@toon-protocol/townhouse 0.1.0-rc5 → 0.1.0

package/dist/manager-SsneW_Mj.d.ts

@@ -0,0 +1,519 @@
+/**
+ * Townhouse configuration schema — TypeScript interfaces only.
+ * Runtime validation lives in validator.ts.
+ */
+interface TownNodeConfig {
+    enabled: boolean;
+    /** Nostr relay fee in millisatoshis per event */
+    feePerEvent?: number;
+    /** Docker image override */
+    image?: string;
+}
+interface ChainEndpoint {
+    rpcUrl: string;
+    wsUrl?: string;
+}
+interface MillChainsConfig {
+    evm?: ChainEndpoint;
+    solana?: ChainEndpoint;
+    mina?: ChainEndpoint;
+}
+interface MillNodeConfig {
+    enabled: boolean;
+    /** Swap fee basis points (1 = 0.01%) */
+    feeBasisPoints?: number;
+    /** Docker image override */
+    image?: string;
+    /**
+     * Chain RPC endpoints the mill should swap against (D2). The orchestrator
+     * does not currently forward this directly into MILL_CONFIG_JSON — it
+     * round-trips through YAML so the dashboard and future stories can read it.
+     */
+    chains?: MillChainsConfig;
+    /** Enabled swap pairs, e.g. ['EVM<->SOL']. Informational; D2-introduced. */
+    pairs?: string[];
+}
+interface DvmNodeConfig {
+    enabled: boolean;
+    /** DVM job fee in millisatoshis */
+    feePerJob?: number;
+    /** Per-kind pricing in millisatoshis (key = stringified kind number) */
+    kindPricing?: Record<string, number>;
+    /** Docker image override */
+    image?: string;
+}
+interface NodesConfig {
+    town: TownNodeConfig;
+    mill: MillNodeConfig;
+    dvm: DvmNodeConfig;
+}
+interface WalletConfig {
+    /** Path to encrypted wallet file (no plaintext mnemonic in config) */
+    encrypted_path: string;
+}
+interface ConnectorConfig {
+    /** Docker image for the shared ILP connector */
+    image: string;
+    /** Admin API port */
+    adminPort: number;
+}
+/**
+ * Connector chain-provider entry — surfaces what the connector needs to spin
+ * up its settlement subsystem (AccountManager + ClaimReceiver). Without at
+ * least one entry, `/admin/earnings.json` returns 503 and Townhouse's
+ * earnings data plane breaks (Epic 47 BUG-1).
+ *
+ * Dev-Anvil deterministic placeholders are exposed via
+ * `DEFAULT_HS_CHAIN_PROVIDERS` in `defaults.ts`; operators running on real
+ * chains override this in their `config.yaml`.
+ */
+interface ChainProviderEntry {
+    /** Currently only 'evm' supported. */
+    chainType: 'evm';
+    /** Canonical chain id, e.g. 'evm:base:31337' (dev-Anvil) or 'evm:base:8453' (mainnet). */
+    chainId: string;
+    /** Chain RPC endpoint. May be a dead address in offline/demo mode. */
+    rpcUrl: string;
+    /** PaymentChannel registry contract. */
+    registryAddress: string;
+    /** Settlement token (USDC, etc.) contract. */
+    tokenAddress: string;
+    /** Hex private key the connector signs settlement claims with. */
+    keyId: string;
+}
+/**
+ * Hidden-service publication config (Story 35.5 of the connector repo).
+ *
+ * When set, the connector boots `@anyone-protocol/anyone-client` in-process,
+ * spawns the `anon` binary, publishes a v3 hidden service, and advertises
+ * its `wss://<addr>.anyone/btp` URL to peers. The keypair lives at `dir`
+ * inside the connector container and persists across restarts when that
+ * path is on a mounted volume.
+ *
+ * Operator surface (this type) is intentionally narrow; the connector's
+ * own config has more knobs (binaryPath, configFilePath) that we omit
+ * here until a real use case demands them.
+ */
+interface HiddenServiceConfig {
+    /** Path inside the connector container for hs_ed25519_secret_key etc. */
+    dir: string;
+    /** Hidden service port — peers dial <addr>.anyone:<port>. */
+    port: number;
+    /**
+     * Optional override of the externalUrl the connector advertises. Default
+     * is `"auto"` — the connector reads `${dir}/hostname` at startup and
+     * builds `wss://<hostname>.anyone/btp` itself.
