@arkade-os/sdk 0.3.0-alpha.8 → 0.3.0

package/dist/esm/tree/signingSession.js

@@ -3,7 +3,7 @@ import { Script } from "@scure/btc-signer/script.js";
 import { SigHash } from "@scure/btc-signer/transaction.js";
 import { hex } from "@scure/base";
 import { schnorr, secp256k1 } from "@noble/curves/secp256k1.js";
-import { randomPrivateKeyBytes, sha256x2 } from "@scure/btc-signer/utils.js";
+import { randomPrivateKeyBytes } from "@scure/btc-signer/utils.js";
 import { CosignerPublicKey, getArkPsbtFields } from '../utils/unknownFields.js';
 export const ErrMissingVtxoGraph = new Error("missing vtxo graph");
 export const ErrMissingAggregateKey = new Error("missing aggregate key");
@@ -20,15 +20,15 @@ export class TreeSignerSession {
         const secretKey = randomPrivateKeyBytes();
         return new TreeSignerSession(secretKey);
     }
-    init(tree, scriptRoot, rootInputAmount) {
+    async init(tree, scriptRoot, rootInputAmount) {
         this.graph = tree;
         this.scriptRoot = scriptRoot;
         this.rootSharedOutputAmount = rootInputAmount;
     }
-    getPublicKey() {
+    async getPublicKey() {
         return secp256k1.getPublicKey(this.secretKey);
     }
-    getNonces() {
+    async getNonces() {
         if (!this.graph)
             throw ErrMissingVtxoGraph;
         if (!this.myNonces) {
@@ -40,12 +40,46 @@ export class TreeSignerSession {
         }
         return publicNonces;
     }
-    setAggregatedNonces(nonces) {
-        if (this.aggregateNonces)
-            throw new Error("nonces already set");
-        this.aggregateNonces = nonces;
+    async aggregatedNonces(txid, noncesByPubkey) {
+        if (!this.graph)
+            throw ErrMissingVtxoGraph;
+        if (!this.aggregateNonces) {
+            this.aggregateNonces = new Map();
+        }
+        if (!this.myNonces) {
+            await this.getNonces(); // generate nonces if not generated yet
+        }
+        if (this.aggregateNonces.has(txid)) {
+            return {
+                hasAllNonces: this.aggregateNonces.size === this.myNonces?.size,
+            };
+        }
+        const myNonce = this.myNonces.get(txid);
+        if (!myNonce)
+            throw new Error(`missing nonce for txid ${txid}`);
+        const myPublicKey = await this.getPublicKey();
+        // set my nonce to not rely on server
+        noncesByPubkey.set(hex.encode(myPublicKey.subarray(1)), myNonce);
+        const tx = this.graph.find(txid);
+        if (!tx)
+            throw new Error(`missing tx for txid ${txid}`);
+        const cosigners = getArkPsbtFields(tx.root, 0, CosignerPublicKey).map((c) => hex.encode(c.key.subarray(1)) // xonly pubkey
+        );
+        const pubNonces = [];
+        for (const cosigner of cosigners) {
+            const nonce = noncesByPubkey.get(cosigner);
+            if (!nonce) {
+                throw new Error(`missing nonce for cosigner ${cosigner}`);
+            }
+            pubNonces.push(nonce.pubNonce);
+        }
+        const aggregateNonce = musig2.aggregateNonces(pubNonces);
+        this.aggregateNonces.set(txid, { pubNonce: aggregateNonce });
+        return {
+            hasAllNonces: this.aggregateNonces.size === this.myNonces?.size,
+        };
     }
-    sign() {
+    async sign() {
         if (!this.graph)
             throw ErrMissingVtxoGraph;
         if (!this.aggregateNonces)
@@ -128,9 +162,8 @@ export async function validateTreeSigs(finalAggregatedKey, sharedOutputAmount, v
 function getPrevOutput(finalKey, graph, sharedOutputAmount, tx) {
     // generate P2TR script from musig2 final key
     const pkScript = Script.encode(["OP_1", finalKey.slice(1)]);
-    const txid = hex.encode(sha256x2(tx.toBytes(true)).reverse());
     // if the input is the root input, return the shared output amount
-    if (txid === graph.txid) {
+    if (tx.id === graph.txid) {
         return {
             amount: sharedOutputAmount,
             script: pkScript,
@@ -140,7 +173,7 @@ function getPrevOutput(finalKey, graph, sharedOutputAmount, tx) {
     const parentInput = tx.getInput(0);
     if (!parentInput.txid)
         throw new Error("missing parent input txid");
-    const parentTxid = hex.encode(new Uint8Array(parentInput.txid));
+    const parentTxid = hex.encode(parentInput.txid);
     const parent = graph.find(parentTxid);
     if (!parent)
         throw new Error("parent  tx not found");

