@arkade-os/sdk 0.3.0-alpha.7 → 0.3.1-alpha.0

package/dist/esm/tree/signingSession.js

@@ -3,7 +3,7 @@ import { Script } from "@scure/btc-signer/script.js";
 import { SigHash } from "@scure/btc-signer/transaction.js";
 import { hex } from "@scure/base";
 import { schnorr, secp256k1 } from "@noble/curves/secp256k1.js";
-import { randomPrivateKeyBytes, sha256x2 } from "@scure/btc-signer/utils.js";
+import { randomPrivateKeyBytes } from "@scure/btc-signer/utils.js";
 import { CosignerPublicKey, getArkPsbtFields } from '../utils/unknownFields.js';
 export const ErrMissingVtxoGraph = new Error("missing vtxo graph");
 export const ErrMissingAggregateKey = new Error("missing aggregate key");
@@ -20,15 +20,15 @@ export class TreeSignerSession {
         const secretKey = randomPrivateKeyBytes();
         return new TreeSignerSession(secretKey);
     }
-    init(tree, scriptRoot, rootInputAmount) {
+    async init(tree, scriptRoot, rootInputAmount) {
         this.graph = tree;
         this.scriptRoot = scriptRoot;
         this.rootSharedOutputAmount = rootInputAmount;
     }
-    getPublicKey() {
+    async getPublicKey() {
         return secp256k1.getPublicKey(this.secretKey);
     }
-    getNonces() {
+    async getNonces() {
         if (!this.graph)
             throw ErrMissingVtxoGraph;
         if (!this.myNonces) {
@@ -40,12 +40,12 @@ export class TreeSignerSession {
         }
         return publicNonces;
     }
-    setAggregatedNonces(nonces) {
+    async setAggregatedNonces(nonces) {
         if (this.aggregateNonces)
             throw new Error("nonces already set");
         this.aggregateNonces = nonces;
     }
-    sign() {
+    async sign() {
         if (!this.graph)
             throw ErrMissingVtxoGraph;
         if (!this.aggregateNonces)
@@ -128,9 +128,8 @@ export async function validateTreeSigs(finalAggregatedKey, sharedOutputAmount, v
 function getPrevOutput(finalKey, graph, sharedOutputAmount, tx) {
     // generate P2TR script from musig2 final key
     const pkScript = Script.encode(["OP_1", finalKey.slice(1)]);
-    const txid = hex.encode(sha256x2(tx.toBytes(true)).reverse());
     // if the input is the root input, return the shared output amount
-    if (txid === graph.txid) {
+    if (tx.id === graph.txid) {
         return {
             amount: sharedOutputAmount,
             script: pkScript,
@@ -140,7 +139,7 @@ function getPrevOutput(finalKey, graph, sharedOutputAmount, tx) {
     const parentInput = tx.getInput(0);
     if (!parentInput.txid)
         throw new Error("missing parent input txid");
-    const parentTxid = hex.encode(new Uint8Array(parentInput.txid));
+    const parentTxid = hex.encode(parentInput.txid);
     const parent = graph.find(parentTxid);
     if (!parent)
         throw new Error("parent  tx not found");

package/dist/esm/tree/txTree.js

@@ -1,7 +1,6 @@
 import { Transaction } from "@scure/btc-signer/transaction.js";
 import { base64 } from "@scure/base";
 import { hex } from "@scure/base";
-import { sha256x2 } from "@scure/btc-signer/utils.js";
 /**
  * TxTree is a graph of bitcoin transactions.
  * It is used to represent batch tree created during settlement session
@@ -19,7 +18,7 @@ export class TxTree {
         const chunksByTxid = new Map();
         for (const chunk of chunks) {
             const decodedChunk = decodeNode(chunk);
-            const txid = hex.encode(sha256x2(decodedChunk.tx.toBytes(true)).reverse());
+            const txid = decodedChunk.tx.id;
             chunksByTxid.set(txid, decodedChunk);
         }
         // Find the root chunks (the ones that aren't referenced as a child)
@@ -88,7 +87,7 @@ export class TxTree {
             }
             child.validate();
             const childInput = child.root.getInput(0);
-            const parentTxid = hex.encode(sha256x2(this.root.toBytes(true)).reverse());
+            const parentTxid = this.root.id;
             // verify the input of the child is the output of the parent
             if (!childInput.txid ||
                 hex.encode(childInput.txid) !== parentTxid ||
@@ -123,7 +122,7 @@ export class TxTree {
         return leaves;
     }
     get txid() {
-        return hex.encode(sha256x2(this.root.toBytes(true)).reverse());
+        return this.root.id;
     }
     find(txid) {
         if (txid === this.txid) {

