@arkade-os/sdk 0.4.26 → 0.4.27

package/README.md

@@ -28,12 +28,11 @@ const mnemonic = generateMnemonic(wordlist)
 const identity = MnemonicIdentity.fromMnemonic(mnemonic)
 
 // Create a wallet with Arkade support
-const wallet = await Wallet.create({
-  identity,
-  arkServerUrl: 'https://arkade.computer',
-})
+const wallet = await Wallet.create({ identity })  // defaults to mainnet
 ```
 
+To use a different network, pass `arkServerUrl` option.
+
 ### Read-Only Wallets (Watch-Only)
 
 The SDK supports read-only wallets that allow you to query wallet state without exposing private keys. This is useful for:
@@ -55,7 +54,6 @@ const readonlyIdentity = ReadonlySingleKey.fromPublicKey(publicKey)
 // Create a read-only wallet
 const readonlyWallet = await ReadonlyWallet.create({
   identity: readonlyIdentity,
-  arkServerUrl: 'https://arkade.computer'
 })
 
 // Query operations work normally
@@ -75,10 +73,7 @@ import { Wallet, MnemonicIdentity } from '@arkade-os/sdk'
 
 // Create a full wallet
 const identity = MnemonicIdentity.fromMnemonic('abandon abandon...')
-const wallet = await Wallet.create({
-  identity,
-  arkServerUrl: 'https://arkade.computer'
-})
+const wallet = await Wallet.create({ identity })
 
 // Convert to read-only wallet (safe to share)
 const readonlyWallet = await wallet.toReadonly()
@@ -101,7 +96,6 @@ const readonlyIdentity = await identity.toReadonly()
 // Use in read-only wallet
 const readonlyWallet = await ReadonlyWallet.create({
   identity: readonlyIdentity,
-  arkServerUrl: 'https://arkade.computer'
 })
 ```
 
@@ -132,7 +126,6 @@ const identityWithPassphrase = MnemonicIdentity.fromMnemonic(mnemonic, {
 // Create wallet as usual
 const wallet = await Wallet.create({
   identity: identityWithPassphrase,
-  arkServerUrl: 'https://arkade.computer'
 })
 ```
 
@@ -177,7 +170,6 @@ const readonlyFromTemplate = ReadonlyDescriptorIdentity.fromDescriptor(template)
 // Use in a watch-only wallet
 const readonlyWallet = await ReadonlyWallet.create({
   identity: readonly,
-  arkServerUrl: 'https://arkade.computer'
 })
 
 // Can query but not sign
@@ -219,7 +211,7 @@ const identity = new MyBrowserWallet()
 console.log(isBatchSignable(identity)) // true
 
 // Wallet.send() uses one popup instead of N+1
-const wallet = await Wallet.create({ identity, arkServerUrl: 'https://arkade.computer' })
+const wallet = await Wallet.create({ identity })
 await wallet.send({ address: 'ark1q...', amount: 1000 })
 ```
 
@@ -456,7 +448,6 @@ Virtual output renewal at 3 days and boarding input sweep enabled.
 ```typescript
 const wallet = await Wallet.create({
   identity,
-  arkServerUrl: 'https://arkade.computer',
   // Enable settlement with defaults explicitly:
   settlementConfig: {
     // Seconds before virtual output expiry to trigger renewal
@@ -473,7 +464,6 @@ const wallet = await Wallet.create({
 // Enable both virtual output renewal and boarding input sweep
 const wallet = await Wallet.create({
   identity,
-  arkServerUrl: 'https://arkade.computer',
   settlementConfig: {
     vtxoThreshold: 60 * 60 * 24,  // renew when 24 hours remain (in seconds)
     boardingUtxoSweep: true,      // sweep expired boarding inputs
@@ -485,7 +475,6 @@ const wallet = await Wallet.create({
 // Explicitly disable all settlement
 const wallet = await Wallet.create({
   identity,
-  arkServerUrl: 'https://arkade.computer',
   settlementConfig: false,
 })
 ```
@@ -567,7 +556,6 @@ import { Wallet, MnemonicIdentity, RestDelegatorProvider } from '@arkade-os/sdk'
 
