npm - @babylonlabs-io/ts-sdk - Versions diffs - 0.37.2 → 0.38.0 - Mend

@babylonlabs-io/ts-sdk 0.37.2 → 0.38.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (109) hide show

package/dist/assertPsbtUnsignedTxMatches-CagW7XqW.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"assertPsbtUnsignedTxMatches-CagW7XqW.cjs","sources":["../src/tbv/core/primitives/scripts/payout.ts","../src/tbv/core/primitives/psbt/constants.ts","../src/tbv/core/primitives/psbt/payout.ts","../src/tbv/core/primitives/psbt/assertPsbtUnsignedTxMatches.ts"],"sourcesContent":["/**\n * Payout Script Generator Primitive\n *\n * This module provides pure functions for generating payout scripts and taproot information\n * by wrapping the WASM implementation from @babylonlabs-io/babylon-tbv-rust-wasm.\n *\n * The payout script is used for signing payout transactions in the vault system.\n * It defines the spending conditions for the vault output, enabling the depositor\n * to authorize payouts during the peg-in flow (Step 3).\n *\n * @remarks\n * This is a low-level primitive. For most use cases, prefer using {@link buildPayoutPsbt}\n * which handles script creation internally. For high-level wallet orchestration, use\n * PayoutManager from the managers module.\n *\n * @see {@link buildPayoutPsbt} - Higher-level function that uses this internally\n *\n * @module primitives/scripts/payout\n */\n\nimport {\n createPayoutConnector,\n type Network,\n} from \"@babylonlabs-io/babylon-tbv-rust-wasm\";\n\n/**\n * Parameters for creating a payout script.\n *\n * These parameters define the participants in a vault and are used to generate\n * the taproot script that controls how funds can be spent from the vault.\n */\nexport interface PayoutScriptParams {\n /**\n * Depositor's BTC public key (x-only, 64-char hex without 0x prefix).\n *\n * This is the user depositing BTC into the vault. The depositor must sign\n * payout transactions to authorize fund distribution.\n */\n depositor: string;\n\n /**\n * Vault provider's BTC public key (x-only, 64-char hex without 0x prefix).\n *\n * The service provider managing vault operations. Also referred to as\n * \"claimer\" in the WASM layer.\n */\n vaultProvider: string;\n\n /**\n * Array of vault keeper BTC public keys (x-only, 64-char hex without 0x prefix).\n *\n * Vault keepers participate in vault operations and script spending conditions.\n */\n vaultKeepers: string[];\n\n /**\n * Array of universal challenger BTC public keys (x-only, 64-char hex without 0x prefix).\n *\n * These parties can challenge the vault under certain conditions.\n */\n universalChallengers: string[];\n\n /**\n * CSV timelock in blocks for the PegIn output.\n */\n timelockPegin: number;\n\n /**\n * Bitcoin network for script generation.\n *\n * Must match the network used for all other vault operations to ensure\n * address encoding compatibility.\n */\n network: Network;\n}\n\n/**\n * Result of creating a payout script.\n *\n * Contains all the taproot-related data needed for constructing and signing\n * payout transactions from the vault.\n */\nexport interface PayoutScriptResult {\n /**\n * The payout script hex used in taproot script path spending.\n *\n * This is the raw script bytes that define the spending conditions,\n * encoded as a hexadecimal string. Used when constructing the\n * tapLeafScript for PSBT signing.\n */\n payoutScript: string;\n\n /**\n * The taproot script hash (leaf hash) for the payout script.\n *\n * This is the tagged hash of the script used in taproot tree construction.\n * Required for computing the control block during script path spending.\n */\n taprootScriptHash: string;\n\n /**\n * The full scriptPubKey for the vault output address.\n *\n * This is the complete output script (OP_1 <32-byte-key>) that should be\n * used when creating the vault output in a peg-in transaction.\n */\n scriptPubKey: string;\n\n /**\n * The vault Bitcoin address derived from the script.\n *\n * A human-readable bech32m address (bc1p... for mainnet, tb1p... for testnet/signet)\n * that can be used to receive funds into the vault.\n */\n address: string;\n\n /**\n * Serialized control block for Taproot script path spend (hex encoded).\n *\n * Computed by the Rust WASM PeginPayoutConnector. Used directly in\n * tapLeafScript when building payout PSBTs.\n */\n payoutControlBlock: string;\n}\n\n/**\n * Create payout script and taproot information using WASM.\n *\n * This is a pure function that wraps the Rust WASM implementation.\n * The payout connector generates the necessary taproot scripts and information\n * required for signing payout transactions.\n *\n * @remarks\n * The generated script encodes spending conditions that require signatures from\n * the depositor and vault provider (or liquidators in challenge scenarios).\n * This script is used internally by {@link buildPayoutPsbt}.\n *\n * @param params - Payout script parameters defining vault participants and network\n * @returns Payout script and taproot information for PSBT construction\n *\n * @see {@link buildPayoutPsbt} - Use this for building complete payout PSBTs\n */\nexport async function createPayoutScript(\n params: PayoutScriptParams,\n): Promise<PayoutScriptResult> {\n // Call the WASM wrapper with the correct parameter structure\n const connector = await createPayoutConnector(\n {\n depositor: params.depositor,\n vaultProvider: params.vaultProvider,\n vaultKeepers: params.vaultKeepers,\n universalChallengers: params.universalChallengers,\n timelockPegin: params.timelockPegin,\n },\n params.network,\n );\n\n return {\n payoutScript: connector.payoutScript,\n taprootScriptHash: connector.taprootScriptHash,\n scriptPubKey: connector.scriptPubKey,\n address: connector.address,\n payoutControlBlock: connector.payoutControlBlock,\n };\n}\n","/**\n * Protocol invariants for depositor graph transactions.\n *\n * These indices and counts encode the on-chain vault protocol layout\n * (which output of PegIn/Assert each child transaction spends, and how\n * many inputs each transaction has). Consumed by the PSBT builders and\n * the depositor graph signing service; a drift between copies of these\n * values would silently change validation behaviour.\n *\n * @module primitives/psbt/constants\n * @see btc-vault crates/vault/docs/btc-transactions-spec.md\n */\n\n/**\n * Depositor Payout transaction input count.\n * Input 0: PegIn:0 (signed). Input 1: Assert:0 (in sighash, not signed).\n */\nexport const DEPOSITOR_PAYOUT_INPUT_COUNT = 2;\n\n/** PegIn vault output index spent by the depositor's Payout input 0. */\nexport const PEGIN_VAULT_OUTPUT_INDEX = 0;\n\n/** Payout input index bound to the graph Assert tx (NOT signed). */\nexport const PAYOUT_ASSERT_INPUT_INDEX = 1;\n\n/** Assert output index spent by the depositor's Payout input 1 (NOT signed). */\nexport const ASSERT_PAYOUT_OUTPUT_INDEX = 0;\n\n/** Assert output index spent by NoPayout input 0 (signed). */\nexport const ASSERT_NOPAYOUT_OUTPUT_INDEX = 0;\n","/**\n * Payout PSBT Builder Primitives\n *\n * This module provides pure functions for building unsigned payout PSBTs and extracting\n * Schnorr signatures from signed PSBTs. It uses WASM-generated scripts from the payout\n * connector and bitcoinjs-lib for PSBT construction.\n *\n * The Payout transaction references the Assert transaction (input 1).\n *\n * @module primitives/psbt/payout\n */\n\nimport {\n type Network,\n tapInternalPubkey,\n} from \"@babylonlabs-io/babylon-tbv-rust-wasm\";\nimport { Buffer } from \"buffer\";\nimport { Psbt, Transaction } from \"bitcoinjs-lib\";\nimport { createPayoutScript } from \"../scripts/payout\";\nimport {\n TAPSCRIPT_LEAF_VERSION,\n hexToUint8Array,\n isValidHex,\n stripHexPrefix,\n uint8ArrayToHex,\n} from \"../utils/bitcoin\";\nimport {\n ASSERT_PAYOUT_OUTPUT_INDEX,\n PEGIN_VAULT_OUTPUT_INDEX,\n} from \"./constants\";\n\n/**\n * Number of items in a Taproot script-path spend witness stack for a\n * single-signature script: [signature, script, controlBlock].\n *\n * The current payout script requires exactly one depositor signature. If the\n * protocol evolves to require multiple signatures in the payout script, this\n * invariant and the finalized-PSBT extraction path must be revisited because\n * the first witness item would no longer necessarily be the depositor's.\n */\nconst TAPROOT_SINGLE_SIG_WITNESS_STACK_SIZE = 3;\n\n/**\n * Parameters for building an unsigned Payout PSBT\n *\n * Payout is used in the challenge path after Assert, when the claimer proves validity.\n * Input 1 references the Assert transaction.\n */\nexport interface PayoutParams {\n /**\n * Payout transaction hex (unsigned)\n * This is the transaction that needs to be signed by the depositor\n */\n payoutTxHex: string;\n\n /**\n * Assert transaction hex\n * Payout input 1 references Assert output 0\n */\n assertTxHex: string;\n\n /**\n * Peg-in transaction hex\n * This transaction created the vault output that we're spending\n */\n peginTxHex: string;\n\n /**\n * Depositor's BTC public key (x-only, 64-char hex without 0x prefix)\n */\n depositorBtcPubkey: string;\n\n /**\n * Vault provider's BTC public key (x-only, 64-char hex)\n */\n vaultProviderBtcPubkey: string;\n\n /**\n * Vault keeper BTC public keys (x-only, 64-char hex)\n */\n vaultKeeperBtcPubkeys: string[];\n\n /**\n * Universal challenger BTC public keys (x-only, 64-char hex)\n */\n universalChallengerBtcPubkeys: string[];\n\n /**\n * CSV timelock in blocks for the PegIn output.\n */\n timelockPegin: number;\n\n /**\n * Bitcoin network\n */\n network: Network;\n}\n\n/**\n * Result of building an unsigned payout PSBT\n */\nexport interface PayoutPsbtResult {\n /**\n * Unsigned PSBT hex ready for signing\n */\n psbtHex: string;\n}\n\n/**\n * Build unsigned Payout PSBT for depositor to sign.\n *\n * Payout is used in the **challenge path** when the claimer proves validity:\n * 1. Vault provider submits Claim transaction\n * 2. Challenge is raised during challenge period\n * 3. Claimer submits Assert transaction to prove validity\n * 4. Payout can be executed (references Assert tx)\n *\n * Payout transactions have the following structure:\n * - Input 0: from PeginTx output0 (signed by depositor)\n * - Input 1: from Assert output0 (NOT signed by depositor)\n *\n * @param params - Payout parameters\n * @returns Unsigned PSBT ready for depositor to sign\n *\n * @throws If payout transaction does not have exactly 2 inputs\n * @throws If input 0 does not spend PegIn:0 (vault UTXO)\n * @throws If input 1 does not spend Assert:0 (proof output)\n * @throws If previous output is not found for either input\n */\nexport async function buildPayoutPsbt(\n params: PayoutParams,\n): Promise<PayoutPsbtResult> {\n // Normalize hex inputs (strip 0x prefix if present)\n const payoutTxHex = stripHexPrefix(params.payoutTxHex);\n const peginTxHex = stripHexPrefix(params.peginTxHex);\n const assertTxHex = stripHexPrefix(params.assertTxHex);\n\n // Get payout script from WASM\n const payoutConnector = await createPayoutScript({\n depositor: params.depositorBtcPubkey,\n vaultProvider: params.vaultProviderBtcPubkey,\n vaultKeepers: params.vaultKeeperBtcPubkeys,\n universalChallengers: params.universalChallengerBtcPubkeys,\n timelockPegin: params.timelockPegin,\n network: params.network,\n });\n\n const payoutScriptBytes = hexToUint8Array(payoutConnector.payoutScript);\n const controlBlock = hexToUint8Array(payoutConnector.payoutControlBlock);\n\n // Parse transactions\n const payoutTx = Transaction.fromHex(payoutTxHex);\n const peginTx = Transaction.fromHex(peginTxHex);\n const assertTx = Transaction.fromHex(assertTxHex);\n\n // Create PSBT\n const psbt = new Psbt();\n psbt.setVersion(payoutTx.version);\n psbt.setLocktime(payoutTx.locktime);\n\n // PayoutTx has exactly 2 inputs:\n // - Input 0: from PeginTx output0 (signed by depositor using taproot script path)\n // - Input 1: from Assert output0 (signed by claimer/challengers, not depositor)\n //\n // IMPORTANT: For Taproot SIGHASH_DEFAULT (0x00), the sighash commits to ALL inputs'\n // prevouts, not just the one being signed. Therefore, we must include BOTH inputs\n // in the PSBT so the wallet computes the correct sighash that the VP expects.\n\n // Verify payout transaction has expected structure\n if (payoutTx.ins.length !