forgesworn
diff --git a/‎.gitignore‎
Lines changed: 7 additions & 0 deletions b/‎.gitignore‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎bunker/index.mjs‎
Lines changed: 200 additions & 0 deletions b/‎bunker/index.mjs‎
Lines changed: 200 additions & 0 deletions
diff --git a/‎bunker/package.json‎
Lines changed: 13 additions & 0 deletions b/‎bunker/package.json‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎crates/heartwood-core/src/lib.rs‎
Lines changed: 1 addition & 1 deletion b/‎crates/heartwood-core/src/lib.rs‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎crates/heartwood-core/src/root.rs‎
Lines changed: 13 additions & 0 deletions b/‎crates/heartwood-core/src/root.rs‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎crates/heartwood-device/Cargo.toml‎
Lines changed: 1 addition & 0 deletions b/‎crates/heartwood-device/Cargo.toml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎crates/heartwood-device/src/main.rs‎
Lines changed: 10 additions & 24 deletions b/‎crates/heartwood-device/src/main.rs‎
Lines changed: 10 additions & 24 deletions
diff --git a/‎crates/heartwood-device/src/storage.rs‎
Lines changed: 9 additions & 0 deletions b/‎crates/heartwood-device/src/storage.rs‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎crates/heartwood-device/src/tor.rs‎
Lines changed: 8 additions & 5 deletions b/‎crates/heartwood-device/src/tor.rs‎
Lines changed: 8 additions & 5 deletions
@@ -1,3 +1,10 @@
 /target
 .idea
 Cargo.lock
+
+# Private design docs (public docs like QUICKSTART.md are allowed)
+docs/specs/
+docs/plans/
+
+# Node dependencies
+bunker/node_modules/
@@ -0,0 +1,200 @@
+/**
+ * Heartwood NIP-46 Bunker — remote signing sidecar.
+ *
+ * Standalone daemon that holds the user's nsec and responds to signing
+ * requests from NIP-46 clients (Amber, NostrHub, etc.) over Nostr relays.
+ * Clients never see the nsec — only signatures and public keys leave the Pi.
+ *
+ * Reads secrets from /var/lib/heartwood/ (shared with heartwood-device).
+ */
+
+import { readFileSync, writeFileSync, existsSync } from 'node:fs'
+import { getConversationKey, encrypt, decrypt } from 'nostr-tools/nip44'
+import { finalizeEvent, getPublicKey, generateSecretKey } from 'nostr-tools/pure'
+import { decode as nip19decode } from 'nostr-tools/nip19'
+import { SimplePool } from 'nostr-tools/pool'
+import WebSocket from 'ws'
+
+globalThis.WebSocket = WebSocket
+
+const DATA_DIR = '/var/lib/heartwood'
+const DEFAULT_RELAYS = [
+  'wss://relay.damus.io',
+  'wss://relay.nostr.band',
+  'wss://nos.lol',
+  'wss://relay.trotters.cc',
+]
+
+// --- 1. Read nsec from master.secret ---
+
+const secretPath = `${DATA_DIR}/master.secret`
+if (!existsSync(secretPath)) {
+  console.error('FATAL: master.secret not found — is heartwood-device configured?')
+  process.exit(1)
+}
+
+const secretPayload = readFileSync(secretPath, 'utf-8').trim()
+if (!secretPayload.startsWith('bunker:')) {
+  console.error('FATAL: master.secret is not in bunker mode (expected "bunker:<nsec>")')
+  process.exit(1)
+}
+
+const nsec = secretPayload.slice('bunker:'.length)
+const { type, data: userSk } = nip19decode(nsec)
+if (type !== 'nsec') {
+  console.error('FATAL: invalid nsec in master.secret')
+  process.exit(1)
+}
+
+const userPk = getPublicKey(userSk)
+
+// --- 2. Read relay list from config.json ---
+
+let relays = DEFAULT_RELAYS
+const configPath = `${DATA_DIR}/config.json`
+if (existsSync(configPath)) {
+  try {
+    const config = JSON.parse(readFileSync(configPath, 'utf-8'))
+    if (Array.isArray(config.relays) && config.relays.length > 0) {
+      relays = config.relays
+    }
+  } catch {
+    console.warn('WARN: could not parse config.json, using default relays')
+  }
+}
+
+// --- 3. Load or generate bunker keypair ---
+
+const bunkerKeyPath = `${DATA_DIR}/bunker.key`
+let bunkerSk
+
+if (existsSync(bunkerKeyPath)) {
+  const hex = readFileSync(bunkerKeyPath, 'utf-8').trim()
+  bunkerSk = Uint8Array.from(Buffer.from(hex, 'hex'))