package/dist/esm/tree/txTree.js

@@ -1,7 +1,6 @@
 import { Transaction } from "@scure/btc-signer/transaction.js";
 import { base64 } from "@scure/base";
 import { hex } from "@scure/base";
-import { sha256x2 } from "@scure/btc-signer/utils.js";
 /**
  * TxTree is a graph of bitcoin transactions.
  * It is used to represent batch tree created during settlement session
@@ -19,7 +18,7 @@ export class TxTree {
         const chunksByTxid = new Map();
         for (const chunk of chunks) {
             const decodedChunk = decodeNode(chunk);
-            const txid = hex.encode(sha256x2(decodedChunk.tx.toBytes(true)).reverse());
+            const txid = decodedChunk.tx.id;
             chunksByTxid.set(txid, decodedChunk);
         }
         // Find the root chunks (the ones that aren't referenced as a child)
@@ -88,7 +87,7 @@ export class TxTree {
             }
             child.validate();
             const childInput = child.root.getInput(0);
-            const parentTxid = hex.encode(sha256x2(this.root.toBytes(true)).reverse());
+            const parentTxid = this.root.id;
             // verify the input of the child is the output of the parent
             if (!childInput.txid ||
                 hex.encode(childInput.txid) !== parentTxid ||
@@ -123,7 +122,7 @@ export class TxTree {
         return leaves;
     }
     get txid() {
-        return hex.encode(sha256x2(this.root.toBytes(true)).reverse());
+        return this.root.id;
     }
     find(txid) {
         if (txid === this.txid) {

package/dist/esm/tree/validation.js

@@ -1,7 +1,6 @@
 import { hex } from "@scure/base";
 import { Transaction } from "@scure/btc-signer/transaction.js";
 import { base64 } from "@scure/base";
-import { sha256x2 } from "@scure/btc-signer/utils.js";
 import { aggregateKeys } from '../musig2/index.js';
 import { CosignerPublicKey, getArkPsbtFields } from '../utils/unknownFields.js';
 export const ErrInvalidSettlementTx = (tx) => new Error(`invalid settlement transaction: ${tx}`);
@@ -25,7 +24,7 @@ export function validateConnectorsTxGraph(settlementTxB64, connectorsGraph) {
     const settlementTx = Transaction.fromPSBT(base64.decode(settlementTxB64));
     if (settlementTx.outputsLength <= BATCH_OUTPUT_CONNECTORS_INDEX)
         throw ErrInvalidSettlementTxOutputs;
-    const expectedRootTxid = hex.encode(sha256x2(settlementTx.toBytes(true)).reverse());
+    const expectedRootTxid = settlementTx.id;
     if (!rootInput.txid)
         throw ErrWrongSettlementTxid;
     if (hex.encode(rootInput.txid) !== expectedRootTxid)
@@ -52,7 +51,7 @@ export function validateVtxoTxGraph(graph, roundTransaction, sweepTapTreeRoot) {
         throw ErrEmptyTree;
     }
     const rootInput = graph.root.getInput(0);
-    const commitmentTxid = hex.encode(sha256x2(roundTransaction.toBytes(true)).reverse());
+    const commitmentTxid = roundTransaction.id;
     if (!rootInput.txid ||
         hex.encode(rootInput.txid) !== commitmentTxid ||
         rootInput.index !== BATCH_OUTPUT_VTXO_INDEX) {

