@babylonlabs-io/ts-sdk 0.48.5 → 0.49.0

package/dist/{primeVpAuth-CZsFLrHX.js → primeVpAuth-BdrwraAe.js}

@@ -1,28 +1,28 @@
-var he = Object.defineProperty;
-var ge = (r, e, t) => e in r ? he(r, e, { enumerable: !0, configurable: !0, writable: !0, value: t }) : r[e] = t;
-var p = (r, e, t) => ge(r, typeof e != "symbol" ? e + "" : e, t);
-import { B as X } from "./BTCVaultRegistry.abi-Chs4AFBj.js";
-import { P as b, A as H } from "./ApplicationRegistry.abi-Dn2qk6JG.js";
-import { k as fe, v as B, l as _e, j as me } from "./mempoolApi-Dc1KSVNI.js";
-import { D as be, J as ne, e as ye } from "./types-CQDRQvV-.js";
-import { C as q } from "./constants-Cd_fN8VT.js";
-import { X as R, C as j, s as E, S as we } from "./bitcoin-B5aNKtsk.js";
+var Ce = Object.defineProperty;
+var $e = (r, e, t) => e in r ? Ce(r, e, { enumerable: !0, configurable: !0, writable: !0, value: t }) : r[e] = t;
+var f = (r, e, t) => $e(r, typeof e != "symbol" ? e + "" : e, t);
+import { B as Q } from "./BTCVaultRegistry.abi-Chs4AFBj.js";
+import { P as x, A as L } from "./ApplicationRegistry.abi-Dn2qk6JG.js";
+import { k as Ie, v as U, l as Ve, j as Re } from "./mempoolApi-Dc1KSVNI.js";
+import { D as Oe, J as _e, e as Be } from "./types-CQDRQvV-.js";
+import { X as R, C as D, s as V, S as Ne, h as Ge, p as me } from "./bitcoin-B5aNKtsk.js";
+import { C as ee } from "./constants-Cd_fN8VT.js";
 import { H as S } from "./validation-CxqROCno.js";
-import * as F from "@bitcoin-js/tiny-secp256k1-asmjs";
-import { payments as Pe, Transaction as O } from "bitcoinjs-lib";
-import { Buffer as A } from "buffer";
-import { s as J } from "./sha2-BYVxyZzX.js";
-async function ut(r, e) {
+import * as H from "@bitcoin-js/tiny-secp256k1-asmjs";
+import { payments as De, Transaction as X } from "bitcoinjs-lib";
+import { Buffer as I } from "buffer";
+import { s as q } from "./sha2-BYVxyZzX.js";
+async function or(r, e) {
   const [t, n] = await r.multicall({
     contracts: [
       {
         address: e,
-        abi: X,
+        abi: Q,
         functionName: "protocolParams"
       },
       {
         address: e,
-        abi: X,
+        abi: Q,
         functionName: "applicationRegistry"
       }
     ],
@@ -33,8 +33,8 @@ async function ut(r, e) {
     applicationRegistry: n
   };
 }
-const z = 65535;
-function V(r) {
+const te = 65535;
+function B(r) {
   return {
     timelockAssert: r.timelockAssert,
     timelockChallengeAssert: r.timelockChallengeAssert,
@@ -51,7 +51,7 @@ function V(r) {
     minPrepeginDepth: r.minPrepeginDepth
   };
 }
-function W(r) {
+function re(r) {
   return {
     minimumPegInAmount: r.minimumPegInAmount,
     maxPegInAmount: r.maxPegInAmount,
@@ -61,53 +61,53 @@ function W(r) {
     expiredPegInGraceBlocks: r.expiredPegInGraceBlocks
   };
 }
-function Y(r) {
-  if (r > BigInt(z))
+function ne(r) {
+  if (r > BigInt(te))
     throw new Error(
-      `timelockAssert value ${r} exceeds uint16 max (${z})`
+      `timelockAssert value ${r} exceeds uint16 max (${te})`
     );
   return Number(r);
 }
-class dt {
+class ar {
   constructor(e, t) {
     this.publicClient = e, this.contractAddress = t;
   }
   async getTBVProtocolParams() {
     const e = await this.publicClient.readContract({
       address: this.contractAddress,
-      abi: b,
+      abi: x,
       functionName: "getTBVProtocolParams"
-    }), t = W(e);
-    return fe(t), t;
+    }), t = re(e);
+    return Ie(t), t;
   }
   async getLatestOffchainParams() {
     const e = await this.publicClient.readContract({
       address: this.contractAddress,
-      abi: b,
+      abi: x,
       functionName: "getLatestOffchainParams"
-    }), t = V(e);
-    return B(t), t;
+    }), t = B(e);
+    return U(t), t;
   }
   async getOffchainParamsByVersion(e) {
     const t = await this.publicClient.readContract({
       address: this.contractAddress,
-      abi: b,
+      abi: x,
       functionName: "getOffchainParamsByVersion",
       args: [e]
-    }), n = V(t);
-    return B(n), n;
+    }), n = B(t);
+    return U(n), n;
   }
   async getLatestOffchainParamsVersion() {
     const e = await this.publicClient.readContract({
       address: this.contractAddress,
-      abi: b,
+      abi: x,
       functionName: "latestOffchainParamsVersion"
     }), t = Number(e);
-    return _e(t), t;
+    return Ve(t), t;
   }
   async getTimelockPeginByVersion(e) {
     const t = await this.getOffchainParamsByVersion(e);
-    return Y(t.timelockAssert);
+    return ne(t.timelockAssert);
   }
   /**
    * Read TBV protocol params, latest offchain params, and the latest version
@@ -121,35 +121,35 @@ class dt {
       contracts: [
         {
           address: this.contractAddress,
-          abi: b,
+          abi: x,
           functionName: "getTBVProtocolParams"
         },
         {
           address: this.contractAddress,
-          abi: b,
+          abi: x,
           functionName: "getLatestOffchainParams"
         },
         {
           address: this.contractAddress,
-          abi: b,
+          abi: x,
           functionName: "latestOffchainParamsVersion"
         }
       ],
       allowFailure: !1
-    }), t = W(e[0]), n = V(e[1]), s = Number(e[2]), i = {
+    }), t = re(e[0]), n = B(e[1]), i = Number(e[2]), s = {
       minimumPegInAmount: t.minimumPegInAmount,
       maxPegInAmount: t.maxPegInAmount,
       pegInAckTimeout: t.pegInAckTimeout,
       pegInActivationTimeout: t.pegInActivationTimeout,
       maxHtlcOutputCount: t.maxHtlcOutputCount,
       expiredPegInGraceBlocks: t.expiredPegInGraceBlocks,
-      timelockPegin: Y(n.timelockAssert),
+      timelockPegin: ne(n.timelockAssert),
       timelockRefund: n.tRefund,
       minVpCommissionBps: n.minVpCommissionBps,
       offchainParams: n,
-      offchainParamsVersion: s
+      offchainParamsVersion: i
     };
-    return me(i), i;
+    return Re(s), s;
   }
   /**
    * Fetch every historical offchain params version in a single multicall.