package/dist/esm/tree/validation.js

@@ -1,7 +1,6 @@
 import { hex } from "@scure/base";
 import { Transaction } from "@scure/btc-signer/transaction.js";
 import { base64 } from "@scure/base";
-import { sha256x2 } from "@scure/btc-signer/utils.js";
 import { aggregateKeys } from '../musig2/index.js';
 import { CosignerPublicKey, getArkPsbtFields } from '../utils/unknownFields.js';
 export const ErrInvalidSettlementTx = (tx) => new Error(`invalid settlement transaction: ${tx}`);
@@ -25,7 +24,7 @@ export function validateConnectorsTxGraph(settlementTxB64, connectorsGraph) {
     const settlementTx = Transaction.fromPSBT(base64.decode(settlementTxB64));
     if (settlementTx.outputsLength <= BATCH_OUTPUT_CONNECTORS_INDEX)
         throw ErrInvalidSettlementTxOutputs;
-    const expectedRootTxid = hex.encode(sha256x2(settlementTx.toBytes(true)).reverse());
+    const expectedRootTxid = settlementTx.id;
     if (!rootInput.txid)
         throw ErrWrongSettlementTxid;
     if (hex.encode(rootInput.txid) !== expectedRootTxid)
@@ -52,7 +51,7 @@ export function validateVtxoTxGraph(graph, roundTransaction, sweepTapTreeRoot) {
         throw ErrEmptyTree;
     }
     const rootInput = graph.root.getInput(0);
-    const commitmentTxid = hex.encode(sha256x2(roundTransaction.toBytes(true)).reverse());
+    const commitmentTxid = roundTransaction.id;
     if (!rootInput.txid ||
         hex.encode(rootInput.txid) !== commitmentTxid ||
         rootInput.index !== BATCH_OUTPUT_VTXO_INDEX) {

