@babylonlabs-io/ts-sdk 0.40.0 → 0.41.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (33) hide show
  1. package/dist/PayoutManager-B5bovfkD.cjs.map +1 -1
  2. package/dist/PayoutManager-DChODEOJ.js.map +1 -1
  3. package/dist/assertPsbtUnsignedTxMatches-CzVv57QF.js.map +1 -1
  4. package/dist/assertPsbtUnsignedTxMatches-r1svclbd.cjs.map +1 -1
  5. package/dist/bitcoin-B5aNKtsk.js.map +1 -1
  6. package/dist/bitcoin-CHfKAhcI.cjs.map +1 -1
  7. package/dist/tbv/core/clients/vault-provider/auth/serverIdentity.d.ts +0 -7
  8. package/dist/tbv/core/clients/vault-provider/auth/serverIdentity.d.ts.map +1 -1
  9. package/dist/tbv/core/managers/pegin/assertAuthAnchorOpReturn.d.ts +0 -17
  10. package/dist/tbv/core/managers/pegin/assertAuthAnchorOpReturn.d.ts.map +1 -1
  11. package/dist/tbv/core/managers/pegin/index.d.ts +1 -1
  12. package/dist/tbv/core/managers/pegin/index.d.ts.map +1 -1
  13. package/dist/tbv/core/primitives/psbt/constants.d.ts +0 -4
  14. package/dist/tbv/core/primitives/psbt/constants.d.ts.map +1 -1
  15. package/dist/tbv/core/primitives/utils/bitcoin.d.ts +0 -5
  16. package/dist/tbv/core/primitives/utils/bitcoin.d.ts.map +1 -1
  17. package/dist/tbv/integrations/aave/index.cjs +1 -1
  18. package/dist/tbv/integrations/aave/index.cjs.map +1 -1
  19. package/dist/tbv/integrations/aave/index.js +265 -270
  20. package/dist/tbv/integrations/aave/index.js.map +1 -1
  21. package/dist/tbv/integrations/aave/utils/cascadeSimulation.d.ts +9 -0
  22. package/dist/tbv/integrations/aave/utils/cascadeSimulation.d.ts.map +1 -1
  23. package/dist/tbv/integrations/aave/utils/optimalOrder.d.ts +20 -3
  24. package/dist/tbv/integrations/aave/utils/optimalOrder.d.ts.map +1 -1
  25. package/dist/types-0bvDGR4x.js.map +1 -1
  26. package/dist/types-Be3sAYzr.cjs.map +1 -1
  27. package/package.json +1 -1
  28. package/dist/tbv/core/primitives/psbt/index.d.ts +0 -34
  29. package/dist/tbv/core/primitives/psbt/index.d.ts.map +0 -1
  30. package/dist/tbv/core/primitives/scripts/index.d.ts +0 -10
  31. package/dist/tbv/core/primitives/scripts/index.d.ts.map +0 -1
  32. package/dist/tbv/core/primitives/utils/index.d.ts +0 -9
  33. package/dist/tbv/core/primitives/utils/index.d.ts.map +0 -1
package/dist/assertPsbtUnsignedTxMatches-r1svclbd.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"assertPsbtUnsignedTxMatches-r1svclbd.cjs","sources":["../src/tbv/core/primitives/psbt/pegin.ts","../src/tbv/core/primitives/scripts/payout.ts","../src/tbv/core/primitives/psbt/constants.ts","../src/tbv/core/primitives/psbt/payout.ts","../src/tbv/core/primitives/psbt/assertPsbtUnsignedTxMatches.ts"],"sourcesContent":["/**\n * Pre-PegIn PSBT Builder Primitive\n *\n * This module provides pure functions for building unfunded Pre-PegIn transactions\n * and deriving PegIn transactions from them, using the WASM implementation from\n * @babylonlabs-io/babylon-tbv-rust-wasm.\n *\n * Pre-PegIn Flow:\n * 1. buildPrePeginPsbt() — creates unfunded Pre-PegIn tx (HTLC output)\n * 2. [caller funds Pre-PegIn tx and computes txid]\n * 3. buildPeginTxFromFundedPrePegin() — derives PegIn tx spending the HTLC\n * 4. buildPeginInputPsbt() — PSBT for depositor to sign PegIn HTLC leaf 0 input\n *\n * @module primitives/psbt/pegin\n */\n\nimport {\n buildPeginTxFromPrePegin,\n createPrePeginTransaction,\n type Network,\n} from \"@babylonlabs-io/babylon-tbv-rust-wasm\";\n\nimport { parseUnfundedWasmTransaction } from \"../../utils/transaction/fundPeginTransaction\";\n\n/**\n * Parameters for building an unfunded Pre-PegIn PSBT\n */\nexport interface PrePeginParams {\n /** Depositor's BTC public key (x-only, 64-char hex without 0x prefix) */\n depositorPubkey: string;\n /** Vault provider's BTC public key (x-only, 64-char hex) */\n vaultProviderPubkey: string;\n /** Array of vault keeper BTC public keys (x-only, 64-char hex) */\n vaultKeeperPubkeys: string[];\n /** Array of universal challenger BTC public keys (x-only, 64-char hex) */\n universalChallengerPubkeys: string[];\n /** SHA256 hash commitment(s) (64 hex chars = 32 bytes each) */\n hashlocks: readonly string[];\n /** CSV timelock in blocks for the HTLC refund path */\n timelockRefund: number;\n /** Amounts to peg in (satoshis), one per deposit */\n pegInAmounts: readonly bigint[];\n /** TX-graph fee rate in sat/vB from contract offchain params; sizes the depositor claim value */\n feeRate: bigint;\n /** Minimum PegIn fee rate in sat/vB from contract offchain params; sizes the PegIn tx fee */\n minPeginFeeRate: bigint;\n /** Number of local challengers (from contract params) */\n numLocalChallengers: number;\n /** M in M-of-N council multisig (from contract params) */\n councilQuorum: number;\n /** N in M-of-N council multisig (from contract params) */\n councilSize: number;\n /** Bitcoin network */\n network: Network;\n /**\n * Optional 32-byte `SHA256(auth_anchor)` commitment (64-char hex, no\n * `0x` prefix). If provided, the Pre-PegIn tx will include an\n * `OP_RETURN <PUSH32 authAnchorHash>` output at vout =\n * `hashlocks.length`, binding the depositor's bearer-token\n * `auth_anchor` preimage to this Pre-PegIn.\n */\n authAnchorHash?: string;\n}\n\n/**\n * Byte length of an `auth_anchor_hash` commitment when encoded as a\n * lowercase hex string (32 bytes → 64 hex chars).\n */\nconst AUTH_ANCHOR_HASH_HEX_LEN = 64;\n\nconst HEX_PATTERN = /^[0-9a-fA-F]+$/;\n\n/**\n * Result of building an unfunded Pre-PegIn transaction\n */\nexport interface PrePeginPsbtResult {\n /**\n * Unfunded transaction hex (no inputs, HTLC outputs + optional\n * auth-anchor OP_RETURN + CPFP anchor).\n *\n * The caller is responsible for:\n * - Selecting UTXOs covering totalOutputValue + network fees\n * - Funding the transaction (add inputs and change output)\n * - Calling buildPeginTxFromFundedPrePegin() with the funded tx hex\n */\n psbtHex: string;\n /** Sum of all unfunded outputs — use this for UTXO selection */\n totalOutputValue: bigint;\n /** HTLC output values in satoshis, one per deposit (each includes peginAmount + depositorClaimValue + minPeginFee) */\n htlcValues: readonly bigint[];\n /** HTLC output scriptPubKeys (hex encoded), one per deposit */\n htlcScriptPubKeys: readonly string[];\n /** HTLC Taproot addresses, one per deposit */\n htlcAddresses: readonly string[];\n /** Pegin amounts in satoshis, one per deposit */\n peginAmounts: readonly bigint[];\n /** Depositor claim value computed by WASM from contract parameters */\n depositorClaimValue: bigint;\n /**\n * Vout index of the auth-anchor `OP_RETURN` output if one was\n * included (i.e. `authAnchorHash` was provided), or `null` if not.\n * Always equals `htlcValues.length` when present.\n */\n authAnchorVout: number | null;\n}\n\n/**\n * Parameters for building the PegIn transaction from a funded Pre-PegIn tx\n */\nexport interface BuildPeginTxParams {\n /** Same PrePeginParams used to create the Pre-PegIn transaction */\n prePeginParams: PrePeginParams;\n /** CSV timelock in blocks for the PegIn vault output */\n timelockPegin: number;\n /** Hex-encoded funded Pre-PegIn transaction */\n fundedPrePeginTxHex: string;\n /** Index of the HTLC output to spend */\n htlcVout: number;\n}\n\n/**\n * Result of building the PegIn transaction\n */\nexport interface PeginTxResult {\n /** PegIn transaction hex (1 input spending HTLC, 1 vault output) */\n txHex: string;\n /** PegIn transaction ID */\n txid: string;\n /** Vault output scriptPubKey (hex encoded) */\n vaultScriptPubKey: string;\n /** Vault output value in satoshis */\n vaultValue: bigint;\n}\n\n/**\n * Build unfunded Pre-PegIn transaction using WASM.\n *\n * Creates a Bitcoin transaction template with no inputs, an HTLC output, and a\n * CPFP anchor output. The HTLC value is computed internally from the contract\n * parameters — the caller does not need to compute depositorClaimValue separately.\n *\n * @param params - Pre-PegIn parameters\n * @returns Unfunded Pre-PegIn transaction details with HTLC output information\n * @throws If WASM initialization fails or parameters are invalid\n */\nexport async function buildPrePeginPsbt(\n params: PrePeginParams,\n): Promise<PrePeginPsbtResult> {\n const authAnchorHash = normalizeAuthAnchorHash(params.authAnchorHash);\n\n const result = await createPrePeginTransaction({\n depositorPubkey: params.depositorPubkey,\n vaultProviderPubkey: params.vaultProviderPubkey,\n vaultKeeperPubkeys: params.vaultKeeperPubkeys,\n universalChallengerPubkeys: params.universalChallengerPubkeys,\n hashlocks: [...params.hashlocks],\n timelockRefund: params.timelockRefund,\n pegInAmounts: [...params.pegInAmounts],\n feeRate: params.feeRate,\n minPeginFeeRate: params.minPeginFeeRate,\n numLocalChallengers: params.numLocalChallengers,\n councilQuorum: params.councilQuorum,\n councilSize: params.councilSize,\n network: params.network,\n authAnchorHash,\n });\n\n // Parse the unfunded tx to sum all output values\n // (HTLCs + optional OP_RETURN + CPFP anchor). This is the amount\n // UTXOs must cover before adding network fees.\n const parsed = parseUnfundedWasmTransaction(result.txHex);\n const totalOutputValue = parsed.outputs.reduce(\n (sum, o) => sum + BigInt(o.value),\n 0n,\n );\n\n // The WASM places the OP_RETURN commitment immediately after the\n // HTLC outputs when authAnchorHash is provided.\n const authAnchorVout =\n authAnchorHash !== undefined ? result.htlcValues.length : null;\n\n return {\n psbtHex: result.txHex,\n totalOutputValue,\n htlcValues: result.htlcValues,\n htlcScriptPubKeys: result.htlcScriptPubKeys,\n htlcAddresses: result.htlcAddresses,\n peginAmounts: result.peginAmounts,\n depositorClaimValue: result.depositorClaimValue,\n authAnchorVout,\n };\n}\n\n/**\n * Validate and normalize an `authAnchorHash` hex string before passing\n * it to the WASM boundary. WASM expects exactly 64 lowercase hex chars.\n */\nexport function normalizeAuthAnchorHash(\n value: string | undefined,\n): string | undefined {\n if (value === undefined) return undefined;\n const cleaned =\n value.startsWith(\"0x\") || value.startsWith(\"0X\") ? value.slice(2) : value;\n if (\n cleaned.length !== AUTH_ANCHOR_HASH_HEX_LEN ||\n !HEX_PATTERN.test(cleaned)\n ) {\n throw new Error(\n `authAnchorHash must be 32-byte hex (${AUTH_ANCHOR_HASH_HEX_LEN} chars, no 0x prefix); got length ${cleaned.length}`,\n );\n }\n return cleaned.toLowerCase();\n}\n\n/**\n * Build the PegIn transaction from a funded Pre-PegIn transaction.\n *\n * The PegIn transaction spends the Pre-PegIn HTLC output at htlcVout via the\n * hashlock + all-party script (leaf 0).\n *\n * @param params - Build parameters including Pre-PegIn params and funded tx hex\n * @returns PegIn transaction details\n * @throws If WASM initialization fails or parameters are invalid\n */\nexport async function buildPeginTxFromFundedPrePegin(\n params: BuildPeginTxParams,\n): Promise<PeginTxResult> {\n // WASM reconstructs the Pre-PegIn template from these params to\n // decode the funded tx. Must pass `authAnchorHash` (normalized\n // identically to buildPrePeginPsbt) so the reconstruction matches\n // the original outputs, including the OP_RETURN at vout =\n // hashlocks.length.\n const result = await buildPeginTxFromPrePegin(\n {\n depositorPubkey: params.prePeginParams.depositorPubkey,\n vaultProviderPubkey: params.prePeginParams.vaultProviderPubkey,\n vaultKeeperPubkeys: params.prePeginParams.vaultKeeperPubkeys,\n universalChallengerPubkeys:\n params.prePeginParams.universalChallengerPubkeys,\n hashlocks: [...params.prePeginParams.hashlocks],\n timelockRefund: params.prePeginParams.timelockRefund,\n pegInAmounts: [...params.prePeginParams.pegInAmounts],\n feeRate: params.prePeginParams.feeRate,\n minPeginFeeRate: params.prePeginParams.minPeginFeeRate,\n numLocalChallengers: params.prePeginParams.numLocalChallengers,\n councilQuorum: params.prePeginParams.councilQuorum,\n councilSize: params.prePeginParams.councilSize,\n network: params.prePeginParams.network,\n authAnchorHash: normalizeAuthAnchorHash(\n params.prePeginParams.authAnchorHash,\n ),\n },\n params.timelockPegin,\n params.fundedPrePeginTxHex,\n params.htlcVout,\n );\n\n return {\n txHex: result.txHex,\n txid: result.txid,\n vaultScriptPubKey: result.vaultScriptPubKey,\n vaultValue: result.vaultValue,\n };\n}\n","/**\n * Payout Script Generator Primitive\n *\n * This module provides pure functions for generating payout scripts and taproot information\n * by wrapping the WASM implementation from @babylonlabs-io/babylon-tbv-rust-wasm.\n *\n * The payout script is used for signing payout transactions in the vault system.\n * It defines the spending conditions for the vault output, enabling the depositor\n * to authorize payouts during the peg-in flow (Step 3).\n *\n * @remarks\n * This is a low-level primitive. For most use cases, prefer using {@link buildPayoutPsbt}\n * which handles script creation internally. For high-level wallet orchestration, use\n * PayoutManager from the managers module.\n *\n * @see {@link buildPayoutPsbt} - Higher-level function that uses this internally\n *\n * @module primitives/scripts/payout\n */\n\nimport {\n createPayoutConnector,\n type Network,\n} from \"@babylonlabs-io/babylon-tbv-rust-wasm\";\n\n/**\n * Parameters for creating a payout script.\n *\n * These parameters define the participants in a vault and are used to generate\n * the taproot script that controls how funds can be spent from the vault.\n */\nexport interface PayoutScriptParams {\n /**\n * Depositor's BTC public key (x-only, 64-char hex without 0x prefix).\n *\n * This is the user depositing BTC into the vault. The depositor must sign\n * payout transactions to authorize fund distribution.\n */\n depositor: string;\n\n /**\n * Vault provider's BTC public key (x-only, 64-char hex without 0x prefix).\n *\n * The service provider managing vault operations. Also referred to as\n * \"claimer\" in the WASM layer.\n */\n vaultProvider: string;\n\n /**\n * Array of vault keeper BTC public keys (x-only, 64-char hex without 0x prefix).\n *\n * Vault keepers participate in vault operations and script spending conditions.\n */\n vaultKeepers: string[];\n\n /**\n * Array of universal challenger BTC public keys (x-only, 64-char hex without 0x prefix).\n *\n * These parties can challenge the vault under certain conditions.\n */\n universalChallengers: string[];\n\n /**\n * CSV timelock in blocks for the PegIn output.\n */\n timelockPegin: number;\n\n /**\n * Bitcoin network for script generation.\n *\n * Must match the network used for all other vault operations to ensure\n * address encoding compatibility.\n */\n network: Network;\n}\n\n/**\n * Result of creating a payout script.\n *\n * Contains all the taproot-related data needed for constructing and signing\n * payout transactions from the vault.\n */\nexport interface PayoutScriptResult {\n /**\n * The payout script hex used in taproot script path spending.\n *\n * This is the raw script bytes that define the spending conditions,\n * encoded as a hexadecimal string. Used when constructing the\n * tapLeafScript for PSBT signing.\n */\n payoutScript: string;\n\n /**\n * The taproot script hash (leaf hash) for the payout script.\n *\n * This is the tagged hash of the script used in taproot tree construction.\n * Required for computing the control block during script path spending.\n */\n taprootScriptHash: string;\n\n /**\n * The full scriptPubKey for the vault output address.\n *\n * This is the complete output script (OP_1 <32-byte-key>) that should be\n * used when creating the vault output in a peg-in transaction.\n */\n scriptPubKey: string;\n\n /**\n * The vault Bitcoin address derived from the script.\n *\n * A human-readable bech32m address (bc1p... for mainnet, tb1p... for testnet/signet)\n * that can be used to receive funds into the vault.\n */\n address: string;\n\n /**\n * Serialized control block for Taproot script path spend (hex encoded).\n *\n * Computed by the Rust WASM PeginPayoutConnector. Used directly in\n * tapLeafScript when building payout PSBTs.\n */\n payoutControlBlock: string;\n}\n\n/**\n * Create payout script and taproot information using WASM.\n *\n * This is a pure function that wraps the Rust WASM implementation.\n * The payout connector generates the necessary taproot scripts and information\n * required for signing payout transactions.\n *\n * @remarks\n * The generated script encodes spending conditions that require signatures from\n * the depositor and vault provider (or liquidators in challenge scenarios).\n * This script is used internally by {@link buildPayoutPsbt}.\n *\n * @param params - Payout script parameters defining vault participants and network\n * @returns Payout script and taproot information for PSBT construction\n *\n * @see {@link buildPayoutPsbt} - Use this for building complete payout PSBTs\n */\nexport async function createPayoutScript(\n params: PayoutScriptParams,\n): Promise<PayoutScriptResult> {\n // Call the WASM wrapper with the correct parameter structure\n const connector = await createPayoutConnector(\n {\n depositor: params.depositor,\n vaultProvider: params.vaultProvider,\n vaultKeepers: params.vaultKeepers,\n universalChallengers: params.universalChallengers,\n timelockPegin: params.timelockPegin,\n },\n params.network,\n );\n\n return {\n payoutScript: connector.payoutScript,\n taprootScriptHash: connector.taprootScriptHash,\n scriptPubKey: connector.scriptPubKey,\n address: connector.address,\n payoutControlBlock: connector.payoutControlBlock,\n };\n}\n","/**\n * Protocol invariants for depositor graph transactions.\n *\n * These indices and counts encode the on-chain vault protocol layout\n * (which output of PegIn/Assert each child transaction spends, and how\n * many inputs each transaction has). Consumed by the PSBT builders and\n * the depositor graph signing service; a drift between copies of these\n * values would silently change validation behaviour.\n *\n * @module primitives/psbt/constants\n * @see btc-vault crates/vault/docs/btc-transactions-spec.md\n */\n\n/**\n * Depositor Payout transaction input count.\n * Input 0: PegIn:0 (signed). Input 1: Assert:0 (in sighash, not signed).\n */\nexport const DEPOSITOR_PAYOUT_INPUT_COUNT = 2;\n\n/** PegIn vault output index spent by the depositor's Payout input 0. */\nexport const PEGIN_VAULT_OUTPUT_INDEX = 0;\n\n/** Payout input index bound to the graph Assert tx (NOT signed). */\nexport const PAYOUT_ASSERT_INPUT_INDEX = 1;\n\n/** Assert output index spent by the depositor's Payout input 1 (NOT signed). */\nexport const ASSERT_PAYOUT_OUTPUT_INDEX = 0;\n\n/** Assert output index spent by NoPayout input 0 (signed). */\nexport const ASSERT_NOPAYOUT_OUTPUT_INDEX = 0;\n\n/**\n * Dust amount (sats) for the payout CPFP anchor output. Matches `DUST_AMOUNT`\n * in `btc-vault crates/vault/src/lib.rs`.\n */\nexport const PAYOUT_ANCHOR_DUST_SATS = 546;\n\n/** VP-claimer payout output count: [depositor payout, VP commission, CPFP anchor]. */\nexport const VP_CLAIMER_PAYOUT_OUTPUT_COUNT = 3;\n\n/** Depositor/VK-claimer payout output count: [claimer payout, CPFP anchor]. */\nexport const NON_VP_CLAIMER_PAYOUT_OUTPUT_COUNT = 2;\n\n/**\n * Exclusive upper bound on VP commission (bps), and the bps denominator for\n * `floor(peginValue * bps / 10_000)`. Matches `BTCVaultRegistry._validateCommission`\n * (`commissionBps >= 10000` reverts). The minimum is version-locked\n * (`minVpCommissionBps`) and enforced upstream, not here.\n */\nexport const MAX_VP_COMMISSION_BPS_EXCLUSIVE = 10_000;\n","/**\n * Payout PSBT Builder Primitives\n *\n * This module provides pure functions for building unsigned payout PSBTs and extracting\n * Schnorr signatures from signed PSBTs. It uses WASM-generated scripts from the payout\n * connector and bitcoinjs-lib for PSBT construction.\n *\n * The Payout transaction references the Assert transaction (input 1).\n *\n * @module primitives/psbt/payout\n */\n\nimport {\n type Network,\n tapInternalPubkey,\n} from \"@babylonlabs-io/babylon-tbv-rust-wasm\";\nimport { Buffer } from \"buffer\";\nimport { Psbt, Transaction } from \"bitcoinjs-lib\";\nimport { createPayoutScript } from \"../scripts/payout\";\nimport {\n TAPSCRIPT_LEAF_VERSION,\n deriveBip86ScriptPubKeyHex,\n hexToUint8Array,\n isValidHex,\n stripHexPrefix,\n uint8ArrayToHex,\n} from \"../utils/bitcoin\";\nimport {\n ASSERT_PAYOUT_OUTPUT_INDEX,\n MAX_VP_COMMISSION_BPS_EXCLUSIVE,\n NON_VP_CLAIMER_PAYOUT_OUTPUT_COUNT,\n PAYOUT_ANCHOR_DUST_SATS,\n PEGIN_VAULT_OUTPUT_INDEX,\n VP_CLAIMER_PAYOUT_OUTPUT_COUNT,\n} from \"./constants\";\n\n/**\n * Number of items in a Taproot script-path spend witness stack for a\n * single-signature script: [signature, script, controlBlock].\n *\n * The current payout script requires exactly one depositor signature. If the\n * protocol evolves to require multiple signatures in the payout script, this\n * invariant and the finalized-PSBT extraction path must be revisited because\n * the first witness item would no longer necessarily be the depositor's.\n */\nconst TAPROOT_SINGLE_SIG_WITNESS_STACK_SIZE = 3;\n\n/**\n * Coarse cap on a payout tx's implicit fee (inputs − outputs), as a fraction\n * of input value — blocks a VP deflating outputs and burning the remainder\n * as miner fee. A backstop only; the per-role structural checks in\n * {@link assertPayoutOutputLayout} are the primary value-diversion guard.\n */\nconst MAX_PAYOUT_FEE_FRACTION_NUMERATOR = 10;\nconst MAX_PAYOUT_FEE_FRACTION_DENOMINATOR = 100;\n\n/**\n * Parameters for building an unsigned Payout PSBT\n *\n * Payout is used in the challenge path after Assert, when the claimer proves validity.\n * Input 1 references the Assert transaction.\n */\nexport interface PayoutParams {\n /**\n * Payout transaction hex (unsigned)\n * This is the transaction that needs to be signed by the depositor\n */\n payoutTxHex: string;\n\n /**\n * Assert transaction hex\n * Payout input 1 references Assert output 0\n */\n assertTxHex: string;\n\n /**\n * Peg-in transaction hex\n * This transaction created the vault output that we're spending\n */\n peginTxHex: string;\n\n /**\n * Depositor's BTC public key (x-only, 64-char hex without 0x prefix)\n */\n depositorBtcPubkey: string;\n\n /**\n * Vault provider's BTC public key (x-only, 64-char hex)\n */\n vaultProviderBtcPubkey: string;\n\n /**\n * Vault keeper BTC public keys (x-only, 64-char hex)\n */\n vaultKeeperBtcPubkeys: string[];\n\n /**\n * Universal challenger BTC public keys (x-only, 64-char hex)\n */\n universalChallengerBtcPubkeys: string[];\n\n /**\n * CSV timelock in blocks for the PegIn output.\n */\n timelockPegin: number;\n\n /**\n * Bitcoin network\n */\n network: Network;\n\n /**\n * Claimer's x-only BTC public key (64-char hex, no prefix). Drives role\n * inference (VP / depositor-as-claimer / VK-claimer) inside `buildPayoutPsbt`.\n */\n claimerBtcPubkey: string;\n\n /**\n * On-chain registered depositor payout scriptPubKey (hex, 0x optional).\n * Expected outs[0].script for VP- and depositor-claimer roles; unused for\n * VK-claimer (its outs[0].script is derived from `claimerBtcPubkey`).\n */\n registeredPayoutScriptPubKey: string;\n\n /**\n * VP commission in basis points (`BTCVaultRegistry.vaultProviderCommissionBps`).\n * Caps the VP-claimer outs[1].value. The protocol minimum is enforced\n * upstream; here only `0 <= bps < 10_000` is checked, for safe cap math.\n */\n commissionBps: number;\n}\n\n/**\n * Result of building an unsigned payout PSBT\n */\nexport interface PayoutPsbtResult {\n /**\n * Unsigned PSBT hex ready for signing\n */\n psbtHex: string;\n}\n\n/**\n * Build unsigned Payout PSBT for depositor to sign.\n *\n * Payout is used in the **challenge path** when the claimer proves validity:\n * 1. Vault provider submits Claim transaction\n * 2. Challenge is raised during challenge period\n * 3. Claimer submits Assert transaction to prove validity\n * 4. Payout can be executed (references Assert tx)\n *\n * Payout transactions have the following structure:\n * - Input 0: from PeginTx output0 (signed by depositor)\n * - Input 1: from Assert output0 (NOT signed by depositor)\n *\n * @param params - Payout parameters\n * @returns Unsigned PSBT ready for depositor to sign\n *\n * @throws If payout transaction does not have exactly 2 inputs\n * @throws If input 0 does not spend PegIn:0 (vault UTXO)\n * @throws If input 1 does not spend Assert:0 (proof output)\n * @throws If previous output is not found for either input\n * @throws If sum of output values exceeds sum of input values (invalid tx)\n * @throws If implicit fee (inputs − outputs) exceeds the configured fraction\n * of total input value — see {@link MAX_PAYOUT_FEE_FRACTION_NUMERATOR}\n * @throws If `claimerBtcPubkey` is not VP, depositor, or a registered VK\n * @throws If payout output count, outs[0] script, outs[last] anchor value, or\n * (VP-claimer) outs[1] commission cap do not match the protocol layout\n * @throws If `commissionBps` is not a non-negative integer below 10_000\n */\nexport async function buildPayoutPsbt(\n params: PayoutParams,\n): Promise<PayoutPsbtResult> {\n // Normalize hex inputs (strip 0x prefix if present)\n const payoutTxHex = stripHexPrefix(params.payoutTxHex);\n const peginTxHex = stripHexPrefix(params.peginTxHex);\n const assertTxHex = stripHexPrefix(params.assertTxHex);\n\n // Get payout script from WASM\n const payoutConnector = await createPayoutScript({\n depositor: params.depositorBtcPubkey,\n vaultProvider: params.vaultProviderBtcPubkey,\n vaultKeepers: params.vaultKeeperBtcPubkeys,\n universalChallengers: params.universalChallengerBtcPubkeys,\n timelockPegin: params.timelockPegin,\n network: params.network,\n });\n\n const payoutScriptBytes = hexToUint8Array(payoutConnector.payoutScript);\n const controlBlock = hexToUint8Array(payoutConnector.payoutControlBlock);\n\n // Parse transactions\n const payoutTx = Transaction.fromHex(payoutTxHex);\n const peginTx = Transaction.fromHex(peginTxHex);\n const assertTx = Transaction.fromHex(assertTxHex);\n\n // Create PSBT\n const psbt = new Psbt();\n psbt.setVersion(payoutTx.version);\n psbt.setLocktime(payoutTx.locktime);\n\n // PayoutTx has exactly 2 inputs:\n // - Input 0: from PeginTx output0 (signed by depositor using taproot script path)\n // - Input 1: from Assert output0 (signed by claimer/challengers, not depositor)\n //\n // IMPORTANT: For Taproot SIGHASH_DEFAULT (0x00), the sighash commits to ALL inputs'\n // prevouts, not just the one being signed. Therefore, we must include BOTH inputs\n // in the PSBT so the wallet computes the correct sighash that the VP expects.