openttt 0.1.0 → 0.1.2

package/LICENSE

@@ -0,0 +1,48 @@
+Business Source License 1.1
+
+Parameters
+
+Licensor:           Helm Protocol Foundation
+Licensed Work:      TikitakaTime SDK v0.1.0 (OpenTTT)
+Additional Use
+Grant:              Non-production evaluation and testing.
+Change Date:        March 14, 2030
+Change License:     Apache License, Version 2.0
+
+1.  Grant of License. Licensor hereby grants you a world-wide, royalty-free,
+    non-exclusive, non-sublicensable, non-transferable license to use the
+    Licensed Work, subject to the conditions set forth in this License.
+
+2.  Conditions. You may use the Licensed Work for any purpose, except for
+    Commercial Use.
+
+3.  Commercial Use. Commercial Use means any use of the Licensed Work that is
+    intended for or directed toward commercial advantage or monetary
+    compensation.
+
+4.  Change. On the Change Date, this License shall terminate and the Licensor
+    hereby grants you a license to the Licensed Work under the Change License.
+
+5.  Intellectual Property. This License does not grant you any rights in the
+    Intellectual Property of the Licensor, except for the license to use the
+    Licensed Work as set forth in Section 1.
+
+6.  Termination. This License shall terminate automatically if you fail to
+    comply with any of its terms and conditions.
+
+7.  Disclaimer of Warranty. THE LICENSED WORK IS PROVIDED "AS IS", WITHOUT
+    WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
+    WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+    NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+    LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
+    CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+    LICENSED WORK OR THE USE OR OTHER DEALINGS IN THE LICENSED WORK.
+
+8.  Limitation of Liability. IN NO EVENT SHALL THE LICENSOR BE LIABLE FOR ANY
+    DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+    (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+    SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+    CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+    LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+    OUT OF THE USE OF THE LICENSED WORK, EVEN IF ADVISED OF THE POSSIBILITY OF
+    SUCH DAMAGE.

package/README.md

@@ -1,12 +1,16 @@
 # OpenTTT
 
+> **Reference implementation of [draft-helmprotocol-tttps-00](https://datatracker.ietf.org/doc/draft-helmprotocol-tttps/)**
+
 **OpenSSL for Transaction Ordering** -- TLS-grade Proof of Time for DeFi.
 
 OpenTTT brings cryptographic time verification to blockchain transaction ordering. Where TLS made HTTP trustworthy, OpenTTT makes transaction sequencing verifiable. No trust assumptions. No gentleman's agreements. Physics.
 
 [![npm](https://img.shields.io/npm/v/openttt)](https://www.npmjs.com/package/openttt)
 [![License: BSL-1.1](https://img.shields.io/badge/License-BSL--1.1-blue.svg)](LICENSE)
-[![Tests](https://img.shields.io/badge/tests-104%20passing%20%C2%B7%2018%20suites-brightgreen)]()
+[![CI](https://github.com/Helm-Protocol/OpenTTT/actions/workflows/ci.yml/badge.svg)](https://github.com/Helm-Protocol/OpenTTT/actions/workflows/ci.yml)
+[![codecov](https://codecov.io/gh/Helm-Protocol/OpenTTT/branch/main/graph/badge.svg)](https://codecov.io/gh/Helm-Protocol/OpenTTT)
+[![Tests](https://img.shields.io/badge/tests-273%20passing%20%C2%B7%2029%20suites-brightgreen)]()
 
 ```
 npm install openttt
@@ -41,14 +45,14 @@ Three lines to start minting TimeTokens:
 ```typescript
 import { TTTClient } from "openttt";
 
