posci-miner 0.1.0

package/src/commands/status.mjs

@@ -0,0 +1,60 @@
+// `posci-miner status` — one-shot snapshot of the network + your account.
+
+import { makePublicClient, readMiningState, readPosciBalance } from '../lib/chain.mjs';
+import { resolveAccount } from '../lib/wallet.mjs';
+import { log, c } from '../lib/log.mjs';
+import { formatHashrate, formatPosci, shortAddr, formatDuration } from '../lib/format.mjs';
+import { POSCI_TOKEN, POSCI_MINING, POSCI_GENESIS } from '../lib/config.mjs';
+
+export function registerStatusCommand(program) {
+  program.command('status')
+    .description('one-shot snapshot of POSCI mining contract + your account')
+    .option('--rpc <url>', 'RPC URL (defaults to public endpoints)')
+    .option('--wallet <name>', 'local wallet name')
+    .option('--password <pw>', 'wallet password (or POSCI_PASSWORD env)')
+    .option('--key <0x...>', 'use raw private key (skips local wallet store)')
+    .option('--address <0x...>', 'just look up balance of this address (no auth)')
+    .action(async (opts) => {
+      const pub = makePublicClient(opts.rpc);
+      log.banner(c.cyan().bold('  POSCI · network status'));
+      try {
+        const s = await readMiningState(pub);
+        const lines = [
+          ['Network',        'Ethereum mainnet (chainId 1)'],
+          ['Mining contract', POSCI_MINING],
+          ['Token',           POSCI_TOKEN],
+          ['Genesis',         POSCI_GENESIS],
+          ['',                ''],
+          ['Time gate',       s.timeGateOpen ? c.green('OPEN ✓') : c.yellow(`opens ${new Date(s.miningStartTime*1000).toLocaleString()}`)],
+          ['Pool gate',       s.poolGateOpen ? c.green('OPEN ✓') : c.yellow('CLOSED — waiting on genesis cap')],
+          ['Mining live',     s.canMine ? c.green().bold('YES') : c.yellow('NO')],
+          ['',                ''],
+          ['Difficulty',      s.difficulty.toLocaleString()],
+          ['Reward / block',  formatPosci(s.miningReward, 0) + ' POSCI'],
+          ['Epoch',           s.epochCount.toString()],
+          ['Mined so far',    formatPosci(s.tokensMinted, 0) + ' POSCI'],
+          ['Remaining',       formatPosci(s.remainingSupply, 0) + ' POSCI'],
+          ['Network hashrate ≈', formatHashrate(s.networkHashrate)],
+        ];
+        for (const [k, v] of lines) {
+          if (k === '') console.log('');
+          else console.log(`  ${c.dim(k.padEnd(18))} ${v}`);
+        }
+
+        let addr;
+        if (opts.address) addr = opts.address;
+        else {
+          try { addr = resolveAccount(opts).address; } catch { /* no auth, skip */ }
+        }
+        if (addr) {
+          const bal = await readPosciBalance(pub, addr);
+          console.log('');
+          console.log(`  ${c.dim('Your address  ')}     ${c.bold(addr)}`);
+          console.log(`  ${c.dim('Your POSCI    ')}     ${c.bold(formatPosci(bal, 4))} POSCI`);
+        }
+        console.log('');
+      } catch (e) {
+        log.err(`Status failed: ${e.message}`); process.exit(1);
+      }
+    });
+}

