@babylonlabs-io/ts-sdk 0.33.3 → 0.33.5

package/dist/vault-registry-reader-BDFpXeH7.js

@@ -0,0 +1,1152 @@
+var ce = Object.defineProperty;
+var le = (n, e, t) => e in n ? ce(n, e, { enumerable: !0, configurable: !0, writable: !0, value: t }) : n[e] = t;
+var h = (n, e, t) => le(n, typeof e != "symbol" ? e + "" : e, t);
+import { D as ue, J as Y, e as de } from "./types-TiIjyo2b.js";
+import { X as B, C as K, s as C, S as pe, h as he } from "./bitcoin-B0S8SHCX.js";
+import { H as k } from "./validation-CxqROCno.js";
+import * as N from "@bitcoin-js/tiny-secp256k1-asmjs";
+import { payments as ge, Transaction as D } from "bitcoinjs-lib";
+import { Buffer as x } from "buffer";
+import { s as G } from "./sha2-6wN58S6R.js";
+import { B as S } from "./BTCVaultRegistry.abi-DbJ5lsFJ.js";
+import { P as b, A as O } from "./ProtocolParams.abi-DXu8L0Fn.js";
+const F = new Set(Object.values(ue)), fe = 200;
+function c(n) {
+  var e;
+  return ((e = JSON.stringify(n)) == null ? void 0 : e.slice(0, fe)) ?? "undefined";
+}
+const _e = "The vault provider returned an unexpected response. Please try again or contact support.";
+class s extends Error {
+  constructor(t) {
+    super(_e);
+    h(this, "detail");
+    this.name = "VpResponseValidationError", this.detail = t;
+  }
+}
+const V = 64;
+function P(n) {
+  return typeof n == "string" && n.length > 0 && k.test(n);
+}
+function Z(n) {
+  return typeof n == "string" && n.length > 0;
+}
+function Q(n, e) {
+  if (!P(n))
+    throw new s(
+      `VP response validation failed: "${e}" must be a non-empty hex string, got ${c(n)}`
+    );
+}
+function g(n, e) {
+  if (!Z(n))
+    throw new s(
+      `VP response validation failed: "${e}" must be a non-empty string, got ${c(n)}`
+    );
+}
+function ee(n, e) {
+  if (!P(n) || n.length !== B && n.length !== K)
+    throw new s(
+      `VP response validation failed: "${e}" must be a ${B} or ${K}-char hex string (BTC pubkey), got ${c(n)}`
+    );
+}
+function me(n) {
+  const e = n.presigning;
+  if (e == null) return;
+  if (typeof e != "object" || Array.isArray(e))
+    throw new s(
+      'VP response validation failed: "progress.presigning" must be an object if present'
+    );
+  const t = e;
+  if (t.depositor_graph_created !== void 0 && typeof t.depositor_graph_created != "boolean")
+    throw new s(
+      `VP response validation failed: "progress.presigning.depositor_graph_created" must be a boolean if present, got ${c(t.depositor_graph_created)}`
+    );
+  if (t.vk_challenger_presigning_completed !== void 0 && typeof t.vk_challenger_presigning_completed != "number")
+    throw new s(
+      `VP response validation failed: "progress.presigning.vk_challenger_presigning_completed" must be a number if present, got ${c(t.vk_challenger_presigning_completed)}`
+    );
+  if (t.vk_challenger_presigning_total !== void 0 && typeof t.vk_challenger_presigning_total != "number")
+    throw new s(
+      `VP response validation failed: "progress.presigning.vk_challenger_presigning_total" must be a number if present, got ${c(t.vk_challenger_presigning_total)}`
+    );
+}
+function te(n) {
+  if (n === null || typeof n != "object")
+    throw new s(
+      "VP response validation failed: getPeginStatus response is not an object"
+    );
+  const e = n;
+  if (!P(e.pegin_txid) || e.pegin_txid.length !== V)
+    throw new s(
+      `VP response validation failed: "pegin_txid" must be a ${V}-char hex string (txid), got ${c(e.pegin_txid)}`
+    );
+  if (typeof e.status != "string")
+    throw new s(
+      'VP response validation failed: "status" must be a string'
+    );
+  if (!F.has(e.status))
+    throw new s(
+      `VP response validation failed: unrecognized status "${e.status}". Expected one of: ${[...F].join(", ")}`
+    );
+  if (e.progress === null || typeof e.progress != "object" || Array.isArray(e.progress))
+    throw new s(
+      'VP response validation failed: "progress" must be an object'
+    );
+  if (me(e.progress), typeof e.health_info != "string")
+    throw new s(
+      'VP response validation failed: "health_info" must be a string'
+    );
+  if (e.last_error !== void 0 && typeof e.last_error != "string")
+    throw new s(
+      `VP response validation failed: "last_error" must be a string if present, got ${c(e.last_error)}`
+    );
+}
+function be(n) {
+  if (n === null || typeof n != "object")
+    throw new s(
+      "VP response validation failed: requestDepositorPresignTransactions response is not an object"
+    );
+  const e = n;
+  if (!Array.isArray(e.txs))
+    throw new s(
+      'VP response validation failed: "txs" must be an array'
+    );
+  for (let t = 0; t < e.txs.length; t++)
+    ye(e.txs[t], `txs[${t}]`);
+  if (e.depositor_graph === null || typeof e.depositor_graph != "object")
+    throw new s(
+      'VP response validation failed: "depositor_graph" must be an object'
+    );
