@babylonlabs-io/ts-sdk 0.17.0 → 0.17.1

package/dist/signAndSubmitPayouts-CAOEAQp9.js.map

@@ -1 +1 @@
-{"version":3,"file":"signAndSubmitPayouts-CAOEAQp9.js","sources":["../src/tbv/core/managers/PayoutManager.ts","../src/tbv/core/services/deposit/waitForPeginStatus.ts","../src/tbv/core/services/deposit/submitWotsPublicKey.ts","../src/tbv/core/services/deposit/signDepositorGraph.ts","../src/tbv/core/services/deposit/signAndSubmitPayouts.ts"],"sourcesContent":["/**\n * Payout Manager\n *\n * High-level manager that orchestrates the payout signing flow by coordinating\n * SDK primitives ({@link buildPayoutPsbt}, {@link extractPayoutSignature})\n * with a user-provided Bitcoin wallet.\n *\n * The Payout transaction references the Assert transaction (input 1).\n *\n * @see {@link PeginManager} - For Steps 1, 2, and 4 of peg-in flow\n * @see {@link buildPayoutPsbt} - Lower-level primitive for custom implementations\n * @see {@link extractPayoutSignature} - Extract signatures from signed PSBTs\n *\n * @module managers/PayoutManager\n */\n\nimport { Buffer } from \"buffer\";\n\nimport { Transaction } from \"bitcoinjs-lib\";\n\nimport type {\n  BitcoinWallet,\n  SignPsbtOptions,\n} from \"../../../shared/wallets\";\nimport { createTaprootScriptPathSignOptions } from \"../utils/signing\";\nimport {\n  buildPayoutPsbt,\n  extractPayoutSignature,\n  isValidHex,\n  stripHexPrefix,\n  validateWalletPubkey,\n  type Network,\n} from \"../primitives\";\n\n/**\n * Configuration for the PayoutManager.\n */\nexport interface PayoutManagerConfig {\n  /**\n   * Bitcoin network to use for transactions.\n   */\n  network: Network;\n\n  /**\n   * Bitcoin wallet for signing payout transactions.\n   */\n  btcWallet: BitcoinWallet;\n}\n\n/**\n * Base parameters shared by both payout transaction types.\n */\ninterface SignPayoutBaseParams {\n  /**\n   * Peg-in transaction hex.\n   * The original transaction that created the vault output being spent.\n   */\n  peginTxHex: string;\n\n  /**\n   * Vault provider's BTC public key (x-only, 64-char hex).\n   */\n  vaultProviderBtcPubkey: string;\n\n  /**\n   * Vault keeper BTC public keys (x-only, 64-char hex).\n   */\n  vaultKeeperBtcPubkeys: string[];\n\n  /**\n   * Universal challenger BTC public keys (x-only, 64-char hex).\n   */\n  universalChallengerBtcPubkeys: string[];\n\n  /**\n   * CSV timelock in blocks for the PegIn output.\n   */\n  timelockPegin: number;\n\n  /**\n   * Depositor's BTC public key (x-only, 64-char hex).\n   * This should be the public key that was used when creating the vault,\n   * as stored on-chain. If not provided, will be fetched from the wallet.\n   */\n  depositorBtcPubkey?: string;\n\n  /**\n   * The on-chain registered depositor payout scriptPubKey (hex, with or without 0x prefix).\n   * Used to validate that the VP-provided payout transaction actually pays to the\n   * correct depositor payout address before signing.\n   */\n  registeredPayoutScriptPubKey: string;\n}\n\n/**\n * Parameters for signing a Payout transaction.\n *\n * Payout is used in the challenge path after Assert, when the claimer proves validity.\n * Input 1 references the Assert transaction.\n */\nexport interface SignPayoutParams extends SignPayoutBaseParams {\n  /**\n   * Payout transaction hex (unsigned).\n   * This is the transaction from the vault provider that needs depositor signature.\n   */\n  payoutTxHex: string;\n\n  /**\n   * Assert transaction hex.\n   * Payout input 1 references Assert output 0.\n   */\n  assertTxHex: string;\n}\n\n/**\n * Result of signing a payout transaction.\n */\nexport interface PayoutSignatureResult {\n  /**\n   * 64-byte Schnorr signature (128 hex characters).\n   */\n  signature: string;\n\n  /**\n   * Depositor's BTC public key used for signing.\n   */\n  depositorBtcPubkey: string;\n}\n\n/**\n * High-level manager for payout transaction signing.\n *\n * @remarks\n * After registering your peg-in on Ethereum (Step 2), the vault provider prepares\n * claim/payout transaction pairs. You must sign each payout transaction using this\n * manager and submit the signatures to the vault provider's RPC API.\n *\n * **What happens internally:**\n * 1. Validates your wallet's public key matches the vault's depositor\n * 2. Builds an unsigned PSBT with taproot script path spend info\n * 3. Signs input 0 (the vault UTXO) with your wallet\n * 4. Extracts the 64-byte Schnorr signature\n *\n * **Note:** The payout transaction has 2 inputs. PayoutManager only signs input 0\n * (from the peg-in tx). Input 1 (from the assert tx) is signed by the vault provider.\n *\n * @see {@link PeginManager} - For the complete peg-in flow context\n * @see {@link buildPayoutPsbt} - Lower-level primitive used internally\n * @see {@link extractPayoutSignature} - Signature extraction primitive\n */\nexport class PayoutManager {\n  private readonly config: PayoutManagerConfig;\n\n  /**\n   * Creates a new PayoutManager instance.\n   *\n   * @param config - Manager configuration including wallet\n   */\n  constructor(config: PayoutManagerConfig) {\n    this.config = config;\n  }\n\n  /**\n   * Signs a Payout transaction and extracts the Schnorr signature.\n   *\n   * Flow:\n   * 1. Vault provider submits Claim transaction\n   * 2. Claimer submits Assert transaction to prove validity\n   * 3. Payout can be executed (references Assert tx)\n   *\n   * This method orchestrates the following steps:\n   * 1. Get wallet's public key and convert to x-only format\n   * 2. Validate wallet pubkey matches on-chain depositor pubkey (if provided)\n   * 3. Build unsigned PSBT using primitives\n   * 4. Sign PSBT via btcWallet.signPsbt()\n   * 5. Extract 64-byte Schnorr signature using primitives\n   *\n   * The returned signature can be submitted to the vault provider API.\n   *\n   * @param params - Payout signing parameters\n   * @returns Signature result with 64-byte Schnorr signature and depositor pubkey\n   * @throws Error if wallet pubkey doesn't match depositor pubkey\n   * @throws Error if wallet operations fail or signature extraction fails\n   */\n  async signPayoutTransaction(\n    params: SignPayoutParams,\n  ): Promise<PayoutSignatureResult> {\n    // Validate payout TX outputs pay to the registered depositor payout address\n    this.validatePayoutOutputs(\n      params.payoutTxHex,\n      params.registeredPayoutScriptPubKey,\n    );\n\n    // Validate wallet pubkey matches depositor and get both formats\n    const walletPubkeyRaw = await this.config.btcWallet.getPublicKeyHex();\n    const { depositorPubkey } = validateWalletPubkey(\n      walletPubkeyRaw,\n      params.depositorBtcPubkey,\n    );\n\n    // Build unsigned PSBT for Payout (uses Assert tx)\n    const payoutPsbt = await buildPayoutPsbt({\n      payoutTxHex: params.payoutTxHex,\n      peginTxHex: params.peginTxHex,\n      assertTxHex: params.assertTxHex,\n      depositorBtcPubkey: depositorPubkey,\n      vaultProviderBtcPubkey: params.vaultProviderBtcPubkey,\n      vaultKeeperBtcPubkeys: params.vaultKeeperBtcPubkeys,\n      universalChallengerBtcPubkeys: params.universalChallengerBtcPubkeys,\n      timelockPegin: params.timelockPegin,\n      network: this.config.network,\n    });\n\n    // Sign PSBT via wallet (Taproot script-path spend, input 0 only)\n    const signedPsbtHex = await this.config.btcWallet.signPsbt(\n      payoutPsbt.psbtHex,\n      createTaprootScriptPathSignOptions(walletPubkeyRaw, 1),\n    );\n\n    // Extract Schnorr signature\n    const signature = extractPayoutSignature(signedPsbtHex, depositorPubkey);\n\n    return {\n      signature,\n      depositorBtcPubkey: depositorPubkey,\n    };\n  }\n\n  /**\n   * Gets the configured Bitcoin network.\n   *\n   * @returns The Bitcoin network (mainnet, testnet, signet, regtest)\n   */\n  getNetwork(): Network {\n    return this.config.network;\n  }\n\n  /**\n   * Checks if the wallet supports batch signing (signPsbts).\n   *\n   * @returns true if batch signing is supported\n   */\n  supportsBatchSigning(): boolean {\n    return typeof this.config.btcWallet.signPsbts === \"function\";\n  }\n\n  /**\n   * Batch signs multiple payout transactions (1 per claimer).\n   * This allows signing all transactions with a single wallet interaction.\n   *\n   * @param transactions - Array of payout params to sign\n   * @returns Array of signature results matching input order\n   * @throws Error if wallet doesn't support batch signing\n   * @throws Error if any signing operation fails\n   */\n  async signPayoutTransactionsBatch(\n    transactions: SignPayoutParams[],\n  ): Promise<\n    Array<{\n      payoutSignature: string;\n      depositorBtcPubkey: string;\n    }>\n  > {\n    if (!this.supportsBatchSigning()) {\n      throw new Error(\n        \"Wallet does not support batch signing (signPsbts method not available)\",\n      );\n    }\n\n    // Get wallet pubkey once\n    const walletPubkeyRaw = await this.config.btcWallet.getPublicKeyHex();\n\n    // Build all PSBTs (1 per claimer)\n    const psbtsToSign: string[] = [];\n    const signOptions: SignPsbtOptions[] = [];\n    const depositorPubkeys: string[] = [];\n\n    for (const tx of transactions) {\n      // Validate payout TX outputs pay to the registered depositor payout address\n      this.validatePayoutOutputs(\n        tx.payoutTxHex,\n        tx.registeredPayoutScriptPubKey,\n      );\n\n      // Validate wallet pubkey matches depositor\n      const { depositorPubkey } = validateWalletPubkey(\n        walletPubkeyRaw,\n        tx.depositorBtcPubkey,\n      );\n      depositorPubkeys.push(depositorPubkey);\n\n      // Build Payout PSBT\n      const payoutPsbt = await buildPayoutPsbt({\n        payoutTxHex: tx.payoutTxHex,\n        peginTxHex: tx.peginTxHex,\n        assertTxHex: tx.assertTxHex,\n        depositorBtcPubkey: depositorPubkey,\n        vaultProviderBtcPubkey: tx.vaultProviderBtcPubkey,\n        vaultKeeperBtcPubkeys: tx.vaultKeeperBtcPubkeys,\n        universalChallengerBtcPubkeys: tx.universalChallengerBtcPubkeys,\n        timelockPegin: tx.timelockPegin,\n        network: this.config.network,\n      });\n      psbtsToSign.push(payoutPsbt.psbtHex);\n      signOptions.push(createTaprootScriptPathSignOptions(walletPubkeyRaw, 1));\n    }\n\n    // Batch sign all PSBTs with single wallet interaction\n    const signedPsbts = await this.config.btcWallet.signPsbts!(\n      psbtsToSign,\n      signOptions,\n    );\n\n    // Validate that wallet returned the expected number of signed PSBTs\n    if (signedPsbts.length !== transactions.length) {\n      throw new Error(\n        `Expected ${transactions.length} signed PSBTs but received ${signedPsbts.length}`,\n      );\n    }\n\n    // Extract signatures from signed PSBTs\n    const results: Array<{\n      payoutSignature: string;\n      depositorBtcPubkey: string;\n    }> = [];\n\n    for (let i = 0; i < transactions.length; i++) {\n      const depositorPubkey = depositorPubkeys[i];\n      const payoutSignature = extractPayoutSignature(\n        signedPsbts[i],\n        depositorPubkey,\n      );\n\n      results.push({\n        payoutSignature,\n        depositorBtcPubkey: depositorPubkey,\n      });\n    }\n\n    return results;\n  }\n\n  /**\n   * Validates that the payout transaction's largest output pays to the\n   * registered depositor payout address (scriptPubKey).\n   *\n   * This prevents two attack vectors from a malicious vault provider:\n   * 1. Substituting a completely different payout address\n   * 2. Including a dust output to the correct address while routing\n   *    the actual funds to an attacker-controlled address\n   *\n   * @param payoutTxHex - Raw payout transaction hex\n   * @param registeredPayoutScriptPubKey - On-chain registered scriptPubKey (hex, with or without 0x prefix)\n   * @throws Error if scriptPubKey is invalid hex\n   * @throws Error if the largest output does not pay to the registered address\n   */\n  private validatePayoutOutputs(\n    payoutTxHex: string,\n    registeredPayoutScriptPubKey: string,\n  ): void {\n    if (!isValidHex(registeredPayoutScriptPubKey)) {\n      throw new Error(\n        \"Invalid registeredPayoutScriptPubKey: not valid hex\",\n      );\n    }\n\n    const expectedScript = Buffer.from(\n      stripHexPrefix(registeredPayoutScriptPubKey),\n      \"hex\",\n    );\n    const payoutTx = Transaction.fromHex(stripHexPrefix(payoutTxHex));\n\n    if (payoutTx.outs.length === 0) {\n      throw new Error(\"Payout transaction has no outputs\");\n    }\n\n    // Find the largest output by value — this must pay to the registered address.\n    // A dust output to the correct address with funds routed elsewhere is rejected.\n    const largestOutput = payoutTx.outs.reduce((max, output) =>\n      output.value > max.value ? output : max,\n    );\n\n    if (!largestOutput.script.equals(expectedScript)) {\n      throw new Error(\n        \"Payout transaction does not pay to the registered depositor payout address\",\n      );\n    }\n  }\n}\n","/**\n * Poll `getPeginStatus` until the VP reaches one of the target statuses.\n *\n * Pure polling utility with no framework dependencies (no localStorage, no React).\n * Handles \"PegIn not found\" as transient (VP hasn't ingested yet).\n */\n\nimport { JsonRpcError } from \"../../clients/vault-provider/json-rpc-client\";\nimport {\n  RpcErrorCode,\n  VP_TERMINAL_STATUSES,\n  type DaemonStatus,\n} from \"../../clients/vault-provider/types\";\nimport type { PeginStatusReader } from \"./interfaces\";\n\n/** Default polling interval (10 seconds). */\nconst DEFAULT_POLL_INTERVAL_MS = 10_000;\n\nexport interface WaitForPeginStatusParams {\n  /** VP client implementing the status reader interface */\n  statusReader: PeginStatusReader;\n  /** BTC pegin transaction ID (unprefixed hex, 64 chars) */\n  peginTxid: string;\n  /** Set of acceptable statuses — polling stops when the VP reports one of these */\n  targetStatuses: ReadonlySet<DaemonStatus>;\n  /** Maximum time to wait in milliseconds */\n  timeoutMs: number;\n  /** Polling interval in milliseconds (default: 10s) */\n  pollIntervalMs?: number;\n  /** AbortSignal for cancellation */\n  signal?: AbortSignal;\n}\n\n/**\n * Poll `getPeginStatus` until the VP reaches one of the target statuses.\n *\n * @returns The DaemonStatus string that matched one of the targets\n * @throws Error on timeout, abort, or non-transient RPC error\n */\nexport async function waitForPeginStatus(\n  params: WaitForPeginStatusParams,\n): Promise<DaemonStatus> {\n  const {\n    statusReader,\n    peginTxid,\n    targetStatuses,\n    timeoutMs,\n    pollIntervalMs = DEFAULT_POLL_INTERVAL_MS,\n    signal,\n  } = params;\n\n  const startTime = Date.now();\n\n  while (true) {\n    if (signal?.aborted) {\n      throw new Error(\n        `Polling aborted for pegin ${peginTxid.slice(0, 8)}… (target: ${[...targetStatuses].join(\", \")})`,\n      );\n    }\n\n    if (Date.now() - startTime >= timeoutMs) {\n      throw new Error(\n        `Polling timeout after ${timeoutMs}ms for pegin ${peginTxid.slice(0, 8)}… (target: ${[...targetStatuses].join(\", \")})`,\n      );\n    }\n\n    try {\n      const response = await statusReader.getPeginStatus(\n        { pegin_txid: peginTxid },\n        signal,\n      );\n\n      const status = response.status as DaemonStatus;\n      if (targetStatuses.has(status)) {\n        return status;\n      }\n      // Fail fast on terminal statuses to avoid waiting for timeout\n      if (VP_TERMINAL_STATUSES.has(status) && !targetStatuses.has(status)) {\n        throw new Error(\n          `Pegin ${peginTxid.slice(0, 8)}… reached terminal status \"${status}\" while waiting for ${[...targetStatuses].join(\", \")}`,\n        );\n      }\n    } catch (error) {\n      // \"PegIn not found\" is transient — VP hasn't ingested the pegin yet.\n      // Check structured error code first, fall back to message matching.\n      const isNotFound =\n        (error instanceof JsonRpcError &&\n          error.code === RpcErrorCode.NOT_FOUND) ||\n        (error instanceof Error && error.message.includes(\"PegIn not found\"));\n      if (!isNotFound) {\n        throw error;\n      }\n    }\n\n    // Wait before next poll, with abort support\n    await new Promise<void>((resolve, reject) => {\n      const onAbort = () => {\n        clearTimeout(timeoutId);\n        reject(\n          new Error(\n            `Polling aborted for pegin ${peginTxid.slice(0, 8)}… (target: ${[...targetStatuses].join(\", \")})`,\n          ),\n        );\n      };\n      const timeoutId = setTimeout(() => {\n        signal?.removeEventListener(\"abort\", onAbort);\n        resolve();\n      }, pollIntervalMs);\n      signal?.addEventListener(\"abort\", onAbort, { once: true });\n    });\n  }\n}\n","/**\n * Submit pre-derived WOTS public keys to the vault provider.\n *\n * Polls `getPeginStatus` until the VP reaches `PendingDepositorWotsPK`,\n * then submits the keys. If the VP has already moved past WOTS step\n * (e.g., resume flow), submission is skipped.\n *\n * The caller is responsible for deriving WOTS keys externally using\n * `mnemonicToWotsSeed` + `deriveWotsBlockPublicKeys` from the SDK's\n * `tbv/core/wots` module.\n */\n\nimport {\n  DaemonStatus,\n  POST_WOTS_STATUSES,\n  type WotsBlockPublicKey,\n} from \"../../clients/vault-provider/types\";\nimport type { PeginStatusReader, WotsKeySubmitter } from \"./interfaces\";\nimport { waitForPeginStatus } from \"./waitForPeginStatus\";\n\n/** Maximum time to wait for VP to reach PendingDepositorWotsPK (5 min). */\nconst STATUS_POLL_TIMEOUT_MS = 5 * 60 * 1000;\n\n/** All statuses we accept — either ready for submission or already past it. */\nconst TARGET_STATUSES: ReadonlySet<DaemonStatus> = new Set([\n  DaemonStatus.PENDING_DEPOSITOR_WOTS_PK,\n  ...POST_WOTS_STATUSES,\n]);\n\nexport interface SubmitWotsPublicKeyParams {\n  /** VP client implementing the status reader interface */\n  statusReader: PeginStatusReader;\n  /** VP client implementing the WOTS key submission interface */\n  wotsSubmitter: WotsKeySubmitter;\n  /** BTC pegin transaction ID (unprefixed hex, 64 chars) */\n  peginTxid: string;\n  /** Depositor's x-only BTC public key (unprefixed hex, 64 chars) */\n  depositorPk: string;\n  /** Pre-derived WOTS block public keys (one per assert block) */\n  wotsPublicKeys: WotsBlockPublicKey[];\n  /** Maximum time to wait for VP to be ready (default: 5 min) */\n  timeoutMs?: number;\n  /** AbortSignal for cancellation */\n  signal?: AbortSignal;\n}\n\n/**\n * Submit WOTS public keys to the vault provider.\n *\n * @throws Error on timeout, abort, or RPC error\n */\nexport async function submitWotsPublicKey(\n  params: SubmitWotsPublicKeyParams,\n): Promise<void> {\n  const {\n    statusReader,\n    wotsSubmitter,\n    peginTxid,\n    depositorPk,\n    wotsPublicKeys,\n    timeoutMs = STATUS_POLL_TIMEOUT_MS,\n    signal,\n  } = params;\n\n  signal?.throwIfAborted();\n\n  // Wait until VP has ingested the pegin and is ready for the WOTS key.\n  const status = await waitForPeginStatus({\n    statusReader,\n    peginTxid,\n    targetStatuses: TARGET_STATUSES,\n    timeoutMs,\n    signal,\n  });\n\n  // Key was already submitted in a previous session (e.g. resume flow)\n  if (POST_WOTS_STATUSES.has(status as DaemonStatus)) {\n    return;\n  }\n\n  signal?.throwIfAborted();\n\n  await wotsSubmitter.submitDepositorWotsKey(\n    {\n      pegin_txid: peginTxid,\n      depositor_pk: depositorPk,\n      wots_public_keys: wotsPublicKeys,\n    },\n    signal,\n  );\n}\n","/**\n * Depositor Graph Signing Service\n *\n * Signs the depositor's own graph transactions (Payout, NoPayout per challenger)\n * using pre-built PSBTs from the vault provider.\n *\n * The VP returns unsigned PSBTs with prevouts, scripts, and taproot metadata\n * already embedded (BIP 174), so any standard PSBT-compatible signer can\n * produce signatures without extra context.\n *\n * Transaction counts: 1 Payout + N NoPayout = 1 + N total PSBTs\n *\n * @see btc-vault docs/pegin.md — \"Automatic Graph Creation & Presigning\"\n */\n\nimport { Psbt } from \"bitcoinjs-lib\";\n\nimport type { BitcoinWallet, SignPsbtOptions } from \"../../../../shared/wallets/interfaces\";\nimport type {\n  DepositorAsClaimerPresignatures,\n  DepositorGraphTransactions,\n  DepositorPreSigsPerChallenger,\n} from \"../../clients/vault-provider/types\";\nimport { extractPayoutSignature } from \"../../primitives/psbt/payout\";\nimport { stripHexPrefix } from \"../../primitives/utils/bitcoin\";\nimport { createTaprootScriptPathSignOptions } from \"../../utils/signing\";\n\n/**\n * Each payout/nopayout PSBT has exactly one input that needs signing.\n * Used to construct SignPsbtOptions for wallet.signPsbt().\n */\nconst SINGLE_PSBT_INPUT_COUNT = 1;\n\n/** Tracks which indices in the flat PSBT array belong to which challenger */\ninterface ChallengerEntry {\n  challengerPubkey: string;\n  noPayoutIdx: number;\n}\n\n/** Result of the collect phase — flat PSBT array with index mapping */\ninterface CollectedDepositorGraphPsbts {\n  psbtHexes: string[];\n  signOptions: SignPsbtOptions[];\n  challengerEntries: ChallengerEntry[];\n}\n\n// ============================================================================\n// PSBT verification — ensure pre-built PSBTs match advertised tx_hex\n// ============================================================================\n\n/**\n * Parse a base64-encoded PSBT and verify its unsigned transaction matches\n * the expected transaction hex. Catches VP serialization bugs.\n */\nfunction verifyAndParsePsbt(\n  psbtBase64: string,\n  expectedTxHex: string,\n  label: string,\n): Psbt {\n  const psbt = Psbt.fromBase64(psbtBase64);\n  const unsignedTxHex = psbt.data\n    .getTransaction()\n    .toString(\"hex\")\n    .toLowerCase();\n  const normalizedExpected = stripHexPrefix(expectedTxHex).toLowerCase();\n  if (unsignedTxHex !== normalizedExpected) {\n    throw new Error(\n      `PSBT integrity check failed for ${label}: unsigned transaction does not match tx_hex`,\n    );\n  }\n  return psbt;\n}\n\n/**\n * Sanitize a parsed PSBT for Taproot script-path signing.\n *\n * VP-provided PSBTs include tapBip32Derivation and tapMerkleRoot metadata\n * that causes some wallets (notably OKX) to ignore disableTweakSigner and\n * sign with a tweaked key. Stripping these fields forces the wallet to\n * rely solely on tapLeafScript for script-path signing.\n */\nfunction sanitizePsbtForScriptPathSigning(psbt: Psbt): Psbt {\n  const clone = Psbt.fromHex(psbt.toHex());\n  for (const input of clone.data.inputs) {\n    delete input.tapBip32Derivation;\n    delete input.tapMerkleRoot;\n  }\n  return clone;\n}\n\n/**\n * Validate, verify integrity, sanitize, and convert a PSBT to hex.\n */\nfunction validateAndConvertPsbt(\n  psbtBase64: string | undefined,\n  expectedTxHex: string,\n  label: string,\n): string {\n  if (!psbtBase64) {\n    throw new Error(`Missing ${label} PSBT`);\n  }\n  const psbt = verifyAndParsePsbt(psbtBase64, expectedTxHex, label);\n  const sanitized = sanitizePsbtForScriptPathSigning(psbt);\n  return sanitized.toHex();\n}\n\n// ============================================================================\n// Collect phase — decode pre-built PSBTs from VP response\n// ============================================================================\n\n/**\n * Collect all pre-built PSBTs from the depositor graph and track their indices.\n * Layout: [Payout, NoPayout_0, NoPayout_1, ...]\n */\nfunction collectDepositorGraphPsbts(\n  depositorGraph: DepositorGraphTransactions,\n  walletPublicKey: string,\n): CollectedDepositorGraphPsbts {\n  const psbtHexes: string[] = [];\n  const signOptions: SignPsbtOptions[] = [];\n  const challengerEntries: ChallengerEntry[] = [];\n\n  const singleInputOpts = createTaprootScriptPathSignOptions(\n    walletPublicKey,\n    SINGLE_PSBT_INPUT_COUNT,\n  );\n\n  // Index 0: Payout PSBT\n  const payoutHex = validateAndConvertPsbt(\n    depositorGraph.payout_psbt,\n    depositorGraph.payout_tx.tx_hex,\n    \"depositor payout\",\n  );\n  psbtHexes.push(payoutHex);\n  signOptions.push(singleInputOpts);\n\n  // Per-challenger: 1 NoPayout\n  for (const challenger of depositorGraph.challenger_presign_data) {\n    const challengerPubkey = stripHexPrefix(challenger.challenger_pubkey);\n\n    const noPayoutIdx = psbtHexes.length;\n    const noPayoutHex = validateAndConvertPsbt(\n      challenger.nopayout_psbt,\n      challenger.nopayout_tx.tx_hex,\n      `nopayout (challenger ${challengerPubkey})`,\n    );\n    psbtHexes.push(noPayoutHex);\n    signOptions.push(singleInputOpts);\n\n    challengerEntries.push({\n      challengerPubkey,\n      noPayoutIdx,\n    });\n  }\n\n  return { psbtHexes, signOptions, challengerEntries };\n}\n\n// ============================================================================\n// Extract phase\n// ============================================================================\n\n/**\n * Extract all signatures from signed PSBTs and assemble into presignatures.\n */\nfunction extractDepositorGraphSignatures(\n  signedPsbtHexes: string[],\n  challengerEntries: ChallengerEntry[],\n  depositorPubkey: string,\n): DepositorAsClaimerPresignatures {\n  const payoutSignature = extractPayoutSignature(\n    signedPsbtHexes[0],\n    depositorPubkey,\n  );\n\n  const perChallenger: Record<string, DepositorPreSigsPerChallenger> = {};\n  for (const entry of challengerEntries) {\n    perChallenger[entry.challengerPubkey] = {\n      nopayout_signature: extractPayoutSignature(\n        signedPsbtHexes[entry.noPayoutIdx],\n        depositorPubkey,\n      ),\n    };\n  }\n\n  return {\n    payout_signatures: {\n      payout_signature: payoutSignature,\n    },\n    per_challenger: perChallenger,\n  };\n}\n\n/**\n * Sign multiple PSBTs, using batch signing when the wallet supports it.