// Governance Notifier — SPIRE Notifier plugin.
//
// Runs in SPIRE Server. Notifies the Guildhouse GovernanceService of credential
// lifecycle events (issue, rotate, revoke) and submits MutationEnvelopes to the
// NotaryService for merkle anchoring.
package main

import (
	"github.com/hashicorp/go-plugin"
)

// handshakeConfig is the HandshakeConfig for this plugin.
// TODO: replace with SPIRE Plugin SDK handshake once
// github.com/spiffe/spire-plugin-sdk is added as a dependency.
var handshakeConfig = plugin.HandshakeConfig{
	ProtocolVersion:  1,
	MagicCookieKey:   "ServerAgent",
	MagicCookieValue: "GuildhouseSpire",
}

func main() {
	// TODO: register GovernanceNotifier as a GRPCPlugin implementing
	// the SPIRE Notifier interface. The plugin will:
	// 1. Receive credential lifecycle notifications from SPIRE Server
	// 2. Construct a CreateIntentRequest for the credential event
	// 3. Call GovernanceService.CreateIntent
	// 4. If ceremony required, monitor CeremonyService for resolution
	// 5. Construct MutationEnvelope (RFC 8785 JCS → domain-separated SHA-256)
	// 6. Submit merkle leaf to NotaryService.CreateAnchor
	plugin.Serve(&plugin.ServeConfig{
		HandshakeConfig: handshakeConfig,
		Plugins:         map[string]plugin.Plugin{},
		GRPCServer:      plugin.DefaultGRPCServer,
	})
}