has_line .github/workflows/buildbuddy.yml wasm-sdk-submit 'needs: [control-plane-up, executors-up, wasm-feature-changes]' &&
  job_has_line .github/workflows/buildbuddy.yml wasm-check-submit 'needs: [control-plane-up, executors-up, wasm-feature-changes]' &&
  job_has_line .github/workflows/buildbuddy.yml minimal-feature-submit 'needs: [control-plane-up, executors-up, wasm-feature-changes]' &&
  job_has_line .github/workflows/buildbuddy.yml feature-submit 'needs: [control-plane-up, executors-up, wasm-feature-changes]' &&
  job_has_line .github/workflows/buildbuddy.yml audit-submit 'needs: [control-plane-up, executors-up, wasm-feature-changes]' &&
  job_has_line .github/workflows/buildbuddy.yml native-submit 'CI_STARTED_AT_EPOCH:' &&
  job_has_line .github/workflows/buildbuddy.yml governance-submit 'CI_STARTED_AT_EPOCH:' &&
  job_has_line .github/workflows/buildbuddy.yml wasm-sdk-submit 'CI_STARTED_AT_EPOCH:' &&
  job_has_line .github/workflows/buildbuddy.yml wasm-check-submit 'CI_STARTED_AT_EPOCH:' &&
  job_has_line .github/workflows/buildbuddy.yml minimal-feature-submit 'CI_STARTED_AT_EPOCH:' &&
  job_has_line .github/workflows/buildbuddy.yml feature-submit 'CI_STARTED_AT_EPOCH:' &&
  job_has_line .github/workflows/buildbuddy.yml audit-submit 'CI_STARTED_AT_EPOCH:' &&
  job_has_line .github/workflows/buildbuddy.yml native-submit 'group: gcp' &&
  job_has_line .github/workflows/buildbuddy.yml native-submit 'batch_jobs: "2"' &&
  ! job_has_line .github/workflows/buildbuddy.yml native-submit 'fmt-static' &&
  job_has_line .github/workflows/buildbuddy.yml governance-submit 'group: gcp-governance' &&
  job_has_line .github/workflows/buildbuddy.yml wasm-sdk-submit 'group: gcp-sdk-suites' &&
  job_has_line .github/workflows/buildbuddy.yml wasm-check-submit 'group: gcp-wasm-check' &&
  job_has_line .github/workflows/buildbuddy.yml minimal-feature-submit 'group: gcp-minimal-feature' &&
  job_has_line .github/workflows/buildbuddy.yml feature-submit 'group: gcp-feature-matrix' &&
  job_has_line .github/workflows/buildbuddy.yml audit-submit 'group: gcp-security-audit' &&
  job_has_line .github/workflows/buildbuddy.yml governance-submit 'Detect machine-authority changes' &&
  job_has_line .github/workflows/buildbuddy.yml wasm-feature-changes 'Detect WASM, SDK, feature, or audit changes' &&
  job_has_line .github/workflows/buildbuddy.yml wasm-feature-changes 'wasm_changed:' &&
  job_has_line .github/workflows/buildbuddy.yml wasm-feature-changes 'sdk_changed:' &&
  job_has_line .github/workflows/buildbuddy.yml wasm-feature-changes 'minimal_changed:' &&
  job_has_line .github/workflows/buildbuddy.yml wasm-feature-changes 'feature_changed:' &&
  job_has_line .github/workflows/buildbuddy.yml wasm-feature-changes 'audit_changed:' &&
  job_has_line .github/workflows/buildbuddy.yml wasm-feature-changes 'scripts/buildbuddy-edge-changes' &&
  job_has_line .github/workflows/buildbuddy.yml wasm-sdk-submit 'sdk-suites' &&
  job_has_line .github/workflows/buildbuddy.yml wasm-check-submit 'wasm-check' &&
  ! job_has_line .github/workflows/buildbuddy.yml wasm-check-submit 'test-minimal' &&
  job_has_line .github/workflows/buildbuddy.yml minimal-feature-submit 'test-minimal' &&
  job_has_line .github/workflows/buildbuddy.yml feature-submit 'test-feature-matrix-lib' &&
  job_has_line .github/workflows/buildbuddy.yml feature-submit 'test-feature-matrix-surface-checks' &&
  job_has_line .github/workflows/buildbuddy.yml audit-submit 'audit' &&
  ! ./scripts/machine-authority-changed MODULE.bazel.lock >/dev/null 2>&1 &&
  ! job_has_line .github/workflows/buildbuddy.yml wasm-feature-changes 'MODULE.bazel.lock' &&
  ! job_has_line .github/workflows/buildbuddy.yml governance-submit "steps.machine-changes.outputs.changed != 'true'" &&
  ! job_has_line .github/workflows/buildbuddy.yml feature-submit 'audit' &&
  ! job_has_line .github/workflows/buildbuddy.yml audit-submit 'test-feature-matrix-lib' &&
  ! job_has_line .github/workflows/buildbuddy.yml wasm-check-submit 'sdk-suites' &&
  ! job_has_line .github/workflows/buildbuddy.yml minimal-feature-submit 'wasm-check' &&
  ! job_has_line .github/workflows/buildbuddy.yml feature-submit 'seam-inventory' &&
  ! job_has_line .github/workflows/buildbuddy.yml feature-submit 'rmat-audit' &&
  ! job_has_line .github/workflows/buildbuddy.yml feature-submit 'machine-authority' &&
  grep -Fq 'MEERKAT_BUILDBUDDY_BATCH_JOBS' .github/workflows/buildbuddy.yml &&
  grep -Fq 'MEERKAT_BUILDBUDDY_BATCH_JOBS: ${{ inputs.batch_jobs || env.MEERKAT_BUILDBUDDY_BATCH_JOBS }}' .github/actions/run-buildbuddy-ci-lane-batch/action.yml &&
  grep -Fq 'Check GCP CI duration SLO' .github/workflows/buildbuddy.yml &&
  grep -Fq 'Active BuildBuddy lane heartbeat' scripts/buildbuddy-ci-lane-batch &&
  grep -Fq 'Detailed BuildBuddy log' scripts/buildbuddy-ci-lane-batch &&
  grep -Fq 'lane_summary_succeeded' scripts/buildbuddy-ci-lane-batch &&
  grep -Fq 'reconciling active lane summaries before failing' scripts/buildbuddy-ci-lane-batch &&
  grep -Fq 'All BuildBuddy lanes completed successfully before the SLO watchdog was reaped' scripts/buildbuddy-ci-lane-batch &&
  grep -Fq "inputs.profile == 'submitter' || inputs.profile == 'doctor'" .github/actions/setup-buildbuddy-ci/action.yml &&
  grep -Fq 'scripts/buildbuddy-ci-lane-batch' .github/actions/run-buildbuddy-ci-lane-batch/action.yml &&
  job_has_line .github/workflows/buildbuddy.yml executors-down '- wasm-feature-changes' &&
  job_has_line .github/workflows/buildbuddy.yml executors-down '- wasm-sdk-submit' &&
  job_has_line .github/workflows/buildbuddy.yml executors-down '- wasm-check-submit' &&
  job_has_line .github/workflows/buildbuddy.yml executors-down '- minimal-feature-submit' &&
  job_has_line .github/workflows/buildbuddy.yml executors-down '- feature-submit' &&
  job_has_line .github/workflows/buildbuddy.yml executors-down '- audit-submit' &&
  job_has_line .github/workflows/buildbuddy.yml gate '- wasm-feature-changes' &&
  job_has_line .github/workflows/buildbuddy.yml gate '- wasm-sdk-submit' &&
  job_has_line .github/workflows/buildbuddy.yml gate '- wasm-check-submit' &&
  job_has_line .github/workflows/buildbuddy.yml gate '- minimal-feature-submit' &&
  job_has_line .github/workflows/buildbuddy.yml gate '- feature-submit' &&
  job_has_line .github/workflows/buildbuddy.yml gate '- audit-submit' &&
  grep -Fq 'default_target="//..."' scripts/buildbuddy-bazel-poc &&
  grep -Fq -- '--build_tag_filters=-local,-manual,-e2e,-system,-live,-slow,-required-feature,-trybuild,-snapshot,-fixture,-cargo-equivalent,-requires-network' scripts/buildbuddy-bazel-poc &&
  job_has_line .github/workflows/buildbuddy.yml gate 'runs-on: ubuntu-latest'; then
  pass "GCP BuildBuddy CI uses a broad Bazel-native prebuild plus path-aware edge lanes"
else
  bad "GCP BuildBuddy CI is not using the broad-prebuild/path-aware edge-lane shape"
fi