+} else {
+  bunkerSk = generateSecretKey()
+  const hex = Buffer.from(bunkerSk).toString('hex')
+  writeFileSync(bunkerKeyPath, hex, { mode: 0o600 })
+  console.log('Generated new bunker keypair')
+}
+
+const bunkerPk = getPublicKey(bunkerSk)
+
+// --- 4. Connect to relays and subscribe ---
+
+const pool = new SimplePool()
+
+pool.subscribeMany(
+  relays,
+  { kinds: [24133], '#p': [bunkerPk] },
+  {
+    onevent: async (event) => {
+      try {
+        await handleRequest(event)
+      } catch (e) {
+        console.error(`Error handling request: ${e.message}`)
+      }
+    },
+  },
+)
+
+// --- 5. Write bunker URI ---
+
+const relayParams = relays.map((r) => `relay=${encodeURIComponent(r)}`).join('&')
+const bunkerUri = `bunker://${bunkerPk}?${relayParams}`
+
+writeFileSync(`${DATA_DIR}/bunker-uri.txt`, bunkerUri)
+
+console.log(`Bunker started`)
+console.log(`  URI:     ${bunkerUri}`)
+console.log(`  Signing: ${userPk.slice(0, 12)}...`)
+console.log(`  Relays:  ${relays.join(', ')}`)
+
+// --- 6. Request handler ---
+
+async function handleRequest(event) {
+  const clientPk = event.pubkey
+  const conversationKey = getConversationKey(bunkerSk, clientPk)
+
+  let request
+  try {
+    const plaintext = decrypt(event.content, conversationKey)
+    request = JSON.parse(plaintext)
+  } catch {
+    console.error('Failed to decrypt request')
+    return
+  }
+
+  console.log(`Request ${request.id}: ${request.method}`)
+
+  let result = ''
+  let error
+
+  switch (request.method) {
+    case 'connect':
+      result = 'ack'
+      break
+
+    case 'ping':
+      result = 'pong'
+      break
+
+    case 'get_public_key':
+      result = userPk
+      break
+
+    case 'sign_event': {
+      const template = JSON.parse(request.params[0])
+      const signed = finalizeEvent(template, userSk)
+      result = JSON.stringify(signed)
+      break
+    }
+
+    case 'nip44_encrypt': {
+      const ck = getConversationKey(userSk, request.params[0])
+      result = encrypt(request.params[1], ck)
+      break
+    }
+
+    case 'nip44_decrypt': {
+      const ck = getConversationKey(userSk, request.params[0])
+      result = decrypt(request.params[1], ck)
+      break
+    }
+
+    default:
+      error = `unsupported method: ${request.method}`
+  }
+
+  // Build and publish encrypted response
+  const response = error
+    ? JSON.stringify({ id: request.id, result: '', error })
+    : JSON.stringify({ id: request.id, result })
+
+  const encrypted = encrypt(response, conversationKey)
+  const responseEvent = finalizeEvent(
+    {
+      kind: 24133,
+      created_at: Math.floor(Date.now() / 1000),
+      tags: [['p', clientPk]],
+      content: encrypted,
+    },
+    bunkerSk,
+  )
+
+  await Promise.any(pool.publish(relays, responseEvent))
+  console.log(`Response ${request.id}: ${error ?? 'ok'}`)
+}
+
+// --- 7. Clean shutdown ---
+
+function shutdown() {
+  console.log('Shutting down...')
+  pool.close(relays)
+  bunkerSk.fill(0)
+  userSk.fill(0)
+  process.exit(0)
+}
+
+process.on('SIGINT', shutdown)
+process.on('SIGTERM', shutdown)
@@ -0,0 +1,13 @@
+{
+  "name": "heartwood-bunker",
+  "version": "0.1.0",
+  "description": "NIP-46 remote signer sidecar for Heartwood",
+  "type": "module",
+  "scripts": {
+    "start": "node index.mjs"
+  },
+  "dependencies": {
+    "nostr-tools": "^2.23.0",
+    "ws": "^8.20.0"
+  }
+}
@@ -13,5 +13,5 @@ pub use encoding::{decode_npub, decode_nsec, encode_npub, encode_nsec};
 pub use persona::{derive_from_persona, derive_persona};
 pub use proof::{create_blind_proof, create_full_proof, verify_proof};
 pub use recover::recover;
-pub use root::{from_mnemonic, from_nsec, from_nsec_bytes};
+pub use root::{from_mnemonic, from_nsec, from_nsec_bytes, npub_from_nsec};
 pub use types::{HeartwoodError, Identity, LinkageProof, Persona, TreeRoot};
@@ -38,6 +38,19 @@ pub fn from_nsec_bytes(nsec_bytes: &[u8; 32]) -> Result<TreeRoot, HeartwoodError
     result
 }
 