+     */
+    externalUrl?: string;
+    /** Optional override of the SDK's start-up readiness deadline (ms). */
+    startupTimeoutMs?: number;
+    /** Optional override of the SDK's shutdown deadline (ms). */
+    stopTimeoutMs?: number;
+}
+interface TransportConfig {
+    /** Transport mode: 'ator' for Tor-based, 'direct' for clearnet */
+    mode: 'ator' | 'direct';
+    /** SOCKS5 proxy address when using ator transport */
+    socksProxy?: string;
+    /**
+     * Externally reachable BTP URL. Required when mode='ator' AND
+     * hiddenService is unset (operator runs their own anon binary external
+     * to the connector and is responsible for the URL). Ignored for
+     * mode='direct'. When hiddenService is set and externalUrl is unset,
+     * the generator emits the literal `"auto"` so the connector resolves
+     * the .anyone hostname from disk at startup.
+     */
+    externalUrl?: string;
+    /**
+     * Optional inbound hidden-service publication. When set, the connector
+     * manages its own anon binary and publishes a .anyone hidden service.
+     */
+    hiddenService?: HiddenServiceConfig;
+    /**
+     * Town relay hidden service. When set, the orchestrator starts a second
+     * ator sidecar (parallel to any connector HS sidecar) that forwards
+     * inbound HS traffic to the town container's Nostr WebSocket port (7100),
+     * and the town container is configured to advertise the .anyone URL.
+     * Reuses HiddenServiceConfig — same shape as connector HS config.
+     */
+    relayHiddenService?: HiddenServiceConfig;
+}
+interface ApiConfig {
+    /** Dashboard/API port */
+    port: number;
+    /** Bind address */
+    host: string;
+}
+interface LoggingConfig {
+    level: 'debug' | 'info' | 'warn' | 'error';
+}
+interface PresetMetadata {
+    /** Preset that produced this config (D2). */
+    name: 'demo';
+    /** Where the chain endpoints came from — leases.json path or 'local-fallback'. */
+    chainEndpointSource: string;
+}
+interface TownhouseConfig {
+    nodes: NodesConfig;
+    wallet: WalletConfig;
+    connector: ConnectorConfig;
+    transport: TransportConfig;
+    api: ApiConfig;
+    logging: LoggingConfig;
+    /**
+     * Connector chain providers — required for the connector's settlement
+     * subsystem (AccountManager + ClaimReceiver) to initialize. When unset on
+     * `townhouse hs up`, `hs-config-writer.ts` injects
+     * `DEFAULT_HS_CHAIN_PROVIDERS` so the earnings route returns 200 out of
+     * the box (Epic 47 BUG-1 product fix).
+     */
+    chainProviders?: ChainProviderEntry[];
+    /** Present only when the config was generated by `init --preset=<name>`. */
+    preset?: PresetMetadata;
+}
+
+/**
+ * Docker orchestration types for Townhouse (Story 21.2).
+ *
+ * STUB FILE: Created by ATDD workflow (red phase).
+ * Implementation will be added during the green phase.
+ */
+/** Node types that can be orchestrated by Townhouse. */
+type NodeType = 'town' | 'mill' | 'dvm';
+/** Specification for a container to be created by the orchestrator. */
+interface ContainerSpec {
+    /** Container name (e.g., 'townhouse-town') */
+    name: string;
+    /** Docker image to use */
+    image: string;
+    /** Environment variables to pass to the container */
+    env: Record<string, string>;
+    /** Network to attach the container to */
+    network: string;
+    /** Port mappings (host:container) */
+    ports?: Record<string, string>;
+}
+/** Events emitted by the orchestrator during operations. */
+interface OrchestratorEvents {
+    /** Emitted during image pull with progress info */
+    pullProgress: {
+        image: string;
+        status: string;
+        id?: string;
+        progress?: string;
+    };
+    /** Emitted when a container changes state */
+    containerState: {
+        name: string;
+        state: 'creating' | 'starting' | 'running' | 'stopping' | 'stopped' | 'error';
+        /** Additional context for error states (e.g., error message) */
+        detail?: string;
+    };
+    /** Emitted during health check polling */
+    healthCheck: {
+        name: string;
+        status: string;
+        attempt: number;
+    };
+    /** Emitted before connector restart during peer registration update */
+    connectorRestarting: {
+        reason: string;
+    };
+    /** Emitted after connector restart and health check passes */
+    connectorRestarted: {
+        peers: string[];
+    };
+}
+/** Options for health check polling. */
+interface HealthCheckOptions {
+    /** Polling interval in milliseconds (default: 2000) */
+    interval?: number;
+    /** Timeout in milliseconds (default: 60000) */
+    timeout?: number;
+}
+/** Network I/O stats for a container (from dockerode stats stream) */
+interface BandwidthStats {
+    bytesIn: number;
+    bytesOut: number;
+    sampleAt: number;
+}
+
+type ComposeProfile = 'dev' | 'hs';
+interface ComposeLoaderOptions {
+    /** Override default `~/.townhouse/` write target. Used by tests. */
+    townhouseHome?: string;
+    /** Override the package-relative dist directory the loader reads from.
