@babylonlabs-io/ts-sdk 0.41.0 → 0.43.0

package/dist/primeVpAuth-qEC9TTO_.js

@@ -0,0 +1,1136 @@
+var le = Object.defineProperty;
+var ue = (r, e, t) => e in r ? le(r, e, { enumerable: !0, configurable: !0, writable: !0, value: t }) : r[e] = t;
+var h = (r, e, t) => ue(r, typeof e != "symbol" ? e + "" : e, t);
+import { B as K } from "./BTCVaultRegistry.abi-Cq9-JlqT.js";
+import { P as b, A as H } from "./ApplicationRegistry.abi-Dn2qk6JG.js";
+import { j as de, v as j, k as pe, i as he } from "./mempoolApi-DI9HISqi.js";
+import { D as ge, J as Q, e as fe } from "./types-BqGAMOZM.js";
+import { X as R, C as U, s as T, S as me } from "./bitcoin-B5aNKtsk.js";
+import { H as k } from "./validation-CxqROCno.js";
+import * as M from "@bitcoin-js/tiny-secp256k1-asmjs";
+import { payments as _e, Transaction as O } from "bitcoinjs-lib";
+import { Buffer as A } from "buffer";
+import { s as X } from "./sha2-BYVxyZzX.js";
+async function at(r, e) {
+  const [t, n] = await r.multicall({
+    contracts: [
+      {
+        address: e,
+        abi: K,
+        functionName: "protocolParams"
+      },
+      {
+        address: e,
+        abi: K,
+        functionName: "applicationRegistry"
+      }
+    ],
+    allowFailure: !1
+  });
+  return {
+    protocolParams: t,
+    applicationRegistry: n
+  };
+}
+const q = 65535;
+function E(r) {
+  return {
+    timelockAssert: r.timelockAssert,
+    timelockChallengeAssert: r.timelockChallengeAssert,
+    securityCouncilKeys: [...r.securityCouncilKeys],
+    councilQuorum: r.councilQuorum,
+    feeRate: r.feeRate,
+    babeTotalInstances: r.babeTotalInstances,
+    babeInstancesToFinalize: r.babeInstancesToFinalize,
+    minVpCommissionBps: r.minVpCommissionBps,
+    tRefund: r.tRefund,
+    tStale: r.tStale,
+    minPeginFeeRate: r.minPeginFeeRate,
+    proverCircuitVersion: r.proverCircuitVersion,
+    minPrepeginDepth: r.minPrepeginDepth
+  };
+}
+function z(r) {
+  return {
+    minimumPegInAmount: r.minimumPegInAmount,
+    maxPegInAmount: r.maxPegInAmount,
+    pegInAckTimeout: r.pegInAckTimeout,
+    pegInActivationTimeout: r.pegInActivationTimeout,
+    maxHtlcOutputCount: r.maxHtlcOutputCount,
+    expiredPegInGraceBlocks: r.expiredPegInGraceBlocks
+  };
+}
+function W(r) {
+  if (r > BigInt(q))
+    throw new Error(
+      `timelockAssert value ${r} exceeds uint16 max (${q})`
+    );
+  return Number(r);
+}
+class ot {
+  constructor(e, t) {
+    this.publicClient = e, this.contractAddress = t;
+  }
+  async getTBVProtocolParams() {
+    const e = await this.publicClient.readContract({
+      address: this.contractAddress,
+      abi: b,
+      functionName: "getTBVProtocolParams"
+    }), t = z(e);
+    return de(t), t;
+  }
+  async getLatestOffchainParams() {
+    const e = await this.publicClient.readContract({
+      address: this.contractAddress,
+      abi: b,
+      functionName: "getLatestOffchainParams"
+    }), t = E(e);
+    return j(t), t;
+  }
+  async getOffchainParamsByVersion(e) {
+    const t = await this.publicClient.readContract({
+      address: this.contractAddress,
+      abi: b,
+      functionName: "getOffchainParamsByVersion",
+      args: [e]
+    }), n = E(t);
+    return j(n), n;
+  }
+  async getLatestOffchainParamsVersion() {
+    const e = await this.publicClient.readContract({
+      address: this.contractAddress,
+      abi: b,
+      functionName: "latestOffchainParamsVersion"
+    }), t = Number(e);
+    return pe(t), t;
+  }
+  async getTimelockPeginByVersion(e) {
+    const t = await this.getOffchainParamsByVersion(e);
+    return W(t.timelockAssert);
+  }
+  /**
+   * Read TBV protocol params, latest offchain params, and the latest version
+   * label atomically via multicall. The version is paired with the params so
+   * that a governance update between separate reads cannot let JS build BTC
+   * scripts with version N params while the contract registers the vault
+   * under version N+1.
+   */
+  async getPegInConfiguration() {
+    const e = await this.publicClient.multicall({
+      contracts: [
+        {
+          address: this.contractAddress,
+          abi: b,
+          functionName: "getTBVProtocolParams"
+        },
+        {
+          address: this.contractAddress,
+          abi: b,
+          functionName: "getLatestOffchainParams"
+        },
+        {
+          address: this.contractAddress,
+          abi: b,
+          functionName: "latestOffchainParamsVersion"
+        }
+      ],
+      allowFailure: !1
+    }), t = z(e[0]), n = E(e[1]), s = Number(e[2]), a = {
+      minimumPegInAmount: t.minimumPegInAmount,
+      maxPegInAmount: t.maxPegInAmount,
+      pegInAckTimeout: t.pegInAckTimeout,
+      pegInActivationTimeout: t.pegInActivationTimeout,
+      maxHtlcOutputCount: t.maxHtlcOutputCount,
+      expiredPegInGraceBlocks: t.expiredPegInGraceBlocks,
+      timelockPegin: W(n.timelockAssert),
+      timelockRefund: n.tRefund,
+      minVpCommissionBps: n.minVpCommissionBps,
+      offchainParams: n,
+      offchainParamsVersion: s
+    };
+    return he(a), a;
+  }
+  /**
+   * Fetch every historical offchain params version in a single multicall.
