gitmark 0.0.69 → 0.0.71

package/README.md

@@ -1,159 +1,99 @@
-<div align="center">
-  <h1>gitmark</h1>
-</div>
+# git mark
 
-<div align="center">  
-Mark your git commits, to create global consensus, and a definitive project history
-</div>
+Anchor git commits to Bitcoin via [blocktrails](https://blocktrails.org) key chaining.
 
----
+[![npm](https://img.shields.io/npm/v/gitmark)](https://npmjs.com/package/gitmark)
+[![license](https://img.shields.io/badge/license-AGPL--3.0-blue.svg)](./LICENSE)
 
-<div align="center">
-<h4>Getting Started</h4>
-</div>
-  
----
-
-[![GitHub license](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/solidpayorg/git-mark/blob/gh-pages/LICENSE)
-![npm](https://img.shields.io/npm/v/gitmark)
-[![npm](https://img.shields.io/npm/dw/gitmark.svg)](https://npmjs.com/package/gitmark)
-[![Github Stars](https://img.shields.io/github/stars/solidpayorg/gitmark.svg)](https://github.com/solidpayorg/gitmark/)
-
-## Introduction
-
-Gitmark enhances git functionality by introducing the ability to 'mark' commits using the `git mark` command, integrating supported time chains (aka block chains). This process 'reinforces' or 'finalizes' specific commits, facilitating the establishment of a global consensus and creating a definitive, auditable, and tamper-proof history for a project. Git mark additionally solves the double spend problem for git repositories. Technical details are presented in the git mark [SCHEMA](./SCHEMA.md).
-
-## Installation
+## Install
 
 ```sh
-sudo npm install -g gitmark
+npm install -g gitmark
 ```
 
-## Usage
-
-```bash
-git mark # marks the current commit
-
-git mark [--genesis txoutput] # used for the genesis commit
-```
-
-## Motivation
-
-Gitmark was originally created to facilitate the [marking](https://github.com/project-bitmark/marking/wiki) use case, which aims to allow global, distributed reputation trees to be grounded in a blockchain.
-
-What is made possible, is a way to provide consensus on a definitive git branch/chain, in order to ensure that the history has not been tampered with
-
-One can reconstruct the current state from the history, and this can also be used to preserve your reputation at any given time, say, if any provider ceases to operate
-
-It's also possible to audit and verify the integrity of the git chain, to create a secure, finalized, state machine, with a definitive head, that is globally synced
-
-The system can be extended beyond reputation trees, to use any git based store, and anchor it to a secure, verifiable chain of blocks, to determine the definitive history
-
-Many thanks go to Peter Todd for his work on [single use seals](https://petertodd.org/2017/scalable-single-use-seal-asset-transfer) and Dr Maxim Orlovsky for his work on [RGB](https://rgb-org.github.io/)
-
-_Gitmark is pre-alpha software, it should be considered experimental, and used at your own risk_
-
-## Prerequisites
-
-Because Gitmark was designed to anchor reputation trees, the reputation of the underlying blockchain must be unimpaired. Gitmark only supports blockchains that are provably fair. Bitcoin is regarded as the most secure and fairest of all blockchains, and should be used for high value projects where cost is not an issue.
-
-Gitmark does not support projects that are premines, instamines, ICOs, have developer taxes or provably unfair consensus, such as proof of stake.
-
-In solving the reputation use case, we aim to innovate in the space, contribute back code, and operate as a testing ground.
-
-The first prerequisite is to obtain an unspent transaction on a supporting blockchain.
-
-## Getting started
+This gives you `git mark` as a native git subcommand.
 
