soulprint-network 0.4.3 → 0.4.5

package/dist/blockchain/NullifierRegistryClient.d.ts

@@ -0,0 +1,46 @@
+export declare const NULLIFIER_REGISTRY_RPC = "https://sepolia.base.org";
+export declare const NULLIFIER_REGISTRY_ADDRESS: string;
+export interface NullifierEntry {
+    nullifier: string;
+    did: string;
+    score: number;
+    timestamp: number;
+}
+export declare class NullifierRegistryClient {
+    private provider;
+    private contract;
+    private wallet?;
+    private cache;
+    private cacheAt;
+    private cacheTTLMs;
+    private address;
+    constructor(opts?: {
+        rpc?: string;
+        address?: string;
+        privateKey?: string;
+        cacheTTLMs?: number;
+    });
+    /**
+     * Sign a nullifier payload with the validator's private key and register on-chain.
+     * Non-blocking — logs warning on failure.
+     *
+     * The contract verifies the ECDSA signature over keccak256(nullifier, did, score).
+     */
+    registerNullifier(opts: {
+        nullifier: string;
+        did: string;
+        score?: number;
+    }): Promise<void>;
+    /**
+     * Check if a nullifier is registered on-chain.
+     */
+    isRegistered(nullifier: string): Promise<boolean>;
+    /**
+     * Get all registered nullifiers (cached 2 min).
+     */
+    getAllNullifiers(): Promise<NullifierEntry[]>;
+    refreshNullifiers(): Promise<NullifierEntry[]>;
+    getCount(): Promise<number>;
+    get contractAddress(): string;
+}
+export declare const nullifierRegistryClient: NullifierRegistryClient;

package/dist/blockchain/NullifierRegistryClient.js

@@ -0,0 +1,157 @@
+/**
+ * NullifierRegistryClient
+ * On-chain nullifier registry for Soulprint (Base Sepolia).
+ *
+ * The soulprint.digital validator (authorizedValidator) signs every nullifier
+ * before writing it on-chain. Read-only access is public — anyone can verify
+ * isRegistered(nullifier) without trust in any third party.
+ *
+ * Architecture (v0.5.0):
+ *  - WRITE: only soulprint.digital validator (ADMIN_PRIVATE_KEY)
+ *  - READ:  anyone, cached 2 min
+ */
+import { ethers } from "ethers";
+import { readFileSync } from "node:fs";
+import { join, dirname } from "node:path";
+import { fileURLToPath } from "node:url";
+const __dirname = dirname(fileURLToPath(import.meta.url));
+export const NULLIFIER_REGISTRY_RPC = "https://sepolia.base.org";
+function loadAddress() {
+    try {
+        const f = join(__dirname, "addresses.json");
+        const d = JSON.parse(readFileSync(f, "utf8"));
+        return d["NullifierRegistry"] ?? "";
+    }
+    catch {
+        return "";
+    }
+}
+export const NULLIFIER_REGISTRY_ADDRESS = loadAddress();
+const ABI = [
+    "function registerNullifier(bytes32 nullifier, string did, uint256 score, bytes sig) external",
+    "function isRegistered(bytes32 nullifier) external view returns (bool)",
+    "function getNullifier(bytes32 nullifier) external view returns (bytes32 nul, string did, uint256 score, uint256 timestamp)",
+    "function getAllNullifiers() external view returns (tuple(bytes32 nullifier, string did, uint256 score, uint256 timestamp)[])",
+    "function getNullifierCount() external view returns (uint256)",
+    "function authorizedValidator() external view returns (address)",
+    "event NullifierRegistered(bytes32 indexed nullifier, string did, uint256 score, uint256 timestamp)",
+];
+export class NullifierRegistryClient {
+    provider;
+    contract;
+    wallet;
+    cache = null;
+    cacheAt = 0;
+    cacheTTLMs;
+    address;
+    constructor(opts) {
+        this.address = opts?.address ?? NULLIFIER_REGISTRY_ADDRESS;
+        this.cacheTTLMs = opts?.cacheTTLMs ?? 2 * 60 * 1000; // 2 min
+        const rpc = opts?.rpc ?? NULLIFIER_REGISTRY_RPC;
+        this.provider = new ethers.JsonRpcProvider(rpc);
+        if (!this.address) {
+            console.warn("[nullifier-registry] ⚠️  No contract address — registry disabled");
+            this.contract = null;
+            return;
+        }
+        if (opts?.privateKey) {
+            this.wallet = new ethers.Wallet(opts.privateKey, this.provider);
+            this.contract = new ethers.Contract(this.address, ABI, this.wallet);
+        }
+        else {
+            this.contract = new ethers.Contract(this.address, ABI, this.provider);
+        }
+    }
+    /**
+     * Sign a nullifier payload with the validator's private key and register on-chain.
+     * Non-blocking — logs warning on failure.
+     *
+     * The contract verifies the ECDSA signature over keccak256(nullifier, did, score).
+     */
+    async registerNullifier(opts) {
+        if (!this.wallet) {
+            console.warn("[nullifier-registry] ⚠️  No private key — cannot register nullifier");
+            return;
+        }
+        if (!this.address) {
+            console.warn("[nullifier-registry] ⚠️  No contract address — skipping registration");
+            return;
+        }
+        try {
+            const nullifierBytes = opts.nullifier.startsWith("0x")
+                ? opts.nullifier
+                : `0x${opts.nullifier}`;
+            const score = BigInt(opts.score ?? 0);
+            // Create the message hash matching what the contract verifies
+            const msgHash = ethers.keccak256(ethers.solidityPacked(["bytes32", "string", "uint256"], [nullifierBytes, opts.did, score]));
+            // Sign with Ethereum personal_sign prefix (matches contract's \x19Ethereum Signed Message:\n32)
+            const sig = await this.wallet.signMessage(ethers.getBytes(msgHash));
+            const feeData = await this.provider.getFeeData();
+            const tx = await this.contract.registerNullifier(nullifierBytes, opts.did, score, sig, { gasPrice: feeData.gasPrice });
+            console.log(`[nullifier-registry] 📡 Registering nullifier on-chain... tx: ${tx.hash}`);
+            await tx.wait();
+            console.log(`[nullifier-registry] ✅ Nullifier registered: ${nullifierBytes.slice(0, 18)}... did=${opts.did.slice(0, 20)}...`);
+            // Invalidate cache
+            this.cache = null;
+        }
+        catch (err) {
+            console.warn(`[nullifier-registry] ⚠️  Registration failed (non-fatal): ${err.shortMessage ?? err.message}`);
+        }
+    }
+    /**
+     * Check if a nullifier is registered on-chain.
+     */
+    async isRegistered(nullifier) {
+        if (!this.address)
+            return false;
+        try {
+            const n = nullifier.startsWith("0x") ? nullifier : `0x${nullifier}`;
+            return await this.contract.isRegistered(n);
+        }
+        catch (err) {
+            console.warn(`[nullifier-registry] ⚠️  isRegistered failed: ${err.shortMessage ?? err.message}`);
+            return false;
+        }
+    }
+    /**
+     * Get all registered nullifiers (cached 2 min).
+     */
+    async getAllNullifiers() {
+        if (this.cache && Date.now() - this.cacheAt < this.cacheTTLMs) {
+            return this.cache;
+        }
+        return this.refreshNullifiers();
+    }
+    async refreshNullifiers() {
+        if (!this.address)
+            return [];
+        try {
+            const raw = await this.contract.getAllNullifiers();
+            this.cache = raw.map((e) => ({
+                nullifier: e.nullifier,
+                did: e.did,
+                score: Number(e.score),
+                timestamp: Number(e.timestamp),
+            }));
+            this.cacheAt = Date.now();
+            return this.cache;
+        }
+        catch (err) {
+            console.warn(`[nullifier-registry] ⚠️  getAllNullifiers failed: ${err.shortMessage ?? err.message}`);
+            return this.cache ?? [];
+        }
+    }
+    async getCount() {
+        if (!this.address)
+            return 0;
+        try {
+            const n = await this.contract.getNullifierCount();
+            return Number(n);
+        }
+        catch {
+            return 0;
+        }
+    }
+    get contractAddress() { return this.address; }
+}
+export const nullifierRegistryClient = new NullifierRegistryClient();

