@arkade-os/sdk 0.4.26 → 0.4.27

package/dist/esm/identity/seedIdentity.js

@@ -180,6 +180,10 @@ export class SeedIdentity {
      * Returns true when `descriptor` is derived from this identity's seed.
      * HD descriptors match by account xpub; bare `tr(pubkey)` descriptors
      * match by raw pubkey. See {@link descriptorIsOurs}.
+     *
+     * @deprecated Prefer `DescriptorProvider.isOurs()` via
+     * `HDDescriptorProvider` for rotating HD wallets or
+     * `StaticDescriptorProvider` for legacy single-key wallets.
      */
     isOurs(descriptor) {
         return descriptorIsOurs(descriptor, this.descriptor, pubSchnorr(this.derivedKey));
@@ -187,6 +191,10 @@ export class SeedIdentity {
     /**
      * Signs each request with the key derived from its descriptor.
      * Each descriptor must share this identity's seed ({@link isOurs}).
+     *
+     * @deprecated Prefer `DescriptorProvider.signWithDescriptor()` via
+     * `HDDescriptorProvider` or `StaticDescriptorProvider`. Identities keep
+     * this method only as backing implementation for descriptor providers.
      */
     async signWithDescriptor(requests) {
         return requests.map((request) => {
@@ -199,6 +207,10 @@ export class SeedIdentity {
     }
     /**
      * Signs a message with the key derived from `descriptor`.
+     *
+     * @deprecated Prefer `DescriptorProvider.signMessageWithDescriptor()` via
+     * `HDDescriptorProvider` or `StaticDescriptorProvider`. Identities keep
+     * this method only as backing implementation for descriptor providers.
      */
     async signMessageWithDescriptor(descriptor, message, signatureType = "schnorr") {
         if (!this.isOurs(descriptor)) {
@@ -379,6 +391,10 @@ export class ReadonlyDescriptorIdentity {
      * HD descriptors match by account xpub; bare `tr(pubkey)` descriptors
      * fall back to comparing against the index-0 x-only pubkey. See
      * {@link descriptorIsOurs}.
+     *
+     * @deprecated Prefer `DescriptorProvider.isOurs()` via
+     * `HDDescriptorProvider` for rotating HD wallets or
+     * `StaticDescriptorProvider` for legacy single-key wallets.
      */
     isOurs(descriptor) {
         return descriptorIsOurs(descriptor, this.descriptor, this.indexZero.pubkey);

package/dist/esm/index.js

@@ -10,7 +10,7 @@ import { MessageBus, } from "./worker/messageBus.js";
 import { VtxoScript, TapTreeCoder, getSequence, } from "./script/base.js";
 import { TxType, isSpendable, isSubdust, isRecoverable, isExpired, } from "./wallet/index.js";
 import { Batch } from "./wallet/batch.js";
-import { Wallet, ReadonlyWallet, waitForIncomingFunds, } from "./wallet/wallet.js";
+import { Wallet, ReadonlyWallet, waitForIncomingFunds, DescriptorSigningProviderMissingError, MissingSigningDescriptorError, } from "./wallet/wallet.js";
 import { TxTree } from "./tree/txTree.js";
 import { Ramps } from "./wallet/ramps.js";
 import { HDDescriptorProvider } from "./wallet/hdDescriptorProvider.js";
@@ -80,7 +80,7 @@ TxTree,
 // Anchor
 P2A, Unroll, Transaction, TxWeightEstimator, timelockToSequence, sequenceToTimelock, 
 // Errors
-ArkError, maybeArkError, 
+ArkError, maybeArkError, DescriptorSigningProviderMissingError, MissingSigningDescriptorError, 
 // Batch session
 Batch, validateVtxoTxGraph, validateConnectorsTxGraph, buildForfeitTx, isRecoverable, isSpendable, isSubdust, isExpired, getSequence, 
 // Contracts

package/dist/esm/wallet/delegator.js

@@ -25,10 +25,11 @@ export class DelegatorManagerImpl {
         // fetch server and delegator info once, shared across all groups
         const arkInfo = await this.arkInfoProvider.getInfo();
         const delegateInfo = await this.delegatorProvider.getDelegateInfo();
-        // keep only vtxos that can be signed by the delegate
-        const eligible = vtxos
-            .filter((v) => findDelegateTapLeaf(v, delegateInfo.pubkey) !== undefined)
-            .map((v) => v);
+        // keep only vtxos that can be signed by the delegate. The guard
+        // narrows ContractVtxo (with optional taproot fields) to the
+        // ExtendedVirtualCoin shape required by makeDelegateForfeitTx.
+        const eligible = vtxos.filter((v) => isAnnotated(v) &&
+            findDelegateTapLeaf(v, delegateInfo.pubkey) !== undefined);
         if (eligible.length === 0) {
             return { delegated: [], failed: [] };
         }
@@ -295,3 +296,8 @@ function findDelegateTapLeaf(vtxo, delegatePubkey) {
         return arkTapscript.params.pubkeys.map(hex.encode).includes(pk);
     });
 }
+function isAnnotated(v) {
+    return (v.tapTree !== undefined &&
+        v.forfeitTapLeafScript !== undefined &&
+        v.intentTapLeafScript !== undefined);
+}

