@babylonlabs-io/ts-sdk 0.48.3 → 0.48.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (61) hide show
  1. package/dist/{PayoutManager-DD1audlx.cjs → PayoutManager-BZVEyi10.cjs} +2 -2
  2. package/dist/{PayoutManager-DD1audlx.cjs.map → PayoutManager-BZVEyi10.cjs.map} +1 -1
  3. package/dist/{PayoutManager-D02AePm4.js → PayoutManager-D26nGR-e.js} +2 -2
  4. package/dist/{PayoutManager-D02AePm4.js.map → PayoutManager-D26nGR-e.js.map} +1 -1
  5. package/dist/{PeginManager-6seoi9mV.js → PeginManager-CNhDl1eC.js} +3 -3
  6. package/dist/{PeginManager-6seoi9mV.js.map → PeginManager-CNhDl1eC.js.map} +1 -1
  7. package/dist/{PeginManager-CHZieoEQ.cjs → PeginManager-NfDjKQGV.cjs} +2 -2
  8. package/dist/{PeginManager-CHZieoEQ.cjs.map → PeginManager-NfDjKQGV.cjs.map} +1 -1
  9. package/dist/{buildAndBroadcastRefund-mBrtVJAR.cjs → buildAndBroadcastRefund-BOtxUi05.cjs} +2 -2
  10. package/dist/{buildAndBroadcastRefund-mBrtVJAR.cjs.map → buildAndBroadcastRefund-BOtxUi05.cjs.map} +1 -1
  11. package/dist/{buildAndBroadcastRefund-DH3l183P.js → buildAndBroadcastRefund-o9Byvkut.js} +4 -4
  12. package/dist/{buildAndBroadcastRefund-DH3l183P.js.map → buildAndBroadcastRefund-o9Byvkut.js.map} +1 -1
  13. package/dist/challengeAssert-HNbugpqL.cjs +2 -0
  14. package/dist/challengeAssert-HNbugpqL.cjs.map +1 -0
  15. package/dist/{challengeAssert-ChvLypwc.js → challengeAssert-csvYXBJB.js} +7 -7
  16. package/dist/challengeAssert-csvYXBJB.js.map +1 -0
  17. package/dist/constants-CSG2XeD8.cjs +2 -0
  18. package/dist/constants-CSG2XeD8.cjs.map +1 -0
  19. package/dist/constants-Cd_fN8VT.js +12 -0
  20. package/dist/constants-Cd_fN8VT.js.map +1 -0
  21. package/dist/index.cjs +1 -1
  22. package/dist/index.js +7 -7
  23. package/dist/{noPayout-DHOpIvuE.js → noPayout-C1WCsqfd.js} +2 -2
  24. package/dist/{noPayout-DHOpIvuE.js.map → noPayout-C1WCsqfd.js.map} +1 -1
  25. package/dist/{noPayout-C-J_goKF.cjs → noPayout-lyIRiUyG.cjs} +2 -2
  26. package/dist/{noPayout-C-J_goKF.cjs.map → noPayout-lyIRiUyG.cjs.map} +1 -1
  27. package/dist/{primeVpAuth-rbejoBPu.js → primeVpAuth-Dzxxy0-F.js} +174 -169
  28. package/dist/primeVpAuth-Dzxxy0-F.js.map +1 -0
  29. package/dist/primeVpAuth-wKbRw0m4.cjs +2 -0
  30. package/dist/primeVpAuth-wKbRw0m4.cjs.map +1 -0
  31. package/dist/tbv/core/clients/index.cjs +1 -1
  32. package/dist/tbv/core/clients/index.js +1 -1
  33. package/dist/tbv/core/clients/vault-provider/validators.d.ts.map +1 -1
  34. package/dist/tbv/core/index.cjs +1 -1
  35. package/dist/tbv/core/index.js +7 -7
  36. package/dist/tbv/core/managers/index.cjs +1 -1
  37. package/dist/tbv/core/managers/index.js +2 -2
  38. package/dist/tbv/core/primitives/index.cjs +1 -1
  39. package/dist/tbv/core/primitives/index.js +3 -3
  40. package/dist/tbv/core/primitives/psbt/challengeAssert.d.ts +4 -4
  41. package/dist/tbv/core/primitives/psbt/challengeAssert.d.ts.map +1 -1
  42. package/dist/tbv/core/primitives/psbt/constants.d.ts +8 -0
  43. package/dist/tbv/core/primitives/psbt/constants.d.ts.map +1 -1
  44. package/dist/tbv/core/services/index.cjs +1 -1
  45. package/dist/tbv/core/services/index.js +2 -2
  46. package/dist/tbv/index.cjs +1 -1
  47. package/dist/tbv/index.js +7 -7
  48. package/dist/{verifyScriptPathSchnorrSignature-DFJAEleY.js → verifyScriptPathSchnorrSignature-CeZp6tMw.js} +77 -79
  49. package/dist/verifyScriptPathSchnorrSignature-CeZp6tMw.js.map +1 -0
  50. package/dist/verifyScriptPathSchnorrSignature-Cl7tu77P.cjs +2 -0
  51. package/dist/verifyScriptPathSchnorrSignature-Cl7tu77P.cjs.map +1 -0
  52. package/package.json +3 -3
  53. package/dist/challengeAssert-ChvLypwc.js.map +0 -1
  54. package/dist/challengeAssert-Culc7DoS.cjs +0 -2
  55. package/dist/challengeAssert-Culc7DoS.cjs.map +0 -1
  56. package/dist/primeVpAuth-Br6RwE3r.cjs +0 -2
  57. package/dist/primeVpAuth-Br6RwE3r.cjs.map +0 -1
  58. package/dist/primeVpAuth-rbejoBPu.js.map +0 -1
  59. package/dist/verifyScriptPathSchnorrSignature-D43cncKJ.cjs +0 -2
  60. package/dist/verifyScriptPathSchnorrSignature-D43cncKJ.cjs.map +0 -1
  61. package/dist/verifyScriptPathSchnorrSignature-DFJAEleY.js.map +0 -1
package/dist/verifyScriptPathSchnorrSignature-CeZp6tMw.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"verifyScriptPathSchnorrSignature-CeZp6tMw.js","sources":["../src/tbv/core/primitives/psbt/assertWasmPeginSizing.ts","../src/tbv/core/primitives/psbt/pegin.ts","../src/tbv/core/primitives/scripts/payout.ts","../src/tbv/core/primitives/psbt/payout.ts","../src/tbv/core/primitives/psbt/assertPsbtUnsignedTxMatches.ts","../src/tbv/core/primitives/psbt/verifyScriptPathSchnorrSignature.ts"],"sourcesContent":["/**\n * Cross-check the values WASM returns from `createPrePeginTransaction`\n * against independently-known expectations before they feed a signed\n * Bitcoin transaction or the on-chain PegIn registration.\n *\n * CLAUDE.md critical path #1: the Rust/WASM layer computes\n * `htlcValue = peginAmount + depositorClaimValue + minPeginFee` internally\n * and JS receives the outputs with no runtime validation. A doctored or\n * buggy binary that returns a different `peginAmount`, an out-of-formula\n * `htlcValue`, or a wrong `depositorClaimValue` would otherwise be committed\n * verbatim — taxing the depositor or starving the downstream tx graph of fees.\n *\n * @module primitives/psbt/assertWasmPeginSizing\n */\n\nimport {\n computeMinClaimValue,\n type PrePeginResult,\n} from \"@babylonlabs-io/babylon-tbv-rust-wasm\";\n\nimport { MAX_REASONABLE_PEGIN_VBYTES } from \"../../utils/fee/constants\";\nimport type { ParsedOutput } from \"../../utils/transaction/fundPeginTransaction\";\n\nimport type { PrePeginParams } from \"./pegin\";\n\n/**\n * Assert the WASM Pre-PegIn sizing result is internally consistent and\n * matches what the caller requested.\n *\n * The strong checks are pure-JS and fully independent of the WASM binary:\n * the per-HTLC `peginAmount` must equal the requested amount, array lengths\n * must match, and every value must be positive. The implied PegIn fee\n * (`htlcValue - peginAmount - depositorClaimValue`) is bounded by\n * plausibility rather than recomputed exactly, because JS↔Rust vbyte parity\n * is not a cross-stack guarantee (see {@link MAX_REASONABLE_PEGIN_VBYTES}).\n * The `depositorClaimValue` cross-check against `computeMinClaimValue` is a\n * WASM-vs-WASM consistency check (a different entry point), not an\n * independent one.\n *\n * @param result - The result returned by `createPrePeginTransaction`.\n * @param params - The parameters that were passed to build it.\n * @throws If any value is missing, non-positive, mismatched against the\n * request, or outside the protocol formula / plausibility bounds.\n */\nexport async function assertWasmPeginSizing(\n result: PrePeginResult,\n params: PrePeginParams,\n): Promise<void> {\n const expectedCount = params.pegInAmounts.length;\n\n // Count: every parallel array must carry exactly one entry per requested\n // deposit, otherwise the per-HTLC indexing downstream is meaningless.\n if (result.htlcValues.length !== expectedCount) {\n throw new Error(\n `WASM Pre-PegIn returned ${result.htlcValues.length} HTLC value(s), ` +\n `expected ${expectedCount} (one per requested deposit).`,\n );\n }\n if (\n result.peginAmounts.length !== expectedCount ||\n result.htlcScriptPubKeys.length !== expectedCount ||\n result.htlcAddresses.length !== expectedCount\n ) {\n throw new Error(\n `WASM Pre-PegIn returned mismatched array lengths ` +\n `(htlcValues=${result.htlcValues.length}, ` +\n `peginAmounts=${result.peginAmounts.length}, ` +\n `htlcScriptPubKeys=${result.htlcScriptPubKeys.length}, ` +\n `htlcAddresses=${result.htlcAddresses.length}); ` +\n `expected ${expectedCount} each.`,\n );\n }\n\n // depositorClaimValue: positivity + WASM-vs-WASM consistency. Sized by the\n // tx-graph `feeRate` (see PrePeginParams.feeRate), so the standalone\n // `computeMinClaimValue` must reproduce the constructor's internal value.\n if (result.depositorClaimValue <= 0n) {\n throw new Error(\n `WASM Pre-PegIn returned non-positive depositorClaimValue ` +\n `${result.depositorClaimValue}; expected > 0.`,\n );\n }\n const expectedClaimValue = await computeMinClaimValue(\n params.numLocalChallengers,\n params.universalChallengerPubkeys.length,\n params.councilQuorum,\n params.councilSize,\n params.feeRate,\n );\n if (result.depositorClaimValue !== expectedClaimValue) {\n throw new Error(\n `WASM Pre-PegIn depositorClaimValue ${result.depositorClaimValue} does ` +\n `not match the independently computed minimum claim value ` +\n `${expectedClaimValue} (numLocalChallengers=${params.numLocalChallengers}, ` +\n `numUniversalChallengers=${params.universalChallengerPubkeys.length}, ` +\n `councilQuorum=${params.councilQuorum}, councilSize=${params.councilSize}, ` +\n `feeRate=${params.feeRate}).`,\n );\n }\n\n const maxImpliedFee = params.minPeginFeeRate * MAX_REASONABLE_PEGIN_VBYTES;\n\n for (let i = 0; i < expectedCount; i++) {\n const requested = params.pegInAmounts[i];\n const peginAmount = result.peginAmounts[i];\n const htlcValue = result.htlcValues[i];\n\n // Amount echo (strongest, fully independent): the recorded pegin amount\n // must equal exactly what the caller requested. A mismatch is the\n // WASM-tax attack — the contract would record a doctored amount while the\n // depositor's wallet funds the original, and the difference is a\n // WASM-controlled tax.\n if (peginAmount !== requested) {\n throw new Error(\n `WASM Pre-PegIn peginAmount[${i}] ${peginAmount} does not match the ` +\n `requested amount ${requested}; refusing to build a tx whose ` +\n `recorded amount differs from the depositor's request.`,\n );\n }\n if (peginAmount <= 0n) {\n throw new Error(\n `WASM Pre-PegIn peginAmount[${i}] is non-positive (${peginAmount}); ` +\n `expected > 0.`,\n );\n }\n if (htlcValue <= 0n) {\n throw new Error(\n `WASM Pre-PegIn htlcValue[${i}] is non-positive (${htlcValue}); ` +\n `expected > 0.`,\n );\n }\n\n // Formula: htlcValue = peginAmount + depositorClaimValue + minPeginFee.\n // The implied fee must be strictly positive (the HTLC must reserve a real\n // PegIn fee) and within the plausibility bound.\n const impliedFee = htlcValue - peginAmount - result.depositorClaimValue;\n if (impliedFee <= 0n) {\n throw new Error(\n `WASM Pre-PegIn htlcValue[${i}] ${htlcValue} does not strictly cover ` +\n `peginAmount ${peginAmount} + depositorClaimValue ` +\n `${result.depositorClaimValue} + a PegIn fee (implied fee ` +\n `${impliedFee}).`,\n );\n }\n if (impliedFee > maxImpliedFee) {\n throw new Error(\n `WASM Pre-PegIn implied PegIn fee for HTLC[${i}] (${impliedFee} sat) ` +\n `exceeds the plausibility cap ${maxImpliedFee} sat ` +\n `(minPeginFeeRate=${params.minPeginFeeRate} × ` +\n `${MAX_REASONABLE_PEGIN_VBYTES} vbytes); htlcValue ${htlcValue} ` +\n `appears grossly inflated.`,\n );\n }\n }\n}\n\n/**\n * Bind the validated metadata to the bytes that actually get funded and\n * signed.\n *\n * `assertWasmPeginSizing` proves the WASM *metadata* (`htlcValues`,\n * `htlcScriptPubKeys`) matches the request and the protocol formula — but the\n * transaction the depositor funds and signs is `result.txHex`. If the encoded\n * tx carried a different HTLC output value or script than the metadata, the\n * depositor would fund a transaction whose real outputs differ from the values\n * that were cross-checked. This closes that final link: the encoded HTLC\n * outputs must equal the validated metadata.\n *\n * The WASM lays out HTLC outputs first (vouts `0..N-1`), then the optional\n * auth-anchor OP_RETURN, then the CPFP anchor — so we only compare the first\n * `htlcValues.length` outputs.\n *\n * @param outputs - Outputs parsed from the unfunded Pre-PegIn tx hex.\n * @param htlcValues - The (already value-validated) per-HTLC values.\n * @param htlcScriptPubKeys - The per-HTLC scriptPubKeys (hex).\n * @throws If the encoded outputs are too few, or any HTLC output's value or\n * scriptPubKey disagrees with the validated metadata.\n */\nexport function assertEncodedHtlcOutputsMatch(\n outputs: readonly ParsedOutput[],\n htlcValues: readonly bigint[],\n htlcScriptPubKeys: readonly string[],\n): void {\n if (outputs.length < htlcValues.length) {\n throw new Error(\n `Encoded Pre-PegIn tx has ${outputs.length} output(s), fewer than the ` +\n `${htlcValues.length} HTLC output(s) the cross-check validated.`,\n );\n }\n\n for (let i = 0; i < htlcValues.length; i++) {\n const encodedValue = BigInt(outputs[i].value);\n if (encodedValue !== htlcValues[i]) {\n throw new Error(\n `Encoded Pre-PegIn HTLC output[${i}] value ${encodedValue} does not ` +\n `match the cross-checked htlcValue ${htlcValues[i]}; the funded/signed ` +\n `tx would not pay the validated amount.`,\n );\n }\n\n const encodedScript = outputs[i].script.toString(\"hex\").toLowerCase();\n const expectedScript = htlcScriptPubKeys[i].toLowerCase();\n if (encodedScript !== expectedScript) {\n throw new Error(\n `Encoded Pre-PegIn HTLC output[${i}] scriptPubKey ${encodedScript} does ` +\n `not match the cross-checked htlcScriptPubKey ${expectedScript}.`,\n );\n }\n }\n}\n","/**\n * Pre-PegIn PSBT Builder Primitive\n *\n * This module provides pure functions for building unfunded Pre-PegIn transactions\n * and deriving PegIn transactions from them, using the WASM implementation from\n * @babylonlabs-io/babylon-tbv-rust-wasm.\n *\n * Pre-PegIn Flow:\n * 1. buildPrePeginPsbt() — creates unfunded Pre-PegIn tx (HTLC output)\n * 2. [caller funds Pre-PegIn tx and computes txid]\n * 3. buildPeginTxFromFundedPrePegin() — derives PegIn tx spending the HTLC\n * 4. buildPeginInputPsbt() — PSBT for depositor to sign PegIn HTLC leaf 0 input\n *\n * @module primitives/psbt/pegin\n */\n\nimport {\n buildPeginTxFromPrePegin,\n createPrePeginTransaction,\n type Network,\n} from \"@babylonlabs-io/babylon-tbv-rust-wasm\";\n\nimport { parseUnfundedWasmTransaction } from \"../../utils/transaction/fundPeginTransaction\";\n\nimport {\n assertEncodedHtlcOutputsMatch,\n assertWasmPeginSizing,\n} from \"./assertWasmPeginSizing\";\n\n/**\n * Parameters for building an unfunded Pre-PegIn PSBT\n */\nexport interface PrePeginParams {\n /** Depositor's BTC public key (x-only, 64-char hex without 0x prefix) */\n depositorPubkey: string;\n /** Vault provider's BTC public key (x-only, 64-char hex) */\n vaultProviderPubkey: string;\n /** Array of vault keeper BTC public keys (x-only, 64-char hex) */\n vaultKeeperPubkeys: string[];\n /** Array of universal challenger BTC public keys (x-only, 64-char hex) */\n universalChallengerPubkeys: string[];\n /** SHA256 hash commitment(s) (64 hex chars = 32 bytes each) */\n hashlocks: readonly string[];\n /** CSV timelock in blocks for the HTLC refund path */\n timelockRefund: number;\n /** Amounts to peg in (satoshis), one per deposit */\n pegInAmounts: readonly bigint[];\n /** TX-graph fee rate in sat/vB from contract offchain params; sizes the depositor claim value */\n feeRate: bigint;\n /** Minimum PegIn fee rate in sat/vB from contract offchain params; sizes the PegIn tx fee */\n minPeginFeeRate: bigint;\n /** Number of local challengers (from contract params) */\n numLocalChallengers: number;\n /** M in M-of-N council multisig (from contract params) */\n councilQuorum: number;\n /** N in M-of-N council multisig (from contract params) */\n councilSize: number;\n /** Bitcoin network */\n network: Network;\n /**\n * Optional 32-byte `SHA256(auth_anchor)` commitment (64-char hex, no\n * `0x` prefix). If provided, the Pre-PegIn tx will include an\n * `OP_RETURN <PUSH32 authAnchorHash>` output at vout =\n * `hashlocks.length`, binding the depositor's bearer-token\n * `auth_anchor` preimage to this Pre-PegIn.\n */\n authAnchorHash?: string;\n}\n\n/**\n * Byte length of an `auth_anchor_hash` commitment when encoded as a\n * lowercase hex string (32 bytes → 64 hex chars).\n */\nconst AUTH_ANCHOR_HASH_HEX_LEN = 64;\n\nconst HEX_PATTERN = /^[0-9a-fA-F]+$/;\n\n/**\n * Result of building an unfunded Pre-PegIn transaction\n */\nexport interface PrePeginPsbtResult {\n /**\n * Unfunded transaction hex (no inputs, HTLC outputs + optional\n * auth-anchor OP_RETURN + CPFP anchor).\n *\n * The caller is responsible for:\n * - Selecting UTXOs covering totalOutputValue + network fees\n * - Funding the transaction (add inputs and change output)\n * - Calling buildPeginTxFromFundedPrePegin() with the funded tx hex\n */\n psbtHex: string;\n /** Sum of all unfunded outputs — use this for UTXO selection */\n totalOutputValue: bigint;\n /** HTLC output values in satoshis, one per deposit (each includes peginAmount + depositorClaimValue + minPeginFee) */\n htlcValues: readonly bigint[];\n /** HTLC output scriptPubKeys (hex encoded), one per deposit */\n htlcScriptPubKeys: readonly string[];\n /** HTLC Taproot addresses, one per deposit */\n htlcAddresses: readonly string[];\n /** Pegin amounts in satoshis, one per deposit */\n peginAmounts: readonly bigint[];\n /** Depositor claim value computed by WASM from contract parameters */\n depositorClaimValue: bigint;\n /**\n * Vout index of the auth-anchor `OP_RETURN` output if one was\n * included (i.e. `authAnchorHash` was provided), or `null` if not.\n * Always equals `htlcValues.length` when present.\n */\n authAnchorVout: number | null;\n}\n\n/**\n * Parameters for building the PegIn transaction from a funded Pre-PegIn tx\n */\nexport interface BuildPeginTxParams {\n /** Same PrePeginParams used to create the Pre-PegIn transaction */\n prePeginParams: PrePeginParams;\n /** CSV timelock in blocks for the PegIn vault output */\n timelockPegin: number;\n /** Hex-encoded funded Pre-PegIn transaction */\n fundedPrePeginTxHex: string;\n /** Index of the HTLC output to spend */\n htlcVout: number;\n}\n\n/**\n * Result of building the PegIn transaction\n */\nexport interface PeginTxResult {\n /** PegIn transaction hex (1 input spending HTLC, 1 vault output) */\n txHex: string;\n /** PegIn transaction ID */\n txid: string;\n /** Vault output scriptPubKey (hex encoded) */\n vaultScriptPubKey: string;\n /** Vault output value in satoshis */\n vaultValue: bigint;\n}\n\n/**\n * Build unfunded Pre-PegIn transaction using WASM.\n *\n * Creates a Bitcoin transaction template with no inputs, an HTLC output, and a\n * CPFP anchor output. The HTLC value is computed internally from the contract\n * parameters — the caller does not need to compute depositorClaimValue separately.\n *\n * @param params - Pre-PegIn parameters\n * @returns Unfunded Pre-PegIn transaction details with HTLC output information\n * @throws If WASM initialization fails or parameters are invalid\n */\nexport async function buildPrePeginPsbt(\n params: PrePeginParams,\n): Promise<PrePeginPsbtResult> {\n const authAnchorHash = normalizeAuthAnchorHash(params.authAnchorHash);\n\n const result = await createPrePeginTransaction({\n depositorPubkey: params.depositorPubkey,\n vaultProviderPubkey: params.vaultProviderPubkey,\n vaultKeeperPubkeys: params.vaultKeeperPubkeys,\n universalChallengerPubkeys: params.universalChallengerPubkeys,\n hashlocks: [...params.hashlocks],\n timelockRefund: params.timelockRefund,\n pegInAmounts: [...params.pegInAmounts],\n feeRate: params.feeRate,\n minPeginFeeRate: params.minPeginFeeRate,\n numLocalChallengers: params.numLocalChallengers,\n councilQuorum: params.councilQuorum,\n councilSize: params.councilSize,\n network: params.network,\n authAnchorHash,\n });\n\n // CLAUDE.md critical path #1: the WASM outputs reach JS with no runtime\n // validation. Cross-check every value-bearing field against the request\n // and the protocol formula before it can feed a signed tx or the on-chain\n // PegIn registration. Both the sizing and commit passes route through here.\n await assertWasmPeginSizing(result, params);\n\n // Parse the unfunded tx to sum all output values\n // (HTLCs + optional OP_RETURN + CPFP anchor). This is the amount\n // UTXOs must cover before adding network fees.\n const parsed = parseUnfundedWasmTransaction(result.txHex);\n\n // Bind the validated metadata to the bytes that get funded and signed:\n // the encoded HTLC outputs must carry exactly the values/scripts the\n // cross-check above validated. Otherwise a tx whose real outputs differ\n // from the checked metadata could still be funded and signed.\n assertEncodedHtlcOutputsMatch(\n parsed.outputs,\n result.htlcValues,\n result.htlcScriptPubKeys,\n );\n\n const totalOutputValue = parsed.outputs.reduce(\n (sum, o) => sum + BigInt(o.value),\n 0n,\n );\n\n // The WASM places the OP_RETURN commitment immediately after the\n // HTLC outputs when authAnchorHash is provided.\n const authAnchorVout =\n authAnchorHash !== undefined ? result.htlcValues.length : null;\n\n return {\n psbtHex: result.txHex,\n totalOutputValue,\n htlcValues: result.htlcValues,\n htlcScriptPubKeys: result.htlcScriptPubKeys,\n htlcAddresses: result.htlcAddresses,\n peginAmounts: result.peginAmounts,\n depositorClaimValue: result.depositorClaimValue,\n authAnchorVout,\n };\n}\n\n/**\n * Validate and normalize an `authAnchorHash` hex string before passing\n * it to the WASM boundary. WASM expects exactly 64 lowercase hex chars.\n */\nexport function normalizeAuthAnchorHash(\n value: string | undefined,\n): string | undefined {\n if (value === undefined) return undefined;\n const cleaned =\n value.startsWith(\"0x\") || value.startsWith(\"0X\") ? value.slice(2) : value;\n if (\n cleaned.length !== AUTH_ANCHOR_HASH_HEX_LEN ||\n !HEX_PATTERN.test(cleaned)\n ) {\n throw new Error(\n `authAnchorHash must be 32-byte hex (${AUTH_ANCHOR_HASH_HEX_LEN} chars, no 0x prefix); got length ${cleaned.length}`,\n );\n }\n return cleaned.toLowerCase();\n}\n\n/**\n * Build the PegIn transaction from a funded Pre-PegIn transaction.\n *\n * The PegIn transaction spends the Pre-PegIn HTLC output at htlcVout via the\n * hashlock + all-party script (leaf 0).\n *\n * @param params - Build parameters including Pre-PegIn params and funded tx hex\n * @returns PegIn transaction details\n * @throws If WASM initialization fails or parameters are invalid\n */\nexport async function buildPeginTxFromFundedPrePegin(\n params: BuildPeginTxParams,\n): Promise<PeginTxResult> {\n // WASM reconstructs the Pre-PegIn template from these params to\n // decode the funded tx. Must pass `authAnchorHash` (normalized\n // identically to buildPrePeginPsbt) so the reconstruction matches\n // the original outputs, including the OP_RETURN at vout =\n // hashlocks.length.\n const result = await buildPeginTxFromPrePegin(\n {\n depositorPubkey: params.prePeginParams.depositorPubkey,\n vaultProviderPubkey: params.prePeginParams.vaultProviderPubkey,\n vaultKeeperPubkeys: params.prePeginParams.vaultKeeperPubkeys,\n universalChallengerPubkeys:\n params.prePeginParams.universalChallengerPubkeys,\n hashlocks: [...params.prePeginParams.hashlocks],\n timelockRefund: params.prePeginParams.timelockRefund,\n pegInAmounts: [...params.prePeginParams.pegInAmounts],\n feeRate: params.prePeginParams.feeRate,\n minPeginFeeRate: params.prePeginParams.minPeginFeeRate,\n numLocalChallengers: params.prePeginParams.numLocalChallengers,\n councilQuorum: params.prePeginParams.councilQuorum,\n councilSize: params.prePeginParams.councilSize,\n network: params.prePeginParams.network,\n authAnchorHash: normalizeAuthAnchorHash(\n params.prePeginParams.authAnchorHash,\n ),\n },\n params.timelockPegin,\n params.fundedPrePeginTxHex,\n params.htlcVout,\n );\n\n return {\n txHex: result.txHex,\n txid: result.txid,\n vaultScriptPubKey: result.vaultScriptPubKey,\n vaultValue: result.vaultValue,\n };\n}\n","/**\n * Payout Script Generator Primitive\n *\n * This module provides pure functions for generating payout scripts and taproot information\n * by wrapping the WASM implementation from @babylonlabs-io/babylon-tbv-rust-wasm.\n *\n * The payout script is used for signing payout transactions in the vault system.\n * It defines the spending conditions for the vault output, enabling the depositor\n * to authorize payouts during the peg-in flow (Step 3).\n *\n * @remarks\n * This is a low-level primitive. For most use cases, prefer using {@link buildPayoutPsbt}\n * which handles script creation internally. For high-level wallet orchestration, use\n * PayoutManager from the managers module.\n *\n * @see {@link buildPayoutPsbt} - Higher-level function that uses this internally\n *\n * @module primitives/scripts/payout\n */\n\nimport {\n createPayoutConnector,\n type Network,\n} from \"@babylonlabs-io/babylon-tbv-rust-wasm\";\n\n/**\n * Parameters for creating a payout script.\n *\n * These parameters define the participants in a vault and are used to generate\n * the taproot script that controls how funds can be spent from the vault.\n */\nexport interface PayoutScriptParams {\n /**\n * Depositor's BTC public key (x-only, 64-char hex without 0x prefix).\n *\n * This is the user depositing BTC into the vault. The depositor must sign\n * payout transactions to authorize fund distribution.\n */\n depositor: string;\n\n /**\n * Vault provider's BTC public key (x-only, 64-char hex without 0x prefix).\n *\n * The service provider managing vault operations. Also referred to as\n * \"claimer\" in the WASM layer.\n */\n vaultProvider: string;\n\n /**\n * Array of vault keeper BTC public keys (x-only, 64-char hex without 0x prefix).\n *\n * Vault keepers participate in vault operations and script spending conditions.\n */\n vaultKeepers: string[];\n\n /**\n * Array of universal challenger BTC public keys (x-only, 64-char hex without 0x prefix).\n *\n * These parties can challenge the vault under certain conditions.\n */\n universalChallengers: string[];\n\n /**\n * CSV timelock in blocks for the PegIn output.\n */\n timelockPegin: number;\n\n /**\n * Bitcoin network for script generation.\n *\n * Must match the network used for all other vault operations to ensure\n * address encoding compatibility.\n */\n network: Network;\n}\n\n/**\n * Result of creating a payout script.