sdk_only="$(printf 'sdks/typescript/src/runtime.ts\n' | scripts/buildbuddy-edge-changes --paths-from-stdin)"
wasm_only="$(printf 'meerkat-web-runtime/src/lib.rs\n' | scripts/buildbuddy-edge-changes --paths-from-stdin)"
feature_only="$(printf 'scripts/run-surface-feature-matrix\n' | scripts/buildbuddy-edge-changes --paths-from-stdin)"
audit_only="$(printf 'deny.toml\n' | scripts/buildbuddy-edge-changes --paths-from-stdin)"
machine_runtime="$(printf 'meerkat-runtime/src/meerkat_machine_tests.rs\n' | scripts/buildbuddy-edge-changes --paths-from-stdin)"
session_core="$(printf 'meerkat-session/src/persistent.rs\n' | scripts/buildbuddy-edge-changes --paths-from-stdin)"
mob_core="$(printf 'meerkat-mob/src/runtime/actor.rs\n' | scripts/buildbuddy-edge-changes --paths-from-stdin)"
if grep -Fq 'sdk_changed=true' <<<"${sdk_only}" &&
  grep -Fq 'wasm_changed=false' <<<"${sdk_only}" &&
  grep -Fq 'wasm_changed=true' <<<"${wasm_only}" &&
  grep -Fq 'sdk_changed=false' <<<"${wasm_only}" &&
  grep -Fq 'feature_changed=true' <<<"${feature_only}" &&
  grep -Fq 'wasm_changed=false' <<<"${feature_only}" &&
  grep -Fq 'audit_changed=true' <<<"${audit_only}" &&
  grep -Fq 'wasm_changed=false' <<<"${audit_only}" &&
  grep -Fq 'wasm_changed=true' <<<"${machine_runtime}" &&
  grep -Fq 'sdk_changed=true' <<<"${machine_runtime}" &&
  grep -Fq 'minimal_changed=true' <<<"${machine_runtime}" &&
  grep -Fq 'feature_changed=true' <<<"${machine_runtime}" &&
  grep -Fq 'audit_changed=true' <<<"${machine_runtime}" &&
  grep -Fq 'wasm_changed=true' <<<"${session_core}" &&
  grep -Fq 'sdk_changed=true' <<<"${session_core}" &&
  grep -Fq 'minimal_changed=true' <<<"${session_core}" &&
  grep -Fq 'feature_changed=true' <<<"${session_core}" &&
  grep -Fq 'audit_changed=true' <<<"${session_core}" &&
  grep -Fq 'wasm_changed=true' <<<"${mob_core}" &&
  grep -Fq 'sdk_changed=true' <<<"${mob_core}" &&
  grep -Fq 'minimal_changed=true' <<<"${mob_core}" &&
  grep -Fq 'feature_changed=true' <<<"${mob_core}" &&
  grep -Fq 'audit_changed=true' <<<"${mob_core}"; then
  pass "BuildBuddy edge lane detector keeps WASM separate from SDK, feature, and audit-only changes"
else
  bad "BuildBuddy edge lane detector is over-triggering WASM edge lanes"
fi

