smartledger-bsv 3.3.5 → 3.4.4

package/index.js

@@ -2,17 +2,30 @@
 
 var bsv = module.exports
 
-// Initialize dependencies first to avoid circular dependency issues
+// Initialize dependencies first to avoid circular dependency issues.
+//
+// `bn.js`, `bs58`, and `elliptic` are declared runtime deps in
+// package.json. In Node they MUST be installed — silently swallowing
+// a require() failure here used to mask broken installs behind cryptic
+// downstream errors in lib/crypto/bn.js etc. We now let those throw in
+// Node so the failure points at the real cause (`npm install` is broken).
+// In a browser context the bundler is expected to inline these; if it
+// somehow didn't, we tolerate the absence rather than block the whole
+// library load.
 bsv.deps = bsv.deps || {}
-try {
+bsv.deps._ = require('./lib/util/_')
+bsv.deps.Buffer = (typeof Buffer !== 'undefined') ? Buffer : null
+
+if (typeof window === 'undefined') {
+  // Node — hard require; failure means broken install.
   bsv.deps.bnjs = require('bn.js')
   bsv.deps.bs58 = require('bs58')
-  bsv.deps.Buffer = (typeof Buffer !== 'undefined') ? Buffer : null
   bsv.deps.elliptic = require('elliptic')
-  bsv.deps._ = require('./lib/util/_')
-} catch (e) {
-  // Handle browser environment gracefully
-  console.warn('Some dependencies may not be available in browser environment:', e.message)
+} else {
+  // Browser — bundler-resolved; tolerate absence individually.
+  try { bsv.deps.bnjs = require('bn.js') } catch (e) { /* polyfilled by bundler */ }
+  try { bsv.deps.bs58 = require('bs58') } catch (e) { /* polyfilled by bundler */ }
+  try { bsv.deps.elliptic = require('elliptic') } catch (e) { /* polyfilled by bundler */ }
 }
 
 // module information
@@ -29,7 +42,15 @@ bsv.versionGuard = function (version) {
 bsv.versionGuard(global._bsv)
 global._bsv = bsv.version
 
-// SmartLedger security information
+// SmartLedger security information.
+// NOTE: these properties advertise that hardening *helpers* ship in this
+// package (`bsv.SmartVerify`, `bsv.EllipticFixed`, `signature.toCanonical()`,
+// etc.). They are NOT automatically wired into the default verify path:
+// `transaction.verify()`, `signature.verify()`, and `Message().verify()` go
+// through `lib/crypto/ecdsa.js`, which uses BSV's own pure-JS ECDSA and does
+// not route through `SmartVerify` or `EllipticFixed`. To get the strict
+// input validation, call `bsv.SmartVerify.smartVerify(...)` explicitly.
+// See the Security section of README.md.
 bsv.isHardened = true
 bsv.hardenedBy = 'SmartLedger'
 bsv.baseVersion = 'v1.5.6'
@@ -119,7 +140,9 @@ try {
 try {
   bsv.BrowserUTXOManager = require('./lib/browser-utxo-manager-es5')
 } catch (e) {
-  // BrowserUTXOManager not available
+  if (typeof window === 'undefined') {
+    console.warn('[bsv] BrowserUTXOManager failed to load:', e.message)
+  }
 }
 
 // Node.js specific tools (advanced development tools)
@@ -136,6 +159,42 @@ if (typeof window === 'undefined' && typeof require === 'function') {
 // Global Digital Attestation Framework (GDAF)
 bsv.GDAF = require('./lib/gdaf')
 