package/dist/esm/utils/arkTransaction.js

@@ -1,10 +1,12 @@
-import { DEFAULT_SEQUENCE, Transaction, } from "@scure/btc-signer/transaction.js";
+import { schnorr } from "@noble/curves/secp256k1.js";
+import { hex } from "@scure/base";
+import { DEFAULT_SEQUENCE, SigHash } from "@scure/btc-signer";
+import { tapLeafHash } from "@scure/btc-signer/payment.js";
 import { CLTVMultisigTapscript, decodeTapscript, } from '../script/tapscript.js';
 import { scriptFromTapLeafScript, VtxoScript, } from '../script/base.js';
 import { P2A } from './anchor.js';
-import { hex } from "@scure/base";
-import { sha256x2 } from "@scure/btc-signer/utils.js";
 import { setArkPsbtField, VtxoTaprootTree } from './unknownFields.js';
+import { Transaction } from './transaction.js';
 /**
  * Builds an offchain transaction with checkpoint transactions.
  *
@@ -44,8 +46,6 @@ function buildVirtualTx(inputs, outputs) {
     }
     const tx = new Transaction({
         version: 3,
-        allowUnknown: true,
-        allowUnknownOutputs: true,
         lockTime: Number(lockTime),
     });
     for (const [i, input] of inputs.entries()) {
@@ -70,8 +70,7 @@ function buildVirtualTx(inputs, outputs) {
 }
 function buildCheckpointTx(vtxo, serverUnrollScript) {
     // create the checkpoint vtxo script from collaborative closure
-    const collaborativeClosure = decodeTapscript(vtxo.checkpointTapLeafScript ??
-        scriptFromTapLeafScript(vtxo.tapLeafScript));
+    const collaborativeClosure = decodeTapscript(scriptFromTapLeafScript(vtxo.tapLeafScript));
     // create the checkpoint vtxo script combining collaborative closure and server unroll script
     const checkpointVtxoScript = new VtxoScript([
         serverUnrollScript.script,
@@ -88,7 +87,7 @@ function buildCheckpointTx(vtxo, serverUnrollScript) {
     const collaborativeLeafProof = checkpointVtxoScript.findLeaf(hex.encode(collaborativeClosure.script));
     // create the checkpoint input that will be used as input of the virtual tx
     const checkpointInput = {
-        txid: hex.encode(sha256x2(checkpointTx.toBytes(true)).reverse()),
+        txid: checkpointTx.id,
         vout: 0,
         value: vtxo.value,
         tapLeafScript: collaborativeLeafProof,
@@ -115,3 +114,93 @@ export function hasBoardingTxExpired(coin, boardingTimelock) {
     const blockTime = BigInt(Math.floor(coin.status.block_time));
     return blockTime + boardingTimelock.value <= now;
 }
+/**
+ * Formats a sighash type as a hex string (e.g., 0x01)
+ */
+function formatSighash(type) {
+    return `0x${type.toString(16).padStart(2, "0")}`;
+}
+/**
+ * Verify tapscript signatures on a transaction input
+ * @param tx Transaction to verify
+ * @param inputIndex Index of the input to verify
+ * @param requiredSigners List of required signer pubkeys (hex encoded)
+ * @param excludePubkeys List of pubkeys to exclude from verification (hex encoded, e.g., server key not yet signed)
+ * @param allowedSighashTypes List of allowed sighash types (defaults to [SigHash.DEFAULT])
+ * @throws Error if verification fails
+ */
+export function verifyTapscriptSignatures(tx, inputIndex, requiredSigners, excludePubkeys = [], allowedSighashTypes = [SigHash.DEFAULT]) {
+    const input = tx.getInput(inputIndex);
+    // Collect prevout scripts and amounts for ALL inputs (required for preimageWitnessV1)
+    const prevoutScripts = [];
+    const prevoutAmounts = [];
+    for (let i = 0; i < tx.inputsLength; i++) {
+        const inp = tx.getInput(i);
+        if (!inp.witnessUtxo) {