+   * Iterates 1..latestVersion and calls `getOffchainParamsByVersion` for each.
+   * Versions whose payload fails validation are skipped (not included in the
+   * returned map) so a single bad historical version doesn't block the
+   * lookup of the rest.
+   *
+   * @param onSkippedVersion - optional observer invoked once per skipped
+   *   version. Use to log/telemeter without coupling the SDK to a logger.
+   */
+  async fetchAllOffchainParams(e) {
+    const t = await this.getLatestOffchainParamsVersion();
+    if (t === 0)
+      return { byVersion: /* @__PURE__ */ new Map(), latestVersion: 0 };
+    const n = Array.from({ length: t }, (c, u) => u + 1), s = n.map((c) => ({
+      address: this.contractAddress,
+      abi: b,
+      functionName: "getOffchainParamsByVersion",
+      args: [c]
+    })), a = await this.publicClient.multicall({
+      contracts: s,
+      allowFailure: !1
+    }), o = /* @__PURE__ */ new Map();
+    for (let c = 0; c < n.length; c++) {
+      const u = E(a[c]);
+      try {
+        j(u), o.set(n[c], u);
+      } catch (d) {
+        e == null || e(
+          n[c],
+          d instanceof Error ? d : new Error(String(d))
+        );
+      }
+    }
+    return { byVersion: o, latestVersion: t };
+  }
+}
+function N(r) {
+  return r.map((e) => ({
+    ethAddress: e.ethAddress,
+    btcPubKey: e.btcPubKey
+  }));
+}
+class ct {
+  constructor(e, t) {
+    this.publicClient = e, this.contractAddress = t;
+  }
+  async getVaultKeepersByVersion(e, t) {
+    const n = await this.publicClient.readContract({
+      address: this.contractAddress,
+      abi: H,
+      functionName: "getVaultKeepersByVersion",
+      args: [e, t]
+    });
+    return N(n);
+  }
+  async getCurrentVaultKeepers(e) {
+    const t = await this.publicClient.readContract({
+      address: this.contractAddress,
+      abi: H,
+      functionName: "getCurrentVaultKeepers",
+      args: [e]
+    });
+    return N(t);
+  }
+  async getCurrentVaultKeepersVersion(e) {
+    return await this.publicClient.readContract({
+      address: this.contractAddress,
+      abi: H,
+      functionName: "getCurrentVaultKeepersVersion",
+      args: [e]
+    });
+  }
+}
+class lt {
+  constructor(e, t) {
+    this.publicClient = e, this.contractAddress = t;
+  }
+  async getUniversalChallengersByVersion(e) {
+    const t = await this.publicClient.readContract({
+      address: this.contractAddress,
+      abi: b,
+      functionName: "getUniversalChallengersByVersion",
+      args: [e]
+    });
+    return N(t);
+  }
+  async getCurrentUniversalChallengers() {
+    const e = await this.publicClient.readContract({
+      address: this.contractAddress,
+      abi: b,
+      functionName: "getCurrentUniversalChallengers"
+    });
+    return N(e);
+  }
+  async getLatestUniversalChallengersVersion() {
+    return await this.publicClient.readContract({
+      address: this.contractAddress,
+      abi: b,
+      functionName: "latestUniversalChallengersVersion"
+    });
+  }
+}
+var be = /* @__PURE__ */ ((r) => (r[r.PENDING = 0] = "PENDING", r[r.VERIFIED = 1] = "VERIFIED", r[r.ACTIVE = 2] = "ACTIVE", r[r.REDEEMED = 3] = "REDEEMED", r[r.EXPIRED = 4] = "EXPIRED", r))(be || {});
+const J = new Set(Object.values(ge)), ye = 200;
+function l(r) {
+  var e;
+  return ((e = JSON.stringify(r)) == null ? void 0 : e.slice(0, ye)) ?? "undefined";
+}
+const we = "The vault provider returned an unexpected response. Please try again or contact support.";
+class i extends Error {
+  constructor(t) {
+    super(we);
+    h(this, "detail");
+    this.name = "VpResponseValidationError", this.detail = t;
+  }
+}
+const $ = 64;
+function P(r) {
+  return typeof r == "string" && r.length > 0 && k.test(r);
+}
+function ee(r) {
+  return typeof r == "string" && r.length > 0;
+}
+function te(r, e) {
+  if (!P(r))
+    throw new i(
+      `VP response validation failed: "${e}" must be a non-empty hex string, got ${l(r)}`
+    );
+}
+function m(r, e) {
+  if (!ee(r))
+    throw new i(
+      `VP response validation failed: "${e}" must be a non-empty string, got ${l(r)}`
+    );
+}
+function G(r, e) {
+  if (!P(r) || r.length !== R && r.length !== U)
+    throw new i(
+      `VP response validation failed: "${e}" must be a ${R} or ${U}-char hex string (BTC pubkey), got ${l(r)}`
+    );
+}
+function Pe(r) {
+  const e = r.presigning;
+  if (e == null) return;
+  if (typeof e != "object" || Array.isArray(e))
+    throw new i(
+      'VP response validation failed: "progress.presigning" must be an object if present'
+    );
+  const t = e;
