@babylonlabs-io/ts-sdk 0.26.2 → 0.27.0

package/dist/buildAndBroadcastRefund-BzYJv-Fv.js

@@ -0,0 +1,862 @@
+var W = Object.defineProperty;
+var X = (e, t, r) => t in e ? W(e, t, { enumerable: !0, configurable: !0, writable: !0, value: r }) : e[t] = r;
+var P = (e, t, r) => X(e, typeof t != "symbol" ? t + "" : t, r);
+import { s as G, B as Y, c as j, a as q, R as Q, d as N, D as b } from "./sha2-ZzfZqQSw.js";
+import { v as A, b as J, s as l, e as Z, p as w, f } from "./bitcoin-B-Y0DlqR.js";
+import * as ee from "bitcoinjs-lib";
+import { Transaction as te, Psbt as B } from "bitcoinjs-lib";
+import { Buffer as V } from "buffer";
+import { c as y } from "./signing-BZigafm0.js";
+import "@babylonlabs-io/babylon-tbv-rust-wasm";
+import { a as H, e as x, b as re } from "./payout-B_fvQU3q.js";
+class oe {
+  /**
+   * Creates a new PayoutManager instance.
+   *
+   * @param config - Manager configuration including wallet
+   */
+  constructor(t) {
+    P(this, "config");
+    this.config = t;
+  }
+  /**
+   * Signs a Payout transaction and extracts the Schnorr signature.
+   *
+   * Flow:
+   * 1. Vault provider submits Claim transaction
+   * 2. Claimer submits Assert transaction to prove validity
+   * 3. Payout can be executed (references Assert tx)
+   *
+   * This method orchestrates the following steps:
+   * 1. Get wallet's public key and convert to x-only format
+   * 2. Validate wallet pubkey matches on-chain depositor pubkey (if provided)
+   * 3. Build unsigned PSBT using primitives
+   * 4. Sign PSBT via btcWallet.signPsbt()
+   * 5. Extract 64-byte Schnorr signature using primitives
+   *
+   * The returned signature can be submitted to the vault provider API.
+   *
+   * @param params - Payout signing parameters
+   * @returns Signature result with 64-byte Schnorr signature and depositor pubkey
+   * @throws Error if wallet pubkey doesn't match depositor pubkey
+   * @throws Error if wallet operations fail or signature extraction fails
+   */
+  async signPayoutTransaction(t) {
+    this.validatePayoutOutputs(
+      t.payoutTxHex,
+      t.registeredPayoutScriptPubKey
+    );
+    const r = await this.config.btcWallet.getPublicKeyHex(), { depositorPubkey: o } = A(
+      r,
+      t.depositorBtcPubkey
+    ), s = await H({
+      payoutTxHex: t.payoutTxHex,
+      peginTxHex: t.peginTxHex,
+      assertTxHex: t.assertTxHex,
+      depositorBtcPubkey: o,
+      vaultProviderBtcPubkey: t.vaultProviderBtcPubkey,
+      vaultKeeperBtcPubkeys: t.vaultKeeperBtcPubkeys,
+      universalChallengerBtcPubkeys: t.universalChallengerBtcPubkeys,
+      timelockPegin: t.timelockPegin,
+      network: this.config.network
+    }), c = await this.config.btcWallet.signPsbt(
+      s.psbtHex,
+      y(r, 1)
+    );
+    return {
+      signature: x(c, o),
+      depositorBtcPubkey: o
+    };
+  }
+  /**
+   * Gets the configured Bitcoin network.
+   *
+   * @returns The Bitcoin network (mainnet, testnet, signet, regtest)
+   */
+  getNetwork() {
+    return this.config.network;
+  }
+  /**
+   * Checks if the wallet supports batch signing (signPsbts).
+   *
+   * @returns true if batch signing is supported
+   */
+  supportsBatchSigning() {
+    return typeof this.config.btcWallet.signPsbts == "function";
+  }
+  /**
+   * Batch signs multiple payout transactions (1 per claimer).
+   * This allows signing all transactions with a single wallet interaction.
