#!/system/bin/sh
# vigild — Vigil Anti-Surveillance Daemon
# Main daemon that orchestrates all protection modules
# (c) Setec Labs

# Find module directory reliably
MODDIR=""
for d in /data/adb/modules/vigil /data/adb/modules_update/vigil; do
    [ -d "$d/vigil/lib" ] && MODDIR="$d" && break
done
if [ -z "$MODDIR" ]; then
    echo "ERROR: Vigil module directory not found"
    exit 1
fi

VIGIL_DATA="/data/adb/vigil"
VIGIL_LIB="$MODDIR/vigil/lib"
VIGIL_LOG="$VIGIL_DATA/vigil.log"
VIGIL_PID="$VIGIL_DATA/vigild.pid"

# Ensure dirs exist
mkdir -p "$VIGIL_DATA/alerts" "$VIGIL_DATA/baseline" "$VIGIL_DATA/reports" "$VIGIL_DATA/quarantine"

# Load config
[ -f "$VIGIL_DATA/vigil.conf" ] && . "$VIGIL_DATA/vigil.conf"

log() {
    level="$1"
    msg="$2"
    min_level="${VIGIL_LOG_LEVEL:-3}"

    case "$level" in
        ERROR) lvl=1 ;;
        WARN)  lvl=2 ;;
        INFO)  lvl=3 ;;
        DEBUG) lvl=4 ;;
        *)     lvl=3 ;;
    esac

    [ $lvl -le $min_level ] && \
        echo "[$(date '+%Y-%m-%d %H:%M:%S')] [vigild] [$level] $msg" >> "$VIGIL_LOG"
}

rotate_log() {
    max_size="${VIGIL_LOG_MAX_SIZE:-1048576}"
    if [ -f "$VIGIL_LOG" ]; then
        size=$(stat -c '%s' "$VIGIL_LOG" 2>/dev/null || wc -c < "$VIGIL_LOG" 2>/dev/null || echo 0)
        if [ "$size" -gt "$max_size" ] 2>/dev/null; then
            mv "$VIGIL_LOG" "$VIGIL_LOG.1"
            log INFO "Log rotated"
        fi
    fi
}

process_alerts() {
    alert_file="$VIGIL_DATA/alerts/pending"
    if [ -f "$alert_file" ] && [ -s "$alert_file" ]; then
        count=$(wc -l < "$alert_file")
        log WARN "Processing $count pending alerts"
        cat "$alert_file" >> "$VIGIL_DATA/alerts/history"
        > "$alert_file"
    fi
}

generate_device_id() {
    if [ -z "$VIGIL_DEVICE_ID" ] || [ "$VIGIL_DEVICE_ID" = "" ]; then
        VIGIL_DEVICE_ID=$(cat /proc/sys/kernel/random/uuid 2>/dev/null | cut -d'-' -f1-2)
        if [ -n "$VIGIL_DEVICE_ID" ]; then
            sed -i "s/^VIGIL_DEVICE_ID=.*/VIGIL_DEVICE_ID=\"$VIGIL_DEVICE_ID\"/" "$VIGIL_DATA/vigil.conf" 2>/dev/null
        fi
    fi
}

cleanup() {
    log INFO "vigild shutting down (PID: $$)"
    kill $(jobs -p) 2>/dev/null
    rm -f "$VIGIL_PID"
    exit 0
}

trap cleanup TERM INT QUIT

# ── MAIN ──
echo $$ > "$VIGIL_PID"
log INFO "════════════════════════════════════════"
log INFO "vigild starting (PID: $$)"
log INFO "Module: $MODDIR"
log INFO "Data:   $VIGIL_DATA"
log INFO "Lib:    $VIGIL_LIB"
log INFO "════════════════════════════════════════"

generate_device_id

# ── Start background monitors ──

# 1. Forensic Shield
if [ "${FORENSIC_SHIELD_ENABLED:-1}" = "1" ]; then
    log INFO "Starting Forensic Shield monitor..."
    "$VIGIL_LIB/forensic_shield.sh" monitor >> "$VIGIL_LOG" 2>&1 &
    log INFO "Forensic Shield PID: $!"
fi

# 2. SMS Shield
if [ "${SMS_SHIELD_ENABLED:-1}" = "1" ] && [ "${SMS_SILENT_DETECT:-1}" = "1" ]; then
    log INFO "Starting SMS Shield monitor..."
    "$VIGIL_LIB/sms_shield.sh" monitor >> "$VIGIL_LOG" 2>&1 &
    log INFO "SMS Shield PID: $!"
fi