+  $e(
+    e.depositor_graph
+  );
+}
+function y(n, e) {
+  if (n === null || typeof n != "object")
+    throw new s(
+      `VP response validation failed: "${e}" must be an object`
+    );
+  Q(n.tx_hex, `${e}.tx_hex`);
+}
+function ye(n, e) {
+  if (n === null || typeof n != "object")
+    throw new s(
+      `VP response validation failed: "${e}" must be an object`
+    );
+  const t = n;
+  ee(t.claimer_pubkey, `${e}.claimer_pubkey`), y(t.claim_tx, `${e}.claim_tx`), y(t.assert_tx, `${e}.assert_tx`), y(t.payout_tx, `${e}.payout_tx`), g(t.payout_psbt, `${e}.payout_psbt`);
+}
+function we(n, e) {
+  if (n === null || typeof n != "object")
+    throw new s(
+      `VP response validation failed: "${e}" must be an object`
+    );
+  const t = n;
+  g(t.wots_pks_json, `${e}.wots_pks_json`), g(t.gc_wots_keys_json, `${e}.gc_wots_keys_json`);
+}
+function Pe(n, e) {
+  if (n === null || typeof n != "object")
+    throw new s(
+      `VP response validation failed: "${e}" must be an object`
+    );
+  const t = n;
+  if (ee(t.challenger_pubkey, `${e}.challenger_pubkey`), y(
+    t.challenge_assert_x_tx,
+    `${e}.challenge_assert_x_tx`
+  ), y(
+    t.challenge_assert_y_tx,
+    `${e}.challenge_assert_y_tx`
+  ), y(t.nopayout_tx, `${e}.nopayout_tx`), g(t.nopayout_psbt, `${e}.nopayout_psbt`), !Array.isArray(t.challenge_assert_connectors))
+    throw new s(
+      `VP response validation failed: "${e}.challenge_assert_connectors" must be an array`
+    );
+  for (let r = 0; r < t.challenge_assert_connectors.length; r++)
+    we(
+      t.challenge_assert_connectors[r],
+      `${e}.challenge_assert_connectors[${r}]`
+    );
+  if (!Array.isArray(t.output_label_hashes))
+    throw new s(
+      `VP response validation failed: "${e}.output_label_hashes" must be an array`
+    );
+  for (let r = 0; r < t.output_label_hashes.length; r++)
+    Q(
+      t.output_label_hashes[r],
+      `${e}.output_label_hashes[${r}]`
+    );
+}
+function ve(n) {
+  if (n === null || typeof n != "object")
+    throw new s(
+      "VP response validation failed: requestDepositorClaimerArtifacts response is not an object"
+    );
+  const e = n;
+  if (!Z(e.tx_graph_json))
+    throw new s(
+      `VP response validation failed: "tx_graph_json" must be a non-empty string, got ${c(e.tx_graph_json)}`
+    );
+  if (!P(e.verifying_key_hex))
+    throw new s(
+      `VP response validation failed: "verifying_key_hex" must be a non-empty hex string, got ${c(e.verifying_key_hex)}`
+    );
+  if (e.babe_sessions === null || typeof e.babe_sessions != "object")
+    throw new s(
+      'VP response validation failed: "babe_sessions" must be an object'
+    );
+  for (const [t, r] of Object.entries(
+    e.babe_sessions
+  )) {
+    if (r === null || typeof r != "object")
+      throw new s(
+        `VP response validation failed: "babe_sessions.${t}" must be an object`
+      );
+    const i = r;
+    if (!P(i.decryptor_artifacts_hex))
+      throw new s(
+        `VP response validation failed: "babe_sessions.${t}.decryptor_artifacts_hex" must be a non-empty hex string, got ${c(i.decryptor_artifacts_hex)}`
+      );
+  }
+}
+function xe(n) {
+  if (n === null || typeof n != "object")
+    throw new s(
+      "VP response validation failed: pegout status payload is not an object"
+    );
+  const e = n;
+  if (!P(e.pegin_txid) || e.pegin_txid.length !== V)
+    throw new s(
+      `VP response validation failed: "pegin_txid" must be a ${V}-char hex string (txid), got ${c(e.pegin_txid)}`
+    );
+  if (typeof e.found != "boolean")
+    throw new s(
+      `VP response validation failed: "found" must be a boolean, got ${c(e.found)}`
+    );
+  if (e.claimer !== null) {
+    if (typeof e.claimer != "object")
+      throw new s(
+        `VP response validation failed: "claimer" must be an object or null, got ${c(e.claimer)}`
+      );
+    Ve(e.claimer);
+  }
+  if (!Array.isArray(e.challengers))
+    throw new s(
+      `VP response validation failed: "challengers" must be an array, got ${c(e.challengers)}`
+    );
+  for (let t = 0; t < e.challengers.length; t++)
+    Ae(e.challengers[t], t);
+}
+function Ve(n) {
+  if (g(n.status, "claimer.status"), typeof n.failed != "boolean")
+    throw new s(
+      `VP response validation failed: "claimer.failed" must be a boolean, got ${c(n.failed)}`
+    );
+  if (g(n.claim_txid, "claimer.claim_txid"), g(n.claimer_pubkey, "claimer.claimer_pubkey"), g(n.assert_txid, "claimer.assert_txid"), n.challenger_pubkey !== null && typeof n.challenger_pubkey != "string")
+    throw new s(
+      `VP response validation failed: "claimer.challenger_pubkey" must be a string or null, got ${c(n.challenger_pubkey)}`
+    );
+  if (typeof n.created_at != "number")
+    throw new s(
+      `VP response validation failed: "claimer.created_at" must be a number, got ${c(n.created_at)}`
+    );
+  if (typeof n.updated_at != "number")
