Remote comms: BIP39 seed recovery for kernel identity

[sirtimid]

Problem

Currently, the kernel generates a new random seed on startup if none exists. There's no mechanism for users to backup or recover their kernel identity using a mnemonic phrase.

File: packages/ocap-kernel/src/remotes/kernel/remote-comms.ts:135-137

// XXX TODO: Instead of generating a new random seed unconditionally,
// this function should accept an optional BIP39 keyphrase parameter

Why This Matters

• Identity Loss: If kernel storage is lost/corrupted, the peer ID changes permanently
• No Backup: Users cannot backup their kernel identity
• No Portability: Cannot move kernel identity between devices
• OCAP URLs Break: URLs issued by the old identity become invalid

Expected Behavior

• Support BIP39 mnemonic phrase (12 or 24 words) for seed generation
• Allow seed export as mnemonic for backup
• Deterministic key derivation from mnemonic
• Backward compatible with existing random seed generation

Implementation

Files to Modify

File	Changes
kernel/remote-comms.ts	Add BIP39 support to generateKeyInfo()
remotes/types.ts	Extend RemoteCommsOptions with mnemonic option
Kernel.ts	Pass mnemonic option through to remote comms

Approach

1. Add BIP39 dependency

   yarn add bip39
   

2. Update generateKeyInfo() in remote-comms.ts

   export async function generateKeyInfo(
     kernelStore: KernelStore,
     mnemonic?: string,
   ): Promise<KeyInfo> {
     let seed: Uint8Array;
     
     if (mnemonic) {
       // Derive seed from mnemonic
       seed = bip39.mnemonicToSeedSync(mnemonic).slice(0, 32);
     } else {
       // Check for existing seed or generate new random one
       const existingSeed = kernelStore.getRemoteCommsSeed();
       seed = existingSeed ?? crypto.getRandomValues(new Uint8Array(32));
     }
     
     // ... rest of key generation
   }

3. Add seed export functionality

   export function exportSeedAsMnemonic(seed: Uint8Array): string {
     return bip39.entropyToMnemonic(seed);
   }

4. Extend RemoteCommsOptions

   type RemoteCommsOptions = {
     // ... existing options
     mnemonic?: string;  // BIP39 mnemonic for seed recovery
   };

Security Considerations

• Mnemonic should never be logged
• Consider memory protection for seed material
• Validate mnemonic checksum before use
• Document secure backup practices for users

Acceptance Criteria

• BIP39 mnemonic accepted for seed generation
• Same mnemonic always produces same peer ID
• Seed can be exported as mnemonic for backup
• Existing random seed generation still works (backward compatible)
• Mnemonic validation (checksum verification)
• Unit tests for mnemonic-based key derivation
• Documentation for backup/recovery procedures