+            throw new Error(`Input ${i} is missing witnessUtxo`);
+        }
+        prevoutScripts.push(inp.witnessUtxo.script);
+        prevoutAmounts.push(inp.witnessUtxo.amount);
+    }
+    // Verify tapScriptSig signatures
+    if (!input.tapScriptSig || input.tapScriptSig.length === 0) {
+        throw new Error(`Input ${inputIndex} is missing tapScriptSig`);
+    }
+    // Verify each signature in tapScriptSig
+    for (const [tapScriptSigData, signature] of input.tapScriptSig) {
+        const pubKey = tapScriptSigData.pubKey;
+        const pubKeyHex = hex.encode(pubKey);
+        // Skip verification for excluded pubkeys
+        if (excludePubkeys.includes(pubKeyHex)) {
+            continue;
+        }
+        // Extract sighash type from signature
+        // Schnorr signatures are 64 bytes, with optional 1-byte sighash appended
+        const sighashType = signature.length === 65 ? signature[64] : SigHash.DEFAULT;
+        const sig = signature.subarray(0, 64);
+        // Verify sighash type is allowed
+        if (!allowedSighashTypes.includes(sighashType)) {
+            const sighashName = formatSighash(sighashType);
+            throw new Error(`Unallowed sighash type ${sighashName} for input ${inputIndex}, pubkey ${pubKeyHex}.`);
+        }
+        // Find the tapLeafScript that matches this signature's leafHash
+        if (!input.tapLeafScript || input.tapLeafScript.length === 0) {
+            throw new Error();
+        }
+        // Search for the leaf that matches the leafHash in tapScriptSigData
+        const leafHash = tapScriptSigData.leafHash;
+        const leafHashHex = hex.encode(leafHash);
+        let matchingScript;
+        let matchingVersion;
+        for (const [_, scriptWithVersion] of input.tapLeafScript) {
+            const script = scriptWithVersion.subarray(0, -1);
+            const version = scriptWithVersion[scriptWithVersion.length - 1];
+            // Compute the leaf hash for this script and compare as hex strings
+            const computedLeafHash = tapLeafHash(script, version);
+            const computedHex = hex.encode(computedLeafHash);
+            if (computedHex === leafHashHex) {
+                matchingScript = script;
+                matchingVersion = version;
+                break;
+            }
+        }
+        if (!matchingScript || matchingVersion === undefined) {
+            throw new Error(`Input ${inputIndex}: No tapLeafScript found matching leafHash ${hex.encode(leafHash)}`);
+        }
+        // Reconstruct the message that was signed
+        // Note: preimageWitnessV1 requires ALL input prevout scripts and amounts
+        const message = tx.preimageWitnessV1(inputIndex, prevoutScripts, sighashType, prevoutAmounts, undefined, matchingScript, matchingVersion);
+        // Verify the schnorr signature
+        const isValid = schnorr.verify(sig, message, pubKey);
+        if (!isValid) {
+            throw new Error(`Invalid signature for input ${inputIndex}, pubkey ${pubKeyHex}`);
+        }
+    }
+    // Verify we have signatures from all required signers (excluding those we're skipping)
+    const signedPubkeys = input.tapScriptSig.map(([data]) => hex.encode(data.pubKey));
+    const requiredNotExcluded = requiredSigners.filter((pk) => !excludePubkeys.includes(pk));
+    const missingSigners = requiredNotExcluded.filter((pk) => !signedPubkeys.includes(pk));
+    if (missingSigners.length > 0) {
+        throw new Error(`Missing signatures from: ${missingSigners.map((pk) => pk.slice(0, 16)).join(", ")}...`);
+    }
+}