@@ -165,135 +165,135 @@ class dt {
     const t = await this.getLatestOffchainParamsVersion();
     if (t === 0)
       return { byVersion: /* @__PURE__ */ new Map(), latestVersion: 0 };
-    const n = Array.from({ length: t }, (c, u) => u + 1), s = n.map((c) => ({
+    const n = Array.from({ length: t }, (c, d) => d + 1), i = n.map((c) => ({
       address: this.contractAddress,
-      abi: b,
+      abi: x,
       functionName: "getOffchainParamsByVersion",
       args: [c]
-    })), i = await this.publicClient.multicall({
-      contracts: s,
+    })), s = await this.publicClient.multicall({
+      contracts: i,
       allowFailure: !1
     }), o = /* @__PURE__ */ new Map();
     for (let c = 0; c < n.length; c++) {
-      const u = V(i[c]);
+      const d = B(s[c]);
       try {
-        B(u), o.set(n[c], u);
-      } catch (d) {
+        U(d), o.set(n[c], d);
+      } catch (u) {
         e == null || e(
           n[c],
-          d instanceof Error ? d : new Error(String(d))
+          u instanceof Error ? u : new Error(String(u))
         );
       }
     }
     return { byVersion: o, latestVersion: t };
   }
 }
-function N(r) {
+function M(r) {
   return r.map((e) => ({
     ethAddress: e.ethAddress,
     btcPubKey: e.btcPubKey
   }));
 }
-class pt {
+class cr {
   constructor(e, t) {
     this.publicClient = e, this.contractAddress = t;
   }
   async getVaultKeepersByVersion(e, t) {
     const n = await this.publicClient.readContract({
       address: this.contractAddress,
-      abi: H,
+      abi: L,
       functionName: "getVaultKeepersByVersion",
       args: [e, t]
     });
-    return N(n);
+    return M(n);
   }
   async getCurrentVaultKeepers(e) {
     const t = await this.publicClient.readContract({
       address: this.contractAddress,
-      abi: H,
+      abi: L,
       functionName: "getCurrentVaultKeepers",
       args: [e]
     });
-    return N(t);
+    return M(t);
   }
   async getCurrentVaultKeepersVersion(e) {
     return await this.publicClient.readContract({
       address: this.contractAddress,
-      abi: H,
+      abi: L,
       functionName: "getCurrentVaultKeepersVersion",
       args: [e]
     });
   }
 }
-class ht {
+class lr {
   constructor(e, t) {
     this.publicClient = e, this.contractAddress = t;
   }
   async getUniversalChallengersByVersion(e) {
     const t = await this.publicClient.readContract({
       address: this.contractAddress,
-      abi: b,
+      abi: x,
       functionName: "getUniversalChallengersByVersion",
       args: [e]
     });
-    return N(t);
+    return M(t);
   }
   async getCurrentUniversalChallengers() {
     const e = await this.publicClient.readContract({
       address: this.contractAddress,
-      abi: b,
+      abi: x,
       functionName: "getCurrentUniversalChallengers"
     });
-    return N(e);
+    return M(e);
   }
   async getLatestUniversalChallengersVersion() {
     return await this.publicClient.readContract({
       address: this.contractAddress,
-      abi: b,
+      abi: x,
       functionName: "latestUniversalChallengersVersion"
     });
   }
 }
-var xe = /* @__PURE__ */ ((r) => (r[r.PENDING = 0] = "PENDING", r[r.VERIFIED = 1] = "VERIFIED", r[r.ACTIVE = 2] = "ACTIVE", r[r.REDEEMED = 3] = "REDEEMED", r[r.EXPIRED = 4] = "EXPIRED", r))(xe || {});
-const Z = new Set(Object.values(be)), ve = 200;
-function l(r) {
+var Me = /* @__PURE__ */ ((r) => (r[r.PENDING = 0] = "PENDING", r[r.VERIFIED = 1] = "VERIFIED", r[r.ACTIVE = 2] = "ACTIVE", r[r.REDEEMED = 3] = "REDEEMED", r[r.EXPIRED = 4] = "EXPIRED", r))(Me || {});
+const se = new Set(Object.values(Oe)), je = 200;
+function p(r) {
   var e;
-  return ((e = JSON.stringify(r)) == null ? void 0 : e.slice(0, ve)) ?? "undefined";
+  return ((e = JSON.stringify(r)) == null ? void 0 : e.slice(0, je)) ?? "undefined";
 }
-const Ae = "The vault provider returned an unexpected response. Please try again or contact support.";
+const He = "The vault provider returned an unexpected response. Please try again or contact support.";
 class a extends Error {
   constructor(t) {
-    super(Ae);
-    p(this, "detail");
+    super(He);
+    f(this, "detail");
     this.name = "VpResponseValidationError", this.detail = t;
   }
 }
-const $ = 64;
-function P(r) {
+const O = 64;
+function C(r) {
   return typeof r == "string" && r.length > 0 && S.test(r);
 }
-function se(r) {
+function ye(r) {
   return typeof r == "string" && r.length > 0;
 }
-function ie(r, e) {
-  if (!P(r))
+function be(r, e) {
+  if (!C(r))
     throw new a(
-      `VP response validation failed: "${e}" must be a non-empty hex string, got ${l(r)}`
+      `VP response validation failed: "${e}" must be a non-empty hex string, got ${p(r)}`
     );
 }
-function _(r, e) {
-  if (!se(r))
+function b(r, e) {
+  if (!ye(r))
     throw new a(
-      `VP response validation failed: "${e}" must be a non-empty string, got ${l(r)}`
+      `VP response validation failed: "${e}" must be a non-empty string, got ${p(r)}`
     );
 }
-function L(r, e) {
-  if (!P(r) || r.length !== R && r.length !== j)
+function Z(r, e) {
+  if (!C(r) || r.length !== R && r.length !== D)
     throw new a(
-      `VP response validation failed: "${e}" must be a ${R} or ${j}-char hex string (BTC pubkey), got ${l(r)}`
+      `VP response validation failed: "${e}" must be a ${R} or ${D}-char hex string (BTC pubkey), got ${p(r)}`
     );
 }
-function $e(r) {
+function Le(r) {
   const e = r.presigning;
   if (e == null) return;
   if (typeof e != "object" || Array.isArray(e))
@@ -303,49 +303,49 @@ function $e(r) {
   const t = e;
   if (t.depositor_graph_created !== void 0 && typeof t.depositor_graph_created != "boolean")
     throw new a(
-      `VP response validation failed: "progress.presigning.depositor_graph_created" must be a boolean if present, got ${l(t.depositor_graph_created)}`
+      `VP response validation failed: "progress.presigning.depositor_graph_created" must be a boolean if present, got ${p(t.depositor_graph_created)}`
     );
   if (t.vk_challenger_presigning_completed !== void 0 && typeof t.vk_challenger_presigning_completed != "number")
     throw new a(
-      `VP response validation failed: "progress.presigning.vk_challenger_presigning_completed" must be a number if present, got ${l(t.vk_challenger_presigning_completed)}`
+      `VP response validation failed: "progress.presigning.vk_challenger_presigning_completed" must be a number if present, got ${p(t.vk_challenger_presigning_completed)}`
     );
   if (t.vk_challenger_presigning_total !== void 0 && typeof t.vk_challenger_presigning_total != "number")
     throw new a(
-      `VP response validation failed: "progress.presigning.vk_challenger_presigning_total" must be a number if present, got ${l(t.vk_challenger_presigning_total)}`
+      `VP response validation failed: "progress.presigning.vk_challenger_presigning_total" must be a number if present, got ${p(t.vk_challenger_presigning_total)}`
     );
 }
-function ae(r) {
+function we(r) {
   if (r === null || typeof r != "object")
     throw new a(
       "VP response validation failed: getPeginStatus response is not an object"
     );
   const e = r;
-  if (!P(e.pegin_txid) || e.pegin_txid.length !== $)
+  if (!C(e.pegin_txid) || e.pegin_txid.length !== O)
     throw new a(
-      `VP response validation failed: "pegin_txid" must be a ${$}-char hex string (txid), got ${l(e.pegin_txid)}`
+      `VP response validation failed: "pegin_txid" must be a ${O}-char hex string (txid), got ${p(e.pegin_txid)}`
     );
   if (typeof e.status != "string")
     throw new a(
       'VP response validation failed: "status" must be a string'
     );
-  if (!Z.has(e.status))
+  if (!se.has(e.status))
     throw new a(
-      `VP response validation failed: unrecognized status "${e.status}". Expected one of: ${[...Z].join(", ")}`
+      `VP response validation failed: unrecognized status "${e.status}". Expected one of: ${[...se].join(", ")}`
     );
   if (e.progress === null || typeof e.progress != "object" || Array.isArray(e.progress))
     throw new a(
       'VP response validation failed: "progress" must be an object'
     );
