clawrtc 1.1.0 → 1.2.0

package/bin/clawrtc.js

@@ -5,10 +5,12 @@
  * Modern machines get 1x multiplier. Vintage hardware gets bonus.
  * VMs are detected and penalized — real iron only.
  *
+ * All miner scripts are bundled with this package — no external downloads.
+ * Network endpoint uses CA-signed TLS certificate.
+ *
  * Security:
- *   clawrtc install --dry-run      Preview without downloading
- *   clawrtc install --show-urls    Show exact download sources
- *   clawrtc install --verify       Show SHA256 hashes after download
+ *   clawrtc install --dry-run      Preview without installing
+ *   clawrtc install --verify       Show SHA256 hashes of bundled files
  *   clawrtc start --service        Opt-in background service
  */
 
@@ -16,16 +18,15 @@ const { execSync, spawn } = require('child_process');
 const crypto = require('crypto');
 const fs = require('fs');
 const https = require('https');
-const http = require('http');
 const os = require('os');
 const path = require('path');
 const readline = require('readline');
 
-const VERSION = '1.1.0';
-const REPO_BASE = 'https://raw.githubusercontent.com/Scottcjn/Rustchain/main';
+const VERSION = '1.2.0';
 const INSTALL_DIR = path.join(os.homedir(), '.clawrtc');
 const VENV_DIR = path.join(INSTALL_DIR, 'venv');
-const NODE_URL = 'https://50.28.86.131';
+const NODE_URL = 'https://bulbous-bouffant.metalseed.net';
+const DATA_DIR = path.join(__dirname, '..', 'data');
 
 // ANSI colors
 const C = '\x1b[36m', G = '\x1b[32m', R = '\x1b[31m', Y = '\x1b[33m';
@@ -35,33 +36,17 @@ const log = (m) => console.log(`${C}[clawrtc]${NC} ${m}`);
 const ok = (m) => console.log(`${G}[OK]${NC} ${m}`);
 const warn = (m) => console.log(`${Y}[WARN]${NC} ${m}`);
 
+// Bundled files shipped with the package
+const BUNDLED_FILES = [
+    ['miner.py', 'miner.py'],
+    ['fingerprint_checks.py', 'fingerprint_checks.py'],
+];
+
 function sha256File(filepath) {
     const data = fs.readFileSync(filepath);
     return crypto.createHash('sha256').update(data).digest('hex');
 }
 
-function downloadFile(url, dest) {
-    return new Promise((resolve, reject) => {
-        const file = fs.createWriteStream(dest);
-        const mod = url.startsWith('https') ? https : http;
-        const opts = { rejectUnauthorized: false };
-        mod.get(url, opts, (res) => {
-            if (res.statusCode >= 300 && res.statusCode < 400 && res.headers.location) {
-                file.close();
-                fs.unlinkSync(dest);
-                return downloadFile(res.headers.location, dest).then(resolve).catch(reject);
-            }
-            res.pipe(file);
-            file.on('finish', () => {
-                file.close();
-                const size = fs.statSync(dest).size;
-                if (size < 100) return reject(new Error(`File too small (${size} bytes)`));
-                resolve(size);
-            });
-        }).on('error', (e) => { file.close(); reject(e); });
-    });
-}
-
 function ask(prompt) {
     const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
     return new Promise((resolve) => {
@@ -88,33 +73,21 @@ function detectVM() {
     return hints;
 }
 
-function getDownloadUrls() {
-    const plat = os.platform();
-    const downloads = [
-        [`${REPO_BASE}/miners/linux/fingerprint_checks.py`, 'fingerprint_checks.py'],
-    ];
-    if (plat === 'linux') {
-        downloads.push([`${REPO_BASE}/miners/linux/rustchain_linux_miner.py`, 'miner.py']);
-    } else if (plat === 'darwin') {
-        downloads.push([`${REPO_BASE}/miners/macos/rustchain_mac_miner_v2.4.py`, 'miner.py']);
-    }
-    return downloads;
-}
-
 function showConsentDisclosure() {
     console.log(`
     ${B}What ClawRTC will do:${NC}
 
-      ${C}1. Download${NC}  Two Python scripts from the RustChain GitHub repository:
+      ${C}1. Extract${NC}   Two Python scripts bundled with this package:
          - fingerprint_checks.py  (hardware detection)
          - miner.py               (attestation client)
-         Source: ${REPO_BASE}
+         ${D}No external downloads — all code ships with the package.${NC}
 
       ${C}2. Install${NC}   A Python virtual environment in ~/.clawrtc/
          with one dependency: 'requests' (HTTP library)
 
       ${C}3. Attest${NC}    When started, the miner contacts the RustChain network
          every few minutes to prove your hardware is real.
+         Endpoint: ${NODE_URL} (CA-signed TLS certificate)
 
       ${C}4. Collect${NC}   Hardware fingerprint data sent during attestation:
          - CPU model, architecture, vendor
@@ -128,9 +101,9 @@ function showConsentDisclosure() {
 
     ${D}Verify yourself:${NC}
       clawrtc install --dry-run      Preview without installing
-      clawrtc install --show-urls    See exact download URLs
+      clawrtc install --verify       Show SHA256 hashes of bundled files
       Source code: https://github.com/Scottcjn/Rustchain
-      Block explorer: https://50.28.86.131/explorer
+      Block explorer: ${NODE_URL}/explorer
 `);
 }
 
@@ -158,21 +131,24 @@ ${D}  Version ${VERSION}${NC}
         process.exit(1);
     }
 