-After you have obtained some blockchain currency, send those coins to an address for which you have the key pair. That becomes the genesis unspent transaction
+## Quick Start
 
-Having created a genesis transaction, and recording the key pair safely, you are ready to start marking!
-
-Install gitmark globally via npm, the executables will be in the bin directory which can be located with `which git-mark`
-
-The genesis transaction provides the first input to the `git mark` command, and the private key (secret exponent in hex) is needed to advance the genesis transaction in line with the current git HEAD
-
-## Git mark
-
-Simply running `git mark` on a repo will create your first marking
-
-You will need a genesis address for the first run of the form `tx:output` and supply that with the argument --genesis [tx]
-
-You will also need the private key from that tx, which is an argument to the gitmark script, but can be also saved in a location as directed by the output from the git mark command. The key (ie 64 char hex secret exponent) should be stored in the indicated file with the json key "privkey"
-
-_Warning: do not use the default private key, that is set, in the script!_
-
-Git mark will generate a new address to send to, a fee, an amount, a spending private key and unspent tx data as inputs to an rpc or a simple script `tx.sh` that lives in the bin directory. Future versions will use a transaction builder to send to a network directly
-
-After running this script, an empty commit message is generated which you can check in, and points to the latest new unspent transaction, creating a two way link. The commit message is a gitmark [URI](./URI.md)
-
-Congratulations! You have now marked your first git repo!
-
-See also: [Example Workflow](./WORKFLOW.md)
-
-## How it works
-
-Gitmark simply uses [single-use seals](https://petertodd.org/2017/scalable-single-use-seal-asset-transfer) to tweak the initial public key address of the genesis transaction by the commit hash of the git tree. The current git hash is added to the original, genesis public key in the output transaction, creating a chain of commits in the blockchain.
-
-In this way, the blockchain points to git. It then points the next commit back to the blockchain tx, creating a two-way link, and therefore, a strong binding at one particular point in time.
-
-Similarly, the definitive git tree forms a chain of commits that go forward in time, and so do the new transactions on the blockchain. Further commits are periodically marked in time, proving an auditable trail on-chain of the evolution of the git tree. It also shows the latest confirmed state of a git tree that can be used for trading or in safe or smart contracts.
+```bash
+# Initialize in a git repo (tbtc4 = Bitcoin testnet4)
+git mark init --chain tbtc4 --voucher txo:tbtc4:txid:vout?amount=X&key=Y
 
-The first use case for gitmark is marking reputation trees, but it can be applied to any git system where the history is important.
+# Make commits, then mark them
+git commit -m "my change"
+git mark
 
-For more technical information take a look at [SCHEMA.md](./SCHEMA.md).
+# Verify the trail against Bitcoin
+git mark verify
 
-## Recent git marks
+# Show trail state
+git mark info
+```
 
-- [Github](https://github.com/search?o=desc&q=%22gitmark+%22&s=committer-date&type=Commits)
+## How It Works
 
-## Use Cases
+Each `git mark` creates a real Bitcoin transaction. The address is derived from your key + the commit hash using BIP-341 taproot key chaining:
 
-- Distributed Reputation Trees
-- Distributed Ledgers
-- Registries
-- Safe or Smart Contracts
-- Asset Issuance
-- Distributed Exchanges
-- Reconstruct histories from Genesis
-- Distributed Global Consensus
-- Domain independent web sites
-- Archiving and Time Travel through History
-- Distributed Identity and PKI
-- Federated Side Chains
-- Auditing Histories
-- Fraud Detection
-- Supply Chains
+```
+baseKey + tweak(commit₁) → Address₁ → TXO₁
+baseKey + tweak(commit₁, commit₂) → Address₂ → TXO₂
+```
 
-## Related work
+The chain of addresses on Bitcoin mirrors the chain of commits in git. Anyone can verify by re-deriving the addresses from the public key + commit hashes.
+
+## Commands
+
+| Command | Description |
+|---------|-------------|
+| `git mark init` | Initialize trail. Options: `--chain`, `--voucher`, `--force` |
+| `git mark` | Anchor HEAD commit to Bitcoin |
+| `git mark info` | Show trail state, balance, addresses |
+| `git mark verify` | Verify all marks against Bitcoin |
+
+## Trail File
+
+`blocktrails.json` in your repo root — committed, visible, verifiable:
+
+```json
+{
+  "version": "0.0.3",
+  "profile": "gitmark",
+  "publicKeyBase": "02abc...",
+  "chain": "tbtc4",
+  "states": ["a1b2c3", "e5f6a7"],
+  "txo": [
+    "txo:tbtc4:abc:0?commit=a1b2c3",
+    "txo:tbtc4:def:0?commit=e5f6a7"
+  ]
+}
+```
 
