npm - bsv-bap - Versions diffs - 0.2.0-alpha.2 → 0.2.0 - Mend

bsv-bap 0.2.0-alpha.2 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/README.md CHANGED Viewed

@@ -22,7 +22,7 @@ Current digital identity systems suffer from three critical failures:
 BAP resolves these failures by recognizing a simple axiom: **a cryptographic keypair IS an identity**. This principle, combined with Bitcoin's immutable ledger, creates a system where:
 - Identity ownership is cryptographically provable
-- Attestations form an auditable chain of trust
+- Attestations form an auditable chain of trust
 - Data persistence requires no institutional faith
 - Interoperability emerges from shared protocols, not corporate agreements
@@ -36,7 +36,7 @@ In BAP, identity is not assigned but derived. Your identity emerges from the mat
 IdentityKey = base58(ripemd160(sha256(rootAddress)))
 ```
-This deterministic derivation means identity recovery requires only the original key material - no database lookups, no account recovery flows, no customer service.
+This deterministic derivation means identity recovery requires only the original key material — no database lookups, no account recovery flows, no customer service.
 ### Attestations as Proofs
@@ -102,56 +102,62 @@ Member Key (identity root at path)
 Signing Key (used for on-chain operations)
 ```
-This structure ensures compatibility with BRC-100 wallet tooling while maintaining BAP's identity management features. The member key serves as the BRC-100 identity root, and the signing key is deterministically derived for on-chain operations.
+The member key serves as the stable identity root. The signing key is deterministically derived from it for on-chain operations. This structure is compatible with BRC-100 wallet tooling, though BAP is not coupled to any specific wallet implementation.
 ## Implementation
 ### Installation
 ```bash
+bun add bsv-bap
+# or
 npm install bsv-bap
 ```
+Peer dependency: `@bsv/sdk@^2.0.1`
 ### Basic Usage
-```javascript
+```typescript
 import { BAP } from 'bsv-bap';
 import { PrivateKey } from '@bsv/sdk';
 // Initialize with Type 42 derivation (recommended)
 const rootKey = PrivateKey.fromRandom();
-const bap = new BAP({
-  rootPk: rootKey.toWif()
-});
+const bap = new BAP({ rootPk: rootKey.toWif() });
+// Create an identity
+const identity = bap.newId();
-// Create identity with meaningful name
-const identity = bap.newId('Professional Identity');
-identity.setAttribute('name', 'Satoshi Nakamoto');
+console.log(identity.bapId);       // Deterministic BAP ID
+console.log(identity.rootAddress); // Root Bitcoin address
+console.log(identity.rootPath);    // "bap:0" (counter-based)
-// Generate ID transaction for blockchain
-const idTransaction = identity.getInitialIdTransaction();
+// Create a second identity
+const second = bap.newId();
+console.log(second.rootPath);      // "bap:1"
-// Create attestation hash for verification
-const attestationHash = identity.getAttestationHash('name');
+// Export master backup
+const backup = bap.exportForBackup('My Identities');
 ```
 ### Identity Discovery
-Type 42 identities use sequential counters (`bap:0`, `bap:1`, etc.) for deterministic recovery. This enables identity discovery when restoring from partial backups:
+Type 42 identities use sequential counters (`bap:0`, `bap:1`, etc.) for deterministic recovery. This enables identity discovery when restoring from a backup:
-```javascript
+```typescript
 // Discover identities by checking sequential counters
-async function discoverIdentities(bap, checkExistsOnChain) {
+async function discoverIdentities(bap, existsOnChain) {
   const found = [];
-  for (let i = 0; i < 100; i++) {  // Check first 100 slots
-    const identity = bap.newIdWithCounter(i, `Discovered Identity ${i}`);
-    if (await checkExistsOnChain(identity.getIdentityKey())) {
+  for (let i = 0; i < 100; i++) {
+    const identity = bap.newIdWithCounter(i);
+    if (await existsOnChain(identity.bapId)) {
       found.push(identity);
     }
   }
   return found;
 }
 ```
@@ -160,55 +166,273 @@ async function discoverIdentities(bap, checkExistsOnChain) {
 The BAP ID is defined by the member key at `rootPath`, while the active wallet/signing root follows `currentPath`.
-- `rootPath`: stable member key, used to derive the BAP ID
+- `rootPath`: stable member key path, defines the BAP ID
 - `currentPath`: active wallet root, used for signing and wallet operations
 - `incrementPath()`: rotates the wallet/signing root without changing the BAP ID
-For Type 42 identities the first rotation now moves from `bap:0` to `bap:0:1`, then `bap:0:2`, and so on.
-For backward compatibility, malformed numeric rotation paths created by older buggy Type 42 builds continue rotating numerically (`1` -> `2`). New identities always use the namespaced `bap:<identity>:<rotation>` format.
+For Type 42 identities the first rotation moves from `bap:0` to `bap:0:1`, then `bap:0:2`, and so on.
-```javascript
-const identity = bap.newId('Professional Identity');
+```typescript
+const identity = bap.newId();
-const stableMemberKey = identity.getMemberKey();
-const activeWalletKey = identity.getWalletPubkey();
+const stableBapId = identity.bapId;
 identity.incrementPath();
-// Stable identity linkage
-console.log(identity.getMemberKey() === stableMemberKey); // true
+// BAP ID is unchanged
+console.log(identity.bapId === stableBapId); // true
+// currentPath has advanced
+console.log(identity.currentPath); // "bap:0:1"
+```
+## CLI
+The `bap` CLI manages identities from the terminal. Config is stored at `~/.bap/`.