\n * Falls back to sequential `signPsbt` calls for wallets without `signPsbts`.\n */\nasync function signPsbtsWithFallback(\n  wallet: BitcoinWallet,\n  psbtHexes: string[],\n  options?: SignPsbtOptions[],\n): Promise<string[]> {\n  if (typeof wallet.signPsbts === \"function\") {\n    return wallet.signPsbts(psbtHexes, options);\n  }\n\n  const signed: string[] = [];\n  for (let i = 0; i < psbtHexes.length; i++) {\n    signed.push(await wallet.signPsbt(psbtHexes[i], options?.[i]));\n  }\n  return signed;\n}\n\n// ============================================================================\n// Main entry point\n// ============================================================================\n\nexport interface SignDepositorGraphParams {\n  /** The depositor graph from VP response (contains pre-built PSBTs) */\n  depositorGraph: DepositorGraphTransactions;\n  /** Depositor's BTC public key (x-only, 64-char hex, no 0x prefix) */\n  depositorBtcPubkey: string;\n  /** Bitcoin wallet for signing */\n  btcWallet: BitcoinWallet;\n}\n\n/**\n * Sign all depositor graph transactions and assemble into presignatures.\n *\n * Flow:\n * 1. Collect pre-built PSBTs from VP response (base64 -> hex)\n * 2. Batch sign via wallet.signPsbts() if available, else sequential signPsbt()\n * 3. Extract Schnorr signatures from each signed PSBT\n * 4. Assemble into DepositorAsClaimerPresignatures\n */\nexport async function signDepositorGraph(\n  params: SignDepositorGraphParams,\n): Promise<DepositorAsClaimerPresignatures> {\n  const { depositorGraph, depositorBtcPubkey, btcWallet } = params;\n\n  const depositorPubkey = stripHexPrefix(depositorBtcPubkey);\n  const walletPublicKey = await btcWallet.getPublicKeyHex();\n\n  // 1. Collect pre-built PSBTs from VP response\n  const { psbtHexes, signOptions, challengerEntries } =\n    collectDepositorGraphPsbts(depositorGraph, walletPublicKey);\n\n  // 2. Sign all PSBTs (batch when supported, sequential fallback for mobile)\n  const signedPsbtHexes = await signPsbtsWithFallback(\n    btcWallet,\n    psbtHexes,\n    signOptions,\n  );\n\n  if (signedPsbtHexes.length !== psbtHexes.length) {\n    throw new Error(\n      `Wallet returned ${signedPsbtHexes.length} signed PSBTs, expected ${psbtHexes.length}`,\n    );\n  }\n\n  // 3. Extract signatures and assemble presignatures\n  return extractDepositorGraphSignatures(\n    signedPsbtHexes,\n    challengerEntries,\n    depositorPubkey,\n  );\n}\n","/**\n * Payout Signing Orchestration\n *\n * Polls VP for `PendingDepositorSignatures`, fetches presign transactions,\n * signs payouts via PayoutManager, signs the depositor graph, and submits\n * all signatures back to the VP.\n *\n * This is the main deposit protocol step between registration and activation.\n */\n\nimport type { Network } from \"@babylonlabs-io/babylon-tbv-rust-wasm\";\nimport * as bitcoin from \"bitcoinjs-lib\";\nimport { Buffer } from \"buffer\";\n\nimport type { BitcoinWallet } from \"../../../../shared/wallets/interfaces\";\nimport { DaemonStatus } from \"../../clients/vault-provider/types\";\nimport type {\n  ClaimerSignatures,\n  ClaimerTransactions,\n} from \"../../clients/vault-provider/types\";\nimport { PayoutManager } from \"../../managers/PayoutManager\";\nimport {\n  processPublicKeyToXOnly,\n  stripHexPrefix,\n} from \"../../primitives/utils/bitcoin\";\nimport type { PeginStatusReader, PresignClient } from \"./interfaces\";\nimport { signDepositorGraph } from \"./signDepositorGraph\";\nimport { waitForPeginStatus } from \"./waitForPeginStatus\";\n\n// ============================================================================\n// Types\n// ============================================================================\n\n/**\n * Context required for signing payout transactions.\n * Caller builds this from on-chain data (contract queries, GraphQL, config).\n */\nexport interface PayoutSigningContext {\n  /** Raw pegin BTC transaction hex (for PSBT construction) */\n  peginTxHex: string;\n  /** Vault provider's BTC public key (x-only hex, no prefix) */\n  vaultProviderBtcPubkey: string;\n  /** Sorted vault keeper BTC public keys (x-only hex, no prefix) */\n  vaultKeeperBtcPubkeys: string[];\n  /** Sorted universal challenger BTC public keys (x-only hex, no prefix) */\n  universalChallengerBtcPubkeys: string[];\n  /** Depositor's BTC public key (x-only hex, no prefix) */\n  depositorBtcPubkey: string;\n  /** Pegin timelock from the locked offchain params version */\n  timelockPegin: number;\n  /** BTC network (Mainnet, Testnet, etc.) */\n  network: Network;\n  /** On-chain registered depositor payout scriptPubKey (hex) */\n  registeredPayoutScriptPubKey: string;\n}\n\nexport interface PollAndSignPayoutsParams {\n  /** VP client implementing the status reader interface */\n  statusReader: PeginStatusReader;\n  /** VP client implementing the presign transaction flow interface */\n  presignClient: PresignClient;\n  /** Bitcoin wallet for signing */\n  btcWallet: BitcoinWallet;\n  /** BTC pegin transaction ID (unprefixed hex, 64 chars) */\n  peginTxid: string;\n  /** Depositor's x-only BTC public key (unprefixed hex, 64 chars) */\n  depositorPk: string;\n  /** Signing context built from on-chain data */\n  signingContext: PayoutSigningContext;\n  /** Maximum polling timeout in milliseconds (default: 20 min) */\n  timeoutMs?: number;\n  /** AbortSignal for cancellation */\n  signal?: AbortSignal;\n  /** Optional progress callback (completed claimers, total claimers) */\n  onProgress?: (completed: number, total: number) => void;\n}\n\n// ============================================================================\n// Constants\n// ============================================================================\n\n/** Maximum polling timeout (20 minutes) — VP may take 15-20 min to prepare. */\nconst MAX_POLLING_TIMEOUT_MS = 20 * 60 * 1000;\n\n/** Statuses after payout signatures are submitted — if VP is already here, skip. */\nconst POST_PAYOUT_STATUSES: ReadonlySet<DaemonStatus> = new Set([\n  DaemonStatus.PENDING_ACKS,\n  DaemonStatus.PENDING_ACTIVATION,\n  DaemonStatus.ACTIVATED,\n]);\n\nconst TARGET_STATUS: ReadonlySet<DaemonStatus> = new Set([\n  DaemonStatus.PENDING_DEPOSITOR_SIGNATURES,\n  ...POST_PAYOUT_STATUSES,\n]);\n\n// ============================================================================\n// Internal helpers\n// ============================================================================\n\ninterface PreparedTransaction {\n  claimerPubkeyXOnly: string;\n  payoutTxHex: string;\n  assertTxHex: string;\n}\n\nfunction prepareTransactionsForSigning(\n  claimerTransactions: ClaimerTransactions[],\n): PreparedTransaction[] {\n  return claimerTransactions.map((tx) => ({\n    claimerPubkeyXOnly: processPublicKeyToXOnly(tx.claimer_pubkey),\n    payoutTxHex: tx.payout_tx.tx_hex,\n    assertTxHex: tx.assert_tx.tx_hex,\n  }));\n}\n\n/**\n * Derive BIP-86 P2TR scriptPubKey hex from an x-only public key.\n * Requires bitcoinjs-lib ECC to be initialized by the caller.\n */\nfunction deriveBip86ScriptPubKey(xOnlyPubkeyHex: string): string {\n  const { output } = bitcoin.payments.p2tr({\n    internalPubkey: Buffer.from(xOnlyPubkeyHex, \"hex\"),\n  });\n  if (!output) {\n    throw new Error(\"Failed to derive BIP-86 P2TR scriptPubKey\");\n  }\n  return output.toString(\"hex\");\n}\n\n/**\n * Resolve the expected payout scriptPubKey for a given claimer.\n *\n * - VP/Depositor claimer: payout goes to the depositor's registered payout address\n * - VK claimer: payout goes to a BIP-86 P2TR address derived from the VK's pubkey\n *\n * Note: BIP-86 derivation for VK claimers requires bitcoinjs-lib's ECC to be initialized.\n */\nfunction resolvePayoutScriptPubKey(\n  claimerPubkeyXOnly: string,\n  context: PayoutSigningContext,\n): string {\n  const claimer = stripHexPrefix(claimerPubkeyXOnly).toLowerCase();\n  const vpPubkey = stripHexPrefix(\n    context.vaultProviderBtcPubkey,\n  ).toLowerCase();\n  const depositorPubkey = stripHexPrefix(\n    context.depositorBtcPubkey,\n  ).toLowerCase();\n\n  if (claimer === vpPubkey || claimer === depositorPubkey) {\n    return context.registeredPayoutScriptPubKey;\n  }\n\n  // Verify claimer is a known vault keeper\n  const isVaultKeeper = context.vaultKeeperBtcPubkeys.some(\n    (vk) => stripHexPrefix(vk).toLowerCase() === claimer,\n  );\n  if (!isVaultKeeper) {\n    throw new Error(\n      `Unknown claimer pubkey ${claimer}: not VP, depositor, or a registered vault keeper`,\n    );\n  }\n\n  // VK claimer: derive BIP-86 P2TR scriptPubKey from the VK's x-only pubkey\n  const scriptPubKey = deriveBip86ScriptPubKey(claimer);\n  return `0x${scriptPubKey}`;\n}\n\nfunction buildPayoutSigningInput(\n  tx: PreparedTransaction,\n  context: PayoutSigningContext,\n) {\n  return {\n    payoutTxHex: tx.payoutTxHex,\n    peginTxHex: context.peginTxHex,\n    assertTxHex: tx.assertTxHex,\n    vaultProviderBtcPubkey: context.vaultProviderBtcPubkey,\n    vaultKeeperBtcPubkeys: context.vaultKeeperBtcPubkeys,\n    universalChallengerBtcPubkeys: context.universalChallengerBtcPubkeys,\n    depositorBtcPubkey: context.depositorBtcPubkey,\n    timelockPegin: context.timelockPegin,\n    registeredPayoutScriptPubKey: resolvePayoutScriptPubKey(\n      tx.claimerPubkeyXOnly,\n      context,\n    ),\n  };\n}\n\n/**\n * Sign all payout transactions using PayoutManager.\n * Uses batch signing when wallet supports it, sequential otherwise.\n */\nasync function signPayoutTransactions(\n  btcWallet: BitcoinWallet,\n  context: PayoutSigningContext,\n  transactions: PreparedTransaction[],\n  onProgress?: (completed: number, total: number) => void,\n): Promise<Record<string, ClaimerSignatures>> {\n  const payoutManager = new PayoutManager({\n    network: context.network,\n    btcWallet,\n  });\n\n  const totalClaimers = transactions.length;\n  onProgress?.(0, totalClaimers);\n\n  let payoutSignatures: string[];\n\n  if (payoutManager.supportsBatchSigning()) {\n    const results = await payoutManager.signPayoutTransactionsBatch(\n      transactions.map((tx) => buildPayoutSigningInput(tx, context)),\n    );\n    payoutSignatures = results.map((r) => r.payoutSignature);\n  } else {\n    payoutSignatures = [];\n    for (let i = 0; i < transactions.length; i++) {\n      onProgress?.(i, totalClaimers);\n      const result = await payoutManager.signPayoutTransaction(\n        buildPayoutSigningInput(transactions[i], context),\n      );\n      payoutSignatures.push(result.signature);\n    }\n  }\n\n  const signatures: Record<string, ClaimerSignatures> = {};\n  for (let i = 0; i < transactions.length; i++) {\n    signatures[transactions[i].claimerPubkeyXOnly] = {\n      payout_signature: payoutSignatures[i],\n    };\n  }\n\n  onProgress?.(totalClaimers, totalClaimers);\n  return signatures;\n}\n\n// ============================================================================\n// Main entry point\n// ============================================================================\n\n/**\n * Poll for payout transactions, sign them, sign the depositor graph,\n * and submit all signatures to the vault provider.\n *\n * This is the main deposit protocol step between registration and activation.\n *\n * @throws Error on timeout, abort, signing failure, or RPC error\n */\nexport async function pollAndSignPayouts(\n  params: PollAndSignPayoutsParams,\n): Promise<void> {\n  const {\n    statusReader,\n    presignClient,\n    btcWallet,\n    peginTxid,\n    depositorPk,\n    signingContext,\n    timeoutMs = MAX_POLLING_TIMEOUT_MS,\n    signal,\n    onProgress,\n  } = params;\n\n  // Phase 1: Poll until VP is ready for depositor signatures (or already past)\n  const status = await waitForPeginStatus({\n    statusReader,\n    peginTxid,\n    targetStatuses: TARGET_STATUS,\n    timeoutMs,\n    signal,\n  });\n\n  // Resume-safe: if VP already moved past payout signing, nothing to do\n  if (POST_PAYOUT_STATUSES.has(status)) {\n    return;\n  }\n\n  signal?.throwIfAborted();\n\n  // Phase 2: Fetch presign transactions\n  const response = await presignClient.requestDepositorPresignTransactions(\n    {\n      pegin_txid: peginTxid,\n      depositor_pk: depositorPk,\n    },\n    signal,\n  );\n\n  signal?.throwIfAborted();\n\n  // Phase 3: Sign VP/VK claimer payout transactions\n  // Filter out the depositor's own claimer entry — its payout is signed\n  // separately via signDepositorGraph (Phase 4) using VP-provided PSBTs.\n  // Including it here would cause a redundant wallet signing prompt whose\n  // result is discarded when the depositor graph signature overwrites it.\n  const depositorPkNormalized = processPublicKeyToXOnly(depositorPk);\n  const nonDepositorTxs = response.txs.filter(\n    (tx) => processPublicKeyToXOnly(tx.claimer_pubkey) !== depositorPkNormalized,\n  );\n  const preparedTransactions = prepareTransactionsForSigning(nonDepositorTxs);\n  const claimerSignatures = await signPayoutTransactions(\n    btcWallet,\n    signingContext,\n    preparedTransactions,\n    onProgress,\n  );\n\n  signal?.throwIfAborted();\n\n  // Phase 4: Sign depositor-as-claimer graph\n  const depositorClaimerPresignatures = await signDepositorGraph({\n    depositorGraph: response.depositor_graph,\n    depositorBtcPubkey: depositorPk,\n    btcWallet,\n  });\n\n  signal?.throwIfAborted();\n\n  // Phase 5: Submit all signatures to VP\n  // Include depositor's own payout signature in the signatures map\n  const allSignatures = { ...claimerSignatures };\n  allSignatures[stripHexPrefix(depositorPk)] =\n    depositorClaimerPresignatures.payout_signatures;\n\n  await presignClient.submitDepositorPresignatures(\n    {\n      pegin_txid: peginTxid,\n      depositor_pk: depositorPk,\n      signatures: allSignatures,\n      depositor_claimer_presignatures: depositorClaimerPresignatures,\n    },\n    signal,\n  );\n}\n"],"names":["PayoutManager","config","__publicField","params","walletPubkeyRaw","depositorPubkey","validateWalletPubkey","payoutPsbt","buildPayoutPsbt","signedPsbtHex","createTaprootScriptPathSignOptions","extractPayoutSignature","transactions","psbtsToSign","signOptions","depositorPubkeys","tx","signedPsbts","results","i","payoutSignature","payoutTxHex","registeredPayoutScriptPubKey","isValidHex","expectedScript","Buffer","stripHexPrefix","payoutTx","Transaction","max","output","DEFAULT_POLL_INTERVAL_MS","waitForPeginStatus","statusReader","peginTxid","targetStatuses","timeoutMs","pollIntervalMs","signal","startTime","status","VP_TERMINAL_STATUSES","error","JsonRpcError","RpcErrorCode","resolve","reject","onAbort","timeoutId","STATUS_POLL_TIMEOUT_MS","TARGET_STATUSES","DaemonStatus","POST_WOTS_STATUSES","submitWotsPublicKey","wotsSubmitter","depositorPk","wotsPublicKeys","SINGLE_PSBT_INPUT_COUNT","verifyAndParsePsbt","psbtBase64","expectedTxHex","label","psbt","Psbt","unsignedTxHex","normalizedExpected","sanitizePsbtForScriptPathSigning","clone","input","validateAndConvertPsbt","collectDepositorGraphPsbts","depositorGraph","walletPublicKey","psbtHexes","challengerEntries","singleInputOpts","payoutHex","challenger","challengerPubkey","noPayoutIdx","noPayoutHex","extractDepositorGraphSignatures","signedPsbtHexes","perChallenger","entry","signPsbtsWithFallback","wallet","options","signed","signDepositorGraph","depositorBtcPubkey","btcWallet","MAX_POLLING_TIMEOUT_MS","POST_PAYOUT_STATUSES","TARGET_STATUS","prepareTransactionsForSigning","claimerTransactions","processPublicKeyToXOnly","deriveBip86ScriptPubKey","xOnlyPubkeyHex","bitcoin","resolvePayoutScriptPubKey","claimerPubkeyXOnly","context","claimer","vpPubkey","vk","buildPayoutSigningInput","signPayoutTransactions","onProgress","payoutManager","totalClaimers","payoutSignatures","r","result","signatures","pollAndSignPayouts","presignClient","signingContext","response","depositorPkNormalized","nonDepositorTxs","preparedTransactions","claimerSignatures","depositorClaimerPresignatures","allSignatures"],"mappings":";;;;;;;;;;;AAsJO,MAAMA,EAAc;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQzB,YAAYC,GAA6B;AAPxB,IAAAC,EAAA;AAQf,SAAK,SAASD;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAwBA,MAAM,sBACJE,GACgC;AAEhC,SAAK;AAAA,MACHA,EAAO;AAAA,MACPA,EAAO;AAAA,IAAA;AAIT,UAAMC,IAAkB,MAAM,KAAK,OAAO,UAAU,gBAAA,GAC9C,EAAE,iBAAAC,MAAoBC;AAAA,MAC1BF;AAAA,MACAD,EAAO;AAAA,IAAA,GAIHI,IAAa,MAAMC,EAAgB;AAAA,MACvC,aAAaL,EAAO;AAAA,MACpB,YAAYA,EAAO;AAAA,MACnB,aAAaA,EAAO;AAAA,MACpB,oBAAoBE;AAAA,MACpB,wBAAwBF,EAAO;AAAA,MAC/B,uBAAuBA,EAAO;AAAA,MAC9B,+BAA+BA,EAAO;AAAA,MACtC,eAAeA,EAAO;AAAA,MACtB,SAAS,KAAK,OAAO;AAAA,IAAA,CACtB,GAGKM,IAAgB,MAAM,KAAK,OAAO,UAAU;AAAA,MAChDF,EAAW;AAAA,MACXG,EAAmCN,GAAiB,CAAC;AAAA,IAAA;AAMvD,WAAO;AAAA,MACL,WAHgBO,EAAuBF,GAAeJ,CAAe;AAAA,MAIrE,oBAAoBA;AAAA,IAAA;AAAA,EAExB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,aAAsB;AACpB,WAAO,KAAK,OAAO;AAAA,EACrB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,uBAAgC;AAC9B,WAAO,OAAO,KAAK,OAAO,UAAU,aAAc;AAAA,EACpD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,MAAM,4BACJO,GAMA;AACA,QAAI,CAAC,KAAK;AACR,YAAM,IAAI;AAAA,QACR;AAAA,MAAA;AAKJ,UAAMR,IAAkB,MAAM,KAAK,OAAO,UAAU,gBAAA,GAG9CS,IAAwB,CAAA,GACxBC,IAAiC,CAAA,GACjCC,IAA6B,CAAA;AAEnC,eAAWC,KAAMJ,GAAc;AAE7B,WAAK;AAAA,QACHI,EAAG;AAAA,QACHA,EAAG;AAAA,MAAA;AAIL,YAAM,EAAE,iBAAAX,MAAoBC;AAAA,QAC1BF;AAAA,QACAY,EAAG;AAAA,MAAA;AAEL,MAAAD,EAAiB,KAAKV,CAAe;AAGrC,YAAME,IAAa,MAAMC,EAAgB;AAAA,QACvC,aAAaQ,EAAG;AAAA,QAChB,YAAYA,EAAG;AAAA,QACf,aAAaA,EAAG;AAAA,QAChB,oBAAoBX;AAAA,QACpB,wBAAwBW,EAAG;AAAA,QAC3B,uBAAuBA,EAAG;AAAA,QAC1B,+BAA+BA,EAAG;AAAA,QAClC,eAAeA,EAAG;AAAA,QAClB,SAAS,KAAK,OAAO;AAAA,MAAA,CACtB;AACD,MAAAH,EAAY,KAAKN,EAAW,OAAO,GACnCO,EAAY,KAAKJ,EAAmCN,GAAiB,CAAC,CAAC;AAAA,IACzE;AAGA,UAAMa,IAAc,MAAM,KAAK,OAAO,UAAU;AAAA,MAC9CJ;AAAA,MACAC;AAAA,IAAA;AAIF,QAAIG,EAAY,WAAWL,EAAa;AACtC,YAAM,IAAI;AAAA,QACR,YAAYA,EAAa,MAAM,8BAA8BK,EAAY,MAAM;AAAA,MAAA;AAKnF,UAAMC,IAGD,CAAA;AAEL,aAASC,IAAI,GAAGA,IAAIP,EAAa,QAAQO,KAAK;AAC5C,YAAMd,IAAkBU,EAAiBI,CAAC,GACpCC,IAAkBT;AAAA,QACtBM,EAAYE,CAAC;AAAA,QACbd;AAAA,MAAA;AAGF,MAAAa,EAAQ,KAAK;AAAA,QACX,iBAAAE;AAAA,QACA,oBAAoBf;AAAA,MAAA,CACrB;AAAA,IACH;AAEA,WAAOa;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBQ,sBACNG,GACAC,GACM;AACN,QAAI,CAACC,EAAWD,CAA4B;AAC1C,YAAM,IAAI;AAAA,QACR;AAAA,MAAA;AAIJ,UAAME,IAAiBC,EAAO;AAAA,MAC5BC,EAAeJ,CAA4B;AAAA,MAC3C;AAAA,IAAA,GAEIK,IAAWC,EAAY,QAAQF,EAAeL,CAAW,CAAC;AAEhE,QAAIM,EAAS,KAAK,WAAW;AAC3B,YAAM,IAAI,MAAM,mCAAmC;AASrD,QAAI,CAJkBA,EAAS,KAAK;AAAA,MAAO,CAACE,GAAKC,MAC/CA,EAAO,QAAQD,EAAI,QAAQC,IAASD;AAAA,IAAA,EAGnB,OAAO,OAAOL,CAAc;AAC7C,YAAM,IAAI;AAAA,QACR;AAAA,MAAA;AAAA,EAGN;AACF;ACpXA,MAAMO,IAA2B;AAuBjC,eAAsBC,EACpB7B,GACuB;AACvB,QAAM;AAAA,IACJ,cAAA8B;AAAA,IACA,WAAAC;AAAA,IACA,gBAAAC;AAAA,IACA,WAAAC;AAAA,IACA,gBAAAC,IAAiBN;AAAA,IACjB,QAAAO;AAAA,EAAA,IACEnC,GAEEoC,IAAY,KAAK,IAAA;AAEvB,aAAa;AACX,QAAID,KAAA,QAAAA,EAAQ;AACV,YAAM,IAAI;AAAA,QACR,6BAA6BJ,EAAU,MAAM,GAAG,CAAC,CAAC,cAAc,CAAC,GAAGC,CAAc,EAAE,KAAK,IAAI,CAAC;AAAA,MAAA;AAIlG,QAAI,KAAK,QAAQI,KAAaH;AAC5B,YAAM,IAAI;AAAA,QACR,yBAAyBA,CAAS,gBAAgBF,EAAU,MAAM,GAAG,CAAC,CAAC,cAAc,CAAC,GAAGC,CAAc,EAAE,KAAK,IAAI,CAAC;AAAA,MAAA;AAIvH,QAAI;AAMF,YAAMK,KALW,MAAMP,EAAa;AAAA,QAClC,EAAE,YAAYC,EAAA;AAAA,QACdI;AAAA,MAAA,GAGsB;AACxB,UAAIH,EAAe,IAAIK,CAAM;AAC3B,eAAOA;AAGT,UAAIC,EAAqB,IAAID,CAAM,KAAK,CAACL,EAAe,IAAIK,CAAM;AAChE,cAAM,IAAI;AAAA,UACR,SAASN,EAAU,MAAM,GAAG,CAAC,CAAC,8BAA8BM,CAAM,uBAAuB,CAAC,GAAGL,CAAc,EAAE,KAAK,IAAI,CAAC;AAAA,QAAA;AAAA,IAG7H,SAASO,GAAO;AAOd,UAAI,EAHDA,aAAiBC,KAChBD,EAAM,SAASE,EAAa,aAC7BF,aAAiB,SAASA,EAAM,QAAQ,SAAS,iBAAiB;AAEnE,cAAMA;AAAA,IAEV;AAGA,UAAM,IAAI,QAAc,CAACG,GAASC,MAAW;AAC3C,YAAMC,IAAU,MAAM;AACpB,qBAAaC,CAAS,GACtBF;AAAA,UACE,IAAI;AAAA,YACF,6BAA6BZ,EAAU,MAAM,GAAG,CAAC,CAAC,cAAc,CAAC,GAAGC,CAAc,EAAE,KAAK,IAAI,CAAC;AAAA,UAAA;AAAA,QAChG;AAAA,MAEJ,GACMa,IAAY,WAAW,MAAM;AACjC,QAAAV,KAAA,QAAAA,EAAQ,oBAAoB,SAASS,IACrCF,EAAA;AAAA,MACF,GAAGR,CAAc;AACjB,MAAAC,KAAA,QAAAA,EAAQ,iBAAiB,SAASS,GAAS,EAAE,MAAM;IACrD,CAAC;AAAA,EACH;AACF;AC1FA,MAAME,IAAyB,MAAS,KAGlCC,wBAAiD,IAAI;AAAA,EACzDC,EAAa;AAAA,EACb,GAAGC;AACL,CAAC;AAwBD,eAAsBC,GACpBlD,GACe;AACf,QAAM;AAAA,IACJ,cAAA8B;AAAA,IACA,eAAAqB;AAAA,IACA,WAAApB;AAAA,IACA,aAAAqB;AAAA,IACA,gBAAAC;AAAA,IACA,WAAApB,IAAYa;AAAA,IACZ,QAAAX;AAAA,EAAA,IACEnC;AAEJ,EAAAmC,KAAA,QAAAA,EAAQ;AAGR,QAAME,IAAS,MAAMR,EAAmB;AAAA,IACtC,cAAAC;AAAA,IACA,WAAAC;AAAA,IACA,gBAAgBgB;AAAA,IAChB,WAAAd;AAAA,IACA,QAAAE;AAAA,EAAA,CACD;AAGD,EAAIc,EAAmB,IAAIZ,CAAsB,MAIjDF,KAAA,QAAAA,EAAQ,kBAER,MAAMgB,EAAc;AAAA,IAClB;AAAA,MACE,YAAYpB;AAAA,MACZ,cAAcqB;AAAA,MACd,kBAAkBC;AAAA,IAAA;AAAA,IAEpBlB;AAAA,EAAA;AAEJ;AC3DA,MAAMmB,IAA0B;AAuBhC,SAASC,EACPC,GACAC,GACAC,GACM;AACN,QAAMC,IAAOC,EAAK,WAAWJ,CAAU,GACjCK,IAAgBF,EAAK,KACxB,eAAA,EACA,SAAS,KAAK,EACd,YAAA,GACGG,IAAqBvC,EAAekC,CAAa,EAAE,YAAA;AACzD,MAAII,MAAkBC;AACpB,UAAM,IAAI;AAAA,MACR,mCAAmCJ,CAAK;AAAA,IAAA;AAG5C,SAAOC;AACT;AAUA,SAASI,EAAiCJ,GAAkB;AAC1D,QAAMK,IAAQJ,EAAK,QAAQD,EAAK,OAAO;AACvC,aAAWM,KAASD,EAAM,KAAK;AAC7B,WAAOC,EAAM,oBACb,OAAOA,EAAM;AAEf,SAAOD;AACT;AAKA,SAASE,EACPV,GACAC,GACAC,GACQ;AACR,MAAI,CAACF;AACH,UAAM,IAAI,MAAM,WAAWE,CAAK,OAAO;AAEzC,QAAMC,IAAOJ,EAAmBC,GAAYC,GAAeC,CAAK;AAEhE,SADkBK,EAAiCJ,CAAI,EACtC,MAAA;AACnB;AAUA,SAASQ,EACPC,GACAC,GAC8B;AAC9B,QAAMC,IAAsB,CAAA,GACtB3D,IAAiC,CAAA,GACjC4D,IAAuC,CAAA,GAEvCC,IAAkBjE;AAAA,IACtB8D;AAAA,IACAf;AAAA,EAAA,GAIImB,IAAYP;AAAA,IAChBE,EAAe;AAAA,IACfA,EAAe,UAAU;AAAA,IACzB;AAAA,EAAA;AAEF,EAAAE,EAAU,KAAKG,CAAS,GACxB9D,EAAY,KAAK6D,CAAe;AAGhC,aAAWE,KAAcN,EAAe,yBAAyB;AAC/D,UAAMO,IAAmBpD,EAAemD,EAAW,iBAAiB,GAE9DE,IAAcN,EAAU,QACxBO,IAAcX;AAAA,MAClBQ,EAAW;AAAA,MACXA,EAAW,YAAY;AAAA,MACvB,wBAAwBC,CAAgB;AAAA,IAAA;AAE1C,IAAAL,EAAU,KAAKO,CAAW,GAC1BlE,EAAY,KAAK6D,CAAe,GAEhCD,EAAkB,KAAK;AAAA,MACrB,kBAAAI;AAAA,MACA,aAAAC;AAAA,IAAA,CACD;AAAA,EACH;AAEA,SAAO,EAAE,WAAAN,GAAW,aAAA3D,GAAa,mBAAA4D,EAAA;AACnC;AASA,SAASO,EACPC,GACAR,GACArE,GACiC;AACjC,QAAMe,IAAkBT;AAAA,IACtBuE,EAAgB,CAAC;AAAA,IACjB7E;AAAA,EAAA,GAGI8E,IAA+D,CAAA;AACrE,aAAWC,KAASV;AAClB,IAAAS,EAAcC,EAAM,gBAAgB,IAAI;AAAA,MACtC,oBAAoBzE;AAAA,QAClBuE,EAAgBE,EAAM,WAAW;AAAA,QACjC/E;AAAA,MAAA;AAAA,IACF;AAIJ,SAAO;AAAA,IACL,mBAAmB;AAAA,MACjB,kBAAkBe;AAAA,IAAA;AAAA,IAEpB,gBAAgB+D;AAAA,EAAA;AAEpB;AAMA,eAAeE,EACbC,GACAb,GACAc,GACmB;AACnB,MAAI,OAAOD,EAAO,aAAc;AAC9B,WAAOA,EAAO,UAAUb,GAAWc,CAAO;AAG5C,QAAMC,IAAmB,CAAA;AACzB,WAASrE,IAAI,GAAGA,IAAIsD,EAAU,QAAQtD;AACpC,IAAAqE,EAAO,KAAK,MAAMF,EAAO,SAASb,EAAUtD,CAAC,GAAGoE,KAAA,gBAAAA,EAAUpE,EAAE,CAAC;AAE/D,SAAOqE;AACT;AAwBA,eAAsBC,EACpBtF,GAC0C;AAC1C,QAAM,EAAE,gBAAAoE,GAAgB,oBAAAmB,GAAoB,WAAAC,EAAA,IAAcxF,GAEpDE,IAAkBqB,EAAegE,CAAkB,GACnDlB,IAAkB,MAAMmB,EAAU,gBAAA,GAGlC,EAAE,WAAAlB,GAAW,aAAA3D,GAAa,mBAAA4D,MAC9BJ,EAA2BC,GAAgBC,CAAe,GAGtDU,IAAkB,MAAMG;AAAA,IAC5BM;AAAA,IACAlB;AAAA,IACA3D;AAAA,EAAA;AAGF,MAAIoE,EAAgB,WAAWT,EAAU;AACvC,UAAM,IAAI;AAAA,MACR,mBAAmBS,EAAgB,MAAM,2BAA2BT,EAAU,MAAM;AAAA,IAAA;AAKxF,SAAOQ;AAAA,IACLC;AAAA,IACAR;AAAA,IACArE;AAAA,EAAA;AAEJ;ACxLA,MAAMuF,IAAyB,OAAU,KAGnCC,wBAAsD,IAAI;AAAA,EAC9D1C,EAAa;AAAA,EACbA,EAAa;AAAA,EACbA,EAAa;AACf,CAAC,GAEK2C,yBAA+C,IAAI;AAAA,EACvD3C,EAAa;AAAA,EACb,GAAG0C;AACL,CAAC;AAYD,SAASE,GACPC,GACuB;AACvB,SAAOA,EAAoB,IAAI,CAAChF,OAAQ;AAAA,IACtC,oBAAoBiF,EAAwBjF,EAAG,cAAc;AAAA,IAC7D,aAAaA,EAAG,UAAU;AAAA,IAC1B,aAAaA,EAAG,UAAU;AAAA,EAAA,EAC1B;AACJ;AAMA,SAASkF,GAAwBC,GAAgC;AAC/D,QAAM,EAAE,QAAArE,EAAA,IAAWsE,EAAQ,SAAS,KAAK;AAAA,IACvC,gBAAgB3E,EAAO,KAAK0E,GAAgB,KAAK;AAAA,EAAA,CAClD;AACD,MAAI,CAACrE;AACH,UAAM,IAAI,MAAM,2CAA2C;AAE7D,SAAOA,EAAO,SAAS,KAAK;AAC9B;AAUA,SAASuE,GACPC,GACAC,GACQ;AACR,QAAMC,IAAU9E,EAAe4E,CAAkB,EAAE,YAAA,GAC7CG,IAAW/E;AAAA,IACf6E,EAAQ;AAAA,EAAA,EACR,YAAA,GACIlG,IAAkBqB;AAAA,IACtB6E,EAAQ;AAAA,EAAA,EACR,YAAA;AAEF,MAAIC,MAAYC,KAAYD,MAAYnG;AACtC,WAAOkG,EAAQ;AAOjB,MAAI,CAHkBA,EAAQ,sBAAsB;AAAA,IAClD,CAACG,MAAOhF,EAAegF,CAAE,EAAE,kBAAkBF;AAAA,EAAA;AAG7C,UAAM,IAAI;AAAA,MACR,0BAA0BA,CAAO;AAAA,IAAA;AAMrC,SAAO,KADcN,GAAwBM,CAAO,CAC5B;AAC1B;AAEA,SAASG,EACP3F,GACAuF,GACA;AACA,SAAO;AAAA,IACL,aAAavF,EAAG;AAAA,IAChB,YAAYuF,EAAQ;AAAA,IACpB,aAAavF,EAAG;AAAA,IAChB,wBAAwBuF,EAAQ;AAAA,IAChC,uBAAuBA,EAAQ;AAAA,IAC/B,+BAA+BA,EAAQ;AAAA,IACvC,oBAAoBA,EAAQ;AAAA,IAC5B,eAAeA,EAAQ;AAAA,IACvB,8BAA8BF;AAAA,MAC5BrF,EAAG;AAAA,MACHuF;AAAA,IAAA;AAAA,EACF;AAEJ;AAMA,eAAeK,GACbjB,GACAY,GACA3F,GACAiG,GAC4C;AAC5C,QAAMC,IAAgB,IAAI9G,EAAc;AAAA,IACtC,SAASuG,EAAQ;AAAA,IACjB,WAAAZ;AAAA,EAAA,CACD,GAEKoB,IAAgBnG,EAAa;AACnC,EAAAiG,KAAA,QAAAA,EAAa,GAAGE;AAEhB,MAAIC;AAEJ,MAAIF,EAAc;AAIhB,IAAAE,KAHgB,MAAMF,EAAc;AAAA,MAClClG,EAAa,IAAI,CAACI,MAAO2F,EAAwB3F,GAAIuF,CAAO,CAAC;AAAA,IAAA,GAEpC,IAAI,CAACU,MAAMA,EAAE,eAAe;AAAA,OAClD;AACL,IAAAD,IAAmB,CAAA;AACnB,aAAS7F,IAAI,GAAGA,IAAIP,EAAa,QAAQO,KAAK;AAC5C,MAAA0F,KAAA,QAAAA,EAAa1F,GAAG4F;AAChB,YAAMG,IAAS,MAAMJ,EAAc;AAAA,QACjCH,EAAwB/F,EAAaO,CAAC,GAAGoF,CAAO;AAAA,MAAA;AAElD,MAAAS,EAAiB,KAAKE,EAAO,SAAS;AAAA,IACxC;AAAA,EACF;AAEA,QAAMC,IAAgD,CAAA;AACtD,WAAShG,IAAI,GAAGA,IAAIP,EAAa,QAAQO;AACvC,IAAAgG,EAAWvG,EAAaO,CAAC,EAAE,kBAAkB,IAAI;AAAA,MAC/C,kBAAkB6F,EAAiB7F,CAAC;AAAA,IAAA;AAIxC,SAAA0F,KAAA,QAAAA,EAAaE,GAAeA,IACrBI;AACT;AAcA,eAAsBC,GACpBjH,GACe;AACf,QAAM;AAAA,IACJ,cAAA8B;AAAA,IACA,eAAAoF;AAAA,IACA,WAAA1B;AAAA,IACA,WAAAzD;AAAA,IACA,aAAAqB;AAAA,IACA,gBAAA+D;AAAA,IACA,WAAAlF,IAAYwD;AAAA,IACZ,QAAAtD;AAAA,IACA,YAAAuE;AAAA,EAAA,IACE1G,GAGEqC,IAAS,MAAMR,EAAmB;AAAA,IACtC,cAAAC;AAAA,IACA,WAAAC;AAAA,IACA,gBAAgB4D;AAAA,IAChB,WAAA1D;AAAA,IACA,QAAAE;AAAA,EAAA,CACD;AAGD,MAAIuD,EAAqB,IAAIrD,CAAM;AACjC;AAGF,EAAAF,KAAA,QAAAA,EAAQ;AAGR,QAAMiF,IAAW,MAAMF,EAAc;AAAA,IACnC;AAAA,MACE,YAAYnF;AAAA,MACZ,cAAcqB;AAAA,IAAA;AAAA,IAEhBjB;AAAA,EAAA;AAGF,EAAAA,KAAA,QAAAA,EAAQ;AAOR,QAAMkF,IAAwBvB,EAAwB1C,CAAW,GAC3DkE,IAAkBF,EAAS,IAAI;AAAA,IACnC,CAACvG,MAAOiF,EAAwBjF,EAAG,cAAc,MAAMwG;AAAA,EAAA,GAEnDE,IAAuB3B,GAA8B0B,CAAe,GACpEE,IAAoB,MAAMf;AAAA,IAC9BjB;AAAA,IACA2B;AAAA,IACAI;AAAA,IACAb;AAAA,EAAA;AAGF,EAAAvE,KAAA,QAAAA,EAAQ;AAGR,QAAMsF,IAAgC,MAAMnC,EAAmB;AAAA,IAC7D,gBAAgB8B,EAAS;AAAA,IACzB,oBAAoBhE;AAAA,IACpB,WAAAoC;AAAA,EAAA,CACD;AAED,EAAArD,KAAA,QAAAA,EAAQ;AAIR,QAAMuF,IAAgB,EAAE,GAAGF,EAAA;AAC3B,EAAAE,EAAcnG,EAAe6B,CAAW,CAAC,IACvCqE,EAA8B,mBAEhC,MAAMP,EAAc;AAAA,IAClB;AAAA,MACE,YAAYnF;AAAA,MACZ,cAAcqB;AAAA,MACd,YAAYsE;AAAA,MACZ,iCAAiCD;AAAA,IAAA;AAAA,IAEnCtF;AAAA,EAAA;AAEJ;"}