-- [Single Use Seals](https://petertodd.org/2017/scalable-single-use-seal-asset-transfer)
-- [RGB](https://rgb-org.github.io/)
-- [Commerce Block Mainstay](https://www.commerceblock.com/mainstay/) [[White Paper](https://cloudflare-ipfs.com/ipns/ipfs.commerceblock.com/commerceblock-whitepaper-mainstay.pdf)]
-- [BIP 175 - Pay to Contract Protocol](https://github.com/bitcoin/bips/blob/master/bip-0175.mediawiki)
-- [LRC-20](https://github.com/akitamiabtc/LRC-20/blob/main/LRC_20_V0.1.pdf)
-- [DID-BTC](https://microstrategy.github.io/did-btc-spec/)
+- **publicKeyBase** — compressed pubkey (02/03 prefix), base for BIP-341 key chaining
+- **states** — commit hashes (input to key derivation)
+- **txo** — Bitcoin anchors (TXO URIs, self-contained and verifiable)
 
-## Source code
+Private spending state stored in `.git/blocktrails.json` (never committed).
 
-- [Source](https://github.com/solidpayorg/gitmark)
-- [Issue Tracker](https://github.com/solidpayorg/gitmark/issues)
-- [NPM](https://www.npmjs.com/package/gitmark)
+## Key Storage
 
-## Future work
+Your private key is stored in git config:
 
-- Git marks can be extended to further layers by using git submodules hence creating almost unlimited space
+```bash
+git config nostr.privkey <64-char-hex>
+```
 
-- Private git repositories can be supported out of the box, and given that private keys are used in each seal, encrypted backups can be made
+Same secp256k1 key used for Nostr, Bitcoin, and Solid pod authentication.
 
-- The project git tree can be backed up or archived using git clone in multiple locations. It is natural that popular projects are cloned often in any case
+## Dependencies
 
-- Seals can be opened and closed using a federation, in order to try out multiple consensus and verification methods
+Two: `@noble/curves` and `@noble/hashes`. No bitcoinjs-lib, no external transaction builders.
 
-- More robust verification frameworks can be built using node testing frameworks, and continuous integration, tho currently the distribution contains a git-mark-verify script
+## Related
 
-- Lightweight Autonomous Marking Agents (LAMAs) can be created that listen to communities for marks and just work, without needing a human operator. The service can be deployed on a server or container, and be designed to bring itself up if it goes down in any one location
+- [blocktrails.org](https://blocktrails.org) — state anchoring on Bitcoin
+- [git-mark.com](https://git-mark.com) — project homepage
+- [BIP-341](https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki) — Taproot key tweaking
 
 ## License
 
-- MIT
+AGPL-3.0 &copy; Melvin Carvalho

package/bin/git-mark.js

@@ -425,32 +425,40 @@ async function cmdVerify() {
   process.exit(ok ? 0 : 1);
 }
 