-  if ($e(e.progress), typeof e.health_info != "string")
+  if (Le(e.progress), typeof e.health_info != "string")
     throw new a(
       'VP response validation failed: "health_info" must be a string'
     );
   if (e.last_error !== void 0 && typeof e.last_error != "string")
     throw new a(
-      `VP response validation failed: "last_error" must be a string if present, got ${l(e.last_error)}`
+      `VP response validation failed: "last_error" must be a string if present, got ${p(e.last_error)}`
     );
 }
-function Se(r) {
+function Ue(r) {
   if (r === null || typeof r != "object")
     throw new a(
       "VP response validation failed: requestDepositorPresignTransactions response is not an object"
@@ -356,60 +356,60 @@ function Se(r) {
       'VP response validation failed: "txs" must be an array'
     );
   for (let t = 0; t < e.txs.length; t++)
-    ke(e.txs[t], `txs[${t}]`);
+    Xe(e.txs[t], `txs[${t}]`);
   if (e.depositor_graph === null || typeof e.depositor_graph != "object")
     throw new a(
       'VP response validation failed: "depositor_graph" must be an object'
     );
-  De(
+  Qe(
     e.depositor_graph
   );
 }
-function y(r, e) {
+function v(r, e) {
   if (r === null || typeof r != "object")
     throw new a(
       `VP response validation failed: "${e}" must be an object`
     );
-  ie(r.tx_hex, `${e}.tx_hex`);
+  be(r.tx_hex, `${e}.tx_hex`);
 }
-function ke(r, e) {
+function Xe(r, e) {
   if (r === null || typeof r != "object")
     throw new a(
       `VP response validation failed: "${e}" must be an object`
     );
   const t = r;
-  L(t.claimer_pubkey, `${e}.claimer_pubkey`), y(t.claim_tx, `${e}.claim_tx`), y(t.assert_tx, `${e}.assert_tx`), y(t.payout_tx, `${e}.payout_tx`), _(t.payout_psbt, `${e}.payout_psbt`);
+  Z(t.claimer_pubkey, `${e}.claimer_pubkey`), v(t.claim_tx, `${e}.claim_tx`), v(t.assert_tx, `${e}.assert_tx`), v(t.payout_tx, `${e}.payout_tx`), b(t.payout_psbt, `${e}.payout_psbt`);
 }
-function Te(r, e) {
+function Fe(r, e) {
   if (r === null || typeof r != "object")
     throw new a(
       `VP response validation failed: "${e}" must be an object`
     );
   const t = r;
-  _(t.wots_pks_json, `${e}.wots_pks_json`), _(t.gc_wots_keys_json, `${e}.gc_wots_keys_json`);
+  b(t.wots_pks_json, `${e}.wots_pks_json`), b(t.gc_wots_keys_json, `${e}.gc_wots_keys_json`);
 }
-function Ee(r, e) {
+function Ke(r, e) {
   if (r === null || typeof r != "object")
     throw new a(
       `VP response validation failed: "${e}" must be an object`
     );
   const t = r;
-  if (L(t.challenger_pubkey, `${e}.challenger_pubkey`), y(
+  if (Z(t.challenger_pubkey, `${e}.challenger_pubkey`), v(
     t.challenge_assert_x_tx,
     `${e}.challenge_assert_x_tx`
-  ), y(
+  ), v(
     t.challenge_assert_y_tx,
     `${e}.challenge_assert_y_tx`
-  ), y(t.nopayout_tx, `${e}.nopayout_tx`), _(t.nopayout_psbt, `${e}.nopayout_psbt`), !Array.isArray(t.challenge_assert_connectors))
+  ), v(t.nopayout_tx, `${e}.nopayout_tx`), b(t.nopayout_psbt, `${e}.nopayout_psbt`), !Array.isArray(t.challenge_assert_connectors))
     throw new a(
       `VP response validation failed: "${e}.challenge_assert_connectors" must be an array`
     );
-  if (t.challenge_assert_connectors.length !== q)
+  if (t.challenge_assert_connectors.length !== ee)
     throw new a(
-      `VP response validation failed: "${e}.challenge_assert_connectors" must have exactly ${q} entries, got ${t.challenge_assert_connectors.length}`
+      `VP response validation failed: "${e}.challenge_assert_connectors" must have exactly ${ee} entries, got ${t.challenge_assert_connectors.length}`
     );
   for (let n = 0; n < t.challenge_assert_connectors.length; n++)
-    Te(
+    Fe(
       t.challenge_assert_connectors[n],
       `${e}.challenge_assert_connectors[${n}]`
     );
@@ -418,24 +418,24 @@ function Ee(r, e) {
       `VP response validation failed: "${e}.output_label_hashes" must be an array`
     );
   for (let n = 0; n < t.output_label_hashes.length; n++)
-    ie(
+    be(
       t.output_label_hashes[n],
       `${e}.output_label_hashes[${n}]`
     );
 }
-function Ve(r) {
+function Je(r) {
   if (r === null || typeof r != "object")
     throw new a(
       "VP response validation failed: requestDepositorClaimerArtifacts response is not an object"
     );
   const e = r;
-  if (!se(e.tx_graph_json))
+  if (!ye(e.tx_graph_json))
     throw new a(
-      `VP response validation failed: "tx_graph_json" must be a non-empty string, got ${l(e.tx_graph_json)}`
+      `VP response validation failed: "tx_graph_json" must be a non-empty string, got ${p(e.tx_graph_json)}`
     );
-  if (!P(e.verifying_key_hex))
+  if (!C(e.verifying_key_hex))
     throw new a(
-      `VP response validation failed: "verifying_key_hex" must be a non-empty hex string, got ${l(e.verifying_key_hex)}`
+      `VP response validation failed: "verifying_key_hex" must be a non-empty hex string, got ${p(e.verifying_key_hex)}`
     );
   if (e.babe_sessions === null || typeof e.babe_sessions != "object" || Array.isArray(e.babe_sessions))
     throw new a(
@@ -448,98 +448,98 @@ function Ve(r) {
     throw new a(
       'VP response validation failed: "babe_sessions" must contain at least one challenger entry'
     );
-  for (const [n, s] of t) {
-    if (L(n, `babe_sessions["${n}"]`), s === null || typeof s != "object")
+  for (const [n, i] of t) {
+    if (Z(n, `babe_sessions["${n}"]`), i === null || typeof i != "object")
       throw new a(
         `VP response validation failed: "babe_sessions.${n}" must be an object`
       );
-    const i = s;
-    if (!P(i.decryptor_artifacts_hex))
+    const s = i;
+    if (!C(s.decryptor_artifacts_hex))
       throw new a(
-        `VP response validation failed: "babe_sessions.${n}.decryptor_artifacts_hex" must be a non-empty hex string, got ${l(i.decryptor_artifacts_hex)}`
+        `VP response validation failed: "babe_sessions.${n}.decryptor_artifacts_hex" must be a non-empty hex string, got ${p(s.decryptor_artifacts_hex)}`
       );
   }
 }
-function Ce(r) {
+function qe(r) {
   if (r === null || typeof r != "object")
     throw new a(
       "VP response validation failed: pegout status payload is not an object"
     );
   const e = r;
-  if (!P(e.pegin_txid) || e.pegin_txid.length !== $)
+  if (!C(e.pegin_txid) || e.pegin_txid.length !== O)
     throw new a(
-      `VP response validation failed: "pegin_txid" must be a ${$}-char hex string (txid), got ${l(e.pegin_txid)}`
+      `VP response validation failed: "pegin_txid" must be a ${O}-char hex string (txid), got ${p(e.pegin_txid)}`
     );
   if (typeof e.found != "boolean")
     throw new a(
-      `VP response validation failed: "found" must be a boolean, got ${l(e.found)}`
+      `VP response validation failed: "found" must be a boolean, got ${p(e.found)}`
     );
   if (e.claimer !== null) {
     if (typeof e.claimer != "object")
       throw new a(
-        `VP response validation failed: "claimer" must be an object or null, got ${l(e.claimer)}`
+        `VP response validation failed: "claimer" must be an object or null, got ${p(e.claimer)}`
       );
-    Ie(e.claimer);
+    We(e.claimer);
   }
   if (!Array.isArray(e.challengers))
     throw new a(
-      `VP response validation failed: "challengers" must be an array, got ${l(e.challengers)}`
+      `VP response validation failed: "challengers" must be an array, got ${p(e.challengers)}`
     );
   for (let t = 0; t < e.challengers.length; t++)
-    Re(e.challengers[t], t);
+    Ye(e.challengers[t], t);
 }
-function Ie(r) {
-  if (_(r.status, "claimer.status"), typeof r.failed != "boolean")
+function We(r) {
+  if (b(r.status, "claimer.status"), typeof r.failed != "boolean")
     throw new a(
-      `VP response validation failed: "claimer.failed" must be a boolean, got ${l(r.failed)}`
+      `VP response validation failed: "claimer.failed" must be a boolean, got ${p(r.failed)}`
     );
-  if (_(r.claim_txid, "claimer.claim_txid"), _(r.claimer_pubkey, "claimer.claimer_pubkey"), _(r.assert_txid, "claimer.assert_txid"), typeof r.created_at != "number")