+// DID:web Module (W3C standards-based DIDs)
+try {
+  bsv.DIDWeb = require('./lib/didweb')
+} catch (e) {
+  if (typeof window === 'undefined') {
+    console.warn('[bsv] DIDWeb module failed to load:', e.message)
+  }
+}
+
+// VC-JWT Module (W3C Verifiable Credentials)
+try {
+  bsv.VcJwt = require('./lib/vcjwt')
+} catch (e) {
+  if (typeof window === 'undefined') {
+    console.warn('[bsv] VcJwt module failed to load:', e.message)
+  }
+}
+
+// StatusList2021 Module (Credential revocation)
+try {
+  bsv.StatusList = require('./lib/statuslist')
+} catch (e) {
+  if (typeof window === 'undefined') {
+    console.warn('[bsv] StatusList module failed to load:', e.message)
+  }
+}
+
+// Anchor Module (BSV hash anchoring)
+try {
+  bsv.Anchor = require('./lib/anchor')
+} catch (e) {
+  if (typeof window === 'undefined') {
+    console.warn('[bsv] Anchor module failed to load:', e.message)
+  }
+}
+
 // GDAF Direct Access Methods (for easier developer experience)
 bsv.createDID = function(publicKey) {
   var gdaf = new bsv.GDAF()

package/lib/anchor/index.js

@@ -0,0 +1,102 @@
+'use strict'
+
+/**
+ * BSV Anchor Module
+ * Hash anchoring helpers for on-chain evidence (no PII)
+ */
+
+var crypto = require('crypto')
+
+// SHA-256 hex hash
+function sha256Hex(data) {
+  var buffer
+  if (typeof data === 'string') {
+    buffer = Buffer.from(data, 'utf8')
+  } else if (Buffer.isBuffer(data)) {
+    buffer = data
+  } else if (data instanceof Uint8Array) {
+    buffer = Buffer.from(data)
+  } else {
+    throw new Error('Data must be string, Buffer, or Uint8Array')
+  }
+  
+  return crypto.createHash('sha256').update(buffer).digest('hex')
+}
+
+// Build anchor payload for OP_RETURN
+function buildAnchorPayload(params) {
+  if (!params.kind || !params.hash || !params.issuerDid) {
+    throw new Error('kind, hash, and issuerDid are required')
+  }
+
+  var validKinds = ['VC_ANCHOR_SHA256', 'STATUSLIST_SHA256', 'PRESENTATION_SHA256']
+  if (validKinds.indexOf(params.kind) === -1) {
+    throw new Error('Invalid kind. Must be one of: ' + validKinds.join(', '))
+  }
+
+  // Validate hash format (64 hex characters)
+  if (!/^[a-fA-F0-9]{64}$/.test(params.hash)) {
+    throw new Error('Invalid hash format. Must be 64 hex characters')
+  }
+
+  var payload = {
+    protocol: 'SmartLedger',
+    version: '1.0',
+    type: params.kind,
+    hash: params.hash,
+    issuer: params.issuerDid,
+    timestamp: params.issuedAt || new Date().toISOString()
+  }
+
+  return {
+    json: JSON.stringify(payload)
+  }
+}
+
+// Verify anchor hash against original data
+function verifyAnchorHash(originalData, anchorHash) {
+  var computed = sha256Hex(originalData)
+  return computed === anchorHash
+}
+
+// Extract anchor info from OP_RETURN data
+function parseAnchorPayload(opReturnData) {
+  try {
+    var parsed = JSON.parse(opReturnData)
+    
+    if (parsed.protocol !== 'SmartLedger') {
+      return { valid: false, error: 'Invalid protocol' }
+    }
+
+    var validTypes = ['VC_ANCHOR_SHA256', 'STATUSLIST_SHA256', 'PRESENTATION_SHA256']
+    if (validTypes.indexOf(parsed.type) === -1) {
+      return { valid: false, error: 'Invalid anchor type' }
+    }
+
+    if (!/^[a-fA-F0-9]{64}$/.test(parsed.hash)) {
+      return { valid: false, error: 'Invalid hash format' }
+    }
+
+    return {
+      valid: true,
+      protocol: parsed.protocol,
+      version: parsed.version,
+      type: parsed.type,
+      hash: parsed.hash,
+      issuer: parsed.issuer,
+      timestamp: parsed.timestamp
+    }
+  } catch (error) {
+    return {
+      valid: false,
+      error: 'Failed to parse anchor payload: ' + error.message
+    }
+  }
+}
+
+module.exports = {
+  sha256Hex: sha256Hex,
+  buildAnchorPayload: buildAnchorPayload,
+  verifyAnchorHash: verifyAnchorHash,
+  parseAnchorPayload: parseAnchorPayload
+}