+// --- Exports for testing ---
+export {
+  taggedHash, btScalar, deriveChainedPrivkey, deriveChainedPubkey,
+  pubkeyToAddress, parseTxoUri, p2trScript, buildTransaction,
+  TRAIL_FILE, PRIVATE_FILE, CHAINS
+};
+
 // --- CLI ---
-const args = process.argv.slice(2);
-const cmd = args[0];
-
-if (cmd === 'init') {
-  cmdInit(args.slice(1));
-} else if (cmd === 'info') {
-  cmdInfo();
-} else if (cmd === 'verify') {
-  cmdVerify();
-} else if (cmd === 'mark' || !cmd || (cmd && !cmd.startsWith('-'))) {
-  // Default action is mark (git mark = git mark mark)
-  // But if no trail exists, suggest init
-  if (!existsSync(TRAIL_FILE) && cmd !== 'mark') {
+const isMain = process.argv[1]?.endsWith('git-mark.js') || process.argv[1]?.endsWith('git-mark');
+if (isMain) {
+  const args = process.argv.slice(2);
+  const cmd = args[0];
+
+  if (cmd === 'init') {
+    cmdInit(args.slice(1));
+  } else if (cmd === 'info') {
+    cmdInfo();
+  } else if (cmd === 'verify') {
+    cmdVerify();
+  } else if (cmd === 'mark' || !cmd || (cmd && !cmd.startsWith('-'))) {
+    if (!existsSync(TRAIL_FILE) && cmd !== 'mark') {
+      console.log('Usage:');
+      console.log('  git mark init [--chain tbtc4] [--voucher txo:...]');
+      console.log('  git mark                  # anchor HEAD to Bitcoin');
+      console.log('  git mark info             # show trail state');
+      console.log('  git mark verify           # verify trail against Bitcoin');
+    } else {
+      cmdMark(args.slice(cmd === 'mark' ? 1 : 0));
+    }
+  } else {
     console.log('Usage:');
     console.log('  git mark init [--chain tbtc4] [--voucher txo:...]');
     console.log('  git mark                  # anchor HEAD to Bitcoin');
     console.log('  git mark info             # show trail state');
     console.log('  git mark verify           # verify trail against Bitcoin');
-  } else {
-    cmdMark(args.slice(cmd === 'mark' ? 1 : 0));
   }
-} else {
-  console.log('Usage:');
-  console.log('  git mark init [--chain tbtc4] [--voucher txo:...]');
-  console.log('  git mark                  # anchor HEAD to Bitcoin');
-  console.log('  git mark info             # show trail state');
-  console.log('  git mark verify           # verify trail against Bitcoin');
 }

