Fix input validation and token selection bugs#4
Merged
Merged
Conversation
- select-proofs: replace greedy algorithm with recursive subset search that correctly finds optimal selections within the 110% budget (greedy missed valid combos like [60,50] when [70] was tried first) - Use slaw instead of slav for ship name parsing in ban/unban forms and verify-commit (prevents agent crash on malformed @p input) - Add parse-ud helper that validates all chars are digits before parsing, preventing garbage values from non-numeric input in sats-per-pr price and load-sats amount fields - Guard snag on keysets arrays with ?~ check to prevent crash on empty array from mint API response - Remove auto-deletion of completed verify entries on first poll to prevent race condition where second request gets "unknown" Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Groundwire Verification FailedThis PR will not be reviewed because commits are not signed by a recognized Groundwire ID. Why?This repository requires contributors to prove ownership of an onchain Groundwire identity. How to fix this
This repository is protected by Groundwire for GitHub. |
Tokens in the signature block are now encrypted so adversarial users can't read commit data and steal ecash proofs. Encryption flow: - Hook passes maintainer's ecash pubkey to /sign via ecash_pubkey field - Agent generates ephemeral Curve25519 keypair - DH shared secret via shar:ed:crypto(maintainer_pub, ephemeral_sec) - Keystream derived from SHA-256 counter mode on the shared secret - Token JSON XOR'd with keystream - Response includes ecash_ciphertext + ecash_ephemeral_pubkey (hex) Decryption (verify-commit): - Maintainer computes same shared secret: shar:ed:crypto(eph_pub, own_sec) - Same keystream derivation, XOR to recover plaintext - Parsed tokens then proceed through NUT-03 swap verification Agent changes: - ecash-encrypt/ecash-decrypt/stream-bytes helper arms - parse-token-list extracted as reusable helper - /sign: encrypts when ecash_pubkey provided, plaintext fallback - /verify-commit: tries encrypted path first, falls back to plaintext Hook changes: - Passes ecash_pubkey in sign request payload - Handles ecash_ciphertext + ecash_ephemeral_pubkey in response - Signature block uses ecash-ciphertext/ecash-ephemeral-pubkey fields Workflow changes: - Extracts ecash-ciphertext/ecash-ephemeral-pubkey from signature block - Forwards encrypted fields to verify-commit endpoint Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Follow-up bugfixes from code review of #3.
slawinstead ofslavfor ship name parsing prevents agent crash on malformed @p;parse-udvalidates digits before converting amountssnagon mint keyset arrays with?~checkTest plan
🤖 Generated with Claude Code