-    // --show-urls: print URLs and exit
-    if (flags.showUrls) {
-        log('Files that will be downloaded:');
-        for (const [url, filename] of getDownloadUrls()) {
-            console.log(`  ${filename}: ${url}`);
+    // --verify: show bundled file hashes and exit
+    if (flags.verify) {
+        log('Bundled file hashes (SHA256):');
+        for (const [srcName, destName] of BUNDLED_FILES) {
+            const src = path.join(DATA_DIR, srcName);
+            if (fs.existsSync(src)) {
+                console.log(`  ${destName}: ${sha256File(src)}`);
+            } else {
+                console.log(`  ${destName}: NOT FOUND in package`);
+            }
         }
-        console.log(`\n  Network node: ${NODE_URL}`);
-        console.log(`  Source repo: https://github.com/Scottcjn/Rustchain`);
         return;
     }
 
     // --dry-run: show what would happen
     if (flags.dryRun) {
         showConsentDisclosure();
-        log('DRY RUN — no files downloaded, no services created.');
+        log('DRY RUN — no files extracted, no services created.');
         return;
     }
 
@@ -191,14 +167,14 @@ ${D}  Version ${VERSION}${NC}
     if (vmHints.length > 0) {
         console.log(`
 ${R}${B}  ╔══════════════════════════════════════════════════════════╗
-  ║              ⚠  VM DETECTED — READ THIS  ⚠             ║
+  ║              VM DETECTED — READ THIS               ║
   ╠══════════════════════════════════════════════════════════╣
   ║  This machine appears to be a virtual machine.           ║
   ║  RustChain will detect VMs and assign near-zero weight.  ║
   ║  Your miner will attest but earn effectively nothing.    ║
   ║  To earn RTC, run on bare-metal hardware.               ║
   ╚══════════════════════════════════════════════════════════╝${NC}`);
-        for (const h of vmHints.slice(0, 4)) console.log(`  ${R}  •  ${h}${NC}`);
+        for (const h of vmHints.slice(0, 4)) console.log(`  ${R}  *  ${h}${NC}`);
         console.log();
     }
 
@@ -242,28 +218,21 @@ ${R}${B}  ╔══════════════════════
     execSync(`"${pip}" install requests -q`, { stdio: 'pipe' });
     ok('Dependencies ready');
 
-    // Download miner files
-    log('Downloading miner from RustChain repo...');
-    const downloads = getDownloadUrls();
-
-    for (const [url, filename] of downloads) {
-        log(`  Fetching: ${url}`);
-        const dest = path.join(INSTALL_DIR, filename);
-        const size = await downloadFile(url, dest);
-        const hash = sha256File(dest);
-        log(`  ${filename} (${(size / 1024).toFixed(1)} KB) SHA256: ${hash.slice(0, 16)}...`);
-    }
-    ok('Miner files downloaded and verified');
-
-    // --verify: show full hashes and exit
-    if (flags.verify) {
-        log('File hashes (SHA256):');
-        for (const [url, filename] of downloads) {
-            const dest = path.join(INSTALL_DIR, filename);
-            console.log(`  ${filename}: ${sha256File(dest)}`);
+    // Extract bundled miner files (no download!)
+    log('Extracting bundled miner scripts...');
+    for (const [srcName, destName] of BUNDLED_FILES) {
+        const src = path.join(DATA_DIR, srcName);
+        const dest = path.join(INSTALL_DIR, destName);
+        if (!fs.existsSync(src)) {
+            console.error(`${R}[ERROR]${NC} Bundled file missing: ${srcName}. Package may be corrupted.`);
+            process.exit(1);
         }
-        return;
+        fs.copyFileSync(src, dest);
+        const hash = sha256File(dest);
+        const size = fs.statSync(dest).size;
+        log(`  ${destName} (${(size / 1024).toFixed(1)} KB) SHA256: ${hash.slice(0, 16)}...`);
     }
+    ok('Miner files extracted from package (no external downloads)');
 
     // Setup service ONLY if --service flag is passed
     if (flags.service) {
@@ -278,11 +247,11 @@ ${R}${B}  ╔══════════════════════
         log('Or start manually: clawrtc start');
     }
 
-    // Network check
+    // Network check (CA-signed, no rejectUnauthorized needed)
     log('Checking RustChain network...');
     try {
         const data = await new Promise((resolve, reject) => {
-            https.get(`${NODE_URL}/api/miners`, { rejectUnauthorized: false }, (res) => {
+            https.get(`${NODE_URL}/api/miners`, (res) => {
                 let d = '';
                 res.on('data', c => d += c);
                 res.on('end', () => resolve(d));
@@ -301,6 +270,7 @@ ${G}${B}════════════════════════
   Wallet:    ${wallet}
   Location:  ${INSTALL_DIR}
   Reward:    1x multiplier (modern hardware)
+  Node:      ${NODE_URL} (CA-signed TLS)
 
   Next steps:
     clawrtc start              Start mining (foreground)
@@ -317,7 +287,7 @@ ${G}${B}════════════════════════
 
   Verify & audit:
     * Source: https://github.com/Scottcjn/Rustchain
-    * Explorer: https://50.28.86.131/explorer
+    * Explorer: ${NODE_URL}/explorer
     * clawrtc uninstall   Remove everything cleanly
 ═══════════════════════════════════════════════════════════${NC}
 `);
@@ -404,7 +374,6 @@ function setupLaunchd(wallet) {
 function cmdStart(flags) {
     const plat = os.platform();
 
-    // If --service flag, set up persistence
     if (flags.service) {
         const wf = path.join(INSTALL_DIR, '.wallet');
         const wallet = fs.existsSync(wf) ? fs.readFileSync(wf, 'utf8').trim() : 'agent';
@@ -413,36 +382,23 @@ function cmdStart(flags) {
         return;
     }
 