package/dist/esm/wallet/hdDescriptorProvider.js

@@ -1,6 +1,7 @@
 import { expand, networks } from "@bitcoinerlab/descriptors-scure";
 import { isMainnetDescriptor } from "../identity/descriptor.js";
 import { updateWalletState } from "../utils/syncCursors.js";
+import { WalletReceiveRotator, } from "./walletReceiveRotator.js";
 /** Settings key under {@link WalletState.settings} where HD state lives. */
 const HD_SETTINGS_KEY = "hd";
 /**
@@ -60,6 +61,25 @@ export class HDDescriptorProvider {
             return this.materializeAt(next);
         });
     }
+    /**
+     * Re-derive the descriptor at the most recently allocated index
+     * WITHOUT advancing — i.e. read the same descriptor
+     * `getNextSigningDescriptor` last returned. Returns `undefined`
+     * when no descriptor has ever been allocated on this repo.
+     *
+     * Used by the boot path to keep the wallet's display address
+     * stable across restarts: when no tagged display contract exists
+     * (e.g. a fresh wallet that hasn't rotated yet, or a wallet whose
+     * baseline-only repo carries no rotation history), the boot should
+     * re-derive the existing index rather than burn a new one.
+     */
+    async getCurrentSigningDescriptor() {
+        const state = await this.walletRepository.getWalletState();
+        const settings = this.parseSettings(state ?? {});
+        if (settings.lastIndexUsed === undefined)
+            return undefined;
+        return this.materializeAt(settings.lastIndexUsed);
+    }
     /**
      * Returns true when the given descriptor is derivable from this wallet's
      * seed. Delegates to the underlying identity, which handles both HD and
@@ -80,6 +100,15 @@ export class HDDescriptorProvider {
     async signMessageWithDescriptor(descriptor, message, signatureType = "schnorr") {
         return this.identity.signMessageWithDescriptor(descriptor, message, signatureType);
     }
+    /**
+     * HD providers participate in receive rotation. The default
+     * factory boot (contract-repo lookup → allocate fresh descriptor)
+     * is exactly what we want, so this just delegates to
+     * {@link WalletReceiveRotator.defaultBoot}.
+     */
+    async createReceiveRotator(opts) {
+        return WalletReceiveRotator.defaultBoot(this, opts);
+    }
     // ── internals ────────────────────────────────────────────────────
     /**
      * Substitute the wildcard in the identity's account-descriptor template

