From c00a04087ffeea27c3910267e826cba3e84498a3 Mon Sep 17 00:00:00 2001
From: Jonathan Miller <jmiller-moko@noreply.git.mokoconsulting.tech>
Date: Sun, 19 Apr 2026 14:10:14 -0500
Subject: [PATCH] Fix: protected files skip entirely before stale token check

Protected files (like updates.xml) were being overwritten because
the stale-token check ran AFTER the canOverwrite gate. Now protected
files continue (skip) immediately, even with --force.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 lib/Enterprise/RepositorySynchronizer.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/Enterprise/RepositorySynchronizer.php b/lib/Enterprise/RepositorySynchronizer.php
index 4ca1160..9309cd5 100644
--- a/lib/Enterprise/RepositorySynchronizer.php
+++ b/lib/Enterprise/RepositorySynchronizer.php
@@ -598,7 +598,12 @@ HCL;
             $isReadme     = $basename === 'readme.md';
             $isChangelog  = in_array($basename, ['changelog.md', 'changelog'], true);
             $isProtected  = $isReadme || $isChangelog;
-            $canOverwrite = !$isProtected && ($force || $entry['always_overwrite']) && !($entry['protected'] ?? false);
+            // Protected files are NEVER overwritten, even with --force
+            if ($entry['protected'] ?? false) {
+                $summary['skipped'][] = ['file' => $targetPath, 'reason' => 'Protected — never overwritten'];
+                continue;
+            }
+            $canOverwrite = !$isProtected && ($force || $entry['always_overwrite']);
 
             if ($isReadme) {
                 $summary['skipped'][] = ['file' => $targetPath, 'reason' => 'README — never overwritten'];