\n\n // Verify payout transaction has expected structure\n if (payoutTx.ins.length !== 2) {\n throw new Error(\n `Payout transaction must have exactly 2 inputs, got ${payoutTx.ins.length}`,\n );\n }\n\n const input0 = payoutTx.ins[0];\n const input1 = payoutTx.ins[1];\n\n // Verify input 0 spends PegIn:0 (the vault UTXO).\n // Both txid AND vout must match the protocol contract — the vout is the\n // input-side anchor that prevents a malicious VP from binding the\n // depositor's signature to a different output of the same parent.\n const input0Txid = uint8ArrayToHex(\n new Uint8Array(input0.hash).slice().reverse(),\n );\n const peginTxid = peginTx.getId();\n\n if (input0Txid !== peginTxid || input0.index !== PEGIN_VAULT_OUTPUT_INDEX) {\n throw new Error(\n `Input 0 must spend PegIn:${PEGIN_VAULT_OUTPUT_INDEX}. ` +\n `Expected ${peginTxid}:${PEGIN_VAULT_OUTPUT_INDEX}, got ${input0Txid}:${input0.index}`,\n );\n }\n\n // Verify input 1 spends Assert:0 (the proof output).\n const input1Txid = uint8ArrayToHex(\n new Uint8Array(input1.hash).slice().reverse(),\n );\n const assertTxid = assertTx.getId();\n\n if (input1Txid !== assertTxid || input1.index !== ASSERT_PAYOUT_OUTPUT_INDEX) {\n throw new Error(\n `Input 1 must spend Assert:${ASSERT_PAYOUT_OUTPUT_INDEX}. ` +\n `Expected ${assertTxid}:${ASSERT_PAYOUT_OUTPUT_INDEX}, got ${input1Txid}:${input1.index}`,\n );\n }\n\n const peginPrevOut = peginTx.outs[input0.index];\n if (!peginPrevOut) {\n throw new Error(\n `Previous output not found for input 0 (txid: ${input0Txid}, index: ${input0.index})`,\n );\n }\n\n const input1PrevOut = assertTx.outs[input1.index];\n if (!input1PrevOut) {\n throw new Error(\n `Previous output not found for input 1 (txid: ${input1Txid}, index: ${input1.index})`,\n );\n }\n\n // Per-role output validation — blocks an extra attacker output or value\n // routed into a non-payout slot.\n assertPayoutOutputLayout({\n payoutTx,\n peginValueSats: peginPrevOut.value,\n claimerBtcPubkey: params.claimerBtcPubkey,\n vaultProviderBtcPubkey: params.vaultProviderBtcPubkey,\n depositorBtcPubkey: params.depositorBtcPubkey,\n vaultKeeperBtcPubkeys: params.vaultKeeperBtcPubkeys,\n registeredPayoutScriptPubKey: params.registeredPayoutScriptPubKey,\n commissionBps: params.commissionBps,\n });\n\n // Bound the implicit fee — blocks a VP deflating output values and burning\n // the difference as miner fee.\n const inputValueSats = peginPrevOut.value + input1PrevOut.value;\n let outputValueSats = 0;\n for (const out of payoutTx.outs) outputValueSats += out.value;\n if (outputValueSats > inputValueSats) {\n throw new Error(\n `Payout outputs (${outputValueSats} sats) exceed inputs ` +\n `(${inputValueSats} sats); invalid transaction.`,\n );\n }\n const implicitFeeSats = inputValueSats - outputValueSats;\n const maxFeeSats = Math.floor(\n (inputValueSats * MAX_PAYOUT_FEE_FRACTION_NUMERATOR) /\n MAX_PAYOUT_FEE_FRACTION_DENOMINATOR,\n );\n if (implicitFeeSats > maxFeeSats) {\n throw new Error(\n `Payout implicit fee ${implicitFeeSats} sats exceeds the safety cap ` +\n `of ${maxFeeSats} sats ` +\n `(${MAX_PAYOUT_FEE_FRACTION_NUMERATOR}/${MAX_PAYOUT_FEE_FRACTION_DENOMINATOR} ` +\n `of inputs=${inputValueSats}); refusing to sign payout.`,\n );\n }\n\n // Input 0: Depositor signs using Taproot script path spend\n // This input includes tapLeafScript for signing\n psbt.addInput({\n hash: input0.hash,\n index: input0.index,\n sequence: input0.sequence,\n witnessUtxo: {\n script: peginPrevOut.script,\n value: peginPrevOut.value,\n },\n tapLeafScript: [\n {\n leafVersion: TAPSCRIPT_LEAF_VERSION,\n script: Buffer.from(payoutScriptBytes),\n controlBlock: Buffer.from(controlBlock),\n },\n ],\n tapInternalKey: Buffer.from(tapInternalPubkey),\n // sighashType omitted - defaults to SIGHASH_DEFAULT (0x00) for Taproot\n });\n\n // Input 1: From Assert transaction (NOT signed by depositor)\n // We include this with witnessUtxo so the sighash is computed correctly,\n // but we do NOT include tapLeafScript since the depositor doesn't sign it.\n psbt.addInput({\n hash: input1.hash,\n index: input1.index,\n sequence: input1.sequence,\n witnessUtxo: {\n script: input1PrevOut.script,\n value: input1PrevOut.value,\n },\n // No tapLeafScript - depositor doesn't sign this input\n });\n\n // Add outputs\n for (const output of payoutTx.outs) {\n psbt.addOutput({\n script: output.script,\n value: output.value,\n });\n }\n\n return {\n psbtHex: psbt.toHex(),\n };\n}\n\n/**\n * Validate a payout transaction's output structure for the claimer's role,\n * keyed on `claimerBtcPubkey`. Pins per role: `outs.length`, `outs[0].script`,\n * `outs[last].value` (anchor dust), and (VP-claimer) `outs[1].value` capped at\n * `floor(peginValue × commissionBps / 10_000)`. Canonical layouts: VP-claimer\n * = [payout, commission, anchor]; depositor/VK-claimer = [payout, anchor].\n *\n * `outs[1].script` and `outs[last].script` are intentionally not pinned: the\n * value pins above bound depositor exposure regardless of where those outputs\n * are sent, so the value pins — not script pins — are load-bearing.\n *\n * @internal Helper invoked by {@link buildPayoutPsbt}.\n */\nfunction assertPayoutOutputLayout(args: {\n payoutTx: Transaction;\n peginValueSats: number;\n claimerBtcPubkey: string;\n vaultProviderBtcPubkey: string;\n depositorBtcPubkey: string;\n vaultKeeperBtcPubkeys: string[];\n registeredPayoutScriptPubKey: string;\n commissionBps: number;\n}): void {\n const {\n payoutTx,\n peginValueSats,\n claimerBtcPubkey,\n vaultProviderBtcPubkey,\n depositorBtcPubkey,\n vaultKeeperBtcPubkeys,\n registeredPayoutScriptPubKey,\n commissionBps,\n } = args;\n\n if (!isValidHex(registeredPayoutScriptPubKey)) {\n throw new Error(\"Invalid registeredPayoutScriptPubKey: not valid hex\");\n }\n\n const claimer = stripHexPrefix(claimerBtcPubkey).toLowerCase();\n const vp = stripHexPrefix(vaultProviderBtcPubkey).toLowerCase();\n const dep = stripHexPrefix(depositorBtcPubkey).toLowerCase();\n const keepers = vaultKeeperBtcPubkeys.map((k) =>\n stripHexPrefix(k).toLowerCase(),\n );\n\n type Role = \"vp-claimer\" | \"depositor-as-claimer\" | \"vk-claimer\";\n let role: Role;\n let expectedOutCount: number;\n let expectedOut0ScriptHex: string;\n\n if (claimer === vp) {\n role = \"vp-claimer\";\n expectedOutCount = VP_CLAIMER_PAYOUT_OUTPUT_COUNT;\n expectedOut0ScriptHex = stripHexPrefix(registeredPayoutScriptPubKey);\n } else if (claimer === dep) {\n role = \"depositor-as-claimer\";\n expectedOutCount = NON_VP_CLAIMER_PAYOUT_OUTPUT_COUNT;\n expectedOut0ScriptHex = stripHexPrefix(registeredPayoutScriptPubKey);\n } else if (keepers.includes(claimer)) {\n role = \"vk-claimer\";\n expectedOutCount = NON_VP_CLAIMER_PAYOUT_OUTPUT_COUNT;\n expectedOut0ScriptHex = stripHexPrefix(deriveBip86ScriptPubKeyHex(claimer));\n } else {\n throw new Error(\n `Unknown claimer pubkey ${claimer}: not VP, depositor, or a registered vault keeper`,\n );\n }\n\n if (payoutTx.outs.length !== expectedOutCount) {\n throw new Error(\n `Payout transaction has ${payoutTx.outs.length} output(s), ` +\n `expected exactly ${expectedOutCount} for role ${role}.`,\n );\n }\n\n const expectedOut0Script = Buffer.from(expectedOut0ScriptHex, \"hex\");\n if (!payoutTx.outs[0].script.equals(expectedOut0Script)) {\n throw new Error(\n `Payout transaction output 0 does not pay the expected scriptPubKey for role ${role}`,\n );\n }\n\n const anchorIdx = expectedOutCount - 1;\n if (payoutTx.outs[anchorIdx].value !== PAYOUT_ANCHOR_DUST_SATS) {\n throw new Error(\n `Payout CPFP anchor (out ${anchorIdx}) value ${payoutTx.outs[anchorIdx].value} sats ` +\n `must equal ${PAYOUT_ANCHOR_DUST_SATS} sats`,\n );\n }\n\n if (role === \"vp-claimer\") {\n // Structural guard only — a non-negative integer below the bps\n // denominator, so the cap math `floor(peginValue * bps / 10_000)` is\n // meaningful. The protocol minimum is enforced at the trust boundary\n // (`prepareSigningContext`); a too-low value here is fail-safe.\n if (\n !Number.isInteger(commissionBps) ||\n commissionBps < 0 ||\n commissionBps >= MAX_VP_COMMISSION_BPS_EXCLUSIVE\n ) {\n throw new Error(\n `commissionBps must be an integer in ` +\n `[0, ${MAX_VP_COMMISSION_BPS_EXCLUSIVE}), got ${commissionBps}`,\n );\n }\n const maxCommissionSats = Math.floor(\n (peginValueSats * commissionBps) / MAX_VP_COMMISSION_BPS_EXCLUSIVE,\n );\n if (payoutTx.outs[1].value > maxCommissionSats) {\n throw new Error(\n `Payout VP commission (out 1) value ${payoutTx.outs[1].value} sats ` +\n `exceeds cap ${maxCommissionSats} sats ` +\n `(${commissionBps} bps of peginValue=${peginValueSats})`,\n );\n }\n }\n}\n\n/**\n * Extract Schnorr signature from signed payout PSBT.\n *\n * This function supports two cases:\n * 1. Non-finalized PSBT: Extracts from tapScriptSig field\n * 2. Finalized PSBT: Extracts from witness data\n *\n * The signature is returned as a 64-byte hex string (128 hex characters).\n * Payout signatures must use implicit Taproot SIGHASH_DEFAULT, which is\n * encoded by omitting the sighash byte.\n *\n * @param signedPsbtHex - Signed PSBT hex\n * @param depositorPubkey - Depositor's public key (x-only, 64-char hex)\n * @param inputIndex - Input index to extract signature from (default: 0)\n * @returns 64-byte Schnorr signature (128 hex characters, no sighash flag)\n *\n * @throws If no signature is found in the PSBT\n * @throws If the signature has an unexpected length\n */\nexport function extractPayoutSignature(\n signedPsbtHex: string,\n depositorPubkey: string,\n inputIndex = 0,\n): string {\n const signedPsbt = Psbt.fromHex(signedPsbtHex);\n\n if (inputIndex >= signedPsbt.data.inputs.length) {\n throw new Error(\n `Input index ${inputIndex} out of range (${signedPsbt.data.inputs.length} inputs)`,\n );\n }\n\n const input = signedPsbt.data.inputs[inputIndex];\n\n // Case 1: Non-finalized PSBT — extract from tapScriptSig\n if (input.tapScriptSig && input.tapScriptSig.length > 0) {\n const depositorPubkeyBytes = hexToUint8Array(depositorPubkey);\n\n for (const sigEntry of input.tapScriptSig) {\n if (sigEntry.pubkey.equals(Buffer.from(depositorPubkeyBytes))) {\n return extractSchnorrSig(sigEntry.signature, inputIndex);\n }\n }\n\n throw new Error(\n `No signature found for depositor pubkey: ${depositorPubkey} at input ${inputIndex}`,\n );\n }\n\n // Case 2: Finalized PSBT — extract from finalScriptWitness\n // Taproot single-signature script-path witness: [signature, script, controlBlock].\n // Enforce the exact stack size so that if a wallet produces an unexpected\n // finalization (e.g. a multi-signature stack, an annex, or malformed data),\n // we fail loudly instead of silently returning witnessStack[0] which may\n // not be the depositor's signature.\n if (input.finalScriptWitness && input.finalScriptWitness.length > 0) {\n const witnessStack = parseWitnessStack(input.finalScriptWitness);\n if (witnessStack.length !== TAPROOT_SINGLE_SIG_WITNESS_STACK_SIZE) {\n throw new Error(\n `Unexpected finalized witness stack size at input ${inputIndex}: ` +\n `expected ${TAPROOT_SINGLE_SIG_WITNESS_STACK_SIZE} items (signature, script, controlBlock), ` +\n `got ${witnessStack.length}`,\n );\n }\n return extractSchnorrSig(witnessStack[0], inputIndex);\n }\n\n throw new Error(\n `No tapScriptSig or finalScriptWitness found in signed PSBT at input ${inputIndex}`,\n );\n}\n\n/**\n * Extract and validate a 64-byte Schnorr signature.\n * Rejects 65-byte signatures because the appended sighash byte changes the\n * Taproot message being signed; stripping it would produce an unverifiable\n * SIGHASH_DEFAULT signature.\n * @internal\n */\nfunction extractSchnorrSig(sig: Uint8Array, inputIndex: number): string {\n if (sig.length === 64) {\n return uint8ArrayToHex(new Uint8Array(sig));\n }\n if (sig.length === 65) {\n throw new Error(\n `Unexpected sighash byte 0x${sig[64].toString(16).padStart(2, \"0\")} at input ${inputIndex}. ` +\n \"Expected implicit SIGHASH_DEFAULT as a 64-byte signature.\",\n );\n }\n throw new Error(\n `Unexpected signature length at input ${inputIndex}: ${sig.length}`,\n );\n}\n\n/**\n * Parse a BIP-141 serialized witness stack into individual stack items.\n * Format: [varint item_count] [varint len, data]...\n *\n * Throws on malformed input (truncated buffer, 8-byte varints, or trailing\n * bytes) so callers never receive silently-corrupted witness items.\n * @internal\n */\nfunction parseWitnessStack(witness: Buffer): Buffer[] {\n const items: Buffer[] = [];\n let offset = 0;\n\n const requireBytes = (n: number): void => {\n if (offset + n > witness.length) {\n throw new Error(\n `Malformed witness data: need ${n} byte(s) at offset ${offset}, only ${witness.length - offset} remaining`,\n );\n }\n };\n\n const readVarInt = (): number => {\n requireBytes(1);\n const first = witness[offset++];\n if (first < 0xfd) return first;\n if (first === 0xfd) {\n requireBytes(2);\n const val = (witness[offset] | (witness[offset + 1] << 8)) >>> 0;\n offset += 2;\n return val;\n }\n if (first === 0xfe) {\n requireBytes(4);\n const val =\n (witness[offset] |\n (witness[offset + 1] << 8) |\n (witness[offset + 2] << 16) |\n (witness[offset + 3] << 24)) >>>\n 0;\n offset += 4;\n return val;\n }\n // 0xff — 8-byte varint. Not used for witness sizes in practice and JS\n // numbers cannot represent all 64-bit values exactly, so reject rather\n // than risk silent truncation.\n throw new Error(\n `Malformed witness data: 8-byte varint (0xff) not supported at offset ${offset - 1}`,\n );\n };\n\n const count = readVarInt();\n for (let i = 0; i < count; i++) {\n const len = readVarInt();\n requireBytes(len);\n items.push(Buffer.from(witness.subarray(offset, offset + len)));\n offset += len;\n }\n\n if (offset !== witness.length) {\n throw new Error(\n `Malformed witness data: ${witness.length - offset} trailing byte(s) after parsing ${count} item(s)`,\n );\n }\n\n return items;\n}\n\n","/**\n * Asserts a wallet-returned PSBT encodes the same unsigned transaction\n * as the locally-built PSBT we asked the wallet to sign. Per-input PSBT\n * metadata (witnessUtxo, tapLeafScript, sighashType) is intentionally NOT\n * compared — those fields are committed to the Schnorr sighash and the\n * vault provider's `verify_depositor_signature` rejects mismatches there.\n * This primitive defends the path where a colluding VP would otherwise\n * accept a wallet-substituted signature.\n */\n\nimport { Buffer } from \"buffer\";\n\nimport { Psbt } from \"bitcoinjs-lib\";\n\n/**\n * Thrown when a wallet-returned PSBT encodes a different unsigned\n * transaction than the one the caller asked the wallet to sign.\n */\nexport class PsbtSubstitutionError extends Error {\n constructor(detail: string) {\n super(\n `Wallet returned a PSBT for a different transaction: ${detail}`,\n );\n this.name = \"PsbtSubstitutionError\";\n }\n}\n\nexport interface AssertPsbtUnsignedTxMatchesParams {\n /** PSBT we built locally and asked the wallet to sign. */\n requestedPsbtHex: string;\n /** PSBT the wallet returned after signing. */\n returnedPsbtHex: string;\n}\n\nfunction parsePsbt(label: \"requested\" | \"returned\", hex: string): Psbt {\n try {\n return Psbt.fromHex(hex);\n } catch (cause) {\n const reason = cause instanceof Error ? cause.message : String(cause);\n throw new Error(`Failed to parse ${label} PSBT: ${reason}`);\n }\n}\n\n/**\n * Length of the hex prefix included in mismatch errors. Short enough that\n * full prevout txids and output scriptPubKeys never reach logs / error\n * trackers, long enough to disambiguate during forensic triage.\n */\nconst REDACTED_HEX_PREFIX_LEN = 8;\n\nfunction redactHex(buf: Buffer): string {\n return `${buf.toString(\"hex\").slice(0, REDACTED_HEX_PREFIX_LEN)}…`;\n}\n\n/**\n * `bitcoinjs-lib` exposes `txInputs[i].hash` in internal little-endian form;\n * a human reading logs expects the big-endian txid an explorer would show.\n * Reverse before truncating so the surfaced prefix matches what an operator\n * can search for.\n */\nfunction redactTxid(internalHash: Buffer): string {\n const reversed = Buffer.from(internalHash).reverse();\n return redactHex(reversed);\n}\n\n/**\n * Compare two PSBTs and throw `PsbtSubstitutionError` unless they encode\n * the same unsigned transaction (version, locktime, inputs, outputs).\n *\n * @throws PsbtSubstitutionError on any mismatch in the unsigned tx\n * @throws Error if either PSBT cannot be parsed\n */\nexport function assertPsbtUnsignedTxMatches(\n params: AssertPsbtUnsignedTxMatchesParams,\n): void {\n const requested = parsePsbt(\"requested\", params.requestedPsbtHex);\n const returned = parsePsbt(\"returned\", params.returnedPsbtHex);\n\n if (requested.version !== returned.version) {\n throw new PsbtSubstitutionError(\n `tx version differs (requested=${requested.version}, returned=${returned.version})`,\n );\n }\n if (requested.locktime !== returned.locktime) {\n throw new PsbtSubstitutionError(\n `tx locktime differs (requested=${requested.locktime}, returned=${returned.locktime})`,\n );\n }\n if (requested.txInputs.length !== returned.txInputs.length) {\n throw new PsbtSubstitutionError(\n `input count differs (requested=${requested.txInputs.length}, returned=${returned.txInputs.length})`,\n );\n }\n if (requested.txOutputs.length !== returned.txOutputs.length) {\n throw new PsbtSubstitutionError(\n `output count differs (requested=${requested.txOutputs.length}, returned=${returned.txOutputs.length})`,\n );\n }\n for (let i = 0; i < requested.txInputs.length; i++) {\n const r = requested.txInputs[i];\n const s = returned.txInputs[i];\n if (!r.hash.equals(s.hash)) {\n throw new PsbtSubstitutionError(\n `input ${i} prevout txid differs (requested=${redactTxid(r.hash)}, returned=${redactTxid(s.hash)})`,\n );\n }\n if (r.index !== s.index) {\n throw new PsbtSubstitutionError(\n `input ${i} prevout vout differs (requested=${r.index}, returned=${s.index})`,\n );\n }\n if (r.sequence !== s.sequence) {\n throw new PsbtSubstitutionError(\n `input ${i} sequence differs (requested=${r.sequence}, returned=${s.sequence})`,\n );\n }\n }\n for (let i = 0; i < requested.txOutputs.length; i++) {\n const r = requested.txOutputs[i];\n const s = returned.txOutputs[i];\n if (!r.script.equals(s.script)) {\n throw new PsbtSubstitutionError(\n `output ${i} scriptPubKey differs (requested=${redactHex(r.script)}, returned=${redactHex(s.script)})`,\n );\n }\n if (r.value !== s.value) {\n throw new PsbtSubstitutionError(\n `output ${i} value differs (requested=${r.value}, returned=${s.value})`,\n );\n }\n }\n}\n"],"names":["AUTH_ANCHOR_HASH_HEX_LEN","HEX_PATTERN","buildPrePeginPsbt","params","authAnchorHash","normalizeAuthAnchorHash","result","createPrePeginTransaction","totalOutputValue","parseUnfundedWasmTransaction","sum","o","authAnchorVout","value","cleaned","buildPeginTxFromFundedPrePegin","buildPeginTxFromPrePegin","createPayoutScript","connector","createPayoutConnector","DEPOSITOR_PAYOUT_INPUT_COUNT","PEGIN_VAULT_OUTPUT_INDEX","ASSERT_PAYOUT_OUTPUT_INDEX","PAYOUT_ANCHOR_DUST_SATS","VP_CLAIMER_PAYOUT_OUTPUT_COUNT","NON_VP_CLAIMER_PAYOUT_OUTPUT_COUNT","MAX_VP_COMMISSION_BPS_EXCLUSIVE","TAPROOT_SINGLE_SIG_WITNESS_STACK_SIZE","MAX_PAYOUT_FEE_FRACTION_NUMERATOR","MAX_PAYOUT_FEE_FRACTION_DENOMINATOR","buildPayoutPsbt","payoutTxHex","stripHexPrefix","peginTxHex","assertTxHex","payoutConnector","payoutScriptBytes","hexToUint8Array","controlBlock","payoutTx","Transaction","peginTx","assertTx","psbt","Psbt","input0","input1","input0Txid","uint8ArrayToHex","peginTxid","input1Txid","assertTxid","peginPrevOut","input1PrevOut","assertPayoutOutputLayout","inputValueSats","outputValueSats","out","implicitFeeSats","maxFeeSats","TAPSCRIPT_LEAF_VERSION","Buffer","tapInternalPubkey","output","args","peginValueSats","claimerBtcPubkey","vaultProviderBtcPubkey","depositorBtcPubkey","vaultKeeperBtcPubkeys","registeredPayoutScriptPubKey","commissionBps","isValidHex","claimer","vp","dep","keepers","k","role","expectedOutCount","expectedOut0ScriptHex","deriveBip86ScriptPubKeyHex","expectedOut0Script","anchorIdx","maxCommissionSats","extractPayoutSignature","signedPsbtHex","depositorPubkey","inputIndex","signedPsbt","input","depositorPubkeyBytes","sigEntry","extractSchnorrSig","witnessStack","parseWitnessStack","sig","witness","items","offset","requireBytes","n","readVarInt","first","val","count","i","len","PsbtSubstitutionError","detail","parsePsbt","label","hex","cause","reason","REDACTED_HEX_PREFIX_LEN","redactHex","buf","redactTxid","internalHash","reversed","assertPsbtUnsignedTxMatches","requested","returned","r","s"],"mappings":"0MAoEMA,EAA2B,GAE3BC,EAAc,iBA2EpB,eAAsBC,EACpBC,EAC6B,CAC7B,MAAMC,EAAiBC,EAAwBF,EAAO,cAAc,EAE9DG,EAAS,MAAMC,4BAA0B,CAC7C,gBAAiBJ,EAAO,gBACxB,oBAAqBA,EAAO,oBAC5B,mBAAoBA,EAAO,mBAC3B,2BAA4BA,EAAO,2BACnC,UAAW,CAAC,GAAGA,EAAO,SAAS,EAC/B,eAAgBA,EAAO,eACvB,aAAc,CAAC,GAAGA,EAAO,YAAY,EACrC,QAASA,EAAO,QAChB,gBAAiBA,EAAO,gBACxB,oBAAqBA,EAAO,oBAC5B,cAAeA,EAAO,cACtB,YAAaA,EAAO,YACpB,QAASA,EAAO,QAChB,eAAAC,CAAA,CACD,EAMKI,EADSC,EAAAA,6BAA6BH,EAAO,KAAK,EACxB,QAAQ,OACtC,CAACI,EAAKC,IAAMD,EAAM,OAAOC,EAAE,KAAK,EAChC,EAAA,EAKIC,EACJR,IAAmB,OAAYE,EAAO,WAAW,OAAS,KAE5D,MAAO,CACL,QAASA,EAAO,MAChB,iBAAAE,EACA,WAAYF,EAAO,WACnB,kBAAmBA,EAAO,kBAC1B,cAAeA,EAAO,cACtB,aAAcA,EAAO,aACrB,oBAAqBA,EAAO,oBAC5B,eAAAM,CAAA,CAEJ,CAMO,SAASP,EACdQ,EACoB,CACpB,GAAIA,IAAU,OAAW,OACzB,MAAMC,EACJD,EAAM,WAAW,IAAI,GAAKA,EAAM,WAAW,IAAI,EAAIA,EAAM,MAAM,CAAC,EAAIA,EACtE,GACEC,EAAQ,SAAWd,GACnB,CAACC,EAAY,KAAKa,CAAO,EAEzB,MAAM,IAAI,MACR,uCAAuCd,CAAwB,qCAAqCc,EAAQ,MAAM,EAAA,EAGtH,OAAOA,EAAQ,YAAA,CACjB,CAYA,eAAsBC,EACpBZ,EACwB,CAMxB,MAAMG,EAAS,MAAMU,EAAAA,yBACnB,CACE,gBAAiBb,EAAO,eAAe,gBACvC,oBAAqBA,EAAO,eAAe,oBAC3C,mBAAoBA,EAAO,eAAe,mBAC1C,2BACEA,EAAO,eAAe,2BACxB,UAAW,CAAC,GAAGA,EAAO,eAAe,SAAS,EAC9C,eAAgBA,EAAO,eAAe,eACtC,aAAc,CAAC,GAAGA,EAAO,eAAe,YAAY,EACpD,QAASA,EAAO,eAAe,QAC/B,gBAAiBA,EAAO,eAAe,gBACvC,oBAAqBA,EAAO,eAAe,oBAC3C,cAAeA,EAAO,eAAe,cACrC,YAAaA,EAAO,eAAe,YACnC,QAASA,EAAO,eAAe,QAC/B,eAAgBE,EACdF,EAAO,eAAe,cAAA,CACxB,EAEFA,EAAO,cACPA,EAAO,oBACPA,EAAO,QAAA,EAGT,MAAO,CACL,MAAOG,EAAO,MACd,KAAMA,EAAO,KACb,kBAAmBA,EAAO,kBAC1B,WAAYA,EAAO,UAAA,CAEvB,CCzHA,eAAsBW,EACpBd,EAC6B,CAE7B,MAAMe,EAAY,MAAMC,EAAAA,sBACtB,CACE,UAAWhB,EAAO,UAClB,cAAeA,EAAO,cACtB,aAAcA,EAAO,aACrB,qBAAsBA,EAAO,qBAC7B,cAAeA,EAAO,aAAA,EAExBA,EAAO,OAAA,EAGT,MAAO,CACL,aAAce,EAAU,aACxB,kBAAmBA,EAAU,kBAC7B,aAAcA,EAAU,aACxB,QAASA,EAAU,QACnB,mBAAoBA,EAAU,kBAAA,CAElC,CCnJO,MAAME,EAA+B,EAG/BC,EAA2B,EAM3BC,EAA6B,EAS7BC,EAA0B,IAG1BC,EAAiC,EAGjCC,EAAqC,EAQrCC,EAAkC,ICJzCC,EAAwC,EAQxCC,EAAoC,GACpCC,EAAsC,IAoH5C,eAAsBC,EACpB3B,EAC2B,CAE3B,MAAM4B,EAAcC,EAAAA,eAAe7B,EAAO,WAAW,EAC/C8B,EAAaD,EAAAA,eAAe7B,EAAO,UAAU,EAC7C+B,EAAcF,EAAAA,eAAe7B,EAAO,WAAW,EAG/CgC,EAAkB,MAAMlB,EAAmB,CAC/C,UAAWd,EAAO,mBAClB,cAAeA,EAAO,uBACtB,aAAcA,EAAO,sBACrB,qBAAsBA,EAAO,8BAC7B,cAAeA,EAAO,cACtB,QAASA,EAAO,OAAA,CACjB,EAEKiC,EAAoBC,EAAAA,gBAAgBF,EAAgB,YAAY,EAChEG,EAAeD,EAAAA,gBAAgBF,EAAgB,kBAAkB,EAGjEI,EAAWC,EAAAA,YAAY,QAAQT,CAAW,EAC1CU,EAAUD,EAAAA,YAAY,QAAQP,CAAU,EACxCS,EAAWF,EAAAA,YAAY,QAAQN,CAAW,EAG1CS,EAAO,IAAIC,OAajB,GAZAD,EAAK,WAAWJ,EAAS,OAAO,EAChCI,EAAK,YAAYJ,EAAS,QAAQ,EAW9BA,EAAS,IAAI,SAAW,EAC1B,MAAM,IAAI,MACR,sDAAsDA,EAAS,IAAI,MAAM,EAAA,EAI7E,MAAMM,EAASN,EAAS,IAAI,CAAC,EACvBO,EAASP,EAAS,IAAI,CAAC,EAMvBQ,EAAaC,EAAAA,gBACjB,IAAI,WAAWH,EAAO,IAAI,EAAE,MAAA,EAAQ,QAAA,CAAQ,EAExCI,EAAYR,EAAQ,MAAA,EAE1B,GAAIM,IAAeE,GAAaJ,EAAO,QAAUxB,EAC/C,MAAM,IAAI,MACR,4BAA4BA,CAAwB,cACtC4B,CAAS,IAAI5B,CAAwB,SAAS0B,CAAU,IAAIF,EAAO,KAAK,EAAA,EAK1F,MAAMK,EAAaF,EAAAA,gBACjB,IAAI,WAAWF,EAAO,IAAI,EAAE,MAAA,EAAQ,QAAA,CAAQ,EAExCK,EAAaT,EAAS,MAAA,EAE5B,GAAIQ,IAAeC,GAAcL,EAAO,QAAUxB,EAChD,MAAM,IAAI,MACR,6BAA6BA,CAA0B,cACzC6B,CAAU,IAAI7B,CAA0B,SAAS4B,CAAU,IAAIJ,EAAO,KAAK,EAAA,EAI7F,MAAMM,EAAeX,EAAQ,KAAKI,EAAO,KAAK,EAC9C,GAAI,CAACO,EACH,MAAM,IAAI,MACR,gDAAgDL,CAAU,YAAYF,EAAO,KAAK,GAAA,EAItF,MAAMQ,EAAgBX,EAAS,KAAKI,EAAO,KAAK,EAChD,GAAI,CAACO,EACH,MAAM,IAAI,MACR,gDAAgDH,CAAU,YAAYJ,EAAO,KAAK,GAAA,EAMtFQ,EAAyB,CACvB,SAAAf,EACA,eAAgBa,EAAa,MAC7B,iBAAkBjD,EAAO,iBACzB,uBAAwBA,EAAO,uBAC/B,mBAAoBA,EAAO,mBAC3B,sBAAuBA,EAAO,sBAC9B,6BAA8BA,EAAO,6BACrC,cAAeA,EAAO,aAAA,CACvB,EAID,MAAMoD,EAAiBH,EAAa,MAAQC,EAAc,MAC1D,IAAIG,EAAkB,EACtB,UAAWC,KAAOlB,EAAS,KAAMiB,GAAmBC,EAAI,MACxD,GAAID,EAAkBD,EACpB,MAAM,IAAI,MACR,mBAAmBC,CAAe,yBAC5BD,CAAc,8BAAA,EAGxB,MAAMG,EAAkBH,EAAiBC,EACnCG,EAAa,KAAK,MACrBJ,EAAiB3B,EAChBC,CAAA,EAEJ,GAAI6B,EAAkBC,EACpB,MAAM,IAAI,MACR,uBAAuBD,CAAe,mCAC9BC,CAAU,UACZ/B,CAAiC,IAAIC,CAAmC,cAC/D0B,CAAc,6BAAA,EAMjCZ,EAAK,SAAS,CACZ,KAAME,EAAO,KACb,MAAOA,EAAO,MACd,SAAUA,EAAO,SACjB,YAAa,CACX,OAAQO,EAAa,OACrB,MAAOA,EAAa,KAAA,EAEtB,cAAe,CACb,CACE,YAAaQ,EAAAA,uBACb,OAAQC,EAAAA,OAAO,KAAKzB,CAAiB,EACrC,aAAcyB,EAAAA,OAAO,KAAKvB,CAAY,CAAA,CACxC,EAEF,eAAgBuB,EAAAA,OAAO,KAAKC,EAAAA,iBAAiB,CAAA,CAE9C,EAKDnB,EAAK,SAAS,CACZ,KAAMG,EAAO,KACb,MAAOA,EAAO,MACd,SAAUA,EAAO,SACjB,YAAa,CACX,OAAQO,EAAc,OACtB,MAAOA,EAAc,KAAA,CACvB,CAED,EAGD,UAAWU,KAAUxB,EAAS,KAC5BI,EAAK,UAAU,CACb,OAAQoB,EAAO,OACf,MAAOA,EAAO,KAAA,CACf,EAGH,MAAO,CACL,QAASpB,EAAK,MAAA,CAAM,CAExB,CAeA,SAASW,EAAyBU,EASzB,CACP,KAAM,CACJ,SAAAzB,EACA,eAAA0B,EACA,iBAAAC,EACA,uBAAAC,EACA,mBAAAC,EACA,sBAAAC,EACA,6BAAAC,EACA,cAAAC,CAAA,EACEP,EAEJ,GAAI,CAACQ,EAAAA,WAAWF,CAA4B,EAC1C,MAAM,IAAI,MAAM,qDAAqD,EAGvE,MAAMG,EAAUzC,EAAAA,eAAekC,CAAgB,EAAE,YAAA,EAC3CQ,EAAK1C,EAAAA,eAAemC,CAAsB,EAAE,YAAA,EAC5CQ,EAAM3C,EAAAA,eAAeoC,CAAkB,EAAE,YAAA,EACzCQ,EAAUP,EAAsB,IAAKQ,GACzC7C,EAAAA,eAAe6C,CAAC,EAAE,YAAA,CAAY,EAIhC,IAAIC,EACAC,EACAC,EAEJ,GAAIP,IAAYC,EACdI,EAAO,aACPC,EAAmBvD,EACnBwD,EAAwBhD,EAAAA,eAAesC,CAA4B,UAC1DG,IAAYE,EACrBG,EAAO,uBACPC,EAAmBtD,EACnBuD,EAAwBhD,EAAAA,eAAesC,CAA4B,UAC1DM,EAAQ,SAASH,CAAO,EACjCK,EAAO,aACPC,EAAmBtD,EACnBuD,EAAwBhD,EAAAA,eAAeiD,6BAA2BR,CAAO,CAAC,MAE1E,OAAM,IAAI,MACR,0BAA0BA,CAAO,mDAAA,EAIrC,GAAIlC,EAAS,KAAK,SAAWwC,EAC3B,MAAM,IAAI,MACR,0BAA0BxC,EAAS,KAAK,MAAM,gCACxBwC,CAAgB,aAAaD,CAAI,GAAA,EAI3D,MAAMI,EAAqBrB,EAAAA,OAAO,KAAKmB,EAAuB,KAAK,EACnE,GAAI,CAACzC,EAAS,KAAK,CAAC,EAAE,OAAO,OAAO2C,CAAkB,EACpD,MAAM,IAAI,MACR,+EAA+EJ,CAAI,EAAA,EAIvF,MAAMK,EAAYJ,EAAmB,EACrC,GAAIxC,EAAS,KAAK4C,CAAS,EAAE,QAAU5D,EACrC,MAAM,IAAI,MACR,2BAA2B4D,CAAS,WAAW5C,EAAS,KAAK4C,CAAS,EAAE,KAAK,oBAC7D5D,CAAuB,OAAA,EAI3C,GAAIuD,IAAS,aAAc,CAKzB,GACE,CAAC,OAAO,UAAUP,CAAa,GAC/BA,EAAgB,GAChBA,GAAiB7C,EAEjB,MAAM,IAAI,MACR,2CACSA,CAA+B,UAAU6C,CAAa,EAAA,EAGnE,MAAMa,EAAoB,KAAK,MAC5BnB,EAAiBM,EAAiB7C,CAAA,EAErC,GAAIa,EAAS,KAAK,CAAC,EAAE,MAAQ6C,EAC3B,MAAM,IAAI,MACR,sCAAsC7C,EAAS,KAAK,CAAC,EAAE,KAAK,qBAC3C6C,CAAiB,UAC5Bb,CAAa,sBAAsBN,CAAc,GAAA,CAG7D,CACF,CAqBO,SAASoB,EACdC,EACAC,EACAC,EAAa,EACL,CACR,MAAMC,EAAa7C,EAAAA,KAAK,QAAQ0C,CAAa,EAE7C,GAAIE,GAAcC,EAAW,KAAK,OAAO,OACvC,MAAM,IAAI,MACR,eAAeD,CAAU,kBAAkBC,EAAW,KAAK,OAAO,MAAM,UAAA,EAI5E,MAAMC,EAAQD,EAAW,KAAK,OAAOD,CAAU,EAG/C,GAAIE,EAAM,cAAgBA,EAAM,aAAa,OAAS,EAAG,CACvD,MAAMC,EAAuBtD,EAAAA,gBAAgBkD,CAAe,EAE5D,UAAWK,KAAYF,EAAM,aAC3B,GAAIE,EAAS,OAAO,OAAO/B,EAAAA,OAAO,KAAK8B,CAAoB,CAAC,EAC1D,OAAOE,EAAkBD,EAAS,UAAWJ,CAAU,EAI3D,MAAM,IAAI,MACR,4CAA4CD,CAAe,aAAaC,CAAU,EAAA,CAEtF,CAQA,GAAIE,EAAM,oBAAsBA,EAAM,mBAAmB,OAAS,EAAG,CACnE,MAAMI,EAAeC,EAAkBL,EAAM,kBAAkB,EAC/D,GAAII,EAAa,SAAWnE,EAC1B,MAAM,IAAI,MACR,oDAAoD6D,CAAU,cAChD7D,CAAqC,iDAC1CmE,EAAa,MAAM,EAAA,EAGhC,OAAOD,EAAkBC,EAAa,CAAC,EAAGN,CAAU,CACtD,CAEA,MAAM,IAAI,MACR,uEAAuEA,CAAU,EAAA,CAErF,CASA,SAASK,EAAkBG,EAAiBR,EAA4B,CACtE,GAAIQ,EAAI,SAAW,GACjB,OAAOhD,kBAAgB,IAAI,WAAWgD,CAAG,CAAC,EAE5C,MAAIA,EAAI,SAAW,GACX,IAAI,MACR,6BAA6BA,EAAI,EAAE,EAAE,SAAS,EAAE,EAAE,SAAS,EAAG,GAAG,CAAC,aAAaR,CAAU,6DAAA,EAIvF,IAAI,MACR,wCAAwCA,CAAU,KAAKQ,EAAI,MAAM,EAAA,CAErE,CAUA,SAASD,EAAkBE,EAA2B,CACpD,MAAMC,EAAkB,CAAA,EACxB,IAAIC,EAAS,EAEb,MAAMC,EAAgBC,GAAoB,CACxC,GAAIF,EAASE,EAAIJ,EAAQ,OACvB,MAAM,IAAI,MACR,gCAAgCI,CAAC,sBAAsBF,CAAM,UAAUF,EAAQ,OAASE,CAAM,YAAA,CAGpG,EAEMG,EAAa,IAAc,CAC/BF,EAAa,CAAC,EACd,MAAMG,EAAQN,EAAQE,GAAQ,EAC9B,GAAII,EAAQ,IAAM,OAAOA,EACzB,GAAIA,IAAU,IAAM,CAClBH,EAAa,CAAC,EACd,MAAMI,GAAOP,EAAQE,CAAM,EAAKF,EAAQE,EAAS,CAAC,GAAK,KAAQ,EAC/D,OAAAA,GAAU,EACHK,CACT,CACA,GAAID,IAAU,IAAM,CAClBH,EAAa,CAAC,EACd,MAAMI,GACHP,EAAQE,CAAM,EACZF,EAAQE,EAAS,CAAC,GAAK,EACvBF,EAAQE,EAAS,CAAC,GAAK,GACvBF,EAAQE,EAAS,CAAC,GAAK,MAC1B,EACF,OAAAA,GAAU,EACHK,CACT,CAIA,MAAM,IAAI,MACR,wEAAwEL,EAAS,CAAC,EAAA,CAEtF,EAEMM,EAAQH,EAAA,EACd,QAASI,EAAI,EAAGA,EAAID,EAAOC,IAAK,CAC9B,MAAMC,EAAML,EAAA,EACZF,EAAaO,CAAG,EAChBT,EAAM,KAAKrC,EAAAA,OAAO,KAAKoC,EAAQ,SAASE,EAAQA,EAASQ,CAAG,CAAC,CAAC,EAC9DR,GAAUQ,CACZ,CAEA,GAAIR,IAAWF,EAAQ,OACrB,MAAM,IAAI,MACR,2BAA2BA,EAAQ,OAASE,CAAM,mCAAmCM,CAAK,UAAA,EAI9F,OAAOP,CACT,CC9lBO,MAAMU,UAA8B,KAAM,CAC/C,YAAYC,EAAgB,CAC1B,MACE,uDAAuDA,CAAM,EAAA,EAE/D,KAAK,KAAO,uBACd,CACF,CASA,SAASC,EAAUC,EAAiCC,EAAmB,CACrE,GAAI,CACF,OAAOpE,EAAAA,KAAK,QAAQoE,CAAG,CACzB,OAASC,EAAO,CACd,MAAMC,EAASD,aAAiB,MAAQA,EAAM,QAAU,OAAOA,CAAK,EACpE,MAAM,IAAI,MAAM,mBAAmBF,CAAK,UAAUG,CAAM,EAAE,CAC5D,CACF,CAOA,MAAMC,GAA0B,EAEhC,SAASC,EAAUC,EAAqB,CACtC,MAAO,GAAGA,EAAI,SAAS,KAAK,EAAE,MAAM,EAAGF,EAAuB,CAAC,GACjE,CAQA,SAASG,EAAWC,EAA8B,CAChD,MAAMC,EAAW3D,EAAAA,OAAO,KAAK0D,CAAY,EAAE,QAAA,EAC3C,OAAOH,EAAUI,CAAQ,CAC3B,CASO,SAASC,GACdtH,EACM,CACN,MAAMuH,EAAYZ,EAAU,YAAa3G,EAAO,gBAAgB,EAC1DwH,EAAWb,EAAU,WAAY3G,EAAO,eAAe,EAE7D,GAAIuH,EAAU,UAAYC,EAAS,QACjC,MAAM,IAAIf,EACR,iCAAiCc,EAAU,OAAO,cAAcC,EAAS,OAAO,GAAA,EAGpF,GAAID,EAAU,WAAaC,EAAS,SAClC,MAAM,IAAIf,EACR,kCAAkCc,EAAU,QAAQ,cAAcC,EAAS,QAAQ,GAAA,EAGvF,GAAID,EAAU,SAAS,SAAWC,EAAS,SAAS,OAClD,MAAM,IAAIf,EACR,kCAAkCc,EAAU,SAAS,MAAM,cAAcC,EAAS,SAAS,MAAM,GAAA,EAGrG,GAAID,EAAU,UAAU,SAAWC,EAAS,UAAU,OACpD,MAAM,IAAIf,EACR,mCAAmCc,EAAU,UAAU,MAAM,cAAcC,EAAS,UAAU,MAAM,GAAA,EAGxG,QAASjB,EAAI,EAAGA,EAAIgB,EAAU,SAAS,OAAQhB,IAAK,CAClD,MAAMkB,EAAIF,EAAU,SAAShB,CAAC,EACxBmB,EAAIF,EAAS,SAASjB,CAAC,EAC7B,GAAI,CAACkB,EAAE,KAAK,OAAOC,EAAE,IAAI,EACvB,MAAM,IAAIjB,EACR,SAASF,CAAC,oCAAoCY,EAAWM,EAAE,IAAI,CAAC,cAAcN,EAAWO,EAAE,IAAI,CAAC,GAAA,EAGpG,GAAID,EAAE,QAAUC,EAAE,MAChB,MAAM,IAAIjB,EACR,SAASF,CAAC,oCAAoCkB,EAAE,KAAK,cAAcC,EAAE,KAAK,GAAA,EAG9E,GAAID,EAAE,WAAaC,EAAE,SACnB,MAAM,IAAIjB,EACR,SAASF,CAAC,gCAAgCkB,EAAE,QAAQ,cAAcC,EAAE,QAAQ,GAAA,CAGlF,CACA,QAASnB,EAAI,EAAGA,EAAIgB,EAAU,UAAU,OAAQhB,IAAK,CACnD,MAAMkB,EAAIF,EAAU,UAAUhB,CAAC,EACzBmB,EAAIF,EAAS,UAAUjB,CAAC,EAC9B,GAAI,CAACkB,EAAE,OAAO,OAAOC,EAAE,MAAM,EAC3B,MAAM,IAAIjB,EACR,UAAUF,CAAC,oCAAoCU,EAAUQ,EAAE,MAAM,CAAC,cAAcR,EAAUS,EAAE,MAAM,CAAC,GAAA,EAGvG,GAAID,EAAE,QAAUC,EAAE,MAChB,MAAM,IAAIjB,EACR,UAAUF,CAAC,6BAA6BkB,EAAE,KAAK,cAAcC,EAAE,KAAK,GAAA,CAG1E,CACF"}
1
+ {"version":3,"file":"assertPsbtUnsignedTxMatches-r1svclbd.cjs","sources":["../src/tbv/core/primitives/psbt/pegin.ts","../src/tbv/core/primitives/scripts/payout.ts","../src/tbv/core/primitives/psbt/constants.ts","../src/tbv/core/primitives/psbt/payout.ts","../src/tbv/core/primitives/psbt/assertPsbtUnsignedTxMatches.ts"],"sourcesContent":["/**\n * Pre-PegIn PSBT Builder Primitive\n *\n * This module provides pure functions for building unfunded Pre-PegIn transactions\n * and deriving PegIn transactions from them, using the WASM implementation from\n * @babylonlabs-io/babylon-tbv-rust-wasm.\n *\n * Pre-PegIn Flow:\n * 1. buildPrePeginPsbt() — creates unfunded Pre-PegIn tx (HTLC output)\n * 2. [caller funds Pre-PegIn tx and computes txid]\n * 3. buildPeginTxFromFundedPrePegin() — derives PegIn tx spending the HTLC\n * 4. buildPeginInputPsbt() — PSBT for depositor to sign PegIn HTLC leaf 0 input\n *\n * @module primitives/psbt/pegin\n */\n\nimport {\n buildPeginTxFromPrePegin,\n createPrePeginTransaction,\n type Network,\n} from \"@babylonlabs-io/babylon-tbv-rust-wasm\";\n\nimport { parseUnfundedWasmTransaction } from \"../../utils/transaction/fundPeginTransaction\";\n\n/**\n * Parameters for building an unfunded Pre-PegIn PSBT\n */\nexport interface PrePeginParams {\n /** Depositor's BTC public key (x-only, 64-char hex without 0x prefix) */\n depositorPubkey: string;\n /** Vault provider's BTC public key (x-only, 64-char hex) */\n vaultProviderPubkey: string;\n /** Array of vault keeper BTC public keys (x-only, 64-char hex) */\n vaultKeeperPubkeys: string[];\n /** Array of universal challenger BTC public keys (x-only, 64-char hex) */\n universalChallengerPubkeys: string[];\n /** SHA256 hash commitment(s) (64 hex chars = 32 bytes each) */\n hashlocks: readonly string[];\n /** CSV timelock in blocks for the HTLC refund path */\n timelockRefund: number;\n /** Amounts to peg in (satoshis), one per deposit */\n pegInAmounts: readonly bigint[];\n /** TX-graph fee rate in sat/vB from contract offchain params; sizes the depositor claim value */\n feeRate: bigint;\n /** Minimum PegIn fee rate in sat/vB from contract offchain params; sizes the PegIn tx fee */\n minPeginFeeRate: bigint;\n /** Number of local challengers (from contract params) */\n numLocalChallengers: number;\n /** M in M-of-N council multisig (from contract params) */\n councilQuorum: number;\n /** N in M-of-N council multisig (from contract params) */\n councilSize: number;\n /** Bitcoin network */\n network: Network;\n /**\n * Optional 32-byte `SHA256(auth_anchor)` commitment (64-char hex, no\n * `0x` prefix). If provided, the Pre-PegIn tx will include an\n * `OP_RETURN <PUSH32 authAnchorHash>` output at vout =\n * `hashlocks.length`, binding the depositor's bearer-token\n * `auth_anchor` preimage to this Pre-PegIn.\n */\n authAnchorHash?: string;\n}\n\n/**\n * Byte length of an `auth_anchor_hash` commitment when encoded as a\n * lowercase hex string (32 bytes → 64 hex chars).\n */\nconst AUTH_ANCHOR_HASH_HEX_LEN = 64;\n\nconst HEX_PATTERN = /^[0-9a-fA-F]+$/;\n\n/**\n * Result of building an unfunded Pre-PegIn transaction\n */\nexport interface PrePeginPsbtResult {\n /**\n * Unfunded transaction hex (no inputs, HTLC outputs + optional\n * auth-anchor OP_RETURN + CPFP anchor).\n *\n * The caller is responsible for:\n * - Selecting UTXOs covering totalOutputValue + network fees\n * - Funding the transaction (add inputs and change output)\n * - Calling buildPeginTxFromFundedPrePegin() with the funded tx hex\n */\n psbtHex: string;\n /** Sum of all unfunded outputs — use this for UTXO selection */\n totalOutputValue: bigint;\n /** HTLC output values in satoshis, one per deposit (each includes peginAmount + depositorClaimValue + minPeginFee) */\n htlcValues: readonly bigint[];\n /** HTLC output scriptPubKeys (hex encoded), one per deposit */\n htlcScriptPubKeys: readonly string[];\n /** HTLC Taproot addresses, one per deposit */\n htlcAddresses: readonly string[];\n /** Pegin amounts in satoshis, one per deposit */\n peginAmounts: readonly bigint[];\n /** Depositor claim value computed by WASM from contract parameters */\n depositorClaimValue: bigint;\n /**\n * Vout index of the auth-anchor `OP_RETURN` output if one was\n * included (i.e. `authAnchorHash` was provided), or `null` if not.\n * Always equals `htlcValues.length` when present.\n */\n authAnchorVout: number | null;\n}\n\n/**\n * Parameters for building the PegIn transaction from a funded Pre-PegIn tx\n */\nexport interface BuildPeginTxParams {\n /** Same PrePeginParams used to create the Pre-PegIn transaction */\n prePeginParams: PrePeginParams;\n /** CSV timelock in blocks for the PegIn vault output */\n timelockPegin: number;\n /** Hex-encoded funded Pre-PegIn transaction */\n fundedPrePeginTxHex: string;\n /** Index of the HTLC output to spend */\n htlcVout: number;\n}\n\n/**\n * Result of building the PegIn transaction\n */\nexport interface PeginTxResult {\n /** PegIn transaction hex (1 input spending HTLC, 1 vault output) */\n txHex: string;\n /** PegIn transaction ID */\n txid: string;\n /** Vault output scriptPubKey (hex encoded) */\n vaultScriptPubKey: string;\n /** Vault output value in satoshis */\n vaultValue: bigint;\n}\n\n/**\n * Build unfunded Pre-PegIn transaction using WASM.\n *\n * Creates a Bitcoin transaction template with no inputs, an HTLC output, and a\n * CPFP anchor output. The HTLC value is computed internally from the contract\n * parameters — the caller does not need to compute depositorClaimValue separately.\n *\n * @param params - Pre-PegIn parameters\n * @returns Unfunded Pre-PegIn transaction details with HTLC output information\n * @throws If WASM initialization fails or parameters are invalid\n */\nexport async function buildPrePeginPsbt(\n params: PrePeginParams,\n): Promise<PrePeginPsbtResult> {\n const authAnchorHash = normalizeAuthAnchorHash(params.authAnchorHash);\n\n const result = await createPrePeginTransaction({\n depositorPubkey: params.depositorPubkey,\n vaultProviderPubkey: params.vaultProviderPubkey,\n vaultKeeperPubkeys: params.vaultKeeperPubkeys,\n universalChallengerPubkeys: params.universalChallengerPubkeys,\n hashlocks: [...params.hashlocks],\n timelockRefund: params.timelockRefund,\n pegInAmounts: [...params.pegInAmounts],\n feeRate: params.feeRate,\n minPeginFeeRate: params.minPeginFeeRate,\n numLocalChallengers: params.numLocalChallengers,\n councilQuorum: params.councilQuorum,\n councilSize: params.councilSize,\n network: params.network,\n authAnchorHash,\n });\n\n // Parse the unfunded tx to sum all output values\n // (HTLCs + optional OP_RETURN + CPFP anchor). This is the amount\n // UTXOs must cover before adding network fees.\n const parsed = parseUnfundedWasmTransaction(result.txHex);\n const totalOutputValue = parsed.outputs.reduce(\n (sum, o) => sum + BigInt(o.value),\n 0n,\n );\n\n // The WASM places the OP_RETURN commitment immediately after the\n // HTLC outputs when authAnchorHash is provided.\n const authAnchorVout =\n authAnchorHash !== undefined ? result.htlcValues.length : null;\n\n return {\n psbtHex: result.txHex,\n totalOutputValue,\n htlcValues: result.htlcValues,\n htlcScriptPubKeys: result.htlcScriptPubKeys,\n htlcAddresses: result.htlcAddresses,\n peginAmounts: result.peginAmounts,\n depositorClaimValue: result.depositorClaimValue,\n authAnchorVout,\n };\n}\n\n/**\n * Validate and normalize an `authAnchorHash` hex string before passing\n * it to the WASM boundary. WASM expects exactly 64 lowercase hex chars.\n */\nexport function normalizeAuthAnchorHash(\n value: string | undefined,\n): string | undefined {\n if (value === undefined) return undefined;\n const cleaned =\n value.startsWith(\"0x\") || value.startsWith(\"0X\") ? value.slice(2) : value;\n if (\n cleaned.length !== AUTH_ANCHOR_HASH_HEX_LEN ||\n !HEX_PATTERN.test(cleaned)\n ) {\n throw new Error(\n `authAnchorHash must be 32-byte hex (${AUTH_ANCHOR_HASH_HEX_LEN} chars, no 0x prefix); got length ${cleaned.length}`,\n );\n }\n return cleaned.toLowerCase();\n}\n\n/**\n * Build the PegIn transaction from a funded Pre-PegIn transaction.\n *\n * The PegIn transaction spends the Pre-PegIn HTLC output at htlcVout via the\n * hashlock + all-party script (leaf 0).\n *\n * @param params - Build parameters including Pre-PegIn params and funded tx hex\n * @returns PegIn transaction details\n * @throws If WASM initialization fails or parameters are invalid\n */\nexport async function buildPeginTxFromFundedPrePegin(\n params: BuildPeginTxParams,\n): Promise<PeginTxResult> {\n // WASM reconstructs the Pre-PegIn template from these params to\n // decode the funded tx. Must pass `authAnchorHash` (normalized\n // identically to buildPrePeginPsbt) so the reconstruction matches\n // the original outputs, including the OP_RETURN at vout =\n // hashlocks.length.\n const result = await buildPeginTxFromPrePegin(\n {\n depositorPubkey: params.prePeginParams.depositorPubkey,\n vaultProviderPubkey: params.prePeginParams.vaultProviderPubkey,\n vaultKeeperPubkeys: params.prePeginParams.vaultKeeperPubkeys,\n universalChallengerPubkeys:\n params.prePeginParams.universalChallengerPubkeys,\n hashlocks: [...params.prePeginParams.hashlocks],\n timelockRefund: params.prePeginParams.timelockRefund,\n pegInAmounts: [...params.prePeginParams.pegInAmounts],\n feeRate: params.prePeginParams.feeRate,\n minPeginFeeRate: params.prePeginParams.minPeginFeeRate,\n numLocalChallengers: params.prePeginParams.numLocalChallengers,\n councilQuorum: params.prePeginParams.councilQuorum,\n councilSize: params.prePeginParams.councilSize,\n network: params.prePeginParams.network,\n authAnchorHash: normalizeAuthAnchorHash(\n params.prePeginParams.authAnchorHash,\n ),\n },\n params.timelockPegin,\n params.fundedPrePeginTxHex,\n params.htlcVout,\n );\n\n return {\n txHex: result.txHex,\n txid: result.txid,\n vaultScriptPubKey: result.vaultScriptPubKey,\n vaultValue: result.vaultValue,\n };\n}\n","/**\n * Payout Script Generator Primitive\n *\n * This module provides pure functions for generating payout scripts and taproot information\n * by wrapping the WASM implementation from @babylonlabs-io/babylon-tbv-rust-wasm.\n *\n * The payout script is used for signing payout transactions in the vault system.\n * It defines the spending conditions for the vault output, enabling the depositor\n * to authorize payouts during the peg-in flow (Step 3).\n *\n * @remarks\n * This is a low-level primitive. For most use cases, prefer using {@link buildPayoutPsbt}\n * which handles script creation internally. For high-level wallet orchestration, use\n * PayoutManager from the managers module.\n *\n * @see {@link buildPayoutPsbt} - Higher-level function that uses this internally\n *\n * @module primitives/scripts/payout\n */\n\nimport {\n createPayoutConnector,\n type Network,\n} from \"@babylonlabs-io/babylon-tbv-rust-wasm\";\n\n/**\n * Parameters for creating a payout script.\n *\n * These parameters define the participants in a vault and are used to generate\n * the taproot script that controls how funds can be spent from the vault.\n */\nexport interface PayoutScriptParams {\n /**\n * Depositor's BTC public key (x-only, 64-char hex without 0x prefix).\n *\n * This is the user depositing BTC into the vault. The depositor must sign\n * payout transactions to authorize fund distribution.\n */\n depositor: string;\n\n /**\n * Vault provider's BTC public key (x-only, 64-char hex without 0x prefix).\n *\n * The service provider managing vault operations. Also referred to as\n * \"claimer\" in the WASM layer.\n */\n vaultProvider: string;\n\n /**\n * Array of vault keeper BTC public keys (x-only, 64-char hex without 0x prefix).\n *\n * Vault keepers participate in vault operations and script spending conditions.\n */\n vaultKeepers: string[];\n\n /**\n * Array of universal challenger BTC public keys (x-only, 64-char hex without 0x prefix).\n *\n * These parties can challenge the vault under certain conditions.\n */\n universalChallengers: string[];\n\n /**\n * CSV timelock in blocks for the PegIn output.\n */\n timelockPegin: number;\n\n /**\n * Bitcoin network for script generation.\n *\n * Must match the network used for all other vault operations to ensure\n * address encoding compatibility.\n */\n network: Network;\n}\n\n/**\n * Result of creating a payout script.\n *\n * Contains all the taproot-related data needed for constructing and signing\n * payout transactions from the vault.\n */\nexport interface PayoutScriptResult {\n /**\n * The payout script hex used in taproot script path spending.\n *\n * This is the raw script bytes that define the spending conditions,\n * encoded as a hexadecimal string. Used when constructing the\n * tapLeafScript for PSBT signing.\n */\n payoutScript: string;\n\n /**\n * The taproot script hash (leaf hash) for the payout script.\n *\n * This is the tagged hash of the script used in taproot tree construction.\n * Required for computing the control block during script path spending.\n */\n taprootScriptHash: string;\n\n /**\n * The full scriptPubKey for the vault output address.\n *\n * This is the complete output script (OP_1 <32-byte-key>) that should be\n * used when creating the vault output in a peg-in transaction.\n */\n scriptPubKey: string;\n\n /**\n * The vault Bitcoin address derived from the script.\n *\n * A human-readable bech32m address (bc1p... for mainnet, tb1p... for testnet/signet)\n * that can be used to receive funds into the vault.\n */\n address: string;\n\n /**\n * Serialized control block for Taproot script path spend (hex encoded).\n *\n * Computed by the Rust WASM PeginPayoutConnector. Used directly in\n * tapLeafScript when building payout PSBTs.\n */\n payoutControlBlock: string;\n}\n\n/**\n * Create payout script and taproot information using WASM.\n *\n * This is a pure function that wraps the Rust WASM implementation.\n * The payout connector generates the necessary taproot scripts and information\n * required for signing payout transactions.\n *\n * @remarks\n * The generated script encodes spending conditions that require signatures from\n * the depositor and vault provider (or liquidators in challenge scenarios).\n * This script is used internally by {@link buildPayoutPsbt}.\n *\n * @param params - Payout script parameters defining vault participants and network\n * @returns Payout script and taproot information for PSBT construction\n *\n * @see {@link buildPayoutPsbt} - Use this for building complete payout PSBTs\n */\nexport async function createPayoutScript(\n params: PayoutScriptParams,\n): Promise<PayoutScriptResult> {\n // Call the WASM wrapper with the correct parameter structure\n const connector = await createPayoutConnector(\n {\n depositor: params.depositor,\n vaultProvider: params.vaultProvider,\n vaultKeepers: params.vaultKeepers,\n universalChallengers: params.universalChallengers,\n timelockPegin: params.timelockPegin,\n },\n params.network,\n );\n\n return {\n payoutScript: connector.payoutScript,\n taprootScriptHash: connector.taprootScriptHash,\n scriptPubKey: connector.scriptPubKey,\n address: connector.address,\n payoutControlBlock: connector.payoutControlBlock,\n };\n}\n","/**\n * Protocol invariants for depositor graph transactions.\n *\n * These indices and counts encode the on-chain vault protocol layout\n * (which output of PegIn/Assert each child transaction spends, and how\n * many inputs each transaction has). Consumed by the PSBT builders and\n * the depositor graph signing service; a drift between copies of these\n * values would silently change validation behaviour.\n *\n * @module primitives/psbt/constants\n * @see btc-vault crates/vault/docs/btc-transactions-spec.md\n */\n\n/**\n * Depositor Payout transaction input count.\n * Input 0: PegIn:0 (signed). Input 1: Assert:0 (in sighash, not signed).\n */\nexport const DEPOSITOR_PAYOUT_INPUT_COUNT = 2;\n\n/** PegIn vault output index spent by the depositor's Payout input 0. */\nexport const PEGIN_VAULT_OUTPUT_INDEX = 0;\n\n/** Assert output index spent by the depositor's Payout input 1 (NOT signed). */\nexport const ASSERT_PAYOUT_OUTPUT_INDEX = 0;\n\n/**\n * Dust amount (sats) for the payout CPFP anchor output. Matches `DUST_AMOUNT`\n * in `btc-vault crates/vault/src/lib.rs`.\n */\nexport const PAYOUT_ANCHOR_DUST_SATS = 546;\n\n/** VP-claimer payout output count: [depositor payout, VP commission, CPFP anchor]. */\nexport const VP_CLAIMER_PAYOUT_OUTPUT_COUNT = 3;\n\n/** Depositor/VK-claimer payout output count: [claimer payout, CPFP anchor]. */\nexport const NON_VP_CLAIMER_PAYOUT_OUTPUT_COUNT = 2;\n\n/**\n * Exclusive upper bound on VP commission (bps), and the bps denominator for\n * `floor(peginValue * bps / 10_000)`. Matches `BTCVaultRegistry._validateCommission`\n * (`commissionBps >= 10000` reverts). The minimum is version-locked\n * (`minVpCommissionBps`) and enforced upstream, not here.\n */\nexport const MAX_VP_COMMISSION_BPS_EXCLUSIVE = 10_000;\n","/**\n * Payout PSBT Builder Primitives\n *\n * This module provides pure functions for building unsigned payout PSBTs and extracting\n * Schnorr signatures from signed PSBTs. It uses WASM-generated scripts from the payout\n * connector and bitcoinjs-lib for PSBT construction.\n *\n * The Payout transaction references the Assert transaction (input 1).\n *\n * @module primitives/psbt/payout\n */\n\nimport {\n type Network,\n tapInternalPubkey,\n} from \"@babylonlabs-io/babylon-tbv-rust-wasm\";\nimport { Buffer } from \"buffer\";\nimport { Psbt, Transaction } from \"bitcoinjs-lib\";\nimport { createPayoutScript } from \"../scripts/payout\";\nimport {\n TAPSCRIPT_LEAF_VERSION,\n deriveBip86ScriptPubKeyHex,\n hexToUint8Array,\n isValidHex,\n stripHexPrefix,\n uint8ArrayToHex,\n} from \"../utils/bitcoin\";\nimport {\n ASSERT_PAYOUT_OUTPUT_INDEX,\n MAX_VP_COMMISSION_BPS_EXCLUSIVE,\n NON_VP_CLAIMER_PAYOUT_OUTPUT_COUNT,\n PAYOUT_ANCHOR_DUST_SATS,\n PEGIN_VAULT_OUTPUT_INDEX,\n VP_CLAIMER_PAYOUT_OUTPUT_COUNT,\n} from \"./constants\";\n\n/**\n * Number of items in a Taproot script-path spend witness stack for a\n * single-signature script: [signature, script, controlBlock].\n *\n * The current payout script requires exactly one depositor signature. If the\n * protocol evolves to require multiple signatures in the payout script, this\n * invariant and the finalized-PSBT extraction path must be revisited because\n * the first witness item would no longer necessarily be the depositor's.\n */\nconst TAPROOT_SINGLE_SIG_WITNESS_STACK_SIZE = 3;\n\n/**\n * Coarse cap on a payout tx's implicit fee (inputs − outputs), as a fraction\n * of input value — blocks a VP deflating outputs and burning the remainder\n * as miner fee. A backstop only; the per-role structural checks in\n * {@link assertPayoutOutputLayout} are the primary value-diversion guard.\n */\nconst MAX_PAYOUT_FEE_FRACTION_NUMERATOR = 10;\nconst MAX_PAYOUT_FEE_FRACTION_DENOMINATOR = 100;\n\n/**\n * Parameters for building an unsigned Payout PSBT\n *\n * Payout is used in the challenge path after Assert, when the claimer proves validity.\n * Input 1 references the Assert transaction.