+     *  Defaults to the `dist/` adjacent to compose-loader.js at runtime.
+     *  Tests use this to point at fixture directories. */
+    distDir?: string;
+}
+declare class ComposeLoaderError extends Error {
+    constructor(message: string);
+}
+/**
+ * Returns the rendered compose YAML for the requested profile.
+ * For 'hs', digest substitutions are already applied (resolved at build time).
+ * For 'dev', the YAML is returned verbatim (uses local `toon:*` image tags).
+ * Throws `ComposeLoaderError` if the requested profile's YAML is unreadable.
+ */
+declare function loadComposeTemplate(profile: ComposeProfile, options?: ComposeLoaderOptions): string;
+/**
+ * Writes the resolved compose YAML to `<townhouseHome>/compose/<profile>.yml`
+ * and copies `dist/image-manifest.json` to `<townhouseHome>/image-manifest.json`.
+ * BOTH output files are written with mode 0o600 (NFR8 — operator-secret file mode).
+ * Returns the absolute paths of the two files written.
+ */
+declare function materializeComposeTemplate(profile: ComposeProfile, options?: ComposeLoaderOptions): {
+    composePath: string;
+    manifestPath: string;
+};
+
+/**
+ * Wallet management types for Townhouse (Story 21.4).
+ *
+ * Defines interfaces for HD wallet key derivation, encryption at rest,
+ * and node key management.
+ */
+
+/** Configuration for the WalletManager */
+interface WalletManagerConfig {
+    /** Path to encrypted wallet file */
+    encryptedPath: string;
+}
+/**
+ * Arweave JWK (RSA-4096) — matches `arweave-js` / `@ardrive/turbo-sdk`
+ * `JWKInterface` shape. Defined locally to avoid an arweave-js dependency.
+ *
+ * All fields are base64url-encoded big-endian integers per JWA (RFC 7518).
+ */
+interface ArweaveJwk {
+    kty: 'RSA';
+    /** Public exponent (typically "AQAB" = 65537) */
+    e: string;
+    /** Modulus n (base64url) */
+    n: string;
+    /** Private exponent d */
+    d?: string;
+    /** First prime factor p */
+    p?: string;
+    /** Second prime factor q */
+    q?: string;
+    /** d mod (p-1) */
+    dp?: string;
+    /** d mod (q-1) */
+    dq?: string;
+    /** q^-1 mod p */
+    qi?: string;
+}
+/** Keys derived for a specific node type */
+interface NodeKeys {
+    /** Nostr public key (hex-encoded, 32 bytes) */
+    nostrPubkey: string;
+    /** Nostr secret key (raw 32-byte scalar) */
+    nostrSecretKey: Uint8Array;
+    /** EVM address (checksummed, 0x-prefixed) */
+    evmAddress: string;
+    /** EVM private key (raw 32 bytes) */
+    evmPrivateKey: Uint8Array;
+    /** BIP-44 derivation path used for Nostr key */
+    nostrDerivationPath: string;
+    /** BIP-44 derivation path used for EVM key */
+    evmDerivationPath: string;
+    /** Base58-encoded Solana public key — derived for all node types */
+    solanaAddress?: string;
+    /** Raw 32-byte Ed25519 Solana private key seed */
+    solanaPrivateKey?: Uint8Array;
+    /** BIP-44 derivation path used for Solana key (SLIP-0010 all-hardened) */
+    solanaDerivationPath?: string;
+    /** Mina public key hex — mill only, omitted for town/dvm */
+    minaAddress?: string;
+    /** Arweave wallet address (base64url SHA-256 of modulus) — DVM only */
+    arweaveAddress?: string;
+    /**
+     * Arweave RSA-4096 JWK — DVM only. The full private JWK is held in
+     * memory for credit-buy + upload signing. Zeroed by `lock()`.