+  if (t.depositor_graph_created !== void 0 && typeof t.depositor_graph_created != "boolean")
+    throw new i(
+      `VP response validation failed: "progress.presigning.depositor_graph_created" must be a boolean if present, got ${l(t.depositor_graph_created)}`
+    );
+  if (t.vk_challenger_presigning_completed !== void 0 && typeof t.vk_challenger_presigning_completed != "number")
+    throw new i(
+      `VP response validation failed: "progress.presigning.vk_challenger_presigning_completed" must be a number if present, got ${l(t.vk_challenger_presigning_completed)}`
+    );
+  if (t.vk_challenger_presigning_total !== void 0 && typeof t.vk_challenger_presigning_total != "number")
+    throw new i(
+      `VP response validation failed: "progress.presigning.vk_challenger_presigning_total" must be a number if present, got ${l(t.vk_challenger_presigning_total)}`
+    );
+}
+function re(r) {
+  if (r === null || typeof r != "object")
+    throw new i(
+      "VP response validation failed: getPeginStatus response is not an object"
+    );
+  const e = r;
+  if (!P(e.pegin_txid) || e.pegin_txid.length !== $)
+    throw new i(
+      `VP response validation failed: "pegin_txid" must be a ${$}-char hex string (txid), got ${l(e.pegin_txid)}`
+    );
+  if (typeof e.status != "string")
+    throw new i(
+      'VP response validation failed: "status" must be a string'
+    );
+  if (!J.has(e.status))
+    throw new i(
+      `VP response validation failed: unrecognized status "${e.status}". Expected one of: ${[...J].join(", ")}`
+    );
+  if (e.progress === null || typeof e.progress != "object" || Array.isArray(e.progress))
+    throw new i(
+      'VP response validation failed: "progress" must be an object'
+    );
+  if (Pe(e.progress), typeof e.health_info != "string")
+    throw new i(
+      'VP response validation failed: "health_info" must be a string'
+    );
+  if (e.last_error !== void 0 && typeof e.last_error != "string")
+    throw new i(
+      `VP response validation failed: "last_error" must be a string if present, got ${l(e.last_error)}`
+    );
+}
+function xe(r) {
+  if (r === null || typeof r != "object")
+    throw new i(
+      "VP response validation failed: requestDepositorPresignTransactions response is not an object"
+    );
+  const e = r;
+  if (!Array.isArray(e.txs))
+    throw new i(
+      'VP response validation failed: "txs" must be an array'
+    );
+  for (let t = 0; t < e.txs.length; t++)
+    ve(e.txs[t], `txs[${t}]`);
+  if (e.depositor_graph === null || typeof e.depositor_graph != "object")
+    throw new i(
+      'VP response validation failed: "depositor_graph" must be an object'
+    );
+  Ie(
+    e.depositor_graph
+  );
+}
+function y(r, e) {
+  if (r === null || typeof r != "object")
+    throw new i(
+      `VP response validation failed: "${e}" must be an object`
+    );
+  te(r.tx_hex, `${e}.tx_hex`);
+}
+function ve(r, e) {
+  if (r === null || typeof r != "object")
+    throw new i(
+      `VP response validation failed: "${e}" must be an object`
+    );
+  const t = r;
+  G(t.claimer_pubkey, `${e}.claimer_pubkey`), y(t.claim_tx, `${e}.claim_tx`), y(t.assert_tx, `${e}.assert_tx`), y(t.payout_tx, `${e}.payout_tx`), m(t.payout_psbt, `${e}.payout_psbt`);
+}
+function Ae(r, e) {
+  if (r === null || typeof r != "object")
+    throw new i(
+      `VP response validation failed: "${e}" must be an object`
+    );
+  const t = r;
+  m(t.wots_pks_json, `${e}.wots_pks_json`), m(t.gc_wots_keys_json, `${e}.gc_wots_keys_json`);
+}
+function $e(r, e) {
+  if (r === null || typeof r != "object")
+    throw new i(
+      `VP response validation failed: "${e}" must be an object`
+    );
+  const t = r;
+  if (G(t.challenger_pubkey, `${e}.challenger_pubkey`), y(
+    t.challenge_assert_x_tx,
+    `${e}.challenge_assert_x_tx`
+  ), y(
+    t.challenge_assert_y_tx,
+    `${e}.challenge_assert_y_tx`
+  ), y(t.nopayout_tx, `${e}.nopayout_tx`), m(t.nopayout_psbt, `${e}.nopayout_psbt`), !Array.isArray(t.challenge_assert_connectors))
+    throw new i(
+      `VP response validation failed: "${e}.challenge_assert_connectors" must be an array`
+    );
+  for (let n = 0; n < t.challenge_assert_connectors.length; n++)
+    Ae(
+      t.challenge_assert_connectors[n],
+      `${e}.challenge_assert_connectors[${n}]`
+    );
+  if (!Array.isArray(t.output_label_hashes))
+    throw new i(
+      `VP response validation failed: "${e}.output_label_hashes" must be an array`
+    );
+  for (let n = 0; n < t.output_label_hashes.length; n++)
+    te(
+      t.output_label_hashes[n],
