@hivemind-os/collective-core 0.2.0

package/src/evm/wallet.ts

@@ -0,0 +1,136 @@
+import type { Chain, PublicClient, WalletClient } from 'viem';
+import { createPublicClient, createWalletClient, defineChain, getAddress, http, toHex } from 'viem';
+import { privateKeyToAccount } from 'viem/accounts';
+import { base, baseSepolia } from 'viem/chains';
+
+const LOCALHOST_RPC_URL = 'http://127.0.0.1:8545';
+const erc20BalanceOfAbi = [
+  {
+    type: 'function',
+    name: 'balanceOf',
+    stateMutability: 'view',
+    inputs: [{ name: 'account', type: 'address' }],
+    outputs: [{ name: 'balance', type: 'uint256' }],
+  },
+] as const;
+
+export interface EvmWalletConfig {
+  network: 'base' | 'base-sepolia' | 'localhost';
+  rpcUrl?: string;
+}
+
+export class EvmWallet {
+  private readonly account;
+  private readonly chainConfig: Chain;
+  private readonly walletClient: WalletClient;
+  private readonly publicClient: PublicClient;
+
+  constructor(privateKey: Uint8Array, private readonly config: EvmWalletConfig) {
+    if (privateKey.byteLength !== 32) {
+      throw new Error('EVM private key must be 32 bytes.');
+    }
+
+    this.account = privateKeyToAccount(toHex(privateKey));
+    this.chainConfig = resolveChain(config);
+
+    const transport = http(resolveRpcUrl(config));
+    this.walletClient = createWalletClient({
+      account: this.account,
+      chain: this.chainConfig,
+      transport,
+    });
+    this.publicClient = createPublicClient({
+      chain: this.chainConfig,
+      transport,
+    });
+  }
+
+  get address(): string {
+    return this.account.address;
+  }
+
+  get chain(): Chain {
+    return this.chainConfig;
+  }
+
+  async getBalance(): Promise<bigint> {
+    return this.publicClient.getBalance({ address: this.account.address });
+  }
+
+  async getTokenBalance(tokenAddress: string): Promise<bigint> {
+    return (await this.publicClient.readContract({
+      address: getAddress(tokenAddress),
+      abi: erc20BalanceOfAbi,
+      functionName: 'balanceOf',
+      args: [this.account.address],
+    })) as bigint;
+  }
+
+  async signMessage(message: string | Uint8Array): Promise<string> {
+    return this.walletClient.signMessage({
+      account: this.account,
+      message: typeof message === 'string' ? message : { raw: toHex(message) },
+    });
+  }
+
+  async signTypedData(typedData: Omit<Parameters<WalletClient['signTypedData']>[0], 'account'>): Promise<string> {
+    return this.walletClient.signTypedData({
+      ...typedData,
+      account: this.account,
+    });
+  }
+
+  async sendTransaction(to: string, value: bigint): Promise<string> {
+    return this.walletClient.sendTransaction({
+      account: this.account,
+      chain: this.chainConfig,
+      to: getAddress(to),
+      value,
+    });
+  }
+
+  getWalletClient(): WalletClient {
+    return this.walletClient;
+  }
+
+  getPublicClient(): PublicClient {
+    return this.publicClient;
+  }
+}
+
+function resolveChain(config: EvmWalletConfig): Chain {
+  switch (config.network) {
+    case 'base':
+      return base;
+    case 'base-sepolia':
+      return baseSepolia;
+    case 'localhost':
+      return defineChain({
+        id: 31_337,
+        name: 'Localhost',
+        nativeCurrency: {
+          name: 'Ether',
+          symbol: 'ETH',
+          decimals: 18,
+        },
+        rpcUrls: {
+          default: {
+            http: [config.rpcUrl ?? LOCALHOST_RPC_URL],
+          },
+        },
+        testnet: true,
+      });
+  }
+}
+
+function resolveRpcUrl(config: EvmWalletConfig): string | undefined {
+  if (config.rpcUrl) {
+    return config.rpcUrl;
+  }
+
+  if (config.network === 'localhost') {
+    return LOCALHOST_RPC_URL;
+  }
+
+  return undefined;
+}

package/src/identity/did.ts

@@ -0,0 +1,36 @@
+import bs58 from 'bs58';
+
+import type { DID } from '@hivemind-os/collective-types';
+
+const DID_PREFIX = 'did:mesh:';
+
+export function createDID(publicKey: Uint8Array): DID {
+  return `${DID_PREFIX}${bs58.encode(publicKey)}` as DID;
+}
+
+export function parseDID(did: string): { publicKey: Uint8Array } {
+  if (!did.startsWith(DID_PREFIX)) {
+    throw new Error(`Invalid DID prefix: ${did}`);
+  }
+
+  const encodedKey = did.slice(DID_PREFIX.length);
+  if (!encodedKey) {
+    throw new Error('DID is missing a public key component.');
+  }
+
+  const publicKey = bs58.decode(encodedKey);
+  if (publicKey.length !== 32) {
+    throw new Error('DID public key must decode to 32 bytes.');
+  }
+
+  return { publicKey };
+}
+
+export function isValidDID(did: string): boolean {
+  try {
+    parseDID(did);
+    return true;
+  } catch {
+    return false;
+  }
+}

