javascript-solid-server 0.0.158 → 0.0.159

package/clock-updater.mjs

@@ -3,8 +3,7 @@
  * Usage: node clock-updater.mjs
  */
 
-import { getPublicKey, finalizeEvent } from 'nostr-tools';
-import { getToken } from 'nostr-tools/nip98';
+import { getPublicKey, nip98Token } from './src/nostr/event.js';
 
 // Nostr keypair (in production, load from env/file)
 const SK_HEX = '3f188544fb81bd324ead7be9697fd9503d18345e233a7b0182915b0b582ddd70';
@@ -26,7 +25,11 @@ async function updateClock() {
   };
 
   try {
-    const token = await getToken(CLOCK_URL, 'PUT', (e) => finalizeEvent(e, sk));
+    // Serialize once: the same bytes feed both the NIP-98 payload hash
+    // and the fetch body. nip98Token requires bytes (not an object) so
+    // the `payload` tag matches what the server actually receives.
+    const bodyBytes = JSON.stringify(clockData);
+    const token = nip98Token(CLOCK_URL, 'PUT', sk, bodyBytes);
 
     const res = await fetch(CLOCK_URL, {
       method: 'PUT',
@@ -34,7 +37,7 @@ async function updateClock() {
         'Content-Type': 'application/ld+json',
         'Authorization': 'Nostr ' + token
       },
-      body: JSON.stringify(clockData)
+      body: bodyBytes
     });
 
     const time = isoDate.split('T')[1].replace('Z', '');

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "javascript-solid-server",
-  "version": "0.0.158",
+  "version": "0.0.159",
   "description": "A minimal, fast Solid server",
   "main": "src/index.js",
   "type": "module",
@@ -25,6 +25,7 @@
   },
   "dependencies": {
     "@noble/curves": "^1.2.0",
+    "@noble/hashes": "^1.3.2",
     "@fastify/middie": "^8.3.3",
     "@fastify/rate-limit": "^9.1.0",
     "@fastify/websocket": "^8.3.1",
@@ -36,7 +37,6 @@
     "jose": "^6.1.3",
     "microfed": "^0.0.14",
     "n3": "^1.26.0",
-    "nostr-tools": "^2.19.4",
     "oidc-provider": "^9.6.0",
     "sql.js": "^1.13.0"
   },

package/src/auth/nostr.js

@@ -11,7 +11,7 @@
  *   did:nostr:<64-char-hex-pubkey>
  */
 
-import { verifyEvent } from 'nostr-tools';
+import { verifyEvent, getEventHash } from '../nostr/event.js';
 import crypto from 'crypto';
 import { resolveDidNostrToWebId } from './did-nostr.js';
 
@@ -216,17 +216,11 @@ export async function verifyNostrAuth(request) {
     return { webId: null, error: 'Invalid or missing pubkey' };
   }
 
-  // Compute event id if missing (lenient mode for nosdav compatibility)
+  // Compute event id if missing (lenient mode for nosdav compatibility).
+  // Uses the same canonical serialization as `verifyEvent` below so we
+  // can't drift out of sync with how the verifier hashes events.
   if (!event.id) {
-    const serialized = JSON.stringify([
-      0,
-      event.pubkey,
-      event.created_at,
-      event.kind,
-      event.tags,
-      event.content
-    ]);
-    event.id = crypto.createHash('sha256').update(serialized).digest('hex');
+    event.id = getEventHash(event);
   }
 