+      `${e}.output_label_hashes[${n}]`
+    );
+}
+function ke(r) {
+  if (r === null || typeof r != "object")
+    throw new i(
+      "VP response validation failed: requestDepositorClaimerArtifacts response is not an object"
+    );
+  const e = r;
+  if (!ee(e.tx_graph_json))
+    throw new i(
+      `VP response validation failed: "tx_graph_json" must be a non-empty string, got ${l(e.tx_graph_json)}`
+    );
+  if (!P(e.verifying_key_hex))
+    throw new i(
+      `VP response validation failed: "verifying_key_hex" must be a non-empty hex string, got ${l(e.verifying_key_hex)}`
+    );
+  if (e.babe_sessions === null || typeof e.babe_sessions != "object" || Array.isArray(e.babe_sessions))
+    throw new i(
+      'VP response validation failed: "babe_sessions" must be an object'
+    );
+  const t = Object.entries(
+    e.babe_sessions
+  );
+  if (t.length === 0)
+    throw new i(
+      'VP response validation failed: "babe_sessions" must contain at least one challenger entry'
+    );
+  for (const [n, s] of t) {
+    if (G(n, `babe_sessions["${n}"]`), s === null || typeof s != "object")
+      throw new i(
+        `VP response validation failed: "babe_sessions.${n}" must be an object`
+      );
+    const a = s;
+    if (!P(a.decryptor_artifacts_hex))
+      throw new i(
+        `VP response validation failed: "babe_sessions.${n}.decryptor_artifacts_hex" must be a non-empty hex string, got ${l(a.decryptor_artifacts_hex)}`
+      );
+  }
+}
+function Ve(r) {
+  if (r === null || typeof r != "object")
+    throw new i(
+      "VP response validation failed: pegout status payload is not an object"
+    );
+  const e = r;
+  if (!P(e.pegin_txid) || e.pegin_txid.length !== $)
+    throw new i(
+      `VP response validation failed: "pegin_txid" must be a ${$}-char hex string (txid), got ${l(e.pegin_txid)}`
+    );
+  if (typeof e.found != "boolean")
+    throw new i(
+      `VP response validation failed: "found" must be a boolean, got ${l(e.found)}`
+    );
+  if (e.claimer !== null) {
+    if (typeof e.claimer != "object")
+      throw new i(
+        `VP response validation failed: "claimer" must be an object or null, got ${l(e.claimer)}`
+      );
+    Se(e.claimer);
+  }
+  if (!Array.isArray(e.challengers))
+    throw new i(
+      `VP response validation failed: "challengers" must be an array, got ${l(e.challengers)}`
+    );
+  for (let t = 0; t < e.challengers.length; t++)
+    Te(e.challengers[t], t);
+}
+function Se(r) {
+  if (m(r.status, "claimer.status"), typeof r.failed != "boolean")
+    throw new i(
+      `VP response validation failed: "claimer.failed" must be a boolean, got ${l(r.failed)}`
+    );
+  if (m(r.claim_txid, "claimer.claim_txid"), m(r.claimer_pubkey, "claimer.claimer_pubkey"), m(r.assert_txid, "claimer.assert_txid"), typeof r.created_at != "number")
+    throw new i(
+      `VP response validation failed: "claimer.created_at" must be a number, got ${l(r.created_at)}`
+    );
+  if (typeof r.updated_at != "number")
+    throw new i(
+      `VP response validation failed: "claimer.updated_at" must be a number, got ${l(r.updated_at)}`
+    );
+}
+function Te(r, e) {
+  if (r === null || typeof r != "object")
+    throw new i(
+      `VP response validation failed: "challengers[${e}]" must be an object, got ${l(r)}`
+    );
+  const t = r;
+  if (m(t.status, `challengers[${e}].status`), m(t.claim_txid, `challengers[${e}].claim_txid`), m(t.claimer_pubkey, `challengers[${e}].claimer_pubkey`), C(t.assert_txid, `challengers[${e}].assert_txid`), C(
+    t.challenge_assert_x_txid,
+    `challengers[${e}].challenge_assert_x_txid`
+  ), C(
+    t.challenge_assert_y_txid,
+    `challengers[${e}].challenge_assert_y_txid`
+  ), C(t.nopayout_txid, `challengers[${e}].nopayout_txid`), typeof t.created_at != "number")
+    throw new i(
+      `VP response validation failed: "challengers[${e}].created_at" must be a number, got ${l(t.created_at)}`
+    );
+  if (typeof t.updated_at != "number")
+    throw new i(
+      `VP response validation failed: "challengers[${e}].updated_at" must be a number, got ${l(t.updated_at)}`
+    );
+}
+function C(r, e) {
+  if (r !== null && typeof r != "string")
+    throw new i(
+      `VP response validation failed: "${e}" must be a string or null, got ${l(r)}`
+    );
+}
+function Ee(r) {
+  ne(r, "batchGetPeginStatus", (e) => {
+    e.result !== null && re(e.result);
+  });
+}
+function Ce(r) {
+  ne(r, "batchGetPegoutStatus", (e) => {
+    e.result !== null && Ve(e.result);
+  });
+}
+function ne(r, e, t) {
+  if (r === null || typeof r != "object")
+    throw new i(