if grep -Fq 'full-fresh' .github/workflows/buildbuddy.yml &&
  grep -Fq 'ci-prebuild' .github/workflows/buildbuddy.yml &&
  grep -Fq 'fmt-static' .github/workflows/buildbuddy.yml &&
  grep -Fq 'test-unit' .github/workflows/buildbuddy.yml &&
  grep -Fq 'integration-fast' .github/workflows/buildbuddy.yml &&
  grep -Fq 'sdk-suites' .github/workflows/buildbuddy.yml &&
  ! grep -Fq 'changed-gate:' .github/workflows/buildbuddy.yml &&
  ! grep -Fq 'Changed-path gate (Bazel/RBE)' .github/workflows/buildbuddy.yml &&
  ! grep -Fq 'rust-release-packaging:' .github/workflows/buildbuddy.yml &&
  ! grep -Fq 'e2e-smoke:' .github/workflows/buildbuddy.yml &&
  ! grep -Fq 'Build + clippy (Bazel/RBE)' .github/workflows/buildbuddy.yml &&
  ! grep -Fq '(compat)' .github/workflows/buildbuddy.yml &&
  ! grep -Fq 'strategy:' .github/workflows/buildbuddy.yml &&
  grep -Fq 'run-buildbuddy-ci-lane-batch' .github/workflows/buildbuddy.yml &&
  grep -Fq 'ci-prebuild-rbe' scripts/buildbuddy-bazel-poc &&
  grep -Fq 'workspace-unit-rbe' scripts/buildbuddy-bazel-poc &&
  grep -Fq 'workspace-integration-fast-rbe' scripts/buildbuddy-bazel-poc &&
  grep -Fq 'machine-authority-rbe' scripts/buildbuddy-bazel-poc &&
  grep -Fq 'rmat-audit-rbe' scripts/buildbuddy-bazel-poc &&
  grep -Fq 'seam-inventory-rbe' scripts/buildbuddy-bazel-poc &&
  grep -Fq 'sdk-suites-rbe' scripts/buildbuddy-bazel-poc &&
  grep -Fq 'wasm-check-rbe' scripts/buildbuddy-bazel-poc &&
  grep -Fq 'security-audit-rbe' scripts/buildbuddy-bazel-poc &&
  ! grep -Fq 'run_compat_lane' scripts/buildbuddy-ci-lane &&
  ! grep -Fq './scripts/repo-cargo' scripts/buildbuddy-ci-lane &&
  ! grep -Fq 'cargo-deny check' scripts/buildbuddy-ci-lane &&
  ! grep -Fq 'wasm-pack test' scripts/buildbuddy-ci-lane; then
  pass "BuildBuddy workflow exposes the GCP Bazel lane batch"
else
  bad "BuildBuddy workflow does not match the simplified GCP lane map"
fi