\n *\n * Contains all the taproot-related data needed for constructing and signing\n * payout transactions from the vault.\n */\nexport interface PayoutScriptResult {\n /**\n * The payout script hex used in taproot script path spending.\n *\n * This is the raw script bytes that define the spending conditions,\n * encoded as a hexadecimal string. Used when constructing the\n * tapLeafScript for PSBT signing.\n */\n payoutScript: string;\n\n /**\n * The taproot script hash (leaf hash) for the payout script.\n *\n * This is the tagged hash of the script used in taproot tree construction.\n * Required for computing the control block during script path spending.\n */\n taprootScriptHash: string;\n\n /**\n * The full scriptPubKey for the vault output address.\n *\n * This is the complete output script (OP_1 <32-byte-key>) that should be\n * used when creating the vault output in a peg-in transaction.\n */\n scriptPubKey: string;\n\n /**\n * The vault Bitcoin address derived from the script.\n *\n * A human-readable bech32m address (bc1p... for mainnet, tb1p... for testnet/signet)\n * that can be used to receive funds into the vault.\n */\n address: string;\n\n /**\n * Serialized control block for Taproot script path spend (hex encoded).\n *\n * Computed by the Rust WASM PeginPayoutConnector. Used directly in\n * tapLeafScript when building payout PSBTs.\n */\n payoutControlBlock: string;\n}\n\n/**\n * Create payout script and taproot information using WASM.\n *\n * This is a pure function that wraps the Rust WASM implementation.\n * The payout connector generates the necessary taproot scripts and information\n * required for signing payout transactions.\n *\n * @remarks\n * The generated script encodes spending conditions that require signatures from\n * the depositor and vault provider (or liquidators in challenge scenarios).\n * This script is used internally by {@link buildPayoutPsbt}.\n *\n * @param params - Payout script parameters defining vault participants and network\n * @returns Payout script and taproot information for PSBT construction\n *\n * @see {@link buildPayoutPsbt} - Use this for building complete payout PSBTs\n */\nexport async function createPayoutScript(\n params: PayoutScriptParams,\n): Promise<PayoutScriptResult> {\n // Call the WASM wrapper with the correct parameter structure\n const connector = await createPayoutConnector(\n {\n depositor: params.depositor,\n vaultProvider: params.vaultProvider,\n vaultKeepers: params.vaultKeepers,\n universalChallengers: params.universalChallengers,\n timelockPegin: params.timelockPegin,\n },\n params.network,\n );\n\n return {\n payoutScript: connector.payoutScript,\n taprootScriptHash: connector.taprootScriptHash,\n scriptPubKey: connector.scriptPubKey,\n address: connector.address,\n payoutControlBlock: connector.payoutControlBlock,\n };\n}\n","/**\n * Payout PSBT Builder Primitives\n *\n * This module provides pure functions for building unsigned payout PSBTs and extracting\n * Schnorr signatures from signed PSBTs. It uses WASM-generated scripts from the payout\n * connector and bitcoinjs-lib for PSBT construction.\n *\n * The Payout transaction references the Assert transaction (input 1).\n *\n * @module primitives/psbt/payout\n */\n\nimport {\n type Network,\n tapInternalPubkey,\n} from \"@babylonlabs-io/babylon-tbv-rust-wasm\";\nimport { Buffer } from \"buffer\";\nimport { Psbt, Transaction } from \"bitcoinjs-lib\";\nimport { createPayoutScript } from \"../scripts/payout\";\nimport {\n TAPSCRIPT_LEAF_VERSION,\n deriveBip86ScriptPubKeyHex,\n hexToUint8Array,\n isValidHex,\n stripHexPrefix,\n uint8ArrayToHex,\n} from \"../utils/bitcoin\";\nimport {\n ASSERT_PAYOUT_OUTPUT_INDEX,\n MAX_VP_COMMISSION_BPS_EXCLUSIVE,\n NON_VP_CLAIMER_PAYOUT_OUTPUT_COUNT,\n PAYOUT_ANCHOR_DUST_SATS,\n PEGIN_VAULT_OUTPUT_INDEX,\n VP_CLAIMER_PAYOUT_OUTPUT_COUNT,\n} from \"./constants\";\n\n/**\n * Number of items in a Taproot script-path spend witness stack for a\n * single-signature script: [signature, script, controlBlock].\n *\n * The current payout script requires exactly one depositor signature. If the\n * protocol evolves to require multiple signatures in the payout script, this\n * invariant and the finalized-PSBT extraction path must be revisited because\n * the first witness item would no longer necessarily be the depositor's.\n */\nconst TAPROOT_SINGLE_SIG_WITNESS_STACK_SIZE = 3;\n\n/**\n * Coarse cap on a payout tx's implicit fee (inputs − outputs), as a fraction\n * of input value — blocks a VP deflating outputs and burning the remainder\n * as miner fee. A backstop only; the per-role structural checks in\n * {@link assertPayoutOutputLayout} are the primary value-diversion guard.\n */\nconst MAX_PAYOUT_FEE_FRACTION_NUMERATOR = 10;\nconst MAX_PAYOUT_FEE_FRACTION_DENOMINATOR = 100;\n\n/**\n * Parameters for building an unsigned Payout PSBT\n *\n * Payout is used in the challenge path after Assert, when the claimer proves validity.\n * Input 1 references the Assert transaction.\n */\nexport interface PayoutParams {\n /**\n * Payout transaction hex (unsigned)\n * This is the transaction that needs to be signed by the depositor\n */\n payoutTxHex: string;\n\n /**\n * Assert transaction hex\n * Payout input 1 references Assert output 0\n */\n assertTxHex: string;\n\n /**\n * Peg-in transaction hex\n * This transaction created the vault output that we're spending\n */\n peginTxHex: string;\n\n /**\n * Depositor's BTC public key (x-only, 64-char hex without 0x prefix)\n */\n depositorBtcPubkey: string;\n\n /**\n * Vault provider's BTC public key (x-only, 64-char hex)\n */\n vaultProviderBtcPubkey: string;\n\n /**\n * Vault keeper BTC public keys (x-only, 64-char hex)\n */\n vaultKeeperBtcPubkeys: string[];\n\n /**\n * Universal challenger BTC public keys (x-only, 64-char hex)\n */\n universalChallengerBtcPubkeys: string[];\n\n /**\n * CSV timelock in blocks for the PegIn output.\n */\n timelockPegin: number;\n\n /**\n * Bitcoin network\n */\n network: Network;\n\n /**\n * Claimer's x-only BTC public key (64-char hex, no prefix). Drives role\n * inference (VP / depositor-as-claimer / VK-claimer) inside `buildPayoutPsbt`.\n */\n claimerBtcPubkey: string;\n\n /**\n * On-chain registered depositor payout scriptPubKey (hex, 0x optional).\n * Expected outs[0].script for VP- and depositor-claimer roles; unused for\n * VK-claimer (its outs[0].script is derived from `claimerBtcPubkey`).\n */\n registeredPayoutScriptPubKey: string;\n\n /**\n * VP commission in basis points (`BTCVaultRegistry.vaultProviderCommissionBps`).\n * Caps the VP-claimer outs[1].value. The protocol minimum is enforced\n * upstream; here only `0 <= bps < 10_000` is checked, for safe cap math.\n */\n commissionBps: number;\n}\n\n/**\n * Result of building an unsigned payout PSBT\n */\nexport interface PayoutPsbtResult {\n /**\n * Unsigned PSBT hex ready for signing\n */\n psbtHex: string;\n}\n\n/**\n * Build unsigned Payout PSBT for depositor to sign.\n *\n * Payout is used in the **challenge path** when the claimer proves validity:\n * 1. Vault provider submits Claim transaction\n * 2. Challenge is raised during challenge period\n * 3. Claimer submits Assert transaction to prove validity\n * 4. Payout can be executed (references Assert tx)\n *\n * Payout transactions have the following structure:\n * - Input 0: from PeginTx output0 (signed by depositor)\n * - Input 1: from Assert output0 (NOT signed by depositor)\n *\n * @param params - Payout parameters\n * @returns Unsigned PSBT ready for depositor to sign\n *\n * @throws If payout transaction does not have exactly 2 inputs\n * @throws If input 0 does not spend PegIn:0 (vault UTXO)\n * @throws If input 1 does not spend Assert:0 (proof output)\n * @throws If previous output is not found for either input\n * @throws If sum of output values exceeds sum of input values (invalid tx)\n * @throws If implicit fee (inputs − outputs) exceeds the configured fraction\n * of total input value — see {@link MAX_PAYOUT_FEE_FRACTION_NUMERATOR}\n * @throws If `claimerBtcPubkey` is not VP, depositor, or a registered VK\n * @throws If payout output count, outs[0] script, outs[last] anchor value, or\n * (VP-claimer) outs[1] commission cap do not match the protocol layout\n * @throws If `commissionBps` is not a non-negative integer below 10_000\n */\nexport async function buildPayoutPsbt(\n params: PayoutParams,\n): Promise<PayoutPsbtResult> {\n // Normalize hex inputs (strip 0x prefix if present)\n const payoutTxHex = stripHexPrefix(params.payoutTxHex);\n const peginTxHex = stripHexPrefix(params.peginTxHex);\n const assertTxHex = stripHexPrefix(params.assertTxHex);\n\n // Get payout script from WASM\n const payoutConnector = await createPayoutScript({\n depositor: params.depositorBtcPubkey,\n vaultProvider: params.vaultProviderBtcPubkey,\n vaultKeepers: params.vaultKeeperBtcPubkeys,\n universalChallengers: params.universalChallengerBtcPubkeys,\n timelockPegin: params.timelockPegin,\n network: params.network,\n });\n\n const payoutScriptBytes = hexToUint8Array(payoutConnector.payoutScript);\n const controlBlock = hexToUint8Array(payoutConnector.payoutControlBlock);\n\n // Parse transactions\n const payoutTx = Transaction.fromHex(payoutTxHex);\n const peginTx = Transaction.fromHex(peginTxHex);\n const assertTx = Transaction.fromHex(assertTxHex);\n\n // Create PSBT\n const psbt = new Psbt();\n psbt.setVersion(payoutTx.version);\n psbt.setLocktime(payoutTx.locktime);\n\n // PayoutTx has exactly 2 inputs:\n // - Input 0: from PeginTx output0 (signed by depositor using taproot script path)\n // - Input 1: from Assert output0 (signed by claimer/challengers, not depositor)\n //\n // IMPORTANT: For Taproot SIGHASH_DEFAULT (0x00), the sighash commits to ALL inputs'\n // prevouts, not just the one being signed. Therefore, we must include BOTH inputs\n // in the PSBT so the wallet computes the correct sighash that the VP expects.\n\n // Verify payout transaction has expected structure\n if (payoutTx.ins.length !== 2) {\n throw new Error(\n `Payout transaction must have exactly 2 inputs, got ${payoutTx.ins.length}`,\n );\n }\n\n const input0 = payoutTx.ins[0];\n const input1 = payoutTx.ins[1];\n\n // Verify input 0 spends PegIn:0 (the vault UTXO).\n // Both txid AND vout must match the protocol contract — the vout is the\n // input-side anchor that prevents a malicious VP from binding the\n // depositor's signature to a different output of the same parent.\n const input0Txid = uint8ArrayToHex(\n new Uint8Array(input0.hash).slice().reverse(),\n );\n const peginTxid = peginTx.getId();\n\n if (input0Txid !== peginTxid || input0.index !== PEGIN_VAULT_OUTPUT_INDEX) {\n throw new Error(\n `Input 0 must spend PegIn:${PEGIN_VAULT_OUTPUT_INDEX}. ` +\n `Expected ${peginTxid}:${PEGIN_VAULT_OUTPUT_INDEX}, got ${input0Txid}:${input0.index}`,\n );\n }\n\n // Verify input 1 spends Assert:0 (the proof output).\n const input1Txid = uint8ArrayToHex(\n new Uint8Array(input1.hash).slice().reverse(),\n );\n const assertTxid = assertTx.getId();\n\n if (input1Txid !== assertTxid || input1.index !== ASSERT_PAYOUT_OUTPUT_INDEX) {\n throw new Error(\n `Input 1 must spend Assert:${ASSERT_PAYOUT_OUTPUT_INDEX}. ` +\n `Expected ${assertTxid}:${ASSERT_PAYOUT_OUTPUT_INDEX}, got ${input1Txid}:${input1.index}`,\n );\n }\n\n const peginPrevOut = peginTx.outs[input0.index];\n if (!peginPrevOut) {\n throw new Error(\n `Previous output not found for input 0 (txid: ${input0Txid}, index: ${input0.index})`,\n );\n }\n\n const input1PrevOut = assertTx.outs[input1.index];\n if (!input1PrevOut) {\n throw new Error(\n `Previous output not found for input 1 (txid: ${input1Txid}, index: ${input1.index})`,\n );\n }\n\n // Per-role output validation — blocks an extra attacker output or value\n // routed into a non-payout slot.\n assertPayoutOutputLayout({\n payoutTx,\n peginValueSats: peginPrevOut.value,\n claimerBtcPubkey: params.claimerBtcPubkey,\n vaultProviderBtcPubkey: params.vaultProviderBtcPubkey,\n depositorBtcPubkey: params.depositorBtcPubkey,\n vaultKeeperBtcPubkeys: params.vaultKeeperBtcPubkeys,\n registeredPayoutScriptPubKey: params.registeredPayoutScriptPubKey,\n commissionBps: params.commissionBps,\n });\n\n // Bound the implicit fee — blocks a VP deflating output values and burning\n // the difference as miner fee.\n const inputValueSats = peginPrevOut.value + input1PrevOut.value;\n let outputValueSats = 0;\n for (const out of payoutTx.outs) outputValueSats += out.value;\n if (outputValueSats > inputValueSats) {\n throw new Error(\n `Payout outputs (${outputValueSats} sats) exceed inputs ` +\n `(${inputValueSats} sats); invalid transaction.`,\n );\n }\n const implicitFeeSats = inputValueSats - outputValueSats;\n const maxFeeSats = Math.floor(\n (inputValueSats * MAX_PAYOUT_FEE_FRACTION_NUMERATOR) /\n MAX_PAYOUT_FEE_FRACTION_DENOMINATOR,\n );\n if (implicitFeeSats > maxFeeSats) {\n throw new Error(\n `Payout implicit fee ${implicitFeeSats} sats exceeds the safety cap ` +\n `of ${maxFeeSats} sats ` +\n `(${MAX_PAYOUT_FEE_FRACTION_NUMERATOR}/${MAX_PAYOUT_FEE_FRACTION_DENOMINATOR} ` +\n `of inputs=${inputValueSats}); refusing to sign payout.`,\n );\n }\n\n // Input 0: Depositor signs using Taproot script path spend\n // This input includes tapLeafScript for signing\n psbt.addInput({\n hash: input0.hash,\n index: input0.index,\n sequence: input0.sequence,\n witnessUtxo: {\n script: peginPrevOut.script,\n value: peginPrevOut.value,\n },\n tapLeafScript: [\n {\n leafVersion: TAPSCRIPT_LEAF_VERSION,\n script: Buffer.from(payoutScriptBytes),\n controlBlock: Buffer.from(controlBlock),\n },\n ],\n tapInternalKey: Buffer.from(tapInternalPubkey),\n // sighashType omitted - defaults to SIGHASH_DEFAULT (0x00) for Taproot\n });\n\n // Input 1: From Assert transaction (NOT signed by depositor)\n // We include this with witnessUtxo so the sighash is computed correctly,\n // but we do NOT include tapLeafScript since the depositor doesn't sign it.\n psbt.addInput({\n hash: input1.hash,\n index: input1.index,\n sequence: input1.sequence,\n witnessUtxo: {\n script: input1PrevOut.script,\n value: input1PrevOut.value,\n },\n // No tapLeafScript - depositor doesn't sign this input\n });\n\n // Add outputs\n for (const output of payoutTx.outs) {\n psbt.addOutput({\n script: output.script,\n value: output.value,\n });\n }\n\n return {\n psbtHex: psbt.toHex(),\n };\n}\n\n/**\n * Validate a payout transaction's output structure for the claimer's role,\n * keyed on `claimerBtcPubkey`. Pins per role: `outs.length`, `outs[0].script`,\n * `outs[last].value` (anchor dust), and (VP-claimer) `outs[1].value` capped at\n * `floor(peginValue × commissionBps / 10_000)`. Canonical layouts: VP-claimer\n * = [payout, commission, anchor]; depositor/VK-claimer = [payout, anchor].\n *\n * `outs[1].script` and `outs[last].script` are intentionally not pinned: the\n * value pins above bound depositor exposure regardless of where those outputs\n * are sent, so the value pins — not script pins — are load-bearing.\n *\n * @internal Helper invoked by {@link buildPayoutPsbt}.\n */\nfunction assertPayoutOutputLayout(args: {\n payoutTx: Transaction;\n peginValueSats: number;\n claimerBtcPubkey: string;\n vaultProviderBtcPubkey: string;\n depositorBtcPubkey: string;\n vaultKeeperBtcPubkeys: string[];\n registeredPayoutScriptPubKey: string;\n commissionBps: number;\n}): void {\n const {\n payoutTx,\n peginValueSats,\n claimerBtcPubkey,\n vaultProviderBtcPubkey,\n depositorBtcPubkey,\n vaultKeeperBtcPubkeys,\n registeredPayoutScriptPubKey,\n commissionBps,\n } = args;\n\n if (!isValidHex(registeredPayoutScriptPubKey)) {\n throw new Error(\"Invalid registeredPayoutScriptPubKey: not valid hex\");\n }\n\n const claimer = stripHexPrefix(claimerBtcPubkey).toLowerCase();\n const vp = stripHexPrefix(vaultProviderBtcPubkey).toLowerCase();\n const dep = stripHexPrefix(depositorBtcPubkey).toLowerCase();\n const keepers = vaultKeeperBtcPubkeys.map((k) =>\n stripHexPrefix(k).toLowerCase(),\n );\n\n type Role = \"vp-claimer\" | \"depositor-as-claimer\" | \"vk-claimer\";\n let role: Role;\n let expectedOutCount: number;\n let expectedOut0ScriptHex: string;\n\n if (claimer === vp) {\n role = \"vp-claimer\";\n expectedOutCount = VP_CLAIMER_PAYOUT_OUTPUT_COUNT;\n expectedOut0ScriptHex = stripHexPrefix(registeredPayoutScriptPubKey);\n } else if (claimer === dep) {\n role = \"depositor-as-claimer\";\n expectedOutCount = NON_VP_CLAIMER_PAYOUT_OUTPUT_COUNT;\n expectedOut0ScriptHex = stripHexPrefix(registeredPayoutScriptPubKey);\n } else if (keepers.includes(claimer)) {\n role = \"vk-claimer\";\n expectedOutCount = NON_VP_CLAIMER_PAYOUT_OUTPUT_COUNT;\n expectedOut0ScriptHex = stripHexPrefix(deriveBip86ScriptPubKeyHex(claimer));\n } else {\n throw new Error(\n `Unknown claimer pubkey ${claimer}: not VP, depositor, or a registered vault keeper`,\n );\n }\n\n if (payoutTx.outs.length !== expectedOutCount) {\n throw new Error(\n `Payout transaction has ${payoutTx.outs.length} output(s), ` +\n `expected exactly ${expectedOutCount} for role ${role}.`,\n );\n }\n\n const expectedOut0Script = Buffer.from(expectedOut0ScriptHex, \"hex\");\n if (!payoutTx.outs[0].script.equals(expectedOut0Script)) {\n throw new Error(\n `Payout transaction output 0 does not pay the expected scriptPubKey for role ${role}`,\n );\n }\n\n const anchorIdx = expectedOutCount - 1;\n if (payoutTx.outs[anchorIdx].value !== PAYOUT_ANCHOR_DUST_SATS) {\n throw new Error(\n `Payout CPFP anchor (out ${anchorIdx}) value ${payoutTx.outs[anchorIdx].value} sats ` +\n `must equal ${PAYOUT_ANCHOR_DUST_SATS} sats`,\n );\n }\n\n if (role === \"vp-claimer\") {\n // Structural guard only — a non-negative integer below the bps\n // denominator, so the cap math `floor(peginValue * bps / 10_000)` is\n // meaningful. The protocol minimum is enforced at the trust boundary\n // (`prepareSigningContext`); a too-low value here is fail-safe.\n if (\n !Number.isInteger(commissionBps) ||\n commissionBps < 0 ||\n commissionBps >= MAX_VP_COMMISSION_BPS_EXCLUSIVE\n ) {\n throw new Error(\n `commissionBps must be an integer in ` +\n `[0, ${MAX_VP_COMMISSION_BPS_EXCLUSIVE}), got ${commissionBps}`,\n );\n }\n const maxCommissionSats = Math.floor(\n (peginValueSats * commissionBps) / MAX_VP_COMMISSION_BPS_EXCLUSIVE,\n );\n if (payoutTx.outs[1].value > maxCommissionSats) {\n throw new Error(\n `Payout VP commission (out 1) value ${payoutTx.outs[1].value} sats ` +\n `exceeds cap ${maxCommissionSats} sats ` +\n `(${commissionBps} bps of peginValue=${peginValueSats})`,\n );\n }\n }\n}\n\n/**\n * Extract Schnorr signature from signed payout PSBT.\n *\n * This function supports two cases:\n * 1. Non-finalized PSBT: Extracts from tapScriptSig field\n * 2. Finalized PSBT: Extracts from witness data\n *\n * The signature is returned as a 64-byte hex string (128 hex characters).\n * Payout signatures must use implicit Taproot SIGHASH_DEFAULT, which is\n * encoded by omitting the sighash byte.\n *\n * @param signedPsbtHex - Signed PSBT hex\n * @param depositorPubkey - Depositor's public key (x-only, 64-char hex)\n * @param inputIndex - Input index to extract signature from (default: 0)\n * @returns 64-byte Schnorr signature (128 hex characters, no sighash flag)\n *\n * @throws If no signature is found in the PSBT\n * @throws If the signature has an unexpected length\n */\nexport function extractPayoutSignature(\n signedPsbtHex: string,\n depositorPubkey: string,\n inputIndex = 0,\n): string {\n const signedPsbt = Psbt.fromHex(signedPsbtHex);\n\n if (inputIndex >= signedPsbt.data.inputs.length) {\n throw new Error(\n `Input index ${inputIndex} out of range (${signedPsbt.data.inputs.length} inputs)`,\n );\n }\n\n const input = signedPsbt.data.inputs[inputIndex];\n\n // Case 1: Non-finalized PSBT — extract from tapScriptSig\n if (input.tapScriptSig && input.tapScriptSig.length > 0) {\n const depositorPubkeyBytes = hexToUint8Array(depositorPubkey);\n\n for (const sigEntry of input.tapScriptSig) {\n if (sigEntry.pubkey.equals(Buffer.from(depositorPubkeyBytes))) {\n return extractSchnorrSig(sigEntry.signature, inputIndex);\n }\n }\n\n throw new Error(\n `No signature found for depositor pubkey: ${depositorPubkey} at input ${inputIndex}`,\n );\n }\n\n // Case 2: Finalized PSBT — extract from finalScriptWitness\n // Taproot single-signature script-path witness: [signature, script, controlBlock].\n // Enforce the exact stack size so that if a wallet produces an unexpected\n // finalization (e.g. a multi-signature stack, an annex, or malformed data),\n // we fail loudly instead of silently returning witnessStack[0] which may\n // not be the depositor's signature.\n if (input.finalScriptWitness && input.finalScriptWitness.length > 0) {\n const witnessStack = parseWitnessStack(input.finalScriptWitness);\n if (witnessStack.length !== TAPROOT_SINGLE_SIG_WITNESS_STACK_SIZE) {\n throw new Error(\n `Unexpected finalized witness stack size at input ${inputIndex}: ` +\n `expected ${TAPROOT_SINGLE_SIG_WITNESS_STACK_SIZE} items (signature, script, controlBlock), ` +\n `got ${witnessStack.length}`,\n );\n }\n return extractSchnorrSig(witnessStack[0], inputIndex);\n }\n\n throw new Error(\n `No tapScriptSig or finalScriptWitness found in signed PSBT at input ${inputIndex}`,\n );\n}\n\n/**\n * Extract and validate a 64-byte Schnorr signature.\n * Rejects 65-byte signatures because the appended sighash byte changes the\n * Taproot message being signed; stripping it would produce an unverifiable\n * SIGHASH_DEFAULT signature.\n * @internal\n */\nfunction extractSchnorrSig(sig: Uint8Array, inputIndex: number): string {\n if (sig.length === 64) {\n return uint8ArrayToHex(new Uint8Array(sig));\n }\n if (sig.length === 65) {\n throw new Error(\n `Unexpected sighash byte 0x${sig[64].toString(16).padStart(2, \"0\")} at input ${inputIndex}. ` +\n \"Expected implicit SIGHASH_DEFAULT as a 64-byte signature.\",\n );\n }\n throw new Error(\n `Unexpected signature length at input ${inputIndex}: ${sig.length}`,\n );\n}\n\n/**\n * Parse a BIP-141 serialized witness stack into individual stack items.\n * Format: [varint item_count] [varint len, data]...\n *\n * Throws on malformed input (truncated buffer, 8-byte varints, or trailing\n * bytes) so callers never receive silently-corrupted witness items.\n * @internal\n */\nfunction parseWitnessStack(witness: Buffer): Buffer[] {\n const items: Buffer[] = [];\n let offset = 0;\n\n const requireBytes = (n: number): void => {\n if (offset + n > witness.length) {\n throw new Error(\n `Malformed witness data: need ${n} byte(s) at offset ${offset}, only ${witness.length - offset} remaining`,\n );\n }\n };\n\n const readVarInt = (): number => {\n requireBytes(1);\n const first = witness[offset++];\n if (first < 0xfd) return first;\n if (first === 0xfd) {\n requireBytes(2);\n const val = (witness[offset] | (witness[offset + 1] << 8)) >>> 0;\n offset += 2;\n return val;\n }\n if (first === 0xfe) {\n requireBytes(4);\n const val =\n (witness[offset] |\n (witness[offset + 1] << 8) |\n (witness[offset + 2] << 16) |\n (witness[offset + 3] << 24)) >>>\n 0;\n offset += 4;\n return val;\n }\n // 0xff — 8-byte varint. Not used for witness sizes in practice and JS\n // numbers cannot represent all 64-bit values exactly, so reject rather\n // than risk silent truncation.\n throw new Error(\n `Malformed witness data: 8-byte varint (0xff) not supported at offset ${offset - 1}`,\n );\n };\n\n const count = readVarInt();\n for (let i = 0; i < count; i++) {\n const len = readVarInt();\n requireBytes(len);\n items.push(Buffer.from(witness.subarray(offset, offset + len)));\n offset += len;\n }\n\n if (offset !== witness.length) {\n throw new Error(\n `Malformed witness data: ${witness.length - offset} trailing byte(s) after parsing ${count} item(s)`,\n );\n }\n\n return items;\n}\n\n","/**\n * Asserts a wallet-returned PSBT encodes the same unsigned transaction\n * as the locally-built PSBT we asked the wallet to sign. Per-input PSBT\n * metadata (witnessUtxo, tapLeafScript, sighashType) is intentionally NOT\n * compared — those fields are committed to the Schnorr sighash and the\n * vault provider's `verify_depositor_signature` rejects mismatches there.\n * This primitive defends the path where a colluding VP would otherwise\n * accept a wallet-substituted signature.\n */\n\nimport { Buffer } from \"buffer\";\n\nimport { Psbt } from \"bitcoinjs-lib\";\n\n/**\n * Thrown when a wallet-returned PSBT encodes a different unsigned\n * transaction than the one the caller asked the wallet to sign.\n */\nexport class PsbtSubstitutionError extends Error {\n constructor(detail: string) {\n super(\n `Wallet returned a PSBT for a different transaction: ${detail}`,\n );\n this.name = \"PsbtSubstitutionError\";\n }\n}\n\nexport interface AssertPsbtUnsignedTxMatchesParams {\n /** PSBT we built locally and asked the wallet to sign. */\n requestedPsbtHex: string;\n /** PSBT the wallet returned after signing. */\n returnedPsbtHex: string;\n}\n\nfunction parsePsbt(label: \"requested\" | \"returned\", hex: string): Psbt {\n try {\n return Psbt.fromHex(hex);\n } catch (cause) {\n const reason = cause instanceof Error ? cause.message : String(cause);\n throw new Error(`Failed to parse ${label} PSBT: ${reason}`);\n }\n}\n\n/**\n * Length of the hex prefix included in mismatch errors. Short enough that\n * full prevout txids and output scriptPubKeys never reach logs / error\n * trackers, long enough to disambiguate during forensic triage.\n */\nconst REDACTED_HEX_PREFIX_LEN = 8;\n\nfunction redactHex(buf: Buffer): string {\n return `${buf.toString(\"hex\").slice(0, REDACTED_HEX_PREFIX_LEN)}…`;\n}\n\n/**\n * `bitcoinjs-lib` exposes `txInputs[i].hash` in internal little-endian form;\n * a human reading logs expects the big-endian txid an explorer would show.\n * Reverse before truncating so the surfaced prefix matches what an operator\n * can search for.