Phase 3: Nostr identity derivation + wifistr service discovery

- Add identity.c/h: HMAC-SHA512 derivation from nsec → npub, STA/AP MAC, SSID, AP IP
- Add nostr_event.c/h: NIP-01 event serialization + Schnorr signing (BIP-340)
- Add geohash.c/h: lat/lon to geohash encoding
- Add wifistr.c/h: kind 38787 event builder + WebSocket publish to Nostr relays
- Update config.c/h: nsec-based identity, Nostr relay/geo config, remove static SSID/IP
- Replace custom mbedTLS wallet with nucula library (libsecp256k1)
- Remove wallet.c/h, wallet_persist.c/h (replaced by nucula_lib component)
- Verified on Board A: derived SSID, captive portal, payment, wallet, wifistr publish

1 files changed, 20 insertions, 43 deletions

diff --git a/main/tollgate_api.c b/main/tollgate_api.c
index e6880e0..72ed726 100644
--- a/main/tollgate_api.c
+++ b/main/tollgate_api.c
@@ -3,7 +3,7 @@
 #include "config.h"
 #include "session.h"
 #include "firewall.h"
-#include "wallet.h"
+#include "nucula_wallet.h"
 #include "esp_log.h"
 #include "cJSON.h"
 #include "lwip/sockets.h"
@@ -194,6 +194,7 @@ static esp_err_t api_post_payment(httpd_req_t *req)
         return ESP_OK;
     }
     esp_err_t err = cashu_decode_token(body, token);
+    char *body_copy = strdup(body);
     free(body);
 
     if (err != ESP_OK) {
@@ -319,17 +320,7 @@ static esp_err_t api_post_payment(httpd_req_t *req)
     cJSON_free(json);
     cJSON_Delete(session_event);
 
-    {
-        wallet_proof_t wproofs[CASHU_MAX_PROOFS];
-        int wcount = token->proof_count > CASHU_MAX_PROOFS ? CASHU_MAX_PROOFS : token->proof_count;
-        for (int i = 0; i < wcount; i++) {
-            wproofs[i].amount = token->proofs[i].amount;
-            strncpy(wproofs[i].id, token->proofs[i].id, WALLET_KEYSET_ID_LEN - 1);
-            strncpy(wproofs[i].secret, token->proofs[i].secret, WALLET_SECRET_LEN - 1);
-            strncpy(wproofs[i].c, token->proofs[i].c, WALLET_SIG_LEN - 1);
-        }
-        wallet_add_proofs(wproofs, wcount);
-    }
+    nucula_wallet_receive(body_copy);
 
     free(states);
     free(token);
@@ -381,20 +372,18 @@ static esp_err_t api_get_whoami(httpd_req_t *req)
 
 static esp_err_t api_get_wallet(httpd_req_t *req)
 {
-    wallet_t *w = wallet_get();
     cJSON *root = cJSON_CreateObject();
-    cJSON_AddNumberToObject(root, "balance", (double)w->balance);
-    cJSON_AddNumberToObject(root, "proof_count", w->proof_count);
-    cJSON_AddNumberToObject(root, "keyset_count", w->keyset_count);
-
-    cJSON *proofs = cJSON_CreateArray();
-    for (int i = 0; i < w->proof_count; i++) {
-        cJSON *p = cJSON_CreateObject();
-        cJSON_AddNumberToObject(p, "amount", (double)w->proofs[i].amount);
-        cJSON_AddStringToObject(p, "id", w->proofs[i].id);
-        cJSON_AddItemToArray(proofs, p);
+    cJSON_AddNumberToObject(root, "balance", (double)nucula_wallet_balance());
+    cJSON_AddNumberToObject(root, "proof_count", nucula_wallet_proof_count());
+
+    char *proofs_json = nucula_wallet_proofs_json();
+    if (proofs_json) {
+        cJSON *proofs = cJSON_Parse(proofs_json);
+        free(proofs_json);
+        cJSON_AddItemToObject(root, "proofs", proofs);
+    } else {
+        cJSON_AddItemToObject(root, "proofs", cJSON_CreateArray());
     }
-    cJSON_AddItemToObject(root, "proofs", proofs);
 
     char *json = cJSON_PrintUnformatted(root);
     httpd_resp_set_type(req, "application/json");
@@ -406,27 +395,16 @@ static esp_err_t api_get_wallet(httpd_req_t *req)
 
 static esp_err_t api_post_wallet_swap(httpd_req_t *req)
 {
-    const tollgate_config_t *cfg = tollgate_config_get();
-
-    if (wallet_balance() == 0) {
+    if (nucula_wallet_balance() == 0) {
         httpd_resp_set_status(req, "400 Bad Request");
         httpd_resp_set_type(req, "application/json");
         httpd_resp_send(req, "{\"error\":\"no proofs to swap\"}", 27);
         return ESP_OK;
     }
 
-    wallet_print_status();
-
-    esp_err_t err = wallet_fetch_keysets(cfg->mint_url);
-    if (err != ESP_OK) {
-        httpd_resp_set_status(req, "502 Bad Gateway");
-        httpd_resp_set_type(req, "application/json");
-        httpd_resp_send(req, "{\"error\":\"keyset fetch failed\"}", 29);
-        return ESP_OK;
-    }
+    nucula_wallet_print_status();
 
-    wallet_t *w = wallet_get();
-    err = wallet_swap_proofs(cfg->mint_url, 0, w->proof_count);
+    esp_err_t err = nucula_wallet_swap_all();
     if (err != ESP_OK) {
         httpd_resp_set_status(req, "502 Bad Gateway");
         httpd_resp_set_type(req, "application/json");
@@ -434,11 +412,11 @@ static esp_err_t api_post_wallet_swap(httpd_req_t *req)
         return ESP_OK;
     }
 
-    wallet_print_status();
+    nucula_wallet_print_status();
 
     cJSON *root = cJSON_CreateObject();
-    cJSON_AddNumberToObject(root, "balance", (double)wallet_balance());
-    cJSON_AddNumberToObject(root, "proof_count", wallet_get()->proof_count);
+    cJSON_AddNumberToObject(root, "balance", (double)nucula_wallet_balance());
+    cJSON_AddNumberToObject(root, "proof_count", nucula_wallet_proof_count());
     char *json = cJSON_PrintUnformatted(root);
     httpd_resp_set_type(req, "application/json");
     httpd_resp_send(req, json, strlen(json));
@@ -472,9 +450,8 @@ static esp_err_t api_post_wallet_send(httpd_req_t *req)
         return ESP_OK;
     }
 
-    const tollgate_config_t *cfg = tollgate_config_get();
     char token[4096];
-    esp_err_t err = wallet_send(cfg->mint_url, amount, token, sizeof(token));
+    esp_err_t err = nucula_wallet_send(amount, token, sizeof(token));
     if (err != ESP_OK) {
         httpd_resp_set_status(req, "402 Payment Required");
         httpd_resp_set_type(req, "text/plain");