+    throw new s(
+      `VP response validation failed: "claimer.updated_at" must be a number, got ${c(n.updated_at)}`
+    );
+}
+function Ae(n, e) {
+  if (n === null || typeof n != "object")
+    throw new s(
+      `VP response validation failed: "challengers[${e}]" must be an object, got ${c(n)}`
+    );
+  const t = n;
+  if (g(t.status, `challengers[${e}].status`), g(t.claim_txid, `challengers[${e}].claim_txid`), g(t.claimer_pubkey, `challengers[${e}].claimer_pubkey`), E(t.assert_txid, `challengers[${e}].assert_txid`), E(
+    t.challenge_assert_x_txid,
+    `challengers[${e}].challenge_assert_x_txid`
+  ), E(
+    t.challenge_assert_y_txid,
+    `challengers[${e}].challenge_assert_y_txid`
+  ), E(t.nopayout_txid, `challengers[${e}].nopayout_txid`), typeof t.created_at != "number")
+    throw new s(
+      `VP response validation failed: "challengers[${e}].created_at" must be a number, got ${c(t.created_at)}`
+    );
+  if (typeof t.updated_at != "number")
+    throw new s(
+      `VP response validation failed: "challengers[${e}].updated_at" must be a number, got ${c(t.updated_at)}`
+    );
+}
+function E(n, e) {
+  if (n !== null && typeof n != "string")
+    throw new s(
+      `VP response validation failed: "${e}" must be a string or null, got ${c(n)}`
+    );
+}
+function ke(n) {
+  ne(n, "batchGetPeginStatus", (e) => {
+    e.result !== null && te(e.result);
+  });
+}
+function Se(n) {
+  ne(n, "batchGetPegoutStatus", (e) => {
+    e.result !== null && xe(e.result);
+  });
+}
+function ne(n, e, t) {
+  if (n === null || typeof n != "object")
+    throw new s(
+      `VP response validation failed: ${e} response is not an object`
+    );
+  const r = n;
+  if (!Array.isArray(r.results))
+    throw new s(
+      `VP response validation failed: "${e}.results" must be an array, got ${c(r.results)}`
+    );
+  for (let i = 0; i < r.results.length; i++) {
+    const a = r.results[i];
+    if (a === null || typeof a != "object")
+      throw new s(
+        `VP response validation failed: "${e}.results[${i}]" must be an object, got ${c(a)}`
+      );
+    const o = a;
+    if (!P(o.pegin_txid) || o.pegin_txid.length !== V)
+      throw new s(
+        `VP response validation failed: "${e}.results[${i}].pegin_txid" must be a ${V}-char hex string, got ${c(o.pegin_txid)}`
+      );
+    if (o.error !== null && typeof o.error != "string")
+      throw new s(
+        `VP response validation failed: "${e}.results[${i}].error" must be a string or null, got ${c(o.error)}`
+      );
+    if (o.result === null && o.error === null)
+      throw new s(
+        `VP response validation failed: "${e}.results[${i}]" has neither "result" nor "error" populated`
+      );
+    if (o.result !== null && o.error !== null)
+      throw new s(
+        `VP response validation failed: "${e}.results[${i}]" has both "result" and "error" populated`
+      );
+    t(o, i);
+  }
+}
+function $e(n) {
+  if (y(n.claim_tx, "depositor_graph.claim_tx"), y(n.assert_tx, "depositor_graph.assert_tx"), y(n.payout_tx, "depositor_graph.payout_tx"), g(n.payout_psbt, "depositor_graph.payout_psbt"), !Array.isArray(n.challenger_presign_data))
+    throw new s(
+      'VP response validation failed: "depositor_graph.challenger_presign_data" must be an array'
+    );
+  for (let e = 0; e < n.challenger_presign_data.length; e++)
+    Pe(
+      n.challenger_presign_data[e],
+      `depositor_graph.challenger_presign_data[${e}]`
+    );
+  if (typeof n.offchain_params_version != "number")
+    throw new s(
+      'VP response validation failed: "depositor_graph.offchain_params_version" must be a number'
+    );
+}
+const Te = 6e4;
+class Ce {
+  constructor(e, t) {
+    h(this, "client");
+    const r = {
+      baseUrl: e,
+      timeout: (t == null ? void 0 : t.timeout) ?? Te,
+      retries: t == null ? void 0 : t.retries,
+      retryDelay: t == null ? void 0 : t.retryDelay,
+      retryableFor: t == null ? void 0 : t.retryableFor,
+      headers: t == null ? void 0 : t.headers,
+      tokenProvider: t == null ? void 0 : t.tokenProvider,
+      maxResponseBytes: t == null ? void 0 : t.maxResponseBytes
+    };
+    this.client = new Y(r);
+  }
+  /**
+   * Request the payout/claim/assert transactions that the depositor
+   * needs to pre-sign before the vault can be activated on Bitcoin.
+   */
+  async requestDepositorPresignTransactions(e, t) {
+    const r = await this.client.call("vaultProvider_requestDepositorPresignTransactions", e, t);
+    return be(r), r;
+  }
+  /**
+   * Submit the depositor's pre-signatures for the payout transactions
+   * and the depositor-as-claimer graph.
+   */
+  async submitDepositorPresignatures(e, t) {
+    return this.client.call(
+      "vaultProvider_submitDepositorPresignatures",
+      e,
+      t
+    );
+  }
+  /**
+   * Submit the depositor's WOTS public key to the vault provider.
