"""Verifiable routing logs with lightweight signing.

This module provides a Signer, log entry creator, and verifier. For demonstration,
signatures use HMAC-SHA256 with a secret key. Replace with proper public-key crypto
in production.
"""
from __future__ import annotations
import json
import time
import hmac
import hashlib

class Signer:
    def __init__(self, key: str):
        self.key = key.encode("utf-8")

    def sign_payload(self, payload: dict) -> str:
        data = json.dumps(payload, sort_keys=True).encode("utf-8")
        return hmac.new(self.key, data, hashlib.sha256).hexdigest()

def make_signed_log(order_id: str, venue: str, price: float, latency_ms: int, signer: Signer, timestamp: int | None = None) -> dict:
    payload = {
        "order_id": order_id,
        "venue": venue,
        "price": price,
        "latency_ms": latency_ms,
        "timestamp": timestamp or int(time.time() * 1000),
    }
    signature = signer.sign_payload(payload)
    payload["signature"] = signature
    return payload

def verify_log(log: dict, signer: Signer) -> bool:
    if "signature" not in log:
        return False
    sig = log["signature"]
    payload = {k: v for k, v in log.items() if k != "signature"}
    expected = signer.sign_payload(payload)
    return hmac.compare_digest(sig, expected)