Two tools, two pages, one process — one file (app.py) that runs identically online (for testing) and offline (for the real signing). The wallet generator creates a fresh BIP39 / BIP84 destination wallet. The signer takes a private key + UTXOs and produces a raw signed transaction you can paste into slipstream.mara.com without ever exposing the public key to the public mempool.
Fresh 24-word BIP39 phrase from OS randomness, derived to native-segwit (bc1q) receive addresses on m/84'/0'/0'/0/*. Self-tested against official BIP39 / BIP32 / BIP84 vectors.
Build & sign a non-RBF sweep transaction from a puzzle (legacy P2PKH) address to your destination. Self-tested against the real block-170 transaction (Satoshi → Hal Finney) every run.
Open the signerpython app.py -- the cryptography is the exact same code paths you are testing right now.