+### Identity Management
+```bash
+bap create [--name <label>] [--wif <wif>]   # Create new identity
+bap list                                      # List all identities (* = active)
+bap use <bapId>                               # Set active identity
+bap info                                      # Show active identity details
+bap remove <bapId>                            # Remove identity
+```
+### Backup
+```bash
+bap export                                    # Export master backup (JSON to stdout)
+bap export-account [--id <bapId>]             # Export account backup (WIF + bapId)
+bap import <file>                             # Import from backup file
+```
+### Crypto
+```bash
+bap encrypt <data>                            # Encrypt with master key (ECIES)
+bap decrypt <ciphertext>                      # Decrypt with master key
+bap verify <message> <signature> <address>    # Verify BSM signature
+```
+### API Lookups
+```bash
+bap lookup <bapId>                            # Lookup identity on overlay
+bap lookup-address <address>                  # Lookup identity by address
+bap attestations <hash>                       # Get attestations for attribute hash
+```
+### Utilities
+```bash
+bap id-from-address <address>                 # Derive BAP ID from address
+bap id-from-pubkey <pubkey>                   # Derive BAP ID from pubkey
+```
+### Examples
+```bash
+# Create your first identity
+bap create --name "Personal"
+# Create a second identity
+bap create --name "Work"
+# List and switch
+bap list
+bap use <work-bap-id>
+# Export account key for use in a wallet
+bap export-account > account.json
+# Lookup someone on the network
+bap lookup <their-bap-id>
+# Encrypt a note to yourself
+bap encrypt "remember: office safe combo is 1234" > note.enc
+cat note.enc | xargs bap decrypt
+```
+## Migration from 0.1.x
+### Breaking Changes
+| 0.1.x | 0.2.0 | Notes |
+|-------|-------|-------|
+| `identity.identityKey` | `identity.bapId` | Renamed for clarity |
+| `identity.getIdentityKey()` | `identity.bapId` | Now a property |
+| `identity.idName` | Removed | Use external labels |
+| `identity.setAttribute()` | Removed | Attributes removed from core |
+| `identity.signMessage()` | Removed | Use your wallet |
+| `identity.encrypt/decrypt()` | Removed from MasterID | Use `bap.encrypt/decrypt()` for master-level |
+| `identity.getEncryptionPublicKey()` | Removed | Use your wallet |
+| `identity.getCurrentAddress()` | Removed | Use `identity.getAccountKey()` |
+| `MemberID` class | Removed | Use `identity.exportAccountBackup()` |
+| `exportMemberBackup()` | `exportAccountBackup()` | Returns `{ wif, id }` |
+### Migration Path
+```typescript
+// 0.1.x
+const identity = bap.newId('My Identity');
+const key = identity.getIdentityKey();
+const addr = identity.getCurrentAddress();
+const { address, signature } = identity.signMessage(msg);
+// 0.2.0
+const identity = bap.newId();
+const key = identity.bapId;
+const accountKey = identity.getAccountKey(); // Account-level PrivateKey
+const backup = identity.exportAccountBackup(); // { wif, id }
+```
+## Backup Format
+### Master Backup (Type 42)
-// Rotated wallet/signing root
-console.log(identity.getWalletPubkey() === activeWalletKey); // false
+```json
+{
+  "rootPk": "L...",
+  "ids": "<encrypted blob>",
+  "label": "My Identities",
+  "createdAt": "2024-01-01T00:00:00.000Z"
+}
 ```
-### Migration from Legacy Derivation
+### Master Backup (BIP32, legacy)
-Existing identities using the previous (pre-signing-key-derivation) format can be migrated:
+```json
+{
+  "xprv": "xprv...",
+  "ids": "<encrypted blob>",
+  "mnemonic": "word1 word2 ...",
+  "createdAt": "2024-01-01T00:00:00.000Z"
+}
+```
-```javascript
-// Check if identity needs migration
-if (identity.needsRotation(registeredOnChainAddress)) {
-  // Get the rotation transaction OP_RETURN
-  const opReturn = identity.getLegacyRotationTransaction();
+### Account Backup
-  // App handles funding and broadcasting the transaction
-  // This rotates from legacy address to new derived signing address
+```json
+{
+  "wif": "L...",
+  "id": "<bapId>"
 }
+```
+Compatible with [bitcoin-backup](https://github.com/rohenaz/bitcoin-backup).
+## API Reference
+### BAP Class
+The main class for managing identities.
+#### Constructor
+```typescript
+// Type 42 mode (recommended)
+const bap = new BAP({ rootPk: wifKey });
+// BIP32 mode (legacy)
+const bap = new BAP(xprvKey);
+// With API token and custom server
+const bap = new BAP({ rootPk: wifKey }, token, server);
+```
+#### Identity Management
+```typescript
+bap.newId(customPath?: string, idSeed?: string): MasterID
+bap.newIdWithCounter(counter: number): MasterID
+bap.getId(bapId: string): MasterID | null
+bap.listIds(): string[]
+bap.removeId(bapId: string): void
+bap.checkIdBelongs(id: MasterID): boolean
+```
+#### Import / Export
+```typescript
+// Encrypted identity blob (default)
+const encrypted: string = bap.exportIds();
+bap.importIds(encrypted);
+// Unencrypted identity data
+const plain = bap.exportIds(undefined, false);
+bap.importIds(plain, false);
-// Utility methods for migration
-const legacyAddress = identity.getLegacyAddress();  // Pre-derivation address
-const newAddress = identity.getCurrentAddress();     // New derived address
+// Master backup (for bitcoin-backup compatibility)
+const backup = bap.exportForBackup(label?, xprv?, mnemonic?);
 ```
-### Deprecation Notice
+#### Master-Level Crypto
-The BIP32 initialization format using extended private keys (xprv) is deprecated. For new implementations, use Type 42 initialization with `{ rootPk: wifKey }`. The legacy BIP32 format remains supported for backward compatibility but should not be used in new projects.