if grep -Fq 'default_target="//tools/buildbuddy:sdk_suites_cargo_equivalent_test"' scripts/buildbuddy-bazel-poc &&
  grep -Fq 'default_target="//tools/buildbuddy:wasm_contract_cargo_equivalent_tests"' scripts/buildbuddy-bazel-poc &&
  grep -Fq 'default_target="//tools/buildbuddy:wasm_check_cargo_equivalent_test"' scripts/buildbuddy-bazel-poc &&
  grep -Fq 'default_target="//tools/buildbuddy:security_audit_cargo_equivalent_test"' scripts/buildbuddy-bazel-poc &&
  grep -Fq 'name = "sdk_suites_cargo_equivalent_test"' tools/buildbuddy/BUILD.bazel &&
  grep -Fq 'name = "wasm_contract_cargo_equivalent_tests"' tools/buildbuddy/BUILD.bazel &&
  grep -Fq 'name = "wasm_check_cargo_equivalent_test"' tools/buildbuddy/BUILD.bazel &&
  grep -Fq 'name = "security_audit_cargo_equivalent_test"' tools/buildbuddy/BUILD.bazel &&
  grep -Fq 'workspace copy observed changing runfile' tools/buildbuddy/full_lane_test.sh &&
  grep -Fq 'workspace copy observed changing runfile' tools/buildbuddy/cargo_lane_test.sh; then
  pass "BuildBuddy SDK, WASM, and audit lanes use real cargo-equivalent Bazel test targets"
else
  bad "BuildBuddy SDK, WASM, or audit lane is still static, host-only, or unmapped"
fi