\n */\nfunction redactTxid(internalHash: Buffer): string {\n const reversed = Buffer.from(internalHash).reverse();\n return redactHex(reversed);\n}\n\n/**\n * Compare two PSBTs and throw `PsbtSubstitutionError` unless they encode\n * the same unsigned transaction (version, locktime, inputs, outputs).\n *\n * @throws PsbtSubstitutionError on any mismatch in the unsigned tx\n * @throws Error if either PSBT cannot be parsed\n */\nexport function assertPsbtUnsignedTxMatches(\n params: AssertPsbtUnsignedTxMatchesParams,\n): void {\n const requested = parsePsbt(\"requested\", params.requestedPsbtHex);\n const returned = parsePsbt(\"returned\", params.returnedPsbtHex);\n\n if (requested.version !== returned.version) {\n throw new PsbtSubstitutionError(\n `tx version differs (requested=${requested.version}, returned=${returned.version})`,\n );\n }\n if (requested.locktime !== returned.locktime) {\n throw new PsbtSubstitutionError(\n `tx locktime differs (requested=${requested.locktime}, returned=${returned.locktime})`,\n );\n }\n if (requested.txInputs.length !== returned.txInputs.length) {\n throw new PsbtSubstitutionError(\n `input count differs (requested=${requested.txInputs.length}, returned=${returned.txInputs.length})`,\n );\n }\n if (requested.txOutputs.length !== returned.txOutputs.length) {\n throw new PsbtSubstitutionError(\n `output count differs (requested=${requested.txOutputs.length}, returned=${returned.txOutputs.length})`,\n );\n }\n for (let i = 0; i < requested.txInputs.length; i++) {\n const r = requested.txInputs[i];\n const s = returned.txInputs[i];\n if (!r.hash.equals(s.hash)) {\n throw new PsbtSubstitutionError(\n `input ${i} prevout txid differs (requested=${redactTxid(r.hash)}, returned=${redactTxid(s.hash)})`,\n );\n }\n if (r.index !== s.index) {\n throw new PsbtSubstitutionError(\n `input ${i} prevout vout differs (requested=${r.index}, returned=${s.index})`,\n );\n }\n if (r.sequence !== s.sequence) {\n throw new PsbtSubstitutionError(\n `input ${i} sequence differs (requested=${r.sequence}, returned=${s.sequence})`,\n );\n }\n }\n for (let i = 0; i < requested.txOutputs.length; i++) {\n const r = requested.txOutputs[i];\n const s = returned.txOutputs[i];\n if (!r.script.equals(s.script)) {\n throw new PsbtSubstitutionError(\n `output ${i} scriptPubKey differs (requested=${redactHex(r.script)}, returned=${redactHex(s.script)})`,\n );\n }\n if (r.value !== s.value) {\n throw new PsbtSubstitutionError(\n `output ${i} value differs (requested=${r.value}, returned=${s.value})`,\n );\n }\n }\n}\n","/**\n * Independent BIP-340 verification of a wallet-returned Taproot script-path\n * Schnorr signature against an independently-recomputed sighash.\n *\n * Critical Path #7 (CLAUDE.md): the SDK requests script-path signatures with\n * `useTweakedSigner: false, autoFinalized: false`. Wallet support for the\n * untweaked-key flag is inconsistent — older OKX / mobile bridges silently sign\n * with the *tweaked* key, Keystone ignores the flag — and a compromised\n * extension can stuff a 64-byte stub into `tapScriptSig`. A bad signature that\n * the SDK forwards is only caught on broadcast; in the worst case it passes the\n * VP off-chain but Bitcoin rejects it, leaving the depositor's BTC locked in the\n * HTLC until `timelockRefund` matures. This guard rejects such signatures before\n * they are trusted.\n *\n * Why verify against the *locally-built* PSBT, not the wallet-returned one:\n * `assertPsbtUnsignedTxMatches` pins the unsigned transaction but deliberately\n * skips per-input metadata (`witnessUtxo`, `tapLeafScript`). A malicious wallet\n * could rewrite those consistently in the returned PSBT so a wrong-message\n * signature self-validates. The trusted prevout scripts/values and leaf script\n * therefore come from the PSBT we built ourselves (derived from on-chain / WASM\n * sources); only the 64-byte signature comes from the wallet.\n *\n * Reuses the exact primitives `bip322Verify.ts` already depends on — no new\n * dependency:\n * - `@bitcoin-js/tiny-secp256k1-asmjs` → `verifySchnorr`\n * - `bitcoinjs-lib` → `Transaction.hashForWitnessV1`, `crypto.taggedHash` (TapLeaf hash)\n *\n * @module tbv/core/primitives/psbt/verifyScriptPathSchnorrSignature\n */\n\nimport * as ecc from \"@bitcoin-js/tiny-secp256k1-asmjs\";\nimport { Psbt, Transaction, crypto as bcrypto } from \"bitcoinjs-lib\";\n\nimport { Buffer } from \"buffer\";\n\nimport {\n SCHNORR_SIG_HEX_LEN,\n TAPSCRIPT_LEAF_VERSION,\n X_ONLY_PUBKEY_HEX_LEN,\n hexToUint8Array,\n stripHexPrefix,\n} from \"../utils/bitcoin\";\n\n// Bitcoin CompactSize (varint) prefix markers — values fixed by the protocol.\n// https://developer.bitcoin.org/reference/transactions.html#compactsize-unsigned-integers\nconst COMPACT_SIZE_UINT16_PREFIX = 0xfd; // value in [0xfd, 0xffff] → 0xfd + uint16 LE\nconst COMPACT_SIZE_UINT32_PREFIX = 0xfe; // value in [0x10000, 0xffffffff] → 0xfe + uint32 LE\nconst COMPACT_SIZE_UINT16_MAX = 0xffff;\nconst COMPACT_SIZE_UINT32_MAX = 0xffffffff;\n\n/**\n * Encode a length as a Bitcoin CompactSize (varint). Tapscript leaf scripts can\n * exceed 252 bytes (WOTS scripts), so the multi-byte forms are required, not\n * just the single-byte fast path.\n */\nfunction encodeCompactSize(n: number): Buffer {\n if (n < COMPACT_SIZE_UINT16_PREFIX) {\n return Buffer.from([n]);\n }\n if (n <= COMPACT_SIZE_UINT16_MAX) {\n const value = Buffer.alloc(2); // uint16, little-endian\n value.writeUInt16LE(n);\n return Buffer.concat([Buffer.from([COMPACT_SIZE_UINT16_PREFIX]), value]);\n }\n if (n <= COMPACT_SIZE_UINT32_MAX) {\n const value = Buffer.alloc(4); // uint32, little-endian\n value.writeUInt32LE(n);\n return Buffer.concat([Buffer.from([COMPACT_SIZE_UINT32_PREFIX]), value]);\n }\n throw new Error(`Script too large to encode as CompactSize: ${n} bytes`);\n}\n\n/** BIP-341 tag for the TapLeaf hash. */\nconst TAPLEAF_TAG = \"TapLeaf\";\n\n/**\n * Compute the BIP-341 TapLeaf hash for a tapscript leaf:\n * `tagged_hash(\"TapLeaf\", leaf_version || compact_size(script) || script)`.\n */\nfunction computeTapLeafHash(leafVersion: number, script: Uint8Array): Buffer {\n const preimage = Buffer.concat([\n Buffer.from([leafVersion]),\n encodeCompactSize(script.length),\n Buffer.from(script),\n ]);\n return bcrypto.taggedHash(TAPLEAF_TAG, preimage);\n}\n\nexport interface VerifyScriptPathSchnorrSignatureParams {\n /**\n * Hex of the PSBT we built locally and sent to the wallet (the trusted\n * source of prevout scripts/values and the leaf script). NOT the\n * wallet-returned PSBT.\n */\n requestedPsbtHex: string;\n /** The 64-byte Schnorr signature extracted from the wallet's response (128 hex chars). */\n signatureHex: string;\n /** X-only public key (64 hex chars) the wallet signed the script-path leaf with. */\n signerXOnlyPubkeyHex: string;\n /** Index of the input the signature is for. */\n inputIndex: number;\n}\n\n/**\n * Assert that `signatureHex` is a valid BIP-340 Schnorr signature by the\n * `signerXOnlyPubkeyHex` key over the Taproot script-path sighash of\n * `requestedPsbtHex` input `inputIndex` (SIGHASH_DEFAULT).\n *\n * @throws If the requested PSBT is malformed, lacks the prevout/leaf data needed\n * to recompute the sighash, or the signature does not verify.\n */\nexport function assertScriptPathSchnorrSignature(\n params: VerifyScriptPathSchnorrSignatureParams,\n): void {\n const { requestedPsbtHex, signatureHex, signerXOnlyPubkeyHex, inputIndex } =\n params;\n\n const signatureRaw = stripHexPrefix(signatureHex);\n if (signatureRaw.length !== SCHNORR_SIG_HEX_LEN) {\n throw new Error(\n `Schnorr signature for input ${inputIndex} must be ${SCHNORR_SIG_HEX_LEN} hex chars ` +\n `(64 bytes), got ${signatureRaw.length}.`,\n );\n }\n\n const signerXOnly = stripHexPrefix(signerXOnlyPubkeyHex);\n if (signerXOnly.length !== X_ONLY_PUBKEY_HEX_LEN) {\n throw new Error(\n `Signer x-only pubkey for input ${inputIndex} must be ${X_ONLY_PUBKEY_HEX_LEN} hex chars ` +\n `(32 bytes), got ${signerXOnly.length}.`,\n );\n }\n\n const psbt = Psbt.fromHex(requestedPsbtHex);\n\n if (inputIndex < 0 || inputIndex >= psbt.data.inputs.length) {\n throw new Error(\n `Input index ${inputIndex} out of range (${psbt.data.inputs.length} inputs).`,\n );\n }\n\n // Taproot's sighash commits to every input's prevout (script + value), so all\n // inputs must carry a witnessUtxo. A missing one is a build error, not a\n // value we can default — fail loudly.\n const prevOutScripts: Buffer[] = [];\n const values: number[] = [];\n for (let i = 0; i < psbt.data.inputs.length; i++) {\n const witnessUtxo = psbt.data.inputs[i].witnessUtxo;\n if (!witnessUtxo) {\n throw new Error(\n `Cannot verify signature: input ${i} of the requested PSBT has no witnessUtxo ` +\n `(required to recompute the Taproot sighash).`,\n );\n }\n prevOutScripts.push(witnessUtxo.script);\n values.push(witnessUtxo.value);\n }\n\n // The signed input must expose exactly one tapLeafScript — the leaf the\n // depositor signs. Zero means we sent the wrong PSBT; more than one means an\n // ambiguous spend path we never construct for a single-signature input.\n const tapLeafScripts = psbt.data.inputs[inputIndex].tapLeafScript;\n if (!tapLeafScripts || tapLeafScripts.length !== 1) {\n throw new Error(\n `Cannot verify signature: input ${inputIndex} of the requested PSBT must have exactly ` +\n `one tapLeafScript, got ${tapLeafScripts?.length ?? 0}.`,\n );\n }\n const leaf = tapLeafScripts[0];\n if (leaf.leafVersion !== TAPSCRIPT_LEAF_VERSION) {\n throw new Error(\n `Cannot verify signature: input ${inputIndex} tapLeafScript has leaf version ` +\n `0x${leaf.leafVersion.toString(16)}, expected 0x${TAPSCRIPT_LEAF_VERSION.toString(16)}.`,\n );\n }\n\n const leafHash = computeTapLeafHash(leaf.leafVersion, leaf.script);\n\n // Reconstruct the unsigned transaction from the requested PSBT using only\n // public bitcoinjs-lib API (same pattern as bip322Verify.ts), then compute the\n // BIP-341 script-path sighash with SIGHASH_DEFAULT.\n const tx = new Transaction();\n tx.version = psbt.version;\n tx.locktime = psbt.locktime;\n for (const input of psbt.txInputs) {\n tx.addInput(input.hash, input.index, input.sequence);\n }\n for (const output of psbt.txOutputs) {\n tx.addOutput(output.script, output.value);\n }\n\n const sighash = tx.hashForWitnessV1(\n inputIndex,\n prevOutScripts,\n values,\n Transaction.SIGHASH_DEFAULT,\n leafHash,\n );\n\n const isValid = ecc.verifySchnorr(\n sighash,\n hexToUint8Array(signerXOnly),\n hexToUint8Array(signatureRaw),\n );\n\n if (!isValid) {\n throw new Error(\n `Schnorr signature for input ${inputIndex} (signer ${signerXOnly}) does not verify ` +\n `against the expected Taproot script-path sighash. The wallet may have signed with ` +\n `the tweaked key, signed a different transaction, or returned an invalid signature.`,\n );\n }\n}\n"],"names":["assertWasmPeginSizing","result","params","expectedCount","expectedClaimValue","computeMinClaimValue","maxImpliedFee","MAX_REASONABLE_PEGIN_VBYTES","requested","peginAmount","htlcValue","impliedFee","assertEncodedHtlcOutputsMatch","outputs","htlcValues","htlcScriptPubKeys","i","encodedValue","encodedScript","expectedScript","AUTH_ANCHOR_HASH_HEX_LEN","HEX_PATTERN","buildPrePeginPsbt","authAnchorHash","normalizeAuthAnchorHash","createPrePeginTransaction","parsed","parseUnfundedWasmTransaction","totalOutputValue","sum","o","authAnchorVout","value","cleaned","buildPeginTxFromFundedPrePegin","buildPeginTxFromPrePegin","createPayoutScript","connector","createPayoutConnector","TAPROOT_SINGLE_SIG_WITNESS_STACK_SIZE","MAX_PAYOUT_FEE_FRACTION_NUMERATOR","MAX_PAYOUT_FEE_FRACTION_DENOMINATOR","buildPayoutPsbt","payoutTxHex","stripHexPrefix","peginTxHex","assertTxHex","payoutConnector","payoutScriptBytes","hexToUint8Array","controlBlock","payoutTx","Transaction","peginTx","assertTx","psbt","Psbt","input0","input1","input0Txid","uint8ArrayToHex","peginTxid","PEGIN_VAULT_OUTPUT_INDEX","input1Txid","assertTxid","ASSERT_PAYOUT_OUTPUT_INDEX","peginPrevOut","input1PrevOut","assertPayoutOutputLayout","inputValueSats","outputValueSats","out","implicitFeeSats","maxFeeSats","TAPSCRIPT_LEAF_VERSION","Buffer","tapInternalPubkey","output","args","peginValueSats","claimerBtcPubkey","vaultProviderBtcPubkey","depositorBtcPubkey","vaultKeeperBtcPubkeys","registeredPayoutScriptPubKey","commissionBps","isValidHex","claimer","vp","dep","keepers","k","role","expectedOutCount","expectedOut0ScriptHex","VP_CLAIMER_PAYOUT_OUTPUT_COUNT","NON_VP_CLAIMER_PAYOUT_OUTPUT_COUNT","deriveBip86ScriptPubKeyHex","expectedOut0Script","anchorIdx","PAYOUT_ANCHOR_DUST_SATS","MAX_VP_COMMISSION_BPS_EXCLUSIVE","maxCommissionSats","extractPayoutSignature","signedPsbtHex","depositorPubkey","inputIndex","signedPsbt","input","depositorPubkeyBytes","sigEntry","extractSchnorrSig","witnessStack","parseWitnessStack","sig","witness","items","offset","requireBytes","n","readVarInt","first","val","count","len","PsbtSubstitutionError","detail","parsePsbt","label","hex","cause","reason","REDACTED_HEX_PREFIX_LEN","redactHex","buf","redactTxid","internalHash","reversed","assertPsbtUnsignedTxMatches","returned","r","s","COMPACT_SIZE_UINT16_PREFIX","COMPACT_SIZE_UINT32_PREFIX","COMPACT_SIZE_UINT16_MAX","COMPACT_SIZE_UINT32_MAX","encodeCompactSize","TAPLEAF_TAG","computeTapLeafHash","leafVersion","script","preimage","bcrypto","assertScriptPathSchnorrSignature","requestedPsbtHex","signatureHex","signerXOnlyPubkeyHex","signatureRaw","SCHNORR_SIG_HEX_LEN","signerXOnly","X_ONLY_PUBKEY_HEX_LEN","prevOutScripts","values","witnessUtxo","tapLeafScripts","leaf","leafHash","tx","sighash","ecc"],"mappings":";;;;;;;AA4CA,eAAsBA,GACpBC,GACAC,GACe;AACf,QAAMC,IAAgBD,EAAO,aAAa;AAI1C,MAAID,EAAO,WAAW,WAAWE;AAC/B,UAAM,IAAI;AAAA,MACR,2BAA2BF,EAAO,WAAW,MAAM,4BACrCE,CAAa;AAAA,IAAA;AAG/B,MACEF,EAAO,aAAa,WAAWE,KAC/BF,EAAO,kBAAkB,WAAWE,KACpCF,EAAO,cAAc,WAAWE;AAEhC,UAAM,IAAI;AAAA,MACR,gEACiBF,EAAO,WAAW,MAAM,kBACvBA,EAAO,aAAa,MAAM,uBACrBA,EAAO,kBAAkB,MAAM,mBACnCA,EAAO,cAAc,MAAM,eAChCE,CAAa;AAAA,IAAA;AAO/B,MAAIF,EAAO,uBAAuB;AAChC,UAAM,IAAI;AAAA,MACR,4DACKA,EAAO,mBAAmB;AAAA,IAAA;AAGnC,QAAMG,IAAqB,MAAMC;AAAA,IAC/BH,EAAO;AAAA,IACPA,EAAO,2BAA2B;AAAA,IAClCA,EAAO;AAAA,IACPA,EAAO;AAAA,IACPA,EAAO;AAAA,EAAA;AAET,MAAID,EAAO,wBAAwBG;AACjC,UAAM,IAAI;AAAA,MACR,sCAAsCH,EAAO,mBAAmB,kEAE3DG,CAAkB,yBAAyBF,EAAO,mBAAmB,6BAC7CA,EAAO,2BAA2B,MAAM,mBAClDA,EAAO,aAAa,iBAAiBA,EAAO,WAAW,aAC7DA,EAAO,OAAO;AAAA,IAAA;AAI/B,QAAMI,IAAgBJ,EAAO,kBAAkBK;AAE/C,WAAS,IAAI,GAAG,IAAIJ,GAAe,KAAK;AACtC,UAAMK,IAAYN,EAAO,aAAa,CAAC,GACjCO,IAAcR,EAAO,aAAa,CAAC,GACnCS,IAAYT,EAAO,WAAW,CAAC;AAOrC,QAAIQ,MAAgBD;AAClB,YAAM,IAAI;AAAA,QACR,8BAA8B,CAAC,KAAKC,CAAW,wCACzBD,CAAS;AAAA,MAAA;AAInC,QAAIC,KAAe;AACjB,YAAM,IAAI;AAAA,QACR,8BAA8B,CAAC,sBAAsBA,CAAW;AAAA,MAAA;AAIpE,QAAIC,KAAa;AACf,YAAM,IAAI;AAAA,QACR,4BAA4B,CAAC,sBAAsBA,CAAS;AAAA,MAAA;AAQhE,UAAMC,IAAaD,IAAYD,IAAcR,EAAO;AACpD,QAAIU,KAAc;AAChB,YAAM,IAAI;AAAA,QACR,4BAA4B,CAAC,KAAKD,CAAS,wCAC1BD,CAAW,0BACvBR,EAAO,mBAAmB,+BAC1BU,CAAU;AAAA,MAAA;AAGnB,QAAIA,IAAaL;AACf,YAAM,IAAI;AAAA,QACR,6CAA6C,CAAC,MAAMK,CAAU,sCAC5BL,CAAa,yBACzBJ,EAAO,eAAe,MACvCK,CAA2B,uBAAuBG,CAAS;AAAA,MAAA;AAAA,EAItE;AACF;AAwBO,SAASE,GACdC,GACAC,GACAC,GACM;AACN,MAAIF,EAAQ,SAASC,EAAW;AAC9B,UAAM,IAAI;AAAA,MACR,4BAA4BD,EAAQ,MAAM,8BACrCC,EAAW,MAAM;AAAA,IAAA;AAI1B,WAASE,IAAI,GAAGA,IAAIF,EAAW,QAAQE,KAAK;AAC1C,UAAMC,IAAe,OAAOJ,EAAQG,CAAC,EAAE,KAAK;AAC5C,QAAIC,MAAiBH,EAAWE,CAAC;AAC/B,YAAM,IAAI;AAAA,QACR,iCAAiCA,CAAC,WAAWC,CAAY,+CAClBH,EAAWE,CAAC,CAAC;AAAA,MAAA;AAKxD,UAAME,IAAgBL,EAAQG,CAAC,EAAE,OAAO,SAAS,KAAK,EAAE,YAAA,GAClDG,IAAiBJ,EAAkBC,CAAC,EAAE,YAAA;AAC5C,QAAIE,MAAkBC;AACpB,YAAM,IAAI;AAAA,QACR,iCAAiCH,CAAC,kBAAkBE,CAAa,sDACfC,CAAc;AAAA,MAAA;AAAA,EAGtE;AACF;ACxIA,MAAMC,IAA2B,IAE3BC,KAAc;AA2EpB,eAAsBC,GACpBpB,GAC6B;AAC7B,QAAMqB,IAAiBC,EAAwBtB,EAAO,cAAc,GAE9DD,IAAS,MAAMwB,EAA0B;AAAA,IAC7C,iBAAiBvB,EAAO;AAAA,IACxB,qBAAqBA,EAAO;AAAA,IAC5B,oBAAoBA,EAAO;AAAA,IAC3B,4BAA4BA,EAAO;AAAA,IACnC,WAAW,CAAC,GAAGA,EAAO,SAAS;AAAA,IAC/B,gBAAgBA,EAAO;AAAA,IACvB,cAAc,CAAC,GAAGA,EAAO,YAAY;AAAA,IACrC,SAASA,EAAO;AAAA,IAChB,iBAAiBA,EAAO;AAAA,IACxB,qBAAqBA,EAAO;AAAA,IAC5B,eAAeA,EAAO;AAAA,IACtB,aAAaA,EAAO;AAAA,IACpB,SAASA,EAAO;AAAA,IAChB,gBAAAqB;AAAA,EAAA,CACD;AAMD,QAAMvB,GAAsBC,GAAQC,CAAM;AAK1C,QAAMwB,IAASC,GAA6B1B,EAAO,KAAK;AAMxD,EAAAW;AAAA,IACEc,EAAO;AAAA,IACPzB,EAAO;AAAA,IACPA,EAAO;AAAA,EAAA;AAGT,QAAM2B,IAAmBF,EAAO,QAAQ;AAAA,IACtC,CAACG,GAAKC,MAAMD,IAAM,OAAOC,EAAE,KAAK;AAAA,IAChC;AAAA,EAAA,GAKIC,IACJR,MAAmB,SAAYtB,EAAO,WAAW,SAAS;AAE5D,SAAO;AAAA,IACL,SAASA,EAAO;AAAA,IAChB,kBAAA2B;AAAA,IACA,YAAY3B,EAAO;AAAA,IACnB,mBAAmBA,EAAO;AAAA,IAC1B,eAAeA,EAAO;AAAA,IACtB,cAAcA,EAAO;AAAA,IACrB,qBAAqBA,EAAO;AAAA,IAC5B,gBAAA8B;AAAA,EAAA;AAEJ;AAMO,SAASP,EACdQ,GACoB;AACpB,MAAIA,MAAU,OAAW;AACzB,QAAMC,IACJD,EAAM,WAAW,IAAI,KAAKA,EAAM,WAAW,IAAI,IAAIA,EAAM,MAAM,CAAC,IAAIA;AACtE,MACEC,EAAQ,WAAWb,KACnB,CAACC,GAAY,KAAKY,CAAO;AAEzB,UAAM,IAAI;AAAA,MACR,uCAAuCb,CAAwB,qCAAqCa,EAAQ,MAAM;AAAA,IAAA;AAGtH,SAAOA,EAAQ,YAAA;AACjB;AAYA,eAAsBC,GACpBhC,GACwB;AAMxB,QAAMD,IAAS,MAAMkC;AAAA,IACnB;AAAA,MACE,iBAAiBjC,EAAO,eAAe;AAAA,MACvC,qBAAqBA,EAAO,eAAe;AAAA,MAC3C,oBAAoBA,EAAO,eAAe;AAAA,MAC1C,4BACEA,EAAO,eAAe;AAAA,MACxB,WAAW,CAAC,GAAGA,EAAO,eAAe,SAAS;AAAA,MAC9C,gBAAgBA,EAAO,eAAe;AAAA,MACtC,cAAc,CAAC,GAAGA,EAAO,eAAe,YAAY;AAAA,MACpD,SAASA,EAAO,eAAe;AAAA,MAC/B,iBAAiBA,EAAO,eAAe;AAAA,MACvC,qBAAqBA,EAAO,eAAe;AAAA,MAC3C,eAAeA,EAAO,eAAe;AAAA,MACrC,aAAaA,EAAO,eAAe;AAAA,MACnC,SAASA,EAAO,eAAe;AAAA,MAC/B,gBAAgBsB;AAAA,QACdtB,EAAO,eAAe;AAAA,MAAA;AAAA,IACxB;AAAA,IAEFA,EAAO;AAAA,IACPA,EAAO;AAAA,IACPA,EAAO;AAAA,EAAA;AAGT,SAAO;AAAA,IACL,OAAOD,EAAO;AAAA,IACd,MAAMA,EAAO;AAAA,IACb,mBAAmBA,EAAO;AAAA,IAC1B,YAAYA,EAAO;AAAA,EAAA;AAEvB;AC/IA,eAAsBmC,GACpBlC,GAC6B;AAE7B,QAAMmC,IAAY,MAAMC;AAAA,IACtB;AAAA,MACE,WAAWpC,EAAO;AAAA,MAClB,eAAeA,EAAO;AAAA,MACtB,cAAcA,EAAO;AAAA,MACrB,sBAAsBA,EAAO;AAAA,MAC7B,eAAeA,EAAO;AAAA,IAAA;AAAA,IAExBA,EAAO;AAAA,EAAA;AAGT,SAAO;AAAA,IACL,cAAcmC,EAAU;AAAA,IACxB,mBAAmBA,EAAU;AAAA,IAC7B,cAAcA,EAAU;AAAA,IACxB,SAASA,EAAU;AAAA,IACnB,oBAAoBA,EAAU;AAAA,EAAA;AAElC;ACvHA,MAAME,IAAwC,GAQxCC,IAAoC,IACpCC,IAAsC;AAoH5C,eAAsBC,GACpBxC,GAC2B;AAE3B,QAAMyC,IAAcC,EAAe1C,EAAO,WAAW,GAC/C2C,IAAaD,EAAe1C,EAAO,UAAU,GAC7C4C,IAAcF,EAAe1C,EAAO,WAAW,GAG/C6C,IAAkB,MAAMX,GAAmB;AAAA,IAC/C,WAAWlC,EAAO;AAAA,IAClB,eAAeA,EAAO;AAAA,IACtB,cAAcA,EAAO;AAAA,IACrB,sBAAsBA,EAAO;AAAA,IAC7B,eAAeA,EAAO;AAAA,IACtB,SAASA,EAAO;AAAA,EAAA,CACjB,GAEK8C,IAAoBC,EAAgBF,EAAgB,YAAY,GAChEG,IAAeD,EAAgBF,EAAgB,kBAAkB,GAGjEI,IAAWC,EAAY,QAAQT,CAAW,GAC1CU,IAAUD,EAAY,QAAQP,CAAU,GACxCS,IAAWF,EAAY,QAAQN,CAAW,GAG1CS,IAAO,IAAIC,EAAA;AAajB,MAZAD,EAAK,WAAWJ,EAAS,OAAO,GAChCI,EAAK,YAAYJ,EAAS,QAAQ,GAW9BA,EAAS,IAAI,WAAW;AAC1B,UAAM,IAAI;AAAA,MACR,sDAAsDA,EAAS,IAAI,MAAM;AAAA,IAAA;AAI7E,QAAMM,IAASN,EAAS,IAAI,CAAC,GACvBO,IAASP,EAAS,IAAI,CAAC,GAMvBQ,IAAaC;AAAA,IACjB,IAAI,WAAWH,EAAO,IAAI,EAAE,MAAA,EAAQ,QAAA;AAAA,EAAQ,GAExCI,IAAYR,EAAQ,MAAA;AAE1B,MAAIM,MAAeE,KAAaJ,EAAO,UAAUK;AAC/C,UAAM,IAAI;AAAA,MACR,4BAA4BA,CAAwB,cACtCD,CAAS,IAAIC,CAAwB,SAASH,CAAU,IAAIF,EAAO,KAAK;AAAA,IAAA;AAK1F,QAAMM,IAAaH;AAAA,IACjB,IAAI,WAAWF,EAAO,IAAI,EAAE,MAAA,EAAQ,QAAA;AAAA,EAAQ,GAExCM,IAAaV,EAAS,MAAA;AAE5B,MAAIS,MAAeC,KAAcN,EAAO,UAAUO;AAChD,UAAM,IAAI;AAAA,MACR,6BAA6BA,CAA0B,cACzCD,CAAU,IAAIC,CAA0B,SAASF,CAAU,IAAIL,EAAO,KAAK;AAAA,IAAA;AAI7F,QAAMQ,IAAeb,EAAQ,KAAKI,EAAO,KAAK;AAC9C,MAAI,CAACS;AACH,UAAM,IAAI;AAAA,MACR,gDAAgDP,CAAU,YAAYF,EAAO,KAAK;AAAA,IAAA;AAItF,QAAMU,IAAgBb,EAAS,KAAKI,EAAO,KAAK;AAChD,MAAI,CAACS;AACH,UAAM,IAAI;AAAA,MACR,gDAAgDJ,CAAU,YAAYL,EAAO,KAAK;AAAA,IAAA;AAMtF,EAAAU,GAAyB;AAAA,IACvB,UAAAjB;AAAA,IACA,gBAAgBe,EAAa;AAAA,IAC7B,kBAAkBhE,EAAO;AAAA,IACzB,wBAAwBA,EAAO;AAAA,IAC/B,oBAAoBA,EAAO;AAAA,IAC3B,uBAAuBA,EAAO;AAAA,IAC9B,8BAA8BA,EAAO;AAAA,IACrC,eAAeA,EAAO;AAAA,EAAA,CACvB;AAID,QAAMmE,IAAiBH,EAAa,QAAQC,EAAc;AAC1D,MAAIG,IAAkB;AACtB,aAAWC,KAAOpB,EAAS,KAAM,CAAAmB,KAAmBC,EAAI;AACxD,MAAID,IAAkBD;AACpB,UAAM,IAAI;AAAA,MACR,mBAAmBC,CAAe,yBAC5BD,CAAc;AAAA,IAAA;AAGxB,QAAMG,IAAkBH,IAAiBC,GACnCG,IAAa,KAAK;AAAA,IACrBJ,IAAiB7B,IAChBC;AAAA,EAAA;AAEJ,MAAI+B,IAAkBC;AACpB,UAAM,IAAI;AAAA,MACR,uBAAuBD,CAAe,mCAC9BC,CAAU,UACZjC,CAAiC,IAAIC,CAAmC,cAC/D4B,CAAc;AAAA,IAAA;AAMjC,EAAAd,EAAK,SAAS;AAAA,IACZ,MAAME,EAAO;AAAA,IACb,OAAOA,EAAO;AAAA,IACd,UAAUA,EAAO;AAAA,IACjB,aAAa;AAAA,MACX,QAAQS,EAAa;AAAA,MACrB,OAAOA,EAAa;AAAA,IAAA;AAAA,IAEtB,eAAe;AAAA,MACb;AAAA,QACE,aAAaQ;AAAA,QACb,QAAQC,EAAO,KAAK3B,CAAiB;AAAA,QACrC,cAAc2B,EAAO,KAAKzB,CAAY;AAAA,MAAA;AAAA,IACxC;AAAA,IAEF,gBAAgByB,EAAO,KAAKC,EAAiB;AAAA;AAAA,EAAA,CAE9C,GAKDrB,EAAK,SAAS;AAAA,IACZ,MAAMG,EAAO;AAAA,IACb,OAAOA,EAAO;AAAA,IACd,UAAUA,EAAO;AAAA,IACjB,aAAa;AAAA,MACX,QAAQS,EAAc;AAAA,MACtB,OAAOA,EAAc;AAAA,IAAA;AAAA;AAAA,EACvB,CAED;AAGD,aAAWU,KAAU1B,EAAS;AAC5B,IAAAI,EAAK,UAAU;AAAA,MACb,QAAQsB,EAAO;AAAA,MACf,OAAOA,EAAO;AAAA,IAAA,CACf;AAGH,SAAO;AAAA,IACL,SAAStB,EAAK,MAAA;AAAA,EAAM;AAExB;AAeA,SAASa,GAAyBU,GASzB;AACP,QAAM;AAAA,IACJ,UAAA3B;AAAA,IACA,gBAAA4B;AAAA,IACA,kBAAAC;AAAA,IACA,wBAAAC;AAAA,IACA,oBAAAC;AAAA,IACA,uBAAAC;AAAA,IACA,8BAAAC;AAAA,IACA,eAAAC;AAAA,EAAA,IACEP;AAEJ,MAAI,CAACQ,GAAWF,CAA4B;AAC1C,UAAM,IAAI,MAAM,qDAAqD;AAGvE,QAAMG,IAAU3C,EAAeoC,CAAgB,EAAE,YAAA,GAC3CQ,IAAK5C,EAAeqC,CAAsB,EAAE,YAAA,GAC5CQ,IAAM7C,EAAesC,CAAkB,EAAE,YAAA,GACzCQ,IAAUP,EAAsB;AAAA,IAAI,CAACQ,MACzC/C,EAAe+C,CAAC,EAAE,YAAA;AAAA,EAAY;AAIhC,MAAIC,GACAC,GACAC;AAEJ,MAAIP,MAAYC;AACd,IAAAI,IAAO,cACPC,IAAmBE,IACnBD,IAAwBlD,EAAewC,CAA4B;AAAA,WAC1DG,MAAYE;AACrB,IAAAG,IAAO,wBACPC,IAAmBG,GACnBF,IAAwBlD,EAAewC,CAA4B;AAAA,WAC1DM,EAAQ,SAASH,CAAO;AACjC,IAAAK,IAAO,cACPC,IAAmBG,GACnBF,IAAwBlD,EAAeqD,GAA2BV,CAAO,CAAC;AAAA;AAE1E,UAAM,IAAI;AAAA,MACR,0BAA0BA,CAAO;AAAA,IAAA;AAIrC,MAAIpC,EAAS,KAAK,WAAW0C;AAC3B,UAAM,IAAI;AAAA,MACR,0BAA0B1C,EAAS,KAAK,MAAM,gCACxB0C,CAAgB,aAAaD,CAAI;AAAA,IAAA;AAI3D,QAAMM,IAAqBvB,EAAO,KAAKmB,GAAuB,KAAK;AACnE,MAAI,CAAC3C,EAAS,KAAK,CAAC,EAAE,OAAO,OAAO+C,CAAkB;AACpD,UAAM,IAAI;AAAA,MACR,+EAA+EN,CAAI;AAAA,IAAA;AAIvF,QAAMO,IAAYN,IAAmB;AACrC,MAAI1C,EAAS,KAAKgD,CAAS,EAAE,UAAUC;AACrC,UAAM,IAAI;AAAA,MACR,2BAA2BD,CAAS,WAAWhD,EAAS,KAAKgD,CAAS,EAAE,KAAK,oBAC7DC,CAAuB;AAAA,IAAA;AAI3C,MAAIR,MAAS,cAAc;AAKzB,QACE,CAAC,OAAO,UAAUP,CAAa,KAC/BA,IAAgB,KAChBA,KAAiBgB;AAEjB,YAAM,IAAI;AAAA,QACR,2CACSA,CAA+B,UAAUhB,CAAa;AAAA,MAAA;AAGnE,UAAMiB,IAAoB,KAAK;AAAA,MAC5BvB,IAAiBM,IAAiBgB;AAAA,IAAA;AAErC,QAAIlD,EAAS,KAAK,CAAC,EAAE,QAAQmD;AAC3B,YAAM,IAAI;AAAA,QACR,sCAAsCnD,EAAS,KAAK,CAAC,EAAE,KAAK,qBAC3CmD,CAAiB,UAC5BjB,CAAa,sBAAsBN,CAAc;AAAA,MAAA;AAAA,EAG7D;AACF;AAqBO,SAASwB,GACdC,GACAC,GACAC,IAAa,GACL;AACR,QAAMC,IAAanD,EAAK,QAAQgD,CAAa;AAE7C,MAAIE,KAAcC,EAAW,KAAK,OAAO;AACvC,UAAM,IAAI;AAAA,MACR,eAAeD,CAAU,kBAAkBC,EAAW,KAAK,OAAO,MAAM;AAAA,IAAA;AAI5E,QAAMC,IAAQD,EAAW,KAAK,OAAOD,CAAU;AAG/C,MAAIE,EAAM,gBAAgBA,EAAM,aAAa,SAAS,GAAG;AACvD,UAAMC,IAAuB5D,EAAgBwD,CAAe;AAE5D,eAAWK,KAAYF,EAAM;AAC3B,UAAIE,EAAS,OAAO,OAAOnC,EAAO,KAAKkC,CAAoB,CAAC;AAC1D,eAAOE,EAAkBD,EAAS,WAAWJ,CAAU;AAI3D,UAAM,IAAI;AAAA,MACR,4CAA4CD,CAAe,aAAaC,CAAU;AAAA,IAAA;AAAA,EAEtF;AAQA,MAAIE,EAAM,sBAAsBA,EAAM,mBAAmB,SAAS,GAAG;AACnE,UAAMI,IAAeC,GAAkBL,EAAM,kBAAkB;AAC/D,QAAII,EAAa,WAAWzE;AAC1B,YAAM,IAAI;AAAA,QACR,oDAAoDmE,CAAU,cAChDnE,CAAqC,iDAC1CyE,EAAa,MAAM;AAAA,MAAA;AAGhC,WAAOD,EAAkBC,EAAa,CAAC,GAAGN,CAAU;AAAA,EACtD;AAEA,QAAM,IAAI;AAAA,IACR,uEAAuEA,CAAU;AAAA,EAAA;AAErF;AASA,SAASK,EAAkBG,GAAiBR,GAA4B;AACtE,MAAIQ,EAAI,WAAW;AACjB,WAAOtD,EAAgB,IAAI,WAAWsD,CAAG,CAAC;AAE5C,QAAIA,EAAI,WAAW,KACX,IAAI;AAAA,IACR,6BAA6BA,EAAI,EAAE,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,aAAaR,CAAU;AAAA,EAAA,IAIvF,IAAI;AAAA,IACR,wCAAwCA,CAAU,KAAKQ,EAAI,MAAM;AAAA,EAAA;AAErE;AAUA,SAASD,GAAkBE,GAA2B;AACpD,QAAMC,IAAkB,CAAA;AACxB,MAAIC,IAAS;AAEb,QAAMC,IAAe,CAACC,MAAoB;AACxC,QAAIF,IAASE,IAAIJ,EAAQ;AACvB,YAAM,IAAI;AAAA,QACR,gCAAgCI,CAAC,sBAAsBF,CAAM,UAAUF,EAAQ,SAASE,CAAM;AAAA,MAAA;AAAA,EAGpG,GAEMG,IAAa,MAAc;AAC/B,IAAAF,EAAa,CAAC;AACd,UAAMG,IAAQN,EAAQE,GAAQ;AAC9B,QAAII,IAAQ,IAAM,QAAOA;AACzB,QAAIA,MAAU,KAAM;AAClB,MAAAH,EAAa,CAAC;AACd,YAAMI,KAAOP,EAAQE,CAAM,IAAKF,EAAQE,IAAS,CAAC,KAAK,OAAQ;AAC/D,aAAAA,KAAU,GACHK;AAAA,IACT;AACA,QAAID,MAAU,KAAM;AAClB,MAAAH,EAAa,CAAC;AACd,YAAMI,KACHP,EAAQE,CAAM,IACZF,EAAQE,IAAS,CAAC,KAAK,IACvBF,EAAQE,IAAS,CAAC,KAAK,KACvBF,EAAQE,IAAS,CAAC,KAAK,QAC1B;AACF,aAAAA,KAAU,GACHK;AAAA,IACT;AAIA,UAAM,IAAI;AAAA,MACR,wEAAwEL,IAAS,CAAC;AAAA,IAAA;AAAA,EAEtF,GAEMM,IAAQH,EAAA;AACd,WAASxG,IAAI,GAAGA,IAAI2G,GAAO3G,KAAK;AAC9B,UAAM4G,IAAMJ,EAAA;AACZ,IAAAF,EAAaM,CAAG,GAChBR,EAAM,KAAKzC,EAAO,KAAKwC,EAAQ,SAASE,GAAQA,IAASO,CAAG,CAAC,CAAC,GAC9DP,KAAUO;AAAA,EACZ;AAEA,MAAIP,MAAWF,EAAQ;AACrB,UAAM,IAAI;AAAA,MACR,2BAA2BA,EAAQ,SAASE,CAAM,mCAAmCM,CAAK;AAAA,IAAA;AAI9F,SAAOP;AACT;AC9lBO,MAAMS,UAA8B,MAAM;AAAA,EAC/C,YAAYC,GAAgB;AAC1B;AAAA,MACE,uDAAuDA,CAAM;AAAA,IAAA,GAE/D,KAAK,OAAO;AAAA,EACd;AACF;AASA,SAASC,EAAUC,GAAiCC,GAAmB;AACrE,MAAI;AACF,WAAOzE,EAAK,QAAQyE,CAAG;AAAA,EACzB,SAASC,GAAO;AACd,UAAMC,IAASD,aAAiB,QAAQA,EAAM,UAAU,OAAOA,CAAK;AACpE,UAAM,IAAI,MAAM,mBAAmBF,CAAK,UAAUG,CAAM,EAAE;AAAA,EAC5D;AACF;AAOA,MAAMC,KAA0B;AAEhC,SAASC,EAAUC,GAAqB;AACtC,SAAO,GAAGA,EAAI,SAAS,KAAK,EAAE,MAAM,GAAGF,EAAuB,CAAC;AACjE;AAQA,SAASG,EAAWC,GAA8B;AAChD,QAAMC,IAAW9D,EAAO,KAAK6D,CAAY,EAAE,QAAA;AAC3C,SAAOH,EAAUI,CAAQ;AAC3B;AASO,SAASC,GACdxI,GACM;AACN,QAAMM,IAAYuH,EAAU,aAAa7H,EAAO,gBAAgB,GAC1DyI,IAAWZ,EAAU,YAAY7H,EAAO,eAAe;AAE7D,MAAIM,EAAU,YAAYmI,EAAS;AACjC,UAAM,IAAId;AAAA,MACR,iCAAiCrH,EAAU,OAAO,cAAcmI,EAAS,OAAO;AAAA,IAAA;AAGpF,MAAInI,EAAU,aAAamI,EAAS;AAClC,UAAM,IAAId;AAAA,MACR,kCAAkCrH,EAAU,QAAQ,cAAcmI,EAAS,QAAQ;AAAA,IAAA;AAGvF,MAAInI,EAAU,SAAS,WAAWmI,EAAS,SAAS;AAClD,UAAM,IAAId;AAAA,MACR,kCAAkCrH,EAAU,SAAS,MAAM,cAAcmI,EAAS,SAAS,MAAM;AAAA,IAAA;AAGrG,MAAInI,EAAU,UAAU,WAAWmI,EAAS,UAAU;AACpD,UAAM,IAAId;AAAA,MACR,mCAAmCrH,EAAU,UAAU,MAAM,cAAcmI,EAAS,UAAU,MAAM;AAAA,IAAA;AAGxG,WAAS3H,IAAI,GAAGA,IAAIR,EAAU,SAAS,QAAQQ,KAAK;AAClD,UAAM4H,IAAIpI,EAAU,SAASQ,CAAC,GACxB6H,IAAIF,EAAS,SAAS3H,CAAC;AAC7B,QAAI,CAAC4H,EAAE,KAAK,OAAOC,EAAE,IAAI;AACvB,YAAM,IAAIhB;AAAA,QACR,SAAS7G,CAAC,oCAAoCuH,EAAWK,EAAE,IAAI,CAAC,cAAcL,EAAWM,EAAE,IAAI,CAAC;AAAA,MAAA;AAGpG,QAAID,EAAE,UAAUC,EAAE;AAChB,YAAM,IAAIhB;AAAA,QACR,SAAS7G,CAAC,oCAAoC4H,EAAE,KAAK,cAAcC,EAAE,KAAK;AAAA,MAAA;AAG9E,QAAID,EAAE,aAAaC,EAAE;AACnB,YAAM,IAAIhB;AAAA,QACR,SAAS7G,CAAC,gCAAgC4H,EAAE,QAAQ,cAAcC,EAAE,QAAQ;AAAA,MAAA;AAAA,EAGlF;AACA,WAAS7H,IAAI,GAAGA,IAAIR,EAAU,UAAU,QAAQQ,KAAK;AACnD,UAAM4H,IAAIpI,EAAU,UAAUQ,CAAC,GACzB6H,IAAIF,EAAS,UAAU3H,CAAC;AAC9B,QAAI,CAAC4H,EAAE,OAAO,OAAOC,EAAE,MAAM;AAC3B,YAAM,IAAIhB;AAAA,QACR,UAAU7G,CAAC,oCAAoCqH,EAAUO,EAAE,MAAM,CAAC,cAAcP,EAAUQ,EAAE,MAAM,CAAC;AAAA,MAAA;AAGvG,QAAID,EAAE,UAAUC,EAAE;AAChB,YAAM,IAAIhB;AAAA,QACR,UAAU7G,CAAC,6BAA6B4H,EAAE,KAAK,cAAcC,EAAE,KAAK;AAAA,MAAA;AAAA,EAG1E;AACF;ACtFA,MAAMC,IAA6B,KAC7BC,KAA6B,KAC7BC,KAA0B,OAC1BC,KAA0B;AAOhC,SAASC,GAAkB3B,GAAmB;AAC5C,MAAIA,IAAIuB;AACN,WAAOnE,EAAO,KAAK,CAAC4C,CAAC,CAAC;AAExB,MAAIA,KAAKyB,IAAyB;AAChC,UAAMhH,IAAQ2C,EAAO,MAAM,CAAC;AAC5B,WAAA3C,EAAM,cAAcuF,CAAC,GACd5C,EAAO,OAAO,CAACA,EAAO,KAAK,CAACmE,CAA0B,CAAC,GAAG9G,CAAK,CAAC;AAAA,EACzE;AACA,MAAIuF,KAAK0B,IAAyB;AAChC,UAAMjH,IAAQ2C,EAAO,MAAM,CAAC;AAC5B,WAAA3C,EAAM,cAAcuF,CAAC,GACd5C,EAAO,OAAO,CAACA,EAAO,KAAK,CAACoE,EAA0B,CAAC,GAAG/G,CAAK,CAAC;AAAA,EACzE;AACA,QAAM,IAAI,MAAM,8CAA8CuF,CAAC,QAAQ;AACzE;AAGA,MAAM4B,KAAc;AAMpB,SAASC,GAAmBC,GAAqBC,GAA4B;AAC3E,QAAMC,IAAW5E,EAAO,OAAO;AAAA,IAC7BA,EAAO,KAAK,CAAC0E,CAAW,CAAC;AAAA,IACzBH,GAAkBI,EAAO,MAAM;AAAA,IAC/B3E,EAAO,KAAK2E,CAAM;AAAA,EAAA,CACnB;AACD,SAAOE,GAAQ,WAAWL,IAAaI,CAAQ;AACjD;AAyBO,SAASE,GACdvJ,GACM;AACN,QAAM,EAAE,kBAAAwJ,GAAkB,cAAAC,GAAc,sBAAAC,GAAsB,YAAAlD,MAC5DxG,GAEI2J,IAAejH,EAAe+G,CAAY;AAChD,MAAIE,EAAa,WAAWC;AAC1B,UAAM,IAAI;AAAA,MACR,+BAA+BpD,CAAU,YAAYoD,CAAmB,8BACnDD,EAAa,MAAM;AAAA,IAAA;AAI5C,QAAME,IAAcnH,EAAegH,CAAoB;AACvD,MAAIG,EAAY,WAAWC;AACzB,UAAM,IAAI;AAAA,MACR,kCAAkCtD,CAAU,YAAYsD,CAAqB,8BACxDD,EAAY,MAAM;AAAA,IAAA;AAI3C,QAAMxG,IAAOC,EAAK,QAAQkG,CAAgB;AAE1C,MAAIhD,IAAa,KAAKA,KAAcnD,EAAK,KAAK,OAAO;AACnD,UAAM,IAAI;AAAA,MACR,eAAemD,CAAU,kBAAkBnD,EAAK,KAAK,OAAO,MAAM;AAAA,IAAA;AAOtE,QAAM0G,IAA2B,CAAA,GAC3BC,IAAmB,CAAA;AACzB,WAASlJ,IAAI,GAAGA,IAAIuC,EAAK,KAAK,OAAO,QAAQvC,KAAK;AAChD,UAAMmJ,IAAc5G,EAAK,KAAK,OAAOvC,CAAC,EAAE;AACxC,QAAI,CAACmJ;AACH,YAAM,IAAI;AAAA,QACR,kCAAkCnJ,CAAC;AAAA,MAAA;AAIvC,IAAAiJ,EAAe,KAAKE,EAAY,MAAM,GACtCD,EAAO,KAAKC,EAAY,KAAK;AAAA,EAC/B;AAKA,QAAMC,IAAiB7G,EAAK,KAAK,OAAOmD,CAAU,EAAE;AACpD,MAAI,CAAC0D,KAAkBA,EAAe,WAAW;AAC/C,UAAM,IAAI;AAAA,MACR,kCAAkC1D,CAAU,oEAChB0D,KAAA,gBAAAA,EAAgB,WAAU,CAAC;AAAA,IAAA;AAG3D,QAAMC,IAAOD,EAAe,CAAC;AAC7B,MAAIC,EAAK,gBAAgB3F;AACvB,UAAM,IAAI;AAAA,MACR,kCAAkCgC,CAAU,qCACrC2D,EAAK,YAAY,SAAS,EAAE,CAAC,gBAAgB3F,EAAuB,SAAS,EAAE,CAAC;AAAA,IAAA;AAI3F,QAAM4F,IAAWlB,GAAmBiB,EAAK,aAAaA,EAAK,MAAM,GAK3DE,IAAK,IAAInH,EAAA;AACf,EAAAmH,EAAG,UAAUhH,EAAK,SAClBgH,EAAG,WAAWhH,EAAK;AACnB,aAAWqD,KAASrD,EAAK;AACvB,IAAAgH,EAAG,SAAS3D,EAAM,MAAMA,EAAM,OAAOA,EAAM,QAAQ;AAErD,aAAW/B,KAAUtB,EAAK;AACxB,IAAAgH,EAAG,UAAU1F,EAAO,QAAQA,EAAO,KAAK;AAG1C,QAAM2F,IAAUD,EAAG;AAAA,IACjB7D;AAAA,IACAuD;AAAA,IACAC;AAAA,IACA9G,EAAY;AAAA,IACZkH;AAAA,EAAA;AASF,MAAI,CANYG,GAAI;AAAA,IAClBD;AAAA,IACAvH,EAAgB8G,CAAW;AAAA,IAC3B9G,EAAgB4G,CAAY;AAAA,EAAA;AAI5B,UAAM,IAAI;AAAA,MACR,+BAA+BnD,CAAU,YAAYqD,CAAW;AAAA,IAAA;AAKtE;"}