-const ttt = await TTTClient.forBase({
-  signer: { type: "privateKey", envVar: "OPERATOR_PK" },
-});
+const ttt = await TTTClient.forBase({ privateKey: process.env.OPERATOR_PK! });
 ttt.startAutoMint();
 ```
 
 That is it. The SDK connects to Base Mainnet, synthesizes time from three atomic clock sources, and begins minting Proof-of-Time tokens at your configured tier interval.
 
+> **Shorthand**: Pass `privateKey` directly as a string instead of the full `signer` config object. The verbose form `{ signer: { type: "privateKey", key: "0x..." } }` still works for when you need other signer types (Turnkey, KMS, Privy).
+
 ---
 
 ## Progressive Disclosure
@@ -60,9 +64,7 @@ OpenTTT is designed around progressive disclosure. Start simple, add control as
 ```typescript
 import { TTTClient } from "openttt";
 
-const ttt = await TTTClient.forBase({
-  signer: { type: "privateKey", envVar: "OPERATOR_PK" },
-});
+const ttt = await TTTClient.forBase({ privateKey: process.env.OPERATOR_PK! });
 ttt.startAutoMint();
 ```
 
@@ -70,7 +72,7 @@ ttt.startAutoMint();
 
 ```typescript
 const ttt = await TTTClient.forSepolia({
-  signer: { type: "privateKey", key: process.env.OPERATOR_PK! },
+  privateKey: process.env.OPERATOR_PK!,
   rpcUrl: "https://my-rpc.example.com",
   tier: "T2_slot",
 });
@@ -111,7 +113,7 @@ OpenTTT abstracts away signer complexity. Use a raw private key for development,
 |---|---|---|
 | `privateKey` | Development, small operators | `{ type: "privateKey", key: "0x..." }` or `{ type: "privateKey", envVar: "OPERATOR_PK" }` |
 | `turnkey` | Production, TEE-backed institutional custody | `{ type: "turnkey", apiBaseUrl, organizationId, privateKeyId, apiPublicKey, apiPrivateKey }` |
-| `privy` | Embedded wallets, consumer-facing apps | `{ type: "privy", appId, appSecret }` |
+| `privy` | Embedded wallets, consumer-facing apps (coming soon) | `{ type: "privy", appId, appSecret }` |
 | `kms` | Cloud HSM (AWS KMS or GCP Cloud KMS) | `{ type: "kms", provider: "aws"\|"gcp", keyId, ... }` |
 
 **AWS KMS** requires `@aws-sdk/client-kms`. **GCP KMS** requires `@google-cloud/kms`. Both are optional peer dependencies -- install only what you use.
@@ -312,7 +314,7 @@ OpenTTT queries multiple atomic clock-synchronized NTP sources in parallel and p
 - **KRISS** (time.kriss.re.kr) -- Korean national standard
 - **Google** (time.google.com) -- Leap-smeared public NTP
 
-All readings must fall within 100ms tolerance of the synthesized median, or the Proof of Time is rejected. Single-source operation triggers a degraded-confidence warning.
+All readings must fall within a stratum-dependent tolerance of the synthesized median (10ms for stratum 1, 25ms for stratum 2, 50ms for stratum 3+), or the Proof of Time is rejected. Single-source operation triggers a degraded-confidence warning.
 
 ---
 

package/dist/auto_mint.d.ts

@@ -19,6 +19,7 @@ export declare class AutoMintEngine {
     private cachedSigner;
     private consecutiveFailures;
     private maxConsecutiveFailures;
+    private potSigner;
     constructor(config: AutoMintConfig);
     getEvmConnector(): EVMConnector;
     setOnMint(callback: (result: MintResult) => void): void;