+  if (b(r.claim_txid, "claimer.claim_txid"), b(r.claimer_pubkey, "claimer.claimer_pubkey"), b(r.assert_txid, "claimer.assert_txid"), typeof r.created_at != "number")
     throw new a(
-      `VP response validation failed: "claimer.created_at" must be a number, got ${l(r.created_at)}`
+      `VP response validation failed: "claimer.created_at" must be a number, got ${p(r.created_at)}`
     );
   if (typeof r.updated_at != "number")
     throw new a(
-      `VP response validation failed: "claimer.updated_at" must be a number, got ${l(r.updated_at)}`
+      `VP response validation failed: "claimer.updated_at" must be a number, got ${p(r.updated_at)}`
     );
 }
-function Re(r, e) {
+function Ye(r, e) {
   if (r === null || typeof r != "object")
     throw new a(
-      `VP response validation failed: "challengers[${e}]" must be an object, got ${l(r)}`
+      `VP response validation failed: "challengers[${e}]" must be an object, got ${p(r)}`
     );
   const t = r;
-  if (_(t.status, `challengers[${e}].status`), _(t.claim_txid, `challengers[${e}].claim_txid`), _(t.claimer_pubkey, `challengers[${e}].claimer_pubkey`), C(t.assert_txid, `challengers[${e}].assert_txid`), C(
+  if (b(t.status, `challengers[${e}].status`), b(t.claim_txid, `challengers[${e}].claim_txid`), b(t.claimer_pubkey, `challengers[${e}].claimer_pubkey`), N(t.assert_txid, `challengers[${e}].assert_txid`), N(
     t.challenge_assert_x_txid,
     `challengers[${e}].challenge_assert_x_txid`
-  ), C(
+  ), N(
     t.challenge_assert_y_txid,
     `challengers[${e}].challenge_assert_y_txid`
-  ), C(t.nopayout_txid, `challengers[${e}].nopayout_txid`), typeof t.created_at != "number")
+  ), N(t.nopayout_txid, `challengers[${e}].nopayout_txid`), typeof t.created_at != "number")
     throw new a(
-      `VP response validation failed: "challengers[${e}].created_at" must be a number, got ${l(t.created_at)}`
+      `VP response validation failed: "challengers[${e}].created_at" must be a number, got ${p(t.created_at)}`
     );
   if (typeof t.updated_at != "number")
     throw new a(
-      `VP response validation failed: "challengers[${e}].updated_at" must be a number, got ${l(t.updated_at)}`
+      `VP response validation failed: "challengers[${e}].updated_at" must be a number, got ${p(t.updated_at)}`
     );
 }
-function C(r, e) {
+function N(r, e) {
   if (r !== null && typeof r != "string")
     throw new a(
-      `VP response validation failed: "${e}" must be a string or null, got ${l(r)}`
+      `VP response validation failed: "${e}" must be a string or null, got ${p(r)}`
     );
 }
-function Ne(r) {
-  oe(r, "batchGetPeginStatus", (e) => {
-    e.result !== null && ae(e.result);
+function ze(r) {
+  xe(r, "batchGetPeginStatus", (e) => {
+    e.result !== null && we(e.result);
   });
 }
-function Ge(r) {
-  oe(r, "batchGetPegoutStatus", (e) => {
-    e.result !== null && Ce(e.result);
+function Ze(r) {
+  xe(r, "batchGetPegoutStatus", (e) => {
+    e.result !== null && qe(e.result);
   });
 }
-function oe(r, e, t) {
+function xe(r, e, t) {
   if (r === null || typeof r != "object")
     throw new a(
       `VP response validation failed: ${e} response is not an object`
@@ -547,41 +547,41 @@ function oe(r, e, t) {
   const n = r;
   if (!Array.isArray(n.results))
     throw new a(
-      `VP response validation failed: "${e}.results" must be an array, got ${l(n.results)}`
+      `VP response validation failed: "${e}.results" must be an array, got ${p(n.results)}`
     );
-  for (let s = 0; s < n.results.length; s++) {
-    const i = n.results[s];
-    if (i === null || typeof i != "object")
+  for (let i = 0; i < n.results.length; i++) {
+    const s = n.results[i];
+    if (s === null || typeof s != "object")
       throw new a(
-        `VP response validation failed: "${e}.results[${s}]" must be an object, got ${l(i)}`
+        `VP response validation failed: "${e}.results[${i}]" must be an object, got ${p(s)}`
       );
-    const o = i;
-    if (!P(o.pegin_txid) || o.pegin_txid.length !== $)
+    const o = s;
+    if (!C(o.pegin_txid) || o.pegin_txid.length !== O)
       throw new a(
-        `VP response validation failed: "${e}.results[${s}].pegin_txid" must be a ${$}-char hex string, got ${l(o.pegin_txid)}`
+        `VP response validation failed: "${e}.results[${i}].pegin_txid" must be a ${O}-char hex string, got ${p(o.pegin_txid)}`
       );
     if (o.error !== null && typeof o.error != "string")
       throw new a(
-        `VP response validation failed: "${e}.results[${s}].error" must be a string or null, got ${l(o.error)}`
+        `VP response validation failed: "${e}.results[${i}].error" must be a string or null, got ${p(o.error)}`
       );
     if (o.result === null && o.error === null)
       throw new a(
-        `VP response validation failed: "${e}.results[${s}]" has neither "result" nor "error" populated`
+        `VP response validation failed: "${e}.results[${i}]" has neither "result" nor "error" populated`
       );
     if (o.result !== null && o.error !== null)
       throw new a(
-        `VP response validation failed: "${e}.results[${s}]" has both "result" and "error" populated`
+        `VP response validation failed: "${e}.results[${i}]" has both "result" and "error" populated`
       );
-    t(o, s);
+    t(o, i);
   }
 }
-function De(r) {
-  if (y(r.claim_tx, "depositor_graph.claim_tx"), y(r.assert_tx, "depositor_graph.assert_tx"), y(r.payout_tx, "depositor_graph.payout_tx"), _(r.payout_psbt, "depositor_graph.payout_psbt"), !Array.isArray(r.challenger_presign_data))
+function Qe(r) {
+  if (v(r.claim_tx, "depositor_graph.claim_tx"), v(r.assert_tx, "depositor_graph.assert_tx"), v(r.payout_tx, "depositor_graph.payout_tx"), b(r.payout_psbt, "depositor_graph.payout_psbt"), !Array.isArray(r.challenger_presign_data))
     throw new a(
       'VP response validation failed: "depositor_graph.challenger_presign_data" must be an array'
     );
   for (let e = 0; e < r.challenger_presign_data.length; e++)
-    Ee(
+    Ke(
       r.challenger_presign_data[e],
       `depositor_graph.challenger_presign_data[${e}]`
     );
@@ -590,13 +590,13 @@ function De(r) {
       'VP response validation failed: "depositor_graph.offchain_params_version" must be a number'
     );
 }
-const He = 6e4;
-class Be {
+const et = 6e4;
+class tt {
   constructor(e, t) {
-    p(this, "client");
+    f(this, "client");
     const n = {
       baseUrl: e,
-      timeout: (t == null ? void 0 : t.timeout) ?? He,
+      timeout: (t == null ? void 0 : t.timeout) ?? et,
       retries: t == null ? void 0 : t.retries,
       retryDelay: t == null ? void 0 : t.retryDelay,
       retryableFor: t == null ? void 0 : t.retryableFor,
@@ -604,7 +604,7 @@ class Be {
       tokenProvider: t == null ? void 0 : t.tokenProvider,
       maxResponseBytes: t == null ? void 0 : t.maxResponseBytes
     };
-    this.client = new ne(n);
+    this.client = new _e(n);
   }
   /**
    * Request the payout/claim/assert transactions that the depositor
@@ -612,7 +612,7 @@ class Be {
    */
   async requestDepositorPresignTransactions(e, t) {
     const n = await this.client.call("vaultProvider_requestDepositorPresignTransactions", e, t);
-    return Se(n), n;
+    return Ue(n), n;
   }
   /**
    * Submit the depositor's pre-signatures for the payout transactions
@@ -643,7 +643,7 @@ class Be {
    */
   async requestDepositorClaimerArtifacts(e, t) {
     const n = await this.client.call("vaultProvider_requestDepositorClaimerArtifacts", e, t);
-    return Ve(n), n;
+    return Je(n), n;
   }
   /** Get the current pegin status from the vault provider daemon. */
   async getPeginStatus(e, t) {
@@ -652,7 +652,7 @@ class Be {
       e,
       t
     );
-    return ae(n), n;
+    return we(n), n;
   }
   /**
    * Get pegin status for many txids in one round trip. Per-result envelope
@@ -661,7 +661,7 @@ class Be {
    */
   async batchGetPeginStatus(e, t) {
     const n = await this.client.call("vaultProvider_batchGetPeginStatus", e, t);
-    return Ne(n), n;
+    return ze(n), n;
   }
   /**
    * Get pegout status for many txids in one round trip. Same per-result
@@ -669,306 +669,670 @@ class Be {
    */
   async batchGetPegoutStatus(e, t) {