package/dist/verifyScriptPathSchnorrSignature-Cl7tu77P.cjs ADDED
@@ -0,0 +1,2 @@
1
+ "use strict";const m=require("@babylonlabs-io/babylon-tbv-rust-wasm"),_=require("./fundPeginTransaction-DuMwnytD.cjs"),l=require("buffer"),$=require("bitcoinjs-lib"),c=require("./bitcoin-CHfKAhcI.cjs"),g=require("./constants-CSG2XeD8.cjs"),K=require("@bitcoin-js/tiny-secp256k1-asmjs");function F(e){const t=Object.create(null,{[Symbol.toStringTag]:{value:"Module"}});if(e){for(const r in e)if(r!=="default"){const n=Object.getOwnPropertyDescriptor(e,r);Object.defineProperty(t,r,n.get?n:{enumerable:!0,get:()=>e[r]})}}return t.default=e,Object.freeze(t)}const X=F(K);async function W(e,t){const r=t.pegInAmounts.length;if(e.htlcValues.length!==r)throw new Error(`WASM Pre-PegIn returned ${e.htlcValues.length} HTLC value(s), expected ${r} (one per requested deposit).`);if(e.peginAmounts.length!==r||e.htlcScriptPubKeys.length!==r||e.htlcAddresses.length!==r)throw new Error(`WASM Pre-PegIn returned mismatched array lengths (htlcValues=${e.htlcValues.length}, peginAmounts=${e.peginAmounts.length}, htlcScriptPubKeys=${e.htlcScriptPubKeys.length}, htlcAddresses=${e.htlcAddresses.length}); expected ${r} each.`);if(e.depositorClaimValue<=0n)throw new Error(`WASM Pre-PegIn returned non-positive depositorClaimValue ${e.depositorClaimValue}; expected > 0.`);const n=await m.computeMinClaimValue(t.numLocalChallengers,t.universalChallengerPubkeys.length,t.councilQuorum,t.councilSize,t.feeRate);if(e.depositorClaimValue!==n)throw new Error(`WASM Pre-PegIn depositorClaimValue ${e.depositorClaimValue} does not match the independently computed minimum claim value ${n} (numLocalChallengers=${t.numLocalChallengers}, numUniversalChallengers=${t.universalChallengerPubkeys.length}, councilQuorum=${t.councilQuorum}, councilSize=${t.councilSize}, feeRate=${t.feeRate}).`);const o=t.minPeginFeeRate*_.MAX_REASONABLE_PEGIN_VBYTES;for(let i=0;i<r;i++){const u=t.pegInAmounts[i],s=e.peginAmounts[i],a=e.htlcValues[i];if(s!==u)throw new Error(`WASM Pre-PegIn peginAmount[${i}] ${s} does not match the requested amount ${u}; refusing to build a tx whose recorded amount differs from the depositor's request.`);if(s<=0n)throw new Error(`WASM Pre-PegIn peginAmount[${i}] is non-positive (${s}); expected > 0.`);if(a<=0n)throw new Error(`WASM Pre-PegIn htlcValue[${i}] is non-positive (${a}); expected > 0.`);const h=a-s-e.depositorClaimValue;if(h<=0n)throw new Error(`WASM Pre-PegIn htlcValue[${i}] ${a} does not strictly cover peginAmount ${s} + depositorClaimValue ${e.depositorClaimValue} + a PegIn fee (implied fee ${h}).`);if(h>o)throw new Error(`WASM Pre-PegIn implied PegIn fee for HTLC[${i}] (${h} sat) exceeds the plausibility cap ${o} sat (minPeginFeeRate=${t.minPeginFeeRate} × ${_.MAX_REASONABLE_PEGIN_VBYTES} vbytes); htlcValue ${a} appears grossly inflated.`)}}function Y(e,t,r){if(e.length<t.length)throw new Error(`Encoded Pre-PegIn tx has ${e.length} output(s), fewer than the ${t.length} HTLC output(s) the cross-check validated.`);for(let n=0;n<t.length;n++){const o=BigInt(e[n].value);if(o!==t[n])throw new Error(`Encoded Pre-PegIn HTLC output[${n}] value ${o} does not match the cross-checked htlcValue ${t[n]}; the funded/signed tx would not pay the validated amount.`);const i=e[n].script.toString("hex").toLowerCase(),u=r[n].toLowerCase();if(i!==u)throw new Error(`Encoded Pre-PegIn HTLC output[${n}] scriptPubKey ${i} does not match the cross-checked htlcScriptPubKey ${u}.`)}}const O=64,z=/^[0-9a-fA-F]+$/;async function D(e){const t=C(e.authAnchorHash),r=await m.createPrePeginTransaction({depositorPubkey:e.depositorPubkey,vaultProviderPubkey:e.vaultProviderPubkey,vaultKeeperPubkeys:e.vaultKeeperPubkeys,universalChallengerPubkeys:e.universalChallengerPubkeys,hashlocks:[...e.hashlocks],timelockRefund:e.timelockRefund,pegInAmounts:[...e.pegInAmounts],feeRate:e.feeRate,minPeginFeeRate:e.minPeginFeeRate,numLocalChallengers:e.numLocalChallengers,councilQuorum:e.councilQuorum,councilSize:e.councilSize,network:e.network,authAnchorHash:t});await W(r,e);const n=_.parseUnfundedWasmTransaction(r.txHex);Y(n.outputs,r.htlcValues,r.htlcScriptPubKeys);const o=n.outputs.reduce((u,s)=>u+BigInt(s.value),0n),i=t!==void 0?r.htlcValues.length:null;return{psbtHex:r.txHex,totalOutputValue:o,htlcValues:r.htlcValues,htlcScriptPubKeys:r.htlcScriptPubKeys,htlcAddresses:r.htlcAddresses,peginAmounts:r.peginAmounts,depositorClaimValue:r.depositorClaimValue,authAnchorVout:i}}function C(e){if(e===void 0)return;const t=e.startsWith("0x")||e.startsWith("0X")?e.slice(2):e;if(t.length!==O||!z.test(t))throw new Error(`authAnchorHash must be 32-byte hex (${O} chars, no 0x prefix); got length ${t.length}`);return t.toLowerCase()}async function G(e){const t=await m.buildPeginTxFromPrePegin({depositorPubkey:e.prePeginParams.depositorPubkey,vaultProviderPubkey:e.prePeginParams.vaultProviderPubkey,vaultKeeperPubkeys:e.prePeginParams.vaultKeeperPubkeys,universalChallengerPubkeys:e.prePeginParams.universalChallengerPubkeys,hashlocks:[...e.prePeginParams.hashlocks],timelockRefund:e.prePeginParams.timelockRefund,pegInAmounts:[...e.prePeginParams.pegInAmounts],feeRate:e.prePeginParams.feeRate,minPeginFeeRate:e.prePeginParams.minPeginFeeRate,numLocalChallengers:e.prePeginParams.numLocalChallengers,councilQuorum:e.prePeginParams.councilQuorum,councilSize:e.prePeginParams.councilSize,network:e.prePeginParams.network,authAnchorHash:C(e.prePeginParams.authAnchorHash)},e.timelockPegin,e.fundedPrePeginTxHex,e.htlcVout);return{txHex:t.txHex,txid:t.txid,vaultScriptPubKey:t.vaultScriptPubKey,vaultValue:t.vaultValue}}async function M(e){const t=await m.createPayoutConnector({depositor:e.depositor,vaultProvider:e.vaultProvider,vaultKeepers:e.vaultKeepers,universalChallengers:e.universalChallengers,timelockPegin:e.timelockPegin},e.network);return{payoutScript:t.payoutScript,taprootScriptHash:t.taprootScriptHash,scriptPubKey:t.scriptPubKey,address:t.address,payoutControlBlock:t.payoutControlBlock}}const U=3,B=10,V=100;async function Q(e){const t=c.stripHexPrefix(e.payoutTxHex),r=c.stripHexPrefix(e.peginTxHex),n=c.stripHexPrefix(e.assertTxHex),o=await M({depositor:e.depositorBtcPubkey,vaultProvider:e.vaultProviderBtcPubkey,vaultKeepers:e.vaultKeeperBtcPubkeys,universalChallengers:e.universalChallengerBtcPubkeys,timelockPegin:e.timelockPegin,network:e.network}),i=c.hexToUint8Array(o.payoutScript),u=c.hexToUint8Array(o.payoutControlBlock),s=$.Transaction.fromHex(t),a=$.Transaction.fromHex(r),h=$.Transaction.fromHex(n),f=new $.Psbt;if(f.setVersion(s.version),f.setLocktime(s.locktime),s.ins.length!==2)throw new Error(`Payout transaction must have exactly 2 inputs, got ${s.ins.length}`);const P=s.ins[0],S=s.ins[1],d=c.uint8ArrayToHex(new Uint8Array(P.hash).slice().reverse()),y=a.getId();if(d!==y||P.index!==g.PEGIN_VAULT_OUTPUT_INDEX)throw new Error(`Input 0 must spend PegIn:${g.PEGIN_VAULT_OUTPUT_INDEX}. Expected ${y}:${g.PEGIN_VAULT_OUTPUT_INDEX}, got ${d}:${P.index}`);const E=c.uint8ArrayToHex(new Uint8Array(S.hash).slice().reverse()),p=h.getId();if(E!==p||S.index!==g.ASSERT_PAYOUT_OUTPUT_INDEX)throw new Error(`Input 1 must spend Assert:${g.ASSERT_PAYOUT_OUTPUT_INDEX}. Expected ${p}:${g.ASSERT_PAYOUT_OUTPUT_INDEX}, got ${E}:${S.index}`);const x=a.outs[P.index];if(!x)throw new Error(`Previous output not found for input 0 (txid: ${d}, index: ${P.index})`);const v=h.outs[S.index];if(!v)throw new Error(`Previous output not found for input 1 (txid: ${E}, index: ${S.index})`);Z({payoutTx:s,peginValueSats:x.value,claimerBtcPubkey:e.claimerBtcPubkey,vaultProviderBtcPubkey:e.vaultProviderBtcPubkey,depositorBtcPubkey:e.depositorBtcPubkey,vaultKeeperBtcPubkeys:e.vaultKeeperBtcPubkeys,registeredPayoutScriptPubKey:e.registeredPayoutScriptPubKey,commissionBps:e.commissionBps});const T=x.value+v.value;let b=0;for(const A of s.outs)b+=A.value;if(b>T)throw new Error(`Payout outputs (${b} sats) exceed inputs (${T} sats); invalid transaction.`);const k=T-b,H=Math.floor(T*B/V);if(k>H)throw new Error(`Payout implicit fee ${k} sats exceeds the safety cap of ${H} sats (${B}/${V} of inputs=${T}); refusing to sign payout.`);f.addInput({hash:P.hash,index:P.index,sequence:P.sequence,witnessUtxo:{script:x.script,value:x.value},tapLeafScript:[{leafVersion:c.TAPSCRIPT_LEAF_VERSION,script:l.Buffer.from(i),controlBlock:l.Buffer.from(u)}],tapInternalKey:l.Buffer.from(m.tapInternalPubkey)}),f.addInput({hash:S.hash,index:S.index,sequence:S.sequence,witnessUtxo:{script:v.script,value:v.value}});for(const A of s.outs)f.addOutput({script:A.script,value:A.value});return{psbtHex:f.toHex()}}function Z(e){const{payoutTx:t,peginValueSats:r,claimerBtcPubkey:n,vaultProviderBtcPubkey:o,depositorBtcPubkey:i,vaultKeeperBtcPubkeys:u,registeredPayoutScriptPubKey:s,commissionBps:a}=e;if(!c.isValidHex(s))throw new Error("Invalid registeredPayoutScriptPubKey: not valid hex");const h=c.stripHexPrefix(n).toLowerCase(),f=c.stripHexPrefix(o).toLowerCase(),P=c.stripHexPrefix(i).toLowerCase(),S=u.map(v=>c.stripHexPrefix(v).toLowerCase());let d,y,E;if(h===f)d="vp-claimer",y=g.VP_CLAIMER_PAYOUT_OUTPUT_COUNT,E=c.stripHexPrefix(s);else if(h===P)d="depositor-as-claimer",y=g.NON_VP_CLAIMER_PAYOUT_OUTPUT_COUNT,E=c.stripHexPrefix(s);else if(S.includes(h))d="vk-claimer",y=g.NON_VP_CLAIMER_PAYOUT_OUTPUT_COUNT,E=c.stripHexPrefix(c.deriveBip86ScriptPubKeyHex(h));else throw new Error(`Unknown claimer pubkey ${h}: not VP, depositor, or a registered vault keeper`);if(t.outs.length!==y)throw new Error(`Payout transaction has ${t.outs.length} output(s), expected exactly ${y} for role ${d}.`);const p=l.Buffer.from(E,"hex");if(!t.outs[0].script.equals(p))throw new Error(`Payout transaction output 0 does not pay the expected scriptPubKey for role ${d}`);const x=y-1;if(t.outs[x].value!==g.PAYOUT_ANCHOR_DUST_SATS)throw new Error(`Payout CPFP anchor (out ${x}) value ${t.outs[x].value} sats must equal ${g.PAYOUT_ANCHOR_DUST_SATS} sats`);if(d==="vp-claimer"){if(!Number.isInteger(a)||a<0||a>=g.MAX_VP_COMMISSION_BPS_EXCLUSIVE)throw new Error(`commissionBps must be an integer in [0, ${g.MAX_VP_COMMISSION_BPS_EXCLUSIVE}), got ${a}`);const v=Math.floor(r*a/g.MAX_VP_COMMISSION_BPS_EXCLUSIVE);if(t.outs[1].value>v)throw new Error(`Payout VP commission (out 1) value ${t.outs[1].value} sats exceeds cap ${v} sats (${a} bps of peginValue=${r})`)}}function j(e,t,r=0){const n=$.Psbt.fromHex(e);if(r>=n.data.inputs.length)throw new Error(`Input index ${r} out of range (${n.data.inputs.length} inputs)`);const o=n.data.inputs[r];if(o.tapScriptSig&&o.tapScriptSig.length>0){const i=c.hexToUint8Array(t);for(const u of o.tapScriptSig)if(u.pubkey.equals(l.Buffer.from(i)))return N(u.signature,r);throw new Error(`No signature found for depositor pubkey: ${t} at input ${r}`)}if(o.finalScriptWitness&&o.finalScriptWitness.length>0){const i=J(o.finalScriptWitness);if(i.length!==U)throw new Error(`Unexpected finalized witness stack size at input ${r}: expected ${U} items (signature, script, controlBlock), got ${i.length}`);return N(i[0],r)}throw new Error(`No tapScriptSig or finalScriptWitness found in signed PSBT at input ${r}`)}function N(e,t){if(e.length===64)return c.uint8ArrayToHex(new Uint8Array(e));throw e.length===65?new Error(`Unexpected sighash byte 0x${e[64].toString(16).padStart(2,"0")} at input ${t}. Expected implicit SIGHASH_DEFAULT as a 64-byte signature.`):new Error(`Unexpected signature length at input ${t}: ${e.length}`)}function J(e){const t=[];let r=0;const n=u=>{if(r+u>e.length)throw new Error(`Malformed witness data: need ${u} byte(s) at offset ${r}, only ${e.length-r} remaining`)},o=()=>{n(1);const u=e[r++];if(u<253)return u;if(u===253){n(2);const s=(e[r]|e[r+1]<<8)>>>0;return r+=2,s}if(u===254){n(4);const s=(e[r]|e[r+1]<<8|e[r+2]<<16|e[r+3]<<24)>>>0;return r+=4,s}throw new Error(`Malformed witness data: 8-byte varint (0xff) not supported at offset ${r-1}`)},i=o();for(let u=0;u<i;u++){const s=o();n(s),t.push(l.Buffer.from(e.subarray(r,r+s))),r+=s}if(r!==e.length)throw new Error(`Malformed witness data: ${e.length-r} trailing byte(s) after parsing ${i} item(s)`);return t}class w extends Error{constructor(t){super(`Wallet returned a PSBT for a different transaction: ${t}`),this.name="PsbtSubstitutionError"}}function L(e,t){try{return $.Psbt.fromHex(t)}catch(r){const n=r instanceof Error?r.message:String(r);throw new Error(`Failed to parse ${e} PSBT: ${n}`)}}const ee=8;function I(e){return`${e.toString("hex").slice(0,ee)}…`}function R(e){const t=l.Buffer.from(e).reverse();return I(t)}function te(e){const t=L("requested",e.requestedPsbtHex),r=L("returned",e.returnedPsbtHex);if(t.version!==r.version)throw new w(`tx version differs (requested=${t.version}, returned=${r.version})`);if(t.locktime!==r.locktime)throw new w(`tx locktime differs (requested=${t.locktime}, returned=${r.locktime})`);if(t.txInputs.length!==r.txInputs.length)throw new w(`input count differs (requested=${t.txInputs.length}, returned=${r.txInputs.length})`);if(t.txOutputs.length!==r.txOutputs.length)throw new w(`output count differs (requested=${t.txOutputs.length}, returned=${r.txOutputs.length})`);for(let n=0;n<t.txInputs.length;n++){const o=t.txInputs[n],i=r.txInputs[n];if(!o.hash.equals(i.hash))throw new w(`input ${n} prevout txid differs (requested=${R(o.hash)}, returned=${R(i.hash)})`);if(o.index!==i.index)throw new w(`input ${n} prevout vout differs (requested=${o.index}, returned=${i.index})`);if(o.sequence!==i.sequence)throw new w(`input ${n} sequence differs (requested=${o.sequence}, returned=${i.sequence})`)}for(let n=0;n<t.txOutputs.length;n++){const o=t.txOutputs[n],i=r.txOutputs[n];if(!o.script.equals(i.script))throw new w(`output ${n} scriptPubKey differs (requested=${I(o.script)}, returned=${I(i.script)})`);if(o.value!==i.value)throw new w(`output ${n} value differs (requested=${o.value}, returned=${i.value})`)}}const q=253,re=254,ne=65535,oe=4294967295;function ie(e){if(e<q)return l.Buffer.from([e]);if(e<=ne){const t=l.Buffer.alloc(2);return t.writeUInt16LE(e),l.Buffer.concat([l.Buffer.from([q]),t])}if(e<=oe){const t=l.Buffer.alloc(4);return t.writeUInt32LE(e),l.Buffer.concat([l.Buffer.from([re]),t])}throw new Error(`Script too large to encode as CompactSize: ${e} bytes`)}const se="TapLeaf";function ue(e,t){const r=l.Buffer.concat([l.Buffer.from([e]),ie(t.length),l.Buffer.from(t)]);return $.crypto.taggedHash(se,r)}function ce(e){const{requestedPsbtHex:t,signatureHex:r,signerXOnlyPubkeyHex:n,inputIndex:o}=e,i=c.stripHexPrefix(r);if(i.length!==c.SCHNORR_SIG_HEX_LEN)throw new Error(`Schnorr signature for input ${o} must be ${c.SCHNORR_SIG_HEX_LEN} hex chars (64 bytes), got ${i.length}.`);const u=c.stripHexPrefix(n);if(u.length!==c.X_ONLY_PUBKEY_HEX_LEN)throw new Error(`Signer x-only pubkey for input ${o} must be ${c.X_ONLY_PUBKEY_HEX_LEN} hex chars (32 bytes), got ${u.length}.`);const s=$.Psbt.fromHex(t);if(o<0||o>=s.data.inputs.length)throw new Error(`Input index ${o} out of range (${s.data.inputs.length} inputs).`);const a=[],h=[];for(let p=0;p<s.data.inputs.length;p++){const x=s.data.inputs[p].witnessUtxo;if(!x)throw new Error(`Cannot verify signature: input ${p} of the requested PSBT has no witnessUtxo (required to recompute the Taproot sighash).`);a.push(x.script),h.push(x.value)}const f=s.data.inputs[o].tapLeafScript;if(!f||f.length!==1)throw new Error(`Cannot verify signature: input ${o} of the requested PSBT must have exactly one tapLeafScript, got ${(f==null?void 0:f.length)??0}.`);const P=f[0];if(P.leafVersion!==c.TAPSCRIPT_LEAF_VERSION)throw new Error(`Cannot verify signature: input ${o} tapLeafScript has leaf version 0x${P.leafVersion.toString(16)}, expected 0x${c.TAPSCRIPT_LEAF_VERSION.toString(16)}.`);const S=ue(P.leafVersion,P.script),d=new $.Transaction;d.version=s.version,d.locktime=s.locktime;for(const p of s.txInputs)d.addInput(p.hash,p.index,p.sequence);for(const p of s.txOutputs)d.addOutput(p.script,p.value);const y=d.hashForWitnessV1(o,a,h,$.Transaction.SIGHASH_DEFAULT,S);if(!X.verifySchnorr(y,c.hexToUint8Array(u),c.hexToUint8Array(i)))throw new Error(`Schnorr signature for input ${o} (signer ${u}) does not verify against the expected Taproot script-path sighash. The wallet may have signed with the tweaked key, signed a different transaction, or returned an invalid signature.`)}exports.PsbtSubstitutionError=w;exports.assertPsbtUnsignedTxMatches=te;exports.assertScriptPathSchnorrSignature=ce;exports.buildPayoutPsbt=Q;exports.buildPeginTxFromFundedPrePegin=G;exports.buildPrePeginPsbt=D;exports.createPayoutScript=M;exports.extractPayoutSignature=j;exports.normalizeAuthAnchorHash=C;
2
+ //# sourceMappingURL=verifyScriptPathSchnorrSignature-Cl7tu77P.cjs.map
package/dist/verifyScriptPathSchnorrSignature-Cl7tu77P.cjs.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"verifyScriptPathSchnorrSignature-Cl7tu77P.cjs","sources":["../src/tbv/core/primitives/psbt/assertWasmPeginSizing.ts","../src/tbv/core/primitives/psbt/pegin.ts","../src/tbv/core/primitives/scripts/payout.ts","../src/tbv/core/primitives/psbt/payout.ts","../src/tbv/core/primitives/psbt/assertPsbtUnsignedTxMatches.ts","../src/tbv/core/primitives/psbt/verifyScriptPathSchnorrSignature.ts"],"sourcesContent":["/**\n * Cross-check the values WASM returns from `createPrePeginTransaction`\n * against independently-known expectations before they feed a signed\n * Bitcoin transaction or the on-chain PegIn registration.\n *\n * CLAUDE.md critical path #1: the Rust/WASM layer computes\n * `htlcValue = peginAmount + depositorClaimValue + minPeginFee` internally\n * and JS receives the outputs with no runtime validation. A doctored or\n * buggy binary that returns a different `peginAmount`, an out-of-formula\n * `htlcValue`, or a wrong `depositorClaimValue` would otherwise be committed\n * verbatim — taxing the depositor or starving the downstream tx graph of fees.\n *\n * @module primitives/psbt/assertWasmPeginSizing\n */\n\nimport {\n computeMinClaimValue,\n type PrePeginResult,\n} from \"@babylonlabs-io/babylon-tbv-rust-wasm\";\n\nimport { MAX_REASONABLE_PEGIN_VBYTES } from \"../../utils/fee/constants\";\nimport type { ParsedOutput } from \"../../utils/transaction/fundPeginTransaction\";\n\nimport type { PrePeginParams } from \"./pegin\";\n\n/**\n * Assert the WASM Pre-PegIn sizing result is internally consistent and\n * matches what the caller requested.\n *\n * The strong checks are pure-JS and fully independent of the WASM binary:\n * the per-HTLC `peginAmount` must equal the requested amount, array lengths\n * must match, and every value must be positive. The implied PegIn fee\n * (`htlcValue - peginAmount - depositorClaimValue`) is bounded by\n * plausibility rather than recomputed exactly, because JS↔Rust vbyte parity\n * is not a cross-stack guarantee (see {@link MAX_REASONABLE_PEGIN_VBYTES}).\n * The `depositorClaimValue` cross-check against `computeMinClaimValue` is a\n * WASM-vs-WASM consistency check (a different entry point), not an\n * independent one.\n *\n * @param result - The result returned by `createPrePeginTransaction`.\n * @param params - The parameters that were passed to build it.\n * @throws If any value is missing, non-positive, mismatched against the\n * request, or outside the protocol formula / plausibility bounds.\n */\nexport async function assertWasmPeginSizing(\n result: PrePeginResult,\n params: PrePeginParams,\n): Promise<void> {\n const expectedCount = params.pegInAmounts.length;\n\n // Count: every parallel array must carry exactly one entry per requested\n // deposit, otherwise the per-HTLC indexing downstream is meaningless.\n if (result.htlcValues.length !== expectedCount) {\n throw new Error(\n `WASM Pre-PegIn returned ${result.htlcValues.length} HTLC value(s), ` +\n `expected ${expectedCount} (one per requested deposit).`,\n );\n }\n if (\n result.peginAmounts.length !== expectedCount ||\n result.htlcScriptPubKeys.length !== expectedCount ||\n result.htlcAddresses.length !== expectedCount\n ) {\n throw new Error(\n `WASM Pre-PegIn returned mismatched array lengths ` +\n `(htlcValues=${result.htlcValues.length}, ` +\n `peginAmounts=${result.peginAmounts.length}, ` +\n `htlcScriptPubKeys=${result.htlcScriptPubKeys.length}, ` +\n `htlcAddresses=${result.htlcAddresses.length}); ` +\n `expected ${expectedCount} each.`,\n );\n }\n\n // depositorClaimValue: positivity + WASM-vs-WASM consistency. Sized by the\n // tx-graph `feeRate` (see PrePeginParams.feeRate), so the standalone\n // `computeMinClaimValue` must reproduce the constructor's internal value.\n if (result.depositorClaimValue <= 0n) {\n throw new Error(\n `WASM Pre-PegIn returned non-positive depositorClaimValue ` +\n `${result.depositorClaimValue}; expected > 0.`,\n );\n }\n const expectedClaimValue = await computeMinClaimValue(\n params.numLocalChallengers,\n params.universalChallengerPubkeys.length,\n params.councilQuorum,\n params.councilSize,\n params.feeRate,\n );\n if (result.depositorClaimValue !== expectedClaimValue) {\n throw new Error(\n `WASM Pre-PegIn depositorClaimValue ${result.depositorClaimValue} does ` +\n `not match the independently computed minimum claim value ` +\n `${expectedClaimValue} (numLocalChallengers=${params.numLocalChallengers}, ` +\n `numUniversalChallengers=${params.universalChallengerPubkeys.length}, ` +\n `councilQuorum=${params.councilQuorum}, councilSize=${params.councilSize}, ` +\n `feeRate=${params.feeRate}).`,\n );\n }\n\n const maxImpliedFee = params.minPeginFeeRate * MAX_REASONABLE_PEGIN_VBYTES;\n\n for (let i = 0; i < expectedCount; i++) {\n const requested = params.pegInAmounts[i];\n const peginAmount = result.peginAmounts[i];\n const htlcValue = result.htlcValues[i];\n\n // Amount echo (strongest, fully independent): the recorded pegin amount\n // must equal exactly what the caller requested. A mismatch is the\n // WASM-tax attack — the contract would record a doctored amount while the\n // depositor's wallet funds the original, and the difference is a\n // WASM-controlled tax.\n if (peginAmount !== requested) {\n throw new Error(\n `WASM Pre-PegIn peginAmount[${i}] ${peginAmount} does not match the ` +\n `requested amount ${requested}; refusing to build a tx whose ` +\n `recorded amount differs from the depositor's request.`,\n );\n }\n if (peginAmount <= 0n) {\n throw new Error(\n `WASM Pre-PegIn peginAmount[${i}] is non-positive (${peginAmount}); ` +\n `expected > 0.`,\n );\n }\n if (htlcValue <= 0n) {\n throw new Error(\n `WASM Pre-PegIn htlcValue[${i}] is non-positive (${htlcValue}); ` +\n `expected > 0.`,\n );\n }\n\n // Formula: htlcValue = peginAmount + depositorClaimValue + minPeginFee.\n // The implied fee must be strictly positive (the HTLC must reserve a real\n // PegIn fee) and within the plausibility bound.\n const impliedFee = htlcValue - peginAmount - result.depositorClaimValue;\n if (impliedFee <= 0n) {\n throw new Error(\n `WASM Pre-PegIn htlcValue[${i}] ${htlcValue} does not strictly cover ` +\n `peginAmount ${peginAmount} + depositorClaimValue ` +\n `${result.depositorClaimValue} + a PegIn fee (implied fee ` +\n `${impliedFee}).`,\n );\n }\n if (impliedFee > maxImpliedFee) {\n throw new Error(\n `WASM Pre-PegIn implied PegIn fee for HTLC[${i}] (${impliedFee} sat) ` +\n `exceeds the plausibility cap ${maxImpliedFee} sat ` +\n `(minPeginFeeRate=${params.minPeginFeeRate} × ` +\n `${MAX_REASONABLE_PEGIN_VBYTES} vbytes); htlcValue ${htlcValue} ` +\n `appears grossly inflated.