+     */
+    arweaveJwk?: ArweaveJwk;
+    /** BIP-44 derivation path used for the Arweave RSA sub-seed */
+    arweaveDerivationPath?: string;
+}
+/** Map of node type to its derived keys */
+interface DerivedNodeKeys {
+    town: NodeKeys;
+    mill: NodeKeys;
+    dvm: NodeKeys;
+}
+/** Summary info for display (no secrets) */
+interface NodeKeyInfo {
+    /** Node type */
+    nodeType: NodeType;
+    /** Nostr public key (hex) */
+    nostrPubkey: string;
+    /** EVM address (checksummed) */
+    evmAddress: string;
+    /** Nostr derivation path */
+    nostrDerivationPath: string;
+    /** EVM derivation path */
+    evmDerivationPath: string;
+    /** Base58-encoded Solana public key — derived for all node types */
+    solanaAddress?: string;
+    /** Solana derivation path — present whenever solanaAddress is */
+    solanaDerivationPath?: string;
+    /** Mina public key hex — mill only, omitted for town/dvm */
+    minaAddress?: string;
+    /** Arweave wallet address (base64url) — DVM only */
+    arweaveAddress?: string;
+    /** Arweave derivation path — present whenever arweaveAddress is */
+    arweaveDerivationPath?: string;
+}
+/** Persisted wallet state (in memory after decryption) */
+interface WalletState {
+    /** All derived node keys */
+    keys: DerivedNodeKeys;
+    /**
+     * BIP-39 mnemonic held in memory for transient re-derivation.
+     * Cleared on lock() by setting this.state = null. Never serialized.
+     */
+    mnemonic: string;
+}
+/** Encrypted wallet file format (JSON, all fields base64-encoded) */
+interface EncryptedWallet {
+    /** scrypt salt (base64) */
+    salt: string;
+    /** AES-GCM initialization vector (base64) */
+    iv: string;
+    /** AES-256-GCM ciphertext (base64) */
+    ciphertext: string;
+    /** AES-GCM authentication tag (base64) */
+    tag: string;
+}
+
+/**
+ * WalletManager — HD key derivation for Townhouse (Story 21.4, Task 1).
+ *
+ * Single BIP-39 mnemonic, deterministic HD derivation per node type.
+ * Uses BIP-44 paths with distinct account indices per node type:
+ *   - Town: account 0
+ *   - Mill: account 1
+ *   - DVM:  account 2
+ *
+ * Nostr keys use NIP-06 coin type 1237: m/44'/1237'/{account}'/0/0
+ * EVM keys use standard coin type 60:   m/44'/60'/{account}'/0/0
+ * Solana keys (all node types) coin 501: m/44'/501'/{account}'/0'/0'
+ *   (SLIP-0010 all-hardened, via @toon-protocol/mill::deriveMillKeys)
+ * Arweave keys (DVM only) coin 472:     m/44'/472'/2'/0/0
+ *   (32-byte BIP-32 sub-seed feeds a deterministic RSA-4096 PRNG via
+ *    rsa-from-seed.ts (HMAC-DRBG + node-forge 1.3.3). Derivation takes 5–30s per DVM unlock; this runs
+ *    once at unlock time, not per operation.)
+ */
+
+/**
+ * WalletManager handles mnemonic generation, key derivation, and in-memory
+ * key lifecycle for Townhouse node operations.
+ */
+declare class WalletManager {
+    private readonly config;
+    private state;
+    constructor(config: WalletManagerConfig);
+    /** Path to the encrypted wallet file */
+    get encryptedPath(): string;
+    /**
+     * Generate a new 12-word BIP-39 mnemonic and derive all node keys.
+     * Returns the mnemonic (for one-time display) and the derived state.