     const n = await this.client.call("vaultProvider_batchGetPegoutStatus", e, t);
-    return Ge(n), n;
+    return Ze(n), n;
   }
 }
-function Oe(r, e) {
+function rt(r, e) {
   const t = /* @__PURE__ */ new Set();
-  for (const u of r)
-    t.add(u.toLowerCase());
-  const n = /* @__PURE__ */ new Map(), s = /* @__PURE__ */ new Set(), i = [], o = [];
-  for (const u of e) {
-    const d = u.pegin_txid.toLowerCase();
-    if (!t.has(d)) {
-      o.push(d);
+  for (const d of r)
+    t.add(d.toLowerCase());
+  const n = /* @__PURE__ */ new Map(), i = /* @__PURE__ */ new Set(), s = [], o = [];
+  for (const d of e) {
+    const u = d.pegin_txid.toLowerCase();
+    if (!t.has(u)) {
+      o.push(u);
       continue;
     }
-    if (s.has(d)) {
-      i.push(d);
+    if (i.has(u)) {
+      s.push(u);
       continue;
     }
-    s.add(d), n.set(d, { result: u.result, error: u.error });
+    i.add(u), n.set(u, { result: d.result, error: d.error });
   }
   const c = [];
-  for (const u of t)
-    s.has(u) || c.push(u);
-  return { byTxid: n, missing: c, unexpected: o, duplicate: i };
+  for (const d of t)
+    i.has(d) || c.push(d);
+  return { byTxid: n, missing: c, unexpected: o, duplicate: s };
 }
-async function gt(r) {
+async function ur(r) {
   const {
     items: e,
     getTxid: t,
     batchCall: n,
-    onItem: s,
-    onMissing: i,
+    onItem: i,
+    onMissing: s,
     onDuplicate: o,
     onDuplicateBatch: c,
-    onWholeBatchError: u,
-    onUnexpected: d,
-    batchSize: f = ye
+    onWholeBatchError: d,
+    onUnexpected: u,
+    batchSize: g = Be
   } = r;
-  if (!Number.isInteger(f) || f <= 0)
+  if (!Number.isInteger(g) || g <= 0)
     throw new Error(
-      `batchPollByProvider: batchSize must be a positive integer, got ${f}`
+      `batchPollByProvider: batchSize must be a positive integer, got ${g}`
     );
-  for (let w = 0; w < e.length; w += f) {
-    const x = e.slice(w, w + f), k = /* @__PURE__ */ new Map(), D = [];
-    for (const h of x) {
-      const m = t(h).toLowerCase();
-      k.set(m, h), D.push(m);
+  for (let m = 0; m < e.length; m += g) {
+    const w = e.slice(m, m + g), k = /* @__PURE__ */ new Map(), T = [];
+    for (const _ of w) {
+      const l = t(_).toLowerCase();
+      k.set(l, _), T.push(l);
     }
-    let v;
+    let A;
     try {
-      const h = await n(D);
-      v = Oe(D, h.results);
-    } catch (h) {
-      u(x, h);
+      const _ = await n(T);
+      A = rt(T, _.results);
+    } catch (_) {
+      d(w, _);
       continue;
     }
-    d && v.unexpected.length > 0 && d(v.unexpected);
-    const T = new Set(v.duplicate);
-    for (const h of T) {
-      const m = k.get(h);
-      m && o(m);
+    u && A.unexpected.length > 0 && u(A.unexpected);
+    const $ = new Set(A.duplicate);
+    for (const _ of $) {
+      const l = k.get(_);
+      l && o(l);
     }
-    c && T.size > 0 && c(T.size);
-    for (const h of v.missing) {
-      const m = k.get(h);
-      m && i(m);
+    c && $.size > 0 && c($.size);
+    for (const _ of A.missing) {
+      const l = k.get(_);
+      l && s(l);
     }
-    for (const [h, m] of v.byTxid) {
-      if (T.has(h)) continue;
-      const K = k.get(h);
-      K && s(K, {
-        pegin_txid: h,
-        result: m.result,
-        error: m.error
+    for (const [_, l] of A.byTxid) {
+      if ($.has(_)) continue;
+      const E = k.get(_);
+      E && i(E, {
+        pegin_txid: _,
+        result: l.result,
+        error: l.error
       });
     }
   }
 }
-const je = "BIP0322-signed-message", Me = "TapTweak", ce = 32, Ue = 64;
-function le(r, e) {
-  const t = new TextEncoder().encode(r), n = J(t), s = new Uint8Array(n.length * 2 + e.length);
-  return s.set(n, 0), s.set(n, n.length), s.set(e, n.length * 2), J(s);
+const nt = "BIP0322-signed-message", st = "TapTweak", Ae = 32, it = 64;
+function Pe(r, e) {
+  const t = new TextEncoder().encode(r), n = q(t), i = new Uint8Array(n.length * 2 + e.length);
+  return i.set(n, 0), i.set(n, n.length), i.set(e, n.length * 2), q(i);
 }
-function Fe(r) {
-  if (r.length !== ce) return null;
-  const e = le(Me, r), t = F.xOnlyPointAddTweak(r, e);
+function ot(r) {
+  if (r.length !== Ae) return null;
+  const e = Pe(st, r), t = H.xOnlyPointAddTweak(r, e);
   return t ? t.xOnlyPubkey : null;
 }
-function Le(r, e, t) {
-  if (e.length !== ce || t.length !== Ue) return !1;
+function at(r, e, t) {
+  if (e.length !== Ae || t.length !== it) return !1;
   try {
-    const n = le(je, r), s = Pe.p2tr({
-      internalPubkey: A.from(e)
+    const n = Pe(nt, r), i = De.p2tr({
+      internalPubkey: I.from(e)
     });
-    if (!s.output) return !1;
-    const i = s.output, o = 0, c = new O();
+    if (!i.output) return !1;
+    const s = i.output, o = 0, c = new X();
     c.version = 0, c.locktime = 0;
-    const u = A.concat([
-      A.from([0, 32]),
-      A.from(n)
+    const d = I.concat([
+      I.from([0, 32]),
+      I.from(n)
     ]);
     c.addInput(
-      A.alloc(32, 0),
+      I.alloc(32, 0),
       // prev_txid = 0x0000...0000
       4294967295,
       // prev_vout = 0xFFFFFFFF
       0,
       // sequence = 0
-      u
-    ), c.addOutput(i, o);
-    const d = new O();
-    d.version = 0, d.locktime = 0;
-    const f = c.getHash();
-    d.addInput(f, 0, 0), d.addOutput(A.from([106]), o);
-    const w = d.hashForWitnessV1(
+      d
+    ), c.addOutput(s, o);
+    const u = new X();
+    u.version = 0, u.locktime = 0;
+    const g = c.getHash();
+    u.addInput(g, 0, 0), u.addOutput(I.from([106]), o);
+    const m = u.hashForWitnessV1(
       0,
-      [i],
+      [s],
       [o],
-      O.SIGHASH_DEFAULT
-    ), x = Fe(e);
-    return x ? F.verifySchnorr(w, x, t) : !1;
+      X.SIGHASH_DEFAULT
+    ), w = ot(e);
+    return w ? H.verifySchnorr(m, w, t) : !1;
   } catch {
     return !1;
   }
 }
-function G(r, e) {
+function j(r, e) {
   const t = (r & 7) << 5, n = typeof e == "bigint" ? e : BigInt(e);
   if (n < 0n) throw new Error("cborHead: negative argument");
   if (n < 24n) return new Uint8Array([t | Number(n)]);
   if (n < 0x100n) return new Uint8Array([t | 24, Number(n)]);
   if (n < 0x10000n) {
-    const i = Number(n);
-    return new Uint8Array([t | 25, i >>> 8 & 255, i & 255]);
+    const s = Number(n);
+    return new Uint8Array([t | 25, s >>> 8 & 255, s & 255]);
   }
   if (n < 0x100000000n) {
-    const i = Number(n);
+    const s = Number(n);
     return new Uint8Array([
       t | 26,
-      i >>> 24 & 255,
-      i >>> 16 & 255,
-      i >>> 8 & 255,
-      i & 255
+      s >>> 24 & 255,
+      s >>> 16 & 255,
+      s >>> 8 & 255,
+      s & 255
     ]);
   }
-  const s = new Uint8Array(9);
-  s[0] = t | 27;
-  for (let i = 7; i >= 0; i--)
-    s[1 + i] = Number(n >> BigInt((7 - i) * 8)) & 255;
-  return s;
+  const i = new Uint8Array(9);
+  i[0] = t | 27;
+  for (let s = 7; s >= 0; s--)
+    i[1 + s] = Number(n >> BigInt((7 - s) * 8)) & 255;
+  return i;
 }
-function ue(...r) {
-  const e = r.reduce((s, i) => s + i.length, 0), t = new Uint8Array(e);
+function ve(...r) {
+  const e = r.reduce((i, s) => i + s.length, 0), t = new Uint8Array(e);
   let n = 0;
-  for (const s of r)
-    t.set(s, n), n += s.length;
+  for (const i of r)
+    t.set(i, n), n += i.length;
   return t;
 }
-function Q(r) {
-  const t = [G(4, r.length)];
+function ie(r) {
+  const t = [j(4, r.length)];
   for (const n of r)
-    t.push(G(0, n));
-  return ue(...t);
+    t.push(j(0, n));
+  return ve(...t);
 }
-function Ke(r, e, t) {
+function ct(r, e, t) {
   if (!Number.isSafeInteger(t) || t < 0)
     throw new Error(
       `encodeServerIdentityPayload: expires_at must be a non-negative safe integer, got ${t}`
     );
-  const n = G(4, 3), s = Q(r), i = Q(e), o = G(0, t);
-  return ue(n, s, i, o);
+  const n = j(4, 3), i = ie(r), s = ie(e), o = j(0, t);
+  return ve(n, i, s, o);
 }
-const Xe = new TextEncoder().encode(
+const lt = new TextEncoder().encode(
   "btc-auth.server-identity.v1"
-), qe = 2 * 3600;
-class g extends Error {
+), ut = 2 * 3600;
+class y extends Error {
   constructor(e, t) {
     super(e), this.reason = t, this.name = "ServerIdentityError";