 const wallet = await Wallet.create({
   identity: MnemonicIdentity.fromMnemonic('abandon abandon...'),
-  arkServerUrl: 'https://arkade.computer',
   delegatorProvider: new RestDelegatorProvider('http://localhost:7001'),
 })
 ```
@@ -612,7 +600,6 @@ import { ServiceWorkerWallet, MnemonicIdentity } from '@arkade-os/sdk'
 
 const wallet = await ServiceWorkerWallet.setup({
   serviceWorkerPath: '/service-worker.js',
-  arkServerUrl: 'https://arkade.computer',
   identity: MnemonicIdentity.fromMnemonic('abandon abandon...'),
   delegatorUrl: 'http://localhost:7001',
 })
@@ -686,7 +673,6 @@ import { Wallet, MnemonicIdentity, Ramps } from '@arkade-os/sdk'
 
 const wallet = await Wallet.create({
   identity: MnemonicIdentity.fromMnemonic('abandon abandon...'),
-  arkServerUrl: 'https://arkade.computer'
 })
 
 // Get fee information from the server
@@ -828,7 +814,6 @@ import { ServiceWorkerWallet, MnemonicIdentity } from '@arkade-os/sdk'
 // One-liner: registers the SW, initializes the MessageBus, and creates the wallet
 const wallet = await ServiceWorkerWallet.setup({
   serviceWorkerPath: '/service-worker.js',
-  arkServerUrl: 'https://arkade.computer',
   identity: MnemonicIdentity.fromMnemonic('abandon abandon...'),
 })
 
@@ -968,7 +953,6 @@ const executor: SQLExecutor = {
 
 const wallet = await Wallet.create({
   identity: MnemonicIdentity.fromMnemonic('abandon abandon...'),
-  arkServerUrl: 'https://arkade.computer',
   storage: {
     walletRepository: new SQLiteWalletRepository(executor),
     contractRepository: new SQLiteContractRepository(executor),
@@ -999,7 +983,6 @@ const realm = await Realm.open({
 })
 const wallet = await Wallet.create({
   identity,
-  arkServerUrl: 'https://arkade.computer',
   storage: {
     walletRepository: new RealmWalletRepository(realm),
     contractRepository: new RealmContractRepository(realm),
@@ -1017,7 +1000,6 @@ import { MnemonicIdentity, Wallet } from '@arkade-os/sdk'
 
 const wallet = await Wallet.create({
   identity: MnemonicIdentity.fromMnemonic('abandon abandon...'),
-  arkServerUrl: 'https://arkade.computer',
   // Uses IndexedDB by default in the browser
 })
 ```
@@ -1037,7 +1019,6 @@ import {
 
 const wallet = await Wallet.create({
   identity: MnemonicIdentity.fromMnemonic('abandon abandon...'),
-  arkServerUrl: 'https://arkade.computer',
   storage: {
     walletRepository: new InMemoryWalletRepository(),
     contractRepository: new InMemoryContractRepository()
@@ -1121,7 +1102,6 @@ const executor = {
 
 const wallet = await Wallet.create({
   identity,
-  arkServerUrl: 'https://arkade.computer',
   arkProvider: new ExpoArkProvider('https://arkade.computer'),
   indexerProvider: new ExpoIndexerProvider('https://arkade.computer'),
   storage: {