package/src/identity/index.ts

@@ -0,0 +1,4 @@
+export * from './keypair.js';
+export type { KeyStore, SimpleKeypair } from './keypair.js';
+export * from './did.js';
+export * from './signing.js';

package/src/identity/keypair.ts

@@ -0,0 +1,199 @@
+import { chmodSync, existsSync, mkdirSync, readFileSync, unlinkSync, writeFileSync } from 'node:fs';
+import { join } from 'node:path';
+
+import { etc, getPublicKey, utils } from '@noble/ed25519';
+import { sha512 } from '@noble/hashes/sha512';
+import pino from 'pino';
+
+const logger = pino({ name: '@hivemind-os/collective-core:identity' });
+const IDENTITY_KEY_FILENAME = 'identity.key';
+const KEYCHAIN_SERVICE = 'hivemind-collective';
+const KEYCHAIN_ACCOUNT = 'identity-key';
+
+interface KeytarModule {
+  getPassword(service: string, account: string): Promise<string | null>;
+  setPassword(service: string, account: string, password: string): Promise<void>;
+}
+
+let keytarModulePromise: Promise<KeytarModule | null> | undefined;
+let hasLoggedKeychainFallback = false;
+
+function configureEd25519(): void {
+  if (!etc.sha512Sync) {
+    etc.sha512Sync = (...messages) => sha512(etc.concatBytes(...messages));
+  }
+}
+
+function enforcePrivateFilePermissions(path: string): void {
+  chmodSync(path, 0o600);
+}
+
+function getIdentityKeyPath(dataDir: string): string {
+  return join(dataDir, IDENTITY_KEY_FILENAME);
+}
+
+function logKeychainFallback(error: unknown): void {
+  if (!hasLoggedKeychainFallback) {
+    logger.warn({ err: error }, 'OS keychain unavailable; falling back to file-based identity storage.');
+    hasLoggedKeychainFallback = true;
+  }
+}
+
+async function importKeytar(): Promise<KeytarModule | null> {
+  try {
+    const imported = await import('keytar');
+    const keytar = ('default' in imported && imported.default ? imported.default : imported) as Partial<KeytarModule>;
+    if (typeof keytar.getPassword !== 'function' || typeof keytar.setPassword !== 'function') {
+      throw new Error('keytar module is missing required methods.');
+    }
+
+    return {
+      getPassword: keytar.getPassword.bind(keytar),
+      setPassword: keytar.setPassword.bind(keytar),
+    };
+  } catch (error) {
+    logKeychainFallback(error);
+    return null;
+  }
+}
+
+async function getKeytarModule(): Promise<KeytarModule | null> {
+  keytarModulePromise ??= importKeytar();
+  return await keytarModulePromise;
+}
+
+async function loadOrCreateStoredKeypair(store: KeyStore): Promise<SimpleKeypair> {
+  if (await store.exists()) {
+    return keypairFromSecretKey(await store.load());
+  }
+
+  const keypair = generateKeypair();
+  await store.save(keypair.secretKey);
+  return keypair;
+}
+
+export interface SimpleKeypair {
+  publicKey: Uint8Array;
+  secretKey: Uint8Array;
+}
+
+export interface KeyStore {
+  load(): Promise<Uint8Array>;
+  save(secretKey: Uint8Array): Promise<void>;
+  exists(): Promise<boolean>;
+}
+
+export class FileKeyStore implements KeyStore {
+  constructor(private readonly keyPath: string) {}
+
+  async load(): Promise<Uint8Array> {
+    enforcePrivateFilePermissions(this.keyPath);
+    return etc.hexToBytes(readFileSync(this.keyPath, 'utf8').trim());
+  }
+
+  async save(secretKey: Uint8Array): Promise<void> {
+    writeFileSync(this.keyPath, etc.bytesToHex(secretKey), { mode: 0o600 });
+    enforcePrivateFilePermissions(this.keyPath);
+  }
+
+  async exists(): Promise<boolean> {
+    return existsSync(this.keyPath);
+  }
+
+  delete(): void {
+    unlinkSync(this.keyPath);
+  }
+}
+
+export class KeychainStore implements KeyStore {
+  constructor(
+    private readonly keytar: KeytarModule,
+    private readonly service = KEYCHAIN_SERVICE,
+    private readonly account = KEYCHAIN_ACCOUNT,
+  ) {}
+
+  async load(): Promise<Uint8Array> {
+    const secretKey = await this.keytar.getPassword(this.service, this.account);
+    if (!secretKey) {
+      throw new Error('Identity key not found in OS keychain.');
+    }
+
+    return etc.hexToBytes(secretKey);
+  }
+
+  async save(secretKey: Uint8Array): Promise<void> {
+    await this.keytar.setPassword(this.service, this.account, etc.bytesToHex(secretKey));
+  }
+
+  async exists(): Promise<boolean> {
+    return (await this.keytar.getPassword(this.service, this.account)) !== null;
+  }
+}
+
+export function generateKeypair(): SimpleKeypair {
+  configureEd25519();
+  const secretKey = utils.randomPrivateKey();
+  const publicKey = getPublicKey(secretKey);
+
+  return { publicKey, secretKey };
+}
+
+export function keypairFromSecretKey(secretKey: Uint8Array): SimpleKeypair {
+  configureEd25519();
+  const normalizedSecretKey = new Uint8Array(secretKey);
+  const publicKey = getPublicKey(normalizedSecretKey);
+
+  return {
+    publicKey,
+    secretKey: normalizedSecretKey,
+  };
+}
+
+export async function createKeyStore(dataDir: string): Promise<KeyStore> {
+  const keytar = await getKeytarModule();
+  return keytar ? new KeychainStore(keytar) : new FileKeyStore(getIdentityKeyPath(dataDir));
+}
+
+export async function identityKeyExists(dataDir: string): Promise<boolean> {
+  const fileStore = new FileKeyStore(getIdentityKeyPath(dataDir));
+  if (await fileStore.exists()) {
+    return true;
+  }
+
+  const keyStore = await createKeyStore(dataDir);
+  if (keyStore instanceof KeychainStore) {
+    try {
+      return await keyStore.exists();
+    } catch (error) {
+      logKeychainFallback(error);
+      return await fileStore.exists();
+    }
+  }
+
+  return await keyStore.exists();
+}
+
+export async function loadOrCreateKeypair(dataDir: string): Promise<SimpleKeypair> {
+  configureEd25519();
+  mkdirSync(dataDir, { recursive: true, mode: 0o700 });
+
+  const fileStore = new FileKeyStore(getIdentityKeyPath(dataDir));
+  const keyStore = await createKeyStore(dataDir);
+
+  if (keyStore instanceof KeychainStore) {
+    try {
+      if (await fileStore.exists()) {
+        const secretKey = await fileStore.load();
+        await keyStore.save(secretKey);
+        fileStore.delete();
+        return keypairFromSecretKey(secretKey);
+      }
+
+      return await loadOrCreateStoredKeypair(keyStore);
+    } catch (error) {
+      logKeychainFallback(error);
+    }
+  }
+
+  return await loadOrCreateStoredKeypair(fileStore);
+}