package/dist/esm/utils/transaction.js

@@ -0,0 +1,24 @@
+import { Transaction as BtcSignerTransaction } from "@scure/btc-signer";
+/**
+ * Transaction is a wrapper around the @scure/btc-signer Transaction class.
+ * It adds the Ark protocol specific options to the transaction.
+ */
+export class Transaction extends BtcSignerTransaction {
+    constructor(opts) {
+        super(withArkOpts(opts));
+    }
+    static fromPSBT(psbt_, opts) {
+        return BtcSignerTransaction.fromPSBT(psbt_, withArkOpts(opts));
+    }
+    static fromRaw(raw, opts) {
+        return BtcSignerTransaction.fromRaw(raw, withArkOpts(opts));
+    }
+}
+Transaction.ARK_TX_OPTS = {
+    allowUnknown: true,
+    allowUnknownOutputs: true,
+    allowUnknownInputs: true,
+};
+function withArkOpts(opts) {
+    return { ...Transaction.ARK_TX_OPTS, ...opts };
+}

package/dist/esm/utils/unknownFields.js

@@ -1,5 +1,5 @@
 import * as bip68 from "bip68";
-import { RawWitness, ScriptNum } from "@scure/btc-signer/script.js";
+import { RawWitness, ScriptNum } from "@scure/btc-signer";
 import { hex } from "@scure/base";
 /**
  * ArkPsbtFieldKey is the key values for ark psbt fields.
@@ -13,9 +13,9 @@ export var ArkPsbtFieldKey;
 })(ArkPsbtFieldKey || (ArkPsbtFieldKey = {}));
 /**
  * ArkPsbtFieldKeyType is the type of the ark psbt field key.
- * Every ark psbt field has key type 255.
+ * Every ark psbt field has key type 222.
  */
-export const ArkPsbtFieldKeyType = 255;
+export const ArkPsbtFieldKeyType = 222;
 /**
  * setArkPsbtField appends a new unknown field to the input at inputIndex
  *

package/dist/esm/wallet/onchain.js

@@ -1,9 +1,9 @@
-import { p2tr } from "@scure/btc-signer/payment.js";
+import { p2tr } from "@scure/btc-signer";
 import { getNetwork } from '../networks.js';
 import { ESPLORA_URL, EsploraProvider, } from '../providers/onchain.js';
-import { Transaction } from "@scure/btc-signer/transaction.js";
 import { findP2AOutput, P2A } from '../utils/anchor.js';
 import { TxWeightEstimator } from '../utils/txSizeEstimator.js';
+import { Transaction } from '../utils/transaction.js';
 /**
  * Onchain Bitcoin wallet implementation for traditional Bitcoin transactions.
  *
@@ -105,9 +105,8 @@ export class OnchainWallet {
     async bumpP2A(parent) {
         const parentVsize = parent.vsize;
         let child = new Transaction({
-            allowUnknownInputs: true,
-            allowLegacyWitnessUtxo: true,
             version: 3,
+            allowLegacyWitnessUtxo: true,
         });
         child.addInput(findP2AOutput(parent)); // throws if not found
         const childVsize = TxWeightEstimator.create()

package/dist/esm/wallet/serviceWorker/response.js

@@ -1,3 +1,8 @@
+import { hex } from "@scure/base";
+function getRandomId() {
+    const randomValue = crypto.getRandomValues(new Uint8Array(16));
+    return hex.encode(randomValue);
+}
 /**
  * Response is the namespace that contains the response types for the service worker.
  */
@@ -184,4 +189,31 @@ export var Response;
         };
     }
     Response.walletReloaded = walletReloaded;
+    function isVtxoUpdate(response) {
+        return response.type === "VTXO_UPDATE";
+    }
+    Response.isVtxoUpdate = isVtxoUpdate;
+    function vtxoUpdate(newVtxos, spentVtxos) {
+        return {
+            type: "VTXO_UPDATE",
+            id: getRandomId(), // spontaneous update, not tied to a request
+            success: true,
+            spentVtxos,
+            newVtxos,
+        };
+    }
+    Response.vtxoUpdate = vtxoUpdate;
+    function isUtxoUpdate(response) {
+        return response.type === "UTXO_UPDATE";
+    }
+    Response.isUtxoUpdate = isUtxoUpdate;
+    function utxoUpdate(coins) {
+        return {
+            type: "UTXO_UPDATE",
+            id: getRandomId(), // spontaneous update, not tied to a request
+            success: true,
+            coins,
+        };
+    }
+    Response.utxoUpdate = utxoUpdate;
 })(Response || (Response = {}));