package/dist/esm/wallet/inputSignerRouter.js

@@ -0,0 +1,94 @@
+import { hex } from "@scure/base";
+import { DescriptorSigningProviderMissingError, MissingSigningDescriptorError, } from "./signingErrors.js";
+const DESCRIPTOR_CAPABLE_CONTRACT_TYPES = new Set(["default", "delegate"]);
+/**
+ * Routes PSBT inputs to the correct signer based on the owning contract.
+ * Inputs whose script matches a `default`/`delegate` contract with a
+ * non-baseline owner are sent to {@link DescriptorProvider}; everything
+ * else (baseline-owned contracts, non-default/non-delegate contracts,
+ * and the boarding script) is sent to {@link Identity}. Inputs with no
+ * matching contract and no boarding match are silently skipped, matching
+ * how the wallet historically handled cosigner/connector inputs.
+ */
+export class InputSignerRouter {
+    constructor(deps) {
+        this.deps = deps;
+    }
+    async sign(tx, jobs) {
+        if (jobs.length === 0)
+            return tx;
+        const distinctScripts = Array.from(new Set(jobs.map((j) => hex.encode(j.lookupScript))));
+        const contracts = await this.deps.contractRepository.getContracts({
+            script: distinctScripts,
+        });
+        // Repo may yield duplicates if seeded oddly; keep the first one
+        // for each script to match the wallet's historical behaviour.
+        const scriptToContract = new Map();
+        for (const contract of contracts) {
+            if (!scriptToContract.has(contract.script)) {
+                scriptToContract.set(contract.script, contract);
+            }
+        }
+        const baselinePubKeyHex = hex.encode(await this.deps.identity.xOnlyPublicKey());
+        const boardingScriptHex = hex.encode(this.deps.boardingPkScript);
+        const identityIndexes = [];
+        const descriptorGroups = new Map();
+        for (const job of jobs) {
+            const scriptHex = hex.encode(job.lookupScript);
+            const contract = scriptToContract.get(scriptHex);
+            if (!contract) {
+                if (scriptHex === boardingScriptHex) {
+                    identityIndexes.push(job.index);
+                }
+                continue;
+            }
+            if (!DESCRIPTOR_CAPABLE_CONTRACT_TYPES.has(contract.type)) {
+                identityIndexes.push(job.index);
+                continue;
+            }
+            // `baselinePubKeyHex` is freshly produced by `hex.encode`,
+            // so it is already lowercase. `contract.params.pubKey` is
+            // persisted data: a migration or custom repository adapter
+            // could legitimately store it uppercase, so canonicalize
+            // before comparing to match the legacy router behaviour.
+            const ownerPubKeyHex = contract.params.pubKey?.toLowerCase();
+            if (ownerPubKeyHex && ownerPubKeyHex === baselinePubKeyHex) {
+                identityIndexes.push(job.index);
+                continue;
+            }
+            const descriptor = contract.metadata?.signingDescriptor;
+            if (typeof descriptor !== "string" || descriptor.length === 0) {
+                throw new MissingSigningDescriptorError(contract.script, contract.type);
+            }
+            const bucket = descriptorGroups.get(descriptor);
+            if (bucket) {
+                bucket.push(job.index);
+            }
+            else {
+                descriptorGroups.set(descriptor, [job.index]);
+            }
+        }
+        let signed = tx;
+        if (identityIndexes.length > 0) {
+            signed = await this.deps.identity.sign(signed, identityIndexes);
+        }
+        if (descriptorGroups.size > 0) {
+            if (!this.deps.descriptorProvider) {
+                throw new DescriptorSigningProviderMissingError();
+            }
+            const sortedDescriptors = Array.from(descriptorGroups.keys()).sort();
+            for (const descriptor of sortedDescriptors) {
+                const indexes = descriptorGroups.get(descriptor);
+                const [next] = await this.deps.descriptorProvider.signWithDescriptor([
+                    {
+                        tx: signed,
+                        descriptor,
+                        inputIndexes: indexes,
+                    },
+                ]);
+                signed = next;
+            }
+        }
+        return signed;
+    }
+}

package/dist/esm/wallet/serviceWorker/wallet.js

@@ -917,6 +917,7 @@ export class ServiceWorkerWallet extends ServiceWorkerReadonlyWallet {
             indexerUrl: options.indexerUrl,
             esploraUrl: options.esploraUrl,
             settlementConfig: options.settlementConfig,
+            walletMode: options.walletMode,
             watcherConfig: options.watcherConfig,
             messageTimeouts,
         };

package/dist/esm/wallet/signingErrors.js

@@ -0,0 +1,27 @@
+/**
+ * Thrown when a rotated contract (default or delegate) is missing the
+ * metadata.signingDescriptor required to route it to a descriptor-aware
+ * signer.
+ */
+export class MissingSigningDescriptorError extends Error {
+    constructor(contractScript, contractType) {
+        super(`Cannot sign input for ${contractType} contract ${contractScript}: ` +
+            `metadata.signingDescriptor is missing. This wallet was rotated ` +
+            `on an earlier build that did not persist signing descriptors. ` +
+            `Manually set metadata.signingDescriptor on the contract record, ` +
+            `or restore from a pre-rotation snapshot.`);
+        this.contractScript = contractScript;
+        this.contractType = contractType;
+        this.name = "MissingSigningDescriptorError";
+    }
+}
+/**
+ * Thrown when an input needs descriptor-aware signing but no
+ * DescriptorProvider was wired into the wallet.
+ */
+export class DescriptorSigningProviderMissingError extends Error {
+    constructor() {
+        super("Descriptor signing requested but no DescriptorProvider was wired into this wallet");
+        this.name = "DescriptorSigningProviderMissingError";
+    }
+}

package/dist/esm/wallet/unroll.js

@@ -227,7 +227,11 @@ export async function prepareUnrollTransaction(wallet, vtxoTxIds, outputAddress)
     if (!feeRate || feeRate < Wallet.MIN_FEE_RATE) {
         feeRate = Wallet.MIN_FEE_RATE;
     }
-    const feeAmount = txWeightEstimator.vsize().fee(BigInt(feeRate));
+    // Esplora returns a `number` and bitcoind regtest sometimes reports
+    // fractional sat/vB (e.g. 1.006). `BigInt(1.006)` throws RangeError
+    // — round up so we always pay AT LEAST the advertised rate and
+    // satisfy BigInt's integer requirement.
+    const feeAmount = txWeightEstimator.vsize().fee(BigInt(Math.ceil(feeRate)));
     if (feeAmount > totalAmount) {
         throw new Error("fee amount is greater than the total amount");
     }