package/lib/browser-utxo-manager-es5.js

@@ -5,6 +5,13 @@
  * Lightweight UTXO management for browser environments with configurable storage
  */
 
+// Set window.BSV_DEBUG = true (browser) or BSV_DEBUG=1 (Node) to enable info logs.
+var debug = function () {
+  var enabled = (typeof process !== 'undefined' && process.env && process.env.BSV_DEBUG) ||
+                (typeof window !== 'undefined' && window.BSV_DEBUG)
+  if (enabled) console.log.apply(console, arguments)
+}
+
 var STORAGE_TYPES = {
   MEMORY: 'memory',
   SESSION: 'session',
@@ -75,7 +82,7 @@ BrowserUTXOManager.prototype.loadFromStorage = function() {
       this.metadata = parsed.metadata
     }
 
-    console.log('✅ BrowserUTXOManager: Loaded ' + this.utxos.size + ' UTXOs from ' + this.options.storage + ' storage')
+    debug('✅ BrowserUTXOManager: Loaded ' + this.utxos.size + ' UTXOs from ' + this.options.storage + ' storage')
   } catch (e) {
     console.error('Failed to load UTXOs from storage:', e)
   }
@@ -96,7 +103,7 @@ BrowserUTXOManager.prototype.saveToStorage = function() {
     }
 
     storage.setItem(this.options.storageKey, JSON.stringify(data))
-    console.log('💾 BrowserUTXOManager: Saved ' + this.utxos.size + ' UTXOs to ' + this.options.storage + ' storage')
+    debug('💾 BrowserUTXOManager: Saved ' + this.utxos.size + ' UTXOs to ' + this.options.storage + ' storage')
   } catch (e) {
     console.error('Failed to save UTXOs to storage:', e)
   }
@@ -110,7 +117,7 @@ BrowserUTXOManager.prototype.addUTXO = function(utxo) {
   var key = utxo.txid + ':' + utxo.vout
 
   if (this.utxos.has(key)) {
-    console.log('⚠️ UTXO already exists: ' + key)
+    debug('⚠️ UTXO already exists: ' + key)
     return false
   }
 
@@ -298,7 +305,7 @@ BrowserUTXOManager.prototype.importData = function(jsonData, merge) {
       })
     }
 
-    console.log('✅ BrowserUTXOManager: Imported ' + (data.utxos && data.utxos.length || 0) + ' UTXOs')
+    debug('✅ BrowserUTXOManager: Imported ' + (data.utxos && data.utxos.length || 0) + ' UTXOs')
     return true
   } catch (e) {
     console.error('Failed to import UTXO data:', e)

package/lib/browser-utxo-manager.js

@@ -5,6 +5,13 @@
  * Lightweight UTXO management for browser environments with configurable storage
  */
 
+// Set window.BSV_DEBUG = true (browser) or BSV_DEBUG=1 (Node) to enable info logs.
+var debug = function () {
+  var enabled = (typeof process !== 'undefined' && process.env && process.env.BSV_DEBUG) ||
+                (typeof window !== 'undefined' && window.BSV_DEBUG)
+  if (enabled) console.log.apply(console, arguments)
+}
+
 /**
  * Storage types available for browser UTXO management
  */
@@ -127,7 +134,7 @@ function BrowserUTXOManager(options) {
       }
 
       this._updateMetadata()
-      console.log(`✅ BrowserUTXOManager: Loaded ${this.utxos.size} UTXOs from ${this.options.storage} storage`)
+      debug(`✅ BrowserUTXOManager: Loaded ${this.utxos.size} UTXOs from ${this.options.storage} storage`)
 