+   *
+   * @param transactions - Array of payout params to sign
+   * @returns Array of signature results matching input order
+   * @throws Error if wallet doesn't support batch signing
+   * @throws Error if any signing operation fails
+   */
+  async signPayoutTransactionsBatch(t) {
+    if (!this.supportsBatchSigning())
+      throw new Error(
+        "Wallet does not support batch signing (signPsbts method not available)"
+      );
+    const r = await this.config.btcWallet.getPublicKeyHex(), o = [], s = [], c = [];
+    for (const n of t) {
+      this.validatePayoutOutputs(
+        n.payoutTxHex,
+        n.registeredPayoutScriptPubKey
+      );
+      const { depositorPubkey: u } = A(
+        r,
+        n.depositorBtcPubkey
+      );
+      c.push(u);
+      const d = await H({
+        payoutTxHex: n.payoutTxHex,
+        peginTxHex: n.peginTxHex,
+        assertTxHex: n.assertTxHex,
+        depositorBtcPubkey: u,
+        vaultProviderBtcPubkey: n.vaultProviderBtcPubkey,
+        vaultKeeperBtcPubkeys: n.vaultKeeperBtcPubkeys,
+        universalChallengerBtcPubkeys: n.universalChallengerBtcPubkeys,
+        timelockPegin: n.timelockPegin,
+        network: this.config.network
+      });
+      o.push(d.psbtHex), s.push(y(r, 1));
+    }
+    const a = await this.config.btcWallet.signPsbts(
+      o,
+      s
+    );
+    if (a.length !== t.length)
+      throw new Error(
+        `Expected ${t.length} signed PSBTs but received ${a.length}`
+      );
+    const i = [];
+    for (let n = 0; n < t.length; n++) {
+      const u = c[n], d = x(
+        a[n],
+        u
+      );
+      i.push({
+        payoutSignature: d,
+        depositorBtcPubkey: u
+      });
+    }
+    return i;
+  }
+  /**
+   * Validates that the payout transaction's largest output pays to the
+   * registered depositor payout address (scriptPubKey).
+   *
+   * This prevents two attack vectors from a malicious vault provider:
+   * 1. Substituting a completely different payout address
+   * 2. Including a dust output to the correct address while routing
+   *    the actual funds to an attacker-controlled address
+   *
+   * @param payoutTxHex - Raw payout transaction hex
+   * @param registeredPayoutScriptPubKey - On-chain registered scriptPubKey (hex, with or without 0x prefix)
+   * @throws Error if scriptPubKey is invalid hex
+   * @throws Error if the largest output does not pay to the registered address
+   */
+  validatePayoutOutputs(t, r) {
+    if (!J(r))
+      throw new Error(
+        "Invalid registeredPayoutScriptPubKey: not valid hex"
+      );
+    const o = V.from(
+      l(r),
+      "hex"
+    ), s = te.fromHex(l(t));
+    if (s.outs.length === 0)
+      throw new Error("Payout transaction has no outputs");
+    if (!s.outs.reduce(
+      (a, i) => i.value > a.value ? i : a
+    ).script.equals(o))
+      throw new Error(
+        "Payout transaction does not pay to the registered depositor payout address"
+      );
+  }
+}
+const I = 66;
+function L(e) {
+  if (!e.startsWith("0x") && !e.startsWith("0X"))