package/dist/auto_mint.js

@@ -7,6 +7,7 @@ const time_synthesis_1 = require("./time_synthesis");
 const dynamic_fee_1 = require("./dynamic_fee");
 const evm_connector_1 = require("./evm_connector");
 const protocol_fee_1 = require("./protocol_fee");
+const pot_signer_1 = require("./pot_signer");
 const types_1 = require("./types");
 const logger_1 = require("./logger");
 const errors_1 = require("./errors");
@@ -29,6 +30,7 @@ class AutoMintEngine {
     cachedSigner = null;
     consecutiveFailures = 0;
     maxConsecutiveFailures = 5;
+    potSigner = null;
     constructor(config) {
         this.config = config;
         this.timeSynthesis = new time_synthesis_1.TimeSynthesis({ sources: config.timeSources });
@@ -40,6 +42,8 @@ class AutoMintEngine {
         if (config.signer) {
             this.cachedSigner = config.signer;
         }
+        // Initialize Ed25519 PoT signer for non-repudiation
+        this.potSigner = new pot_signer_1.PotSigner();
     }
     getEvmConnector() {
         return this.evmConnector;
@@ -162,6 +166,11 @@ class AutoMintEngine {
             throw new errors_1.TTTTimeSynthesisError(`[PoT] Insufficient confidence`, `Calculated confidence ${pot.confidence} is below required 0.5`, `Ensure more NTP sources are reachable or decrease uncertainty.`);
         }
         const potHash = ethers_1.ethers.keccak256(ethers_1.ethers.toUtf8Bytes(JSON.stringify(pot, (key, value) => typeof value === 'bigint' ? value.toString() : value)));
+        // 1-2. Ed25519 issuer signature for non-repudiation
+        if (this.potSigner) {
+            pot.issuerSignature = this.potSigner.signPot(potHash);
+            logger_1.logger.info(`[AutoMint] PoT signed by issuer ${this.potSigner.getPubKeyHex().substring(0, 16)}...`);
+        }
         // 2. tokenId 생성 (keccak256)
         // chainId, poolAddress, timestamp 기반 유니크 ID
         const tokenId = ethers_1.ethers.keccak256(ethers_1.ethers.AbiCoder.defaultAbiCoder().encode(["uint256", "address", "uint64"], [BigInt(this.config.chainId), this.config.poolAddress, synthesized.timestamp]));

package/dist/grg_forward.d.ts

@@ -1,6 +1,11 @@
 export declare class GrgForward {
     static golombEncode(data: Uint8Array, m?: number): Uint8Array;
     static redstuffEncode(data: Uint8Array, shards?: number, parity?: number): Uint8Array[];
-    static golayEncodeWrapper(data: Uint8Array): Uint8Array;
-    static encode(data: Uint8Array): Uint8Array[];
+    /**
+     * Derives an HMAC key from GRG payload context (chainId + poolAddress).
+     * Falls back to a static domain-separation key when no context is provided.
+     */
+    static deriveHmacKey(chainId?: number, poolAddress?: string): Buffer;
+    static golayEncodeWrapper(data: Uint8Array, hmacKey?: Buffer): Uint8Array;
+    static encode(data: Uint8Array, chainId?: number, poolAddress?: string): Uint8Array[];
 }