\n */\nexport interface PayoutParams {\n /**\n * Payout transaction hex (unsigned)\n * This is the transaction that needs to be signed by the depositor\n */\n payoutTxHex: string;\n\n /**\n * Assert transaction hex\n * Payout input 1 references Assert output 0\n */\n assertTxHex: string;\n\n /**\n * Peg-in transaction hex\n * This transaction created the vault output that we're spending\n */\n peginTxHex: string;\n\n /**\n * Depositor's BTC public key (x-only, 64-char hex without 0x prefix)\n */\n depositorBtcPubkey: string;\n\n /**\n * Vault provider's BTC public key (x-only, 64-char hex)\n */\n vaultProviderBtcPubkey: string;\n\n /**\n * Vault keeper BTC public keys (x-only, 64-char hex)\n */\n vaultKeeperBtcPubkeys: string[];\n\n /**\n * Universal challenger BTC public keys (x-only, 64-char hex)\n */\n universalChallengerBtcPubkeys: string[];\n\n /**\n * CSV timelock in blocks for the PegIn output.\n */\n timelockPegin: number;\n\n /**\n * Bitcoin network\n */\n network: Network;\n\n /**\n * Claimer's x-only BTC public key (64-char hex, no prefix). Drives role\n * inference (VP / depositor-as-claimer / VK-claimer) inside `buildPayoutPsbt`.\n */\n claimerBtcPubkey: string;\n\n /**\n * On-chain registered depositor payout scriptPubKey (hex, 0x optional).\n * Expected outs[0].script for VP- and depositor-claimer roles; unused for\n * VK-claimer (its outs[0].script is derived from `claimerBtcPubkey`).\n */\n registeredPayoutScriptPubKey: string;\n\n /**\n * VP commission in basis points (`BTCVaultRegistry.vaultProviderCommissionBps`).\n * Caps the VP-claimer outs[1].value. The protocol minimum is enforced\n * upstream; here only `0 <= bps < 10_000` is checked, for safe cap math.\n */\n commissionBps: number;\n}\n\n/**\n * Result of building an unsigned payout PSBT\n */\nexport interface PayoutPsbtResult {\n /**\n * Unsigned PSBT hex ready for signing\n */\n psbtHex: string;\n}\n\n/**\n * Build unsigned Payout PSBT for depositor to sign.\n *\n * Payout is used in the **challenge path** when the claimer proves validity:\n * 1. Vault provider submits Claim transaction\n * 2. Challenge is raised during challenge period\n * 3. Claimer submits Assert transaction to prove validity\n * 4. Payout can be executed (references Assert tx)\n *\n * Payout transactions have the following structure:\n * - Input 0: from PeginTx output0 (signed by depositor)\n * - Input 1: from Assert output0 (NOT signed by depositor)\n *\n * @param params - Payout parameters\n * @returns Unsigned PSBT ready for depositor to sign\n *\n * @throws If payout transaction does not have exactly 2 inputs\n * @throws If input 0 does not spend PegIn:0 (vault UTXO)\n * @throws If input 1 does not spend Assert:0 (proof output)\n * @throws If previous output is not found for either input\n * @throws If sum of output values exceeds sum of input values (invalid tx)\n * @throws If implicit fee (inputs − outputs) exceeds the configured fraction\n * of total input value — see {@link MAX_PAYOUT_FEE_FRACTION_NUMERATOR}\n * @throws If `claimerBtcPubkey` is not VP, depositor, or a registered VK\n * @throws If payout output count, outs[0] script, outs[last] anchor value, or\n * (VP-claimer) outs[1] commission cap do not match the protocol layout\n * @throws If `commissionBps` is not a non-negative integer below 10_000\n */\nexport async function buildPayoutPsbt(\n params: PayoutParams,\n): Promise<PayoutPsbtResult> {\n // Normalize hex inputs (strip 0x prefix if present)\n const payoutTxHex = stripHexPrefix(params.payoutTxHex);\n const peginTxHex = stripHexPrefix(params.peginTxHex);\n const assertTxHex = stripHexPrefix(params.assertTxHex);\n\n // Get payout script from WASM\n const payoutConnector = await createPayoutScript({\n depositor: params.depositorBtcPubkey,\n vaultProvider: params.vaultProviderBtcPubkey,\n vaultKeepers: params.vaultKeeperBtcPubkeys,\n universalChallengers: params.universalChallengerBtcPubkeys,\n timelockPegin: params.timelockPegin,\n network: params.network,\n });\n\n const payoutScriptBytes = hexToUint8Array(payoutConnector.payoutScript);\n const controlBlock = hexToUint8Array(payoutConnector.payoutControlBlock);\n\n // Parse transactions\n const payoutTx = Transaction.fromHex(payoutTxHex);\n const peginTx = Transaction.fromHex(peginTxHex);\n const assertTx = Transaction.fromHex(assertTxHex);\n\n // Create PSBT\n const psbt = new Psbt();\n psbt.setVersion(payoutTx.version);\n psbt.setLocktime(payoutTx.locktime);\n\n // PayoutTx has exactly 2 inputs:\n // - Input 0: from PeginTx output0 (signed by depositor using taproot script path)\n // - Input 1: from Assert output0 (signed by claimer/challengers, not depositor)\n //\n // IMPORTANT: For Taproot SIGHASH_DEFAULT (0x00), the sighash commits to ALL inputs'\n // prevouts, not just the one being signed. Therefore, we must include BOTH inputs\n // in the PSBT so the wallet computes the correct sighash that the VP expects.\n\n // Verify payout transaction has expected structure\n if (payoutTx.ins.length !== 2) {\n throw new Error(\n `Payout transaction must have exactly 2 inputs, got ${payoutTx.ins.length}`,\n );\n }\n\n const input0 = payoutTx.ins[0];\n const input1 = payoutTx.ins[1];\n\n // Verify input 0 spends PegIn:0 (the vault UTXO).\n // Both txid AND vout must match the protocol contract — the vout is the\n // input-side anchor that prevents a malicious VP from binding the\n // depositor's signature to a different output of the same parent.\n const input0Txid = uint8ArrayToHex(\n new Uint8Array(input0.hash).slice().reverse(),\n );\n const peginTxid = peginTx.getId();\n\n if (input0Txid !== peginTxid || input0.index !== PEGIN_VAULT_OUTPUT_INDEX) {\n throw new Error(\n `Input 0 must spend PegIn:${PEGIN_VAULT_OUTPUT_INDEX}. ` +\n `Expected ${peginTxid}:${PEGIN_VAULT_OUTPUT_INDEX}, got ${input0Txid}:${input0.index}`,\n );\n }\n\n // Verify input 1 spends Assert:0 (the proof output).\n const input1Txid = uint8ArrayToHex(\n new Uint8Array(input1.hash).slice().reverse(),\n );\n const assertTxid = assertTx.getId();\n\n if (input1Txid !== assertTxid || input1.index !== ASSERT_PAYOUT_OUTPUT_INDEX) {\n throw new Error(\n `Input 1 must spend Assert:${ASSERT_PAYOUT_OUTPUT_INDEX}. ` +\n `Expected ${assertTxid}:${ASSERT_PAYOUT_OUTPUT_INDEX}, got ${input1Txid}:${input1.index}`,\n );\n }\n\n const peginPrevOut = peginTx.outs[input0.index];\n if (!peginPrevOut) {\n throw new Error(\n `Previous output not found for input 0 (txid: ${input0Txid}, index: ${input0.index})`,\n );\n }\n\n const input1PrevOut = assertTx.outs[input1.index];\n if (!input1PrevOut) {\n throw new Error(\n `Previous output not found for input 1 (txid: ${input1Txid}, index: ${input1.index})`,\n );\n }\n\n // Per-role output validation — blocks an extra attacker output or value\n // routed into a non-payout slot.\n assertPayoutOutputLayout({\n payoutTx,\n peginValueSats: peginPrevOut.value,\n claimerBtcPubkey: params.claimerBtcPubkey,\n vaultProviderBtcPubkey: params.vaultProviderBtcPubkey,\n depositorBtcPubkey: params.depositorBtcPubkey,\n vaultKeeperBtcPubkeys: params.vaultKeeperBtcPubkeys,\n registeredPayoutScriptPubKey: params.registeredPayoutScriptPubKey,\n commissionBps: params.commissionBps,\n });\n\n // Bound the implicit fee — blocks a VP deflating output values and burning\n // the difference as miner fee.\n const inputValueSats = peginPrevOut.value + input1PrevOut.value;\n let outputValueSats = 0;\n for (const out of payoutTx.outs) outputValueSats += out.value;\n if (outputValueSats > inputValueSats) {\n throw new Error(\n `Payout outputs (${outputValueSats} sats) exceed inputs ` +\n `(${inputValueSats} sats); invalid transaction.`,\n );\n }\n const implicitFeeSats = inputValueSats - outputValueSats;\n const maxFeeSats = Math.floor(\n (inputValueSats * MAX_PAYOUT_FEE_FRACTION_NUMERATOR) /\n MAX_PAYOUT_FEE_FRACTION_DENOMINATOR,\n );\n if (implicitFeeSats > maxFeeSats) {\n throw new Error(\n `Payout implicit fee ${implicitFeeSats} sats exceeds the safety cap ` +\n `of ${maxFeeSats} sats ` +\n `(${MAX_PAYOUT_FEE_FRACTION_NUMERATOR}/${MAX_PAYOUT_FEE_FRACTION_DENOMINATOR} ` +\n `of inputs=${inputValueSats}); refusing to sign payout.`,\n );\n }\n\n // Input 0: Depositor signs using Taproot script path spend\n // This input includes tapLeafScript for signing\n psbt.addInput({\n hash: input0.hash,\n index: input0.index,\n sequence: input0.sequence,\n witnessUtxo: {\n script: peginPrevOut.script,\n value: peginPrevOut.value,\n },\n tapLeafScript: [\n {\n leafVersion: TAPSCRIPT_LEAF_VERSION,\n script: Buffer.from(payoutScriptBytes),\n controlBlock: Buffer.from(controlBlock),\n },\n ],\n tapInternalKey: Buffer.from(tapInternalPubkey),\n // sighashType omitted - defaults to SIGHASH_DEFAULT (0x00) for Taproot\n });\n\n // Input 1: From Assert transaction (NOT signed by depositor)\n // We include this with witnessUtxo so the sighash is computed correctly,\n // but we do NOT include tapLeafScript since the depositor doesn't sign it.\n psbt.addInput({\n hash: input1.hash,\n index: input1.index,\n sequence: input1.sequence,\n witnessUtxo: {\n script: input1PrevOut.script,\n value: input1PrevOut.value,\n },\n // No tapLeafScript - depositor doesn't sign this input\n });\n\n // Add outputs\n for (const output of payoutTx.outs) {\n psbt.addOutput({\n script: output.script,\n value: output.value,\n });\n }\n\n return {\n psbtHex: psbt.toHex(),\n };\n}\n\n/**\n * Validate a payout transaction's output structure for the claimer's role,\n * keyed on `claimerBtcPubkey`. Pins per role: `outs.length`, `outs[0].script`,\n * `outs[last].value` (anchor dust), and (VP-claimer) `outs[1].value` capped at\n * `floor(peginValue × commissionBps / 10_000)`. Canonical layouts: VP-claimer\n * = [payout, commission, anchor]; depositor/VK-claimer = [payout, anchor].\n *\n * `outs[1].script` and `outs[last].script` are intentionally not pinned: the\n * value pins above bound depositor exposure regardless of where those outputs\n * are sent, so the value pins — not script pins — are load-bearing.\n *\n * @internal Helper invoked by {@link buildPayoutPsbt}.\n */\nfunction assertPayoutOutputLayout(args: {\n payoutTx: Transaction;\n peginValueSats: number;\n claimerBtcPubkey: string;\n vaultProviderBtcPubkey: string;\n depositorBtcPubkey: string;\n vaultKeeperBtcPubkeys: string[];\n registeredPayoutScriptPubKey: string;\n commissionBps: number;\n}): void {\n const {\n payoutTx,\n peginValueSats,\n claimerBtcPubkey,\n vaultProviderBtcPubkey,\n depositorBtcPubkey,\n vaultKeeperBtcPubkeys,\n registeredPayoutScriptPubKey,\n commissionBps,\n } = args;\n\n if (!isValidHex(registeredPayoutScriptPubKey)) {\n throw new Error(\"Invalid registeredPayoutScriptPubKey: not valid hex\");\n }\n\n const claimer = stripHexPrefix(claimerBtcPubkey).toLowerCase();\n const vp = stripHexPrefix(vaultProviderBtcPubkey).toLowerCase();\n const dep = stripHexPrefix(depositorBtcPubkey).toLowerCase();\n const keepers = vaultKeeperBtcPubkeys.map((k) =>\n stripHexPrefix(k).toLowerCase(),\n );\n\n type Role = \"vp-claimer\" | \"depositor-as-claimer\" | \"vk-claimer\";\n let role: Role;\n let expectedOutCount: number;\n let expectedOut0ScriptHex: string;\n\n if (claimer === vp) {\n role = \"vp-claimer\";\n expectedOutCount = VP_CLAIMER_PAYOUT_OUTPUT_COUNT;\n expectedOut0ScriptHex = stripHexPrefix(registeredPayoutScriptPubKey);\n } else if (claimer === dep) {\n role = \"depositor-as-claimer\";\n expectedOutCount = NON_VP_CLAIMER_PAYOUT_OUTPUT_COUNT;\n expectedOut0ScriptHex = stripHexPrefix(registeredPayoutScriptPubKey);\n } else if (keepers.includes(claimer)) {\n role = \"vk-claimer\";\n expectedOutCount = NON_VP_CLAIMER_PAYOUT_OUTPUT_COUNT;\n expectedOut0ScriptHex = stripHexPrefix(deriveBip86ScriptPubKeyHex(claimer));\n } else {\n throw new Error(\n `Unknown claimer pubkey ${claimer}: not VP, depositor, or a registered vault keeper`,\n );\n }\n\n if (payoutTx.outs.length !== expectedOutCount) {\n throw new Error(\n `Payout transaction has ${payoutTx.outs.length} output(s), ` +\n `expected exactly ${expectedOutCount} for role ${role}.`,\n );\n }\n\n const expectedOut0Script = Buffer.from(expectedOut0ScriptHex, \"hex\");\n if (!payoutTx.outs[0].script.equals(expectedOut0Script)) {\n throw new Error(\n `Payout transaction output 0 does not pay the expected scriptPubKey for role ${role}`,\n );\n }\n\n const anchorIdx = expectedOutCount - 1;\n if (payoutTx.outs[anchorIdx].value !== PAYOUT_ANCHOR_DUST_SATS) {\n throw new Error(\n `Payout CPFP anchor (out ${anchorIdx}) value ${payoutTx.outs[anchorIdx].value} sats ` +\n `must equal ${PAYOUT_ANCHOR_DUST_SATS} sats`,\n );\n }\n\n if (role === \"vp-claimer\") {\n // Structural guard only — a non-negative integer below the bps\n // denominator, so the cap math `floor(peginValue * bps / 10_000)` is\n // meaningful. The protocol minimum is enforced at the trust boundary\n // (`prepareSigningContext`); a too-low value here is fail-safe.\n if (\n !Number.isInteger(commissionBps) ||\n commissionBps < 0 ||\n commissionBps >= MAX_VP_COMMISSION_BPS_EXCLUSIVE\n ) {\n throw new Error(\n `commissionBps must be an integer in ` +\n `[0, ${MAX_VP_COMMISSION_BPS_EXCLUSIVE}), got ${commissionBps}`,\n );\n }\n const maxCommissionSats = Math.floor(\n (peginValueSats * commissionBps) / MAX_VP_COMMISSION_BPS_EXCLUSIVE,\n );\n if (payoutTx.outs[1].value > maxCommissionSats) {\n throw new Error(\n `Payout VP commission (out 1) value ${payoutTx.outs[1].value} sats ` +\n `exceeds cap ${maxCommissionSats} sats ` +\n `(${commissionBps} bps of peginValue=${peginValueSats})`,\n );\n }\n }\n}\n\n/**\n * Extract Schnorr signature from signed payout PSBT.\n *\n * This function supports two cases:\n * 1. Non-finalized PSBT: Extracts from tapScriptSig field\n * 2. Finalized PSBT: Extracts from witness data\n *\n * The signature is returned as a 64-byte hex string (128 hex characters).\n * Payout signatures must use implicit Taproot SIGHASH_DEFAULT, which is\n * encoded by omitting the sighash byte.\n *\n * @param signedPsbtHex - Signed PSBT hex\n * @param depositorPubkey - Depositor's public key (x-only, 64-char hex)\n * @param inputIndex - Input index to extract signature from (default: 0)\n * @returns 64-byte Schnorr signature (128 hex characters, no sighash flag)\n *\n * @throws If no signature is found in the PSBT\n * @throws If the signature has an unexpected length\n */\nexport function extractPayoutSignature(\n signedPsbtHex: string,\n depositorPubkey: string,\n inputIndex = 0,\n): string {\n const signedPsbt = Psbt.fromHex(signedPsbtHex);\n\n if (inputIndex >= signedPsbt.data.inputs.length) {\n throw new Error(\n `Input index ${inputIndex} out of range (${signedPsbt.data.inputs.length} inputs)`,\n );\n }\n\n const input = signedPsbt.data.inputs[inputIndex];\n\n // Case 1: Non-finalized PSBT — extract from tapScriptSig\n if (input.tapScriptSig && input.tapScriptSig.length > 0) {\n const depositorPubkeyBytes = hexToUint8Array(depositorPubkey);\n\n for (const sigEntry of input.tapScriptSig) {\n if (sigEntry.pubkey.equals(Buffer.from(depositorPubkeyBytes))) {\n return extractSchnorrSig(sigEntry.signature, inputIndex);\n }\n }\n\n throw new Error(\n `No signature found for depositor pubkey: ${depositorPubkey} at input ${inputIndex}`,\n );\n }\n\n // Case 2: Finalized PSBT — extract from finalScriptWitness\n // Taproot single-signature script-path witness: [signature, script, controlBlock].\n // Enforce the exact stack size so that if a wallet produces an unexpected\n // finalization (e.g. a multi-signature stack, an annex, or malformed data),\n // we fail loudly instead of silently returning witnessStack[0] which may\n // not be the depositor's signature.\n if (input.finalScriptWitness && input.finalScriptWitness.length > 0) {\n const witnessStack = parseWitnessStack(input.finalScriptWitness);\n if (witnessStack.length !== TAPROOT_SINGLE_SIG_WITNESS_STACK_SIZE) {\n throw new Error(\n `Unexpected finalized witness stack size at input ${inputIndex}: ` +\n `expected ${TAPROOT_SINGLE_SIG_WITNESS_STACK_SIZE} items (signature, script, controlBlock), ` +\n `got ${witnessStack.length}`,\n );\n }\n return extractSchnorrSig(witnessStack[0], inputIndex);\n }\n\n throw new Error(\n `No tapScriptSig or finalScriptWitness found in signed PSBT at input ${inputIndex}`,\n );\n}\n\n/**\n * Extract and validate a 64-byte Schnorr signature.\n * Rejects 65-byte signatures because the appended sighash byte changes the\n * Taproot message being signed; stripping it would produce an unverifiable\n * SIGHASH_DEFAULT signature.\n * @internal\n */\nfunction extractSchnorrSig(sig: Uint8Array, inputIndex: number): string {\n if (sig.length === 64) {\n return uint8ArrayToHex(new Uint8Array(sig));\n }\n if (sig.length === 65) {\n throw new Error(\n `Unexpected sighash byte 0x${sig[64].toString(16).padStart(2, \"0\")} at input ${inputIndex}. ` +\n \"Expected implicit SIGHASH_DEFAULT as a 64-byte signature.\",\n );\n }\n throw new Error(\n `Unexpected signature length at input ${inputIndex}: ${sig.length}`,\n );\n}\n\n/**\n * Parse a BIP-141 serialized witness stack into individual stack items.\n * Format: [varint item_count] [varint len, data]...\n *\n * Throws on malformed input (truncated buffer, 8-byte varints, or trailing\n * bytes) so callers never receive silently-corrupted witness items.\n * @internal\n */\nfunction parseWitnessStack(witness: Buffer): Buffer[] {\n const items: Buffer[] = [];\n let offset = 0;\n\n const requireBytes = (n: number): void => {\n if (offset + n > witness.length) {\n throw new Error(\n `Malformed witness data: need ${n} byte(s) at offset ${offset}, only ${witness.length - offset} remaining`,\n );\n }\n };\n\n const readVarInt = (): number => {\n requireBytes(1);\n const first = witness[offset++];\n if (first < 0xfd) return first;\n if (first === 0xfd) {\n requireBytes(2);\n const val = (witness[offset] | (witness[offset + 1] << 8)) >>> 0;\n offset += 2;\n return val;\n }\n if (first === 0xfe) {\n requireBytes(4);\n const val =\n (witness[offset] |\n (witness[offset + 1] << 8) |\n (witness[offset + 2] << 16) |\n (witness[offset + 3] << 24)) >>>\n 0;\n offset += 4;\n return val;\n }\n // 0xff — 8-byte varint. Not used for witness sizes in practice and JS\n // numbers cannot represent all 64-bit values exactly, so reject rather\n // than risk silent truncation.\n throw new Error(\n `Malformed witness data: 8-byte varint (0xff) not supported at offset ${offset - 1}`,\n );\n };\n\n const count = readVarInt();\n for (let i = 0; i < count; i++) {\n const len = readVarInt();\n requireBytes(len);\n items.push(Buffer.from(witness.subarray(offset, offset + len)));\n offset += len;\n }\n\n if (offset !== witness.length) {\n throw new Error(\n `Malformed witness data: ${witness.length - offset} trailing byte(s) after parsing ${count} item(s)`,\n );\n }\n\n return items;\n}\n\n","/**\n * Asserts a wallet-returned PSBT encodes the same unsigned transaction\n * as the locally-built PSBT we asked the wallet to sign. Per-input PSBT\n * metadata (witnessUtxo, tapLeafScript, sighashType) is intentionally NOT\n * compared — those fields are committed to the Schnorr sighash and the\n * vault provider's `verify_depositor_signature` rejects mismatches there.\n * This primitive defends the path where a colluding VP would otherwise\n * accept a wallet-substituted signature.\n */\n\nimport { Buffer } from \"buffer\";\n\nimport { Psbt } from \"bitcoinjs-lib\";\n\n/**\n * Thrown when a wallet-returned PSBT encodes a different unsigned\n * transaction than the one the caller asked the wallet to sign.\n */\nexport class PsbtSubstitutionError extends Error {\n constructor(detail: string) {\n super(\n `Wallet returned a PSBT for a different transaction: ${detail}`,\n );\n this.name = \"PsbtSubstitutionError\";\n }\n}\n\nexport interface AssertPsbtUnsignedTxMatchesParams {\n /** PSBT we built locally and asked the wallet to sign. */\n requestedPsbtHex: string;\n /** PSBT the wallet returned after signing. */\n returnedPsbtHex: string;\n}\n\nfunction parsePsbt(label: \"requested\" | \"returned\", hex: string): Psbt {\n try {\n return Psbt.fromHex(hex);\n } catch (cause) {\n const reason = cause instanceof Error ? cause.message : String(cause);\n throw new Error(`Failed to parse ${label} PSBT: ${reason}`);\n }\n}\n\n/**\n * Length of the hex prefix included in mismatch errors. Short enough that\n * full prevout txids and output scriptPubKeys never reach logs / error\n * trackers, long enough to disambiguate during forensic triage.\n */\nconst REDACTED_HEX_PREFIX_LEN = 8;\n\nfunction redactHex(buf: Buffer): string {\n return `${buf.toString(\"hex\").slice(0, REDACTED_HEX_PREFIX_LEN)}…`;\n}\n\n/**\n * `bitcoinjs-lib` exposes `txInputs[i].hash` in internal little-endian form;\n * a human reading logs expects the big-endian txid an explorer would show.\n * Reverse before truncating so the surfaced prefix matches what an operator\n * can search for.\n */\nfunction redactTxid(internalHash: Buffer): string {\n const reversed = Buffer.from(internalHash).reverse();\n return redactHex(reversed);\n}\n\n/**\n * Compare two PSBTs and throw `PsbtSubstitutionError` unless they encode\n * the same unsigned transaction (version, locktime, inputs, outputs).\n *\n * @throws PsbtSubstitutionError on any mismatch in the unsigned tx\n * @throws Error if either PSBT cannot be parsed\n */\nexport function assertPsbtUnsignedTxMatches(\n params: AssertPsbtUnsignedTxMatchesParams,\n): void {\n const requested = parsePsbt(\"requested\", params.requestedPsbtHex);\n const returned = parsePsbt(\"returned\", params.returnedPsbtHex);\n\n if (requested.version !== returned.version) {\n throw new PsbtSubstitutionError(\n `tx version differs (requested=${requested.version}, returned=${returned.version})`,\n );\n }\n if (requested.locktime !== returned.locktime) {\n throw new PsbtSubstitutionError(\n `tx locktime differs (requested=${requested.locktime}, returned=${returned.locktime})`,\n );\n }\n if (requested.txInputs.length !== returned.txInputs.length) {\n throw new PsbtSubstitutionError(\n `input count differs (requested=${requested.txInputs.length}, returned=${returned.txInputs.length})`,\n );\n }\n if (requested.txOutputs.length !== returned.txOutputs.length) {\n throw new PsbtSubstitutionError(\n `output count differs (requested=${requested.txOutputs.length}, returned=${returned.txOutputs.length})`,\n );\n }\n for (let i = 0; i < requested.txInputs.length; i++) {\n const r = requested.txInputs[i];\n const s = returned.txInputs[i];\n if (!r.hash.equals(s.hash)) {\n throw new PsbtSubstitutionError(\n `input ${i} prevout txid differs (requested=${redactTxid(r.hash)}, returned=${redactTxid(s.hash)})`,\n );\n }\n if (r.index !== s.index) {\n throw new PsbtSubstitutionError(\n `input ${i} prevout vout differs (requested=${r.index}, returned=${s.index})`,\n );\n }\n if (r.sequence !== s.sequence) {\n throw new PsbtSubstitutionError(\n `input ${i} sequence differs (requested=${r.sequence}, returned=${s.sequence})`,\n );\n }\n }\n for (let i = 0; i < requested.txOutputs.length; i++) {\n const r = requested.txOutputs[i];\n const s = returned.txOutputs[i];\n if (!r.script.equals(s.script)) {\n throw new PsbtSubstitutionError(\n `output ${i} scriptPubKey differs (requested=${redactHex(r.script)}, returned=${redactHex(s.script)})`,\n );\n }\n if (r.value !