@arkade-os/sdk 0.3.0-alpha.8 → 0.3.0

package/dist/cjs/script/tapscript.js

@@ -36,10 +36,9 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.CLTVMultisigTapscript = exports.ConditionMultisigTapscript = exports.ConditionCSVMultisigTapscript = exports.CSVMultisigTapscript = exports.MultisigTapscript = exports.TapscriptType = void 0;
 exports.decodeTapscript = decodeTapscript;
 const bip68 = __importStar(require("bip68"));
-const script_js_1 = require("@scure/btc-signer/script.js");
-const payment_js_1 = require("@scure/btc-signer/payment.js");
+const btc_signer_1 = require("@scure/btc-signer");
 const base_1 = require("@scure/base");
-const MinimalScriptNum = (0, script_js_1.ScriptNum)(undefined, true);
+const MinimalScriptNum = (0, btc_signer_1.ScriptNum)(undefined, true);
 var TapscriptType;
 (function (TapscriptType) {
     TapscriptType["Multisig"] = "multisig";
@@ -109,7 +108,7 @@ var MultisigTapscript;
             return {
                 type: TapscriptType.Multisig,
                 params,
-                script: (0, payment_js_1.p2tr_ms)(params.pubkeys.length, params.pubkeys).script,
+                script: (0, btc_signer_1.p2tr_ms)(params.pubkeys.length, params.pubkeys).script,
             };
         }
         const asm = [];
@@ -126,7 +125,7 @@ var MultisigTapscript;
         return {
             type: TapscriptType.Multisig,
             params,
-            script: script_js_1.Script.encode(asm),
+            script: btc_signer_1.Script.encode(asm),
         };
     }
     MultisigTapscript.encode = encode;
@@ -151,7 +150,7 @@ var MultisigTapscript;
     MultisigTapscript.decode = decode;
     // <pubkey> CHECKSIG <pubkey> CHECKSIGADD <len_keys> NUMEQUAL
     function decodeChecksigAdd(script) {
-        const asm = script_js_1.Script.decode(script);
+        const asm = btc_signer_1.Script.decode(script);
         const pubkeys = [];
         let foundNumEqual = false;
         // Parse through ASM operations
@@ -201,7 +200,7 @@ var MultisigTapscript;
     }
     // <pubkey> CHECKSIGVERIFY <pubkey> CHECKSIG
     function decodeChecksig(script) {
-        const asm = script_js_1.Script.decode(script);
+        const asm = btc_signer_1.Script.decode(script);
         const pubkeys = [];
         // Parse through ASM operations
         for (let i = 0; i < asm.length; i++) {
@@ -278,7 +277,7 @@ var CSVMultisigTapscript;
         ];
         const multisigScript = MultisigTapscript.encode(params);
         const script = new Uint8Array([
-            ...script_js_1.Script.encode(asm),
+            ...btc_signer_1.Script.encode(asm),
             ...multisigScript.script,
         ]);
         return {
@@ -292,7 +291,7 @@ var CSVMultisigTapscript;
         if (script.length === 0) {
             throw new Error("Failed to decode: script is empty");
         }
-        const asm = script_js_1.Script.decode(script);
+        const asm = btc_signer_1.Script.decode(script);
         if (asm.length < 3) {
             throw new Error(`Invalid script: too short (expected at least 3)`);
         }
@@ -303,7 +302,7 @@ var CSVMultisigTapscript;
         if (asm[1] !== "CHECKSEQUENCEVERIFY" || asm[2] !== "DROP") {
             throw new Error("Invalid script: expected CHECKSEQUENCEVERIFY DROP");
         }
-        const multisigScript = new Uint8Array(script_js_1.Script.encode(asm.slice(3)));
+        const multisigScript = new Uint8Array(btc_signer_1.Script.encode(asm.slice(3)));
         let multisig;
         try {
             multisig = MultisigTapscript.decode(multisigScript);
@@ -361,7 +360,7 @@ var ConditionCSVMultisigTapscript;
     function encode(params) {
         const script = new Uint8Array([
             ...params.conditionScript,
-            ...script_js_1.Script.encode(["VERIFY"]),
+            ...btc_signer_1.Script.encode(["VERIFY"]),
             ...CSVMultisigTapscript.encode(params).script,