package/dist/cjs/contracts/contractManager.js

@@ -350,9 +350,22 @@ class ContractManager {
     /**
      * Force refresh virtual outputs from the indexer.
      *
-     * Without options, re-fetches every contract and advances the global cursor.
-     * With options, narrows the refresh to specific scripts and/or a time window.
-     * Subset refreshes (scripts filter) intentionally do not advance the cursor.
+     * Without options, re-fetches every contract in the watcher's
+     * watched set and advances the global cursor.
+     *
+     * `scripts` narrows the refresh to a specific list (subset query —
+     * cursor is not advanced because contracts outside the list may
+     * have data we'd skip).
+     *
+     * `includeInactive: true` (and no `scripts`) widens the refresh to
+     * every contract in the repository, including ones marked
+     * `inactive` and ones that have dropped out of the watcher's
+     * active set. This is a *superset* of the watched set, so the
+     * cursor invariant still holds and the cursor advances normally.
+     *
+     * `after` / `before` apply a caller-supplied time window. The
+     * cursor never advances on a windowed query because the window
+     * may skip data outside its bounds.
      */
     async refreshVtxos(opts) {
         const contracts = opts?.scripts
@@ -368,6 +381,9 @@ class ContractManager {
         const hasExplicitWindow = opts?.after !== undefined || opts?.before !== undefined;
         await this.syncContracts({
             contracts,
+            // Scope-only widener; never set together with explicit
+            // `contracts` because `scripts` already names the exact set.
+            includeInactive: contracts ? false : opts?.includeInactive,
             window: hasExplicitWindow
                 ? { after: opts?.after, before: opts?.before }
                 : undefined,
@@ -472,17 +488,21 @@ class ContractManager {
     async syncContracts(options) {
         const cursor = await (0, syncCursors_1.getSyncCursor)(this.config.walletRepository);
         const window = options.window ?? (0, syncCursors_1.computeSyncWindow)(cursor);
-        // Advance the global cursor only on full-scope, cursor-derived delta
-        // syncs. A caller-supplied window is targeted (e.g. `refreshVtxos`)
-        // and must not move the cursor — it may skip data outside its bounds.
-        // `<=` lets the bootstrap case (cursor=0, window.after=0) write the
-        // migration marker on first boot; otherwise the marker would never
-        // be written and every subsequent boot would treat the cursor as
-        // legacy and re-bootstrap.
+        // Advance the global cursor only on cursor-derived delta syncs
+        // whose contract scope covers at least the watcher's watched
+        // set. Targeted subset queries (caller-supplied `contracts`) and
+        // bounded-window queries must not move the cursor — they may
+        // skip data outside their bounds. `includeInactive` (with no
+        // `contracts`) widens the scope rather than narrowing it, so it
+        // is cursor-safe. `<=` lets the bootstrap case (cursor=0,
+        // window.after=0) write the migration marker on first boot.
         const mustUpdateCursor = options.contracts === undefined &&
             options.window === undefined &&
             (window.after ?? 0) <= cursor;
-        const contracts = options.contracts ?? this.watcher.getWatchedContracts();
+        const contracts = options.contracts ??
+            (options.includeInactive
+                ? await this.config.contractRepository.getContracts({})
+                : this.watcher.getWatchedContracts());
         const requestStartedAt = Date.now();
         const result = await this.fetchContractVxosFromIndexer(contracts, options.pageSize, window);
         if (mustUpdateCursor) {

package/dist/cjs/contracts/contractWatcher.js

@@ -566,8 +566,8 @@ class ContractWatcher {
                 const extendedVtxo = (0, utils_1.extendVirtualCoinForContract)(v, state.contract);
                 extended.push({ ...extendedVtxo, contractScript });
             }
-            catch {
-                console.warn("failed to extend vtxo: ", v);
+            catch (err) {
+                console.warn(`failed to extend vtxo ${v.txid}:${v.vout}`, err);
                 extended.push({ ...v, contractScript });
             }
         }

package/dist/cjs/identity/hdCapableIdentity.js

@@ -1,2 +1,20 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.isHDCapableIdentity = isHDCapableIdentity;
+/**
+ * Structural type guard for {@link HDCapableIdentity}. Returns `true`
+ * when the value exposes the four members the HD wallet flow relies on:
+ * `descriptor`, `isOurs`, `signWithDescriptor`, and
+ * `signMessageWithDescriptor`. Used by callers that need to opt into
+ * the HD path (e.g. installing an `HDDescriptorProvider`) without
+ * coupling to a concrete identity class.
+ */
+function isHDCapableIdentity(value) {
+    if (typeof value !== "object" || value === null)
+        return false;
+    const v = value;
+    return (typeof v.descriptor === "string" &&
+        typeof v.isOurs === "function" &&
+        typeof v.signWithDescriptor === "function" &&
+        typeof v.signMessageWithDescriptor === "function");
+}