== s.value) {\n throw new PsbtSubstitutionError(\n `output ${i} value differs (requested=${r.value}, returned=${s.value})`,\n );\n }\n }\n}\n"],"names":["AUTH_ANCHOR_HASH_HEX_LEN","HEX_PATTERN","buildPrePeginPsbt","params","authAnchorHash","normalizeAuthAnchorHash","result","createPrePeginTransaction","totalOutputValue","parseUnfundedWasmTransaction","sum","o","authAnchorVout","value","cleaned","buildPeginTxFromFundedPrePegin","buildPeginTxFromPrePegin","createPayoutScript","connector","createPayoutConnector","DEPOSITOR_PAYOUT_INPUT_COUNT","PEGIN_VAULT_OUTPUT_INDEX","ASSERT_PAYOUT_OUTPUT_INDEX","PAYOUT_ANCHOR_DUST_SATS","VP_CLAIMER_PAYOUT_OUTPUT_COUNT","NON_VP_CLAIMER_PAYOUT_OUTPUT_COUNT","MAX_VP_COMMISSION_BPS_EXCLUSIVE","TAPROOT_SINGLE_SIG_WITNESS_STACK_SIZE","MAX_PAYOUT_FEE_FRACTION_NUMERATOR","MAX_PAYOUT_FEE_FRACTION_DENOMINATOR","buildPayoutPsbt","payoutTxHex","stripHexPrefix","peginTxHex","assertTxHex","payoutConnector","payoutScriptBytes","hexToUint8Array","controlBlock","payoutTx","Transaction","peginTx","assertTx","psbt","Psbt","input0","input1","input0Txid","uint8ArrayToHex","peginTxid","input1Txid","assertTxid","peginPrevOut","input1PrevOut","assertPayoutOutputLayout","inputValueSats","outputValueSats","out","implicitFeeSats","maxFeeSats","TAPSCRIPT_LEAF_VERSION","Buffer","tapInternalPubkey","output","args","peginValueSats","claimerBtcPubkey","vaultProviderBtcPubkey","depositorBtcPubkey","vaultKeeperBtcPubkeys","registeredPayoutScriptPubKey","commissionBps","isValidHex","claimer","vp","dep","keepers","k","role","expectedOutCount","expectedOut0ScriptHex","deriveBip86ScriptPubKeyHex","expectedOut0Script","anchorIdx","maxCommissionSats","extractPayoutSignature","signedPsbtHex","depositorPubkey","inputIndex","signedPsbt","input","depositorPubkeyBytes","sigEntry","extractSchnorrSig","witnessStack","parseWitnessStack","sig","witness","items","offset","requireBytes","n","readVarInt","first","val","count","i","len","PsbtSubstitutionError","detail","parsePsbt","label","hex","cause","reason","REDACTED_HEX_PREFIX_LEN","redactHex","buf","redactTxid","internalHash","reversed","assertPsbtUnsignedTxMatches","requested","returned","r","s"],"mappings":"0MAoEMA,EAA2B,GAE3BC,EAAc,iBA2EpB,eAAsBC,EACpBC,EAC6B,CAC7B,MAAMC,EAAiBC,EAAwBF,EAAO,cAAc,EAE9DG,EAAS,MAAMC,4BAA0B,CAC7C,gBAAiBJ,EAAO,gBACxB,oBAAqBA,EAAO,oBAC5B,mBAAoBA,EAAO,mBAC3B,2BAA4BA,EAAO,2BACnC,UAAW,CAAC,GAAGA,EAAO,SAAS,EAC/B,eAAgBA,EAAO,eACvB,aAAc,CAAC,GAAGA,EAAO,YAAY,EACrC,QAASA,EAAO,QAChB,gBAAiBA,EAAO,gBACxB,oBAAqBA,EAAO,oBAC5B,cAAeA,EAAO,cACtB,YAAaA,EAAO,YACpB,QAASA,EAAO,QAChB,eAAAC,CAAA,CACD,EAMKI,EADSC,EAAAA,6BAA6BH,EAAO,KAAK,EACxB,QAAQ,OACtC,CAACI,EAAKC,IAAMD,EAAM,OAAOC,EAAE,KAAK,EAChC,EAAA,EAKIC,EACJR,IAAmB,OAAYE,EAAO,WAAW,OAAS,KAE5D,MAAO,CACL,QAASA,EAAO,MAChB,iBAAAE,EACA,WAAYF,EAAO,WACnB,kBAAmBA,EAAO,kBAC1B,cAAeA,EAAO,cACtB,aAAcA,EAAO,aACrB,oBAAqBA,EAAO,oBAC5B,eAAAM,CAAA,CAEJ,CAMO,SAASP,EACdQ,EACoB,CACpB,GAAIA,IAAU,OAAW,OACzB,MAAMC,EACJD,EAAM,WAAW,IAAI,GAAKA,EAAM,WAAW,IAAI,EAAIA,EAAM,MAAM,CAAC,EAAIA,EACtE,GACEC,EAAQ,SAAWd,GACnB,CAACC,EAAY,KAAKa,CAAO,EAEzB,MAAM,IAAI,MACR,uCAAuCd,CAAwB,qCAAqCc,EAAQ,MAAM,EAAA,EAGtH,OAAOA,EAAQ,YAAA,CACjB,CAYA,eAAsBC,EACpBZ,EACwB,CAMxB,MAAMG,EAAS,MAAMU,EAAAA,yBACnB,CACE,gBAAiBb,EAAO,eAAe,gBACvC,oBAAqBA,EAAO,eAAe,oBAC3C,mBAAoBA,EAAO,eAAe,mBAC1C,2BACEA,EAAO,eAAe,2BACxB,UAAW,CAAC,GAAGA,EAAO,eAAe,SAAS,EAC9C,eAAgBA,EAAO,eAAe,eACtC,aAAc,CAAC,GAAGA,EAAO,eAAe,YAAY,EACpD,QAASA,EAAO,eAAe,QAC/B,gBAAiBA,EAAO,eAAe,gBACvC,oBAAqBA,EAAO,eAAe,oBAC3C,cAAeA,EAAO,eAAe,cACrC,YAAaA,EAAO,eAAe,YACnC,QAASA,EAAO,eAAe,QAC/B,eAAgBE,EACdF,EAAO,eAAe,cAAA,CACxB,EAEFA,EAAO,cACPA,EAAO,oBACPA,EAAO,QAAA,EAGT,MAAO,CACL,MAAOG,EAAO,MACd,KAAMA,EAAO,KACb,kBAAmBA,EAAO,kBAC1B,WAAYA,EAAO,UAAA,CAEvB,CCzHA,eAAsBW,EACpBd,EAC6B,CAE7B,MAAMe,EAAY,MAAMC,EAAAA,sBACtB,CACE,UAAWhB,EAAO,UAClB,cAAeA,EAAO,cACtB,aAAcA,EAAO,aACrB,qBAAsBA,EAAO,qBAC7B,cAAeA,EAAO,aAAA,EAExBA,EAAO,OAAA,EAGT,MAAO,CACL,aAAce,EAAU,aACxB,kBAAmBA,EAAU,kBAC7B,aAAcA,EAAU,aACxB,QAASA,EAAU,QACnB,mBAAoBA,EAAU,kBAAA,CAElC,CCnJO,MAAME,EAA+B,EAG/BC,EAA2B,EAG3BC,EAA6B,EAM7BC,EAA0B,IAG1BC,EAAiC,EAGjCC,EAAqC,EAQrCC,EAAkC,ICEzCC,EAAwC,EAQxCC,EAAoC,GACpCC,EAAsC,IAoH5C,eAAsBC,EACpB3B,EAC2B,CAE3B,MAAM4B,EAAcC,EAAAA,eAAe7B,EAAO,WAAW,EAC/C8B,EAAaD,EAAAA,eAAe7B,EAAO,UAAU,EAC7C+B,EAAcF,EAAAA,eAAe7B,EAAO,WAAW,EAG/CgC,EAAkB,MAAMlB,EAAmB,CAC/C,UAAWd,EAAO,mBAClB,cAAeA,EAAO,uBACtB,aAAcA,EAAO,sBACrB,qBAAsBA,EAAO,8BAC7B,cAAeA,EAAO,cACtB,QAASA,EAAO,OAAA,CACjB,EAEKiC,EAAoBC,EAAAA,gBAAgBF,EAAgB,YAAY,EAChEG,EAAeD,EAAAA,gBAAgBF,EAAgB,kBAAkB,EAGjEI,EAAWC,EAAAA,YAAY,QAAQT,CAAW,EAC1CU,EAAUD,EAAAA,YAAY,QAAQP,CAAU,EACxCS,EAAWF,EAAAA,YAAY,QAAQN,CAAW,EAG1CS,EAAO,IAAIC,OAajB,GAZAD,EAAK,WAAWJ,EAAS,OAAO,EAChCI,EAAK,YAAYJ,EAAS,QAAQ,EAW9BA,EAAS,IAAI,SAAW,EAC1B,MAAM,IAAI,MACR,sDAAsDA,EAAS,IAAI,MAAM,EAAA,EAI7E,MAAMM,EAASN,EAAS,IAAI,CAAC,EACvBO,EAASP,EAAS,IAAI,CAAC,EAMvBQ,EAAaC,EAAAA,gBACjB,IAAI,WAAWH,EAAO,IAAI,EAAE,MAAA,EAAQ,QAAA,CAAQ,EAExCI,EAAYR,EAAQ,MAAA,EAE1B,GAAIM,IAAeE,GAAaJ,EAAO,QAAUxB,EAC/C,MAAM,IAAI,MACR,4BAA4BA,CAAwB,cACtC4B,CAAS,IAAI5B,CAAwB,SAAS0B,CAAU,IAAIF,EAAO,KAAK,EAAA,EAK1F,MAAMK,EAAaF,EAAAA,gBACjB,IAAI,WAAWF,EAAO,IAAI,EAAE,MAAA,EAAQ,QAAA,CAAQ,EAExCK,EAAaT,EAAS,MAAA,EAE5B,GAAIQ,IAAeC,GAAcL,EAAO,QAAUxB,EAChD,MAAM,IAAI,MACR,6BAA6BA,CAA0B,cACzC6B,CAAU,IAAI7B,CAA0B,SAAS4B,CAAU,IAAIJ,EAAO,KAAK,EAAA,EAI7F,MAAMM,EAAeX,EAAQ,KAAKI,EAAO,KAAK,EAC9C,GAAI,CAACO,EACH,MAAM,IAAI,MACR,gDAAgDL,CAAU,YAAYF,EAAO,KAAK,GAAA,EAItF,MAAMQ,EAAgBX,EAAS,KAAKI,EAAO,KAAK,EAChD,GAAI,CAACO,EACH,MAAM,IAAI,MACR,gDAAgDH,CAAU,YAAYJ,EAAO,KAAK,GAAA,EAMtFQ,EAAyB,CACvB,SAAAf,EACA,eAAgBa,EAAa,MAC7B,iBAAkBjD,EAAO,iBACzB,uBAAwBA,EAAO,uBAC/B,mBAAoBA,EAAO,mBAC3B,sBAAuBA,EAAO,sBAC9B,6BAA8BA,EAAO,6BACrC,cAAeA,EAAO,aAAA,CACvB,EAID,MAAMoD,EAAiBH,EAAa,MAAQC,EAAc,MAC1D,IAAIG,EAAkB,EACtB,UAAWC,KAAOlB,EAAS,KAAMiB,GAAmBC,EAAI,MACxD,GAAID,EAAkBD,EACpB,MAAM,IAAI,MACR,mBAAmBC,CAAe,yBAC5BD,CAAc,8BAAA,EAGxB,MAAMG,EAAkBH,EAAiBC,EACnCG,EAAa,KAAK,MACrBJ,EAAiB3B,EAChBC,CAAA,EAEJ,GAAI6B,EAAkBC,EACpB,MAAM,IAAI,MACR,uBAAuBD,CAAe,mCAC9BC,CAAU,UACZ/B,CAAiC,IAAIC,CAAmC,cAC/D0B,CAAc,6BAAA,EAMjCZ,EAAK,SAAS,CACZ,KAAME,EAAO,KACb,MAAOA,EAAO,MACd,SAAUA,EAAO,SACjB,YAAa,CACX,OAAQO,EAAa,OACrB,MAAOA,EAAa,KAAA,EAEtB,cAAe,CACb,CACE,YAAaQ,EAAAA,uBACb,OAAQC,EAAAA,OAAO,KAAKzB,CAAiB,EACrC,aAAcyB,EAAAA,OAAO,KAAKvB,CAAY,CAAA,CACxC,EAEF,eAAgBuB,EAAAA,OAAO,KAAKC,EAAAA,iBAAiB,CAAA,CAE9C,EAKDnB,EAAK,SAAS,CACZ,KAAMG,EAAO,KACb,MAAOA,EAAO,MACd,SAAUA,EAAO,SACjB,YAAa,CACX,OAAQO,EAAc,OACtB,MAAOA,EAAc,KAAA,CACvB,CAED,EAGD,UAAWU,KAAUxB,EAAS,KAC5BI,EAAK,UAAU,CACb,OAAQoB,EAAO,OACf,MAAOA,EAAO,KAAA,CACf,EAGH,MAAO,CACL,QAASpB,EAAK,MAAA,CAAM,CAExB,CAeA,SAASW,EAAyBU,EASzB,CACP,KAAM,CACJ,SAAAzB,EACA,eAAA0B,EACA,iBAAAC,EACA,uBAAAC,EACA,mBAAAC,EACA,sBAAAC,EACA,6BAAAC,EACA,cAAAC,CAAA,EACEP,EAEJ,GAAI,CAACQ,EAAAA,WAAWF,CAA4B,EAC1C,MAAM,IAAI,MAAM,qDAAqD,EAGvE,MAAMG,EAAUzC,EAAAA,eAAekC,CAAgB,EAAE,YAAA,EAC3CQ,EAAK1C,EAAAA,eAAemC,CAAsB,EAAE,YAAA,EAC5CQ,EAAM3C,EAAAA,eAAeoC,CAAkB,EAAE,YAAA,EACzCQ,EAAUP,EAAsB,IAAKQ,GACzC7C,EAAAA,eAAe6C,CAAC,EAAE,YAAA,CAAY,EAIhC,IAAIC,EACAC,EACAC,EAEJ,GAAIP,IAAYC,EACdI,EAAO,aACPC,EAAmBvD,EACnBwD,EAAwBhD,EAAAA,eAAesC,CAA4B,UAC1DG,IAAYE,EACrBG,EAAO,uBACPC,EAAmBtD,EACnBuD,EAAwBhD,EAAAA,eAAesC,CAA4B,UAC1DM,EAAQ,SAASH,CAAO,EACjCK,EAAO,aACPC,EAAmBtD,EACnBuD,EAAwBhD,EAAAA,eAAeiD,6BAA2BR,CAAO,CAAC,MAE1E,OAAM,IAAI,MACR,0BAA0BA,CAAO,mDAAA,EAIrC,GAAIlC,EAAS,KAAK,SAAWwC,EAC3B,MAAM,IAAI,MACR,0BAA0BxC,EAAS,KAAK,MAAM,gCACxBwC,CAAgB,aAAaD,CAAI,GAAA,EAI3D,MAAMI,EAAqBrB,EAAAA,OAAO,KAAKmB,EAAuB,KAAK,EACnE,GAAI,CAACzC,EAAS,KAAK,CAAC,EAAE,OAAO,OAAO2C,CAAkB,EACpD,MAAM,IAAI,MACR,+EAA+EJ,CAAI,EAAA,EAIvF,MAAMK,EAAYJ,EAAmB,EACrC,GAAIxC,EAAS,KAAK4C,CAAS,EAAE,QAAU5D,EACrC,MAAM,IAAI,MACR,2BAA2B4D,CAAS,WAAW5C,EAAS,KAAK4C,CAAS,EAAE,KAAK,oBAC7D5D,CAAuB,OAAA,EAI3C,GAAIuD,IAAS,aAAc,CAKzB,GACE,CAAC,OAAO,UAAUP,CAAa,GAC/BA,EAAgB,GAChBA,GAAiB7C,EAEjB,MAAM,IAAI,MACR,2CACSA,CAA+B,UAAU6C,CAAa,EAAA,EAGnE,MAAMa,EAAoB,KAAK,MAC5BnB,EAAiBM,EAAiB7C,CAAA,EAErC,GAAIa,EAAS,KAAK,CAAC,EAAE,MAAQ6C,EAC3B,MAAM,IAAI,MACR,sCAAsC7C,EAAS,KAAK,CAAC,EAAE,KAAK,qBAC3C6C,CAAiB,UAC5Bb,CAAa,sBAAsBN,CAAc,GAAA,CAG7D,CACF,CAqBO,SAASoB,EACdC,EACAC,EACAC,EAAa,EACL,CACR,MAAMC,EAAa7C,EAAAA,KAAK,QAAQ0C,CAAa,EAE7C,GAAIE,GAAcC,EAAW,KAAK,OAAO,OACvC,MAAM,IAAI,MACR,eAAeD,CAAU,kBAAkBC,EAAW,KAAK,OAAO,MAAM,UAAA,EAI5E,MAAMC,EAAQD,EAAW,KAAK,OAAOD,CAAU,EAG/C,GAAIE,EAAM,cAAgBA,EAAM,aAAa,OAAS,EAAG,CACvD,MAAMC,EAAuBtD,EAAAA,gBAAgBkD,CAAe,EAE5D,UAAWK,KAAYF,EAAM,aAC3B,GAAIE,EAAS,OAAO,OAAO/B,EAAAA,OAAO,KAAK8B,CAAoB,CAAC,EAC1D,OAAOE,EAAkBD,EAAS,UAAWJ,CAAU,EAI3D,MAAM,IAAI,MACR,4CAA4CD,CAAe,aAAaC,CAAU,EAAA,CAEtF,CAQA,GAAIE,EAAM,oBAAsBA,EAAM,mBAAmB,OAAS,EAAG,CACnE,MAAMI,EAAeC,EAAkBL,EAAM,kBAAkB,EAC/D,GAAII,EAAa,SAAWnE,EAC1B,MAAM,IAAI,MACR,oDAAoD6D,CAAU,cAChD7D,CAAqC,iDAC1CmE,EAAa,MAAM,EAAA,EAGhC,OAAOD,EAAkBC,EAAa,CAAC,EAAGN,CAAU,CACtD,CAEA,MAAM,IAAI,MACR,uEAAuEA,CAAU,EAAA,CAErF,CASA,SAASK,EAAkBG,EAAiBR,EAA4B,CACtE,GAAIQ,EAAI,SAAW,GACjB,OAAOhD,kBAAgB,IAAI,WAAWgD,CAAG,CAAC,EAE5C,MAAIA,EAAI,SAAW,GACX,IAAI,MACR,6BAA6BA,EAAI,EAAE,EAAE,SAAS,EAAE,EAAE,SAAS,EAAG,GAAG,CAAC,aAAaR,CAAU,6DAAA,EAIvF,IAAI,MACR,wCAAwCA,CAAU,KAAKQ,EAAI,MAAM,EAAA,CAErE,CAUA,SAASD,EAAkBE,EAA2B,CACpD,MAAMC,EAAkB,CAAA,EACxB,IAAIC,EAAS,EAEb,MAAMC,EAAgBC,GAAoB,CACxC,GAAIF,EAASE,EAAIJ,EAAQ,OACvB,MAAM,IAAI,MACR,gCAAgCI,CAAC,sBAAsBF,CAAM,UAAUF,EAAQ,OAASE,CAAM,YAAA,CAGpG,EAEMG,EAAa,IAAc,CAC/BF,EAAa,CAAC,EACd,MAAMG,EAAQN,EAAQE,GAAQ,EAC9B,GAAII,EAAQ,IAAM,OAAOA,EACzB,GAAIA,IAAU,IAAM,CAClBH,EAAa,CAAC,EACd,MAAMI,GAAOP,EAAQE,CAAM,EAAKF,EAAQE,EAAS,CAAC,GAAK,KAAQ,EAC/D,OAAAA,GAAU,EACHK,CACT,CACA,GAAID,IAAU,IAAM,CAClBH,EAAa,CAAC,EACd,MAAMI,GACHP,EAAQE,CAAM,EACZF,EAAQE,EAAS,CAAC,GAAK,EACvBF,EAAQE,EAAS,CAAC,GAAK,GACvBF,EAAQE,EAAS,CAAC,GAAK,MAC1B,EACF,OAAAA,GAAU,EACHK,CACT,CAIA,MAAM,IAAI,MACR,wEAAwEL,EAAS,CAAC,EAAA,CAEtF,EAEMM,EAAQH,EAAA,EACd,QAASI,EAAI,EAAGA,EAAID,EAAOC,IAAK,CAC9B,MAAMC,EAAML,EAAA,EACZF,EAAaO,CAAG,EAChBT,EAAM,KAAKrC,EAAAA,OAAO,KAAKoC,EAAQ,SAASE,EAAQA,EAASQ,CAAG,CAAC,CAAC,EAC9DR,GAAUQ,CACZ,CAEA,GAAIR,IAAWF,EAAQ,OACrB,MAAM,IAAI,MACR,2BAA2BA,EAAQ,OAASE,CAAM,mCAAmCM,CAAK,UAAA,EAI9F,OAAOP,CACT,CC9lBO,MAAMU,UAA8B,KAAM,CAC/C,YAAYC,EAAgB,CAC1B,MACE,uDAAuDA,CAAM,EAAA,EAE/D,KAAK,KAAO,uBACd,CACF,CASA,SAASC,EAAUC,EAAiCC,EAAmB,CACrE,GAAI,CACF,OAAOpE,EAAAA,KAAK,QAAQoE,CAAG,CACzB,OAASC,EAAO,CACd,MAAMC,EAASD,aAAiB,MAAQA,EAAM,QAAU,OAAOA,CAAK,EACpE,MAAM,IAAI,MAAM,mBAAmBF,CAAK,UAAUG,CAAM,EAAE,CAC5D,CACF,CAOA,MAAMC,GAA0B,EAEhC,SAASC,EAAUC,EAAqB,CACtC,MAAO,GAAGA,EAAI,SAAS,KAAK,EAAE,MAAM,EAAGF,EAAuB,CAAC,GACjE,CAQA,SAASG,EAAWC,EAA8B,CAChD,MAAMC,EAAW3D,EAAAA,OAAO,KAAK0D,CAAY,EAAE,QAAA,EAC3C,OAAOH,EAAUI,CAAQ,CAC3B,CASO,SAASC,GACdtH,EACM,CACN,MAAMuH,EAAYZ,EAAU,YAAa3G,EAAO,gBAAgB,EAC1DwH,EAAWb,EAAU,WAAY3G,EAAO,eAAe,EAE7D,GAAIuH,EAAU,UAAYC,EAAS,QACjC,MAAM,IAAIf,EACR,iCAAiCc,EAAU,OAAO,cAAcC,EAAS,OAAO,GAAA,EAGpF,GAAID,EAAU,WAAaC,EAAS,SAClC,MAAM,IAAIf,EACR,kCAAkCc,EAAU,QAAQ,cAAcC,EAAS,QAAQ,GAAA,EAGvF,GAAID,EAAU,SAAS,SAAWC,EAAS,SAAS,OAClD,MAAM,IAAIf,EACR,kCAAkCc,EAAU,SAAS,MAAM,cAAcC,EAAS,SAAS,MAAM,GAAA,EAGrG,GAAID,EAAU,UAAU,SAAWC,EAAS,UAAU,OACpD,MAAM,IAAIf,EACR,mCAAmCc,EAAU,UAAU,MAAM,cAAcC,EAAS,UAAU,MAAM,GAAA,EAGxG,QAASjB,EAAI,EAAGA,EAAIgB,EAAU,SAAS,OAAQhB,IAAK,CAClD,MAAMkB,EAAIF,EAAU,SAAShB,CAAC,EACxBmB,EAAIF,EAAS,SAASjB,CAAC,EAC7B,GAAI,CAACkB,EAAE,KAAK,OAAOC,EAAE,IAAI,EACvB,MAAM,IAAIjB,EACR,SAASF,CAAC,oCAAoCY,EAAWM,EAAE,IAAI,CAAC,cAAcN,EAAWO,EAAE,IAAI,CAAC,GAAA,EAGpG,GAAID,EAAE,QAAUC,EAAE,MAChB,MAAM,IAAIjB,EACR,SAASF,CAAC,oCAAoCkB,EAAE,KAAK,cAAcC,EAAE,KAAK,GAAA,EAG9E,GAAID,EAAE,WAAaC,EAAE,SACnB,MAAM,IAAIjB,EACR,SAASF,CAAC,gCAAgCkB,EAAE,QAAQ,cAAcC,EAAE,QAAQ,GAAA,CAGlF,CACA,QAASnB,EAAI,EAAGA,EAAIgB,EAAU,UAAU,OAAQhB,IAAK,CACnD,MAAMkB,EAAIF,EAAU,UAAUhB,CAAC,EACzBmB,EAAIF,EAAS,UAAUjB,CAAC,EAC9B,GAAI,CAACkB,EAAE,OAAO,OAAOC,EAAE,MAAM,EAC3B,MAAM,IAAIjB,EACR,UAAUF,CAAC,oCAAoCU,EAAUQ,EAAE,MAAM,CAAC,cAAcR,EAAUS,EAAE,MAAM,CAAC,GAAA,EAGvG,GAAID,EAAE,QAAUC,EAAE,MAChB,MAAM,IAAIjB,EACR,UAAUF,CAAC,6BAA6BkB,EAAE,KAAK,cAAcC,EAAE,KAAK,GAAA,CAG1E,CACF"}
package/dist/bitcoin-B5aNKtsk.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"bitcoin-B5aNKtsk.js","sources":["../src/tbv/core/primitives/utils/bitcoin.ts"],"sourcesContent":["/**\n * Bitcoin Utilities\n *\n * Common pure utility functions for Bitcoin operations including:\n * - Public key conversions (x-only format)\n * - Hex string manipulation\n * - Uint8Array conversions and validation\n * - Address derivation and validation\n *\n * All functions are pure (no side effects) and work in Node.js, browsers,\n * and serverless environments.\n *\n * @module primitives/utils/bitcoin\n */\n\nimport { Buffer } from \"buffer\";\nimport { networks, payments } from \"bitcoinjs-lib\";\n\nimport type { Network } from \"@babylonlabs-io/babylon-tbv-rust-wasm\";\nimport type { Hex } from \"viem\";\n\n/**\n * BIP-341 Tapscript leaf version for script-path spends.\n * @see https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki\n * @see Rust: bitcoin::taproot::LeafVersion::TapScript\n */\nexport const TAPSCRIPT_LEAF_VERSION = 0xc0;\n\n/**\n * Hex-string length of a 32-byte BIP-340 x-only public key (taproot,\n * Schnorr). Doubles the byte count: `2 * 32 = 64`.\n */\nexport const X_ONLY_PUBKEY_HEX_LEN = 64;\n\n/**\n * Hex-string length of a 33-byte SEC1-compressed secp256k1 public key\n * (`0x02` or `0x03` prefix + 32-byte x-coordinate). `2 * 33 = 66`.\n */\nexport const COMPRESSED_PUBKEY_HEX_LEN = 66;\n\n/**\n * Hex-string length of a 65-byte SEC1-uncompressed secp256k1 public\n * key (`0x04` prefix + 32-byte x + 32-byte y). `2 * 65 = 130`.\n */\nexport const UNCOMPRESSED_PUBKEY_HEX_LEN = 130;\n\n/**\n * Hex-string length of a 64-byte BIP-340 Schnorr signature. `2 * 64 = 128`.\n */\nexport const SCHNORR_SIG_HEX_LEN = 128;\n\n/**\n * Strip \"0x\" prefix from hex string if present.\n *\n * Bitcoin expects plain hex (no \"0x\" prefix), but frontend often uses\n * Ethereum-style \"0x\"-prefixed hex.\n *\n * @param hex - Hex string with or without \"0x\" prefix\n * @returns Hex string without \"0x\" prefix\n */\nexport function stripHexPrefix(hex: string): string {\n return hex.startsWith(\"0x\") || hex.startsWith(\"0X\") ? hex.slice(2) : hex;\n}\n\n/**\n * Ensure \"0x\" prefix on a hex string, returning viem's Hex type.\n *\n * Ethereum/viem APIs expect `0x`-prefixed hex, but Bitcoin tooling\n * typically omits the prefix. This normalises either form.\n *\n * @param hex - Hex string with or without \"0x\" prefix\n * @returns `0x`-prefixed hex string typed as viem Hex\n */\nexport function ensureHexPrefix(hex: string): Hex {\n if (hex.startsWith(\"0x\")) return hex as Hex;\n if (hex.startsWith(\"0X\")) return `0x${hex.slice(2)}` as Hex;\n return `0x${hex}` as Hex;\n}\n\n/**\n * Convert hex string to Uint8Array.\n *\n * @param hex - Hex string (with or without 0x prefix)\n * @returns Uint8Array\n * @throws If hex is invalid\n */\nexport function hexToUint8Array(hex: string): Uint8Array {\n const cleanHex = stripHexPrefix(hex);\n if (!isValidHexRaw(cleanHex)) {\n throw new Error(`Invalid hex string: ${hex}`);\n }\n const bytes = new Uint8Array(cleanHex.length / 2);\n for (let i = 0; i < cleanHex.length; i += 2) {\n bytes[i / 2] = parseInt(cleanHex.slice(i, i + 2), 16);\n }\n return bytes;\n}\n\n/**\n * Convert Uint8Array to hex string (without 0x prefix).\n *\n * @param bytes - Uint8Array to convert\n * @returns Hex string without 0x prefix\n */\nexport function uint8ArrayToHex(bytes: Uint8Array): string {\n return Array.from(bytes)\n .map((b) => b.toString(16).padStart(2, \"0\"))\n .join(\"\");\n}\n\n/**\n * Read the prevout txid (big-endian hex) from a bitcoinjs-lib transaction input.\n *\n * bitcoinjs-lib stores `hash` in little-endian internal byte order; txids are\n * displayed in big-endian, so the bytes must be reversed before hex-encoding.\n *\n * @param input - Transaction input with a `hash` field (Buffer or Uint8Array)\n * @returns Prevout txid as a hex string (big-endian, no 0x prefix)\n */\nexport function inputTxidHex(input: {\n hash: Buffer | Uint8Array;\n}): string {\n return uint8ArrayToHex(new Uint8Array(input.hash).slice().reverse());\n}\n\n/**\n * Convert a 33-byte public key to 32-byte x-only format (removes first byte).\n *\n * Used for Taproot/Schnorr signatures which only need the x-coordinate.\n * If the input is already 32 bytes, returns it unchanged.\n *\n * @param pubKey - 33-byte or 32-byte public key\n * @returns 32-byte x-only public key\n */\nexport function toXOnly(pubKey: Uint8Array): Uint8Array {\n return pubKey.length === 32 ? pubKey : pubKey.slice(1, 33);\n}\n\n/**\n * Internal helper: Validate hex string format without stripping prefix\n *\n * @internal\n * @param hex - Hex string (must already have prefix stripped)\n * @returns true if valid hex string\n */\nfunction isValidHexRaw(hex: string): boolean {\n return /^[0-9a-fA-F]*$/.test(hex) && hex.length % 2 === 0;\n}\n\n/**\n * Process and convert a public key to x-only format (32 bytes hex).\n *\n * Handles:\n * - 0x prefix removal\n * - Hex character validation\n * - Length validation\n * - Conversion to x-only format\n *\n * Accepts:\n * - 64 hex chars (32 bytes) - already x-only\n * - 66 hex chars (33 bytes) - compressed pubkey\n * - 130 hex chars (65 bytes) - uncompressed pubkey\n *\n * @param publicKeyHex - Public key in hex format (with or without 0x prefix)\n * @returns X-only public key as 32 bytes hex string (without 0x prefix)\n * @throws If public key format is invalid or contains invalid hex characters\n */\nexport function processPublicKeyToXOnly(publicKeyHex: string): string {\n // Remove '0x' prefix if present\n const cleanHex = stripHexPrefix(publicKeyHex);\n\n // Validate hex characters early to prevent silent failures\n if (!isValidHexRaw(cleanHex)) {\n throw new Error(`Invalid hex characters in public key: ${publicKeyHex}`);\n }\n\n // If already 64 chars (32 bytes), it's already x-only format\n if (cleanHex.length === X_ONLY_PUBKEY_HEX_LEN) {\n return cleanHex;\n }\n\n // Validate public key length (compressed SEC1 or uncompressed SEC1)\n if (\n cleanHex.length !== COMPRESSED_PUBKEY_HEX_LEN &&\n cleanHex.length !== UNCOMPRESSED_PUBKEY_HEX_LEN\n ) {\n throw new Error(\n `Invalid public key length: ${cleanHex.length} (expected ${X_ONLY_PUBKEY_HEX_LEN}, ${COMPRESSED_PUBKEY_HEX_LEN}, or ${UNCOMPRESSED_PUBKEY_HEX_LEN} hex chars)`,\n );\n }\n\n const pubkeyBytes = hexToUint8Array(cleanHex);\n return uint8ArrayToHex(toXOnly(pubkeyBytes));\n}\n\n/**\n * Validate hex string format.\n *\n * Checks that the string contains only valid hexadecimal characters (0-9, a-f, A-F)\n * and has an even length (since each byte is represented by 2 hex characters).\n *\n * @param hex - String to validate (with or without 0x prefix)\n * @returns true if valid hex string\n */\nexport function isValidHex(hex: string): boolean {\n const cleanHex = stripHexPrefix(hex);\n return isValidHexRaw(cleanHex);\n}\n\n/**\n * Result of validating a wallet public key against an expected depositor public key.\n */\nexport interface WalletPubkeyValidationResult {\n /** Wallet's raw public key (as returned by wallet, may be compressed) */\n walletPubkeyRaw: string;\n /** Wallet's public key in x-only format (32 bytes, 64 hex chars) */\n walletPubkeyXOnly: string;\n /** The validated depositor public key (x-only format) */\n depositorPubkey: string;\n}\n\n/**\n * Validate that a wallet's public key matches the expected depositor public key.\n *\n * This function:\n * 1. Converts the wallet pubkey to x-only format\n * 2. Validates the wallet x-only pubkey matches the expected depositor pubkey\n * (case-insensitive)\n *\n * @param walletPubkeyRaw - Raw public key from wallet (may be compressed 66 chars or x-only 64 chars)\n * @param expectedDepositorPubkey - Expected depositor public key (x-only).\n * Required: omitting it would degrade this check to a self-comparison.\n * @returns Validation result with both pubkey formats\n * @throws If `expectedDepositorPubkey` is missing/empty\n * @throws If wallet pubkey doesn't match expected depositor pubkey\n */\nexport function validateWalletPubkey(\n walletPubkeyRaw: string,\n expectedDepositorPubkey: string,\n): WalletPubkeyValidationResult {\n if (!expectedDepositorPubkey) {\n throw new Error(\n \"validateWalletPubkey requires expectedDepositorPubkey. Pass the on-chain registered depositor pubkey to avoid a self-comparison.\",\n );\n }\n\n const walletPubkeyXOnly = processPublicKeyToXOnly(walletPubkeyRaw);\n const depositorPubkey = expectedDepositorPubkey;\n\n if (walletPubkeyXOnly.toLowerCase() !== depositorPubkey.toLowerCase()) {\n throw new Error(\n `Wallet public key does not match vault depositor. ` +\n `Expected: ${depositorPubkey}, Got: ${walletPubkeyXOnly}. ` +\n `Please connect the wallet that was used to create this vault.`\n );\n }\n\n return { walletPubkeyRaw, walletPubkeyXOnly, depositorPubkey };\n}\n\n// ============================================================================\n// BTC formatting\n// ============================================================================\n\nconst SATOSHIS_PER_BTC = 100_000_000n;\n\n/**\n * Format satoshis as a human-readable BTC string with trailing zeros removed.\n */\nexport function formatSatoshisToBtc(satoshis: bigint): string {\n if (satoshis < 0n) {\n return `-${formatSatoshisToBtc(-satoshis)}`;\n }\n const whole = satoshis / SATOSHIS_PER_BTC;\n const fraction = satoshis % SATOSHIS_PER_BTC;\n let fractionStr = fraction.toString().padStart(8, \"0\");\n fractionStr = fractionStr.replace(/0+$/, \"\");\n return fractionStr.length > 0 ? `${whole}.${fractionStr}` : whole.toString();\n}\n\n// ============================================================================\n// Address derivation and validation\n// ============================================================================\n\n/**\n * Assert that the ECC library has been initialized via `initEccLib(ecc)`.\n *\n * The consuming application must call `initEccLib(ecc)` from `bitcoinjs-lib`\n * once at startup before using any SDK function that involves Taproot / P2TR\n * operations. This guard provides a clear error message when that step was\n * missed, instead of letting bitcoinjs-lib throw its generic\n * \"No ECC Library provided\" error deep in a call stack.\n */\nfunction assertEccInitialized(): void {\n try {\n payments.p2tr({ internalPubkey: Buffer.alloc(32, 1) });\n } catch (e) {\n if (e instanceof Error && e.message.includes(\"No ECC Library provided\")) {\n throw new Error(\n \"ECC library not initialized. \" +\n 'You must call initEccLib(ecc) from \"bitcoinjs-lib\" before using the SDK. ' +\n \"See the ts-sdk README for setup instructions.\",\n );\n }\n // Any other error means ECC is loaded (e.g. invalid key is fine — ECC worked).\n }\n}\n\n/**\n * Map SDK network type to bitcoinjs-lib Network object.\n *\n * @param network - Network type (\"bitcoin\", \"testnet\", \"signet\", \"regtest\")\n * @returns bitcoinjs-lib Network object\n */\nexport function getNetwork(network: Network): networks.Network {\n switch (network) {\n case \"bitcoin\":\n return networks.bitcoin;\n case \"testnet\":\n case \"signet\":\n return networks.testnet;\n case \"regtest\":\n return networks.regtest;\n default:\n throw new Error(`Unknown network: ${network}`);\n }\n}\n\n/**\n * Derive a Taproot (P2TR) address from a public key.\n *\n * @param publicKeyHex - Compressed (66 hex) or x-only (64 hex) public key\n * @param network - Bitcoin network\n * @returns Taproot address (bc1p... / tb1p... / bcrt1p...)\n */\nexport function deriveTaprootAddress(\n publicKeyHex: string,\n network: Network,\n): string {\n assertEccInitialized();\n const xOnly = hexToUint8Array(processPublicKeyToXOnly(publicKeyHex));\n const { address } = payments.p2tr({\n internalPubkey: Buffer.from(xOnly),\n network: getNetwork(network),\n });\n if (!address) {\n throw new Error(\"Failed to derive taproot address from public key\");\n }\n return address;\n}\n\n/**\n * Strip `0x` prefixes and lex-sort an array of x-only public keys.\n *\n * Used to produce the canonical (Rust-parity) keeper / challenger ordering\n * the protocol expects in payout and refund signing contexts.\n *\n * @param pubkeys - Array of x-only public keys (with or without `0x` prefix)\n * @returns Lex-sorted array of pubkeys with `0x` prefix stripped\n */\nexport function getSortedXOnlyPubkeys(pubkeys: string[]): string[] {\n return pubkeys.map(stripHexPrefix).sort();\n}\n\n/**\n * Derive the BIP-86 P2TR scriptPubKey (`0x`-prefixed hex) from an x-only\n * public key.\n *\n * Matches Rust `Bip86KeyConnector::generate_taproot_script_pubkey`: a\n * keypath-only P2TR output with no script tree. Used to compute the expected\n * payout address for vault keeper claimers, whose payout goes to their own\n * BIP-86 address rather than the depositor's registered payout address.\n *\n * Network-agnostic: P2TR scriptPubKey bytes are `OP_1 <32-byte tweaked-key>`\n * regardless of network.\n *\n * @param xOnlyPubkeyHex - X-only public key (64 hex chars, with or without `0x` prefix)\n * @returns `0x`-prefixed P2TR scriptPubKey hex\n * @throws If `xOnlyPubkeyHex` is not exactly 64 hex chars after prefix stripping\n */\nexport function deriveBip86ScriptPubKeyHex(xOnlyPubkeyHex: string): string {\n assertEccInitialized();\n const cleanHex = stripHexPrefix(xOnlyPubkeyHex);\n if (!/^[0-9a-fA-F]{64}$/.test(cleanHex)) {\n throw new Error(\n \"Invalid x-only pubkey: must be 64 hex characters (32 bytes, no 0x prefix)\",\n );\n }\n const { output } = payments.p2tr({\n internalPubkey: Buffer.from(cleanHex, \"hex\"),\n });\n if (!output) {\n throw new Error(\"Failed to derive BIP-86 P2TR scriptPubKey\");\n }\n return `0x${output.toString(\"hex\")}`;\n}\n\n/**\n * Derive a Native SegWit (P2WPKH) address from a compressed public key.\n *\n * @param publicKeyHex - Compressed public key (66 hex chars, with or without 0x prefix)\n * @param network - Bitcoin network\n * @returns Native SegWit address (bc1q... / tb1q... / bcrt1q...)\n * @throws If publicKeyHex is not a compressed public key (66 hex chars)\n */\nexport function deriveNativeSegwitAddress(\n publicKeyHex: string,\n network: Network,\n): string {\n const cleanHex = stripHexPrefix(publicKeyHex);\n if (cleanHex.length !== 66) {\n throw new Error(\n `Native SegWit requires a compressed public key (66 hex chars), got ${cleanHex.length}`,\n );\n }\n const { address } = payments.p2wpkh({\n pubkey: Buffer.from(hexToUint8Array(cleanHex)),\n network: getNetwork(network),\n });\n if (!address) {\n throw new Error(\n \"Failed to derive native segwit address from public key\",\n );\n }\n return address;\n}\n\n/**\n * Validate that a BTC address was derived from the given public key.\n *\n * Derives Taproot (P2TR) and Native SegWit (P2WPKH) addresses from the\n * public key and checks if the provided address matches any of them.\n *\n * P2WPKH derivation requires the full compressed key with explicit y-parity.\n * When only an x-only key is supplied, the y-parity is unknown and trying\n * both `02|x` and `03|x` would let an opposite-parity P2WPKH address — a\n * script the caller does NOT control — pass validation. We fail closed for\n * P2WPKH in that case; P2TR (which depends only on the x-coordinate) is\n * still validated and remains the supported path for Taproot wallets.