package/src/commands/wallet.mjs

@@ -0,0 +1,82 @@
+// Wallet subcommands.
+
+import { walletNew, walletLoad, walletImport, listWallets, walletDir } from '../lib/wallet.mjs';
+import { c, log } from '../lib/log.mjs';
+import { shortAddr } from '../lib/format.mjs';
+
+export function registerWalletCommands(program) {
+  const w = program.command('wallet').description('manage local encrypted wallets');
+
+  w.command('new')
+    .description('generate a new wallet, encrypted with --password')
+    .argument('<name>', 'wallet name (alphanumeric)')
+    .option('--password <pw>', 'password for the keystore (or POSCI_PASSWORD env)')
+    .action((name, opts) => {
+      try {
+        const pw = opts.password || process.env.POSCI_PASSWORD;
+        if (!pw) { log.err('--password required (or set POSCI_PASSWORD env)'); process.exit(1); }
+        const r = walletNew(name, pw);
+        log.banner(c.green().bold('  ✓ Wallet created'));
+        console.log(`    ${c.dim('name      ')} ${r.name}`);
+        console.log(`    ${c.dim('address   ')} ${c.bold(r.address)}`);
+        console.log(`    ${c.dim('keystore  ')} ${r.path}`);
+        console.log(`    ${c.dim('private   ')} ${c.yellow(r.privateKey)} ${c.dim('(shown once)')}`);
+        console.log('');
+        console.log(c.yellow('  ⚠ Save the private key OFFLINE — it will not be shown again unless you decrypt.'));
+        console.log(`  ${c.dim('Send some ETH to')} ${c.bold(r.address)} ${c.dim('to pay for mine() tx fees.')}`);
+      } catch (e) { log.err(e.message); process.exit(1); }
+    });
+
+  w.command('list')
+    .description('list local wallets')
+    .action(() => {
+      const ws = listWallets();
+      if (ws.length === 0) {
+        log.info(`No wallets at ${walletDir()}.`);
+        log.info('Run: posci-miner wallet new <name> --password <pw>');
+        return;
+      }
+      log.banner(c.bold(`  Local wallets (${walletDir()})`));
+      log.table(ws.map(w => ({
+        name: w.name, address: w.address, created: w.createdAt.slice(0, 19),
+      })));
+    });
+
+  w.command('show')
+    .description('reveal address (and optionally private key) of a stored wallet')
+    .argument('<name>', 'wallet name')
+    .option('--password <pw>', 'password (required to reveal private key)')
+    .option('--private', 'also show the decrypted private key')
+    .action((name, opts) => {
+      try {
+        if (opts.private && !opts.password && !process.env.POSCI_PASSWORD) {
+          log.err('--password required to reveal private key');
+          process.exit(1);
+        }
+        if (opts.private) {
+          const pw = opts.password || process.env.POSCI_PASSWORD;
+          const w = walletLoad(name, pw);
+          console.log(`address    : ${w.address}`);
+          console.log(`privateKey : ${w.privateKey}`);
+        } else {
+          const ws = listWallets().find(w => w.name === name);
+          if (!ws) { log.err(`wallet '${name}' not found`); process.exit(1); }
+          console.log(`address: ${ws.address}`);
+        }
+      } catch (e) { log.err(e.message); process.exit(1); }
+    });
+
+  w.command('import')
+    .description('import an external private key into the local store')
+    .argument('<name>', 'wallet name to save under')
+    .requiredOption('--key <0x...>', '0x-prefixed 64-hex private key')
+    .option('--password <pw>', 'encryption password (or POSCI_PASSWORD env)')
+    .action((name, opts) => {
+      try {
+        const pw = opts.password || process.env.POSCI_PASSWORD;
+        if (!pw) { log.err('--password required'); process.exit(1); }
+        const r = walletImport(name, opts.key, pw);
+        log.ok(`Imported ${r.address} as '${r.name}' → ${r.path}`);
+      } catch (e) { log.err(e.message); process.exit(1); }
+    });
+}