+    throw new Error("Expected 0x-prefixed hex string");
+  const t = e.slice(2);
+  if (t.length % 2 !== 0)
+    throw new Error(`Hex string has odd length: ${t.length}`);
+  if (!/^[0-9a-fA-F]*$/.test(t))
+    throw new Error("Hex string contains non-hex characters");
+  const r = new Uint8Array(t.length / 2);
+  for (let o = 0; o < r.length; o++)
+    r[o] = parseInt(t.slice(o * 2, o * 2 + 2), 16);
+  return r;
+}
+function ne(e) {
+  return `0x${Array.from(e).map((t) => t.toString(16).padStart(2, "0")).join("")}`;
+}
+function S(e, t) {
+  if (e.length !== I)
+    throw new Error(
+      `${t} must be exactly 32 bytes (${I} hex chars with 0x prefix), got ${e.length}`
+    );
+}
+function se(e) {
+  S(e, "Secret");
+  const t = L(e), r = G(t);
+  return ne(r);
+}
+function ie(e, t) {
+  return S(e, "Secret"), S(t, "Hashlock"), L(t), se(e).toLowerCase() === t.toLowerCase();
+}
+const ae = /^0x[0-9a-fA-F]{64}$/, ue = /^0x[0-9a-fA-F]{40}$/, ce = /^0x([0-9a-fA-F]{2})*$/;
+function E(e, t) {
+  if (e.length !== 66)
+    throw new Error(
+      `${t} must be 32 bytes (66 hex chars with 0x prefix), got length ${e.length}`
+    );
+  if (!ae.test(e))
+    throw new Error(
+      `${t} must contain only hex characters after the 0x prefix`
+    );
+}
+function le(e, t) {
+  if (!ue.test(e))
+    throw new Error(
+      `${t} must be a 20-byte 0x-prefixed hex address (42 chars)`
+    );
+}
+function de(e, t) {
+  if (!ce.test(e))
+    throw new Error(
+      `${t} must be a 0x-prefixed hex string with an even number of hex chars`
+    );
+}
+async function Qe(e) {
+  const {
+    btcVaultRegistryAddress: t,
+    vaultId: r,
+    hashlock: o,
+    activationMetadata: s,
+    writeContract: c,
+    signal: a
+  } = e;
+  a == null || a.throwIfAborted(), le(t, "btcVaultRegistryAddress"), E(r, "vaultId");
+  const i = Z(e.secret);
+  if (E(i, "secret"), o !== void 0 && (E(o, "hashlock"), !ie(i, o)))
+    throw new Error(
+      "Invalid secret: SHA256(secret) does not match the provided hashlock"
+    );
+  return de(s, "activationMetadata"), c({
+    address: t,
+    abi: Y,
+    functionName: "activateVaultWithSecret",
+    args: [r, i, s]
+  });
+}
+const he = 1e4;
+async function D(e) {
+  const {
+    statusReader: t,
+    peginTxid: r,
+    targetStatuses: o,
+    timeoutMs: s,
+    pollIntervalMs: c = he,
+    signal: a
+  } = e, i = Date.now();
+  for (; ; ) {
+    if (a != null && a.aborted)
+      throw new Error(
+        `Polling aborted for pegin ${r.slice(0, 8)}… (target: ${[...o].join(", ")})`
+      );
+    if (Date.now() - i >= s)
+      throw new Error(
+        `Polling timeout after ${s}ms for pegin ${r.slice(0, 8)}… (target: ${[...o].join(", ")})`
+      );
+    try {
+      const u = (await t.getPeginStatus(
+        { pegin_txid: r },
+        a
+      )).status;
+      if (o.has(u))
+        return u;
+      if (j.has(u) && !o.has(u))
+        throw new Error(
+          `Pegin ${r.slice(0, 8)}… reached terminal status "${u}" while waiting for ${[...o].join(", ")}`
+        );
+    } catch (n) {