         ]);
         return {
@@ -375,7 +374,7 @@ var ConditionCSVMultisigTapscript;
         if (script.length === 0) {
             throw new Error("Failed to decode: script is empty");
         }
-        const asm = script_js_1.Script.decode(script);
+        const asm = btc_signer_1.Script.decode(script);
         if (asm.length < 1) {
             throw new Error(`Invalid script: too short (expected at least 1)`);
         }
@@ -388,8 +387,8 @@ var ConditionCSVMultisigTapscript;
         if (verifyIndex === -1) {
             throw new Error("Invalid script: missing VERIFY operation");
         }
-        const conditionScript = new Uint8Array(script_js_1.Script.encode(asm.slice(0, verifyIndex)));
-        const csvMultisigScript = new Uint8Array(script_js_1.Script.encode(asm.slice(verifyIndex + 1)));
+        const conditionScript = new Uint8Array(btc_signer_1.Script.encode(asm.slice(0, verifyIndex)));
+        const csvMultisigScript = new Uint8Array(btc_signer_1.Script.encode(asm.slice(verifyIndex + 1)));
         let csvMultisig;
         try {
             csvMultisig = CSVMultisigTapscript.decode(csvMultisigScript);
@@ -436,7 +435,7 @@ var ConditionMultisigTapscript;
     function encode(params) {
         const script = new Uint8Array([
             ...params.conditionScript,
-            ...script_js_1.Script.encode(["VERIFY"]),
+            ...btc_signer_1.Script.encode(["VERIFY"]),
             ...MultisigTapscript.encode(params).script,
         ]);
         return {
@@ -450,7 +449,7 @@ var ConditionMultisigTapscript;
         if (script.length === 0) {
             throw new Error("Failed to decode: script is empty");
         }
-        const asm = script_js_1.Script.decode(script);
+        const asm = btc_signer_1.Script.decode(script);
         if (asm.length < 1) {
             throw new Error(`Invalid script: too short (expected at least 1)`);
         }
@@ -463,8 +462,8 @@ var ConditionMultisigTapscript;
         if (verifyIndex === -1) {
             throw new Error("Invalid script: missing VERIFY operation");
         }
-        const conditionScript = new Uint8Array(script_js_1.Script.encode(asm.slice(0, verifyIndex)));
-        const multisigScript = new Uint8Array(script_js_1.Script.encode(asm.slice(verifyIndex + 1)));
+        const conditionScript = new Uint8Array(btc_signer_1.Script.encode(asm.slice(0, verifyIndex)));
+        const multisigScript = new Uint8Array(btc_signer_1.Script.encode(asm.slice(verifyIndex + 1)));
         let multisig;
         try {
             multisig = MultisigTapscript.decode(multisigScript);
@@ -515,7 +514,7 @@ var CLTVMultisigTapscript;
             "CHECKLOCKTIMEVERIFY",
             "DROP",
         ];
-        const timelockedScript = script_js_1.Script.encode(asm);
+        const timelockedScript = btc_signer_1.Script.encode(asm);
         const script = new Uint8Array([
             ...timelockedScript,
             ...MultisigTapscript.encode(params).script,
@@ -531,7 +530,7 @@ var CLTVMultisigTapscript;
         if (script.length === 0) {
             throw new Error("Failed to decode: script is empty");
         }
-        const asm = script_js_1.Script.decode(script);
+        const asm = btc_signer_1.Script.decode(script);
         if (asm.length < 3) {
             throw new Error(`Invalid script: too short (expected at least 3)`);
         }
@@ -542,7 +541,7 @@ var CLTVMultisigTapscript;
         if (asm[1] !== "CHECKLOCKTIMEVERIFY" || asm[2] !== "DROP") {
             throw new Error("Invalid script: expected CHECKLOCKTIMEVERIFY DROP");
         }
-        const multisigScript = new Uint8Array(script_js_1.Script.encode(asm.slice(3)));
+        const multisigScript = new Uint8Array(btc_signer_1.Script.encode(asm.slice(3)));
         let multisig;
         try {
             multisig = MultisigTapscript.decode(multisigScript);

