# Protected files — read-only for the agent.
#
# Entries are ABSOLUTE paths. The entrypoint enforces chmod 444 +
# root ownership on each path after the chown sweep that hands the
# rest of /app/app/, /app/scripts/, and /data/shell/ to the mobius
# user.
#
# Two categories live here:
#
# 1. **Credential surfaces** — files that handle password / token
#    input. Agent could exfiltrate by tampering. Keep root-owned.
#
# 2. **Frozen recovery island** — the minimum set of files that
#    MUST keep working when the agent has broken everything else.
#    Recovery chat is the always-reachable escape hatch; its code
#    paths cannot be agent-editable or the safety net is illusory.
#    If a frozen file is somehow corrupted, recovery_restore.sh
#    re-copies it from /app/app-baked/ or /app/scripts-baked/.

# --- Credential surfaces (shell) ---
/data/shell/src/components/LoginForm/LoginForm.jsx
/data/shell/src/components/LoginForm/LoginForm.css
/data/shell/src/components/SetupWizard/SetupWizard.jsx
/data/shell/src/components/SetupWizard/SetupWizard.css
/data/shell/src/components/ProviderAuth/ProviderAuth.jsx
/data/shell/src/components/ProviderAuth/ProviderAuth.css

# --- Frozen recovery island (backend) ---
/app/app/routes/recover.py
/app/app/routes/recover_html.py
/app/app/recover_chat.py
/app/app/recover_chat_runner.py
/app/app/recover_auth.py
/app/app/recover_oauth.py

# --- Frozen recovery wiring ---
# Without these, the recovery files above exist on disk but are not
# reachable via HTTP. The agent CAN edit `main.py` to drop
# `include_router(recover_chat_router)` and `routes/__init__.py` to
# stop exporting the recover routers — both are mobius-writable
# without this entry, and would silently disable recovery on the
# next restart. Same for `auth.py`: agent could hardcode a password
# or mint tokens. `database.py` is on the boot import chain — a
# corrupted database.py prevents uvicorn from starting at all, so
# recovery becomes unreachable. `config.py` is imported by main.py
# AND auth.py AND database.py — it's the deepest shared dependency;
# break it and the entire boot chain dies before any router is
# evaluated. `models.py` is imported by recover_chat.py (for the
# Owner row lookup) and by database.py — a broken models.py kills
# both the recovery owner check and any other route that touches
# the DB. Both are small, stable files (~60 and ~110 lines, last
# 6 months saw <5 commits each) so freezing them costs the agent
# little but seals the boot chain.
/app/app/main.py
/app/app/routes/__init__.py
/app/app/auth.py
/app/app/database.py
/app/app/config.py
/app/app/models.py

# --- Frozen recovery island (scripts) ---
/app/scripts/entrypoint.sh
/app/scripts/recovery_restore.sh