`,\n );\n }\n }\n}\n\n/**\n * Bind the validated metadata to the bytes that actually get funded and\n * signed.\n *\n * `assertWasmPeginSizing` proves the WASM *metadata* (`htlcValues`,\n * `htlcScriptPubKeys`) matches the request and the protocol formula — but the\n * transaction the depositor funds and signs is `result.txHex`. If the encoded\n * tx carried a different HTLC output value or script than the metadata, the\n * depositor would fund a transaction whose real outputs differ from the values\n * that were cross-checked. This closes that final link: the encoded HTLC\n * outputs must equal the validated metadata.\n *\n * The WASM lays out HTLC outputs first (vouts `0..N-1`), then the optional\n * auth-anchor OP_RETURN, then the CPFP anchor — so we only compare the first\n * `htlcValues.length` outputs.\n *\n * @param outputs - Outputs parsed from the unfunded Pre-PegIn tx hex.\n * @param htlcValues - The (already value-validated) per-HTLC values.\n * @param htlcScriptPubKeys - The per-HTLC scriptPubKeys (hex).\n * @throws If the encoded outputs are too few, or any HTLC output's value or\n * scriptPubKey disagrees with the validated metadata.\n */\nexport function assertEncodedHtlcOutputsMatch(\n outputs: readonly ParsedOutput[],\n htlcValues: readonly bigint[],\n htlcScriptPubKeys: readonly string[],\n): void {\n if (outputs.length < htlcValues.length) {\n throw new Error(\n `Encoded Pre-PegIn tx has ${outputs.length} output(s), fewer than the ` +\n `${htlcValues.length} HTLC output(s) the cross-check validated.`,\n );\n }\n\n for (let i = 0; i < htlcValues.length; i++) {\n const encodedValue = BigInt(outputs[i].value);\n if (encodedValue !== htlcValues[i]) {\n throw new Error(\n `Encoded Pre-PegIn HTLC output[${i}] value ${encodedValue} does not ` +\n `match the cross-checked htlcValue ${htlcValues[i]}; the funded/signed ` +\n `tx would not pay the validated amount.`,\n );\n }\n\n const encodedScript = outputs[i].script.toString(\"hex\").toLowerCase();\n const expectedScript = htlcScriptPubKeys[i].toLowerCase();\n if (encodedScript !== expectedScript) {\n throw new Error(\n `Encoded Pre-PegIn HTLC output[${i}] scriptPubKey ${encodedScript} does ` +\n `not match the cross-checked htlcScriptPubKey ${expectedScript}.`,\n );\n }\n }\n}\n","/**\n * Pre-PegIn PSBT Builder Primitive\n *\n * This module provides pure functions for building unfunded Pre-PegIn transactions\n * and deriving PegIn transactions from them, using the WASM implementation from\n * @babylonlabs-io/babylon-tbv-rust-wasm.\n *\n * Pre-PegIn Flow:\n * 1. buildPrePeginPsbt() — creates unfunded Pre-PegIn tx (HTLC output)\n * 2. [caller funds Pre-PegIn tx and computes txid]\n * 3. buildPeginTxFromFundedPrePegin() — derives PegIn tx spending the HTLC\n * 4. buildPeginInputPsbt() — PSBT for depositor to sign PegIn HTLC leaf 0 input\n *\n * @module primitives/psbt/pegin\n */\n\nimport {\n buildPeginTxFromPrePegin,\n createPrePeginTransaction,\n type Network,\n} from \"@babylonlabs-io/babylon-tbv-rust-wasm\";\n\nimport { parseUnfundedWasmTransaction } from \"../../utils/transaction/fundPeginTransaction\";\n\nimport {\n assertEncodedHtlcOutputsMatch,\n assertWasmPeginSizing,\n} from \"./assertWasmPeginSizing\";\n\n/**\n * Parameters for building an unfunded Pre-PegIn PSBT\n */\nexport interface PrePeginParams {\n /** Depositor's BTC public key (x-only, 64-char hex without 0x prefix) */\n depositorPubkey: string;\n /** Vault provider's BTC public key (x-only, 64-char hex) */\n vaultProviderPubkey: string;\n /** Array of vault keeper BTC public keys (x-only, 64-char hex) */\n vaultKeeperPubkeys: string[];\n /** Array of universal challenger BTC public keys (x-only, 64-char hex) */\n universalChallengerPubkeys: string[];\n /** SHA256 hash commitment(s) (64 hex chars = 32 bytes each) */\n hashlocks: readonly string[];\n /** CSV timelock in blocks for the HTLC refund path */\n timelockRefund: number;\n /** Amounts to peg in (satoshis), one per deposit */\n pegInAmounts: readonly bigint[];\n /** TX-graph fee rate in sat/vB from contract offchain params; sizes the depositor claim value */\n feeRate: bigint;\n /** Minimum PegIn fee rate in sat/vB from contract offchain params; sizes the PegIn tx fee */\n minPeginFeeRate: bigint;\n /** Number of local challengers (from contract params) */\n numLocalChallengers: number;\n /** M in M-of-N council multisig (from contract params) */\n councilQuorum: number;\n /** N in M-of-N council multisig (from contract params) */\n councilSize: number;\n /** Bitcoin network */\n network: Network;\n /**\n * Optional 32-byte `SHA256(auth_anchor)` commitment (64-char hex, no\n * `0x` prefix). If provided, the Pre-PegIn tx will include an\n * `OP_RETURN <PUSH32 authAnchorHash>` output at vout =\n * `hashlocks.length`, binding the depositor's bearer-token\n * `auth_anchor` preimage to this Pre-PegIn.\n */\n authAnchorHash?: string;\n}\n\n/**\n * Byte length of an `auth_anchor_hash` commitment when encoded as a\n * lowercase hex string (32 bytes → 64 hex chars).\n */\nconst AUTH_ANCHOR_HASH_HEX_LEN = 64;\n\nconst HEX_PATTERN = /^[0-9a-fA-F]+$/;\n\n/**\n * Result of building an unfunded Pre-PegIn transaction\n */\nexport interface PrePeginPsbtResult {\n /**\n * Unfunded transaction hex (no inputs, HTLC outputs + optional\n * auth-anchor OP_RETURN + CPFP anchor).\n *\n * The caller is responsible for:\n * - Selecting UTXOs covering totalOutputValue + network fees\n * - Funding the transaction (add inputs and change output)\n * - Calling buildPeginTxFromFundedPrePegin() with the funded tx hex\n */\n psbtHex: string;\n /** Sum of all unfunded outputs — use this for UTXO selection */\n totalOutputValue: bigint;\n /** HTLC output values in satoshis, one per deposit (each includes peginAmount + depositorClaimValue + minPeginFee) */\n htlcValues: readonly bigint[];\n /** HTLC output scriptPubKeys (hex encoded), one per deposit */\n htlcScriptPubKeys: readonly string[];\n /** HTLC Taproot addresses, one per deposit */\n htlcAddresses: readonly string[];\n /** Pegin amounts in satoshis, one per deposit */\n peginAmounts: readonly bigint[];\n /** Depositor claim value computed by WASM from contract parameters */\n depositorClaimValue: bigint;\n /**\n * Vout index of the auth-anchor `OP_RETURN` output if one was\n * included (i.e. `authAnchorHash` was provided), or `null` if not.\n * Always equals `htlcValues.length` when present.\n */\n authAnchorVout: number | null;\n}\n\n/**\n * Parameters for building the PegIn transaction from a funded Pre-PegIn tx\n */\nexport interface BuildPeginTxParams {\n /** Same PrePeginParams used to create the Pre-PegIn transaction */\n prePeginParams: PrePeginParams;\n /** CSV timelock in blocks for the PegIn vault output */\n timelockPegin: number;\n /** Hex-encoded funded Pre-PegIn transaction */\n fundedPrePeginTxHex: string;\n /** Index of the HTLC output to spend */\n htlcVout: number;\n}\n\n/**\n * Result of building the PegIn transaction\n */\nexport interface PeginTxResult {\n /** PegIn transaction hex (1 input spending HTLC, 1 vault output) */\n txHex: string;\n /** PegIn transaction ID */\n txid: string;\n /** Vault output scriptPubKey (hex encoded) */\n vaultScriptPubKey: string;\n /** Vault output value in satoshis */\n vaultValue: bigint;\n}\n\n/**\n * Build unfunded Pre-PegIn transaction using WASM.\n *\n * Creates a Bitcoin transaction template with no inputs, an HTLC output, and a\n * CPFP anchor output. The HTLC value is computed internally from the contract\n * parameters — the caller does not need to compute depositorClaimValue separately.\n *\n * @param params - Pre-PegIn parameters\n * @returns Unfunded Pre-PegIn transaction details with HTLC output information\n * @throws If WASM initialization fails or parameters are invalid\n */\nexport async function buildPrePeginPsbt(\n params: PrePeginParams,\n): Promise<PrePeginPsbtResult> {\n const authAnchorHash = normalizeAuthAnchorHash(params.authAnchorHash);\n\n const result = await createPrePeginTransaction({\n depositorPubkey: params.depositorPubkey,\n vaultProviderPubkey: params.vaultProviderPubkey,\n vaultKeeperPubkeys: params.vaultKeeperPubkeys,\n universalChallengerPubkeys: params.universalChallengerPubkeys,\n hashlocks: [...params.hashlocks],\n timelockRefund: params.timelockRefund,\n pegInAmounts: [...params.pegInAmounts],\n feeRate: params.feeRate,\n minPeginFeeRate: params.minPeginFeeRate,\n numLocalChallengers: params.numLocalChallengers,\n councilQuorum: params.councilQuorum,\n councilSize: params.councilSize,\n network: params.network,\n authAnchorHash,\n });\n\n // CLAUDE.md critical path #1: the WASM outputs reach JS with no runtime\n // validation. Cross-check every value-bearing field against the request\n // and the protocol formula before it can feed a signed tx or the on-chain\n // PegIn registration. Both the sizing and commit passes route through here.\n await assertWasmPeginSizing(result, params);\n\n // Parse the unfunded tx to sum all output values\n // (HTLCs + optional OP_RETURN + CPFP anchor). This is the amount\n // UTXOs must cover before adding network fees.\n const parsed = parseUnfundedWasmTransaction(result.txHex);\n\n // Bind the validated metadata to the bytes that get funded and signed:\n // the encoded HTLC outputs must carry exactly the values/scripts the\n // cross-check above validated. Otherwise a tx whose real outputs differ\n // from the checked metadata could still be funded and signed.\n assertEncodedHtlcOutputsMatch(\n parsed.outputs,\n result.htlcValues,\n result.htlcScriptPubKeys,\n );\n\n const totalOutputValue = parsed.outputs.reduce(\n (sum, o) => sum + BigInt(o.value),\n 0n,\n );\n\n // The WASM places the OP_RETURN commitment immediately after the\n // HTLC outputs when authAnchorHash is provided.\n const authAnchorVout =\n authAnchorHash !== undefined ? result.htlcValues.length : null;\n\n return {\n psbtHex: result.txHex,\n totalOutputValue,\n htlcValues: result.htlcValues,\n htlcScriptPubKeys: result.htlcScriptPubKeys,\n htlcAddresses: result.htlcAddresses,\n peginAmounts: result.peginAmounts,\n depositorClaimValue: result.depositorClaimValue,\n authAnchorVout,\n };\n}\n\n/**\n * Validate and normalize an `authAnchorHash` hex string before passing\n * it to the WASM boundary. WASM expects exactly 64 lowercase hex chars.\n */\nexport function normalizeAuthAnchorHash(\n value: string | undefined,\n): string | undefined {\n if (value === undefined) return undefined;\n const cleaned =\n value.startsWith(\"0x\") || value.startsWith(\"0X\") ? value.slice(2) : value;\n if (\n cleaned.length !== AUTH_ANCHOR_HASH_HEX_LEN ||\n !HEX_PATTERN.test(cleaned)\n ) {\n throw new Error(\n `authAnchorHash must be 32-byte hex (${AUTH_ANCHOR_HASH_HEX_LEN} chars, no 0x prefix); got length ${cleaned.length}`,\n );\n }\n return cleaned.toLowerCase();\n}\n\n/**\n * Build the PegIn transaction from a funded Pre-PegIn transaction.\n *\n * The PegIn transaction spends the Pre-PegIn HTLC output at htlcVout via the\n * hashlock + all-party script (leaf 0).\n *\n * @param params - Build parameters including Pre-PegIn params and funded tx hex\n * @returns PegIn transaction details\n * @throws If WASM initialization fails or parameters are invalid\n */\nexport async function buildPeginTxFromFundedPrePegin(\n params: BuildPeginTxParams,\n): Promise<PeginTxResult> {\n // WASM reconstructs the Pre-PegIn template from these params to\n // decode the funded tx. Must pass `authAnchorHash` (normalized\n // identically to buildPrePeginPsbt) so the reconstruction matches\n // the original outputs, including the OP_RETURN at vout =\n // hashlocks.length.\n const result = await buildPeginTxFromPrePegin(\n {\n depositorPubkey: params.prePeginParams.depositorPubkey,\n vaultProviderPubkey: params.prePeginParams.vaultProviderPubkey,\n vaultKeeperPubkeys: params.prePeginParams.vaultKeeperPubkeys,\n universalChallengerPubkeys:\n params.prePeginParams.universalChallengerPubkeys,\n hashlocks: [...params.prePeginParams.hashlocks],\n timelockRefund: params.prePeginParams.timelockRefund,\n pegInAmounts: [...params.prePeginParams.pegInAmounts],\n feeRate: params.prePeginParams.feeRate,\n minPeginFeeRate: params.prePeginParams.minPeginFeeRate,\n numLocalChallengers: params.prePeginParams.numLocalChallengers,\n councilQuorum: params.prePeginParams.councilQuorum,\n councilSize: params.prePeginParams.councilSize,\n network: params.prePeginParams.network,\n authAnchorHash: normalizeAuthAnchorHash(\n params.prePeginParams.authAnchorHash,\n ),\n },\n params.timelockPegin,\n params.fundedPrePeginTxHex,\n params.htlcVout,\n );\n\n return {\n txHex: result.txHex,\n txid: result.txid,\n vaultScriptPubKey: result.vaultScriptPubKey,\n vaultValue: result.vaultValue,\n };\n}\n","/**\n * Payout Script Generator Primitive\n *\n * This module provides pure functions for generating payout scripts and taproot information\n * by wrapping the WASM implementation from @babylonlabs-io/babylon-tbv-rust-wasm.\n *\n * The payout script is used for signing payout transactions in the vault system.\n * It defines the spending conditions for the vault output, enabling the depositor\n * to authorize payouts during the peg-in flow (Step 3).\n *\n * @remarks\n * This is a low-level primitive. For most use cases, prefer using {@link buildPayoutPsbt}\n * which handles script creation internally. For high-level wallet orchestration, use\n * PayoutManager from the managers module.\n *\n * @see {@link buildPayoutPsbt} - Higher-level function that uses this internally\n *\n * @module primitives/scripts/payout\n */\n\nimport {\n createPayoutConnector,\n type Network,\n} from \"@babylonlabs-io/babylon-tbv-rust-wasm\";\n\n/**\n * Parameters for creating a payout script.\n *\n * These parameters define the participants in a vault and are used to generate\n * the taproot script that controls how funds can be spent from the vault.\n */\nexport interface PayoutScriptParams {\n /**\n * Depositor's BTC public key (x-only, 64-char hex without 0x prefix).\n *\n * This is the user depositing BTC into the vault. The depositor must sign\n * payout transactions to authorize fund distribution.\n */\n depositor: string;\n\n /**\n * Vault provider's BTC public key (x-only, 64-char hex without 0x prefix).\n *\n * The service provider managing vault operations. Also referred to as\n * \"claimer\" in the WASM layer.\n */\n vaultProvider: string;\n\n /**\n * Array of vault keeper BTC public keys (x-only, 64-char hex without 0x prefix).\n *\n * Vault keepers participate in vault operations and script spending conditions.\n */\n vaultKeepers: string[];\n\n /**\n * Array of universal challenger BTC public keys (x-only, 64-char hex without 0x prefix).\n *\n * These parties can challenge the vault under certain conditions.\n */\n universalChallengers: string[];\n\n /**\n * CSV timelock in blocks for the PegIn output.\n */\n timelockPegin: number;\n\n /**\n * Bitcoin network for script generation.\n *\n * Must match the network used for all other vault operations to ensure\n * address encoding compatibility.\n */\n network: Network;\n}\n\n/**\n * Result of creating a payout script.\n *\n * Contains all the taproot-related data needed for constructing and signing\n * payout transactions from the vault.\n */\nexport interface PayoutScriptResult {\n /**\n * The payout script hex used in taproot script path spending.\n *\n * This is the raw script bytes that define the spending conditions,\n * encoded as a hexadecimal string. Used when constructing the\n * tapLeafScript for PSBT signing.\n */\n payoutScript: string;\n\n /**\n * The taproot script hash (leaf hash) for the payout script.\n *\n * This is the tagged hash of the script used in taproot tree construction.\n * Required for computing the control block during script path spending.\n */\n taprootScriptHash: string;\n\n /**\n * The full scriptPubKey for the vault output address.\n *\n * This is the complete output script (OP_1 <32-byte-key>) that should be\n * used when creating the vault output in a peg-in transaction.\n */\n scriptPubKey: string;\n\n /**\n * The vault Bitcoin address derived from the script.\n *\n * A human-readable bech32m address (bc1p... for mainnet, tb1p... for testnet/signet)\n * that can be used to receive funds into the vault.\n */\n address: string;\n\n /**\n * Serialized control block for Taproot script path spend (hex encoded).\n *\n * Computed by the Rust WASM PeginPayoutConnector. Used directly in\n * tapLeafScript when building payout PSBTs.\n */\n payoutControlBlock: string;\n}\n\n/**\n * Create payout script and taproot information using WASM.\n *\n * This is a pure function that wraps the Rust WASM implementation.\n * The payout connector generates the necessary taproot scripts and information\n * required for signing payout transactions.\n *\n * @remarks\n * The generated script encodes spending conditions that require signatures from\n * the depositor and vault provider (or liquidators in challenge scenarios).\n * This script is used internally by {@link buildPayoutPsbt}.\n *\n * @param params - Payout script parameters defining vault participants and network\n * @returns Payout script and taproot information for PSBT construction\n *\n * @see {@link buildPayoutPsbt} - Use this for building complete payout PSBTs\n */\nexport async function createPayoutScript(\n params: PayoutScriptParams,\n): Promise<PayoutScriptResult> {\n // Call the WASM wrapper with the correct parameter structure\n const connector = await createPayoutConnector(\n {\n depositor: params.depositor,\n vaultProvider: params.vaultProvider,\n vaultKeepers: params.vaultKeepers,\n universalChallengers: params.universalChallengers,\n timelockPegin: params.timelockPegin,\n },\n params.network,\n );\n\n return {\n payoutScript: connector.payoutScript,\n taprootScriptHash: connector.taprootScriptHash,\n scriptPubKey: connector.scriptPubKey,\n address: connector.address,\n payoutControlBlock: connector.payoutControlBlock,\n };\n}\n","/**\n * Payout PSBT Builder Primitives\n *\n * This module provides pure functions for building unsigned payout PSBTs and extracting\n * Schnorr signatures from signed PSBTs. It uses WASM-generated scripts from the payout\n * connector and bitcoinjs-lib for PSBT construction.\n *\n * The Payout transaction references the Assert transaction (input 1).\n *\n * @module primitives/psbt/payout\n */\n\nimport {\n type Network,\n tapInternalPubkey,\n} from \"@babylonlabs-io/babylon-tbv-rust-wasm\";\nimport { Buffer } from \"buffer\";\nimport { Psbt, Transaction } from \"bitcoinjs-lib\";\nimport { createPayoutScript } from \"../scripts/payout\";\nimport {\n TAPSCRIPT_LEAF_VERSION,\n deriveBip86ScriptPubKeyHex,\n hexToUint8Array,\n isValidHex,\n stripHexPrefix,\n uint8ArrayToHex,\n} from \"../utils/bitcoin\";\nimport {\n ASSERT_PAYOUT_OUTPUT_INDEX,\n MAX_VP_COMMISSION_BPS_EXCLUSIVE,\n NON_VP_CLAIMER_PAYOUT_OUTPUT_COUNT,\n PAYOUT_ANCHOR_DUST_SATS,\n PEGIN_VAULT_OUTPUT_INDEX,\n VP_CLAIMER_PAYOUT_OUTPUT_COUNT,\n} from \"./constants\";\n\n/**\n * Number of items in a Taproot script-path spend witness stack for a\n * single-signature script: [signature, script, controlBlock].\n *\n * The current payout script requires exactly one depositor signature. If the\n * protocol evolves to require multiple signatures in the payout script, this\n * invariant and the finalized-PSBT extraction path must be revisited because\n * the first witness item would no longer necessarily be the depositor's.\n */\nconst TAPROOT_SINGLE_SIG_WITNESS_STACK_SIZE = 3;\n\n/**\n * Coarse cap on a payout tx's implicit fee (inputs − outputs), as a fraction\n * of input value — blocks a VP deflating outputs and burning the remainder\n * as miner fee. A backstop only; the per-role structural checks in\n * {@link assertPayoutOutputLayout} are the primary value-diversion guard.\n */\nconst MAX_PAYOUT_FEE_FRACTION_NUMERATOR = 10;\nconst MAX_PAYOUT_FEE_FRACTION_DENOMINATOR = 100;\n\n/**\n * Parameters for building an unsigned Payout PSBT\n *\n * Payout is used in the challenge path after Assert, when the claimer proves validity.\n * Input 1 references the Assert transaction.\n */\nexport interface PayoutParams {\n /**\n * Payout transaction hex (unsigned)\n * This is the transaction that needs to be signed by the depositor\n */\n payoutTxHex: string;\n\n /**\n * Assert transaction hex\n * Payout input 1 references Assert output 0\n */\n assertTxHex: string;\n\n /**\n * Peg-in transaction hex\n * This transaction created the vault output that we're spending\n */\n peginTxHex: string;\n\n /**\n * Depositor's BTC public key (x-only, 64-char hex without 0x prefix)\n */\n depositorBtcPubkey: string;\n\n /**\n * Vault provider's BTC public key (x-only, 64-char hex)\n */\n vaultProviderBtcPubkey: string;\n\n /**\n * Vault keeper BTC public keys (x-only, 64-char hex)\n */\n vaultKeeperBtcPubkeys: string[];\n\n /**\n * Universal challenger BTC public keys (x-only, 64-char hex)\n */\n universalChallengerBtcPubkeys: string[];\n\n /**\n * CSV timelock in blocks for the PegIn output.\n */\n timelockPegin: number;\n\n /**\n * Bitcoin network\n */\n network: Network;\n\n /**\n * Claimer's x-only BTC public key (64-char hex, no prefix). Drives role\n * inference (VP / depositor-as-claimer / VK-claimer) inside `buildPayoutPsbt`.\n */\n claimerBtcPubkey: string;\n\n /**\n * On-chain registered depositor payout scriptPubKey (hex, 0x optional).\n * Expected outs[0].script for VP- and depositor-claimer roles; unused for\n * VK-claimer (its outs[0].script is derived from `claimerBtcPubkey`).\n */\n registeredPayoutScriptPubKey: string;\n\n /**\n * VP commission in basis points (`BTCVaultRegistry.vaultProviderCommissionBps`).\n * Caps the VP-claimer outs[1].value. The protocol minimum is enforced\n * upstream; here only `0 <= bps < 10_000` is checked, for safe cap math.\n */\n commissionBps: number;\n}\n\n/**\n * Result of building an unsigned payout PSBT\n */\nexport interface PayoutPsbtResult {\n /**\n * Unsigned PSBT hex ready for signing\n */\n psbtHex: string;\n}\n\n/**\n * Build unsigned Payout PSBT for depositor to sign.\n *\n * Payout is used in the **challenge path** when the claimer proves validity:\n * 1. Vault provider submits Claim transaction\n * 2. Challenge is raised during challenge period\n * 3. Claimer submits Assert transaction to prove validity\n * 4. Payout can be executed (references Assert tx)\n *\n * Payout transactions have the following structure:\n * - Input 0: from PeginTx output0 (signed by depositor)\n * - Input 1: from Assert output0 (NOT signed by depositor)\n *\n * @param params - Payout parameters\n * @returns Unsigned PSBT ready for depositor to sign\n *\n * @throws If payout transaction does not have exactly 2 inputs\n * @throws If input 0 does not spend PegIn:0 (vault UTXO)\n * @throws If input 1 does not spend Assert:0 (proof output)\n * @throws If previous output is not found for either input\n * @throws If sum of output values exceeds sum of input values (invalid tx)\n * @throws If implicit fee (inputs − outputs) exceeds the configured fraction\n * of total input value — see {@link MAX_PAYOUT_FEE_FRACTION_NUMERATOR}\n * @throws If `claimerBtcPubkey` is not VP, depositor, or a registered VK\n * @throws If payout output count, outs[0] script, outs[last] anchor value, or\n * (VP-claimer) outs[1] commission cap do not match the protocol layout\n * @throws If `commissionBps` is not a non-negative integer below 10_000\n */\nexport async function buildPayoutPsbt(\n params: PayoutParams,\n): Promise<PayoutPsbtResult> {\n // Normalize hex inputs (strip 0x prefix if present)\n const payoutTxHex = stripHexPrefix(params.payoutTxHex);\n const peginTxHex = stripHexPrefix(params.peginTxHex);\n const assertTxHex = stripHexPrefix(params.assertTxHex);\n\n // Get payout script from WASM\n const payoutConnector = await createPayoutScript({\n depositor: params.depositorBtcPubkey,\n vaultProvider: params.vaultProviderBtcPubkey,\n vaultKeepers: params.vaultKeeperBtcPubkeys,\n universalChallengers: params.universalChallengerBtcPubkeys,\n timelockPegin: params.timelockPegin,\n network: params.network,\n });\n\n const payoutScriptBytes = hexToUint8Array(payoutConnector.payoutScript);\n const controlBlock = hexToUint8Array(payoutConnector.payoutControlBlock);\n\n // Parse transactions\n const payoutTx = Transaction.fromHex(payoutTxHex);\n const peginTx = Transaction.fromHex(peginTxHex);\n const assertTx = Transaction.fromHex(assertTxHex);\n\n // Create PSBT\n const psbt = new Psbt();\n psbt.setVersion(payoutTx.version);\n psbt.setLocktime(payoutTx.locktime);\n\n // PayoutTx has exactly 2 inputs:\n // - Input 0: from PeginTx output0 (signed by depositor using taproot script path)\n // - Input 1: from Assert output0 (signed by claimer/challengers, not depositor)\n //\n // IMPORTANT: For Taproot SIGHASH_DEFAULT (0x00), the sighash commits to ALL inputs'\n // prevouts, not just the one being signed. Therefore, we must include BOTH inputs\n // in the PSBT so the wallet computes the correct sighash that the VP expects.\n\n // Verify payout transaction has expected structure\n if (payoutTx.ins.length !== 2) {\n throw new Error(\n `Payout transaction must have exactly 2 inputs, got ${payoutTx.ins.length}`,\n );\n }\n\n const input0 = payoutTx.ins[0];\n const input1 = payoutTx.ins[1];\n\n // Verify input 0 spends PegIn:0 (the vault UTXO).\n // Both txid AND vout must match the protocol contract — the vout is the\n // input-side anchor that prevents a malicious VP from binding the\n // depositor's signature to a different output of the same parent.\n const input0Txid = uint8ArrayToHex(\n new Uint8Array(input0.hash).slice().reverse(),\n );\n const peginTxid = peginTx.getId();\n\n if (input0Txid !== peginTxid || input0.index !== PEGIN_VAULT_OUTPUT_INDEX) {\n throw new Error(\n `Input 0 must spend PegIn:${PEGIN_VAULT_OUTPUT_INDEX}. ` +\n `Expected ${peginTxid}:${PEGIN_VAULT_OUTPUT_INDEX}, got ${input0Txid}:${input0.index}`,\n );\n }\n\n // Verify input 1 spends Assert:0 (the proof output).