package/dist/cjs/script/vhtlc.js

@@ -1,7 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.VHTLC = void 0;
-const script_js_1 = require("@scure/btc-signer/script.js");
+const btc_signer_1 = require("@scure/btc-signer");
 const tapscript_1 = require("./tapscript");
 const base_1 = require("@scure/base");
 const base_2 = require("./base");
@@ -158,5 +158,5 @@ var VHTLC;
     }
 })(VHTLC || (exports.VHTLC = VHTLC = {}));
 function preimageConditionScript(preimageHash) {
-    return script_js_1.Script.encode(["HASH160", preimageHash, "EQUAL"]);
+    return btc_signer_1.Script.encode(["HASH160", preimageHash, "EQUAL"]);
 }

package/dist/cjs/tree/signingSession.js

@@ -57,15 +57,15 @@ class TreeSignerSession {
         const secretKey = (0, utils_js_1.randomPrivateKeyBytes)();
         return new TreeSignerSession(secretKey);
     }
-    init(tree, scriptRoot, rootInputAmount) {
+    async init(tree, scriptRoot, rootInputAmount) {
         this.graph = tree;
         this.scriptRoot = scriptRoot;
         this.rootSharedOutputAmount = rootInputAmount;
     }
-    getPublicKey() {
+    async getPublicKey() {
         return secp256k1_js_1.secp256k1.getPublicKey(this.secretKey);
     }
-    getNonces() {
+    async getNonces() {
         if (!this.graph)
             throw exports.ErrMissingVtxoGraph;
         if (!this.myNonces) {
@@ -77,12 +77,46 @@ class TreeSignerSession {
         }
         return publicNonces;
     }
-    setAggregatedNonces(nonces) {
-        if (this.aggregateNonces)
-            throw new Error("nonces already set");
-        this.aggregateNonces = nonces;
+    async aggregatedNonces(txid, noncesByPubkey) {
+        if (!this.graph)
+            throw exports.ErrMissingVtxoGraph;
+        if (!this.aggregateNonces) {
+            this.aggregateNonces = new Map();
+        }
+        if (!this.myNonces) {
+            await this.getNonces(); // generate nonces if not generated yet
+        }
+        if (this.aggregateNonces.has(txid)) {
+            return {
+                hasAllNonces: this.aggregateNonces.size === this.myNonces?.size,
+            };
+        }
+        const myNonce = this.myNonces.get(txid);
+        if (!myNonce)
+            throw new Error(`missing nonce for txid ${txid}`);
+        const myPublicKey = await this.getPublicKey();
+        // set my nonce to not rely on server
+        noncesByPubkey.set(base_1.hex.encode(myPublicKey.subarray(1)), myNonce);
+        const tx = this.graph.find(txid);
+        if (!tx)
+            throw new Error(`missing tx for txid ${txid}`);
+        const cosigners = (0, unknownFields_1.getArkPsbtFields)(tx.root, 0, unknownFields_1.CosignerPublicKey).map((c) => base_1.hex.encode(c.key.subarray(1)) // xonly pubkey
+        );
+        const pubNonces = [];
+        for (const cosigner of cosigners) {
+            const nonce = noncesByPubkey.get(cosigner);
+            if (!nonce) {
+                throw new Error(`missing nonce for cosigner ${cosigner}`);
+            }
+            pubNonces.push(nonce.pubNonce);
+        }
+        const aggregateNonce = musig2.aggregateNonces(pubNonces);
+        this.aggregateNonces.set(txid, { pubNonce: aggregateNonce });
+        return {
+            hasAllNonces: this.aggregateNonces.size === this.myNonces?.size,
+        };
     }
-    sign() {
+    async sign() {
         if (!this.graph)
             throw exports.ErrMissingVtxoGraph;
         if (!this.aggregateNonces)
@@ -166,9 +200,8 @@ async function validateTreeSigs(finalAggregatedKey, sharedOutputAmount, vtxoTree
 function getPrevOutput(finalKey, graph, sharedOutputAmount, tx) {
     // generate P2TR script from musig2 final key
     const pkScript = script_js_1.Script.encode(["OP_1", finalKey.slice(1)]);
-    const txid = base_1.hex.encode((0, utils_js_1.sha256x2)(tx.toBytes(true)).reverse());
     // if the input is the root input, return the shared output amount
-    if (txid === graph.txid) {
+    if (tx.id === graph.txid) {
         return {
             amount: sharedOutputAmount,
             script: pkScript,
@@ -178,7 +211,7 @@ function getPrevOutput(finalKey, graph, sharedOutputAmount, tx) {
     const parentInput = tx.getInput(0);
     if (!parentInput.txid)
         throw new Error("missing parent input txid");
-    const parentTxid = base_1.hex.encode(new Uint8Array(parentInput.txid));
+    const parentTxid = base_1.hex.encode(parentInput.txid);
     const parent = graph.find(parentTxid);
     if (!parent)
         throw new Error("parent  tx not found");