-    // Try existing service first
     if (plat === 'linux') {
         const sf = path.join(os.homedir(), '.config', 'systemd', 'user', 'clawrtc-miner.service');
         if (fs.existsSync(sf)) {
-            try {
-                execSync('systemctl --user start clawrtc-miner', { stdio: 'inherit' });
-                ok('Miner started (systemd)');
-                return;
-            } catch (e) {}
+            try { execSync('systemctl --user start clawrtc-miner', { stdio: 'inherit' }); ok('Miner started (systemd)'); return; } catch (e) {}
         }
     } else if (plat === 'darwin') {
         const pf = path.join(os.homedir(), 'Library', 'LaunchAgents', 'com.clawrtc.miner.plist');
         if (fs.existsSync(pf)) {
-            try {
-                execSync(`launchctl load "${pf}"`, { stdio: 'inherit' });
-                ok('Miner started (launchd)');
-                return;
-            } catch (e) {}
+            try { execSync(`launchctl load "${pf}"`, { stdio: 'inherit' }); ok('Miner started (launchd)'); return; } catch (e) {}
         }
     }
 
-    // Fallback: run in foreground
     const minerPy = path.join(INSTALL_DIR, 'miner.py');
     const pythonBin = path.join(VENV_DIR, 'bin', 'python');
     const wf = path.join(INSTALL_DIR, '.wallet');
 
-    if (!fs.existsSync(minerPy)) {
-        console.error(`${R}[ERROR]${NC} Miner not installed. Run: clawrtc install`);
-        process.exit(1);
-    }
+    if (!fs.existsSync(minerPy)) { console.error(`${R}[ERROR]${NC} Miner not installed. Run: clawrtc install`); process.exit(1); }
 
     const wallet = fs.existsSync(wf) ? fs.readFileSync(wf, 'utf8').trim() : '';
     const walletArgs = wallet ? ['--wallet', wallet] : [];
@@ -466,34 +422,24 @@ function cmdStatus() {
     const plat = os.platform();
     if (plat === 'linux') {
         const sf = path.join(os.homedir(), '.config', 'systemd', 'user', 'clawrtc-miner.service');
-        if (fs.existsSync(sf)) {
-            try { execSync('systemctl --user status clawrtc-miner', { stdio: 'inherit' }); } catch (e) {}
-        } else {
-            log('No background service configured. Use: clawrtc start --service');
-        }
-    } else if (plat === 'darwin') {
-        try { execSync('launchctl list | grep clawrtc', { stdio: 'inherit' }); } catch (e) {}
+        if (fs.existsSync(sf)) { try { execSync('systemctl --user status clawrtc-miner', { stdio: 'inherit' }); } catch (e) {} }
+        else log('No background service configured. Use: clawrtc start --service');
     }
 
     const wf = path.join(INSTALL_DIR, '.wallet');
     if (fs.existsSync(wf)) log(`Wallet: ${fs.readFileSync(wf, 'utf8').trim()}`);
 
-    // File integrity
     for (const filename of ['miner.py', 'fingerprint_checks.py']) {
         const fp = path.join(INSTALL_DIR, filename);
-        if (fs.existsSync(fp)) {
-            log(`${filename} SHA256: ${sha256File(fp).slice(0, 16)}...`);
-        }
+        if (fs.existsSync(fp)) log(`${filename} SHA256: ${sha256File(fp).slice(0, 16)}...`);
     }
 
-    https.get(`${NODE_URL}/health`, { rejectUnauthorized: false }, (res) => {
+    https.get(`${NODE_URL}/health`, (res) => {
         let d = '';
         res.on('data', c => d += c);
         res.on('end', () => {
-            try {
-                const h = JSON.parse(d);
-                log(`Network: ${h.ok ? 'online' : 'offline'} (v${h.version || '?'})`);
-            } catch (e) { warn('Could not parse network status'); }
+            try { const h = JSON.parse(d); log(`Network: ${h.ok ? 'online' : 'offline'} (v${h.version || '?'})`); }
+            catch (e) { warn('Could not parse network status'); }
         });
     }).on('error', () => warn('Could not reach network'));
 }
@@ -501,17 +447,11 @@ function cmdStatus() {
 function cmdLogs() {
     if (os.platform() === 'linux') {
         const sf = path.join(os.homedir(), '.config', 'systemd', 'user', 'clawrtc-miner.service');
-        if (fs.existsSync(sf)) {
-            spawn('journalctl', ['--user', '-u', 'clawrtc-miner', '-f', '--no-pager', '-n', '50'], { stdio: 'inherit' });
-        } else {
-            const lf = path.join(INSTALL_DIR, 'miner.log');
-            if (fs.existsSync(lf)) spawn('tail', ['-f', lf], { stdio: 'inherit' });
-            else warn('No logs found. Start the miner first: clawrtc start');
-        }
+        if (fs.existsSync(sf)) { spawn('journalctl', ['--user', '-u', 'clawrtc-miner', '-f', '--no-pager', '-n', '50'], { stdio: 'inherit' }); }
+        else { const lf = path.join(INSTALL_DIR, 'miner.log'); if (fs.existsSync(lf)) spawn('tail', ['-f', lf], { stdio: 'inherit' }); else warn('No logs found.'); }
     } else {
         const lf = path.join(INSTALL_DIR, 'miner.log');
-        if (fs.existsSync(lf)) spawn('tail', ['-f', lf], { stdio: 'inherit' });
-        else warn('No log file found');
+        if (fs.existsSync(lf)) spawn('tail', ['-f', lf], { stdio: 'inherit' }); else warn('No log file found');
     }
 }
 
@@ -545,13 +485,12 @@ Commands:
   clawrtc uninstall                 Remove everything cleanly
 