package/src/lib/chain.mjs

@@ -0,0 +1,96 @@
+// Thin viem wrapper for POSCI mining contract reads + the mine() write.
+
+import { createPublicClient, createWalletClient, http } from 'viem';
+import { privateKeyToAccount } from 'viem/accounts';
+import { mainnet } from 'viem/chains';
+
+import { POSCI_TOKEN, POSCI_MINING, PUBLIC_RPCS, MAXIMUM_TARGET } from './config.mjs';
+
+const TOKEN_ABI = [
+  { type:'function', name:'balanceOf', stateMutability:'view',
+    inputs:[{type:'address',name:'a'}], outputs:[{type:'uint256'}] },
+  { type:'function', name:'symbol', stateMutability:'view', inputs:[], outputs:[{type:'string'}] },
+];
+
+const MINING_ABI = [
+  { type:'function', name:'mine', stateMutability:'nonpayable',
+    inputs:[{type:'uint256',name:'nonce'},{type:'bytes32',name:'challengeDigest'}], outputs:[] },
+  { type:'function', name:'challengeNumber',     stateMutability:'view', inputs:[], outputs:[{type:'bytes32'}] },
+  { type:'function', name:'miningTarget',        stateMutability:'view', inputs:[], outputs:[{type:'uint256'}] },
+  { type:'function', name:'getMiningReward',     stateMutability:'view', inputs:[], outputs:[{type:'uint256'}] },
+  { type:'function', name:'getMiningDifficulty', stateMutability:'view', inputs:[], outputs:[{type:'uint256'}] },
+  { type:'function', name:'getRemainingSupply',  stateMutability:'view', inputs:[], outputs:[{type:'uint256'}] },
+  { type:'function', name:'epochCount',          stateMutability:'view', inputs:[], outputs:[{type:'uint256'}] },
+  { type:'function', name:'tokensMinted',        stateMutability:'view', inputs:[], outputs:[{type:'uint256'}] },
+  { type:'function', name:'miningStartTime',     stateMutability:'view', inputs:[], outputs:[{type:'uint256'}] },
+  { type:'function', name:'poolGateOpen',        stateMutability:'view', inputs:[], outputs:[{type:'bool'}] },
+];
+
+export function makePublicClient(rpcUrl) {
+  return createPublicClient({
+    chain: mainnet,
+    transport: http(rpcUrl || process.env.POSCI_RPC || PUBLIC_RPCS[0]),
+  });
+}
+
+export function makeWalletClient(rpcUrl, privateKey) {
+  return createWalletClient({
+    chain: mainnet,
+    transport: http(rpcUrl || process.env.POSCI_RPC || PUBLIC_RPCS[0]),
+    account: privateKeyToAccount(privateKey),
+  });
+}
+
+/** Pull all mining state in one multicall. */
+export async function readMiningState(publicClient) {
+  const calls = [
+    'challengeNumber','miningTarget','getMiningReward','getMiningDifficulty',
+    'getRemainingSupply','epochCount','tokensMinted','miningStartTime','poolGateOpen',
+  ].map(fn => ({ address: POSCI_MINING, abi: MINING_ABI, functionName: fn }));
+
+  const r = await publicClient.multicall({ contracts: calls, allowFailure: false });
+  const [challenge, target, reward, difficulty, remaining, epoch, minted, startTime, poolOpen] = r;
+
+  const now = Math.floor(Date.now() / 1000);
+  return {
+    challengeNumber: challenge,
+    miningTarget:    target,
+    miningReward:    reward,
+    difficulty,
+    remainingSupply: remaining,
+    epochCount:      epoch,
+    tokensMinted:    minted,
+    miningStartTime: Number(startTime),
+    poolGateOpen:    poolOpen,
+    timeGateOpen:    BigInt(now) >= startTime,
+    canMine:         (BigInt(now) >= startTime) && poolOpen,
+    /** Estimated network hashrate from current target. */
+    networkHashrate: estimateNetworkHashrate(difficulty),
+  };
+}
+
+export async function readPosciBalance(publicClient, address) {
+  return await publicClient.readContract({
+    address: POSCI_TOKEN, abi: TOKEN_ABI, functionName: 'balanceOf', args: [address],
+  });
+}
+
+export async function submitMine(walletClient, publicClient, nonce, digest) {
+  const hash = await walletClient.writeContract({
+    address: POSCI_MINING, abi: MINING_ABI, functionName: 'mine', args: [nonce, digest],
+  });
+  // Don't await receipt here — caller decides
+  return hash;
+}
+
+/**
+ * Heuristic network hashrate from current difficulty.
+ *   E[hashes/find] = 2^256 / target = 2^22 * difficulty   (since MAXIMUM_TARGET = 2^234)
+ *   Hashrate at steady-state = E[hashes/find] / TARGET_INTERVAL
+ */
+export function estimateNetworkHashrate(difficulty, targetIntervalSec = 60) {
+  if (difficulty === 0n) return 0;
+  return Number(difficulty) * 2 ** 22 / targetIntervalSec;
+}
+
+export const ABIs = { TOKEN_ABI, MINING_ABI };