+{"version":3,"file":"signAndSubmitPayouts-CAOEAQp9.js","sources":["../src/tbv/core/managers/PayoutManager.ts","../src/tbv/core/services/deposit/waitForPeginStatus.ts","../src/tbv/core/services/deposit/submitWotsPublicKey.ts","../src/tbv/core/services/deposit/signDepositorGraph.ts","../src/tbv/core/services/deposit/signAndSubmitPayouts.ts"],"sourcesContent":["/**\n * Payout Manager\n *\n * High-level manager that orchestrates the payout signing flow by coordinating\n * SDK primitives ({@link buildPayoutPsbt}, {@link extractPayoutSignature})\n * with a user-provided Bitcoin wallet.\n *\n * The Payout transaction references the Assert transaction (input 1).\n *\n * @see {@link PeginManager} - For Steps 1, 2, and 4 of peg-in flow\n * @see {@link buildPayoutPsbt} - Lower-level primitive for custom implementations\n * @see {@link extractPayoutSignature} - Extract signatures from signed PSBTs\n *\n * @module managers/PayoutManager\n */\n\nimport { Buffer } from \"buffer\";\n\nimport { Transaction } from \"bitcoinjs-lib\";\n\nimport type {\n  BitcoinWallet,\n  SignPsbtOptions,\n} from \"../../../shared/wallets\";\nimport { createTaprootScriptPathSignOptions } from \"../utils/signing\";\nimport {\n  buildPayoutPsbt,\n  extractPayoutSignature,\n  isValidHex,\n  stripHexPrefix,\n  validateWalletPubkey,\n  type Network,\n} from \"../primitives\";\n\n/**\n * Configuration for the PayoutManager.\n */\nexport interface PayoutManagerConfig {\n  /**\n   * Bitcoin network to use for transactions.\n   */\n  network: Network;\n\n  /**\n   * Bitcoin wallet for signing payout transactions.\n   */\n  btcWallet: BitcoinWallet;\n}\n\n/**\n * Base parameters shared by both payout transaction types.\n */\ninterface SignPayoutBaseParams {\n  /**\n   * Peg-in transaction hex.\n   * The original transaction that created the vault output being spent.\n   */\n  peginTxHex: string;\n\n  /**\n   * Vault provider's BTC public key (x-only, 64-char hex).\n   */\n  vaultProviderBtcPubkey: string;\n\n  /**\n   * Vault keeper BTC public keys (x-only, 64-char hex).\n   */\n  vaultKeeperBtcPubkeys: string[];\n\n  /**\n   * Universal challenger BTC public keys (x-only, 64-char hex).\n   */\n  universalChallengerBtcPubkeys: string[];\n\n  /**\n   * CSV timelock in blocks for the PegIn output.\n   */\n  timelockPegin: number;\n\n  /**\n   * Depositor's BTC public key (x-only, 64-char hex).\n   * This should be the public key that was used when creating the vault,\n   * as stored on-chain. If not provided, will be fetched from the wallet.\n   */\n  depositorBtcPubkey?: string;\n\n  /**\n   * The on-chain registered depositor payout scriptPubKey (hex, with or without 0x prefix).\n   * Used to validate that the VP-provided payout transaction actually pays to the\n   * correct depositor payout address before signing.\n   */\n  registeredPayoutScriptPubKey: string;\n}\n\n/**\n * Parameters for signing a Payout transaction.\n *\n * Payout is used in the challenge path after Assert, when the claimer proves validity.\n * Input 1 references the Assert transaction.\n */\nexport interface SignPayoutParams extends SignPayoutBaseParams {\n  /**\n   * Payout transaction hex (unsigned).\n   * This is the transaction from the vault provider that needs depositor signature.\n   */\n  payoutTxHex: string;\n\n  /**\n   * Assert transaction hex.\n   * Payout input 1 references Assert output 0.\n   */\n  assertTxHex: string;\n}\n\n/**\n * Result of signing a payout transaction.\n */\nexport interface PayoutSignatureResult {\n  /**\n   * 64-byte Schnorr signature (128 hex characters).\n   */\n  signature: string;\n\n  /**\n   * Depositor's BTC public key used for signing.\n   */\n  depositorBtcPubkey: string;\n}\n\n/**\n * High-level manager for payout transaction signing.\n *\n * @remarks\n * After registering your peg-in on Ethereum (Step 2), the vault provider prepares\n * claim/payout transaction pairs. You must sign each payout transaction using this\n * manager and submit the signatures to the vault provider's RPC API.\n *\n * **What happens internally:**\n * 1. Validates your wallet's public key matches the vault's depositor\n * 2. Builds an unsigned PSBT with taproot script path spend info\n * 3. Signs input 0 (the vault UTXO) with your wallet\n * 4. Extracts the 64-byte Schnorr signature\n *\n * **Note:** The payout transaction has 2 inputs. PayoutManager only signs input 0\n * (from the peg-in tx). Input 1 (from the assert tx) is signed by the vault provider.\n *\n * @see {@link PeginManager} - For the complete peg-in flow context\n * @see {@link buildPayoutPsbt} - Lower-level primitive used internally\n * @see {@link extractPayoutSignature} - Signature extraction primitive\n */\nexport class PayoutManager {\n  private readonly config: PayoutManagerConfig;\n\n  /**\n   * Creates a new PayoutManager instance.\n   *\n   * @param config - Manager configuration including wallet\n   */\n  constructor(config: PayoutManagerConfig) {\n    this.config = config;\n  }\n\n  /**\n   * Signs a Payout transaction and extracts the Schnorr signature.\n   *\n   * Flow:\n   * 1. Vault provider submits Claim transaction\n   * 2. Claimer submits Assert transaction to prove validity\n   * 3. Payout can be executed (references Assert tx)\n   *\n   * This method orchestrates the following steps:\n   * 1. Get wallet's public key and convert to x-only format\n   * 2. Validate wallet pubkey matches on-chain depositor pubkey (if provided)\n   * 3. Build unsigned PSBT using primitives\n   * 4. Sign PSBT via btcWallet.signPsbt()\n   * 5. Extract 64-byte Schnorr signature using primitives\n   *\n   * The returned signature can be submitted to the vault provider API.\n   *\n   * @param params - Payout signing parameters\n   * @returns Signature result with 64-byte Schnorr signature and depositor pubkey\n   * @throws Error if wallet pubkey doesn't match depositor pubkey\n   * @throws Error if wallet operations fail or signature extraction fails\n   */\n  async signPayoutTransaction(\n    params: SignPayoutParams,\n  ): Promise<PayoutSignatureResult> {\n    // Validate payout TX outputs pay to the registered depositor payout address\n    this.validatePayoutOutputs(\n      params.payoutTxHex,\n      params.registeredPayoutScriptPubKey,\n    );\n\n    // Validate wallet pubkey matches depositor and get both formats\n    const walletPubkeyRaw = await this.config.btcWallet.getPublicKeyHex();\n    const { depositorPubkey } = validateWalletPubkey(\n      walletPubkeyRaw,\n      params.depositorBtcPubkey,\n    );\n\n    // Build unsigned PSBT for Payout (uses Assert tx)\n    const payoutPsbt = await buildPayoutPsbt({\n      payoutTxHex: params.payoutTxHex,\n      peginTxHex: params.peginTxHex,\n      assertTxHex: params.assertTxHex,\n      depositorBtcPubkey: depositorPubkey,\n      vaultProviderBtcPubkey: params.vaultProviderBtcPubkey,\n      vaultKeeperBtcPubkeys: params.vaultKeeperBtcPubkeys,\n      universalChallengerBtcPubkeys: params.universalChallengerBtcPubkeys,\n      timelockPegin: params.timelockPegin,\n      network: this.config.network,\n    });\n\n    // Sign PSBT via wallet (Taproot script-path spend, input 0 only)\n    const signedPsbtHex = await this.config.btcWallet.signPsbt(\n      payoutPsbt.psbtHex,\n      createTaprootScriptPathSignOptions(walletPubkeyRaw, 1),\n    );\n\n    // Extract Schnorr signature\n    const signature = extractPayoutSignature(signedPsbtHex, depositorPubkey);\n\n    return {\n      signature,\n      depositorBtcPubkey: depositorPubkey,\n    };\n  }\n\n  /**\n   * Gets the configured Bitcoin network.\n   *\n   * @returns The Bitcoin network (mainnet, testnet, signet, regtest)\n   */\n  getNetwork(): Network {\n    return this.config.network;\n  }\n\n  /**\n   * Checks if the wallet supports batch signing (signPsbts).\n   *\n   * @returns true if batch signing is supported\n   */\n  supportsBatchSigning(): boolean {\n    return typeof this.config.btcWallet.signPsbts === \"function\";\n  }\n\n  /**\n   * Batch signs multiple payout transactions (1 per claimer).\n   * This allows signing all transactions with a single wallet interaction.\n   *\n   * @param transactions - Array of payout params to sign\n   * @returns Array of signature results matching input order\n   * @throws Error if wallet doesn't support batch signing\n   * @throws Error if any signing operation fails\n   */\n  async signPayoutTransactionsBatch(\n    transactions: SignPayoutParams[],\n  ): Promise<\n    Array<{\n      payoutSignature: string;\n      depositorBtcPubkey: string;\n    }>\n  > {\n    if (!this.supportsBatchSigning()) {\n      throw new Error(\n        \"Wallet does not support batch signing (signPsbts method not available)\",\n      );\n    }\n\n    // Get wallet pubkey once\n    const walletPubkeyRaw = await this.config.btcWallet.getPublicKeyHex();\n\n    // Build all PSBTs (1 per claimer)\n    const psbtsToSign: string[] = [];\n    const signOptions: SignPsbtOptions[] = [];\n    const depositorPubkeys: string[] = [];\n\n    for (const tx of transactions) {\n      // Validate payout TX outputs pay to the registered depositor payout address\n      this.validatePayoutOutputs(\n        tx.payoutTxHex,\n        tx.registeredPayoutScriptPubKey,\n      );\n\n      // Validate wallet pubkey matches depositor\n      const { depositorPubkey } = validateWalletPubkey(\n        walletPubkeyRaw,\n        tx.depositorBtcPubkey,\n      );\n      depositorPubkeys.push(depositorPubkey);\n\n      // Build Payout PSBT\n      const payoutPsbt = await buildPayoutPsbt({\n        payoutTxHex: tx.payoutTxHex,\n        peginTxHex: tx.peginTxHex,\n        assertTxHex: tx.assertTxHex,\n        depositorBtcPubkey: depositorPubkey,\n        vaultProviderBtcPubkey: tx.vaultProviderBtcPubkey,\n        vaultKeeperBtcPubkeys: tx.vaultKeeperBtcPubkeys,\n        universalChallengerBtcPubkeys: tx.universalChallengerBtcPubkeys,\n        timelockPegin: tx.timelockPegin,\n        network: this.config.network,\n      });\n      psbtsToSign.push(payoutPsbt.psbtHex);\n      signOptions.push(createTaprootScriptPathSignOptions(walletPubkeyRaw, 1));\n    }\n\n    // Batch sign all PSBTs with single wallet interaction\n    const signedPsbts = await this.config.btcWallet.signPsbts!(\n      psbtsToSign,\n      signOptions,\n    );\n\n    // Validate that wallet returned the expected number of signed PSBTs\n    if (signedPsbts.length !== transactions.length) {\n      throw new Error(\n        `Expected ${transactions.length} signed PSBTs but received ${signedPsbts.length}`,\n      );\n    }\n\n    // Extract signatures from signed PSBTs\n    const results: Array<{\n      payoutSignature: string;\n      depositorBtcPubkey: string;\n    }> = [];\n\n    for (let i = 0; i < transactions.length; i++) {\n      const depositorPubkey = depositorPubkeys[i];\n      const payoutSignature = extractPayoutSignature(\n        signedPsbts[i],\n        depositorPubkey,\n      );\n\n      results.push({\n        payoutSignature,\n        depositorBtcPubkey: depositorPubkey,\n      });\n    }\n\n    return results;\n  }\n\n  /**\n   * Validates that the payout transaction's largest output pays to the\n   * registered depositor payout address (scriptPubKey).\n   *\n   * This prevents two attack vectors from a malicious vault provider:\n   * 1. Substituting a completely different payout address\n   * 2. Including a dust output to the correct address while routing\n   *    the actual funds to an attacker-controlled address\n   *\n   * @param payoutTxHex - Raw payout transaction hex\n   * @param registeredPayoutScriptPubKey - On-chain registered scriptPubKey (hex, with or without 0x prefix)\n   * @throws Error if scriptPubKey is invalid hex\n   * @throws Error if the largest output does not pay to the registered address\n   */\n  private validatePayoutOutputs(\n    payoutTxHex: string,\n    registeredPayoutScriptPubKey: string,\n  ): void {\n    if (!isValidHex(registeredPayoutScriptPubKey)) {\n      throw new Error(\n        \"Invalid registeredPayoutScriptPubKey: not valid hex\",\n      );\n    }\n\n    const expectedScript = Buffer.from(\n      stripHexPrefix(registeredPayoutScriptPubKey),\n      \"hex\",\n    );\n    const payoutTx = Transaction.fromHex(stripHexPrefix(payoutTxHex));\n\n    if (payoutTx.outs.length === 0) {\n      throw new Error(\"Payout transaction has no outputs\");\n    }\n\n    // Find the largest output by value — this must pay to the registered address.\n    // A dust output to the correct address with funds routed elsewhere is rejected.\n    const largestOutput = payoutTx.outs.reduce((max, output) =>\n      output.value > max.value ? output : max,\n    );\n\n    if (!largestOutput.script.equals(expectedScript)) {\n      throw new Error(\n        \"Payout transaction does not pay to the registered depositor payout address\",\n      );\n    }\n  }\n}\n","/**\n * Poll `getPeginStatus` until the VP reaches one of the target statuses.\n *\n * Pure polling utility with no framework dependencies (no localStorage, no React).\n * Handles \"PegIn not found\" as transient (VP hasn't ingested yet).\n */\n\nimport { JsonRpcError } from \"../../clients/vault-provider/json-rpc-client\";\nimport {\n  RpcErrorCode,\n  VP_TERMINAL_STATUSES,\n  type DaemonStatus,\n} from \"../../clients/vault-provider/types\";\nimport type { PeginStatusReader } from \"./interfaces\";\n\n/** Default polling interval (10 seconds). */\nconst DEFAULT_POLL_INTERVAL_MS = 10_000;\n\nexport interface WaitForPeginStatusParams {\n  /** VP client implementing the status reader interface */\n  statusReader: PeginStatusReader;\n  /** BTC pegin transaction ID (unprefixed hex, 64 chars) */\n  peginTxid: string;\n  /** Set of acceptable statuses — polling stops when the VP reports one of these */\n  targetStatuses: ReadonlySet<DaemonStatus>;\n  /** Maximum time to wait in milliseconds */\n  timeoutMs: number;\n  /** Polling interval in milliseconds (default: 10s) */\n  pollIntervalMs?: number;\n  /** AbortSignal for cancellation */\n  signal?: AbortSignal;\n}\n\n/**\n * Poll `getPeginStatus` until the VP reaches one of the target statuses.\n *\n * @returns The DaemonStatus string that matched one of the targets\n * @throws Error on timeout, abort, or non-transient RPC error\n */\nexport async function waitForPeginStatus(\n  params: WaitForPeginStatusParams,\n): Promise<DaemonStatus> {\n  const {\n    statusReader,\n    peginTxid,\n    targetStatuses,\n    timeoutMs,\n    pollIntervalMs = DEFAULT_POLL_INTERVAL_MS,\n    signal,\n  } = params;\n\n  const startTime = Date.now();\n\n  while (true) {\n    if (signal?.aborted) {\n      throw new Error(\n        `Polling aborted for pegin ${peginTxid.slice(0, 8)}… (target: ${[...targetStatuses].join(\", \")})`,\n      );\n    }\n\n    if (Date.now() - startTime >= timeoutMs) {\n      throw new Error(\n        `Polling timeout after ${timeoutMs}ms for pegin ${peginTxid.slice(0, 8)}… (target: ${[...targetStatuses].join(\", \")})`,\n      );\n    }\n\n    try {\n      const response = await statusReader.getPeginStatus(\n        { pegin_txid: peginTxid },\n        signal,\n      );\n\n      const status = response.status as DaemonStatus;\n      if (targetStatuses.has(status)) {\n        return status;\n      }\n      // Fail fast on terminal statuses to avoid waiting for timeout\n      if (VP_TERMINAL_STATUSES.has(status) && !targetStatuses.has(status)) {\n        throw new Error(\n          `Pegin ${peginTxid.slice(0, 8)}… reached terminal status \"${status}\" while waiting for ${[...targetStatuses].join(\", \")}`,\n        );\n      }\n    } catch (error) {\n      // \"PegIn not found\" is transient — VP hasn't ingested the pegin yet.\n      // Check structured error code first, fall back to message matching.\n      const isNotFound =\n        (error instanceof JsonRpcError &&\n          error.code === RpcErrorCode.NOT_FOUND) ||\n        (error instanceof Error && error.message.includes(\"PegIn not found\"));\n      if (!isNotFound) {\n        throw error;\n      }\n    }\n\n    // Wait before next poll, with abort support\n    await new Promise<void>((resolve, reject) => {\n      const onAbort = () => {\n        clearTimeout(timeoutId);\n        reject(\n          new Error(\n            `Polling aborted for pegin ${peginTxid.slice(0, 8)}… (target: ${[...targetStatuses].join(\", \")})`,\n          ),\n        );\n      };\n      const timeoutId = setTimeout(() => {\n        signal?.removeEventListener(\"abort\", onAbort);\n        resolve();\n      }, pollIntervalMs);\n      signal?.addEventListener(\"abort\", onAbort, { once: true });\n    });\n  }\n}\n","/**\n * Submit pre-derived WOTS public keys to the vault provider.\n *\n * Polls `getPeginStatus` until the VP reaches `PendingDepositorWotsPK`,\n * then submits the keys. If the VP has already moved past WOTS step\n * (e.g., resume flow), submission is skipped.\n *\n * The caller is responsible for deriving WOTS keys externally using\n * `mnemonicToWotsSeed` + `deriveWotsBlockPublicKeys` from the SDK's\n * `tbv/core/wots` module.\n */\n\nimport {\n  DaemonStatus,\n  POST_WOTS_STATUSES,\n  type WotsBlockPublicKey,\n} from \"../../clients/vault-provider/types\";\nimport type { PeginStatusReader, WotsKeySubmitter } from \"./interfaces\";\nimport { waitForPeginStatus } from \"./waitForPeginStatus\";\n\n/** Maximum time to wait for VP to reach PendingDepositorWotsPK (5 min). */\nconst STATUS_POLL_TIMEOUT_MS = 5 * 60 * 1000;\n\n/** All statuses we accept — either ready for submission or already past it. */\nconst TARGET_STATUSES: ReadonlySet<DaemonStatus> = new Set([\n  DaemonStatus.PENDING_DEPOSITOR_WOTS_PK,\n  ...POST_WOTS_STATUSES,\n]);\n\nexport interface SubmitWotsPublicKeyParams {\n  /** VP client implementing the status reader interface */\n  statusReader: PeginStatusReader;\n  /** VP client implementing the WOTS key submission interface */\n  wotsSubmitter: WotsKeySubmitter;\n  /** BTC pegin transaction ID (unprefixed hex, 64 chars) */\n  peginTxid: string;\n  /** Depositor's x-only BTC public key (unprefixed hex, 64 chars) */\n  depositorPk: string;\n  /** Pre-derived WOTS block public keys (one per assert block) */\n  wotsPublicKeys: WotsBlockPublicKey[];\n  /** Maximum time to wait for VP to be ready (default: 5 min) */\n  timeoutMs?: number;\n  /** AbortSignal for cancellation */\n  signal?: AbortSignal;\n}\n\n/**\n * Submit WOTS public keys to the vault provider.\n *\n * @throws Error on timeout, abort, or RPC error\n */\nexport async function submitWotsPublicKey(\n  params: SubmitWotsPublicKeyParams,\n): Promise<void> {\n  const {\n    statusReader,\n    wotsSubmitter,\n    peginTxid,\n    depositorPk,\n    wotsPublicKeys,\n    timeoutMs = STATUS_POLL_TIMEOUT_MS,\n    signal,\n  } = params;\n\n  signal?.throwIfAborted();\n\n  // Wait until VP has ingested the pegin and is ready for the WOTS key.\n  const status = await waitForPeginStatus({\n    statusReader,\n    peginTxid,\n    targetStatuses: TARGET_STATUSES,\n    timeoutMs,\n    signal,\n  });\n\n  // Key was already submitted in a previous session (e.g. resume flow)\n  if (POST_WOTS_STATUSES.has(status)) {\n    return;\n  }\n\n  signal?.throwIfAborted();\n\n  await wotsSubmitter.submitDepositorWotsKey(\n    {\n      pegin_txid: peginTxid,\n      depositor_pk: depositorPk,\n      wots_public_keys: wotsPublicKeys,\n    },\n    signal,\n  );\n}\n","/**\n * Depositor Graph Signing Service\n *\n * Signs the depositor's own graph transactions (Payout, NoPayout per challenger)\n * using pre-built PSBTs from the vault provider.\n *\n * The VP returns unsigned PSBTs with prevouts, scripts, and taproot metadata\n * already embedded (BIP 174), so any standard PSBT-compatible signer can\n * produce signatures without extra context.\n *\n * Transaction counts: 1 Payout + N NoPayout = 1 + N total PSBTs\n *\n * @see btc-vault docs/pegin.md — \"Automatic Graph Creation & Presigning\"\n */\n\nimport { Psbt } from \"bitcoinjs-lib\";\n\nimport type { BitcoinWallet, SignPsbtOptions } from \"../../../../shared/wallets/interfaces\";\nimport type {\n  DepositorAsClaimerPresignatures,\n  DepositorGraphTransactions,\n  DepositorPreSigsPerChallenger,\n} from \"../../clients/vault-provider/types\";\nimport { extractPayoutSignature } from \"../../primitives/psbt/payout\";\nimport { stripHexPrefix } from \"../../primitives/utils/bitcoin\";\nimport { createTaprootScriptPathSignOptions } from \"../../utils/signing\";\n\n/**\n * Each payout/nopayout PSBT has exactly one input that needs signing.\n * Used to construct SignPsbtOptions for wallet.signPsbt().\n */\nconst SINGLE_PSBT_INPUT_COUNT = 1;\n\n/** Tracks which indices in the flat PSBT array belong to which challenger */\ninterface ChallengerEntry {\n  challengerPubkey: string;\n  noPayoutIdx: number;\n}\n\n/** Result of the collect phase — flat PSBT array with index mapping */\ninterface CollectedDepositorGraphPsbts {\n  psbtHexes: string[];\n  signOptions: SignPsbtOptions[];\n  challengerEntries: ChallengerEntry[];\n}\n\n// ============================================================================\n// PSBT verification — ensure pre-built PSBTs match advertised tx_hex\n// ============================================================================\n\n/**\n * Parse a base64-encoded PSBT and verify its unsigned transaction matches\n * the expected transaction hex. Catches VP serialization bugs.\n */\nfunction verifyAndParsePsbt(\n  psbtBase64: string,\n  expectedTxHex: string,\n  label: string,\n): Psbt {\n  const psbt = Psbt.fromBase64(psbtBase64);\n  const unsignedTxHex = psbt.data\n    .getTransaction()\n    .toString(\"hex\")\n    .toLowerCase();\n  const normalizedExpected = stripHexPrefix(expectedTxHex).toLowerCase();\n  if (unsignedTxHex !== normalizedExpected) {\n    throw new Error(\n      `PSBT integrity check failed for ${label}: unsigned transaction does not match tx_hex`,\n    );\n  }\n  return psbt;\n}\n\n/**\n * Sanitize a parsed PSBT for Taproot script-path signing.\n *\n * VP-provided PSBTs include tapBip32Derivation and tapMerkleRoot metadata\n * that causes some wallets (notably OKX) to ignore disableTweakSigner and\n * sign with a tweaked key. Stripping these fields forces the wallet to\n * rely solely on tapLeafScript for script-path signing.\n */\nfunction sanitizePsbtForScriptPathSigning(psbt: Psbt): Psbt {\n  const clone = Psbt.fromHex(psbt.toHex());\n  for (const input of clone.data.inputs) {\n    delete input.tapBip32Derivation;\n    delete input.tapMerkleRoot;\n  }\n  return clone;\n}\n\n/**\n * Validate, verify integrity, sanitize, and convert a PSBT to hex.\n */\nfunction validateAndConvertPsbt(\n  psbtBase64: string | undefined,\n  expectedTxHex: string,\n  label: string,\n): string {\n  if (!psbtBase64) {\n    throw new Error(`Missing ${label} PSBT`);\n  }\n  const psbt = verifyAndParsePsbt(psbtBase64, expectedTxHex, label);\n  const sanitized = sanitizePsbtForScriptPathSigning(psbt);\n  return sanitized.toHex();\n}\n\n// ============================================================================\n// Collect phase — decode pre-built PSBTs from VP response\n// ============================================================================\n\n/**\n * Collect all pre-built PSBTs from the depositor graph and track their indices.\n * Layout: [Payout, NoPayout_0, NoPayout_1, ...]\n */\nfunction collectDepositorGraphPsbts(\n  depositorGraph: DepositorGraphTransactions,\n  walletPublicKey: string,\n): CollectedDepositorGraphPsbts {\n  const psbtHexes: string[] = [];\n  const signOptions: SignPsbtOptions[] = [];\n  const challengerEntries: ChallengerEntry[] = [];\n\n  const singleInputOpts = createTaprootScriptPathSignOptions(\n    walletPublicKey,\n    SINGLE_PSBT_INPUT_COUNT,\n  );\n\n  // Index 0: Payout PSBT\n  const payoutHex = validateAndConvertPsbt(\n    depositorGraph.payout_psbt,\n    depositorGraph.payout_tx.tx_hex,\n    \"depositor payout\",\n  );\n  psbtHexes.push(payoutHex);\n  signOptions.push(singleInputOpts);\n\n  // Per-challenger: 1 NoPayout\n  for (const challenger of depositorGraph.challenger_presign_data) {\n    const challengerPubkey = stripHexPrefix(challenger.challenger_pubkey);\n\n    const noPayoutIdx = psbtHexes.length;\n    const noPayoutHex = validateAndConvertPsbt(\n      challenger.nopayout_psbt,\n      challenger.nopayout_tx.tx_hex,\n      `nopayout (challenger ${challengerPubkey})`,\n    );\n    psbtHexes.push(noPayoutHex);\n    signOptions.push(singleInputOpts);\n\n    challengerEntries.push({\n      challengerPubkey,\n      noPayoutIdx,\n    });\n  }\n\n  return { psbtHexes, signOptions, challengerEntries };\n}\n\n// ============================================================================\n// Extract phase\n// ============================================================================\n\n/**\n * Extract all signatures from signed PSBTs and assemble into presignatures.