+   * Called after the pegin is finalized on Ethereum, when the VP is in
+   * `PendingDepositorWotsPK` status.
+   */
+  async submitDepositorWotsKey(e, t) {
+    return this.client.call(
+      "vaultProvider_submitDepositorWotsKey",
+      e,
+      t
+    );
+  }
+  /**
+   * Request the BaBe DecryptorArtifacts needed for the depositor to
+   * independently evaluate garbled circuits during a challenge.
+   */
+  async requestDepositorClaimerArtifacts(e, t) {
+    const r = await this.client.call("vaultProvider_requestDepositorClaimerArtifacts", e, t);
+    return ve(r), r;
+  }
+  /** Get the current pegin status from the vault provider daemon. */
+  async getPeginStatus(e, t) {
+    const r = await this.client.call(
+      "vaultProvider_getPeginStatus",
+      e,
+      t
+    );
+    return te(r), r;
+  }
+  /**
+   * Get pegin status for many txids in one round trip. Per-result envelope
+   * isolates per-pegin failures from the overall RPC. Caller must chunk
+   * inputs at `VP_BATCH_MAX_SIZE`.
+   */
+  async batchGetPeginStatus(e, t) {
+    const r = await this.client.call("vaultProvider_batchGetPeginStatus", e, t);
+    return ke(r), r;
+  }
+  /**
+   * Get pegout status for many txids in one round trip. Same per-result
+   * envelope semantics as `batchGetPeginStatus`.
+   */
+  async batchGetPegoutStatus(e, t) {
+    const r = await this.client.call("vaultProvider_batchGetPegoutStatus", e, t);
+    return Se(r), r;
+  }
+}
+function Ee(n, e) {
+  const t = /* @__PURE__ */ new Set();
+  for (const d of n)
+    t.add(d.toLowerCase());
+  const r = /* @__PURE__ */ new Map(), i = /* @__PURE__ */ new Set(), a = [], o = [];
+  for (const d of e) {
+    const l = d.pegin_txid.toLowerCase();
+    if (!t.has(l)) {
+      o.push(l);
+      continue;
+    }
+    if (i.has(l)) {
+      a.push(l);
+      continue;
+    }
+    i.add(l), r.set(l, { result: d.result, error: d.error });
+  }
+  const u = [];
+  for (const d of t)
+    i.has(d) || u.push(d);
+  return { byTxid: r, missing: u, unexpected: o, duplicate: a };
+}
+async function et(n) {
+  const {
+    items: e,
+    getTxid: t,
+    batchCall: r,
+    onItem: i,
+    onMissing: a,
+    onDuplicate: o,
+    onDuplicateBatch: u,
+    onWholeBatchError: d,
+    onUnexpected: l,
+    batchSize: m = de
+  } = n;
+  if (!Number.isInteger(m) || m <= 0)
+    throw new Error(
+      `batchPollByProvider: batchSize must be a positive integer, got ${m}`
+    );
+  for (let w = 0; w < e.length; w += m) {
+    const A = e.slice(w, w + m), $ = /* @__PURE__ */ new Map(), j = [];
+    for (const p of A) {
+      const f = t(p).toLowerCase();
+      $.set(f, p), j.push(f);
+    }
+    let v;
+    try {
+      const p = await r(j);
+      v = Ee(j, p.results);
+    } catch (p) {
+      d(A, p);
+      continue;
+    }
+    l && v.unexpected.length > 0 && l(v.unexpected);
+    const T = new Set(v.duplicate);
+    for (const p of T) {
+      const f = $.get(p);
+      f && o(f);
+    }
+    u && T.size > 0 && u(T.size);
+    for (const p of v.missing) {
+      const f = $.get(p);
+      f && a(f);
+    }
+    for (const [p, f] of v.byTxid) {
+      if (T.has(p)) continue;
+      const M = $.get(p);
+      M && i(M, {
+        pegin_txid: p,
+        result: f.result,
+        error: f.error
+      });
+    }
+  }
+}
+const Ie = "BIP0322-signed-message", Be = "TapTweak", re = 32, Re = 64;
+function se(n, e) {
+  const t = new TextEncoder().encode(n), r = G(t), i = new Uint8Array(r.length * 2 + e.length);
+  return i.set(r, 0), i.set(r, r.length), i.set(e, r.length * 2), G(i);
+}
+function He(n) {
+  if (n.length !== re) return null;
+  const e = se(Be, n), t = N.xOnlyPointAddTweak(n, e);
+  return t ? t.xOnlyPubkey : null;
+}
+function Ne(n, e, t) {
+  if (e.length !== re || t.length !== Re) return !1;
+  try {
+    const r = se(Ie, n), i = ge.p2tr({
+      internalPubkey: x.from(e)
+    });
+    if (!i.output) return !1;
+    const a = i.output, o = 0, u = new D();
+    u.version = 0, u.locktime = 0;
+    const d = x.concat([
+      x.from([0, 32]),
+      x.from(r)
+    ]);
+    u.addInput(
+      x.alloc(32, 0),
+      // prev_txid = 0x0000...0000
+      4294967295,
+      // prev_vout = 0xFFFFFFFF
+      0,
+      // sequence = 0
+      d
+    ), u.addOutput(a, o);
+    const l = new D();
+    l.version = 0, l.locktime = 0;
+    const m = u.getHash();
+    l.addInput(m, 0, 0), l.addOutput(x.from([106]), o);
+    const w = l.hashForWitnessV1(
+      0,
+      [a],
+      [o],
+      D.SIGHASH_DEFAULT
+    ), A = He(e);