package/dist/cjs/tree/txTree.js

@@ -4,7 +4,6 @@ exports.TxTree = void 0;
 const transaction_js_1 = require("@scure/btc-signer/transaction.js");
 const base_1 = require("@scure/base");
 const base_2 = require("@scure/base");
-const utils_js_1 = require("@scure/btc-signer/utils.js");
 /**
  * TxTree is a graph of bitcoin transactions.
  * It is used to represent batch tree created during settlement session
@@ -22,7 +21,7 @@ class TxTree {
         const chunksByTxid = new Map();
         for (const chunk of chunks) {
             const decodedChunk = decodeNode(chunk);
-            const txid = base_2.hex.encode((0, utils_js_1.sha256x2)(decodedChunk.tx.toBytes(true)).reverse());
+            const txid = decodedChunk.tx.id;
             chunksByTxid.set(txid, decodedChunk);
         }
         // Find the root chunks (the ones that aren't referenced as a child)
@@ -91,7 +90,7 @@ class TxTree {
             }
             child.validate();
             const childInput = child.root.getInput(0);
-            const parentTxid = base_2.hex.encode((0, utils_js_1.sha256x2)(this.root.toBytes(true)).reverse());
+            const parentTxid = this.root.id;
             // verify the input of the child is the output of the parent
             if (!childInput.txid ||
                 base_2.hex.encode(childInput.txid) !== parentTxid ||
@@ -126,7 +125,7 @@ class TxTree {
         return leaves;
     }
     get txid() {
-        return base_2.hex.encode((0, utils_js_1.sha256x2)(this.root.toBytes(true)).reverse());
+        return this.root.id;
     }
     find(txid) {
         if (txid === this.txid) {

package/dist/cjs/tree/validation.js

@@ -6,7 +6,6 @@ exports.validateVtxoTxGraph = validateVtxoTxGraph;
 const base_1 = require("@scure/base");
 const transaction_js_1 = require("@scure/btc-signer/transaction.js");
 const base_2 = require("@scure/base");
-const utils_js_1 = require("@scure/btc-signer/utils.js");
 const musig2_1 = require("../musig2");
 const unknownFields_1 = require("../utils/unknownFields");
 const ErrInvalidSettlementTx = (tx) => new Error(`invalid settlement transaction: ${tx}`);
@@ -31,7 +30,7 @@ function validateConnectorsTxGraph(settlementTxB64, connectorsGraph) {
     const settlementTx = transaction_js_1.Transaction.fromPSBT(base_2.base64.decode(settlementTxB64));
     if (settlementTx.outputsLength <= BATCH_OUTPUT_CONNECTORS_INDEX)
         throw exports.ErrInvalidSettlementTxOutputs;
-    const expectedRootTxid = base_1.hex.encode((0, utils_js_1.sha256x2)(settlementTx.toBytes(true)).reverse());
+    const expectedRootTxid = settlementTx.id;
     if (!rootInput.txid)
         throw exports.ErrWrongSettlementTxid;
     if (base_1.hex.encode(rootInput.txid) !== expectedRootTxid)
@@ -58,7 +57,7 @@ function validateVtxoTxGraph(graph, roundTransaction, sweepTapTreeRoot) {
         throw exports.ErrEmptyTree;
     }
     const rootInput = graph.root.getInput(0);
-    const commitmentTxid = base_1.hex.encode((0, utils_js_1.sha256x2)(roundTransaction.toBytes(true)).reverse());
+    const commitmentTxid = roundTransaction.id;
     if (!rootInput.txid ||
         base_1.hex.encode(rootInput.txid) !== commitmentTxid ||
         rootInput.index !== BATCH_OUTPUT_VTXO_INDEX) {