== 2) {\n throw new Error(\n `Payout transaction must have exactly 2 inputs, got ${payoutTx.ins.length}`,\n );\n }\n\n const input0 = payoutTx.ins[0];\n const input1 = payoutTx.ins[1];\n\n // Verify input 0 spends PegIn:0 (the vault UTXO).\n // Both txid AND vout must match the protocol contract — the vout is the\n // input-side anchor that prevents a malicious VP from binding the\n // depositor's signature to a different output of the same parent.\n const input0Txid = uint8ArrayToHex(\n new Uint8Array(input0.hash).slice().reverse(),\n );\n const peginTxid = peginTx.getId();\n\n if (input0Txid !== peginTxid || input0.index !== PEGIN_VAULT_OUTPUT_INDEX) {\n throw new Error(\n `Input 0 must spend PegIn:${PEGIN_VAULT_OUTPUT_INDEX}. ` +\n `Expected ${peginTxid}:${PEGIN_VAULT_OUTPUT_INDEX}, got ${input0Txid}:${input0.index}`,\n );\n }\n\n // Verify input 1 spends Assert:0 (the proof output).\n const input1Txid = uint8ArrayToHex(\n new Uint8Array(input1.hash).slice().reverse(),\n );\n const assertTxid = assertTx.getId();\n\n if (input1Txid !== assertTxid || input1.index !== ASSERT_PAYOUT_OUTPUT_INDEX) {\n throw new Error(\n `Input 1 must spend Assert:${ASSERT_PAYOUT_OUTPUT_INDEX}. ` +\n `Expected ${assertTxid}:${ASSERT_PAYOUT_OUTPUT_INDEX}, got ${input1Txid}:${input1.index}`,\n );\n }\n\n const peginPrevOut = peginTx.outs[input0.index];\n if (!peginPrevOut) {\n throw new Error(\n `Previous output not found for input 0 (txid: ${input0Txid}, index: ${input0.index})`,\n );\n }\n\n const input1PrevOut = assertTx.outs[input1.index];\n if (!input1PrevOut) {\n throw new Error(\n `Previous output not found for input 1 (txid: ${input1Txid}, index: ${input1.index})`,\n );\n }\n\n // Input 0: Depositor signs using Taproot script path spend\n // This input includes tapLeafScript for signing\n psbt.addInput({\n hash: input0.hash,\n index: input0.index,\n sequence: input0.sequence,\n witnessUtxo: {\n script: peginPrevOut.script,\n value: peginPrevOut.value,\n },\n tapLeafScript: [\n {\n leafVersion: TAPSCRIPT_LEAF_VERSION,\n script: Buffer.from(payoutScriptBytes),\n controlBlock: Buffer.from(controlBlock),\n },\n ],\n tapInternalKey: Buffer.from(tapInternalPubkey),\n // sighashType omitted - defaults to SIGHASH_DEFAULT (0x00) for Taproot\n });\n\n // Input 1: From Assert transaction (NOT signed by depositor)\n // We include this with witnessUtxo so the sighash is computed correctly,\n // but we do NOT include tapLeafScript since the depositor doesn't sign it.\n psbt.addInput({\n hash: input1.hash,\n index: input1.index,\n sequence: input1.sequence,\n witnessUtxo: {\n script: input1PrevOut.script,\n value: input1PrevOut.value,\n },\n // No tapLeafScript - depositor doesn't sign this input\n });\n\n // Add outputs\n for (const output of payoutTx.outs) {\n psbt.addOutput({\n script: output.script,\n value: output.value,\n });\n }\n\n return {\n psbtHex: psbt.toHex(),\n };\n}\n\n/**\n * Validate that a payout transaction's largest output pays to the registered\n * depositor payout scriptPubKey.\n *\n * Prevents a malicious vault provider from substituting the payout destination\n * (or routing funds through a dust output to the correct address while sending\n * the actual value to an attacker-controlled script).\n *\n * @param payoutTxHex - Raw payout transaction hex\n * @param registeredPayoutScriptPubKey - On-chain registered scriptPubKey (hex, with or without 0x prefix)\n * @throws If scriptPubKey is invalid hex\n * @throws If the transaction has no outputs\n * @throws If the largest output does not pay to the registered scriptPubKey\n */\nexport function assertPayoutOutputMatchesRegistered(\n payoutTxHex: string,\n registeredPayoutScriptPubKey: string,\n): void {\n if (!isValidHex(registeredPayoutScriptPubKey)) {\n throw new Error(\"Invalid registeredPayoutScriptPubKey: not valid hex\");\n }\n\n const expectedScript = Buffer.from(\n stripHexPrefix(registeredPayoutScriptPubKey),\n \"hex\",\n );\n const payoutTx = Transaction.fromHex(stripHexPrefix(payoutTxHex));\n\n if (payoutTx.outs.length === 0) {\n throw new Error(\"Payout transaction has no outputs\");\n }\n\n const largestOutput = payoutTx.outs.reduce((max, output) =>\n output.value > max.value ? output : max,\n );\n\n if (!largestOutput.script.equals(expectedScript)) {\n throw new Error(\n \"Payout transaction does not pay to the registered depositor payout address\",\n );\n }\n}\n\n/**\n * Extract Schnorr signature from signed payout PSBT.\n *\n * This function supports two cases:\n * 1. Non-finalized PSBT: Extracts from tapScriptSig field\n * 2. Finalized PSBT: Extracts from witness data\n *\n * The signature is returned as a 64-byte hex string (128 hex characters).\n * Payout signatures must use implicit Taproot SIGHASH_DEFAULT, which is\n * encoded by omitting the sighash byte.\n *\n * @param signedPsbtHex - Signed PSBT hex\n * @param depositorPubkey - Depositor's public key (x-only, 64-char hex)\n * @param inputIndex - Input index to extract signature from (default: 0)\n * @returns 64-byte Schnorr signature (128 hex characters, no sighash flag)\n *\n * @throws If no signature is found in the PSBT\n * @throws If the signature has an unexpected length\n */\nexport function extractPayoutSignature(\n signedPsbtHex: string,\n depositorPubkey: string,\n inputIndex = 0,\n): string {\n const signedPsbt = Psbt.fromHex(signedPsbtHex);\n\n if (inputIndex >= signedPsbt.data.inputs.length) {\n throw new Error(\n `Input index ${inputIndex} out of range (${signedPsbt.data.inputs.length} inputs)`,\n );\n }\n\n const input = signedPsbt.data.inputs[inputIndex];\n\n // Case 1: Non-finalized PSBT — extract from tapScriptSig\n if (input.tapScriptSig && input.tapScriptSig.length > 0) {\n const depositorPubkeyBytes = hexToUint8Array(depositorPubkey);\n\n for (const sigEntry of input.tapScriptSig) {\n if (sigEntry.pubkey.equals(Buffer.from(depositorPubkeyBytes))) {\n return extractSchnorrSig(sigEntry.signature, inputIndex);\n }\n }\n\n throw new Error(\n `No signature found for depositor pubkey: ${depositorPubkey} at input ${inputIndex}`,\n );\n }\n\n // Case 2: Finalized PSBT — extract from finalScriptWitness\n // Taproot single-signature script-path witness: [signature, script, controlBlock].\n // Enforce the exact stack size so that if a wallet produces an unexpected\n // finalization (e.g. a multi-signature stack, an annex, or malformed data),\n // we fail loudly instead of silently returning witnessStack[0] which may\n // not be the depositor's signature.\n if (input.finalScriptWitness && input.finalScriptWitness.length > 0) {\n const witnessStack = parseWitnessStack(input.finalScriptWitness);\n if (witnessStack.length !== TAPROOT_SINGLE_SIG_WITNESS_STACK_SIZE) {\n throw new Error(\n `Unexpected finalized witness stack size at input ${inputIndex}: ` +\n `expected ${TAPROOT_SINGLE_SIG_WITNESS_STACK_SIZE} items (signature, script, controlBlock), ` +\n `got ${witnessStack.length}`,\n );\n }\n return extractSchnorrSig(witnessStack[0], inputIndex);\n }\n\n throw new Error(\n `No tapScriptSig or finalScriptWitness found in signed PSBT at input ${inputIndex}`,\n );\n}\n\n/**\n * Extract and validate a 64-byte Schnorr signature.\n * Rejects 65-byte signatures because the appended sighash byte changes the\n * Taproot message being signed; stripping it would produce an unverifiable\n * SIGHASH_DEFAULT signature.\n * @internal\n */\nfunction extractSchnorrSig(sig: Uint8Array, inputIndex: number): string {\n if (sig.length === 64) {\n return uint8ArrayToHex(new Uint8Array(sig));\n }\n if (sig.length === 65) {\n throw new Error(\n `Unexpected sighash byte 0x${sig[64].toString(16).padStart(2, \"0\")} at input ${inputIndex}. ` +\n \"Expected implicit SIGHASH_DEFAULT as a 64-byte signature.\",\n );\n }\n throw new Error(\n `Unexpected signature length at input ${inputIndex}: ${sig.length}`,\n );\n}\n\n/**\n * Parse a BIP-141 serialized witness stack into individual stack items.\n * Format: [varint item_count] [varint len, data]...\n *\n * Throws on malformed input (truncated buffer, 8-byte varints, or trailing\n * bytes) so callers never receive silently-corrupted witness items.\n * @internal\n */\nfunction parseWitnessStack(witness: Buffer): Buffer[] {\n const items: Buffer[] = [];\n let offset = 0;\n\n const requireBytes = (n: number): void => {\n if (offset + n > witness.length) {\n throw new Error(\n `Malformed witness data: need ${n} byte(s) at offset ${offset}, only ${witness.length - offset} remaining`,\n );\n }\n };\n\n const readVarInt = (): number => {\n requireBytes(1);\n const first = witness[offset++];\n if (first < 0xfd) return first;\n if (first === 0xfd) {\n requireBytes(2);\n const val = (witness[offset] | (witness[offset + 1] << 8)) >>> 0;\n offset += 2;\n return val;\n }\n if (first === 0xfe) {\n requireBytes(4);\n const val =\n (witness[offset] |\n (witness[offset + 1] << 8) |\n (witness[offset + 2] << 16) |\n (witness[offset + 3] << 24)) >>>\n 0;\n offset += 4;\n return val;\n }\n // 0xff — 8-byte varint. Not used for witness sizes in practice and JS\n // numbers cannot represent all 64-bit values exactly, so reject rather\n // than risk silent truncation.\n throw new Error(\n `Malformed witness data: 8-byte varint (0xff) not supported at offset ${offset - 1}`,\n );\n };\n\n const count = readVarInt();\n for (let i = 0; i < count; i++) {\n const len = readVarInt();\n requireBytes(len);\n items.push(Buffer.from(witness.subarray(offset, offset + len)));\n offset += len;\n }\n\n if (offset !== witness.length) {\n throw new Error(\n `Malformed witness data: ${witness.length - offset} trailing byte(s) after parsing ${count} item(s)`,\n );\n }\n\n return items;\n}\n\n","/**\n * Asserts a wallet-returned PSBT encodes the same unsigned transaction\n * as the locally-built PSBT we asked the wallet to sign. Per-input PSBT\n * metadata (witnessUtxo, tapLeafScript, sighashType) is intentionally NOT\n * compared — those fields are committed to the Schnorr sighash and the\n * vault provider's `verify_depositor_signature` rejects mismatches there.\n * This primitive defends the path where a colluding VP would otherwise\n * accept a wallet-substituted signature.\n */\n\nimport { Buffer } from \"buffer\";\n\nimport { Psbt } from \"bitcoinjs-lib\";\n\n/**\n * Thrown when a wallet-returned PSBT encodes a different unsigned\n * transaction than the one the caller asked the wallet to sign.\n */\nexport class PsbtSubstitutionError extends Error {\n constructor(detail: string) {\n super(\n `Wallet returned a PSBT for a different transaction: ${detail}`,\n );\n this.name = \"PsbtSubstitutionError\";\n }\n}\n\nexport interface AssertPsbtUnsignedTxMatchesParams {\n /** PSBT we built locally and asked the wallet to sign. */\n requestedPsbtHex: string;\n /** PSBT the wallet returned after signing. */\n returnedPsbtHex: string;\n}\n\nfunction parsePsbt(label: \"requested\" | \"returned\", hex: string): Psbt {\n try {\n return Psbt.fromHex(hex);\n } catch (cause) {\n const reason = cause instanceof Error ? cause.message : String(cause);\n throw new Error(`Failed to parse ${label} PSBT: ${reason}`);\n }\n}\n\n/**\n * Length of the hex prefix included in mismatch errors. Short enough that\n * full prevout txids and output scriptPubKeys never reach logs / error\n * trackers, long enough to disambiguate during forensic triage.\n */\nconst REDACTED_HEX_PREFIX_LEN = 8;\n\nfunction redactHex(buf: Buffer): string {\n return `${buf.toString(\"hex\").slice(0, REDACTED_HEX_PREFIX_LEN)}…`;\n}\n\n/**\n * `bitcoinjs-lib` exposes `txInputs[i].hash` in internal little-endian form;\n * a human reading logs expects the big-endian txid an explorer would show.\n * Reverse before truncating so the surfaced prefix matches what an operator\n * can search for.\n */\nfunction redactTxid(internalHash: Buffer): string {\n const reversed = Buffer.from(internalHash).reverse();\n return redactHex(reversed);\n}\n\n/**\n * Compare two PSBTs and throw `PsbtSubstitutionError` unless they encode\n * the same unsigned transaction (version, locktime, inputs, outputs).\n *\n * @throws PsbtSubstitutionError on any mismatch in the unsigned tx\n * @throws Error if either PSBT cannot be parsed\n */\nexport function assertPsbtUnsignedTxMatches(\n params: AssertPsbtUnsignedTxMatchesParams,\n): void {\n const requested = parsePsbt(\"requested\", params.requestedPsbtHex);\n const returned = parsePsbt(\"returned\", params.returnedPsbtHex);\n\n if (requested.version !