+      `VP response validation failed: ${e} response is not an object`
+    );
+  const n = r;
+  if (!Array.isArray(n.results))
+    throw new i(
+      `VP response validation failed: "${e}.results" must be an array, got ${l(n.results)}`
+    );
+  for (let s = 0; s < n.results.length; s++) {
+    const a = n.results[s];
+    if (a === null || typeof a != "object")
+      throw new i(
+        `VP response validation failed: "${e}.results[${s}]" must be an object, got ${l(a)}`
+      );
+    const o = a;
+    if (!P(o.pegin_txid) || o.pegin_txid.length !== $)
+      throw new i(
+        `VP response validation failed: "${e}.results[${s}].pegin_txid" must be a ${$}-char hex string, got ${l(o.pegin_txid)}`
+      );
+    if (o.error !== null && typeof o.error != "string")
+      throw new i(
+        `VP response validation failed: "${e}.results[${s}].error" must be a string or null, got ${l(o.error)}`
+      );
+    if (o.result === null && o.error === null)
+      throw new i(
+        `VP response validation failed: "${e}.results[${s}]" has neither "result" nor "error" populated`
+      );
+    if (o.result !== null && o.error !== null)
+      throw new i(
+        `VP response validation failed: "${e}.results[${s}]" has both "result" and "error" populated`
+      );
+    t(o, s);
+  }
+}
+function Ie(r) {
+  if (y(r.claim_tx, "depositor_graph.claim_tx"), y(r.assert_tx, "depositor_graph.assert_tx"), y(r.payout_tx, "depositor_graph.payout_tx"), m(r.payout_psbt, "depositor_graph.payout_psbt"), !Array.isArray(r.challenger_presign_data))
+    throw new i(
+      'VP response validation failed: "depositor_graph.challenger_presign_data" must be an array'
+    );
+  for (let e = 0; e < r.challenger_presign_data.length; e++)
+    $e(
+      r.challenger_presign_data[e],
+      `depositor_graph.challenger_presign_data[${e}]`
+    );
+  if (typeof r.offchain_params_version != "number")
+    throw new i(
+      'VP response validation failed: "depositor_graph.offchain_params_version" must be a number'
+    );
+}
+const Re = 6e4;
+class Ne {
+  constructor(e, t) {
+    h(this, "client");
+    const n = {
+      baseUrl: e,
+      timeout: (t == null ? void 0 : t.timeout) ?? Re,
+      retries: t == null ? void 0 : t.retries,
+      retryDelay: t == null ? void 0 : t.retryDelay,
+      retryableFor: t == null ? void 0 : t.retryableFor,
+      headers: t == null ? void 0 : t.headers,
+      tokenProvider: t == null ? void 0 : t.tokenProvider,
+      maxResponseBytes: t == null ? void 0 : t.maxResponseBytes
+    };
+    this.client = new Q(n);
+  }
+  /**
+   * Request the payout/claim/assert transactions that the depositor
+   * needs to pre-sign before the vault can be activated on Bitcoin.
+   */
+  async requestDepositorPresignTransactions(e, t) {
+    const n = await this.client.call("vaultProvider_requestDepositorPresignTransactions", e, t);
+    return xe(n), n;
+  }
+  /**
+   * Submit the depositor's pre-signatures for the payout transactions
+   * and the depositor-as-claimer graph.
+   */
+  async submitDepositorPresignatures(e, t) {
+    return this.client.call(
+      "vaultProvider_submitDepositorPresignatures",
+      e,
+      t
+    );
+  }
+  /**
+   * Submit the depositor's WOTS public key to the vault provider.
+   * Called after the pegin is finalized on Ethereum, when the VP is in
+   * `PendingDepositorWotsPK` status.
+   */
+  async submitDepositorWotsKey(e, t) {
+    return this.client.call(
+      "vaultProvider_submitDepositorWotsKey",
+      e,
+      t
+    );
+  }
+  /**
+   * Request the BaBe DecryptorArtifacts needed for the depositor to
+   * independently evaluate garbled circuits during a challenge.
+   */
+  async requestDepositorClaimerArtifacts(e, t) {
+    const n = await this.client.call("vaultProvider_requestDepositorClaimerArtifacts", e, t);
+    return ke(n), n;
+  }
+  /** Get the current pegin status from the vault provider daemon. */
+  async getPeginStatus(e, t) {
+    const n = await this.client.call(
+      "vaultProvider_getPeginStatus",
+      e,
+      t
+    );
+    return re(n), n;
+  }
+  /**
+   * Get pegin status for many txids in one round trip. Per-result envelope
+   * isolates per-pegin failures from the overall RPC. Caller must chunk
+   * inputs at `VP_BATCH_MAX_SIZE`.
+   */
+  async batchGetPeginStatus(e, t) {
+    const n = await this.client.call("vaultProvider_batchGetPeginStatus", e, t);
+    return Ee(n), n;
+  }
+  /**
+   * Get pegout status for many txids in one round trip. Same per-result
+   * envelope semantics as `batchGetPeginStatus`.