package/dist/cjs/utils/arkTransaction.js

@@ -2,13 +2,16 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.buildOffchainTx = buildOffchainTx;
 exports.hasBoardingTxExpired = hasBoardingTxExpired;
-const transaction_js_1 = require("@scure/btc-signer/transaction.js");
+exports.verifyTapscriptSignatures = verifyTapscriptSignatures;
+const secp256k1_js_1 = require("@noble/curves/secp256k1.js");
+const base_1 = require("@scure/base");
+const btc_signer_1 = require("@scure/btc-signer");
+const payment_js_1 = require("@scure/btc-signer/payment.js");
 const tapscript_1 = require("../script/tapscript");
-const base_1 = require("../script/base");
+const base_2 = require("../script/base");
 const anchor_1 = require("./anchor");
-const base_2 = require("@scure/base");
-const utils_js_1 = require("@scure/btc-signer/utils.js");
 const unknownFields_1 = require("./unknownFields");
+const transaction_1 = require("./transaction");
 /**
  * Builds an offchain transaction with checkpoint transactions.
  *
@@ -32,7 +35,7 @@ function buildOffchainTx(inputs, outputs, serverUnrollScript) {
 function buildVirtualTx(inputs, outputs) {
     let lockTime = 0n;
     for (const input of inputs) {
-        const tapscript = (0, tapscript_1.decodeTapscript)((0, base_1.scriptFromTapLeafScript)(input.tapLeafScript));
+        const tapscript = (0, tapscript_1.decodeTapscript)((0, base_2.scriptFromTapLeafScript)(input.tapLeafScript));
         if (tapscript_1.CLTVMultisigTapscript.is(tapscript)) {
             if (lockTime !== 0n) {
                 // if a locktime is already set, check if the new locktime is in the same unit
@@ -46,19 +49,17 @@ function buildVirtualTx(inputs, outputs) {
             }
         }
     }
-    const tx = new transaction_js_1.Transaction({
+    const tx = new transaction_1.Transaction({
         version: 3,
-        allowUnknown: true,
-        allowUnknownOutputs: true,
         lockTime: Number(lockTime),
     });
     for (const [i, input] of inputs.entries()) {
         tx.addInput({
             txid: input.txid,
             index: input.vout,
-            sequence: lockTime ? transaction_js_1.DEFAULT_SEQUENCE - 1 : undefined,
+            sequence: lockTime ? btc_signer_1.DEFAULT_SEQUENCE - 1 : undefined,
             witnessUtxo: {
-                script: base_1.VtxoScript.decode(input.tapTree).pkScript,
+                script: base_2.VtxoScript.decode(input.tapTree).pkScript,
                 amount: BigInt(input.value),
             },
             tapLeafScript: [input.tapLeafScript],
@@ -74,10 +75,9 @@ function buildVirtualTx(inputs, outputs) {
 }
 function buildCheckpointTx(vtxo, serverUnrollScript) {
     // create the checkpoint vtxo script from collaborative closure
-    const collaborativeClosure = (0, tapscript_1.decodeTapscript)(vtxo.checkpointTapLeafScript ??
-        (0, base_1.scriptFromTapLeafScript)(vtxo.tapLeafScript));
+    const collaborativeClosure = (0, tapscript_1.decodeTapscript)((0, base_2.scriptFromTapLeafScript)(vtxo.tapLeafScript));
     // create the checkpoint vtxo script combining collaborative closure and server unroll script
-    const checkpointVtxoScript = new base_1.VtxoScript([
+    const checkpointVtxoScript = new base_2.VtxoScript([
         serverUnrollScript.script,
         collaborativeClosure.script,
     ]);
@@ -89,10 +89,10 @@ function buildCheckpointTx(vtxo, serverUnrollScript) {
         },
     ]);
     // get the collaborative leaf proof
-    const collaborativeLeafProof = checkpointVtxoScript.findLeaf(base_2.hex.encode(collaborativeClosure.script));
+    const collaborativeLeafProof = checkpointVtxoScript.findLeaf(base_1.hex.encode(collaborativeClosure.script));
     // create the checkpoint input that will be used as input of the virtual tx
     const checkpointInput = {
-        txid: base_2.hex.encode((0, utils_js_1.sha256x2)(checkpointTx.toBytes(true)).reverse()),
+        txid: checkpointTx.id,
         vout: 0,
         value: vtxo.value,
         tapLeafScript: collaborativeLeafProof,
@@ -119,3 +119,93 @@ function hasBoardingTxExpired(coin, boardingTimelock) {
     const blockTime = BigInt(Math.floor(coin.status.block_time));
     return blockTime + boardingTimelock.value <= now;
 }
+/**
+ * Formats a sighash type as a hex string (e.g., 0x01)
+ */
+function formatSighash(type) {
+    return `0x${type.toString(16).padStart(2, "0")}`;
+}
+/**
+ * Verify tapscript signatures on a transaction input
+ * @param tx Transaction to verify