     } catch (error) {
       console.error('BrowserUTXOManager: Error loading from storage:', error.message)
@@ -163,7 +170,7 @@ function BrowserUTXOManager(options) {
       })
 
       storage.setItem(this.options.storageKey, JSON.stringify(data))
-      console.log(`💾 BrowserUTXOManager: Saved ${this.utxos.size} UTXOs to ${this.options.storage} storage`)
+      debug(`💾 BrowserUTXOManager: Saved ${this.utxos.size} UTXOs to ${this.options.storage} storage`)
 
     } catch (error) {
       console.error('BrowserUTXOManager: Error saving to storage:', error.message)
@@ -186,7 +193,7 @@ function BrowserUTXOManager(options) {
 
       // Check if already exists
       if (this.utxos.has(key)) {
-        console.log(`⚠️ UTXO already exists: ${key}`)
+        debug(`⚠️ UTXO already exists: ${key}`)
         return false
       }
 
@@ -217,7 +224,7 @@ function BrowserUTXOManager(options) {
         this.saveToStorage()
       }
 
-      console.log(`✅ UTXO added: ${key} (${utxo.satoshis} sats)`)
+      debug(`✅ UTXO added: ${key} (${utxo.satoshis} sats)`)
       return true
 
     } catch (error) {
@@ -305,7 +312,7 @@ function BrowserUTXOManager(options) {
           }
         }
 
-        console.log(`❌ UTXO spent: ${key} in ${spentUTXO.spentInTx}`)
+        debug(`❌ UTXO spent: ${key} in ${spentUTXO.spentInTx}`)
       })
 
       this._updateMetadata()
@@ -446,11 +453,11 @@ function BrowserUTXOManager(options) {
       const storage = this._getStorage()
       if (storage) {
         storage.removeItem(this.options.storageKey)
-        console.log(`🔄 Cleared ${this.options.storage} storage`)
+        debug(`🔄 Cleared ${this.options.storage} storage`)
       }
     }
 
-    console.log('🔄 BrowserUTXOManager reset complete')
+    debug('🔄 BrowserUTXOManager reset complete')
   }
 
   /**
@@ -513,7 +520,7 @@ function BrowserUTXOManager(options) {
         this.saveToStorage()
       }
 
-      console.log('✅ BrowserUTXOManager: Imported ' + (data.utxos && data.utxos.length || 0) + ' UTXOs')
+      debug('✅ BrowserUTXOManager: Imported ' + (data.utxos && data.utxos.length || 0) + ' UTXOs')
       return true
 