   }
 }
-function I(r) {
+function G(r) {
   const e = new Uint8Array(r.length / 2);
   for (let t = 0; t < e.length; t++)
     e[t] = parseInt(r.slice(t * 2, t * 2 + 2), 16);
   return e;
 }
-function Je(r) {
-  const { proof: e, pinnedServerPubkey: t, now: n } = r, s = r.maxLifetimeSecs ?? qe, i = E(t).toLowerCase();
-  if (i.length !== R || !S.test(i))
-    throw new g(
-      `pinnedServerPubkey must be 32-byte hex; got ${i.length} chars`,
+function dt(r) {
+  const { proof: e, pinnedServerPubkey: t, now: n } = r, i = r.maxLifetimeSecs ?? ut, s = V(t).toLowerCase();
+  if (s.length !== R || !S.test(s))
+    throw new y(
+      `pinnedServerPubkey must be 32-byte hex; got ${s.length} chars`,
       "invalid_pubkey_encoding"
     );
-  const o = E(e.server_pubkey).toLowerCase();
+  const o = V(e.server_pubkey).toLowerCase();
   if (o.length !== R || !S.test(o))
-    throw new g(
+    throw new y(
       `server_pubkey must be 32-byte hex; got ${o.length} chars`,
       "invalid_pubkey_encoding"
     );
-  if (o !== i)
-    throw new g(
-      `server_pubkey does not match pinned value: expected ${i}, got ${o}`,
+  if (o !== s)
+    throw new y(
+      `server_pubkey does not match pinned value: expected ${s}, got ${o}`,
       "pinned_pubkey_mismatch"
     );
   if (!Number.isSafeInteger(e.expires_at))
-    throw new g(
+    throw new y(
       `expires_at must be a finite integer; got ${JSON.stringify(e.expires_at)}`,
       "invalid_expires_at"
     );
   if (!Number.isSafeInteger(n))
-    throw new g(
+    throw new y(
       `now must be a finite integer; got ${JSON.stringify(n)}`,
       "invalid_expires_at"
     );
   if (e.expires_at <= n)
-    throw new g(
+    throw new y(
       `server identity proof expired at ${e.expires_at}, now ${n}`,
       "expired"
     );
-  if (!Number.isSafeInteger(s) || s <= 0)
-    throw new g(
-      `maxLifetimeSecs must be a positive safe integer; got ${JSON.stringify(s)}`,
+  if (!Number.isSafeInteger(i) || i <= 0)
+    throw new y(
+      `maxLifetimeSecs must be a positive safe integer; got ${JSON.stringify(i)}`,
       "invalid_max_lifetime"
     );
-  if (e.expires_at - n > s)
-    throw new g(
-      `server identity proof expires too far in the future: expires_at=${e.expires_at}, now=${n}, max lifetime=${s}s`,
+  if (e.expires_at - n > i)
+    throw new y(
+      `server identity proof expires too far in the future: expires_at=${e.expires_at}, now=${n}, max lifetime=${i}s`,
       "expires_too_far"
     );
-  const c = E(e.ephemeral_pubkey).toLowerCase();
-  if (c.length !== j || !S.test(c))
-    throw new g(
+  const c = V(e.ephemeral_pubkey).toLowerCase();
+  if (c.length !== D || !S.test(c))
+    throw new y(
       `ephemeral_pubkey must be 33-byte compressed hex; got ${c.length} chars`,
       "invalid_ephemeral_pubkey"
     );
-  const u = c.slice(0, 2);
-  if (u !== "02" && u !== "03")
-    throw new g(
-      `ephemeral_pubkey must be compressed (prefix 02/03); got ${u}`,
+  const d = c.slice(0, 2);
+  if (d !== "02" && d !== "03")
+    throw new y(
+      `ephemeral_pubkey must be compressed (prefix 02/03); got ${d}`,
       "invalid_ephemeral_pubkey"
     );
-  const d = I(c);
-  if (!F.isPoint(d))
-    throw new g(
+  const u = G(c);
+  if (!H.isPoint(u))
+    throw new y(
       "ephemeral_pubkey is not a valid secp256k1 point",
       "invalid_ephemeral_pubkey"
     );
-  const f = E(e.signature).toLowerCase();
-  if (f.length !== we || !S.test(f))
-    throw new g(
-      `signature must be 64-byte Schnorr hex; got ${f.length} chars`,
+  const g = V(e.signature).toLowerCase();
+  if (g.length !== Ne || !S.test(g))
+    throw new y(
+      `signature must be 64-byte Schnorr hex; got ${g.length} chars`,
       "invalid_signature_encoding"
     );
-  const w = Ke(
-    Xe,
-    I(c),
+  const m = ct(
+    lt,
+    G(c),
     e.expires_at
   );
-  if (!Le(w, I(o), I(f)))
-    throw new g(
+  if (!at(m, G(o), G(g)))
+    throw new y(
       "BIP-322 signature verification failed — ephemeral key is not attested by pinned server pubkey",
       "signature_verification_failed"
     );
 }
-const ee = /* @__PURE__ */ new Set([
+const oe = /* @__PURE__ */ new Set([
   "vaultProvider_submitDepositorWotsKey",
   "vaultProvider_submitDepositorPresignatures",
   "vaultProvider_requestDepositorPresignTransactions"
-]), te = /* @__PURE__ */ new Set([
+]), ae = /* @__PURE__ */ new Set([
   "vaultProvider_requestDepositorClaimerArtifacts"
-]), ze = 6e4, M = "auth_createDepositorToken", U = "auth_createDepositorTokenGrpc";
-function de(r, e) {
-  return new ne({
+]), ht = 6e4, W = "auth_createDepositorToken", Y = "auth_createDepositorTokenGrpc";
+function ke(r, e) {
+  return new _e({
     baseUrl: r,
-    timeout: ze,
+    timeout: ht,
     headers: e,
-    retryableFor: (t) => t === M || t === U
+    retryableFor: (t) => t === W || t === Y
   });
 }
-const re = 4102444800, We = 30;
-class Ye {
+const pt = 0, gt = 1, F = 2, ft = 3, _t = 4, mt = 5, yt = 6, bt = 7, ce = 24, wt = 28, xt = 20, At = 21, Pt = 22, le = 256;
+class P extends Error {
+  constructor(e) {
+    super(`CBOR decode: ${e}`), this.name = "CborDecodeError";
+  }
+}
+class Ee {
+  constructor(e) {
+    f(this, "buf");
+    /** Current read offset. Public so callers can slice encoded sub-ranges. */
+    f(this, "pos", 0);
+    this.buf = e;
+  }
+  nextByte() {
+    if (this.pos >= this.buf.length)
+      throw new P("unexpected end of input");
+    return this.buf[this.pos++];
+  }
+  /**
+   * Read an initial byte and its argument. Rejects indefinite-length
+   * and reserved additional-info encodings. Arguments wider than
+   * {@link Number.MAX_SAFE_INTEGER} are rejected — none of the token's
+   * lengths, tags, or timestamps approach that bound.
+   */
+  readHead() {
+    const e = this.nextByte(), t = e >> 5, n = e & 31;
+    if (n < ce)
+      return { major: t, arg: n };
+    if (n >= wt)
+      throw new P(
+        `unsupported additional info ${n} (indefinite-length or reserved)`
+      );
+    const i = 1 << n - ce;
+    let s = 0n;
+    for (let o = 0; o < i; o++)
+      s = s << 8n | BigInt(this.nextByte());
+    if (s > BigInt(Number.MAX_SAFE_INTEGER))
+      throw new P(`argument ${s} exceeds safe integer range`);
+    return { major: t, arg: Number(s) };
+  }
+  /** Read `length` raw bytes as a sub-array view into the backing buffer. */
+  readBytes(e) {
+    if (this.pos + e > this.buf.length)
+      throw new P("length overruns end of input");
+    const t = this.buf.subarray(this.pos, this.pos + e);
+    return this.pos += e, t;
+  }
+  /**
+   * Read a byte string (major type 2), returning its content bytes.
+   * Throws if the next item is not a byte string.
+   */
+  readByteString() {
+    const e = this.readHead();
+    if (e.major !== F)
+      throw new P(
+        `expected byte string (major ${F}), got major ${e.major}`
+      );
+    return this.readBytes(e.arg);
+  }
+  /**
+   * Read the next complete data item as a decoded {@link CborValue}.
+   *
+   * `depth` tracks the current nesting level so a deeply-nested blob is
+   * rejected with a {@link CborDecodeError} rather than overflowing the
+   * native call stack (see {@link MAX_NESTING_DEPTH}).
+   */
+  readValue(e = 0) {
+    if (e > le)
+      throw new P(
+        `nesting exceeds maximum depth ${le}`
+      );
+    const t = this.readHead();
+    switch (t.major) {
+      case pt:
+        return t.arg;
+      case gt:
+        return -1 - t.arg;
+      case F:
+        return this.readBytes(t.arg);
+      case ft:
+        return new TextDecoder("utf-8", { fatal: !0 }).decode(
+          this.readBytes(t.arg)
+        );
+      case _t: {
+        const n = [];
+        for (let i = 0; i < t.arg; i++)
+          n.push(this.readValue(e + 1));
+        return n;
+      }
+      case mt: {
+        const n = /* @__PURE__ */ new Map();
+        for (let i = 0; i < t.arg; i++) {
+          const s = this.readValue(e + 1), o = this.readValue(e + 1);
+          n.set(s, o);
+        }
+        return n;
+      }
+      case yt:
+        return { tag: t.arg, value: this.readValue(e + 1) };