\n */\nfunction extractDepositorGraphSignatures(\n  signedPsbtHexes: string[],\n  challengerEntries: ChallengerEntry[],\n  depositorPubkey: string,\n): DepositorAsClaimerPresignatures {\n  const payoutSignature = extractPayoutSignature(\n    signedPsbtHexes[0],\n    depositorPubkey,\n  );\n\n  const perChallenger: Record<string, DepositorPreSigsPerChallenger> = {};\n  for (const entry of challengerEntries) {\n    perChallenger[entry.challengerPubkey] = {\n      nopayout_signature: extractPayoutSignature(\n        signedPsbtHexes[entry.noPayoutIdx],\n        depositorPubkey,\n      ),\n    };\n  }\n\n  return {\n    payout_signatures: {\n      payout_signature: payoutSignature,\n    },\n    per_challenger: perChallenger,\n  };\n}\n\n/**\n * Sign multiple PSBTs, using batch signing when the wallet supports it.\n * Falls back to sequential `signPsbt` calls for wallets without `signPsbts`.\n */\nasync function signPsbtsWithFallback(\n  wallet: BitcoinWallet,\n  psbtHexes: string[],\n  options?: SignPsbtOptions[],\n): Promise<string[]> {\n  if (typeof wallet.signPsbts === \"function\") {\n    return wallet.signPsbts(psbtHexes, options);\n  }\n\n  const signed: string[] = [];\n  for (let i = 0; i < psbtHexes.length; i++) {\n    signed.push(await wallet.signPsbt(psbtHexes[i], options?.[i]));\n  }\n  return signed;\n}\n\n// ============================================================================\n// Main entry point\n// ============================================================================\n\nexport interface SignDepositorGraphParams {\n  /** The depositor graph from VP response (contains pre-built PSBTs) */\n  depositorGraph: DepositorGraphTransactions;\n  /** Depositor's BTC public key (x-only, 64-char hex, no 0x prefix) */\n  depositorBtcPubkey: string;\n  /** Bitcoin wallet for signing */\n  btcWallet: BitcoinWallet;\n}\n\n/**\n * Sign all depositor graph transactions and assemble into presignatures.\n *\n * Flow:\n * 1. Collect pre-built PSBTs from VP response (base64 -> hex)\n * 2. Batch sign via wallet.signPsbts() if available, else sequential signPsbt()\n * 3. Extract Schnorr signatures from each signed PSBT\n * 4. Assemble into DepositorAsClaimerPresignatures\n */\nexport async function signDepositorGraph(\n  params: SignDepositorGraphParams,\n): Promise<DepositorAsClaimerPresignatures> {\n  const { depositorGraph, depositorBtcPubkey, btcWallet } = params;\n\n  const depositorPubkey = stripHexPrefix(depositorBtcPubkey);\n  const walletPublicKey = await btcWallet.getPublicKeyHex();\n\n  // 1. Collect pre-built PSBTs from VP response\n  const { psbtHexes, signOptions, challengerEntries } =\n    collectDepositorGraphPsbts(depositorGraph, walletPublicKey);\n\n  // 2. Sign all PSBTs (batch when supported, sequential fallback for mobile)\n  const signedPsbtHexes = await signPsbtsWithFallback(\n    btcWallet,\n    psbtHexes,\n    signOptions,\n  );\n\n  if (signedPsbtHexes.length !== psbtHexes.length) {\n    throw new Error(\n      `Wallet returned ${signedPsbtHexes.length} signed PSBTs, expected ${psbtHexes.length}`,\n    );\n  }\n\n  // 3. Extract signatures and assemble presignatures\n  return extractDepositorGraphSignatures(\n    signedPsbtHexes,\n    challengerEntries,\n    depositorPubkey,\n  );\n}\n","/**\n * Payout Signing Orchestration\n *\n * Polls VP for `PendingDepositorSignatures`, fetches presign transactions,\n * signs payouts via PayoutManager, signs the depositor graph, and submits\n * all signatures back to the VP.\n *\n * This is the main deposit protocol step between registration and activation.\n */\n\nimport type { Network } from \"@babylonlabs-io/babylon-tbv-rust-wasm\";\nimport * as bitcoin from \"bitcoinjs-lib\";\nimport { Buffer } from \"buffer\";\n\nimport type { BitcoinWallet } from \"../../../../shared/wallets/interfaces\";\nimport { DaemonStatus } from \"../../clients/vault-provider/types\";\nimport type {\n  ClaimerSignatures,\n  ClaimerTransactions,\n} from \"../../clients/vault-provider/types\";\nimport { PayoutManager } from \"../../managers/PayoutManager\";\nimport {\n  processPublicKeyToXOnly,\n  stripHexPrefix,\n} from \"../../primitives/utils/bitcoin\";\nimport type { PeginStatusReader, PresignClient } from \"./interfaces\";\nimport { signDepositorGraph } from \"./signDepositorGraph\";\nimport { waitForPeginStatus } from \"./waitForPeginStatus\";\n\n// ============================================================================\n// Types\n// ============================================================================\n\n/**\n * Context required for signing payout transactions.\n * Caller builds this from on-chain data (contract queries, GraphQL, config).\n */\nexport interface PayoutSigningContext {\n  /** Raw pegin BTC transaction hex (for PSBT construction) */\n  peginTxHex: string;\n  /** Vault provider's BTC public key (x-only hex, no prefix) */\n  vaultProviderBtcPubkey: string;\n  /** Sorted vault keeper BTC public keys (x-only hex, no prefix) */\n  vaultKeeperBtcPubkeys: string[];\n  /** Sorted universal challenger BTC public keys (x-only hex, no prefix) */\n  universalChallengerBtcPubkeys: string[];\n  /** Depositor's BTC public key (x-only hex, no prefix) */\n  depositorBtcPubkey: string;\n  /** Pegin timelock from the locked offchain params version */\n  timelockPegin: number;\n  /** BTC network (Mainnet, Testnet, etc.) */\n  network: Network;\n  /** On-chain registered depositor payout scriptPubKey (hex) */\n  registeredPayoutScriptPubKey: string;\n}\n\nexport interface PollAndSignPayoutsParams {\n  /** VP client implementing the status reader interface */\n  statusReader: PeginStatusReader;\n  /** VP client implementing the presign transaction flow interface */\n  presignClient: PresignClient;\n  /** Bitcoin wallet for signing */\n  btcWallet: BitcoinWallet;\n  /** BTC pegin transaction ID (unprefixed hex, 64 chars) */\n  peginTxid: string;\n  /** Depositor's x-only BTC public key (unprefixed hex, 64 chars) */\n  depositorPk: string;\n  /** Signing context built from on-chain data */\n  signingContext: PayoutSigningContext;\n  /** Maximum polling timeout in milliseconds (default: 20 min) */\n  timeoutMs?: number;\n  /** AbortSignal for cancellation */\n  signal?: AbortSignal;\n  /** Optional progress callback (completed claimers, total claimers) */\n  onProgress?: (completed: number, total: number) => void;\n}\n\n// ============================================================================\n// Constants\n// ============================================================================\n\n/** Maximum polling timeout (20 minutes) — VP may take 15-20 min to prepare. */\nconst MAX_POLLING_TIMEOUT_MS = 20 * 60 * 1000;\n\n/** Statuses after payout signatures are submitted — if VP is already here, skip. */\nconst POST_PAYOUT_STATUSES: ReadonlySet<DaemonStatus> = new Set([\n  DaemonStatus.PENDING_ACKS,\n  DaemonStatus.PENDING_ACTIVATION,\n  DaemonStatus.ACTIVATED,\n]);\n\nconst TARGET_STATUS: ReadonlySet<DaemonStatus> = new Set([\n  DaemonStatus.PENDING_DEPOSITOR_SIGNATURES,\n  ...POST_PAYOUT_STATUSES,\n]);\n\n// ============================================================================\n// Internal helpers\n// ============================================================================\n\ninterface PreparedTransaction {\n  claimerPubkeyXOnly: string;\n  payoutTxHex: string;\n  assertTxHex: string;\n}\n\nfunction prepareTransactionsForSigning(\n  claimerTransactions: ClaimerTransactions[],\n): PreparedTransaction[] {\n  return claimerTransactions.map((tx) => ({\n    claimerPubkeyXOnly: processPublicKeyToXOnly(tx.claimer_pubkey),\n    payoutTxHex: tx.payout_tx.tx_hex,\n    assertTxHex: tx.assert_tx.tx_hex,\n  }));\n}\n\n/**\n * Derive BIP-86 P2TR scriptPubKey hex from an x-only public key.\n * Requires bitcoinjs-lib ECC to be initialized by the caller.\n */\nfunction deriveBip86ScriptPubKey(xOnlyPubkeyHex: string): string {\n  const { output } = bitcoin.payments.p2tr({\n    internalPubkey: Buffer.from(xOnlyPubkeyHex, \"hex\"),\n  });\n  if (!output) {\n    throw new Error(\"Failed to derive BIP-86 P2TR scriptPubKey\");\n  }\n  return output.toString(\"hex\");\n}\n\n/**\n * Resolve the expected payout scriptPubKey for a given claimer.\n *\n * - VP/Depositor claimer: payout goes to the depositor's registered payout address\n * - VK claimer: payout goes to a BIP-86 P2TR address derived from the VK's pubkey\n *\n * Note: BIP-86 derivation for VK claimers requires bitcoinjs-lib's ECC to be initialized.\n */\nfunction resolvePayoutScriptPubKey(\n  claimerPubkeyXOnly: string,\n  context: PayoutSigningContext,\n): string {\n  const claimer = stripHexPrefix(claimerPubkeyXOnly).toLowerCase();\n  const vpPubkey = stripHexPrefix(\n    context.vaultProviderBtcPubkey,\n  ).toLowerCase();\n  const depositorPubkey = stripHexPrefix(\n    context.depositorBtcPubkey,\n  ).toLowerCase();\n\n  if (claimer === vpPubkey || claimer === depositorPubkey) {\n    return context.registeredPayoutScriptPubKey;\n  }\n\n  // Verify claimer is a known vault keeper\n  const isVaultKeeper = context.vaultKeeperBtcPubkeys.some(\n    (vk) => stripHexPrefix(vk).toLowerCase() === claimer,\n  );\n  if (!isVaultKeeper) {\n    throw new Error(\n      `Unknown claimer pubkey ${claimer}: not VP, depositor, or a registered vault keeper`,\n    );\n  }\n\n  // VK claimer: derive BIP-86 P2TR scriptPubKey from the VK's x-only pubkey\n  const scriptPubKey = deriveBip86ScriptPubKey(claimer);\n  return `0x${scriptPubKey}`;\n}\n\nfunction buildPayoutSigningInput(\n  tx: PreparedTransaction,\n  context: PayoutSigningContext,\n) {\n  return {\n    payoutTxHex: tx.payoutTxHex,\n    peginTxHex: context.peginTxHex,\n    assertTxHex: tx.assertTxHex,\n    vaultProviderBtcPubkey: context.vaultProviderBtcPubkey,\n    vaultKeeperBtcPubkeys: context.vaultKeeperBtcPubkeys,\n    universalChallengerBtcPubkeys: context.universalChallengerBtcPubkeys,\n    depositorBtcPubkey: context.depositorBtcPubkey,\n    timelockPegin: context.timelockPegin,\n    registeredPayoutScriptPubKey: resolvePayoutScriptPubKey(\n      tx.claimerPubkeyXOnly,\n      context,\n    ),\n  };\n}\n\n/**\n * Sign all payout transactions using PayoutManager.\n * Uses batch signing when wallet supports it, sequential otherwise.\n */\nasync function signPayoutTransactions(\n  btcWallet: BitcoinWallet,\n  context: PayoutSigningContext,\n  transactions: PreparedTransaction[],\n  onProgress?: (completed: number, total: number) => void,\n): Promise<Record<string, ClaimerSignatures>> {\n  const payoutManager = new PayoutManager({\n    network: context.network,\n    btcWallet,\n  });\n\n  const totalClaimers = transactions.length;\n  onProgress?.(0, totalClaimers);\n\n  let payoutSignatures: string[];\n\n  if (payoutManager.supportsBatchSigning()) {\n    const results = await payoutManager.signPayoutTransactionsBatch(\n      transactions.map((tx) => buildPayoutSigningInput(tx, context)),\n    );\n    payoutSignatures = results.map((r) => r.payoutSignature);\n  } else {\n    payoutSignatures = [];\n    for (let i = 0; i < transactions.length; i++) {\n      onProgress?.(i, totalClaimers);\n      const result = await payoutManager.signPayoutTransaction(\n        buildPayoutSigningInput(transactions[i], context),\n      );\n      payoutSignatures.push(result.signature);\n    }\n  }\n\n  const signatures: Record<string, ClaimerSignatures> = {};\n  for (let i = 0; i < transactions.length; i++) {\n    signatures[transactions[i].claimerPubkeyXOnly] = {\n      payout_signature: payoutSignatures[i],\n    };\n  }\n\n  onProgress?.(totalClaimers, totalClaimers);\n  return signatures;\n}\n\n// ============================================================================\n// Main entry point\n// ============================================================================\n\n/**\n * Poll for payout transactions, sign them, sign the depositor graph,\n * and submit all signatures to the vault provider.\n *\n * This is the main deposit protocol step between registration and activation.\n *\n * @throws Error on timeout, abort, signing failure, or RPC error\n */\nexport async function pollAndSignPayouts(\n  params: PollAndSignPayoutsParams,\n): Promise<void> {\n  const {\n    statusReader,\n    presignClient,\n    btcWallet,\n    peginTxid,\n    depositorPk,\n    signingContext,\n    timeoutMs = MAX_POLLING_TIMEOUT_MS,\n    signal,\n    onProgress,\n  } = params;\n\n  // Phase 1: Poll until VP is ready for depositor signatures (or already past)\n  const status = await waitForPeginStatus({\n    statusReader,\n    peginTxid,\n    targetStatuses: TARGET_STATUS,\n    timeoutMs,\n    signal,\n  });\n\n  // Resume-safe: if VP already moved past payout signing, nothing to do\n  if (POST_PAYOUT_STATUSES.has(status)) {\n    return;\n  }\n\n  signal?.throwIfAborted();\n\n  // Phase 2: Fetch presign transactions\n  const response = await presignClient.requestDepositorPresignTransactions(\n    {\n      pegin_txid: peginTxid,\n      depositor_pk: depositorPk,\n    },\n    signal,\n  );\n\n  signal?.throwIfAborted();\n\n  // Phase 3: Sign VP/VK claimer payout transactions\n  // Filter out the depositor's own claimer entry — its payout is signed\n  // separately via signDepositorGraph (Phase 4) using VP-provided PSBTs.\n  // Including it here would cause a redundant wallet signing prompt whose\n  // result is discarded when the depositor graph signature overwrites it.\n  const depositorPkNormalized = processPublicKeyToXOnly(depositorPk);\n  const nonDepositorTxs = response.txs.filter(\n    (tx) => processPublicKeyToXOnly(tx.claimer_pubkey) !== depositorPkNormalized,\n  );\n  const preparedTransactions = prepareTransactionsForSigning(nonDepositorTxs);\n  const claimerSignatures = await signPayoutTransactions(\n    btcWallet,\n    signingContext,\n    preparedTransactions,\n    onProgress,\n  );\n\n  signal?.throwIfAborted();\n\n  // Phase 4: Sign depositor-as-claimer graph\n  const depositorClaimerPresignatures = await signDepositorGraph({\n    depositorGraph: response.depositor_graph,\n    depositorBtcPubkey: depositorPk,\n    btcWallet,\n  });\n\n  signal?.throwIfAborted();\n\n  // Phase 5: Submit all signatures to VP\n  // Include depositor's own payout signature in the signatures map\n  const allSignatures = { ...claimerSignatures };\n  allSignatures[stripHexPrefix(depositorPk)] =\n    depositorClaimerPresignatures.payout_signatures;\n\n  await presignClient.submitDepositorPresignatures(\n    {\n      pegin_txid: peginTxid,\n      depositor_pk: depositorPk,\n      signatures: allSignatures,\n      depositor_claimer_presignatures: depositorClaimerPresignatures,\n    },\n    signal,\n  );\n}\n"],"names":["PayoutManager","config","__publicField","params","walletPubkeyRaw","depositorPubkey","validateWalletPubkey","payoutPsbt","buildPayoutPsbt","signedPsbtHex","createTaprootScriptPathSignOptions","extractPayoutSignature","transactions","psbtsToSign","signOptions","depositorPubkeys","tx","signedPsbts","results","i","payoutSignature","payoutTxHex","registeredPayoutScriptPubKey","isValidHex","expectedScript","Buffer","stripHexPrefix","payoutTx","Transaction","max","output","DEFAULT_POLL_INTERVAL_MS","waitForPeginStatus","statusReader","peginTxid","targetStatuses","timeoutMs","pollIntervalMs","signal","startTime","status","VP_TERMINAL_STATUSES","error","JsonRpcError","RpcErrorCode","resolve","reject","onAbort","timeoutId","STATUS_POLL_TIMEOUT_MS","TARGET_STATUSES","DaemonStatus","POST_WOTS_STATUSES","submitWotsPublicKey","wotsSubmitter","depositorPk","wotsPublicKeys","SINGLE_PSBT_INPUT_COUNT","verifyAndParsePsbt","psbtBase64","expectedTxHex","label","psbt","Psbt","unsignedTxHex","normalizedExpected","sanitizePsbtForScriptPathSigning","clone","input","validateAndConvertPsbt","collectDepositorGraphPsbts","depositorGraph","walletPublicKey","psbtHexes","challengerEntries","singleInputOpts","payoutHex","challenger","challengerPubkey","noPayoutIdx","noPayoutHex","extractDepositorGraphSignatures","signedPsbtHexes","perChallenger","entry","signPsbtsWithFallback","wallet","options","signed","signDepositorGraph","depositorBtcPubkey","btcWallet","MAX_POLLING_TIMEOUT_MS","POST_PAYOUT_STATUSES","TARGET_STATUS","prepareTransactionsForSigning","claimerTransactions","processPublicKeyToXOnly","deriveBip86ScriptPubKey","xOnlyPubkeyHex","bitcoin","resolvePayoutScriptPubKey","claimerPubkeyXOnly","context","claimer","vpPubkey","vk","buildPayoutSigningInput","signPayoutTransactions","onProgress","payoutManager","totalClaimers","payoutSignatures","r","result","signatures","pollAndSignPayouts","presignClient","signingContext","response","depositorPkNormalized","nonDepositorTxs","preparedTransactions","claimerSignatures","depositorClaimerPresignatures","allSignatures"],"mappings":";;;;;;;;;;;AAsJO,MAAMA,EAAc;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQzB,YAAYC,GAA6B;AAPxB,IAAAC,EAAA;AAQf,SAAK,SAASD;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAwBA,MAAM,sBACJE,GACgC;AAEhC,SAAK;AAAA,MACHA,EAAO;AAAA,MACPA,EAAO;AAAA,IAAA;AAIT,UAAMC,IAAkB,MAAM,KAAK,OAAO,UAAU,gBAAA,GAC9C,EAAE,iBAAAC,MAAoBC;AAAA,MAC1BF;AAAA,MACAD,EAAO;AAAA,IAAA,GAIHI,IAAa,MAAMC,EAAgB;AAAA,MACvC,aAAaL,EAAO;AAAA,MACpB,YAAYA,EAAO;AAAA,MACnB,aAAaA,EAAO;AAAA,MACpB,oBAAoBE;AAAA,MACpB,wBAAwBF,EAAO;AAAA,MAC/B,uBAAuBA,EAAO;AAAA,MAC9B,+BAA+BA,EAAO;AAAA,MACtC,eAAeA,EAAO;AAAA,MACtB,SAAS,KAAK,OAAO;AAAA,IAAA,CACtB,GAGKM,IAAgB,MAAM,KAAK,OAAO,UAAU;AAAA,MAChDF,EAAW;AAAA,MACXG,EAAmCN,GAAiB,CAAC;AAAA,IAAA;AAMvD,WAAO;AAAA,MACL,WAHgBO,EAAuBF,GAAeJ,CAAe;AAAA,MAIrE,oBAAoBA;AAAA,IAAA;AAAA,EAExB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,aAAsB;AACpB,WAAO,KAAK,OAAO;AAAA,EACrB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,uBAAgC;AAC9B,WAAO,OAAO,KAAK,OAAO,UAAU,aAAc;AAAA,EACpD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,MAAM,4BACJO,GAMA;AACA,QAAI,CAAC,KAAK;AACR,YAAM,IAAI;AAAA,QACR;AAAA,MAAA;AAKJ,UAAMR,IAAkB,MAAM,KAAK,OAAO,UAAU,gBAAA,GAG9CS,IAAwB,CAAA,GACxBC,IAAiC,CAAA,GACjCC,IAA6B,CAAA;AAEnC,eAAWC,KAAMJ,GAAc;AAE7B,WAAK;AAAA,QACHI,EAAG;AAAA,QACHA,EAAG;AAAA,MAAA;AAIL,YAAM,EAAE,iBAAAX,MAAoBC;AAAA,QAC1BF;AAAA,QACAY,EAAG;AAAA,MAAA;AAEL,MAAAD,EAAiB,KAAKV,CAAe;AAGrC,YAAME,IAAa,MAAMC,EAAgB;AAAA,QACvC,aAAaQ,EAAG;AAAA,QAChB,YAAYA,EAAG;AAAA,QACf,aAAaA,EAAG;AAAA,QAChB,oBAAoBX;AAAA,QACpB,wBAAwBW,EAAG;AAAA,QAC3B,uBAAuBA,EAAG;AAAA,QAC1B,+BAA+BA,EAAG;AAAA,QAClC,eAAeA,EAAG;AAAA,QAClB,SAAS,KAAK,OAAO;AAAA,MAAA,CACtB;AACD,MAAAH,EAAY,KAAKN,EAAW,OAAO,GACnCO,EAAY,KAAKJ,EAAmCN,GAAiB,CAAC,CAAC;AAAA,IACzE;AAGA,UAAMa,IAAc,MAAM,KAAK,OAAO,UAAU;AAAA,MAC9CJ;AAAA,MACAC;AAAA,IAAA;AAIF,QAAIG,EAAY,WAAWL,EAAa;AACtC,YAAM,IAAI;AAAA,QACR,YAAYA,EAAa,MAAM,8BAA8BK,EAAY,MAAM;AAAA,MAAA;AAKnF,UAAMC,IAGD,CAAA;AAEL,aAASC,IAAI,GAAGA,IAAIP,EAAa,QAAQO,KAAK;AAC5C,YAAMd,IAAkBU,EAAiBI,CAAC,GACpCC,IAAkBT;AAAA,QACtBM,EAAYE,CAAC;AAAA,QACbd;AAAA,MAAA;AAGF,MAAAa,EAAQ,KAAK;AAAA,QACX,iBAAAE;AAAA,QACA,oBAAoBf;AAAA,MAAA,CACrB;AAAA,IACH;AAEA,WAAOa;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBQ,sBACNG,GACAC,GACM;AACN,QAAI,CAACC,EAAWD,CAA4B;AAC1C,YAAM,IAAI;AAAA,QACR;AAAA,MAAA;AAIJ,UAAME,IAAiBC,EAAO;AAAA,MAC5BC,EAAeJ,CAA4B;AAAA,MAC3C;AAAA,IAAA,GAEIK,IAAWC,EAAY,QAAQF,EAAeL,CAAW,CAAC;AAEhE,QAAIM,EAAS,KAAK,WAAW;AAC3B,YAAM,IAAI,MAAM,mCAAmC;AASrD,QAAI,CAJkBA,EAAS,KAAK;AAAA,MAAO,CAACE,GAAKC,MAC/CA,EAAO,QAAQD,EAAI,QAAQC,IAASD;AAAA,IAAA,EAGnB,OAAO,OAAOL,CAAc;AAC7C,YAAM,IAAI;AAAA,QACR;AAAA,MAAA;AAAA,EAGN;AACF;ACpXA,MAAMO,IAA2B;AAuBjC,eAAsBC,EACpB7B,GACuB;AACvB,QAAM;AAAA,IACJ,cAAA8B;AAAA,IACA,WAAAC;AAAA,IACA,gBAAAC;AAAA,IACA,WAAAC;AAAA,IACA,gBAAAC,IAAiBN;AAAA,IACjB,QAAAO;AAAA,EAAA,IACEnC,GAEEoC,IAAY,KAAK,IAAA;AAEvB,aAAa;AACX,QAAID,KAAA,QAAAA,EAAQ;AACV,YAAM,IAAI;AAAA,QACR,6BAA6BJ,EAAU,MAAM,GAAG,CAAC,CAAC,cAAc,CAAC,GAAGC,CAAc,EAAE,KAAK,IAAI,CAAC;AAAA,MAAA;AAIlG,QAAI,KAAK,QAAQI,KAAaH;AAC5B,YAAM,IAAI;AAAA,QACR,yBAAyBA,CAAS,gBAAgBF,EAAU,MAAM,GAAG,CAAC,CAAC,cAAc,CAAC,GAAGC,CAAc,EAAE,KAAK,IAAI,CAAC;AAAA,MAAA;AAIvH,QAAI;AAMF,YAAMK,KALW,MAAMP,EAAa;AAAA,QAClC,EAAE,YAAYC,EAAA;AAAA,QACdI;AAAA,MAAA,GAGsB;AACxB,UAAIH,EAAe,IAAIK,CAAM;AAC3B,eAAOA;AAGT,UAAIC,EAAqB,IAAID,CAAM,KAAK,CAACL,EAAe,IAAIK,CAAM;AAChE,cAAM,IAAI;AAAA,UACR,SAASN,EAAU,MAAM,GAAG,CAAC,CAAC,8BAA8BM,CAAM,uBAAuB,CAAC,GAAGL,CAAc,EAAE,KAAK,IAAI,CAAC;AAAA,QAAA;AAAA,IAG7H,SAASO,GAAO;AAOd,UAAI,EAHDA,aAAiBC,KAChBD,EAAM,SAASE,EAAa,aAC7BF,aAAiB,SAASA,EAAM,QAAQ,SAAS,iBAAiB;AAEnE,cAAMA;AAAA,IAEV;AAGA,UAAM,IAAI,QAAc,CAACG,GAASC,MAAW;AAC3C,YAAMC,IAAU,MAAM;AACpB,qBAAaC,CAAS,GACtBF;AAAA,UACE,IAAI;AAAA,YACF,6BAA6BZ,EAAU,MAAM,GAAG,CAAC,CAAC,cAAc,CAAC,GAAGC,CAAc,EAAE,KAAK,IAAI,CAAC;AAAA,UAAA;AAAA,QAChG;AAAA,MAEJ,GACMa,IAAY,WAAW,MAAM;AACjC,QAAAV,KAAA,QAAAA,EAAQ,oBAAoB,SAASS,IACrCF,EAAA;AAAA,MACF,GAAGR,CAAc;AACjB,MAAAC,KAAA,QAAAA,EAAQ,iBAAiB,SAASS,GAAS,EAAE,MAAM;IACrD,CAAC;AAAA,EACH;AACF;AC1FA,MAAME,IAAyB,MAAS,KAGlCC,wBAAiD,IAAI;AAAA,EACzDC,EAAa;AAAA,EACb,GAAGC;AACL,CAAC;AAwBD,eAAsBC,GACpBlD,GACe;AACf,QAAM;AAAA,IACJ,cAAA8B;AAAA,IACA,eAAAqB;AAAA,IACA,WAAApB;AAAA,IACA,aAAAqB;AAAA,IACA,gBAAAC;AAAA,IACA,WAAApB,IAAYa;AAAA,IACZ,QAAAX;AAAA,EAAA,IACEnC;AAEJ,EAAAmC,KAAA,QAAAA,EAAQ;AAGR,QAAME,IAAS,MAAMR,EAAmB;AAAA,IACtC,cAAAC;AAAA,IACA,WAAAC;AAAA,IACA,gBAAgBgB;AAAA,IAChB,WAAAd;AAAA,IACA,QAAAE;AAAA,EAAA,CACD;AAGD,EAAIc,EAAmB,IAAIZ,CAAM,MAIjCF,KAAA,QAAAA,EAAQ,kBAER,MAAMgB,EAAc;AAAA,IAClB;AAAA,MACE,YAAYpB;AAAA,MACZ,cAAcqB;AAAA,MACd,kBAAkBC;AAAA,IAAA;AAAA,IAEpBlB;AAAA,EAAA;AAEJ;AC3DA,MAAMmB,IAA0B;AAuBhC,SAASC,EACPC,GACAC,GACAC,GACM;AACN,QAAMC,IAAOC,EAAK,WAAWJ,CAAU,GACjCK,IAAgBF,EAAK,KACxB,eAAA,EACA,SAAS,KAAK,EACd,YAAA,GACGG,IAAqBvC,EAAekC,CAAa,EAAE,YAAA;AACzD,MAAII,MAAkBC;AACpB,UAAM,IAAI;AAAA,MACR,mCAAmCJ,CAAK;AAAA,IAAA;AAG5C,SAAOC;AACT;AAUA,SAASI,EAAiCJ,GAAkB;AAC1D,QAAMK,IAAQJ,EAAK,QAAQD,EAAK,OAAO;AACvC,aAAWM,KAASD,EAAM,KAAK;AAC7B,WAAOC,EAAM,oBACb,OAAOA,EAAM;AAEf,SAAOD;AACT;AAKA,SAASE,EACPV,GACAC,GACAC,GACQ;AACR,MAAI,CAACF;AACH,UAAM,IAAI,MAAM,WAAWE,CAAK,OAAO;AAEzC,QAAMC,IAAOJ,EAAmBC,GAAYC,GAAeC,CAAK;AAEhE,SADkBK,EAAiCJ,CAAI,EACtC,MAAA;AACnB;AAUA,SAASQ,EACPC,GACAC,GAC8B;AAC9B,QAAMC,IAAsB,CAAA,GACtB3D,IAAiC,CAAA,GACjC4D,IAAuC,CAAA,GAEvCC,IAAkBjE;AAAA,IACtB8D;AAAA,IACAf;AAAA,EAAA,GAIImB,IAAYP;AAAA,IAChBE,EAAe;AAAA,IACfA,EAAe,UAAU;AAAA,IACzB;AAAA,EAAA;AAEF,EAAAE,EAAU,KAAKG,CAAS,GACxB9D,EAAY,KAAK6D,CAAe;AAGhC,aAAWE,KAAcN,EAAe,yBAAyB;AAC/D,UAAMO,IAAmBpD,EAAemD,EAAW,iBAAiB,GAE9DE,IAAcN,EAAU,QACxBO,IAAcX;AAAA,MAClBQ,EAAW;AAAA,MACXA,EAAW,YAAY;AAAA,MACvB,wBAAwBC,CAAgB;AAAA,IAAA;AAE1C,IAAAL,EAAU,KAAKO,CAAW,GAC1BlE,EAAY,KAAK6D,CAAe,GAEhCD,EAAkB,KAAK;AAAA,MACrB,kBAAAI;AAAA,MACA,aAAAC;AAAA,IAAA,CACD;AAAA,EACH;AAEA,SAAO,EAAE,WAAAN,GAAW,aAAA3D,GAAa,mBAAA4D,EAAA;AACnC;AASA,SAASO,EACPC,GACAR,GACArE,GACiC;AACjC,QAAMe,IAAkBT;AAAA,IACtBuE,EAAgB,CAAC;AAAA,IACjB7E;AAAA,EAAA,GAGI8E,IAA+D,CAAA;AACrE,aAAWC,KAASV;AAClB,IAAAS,EAAcC,EAAM,gBAAgB,IAAI;AAAA,MACtC,oBAAoBzE;AAAA,QAClBuE,EAAgBE,EAAM,WAAW;AAAA,QACjC/E;AAAA,MAAA;AAAA,IACF;AAIJ,SAAO;AAAA,IACL,mBAAmB;AAAA,MACjB,kBAAkBe;AAAA,IAAA;AAAA,IAEpB,gBAAgB+D;AAAA,EAAA;AAEpB;AAMA,eAAeE,EACbC,GACAb,GACAc,GACmB;AACnB,MAAI,OAAOD,EAAO,aAAc;AAC9B,WAAOA,EAAO,UAAUb,GAAWc,CAAO;AAG5C,QAAMC,IAAmB,CAAA;AACzB,WAASrE,IAAI,GAAGA,IAAIsD,EAAU,QAAQtD;AACpC,IAAAqE,EAAO,KAAK,MAAMF,EAAO,SAASb,EAAUtD,CAAC,GAAGoE,KAAA,gBAAAA,EAAUpE,EAAE,CAAC;AAE/D,SAAOqE;AACT;AAwBA,eAAsBC,EACpBtF,GAC0C;AAC1C,QAAM,EAAE,gBAAAoE,GAAgB,oBAAAmB,GAAoB,WAAAC,EAAA,IAAcxF,GAEpDE,IAAkBqB,EAAegE,CAAkB,GACnDlB,IAAkB,MAAMmB,EAAU,gBAAA,GAGlC,EAAE,WAAAlB,GAAW,aAAA3D,GAAa,mBAAA4D,MAC9BJ,EAA2BC,GAAgBC,CAAe,GAGtDU,IAAkB,MAAMG;AAAA,IAC5BM;AAAA,IACAlB;AAAA,IACA3D;AAAA,EAAA;AAGF,MAAIoE,EAAgB,WAAWT,EAAU;AACvC,UAAM,IAAI;AAAA,MACR,mBAAmBS,EAAgB,MAAM,2BAA2BT,EAAU,MAAM;AAAA,IAAA;AAKxF,SAAOQ;AAAA,IACLC;AAAA,IACAR;AAAA,IACArE;AAAA,EAAA;AAEJ;ACxLA,MAAMuF,IAAyB,OAAU,KAGnCC,wBAAsD,IAAI;AAAA,EAC9D1C,EAAa;AAAA,EACbA,EAAa;AAAA,EACbA,EAAa;AACf,CAAC,GAEK2C,yBAA+C,IAAI;AAAA,EACvD3C,EAAa;AAAA,EACb,GAAG0C;AACL,CAAC;AAYD,SAASE,GACPC,GACuB;AACvB,SAAOA,EAAoB,IAAI,CAAChF,OAAQ;AAAA,IACtC,oBAAoBiF,EAAwBjF,EAAG,cAAc;AAAA,IAC7D,aAAaA,EAAG,UAAU;AAAA,IAC1B,aAAaA,EAAG,UAAU;AAAA,EAAA,EAC1B;AACJ;AAMA,SAASkF,GAAwBC,GAAgC;AAC/D,QAAM,EAAE,QAAArE,EAAA,IAAWsE,EAAQ,SAAS,KAAK;AAAA,IACvC,gBAAgB3E,EAAO,KAAK0E,GAAgB,KAAK;AAAA,EAAA,CAClD;AACD,MAAI,CAACrE;AACH,UAAM,IAAI,MAAM,2CAA2C;AAE7D,SAAOA,EAAO,SAAS,KAAK;AAC9B;AAUA,SAASuE,GACPC,GACAC,GACQ;AACR,QAAMC,IAAU9E,EAAe4E,CAAkB,EAAE,YAAA,GAC7CG,IAAW/E;AAAA,IACf6E,EAAQ;AAAA,EAAA,EACR,YAAA,GACIlG,IAAkBqB;AAAA,IACtB6E,EAAQ;AAAA,EAAA,EACR,YAAA;AAEF,MAAIC,MAAYC,KAAYD,MAAYnG;AACtC,WAAOkG,EAAQ;AAOjB,MAAI,CAHkBA,EAAQ,sBAAsB;AAAA,IAClD,CAACG,MAAOhF,EAAegF,CAAE,EAAE,kBAAkBF;AAAA,EAAA;AAG7C,UAAM,IAAI;AAAA,MACR,0BAA0BA,CAAO;AAAA,IAAA;AAMrC,SAAO,KADcN,GAAwBM,CAAO,CAC5B;AAC1B;AAEA,SAASG,EACP3F,GACAuF,GACA;AACA,SAAO;AAAA,IACL,aAAavF,EAAG;AAAA,IAChB,YAAYuF,EAAQ;AAAA,IACpB,aAAavF,EAAG;AAAA,IAChB,wBAAwBuF,EAAQ;AAAA,IAChC,uBAAuBA,EAAQ;AAAA,IAC/B,+BAA+BA,EAAQ;AAAA,IACvC,oBAAoBA,EAAQ;AAAA,IAC5B,eAAeA,EAAQ;AAAA,IACvB,8BAA8BF;AAAA,MAC5BrF,EAAG;AAAA,MACHuF;AAAA,IAAA;AAAA,EACF;AAEJ;AAMA,eAAeK,GACbjB,GACAY,GACA3F,GACAiG,GAC4C;AAC5C,QAAMC,IAAgB,IAAI9G,EAAc;AAAA,IACtC,SAASuG,EAAQ;AAAA,IACjB,WAAAZ;AAAA,EAAA,CACD,GAEKoB,IAAgBnG,EAAa;AACnC,EAAAiG,KAAA,QAAAA,EAAa,GAAGE;AAEhB,MAAIC;AAEJ,MAAIF,EAAc;AAIhB,IAAAE,KAHgB,MAAMF,EAAc;AAAA,MAClClG,EAAa,IAAI,CAACI,MAAO2F,EAAwB3F,GAAIuF,CAAO,CAAC;AAAA,IAAA,GAEpC,IAAI,CAACU,MAAMA,EAAE,eAAe;AAAA,OAClD;AACL,IAAAD,IAAmB,CAAA;AACnB,aAAS7F,IAAI,GAAGA,IAAIP,EAAa,QAAQO,KAAK;AAC5C,MAAA0F,KAAA,QAAAA,EAAa1F,GAAG4F;AAChB,YAAMG,IAAS,MAAMJ,EAAc;AAAA,QACjCH,EAAwB/F,EAAaO,CAAC,GAAGoF,CAAO;AAAA,MAAA;AAElD,MAAAS,EAAiB,KAAKE,EAAO,SAAS;AAAA,IACxC;AAAA,EACF;AAEA,QAAMC,IAAgD,CAAA;AACtD,WAAShG,IAAI,GAAGA,IAAIP,EAAa,QAAQO;AACvC,IAAAgG,EAAWvG,EAAaO,CAAC,EAAE,kBAAkB,IAAI;AAAA,MAC/C,kBAAkB6F,EAAiB7F,CAAC;AAAA,IAAA;AAIxC,SAAA0F,KAAA,QAAAA,EAAaE,GAAeA,IACrBI;AACT;AAcA,eAAsBC,GACpBjH,GACe;AACf,QAAM;AAAA,IACJ,cAAA8B;AAAA,IACA,eAAAoF;AAAA,IACA,WAAA1B;AAAA,IACA,WAAAzD;AAAA,IACA,aAAAqB;AAAA,IACA,gBAAA+D;AAAA,IACA,WAAAlF,IAAYwD;AAAA,IACZ,QAAAtD;AAAA,IACA,YAAAuE;AAAA,EAAA,IACE1G,GAGEqC,IAAS,MAAMR,EAAmB;AAAA,IACtC,cAAAC;AAAA,IACA,WAAAC;AAAA,IACA,gBAAgB4D;AAAA,IAChB,WAAA1D;AAAA,IACA,QAAAE;AAAA,EAAA,CACD;AAGD,MAAIuD,EAAqB,IAAIrD,CAAM;AACjC;AAGF,EAAAF,KAAA,QAAAA,EAAQ;AAGR,QAAMiF,IAAW,MAAMF,EAAc;AAAA,IACnC;AAAA,MACE,YAAYnF;AAAA,MACZ,cAAcqB;AAAA,IAAA;AAAA,IAEhBjB;AAAA,EAAA;AAGF,EAAAA,KAAA,QAAAA,EAAQ;AAOR,QAAMkF,IAAwBvB,EAAwB1C,CAAW,GAC3DkE,IAAkBF,EAAS,IAAI;AAAA,IACnC,CAACvG,MAAOiF,EAAwBjF,EAAG,cAAc,MAAMwG;AAAA,EAAA,GAEnDE,IAAuB3B,GAA8B0B,CAAe,GACpEE,IAAoB,MAAMf;AAAA,IAC9BjB;AAAA,IACA2B;AAAA,IACAI;AAAA,IACAb;AAAA,EAAA;AAGF,EAAAvE,KAAA,QAAAA,EAAQ;AAGR,QAAMsF,IAAgC,MAAMnC,EAAmB;AAAA,IAC7D,gBAAgB8B,EAAS;AAAA,IACzB,oBAAoBhE;AAAA,IACpB,WAAAoC;AAAA,EAAA,CACD;AAED,EAAArD,KAAA,QAAAA,EAAQ;AAIR,QAAMuF,IAAgB,EAAE,GAAGF,EAAA;AAC3B,EAAAE,EAAcnG,EAAe6B,CAAW,CAAC,IACvCqE,EAA8B,mBAEhC,MAAMP,EAAc;AAAA,IAClB;AAAA,MACE,YAAYnF;AAAA,MACZ,cAAcqB;AAAA,MACd,YAAYsE;AAAA,MACZ,iCAAiCD;AAAA,IAAA;AAAA,IAEnCtF;AAAA,EAAA;AAEJ;"}