+```typescript
+// ECIES encryption with the master key
+const ciphertext = bap.encrypt('secret');
+const plaintext = bap.decrypt(ciphertext);
-### Advanced Operations
+// BSM signature verification
+const valid = bap.verifySignature(message, address, signature);
-For detailed API documentation, see the [Library Documentation](src/README.md).
+// Challenge verification via API
+const valid = await bap.verifyChallengeSignature(idKey, address, challenge, signature);
+```
+#### API Lookups
+```typescript
+// Query the BAP overlay network
+const identity = await bap.getIdentity(bapId);
+const identity = await bap.getIdentityFromAddress(address);
+const attestations = await bap.getAttestationsForHash(hash);
+```
+### MasterID Class
+Represents a single identity. Managed through the `BAP` class.
+#### Properties
+```typescript
+identity.bapId: string        // Deterministic BAP ID
+identity.rootAddress: string  // Root Bitcoin address
+identity.rootPath: string     // Derivation path (e.g., "bap:0")
+identity.currentPath: string  // Active path (advances on key rotation)
+identity.previousPath: string
+identity.idSeed: string       // Seed used for sub-derivation
+```
+#### Methods
+```typescript
+// Get the account-level private key
+identity.getAccountKey(): PrivateKey
+// Export identity state
+identity.export(): Identity
+// Export account backup (WIF + BAP ID)
+identity.exportAccountBackup(): BapAccountBackup
+// Import identity state
+identity.import(data: Identity | OldIdentity): void
+```
+### Utility Functions
+```typescript
+import { bapIdFromAddress, bapIdFromPubkey } from 'bsv-bap';
+// Derive BAP ID from a root address
+const bapId = bapIdFromAddress(rootAddress);
+// Derive BAP ID from a member public key (e.g., BRC-31 identity key)
+const bapId = bapIdFromPubkey(pubkeyHex);
+```
 ## Applications
@@ -230,7 +454,7 @@ npm install bigblocks
 ```jsx
 import { BitcoinAuth } from 'bigblocks';
-<BitcoinAuth
+<BitcoinAuth
   onAuthenticated={(identity) => {
     console.log('Authenticated:', identity);
   }}

package/dist/MasterID.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import { type PrivateKey, HD } from "@bsv/sdk";
-import type { Identity, OldIdentity } from "./interface";
+import type { BapAccountBackup, Identity, OldIdentity } from "./interface";
 interface Type42KeySource {
     rootPk: PrivateKey;
 }
@@ -18,5 +18,6 @@ declare class MasterID {
     validatePath(path: string): boolean;
     import(identity: Identity | OldIdentity): void;
     export(): Identity;
+    exportAccountBackup(): BapAccountBackup;
 }
 export { MasterID };

package/dist/constants.d.ts CHANGED Viewed

@@ -2,7 +2,7 @@ export declare const BAP_BITCOM_ADDRESS = "1BAPSuaPnfGnSBM3GLV9yhxUdYe4vGbdMT";
 export declare const BAP_BITCOM_ADDRESS_HEX: string;
 export declare const AIP_BITCOM_ADDRESS = "15PciHG22SNLQJXMoSUaWVi7WSqc7hCfva";
 export declare const AIP_BITCOM_ADDRESS_HEX: string;
-export declare const BAP_SERVER = "https://api.sigmaidentity.com/v1";
+export declare const BAP_SERVER = "https://api.1sat.app/1sat/bap";
 export declare const MAX_INT: number;
 export declare const SIGNING_PATH_PREFIX = "m/424150'/0'/0'";
 export declare const ENCRYPTION_PATH = "m/424150'/2147483647'/2147483647'";

package/dist/index.d.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import { type APIFetcher } from "./api";
 import type { AttestationValidResponse, GetAttestationResponse, GetIdentityByAddressResponse, GetIdentityResponse } from "./apiTypes";
 import { MasterID } from "./MasterID";
-import type { Attestation, Identity, OldIdentity, PathPrefix } from "./interface";
+import type { Attestation, BapAccountBackup, Identity, OldIdentity, PathPrefix } from "./interface";
 type Identities = {
     lastIdPath: string;
     ids: Identity[];
@@ -64,5 +64,5 @@ export declare class BAP {
 }
 export { MasterID };
 export { bapIdFromAddress, bapIdFromPubkey } from "./utils";
-export type { Attestation, Identity, PathPrefix, Type42Params, };
+export type { Attestation, BapAccountBackup, Identity, PathPrefix, Type42Params, };
 export * from "./apiTypes";

package/dist/index.modern.js CHANGED Viewed

@@ -1,4 +1,4 @@
 // @bun
