function Safe-WriteFile {
    param(
        [Parameter(Mandatory=$true)][string]$FinalPath,
        [Parameter(Mandatory=$true)][string]$Content
    )

    $LocalTempDir = "C:\\Temp_Gouvernance"
    if (-not (Test-Path $LocalTempDir)) { New-Item -ItemType Directory -Path $LocalTempDir -Force | Out-Null }

    $FileName = Split-Path $FinalPath -Leaf
    $TempPath = Join-Path $LocalTempDir $FileName

    # Écriture locale
    $utf8NoBom = New-Object System.Text.UTF8Encoding(False)
    [System.IO.File]::WriteAllText($TempPath, $Content, $utf8NoBom)

    # Hash local
    $sha1_local = (Get-FileHash -Path $TempPath -Algorithm SHA1).Hash

    # Transfert
    $TargetDir = Split-Path $FinalPath -Parent
    if (-not (Test-Path $TargetDir)) { New-Item -ItemType Directory -Path $TargetDir -Force | Out-Null }
    Move-Item -Path $TempPath -Destination $FinalPath -Force

    # Vérif post-copie
    $sha1_remote = (Get-FileHash -Path $FinalPath -Algorithm SHA1).Hash
    if ($sha1_local -eq $sha1_remote) {
        Write-Host "[OK] Transfert validé — $FileName (SHA1=$sha1_remote)"
    } else {
        Write-Host "[WARN] SHA1 mismatch — $FileName"
    }

    return $sha1_remote
}