openttt 0.2.10 → 0.2.12

package/dist/dynamic_fee.d.ts

@@ -1,75 +0,0 @@
-export declare const TIER_USD_MICRO: Record<string, bigint>;
-export declare const FEE_TIERS: {
-    BOOTSTRAP: {
-        mintFee: bigint;
-        burnFee: bigint;
-        threshold: bigint;
-    };
-    GROWTH: {
-        mintFee: bigint;
-        burnFee: bigint;
-        threshold: bigint;
-    };
-    MATURE: {
-        mintFee: bigint;
-        burnFee: bigint;
-        threshold: bigint;
-    };
-    PREMIUM: {
-        mintFee: bigint;
-        burnFee: bigint;
-        threshold: bigint;
-    };
-};
-export interface FeeCalculation {
-    tttAmount: bigint;
-    protocolFeeUsd: bigint;
-    feeToken: string;
-    feeTokenAddress: string;
-    clientNet: bigint;
-    tttPriceUsd: bigint;
-    usdCost: bigint;
-    feeRateMint: bigint;
-    feeRateBurn: bigint;
-    tier: string;
-}
-export interface PriceOracleConfig {
-    poolAddress?: string;
-    chainlinkFeed?: string;
-    cacheDurationMs: number;
-    fallbackPriceUsd: bigint;
-}
-export declare class DynamicFeeEngine {
-    private priceCache;
-    private provider;
-    private rpcUrls;
-    private config;
-    private warnedSpotPrice;
-    private static readonly RECOMMENDED_MAX_CACHE_MS;
-    constructor(config: PriceOracleConfig);
-    /**
-     * Connect to an RPC provider. Accepts a single URL or an array of URLs
-     * for multi-RPC fallback. On connection failure, the next URL is tried.
-     */
-    connect(rpcUrl: string | string[]): Promise<void>;
-    /**
-     * Iterate through stored RPC URLs and connect to the first one that succeeds.
-     * Throws if all URLs fail.
-     */
-    private connectToNext;
-    getTTTPriceUsd(): Promise<bigint>;
-    /**
-     * Force-invalidate price cache -- call when immediate price refresh is needed.
-     */
-    invalidateCache(): void;
-    private fetchUniswapPrice;
-    private fetchChainlinkPrice;
-    getFeeRate(tttPriceUsd: bigint): {
-        mintFee: bigint;
-        burnFee: bigint;
-        phase: string;
-    };
-    calculateMintFee(tier: string, tickCount?: number, feeToken?: string, feeTokenAddress?: string): Promise<FeeCalculation>;
-    calculateBurnFee(tier: string, tickCount?: number, feeToken?: string, feeTokenAddress?: string): Promise<FeeCalculation>;
-    calculateEmergencyMintFee(tier: string, tickCount?: number): Promise<FeeCalculation>;
-}

package/dist/dynamic_fee.js

@@ -1,254 +0,0 @@
-"use strict";
-// sdk/src/dynamic_fee.ts — Dynamic Fee Engine
-// Automatically adjusts tick cost based on TTT market price
-// DEX operators only set tier; the SDK handles the rest automatically
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.DynamicFeeEngine = exports.FEE_TIERS = exports.TIER_USD_MICRO = void 0;
-const ethers_1 = require("ethers");
-const logger_1 = require("./logger");
-// Target USD cost per tier (Scale: 1e6)
-//
-// PRICING (2026-03-14 감사 수정):
-//   T2/T3 가격 하향 — 감사 결과 "트랜잭션당 1틱 소비" 구조에서
-//   매 틱 판매 가정은 비현실적. 볼륨 기반 수익 구조로 전환.
-//   T2: $0.24 → $0.05 (4.8x 하향)
-//   T3: $12.00 → $0.10 (120x 하향)
-//
-// YP discrepancies (code is authoritative in all cases):
-//   YP5: TURBO entry threshold — YP says 90%, code uses 95% (more conservative).
-//   YP6: BOOTSTRAP mintFee — YP says 3%, code uses 5% (500 basis points).
-//   YP7: PoT min confidence — YP says 0.7, code uses 0.5 (auto_mint.ts).