package/dist/esm/wallet/serviceWorker/utils.js

@@ -1,3 +1,4 @@
+export const DEFAULT_DB_NAME = "arkade-service-worker";
 /**
  * setupServiceWorker sets up the service worker.
  * @param path - the path to the service worker script

package/dist/esm/wallet/serviceWorker/wallet.js

@@ -3,7 +3,7 @@ import { hex } from "@scure/base";
 import { IndexedDBStorageAdapter } from '../../storage/indexedDB.js';
 import { WalletRepositoryImpl } from '../../repositories/walletRepository.js';
 import { ContractRepositoryImpl } from '../../repositories/contractRepository.js';
-import { setupServiceWorker } from './utils.js';
+import { DEFAULT_DB_NAME, setupServiceWorker } from './utils.js';
 const isPrivateKeyIdentity = (identity) => {
     return typeof identity.toHex === "function";
 };
@@ -22,7 +22,7 @@ export class ServiceWorkerWallet {
     }
     static async create(options) {
         // Default to IndexedDB for service worker context
-        const storage = options.storage || new IndexedDBStorageAdapter("wallet-db");
+        const storage = new IndexedDBStorageAdapter(options.dbName || DEFAULT_DB_NAME, options.dbVersion);
         // Create repositories
         const walletRepo = new WalletRepositoryImpl(storage);
         const contractRepo = new ContractRepositoryImpl(storage);
@@ -31,7 +31,7 @@ export class ServiceWorkerWallet {
             ? options.identity
             : null;
         if (!identity) {
-            throw new Error("ServiceWorkerWallet.create() requires a Identity that can expose its private key");
+            throw new Error("ServiceWorkerWallet.create() requires a Identity that can expose a single private key");
         }
         // Extract private key for service worker initialization
         const privateKey = identity.toHex();
@@ -74,13 +74,9 @@ export class ServiceWorkerWallet {
         // Register and setup the service worker
         const serviceWorker = await setupServiceWorker(options.serviceWorkerPath);
         // Use the existing create method
-        return await ServiceWorkerWallet.create({
-            arkServerPublicKey: options.arkServerPublicKey,
-            arkServerUrl: options.arkServerUrl,
-            esploraUrl: options.esploraUrl,
-            identity: options.identity,
+        return ServiceWorkerWallet.create({
+            ...options,
             serviceWorker,
-            storage: options.storage,
         });
     }
     // send a message and wait for a response
@@ -257,6 +253,9 @@ export class ServiceWorkerWallet {
             return new Promise((resolve, reject) => {
                 const messageHandler = (event) => {
                     const response = event.data;
+                    if (response.id !== message.id) {
+                        return;
+                    }
                     if (!response.success) {
                         navigator.serviceWorker.removeEventListener("message", messageHandler);
                         reject(new Error(response.message));