 Security & Verification:
-  clawrtc install --dry-run         Preview without downloading or installing
-  clawrtc install --show-urls       Show exact URLs that will be fetched
-  clawrtc install --verify          Show SHA256 hashes of downloaded files
+  clawrtc install --dry-run         Preview without installing
+  clawrtc install --verify          Show SHA256 hashes of bundled files
   clawrtc install -y                Skip consent prompt (for CI/automation)
 
-Modern hardware gets 1x multiplier. VMs are detected and penalized.
-Vintage hardware (PowerPC G4/G5) gets up to 2.5x bonus.
+All miner code is bundled in the package. No external downloads.
+Network endpoint: ${NODE_URL} (CA-signed TLS certificate)
 
 Source: https://github.com/Scottcjn/Rustchain
 `);
@@ -563,7 +502,6 @@ const cmd = args[0];
 const flags = {
     wallet: null,
     dryRun: args.includes('--dry-run'),
-    showUrls: args.includes('--show-urls'),
     verify: args.includes('--verify'),
     service: args.includes('--service'),
     yes: args.includes('-y') || args.includes('--yes'),

package/data/fingerprint_checks.py

@@ -0,0 +1,450 @@
+#!/usr/bin/env python3
+"""
+RIP-PoA Hardware Fingerprint Validation
+========================================
+7 Required Checks for RTC Reward Approval
+ALL MUST PASS for antiquity multiplier rewards
+
+Checks:
+1. Clock-Skew & Oscillator Drift
+2. Cache Timing Fingerprint
+3. SIMD Unit Identity
+4. Thermal Drift Entropy
+5. Instruction Path Jitter
+6. Anti-Emulation Behavioral Checks
+7. ROM Fingerprint (retro platforms only)
+"""
+
+import hashlib
+import os
+import platform
+import statistics
+import subprocess
+import time
+from typing import Dict, List, Optional, Tuple
+
+# Import ROM fingerprint database if available
+try:
+    from rom_fingerprint_db import (
+        identify_rom,
+        is_known_emulator_rom,
+        compute_file_hash,
+        detect_platform_roms,
+        get_real_hardware_rom_signature,
+    )
+    ROM_DB_AVAILABLE = True
+except ImportError:
+    ROM_DB_AVAILABLE = False
+
+def check_clock_drift(samples: int = 200) -> Tuple[bool, Dict]:
+    """Check 1: Clock-Skew & Oscillator Drift"""
+    intervals = []
+    reference_ops = 5000
+
+    for i in range(samples):
+        data = "drift_{}".format(i).encode()
+        start = time.perf_counter_ns()
+        for _ in range(reference_ops):
+            hashlib.sha256(data).digest()
+        elapsed = time.perf_counter_ns() - start
+        intervals.append(elapsed)
+        if i % 50 == 0:
+            time.sleep(0.001)
+
+    mean_ns = statistics.mean(intervals)
+    stdev_ns = statistics.stdev(intervals)
+    cv = stdev_ns / mean_ns if mean_ns > 0 else 0
+
+    drift_pairs = [intervals[i] - intervals[i-1] for i in range(1, len(intervals))]
+    drift_stdev = statistics.stdev(drift_pairs) if len(drift_pairs) > 1 else 0
+
+    data = {
+        "mean_ns": int(mean_ns),
+        "stdev_ns": int(stdev_ns),
+        "cv": round(cv, 6),
+        "drift_stdev": int(drift_stdev),
+    }
+
+    valid = True
+    if cv < 0.0001:
+        valid = False
+        data["fail_reason"] = "synthetic_timing"
+    elif drift_stdev == 0:
+        valid = False
+        data["fail_reason"] = "no_drift"
+
+    return valid, data
+
+
+def check_cache_timing(iterations: int = 100) -> Tuple[bool, Dict]:
+    """Check 2: Cache Timing Fingerprint (L1/L2/L3 Latency)"""
+    l1_size = 8 * 1024
+    l2_size = 128 * 1024
+    l3_size = 4 * 1024 * 1024
+
+    def measure_access_time(buffer_size: int, accesses: int = 1000) -> float:
+        buf = bytearray(buffer_size)
+        for i in range(0, buffer_size, 64):
+            buf[i] = i % 256
+        start = time.perf_counter_ns()
+        for i in range(accesses):
+            _ = buf[(i * 64) % buffer_size]
+        elapsed = time.perf_counter_ns() - start
+        return elapsed / accesses
+
+    l1_times = [measure_access_time(l1_size) for _ in range(iterations)]
+    l2_times = [measure_access_time(l2_size) for _ in range(iterations)]
+    l3_times = [measure_access_time(l3_size) for _ in range(iterations)]
+
+    l1_avg = statistics.mean(l1_times)
+    l2_avg = statistics.mean(l2_times)
+    l3_avg = statistics.mean(l3_times)
+
+    l2_l1_ratio = l2_avg / l1_avg if l1_avg > 0 else 0
+    l3_l2_ratio = l3_avg / l2_avg if l2_avg > 0 else 0
+
+    data = {
+        "l1_ns": round(l1_avg, 2),
+        "l2_ns": round(l2_avg, 2),
+        "l3_ns": round(l3_avg, 2),
+        "l2_l1_ratio": round(l2_l1_ratio, 3),
+        "l3_l2_ratio": round(l3_l2_ratio, 3),
+    }
+
+    valid = True
+    if l2_l1_ratio < 1.01 and l3_l2_ratio < 1.01:
+        valid = False
+        data["fail_reason"] = "no_cache_hierarchy"
+    elif l1_avg == 0 or l2_avg == 0 or l3_avg == 0:
+        valid = False
+        data["fail_reason"] = "zero_latency"
+
+    return valid, data
+
+
+def check_simd_identity() -> Tuple[bool, Dict]:
+    """Check 3: SIMD Unit Identity (SSE/AVX/AltiVec/NEON)"""
+    flags = []
+    arch = platform.machine().lower()
+
+    try:
+        with open("/proc/cpuinfo", "r") as f:
+            for line in f:
+                if "flags" in line.lower() or "features" in line.lower():
+                    parts = line.split(":")
+                    if len(parts) > 1:
+                        flags = parts[1].strip().split()
