// Runtime helper: "Is this install licensed?" — call from `main.ts` before
// you start your app's main process, so the app can refuse to boot (or boot
// in a reduced-functionality trial mode) when no valid key is present.
//
// This never touches the network — only the signature. The offline check is
// what you want at startup: nothing on the internet should be able to keep
// the buyer's app from starting if the key is legitimate.

import { Verifier, PublicKey, type VerifyOk } from '@keysat/licensing-client'
import { ISSUER_PUBKEY_PEM, PRODUCT_SLUG } from './config'

export interface LicenseGateResult {
  licensed: boolean
  /** Populated if licensed === true. */
  details?: VerifyOk
  /** Populated if licensed === false. Human-readable. */
  reason?: string
}

/**
 * Check the license key stored in the package store. Pure offline — runs in
 * a few milliseconds.
 *
 * Typical usage in main.ts:
 *
 *   const gate = checkLicenseGate(await sdk.store.getOwn(effects, sdk.StorePath).const())
 *   if (!gate.licensed) {
 *     // options: exit, or inject a "trial mode" env var into your daemon
 *   }
 */
export function checkLicenseGate(store: {
  license_key?: string | null
}): LicenseGateResult {
  const key = store.license_key
  if (!key) return { licensed: false, reason: 'no license key stored' }
  try {
    const ok = new Verifier(PublicKey.fromPem(ISSUER_PUBKEY_PEM)).verify(key)
    return { licensed: true, details: ok }
  } catch (e) {
    return {
      licensed: false,
      reason: e instanceof Error ? e.message : 'verification failed',
    }
  }
}

export { PRODUCT_SLUG }