-exports.TIER_USD_MICRO = {
-    T0_epoch: 1000n, // $0.001 * 1e6
-    T1_block: 10000n, // $0.01 * 1e6
-    T2_slot: 50000n, // $0.05 * 1e6 — 감사 수정: 볼륨 기반 수익 구조
-    T3_micro: 100000n, // $0.10 * 1e6 — 감사 수정: 트랜잭션당 1틱 소비 기준
-};
-// Helm protocol fee tiers (Scale: 1e4, e.g., 500 = 5%)
-exports.FEE_TIERS = {
-    BOOTSTRAP: { mintFee: 500n, burnFee: 200n, threshold: 5000n }, // threshold: $0.005 * 1e6
-    GROWTH: { mintFee: 1000n, burnFee: 300n, threshold: 50000n }, // threshold: $0.05 * 1e6
-    MATURE: { mintFee: 1000n, burnFee: 500n, threshold: 500000n }, // threshold: $0.50 * 1e6
-    PREMIUM: { mintFee: 800n, burnFee: 500n, threshold: -1n }, // Infinity replacement
-};
-class DynamicFeeEngine {
-    priceCache = null;
-    provider = null;
-    rpcUrls = [];
-    config;
-    warnedSpotPrice = false;
-    // P2-3: Recommended max cache duration for DEX price freshness
-    static RECOMMENDED_MAX_CACHE_MS = 5000;
-    constructor(config) {
-        // R3-P0-1: Prevent division by zero in all fee calculations
-        if (config.fallbackPriceUsd <= 0n) {
-            throw new Error(`[DynamicFee] fallbackPriceUsd must be > 0, got: ${config.fallbackPriceUsd}`);
-        }
-        this.config = config;
-        // P2-3: Warn if cache duration is too long for DEX pricing
-        if (config.cacheDurationMs > DynamicFeeEngine.RECOMMENDED_MAX_CACHE_MS) {
-            logger_1.logger.warn(`[DynamicFee] cacheDurationMs=${config.cacheDurationMs}ms exceeds recommended ${DynamicFeeEngine.RECOMMENDED_MAX_CACHE_MS}ms for DEX pricing accuracy`);
-        }
-    }
-    /**
-     * Connect to an RPC provider. Accepts a single URL or an array of URLs
-     * for multi-RPC fallback. On connection failure, the next URL is tried.
-     */
-    async connect(rpcUrl) {
-        const urls = Array.isArray(rpcUrl) ? rpcUrl : [rpcUrl];
-        if (urls.length === 0 || urls.every(u => !u)) {
-            throw new Error("[DynamicFee] At least one valid RPC URL is required");
-        }
-        this.rpcUrls = urls.filter(u => !!u);
-        await this.connectToNext();
-    }
-    /**
-     * Iterate through stored RPC URLs and connect to the first one that succeeds.
-     * Throws if all URLs fail.
-     */
-    async connectToNext() {
-        let lastError = null;
-        for (const url of this.rpcUrls) {
-            try {
-                const provider = new ethers_1.JsonRpcProvider(url);
-                // Verify connectivity by requesting the network
-                await provider.getNetwork();
-                this.provider = provider;
-                logger_1.logger.info(`[DynamicFee] Connected to RPC: ${url}`);
-                return;
-            }
-            catch (err) {
-                lastError = err instanceof Error ? err : new Error(String(err));
-                logger_1.logger.warn(`[DynamicFee] RPC connection failed for ${url}: ${lastError.message}`);
-            }
-        }
-        // If all URLs failed, fall back to the first URL without connectivity check
-        // so that subsequent calls can still attempt requests
-        this.provider = new ethers_1.JsonRpcProvider(this.rpcUrls[0]);
-        logger_1.logger.warn(`[DynamicFee] All RPC URLs failed connectivity check, using first URL as fallback`);
-    }
-    async getTTTPriceUsd() {
-        const now = Date.now();
-        if (this.priceCache && (now - this.priceCache.timestamp) < this.config.cacheDurationMs) {
-            return this.priceCache.price;
-        }
-        try {
-            let price;
-            // R4-P1-2: Chainlink FIRST (resistant to flash loan), Uniswap spot as fallback only
-            if (this.config.chainlinkFeed && this.provider) {
-                price = await this.fetchChainlinkPrice();
-            }
-            else if (this.config.poolAddress && this.provider) {
-                // To suppress this warning, set `chainlinkFeed` in PriceOracleConfig to a
-                // Chainlink AggregatorV3 address (e.g. the TTT/USD feed on your target chain).