   // Verify Schnorr signature

package/src/nostr/event.js

@@ -0,0 +1,206 @@
+/**
+ * NIP-01 / NIP-98 event utilities — verifier and signer.
+ *
+ * Node-targeted: uses `node:crypto` (`createHash`) and `Buffer` for
+ * SHA-256 and base64. The crypto primitive (`@noble/curves` Schnorr)
+ * is itself runtime-portable, but this module is wired for Node and
+ * is what JSS runs on. Don't claim Workers/Deno portability without
+ * swapping `node:crypto` for `crypto.subtle` and `Buffer` for
+ * `btoa`/`TextEncoder`.
+ *
+ * Replaces the `nostr-tools` dependency tree we previously pulled just
+ * for a few functions (#135).
+ *
+ * Verifier surface (used by production):
+ *   - `getEventHash`, `validateEvent`, `verifyEvent`
+ *   - consumed by `src/auth/nostr.js` (NIP-98 HTTP auth) and
+ *     `src/nostr/relay.js` (in-process relay).
+ *
+ * Signer surface (used by integration tests + dev scripts):
+ *   - `generateSecretKey`, `getPublicKey`, `finalizeEvent`, `nip98Token`
+ *   - consumed by `test/*.js` and the repo-root `*.mjs`/`test-*.js`
+ *     dev scripts. Living in `src/` rather than `test/helpers/` so
+ *     non-test consumers don't reach into test-only code paths.
+ */
+
+import { schnorr, secp256k1 } from '@noble/curves/secp256k1';
+import { createHash } from 'node:crypto';
+
+// NIP-01 and BIP-340 specify hex fields in lowercase. We require it
+// strictly — accepting uppercase here would let an event verify but
+// then fail downstream case-sensitive lookups (e.g. relay filters
+// matching `event.id` exactly), so callers would have to remember to
+// normalize. Strict at the gate avoids that whole class of bug.
+const HEX_64 = /^[a-f0-9]{64}$/;
+const HEX_128 = /^[a-f0-9]{128}$/;
+
+/**
+ * Compute the canonical NIP-01 event id.
+ * Per NIP-01 the id is `sha256(JSON.stringify([0, pubkey, created_at,
+ * kind, tags, content]))` with no whitespace, hex-encoded lowercase.
+ *
+ * @param {object} event - Event with pubkey/created_at/kind/tags/content
+ * @returns {string} 64-char lowercase hex sha256 digest
+ */
+export function getEventHash(event) {
+  const serialized = JSON.stringify([
+    0,
+    event.pubkey,
+    event.created_at,
+    event.kind,
+    event.tags,
+    event.content
+  ]);
+  return createHash('sha256').update(serialized, 'utf8').digest('hex');
+}
+
+/**
+ * Structural validation — does the object have the shape required of a
+ * NIP-01 event? Doesn't compute the hash or verify the signature.
+ */
+export function validateEvent(event) {
+  if (!event || typeof event !== 'object' || Array.isArray(event)) return false;
+  if (typeof event.id !== 'string' || !HEX_64.test(event.id)) return false;
+  if (typeof event.pubkey !== 'string' || !HEX_64.test(event.pubkey)) return false;
+  if (typeof event.sig !== 'string' || !HEX_128.test(event.sig)) return false;
+  // NIP-01 doesn't cap kinds at 16 bits — many real kinds (10002, 30023,
+  // etc.) are above 65535. Accept any non-negative safe integer.
+  if (!Number.isSafeInteger(event.kind) || event.kind < 0) return false;
+  // Use isSafeInteger for parity with kind — non-safe ints can't round-trip
+  // through JSON without precision loss, which would corrupt the canonical hash.
+  if (!Number.isSafeInteger(event.created_at) || event.created_at < 0) return false;
+  if (typeof event.content !== 'string') return false;
+  if (!Array.isArray(event.tags)) return false;
+  for (const tag of event.tags) {
+    if (!Array.isArray(tag)) return false;
+    for (const v of tag) if (typeof v !== 'string') return false;
+  }
+  return true;
+}
+
+/**
+ * Full event verification: passes structural validation AND the
+ * declared `id` matches the recomputed hash AND the Schnorr signature
+ * (BIP-340) is valid for that id under `pubkey`.
+ *
+ * Returns `true` only on full success; any failure or thrown crypto
+ * error becomes `false` so callers don't have to wrap in try/catch.
+ */
+export function verifyEvent(event) {
+  if (!validateEvent(event)) return false;
+  if (event.id !== getEventHash(event)) return false;
+  try {
+    return schnorr.verify(event.sig, event.id, event.pubkey);
+  } catch {
+    return false;
+  }
+}
+
+// ---------------------------------------------------------------------
+// Signer-side helpers
+// ---------------------------------------------------------------------
+
+/**