\n *\n * @param address - BTC address to validate\n * @param publicKeyHex - Public key from the wallet (x-only 64 or compressed 66 hex chars)\n * @param network - Bitcoin network\n * @returns true if the address matches the public key\n */\nexport function isAddressFromPublicKey(\n address: string,\n publicKeyHex: string,\n network: Network,\n): boolean {\n const cleanHex = stripHexPrefix(publicKeyHex);\n\n // P2TR — works with both x-only and compressed keys\n try {\n if (address === deriveTaprootAddress(cleanHex, network)) {\n return true;\n }\n } catch {\n // derivation failed, continue\n }\n\n // P2WPKH — only attempt when the caller supplied a parity-bearing\n // compressed key. An x-only input is fail-closed here on purpose.\n if (cleanHex.length === COMPRESSED_PUBKEY_HEX_LEN) {\n try {\n if (address === deriveNativeSegwitAddress(cleanHex, network)) {\n return true;\n }\n } catch {\n // derivation failed, continue\n }\n }\n\n return false;\n}\n"],"names":["TAPSCRIPT_LEAF_VERSION","X_ONLY_PUBKEY_HEX_LEN","COMPRESSED_PUBKEY_HEX_LEN","UNCOMPRESSED_PUBKEY_HEX_LEN","SCHNORR_SIG_HEX_LEN","stripHexPrefix","hex","ensureHexPrefix","hexToUint8Array","cleanHex","isValidHexRaw","bytes","i","uint8ArrayToHex","b","inputTxidHex","input","toXOnly","pubKey","processPublicKeyToXOnly","publicKeyHex","pubkeyBytes","isValidHex","validateWalletPubkey","walletPubkeyRaw","expectedDepositorPubkey","walletPubkeyXOnly","depositorPubkey","SATOSHIS_PER_BTC","formatSatoshisToBtc","satoshis","whole","fractionStr","assertEccInitialized","payments","Buffer","e","getNetwork","network","networks","deriveTaprootAddress","xOnly","address","getSortedXOnlyPubkeys","pubkeys","deriveBip86ScriptPubKeyHex","xOnlyPubkeyHex","output","deriveNativeSegwitAddress","isAddressFromPublicKey"],"mappings":";;AA0BO,MAAMA,IAAyB,KAMzBC,IAAwB,IAMxBC,IAA4B,IAM5BC,IAA8B,KAK9BC,IAAsB;AAW5B,SAASC,EAAeC,GAAqB;AAClD,SAAOA,EAAI,WAAW,IAAI,KAAKA,EAAI,WAAW,IAAI,IAAIA,EAAI,MAAM,CAAC,IAAIA;AACvE;AAWO,SAASC,EAAgBD,GAAkB;AAChD,SAAIA,EAAI,WAAW,IAAI,IAAUA,IAC7BA,EAAI,WAAW,IAAI,IAAU,KAAKA,EAAI,MAAM,CAAC,CAAC,KAC3C,KAAKA,CAAG;AACjB;AASO,SAASE,EAAgBF,GAAyB;AACvD,QAAMG,IAAWJ,EAAeC,CAAG;AACnC,MAAI,CAACI,EAAcD,CAAQ;AACzB,UAAM,IAAI,MAAM,uBAAuBH,CAAG,EAAE;AAE9C,QAAMK,IAAQ,IAAI,WAAWF,EAAS,SAAS,CAAC;AAChD,WAASG,IAAI,GAAGA,IAAIH,EAAS,QAAQG,KAAK;AACxC,IAAAD,EAAMC,IAAI,CAAC,IAAI,SAASH,EAAS,MAAMG,GAAGA,IAAI,CAAC,GAAG,EAAE;AAEtD,SAAOD;AACT;AAQO,SAASE,EAAgBF,GAA2B;AACzD,SAAO,MAAM,KAAKA,CAAK,EACpB,IAAI,CAACG,MAAMA,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAC1C,KAAK,EAAE;AACZ;AAWO,SAASC,EAAaC,GAElB;AACT,SAAOH,EAAgB,IAAI,WAAWG,EAAM,IAAI,EAAE,MAAA,EAAQ,SAAS;AACrE;AAWO,SAASC,EAAQC,GAAgC;AACtD,SAAOA,EAAO,WAAW,KAAKA,IAASA,EAAO,MAAM,GAAG,EAAE;AAC3D;AASA,SAASR,EAAcJ,GAAsB;AAC3C,SAAO,iBAAiB,KAAKA,CAAG,KAAKA,EAAI,SAAS,MAAM;AAC1D;AAoBO,SAASa,EAAwBC,GAA8B;AAEpE,QAAMX,IAAWJ,EAAee,CAAY;AAG5C,MAAI,CAACV,EAAcD,CAAQ;AACzB,UAAM,IAAI,MAAM,yCAAyCW,CAAY,EAAE;AAIzE,MAAIX,EAAS,WAAWR;AACtB,WAAOQ;AAIT,MACEA,EAAS,WAAWP,KACpBO,EAAS,WAAWN;AAEpB,UAAM,IAAI;AAAA,MACR,8BAA8BM,EAAS,MAAM,cAAcR,CAAqB,KAAKC,CAAyB,QAAQC,CAA2B;AAAA,IAAA;AAIrJ,QAAMkB,IAAcb,EAAgBC,CAAQ;AAC5C,SAAOI,EAAgBI,EAAQI,CAAW,CAAC;AAC7C;AAWO,SAASC,EAAWhB,GAAsB;AAC/C,QAAMG,IAAWJ,EAAeC,CAAG;AACnC,SAAOI,EAAcD,CAAQ;AAC/B;AA6BO,SAASc,EACdC,GACAC,GAC8B;AAC9B,MAAI,CAACA;AACH,UAAM,IAAI;AAAA,MACR;AAAA,IAAA;AAIJ,QAAMC,IAAoBP,EAAwBK,CAAe,GAC3DG,IAAkBF;AAExB,MAAIC,EAAkB,YAAA,MAAkBC,EAAgB;AACtD,UAAM,IAAI;AAAA,MACR,+DACaA,CAAe,UAAUD,CAAiB;AAAA,IAAA;AAK3D,SAAO,EAAE,iBAAAF,GAAiB,mBAAAE,GAAmB,iBAAAC,EAAA;AAC/C;AAMA,MAAMC,IAAmB;AAKlB,SAASC,EAAoBC,GAA0B;AAC5D,MAAIA,IAAW;AACb,WAAO,IAAID,EAAoB,CAACC,CAAQ,CAAC;AAE3C,QAAMC,IAAQD,IAAWF;AAEzB,MAAII,KADaF,IAAWF,GACD,SAAA,EAAW,SAAS,GAAG,GAAG;AACrD,SAAAI,IAAcA,EAAY,QAAQ,OAAO,EAAE,GACpCA,EAAY,SAAS,IAAI,GAAGD,CAAK,IAAIC,CAAW,KAAKD,EAAM,SAAA;AACpE;AAeA,SAASE,IAA6B;AACpC,MAAI;AACF,IAAAC,EAAS,KAAK,EAAE,gBAAgBC,EAAO,MAAM,IAAI,CAAC,GAAG;AAAA,EACvD,SAASC,GAAG;AACV,QAAIA,aAAa,SAASA,EAAE,QAAQ,SAAS,yBAAyB;AACpE,YAAM,IAAI;AAAA,QACR;AAAA,MAAA;AAAA,EAMN;AACF;AAQO,SAASC,EAAWC,GAAoC;AAC7D,UAAQA,GAAA;AAAA,IACN,KAAK;AACH,aAAOC,EAAS;AAAA,IAClB,KAAK;AAAA,IACL,KAAK;AACH,aAAOA,EAAS;AAAA,IAClB,KAAK;AACH,aAAOA,EAAS;AAAA,IAClB;AACE,YAAM,IAAI,MAAM,oBAAoBD,CAAO,EAAE;AAAA,EAAA;AAEnD;AASO,SAASE,EACdpB,GACAkB,GACQ;AACR,EAAAL,EAAA;AACA,QAAMQ,IAAQjC,EAAgBW,EAAwBC,CAAY,CAAC,GAC7D,EAAE,SAAAsB,EAAA,IAAYR,EAAS,KAAK;AAAA,IAChC,gBAAgBC,EAAO,KAAKM,CAAK;AAAA,IACjC,SAASJ,EAAWC,CAAO;AAAA,EAAA,CAC5B;AACD,MAAI,CAACI;AACH,UAAM,IAAI,MAAM,kDAAkD;AAEpE,SAAOA;AACT;AAWO,SAASC,EAAsBC,GAA6B;AACjE,SAAOA,EAAQ,IAAIvC,CAAc,EAAE,KAAA;AACrC;AAkBO,SAASwC,EAA2BC,GAAgC;AACzE,EAAAb,EAAA;AACA,QAAMxB,IAAWJ,EAAeyC,CAAc;AAC9C,MAAI,CAAC,oBAAoB,KAAKrC,CAAQ;AACpC,UAAM,IAAI;AAAA,MACR;AAAA,IAAA;AAGJ,QAAM,EAAE,QAAAsC,EAAA,IAAWb,EAAS,KAAK;AAAA,IAC/B,gBAAgBC,EAAO,KAAK1B,GAAU,KAAK;AAAA,EAAA,CAC5C;AACD,MAAI,CAACsC;AACH,UAAM,IAAI,MAAM,2CAA2C;AAE7D,SAAO,KAAKA,EAAO,SAAS,KAAK,CAAC;AACpC;AAUO,SAASC,EACd5B,GACAkB,GACQ;AACR,QAAM7B,IAAWJ,EAAee,CAAY;AAC5C,MAAIX,EAAS,WAAW;AACtB,UAAM,IAAI;AAAA,MACR,sEAAsEA,EAAS,MAAM;AAAA,IAAA;AAGzF,QAAM,EAAE,SAAAiC,EAAA,IAAYR,EAAS,OAAO;AAAA,IAClC,QAAQC,EAAO,KAAK3B,EAAgBC,CAAQ,CAAC;AAAA,IAC7C,SAAS4B,EAAWC,CAAO;AAAA,EAAA,CAC5B;AACD,MAAI,CAACI;AACH,UAAM,IAAI;AAAA,MACR;AAAA,IAAA;AAGJ,SAAOA;AACT;AAoBO,SAASO,EACdP,GACAtB,GACAkB,GACS;AACT,QAAM7B,IAAWJ,EAAee,CAAY;AAG5C,MAAI;AACF,QAAIsB,MAAYF,EAAqB/B,GAAU6B,CAAO;AACpD,aAAO;AAAA,EAEX,QAAQ;AAAA,EAER;AAIA,MAAI7B,EAAS,WAAWP;AACtB,QAAI;AACF,UAAIwC,MAAYM,EAA0BvC,GAAU6B,CAAO;AACzD,eAAO;AAAA,IAEX,QAAQ;AAAA,IAER;AAGF,SAAO;AACT;"}
1
+ {"version":3,"file":"bitcoin-B5aNKtsk.js","sources":["../src/tbv/core/primitives/utils/bitcoin.ts"],"sourcesContent":["/**\n * Bitcoin Utilities\n *\n * Common pure utility functions for Bitcoin operations including:\n * - Public key conversions (x-only format)\n * - Hex string manipulation\n * - Uint8Array conversions and validation\n * - Address derivation and validation\n *\n * All functions are pure (no side effects) and work in Node.js, browsers,\n * and serverless environments.\n *\n * @module primitives/utils/bitcoin\n */\n\nimport { Buffer } from \"buffer\";\nimport { networks, payments } from \"bitcoinjs-lib\";\n\nimport type { Network } from \"@babylonlabs-io/babylon-tbv-rust-wasm\";\nimport type { Hex } from \"viem\";\n\n/**\n * BIP-341 Tapscript leaf version for script-path spends.\n * @see https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki\n * @see Rust: bitcoin::taproot::LeafVersion::TapScript\n */\nexport const TAPSCRIPT_LEAF_VERSION = 0xc0;\n\n/**\n * Hex-string length of a 32-byte BIP-340 x-only public key (taproot,\n * Schnorr). Doubles the byte count: `2 * 32 = 64`.\n */\nexport const X_ONLY_PUBKEY_HEX_LEN = 64;\n\n/**\n * Hex-string length of a 33-byte SEC1-compressed secp256k1 public key\n * (`0x02` or `0x03` prefix + 32-byte x-coordinate). `2 * 33 = 66`.\n */\nexport const COMPRESSED_PUBKEY_HEX_LEN = 66;\n\n/**\n * Hex-string length of a 65-byte SEC1-uncompressed secp256k1 public\n * key (`0x04` prefix + 32-byte x + 32-byte y). `2 * 65 = 130`.\n */\nconst UNCOMPRESSED_PUBKEY_HEX_LEN = 130;\n\n/**\n * Hex-string length of a 64-byte BIP-340 Schnorr signature. `2 * 64 = 128`.\n */\nexport const SCHNORR_SIG_HEX_LEN = 128;\n\n/**\n * Strip \"0x\" prefix from hex string if present.\n *\n * Bitcoin expects plain hex (no \"0x\" prefix), but frontend often uses\n * Ethereum-style \"0x\"-prefixed hex.\n *\n * @param hex - Hex string with or without \"0x\" prefix\n * @returns Hex string without \"0x\" prefix\n */\nexport function stripHexPrefix(hex: string): string {\n return hex.startsWith(\"0x\") || hex.startsWith(\"0X\") ? hex.slice(2) : hex;\n}\n\n/**\n * Ensure \"0x\" prefix on a hex string, returning viem's Hex type.\n *\n * Ethereum/viem APIs expect `0x`-prefixed hex, but Bitcoin tooling\n * typically omits the prefix. This normalises either form.\n *\n * @param hex - Hex string with or without \"0x\" prefix\n * @returns `0x`-prefixed hex string typed as viem Hex\n */\nexport function ensureHexPrefix(hex: string): Hex {\n if (hex.startsWith(\"0x\")) return hex as Hex;\n if (hex.startsWith(\"0X\")) return `0x${hex.slice(2)}` as Hex;\n return `0x${hex}` as Hex;\n}\n\n/**\n * Convert hex string to Uint8Array.\n *\n * @param hex - Hex string (with or without 0x prefix)\n * @returns Uint8Array\n * @throws If hex is invalid\n */\nexport function hexToUint8Array(hex: string): Uint8Array {\n const cleanHex = stripHexPrefix(hex);\n if (!isValidHexRaw(cleanHex)) {\n throw new Error(`Invalid hex string: ${hex}`);\n }\n const bytes = new Uint8Array(cleanHex.length / 2);\n for (let i = 0; i < cleanHex.length; i += 2) {\n bytes[i / 2] = parseInt(cleanHex.slice(i, i + 2), 16);\n }\n return bytes;\n}\n\n/**\n * Convert Uint8Array to hex string (without 0x prefix).\n *\n * @param bytes - Uint8Array to convert\n * @returns Hex string without 0x prefix\n */\nexport function uint8ArrayToHex(bytes: Uint8Array): string {\n return Array.from(bytes)\n .map((b) => b.toString(16).padStart(2, \"0\"))\n .join(\"\");\n}\n\n/**\n * Read the prevout txid (big-endian hex) from a bitcoinjs-lib transaction input.\n *\n * bitcoinjs-lib stores `hash` in little-endian internal byte order; txids are\n * displayed in big-endian, so the bytes must be reversed before hex-encoding.\n *\n * @param input - Transaction input with a `hash` field (Buffer or Uint8Array)\n * @returns Prevout txid as a hex string (big-endian, no 0x prefix)\n */\nexport function inputTxidHex(input: {\n hash: Buffer | Uint8Array;\n}): string {\n return uint8ArrayToHex(new Uint8Array(input.hash).slice().reverse());\n}\n\n/**\n * Convert a 33-byte public key to 32-byte x-only format (removes first byte).\n *\n * Used for Taproot/Schnorr signatures which only need the x-coordinate.\n * If the input is already 32 bytes, returns it unchanged.\n *\n * @param pubKey - 33-byte or 32-byte public key\n * @returns 32-byte x-only public key\n */\nexport function toXOnly(pubKey: Uint8Array): Uint8Array {\n return pubKey.length === 32 ? pubKey : pubKey.slice(1, 33);\n}\n\n/**\n * Internal helper: Validate hex string format without stripping prefix\n *\n * @internal\n * @param hex - Hex string (must already have prefix stripped)\n * @returns true if valid hex string\n */\nfunction isValidHexRaw(hex: string): boolean {\n return /^[0-9a-fA-F]*$/.test(hex) && hex.length % 2 === 0;\n}\n\n/**\n * Process and convert a public key to x-only format (32 bytes hex).\n *\n * Handles:\n * - 0x prefix removal\n * - Hex character validation\n * - Length validation\n * - Conversion to x-only format\n *\n * Accepts:\n * - 64 hex chars (32 bytes) - already x-only\n * - 66 hex chars (33 bytes) - compressed pubkey\n * - 130 hex chars (65 bytes) - uncompressed pubkey\n *\n * @param publicKeyHex - Public key in hex format (with or without 0x prefix)\n * @returns X-only public key as 32 bytes hex string (without 0x prefix)\n * @throws If public key format is invalid or contains invalid hex characters\n */\nexport function processPublicKeyToXOnly(publicKeyHex: string): string {\n // Remove '0x' prefix if present\n const cleanHex = stripHexPrefix(publicKeyHex);\n\n // Validate hex characters early to prevent silent failures\n if (!isValidHexRaw(cleanHex)) {\n throw new Error(`Invalid hex characters in public key: ${publicKeyHex}`);\n }\n\n // If already 64 chars (32 bytes), it's already x-only format\n if (cleanHex.length === X_ONLY_PUBKEY_HEX_LEN) {\n return cleanHex;\n }\n\n // Validate public key length (compressed SEC1 or uncompressed SEC1)\n if (\n cleanHex.length !== COMPRESSED_PUBKEY_HEX_LEN &&\n cleanHex.length !== UNCOMPRESSED_PUBKEY_HEX_LEN\n ) {\n throw new Error(\n `Invalid public key length: ${cleanHex.length} (expected ${X_ONLY_PUBKEY_HEX_LEN}, ${COMPRESSED_PUBKEY_HEX_LEN}, or ${UNCOMPRESSED_PUBKEY_HEX_LEN} hex chars)`,\n );\n }\n\n const pubkeyBytes = hexToUint8Array(cleanHex);\n return uint8ArrayToHex(toXOnly(pubkeyBytes));\n}\n\n/**\n * Validate hex string format.\n *\n * Checks that the string contains only valid hexadecimal characters (0-9, a-f, A-F)\n * and has an even length (since each byte is represented by 2 hex characters).\n *\n * @param hex - String to validate (with or without 0x prefix)\n * @returns true if valid hex string\n */\nexport function isValidHex(hex: string): boolean {\n const cleanHex = stripHexPrefix(hex);\n return isValidHexRaw(cleanHex);\n}\n\n/**\n * Result of validating a wallet public key against an expected depositor public key.\n */\nexport interface WalletPubkeyValidationResult {\n /** Wallet's raw public key (as returned by wallet, may be compressed) */\n walletPubkeyRaw: string;\n /** Wallet's public key in x-only format (32 bytes, 64 hex chars) */\n walletPubkeyXOnly: string;\n /** The validated depositor public key (x-only format) */\n depositorPubkey: string;\n}\n\n/**\n * Validate that a wallet's public key matches the expected depositor public key.\n *\n * This function:\n * 1. Converts the wallet pubkey to x-only format\n * 2. Validates the wallet x-only pubkey matches the expected depositor pubkey\n * (case-insensitive)\n *\n * @param walletPubkeyRaw - Raw public key from wallet (may be compressed 66 chars or x-only 64 chars)\n * @param expectedDepositorPubkey - Expected depositor public key (x-only).\n * Required: omitting it would degrade this check to a self-comparison.\n * @returns Validation result with both pubkey formats\n * @throws If `expectedDepositorPubkey` is missing/empty\n * @throws If wallet pubkey doesn't match expected depositor pubkey\n */\nexport function validateWalletPubkey(\n walletPubkeyRaw: string,\n expectedDepositorPubkey: string,\n): WalletPubkeyValidationResult {\n if (!expectedDepositorPubkey) {\n throw new Error(\n \"validateWalletPubkey requires expectedDepositorPubkey. Pass the on-chain registered depositor pubkey to avoid a self-comparison.\",\n );\n }\n\n const walletPubkeyXOnly = processPublicKeyToXOnly(walletPubkeyRaw);\n const depositorPubkey = expectedDepositorPubkey;\n\n if (walletPubkeyXOnly.toLowerCase() !== depositorPubkey.toLowerCase()) {\n throw new Error(\n `Wallet public key does not match vault depositor. ` +\n `Expected: ${depositorPubkey}, Got: ${walletPubkeyXOnly}. ` +\n `Please connect the wallet that was used to create this vault.`\n );\n }\n\n return { walletPubkeyRaw, walletPubkeyXOnly, depositorPubkey };\n}\n\n// ============================================================================\n// BTC formatting\n// ============================================================================\n\nconst SATOSHIS_PER_BTC = 100_000_000n;\n\n/**\n * Format satoshis as a human-readable BTC string with trailing zeros removed.\n */\nexport function formatSatoshisToBtc(satoshis: bigint): string {\n if (satoshis < 0n) {\n return `-${formatSatoshisToBtc(-satoshis)}`;\n }\n const whole = satoshis / SATOSHIS_PER_BTC;\n const fraction = satoshis % SATOSHIS_PER_BTC;\n let fractionStr = fraction.toString().padStart(8, \"0\");\n fractionStr = fractionStr.replace(/0+$/, \"\");\n return fractionStr.length > 0 ? `${whole}.${fractionStr}` : whole.toString();\n}\n\n// ============================================================================\n// Address derivation and validation\n// ============================================================================\n\n/**\n * Assert that the ECC library has been initialized via `initEccLib(ecc)`.\n *\n * The consuming application must call `initEccLib(ecc)` from `bitcoinjs-lib`\n * once at startup before using any SDK function that involves Taproot / P2TR\n * operations. This guard provides a clear error message when that step was\n * missed, instead of letting bitcoinjs-lib throw its generic\n * \"No ECC Library provided\" error deep in a call stack.\n */\nfunction assertEccInitialized(): void {\n try {\n payments.p2tr({ internalPubkey: Buffer.alloc(32, 1) });\n } catch (e) {\n if (e instanceof Error && e.message.includes(\"No ECC Library provided\")) {\n throw new Error(\n \"ECC library not initialized. \" +\n 'You must call initEccLib(ecc) from \"bitcoinjs-lib\" before using the SDK. ' +\n \"See the ts-sdk README for setup instructions.\",\n );\n }\n // Any other error means ECC is loaded (e.g. invalid key is fine — ECC worked).\n }\n}\n\n/**\n * Map SDK network type to bitcoinjs-lib Network object.\n *\n * @param network - Network type (\"bitcoin\", \"testnet\", \"signet\", \"regtest\")\n * @returns bitcoinjs-lib Network object\n */\nexport function getNetwork(network: Network): networks.Network {\n switch (network) {\n case \"bitcoin\":\n return networks.bitcoin;\n case \"testnet\":\n case \"signet\":\n return networks.testnet;\n case \"regtest\":\n return networks.regtest;\n default:\n throw new Error(`Unknown network: ${network}`);\n }\n}\n\n/**\n * Derive a Taproot (P2TR) address from a public key.\n *\n * @param publicKeyHex - Compressed (66 hex) or x-only (64 hex) public key\n * @param network - Bitcoin network\n * @returns Taproot address (bc1p... / tb1p... / bcrt1p...)\n */\nexport function deriveTaprootAddress(\n publicKeyHex: string,\n network: Network,\n): string {\n assertEccInitialized();\n const xOnly = hexToUint8Array(processPublicKeyToXOnly(publicKeyHex));\n const { address } = payments.p2tr({\n internalPubkey: Buffer.from(xOnly),\n network: getNetwork(network),\n });\n if (!address) {\n throw new Error(\"Failed to derive taproot address from public key\");\n }\n return address;\n}\n\n/**\n * Strip `0x` prefixes and lex-sort an array of x-only public keys.\n *\n * Used to produce the canonical (Rust-parity) keeper / challenger ordering\n * the protocol expects in payout and refund signing contexts.\n *\n * @param pubkeys - Array of x-only public keys (with or without `0x` prefix)\n * @returns Lex-sorted array of pubkeys with `0x` prefix stripped\n */\nexport function getSortedXOnlyPubkeys(pubkeys: string[]): string[] {\n return pubkeys.map(stripHexPrefix).sort();\n}\n\n/**\n * Derive the BIP-86 P2TR scriptPubKey (`0x`-prefixed hex) from an x-only\n * public key.\n *\n * Matches Rust `Bip86KeyConnector::generate_taproot_script_pubkey`: a\n * keypath-only P2TR output with no script tree. Used to compute the expected\n * payout address for vault keeper claimers, whose payout goes to their own\n * BIP-86 address rather than the depositor's registered payout address.\n *\n * Network-agnostic: P2TR scriptPubKey bytes are `OP_1 <32-byte tweaked-key>`\n * regardless of network.\n *\n * @param xOnlyPubkeyHex - X-only public key (64 hex chars, with or without `0x` prefix)\n * @returns `0x`-prefixed P2TR scriptPubKey hex\n * @throws If `xOnlyPubkeyHex` is not exactly 64 hex chars after prefix stripping\n */\nexport function deriveBip86ScriptPubKeyHex(xOnlyPubkeyHex: string): string {\n assertEccInitialized();\n const cleanHex = stripHexPrefix(xOnlyPubkeyHex);\n if (!/^[0-9a-fA-F]{64}$/.test(cleanHex)) {\n throw new Error(\n \"Invalid x-only pubkey: must be 64 hex characters (32 bytes, no 0x prefix)\",\n );\n }\n const { output } = payments.p2tr({\n internalPubkey: Buffer.from(cleanHex, \"hex\"),\n });\n if (!output) {\n throw new Error(\"Failed to derive BIP-86 P2TR scriptPubKey\");\n }\n return `0x${output.toString(\"hex\")}`;\n}\n\n/**\n * Derive a Native SegWit (P2WPKH) address from a compressed public key.\n *\n * @param publicKeyHex - Compressed public key (66 hex chars, with or without 0x prefix)\n * @param network - Bitcoin network\n * @returns Native SegWit address (bc1q... / tb1q... / bcrt1q...)\n * @throws If publicKeyHex is not a compressed public key (66 hex chars)\n */\nexport function deriveNativeSegwitAddress(\n publicKeyHex: string,\n network: Network,\n): string {\n const cleanHex = stripHexPrefix(publicKeyHex);\n if (cleanHex.length !== 66) {\n throw new Error(\n `Native SegWit requires a compressed public key (66 hex chars), got ${cleanHex.length}`,\n );\n }\n const { address } = payments.p2wpkh({\n pubkey: Buffer.from(hexToUint8Array(cleanHex)),\n network: getNetwork(network),\n });\n if (!address) {\n throw new Error(\n \"Failed to derive native segwit address from public key\",\n );\n }\n return address;\n}\n\n/**\n * Validate that a BTC address was derived from the given public key.\n *\n * Derives Taproot (P2TR) and Native SegWit (P2WPKH) addresses from the\n * public key and checks if the provided address matches any of them.\n *\n * P2WPKH derivation requires the full compressed key with explicit y-parity.\n * When only an x-only key is supplied, the y-parity is unknown and trying\n * both `02|x` and `03|x` would let an opposite-parity P2WPKH address — a\n * script the caller does NOT control — pass validation. We fail closed for\n * P2WPKH in that case; P2TR (which depends only on the x-coordinate) is\n * still validated and remains the supported path for Taproot wallets.\n *\n * @param address - BTC address to validate\n * @param publicKeyHex - Public key from the wallet (x-only 64 or compressed 66 hex chars)\n * @param network - Bitcoin network\n * @returns true if the address matches the public key\n */\nexport function isAddressFromPublicKey(\n address: string,\n publicKeyHex: string,\n network: Network,\n): boolean {\n const cleanHex = stripHexPrefix(publicKeyHex);\n\n // P2TR — works with both x-only and compressed keys\n try {\n if (address === deriveTaprootAddress(cleanHex, network)) {\n return true;\n }\n } catch {\n // derivation failed, continue\n }\n\n // P2WPKH — only attempt when the caller supplied a parity-bearing\n // compressed key. An x-only input is fail-closed here on purpose.\n if (cleanHex.length === COMPRESSED_PUBKEY_HEX_LEN) {\n try {\n if (address === deriveNativeSegwitAddress(cleanHex, network)) {\n return true;\n }\n } catch {\n // derivation failed, continue\n }\n }\n\n return false;\n}\n"],"names":["TAPSCRIPT_LEAF_VERSION","X_ONLY_PUBKEY_HEX_LEN","COMPRESSED_PUBKEY_HEX_LEN","UNCOMPRESSED_PUBKEY_HEX_LEN","SCHNORR_SIG_HEX_LEN","stripHexPrefix","hex","ensureHexPrefix","hexToUint8Array","cleanHex","isValidHexRaw","bytes","i","uint8ArrayToHex","b","inputTxidHex","input","toXOnly","pubKey","processPublicKeyToXOnly","publicKeyHex","pubkeyBytes","isValidHex","validateWalletPubkey","walletPubkeyRaw","expectedDepositorPubkey","walletPubkeyXOnly","depositorPubkey","SATOSHIS_PER_BTC","formatSatoshisToBtc","satoshis","whole","fractionStr","assertEccInitialized","payments","Buffer","e","getNetwork","network","networks","deriveTaprootAddress","xOnly","address","getSortedXOnlyPubkeys","pubkeys","deriveBip86ScriptPubKeyHex","xOnlyPubkeyHex","output","deriveNativeSegwitAddress","isAddressFromPublicKey"],"mappings":";;AA0BO,MAAMA,IAAyB,KAMzBC,IAAwB,IAMxBC,IAA4B,IAMnCC,IAA8B,KAKvBC,IAAsB;AAW5B,SAASC,EAAeC,GAAqB;AAClD,SAAOA,EAAI,WAAW,IAAI,KAAKA,EAAI,WAAW,IAAI,IAAIA,EAAI,MAAM,CAAC,IAAIA;AACvE;AAWO,SAASC,EAAgBD,GAAkB;AAChD,SAAIA,EAAI,WAAW,IAAI,IAAUA,IAC7BA,EAAI,WAAW,IAAI,IAAU,KAAKA,EAAI,MAAM,CAAC,CAAC,KAC3C,KAAKA,CAAG;AACjB;AASO,SAASE,EAAgBF,GAAyB;AACvD,QAAMG,IAAWJ,EAAeC,CAAG;AACnC,MAAI,CAACI,EAAcD,CAAQ;AACzB,UAAM,IAAI,MAAM,uBAAuBH,CAAG,EAAE;AAE9C,QAAMK,IAAQ,IAAI,WAAWF,EAAS,SAAS,CAAC;AAChD,WAASG,IAAI,GAAGA,IAAIH,EAAS,QAAQG,KAAK;AACxC,IAAAD,EAAMC,IAAI,CAAC,IAAI,SAASH,EAAS,MAAMG,GAAGA,IAAI,CAAC,GAAG,EAAE;AAEtD,SAAOD;AACT;AAQO,SAASE,EAAgBF,GAA2B;AACzD,SAAO,MAAM,KAAKA,CAAK,EACpB,IAAI,CAACG,MAAMA,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAC1C,KAAK,EAAE;AACZ;AAWO,SAASC,EAAaC,GAElB;AACT,SAAOH,EAAgB,IAAI,WAAWG,EAAM,IAAI,EAAE,MAAA,EAAQ,SAAS;AACrE;AAWO,SAASC,EAAQC,GAAgC;AACtD,SAAOA,EAAO,WAAW,KAAKA,IAASA,EAAO,MAAM,GAAG,EAAE;AAC3D;AASA,SAASR,EAAcJ,GAAsB;AAC3C,SAAO,iBAAiB,KAAKA,CAAG,KAAKA,EAAI,SAAS,MAAM;AAC1D;AAoBO,SAASa,EAAwBC,GAA8B;AAEpE,QAAMX,IAAWJ,EAAee,CAAY;AAG5C,MAAI,CAACV,EAAcD,CAAQ;AACzB,UAAM,IAAI,MAAM,yCAAyCW,CAAY,EAAE;AAIzE,MAAIX,EAAS,WAAWR;AACtB,WAAOQ;AAIT,MACEA,EAAS,WAAWP,KACpBO,EAAS,WAAWN;AAEpB,UAAM,IAAI;AAAA,MACR,8BAA8BM,EAAS,MAAM,cAAcR,CAAqB,KAAKC,CAAyB,QAAQC,CAA2B;AAAA,IAAA;AAIrJ,QAAMkB,IAAcb,EAAgBC,CAAQ;AAC5C,SAAOI,EAAgBI,EAAQI,CAAW,CAAC;AAC7C;AAWO,SAASC,EAAWhB,GAAsB;AAC/C,QAAMG,IAAWJ,EAAeC,CAAG;AACnC,SAAOI,EAAcD,CAAQ;AAC/B;AA6BO,SAASc,EACdC,GACAC,GAC8B;AAC9B,MAAI,CAACA;AACH,UAAM,IAAI;AAAA,MACR;AAAA,IAAA;AAIJ,QAAMC,IAAoBP,EAAwBK,CAAe,GAC3DG,IAAkBF;AAExB,MAAIC,EAAkB,YAAA,MAAkBC,EAAgB;AACtD,UAAM,IAAI;AAAA,MACR,+DACaA,CAAe,UAAUD,CAAiB;AAAA,IAAA;AAK3D,SAAO,EAAE,iBAAAF,GAAiB,mBAAAE,GAAmB,iBAAAC,EAAA;AAC/C;AAMA,MAAMC,IAAmB;AAKlB,SAASC,EAAoBC,GAA0B;AAC5D,MAAIA,IAAW;AACb,WAAO,IAAID,EAAoB,CAACC,CAAQ,CAAC;AAE3C,QAAMC,IAAQD,IAAWF;AAEzB,MAAII,KADaF,IAAWF,GACD,SAAA,EAAW,SAAS,GAAG,GAAG;AACrD,SAAAI,IAAcA,EAAY,QAAQ,OAAO,EAAE,GACpCA,EAAY,SAAS,IAAI,GAAGD,CAAK,IAAIC,CAAW,KAAKD,EAAM,SAAA;AACpE;AAeA,SAASE,IAA6B;AACpC,MAAI;AACF,IAAAC,EAAS,KAAK,EAAE,gBAAgBC,EAAO,MAAM,IAAI,CAAC,GAAG;AAAA,EACvD,SAASC,GAAG;AACV,QAAIA,aAAa,SAASA,EAAE,QAAQ,SAAS,yBAAyB;AACpE,YAAM,IAAI;AAAA,QACR;AAAA,MAAA;AAAA,EAMN;AACF;AAQO,SAASC,EAAWC,GAAoC;AAC7D,UAAQA,GAAA;AAAA,IACN,KAAK;AACH,aAAOC,EAAS;AAAA,IAClB,KAAK;AAAA,IACL,KAAK;AACH,aAAOA,EAAS;AAAA,IAClB,KAAK;AACH,aAAOA,EAAS;AAAA,IAClB;AACE,YAAM,IAAI,MAAM,oBAAoBD,CAAO,EAAE;AAAA,EAAA;AAEnD;AASO,SAASE,EACdpB,GACAkB,GACQ;AACR,EAAAL,EAAA;AACA,QAAMQ,IAAQjC,EAAgBW,EAAwBC,CAAY,CAAC,GAC7D,EAAE,SAAAsB,EAAA,IAAYR,EAAS,KAAK;AAAA,IAChC,gBAAgBC,EAAO,KAAKM,CAAK;AAAA,IACjC,SAASJ,EAAWC,CAAO;AAAA,EAAA,CAC5B;AACD,MAAI,CAACI;AACH,UAAM,IAAI,MAAM,kDAAkD;AAEpE,SAAOA;AACT;AAWO,SAASC,EAAsBC,GAA6B;AACjE,SAAOA,EAAQ,IAAIvC,CAAc,EAAE,KAAA;AACrC;AAkBO,SAASwC,EAA2BC,GAAgC;AACzE,EAAAb,EAAA;AACA,QAAMxB,IAAWJ,EAAeyC,CAAc;AAC9C,MAAI,CAAC,oBAAoB,KAAKrC,CAAQ;AACpC,UAAM,IAAI;AAAA,MACR;AAAA,IAAA;AAGJ,QAAM,EAAE,QAAAsC,EAAA,IAAWb,EAAS,KAAK;AAAA,IAC/B,gBAAgBC,EAAO,KAAK1B,GAAU,KAAK;AAAA,EAAA,CAC5C;AACD,MAAI,CAACsC;AACH,UAAM,IAAI,MAAM,2CAA2C;AAE7D,SAAO,KAAKA,EAAO,SAAS,KAAK,CAAC;AACpC;AAUO,SAASC,EACd5B,GACAkB,GACQ;AACR,QAAM7B,IAAWJ,EAAee,CAAY;AAC5C,MAAIX,EAAS,WAAW;AACtB,UAAM,IAAI;AAAA,MACR,sEAAsEA,EAAS,MAAM;AAAA,IAAA;AAGzF,QAAM,EAAE,SAAAiC,EAAA,IAAYR,EAAS,OAAO;AAAA,IAClC,QAAQC,EAAO,KAAK3B,EAAgBC,CAAQ,CAAC;AAAA,IAC7C,SAAS4B,EAAWC,CAAO;AAAA,EAAA,CAC5B;AACD,MAAI,CAACI;AACH,UAAM,IAAI;AAAA,MACR;AAAA,IAAA;AAGJ,SAAOA;AACT;AAoBO,SAASO,EACdP,GACAtB,GACAkB,GACS;AACT,QAAM7B,IAAWJ,EAAee,CAAY;AAG5C,MAAI;AACF,QAAIsB,MAAYF,EAAqB/B,GAAU6B,CAAO;AACpD,aAAO;AAAA,EAEX,QAAQ;AAAA,EAER;AAIA,MAAI7B,EAAS,WAAWP;AACtB,QAAI;AACF,UAAIwC,MAAYM,EAA0BvC,GAAU6B,CAAO;AACzD,eAAO;AAAA,IAEX,QAAQ;AAAA,IAER;AAGF,SAAO;AACT;"}