-                // Chainlink TWAP prices are resistant to single-block flash loan manipulation.
-                if (!this.warnedSpotPrice) {
-                    logger_1.logger.warn("[DynamicFee] Using Uniswap spot price — vulnerable to flash loan manipulation. Configure chainlinkFeed for production.");
-                    this.warnedSpotPrice = true;
-                }
-                price = await this.fetchUniswapPrice();
-            }
-            else {
-                price = this.config.fallbackPriceUsd;
-            }
-            if (price <= 0n) {
-                logger_1.logger.warn(`[DynamicFee] Invalid price ${price}, using fallback ${this.config.fallbackPriceUsd}`);
-                price = this.config.fallbackPriceUsd;
-                // R3-P0-1: Double-guard — fallback validated in constructor but belt-and-suspenders
-                if (price <= 0n)
-                    throw new Error("[DynamicFee] FATAL: fallbackPriceUsd is zero — cannot calculate fees");
-            }
-            this.priceCache = { price, timestamp: now };
-            return price;
-        }
-        catch (error) {
-            logger_1.logger.warn(`[DynamicFee] Price fetch failed, using fallback`);
-            return this.config.fallbackPriceUsd;
-        }
-    }
-    /**
-     * Force-invalidate price cache -- call when immediate price refresh is needed.
-     */
-    invalidateCache() {
-        this.priceCache = null;
-        logger_1.logger.info(`[DynamicFee] Price cache invalidated`);
-    }
-    async fetchUniswapPrice() {
-        if (!this.provider || !this.config.poolAddress)
-            return this.config.fallbackPriceUsd;
-        const stateViewAbi = ["function getSlot0(bytes32 poolId) external view returns (uint160 sqrtPriceX96, int24 tick, uint24 protocolFee, uint24 lpFee)"];
-        try {
-            const contract = new ethers_1.Contract(this.config.poolAddress, stateViewAbi, this.provider);
-            const poolId = ethers_1.ethers.keccak256(ethers_1.ethers.AbiCoder.defaultAbiCoder().encode(["address"], [this.config.poolAddress]));
-            const [sqrtPriceX96] = await contract.getSlot0(poolId);
-            // B1-7: Unified Uniswap price scaling
-            const priceScaled = (BigInt(sqrtPriceX96) * BigInt(sqrtPriceX96) * 1000000n) >> 192n;
-            return priceScaled;
-        }
-        catch (error) {
-            logger_1.logger.warn(`[DynamicFee] Uniswap price fetch failed, using fallback: ${error instanceof Error ? error.message : error}`);
-            return this.config.fallbackPriceUsd;
-        }
-    }
-    async fetchChainlinkPrice() {
-        if (!this.provider || !this.config.chainlinkFeed)
-            return this.config.fallbackPriceUsd;
-        const feedAbi = ["function latestRoundData() external view returns (uint80 roundId, int256 answer, uint256 startedAt, uint256 updatedAt, uint80 answeredInRound)"];
-        const MAX_PRICE = 10n ** 12n; // B1-8: Max price 10^12n
-        try {
-            const contract = new ethers_1.Contract(this.config.chainlinkFeed, feedAbi, this.provider);
-            const [, answer, , updatedAt] = await contract.latestRoundData();
-            // B1-8: Check updatedAt (within 1 hour) and price <= MAX_PRICE
-            const now = BigInt(Math.floor(Date.now() / 1000));
-            // P2-4: Tightened staleness check from 3600s to 1800s (30 min)
-            if (now - BigInt(updatedAt) > 1800n) {
-                throw new Error("Chainlink price stale (>30min)");
-            }
-            const price = BigInt(answer) / 100n; // 8 decimals -> 6 decimals
-            if (price > MAX_PRICE) {
-                throw new Error("Chainlink price exceeds MAX_PRICE");
-            }
-            return price;
-        }
-        catch (error) {
-            logger_1.logger.warn(`[DynamicFee] Chainlink price fetch failed, using fallback: ${error instanceof Error ? error.message : error}`);