package/dist/grg_forward.js

@@ -2,6 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.GrgForward = void 0;
 const crypto_1 = require("crypto");
+const ethers_1 = require("ethers");
 const golay_1 = require("./golay");
 const reed_solomon_1 = require("./reed_solomon");
 class GrgForward {
@@ -28,18 +29,31 @@ class GrgForward {
     static redstuffEncode(data, shards = 4, parity = 2) {
         return reed_solomon_1.ReedSolomon.encode(data, shards, parity);
     }
+    /**
+     * Derives an HMAC key from GRG payload context (chainId + poolAddress).
+     * Falls back to a static domain-separation key when no context is provided.
+     */
+    static deriveHmacKey(chainId, poolAddress) {
+        if (chainId !== undefined && poolAddress) {
+            const packed = (0, ethers_1.keccak256)(ethers_1.AbiCoder.defaultAbiCoder().encode(["uint256", "address"], [chainId, poolAddress]));
+            return Buffer.from(packed.slice(2), "hex"); // 32 bytes
+        }
+        // Default domain-separation key when no context is available
+        return Buffer.from("grg-integrity-hmac-default-key-v1");
+    }
     // 3. Golay(24,12) Error Correction Encoding
-    static golayEncodeWrapper(data) {
+    static golayEncodeWrapper(data, hmacKey) {
         const encoded = (0, golay_1.golayEncode)(data);
-        // 🔱 Integrity: Append 8-byte SHA-256 hash of the encoded shard (B1-5: 4 -> 8 bytes)
-        const hash = (0, crypto_1.createHash)("sha256").update(Buffer.from(encoded)).digest();
-        const checksum = hash.subarray(0, 8);
+        // 🔱 Integrity: Append 8-byte HMAC-SHA256 of the encoded shard (keyed hash)
+        const key = hmacKey || this.deriveHmacKey();
+        const mac = (0, crypto_1.createHmac)("sha256", key).update(Buffer.from(encoded)).digest();
+        const checksum = mac.subarray(0, 8);
         const final = new Uint8Array(encoded.length + 8);
         final.set(encoded);
         final.set(checksum, encoded.length);
         return final;
     }
-    static encode(data) {
+    static encode(data, chainId, poolAddress) {
         // R3-P0-3: Reject empty input — roundtrip breaks ([] → [0])
         if (data.length === 0) {
             throw new Error("[GRG] Cannot encode empty input — roundtrip identity violation");
@@ -53,7 +67,8 @@ class GrgForward {
         withLen[3] = data.length & 0xFF;
         withLen.set(compressed, 4);
         const shards = this.redstuffEncode(withLen);
-        return shards.map(s => this.golayEncodeWrapper(s));
+        const hmacKey = this.deriveHmacKey(chainId, poolAddress);
+        return shards.map(s => this.golayEncodeWrapper(s, hmacKey));
     }
 }
 exports.GrgForward = GrgForward;

package/dist/grg_inverse.d.ts

@@ -1,7 +1,7 @@
 export declare class GrgInverse {
-    static golayDecodeWrapper(data: Uint8Array): Uint8Array;
+    static golayDecodeWrapper(data: Uint8Array, hmacKey?: Buffer): Uint8Array;
     static redstuffDecode(shards: (Uint8Array | null)[], dataShardCount?: number, parityShardCount?: number): Uint8Array;
     private static readonly MAX_GOLOMB_Q;
     static golombDecode(data: Uint8Array, m?: number): Uint8Array;
-    static verify(data: Uint8Array, originalShards: Uint8Array[]): boolean;
+    static verify(data: Uint8Array, originalShards: Uint8Array[], chainId?: number, poolAddress?: string): boolean;
 }

package/dist/grg_inverse.js

@@ -3,21 +3,23 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.GrgInverse = void 0;
 const crypto_1 = require("crypto");
 const golay_1 = require("./golay");
+const grg_forward_1 = require("./grg_forward");
 const logger_1 = require("./logger");
 const reed_solomon_1 = require("./reed_solomon");
 class GrgInverse {
     // 1. Golay Decoding & Integrity Check 🔱
-    static golayDecodeWrapper(data) {
+    static golayDecodeWrapper(data, hmacKey) {
         if (data.length < 8)
             throw new Error("GRG shard too short for checksum");
         // Split data and checksum (last 8 bytes)
         const encoded = data.subarray(0, data.length - 8);
         const checksum = data.subarray(data.length - 8);
-        // Verify SHA-256 Checksum (B1-5: 4 -> 8 bytes)
-        const hash = (0, crypto_1.createHash)("sha256").update(Buffer.from(encoded)).digest();
-        const expected = hash.subarray(0, 8);
+        // Verify HMAC-SHA256 Checksum (keyed hash, B1-5: 8 bytes truncated)
+        const key = hmacKey || grg_forward_1.GrgForward.deriveHmacKey();
+        const mac = (0, crypto_1.createHmac)("sha256", key).update(Buffer.from(encoded)).digest();
+        const expected = mac.subarray(0, 8);
         if (!Buffer.from(checksum).equals(Buffer.from(expected))) {
-            throw new Error("GRG tamper detected: SHA-256 checksum mismatch");
+            throw new Error("GRG tamper detected: HMAC-SHA256 checksum mismatch");
         }
         // Proceed to Golay decode
         const res = (0, golay_1.golayDecode)(encoded);
@@ -62,11 +64,12 @@ class GrgInverse {
         }
         return new Uint8Array(result);
     }
-    static verify(data, originalShards) {
+    static verify(data, originalShards, chainId, poolAddress) {
         try {
+            const hmacKey = grg_forward_1.GrgForward.deriveHmacKey(chainId, poolAddress);
             const decodedShards = originalShards.map(s => {
                 try {
-                    return this.golayDecodeWrapper(s);
+                    return this.golayDecodeWrapper(s, hmacKey);
                 }
                 catch {
                     return null;