\n const input1Txid = uint8ArrayToHex(\n new Uint8Array(input1.hash).slice().reverse(),\n );\n const assertTxid = assertTx.getId();\n\n if (input1Txid !== assertTxid || input1.index !== ASSERT_PAYOUT_OUTPUT_INDEX) {\n throw new Error(\n `Input 1 must spend Assert:${ASSERT_PAYOUT_OUTPUT_INDEX}. ` +\n `Expected ${assertTxid}:${ASSERT_PAYOUT_OUTPUT_INDEX}, got ${input1Txid}:${input1.index}`,\n );\n }\n\n const peginPrevOut = peginTx.outs[input0.index];\n if (!peginPrevOut) {\n throw new Error(\n `Previous output not found for input 0 (txid: ${input0Txid}, index: ${input0.index})`,\n );\n }\n\n const input1PrevOut = assertTx.outs[input1.index];\n if (!input1PrevOut) {\n throw new Error(\n `Previous output not found for input 1 (txid: ${input1Txid}, index: ${input1.index})`,\n );\n }\n\n // Per-role output validation — blocks an extra attacker output or value\n // routed into a non-payout slot.\n assertPayoutOutputLayout({\n payoutTx,\n peginValueSats: peginPrevOut.value,\n claimerBtcPubkey: params.claimerBtcPubkey,\n vaultProviderBtcPubkey: params.vaultProviderBtcPubkey,\n depositorBtcPubkey: params.depositorBtcPubkey,\n vaultKeeperBtcPubkeys: params.vaultKeeperBtcPubkeys,\n registeredPayoutScriptPubKey: params.registeredPayoutScriptPubKey,\n commissionBps: params.commissionBps,\n });\n\n // Bound the implicit fee — blocks a VP deflating output values and burning\n // the difference as miner fee.\n const inputValueSats = peginPrevOut.value + input1PrevOut.value;\n let outputValueSats = 0;\n for (const out of payoutTx.outs) outputValueSats += out.value;\n if (outputValueSats > inputValueSats) {\n throw new Error(\n `Payout outputs (${outputValueSats} sats) exceed inputs ` +\n `(${inputValueSats} sats); invalid transaction.`,\n );\n }\n const implicitFeeSats = inputValueSats - outputValueSats;\n const maxFeeSats = Math.floor(\n (inputValueSats * MAX_PAYOUT_FEE_FRACTION_NUMERATOR) /\n MAX_PAYOUT_FEE_FRACTION_DENOMINATOR,\n );\n if (implicitFeeSats > maxFeeSats) {\n throw new Error(\n `Payout implicit fee ${implicitFeeSats} sats exceeds the safety cap ` +\n `of ${maxFeeSats} sats ` +\n `(${MAX_PAYOUT_FEE_FRACTION_NUMERATOR}/${MAX_PAYOUT_FEE_FRACTION_DENOMINATOR} ` +\n `of inputs=${inputValueSats}); refusing to sign payout.`,\n );\n }\n\n // Input 0: Depositor signs using Taproot script path spend\n // This input includes tapLeafScript for signing\n psbt.addInput({\n hash: input0.hash,\n index: input0.index,\n sequence: input0.sequence,\n witnessUtxo: {\n script: peginPrevOut.script,\n value: peginPrevOut.value,\n },\n tapLeafScript: [\n {\n leafVersion: TAPSCRIPT_LEAF_VERSION,\n script: Buffer.from(payoutScriptBytes),\n controlBlock: Buffer.from(controlBlock),\n },\n ],\n tapInternalKey: Buffer.from(tapInternalPubkey),\n // sighashType omitted - defaults to SIGHASH_DEFAULT (0x00) for Taproot\n });\n\n // Input 1: From Assert transaction (NOT signed by depositor)\n // We include this with witnessUtxo so the sighash is computed correctly,\n // but we do NOT include tapLeafScript since the depositor doesn't sign it.\n psbt.addInput({\n hash: input1.hash,\n index: input1.index,\n sequence: input1.sequence,\n witnessUtxo: {\n script: input1PrevOut.script,\n value: input1PrevOut.value,\n },\n // No tapLeafScript - depositor doesn't sign this input\n });\n\n // Add outputs\n for (const output of payoutTx.outs) {\n psbt.addOutput({\n script: output.script,\n value: output.value,\n });\n }\n\n return {\n psbtHex: psbt.toHex(),\n };\n}\n\n/**\n * Validate a payout transaction's output structure for the claimer's role,\n * keyed on `claimerBtcPubkey`. Pins per role: `outs.length`, `outs[0].script`,\n * `outs[last].value` (anchor dust), and (VP-claimer) `outs[1].value` capped at\n * `floor(peginValue × commissionBps / 10_000)`. Canonical layouts: VP-claimer\n * = [payout, commission, anchor]; depositor/VK-claimer = [payout, anchor].\n *\n * `outs[1].script` and `outs[last].script` are intentionally not pinned: the\n * value pins above bound depositor exposure regardless of where those outputs\n * are sent, so the value pins — not script pins — are load-bearing.\n *\n * @internal Helper invoked by {@link buildPayoutPsbt}.\n */\nfunction assertPayoutOutputLayout(args: {\n payoutTx: Transaction;\n peginValueSats: number;\n claimerBtcPubkey: string;\n vaultProviderBtcPubkey: string;\n depositorBtcPubkey: string;\n vaultKeeperBtcPubkeys: string[];\n registeredPayoutScriptPubKey: string;\n commissionBps: number;\n}): void {\n const {\n payoutTx,\n peginValueSats,\n claimerBtcPubkey,\n vaultProviderBtcPubkey,\n depositorBtcPubkey,\n vaultKeeperBtcPubkeys,\n registeredPayoutScriptPubKey,\n commissionBps,\n } = args;\n\n if (!isValidHex(registeredPayoutScriptPubKey)) {\n throw new Error(\"Invalid registeredPayoutScriptPubKey: not valid hex\");\n }\n\n const claimer = stripHexPrefix(claimerBtcPubkey).toLowerCase();\n const vp = stripHexPrefix(vaultProviderBtcPubkey).toLowerCase();\n const dep = stripHexPrefix(depositorBtcPubkey).toLowerCase();\n const keepers = vaultKeeperBtcPubkeys.map((k) =>\n stripHexPrefix(k).toLowerCase(),\n );\n\n type Role = \"vp-claimer\" | \"depositor-as-claimer\" | \"vk-claimer\";\n let role: Role;\n let expectedOutCount: number;\n let expectedOut0ScriptHex: string;\n\n if (claimer === vp) {\n role = \"vp-claimer\";\n expectedOutCount = VP_CLAIMER_PAYOUT_OUTPUT_COUNT;\n expectedOut0ScriptHex = stripHexPrefix(registeredPayoutScriptPubKey);\n } else if (claimer === dep) {\n role = \"depositor-as-claimer\";\n expectedOutCount = NON_VP_CLAIMER_PAYOUT_OUTPUT_COUNT;\n expectedOut0ScriptHex = stripHexPrefix(registeredPayoutScriptPubKey);\n } else if (keepers.includes(claimer)) {\n role = \"vk-claimer\";\n expectedOutCount = NON_VP_CLAIMER_PAYOUT_OUTPUT_COUNT;\n expectedOut0ScriptHex = stripHexPrefix(deriveBip86ScriptPubKeyHex(claimer));\n } else {\n throw new Error(\n `Unknown claimer pubkey ${claimer}: not VP, depositor, or a registered vault keeper`,\n );\n }\n\n if (payoutTx.outs.length !== expectedOutCount) {\n throw new Error(\n `Payout transaction has ${payoutTx.outs.length} output(s), ` +\n `expected exactly ${expectedOutCount} for role ${role}.`,\n );\n }\n\n const expectedOut0Script = Buffer.from(expectedOut0ScriptHex, \"hex\");\n if (!payoutTx.outs[0].script.equals(expectedOut0Script)) {\n throw new Error(\n `Payout transaction output 0 does not pay the expected scriptPubKey for role ${role}`,\n );\n }\n\n const anchorIdx = expectedOutCount - 1;\n if (payoutTx.outs[anchorIdx].value !== PAYOUT_ANCHOR_DUST_SATS) {\n throw new Error(\n `Payout CPFP anchor (out ${anchorIdx}) value ${payoutTx.outs[anchorIdx].value} sats ` +\n `must equal ${PAYOUT_ANCHOR_DUST_SATS} sats`,\n );\n }\n\n if (role === \"vp-claimer\") {\n // Structural guard only — a non-negative integer below the bps\n // denominator, so the cap math `floor(peginValue * bps / 10_000)` is\n // meaningful. The protocol minimum is enforced at the trust boundary\n // (`prepareSigningContext`); a too-low value here is fail-safe.\n if (\n !Number.isInteger(commissionBps) ||\n commissionBps < 0 ||\n commissionBps >= MAX_VP_COMMISSION_BPS_EXCLUSIVE\n ) {\n throw new Error(\n `commissionBps must be an integer in ` +\n `[0, ${MAX_VP_COMMISSION_BPS_EXCLUSIVE}), got ${commissionBps}`,\n );\n }\n const maxCommissionSats = Math.floor(\n (peginValueSats * commissionBps) / MAX_VP_COMMISSION_BPS_EXCLUSIVE,\n );\n if (payoutTx.outs[1].value > maxCommissionSats) {\n throw new Error(\n `Payout VP commission (out 1) value ${payoutTx.outs[1].value} sats ` +\n `exceeds cap ${maxCommissionSats} sats ` +\n `(${commissionBps} bps of peginValue=${peginValueSats})`,\n );\n }\n }\n}\n\n/**\n * Extract Schnorr signature from signed payout PSBT.\n *\n * This function supports two cases:\n * 1. Non-finalized PSBT: Extracts from tapScriptSig field\n * 2. Finalized PSBT: Extracts from witness data\n *\n * The signature is returned as a 64-byte hex string (128 hex characters).\n * Payout signatures must use implicit Taproot SIGHASH_DEFAULT, which is\n * encoded by omitting the sighash byte.\n *\n * @param signedPsbtHex - Signed PSBT hex\n * @param depositorPubkey - Depositor's public key (x-only, 64-char hex)\n * @param inputIndex - Input index to extract signature from (default: 0)\n * @returns 64-byte Schnorr signature (128 hex characters, no sighash flag)\n *\n * @throws If no signature is found in the PSBT\n * @throws If the signature has an unexpected length\n */\nexport function extractPayoutSignature(\n signedPsbtHex: string,\n depositorPubkey: string,\n inputIndex = 0,\n): string {\n const signedPsbt = Psbt.fromHex(signedPsbtHex);\n\n if (inputIndex >= signedPsbt.data.inputs.length) {\n throw new Error(\n `Input index ${inputIndex} out of range (${signedPsbt.data.inputs.length} inputs)`,\n );\n }\n\n const input = signedPsbt.data.inputs[inputIndex];\n\n // Case 1: Non-finalized PSBT — extract from tapScriptSig\n if (input.tapScriptSig && input.tapScriptSig.length > 0) {\n const depositorPubkeyBytes = hexToUint8Array(depositorPubkey);\n\n for (const sigEntry of input.tapScriptSig) {\n if (sigEntry.pubkey.equals(Buffer.from(depositorPubkeyBytes))) {\n return extractSchnorrSig(sigEntry.signature, inputIndex);\n }\n }\n\n throw new Error(\n `No signature found for depositor pubkey: ${depositorPubkey} at input ${inputIndex}`,\n );\n }\n\n // Case 2: Finalized PSBT — extract from finalScriptWitness\n // Taproot single-signature script-path witness: [signature, script, controlBlock].\n // Enforce the exact stack size so that if a wallet produces an unexpected\n // finalization (e.g. a multi-signature stack, an annex, or malformed data),\n // we fail loudly instead of silently returning witnessStack[0] which may\n // not be the depositor's signature.\n if (input.finalScriptWitness && input.finalScriptWitness.length > 0) {\n const witnessStack = parseWitnessStack(input.finalScriptWitness);\n if (witnessStack.length !== TAPROOT_SINGLE_SIG_WITNESS_STACK_SIZE) {\n throw new Error(\n `Unexpected finalized witness stack size at input ${inputIndex}: ` +\n `expected ${TAPROOT_SINGLE_SIG_WITNESS_STACK_SIZE} items (signature, script, controlBlock), ` +\n `got ${witnessStack.length}`,\n );\n }\n return extractSchnorrSig(witnessStack[0], inputIndex);\n }\n\n throw new Error(\n `No tapScriptSig or finalScriptWitness found in signed PSBT at input ${inputIndex}`,\n );\n}\n\n/**\n * Extract and validate a 64-byte Schnorr signature.\n * Rejects 65-byte signatures because the appended sighash byte changes the\n * Taproot message being signed; stripping it would produce an unverifiable\n * SIGHASH_DEFAULT signature.\n * @internal\n */\nfunction extractSchnorrSig(sig: Uint8Array, inputIndex: number): string {\n if (sig.length === 64) {\n return uint8ArrayToHex(new Uint8Array(sig));\n }\n if (sig.length === 65) {\n throw new Error(\n `Unexpected sighash byte 0x${sig[64].toString(16).padStart(2, \"0\")} at input ${inputIndex}. ` +\n \"Expected implicit SIGHASH_DEFAULT as a 64-byte signature.\",\n );\n }\n throw new Error(\n `Unexpected signature length at input ${inputIndex}: ${sig.length}`,\n );\n}\n\n/**\n * Parse a BIP-141 serialized witness stack into individual stack items.\n * Format: [varint item_count] [varint len, data]...\n *\n * Throws on malformed input (truncated buffer, 8-byte varints, or trailing\n * bytes) so callers never receive silently-corrupted witness items.\n * @internal\n */\nfunction parseWitnessStack(witness: Buffer): Buffer[] {\n const items: Buffer[] = [];\n let offset = 0;\n\n const requireBytes = (n: number): void => {\n if (offset + n > witness.length) {\n throw new Error(\n `Malformed witness data: need ${n} byte(s) at offset ${offset}, only ${witness.length - offset} remaining`,\n );\n }\n };\n\n const readVarInt = (): number => {\n requireBytes(1);\n const first = witness[offset++];\n if (first < 0xfd) return first;\n if (first === 0xfd) {\n requireBytes(2);\n const val = (witness[offset] | (witness[offset + 1] << 8)) >>> 0;\n offset += 2;\n return val;\n }\n if (first === 0xfe) {\n requireBytes(4);\n const val =\n (witness[offset] |\n (witness[offset + 1] << 8) |\n (witness[offset + 2] << 16) |\n (witness[offset + 3] << 24)) >>>\n 0;\n offset += 4;\n return val;\n }\n // 0xff — 8-byte varint. Not used for witness sizes in practice and JS\n // numbers cannot represent all 64-bit values exactly, so reject rather\n // than risk silent truncation.\n throw new Error(\n `Malformed witness data: 8-byte varint (0xff) not supported at offset ${offset - 1}`,\n );\n };\n\n const count = readVarInt();\n for (let i = 0; i < count; i++) {\n const len = readVarInt();\n requireBytes(len);\n items.push(Buffer.from(witness.subarray(offset, offset + len)));\n offset += len;\n }\n\n if (offset !== witness.length) {\n throw new Error(\n `Malformed witness data: ${witness.length - offset} trailing byte(s) after parsing ${count} item(s)`,\n );\n }\n\n return items;\n}\n\n","/**\n * Asserts a wallet-returned PSBT encodes the same unsigned transaction\n * as the locally-built PSBT we asked the wallet to sign. Per-input PSBT\n * metadata (witnessUtxo, tapLeafScript, sighashType) is intentionally NOT\n * compared — those fields are committed to the Schnorr sighash and the\n * vault provider's `verify_depositor_signature` rejects mismatches there.\n * This primitive defends the path where a colluding VP would otherwise\n * accept a wallet-substituted signature.\n */\n\nimport { Buffer } from \"buffer\";\n\nimport { Psbt } from \"bitcoinjs-lib\";\n\n/**\n * Thrown when a wallet-returned PSBT encodes a different unsigned\n * transaction than the one the caller asked the wallet to sign.\n */\nexport class PsbtSubstitutionError extends Error {\n constructor(detail: string) {\n super(\n `Wallet returned a PSBT for a different transaction: ${detail}`,\n );\n this.name = \"PsbtSubstitutionError\";\n }\n}\n\nexport interface AssertPsbtUnsignedTxMatchesParams {\n /** PSBT we built locally and asked the wallet to sign. */\n requestedPsbtHex: string;\n /** PSBT the wallet returned after signing. */\n returnedPsbtHex: string;\n}\n\nfunction parsePsbt(label: \"requested\" | \"returned\", hex: string): Psbt {\n try {\n return Psbt.fromHex(hex);\n } catch (cause) {\n const reason = cause instanceof Error ? cause.message : String(cause);\n throw new Error(`Failed to parse ${label} PSBT: ${reason}`);\n }\n}\n\n/**\n * Length of the hex prefix included in mismatch errors. Short enough that\n * full prevout txids and output scriptPubKeys never reach logs / error\n * trackers, long enough to disambiguate during forensic triage.\n */\nconst REDACTED_HEX_PREFIX_LEN = 8;\n\nfunction redactHex(buf: Buffer): string {\n return `${buf.toString(\"hex\").slice(0, REDACTED_HEX_PREFIX_LEN)}…`;\n}\n\n/**\n * `bitcoinjs-lib` exposes `txInputs[i].hash` in internal little-endian form;\n * a human reading logs expects the big-endian txid an explorer would show.\n * Reverse before truncating so the surfaced prefix matches what an operator\n * can search for.\n */\nfunction redactTxid(internalHash: Buffer): string {\n const reversed = Buffer.from(internalHash).reverse();\n return redactHex(reversed);\n}\n\n/**\n * Compare two PSBTs and throw `PsbtSubstitutionError` unless they encode\n * the same unsigned transaction (version, locktime, inputs, outputs).\n *\n * @throws PsbtSubstitutionError on any mismatch in the unsigned tx\n * @throws Error if either PSBT cannot be parsed\n */\nexport function assertPsbtUnsignedTxMatches(\n params: AssertPsbtUnsignedTxMatchesParams,\n): void {\n const requested = parsePsbt(\"requested\", params.requestedPsbtHex);\n const returned = parsePsbt(\"returned\", params.returnedPsbtHex);\n\n if (requested.version !== returned.version) {\n throw new PsbtSubstitutionError(\n `tx version differs (requested=${requested.version}, returned=${returned.version})`,\n );\n }\n if (requested.locktime !== returned.locktime) {\n throw new PsbtSubstitutionError(\n `tx locktime differs (requested=${requested.locktime}, returned=${returned.locktime})`,\n );\n }\n if (requested.txInputs.length !== returned.txInputs.length) {\n throw new PsbtSubstitutionError(\n `input count differs (requested=${requested.txInputs.length}, returned=${returned.txInputs.length})`,\n );\n }\n if (requested.txOutputs.length !== returned.txOutputs.length) {\n throw new PsbtSubstitutionError(\n `output count differs (requested=${requested.txOutputs.length}, returned=${returned.txOutputs.length})`,\n );\n }\n for (let i = 0; i < requested.txInputs.length; i++) {\n const r = requested.txInputs[i];\n const s = returned.txInputs[i];\n if (!r.hash.equals(s.hash)) {\n throw new PsbtSubstitutionError(\n `input ${i} prevout txid differs (requested=${redactTxid(r.hash)}, returned=${redactTxid(s.hash)})`,\n );\n }\n if (r.index !== s.index) {\n throw new PsbtSubstitutionError(\n `input ${i} prevout vout differs (requested=${r.index}, returned=${s.index})`,\n );\n }\n if (r.sequence !== s.sequence) {\n throw new PsbtSubstitutionError(\n `input ${i} sequence differs (requested=${r.sequence}, returned=${s.sequence})`,\n );\n }\n }\n for (let i = 0; i < requested.txOutputs.length; i++) {\n const r = requested.txOutputs[i];\n const s = returned.txOutputs[i];\n if (!r.script.equals(s.script)) {\n throw new PsbtSubstitutionError(\n `output ${i} scriptPubKey differs (requested=${redactHex(r.script)}, returned=${redactHex(s.script)})`,\n );\n }\n if (r.value !== s.value) {\n throw new PsbtSubstitutionError(\n `output ${i} value differs (requested=${r.value}, returned=${s.value})`,\n );\n }\n }\n}\n","/**\n * Independent BIP-340 verification of a wallet-returned Taproot script-path\n * Schnorr signature against an independently-recomputed sighash.\n *\n * Critical Path #7 (CLAUDE.md): the SDK requests script-path signatures with\n * `useTweakedSigner: false, autoFinalized: false`. Wallet support for the\n * untweaked-key flag is inconsistent — older OKX / mobile bridges silently sign\n * with the *tweaked* key, Keystone ignores the flag — and a compromised\n * extension can stuff a 64-byte stub into `tapScriptSig`. A bad signature that\n * the SDK forwards is only caught on broadcast; in the worst case it passes the\n * VP off-chain but Bitcoin rejects it, leaving the depositor's BTC locked in the\n * HTLC until `timelockRefund` matures. This guard rejects such signatures before\n * they are trusted.\n *\n * Why verify against the *locally-built* PSBT, not the wallet-returned one:\n * `assertPsbtUnsignedTxMatches` pins the unsigned transaction but deliberately\n * skips per-input metadata (`witnessUtxo`, `tapLeafScript`). A malicious wallet\n * could rewrite those consistently in the returned PSBT so a wrong-message\n * signature self-validates. The trusted prevout scripts/values and leaf script\n * therefore come from the PSBT we built ourselves (derived from on-chain / WASM\n * sources); only the 64-byte signature comes from the wallet.\n *\n * Reuses the exact primitives `bip322Verify.ts` already depends on — no new\n * dependency:\n * - `@bitcoin-js/tiny-secp256k1-asmjs` → `verifySchnorr`\n * - `bitcoinjs-lib` → `Transaction.hashForWitnessV1`, `crypto.taggedHash` (TapLeaf hash)\n *\n * @module tbv/core/primitives/psbt/verifyScriptPathSchnorrSignature\n */\n\nimport * as ecc from \"@bitcoin-js/tiny-secp256k1-asmjs\";\nimport { Psbt, Transaction, crypto as bcrypto } from \"bitcoinjs-lib\";\n\nimport { Buffer } from \"buffer\";\n\nimport {\n SCHNORR_SIG_HEX_LEN,\n TAPSCRIPT_LEAF_VERSION,\n X_ONLY_PUBKEY_HEX_LEN,\n hexToUint8Array,\n stripHexPrefix,\n} from \"../utils/bitcoin\";\n\n// Bitcoin CompactSize (varint) prefix markers — values fixed by the protocol.\n// https://developer.bitcoin.org/reference/transactions.html#compactsize-unsigned-integers\nconst COMPACT_SIZE_UINT16_PREFIX = 0xfd; // value in [0xfd, 0xffff] → 0xfd + uint16 LE\nconst COMPACT_SIZE_UINT32_PREFIX = 0xfe; // value in [0x10000, 0xffffffff] → 0xfe + uint32 LE\nconst COMPACT_SIZE_UINT16_MAX = 0xffff;\nconst COMPACT_SIZE_UINT32_MAX = 0xffffffff;\n\n/**\n * Encode a length as a Bitcoin CompactSize (varint). Tapscript leaf scripts can\n * exceed 252 bytes (WOTS scripts), so the multi-byte forms are required, not\n * just the single-byte fast path.\n */\nfunction encodeCompactSize(n: number): Buffer {\n if (n < COMPACT_SIZE_UINT16_PREFIX) {\n return Buffer.from([n]);\n }\n if (n <= COMPACT_SIZE_UINT16_MAX) {\n const value = Buffer.alloc(2); // uint16, little-endian\n value.writeUInt16LE(n);\n return Buffer.concat([Buffer.from([COMPACT_SIZE_UINT16_PREFIX]), value]);\n }\n if (n <= COMPACT_SIZE_UINT32_MAX) {\n const value = Buffer.alloc(4); // uint32, little-endian\n value.writeUInt32LE(n);\n return Buffer.concat([Buffer.from([COMPACT_SIZE_UINT32_PREFIX]), value]);\n }\n throw new Error(`Script too large to encode as CompactSize: ${n} bytes`);\n}\n\n/** BIP-341 tag for the TapLeaf hash. */\nconst TAPLEAF_TAG = \"TapLeaf\";\n\n/**\n * Compute the BIP-341 TapLeaf hash for a tapscript leaf:\n * `tagged_hash(\"TapLeaf\", leaf_version || compact_size(script) || script)`.\n */\nfunction computeTapLeafHash(leafVersion: number, script: Uint8Array): Buffer {\n const preimage = Buffer.concat([\n Buffer.from([leafVersion]),\n encodeCompactSize(script.length),\n Buffer.from(script),\n ]);\n return bcrypto.taggedHash(TAPLEAF_TAG, preimage);\n}\n\nexport interface VerifyScriptPathSchnorrSignatureParams {\n /**\n * Hex of the PSBT we built locally and sent to the wallet (the trusted\n * source of prevout scripts/values and the leaf script). NOT the\n * wallet-returned PSBT.\n */\n requestedPsbtHex: string;\n /** The 64-byte Schnorr signature extracted from the wallet's response (128 hex chars). */\n signatureHex: string;\n /** X-only public key (64 hex chars) the wallet signed the script-path leaf with. */\n signerXOnlyPubkeyHex: string;\n /** Index of the input the signature is for. */\n inputIndex: number;\n}\n\n/**\n * Assert that `signatureHex` is a valid BIP-340 Schnorr signature by the\n * `signerXOnlyPubkeyHex` key over the Taproot script-path sighash of\n * `requestedPsbtHex` input `inputIndex` (SIGHASH_DEFAULT).\n *\n * @throws If the requested PSBT is malformed, lacks the prevout/leaf data needed\n * to recompute the sighash, or the signature does not verify.\n */\nexport function assertScriptPathSchnorrSignature(\n params: VerifyScriptPathSchnorrSignatureParams,\n): void {\n const { requestedPsbtHex, signatureHex, signerXOnlyPubkeyHex, inputIndex } =\n params;\n\n const signatureRaw = stripHexPrefix(signatureHex);\n if (signatureRaw.length !== SCHNORR_SIG_HEX_LEN) {\n throw new Error(\n `Schnorr signature for input ${inputIndex} must be ${SCHNORR_SIG_HEX_LEN} hex chars ` +\n `(64 bytes), got ${signatureRaw.length}.`,\n );\n }\n\n const signerXOnly = stripHexPrefix(signerXOnlyPubkeyHex);\n if (signerXOnly.length !== X_ONLY_PUBKEY_HEX_LEN) {\n throw new Error(\n `Signer x-only pubkey for input ${inputIndex} must be ${X_ONLY_PUBKEY_HEX_LEN} hex chars ` +\n `(32 bytes), got ${signerXOnly.length}.`,\n );\n }\n\n const psbt = Psbt.fromHex(requestedPsbtHex);\n\n if (inputIndex < 0 || inputIndex >= psbt.data.inputs.length) {\n throw new Error(\n `Input index ${inputIndex} out of range (${psbt.data.inputs.length} inputs).`,\n );\n }\n\n // Taproot's sighash commits to every input's prevout (script + value), so all\n // inputs must carry a witnessUtxo. A missing one is a build error, not a\n // value we can default — fail loudly.\n const prevOutScripts: Buffer[] = [];\n const values: number[] = [];\n for (let i = 0; i < psbt.data.inputs.length; i++) {\n const witnessUtxo = psbt.data.inputs[i].witnessUtxo;\n if (!witnessUtxo) {\n throw new Error(\n `Cannot verify signature: input ${i} of the requested PSBT has no witnessUtxo ` +\n `(required to recompute the Taproot sighash).`,\n );\n }\n prevOutScripts.push(witnessUtxo.script);\n values.push(witnessUtxo.value);\n }\n\n // The signed input must expose exactly one tapLeafScript — the leaf the\n // depositor signs. Zero means we sent the wrong PSBT; more than one means an\n // ambiguous spend path we never construct for a single-signature input.\n const tapLeafScripts = psbt.data.inputs[inputIndex].tapLeafScript;\n if (!tapLeafScripts || tapLeafScripts.length !== 1) {\n throw new Error(\n `Cannot verify signature: input ${inputIndex} of the requested PSBT must have exactly ` +\n `one tapLeafScript, got ${tapLeafScripts?.length ?? 0}.`,\n );\n }\n const leaf = tapLeafScripts[0];\n if (leaf.leafVersion !== TAPSCRIPT_LEAF_VERSION) {\n throw new Error(\n `Cannot verify signature: input ${inputIndex} tapLeafScript has leaf version ` +\n `0x${leaf.leafVersion.toString(16)}, expected 0x${TAPSCRIPT_LEAF_VERSION.toString(16)}.`,\n );\n }\n\n const leafHash = computeTapLeafHash(leaf.leafVersion, leaf.script);\n\n // Reconstruct the unsigned transaction from the requested PSBT using only\n // public bitcoinjs-lib API (same pattern as bip322Verify.ts), then compute the\n // BIP-341 script-path sighash with SIGHASH_DEFAULT.\n const tx = new Transaction();\n tx.version = psbt.version;\n tx.locktime = psbt.locktime;\n for (const input of psbt.txInputs) {\n tx.addInput(input.hash, input.index, input.sequence);\n }\n for (const output of psbt.txOutputs) {\n tx.addOutput(output.script, output.value);\n }\n\n const sighash = tx.hashForWitnessV1(\n inputIndex,\n prevOutScripts,\n values,\n Transaction.SIGHASH_DEFAULT,\n leafHash,\n );\n\n const isValid = ecc.verifySchnorr(\n sighash,\n hexToUint8Array(signerXOnly),\n hexToUint8Array(signatureRaw),\n );\n\n if (!isValid) {\n throw new Error(\n `Schnorr signature for input ${inputIndex} (signer ${signerXOnly}) does not verify ` +\n `against the expected Taproot script-path sighash. The wallet may have signed with ` +\n `the tweaked key, signed a different transaction, or returned an invalid signature.