+      if (!(n instanceof q && n.code === Q.NOT_FOUND || n instanceof Error && n.message.includes("PegIn not found")))
+        throw n;
+    }
+    await new Promise((n, u) => {
+      const d = () => {
+        clearTimeout(h), u(
+          new Error(
+            `Polling aborted for pegin ${r.slice(0, 8)}… (target: ${[...o].join(", ")})`
+          )
+        );
+      }, h = setTimeout(() => {
+        a == null || a.removeEventListener("abort", d), n();
+      }, c);
+      a == null || a.addEventListener("abort", d, { once: !0 });
+    });
+  }
+}
+const pe = 300 * 1e3, fe = /* @__PURE__ */ new Set([
+  b.PENDING_DEPOSITOR_WOTS_PK,
+  ...N
+]);
+async function Je(e) {
+  const {
+    statusReader: t,
+    wotsSubmitter: r,
+    peginTxid: o,
+    depositorPk: s,
+    wotsPublicKeys: c,
+    timeoutMs: a = pe,
+    signal: i
+  } = e;
+  i == null || i.throwIfAborted();
+  const n = await D({
+    statusReader: t,
+    peginTxid: o,
+    targetStatuses: fe,
+    timeoutMs: a,
+    signal: i
+  });
+  N.has(n) || (i == null || i.throwIfAborted(), await r.submitDepositorWotsKey(
+    {
+      pegin_txid: o,
+      depositor_pk: s,
+      wots_public_keys: c
+    },
+    i
+  ));
+}
+const $ = 1;
+function ge(e, t, r) {
+  const o = B.fromBase64(e), s = o.data.getTransaction().toString("hex").toLowerCase(), c = l(t).toLowerCase();
+  if (s !== c)
+    throw new Error(
+      `PSBT integrity check failed for ${r}: unsigned transaction does not match tx_hex`
+    );
+  return o;
+}
+function be(e) {
+  const t = B.fromHex(e.toHex());
+  for (const r of t.data.inputs)
+    delete r.tapBip32Derivation, delete r.tapMerkleRoot;
+  return t;
+}
+function R(e, t, r) {
+  if (!e)
+    throw new Error(`Missing ${r} PSBT`);
+  const o = ge(e, t, r);
+  return be(o).toHex();
+}
+function ye(e, t) {
+  const r = [], o = [], s = [], c = R(
+    e.payout_psbt,
+    e.payout_tx.tx_hex,
+    "depositor payout"
+  );
+  r.push(c), o.push(
+    y(t, $)
+  );
+  for (const a of e.challenger_presign_data) {
+    const i = l(a.challenger_pubkey), n = r.length, u = R(
+      a.nopayout_psbt,
+      a.nopayout_tx.tx_hex,
+      `nopayout (challenger ${i})`
+    );
+    r.push(u), o.push(
+      y(t, $)
+    ), s.push({
+      challengerPubkey: i,
+      noPayoutIdx: n
+    });
+  }
+  return { psbtHexes: r, signOptions: o, challengerEntries: s };
+}
+function Pe(e, t, r) {
+  const o = x(
+    e[0],
+    r
+  ), s = {};
+  for (const c of t)
+    s[c.challengerPubkey] = {
+      nopayout_signature: x(
+        e[c.noPayoutIdx],
+        r
+      )
+    };
+  return {
+    payout_signatures: {
+      payout_signature: o
+    },
+    per_challenger: s
+  };
+}
+async function we(e, t, r) {
+  if (typeof e.signPsbts == "function")
+    return e.signPsbts(t, r);
+  const o = [];
+  for (let s = 0; s < t.length; s++)
+    o.push(await e.signPsbt(t[s], r == null ? void 0 : r[s]));
+  return o;
+}
+async function xe(e) {
+  const { depositorGraph: t, depositorBtcPubkey: r, btcWallet: o } = e, s = l(r), c = await o.getPublicKeyHex(), { psbtHexes: a, signOptions: i, challengerEntries: n } = ye(t, c), u = await we(