package/dist/esm/utils/arkTransaction.js

@@ -1,9 +1,10 @@
-import { DEFAULT_SEQUENCE, Transaction, } from "@scure/btc-signer/transaction.js";
-import { CLTVMultisigTapscript, decodeTapscript } from '../script/tapscript.js';
+import { schnorr } from "@noble/curves/secp256k1.js";
+import { hex } from "@scure/base";
+import { DEFAULT_SEQUENCE, Transaction, SigHash } from "@scure/btc-signer";
+import { tapLeafHash } from "@scure/btc-signer/payment.js";
+import { CLTVMultisigTapscript, decodeTapscript, } from '../script/tapscript.js';
 import { scriptFromTapLeafScript, VtxoScript, } from '../script/base.js';
 import { P2A } from './anchor.js';
-import { hex } from "@scure/base";
-import { sha256x2 } from "@scure/btc-signer/utils.js";
 import { setArkPsbtField, VtxoTaprootTree } from './unknownFields.js';
 /**
  * Builds an offchain transaction with checkpoint transactions.
@@ -88,7 +89,7 @@ function buildCheckpointTx(vtxo, serverUnrollScript) {
     const collaborativeLeafProof = checkpointVtxoScript.findLeaf(hex.encode(collaborativeClosure.script));
     // create the checkpoint input that will be used as input of the virtual tx
     const checkpointInput = {
-        txid: hex.encode(sha256x2(checkpointTx.toBytes(true)).reverse()),
+        txid: checkpointTx.id,
         vout: 0,
         value: vtxo.value,
         tapLeafScript: collaborativeLeafProof,
@@ -103,3 +104,105 @@ const nLocktimeMinSeconds = 500000000n;
 function isSeconds(locktime) {
     return locktime >= nLocktimeMinSeconds;
 }
+export function hasBoardingTxExpired(coin, boardingTimelock) {
+    if (!coin.status.block_time)
+        return false;
+    if (boardingTimelock.value === 0n)
+        return true;
+    if (boardingTimelock.type !== "blocks")
+        return false; // TODO: handle get chain tip
+    // validate expiry in terms of seconds
+    const now = BigInt(Math.floor(Date.now() / 1000));
+    const blockTime = BigInt(Math.floor(coin.status.block_time));
+    return blockTime + boardingTimelock.value <= now;
+}
+/**
+ * Formats a sighash type as a hex string (e.g., 0x01)
+ */
+function formatSighash(type) {
+    return `0x${type.toString(16).padStart(2, "0")}`;
+}
+/**
+ * Verify tapscript signatures on a transaction input
+ * @param tx Transaction to verify
+ * @param inputIndex Index of the input to verify
+ * @param requiredSigners List of required signer pubkeys (hex encoded)
+ * @param excludePubkeys List of pubkeys to exclude from verification (hex encoded, e.g., server key not yet signed)
+ * @param allowedSighashTypes List of allowed sighash types (defaults to [SigHash.DEFAULT])
+ * @throws Error if verification fails
+ */
+export function verifyTapscriptSignatures(tx, inputIndex, requiredSigners, excludePubkeys = [], allowedSighashTypes = [SigHash.DEFAULT]) {
+    const input = tx.getInput(inputIndex);
+    // Collect prevout scripts and amounts for ALL inputs (required for preimageWitnessV1)
+    const prevoutScripts = [];
+    const prevoutAmounts = [];
+    for (let i = 0; i < tx.inputsLength; i++) {
+        const inp = tx.getInput(i);
+        if (!inp.witnessUtxo) {
+            throw new Error(`Input ${i} is missing witnessUtxo`);
+        }
+        prevoutScripts.push(inp.witnessUtxo.script);
+        prevoutAmounts.push(inp.witnessUtxo.amount);
+    }
+    // Verify tapScriptSig signatures
+    if (!input.tapScriptSig || input.tapScriptSig.length === 0) {
+        throw new Error(`Input ${inputIndex} is missing tapScriptSig`);
+    }
+    // Verify each signature in tapScriptSig
+    for (const [tapScriptSigData, signature] of input.tapScriptSig) {
+        const pubKey = tapScriptSigData.pubKey;
+        const pubKeyHex = hex.encode(pubKey);
+        // Skip verification for excluded pubkeys
+        if (excludePubkeys.includes(pubKeyHex)) {
+            continue;
+        }
+        // Extract sighash type from signature
+        // Schnorr signatures are 64 bytes, with optional 1-byte sighash appended
+        const sighashType = signature.length === 65 ? signature[64] : SigHash.DEFAULT;
+        const sig = signature.subarray(0, 64);
+        // Verify sighash type is allowed
+        if (!allowedSighashTypes.includes(sighashType)) {
+            const sighashName = formatSighash(sighashType);
+            throw new Error(`Unallowed sighash type ${sighashName} for input ${inputIndex}, pubkey ${pubKeyHex}.`);
+        }
+        // Find the tapLeafScript that matches this signature's leafHash
+        if (!input.tapLeafScript || input.tapLeafScript.length === 0) {
+            throw new Error();
+        }
+        // Search for the leaf that matches the leafHash in tapScriptSigData
+        const leafHash = tapScriptSigData.leafHash;
+        const leafHashHex = hex.encode(leafHash);
+        let matchingScript;
+        let matchingVersion;
+        for (const [_, scriptWithVersion] of input.tapLeafScript) {
+            const script = scriptWithVersion.subarray(0, -1);
+            const version = scriptWithVersion[scriptWithVersion.length - 1];
+            // Compute the leaf hash for this script and compare as hex strings
+            const computedLeafHash = tapLeafHash(script, version);
+            const computedHex = hex.encode(computedLeafHash);
+            if (computedHex === leafHashHex) {
+                matchingScript = script;
+                matchingVersion = version;
+                break;
+            }
+        }
+        if (!matchingScript || matchingVersion === undefined) {
+            throw new Error(`Input ${inputIndex}: No tapLeafScript found matching leafHash ${hex.encode(leafHash)}`);
+        }
+        // Reconstruct the message that was signed
+        // Note: preimageWitnessV1 requires ALL input prevout scripts and amounts
+        const message = tx.preimageWitnessV1(inputIndex, prevoutScripts, sighashType, prevoutAmounts, undefined, matchingScript, matchingVersion);
+        // Verify the schnorr signature
+        const isValid = schnorr.verify(sig, message, pubKey);
+        if (!isValid) {
+            throw new Error(`Invalid signature for input ${inputIndex}, pubkey ${pubKeyHex}`);
+        }
+    }
+    // Verify we have signatures from all required signers (excluding those we're skipping)
+    const signedPubkeys = input.tapScriptSig.map(([data]) => hex.encode(data.pubKey));
+    const requiredNotExcluded = requiredSigners.filter((pk) => !excludePubkeys.includes(pk));
+    const missingSigners = requiredNotExcluded.filter((pk) => !signedPubkeys.includes(pk));
+    if (missingSigners.length > 0) {
+        throw new Error(`Missing signatures from: ${missingSigners.map((pk) => pk.slice(0, 16)).join(", ")}...`);
+    }
+}