package/dist/cjs/identity/index.js

@@ -14,7 +14,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.StaticDescriptorProvider = exports.parseHDDescriptor = exports.extractPubKey = exports.normalizeToDescriptor = exports.isDescriptor = exports.ReadonlyDescriptorIdentity = exports.MnemonicIdentity = exports.SeedIdentity = void 0;
+exports.StaticDescriptorProvider = exports.isHDCapableIdentity = exports.parseHDDescriptor = exports.extractPubKey = exports.normalizeToDescriptor = exports.isDescriptor = exports.ReadonlyDescriptorIdentity = exports.MnemonicIdentity = exports.SeedIdentity = void 0;
 exports.isBatchSignable = isBatchSignable;
 /** Type guard for identities that support batch signing. */
 function isBatchSignable(identity) {
@@ -33,6 +33,8 @@ Object.defineProperty(exports, "isDescriptor", { enumerable: true, get: function
 Object.defineProperty(exports, "normalizeToDescriptor", { enumerable: true, get: function () { return descriptor_1.normalizeToDescriptor; } });
 Object.defineProperty(exports, "extractPubKey", { enumerable: true, get: function () { return descriptor_1.extractPubKey; } });
 Object.defineProperty(exports, "parseHDDescriptor", { enumerable: true, get: function () { return descriptor_1.parseHDDescriptor; } });
+var hdCapableIdentity_1 = require("./hdCapableIdentity");
+Object.defineProperty(exports, "isHDCapableIdentity", { enumerable: true, get: function () { return hdCapableIdentity_1.isHDCapableIdentity; } });
 // Static descriptor provider (wrapper for legacy Identity)
 var staticDescriptorProvider_1 = require("./staticDescriptorProvider");
 Object.defineProperty(exports, "StaticDescriptorProvider", { enumerable: true, get: function () { return staticDescriptorProvider_1.StaticDescriptorProvider; } });

package/dist/cjs/identity/seedIdentity.js

@@ -185,6 +185,10 @@ class SeedIdentity {
      * Returns true when `descriptor` is derived from this identity's seed.
      * HD descriptors match by account xpub; bare `tr(pubkey)` descriptors
      * match by raw pubkey. See {@link descriptorIsOurs}.
+     *
+     * @deprecated Prefer `DescriptorProvider.isOurs()` via
+     * `HDDescriptorProvider` for rotating HD wallets or
+     * `StaticDescriptorProvider` for legacy single-key wallets.
      */
     isOurs(descriptor) {
         return (0, descriptor_1.descriptorIsOurs)(descriptor, this.descriptor, (0, utils_js_1.pubSchnorr)(this.derivedKey));
@@ -192,6 +196,10 @@ class SeedIdentity {
     /**
      * Signs each request with the key derived from its descriptor.
      * Each descriptor must share this identity's seed ({@link isOurs}).
+     *
+     * @deprecated Prefer `DescriptorProvider.signWithDescriptor()` via
+     * `HDDescriptorProvider` or `StaticDescriptorProvider`. Identities keep
+     * this method only as backing implementation for descriptor providers.
      */
     async signWithDescriptor(requests) {
         return requests.map((request) => {
@@ -204,6 +212,10 @@ class SeedIdentity {
     }
     /**
      * Signs a message with the key derived from `descriptor`.
+     *
+     * @deprecated Prefer `DescriptorProvider.signMessageWithDescriptor()` via
+     * `HDDescriptorProvider` or `StaticDescriptorProvider`. Identities keep
+     * this method only as backing implementation for descriptor providers.
      */
     async signMessageWithDescriptor(descriptor, message, signatureType = "schnorr") {
         if (!this.isOurs(descriptor)) {
@@ -386,6 +398,10 @@ class ReadonlyDescriptorIdentity {
      * HD descriptors match by account xpub; bare `tr(pubkey)` descriptors
      * fall back to comparing against the index-0 x-only pubkey. See
      * {@link descriptorIsOurs}.
+     *
+     * @deprecated Prefer `DescriptorProvider.isOurs()` via
+     * `HDDescriptorProvider` for rotating HD wallets or
+     * `StaticDescriptorProvider` for legacy single-key wallets.
      */
     isOurs(descriptor) {
         return (0, descriptor_1.descriptorIsOurs)(descriptor, this.descriptor, this.indexZero.pubkey);

