# AgentPKI bootstrap (PowerShell). Runs three real scenarios against the live
# issuer + verifier:
#   1. happy path        -> verdict: allow
#   2. tampered signature -> verdict: deny  (failure_reason: bad_signature)
#   3. revoked-key sign  -> verdict: deny  (failure_reason: revoked_key)
#
# Nothing destructive. Six HTTP calls total. The point: you watch the same
# verifier accept a real token and reject two different attacks, with
# different latencies that tell you WHERE in the trust chain each check fired.
#
# Source: https://github.com/agentpki/web/blob/main/public/bootstrap.ps1
# Inspect without executing:
#   iwr https://agentpki.dev/bootstrap.ps1 | Select-Object -Expand Content

$ErrorActionPreference = 'Stop'

Write-Host ''
Write-Host 'AgentPKI bootstrap . v1.0  (3-scenario trust demo)'
Write-Host '----------------------------------------------------'
Write-Host ''

# ─── Step 0: collect email ──────────────────────────────────────────────
if ($env:AGENTPKI_BOOTSTRAP_EMAIL) {
  $email = $env:AGENTPKI_BOOTSTRAP_EMAIL
  Write-Host ('  Email? ' + $email + '  (from env)')
} else {
  $email = Read-Host '  Email'
}
$email = $email.Trim().ToLowerInvariant()
if (-not ($email -match '^[^\s@]+@[^\s@]+\.[^\s@]+$')) {
  Write-Host ''
  Write-Host ('  [fail] "' + $email + '" does not look like an email.')
  Write-Host ''
  exit 1
}
Write-Host ''

# ════════════════════════════════════════════════════════════════════════
#   SCENARIO 1 / 3  .  happy path
#   Expect: verdict allow. This is also the only scenario that produces a
#   shareable /check/result/<id> permalink, since you'd only share real
#   passages.
# ════════════════════════════════════════════════════════════════════════
Write-Host '  Scenario 1 of 3 . happy path'
Write-Host '  --------------------------------------------------'
Write-Host -NoNewline '  Claiming subdomain + minting + verifying + storing ... '

$body = @{ email = $email } | ConvertTo-Json -Compress
try {
  $s1 = Invoke-RestMethod -Method POST `
    -Uri 'https://agentpki.dev/api/v1/bootstrap-claim' `
    -ContentType 'application/json' -Body $body
} catch {
  Write-Host 'fail'
  Write-Host ''
  Write-Host ('         Error: ' + $_.Exception.Message)
  Write-Host ''
  exit 1
}
if (-not $s1.ok) {
  Write-Host 'fail'
  Write-Host '         ' ($s1 | ConvertTo-Json -Depth 5 -Compress)
  exit 1
}
Write-Host ('ok in ' + $s1.bootstrap_elapsed_ms + 'ms')

$tokHead = $s1.passport_token.Substring(0, [Math]::Min(24, $s1.passport_token.Length))
Write-Host ('    issuer    ' + $s1.subdomain)
Write-Host ('    passport  ' + $tokHead + '... (' + $s1.passport_token_length + ' chars)')
Write-Host ('    verdict   ' + $s1.verdict + '   (verifier elapsed ' + $s1.verifier_elapsed_ms + 'ms)')
if ($s1.check_url) {
  Write-Host ('    share     ' + $s1.check_url)
}
Write-Host ''

# ════════════════════════════════════════════════════════════════════════
#   SCENARIO 2 / 3  .  tampered signature
#   Mint a fresh real token, flip the last 4 chars of the payload+sig blob.
#   Those last chars are part of the Ed25519 signature -- flipping them
#   leaves the inner JSON payload intact (so the verifier parses it fine)
#   but the signature no longer matches.
#   Expect: verdict deny, failure_reason bad_signature.
# ════════════════════════════════════════════════════════════════════════
Write-Host '  Scenario 2 of 3 . tampered signature'
Write-Host '  --------------------------------------------------'
Write-Host -NoNewline '  Minting a fresh token, flipping 4 chars of its Ed25519 signature, verifying ... '

$cleanMint = Invoke-RestMethod -Uri 'https://demo.agentpki.dev/mint'
$clean = $cleanMint.token
# PASETO v4.public shape:  v4.public.<base64url(payload || signature)>.<footer>
# The signature is the LAST 64 bytes of the decoded blob, which is the
# last ~86 chars of the base64url. Replacing the last 4 chars with AAAA
# leaves the payload bytes untouched but corrupts the signature, so the
# verifier parses the payload JSON cleanly and THEN fails signature check.
$parts = $clean.Split('.')
$tamperedPayloadSig = $parts[2].Substring(0, $parts[2].Length - 4) + 'AAAA'
$tampered = $parts[0] + '.' + $parts[1] + '.' + $tamperedPayloadSig + '.' + $parts[3]