+ * Generate a random 32-byte secp256k1 private key.
+ *
+ * Always uses `secp256k1.utils.randomPrivateKey()` so the result is
+ * guaranteed to be in [1, n-1] (a valid secp256k1 scalar). A naive
+ * `crypto.randomBytes(32)` fallback would have a vanishing-but-nonzero
+ * chance of producing 0 or a value >= curve order, which would manifest
+ * as flaky signing/verification.
+ */
+export function generateSecretKey() {
+  if (!secp256k1.utils?.randomPrivateKey) {
+    throw new Error('secp256k1.utils.randomPrivateKey is unavailable');
+  }
+  return secp256k1.utils.randomPrivateKey();
+}
+
+/**
+ * Derive the BIP-340 x-only public key as 64-char lowercase hex.
+ */
+export function getPublicKey(secretKey) {
+  return Buffer.from(schnorr.getPublicKey(secretKey)).toString('hex');
+}
+
+/**
+ * Take a partial Nostr event, compute its NIP-01 id, sign it with the
+ * given secret key, and return the finalized event.
+ *
+ * Validates the template up-front so we can't produce events that would
+ * later fail `verifyEvent` (e.g. `kind: undefined` would JSON-serialize
+ * as `null` and the resulting id would round-trip as garbage).
+ *
+ * @param {object} template - {kind, tags?, content?, created_at?}
+ * @param {Uint8Array|string} secretKey
+ */
+export function finalizeEvent(template, secretKey) {
+  if (!template || typeof template !== 'object') {
+    throw new TypeError('finalizeEvent: template must be an object');
+  }
+  if (!Number.isSafeInteger(template.kind) || template.kind < 0) {
+    throw new TypeError('finalizeEvent: template.kind must be a non-negative safe integer');
+  }
+  if (template.created_at !== undefined &&
+      (!Number.isSafeInteger(template.created_at) || template.created_at < 0)) {
+    throw new TypeError('finalizeEvent: template.created_at must be a non-negative safe integer');
+  }
+  if (template.tags !== undefined && !Array.isArray(template.tags)) {
+    throw new TypeError('finalizeEvent: template.tags must be an array');
+  }
+  if (template.content !== undefined && typeof template.content !== 'string') {
+    throw new TypeError('finalizeEvent: template.content must be a string');
+  }
+  const pubkey = getPublicKey(secretKey);
+  const event = {
+    pubkey,
+    created_at: template.created_at ?? Math.floor(Date.now() / 1000),
+    kind: template.kind,
+    tags: template.tags ?? [],
+    content: template.content ?? ''
+  };
+  event.id = getEventHash(event);
+  event.sig = Buffer.from(schnorr.sign(event.id, secretKey)).toString('hex');
+  return event;
+}
+
+/**
+ * Build a NIP-98 HTTP auth header value (the part after `Nostr `):
+ * a kind-27235 event signed with `secretKey`, base64-encoded.
+ *
+ * NIP-98's `payload` tag is the SHA-256 of the *exact bytes* the client
+ * will send on the wire. So `body` must be a `string`, `Uint8Array`, or
+ * `Buffer` representing those bytes — passing a plain JS object would
+ * force us to re-serialize via `JSON.stringify`, which is unlikely to
+ * match the bytes `fetch()` would actually send (whitespace, key order,
+ * non-JSON payloads). Callers serialize once and pass the bytes here.
+ *
+ * @param {string} url - Full request URL (becomes the `u` tag)
+ * @param {string} method - HTTP method (becomes the `method` tag, uppercased)
+ * @param {Uint8Array|string} secretKey - 32-byte secret key
+ * @param {string|Uint8Array|Buffer|null} [body] - Optional request body
+ *   *bytes*; if present the SHA-256 hex hash is added as a `payload` tag
+ *   per NIP-98.
+ * @returns {string} base64-encoded signed event
+ */
+export function nip98Token(url, method, secretKey, body = null) {
+  const tags = [
+    ['u', url],
+    ['method', method.toUpperCase()]
+  ];
+  if (body !== null && body !== undefined) {
+    if (typeof body !== 'string' && !(body instanceof Uint8Array)) {
+      throw new TypeError(
+        'nip98Token: body must be a string, Uint8Array, or Buffer — ' +
+        'pass the exact bytes that will be sent on the wire'
+      );
+    }
+    const bytes = typeof body === 'string'
+      ? Buffer.from(body, 'utf8')
+      : body;
+    const hash = createHash('sha256').update(bytes).digest('hex');
+    tags.push(['payload', hash]);
+  }
+  const event = finalizeEvent({ kind: 27235, tags, content: '' }, secretKey);
+  return Buffer.from(JSON.stringify(event)).toString('base64');
+}