+    return A ? N.verifySchnorr(w, A, t) : !1;
+  } catch {
+    return !1;
+  }
+}
+function R(n, e) {
+  const t = (n & 7) << 5, r = typeof e == "bigint" ? e : BigInt(e);
+  if (r < 0n) throw new Error("cborHead: negative argument");
+  if (r < 24n) return new Uint8Array([t | Number(r)]);
+  if (r < 0x100n) return new Uint8Array([t | 24, Number(r)]);
+  if (r < 0x10000n) {
+    const a = Number(r);
+    return new Uint8Array([t | 25, a >>> 8 & 255, a & 255]);
+  }
+  if (r < 0x100000000n) {
+    const a = Number(r);
+    return new Uint8Array([
+      t | 26,
+      a >>> 24 & 255,
+      a >>> 16 & 255,
+      a >>> 8 & 255,
+      a & 255
+    ]);
+  }
+  const i = new Uint8Array(9);
+  i[0] = t | 27;
+  for (let a = 7; a >= 0; a--)
+    i[1 + a] = Number(r >> BigInt((7 - a) * 8)) & 255;
+  return i;
+}
+function ie(...n) {
+  const e = n.reduce((i, a) => i + a.length, 0), t = new Uint8Array(e);
+  let r = 0;
+  for (const i of n)
+    t.set(i, r), r += i.length;
+  return t;
+}
+function X(n) {
+  const t = [R(4, n.length)];
+  for (const r of n)
+    t.push(R(0, r));
+  return ie(...t);
+}
+function je(n, e, t) {
+  if (!Number.isSafeInteger(t) || t < 0)
+    throw new Error(
+      `encodeServerIdentityPayload: expires_at must be a non-negative safe integer, got ${t}`
+    );
+  const r = R(4, 3), i = X(n), a = X(e), o = R(0, t);
+  return ie(r, i, a, o);
+}
+const De = new TextEncoder().encode(
+  "btc-auth.server-identity.v1"
+);
+class _ extends Error {
+  constructor(e, t) {
+    super(e), this.reason = t, this.name = "ServerIdentityError";
+  }
+}
+function I(n) {
+  const e = new Uint8Array(n.length / 2);
+  for (let t = 0; t < e.length; t++)
+    e[t] = parseInt(n.slice(t * 2, t * 2 + 2), 16);
+  return e;
+}
+function Oe(n) {
+  const { proof: e, pinnedServerPubkey: t, now: r } = n, i = C(t).toLowerCase();
+  if (i.length !== B || !k.test(i))
+    throw new _(
+      `pinnedServerPubkey must be 32-byte hex; got ${i.length} chars`,
+      "invalid_pubkey_encoding"
+    );
+  const a = C(e.server_pubkey).toLowerCase();
+  if (a.length !== B || !k.test(a))
+    throw new _(
+      `server_pubkey must be 32-byte hex; got ${a.length} chars`,
+      "invalid_pubkey_encoding"
+    );
+  if (a !== i)
+    throw new _(
+      `server_pubkey does not match pinned value: expected ${i}, got ${a}`,
+      "pinned_pubkey_mismatch"
+    );
+  if (!Number.isSafeInteger(e.expires_at))
+    throw new _(
+      `expires_at must be a finite integer; got ${JSON.stringify(e.expires_at)}`,
+      "invalid_expires_at"
+    );
+  if (!Number.isSafeInteger(r))
+    throw new _(
+      `now must be a finite integer; got ${JSON.stringify(r)}`,
+      "invalid_expires_at"
+    );
+  if (e.expires_at <= r)
+    throw new _(
+      `server identity proof expired at ${e.expires_at}, now ${r}`,
+      "expired"
+    );
+  const o = C(e.ephemeral_pubkey).toLowerCase();
+  if (o.length !== K || !k.test(o))
+    throw new _(
+      `ephemeral_pubkey must be 33-byte compressed hex; got ${o.length} chars`,
+      "invalid_ephemeral_pubkey"
+    );
+  const u = o.slice(0, 2);
+  if (u !== "02" && u !== "03")
+    throw new _(
+      `ephemeral_pubkey must be compressed (prefix 02/03); got ${u}`,
+      "invalid_ephemeral_pubkey"
+    );
+  const d = I(o);
+  if (!N.isPoint(d))
+    throw new _(
+      "ephemeral_pubkey is not a valid secp256k1 point",
+      "invalid_ephemeral_pubkey"
+    );
+  const l = C(e.signature).toLowerCase();
+  if (l.length !== pe || !k.test(l))
+    throw new _(
+      `signature must be 64-byte Schnorr hex; got ${l.length} chars`,
+      "invalid_signature_encoding"
+    );
+  const m = je(
+    De,
+    I(o),
+    e.expires_at
+  );
+  if (!Ne(m, I(a), I(l)))
+    throw new _(
+      "BIP-322 signature verification failed — ephemeral key is not attested by pinned server pubkey",
+      "signature_verification_failed"
+    );
+}
+const Ue = /* @__PURE__ */ new Set([
+  "vaultProvider_submitDepositorWotsKey",
+  "vaultProvider_submitDepositorPresignatures",
+  "vaultProvider_requestDepositorPresignTransactions"
+]), Ke = 6e4, L = "auth_createDepositorToken";
+function ae(n, e) {
+  return new Y({
+    baseUrl: n,
+    timeout: Ke,
+    headers: e,
+    retryableFor: (t) => t === L
+  });
+}
+const q = 4102444800, Le = 30;
+class Me {
+  constructor(e) {
+    // `client` is the only mutable field — see `setClient`. The
+    // identity-bearing fields (peginTxid/authAnchorHex/pinnedServerPubkey)
+    // remain readonly and are checked against re-registration in the
+    // registry's `getOrCreate`.