-            return this.config.fallbackPriceUsd;
-        }
-    }
-    getFeeRate(tttPriceUsd) {
-        if (tttPriceUsd < exports.FEE_TIERS.BOOTSTRAP.threshold) {
-            return { ...exports.FEE_TIERS.BOOTSTRAP, phase: "BOOTSTRAP" };
-        }
-        else if (tttPriceUsd < exports.FEE_TIERS.GROWTH.threshold) {
-            return { ...exports.FEE_TIERS.GROWTH, phase: "GROWTH" };
-        }
-        else if (tttPriceUsd < exports.FEE_TIERS.MATURE.threshold) {
-            return { ...exports.FEE_TIERS.MATURE, phase: "MATURE" };
-        }
-        else {
-            return { ...exports.FEE_TIERS.PREMIUM, phase: "PREMIUM" };
-        }
-    }
-    async calculateMintFee(tier, tickCount = 1, feeToken = "USDC", feeTokenAddress = "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913") {
-        // B1-4: Throw if tickCount <= 0
-        if (tickCount <= 0)
-            throw new Error("[DynamicFee] tickCount must be positive");
-        if (!exports.TIER_USD_MICRO[tier])
-            throw new Error(`[DynamicFee] Invalid tier: ${tier}`);
-        const tttPriceUsd = await this.getTTTPriceUsd(); // 6 decimals
-        const usdTarget = exports.TIER_USD_MICRO[tier]; // 6 decimals
-        const feeRate = this.getFeeRate(tttPriceUsd);
-        const totalUsdCost = usdTarget * BigInt(tickCount); // 6 decimals
-        // tttAmount = (totalUsdCost / tttPriceUsd) * 1e18
-        const tttAmount = (totalUsdCost * (10n ** 18n)) / tttPriceUsd;
-        // protocolFeeUsd = totalUsdCost * feeRate / 10000
-        const protocolFeeUsd = (totalUsdCost * feeRate.mintFee) / 10000n;
-        return {
-            tttAmount,
-            protocolFeeUsd,
-            feeToken,
-            feeTokenAddress,
-            clientNet: tttAmount,
-            tttPriceUsd,
-            usdCost: totalUsdCost + protocolFeeUsd,
-            feeRateMint: feeRate.mintFee,
-            feeRateBurn: feeRate.burnFee,
-            tier,
-        };
-    }
-    async calculateBurnFee(tier, tickCount = 1, feeToken = "USDC", feeTokenAddress = "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913") {
-        // B1-4: Throw if tickCount <= 0
-        if (tickCount <= 0)
-            throw new Error("[DynamicFee] tickCount must be positive");
-        if (!exports.TIER_USD_MICRO[tier])
-            throw new Error(`[DynamicFee] Invalid tier: ${tier}`);
-        const tttPriceUsd = await this.getTTTPriceUsd();
-        const usdTarget = exports.TIER_USD_MICRO[tier];
-        const feeRate = this.getFeeRate(tttPriceUsd);
-        const totalUsdCost = usdTarget * BigInt(tickCount);
-        const tttAmount = (totalUsdCost * (10n ** 18n)) / tttPriceUsd;
-        const protocolFeeUsd = (totalUsdCost * feeRate.burnFee) / 10000n;
-        return {
-            tttAmount,
-            protocolFeeUsd,
-            feeToken,
-            feeTokenAddress,
-            clientNet: tttAmount,
-            tttPriceUsd,
-            usdCost: totalUsdCost + protocolFeeUsd,
-            feeRateMint: feeRate.mintFee,
-            feeRateBurn: feeRate.burnFee,
-            tier,
-        };
-    }
-    async calculateEmergencyMintFee(tier, tickCount = 1) {
-        const base = await this.calculateMintFee(tier, tickCount);
-        const emergencyFeeUsd = (base.protocolFeeUsd * 150n) / 100n;
-        return {
-            ...base,
-            protocolFeeUsd: emergencyFeeUsd,
-            usdCost: (base.usdCost * 150n) / 100n,
-        };
-    }
-}
-exports.DynamicFeeEngine = DynamicFeeEngine;

package/dist/http_client.d.ts

@@ -1,98 +0,0 @@
-/**
- * TTTClient.httpOnly() — Zero-friction Proof of Time
- * No ETH, no signer, no on-chain. Just verified time.
- *
- * Usage:
- *   const client = TTTClient.httpOnly();
- *   const pot = await client.generatePoT();
- *   console.log(pot.timestamp, pot.confidence);
- *
- * Time sources: NIST, Apple, Google, Cloudflare HTTPS Date headers.