+    o,
+    a,
+    i
+  );
+  if (u.length !== a.length)
+    throw new Error(
+      `Wallet returned ${u.length} signed PSBTs, expected ${a.length}`
+    );
+  return Pe(
+    u,
+    n,
+    s
+  );
+}
+const me = 1200 * 1e3, K = /* @__PURE__ */ new Set([
+  b.PENDING_ACKS,
+  b.PENDING_ACTIVATION,
+  b.ACTIVATED
+]), ve = /* @__PURE__ */ new Set([
+  b.PENDING_DEPOSITOR_SIGNATURES,
+  ...K
+]);
+function Te(e) {
+  return e.map((t) => ({
+    claimerPubkeyXOnly: w(t.claimer_pubkey),
+    payoutTxHex: t.payout_tx.tx_hex,
+    assertTxHex: t.assert_tx.tx_hex
+  }));
+}
+function Ee(e) {
+  const { output: t } = ee.payments.p2tr({
+    internalPubkey: V.from(e, "hex")
+  });
+  if (!t)
+    throw new Error("Failed to derive BIP-86 P2TR scriptPubKey");
+  return t.toString("hex");
+}
+function ke(e, t) {
+  const r = l(e).toLowerCase(), o = l(
+    t.vaultProviderBtcPubkey
+  ).toLowerCase(), s = l(
+    t.depositorBtcPubkey
+  ).toLowerCase();
+  if (r === o || r === s)
+    return t.registeredPayoutScriptPubKey;
+  if (!t.vaultKeeperBtcPubkeys.some(
+    (i) => l(i).toLowerCase() === r
+  ))
+    throw new Error(
+      `Unknown claimer pubkey ${r}: not VP, depositor, or a registered vault keeper`
+    );
+  return `0x${Ee(r)}`;
+}
+function C(e, t) {
+  return {
+    payoutTxHex: e.payoutTxHex,
+    peginTxHex: t.peginTxHex,
+    assertTxHex: e.assertTxHex,
+    vaultProviderBtcPubkey: t.vaultProviderBtcPubkey,
+    vaultKeeperBtcPubkeys: t.vaultKeeperBtcPubkeys,
+    universalChallengerBtcPubkeys: t.universalChallengerBtcPubkeys,
+    depositorBtcPubkey: t.depositorBtcPubkey,
+    timelockPegin: t.timelockPegin,
+    registeredPayoutScriptPubKey: ke(
+      e.claimerPubkeyXOnly,
+      t
+    )
+  };
+}
+async function Se(e, t, r, o) {
+  const s = new oe({
+    network: t.network,
+    btcWallet: e
+  }), c = r.length;
+  o == null || o(0, c);
+  let a;
+  if (s.supportsBatchSigning())
+    a = (await s.signPayoutTransactionsBatch(
+      r.map((u) => C(u, t))
+    )).map((u) => u.payoutSignature);
+  else {
+    a = [];
+    for (let n = 0; n < r.length; n++) {
+      o == null || o(n, c);
+      const u = await s.signPayoutTransaction(
+        C(r[n], t)
+      );
+      a.push(u.signature);
+    }
+  }
+  const i = {};
+  for (let n = 0; n < r.length; n++)
+    i[r[n].claimerPubkeyXOnly] = {
+      payout_signature: a[n]
+    };
+  return o == null || o(c, c), i;
+}
+async function Ze(e) {
+  const {
+    statusReader: t,
+    presignClient: r,
+    btcWallet: o,
+    peginTxid: s,
+    depositorPk: c,
+    signingContext: a,
+    timeoutMs: i = me,
+    signal: n,
+    onProgress: u
+  } = e, d = await D({
+    statusReader: t,
+    peginTxid: s,
+    targetStatuses: ve,
+    timeoutMs: i,
+    signal: n
+  });
+  if (K.has(d))
+    return;
+  n == null || n.throwIfAborted();
+  const h = await r.requestDepositorPresignTransactions(
+    {
+      pegin_txid: s,
+      depositor_pk: c
+    },
+    n
+  );
+  n == null || n.throwIfAborted();
+  const g = w(c), m = h.txs.filter(
+    (z) => w(z.claimer_pubkey) !== g