package/src/nostr/relay.js

@@ -8,7 +8,7 @@
  * Endpoint: wss://your.pod/relay
  */
 
-import { validateEvent, verifyEvent } from 'nostr-tools';
+import { validateEvent, verifyEvent } from './event.js';
 import websocket from '@fastify/websocket';
 
 // Default max events to prevent memory exhaustion

package/test/did-nostr.test.js

@@ -4,7 +4,7 @@
 
 import { describe, it, before, after, mock } from 'node:test';
 import assert from 'node:assert';
-import { generateSecretKey, getPublicKey, finalizeEvent } from 'nostr-tools';
+import { generateSecretKey, getPublicKey, finalizeEvent } from '../src/nostr/event.js';
 import {
   startTestServer,
   stopTestServer,

package/test/nostr-event.test.js

@@ -0,0 +1,277 @@
+/**
+ * Unit tests for src/nostr/event.js — the minimal NIP-01 event verifier
+ * that replaced nostr-tools (#135).
+ *
+ * Coverage focuses on the security-critical paths:
+ *   - Round-trip: a freshly-signed event verifies.
+ *   - Tamper rejection: any byte mutation makes it fail.
+ *   - Wrong-key rejection: a sig from a different key fails.
+ *   - Structural rejection: malformed events fail validateEvent.
+ *   - getEventHash matches NIP-01's canonical serialization.
+ */
+
+import { describe, it } from 'node:test';
+import assert from 'node:assert';
+import { schnorr } from '@noble/curves/secp256k1';
+
+import {
+  getEventHash,
+  validateEvent,
+  verifyEvent,
+  generateSecretKey,
+  getPublicKey,
+  finalizeEvent,
+  nip98Token
+} from '../src/nostr/event.js';
+
+describe('nostr event utilities (#135)', () => {
+  describe('getEventHash', () => {
+    it('matches NIP-01 canonical serialization (sha256 of [0,pubkey,...])', () => {
+      // Pin a deterministic input AND a precomputed digest so both the
+      // canonical serialization and the SHA-256 step are locked in.
+      // Recompute via:
+      //   echo -n '[0,"00...01",1000000,1,[],"hello"]' | sha256sum
+      const event = {
+        pubkey: '0000000000000000000000000000000000000000000000000000000000000001',
+        created_at: 1000000,
+        kind: 1,
+        tags: [],
+        content: 'hello'
+      };
+      const baseline = getEventHash(event);
+      assert.strictEqual(
+        baseline,
+        '01f1ec62e464146177ccfe8580ae050847b3cc48c7eca3e0678fc7b92cedfef0',
+        'NIP-01 canonical hash regression — change here means serialization or SHA-256 has shifted'
+      );
+      assert.match(baseline, /^[a-f0-9]{64}$/);
+
+      // Any change to any canonical field must yield a different hash.
+      assert.notStrictEqual(getEventHash({ ...event, content: 'hello!' }), baseline);
+      assert.notStrictEqual(getEventHash({ ...event, kind: 2 }), baseline);
+      assert.notStrictEqual(getEventHash({ ...event, created_at: 1000001 }), baseline);
+      assert.notStrictEqual(getEventHash({ ...event, tags: [['t']] }), baseline);
+    });
+
+    it('serializes pubkey verbatim (case-strict per NIP-01)', () => {
+      // NIP-01 specifies lowercase hex throughout. We don't normalize
+      // inside getEventHash — uppercase pubkey would produce a different
+      // hash, but validateEvent/verifyEvent reject uppercase before we
+      // get here, so callers never see the divergence in practice.
+      // Use a pubkey with hex letters so upper- and lower-case differ.
+      const lower = {
+        pubkey: 'abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789',
+        created_at: 1, kind: 1, tags: [], content: ''
+      };
+      const upper = { ...lower, pubkey: lower.pubkey.toUpperCase() };
+      assert.notStrictEqual(
+        getEventHash(lower), getEventHash(upper),
+        'getEventHash is canonical: caller must supply lowercase'
+      );
+    });
+  });
+
+  describe('verifyEvent — round-trip and tamper rejection', () => {
+    it('verifies a freshly-signed event', () => {
+      const sk = generateSecretKey();
+      const event = finalizeEvent({
+        kind: 27235,
+        tags: [['u', 'https://example.test/foo'], ['method', 'GET']],
+        content: ''
+      }, sk);
+      assert.strictEqual(verifyEvent(event), true);
+    });
+
+    it('rejects an event with a flipped content byte', () => {
+      const sk = generateSecretKey();
+      const event = finalizeEvent({ kind: 1, tags: [], content: 'original' }, sk);