- * HMAC-SHA256 signature — no ethers.js dependency required.
- */
-import { ProofOfTime } from "./types";
-export interface HttpPoT {
-    /** Synthesized timestamp in Unix nanoseconds (bigint). */
-    timestamp: bigint;
-    /** Fraction of configured sources that responded (0.0–1.0). */
-    confidence: number;
-    /** Lowest NTP stratum observed across sources (2 for HTTPS Date headers). */
-    stratum: number;
-    /** Number of sources that successfully responded. */
-    sources: number;
-    /** Per-source readings used to compute the median. */
-    sourceReadings: {
-        source: string;
-        timestamp: bigint;
-        uncertainty: number;
-        stratum?: number;
-    }[];
-    /** Replay-protection nonce (hex). */
-    nonce: string;
-    /** Expiry timestamp in Unix milliseconds (bigint). */
-    expiresAt: bigint;
-    /** HMAC-SHA256 over canonical fields, hex-encoded. */
-    hmac: string;
-}
-export interface HttpPoTVerifyResult {
-    valid: boolean;
-    reason?: string;
-}
-export interface HttpOnlyClientOptions {
-    /**
-     * Override HMAC secret for non-sandbox usage.
-     * Defaults to a fixed sandbox key — sufficient for local verification only.
-     */
-    hmacSecret?: string;
-    /**
-     * Per-source request timeout in ms. Default: 3000.
-     */
-    timeoutMs?: number;
-    /**
-     * PoT validity window in seconds. Default: 60.
-     */
-    expirySeconds?: number;
-    /**
-     * Maximum divergence allowed between sources in nanoseconds.
-     * Default: 2_000_000_000n (2 seconds — lenient for HTTPS Date 1s resolution).
-     */
-    toleranceNs?: bigint;
-}
-/**
- * HttpOnlyClient — zero-dependency Proof of Time over HTTPS.
- *
- * Fetches time from NIST, Apple, Google, and Cloudflare HTTPS endpoints,
- * computes the median, and returns a PoT with HMAC integrity protection.
- *
- * No ETH, no signer, no on-chain interaction required.
- */
-export declare class HttpOnlyClient {
-    private readonly hmacSecret;
-    private readonly timeoutMs;
-    private readonly expirySeconds;
-    private readonly toleranceNs;
-    private readonly usedNonces;
-    private readonly NONCE_TTL_MS;
-    private readonly MAX_NONCE_CACHE;
-    constructor(options?: HttpOnlyClientOptions);
-    /**
-     * Fetch time from all four HTTPS sources, compute median, return PoT.
-     * Requires at least 1 source to succeed.
-     */
-    generatePoT(): Promise<HttpPoT>;
-    /**
-     * Verify an HttpPoT:
-     * - HMAC integrity check
-     * - Expiry check
-     * - Nonce replay protection
-     * - Source divergence tolerance check
-     *
-     * No on-chain interaction. Pure local verification.
-     */
-    verifyPoT(pot: HttpPoT): HttpPoTVerifyResult;
-    /**
-     * Convert HttpPoT to the standard ProofOfTime shape used by the rest of the SDK.
-     * The issuerSignature field is omitted (no on-chain signer in httpOnly mode).
-     */
-    static toProofOfTime(pot: HttpPoT): ProofOfTime;
-}

package/dist/http_client.js

@@ -1,252 +0,0 @@
-"use strict";
-/**
- * TTTClient.httpOnly() — Zero-friction Proof of Time
- * No ETH, no signer, no on-chain. Just verified time.
- *
- * Usage:
- *   const client = TTTClient.httpOnly();
- *   const pot = await client.generatePoT();
- *   console.log(pot.timestamp, pot.confidence);
- *
- * Time sources: NIST, Apple, Google, Cloudflare HTTPS Date headers.
- * HMAC-SHA256 signature — no ethers.js dependency required.