-import{BSM as V,BigNumber as r,ECIES as T,HD as K,OP as D,Signature as x,PrivateKey as s}from"@bsv/sdk";import{Utils as I}from"@bsv/sdk";var R=async(f,o,w,$)=>{let z=`${w}${f}`;return(await fetch(z,{method:"post",headers:{"Content-type":"application/json; charset=utf-8",token:$,format:"json"},body:JSON.stringify(o)})).json()},N=(f,o)=>async(w,$)=>{return R(w,$,f,o)};import{Utils as _}from"@bsv/sdk";var{toHex:A,toArray:M}=_,k="1BAPSuaPnfGnSBM3GLV9yhxUdYe4vGbdMT",n=A(M(k)),b="15PciHG22SNLQJXMoSUaWVi7WSqc7hCfva",y=A(M(b)),O="https://api.sigmaidentity.com/v1",J=2147483647,Q="m/424150'/0'/0'",X=`m/424150'/${J}'/${J}'`;import{Hash as g,HD as S,Utils as l}from"@bsv/sdk";import{Hash as U,PublicKey as B,Utils as H}from"@bsv/sdk";var{toHex:i,toBase58:c}=H;function h(f){let o=i(U.sha256(f,"utf8"));return c(U.ripemd160(o,"hex"))}function v(f){let o=B.fromString(f);return h(o.toAddress())}var F={getRandomBytes(f=32){if(typeof globalThis!=="undefined"&&globalThis.crypto&&globalThis.crypto.getRandomValues){let o=new Uint8Array(f);return globalThis.crypto.getRandomValues(o),o}throw new Error("Secure random number generation not available. crypto.getRandomValues() is required for cryptographic operations. This environment may not be suitable for secure key generation.")},getRandomString(f=32){let o=this.getRandomBytes(f);return Array.from(o,(w)=>w.toString(16).padStart(2,"0")).join("")},getSigningPathFromHex(f,o=!0){let w="m",$=f.match(/.{1,8}/g);if(!$)throw new Error("Invalid hex string");let z=2147483647;for(let j of $){let G=Number(`0x${j}`);if(G>z)G-=z;w+=`/${G}${o?"'":""}`}return w},getNextIdentityPath(f){let o=f.split("/"),w=o[o.length-2],$=!1;if(w.match("'"))$=!0;let z=(Number(w.replace(/[^0-9]/g,""))+1).toString();return o[o.length-2]=z+($?"'":""),o[o.length-1]=`0${$?"'":""}`,o.join("/")},getNextPath(f){let o=f.match(/^bap:(\d+)(?::(\d+))?$/);if(o){let G=o[1],Z=o[2];if(Z===void 0)return`bap:${G}:1`;return`bap:${G}:${Number(Z)+1}`}if(/^\d+$/.test(f))return(Number(f)+1).toString();if(!f.includes("/"))throw new Error(`Unsupported non-BIP32 path: ${f}`);let w=f.split("/"),$=w[w.length-1],z=!1;if($.match("'"))z=!0;let j=(Number($.replace(/[^0-9]/g,""))+1).toString();return w[w.length-1]=j+(z?"'":""),w.join("/")}};class q{#o;#f;#w;#$;#z;#j;#G;rootAddress;bapId;constructor(f,o=""){if(f instanceof S)if(this.#w=!1,o){let w=l.toHex(g.sha256(o,"utf8")),$=F.getSigningPathFromHex(w);this.#o=f.derive($)}else this.#o=f;else if(this.#w=!0,this.#f=f.rootPk,o){let w=l.toHex(g.sha256(o,"utf8"));this.#f=this.#f.deriveChild(this.#f.toPublicKey(),w)}if(this.#G=o,this.#$=`${Q}/0/0/0`,this.#j=`${Q}/0/0/0`,this.#z=`${Q}/0/0/1`,this.#w){if(!this.#f)throw new Error("Master private key not initialized");let w=this.#f.deriveChild(this.#f.toPublicKey(),this.#$);this.rootAddress=w.toPublicKey().toAddress()}else{if(!this.#o)throw new Error("HD private key not initialized");let w=this.#o.derive(this.#$);this.rootAddress=w.privKey.toPublicKey().toAddress()}this.bapId=h(this.rootAddress)}set rootPath(f){if(this.#w){if(this.#$=f,!this.#f)throw new Error("Master private key not initialized");let o=this.#f.deriveChild(this.#f.toPublicKey(),f);this.rootAddress=o.toPublicKey().toAddress(),this.#j=f,this.#z=f}else{let o=f;if(f.split("/").length<5)o=`${Q}${f}`;if(!this.validatePath(o))throw new Error(`invalid signing path given ${o}`);if(this.#$=o,!this.#o)throw new Error("HD private key not initialized");let w=this.#o.derive(o);this.rootAddress=w.pubKey.toAddress(),this.#j=o,this.#z=o}this.bapId=h(this.rootAddress)}get rootPath(){return this.#$}set currentPath(f){if(this.#w)this.#j=this.#z,this.#z=f;else{let o=f;if(f.split("/").length<5)o=`${Q}${f}`;if(!this.validatePath(o))throw new Error("invalid signing path given");this.#j=this.#z,this.#z=o}}get currentPath(){return this.#z}get previousPath(){return this.#j}get idSeed(){return this.#G}getAccountKey(){if(this.#w){if(!this.#f)throw new Error("Master private key not initialized");return this.#f}if(!this.#o)throw new Error("HD private key not initialized");return this.#o.privKey}validatePath(f){if(f.match(/\/[0-9]{1,10}'?\/[0-9]{1,10}'?\/[0-9]{1,10}'?\/[0-9]{1,10}'?\/[0-9]{1,10}'?\/[0-9]{1,10}'?/)){let o=f.split("/");if(o.length===7&&Number(o[1].replace("'",""))<=J&&Number(o[2].replace("'",""))<=J&&Number(o[3].replace("'",""))<=J&&Number(o[4].replace("'",""))<=J&&Number(o[5].replace("'",""))<=J&&Number(o[6].replace("'",""))<=J)return!0}return!1}import(f){this.bapId="bapId"in f?f.bapId:f.identityKey,this.#$=f.rootPath,this.rootAddress=f.rootAddress,this.#j=f.previousPath,this.#z=f.currentPath,this.#G=("idSeed"in f?f.idSeed:"")||""}export(){return{bapId:this.bapId,rootPath:this.#$,rootAddress:this.rootAddress,previousPath:this.