+      // Mutate content but keep id/sig — recomputed hash won't match.
+      event.content = 'mutated';
+      assert.strictEqual(verifyEvent(event), false);
+    });
+
+    it('rejects an event whose declared id is wrong', () => {
+      const sk = generateSecretKey();
+      const event = finalizeEvent({ kind: 1, tags: [], content: 'x' }, sk);
+      event.id = '0'.repeat(64); // wrong id
+      assert.strictEqual(verifyEvent(event), false);
+    });
+
+    it('rejects an event signed by a different key', () => {
+      const sk1 = generateSecretKey();
+      const sk2 = generateSecretKey();
+      const event = finalizeEvent({ kind: 1, tags: [], content: 'x' }, sk1);
+      // Replace pubkey with sk2's pubkey but keep sk1's signature.
+      event.pubkey = getPublicKey(sk2);
+      // Recompute id since pubkey is part of the canonical hash, then
+      // the sig won't match the new id.
+      event.id = getEventHash(event);
+      assert.strictEqual(verifyEvent(event), false);
+    });
+
+    it('rejects an event with a tampered signature', () => {
+      const sk = generateSecretKey();
+      const event = finalizeEvent({ kind: 1, tags: [], content: 'x' }, sk);
+      // Flip the last hex char of the signature.
+      const last = event.sig.slice(-1);
+      event.sig = event.sig.slice(0, -1) + (last === '0' ? '1' : '0');
+      assert.strictEqual(verifyEvent(event), false);
+    });
+  });
+
+  describe('validateEvent — structural rejection', () => {
+    function valid() {
+      return finalizeEvent({ kind: 1, tags: [], content: 'x' }, generateSecretKey());
+    }
+
+    it('accepts a well-formed event', () => {
+      assert.strictEqual(validateEvent(valid()), true);
+    });
+
+    const cases = [
+      ['null',                      null],
+      ['undefined',                 undefined],
+      ['array',                     []],
+      ['missing id',                () => { const e = valid(); delete e.id; return e; }],
+      ['short id',                  () => { const e = valid(); e.id = 'abcd'; return e; }],
+      ['non-hex id',                () => { const e = valid(); e.id = 'g'.repeat(64); return e; }],
+      ['short pubkey',              () => { const e = valid(); e.pubkey = 'abcd'; return e; }],
+      ['short sig',                 () => { const e = valid(); e.sig = 'abcd'; return e; }],
+      ['kind not integer',          () => { const e = valid(); e.kind = 'one'; return e; }],
+      ['kind negative',             () => { const e = valid(); e.kind = -1; return e; }],
+      ['negative created_at',       () => { const e = valid(); e.created_at = -1; return e; }],
+      ['content not string',        () => { const e = valid(); e.content = 123; return e; }],
+      ['tags not array',            () => { const e = valid(); e.tags = 'oops'; return e; }],
+      ['nested tag not array',      () => { const e = valid(); e.tags = ['oops']; return e; }],
+      ['tag value not string',      () => { const e = valid(); e.tags = [[1, 2]]; return e; }]
+    ];
+
+    for (const [label, input] of cases) {
+      it(`rejects: ${label}`, () => {
+        const e = typeof input === 'function' ? input() : input;
+        assert.strictEqual(validateEvent(e), false);
+      });
+    }
+  });
+
+  describe('lenient input — round 2 fixes (#341 review)', () => {
+    it('rejects uppercase hex in id/pubkey/sig (NIP-01 is case-strict)', () => {
+      // We deliberately do NOT lenient-accept uppercase here — accepting
+      // would let an event verify but then miss case-sensitive downstream
+      // lookups (relay filter ID match, dedupe by pubkey, etc.). Strict
+      // at the gate keeps the rest of the codebase from having to remember
+      // to normalize.
+      const sk = generateSecretKey();
+      const event = finalizeEvent({ kind: 1, tags: [], content: 'x' }, sk);
+      assert.strictEqual(verifyEvent({ ...event, id: event.id.toUpperCase() }), false);
+      assert.strictEqual(verifyEvent({ ...event, pubkey: event.pubkey.toUpperCase() }), false);
+      assert.strictEqual(verifyEvent({ ...event, sig: event.sig.toUpperCase() }), false);
+    });
+
+    it('accepts kinds above 65535 (NIP-01 has no 16-bit cap)', () => {
+      const sk = generateSecretKey();
+      const event = finalizeEvent({ kind: 30023, tags: [], content: 'long-form' }, sk);