- */
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.HttpOnlyClient = void 0;
-const crypto = __importStar(require("crypto"));
-const https = __importStar(require("https"));
-const SOURCES = [
-    { name: "nist", url: "https://time.nist.gov/" },
-    { name: "apple", url: "https://time.apple.com/" },
-    { name: "google", url: "https://time.google.com/" },
-    { name: "cloudflare", url: "https://time.cloudflare.com/" },
-];
-function fetchHttpsDate(name, url, timeoutMs = 3000) {
-    return new Promise((resolve, reject) => {
-        const t1 = BigInt(Date.now()) * 1000000n;
-        const timer = setTimeout(() => {
-            req.destroy();
-            reject(new Error(`[httpOnly] Timeout: ${name} (${timeoutMs}ms)`));
-        }, timeoutMs);
-        const req = https.request(url, { method: "HEAD" }, (res) => {
-            clearTimeout(timer);
-            res.resume(); // drain so socket is freed
-            const t4 = BigInt(Date.now()) * 1000000n;
-            const dateHeader = res.headers["date"];
-            if (!dateHeader) {
-                reject(new Error(`[httpOnly] No Date header from ${name}`));
-                return;
-            }
-            const parsed = new Date(dateHeader).getTime();
-            if (isNaN(parsed)) {
-                reject(new Error(`[httpOnly] Invalid Date header from ${name}: ${dateHeader}`));
-                return;
-            }
-            const serverNs = BigInt(parsed) * 1000000n;
-            const rttNs = t4 - t1;
-            // Offset-corrected: server time + half RTT
-            const corrected = serverNs + rttNs / 2n;
-            const rttMs = Number(rttNs) / 1_000_000;
-            resolve({
-                source: name,
-                timestamp: corrected,
-                uncertainty: rttMs / 2 + 500, // 500ms base — HTTP Date has 1s resolution
-                stratum: 2,
-            });
-        });
-        req.on("error", (err) => {
-            clearTimeout(timer);
-            reject(new Error(`[httpOnly] Request error for ${name}: ${err.message}`));
-        });
-        req.end();
-    });
-}
-// ---------------------------------------------------------------------------
-// HMAC helpers — default sandbox key derived from fixed chain+address strings
-// ---------------------------------------------------------------------------
-const SANDBOX_HMAC_SECRET = "openttt-sandbox:chainId=0:address=0x0000000000000000000000000000000000000000";
-function computeHmac(timestamp, nonce, expiresAt, sources, secret = SANDBOX_HMAC_SECRET) {
-    // Canonical message: deterministic field concatenation
-    const msg = `${timestamp.toString()}:${nonce}:${expiresAt.toString()}:${sources}`;
-    return crypto.createHmac("sha256", secret).update(msg).digest("hex");
-}
-/**
- * HttpOnlyClient — zero-dependency Proof of Time over HTTPS.
- *
- * Fetches time from NIST, Apple, Google, and Cloudflare HTTPS endpoints,
- * computes the median, and returns a PoT with HMAC integrity protection.
- *
- * No ETH, no signer, no on-chain interaction required.
- */
-class HttpOnlyClient {
-    hmacSecret;
-    timeoutMs;
-    expirySeconds;
-    toleranceNs;
-    usedNonces = new Map();
-    NONCE_TTL_MS = 300_000; // 5 min
-    MAX_NONCE_CACHE = 10_000;
-    constructor(options = {}) {
-        this.hmacSecret = options.hmacSecret ?? SANDBOX_HMAC_SECRET;
-        this.timeoutMs = options.timeoutMs ?? 3000;
-        this.expirySeconds = options.expirySeconds ?? 60;
-        this.toleranceNs = options.toleranceNs ?? 2000000000n; // 2 s
-    }
-    /**
-     * Fetch time from all four HTTPS sources, compute median, return PoT.
-     * Requires at least 1 source to succeed.