     } catch (error) {

package/lib/didweb/index.js

@@ -0,0 +1,177 @@
+'use strict'
+
+/**
+ * DID:web Module
+ * Legally-recognizable DID (did:web) generation and management
+ * Supports ES256 (P-256) and ES256K (secp256k1) keys
+ */
+
+var crypto = require('crypto')
+
+// Generate issuer keys (ES256 or ES256K)
+async function generateIssuerKeys(opts) {
+  opts = opts || {}
+  var alg = opts.alg || 'ES256'
+  var kid = opts.kid || 'key-' + Date.now()
+
+  if (alg !== 'ES256' && alg !== 'ES256K') {
+    throw new Error('Invalid algorithm. Must be ES256 or ES256K')
+  }
+
+  var keyPair
+  if (alg === 'ES256') {
+    // P-256 (NIST curve)
+    keyPair = crypto.generateKeyPairSync('ec', {
+      namedCurve: 'P-256',
+      publicKeyEncoding: { type: 'spki', format: 'pem' },
+      privateKeyEncoding: { type: 'pkcs8', format: 'pem' }
+    })
+  } else {
+    // secp256k1
+    keyPair = crypto.generateKeyPairSync('ec', {
+      namedCurve: 'secp256k1',
+      publicKeyEncoding: { type: 'spki', format: 'pem' },
+      privateKeyEncoding: { type: 'pkcs8', format: 'pem' }
+    })
+  }
+
+  // Convert to JWK format
+  var publicJwk = crypto.createPublicKey(keyPair.publicKey).export({ format: 'jwk' })
+  var privateJwk = crypto.createPrivateKey(keyPair.privateKey).export({ format: 'jwk' })
+
+  // Add required JWK fields
+  publicJwk.kid = kid
+  publicJwk.alg = alg
+  publicJwk.use = 'sig'
+  publicJwk.kty = 'EC'
+  
+  privateJwk.kid = kid
+  privateJwk.alg = alg
+  privateJwk.use = 'sig'
+  privateJwk.kty = 'EC'
+
+  return {
+    privateJwk: privateJwk,
+    publicJwk: publicJwk,
+    kid: kid,
+    alg: alg
+  }
+}
+
+// Build did:web documents (did.json and jwks.json)
+function buildDidWebDocuments(params) {
+  if (!params.domain) {
+    throw new Error('domain is required')
+  }
+
+  var domain = params.domain
+  var did = 'did:web:' + domain.replace(/:/g, '%3A')
+  
+  var verificationMethods = []
+  var publicKeys = []
+
+  // Add P-256 key if provided
+  if (params.p256) {
+    var p256Method = {
+      id: did + '#' + params.p256.kid,
+      type: 'JsonWebKey2020',
+      controller: did,
+      publicKeyJwk: params.p256.jwk
+    }
+    verificationMethods.push(p256Method)
+    publicKeys.push(params.p256.jwk)
+  }
+
+  // Add secp256k1 key if provided
+  if (params.k1) {
+    var k1Method = {
+      id: did + '#' + params.k1.kid,
+      type: 'JsonWebKey2020',
+      controller: did,
+      publicKeyJwk: params.k1.jwk
+    }
+    verificationMethods.push(k1Method)
+    publicKeys.push(params.k1.jwk)
+  }
+
+  if (verificationMethods.length === 0) {
+    throw new Error('At least one key (p256 or k1) must be provided')
+  }
+
+  // Build DID Document
+  var didDocument = {
+    '@context': [
+      'https://www.w3.org/ns/did/v1',
+      'https://w3id.org/security/suites/jws-2020/v1'
+    ],
+    id: did,
+    verificationMethod: verificationMethods,
+    authentication: verificationMethods.map(function(vm) { return vm.id }),
+    assertionMethod: verificationMethods.map(function(vm) { return vm.id })
+  }
+
+  if (params.controllerName) {
+    didDocument.controller = params.controllerName
+  }
+
+  // Build JWKS
+  var jwks = {
+    keys: publicKeys
+  }
+
+  return {
+    did: did,
+    didDocument: didDocument,
+    jwks: jwks
+  }
+}
+
+// Rotate issuer key
+function rotateIssuerKey(params) {
+  if (!params.domain || !params.newKey) {
+    throw new Error('domain and newKey are required')
+  }
+
+  var domain = params.domain
+  var did = 'did:web:' + domain.replace(/:/g, '%3A')
+  var keepOldForDays = params.keepOldForDays || 30
+
+  // Create verification method for new key
+  var newMethod = {
+    id: did + '#' + params.newKey.kid,
+    type: 'JsonWebKey2020',
+    controller: did,
+    publicKeyJwk: params.newKey.jwk
+  }
+
+  // Build updated DID Document with new key as primary
+  var didDocument = {
+    '@context': [
+      'https://www.w3.org/ns/did/v1',
+      'https://w3id.org/security/suites/jws-2020/v1'
+    ],
+    id: did,
+    verificationMethod: [newMethod],
+    authentication: [newMethod.id],
+    assertionMethod: [newMethod.id],
+    rotationInfo: {
+      rotatedAt: new Date().toISOString(),
+      gracePeriodDays: keepOldForDays
+    }
+  }
+
+  var jwks = {
+    keys: [params.newKey.jwk]
+  }
+
+  return {
+    didDocument: didDocument,
+    jwks: jwks
+  }
+}
+
+module.exports = {
+  generateIssuerKeys: generateIssuerKeys,
+  buildDidWebDocuments: buildDidWebDocuments,
+  rotateIssuerKey: rotateIssuerKey
+}

