#!/usr/bin/env node
// Signs plugin.js with the Ed25519 private key, producing plugin.js.sig
// The private key lives at ~/.notion-timer-signing-key.pem and is never committed.

const { sign } = require("crypto");
const fs = require("fs");
const path = require("path");

const PLUGIN_JS = path.join(__dirname, "../com.pdma.notion-timer.sdPlugin/bin/plugin.js");
const SIG_FILE  = PLUGIN_JS + ".sig";
const KEY_FILE  = path.join(process.env.HOME, ".notion-timer-signing-key.pem");

if (!fs.existsSync(KEY_FILE)) {
  console.error(`Signing key not found at ${KEY_FILE}`);
  process.exit(1);
}

const privateKey = fs.readFileSync(KEY_FILE, "utf8");
const payload    = fs.readFileSync(PLUGIN_JS);
const signature  = sign(null, payload, privateKey);

fs.writeFileSync(SIG_FILE, signature);
console.log(`Signed: ${path.basename(SIG_FILE)} (${signature.length} bytes)`);