DamageBDD supports two admin wallet modes:

Add one or more admin accounts:

{damage, [
    {node_admins, [
        <<"ak_YourAdminPubKeyHere">>
    ]}
]}.

Multiple admins:

{node_admins, [
    <<"ak_admin1">>,
    <<"ak_admin2">>
]}.

When the node starts, it will prompt for missing secrets:

• Nostr NSEC
• Bitcoin RPC password
• LND/CLN rune(s)
• Other integration credentials

Keys are encrypted using DamageBDD’s secrets subsystem.

Triggered by:

damage:check_setup().

Store private key:

damage_ae:set_private_key(<<"ak_...">>, PrivateKeyBin).

Check custodial state:

damage_ae:is_custodial(<<"ak_...">>).

Returns:

• true → Node signs operations
• false → Non-custodial

Each user or admin AE account gets a dedicated wallet handler process:

Pid = damage_ae:get_wallet_proc(AeAccount).

Restart wallet process:

damage_ae:restart_wallet_proc(AeAccount).

These processes:

• Track spent balance
• Handle contract calls
• Cache AE & DAMAGE token balances
• Manage signing if custodial

After a feature run, the node invokes:

damage_ae:confirm_spend(Config, Context).

The admin wallet:

1. Executes the spend contract function
2. Commits the report hash & feature hash
3. Pays for the final transaction

This only works in custodial mode.

The cln module talks to a Core Lightning REST or plugin endpoint over TLS and WebSockets.:contentReference[oaicite:0]{index=0}

Configuration is read from the damage application environment:

cln_host

CLN host (e.g. "localhost" or a remote hostname)

cln_port

CLN HTTP/WebSocket port (e.g. 3010)

cln_wspath

WebSocket path (e.g. "/socket.io/" or plugin path)

cln_cacertfile

Path to CA cert file for TLS

cln_certfile

Client certificate file

cln_keyfile

Client key file

Secrets (stored via secrets):

cln_rune

Main CLN rune with sufficient permission for:

• getinfo
• listinvoices / listpeerchannels
• fundchannel
• listfunds
• holdinvoice / holdinvoicecancel (if used)

cln_readonly_rune

Read-only rune for WebSocket subscriptions (invoice events)

The LNURL and Lightning Address endpoints are served by the lnaddress module.:contentReference[oaicite:2]{index=2}

The bitcoin module integrates with Bitcoin Core over JSON-RPC.:contentReference[oaicite:5]{index=5}

Required damage / bop application env keys:

nostr_relay

Relay hostname (no scheme, TLS implied)

• Example: "nos.lol" or "relay.damus.io"

nostr_npub (damage)

DamageBDD npub (used for NIP-05 / nostr.json)

nostr_npub (bop)

Coordinator npub in bop app env (for coordinator)

Example:

{damage, [
    {nostr_relay, "nos.lol"},
    {nostr_npub, "npub1...damage..."},
    ...
]},
{bop, [
    {nostr_npub, "npub1...coordinator..."}
]}.

Secrets (via secrets):

damage_nostr_nsec

DamageBDD Nostr NSEC

(no term)

Other per-identity NSECs as required

damage_nostr is a gen_server that:

• Connects to the relay using gun over TLS
• Decodes the NSEC via bech32
• Derives a Schnorr public key
• Registers itself via gproc using the NSEC key:​:contentReference[oaicite:8]{index=8}

start_link(NsecKey) -> gen_server:start_link(?MODULE, [NsecKey], []).
...
gproc:reg_other({n, l, ?NOSTR_PROC(NsecKey)}, self()).

Runner APIs:

• damage_nostr:post_note/2,4
• damage_nostr:post_bdd/1,2
• damage_nostr:get_recent_posts/2
• damage_nostr:get_metadata/2
• damage_nostr:subscribe/1

lnaddress serves /.well-known/nostr.json and uses damage_nostr:get_nostr_json/0 to generate the mapping:

get_nostr_json() ->
    {ok, BopNpub} = application:get_env(bop, nostr_npub),
    {ok, DamageNpub} = application:get_env(damage, nostr_npub),
    #{
        names => #{
            asyncmind => list_to_binary(decode_npub(DamageNpub)),
            damage => list_to_binary(decode_npub(DamageNpub)),
            coordinator => list_to_binary(decode_npub(BopNpub))
        }
    }.

damage_nostr listens to CLN invoice-paid events:

handle_info({cln_event, invoice_paid, Invoice}, State) ->
    try
        zap_receipt_for_invoice(Invoice, State)
    catch
        _:Reason ->
            ?LOG_WARNING("Failed to send zap receipt: ~p", [Reason])
    end,
    {noreply, State};

zap_receipt_for_invoice/2:

• Extracts bolt11, description (zap request JSON), paid_at, payment_preimage
• Parses zap request via parse_zap_request/1
• Builds a NIP-57 zap receipt (kind 9735) with tags:
  • ["p", <recipient-pubkey>]
  • ["e", <original-event-id>] (optional)
  • ["a", ...] (optional)
  • ["P", <sender-pubkey>]
  • ["bolt11", ...]
  • ["description", <zap-request-json>]
  • ["preimage", ...] (optional)
• Signs and publishes to the relay (and any relays listed in tags)

The module also scans incoming Nostr events for BDD-like content referencing damagebdd and can trigger feature execution:​:contentReference[oaicite:11]{index=11}

• Extracts Feature ... text via regex
• Resolves npub → AE account
• Checks AE balance via damage_ae:balance/1
• Runs damage:execute_data/3
• Replies with success / failure status as a Nostr reply event

useradd -r -s /usr/sbin/nologin damagebdd

Then in sys.config:

{user, "damagebdd"},
{limit_users, ["damagebdd"]},
{root, false}.

Never set:

{root, true}.

Unless absolutely necessary.

It will significantly slow down execution.

All of the following must be stored via the secrets subsystem and never hard-coded:

• Admin AE private keys
• cln_rune and cln_readonly_rune
• bitcoin_rpc_password
• Nostr NSECs such as damage_nostr_nsec
• Any API tokens for external systems

Ensure the admin wallet has:

• Correct private key (custodial)
• Correct public key (non-custodial)
• Rights to interact with Damage Token contract