package/dist/esm/utils/unknownFields.js

@@ -1,5 +1,5 @@
 import * as bip68 from "bip68";
-import { RawWitness, ScriptNum } from "@scure/btc-signer/script.js";
+import { RawWitness, ScriptNum } from "@scure/btc-signer";
 import { hex } from "@scure/base";
 /**
  * ArkPsbtFieldKey is the key values for ark psbt fields.

package/dist/esm/wallet/index.js

@@ -4,7 +4,7 @@ export var TxType;
     TxType["TxReceived"] = "RECEIVED";
 })(TxType || (TxType = {}));
 export function isSpendable(vtxo) {
-    return vtxo.spentBy === undefined || vtxo.spentBy === "";
+    return !vtxo.isSpent;
 }
 export function isRecoverable(vtxo) {
     return vtxo.virtualStatus.state === "swept" && isSpendable(vtxo);

package/dist/esm/wallet/onchain.js

@@ -1,7 +1,6 @@
-import { p2tr } from "@scure/btc-signer/payment.js";
+import { Transaction, p2tr } from "@scure/btc-signer";
 import { getNetwork } from '../networks.js';
 import { ESPLORA_URL, EsploraProvider, } from '../providers/onchain.js';
-import { Transaction } from "@scure/btc-signer/transaction.js";
 import { findP2AOutput, P2A } from '../utils/anchor.js';
 import { TxWeightEstimator } from '../utils/txSizeEstimator.js';
 /**

package/dist/esm/wallet/serviceWorker/utils.js

@@ -1,3 +1,4 @@
+export const DEFAULT_DB_NAME = "arkade-service-worker";
 /**
  * setupServiceWorker sets up the service worker.
  * @param path - the path to the service worker script
@@ -44,11 +45,3 @@ export async function setupServiceWorker(path) {
         navigator.serviceWorker.addEventListener("error", onError);
     });
 }
-export function extendVirtualCoin(wallet, vtxo) {
-    return {
-        ...vtxo,
-        forfeitTapLeafScript: wallet.offchainTapscript.forfeit(),
-        intentTapLeafScript: wallet.offchainTapscript.exit(),
-        tapTree: wallet.offchainTapscript.encode(),
-    };
-}