+      assert.strictEqual(verifyEvent(event), true,
+        'kind 30023 (NIP-23 long-form content) must verify');
+    });
+
+    it('still rejects negative kinds', () => {
+      const sk = generateSecretKey();
+      const event = finalizeEvent({ kind: 1, tags: [], content: 'x' }, sk);
+      event.kind = -1;
+      assert.strictEqual(validateEvent(event), false);
+    });
+  });
+
+  describe('finalizeEvent input validation (#341 review)', () => {
+    it('throws when kind is missing', () => {
+      const sk = generateSecretKey();
+      assert.throws(() => finalizeEvent({ tags: [], content: 'x' }, sk), TypeError);
+    });
+
+    it('throws when kind is not a non-negative safe integer', () => {
+      const sk = generateSecretKey();
+      assert.throws(() => finalizeEvent({ kind: -1 }, sk), TypeError);
+      assert.throws(() => finalizeEvent({ kind: 'one' }, sk), TypeError);
+      assert.throws(() => finalizeEvent({ kind: 1.5 }, sk), TypeError);
+      assert.throws(() => finalizeEvent({ kind: Number.MAX_SAFE_INTEGER + 1 }, sk), TypeError);
+    });
+
+    it('throws when created_at is invalid', () => {
+      const sk = generateSecretKey();
+      assert.throws(() => finalizeEvent({ kind: 1, created_at: -1 }, sk), TypeError);
+      assert.throws(() => finalizeEvent({ kind: 1, created_at: 'now' }, sk), TypeError);
+    });
+
+    it('throws when tags is not an array', () => {
+      const sk = generateSecretKey();
+      assert.throws(() => finalizeEvent({ kind: 1, tags: 'oops' }, sk), TypeError);
+    });
+
+    it('throws when content is not a string', () => {
+      const sk = generateSecretKey();
+      assert.throws(() => finalizeEvent({ kind: 1, content: 123 }, sk), TypeError);
+    });
+  });
+
+  describe('nip98Token body must be bytes (#341 review)', () => {
+    it('accepts a string body (JSON or text)', () => {
+      const sk = generateSecretKey();
+      const tok = nip98Token('https://x.test/', 'POST', sk, '{"a":1}');
+      assert.ok(typeof tok === 'string' && tok.length > 0);
+    });
+
+    it('accepts a Uint8Array body', () => {
+      const sk = generateSecretKey();
+      const bytes = new TextEncoder().encode('{"a":1}');
+      const tok = nip98Token('https://x.test/', 'POST', sk, bytes);
+      assert.ok(typeof tok === 'string' && tok.length > 0);
+    });
+
+    it('accepts no body', () => {
+      const sk = generateSecretKey();
+      const tok = nip98Token('https://x.test/', 'GET', sk);
+      assert.ok(typeof tok === 'string' && tok.length > 0);
+    });
+
+    it('throws on a plain object (would re-serialize and not match wire bytes)', () => {
+      const sk = generateSecretKey();
+      assert.throws(
+        () => nip98Token('https://x.test/', 'POST', sk, { a: 1 }),
+        TypeError,
+        'Object body must be rejected — caller must pass exact wire bytes'
+      );
+    });
+  });
+
+  describe('validateEvent — created_at (#341 review)', () => {
+    it('rejects created_at beyond Number.MAX_SAFE_INTEGER', () => {
+      const sk = generateSecretKey();
+      const event = finalizeEvent({ kind: 1 }, sk);
+      // Manually inject a non-safe-integer to test validateEvent — we
+      // can't construct it via finalizeEvent (which now rejects too).
+      event.created_at = Number.MAX_SAFE_INTEGER + 1;
+      // Recompute id so the structural check is the only one that fires.
+      assert.strictEqual(validateEvent(event), false);
+    });
+  });
+
+  describe('test helper parity with @noble/curves', () => {
+    it('getPublicKey returns 32-byte (64 hex) x-only pubkey', () => {
+      const sk = generateSecretKey();
+      const pk = getPublicKey(sk);
+      assert.match(pk, /^[a-f0-9]{64}$/);
+      // schnorr.getPublicKey returns 32 bytes for x-only.
+      assert.strictEqual(Buffer.from(pk, 'hex').length, 32);
+    });
+
+    it('schnorr.verify (via verifyEvent) rejects events whose id was not signed', () => {
+      const sk = generateSecretKey();
+      const event = finalizeEvent({ kind: 1, tags: [], content: 'a' }, sk);
+      // Sanity: a separate raw schnorr.verify of the same event should agree.
+      assert.strictEqual(schnorr.verify(event.sig, event.id, event.pubkey), true);
+      // And our wrapper should agree.
+      assert.strictEqual(verifyEvent(event), true);
+    });
+  });
+});