package/dist/index.d.ts

@@ -19,3 +19,4 @@ export * from "./signer";
 export * from "./networks";
 export * from "./reed_solomon";
 export * from "./errors";
+export * from "./pot_signer";

package/dist/index.js

@@ -36,3 +36,4 @@ __exportStar(require("./signer"), exports);
 __exportStar(require("./networks"), exports);
 __exportStar(require("./reed_solomon"), exports);
 __exportStar(require("./errors"), exports);
+__exportStar(require("./pot_signer"), exports);

package/dist/pot_signer.d.ts

@@ -0,0 +1,29 @@
+export interface PotSignature {
+    issuerPubKey: string;
+    signature: string;
+    issuedAt: bigint;
+}
+export declare class PotSigner {
+    private privateKey;
+    private publicKey;
+    private pubKeyHex;
+    constructor(privateKeyHex?: string);
+    /** Returns the hex-encoded SPKI DER public key */
+    getPubKeyHex(): string;
+    /** Returns the hex-encoded PKCS8 DER private key (for persistence) */
+    getPrivateKeyHex(): string;
+    /**
+     * Sign a PoT hash with Ed25519.
+     * @param potHash - hex string (with or without 0x prefix) of the PoT hash
+     * @returns PotSignature with issuerPubKey, signature, and issuedAt
+     */
+    signPot(potHash: string): PotSignature;
+    /**
+     * Verify a PotSignature against a PoT hash.
+     * @param potHash - hex string (with or without 0x prefix)
+     * @param potSig - the PotSignature to verify
+     * @param expectedPubKey - optional: reject if issuerPubKey doesn't match
+     * @returns true if signature is valid
+     */
+    static verifyPotSignature(potHash: string, potSig: PotSignature, expectedPubKey?: string): boolean;
+}

