@bitcoinerlab/descriptors-core 3.1.0

package/dist/miniscript.d.ts

@@ -0,0 +1,125 @@
+import type { ECPairAPILike, BIP32APILike } from './bitcoinLib';
+import { type Network } from './networks';
+import type { PartialSig } from './bip174';
+import type { Preimage, TimeConstraints, ExpansionMap } from './types';
+import type { BitcoinLib } from './bitcoinLib';
+/**
+ * Expand a miniscript to a generalized form using variables instead of key
+ * expressions. Variables will be of this form: @0, @1, ...
+ * This is done so that it can be compiled with compileMiniscript and
+ * satisfied with satisfier.
+ * Also compute pubkeys from descriptors to use them later.
+ */
+export declare function expandMiniscript({ miniscript, isSegwit, isTaproot, network, ECPair, BIP32 }: {
+    miniscript: string;
+    isSegwit: boolean;
+    isTaproot: boolean;
+    network?: Network;
+    ECPair: ECPairAPILike;
+    BIP32: BIP32APILike;
+}): {
+    expandedMiniscript: string;
+    expansionMap: ExpansionMap;
+};
+export declare function miniscript2Script({ expandedMiniscript, expansionMap, tapscript, scriptLib }: {
+    expandedMiniscript: string;
+    expansionMap: ExpansionMap;
+    tapscript?: boolean;
+    scriptLib: BitcoinLib['script'];
+}): Uint8Array;
+/**
+ * Assumptions:
+ * The attacker does not have access to any of the private keys of public keys
+ * that participate in the Script.
+ *
+ * The attacker only has access to hash preimages that honest users have access
+ * to as well.
+ *
+ * Pass timeConstraints to search for the first solution with this nLockTime and
+ * nSequence. Throw if no solution is possible using these constraints.
+ *
+ * Time constraints are used to keep the chosen satisfaction stable between the
+ * planning pass (fake signatures) and the signing pass (real signatures).
+ * We run the satisfier once with fake signatures to discover the implied
+ * nLockTime/nSequence without requiring user signatures. If real signatures
+ * had the same length, the satisfier would typically pick the same
+ * minimal-weight solution again. But ECDSA signature sizes can vary (71–73
+ * bytes), which may change which solution is considered "smallest".
+ *
+ * Passing the previously derived timeConstraints in the second pass forces the
+ * same solution to be selected, ensuring locktime/sequence do not change
+ * between planning and finalization.
+ *
+ * Don't pass timeConstraints (this is the default) if you want to get the
+ * smallest size solution altogether.
+ *
+ * If a solution is not found this function throws.
+ */
+export declare function satisfyMiniscript({ expandedMiniscript, expansionMap, signatures, preimages, timeConstraints, tapscript, scriptLib }: {
+    expandedMiniscript: string;
+    expansionMap: ExpansionMap;
+    signatures?: PartialSig[];
+    preimages?: Preimage[];
+    timeConstraints?: TimeConstraints;
+    tapscript?: boolean;
+    scriptLib: BitcoinLib['script'];
+}): {
+    scriptSatisfaction: Uint8Array;
+    nLockTime: number | undefined;
+    nSequence: number | undefined;
+};
+/**
+ *
+ * Use this function instead of bitcoinjs-lib's equivalent `script.number.encode`
+ * when encoding numbers to be compiled with `fromASM` to avoid problems.
+ *
+ * Motivation:
+ *
+ * Numbers in Bitcoin assembly code are represented in hex and in Little Endian.
+ * Decimal: 32766 - Big endian: 0x7FFE - Little Endian: 0xFE7F.
+ *
+ * This function takes an integer and encodes it so that bitcoinjs-lib `fromASM`
+ * can compile it. This is basically what bitcoinjs-lib's `script.number.encode`
+ * does.
+ *
+ * Note that `fromASM` already converts integers from 1 to 16 to
+ * OP_1 ... OP_16 {@link https://github.com/bitcoinjs/bitcoinjs-lib/blob/59b21162a2c4645c64271ca004c7a3755a3d72fb/src/script.js#L33 here}.
+ * This is done in Bitcoin to save some bits.
+ *
+ * Neither this function nor `script.number.encode` convert numbers to
+ * their op code equivalent since this is done later in `fromASM`.
+ *
+ * Both functions simply convert numbers to Little Endian.
+ *
+ * However, the `0` number is an edge case that we specially handle with this
+ * function.