+  ), v = Te(m), T = await Se(
+    o,
+    a,
+    v,
+    u
+  );
+  n == null || n.throwIfAborted();
+  const p = await xe({
+    depositorGraph: h.depositor_graph,
+    depositorBtcPubkey: c,
+    btcWallet: o
+  });
+  n == null || n.throwIfAborted();
+  const _ = { ...T };
+  _[l(c)] = p.payout_signatures, await r.submitDepositorPresignatures(
+    {
+      pegin_txid: s,
+      depositor_pk: c,
+      signatures: _,
+      depositor_claimer_presignatures: p
+    },
+    n
+  );
+}
+function Be(e) {
+  return /^[0-9a-fA-F]{64}$/.test(e);
+}
+function et(e) {
+  const {
+    amountSats: t,
+    minDeposit: r,
+    maxDeposit: o,
+    btcBalance: s,
+    estimatedFeeSats: c,
+    depositorClaimValue: a
+  } = e;
+  return !(t <= 0n || t < r || o && o > 0n && t > o || c == null || a == null || t + c + a > s);
+}
+function tt(e, t, r) {
+  return e <= 0n ? {
+    valid: !1,
+    error: "Deposit amount must be greater than zero"
+  } : e < t ? {
+    valid: !1,
+    error: `Minimum deposit is ${f(t)} BTC`
+  } : r && r > 0n && e > r ? {
+    valid: !1,
+    error: `Maximum deposit is ${f(r)} BTC`
+  } : { valid: !0 };
+}
+function rt(e) {
+  const { amount: t, effectiveRemaining: r } = e;
+  return r === null ? { valid: !0 } : r === 0n ? {
+    valid: !1,
+    error: "Supply cap reached — deposits temporarily paused"
+  } : t > r ? {
+    valid: !1,
+    error: `Vault size exceeds remaining capacity (${f(r)} BTC)`
+  } : { valid: !0 };
+}
+function ot(e, t) {
+  if (!e || e.length === 0)
+    return {
+      valid: !1,
+      error: "At least one vault provider must be selected"
+    };
+  const r = t.map(
+    (s) => s.toLowerCase()
+  );
+  return e.filter(
+    (s) => !r.includes(s.toLowerCase())
+  ).length > 0 ? {
+    valid: !1,
+    error: "Invalid vault provider selected"
+  } : { valid: !0 };
+}
+function _e(e, t, r) {
+  if (!e || e.length === 0)
+    return {
+      valid: !1,
+      error: "At least one vault amount required"
+    };
+  for (let o = 0; o < e.length; o++) {
+    const s = e[o];
+    if (s <= 0n)
+      return {
+        valid: !1,
+        error: `Vault ${o + 1} amount must be positive`
+      };
+    if (t && s < t)
+      return {
+        valid: !1,
+        error: `Vault ${o + 1} amount ${f(s)} BTC is below minimum deposit ${f(t)} BTC`
+      };
+    if (r && s > r)
+      return {
+        valid: !1,
+        error: `Vault ${o + 1} amount ${f(s)} BTC exceeds maximum deposit ${f(r)} BTC`
+      };
+  }
+  return { valid: !0 };
+}
+function Ae(e) {
+  const t = l(e);
+  return Be(t) ? { valid: !0 } : {
+    valid: !1,
+    error: "Invalid pubkey format: must be 64 hex characters (32-byte x-only public key, no 0x prefix)"
+  };
+}
+function He(e) {
+  if (!e || e.length === 0)
+    throw new Error(
+      "No vault keepers available. The system requires at least one vault keeper to create a deposit."
+    );
+}
+function Ie(e) {
+  if (!e || e.length === 0)
+    throw new Error(
+      "No universal challengers available. The system requires at least one universal challenger to create a deposit."