package/dist/esm/wallet/serviceWorker/wallet.js

@@ -3,7 +3,7 @@ import { hex } from "@scure/base";
 import { IndexedDBStorageAdapter } from '../../storage/indexedDB.js';
 import { WalletRepositoryImpl } from '../../repositories/walletRepository.js';
 import { ContractRepositoryImpl } from '../../repositories/contractRepository.js';
-import { setupServiceWorker } from './utils.js';
+import { DEFAULT_DB_NAME, setupServiceWorker } from './utils.js';
 const isPrivateKeyIdentity = (identity) => {
     return typeof identity.toHex === "function";
 };
@@ -22,7 +22,7 @@ export class ServiceWorkerWallet {
     }
     static async create(options) {
         // Default to IndexedDB for service worker context
-        const storage = options.storage || new IndexedDBStorageAdapter("wallet-db");
+        const storage = new IndexedDBStorageAdapter(options.dbName || DEFAULT_DB_NAME, options.dbVersion);
         // Create repositories
         const walletRepo = new WalletRepositoryImpl(storage);
         const contractRepo = new ContractRepositoryImpl(storage);
@@ -31,7 +31,7 @@ export class ServiceWorkerWallet {
             ? options.identity
             : null;
         if (!identity) {
-            throw new Error("ServiceWorkerWallet.create() requires a Identity that can expose its private key");
+            throw new Error("ServiceWorkerWallet.create() requires a Identity that can expose a single private key");
         }
         // Extract private key for service worker initialization
         const privateKey = identity.toHex();
@@ -74,13 +74,9 @@ export class ServiceWorkerWallet {
         // Register and setup the service worker
         const serviceWorker = await setupServiceWorker(options.serviceWorkerPath);
         // Use the existing create method
-        return await ServiceWorkerWallet.create({
-            arkServerPublicKey: options.arkServerPublicKey,
-            arkServerUrl: options.arkServerUrl,
-            esploraUrl: options.esploraUrl,
-            identity: options.identity,
+        return ServiceWorkerWallet.create({
+            ...options,
             serviceWorker,
-            storage: options.storage,
         });
     }
     // send a message and wait for a response