package/index.html

@@ -0,0 +1,141 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>git mark — Anchor Git Commits to Bitcoin</title>
+  <meta name="description" content="Mark your git commits on Bitcoin using blocktrails key chaining. Tamper-proof history, globally verifiable, two dependencies.">
+  <meta property="og:title" content="git mark — Anchor Git Commits to Bitcoin">
+  <meta property="og:description" content="Mark your git commits on Bitcoin using blocktrails key chaining. Tamper-proof history, globally verifiable.">
+  <meta property="og:type" content="website">
+  <meta property="og:url" content="https://git-mark.com">
+  <style>
+    * { margin: 0; padding: 0; box-sizing: border-box; }
+    body { font-family: Georgia, 'Times New Roman', serif; background: #fafaf8; color: #2c2c2c; line-height: 1.7; padding: 2rem; }
+    .container { max-width: 720px; margin: 0 auto; }
+    h1 { font-size: 2.2rem; font-weight: 400; margin-bottom: 0.25rem; }
+    .subtitle { color: #666; font-size: 1.1rem; margin-bottom: 0.5rem; }
+    .meta { color: #999; font-size: 0.85rem; margin-bottom: 2rem; padding-bottom: 1.5rem; border-bottom: 1px solid #ddd; }
+    .meta a { color: #999; }
+    h2 { font-size: 1.3rem; color: #f7931a; margin: 2.5rem 0 1rem; font-weight: 600; }
+    p { margin-bottom: 1.25rem; }
+    code { background: #f0efeb; padding: 0.15rem 0.4rem; border-radius: 3px; font-family: 'SFMono-Regular', Consolas, monospace; font-size: 0.85em; color: #555; }
+    pre { background: #f0efeb; padding: 1rem; border-radius: 4px; overflow-x: auto; font-family: 'SFMono-Regular', Consolas, monospace; font-size: 0.85rem; margin: 1.25rem 0; line-height: 1.5; }
+    a { color: #1a5276; }
+    strong { font-weight: 600; }
+    table { width: 100%; border-collapse: collapse; margin: 1.5rem 0; font-size: 0.9rem; }
+    th { text-align: left; padding: 0.6rem 0.75rem; border-bottom: 2px solid #ddd; color: #888; font-weight: 500; }
+    td { padding: 0.5rem 0.75rem; border-bottom: 1px solid #eee; }
+    .highlight { color: #f7931a; font-weight: 600; }
+    .callout { background: #fff8f0; border: 1px solid #f7931a33; border-radius: 4px; padding: 1.25rem; margin: 1.5rem 0; }
+    .callout .label { font-size: 0.7rem; text-transform: uppercase; letter-spacing: 0.1em; color: #f7931a; margin-bottom: 0.5rem; }
+    footer { margin-top: 3rem; padding-top: 1.5rem; border-top: 1px solid #ddd; color: #999; font-size: 0.85rem; }
+    footer a { color: #888; }
+  </style>
+</head>
+<body>
+  <div class="container">
+
+    <h1>git mark</h1>
+    <div class="subtitle">Anchor git commits to Bitcoin via blocktrails</div>
+    <div class="meta">
+      <a href="https://github.com/solidpayorg/gitmark">GitHub</a> &middot;
+      <a href="https://www.npmjs.com/package/gitmark">npm</a> &middot;
+      <a href="https://blocktrails.org">blocktrails.org</a>
+    </div>
+
+    <h2>What It Does</h2>
+
+    <p><span class="highlight">Every <code>git mark</code> creates a Bitcoin transaction</span> that anchors your current commit to the blockchain. The transaction address is derived from your key + the commit hash using BIP-341 key chaining. Anyone can verify the anchor. Nobody can tamper with it.</p>
+
+    <p>The result is a two-way link: the blockchain follows your repo (via tweaked addresses), and your repo follows the blockchain (via <code>blocktrails.json</code>).</p>
+
+    <h2>Install</h2>
+
+<pre>npm install -g gitmark</pre>
+
+    <p>This gives you <code>git mark</code> as a native git subcommand.</p>
+
+    <h2>Quick Start</h2>
+
+<pre># Initialize in a git repo