package/src/lib/config.mjs

@@ -0,0 +1,24 @@
+// On-chain constants for the live POSCI deployment.
+// These addresses match the verified contracts at scientistdapp.online.
+
+export const POSCI_TOKEN   = '0xD020e5E5c2724B2661C2FEF9AE878f49410a8B77';
+export const POSCI_MINING  = '0x9EAdD7dF7701e03d07c3727EC1ba816C2C9De936';
+export const POSCI_GENESIS = '0x7bC1520Da49Cd56D5BE11aA77650cA998951459d';
+
+// Public RPC fallbacks. Override with --rpc on the CLI or POSCI_RPC env var.
+export const PUBLIC_RPCS = [
+  'https://ethereum.publicnode.com',
+  'https://eth.llamarpc.com',
+  'https://eth.merkle.io',
+  'https://1rpc.io/eth',
+];
+
+// Difficulty / supply constants from the contract — copy here so we can
+// compute schedule without an extra RPC call.
+export const TOTAL_MINING_SUPPLY = 20_000_000n * 10n ** 18n;
+export const INITIAL_REWARD      = 1_000n * 10n ** 18n;
+export const HALVING_INTERVAL    = 10_000n;
+export const MAX_HALVINGS        = 64n;
+export const MAXIMUM_TARGET      = 1n << 234n;
+export const TARGET_INTERVAL     = 60n;
+export const BLOCKS_PER_READJUST = 1024n;

package/src/lib/format.mjs

@@ -0,0 +1,38 @@
+/** Format hashes-per-second to a human string. */
+export function formatHashrate(hps) {
+  if (!Number.isFinite(hps) || hps <= 0) return '0 H/s';
+  const units = ['H/s', 'kH/s', 'MH/s', 'GH/s', 'TH/s', 'PH/s'];
+  let i = 0;
+  while (hps >= 1000 && i < units.length - 1) { hps /= 1000; i++; }
+  return `${hps.toFixed(hps < 10 ? 2 : hps < 100 ? 1 : 0)} ${units[i]}`;
+}
+
+/** Format wei BigInt as POSCI (18 decimals) human string. */
+export function formatPosci(wei, fractionDigits = 4) {
+  if (typeof wei !== 'bigint') wei = BigInt(wei ?? 0);
+  const neg = wei < 0n;
+  const v = neg ? -wei : wei;
+  const base = 10n ** 18n;
+  const whole = v / base;
+  const frac = v - whole * base;
+  const fracStr = frac.toString().padStart(18, '0').slice(0, fractionDigits).replace(/0+$/, '');
+  const wholeStr = whole.toString().replace(/\B(?=(\d{3})+(?!\d))/g, ',');
+  const out = fracStr ? `${wholeStr}.${fracStr}` : wholeStr;
+  return neg ? `-${out}` : out;
+}
+
+/** "0x1234…cdef" — short address. */
+export function shortAddr(a, chars = 6) {
+  if (!a) return '';
+  if (a.length < 2 + chars * 2) return a;
+  return `${a.slice(0, 2 + chars)}…${a.slice(-chars)}`;
+}
+
+/** "3m 12s" / "1h 5m" / "2d 4h" relative duration. */
+export function formatDuration(seconds) {
+  seconds = Math.max(0, Math.floor(seconds));
+  if (seconds < 60) return `${seconds}s`;
+  if (seconds < 3600) return `${Math.floor(seconds/60)}m ${seconds%60}s`;
+  if (seconds < 86400) return `${Math.floor(seconds/3600)}h ${Math.floor((seconds%3600)/60)}m`;
+  return `${Math.floor(seconds/86400)}d ${Math.floor((seconds%86400)/3600)}h`;
+}