# 3. Silent install blocker
if [ "${SMS_BLOCK_SILENT_INSTALL:-1}" = "1" ]; then
    log INFO "Starting silent install blocker..."
    "$VIGIL_LIB/sms_shield.sh" monitor-installs >> "$VIGIL_LOG" 2>&1 &
    log INFO "Install Blocker PID: $!"
fi

# 4. Network Monitor
if [ "${NETWORK_MONITOR_ENABLED:-1}" = "1" ] && [ "${NETWORK_LOG_SUSPICIOUS:-1}" = "1" ]; then
    log INFO "Starting Network monitor..."
    "$VIGIL_LIB/network_monitor.sh" monitor >> "$VIGIL_LOG" 2>&1 &
    log INFO "Network Monitor PID: $!"
fi

# 5. Install network blocklists
if [ "${NETWORK_BLOCK_C2:-1}" = "1" ] || [ "${NETWORK_BLOCK_TRACKERS:-1}" = "1" ]; then
    log INFO "Installing network blocklists..."
    "$VIGIL_LIB/network_monitor.sh" install >> "$VIGIL_LOG" 2>&1
fi

# 6. Deep scan background
if [ "${DEEP_SCAN_BACKGROUND:-1}" = "1" ]; then
    log INFO "Starting deep scan background monitor..."
    "$VIGIL_LIB/deep_scan.sh" background >> "$VIGIL_LOG" 2>&1 &
    log INFO "Deep Scan PID: $!"
fi

# 7. SMS Honeypot
if [ "${SMS_FAKE_RESPONSE:-0}" = "1" ]; then
    log INFO "Starting SMS Honeypot monitor..."
    "$VIGIL_LIB/sms_honeypot.sh" monitor >> "$VIGIL_LOG" 2>&1 &
    log INFO "SMS Honeypot PID: $!"
fi

# 8. Duress triggers
if [ "${DURESS_ENABLED:-0}" = "1" ]; then
    log INFO "Starting Duress monitors..."
    "$VIGIL_LIB/duress.sh" monitor >> "$VIGIL_LOG" 2>&1 &
    log INFO "Duress Monitor PID: $!"
fi

# 9. Anti-forensics hardening
if [ "${ANTIFORENSICS_ENABLED:-1}" = "1" ]; then
    log INFO "Applying anti-forensics hardening..."
    "$VIGIL_LIB/antiforensics.sh" harden >> "$VIGIL_LOG" 2>&1
fi

# 10. Initial quick scan
log INFO "Running initial quick scan..."
"$VIGIL_LIB/scanner.sh" quick >> "$VIGIL_LOG" 2>&1

# ── Main loop ──
last_scan=$(date +%s)
last_integrity=$(date +%s)
last_ioc_update=$(date +%s)
scan_interval="${SCANNER_INTERVAL:-3600}"
integrity_interval="${FROSTGUARD_INTERVAL:-1800}"
ioc_update_interval="${IOC_UPDATE_INTERVAL:-86400}"

log INFO "Main loop started (scan:${scan_interval}s integrity:${integrity_interval}s ioc:${ioc_update_interval}s)"

while true; do
    now=$(date +%s)

    # Periodic threat scan
    if [ $((now - last_scan)) -ge "$scan_interval" ]; then
        log INFO "Scheduled threat scan..."
        "$VIGIL_LIB/scanner.sh" quick >> "$VIGIL_LOG" 2>&1
        last_scan=$now
    fi

    # Periodic integrity check
    if [ "${FROSTGUARD_ENABLED:-1}" = "1" ] && [ $((now - last_integrity)) -ge "$integrity_interval" ]; then
        log INFO "Scheduled integrity check..."
        "$VIGIL_LIB/integrity.sh" verify >> "$VIGIL_LOG" 2>&1
        last_integrity=$now
    fi

    # Periodic IOC update
    if [ $((now - last_ioc_update)) -ge "$ioc_update_interval" ]; then
        log INFO "Checking IOC updates..."
        "$VIGIL_LIB/ioc_updater.sh" auto >> "$VIGIL_LOG" 2>&1
        last_ioc_update=$now
    fi

    process_alerts
    rotate_log

    # Check we're still the running instance
    if [ ! -f "$VIGIL_PID" ] || [ "$(cat "$VIGIL_PID" 2>/dev/null)" != "$$" ]; then
        log WARN "PID mismatch — exiting"
        cleanup
    fi

    sleep 60
done