== returned.version) {\n throw new PsbtSubstitutionError(\n `tx version differs (requested=${requested.version}, returned=${returned.version})`,\n );\n }\n if (requested.locktime !== returned.locktime) {\n throw new PsbtSubstitutionError(\n `tx locktime differs (requested=${requested.locktime}, returned=${returned.locktime})`,\n );\n }\n if (requested.txInputs.length !== returned.txInputs.length) {\n throw new PsbtSubstitutionError(\n `input count differs (requested=${requested.txInputs.length}, returned=${returned.txInputs.length})`,\n );\n }\n if (requested.txOutputs.length !== returned.txOutputs.length) {\n throw new PsbtSubstitutionError(\n `output count differs (requested=${requested.txOutputs.length}, returned=${returned.txOutputs.length})`,\n );\n }\n for (let i = 0; i < requested.txInputs.length; i++) {\n const r = requested.txInputs[i];\n const s = returned.txInputs[i];\n if (!r.hash.equals(s.hash)) {\n throw new PsbtSubstitutionError(\n `input ${i} prevout txid differs (requested=${redactTxid(r.hash)}, returned=${redactTxid(s.hash)})`,\n );\n }\n if (r.index !== s.index) {\n throw new PsbtSubstitutionError(\n `input ${i} prevout vout differs (requested=${r.index}, returned=${s.index})`,\n );\n }\n if (r.sequence !== s.sequence) {\n throw new PsbtSubstitutionError(\n `input ${i} sequence differs (requested=${r.sequence}, returned=${s.sequence})`,\n );\n }\n }\n for (let i = 0; i < requested.txOutputs.length; i++) {\n const r = requested.txOutputs[i];\n const s = returned.txOutputs[i];\n if (!r.script.equals(s.script)) {\n throw new PsbtSubstitutionError(\n `output ${i} scriptPubKey differs (requested=${redactHex(r.script)}, returned=${redactHex(s.script)})`,\n );\n }\n if (r.value !== s.value) {\n throw new PsbtSubstitutionError(\n `output ${i} value differs (requested=${r.value}, returned=${s.value})`,\n );\n }\n }\n}\n"],"names":["createPayoutScript","params","connector","createPayoutConnector","DEPOSITOR_PAYOUT_INPUT_COUNT","PEGIN_VAULT_OUTPUT_INDEX","ASSERT_PAYOUT_OUTPUT_INDEX","TAPROOT_SINGLE_SIG_WITNESS_STACK_SIZE","buildPayoutPsbt","payoutTxHex","stripHexPrefix","peginTxHex","assertTxHex","payoutConnector","payoutScriptBytes","hexToUint8Array","controlBlock","payoutTx","Transaction","peginTx","assertTx","psbt","Psbt","input0","input1","input0Txid","uint8ArrayToHex","peginTxid","input1Txid","assertTxid","peginPrevOut","input1PrevOut","TAPSCRIPT_LEAF_VERSION","Buffer","tapInternalPubkey","output","assertPayoutOutputMatchesRegistered","registeredPayoutScriptPubKey","isValidHex","expectedScript","max","extractPayoutSignature","signedPsbtHex","depositorPubkey","inputIndex","signedPsbt","input","depositorPubkeyBytes","sigEntry","extractSchnorrSig","witnessStack","parseWitnessStack","sig","witness","items","offset","requireBytes","n","readVarInt","first","val","count","len","PsbtSubstitutionError","detail","parsePsbt","label","hex","cause","reason","REDACTED_HEX_PREFIX_LEN","redactHex","buf","redactTxid","internalHash","reversed","assertPsbtUnsignedTxMatches","requested","returned","i","r"],"mappings":"yJA8IA,eAAsBA,EACpBC,EAC6B,CAE7B,MAAMC,EAAY,MAAMC,EAAAA,sBACtB,CACE,UAAWF,EAAO,UAClB,cAAeA,EAAO,cACtB,aAAcA,EAAO,aACrB,qBAAsBA,EAAO,qBAC7B,cAAeA,EAAO,aAAA,EAExBA,EAAO,OAAA,EAGT,MAAO,CACL,aAAcC,EAAU,aACxB,kBAAmBA,EAAU,kBAC7B,aAAcA,EAAU,aACxB,QAASA,EAAU,QACnB,mBAAoBA,EAAU,kBAAA,CAElC,CCnJO,MAAME,EAA+B,EAG/BC,EAA2B,EAM3BC,EAA6B,ECcpCC,EAAwC,EAyF9C,eAAsBC,EACpBP,EAC2B,CAE3B,MAAMQ,EAAcC,EAAAA,eAAeT,EAAO,WAAW,EAC/CU,EAAaD,EAAAA,eAAeT,EAAO,UAAU,EAC7CW,EAAcF,EAAAA,eAAeT,EAAO,WAAW,EAG/CY,EAAkB,MAAMb,EAAmB,CAC/C,UAAWC,EAAO,mBAClB,cAAeA,EAAO,uBACtB,aAAcA,EAAO,sBACrB,qBAAsBA,EAAO,8BAC7B,cAAeA,EAAO,cACtB,QAASA,EAAO,OAAA,CACjB,EAEKa,EAAoBC,EAAAA,gBAAgBF,EAAgB,YAAY,EAChEG,EAAeD,EAAAA,gBAAgBF,EAAgB,kBAAkB,EAGjEI,EAAWC,EAAAA,YAAY,QAAQT,CAAW,EAC1CU,EAAUD,EAAAA,YAAY,QAAQP,CAAU,EACxCS,EAAWF,EAAAA,YAAY,QAAQN,CAAW,EAG1CS,EAAO,IAAIC,OAajB,GAZAD,EAAK,WAAWJ,EAAS,OAAO,EAChCI,EAAK,YAAYJ,EAAS,QAAQ,EAW9BA,EAAS,IAAI,SAAW,EAC1B,MAAM,IAAI,MACR,sDAAsDA,EAAS,IAAI,MAAM,EAAA,EAI7E,MAAMM,EAASN,EAAS,IAAI,CAAC,EACvBO,EAASP,EAAS,IAAI,CAAC,EAMvBQ,EAAaC,EAAAA,gBACjB,IAAI,WAAWH,EAAO,IAAI,EAAE,MAAA,EAAQ,QAAA,CAAQ,EAExCI,EAAYR,EAAQ,MAAA,EAE1B,GAAIM,IAAeE,GAAaJ,EAAO,QAAUlB,EAC/C,MAAM,IAAI,MACR,4BAA4BA,CAAwB,cACtCsB,CAAS,IAAItB,CAAwB,SAASoB,CAAU,IAAIF,EAAO,KAAK,EAAA,EAK1F,MAAMK,EAAaF,EAAAA,gBACjB,IAAI,WAAWF,EAAO,IAAI,EAAE,MAAA,EAAQ,QAAA,CAAQ,EAExCK,EAAaT,EAAS,MAAA,EAE5B,GAAIQ,IAAeC,GAAcL,EAAO,QAAUlB,EAChD,MAAM,IAAI,MACR,6BAA6BA,CAA0B,cACzCuB,CAAU,IAAIvB,CAA0B,SAASsB,CAAU,IAAIJ,EAAO,KAAK,EAAA,EAI7F,MAAMM,EAAeX,EAAQ,KAAKI,EAAO,KAAK,EAC9C,GAAI,CAACO,EACH,MAAM,IAAI,MACR,gDAAgDL,CAAU,YAAYF,EAAO,KAAK,GAAA,EAItF,MAAMQ,EAAgBX,EAAS,KAAKI,EAAO,KAAK,EAChD,GAAI,CAACO,EACH,MAAM,IAAI,MACR,gDAAgDH,CAAU,YAAYJ,EAAO,KAAK,GAAA,EAMtFH,EAAK,SAAS,CACZ,KAAME,EAAO,KACb,MAAOA,EAAO,MACd,SAAUA,EAAO,SACjB,YAAa,CACX,OAAQO,EAAa,OACrB,MAAOA,EAAa,KAAA,EAEtB,cAAe,CACb,CACE,YAAaE,EAAAA,uBACb,OAAQC,EAAAA,OAAO,KAAKnB,CAAiB,EACrC,aAAcmB,EAAAA,OAAO,KAAKjB,CAAY,CAAA,CACxC,EAEF,eAAgBiB,EAAAA,OAAO,KAAKC,EAAAA,iBAAiB,CAAA,CAE9C,EAKDb,EAAK,SAAS,CACZ,KAAMG,EAAO,KACb,MAAOA,EAAO,MACd,SAAUA,EAAO,SACjB,YAAa,CACX,OAAQO,EAAc,OACtB,MAAOA,EAAc,KAAA,CACvB,CAED,EAGD,UAAWI,KAAUlB,EAAS,KAC5BI,EAAK,UAAU,CACb,OAAQc,EAAO,OACf,MAAOA,EAAO,KAAA,CACf,EAGH,MAAO,CACL,QAASd,EAAK,MAAA,CAAM,CAExB,CAgBO,SAASe,EACd3B,EACA4B,EACM,CACN,GAAI,CAACC,EAAAA,WAAWD,CAA4B,EAC1C,MAAM,IAAI,MAAM,qDAAqD,EAGvE,MAAME,EAAiBN,EAAAA,OAAO,KAC5BvB,EAAAA,eAAe2B,CAA4B,EAC3C,KAAA,EAEIpB,EAAWC,EAAAA,YAAY,QAAQR,EAAAA,eAAeD,CAAW,CAAC,EAEhE,GAAIQ,EAAS,KAAK,SAAW,EAC3B,MAAM,IAAI,MAAM,mCAAmC,EAOrD,GAAI,CAJkBA,EAAS,KAAK,OAAO,CAACuB,EAAKL,IAC/CA,EAAO,MAAQK,EAAI,MAAQL,EAASK,CAAA,EAGnB,OAAO,OAAOD,CAAc,EAC7C,MAAM,IAAI,MACR,4EAAA,CAGN,CAqBO,SAASE,EACdC,EACAC,EACAC,EAAa,EACL,CACR,MAAMC,EAAavB,EAAAA,KAAK,QAAQoB,CAAa,EAE7C,GAAIE,GAAcC,EAAW,KAAK,OAAO,OACvC,MAAM,IAAI,MACR,eAAeD,CAAU,kBAAkBC,EAAW,KAAK,OAAO,MAAM,UAAA,EAI5E,MAAMC,EAAQD,EAAW,KAAK,OAAOD,CAAU,EAG/C,GAAIE,EAAM,cAAgBA,EAAM,aAAa,OAAS,EAAG,CACvD,MAAMC,EAAuBhC,EAAAA,gBAAgB4B,CAAe,EAE5D,UAAWK,KAAYF,EAAM,aAC3B,GAAIE,EAAS,OAAO,OAAOf,EAAAA,OAAO,KAAKc,CAAoB,CAAC,EAC1D,OAAOE,EAAkBD,EAAS,UAAWJ,CAAU,EAI3D,MAAM,IAAI,MACR,4CAA4CD,CAAe,aAAaC,CAAU,EAAA,CAEtF,CAQA,GAAIE,EAAM,oBAAsBA,EAAM,mBAAmB,OAAS,EAAG,CACnE,MAAMI,EAAeC,EAAkBL,EAAM,kBAAkB,EAC/D,GAAII,EAAa,SAAW3C,EAC1B,MAAM,IAAI,MACR,oDAAoDqC,CAAU,cAChDrC,CAAqC,iDAC1C2C,EAAa,MAAM,EAAA,EAGhC,OAAOD,EAAkBC,EAAa,CAAC,EAAGN,CAAU,CACtD,CAEA,MAAM,IAAI,MACR,uEAAuEA,CAAU,EAAA,CAErF,CASA,SAASK,EAAkBG,EAAiBR,EAA4B,CACtE,GAAIQ,EAAI,SAAW,GACjB,OAAO1B,kBAAgB,IAAI,WAAW0B,CAAG,CAAC,EAE5C,MAAIA,EAAI,SAAW,GACX,IAAI,MACR,6BAA6BA,EAAI,EAAE,EAAE,SAAS,EAAE,EAAE,SAAS,EAAG,GAAG,CAAC,aAAaR,CAAU,6DAAA,EAIvF,IAAI,MACR,wCAAwCA,CAAU,KAAKQ,EAAI,MAAM,EAAA,CAErE,CAUA,SAASD,EAAkBE,EAA2B,CACpD,MAAMC,EAAkB,CAAA,EACxB,IAAIC,EAAS,EAEb,MAAMC,EAAgBC,GAAoB,CACxC,GAAIF,EAASE,EAAIJ,EAAQ,OACvB,MAAM,IAAI,MACR,gCAAgCI,CAAC,sBAAsBF,CAAM,UAAUF,EAAQ,OAASE,CAAM,YAAA,CAGpG,EAEMG,EAAa,IAAc,CAC/BF,EAAa,CAAC,EACd,MAAMG,EAAQN,EAAQE,GAAQ,EAC9B,GAAII,EAAQ,IAAM,OAAOA,EACzB,GAAIA,IAAU,IAAM,CAClBH,EAAa,CAAC,EACd,MAAMI,GAAOP,EAAQE,CAAM,EAAKF,EAAQE,EAAS,CAAC,GAAK,KAAQ,EAC/D,OAAAA,GAAU,EACHK,CACT,CACA,GAAID,IAAU,IAAM,CAClBH,EAAa,CAAC,EACd,MAAMI,GACHP,EAAQE,CAAM,EACZF,EAAQE,EAAS,CAAC,GAAK,EACvBF,EAAQE,EAAS,CAAC,GAAK,GACvBF,EAAQE,EAAS,CAAC,GAAK,MAC1B,EACF,OAAAA,GAAU,EACHK,CACT,CAIA,MAAM,IAAI,MACR,wEAAwEL,EAAS,CAAC,EAAA,CAEtF,EAEMM,EAAQH,EAAA,EACd,QAAS,EAAI,EAAG,EAAIG,EAAO,IAAK,CAC9B,MAAMC,EAAMJ,EAAA,EACZF,EAAaM,CAAG,EAChBR,EAAM,KAAKrB,EAAAA,OAAO,KAAKoB,EAAQ,SAASE,EAAQA,EAASO,CAAG,CAAC,CAAC,EAC9DP,GAAUO,CACZ,CAEA,GAAIP,IAAWF,EAAQ,OACrB,MAAM,IAAI,MACR,2BAA2BA,EAAQ,OAASE,CAAM,mCAAmCM,CAAK,UAAA,EAI9F,OAAOP,CACT,CCpcO,MAAMS,UAA8B,KAAM,CAC/C,YAAYC,EAAgB,CAC1B,MACE,uDAAuDA,CAAM,EAAA,EAE/D,KAAK,KAAO,uBACd,CACF,CASA,SAASC,EAAUC,EAAiCC,EAAmB,CACrE,GAAI,CACF,OAAO7C,EAAAA,KAAK,QAAQ6C,CAAG,CACzB,OAASC,EAAO,CACd,MAAMC,EAASD,aAAiB,MAAQA,EAAM,QAAU,OAAOA,CAAK,EACpE,MAAM,IAAI,MAAM,mBAAmBF,CAAK,UAAUG,CAAM,EAAE,CAC5D,CACF,CAOA,MAAMC,EAA0B,EAEhC,SAASC,EAAUC,EAAqB,CACtC,MAAO,GAAGA,EAAI,SAAS,KAAK,EAAE,MAAM,EAAGF,CAAuB,CAAC,GACjE,CAQA,SAASG,EAAWC,EAA8B,CAChD,MAAMC,EAAW1C,EAAAA,OAAO,KAAKyC,CAAY,EAAE,QAAA,EAC3C,OAAOH,EAAUI,CAAQ,CAC3B,CASO,SAASC,EACd3E,EACM,CACN,MAAM4E,EAAYZ,EAAU,YAAahE,EAAO,gBAAgB,EAC1D6E,EAAWb,EAAU,WAAYhE,EAAO,eAAe,EAE7D,GAAI4E,EAAU,UAAYC,EAAS,QACjC,MAAM,IAAIf,EACR,iCAAiCc,EAAU,OAAO,cAAcC,EAAS,OAAO,GAAA,EAGpF,GAAID,EAAU,WAAaC,EAAS,SAClC,MAAM,IAAIf,EACR,kCAAkCc,EAAU,QAAQ,cAAcC,EAAS,QAAQ,GAAA,EAGvF,GAAID,EAAU,SAAS,SAAWC,EAAS,SAAS,OAClD,MAAM,IAAIf,EACR,kCAAkCc,EAAU,SAAS,MAAM,cAAcC,EAAS,SAAS,MAAM,GAAA,EAGrG,GAAID,EAAU,UAAU,SAAWC,EAAS,UAAU,OACpD,MAAM,IAAIf,EACR,mCAAmCc,EAAU,UAAU,MAAM,cAAcC,EAAS,UAAU,MAAM,GAAA,EAGxG,QAASC,EAAI,EAAGA,EAAIF,EAAU,SAAS,OAAQE,IAAK,CAClD,MAAMC,EAAIH,EAAU,SAASE,CAAC,EACxB,EAAID,EAAS,SAASC,CAAC,EAC7B,GAAI,CAACC,EAAE,KAAK,OAAO,EAAE,IAAI,EACvB,MAAM,IAAIjB,EACR,SAASgB,CAAC,oCAAoCN,EAAWO,EAAE,IAAI,CAAC,cAAcP,EAAW,EAAE,IAAI,CAAC,GAAA,EAGpG,GAAIO,EAAE,QAAU,EAAE,MAChB,MAAM,IAAIjB,EACR,SAASgB,CAAC,oCAAoCC,EAAE,KAAK,cAAc,EAAE,KAAK,GAAA,EAG9E,GAAIA,EAAE,WAAa,EAAE,SACnB,MAAM,IAAIjB,EACR,SAASgB,CAAC,gCAAgCC,EAAE,QAAQ,cAAc,EAAE,QAAQ,GAAA,CAGlF,CACA,QAASD,EAAI,EAAGA,EAAIF,EAAU,UAAU,OAAQE,IAAK,CACnD,MAAMC,EAAIH,EAAU,UAAUE,CAAC,EACzB,EAAID,EAAS,UAAUC,CAAC,EAC9B,GAAI,CAACC,EAAE,OAAO,OAAO,EAAE,MAAM,EAC3B,MAAM,IAAIjB,EACR,UAAUgB,CAAC,oCAAoCR,EAAUS,EAAE,MAAM,CAAC,cAAcT,EAAU,EAAE,MAAM,CAAC,GAAA,EAGvG,GAAIS,EAAE,QAAU,EAAE,MAChB,MAAM,IAAIjB,EACR,UAAUgB,CAAC,6BAA6BC,EAAE,KAAK,cAAc,EAAE,KAAK,GAAA,CAG1E,CACF"}

package/dist/{assertPsbtUnsignedTxMatches-D7RxpR4A.js → assertPsbtUnsignedTxMatches-Dry5dTfl.js} RENAMED Viewed

@@ -1,9 +1,9 @@
-import { createPayoutConnector as O, tapInternalPubkey as A } from "@babylonlabs-io/babylon-tbv-rust-wasm";
-import { Buffer as c } from "buffer";
-import { Transaction as h, Psbt as S } from "bitcoinjs-lib";
-import { c as C, s as f, h as y, u as v, T as U } from "./bitcoin-B5aNKtsk.js";
-async function _(t) {
-  const r = await O(
+import { createPayoutConnector as A, tapInternalPubkey as B } from "@babylonlabs-io/babylon-tbv-rust-wasm";
+import { Buffer as d } from "buffer";
+import { Transaction as h, Psbt as T } from "bitcoinjs-lib";
+import { c as C, s as f, h as v, u as S, T as N } from "./bitcoin-B5aNKtsk.js";
+async function K(t) {
+  const r = await A(
     {
       depositor: t.depositor,
       vaultProvider: t.vaultProvider,
@@ -21,84 +21,84 @@ async function _(t) {
     payoutControlBlock: r.payoutControlBlock
   };
 }
-const q = 3;
-async function V(t) {
-  const r = f(t.payoutTxHex), e = f(t.peginTxHex), n = f(t.assertTxHex), o = await _({
+const F = 2, P = 0, y = 0, I = 3;
+async function G(t) {
+  const r = f(t.payoutTxHex), e = f(t.peginTxHex), n = f(t.assertTxHex), o = await K({
     depositor: t.depositorBtcPubkey,
     vaultProvider: t.vaultProviderBtcPubkey,
     vaultKeepers: t.vaultKeeperBtcPubkeys,
     universalChallengers: t.universalChallengerBtcPubkeys,
     timelockPegin: t.timelockPegin,
     network: t.network
-  }), s = y(o.payoutScript), i = y(o.payoutControlBlock), u = h.fromHex(r), E = h.fromHex(e), b = h.fromHex(n), p = new S();
-  if (p.setVersion(u.version), p.setLocktime(u.locktime), u.ins.length !== 2)
+  }), s = v(o.payoutScript), i = v(o.payoutControlBlock), u = h.fromHex(r), b = h.fromHex(e), k = h.fromHex(n), l = new T();
+  if (l.setVersion(u.version), l.setLocktime(u.locktime), u.ins.length !== 2)
     throw new Error(
       `Payout transaction must have exactly 2 inputs, got ${u.ins.length}`
     );
-  const l = u.ins[0], d = u.ins[1], x = v(
-    new Uint8Array(l.hash).slice().reverse()
-  ), T = E.getId();
-  if (x !== T)
+  const c = u.ins[0], p = u.ins[1], x = S(
+    new Uint8Array(c.hash).slice().reverse()
+  ), m = b.getId();
+  if (x !== m || c.index !== P)
     throw new Error(
-      `Input 0 does not reference pegin transaction. Expected ${T}, got ${x}`
+      `Input 0 must spend PegIn:${P}. Expected ${m}:${P}, got ${x}:${c.index}`
     );
-  const g = v(
-    new Uint8Array(d.hash).slice().reverse()
-  ), k = b.getId();
-  if (g !== k)
+  const g = S(
+    new Uint8Array(p.hash).slice().reverse()
+  ), q = k.getId();
+  if (g !== q || p.index !== y)
     throw new Error(
-      `Input 1 does not reference assert transaction. Expected ${k}, got ${g}`
+      `Input 1 must spend Assert:${y}. Expected ${q}:${y}, got ${g}:${p.index}`
     );
-  const w = E.outs[l.index];
-  if (!w)
+  const $ = b.outs[c.index];
+  if (!$)
     throw new Error(
-      `Previous output not found for input 0 (txid: ${x}, index: ${l.index})`