package/src/lib/log.mjs

@@ -0,0 +1,20 @@
+import kleur from 'kleur';
+
+export const c = kleur;
+
+export const log = {
+  step:    (s) => console.log(`\n${kleur.cyan().bold('▸')} ${kleur.bold(s)}`),
+  ok:      (s) => console.log(`  ${kleur.green('✓')} ${s}`),
+  info:    (s) => console.log(`  ${kleur.dim(s)}`),
+  warn:    (s) => console.log(`  ${kleur.yellow('⚠')} ${s}`),
+  err:     (s) => console.error(`  ${kleur.red('✗')} ${s}`),
+  banner:  (s) => console.log(`\n${kleur.bold(s)}`),
+  table:   (rows) => {
+    const widths = {};
+    for (const r of rows) for (const k in r) widths[k] = Math.max(widths[k] || k.length, String(r[k]).length);
+    const fmt = (r) => Object.entries(widths).map(([k, w]) => String(r[k] ?? '').padEnd(w)).join('  ');
+    console.log('  ' + kleur.dim(fmt(Object.fromEntries(Object.keys(widths).map(k => [k, k])))));
+    console.log('  ' + kleur.dim('─'.repeat(Object.values(widths).reduce((a,b) => a+b+2, -2))));
+    for (const r of rows) console.log('  ' + fmt(r));
+  },
+};