+git mark init --chain tbtc4 --voucher txo:tbtc4:txid:vout?amount=X&amp;key=Y
+
+# Make commits, then mark them
+git commit -m "my change"
+git mark
+
+# Verify the trail
+git mark verify
+
+# Show trail state
+git mark info</pre>
+
+    <h2>How It Works</h2>
+
+    <table>
+      <tr><th>Step</th><th>What Happens</th></tr>
+      <tr><td>Init</td><td>Generates or reads your Nostr key, creates <code>blocktrails.json</code>, optionally funds the trail</td></tr>
+      <tr><td>Mark</td><td>Takes HEAD commit hash, derives a tweaked taproot address via BIP-341, builds and broadcasts a Bitcoin transaction</td></tr>
+      <tr><td>Verify</td><td>Walks the trail, re-derives each address from the public key + commit hashes, checks each transaction on Bitcoin</td></tr>
+    </table>
+
+    <p>Each mark advances the key chain: <code>newKey = baseKey + tweak(commit_hash)</code>. The chain of derived addresses on Bitcoin mirrors the chain of commits in git.</p>
+
+    <h2>The Trail File</h2>
+
+    <p><code>blocktrails.json</code> lives in your repo root, committed and visible:</p>
+
+<pre>{
+  "version": "0.0.3",
+  "profile": "gitmark",
+  "publicKeyBase": "02abc...",
+  "chain": "tbtc4",
+  "states": ["a1b2c3...", "e5f6a7..."],
+  "txo": [
+    "txo:tbtc4:abc:0?commit=a1b2c3...",
+    "txo:tbtc4:def:0?commit=e5f6a7..."
+  ]
+}</pre>
+
+    <p><strong>states</strong> — the commit hashes (input to key chaining math). <strong>txo</strong> — the Bitcoin anchors (TXO URIs, self-contained and verifiable). Anyone who clones your repo can verify the trail independently.</p>
+
+    <h2>Key Storage</h2>
+
+    <p>Your private key is stored in git config:</p>
+
+<pre>git config nostr.privkey &lt;64-char-hex&gt;</pre>
+
+    <p>The same secp256k1 key you use for Nostr, Bitcoin, and Solid pod authentication. One key for everything.</p>
+
+    <div class="callout">
+      <div class="label">Blocktrails</div>
+      <p style="margin-bottom: 0.75rem">Git-mark is a <a href="https://blocktrails.org">blocktrails</a> application profile. The key chaining math is identical to <a href="https://blocktrails.org">MRC20 tokens</a> — just with commit hashes as state instead of token ledgers. A generic blocktrails verifier handles both.</p>
+      <p style="margin-bottom: 0">Two dependencies: <code>@noble/curves</code> and <code>@noble/hashes</code>. No bitcoinjs-lib. No external transaction builders. Pure secp256k1 math.</p>
+    </div>
+
+    <h2>Commands</h2>
+
+    <table>
+      <tr><th>Command</th><th>Description</th></tr>
+      <tr><td><code>git mark init</code></td><td>Initialize trail. Options: <code>--chain</code>, <code>--voucher</code>, <code>--force</code></td></tr>
+      <tr><td><code>git mark</code></td><td>Anchor HEAD commit to Bitcoin</td></tr>
+      <tr><td><code>git mark info</code></td><td>Show trail state, balance, addresses</td></tr>
+      <tr><td><code>git mark verify</code></td><td>Verify all marks against Bitcoin</td></tr>
+    </table>
+
+    <h2>Related</h2>
+
+    <p>
+      <a href="https://blocktrails.org">Blocktrails</a> &mdash; state anchoring on Bitcoin<br>
+      <a href="https://github.com/nicepkg/gitmark-test">gitmark-test</a> &mdash; interim implementation<br>
+      <a href="https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki">BIP-341</a> &mdash; Taproot key tweaking
+    </p>
+
+    <footer>
+      <p>&copy; 2021-2026 <a href="https://melvin.me">Melvin Carvalho</a> &middot; AGPL-3.0 &middot; <a href="https://github.com/solidpayorg/gitmark">Source</a></p>
+    </footer>
+
+  </div>
+</body>
+</html>