+                        break
+    except:
+        pass
+
+    if not flags:
+        try:
+            result = subprocess.run(
+                ["sysctl", "-a"],
+                capture_output=True, text=True, timeout=5
+            )
+            for line in result.stdout.split("\n"):
+                if "feature" in line.lower() or "altivec" in line.lower():
+                    flags.append(line.split(":")[-1].strip())
+        except:
+            pass
+
+    has_sse = any("sse" in f.lower() for f in flags)
+    has_avx = any("avx" in f.lower() for f in flags)
+    has_altivec = any("altivec" in f.lower() for f in flags) or "ppc" in arch
+    has_neon = any("neon" in f.lower() for f in flags) or "arm" in arch
+
+    data = {
+        "arch": arch,
+        "simd_flags_count": len(flags),
+        "has_sse": has_sse,
+        "has_avx": has_avx,
+        "has_altivec": has_altivec,
+        "has_neon": has_neon,
+        "sample_flags": flags[:10] if flags else [],
+    }
+
+    valid = has_sse or has_avx or has_altivec or has_neon or len(flags) > 0
+    if not valid:
+        data["fail_reason"] = "no_simd_detected"
+
+    return valid, data
+
+
+def check_thermal_drift(samples: int = 50) -> Tuple[bool, Dict]:
+    """Check 4: Thermal Drift Entropy"""
+    cold_times = []
+    for i in range(samples):
+        start = time.perf_counter_ns()
+        for _ in range(10000):
+            hashlib.sha256("cold_{}".format(i).encode()).digest()
+        cold_times.append(time.perf_counter_ns() - start)
+
+    for _ in range(100):
+        for __ in range(50000):
+            hashlib.sha256(b"warmup").digest()
+
+    hot_times = []
+    for i in range(samples):
+        start = time.perf_counter_ns()
+        for _ in range(10000):
+            hashlib.sha256("hot_{}".format(i).encode()).digest()
+        hot_times.append(time.perf_counter_ns() - start)
+
+    cold_avg = statistics.mean(cold_times)
+    hot_avg = statistics.mean(hot_times)
+    cold_stdev = statistics.stdev(cold_times)
+    hot_stdev = statistics.stdev(hot_times)
+    drift_ratio = hot_avg / cold_avg if cold_avg > 0 else 0
+
+    data = {
+        "cold_avg_ns": int(cold_avg),
+        "hot_avg_ns": int(hot_avg),
+        "cold_stdev": int(cold_stdev),
+        "hot_stdev": int(hot_stdev),
+        "drift_ratio": round(drift_ratio, 4),
+    }
+
+    valid = True
+    if cold_stdev == 0 and hot_stdev == 0:
+        valid = False
+        data["fail_reason"] = "no_thermal_variance"
+
+    return valid, data
+
+
+def check_instruction_jitter(samples: int = 100) -> Tuple[bool, Dict]:
+    """Check 5: Instruction Path Jitter"""
+    def measure_int_ops(count: int = 10000) -> float:
+        start = time.perf_counter_ns()
+        x = 1
+        for i in range(count):
+            x = (x * 7 + 13) % 65537
+        return time.perf_counter_ns() - start
+
+    def measure_fp_ops(count: int = 10000) -> float:
+        start = time.perf_counter_ns()
+        x = 1.5
+        for i in range(count):
+            x = (x * 1.414 + 0.5) % 1000.0
+        return time.perf_counter_ns() - start
+
+    def measure_branch_ops(count: int = 10000) -> float:
+        start = time.perf_counter_ns()
+        x = 0
+        for i in range(count):
+            if i % 2 == 0:
+                x += 1
+            else:
+                x -= 1
+        return time.perf_counter_ns() - start
+
+    int_times = [measure_int_ops() for _ in range(samples)]
+    fp_times = [measure_fp_ops() for _ in range(samples)]
+    branch_times = [measure_branch_ops() for _ in range(samples)]
+
+    int_avg = statistics.mean(int_times)
+    fp_avg = statistics.mean(fp_times)
+    branch_avg = statistics.mean(branch_times)
+
+    int_stdev = statistics.stdev(int_times)
+    fp_stdev = statistics.stdev(fp_times)
+    branch_stdev = statistics.stdev(branch_times)
+
+    data = {
+        "int_avg_ns": int(int_avg),
+        "fp_avg_ns": int(fp_avg),
+        "branch_avg_ns": int(branch_avg),
+        "int_stdev": int(int_stdev),
+        "fp_stdev": int(fp_stdev),
+        "branch_stdev": int(branch_stdev),
+    }
+
+    valid = True
+    if int_stdev == 0 and fp_stdev == 0 and branch_stdev == 0:
+        valid = False
+        data["fail_reason"] = "no_jitter"
+
+    return valid, data
+
+
+def check_anti_emulation() -> Tuple[bool, Dict]:
+    """Check 6: Anti-Emulation Behavioral Checks"""
+    vm_indicators = []
+
+    vm_paths = [
+        "/sys/class/dmi/id/product_name",
+        "/sys/class/dmi/id/sys_vendor",
+        "/proc/scsi/scsi",
+    ]
+
+    vm_strings = ["vmware", "virtualbox", "kvm", "qemu", "xen", "hyperv", "parallels"]
+
+    for path in vm_paths:
+        try:
+            with open(path, "r") as f:
+                content = f.read().lower()
+                for vm in vm_strings:
+                    if vm in content:
+                        vm_indicators.append("{}:{}".format(path, vm))
+        except:
+            pass
+
+    for key in ["KUBERNETES", "DOCKER", "VIRTUAL", "container"]:
+        if key in os.environ:
+            vm_indicators.append("ENV:{}".format(key))
+
+    try:
+        with open("/proc/cpuinfo", "r") as f:
+            if "hypervisor" in f.read().lower():
+                vm_indicators.append("cpuinfo:hypervisor")
+    except:
+        pass
+
+    data = {
+        "vm_indicators": vm_indicators,