package/dist/esm/wallet/serviceWorker/worker.js

@@ -1,6 +1,6 @@
 /// <reference lib="webworker" />
 import { SingleKey } from '../../identity/singleKey.js';
-import { isRecoverable, isSpendable, isSubdust } from '../index.js';
+import { isRecoverable, isSpendable, isSubdust, } from '../index.js';
 import { Wallet } from '../wallet.js';
 import { Request } from './request.js';
 import { Response } from './response.js';
@@ -10,15 +10,18 @@ import { RestIndexerProvider } from '../../providers/indexer.js';
 import { hex } from "@scure/base";
 import { IndexedDBStorageAdapter } from '../../storage/indexedDB.js';
 import { WalletRepositoryImpl, } from '../../repositories/walletRepository.js';
-import { extendVirtualCoin } from '../utils.js';
+import { extendCoin, extendVirtualCoin } from '../utils.js';
+import { DEFAULT_DB_NAME } from './utils.js';
 /**
  * Worker is a class letting to interact with ServiceWorkerWallet from the client
  * it aims to be run in a service worker context
  */
 export class Worker {
-    constructor(messageCallback = () => { }) {
+    constructor(dbName = DEFAULT_DB_NAME, dbVersion = 1, messageCallback = () => { }) {
+        this.dbName = dbName;
+        this.dbVersion = dbVersion;
         this.messageCallback = messageCallback;
-        this.storage = new IndexedDBStorageAdapter("arkade-service-worker", 1);
+        this.storage = new IndexedDBStorageAdapter(dbName, dbVersion);
         this.walletRepository = new WalletRepositoryImpl(this.storage);
     }
     /**
@@ -54,6 +57,15 @@ export class Worker {
             spent: allVtxos.filter((vtxo) => !isSpendable(vtxo)),
         };
     }
+    /**
+     * Get all boarding utxos from wallet repository
+     */
+    async getAllBoardingUtxos() {
+        if (!this.wallet)
+            return [];
+        const address = await this.wallet.getBoardingAddress();
+        return await this.walletRepository.getUtxos(address);
+    }
     async start(withServiceWorkerUpdate = true) {
         self.addEventListener("message", async (event) => {
             await this.handleMessage(event);
@@ -104,6 +116,9 @@ export class Worker {
         const txs = await this.wallet.getTransactionHistory();
         if (txs)
             await this.walletRepository.saveTransactions(address, txs);
+        // unsubscribe previous subscription if any
+        if (this.incomingFundsSubscription)
+            this.incomingFundsSubscription();
         // subscribe for incoming funds and notify all clients when new funds arrive
         this.incomingFundsSubscription = await this.wallet.notifyIncomingFunds(async (funds) => {
             if (funds.type === "vtxo") {
@@ -121,11 +136,19 @@ export class Worker {
                     ...spentVtxos,
                 ]);
                 // notify all clients about the vtxo update
-                this.sendMessageToAllClients("VTXO_UPDATE", JSON.stringify({ newVtxos, spentVtxos }));
+                this.sendMessageToAllClients(Response.vtxoUpdate(newVtxos, spentVtxos));
             }
             if (funds.type === "utxo") {
+                const newUtxos = funds.coins.map((utxo) => extendCoin(this.wallet, utxo));
+                if (newUtxos.length === 0) {
+                    this.sendMessageToAllClients(Response.utxoUpdate([]));
+                    return;
+                }
+                const boardingAddress = await this.wallet?.getBoardingAddress();
+                // save utxos using unified repository
+                await this.walletRepository.saveUtxos(boardingAddress, newUtxos);
                 // notify all clients about the utxo update
-                this.sendMessageToAllClients("UTXO_UPDATE", JSON.stringify(funds.coins));
+                this.sendMessageToAllClients(Response.utxoUpdate(funds.coins));
             }
         });
     }
@@ -282,7 +305,7 @@ export class Worker {
         }
         try {
             const [boardingUtxos, spendableVtxos, sweptVtxos] = await Promise.all([
-                this.wallet.getBoardingUtxos(),
+                this.getAllBoardingUtxos(),
                 this.getSpendableVtxos(),
                 this.getSweptVtxos(),
             ]);
@@ -350,22 +373,21 @@ export class Worker {
             return;
         }
         try {
-            let vtxos = await this.getSpendableVtxos();
-            if (!message.filter?.withRecoverable) {
-                if (!this.wallet)
-                    throw new Error("Wallet not initialized");
-                // exclude subdust and recoverable if we don't want recoverable
-                const notSubdust = (v) => {
-                    const dustAmount = this.wallet?.dustAmount;
-                    return dustAmount == null
-                        ? true
-                        : !isSubdust(v, dustAmount);
-                };
-                vtxos = vtxos
-                    .filter(notSubdust)
-                    .filter((v) => !isRecoverable(v));
-            }
-            event.source?.postMessage(Response.vtxos(message.id, vtxos));
+            const vtxos = await this.getSpendableVtxos();
+            const dustAmount = this.wallet.dustAmount;
+            const includeRecoverable = message.filter?.withRecoverable ?? false;
+            const filteredVtxos = includeRecoverable
+                ? vtxos
+                : vtxos.filter((v) => {
+                    if (dustAmount != null && isSubdust(v, dustAmount)) {
+                        return false;
+                    }
+                    if (isRecoverable(v)) {
+                        return false;
+                    }
+                    return true;
+                });
+            event.source?.postMessage(Response.vtxos(message.id, filteredVtxos));
         }
         catch (error) {
             console.error("Error getting vtxos:", error);
@@ -388,7 +410,7 @@ export class Worker {
             return;
         }
         try {
-            const boardingUtxos = await this.wallet.getBoardingUtxos();
+            const boardingUtxos = await this.getAllBoardingUtxos();
             event.source?.postMessage(Response.boardingUtxos(message.id, boardingUtxos));
         }
         catch (error) {
@@ -510,15 +532,12 @@ export class Worker {
                 event.source?.postMessage(Response.error(message.id, "Unknown message type"));
         }
     }
-    async sendMessageToAllClients(type, message) {
+    async sendMessageToAllClients(message) {
         self.clients
             .matchAll({ includeUncontrolled: true, type: "window" })
             .then((clients) => {
             clients.forEach((client) => {
-                client.postMessage({
-                    type,
-                    message,
-                });
+                client.postMessage(message);
             });
         });
     }