-     */
-    async generatePoT() {
-        const results = await Promise.allSettled(SOURCES.map((s) => fetchHttpsDate(s.name, s.url, this.timeoutMs)));
-        const readings = [];
-        for (const r of results) {
-            if (r.status === "fulfilled")
-                readings.push(r.value);
-        }
-        if (readings.length === 0) {
-            throw new Error("[httpOnly] All HTTPS time sources failed. Check network connectivity.");
-        }
-        // Sort by timestamp for median selection
-        readings.sort((a, b) => (a.timestamp < b.timestamp ? -1 : a.timestamp > b.timestamp ? 1 : 0));
-        let finalTs;
-        let finalUnc;
-        let finalStratum;
-        if (readings.length === 1) {
-            finalTs = readings[0].timestamp;
-            finalUnc = readings[0].uncertainty;
-            finalStratum = readings[0].stratum;
-        }
-        else if (readings.length === 2) {
-            finalTs = (readings[0].timestamp + readings[1].timestamp) / 2n;
-            finalUnc = (readings[0].uncertainty + readings[1].uncertainty) / 2;
-            finalStratum = Math.min(readings[0].stratum, readings[1].stratum);
-        }
-        else {
-            const mid = Math.floor(readings.length / 2);
-            finalTs = readings[mid].timestamp;
-            finalUnc = readings[mid].uncertainty;
-            finalStratum = readings[mid].stratum;
-        }
-        const nonce = crypto.randomBytes(16).toString("hex");
-        const expiresAt = BigInt(Date.now()) + BigInt(this.expirySeconds * 1000);
-        const sourceReadings = readings.map((r) => ({
-            source: r.source,
-            timestamp: r.timestamp,
-            uncertainty: r.uncertainty,
-            stratum: r.stratum,
-        }));
-        const hmac = computeHmac(finalTs, nonce, expiresAt, readings.length, this.hmacSecret);
-        return {
-            timestamp: finalTs,
-            confidence: readings.length / SOURCES.length,
-            stratum: finalStratum,
-            sources: readings.length,
-            sourceReadings,
-            nonce,
-            expiresAt,
-            hmac,
-        };
-    }
-    /**
-     * Verify an HttpPoT:
-     * - HMAC integrity check
-     * - Expiry check
-     * - Nonce replay protection
-     * - Source divergence tolerance check
-     *
-     * No on-chain interaction. Pure local verification.
-     */
-    verifyPoT(pot) {
-        // 1. Expiry
-        if (BigInt(Date.now()) > pot.expiresAt) {
-            return { valid: false, reason: "PoT expired" };
-        }
-        // 2. HMAC integrity
-        const expected = computeHmac(pot.timestamp, pot.nonce, pot.expiresAt, pot.sources, this.hmacSecret);
-        if (!crypto.timingSafeEqual(Buffer.from(expected, "hex"), Buffer.from(pot.hmac, "hex"))) {
-            return { valid: false, reason: "HMAC mismatch — PoT may have been tampered" };
-        }
-        // 3. Nonce replay (bounded cache + TTL)
-        const now = Date.now();
-        if (this.usedNonces.size > this.MAX_NONCE_CACHE / 2) {
-            for (const [k, ts] of this.usedNonces) {
-                if (now - ts > this.NONCE_TTL_MS)
-                    this.usedNonces.delete(k);
-            }
-        }
-        if (this.usedNonces.has(pot.nonce)) {
-            return { valid: false, reason: "Duplicate nonce — replay detected" };
-        }
-        if (this.usedNonces.size >= this.MAX_NONCE_CACHE) {
-            const oldest = this.usedNonces.keys().next().value;
-            if (oldest !== undefined)
-                this.usedNonces.delete(oldest);
-        }
-        this.usedNonces.set(pot.nonce, now);
-        // 4. Source divergence
-        for (const reading of pot.sourceReadings) {
-            const diff = reading.timestamp > pot.timestamp
-                ? reading.timestamp - pot.timestamp
-                : pot.timestamp - reading.timestamp;
-            if (diff > this.toleranceNs) {
-                return {
-                    valid: false,
-                    reason: `Source ${reading.source} diverges by ${diff}ns (tolerance: ${this.toleranceNs}ns)`,
-                };
-            }
-        }
-        return { valid: true };
-    }
-    /**
-     * Convert HttpPoT to the standard ProofOfTime shape used by the rest of the SDK.
-     * The issuerSignature field is omitted (no on-chain signer in httpOnly mode).
-     */
-    static toProofOfTime(pot) {
-        return {
-            timestamp: pot.timestamp,
-            uncertainty: pot.sourceReadings.length > 0
-                ? pot.sourceReadings.reduce((sum, r) => sum + r.uncertainty, 0) / pot.sourceReadings.length
-                : 500,
-            sources: pot.sources,
-            stratum: pot.stratum,
-            confidence: pot.confidence,
-            sourceReadings: pot.sourceReadings,
-            nonce: pot.nonce,
-            expiresAt: pot.expiresAt,
-        };
-    }
-}
-exports.HttpOnlyClient = HttpOnlyClient;