+ *
+ * bitcoinjs-lib's `scriptLib.number.encode(0)` produces an empty array.
+ * This is what the Bitcoin interpreter does and it is what `script.number.encode` was
+ * implemented to do.
+ *
+ * The problem is `scriptLib.number.encode(0).toString('hex')` produces an
+ * empty string and thus it should not be used to serialize number zero before `fromASM`.
+ *
+ * A zero should produce the OP_0 ASM symbolic code (corresponding to a `0` when
+ * compiled).
+ *
+ * So, this function will produce a string in hex format in Little Endian
+ * encoding for integers not equal to `0` and it will return `OP_0` for `0`.
+ *
+ * Read more about the this {@link https://github.com/bitcoinjs/bitcoinjs-lib/issues/1799#issuecomment-1122591738 here}.
+ *
+ * Use it in combination with `fromASM` like this:
+ *
+ * ```javascript
+ * //To produce "0 1 OP_ADD":
+ * fromASM(
+ * `${numberEncodeAsm(0)} ${numberEncodeAsm(1)} OP_ADD`
+ *   .trim().replace(/\s+/g, ' ')
+ * )
+ * ```
+ *
+ * @param {number} number An integer.
+ * @returns {string} Returns `"OP_0"` for `number === 0` and a hex string representing other numbers in Little Endian encoding.
+ */
+export declare function numberEncodeAsm(number: number, scriptLib: BitcoinLib['script']): string;

package/dist/miniscript.js

@@ -0,0 +1,310 @@
+"use strict";
+// Copyright (c) 2023 Jose-Luis Landabaso - https://bitcoinerlab.com
+// Distributed under the MIT software license
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.expandMiniscript = expandMiniscript;
+exports.miniscript2Script = miniscript2Script;
+exports.satisfyMiniscript = satisfyMiniscript;
+exports.numberEncodeAsm = numberEncodeAsm;
+const keyExpressions_1 = require("./keyExpressions");
+const networks_1 = require("./networks");
+const RE = __importStar(require("./re"));
+const miniscript_1 = require("@bitcoinerlab/miniscript");
+const uint8array_tools_1 = require("uint8array-tools");
+const crypto_1 = require("./crypto");
+/**
+ * Expand a miniscript to a generalized form using variables instead of key
+ * expressions. Variables will be of this form: @0, @1, ...
+ * This is done so that it can be compiled with compileMiniscript and
+ * satisfied with satisfier.
+ * Also compute pubkeys from descriptors to use them later.
+ */
+function expandMiniscript({ miniscript, isSegwit, isTaproot, network = networks_1.networks.bitcoin, ECPair, BIP32 }) {
+    const reKeyExp = isTaproot
+        ? RE.reTaprootKeyExp
+        : isSegwit
+            ? RE.reSegwitKeyExp
+            : RE.reNonSegwitKeyExp;
+    const expansionMap = {};
+    let keyIndex = 0;
+    const keyExpressionRegex = new RegExp(String.raw `^${reKeyExp}$`);
+    const replaceKeyExpression = (keyExpression) => {
+        const trimmed = keyExpression.trim();
+        if (!trimmed)
+            throw new Error(`Error: expected a keyExpression but got ${keyExpression}`);
+        if (!keyExpressionRegex.test(trimmed))
+            throw new Error(`Error: expected a keyExpression but got ${trimmed}`);
+        const key = `@${keyIndex}`;
+        keyIndex += 1;
+        expansionMap[key] = (0, keyExpressions_1.parseKeyExpression)({
+            keyExpression: trimmed,
+            isSegwit,
+            isTaproot,
+            network,
+            ECPair,
+            BIP32
+        });
+        return key;
+    };
+    // These are the Miniscript fragments where key arguments are expected.
+    // We only replace key expressions inside these fragments to avoid confusing
+    // hash preimages (e.g. sha256(03...)) with keys.
+    //
+    // Note: sorted script expressions (`sortedmulti`, `sortedmulti_a`) are
+    // intentionally excluded here. They are descriptor-level expressions (not
+    // Miniscript fragments) and are handled in descriptor/tap-tree code paths
+    // before Miniscript compilation.