+/// Validate an nsec and return its corresponding npub (no HMAC, no tree derivation).
+///
+/// This is for bunker mode: the nsec is used as-is for signing, and the
+/// returned npub is the identity the bunker signs on behalf of.
+pub fn npub_from_nsec(nsec: &str) -> Result<String, HeartwoodError> {
+    let nsec_bytes = decode_nsec(nsec)?;
+    let signing_key = SigningKey::from_bytes(&nsec_bytes)
+        .map_err(|e| HeartwoodError::Derivation(format!("invalid secret key: {e}")))?;
+    let verifying_key = signing_key.verifying_key();
+    let pubkey_bytes: [u8; 32] = verifying_key.to_bytes().into();
+    Ok(encode_npub(&pubkey_bytes))
+}
+
 /// Create a TreeRoot from a bech32-encoded nsec string.
 pub fn from_nsec(nsec: &str) -> Result<TreeRoot, HeartwoodError> {
     let mut nsec_bytes = decode_nsec(nsec)?;
 
@@ -19,3 +19,4 @@ serde_json = "1"
 tracing = "0.1"
 tracing-subscriber = "0.3"
 qrcode = "0.14"
+base64 = "0.22"
@@ -1,12 +1,7 @@
-// Scaffold modules -- many methods are wired up in later phases
-#[allow(dead_code)]
 mod audit;
 #[allow(dead_code)]
 mod oled;
-#[allow(dead_code)]
 mod storage;
-#[allow(dead_code)]
-mod tor;
 mod web;
 
 use std::sync::Arc;
@@ -20,7 +15,6 @@ async fn main() {
 
     let oled = oled::Oled::new();
     let storage = storage::Storage::new(None);
-    let tor = tor::TorManager::new();
     let audit_log = audit::AuditLog::new();
 
     oled.show_text("HEARTWOOD");
@@ -29,33 +23,25 @@ async fn main() {
         oled.show_text("SETUP MODE");
         info!("No master secret found. Entering setup mode.");
     } else {
-        info!("Master secret found. Waiting for PIN...");
-        oled.show_text("Enter PIN");
-    }
-
-    oled.show_text("Connecting to Tor...");
-    if let Some(onion) = tor.wait_for_onion(120).await {
-        // Log only a truncated form to avoid leaking the full .onion address.
-        // .onion addresses are ASCII, but use get() to be panic-free.
-        let truncated = onion.get(..8).unwrap_or(&onion);
-        info!("Tor hidden service ready: {}...", truncated);
-        oled.show_qr(&onion);
-    } else {
-        info!("Tor not available, running on local network only");
-        oled.show_text("heartwood.local");
+        info!("Master secret loaded.");
+        oled.show_text("READY");
     }
 
-    let state = Arc::new(web::AppState { audit_log: Mutex::new(audit_log) });
+    let state = Arc::new(web::AppState {
+        audit_log: Mutex::new(audit_log),
+        storage: Mutex::new(storage),
+    });
     let app = web::create_router(state);
 
-    let listener = match tokio::net::TcpListener::bind("127.0.0.1:8080").await {
+    let bind_addr = std::env::var("HEARTWOOD_BIND").unwrap_or_else(|_| "0.0.0.0:3000".to_string());
+    let listener = match tokio::net::TcpListener::bind(&bind_addr).await {
         Ok(l) => l,
         Err(e) => {
-            error!("Failed to bind 127.0.0.1:8080: {e}");
+            error!("Failed to bind {bind_addr}: {e}");
             std::process::exit(1);
         }
     };
-    info!("Web UI listening on 127.0.0.1:8080");
+    info!("Web UI listening on {bind_addr}");
     oled.show_text("READY");
 
     if let Err(e) = axum::serve(listener, app).await {
 
@@ -56,6 +56,15 @@ impl Storage {
         fs::read(self.secret_path())
     }
 
+    /// Delete the stored master secret, returning to setup mode.
+    pub fn delete_master_secret(&self) -> io::Result<()> {
+        let path = self.secret_path();
+        if path.exists() {
+            fs::remove_file(path)?;
+        }
+        Ok(())
+    }
+
     /// Persist a JSON config string to disk with restrictive permissions.
     pub fn save_config(&self, config: &str) -> io::Result<()> {
         self.ensure_dir()?;
 
@@ -17,20 +17,23 @@ pub struct TorManager {
 }
 
 impl TorManager {
-    /// Create a manager using the default onion directory
-    /// (`/var/lib/tor/heartwood`).
+    /// Create a manager using the default hostname file location.
+    ///
+    /// The systemd unit copies the Tor hostname file to `/var/lib/heartwood/`
+    /// before starting, since the Tor hidden service directory is restricted
+    /// to the `debian-tor` user.
     pub fn new() -> Self {
-        Self { onion_dir: PathBuf::from("/var/lib/tor/heartwood") }
+        Self { onion_dir: PathBuf::from("/var/lib/heartwood") }
     }
 
     /// Create a manager with a custom onion directory path.
     pub fn with_dir(onion_dir: PathBuf) -> Self {
         Self { onion_dir }
     }
 
-    /// Read the `.onion` hostname from Tor's `hostname` file, if present.
+    /// Read the `.onion` hostname from the copied `tor-hostname` file, if present.
     pub fn onion_address(&self) -> Option<String> {
-        let hostname_path = self.onion_dir.join("hostname");
+        let hostname_path = self.onion_dir.join("tor-hostname");
         fs::read_to_string(&hostname_path)
             .ok()
             .map(|s| s.trim().to_owned())