+   */
+  async batchGetPegoutStatus(e, t) {
+    const n = await this.client.call("vaultProvider_batchGetPegoutStatus", e, t);
+    return Ce(n), n;
+  }
+}
+function De(r, e) {
+  const t = /* @__PURE__ */ new Set();
+  for (const u of r)
+    t.add(u.toLowerCase());
+  const n = /* @__PURE__ */ new Map(), s = /* @__PURE__ */ new Set(), a = [], o = [];
+  for (const u of e) {
+    const d = u.pegin_txid.toLowerCase();
+    if (!t.has(d)) {
+      o.push(d);
+      continue;
+    }
+    if (s.has(d)) {
+      a.push(d);
+      continue;
+    }
+    s.add(d), n.set(d, { result: u.result, error: u.error });
+  }
+  const c = [];
+  for (const u of t)
+    s.has(u) || c.push(u);
+  return { byTxid: n, missing: c, unexpected: o, duplicate: a };
+}
+async function ut(r) {
+  const {
+    items: e,
+    getTxid: t,
+    batchCall: n,
+    onItem: s,
+    onMissing: a,
+    onDuplicate: o,
+    onDuplicateBatch: c,
+    onWholeBatchError: u,
+    onUnexpected: d,
+    batchSize: f = fe
+  } = r;
+  if (!Number.isInteger(f) || f <= 0)
+    throw new Error(
+      `batchPollByProvider: batchSize must be a positive integer, got ${f}`
+    );
+  for (let w = 0; w < e.length; w += f) {
+    const x = e.slice(w, w + f), V = /* @__PURE__ */ new Map(), B = [];
+    for (const p of x) {
+      const _ = t(p).toLowerCase();
+      V.set(_, p), B.push(_);
+    }
+    let v;
+    try {
+      const p = await n(B);
+      v = De(B, p.results);
+    } catch (p) {
+      u(x, p);
+      continue;
+    }
+    d && v.unexpected.length > 0 && d(v.unexpected);
+    const S = new Set(v.duplicate);
+    for (const p of S) {
+      const _ = V.get(p);
+      _ && o(_);
+    }
+    c && S.size > 0 && c(S.size);
+    for (const p of v.missing) {
+      const _ = V.get(p);
+      _ && a(_);
+    }
+    for (const [p, _] of v.byTxid) {
+      if (S.has(p)) continue;
+      const F = V.get(p);
+      F && s(F, {
+        pegin_txid: p,
+        result: _.result,
+        error: _.error
+      });
+    }
+  }
+}
+const Be = "BIP0322-signed-message", He = "TapTweak", se = 32, je = 64;
+function ie(r, e) {
+  const t = new TextEncoder().encode(r), n = X(t), s = new Uint8Array(n.length * 2 + e.length);
+  return s.set(n, 0), s.set(n, n.length), s.set(e, n.length * 2), X(s);
+}
+function Oe(r) {
+  if (r.length !== se) return null;
+  const e = ie(He, r), t = M.xOnlyPointAddTweak(r, e);
+  return t ? t.xOnlyPubkey : null;
+}
+function Ue(r, e, t) {
+  if (e.length !== se || t.length !== je) return !1;
+  try {
+    const n = ie(Be, r), s = _e.p2tr({
+      internalPubkey: A.from(e)
+    });
+    if (!s.output) return !1;
+    const a = s.output, o = 0, c = new O();
+    c.version = 0, c.locktime = 0;
+    const u = A.concat([
+      A.from([0, 32]),
+      A.from(n)
+    ]);
+    c.addInput(
+      A.alloc(32, 0),
+      // prev_txid = 0x0000...0000
+      4294967295,
+      // prev_vout = 0xFFFFFFFF
+      0,
+      // sequence = 0
+      u
+    ), c.addOutput(a, o);
+    const d = new O();
+    d.version = 0, d.locktime = 0;
+    const f = c.getHash();
+    d.addInput(f, 0, 0), d.addOutput(A.from([106]), o);
+    const w = d.hashForWitnessV1(
+      0,
+      [a],
+      [o],
+      O.SIGHASH_DEFAULT
+    ), x = Oe(e);
+    return x ? M.verifySchnorr(w, x, t) : !1;
+  } catch {
+    return !1;
+  }
+}
+function D(r, e) {
+  const t = (r & 7) << 5, n = typeof e == "bigint" ? e : BigInt(e);
+  if (n < 0n) throw new Error("cborHead: negative argument");
+  if (n < 24n) return new Uint8Array([t | Number(n)]);
+  if (n < 0x100n) return new Uint8Array([t | 24, Number(n)]);
+  if (n < 0x10000n) {
+    const a = Number(n);
+    return new Uint8Array([t | 25, a >>> 8 & 255, a & 255]);
+  }
+  if (n < 0x100000000n) {
+    const a = Number(n);
+    return new Uint8Array([
+      t | 26,
+      a >>> 24 & 255,
+      a >>> 16 & 255,
+      a >>> 8 & 255,
+      a & 255
+    ]);
+  }
+  const s = new Uint8Array(9);
+  s[0] = t | 27;
+  for (let a = 7; a >= 0; a--)
+    s[1 + a] = Number(n >> BigInt((7 - a) * 8)) & 255;
+  return s;
+}
+function ae(...r) {
+  const e = r.reduce((s, a) => s + a.length, 0), t = new Uint8Array(e);
+  let n = 0;
+  for (const s of r)
+    t.set(s, n), n += s.length;
+  return t;
+}
+function Y(r) {
+  const t = [D(4, r.length)];
+  for (const n of r)
+    t.push(D(0, n));
+  return ae(...t);
+}
+function Le(r, e, t) {
+  if (!Number.isSafeInteger(t) || t < 0)
+    throw new Error(
+      `encodeServerIdentityPayload: expires_at must be a non-negative safe integer, got ${t}`
+    );
+  const n = D(4, 3), s = Y(r), a = Y(e), o = D(0, t);
+  return ae(n, s, a, o);
+}
+const Me = new TextEncoder().encode(
+  "btc-auth.server-identity.v1"
+), Ge = 2 * 3600;
+class g extends Error {
+  constructor(e, t) {
+    super(e), this.reason = t, this.name = "ServerIdentityError";
+  }
+}
+function I(r) {
+  const e = new Uint8Array(r.length / 2);