$body2 = @{ token = $tampered } | ConvertTo-Json -Compress
$s2 = Invoke-RestMethod -Method POST `
  -Uri 'https://verify.agentpki.dev/v1/verify' `
  -ContentType 'application/json' -Body $body2
Write-Host 'done'
Write-Host ('    verdict   ' + $s2.verdict + ' in ' + $s2.elapsed_ms + 'ms')
Write-Host ('    reason    ' + $s2.failure_reason)
Write-Host '    why       The payload JSON was still valid -- but the Ed25519'
Write-Host '              signature no longer matched. No network needed: this'
Write-Host '              fails on pure crypto math, locally, before any CRL'
Write-Host '              fetch even gets queued.'
Write-Host ''

# ════════════════════════════════════════════════════════════════════════
#   SCENARIO 3 / 3  .  revoked-key signing
#   demo.agentpki.dev/mint?revoked=1 signs with a kid that is listed in the
#   issuer's CRL as revoked. The signature is mathematically valid -- the
#   verifier has to fetch the issuer directory + CRL to know to reject it.
#   Expect: verdict deny, failure_reason revoked_key, failure_detail showing
#   the revoked kid + revocation timestamp + reason. Higher elapsed_ms
#   because it required a real network round-trip to the issuer.
# ════════════════════════════════════════════════════════════════════════
Write-Host '  Scenario 3 of 3 . revoked-key signing'
Write-Host '  --------------------------------------------------'
Write-Host -NoNewline '  Minting via /mint?revoked=1 (signs with rotated kid), verifying ... '

$revMint = Invoke-RestMethod -Uri 'https://demo.agentpki.dev/mint?revoked=1'
$body3 = @{ token = $revMint.token } | ConvertTo-Json -Compress
$s3 = Invoke-RestMethod -Method POST `
  -Uri 'https://verify.agentpki.dev/v1/verify' `
  -ContentType 'application/json' -Body $body3
Write-Host 'done'
Write-Host ('    verdict   ' + $s3.verdict + ' in ' + $s3.elapsed_ms + 'ms')
Write-Host ('    reason    ' + $s3.failure_reason)
if ($s3.failure_detail) {
  Write-Host ('    detail    ' + $s3.failure_detail)
}
Write-Host '    why       Signature was mathematically valid -- the rotated'
Write-Host '              kid really did sign this token. The verifier consulted'
Write-Host '              the issuer''s CRL (cached after first lookup) and saw'
Write-Host '              the kid is now revoked. Different reason field from'
Write-Host '              scenario 2 -- bad_signature means "this is a fake",'
Write-Host '              revoked_key means "this was real, the key is dead".'
Write-Host ''

# ─── Summary ────────────────────────────────────────────────────────────
Write-Host '  ----------------------------------------------------'
Write-Host '  All 3 scenarios behaved as expected:'
Write-Host ('    [scenario 1]  real signed token        -> ' + $s1.verdict)
Write-Host ('    [scenario 2]  tampered signature       -> ' + $s2.verdict + ' (' + $s2.failure_reason + ')')
Write-Host ('    [scenario 3]  revoked-key signing      -> ' + $s3.verdict + ' (' + $s3.failure_reason + ')')
Write-Host ''
Write-Host '  AgentPKI distinguishes a forged token from a revoked one --'
Write-Host '  and the verifier tells you, accurately, which one happened.'
Write-Host ''
Write-Host '  About your demo subdomain:'
Write-Host ('    ' + $s1.subdomain)
Write-Host '    is a deterministic hash of your email. Re-running gives the same'
Write-Host '    one. It identifies you in the demo only -- you do NOT own it,'
Write-Host '    and it is not a real DNS-resolvable issuer.'
Write-Host ''
Write-Host '  Next steps:'
Write-Host '    - issue real passports from YOUR OWN domain + keys:'
Write-Host '        https://agentpki.dev/dashboard  (magic-link, ~3 min)'
Write-Host '    - install the SDK in your agent:  npm i @agentpki/sdk'
Write-Host '    - read the v0.2 spec:             https://agentpki.dev/spec'
if ($s1.check_url) {
  Write-Host '    - share the allow scenario:'
  Write-Host ('        ' + $s1.check_url)
}
Write-Host ''