+      `Previous output not found for input 0 (txid: ${x}, index: ${c.index})`
     );
-  const $ = b.outs[d.index];
-  if (!$)
+  const w = k.outs[p.index];
+  if (!w)
     throw new Error(
-      `Previous output not found for input 1 (txid: ${g}, index: ${d.index})`
+      `Previous output not found for input 1 (txid: ${g}, index: ${p.index})`
     );
-  p.addInput({
-    hash: l.hash,
-    index: l.index,
-    sequence: l.sequence,
+  l.addInput({
+    hash: c.hash,
+    index: c.index,
+    sequence: c.sequence,
     witnessUtxo: {
-      script: w.script,
-      value: w.value
+      script: $.script,
+      value: $.value
     },
     tapLeafScript: [
       {
-        leafVersion: U,
-        script: c.from(s),
-        controlBlock: c.from(i)
+        leafVersion: N,
+        script: d.from(s),
+        controlBlock: d.from(i)
       }
     ],
-    tapInternalKey: c.from(A)
+    tapInternalKey: d.from(B)
     // sighashType omitted - defaults to SIGHASH_DEFAULT (0x00) for Taproot
-  }), p.addInput({
-    hash: d.hash,
-    index: d.index,
-    sequence: d.sequence,
+  }), l.addInput({
+    hash: p.hash,
+    index: p.index,
+    sequence: p.sequence,
     witnessUtxo: {
-      script: $.script,
-      value: $.value
+      script: w.script,
+      value: w.value
     }
     // No tapLeafScript - depositor doesn't sign this input
   });
-  for (const m of u.outs)
-    p.addOutput({
-      script: m.script,
-      value: m.value
+  for (const H of u.outs)
+    l.addOutput({
+      script: H.script,
+      value: H.value
     });
   return {
-    psbtHex: p.toHex()
+    psbtHex: l.toHex()
   };
 }
-function F(t, r) {
+function X(t, r) {
   if (!C(r))
     throw new Error("Invalid registeredPayoutScriptPubKey: not valid hex");
-  const e = c.from(
+  const e = d.from(
     f(r),
     "hex"
   ), n = h.fromHex(f(t));
@@ -111,44 +111,44 @@ function F(t, r) {
       "Payout transaction does not pay to the registered depositor payout address"
     );
 }
-function D(t, r, e = 0) {
-  const n = S.fromHex(t);
+function z(t, r, e = 0) {
+  const n = T.fromHex(t);
   if (e >= n.data.inputs.length)
     throw new Error(
       `Input index ${e} out of range (${n.data.inputs.length} inputs)`
     );
   const o = n.data.inputs[e];
   if (o.tapScriptSig && o.tapScriptSig.length > 0) {
-    const s = y(r);
+    const s = v(r);
     for (const i of o.tapScriptSig)
-      if (i.pubkey.equals(c.from(s)))
-        return H(i.signature, e);
+      if (i.pubkey.equals(d.from(s)))
+        return O(i.signature, e);
     throw new Error(
       `No signature found for depositor pubkey: ${r} at input ${e}`
     );
   }
   if (o.finalScriptWitness && o.finalScriptWitness.length > 0) {
-    const s = K(o.finalScriptWitness);
-    if (s.length !== q)
+    const s = R(o.finalScriptWitness);
+    if (s.length !== I)
       throw new Error(
-        `Unexpected finalized witness stack size at input ${e}: expected ${q} items (signature, script, controlBlock), got ${s.length}`
+        `Unexpected finalized witness stack size at input ${e}: expected ${I} items (signature, script, controlBlock), got ${s.length}`
       );
-    return H(s[0], e);
+    return O(s[0], e);
   }
   throw new Error(
     `No tapScriptSig or finalScriptWitness found in signed PSBT at input ${e}`
   );
 }
-function H(t, r) {
+function O(t, r) {
   if (t.length === 64)
-    return v(new Uint8Array(t));
+    return S(new Uint8Array(t));
   throw t.length === 65 ? new Error(
     `Unexpected sighash byte 0x${t[64].toString(16).padStart(2, "0")} at input ${r}. Expected implicit SIGHASH_DEFAULT as a 64-byte signature.`
   ) : new Error(
     `Unexpected signature length at input ${r}: ${t.length}`
   );
 }
-function K(t) {
+function R(t) {
   const r = [];
   let e = 0;
   const n = (i) => {
@@ -176,7 +176,7 @@ function K(t) {
   }, s = o();
   for (let i = 0; i < s; i++) {
     const u = o();
-    n(u), r.push(c.from(t.subarray(e, e + u))), e += u;
+    n(u), r.push(d.from(t.subarray(e, e + u))), e += u;
   }
   if (e !== t.length)
     throw new Error(
@@ -191,24 +191,24 @@ class a extends Error {
     ), this.name = "PsbtSubstitutionError";
   }
 }
-function I(t, r) {
+function U(t, r) {
   try {
-    return S.fromHex(r);
+    return T.fromHex(r);
   } catch (e) {
     const n = e instanceof Error ? e.message : String(e);
     throw new Error(`Failed to parse ${t} PSBT: ${n}`);
   }
 }
-const W = 8;
-function P(t) {
-  return `${t.toString("hex").slice(0, W)}…`;
+const D = 8;
+function E(t) {
+  return `${t.toString("hex").slice(0, D)}…`;
 }
-function B(t) {
-  const r = c.from(t).reverse();
-  return P(r);
+function _(t) {
+  const r = d.from(t).reverse();
+  return E(r);
 }
-function G(t) {
-  const r = I("requested", t.requestedPsbtHex), e = I("returned", t.returnedPsbtHex);
+function Y(t) {
+  const r = U("requested", t.requestedPsbtHex), e = U("returned", t.returnedPsbtHex);
   if (r.version !== e.version)
     throw new a(
       `tx version differs (requested=${r.version}, returned=${e.version})`
@@ -229,7 +229,7 @@ function G(t) {
     const o = r.txInputs[n], s = e.txInputs[n];
     if (!o.hash.equals(s.hash))
       throw new a(
-        `input ${n} prevout txid differs (requested=${B(o.hash)}, returned=${B(s.hash)})`
+        `input ${n} prevout txid differs (requested=${_(o.hash)}, returned=${_(s.hash)})`
       );
     if (o.index !== s.index)
       throw new a(
@@ -244,7 +244,7 @@ function G(t) {
     const o = r.txOutputs[n], s = e.txOutputs[n];
     if (!o.script.equals(s.script))
       throw new a(
-        `output ${n} scriptPubKey differs (requested=${P(o.script)}, returned=${P(s.script)})`
+        `output ${n} scriptPubKey differs (requested=${E(o.script)}, returned=${E(s.script)})`
       );
     if (o.value !== s.value)
       throw new a(
@@ -253,11 +253,14 @@ function G(t) {
   }
 }
 export {
+  y as A,
+  F as D,
   a as P,
-  F as a,
-  V as b,
-  G as c,
-  _ as d,
-  D as e
+  X as a,
+  G as b,
+  Y as c,
+  K as d,
+  z as e,
+  P as f
 };
-//# sourceMappingURL=assertPsbtUnsignedTxMatches-D7RxpR4A.js.map
+//# sourceMappingURL=assertPsbtUnsignedTxMatches-Dry5dTfl.js.map

package/dist/assertPsbtUnsignedTxMatches-Dry5dTfl.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"assertPsbtUnsignedTxMatches-Dry5dTfl.js","sources":["../src/tbv/core/primitives/scripts/payout.ts","../src/tbv/core/primitives/psbt/constants.ts","../src/tbv/core/primitives/psbt/payout.ts","../src/tbv/core/primitives/psbt/assertPsbtUnsignedTxMatches.ts"],"sourcesContent":["/**\n * Payout Script Generator Primitive\n *\n * This module provides pure functions for generating payout scripts and taproot information\n * by wrapping the WASM implementation from @babylonlabs-io/babylon-tbv-rust-wasm.\n *\n * The payout script is used for signing payout transactions in the vault system.\n * It defines the spending conditions for the vault output, enabling the depositor\n * to authorize payouts during the peg-in flow (Step 3).\n *\n * @remarks\n * This is a low-level primitive. For most use cases, prefer using {@link buildPayoutPsbt}\n * which handles script creation internally. For high-level wallet orchestration, use\n * PayoutManager from the managers module.\n *\n * @see {@link buildPayoutPsbt} - Higher-level function that uses this internally\n *\n * @module primitives/scripts/payout\n */\n\nimport {\n createPayoutConnector,\n type Network,\n} from \"@babylonlabs-io/babylon-tbv-rust-wasm\";\n\n/**\n * Parameters for creating a payout script.\n *\n * These parameters define the participants in a vault and are used to generate\n * the taproot script that controls how funds can be spent from the vault.\n */\nexport interface PayoutScriptParams {\n /**\n * Depositor's BTC public key (x-only, 64-char hex without 0x prefix).\n *\n * This is the user depositing BTC into the vault. The depositor must sign\n * payout transactions to authorize fund distribution.\n */\n depositor: string;\n\n /**\n * Vault provider's BTC public key (x-only, 64-char hex without 0x prefix).\n *\n * The service provider managing vault operations. Also referred to as\n * \"claimer\" in the WASM layer.\n */\n vaultProvider: string;\n\n /**\n * Array of vault keeper BTC public keys (x-only, 64-char hex without 0x prefix).\n *\n * Vault keepers participate in vault operations and script spending conditions.\n */\n vaultKeepers: string[];\n\n /**\n * Array of universal challenger BTC public keys (x-only, 64-char hex without 0x prefix).\n *\n * These parties can challenge the vault under certain conditions.\n */\n universalChallengers: string[];\n\n /**\n * CSV timelock in blocks for the PegIn output.\n */\n timelockPegin: number;\n\n /**\n * Bitcoin network for script generation.\n *\n * Must match the network used for all other vault operations to ensure\n * address encoding compatibility.\n */\n network: Network;\n}\n\n/**\n * Result of creating a payout script.\n *\n * Contains all the taproot-related data needed for constructing and signing\n * payout transactions from the vault.\n */\nexport interface PayoutScriptResult {\n /**\n * The payout script hex used in taproot script path spending.\n *\n * This is the raw script bytes that define the spending conditions,\n * encoded as a hexadecimal string. Used when constructing the\n * tapLeafScript for PSBT signing.\n */\n payoutScript: string;\n\n /**\n * The taproot script hash (leaf hash) for the payout script.\n *\n * This is the tagged hash of the script used in taproot tree construction.\n * Required for computing the control block during script path spending.\n */\n taprootScriptHash: string;\n\n /**\n * The full scriptPubKey for the vault output address.\n *\n * This is the complete output script (OP_1 <32-byte-key>) that should be\n * used when creating the vault output in a peg-in transaction.\n */\n scriptPubKey: string;\n\n /**\n * The vault Bitcoin address derived from the script.\n *\n * A human-readable bech32m address (bc1p... for mainnet, tb1p... for testnet/signet)\n * that can be used to receive funds into the vault.\n */\n address: string;\n\n /**\n * Serialized control block for Taproot script path spend (hex encoded).\n *\n * Computed by the Rust WASM PeginPayoutConnector. Used directly in\n * tapLeafScript when building payout PSBTs.\n */\n payoutControlBlock: string;\n}\n\n/**\n * Create payout script and taproot information using WASM.\n *\n * This is a pure function that wraps the Rust WASM implementation.\n * The payout connector generates the necessary taproot scripts and information\n * required for signing payout transactions.\n *\n * @remarks\n * The generated script encodes spending conditions that require signatures from\n * the depositor and vault provider (or liquidators in challenge scenarios).\n * This script is used internally by {@link buildPayoutPsbt}.\n *\n * @param params - Payout script parameters defining vault participants and network\n * @returns Payout script and taproot information for PSBT construction\n *\n * @see {@link buildPayoutPsbt} - Use this for building complete payout PSBTs\n */\nexport async function createPayoutScript(\n params: PayoutScriptParams,\n): Promise<PayoutScriptResult> {\n // Call the WASM wrapper with the correct parameter structure\n const connector = await createPayoutConnector(\n {\n depositor: params.depositor,\n vaultProvider: params.vaultProvider,\n vaultKeepers: params.vaultKeepers,\n universalChallengers: params.universalChallengers,\n timelockPegin: params.timelockPegin,\n },\n params.network,\n );\n\n return {\n payoutScript: connector.payoutScript,\n taprootScriptHash: connector.taprootScriptHash,\n scriptPubKey: connector.scriptPubKey,\n address: connector.address,\n payoutControlBlock: connector.payoutControlBlock,\n };\n}\n","/**\n * Protocol invariants for depositor graph transactions.\n *\n * These indices and counts encode the on-chain vault protocol layout\n * (which output of PegIn/Assert each child transaction spends, and how\n * many inputs each transaction has). Consumed by the PSBT builders and\n * the depositor graph signing service; a drift between copies of these\n * values would silently change validation behaviour.\n *\n * @module primitives/psbt/constants\n * @see btc-vault crates/vault/docs/btc-transactions-spec.md\n */\n\n/**\n * Depositor Payout transaction input count.\n * Input 0: PegIn:0 (signed). Input 1: Assert:0 (in sighash, not signed).