package/dist/pot_signer.js

@@ -0,0 +1,73 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PotSigner = void 0;
+// sdk/src/pot_signer.ts — Ed25519 signing for Proof of Time (Non-repudiation)
+// Uses Node.js built-in crypto.sign/verify with Ed25519
+const crypto_1 = require("crypto");
+class PotSigner {
+    privateKey;
+    publicKey;
+    pubKeyHex;
+    constructor(privateKeyHex) {
+        if (privateKeyHex) {
+            // Import existing key from PKCS8 DER hex
+            const keyBuffer = Buffer.from(privateKeyHex, 'hex');
+            this.privateKey = (0, crypto_1.createPrivateKey)({ key: keyBuffer, format: 'der', type: 'pkcs8' });
+            this.publicKey = (0, crypto_1.createPublicKey)(this.privateKey);
+        }
+        else {
+            // Generate new Ed25519 keypair
+            const { privateKey, publicKey } = (0, crypto_1.generateKeyPairSync)('ed25519');
+            this.privateKey = privateKey;
+            this.publicKey = publicKey;
+        }
+        this.pubKeyHex = this.publicKey.export({ type: 'spki', format: 'der' }).toString('hex');
+    }
+    /** Returns the hex-encoded SPKI DER public key */
+    getPubKeyHex() {
+        return this.pubKeyHex;
+    }
+    /** Returns the hex-encoded PKCS8 DER private key (for persistence) */
+    getPrivateKeyHex() {
+        return this.privateKey.export({ type: 'pkcs8', format: 'der' }).toString('hex');
+    }
+    /**
+     * Sign a PoT hash with Ed25519.
+     * @param potHash - hex string (with or without 0x prefix) of the PoT hash
+     * @returns PotSignature with issuerPubKey, signature, and issuedAt
+     */
+    signPot(potHash) {
+        const data = Buffer.from(potHash.startsWith('0x') ? potHash.slice(2) : potHash, 'hex');
+        const sig = (0, crypto_1.sign)(null, data, this.privateKey);
+        return {
+            issuerPubKey: this.pubKeyHex,
+            signature: sig.toString('hex'),
+            issuedAt: BigInt(Math.floor(Date.now() / 1000)),
+        };
+    }
+    /**
+     * Verify a PotSignature against a PoT hash.
+     * @param potHash - hex string (with or without 0x prefix)
+     * @param potSig - the PotSignature to verify
+     * @param expectedPubKey - optional: reject if issuerPubKey doesn't match
+     * @returns true if signature is valid
+     */
+    static verifyPotSignature(potHash, potSig, expectedPubKey) {
+        if (expectedPubKey && potSig.issuerPubKey !== expectedPubKey)
+            return false;
+        try {
+            const data = Buffer.from(potHash.startsWith('0x') ? potHash.slice(2) : potHash, 'hex');
+            const sigBuffer = Buffer.from(potSig.signature, 'hex');
+            const pubKey = (0, crypto_1.createPublicKey)({
+                key: Buffer.from(potSig.issuerPubKey, 'hex'),
+                format: 'der',
+                type: 'spki',
+            });
+            return (0, crypto_1.verify)(null, data, pubKey, sigBuffer);
+        }
+        catch {
+            return false;
+        }
+    }
+}
+exports.PotSigner = PotSigner;

package/dist/time_synthesis.d.ts

@@ -13,6 +13,9 @@ export declare class NTPSource implements TimeSource {
 }
 export declare class TimeSynthesis {
     private sources;
+    private usedNonces;
+    private readonly MAX_NONCE_CACHE;
+    private readonly NONCE_TTL_MS;
     constructor(config?: {
         sources?: string[];
     });
@@ -24,6 +27,8 @@ export declare class TimeSynthesis {
     generateProofOfTime(): Promise<ProofOfTime>;
     /**
      * Verify Proof of Time integrity.
+     * Fix 2: Checks expiration and nonce replay.
+     * Fix 3: Uses sourceReadings (renamed from signatures).
      */
     verifyProofOfTime(pot: ProofOfTime): boolean;
     /**
@@ -40,6 +45,7 @@ export declare class TimeSynthesis {
     static deserializeFromJSON(json: string): ProofOfTime;
     /**
      * Serializes PoT to compact binary format.
+     * Layout: header(19) + nonce(1+N) + expiresAt(8) + readings(variable)
      */
     static serializeToBinary(pot: ProofOfTime): Buffer;
     /**