+     */
+    generate(): Promise<{
+        mnemonic: string;
+        state: WalletState;
+    }>;
+    /**
+     * Import an existing mnemonic (12 or 24 words) and derive all node keys.
+     * Throws if mnemonic is invalid (wrong checksum, wrong word count, etc).
+     */
+    fromMnemonic(mnemonic: string): Promise<WalletState>;
+    /**
+     * Get derived keys for a specific node type.
+     * Throws if wallet has not been initialized (call generate() or fromMnemonic() first).
+     */
+    getNodeKeys(nodeType: NodeType): NodeKeys;
+    /**
+     * Get display-safe info for all node types (no secrets).
+     */
+    getAllKeys(): NodeKeyInfo[];
+    /**
+     * List keys for all node types (alias for getAllKeys for API compatibility).
+     */
+    listKeys(): NodeKeyInfo[];
+    /**
+     * Zero all in-memory key material. After calling lock(),
+     * getNodeKeys() and getAllKeys() will throw.
+     */
+    lock(): void;
+    /**
+     * Return the BIP-39 mnemonic from in-memory wallet state.
+     * Returns null when the wallet is locked or not initialized.
+     */
+    getMnemonic(): string | null;
+    /**
+     * Get derived keys for a specific node type at a given derivation index.
+     *
+     * Pure derivation — does NOT mutate `state`. Re-derives from the stored
+     * mnemonic each time it is called. For every node type, also derives the
+     * Solana key at the same account index. For 'dvm', also derives Arweave.
+     * Throws if the wallet is locked.
+     *
+     * v1 callers MUST pass `derivationIndex = ACCOUNT_INDEX_{type}` for the
+     * first (and only) instance per type. Multi-instance support is out of
+     * scope for v1 — the route layer enforces single-instance-per-type.
+     */
+    deriveNodeKey(type: NodeType, derivationIndex: number): Promise<NodeKeys>;
+    /**
+     * Returns the EVM private key for a node as a 64-char lowercase hex string.
+     * Throws when the wallet is locked. Callers MUST treat the returned string
+     * as sensitive (no logging, no persisting). The underlying Uint8Array is
+     * still owned by WalletManager and will be zeroed by `lock()`.
+     */
+    getEvmPrivateKeyHex(nodeType: NodeType): string;
+    /**
+     * Returns the Solana Ed25519 private key seed for a node as a 64-char
+     * lowercase hex string (32 raw seed bytes). Throws when the wallet is
+     * locked or when the Solana key was not derived for this node type.
+     */
+    getSolanaPrivateKeyHex(nodeType: NodeType): string;
+    /**
+     * Returns the Arweave RSA JWK for a node. Throws when the wallet is locked
+     * or when AR derivation has not yet been triggered for this node type.
+     *
+     * Callers MUST `await ensureArweaveKey(nodeType)` first the first time per
+     * unlock — RSA-4096 derivation is 5–30s and is therefore not done eagerly
+     * at `fromMnemonic`/`generate` time. After the first `ensureArweaveKey`
+     * the JWK is cached on the in-memory state until `lock()`.
+     */
+    getArweaveJwk(nodeType: NodeType): ArweaveJwk;
+    /**
+     * Lazily derive the Arweave RSA-4096 JWK for a node type and cache it on
+     * the in-memory wallet state. Subsequent calls (within the same unlocked
+     * session) return the cached result without re-deriving.
+     *
+     * Only meaningful for node types that participate in the Arweave credit
+     * flow — `dvm` (account 2) in the current Townhouse layout. Calling on
+     * `town` or `mill` will derive a valid AR key at the corresponding
+     * account index but those keys are not used by any current code path.
+     *
+     * Throws if the wallet is locked or RSA derivation fails (unsupported
+     * platform, etc.). On success the result is also reflected in subsequent
+     * `getAllKeys()` calls (arweaveAddress + arweaveDerivationPath fields).
+     */
+    ensureArweaveKey(nodeType: NodeType, password?: string): Promise<ArweaveJwk>;
+    /**
+     * Derive keys for all node types from a mnemonic.
+     */
+    private deriveAllKeys;
+    /**
+     * Derive Nostr + EVM keys for a specific node type.
+     * Accepts an optional `accountIndex` to override the default per-type index.
+     * When omitted, uses `NODE_ACCOUNT_INDEX[nodeType]` (existing behavior).