\n */\nexport const DEPOSITOR_PAYOUT_INPUT_COUNT = 2;\n\n/** PegIn vault output index spent by the depositor's Payout input 0. */\nexport const PEGIN_VAULT_OUTPUT_INDEX = 0;\n\n/** Payout input index bound to the graph Assert tx (NOT signed). */\nexport const PAYOUT_ASSERT_INPUT_INDEX = 1;\n\n/** Assert output index spent by the depositor's Payout input 1 (NOT signed). */\nexport const ASSERT_PAYOUT_OUTPUT_INDEX = 0;\n\n/** Assert output index spent by NoPayout input 0 (signed). */\nexport const ASSERT_NOPAYOUT_OUTPUT_INDEX = 0;\n","/**\n * Payout PSBT Builder Primitives\n *\n * This module provides pure functions for building unsigned payout PSBTs and extracting\n * Schnorr signatures from signed PSBTs. It uses WASM-generated scripts from the payout\n * connector and bitcoinjs-lib for PSBT construction.\n *\n * The Payout transaction references the Assert transaction (input 1).\n *\n * @module primitives/psbt/payout\n */\n\nimport {\n type Network,\n tapInternalPubkey,\n} from \"@babylonlabs-io/babylon-tbv-rust-wasm\";\nimport { Buffer } from \"buffer\";\nimport { Psbt, Transaction } from \"bitcoinjs-lib\";\nimport { createPayoutScript } from \"../scripts/payout\";\nimport {\n TAPSCRIPT_LEAF_VERSION,\n hexToUint8Array,\n isValidHex,\n stripHexPrefix,\n uint8ArrayToHex,\n} from \"../utils/bitcoin\";\nimport {\n ASSERT_PAYOUT_OUTPUT_INDEX,\n PEGIN_VAULT_OUTPUT_INDEX,\n} from \"./constants\";\n\n/**\n * Number of items in a Taproot script-path spend witness stack for a\n * single-signature script: [signature, script, controlBlock].\n *\n * The current payout script requires exactly one depositor signature. If the\n * protocol evolves to require multiple signatures in the payout script, this\n * invariant and the finalized-PSBT extraction path must be revisited because\n * the first witness item would no longer necessarily be the depositor's.\n */\nconst TAPROOT_SINGLE_SIG_WITNESS_STACK_SIZE = 3;\n\n/**\n * Parameters for building an unsigned Payout PSBT\n *\n * Payout is used in the challenge path after Assert, when the claimer proves validity.\n * Input 1 references the Assert transaction.\n */\nexport interface PayoutParams {\n /**\n * Payout transaction hex (unsigned)\n * This is the transaction that needs to be signed by the depositor\n */\n payoutTxHex: string;\n\n /**\n * Assert transaction hex\n * Payout input 1 references Assert output 0\n */\n assertTxHex: string;\n\n /**\n * Peg-in transaction hex\n * This transaction created the vault output that we're spending\n */\n peginTxHex: string;\n\n /**\n * Depositor's BTC public key (x-only, 64-char hex without 0x prefix)\n */\n depositorBtcPubkey: string;\n\n /**\n * Vault provider's BTC public key (x-only, 64-char hex)\n */\n vaultProviderBtcPubkey: string;\n\n /**\n * Vault keeper BTC public keys (x-only, 64-char hex)\n */\n vaultKeeperBtcPubkeys: string[];\n\n /**\n * Universal challenger BTC public keys (x-only, 64-char hex)\n */\n universalChallengerBtcPubkeys: string[];\n\n /**\n * CSV timelock in blocks for the PegIn output.\n */\n timelockPegin: number;\n\n /**\n * Bitcoin network\n */\n network: Network;\n}\n\n/**\n * Result of building an unsigned payout PSBT\n */\nexport interface PayoutPsbtResult {\n /**\n * Unsigned PSBT hex ready for signing\n */\n psbtHex: string;\n}\n\n/**\n * Build unsigned Payout PSBT for depositor to sign.\n *\n * Payout is used in the **challenge path** when the claimer proves validity:\n * 1. Vault provider submits Claim transaction\n * 2. Challenge is raised during challenge period\n * 3. Claimer submits Assert transaction to prove validity\n * 4. Payout can be executed (references Assert tx)\n *\n * Payout transactions have the following structure:\n * - Input 0: from PeginTx output0 (signed by depositor)\n * - Input 1: from Assert output0 (NOT signed by depositor)\n *\n * @param params - Payout parameters\n * @returns Unsigned PSBT ready for depositor to sign\n *\n * @throws If payout transaction does not have exactly 2 inputs\n * @throws If input 0 does not spend PegIn:0 (vault UTXO)\n * @throws If input 1 does not spend Assert:0 (proof output)\n * @throws If previous output is not found for either input\n */\nexport async function buildPayoutPsbt(\n params: PayoutParams,\n): Promise<PayoutPsbtResult> {\n // Normalize hex inputs (strip 0x prefix if present)\n const payoutTxHex = stripHexPrefix(params.payoutTxHex);\n const peginTxHex = stripHexPrefix(params.peginTxHex);\n const assertTxHex = stripHexPrefix(params.assertTxHex);\n\n // Get payout script from WASM\n const payoutConnector = await createPayoutScript({\n depositor: params.depositorBtcPubkey,\n vaultProvider: params.vaultProviderBtcPubkey,\n vaultKeepers: params.vaultKeeperBtcPubkeys,\n universalChallengers: params.universalChallengerBtcPubkeys,\n timelockPegin: params.timelockPegin,\n network: params.network,\n });\n\n const payoutScriptBytes = hexToUint8Array(payoutConnector.payoutScript);\n const controlBlock = hexToUint8Array(payoutConnector.payoutControlBlock);\n\n // Parse transactions\n const payoutTx = Transaction.fromHex(payoutTxHex);\n const peginTx = Transaction.fromHex(peginTxHex);\n const assertTx = Transaction.fromHex(assertTxHex);\n\n // Create PSBT\n const psbt = new Psbt();\n psbt.setVersion(payoutTx.version);\n psbt.setLocktime(payoutTx.locktime);\n\n // PayoutTx has exactly 2 inputs:\n // - Input 0: from PeginTx output0 (signed by depositor using taproot script path)\n // - Input 1: from Assert output0 (signed by claimer/challengers, not depositor)\n //\n // IMPORTANT: For Taproot SIGHASH_DEFAULT (0x00), the sighash commits to ALL inputs'\n // prevouts, not just the one being signed. Therefore, we must include BOTH inputs\n // in the PSBT so the wallet computes the correct sighash that the VP expects.\n\n // Verify payout transaction has expected structure\n if (payoutTx.ins.length !== 2) {\n throw new Error(\n `Payout transaction must have exactly 2 inputs, got ${payoutTx.ins.length}`,\n );\n }\n\n const input0 = payoutTx.ins[0];\n const input1 = payoutTx.ins[1];\n\n // Verify input 0 spends PegIn:0 (the vault UTXO).\n // Both txid AND vout must match the protocol contract — the vout is the\n // input-side anchor that prevents a malicious VP from binding the\n // depositor's signature to a different output of the same parent.\n const input0Txid = uint8ArrayToHex(\n new Uint8Array(input0.hash).slice().reverse(),\n );\n const peginTxid = peginTx.getId();\n\n if (input0Txid !== peginTxid || input0.index !== PEGIN_VAULT_OUTPUT_INDEX) {\n throw new Error(\n `Input 0 must spend PegIn:${PEGIN_VAULT_OUTPUT_INDEX}. ` +\n `Expected ${peginTxid}:${PEGIN_VAULT_OUTPUT_INDEX}, got ${input0Txid}:${input0.index}`,\n );\n }\n\n // Verify input 1 spends Assert:0 (the proof output).\n const input1Txid = uint8ArrayToHex(\n new Uint8Array(input1.hash).slice().reverse(),\n );\n const assertTxid = assertTx.getId();\n\n if (input1Txid !== assertTxid || input1.index !== ASSERT_PAYOUT_OUTPUT_INDEX) {\n throw new Error(\n `Input 1 must spend Assert:${ASSERT_PAYOUT_OUTPUT_INDEX}. ` +\n `Expected ${assertTxid}:${ASSERT_PAYOUT_OUTPUT_INDEX}, got ${input1Txid}:${input1.index}`,\n );\n }\n\n const peginPrevOut = peginTx.outs[input0.index];\n if (!peginPrevOut) {\n throw new Error(\n `Previous output not found for input 0 (txid: ${input0Txid}, index: ${input0.index})`,\n );\n }\n\n const input1PrevOut = assertTx.outs[input1.index];\n if (!input1PrevOut) {\n throw new Error(\n `Previous output not found for input 1 (txid: ${input1Txid}, index: ${input1.index})`,\n );\n }\n\n // Input 0: Depositor signs using Taproot script path spend\n // This input includes tapLeafScript for signing\n psbt.addInput({\n hash: input0.hash,\n index: input0.index,\n sequence: input0.sequence,\n witnessUtxo: {\n script: peginPrevOut.script,\n value: peginPrevOut.value,\n },\n tapLeafScript: [\n {\n leafVersion: TAPSCRIPT_LEAF_VERSION,\n script: Buffer.from(payoutScriptBytes),\n controlBlock: Buffer.from(controlBlock),\n },\n ],\n tapInternalKey: Buffer.from(tapInternalPubkey),\n // sighashType omitted - defaults to SIGHASH_DEFAULT (0x00) for Taproot\n });\n\n // Input 1: From Assert transaction (NOT signed by depositor)\n // We include this with witnessUtxo so the sighash is computed correctly,\n // but we do NOT include tapLeafScript since the depositor doesn't sign it.\n psbt.addInput({\n hash: input1.hash,\n index: input1.index,\n sequence: input1.sequence,\n witnessUtxo: {\n script: input1PrevOut.script,\n value: input1PrevOut.value,\n },\n // No tapLeafScript - depositor doesn't sign this input\n });\n\n // Add outputs\n for (const output of payoutTx.outs) {\n psbt.addOutput({\n script: output.script,\n value: output.value,\n });\n }\n\n return {\n psbtHex: psbt.toHex(),\n };\n}\n\n/**\n * Validate that a payout transaction's largest output pays to the registered\n * depositor payout scriptPubKey.\n *\n * Prevents a malicious vault provider from substituting the payout destination\n * (or routing funds through a dust output to the correct address while sending\n * the actual value to an attacker-controlled script).\n *\n * @param payoutTxHex - Raw payout transaction hex\n * @param registeredPayoutScriptPubKey - On-chain registered scriptPubKey (hex, with or without 0x prefix)\n * @throws If scriptPubKey is invalid hex\n * @throws If the transaction has no outputs\n * @throws If the largest output does not pay to the registered scriptPubKey\n */\nexport function assertPayoutOutputMatchesRegistered(\n payoutTxHex: string,\n registeredPayoutScriptPubKey: string,\n): void {\n if (!isValidHex(registeredPayoutScriptPubKey)) {\n throw new Error(\"Invalid registeredPayoutScriptPubKey: not valid hex\");\n }\n\n const expectedScript = Buffer.from(\n stripHexPrefix(registeredPayoutScriptPubKey),\n \"hex\",\n );\n const payoutTx = Transaction.fromHex(stripHexPrefix(payoutTxHex));\n\n if (payoutTx.outs.length === 0) {\n throw new Error(\"Payout transaction has no outputs\");\n }\n\n const largestOutput = payoutTx.outs.reduce((max, output) =>\n output.value > max.value ? output : max,\n );\n\n if (!largestOutput.script.equals(expectedScript)) {\n throw new Error(\n \"Payout transaction does not pay to the registered depositor payout address\",\n );\n }\n}\n\n/**\n * Extract Schnorr signature from signed payout PSBT.\n *\n * This function supports two cases:\n * 1. Non-finalized PSBT: Extracts from tapScriptSig field\n * 2. Finalized PSBT: Extracts from witness data\n *\n * The signature is returned as a 64-byte hex string (128 hex characters).\n * Payout signatures must use implicit Taproot SIGHASH_DEFAULT, which is\n * encoded by omitting the sighash byte.\n *\n * @param signedPsbtHex - Signed PSBT hex\n * @param depositorPubkey - Depositor's public key (x-only, 64-char hex)\n * @param inputIndex - Input index to extract signature from (default: 0)\n * @returns 64-byte Schnorr signature (128 hex characters, no sighash flag)\n *\n * @throws If no signature is found in the PSBT\n * @throws If the signature has an unexpected length\n */\nexport function extractPayoutSignature(\n signedPsbtHex: string,\n depositorPubkey: string,\n inputIndex = 0,\n): string {\n const signedPsbt = Psbt.fromHex(signedPsbtHex);\n\n if (inputIndex >= signedPsbt.data.inputs.length) {\n throw new Error(\n `Input index ${inputIndex} out of range (${signedPsbt.data.inputs.length} inputs)`,\n );\n }\n\n const input = signedPsbt.data.inputs[inputIndex];\n\n // Case 1: Non-finalized PSBT — extract from tapScriptSig\n if (input.tapScriptSig && input.tapScriptSig.length > 0) {\n const depositorPubkeyBytes = hexToUint8Array(depositorPubkey);\n\n for (const sigEntry of input.tapScriptSig) {\n if (sigEntry.pubkey.equals(Buffer.from(depositorPubkeyBytes))) {\n return extractSchnorrSig(sigEntry.signature, inputIndex);\n }\n }\n\n throw new Error(\n `No signature found for depositor pubkey: ${depositorPubkey} at input ${inputIndex}`,\n );\n }\n\n // Case 2: Finalized PSBT — extract from finalScriptWitness\n // Taproot single-signature script-path witness: [signature, script, controlBlock].\n // Enforce the exact stack size so that if a wallet produces an unexpected\n // finalization (e.g. a multi-signature stack, an annex, or malformed data),\n // we fail loudly instead of silently returning witnessStack[0] which may\n // not be the depositor's signature.