package/dist/cjs/index.js

@@ -37,8 +37,8 @@ var __importStar = (this && this.__importStar) || (function () {
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.CLTVMultisigTapscript = exports.ConditionMultisigTapscript = exports.ConditionCSVMultisigTapscript = exports.CSVMultisigTapscript = exports.MultisigTapscript = exports.decodeTapscript = exports.DEFAULT_MESSAGE_TIMEOUTS = exports.ServiceWorkerReadonlyWallet = exports.ServiceWorkerWallet = exports.ServiceWorkerTimeoutError = exports.MessageBusNotInitializedError = exports.MESSAGE_BUS_NOT_INITIALIZED = exports.DelegatorNotConfiguredError = exports.ReadonlyWalletError = exports.WalletNotInitializedError = exports.WalletMessageHandler = exports.MessageBus = exports.setupServiceWorker = exports.SettlementEventType = exports.ChainTxType = exports.IndexerTxType = exports.TxType = exports.VHTLC = exports.VtxoScript = exports.DelegateVtxo = exports.DefaultVtxo = exports.ArkAddress = exports.RestIndexerProvider = exports.RestArkProvider = exports.WsElectrumChainSource = exports.ElectrumOnchainProvider = exports.ELECTRUM_TCP_HOST = exports.ELECTRUM_WS_URL = exports.EsploraProvider = exports.ESPLORA_URL = exports.RestDelegatorProvider = exports.DelegatorManagerImpl = exports.HDDescriptorProvider = exports.VtxoManager = exports.Ramps = exports.OnchainWallet = exports.isBatchSignable = exports.ReadonlyDescriptorIdentity = exports.MnemonicIdentity = exports.SeedIdentity = exports.ReadonlySingleKey = exports.SingleKey = exports.ReadonlyWallet = exports.Wallet = exports.asset = void 0;
-exports.isExpired = exports.isSubdust = exports.isSpendable = exports.isRecoverable = exports.buildForfeitTx = exports.validateConnectorsTxGraph = exports.validateVtxoTxGraph = exports.Batch = exports.maybeArkError = exports.ArkError = exports.sequenceToTimelock = exports.timelockToSequence = exports.TxWeightEstimator = exports.Transaction = exports.Unroll = exports.P2A = exports.TxTree = exports.BIP322 = exports.Intent = exports.ContractRepositoryImpl = exports.WalletRepositoryImpl = exports.rollbackMigration = exports.getMigrationStatus = exports.requiresMigration = exports.migrateWalletRepository = exports.MIGRATION_KEY = exports.InMemoryContractRepository = exports.InMemoryWalletRepository = exports.IndexedDBContractRepository = exports.IndexedDBWalletRepository = exports.openDatabase = exports.closeDatabase = exports.networks = exports.ArkNote = exports.isValidArkAddress = exports.isVtxoExpiringSoon = exports.combineTapscriptSigs = exports.hasBoardingTxExpired = exports.waitForIncomingFunds = exports.verifyTapscriptSignatures = exports.buildOffchainTx = exports.ConditionWitness = exports.VtxoTaprootTree = exports.VtxoTreeExpiry = exports.CosignerPublicKey = exports.getArkPsbtFields = exports.setArkPsbtField = exports.ArkPsbtFieldKeyType = exports.ArkPsbtFieldKey = exports.TapTreeCoder = void 0;
-exports.isArkContract = exports.contractFromArkContractWithAddress = exports.contractFromArkContract = exports.decodeArkContract = exports.encodeArkContract = exports.VHTLCContractHandler = exports.DelegateContractHandler = exports.DefaultContractHandler = exports.contractHandlers = exports.ContractWatcher = exports.ContractManager = exports.getSequence = void 0;
+exports.isSpendable = exports.isRecoverable = exports.buildForfeitTx = exports.validateConnectorsTxGraph = exports.validateVtxoTxGraph = exports.Batch = exports.MissingSigningDescriptorError = exports.DescriptorSigningProviderMissingError = exports.maybeArkError = exports.ArkError = exports.sequenceToTimelock = exports.timelockToSequence = exports.TxWeightEstimator = exports.Transaction = exports.Unroll = exports.P2A = exports.TxTree = exports.BIP322 = exports.Intent = exports.ContractRepositoryImpl = exports.WalletRepositoryImpl = exports.rollbackMigration = exports.getMigrationStatus = exports.requiresMigration = exports.migrateWalletRepository = exports.MIGRATION_KEY = exports.InMemoryContractRepository = exports.InMemoryWalletRepository = exports.IndexedDBContractRepository = exports.IndexedDBWalletRepository = exports.openDatabase = exports.closeDatabase = exports.networks = exports.ArkNote = exports.isValidArkAddress = exports.isVtxoExpiringSoon = exports.combineTapscriptSigs = exports.hasBoardingTxExpired = exports.waitForIncomingFunds = exports.verifyTapscriptSignatures = exports.buildOffchainTx = exports.ConditionWitness = exports.VtxoTaprootTree = exports.VtxoTreeExpiry = exports.CosignerPublicKey = exports.getArkPsbtFields = exports.setArkPsbtField = exports.ArkPsbtFieldKeyType = exports.ArkPsbtFieldKey = exports.TapTreeCoder = void 0;
+exports.isArkContract = exports.contractFromArkContractWithAddress = exports.contractFromArkContract = exports.decodeArkContract = exports.encodeArkContract = exports.VHTLCContractHandler = exports.DelegateContractHandler = exports.DefaultContractHandler = exports.contractHandlers = exports.ContractWatcher = exports.ContractManager = exports.getSequence = exports.isExpired = exports.isSubdust = void 0;
 const transaction_1 = require("./utils/transaction");
 Object.defineProperty(exports, "Transaction", { enumerable: true, get: function () { return transaction_1.Transaction; } });
 const singleKey_1 = require("./identity/singleKey");
@@ -76,6 +76,8 @@ const wallet_2 = require("./wallet/wallet");
 Object.defineProperty(exports, "Wallet", { enumerable: true, get: function () { return wallet_2.Wallet; } });
 Object.defineProperty(exports, "ReadonlyWallet", { enumerable: true, get: function () { return wallet_2.ReadonlyWallet; } });
 Object.defineProperty(exports, "waitForIncomingFunds", { enumerable: true, get: function () { return wallet_2.waitForIncomingFunds; } });
+Object.defineProperty(exports, "DescriptorSigningProviderMissingError", { enumerable: true, get: function () { return wallet_2.DescriptorSigningProviderMissingError; } });
+Object.defineProperty(exports, "MissingSigningDescriptorError", { enumerable: true, get: function () { return wallet_2.MissingSigningDescriptorError; } });
 const txTree_1 = require("./tree/txTree");
 Object.defineProperty(exports, "TxTree", { enumerable: true, get: function () { return txTree_1.TxTree; } });
 const ramps_1 = require("./wallet/ramps");