+      case bt:
+        if (t.arg === xt) return !1;
+        if (t.arg === At) return !0;
+        if (t.arg === Pt) return null;
+        throw new P(
+          `unsupported simple/float value ${t.arg}`
+        );
+      default:
+        throw new P(`unsupported major type ${t.major}`);
+    }
+  }
+}
+function Se(r) {
+  const e = new Ee(r), t = e.readValue();
+  if (e.pos !== r.length)
+    throw new P("trailing bytes after top-level item");
+  return t;
+}
+const vt = "vaultd-jsonrpc", kt = "vaultd-grpc", ue = 18, z = 4, de = -47, Et = 1, he = 64, St = 128, Tt = 96, Ct = 64, $t = 1, It = 2, Vt = 3, Rt = 4, Ot = 5, Bt = 6, Nt = 7, pe = new TextEncoder().encode("Signature1");
+class h extends Error {
+  constructor(e, t) {
+    super(e), this.reason = t, this.name = "CwtVerificationError";
+  }
+}
+function Gt(r) {
+  const e = ge(
+    r.expectedIssuerXOnlyPubkey,
+    "expectedIssuerXOnlyPubkey"
+  ), t = ge(
+    r.expectedAudienceXOnlyPubkey,
+    "expectedAudienceXOnlyPubkey"
+  ), n = Lt(r.ephemeralPubkeyHex), i = Xt(r.token), s = new Ee(i), o = s.readHead();
+  if (o.major !== 6 || o.arg !== ue)
+    throw new h(
+      `token is not a COSE Sign1 tagged value (tag ${ue})`,
+      "invalid_token_structure"
+    );
+  const c = s.readHead();
+  if (c.major !== 4 || c.arg !== z)
+    throw new h(
+      `COSE Sign1 must be a ${z}-element array`,
+      "invalid_token_structure"
+    );
+  const d = s.pos, u = s.readByteString(), g = i.subarray(d, s.pos);
+  s.readValue();
+  const m = s.pos, w = s.readByteString(), k = i.subarray(m, s.pos), T = s.readByteString();
+  if (T.length !== he)
+    throw new h(
+      `COSE signature must be ${he} bytes, got ${T.length}`,
+      "invalid_token_structure"
+    );
+  if (s.pos !== i.length)
+    throw new h(
+      "COSE Sign1 token has trailing bytes after the signature",
+      "invalid_token_structure"
+    );
+  const A = Dt(u);
+  if (A !== de)
+    throw new h(
+      `unexpected COSE algorithm ${A} (expected ES256K ${de})`,
+      "unexpected_algorithm"
+    );
+  const $ = Mt(g, k), _ = q($);
+  if (!H.verify(_, n, T, !0))
+    throw new h(
+      "COSE signature does not verify against the server's ephemeral key",
+      "signature_verification_failed"
+    );
+  const l = jt(w), E = l.audience.toLowerCase();
+  if (E.length !== R || !S.test(E))
+    throw new h(
+      "token `aud` is not a 32-byte x-only pubkey hex",
+      "invalid_claims"
+    );
+  if (l.issuedAt > l.expiresAt)
+    throw new h(
+      `token iat (${l.issuedAt}) is after exp (${l.expiresAt})`,
+      "invalid_claims"
+    );
+  if (l.issuer.toLowerCase() !== e)
+    throw new h(
+      `token issuer does not match pinned server pubkey: expected ${e}, got ${l.issuer.toLowerCase()}`,
+      "issuer_mismatch"
+    );
+  if (l.subject !== r.expectedSubject)
+    throw new h(
+      `token subject mismatch: expected ${r.expectedSubject}, got ${l.subject}`,
+      "subject_mismatch"
+    );
+  if (E !== t)
+    throw new h(
+      `token audience does not match depositor pubkey: expected ${t}, got ${E}`,
+      "audience_mismatch"
+    );
+  if (l.notBefore > r.now)
+    throw new h(
+      `token not yet valid: nbf ${l.notBefore} > now ${r.now}`,
+      "token_not_yet_valid"
+    );
+  if (l.issuedAt > r.now)
+    throw new h(
+      `token issued in the future: iat ${l.issuedAt} > now ${r.now}`,
+      "invalid_claims"
+    );
+  if (l.expiresAt <= r.now)
+    throw new h(
+      `token expired: exp ${l.expiresAt} <= now ${r.now}`,
+      "token_expired"
+    );
+  if (r.responseExpiresAt !== l.expiresAt)
+    throw new h(
+      `response expires_at (${r.responseExpiresAt}) does not equal token exp (${l.expiresAt})`,
+      "expiry_mismatch"
+    );
+  if (r.serverIdentityExpiresAt < l.expiresAt)
+    throw new h(
+      `server identity expires (${r.serverIdentityExpiresAt}) before token exp (${l.expiresAt})`,
+      "server_identity_expires_before_token"
+    );
+  return {
+    issuer: l.issuer,
+    subject: l.subject,
+    audience: E,
+    expiresAt: l.expiresAt,
+    notBefore: l.notBefore,
+    issuedAt: l.issuedAt
+  };
+}
+function Dt(r) {
+  if (r.length === 0)
+    throw new h(
+      "empty COSE protected header (no algorithm)",
+      "unexpected_algorithm"
+    );
+  const e = Se(r);
+  if (!(e instanceof Map))
+    throw new h(
+      "COSE protected header is not a map",
+      "invalid_token_structure"
+    );
+  const t = e.get(Et);
+  if (typeof t != "number")
+    throw new h(
+      "COSE protected header missing integer algorithm label",
+      "unexpected_algorithm"
+    );
+  return t;
+}
+function Mt(r, e) {
+  return Ft(
+    Uint8Array.of(St | z),
+    Uint8Array.of(Tt | pe.length),
+    pe,
+    r,
+    Uint8Array.of(Ct),
+    e
+  );
+}
+function jt(r) {
+  const e = Se(r);
+  if (!(e instanceof Map))
+    throw new h(
+      "CWT claims root is not a map",
+      "invalid_claims"
+    );
+  if (Ht(e, Nt, "cti").length === 0)
+    throw new h("token cti is empty", "invalid_claims");
+  return {
+    issuer: K(e, $t, "iss"),
+    subject: K(e, It, "sub"),
+    audience: K(e, Vt, "aud"),
+    expiresAt: J(e, Rt, "exp"),
+    notBefore: J(e, Ot, "nbf"),
+    issuedAt: J(e, Bt, "iat")
+  };
+}
+function K(r, e, t) {
+  const n = r.get(e);
+  if (typeof n != "string")
+    throw new h(
+      `token claim ${t} is missing or not a text string`,
+      "invalid_claims"
+    );
+  return n;
+}
+function Ht(r, e, t) {
+  const n = r.get(e);
+  if (!(n instanceof Uint8Array))
+    throw new h(
+      `token claim ${t} is missing or not a byte string`,
+      "invalid_claims"
+    );
+  return n;
+}
+function J(r, e, t) {
+  const n = r.get(e);
+  if (typeof n != "number" || !Number.isSafeInteger(n) || n < 0)
+    throw new h(
+      `token claim ${t} is missing or not a non-negative integer timestamp`,
+      "invalid_claims"
+    );
+  return n;
+}
+function ge(r, e) {
+  const t = V(r).toLowerCase();
+  if (t.length !== R || !S.test(t))
+    throw new h(
+      `${e} must be 32-byte x-only hex; got ${t.length} chars`,
+      "invalid_input"
+    );
+  return t;
+}
+function Lt(r) {
+  const e = V(r).toLowerCase(), t = e.slice(0, 2);
+  if (e.length !== D || !S.test(e) || t !== "02" && t !== "03")
+    throw new h(
+      "ephemeralPubkeyHex must be 33-byte compressed pubkey hex (prefix 02/03)",
+      "invalid_input"
+    );
+  return Ge(e);
+}
+const Ut = (() => {
+  const r = new Int16Array(128).fill(-1), e = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";
+  for (let t = 0; t < e.length; t++)
+    r[e.charCodeAt(t)] = t;
+  return r;
+})();
+function Xt(r) {
+  const e = r.length, t = Math.floor(e / 4), n = e % 4;
+  if (n === 1)
+    throw new h(
+      "invalid base64url length",
+      "invalid_token_structure"
+    );
+  const i = t * 3 + (n === 0 ? 0 : n - 1), s = new Uint8Array(i), o = (u) => {
+    const g = u < 128 ? Ut[u] : -1;
+    if (g < 0)
+      throw new h(
+        "invalid base64url character",
+        "invalid_token_structure"
+      );
+    return g;
+  };
+  let c = 0, d = 0;
+  for (let u = 0; u < t; u++) {
+    const g = o(r.charCodeAt(c++)), m = o(r.charCodeAt(c++)), w = o(r.charCodeAt(c++)), k = o(r.charCodeAt(c++));
+    s[d++] = g << 2 | m >> 4, s[d++] = (m & 15) << 4 | w >> 2, s[d++] = (w & 3) << 6 | k;
+  }
+  if (n === 2) {
+    const u = o(r.charCodeAt(c++)), g = o(r.charCodeAt(c++));
+    s[d++] = u << 2 | g >> 4;
+  } else if (n === 3) {
+    const u = o(r.charCodeAt(c++)), g = o(r.charCodeAt(c++)), m = o(r.charCodeAt(c++));
+    s[d++] = u << 2 | g >> 4, s[d++] = (g & 15) << 4 | m >> 2;
+  }
+  return s;
+}
+function Ft(...r) {
+  const e = r.reduce((i, s) => i + s.length, 0), t = new Uint8Array(e);
+  let n = 0;
+  for (const i of r)
+    t.set(i, n), n += i.length;
+  return t;
+}
+const fe = 4102444800, Kt = 30;
+class Jt {
   constructor(e) {
     // `client` is the only mutable field — see `setClient`. The
     // identity-bearing fields (peginTxid/authAnchorHex/pinnedServerPubkey)
     // remain readonly and are checked against re-registration in the
     // registry's `getOrCreate`.