package/dist/esm/wallet/serviceWorker/worker.js

@@ -1,6 +1,6 @@
 /// <reference lib="webworker" />
 import { SingleKey } from '../../identity/singleKey.js';
-import { isSpendable, isSubdust } from '../index.js';
+import { isRecoverable, isSpendable, isSubdust } from '../index.js';
 import { Wallet } from '../wallet.js';
 import { Request } from './request.js';
 import { Response } from './response.js';
@@ -10,15 +10,18 @@ import { RestIndexerProvider } from '../../providers/indexer.js';
 import { hex } from "@scure/base";
 import { IndexedDBStorageAdapter } from '../../storage/indexedDB.js';
 import { WalletRepositoryImpl, } from '../../repositories/walletRepository.js';
-import { extendVirtualCoin } from './utils.js';
+import { extendVirtualCoin } from '../utils.js';
+import { DEFAULT_DB_NAME } from './utils.js';
 /**
  * Worker is a class letting to interact with ServiceWorkerWallet from the client
  * it aims to be run in a service worker context
  */
 export class Worker {
-    constructor(messageCallback = () => { }) {
+    constructor(dbName = DEFAULT_DB_NAME, dbVersion = 1, messageCallback = () => { }) {
+        this.dbName = dbName;
+        this.dbVersion = dbVersion;
         this.messageCallback = messageCallback;
-        this.storage = new IndexedDBStorageAdapter("arkade-service-worker", 1);
+        this.storage = new IndexedDBStorageAdapter(dbName, dbVersion);
         this.walletRepository = new WalletRepositoryImpl(this.storage);
     }
     /**
@@ -74,6 +77,8 @@ export class Worker {
             this.incomingFundsSubscription();
         // Clear storage - this replaces vtxoRepository.close()
         await this.storage.clear();
+        // Reset in-memory caches by recreating the repository
+        this.walletRepository = new WalletRepositoryImpl(this.storage);
         this.wallet = undefined;
         this.arkProvider = undefined;
         this.indexerProvider = undefined;
@@ -102,7 +107,7 @@ export class Worker {
         const txs = await this.wallet.getTransactionHistory();
         if (txs)
             await this.walletRepository.saveTransactions(address, txs);
-        // stop previous subscriptions if any
+        // unsubscribe previous subscription if any
         if (this.incomingFundsSubscription)
             this.incomingFundsSubscription();
         // subscribe for incoming funds and notify all clients when new funds arrive
@@ -124,7 +129,7 @@ export class Worker {
                 // notify all clients about the vtxo update
                 this.sendMessageToAllClients("VTXO_UPDATE", JSON.stringify({ newVtxos, spentVtxos }));
             }
-            if (funds.type === "utxo" && funds.coins.length > 0) {
+            if (funds.type === "utxo") {
                 // notify all clients about the utxo update
                 this.sendMessageToAllClients("UTXO_UPDATE", JSON.stringify(funds.coins));
             }
@@ -351,23 +356,21 @@ export class Worker {
             return;
         }
         try {
-            let vtxos = await this.getSpendableVtxos();
-            if (!message.filter?.withRecoverable) {
-                if (!this.wallet)
-                    throw new Error("Wallet not initialized");
-                // exclude subdust is we don't want recoverable
-                const dustAmount = this.wallet?.dustAmount;
-                vtxos =
-                    dustAmount == null
-                        ? vtxos
-                        : vtxos.filter((v) => !isSubdust(v, dustAmount));
-            }
-            if (message.filter?.withRecoverable) {
-                // get also swept and spendable vtxos
-                const sweptVtxos = await this.getSweptVtxos();
-                vtxos.push(...sweptVtxos.filter(isSpendable));
-            }
-            event.source?.postMessage(Response.vtxos(message.id, vtxos));
+            const vtxos = await this.getSpendableVtxos();
+            const dustAmount = this.wallet.dustAmount;
+            const includeRecoverable = message.filter?.withRecoverable ?? false;
+            const filteredVtxos = includeRecoverable
+                ? vtxos
+                : vtxos.filter((v) => {
+                    if (dustAmount != null && isSubdust(v, dustAmount)) {
+                        return false;
+                    }
+                    if (isRecoverable(v)) {
+                        return false;
+                    }
+                    return true;
+                });
+            event.source?.postMessage(Response.vtxos(message.id, filteredVtxos));
         }
         catch (error) {
             console.error("Error getting vtxos:", error);
@@ -526,7 +529,6 @@ export class Worker {
     }
     async handleReloadWallet(event) {
         const message = event.data;
-        console.log("RELOAD_WALLET message received", message);
         if (!Request.isReloadWallet(message)) {
             console.error("Invalid RELOAD_WALLET message format", message);
             event.source?.postMessage(Response.error(message.id, "Invalid RELOAD_WALLET message format"));

package/dist/esm/wallet/unroll.js

@@ -1,8 +1,7 @@
-import { SigHash, Transaction } from "@scure/btc-signer/transaction.js";
-import { ChainTxType } from '../providers/indexer.js';
 import { base64, hex } from "@scure/base";
+import { SigHash, Transaction, TaprootControlBlock } from "@scure/btc-signer";
+import { ChainTxType } from '../providers/indexer.js';
 import { VtxoScript } from '../script/base.js';
-import { TaprootControlBlock, } from "@scure/btc-signer/psbt.js";
 import { TxWeightEstimator } from '../utils/txSizeEstimator.js';
 import { Wallet } from './wallet.js';
 export var Unroll;

package/dist/esm/wallet/utils.js

@@ -0,0 +1,8 @@
+export function extendVirtualCoin(wallet, vtxo) {
+    return {
+        ...vtxo,
+        forfeitTapLeafScript: wallet.offchainTapscript.forfeit(),
+        intentTapLeafScript: wallet.offchainTapscript.exit(),
+        tapTree: wallet.offchainTapscript.encode(),
+    };
+}