+    const keyBearingFragmentRegex = /\b(pk|pkh|multi_a|multi)\(([^()]*)\)/g;
+    const expandedMiniscript = miniscript.replace(keyBearingFragmentRegex, (_, name, inner) => {
+        if (name === 'pk' || name === 'pkh')
+            return `${name}(${replaceKeyExpression(inner)})`;
+        //now do *multi* which has arguments:
+        const parts = inner.split(',').map(part => part.trim());
+        if (parts.length < 2)
+            throw new Error(`Error: invalid miniscript ${miniscript} (missing keys)`);
+        const k = parts[0] ?? '';
+        if (!k)
+            throw new Error(`Error: invalid miniscript ${miniscript} (missing threshold)`);
+        const replacedKeys = parts
+            .slice(1)
+            .map(keyExpression => replaceKeyExpression(keyExpression));
+        return `${name}(${[k, ...replacedKeys].join(',')})`;
+    });
+    //Do some assertions. Miniscript must not have duplicate keys, also all
+    //keyExpressions must produce a valid pubkey (unless it's ranged and we want
+    //to expand a generalized form, then we don't check)
+    const pubkeysHex = Object.values(expansionMap)
+        .filter(keyInfo => keyInfo.keyExpression.indexOf('*') === -1)
+        .map(keyInfo => {
+        if (!keyInfo.pubkey)
+            throw new Error(`Error: keyExpression ${keyInfo.keyExpression} does not have a pubkey`);
+        return (0, uint8array_tools_1.toHex)(keyInfo.pubkey);
+    });
+    if (new Set(pubkeysHex).size !== pubkeysHex.length) {
+        throw new Error(`Error: miniscript ${miniscript} is not sane: contains duplicate public keys.`);
+    }
+    return { expandedMiniscript, expansionMap };
+}
+/**
+ * Particularize an expanded ASM expression using the variables in
+ * expansionMap.
+ * This is the kind of the opposite to what expandMiniscript does.
+ * Signatures and preimages are already subsituted by the satisfier calling
+ * this function.
+ */
+function substituteAsm({ expandedAsm, expansionMap, scriptLib }) {
+    //Replace back variables into the pubkeys previously computed.
+    let asm = Object.keys(expansionMap).reduce((accAsm, key) => {
+        const pubkey = expansionMap[key]?.pubkey;
+        if (!pubkey) {
+            throw new Error(`Error: invalid expansionMap for ${key}`);
+        }
+        return accAsm
+            .replaceAll(`<${key}>`, `<${(0, uint8array_tools_1.toHex)(pubkey)}>`)
+            .replaceAll(`<HASH160(${key})>`, `<${(0, uint8array_tools_1.toHex)((0, crypto_1.hash160)(pubkey))}>`);
+    }, expandedAsm);
+    //Now clean it and prepare it so that fromASM can be called:
+    asm = asm
+        .trim()
+        //Replace one or more consecutive whitespace characters (spaces, tabs,
+        //or line breaks) with a single space.
+        .replace(/\s+/g, ' ')
+        //Now encode numbers to little endian hex. Note that numbers are not
+        //enclosed in <>, since <> represents hex code already encoded.
+        //The regex below will match one or more digits within a string,
+        //except if the sequence is surrounded by "<" and ">"
+        .replace(/(<\d+>)|\b\d+\b/g, match => match.startsWith('<') ? match : numberEncodeAsm(Number(match), scriptLib))
+        //we don't have numbers anymore, now it's safe to remove < and > since we
+        //know that every remaining is either an op_code or a hex encoded number
+        .replace(/[<>]/g, '');
+    return asm;
+}
+function miniscript2Script({ expandedMiniscript, expansionMap, tapscript = false, scriptLib }) {
+    const compiled = (0, miniscript_1.compileMiniscript)(expandedMiniscript, { tapscript });
+    if (compiled.issane !== true) {
+        throw new Error(`Error: Miniscript ${expandedMiniscript} is not sane`);
+    }
+    return scriptLib.fromASM(substituteAsm({
+        expandedAsm: compiled.asm,
+        expansionMap,
+        scriptLib
+    }));
+}
+/**
+ * Assumptions:
+ * The attacker does not have access to any of the private keys of public keys
+ * that participate in the Script.
+ *
+ * The attacker only has access to hash preimages that honest users have access
+ * to as well.
+ *
+ * Pass timeConstraints to search for the first solution with this nLockTime and
+ * nSequence. Throw if no solution is possible using these constraints.
+ *
+ * Time constraints are used to keep the chosen satisfaction stable between the
+ * planning pass (fake signatures) and the signing pass (real signatures).