package/dist/bitcoin-CHfKAhcI.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"bitcoin-CHfKAhcI.cjs","sources":["../src/tbv/core/primitives/utils/bitcoin.ts"],"sourcesContent":["/**\n * Bitcoin Utilities\n *\n * Common pure utility functions for Bitcoin operations including:\n * - Public key conversions (x-only format)\n * - Hex string manipulation\n * - Uint8Array conversions and validation\n * - Address derivation and validation\n *\n * All functions are pure (no side effects) and work in Node.js, browsers,\n * and serverless environments.\n *\n * @module primitives/utils/bitcoin\n */\n\nimport { Buffer } from \"buffer\";\nimport { networks, payments } from \"bitcoinjs-lib\";\n\nimport type { Network } from \"@babylonlabs-io/babylon-tbv-rust-wasm\";\nimport type { Hex } from \"viem\";\n\n/**\n * BIP-341 Tapscript leaf version for script-path spends.\n * @see https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki\n * @see Rust: bitcoin::taproot::LeafVersion::TapScript\n */\nexport const TAPSCRIPT_LEAF_VERSION = 0xc0;\n\n/**\n * Hex-string length of a 32-byte BIP-340 x-only public key (taproot,\n * Schnorr). Doubles the byte count: `2 * 32 = 64`.\n */\nexport const X_ONLY_PUBKEY_HEX_LEN = 64;\n\n/**\n * Hex-string length of a 33-byte SEC1-compressed secp256k1 public key\n * (`0x02` or `0x03` prefix + 32-byte x-coordinate). `2 * 33 = 66`.\n */\nexport const COMPRESSED_PUBKEY_HEX_LEN = 66;\n\n/**\n * Hex-string length of a 65-byte SEC1-uncompressed secp256k1 public\n * key (`0x04` prefix + 32-byte x + 32-byte y). `2 * 65 = 130`.\n */\nexport const UNCOMPRESSED_PUBKEY_HEX_LEN = 130;\n\n/**\n * Hex-string length of a 64-byte BIP-340 Schnorr signature. `2 * 64 = 128`.\n */\nexport const SCHNORR_SIG_HEX_LEN = 128;\n\n/**\n * Strip \"0x\" prefix from hex string if present.\n *\n * Bitcoin expects plain hex (no \"0x\" prefix), but frontend often uses\n * Ethereum-style \"0x\"-prefixed hex.\n *\n * @param hex - Hex string with or without \"0x\" prefix\n * @returns Hex string without \"0x\" prefix\n */\nexport function stripHexPrefix(hex: string): string {\n return hex.startsWith(\"0x\") || hex.startsWith(\"0X\") ? hex.slice(2) : hex;\n}\n\n/**\n * Ensure \"0x\" prefix on a hex string, returning viem's Hex type.\n *\n * Ethereum/viem APIs expect `0x`-prefixed hex, but Bitcoin tooling\n * typically omits the prefix. This normalises either form.\n *\n * @param hex - Hex string with or without \"0x\" prefix\n * @returns `0x`-prefixed hex string typed as viem Hex\n */\nexport function ensureHexPrefix(hex: string): Hex {\n if (hex.startsWith(\"0x\")) return hex as Hex;\n if (hex.startsWith(\"0X\")) return `0x${hex.slice(2)}` as Hex;\n return `0x${hex}` as Hex;\n}\n\n/**\n * Convert hex string to Uint8Array.\n *\n * @param hex - Hex string (with or without 0x prefix)\n * @returns Uint8Array\n * @throws If hex is invalid\n */\nexport function hexToUint8Array(hex: string): Uint8Array {\n const cleanHex = stripHexPrefix(hex);\n if (!isValidHexRaw(cleanHex)) {\n throw new Error(`Invalid hex string: ${hex}`);\n }\n const bytes = new Uint8Array(cleanHex.length / 2);\n for (let i = 0; i < cleanHex.length; i += 2) {\n bytes[i / 2] = parseInt(cleanHex.slice(i, i + 2), 16);\n }\n return bytes;\n}\n\n/**\n * Convert Uint8Array to hex string (without 0x prefix).\n *\n * @param bytes - Uint8Array to convert\n * @returns Hex string without 0x prefix\n */\nexport function uint8ArrayToHex(bytes: Uint8Array): string {\n return Array.from(bytes)\n .map((b) => b.toString(16).padStart(2, \"0\"))\n .join(\"\");\n}\n\n/**\n * Read the prevout txid (big-endian hex) from a bitcoinjs-lib transaction input.\n *\n * bitcoinjs-lib stores `hash` in little-endian internal byte order; txids are\n * displayed in big-endian, so the bytes must be reversed before hex-encoding.\n *\n * @param input - Transaction input with a `hash` field (Buffer or Uint8Array)\n * @returns Prevout txid as a hex string (big-endian, no 0x prefix)\n */\nexport function inputTxidHex(input: {\n hash: Buffer | Uint8Array;\n}): string {\n return uint8ArrayToHex(new Uint8Array(input.hash).slice().reverse());\n}\n\n/**\n * Convert a 33-byte public key to 32-byte x-only format (removes first byte).\n *\n * Used for Taproot/Schnorr signatures which only need the x-coordinate.\n * If the input is already 32 bytes, returns it unchanged.\n *\n * @param pubKey - 33-byte or 32-byte public key\n * @returns 32-byte x-only public key\n */\nexport function toXOnly(pubKey: Uint8Array): Uint8Array {\n return pubKey.length === 32 ? pubKey : pubKey.slice(1, 33);\n}\n\n/**\n * Internal helper: Validate hex string format without stripping prefix\n *\n * @internal\n * @param hex - Hex string (must already have prefix stripped)\n * @returns true if valid hex string\n */\nfunction isValidHexRaw(hex: string): boolean {\n return /^[0-9a-fA-F]*$/.test(hex) && hex.length % 2 === 0;\n}\n\n/**\n * Process and convert a public key to x-only format (32 bytes hex).\n *\n * Handles:\n * - 0x prefix removal\n * - Hex character validation\n * - Length validation\n * - Conversion to x-only format\n *\n * Accepts:\n * - 64 hex chars (32 bytes) - already x-only\n * - 66 hex chars (33 bytes) - compressed pubkey\n * - 130 hex chars (65 bytes) - uncompressed pubkey\n *\n * @param publicKeyHex - Public key in hex format (with or without 0x prefix)\n * @returns X-only public key as 32 bytes hex string (without 0x prefix)\n * @throws If public key format is invalid or contains invalid hex characters\n */\nexport function processPublicKeyToXOnly(publicKeyHex: string): string {\n // Remove '0x' prefix if present\n const cleanHex = stripHexPrefix(publicKeyHex);\n\n // Validate hex characters early to prevent silent failures\n if (!isValidHexRaw(cleanHex)) {\n throw new Error(`Invalid hex characters in public key: ${publicKeyHex}`);\n }\n\n // If already 64 chars (32 bytes), it's already x-only format\n if (cleanHex.length === X_ONLY_PUBKEY_HEX_LEN) {\n return cleanHex;\n }\n\n // Validate public key length (compressed SEC1 or uncompressed SEC1)\n if (\n cleanHex.length !== COMPRESSED_PUBKEY_HEX_LEN &&\n cleanHex.length !== UNCOMPRESSED_PUBKEY_HEX_LEN\n ) {\n throw new Error(\n `Invalid public key length: ${cleanHex.length} (expected ${X_ONLY_PUBKEY_HEX_LEN}, ${COMPRESSED_PUBKEY_HEX_LEN}, or ${UNCOMPRESSED_PUBKEY_HEX_LEN} hex chars)`,\n );\n }\n\n const pubkeyBytes = hexToUint8Array(cleanHex);\n return uint8ArrayToHex(toXOnly(pubkeyBytes));\n}\n\n/**\n * Validate hex string format.\n *\n * Checks that the string contains only valid hexadecimal characters (0-9, a-f, A-F)\n * and has an even length (since each byte is represented by 2 hex characters).\n *\n * @param hex - String to validate (with or without 0x prefix)\n * @returns true if valid hex string\n */\nexport function isValidHex(hex: string): boolean {\n const cleanHex = stripHexPrefix(hex);\n return isValidHexRaw(cleanHex);\n}\n\n/**\n * Result of validating a wallet public key against an expected depositor public key.\n */\nexport interface WalletPubkeyValidationResult {\n /** Wallet's raw public key (as returned by wallet, may be compressed) */\n walletPubkeyRaw: string;\n /** Wallet's public key in x-only format (32 bytes, 64 hex chars) */\n walletPubkeyXOnly: string;\n /** The validated depositor public key (x-only format) */\n depositorPubkey: string;\n}\n\n/**\n * Validate that a wallet's public key matches the expected depositor public key.\n *\n * This function:\n * 1. Converts the wallet pubkey to x-only format\n * 2. Validates the wallet x-only pubkey matches the expected depositor pubkey\n * (case-insensitive)\n *\n * @param walletPubkeyRaw - Raw public key from wallet (may be compressed 66 chars or x-only 64 chars)\n * @param expectedDepositorPubkey - Expected depositor public key (x-only).\n * Required: omitting it would degrade this check to a self-comparison.\n * @returns Validation result with both pubkey formats\n * @throws If `expectedDepositorPubkey` is missing/empty\n * @throws If wallet pubkey doesn't match expected depositor pubkey\n */\nexport function validateWalletPubkey(\n walletPubkeyRaw: string,\n expectedDepositorPubkey: string,\n): WalletPubkeyValidationResult {\n if (!expectedDepositorPubkey) {\n throw new Error(\n \"validateWalletPubkey requires expectedDepositorPubkey. Pass the on-chain registered depositor pubkey to avoid a self-comparison.\",\n );\n }\n\n const walletPubkeyXOnly = processPublicKeyToXOnly(walletPubkeyRaw);\n const depositorPubkey = expectedDepositorPubkey;\n\n if (walletPubkeyXOnly.toLowerCase() !== depositorPubkey.toLowerCase()) {\n throw new Error(\n `Wallet public key does not match vault depositor. ` +\n `Expected: ${depositorPubkey}, Got: ${walletPubkeyXOnly}. ` +\n `Please connect the wallet that was used to create this vault.`\n );\n }\n\n return { walletPubkeyRaw, walletPubkeyXOnly, depositorPubkey };\n}\n\n// ============================================================================\n// BTC formatting\n// ============================================================================\n\nconst SATOSHIS_PER_BTC = 100_000_000n;\n\n/**\n * Format satoshis as a human-readable BTC string with trailing zeros removed.\n */\nexport function formatSatoshisToBtc(satoshis: bigint): string {\n if (satoshis < 0n) {\n return `-${formatSatoshisToBtc(-satoshis)}`;\n }\n const whole = satoshis / SATOSHIS_PER_BTC;\n const fraction = satoshis % SATOSHIS_PER_BTC;\n let fractionStr = fraction.toString().padStart(8, \"0\");\n fractionStr = fractionStr.replace(/0+$/, \"\");\n return fractionStr.length > 0 ? `${whole}.${fractionStr}` : whole.toString();\n}\n\n// ============================================================================\n// Address derivation and validation\n// ============================================================================\n\n/**\n * Assert that the ECC library has been initialized via `initEccLib(ecc)`.\n *\n * The consuming application must call `initEccLib(ecc)` from `bitcoinjs-lib`\n * once at startup before using any SDK function that involves Taproot / P2TR\n * operations. This guard provides a clear error message when that step was\n * missed, instead of letting bitcoinjs-lib throw its generic\n * \"No ECC Library provided\" error deep in a call stack.\n */\nfunction assertEccInitialized(): void {\n try {\n payments.p2tr({ internalPubkey: Buffer.alloc(32, 1) });\n } catch (e) {\n if (e instanceof Error && e.message.includes(\"No ECC Library provided\")) {\n throw new Error(\n \"ECC library not initialized. \" +\n 'You must call initEccLib(ecc) from \"bitcoinjs-lib\" before using the SDK. ' +\n \"See the ts-sdk README for setup instructions.\",\n );\n }\n // Any other error means ECC is loaded (e.g. invalid key is fine — ECC worked).\n }\n}\n\n/**\n * Map SDK network type to bitcoinjs-lib Network object.\n *\n * @param network - Network type (\"bitcoin\", \"testnet\", \"signet\", \"regtest\")\n * @returns bitcoinjs-lib Network object\n */\nexport function getNetwork(network: Network): networks.Network {\n switch (network) {\n case \"bitcoin\":\n return networks.bitcoin;\n case \"testnet\":\n case \"signet\":\n return networks.testnet;\n case \"regtest\":\n return networks.regtest;\n default:\n throw new Error(`Unknown network: ${network}`);\n }\n}\n\n/**\n * Derive a Taproot (P2TR) address from a public key.\n *\n * @param publicKeyHex - Compressed (66 hex) or x-only (64 hex) public key\n * @param network - Bitcoin network\n * @returns Taproot address (bc1p... / tb1p... / bcrt1p...)\n */\nexport function deriveTaprootAddress(\n publicKeyHex: string,\n network: Network,\n): string {\n assertEccInitialized();\n const xOnly = hexToUint8Array(processPublicKeyToXOnly(publicKeyHex));\n const { address } = payments.p2tr({\n internalPubkey: Buffer.from(xOnly),\n network: getNetwork(network),\n });\n if (!address) {\n throw new Error(\"Failed to derive taproot address from public key\");\n }\n return address;\n}\n\n/**\n * Strip `0x` prefixes and lex-sort an array of x-only public keys.\n *\n * Used to produce the canonical (Rust-parity) keeper / challenger ordering\n * the protocol expects in payout and refund signing contexts.\n *\n * @param pubkeys - Array of x-only public keys (with or without `0x` prefix)\n * @returns Lex-sorted array of pubkeys with `0x` prefix stripped\n */\nexport function getSortedXOnlyPubkeys(pubkeys: string[]): string[] {\n return pubkeys.map(stripHexPrefix).sort();\n}\n\n/**\n * Derive the BIP-86 P2TR scriptPubKey (`0x`-prefixed hex) from an x-only\n * public key.\n *\n * Matches Rust `Bip86KeyConnector::generate_taproot_script_pubkey`: a\n * keypath-only P2TR output with no script tree. Used to compute the expected\n * payout address for vault keeper claimers, whose payout goes to their own\n * BIP-86 address rather than the depositor's registered payout address.\n *\n * Network-agnostic: P2TR scriptPubKey bytes are `OP_1 <32-byte tweaked-key>`\n * regardless of network.\n *\n * @param xOnlyPubkeyHex - X-only public key (64 hex chars, with or without `0x` prefix)\n * @returns `0x`-prefixed P2TR scriptPubKey hex\n * @throws If `xOnlyPubkeyHex` is not exactly 64 hex chars after prefix stripping\n */\nexport function deriveBip86ScriptPubKeyHex(xOnlyPubkeyHex: string): string {\n assertEccInitialized();\n const cleanHex = stripHexPrefix(xOnlyPubkeyHex);\n if (!/^[0-9a-fA-F]{64}$/.test(cleanHex)) {\n throw new Error(\n \"Invalid x-only pubkey: must be 64 hex characters (32 bytes, no 0x prefix)\",\n );\n }\n const { output } = payments.p2tr({\n internalPubkey: Buffer.from(cleanHex, \"hex\"),\n });\n if (!output) {\n throw new Error(\"Failed to derive BIP-86 P2TR scriptPubKey\");\n }\n return `0x${output.toString(\"hex\")}`;\n}\n\n/**\n * Derive a Native SegWit (P2WPKH) address from a compressed public key.\n *\n * @param publicKeyHex - Compressed public key (66 hex chars, with or without 0x prefix)\n * @param network - Bitcoin network\n * @returns Native SegWit address (bc1q... / tb1q... / bcrt1q...)\n * @throws If publicKeyHex is not a compressed public key (66 hex chars)\n */\nexport function deriveNativeSegwitAddress(\n publicKeyHex: string,\n network: Network,\n): string {\n const cleanHex = stripHexPrefix(publicKeyHex);\n if (cleanHex.length !== 66) {\n throw new Error(\n `Native SegWit requires a compressed public key (66 hex chars), got ${cleanHex.length}`,\n );\n }\n const { address } = payments.p2wpkh({\n pubkey: Buffer.from(hexToUint8Array(cleanHex)),\n network: getNetwork(network),\n });\n if (!address) {\n throw new Error(\n \"Failed to derive native segwit address from public key\",\n );\n }\n return address;\n}\n\n/**\n * Validate that a BTC address was derived from the given public key.\n *\n * Derives Taproot (P2TR) and Native SegWit (P2WPKH) addresses from the\n * public key and checks if the provided address matches any of them.\n *\n * P2WPKH derivation requires the full compressed key with explicit y-parity.\n * When only an x-only key is supplied, the y-parity is unknown and trying\n * both `02|x` and `03|x` would let an opposite-parity P2WPKH address — a\n * script the caller does NOT control — pass validation. We fail closed for\n * P2WPKH in that case; P2TR (which depends only on the x-coordinate) is\n * still validated and remains the supported path for Taproot wallets.\n *\n * @param address - BTC address to validate\n * @param publicKeyHex - Public key from the wallet (x-only 64 or compressed 66 hex chars)\n * @param network - Bitcoin network\n * @returns true if the address matches the public key\n */\nexport function isAddressFromPublicKey(\n address: string,\n publicKeyHex: string,\n network: Network,\n): boolean {\n const cleanHex = stripHexPrefix(publicKeyHex);\n\n // P2TR — works with both x-only and compressed keys\n try {\n if (address === deriveTaprootAddress(cleanHex, network)) {\n return true;\n }\n } catch {\n // derivation failed, continue\n }\n\n // P2WPKH — only attempt when the caller supplied a parity-bearing\n // compressed key. An x-only input is fail-closed here on purpose.\n if (cleanHex.length === COMPRESSED_PUBKEY_HEX_LEN) {\n try {\n if (address === deriveNativeSegwitAddress(cleanHex, network)) {\n return true;\n }\n } catch {\n // derivation failed, continue\n }\n }\n\n return false;\n}\n"],"names":["TAPSCRIPT_LEAF_VERSION","X_ONLY_PUBKEY_HEX_LEN","COMPRESSED_PUBKEY_HEX_LEN","UNCOMPRESSED_PUBKEY_HEX_LEN","SCHNORR_SIG_HEX_LEN","stripHexPrefix","hex","ensureHexPrefix","hexToUint8Array","cleanHex","isValidHexRaw","bytes","i","uint8ArrayToHex","b","inputTxidHex","input","toXOnly","pubKey","processPublicKeyToXOnly","publicKeyHex","pubkeyBytes","isValidHex","validateWalletPubkey","walletPubkeyRaw","expectedDepositorPubkey","walletPubkeyXOnly","depositorPubkey","SATOSHIS_PER_BTC","formatSatoshisToBtc","satoshis","whole","fractionStr","assertEccInitialized","payments","Buffer","getNetwork","network","networks","deriveTaprootAddress","xOnly","address","getSortedXOnlyPubkeys","pubkeys","deriveBip86ScriptPubKeyHex","xOnlyPubkeyHex","output","deriveNativeSegwitAddress","isAddressFromPublicKey"],"mappings":"kEA0BaA,EAAyB,IAMzBC,EAAwB,GAMxBC,EAA4B,GAM5BC,EAA8B,IAK9BC,EAAsB,IAW5B,SAASC,EAAeC,EAAqB,CAClD,OAAOA,EAAI,WAAW,IAAI,GAAKA,EAAI,WAAW,IAAI,EAAIA,EAAI,MAAM,CAAC,EAAIA,CACvE,CAWO,SAASC,EAAgBD,EAAkB,CAChD,OAAIA,EAAI,WAAW,IAAI,EAAUA,EAC7BA,EAAI,WAAW,IAAI,EAAU,KAAKA,EAAI,MAAM,CAAC,CAAC,GAC3C,KAAKA,CAAG,EACjB,CASO,SAASE,EAAgBF,EAAyB,CACvD,MAAMG,EAAWJ,EAAeC,CAAG,EACnC,GAAI,CAACI,EAAcD,CAAQ,EACzB,MAAM,IAAI,MAAM,uBAAuBH,CAAG,EAAE,EAE9C,MAAMK,EAAQ,IAAI,WAAWF,EAAS,OAAS,CAAC,EAChD,QAASG,EAAI,EAAGA,EAAIH,EAAS,OAAQG,GAAK,EACxCD,EAAMC,EAAI,CAAC,EAAI,SAASH,EAAS,MAAMG,EAAGA,EAAI,CAAC,EAAG,EAAE,EAEtD,OAAOD,CACT,CAQO,SAASE,EAAgBF,EAA2B,CACzD,OAAO,MAAM,KAAKA,CAAK,EACpB,IAAKG,GAAMA,EAAE,SAAS,EAAE,EAAE,SAAS,EAAG,GAAG,CAAC,EAC1C,KAAK,EAAE,CACZ,CAWO,SAASC,EAAaC,EAElB,CACT,OAAOH,EAAgB,IAAI,WAAWG,EAAM,IAAI,EAAE,MAAA,EAAQ,SAAS,CACrE,CAWO,SAASC,EAAQC,EAAgC,CACtD,OAAOA,EAAO,SAAW,GAAKA,EAASA,EAAO,MAAM,EAAG,EAAE,CAC3D,CASA,SAASR,EAAcJ,EAAsB,CAC3C,MAAO,iBAAiB,KAAKA,CAAG,GAAKA,EAAI,OAAS,IAAM,CAC1D,CAoBO,SAASa,EAAwBC,EAA8B,CAEpE,MAAMX,EAAWJ,EAAee,CAAY,EAG5C,GAAI,CAACV,EAAcD,CAAQ,EACzB,MAAM,IAAI,MAAM,yCAAyCW,CAAY,EAAE,EAIzE,GAAIX,EAAS,SAAWR,EACtB,OAAOQ,EAIT,GACEA,EAAS,SAAWP,GACpBO,EAAS,SAAWN,EAEpB,MAAM,IAAI,MACR,8BAA8BM,EAAS,MAAM,cAAcR,CAAqB,KAAKC,CAAyB,QAAQC,CAA2B,aAAA,EAIrJ,MAAMkB,EAAcb,EAAgBC,CAAQ,EAC5C,OAAOI,EAAgBI,EAAQI,CAAW,CAAC,CAC7C,CAWO,SAASC,EAAWhB,EAAsB,CAC/C,MAAMG,EAAWJ,EAAeC,CAAG,EACnC,OAAOI,EAAcD,CAAQ,CAC/B,CA6BO,SAASc,EACdC,EACAC,EAC8B,CAC9B,GAAI,CAACA,EACH,MAAM,IAAI,MACR,kIAAA,EAIJ,MAAMC,EAAoBP,EAAwBK,CAAe,EAC3DG,EAAkBF,EAExB,GAAIC,EAAkB,YAAA,IAAkBC,EAAgB,cACtD,MAAM,IAAI,MACR,+DACaA,CAAe,UAAUD,CAAiB,iEAAA,EAK3D,MAAO,CAAE,gBAAAF,EAAiB,kBAAAE,EAAmB,gBAAAC,CAAA,CAC/C,CAMA,MAAMC,EAAmB,WAKlB,SAASC,EAAoBC,EAA0B,CAC5D,GAAIA,EAAW,GACb,MAAO,IAAID,EAAoB,CAACC,CAAQ,CAAC,GAE3C,MAAMC,EAAQD,EAAWF,EAEzB,IAAII,GADaF,EAAWF,GACD,SAAA,EAAW,SAAS,EAAG,GAAG,EACrD,OAAAI,EAAcA,EAAY,QAAQ,MAAO,EAAE,EACpCA,EAAY,OAAS,EAAI,GAAGD,CAAK,IAAIC,CAAW,GAAKD,EAAM,SAAA,CACpE,CAeA,SAASE,GAA6B,CACpC,GAAI,CACFC,WAAS,KAAK,CAAE,eAAgBC,EAAAA,OAAO,MAAM,GAAI,CAAC,EAAG,CACvD,OAAS,EAAG,CACV,GAAI,aAAa,OAAS,EAAE,QAAQ,SAAS,yBAAyB,EACpE,MAAM,IAAI,MACR,qJAAA,CAMN,CACF,CAQO,SAASC,EAAWC,EAAoC,CAC7D,OAAQA,EAAA,CACN,IAAK,UACH,OAAOC,EAAAA,SAAS,QAClB,IAAK,UACL,IAAK,SACH,OAAOA,EAAAA,SAAS,QAClB,IAAK,UACH,OAAOA,EAAAA,SAAS,QAClB,QACE,MAAM,IAAI,MAAM,oBAAoBD,CAAO,EAAE,CAAA,CAEnD,CASO,SAASE,EACdnB,EACAiB,EACQ,CACRJ,EAAA,EACA,MAAMO,EAAQhC,EAAgBW,EAAwBC,CAAY,CAAC,EAC7D,CAAE,QAAAqB,CAAA,EAAYP,EAAAA,SAAS,KAAK,CAChC,eAAgBC,EAAAA,OAAO,KAAKK,CAAK,EACjC,QAASJ,EAAWC,CAAO,CAAA,CAC5B,EACD,GAAI,CAACI,EACH,MAAM,IAAI,MAAM,kDAAkD,EAEpE,OAAOA,CACT,CAWO,SAASC,EAAsBC,EAA6B,CACjE,OAAOA,EAAQ,IAAItC,CAAc,EAAE,KAAA,CACrC,CAkBO,SAASuC,EAA2BC,EAAgC,CACzEZ,EAAA,EACA,MAAMxB,EAAWJ,EAAewC,CAAc,EAC9C,GAAI,CAAC,oBAAoB,KAAKpC,CAAQ,EACpC,MAAM,IAAI,MACR,2EAAA,EAGJ,KAAM,CAAE,OAAAqC,CAAA,EAAWZ,EAAAA,SAAS,KAAK,CAC/B,eAAgBC,EAAAA,OAAO,KAAK1B,EAAU,KAAK,CAAA,CAC5C,EACD,GAAI,CAACqC,EACH,MAAM,IAAI,MAAM,2CAA2C,EAE7D,MAAO,KAAKA,EAAO,SAAS,KAAK,CAAC,EACpC,CAUO,SAASC,EACd3B,EACAiB,EACQ,CACR,MAAM5B,EAAWJ,EAAee,CAAY,EAC5C,GAAIX,EAAS,SAAW,GACtB,MAAM,IAAI,MACR,sEAAsEA,EAAS,MAAM,EAAA,EAGzF,KAAM,CAAE,QAAAgC,CAAA,EAAYP,EAAAA,SAAS,OAAO,CAClC,OAAQC,EAAAA,OAAO,KAAK3B,EAAgBC,CAAQ,CAAC,EAC7C,QAAS2B,EAAWC,CAAO,CAAA,CAC5B,EACD,GAAI,CAACI,EACH,MAAM,IAAI,MACR,wDAAA,EAGJ,OAAOA,CACT,CAoBO,SAASO,EACdP,EACArB,EACAiB,EACS,CACT,MAAM5B,EAAWJ,EAAee,CAAY,EAG5C,GAAI,CACF,GAAIqB,IAAYF,EAAqB9B,EAAU4B,CAAO,EACpD,MAAO,EAEX,MAAQ,CAER,CAIA,GAAI5B,EAAS,SAAWP,EACtB,GAAI,CACF,GAAIuC,IAAYM,EAA0BtC,EAAU4B,CAAO,EACzD,MAAO,EAEX,MAAQ,CAER,CAGF,MAAO,EACT"}
1
+ {"version":3,"file":"bitcoin-CHfKAhcI.cjs","sources":["../src/tbv/core/primitives/utils/bitcoin.ts"],"sourcesContent":["/**\n * Bitcoin Utilities\n *\n * Common pure utility functions for Bitcoin operations including:\n * - Public key conversions (x-only format)\n * - Hex string manipulation\n * - Uint8Array conversions and validation\n * - Address derivation and validation\n *\n * All functions are pure (no side effects) and work in Node.js, browsers,\n * and serverless environments.\n *\n * @module primitives/utils/bitcoin\n */\n\nimport { Buffer } from \"buffer\";\nimport { networks, payments } from \"bitcoinjs-lib\";\n\nimport type { Network } from \"@babylonlabs-io/babylon-tbv-rust-wasm\";\nimport type { Hex } from \"viem\";\n\n/**\n * BIP-341 Tapscript leaf version for script-path spends.\n * @see https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki\n * @see Rust: bitcoin::taproot::LeafVersion::TapScript\n */\nexport const TAPSCRIPT_LEAF_VERSION = 0xc0;\n\n/**\n * Hex-string length of a 32-byte BIP-340 x-only public key (taproot,\n * Schnorr). Doubles the byte count: `2 * 32 = 64`.\n */\nexport const X_ONLY_PUBKEY_HEX_LEN = 64;\n\n/**\n * Hex-string length of a 33-byte SEC1-compressed secp256k1 public key\n * (`0x02` or `0x03` prefix + 32-byte x-coordinate). `2 * 33 = 66`.\n */\nexport const COMPRESSED_PUBKEY_HEX_LEN = 66;\n\n/**\n * Hex-string length of a 65-byte SEC1-uncompressed secp256k1 public\n * key (`0x04` prefix + 32-byte x + 32-byte y). `2 * 65 = 130`.\n */\nconst UNCOMPRESSED_PUBKEY_HEX_LEN = 130;\n\n/**\n * Hex-string length of a 64-byte BIP-340 Schnorr signature. `2 * 64 = 128`.\n */\nexport const SCHNORR_SIG_HEX_LEN = 128;\n\n/**\n * Strip \"0x\" prefix from hex string if present.\n *\n * Bitcoin expects plain hex (no \"0x\" prefix), but frontend often uses\n * Ethereum-style \"0x\"-prefixed hex.\n *\n * @param hex - Hex string with or without \"0x\" prefix\n * @returns Hex string without \"0x\" prefix\n */\nexport function stripHexPrefix(hex: string): string {\n return hex.startsWith(\"0x\") || hex.startsWith(\"0X\") ? hex.slice(2) : hex;\n}\n\n/**\n * Ensure \"0x\" prefix on a hex string, returning viem's Hex type.\n *\n * Ethereum/viem APIs expect `0x`-prefixed hex, but Bitcoin tooling\n * typically omits the prefix. This normalises either form.\n *\n * @param hex - Hex string with or without \"0x\" prefix\n * @returns `0x`-prefixed hex string typed as viem Hex\n */\nexport function ensureHexPrefix(hex: string): Hex {\n if (hex.startsWith(\"0x\")) return hex as Hex;\n if (hex.startsWith(\"0X\")) return `0x${hex.slice(2)}` as Hex;\n return `0x${hex}` as Hex;\n}\n\n/**\n * Convert hex string to Uint8Array.\n *\n * @param hex - Hex string (with or without 0x prefix)\n * @returns Uint8Array\n * @throws If hex is invalid\n */\nexport function hexToUint8Array(hex: string): Uint8Array {\n const cleanHex = stripHexPrefix(hex);\n if (!isValidHexRaw(cleanHex)) {\n throw new Error(`Invalid hex string: ${hex}`);\n }\n const bytes = new Uint8Array(cleanHex.length / 2);\n for (let i = 0; i < cleanHex.length; i += 2) {\n bytes[i / 2] = parseInt(cleanHex.slice(i, i + 2), 16);\n }\n return bytes;\n}\n\n/**\n * Convert Uint8Array to hex string (without 0x prefix).\n *\n * @param bytes - Uint8Array to convert\n * @returns Hex string without 0x prefix\n */\nexport function uint8ArrayToHex(bytes: Uint8Array): string {\n return Array.from(bytes)\n .map((b) => b.toString(16).padStart(2, \"0\"))\n .join(\"\");\n}\n\n/**\n * Read the prevout txid (big-endian hex) from a bitcoinjs-lib transaction input.\n *\n * bitcoinjs-lib stores `hash` in little-endian internal byte order; txids are\n * displayed in big-endian, so the bytes must be reversed before hex-encoding.\n *\n * @param input - Transaction input with a `hash` field (Buffer or Uint8Array)\n * @returns Prevout txid as a hex string (big-endian, no 0x prefix)\n */\nexport function inputTxidHex(input: {\n hash: Buffer | Uint8Array;\n}): string {\n return uint8ArrayToHex(new Uint8Array(input.hash).slice().reverse());\n}\n\n/**\n * Convert a 33-byte public key to 32-byte x-only format (removes first byte).