+     */
+    private deriveNodeKeys;
+}
+
+export { type ApiConfig as A, type BandwidthStats as B, type ComposeLoaderOptions as C, type DerivedNodeKeys as D, type EncryptedWallet as E, type HealthCheckOptions as H, type LoggingConfig as L, type MillNodeConfig as M, type NodeType as N, type OrchestratorEvents as O, type TownhouseConfig as T, WalletManager as W, type ComposeProfile as a, ComposeLoaderError as b, type ConnectorConfig as c, type ContainerSpec as d, type DvmNodeConfig as e, type NodeKeyInfo as f, type NodeKeys as g, type NodesConfig as h, type TownNodeConfig as i, type TransportConfig as j, type WalletConfig as k, type WalletManagerConfig as l, type WalletState as m, loadComposeTemplate as n, materializeComposeTemplate as o };

package/dist/rsa-from-seed-VMNLNDZM.js

@@ -0,0 +1,62 @@
+import { createRequire } from 'module'; const require = createRequire(import.meta.url);
+import "./chunk-I2R4CRUX.js";
+
+// src/wallet/rsa-from-seed.ts
+import { hmac } from "@noble/hashes/hmac";
+import { sha256 } from "@noble/hashes/sha256";
+function hmacSha256(key, ...parts) {
+  const h = hmac.create(sha256, key);
+  for (const p of parts) h.update(p);
+  return h.digest();
+}
+var BYTE_00 = new Uint8Array([0]);
+var BYTE_01 = new Uint8Array([1]);
+function makeHmacDrbgPrng(seedBytes, rawEncode) {
+  let K = new Uint8Array(32).fill(0);
+  let V = new Uint8Array(32).fill(1);
+  K = hmacSha256(K, V, BYTE_00, seedBytes);
+  V = hmacSha256(K, V);
+  K = hmacSha256(K, V, BYTE_01, seedBytes);
+  V = hmacSha256(K, V);
+  return {
+    getBytesSync(size) {
+      const chunks = [];
+      let total = 0;
+      while (total < size) {
+        V = hmacSha256(K, V);
+        chunks.push(V);
+        total += V.length;
+      }
+      const flat = new Uint8Array(total);
+      let offset = 0;
+      for (const c of chunks) {
+        flat.set(c, offset);
+        offset += c.length;
+      }
+      const out = flat.slice(0, size);
+      K = hmacSha256(K, V, BYTE_00);
+      V = hmacSha256(K, V);
+      return rawEncode(out);
+    }
+  };
+}
+async function rsaPrivateKeyPemFromSeed(seed) {
+  const forge = (await import("node-forge")).default;
+  const prng = makeHmacDrbgPrng(
+    seed,
+    (bytes) => forge.util.binary.raw.encode(bytes)
+  );
+  const { privateKey } = await new Promise((resolve, reject) => {
+    forge.pki.rsa.generateKeyPair(
+      4096,
+      65537,
+      { prng, algorithm: "PRIMEINC" },
+      (err, kp) => err ? reject(err) : resolve(kp)
+    );
+  });
+  return forge.pki.privateKeyToPem(privateKey);
+}
+export {
+  rsaPrivateKeyPemFromSeed
+};
+//# sourceMappingURL=rsa-from-seed-VMNLNDZM.js.map

package/dist/rsa-from-seed-VMNLNDZM.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/wallet/rsa-from-seed.ts"],"sourcesContent":["/**\n * rsa-from-seed — CVE-free replacement for human-crypto-keys RSA derivation.\n *\n * Produces byte-for-byte identical RSA-4096 keys as\n * `human-crypto-keys.getKeyPairFromSeed(seed, {id:'rsa', modulusLength:4096},\n *   {privateKeyFormat:'pkcs1-pem'})`.