package/dist/cjs/wallet/delegator.js

@@ -29,10 +29,11 @@ class DelegatorManagerImpl {
         // fetch server and delegator info once, shared across all groups
         const arkInfo = await this.arkInfoProvider.getInfo();
         const delegateInfo = await this.delegatorProvider.getDelegateInfo();
-        // keep only vtxos that can be signed by the delegate
-        const eligible = vtxos
-            .filter((v) => findDelegateTapLeaf(v, delegateInfo.pubkey) !== undefined)
-            .map((v) => v);
+        // keep only vtxos that can be signed by the delegate. The guard
+        // narrows ContractVtxo (with optional taproot fields) to the
+        // ExtendedVirtualCoin shape required by makeDelegateForfeitTx.
+        const eligible = vtxos.filter((v) => isAnnotated(v) &&
+            findDelegateTapLeaf(v, delegateInfo.pubkey) !== undefined);
         if (eligible.length === 0) {
             return { delegated: [], failed: [] };
         }
@@ -300,3 +301,8 @@ function findDelegateTapLeaf(vtxo, delegatePubkey) {
         return arkTapscript.params.pubkeys.map(base_1.hex.encode).includes(pk);
     });
 }
+function isAnnotated(v) {
+    return (v.tapTree !== undefined &&
+        v.forfeitTapLeafScript !== undefined &&
+        v.intentTapLeafScript !== undefined);
+}