+ * @param inputIndex Index of the input to verify
+ * @param requiredSigners List of required signer pubkeys (hex encoded)
+ * @param excludePubkeys List of pubkeys to exclude from verification (hex encoded, e.g., server key not yet signed)
+ * @param allowedSighashTypes List of allowed sighash types (defaults to [SigHash.DEFAULT])
+ * @throws Error if verification fails
+ */
+function verifyTapscriptSignatures(tx, inputIndex, requiredSigners, excludePubkeys = [], allowedSighashTypes = [btc_signer_1.SigHash.DEFAULT]) {
+    const input = tx.getInput(inputIndex);
+    // Collect prevout scripts and amounts for ALL inputs (required for preimageWitnessV1)
+    const prevoutScripts = [];
+    const prevoutAmounts = [];
+    for (let i = 0; i < tx.inputsLength; i++) {
+        const inp = tx.getInput(i);
+        if (!inp.witnessUtxo) {
+            throw new Error(`Input ${i} is missing witnessUtxo`);
+        }
+        prevoutScripts.push(inp.witnessUtxo.script);
+        prevoutAmounts.push(inp.witnessUtxo.amount);
+    }
+    // Verify tapScriptSig signatures
+    if (!input.tapScriptSig || input.tapScriptSig.length === 0) {
+        throw new Error(`Input ${inputIndex} is missing tapScriptSig`);
+    }
+    // Verify each signature in tapScriptSig
+    for (const [tapScriptSigData, signature] of input.tapScriptSig) {
+        const pubKey = tapScriptSigData.pubKey;
+        const pubKeyHex = base_1.hex.encode(pubKey);
+        // Skip verification for excluded pubkeys
+        if (excludePubkeys.includes(pubKeyHex)) {
+            continue;
+        }
+        // Extract sighash type from signature
+        // Schnorr signatures are 64 bytes, with optional 1-byte sighash appended
+        const sighashType = signature.length === 65 ? signature[64] : btc_signer_1.SigHash.DEFAULT;
+        const sig = signature.subarray(0, 64);
+        // Verify sighash type is allowed
+        if (!allowedSighashTypes.includes(sighashType)) {
+            const sighashName = formatSighash(sighashType);
+            throw new Error(`Unallowed sighash type ${sighashName} for input ${inputIndex}, pubkey ${pubKeyHex}.`);
+        }
+        // Find the tapLeafScript that matches this signature's leafHash
+        if (!input.tapLeafScript || input.tapLeafScript.length === 0) {
+            throw new Error();
+        }
+        // Search for the leaf that matches the leafHash in tapScriptSigData
+        const leafHash = tapScriptSigData.leafHash;
+        const leafHashHex = base_1.hex.encode(leafHash);
+        let matchingScript;
+        let matchingVersion;
+        for (const [_, scriptWithVersion] of input.tapLeafScript) {
+            const script = scriptWithVersion.subarray(0, -1);
+            const version = scriptWithVersion[scriptWithVersion.length - 1];
+            // Compute the leaf hash for this script and compare as hex strings
+            const computedLeafHash = (0, payment_js_1.tapLeafHash)(script, version);
+            const computedHex = base_1.hex.encode(computedLeafHash);
+            if (computedHex === leafHashHex) {
+                matchingScript = script;
+                matchingVersion = version;
+                break;
+            }
+        }
+        if (!matchingScript || matchingVersion === undefined) {
+            throw new Error(`Input ${inputIndex}: No tapLeafScript found matching leafHash ${base_1.hex.encode(leafHash)}`);
+        }
+        // Reconstruct the message that was signed
+        // Note: preimageWitnessV1 requires ALL input prevout scripts and amounts
+        const message = tx.preimageWitnessV1(inputIndex, prevoutScripts, sighashType, prevoutAmounts, undefined, matchingScript, matchingVersion);
+        // Verify the schnorr signature
+        const isValid = secp256k1_js_1.schnorr.verify(sig, message, pubKey);
+        if (!isValid) {
+            throw new Error(`Invalid signature for input ${inputIndex}, pubkey ${pubKeyHex}`);
+        }
+    }
+    // Verify we have signatures from all required signers (excluding those we're skipping)
+    const signedPubkeys = input.tapScriptSig.map(([data]) => base_1.hex.encode(data.pubKey));
+    const requiredNotExcluded = requiredSigners.filter((pk) => !excludePubkeys.includes(pk));
+    const missingSigners = requiredNotExcluded.filter((pk) => !signedPubkeys.includes(pk));
+    if (missingSigners.length > 0) {
+        throw new Error(`Missing signatures from: ${missingSigners.map((pk) => pk.slice(0, 16)).join(", ")}...`);
+    }
+}