package/dist/signAndSubmitPayouts-CSJmcPQN.cjs.map

@@ -1 +1 @@
-{"version":3,"file":"signAndSubmitPayouts-CSJmcPQN.cjs","sources":["../src/tbv/core/managers/PayoutManager.ts","../src/tbv/core/services/deposit/waitForPeginStatus.ts","../src/tbv/core/services/deposit/submitWotsPublicKey.ts","../src/tbv/core/services/deposit/signDepositorGraph.ts","../src/tbv/core/services/deposit/signAndSubmitPayouts.ts"],"sourcesContent":["/**\n * Payout Manager\n *\n * High-level manager that orchestrates the payout signing flow by coordinating\n * SDK primitives ({@link buildPayoutPsbt}, {@link extractPayoutSignature})\n * with a user-provided Bitcoin wallet.\n *\n * The Payout transaction references the Assert transaction (input 1).\n *\n * @see {@link PeginManager} - For Steps 1, 2, and 4 of peg-in flow\n * @see {@link buildPayoutPsbt} - Lower-level primitive for custom implementations\n * @see {@link extractPayoutSignature} - Extract signatures from signed PSBTs\n *\n * @module managers/PayoutManager\n */\n\nimport { Buffer } from \"buffer\";\n\nimport { Transaction } from \"bitcoinjs-lib\";\n\nimport type {\n  BitcoinWallet,\n  SignPsbtOptions,\n} from \"../../../shared/wallets\";\nimport { createTaprootScriptPathSignOptions } from \"../utils/signing\";\nimport {\n  buildPayoutPsbt,\n  extractPayoutSignature,\n  isValidHex,\n  stripHexPrefix,\n  validateWalletPubkey,\n  type Network,\n} from \"../primitives\";\n\n/**\n * Configuration for the PayoutManager.\n */\nexport interface PayoutManagerConfig {\n  /**\n   * Bitcoin network to use for transactions.\n   */\n  network: Network;\n\n  /**\n   * Bitcoin wallet for signing payout transactions.\n   */\n  btcWallet: BitcoinWallet;\n}\n\n/**\n * Base parameters shared by both payout transaction types.\n */\ninterface SignPayoutBaseParams {\n  /**\n   * Peg-in transaction hex.\n   * The original transaction that created the vault output being spent.\n   */\n  peginTxHex: string;\n\n  /**\n   * Vault provider's BTC public key (x-only, 64-char hex).\n   */\n  vaultProviderBtcPubkey: string;\n\n  /**\n   * Vault keeper BTC public keys (x-only, 64-char hex).\n   */\n  vaultKeeperBtcPubkeys: string[];\n\n  /**\n   * Universal challenger BTC public keys (x-only, 64-char hex).\n   */\n  universalChallengerBtcPubkeys: string[];\n\n  /**\n   * CSV timelock in blocks for the PegIn output.\n   */\n  timelockPegin: number;\n\n  /**\n   * Depositor's BTC public key (x-only, 64-char hex).\n   * This should be the public key that was used when creating the vault,\n   * as stored on-chain. If not provided, will be fetched from the wallet.\n   */\n  depositorBtcPubkey?: string;\n\n  /**\n   * The on-chain registered depositor payout scriptPubKey (hex, with or without 0x prefix).\n   * Used to validate that the VP-provided payout transaction actually pays to the\n   * correct depositor payout address before signing.\n   */\n  registeredPayoutScriptPubKey: string;\n}\n\n/**\n * Parameters for signing a Payout transaction.\n *\n * Payout is used in the challenge path after Assert, when the claimer proves validity.\n * Input 1 references the Assert transaction.\n */\nexport interface SignPayoutParams extends SignPayoutBaseParams {\n  /**\n   * Payout transaction hex (unsigned).\n   * This is the transaction from the vault provider that needs depositor signature.\n   */\n  payoutTxHex: string;\n\n  /**\n   * Assert transaction hex.\n   * Payout input 1 references Assert output 0.\n   */\n  assertTxHex: string;\n}\n\n/**\n * Result of signing a payout transaction.\n */\nexport interface PayoutSignatureResult {\n  /**\n   * 64-byte Schnorr signature (128 hex characters).\n   */\n  signature: string;\n\n  /**\n   * Depositor's BTC public key used for signing.\n   */\n  depositorBtcPubkey: string;\n}\n\n/**\n * High-level manager for payout transaction signing.\n *\n * @remarks\n * After registering your peg-in on Ethereum (Step 2), the vault provider prepares\n * claim/payout transaction pairs. You must sign each payout transaction using this\n * manager and submit the signatures to the vault provider's RPC API.\n *\n * **What happens internally:**\n * 1. Validates your wallet's public key matches the vault's depositor\n * 2. Builds an unsigned PSBT with taproot script path spend info\n * 3. Signs input 0 (the vault UTXO) with your wallet\n * 4. Extracts the 64-byte Schnorr signature\n *\n * **Note:** The payout transaction has 2 inputs. PayoutManager only signs input 0\n * (from the peg-in tx). Input 1 (from the assert tx) is signed by the vault provider.\n *\n * @see {@link PeginManager} - For the complete peg-in flow context\n * @see {@link buildPayoutPsbt} - Lower-level primitive used internally\n * @see {@link extractPayoutSignature} - Signature extraction primitive\n */\nexport class PayoutManager {\n  private readonly config: PayoutManagerConfig;\n\n  /**\n   * Creates a new PayoutManager instance.\n   *\n   * @param config - Manager configuration including wallet\n   */\n  constructor(config: PayoutManagerConfig) {\n    this.config = config;\n  }\n\n  /**\n   * Signs a Payout transaction and extracts the Schnorr signature.\n   *\n   * Flow:\n   * 1. Vault provider submits Claim transaction\n   * 2. Claimer submits Assert transaction to prove validity\n   * 3. Payout can be executed (references Assert tx)\n   *\n   * This method orchestrates the following steps:\n   * 1. Get wallet's public key and convert to x-only format\n   * 2. Validate wallet pubkey matches on-chain depositor pubkey (if provided)\n   * 3. Build unsigned PSBT using primitives\n   * 4. Sign PSBT via btcWallet.signPsbt()\n   * 5. Extract 64-byte Schnorr signature using primitives\n   *\n   * The returned signature can be submitted to the vault provider API.\n   *\n   * @param params - Payout signing parameters\n   * @returns Signature result with 64-byte Schnorr signature and depositor pubkey\n   * @throws Error if wallet pubkey doesn't match depositor pubkey\n   * @throws Error if wallet operations fail or signature extraction fails\n   */\n  async signPayoutTransaction(\n    params: SignPayoutParams,\n  ): Promise<PayoutSignatureResult> {\n    // Validate payout TX outputs pay to the registered depositor payout address\n    this.validatePayoutOutputs(\n      params.payoutTxHex,\n      params.registeredPayoutScriptPubKey,\n    );\n\n    // Validate wallet pubkey matches depositor and get both formats\n    const walletPubkeyRaw = await this.config.btcWallet.getPublicKeyHex();\n    const { depositorPubkey } = validateWalletPubkey(\n      walletPubkeyRaw,\n      params.depositorBtcPubkey,\n    );\n\n    // Build unsigned PSBT for Payout (uses Assert tx)\n    const payoutPsbt = await buildPayoutPsbt({\n      payoutTxHex: params.payoutTxHex,\n      peginTxHex: params.peginTxHex,\n      assertTxHex: params.assertTxHex,\n      depositorBtcPubkey: depositorPubkey,\n      vaultProviderBtcPubkey: params.vaultProviderBtcPubkey,\n      vaultKeeperBtcPubkeys: params.vaultKeeperBtcPubkeys,\n      universalChallengerBtcPubkeys: params.universalChallengerBtcPubkeys,\n      timelockPegin: params.timelockPegin,\n      network: this.config.network,\n    });\n\n    // Sign PSBT via wallet (Taproot script-path spend, input 0 only)\n    const signedPsbtHex = await this.config.btcWallet.signPsbt(\n      payoutPsbt.psbtHex,\n      createTaprootScriptPathSignOptions(walletPubkeyRaw, 1),\n    );\n\n    // Extract Schnorr signature\n    const signature = extractPayoutSignature(signedPsbtHex, depositorPubkey);\n\n    return {\n      signature,\n      depositorBtcPubkey: depositorPubkey,\n    };\n  }\n\n  /**\n   * Gets the configured Bitcoin network.\n   *\n   * @returns The Bitcoin network (mainnet, testnet, signet, regtest)\n   */\n  getNetwork(): Network {\n    return this.config.network;\n  }\n\n  /**\n   * Checks if the wallet supports batch signing (signPsbts).\n   *\n   * @returns true if batch signing is supported\n   */\n  supportsBatchSigning(): boolean {\n    return typeof this.config.btcWallet.signPsbts === \"function\";\n  }\n\n  /**\n   * Batch signs multiple payout transactions (1 per claimer).\n   * This allows signing all transactions with a single wallet interaction.\n   *\n   * @param transactions - Array of payout params to sign\n   * @returns Array of signature results matching input order\n   * @throws Error if wallet doesn't support batch signing\n   * @throws Error if any signing operation fails\n   */\n  async signPayoutTransactionsBatch(\n    transactions: SignPayoutParams[],\n  ): Promise<\n    Array<{\n      payoutSignature: string;\n      depositorBtcPubkey: string;\n    }>\n  > {\n    if (!this.supportsBatchSigning()) {\n      throw new Error(\n        \"Wallet does not support batch signing (signPsbts method not available)\",\n      );\n    }\n\n    // Get wallet pubkey once\n    const walletPubkeyRaw = await this.config.btcWallet.getPublicKeyHex();\n\n    // Build all PSBTs (1 per claimer)\n    const psbtsToSign: string[] = [];\n    const signOptions: SignPsbtOptions[] = [];\n    const depositorPubkeys: string[] = [];\n\n    for (const tx of transactions) {\n      // Validate payout TX outputs pay to the registered depositor payout address\n      this.validatePayoutOutputs(\n        tx.payoutTxHex,\n        tx.registeredPayoutScriptPubKey,\n      );\n\n      // Validate wallet pubkey matches depositor\n      const { depositorPubkey } = validateWalletPubkey(\n        walletPubkeyRaw,\n        tx.depositorBtcPubkey,\n      );\n      depositorPubkeys.push(depositorPubkey);\n\n      // Build Payout PSBT\n      const payoutPsbt = await buildPayoutPsbt({\n        payoutTxHex: tx.payoutTxHex,\n        peginTxHex: tx.peginTxHex,\n        assertTxHex: tx.assertTxHex,\n        depositorBtcPubkey: depositorPubkey,\n        vaultProviderBtcPubkey: tx.vaultProviderBtcPubkey,\n        vaultKeeperBtcPubkeys: tx.vaultKeeperBtcPubkeys,\n        universalChallengerBtcPubkeys: tx.universalChallengerBtcPubkeys,\n        timelockPegin: tx.timelockPegin,\n        network: this.config.network,\n      });\n      psbtsToSign.push(payoutPsbt.psbtHex);\n      signOptions.push(createTaprootScriptPathSignOptions(walletPubkeyRaw, 1));\n    }\n\n    // Batch sign all PSBTs with single wallet interaction\n    const signedPsbts = await this.config.btcWallet.signPsbts!(\n      psbtsToSign,\n      signOptions,\n    );\n\n    // Validate that wallet returned the expected number of signed PSBTs\n    if (signedPsbts.length !== transactions.length) {\n      throw new Error(\n        `Expected ${transactions.length} signed PSBTs but received ${signedPsbts.length}`,\n      );\n    }\n\n    // Extract signatures from signed PSBTs\n    const results: Array<{\n      payoutSignature: string;\n      depositorBtcPubkey: string;\n    }> = [];\n\n    for (let i = 0; i < transactions.length; i++) {\n      const depositorPubkey = depositorPubkeys[i];\n      const payoutSignature = extractPayoutSignature(\n        signedPsbts[i],\n        depositorPubkey,\n      );\n\n      results.push({\n        payoutSignature,\n        depositorBtcPubkey: depositorPubkey,\n      });\n    }\n\n    return results;\n  }\n\n  /**\n   * Validates that the payout transaction's largest output pays to the\n   * registered depositor payout address (scriptPubKey).\n   *\n   * This prevents two attack vectors from a malicious vault provider:\n   * 1. Substituting a completely different payout address\n   * 2. Including a dust output to the correct address while routing\n   *    the actual funds to an attacker-controlled address\n   *\n   * @param payoutTxHex - Raw payout transaction hex\n   * @param registeredPayoutScriptPubKey - On-chain registered scriptPubKey (hex, with or without 0x prefix)\n   * @throws Error if scriptPubKey is invalid hex\n   * @throws Error if the largest output does not pay to the registered address\n   */\n  private validatePayoutOutputs(\n    payoutTxHex: string,\n    registeredPayoutScriptPubKey: string,\n  ): void {\n    if (!isValidHex(registeredPayoutScriptPubKey)) {\n      throw new Error(\n        \"Invalid registeredPayoutScriptPubKey: not valid hex\",\n      );\n    }\n\n    const expectedScript = Buffer.from(\n      stripHexPrefix(registeredPayoutScriptPubKey),\n      \"hex\",\n    );\n    const payoutTx = Transaction.fromHex(stripHexPrefix(payoutTxHex));\n\n    if (payoutTx.outs.length === 0) {\n      throw new Error(\"Payout transaction has no outputs\");\n    }\n\n    // Find the largest output by value — this must pay to the registered address.\n    // A dust output to the correct address with funds routed elsewhere is rejected.\n    const largestOutput = payoutTx.outs.reduce((max, output) =>\n      output.value > max.value ? output : max,\n    );\n\n    if (!largestOutput.script.equals(expectedScript)) {\n      throw new Error(\n        \"Payout transaction does not pay to the registered depositor payout address\",\n      );\n    }\n  }\n}\n","/**\n * Poll `getPeginStatus` until the VP reaches one of the target statuses.\n *\n * Pure polling utility with no framework dependencies (no localStorage, no React).\n * Handles \"PegIn not found\" as transient (VP hasn't ingested yet).\n */\n\nimport { JsonRpcError } from \"../../clients/vault-provider/json-rpc-client\";\nimport {\n  RpcErrorCode,\n  VP_TERMINAL_STATUSES,\n  type DaemonStatus,\n} from \"../../clients/vault-provider/types\";\nimport type { PeginStatusReader } from \"./interfaces\";\n\n/** Default polling interval (10 seconds). */\nconst DEFAULT_POLL_INTERVAL_MS = 10_000;\n\nexport interface WaitForPeginStatusParams {\n  /** VP client implementing the status reader interface */\n  statusReader: PeginStatusReader;\n  /** BTC pegin transaction ID (unprefixed hex, 64 chars) */\n  peginTxid: string;\n  /** Set of acceptable statuses — polling stops when the VP reports one of these */\n  targetStatuses: ReadonlySet<DaemonStatus>;\n  /** Maximum time to wait in milliseconds */\n  timeoutMs: number;\n  /** Polling interval in milliseconds (default: 10s) */\n  pollIntervalMs?: number;\n  /** AbortSignal for cancellation */\n  signal?: AbortSignal;\n}\n\n/**\n * Poll `getPeginStatus` until the VP reaches one of the target statuses.\n *\n * @returns The DaemonStatus string that matched one of the targets\n * @throws Error on timeout, abort, or non-transient RPC error\n */\nexport async function waitForPeginStatus(\n  params: WaitForPeginStatusParams,\n): Promise<DaemonStatus> {\n  const {\n    statusReader,\n    peginTxid,\n    targetStatuses,\n    timeoutMs,\n    pollIntervalMs = DEFAULT_POLL_INTERVAL_MS,\n    signal,\n  } = params;\n\n  const startTime = Date.now();\n\n  while (true) {\n    if (signal?.aborted) {\n      throw new Error(\n        `Polling aborted for pegin ${peginTxid.slice(0, 8)}… (target: ${[...targetStatuses].join(\", \")})`,\n      );\n    }\n\n    if (Date.now() - startTime >= timeoutMs) {\n      throw new Error(\n        `Polling timeout after ${timeoutMs}ms for pegin ${peginTxid.slice(0, 8)}… (target: ${[...targetStatuses].join(\", \")})`,\n      );\n    }\n\n    try {\n      const response = await statusReader.getPeginStatus(\n        { pegin_txid: peginTxid },\n        signal,\n      );\n\n      const status = response.status as DaemonStatus;\n      if (targetStatuses.has(status)) {\n        return status;\n      }\n      // Fail fast on terminal statuses to avoid waiting for timeout\n      if (VP_TERMINAL_STATUSES.has(status) && !targetStatuses.has(status)) {\n        throw new Error(\n          `Pegin ${peginTxid.slice(0, 8)}… reached terminal status \"${status}\" while waiting for ${[...targetStatuses].join(\", \")}`,\n        );\n      }\n    } catch (error) {\n      // \"PegIn not found\" is transient — VP hasn't ingested the pegin yet.\n      // Check structured error code first, fall back to message matching.\n      const isNotFound =\n        (error instanceof JsonRpcError &&\n          error.code === RpcErrorCode.NOT_FOUND) ||\n        (error instanceof Error && error.message.includes(\"PegIn not found\"));\n      if (!isNotFound) {\n        throw error;\n      }\n    }\n\n    // Wait before next poll, with abort support\n    await new Promise<void>((resolve, reject) => {\n      const onAbort = () => {\n        clearTimeout(timeoutId);\n        reject(\n          new Error(\n            `Polling aborted for pegin ${peginTxid.slice(0, 8)}… (target: ${[...targetStatuses].join(\", \")})`,\n          ),\n        );\n      };\n      const timeoutId = setTimeout(() => {\n        signal?.removeEventListener(\"abort\", onAbort);\n        resolve();\n      }, pollIntervalMs);\n      signal?.addEventListener(\"abort\", onAbort, { once: true });\n    });\n  }\n}\n","/**\n * Submit pre-derived WOTS public keys to the vault provider.\n *\n * Polls `getPeginStatus` until the VP reaches `PendingDepositorWotsPK`,\n * then submits the keys. If the VP has already moved past WOTS step\n * (e.g., resume flow), submission is skipped.\n *\n * The caller is responsible for deriving WOTS keys externally using\n * `mnemonicToWotsSeed` + `deriveWotsBlockPublicKeys` from the SDK's\n * `tbv/core/wots` module.\n */\n\nimport {\n  DaemonStatus,\n  POST_WOTS_STATUSES,\n  type WotsBlockPublicKey,\n} from \"../../clients/vault-provider/types\";\nimport type { PeginStatusReader, WotsKeySubmitter } from \"./interfaces\";\nimport { waitForPeginStatus } from \"./waitForPeginStatus\";\n\n/** Maximum time to wait for VP to reach PendingDepositorWotsPK (5 min). */\nconst STATUS_POLL_TIMEOUT_MS = 5 * 60 * 1000;\n\n/** All statuses we accept — either ready for submission or already past it. */\nconst TARGET_STATUSES: ReadonlySet<DaemonStatus> = new Set([\n  DaemonStatus.PENDING_DEPOSITOR_WOTS_PK,\n  ...POST_WOTS_STATUSES,\n]);\n\nexport interface SubmitWotsPublicKeyParams {\n  /** VP client implementing the status reader interface */\n  statusReader: PeginStatusReader;\n  /** VP client implementing the WOTS key submission interface */\n  wotsSubmitter: WotsKeySubmitter;\n  /** BTC pegin transaction ID (unprefixed hex, 64 chars) */\n  peginTxid: string;\n  /** Depositor's x-only BTC public key (unprefixed hex, 64 chars) */\n  depositorPk: string;\n  /** Pre-derived WOTS block public keys (one per assert block) */\n  wotsPublicKeys: WotsBlockPublicKey[];\n  /** Maximum time to wait for VP to be ready (default: 5 min) */\n  timeoutMs?: number;\n  /** AbortSignal for cancellation */\n  signal?: AbortSignal;\n}\n\n/**\n * Submit WOTS public keys to the vault provider.\n *\n * @throws Error on timeout, abort, or RPC error\n */\nexport async function submitWotsPublicKey(\n  params: SubmitWotsPublicKeyParams,\n): Promise<void> {\n  const {\n    statusReader,\n    wotsSubmitter,\n    peginTxid,\n    depositorPk,\n    wotsPublicKeys,\n    timeoutMs = STATUS_POLL_TIMEOUT_MS,\n    signal,\n  } = params;\n\n  signal?.throwIfAborted();\n\n  // Wait until VP has ingested the pegin and is ready for the WOTS key.\n  const status = await waitForPeginStatus({\n    statusReader,\n    peginTxid,\n    targetStatuses: TARGET_STATUSES,\n    timeoutMs,\n    signal,\n  });\n\n  // Key was already submitted in a previous session (e.g. resume flow)\n  if (POST_WOTS_STATUSES.has(status as DaemonStatus)) {\n    return;\n  }\n\n  signal?.throwIfAborted();\n\n  await wotsSubmitter.submitDepositorWotsKey(\n    {\n      pegin_txid: peginTxid,\n      depositor_pk: depositorPk,\n      wots_public_keys: wotsPublicKeys,\n    },\n    signal,\n  );\n}\n","/**\n * Depositor Graph Signing Service\n *\n * Signs the depositor's own graph transactions (Payout, NoPayout per challenger)\n * using pre-built PSBTs from the vault provider.\n *\n * The VP returns unsigned PSBTs with prevouts, scripts, and taproot metadata\n * already embedded (BIP 174), so any standard PSBT-compatible signer can\n * produce signatures without extra context.\n *\n * Transaction counts: 1 Payout + N NoPayout = 1 + N total PSBTs\n *\n * @see btc-vault docs/pegin.md — \"Automatic Graph Creation & Presigning\"\n */\n\nimport { Psbt } from \"bitcoinjs-lib\";\n\nimport type { BitcoinWallet, SignPsbtOptions } from \"../../../../shared/wallets/interfaces\";\nimport type {\n  DepositorAsClaimerPresignatures,\n  DepositorGraphTransactions,\n  DepositorPreSigsPerChallenger,\n} from \"../../clients/vault-provider/types\";\nimport { extractPayoutSignature } from \"../../primitives/psbt/payout\";\nimport { stripHexPrefix } from \"../../primitives/utils/bitcoin\";\nimport { createTaprootScriptPathSignOptions } from \"../../utils/signing\";\n\n/**\n * Each payout/nopayout PSBT has exactly one input that needs signing.\n * Used to construct SignPsbtOptions for wallet.signPsbt().\n */\nconst SINGLE_PSBT_INPUT_COUNT = 1;\n\n/** Tracks which indices in the flat PSBT array belong to which challenger */\ninterface ChallengerEntry {\n  challengerPubkey: string;\n  noPayoutIdx: number;\n}\n\n/** Result of the collect phase — flat PSBT array with index mapping */\ninterface CollectedDepositorGraphPsbts {\n  psbtHexes: string[];\n  signOptions: SignPsbtOptions[];\n  challengerEntries: ChallengerEntry[];\n}\n\n// ============================================================================\n// PSBT verification — ensure pre-built PSBTs match advertised tx_hex\n// ============================================================================\n\n/**\n * Parse a base64-encoded PSBT and verify its unsigned transaction matches\n * the expected transaction hex. Catches VP serialization bugs.\n */\nfunction verifyAndParsePsbt(\n  psbtBase64: string,\n  expectedTxHex: string,\n  label: string,\n): Psbt {\n  const psbt = Psbt.fromBase64(psbtBase64);\n  const unsignedTxHex = psbt.data\n    .getTransaction()\n    .toString(\"hex\")\n    .toLowerCase();\n  const normalizedExpected = stripHexPrefix(expectedTxHex).toLowerCase();\n  if (unsignedTxHex !== normalizedExpected) {\n    throw new Error(\n      `PSBT integrity check failed for ${label}: unsigned transaction does not match tx_hex`,\n    );\n  }\n  return psbt;\n}\n\n/**\n * Sanitize a parsed PSBT for Taproot script-path signing.\n *\n * VP-provided PSBTs include tapBip32Derivation and tapMerkleRoot metadata\n * that causes some wallets (notably OKX) to ignore disableTweakSigner and\n * sign with a tweaked key. Stripping these fields forces the wallet to\n * rely solely on tapLeafScript for script-path signing.\n */\nfunction sanitizePsbtForScriptPathSigning(psbt: Psbt): Psbt {\n  const clone = Psbt.fromHex(psbt.toHex());\n  for (const input of clone.data.inputs) {\n    delete input.tapBip32Derivation;\n    delete input.tapMerkleRoot;\n  }\n  return clone;\n}\n\n/**\n * Validate, verify integrity, sanitize, and convert a PSBT to hex.\n */\nfunction validateAndConvertPsbt(\n  psbtBase64: string | undefined,\n  expectedTxHex: string,\n  label: string,\n): string {\n  if (!psbtBase64) {\n    throw new Error(`Missing ${label} PSBT`);\n  }\n  const psbt = verifyAndParsePsbt(psbtBase64, expectedTxHex, label);\n  const sanitized = sanitizePsbtForScriptPathSigning(psbt);\n  return sanitized.toHex();\n}\n\n// ============================================================================\n// Collect phase — decode pre-built PSBTs from VP response\n// ============================================================================\n\n/**\n * Collect all pre-built PSBTs from the depositor graph and track their indices.\n * Layout: [Payout, NoPayout_0, NoPayout_1, ...]\n */\nfunction collectDepositorGraphPsbts(\n  depositorGraph: DepositorGraphTransactions,\n  walletPublicKey: string,\n): CollectedDepositorGraphPsbts {\n  const psbtHexes: string[] = [];\n  const signOptions: SignPsbtOptions[] = [];\n  const challengerEntries: ChallengerEntry[] = [];\n\n  const singleInputOpts = createTaprootScriptPathSignOptions(\n    walletPublicKey,\n    SINGLE_PSBT_INPUT_COUNT,\n  );\n\n  // Index 0: Payout PSBT\n  const payoutHex = validateAndConvertPsbt(\n    depositorGraph.payout_psbt,\n    depositorGraph.payout_tx.tx_hex,\n    \"depositor payout\",\n  );\n  psbtHexes.push(payoutHex);\n  signOptions.push(singleInputOpts);\n\n  // Per-challenger: 1 NoPayout\n  for (const challenger of depositorGraph.challenger_presign_data) {\n    const challengerPubkey = stripHexPrefix(challenger.challenger_pubkey);\n\n    const noPayoutIdx = psbtHexes.length;\n    const noPayoutHex = validateAndConvertPsbt(\n      challenger.nopayout_psbt,\n      challenger.nopayout_tx.tx_hex,\n      `nopayout (challenger ${challengerPubkey})`,\n    );\n    psbtHexes.push(noPayoutHex);\n    signOptions.push(singleInputOpts);\n\n    challengerEntries.push({\n      challengerPubkey,\n      noPayoutIdx,\n    });\n  }\n\n  return { psbtHexes, signOptions, challengerEntries };\n}\n\n// ============================================================================\n// Extract phase\n// ============================================================================\n\n/**\n * Extract all signatures from signed PSBTs and assemble into presignatures.