package/dist/cjs/wallet/hdDescriptorProvider.js

@@ -4,6 +4,7 @@ exports.HDDescriptorProvider = void 0;
 const descriptors_scure_1 = require("@bitcoinerlab/descriptors-scure");
 const descriptor_1 = require("../identity/descriptor");
 const syncCursors_1 = require("../utils/syncCursors");
+const walletReceiveRotator_1 = require("./walletReceiveRotator");
 /** Settings key under {@link WalletState.settings} where HD state lives. */
 const HD_SETTINGS_KEY = "hd";
 /**
@@ -63,6 +64,25 @@ class HDDescriptorProvider {
             return this.materializeAt(next);
         });
     }
+    /**
+     * Re-derive the descriptor at the most recently allocated index
+     * WITHOUT advancing — i.e. read the same descriptor
+     * `getNextSigningDescriptor` last returned. Returns `undefined`
+     * when no descriptor has ever been allocated on this repo.
+     *
+     * Used by the boot path to keep the wallet's display address
+     * stable across restarts: when no tagged display contract exists
+     * (e.g. a fresh wallet that hasn't rotated yet, or a wallet whose
+     * baseline-only repo carries no rotation history), the boot should
+     * re-derive the existing index rather than burn a new one.
+     */
+    async getCurrentSigningDescriptor() {
+        const state = await this.walletRepository.getWalletState();
+        const settings = this.parseSettings(state ?? {});
+        if (settings.lastIndexUsed === undefined)
+            return undefined;
+        return this.materializeAt(settings.lastIndexUsed);
+    }
     /**
      * Returns true when the given descriptor is derivable from this wallet's
      * seed. Delegates to the underlying identity, which handles both HD and
@@ -83,6 +103,15 @@ class HDDescriptorProvider {
     async signMessageWithDescriptor(descriptor, message, signatureType = "schnorr") {
         return this.identity.signMessageWithDescriptor(descriptor, message, signatureType);
     }
+    /**
+     * HD providers participate in receive rotation. The default
+     * factory boot (contract-repo lookup → allocate fresh descriptor)
+     * is exactly what we want, so this just delegates to
+     * {@link WalletReceiveRotator.defaultBoot}.
+     */
+    async createReceiveRotator(opts) {
+        return walletReceiveRotator_1.WalletReceiveRotator.defaultBoot(this, opts);
+    }
     // ── internals ────────────────────────────────────────────────────
     /**
      * Substitute the wildcard in the identity's account-descriptor template

package/dist/cjs/wallet/inputSignerRouter.js

@@ -0,0 +1,98 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InputSignerRouter = void 0;
+const base_1 = require("@scure/base");
+const signingErrors_1 = require("./signingErrors");
+const DESCRIPTOR_CAPABLE_CONTRACT_TYPES = new Set(["default", "delegate"]);
+/**
+ * Routes PSBT inputs to the correct signer based on the owning contract.
+ * Inputs whose script matches a `default`/`delegate` contract with a
+ * non-baseline owner are sent to {@link DescriptorProvider}; everything
+ * else (baseline-owned contracts, non-default/non-delegate contracts,
+ * and the boarding script) is sent to {@link Identity}. Inputs with no
+ * matching contract and no boarding match are silently skipped, matching
+ * how the wallet historically handled cosigner/connector inputs.
+ */
+class InputSignerRouter {
+    constructor(deps) {
+        this.deps = deps;
+    }
+    async sign(tx, jobs) {
+        if (jobs.length === 0)
+            return tx;
+        const distinctScripts = Array.from(new Set(jobs.map((j) => base_1.hex.encode(j.lookupScript))));
+        const contracts = await this.deps.contractRepository.getContracts({
+            script: distinctScripts,
+        });
+        // Repo may yield duplicates if seeded oddly; keep the first one
+        // for each script to match the wallet's historical behaviour.
+        const scriptToContract = new Map();
+        for (const contract of contracts) {
+            if (!scriptToContract.has(contract.script)) {
+                scriptToContract.set(contract.script, contract);
+            }
+        }
+        const baselinePubKeyHex = base_1.hex.encode(await this.deps.identity.xOnlyPublicKey());
+        const boardingScriptHex = base_1.hex.encode(this.deps.boardingPkScript);
+        const identityIndexes = [];
+        const descriptorGroups = new Map();
+        for (const job of jobs) {
+            const scriptHex = base_1.hex.encode(job.lookupScript);
+            const contract = scriptToContract.get(scriptHex);
+            if (!contract) {
+                if (scriptHex === boardingScriptHex) {
+                    identityIndexes.push(job.index);
+                }
+                continue;
+            }
+            if (!DESCRIPTOR_CAPABLE_CONTRACT_TYPES.has(contract.type)) {
+                identityIndexes.push(job.index);
+                continue;
+            }
+            // `baselinePubKeyHex` is freshly produced by `hex.encode`,
+            // so it is already lowercase. `contract.params.pubKey` is
+            // persisted data: a migration or custom repository adapter
+            // could legitimately store it uppercase, so canonicalize
+            // before comparing to match the legacy router behaviour.
+            const ownerPubKeyHex = contract.params.pubKey?.toLowerCase();
+            if (ownerPubKeyHex && ownerPubKeyHex === baselinePubKeyHex) {
+                identityIndexes.push(job.index);
+                continue;
+            }
+            const descriptor = contract.metadata?.signingDescriptor;
+            if (typeof descriptor !== "string" || descriptor.length === 0) {
+                throw new signingErrors_1.MissingSigningDescriptorError(contract.script, contract.type);
+            }
+            const bucket = descriptorGroups.get(descriptor);
+            if (bucket) {
+                bucket.push(job.index);
+            }
+            else {
+                descriptorGroups.set(descriptor, [job.index]);
+            }
+        }
+        let signed = tx;
+        if (identityIndexes.length > 0) {
+            signed = await this.deps.identity.sign(signed, identityIndexes);
+        }
+        if (descriptorGroups.size > 0) {
+            if (!this.deps.descriptorProvider) {
+                throw new signingErrors_1.DescriptorSigningProviderMissingError();
+            }
+            const sortedDescriptors = Array.from(descriptorGroups.keys()).sort();
+            for (const descriptor of sortedDescriptors) {
+                const indexes = descriptorGroups.get(descriptor);
+                const [next] = await this.deps.descriptorProvider.signWithDescriptor([
+                    {
+                        tx: signed,
+                        descriptor,
+                        inputIndexes: indexes,
+                    },
+                ]);
+                signed = next;
+            }
+        }
+        return signed;
+    }
+}
+exports.InputSignerRouter = InputSignerRouter;