package/dist/blockchain/ReputationRegistryClient.d.ts

@@ -0,0 +1,45 @@
+export declare const REPUTATION_REGISTRY_RPC = "https://sepolia.base.org";
+export declare const REPUTATION_REGISTRY_ADDRESS: string;
+export interface ScoreEntry {
+    did: string;
+    score: number;
+    context: string;
+    updatedAt: number;
+}
+export declare class ReputationRegistryClient {
+    private provider;
+    private contract;
+    private wallet?;
+    private cache;
+    private cacheAt;
+    private cacheTTLMs;
+    private address;
+    constructor(opts?: {
+        rpc?: string;
+        address?: string;
+        privateKey?: string;
+        cacheTTLMs?: number;
+    });
+    /**
+     * Set or update a reputation score for a DID.
+     * Only works if the wallet is the authorized validator.
+     * Non-blocking — logs warning on failure.
+     */
+    setScore(opts: {
+        did: string;
+        score: number;
+        context?: string;
+    }): Promise<void>;
+    /**
+     * Get reputation score for a specific DID.
+     */
+    getScore(did: string): Promise<ScoreEntry | null>;
+    /**
+     * Get all DID scores (cached 2 min).
+     */
+    getAllScores(): Promise<ScoreEntry[]>;
+    refreshScores(): Promise<ScoreEntry[]>;
+    getCount(): Promise<number>;
+    get contractAddress(): string;
+}
+export declare const reputationRegistryClient: ReputationRegistryClient;