#j,currentPath:this.#z,idSeed:this.#G,lastIdPath:""}}}var{toArray:Y,toUTF8:W,toBase64:C,toHex:L}=I,{electrumEncrypt:u,electrumDecrypt:E}=T;class m{#o;#f;#w;#$={};#z=O;#j="";#G="";#J=0;getApiData;constructor(f,o="",w=""){if(!f)throw new Error("No key source given");if(typeof f==="string")this.#o=K.fromString(f),this.#w=!1;else this.#f=s.fromWif(f.rootPk),this.#w=!0;if(o)this.#j=o;if(w)this.#z=w;this.getApiData=N(this.#z,this.#j)}get lastIdPath(){return this.#G}getPublicKey(f=""){if(this.#w){if(!this.#f)throw new Error("Master private key not initialized");if(f)return this.#f.deriveChild(this.#f.toPublicKey(),f).toPublicKey().toString();return this.#f.toPublicKey().toString()}if(!this.#o)throw new Error("HD private key not initialized");if(f)return this.#o.derive(f).pubKey.toString();return this.#o.pubKey.toString()}getHdPublicKey(f=""){if(this.#w)throw new Error("HD public keys are not available in Type 42 mode");if(!this.#o)throw new Error("HD private key not initialized");if(f)return this.#o.derive(f).toPublic().toString();return this.#o.toPublic().toString()}set BAP_SERVER(f){this.#z=f}get BAP_SERVER(){return this.#z}set BAP_TOKEN(f){this.#j=f}get BAP_TOKEN(){return this.#j}checkIdBelongs(f){let o;if(this.#w){if(!this.#f)throw new Error("Master private key not initialized");o=this.#f.deriveChild(this.#f.toPublicKey(),f.rootPath).toPublicKey().toAddress()}else{if(!this.#o)throw new Error("HD private key not initialized");o=this.#o.derive(f.rootPath).pubKey.toAddress()}if(o!==f.rootAddress)throw new Error("ID does not belong to this private key");return!0}listIds(){return Object.keys(this.#$)}newId(f,o=""){let w;if(f)w=f;else if(this.#w)w=`bap:${this.#J}`,this.#J++;else w=this.getNextValidPath();let $;if(this.#w){if(!this.#f)throw new Error("Type 42 parameters not initialized");$=new q({rootPk:this.#f},o)}else{if(!this.#o)throw new Error("HD private key not initialized");$=new q(this.#o,o)}if($.rootPath=w,this.#w)$.currentPath=w;else $.currentPath=F.getNextPath(w);return this.#$[$.bapId]=$,this.#G=w,this.#$[$.bapId]}removeId(f){delete this.#$[f]}getNextValidPath(){if(this.#G)return F.getNextIdentityPath(this.#G);return`/0'/${Object.keys(this.#$).length}'/0'`}newIdWithCounter(f){if(!this.#w)throw new Error("newIdWithCounter only works in Type 42 mode");return this.newId(`bap:${f}`)}getId(f){return this.#$[f]||null}setId(f){this.checkIdBelongs(f),this.#$[f.bapId]=f}importIds(f,o=!0){if(o&&typeof f==="string"){this.importEncryptedIds(f);return}let w=f;if(!w.lastIdPath)throw new Error("ID cannot be imported as it is not complete");if(!w.ids)throw new Error(`ID data is not in the correct format: ${f}`);let $=w.lastIdPath;for(let z of w.ids){if(!z.rootAddress)throw new Error("ID cannot be imported as it is not complete");let j;if(this.#w){if(!this.#f)throw new Error("Type 42 parameters not initialized");j=new q({rootPk:this.#f},z.idSeed)}else{if(!this.#o)throw new Error("HD private key not initialized");j=new q(this.#o,z.idSeed)}if(j.import(z),$==="")$=j.currentPath;if(this.checkIdBelongs(j),this.#$[j.bapId]=j,this.#w&&j.rootPath.startsWith("bap:")){let G=j.rootPath.split(":");if(G.length>=2){let Z=Number.parseInt(G[1],10);if(!Number.isNaN(Z))this.#J=Math.max(this.#J,Z+1)}}}this.#G=$}importEncryptedIds(f){let o=this.decrypt(f),w=JSON.parse(o);if(Array.isArray(w)){this.importOldIds(w);return}if(typeof w!=="object")throw new Error("decrypted, but found unrecognized identities format");this.importIds(w,!1)}importOldIds(f){for(let o of f){let w;if(this.#w){if(!this.#f)throw new Error("Type 42 parameters not initialized");w=new q({rootPk:this.#f},o.idSeed??"")}else{if(!this.#o)throw new Error("HD private key not initialized");w=new q(this.#o,o.idSeed??"")}w.import(o),this.checkIdBelongs(w),this.#$[w.bapId]=w,this.#G=w.currentPath}}exportIds(f,o=!0){let w={lastIdPath:this.#G,ids:[]},$=f||Object.keys(this.#$);for(let z of $){if(!this.#$[z])throw new Error(`Identity ${z} not found`);w.ids.push(this.#$[z].export())}if(o)return this.encrypt(JSON.stringify(w));return w}exportId(f,o=!0){let w={lastIdPath:this.#G,ids:[]};if(w.ids.push(this.#$[f].export()),o)return this.encrypt(JSON.stringify(w));return w}encrypt(f){if(this.#w){if(!this.#f)throw new Error("Master private key not initialized");let w=this.#f.deriveChild(this.#f.toPublicKey(),X);return C(u(Y(f),w.toPublicKey()))}if(!this.#o)throw new Error("HD private key not initialized");let o=this.#o.derive(X);return C(u(Y(f),o.pubKey))}decrypt(f){if(this.