+  for (let t = 0; t < e.length; t++)
+    e[t] = parseInt(r.slice(t * 2, t * 2 + 2), 16);
+  return e;
+}
+function Fe(r) {
+  const { proof: e, pinnedServerPubkey: t, now: n } = r, s = r.maxLifetimeSecs ?? Ge, a = T(t).toLowerCase();
+  if (a.length !== R || !k.test(a))
+    throw new g(
+      `pinnedServerPubkey must be 32-byte hex; got ${a.length} chars`,
+      "invalid_pubkey_encoding"
+    );
+  const o = T(e.server_pubkey).toLowerCase();
+  if (o.length !== R || !k.test(o))
+    throw new g(
+      `server_pubkey must be 32-byte hex; got ${o.length} chars`,
+      "invalid_pubkey_encoding"
+    );
+  if (o !== a)
+    throw new g(
+      `server_pubkey does not match pinned value: expected ${a}, got ${o}`,
+      "pinned_pubkey_mismatch"
+    );
+  if (!Number.isSafeInteger(e.expires_at))
+    throw new g(
+      `expires_at must be a finite integer; got ${JSON.stringify(e.expires_at)}`,
+      "invalid_expires_at"
+    );
+  if (!Number.isSafeInteger(n))
+    throw new g(
+      `now must be a finite integer; got ${JSON.stringify(n)}`,
+      "invalid_expires_at"
+    );
+  if (e.expires_at <= n)
+    throw new g(
+      `server identity proof expired at ${e.expires_at}, now ${n}`,
+      "expired"
+    );
+  if (!Number.isSafeInteger(s) || s <= 0)
+    throw new g(
+      `maxLifetimeSecs must be a positive safe integer; got ${JSON.stringify(s)}`,
+      "invalid_max_lifetime"
+    );
+  if (e.expires_at - n > s)
+    throw new g(
+      `server identity proof expires too far in the future: expires_at=${e.expires_at}, now=${n}, max lifetime=${s}s`,
+      "expires_too_far"
+    );
+  const c = T(e.ephemeral_pubkey).toLowerCase();
+  if (c.length !== U || !k.test(c))
+    throw new g(
+      `ephemeral_pubkey must be 33-byte compressed hex; got ${c.length} chars`,
+      "invalid_ephemeral_pubkey"
+    );
+  const u = c.slice(0, 2);
+  if (u !== "02" && u !== "03")
+    throw new g(
+      `ephemeral_pubkey must be compressed (prefix 02/03); got ${u}`,
+      "invalid_ephemeral_pubkey"
+    );
+  const d = I(c);
+  if (!M.isPoint(d))
+    throw new g(
+      "ephemeral_pubkey is not a valid secp256k1 point",
+      "invalid_ephemeral_pubkey"
+    );
+  const f = T(e.signature).toLowerCase();
+  if (f.length !== me || !k.test(f))
+    throw new g(
+      `signature must be 64-byte Schnorr hex; got ${f.length} chars`,
+      "invalid_signature_encoding"
+    );
+  const w = Le(
+    Me,
+    I(c),
+    e.expires_at
+  );
+  if (!Ue(w, I(o), I(f)))
+    throw new g(
+      "BIP-322 signature verification failed — ephemeral key is not attested by pinned server pubkey",
+      "signature_verification_failed"
+    );
+}
+const Ke = /* @__PURE__ */ new Set([
+  "vaultProvider_submitDepositorWotsKey",
+  "vaultProvider_submitDepositorPresignatures",
+  "vaultProvider_requestDepositorPresignTransactions",
+  "vaultProvider_requestDepositorClaimerArtifacts"
+]), Xe = 6e4, L = "auth_createDepositorToken";
+function oe(r, e) {
+  return new Q({
+    baseUrl: r,
+    timeout: Xe,
+    headers: e,
+    retryableFor: (t) => t === L
+  });
+}
+const Z = 4102444800, qe = 30;
+class ze {
+  constructor(e) {
+    // `client` is the only mutable field — see `setClient`. The
+    // identity-bearing fields (peginTxid/authAnchorHex/pinnedServerPubkey)
+    // remain readonly and are checked against re-registration in the
+    // registry's `getOrCreate`.
+    h(this, "client");
+    h(this, "peginTxid");
+    h(this, "authAnchorHex");
+    h(this, "pinnedServerPubkey");
+    h(this, "authGatedMethods");
+    h(this, "refreshSkewSecs");
+    h(this, "now");
+    h(this, "cached", null);
+    h(this, "inFlight", null);
+    this.client = e.client, this.peginTxid = e.peginTxid, this.authAnchorHex = e.authAnchorHex, this.pinnedServerPubkey = e.pinnedServerPubkey, this.authGatedMethods = e.authGatedMethods, this.refreshSkewSecs = e.refreshSkewSecs ?? qe, this.now = e.now ?? (() => Math.floor(Date.now() / 1e3));
+  }
+  /**
+   * Return a bearer token for `method`, or `null` if `method` is not
+   * auth-gated. Triggers a token acquisition if no token is cached or
+   * the cached token is within {@link refreshSkewSecs} of expiry.
+   *
+   * The token-issuing method itself is hard-exempted from the gate —
+   * if `auth_createDepositorToken` were ever included in
+   * `authGatedMethods` (caller misconfiguration) the provider would
+   * recurse into `acquireSingleFlight` from inside the JSON-RPC header
+   * builder before `inFlight` is assigned, defeating the single-flight
+   * guard. Returning `null` here breaks that recursion deterministically.
+   */
+  async getToken(e) {
+    if (e === L || !this.authGatedMethods.has(e)) return null;
+    const t = this.cached;
+    return t && this.now() + this.refreshSkewSecs < t.expiresAt ? t.token : (await this.acquireSingleFlight()).token;
+  }
+  /**
+   * Drop the cached token. Next `getToken` call re-acquires.