package/dist/time_synthesis.js

@@ -34,6 +34,7 @@ var __importStar = (this && this.__importStar) || (function () {
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.TimeSynthesis = exports.NTPSource = void 0;
+const crypto = __importStar(require("crypto"));
 const dgram = __importStar(require("dgram"));
 const buffer_1 = require("buffer");
 const ethers_1 = require("ethers");
@@ -132,6 +133,10 @@ class NTPSource {
 exports.NTPSource = NTPSource;
 class TimeSynthesis {
     sources = [];
+    // Fix 2: Bounded nonce replay cache (max 10K entries, 60s TTL) — same pattern as protocol_fee.ts
+    usedNonces = new Map();
+    MAX_NONCE_CACHE = 10000;
+    NONCE_TTL_MS = 60000; // 60 seconds
     constructor(config) {
         const sourceNames = config?.sources || ['nist', 'kriss', 'google'];
         for (const s of sourceNames) {
@@ -233,18 +238,23 @@ class TimeSynthesis {
             finalUncertainty = readings[mid].uncertainty;
             finalStratum = readings[mid].stratum;
         }
-        const signatures = readings.map(r => ({
+        const sourceReadings = readings.map(r => ({
             source: r.source,
             timestamp: r.timestamp,
             uncertainty: r.uncertainty
         }));
+        // Fix 2: PoT nonce + expiration for replay protection
+        const nonce = crypto.randomBytes(16).toString("hex");
+        const expiresAt = BigInt(Date.now()) + 60000n; // +60 seconds
         const pot = {
             timestamp: finalTimestamp,
             uncertainty: finalUncertainty,
             sources: readings.length,
             stratum: finalStratum,
             confidence: readings.length / this.sources.length,
-            signatures
+            sourceReadings,
+            nonce,
+            expiresAt,
         };
         // Verification Logic: Ensure all source timestamps are within tolerance of synthesized median
         if (!this.verifyProofOfTime(pot)) {
@@ -254,17 +264,44 @@ class TimeSynthesis {
     }
     /**
      * Verify Proof of Time integrity.
+     * Fix 2: Checks expiration and nonce replay.
+     * Fix 3: Uses sourceReadings (renamed from signatures).
      */
     verifyProofOfTime(pot) {
         const TOLERANCE_NS = 100000000n; // 100ms
-        if (pot.signatures.length === 0)
+        if (pot.sourceReadings.length === 0)
             return false;
         if (pot.confidence <= 0)
             return false;
-        for (const sig of pot.signatures) {
+        // Fix 2: Expiration check
+        if (BigInt(Date.now()) > pot.expiresAt) {
+            logger_1.logger.warn(`[TimeSynthesis] PoT expired at ${pot.expiresAt}`);
+            return false;
+        }
+        // Fix 2: Nonce replay protection with bounded cache + TTL cleanup
+        const now = Date.now();
+        // TTL cleanup pass (evict expired entries)
+        if (this.usedNonces.size > this.MAX_NONCE_CACHE / 2) {
+            for (const [k, ts] of this.usedNonces) {
+                if (now - ts > this.NONCE_TTL_MS)
+                    this.usedNonces.delete(k);
+            }
+        }
+        if (this.usedNonces.has(pot.nonce)) {
+            logger_1.logger.warn(`[TimeSynthesis] Duplicate nonce detected: ${pot.nonce}`);
+            return false;
+        }
+        if (this.usedNonces.size >= this.MAX_NONCE_CACHE) {
+            // Evict oldest entry
+            const oldest = this.usedNonces.keys().next().value;
+            if (oldest !== undefined)
+                this.usedNonces.delete(oldest);
+        }
+        this.usedNonces.set(pot.nonce, now);
+        for (const sig of pot.sourceReadings) {
             const diff = sig.timestamp > pot.timestamp ? sig.timestamp - pot.timestamp : pot.timestamp - sig.timestamp;
             if (diff > TOLERANCE_NS) {
-                logger_1.logger.warn(`[TimeSynthesis] Signature from ${sig.source} outside tolerance: ${diff}ns`);
+                logger_1.logger.warn(`[TimeSynthesis] Reading from ${sig.source} outside tolerance: ${diff}ns`);