#w){if(!this.#f)throw new Error("Master private key not initialized");let w=this.#f.deriveChild(this.#f.toPublicKey(),X);return W(E(Y(f,"base64"),w))}if(!this.#o)throw new Error("HD private key not initialized");let o=this.#o.derive(X);return W(E(Y(f,"base64"),o.privKey))}verifyAttestationWithAIP(f){if(!f.every(($)=>Array.isArray($))||f[0][0]!==D.OP_RETURN||L(f[1])!==n)throw new Error("Not a valid BAP transaction");let o=L(f[7])==="44415441"?5:0,w={type:W(f[2]),hash:L(f[3]),sequence:W(f[4]),signingProtocol:W(f[7+o]),signingAddress:W(f[8+o]),signature:C(f[9+o])};if(o&&f[3]===f[8])w.data=L(f[9]);try{let $=[];for(let z=0;z<6+o;z++)$.push(f[z]);w.verified=this.verifySignature($.flat(),w.signingAddress,w.signature)}catch{w.verified=!1}return w}verifySignature(f,o,w){let $;if(Array.isArray(f))$=f;else if(Buffer.isBuffer(f))$=[...f];else $=Y(f,"utf8");let z=x.fromCompact(w,"base64");for(let j=0;j<4;j++)try{let G=z.RecoverPublicKey(j,new r(V.magicHash($)));if(V.verify($,z,G)&&G.toAddress()===o)return!0}catch{}return!1}async verifyChallengeSignature(f,o,w,$){if(!this.verifySignature(w,o,$))return!1;try{let j=await this.getApiData("/attestation/valid",{idKey:f,address:o,challenge:w,signature:$});return j?.status==="success"&&j?.result?.valid===!0}catch{return!1}}async isValidAttestationTransaction(f){if(this.verifyAttestationWithAIP(f))return this.getApiData("/attestation/valid",{tx:f});return!1}async getIdentityFromAddress(f){return this.getApiData("/identity/validByAddress",{address:f})}async getIdentity(f){return this.getApiData("/identity/get",{idKey:f})}async getAttestationsForHash(f){return this.getApiData("/attestations",{hash:f})}exportForBackup(f,o,w){let z={ids:this.exportIds(),...f&&{label:f},createdAt:new Date().toISOString()};if(this.#w){if(!this.#f)throw new Error("Type 42 parameters not initialized");return{...z,rootPk:this.#f.toWif()}}if(!this.#o)throw new Error("HD private key not initialized");return{...z,xprv:o||this.#o.toString(),mnemonic:w||""}}}export{v as bapIdFromPubkey,h as bapIdFromAddress,q as MasterID,m as BAP};
+import{BSM as l,BigNumber as S,ECIES as T,HD as K,OP as D,Signature as x,PrivateKey as s}from"@bsv/sdk";import{Utils as I}from"@bsv/sdk";var R=async(o,f,w,$)=>{let z=`${w}${o}`;return(await fetch(z,{method:"post",headers:{"Content-type":"application/json; charset=utf-8",token:$,format:"json"},body:JSON.stringify(f)})).json()},n=(o,f)=>async(w,$)=>{return R(w,$,o,f)};import{Utils as _}from"@bsv/sdk";var{toHex:C,toArray:N}=_,c="1BAPSuaPnfGnSBM3GLV9yhxUdYe4vGbdMT",u=C(N(c)),k="15PciHG22SNLQJXMoSUaWVi7WSqc7hCfva",y=C(N(k)),M="https://api.1sat.app/1sat/bap",J=2147483647,h="m/424150'/0'/0'",Z=`m/424150'/${J}'/${J}'`;import{Hash as U,HD as v,Utils as g}from"@bsv/sdk";import{Hash as O,PublicKey as B,Utils as i}from"@bsv/sdk";var{toHex:b,toBase58:H}=i;function X(o){let f=b(O.sha256(o,"utf8"));return H(O.ripemd160(f,"hex"))}function r(o){let f=B.fromString(o);return X(f.toAddress())}var F={getRandomBytes(o=32){if(typeof globalThis<"u"&&globalThis.crypto&&globalThis.crypto.getRandomValues){let f=new Uint8Array(o);return globalThis.crypto.getRandomValues(f),f}throw Error("Secure random number generation not available. crypto.getRandomValues() is required for cryptographic operations. This environment may not be suitable for secure key generation.")},getRandomString(o=32){let f=this.getRandomBytes(o);return Array.from(f,(w)=>w.toString(16).padStart(2,"0")).join("")},getSigningPathFromHex(o,f=!0){let w="m",$=o.match(/.{1,8}/g);if(!$)throw Error("Invalid hex string");let z=2147483647;for(let j of $){let G=Number(`0x${j}`);if(G>z)G-=z;w+=`/${G}${f?"'":""}`}return w},getNextIdentityPath(o){let f=o.split("/"),w=f[f.length-2],$=!1;if(w.match("'"))$=!0;let z=(Number(w.replace(/[^0-9]/g,""))+1).toString();return f[f.length-2]=z+($?"'":""),f[f.length-1]=`0${$?"'":""}`,f.join("/")},getNextPath(o){let f=o.match(/^bap:(\d+)(?::(\d+))?$/);if(f){let G=f[1],Q=f[2];if(Q===void 0)return`bap:${G}:1`;return`bap:${G}:${Number(Q)+1}`}if(/^\d+$/.test(o))return(Number(o)+1).toString();if(!o.includes("/"))throw Error(`Unsupported non-BIP32 path: ${o}`);let w=o.split("/"),$=w[w.length-1],z=!1;if($.match("'"))z=!0;let j=(Number($.replace(/[^0-9]/g,""))+1).toString();return w[w.length-1]=j+(z?"'":""),w.join("/")}};class W{#f;#o;#w;#$;#z;#j;#G;rootAddress;bapId;constructor(o,f=""){if(o instanceof v)if(this.#w=!1,f){let w=g.toHex(U.sha256(f,"utf8")),$=F.getSigningPathFromHex(w);this.