package/src/lib/wallet.mjs

@@ -0,0 +1,150 @@
+// Local wallet store. Keys are stored encrypted under ~/.posci/wallets/<name>.json
+// using AES-256-GCM with PBKDF2-derived key (matches Geth keystore v3 spirit).
+//
+// Two paths:
+//   - walletNew(name, password) → generate, return address
+//   - walletLoad(name, password) → decrypt + return privateKey + address
+//
+// You can also pass a private key directly via --key on the CLI; in that case
+// nothing is read or written from the store.
+
+import { mkdirSync, writeFileSync, readFileSync, existsSync, readdirSync, statSync } from 'node:fs';
+import { resolve, join } from 'node:path';
+import { homedir } from 'node:os';
+import {
+  randomBytes, pbkdf2Sync, createCipheriv, createDecipheriv,
+} from 'node:crypto';
+import { privateKeyToAccount, generatePrivateKey } from 'viem/accounts';
+
+const STORE_DIR = process.env.POSCI_HOME || join(homedir(), '.posci', 'wallets');
+const KDF_ITERS = 250_000;
+const KDF_KEYLEN = 32;
+const KDF_DIGEST = 'sha256';
+
+function ensureDir() { mkdirSync(STORE_DIR, { recursive: true }); }
+function walletPath(name) { return resolve(STORE_DIR, `${name}.json`); }
+
+export function walletDir() { return STORE_DIR; }
+
+export function listWallets() {
+  if (!existsSync(STORE_DIR)) return [];
+  return readdirSync(STORE_DIR)
+    .filter(f => f.endsWith('.json'))
+    .map(f => {
+      const name = f.replace(/\.json$/, '');
+      const path = walletPath(name);
+      const data = JSON.parse(readFileSync(path, 'utf8'));
+      return { name, address: data.address, createdAt: data.createdAt, path };
+    });
+}
+
+function encrypt(privateKey, password) {
+  const salt = randomBytes(16);
+  const iv   = randomBytes(12);
+  const key  = pbkdf2Sync(password, salt, KDF_ITERS, KDF_KEYLEN, KDF_DIGEST);
+  const cipher = createCipheriv('aes-256-gcm', key, iv);
+  const ciphertext = Buffer.concat([cipher.update(privateKey, 'utf8'), cipher.final()]);
+  const tag = cipher.getAuthTag();
+  return {
+    cipher: 'aes-256-gcm',
+    kdf: { name: 'pbkdf2', iters: KDF_ITERS, keylen: KDF_KEYLEN, digest: KDF_DIGEST,
+           salt: salt.toString('hex') },
+    iv: iv.toString('hex'),
+    tag: tag.toString('hex'),
+    ciphertext: ciphertext.toString('hex'),
+  };
+}
+
+function decrypt(payload, password) {
+  if (payload.cipher !== 'aes-256-gcm') throw new Error('unsupported cipher');
+  const salt = Buffer.from(payload.kdf.salt, 'hex');
+  const iv   = Buffer.from(payload.iv, 'hex');
+  const tag  = Buffer.from(payload.tag, 'hex');
+  const key  = pbkdf2Sync(password, salt, payload.kdf.iters, payload.kdf.keylen, payload.kdf.digest);
+  const decipher = createDecipheriv('aes-256-gcm', key, iv);
+  decipher.setAuthTag(tag);
+  const plain = Buffer.concat([
+    decipher.update(Buffer.from(payload.ciphertext, 'hex')),
+    decipher.final(),
+  ]);
+  return plain.toString('utf8');
+}
+
+/** Generate a new wallet, store under `name`, return { name, address, privateKey }. */
+export function walletNew(name, password) {
+  if (!name) throw new Error('wallet name required');
+  if (!password) throw new Error('password required (pass --password or use POSCI_PASSWORD env)');
+  ensureDir();
+  if (existsSync(walletPath(name))) throw new Error(`wallet '${name}' already exists at ${walletPath(name)}`);
+
+  const privateKey = generatePrivateKey();
+  const account = privateKeyToAccount(privateKey);
+  const data = {
+    name, address: account.address, createdAt: new Date().toISOString(),
+    keystore: encrypt(privateKey, password),
+  };
+  writeFileSync(walletPath(name), JSON.stringify(data, null, 2) + '\n', { mode: 0o600 });
+  return { name, address: account.address, privateKey, path: walletPath(name) };
+}
+
+/** Decrypt and return { name, address, privateKey } for an existing wallet. */
+export function walletLoad(name, password) {
+  if (!name) throw new Error('wallet name required');
+  if (!password) throw new Error('password required (pass --password or use POSCI_PASSWORD env)');
+  const path = walletPath(name);
+  if (!existsSync(path)) throw new Error(`wallet '${name}' not found at ${path}`);
+  const data = JSON.parse(readFileSync(path, 'utf8'));
+  const privateKey = decrypt(data.keystore, password);
+  return { name, address: data.address, privateKey, path };
+}
+
+/** Import an external private key into the local store under `name`. */
+export function walletImport(name, privateKey, password) {
+  if (!/^0x[0-9a-fA-F]{64}$/.test(privateKey)) {
+    throw new Error('private key must be 0x-prefixed 64-char hex');
+  }
+  if (!password) throw new Error('password required');
+  ensureDir();
+  if (existsSync(walletPath(name))) throw new Error(`wallet '${name}' already exists`);
+  const account = privateKeyToAccount(privateKey);
+  const data = {
+    name, address: account.address, createdAt: new Date().toISOString(),
+    keystore: encrypt(privateKey, password),
+  };
+  writeFileSync(walletPath(name), JSON.stringify(data, null, 2) + '\n', { mode: 0o600 });
+  return { name, address: account.address, privateKey, path: walletPath(name) };
+}
+
+/**
+ * Resolve an account from CLI flags. Priority:
+ *   1. --key <0x...> direct private key                 (ephemeral, not stored)
+ *   2. --wallet <name> + --password <p>                  (decrypt local store)
+ *   3. POSCI_PRIVATE_KEY env var                         (ephemeral)
+ *   4. POSCI_WALLET + POSCI_PASSWORD env vars            (load from store)
+ *
+ * Returns { address, privateKey, source }.
+ */
+export function resolveAccount({ key, wallet, password }) {
+  if (key) {
+    if (!/^0x[0-9a-fA-F]{64}$/.test(key)) throw new Error('--key must be 0x-prefixed 64-char hex');
+    const a = privateKeyToAccount(key);
+    return { address: a.address, privateKey: key, source: 'flag-key' };
+  }
+  if (wallet) {
+    const pw = password || process.env.POSCI_PASSWORD;
+    if (!pw) throw new Error('--password required when using --wallet (or set POSCI_PASSWORD)');
+    const w = walletLoad(wallet, pw);
+    return { address: w.address, privateKey: w.privateKey, source: `wallet:${wallet}` };
+  }
+  if (process.env.POSCI_PRIVATE_KEY) {
+    const k = process.env.POSCI_PRIVATE_KEY;
+    if (!/^0x[0-9a-fA-F]{64}$/.test(k)) throw new Error('POSCI_PRIVATE_KEY env: bad format');
+    const a = privateKeyToAccount(k);
+    return { address: a.address, privateKey: k, source: 'env-key' };
+  }
+  if (process.env.POSCI_WALLET && process.env.POSCI_PASSWORD) {
+    const w = walletLoad(process.env.POSCI_WALLET, process.env.POSCI_PASSWORD);
+    return { address: w.address, privateKey: w.privateKey, source: `env-wallet:${process.env.POSCI_WALLET}` };
+  }
+  throw new Error('No wallet configured. See: posci-miner wallet --help');
+}