package/dist/blockchain/ReputationRegistryClient.js

@@ -0,0 +1,151 @@
+/**
+ * ReputationRegistryClient
+ * On-chain reputation scores for DIDs (Base Sepolia).
+ *
+ * Only the soulprint.digital validator (authorizedValidator) can write scores.
+ * Anyone can read scores from the public ledger.
+ *
+ * Architecture (v0.5.0):
+ *  - WRITE: only soulprint.digital validator wallet (ADMIN_PRIVATE_KEY)
+ *  - READ:  anyone, cached 2 min
+ */
+import { ethers } from "ethers";
+import { readFileSync } from "node:fs";
+import { join, dirname } from "node:path";
+import { fileURLToPath } from "node:url";
+const __dirname = dirname(fileURLToPath(import.meta.url));
+export const REPUTATION_REGISTRY_RPC = "https://sepolia.base.org";
+function loadAddress() {
+    try {
+        const f = join(__dirname, "addresses.json");
+        const d = JSON.parse(readFileSync(f, "utf8"));
+        return d["ReputationRegistry"] ?? "";
+    }
+    catch {
+        return "";
+    }
+}
+export const REPUTATION_REGISTRY_ADDRESS = loadAddress();
+const ABI = [
+    "function setScore(string did, uint256 score, string context) external",
+    "function getScore(string did) external view returns (string retDid, uint256 score, string context, uint256 updatedAt)",
+    "function getAllScores() external view returns (tuple(string did, uint256 score, string context, uint256 updatedAt)[])",
+    "function getScoreCount() external view returns (uint256)",
+    "function authorizedValidators(address) external view returns (bool)",
+    "event ScoreUpdated(string indexed did, uint256 score, string context, uint256 updatedAt)",
+];
+export class ReputationRegistryClient {
+    provider;
+    contract;
+    wallet;
+    cache = null;
+    cacheAt = 0;
+    cacheTTLMs;
+    address;
+    constructor(opts) {
+        this.address = opts?.address ?? REPUTATION_REGISTRY_ADDRESS;
+        this.cacheTTLMs = opts?.cacheTTLMs ?? 2 * 60 * 1000; // 2 min
+        const rpc = opts?.rpc ?? REPUTATION_REGISTRY_RPC;
+        this.provider = new ethers.JsonRpcProvider(rpc);
+        if (!this.address) {
+            console.warn("[reputation-registry] ⚠️  No contract address — registry disabled");
+            this.contract = null;
+            return;
+        }
+        if (opts?.privateKey) {
+            this.wallet = new ethers.Wallet(opts.privateKey, this.provider);
+            this.contract = new ethers.Contract(this.address, ABI, this.wallet);
+        }
+        else {
+            this.contract = new ethers.Contract(this.address, ABI, this.provider);
+        }
+    }
+    /**
+     * Set or update a reputation score for a DID.
+     * Only works if the wallet is the authorized validator.
+     * Non-blocking — logs warning on failure.
+     */
+    async setScore(opts) {
+        if (!this.wallet) {
+            console.warn("[reputation-registry] ⚠️  No private key — cannot write score");
+            return;
+        }
+        if (!this.address) {
+            console.warn("[reputation-registry] ⚠️  No contract address — skipping");
+            return;
+        }
+        try {
+            const feeData = await this.provider.getFeeData();
+            const tx = await this.contract.setScore(opts.did, BigInt(Math.round(opts.score)), opts.context ?? "soulprint:v1", { gasPrice: feeData.gasPrice });
+            console.log(`[reputation-registry] 📡 Setting score on-chain... tx: ${tx.hash}`);
+            await tx.wait();
+            console.log(`[reputation-registry] ✅ Score set: did=${opts.did.slice(0, 20)}... score=${opts.score}`);
+            // Invalidate cache
+            this.cache = null;
+        }
+        catch (err) {
+            console.warn(`[reputation-registry] ⚠️  setScore failed (non-fatal): ${err.shortMessage ?? err.message}`);
+        }
+    }
+    /**
+     * Get reputation score for a specific DID.
+     */
+    async getScore(did) {
+        if (!this.address)
+            return null;
+        try {
+            const r = await this.contract.getScore(did);
+            return {
+                did: r.retDid,
+                score: Number(r.score),
+                context: r.context,
+                updatedAt: Number(r.updatedAt),
+            };
+        }
+        catch (err) {
+            console.warn(`[reputation-registry] ⚠️  getScore failed: ${err.shortMessage ?? err.message}`);
+            return null;
+        }
+    }
+    /**
+     * Get all DID scores (cached 2 min).
+     */
+    async getAllScores() {
+        if (this.cache && Date.now() - this.cacheAt < this.cacheTTLMs) {
+            return this.cache;
+        }
+        return this.refreshScores();
+    }
+    async refreshScores() {
+        if (!this.address)
+            return [];
+        try {
+            const raw = await this.contract.getAllScores();
+            this.cache = raw.map((e) => ({
+                did: e.did,
+                score: Number(e.score),
+                context: e.context,
+                updatedAt: Number(e.updatedAt),
+            }));
+            this.cacheAt = Date.now();
+            return this.cache;
+        }
+        catch (err) {
+            console.warn(`[reputation-registry] ⚠️  getAllScores failed: ${err.shortMessage ?? err.message}`);
+            return this.cache ?? [];
+        }
+    }
+    async getCount() {
+        if (!this.address)
+            return 0;
+        try {
+            const n = await this.contract.getScoreCount();
+            return Number(n);
+        }
+        catch {
+            return 0;
+        }
+    }
+    get contractAddress() { return this.address; }
+}
+export const reputationRegistryClient = new ReputationRegistryClient();