#f=o.derive($)}else this.#f=o;else if(this.#w=!0,this.#o=o.rootPk,f){let w=g.toHex(U.sha256(f,"utf8"));this.#o=this.#o.deriveChild(this.#o.toPublicKey(),w)}if(this.#G=f,this.#$=`${h}/0/0/0`,this.#j=`${h}/0/0/0`,this.#z=`${h}/0/0/1`,this.#w){if(!this.#o)throw Error("Master private key not initialized");let w=this.#o.deriveChild(this.#o.toPublicKey(),this.#$);this.rootAddress=w.toPublicKey().toAddress()}else{if(!this.#f)throw Error("HD private key not initialized");let w=this.#f.derive(this.#$);this.rootAddress=w.privKey.toPublicKey().toAddress()}this.bapId=X(this.rootAddress)}set rootPath(o){if(this.#w){if(this.#$=o,!this.#o)throw Error("Master private key not initialized");let f=this.#o.deriveChild(this.#o.toPublicKey(),o);this.rootAddress=f.toPublicKey().toAddress(),this.#j=o,this.#z=o}else{let f=o;if(o.split("/").length<5)f=`${h}${o}`;if(!this.validatePath(f))throw Error(`invalid signing path given ${f}`);if(this.#$=f,!this.#f)throw Error("HD private key not initialized");let w=this.#f.derive(f);this.rootAddress=w.pubKey.toAddress(),this.#j=f,this.#z=f}this.bapId=X(this.rootAddress)}get rootPath(){return this.#$}set currentPath(o){if(this.#w)this.#j=this.#z,this.#z=o;else{let f=o;if(o.split("/").length<5)f=`${h}${o}`;if(!this.validatePath(f))throw Error("invalid signing path given");this.#j=this.#z,this.#z=f}}get currentPath(){return this.#z}get previousPath(){return this.#j}get idSeed(){return this.#G}getAccountKey(){if(this.#w){if(!this.#o)throw Error("Master private key not initialized");return this.#o}if(!this.#f)throw Error("HD private key not initialized");return this.#f.privKey}validatePath(o){if(o.match(/\/[0-9]{1,10}'?\/[0-9]{1,10}'?\/[0-9]{1,10}'?\/[0-9]{1,10}'?\/[0-9]{1,10}'?\/[0-9]{1,10}'?/)){let f=o.split("/");if(f.length===7&&Number(f[1].replace("'",""))<=J&&Number(f[2].replace("'",""))<=J&&Number(f[3].replace("'",""))<=J&&Number(f[4].replace("'",""))<=J&&Number(f[5].replace("'",""))<=J&&Number(f[6].replace("'",""))<=J)return!0}return!1}import(o){this.bapId="bapId"in o?o.bapId:o.identityKey,this.#$=o.rootPath,this.rootAddress=o.rootAddress,this.#j=o.previousPath,this.#z=o.currentPath,this.#G=("idSeed"in o?o.idSeed:"")||""}export(){return{bapId:this.bapId,rootPath:this.#$,rootAddress:this.rootAddress,previousPath:this.#j,currentPath:this.#z,idSeed:this.#G,lastIdPath:""}}exportAccountBackup(){return{wif:this.getAccountKey().toWif(),id:this.bapId}}}var{toArray:Y,toUTF8:q,toBase64:L,toHex:A}=I,{electrumEncrypt:V,electrumDecrypt:E}=T;class m{#f;#o;#w;#$={};#z=M;#j="";#G="";#J=0;getApiData;constructor(o,f="",w=""){if(!o)throw Error("No key source given");if(typeof o==="string")this.#f=K.fromString(o),this.#w=!1;else this.#o=s.fromWif(o.rootPk),this.#w=!0;if(f)this.#j=f;if(w)this.#z=w;this.getApiData=n(this.#z,this.#j)}get lastIdPath(){return this.#G}getPublicKey(o=""){if(this.#w){if(!this.#o)throw Error("Master private key not initialized");if(o)return this.#o.deriveChild(this.#o.toPublicKey(),o).toPublicKey().toString();return this.#o.toPublicKey().toString()}if(!this.#f)throw Error("HD private key not initialized");if(o)return this.#f.derive(o).pubKey.toString();return this.#f.pubKey.toString()}getHdPublicKey(o=""){if(this.#w)throw Error("HD public keys are not available in Type 42 mode");if(!this.#f)throw Error("HD private key not initialized");if(o)return this.#f.derive(o).toPublic().toString();return this.#f.toPublic().toString()}set BAP_SERVER(o){this.#z=o}get BAP_SERVER(){return this.#z}set BAP_TOKEN(o){this.#j=o}get BAP_TOKEN(){return this.#j}checkIdBelongs(o){let f;if(this.#w){if(!this.#o)throw Error("Master private key not initialized");f=this.#o.deriveChild(this.#o.toPublicKey(),o.rootPath).toPublicKey().toAddress()}else{if(!this.#f)throw Error("HD private key not initialized");f=this.#f.derive(o.rootPath).pubKey.toAddress()}if(f!==o.rootAddress)throw Error("ID does not belong to this private key");return!0}listIds(){return Object.keys(this.#$)}newId(o,f=""){let w;if(o)w=o;else if(this.#w)w=`bap:${this.#J}`,this.#J++;else w=this.getNextValidPath();let $;if(this.#w){if(!this.#o)throw Error("Type 42 parameters not initialized");$=new W({rootPk:this.#o},f)}else{if(!this.#f)throw Error("HD private key not initialized");$=new W(this.#f,f)}if($.rootPath=w,this.#w)$.currentPath=w;else $.currentPath=F.getNextPath(w);return this.#$[$.bapId]=$,this.#G=w,this.#$[$.bapId]}removeId(o){delete this.#$[o]}getNextValidPath(){if(this.