feat(warp): backfill keys + passphrases + KDF salt + schema fixes

[oritwoen]

What

• Backfill all 6 WarpWallet challenges with hex + wif.decrypted + wif.passphrase from durable wiki sources. Re-derived locally; all 6 verify cryptographically.
• Add KDF salt as key.wif.salt (sibling of passphrase, since they form the KDF input pair). Only warp_challenge_2 is salted (a@b.c); unsalted entries omit the field.
• Structured prize_split: { public, private } for the two 20 BTC stakes (was a free-form sentence; now machine-readable, explains prize=20 vs on-chain funding=10).
• metadata.derivation documenting WarpWallet KDF (scrypt N=2^18,r=8,p=1 ⊕ PBKDF2 c=2^16) + reference impl URL.
• hint field per puzzle.
• build.rs::generate_warp extended: was hardcoding key: None, now emits via generate_key_code(...). WarpPuzzle struct gains key: Option<TomlKey>.
• Schema fixes:
  • add expired to status enum (was missing since warp introduction in feat(warp): add WarpWallet challenge collection #149 — Rust enum had it but JSON Schema didn't, IDE flagged warp entries as invalid).
  • add wif.salt definition; widen wif.passphrase doc to cover brainwallet KDF reuse.

Verification

• cargo test --all-features → 273 passed
• cargo run --features cli -- verify warp/<id> → ✓ for all 6
• cargo clippy --all-features -- -D warnings → clean
• cargo fmt --check → clean

Source of passphrases

Durable wiki under ~/.aei/wiki/entities/puzzles/warp/*.md:

• challenge_1: Je (2 chars unsalted)
• challenge_2: hvW (3 chars unsalted, locally re-derived 2026-05-07 via brute force)
• challenge_3: LsDmT CrashLogic (two r/Bitcoin usernames, reddit writeup)
• challenge_4: petecoper (HN top-100 karma name minus 2 chars, HN thread)
• warp_challenge_1: PuACRv0R (post-expiry Keybase disclosure)
• warp_challenge_2: HY4r0uWn salt a@b.c (post-expiry README of nachowski/warpwallet_cracker)

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 2ca0a351-33af-4024-bd22-5a7f7800bc17

📥 Commits

Reviewing files that changed from the base of the PR and between 8a3813a and 29d8661.

📒 Files selected for processing (5)

• build.rs
• data/schemas/definitions.schema.json
• data/warp.jsonc
• src/cli.rs
• src/puzzle.rs

📜 Recent review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: cubic · AI code reviewer

🧰 Additional context used

📓 Path-based instructions (5)

src/cli.rs

📄 CodeRabbit inference engine (AGENTS.md)

src/cli.rs: Implement CLI binary at src/cli.rs (not main.rs) using clap derive macros, callable via --features cli flag with output formatting (tabled, owo-colors, human-panic)
Organize CLI commands in src/cli.rs for: stats, list (with --unsolved filter), show (single puzzle), balance, and verify (with --all and --quiet flags)

Files:

• src/cli.rs

data/schemas/*.json

📄 CodeRabbit inference engine (AGENTS.md)

Validate puzzle data against JSON Schema files in data/schemas/ to ensure editor autocomplete and validation

Files:

• data/schemas/definitions.schema.json

src/puzzle.rs

📄 CodeRabbit inference engine (AGENTS.md)

src/puzzle.rs: Define Puzzle struct in src/puzzle.rs with 16 fields including: id, collection, title, description, status, author, solver, claimer, addresses, keys, metadata, and keep both Puzzle struct and build.rs codegen synchronized when modifying
Define Address struct in src/puzzle.rs with fields: value, chain, kind, hash160, witness_program
Define Key struct in src/puzzle.rs with fields: hex, wif, seed, bits, shares to support multiple key representations
Define Status enum in src/puzzle.rs with variants: Solved, Unsolved, Claimed, Swept, Expired
Define Chain enum in src/puzzle.rs supporting: Bitcoin, Ethereum, Litecoin, Monero, Decred, Arweave
Define Seed struct in src/puzzle.rs with BIP39 fields: phrase, path, xpub, entropy
Define Shares struct in src/puzzle.rs with SSSS fields: threshold, total, shares[] for Shamir Secret Sharing support
Define Profile struct in src/puzzle.rs for social/web profiles with fields: name, url
Define Author struct in src/puzzle.rs with fields: name, addresses[], profiles[] to track puzzle creators
Define Solver struct in src/puzzle.rs with fields: name, addresses[], profiles[] to track who revealed/found the key (solution), distinct from Claimer who swept the funds
Use Address kinds: P2PKH (legacy), P2SH (script), P2WPKH/P2WSH (SegWit), P2TR (Taproot) in src/puzzle.rs