+    h(this, "client");
+    h(this, "peginTxid");
+    h(this, "authAnchorHex");
+    h(this, "pinnedServerPubkey");
+    h(this, "authGatedMethods");
+    h(this, "refreshSkewSecs");
+    h(this, "now");
+    h(this, "cached", null);
+    h(this, "inFlight", null);
+    this.client = e.client, this.peginTxid = e.peginTxid, this.authAnchorHex = e.authAnchorHex, this.pinnedServerPubkey = e.pinnedServerPubkey, this.authGatedMethods = e.authGatedMethods, this.refreshSkewSecs = e.refreshSkewSecs ?? Le, this.now = e.now ?? (() => Math.floor(Date.now() / 1e3));
+  }
+  /**
+   * Return a bearer token for `method`, or `null` if `method` is not
+   * auth-gated. Triggers a token acquisition if no token is cached or
+   * the cached token is within {@link refreshSkewSecs} of expiry.
+   *
+   * The token-issuing method itself is hard-exempted from the gate —
+   * if `auth_createDepositorToken` were ever included in
+   * `authGatedMethods` (caller misconfiguration) the provider would
+   * recurse into `acquireSingleFlight` from inside the JSON-RPC header
+   * builder before `inFlight` is assigned, defeating the single-flight
+   * guard. Returning `null` here breaks that recursion deterministically.
+   */
+  async getToken(e) {
+    if (e === L || !this.authGatedMethods.has(e)) return null;
+    const t = this.cached;
+    return t && this.now() + this.refreshSkewSecs < t.expiresAt ? t.token : (await this.acquireSingleFlight()).token;
+  }
+  /**
+   * Drop the cached token. Next `getToken` call re-acquires.
+   * Called by `JsonRpcClient` on wire `auth_expired` responses.
+   */
+  invalidate() {
+    this.cached = null;
+  }
+  /**
+   * Swap in a different transport for subsequent token-issuing calls.
+   * Used by the registry when a later caller registers the same
+   * `peginTxid` against a different `baseUrl` — the cached token
+   * (bound to identity, not transport) stays valid, but future
+   * refreshes hit the new URL. An in-flight acquire keeps using the
+   * old client (it captured the reference); next call uses the new.
+   */
+  setClient(e) {
+    this.client = e;
+  }
+  acquireSingleFlight() {
+    const e = this.inFlight;
+    if (e) return e;
+    const t = (async () => {
+      try {
+        const r = await this.client.call(L, {
+          pegin_txid: this.peginTxid,
+          auth_anchor: this.authAnchorHex
+        });
+        if (Oe({
+          proof: r.server_identity,
+          pinnedServerPubkey: this.pinnedServerPubkey,
+          now: this.now()
+        }), typeof r.token != "string" || r.token.length === 0)
+          throw new Error(
+            `VpTokenProvider: invalid token in acquire response (expected non-empty string, got ${typeof r.token})`
+          );
+        const i = this.now();
+        if (!Number.isSafeInteger(r.expires_at) || r.expires_at <= i || r.expires_at > q)
+          throw new Error(
+            `VpTokenProvider: invalid expires_at in acquire response (got ${JSON.stringify(r.expires_at)}; must be a safe integer in (${i}, ${q}])`
+          );
+        const a = {
+          token: r.token,
+          expiresAt: r.expires_at
+        };
+        return this.cached = a, a;
+      } finally {
+        this.inFlight = null;
+      }
+    })();
+    return this.inFlight = t, t;
+  }
+}
+class Ge {
+  constructor() {
+    h(this, "entries", /* @__PURE__ */ new Map());
+  }
+  /**
+   * Return the cached `VpTokenProvider` for `peginTxid` if one exists
+   * with matching `authAnchorHex` and `pinnedServerPubkey`, otherwise
+   * construct and cache a fresh provider. A mismatch on either field
+   * throws — silent overwrite would mask derivation drift or VP
+   * pubkey rotation.
+   */
+  getOrCreate(e) {
+    const t = this.entries.get(e.peginTxid);
+    if (t) {
+      if (t.authAnchorHex !== e.authAnchorHex)
+        throw new Error(
+          `VpTokenRegistry: peginTxid ${e.peginTxid} already bound to authAnchorHex ${t.authAnchorHex.slice(0, 8)}…; got ${e.authAnchorHex.slice(0, 8)}…`
+        );
+      if (t.pinnedServerPubkey !== e.pinnedServerPubkey)
+        throw new Error(
+          `VpTokenRegistry: peginTxid ${e.peginTxid} already bound to pinnedServerPubkey ${t.pinnedServerPubkey.slice(0, 8)}…; got ${e.pinnedServerPubkey.slice(0, 8)}…`
+        );
+      return t.provider.setClient(e.client), t.provider;
+    }
+    const r = new Me({
+      client: e.client,
+      peginTxid: e.peginTxid,
+      authAnchorHex: e.authAnchorHex,
+      pinnedServerPubkey: e.pinnedServerPubkey,
+      authGatedMethods: Ue
+    });
+    return this.entries.set(e.peginTxid, {
+      provider: r,
+      authAnchorHex: e.authAnchorHex,
+      pinnedServerPubkey: e.pinnedServerPubkey
+    }), r;
+  }
+  /** Return the cached provider, or `undefined` if none. */
+  peek(e) {
+    var t;
+    return (t = this.entries.get(e)) == null ? void 0 : t.provider;
+  }
+  /**
+   * Evict the entry for `peginTxid`. Idempotent. Called on terminal
+   * paths — activation success, user-cancel, or component unmount —
+   * so `authAnchorHex` doesn't outlive the deposit session.