+    );
+}
+function $e(e) {
+  if (e.length === 0)
+    throw new Error("No spendable UTXOs available");
+}
+function nt(e) {
+  const {
+    vaultAmounts: t,
+    confirmedUTXOs: r,
+    vaultProviderBtcPubkey: o,
+    vaultKeeperBtcPubkeys: s,
+    universalChallengerBtcPubkeys: c,
+    minDeposit: a,
+    maxDeposit: i,
+    htlcSecretHexesLength: n,
+    depositorSecretHashesLength: u
+  } = e, d = t.length;
+  if (n !== d)
+    throw new Error(
+      `htlcSecretHexes length (${n}) must match vaultAmounts length (${d})`
+    );
+  if (u !== d)
+    throw new Error(
+      `depositorSecretHashes length (${u}) must match vaultAmounts length (${d})`
+    );
+  const h = _e(
+    t,
+    a,
+    i
+  );
+  if (!h.valid)
+    throw new Error(h.error);
+  const g = Ae(o);
+  if (!g.valid)
+    throw new Error(g.error);
+  He(s), Ie(c), $e(r);
+}
+var U = /* @__PURE__ */ ((e) => (e.CLAIM_EVENT_RECEIVED = "ClaimEventReceived", e.CLAIM_BROADCAST = "ClaimBroadcast", e.ASSERT_BROADCAST = "AssertBroadcast", e.CHALLENGE_ASSERT_OBSERVED = "ChallengeAssertObserved", e.WRONGLY_CHALLENGED_BROADCAST = "WronglyChallengedBroadcast", e.PAYOUT_BROADCAST = "PayoutBroadcast", e.FAILED = "Failed", e))(U || {});
+const Re = /* @__PURE__ */ new Set([
+  "PayoutBroadcast",
+  "Failed"
+  /* FAILED */
+]);
+function st(e) {
+  return Object.values(U).includes(
+    e
+  );
+}
+function it(e) {
+  return !!e && Re.has(e);
+}
+class Ce extends Error {
+  constructor(r, o) {
+    super(`Refund not yet mature (BIP68 not final): ${o.message}`);
+    P(this, "vaultId");
+    P(this, "cause");
+    this.name = "BIP68NotMatureError", this.vaultId = r, this.cause = o;
+  }
+}
+const Oe = /^0x[0-9a-fA-F]{64}$/, Ne = /^(?:0x)?(?:[0-9a-fA-F]{2})+$/, F = /^(?:0x)?(?:[0-9a-fA-F]{64}|[0-9a-fA-F]{66})$/, Ve = 160, Le = 1, O = 65535, De = /non-BIP68-final/i;
+function M(e, t) {
+  if (e.length !== 66)
+    throw new Error(
+      `${t} must be 32 bytes (66 hex chars with 0x prefix), got length ${e.length}`
+    );
+  if (!Oe.test(e))
+    throw new Error(
+      `${t} must contain only hex characters after the 0x prefix`
+    );
+}
+function k(e, t) {
+  if (!Number.isInteger(e) || e < 0)
+    throw new Error(`${t} must be a non-negative integer, got ${e}`);
+}
+function Ke(e) {
+  if (M(e.hashlock, "hashlock"), !Number.isInteger(e.htlcVout) || e.htlcVout < 0 || e.htlcVout > O)
+    throw new Error(
+      `htlcVout must be an integer 0-${O}, got ${e.htlcVout}`
+    );
+  if (k(e.offchainParamsVersion, "offchainParamsVersion"), k(e.appVaultKeepersVersion, "appVaultKeepersVersion"), k(
+    e.universalChallengersVersion,
+    "universalChallengersVersion"
+  ), typeof e.unsignedPrePeginTxHex != "string" || e.unsignedPrePeginTxHex.length === 0)
+    throw new Error("unsignedPrePeginTxHex must be a non-empty hex string");
+  if (!Ne.test(e.unsignedPrePeginTxHex))
+    throw new Error(
+      "unsignedPrePeginTxHex must be a hex byte string (optional 0x prefix, even length)"
+    );
+  if (!e.depositorBtcPubkey || !F.test(e.depositorBtcPubkey))
+    throw new Error(
+      "depositorBtcPubkey must be 32 or 33 bytes of hex (optional 0x prefix)"
+    );
+  if (typeof e.amount != "bigint" || e.amount <= 0n)
+    throw new Error(`amount must be a positive bigint, got ${e.amount}`);
+}
+function Ue(e) {
+  if (!e.vaultProviderPubkey || !F.test(e.vaultProviderPubkey))
+    throw new Error("vaultProviderPubkey must be 32 or 33 bytes of hex");