+        "indicator_count": len(vm_indicators),
+        "is_likely_vm": len(vm_indicators) > 0,
+    }
+
+    valid = len(vm_indicators) == 0
+    if not valid:
+        data["fail_reason"] = "vm_detected"
+
+    return valid, data
+
+
+def check_rom_fingerprint() -> Tuple[bool, Dict]:
+    """
+    Check 7: ROM Fingerprint (for retro platforms)
+
+    Detects if running with a known emulator ROM dump.
+    Real vintage hardware should have unique/variant ROMs.
+    Emulators all use the same pirated ROM packs.
+    """
+    if not ROM_DB_AVAILABLE:
+        # Skip for modern hardware or if DB not available
+        return True, {"skipped": True, "reason": "rom_db_not_available_or_modern_hw"}
+
+    arch = platform.machine().lower()
+    rom_hashes = {}
+    emulator_detected = False
+    detection_details = []
+
+    # Check for PowerPC (Mac emulation target)
+    if "ppc" in arch or "powerpc" in arch:
+        # Try to get real hardware ROM signature
+        real_rom = get_real_hardware_rom_signature()
+        if real_rom:
+            rom_hashes["real_hardware"] = real_rom
+        else:
+            # Check if running under emulator with known ROM
+            platform_roms = detect_platform_roms()
+            if platform_roms:
+                for platform_name, rom_hash in platform_roms.items():
+                    if is_known_emulator_rom(rom_hash, "md5"):
+                        emulator_detected = True
+                        rom_info = identify_rom(rom_hash, "md5")
+                        detection_details.append({
+                            "platform": platform_name,
+                            "hash": rom_hash,
+                            "known_as": rom_info,
+                        })
+
+    # Check for 68K (Amiga, Atari ST, old Mac)
+    elif "m68k" in arch or "68000" in arch:
+        platform_roms = detect_platform_roms()
+        for platform_name, rom_hash in platform_roms.items():
+            if "amiga" in platform_name.lower():
+                if is_known_emulator_rom(rom_hash, "sha1"):
+                    emulator_detected = True
+                    rom_info = identify_rom(rom_hash, "sha1")
+                    detection_details.append({
+                        "platform": platform_name,
+                        "hash": rom_hash,
+                        "known_as": rom_info,
+                    })
+            elif "mac" in platform_name.lower():
+                if is_known_emulator_rom(rom_hash, "apple"):
+                    emulator_detected = True
+                    rom_info = identify_rom(rom_hash, "apple")
+                    detection_details.append({
+                        "platform": platform_name,
+                        "hash": rom_hash,
+                        "known_as": rom_info,
+                    })
+
+    # For modern hardware, report "N/A" but pass
+    else:
+        return True, {
+            "skipped": False,
+            "arch": arch,
+            "is_retro_platform": False,
+            "rom_check": "not_applicable_modern_hw",
+        }
+
+    data = {
+        "arch": arch,
+        "is_retro_platform": True,
+        "rom_hashes": rom_hashes,
+        "emulator_detected": emulator_detected,
+        "detection_details": detection_details,
+    }
+
+    if emulator_detected:
+        data["fail_reason"] = "known_emulator_rom"
+        return False, data
+
+    return True, data
+
+
+def validate_all_checks(include_rom_check: bool = True) -> Tuple[bool, Dict]:
+    """Run all 7 fingerprint checks. ALL MUST PASS for RTC approval."""
+    results = {}
+    all_passed = True
+
+    checks = [
+        ("clock_drift", "Clock-Skew & Oscillator Drift", check_clock_drift),
+        ("cache_timing", "Cache Timing Fingerprint", check_cache_timing),
+        ("simd_identity", "SIMD Unit Identity", check_simd_identity),
+        ("thermal_drift", "Thermal Drift Entropy", check_thermal_drift),
+        ("instruction_jitter", "Instruction Path Jitter", check_instruction_jitter),
+        ("anti_emulation", "Anti-Emulation Checks", check_anti_emulation),
+    ]
+
+    # Add ROM check for retro platforms
+    if include_rom_check and ROM_DB_AVAILABLE:
+        checks.append(("rom_fingerprint", "ROM Fingerprint (Retro)", check_rom_fingerprint))
+
+    print(f"Running {len(checks)} Hardware Fingerprint Checks...")
+    print("=" * 50)
+
+    total_checks = len(checks)
+    for i, (key, name, func) in enumerate(checks, 1):
+        print(f"\n[{i}/{total_checks}] {name}...")
+        try:
+            passed, data = func()
+        except Exception as e:
+            passed = False
+            data = {"error": str(e)}
+        results[key] = {"passed": passed, "data": data}
+        if not passed:
+            all_passed = False
+        print("  Result: {}".format("PASS" if passed else "FAIL"))
+
+    print("\n" + "=" * 50)
+    print("OVERALL RESULT: {}".format("ALL CHECKS PASSED" if all_passed else "FAILED"))
+
+    if not all_passed:
+        failed = [k for k, v in results.items() if not v["passed"]]
+        print("Failed checks: {}".format(failed))
+
+    return all_passed, results
+
+
+if __name__ == "__main__":
+    import json
+    passed, results = validate_all_checks()
+    print("\n\nDetailed Results:")
+    print(json.dumps(results, indent=2, default=str))