+   */
+  release(e) {
+    this.entries.delete(e);
+  }
+  /**
+   * Wipe every cached entry. Test-only escape hatch — not exposed on
+   * the public {@link VpTokenRegistryPublic} singleton type.
+   *
+   * @internal
+   */
+  clear() {
+    this.entries.clear();
+  }
+  get size() {
+    return this.entries.size;
+  }
+}
+const oe = new Ge();
+function tt(n) {
+  var r;
+  const e = ae(
+    n.baseUrl,
+    (r = n.options) == null ? void 0 : r.headers
+  ), t = oe.getOrCreate({
+    client: e,
+    peginTxid: n.peginTxid,
+    authAnchorHex: n.authAnchorHex,
+    pinnedServerPubkey: n.pinnedServerPubkey
+  });
+  return new Ce(n.baseUrl, {
+    ...n.options,
+    tokenProvider: t
+  });
+}
+function nt(n) {
+  oe.getOrCreate({
+    client: ae(n.baseUrl, n.headers),
+    peginTxid: n.peginTxid,
+    authAnchorHex: n.authAnchorHex,
+    pinnedServerPubkey: n.pinnedServerPubkey
+  });
+}
+async function rt(n, e) {
+  const [t, r] = await n.multicall({
+    contracts: [
+      {
+        address: e,
+        abi: S,
+        functionName: "protocolParams"
+      },
+      {
+        address: e,
+        abi: S,
+        functionName: "applicationRegistry"
+      }
+    ],
+    allowFailure: !1
+  });
+  return {
+    protocolParams: t,
+    applicationRegistry: r
+  };
+}
+const W = 65535;
+function U(n) {
+  return {
+    timelockAssert: n.timelockAssert,
+    timelockChallengeAssert: n.timelockChallengeAssert,
+    securityCouncilKeys: [...n.securityCouncilKeys],
+    councilQuorum: n.councilQuorum,
+    feeRate: n.feeRate,
+    babeTotalInstances: n.babeTotalInstances,
+    babeInstancesToFinalize: n.babeInstancesToFinalize,
+    minVpCommissionBps: n.minVpCommissionBps,
+    tRefund: n.tRefund,
+    tStale: n.tStale,
+    minPeginFeeRate: n.minPeginFeeRate,
+    proverProgramVersion: n.proverProgramVersion,
+    minPrepeginDepth: n.minPrepeginDepth
+  };
+}
+function z(n) {
+  return {
+    minimumPegInAmount: n.minimumPegInAmount,
+    maxPegInAmount: n.maxPegInAmount,
+    pegInAckTimeout: n.pegInAckTimeout,
+    pegInActivationTimeout: n.pegInActivationTimeout,
+    maxHtlcOutputCount: n.maxHtlcOutputCount
+  };
+}
+function J(n) {
+  if (n > BigInt(W))
+    throw new Error(
+      `timelockAssert value ${n} exceeds uint16 max (${W})`
+    );
+  return Number(n);
+}
+class st {
+  constructor(e, t) {
+    this.publicClient = e, this.contractAddress = t;
+  }
+  async getTBVProtocolParams() {
+    const e = await this.publicClient.readContract({
+      address: this.contractAddress,
+      abi: b,
+      functionName: "getTBVProtocolParams"
+    });
+    return z(e);
+  }
+  async getLatestOffchainParams() {
+    const e = await this.publicClient.readContract({
+      address: this.contractAddress,
+      abi: b,
+      functionName: "getLatestOffchainParams"
+    });
+    return U(e);
+  }
+  async getOffchainParamsByVersion(e) {
+    const t = await this.publicClient.readContract({
+      address: this.contractAddress,
+      abi: b,
+      functionName: "getOffchainParamsByVersion",
+      args: [e]
+    });
+    return U(t);
+  }
+  async getLatestOffchainParamsVersion() {
+    return await this.publicClient.readContract({
+      address: this.contractAddress,
+      abi: b,
+      functionName: "latestOffchainParamsVersion"
+    });
+  }
+  async getTimelockPeginByVersion(e) {
+    const t = await this.getOffchainParamsByVersion(e);
+    return J(t.timelockAssert);
+  }
+  /**
+   * Read TBV protocol params and latest offchain params atomically via multicall.
+   * Prevents TOCTOU inconsistency if governance updates params between reads.