`,\n );\n }\n}\n"],"names":["assertWasmPeginSizing","result","params","expectedCount","expectedClaimValue","computeMinClaimValue","maxImpliedFee","MAX_REASONABLE_PEGIN_VBYTES","requested","peginAmount","htlcValue","impliedFee","assertEncodedHtlcOutputsMatch","outputs","htlcValues","htlcScriptPubKeys","i","encodedValue","encodedScript","expectedScript","AUTH_ANCHOR_HASH_HEX_LEN","HEX_PATTERN","buildPrePeginPsbt","authAnchorHash","normalizeAuthAnchorHash","createPrePeginTransaction","parsed","parseUnfundedWasmTransaction","totalOutputValue","sum","o","authAnchorVout","value","cleaned","buildPeginTxFromFundedPrePegin","buildPeginTxFromPrePegin","createPayoutScript","connector","createPayoutConnector","TAPROOT_SINGLE_SIG_WITNESS_STACK_SIZE","MAX_PAYOUT_FEE_FRACTION_NUMERATOR","MAX_PAYOUT_FEE_FRACTION_DENOMINATOR","buildPayoutPsbt","payoutTxHex","stripHexPrefix","peginTxHex","assertTxHex","payoutConnector","payoutScriptBytes","hexToUint8Array","controlBlock","payoutTx","Transaction","peginTx","assertTx","psbt","Psbt","input0","input1","input0Txid","uint8ArrayToHex","peginTxid","PEGIN_VAULT_OUTPUT_INDEX","input1Txid","assertTxid","ASSERT_PAYOUT_OUTPUT_INDEX","peginPrevOut","input1PrevOut","assertPayoutOutputLayout","inputValueSats","outputValueSats","out","implicitFeeSats","maxFeeSats","TAPSCRIPT_LEAF_VERSION","Buffer","tapInternalPubkey","output","args","peginValueSats","claimerBtcPubkey","vaultProviderBtcPubkey","depositorBtcPubkey","vaultKeeperBtcPubkeys","registeredPayoutScriptPubKey","commissionBps","isValidHex","claimer","vp","dep","keepers","k","role","expectedOutCount","expectedOut0ScriptHex","VP_CLAIMER_PAYOUT_OUTPUT_COUNT","NON_VP_CLAIMER_PAYOUT_OUTPUT_COUNT","deriveBip86ScriptPubKeyHex","expectedOut0Script","anchorIdx","PAYOUT_ANCHOR_DUST_SATS","MAX_VP_COMMISSION_BPS_EXCLUSIVE","maxCommissionSats","extractPayoutSignature","signedPsbtHex","depositorPubkey","inputIndex","signedPsbt","input","depositorPubkeyBytes","sigEntry","extractSchnorrSig","witnessStack","parseWitnessStack","sig","witness","items","offset","requireBytes","n","readVarInt","first","val","count","len","PsbtSubstitutionError","detail","parsePsbt","label","hex","cause","reason","REDACTED_HEX_PREFIX_LEN","redactHex","buf","redactTxid","internalHash","reversed","assertPsbtUnsignedTxMatches","returned","r","s","COMPACT_SIZE_UINT16_PREFIX","COMPACT_SIZE_UINT32_PREFIX","COMPACT_SIZE_UINT16_MAX","COMPACT_SIZE_UINT32_MAX","encodeCompactSize","TAPLEAF_TAG","computeTapLeafHash","leafVersion","script","preimage","bcrypto","assertScriptPathSchnorrSignature","requestedPsbtHex","signatureHex","signerXOnlyPubkeyHex","signatureRaw","SCHNORR_SIG_HEX_LEN","signerXOnly","X_ONLY_PUBKEY_HEX_LEN","prevOutScripts","values","witnessUtxo","tapLeafScripts","leaf","leafHash","tx","sighash","ecc"],"mappings":"wjBA4CA,eAAsBA,EACpBC,EACAC,EACe,CACf,MAAMC,EAAgBD,EAAO,aAAa,OAI1C,GAAID,EAAO,WAAW,SAAWE,EAC/B,MAAM,IAAI,MACR,2BAA2BF,EAAO,WAAW,MAAM,4BACrCE,CAAa,+BAAA,EAG/B,GACEF,EAAO,aAAa,SAAWE,GAC/BF,EAAO,kBAAkB,SAAWE,GACpCF,EAAO,cAAc,SAAWE,EAEhC,MAAM,IAAI,MACR,gEACiBF,EAAO,WAAW,MAAM,kBACvBA,EAAO,aAAa,MAAM,uBACrBA,EAAO,kBAAkB,MAAM,mBACnCA,EAAO,cAAc,MAAM,eAChCE,CAAa,QAAA,EAO/B,GAAIF,EAAO,qBAAuB,GAChC,MAAM,IAAI,MACR,4DACKA,EAAO,mBAAmB,iBAAA,EAGnC,MAAMG,EAAqB,MAAMC,EAAAA,qBAC/BH,EAAO,oBACPA,EAAO,2BAA2B,OAClCA,EAAO,cACPA,EAAO,YACPA,EAAO,OAAA,EAET,GAAID,EAAO,sBAAwBG,EACjC,MAAM,IAAI,MACR,sCAAsCH,EAAO,mBAAmB,kEAE3DG,CAAkB,yBAAyBF,EAAO,mBAAmB,6BAC7CA,EAAO,2BAA2B,MAAM,mBAClDA,EAAO,aAAa,iBAAiBA,EAAO,WAAW,aAC7DA,EAAO,OAAO,IAAA,EAI/B,MAAMI,EAAgBJ,EAAO,gBAAkBK,EAAAA,4BAE/C,QAAS,EAAI,EAAG,EAAIJ,EAAe,IAAK,CACtC,MAAMK,EAAYN,EAAO,aAAa,CAAC,EACjCO,EAAcR,EAAO,aAAa,CAAC,EACnCS,EAAYT,EAAO,WAAW,CAAC,EAOrC,GAAIQ,IAAgBD,EAClB,MAAM,IAAI,MACR,8BAA8B,CAAC,KAAKC,CAAW,wCACzBD,CAAS,sFAAA,EAInC,GAAIC,GAAe,GACjB,MAAM,IAAI,MACR,8BAA8B,CAAC,sBAAsBA,CAAW,kBAAA,EAIpE,GAAIC,GAAa,GACf,MAAM,IAAI,MACR,4BAA4B,CAAC,sBAAsBA,CAAS,kBAAA,EAQhE,MAAMC,EAAaD,EAAYD,EAAcR,EAAO,oBACpD,GAAIU,GAAc,GAChB,MAAM,IAAI,MACR,4BAA4B,CAAC,KAAKD,CAAS,wCAC1BD,CAAW,0BACvBR,EAAO,mBAAmB,+BAC1BU,CAAU,IAAA,EAGnB,GAAIA,EAAaL,EACf,MAAM,IAAI,MACR,6CAA6C,CAAC,MAAMK,CAAU,sCAC5BL,CAAa,yBACzBJ,EAAO,eAAe,MACvCK,EAAAA,2BAA2B,uBAAuBG,CAAS,4BAAA,CAItE,CACF,CAwBO,SAASE,EACdC,EACAC,EACAC,EACM,CACN,GAAIF,EAAQ,OAASC,EAAW,OAC9B,MAAM,IAAI,MACR,4BAA4BD,EAAQ,MAAM,8BACrCC,EAAW,MAAM,4CAAA,EAI1B,QAASE,EAAI,EAAGA,EAAIF,EAAW,OAAQE,IAAK,CAC1C,MAAMC,EAAe,OAAOJ,EAAQG,CAAC,EAAE,KAAK,EAC5C,GAAIC,IAAiBH,EAAWE,CAAC,EAC/B,MAAM,IAAI,MACR,iCAAiCA,CAAC,WAAWC,CAAY,+CAClBH,EAAWE,CAAC,CAAC,4DAAA,EAKxD,MAAME,EAAgBL,EAAQG,CAAC,EAAE,OAAO,SAAS,KAAK,EAAE,YAAA,EAClDG,EAAiBJ,EAAkBC,CAAC,EAAE,YAAA,EAC5C,GAAIE,IAAkBC,EACpB,MAAM,IAAI,MACR,iCAAiCH,CAAC,kBAAkBE,CAAa,sDACfC,CAAc,GAAA,CAGtE,CACF,CCxIA,MAAMC,EAA2B,GAE3BC,EAAc,iBA2EpB,eAAsBC,EACpBpB,EAC6B,CAC7B,MAAMqB,EAAiBC,EAAwBtB,EAAO,cAAc,EAE9DD,EAAS,MAAMwB,4BAA0B,CAC7C,gBAAiBvB,EAAO,gBACxB,oBAAqBA,EAAO,oBAC5B,mBAAoBA,EAAO,mBAC3B,2BAA4BA,EAAO,2BACnC,UAAW,CAAC,GAAGA,EAAO,SAAS,EAC/B,eAAgBA,EAAO,eACvB,aAAc,CAAC,GAAGA,EAAO,YAAY,EACrC,QAASA,EAAO,QAChB,gBAAiBA,EAAO,gBACxB,oBAAqBA,EAAO,oBAC5B,cAAeA,EAAO,cACtB,YAAaA,EAAO,YACpB,QAASA,EAAO,QAChB,eAAAqB,CAAA,CACD,EAMD,MAAMvB,EAAsBC,EAAQC,CAAM,EAK1C,MAAMwB,EAASC,EAAAA,6BAA6B1B,EAAO,KAAK,EAMxDW,EACEc,EAAO,QACPzB,EAAO,WACPA,EAAO,iBAAA,EAGT,MAAM2B,EAAmBF,EAAO,QAAQ,OACtC,CAACG,EAAKC,IAAMD,EAAM,OAAOC,EAAE,KAAK,EAChC,EAAA,EAKIC,EACJR,IAAmB,OAAYtB,EAAO,WAAW,OAAS,KAE5D,MAAO,CACL,QAASA,EAAO,MAChB,iBAAA2B,EACA,WAAY3B,EAAO,WACnB,kBAAmBA,EAAO,kBAC1B,cAAeA,EAAO,cACtB,aAAcA,EAAO,aACrB,oBAAqBA,EAAO,oBAC5B,eAAA8B,CAAA,CAEJ,CAMO,SAASP,EACdQ,EACoB,CACpB,GAAIA,IAAU,OAAW,OACzB,MAAMC,EACJD,EAAM,WAAW,IAAI,GAAKA,EAAM,WAAW,IAAI,EAAIA,EAAM,MAAM,CAAC,EAAIA,EACtE,GACEC,EAAQ,SAAWb,GACnB,CAACC,EAAY,KAAKY,CAAO,EAEzB,MAAM,IAAI,MACR,uCAAuCb,CAAwB,qCAAqCa,EAAQ,MAAM,EAAA,EAGtH,OAAOA,EAAQ,YAAA,CACjB,CAYA,eAAsBC,EACpBhC,EACwB,CAMxB,MAAMD,EAAS,MAAMkC,EAAAA,yBACnB,CACE,gBAAiBjC,EAAO,eAAe,gBACvC,oBAAqBA,EAAO,eAAe,oBAC3C,mBAAoBA,EAAO,eAAe,mBAC1C,2BACEA,EAAO,eAAe,2BACxB,UAAW,CAAC,GAAGA,EAAO,eAAe,SAAS,EAC9C,eAAgBA,EAAO,eAAe,eACtC,aAAc,CAAC,GAAGA,EAAO,eAAe,YAAY,EACpD,QAASA,EAAO,eAAe,QAC/B,gBAAiBA,EAAO,eAAe,gBACvC,oBAAqBA,EAAO,eAAe,oBAC3C,cAAeA,EAAO,eAAe,cACrC,YAAaA,EAAO,eAAe,YACnC,QAASA,EAAO,eAAe,QAC/B,eAAgBsB,EACdtB,EAAO,eAAe,cAAA,CACxB,EAEFA,EAAO,cACPA,EAAO,oBACPA,EAAO,QAAA,EAGT,MAAO,CACL,MAAOD,EAAO,MACd,KAAMA,EAAO,KACb,kBAAmBA,EAAO,kBAC1B,WAAYA,EAAO,UAAA,CAEvB,CC/IA,eAAsBmC,EACpBlC,EAC6B,CAE7B,MAAMmC,EAAY,MAAMC,EAAAA,sBACtB,CACE,UAAWpC,EAAO,UAClB,cAAeA,EAAO,cACtB,aAAcA,EAAO,aACrB,qBAAsBA,EAAO,qBAC7B,cAAeA,EAAO,aAAA,EAExBA,EAAO,OAAA,EAGT,MAAO,CACL,aAAcmC,EAAU,aACxB,kBAAmBA,EAAU,kBAC7B,aAAcA,EAAU,aACxB,QAASA,EAAU,QACnB,mBAAoBA,EAAU,kBAAA,CAElC,CCvHA,MAAME,EAAwC,EAQxCC,EAAoC,GACpCC,EAAsC,IAoH5C,eAAsBC,EACpBxC,EAC2B,CAE3B,MAAMyC,EAAcC,EAAAA,eAAe1C,EAAO,WAAW,EAC/C2C,EAAaD,EAAAA,eAAe1C,EAAO,UAAU,EAC7C4C,EAAcF,EAAAA,eAAe1C,EAAO,WAAW,EAG/C6C,EAAkB,MAAMX,EAAmB,CAC/C,UAAWlC,EAAO,mBAClB,cAAeA,EAAO,uBACtB,aAAcA,EAAO,sBACrB,qBAAsBA,EAAO,8BAC7B,cAAeA,EAAO,cACtB,QAASA,EAAO,OAAA,CACjB,EAEK8C,EAAoBC,EAAAA,gBAAgBF,EAAgB,YAAY,EAChEG,EAAeD,EAAAA,gBAAgBF,EAAgB,kBAAkB,EAGjEI,EAAWC,EAAAA,YAAY,QAAQT,CAAW,EAC1CU,EAAUD,EAAAA,YAAY,QAAQP,CAAU,EACxCS,EAAWF,EAAAA,YAAY,QAAQN,CAAW,EAG1CS,EAAO,IAAIC,OAajB,GAZAD,EAAK,WAAWJ,EAAS,OAAO,EAChCI,EAAK,YAAYJ,EAAS,QAAQ,EAW9BA,EAAS,IAAI,SAAW,EAC1B,MAAM,IAAI,MACR,sDAAsDA,EAAS,IAAI,MAAM,EAAA,EAI7E,MAAMM,EAASN,EAAS,IAAI,CAAC,EACvBO,EAASP,EAAS,IAAI,CAAC,EAMvBQ,EAAaC,EAAAA,gBACjB,IAAI,WAAWH,EAAO,IAAI,EAAE,MAAA,EAAQ,QAAA,CAAQ,EAExCI,EAAYR,EAAQ,MAAA,EAE1B,GAAIM,IAAeE,GAAaJ,EAAO,QAAUK,EAAAA,yBAC/C,MAAM,IAAI,MACR,4BAA4BA,EAAAA,wBAAwB,cACtCD,CAAS,IAAIC,0BAAwB,SAASH,CAAU,IAAIF,EAAO,KAAK,EAAA,EAK1F,MAAMM,EAAaH,EAAAA,gBACjB,IAAI,WAAWF,EAAO,IAAI,EAAE,MAAA,EAAQ,QAAA,CAAQ,EAExCM,EAAaV,EAAS,MAAA,EAE5B,GAAIS,IAAeC,GAAcN,EAAO,QAAUO,EAAAA,2BAChD,MAAM,IAAI,MACR,6BAA6BA,EAAAA,0BAA0B,cACzCD,CAAU,IAAIC,4BAA0B,SAASF,CAAU,IAAIL,EAAO,KAAK,EAAA,EAI7F,MAAMQ,EAAeb,EAAQ,KAAKI,EAAO,KAAK,EAC9C,GAAI,CAACS,EACH,MAAM,IAAI,MACR,gDAAgDP,CAAU,YAAYF,EAAO,KAAK,GAAA,EAItF,MAAMU,EAAgBb,EAAS,KAAKI,EAAO,KAAK,EAChD,GAAI,CAACS,EACH,MAAM,IAAI,MACR,gDAAgDJ,CAAU,YAAYL,EAAO,KAAK,GAAA,EAMtFU,EAAyB,CACvB,SAAAjB,EACA,eAAgBe,EAAa,MAC7B,iBAAkBhE,EAAO,iBACzB,uBAAwBA,EAAO,uBAC/B,mBAAoBA,EAAO,mBAC3B,sBAAuBA,EAAO,sBAC9B,6BAA8BA,EAAO,6BACrC,cAAeA,EAAO,aAAA,CACvB,EAID,MAAMmE,EAAiBH,EAAa,MAAQC,EAAc,MAC1D,IAAIG,EAAkB,EACtB,UAAWC,KAAOpB,EAAS,KAAMmB,GAAmBC,EAAI,MACxD,GAAID,EAAkBD,EACpB,MAAM,IAAI,MACR,mBAAmBC,CAAe,yBAC5BD,CAAc,8BAAA,EAGxB,MAAMG,EAAkBH,EAAiBC,EACnCG,EAAa,KAAK,MACrBJ,EAAiB7B,EAChBC,CAAA,EAEJ,GAAI+B,EAAkBC,EACpB,MAAM,IAAI,MACR,uBAAuBD,CAAe,mCAC9BC,CAAU,UACZjC,CAAiC,IAAIC,CAAmC,cAC/D4B,CAAc,6BAAA,EAMjCd,EAAK,SAAS,CACZ,KAAME,EAAO,KACb,MAAOA,EAAO,MACd,SAAUA,EAAO,SACjB,YAAa,CACX,OAAQS,EAAa,OACrB,MAAOA,EAAa,KAAA,EAEtB,cAAe,CACb,CACE,YAAaQ,EAAAA,uBACb,OAAQC,EAAAA,OAAO,KAAK3B,CAAiB,EACrC,aAAc2B,EAAAA,OAAO,KAAKzB,CAAY,CAAA,CACxC,EAEF,eAAgByB,EAAAA,OAAO,KAAKC,EAAAA,iBAAiB,CAAA,CAE9C,EAKDrB,EAAK,SAAS,CACZ,KAAMG,EAAO,KACb,MAAOA,EAAO,MACd,SAAUA,EAAO,SACjB,YAAa,CACX,OAAQS,EAAc,OACtB,MAAOA,EAAc,KAAA,CACvB,CAED,EAGD,UAAWU,KAAU1B,EAAS,KAC5BI,EAAK,UAAU,CACb,OAAQsB,EAAO,OACf,MAAOA,EAAO,KAAA,CACf,EAGH,MAAO,CACL,QAAStB,EAAK,MAAA,CAAM,CAExB,CAeA,SAASa,EAAyBU,EASzB,CACP,KAAM,CACJ,SAAA3B,EACA,eAAA4B,EACA,iBAAAC,EACA,uBAAAC,EACA,mBAAAC,EACA,sBAAAC,EACA,6BAAAC,EACA,cAAAC,CAAA,EACEP,EAEJ,GAAI,CAACQ,EAAAA,WAAWF,CAA4B,EAC1C,MAAM,IAAI,MAAM,qDAAqD,EAGvE,MAAMG,EAAU3C,EAAAA,eAAeoC,CAAgB,EAAE,YAAA,EAC3CQ,EAAK5C,EAAAA,eAAeqC,CAAsB,EAAE,YAAA,EAC5CQ,EAAM7C,EAAAA,eAAesC,CAAkB,EAAE,YAAA,EACzCQ,EAAUP,EAAsB,IAAKQ,GACzC/C,EAAAA,eAAe+C,CAAC,EAAE,YAAA,CAAY,EAIhC,IAAIC,EACAC,EACAC,EAEJ,GAAIP,IAAYC,EACdI,EAAO,aACPC,EAAmBE,EAAAA,+BACnBD,EAAwBlD,EAAAA,eAAewC,CAA4B,UAC1DG,IAAYE,EACrBG,EAAO,uBACPC,EAAmBG,EAAAA,mCACnBF,EAAwBlD,EAAAA,eAAewC,CAA4B,UAC1DM,EAAQ,SAASH,CAAO,EACjCK,EAAO,aACPC,EAAmBG,EAAAA,mCACnBF,EAAwBlD,EAAAA,eAAeqD,6BAA2BV,CAAO,CAAC,MAE1E,OAAM,IAAI,MACR,0BAA0BA,CAAO,mDAAA,EAIrC,GAAIpC,EAAS,KAAK,SAAW0C,EAC3B,MAAM,IAAI,MACR,0BAA0B1C,EAAS,KAAK,MAAM,gCACxB0C,CAAgB,aAAaD,CAAI,GAAA,EAI3D,MAAMM,EAAqBvB,EAAAA,OAAO,KAAKmB,EAAuB,KAAK,EACnE,GAAI,CAAC3C,EAAS,KAAK,CAAC,EAAE,OAAO,OAAO+C,CAAkB,EACpD,MAAM,IAAI,MACR,+EAA+EN,CAAI,EAAA,EAIvF,MAAMO,EAAYN,EAAmB,EACrC,GAAI1C,EAAS,KAAKgD,CAAS,EAAE,QAAUC,EAAAA,wBACrC,MAAM,IAAI,MACR,2BAA2BD,CAAS,WAAWhD,EAAS,KAAKgD,CAAS,EAAE,KAAK,oBAC7DC,EAAAA,uBAAuB,OAAA,EAI3C,GAAIR,IAAS,aAAc,CAKzB,GACE,CAAC,OAAO,UAAUP,CAAa,GAC/BA,EAAgB,GAChBA,GAAiBgB,kCAEjB,MAAM,IAAI,MACR,2CACSA,EAAAA,+BAA+B,UAAUhB,CAAa,EAAA,EAGnE,MAAMiB,EAAoB,KAAK,MAC5BvB,EAAiBM,EAAiBgB,EAAAA,+BAAA,EAErC,GAAIlD,EAAS,KAAK,CAAC,EAAE,MAAQmD,EAC3B,MAAM,IAAI,MACR,sCAAsCnD,EAAS,KAAK,CAAC,EAAE,KAAK,qBAC3CmD,CAAiB,UAC5BjB,CAAa,sBAAsBN,CAAc,GAAA,CAG7D,CACF,CAqBO,SAASwB,EACdC,EACAC,EACAC,EAAa,EACL,CACR,MAAMC,EAAanD,EAAAA,KAAK,QAAQgD,CAAa,EAE7C,GAAIE,GAAcC,EAAW,KAAK,OAAO,OACvC,MAAM,IAAI,MACR,eAAeD,CAAU,kBAAkBC,EAAW,KAAK,OAAO,MAAM,UAAA,EAI5E,MAAMC,EAAQD,EAAW,KAAK,OAAOD,CAAU,EAG/C,GAAIE,EAAM,cAAgBA,EAAM,aAAa,OAAS,EAAG,CACvD,MAAMC,EAAuB5D,EAAAA,gBAAgBwD,CAAe,EAE5D,UAAWK,KAAYF,EAAM,aAC3B,GAAIE,EAAS,OAAO,OAAOnC,EAAAA,OAAO,KAAKkC,CAAoB,CAAC,EAC1D,OAAOE,EAAkBD,EAAS,UAAWJ,CAAU,EAI3D,MAAM,IAAI,MACR,4CAA4CD,CAAe,aAAaC,CAAU,EAAA,CAEtF,CAQA,GAAIE,EAAM,oBAAsBA,EAAM,mBAAmB,OAAS,EAAG,CACnE,MAAMI,EAAeC,EAAkBL,EAAM,kBAAkB,EAC/D,GAAII,EAAa,SAAWzE,EAC1B,MAAM,IAAI,MACR,oDAAoDmE,CAAU,cAChDnE,CAAqC,iDAC1CyE,EAAa,MAAM,EAAA,EAGhC,OAAOD,EAAkBC,EAAa,CAAC,EAAGN,CAAU,CACtD,CAEA,MAAM,IAAI,MACR,uEAAuEA,CAAU,EAAA,CAErF,CASA,SAASK,EAAkBG,EAAiBR,EAA4B,CACtE,GAAIQ,EAAI,SAAW,GACjB,OAAOtD,kBAAgB,IAAI,WAAWsD,CAAG,CAAC,EAE5C,MAAIA,EAAI,SAAW,GACX,IAAI,MACR,6BAA6BA,EAAI,EAAE,EAAE,SAAS,EAAE,EAAE,SAAS,EAAG,GAAG,CAAC,aAAaR,CAAU,6DAAA,EAIvF,IAAI,MACR,wCAAwCA,CAAU,KAAKQ,EAAI,MAAM,EAAA,CAErE,CAUA,SAASD,EAAkBE,EAA2B,CACpD,MAAMC,EAAkB,CAAA,EACxB,IAAIC,EAAS,EAEb,MAAMC,EAAgBC,GAAoB,CACxC,GAAIF,EAASE,EAAIJ,EAAQ,OACvB,MAAM,IAAI,MACR,gCAAgCI,CAAC,sBAAsBF,CAAM,UAAUF,EAAQ,OAASE,CAAM,YAAA,CAGpG,EAEMG,EAAa,IAAc,CAC/BF,EAAa,CAAC,EACd,MAAMG,EAAQN,EAAQE,GAAQ,EAC9B,GAAII,EAAQ,IAAM,OAAOA,EACzB,GAAIA,IAAU,IAAM,CAClBH,EAAa,CAAC,EACd,MAAMI,GAAOP,EAAQE,CAAM,EAAKF,EAAQE,EAAS,CAAC,GAAK,KAAQ,EAC/D,OAAAA,GAAU,EACHK,CACT,CACA,GAAID,IAAU,IAAM,CAClBH,EAAa,CAAC,EACd,MAAMI,GACHP,EAAQE,CAAM,EACZF,EAAQE,EAAS,CAAC,GAAK,EACvBF,EAAQE,EAAS,CAAC,GAAK,GACvBF,EAAQE,EAAS,CAAC,GAAK,MAC1B,EACF,OAAAA,GAAU,EACHK,CACT,CAIA,MAAM,IAAI,MACR,wEAAwEL,EAAS,CAAC,EAAA,CAEtF,EAEMM,EAAQH,EAAA,EACd,QAASxG,EAAI,EAAGA,EAAI2G,EAAO3G,IAAK,CAC9B,MAAM4G,EAAMJ,EAAA,EACZF,EAAaM,CAAG,EAChBR,EAAM,KAAKzC,EAAAA,OAAO,KAAKwC,EAAQ,SAASE,EAAQA,EAASO,CAAG,CAAC,CAAC,EAC9DP,GAAUO,CACZ,CAEA,GAAIP,IAAWF,EAAQ,OACrB,MAAM,IAAI,MACR,2BAA2BA,EAAQ,OAASE,CAAM,mCAAmCM,CAAK,UAAA,EAI9F,OAAOP,CACT,CC9lBO,MAAMS,UAA8B,KAAM,CAC/C,YAAYC,EAAgB,CAC1B,MACE,uDAAuDA,CAAM,EAAA,EAE/D,KAAK,KAAO,uBACd,CACF,CASA,SAASC,EAAUC,EAAiCC,EAAmB,CACrE,GAAI,CACF,OAAOzE,EAAAA,KAAK,QAAQyE,CAAG,CACzB,OAASC,EAAO,CACd,MAAMC,EAASD,aAAiB,MAAQA,EAAM,QAAU,OAAOA,CAAK,EACpE,MAAM,IAAI,MAAM,mBAAmBF,CAAK,UAAUG,CAAM,EAAE,CAC5D,CACF,CAOA,MAAMC,GAA0B,EAEhC,SAASC,EAAUC,EAAqB,CACtC,MAAO,GAAGA,EAAI,SAAS,KAAK,EAAE,MAAM,EAAGF,EAAuB,CAAC,GACjE,CAQA,SAASG,EAAWC,EAA8B,CAChD,MAAMC,EAAW9D,EAAAA,OAAO,KAAK6D,CAAY,EAAE,QAAA,EAC3C,OAAOH,EAAUI,CAAQ,CAC3B,CASO,SAASC,GACdxI,EACM,CACN,MAAMM,EAAYuH,EAAU,YAAa7H,EAAO,gBAAgB,EAC1DyI,EAAWZ,EAAU,WAAY7H,EAAO,eAAe,EAE7D,GAAIM,EAAU,UAAYmI,EAAS,QACjC,MAAM,IAAId,EACR,iCAAiCrH,EAAU,OAAO,cAAcmI,EAAS,OAAO,GAAA,EAGpF,GAAInI,EAAU,WAAamI,EAAS,SAClC,MAAM,IAAId,EACR,kCAAkCrH,EAAU,QAAQ,cAAcmI,EAAS,QAAQ,GAAA,EAGvF,GAAInI,EAAU,SAAS,SAAWmI,EAAS,SAAS,OAClD,MAAM,IAAId,EACR,kCAAkCrH,EAAU,SAAS,MAAM,cAAcmI,EAAS,SAAS,MAAM,GAAA,EAGrG,GAAInI,EAAU,UAAU,SAAWmI,EAAS,UAAU,OACpD,MAAM,IAAId,EACR,mCAAmCrH,EAAU,UAAU,MAAM,cAAcmI,EAAS,UAAU,MAAM,GAAA,EAGxG,QAAS3H,EAAI,EAAGA,EAAIR,EAAU,SAAS,OAAQQ,IAAK,CAClD,MAAM4H,EAAIpI,EAAU,SAASQ,CAAC,EACxB6H,EAAIF,EAAS,SAAS3H,CAAC,EAC7B,GAAI,CAAC4H,EAAE,KAAK,OAAOC,EAAE,IAAI,EACvB,MAAM,IAAIhB,EACR,SAAS7G,CAAC,oCAAoCuH,EAAWK,EAAE,IAAI,CAAC,cAAcL,EAAWM,EAAE,IAAI,CAAC,GAAA,EAGpG,GAAID,EAAE,QAAUC,EAAE,MAChB,MAAM,IAAIhB,EACR,SAAS7G,CAAC,oCAAoC4H,EAAE,KAAK,cAAcC,EAAE,KAAK,GAAA,EAG9E,GAAID,EAAE,WAAaC,EAAE,SACnB,MAAM,IAAIhB,EACR,SAAS7G,CAAC,gCAAgC4H,EAAE,QAAQ,cAAcC,EAAE,QAAQ,GAAA,CAGlF,CACA,QAAS7H,EAAI,EAAGA,EAAIR,EAAU,UAAU,OAAQQ,IAAK,CACnD,MAAM4H,EAAIpI,EAAU,UAAUQ,CAAC,EACzB6H,EAAIF,EAAS,UAAU3H,CAAC,EAC9B,GAAI,CAAC4H,EAAE,OAAO,OAAOC,EAAE,MAAM,EAC3B,MAAM,IAAIhB,EACR,UAAU7G,CAAC,oCAAoCqH,EAAUO,EAAE,MAAM,CAAC,cAAcP,EAAUQ,EAAE,MAAM,CAAC,GAAA,EAGvG,GAAID,EAAE,QAAUC,EAAE,MAChB,MAAM,IAAIhB,EACR,UAAU7G,CAAC,6BAA6B4H,EAAE,KAAK,cAAcC,EAAE,KAAK,GAAA,CAG1E,CACF,CCtFA,MAAMC,EAA6B,IAC7BC,GAA6B,IAC7BC,GAA0B,MAC1BC,GAA0B,WAOhC,SAASC,GAAkB3B,EAAmB,CAC5C,GAAIA,EAAIuB,EACN,OAAOnE,SAAO,KAAK,CAAC4C,CAAC,CAAC,EAExB,GAAIA,GAAKyB,GAAyB,CAChC,MAAMhH,EAAQ2C,EAAAA,OAAO,MAAM,CAAC,EAC5B,OAAA3C,EAAM,cAAcuF,CAAC,EACd5C,EAAAA,OAAO,OAAO,CAACA,EAAAA,OAAO,KAAK,CAACmE,CAA0B,CAAC,EAAG9G,CAAK,CAAC,CACzE,CACA,GAAIuF,GAAK0B,GAAyB,CAChC,MAAMjH,EAAQ2C,EAAAA,OAAO,MAAM,CAAC,EAC5B,OAAA3C,EAAM,cAAcuF,CAAC,EACd5C,EAAAA,OAAO,OAAO,CAACA,EAAAA,OAAO,KAAK,CAACoE,EAA0B,CAAC,EAAG/G,CAAK,CAAC,CACzE,CACA,MAAM,IAAI,MAAM,8CAA8CuF,CAAC,QAAQ,CACzE,CAGA,MAAM4B,GAAc,UAMpB,SAASC,GAAmBC,EAAqBC,EAA4B,CAC3E,MAAMC,EAAW5E,EAAAA,OAAO,OAAO,CAC7BA,SAAO,KAAK,CAAC0E,CAAW,CAAC,EACzBH,GAAkBI,EAAO,MAAM,EAC/B3E,EAAAA,OAAO,KAAK2E,CAAM,CAAA,CACnB,EACD,OAAOE,SAAQ,WAAWL,GAAaI,CAAQ,CACjD,CAyBO,SAASE,GACdvJ,EACM,CACN,KAAM,CAAE,iBAAAwJ,EAAkB,aAAAC,EAAc,qBAAAC,EAAsB,WAAAlD,GAC5DxG,EAEI2J,EAAejH,EAAAA,eAAe+G,CAAY,EAChD,GAAIE,EAAa,SAAWC,sBAC1B,MAAM,IAAI,MACR,+BAA+BpD,CAAU,YAAYoD,EAAAA,mBAAmB,8BACnDD,EAAa,MAAM,GAAA,EAI5C,MAAME,EAAcnH,EAAAA,eAAegH,CAAoB,EACvD,GAAIG,EAAY,SAAWC,wBACzB,MAAM,IAAI,MACR,kCAAkCtD,CAAU,YAAYsD,EAAAA,qBAAqB,8BACxDD,EAAY,MAAM,GAAA,EAI3C,MAAMxG,EAAOC,EAAAA,KAAK,QAAQkG,CAAgB,EAE1C,GAAIhD,EAAa,GAAKA,GAAcnD,EAAK,KAAK,OAAO,OACnD,MAAM,IAAI,MACR,eAAemD,CAAU,kBAAkBnD,EAAK,KAAK,OAAO,MAAM,WAAA,EAOtE,MAAM0G,EAA2B,CAAA,EAC3BC,EAAmB,CAAA,EACzB,QAASlJ,EAAI,EAAGA,EAAIuC,EAAK,KAAK,OAAO,OAAQvC,IAAK,CAChD,MAAMmJ,EAAc5G,EAAK,KAAK,OAAOvC,CAAC,EAAE,YACxC,GAAI,CAACmJ,EACH,MAAM,IAAI,MACR,kCAAkCnJ,CAAC,wFAAA,EAIvCiJ,EAAe,KAAKE,EAAY,MAAM,EACtCD,EAAO,KAAKC,EAAY,KAAK,CAC/B,CAKA,MAAMC,EAAiB7G,EAAK,KAAK,OAAOmD,CAAU,EAAE,cACpD,GAAI,CAAC0D,GAAkBA,EAAe,SAAW,EAC/C,MAAM,IAAI,MACR,kCAAkC1D,CAAU,oEAChB0D,GAAA,YAAAA,EAAgB,SAAU,CAAC,GAAA,EAG3D,MAAMC,EAAOD,EAAe,CAAC,EAC7B,GAAIC,EAAK,cAAgB3F,yBACvB,MAAM,IAAI,MACR,kCAAkCgC,CAAU,qCACrC2D,EAAK,YAAY,SAAS,EAAE,CAAC,gBAAgB3F,EAAAA,uBAAuB,SAAS,EAAE,CAAC,GAAA,EAI3F,MAAM4F,EAAWlB,GAAmBiB,EAAK,YAAaA,EAAK,MAAM,EAK3DE,EAAK,IAAInH,cACfmH,EAAG,QAAUhH,EAAK,QAClBgH,EAAG,SAAWhH,EAAK,SACnB,UAAWqD,KAASrD,EAAK,SACvBgH,EAAG,SAAS3D,EAAM,KAAMA,EAAM,MAAOA,EAAM,QAAQ,EAErD,UAAW/B,KAAUtB,EAAK,UACxBgH,EAAG,UAAU1F,EAAO,OAAQA,EAAO,KAAK,EAG1C,MAAM2F,EAAUD,EAAG,iBACjB7D,EACAuD,EACAC,EACA9G,EAAAA,YAAY,gBACZkH,CAAA,EASF,GAAI,CANYG,EAAI,cAClBD,EACAvH,EAAAA,gBAAgB8G,CAAW,EAC3B9G,EAAAA,gBAAgB4G,CAAY,CAAA,EAI5B,MAAM,IAAI,MACR,+BAA+BnD,CAAU,YAAYqD,CAAW,wLAAA,CAKtE"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@babylonlabs-io/ts-sdk",
3
- "version": "0.48.3",
3
+ "version": "0.48.4",
4
4
  "type": "module",
5
5
  "main": "./dist/index.js",
6
6
  "types": "./dist/index.d.ts",
@@ -96,9 +96,9 @@
96
96
  "license": "ISC",
97
97
  "description": "TypeScript SDK for Babylon protocol integrations",
98
98
  "dependencies": {
99
- "@babylonlabs-io/babylon-tbv-rust-wasm": "0.12.1",
100
99
  "@noble/hashes": "2.0.1",
101
- "buffer": "6.0.3"
100
+ "buffer": "6.0.3",
101
+ "@babylonlabs-io/babylon-tbv-rust-wasm": "0.1.0"
102
102
  },
103
103
  "peerDependencies": {
104
104
  "@bitcoin-js/tiny-secp256k1-asmjs": "2.2.3",
package/dist/challengeAssert-ChvLypwc.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"challengeAssert-ChvLypwc.js","sources":["../src/tbv/core/primitives/challengers.ts","../src/tbv/core/primitives/psbt/depositorPayout.ts","../src/tbv/core/primitives/psbt/challengeAssert.ts"],"sourcesContent":["/**\n * Challenger counting utilities.\n *\n * Used for UI-level validation (e.g. computing minimum deposit amounts)\n * where the depositor's identity is known. The transaction builders use\n * `vaultKeeperBtcPubkeys.length` to match the VP's current validation.\n */\n\nimport { processPublicKeyToXOnly } from \"./utils/bitcoin\";\n\n/**\n * Normalize a public key to lowercase x-only hex for reliable comparison.\n *\n * Handles `0x` prefixes, compressed (33-byte), and uncompressed (65-byte) keys.\n */\nfunction normalizeKey(key: string): string {\n return processPublicKeyToXOnly(key).toLowerCase();\n}\n\n/**\n * Compute the number of local challengers for a vault.\n *\n * Mirrors the VP's `compute_num_challengers()` logic:\n * local challengers = {vault_provider} ∪ {vault_keepers} − {depositor}\n *\n * Keys are normalized to x-only lowercase hex before comparison, so\n * `0x`-prefixed, compressed, or mixed-case keys are handled correctly.\n *\n * @param vaultProviderPubkey - Vault provider BTC public key\n * @param vaultKeeperPubkeys - Vault keeper BTC public keys\n * @param depositorPubkey - Depositor (claimer) BTC public key\n * @returns Number of local challengers\n */\nexport function computeNumLocalChallengers(\n vaultProviderPubkey: string,\n vaultKeeperPubkeys: string[],\n depositorPubkey: string,\n): number {\n const localSet = new Set<string>();\n localSet.add(normalizeKey(vaultProviderPubkey));\n for (const vk of vaultKeeperPubkeys) {\n localSet.add(normalizeKey(vk));\n }\n localSet.delete(normalizeKey(depositorPubkey));\n return localSet.size;\n}\n","/**\n * Depositor Payout PSBT Builder\n *\n * Builds unsigned PSBTs for the depositor's own Payout transaction\n * (depositor-as-claimer path). The depositor signs input 0 using the\n * payout taproot script from WasmPeginPayoutConnector (PegIn vault UTXO).\n *\n * Input 0 spends PegIn:0 (the vault UTXO) — the same connector used for\n * VP/VK payout signing. The VP verifies this signature using the\n * PeginPayoutConnector's payout script.\n *\n * @module primitives/psbt/depositorPayout\n * @see btc-vault crates/vault/src/sign.rs — verify_depositor_signature / get_payout_tap_leaf_hash\n */\n\nimport {\n type PayoutConnectorParams,\n getPeginPayoutScriptInfo,\n tapInternalPubkey,\n} from \"@babylonlabs-io/babylon-tbv-rust-wasm\";\nimport { Buffer } from \"buffer\";\nimport { Psbt, Transaction } from \"bitcoinjs-lib\";\n\nimport {\n TAPSCRIPT_LEAF_VERSION,\n hexToUint8Array,\n inputTxidHex,\n stripHexPrefix,\n} from \"../utils/bitcoin\";\nimport {\n ASSERT_PAYOUT_OUTPUT_INDEX,\n DEPOSITOR_PAYOUT_INPUT_COUNT,\n PEGIN_VAULT_OUTPUT_INDEX,\n} from \"./constants\";\n\n/**\n * Parameters for building a depositor Payout PSBT\n */\nexport interface DepositorPayoutParams {\n /** Payout transaction hex (unsigned) */\n payoutTxHex: string;\n /** Authoritative PegIn transaction hex — input 0 must spend PegIn:0 */\n peginTxHex: string;\n /** Authoritative Assert transaction hex — input 1 must spend Assert:0 */\n assertTxHex: string;\n /** Parameters for the PeginPayout connector (depositor, VP, VKs, UCs, timelock) */\n connectorParams: PayoutConnectorParams;\n}\n\n/**\n * Build unsigned depositor Payout PSBT.\n *\n * The depositor's payout transaction has 2 inputs:\n * - Input 0: PegIn:0 (vault UTXO) — depositor signs using PeginPayoutConnector payout script\n * - Input 1: Assert:0 — NOT signed by depositor\n *\n * Both inputs must be present in the PSBT because Taproot SIGHASH_DEFAULT\n * commits to all input prevouts. Prevout script_pubkey/value are derived\n * from the authoritative parent transactions, not trusted from external input.\n *\n * @param params - Depositor payout parameters\n * @returns Unsigned PSBT hex ready for signing\n *\n * @throws If the payout transaction does not have exactly 2 inputs\n * @throws If input 0 does not reference peginTxHex at output index 0\n * @throws If input 1 does not reference assertTxHex at output index 0\n */\nexport async function buildDepositorPayoutPsbt(\n params: DepositorPayoutParams,\n): Promise<string> {\n const payoutTx = Transaction.fromHex(stripHexPrefix(params.payoutTxHex));\n const peginTx = Transaction.fromHex(stripHexPrefix(params.peginTxHex));\n const assertTx = Transaction.fromHex(stripHexPrefix(params.assertTxHex));\n\n if (payoutTx.ins.length !== DEPOSITOR_PAYOUT_INPUT_COUNT) {\n throw new Error(\n `Depositor Payout transaction must have exactly ${DEPOSITOR_PAYOUT_INPUT_COUNT} inputs, got ${payoutTx.ins.length}`,\n );\n }\n\n const input0 = payoutTx.ins[0];\n const input1 = payoutTx.ins[1];\n\n const input0Txid = inputTxidHex(input0);\n const peginTxid = peginTx.getId();\n if (input0Txid !== peginTxid || input0.index !== PEGIN_VAULT_OUTPUT_INDEX) {\n throw new Error(\n `Depositor Payout input 0 must spend PegIn:${PEGIN_VAULT_OUTPUT_INDEX}. ` +\n `Expected ${peginTxid}:${PEGIN_VAULT_OUTPUT_INDEX}, got ${input0Txid}:${input0.index}`,\n );\n }\n\n const input1Txid = inputTxidHex(input1);\n const assertTxid = assertTx.getId();\n if (input1Txid !== assertTxid || input1.index !== ASSERT_PAYOUT_OUTPUT_INDEX) {\n throw new Error(\n `Depositor Payout input 1 must spend Assert:${ASSERT_PAYOUT_OUTPUT_INDEX}. ` +\n `Expected ${assertTxid}:${ASSERT_PAYOUT_OUTPUT_INDEX}, got ${input1Txid}:${input1.index}`,\n );\n }\n\n const peginPrevOut = peginTx.outs[input0.index];\n const assertPrevOut = assertTx.outs[input1.index];\n\n const { payoutScript, payoutControlBlock } = await getPeginPayoutScriptInfo(\n params.connectorParams,\n );\n const scriptBytes = hexToUint8Array(payoutScript);\n const controlBlock = hexToUint8Array(payoutControlBlock);\n\n const psbt = new Psbt();\n psbt.setVersion(payoutTx.version);\n psbt.setLocktime(payoutTx.locktime);\n\n psbt.addInput({\n hash: input0.hash,\n index: input0.index,\n sequence: input0.sequence,\n witnessUtxo: {\n script: peginPrevOut.script,\n value: peginPrevOut.value,\n },\n tapLeafScript: [\n {\n leafVersion: TAPSCRIPT_LEAF_VERSION,\n script: Buffer.from(scriptBytes),\n controlBlock: Buffer.from(controlBlock),\n },\n ],\n tapInternalKey: Buffer.from(tapInternalPubkey),\n });\n\n psbt.addInput({\n hash: input1.hash,\n index: input1.index,\n sequence: input1.sequence,\n witnessUtxo: {\n script: assertPrevOut.script,\n value: assertPrevOut.value,\n },\n });\n\n for (const output of payoutTx.outs) {\n psbt.addOutput({\n script: output.script,\n value: output.value,\n });\n }\n\n return psbt.toHex();\n}\n","/**\n * ChallengeAssert PSBT Builder\n *\n * Builds an unsigned PSBT for a ChallengeAssert transaction\n * (depositor-as-claimer path, per challenger). The ChallengeAssert tx has\n * NUM_UTXOS_FOR_CHALLENGE_ASSERT (3) inputs, each spending a different Assert\n * output segment. The depositor signs ALL inputs, each with its own taproot\n * script derived from the per-segment connector params.\n *\n * @module primitives/psbt/challengeAssert\n * @see btc-vault crates/vault/docs/btc-transactions-spec.md — ChallengeAssert connector (NUM_UTXOS_FOR_CHALLENGE_ASSERT=3)\n */\n\nimport {\n type ChallengeAssertConnectorParams,\n getChallengeAssertScriptInfo,\n tapInternalPubkey,\n} from \"@babylonlabs-io/babylon-tbv-rust-wasm\";\nimport { Buffer } from \"buffer\";\nimport { Psbt, Transaction } from \"bitcoinjs-lib\";\n\nimport {\n TAPSCRIPT_LEAF_VERSION,\n hexToUint8Array,\n inputTxidHex,\n stripHexPrefix,\n} from \"../utils/bitcoin\";\n\n/**\n * Parameters for building a ChallengeAssert PSBT\n */\nexport interface ChallengeAssertParams {\n /** ChallengeAssert transaction hex (unsigned) */\n challengeAssertTxHex: string;\n /** Authoritative Assert transaction hex — every input must spend an Assert output */\n assertTxHex: string;\n /** Per-input connector params (one per input/segment, determines the taproot script) */\n connectorParamsPerInput: ChallengeAssertConnectorParams[];\n}\n\n/**\n * Build unsigned ChallengeAssert PSBT.\n *\n * The ChallengeAssert transaction has 3 inputs (one per Assert output segment).\n * Each input has its own taproot script derived from its connector params.\n * The depositor signs all inputs. Every prevout is derived from the\n * authoritative Assert transaction, never trusted from external input.