package/dist/code-hash.json

@@ -1,10 +1,12 @@
 {
-  "codeHash": "7f708d77d85f66abb7951d5e2761d23b3f07a64c5e71fdb4db02d6bdb958bbd9",
-  "codeHashHex": "0x7f708d77d85f66abb7951d5e2761d23b3f07a64c5e71fdb4db02d6bdb958bbd9",
-  "computedAt": "2026-03-01T01:59:34.396Z",
-  "fileCount": 21,
+  "codeHash": "c256c2701bea12bbb2f50552b268bda6065a58d187f7bde6d6be86d82eb73f06",
+  "codeHashHex": "0xc256c2701bea12bbb2f50552b268bda6065a58d187f7bde6d6be86d82eb73f06",
+  "computedAt": "2026-03-01T02:53:10.893Z",
+  "fileCount": 24,
   "files": [
+    "blockchain/NullifierRegistryClient.ts",
     "blockchain/PeerRegistryClient.ts",
+    "blockchain/ReputationRegistryClient.ts",
     "blockchain/blockchain-anchor.ts",
     "blockchain/blockchain-client.ts",
     "blockchain/protocol-thresholds-client.ts",
@@ -24,6 +26,7 @@
     "p2p.ts",
     "peer-challenge.ts",
     "server.ts",
+    "state/StateStore.ts",
     "validator.ts"
   ]
 }

package/dist/server.js

@@ -6,7 +6,8 @@
  *  1. HTTP server (port 4888)    — clientes y legado
  *  2. libp2p P2P node (port 6888) — Kademlia DHT + GossipSub + mDNS
  */
-import { startValidatorNode, setP2PNode, setPeerRegistryClient } from "./validator.js";
+import { startValidatorNode, setP2PNode, setPeerRegistryClient, getNodeState, setLastSyncTs } from "./validator.js";
+import { computeHash, saveState } from "./state/StateStore.js";
 import { createSoulprintP2PNode, MAINNET_BOOTSTRAP, stopP2PNode } from "./p2p.js";
 import { PeerRegistryClient } from "./blockchain/PeerRegistryClient.js";
 // ─── Config ──────────────────────────────────────────────────────────────────
@@ -148,6 +149,58 @@ if (httpBootstraps.length > 0) {
         }
     }, 2_000);
 }
+// ─── Anti-entropy sync loop (v0.4.4) ─────────────────────────────────────────
+// Every 60 seconds: compare state hash with each known peer.
+// If diverged, fetch full state and merge locally.
+setInterval(async () => {
+    const { nullifiers, repStore, peers: knownPeers } = getNodeState();
+    if (knownPeers.length === 0)
+        return;
+    const localHash = computeHash(Object.keys(nullifiers));
+    for (const peerUrl of knownPeers) {
+        try {
+            const hashRes = await fetch(`${peerUrl}/state/hash`, { signal: AbortSignal.timeout(5_000) });
+            if (!hashRes.ok)
+                continue;
+            const hashData = await hashRes.json();
+            const peerHash = hashData.hash;
+            if (peerHash === localHash) {
+                console.log(`[sync] peer ${peerUrl}: hash match ✅`);
+                continue;
+            }
+            // Hashes differ — fetch full state and merge
+            const exportRes = await fetch(`${peerUrl}/state/export`, { signal: AbortSignal.timeout(10_000) });
+            if (!exportRes.ok) {
+                console.warn(`[sync] peer ${peerUrl}: export failed (${exportRes.status})`);
+                continue;
+            }
+            const peerState = await exportRes.json();
+            const mergeRes = await fetch(`http://localhost:${HTTP_PORT}/state/merge`, {
+                method: "POST",
+                headers: { "Content-Type": "application/json" },
+                body: JSON.stringify(peerState),
+                signal: AbortSignal.timeout(5_000),
+            });
+            const merged = await mergeRes.json();
+            console.log(`[sync] peer ${peerUrl}: diverged → merged ${merged.new_nullifiers ?? 0} nullifiers, ${merged.new_attestations ?? 0} attestations`);
+            // Persist updated state
+            const { nullifiers: n2, repStore: r2, peers: p2 } = getNodeState();
+            const ts = Date.now();
+            saveState({
+                nullifiers: Object.keys(n2),
+                reputation: Object.fromEntries(Object.entries(r2).map(([d, e]) => [d, e.score])),
+                attestations: Object.values(r2).flatMap((e) => e.attestations ?? []),
+                peers: p2,
+                lastSync: ts,
+                stateHash: computeHash(Object.keys(n2)),
+            }, 0);
+            setLastSyncTs(ts);
+        }
+        catch (e) {
+            console.warn(`[sync] peer ${peerUrl}: error — ${e.message}`);
+        }
+    }
+}, 60_000);
 // ─── Graceful shutdown ────────────────────────────────────────────────────────
 async function shutdown(signal) {
     console.log(`\n${signal} recibido — cerrando...`);

package/dist/state/StateStore.d.ts

@@ -0,0 +1,22 @@
+export interface StoredAttestation {
+    issuer_did: string;
+    target_did: string;
+    value: number;
+    context: string;
+    timestamp: number;
+    sig: string;
+}
+export interface NodeState {
+    nullifiers: string[];
+    reputation: Record<string, number>;
+    attestations: StoredAttestation[];
+    peers: string[];
+    lastSync: number;
+    stateHash: string;
+}
+/** sha256(JSON.stringify(nullifiers.sort())) */
+export declare function computeHash(nullifiers: string[]): string;
+/** Load state from disk. Returns default if file missing or corrupt. */
+export declare function loadState(): NodeState;
+/** Write state to disk — debounced 2 s by default. */
+export declare function saveState(state: NodeState, debounceMs?: number): void;