\n */\nfunction extractDepositorGraphSignatures(\n  signedPsbtHexes: string[],\n  challengerEntries: ChallengerEntry[],\n  depositorPubkey: string,\n): DepositorAsClaimerPresignatures {\n  const payoutSignature = extractPayoutSignature(\n    signedPsbtHexes[0],\n    depositorPubkey,\n  );\n\n  const perChallenger: Record<string, DepositorPreSigsPerChallenger> = {};\n  for (const entry of challengerEntries) {\n    perChallenger[entry.challengerPubkey] = {\n      nopayout_signature: extractPayoutSignature(\n        signedPsbtHexes[entry.noPayoutIdx],\n        depositorPubkey,\n      ),\n    };\n  }\n\n  return {\n    payout_signatures: {\n      payout_signature: payoutSignature,\n    },\n    per_challenger: perChallenger,\n  };\n}\n\n/**\n * Sign multiple PSBTs, using batch signing when the wallet supports it.\n * Falls back to sequential `signPsbt` calls for wallets without `signPsbts`.\n */\nasync function signPsbtsWithFallback(\n  wallet: BitcoinWallet,\n  psbtHexes: string[],\n  options?: SignPsbtOptions[],\n): Promise<string[]> {\n  if (typeof wallet.signPsbts === \"function\") {\n    return wallet.signPsbts(psbtHexes, options);\n  }\n\n  const signed: string[] = [];\n  for (let i = 0; i < psbtHexes.length; i++) {\n    signed.push(await wallet.signPsbt(psbtHexes[i], options?.[i]));\n  }\n  return signed;\n}\n\n// ============================================================================\n// Main entry point\n// ============================================================================\n\nexport interface SignDepositorGraphParams {\n  /** The depositor graph from VP response (contains pre-built PSBTs) */\n  depositorGraph: DepositorGraphTransactions;\n  /** Depositor's BTC public key (x-only, 64-char hex, no 0x prefix) */\n  depositorBtcPubkey: string;\n  /** Bitcoin wallet for signing */\n  btcWallet: BitcoinWallet;\n}\n\n/**\n * Sign all depositor graph transactions and assemble into presignatures.\n *\n * Flow:\n * 1. Collect pre-built PSBTs from VP response (base64 -> hex)\n * 2. Batch sign via wallet.signPsbts() if available, else sequential signPsbt()\n * 3. Extract Schnorr signatures from each signed PSBT\n * 4. Assemble into DepositorAsClaimerPresignatures\n */\nexport async function signDepositorGraph(\n  params: SignDepositorGraphParams,\n): Promise<DepositorAsClaimerPresignatures> {\n  const { depositorGraph, depositorBtcPubkey, btcWallet } = params;\n\n  const depositorPubkey = stripHexPrefix(depositorBtcPubkey);\n  const walletPublicKey = await btcWallet.getPublicKeyHex();\n\n  // 1. Collect pre-built PSBTs from VP response\n  const { psbtHexes, signOptions, challengerEntries } =\n    collectDepositorGraphPsbts(depositorGraph, walletPublicKey);\n\n  // 2. Sign all PSBTs (batch when supported, sequential fallback for mobile)\n  const signedPsbtHexes = await signPsbtsWithFallback(\n    btcWallet,\n    psbtHexes,\n    signOptions,\n  );\n\n  if (signedPsbtHexes.length !== psbtHexes.length) {\n    throw new Error(\n      `Wallet returned ${signedPsbtHexes.length} signed PSBTs, expected ${psbtHexes.length}`,\n    );\n  }\n\n  // 3. Extract signatures and assemble presignatures\n  return extractDepositorGraphSignatures(\n    signedPsbtHexes,\n    challengerEntries,\n    depositorPubkey,\n  );\n}\n","/**\n * Payout Signing Orchestration\n *\n * Polls VP for `PendingDepositorSignatures`, fetches presign transactions,\n * signs payouts via PayoutManager, signs the depositor graph, and submits\n * all signatures back to the VP.\n *\n * This is the main deposit protocol step between registration and activation.\n */\n\nimport type { Network } from \"@babylonlabs-io/babylon-tbv-rust-wasm\";\nimport * as bitcoin from \"bitcoinjs-lib\";\nimport { Buffer } from \"buffer\";\n\nimport type { BitcoinWallet } from \"../../../../shared/wallets/interfaces\";\nimport { DaemonStatus } from \"../../clients/vault-provider/types\";\nimport type {\n  ClaimerSignatures,\n  ClaimerTransactions,\n} from \"../../clients/vault-provider/types\";\nimport { PayoutManager } from \"../../managers/PayoutManager\";\nimport {\n  processPublicKeyToXOnly,\n  stripHexPrefix,\n} from \"../../primitives/utils/bitcoin\";\nimport type { PeginStatusReader, PresignClient } from \"./interfaces\";\nimport { signDepositorGraph } from \"./signDepositorGraph\";\nimport { waitForPeginStatus } from \"./waitForPeginStatus\";\n\n// ============================================================================\n// Types\n// ============================================================================\n\n/**\n * Context required for signing payout transactions.\n * Caller builds this from on-chain data (contract queries, GraphQL, config).\n */\nexport interface PayoutSigningContext {\n  /** Raw pegin BTC transaction hex (for PSBT construction) */\n  peginTxHex: string;\n  /** Vault provider's BTC public key (x-only hex, no prefix) */\n  vaultProviderBtcPubkey: string;\n  /** Sorted vault keeper BTC public keys (x-only hex, no prefix) */\n  vaultKeeperBtcPubkeys: string[];\n  /** Sorted universal challenger BTC public keys (x-only hex, no prefix) */\n  universalChallengerBtcPubkeys: string[];\n  /** Depositor's BTC public key (x-only hex, no prefix) */\n  depositorBtcPubkey: string;\n  /** Pegin timelock from the locked offchain params version */\n  timelockPegin: number;\n  /** BTC network (Mainnet, Testnet, etc.) */\n  network: Network;\n  /** On-chain registered depositor payout scriptPubKey (hex) */\n  registeredPayoutScriptPubKey: string;\n}\n\nexport interface PollAndSignPayoutsParams {\n  /** VP client implementing the status reader interface */\n  statusReader: PeginStatusReader;\n  /** VP client implementing the presign transaction flow interface */\n  presignClient: PresignClient;\n  /** Bitcoin wallet for signing */\n  btcWallet: BitcoinWallet;\n  /** BTC pegin transaction ID (unprefixed hex, 64 chars) */\n  peginTxid: string;\n  /** Depositor's x-only BTC public key (unprefixed hex, 64 chars) */\n  depositorPk: string;\n  /** Signing context built from on-chain data */\n  signingContext: PayoutSigningContext;\n  /** Maximum polling timeout in milliseconds (default: 20 min) */\n  timeoutMs?: number;\n  /** AbortSignal for cancellation */\n  signal?: AbortSignal;\n  /** Optional progress callback (completed claimers, total claimers) */\n  onProgress?: (completed: number, total: number) => void;\n}\n\n// ============================================================================\n// Constants\n// ============================================================================\n\n/** Maximum polling timeout (20 minutes) — VP may take 15-20 min to prepare. */\nconst MAX_POLLING_TIMEOUT_MS = 20 * 60 * 1000;\n\n/** Statuses after payout signatures are submitted — if VP is already here, skip. */\nconst POST_PAYOUT_STATUSES: ReadonlySet<DaemonStatus> = new Set([\n  DaemonStatus.PENDING_ACKS,\n  DaemonStatus.PENDING_ACTIVATION,\n  DaemonStatus.ACTIVATED,\n]);\n\nconst TARGET_STATUS: ReadonlySet<DaemonStatus> = new Set([\n  DaemonStatus.PENDING_DEPOSITOR_SIGNATURES,\n  ...POST_PAYOUT_STATUSES,\n]);\n\n// ============================================================================\n// Internal helpers\n// ============================================================================\n\ninterface PreparedTransaction {\n  claimerPubkeyXOnly: string;\n  payoutTxHex: string;\n  assertTxHex: string;\n}\n\nfunction prepareTransactionsForSigning(\n  claimerTransactions: ClaimerTransactions[],\n): PreparedTransaction[] {\n  return claimerTransactions.map((tx) => ({\n    claimerPubkeyXOnly: processPublicKeyToXOnly(tx.claimer_pubkey),\n    payoutTxHex: tx.payout_tx.tx_hex,\n    assertTxHex: tx.assert_tx.tx_hex,\n  }));\n}\n\n/**\n * Derive BIP-86 P2TR scriptPubKey hex from an x-only public key.\n * Requires bitcoinjs-lib ECC to be initialized by the caller.\n */\nfunction deriveBip86ScriptPubKey(xOnlyPubkeyHex: string): string {\n  const { output } = bitcoin.payments.p2tr({\n    internalPubkey: Buffer.from(xOnlyPubkeyHex, \"hex\"),\n  });\n  if (!output) {\n    throw new Error(\"Failed to derive BIP-86 P2TR scriptPubKey\");\n  }\n  return output.toString(\"hex\");\n}\n\n/**\n * Resolve the expected payout scriptPubKey for a given claimer.\n *\n * - VP/Depositor claimer: payout goes to the depositor's registered payout address\n * - VK claimer: payout goes to a BIP-86 P2TR address derived from the VK's pubkey\n *\n * Note: BIP-86 derivation for VK claimers requires bitcoinjs-lib's ECC to be initialized.\n */\nfunction resolvePayoutScriptPubKey(\n  claimerPubkeyXOnly: string,\n  context: PayoutSigningContext,\n): string {\n  const claimer = stripHexPrefix(claimerPubkeyXOnly).toLowerCase();\n  const vpPubkey = stripHexPrefix(\n    context.vaultProviderBtcPubkey,\n  ).toLowerCase();\n  const depositorPubkey = stripHexPrefix(\n    context.depositorBtcPubkey,\n  ).toLowerCase();\n\n  if (claimer === vpPubkey || claimer === depositorPubkey) {\n    return context.registeredPayoutScriptPubKey;\n  }\n\n  // Verify claimer is a known vault keeper\n  const isVaultKeeper = context.vaultKeeperBtcPubkeys.some(\n    (vk) => stripHexPrefix(vk).toLowerCase() === claimer,\n  );\n  if (!isVaultKeeper) {\n    throw new Error(\n      `Unknown claimer pubkey ${claimer}: not VP, depositor, or a registered vault keeper`,\n    );\n  }\n\n  // VK claimer: derive BIP-86 P2TR scriptPubKey from the VK's x-only pubkey\n  const scriptPubKey = deriveBip86ScriptPubKey(claimer);\n  return `0x${scriptPubKey}`;\n}\n\nfunction buildPayoutSigningInput(\n  tx: PreparedTransaction,\n  context: PayoutSigningContext,\n) {\n  return {\n    payoutTxHex: tx.payoutTxHex,\n    peginTxHex: context.peginTxHex,\n    assertTxHex: tx.assertTxHex,\n    vaultProviderBtcPubkey: context.vaultProviderBtcPubkey,\n    vaultKeeperBtcPubkeys: context.vaultKeeperBtcPubkeys,\n    universalChallengerBtcPubkeys: context.universalChallengerBtcPubkeys,\n    depositorBtcPubkey: context.depositorBtcPubkey,\n    timelockPegin: context.timelockPegin,\n    registeredPayoutScriptPubKey: resolvePayoutScriptPubKey(\n      tx.claimerPubkeyXOnly,\n      context,\n    ),\n  };\n}\n\n/**\n * Sign all payout transactions using PayoutManager.\n * Uses batch signing when wallet supports it, sequential otherwise.\n */\nasync function signPayoutTransactions(\n  btcWallet: BitcoinWallet,\n  context: PayoutSigningContext,\n  transactions: PreparedTransaction[],\n  onProgress?: (completed: number, total: number) => void,\n): Promise<Record<string, ClaimerSignatures>> {\n  const payoutManager = new PayoutManager({\n    network: context.network,\n    btcWallet,\n  });\n\n  const totalClaimers = transactions.length;\n  onProgress?.(0, totalClaimers);\n\n  let payoutSignatures: string[];\n\n  if (payoutManager.supportsBatchSigning()) {\n    const results = await payoutManager.signPayoutTransactionsBatch(\n      transactions.map((tx) => buildPayoutSigningInput(tx, context)),\n    );\n    payoutSignatures = results.map((r) => r.payoutSignature);\n  } else {\n    payoutSignatures = [];\n    for (let i = 0; i < transactions.length; i++) {\n      onProgress?.(i, totalClaimers);\n      const result = await payoutManager.signPayoutTransaction(\n        buildPayoutSigningInput(transactions[i], context),\n      );\n      payoutSignatures.push(result.signature);\n    }\n  }\n\n  const signatures: Record<string, ClaimerSignatures> = {};\n  for (let i = 0; i < transactions.length; i++) {\n    signatures[transactions[i].claimerPubkeyXOnly] = {\n      payout_signature: payoutSignatures[i],\n    };\n  }\n\n  onProgress?.(totalClaimers, totalClaimers);\n  return signatures;\n}\n\n// ============================================================================\n// Main entry point\n// ============================================================================\n\n/**\n * Poll for payout transactions, sign them, sign the depositor graph,\n * and submit all signatures to the vault provider.\n *\n * This is the main deposit protocol step between registration and activation.\n *\n * @throws Error on timeout, abort, signing failure, or RPC error\n */\nexport async function pollAndSignPayouts(\n  params: PollAndSignPayoutsParams,\n): Promise<void> {\n  const {\n    statusReader,\n    presignClient,\n    btcWallet,\n    peginTxid,\n    depositorPk,\n    signingContext,\n    timeoutMs = MAX_POLLING_TIMEOUT_MS,\n    signal,\n    onProgress,\n  } = params;\n\n  // Phase 1: Poll until VP is ready for depositor signatures (or already past)\n  const status = await waitForPeginStatus({\n    statusReader,\n    peginTxid,\n    targetStatuses: TARGET_STATUS,\n    timeoutMs,\n    signal,\n  });\n\n  // Resume-safe: if VP already moved past payout signing, nothing to do\n  if (POST_PAYOUT_STATUSES.has(status)) {\n    return;\n  }\n\n  signal?.throwIfAborted();\n\n  // Phase 2: Fetch presign transactions\n  const response = await presignClient.requestDepositorPresignTransactions(\n    {\n      pegin_txid: peginTxid,\n      depositor_pk: depositorPk,\n    },\n    signal,\n  );\n\n  signal?.throwIfAborted();\n\n  // Phase 3: Sign VP/VK claimer payout transactions\n  // Filter out the depositor's own claimer entry — its payout is signed\n  // separately via signDepositorGraph (Phase 4) using VP-provided PSBTs.\n  // Including it here would cause a redundant wallet signing prompt whose\n  // result is discarded when the depositor graph signature overwrites it.\n  const depositorPkNormalized = processPublicKeyToXOnly(depositorPk);\n  const nonDepositorTxs = response.txs.filter(\n    (tx) => processPublicKeyToXOnly(tx.claimer_pubkey) !== depositorPkNormalized,\n  );\n  const preparedTransactions = prepareTransactionsForSigning(nonDepositorTxs);\n  const claimerSignatures = await signPayoutTransactions(\n    btcWallet,\n    signingContext,\n    preparedTransactions,\n    onProgress,\n  );\n\n  signal?.throwIfAborted();\n\n  // Phase 4: Sign depositor-as-claimer graph\n  const depositorClaimerPresignatures = await signDepositorGraph({\n    depositorGraph: response.depositor_graph,\n    depositorBtcPubkey: depositorPk,\n    btcWallet,\n  });\n\n  signal?.throwIfAborted();\n\n  // Phase 5: Submit all signatures to VP\n  // Include depositor's own payout signature in the signatures map\n  const allSignatures = { ...claimerSignatures };\n  allSignatures[stripHexPrefix(depositorPk)] =\n    depositorClaimerPresignatures.payout_signatures;\n\n  await presignClient.submitDepositorPresignatures(\n    {\n      pegin_txid: peginTxid,\n      depositor_pk: depositorPk,\n      signatures: allSignatures,\n      depositor_claimer_presignatures: depositorClaimerPresignatures,\n    },\n    signal,\n  );\n}\n"],"names":["PayoutManager","config","__publicField","params","walletPubkeyRaw","depositorPubkey","validateWalletPubkey","payoutPsbt","buildPayoutPsbt","signedPsbtHex","createTaprootScriptPathSignOptions","extractPayoutSignature","transactions","psbtsToSign","signOptions","depositorPubkeys","tx","signedPsbts","results","i","payoutSignature","payoutTxHex","registeredPayoutScriptPubKey","isValidHex","expectedScript","Buffer","stripHexPrefix","payoutTx","Transaction","max","output","DEFAULT_POLL_INTERVAL_MS","waitForPeginStatus","statusReader","peginTxid","targetStatuses","timeoutMs","pollIntervalMs","signal","startTime","status","VP_TERMINAL_STATUSES","error","JsonRpcError","RpcErrorCode","resolve","reject","onAbort","timeoutId","STATUS_POLL_TIMEOUT_MS","TARGET_STATUSES","DaemonStatus","POST_WOTS_STATUSES","submitWotsPublicKey","wotsSubmitter","depositorPk","wotsPublicKeys","SINGLE_PSBT_INPUT_COUNT","verifyAndParsePsbt","psbtBase64","expectedTxHex","label","psbt","Psbt","unsignedTxHex","normalizedExpected","sanitizePsbtForScriptPathSigning","clone","input","validateAndConvertPsbt","collectDepositorGraphPsbts","depositorGraph","walletPublicKey","psbtHexes","challengerEntries","singleInputOpts","payoutHex","challenger","challengerPubkey","noPayoutIdx","noPayoutHex","extractDepositorGraphSignatures","signedPsbtHexes","perChallenger","entry","signPsbtsWithFallback","wallet","options","signed","signDepositorGraph","depositorBtcPubkey","btcWallet","MAX_POLLING_TIMEOUT_MS","POST_PAYOUT_STATUSES","TARGET_STATUS","prepareTransactionsForSigning","claimerTransactions","processPublicKeyToXOnly","deriveBip86ScriptPubKey","xOnlyPubkeyHex","bitcoin","resolvePayoutScriptPubKey","claimerPubkeyXOnly","context","claimer","vpPubkey","vk","buildPayoutSigningInput","signPayoutTransactions","onProgress","payoutManager","totalClaimers","payoutSignatures","r","result","signatures","pollAndSignPayouts","presignClient","signingContext","response","depositorPkNormalized","nonDepositorTxs","preparedTransactions","claimerSignatures","depositorClaimerPresignatures","allSignatures"],"mappings":"ssBAsJO,MAAMA,CAAc,CAQzB,YAAYC,EAA6B,CAPxBC,EAAA,eAQf,KAAK,OAASD,CAChB,CAwBA,MAAM,sBACJE,EACgC,CAEhC,KAAK,sBACHA,EAAO,YACPA,EAAO,4BAAA,EAIT,MAAMC,EAAkB,MAAM,KAAK,OAAO,UAAU,gBAAA,EAC9C,CAAE,gBAAAC,GAAoBC,EAAAA,qBAC1BF,EACAD,EAAO,kBAAA,EAIHI,EAAa,MAAMC,kBAAgB,CACvC,YAAaL,EAAO,YACpB,WAAYA,EAAO,WACnB,YAAaA,EAAO,YACpB,mBAAoBE,EACpB,uBAAwBF,EAAO,uBAC/B,sBAAuBA,EAAO,sBAC9B,8BAA+BA,EAAO,8BACtC,cAAeA,EAAO,cACtB,QAAS,KAAK,OAAO,OAAA,CACtB,EAGKM,EAAgB,MAAM,KAAK,OAAO,UAAU,SAChDF,EAAW,QACXG,EAAAA,mCAAmCN,EAAiB,CAAC,CAAA,EAMvD,MAAO,CACL,UAHgBO,EAAAA,uBAAuBF,EAAeJ,CAAe,EAIrE,mBAAoBA,CAAA,CAExB,CAOA,YAAsB,CACpB,OAAO,KAAK,OAAO,OACrB,CAOA,sBAAgC,CAC9B,OAAO,OAAO,KAAK,OAAO,UAAU,WAAc,UACpD,CAWA,MAAM,4BACJO,EAMA,CACA,GAAI,CAAC,KAAK,uBACR,MAAM,IAAI,MACR,wEAAA,EAKJ,MAAMR,EAAkB,MAAM,KAAK,OAAO,UAAU,gBAAA,EAG9CS,EAAwB,CAAA,EACxBC,EAAiC,CAAA,EACjCC,EAA6B,CAAA,EAEnC,UAAWC,KAAMJ,EAAc,CAE7B,KAAK,sBACHI,EAAG,YACHA,EAAG,4BAAA,EAIL,KAAM,CAAE,gBAAAX,GAAoBC,EAAAA,qBAC1BF,EACAY,EAAG,kBAAA,EAELD,EAAiB,KAAKV,CAAe,EAGrC,MAAME,EAAa,MAAMC,kBAAgB,CACvC,YAAaQ,EAAG,YAChB,WAAYA,EAAG,WACf,YAAaA,EAAG,YAChB,mBAAoBX,EACpB,uBAAwBW,EAAG,uBAC3B,sBAAuBA,EAAG,sBAC1B,8BAA+BA,EAAG,8BAClC,cAAeA,EAAG,cAClB,QAAS,KAAK,OAAO,OAAA,CACtB,EACDH,EAAY,KAAKN,EAAW,OAAO,EACnCO,EAAY,KAAKJ,EAAAA,mCAAmCN,EAAiB,CAAC,CAAC,CACzE,CAGA,MAAMa,EAAc,MAAM,KAAK,OAAO,UAAU,UAC9CJ,EACAC,CAAA,EAIF,GAAIG,EAAY,SAAWL,EAAa,OACtC,MAAM,IAAI,MACR,YAAYA,EAAa,MAAM,8BAA8BK,EAAY,MAAM,EAAA,EAKnF,MAAMC,EAGD,CAAA,EAEL,QAASC,EAAI,EAAGA,EAAIP,EAAa,OAAQO,IAAK,CAC5C,MAAMd,EAAkBU,EAAiBI,CAAC,EACpCC,EAAkBT,EAAAA,uBACtBM,EAAYE,CAAC,EACbd,CAAA,EAGFa,EAAQ,KAAK,CACX,gBAAAE,EACA,mBAAoBf,CAAA,CACrB,CACH,CAEA,OAAOa,CACT,CAgBQ,sBACNG,EACAC,EACM,CACN,GAAI,CAACC,EAAAA,WAAWD,CAA4B,EAC1C,MAAM,IAAI,MACR,qDAAA,EAIJ,MAAME,EAAiBC,EAAAA,OAAO,KAC5BC,EAAAA,eAAeJ,CAA4B,EAC3C,KAAA,EAEIK,EAAWC,EAAAA,YAAY,QAAQF,EAAAA,eAAeL,CAAW,CAAC,EAEhE,GAAIM,EAAS,KAAK,SAAW,EAC3B,MAAM,IAAI,MAAM,mCAAmC,EASrD,GAAI,CAJkBA,EAAS,KAAK,OAAO,CAACE,EAAKC,IAC/CA,EAAO,MAAQD,EAAI,MAAQC,EAASD,CAAA,EAGnB,OAAO,OAAOL,CAAc,EAC7C,MAAM,IAAI,MACR,4EAAA,CAGN,CACF,CCpXA,MAAMO,EAA2B,IAuBjC,eAAsBC,EACpB7B,EACuB,CACvB,KAAM,CACJ,aAAA8B,EACA,UAAAC,EACA,eAAAC,EACA,UAAAC,EACA,eAAAC,EAAiBN,EACjB,OAAAO,CAAA,EACEnC,EAEEoC,EAAY,KAAK,IAAA,EAEvB,OAAa,CACX,GAAID,GAAA,MAAAA,EAAQ,QACV,MAAM,IAAI,MACR,6BAA6BJ,EAAU,MAAM,EAAG,CAAC,CAAC,cAAc,CAAC,GAAGC,CAAc,EAAE,KAAK,IAAI,CAAC,GAAA,EAIlG,GAAI,KAAK,MAAQI,GAAaH,EAC5B,MAAM,IAAI,MACR,yBAAyBA,CAAS,gBAAgBF,EAAU,MAAM,EAAG,CAAC,CAAC,cAAc,CAAC,GAAGC,CAAc,EAAE,KAAK,IAAI,CAAC,GAAA,EAIvH,GAAI,CAMF,MAAMK,GALW,MAAMP,EAAa,eAClC,CAAE,WAAYC,CAAA,EACdI,CAAA,GAGsB,OACxB,GAAIH,EAAe,IAAIK,CAAM,EAC3B,OAAOA,EAGT,GAAIC,EAAAA,qBAAqB,IAAID,CAAM,GAAK,CAACL,EAAe,IAAIK,CAAM,EAChE,MAAM,IAAI,MACR,SAASN,EAAU,MAAM,EAAG,CAAC,CAAC,8BAA8BM,CAAM,uBAAuB,CAAC,GAAGL,CAAc,EAAE,KAAK,IAAI,CAAC,EAAA,CAG7H,OAASO,EAAO,CAOd,GAAI,EAHDA,aAAiBC,EAAAA,cAChBD,EAAM,OAASE,EAAAA,aAAa,WAC7BF,aAAiB,OAASA,EAAM,QAAQ,SAAS,iBAAiB,GAEnE,MAAMA,CAEV,CAGA,MAAM,IAAI,QAAc,CAACG,EAASC,IAAW,CAC3C,MAAMC,EAAU,IAAM,CACpB,aAAaC,CAAS,EACtBF,EACE,IAAI,MACF,6BAA6BZ,EAAU,MAAM,EAAG,CAAC,CAAC,cAAc,CAAC,GAAGC,CAAc,EAAE,KAAK,IAAI,CAAC,GAAA,CAChG,CAEJ,EACMa,EAAY,WAAW,IAAM,CACjCV,GAAA,MAAAA,EAAQ,oBAAoB,QAASS,GACrCF,EAAA,CACF,EAAGR,CAAc,EACjBC,GAAA,MAAAA,EAAQ,iBAAiB,QAASS,EAAS,CAAE,KAAM,IACrD,CAAC,CACH,CACF,CC1FA,MAAME,EAAyB,IAAS,IAGlCC,MAAiD,IAAI,CACzDC,EAAAA,aAAa,0BACb,GAAGC,EAAAA,kBACL,CAAC,EAwBD,eAAsBC,EACpBlD,EACe,CACf,KAAM,CACJ,aAAA8B,EACA,cAAAqB,EACA,UAAApB,EACA,YAAAqB,EACA,eAAAC,EACA,UAAApB,EAAYa,EACZ,OAAAX,CAAA,EACEnC,EAEJmC,GAAA,MAAAA,EAAQ,iBAGR,MAAME,EAAS,MAAMR,EAAmB,CACtC,aAAAC,EACA,UAAAC,EACA,eAAgBgB,EAChB,UAAAd,EACA,OAAAE,CAAA,CACD,EAGGc,EAAAA,mBAAmB,IAAIZ,CAAsB,IAIjDF,GAAA,MAAAA,EAAQ,iBAER,MAAMgB,EAAc,uBAClB,CACE,WAAYpB,EACZ,aAAcqB,EACd,iBAAkBC,CAAA,EAEpBlB,CAAA,EAEJ,CC3DA,MAAMmB,EAA0B,EAuBhC,SAASC,EACPC,EACAC,EACAC,EACM,CACN,MAAMC,EAAOC,EAAAA,KAAK,WAAWJ,CAAU,EACjCK,EAAgBF,EAAK,KACxB,eAAA,EACA,SAAS,KAAK,EACd,YAAA,EACGG,EAAqBvC,EAAAA,eAAekC,CAAa,EAAE,YAAA,EACzD,GAAII,IAAkBC,EACpB,MAAM,IAAI,MACR,mCAAmCJ,CAAK,8CAAA,EAG5C,OAAOC,CACT,CAUA,SAASI,EAAiCJ,EAAkB,CAC1D,MAAMK,EAAQJ,EAAAA,KAAK,QAAQD,EAAK,OAAO,EACvC,UAAWM,KAASD,EAAM,KAAK,OAC7B,OAAOC,EAAM,mBACb,OAAOA,EAAM,cAEf,OAAOD,CACT,CAKA,SAASE,EACPV,EACAC,EACAC,EACQ,CACR,GAAI,CAACF,EACH,MAAM,IAAI,MAAM,WAAWE,CAAK,OAAO,EAEzC,MAAMC,EAAOJ,EAAmBC,EAAYC,EAAeC,CAAK,EAEhE,OADkBK,EAAiCJ,CAAI,EACtC,MAAA,CACnB,CAUA,SAASQ,EACPC,EACAC,EAC8B,CAC9B,MAAMC,EAAsB,CAAA,EACtB3D,EAAiC,CAAA,EACjC4D,EAAuC,CAAA,EAEvCC,EAAkBjE,EAAAA,mCACtB8D,EACAf,CAAA,EAIImB,EAAYP,EAChBE,EAAe,YACfA,EAAe,UAAU,OACzB,kBAAA,EAEFE,EAAU,KAAKG,CAAS,EACxB9D,EAAY,KAAK6D,CAAe,EAGhC,UAAWE,KAAcN,EAAe,wBAAyB,CAC/D,MAAMO,EAAmBpD,EAAAA,eAAemD,EAAW,iBAAiB,EAE9DE,EAAcN,EAAU,OACxBO,EAAcX,EAClBQ,EAAW,cACXA,EAAW,YAAY,OACvB,wBAAwBC,CAAgB,GAAA,EAE1CL,EAAU,KAAKO,CAAW,EAC1BlE,EAAY,KAAK6D,CAAe,EAEhCD,EAAkB,KAAK,CACrB,iBAAAI,EACA,YAAAC,CAAA,CACD,CACH,CAEA,MAAO,CAAE,UAAAN,EAAW,YAAA3D,EAAa,kBAAA4D,CAAA,CACnC,CASA,SAASO,EACPC,EACAR,EACArE,EACiC,CACjC,MAAMe,EAAkBT,EAAAA,uBACtBuE,EAAgB,CAAC,EACjB7E,CAAA,EAGI8E,EAA+D,CAAA,EACrE,UAAWC,KAASV,EAClBS,EAAcC,EAAM,gBAAgB,EAAI,CACtC,mBAAoBzE,EAAAA,uBAClBuE,EAAgBE,EAAM,WAAW,EACjC/E,CAAA,CACF,EAIJ,MAAO,CACL,kBAAmB,CACjB,iBAAkBe,CAAA,EAEpB,eAAgB+D,CAAA,CAEpB,CAMA,eAAeE,EACbC,EACAb,EACAc,EACmB,CACnB,GAAI,OAAOD,EAAO,WAAc,WAC9B,OAAOA,EAAO,UAAUb,EAAWc,CAAO,EAG5C,MAAMC,EAAmB,CAAA,EACzB,QAASrE,EAAI,EAAGA,EAAIsD,EAAU,OAAQtD,IACpCqE,EAAO,KAAK,MAAMF,EAAO,SAASb,EAAUtD,CAAC,EAAGoE,GAAA,YAAAA,EAAUpE,EAAE,CAAC,EAE/D,OAAOqE,CACT,CAwBA,eAAsBC,EACpBtF,EAC0C,CAC1C,KAAM,CAAE,eAAAoE,EAAgB,mBAAAmB,EAAoB,UAAAC,CAAA,EAAcxF,EAEpDE,EAAkBqB,EAAAA,eAAegE,CAAkB,EACnDlB,EAAkB,MAAMmB,EAAU,gBAAA,EAGlC,CAAE,UAAAlB,EAAW,YAAA3D,EAAa,kBAAA4D,GAC9BJ,EAA2BC,EAAgBC,CAAe,EAGtDU,EAAkB,MAAMG,EAC5BM,EACAlB,EACA3D,CAAA,EAGF,GAAIoE,EAAgB,SAAWT,EAAU,OACvC,MAAM,IAAI,MACR,mBAAmBS,EAAgB,MAAM,2BAA2BT,EAAU,MAAM,EAAA,EAKxF,OAAOQ,EACLC,EACAR,EACArE,CAAA,CAEJ,CCxLA,MAAMuF,EAAyB,KAAU,IAGnCC,MAAsD,IAAI,CAC9D1C,EAAAA,aAAa,aACbA,EAAAA,aAAa,mBACbA,eAAa,SACf,CAAC,EAEK2C,MAA+C,IAAI,CACvD3C,EAAAA,aAAa,6BACb,GAAG0C,CACL,CAAC,EAYD,SAASE,EACPC,EACuB,CACvB,OAAOA,EAAoB,IAAKhF,IAAQ,CACtC,mBAAoBiF,EAAAA,wBAAwBjF,EAAG,cAAc,EAC7D,YAAaA,EAAG,UAAU,OAC1B,YAAaA,EAAG,UAAU,MAAA,EAC1B,CACJ,CAMA,SAASkF,EAAwBC,EAAgC,CAC/D,KAAM,CAAE,OAAArE,CAAA,EAAWsE,EAAQ,SAAS,KAAK,CACvC,eAAgB3E,EAAAA,OAAO,KAAK0E,EAAgB,KAAK,CAAA,CAClD,EACD,GAAI,CAACrE,EACH,MAAM,IAAI,MAAM,2CAA2C,EAE7D,OAAOA,EAAO,SAAS,KAAK,CAC9B,CAUA,SAASuE,EACPC,EACAC,EACQ,CACR,MAAMC,EAAU9E,EAAAA,eAAe4E,CAAkB,EAAE,YAAA,EAC7CG,EAAW/E,EAAAA,eACf6E,EAAQ,sBAAA,EACR,YAAA,EACIlG,EAAkBqB,EAAAA,eACtB6E,EAAQ,kBAAA,EACR,YAAA,EAEF,GAAIC,IAAYC,GAAYD,IAAYnG,EACtC,OAAOkG,EAAQ,6BAOjB,GAAI,CAHkBA,EAAQ,sBAAsB,KACjDG,GAAOhF,EAAAA,eAAegF,CAAE,EAAE,gBAAkBF,CAAA,EAG7C,MAAM,IAAI,MACR,0BAA0BA,CAAO,mDAAA,EAMrC,MAAO,KADcN,EAAwBM,CAAO,CAC5B,EAC1B,CAEA,SAASG,EACP3F,EACAuF,EACA,CACA,MAAO,CACL,YAAavF,EAAG,YAChB,WAAYuF,EAAQ,WACpB,YAAavF,EAAG,YAChB,uBAAwBuF,EAAQ,uBAChC,sBAAuBA,EAAQ,sBAC/B,8BAA+BA,EAAQ,8BACvC,mBAAoBA,EAAQ,mBAC5B,cAAeA,EAAQ,cACvB,6BAA8BF,EAC5BrF,EAAG,mBACHuF,CAAA,CACF,CAEJ,CAMA,eAAeK,EACbjB,EACAY,EACA3F,EACAiG,EAC4C,CAC5C,MAAMC,EAAgB,IAAI9G,EAAc,CACtC,QAASuG,EAAQ,QACjB,UAAAZ,CAAA,CACD,EAEKoB,EAAgBnG,EAAa,OACnCiG,GAAA,MAAAA,EAAa,EAAGE,GAEhB,IAAIC,EAEJ,GAAIF,EAAc,uBAIhBE,GAHgB,MAAMF,EAAc,4BAClClG,EAAa,IAAKI,GAAO2F,EAAwB3F,EAAIuF,CAAO,CAAC,CAAA,GAEpC,IAAKU,GAAMA,EAAE,eAAe,MAClD,CACLD,EAAmB,CAAA,EACnB,QAAS7F,EAAI,EAAGA,EAAIP,EAAa,OAAQO,IAAK,CAC5C0F,GAAA,MAAAA,EAAa1F,EAAG4F,GAChB,MAAMG,EAAS,MAAMJ,EAAc,sBACjCH,EAAwB/F,EAAaO,CAAC,EAAGoF,CAAO,CAAA,EAElDS,EAAiB,KAAKE,EAAO,SAAS,CACxC,CACF,CAEA,MAAMC,EAAgD,CAAA,EACtD,QAAShG,EAAI,EAAGA,EAAIP,EAAa,OAAQO,IACvCgG,EAAWvG,EAAaO,CAAC,EAAE,kBAAkB,EAAI,CAC/C,iBAAkB6F,EAAiB7F,CAAC,CAAA,EAIxC,OAAA0F,GAAA,MAAAA,EAAaE,EAAeA,GACrBI,CACT,CAcA,eAAsBC,EACpBjH,EACe,CACf,KAAM,CACJ,aAAA8B,EACA,cAAAoF,EACA,UAAA1B,EACA,UAAAzD,EACA,YAAAqB,EACA,eAAA+D,EACA,UAAAlF,EAAYwD,EACZ,OAAAtD,EACA,WAAAuE,CAAA,EACE1G,EAGEqC,EAAS,MAAMR,EAAmB,CACtC,aAAAC,EACA,UAAAC,EACA,eAAgB4D,EAChB,UAAA1D,EACA,OAAAE,CAAA,CACD,EAGD,GAAIuD,EAAqB,IAAIrD,CAAM,EACjC,OAGFF,GAAA,MAAAA,EAAQ,iBAGR,MAAMiF,EAAW,MAAMF,EAAc,oCACnC,CACE,WAAYnF,EACZ,aAAcqB,CAAA,EAEhBjB,CAAA,EAGFA,GAAA,MAAAA,EAAQ,iBAOR,MAAMkF,EAAwBvB,EAAAA,wBAAwB1C,CAAW,EAC3DkE,EAAkBF,EAAS,IAAI,OAClCvG,GAAOiF,EAAAA,wBAAwBjF,EAAG,cAAc,IAAMwG,CAAA,EAEnDE,EAAuB3B,EAA8B0B,CAAe,EACpEE,EAAoB,MAAMf,EAC9BjB,EACA2B,EACAI,EACAb,CAAA,EAGFvE,GAAA,MAAAA,EAAQ,iBAGR,MAAMsF,EAAgC,MAAMnC,EAAmB,CAC7D,eAAgB8B,EAAS,gBACzB,mBAAoBhE,EACpB,UAAAoC,CAAA,CACD,EAEDrD,GAAA,MAAAA,EAAQ,iBAIR,MAAMuF,EAAgB,CAAE,GAAGF,CAAA,EAC3BE,EAAcnG,EAAAA,eAAe6B,CAAW,CAAC,EACvCqE,EAA8B,kBAEhC,MAAMP,EAAc,6BAClB,CACE,WAAYnF,EACZ,aAAcqB,EACd,WAAYsE,EACZ,gCAAiCD,CAAA,EAEnCtF,CAAA,CAEJ"}