\n *\n * @param params - ChallengeAssert parameters\n * @returns Unsigned PSBT hex ready for signing\n *\n * @throws If the number of connector params does not match the number of inputs\n * @throws If any input does not reference assertTxHex\n * @throws If any referenced Assert output is missing\n * @throws If two inputs reference the same Assert output index\n */\nexport async function buildChallengeAssertPsbt(\n params: ChallengeAssertParams,\n): Promise<string> {\n const challengeAssertTx = Transaction.fromHex(\n stripHexPrefix(params.challengeAssertTxHex),\n );\n const assertTx = Transaction.fromHex(stripHexPrefix(params.assertTxHex));\n const assertTxid = assertTx.getId();\n\n if (params.connectorParamsPerInput.length !== challengeAssertTx.ins.length) {\n throw new Error(\n `Expected ${challengeAssertTx.ins.length} connector params, got ${params.connectorParamsPerInput.length}`,\n );\n }\n\n const seenAssertOutputs = new Set<number>();\n for (let i = 0; i < challengeAssertTx.ins.length; i++) {\n const input = challengeAssertTx.ins[i];\n const inputTxid = inputTxidHex(input);\n if (inputTxid !== assertTxid) {\n throw new Error(\n `ChallengeAssert input ${i} must spend an Assert output. ` +\n `Expected txid ${assertTxid}, got ${inputTxid}`,\n );\n }\n if (!assertTx.outs[input.index]) {\n throw new Error(\n `Assert output ${input.index} not found for ChallengeAssert input ${i} (txid: ${assertTxid})`,\n );\n }\n if (seenAssertOutputs.has(input.index)) {\n throw new Error(\n `ChallengeAssert input ${i} duplicates Assert output index ${input.index}`,\n );\n }\n seenAssertOutputs.add(input.index);\n }\n\n const scriptInfos = await Promise.all(\n params.connectorParamsPerInput.map((cp) => getChallengeAssertScriptInfo(cp)),\n );\n\n const psbt = new Psbt();\n psbt.setVersion(challengeAssertTx.version);\n psbt.setLocktime(challengeAssertTx.locktime);\n\n for (let i = 0; i < challengeAssertTx.ins.length; i++) {\n const input = challengeAssertTx.ins[i];\n const assertPrevOut = assertTx.outs[input.index];\n\n const { script, controlBlock } = scriptInfos[i];\n const scriptBytes = hexToUint8Array(script);\n const controlBlockBytes = hexToUint8Array(controlBlock);\n\n psbt.addInput({\n hash: input.hash,\n index: input.index,\n sequence: input.sequence,\n witnessUtxo: {\n script: assertPrevOut.script,\n value: assertPrevOut.value,\n },\n tapLeafScript: [\n {\n leafVersion: TAPSCRIPT_LEAF_VERSION,\n script: Buffer.from(scriptBytes),\n controlBlock: Buffer.from(controlBlockBytes),\n },\n ],\n tapInternalKey: Buffer.from(tapInternalPubkey),\n });\n }\n\n for (const output of challengeAssertTx.outs) {\n psbt.addOutput({\n script: output.script,\n value: output.value,\n });\n }\n\n return psbt.toHex();\n}\n"],"names":["normalizeKey","key","processPublicKeyToXOnly","computeNumLocalChallengers","vaultProviderPubkey","vaultKeeperPubkeys","depositorPubkey","localSet","vk","buildDepositorPayoutPsbt","params","payoutTx","Transaction","stripHexPrefix","peginTx","assertTx","DEPOSITOR_PAYOUT_INPUT_COUNT","input0","input1","input0Txid","inputTxidHex","peginTxid","PEGIN_VAULT_OUTPUT_INDEX","input1Txid","assertTxid","ASSERT_PAYOUT_OUTPUT_INDEX","peginPrevOut","assertPrevOut","payoutScript","payoutControlBlock","getPeginPayoutScriptInfo","scriptBytes","hexToUint8Array","controlBlock","psbt","Psbt","TAPSCRIPT_LEAF_VERSION","Buffer","tapInternalPubkey","output","buildChallengeAssertPsbt","challengeAssertTx","seenAssertOutputs","i","input","inputTxid","scriptInfos","cp","getChallengeAssertScriptInfo","script","controlBlockBytes"],"mappings":";;;;;AAeA,SAASA,EAAaC,GAAqB;AACzC,SAAOC,EAAwBD,CAAG,EAAE,YAAA;AACtC;AAgBO,SAASE,EACdC,GACAC,GACAC,GACQ;AACR,QAAMC,wBAAe,IAAA;AACrB,EAAAA,EAAS,IAAIP,EAAaI,CAAmB,CAAC;AAC9C,aAAWI,KAAMH;AACf,IAAAE,EAAS,IAAIP,EAAaQ,CAAE,CAAC;AAE/B,SAAAD,EAAS,OAAOP,EAAaM,CAAe,CAAC,GACtCC,EAAS;AAClB;ACsBA,eAAsBE,EACpBC,GACiB;AACjB,QAAMC,IAAWC,EAAY,QAAQC,EAAeH,EAAO,WAAW,CAAC,GACjEI,IAAUF,EAAY,QAAQC,EAAeH,EAAO,UAAU,CAAC,GAC/DK,IAAWH,EAAY,QAAQC,EAAeH,EAAO,WAAW,CAAC;AAEvE,MAAIC,EAAS,IAAI,WAAWK;AAC1B,UAAM,IAAI;AAAA,MACR,kDAAkDA,CAA4B,gBAAgBL,EAAS,IAAI,MAAM;AAAA,IAAA;AAIrH,QAAMM,IAASN,EAAS,IAAI,CAAC,GACvBO,IAASP,EAAS,IAAI,CAAC,GAEvBQ,IAAaC,EAAaH,CAAM,GAChCI,IAAYP,EAAQ,MAAA;AAC1B,MAAIK,MAAeE,KAAaJ,EAAO,UAAUK;AAC/C,UAAM,IAAI;AAAA,MACR,6CAA6CA,CAAwB,cACvDD,CAAS,IAAIC,CAAwB,SAASH,CAAU,IAAIF,EAAO,KAAK;AAAA,IAAA;AAI1F,QAAMM,IAAaH,EAAaF,CAAM,GAChCM,IAAaT,EAAS,MAAA;AAC5B,MAAIQ,MAAeC,KAAcN,EAAO,UAAUO;AAChD,UAAM,IAAI;AAAA,MACR,8CAA8CA,CAA0B,cAC1DD,CAAU,IAAIC,CAA0B,SAASF,CAAU,IAAIL,EAAO,KAAK;AAAA,IAAA;AAI7F,QAAMQ,IAAeZ,EAAQ,KAAKG,EAAO,KAAK,GACxCU,IAAgBZ,EAAS,KAAKG,EAAO,KAAK,GAE1C,EAAE,cAAAU,GAAc,oBAAAC,EAAA,IAAuB,MAAMC;AAAA,IACjDpB,EAAO;AAAA,EAAA,GAEHqB,IAAcC,EAAgBJ,CAAY,GAC1CK,IAAeD,EAAgBH,CAAkB,GAEjDK,IAAO,IAAIC,EAAA;AACjB,EAAAD,EAAK,WAAWvB,EAAS,OAAO,GAChCuB,EAAK,YAAYvB,EAAS,QAAQ,GAElCuB,EAAK,SAAS;AAAA,IACZ,MAAMjB,EAAO;AAAA,IACb,OAAOA,EAAO;AAAA,IACd,UAAUA,EAAO;AAAA,IACjB,aAAa;AAAA,MACX,QAAQS,EAAa;AAAA,MACrB,OAAOA,EAAa;AAAA,IAAA;AAAA,IAEtB,eAAe;AAAA,MACb;AAAA,QACE,aAAaU;AAAA,QACb,QAAQC,EAAO,KAAKN,CAAW;AAAA,QAC/B,cAAcM,EAAO,KAAKJ,CAAY;AAAA,MAAA;AAAA,IACxC;AAAA,IAEF,gBAAgBI,EAAO,KAAKC,CAAiB;AAAA,EAAA,CAC9C,GAEDJ,EAAK,SAAS;AAAA,IACZ,MAAMhB,EAAO;AAAA,IACb,OAAOA,EAAO;AAAA,IACd,UAAUA,EAAO;AAAA,IACjB,aAAa;AAAA,MACX,QAAQS,EAAc;AAAA,MACtB,OAAOA,EAAc;AAAA,IAAA;AAAA,EACvB,CACD;AAED,aAAWY,KAAU5B,EAAS;AAC5B,IAAAuB,EAAK,UAAU;AAAA,MACb,QAAQK,EAAO;AAAA,MACf,OAAOA,EAAO;AAAA,IAAA,CACf;AAGH,SAAOL,EAAK,MAAA;AACd;AC9FA,eAAsBM,EACpB9B,GACiB;AACjB,QAAM+B,IAAoB7B,EAAY;AAAA,IACpCC,EAAeH,EAAO,oBAAoB;AAAA,EAAA,GAEtCK,IAAWH,EAAY,QAAQC,EAAeH,EAAO,WAAW,CAAC,GACjEc,IAAaT,EAAS,MAAA;AAE5B,MAAIL,EAAO,wBAAwB,WAAW+B,EAAkB,IAAI;AAClE,UAAM,IAAI;AAAA,MACR,YAAYA,EAAkB,IAAI,MAAM,0BAA0B/B,EAAO,wBAAwB,MAAM;AAAA,IAAA;AAI3G,QAAMgC,wBAAwB,IAAA;AAC9B,WAASC,IAAI,GAAGA,IAAIF,EAAkB,IAAI,QAAQE,KAAK;AACrD,UAAMC,IAAQH,EAAkB,IAAIE,CAAC,GAC/BE,IAAYzB,EAAawB,CAAK;AACpC,QAAIC,MAAcrB;AAChB,YAAM,IAAI;AAAA,QACR,yBAAyBmB,CAAC,+CACPnB,CAAU,SAASqB,CAAS;AAAA,MAAA;AAGnD,QAAI,CAAC9B,EAAS,KAAK6B,EAAM,KAAK;AAC5B,YAAM,IAAI;AAAA,QACR,iBAAiBA,EAAM,KAAK,wCAAwCD,CAAC,WAAWnB,CAAU;AAAA,MAAA;AAG9F,QAAIkB,EAAkB,IAAIE,EAAM,KAAK;AACnC,YAAM,IAAI;AAAA,QACR,yBAAyBD,CAAC,mCAAmCC,EAAM,KAAK;AAAA,MAAA;AAG5E,IAAAF,EAAkB,IAAIE,EAAM,KAAK;AAAA,EACnC;AAEA,QAAME,IAAc,MAAM,QAAQ;AAAA,IAChCpC,EAAO,wBAAwB,IAAI,CAACqC,MAAOC,EAA6BD,CAAE,CAAC;AAAA,EAAA,GAGvEb,IAAO,IAAIC,EAAA;AACjB,EAAAD,EAAK,WAAWO,EAAkB,OAAO,GACzCP,EAAK,YAAYO,EAAkB,QAAQ;AAE3C,WAASE,IAAI,GAAGA,IAAIF,EAAkB,IAAI,QAAQE,KAAK;AACrD,UAAMC,IAAQH,EAAkB,IAAIE,CAAC,GAC/BhB,IAAgBZ,EAAS,KAAK6B,EAAM,KAAK,GAEzC,EAAE,QAAAK,GAAQ,cAAAhB,MAAiBa,EAAYH,CAAC,GACxCZ,IAAcC,EAAgBiB,CAAM,GACpCC,IAAoBlB,EAAgBC,CAAY;AAEtD,IAAAC,EAAK,SAAS;AAAA,MACZ,MAAMU,EAAM;AAAA,MACZ,OAAOA,EAAM;AAAA,MACb,UAAUA,EAAM;AAAA,MAChB,aAAa;AAAA,QACX,QAAQjB,EAAc;AAAA,QACtB,OAAOA,EAAc;AAAA,MAAA;AAAA,MAEvB,eAAe;AAAA,QACb;AAAA,UACE,aAAaS;AAAA,UACb,QAAQC,EAAO,KAAKN,CAAW;AAAA,UAC/B,cAAcM,EAAO,KAAKa,CAAiB;AAAA,QAAA;AAAA,MAC7C;AAAA,MAEF,gBAAgBb,EAAO,KAAKC,CAAiB;AAAA,IAAA,CAC9C;AAAA,EACH;AAEA,aAAWC,KAAUE,EAAkB;AACrC,IAAAP,EAAK,UAAU;AAAA,MACb,QAAQK,EAAO;AAAA,MACf,OAAOA,EAAO;AAAA,IAAA,CACf;AAGH,SAAOL,EAAK,MAAA;AACd;"}
package/dist/challengeAssert-Culc7DoS.cjs DELETED
@@ -1,2 +0,0 @@
1
- "use strict";const n=require("./bitcoin-CHfKAhcI.cjs"),h=require("@babylonlabs-io/babylon-tbv-rust-wasm"),T=require("buffer"),x=require("bitcoinjs-lib"),l=require("./verifyScriptPathSchnorrSignature-D43cncKJ.cjs");function A(s){return n.processPublicKeyToXOnly(s).toLowerCase()}function _(s,t,u){const i=new Set;i.add(A(s));for(const r of t)i.add(A(r));return i.delete(A(u)),i.size}async function O(s){const t=x.Transaction.fromHex(n.stripHexPrefix(s.payoutTxHex)),u=x.Transaction.fromHex(n.stripHexPrefix(s.peginTxHex)),i=x.Transaction.fromHex(n.stripHexPrefix(s.assertTxHex));if(t.ins.length!==l.DEPOSITOR_PAYOUT_INPUT_COUNT)throw new Error(`Depositor Payout transaction must have exactly ${l.DEPOSITOR_PAYOUT_INPUT_COUNT} inputs, got ${t.ins.length}`);const r=t.ins[0],c=t.ins[1],a=n.inputTxidHex(r),e=u.getId();if(a!==e||r.index!==l.PEGIN_VAULT_OUTPUT_INDEX)throw new Error(`Depositor Payout input 0 must spend PegIn:${l.PEGIN_VAULT_OUTPUT_INDEX}. Expected ${e}:${l.PEGIN_VAULT_OUTPUT_INDEX}, got ${a}:${r.index}`);const o=n.inputTxidHex(c),p=i.getId();if(o!==p||c.index!==l.ASSERT_PAYOUT_OUTPUT_INDEX)throw new Error(`Depositor Payout input 1 must spend Assert:${l.ASSERT_PAYOUT_OUTPUT_INDEX}. Expected ${p}:${l.ASSERT_PAYOUT_OUTPUT_INDEX}, got ${o}:${c.index}`);const f=u.outs[r.index],P=i.outs[c.index],{payoutScript:g,payoutControlBlock:I}=await h.getPeginPayoutScriptInfo(s.connectorParams),y=n.hexToUint8Array(g),E=n.hexToUint8Array(I),d=new x.Psbt;d.setVersion(t.version),d.setLocktime(t.locktime),d.addInput({hash:r.hash,index:r.index,sequence:r.sequence,witnessUtxo:{script:f.script,value:f.value},tapLeafScript:[{leafVersion:n.TAPSCRIPT_LEAF_VERSION,script:T.Buffer.from(y),controlBlock:T.Buffer.from(E)}],tapInternalKey:T.Buffer.from(h.tapInternalPubkey)}),d.addInput({hash:c.hash,index:c.index,sequence:c.sequence,witnessUtxo:{script:P.script,value:P.value}});for(const U of t.outs)d.addOutput({script:U.script,value:U.value});return d.toHex()}async function m(s){const t=x.Transaction.fromHex(n.stripHexPrefix(s.challengeAssertTxHex)),u=x.Transaction.fromHex(n.stripHexPrefix(s.assertTxHex)),i=u.getId();if(s.connectorParamsPerInput.length!==t.ins.length)throw new Error(`Expected ${t.ins.length} connector params, got ${s.connectorParamsPerInput.length}`);const r=new Set;for(let e=0;e<t.ins.length;e++){const o=t.ins[e],p=n.inputTxidHex(o);if(p!==i)throw new Error(`ChallengeAssert input ${e} must spend an Assert output. Expected txid ${i}, got ${p}`);if(!u.outs[o.index])throw new Error(`Assert output ${o.index} not found for ChallengeAssert input ${e} (txid: ${i})`);if(r.has(o.index))throw new Error(`ChallengeAssert input ${e} duplicates Assert output index ${o.index}`);r.add(o.index)}const c=await Promise.all(s.connectorParamsPerInput.map(e=>h.getChallengeAssertScriptInfo(e))),a=new x.Psbt;a.setVersion(t.version),a.setLocktime(t.locktime);for(let e=0;e<t.ins.length;e++){const o=t.ins[e],p=u.outs[o.index],{script:f,controlBlock:P}=c[e],g=n.hexToUint8Array(f),I=n.hexToUint8Array(P);a.addInput({hash:o.hash,index:o.index,sequence:o.sequence,witnessUtxo:{script:p.script,value:p.value},tapLeafScript:[{leafVersion:n.TAPSCRIPT_LEAF_VERSION,script:T.Buffer.from(g),controlBlock:T.Buffer.from(I)}],tapInternalKey:T.Buffer.from(h.tapInternalPubkey)})}for(const e of t.outs)a.addOutput({script:e.script,value:e.value});return a.toHex()}exports.buildChallengeAssertPsbt=m;exports.buildDepositorPayoutPsbt=O;exports.computeNumLocalChallengers=_;
2
- //# sourceMappingURL=challengeAssert-Culc7DoS.cjs.map
package/dist/challengeAssert-Culc7DoS.cjs.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"challengeAssert-Culc7DoS.cjs","sources":["../src/tbv/core/primitives/challengers.ts","../src/tbv/core/primitives/psbt/depositorPayout.ts","../src/tbv/core/primitives/psbt/challengeAssert.ts"],"sourcesContent":["/**\n * Challenger counting utilities.\n *\n * Used for UI-level validation (e.g. computing minimum deposit amounts)\n * where the depositor's identity is known. The transaction builders use\n * `vaultKeeperBtcPubkeys.length` to match the VP's current validation.\n */\n\nimport { processPublicKeyToXOnly } from \"./utils/bitcoin\";\n\n/**\n * Normalize a public key to lowercase x-only hex for reliable comparison.\n *\n * Handles `0x` prefixes, compressed (33-byte), and uncompressed (65-byte) keys.\n */\nfunction normalizeKey(key: string): string {\n return processPublicKeyToXOnly(key).toLowerCase();\n}\n\n/**\n * Compute the number of local challengers for a vault.\n *\n * Mirrors the VP's `compute_num_challengers()` logic:\n * local challengers = {vault_provider} ∪ {vault_keepers} − {depositor}\n *\n * Keys are normalized to x-only lowercase hex before comparison, so\n * `0x`-prefixed, compressed, or mixed-case keys are handled correctly.\n *\n * @param vaultProviderPubkey - Vault provider BTC public key\n * @param vaultKeeperPubkeys - Vault keeper BTC public keys\n * @param depositorPubkey - Depositor (claimer) BTC public key\n * @returns Number of local challengers\n */\nexport function computeNumLocalChallengers(\n vaultProviderPubkey: string,\n vaultKeeperPubkeys: string[],\n depositorPubkey: string,\n): number {\n const localSet = new Set<string>();\n localSet.add(normalizeKey(vaultProviderPubkey));\n for (const vk of vaultKeeperPubkeys) {\n localSet.add(normalizeKey(vk));\n }\n localSet.delete(normalizeKey(depositorPubkey));\n return localSet.size;\n}\n","/**\n * Depositor Payout PSBT Builder\n *\n * Builds unsigned PSBTs for the depositor's own Payout transaction\n * (depositor-as-claimer path). The depositor signs input 0 using the\n * payout taproot script from WasmPeginPayoutConnector (PegIn vault UTXO).\n *\n * Input 0 spends PegIn:0 (the vault UTXO) — the same connector used for\n * VP/VK payout signing. The VP verifies this signature using the\n * PeginPayoutConnector's payout script.\n *\n * @module primitives/psbt/depositorPayout\n * @see btc-vault crates/vault/src/sign.rs — verify_depositor_signature / get_payout_tap_leaf_hash\n */\n\nimport {\n type PayoutConnectorParams,\n getPeginPayoutScriptInfo,\n tapInternalPubkey,\n} from \"@babylonlabs-io/babylon-tbv-rust-wasm\";\nimport { Buffer } from \"buffer\";\nimport { Psbt, Transaction } from \"bitcoinjs-lib\";\n\nimport {\n TAPSCRIPT_LEAF_VERSION,\n hexToUint8Array,\n inputTxidHex,\n stripHexPrefix,\n} from \"../utils/bitcoin\";\nimport {\n ASSERT_PAYOUT_OUTPUT_INDEX,\n DEPOSITOR_PAYOUT_INPUT_COUNT,\n PEGIN_VAULT_OUTPUT_INDEX,\n} from \"./constants\";\n\n/**\n * Parameters for building a depositor Payout PSBT\n */\nexport interface DepositorPayoutParams {\n /** Payout transaction hex (unsigned) */\n payoutTxHex: string;\n /** Authoritative PegIn transaction hex — input 0 must spend PegIn:0 */\n peginTxHex: string;\n /** Authoritative Assert transaction hex — input 1 must spend Assert:0 */\n assertTxHex: string;\n /** Parameters for the PeginPayout connector (depositor, VP, VKs, UCs, timelock) */\n connectorParams: PayoutConnectorParams;\n}\n\n/**\n * Build unsigned depositor Payout PSBT.\n *\n * The depositor's payout transaction has 2 inputs:\n * - Input 0: PegIn:0 (vault UTXO) — depositor signs using PeginPayoutConnector payout script\n * - Input 1: Assert:0 — NOT signed by depositor\n *\n * Both inputs must be present in the PSBT because Taproot SIGHASH_DEFAULT\n * commits to all input prevouts. Prevout script_pubkey/value are derived\n * from the authoritative parent transactions, not trusted from external input.\n *\n * @param params - Depositor payout parameters\n * @returns Unsigned PSBT hex ready for signing\n *\n * @throws If the payout transaction does not have exactly 2 inputs\n * @throws If input 0 does not reference peginTxHex at output index 0\n * @throws If input 1 does not reference assertTxHex at output index 0\n */\nexport async function buildDepositorPayoutPsbt(\n params: DepositorPayoutParams,\n): Promise<string> {\n const payoutTx = Transaction.fromHex(stripHexPrefix(params.payoutTxHex));\n const peginTx = Transaction.fromHex(stripHexPrefix(params.peginTxHex));\n const assertTx = Transaction.fromHex(stripHexPrefix(params.assertTxHex));\n\n if (payoutTx.ins.length !== DEPOSITOR_PAYOUT_INPUT_COUNT) {\n throw new Error(\n `Depositor Payout transaction must have exactly ${DEPOSITOR_PAYOUT_INPUT_COUNT} inputs, got ${payoutTx.ins.length}`,\n );\n }\n\n const input0 = payoutTx.ins[0];\n const input1 = payoutTx.ins[1];\n\n const input0Txid = inputTxidHex(input0);\n const peginTxid = peginTx.getId();\n if (input0Txid !== peginTxid || input0.index !== PEGIN_VAULT_OUTPUT_INDEX) {\n throw new Error(\n `Depositor Payout input 0 must spend PegIn:${PEGIN_VAULT_OUTPUT_INDEX}. ` +\n `Expected ${peginTxid}:${PEGIN_VAULT_OUTPUT_INDEX}, got ${input0Txid}:${input0.index}`,\n );\n }\n\n const input1Txid = inputTxidHex(input1);\n const assertTxid = assertTx.getId();\n if (input1Txid !== assertTxid || input1.index !== ASSERT_PAYOUT_OUTPUT_INDEX) {\n throw new Error(\n `Depositor Payout input 1 must spend Assert:${ASSERT_PAYOUT_OUTPUT_INDEX}. ` +\n `Expected ${assertTxid}:${ASSERT_PAYOUT_OUTPUT_INDEX}, got ${input1Txid}:${input1.index}`,\n );\n }\n\n const peginPrevOut = peginTx.outs[input0.index];\n const assertPrevOut = assertTx.outs[input1.index];\n\n const { payoutScript, payoutControlBlock } = await getPeginPayoutScriptInfo(\n params.connectorParams,\n );\n const scriptBytes = hexToUint8Array(payoutScript);\n const controlBlock = hexToUint8Array(payoutControlBlock);\n\n const psbt = new Psbt();\n psbt.setVersion(payoutTx.version);\n psbt.setLocktime(payoutTx.locktime);\n\n psbt.addInput({\n hash: input0.hash,\n index: input0.index,\n sequence: input0.sequence,\n witnessUtxo: {\n script: peginPrevOut.script,\n value: peginPrevOut.value,\n },\n tapLeafScript: [\n {\n leafVersion: TAPSCRIPT_LEAF_VERSION,\n script: Buffer.from(scriptBytes),\n controlBlock: Buffer.from(controlBlock),\n },\n ],\n tapInternalKey: Buffer.from(tapInternalPubkey),\n });\n\n psbt.addInput({\n hash: input1.hash,\n index: input1.index,\n sequence: input1.sequence,\n witnessUtxo: {\n script: assertPrevOut.script,\n value: assertPrevOut.value,\n },\n });\n\n for (const output of payoutTx.outs) {\n psbt.addOutput({\n script: output.script,\n value: output.value,\n });\n }\n\n return psbt.toHex();\n}\n","/**\n * ChallengeAssert PSBT Builder\n *\n * Builds an unsigned PSBT for a ChallengeAssert transaction\n * (depositor-as-claimer path, per challenger). The ChallengeAssert tx has\n * NUM_UTXOS_FOR_CHALLENGE_ASSERT (3) inputs, each spending a different Assert\n * output segment. The depositor signs ALL inputs, each with its own taproot\n * script derived from the per-segment connector params.\n *\n * @module primitives/psbt/challengeAssert\n * @see btc-vault crates/vault/docs/btc-transactions-spec.md — ChallengeAssert connector (NUM_UTXOS_FOR_CHALLENGE_ASSERT=3)\n */\n\nimport {\n type ChallengeAssertConnectorParams,\n getChallengeAssertScriptInfo,\n tapInternalPubkey,\n} from \"@babylonlabs-io/babylon-tbv-rust-wasm\";\nimport { Buffer } from \"buffer\";\nimport { Psbt, Transaction } from \"bitcoinjs-lib\";\n\nimport {\n TAPSCRIPT_LEAF_VERSION,\n hexToUint8Array,\n inputTxidHex,\n stripHexPrefix,\n} from \"../utils/bitcoin\";\n\n/**\n * Parameters for building a ChallengeAssert PSBT\n */\nexport interface ChallengeAssertParams {\n /** ChallengeAssert transaction hex (unsigned) */\n challengeAssertTxHex: string;\n /** Authoritative Assert transaction hex — every input must spend an Assert output */\n assertTxHex: string;\n /** Per-input connector params (one per input/segment, determines the taproot script) */\n connectorParamsPerInput: ChallengeAssertConnectorParams[];\n}\n\n/**\n * Build unsigned ChallengeAssert PSBT.\n *\n * The ChallengeAssert transaction has 3 inputs (one per Assert output segment).\n * Each input has its own taproot script derived from its connector params.\n * The depositor signs all inputs. Every prevout is derived from the\n * authoritative Assert transaction, never trusted from external input.\n *\n * @param params - ChallengeAssert parameters\n * @returns Unsigned PSBT hex ready for signing\n *\n * @throws If the number of connector params does not match the number of inputs\n * @throws If any input does not reference assertTxHex\n * @throws If any referenced Assert output is missing\n * @throws If two inputs reference the same Assert output index\n */\nexport async function buildChallengeAssertPsbt(\n params: ChallengeAssertParams,\n): Promise<string> {\n const challengeAssertTx = Transaction.fromHex(\n stripHexPrefix(params.challengeAssertTxHex),\n );\n const assertTx = Transaction.fromHex(stripHexPrefix(params.assertTxHex));\n const assertTxid = assertTx.getId();\n\n if (params.connectorParamsPerInput.length !== challengeAssertTx.ins.length) {\n throw new Error(\n `Expected ${challengeAssertTx.ins.length} connector params, got ${params.connectorParamsPerInput.length}`,\n );\n }\n\n const seenAssertOutputs = new Set<number>();\n for (let i = 0; i < challengeAssertTx.ins.length; i++) {\n const input = challengeAssertTx.ins[i];\n const inputTxid = inputTxidHex(input);\n if (inputTxid !== assertTxid) {\n throw new Error(\n `ChallengeAssert input ${i} must spend an Assert output. ` +\n `Expected txid ${assertTxid}, got ${inputTxid}`,\n );\n }\n if (!assertTx.outs[input.index]) {\n throw new Error(\n `Assert output ${input.index} not found for ChallengeAssert input ${i} (txid: ${assertTxid})`,\n );\n }\n if (seenAssertOutputs.has(input.index)) {\n throw new Error(\n `ChallengeAssert input ${i} duplicates Assert output index ${input.index}`,\n );\n }\n seenAssertOutputs.add(input.index);\n }\n\n const scriptInfos = await Promise.all(\n params.connectorParamsPerInput.map((cp) => getChallengeAssertScriptInfo(cp)),\n );\n\n const psbt = new Psbt();\n psbt.setVersion(challengeAssertTx.version);\n psbt.setLocktime(challengeAssertTx.locktime);\n\n for (let i = 0; i < challengeAssertTx.ins.length; i++) {\n const input = challengeAssertTx.ins[i];\n const assertPrevOut = assertTx.outs[input.index];\n\n const { script, controlBlock } = scriptInfos[i];\n const scriptBytes = hexToUint8Array(script);\n const controlBlockBytes = hexToUint8Array(controlBlock);\n\n psbt.addInput({\n hash: input.hash,\n index: input.index,\n sequence: input.sequence,\n witnessUtxo: {\n script: assertPrevOut.script,\n value: assertPrevOut.value,\n },\n tapLeafScript: [\n {\n leafVersion: TAPSCRIPT_LEAF_VERSION,\n script: Buffer.from(scriptBytes),\n controlBlock: Buffer.from(controlBlockBytes),\n },\n ],\n tapInternalKey: Buffer.from(tapInternalPubkey),\n });\n }\n\n for (const output of challengeAssertTx.outs) {\n psbt.addOutput({\n script: output.script,\n value: output.value,\n });\n }\n\n return psbt.toHex();\n}\n"],"names":["normalizeKey","key","processPublicKeyToXOnly","computeNumLocalChallengers","vaultProviderPubkey","vaultKeeperPubkeys","depositorPubkey","localSet","vk","buildDepositorPayoutPsbt","params","payoutTx","Transaction","stripHexPrefix","peginTx","assertTx","DEPOSITOR_PAYOUT_INPUT_COUNT","input0","input1","input0Txid","inputTxidHex","peginTxid","PEGIN_VAULT_OUTPUT_INDEX","input1Txid","assertTxid","ASSERT_PAYOUT_OUTPUT_INDEX","peginPrevOut","assertPrevOut","payoutScript","payoutControlBlock","getPeginPayoutScriptInfo","scriptBytes","hexToUint8Array","controlBlock","psbt","Psbt","TAPSCRIPT_LEAF_VERSION","Buffer","tapInternalPubkey","output","buildChallengeAssertPsbt","challengeAssertTx","seenAssertOutputs","i","input","inputTxid","scriptInfos","cp","getChallengeAssertScriptInfo","script","controlBlockBytes"],"mappings":"sNAeA,SAASA,EAAaC,EAAqB,CACzC,OAAOC,EAAAA,wBAAwBD,CAAG,EAAE,YAAA,CACtC,CAgBO,SAASE,EACdC,EACAC,EACAC,EACQ,CACR,MAAMC,MAAe,IACrBA,EAAS,IAAIP,EAAaI,CAAmB,CAAC,EAC9C,UAAWI,KAAMH,EACfE,EAAS,IAAIP,EAAaQ,CAAE,CAAC,EAE/B,OAAAD,EAAS,OAAOP,EAAaM,CAAe,CAAC,EACtCC,EAAS,IAClB,CCsBA,eAAsBE,EACpBC,EACiB,CACjB,MAAMC,EAAWC,EAAAA,YAAY,QAAQC,EAAAA,eAAeH,EAAO,WAAW,CAAC,EACjEI,EAAUF,EAAAA,YAAY,QAAQC,EAAAA,eAAeH,EAAO,UAAU,CAAC,EAC/DK,EAAWH,EAAAA,YAAY,QAAQC,EAAAA,eAAeH,EAAO,WAAW,CAAC,EAEvE,GAAIC,EAAS,IAAI,SAAWK,+BAC1B,MAAM,IAAI,MACR,kDAAkDA,EAAAA,4BAA4B,gBAAgBL,EAAS,IAAI,MAAM,EAAA,EAIrH,MAAMM,EAASN,EAAS,IAAI,CAAC,EACvBO,EAASP,EAAS,IAAI,CAAC,EAEvBQ,EAAaC,EAAAA,aAAaH,CAAM,EAChCI,EAAYP,EAAQ,MAAA,EAC1B,GAAIK,IAAeE,GAAaJ,EAAO,QAAUK,EAAAA,yBAC/C,MAAM,IAAI,MACR,6CAA6CA,EAAAA,wBAAwB,cACvDD,CAAS,IAAIC,0BAAwB,SAASH,CAAU,IAAIF,EAAO,KAAK,EAAA,EAI1F,MAAMM,EAAaH,EAAAA,aAAaF,CAAM,EAChCM,EAAaT,EAAS,MAAA,EAC5B,GAAIQ,IAAeC,GAAcN,EAAO,QAAUO,EAAAA,2BAChD,MAAM,IAAI,MACR,8CAA8CA,EAAAA,0BAA0B,cAC1DD,CAAU,IAAIC,4BAA0B,SAASF,CAAU,IAAIL,EAAO,KAAK,EAAA,EAI7F,MAAMQ,EAAeZ,EAAQ,KAAKG,EAAO,KAAK,EACxCU,EAAgBZ,EAAS,KAAKG,EAAO,KAAK,EAE1C,CAAE,aAAAU,EAAc,mBAAAC,CAAA,EAAuB,MAAMC,EAAAA,yBACjDpB,EAAO,eAAA,EAEHqB,EAAcC,EAAAA,gBAAgBJ,CAAY,EAC1CK,EAAeD,EAAAA,gBAAgBH,CAAkB,EAEjDK,EAAO,IAAIC,OACjBD,EAAK,WAAWvB,EAAS,OAAO,EAChCuB,EAAK,YAAYvB,EAAS,QAAQ,EAElCuB,EAAK,SAAS,CACZ,KAAMjB,EAAO,KACb,MAAOA,EAAO,MACd,SAAUA,EAAO,SACjB,YAAa,CACX,OAAQS,EAAa,OACrB,MAAOA,EAAa,KAAA,EAEtB,cAAe,CACb,CACE,YAAaU,EAAAA,uBACb,OAAQC,EAAAA,OAAO,KAAKN,CAAW,EAC/B,aAAcM,EAAAA,OAAO,KAAKJ,CAAY,CAAA,CACxC,EAEF,eAAgBI,EAAAA,OAAO,KAAKC,EAAAA,iBAAiB,CAAA,CAC9C,EAEDJ,EAAK,SAAS,CACZ,KAAMhB,EAAO,KACb,MAAOA,EAAO,MACd,SAAUA,EAAO,SACjB,YAAa,CACX,OAAQS,EAAc,OACtB,MAAOA,EAAc,KAAA,CACvB,CACD,EAED,UAAWY,KAAU5B,EAAS,KAC5BuB,EAAK,UAAU,CACb,OAAQK,EAAO,OACf,MAAOA,EAAO,KAAA,CACf,EAGH,OAAOL,EAAK,MAAA,CACd,CC9FA,eAAsBM,EACpB9B,EACiB,CACjB,MAAM+B,EAAoB7B,EAAAA,YAAY,QACpCC,EAAAA,eAAeH,EAAO,oBAAoB,CAAA,EAEtCK,EAAWH,EAAAA,YAAY,QAAQC,EAAAA,eAAeH,EAAO,WAAW,CAAC,EACjEc,EAAaT,EAAS,MAAA,EAE5B,GAAIL,EAAO,wBAAwB,SAAW+B,EAAkB,IAAI,OAClE,MAAM,IAAI,MACR,YAAYA,EAAkB,IAAI,MAAM,0BAA0B/B,EAAO,wBAAwB,MAAM,EAAA,EAI3G,MAAMgC,MAAwB,IAC9B,QAASC,EAAI,EAAGA,EAAIF,EAAkB,IAAI,OAAQE,IAAK,CACrD,MAAMC,EAAQH,EAAkB,IAAIE,CAAC,EAC/BE,EAAYzB,EAAAA,aAAawB,CAAK,EACpC,GAAIC,IAAcrB,EAChB,MAAM,IAAI,MACR,yBAAyBmB,CAAC,+CACPnB,CAAU,SAASqB,CAAS,EAAA,EAGnD,GAAI,CAAC9B,EAAS,KAAK6B,EAAM,KAAK,EAC5B,MAAM,IAAI,MACR,iBAAiBA,EAAM,KAAK,wCAAwCD,CAAC,WAAWnB,CAAU,GAAA,EAG9F,GAAIkB,EAAkB,IAAIE,EAAM,KAAK,EACnC,MAAM,IAAI,MACR,yBAAyBD,CAAC,mCAAmCC,EAAM,KAAK,EAAA,EAG5EF,EAAkB,IAAIE,EAAM,KAAK,CACnC,CAEA,MAAME,EAAc,MAAM,QAAQ,IAChCpC,EAAO,wBAAwB,IAAKqC,GAAOC,EAAAA,6BAA6BD,CAAE,CAAC,CAAA,EAGvEb,EAAO,IAAIC,OACjBD,EAAK,WAAWO,EAAkB,OAAO,EACzCP,EAAK,YAAYO,EAAkB,QAAQ,EAE3C,QAASE,EAAI,EAAGA,EAAIF,EAAkB,IAAI,OAAQE,IAAK,CACrD,MAAMC,EAAQH,EAAkB,IAAIE,CAAC,EAC/BhB,EAAgBZ,EAAS,KAAK6B,EAAM,KAAK,EAEzC,CAAE,OAAAK,EAAQ,aAAAhB,GAAiBa,EAAYH,CAAC,EACxCZ,EAAcC,EAAAA,gBAAgBiB,CAAM,EACpCC,EAAoBlB,EAAAA,gBAAgBC,CAAY,EAEtDC,EAAK,SAAS,CACZ,KAAMU,EAAM,KACZ,MAAOA,EAAM,MACb,SAAUA,EAAM,SAChB,YAAa,CACX,OAAQjB,EAAc,OACtB,MAAOA,EAAc,KAAA,EAEvB,cAAe,CACb,CACE,YAAaS,EAAAA,uBACb,OAAQC,EAAAA,OAAO,KAAKN,CAAW,EAC/B,aAAcM,EAAAA,OAAO,KAAKa,CAAiB,CAAA,CAC7C,EAEF,eAAgBb,EAAAA,OAAO,KAAKC,EAAAA,iBAAiB,CAAA,CAC9C,CACH,CAEA,UAAWC,KAAUE,EAAkB,KACrCP,EAAK,UAAU,CACb,OAAQK,EAAO,OACf,MAAOA,EAAO,KAAA,CACf,EAGH,OAAOL,EAAK,MAAA,CACd"}