#!/bin/bash
# =============================================================================
# prove-prior-ip.sh v1.3 – macOS 2025 standard prior-IP proof (GPG 2.5.x fix)
# =============================================================================

set -euo pipefail

VERSION="1.3"
TIMESTAMP=$(date "+%Y-%m-%d")
YOURNAME=$(id -F | tr ' ' '_')
OUTDIR="prior-ip-proof-${TIMESTAMP}_${YOURNAME}"
SENDDIR="$OUTDIR/1_send_to_counterparty_and_lawyers"
KEEPDIR="$OUTDIR/2_KEEP_PRIVATE_OFFLINE"
LAWYERDIR="$OUTDIR/3_send_to_YOUR_lawyer_for_vault_storage"

# ANSI colors for pretty output
RED=$(printf '\033[0;31m')
GREEN=$(printf '\033[0;32m')
YELLOW=$(printf '\033[1;33m')
BLUE=$(printf '\033[0;34m')
PURPLE=$(printf '\033[0;35m')
CYAN=$(printf '\033[0;36m')
NC=$(printf '\033[0m') # No Color

header() {
    echo "${CYAN}╔══════════════════════════════════════════════════════════════════════════════╗${NC}"
    echo "${CYAN}║ ${PURPLE}$1${NC}${CYAN}$(printf ' %0.s' $(seq 1 $((78 - ${#1} - 2))))║${NC}"
    echo "${CYAN}╚══════════════════════════════════════════════════════════════════════════════╝${NC}"
}

step() {
    echo "${GREEN}📦  STEP: $1${NC}"
}

success() {
    echo "${GREEN}✅ $1${NC}"
}

info() {
    echo "${BLUE}ℹ️  $1${NC}"
}

warn() {
    echo "${YELLOW}⚠️  $1${NC}"
}

show_help() {
    header "prove-prior-ip.sh v$VERSION – Prior-IP Proof Generator"
    cat << EOF

${YELLOW}Usage:${NC} ./prove-prior-ip.sh --file <path-to-file-or-folder>

${BLUE}What it does:${NC}
  • Generates a strong GPG key pair (if needed) – now GPG 2.5.x compatible
  • Packages your IP securely with timestamp
  • Computes SHA-256 hash
  • Signs the hash for verifiable proof
  • Creates organized folders with clear instructions

${BLUE}Prerequisites:${NC}
  • Install GnuPG on macOS using Homebrew:
    ${GREEN}brew install gnupg${NC}

${GREEN}Output folders:${NC}
  📁 1_send_to_counterparty_and_lawyers/   → Send these 3 files to everyone involved
  📁 2_KEEP_PRIVATE_OFFLINE/               → Your originals – vault yourself!
  📁 3_send_to_YOUR_lawyer_for_vault_storage/ → Optional: Send to YOUR lawyer for safe storage

${CYAN}Example:${NC}
  ./prove-prior-ip.sh --file ~/Downloads/my-secret.md

EOF
    exit 0
}

# ----------------------- Parse args -----------------------
FILE=""
while [[ $# -gt 0 ]]; do
    case $1 in
        --file) FILE="$2"; shift 2 ;;
        -h|--help) show_help ;;
        *)
            if [[ "$1" == -* ]]; then
                echo "${RED}❌ Unknown option: $1${NC}"; show_help
            else
                FILE="$1"; shift
            fi
            ;;
    esac
done

[[ -z "$FILE" ]] && { echo "${RED}❌ Error: --file is required${NC}"; show_help; }
[[ ! -e "$FILE" ]] && { echo "${RED}❌ Error: Path not found: $FILE${NC}"; exit 1; }

header "Starting Prior-IP Proof Generation – $TIMESTAMP"
info "User: $YOURNAME"
info "Input: $FILE"

# ----------------------- Setup folders -----------------------
step "Setting up secure folders"
mkdir -p "$SENDDIR" "$KEEPDIR" "$LAWYERDIR"
success "Folders ready: $OUTDIR"

# ----------------------- GPG key (auto-create if missing) -----------------------
step "Checking/Generating GPG key"
if ! gpg --list-secret-keys --keyid-format LONG | grep -q sec; then
    info "No key found – generating strong 4096-bit RSA key (~10-20 sec)..."
    gpg --batch --gen-key <<EOF
%echo Generating RSA 4096 key pair for prior-IP proof
Key-Type: rsa
Key-Length: 4096
Subkey-Type: rsa
Subkey-Length: 4096
Name-Real: $YOURNAME
Name-Email: $YOURNAME@local
Name-Comment: Prior-IP Proof $TIMESTAMP
Expire-Date: 0
%commit
EOF
    success "GPG key created and ready!"
else
    success "GPG key already exists – using it"
fi