package/dist/state/StateStore.js

@@ -0,0 +1,61 @@
+/**
+ * StateStore — persistent state for P2P sync
+ * Saves/loads full node state to disk with debounced writes.
+ */
+import { createHash } from "node:crypto";
+import { readFileSync, writeFileSync, existsSync, mkdirSync } from "node:fs";
+import { dirname, join } from "node:path";
+import { homedir } from "node:os";
+const STATE_PATH = process.env.SOULPRINT_STATE_PATH
+    ?? join(homedir(), ".soulprint", "node", "state.json");
+const DEFAULT_STATE = {
+    nullifiers: [],
+    reputation: {},
+    attestations: [],
+    peers: [],
+    lastSync: 0,
+    stateHash: "",
+};
+let saveTimer = null;
+/** sha256(JSON.stringify(nullifiers.sort())) */
+export function computeHash(nullifiers) {
+    const sorted = [...nullifiers].sort();
+    return createHash("sha256").update(JSON.stringify(sorted)).digest("hex");
+}
+/** Load state from disk. Returns default if file missing or corrupt. */
+export function loadState() {
+    if (!existsSync(STATE_PATH)) {
+        return { ...DEFAULT_STATE, stateHash: computeHash([]) };
+    }
+    try {
+        const raw = JSON.parse(readFileSync(STATE_PATH, "utf8"));
+        const nullifiers = raw.nullifiers ?? [];
+        return {
+            nullifiers,
+            reputation: raw.reputation ?? {},
+            attestations: raw.attestations ?? [],
+            peers: raw.peers ?? [],
+            lastSync: raw.lastSync ?? 0,
+            stateHash: raw.stateHash ?? computeHash(nullifiers),
+        };
+    }
+    catch {
+        return { ...DEFAULT_STATE, stateHash: computeHash([]) };
+    }
+}
+/** Write state to disk — debounced 2 s by default. */
+export function saveState(state, debounceMs = 2000) {
+    if (saveTimer)
+        clearTimeout(saveTimer);
+    saveTimer = setTimeout(() => {
+        try {
+            const dir = dirname(STATE_PATH);
+            if (!existsSync(dir))
+                mkdirSync(dir, { recursive: true, mode: 0o700 });
+            writeFileSync(STATE_PATH, JSON.stringify(state, null, 2));
+        }
+        catch (e) {
+            console.error("[state] Failed to save state:", e);
+        }
+    }, debounceMs);
+}

package/dist/validator.d.ts

@@ -2,6 +2,8 @@ import { IncomingMessage, ServerResponse } from "node:http";
 import { BotAttestation, BotReputation } from "soulprint-core";
 import { type SoulprintP2PNode } from "./p2p.js";
 import { PeerRegistryClient } from "./blockchain/PeerRegistryClient.js";
+import { NullifierRegistryClient } from "./blockchain/NullifierRegistryClient.js";
+import { ReputationRegistryClient } from "./blockchain/ReputationRegistryClient.js";
 export declare function getLiveThresholds(): {
     SCORE_FLOOR: number;
     VERIFIED_SCORE_FLOOR: number;
@@ -14,6 +16,10 @@ export declare function getLiveThresholds(): {
     source: "blockchain" | "local_fallback";
 };
 export declare function setPeerRegistryClient(client: PeerRegistryClient): void;
+export declare function setNullifierRegistry(client: NullifierRegistryClient): void;
+export declare function setReputationRegistry(client: ReputationRegistryClient): void;
+export declare function getNullifierRegistry(): NullifierRegistryClient | null;
+export declare function getReputationRegistry(): ReputationRegistryClient | null;
 /**
  * Inyecta el nodo libp2p al validador.
  * Cuando se llama:
@@ -21,6 +27,18 @@ export declare function setPeerRegistryClient(client: PeerRegistryClient): void;
  *  2. Desde ese momento, gossipAttestation() también publica por P2P
  */
 export declare function setP2PNode(node: SoulprintP2PNode): void;
+/**
+ * Per-DID reputation: score (0-20) + attestation history.
+ * Persisted to disk - survives node restarts.
+ */
+interface ReputeEntry {
+    score: number;
+    base: number;
+    attestations: BotAttestation[];
+    last_updated: number;
+    identityScore: number;
+    hasDocumentVerified: boolean;
+}
 /**
  * Aplica una nueva attestation al DID objetivo y persiste.
  *
@@ -50,3 +68,14 @@ export declare function getBotReputation(nodeUrl: string, did: string): Promise<
 export declare function getNodeInfo(nodeUrl: string): Promise<any>;
 export declare const BOOTSTRAP_NODES: string[];
 export { applyAttestation };
+/** Used by anti-entropy loop in server.ts */
+export declare function getNodeState(): {
+    nullifiers: Record<string, {
+        did: string;
+        verified_at: number;
+    }>;
+    repStore: Record<string, ReputeEntry>;
+    peers: string[];
+    lastSyncTs: number;
+};
+export declare function setLastSyncTs(ts: number): void;