package/data/miner.py

@@ -0,0 +1,313 @@
+#!/usr/bin/env python3
+"""
+RustChain Local x86 Miner - Modern Ryzen
+"""
+import os, sys, json, time, hashlib, uuid, requests, socket, subprocess, platform, statistics, re
+from datetime import datetime
+
+NODE_URL = "https://bulbous-bouffant.metalseed.net"
+BLOCK_TIME = 600  # 10 minutes
+
+class LocalMiner:
+    def __init__(self, wallet=None):
+        self.node_url = NODE_URL
+        self.wallet = wallet or self._gen_wallet()
+        self.hw_info = {}
+        self.enrolled = False
+        self.attestation_valid_until = 0
+        self.last_entropy = {}
+
+        print("="*70)
+        print("RustChain Local Miner - Ryzen 5 5500")
+        print("="*70)
+        print(f"Node: {self.node_url}")
+        print(f"Wallet: {self.wallet}")
+        print("="*70)
+
+    def _gen_wallet(self):
+        data = f"ryzen5-{uuid.uuid4().hex}-{time.time()}"
+        return hashlib.sha256(data.encode()).hexdigest()[:38] + "RTC"
+
+    def _run_cmd(self, cmd):
+        try:
+            return subprocess.run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE,
+                                text=True, timeout=10, shell=True).stdout.strip()
+        except:
+            return ""
+
+    def _get_mac_addresses(self):
+        """Return list of real MAC addresses present on the system."""
+        macs = []
+        # Try `ip -o link`
+        try:
+            output = subprocess.run(
+                ["ip", "-o", "link"],
+                stdout=subprocess.PIPE,
+                stderr=subprocess.DEVNULL,
+                text=True,
+                timeout=5,
+            ).stdout.splitlines()
+            for line in output:
+                m = re.search(r"link/(?:ether|loopback)\s+([0-9a-f:]{17})", line, re.IGNORECASE)
+                if m:
+                    mac = m.group(1).lower()
+                    if mac != "00:00:00:00:00:00":
+                        macs.append(mac)
+        except Exception:
+            pass
+
+        # Fallback to ifconfig
+        if not macs:
+            try:
+                output = subprocess.run(
+                    ["ifconfig", "-a"],
+                    stdout=subprocess.PIPE,
+                    stderr=subprocess.DEVNULL,
+                    text=True,
+                    timeout=5,
+                ).stdout.splitlines()
+                for line in output:
+                    m = re.search(r"(?:ether|HWaddr)\s+([0-9a-f:]{17})", line, re.IGNORECASE)
+                    if m:
+                        mac = m.group(1).lower()
+                        if mac != "00:00:00:00:00:00":
+                            macs.append(mac)
+            except Exception:
+                pass
+
+        return macs or ["00:00:00:00:00:01"]
+
+    def _collect_entropy(self, cycles: int = 48, inner_loop: int = 25000):
+        """
+        Collect simple timing entropy by measuring tight CPU loops.
+        Returns summary statistics the node can score.
+        """
+        samples = []
+        for _ in range(cycles):
+            start = time.perf_counter_ns()
+            acc = 0
+            for j in range(inner_loop):
+                acc ^= (j * 31) & 0xFFFFFFFF
+            duration = time.perf_counter_ns() - start
+            samples.append(duration)
+
+        mean_ns = sum(samples) / len(samples)
+        variance_ns = statistics.pvariance(samples) if len(samples) > 1 else 0.0
+
+        return {
+            "mean_ns": mean_ns,
+            "variance_ns": variance_ns,
+            "min_ns": min(samples),
+            "max_ns": max(samples),
+            "sample_count": len(samples),
+            "samples_preview": samples[:12],
+        }
+
+    def _get_hw_info(self):
+        """Collect hardware info"""
+        hw = {
+            "platform": platform.system(),
+            "machine": platform.machine(),
+            "hostname": socket.gethostname(),
+            "family": "x86",
+            "arch": "modern"  # Less than 10 years old
+        }
+
+        # Get CPU
+        cpu = self._run_cmd("lscpu | grep 'Model name' | cut -d: -f2 | xargs")
+        hw["cpu"] = cpu or "Unknown"
+
+        # Get cores
+        cores = self._run_cmd("nproc")
+        hw["cores"] = int(cores) if cores else 6
+
+        # Get memory
+        mem = self._run_cmd("free -g | grep Mem | awk '{print $2}'")
+        hw["memory_gb"] = int(mem) if mem else 32
+
+        # Get MACs (ensures PoA signal uses real hardware data)
+        macs = self._get_mac_addresses()
+        hw["macs"] = macs
+        hw["mac"] = macs[0]
+
+        self.hw_info = hw
+        return hw
+
+    def attest(self):
+        """Hardware attestation"""
+        print(f"\n🔐 [{datetime.now().strftime('%H:%M:%S')}] Attesting...")
+
+        self._get_hw_info()
+
+        try:
+            # Get challenge
+            resp = requests.post(f"{self.node_url}/attest/challenge", json={}, timeout=10)
+            if resp.status_code != 200:
+                print(f"❌ Challenge failed: {resp.status_code}")
+                return False
+
+            challenge = resp.json()
+            nonce = challenge.get("nonce")
+            print(f"✅ Got challenge nonce")
+
+        except Exception as e:
+            print(f"❌ Challenge error: {e}")
+            return False
+
+        # Collect entropy just before signing the report
+        entropy = self._collect_entropy()
+        self.last_entropy = entropy
+
+        # Submit attestation
+        attestation = {
+            "miner": self.wallet,
+            "miner_id": f"ryzen5-{self.hw_info['hostname']}",
+            "nonce": nonce,
+            "report": {
+                "nonce": nonce,
+                "commitment": hashlib.sha256(