                 return false;
             }
         }
@@ -296,7 +333,8 @@ class TimeSynthesis {
         return {
             ...data,
             timestamp: BigInt(data.timestamp),
-            signatures: data.signatures.map((s) => ({
+            expiresAt: BigInt(data.expiresAt),
+            sourceReadings: data.sourceReadings.map((s) => ({
                 ...s,
                 timestamp: BigInt(s.timestamp)
             }))
@@ -304,11 +342,14 @@ class TimeSynthesis {
     }
     /**
      * Serializes PoT to compact binary format.
+     * Layout: header(19) + nonce(1+N) + expiresAt(8) + readings(variable)
      */
     static serializeToBinary(pot) {
-        // Header: timestamp(8), uncertainty(4), sources(1), stratum(1), confidence(4), sigCount(1) = 19 bytes
-        let size = 19;
-        for (const sig of pot.signatures) {
+        const nonceBytes = buffer_1.Buffer.from(pot.nonce, "utf8");
+        // Header: timestamp(8) + uncertainty(4) + sources(1) + stratum(1) + confidence(4) + readingCount(1) = 19
+        // + nonceLen(1) + nonce(N) + expiresAt(8)
+        let size = 19 + 1 + nonceBytes.length + 8;
+        for (const sig of pot.sourceReadings) {
             size += 1 + sig.source.length + 8 + 4; // nameLen(1) + name(N) + ts(8) + unc(4)
         }
         const buf = buffer_1.Buffer.alloc(size);
@@ -323,9 +364,17 @@ class TimeSynthesis {
         offset += 1;
         buf.writeFloatBE(pot.confidence, offset);
         offset += 4;
-        buf.writeUInt8(pot.signatures.length, offset);
+        buf.writeUInt8(pot.sourceReadings.length, offset);
+        offset += 1;
+        // Nonce
+        buf.writeUInt8(nonceBytes.length, offset);
         offset += 1;
-        for (const sig of pot.signatures) {
+        nonceBytes.copy(buf, offset);
+        offset += nonceBytes.length;
+        // ExpiresAt
+        buf.writeBigUInt64BE(pot.expiresAt, offset);
+        offset += 8;
+        for (const sig of pot.sourceReadings) {
             buf.writeUInt8(sig.source.length, offset);
             offset += 1;
             buf.write(sig.source, offset);
@@ -354,7 +403,15 @@ class TimeSynthesis {
         offset += 4;
         const sigCount = buf.readUInt8(offset);
         offset += 1;
-        const signatures = [];
+        // Nonce
+        const nonceLen = buf.readUInt8(offset);
+        offset += 1;
+        const nonce = buf.toString('utf8', offset, offset + nonceLen);
+        offset += nonceLen;
+        // ExpiresAt
+        const expiresAt = buf.readBigUInt64BE(offset);
+        offset += 8;
+        const sourceReadings = [];
         for (let i = 0; i < sigCount; i++) {
             const nameLen = buf.readUInt8(offset);
             offset += 1;
@@ -364,9 +421,9 @@ class TimeSynthesis {
             offset += 8;
             const unc = buf.readFloatBE(offset);
             offset += 4;
-            signatures.push({ source, timestamp: ts, uncertainty: unc });
+            sourceReadings.push({ source, timestamp: ts, uncertainty: unc });
         }
-        return { timestamp, uncertainty, sources, stratum, confidence, signatures };
+        return { timestamp, uncertainty, sources, stratum, confidence, sourceReadings, nonce, expiresAt };
     }
 }
 exports.TimeSynthesis = TimeSynthesis;

package/dist/types.d.ts

@@ -1,6 +1,7 @@
 import { Signer } from "ethers";
 import { SignerConfig } from "./signer";
 import { NetworkConfig } from "./networks";
+import { PotSignature } from "./pot_signer";
 export type TierType = "T0_epoch" | "T1_block" | "T2_slot" | "T3_micro";
 export declare const TierIntervals: Record<TierType, number>;
 /**
@@ -133,9 +134,13 @@ export interface ProofOfTime {
     sources: number;
     stratum: number;
     confidence: number;
-    signatures: {
+    sourceReadings: {
         source: string;
         timestamp: bigint;
         uncertainty: number;
     }[];
+    nonce: string;
+    expiresAt: bigint;
+    issuerSignature?: PotSignature;
 }
+export type { PotSignature } from "./pot_signer";