package/src/identity/signing.ts

@@ -0,0 +1,28 @@
+import { etc, sign as nobleSign, verify as nobleVerify } from '@noble/ed25519';
+import { sha512 } from '@noble/hashes/sha512';
+
+const encoder = new TextEncoder();
+
+function configureEd25519(): void {
+  if (!etc.sha512Sync) {
+    etc.sha512Sync = (...messages) => sha512(etc.concatBytes(...messages));
+  }
+}
+
+export function sign(message: Uint8Array, secretKey: Uint8Array): Uint8Array {
+  configureEd25519();
+  return nobleSign(message, secretKey);
+}
+
+export function verify(
+  message: Uint8Array,
+  signature: Uint8Array,
+  publicKey: Uint8Array,
+): boolean {
+  configureEd25519();
+  return nobleVerify(signature, message, publicKey);
+}
+
+export function signString(message: string, secretKey: Uint8Array): string {
+  return etc.bytesToHex(sign(encoder.encode(message), secretKey));
+}

package/src/index.ts

@@ -0,0 +1,22 @@
+export * from '@hivemind-os/collective-types';
+export * from './identity/index.js';
+export * from './crypto/index.js';
+export * from './auth/index.js';
+export * from './sui/index.js';
+export * from './registry/index.js';
+export * from './task/index.js';
+export * from './marketplace/index.js';
+export * from './dispute/index.js';
+export * from './events/index.js';
+export * from './cache/index.js';
+export * from './blobstore/index.js';
+export * from './evm/index.js';
+export * from './payment/index.js';
+export * from './relay/index.js';
+export * from './relay-registry/index.js';
+export * from './spending/index.js';
+export * from './x402/index.js';
+export * from './reputation/index.js';
+export * from './staking/index.js';
+export * from './metering/index.js';
+export * from './routing/index.js';