package/dist/esm/wallet/unroll.js

@@ -1,10 +1,10 @@
-import { SigHash, Transaction } from "@scure/btc-signer/transaction.js";
-import { ChainTxType } from '../providers/indexer.js';
 import { base64, hex } from "@scure/base";
+import { SigHash, TaprootControlBlock } from "@scure/btc-signer";
+import { ChainTxType } from '../providers/indexer.js';
 import { VtxoScript } from '../script/base.js';
-import { TaprootControlBlock, } from "@scure/btc-signer/psbt.js";
 import { TxWeightEstimator } from '../utils/txSizeEstimator.js';
 import { Wallet } from './wallet.js';
+import { Transaction } from '../utils/transaction.js';
 export var Unroll;
 (function (Unroll) {
     let StepType;
@@ -103,9 +103,7 @@ export var Unroll;
             if (virtualTxs.txs.length === 0) {
                 throw new Error(`Tx ${nextTxToBroadcast.txid} not found`);
             }
-            const tx = Transaction.fromPSBT(base64.decode(virtualTxs.txs[0]), {
-                allowUnknownInputs: true,
-            });
+            const tx = Transaction.fromPSBT(base64.decode(virtualTxs.txs[0]));
             // finalize the tree transaction
             if (nextTxToBroadcast.type === ChainTxType.TREE) {
                 const input = tx.getInput(0);
@@ -198,7 +196,7 @@ export var Unroll;
             });
             txWeightEstimator.addTapscriptInput(64, spendingLeaf[1].length, TaprootControlBlock.encode(spendingLeaf[0]).length);
         }
-        const tx = new Transaction({ allowUnknownInputs: true, version: 2 });
+        const tx = new Transaction({ version: 2 });
         for (const input of inputs) {
             tx.addInput(input);
         }

package/dist/esm/wallet/utils.js

@@ -6,3 +6,11 @@ export function extendVirtualCoin(wallet, vtxo) {
         tapTree: wallet.offchainTapscript.encode(),
     };
 }
+export function extendCoin(wallet, utxo) {
+    return {
+        ...utxo,
+        forfeitTapLeafScript: wallet.boardingTapscript.forfeit(),
+        intentTapLeafScript: wallet.boardingTapscript.exit(),
+        tapTree: wallet.boardingTapscript.encode(),
+    };
+}