// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;

import {ERC20} from "@openzeppelin/contracts/token/ERC20/ERC20.sol";
import {AccessControl} from "@openzeppelin/contracts/access/AccessControl.sol";
import {ECDSA} from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
import {MessageHashUtils} from "@openzeppelin/contracts/utils/cryptography/MessageHashUtils.sol";

/// @title AIToken
/// @notice ERC20 token that mints units for providers based on attested compute receipts
contract AIToken is ERC20, AccessControl {
    using ECDSA for bytes32;
    using MessageHashUtils for bytes32;

    bytes32 public constant COORDINATOR_ROLE = keccak256("COORDINATOR_ROLE");
    bytes32 public constant ATTESTOR_ROLE = keccak256("ATTESTOR_ROLE");

    /// @notice Tracks consumed receipt hashes to prevent replay
    mapping(bytes32 => bool) public consumedReceipts;

    event ReceiptConsumed(bytes32 indexed receiptHash, address indexed provider, uint256 units, address indexed attestor);

    constructor(address admin) ERC20("AIToken", "AIT") {
        _grantRole(DEFAULT_ADMIN_ROLE, admin);
    }

    /// @notice Mint tokens for a provider when coordinator submits a valid attested receipt
    /// @param provider Address of the compute provider receiving minted tokens
    /// @param units Amount of tokens to mint
    /// @param receiptHash Unique hash representing the off-chain receipt
    /// @param signature Coordinator-attested signature authorizing the mint
    function mintWithReceipt(
        address provider,
        uint256 units,
        bytes32 receiptHash,
        bytes calldata signature
    ) external onlyRole(COORDINATOR_ROLE) {
        require(provider != address(0), "invalid provider");
        require(units > 0, "invalid units");
        require(!consumedReceipts[receiptHash], "receipt already consumed");

        bytes32 digest = _mintDigest(provider, units, receiptHash);
        address attestor = digest.recover(signature);
        require(hasRole(ATTESTOR_ROLE, attestor), "invalid attestor signature");

        consumedReceipts[receiptHash] = true;
        _mint(provider, units);

        emit ReceiptConsumed(receiptHash, provider, units, attestor);
    }

    /// @notice Helper to compute the signed digest required for minting
    function mintDigest(address provider, uint256 units, bytes32 receiptHash) external view returns (bytes32) {
        return _mintDigest(provider, units, receiptHash);
    }

    function _mintDigest(address provider, uint256 units, bytes32 receiptHash) internal view returns (bytes32) {
        bytes32 structHash = keccak256(abi.encode(block.chainid, address(this), provider, units, receiptHash));
        return structHash.toEthSignedMessageHash();
    }
}