\n if (input.finalScriptWitness && input.finalScriptWitness.length > 0) {\n const witnessStack = parseWitnessStack(input.finalScriptWitness);\n if (witnessStack.length !== TAPROOT_SINGLE_SIG_WITNESS_STACK_SIZE) {\n throw new Error(\n `Unexpected finalized witness stack size at input ${inputIndex}: ` +\n `expected ${TAPROOT_SINGLE_SIG_WITNESS_STACK_SIZE} items (signature, script, controlBlock), ` +\n `got ${witnessStack.length}`,\n );\n }\n return extractSchnorrSig(witnessStack[0], inputIndex);\n }\n\n throw new Error(\n `No tapScriptSig or finalScriptWitness found in signed PSBT at input ${inputIndex}`,\n );\n}\n\n/**\n * Extract and validate a 64-byte Schnorr signature.\n * Rejects 65-byte signatures because the appended sighash byte changes the\n * Taproot message being signed; stripping it would produce an unverifiable\n * SIGHASH_DEFAULT signature.\n * @internal\n */\nfunction extractSchnorrSig(sig: Uint8Array, inputIndex: number): string {\n if (sig.length === 64) {\n return uint8ArrayToHex(new Uint8Array(sig));\n }\n if (sig.length === 65) {\n throw new Error(\n `Unexpected sighash byte 0x${sig[64].toString(16).padStart(2, \"0\")} at input ${inputIndex}. ` +\n \"Expected implicit SIGHASH_DEFAULT as a 64-byte signature.\",\n );\n }\n throw new Error(\n `Unexpected signature length at input ${inputIndex}: ${sig.length}`,\n );\n}\n\n/**\n * Parse a BIP-141 serialized witness stack into individual stack items.\n * Format: [varint item_count] [varint len, data]...\n *\n * Throws on malformed input (truncated buffer, 8-byte varints, or trailing\n * bytes) so callers never receive silently-corrupted witness items.\n * @internal\n */\nfunction parseWitnessStack(witness: Buffer): Buffer[] {\n const items: Buffer[] = [];\n let offset = 0;\n\n const requireBytes = (n: number): void => {\n if (offset + n > witness.length) {\n throw new Error(\n `Malformed witness data: need ${n} byte(s) at offset ${offset}, only ${witness.length - offset} remaining`,\n );\n }\n };\n\n const readVarInt = (): number => {\n requireBytes(1);\n const first = witness[offset++];\n if (first < 0xfd) return first;\n if (first === 0xfd) {\n requireBytes(2);\n const val = (witness[offset] | (witness[offset + 1] << 8)) >>> 0;\n offset += 2;\n return val;\n }\n if (first === 0xfe) {\n requireBytes(4);\n const val =\n (witness[offset] |\n (witness[offset + 1] << 8) |\n (witness[offset + 2] << 16) |\n (witness[offset + 3] << 24)) >>>\n 0;\n offset += 4;\n return val;\n }\n // 0xff — 8-byte varint. Not used for witness sizes in practice and JS\n // numbers cannot represent all 64-bit values exactly, so reject rather\n // than risk silent truncation.\n throw new Error(\n `Malformed witness data: 8-byte varint (0xff) not supported at offset ${offset - 1}`,\n );\n };\n\n const count = readVarInt();\n for (let i = 0; i < count; i++) {\n const len = readVarInt();\n requireBytes(len);\n items.push(Buffer.from(witness.subarray(offset, offset + len)));\n offset += len;\n }\n\n if (offset !== witness.length) {\n throw new Error(\n `Malformed witness data: ${witness.length - offset} trailing byte(s) after parsing ${count} item(s)`,\n );\n }\n\n return items;\n}\n\n","/**\n * Asserts a wallet-returned PSBT encodes the same unsigned transaction\n * as the locally-built PSBT we asked the wallet to sign. Per-input PSBT\n * metadata (witnessUtxo, tapLeafScript, sighashType) is intentionally NOT\n * compared — those fields are committed to the Schnorr sighash and the\n * vault provider's `verify_depositor_signature` rejects mismatches there.\n * This primitive defends the path where a colluding VP would otherwise\n * accept a wallet-substituted signature.\n */\n\nimport { Buffer } from \"buffer\";\n\nimport { Psbt } from \"bitcoinjs-lib\";\n\n/**\n * Thrown when a wallet-returned PSBT encodes a different unsigned\n * transaction than the one the caller asked the wallet to sign.\n */\nexport class PsbtSubstitutionError extends Error {\n constructor(detail: string) {\n super(\n `Wallet returned a PSBT for a different transaction: ${detail}`,\n );\n this.name = \"PsbtSubstitutionError\";\n }\n}\n\nexport interface AssertPsbtUnsignedTxMatchesParams {\n /** PSBT we built locally and asked the wallet to sign. */\n requestedPsbtHex: string;\n /** PSBT the wallet returned after signing. */\n returnedPsbtHex: string;\n}\n\nfunction parsePsbt(label: \"requested\" | \"returned\", hex: string): Psbt {\n try {\n return Psbt.fromHex(hex);\n } catch (cause) {\n const reason = cause instanceof Error ? cause.message : String(cause);\n throw new Error(`Failed to parse ${label} PSBT: ${reason}`);\n }\n}\n\n/**\n * Length of the hex prefix included in mismatch errors. Short enough that\n * full prevout txids and output scriptPubKeys never reach logs / error\n * trackers, long enough to disambiguate during forensic triage.\n */\nconst REDACTED_HEX_PREFIX_LEN = 8;\n\nfunction redactHex(buf: Buffer): string {\n return `${buf.toString(\"hex\").slice(0, REDACTED_HEX_PREFIX_LEN)}…`;\n}\n\n/**\n * `bitcoinjs-lib` exposes `txInputs[i].hash` in internal little-endian form;\n * a human reading logs expects the big-endian txid an explorer would show.\n * Reverse before truncating so the surfaced prefix matches what an operator\n * can search for.\n */\nfunction redactTxid(internalHash: Buffer): string {\n const reversed = Buffer.from(internalHash).reverse();\n return redactHex(reversed);\n}\n\n/**\n * Compare two PSBTs and throw `PsbtSubstitutionError` unless they encode\n * the same unsigned transaction (version, locktime, inputs, outputs).\n *\n * @throws PsbtSubstitutionError on any mismatch in the unsigned tx\n * @throws Error if either PSBT cannot be parsed\n */\nexport function assertPsbtUnsignedTxMatches(\n params: AssertPsbtUnsignedTxMatchesParams,\n): void {\n const requested = parsePsbt(\"requested\", params.requestedPsbtHex);\n const returned = parsePsbt(\"returned\", params.returnedPsbtHex);\n\n if (requested.version !== returned.version) {\n throw new PsbtSubstitutionError(\n `tx version differs (requested=${requested.version}, returned=${returned.version})`,\n );\n }\n if (requested.locktime !== returned.locktime) {\n throw new PsbtSubstitutionError(\n `tx locktime differs (requested=${requested.locktime}, returned=${returned.locktime})`,\n );\n }\n if (requested.txInputs.length !== returned.txInputs.length) {\n throw new PsbtSubstitutionError(\n `input count differs (requested=${requested.txInputs.length}, returned=${returned.txInputs.length})`,\n );\n }\n if (requested.txOutputs.length !== returned.txOutputs.length) {\n throw new PsbtSubstitutionError(\n `output count differs (requested=${requested.txOutputs.length}, returned=${returned.txOutputs.length})`,\n );\n }\n for (let i = 0; i < requested.txInputs.length; i++) {\n const r = requested.txInputs[i];\n const s = returned.txInputs[i];\n if (!r.hash.equals(s.hash)) {\n throw new PsbtSubstitutionError(\n `input ${i} prevout txid differs (requested=${redactTxid(r.hash)}, returned=${redactTxid(s.hash)})`,\n );\n }\n if (r.index !== s.index) {\n throw new PsbtSubstitutionError(\n `input ${i} prevout vout differs (requested=${r.index}, returned=${s.index})`,\n );\n }\n if (r.sequence !== s.sequence) {\n throw new PsbtSubstitutionError(\n `input ${i} sequence differs (requested=${r.sequence}, returned=${s.sequence})`,\n );\n }\n }\n for (let i = 0; i < requested.txOutputs.length; i++) {\n const r = requested.txOutputs[i];\n const s = returned.txOutputs[i];\n if (!r.script.equals(s.script)) {\n throw new PsbtSubstitutionError(\n `output ${i} scriptPubKey differs (requested=${redactHex(r.script)}, returned=${redactHex(s.script)})`,\n );\n }\n if (r.value !== s.value) {\n throw new PsbtSubstitutionError(\n `output ${i} value differs (requested=${r.value}, returned=${s.value})`,\n );\n }\n }\n}\n"],"names":["createPayoutScript","params","connector","createPayoutConnector","DEPOSITOR_PAYOUT_INPUT_COUNT","PEGIN_VAULT_OUTPUT_INDEX","ASSERT_PAYOUT_OUTPUT_INDEX","TAPROOT_SINGLE_SIG_WITNESS_STACK_SIZE","buildPayoutPsbt","payoutTxHex","stripHexPrefix","peginTxHex","assertTxHex","payoutConnector","payoutScriptBytes","hexToUint8Array","controlBlock","payoutTx","Transaction","peginTx","assertTx","psbt","Psbt","input0","input1","input0Txid","uint8ArrayToHex","peginTxid","input1Txid","assertTxid","peginPrevOut","input1PrevOut","TAPSCRIPT_LEAF_VERSION","Buffer","tapInternalPubkey","output","assertPayoutOutputMatchesRegistered","registeredPayoutScriptPubKey","isValidHex","expectedScript","max","extractPayoutSignature","signedPsbtHex","depositorPubkey","inputIndex","signedPsbt","input","depositorPubkeyBytes","sigEntry","extractSchnorrSig","witnessStack","parseWitnessStack","sig","witness","items","offset","requireBytes","n","readVarInt","first","val","count","len","PsbtSubstitutionError","detail","parsePsbt","label","hex","cause","reason","REDACTED_HEX_PREFIX_LEN","redactHex","buf","redactTxid","internalHash","reversed","assertPsbtUnsignedTxMatches","requested","returned","i","r"],"mappings":";;;;AA8IA,eAAsBA,EACpBC,GAC6B;AAE7B,QAAMC,IAAY,MAAMC;AAAA,IACtB;AAAA,MACE,WAAWF,EAAO;AAAA,MAClB,eAAeA,EAAO;AAAA,MACtB,cAAcA,EAAO;AAAA,MACrB,sBAAsBA,EAAO;AAAA,MAC7B,eAAeA,EAAO;AAAA,IAAA;AAAA,IAExBA,EAAO;AAAA,EAAA;AAGT,SAAO;AAAA,IACL,cAAcC,EAAU;AAAA,IACxB,mBAAmBA,EAAU;AAAA,IAC7B,cAAcA,EAAU;AAAA,IACxB,SAASA,EAAU;AAAA,IACnB,oBAAoBA,EAAU;AAAA,EAAA;AAElC;ACnJO,MAAME,IAA+B,GAG/BC,IAA2B,GAM3BC,IAA6B,GCcpCC,IAAwC;AAyF9C,eAAsBC,EACpBP,GAC2B;AAE3B,QAAMQ,IAAcC,EAAeT,EAAO,WAAW,GAC/CU,IAAaD,EAAeT,EAAO,UAAU,GAC7CW,IAAcF,EAAeT,EAAO,WAAW,GAG/CY,IAAkB,MAAMb,EAAmB;AAAA,IAC/C,WAAWC,EAAO;AAAA,IAClB,eAAeA,EAAO;AAAA,IACtB,cAAcA,EAAO;AAAA,IACrB,sBAAsBA,EAAO;AAAA,IAC7B,eAAeA,EAAO;AAAA,IACtB,SAASA,EAAO;AAAA,EAAA,CACjB,GAEKa,IAAoBC,EAAgBF,EAAgB,YAAY,GAChEG,IAAeD,EAAgBF,EAAgB,kBAAkB,GAGjEI,IAAWC,EAAY,QAAQT,CAAW,GAC1CU,IAAUD,EAAY,QAAQP,CAAU,GACxCS,IAAWF,EAAY,QAAQN,CAAW,GAG1CS,IAAO,IAAIC,EAAA;AAajB,MAZAD,EAAK,WAAWJ,EAAS,OAAO,GAChCI,EAAK,YAAYJ,EAAS,QAAQ,GAW9BA,EAAS,IAAI,WAAW;AAC1B,UAAM,IAAI;AAAA,MACR,sDAAsDA,EAAS,IAAI,MAAM;AAAA,IAAA;AAI7E,QAAMM,IAASN,EAAS,IAAI,CAAC,GACvBO,IAASP,EAAS,IAAI,CAAC,GAMvBQ,IAAaC;AAAA,IACjB,IAAI,WAAWH,EAAO,IAAI,EAAE,MAAA,EAAQ,QAAA;AAAA,EAAQ,GAExCI,IAAYR,EAAQ,MAAA;AAE1B,MAAIM,MAAeE,KAAaJ,EAAO,UAAUlB;AAC/C,UAAM,IAAI;AAAA,MACR,4BAA4BA,CAAwB,cACtCsB,CAAS,IAAItB,CAAwB,SAASoB,CAAU,IAAIF,EAAO,KAAK;AAAA,IAAA;AAK1F,QAAMK,IAAaF;AAAA,IACjB,IAAI,WAAWF,EAAO,IAAI,EAAE,MAAA,EAAQ,QAAA;AAAA,EAAQ,GAExCK,IAAaT,EAAS,MAAA;AAE5B,MAAIQ,MAAeC,KAAcL,EAAO,UAAUlB;AAChD,UAAM,IAAI;AAAA,MACR,6BAA6BA,CAA0B,cACzCuB,CAAU,IAAIvB,CAA0B,SAASsB,CAAU,IAAIJ,EAAO,KAAK;AAAA,IAAA;AAI7F,QAAMM,IAAeX,EAAQ,KAAKI,EAAO,KAAK;AAC9C,MAAI,CAACO;AACH,UAAM,IAAI;AAAA,MACR,gDAAgDL,CAAU,YAAYF,EAAO,KAAK;AAAA,IAAA;AAItF,QAAMQ,IAAgBX,EAAS,KAAKI,EAAO,KAAK;AAChD,MAAI,CAACO;AACH,UAAM,IAAI;AAAA,MACR,gDAAgDH,CAAU,YAAYJ,EAAO,KAAK;AAAA,IAAA;AAMtF,EAAAH,EAAK,SAAS;AAAA,IACZ,MAAME,EAAO;AAAA,IACb,OAAOA,EAAO;AAAA,IACd,UAAUA,EAAO;AAAA,IACjB,aAAa;AAAA,MACX,QAAQO,EAAa;AAAA,MACrB,OAAOA,EAAa;AAAA,IAAA;AAAA,IAEtB,eAAe;AAAA,MACb;AAAA,QACE,aAAaE;AAAA,QACb,QAAQC,EAAO,KAAKnB,CAAiB;AAAA,QACrC,cAAcmB,EAAO,KAAKjB,CAAY;AAAA,MAAA;AAAA,IACxC;AAAA,IAEF,gBAAgBiB,EAAO,KAAKC,CAAiB;AAAA;AAAA,EAAA,CAE9C,GAKDb,EAAK,SAAS;AAAA,IACZ,MAAMG,EAAO;AAAA,IACb,OAAOA,EAAO;AAAA,IACd,UAAUA,EAAO;AAAA,IACjB,aAAa;AAAA,MACX,QAAQO,EAAc;AAAA,MACtB,OAAOA,EAAc;AAAA,IAAA;AAAA;AAAA,EACvB,CAED;AAGD,aAAWI,KAAUlB,EAAS;AAC5B,IAAAI,EAAK,UAAU;AAAA,MACb,QAAQc,EAAO;AAAA,MACf,OAAOA,EAAO;AAAA,IAAA,CACf;AAGH,SAAO;AAAA,IACL,SAASd,EAAK,MAAA;AAAA,EAAM;AAExB;AAgBO,SAASe,EACd3B,GACA4B,GACM;AACN,MAAI,CAACC,EAAWD,CAA4B;AAC1C,UAAM,IAAI,MAAM,qDAAqD;AAGvE,QAAME,IAAiBN,EAAO;AAAA,IAC5BvB,EAAe2B,CAA4B;AAAA,IAC3C;AAAA,EAAA,GAEIpB,IAAWC,EAAY,QAAQR,EAAeD,CAAW,CAAC;AAEhE,MAAIQ,EAAS,KAAK,WAAW;AAC3B,UAAM,IAAI,MAAM,mCAAmC;AAOrD,MAAI,CAJkBA,EAAS,KAAK;AAAA,IAAO,CAACuB,GAAKL,MAC/CA,EAAO,QAAQK,EAAI,QAAQL,IAASK;AAAA,EAAA,EAGnB,OAAO,OAAOD,CAAc;AAC7C,UAAM,IAAI;AAAA,MACR;AAAA,IAAA;AAGN;AAqBO,SAASE,EACdC,GACAC,GACAC,IAAa,GACL;AACR,QAAMC,IAAavB,EAAK,QAAQoB,CAAa;AAE7C,MAAIE,KAAcC,EAAW,KAAK,OAAO;AACvC,UAAM,IAAI;AAAA,MACR,eAAeD,CAAU,kBAAkBC,EAAW,KAAK,OAAO,MAAM;AAAA,IAAA;AAI5E,QAAMC,IAAQD,EAAW,KAAK,OAAOD,CAAU;AAG/C,MAAIE,EAAM,gBAAgBA,EAAM,aAAa,SAAS,GAAG;AACvD,UAAMC,IAAuBhC,EAAgB4B,CAAe;AAE5D,eAAWK,KAAYF,EAAM;AAC3B,UAAIE,EAAS,OAAO,OAAOf,EAAO,KAAKc,CAAoB,CAAC;AAC1D,eAAOE,EAAkBD,EAAS,WAAWJ,CAAU;AAI3D,UAAM,IAAI;AAAA,MACR,4CAA4CD,CAAe,aAAaC,CAAU;AAAA,IAAA;AAAA,EAEtF;AAQA,MAAIE,EAAM,sBAAsBA,EAAM,mBAAmB,SAAS,GAAG;AACnE,UAAMI,IAAeC,EAAkBL,EAAM,kBAAkB;AAC/D,QAAII,EAAa,WAAW3C;AAC1B,YAAM,IAAI;AAAA,QACR,oDAAoDqC,CAAU,cAChDrC,CAAqC,iDAC1C2C,EAAa,MAAM;AAAA,MAAA;AAGhC,WAAOD,EAAkBC,EAAa,CAAC,GAAGN,CAAU;AAAA,EACtD;AAEA,QAAM,IAAI;AAAA,IACR,uEAAuEA,CAAU;AAAA,EAAA;AAErF;AASA,SAASK,EAAkBG,GAAiBR,GAA4B;AACtE,MAAIQ,EAAI,WAAW;AACjB,WAAO1B,EAAgB,IAAI,WAAW0B,CAAG,CAAC;AAE5C,QAAIA,EAAI,WAAW,KACX,IAAI;AAAA,IACR,6BAA6BA,EAAI,EAAE,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,aAAaR,CAAU;AAAA,EAAA,IAIvF,IAAI;AAAA,IACR,wCAAwCA,CAAU,KAAKQ,EAAI,MAAM;AAAA,EAAA;AAErE;AAUA,SAASD,EAAkBE,GAA2B;AACpD,QAAMC,IAAkB,CAAA;AACxB,MAAIC,IAAS;AAEb,QAAMC,IAAe,CAACC,MAAoB;AACxC,QAAIF,IAASE,IAAIJ,EAAQ;AACvB,YAAM,IAAI;AAAA,QACR,gCAAgCI,CAAC,sBAAsBF,CAAM,UAAUF,EAAQ,SAASE,CAAM;AAAA,MAAA;AAAA,EAGpG,GAEMG,IAAa,MAAc;AAC/B,IAAAF,EAAa,CAAC;AACd,UAAMG,IAAQN,EAAQE,GAAQ;AAC9B,QAAII,IAAQ,IAAM,QAAOA;AACzB,QAAIA,MAAU,KAAM;AAClB,MAAAH,EAAa,CAAC;AACd,YAAMI,KAAOP,EAAQE,CAAM,IAAKF,EAAQE,IAAS,CAAC,KAAK,OAAQ;AAC/D,aAAAA,KAAU,GACHK;AAAA,IACT;AACA,QAAID,MAAU,KAAM;AAClB,MAAAH,EAAa,CAAC;AACd,YAAMI,KACHP,EAAQE,CAAM,IACZF,EAAQE,IAAS,CAAC,KAAK,IACvBF,EAAQE,IAAS,CAAC,KAAK,KACvBF,EAAQE,IAAS,CAAC,KAAK,QAC1B;AACF,aAAAA,KAAU,GACHK;AAAA,IACT;AAIA,UAAM,IAAI;AAAA,MACR,wEAAwEL,IAAS,CAAC;AAAA,IAAA;AAAA,EAEtF,GAEMM,IAAQH,EAAA;AACd,WAAS,IAAI,GAAG,IAAIG,GAAO,KAAK;AAC9B,UAAMC,IAAMJ,EAAA;AACZ,IAAAF,EAAaM,CAAG,GAChBR,EAAM,KAAKrB,EAAO,KAAKoB,EAAQ,SAASE,GAAQA,IAASO,CAAG,CAAC,CAAC,GAC9DP,KAAUO;AAAA,EACZ;AAEA,MAAIP,MAAWF,EAAQ;AACrB,UAAM,IAAI;AAAA,MACR,2BAA2BA,EAAQ,SAASE,CAAM,mCAAmCM,CAAK;AAAA,IAAA;AAI9F,SAAOP;AACT;ACpcO,MAAMS,UAA8B,MAAM;AAAA,EAC/C,YAAYC,GAAgB;AAC1B;AAAA,MACE,uDAAuDA,CAAM;AAAA,IAAA,GAE/D,KAAK,OAAO;AAAA,EACd;AACF;AASA,SAASC,EAAUC,GAAiCC,GAAmB;AACrE,MAAI;AACF,WAAO7C,EAAK,QAAQ6C,CAAG;AAAA,EACzB,SAASC,GAAO;AACd,UAAMC,IAASD,aAAiB,QAAQA,EAAM,UAAU,OAAOA,CAAK;AACpE,UAAM,IAAI,MAAM,mBAAmBF,CAAK,UAAUG,CAAM,EAAE;AAAA,EAC5D;AACF;AAOA,MAAMC,IAA0B;AAEhC,SAASC,EAAUC,GAAqB;AACtC,SAAO,GAAGA,EAAI,SAAS,KAAK,EAAE,MAAM,GAAGF,CAAuB,CAAC;AACjE;AAQA,SAASG,EAAWC,GAA8B;AAChD,QAAMC,IAAW1C,EAAO,KAAKyC,CAAY,EAAE,QAAA;AAC3C,SAAOH,EAAUI,CAAQ;AAC3B;AASO,SAASC,EACd3E,GACM;AACN,QAAM4E,IAAYZ,EAAU,aAAahE,EAAO,gBAAgB,GAC1D6E,IAAWb,EAAU,YAAYhE,EAAO,eAAe;AAE7D,MAAI4E,EAAU,YAAYC,EAAS;AACjC,UAAM,IAAIf;AAAA,MACR,iCAAiCc,EAAU,OAAO,cAAcC,EAAS,OAAO;AAAA,IAAA;AAGpF,MAAID,EAAU,aAAaC,EAAS;AAClC,UAAM,IAAIf;AAAA,MACR,kCAAkCc,EAAU,QAAQ,cAAcC,EAAS,QAAQ;AAAA,IAAA;AAGvF,MAAID,EAAU,SAAS,WAAWC,EAAS,SAAS;AAClD,UAAM,IAAIf;AAAA,MACR,kCAAkCc,EAAU,SAAS,MAAM,cAAcC,EAAS,SAAS,MAAM;AAAA,IAAA;AAGrG,MAAID,EAAU,UAAU,WAAWC,EAAS,UAAU;AACpD,UAAM,IAAIf;AAAA,MACR,mCAAmCc,EAAU,UAAU,MAAM,cAAcC,EAAS,UAAU,MAAM;AAAA,IAAA;AAGxG,WAASC,IAAI,GAAGA,IAAIF,EAAU,SAAS,QAAQE,KAAK;AAClD,UAAMC,IAAIH,EAAU,SAASE,CAAC,GACxB,IAAID,EAAS,SAASC,CAAC;AAC7B,QAAI,CAACC,EAAE,KAAK,OAAO,EAAE,IAAI;AACvB,YAAM,IAAIjB;AAAA,QACR,SAASgB,CAAC,oCAAoCN,EAAWO,EAAE,IAAI,CAAC,cAAcP,EAAW,EAAE,IAAI,CAAC;AAAA,MAAA;AAGpG,QAAIO,EAAE,UAAU,EAAE;AAChB,YAAM,IAAIjB;AAAA,QACR,SAASgB,CAAC,oCAAoCC,EAAE,KAAK,cAAc,EAAE,KAAK;AAAA,MAAA;AAG9E,QAAIA,EAAE,aAAa,EAAE;AACnB,YAAM,IAAIjB;AAAA,QACR,SAASgB,CAAC,gCAAgCC,EAAE,QAAQ,cAAc,EAAE,QAAQ;AAAA,MAAA;AAAA,EAGlF;AACA,WAASD,IAAI,GAAGA,IAAIF,EAAU,UAAU,QAAQE,KAAK;AACnD,UAAMC,IAAIH,EAAU,UAAUE,CAAC,GACzB,IAAID,EAAS,UAAUC,CAAC;AAC9B,QAAI,CAACC,EAAE,OAAO,OAAO,EAAE,MAAM;AAC3B,YAAM,IAAIjB;AAAA,QACR,UAAUgB,CAAC,oCAAoCR,EAAUS,EAAE,MAAM,CAAC,cAAcT,EAAU,EAAE,MAAM,CAAC;AAAA,MAAA;AAGvG,QAAIS,EAAE,UAAU,EAAE;AAChB,YAAM,IAAIjB;AAAA,QACR,UAAUgB,CAAC,6BAA6BC,EAAE,KAAK,cAAc,EAAE,KAAK;AAAA,MAAA;AAAA,EAG1E;AACF;"}

package/dist/buildAndBroadcastRefund-CEKwFY8l.cjs ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";var W=Object.defineProperty;var Q=(e,t,r)=>t in e?W(e,t,{enumerable:!0,configurable:!0,writable:!0,value:r}):e[t]=r;var S=(e,t,r)=>Q(e,typeof t!="symbol"?t+"":t,r);const Y=require("./BTCVaultRegistry.abi-CHFGevwa.cjs"),c=require("./bitcoin-CHfKAhcI.cjs"),M=require("./PayoutManager-BfT0V-tm.cjs"),h=require("./types-D2jcXfm7.cjs"),T=require("bitcoinjs-lib"),m=require("./assertPsbtUnsignedTxMatches-CagW7XqW.cjs"),A=require("./noPayout-B6s8vrW6.cjs"),V=require("./signing-Bnsro0hE.cjs"),j=/^0x[0-9a-fA-F]{64}$/,Z=/^0x[0-9a-fA-F]{40}$/,J=/^0x([0-9a-fA-F]{2})$/;function _(e,t){if(e.length!==66)throw new Error(`${t} must be 32 bytes (66 hex chars with 0x prefix), got length ${e.length}`);if(!j.test(e))throw new Error(`${t} must contain only hex characters after the 0x prefix`)}function ee(e,t){if(!Z.test(e))throw new Error(`${t} must be a 20-byte 0x-prefixed hex address (42 chars)`)}function te(e,t){if(!J.test(e))throw new Error(`${t} must be a 0x-prefixed hex string with an even number of hex chars`)}async function re(e){const{btcVaultRegistryAddress:t,vaultId:r,hashlock:n,activationMetadata:o,writeContract:u,signal:s}=e;s==null\|\|s.throwIfAborted(),ee(t,"btcVaultRegistryAddress"),_(r,"vaultId");const a=c.ensureHexPrefix(e.secret);if(_(a,"secret"),n!==void 0&&(_(n,"hashlock"),!M.validateSecretAgainstHashlock(a,n)))throw new Error("Invalid secret: SHA256(secret) does not match the provided hashlock");return te(o,"activationMetadata"),u({address:t,abi:Y.BTCVaultRegistryABI,functionName:"activateVaultWithSecret",args:[r,a,o]})}const ne=1e4;async function R(e){const{statusReader:t,peginTxid:r,targetStatuses:n,timeoutMs:o,pollIntervalMs:u=ne,signal:s}=e,a=Date.now();for(;;){if(s!=null&&s.aborted)throw new Error(`Polling aborted for pegin ${r.slice(0,8)}… (target: ${[...n].join(", ")})`);if(Date.now()-a>=o)throw new Error(`Polling timeout after ${o}ms for pegin ${r.slice(0,8)}… (target: ${[...n].join(", ")})`);try{const i=await t.getPeginStatus({pegin_txid:r},s);if(i.pegin_txid.toLowerCase()!==r.toLowerCase())throw new Error(`getPeginStatus returned status for pegin ${i.pegin_txid.slice(0,8)}…, requested ${r.slice(0,8)}…`);const l=i.status;if(n.has(l)\|\|l===h.DaemonStatus.ACTIVATED)return l;if(l===h.DaemonStatus.EXPIRED\|\|h.VP_TERMINAL_FAILURE_STATUSES.has(l))throw new Error(`Pegin ${r.slice(0,8)}… reached terminal status "${l}" while waiting for ${[...n].join(", ")}`)}catch(i){if(!(i instanceof h.JsonRpcError&&i.code===h.RpcErrorCode.PEGIN_NOT_FOUND))throw i}await new Promise((i,l)=>{const p=()=>{clearTimeout(d),l(new Error(`Polling aborted for pegin ${r.slice(0,8)}… (target: ${[...n].join(", ")})`))},d=setTimeout(()=>{s==null\|\|s.removeEventListener("abort",p),i()},u);s==null\|\|s.addEventListener("abort",p,{once:!0})})}}const oe=3001e3,ie=new Set([h.DaemonStatus.PENDING_DEPOSITOR_WOTS_PK,...h.POST_WOTS_STATUSES]);async function se(e){const{statusReader:t,wotsSubmitter:r,peginTxid:n,depositorPk:o,wotsPublicKeys:u,timeoutMs:s=oe,signal:a}=e;a==null\|\|a.throwIfAborted();const i=await R({statusReader:t,peginTxid:n,targetStatuses:ie,timeoutMs:s,signal:a});h.POST_WOTS_STATUSES.has(i)\|\|(a==null\|\|a.throwIfAborted(),await r.submitDepositorWotsKey({pegin_txid:n,depositor_pk:o,wots_public_keys:u},a))}const K=1;function ae(e,t){const r=c.stripHexPrefix(t).toLowerCase(),o=e.map(u=>c.stripHexPrefix(u).toLowerCase()).filter(u=>u!==r);if(o.length===0)throw new Error("Cannot derive localChallengers: vault keeper set is empty (or contains only the depositor)");if(new Set(o).size!==o.length)throw new Error("Cannot derive localChallengers: duplicate vaultKeeper key — signing context is misconfigured");return o}function ue(e,t,r){const n=r.map(d=>c.stripHexPrefix(d).toLowerCase()),o=t.filter(d=>n.includes(d));if(o.length>0)throw new Error(`Cannot validate challenger set: vault keepers and universal challengers overlap (${o.join(", ")})`);const u=[...t,...n],s=e.map(d=>c.stripHexPrefix(d.challenger_pubkey).toLowerCase()),a=new Set(s);if(a.size!==s.length)throw new Error("Depositor graph contains duplicate challenger entries in challenger_presign_data");const i=new Set(u),l=u.filter(d=>!a.has(d)),p=s.filter(d=>!i.has(d));if(l.length>0\|\|p.length>0)throw new Error("Depositor graph challenger set does not match expected (local ∪ universal)"+(l.length>0?` (missing: ${l.join(", ")})`:"")+(p.length>0?` (unexpected: ${p.join(", ")})`:""))}function le(e,t){const r=e.ins[t];return c.uint8ArrayToHex(new Uint8Array(r.hash).slice().reverse())}function C(e,t,r,n,o){const u=e.ins[t];if(u.index!==0)throw new Error(`NoPayout (challenger ${o}) input ${t} expected to spend ${n} vout 0, got vout ${u.index}`);const s=r.getId(),a=le(e,t);if(a!==s)throw new Error(`NoPayout (challenger ${o}) input ${t} does not reference ${n} (expected txid ${s}, got ${a})`)}async function ce(e,t,r){const n=[],o=[],u=[],s=ae(r.vaultKeeperBtcPubkeys,r.depositorBtcPubkey);ue(e.challenger_presign_data,s,r.universalChallengerBtcPubkeys),m.assertPayoutOutputMatchesRegistered(e.payout_tx.tx_hex,r.registeredPayoutScriptPubKey);const a=await m.buildPayoutPsbt({payoutTxHex:e.payout_tx.tx_hex,peginTxHex:r.peginTxHex,assertTxHex:e.assert_tx.tx_hex,depositorBtcPubkey:r.depositorBtcPubkey,vaultProviderBtcPubkey:r.vaultProviderBtcPubkey,vaultKeeperBtcPubkeys:r.vaultKeeperBtcPubkeys,universalChallengerBtcPubkeys:r.universalChallengerBtcPubkeys,timelockPegin:r.timelockPegin,network:r.network});n.push(a.psbtHex),o.push(V.createTaprootScriptPathSignOptions(t,K));const i=c.stripHexPrefix(r.depositorBtcPubkey),l=T.Transaction.fromHex(c.stripHexPrefix(e.assert_tx.tx_hex));for(const p of e.challenger_presign_data){const d=c.stripHexPrefix(p.challenger_pubkey),g=n.length,x=await de({challenger:p,challengerPubkey:d,claimerPubkey:i,localChallengers:s,assertTxParsed:l,ctx:r});n.push(x),o.push(V.createTaprootScriptPathSignOptions(t,K)),u.push({challengerPubkey:d,noPayoutIdx:g})}return{psbtHexes:n,signOptions:o,challengerEntries:u}}async function de(e){const{challenger:t,challengerPubkey:r,claimerPubkey:n,localChallengers:o,assertTxParsed:u,ctx:s}=e;A.assertNoPayoutOutputMatchesChallenger(t.nopayout_tx.tx_hex,r,s.network);const a=T.Transaction.fromHex(c.stripHexPrefix(t.nopayout_tx.tx_hex)),i=T.Transaction.fromHex(c.stripHexPrefix(t.challenge_assert_x_tx.tx_hex)),l=T.Transaction.fromHex(c.stripHexPrefix(t.challenge_assert_y_tx.tx_hex));if(a.ins.length!==3)throw new Error(`NoPayout (challenger ${r}) must have exactly 3 inputs, got ${a.ins.length}`);C(a,0,u,"Assert",r),C(a,1,i,"ChallengeAssertX",r),C(a,2,l,"ChallengeAssertY",r);const p=[u.outs[0],i.outs[0],l.outs[0]].map(d=>({script_pubkey:c.uint8ArrayToHex(new Uint8Array(d.script)),value:d.value}));return A.buildNoPayoutPsbt({noPayoutTxHex:t.nopayout_tx.tx_hex,challengerPubkey:r,prevouts:p,connectorParams:{claimer:n,localChallengers:o,universalChallengers:s.universalChallengerBtcPubkeys,timelockAssert:s.timelockAssert,councilMembers:s.councilMembers,councilQuorum:s.councilQuorum}})}function pe(e,t,r){m.assertPsbtUnsignedTxMatches(e[0]);const n=m.extractPayoutSignature(e[0].returnedPsbtHex,r),o={};for(const u of t)m.assertPsbtUnsignedTxMatches(e[u.noPayoutIdx]),o[u.challengerPubkey]={nopayout_signature:m.extractPayoutSignature(e[u.noPayoutIdx].returnedPsbtHex,r)};return{payout_signatures:{payout_signature:n},per_challenger:o}}async function he(e,t,r){if(typeof e.signPsbts=="function")return e.signPsbts(t,r);const n=[];for(let o=0;o<t.length;o++)n.push(await e.signPsbt(t[o],r==null?void 0:r[o]));return n}async function U(e){const{depositorGraph:t,btcWallet:r,signingContext:n}=e,o=await r.getPublicKeyHex(),{depositorPubkey:u}=c.validateWalletPubkey(o,c.stripHexPrefix(n.depositorBtcPubkey)),{psbtHexes:s,signOptions:a,challengerEntries:i}=await ce(t,o,n),l=await he(r,s,a);if(l.length!