package/dist/cjs/utils/transaction.js

@@ -0,0 +1,28 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Transaction = void 0;
+const btc_signer_1 = require("@scure/btc-signer");
+/**
+ * Transaction is a wrapper around the @scure/btc-signer Transaction class.
+ * It adds the Ark protocol specific options to the transaction.
+ */
+class Transaction extends btc_signer_1.Transaction {
+    constructor(opts) {
+        super(withArkOpts(opts));
+    }
+    static fromPSBT(psbt_, opts) {
+        return btc_signer_1.Transaction.fromPSBT(psbt_, withArkOpts(opts));
+    }
+    static fromRaw(raw, opts) {
+        return btc_signer_1.Transaction.fromRaw(raw, withArkOpts(opts));
+    }
+}
+exports.Transaction = Transaction;
+Transaction.ARK_TX_OPTS = {
+    allowUnknown: true,
+    allowUnknownOutputs: true,
+    allowUnknownInputs: true,
+};
+function withArkOpts(opts) {
+    return { ...Transaction.ARK_TX_OPTS, ...opts };
+}

package/dist/cjs/utils/unknownFields.js

@@ -37,7 +37,7 @@ exports.VtxoTreeExpiry = exports.CosignerPublicKey = exports.ConditionWitness =
 exports.setArkPsbtField = setArkPsbtField;
 exports.getArkPsbtFields = getArkPsbtFields;
 const bip68 = __importStar(require("bip68"));
-const script_js_1 = require("@scure/btc-signer/script.js");
+const btc_signer_1 = require("@scure/btc-signer");
 const base_1 = require("@scure/base");
 /**
  * ArkPsbtFieldKey is the key values for ark psbt fields.
@@ -51,9 +51,9 @@ var ArkPsbtFieldKey;
 })(ArkPsbtFieldKey || (exports.ArkPsbtFieldKey = ArkPsbtFieldKey = {}));
 /**
  * ArkPsbtFieldKeyType is the type of the ark psbt field key.
- * Every ark psbt field has key type 255.
+ * Every ark psbt field has key type 222.
  */
-exports.ArkPsbtFieldKeyType = 255;
+exports.ArkPsbtFieldKeyType = 222;
 /**
  * setArkPsbtField appends a new unknown field to the input at inputIndex
  *
@@ -126,12 +126,12 @@ exports.ConditionWitness = {
             type: exports.ArkPsbtFieldKeyType,
             key: encodedPsbtFieldKey[ArkPsbtFieldKey.ConditionWitness],
         },
-        script_js_1.RawWitness.encode(value),
+        btc_signer_1.RawWitness.encode(value),
     ],
     decode: (value) => nullIfCatch(() => {
         if (!checkKeyIncludes(value[0], ArkPsbtFieldKey.ConditionWitness))
             return null;
-        return script_js_1.RawWitness.decode(value[1]);
+        return btc_signer_1.RawWitness.decode(value[1]);
     }),
 };
 /**
@@ -176,12 +176,12 @@ exports.VtxoTreeExpiry = {
             type: exports.ArkPsbtFieldKeyType,
             key: encodedPsbtFieldKey[ArkPsbtFieldKey.VtxoTreeExpiry],
         },
-        (0, script_js_1.ScriptNum)(6, true).encode(value.value === 0n ? 0n : value.value),
+        (0, btc_signer_1.ScriptNum)(6, true).encode(value.value === 0n ? 0n : value.value),
     ],
     decode: (unknown) => nullIfCatch(() => {
         if (!checkKeyIncludes(unknown[0], ArkPsbtFieldKey.VtxoTreeExpiry))
             return null;
-        const v = (0, script_js_1.ScriptNum)(6, true).decode(unknown[1]);
+        const v = (0, btc_signer_1.ScriptNum)(6, true).decode(unknown[1]);
         if (!v)
             return null;
         const { blocks, seconds } = bip68.decode(Number(v));