package/lib/ltp/claim.js

@@ -691,6 +691,7 @@ var ClaimValidator = {
    * @private
    */
   _generateBatchId: function() {
+    // Non-security: identifier collision avoidance only
     var data = 'batch_' + Date.now() + '_' + Math.random()
     return Hash.sha256(Buffer.from(data)).toString('hex').substring(0, 16)
   },

package/lib/ltp/obligation.js

@@ -929,6 +929,7 @@ var ObligationToken = {
    * @private
    */
   _generateUUID: function() {
+    // Non-security: identifier collision avoidance only (not RFC 4122 v4 random)
     return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function(c) {
       var r = Math.random() * 16 | 0
       var v = c === 'x' ? r : (r & 0x3 | 0x8)

package/lib/ltp/registry.js

@@ -552,6 +552,7 @@ var LTPRegistry = {
    * @private
    */
   _generateRegistryId: function() {
+    // Non-security: identifier collision avoidance only
     var data = 'reg_' + Date.now() + '_' + Math.random()
     return 'reg_' + Hash.sha256(Buffer.from(data)).toString('hex').substring(0, 16)
   },
@@ -685,6 +686,7 @@ var LTPRegistry = {
    * @private
    */
   _generateAuditId: function() {
+    // Non-security: identifier collision avoidance only
     var data = 'audit_' + Date.now() + '_' + Math.random()
     return 'audit_' + Hash.sha256(Buffer.from(data)).toString('hex').substring(0, 12)
   },

package/lib/ltp/right.js

@@ -752,6 +752,7 @@ var RightToken = {
    * @private
    */
   _generateUUID: function() {
+    // Non-security: identifier collision avoidance only (not RFC 4122 v4 random)
     return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function(c) {
       var r = Math.random() * 16 | 0
       var v = c === 'x' ? r : (r & 0x3 | 0x8)

package/lib/smart_contract/covenant.js

@@ -26,6 +26,15 @@ try {
   fs = null
 }
 
+// Set BSV_DEBUG=1 (Node) or window.BSV_DEBUG = true (browser) to surface
+// informational warnings from this module. Matches the gating pattern
+// used by lib/browser-utxo-manager-es5.js since v3.4.1.
+var debug = function () {
+  var enabled = (typeof process !== 'undefined' && process.env && process.env.BSV_DEBUG) ||
+                (typeof window !== 'undefined' && window.BSV_DEBUG)
+  if (enabled) console.log.apply(console, arguments)
+}
+
 /**
  * Covenant Class - Advanced covenant management
  * @param {PrivateKey} privateKey - Private key for covenant operations
@@ -212,7 +221,7 @@ Covenant.prototype.validate = function(spendingTx, covenantUtxo) {
  */
 Covenant.prototype.save = function(covenantUtxo) {
   if (!fs) {
-    console.warn('File system operations not available in browser environment')
+    debug('File system operations not available in browser environment')
     return covenantUtxo
   }
   

package/lib/smartutxo.js

@@ -5,6 +5,15 @@
  * Provides blockchain state management and UTXO tracking for testing and development
  */
 