#G)return F.getNextIdentityPath(this.#G);return`/0'/${Object.keys(this.#$).length}'/0'`}newIdWithCounter(o){if(!this.#w)throw Error("newIdWithCounter only works in Type 42 mode");return this.newId(`bap:${o}`)}getId(o){return this.#$[o]||null}setId(o){this.checkIdBelongs(o),this.#$[o.bapId]=o}importIds(o,f=!0){if(f&&typeof o==="string"){this.importEncryptedIds(o);return}let w=o;if(!w.lastIdPath)throw Error("ID cannot be imported as it is not complete");if(!w.ids)throw Error(`ID data is not in the correct format: ${o}`);let $=w.lastIdPath;for(let z of w.ids){if(!z.rootAddress)throw Error("ID cannot be imported as it is not complete");let j;if(this.#w){if(!this.#o)throw Error("Type 42 parameters not initialized");j=new W({rootPk:this.#o},z.idSeed)}else{if(!this.#f)throw Error("HD private key not initialized");j=new W(this.#f,z.idSeed)}if(j.import(z),$==="")$=j.currentPath;if(this.checkIdBelongs(j),this.#$[j.bapId]=j,this.#w&&j.rootPath.startsWith("bap:")){let G=j.rootPath.split(":");if(G.length>=2){let Q=Number.parseInt(G[1],10);if(!Number.isNaN(Q))this.#J=Math.max(this.#J,Q+1)}}}this.#G=$}importEncryptedIds(o){let f=this.decrypt(o),w=JSON.parse(f);if(Array.isArray(w)){this.importOldIds(w);return}if(typeof w!=="object")throw Error("decrypted, but found unrecognized identities format");this.importIds(w,!1)}importOldIds(o){for(let f of o){let w;if(this.#w){if(!this.#o)throw Error("Type 42 parameters not initialized");w=new W({rootPk:this.#o},f.idSeed??"")}else{if(!this.#f)throw Error("HD private key not initialized");w=new W(this.#f,f.idSeed??"")}w.import(f),this.checkIdBelongs(w),this.#$[w.bapId]=w,this.#G=w.currentPath}}exportIds(o,f=!0){let w={lastIdPath:this.#G,ids:[]},$=o||Object.keys(this.#$);for(let z of $){if(!this.#$[z])throw Error(`Identity ${z} not found`);w.ids.push(this.#$[z].export())}if(f)return this.encrypt(JSON.stringify(w));return w}exportId(o,f=!0){let w={lastIdPath:this.#G,ids:[]};if(w.ids.push(this.#$[o].export()),f)return this.encrypt(JSON.stringify(w));return w}encrypt(o){if(this.#w){if(!this.#o)throw Error("Master private key not initialized");let w=this.#o.deriveChild(this.#o.toPublicKey(),Z);return L(V(Y(o),w.toPublicKey()))}if(!this.#f)throw Error("HD private key not initialized");let f=this.#f.derive(Z);return L(V(Y(o),f.pubKey))}decrypt(o){if(this.#w){if(!this.#o)throw Error("Master private key not initialized");let w=this.#o.deriveChild(this.#o.toPublicKey(),Z);return q(E(Y(o,"base64"),w))}if(!this.#f)throw Error("HD private key not initialized");let f=this.#f.derive(Z);return q(E(Y(o,"base64"),f.privKey))}verifyAttestationWithAIP(o){if(!o.every(($)=>Array.isArray($))||o[0][0]!==D.OP_RETURN||A(o[1])!==u)throw Error("Not a valid BAP transaction");let f=A(o[7])==="44415441"?5:0,w={type:q(o[2]),hash:A(o[3]),sequence:q(o[4]),signingProtocol:q(o[7+f]),signingAddress:q(o[8+f]),signature:L(o[9+f])};if(f&&o[3]===o[8])w.data=A(o[9]);try{let $=[];for(let z=0;z<6+f;z++)$.push(o[z]);w.verified=this.verifySignature($.flat(),w.signingAddress,w.signature)}catch{w.verified=!1}return w}verifySignature(o,f,w){let $;if(Array.isArray(o))$=o;else if(Buffer.isBuffer(o))$=[...o];else $=Y(o,"utf8");let z=x.fromCompact(w,"base64");for(let j=0;j<4;j++)try{let G=z.RecoverPublicKey(j,new S(l.magicHash($)));if(l.verify($,z,G)&&G.toAddress()===f)return!0}catch{}return!1}async verifyChallengeSignature(o,f,w,$){if(!this.verifySignature(w,f,$))return!1;try{let j=await this.getApiData("/attestation/valid",{idKey:o,address:f,challenge:w,signature:$});return j?.status==="success"&&j?.result?.valid===!0}catch{return!1}}async isValidAttestationTransaction(o){if(this.verifyAttestationWithAIP(o))return this.getApiData("/attestation/valid",{tx:o});return!1}async getIdentityFromAddress(o){return this.getApiData("/identity/validByAddress",{address:o})}async getIdentity(o){return this.getApiData("/identity/get",{idKey:o})}async getAttestationsForHash(o){return this.getApiData("/attestations",{hash:o})}exportForBackup(o,f,w){let z={ids:this.exportIds(),...o&&{label:o},createdAt:new Date().toISOString()};if(this.#w){if(!this.#o)throw Error("Type 42 parameters not initialized");return{...z,rootPk:this.#o.toWif()}}if(!this.#f)throw Error("HD private key not initialized");return{...z,xprv:f||this.#f.toString(),mnemonic:w||""}}}export{r as bapIdFromPubkey,X as bapIdFromAddress,W as MasterID,m as BAP};
-//# debugId=23864B19C0C06C4464756E2164756E21
+//# debugId=72AB6104FF4A54F364756E2164756E21