\n *\n * Algorithm (preserved exactly to maintain golden test vectors):\n *   1. HMAC-DRBG(SHA-256, entropy=seed, nonce=[], pers=[])\n *      Re-implemented with @noble/hashes (already a workspace dep).\n *      Byte-for-byte identical to hmac-drbg@1.0.1 used by human-crypto-keys.\n *   2. node-forge 1.3.3 (CVE-free) PRIMEINC prime search driven by (1).\n *      Identical to node-forge 0.8.5 because jsbn.js and the PRIMEINC loop\n *      are unchanged between versions (verified by diff).\n *   3. Export private key as PKCS#1 PEM string.\n *\n * Why not Node.js crypto.generateKeyPair?\n *   It uses OpenSSL's system CSPRNG and cannot be seeded deterministically.\n *\n * Performance: same as before (~5–30s for RSA-4096 on a 2024 desktop).\n * The on-disk ar-cache.ts already amortises this cost after first derivation.\n */\n\nimport { hmac } from '@noble/hashes/hmac';\nimport { sha256 } from '@noble/hashes/sha256';\n\n// ── HMAC-DRBG (SP 800-90A, SHA-256 variant) ─────────────────────────────────\n//\n// Replicates hmac-drbg@1.0.1 with one key behavioural detail:\n//   generate(n) in hmac-drbg discards leftover bytes and calls _update()\n//   AFTER each call (not per 32-byte V-block).  Our getBytesSync() mirrors\n//   that exact behaviour: generate fresh V-chain on every call, discard\n//   surplus, then do a 2-step _update (no seed data ⇒ only K/V steps 1+2).\n\nfunction hmacSha256(key: Uint8Array, ...parts: Uint8Array[]): Uint8Array {\n  const h = hmac.create(sha256, key);\n  for (const p of parts) h.update(p);\n  return h.digest();\n}\n\nconst BYTE_00 = new Uint8Array([0x00]);\nconst BYTE_01 = new Uint8Array([0x01]);\n\n/**\n * Create a HMAC-DRBG PRNG that returns forge-compatible \"binary strings\"\n * (Latin-1 encoded byte strings used internally by node-forge).\n *\n * @param seedBytes  32-byte BIP-32 sub-seed (raw entropy; hex-decoding step\n *                   from human-crypto-keys is a no-op and not replicated).\n * @param rawEncode  `forge.util.binary.raw.encode` — converts Uint8Array to\n *                   forge's internal binary string format.\n */\nfunction makeHmacDrbgPrng(\n  seedBytes: Uint8Array,\n  rawEncode: (bytes: Uint8Array) => string\n): { getBytesSync: (n: number) => string } {\n  // Initialise K and V per SP 800-90A §10.1.2.3\n  let K = new Uint8Array(32).fill(0x00);\n  let V = new Uint8Array(32).fill(0x01);\n\n  // _update(seed) — seeding phase (seed data present → full 4-step update)\n  K = hmacSha256(K, V, BYTE_00, seedBytes);\n  V = hmacSha256(K, V);\n  K = hmacSha256(K, V, BYTE_01, seedBytes);\n  V = hmacSha256(K, V);\n\n  return {\n    getBytesSync(size: number): string {\n      // Generate V-chain until we have enough bytes (same as hmac-drbg's\n      // `while (temp.length < len) { V = HMAC(K, V); temp.concat(V); }`).\n      // Surplus bytes beyond `size` are discarded on purpose — matches the\n      // original `temp.slice(0, len)` behaviour that ensures determinism.