#!/bin/bash
# Voxis Static Build Protocol (GCC + Zstd + LibreSSL Edition)

set -e

echo "🛡️  [VOXIS] Linking Sovereign Artifact (ARM64 + LibreSSL)..."
echo ""

# --- 1. CONFIGURATION ---
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
VENDOR="$SCRIPT_DIR/../nexus/vendor"
ZSTD_PATH="$VENDOR/zstd-1.5.5/lib"
LIBRE_PATH="$VENDOR/libressl-3.8.2"

# LibreSSL hides static libs in subdirectories
LIBRE_SSL_LIB="$LIBRE_PATH/ssl/.libs"
LIBRE_CRYPTO_LIB="$LIBRE_PATH/crypto/.libs"
LIBRE_TLS_LIB="$LIBRE_PATH/tls/.libs"

OUTPUT_DIR="$SCRIPT_DIR/build/arm64"
mkdir -p "$OUTPUT_DIR"

# Verify libraries exist
if [ ! -f "$LIBRE_CRYPTO_LIB/libcrypto.a" ]; then
    echo "❌ Error: libcrypto.a not found at $LIBRE_CRYPTO_LIB"
    exit 1
fi

if [ ! -f "$ZSTD_PATH/libzstd.a" ]; then
    echo "❌ Error: libzstd.a not found at $ZSTD_PATH"
    exit 1
fi

echo "✅ Static libraries verified"
echo "   📦 Zstd: $ZSTD_PATH/libzstd.a"
echo "   📦 LibreSSL crypto: $LIBRE_CRYPTO_LIB/libcrypto.a"
echo "   📦 LibreSSL ssl: $LIBRE_SSL_LIB/libssl.a"
echo "   📦 LibreSSL tls: $LIBRE_TLS_LIB/libtls.a"
echo ""

# Put wrapper in PATH to filter x86 flags
export PATH="/tmp/gcc-wrapper-bin:$PATH"

# --- 2. THE COMPILATION ---
# -d:ssl              : Enable Nim SSL support
# -d:openssl          : Use OpenSSL-compatible API
# --dynlibOverride    : VITAL. Stops Nim from trying to load .so files at runtime.
# --passC             : Include headers (Zstd + LibreSSL)
# --passL             : Link static libs (Note the multiple -L paths)

echo "🔨 Compiling nip for ARM64..."
echo ""

nim c \
    --skipProjCfg \
    --nimcache:/tmp/nip-arm64-cache \
    -d:release \
    -d:ssl \
    -d:openssl \
    -d:nimcrypto_disable_neon \
    -d:nimcrypto_no_asm \
    --cpu:arm64 \
    --os:linux \
    --cc:gcc \
    --gcc.exe:aarch64-linux-gnu-gcc \
    --gcc.linkerexe:aarch64-linux-gnu-gcc \
    --dynlibOverride:ssl \
    --dynlibOverride:crypto \
    --passC:"-I$ZSTD_PATH -I$LIBRE_PATH/include" \
    --passL:"-L$ZSTD_PATH -L$LIBRE_SSL_LIB -L$LIBRE_CRYPTO_LIB -L$LIBRE_TLS_LIB" \
    --passL:"-static -lssl -lcrypto -ltls -lzstd -lpthread -ldl -lm -lresolv" \
    --opt:size \
    --mm:orc \
    --threads:on \
    -o:"$OUTPUT_DIR/nip" \
    src/nip.nim

# --- 3. VERIFICATION ---
if [ $? -eq 0 ] && [ -f "$OUTPUT_DIR/nip" ]; then
    echo ""
    echo "✅ Build Successful!"
    echo ""
    echo "📊 Binary info:"
    ls -lh "$OUTPUT_DIR/nip"
    file "$OUTPUT_DIR/nip"
    echo ""
    
    # Check if truly static
    if file "$OUTPUT_DIR/nip" | grep -q "statically linked"; then
        echo "✅ Linking: Static"
    else
        echo "⚠️  Warning: Binary may not be fully static"
    fi
    
    # Check for crypto strings (should NOT be present as dlopen targets)
    if strings "$OUTPUT_DIR/nip" | grep -q "libcrypto.so"; then
        echo "⚠️  Warning: Binary still contains libcrypto.so references"
    else
        echo "✅ No dynamic crypto references found"
    fi
else
    echo ""
    echo "❌ Build Failed."
    exit 1
fi