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "gitmark",
-  "version": "0.0.69",
+  "version": "0.0.71",
   "type": "module",
   "description": "Anchor git commits to Bitcoin via blocktrails",
   "main": "bin/git-mark.js",
@@ -8,7 +8,7 @@
     "git-mark": "bin/git-mark.js"
   },
   "scripts": {
-    "test": "node bin/git-mark.js --help"
+    "test": "node --test test/git-mark.test.js"
   },
   "repository": {
     "type": "git",
@@ -22,7 +22,7 @@
     "nostr"
   ],
   "author": "Melvin Carvalho",
-  "license": "MIT",
+  "license": "AGPL-3.0-or-later",
   "bugs": {
     "url": "https://github.com/solidpayorg/gitmark/issues"
   },

package/test/git-mark.test.js

@@ -0,0 +1,191 @@
+import { describe, it } from 'node:test';
+import assert from 'node:assert';
+import { secp256k1 } from '@noble/curves/secp256k1';
+import { bytesToHex, hexToBytes } from '@noble/hashes/utils';
+
+import {
+  taggedHash, btScalar, deriveChainedPrivkey, deriveChainedPubkey,
+  pubkeyToAddress, parseTxoUri, p2trScript, CHAINS
+} from '../bin/git-mark.js';
+
+describe('Key chaining', () => {
+  const privkey = hexToBytes('0000000000000000000000000000000000000000000000000000000000000001');
+  const pubkey = secp256k1.getPublicKey(privkey, true);
+
+  it('deriveChainedPubkey with no states returns original key', () => {
+    const result = deriveChainedPubkey(pubkey, []);
+    assert.deepStrictEqual(result, pubkey);
+  });
+
+  it('deriveChainedPubkey with one state changes the key', () => {
+    const result = deriveChainedPubkey(pubkey, ['abc123']);
+    assert.notDeepStrictEqual(result, pubkey);
+    assert.strictEqual(result.length, 33); // compressed
+    assert.ok(result[0] === 0x02 || result[0] === 0x03); // valid prefix
+  });
+
+  it('deriveChainedPubkey with two states differs from one state', () => {
+    const one = deriveChainedPubkey(pubkey, ['abc123']);
+    const two = deriveChainedPubkey(pubkey, ['abc123', 'def456']);
+    assert.notDeepStrictEqual(one, two);
+  });
+
+  it('deriveChainedPrivkey matches deriveChainedPubkey', () => {
+    const states = ['commit1', 'commit2', 'commit3'];
+    const derivedPriv = deriveChainedPrivkey(privkey, states);
+    const derivedPub = deriveChainedPubkey(pubkey, states);
+    const pubFromPriv = secp256k1.getPublicKey(derivedPriv, true);
+    assert.deepStrictEqual(new Uint8Array(pubFromPriv), new Uint8Array(derivedPub));
+  });
+
+  it('order of states matters', () => {
+    const a = deriveChainedPubkey(pubkey, ['first', 'second']);
+    const b = deriveChainedPubkey(pubkey, ['second', 'first']);
+    assert.notDeepStrictEqual(a, b);
+  });
+
+  it('different keys produce different results for same states', () => {
+    const privkey2 = hexToBytes('0000000000000000000000000000000000000000000000000000000000000002');
+    const pubkey2 = secp256k1.getPublicKey(privkey2, true);
+    const a = deriveChainedPubkey(pubkey, ['state1']);
+    const b = deriveChainedPubkey(pubkey2, ['state1']);
+    assert.notDeepStrictEqual(a, b);
+  });
+});
+
+describe('Address derivation', () => {
+  const privkey = secp256k1.utils.randomPrivateKey();
+  const pubkey = bytesToHex(secp256k1.getPublicKey(privkey, true));
+
+  it('generates valid testnet4 address', () => {
+    const addr = pubkeyToAddress(pubkey, [], 'tbtc4');
+    assert.ok(addr.startsWith('tb1p'));
+    assert.strictEqual(addr.length, 62); // bech32m P2TR
+  });
+
+  it('generates valid testnet3 address', () => {
+    const addr = pubkeyToAddress(pubkey, [], 'tbtc3');
+    assert.ok(addr.startsWith('tb1p'));
+  });
+
+  it('generates valid mainnet address', () => {
+    const addr = pubkeyToAddress(pubkey, [], 'btc');
+    assert.ok(addr.startsWith('bc1p'));
+  });
+
+  it('different states produce different addresses', () => {