package/dist/validator.js

@@ -2,6 +2,7 @@ import { createServer } from "node:http";
 import { readFileSync, writeFileSync, existsSync, mkdirSync } from "node:fs";
 import { join } from "node:path";
 import { homedir } from "node:os";
+import { computeHash, loadState, saveState } from "./state/StateStore.js";
 import { generateKeypair, keypairFromPrivateKey, decodeToken, sign, createToken, TOKEN_LIFETIME_SECONDS, TOKEN_RENEW_PREEMPTIVE_SECS, TOKEN_RENEW_GRACE_SECS, TOKEN_RENEW_COOLDOWN_SECS, NonceStore, verifyAttestation, computeReputation, defaultReputation, PROTOCOL, PROTOCOL_HASH, isProtocolHashCompatible, computeTotalScoreWithFloor, checkFarming, recordApprovedGain, recordFarmingStrike, loadAuditStore, exportAuditStore, } from "soulprint-core";
 import { verifyProof, deserializeProof } from "soulprint-zkp";
 import { buildChallengeResponse, verifyPeerBehavior, } from "./peer-challenge.js";
@@ -75,6 +76,23 @@ let peerRegistryClient = null;
 export function setPeerRegistryClient(client) {
     peerRegistryClient = client;
 }
+// ── On-Chain Registries (v0.5.0) ───────────────────────────────────────────────
+// The blockchain IS the shared state. These are the single source of truth.
+// Only soulprint.digital validator can WRITE; anyone can READ.
+let nullifierRegistry = null;
+let reputationRegistry = null;
+export function setNullifierRegistry(client) {
+    nullifierRegistry = client;
+}
+export function setReputationRegistry(client) {
+    reputationRegistry = client;
+}
+export function getNullifierRegistry() {
+    return nullifierRegistry;
+}
+export function getReputationRegistry() {
+    return reputationRegistry;
+}
 /**
  * Inyecta el nodo libp2p al validador.
  * Cuando se llama:
@@ -204,8 +222,18 @@ function applyAttestation(att) {
         hasDocumentVerified: hasDocument,
     };
     saveReputation();
+    // ── Write reputation to on-chain ReputationRegistry (v0.5.0) — non-blocking
+    if (reputationRegistry) {
+        reputationRegistry.setScore({
+            did: att.target_did,
+            score: finalRepScore,
+            context: "soulprint:v1",
+        }).catch(e => console.warn("[reputation-registry] ⚠️  On-chain write failed:", e.message));
+    }
     return { score: finalRepScore, attestations: allAtts.length, last_updated: rep.last_updated };
 }
+// ── P2P state sync metadata ───────────────────────────────────────────────────
+let lastSyncTs = 0; // timestamp (ms) of last successful anti-entropy sync
 // ── Peers registry (P2P gossip) ───────────────────────────────────────────────
 let peers = []; // URLs de otros nodos (ej: "http://node2.example.com:4888")
 function loadPeers() {
@@ -242,6 +270,9 @@ async function gossipAttestation(att, excludeUrl) {
     if (targets.length < peers.length - (excludeUrl ? 1 : 0)) {
         console.log(routingStats(peers.length, targets.length, att.target_did));
     }
+    if (targets.length > 0) {
+        console.log(`[gossip] broadcasted to ${targets.length} peers`);
+    }
     // Cifrar el payload con AES-256-GCM antes de enviar
     // Solo nodos con PROTOCOL_HASH correcto pueden descifrar
     const encrypted = encryptGossip({ attestation: att, from_peer: true });
@@ -686,6 +717,17 @@ async function handleVerify(req, res, nodeKeypair, ip) {
     else {
         nullifiers[zkResult.nullifier] = { did: token.did, verified_at: now };
         saveNullifiers();
+        // ── Write to on-chain NullifierRegistry (v0.5.0) — non-blocking ──────────
+        // soulprint.digital validator signs and certifies the identity on-chain.
+        // Anyone can now verify isRegistered(nullifier) without trusting this node.
+        if (nullifierRegistry) {
+            const score = repStore[token.did]?.score ?? 0;
+            nullifierRegistry.registerNullifier({
+                nullifier: zkResult.nullifier,
+                did: token.did,
+                score,
+            }).catch(e => console.warn("[nullifier-registry] ⚠️  On-chain write failed:", e.message));
+        }
     }
     const coSig = sign({ nullifier: zkResult.nullifier, did: token.did, timestamp: now }, nodeKeypair.privateKey);
     // Incluir reputación actual del bot en la respuesta
@@ -831,6 +873,30 @@ function handleNullifierCheck(res, nullifier) {
 }
 // ── Server ────────────────────────────────────────────────────────────────────
 export function startValidatorNode(port = PORT) {
+    // ── Load persistent state from disk (v0.4.4) ───────────────────────────────
+    const persisted = loadState();
+    if (persisted.nullifiers.length > 0 || Object.keys(persisted.reputation).length > 0) {
+        console.log(`[state] Loaded ${persisted.nullifiers.length} nullifiers, ${Object.keys(persisted.reputation).length} reputation entries from disk`);
+        // Merge persisted nullifiers into in-memory store
+        for (const n of persisted.nullifiers) {
+            if (!nullifiers[n]) {
+                nullifiers[n] = { did: `did:soulprint:recovered:${n.slice(0, 8)}`, verified_at: persisted.lastSync || Date.now() };
+            }
+        }
+        // Merge persisted reputation
+        for (const [did, score] of Object.entries(persisted.reputation)) {
+            if (!repStore[did]) {
+                repStore[did] = {
+                    score,
+                    base: 10,
+                    attestations: [],