+  if (e.vaultKeeperPubkeys.length === 0)
+    throw new Error("vaultKeeperPubkeys must be non-empty");
+  if (e.universalChallengerPubkeys.length === 0)
+    throw new Error("universalChallengerPubkeys must be non-empty");
+  if (!Number.isInteger(e.timelockRefund) || e.timelockRefund <= 0)
+    throw new Error(
+      `timelockRefund must be a positive integer, got ${e.timelockRefund}`
+    );
+  if (typeof e.feeRate != "bigint" || e.feeRate <= 0n)
+    throw new Error(
+      `protocol feeRate must be a positive bigint, got ${e.feeRate}`
+    );
+  if (!Number.isInteger(e.numLocalChallengers) || e.numLocalChallengers < 0)
+    throw new Error("numLocalChallengers must be a non-negative integer");
+  if (!Number.isInteger(e.councilQuorum) || !Number.isInteger(e.councilSize) || e.councilQuorum <= 0 || e.councilSize <= 0 || e.councilQuorum > e.councilSize)
+    throw new Error(
+      `councilQuorum (${e.councilQuorum}) must be in [1, councilSize=${e.councilSize}]`
+    );
+}
+function Fe(e) {
+  const t = B.fromHex(e);
+  try {
+    t.finalizeAllInputs();
+  } catch (r) {
+    const o = r instanceof Error ? r.message : String(r);
+    if (!o.includes("already finalized"))
+      throw new Error(`Failed to finalize refund PSBT: ${o}`);
+  }
+  return t.extractTransaction().toHex();
+}
+async function at(e) {
+  const {
+    vaultId: t,
+    readVault: r,
+    readPrePeginContext: o,
+    feeRate: s,
+    signPsbt: c,
+    broadcastTx: a,
+    signal: i
+  } = e;
+  i == null || i.throwIfAborted(), M(t, "vaultId");
+  const n = await r();
+  Ke(n), i == null || i.throwIfAborted();
+  const u = await o(n);
+  if (Ue(u), i == null || i.throwIfAborted(), !Number.isFinite(s) || s <= 0)
+    throw new Error(`feeRate must be a positive number, got ${s}`);
+  const d = BigInt(Math.ceil(s * Ve));
+  i == null || i.throwIfAborted();
+  const h = w(
+    n.depositorBtcPubkey
+  ), { psbtHex: g } = await re({
+    prePeginParams: {
+      depositorPubkey: h,
+      vaultProviderPubkey: l(u.vaultProviderPubkey),
+      vaultKeeperPubkeys: u.vaultKeeperPubkeys.map(l),
+      universalChallengerPubkeys: u.universalChallengerPubkeys.map(l),
+      hashlocks: [l(n.hashlock)],
+      timelockRefund: u.timelockRefund,
+      pegInAmounts: [n.amount],
+      feeRate: u.feeRate,
+      numLocalChallengers: u.numLocalChallengers,
+      councilQuorum: u.councilQuorum,
+      councilSize: u.councilSize,
+      network: u.network
+    },
+    fundedPrePeginTxHex: l(n.unsignedPrePeginTxHex),
+    htlcVout: n.htlcVout,
+    refundFee: d,
+    // buildRefundPsbt's top-level `hashlock` param is documented as "no 0x
+    // prefix" and flows into the WASM HTLC connector derivation; a prefixed
+    // value would derive the wrong refund script leaf and yield an
+    // unspendable PSBT. Match the `hashlocks` array handling above.
+    hashlock: l(n.hashlock)
+  });
+  i == null || i.throwIfAborted();
+  const m = y(
+    n.depositorBtcPubkey,
+    Le
+  ), v = await c(g, m), T = Fe(v);
+  i == null || i.throwIfAborted();
+  try {
+    return await a(T);
+  } catch (p) {
+    throw p instanceof Error && De.test(p.message) ? new Ce(t, p) : p;
+  }
+}
+export {
+  Ce as B,
+  U as C,
+  oe as P,
+  Qe as a,
+  xe as b,
+  rt as c,
+  ot as d,
+  _e as e,
+  Ae as f,
+  nt as g,
+  se as h,
+  et as i,
+  ie as j,
+  st as k,
+  it as l,
+  at as m,
+  Ze as p,
+  Je as s,
+  tt as v,
+  D as w
+};
+//# sourceMappingURL=buildAndBroadcastRefund-BzYJv-Fv.js.map