+{"version":3,"file":"signAndSubmitPayouts-CSJmcPQN.cjs","sources":["../src/tbv/core/managers/PayoutManager.ts","../src/tbv/core/services/deposit/waitForPeginStatus.ts","../src/tbv/core/services/deposit/submitWotsPublicKey.ts","../src/tbv/core/services/deposit/signDepositorGraph.ts","../src/tbv/core/services/deposit/signAndSubmitPayouts.ts"],"sourcesContent":["/**\n * Payout Manager\n *\n * High-level manager that orchestrates the payout signing flow by coordinating\n * SDK primitives ({@link buildPayoutPsbt}, {@link extractPayoutSignature})\n * with a user-provided Bitcoin wallet.\n *\n * The Payout transaction references the Assert transaction (input 1).\n *\n * @see {@link PeginManager} - For Steps 1, 2, and 4 of peg-in flow\n * @see {@link buildPayoutPsbt} - Lower-level primitive for custom implementations\n * @see {@link extractPayoutSignature} - Extract signatures from signed PSBTs\n *\n * @module managers/PayoutManager\n */\n\nimport { Buffer } from \"buffer\";\n\nimport { Transaction } from \"bitcoinjs-lib\";\n\nimport type {\n  BitcoinWallet,\n  SignPsbtOptions,\n} from \"../../../shared/wallets\";\nimport { createTaprootScriptPathSignOptions } from \"../utils/signing\";\nimport {\n  buildPayoutPsbt,\n  extractPayoutSignature,\n  isValidHex,\n  stripHexPrefix,\n  validateWalletPubkey,\n  type Network,\n} from \"../primitives\";\n\n/**\n * Configuration for the PayoutManager.\n */\nexport interface PayoutManagerConfig {\n  /**\n   * Bitcoin network to use for transactions.\n   */\n  network: Network;\n\n  /**\n   * Bitcoin wallet for signing payout transactions.\n   */\n  btcWallet: BitcoinWallet;\n}\n\n/**\n * Base parameters shared by both payout transaction types.\n */\ninterface SignPayoutBaseParams {\n  /**\n   * Peg-in transaction hex.\n   * The original transaction that created the vault output being spent.\n   */\n  peginTxHex: string;\n\n  /**\n   * Vault provider's BTC public key (x-only, 64-char hex).\n   */\n  vaultProviderBtcPubkey: string;\n\n  /**\n   * Vault keeper BTC public keys (x-only, 64-char hex).\n   */\n  vaultKeeperBtcPubkeys: string[];\n\n  /**\n   * Universal challenger BTC public keys (x-only, 64-char hex).\n   */\n  universalChallengerBtcPubkeys: string[];\n\n  /**\n   * CSV timelock in blocks for the PegIn output.\n   */\n  timelockPegin: number;\n\n  /**\n   * Depositor's BTC public key (x-only, 64-char hex).\n   * This should be the public key that was used when creating the vault,\n   * as stored on-chain. If not provided, will be fetched from the wallet.\n   */\n  depositorBtcPubkey?: string;\n\n  /**\n   * The on-chain registered depositor payout scriptPubKey (hex, with or without 0x prefix).\n   * Used to validate that the VP-provided payout transaction actually pays to the\n   * correct depositor payout address before signing.\n   */\n  registeredPayoutScriptPubKey: string;\n}\n\n/**\n * Parameters for signing a Payout transaction.\n *\n * Payout is used in the challenge path after Assert, when the claimer proves validity.\n * Input 1 references the Assert transaction.\n */\nexport interface SignPayoutParams extends SignPayoutBaseParams {\n  /**\n   * Payout transaction hex (unsigned).\n   * This is the transaction from the vault provider that needs depositor signature.\n   */\n  payoutTxHex: string;\n\n  /**\n   * Assert transaction hex.\n   * Payout input 1 references Assert output 0.\n   */\n  assertTxHex: string;\n}\n\n/**\n * Result of signing a payout transaction.\n */\nexport interface PayoutSignatureResult {\n  /**\n   * 64-byte Schnorr signature (128 hex characters).\n   */\n  signature: string;\n\n  /**\n   * Depositor's BTC public key used for signing.\n   */\n  depositorBtcPubkey: string;\n}\n\n/**\n * High-level manager for payout transaction signing.\n *\n * @remarks\n * After registering your peg-in on Ethereum (Step 2), the vault provider prepares\n * claim/payout transaction pairs. You must sign each payout transaction using this\n * manager and submit the signatures to the vault provider's RPC API.\n *\n * **What happens internally:**\n * 1. Validates your wallet's public key matches the vault's depositor\n * 2. Builds an unsigned PSBT with taproot script path spend info\n * 3. Signs input 0 (the vault UTXO) with your wallet\n * 4. Extracts the 64-byte Schnorr signature\n *\n * **Note:** The payout transaction has 2 inputs. PayoutManager only signs input 0\n * (from the peg-in tx). Input 1 (from the assert tx) is signed by the vault provider.\n *\n * @see {@link PeginManager} - For the complete peg-in flow context\n * @see {@link buildPayoutPsbt} - Lower-level primitive used internally\n * @see {@link extractPayoutSignature} - Signature extraction primitive\n */\nexport class PayoutManager {\n  private readonly config: PayoutManagerConfig;\n\n  /**\n   * Creates a new PayoutManager instance.\n   *\n   * @param config - Manager configuration including wallet\n   */\n  constructor(config: PayoutManagerConfig) {\n    this.config = config;\n  }\n\n  /**\n   * Signs a Payout transaction and extracts the Schnorr signature.\n   *\n   * Flow:\n   * 1. Vault provider submits Claim transaction\n   * 2. Claimer submits Assert transaction to prove validity\n   * 3. Payout can be executed (references Assert tx)\n   *\n   * This method orchestrates the following steps:\n   * 1. Get wallet's public key and convert to x-only format\n   * 2. Validate wallet pubkey matches on-chain depositor pubkey (if provided)\n   * 3. Build unsigned PSBT using primitives\n   * 4. Sign PSBT via btcWallet.signPsbt()\n   * 5. Extract 64-byte Schnorr signature using primitives\n   *\n   * The returned signature can be submitted to the vault provider API.\n   *\n   * @param params - Payout signing parameters\n   * @returns Signature result with 64-byte Schnorr signature and depositor pubkey\n   * @throws Error if wallet pubkey doesn't match depositor pubkey\n   * @throws Error if wallet operations fail or signature extraction fails\n   */\n  async signPayoutTransaction(\n    params: SignPayoutParams,\n  ): Promise<PayoutSignatureResult> {\n    // Validate payout TX outputs pay to the registered depositor payout address\n    this.validatePayoutOutputs(\n      params.payoutTxHex,\n      params.registeredPayoutScriptPubKey,\n    );\n\n    // Validate wallet pubkey matches depositor and get both formats\n    const walletPubkeyRaw = await this.config.btcWallet.getPublicKeyHex();\n    const { depositorPubkey } = validateWalletPubkey(\n      walletPubkeyRaw,\n      params.depositorBtcPubkey,\n    );\n\n    // Build unsigned PSBT for Payout (uses Assert tx)\n    const payoutPsbt = await buildPayoutPsbt({\n      payoutTxHex: params.payoutTxHex,\n      peginTxHex: params.peginTxHex,\n      assertTxHex: params.assertTxHex,\n      depositorBtcPubkey: depositorPubkey,\n      vaultProviderBtcPubkey: params.vaultProviderBtcPubkey,\n      vaultKeeperBtcPubkeys: params.vaultKeeperBtcPubkeys,\n      universalChallengerBtcPubkeys: params.universalChallengerBtcPubkeys,\n      timelockPegin: params.timelockPegin,\n      network: this.config.network,\n    });\n\n    // Sign PSBT via wallet (Taproot script-path spend, input 0 only)\n    const signedPsbtHex = await this.config.btcWallet.signPsbt(\n      payoutPsbt.psbtHex,\n      createTaprootScriptPathSignOptions(walletPubkeyRaw, 1),\n    );\n\n    // Extract Schnorr signature\n    const signature = extractPayoutSignature(signedPsbtHex, depositorPubkey);\n\n    return {\n      signature,\n      depositorBtcPubkey: depositorPubkey,\n    };\n  }\n\n  /**\n   * Gets the configured Bitcoin network.\n   *\n   * @returns The Bitcoin network (mainnet, testnet, signet, regtest)\n   */\n  getNetwork(): Network {\n    return this.config.network;\n  }\n\n  /**\n   * Checks if the wallet supports batch signing (signPsbts).\n   *\n   * @returns true if batch signing is supported\n   */\n  supportsBatchSigning(): boolean {\n    return typeof this.config.btcWallet.signPsbts === \"function\";\n  }\n\n  /**\n   * Batch signs multiple payout transactions (1 per claimer).\n   * This allows signing all transactions with a single wallet interaction.\n   *\n   * @param transactions - Array of payout params to sign\n   * @returns Array of signature results matching input order\n   * @throws Error if wallet doesn't support batch signing\n   * @throws Error if any signing operation fails\n   */\n  async signPayoutTransactionsBatch(\n    transactions: SignPayoutParams[],\n  ): Promise<\n    Array<{\n      payoutSignature: string;\n      depositorBtcPubkey: string;\n    }>\n  > {\n    if (!this.supportsBatchSigning()) {\n      throw new Error(\n        \"Wallet does not support batch signing (signPsbts method not available)\",\n      );\n    }\n\n    // Get wallet pubkey once\n    const walletPubkeyRaw = await this.config.btcWallet.getPublicKeyHex();\n\n    // Build all PSBTs (1 per claimer)\n    const psbtsToSign: string[] = [];\n    const signOptions: SignPsbtOptions[] = [];\n    const depositorPubkeys: string[] = [];\n\n    for (const tx of transactions) {\n      // Validate payout TX outputs pay to the registered depositor payout address\n      this.validatePayoutOutputs(\n        tx.payoutTxHex,\n        tx.registeredPayoutScriptPubKey,\n      );\n\n      // Validate wallet pubkey matches depositor\n      const { depositorPubkey } = validateWalletPubkey(\n        walletPubkeyRaw,\n        tx.depositorBtcPubkey,\n      );\n      depositorPubkeys.push(depositorPubkey);\n\n      // Build Payout PSBT\n      const payoutPsbt = await buildPayoutPsbt({\n        payoutTxHex: tx.payoutTxHex,\n        peginTxHex: tx.peginTxHex,\n        assertTxHex: tx.assertTxHex,\n        depositorBtcPubkey: depositorPubkey,\n        vaultProviderBtcPubkey: tx.vaultProviderBtcPubkey,\n        vaultKeeperBtcPubkeys: tx.vaultKeeperBtcPubkeys,\n        universalChallengerBtcPubkeys: tx.universalChallengerBtcPubkeys,\n        timelockPegin: tx.timelockPegin,\n        network: this.config.network,\n      });\n      psbtsToSign.push(payoutPsbt.psbtHex);\n      signOptions.push(createTaprootScriptPathSignOptions(walletPubkeyRaw, 1));\n    }\n\n    // Batch sign all PSBTs with single wallet interaction\n    const signedPsbts = await this.config.btcWallet.signPsbts!(\n      psbtsToSign,\n      signOptions,\n    );\n\n    // Validate that wallet returned the expected number of signed PSBTs\n    if (signedPsbts.length !== transactions.length) {\n      throw new Error(\n        `Expected ${transactions.length} signed PSBTs but received ${signedPsbts.length}`,\n      );\n    }\n\n    // Extract signatures from signed PSBTs\n    const results: Array<{\n      payoutSignature: string;\n      depositorBtcPubkey: string;\n    }> = [];\n\n    for (let i = 0; i < transactions.length; i++) {\n      const depositorPubkey = depositorPubkeys[i];\n      const payoutSignature = extractPayoutSignature(\n        signedPsbts[i],\n        depositorPubkey,\n      );\n\n      results.push({\n        payoutSignature,\n        depositorBtcPubkey: depositorPubkey,\n      });\n    }\n\n    return results;\n  }\n\n  /**\n   * Validates that the payout transaction's largest output pays to the\n   * registered depositor payout address (scriptPubKey).\n   *\n   * This prevents two attack vectors from a malicious vault provider:\n   * 1. Substituting a completely different payout address\n   * 2. Including a dust output to the correct address while routing\n   *    the actual funds to an attacker-controlled address\n   *\n   * @param payoutTxHex - Raw payout transaction hex\n   * @param registeredPayoutScriptPubKey - On-chain registered scriptPubKey (hex, with or without 0x prefix)\n   * @throws Error if scriptPubKey is invalid hex\n   * @throws Error if the largest output does not pay to the registered address\n   */\n  private validatePayoutOutputs(\n    payoutTxHex: string,\n    registeredPayoutScriptPubKey: string,\n  ): void {\n    if (!isValidHex(registeredPayoutScriptPubKey)) {\n      throw new Error(\n        \"Invalid registeredPayoutScriptPubKey: not valid hex\",\n      );\n    }\n\n    const expectedScript = Buffer.from(\n      stripHexPrefix(registeredPayoutScriptPubKey),\n      \"hex\",\n    );\n    const payoutTx = Transaction.fromHex(stripHexPrefix(payoutTxHex));\n\n    if (payoutTx.outs.length === 0) {\n      throw new Error(\"Payout transaction has no outputs\");\n    }\n\n    // Find the largest output by value — this must pay to the registered address.\n    // A dust output to the correct address with funds routed elsewhere is rejected.\n    const largestOutput = payoutTx.outs.reduce((max, output) =>\n      output.value > max.value ? output : max,\n    );\n\n    if (!largestOutput.script.equals(expectedScript)) {\n      throw new Error(\n        \"Payout transaction does not pay to the registered depositor payout address\",\n      );\n    }\n  }\n}\n","/**\n * Poll `getPeginStatus` until the VP reaches one of the target statuses.\n *\n * Pure polling utility with no framework dependencies (no localStorage, no React).\n * Handles \"PegIn not found\" as transient (VP hasn't ingested yet).\n */\n\nimport { JsonRpcError } from \"../../clients/vault-provider/json-rpc-client\";\nimport {\n  RpcErrorCode,\n  VP_TERMINAL_STATUSES,\n  type DaemonStatus,\n} from \"../../clients/vault-provider/types\";\nimport type { PeginStatusReader } from \"./interfaces\";\n\n/** Default polling interval (10 seconds). */\nconst DEFAULT_POLL_INTERVAL_MS = 10_000;\n\nexport interface WaitForPeginStatusParams {\n  /** VP client implementing the status reader interface */\n  statusReader: PeginStatusReader;\n  /** BTC pegin transaction ID (unprefixed hex, 64 chars) */\n  peginTxid: string;\n  /** Set of acceptable statuses — polling stops when the VP reports one of these */\n  targetStatuses: ReadonlySet<DaemonStatus>;\n  /** Maximum time to wait in milliseconds */\n  timeoutMs: number;\n  /** Polling interval in milliseconds (default: 10s) */\n  pollIntervalMs?: number;\n  /** AbortSignal for cancellation */\n  signal?: AbortSignal;\n}\n\n/**\n * Poll `getPeginStatus` until the VP reaches one of the target statuses.\n *\n * @returns The DaemonStatus string that matched one of the targets\n * @throws Error on timeout, abort, or non-transient RPC error\n */\nexport async function waitForPeginStatus(\n  params: WaitForPeginStatusParams,\n): Promise<DaemonStatus> {\n  const {\n    statusReader,\n    peginTxid,\n    targetStatuses,\n    timeoutMs,\n    pollIntervalMs = DEFAULT_POLL_INTERVAL_MS,\n    signal,\n  } = params;\n\n  const startTime = Date.now();\n\n  while (true) {\n    if (signal?.aborted) {\n      throw new Error(\n        `Polling aborted for pegin ${peginTxid.slice(0, 8)}… (target: ${[...targetStatuses].join(\", \")})`,\n      );\n    }\n\n    if (Date.now() - startTime >= timeoutMs) {\n      throw new Error(\n        `Polling timeout after ${timeoutMs}ms for pegin ${peginTxid.slice(0, 8)}… (target: ${[...targetStatuses].join(\", \")})`,\n      );\n    }\n\n    try {\n      const response = await statusReader.getPeginStatus(\n        { pegin_txid: peginTxid },\n        signal,\n      );\n\n      const status = response.status as DaemonStatus;\n      if (targetStatuses.has(status)) {\n        return status;\n      }\n      // Fail fast on terminal statuses to avoid waiting for timeout\n      if (VP_TERMINAL_STATUSES.has(status) && !targetStatuses.has(status)) {\n        throw new Error(\n          `Pegin ${peginTxid.slice(0, 8)}… reached terminal status \"${status}\" while waiting for ${[...targetStatuses].join(\", \")}`,\n        );\n      }\n    } catch (error) {\n      // \"PegIn not found\" is transient — VP hasn't ingested the pegin yet.\n      // Check structured error code first, fall back to message matching.\n      const isNotFound =\n        (error instanceof JsonRpcError &&\n          error.code === RpcErrorCode.NOT_FOUND) ||\n        (error instanceof Error && error.message.includes(\"PegIn not found\"));\n      if (!isNotFound) {\n        throw error;\n      }\n    }\n\n    // Wait before next poll, with abort support\n    await new Promise<void>((resolve, reject) => {\n      const onAbort = () => {\n        clearTimeout(timeoutId);\n        reject(\n          new Error(\n            `Polling aborted for pegin ${peginTxid.slice(0, 8)}… (target: ${[...targetStatuses].join(\", \")})`,\n          ),\n        );\n      };\n      const timeoutId = setTimeout(() => {\n        signal?.removeEventListener(\"abort\", onAbort);\n        resolve();\n      }, pollIntervalMs);\n      signal?.addEventListener(\"abort\", onAbort, { once: true });\n    });\n  }\n}\n","/**\n * Submit pre-derived WOTS public keys to the vault provider.\n *\n * Polls `getPeginStatus` until the VP reaches `PendingDepositorWotsPK`,\n * then submits the keys. If the VP has already moved past WOTS step\n * (e.g., resume flow), submission is skipped.\n *\n * The caller is responsible for deriving WOTS keys externally using\n * `mnemonicToWotsSeed` + `deriveWotsBlockPublicKeys` from the SDK's\n * `tbv/core/wots` module.\n */\n\nimport {\n  DaemonStatus,\n  POST_WOTS_STATUSES,\n  type WotsBlockPublicKey,\n} from \"../../clients/vault-provider/types\";\nimport type { PeginStatusReader, WotsKeySubmitter } from \"./interfaces\";\nimport { waitForPeginStatus } from \"./waitForPeginStatus\";\n\n/** Maximum time to wait for VP to reach PendingDepositorWotsPK (5 min). */\nconst STATUS_POLL_TIMEOUT_MS = 5 * 60 * 1000;\n\n/** All statuses we accept — either ready for submission or already past it. */\nconst TARGET_STATUSES: ReadonlySet<DaemonStatus> = new Set([\n  DaemonStatus.PENDING_DEPOSITOR_WOTS_PK,\n  ...POST_WOTS_STATUSES,\n]);\n\nexport interface SubmitWotsPublicKeyParams {\n  /** VP client implementing the status reader interface */\n  statusReader: PeginStatusReader;\n  /** VP client implementing the WOTS key submission interface */\n  wotsSubmitter: WotsKeySubmitter;\n  /** BTC pegin transaction ID (unprefixed hex, 64 chars) */\n  peginTxid: string;\n  /** Depositor's x-only BTC public key (unprefixed hex, 64 chars) */\n  depositorPk: string;\n  /** Pre-derived WOTS block public keys (one per assert block) */\n  wotsPublicKeys: WotsBlockPublicKey[];\n  /** Maximum time to wait for VP to be ready (default: 5 min) */\n  timeoutMs?: number;\n  /** AbortSignal for cancellation */\n  signal?: AbortSignal;\n}\n\n/**\n * Submit WOTS public keys to the vault provider.\n *\n * @throws Error on timeout, abort, or RPC error\n */\nexport async function submitWotsPublicKey(\n  params: SubmitWotsPublicKeyParams,\n): Promise<void> {\n  const {\n    statusReader,\n    wotsSubmitter,\n    peginTxid,\n    depositorPk,\n    wotsPublicKeys,\n    timeoutMs = STATUS_POLL_TIMEOUT_MS,\n    signal,\n  } = params;\n\n  signal?.throwIfAborted();\n\n  // Wait until VP has ingested the pegin and is ready for the WOTS key.\n  const status = await waitForPeginStatus({\n    statusReader,\n    peginTxid,\n    targetStatuses: TARGET_STATUSES,\n    timeoutMs,\n    signal,\n  });\n\n  // Key was already submitted in a previous session (e.g. resume flow)\n  if (POST_WOTS_STATUSES.has(status)) {\n    return;\n  }\n\n  signal?.throwIfAborted();\n\n  await wotsSubmitter.submitDepositorWotsKey(\n    {\n      pegin_txid: peginTxid,\n      depositor_pk: depositorPk,\n      wots_public_keys: wotsPublicKeys,\n    },\n    signal,\n  );\n}\n","/**\n * Depositor Graph Signing Service\n *\n * Signs the depositor's own graph transactions (Payout, NoPayout per challenger)\n * using pre-built PSBTs from the vault provider.\n *\n * The VP returns unsigned PSBTs with prevouts, scripts, and taproot metadata\n * already embedded (BIP 174), so any standard PSBT-compatible signer can\n * produce signatures without extra context.\n *\n * Transaction counts: 1 Payout + N NoPayout = 1 + N total PSBTs\n *\n * @see btc-vault docs/pegin.md — \"Automatic Graph Creation & Presigning\"\n */\n\nimport { Psbt } from \"bitcoinjs-lib\";\n\nimport type { BitcoinWallet, SignPsbtOptions } from \"../../../../shared/wallets/interfaces\";\nimport type {\n  DepositorAsClaimerPresignatures,\n  DepositorGraphTransactions,\n  DepositorPreSigsPerChallenger,\n} from \"../../clients/vault-provider/types\";\nimport { extractPayoutSignature } from \"../../primitives/psbt/payout\";\nimport { stripHexPrefix } from \"../../primitives/utils/bitcoin\";\nimport { createTaprootScriptPathSignOptions } from \"../../utils/signing\";\n\n/**\n * Each payout/nopayout PSBT has exactly one input that needs signing.\n * Used to construct SignPsbtOptions for wallet.signPsbt().\n */\nconst SINGLE_PSBT_INPUT_COUNT = 1;\n\n/** Tracks which indices in the flat PSBT array belong to which challenger */\ninterface ChallengerEntry {\n  challengerPubkey: string;\n  noPayoutIdx: number;\n}\n\n/** Result of the collect phase — flat PSBT array with index mapping */\ninterface CollectedDepositorGraphPsbts {\n  psbtHexes: string[];\n  signOptions: SignPsbtOptions[];\n  challengerEntries: ChallengerEntry[];\n}\n\n// ============================================================================\n// PSBT verification — ensure pre-built PSBTs match advertised tx_hex\n// ============================================================================\n\n/**\n * Parse a base64-encoded PSBT and verify its unsigned transaction matches\n * the expected transaction hex. Catches VP serialization bugs.\n */\nfunction verifyAndParsePsbt(\n  psbtBase64: string,\n  expectedTxHex: string,\n  label: string,\n): Psbt {\n  const psbt = Psbt.fromBase64(psbtBase64);\n  const unsignedTxHex = psbt.data\n    .getTransaction()\n    .toString(\"hex\")\n    .toLowerCase();\n  const normalizedExpected = stripHexPrefix(expectedTxHex).toLowerCase();\n  if (unsignedTxHex !== normalizedExpected) {\n    throw new Error(\n      `PSBT integrity check failed for ${label}: unsigned transaction does not match tx_hex`,\n    );\n  }\n  return psbt;\n}\n\n/**\n * Sanitize a parsed PSBT for Taproot script-path signing.\n *\n * VP-provided PSBTs include tapBip32Derivation and tapMerkleRoot metadata\n * that causes some wallets (notably OKX) to ignore disableTweakSigner and\n * sign with a tweaked key. Stripping these fields forces the wallet to\n * rely solely on tapLeafScript for script-path signing.\n */\nfunction sanitizePsbtForScriptPathSigning(psbt: Psbt): Psbt {\n  const clone = Psbt.fromHex(psbt.toHex());\n  for (const input of clone.data.inputs) {\n    delete input.tapBip32Derivation;\n    delete input.tapMerkleRoot;\n  }\n  return clone;\n}\n\n/**\n * Validate, verify integrity, sanitize, and convert a PSBT to hex.\n */\nfunction validateAndConvertPsbt(\n  psbtBase64: string | undefined,\n  expectedTxHex: string,\n  label: string,\n): string {\n  if (!psbtBase64) {\n    throw new Error(`Missing ${label} PSBT`);\n  }\n  const psbt = verifyAndParsePsbt(psbtBase64, expectedTxHex, label);\n  const sanitized = sanitizePsbtForScriptPathSigning(psbt);\n  return sanitized.toHex();\n}\n\n// ============================================================================\n// Collect phase — decode pre-built PSBTs from VP response\n// ============================================================================\n\n/**\n * Collect all pre-built PSBTs from the depositor graph and track their indices.\n * Layout: [Payout, NoPayout_0, NoPayout_1, ...]\n */\nfunction collectDepositorGraphPsbts(\n  depositorGraph: DepositorGraphTransactions,\n  walletPublicKey: string,\n): CollectedDepositorGraphPsbts {\n  const psbtHexes: string[] = [];\n  const signOptions: SignPsbtOptions[] = [];\n  const challengerEntries: ChallengerEntry[] = [];\n\n  const singleInputOpts = createTaprootScriptPathSignOptions(\n    walletPublicKey,\n    SINGLE_PSBT_INPUT_COUNT,\n  );\n\n  // Index 0: Payout PSBT\n  const payoutHex = validateAndConvertPsbt(\n    depositorGraph.payout_psbt,\n    depositorGraph.payout_tx.tx_hex,\n    \"depositor payout\",\n  );\n  psbtHexes.push(payoutHex);\n  signOptions.push(singleInputOpts);\n\n  // Per-challenger: 1 NoPayout\n  for (const challenger of depositorGraph.challenger_presign_data) {\n    const challengerPubkey = stripHexPrefix(challenger.challenger_pubkey);\n\n    const noPayoutIdx = psbtHexes.length;\n    const noPayoutHex = validateAndConvertPsbt(\n      challenger.nopayout_psbt,\n      challenger.nopayout_tx.tx_hex,\n      `nopayout (challenger ${challengerPubkey})`,\n    );\n    psbtHexes.push(noPayoutHex);\n    signOptions.push(singleInputOpts);\n\n    challengerEntries.push({\n      challengerPubkey,\n      noPayoutIdx,\n    });\n  }\n\n  return { psbtHexes, signOptions, challengerEntries };\n}\n\n// ============================================================================\n// Extract phase\n// ============================================================================\n\n/**\n * Extract all signatures from signed PSBTs and assemble into presignatures.\n */\nfunction extractDepositorGraphSignatures(\n  signedPsbtHexes: string[],\n  challengerEntries: ChallengerEntry[],\n  depositorPubkey: string,\n): DepositorAsClaimerPresignatures {\n  const payoutSignature = extractPayoutSignature(\n    signedPsbtHexes[0],\n    depositorPubkey,\n  );\n\n  const perChallenger: Record<string, DepositorPreSigsPerChallenger> = {};\n  for (const entry of challengerEntries) {\n    perChallenger[entry.challengerPubkey] = {\n      nopayout_signature: extractPayoutSignature(\n        signedPsbtHexes[entry.noPayoutIdx],\n        depositorPubkey,\n      ),\n    };\n  }\n\n  return {\n    payout_signatures: {\n      payout_signature: payoutSignature,\n    },\n    per_challenger: perChallenger,\n  };\n}\n\n/**\n * Sign multiple PSBTs, using batch signing when the wallet supports it.