\n      const chunks: Uint8Array[] = [];\n      let total = 0;\n      while (total < size) {\n        V = hmacSha256(K, V);\n        chunks.push(V);\n        total += V.length;\n      }\n      // Flatten and slice\n      const flat = new Uint8Array(total);\n      let offset = 0;\n      for (const c of chunks) {\n        flat.set(c, offset);\n        offset += c.length;\n      }\n      const out = flat.slice(0, size);\n\n      // _update(undefined) — post-generate state update (2-step only,\n      // since there is no additional data; mirrors the `if(!seed) return`\n      // branch in hmac-drbg._update).\n      K = hmacSha256(K, V, BYTE_00);\n      V = hmacSha256(K, V);\n\n      return rawEncode(out);\n    },\n  };\n}\n\n// ── Public API ────────────────────────────────────────────────────────────────\n\n/**\n * Derive a deterministic RSA-4096 PKCS#1 PEM private key from a 32-byte seed.\n *\n * Identical output to:\n *   `human-crypto-keys.getKeyPairFromSeed(seed, {id:'rsa', modulusLength:4096},\n *     {privateKeyFormat:'pkcs1-pem'}).privateKey`\n *\n * @param seed  32-byte BIP-32 sub-seed. Zeroed by caller after this returns.\n * @returns     PKCS#1 PEM-encoded RSA-4096 private key string.\n */\nexport async function rsaPrivateKeyPemFromSeed(\n  seed: Uint8Array\n): Promise<string> {\n  // Lazy-import node-forge so callers that never touch Arweave don't pay the\n  // module-load cost.  node-forge is a CJS module; dynamic import wraps it.\n  const forge = (await import('node-forge')).default;\n\n  const prng = makeHmacDrbgPrng(seed, (bytes) =>\n    forge.util.binary.raw.encode(bytes)\n  );\n\n  // Promisify the callback-based generateKeyPair\n  const { privateKey } = await new Promise<{\n    privateKey: forge.pki.rsa.PrivateKey;\n    publicKey: forge.pki.rsa.PublicKey;\n  }>((resolve, reject) => {\n    forge.pki.rsa.generateKeyPair(\n      4096,\n      65537,\n      { prng, algorithm: 'PRIMEINC' },\n      (err, kp) => (err ? reject(err) : resolve(kp))\n    );\n  });\n\n  return forge.pki.privateKeyToPem(privateKey);\n}\n"],"mappings":";;;;AAuBA,SAAS,YAAY;AACrB,SAAS,cAAc;AAUvB,SAAS,WAAW,QAAoB,OAAiC;AACvE,QAAM,IAAI,KAAK,OAAO,QAAQ,GAAG;AACjC,aAAW,KAAK,MAAO,GAAE,OAAO,CAAC;AACjC,SAAO,EAAE,OAAO;AAClB;AAEA,IAAM,UAAU,IAAI,WAAW,CAAC,CAAI,CAAC;AACrC,IAAM,UAAU,IAAI,WAAW,CAAC,CAAI,CAAC;AAWrC,SAAS,iBACP,WACA,WACyC;AAEzC,MAAI,IAAI,IAAI,WAAW,EAAE,EAAE,KAAK,CAAI;AACpC,MAAI,IAAI,IAAI,WAAW,EAAE,EAAE,KAAK,CAAI;AAGpC,MAAI,WAAW,GAAG,GAAG,SAAS,SAAS;AACvC,MAAI,WAAW,GAAG,CAAC;AACnB,MAAI,WAAW,GAAG,GAAG,SAAS,SAAS;AACvC,MAAI,WAAW,GAAG,CAAC;AAEnB,SAAO;AAAA,IACL,aAAa,MAAsB;AAKjC,YAAM,SAAuB,CAAC;AAC9B,UAAI,QAAQ;AACZ,aAAO,QAAQ,MAAM;AACnB,YAAI,WAAW,GAAG,CAAC;AACnB,eAAO,KAAK,CAAC;AACb,iBAAS,EAAE;AAAA,MACb;AAEA,YAAM,OAAO,IAAI,WAAW,KAAK;AACjC,UAAI,SAAS;AACb,iBAAW,KAAK,QAAQ;AACtB,aAAK,IAAI,GAAG,MAAM;AAClB,kBAAU,EAAE;AAAA,MACd;AACA,YAAM,MAAM,KAAK,MAAM,GAAG,IAAI;AAK9B,UAAI,WAAW,GAAG,GAAG,OAAO;AAC5B,UAAI,WAAW,GAAG,CAAC;AAEnB,aAAO,UAAU,GAAG;AAAA,IACtB;AAAA,EACF;AACF;AAcA,eAAsB,yBACpB,MACiB;AAGjB,QAAM,SAAS,MAAM,OAAO,YAAY,GAAG;AAE3C,QAAM,OAAO;AAAA,IAAiB;AAAA,IAAM,CAAC,UACnC,MAAM,KAAK,OAAO,IAAI,OAAO,KAAK;AAAA,EACpC;AAGA,QAAM,EAAE,WAAW,IAAI,MAAM,IAAI,QAG9B,CAAC,SAAS,WAAW;AACtB,UAAM,IAAI,IAAI;AAAA,MACZ;AAAA,MACA;AAAA,MACA,EAAE,MAAM,WAAW,WAAW;AAAA,MAC9B,CAAC,KAAK,OAAQ,MAAM,OAAO,GAAG,IAAI,QAAQ,EAAE;AAAA,IAC9C;AAAA,EACF,CAAC;AAED,SAAO,MAAM,IAAI,gBAAgB,UAAU;AAC7C;","names":[]}