Files:

• src/puzzle.rs

build.rs

📄 CodeRabbit inference engine (AGENTS.md)

build.rs: Ensure build.rs validates: key bits match hex, WIF↔hex consistency, and solver references are resolved during JSONC→Rust codegen
Use cargo:rerun-if-changed in build.rs to trigger rebuild on any JSONC changes in data/ directory

Files:

• build.rs

data/*.jsonc

📄 CodeRabbit inference engine (AGENTS.md)

Store all puzzle data in data/*.jsonc files (arweave, b1000, ballet, bitaps, bitimage, gsmg, hash_collision, warp, zden) - do not hardcode puzzle data in Rust source

Files:

• data/warp.jsonc

🧠 Learnings (1)

📚 Learning: 2026-02-21T06:17:12.647Z

Learnt from: oritwoen
Repo: oritwoen/boha PR: 111
File: data/arweave.jsonc:21-21
Timestamp: 2026-02-21T06:17:12.647Z
Learning: In data/*.jsonc puzzle data files, enforce that the 'name' field contains only the puzzle identifier (e.g., 'weave1', 'kitten', 'Level 1'), not the full 'collection/identifier' format. The full ID (e.g., 'arweave/weave1', 'bitimage/kitten') should be constructed at build time or runtime by the Rust code in build.rs and related collection modules. During code reviews, verify that 'name' does not contain the collection prefix and that the build/runtime logic assembles the complete ID consistently from these identifiers.

Applied to files:

• data/warp.jsonc

🔇 Additional comments (9)

src/cli.rs (2)

590-595: Salt field rendering is correctly conditional.

This only shows salt when present, so unsalted records do not get noisy empty output.

---

983-992: Search coverage for WIF KDF inputs is wired correctly.

key.wif.passphrase and key.wif.salt are now searchable through the same matching path and scoring flow.

src/puzzle.rs (1)

289-293: WIF model extension is clean and compatible.

Adding optional salt alongside passphrase correctly captures Warp-style derivation metadata without breaking existing records.

build.rs (2)

957-964: Salt propagation through WIF codegen is complete.

Parse model, generated output, and derived fallback handling all stay consistent for the new field.

Also applies to: 1001-1006

---

527-528: Warp key data is now emitted instead of being discarded.

This closes the previous gap where warp puzzles always generated with key: None.

Also applies to: 2398-2398, 2416-2417, 2437-2437

data/schemas/definitions.schema.json (2)

55-57: Status enum update is correctly reflected in schema.

Including expired here keeps validation aligned with runtime status handling.

---

207-212: WIF schema now covers both KDF inputs.

The passphrase wording and new salt property match the expanded WIF model.

data/warp.jsonc (2)

193-200: Warp key backfill is consistent, including optional salt semantics.

Unsalted entries omit wif.salt, and the salted challenge carries the explicit salt input.

Also applies to: 233-241

---

28-28: name values stay in identifier-only format.

This keeps ID construction clean in build/runtime code.

Based on learnings: "In data/*.jsonc puzzle data files, enforce that the 'name' field contains only the puzzle identifier ... The full ID should be constructed at build time or runtime."

Also applies to: 67-67, 106-106, 145-145, 184-184, 224-224

---

📝 Walkthrough

Walkthrough

This PR extends WIF structures with an optional salt field for brainwallet-style KDF derivations, updates JSON schema definitions to document the new field and an expired puzzle status, regenerates warp puzzle data with enriched metadata and key material, and integrates salt display into CLI output and search matching.

Changes

WIF Salt and Warp Key Material Support

Layer / File(s)	Summary
Data Shape & Schema src/puzzle.rs, data/schemas/definitions.schema.json	Wif struct adds salt: Option<&'static str> field; schema defines salt semantics (empty string vs null) and documents expired status.
Build-Time Code Generation build.rs	TomlWif parsing includes salt field; generate_wif_code serializes salt into generated Wif struct; WarpPuzzle gains optional key field; generate_warp computes key from puzzle data instead of hardcoding None.
Puzzle Data Enrichment data/warp.jsonc	Warp collection puzzles enriched with hints, metadata derivation info, and complete key material (wif.decrypted, wif.passphrase, wif.salt where applicable); warp challenges get prize_split fields.
CLI Display & Search src/cli.rs	Puzzle detail output conditionally displays WIF salt field; search matching extended to include wif.passphrase and wif.salt as queryable fields.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

The changes follow a consistent pattern across files: schema extension → code generation → data population → CLI wiring. No control flow changes, no new algorithms. Wif struct field addition is straightforward. Code generation follows existing patterns for handling optional fields.