if grep -Fq '//xtask:machine_verify_all_tlc_test' scripts/buildbuddy-bazel-poc &&
  grep -Fq 'name = "machine_verify_all_tlc_test"' xtask/BUILD.bazel &&
  grep -Fq 'machine-verify --all --skip-cargo-tests' xtask/tests/machine_verify_all_tlc_test.sh &&
  grep -Fq 'machine-check-drift --all' xtask/tests/machine_verify_all_tlc_test.sh &&
  grep -Fq '@@rules_rust++rust+rustfmt_nightly-2026-04-16__aarch64-apple-darwin_tools//:rustfmt_bin' xtask/BUILD.bazel &&
  grep -Fq '@@rules_rust++rust+rustfmt_nightly-2026-04-16__aarch64-apple-darwin_tools//:rustc_lib' xtask/BUILD.bazel &&
  grep -Fq '"RUSTFMT": "$(rootpath tests/rustfmt_host.sh)"' xtask/BUILD.bazel &&
  grep -Fq 'export RUSTFMT' xtask/tests/machine_verify_all_tlc_test.sh; then
  pass "BuildBuddy machine-authority lane runs hermetic machine-verify/TLC with hermetic rustfmt and leaves Cargo-backed tests to Bazel lanes"
else
  bad "BuildBuddy machine-authority lane does not include hermetic machine-verify plus no-TLC drift fallback"
fi

if grep -Fq 'default_target="//:surface_feature_matrix_builds"' scripts/buildbuddy-bazel-poc &&
  grep -Fq 'command="build"' scripts/buildbuddy-bazel-poc &&
  grep -Fq 'name = "surface_feature_matrix_builds"' BUILD.bazel &&
  grep -Fq 'meerkat_rpc_surface_min' meerkat-rpc/BUILD.bazel &&
  grep -Fq 'meerkat_rest_surface_comms' meerkat-rest/BUILD.bazel &&
  grep -Fq 'meerkat_mcp_server_surface_comms' meerkat-mcp-server/BUILD.bazel &&
  grep -Fq 'rkat_surface_session_store_comms_mcp_bin' meerkat-cli/BUILD.bazel; then
  pass "BuildBuddy surface feature matrix uses Bazel-native feature-variant build targets"
else
  bad "BuildBuddy surface feature matrix still routes through cargo-in-shell"
fi

release_surface_count="$(
  awk '
    index($0, "//meerkat-cli:rkat //meerkat-rpc:rkat_rpc_bin //meerkat-rest:rkat_rest_bin //meerkat-mcp-server:rkat_mcp_bin") {
      count += 1
    }
    END { print count + 0 }
  ' scripts/buildbuddy-bazel-poc
)"
if [[ "${release_surface_count}" -eq 5 ]] &&
  grep -Fq 'MEERKAT_RELEASE_BUILDBUDDY_JOBS' .github/workflows/release.yml; then
  pass "BuildBuddy release lanes package only public runtime surfaces"
else
  bad "BuildBuddy release lanes are not aligned with the shipped binary surface set"
fi

if grep -Fq 'release_backend:' .github/workflows/release.yml &&
  grep -Fq 'MEERKAT_RELEASE_BUILDBUDDY' .github/workflows/release.yml &&
  grep -Fq 'release_validate_cargo:' .github/workflows/release.yml &&
  grep -Fq 'release_validate_buildbuddy:' .github/workflows/release.yml &&
  grep -Fq 'release_validate_gate:' .github/workflows/release.yml &&
  grep -Fq 'build_binaries_gate:' .github/workflows/release.yml &&
  grep -Fq 'lane: release-validate' .github/workflows/release.yml &&
  grep -Fq 'release-validate-rbe' scripts/buildbuddy-bazel-poc &&
  grep -Fq 'release-validate)' scripts/buildbuddy-ci-lane &&
  grep -Fq 'release-validate|' scripts/buildbuddy-ci-dispatch; then
  pass "Release workflow selects Cargo or BuildBuddy validation/build branches behind one backend switch"
else
  bad "Release workflow does not match the Cargo/BuildBuddy selected-backend model"
fi

if awk '
  /sdk-suites-rbe\)/ { lane = "sdk" }
  /wasm-contract-rbe\)/ { lane = "wasm-contract" }
  /wasm-check-rbe\)/ { lane = "wasm-check" }
  /security-audit-rbe\)/ { lane = "audit" }
  lane != "" && /;;/ { lane = "" }
  lane != "" && /buildbuddy_static_lanes_test/ { bad = 1 }
  lane != "" && /meerkat-web-runtime:.*_test/ { bad = 1 }
  END { exit bad ? 1 : 0 }
' scripts/buildbuddy-bazel-poc; then
  pass "BuildBuddy full lanes do not route through static or host-only placeholder tests"
else
  bad "BuildBuddy full lanes still contain placeholder test routing"
fi