+                    last_updated: persisted.lastSync || Date.now(),
+                    identityScore: 0,
+                    hasDocumentVerified: false,
+                };
+            }
+        }
+    }
     loadNullifiers();
     loadReputation();
     loadPeers();
@@ -1020,6 +1086,8 @@ export function startValidatorNode(port = PORT) {
             const httpPeers = peers.length;
             const libp2pPeers = p2pStats?.peers ?? 0;
             let registeredPeers = 0;
+            let nullifiersOnchain = 0;
+            let reputationOnchain = 0;
             try {
                 if (peerRegistryClient) {
                     const chainPeers = await peerRegistryClient.getAllPeers();
@@ -1027,23 +1095,38 @@ export function startValidatorNode(port = PORT) {
                 }
             }
             catch { /* non-fatal */ }
+            try {
+                if (nullifierRegistry)
+                    nullifiersOnchain = await nullifierRegistry.getCount();
+            }
+            catch { /* non-fatal */ }
+            try {
+                if (reputationRegistry)
+                    reputationOnchain = await reputationRegistry.getCount();
+            }
+            catch { /* non-fatal */ }
             return json(res, 200, {
                 node_did: nodeKeypair.did.slice(0, 20) + "...",
                 version: VERSION,
                 protocol_hash: PROTOCOL_HASH.slice(0, 16) + "...",
-                // identidades y reputación
+                // identidades y reputación (in-memory cache)
                 verified_identities: Object.keys(nullifiers).length,
                 reputation_profiles: Object.keys(repStore).length,
-                // peers — HTTP gossip (funciona en todos los entornos)
+                // on-chain state (v0.5.0) — blockchain IS the shared state
+                nullifiers_onchain: nullifiersOnchain,
+                reputation_onchain: reputationOnchain,
+                // peers — HTTP gossip
                 known_peers: httpPeers,
-                // peers — libp2p P2P (requiere multicast/bootstrap; 0 en WSL2)
+                // peers — libp2p P2P
                 p2p_peers: libp2pPeers,
                 p2p_pubsub_peers: p2pStats?.pubsubPeers ?? 0,
                 p2p_enabled: !!p2pNode,
-                // total = max de ambas capas (HTTP gossip es el piso mínimo garantizado)
                 total_peers: Math.max(httpPeers, libp2pPeers),
                 // on-chain registered peers (PeerRegistry)
                 registered_peers: registeredPeers,
+                // state sync (v0.5.0 — blockchain is source of truth)
+                state_hash: computeHash(Object.keys(nullifiers)).slice(0, 16) + "...",
+                last_sync: lastSyncTs,
                 // estado general
                 uptime_ms: Date.now() - (globalThis._startTime ?? Date.now()),
                 timestamp: Date.now(),
@@ -1052,6 +1135,134 @@ export function startValidatorNode(port = PORT) {
         }
         if (cleanUrl === "/verify" && req.method === "POST")
             return handleVerify(req, res, nodeKeypair, ip);
+        // ── State endpoints (v0.5.0) — blockchain IS the shared state ────────────
+        // GET /state/hash — hash of on-chain nullifier count + reputation count
+        if (cleanUrl === "/state/hash" && req.method === "GET") {
+            const currentNullifiers = Object.keys(nullifiers);
+            let onchainNullifiers = currentNullifiers.length;
+            let onchainReputation = Object.keys(repStore).length;
+            try {
+                if (nullifierRegistry)
+                    onchainNullifiers = await nullifierRegistry.getCount();
+            }
+            catch { }
+            try {
+                if (reputationRegistry)
+                    onchainReputation = await reputationRegistry.getCount();
+            }
+            catch { }
+            // Hash includes on-chain counts for consensus
+            const hash = computeHash([...currentNullifiers, `onchain:${onchainNullifiers}:${onchainReputation}`]);
+            return json(res, 200, {
+                hash,
+                nullifier_count: currentNullifiers.length,
+                nullifier_count_onchain: onchainNullifiers,
+                reputation_count: Object.keys(repStore).length,
+                reputation_count_onchain: onchainReputation,
+                attestation_count: Object.values(repStore).reduce((n, e) => n + (e.attestations?.length ?? 0), 0),
+                timestamp: Date.now(),
+            });
+        }
+        // GET /state/export — full state export including on-chain data
+        if (cleanUrl === "/state/export" && req.method === "GET") {
+            const allAttestations = Object.values(repStore).flatMap(e => e.attestations ?? []);
+            // Read on-chain data (cached — won't hit RPC on every call)
+            const [onchainNullifiers, onchainScores] = await Promise.all([
+                nullifierRegistry ? nullifierRegistry.getAllNullifiers().catch(() => []) : Promise.resolve([]),
+                reputationRegistry ? reputationRegistry.getAllScores().catch(() => []) : Promise.resolve([]),
+            ]);
+            return json(res, 200, {
+                // Local in-memory state
+                nullifiers: Object.keys(nullifiers),