+                    (nonce + self.wallet + json.dumps(entropy, sort_keys=True)).encode()
+                ).hexdigest(),
+                "derived": entropy,
+                "entropy_score": entropy.get("variance_ns", 0.0)
+            },
+            "device": {
+                "family": self.hw_info["family"],
+                "arch": self.hw_info["arch"],
+                "model": "AMD Ryzen 5 5500",
+                "cpu": self.hw_info["cpu"],
+                "cores": self.hw_info["cores"],
+                "memory_gb": self.hw_info["memory_gb"]
+            },
+            "signals": {
+                "macs": self.hw_info.get("macs", [self.hw_info["mac"]]),
+                "hostname": self.hw_info["hostname"]
+            }
+        }
+
+        try:
+            resp = requests.post(f"{self.node_url}/attest/submit",
+                               json=attestation, timeout=30)
+
+            if resp.status_code == 200:
+                result = resp.json()
+                if result.get("ok"):
+                    self.attestation_valid_until = time.time() + 580
+                    print(f"✅ Attestation accepted!")
+                    print(f"   CPU: {self.hw_info['cpu']}")
+                    print(f"   Family: x86/modern")
+                    print(f"   Expected Weight: 1.0x")
+                    return True
+                else:
+                    print(f"❌ Rejected: {result}")
+            else:
+                print(f"❌ HTTP {resp.status_code}: {resp.text[:200]}")
+
+        except Exception as e:
+            print(f"❌ Error: {e}")
+
+        return False
+
+    def enroll(self):
+        """Enroll in epoch"""
+        if time.time() >= self.attestation_valid_until:
+            print(f"📝 Attestation expired, re-attesting...")
+            if not self.attest():
+                return False
+
+        print(f"\n📝 [{datetime.now().strftime('%H:%M:%S')}] Enrolling...")
+
+        payload = {
+            "miner_pubkey": self.wallet,
+            "miner_id": f"ryzen5-{self.hw_info['hostname']}",
+            "device": {
+                "family": self.hw_info["family"],
+                "arch": self.hw_info["arch"]
+            }
+        }
+
+        try:
+            resp = requests.post(f"{self.node_url}/epoch/enroll",
+                                json=payload, timeout=30)
+
+            if resp.status_code == 200:
+                result = resp.json()
+                if result.get("ok"):
+                    self.enrolled = True
+                    weight = result.get('weight', 1.0)
+                    print(f"✅ Enrolled!")
+                    print(f"   Epoch: {result.get('epoch')}")
+                    print(f"   Weight: {weight}x")
+                    return True
+                else:
+                    print(f"❌ Failed: {result}")
+            else:
+                error_data = resp.json() if resp.headers.get('content-type') == 'application/json' else {}
+                print(f"❌ HTTP {resp.status_code}: {error_data.get('error', resp.text[:200])}")
+
+        except Exception as e:
+            print(f"❌ Error: {e}")
+
+        return False
+
+    def check_balance(self):
+        """Check balance"""
+        try:
+            resp = requests.get(f"{self.node_url}/balance/{self.wallet}", timeout=10)
+            if resp.status_code == 200:
+                result = resp.json()
+                balance = result.get('balance_rtc', 0)
+                print(f"\n💰 Balance: {balance} RTC")
+                return balance
+        except:
+            pass
+        return 0
+
+    def mine(self):
+        """Start mining"""
+        print(f"\n⛏️  Starting mining...")
+        print(f"Block time: {BLOCK_TIME//60} minutes")
+        print(f"Press Ctrl+C to stop\n")
+
+        # Save wallet
+        with open("/tmp/local_miner_wallet.txt", "w") as f:
+            f.write(self.wallet)
+        print(f"💾 Wallet saved to: /tmp/local_miner_wallet.txt\n")
+
+        cycle = 0
+
+        try:
+            while True:
+                cycle += 1
+                print(f"\n{'='*70}")
+                print(f"Cycle #{cycle} - {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}")
+                print(f"{'='*70}")
+
+                if self.enroll():
+                    print(f"⏳ Mining for {BLOCK_TIME//60} minutes...")
+
+                    for i in range(BLOCK_TIME // 30):
+                        time.sleep(30)
+                        elapsed = (i + 1) * 30
+                        remaining = BLOCK_TIME - elapsed
+                        print(f"   ⏱️  {elapsed}s elapsed, {remaining}s remaining...")
+
+                    self.check_balance()
+
+                else:
+                    print("❌ Enrollment failed. Retrying in 60s...")
+                    time.sleep(60)
+
+        except KeyboardInterrupt:
+            print(f"\n\n⛔ Mining stopped")
+            print(f"   Wallet: {self.wallet}")
+            self.check_balance()
+
+if __name__ == "__main__":
+    import argparse
+    parser = argparse.ArgumentParser()
+    parser.add_argument("--wallet", help="Wallet address")
+    args = parser.parse_args()
+
+    miner = LocalMiner(wallet=args.wallet)
+    miner.mine()

package/package.json

@@ -1,10 +1,14 @@
 {
   "name": "clawrtc",
-  "version": "1.1.0",
+  "version": "1.2.0",
   "description": "ClawRTC — Let your AI agent mine RTC tokens on any modern hardware. 1x multiplier, built-in wallet, VM-penalized.",
   "bin": {
     "clawrtc": "./bin/clawrtc.js"
   },
+  "files": [
+    "bin/",
+    "data/"
+  ],
   "keywords": ["clawrtc", "ai-agent", "miner", "rustchain", "rtc", "openclaw", "proof-of-antiquity", "blockchain"],
   "author": "Elyan Labs <scott@elyanlabs.ai>",
   "license": "MIT",