package/dist/cjs/wallet/serviceWorker/wallet.js

@@ -921,6 +921,7 @@ class ServiceWorkerWallet extends ServiceWorkerReadonlyWallet {
             indexerUrl: options.indexerUrl,
             esploraUrl: options.esploraUrl,
             settlementConfig: options.settlementConfig,
+            walletMode: options.walletMode,
             watcherConfig: options.watcherConfig,
             messageTimeouts,
         };

package/dist/cjs/wallet/signingErrors.js

@@ -0,0 +1,32 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DescriptorSigningProviderMissingError = exports.MissingSigningDescriptorError = void 0;
+/**
+ * Thrown when a rotated contract (default or delegate) is missing the
+ * metadata.signingDescriptor required to route it to a descriptor-aware
+ * signer.
+ */
+class MissingSigningDescriptorError extends Error {
+    constructor(contractScript, contractType) {
+        super(`Cannot sign input for ${contractType} contract ${contractScript}: ` +
+            `metadata.signingDescriptor is missing. This wallet was rotated ` +
+            `on an earlier build that did not persist signing descriptors. ` +
+            `Manually set metadata.signingDescriptor on the contract record, ` +
+            `or restore from a pre-rotation snapshot.`);
+        this.contractScript = contractScript;
+        this.contractType = contractType;
+        this.name = "MissingSigningDescriptorError";
+    }
+}
+exports.MissingSigningDescriptorError = MissingSigningDescriptorError;
+/**
+ * Thrown when an input needs descriptor-aware signing but no
+ * DescriptorProvider was wired into the wallet.
+ */
+class DescriptorSigningProviderMissingError extends Error {
+    constructor() {
+        super("Descriptor signing requested but no DescriptorProvider was wired into this wallet");
+        this.name = "DescriptorSigningProviderMissingError";
+    }
+}
+exports.DescriptorSigningProviderMissingError = DescriptorSigningProviderMissingError;

package/dist/cjs/wallet/unroll.js

@@ -231,7 +231,11 @@ async function prepareUnrollTransaction(wallet, vtxoTxIds, outputAddress) {
     if (!feeRate || feeRate < wallet_1.Wallet.MIN_FEE_RATE) {
         feeRate = wallet_1.Wallet.MIN_FEE_RATE;
     }
-    const feeAmount = txWeightEstimator.vsize().fee(BigInt(feeRate));
+    // Esplora returns a `number` and bitcoind regtest sometimes reports
+    // fractional sat/vB (e.g. 1.006). `BigInt(1.006)` throws RangeError
+    // — round up so we always pay AT LEAST the advertised rate and
+    // satisfy BigInt's integer requirement.
+    const feeAmount = txWeightEstimator.vsize().fee(BigInt(Math.ceil(feeRate)));
     if (feeAmount > totalAmount) {
         throw new Error("fee amount is greater than the total amount");
     }