+   */
+  async getPegInConfiguration() {
+    const e = await this.publicClient.multicall({
+      contracts: [
+        {
+          address: this.contractAddress,
+          abi: b,
+          functionName: "getTBVProtocolParams"
+        },
+        {
+          address: this.contractAddress,
+          abi: b,
+          functionName: "getLatestOffchainParams"
+        }
+      ],
+      allowFailure: !1
+    }), t = z(e[0]), r = U(e[1]);
+    return {
+      minimumPegInAmount: t.minimumPegInAmount,
+      maxPegInAmount: t.maxPegInAmount,
+      pegInAckTimeout: t.pegInAckTimeout,
+      pegInActivationTimeout: t.pegInActivationTimeout,
+      maxHtlcOutputCount: t.maxHtlcOutputCount,
+      timelockPegin: J(r.timelockAssert),
+      timelockRefund: r.tRefund,
+      minVpCommissionBps: r.minVpCommissionBps,
+      offchainParams: r
+    };
+  }
+}
+function H(n) {
+  return n.map((e) => ({
+    ethAddress: e.ethAddress,
+    btcPubKey: e.btcPubKey
+  }));
+}
+class it {
+  constructor(e, t) {
+    this.publicClient = e, this.contractAddress = t;
+  }
+  async getVaultKeepersByVersion(e, t) {
+    const r = await this.publicClient.readContract({
+      address: this.contractAddress,
+      abi: O,
+      functionName: "getVaultKeepersByVersion",
+      args: [e, t]
+    });
+    return H(r);
+  }
+  async getCurrentVaultKeepers(e) {
+    const t = await this.publicClient.readContract({
+      address: this.contractAddress,
+      abi: O,
+      functionName: "getCurrentVaultKeepers",
+      args: [e]
+    });
+    return H(t);
+  }
+  async getCurrentVaultKeepersVersion(e) {
+    return await this.publicClient.readContract({
+      address: this.contractAddress,
+      abi: O,
+      functionName: "getCurrentVaultKeepersVersion",
+      args: [e]
+    });
+  }
+}
+class at {
+  constructor(e, t) {
+    this.publicClient = e, this.contractAddress = t;
+  }
+  async getUniversalChallengersByVersion(e) {
+    const t = await this.publicClient.readContract({
+      address: this.contractAddress,
+      abi: b,
+      functionName: "getUniversalChallengersByVersion",
+      args: [e]
+    });
+    return H(t);
+  }
+  async getCurrentUniversalChallengers() {
+    const e = await this.publicClient.readContract({
+      address: this.contractAddress,
+      abi: b,
+      functionName: "getCurrentUniversalChallengers"
+    });
+    return H(e);
+  }
+  async getLatestUniversalChallengersVersion() {
+    return await this.publicClient.readContract({
+      address: this.contractAddress,
+      abi: b,
+      functionName: "latestUniversalChallengersVersion"
+    });
+  }
+}
+class ot {
+  constructor(e, t) {
+    this.publicClient = e, this.contractAddress = t;
+  }
+  /**
+   * Read the VP's persistent x-only BTC pubkey from the on-chain
+   * registry. Validates length, hex form, and secp256k1 curve
+   * membership before minting the brand. Returns 64-char lowercase
+   * hex without the `0x` prefix.
+   */
+  async getVaultProviderBtcPubKey(e) {
+    const r = (await this.publicClient.readContract({
+      address: this.contractAddress,
+      abi: S,
+      functionName: "getVaultProviderBTCKey",
+      args: [e]
+    })).toLowerCase();
+    if (!/^0x[0-9a-f]{64}$/.test(r))
+      throw new Error(
+        `getVaultProviderBTCKey returned an unexpected value (vp=${e}, length ${r.length}, prefix "${r.slice(0, 2)}")`
+      );
+    const i = r.slice(2);
+    if (!N.isXOnlyPoint(he(i)))
+      throw new Error(
+        `getVaultProviderBTCKey returned a value that is not on the secp256k1 curve (vp=${e})`
+      );
+    return i;
+  }
+  async getVaultBasicInfo(e) {
+    const t = await this.publicClient.readContract({
+      address: this.contractAddress,
+      abi: S,
+      functionName: "getBtcVaultBasicInfo",
+      args: [e]
+    });
+    return {
+      depositor: t.depositor,
+      depositorBtcPubKey: t.depositorBtcPubKey,
+      amount: t.amount,
+      vaultProvider: t.vaultProvider,
+      status: t.status,
+      applicationEntryPoint: t.applicationEntryPoint,
+      createdAt: t.createdAt
+    };
+  }
+  async getVaultProtocolInfo(e) {
+    const t = await this.publicClient.readContract({
+      address: this.contractAddress,
+      abi: S,
+      functionName: "getBtcVaultProtocolInfo",
+      args: [e]
+    });
+    return {
+      depositorSignedPeginTx: t.depositorSignedPeginTx,
+      universalChallengersVersion: t.universalChallengersVersion,
+      appVaultKeepersVersion: t.appVaultKeepersVersion,
+      offchainParamsVersion: t.offchainParamsVersion,
+      verifiedAt: t.verifiedAt,
+      depositorWotsPkHash: t.depositorWotsPkHash,
+      hashlock: t.hashlock,
+      htlcVout: t.htlcVout,
+      depositorPopSignature: t.depositorPopSignature,
+      prePeginTxHash: t.prePeginTxHash,
+      vaultProviderCommissionBps: t.vaultProviderCommissionBps
+    };
+  }
+  async getVaultData(e) {
+    const [t, r] = await Promise.all([
+      this.getVaultBasicInfo(e),
+      this.getVaultProtocolInfo(e)
+    ]);
+    if (!r.depositorSignedPeginTx || r.depositorSignedPeginTx === "0x")
+      throw new Error(
+        `Vault ${e} not found on-chain or has no pegin transaction`
+      );
+    return { basic: t, protocol: r };
+  }
+}
+export {
+  _ as S,
+  Ce as V,
+  s as a,
+  et as b,
+  Oe as c,
+  Ge as d,
+  oe as e,
+  tt as f,
+  st as g,
+  at as h,
+  it as i,
+  ot as j,
+  nt as p,
+  rt as r,
+  ve as v
+};
+//# sourceMappingURL=vault-registry-reader-BDFpXeH7.js.map