package/src/mining/cpu-worker.mjs

@@ -0,0 +1,99 @@
+// Node worker_threads CPU miner. One worker = one core, hashing in a tight
+// loop. Stride-based partitioning so N workers cover the nonce space without
+// overlap.
+//
+// Started by mining/manager.mjs via:
+//   new Worker(new URL('./cpu-worker.mjs', import.meta.url), { workerData: {...} })
+
+import { parentPort, workerData } from 'node:worker_threads';
+import sha3 from 'js-sha3';            // js-sha3 is CommonJS — must use default import
+const { keccak_256 } = sha3;
+
+const {
+  challengeHex,        // 0x-prefixed 32 bytes
+  minerAddrHex,        // 0x-prefixed 20 bytes (msg.sender)
+  targetHex,           // 0x-prefixed uint256
+  startNonceHex,       // 0x-prefixed uint256
+  strideHex,           // total worker count, as bigint hex
+} = workerData;
+
+function hexToBytes(h) {
+  const s = h.startsWith('0x') ? h.slice(2) : h;
+  const out = new Uint8Array(s.length / 2);
+  for (let i = 0; i < out.length; i++) out[i] = parseInt(s.substr(i*2, 2), 16);
+  return out;
+}
+function bytesToHex(b) {
+  let s = '0x';
+  for (let i = 0; i < b.length; i++) s += b[i].toString(16).padStart(2, '0');
+  return s;
+}
+function bytesToBigIntBE(b) {
+  let v = 0n;
+  for (let i = 0; i < b.length; i++) v = (v << 8n) | BigInt(b[i]);
+  return v;
+}
+function nonceToBytesBE32(n) {
+  const out = new Uint8Array(32);
+  let v = n;
+  for (let i = 31; i >= 0; i--) { out[i] = Number(v & 0xffn); v >>= 8n; }
+  return out;
+}
+
+const challenge = hexToBytes(challengeHex);
+const miner     = hexToBytes(minerAddrHex);
+const target    = BigInt(targetHex);
+const stride    = BigInt(strideHex);
+
+let nonce = BigInt(startNonceHex);
+let hashes = 0;
+let lastReport = Date.now();
+const REPORT_MS = 750;
+const BATCH = 4096;
+
+// Reused 84-byte buffer: [challenge(32) | miner(20) | nonce(32)]
+const buf = new Uint8Array(84);
+buf.set(challenge, 0);
+buf.set(miner, 32);
+
+function tick() {
+  for (let i = 0; i < BATCH; i++) {
+    buf.set(nonceToBytesBE32(nonce), 52);
+    const digestBuf = keccak_256.arrayBuffer(buf);
+    const v = bytesToBigIntBE(new Uint8Array(digestBuf));
+    if (v <= target) {
+      parentPort.postMessage({
+        type: 'hit',
+        nonce: '0x' + nonce.toString(16),
+        digest: bytesToHex(new Uint8Array(digestBuf)),
+      });
+    }
+    nonce += stride;
+    hashes++;
+  }
+  const now = Date.now();
+  if (now - lastReport >= REPORT_MS) {
+    parentPort.postMessage({ type: 'stats', hashes });
+    hashes = 0;
+    lastReport = now;
+  }
+  // Yield so we can receive 'stop' / 'reset' messages from the manager.
+  setImmediate(tick);
+}
+
+let running = true;
+
+parentPort.on('message', (msg) => {
+  if (msg.type === 'stop') {
+    running = false;
+    parentPort.close();
+  } else if (msg.type === 'reset') {
+    // New mining job: update challenge / target / nonce
+    const newChallenge = hexToBytes(msg.challengeHex);
+    buf.set(newChallenge, 0);
+    nonce = BigInt(msg.startNonceHex);
+    if (msg.targetHex) globalThis.__target = BigInt(msg.targetHex);
+  }
+});
+
+tick();