if ! grep -Fq 'rust-release-packaging:' .github/workflows/cargo.yml &&
  grep -Fq 'Verify Rust release config' .github/workflows/release.yml &&
  grep -Fq 'scripts/cargo-agent-gate' .github/workflows/cargo.yml &&
  grep -Fq 'name: GHA Cargo' .github/workflows/ci.yml &&
  grep -Fq 'name: GCP BuildBuddy' .github/workflows/ci.yml &&
  ! grep -Fq 'BuildBuddy hosted' .github/workflows/ci.yml &&
  ! grep -Fq 'buildbuddy-hosted' .github/workflows/ci.yml; then
  pass "CI exposes one default Cargo lane plus one owner-gated GCP BuildBuddy lane"
else
  bad "CI does not match the simplified two-lane shape"
fi

if grep -Fq 'name = "e2e_system_tests"' BUILD.bazel &&
  grep -Fq 'workspace-unit-rbe' scripts/buildbuddy-bazel-poc &&
  grep -Fq 'workspace-integration-fast-rbe' scripts/buildbuddy-bazel-poc &&
  grep -Fq 'e2e-fast-rbe' scripts/buildbuddy-ci-lane &&
  grep -Fq 'e2e-live-rbe' scripts/buildbuddy-ci-lane &&
  grep -Fq 'e2e-smoke-remote-rbe' scripts/buildbuddy-ci-lane &&
  grep -Fq 'machine-authority-rbe' scripts/buildbuddy-ci-lane &&
  grep -Fq 'rmat-audit-rbe' scripts/buildbuddy-ci-lane &&
  grep -Fq 'seam-inventory-rbe' scripts/buildbuddy-ci-lane &&
  grep -Fq 'system_e2e_command="e2e-system-rbe"' scripts/buildbuddy-ci-workspace &&
  grep -Fq 'RKAT_TEST_BIN_RKAT_RPC' tests/integration/BUILD.bazel &&
  grep -Fq 'CARGO_BIN_EXE_rkat' meerkat-cli/BUILD.bazel; then
  pass "BuildBuddy CI has native unit, integration-fast, and e2e lanes"
else
  bad "BuildBuddy CI is missing native test lane wiring"
fi

ci_workflow_gate_dry_run="$(./scripts/buildbuddy-agent-gate --dry-run .github/workflows/ci.yml 2>&1 || true)"
if [[ "${ci_workflow_gate_dry_run}" == *"Global build/test configuration changed"* ]] &&
  [[ "${ci_workflow_gate_dry_run}" == *"DRY-RUN make buildbuddy-ci-warm"* ]]; then
  pass "BuildBuddy agent gate escalates normal CI workflow edits"
else
  bad "BuildBuddy agent gate does not escalate normal CI workflow edits"
  printf '%s\n' "${ci_workflow_gate_dry_run}" >&2
fi

sample_a="${XDG_CACHE_HOME:-${HOME}/.cache}/meerkat/buildbuddy-bazel/$(basename "${workspace_root}")-sample-workspace-fast-rbe-agent-a"
sample_b="${XDG_CACHE_HOME:-${HOME}/.cache}/meerkat/buildbuddy-bazel/$(basename "${workspace_root}")-sample-workspace-fast-rbe-agent-b"
if [[ "${sample_a}" != "${sample_b}" ]]; then
  pass "BuildBuddy lane model supports distinct same-worktree agent output roots"
else
  bad "BuildBuddy lane model would collide for same-worktree agents"
fi

if [[ -n "$(git status --short)" ]]; then
  note "working tree has local changes; doctor did not modify them"
else
  pass "working tree is clean"
fi

printf '\nBuildBuddy doctor: %s pass, %s warn, %s fail\n' "${ok}" "${warn}" "${fail}"
if [[ "${fail}" -gt 0 ]]; then
  exit 1
fi