-    p(this, "client");
-    p(this, "peginTxid");
-    p(this, "authAnchorHex");
-    p(this, "pinnedServerPubkey");
-    p(this, "authGatedMethods");
-    p(this, "grpcGatedMethods");
-    p(this, "refreshSkewSecs");
-    p(this, "now");
+    f(this, "client");
+    f(this, "peginTxid");
+    f(this, "authAnchorHex");
+    f(this, "pinnedServerPubkey");
+    f(this, "expectedAudienceXOnlyPubkey");
+    f(this, "authGatedMethods");
+    f(this, "grpcGatedMethods");
+    f(this, "refreshSkewSecs");
+    f(this, "now");
     /** Cached JSON-RPC-subject bearer (auth_createDepositorToken). */
-    p(this, "cachedJsonRpc", null);
-    p(this, "inFlightJsonRpc", null);
+    f(this, "cachedJsonRpc", null);
+    f(this, "inFlightJsonRpc", null);
     /** Cached gRPC-subject bearer (auth_createDepositorTokenGrpc). */
-    p(this, "cachedGrpc", null);
-    p(this, "inFlightGrpc", null);
-    this.client = e.client, this.peginTxid = e.peginTxid, this.authAnchorHex = e.authAnchorHex, this.pinnedServerPubkey = e.pinnedServerPubkey, this.authGatedMethods = e.authGatedMethods, this.grpcGatedMethods = e.grpcGatedMethods, this.refreshSkewSecs = e.refreshSkewSecs ?? We, this.now = e.now ?? (() => Math.floor(Date.now() / 1e3));
+    f(this, "cachedGrpc", null);
+    f(this, "inFlightGrpc", null);
+    this.client = e.client, this.peginTxid = e.peginTxid, this.authAnchorHex = e.authAnchorHex, this.pinnedServerPubkey = e.pinnedServerPubkey, this.expectedAudienceXOnlyPubkey = e.expectedAudienceXOnlyPubkey, this.authGatedMethods = e.authGatedMethods, this.grpcGatedMethods = e.grpcGatedMethods, this.refreshSkewSecs = e.refreshSkewSecs ?? Kt, this.now = e.now ?? (() => Math.floor(Date.now() / 1e3));
   }
   /**
    * Return a bearer token for `method`, or `null` if `method` is not
@@ -988,7 +1352,7 @@ class Ye {
    * deterministically.
    */
   async getToken(e) {
-    return e === M || e === U ? null : this.grpcGatedMethods.has(e) ? this.getTokenForSubject("grpc") : this.authGatedMethods.has(e) ? this.getTokenForSubject("jsonrpc") : null;
+    return e === W || e === Y ? null : this.grpcGatedMethods.has(e) ? this.getTokenForSubject("grpc") : this.authGatedMethods.has(e) ? this.getTokenForSubject("jsonrpc") : null;
   }
   /**
    * Drop both cached tokens. Next `getToken` call re-acquires the slot
@@ -1021,40 +1385,50 @@ class Ye {
   acquireSingleFlight(e) {
     const t = e === "grpc" ? this.inFlightGrpc : this.inFlightJsonRpc;
     if (t) return t;
-    const n = e === "grpc" ? U : M, s = (async () => {
+    const n = e === "grpc" ? Y : W, i = (async () => {
       try {
-        const i = await this.client.call(n, {
+        const s = await this.client.call(n, {
           pegin_txid: this.peginTxid,
           auth_anchor: this.authAnchorHex
         });
-        if (Je({
-          proof: i.server_identity,
+        if (dt({
+          proof: s.server_identity,
           pinnedServerPubkey: this.pinnedServerPubkey,
           now: this.now()
-        }), typeof i.token != "string" || i.token.length === 0)
+        }), typeof s.token != "string" || s.token.length === 0)
           throw new Error(
-            `VpTokenProvider: invalid token in acquire response (expected non-empty string, got ${typeof i.token})`
+            `VpTokenProvider: invalid token in acquire response (expected non-empty string, got ${typeof s.token})`
           );
         const o = this.now();
-        if (!Number.isSafeInteger(i.expires_at) || i.expires_at <= o || i.expires_at > re)
+        if (!Number.isSafeInteger(s.expires_at) || s.expires_at <= o || s.expires_at > fe)
           throw new Error(
-            `VpTokenProvider: invalid expires_at in acquire response (got ${JSON.stringify(i.expires_at)}; must be a safe integer in (${o}, ${re}])`
+            `VpTokenProvider: invalid expires_at in acquire response (got ${JSON.stringify(s.expires_at)}; must be a safe integer in (${o}, ${fe}])`
           );
+        Gt({
+          token: s.token,
+          ephemeralPubkeyHex: s.server_identity.ephemeral_pubkey,
+          expectedIssuerXOnlyPubkey: this.pinnedServerPubkey,
+          expectedSubject: e === "grpc" ? kt : vt,
+          expectedAudienceXOnlyPubkey: this.expectedAudienceXOnlyPubkey,
+          responseExpiresAt: s.expires_at,
+          serverIdentityExpiresAt: s.server_identity.expires_at,
+          now: o
+        });
         const c = {
-          token: i.token,
-          expiresAt: i.expires_at
+          token: s.token,
+          expiresAt: s.expires_at
         };
         return e === "grpc" ? this.cachedGrpc = c : this.cachedJsonRpc = c, c;
       } finally {
         e === "grpc" ? this.inFlightGrpc = null : this.inFlightJsonRpc = null;
       }
     })();
-    return e === "grpc" ? this.inFlightGrpc = s : this.inFlightJsonRpc = s, s;
+    return e === "grpc" ? this.inFlightGrpc = i : this.inFlightJsonRpc = i, i;
   }
 }
-class Ze {
+class qt {
   constructor() {
-    p(this, "entries", /* @__PURE__ */ new Map());
+    f(this, "entries", /* @__PURE__ */ new Map());
   }
   /**
    * Return the cached `VpTokenProvider` for `peginTxid` if one exists
@@ -1075,26 +1449,32 @@ class Ze {
         throw new Error(
           `VpTokenRegistry: peginTxid ${e.peginTxid} already bound to pinnedServerPubkey ${n.pinnedServerPubkey.slice(0, 8)}…; got ${e.pinnedServerPubkey.slice(0, 8)}…`
         );
+      if (n.expectedAudienceXOnlyPubkey !== e.expectedAudienceXOnlyPubkey)
+        throw new Error(
+          `VpTokenRegistry: peginTxid ${e.peginTxid} already bound to expectedAudienceXOnlyPubkey ${n.expectedAudienceXOnlyPubkey.slice(0, 8)}…; got ${e.expectedAudienceXOnlyPubkey.slice(0, 8)}…`
+        );
       if (n.enableGrpcArtifactAuth !== t)
         throw new Error(
           `VpTokenRegistry: peginTxid ${e.peginTxid} already bound to enableGrpcArtifactAuth=${n.enableGrpcArtifactAuth}; got ${t}`
         );
       return n.provider.setClient(e.client), n.provider;
     }
-    const s = new Ye({
+    const i = new Jt({
       client: e.client,
       peginTxid: e.peginTxid,
       authAnchorHex: e.authAnchorHex,
       pinnedServerPubkey: e.pinnedServerPubkey,
-      authGatedMethods: t ? ee : /* @__PURE__ */ new Set([...ee, ...te]),
-      grpcGatedMethods: t ? te : /* @__PURE__ */ new Set()
+      expectedAudienceXOnlyPubkey: e.expectedAudienceXOnlyPubkey,
+      authGatedMethods: t ? oe : /* @__PURE__ */ new Set([...oe, ...ae]),
+      grpcGatedMethods: t ? ae : /* @__PURE__ */ new Set()
     });
     return this.entries.set(e.peginTxid, {
-      provider: s,
+      provider: i,
       authAnchorHex: e.authAnchorHex,
       pinnedServerPubkey: e.pinnedServerPubkey,
+      expectedAudienceXOnlyPubkey: e.expectedAudienceXOnlyPubkey,
       enableGrpcArtifactAuth: t
-    }), s;
+    }), i;
   }
   /** Return the cached provider, or `undefined` if none. */
   peek(e) {
@@ -1122,48 +1502,54 @@ class Ze {
     return this.entries.size;
   }
 }
-const pe = new Ze();
-function ft(r) {
+const Te = new qt();
+function dr(r) {
   var n;
-  const e = de(
+  const e = ke(
     r.baseUrl,
     (n = r.options) == null ? void 0 : n.headers
-  ), t = pe.getOrCreate({
+  ), t = Te.getOrCreate({
     client: e,
     peginTxid: r.peginTxid,
     authAnchorHex: r.authAnchorHex,
     pinnedServerPubkey: r.pinnedServerPubkey,
+    expectedAudienceXOnlyPubkey: me(
+      r.depositorBtcPubkey
+    ),
     enableGrpcArtifactAuth: r.enableGrpcArtifactAuth
   });
-  return new Be(r.baseUrl, {
+  return new tt(r.baseUrl, {
     ...r.options,
     tokenProvider: t
   });
 }
-function _t(r) {
-  pe.getOrCreate({
-    client: de(r.baseUrl, r.headers),
+function hr(r) {
+  Te.getOrCreate({
+    client: ke(r.baseUrl, r.headers),
     peginTxid: r.peginTxid,
     authAnchorHex: r.authAnchorHex,
     pinnedServerPubkey: r.pinnedServerPubkey,
+    expectedAudienceXOnlyPubkey: me(
+      r.depositorBtcPubkey
+    ),
     enableGrpcArtifactAuth: r.enableGrpcArtifactAuth
   });
 }
 export {
-  xe as O,
-  g as S,
-  Be as V,
+  Me as O,
+  y as S,
+  tt as V,
   a,
-  gt as b,
-  Je as c,
-  Ze as d,
-  pe as e,
-  ft as f,
-  dt as g,
-  ht as h,
-  pt as i,
-  _t as p,
-  ut as r,
-  Ve as v
+  ur as b,
+  dt as c,
+  qt as d,
+  Te as e,
+  dr as f,
+  ar as g,
+  lr as h,
+  cr as i,
+  hr as p,
+  or as r,
+  Je as v
 };
-//# sourceMappingURL=primeVpAuth-CZsFLrHX.js.map
+//# sourceMappingURL=primeVpAuth-BdrwraAe.js.map