\n * Falls back to sequential `signPsbt` calls for wallets without `signPsbts`.\n */\nasync function signPsbtsWithFallback(\n  wallet: BitcoinWallet,\n  psbtHexes: string[],\n  options?: SignPsbtOptions[],\n): Promise<string[]> {\n  if (typeof wallet.signPsbts === \"function\") {\n    return wallet.signPsbts(psbtHexes, options);\n  }\n\n  const signed: string[] = [];\n  for (let i = 0; i < psbtHexes.length; i++) {\n    signed.push(await wallet.signPsbt(psbtHexes[i], options?.[i]));\n  }\n  return signed;\n}\n\n// ============================================================================\n// Main entry point\n// ============================================================================\n\nexport interface SignDepositorGraphParams {\n  /** The depositor graph from VP response (contains pre-built PSBTs) */\n  depositorGraph: DepositorGraphTransactions;\n  /** Depositor's BTC public key (x-only, 64-char hex, no 0x prefix) */\n  depositorBtcPubkey: string;\n  /** Bitcoin wallet for signing */\n  btcWallet: BitcoinWallet;\n}\n\n/**\n * Sign all depositor graph transactions and assemble into presignatures.\n *\n * Flow:\n * 1. Collect pre-built PSBTs from VP response (base64 -> hex)\n * 2. Batch sign via wallet.signPsbts() if available, else sequential signPsbt()\n * 3. Extract Schnorr signatures from each signed PSBT\n * 4. Assemble into DepositorAsClaimerPresignatures\n */\nexport async function signDepositorGraph(\n  params: SignDepositorGraphParams,\n): Promise<DepositorAsClaimerPresignatures> {\n  const { depositorGraph, depositorBtcPubkey, btcWallet } = params;\n\n  const depositorPubkey = stripHexPrefix(depositorBtcPubkey);\n  const walletPublicKey = await btcWallet.getPublicKeyHex();\n\n  // 1. Collect pre-built PSBTs from VP response\n  const { psbtHexes, signOptions, challengerEntries } =\n    collectDepositorGraphPsbts(depositorGraph, walletPublicKey);\n\n  // 2. Sign all PSBTs (batch when supported, sequential fallback for mobile)\n  const signedPsbtHexes = await signPsbtsWithFallback(\n    btcWallet,\n    psbtHexes,\n    signOptions,\n  );\n\n  if (signedPsbtHexes.length !== psbtHexes.length) {\n    throw new Error(\n      `Wallet returned ${signedPsbtHexes.length} signed PSBTs, expected ${psbtHexes.length}`,\n    );\n  }\n\n  // 3. Extract signatures and assemble presignatures\n  return extractDepositorGraphSignatures(\n    signedPsbtHexes,\n    challengerEntries,\n    depositorPubkey,\n  );\n}\n","/**\n * Payout Signing Orchestration\n *\n * Polls VP for `PendingDepositorSignatures`, fetches presign transactions,\n * signs payouts via PayoutManager, signs the depositor graph, and submits\n * all signatures back to the VP.\n *\n * This is the main deposit protocol step between registration and activation.\n */\n\nimport type { Network } from \"@babylonlabs-io/babylon-tbv-rust-wasm\";\nimport * as bitcoin from \"bitcoinjs-lib\";\nimport { Buffer } from \"buffer\";\n\nimport type { BitcoinWallet } from \"../../../../shared/wallets/interfaces\";\nimport { DaemonStatus } from \"../../clients/vault-provider/types\";\nimport type {\n  ClaimerSignatures,\n  ClaimerTransactions,\n} from \"../../clients/vault-provider/types\";\nimport { PayoutManager } from \"../../managers/PayoutManager\";\nimport {\n  processPublicKeyToXOnly,\n  stripHexPrefix,\n} from \"../../primitives/utils/bitcoin\";\nimport type { PeginStatusReader, PresignClient } from \"./interfaces\";\nimport { signDepositorGraph } from \"./signDepositorGraph\";\nimport { waitForPeginStatus } from \"./waitForPeginStatus\";\n\n// ============================================================================\n// Types\n// ============================================================================\n\n/**\n * Context required for signing payout transactions.\n * Caller builds this from on-chain data (contract queries, GraphQL, config).\n */\nexport interface PayoutSigningContext {\n  /** Raw pegin BTC transaction hex (for PSBT construction) */\n  peginTxHex: string;\n  /** Vault provider's BTC public key (x-only hex, no prefix) */\n  vaultProviderBtcPubkey: string;\n  /** Sorted vault keeper BTC public keys (x-only hex, no prefix) */\n  vaultKeeperBtcPubkeys: string[];\n  /** Sorted universal challenger BTC public keys (x-only hex, no prefix) */\n  universalChallengerBtcPubkeys: string[];\n  /** Depositor's BTC public key (x-only hex, no prefix) */\n  depositorBtcPubkey: string;\n  /** Pegin timelock from the locked offchain params version */\n  timelockPegin: number;\n  /** BTC network (Mainnet, Testnet, etc.) */\n  network: Network;\n  /** On-chain registered depositor payout scriptPubKey (hex) */\n  registeredPayoutScriptPubKey: string;\n}\n\nexport interface PollAndSignPayoutsParams {\n  /** VP client implementing the status reader interface */\n  statusReader: PeginStatusReader;\n  /** VP client implementing the presign transaction flow interface */\n  presignClient: PresignClient;\n  /** Bitcoin wallet for signing */\n  btcWallet: BitcoinWallet;\n  /** BTC pegin transaction ID (unprefixed hex, 64 chars) */\n  peginTxid: string;\n  /** Depositor's x-only BTC public key (unprefixed hex, 64 chars) */\n  depositorPk: string;\n  /** Signing context built from on-chain data */\n  signingContext: PayoutSigningContext;\n  /** Maximum polling timeout in milliseconds (default: 20 min) */\n  timeoutMs?: number;\n  /** AbortSignal for cancellation */\n  signal?: AbortSignal;\n  /** Optional progress callback (completed claimers, total claimers) */\n  onProgress?: (completed: number, total: number) => void;\n}\n\n// ============================================================================\n// Constants\n// ============================================================================\n\n/** Maximum polling timeout (20 minutes) — VP may take 15-20 min to prepare. */\nconst MAX_POLLING_TIMEOUT_MS = 20 * 60 * 1000;\n\n/** Statuses after payout signatures are submitted — if VP is already here, skip. */\nconst POST_PAYOUT_STATUSES: ReadonlySet<DaemonStatus> = new Set([\n  DaemonStatus.PENDING_ACKS,\n  DaemonStatus.PENDING_ACTIVATION,\n  DaemonStatus.ACTIVATED,\n]);\n\nconst TARGET_STATUS: ReadonlySet<DaemonStatus> = new Set([\n  DaemonStatus.PENDING_DEPOSITOR_SIGNATURES,\n  ...POST_PAYOUT_STATUSES,\n]);\n\n// ============================================================================\n// Internal helpers\n// ============================================================================\n\ninterface PreparedTransaction {\n  claimerPubkeyXOnly: string;\n  payoutTxHex: string;\n  assertTxHex: string;\n}\n\nfunction prepareTransactionsForSigning(\n  claimerTransactions: ClaimerTransactions[],\n): PreparedTransaction[] {\n  return claimerTransactions.map((tx) => ({\n    claimerPubkeyXOnly: processPublicKeyToXOnly(tx.claimer_pubkey),\n    payoutTxHex: tx.payout_tx.tx_hex,\n    assertTxHex: tx.assert_tx.tx_hex,\n  }));\n}\n\n/**\n * Derive BIP-86 P2TR scriptPubKey hex from an x-only public key.\n * Requires bitcoinjs-lib ECC to be initialized by the caller.\n */\nfunction deriveBip86ScriptPubKey(xOnlyPubkeyHex: string): string {\n  const { output } = bitcoin.payments.p2tr({\n    internalPubkey: Buffer.from(xOnlyPubkeyHex, \"hex\"),\n  });\n  if (!output) {\n    throw new Error(\"Failed to derive BIP-86 P2TR scriptPubKey\");\n  }\n  return output.toString(\"hex\");\n}\n\n/**\n * Resolve the expected payout scriptPubKey for a given claimer.\n *\n * - VP/Depositor claimer: payout goes to the depositor's registered payout address\n * - VK claimer: payout goes to a BIP-86 P2TR address derived from the VK's pubkey\n *\n * Note: BIP-86 derivation for VK claimers requires bitcoinjs-lib's ECC to be initialized.\n */\nfunction resolvePayoutScriptPubKey(\n  claimerPubkeyXOnly: string,\n  context: PayoutSigningContext,\n): string {\n  const claimer = stripHexPrefix(claimerPubkeyXOnly).toLowerCase();\n  const vpPubkey = stripHexPrefix(\n    context.vaultProviderBtcPubkey,\n  ).toLowerCase();\n  const depositorPubkey = stripHexPrefix(\n    context.depositorBtcPubkey,\n  ).toLowerCase();\n\n  if (claimer === vpPubkey || claimer === depositorPubkey) {\n    return context.registeredPayoutScriptPubKey;\n  }\n\n  // Verify claimer is a known vault keeper\n  const isVaultKeeper = context.vaultKeeperBtcPubkeys.some(\n    (vk) => stripHexPrefix(vk).toLowerCase() === claimer,\n  );\n  if (!isVaultKeeper) {\n    throw new Error(\n      `Unknown claimer pubkey ${claimer}: not VP, depositor, or a registered vault keeper`,\n    );\n  }\n\n  // VK claimer: derive BIP-86 P2TR scriptPubKey from the VK's x-only pubkey\n  const scriptPubKey = deriveBip86ScriptPubKey(claimer);\n  return `0x${scriptPubKey}`;\n}\n\nfunction buildPayoutSigningInput(\n  tx: PreparedTransaction,\n  context: PayoutSigningContext,\n) {\n  return {\n    payoutTxHex: tx.payoutTxHex,\n    peginTxHex: context.peginTxHex,\n    assertTxHex: tx.assertTxHex,\n    vaultProviderBtcPubkey: context.vaultProviderBtcPubkey,\n    vaultKeeperBtcPubkeys: context.vaultKeeperBtcPubkeys,\n    universalChallengerBtcPubkeys: context.universalChallengerBtcPubkeys,\n    depositorBtcPubkey: context.depositorBtcPubkey,\n    timelockPegin: context.timelockPegin,\n    registeredPayoutScriptPubKey: resolvePayoutScriptPubKey(\n      tx.claimerPubkeyXOnly,\n      context,\n    ),\n  };\n}\n\n/**\n * Sign all payout transactions using PayoutManager.\n * Uses batch signing when wallet supports it, sequential otherwise.\n */\nasync function signPayoutTransactions(\n  btcWallet: BitcoinWallet,\n  context: PayoutSigningContext,\n  transactions: PreparedTransaction[],\n  onProgress?: (completed: number, total: number) => void,\n): Promise<Record<string, ClaimerSignatures>> {\n  const payoutManager = new PayoutManager({\n    network: context.network,\n    btcWallet,\n  });\n\n  const totalClaimers = transactions.length;\n  onProgress?.(0, totalClaimers);\n\n  let payoutSignatures: string[];\n\n  if (payoutManager.supportsBatchSigning()) {\n    const results = await payoutManager.signPayoutTransactionsBatch(\n      transactions.map((tx) => buildPayoutSigningInput(tx, context)),\n    );\n    payoutSignatures = results.map((r) => r.payoutSignature);\n  } else {\n    payoutSignatures = [];\n    for (let i = 0; i < transactions.length; i++) {\n      onProgress?.(i, totalClaimers);\n      const result = await payoutManager.signPayoutTransaction(\n        buildPayoutSigningInput(transactions[i], context),\n      );\n      payoutSignatures.push(result.signature);\n    }\n  }\n\n  const signatures: Record<string, ClaimerSignatures> = {};\n  for (let i = 0; i < transactions.length; i++) {\n    signatures[transactions[i].claimerPubkeyXOnly] = {\n      payout_signature: payoutSignatures[i],\n    };\n  }\n\n  onProgress?.(totalClaimers, totalClaimers);\n  return signatures;\n}\n\n// ============================================================================\n// Main entry point\n// ============================================================================\n\n/**\n * Poll for payout transactions, sign them, sign the depositor graph,\n * and submit all signatures to the vault provider.\n *\n * This is the main deposit protocol step between registration and activation.\n *\n * @throws Error on timeout, abort, signing failure, or RPC error\n */\nexport async function pollAndSignPayouts(\n  params: PollAndSignPayoutsParams,\n): Promise<void> {\n  const {\n    statusReader,\n    presignClient,\n    btcWallet,\n    peginTxid,\n    depositorPk,\n    signingContext,\n    timeoutMs = MAX_POLLING_TIMEOUT_MS,\n    signal,\n    onProgress,\n  } = params;\n\n  // Phase 1: Poll until VP is ready for depositor signatures (or already past)\n  const status = await waitForPeginStatus({\n    statusReader,\n    peginTxid,\n    targetStatuses: TARGET_STATUS,\n    timeoutMs,\n    signal,\n  });\n\n  // Resume-safe: if VP already moved past payout signing, nothing to do\n  if (POST_PAYOUT_STATUSES.has(status)) {\n    return;\n  }\n\n  signal?.throwIfAborted();\n\n  // Phase 2: Fetch presign transactions\n  const response = await presignClient.requestDepositorPresignTransactions(\n    {\n      pegin_txid: peginTxid,\n      depositor_pk: depositorPk,\n    },\n    signal,\n  );\n\n  signal?.throwIfAborted();\n\n  // Phase 3: Sign VP/VK claimer payout transactions\n  // Filter out the depositor's own claimer entry — its payout is signed\n  // separately via signDepositorGraph (Phase 4) using VP-provided PSBTs.\n  // Including it here would cause a redundant wallet signing prompt whose\n  // result is discarded when the depositor graph signature overwrites it.\n  const depositorPkNormalized = processPublicKeyToXOnly(depositorPk);\n  const nonDepositorTxs = response.txs.filter(\n    (tx) => processPublicKeyToXOnly(tx.claimer_pubkey) !== depositorPkNormalized,\n  );\n  const preparedTransactions = prepareTransactionsForSigning(nonDepositorTxs);\n  const claimerSignatures = await signPayoutTransactions(\n    btcWallet,\n    signingContext,\n    preparedTransactions,\n    onProgress,\n  );\n\n  signal?.throwIfAborted();\n\n  // Phase 4: Sign depositor-as-claimer graph\n  const depositorClaimerPresignatures = await signDepositorGraph({\n    depositorGraph: response.depositor_graph,\n    depositorBtcPubkey: depositorPk,\n    btcWallet,\n  });\n\n  signal?.throwIfAborted();\n\n  // Phase 5: Submit all signatures to VP\n  // Include depositor's own payout signature in the signatures map\n  const allSignatures = { ...claimerSignatures };\n  allSignatures[stripHexPrefix(depositorPk)] =\n    depositorClaimerPresignatures.payout_signatures;\n\n  await presignClient.submitDepositorPresignatures(\n    {\n      pegin_txid: peginTxid,\n      depositor_pk: depositorPk,\n      signatures: allSignatures,\n      depositor_claimer_presignatures: depositorClaimerPresignatures,\n    },\n    signal,\n  );\n}\n"],"names":["PayoutManager","config","__publicField","params","walletPubkeyRaw","depositorPubkey","validateWalletPubkey","payoutPsbt","buildPayoutPsbt","signedPsbtHex","createTaprootScriptPathSignOptions","extractPayoutSignature","transactions","psbtsToSign","signOptions","depositorPubkeys","tx","signedPsbts","results","i","payoutSignature","payoutTxHex","registeredPayoutScriptPubKey","isValidHex","expectedScript","Buffer","stripHexPrefix","payoutTx","Transaction","max","output","DEFAULT_POLL_INTERVAL_MS","waitForPeginStatus","statusReader","peginTxid","targetStatuses","timeoutMs","pollIntervalMs","signal","startTime","status","VP_TERMINAL_STATUSES","error","JsonRpcError","RpcErrorCode","resolve","reject","onAbort","timeoutId","STATUS_POLL_TIMEOUT_MS","TARGET_STATUSES","DaemonStatus","POST_WOTS_STATUSES","submitWotsPublicKey","wotsSubmitter","depositorPk","wotsPublicKeys","SINGLE_PSBT_INPUT_COUNT","verifyAndParsePsbt","psbtBase64","expectedTxHex","label","psbt","Psbt","unsignedTxHex","normalizedExpected","sanitizePsbtForScriptPathSigning","clone","input","validateAndConvertPsbt","collectDepositorGraphPsbts","depositorGraph","walletPublicKey","psbtHexes","challengerEntries","singleInputOpts","payoutHex","challenger","challengerPubkey","noPayoutIdx","noPayoutHex","extractDepositorGraphSignatures","signedPsbtHexes","perChallenger","entry","signPsbtsWithFallback","wallet","options","signed","signDepositorGraph","depositorBtcPubkey","btcWallet","MAX_POLLING_TIMEOUT_MS","POST_PAYOUT_STATUSES","TARGET_STATUS","prepareTransactionsForSigning","claimerTransactions","processPublicKeyToXOnly","deriveBip86ScriptPubKey","xOnlyPubkeyHex","bitcoin","resolvePayoutScriptPubKey","claimerPubkeyXOnly","context","claimer","vpPubkey","vk","buildPayoutSigningInput","signPayoutTransactions","onProgress","payoutManager","totalClaimers","payoutSignatures","r","result","signatures","pollAndSignPayouts","presignClient","signingContext","response","depositorPkNormalized","nonDepositorTxs","preparedTransactions","claimerSignatures","depositorClaimerPresignatures","allSignatures"],"mappings":"ssBAsJO,MAAMA,CAAc,CAQzB,YAAYC,EAA6B,CAPxBC,EAAA,eAQf,KAAK,OAASD,CAChB,CAwBA,MAAM,sBACJE,EACgC,CAEhC,KAAK,sBACHA,EAAO,YACPA,EAAO,4BAAA,EAIT,MAAMC,EAAkB,MAAM,KAAK,OAAO,UAAU,gBAAA,EAC9C,CAAE,gBAAAC,GAAoBC,EAAAA,qBAC1BF,EACAD,EAAO,kBAAA,EAIHI,EAAa,MAAMC,kBAAgB,CACvC,YAAaL,EAAO,YACpB,WAAYA,EAAO,WACnB,YAAaA,EAAO,YACpB,mBAAoBE,EACpB,uBAAwBF,EAAO,uBAC/B,sBAAuBA,EAAO,sBAC9B,8BAA+BA,EAAO,8BACtC,cAAeA,EAAO,cACtB,QAAS,KAAK,OAAO,OAAA,CACtB,EAGKM,EAAgB,MAAM,KAAK,OAAO,UAAU,SAChDF,EAAW,QACXG,EAAAA,mCAAmCN,EAAiB,CAAC,CAAA,EAMvD,MAAO,CACL,UAHgBO,EAAAA,uBAAuBF,EAAeJ,CAAe,EAIrE,mBAAoBA,CAAA,CAExB,CAOA,YAAsB,CACpB,OAAO,KAAK,OAAO,OACrB,CAOA,sBAAgC,CAC9B,OAAO,OAAO,KAAK,OAAO,UAAU,WAAc,UACpD,CAWA,MAAM,4BACJO,EAMA,CACA,GAAI,CAAC,KAAK,uBACR,MAAM,IAAI,MACR,wEAAA,EAKJ,MAAMR,EAAkB,MAAM,KAAK,OAAO,UAAU,gBAAA,EAG9CS,EAAwB,CAAA,EACxBC,EAAiC,CAAA,EACjCC,EAA6B,CAAA,EAEnC,UAAWC,KAAMJ,EAAc,CAE7B,KAAK,sBACHI,EAAG,YACHA,EAAG,4BAAA,EAIL,KAAM,CAAE,gBAAAX,GAAoBC,EAAAA,qBAC1BF,EACAY,EAAG,kBAAA,EAELD,EAAiB,KAAKV,CAAe,EAGrC,MAAME,EAAa,MAAMC,kBAAgB,CACvC,YAAaQ,EAAG,YAChB,WAAYA,EAAG,WACf,YAAaA,EAAG,YAChB,mBAAoBX,EACpB,uBAAwBW,EAAG,uBAC3B,sBAAuBA,EAAG,sBAC1B,8BAA+BA,EAAG,8BAClC,cAAeA,EAAG,cAClB,QAAS,KAAK,OAAO,OAAA,CACtB,EACDH,EAAY,KAAKN,EAAW,OAAO,EACnCO,EAAY,KAAKJ,EAAAA,mCAAmCN,EAAiB,CAAC,CAAC,CACzE,CAGA,MAAMa,EAAc,MAAM,KAAK,OAAO,UAAU,UAC9CJ,EACAC,CAAA,EAIF,GAAIG,EAAY,SAAWL,EAAa,OACtC,MAAM,IAAI,MACR,YAAYA,EAAa,MAAM,8BAA8BK,EAAY,MAAM,EAAA,EAKnF,MAAMC,EAGD,CAAA,EAEL,QAASC,EAAI,EAAGA,EAAIP,EAAa,OAAQO,IAAK,CAC5C,MAAMd,EAAkBU,EAAiBI,CAAC,EACpCC,EAAkBT,EAAAA,uBACtBM,EAAYE,CAAC,EACbd,CAAA,EAGFa,EAAQ,KAAK,CACX,gBAAAE,EACA,mBAAoBf,CAAA,CACrB,CACH,CAEA,OAAOa,CACT,CAgBQ,sBACNG,EACAC,EACM,CACN,GAAI,CAACC,EAAAA,WAAWD,CAA4B,EAC1C,MAAM,IAAI,MACR,qDAAA,EAIJ,MAAME,EAAiBC,EAAAA,OAAO,KAC5BC,EAAAA,eAAeJ,CAA4B,EAC3C,KAAA,EAEIK,EAAWC,EAAAA,YAAY,QAAQF,EAAAA,eAAeL,CAAW,CAAC,EAEhE,GAAIM,EAAS,KAAK,SAAW,EAC3B,MAAM,IAAI,MAAM,mCAAmC,EASrD,GAAI,CAJkBA,EAAS,KAAK,OAAO,CAACE,EAAKC,IAC/CA,EAAO,MAAQD,EAAI,MAAQC,EAASD,CAAA,EAGnB,OAAO,OAAOL,CAAc,EAC7C,MAAM,IAAI,MACR,4EAAA,CAGN,CACF,CCpXA,MAAMO,EAA2B,IAuBjC,eAAsBC,EACpB7B,EACuB,CACvB,KAAM,CACJ,aAAA8B,EACA,UAAAC,EACA,eAAAC,EACA,UAAAC,EACA,eAAAC,EAAiBN,EACjB,OAAAO,CAAA,EACEnC,EAEEoC,EAAY,KAAK,IAAA,EAEvB,OAAa,CACX,GAAID,GAAA,MAAAA,EAAQ,QACV,MAAM,IAAI,MACR,6BAA6BJ,EAAU,MAAM,EAAG,CAAC,CAAC,cAAc,CAAC,GAAGC,CAAc,EAAE,KAAK,IAAI,CAAC,GAAA,EAIlG,GAAI,KAAK,MAAQI,GAAaH,EAC5B,MAAM,IAAI,MACR,yBAAyBA,CAAS,gBAAgBF,EAAU,MAAM,EAAG,CAAC,CAAC,cAAc,CAAC,GAAGC,CAAc,EAAE,KAAK,IAAI,CAAC,GAAA,EAIvH,GAAI,CAMF,MAAMK,GALW,MAAMP,EAAa,eAClC,CAAE,WAAYC,CAAA,EACdI,CAAA,GAGsB,OACxB,GAAIH,EAAe,IAAIK,CAAM,EAC3B,OAAOA,EAGT,GAAIC,EAAAA,qBAAqB,IAAID,CAAM,GAAK,CAACL,EAAe,IAAIK,CAAM,EAChE,MAAM,IAAI,MACR,SAASN,EAAU,MAAM,EAAG,CAAC,CAAC,8BAA8BM,CAAM,uBAAuB,CAAC,GAAGL,CAAc,EAAE,KAAK,IAAI,CAAC,EAAA,CAG7H,OAASO,EAAO,CAOd,GAAI,EAHDA,aAAiBC,EAAAA,cAChBD,EAAM,OAASE,EAAAA,aAAa,WAC7BF,aAAiB,OAASA,EAAM,QAAQ,SAAS,iBAAiB,GAEnE,MAAMA,CAEV,CAGA,MAAM,IAAI,QAAc,CAACG,EAASC,IAAW,CAC3C,MAAMC,EAAU,IAAM,CACpB,aAAaC,CAAS,EACtBF,EACE,IAAI,MACF,6BAA6BZ,EAAU,MAAM,EAAG,CAAC,CAAC,cAAc,CAAC,GAAGC,CAAc,EAAE,KAAK,IAAI,CAAC,GAAA,CAChG,CAEJ,EACMa,EAAY,WAAW,IAAM,CACjCV,GAAA,MAAAA,EAAQ,oBAAoB,QAASS,GACrCF,EAAA,CACF,EAAGR,CAAc,EACjBC,GAAA,MAAAA,EAAQ,iBAAiB,QAASS,EAAS,CAAE,KAAM,IACrD,CAAC,CACH,CACF,CC1FA,MAAME,EAAyB,IAAS,IAGlCC,MAAiD,IAAI,CACzDC,EAAAA,aAAa,0BACb,GAAGC,EAAAA,kBACL,CAAC,EAwBD,eAAsBC,EACpBlD,EACe,CACf,KAAM,CACJ,aAAA8B,EACA,cAAAqB,EACA,UAAApB,EACA,YAAAqB,EACA,eAAAC,EACA,UAAApB,EAAYa,EACZ,OAAAX,CAAA,EACEnC,EAEJmC,GAAA,MAAAA,EAAQ,iBAGR,MAAME,EAAS,MAAMR,EAAmB,CACtC,aAAAC,EACA,UAAAC,EACA,eAAgBgB,EAChB,UAAAd,EACA,OAAAE,CAAA,CACD,EAGGc,EAAAA,mBAAmB,IAAIZ,CAAM,IAIjCF,GAAA,MAAAA,EAAQ,iBAER,MAAMgB,EAAc,uBAClB,CACE,WAAYpB,EACZ,aAAcqB,EACd,iBAAkBC,CAAA,EAEpBlB,CAAA,EAEJ,CC3DA,MAAMmB,EAA0B,EAuBhC,SAASC,EACPC,EACAC,EACAC,EACM,CACN,MAAMC,EAAOC,EAAAA,KAAK,WAAWJ,CAAU,EACjCK,EAAgBF,EAAK,KACxB,eAAA,EACA,SAAS,KAAK,EACd,YAAA,EACGG,EAAqBvC,EAAAA,eAAekC,CAAa,EAAE,YAAA,EACzD,GAAII,IAAkBC,EACpB,MAAM,IAAI,MACR,mCAAmCJ,CAAK,8CAAA,EAG5C,OAAOC,CACT,CAUA,SAASI,EAAiCJ,EAAkB,CAC1D,MAAMK,EAAQJ,EAAAA,KAAK,QAAQD,EAAK,OAAO,EACvC,UAAWM,KAASD,EAAM,KAAK,OAC7B,OAAOC,EAAM,mBACb,OAAOA,EAAM,cAEf,OAAOD,CACT,CAKA,SAASE,EACPV,EACAC,EACAC,EACQ,CACR,GAAI,CAACF,EACH,MAAM,IAAI,MAAM,WAAWE,CAAK,OAAO,EAEzC,MAAMC,EAAOJ,EAAmBC,EAAYC,EAAeC,CAAK,EAEhE,OADkBK,EAAiCJ,CAAI,EACtC,MAAA,CACnB,CAUA,SAASQ,EACPC,EACAC,EAC8B,CAC9B,MAAMC,EAAsB,CAAA,EACtB3D,EAAiC,CAAA,EACjC4D,EAAuC,CAAA,EAEvCC,EAAkBjE,EAAAA,mCACtB8D,EACAf,CAAA,EAIImB,EAAYP,EAChBE,EAAe,YACfA,EAAe,UAAU,OACzB,kBAAA,EAEFE,EAAU,KAAKG,CAAS,EACxB9D,EAAY,KAAK6D,CAAe,EAGhC,UAAWE,KAAcN,EAAe,wBAAyB,CAC/D,MAAMO,EAAmBpD,EAAAA,eAAemD,EAAW,iBAAiB,EAE9DE,EAAcN,EAAU,OACxBO,EAAcX,EAClBQ,EAAW,cACXA,EAAW,YAAY,OACvB,wBAAwBC,CAAgB,GAAA,EAE1CL,EAAU,KAAKO,CAAW,EAC1BlE,EAAY,KAAK6D,CAAe,EAEhCD,EAAkB,KAAK,CACrB,iBAAAI,EACA,YAAAC,CAAA,CACD,CACH,CAEA,MAAO,CAAE,UAAAN,EAAW,YAAA3D,EAAa,kBAAA4D,CAAA,CACnC,CASA,SAASO,EACPC,EACAR,EACArE,EACiC,CACjC,MAAMe,EAAkBT,EAAAA,uBACtBuE,EAAgB,CAAC,EACjB7E,CAAA,EAGI8E,EAA+D,CAAA,EACrE,UAAWC,KAASV,EAClBS,EAAcC,EAAM,gBAAgB,EAAI,CACtC,mBAAoBzE,EAAAA,uBAClBuE,EAAgBE,EAAM,WAAW,EACjC/E,CAAA,CACF,EAIJ,MAAO,CACL,kBAAmB,CACjB,iBAAkBe,CAAA,EAEpB,eAAgB+D,CAAA,CAEpB,CAMA,eAAeE,EACbC,EACAb,EACAc,EACmB,CACnB,GAAI,OAAOD,EAAO,WAAc,WAC9B,OAAOA,EAAO,UAAUb,EAAWc,CAAO,EAG5C,MAAMC,EAAmB,CAAA,EACzB,QAASrE,EAAI,EAAGA,EAAIsD,EAAU,OAAQtD,IACpCqE,EAAO,KAAK,MAAMF,EAAO,SAASb,EAAUtD,CAAC,EAAGoE,GAAA,YAAAA,EAAUpE,EAAE,CAAC,EAE/D,OAAOqE,CACT,CAwBA,eAAsBC,EACpBtF,EAC0C,CAC1C,KAAM,CAAE,eAAAoE,EAAgB,mBAAAmB,EAAoB,UAAAC,CAAA,EAAcxF,EAEpDE,EAAkBqB,EAAAA,eAAegE,CAAkB,EACnDlB,EAAkB,MAAMmB,EAAU,gBAAA,EAGlC,CAAE,UAAAlB,EAAW,YAAA3D,EAAa,kBAAA4D,GAC9BJ,EAA2BC,EAAgBC,CAAe,EAGtDU,EAAkB,MAAMG,EAC5BM,EACAlB,EACA3D,CAAA,EAGF,GAAIoE,EAAgB,SAAWT,EAAU,OACvC,MAAM,IAAI,MACR,mBAAmBS,EAAgB,MAAM,2BAA2BT,EAAU,MAAM,EAAA,EAKxF,OAAOQ,EACLC,EACAR,EACArE,CAAA,CAEJ,CCxLA,MAAMuF,EAAyB,KAAU,IAGnCC,MAAsD,IAAI,CAC9D1C,EAAAA,aAAa,aACbA,EAAAA,aAAa,mBACbA,eAAa,SACf,CAAC,EAEK2C,MAA+C,IAAI,CACvD3C,EAAAA,aAAa,6BACb,GAAG0C,CACL,CAAC,EAYD,SAASE,EACPC,EACuB,CACvB,OAAOA,EAAoB,IAAKhF,IAAQ,CACtC,mBAAoBiF,EAAAA,wBAAwBjF,EAAG,cAAc,EAC7D,YAAaA,EAAG,UAAU,OAC1B,YAAaA,EAAG,UAAU,MAAA,EAC1B,CACJ,CAMA,SAASkF,EAAwBC,EAAgC,CAC/D,KAAM,CAAE,OAAArE,CAAA,EAAWsE,EAAQ,SAAS,KAAK,CACvC,eAAgB3E,EAAAA,OAAO,KAAK0E,EAAgB,KAAK,CAAA,CAClD,EACD,GAAI,CAACrE,EACH,MAAM,IAAI,MAAM,2CAA2C,EAE7D,OAAOA,EAAO,SAAS,KAAK,CAC9B,CAUA,SAASuE,EACPC,EACAC,EACQ,CACR,MAAMC,EAAU9E,EAAAA,eAAe4E,CAAkB,EAAE,YAAA,EAC7CG,EAAW/E,EAAAA,eACf6E,EAAQ,sBAAA,EACR,YAAA,EACIlG,EAAkBqB,EAAAA,eACtB6E,EAAQ,kBAAA,EACR,YAAA,EAEF,GAAIC,IAAYC,GAAYD,IAAYnG,EACtC,OAAOkG,EAAQ,6BAOjB,GAAI,CAHkBA,EAAQ,sBAAsB,KACjDG,GAAOhF,EAAAA,eAAegF,CAAE,EAAE,gBAAkBF,CAAA,EAG7C,MAAM,IAAI,MACR,0BAA0BA,CAAO,mDAAA,EAMrC,MAAO,KADcN,EAAwBM,CAAO,CAC5B,EAC1B,CAEA,SAASG,EACP3F,EACAuF,EACA,CACA,MAAO,CACL,YAAavF,EAAG,YAChB,WAAYuF,EAAQ,WACpB,YAAavF,EAAG,YAChB,uBAAwBuF,EAAQ,uBAChC,sBAAuBA,EAAQ,sBAC/B,8BAA+BA,EAAQ,8BACvC,mBAAoBA,EAAQ,mBAC5B,cAAeA,EAAQ,cACvB,6BAA8BF,EAC5BrF,EAAG,mBACHuF,CAAA,CACF,CAEJ,CAMA,eAAeK,EACbjB,EACAY,EACA3F,EACAiG,EAC4C,CAC5C,MAAMC,EAAgB,IAAI9G,EAAc,CACtC,QAASuG,EAAQ,QACjB,UAAAZ,CAAA,CACD,EAEKoB,EAAgBnG,EAAa,OACnCiG,GAAA,MAAAA,EAAa,EAAGE,GAEhB,IAAIC,EAEJ,GAAIF,EAAc,uBAIhBE,GAHgB,MAAMF,EAAc,4BAClClG,EAAa,IAAKI,GAAO2F,EAAwB3F,EAAIuF,CAAO,CAAC,CAAA,GAEpC,IAAKU,GAAMA,EAAE,eAAe,MAClD,CACLD,EAAmB,CAAA,EACnB,QAAS7F,EAAI,EAAGA,EAAIP,EAAa,OAAQO,IAAK,CAC5C0F,GAAA,MAAAA,EAAa1F,EAAG4F,GAChB,MAAMG,EAAS,MAAMJ,EAAc,sBACjCH,EAAwB/F,EAAaO,CAAC,EAAGoF,CAAO,CAAA,EAElDS,EAAiB,KAAKE,EAAO,SAAS,CACxC,CACF,CAEA,MAAMC,EAAgD,CAAA,EACtD,QAAShG,EAAI,EAAGA,EAAIP,EAAa,OAAQO,IACvCgG,EAAWvG,EAAaO,CAAC,EAAE,kBAAkB,EAAI,CAC/C,iBAAkB6F,EAAiB7F,CAAC,CAAA,EAIxC,OAAA0F,GAAA,MAAAA,EAAaE,EAAeA,GACrBI,CACT,CAcA,eAAsBC,EACpBjH,EACe,CACf,KAAM,CACJ,aAAA8B,EACA,cAAAoF,EACA,UAAA1B,EACA,UAAAzD,EACA,YAAAqB,EACA,eAAA+D,EACA,UAAAlF,EAAYwD,EACZ,OAAAtD,EACA,WAAAuE,CAAA,EACE1G,EAGEqC,EAAS,MAAMR,EAAmB,CACtC,aAAAC,EACA,UAAAC,EACA,eAAgB4D,EAChB,UAAA1D,EACA,OAAAE,CAAA,CACD,EAGD,GAAIuD,EAAqB,IAAIrD,CAAM,EACjC,OAGFF,GAAA,MAAAA,EAAQ,iBAGR,MAAMiF,EAAW,MAAMF,EAAc,oCACnC,CACE,WAAYnF,EACZ,aAAcqB,CAAA,EAEhBjB,CAAA,EAGFA,GAAA,MAAAA,EAAQ,iBAOR,MAAMkF,EAAwBvB,EAAAA,wBAAwB1C,CAAW,EAC3DkE,EAAkBF,EAAS,IAAI,OAClCvG,GAAOiF,EAAAA,wBAAwBjF,EAAG,cAAc,IAAMwG,CAAA,EAEnDE,EAAuB3B,EAA8B0B,CAAe,EACpEE,EAAoB,MAAMf,EAC9BjB,EACA2B,EACAI,EACAb,CAAA,EAGFvE,GAAA,MAAAA,EAAQ,iBAGR,MAAMsF,EAAgC,MAAMnC,EAAmB,CAC7D,eAAgB8B,EAAS,gBACzB,mBAAoBhE,EACpB,UAAAoC,CAAA,CACD,EAEDrD,GAAA,MAAAA,EAAQ,iBAIR,MAAMuF,EAAgB,CAAE,GAAGF,CAAA,EAC3BE,EAAcnG,EAAAA,eAAe6B,CAAW,CAAC,EACvCqE,EAA8B,kBAEhC,MAAMP,EAAc,6BAClB,CACE,WAAYnF,EACZ,aAAcqB,EACd,WAAYsE,EACZ,gCAAiCD,CAAA,EAEnCtF,CAAA,CAEJ"}

package/dist/tbv/core/services/deposit/__tests__/signAndSubmitPayouts.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=signAndSubmitPayouts.test.d.ts.map

package/dist/tbv/core/services/deposit/__tests__/signAndSubmitPayouts.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"signAndSubmitPayouts.test.d.ts","sourceRoot":"","sources":["../../../../../../src/tbv/core/services/deposit/__tests__/signAndSubmitPayouts.test.ts"],"names":[],"mappings":""}

package/dist/tbv/core/services/deposit/__tests__/signDepositorGraph.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=signDepositorGraph.test.d.ts.map

package/dist/tbv/core/services/deposit/__tests__/signDepositorGraph.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"signDepositorGraph.test.d.ts","sourceRoot":"","sources":["../../../../../../src/tbv/core/services/deposit/__tests__/signDepositorGraph.test.ts"],"names":[],"mappings":""}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@babylonlabs-io/ts-sdk",
-  "version": "0.17.0",
+  "version": "0.17.1",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",