+// Set BSV_DEBUG=1 (Node) or window.BSV_DEBUG = true (browser) to surface
+// info/warning output from this module. Matches the gating pattern used
+// by lib/browser-utxo-manager-es5.js since v3.4.1.
+const debug = function () {
+  const enabled = (typeof process !== 'undefined' && process.env && process.env.BSV_DEBUG) ||
+                  (typeof window !== 'undefined' && window.BSV_DEBUG)
+  if (enabled) console.log.apply(console, arguments)
+}
+
 // Browser-compatible imports
 let fs, path, crypto, blockchainState
 
@@ -16,8 +25,7 @@ if (typeof window === 'undefined' && typeof require === 'function') {
     crypto = require('crypto')
     blockchainState = require('../utilities/blockchain-state')
   } catch (e) {
-    // Fallback for environments where these modules aren't available
-    console.warn('SmartUTXO: Running in browser mode - some features may be limited')
+    debug('SmartUTXO: Running in browser mode - some features may be limited')
   }
 }
 
@@ -40,7 +48,7 @@ class SmartUTXOManager {
       const state = blockchainState.loadBlockchainState()
       return state
     } catch (error) {
-      console.log('⚠️ Could not load blockchain state:', error.message)
+      debug('⚠️ Could not load blockchain state:', error.message)
       return null
     }
   }
@@ -53,9 +61,9 @@ class SmartUTXOManager {
       const state = blockchainState.loadBlockchainState()
       blockchainState.saveBlockchainState(state)
       const utxoCount = Object.keys(state.globalUTXOSet || {}).length
-      console.log(`💾 Saved blockchain state with ${utxoCount} UTXOs`)
+      debug(`💾 Saved blockchain state with ${utxoCount} UTXOs`)
     } catch (error) {
-      console.log('⚠️ Could not save blockchain state:', error.message)
+      debug('⚠️ Could not save blockchain state:', error.message)
     }
   }
 
@@ -76,7 +84,7 @@ class SmartUTXOManager {
       // Return the wallet's UTXOs
       return state.wallets[address].utxos || []
     } catch (error) {
-      console.log('⚠️ Error getting UTXOs:', error.message)
+      debug('⚠️ Error getting UTXOs:', error.message)
       return []
     }
   }
@@ -90,7 +98,7 @@ class SmartUTXOManager {
       // Use the correct API: addUTXO(utxo, ownerAddress)
       blockchainState.addUTXO(utxo, utxo.address)
     } catch (error) {
-      console.log('⚠️ Error adding UTXO:', error.message)
+      debug('⚠️ Error adding UTXO:', error.message)
     }
   }
 
@@ -106,7 +114,7 @@ class SmartUTXOManager {
         blockchainState.spendUTXO(input.txid, input.vout, spentInTx)
       }
     } catch (error) {
-      console.log('⚠️ Error spending UTXOs:', error.message)
+      debug('⚠️ Error spending UTXOs:', error.message)
     }
   }
 
@@ -156,7 +164,7 @@ class SmartUTXOManager {
       // Return the wallet's total value
       return state.wallets[address].totalValue || 0
     } catch (error) {
-      console.log('⚠️ Error getting balance:', error.message)
+      debug('⚠️ Error getting balance:', error.message)
       return 0
     }
   }
@@ -176,7 +184,7 @@ class SmartUTXOManager {
         lastUpdated: state.metadata.lastUpdated
       }
     } catch (error) {
-      console.log('⚠️ Error getting stats:', error.message)
+      debug('⚠️ Error getting stats:', error.message)
       return { totalUTXOs: 0, totalValue: 0, totalWallets: 0, blockHeight: 0 }
     }
   }
@@ -189,10 +197,10 @@ class SmartUTXOManager {
       const statePath = path.join(__dirname, '../utilities/blockchain-state.json')
       if (fs.existsSync(statePath)) {
         fs.unlinkSync(statePath)
-        console.log('🔄 Blockchain state reset')
+        debug('🔄 Blockchain state reset')
       }
     } catch (error) {
-      console.log('⚠️ Could not reset blockchain state:', error.message)
+      debug('⚠️ Could not reset blockchain state:', error.message)
     }
   }
 }