Possibly related PRs

• oritwoen/boha#149: Preceding work on warp collection code paths and puzzle handling.

Suggested labels

enhancement

Suggested reviewers

• aeitwoen
• cubic-dev-ai

---

🔐 A salt now graces the WIF's shore,
Warp puzzles unlock with keys galore.
Build-time renders what once was none—
CLI searches the brainwallet's sum. 🧂

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	Title accurately summarizes the main changes: backfilling WarpWallet puzzle data, adding KDF salt support, and fixing schema definitions.
Description check	✅ Passed	Description is well-organized and directly related to the changeset, covering what was changed, verification steps, and sourcing of passphrases.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch warp-enrich-keys

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch warp-enrich-keys

Warning

Billing warning: we have not been able to collect payment for this subscription for more than 72 hours. Please update the payment method or pay any pending invoices in Billing to avoid service interruption.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cubic-dev-ai]

No issues found across 3 files

Confidence score: 5/5

• Automated review surfaced no issues in the provided summaries.
• No files require special attention.

Architecture diagram

sequenceDiagram
    participant Build as Build Script (build.rs)
    participant Schema as JSON Schema (definitions.schema.json)
    participant Data as Data File (warp.jsonc)
    participant Validator as Schema Validator
    participant CLI as CLI Tool
    
    Note over Build,CLI: Warp Puzzle Data Flow
    
    Build->>Build: generate_warp()
    Build->>Data: Read warp puzzle definitions
    Data-->>Build: Return puzzle data with keys, hints, salt
    
    alt Key field present
        Build->>Build: generate_key_code(puzzle.key)
        Build->>Build: NEW: Emit key object with hex, wif, passphrase, salt
    else Key field absent
        Build->>Build: Emit key: None (legacy behavior)
    end
    
    Build->>Build: Format prize_split as structured {public, private}
    Build->>Build: Set expired status for warp challenges
    
    Build->>Validator: Generate Rust code with new fields
    Validator->>Schema: Validate against definitions.schema.json
    Schema-->>Validator: Check enum values include "expired"
    Schema-->>Validator: Check wif.salt field definition
    
    alt Validation passes
        Validator-->>Build: OK
    else Validation fails
        Validator-->>Build: Error - invalid schema
        Build->>Build: Abort compilation
    end
    
    Note over Build,CLI: Runtime Verification Flow
    CLI->>CLI: verify warp/<id>
    CLI->>Data: Load puzzle data
    Data-->>CLI: Return key, passphrase, salt
    
    alt Warp Challenge 2 (salted)
        CLI->>CLI: Run KDF: scrypt XOR PBKDF2(passphrase, salt)
    else Unsalted puzzle
        CLI->>CLI: Run KDF: scrypt XOR PBKDF2(passphrase, "")
    end
    
    CLI->>CLI: Compare derived key against hex value
    alt Key matches
        CLI-->>CLI: Verification passed
    else Key mismatch
        CLI-->>CLI: Verification failed
    end

Loading

_{Auto-approved: Low-risk data backfill and schema updates with no logic/business impact. Changes are additive, verified cryptographically, and pass all tests/lints. Blast radius is minimal.}

[augmentcode]

🤖 Augment PR Summary

Summary: Enriches the WarpWallet collection by backfilling all six challenges with verified private key material and clarifying WarpWallet-specific metadata.

Changes:

• Adds per-puzzle key data (hex + decrypted WIF + passphrase) and per-puzzle hint fields in data/warp.jsonc.
• Introduces key.wif.salt for salted WarpWallet derivations and records KDF details + reference implementation URL in collection metadata.
• Structures prize_split for the 20 BTC WarpWallet challenges to explain public vs private funding.
• Extends build.rs codegen for the warp collection to emit the parsed key instead of hardcoding None.
• Fixes JSON Schema to include expired in the status enum and to define wif.salt.

_{🤖 Was this summary useful? React with 👍 or 👎}

[augmentcode]

Review completed. 1 suggestion posted.

Comment augment review to trigger a new review at any time.

[cubic-dev-ai]

0 issues found across 3 files (changes from recent commits).

_{Auto-approved: Changes are additive data backfill and schema enhancements for warp puzzles, with verified cryptographic integrity. All tests pass, risk is low, and no core logic is altered.}