feat(ocap-kernel): add BIP39 mnemonic support for kernel identity seed recovery

[sirtimid]

Closes #778

Summary

Implements BIP39 mnemonic phrase support for kernel identity seed recovery, addressing #778.

Changes:

• Add @scure/bip39 dependency (audited, secure BIP39 implementation)
• Add generateMnemonic() to create new random mnemonics (12 or 24 words)
• Add isValidMnemonic() to validate BIP39 mnemonic phrases
• Add mnemonicToSeed() to derive a 32-byte seed using standard PBKDF2 derivation
• Add mnemonic option to Kernel.make() (recommended) and initRemoteComms()
• Throw error when mnemonic conflicts with existing identity (use resetStorage: true)
• Export new utility functions from package index

Usage:

import { generateMnemonic, Kernel } from '@metamask/ocap-kernel';

// Generate mnemonic for user to backup
const mnemonic = generateMnemonic();

// Initialize kernel with mnemonic
const kernel = await Kernel.make(platformServices, db, { mnemonic });
await kernel.initRemoteComms({ relays });

// Recovery: use same mnemonic on new device
const kernel = await Kernel.make(platformServices, db, {
  resetStorage: true,
  mnemonic: 'user provided recovery phrase...',
});

Implementation Notes

• Uses standard BIP39 PBKDF2-HMAC-SHA512 derivation (2048 iterations) for cryptographic soundness
• Supports all valid BIP39 mnemonic lengths (12, 15, 18, 21, 24 words)
• PBKDF2 is one-way, so users must generate and store mnemonic first if they want backup capability
• Random seeds (default when no mnemonic provided) cannot be backed up as mnemonics

Acceptance Criteria from Issue

• BIP39 mnemonic accepted for seed generation
• Same mnemonic always produces same peer ID
• Existing random seed generation still works (backward compatible)
• Mnemonic validation (checksum verification)
• Unit tests for mnemonic-based key derivation
• Documentation for backup/recovery procedures

Test plan

• Unit tests for generateMnemonic() - generates valid 12/24-word mnemonics
• Unit tests for isValidMnemonic() - validates all BIP39 lengths, rejects invalid checksums
• Unit tests for mnemonicToSeed() - deterministic PBKDF2 conversion, test vector verification
• Unit tests for initRemoteComms with mnemonic option - seed derivation, peer ID consistency
• Unit tests for error when mnemonic conflicts with existing identity
• E2E tests for identity recovery scenarios

🤖 Generated with Claude Code

---

Note

Adds recoverable kernel identities via BIP39 mnemonics and integrates them into initialization flows.

• New utils: generateMnemonic(), isValidMnemonic(), mnemonicToSeed() (exported from index.ts) using @scure/bip39
• Kernel.make and initRemoteComms accept optional mnemonic; initRemoteComms derives keySeed from it and logs usage
• Conflict handling: providing mnemonic when an identity exists throws a clear error; resetStorage: true enables recovery; initRemoteComms option takes precedence over constructor
• RemoteManager plumbs mnemonic; remote-comms.ts supports mnemonic-based seed derivation and preserves known relays behavior
• Docs: new docs/identity-backup-recovery.md; docs/usage.md updated with quick-start and link
• Tests: comprehensive unit tests for BIP39 utils and remote-comms mnemonic paths; Node E2E tests verify peer ID stability, conflicts, invalid mnemonics, and recovery
• Package changes: add @scure/bip39 dependency; adjust public exports and expected exports test

^{Written by Cursor Bugbot for commit f27b0e4. This will update automatically on new commits. Configure here.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​scure/​bip39@​2.0.1

View full report

[github-actions]

Coverage Report

Status	Category	Percentage	Covered / Total
🔵	Lines	88.43% ⬇️ -0.01%	5779 / 6535
🔵	Statements	88.31% ⬇️ -0.01%	5871 / 6648
🔵	Functions	87.26% ⬆️ +0.03%	1507 / 1727
🔵	Branches	84.96% ⬆️ +0.01%	2086 / 2455

File Coverage

File	Stmts	Branches	Functions	Lines	Uncovered Lines
Changed Files
packages/ocap-kernel/src/Kernel.ts	91.13% ⬇️ -3.53%	83.33% ⬇️ -4.17%	92.3% 🟰 ±0%	91.13% ⬇️ -3.53%	113-115, 120, 229-232, 414, 484
packages/ocap-kernel/src/index.ts	100% 🟰 ±0%	100% 🟰 ±0%	100% 🟰 ±0%	100% 🟰 ±0%
packages/ocap-kernel/src/remotes/types.ts	100% 🟰 ±0%	100% 🟰 ±0%	100% 🟰 ±0%	100% 🟰 ±0%
packages/ocap-kernel/src/remotes/kernel/RemoteManager.ts	98.27% ⬆️ +0.06%	100% 🟰 ±0%	100% 🟰 ±0%	98.27% ⬆️ +0.06%	125
packages/ocap-kernel/src/remotes/kernel/remote-comms.ts	100% 🟰 ±0%	100% 🟰 ±0%	100% 🟰 ±0%	100% 🟰 ±0%
packages/ocap-kernel/src/utils/bip39.ts	100%	100%	100%	100%

Generated in workflow #3381 for commit f27b0e4 by the Vitest Coverage Report Action

[grypez]

Early review to keep up with the PR.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

[cursor]

Invalid mnemonic causes irreversible identity loss before validation

High Severity

When resetStorage: true and mnemonic are provided to Kernel.make(), the identity keys (keySeed, peerId, ocapURLKey) are deleted immediately based only on whether options.mnemonic is truthy. The mnemonic is only validated later in initRemoteComms() when mnemonicToSeed() is called. If the mnemonic is invalid (typo, wrong checksum, etc.), the user's original identity is already irreversibly deleted, and the kernel cannot proceed with the invalid mnemonic either, resulting in data loss.

 

[grypez]

Interesting enough to punt to the backlog, but not really in the kernel's contract.