+    const a = pubkeyToAddress(pubkey, [], 'tbtc4');
+    const b = pubkeyToAddress(pubkey, ['commit1'], 'tbtc4');
+    assert.notStrictEqual(a, b);
+  });
+
+  it('same inputs produce same address (deterministic)', () => {
+    const a = pubkeyToAddress(pubkey, ['commit1'], 'tbtc4');
+    const b = pubkeyToAddress(pubkey, ['commit1'], 'tbtc4');
+    assert.strictEqual(a, b);
+  });
+});
+
+describe('TXO URI parsing', () => {
+  it('parses basic TXO URI', () => {
+    const result = parseTxoUri('txo:tbtc4:abc123:0');
+    assert.strictEqual(result.chain, 'tbtc4');
+    assert.strictEqual(result.txid, 'abc123');
+    assert.strictEqual(result.vout, 0);
+  });
+
+  it('parses TXO URI with query params', () => {
+    const result = parseTxoUri('txo:tbtc4:abc123:1?amount=10000&key=deadbeef');
+    assert.strictEqual(result.vout, 1);
+    assert.strictEqual(result.amount, 10000);
+    assert.strictEqual(result.key, 'deadbeef');
+  });
+
+  it('parses TXO URI with commit param', () => {
+    const result = parseTxoUri('txo:tbtc4:abc123:0?commit=a1b2c3d4');
+    assert.strictEqual(result.chain, 'tbtc4');
+    assert.strictEqual(result.txid, 'abc123');
+  });
+
+  it('throws on invalid URI', () => {
+    assert.throws(() => parseTxoUri('not-a-txo'), /Invalid TXO URI/);
+  });
+});
+
+describe('taggedHash', () => {
+  it('produces 32 bytes', () => {
+    const result = taggedHash('TapTweak', new Uint8Array([1, 2, 3]));
+    assert.strictEqual(result.length, 32);
+  });
+
+  it('is deterministic', () => {
+    const a = taggedHash('TapTweak', new Uint8Array([1, 2, 3]));
+    const b = taggedHash('TapTweak', new Uint8Array([1, 2, 3]));
+    assert.deepStrictEqual(a, b);
+  });
+
+  it('different tags produce different hashes', () => {
+    const a = taggedHash('TapTweak', new Uint8Array([1]));
+    const b = taggedHash('TapSighash', new Uint8Array([1]));
+    assert.notDeepStrictEqual(a, b);
+  });
+});
+
+describe('p2trScript', () => {
+  it('produces correct script', () => {
+    const xonly = new Uint8Array(32).fill(0xab);
+    const script = p2trScript(xonly);
+    assert.strictEqual(script.length, 34);
+    assert.strictEqual(script[0], 0x51); // OP_1
+    assert.strictEqual(script[1], 0x20); // push 32 bytes
+    assert.deepStrictEqual(script.slice(2), xonly);
+  });
+});
+
+describe('Chain registry', () => {
+  it('has tbtc4', () => {
+    assert.ok(CHAINS.tbtc4);
+    assert.ok(CHAINS.tbtc4.explorer.includes('testnet4'));
+  });
+
+  it('has tbtc3', () => {
+    assert.ok(CHAINS.tbtc3);
+    assert.ok(CHAINS.tbtc3.explorer.includes('testnet'));
+  });
+
+  it('has btc', () => {
+    assert.ok(CHAINS.btc);
+    assert.ok(CHAINS.btc.explorer.includes('mempool.space/api'));
+  });
+});
+
+describe('Trail format', () => {
+  it('creates valid trail structure', () => {
+    const privkey = secp256k1.utils.randomPrivateKey();
+    const pubkey = bytesToHex(secp256k1.getPublicKey(privkey, true));
+
+    const trail = {
+      version: '0.0.3',
+      profile: 'gitmark',
+      publicKeyBase: pubkey,
+      chain: 'tbtc4',
+      states: [],
+      txo: []
+    };
+
+    assert.strictEqual(trail.version, '0.0.3');
+    assert.strictEqual(trail.profile, 'gitmark');
+    assert.strictEqual(trail.publicKeyBase.length, 66); // compressed hex
+    assert.ok(trail.publicKeyBase.startsWith('02') || trail.publicKeyBase.startsWith('03'));
+    assert.ok(Array.isArray(trail.states));
+    assert.ok(Array.isArray(trail.txo));
+  });
+
+  it('states and txo stay parallel after marks', () => {
+    const trail = {
+      states: ['commit1', 'commit2'],
+      txo: ['txo:tbtc4:abc:0?commit=commit1', 'txo:tbtc4:def:0?commit=commit2']
+    };
+    assert.strictEqual(trail.states.length, trail.txo.length);
+  });
+});