#!/bin/bash

# Script to remove sensitive files from git history
# WARNING: This will rewrite git history!

echo "WARNING: This script will rewrite git history to remove sensitive files."
echo "Make sure you have a backup of your repository before proceeding."
echo ""
read -p "Do you want to continue? (y/N): " -n 1 -r
echo ""

if [[ ! $REPLY =~ ^[Yy]$ ]]; then
    echo "Aborted."
    exit 1
fi

echo "Removing sensitive files from git history..."

# Files to remove from history
FILES_TO_REMOVE=(
    "CLAUDE.md"
    "package.json"
    "package-lock.json"
    "composer.json"
    "composer.lock"
    ".playwright-mcp/*"
    "tests/*"
    "*.json"
    ".env"
    ".env.*"
)

# Remove each file from git history
for file in "${FILES_TO_REMOVE[@]}"; do
    echo "Removing $file from history..."
    git filter-branch --force --index-filter \
        "git rm -rf --cached --ignore-unmatch $file" \
        --prune-empty --tag-name-filter cat -- --all 2>/dev/null || true
done

echo ""
echo "Cleaning up..."

# Clean up refs
git for-each-ref --format="%(refname)" refs/original/ | xargs -n 1 git update-ref -d

# Expire reflog
git reflog expire --expire=now --all

# Garbage collect
git gc --prune=now --aggressive

echo ""
echo "Done! Sensitive files have been removed from git history."
echo ""
echo "IMPORTANT NEXT STEPS:"
echo "1. Review the changes with: git log --oneline"
echo "2. Force push to remote: git push --force --all"
echo "3. Tell all collaborators to re-clone the repository"
echo "4. Update any CI/CD secrets that may have been exposed"
echo ""
echo "The following files are now in .gitignore and won't be committed again:"
cat .gitignore | grep -E "CLAUDE|json|.env|playwright|test" | head -10