+                reputation: Object.fromEntries(Object.entries(repStore).map(([did, e]) => [did, e.score])),
+                attestations: allAttestations,
+                peers,
+                lastSync: lastSyncTs,
+                stateHash: computeHash(Object.keys(nullifiers)),
+                timestamp: Date.now(),
+                // On-chain state (v0.5.0) — canonical source of truth
+                onchain: {
+                    nullifiers: onchainNullifiers,
+                    reputation: onchainScores,
+                    nullifier_count: onchainNullifiers.length,
+                    reputation_count: onchainScores.length,
+                },
+            });
+        }
+        // POST /state/merge — merge partial state from a peer
+        if (cleanUrl === "/state/merge" && req.method === "POST") {
+            let body;
+            try {
+                body = await readBody(req);
+            }
+            catch (e) {
+                return json(res, 400, { error: e.message });
+            }
+            const incoming = body ?? {};
+            let newNullifiers = 0;
+            let newAttestations = 0;
+            // Merge nullifiers (union)
+            if (Array.isArray(incoming.nullifiers)) {
+                for (const n of incoming.nullifiers) {
+                    if (typeof n === "string" && !nullifiers[n]) {
+                        nullifiers[n] = { did: `did:soulprint:synced:${n.slice(0, 8)}`, verified_at: Date.now() };
+                        newNullifiers++;
+                    }
+                }
+                if (newNullifiers > 0)
+                    saveNullifiers();
+            }
+            // Merge reputation (take max score)
+            if (incoming.reputation && typeof incoming.reputation === "object") {
+                for (const [did, score] of Object.entries(incoming.reputation)) {
+                    if (typeof score !== "number")
+                        continue;
+                    if (!repStore[did]) {
+                        repStore[did] = { score, base: 10, attestations: [], last_updated: Date.now(), identityScore: 0, hasDocumentVerified: false };
+                    }
+                    else if (score > repStore[did].score) {
+                        repStore[did].score = score;
+                        repStore[did].last_updated = Date.now();
+                    }
+                }
+                if (Object.keys(incoming.reputation).length > 0)
+                    saveReputation();
+            }
+            // Merge attestations (dedup by issuer+timestamp+context)
+            if (Array.isArray(incoming.attestations)) {
+                for (const att of incoming.attestations) {
+                    if (!att?.issuer_did || !att?.target_did)
+                        continue;
+                    const existing = repStore[att.target_did];
+                    const prevAtts = existing?.attestations ?? [];
+                    const isDup = prevAtts.some(a => a.issuer_did === att.issuer_did &&
+                        a.timestamp === att.timestamp &&
+                        a.context === att.context);
+                    if (!isDup) {
+                        applyAttestation(att);
+                        newAttestations++;
+                    }
+                }
+            }
+            // Persist new unified state
+            if (newNullifiers > 0 || newAttestations > 0) {
+                const snapshot = {
+                    nullifiers: Object.keys(nullifiers),
+                    reputation: Object.fromEntries(Object.entries(repStore).map(([d, e]) => [d, e.score])),
+                    attestations: Object.values(repStore).flatMap(e => e.attestations ?? []),
+                    peers,
+                    lastSync: Date.now(),
+                    stateHash: computeHash(Object.keys(nullifiers)),
+                };
+                saveState(snapshot);
+                lastSyncTs = Date.now();
+            }
+            return json(res, 200, {
+                ok: true,
+                new_nullifiers: newNullifiers,
+                new_attestations: newAttestations,
+            });
+        }
         if (cleanUrl === "/token/renew" && req.method === "POST")
             return handleTokenRenew(req, res, nodeKeypair);
         if (cleanUrl === "/challenge" && req.method === "POST")
@@ -1433,3 +1644,8 @@ export async function getNodeInfo(nodeUrl) {
 }
 export const BOOTSTRAP_NODES = [];
 export { applyAttestation };
+/** Used by anti-entropy loop in server.ts */
+export function getNodeState() {
+    return { nullifiers, repStore, peers, lastSyncTs };
+}
+export function setLastSyncTs(ts) { lastSyncTs = ts; }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "soulprint-network",
-  "version": "0.4.3",
-  "description": "Soulprint validator node — HTTP server that verifies ZK proofs, co-signs SPTs, anti-Sybil registry",
+  "version": "0.4.5",
+  "description": "Soulprint validator node \u2014 HTTP server that verifies ZK proofs, co-signs SPTs, anti-Sybil registry",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "bin": {
@@ -51,8 +51,8 @@
     "nodemailer": "^8.0.1",
     "otpauth": "^9.5.0",
     "otplib": "^13.3.0",
-    "soulprint-core": "workspace:*",
-    "soulprint-zkp": "workspace:*",
+    "soulprint-core": "0.1.11",
+    "soulprint-zkp": "0.1.5",
     "uint8arrays": "5.1.0"
   },
   "devDependencies": {