\n *\n * Used for Taproot/Schnorr signatures which only need the x-coordinate.\n * If the input is already 32 bytes, returns it unchanged.\n *\n * @param pubKey - 33-byte or 32-byte public key\n * @returns 32-byte x-only public key\n */\nexport function toXOnly(pubKey: Uint8Array): Uint8Array {\n return pubKey.length === 32 ? pubKey : pubKey.slice(1, 33);\n}\n\n/**\n * Internal helper: Validate hex string format without stripping prefix\n *\n * @internal\n * @param hex - Hex string (must already have prefix stripped)\n * @returns true if valid hex string\n */\nfunction isValidHexRaw(hex: string): boolean {\n return /^[0-9a-fA-F]*$/.test(hex) && hex.length % 2 === 0;\n}\n\n/**\n * Process and convert a public key to x-only format (32 bytes hex).\n *\n * Handles:\n * - 0x prefix removal\n * - Hex character validation\n * - Length validation\n * - Conversion to x-only format\n *\n * Accepts:\n * - 64 hex chars (32 bytes) - already x-only\n * - 66 hex chars (33 bytes) - compressed pubkey\n * - 130 hex chars (65 bytes) - uncompressed pubkey\n *\n * @param publicKeyHex - Public key in hex format (with or without 0x prefix)\n * @returns X-only public key as 32 bytes hex string (without 0x prefix)\n * @throws If public key format is invalid or contains invalid hex characters\n */\nexport function processPublicKeyToXOnly(publicKeyHex: string): string {\n // Remove '0x' prefix if present\n const cleanHex = stripHexPrefix(publicKeyHex);\n\n // Validate hex characters early to prevent silent failures\n if (!isValidHexRaw(cleanHex)) {\n throw new Error(`Invalid hex characters in public key: ${publicKeyHex}`);\n }\n\n // If already 64 chars (32 bytes), it's already x-only format\n if (cleanHex.length === X_ONLY_PUBKEY_HEX_LEN) {\n return cleanHex;\n }\n\n // Validate public key length (compressed SEC1 or uncompressed SEC1)\n if (\n cleanHex.length !== COMPRESSED_PUBKEY_HEX_LEN &&\n cleanHex.length !== UNCOMPRESSED_PUBKEY_HEX_LEN\n ) {\n throw new Error(\n `Invalid public key length: ${cleanHex.length} (expected ${X_ONLY_PUBKEY_HEX_LEN}, ${COMPRESSED_PUBKEY_HEX_LEN}, or ${UNCOMPRESSED_PUBKEY_HEX_LEN} hex chars)`,\n );\n }\n\n const pubkeyBytes = hexToUint8Array(cleanHex);\n return uint8ArrayToHex(toXOnly(pubkeyBytes));\n}\n\n/**\n * Validate hex string format.\n *\n * Checks that the string contains only valid hexadecimal characters (0-9, a-f, A-F)\n * and has an even length (since each byte is represented by 2 hex characters).\n *\n * @param hex - String to validate (with or without 0x prefix)\n * @returns true if valid hex string\n */\nexport function isValidHex(hex: string): boolean {\n const cleanHex = stripHexPrefix(hex);\n return isValidHexRaw(cleanHex);\n}\n\n/**\n * Result of validating a wallet public key against an expected depositor public key.\n */\nexport interface WalletPubkeyValidationResult {\n /** Wallet's raw public key (as returned by wallet, may be compressed) */\n walletPubkeyRaw: string;\n /** Wallet's public key in x-only format (32 bytes, 64 hex chars) */\n walletPubkeyXOnly: string;\n /** The validated depositor public key (x-only format) */\n depositorPubkey: string;\n}\n\n/**\n * Validate that a wallet's public key matches the expected depositor public key.\n *\n * This function:\n * 1. Converts the wallet pubkey to x-only format\n * 2. Validates the wallet x-only pubkey matches the expected depositor pubkey\n * (case-insensitive)\n *\n * @param walletPubkeyRaw - Raw public key from wallet (may be compressed 66 chars or x-only 64 chars)\n * @param expectedDepositorPubkey - Expected depositor public key (x-only).\n * Required: omitting it would degrade this check to a self-comparison.\n * @returns Validation result with both pubkey formats\n * @throws If `expectedDepositorPubkey` is missing/empty\n * @throws If wallet pubkey doesn't match expected depositor pubkey\n */\nexport function validateWalletPubkey(\n walletPubkeyRaw: string,\n expectedDepositorPubkey: string,\n): WalletPubkeyValidationResult {\n if (!expectedDepositorPubkey) {\n throw new Error(\n \"validateWalletPubkey requires expectedDepositorPubkey. Pass the on-chain registered depositor pubkey to avoid a self-comparison.\",\n );\n }\n\n const walletPubkeyXOnly = processPublicKeyToXOnly(walletPubkeyRaw);\n const depositorPubkey = expectedDepositorPubkey;\n\n if (walletPubkeyXOnly.toLowerCase() !== depositorPubkey.toLowerCase()) {\n throw new Error(\n `Wallet public key does not match vault depositor. ` +\n `Expected: ${depositorPubkey}, Got: ${walletPubkeyXOnly}. ` +\n `Please connect the wallet that was used to create this vault.`\n );\n }\n\n return { walletPubkeyRaw, walletPubkeyXOnly, depositorPubkey };\n}\n\n// ============================================================================\n// BTC formatting\n// ============================================================================\n\nconst SATOSHIS_PER_BTC = 100_000_000n;\n\n/**\n * Format satoshis as a human-readable BTC string with trailing zeros removed.\n */\nexport function formatSatoshisToBtc(satoshis: bigint): string {\n if (satoshis < 0n) {\n return `-${formatSatoshisToBtc(-satoshis)}`;\n }\n const whole = satoshis / SATOSHIS_PER_BTC;\n const fraction = satoshis % SATOSHIS_PER_BTC;\n let fractionStr = fraction.toString().padStart(8, \"0\");\n fractionStr = fractionStr.replace(/0+$/, \"\");\n return fractionStr.length > 0 ? `${whole}.${fractionStr}` : whole.toString();\n}\n\n// ============================================================================\n// Address derivation and validation\n// ============================================================================\n\n/**\n * Assert that the ECC library has been initialized via `initEccLib(ecc)`.\n *\n * The consuming application must call `initEccLib(ecc)` from `bitcoinjs-lib`\n * once at startup before using any SDK function that involves Taproot / P2TR\n * operations. This guard provides a clear error message when that step was\n * missed, instead of letting bitcoinjs-lib throw its generic\n * \"No ECC Library provided\" error deep in a call stack.\n */\nfunction assertEccInitialized(): void {\n try {\n payments.p2tr({ internalPubkey: Buffer.alloc(32, 1) });\n } catch (e) {\n if (e instanceof Error && e.message.includes(\"No ECC Library provided\")) {\n throw new Error(\n \"ECC library not initialized. \" +\n 'You must call initEccLib(ecc) from \"bitcoinjs-lib\" before using the SDK. ' +\n \"See the ts-sdk README for setup instructions.\",\n );\n }\n // Any other error means ECC is loaded (e.g. invalid key is fine — ECC worked).\n }\n}\n\n/**\n * Map SDK network type to bitcoinjs-lib Network object.\n *\n * @param network - Network type (\"bitcoin\", \"testnet\", \"signet\", \"regtest\")\n * @returns bitcoinjs-lib Network object\n */\nexport function getNetwork(network: Network): networks.Network {\n switch (network) {\n case \"bitcoin\":\n return networks.bitcoin;\n case \"testnet\":\n case \"signet\":\n return networks.testnet;\n case \"regtest\":\n return networks.regtest;\n default:\n throw new Error(`Unknown network: ${network}`);\n }\n}\n\n/**\n * Derive a Taproot (P2TR) address from a public key.\n *\n * @param publicKeyHex - Compressed (66 hex) or x-only (64 hex) public key\n * @param network - Bitcoin network\n * @returns Taproot address (bc1p... / tb1p... / bcrt1p...)\n */\nexport function deriveTaprootAddress(\n publicKeyHex: string,\n network: Network,\n): string {\n assertEccInitialized();\n const xOnly = hexToUint8Array(processPublicKeyToXOnly(publicKeyHex));\n const { address } = payments.p2tr({\n internalPubkey: Buffer.from(xOnly),\n network: getNetwork(network),\n });\n if (!address) {\n throw new Error(\"Failed to derive taproot address from public key\");\n }\n return address;\n}\n\n/**\n * Strip `0x` prefixes and lex-sort an array of x-only public keys.\n *\n * Used to produce the canonical (Rust-parity) keeper / challenger ordering\n * the protocol expects in payout and refund signing contexts.\n *\n * @param pubkeys - Array of x-only public keys (with or without `0x` prefix)\n * @returns Lex-sorted array of pubkeys with `0x` prefix stripped\n */\nexport function getSortedXOnlyPubkeys(pubkeys: string[]): string[] {\n return pubkeys.map(stripHexPrefix).sort();\n}\n\n/**\n * Derive the BIP-86 P2TR scriptPubKey (`0x`-prefixed hex) from an x-only\n * public key.\n *\n * Matches Rust `Bip86KeyConnector::generate_taproot_script_pubkey`: a\n * keypath-only P2TR output with no script tree. Used to compute the expected\n * payout address for vault keeper claimers, whose payout goes to their own\n * BIP-86 address rather than the depositor's registered payout address.\n *\n * Network-agnostic: P2TR scriptPubKey bytes are `OP_1 <32-byte tweaked-key>`\n * regardless of network.\n *\n * @param xOnlyPubkeyHex - X-only public key (64 hex chars, with or without `0x` prefix)\n * @returns `0x`-prefixed P2TR scriptPubKey hex\n * @throws If `xOnlyPubkeyHex` is not exactly 64 hex chars after prefix stripping\n */\nexport function deriveBip86ScriptPubKeyHex(xOnlyPubkeyHex: string): string {\n assertEccInitialized();\n const cleanHex = stripHexPrefix(xOnlyPubkeyHex);\n if (!/^[0-9a-fA-F]{64}$/.test(cleanHex)) {\n throw new Error(\n \"Invalid x-only pubkey: must be 64 hex characters (32 bytes, no 0x prefix)\",\n );\n }\n const { output } = payments.p2tr({\n internalPubkey: Buffer.from(cleanHex, \"hex\"),\n });\n if (!output) {\n throw new Error(\"Failed to derive BIP-86 P2TR scriptPubKey\");\n }\n return `0x${output.toString(\"hex\")}`;\n}\n\n/**\n * Derive a Native SegWit (P2WPKH) address from a compressed public key.\n *\n * @param publicKeyHex - Compressed public key (66 hex chars, with or without 0x prefix)\n * @param network - Bitcoin network\n * @returns Native SegWit address (bc1q... / tb1q... / bcrt1q...)\n * @throws If publicKeyHex is not a compressed public key (66 hex chars)\n */\nexport function deriveNativeSegwitAddress(\n publicKeyHex: string,\n network: Network,\n): string {\n const cleanHex = stripHexPrefix(publicKeyHex);\n if (cleanHex.length !== 66) {\n throw new Error(\n `Native SegWit requires a compressed public key (66 hex chars), got ${cleanHex.length}`,\n );\n }\n const { address } = payments.p2wpkh({\n pubkey: Buffer.from(hexToUint8Array(cleanHex)),\n network: getNetwork(network),\n });\n if (!address) {\n throw new Error(\n \"Failed to derive native segwit address from public key\",\n );\n }\n return address;\n}\n\n/**\n * Validate that a BTC address was derived from the given public key.\n *\n * Derives Taproot (P2TR) and Native SegWit (P2WPKH) addresses from the\n * public key and checks if the provided address matches any of them.\n *\n * P2WPKH derivation requires the full compressed key with explicit y-parity.\n * When only an x-only key is supplied, the y-parity is unknown and trying\n * both `02|x` and `03|x` would let an opposite-parity P2WPKH address — a\n * script the caller does NOT control — pass validation. We fail closed for\n * P2WPKH in that case; P2TR (which depends only on the x-coordinate) is\n * still validated and remains the supported path for Taproot wallets.\n *\n * @param address - BTC address to validate\n * @param publicKeyHex - Public key from the wallet (x-only 64 or compressed 66 hex chars)\n * @param network - Bitcoin network\n * @returns true if the address matches the public key\n */\nexport function isAddressFromPublicKey(\n address: string,\n publicKeyHex: string,\n network: Network,\n): boolean {\n const cleanHex = stripHexPrefix(publicKeyHex);\n\n // P2TR — works with both x-only and compressed keys\n try {\n if (address === deriveTaprootAddress(cleanHex, network)) {\n return true;\n }\n } catch {\n // derivation failed, continue\n }\n\n // P2WPKH — only attempt when the caller supplied a parity-bearing\n // compressed key. An x-only input is fail-closed here on purpose.\n if (cleanHex.length === COMPRESSED_PUBKEY_HEX_LEN) {\n try {\n if (address === deriveNativeSegwitAddress(cleanHex, network)) {\n return true;\n }\n } catch {\n // derivation failed, continue\n }\n }\n\n return false;\n}\n"],"names":["TAPSCRIPT_LEAF_VERSION","X_ONLY_PUBKEY_HEX_LEN","COMPRESSED_PUBKEY_HEX_LEN","UNCOMPRESSED_PUBKEY_HEX_LEN","SCHNORR_SIG_HEX_LEN","stripHexPrefix","hex","ensureHexPrefix","hexToUint8Array","cleanHex","isValidHexRaw","bytes","i","uint8ArrayToHex","b","inputTxidHex","input","toXOnly","pubKey","processPublicKeyToXOnly","publicKeyHex","pubkeyBytes","isValidHex","validateWalletPubkey","walletPubkeyRaw","expectedDepositorPubkey","walletPubkeyXOnly","depositorPubkey","SATOSHIS_PER_BTC","formatSatoshisToBtc","satoshis","whole","fractionStr","assertEccInitialized","payments","Buffer","getNetwork","network","networks","deriveTaprootAddress","xOnly","address","getSortedXOnlyPubkeys","pubkeys","deriveBip86ScriptPubKeyHex","xOnlyPubkeyHex","output","deriveNativeSegwitAddress","isAddressFromPublicKey"],"mappings":"kEA0BaA,EAAyB,IAMzBC,EAAwB,GAMxBC,EAA4B,GAMnCC,EAA8B,IAKvBC,EAAsB,IAW5B,SAASC,EAAeC,EAAqB,CAClD,OAAOA,EAAI,WAAW,IAAI,GAAKA,EAAI,WAAW,IAAI,EAAIA,EAAI,MAAM,CAAC,EAAIA,CACvE,CAWO,SAASC,EAAgBD,EAAkB,CAChD,OAAIA,EAAI,WAAW,IAAI,EAAUA,EAC7BA,EAAI,WAAW,IAAI,EAAU,KAAKA,EAAI,MAAM,CAAC,CAAC,GAC3C,KAAKA,CAAG,EACjB,CASO,SAASE,EAAgBF,EAAyB,CACvD,MAAMG,EAAWJ,EAAeC,CAAG,EACnC,GAAI,CAACI,EAAcD,CAAQ,EACzB,MAAM,IAAI,MAAM,uBAAuBH,CAAG,EAAE,EAE9C,MAAMK,EAAQ,IAAI,WAAWF,EAAS,OAAS,CAAC,EAChD,QAASG,EAAI,EAAGA,EAAIH,EAAS,OAAQG,GAAK,EACxCD,EAAMC,EAAI,CAAC,EAAI,SAASH,EAAS,MAAMG,EAAGA,EAAI,CAAC,EAAG,EAAE,EAEtD,OAAOD,CACT,CAQO,SAASE,EAAgBF,EAA2B,CACzD,OAAO,MAAM,KAAKA,CAAK,EACpB,IAAKG,GAAMA,EAAE,SAAS,EAAE,EAAE,SAAS,EAAG,GAAG,CAAC,EAC1C,KAAK,EAAE,CACZ,CAWO,SAASC,EAAaC,EAElB,CACT,OAAOH,EAAgB,IAAI,WAAWG,EAAM,IAAI,EAAE,MAAA,EAAQ,SAAS,CACrE,CAWO,SAASC,EAAQC,EAAgC,CACtD,OAAOA,EAAO,SAAW,GAAKA,EAASA,EAAO,MAAM,EAAG,EAAE,CAC3D,CASA,SAASR,EAAcJ,EAAsB,CAC3C,MAAO,iBAAiB,KAAKA,CAAG,GAAKA,EAAI,OAAS,IAAM,CAC1D,CAoBO,SAASa,EAAwBC,EAA8B,CAEpE,MAAMX,EAAWJ,EAAee,CAAY,EAG5C,GAAI,CAACV,EAAcD,CAAQ,EACzB,MAAM,IAAI,MAAM,yCAAyCW,CAAY,EAAE,EAIzE,GAAIX,EAAS,SAAWR,EACtB,OAAOQ,EAIT,GACEA,EAAS,SAAWP,GACpBO,EAAS,SAAWN,EAEpB,MAAM,IAAI,MACR,8BAA8BM,EAAS,MAAM,cAAcR,CAAqB,KAAKC,CAAyB,QAAQC,CAA2B,aAAA,EAIrJ,MAAMkB,EAAcb,EAAgBC,CAAQ,EAC5C,OAAOI,EAAgBI,EAAQI,CAAW,CAAC,CAC7C,CAWO,SAASC,EAAWhB,EAAsB,CAC/C,MAAMG,EAAWJ,EAAeC,CAAG,EACnC,OAAOI,EAAcD,CAAQ,CAC/B,CA6BO,SAASc,EACdC,EACAC,EAC8B,CAC9B,GAAI,CAACA,EACH,MAAM,IAAI,MACR,kIAAA,EAIJ,MAAMC,EAAoBP,EAAwBK,CAAe,EAC3DG,EAAkBF,EAExB,GAAIC,EAAkB,YAAA,IAAkBC,EAAgB,cACtD,MAAM,IAAI,MACR,+DACaA,CAAe,UAAUD,CAAiB,iEAAA,EAK3D,MAAO,CAAE,gBAAAF,EAAiB,kBAAAE,EAAmB,gBAAAC,CAAA,CAC/C,CAMA,MAAMC,EAAmB,WAKlB,SAASC,EAAoBC,EAA0B,CAC5D,GAAIA,EAAW,GACb,MAAO,IAAID,EAAoB,CAACC,CAAQ,CAAC,GAE3C,MAAMC,EAAQD,EAAWF,EAEzB,IAAII,GADaF,EAAWF,GACD,SAAA,EAAW,SAAS,EAAG,GAAG,EACrD,OAAAI,EAAcA,EAAY,QAAQ,MAAO,EAAE,EACpCA,EAAY,OAAS,EAAI,GAAGD,CAAK,IAAIC,CAAW,GAAKD,EAAM,SAAA,CACpE,CAeA,SAASE,GAA6B,CACpC,GAAI,CACFC,WAAS,KAAK,CAAE,eAAgBC,EAAAA,OAAO,MAAM,GAAI,CAAC,EAAG,CACvD,OAAS,EAAG,CACV,GAAI,aAAa,OAAS,EAAE,QAAQ,SAAS,yBAAyB,EACpE,MAAM,IAAI,MACR,qJAAA,CAMN,CACF,CAQO,SAASC,EAAWC,EAAoC,CAC7D,OAAQA,EAAA,CACN,IAAK,UACH,OAAOC,EAAAA,SAAS,QAClB,IAAK,UACL,IAAK,SACH,OAAOA,EAAAA,SAAS,QAClB,IAAK,UACH,OAAOA,EAAAA,SAAS,QAClB,QACE,MAAM,IAAI,MAAM,oBAAoBD,CAAO,EAAE,CAAA,CAEnD,CASO,SAASE,EACdnB,EACAiB,EACQ,CACRJ,EAAA,EACA,MAAMO,EAAQhC,EAAgBW,EAAwBC,CAAY,CAAC,EAC7D,CAAE,QAAAqB,CAAA,EAAYP,EAAAA,SAAS,KAAK,CAChC,eAAgBC,EAAAA,OAAO,KAAKK,CAAK,EACjC,QAASJ,EAAWC,CAAO,CAAA,CAC5B,EACD,GAAI,CAACI,EACH,MAAM,IAAI,MAAM,kDAAkD,EAEpE,OAAOA,CACT,CAWO,SAASC,EAAsBC,EAA6B,CACjE,OAAOA,EAAQ,IAAItC,CAAc,EAAE,KAAA,CACrC,CAkBO,SAASuC,EAA2BC,EAAgC,CACzEZ,EAAA,EACA,MAAMxB,EAAWJ,EAAewC,CAAc,EAC9C,GAAI,CAAC,oBAAoB,KAAKpC,CAAQ,EACpC,MAAM,IAAI,MACR,2EAAA,EAGJ,KAAM,CAAE,OAAAqC,CAAA,EAAWZ,EAAAA,SAAS,KAAK,CAC/B,eAAgBC,EAAAA,OAAO,KAAK1B,EAAU,KAAK,CAAA,CAC5C,EACD,GAAI,CAACqC,EACH,MAAM,IAAI,MAAM,2CAA2C,EAE7D,MAAO,KAAKA,EAAO,SAAS,KAAK,CAAC,EACpC,CAUO,SAASC,EACd3B,EACAiB,EACQ,CACR,MAAM5B,EAAWJ,EAAee,CAAY,EAC5C,GAAIX,EAAS,SAAW,GACtB,MAAM,IAAI,MACR,sEAAsEA,EAAS,MAAM,EAAA,EAGzF,KAAM,CAAE,QAAAgC,CAAA,EAAYP,EAAAA,SAAS,OAAO,CAClC,OAAQC,EAAAA,OAAO,KAAK3B,EAAgBC,CAAQ,CAAC,EAC7C,QAAS2B,EAAWC,CAAO,CAAA,CAC5B,EACD,GAAI,CAACI,EACH,MAAM,IAAI,MACR,wDAAA,EAGJ,OAAOA,CACT,CAoBO,SAASO,EACdP,EACArB,EACAiB,EACS,CACT,MAAM5B,EAAWJ,EAAee,CAAY,EAG5C,GAAI,CACF,GAAIqB,IAAYF,EAAqB9B,EAAU4B,CAAO,EACpD,MAAO,EAEX,MAAQ,CAER,CAIA,GAAI5B,EAAS,SAAWP,EACtB,GAAI,CACF,GAAIuC,IAAYM,EAA0BtC,EAAU4B,CAAO,EACzD,MAAO,EAEX,MAAQ,CAER,CAGF,MAAO,EACT"}
package/dist/tbv/core/clients/vault-provider/auth/serverIdentity.d.ts CHANGED
@@ -16,13 +16,6 @@
16
16
  *
17
17
  * @module tbv/core/clients/vault-provider/auth/serverIdentity
18
18
  */
19
- /**
20
- * Cap on `proof.expires_at - now`. Bounds how long a leaked VP
21
- * ephemeral key stays usable; the bearer token's own TTL does not
22
- * (different trust boundary). 2h = Rust ref VP's 1h rotation × 2 for
23
- * clock skew. Override per call via `maxLifetimeSecs`.
24
- */
25
- export declare const DEFAULT_MAX_PROOF_LIFETIME_SECS: number;
26
19
  /**
27
20
  * Wire representation from btc-vault's `ServerIdentityResponse`.
28
21
  */
package/dist/tbv/core/clients/vault-provider/auth/serverIdentity.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"serverIdentity.d.ts","sourceRoot":"","sources":["../../../../../../src/tbv/core/clients/vault-provider/auth/serverIdentity.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAyBH;;;;;GAKG;AACH,eAAO,MAAM,+BAA+B,QAAW,CAAC;AAExD;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,6DAA6D;IAC7D,aAAa,EAAE,MAAM,CAAC;IACtB,uEAAuE;IACvE,gBAAgB,EAAE,MAAM,CAAC;IACzB,yDAAyD;IACzD,UAAU,EAAE,MAAM,CAAC;IACnB,qDAAqD;IACrD,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,yBAAyB;IACxC,yDAAyD;IACzD,KAAK,EAAE,sBAAsB,CAAC;IAC9B;;;;OAIG;IACH,kBAAkB,EAAE,MAAM,CAAC;IAC3B,mEAAmE;IACnE,GAAG,EAAE,MAAM,CAAC;IACZ,sGAAsG;IACtG,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,qBAAa,mBAAoB,SAAQ,KAAK;aAG1B,MAAM,EAClB,wBAAwB,GACxB,SAAS,GACT,iBAAiB,GACjB,oBAAoB,GACpB,sBAAsB,GACtB,yBAAyB,GACzB,0BAA0B,GAC1B,4BAA4B,GAC5B,+BAA+B;gBAVnC,OAAO,EAAE,MAAM,EACC,MAAM,EAClB,wBAAwB,GACxB,SAAS,GACT,iBAAiB,GACjB,oBAAoB,GACpB,sBAAsB,GACtB,yBAAyB,GACzB,0BAA0B,GAC1B,4BAA4B,GAC5B,+BAA+B;CAKtC;AAYD;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,yBAAyB,GAAG,IAAI,CAuH3E"}
1
+ {"version":3,"file":"serverIdentity.d.ts","sourceRoot":"","sources":["../../../../../../src/tbv/core/clients/vault-provider/auth/serverIdentity.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAiCH;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,6DAA6D;IAC7D,aAAa,EAAE,MAAM,CAAC;IACtB,uEAAuE;IACvE,gBAAgB,EAAE,MAAM,CAAC;IACzB,yDAAyD;IACzD,UAAU,EAAE,MAAM,CAAC;IACnB,qDAAqD;IACrD,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,yBAAyB;IACxC,yDAAyD;IACzD,KAAK,EAAE,sBAAsB,CAAC;IAC9B;;;;OAIG;IACH,kBAAkB,EAAE,MAAM,CAAC;IAC3B,mEAAmE;IACnE,GAAG,EAAE,MAAM,CAAC;IACZ,sGAAsG;IACtG,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,qBAAa,mBAAoB,SAAQ,KAAK;aAG1B,MAAM,EAClB,wBAAwB,GACxB,SAAS,GACT,iBAAiB,GACjB,oBAAoB,GACpB,sBAAsB,GACtB,yBAAyB,GACzB,0BAA0B,GAC1B,4BAA4B,GAC5B,+BAA+B;gBAVnC,OAAO,EAAE,MAAM,EACC,MAAM,EAClB,wBAAwB,GACxB,SAAS,GACT,iBAAiB,GACjB,oBAAoB,GACpB,sBAAsB,GACtB,yBAAyB,GACzB,0BAA0B,GAC1B,4BAA4B,GAC5B,+BAA+B;CAKtC;AAYD;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,yBAAyB,GAAG,IAAI,CAuH3E"}
package/dist/tbv/core/managers/pegin/assertAuthAnchorOpReturn.d.ts CHANGED
@@ -22,23 +22,6 @@
22
22
  * pushes a payload other than `expectedAuthAnchorHashHex`.
23
23
  */
24
24
  export declare function assertAuthAnchorOpReturn(fundedPrePeginTxHex: string, vaultCount: number, expectedAuthAnchorHashHex: string): void;
25
- /**
26
- * Best-effort reader for the auth-anchor OP_RETURN payload at `vout` of
27
- * a funded Pre-PegIn transaction.
28
- *
29
- * Returns the 32-byte payload as lowercase hex (no `0x` prefix) if the
30
- * output at `vout` is exactly `OP_RETURN || PUSH32 || <32 bytes>` with
31
- * a zero value. Returns `undefined` for any structural mismatch —
32
- * missing output, wrong script shape, non-zero value — so legacy
33
- * non-auth-anchored Pre-PegIns parse as "no anchor" rather than
34
- * raising.
35
- *
36
- * Used by the refund flow to reconstruct the unfunded WASM template
37
- * with the same output shape as the on-chain funded transaction.
38
- * Assertion semantics (compare against an expected value, throw on
39
- * mismatch) live in {@link assertAuthAnchorOpReturn}.
40
- */
41
- export declare function readAuthAnchorOpReturn(fundedPrePeginTxHex: string, vout: number): string | undefined;
42
25
  /**
43
26
  * Scan a funded Pre-PegIn transaction for its auth-anchor commitment
44
27
  * (an `OP_RETURN || PUSH32 || <32 bytes>` output with value 0).
package/dist/tbv/core/managers/pegin/assertAuthAnchorOpReturn.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"assertAuthAnchorOpReturn.d.ts","sourceRoot":"","sources":["../../../../../src/tbv/core/managers/pegin/assertAuthAnchorOpReturn.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAaH;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,wBAAwB,CACtC,mBAAmB,EAAE,MAAM,EAC3B,UAAU,EAAE,MAAM,EAClB,yBAAyB,EAAE,MAAM,GAChC,IAAI,CAwCN;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,sBAAsB,CACpC,mBAAmB,EAAE,MAAM,EAC3B,IAAI,EAAE,MAAM,GACX,MAAM,GAAG,SAAS,CAyBpB;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,sBAAsB,CACpC,mBAAmB,EAAE,MAAM,GAC1B;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,GAAG,SAAS,CA0B5C"}
1
+ {"version":3,"file":"assertAuthAnchorOpReturn.d.ts","sourceRoot":"","sources":["../../../../../src/tbv/core/managers/pegin/assertAuthAnchorOpReturn.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAaH;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,wBAAwB,CACtC,mBAAmB,EAAE,MAAM,EAC3B,UAAU,EAAE,MAAM,EAClB,yBAAyB,EAAE,MAAM,GAChC,IAAI,CAwCN;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,sBAAsB,CACpC,mBAAmB,EAAE,MAAM,GAC1B;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,GAAG,SAAS,CA0B5C"}
package/dist/tbv/core/managers/pegin/index.d.ts CHANGED
@@ -5,7 +5,7 @@
5
5
  *
6
6
  * @module managers/pegin
7
7
  */
8
- export { assertAuthAnchorOpReturn, findAuthAnchorOpReturn, readAuthAnchorOpReturn, } from './assertAuthAnchorOpReturn';
8
+ export { assertAuthAnchorOpReturn, findAuthAnchorOpReturn, } from './assertAuthAnchorOpReturn';
9
9
  export { expandPerVaultSecrets, type PerVaultExpansionResult, } from './expandPerVaultSecrets';
10
10
  export { normalizePopSignature, normalizeXOnlyPubkey, } from './normalizeWalletInputs';
11
11
  export { signPsbtsWithFallback } from './signPsbtsWithFallback';
package/dist/tbv/core/managers/pegin/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/tbv/core/managers/pegin/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EACL,wBAAwB,EACxB,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EACL,qBAAqB,EACrB,KAAK,uBAAuB,GAC7B,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,qBAAqB,EACrB,oBAAoB,GACrB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/tbv/core/managers/pegin/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EACL,wBAAwB,EACxB,sBAAsB,GACvB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EACL,qBAAqB,EACrB,KAAK,uBAAuB,GAC7B,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,qBAAqB,EACrB,oBAAoB,GACrB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC"}
package/dist/tbv/core/primitives/psbt/constants.d.ts CHANGED
@@ -17,12 +17,8 @@
17
17
  export declare const DEPOSITOR_PAYOUT_INPUT_COUNT = 2;
18
18
  /** PegIn vault output index spent by the depositor's Payout input 0. */
19
19
  export declare const PEGIN_VAULT_OUTPUT_INDEX = 0;
20
- /** Payout input index bound to the graph Assert tx (NOT signed). */
21
- export declare const PAYOUT_ASSERT_INPUT_INDEX = 1;
22
20
  /** Assert output index spent by the depositor's Payout input 1 (NOT signed). */
23
21
  export declare const ASSERT_PAYOUT_OUTPUT_INDEX = 0;
24
- /** Assert output index spent by NoPayout input 0 (signed). */
25
- export declare const ASSERT_NOPAYOUT_OUTPUT_INDEX = 0;
26
22
  /**
27
23
  * Dust amount (sats) for the payout CPFP anchor output. Matches `DUST_AMOUNT`
28
24
  * in `btc-vault crates/vault/src/lib.rs`.
package/dist/tbv/core/primitives/psbt/constants.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../../../../src/tbv/core/primitives/psbt/constants.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH;;;GAGG;AACH,eAAO,MAAM,4BAA4B,IAAI,CAAC;AAE9C,wEAAwE;AACxE,eAAO,MAAM,wBAAwB,IAAI,CAAC;AAE1C,oEAAoE;AACpE,eAAO,MAAM,yBAAyB,IAAI,CAAC;AAE3C,gFAAgF;AAChF,eAAO,MAAM,0BAA0B,IAAI,CAAC;AAE5C,8DAA8D;AAC9D,eAAO,MAAM,4BAA4B,IAAI,CAAC;AAE9C;;;GAGG;AACH,eAAO,MAAM,uBAAuB,MAAM,CAAC;AAE3C,sFAAsF;AACtF,eAAO,MAAM,8BAA8B,IAAI,CAAC;AAEhD,+EAA+E;AAC/E,eAAO,MAAM,kCAAkC,IAAI,CAAC;AAEpD;;;;;GAKG;AACH,eAAO,MAAM,+BAA+B,QAAS,CAAC"}
1
+ {"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../../../../src/tbv/core/primitives/psbt/constants.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH;;;GAGG;AACH,eAAO,MAAM,4BAA4B,IAAI,CAAC;AAE9C,wEAAwE;AACxE,eAAO,MAAM,wBAAwB,IAAI,CAAC;AAE1C,gFAAgF;AAChF,eAAO,MAAM,0BAA0B,IAAI,CAAC;AAE5C;;;GAGG;AACH,eAAO,MAAM,uBAAuB,MAAM,CAAC;AAE3C,sFAAsF;AACtF,eAAO,MAAM,8BAA8B,IAAI,CAAC;AAEhD,+EAA+E;AAC/E,eAAO,MAAM,kCAAkC,IAAI,CAAC;AAEpD;;;;;GAKG;AACH,eAAO,MAAM,+BAA+B,QAAS,CAAC"}