package/dist/cjs/wallet/onchain.js

@@ -2,12 +2,12 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.OnchainWallet = void 0;
 exports.selectCoins = selectCoins;
-const payment_js_1 = require("@scure/btc-signer/payment.js");
+const btc_signer_1 = require("@scure/btc-signer");
 const networks_1 = require("../networks");
 const onchain_1 = require("../providers/onchain");
-const transaction_js_1 = require("@scure/btc-signer/transaction.js");
 const anchor_1 = require("../utils/anchor");
 const txSizeEstimator_1 = require("../utils/txSizeEstimator");
+const transaction_1 = require("../utils/transaction");
 /**
  * Onchain Bitcoin wallet implementation for traditional Bitcoin transactions.
  *
@@ -39,7 +39,7 @@ class OnchainWallet {
         }
         const network = (0, networks_1.getNetwork)(networkName);
         const onchainProvider = provider || new onchain_1.EsploraProvider(onchain_1.ESPLORA_URL[networkName]);
-        const onchainP2TR = (0, payment_js_1.p2tr)(pubkey, undefined, network);
+        const onchainP2TR = (0, btc_signer_1.p2tr)(pubkey, undefined, network);
         return new OnchainWallet(identity, network, onchainP2TR, onchainProvider);
     }
     get address() {
@@ -80,7 +80,7 @@ class OnchainWallet {
         // Select coins
         const selected = selectCoins(coins, totalNeeded);
         // Create transaction
-        let tx = new transaction_js_1.Transaction();
+        let tx = new transaction_1.Transaction();
         // Add inputs
         for (const input of selected.inputs) {
             tx.addInput({
@@ -108,10 +108,9 @@ class OnchainWallet {
     }
     async bumpP2A(parent) {
         const parentVsize = parent.vsize;
-        let child = new transaction_js_1.Transaction({
-            allowUnknownInputs: true,
-            allowLegacyWitnessUtxo: true,
+        let child = new transaction_1.Transaction({
             version: 3,
+            allowLegacyWitnessUtxo: true,
         });
         child.addInput((0, anchor_1.findP2AOutput)(parent)); // throws if not found
         const childVsize = txSizeEstimator_1.TxWeightEstimator.create()

package/dist/cjs/wallet/serviceWorker/response.js

@@ -1,6 +1,11 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.Response = void 0;
+const base_1 = require("@scure/base");
+function getRandomId() {
+    const randomValue = crypto.getRandomValues(new Uint8Array(16));
+    return base_1.hex.encode(randomValue);
+}
 /**
  * Response is the namespace that contains the response types for the service worker.
  */
@@ -187,4 +192,31 @@ var Response;
         };
     }
     Response.walletReloaded = walletReloaded;
+    function isVtxoUpdate(response) {
+        return response.type === "VTXO_UPDATE";
+    }
+    Response.isVtxoUpdate = isVtxoUpdate;
+    function vtxoUpdate(newVtxos, spentVtxos) {
+        return {
+            type: "VTXO_UPDATE",
+            id: getRandomId(), // spontaneous update, not tied to a request
+            success: true,
+            spentVtxos,
+            newVtxos,
+        };
+    }
+    Response.vtxoUpdate = vtxoUpdate;
+    function isUtxoUpdate(response) {
+        return response.type === "UTXO_UPDATE";
+    }
+    Response.isUtxoUpdate = isUtxoUpdate;
+    function utxoUpdate(coins) {
+        return {
+            type: "UTXO_UPDATE",
+            id: getRandomId(), // spontaneous update, not tied to a request
+            success: true,
+            coins,
+        };
+    }
+    Response.utxoUpdate = utxoUpdate;
 })(Response || (exports.Response = Response = {}));