package/test-git-nostr-auth.js

@@ -18,8 +18,11 @@
  * 6. Cleans up
  */
 
-import { generateSecretKey, getPublicKey } from 'nostr-tools/pure';
-import { bytesToHex } from '@noble/hashes/utils';
+import { generateSecretKey, getPublicKey } from './src/nostr/event.js';
+
+// Avoid the @noble/hashes import here — Buffer does hex conversion natively
+// and keeps the script's import surface minimal.
+const bytesToHex = (bytes) => Buffer.from(bytes).toString('hex');
 import { execSync, spawn } from 'child_process';
 import fs from 'fs-extra';
 import path from 'path';

package/test-nostr-auth.js

@@ -10,8 +10,7 @@
  * 4. Verifies the did:nostr identity is recognized
  */
 
-import { generateSecretKey, getPublicKey, finalizeEvent } from 'nostr-tools';
-import { getToken } from 'nostr-tools/nip98';
+import { generateSecretKey, getPublicKey, nip98Token } from './src/nostr/event.js';
 
 const BASE_URL = process.env.TEST_URL || 'http://localhost:4000';
 
@@ -32,7 +31,7 @@ async function main() {
 
   console.log(`2. Creating NIP-98 token for ${method} ${testUrl}`);
 
-  const token = await getToken(testUrl, method, (event) => finalizeEvent(event, sk));
+  const token = nip98Token(testUrl, method, sk);
 
   console.log(`   Token length: ${token.length} chars\n`);
 
@@ -74,7 +73,7 @@ async function main() {
   const containerUrl = `${BASE_URL}/demo/public/`;
 
   try {
-    const containerToken = await getToken(containerUrl, 'GET', (event) => finalizeEvent(event, sk));
+    const containerToken = nip98Token(containerUrl, 'GET', sk);
 
     const response = await fetch(containerUrl, {
       headers: {