==s.length)throw new Error(`Wallet returned ${l.length} signed PSBTs, expected ${s.length}`);const p=s.map((d,g)=>({requestedPsbtHex:d,returnedPsbtHex:l[g]}));return pe(p,i,u)}const fe=12001e3,L=new Set([h.DaemonStatus.PENDING_ACKS,h.DaemonStatus.PENDING_ACTIVATION,h.DaemonStatus.ACTIVATED_PENDING_BROADCAST,h.DaemonStatus.ACTIVATED]),ge=new Set([h.DaemonStatus.PENDING_DEPOSITOR_SIGNATURES,...L]);function Pe(e){return e.map(t=>({claimerPubkeyXOnly:c.processPublicKeyToXOnly(t.claimer_pubkey),payoutTxHex:t.payout_tx.tx_hex,assertTxHex:t.assert_tx.tx_hex}))}function ye(e,t){const r=c.stripHexPrefix(e).toLowerCase(),n=c.stripHexPrefix(t.vaultProviderBtcPubkey).toLowerCase(),o=c.stripHexPrefix(t.depositorBtcPubkey).toLowerCase();if(r===n\|\|r===o)return t.registeredPayoutScriptPubKey;if(!t.vaultKeeperBtcPubkeys.some(s=>c.stripHexPrefix(s).toLowerCase()===r))throw new Error(`Unknown claimer pubkey ${r}: not VP, depositor, or a registered vault keeper`);return c.deriveBip86ScriptPubKeyHex(r)}function N(e,t){return{payoutTxHex:e.payoutTxHex,peginTxHex:t.peginTxHex,assertTxHex:e.assertTxHex,vaultProviderBtcPubkey:t.vaultProviderBtcPubkey,vaultKeeperBtcPubkeys:t.vaultKeeperBtcPubkeys,universalChallengerBtcPubkeys:t.universalChallengerBtcPubkeys,depositorBtcPubkey:t.depositorBtcPubkey,timelockPegin:t.timelockPegin,registeredPayoutScriptPubKey:ye(e.claimerPubkeyXOnly,t)}}async function xe(e,t,r,n){const o=new M.PayoutManager({network:t.network,btcWallet:e}),u=r.length;n==null\|\|n(0,u);let s;if(o.supportsBatchSigning())s=(await o.signPayoutTransactionsBatch(r.map(l=>N(l,t)))).map(l=>l.payoutSignature);else{s=[];for(let i=0;i<r.length;i++){n==null\|\|n(i,u);const l=await o.signPayoutTransaction(N(r[i],t));s.push(l.signature)}}const a={};for(let i=0;i<r.length;i++)a[r[i].claimerPubkeyXOnly]={payout_signature:s[i]};return n==null\|\|n(u,u),a}async function be(e){const{statusReader:t,presignClient:r,btcWallet:n,peginTxid:o,depositorPk:u,signingContext:s,timeoutMs:a=fe,signal:i,onProgress:l}=e,p=await R({statusReader:t,peginTxid:o,targetStatuses:ge,timeoutMs:a,signal:i});if(L.has(p))return;i==null\|\|i.throwIfAborted();const d=await r.requestDepositorPresignTransactions({pegin_txid:o,depositor_pk:u},i);i==null\|\|i.throwIfAborted();const g=c.processPublicKeyToXOnly(u),x=d.txs.filter(w=>c.processPublicKeyToXOnly(w.claimer_pubkey)!==g),b=Pe(x),P=await xe(n,s,b,l);i==null\|\|i.throwIfAborted();const y=await U({depositorGraph:d.depositor_graph,btcWallet:n,signingContext:{peginTxHex:s.peginTxHex,depositorBtcPubkey:u,vaultProviderBtcPubkey:s.vaultProviderBtcPubkey,vaultKeeperBtcPubkeys:s.vaultKeeperBtcPubkeys,universalChallengerBtcPubkeys:s.universalChallengerBtcPubkeys,timelockPegin:s.timelockPegin,timelockAssert:s.timelockAssert,councilMembers:s.councilMembers,councilQuorum:s.councilQuorum,network:s.network,registeredPayoutScriptPubKey:s.registeredPayoutScriptPubKey}});i==null\|\|i.throwIfAborted();const v={...P};v[c.stripHexPrefix(u)]=y.payout_signatures,await r.submitDepositorPresignatures({pegin_txid:o,depositor_pk:u,signatures:v,depositor_claimer_presignatures:y},i)}function me(e){return/^[0-9a-fA-F]{64}$/.test(e)}function ve(e){const{amountSats:t,minDeposit:r,maxDeposit:n,btcBalance:o,estimatedFeeSats:u,depositorClaimValue:s}=e;return!(t<=0n\|\|t<r\|\|n&&n>0n&&t>n\|\|u==null\|\|s==null\|\|t+u+s>o)}function we(e,t,r){return e<=0n?{valid:!1,error:"Deposit amount must be greater than zero"}:e<t?{valid:!1,error:`Minimum deposit is ${c.formatSatoshisToBtc(t)} BTC`}:r&&r>0n&&e>r?{valid:!1,error:`Maximum deposit is ${c.formatSatoshisToBtc(r)} BTC`}:{valid:!0}}function Te(e){const{amount:t,effectiveRemaining:r}=e;return r===null?{valid:!0}:r===0n?{valid:!1,error:"Supply cap reached — deposits temporarily paused"}:t>r?{valid:!1,error:`Vault size exceeds remaining capacity (${c.formatSatoshisToBtc(r)} BTC)`}:{valid:!0}}function ke(e,t){if(!e\|\|e.length===0)return{valid:!1,error:"At least one vault provider must be selected"};const r=t.map(o=>o.toLowerCase());return e.filter(o=>!r.includes(o.toLowerCase())).length>0?{valid:!1,error:"Invalid vault provider selected"}:{valid:!0}}function F(e,t,r){if(!e\|\|e.length===0)return{valid:!1,error:"At least one vault amount required"};for(let n=0;n<e.length;n++){const o=e[n];if(o<=0n)return{valid:!1,error:`Vault ${n+1} amount must be positive`};if(t&&o<t)return{valid:!1,error:`Vault ${n+1} amount ${c.formatSatoshisToBtc(o)} BTC is below minimum deposit ${c.formatSatoshisToBtc(t)} BTC`};if(r&&o>r)return{valid:!1,error:`Vault ${n+1} amount ${c.formatSatoshisToBtc(o)} BTC exceeds maximum deposit ${c.formatSatoshisToBtc(r)} BTC`}}return{valid:!0}}function X(e){const t=c.stripHexPrefix(e);return me(t)?{valid:!0}:{valid:!1,error:"Invalid pubkey format: must be 64 hex characters (32-byte x-only public key, no 0x prefix)"}}function Ee(e){if(!e\|\|e.length===0)throw new Error("No vault keepers available. The system requires at least one vault keeper to create a deposit.")}function Se(e){if(!e\|\|e.length===0)throw new Error("No universal challengers available. The system requires at least one universal challenger to create a deposit.")}function _e(e){if(e.length===0)throw new Error("No spendable UTXOs available")}function Ce(e){const{vaultAmounts:t,confirmedUTXOs:r,vaultProviderBtcPubkey:n,vaultKeeperBtcPubkeys:o,universalChallengerBtcPubkeys:u,minDeposit:s,maxDeposit:a}=e,i=F(t,s,a);if(!i.valid)throw new Error(i.error);const l=X(n);if(!l.valid)throw new Error(l.error);Ee(o),Se(u),_e(r)}async function Be(e){const{vaultRegistryReader:t,vaultKeeperReader:r,universalChallengerReader:n,vaultProviderEthAddress:o,applicationEntryPoint:u,expectedVaultProviderBtcPubkey:s,expectedVaultKeeperBtcPubkeys:a,expectedUniversalChallengerBtcPubkeys:i}=e,[l,p,d]=await Promise.all([t.getVaultProviderBtcPubKey(o),r.getCurrentVaultKeepersVersion(u),n.getLatestUniversalChallengersVersion()]),[g,x]=await Promise.all([r.getVaultKeepersByVersion(u,p),n.getUniversalChallengersByVersion(d)]),b=f=>c.processPublicKeyToXOnly(f).toLowerCase(),P=f=>f.map(b).sort();if(b(s)!==l)throw new Error(`Vault provider BTC pubkey indexer hint does not match BTCVaultRegistry for ${o}. Refresh and try again.`);const v=P(a),w=P(g.map(f=>f.btcPubKey));if(v.length!==w.length\|\|v.some((f,E)=>f!==w[E]))throw new Error(`Vault keeper BTC pubkeys (v${p}) indexer set does not match ApplicationRegistry on-chain set. Refresh and try again.`);const O=P(i),k=P(x.map(f=>f.btcPubKey));if(O.length!==k.length\|\|O.some((f,E)=>f!==k[E]))throw new Error(`Universal challenger BTC pubkeys (v${d}) indexer set does not match ProtocolParams on-chain set. Refresh and try again.`);return{vaultProviderBtcPubkeyXOnly:l,vaultKeeperBtcPubkeysSorted:w,universalChallengerBtcPubkeysSorted:k,expectedAppVaultKeepersVersion:p,expectedUniversalChallengersVersion:d}}class $ extends Error{constructor(t){super(t),this.name="RegisteredVaultVersionMismatchError"}}function Ae(e){return e instanceof $\|\|e instanceof Error&&e.name==="RegisteredVaultVersionMismatchError"}async function Ve(e){const{vaultRegistryReader:t,vaultIds:r,expectedOffchainParamsVersion:n,expectedAppVaultKeepersVersion:o,expectedUniversalChallengersVersion:u}=e,s=await t.getProtocolInfoBatch(r),a=[];if(s.forEach((i,l)=>{const p=r[l];i.offchainParamsVersion!==n&&a.push(`vault ${p}: offchainParams expected v${n}, got v${i.offchainParamsVersion}`),i.appVaultKeepersVersion!==o&&a.push(`vault ${p}: appVaultKeepers expected v${o}, got v${i.appVaultKeepersVersion}`),i.universalChallengersVersion!==u&&a.push(`vault ${p}: universalChallengers expected v${u}, got v${i.universalChallengersVersion}`)}),a.length>0)throw new $(`Aborting BTC broadcast: signer-set or offchain-params versions changed during registration (${a.join("; ")}). The Pre-PegIn was not broadcast; the registered ETH vault will time out per protocol rules.`)}var I=(e=>(e.CLAIM_EVENT_RECEIVED="ClaimEventReceived",e.CLAIM_BROADCAST="ClaimBroadcast",e.ASSERT_BROADCAST="AssertBroadcast",e.PAYOUT_BROADCAST="PayoutBroadcast",e.PAYOUT_BLOCKED="PayoutBlocked",e))(I\|\|{});const Re=new Set(["PayoutBroadcast","PayoutBlocked"]);function $e(e){return Object.values(I).includes(e)}function Ie(e){return!!e&&Re.has(e)}class z extends Error{constructor(r,n){super(`Refund not yet mature (BIP68 not final): ${n.message}`);S(this,"vaultId");S(this,"cause");this.name="BIP68NotMatureError",this.vaultId=r,this.cause=n}}const He=/^0x[0-9a-fA-F]{64}$/,Oe=/^(?:0x)?(?:[0-9a-fA-F]{2})+$/,q=/^(?:0x)?(?:[0-9a-fA-F]{64}\|[0-9a-fA-F]{66})$/,H=160;function Ke(e){if(!Number.isFinite(e)\|\|e<=0)throw new Error(`feeRateSatsVb must be a positive finite number, got ${e}`);return BigInt(Math.ceil(eH))}const Ne=1,D=65535,De=/non-BIP68-final/i;function G(e,t){if(e.length!==66)throw new Error(`${t} must be 32 bytes (66 hex chars with 0x prefix), got length ${e.length}`);if(!He.test(e))throw new Error(`${t} must contain only hex characters after the 0x prefix`)}function B(e,t){if(!Number.isInteger(e)\|\|e<0)throw new Error(`${t} must be a non-negative integer, got ${e}`)}function Me(e){if(G(e.hashlock,"hashlock"),!Number.isInteger(e.htlcVout)\|\|e.htlcVout<0\|\|e.htlcVout>D)throw new Error(`htlcVout must be an integer 0-${D}, got ${e.htlcVout}`);if(B(e.offchainParamsVersion,"offchainParamsVersion"),B(e.appVaultKeepersVersion,"appVaultKeepersVersion"),B(e.universalChallengersVersion,"universalChallengersVersion"),typeof e.unsignedPrePeginTxHex!="string"\|\|e.unsignedPrePeginTxHex.length===0)throw new Error("unsignedPrePeginTxHex must be a non-empty hex string");if(!Oe.test(e.unsignedPrePeginTxHex))throw new Error("unsignedPrePeginTxHex must be a hex byte string (optional 0x prefix, even length)");if(!e.depositorBtcPubkey\|\|!q.test(e.depositorBtcPubkey))throw new Error("depositorBtcPubkey must be 32 or 33 bytes of hex (optional 0x prefix)");if(typeof e.amount!="bigint"\|\|e.amount<=0n)throw new Error(`amount must be a positive bigint, got ${e.amount}`)}function Ue(e){if(!e.vaultProviderPubkey\|\|!q.test(e.vaultProviderPubkey))throw new Error("vaultProviderPubkey must be 32 or 33 bytes of hex");if(e.vaultKeeperPubkeys.length===0)throw new Error("vaultKeeperPubkeys must be non-empty");if(e.universalChallengerPubkeys.length===0)throw new Error("universalChallengerPubkeys must be non-empty");if(!Number.isInteger(e.timelockRefund)\|\|e.timelockRefund<=0)throw new Error(`timelockRefund must be a positive integer, got ${e.timelockRefund}`);if(typeof e.feeRate!="bigint"\|\|e.feeRate<=0n)throw new Error(`protocol feeRate must be a positive bigint, got ${e.feeRate}`);if(!Number.isInteger(e.numLocalChallengers)\|\|e.numLocalChallengers<0)throw new Error("numLocalChallengers must be a non-negative integer");if(!Number.isInteger(e.councilQuorum)\|\|!Number.isInteger(e.councilSize)\|\|e.councilQuorum<=0\|\|e.councilSize<=0\|\|e.councilQuorum>e.councilSize)throw new Error(`councilQuorum (${e.councilQuorum}) must be in [1, councilSize=${e.councilSize}]`)}function Le(e){const t=T.Psbt.fromHex(e);try{t.finalizeAllInputs()}catch(r){const n=r instanceof Error?r.message:String(r);if(!n.includes("already finalized"))throw new Error(`Failed to finalize refund PSBT: ${n}`)}return t.extractTransaction().toHex()}async function Fe(e){const{vaultId:t,readVault:r,readPrePeginContext:n,feeRate:o,signPsbt:u,broadcastTx:s,signal:a}=e;a==null\|\|a.throwIfAborted(),G(t,"vaultId");const i=await r();Me(i),a==null\|\|a.throwIfAborted();const l=await n(i);if(Ue(l),a==null\|\|a.throwIfAborted(),!Number.isFinite(o)\|\|o<=0)throw new Error(`feeRate must be a positive number, got ${o}`);const p=BigInt(Math.ceil(o*H));a==null\|\|a.throwIfAborted();const d=c.processPublicKeyToXOnly(i.depositorBtcPubkey),{psbtHex:g}=await A.buildRefundPsbt({prePeginParams:{depositorPubkey:d,vaultProviderPubkey:c.stripHexPrefix(l.vaultProviderPubkey),vaultKeeperPubkeys:l.vaultKeeperPubkeys.map(c.stripHexPrefix),universalChallengerPubkeys:l.universalChallengerPubkeys.map(c.stripHexPrefix),hashlocks:[c.stripHexPrefix(i.hashlock)],timelockRefund:l.timelockRefund,pegInAmounts:[i.amount],feeRate:l.feeRate,numLocalChallengers:l.numLocalChallengers,councilQuorum:l.councilQuorum,councilSize:l.councilSize,network:l.network},fundedPrePeginTxHex:c.stripHexPrefix(i.unsignedPrePeginTxHex),htlcVout:i.htlcVout,refundFee:p,hashlock:c.stripHexPrefix(i.hashlock)});a==null\|\|a.throwIfAborted();const x=V.createTaprootScriptPathSignOptions(i.depositorBtcPubkey,Ne),b=await u(g,x);m.assertPsbtUnsignedTxMatches({requestedPsbtHex:g,returnedPsbtHex:b});const P=Le(b);a==null\|\|a.throwIfAborted();try{return await s(P)}catch(y){throw y instanceof Error&&De.test(y.message)?new z(t,y):y}}exports.BIP68NotMatureError=z;exports.ClaimerPegoutStatusValue=I;exports.REFUND_VSIZE=H;exports.RegisteredVaultVersionMismatchError=$;exports.activateVault=re;exports.buildAndBroadcastRefund=Fe;exports.estimateRefundFeeSats=Ke;exports.isDepositAmountValid=ve;exports.isPegoutTerminalStatus=Ie;exports.isRecognizedPegoutStatus=$e;exports.isRegisteredVaultVersionMismatchError=Ae;exports.runDepositorPresignFlow=be;exports.signDepositorGraph=U;exports.submitWotsPublicKey=se;exports.validateDepositAmount=we;exports.validateMultiVaultDepositInputs=Ce;exports.validateOnChainParticipantKeys=Be;exports.validateProviderSelection=ke;exports.validateRemainingCapacity=Te;exports.validateVaultAmounts=F;exports.validateVaultProviderPubkey=X;exports.verifyRegisteredVaultVersions=Ve;exports.waitForPeginStatus=R;
2	+ //# sourceMappingURL=buildAndBroadcastRefund-CEKwFY8l.cjs.map