deploy-core

#!/bin/bash
# ==============================================================================
# Phase 1: Core Infrastructure Deployment
# ==============================================================================

set -e # Fail fast on any command failure

ENV=${1:-"anvil"}
ENV_FILE=".env.$ENV"

if [ -f "$ENV_FILE" ]; then
    set -a; source "$ENV_FILE"; set +a
fi

# Determine RPC
if [ "$ENV" == "anvil" ]; then
    RPC_URL="http://127.0.0.1:8545"
else
    ENV_UPPER=$(echo $ENV | tr '[:lower:]' '[:upper:]')
    ENV_CLEAN=${ENV_UPPER//-/_}
    VAR_NAME="${ENV_CLEAN}_RPC_URL"
    RPC_URL=${!VAR_NAME:-$RPC_URL}
fi

if [ -z "$RPC_URL" ]; then
    echo -e "\033[0;31m❌ Error: RPC_URL for environment '$ENV' is not defined.\033[0m"
    echo "Check if .env.$ENV exists and contains ${ENV_CLEAN}_RPC_URL"
    exit 1
fi

# Smart Hash Check
CURRENT_HASH=$(find contracts/src -name "*.sol" -not -path "*/mocks/*" -type f -exec shasum -a 256 {} + | sort | shasum -a 256 | awk '{print $1}')
CONFIG_FILE_PATH="deployments/config.$ENV.json"

FORCE_DEPLOY=false
if [[ "$*" == *"--force"* ]]; then FORCE_DEPLOY=true; fi

SHOULD_RUN_DEPLOY=false
if [ "$ENV" != "anvil" ] && [ -f "$CONFIG_FILE_PATH" ] && [ "$FORCE_DEPLOY" = false ]; then
    STORED_HASH=$(jq -r '.srcHash // ""' "$CONFIG_FILE_PATH")
    if [ "$CURRENT_HASH" == "$STORED_HASH" ]; then
        echo "✅ Code unchanged ($CURRENT_HASH). Skipping Core Deployment."
        SHOULD_RUN_DEPLOY=false
    else
        echo "🔄 Code changed. Old: $STORED_HASH -> New: $CURRENT_HASH"
        SHOULD_RUN_DEPLOY=true
    fi
else
    # Anvil, no config file, or --force flag
    SHOULD_RUN_DEPLOY=true
fi

export CONFIG_FILE="config.$ENV.json"
export SRC_HASH="$CURRENT_HASH"
export DEPLOY_TIME=$(date "+%Y-%m-%d %H:%M:%S")
export ENV="$ENV"
SCRIPT_NAME=$([ "$ENV" == "anvil" ] && echo "DeployAnvil" || echo "DeployLive")

# Prepare Forge flags
FORGE_FLAGS="--rpc-url $RPC_URL --broadcast --slow -vv"
if [ "$ENV" != "anvil" ]; then
    FORGE_FLAGS="$FORGE_FLAGS --timeout 300"
fi

# Determine Signer
if [ -n "$DEPLOYER_ACCOUNT" ]; then
    echo "🔐 Using Foundry Keystore Account: $DEPLOYER_ACCOUNT"
    
    # Check if DEPLOYER_ADDRESS is already configured to skip password prompt
    if [ -n "$DEPLOYER_ADDRESS" ]; then
        echo "   ✅ Using configured address: $DEPLOYER_ADDRESS"
    else
        echo "   🔍 Resolving address from keystore (Password Required)..."
        DEPLOYER_ADDR=$(cast wallet address --account $DEPLOYER_ACCOUNT)
        echo "   📍 Resolved Address: $DEPLOYER_ADDR"
        export DEPLOYER_ADDRESS=$DEPLOYER_ADDR
    fi
    
    # When using --account, we don't need --sender if the account is the sender
    FORGE_FLAGS="$FORGE_FLAGS --account $DEPLOYER_ACCOUNT"
elif [ -n "$PRIVATE_KEY" ]; then
     echo "⚠️  Using Plaintext Private Key (Not Recommended)"
     FORGE_FLAGS="$FORGE_FLAGS --private-key $PRIVATE_KEY"
else
     # For Anvil, we can use the default test account if needed, or fail for live nets
     if [ "$ENV" != "anvil" ]; then
        echo "❌ Error: No DEPLOYER_ACCOUNT or PRIVATE_KEY defined in .env.$ENV"
        exit 1
     else
        # Anvil default (0xf39... id 0)
        echo "🔧 Using Anvil Default Account"
        FORGE_FLAGS="$FORGE_FLAGS --private-key 0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80" 
     fi
fi

if [ "$SHOULD_RUN_DEPLOY" = true ]; then
    echo "🚀 Starting Phase 1: Core Infrastructure Deployment ($ENV)"
    forge script "contracts/script/v3/${SCRIPT_NAME}.s.sol:$SCRIPT_NAME" $FORGE_FLAGS
fi

# --- PHASE 2: Core Logic Audit (Self-Verification) ---
echo -e "\n🛡️ Starting Core Logic Audit..."
# Use space-separated string for compatibility
CHECK_SCRIPTS="Check04_Registry Check01_GToken Check02_GTokenStaking Check03_MySBT Check07_SuperPaymaster Check08_Wiring VerifyV3_1_1"

for SCRIPT in $CHECK_SCRIPTS; do
    echo -e "  Audit: $SCRIPT"
    forge script "contracts/script/checks/${SCRIPT}.s.sol:$SCRIPT" --rpc-url "$RPC_URL" --timeout 300 -vv
done

echo -e "\n\033[0;32m✅ Core Infrastructure is Deployed & Verified!\033[0m"