KEYID=$(gpg --list-secret-keys --keyid-format LONG | grep '^sec' | awk '{print $2}' | cut -d'/' -f2 | head -1)
info "Key ID: $KEYID"

# ----------------------- Package the original IP -----------------------
step "Packaging your confidential IP"
cd "$(dirname "$FILE")"
BASE=$(basename "$FILE")

if [[ -d "$FILE" ]]; then
    tar -czf "$KEEPDIR/original-$BASE.tar.gz" "$BASE"
    info "Compressed folder: $BASE → original-$BASE.tar.gz"
else
    cp "$FILE" "$KEEPDIR/"
    tar -czf "$KEEPDIR/original-$(basename "$FILE").tar.gz" -C "$KEEPDIR" "$(basename "$FILE")"
    rm "$KEEPDIR/$(basename "$FILE")"
    info "Compressed file: $(basename "$FILE") → original-$(basename "$FILE").tar.gz"
fi
success "IP packaged securely"

# ----------------------- Hash + sign -----------------------
step "Computing SHA-256 hash"
HASH=$(sha256sum "$KEEPDIR"/original-*.tar.gz | awk '{print $1}')
echo "$HASH" > "$SENDDIR/hash.txt"
info "Hash: $HASH"

step "Signing the hash with your private key"
gpg --batch --yes --local-user "$KEYID" --armor --detach-sign "$SENDDIR/hash.txt"
success "Hash signed – verifiable proof created"

step "Exporting your public key"
gpg --armor --export "$KEYID" > "$SENDDIR/public-key.asc"
success "Public key exported"

# ----------------------- Folder 3: lawyer vault package -----------------------
step "Preparing lawyer vault package (optional)"
cp -r "$KEEPDIR"/* "$LAWYERDIR/"
cat > "$LAWYERDIR/README_FOR_LAWYER.txt" << EOF
CONFIDENTIAL – FOR VAULT STORAGE ONLY

Client: $YOURNAME
Matter: Prior-IP Proof – created $TIMESTAMP
Hash: $HASH

Please store this entire folder (or zip) in the secure client vault.
DO NOT share with counterparty or anyone else unless explicitly instructed by client
or required in formal dispute/arbitration.

Contains the original confidential files that match the signed hash sent to all parties today.

Thank you.
EOF
success "Lawyer package ready (send zipped to YOUR counsel)"

# ----------------------- Private keep-safe note -----------------------
step "Adding keep-safe instructions"
cat > "$KEEPDIR/README_KEEP_SAFE.txt" << EOF
KEEP THIS FOLDER OFFLINE AND SAFE (multiple encrypted backups!)

Only ever reveal the tar.gz inside if there is a real IP dispute.
The signed hash you sent today proves you had this exact version on $TIMESTAMP.

Hash for verification: $HASH
EOF
success "Private instructions added"

# ----------------------- Final pretty output -----------------------
header "🎉 SUCCESS! Your Proof is Ready"
cat << EOF

${GREEN}📁 Main Folder:${NC} $OUTDIR

${BLUE}=== IMMEDIATE ACTIONS ===${NC}

${YELLOW}1️⃣ Send these 3 files to counterparty + BOTH lawyers:${NC}
   📄 $SENDDIR/hash.txt          ${GREEN}(plain 64-char hash)${NC}
   📄 $SENDDIR/hash.txt.asc      ${GREEN}(your digital signature)${NC}
   📄 $SENDDIR/public-key.asc    ${GREEN}(for verification)${NC}

${YELLOW}2️⃣ (OPTIONAL – but ${RED}HIGHLY${YELLOW} recommended):${NC}
   Zip & send entire folder: ${GREEN}"$LAWYERDIR"${NC}
   → To ${PURPLE}YOUR lawyer only${NC}, with note: "Vault this – prior-IP proof, confidential"

${YELLOW}3️⃣ Personal Backup:${NC}
   Store whole "$OUTDIR" in ${GREEN}2+ offline spots${NC} (e.g., encrypted USB + bank safe)

${CYAN}Why this rocks:${NC} Bulletproof like Google/OpenAI deals in 2025. Zero trust needed – hash + sig proves prior art forever.

${GREEN}Proof sealed on: $(date)${NC}

EOF

success "Opening folder in Finder..."
open "$OUTDIR"