+   * Called by `JsonRpcClient` on wire `auth_expired` responses.
+   */
+  invalidate() {
+    this.cached = null;
+  }
+  /**
+   * Swap in a different transport for subsequent token-issuing calls.
+   * Used by the registry when a later caller registers the same
+   * `peginTxid` against a different `baseUrl` — the cached token
+   * (bound to identity, not transport) stays valid, but future
+   * refreshes hit the new URL. An in-flight acquire keeps using the
+   * old client (it captured the reference); next call uses the new.
+   */
+  setClient(e) {
+    this.client = e;
+  }
+  acquireSingleFlight() {
+    const e = this.inFlight;
+    if (e) return e;
+    const t = (async () => {
+      try {
+        const n = await this.client.call(L, {
+          pegin_txid: this.peginTxid,
+          auth_anchor: this.authAnchorHex
+        });
+        if (Fe({
+          proof: n.server_identity,
+          pinnedServerPubkey: this.pinnedServerPubkey,
+          now: this.now()
+        }), typeof n.token != "string" || n.token.length === 0)
+          throw new Error(
+            `VpTokenProvider: invalid token in acquire response (expected non-empty string, got ${typeof n.token})`
+          );
+        const s = this.now();
+        if (!Number.isSafeInteger(n.expires_at) || n.expires_at <= s || n.expires_at > Z)
+          throw new Error(
+            `VpTokenProvider: invalid expires_at in acquire response (got ${JSON.stringify(n.expires_at)}; must be a safe integer in (${s}, ${Z}])`
+          );
+        const a = {
+          token: n.token,
+          expiresAt: n.expires_at
+        };
+        return this.cached = a, a;
+      } finally {
+        this.inFlight = null;
+      }
+    })();
+    return this.inFlight = t, t;
+  }
+}
+class We {
+  constructor() {
+    h(this, "entries", /* @__PURE__ */ new Map());
+  }
+  /**
+   * Return the cached `VpTokenProvider` for `peginTxid` if one exists
+   * with matching `authAnchorHex` and `pinnedServerPubkey`, otherwise
+   * construct and cache a fresh provider. A mismatch on either field
+   * throws — silent overwrite would mask derivation drift or VP
+   * pubkey rotation.
+   */
+  getOrCreate(e) {
+    const t = this.entries.get(e.peginTxid);
+    if (t) {
+      if (t.authAnchorHex !== e.authAnchorHex)
+        throw new Error(
+          `VpTokenRegistry: peginTxid ${e.peginTxid} already bound to authAnchorHex ${t.authAnchorHex.slice(0, 8)}…; got ${e.authAnchorHex.slice(0, 8)}…`
+        );
+      if (t.pinnedServerPubkey !== e.pinnedServerPubkey)
+        throw new Error(
+          `VpTokenRegistry: peginTxid ${e.peginTxid} already bound to pinnedServerPubkey ${t.pinnedServerPubkey.slice(0, 8)}…; got ${e.pinnedServerPubkey.slice(0, 8)}…`
+        );
+      return t.provider.setClient(e.client), t.provider;
+    }
+    const n = new ze({
+      client: e.client,
+      peginTxid: e.peginTxid,
+      authAnchorHex: e.authAnchorHex,
+      pinnedServerPubkey: e.pinnedServerPubkey,
+      authGatedMethods: Ke
+    });
+    return this.entries.set(e.peginTxid, {
+      provider: n,
+      authAnchorHex: e.authAnchorHex,
+      pinnedServerPubkey: e.pinnedServerPubkey
+    }), n;
+  }
+  /** Return the cached provider, or `undefined` if none. */
+  peek(e) {
+    var t;
+    return (t = this.entries.get(e)) == null ? void 0 : t.provider;
+  }
+  /**
+   * Evict the entry for `peginTxid`. Idempotent. Called on terminal
+   * paths — activation success, user-cancel, or component unmount —
+   * so `authAnchorHex` doesn't outlive the deposit session.
+   */
+  release(e) {
+    this.entries.delete(e);
+  }
+  /**
+   * Wipe every cached entry. Test-only escape hatch — not exposed on
+   * the public {@link VpTokenRegistryPublic} singleton type.
+   *
+   * @internal
+   */
+  clear() {
+    this.entries.clear();
+  }
+  get size() {
+    return this.entries.size;
+  }
+}
+const ce = new We();
+function dt(r) {
+  var n;
+  const e = oe(
+    r.baseUrl,
+    (n = r.options) == null ? void 0 : n.headers
+  ), t = ce.getOrCreate({
+    client: e,
+    peginTxid: r.peginTxid,
+    authAnchorHex: r.authAnchorHex,
+    pinnedServerPubkey: r.pinnedServerPubkey
+  });
+  return new Ne(r.baseUrl, {
+    ...r.options,
+    tokenProvider: t
+  });
+}
+function pt(r) {
+  ce.getOrCreate({
+    client: oe(r.baseUrl, r.headers),
+    peginTxid: r.peginTxid,
+    authAnchorHex: r.authAnchorHex,
+    pinnedServerPubkey: r.pinnedServerPubkey
+  });
+}
+export {
+  be as O,
+  g as S,
+  Ne as V,
+  i as a,
+  ut as b,
+  Fe as c,
+  We as d,
+  ce as e,
+  dt as f,
+  ot as g,
+  lt as h,
+  ct as i,
+  pt as p,
+  at as r,
+  ke as v
+};
+//# sourceMappingURL=primeVpAuth-qEC9TTO_.js.map