+ * We run the satisfier once with fake signatures to discover the implied
+ * nLockTime/nSequence without requiring user signatures. If real signatures
+ * had the same length, the satisfier would typically pick the same
+ * minimal-weight solution again. But ECDSA signature sizes can vary (71–73
+ * bytes), which may change which solution is considered "smallest".
+ *
+ * Passing the previously derived timeConstraints in the second pass forces the
+ * same solution to be selected, ensuring locktime/sequence do not change
+ * between planning and finalization.
+ *
+ * Don't pass timeConstraints (this is the default) if you want to get the
+ * smallest size solution altogether.
+ *
+ * If a solution is not found this function throws.
+ */
+function satisfyMiniscript({ expandedMiniscript, expansionMap, signatures = [], preimages = [], timeConstraints, tapscript = false, scriptLib }) {
+    //convert 'sha256(6c...33)' to: { ['<sha256_preimage(6c...33)>']: '10...5f'}
+    const preimageMap = {};
+    preimages.forEach(preimage => {
+        preimageMap['<' + preimage.digest.replace('(', '_preimage(') + '>'] =
+            '<' + preimage.preimage + '>';
+    });
+    //convert the pubkeys in signatures into [{['<sig(@0)>']: '30450221'}, ...]
+    //get the keyExpressions: @0, @1 from the keys in expansionMap
+    const expandedSignatureMap = {};
+    signatures.forEach(signature => {
+        const pubkeyHex = (0, uint8array_tools_1.toHex)(signature.pubkey);
+        const keyExpression = Object.keys(expansionMap).find(k => expansionMap[k]?.pubkey && (0, uint8array_tools_1.toHex)(expansionMap[k].pubkey) === pubkeyHex);
+        expandedSignatureMap['<sig(' + keyExpression + ')>'] =
+            '<' + (0, uint8array_tools_1.toHex)(signature.signature) + '>';
+    });
+    const expandedKnownsMap = { ...preimageMap, ...expandedSignatureMap };
+    const knowns = Object.keys(expandedKnownsMap);
+    //satisfier verifies again internally whether expandedKnownsMap with given knowns is sane
+    const { nonMalleableSats } = (0, miniscript_1.satisfier)(expandedMiniscript, {
+        knowns,
+        tapscript
+    });
+    if (!Array.isArray(nonMalleableSats) || !nonMalleableSats[0])
+        throw new Error(`Error: unresolvable miniscript ${expandedMiniscript}`);
+    let sat;
+    if (!timeConstraints) {
+        sat = nonMalleableSats[0];
+    }
+    else {
+        sat = nonMalleableSats.find(nonMalleableSat => nonMalleableSat.nSequence === timeConstraints.nSequence &&
+            nonMalleableSat.nLockTime === timeConstraints.nLockTime);
+        if (sat === undefined) {
+            throw new Error(`Error: unresolvable miniscript ${expandedMiniscript}. Could not find solutions for sequence ${timeConstraints.nSequence} & locktime=${timeConstraints.nLockTime}. Signatures are applied to a hash that depends on sequence and locktime. Did you provide all the signatures wrt the signers keys declared and include all preimages?`);
+        }
+    }
+    //substitute signatures and preimages:
+    let expandedAsm = sat.asm;
+    //replace in expandedAsm all the <sig(@0)> and <sha256_preimage(6c...33)>
+    //to <304...01> and <107...5f> ...
+    for (const search in expandedKnownsMap) {
+        const replace = expandedKnownsMap[search];
+        if (!replace || replace === '<>')
+            throw new Error(`Error: invalid expandedKnownsMap`);
+        expandedAsm = expandedAsm.replaceAll(search, replace);
+    }
+    const scriptSatisfaction = scriptLib.fromASM(substituteAsm({ expandedAsm, expansionMap, scriptLib }));
+    return {
+        scriptSatisfaction,
+        nLockTime: sat.nLockTime,
+        nSequence: sat.nSequence
+    };
+}
+/**
+ *
+ * Use this function instead of bitcoinjs-lib's equivalent `script.number.encode`
+ * when encoding numbers to be compiled with `fromASM` to avoid problems.
+ *
+ * Motivation:
+ *
+ * Numbers in Bitcoin assembly code are represented in hex and in Little Endian.
+ * Decimal: 32766 - Big endian: 0x7FFE - Little Endian: 0xFE7F.
+ *
+ * This function takes an integer and encodes it so that bitcoinjs-lib `fromASM`
+ * can compile it. This is basically what bitcoinjs-lib's `script.number.encode`
+ * does.
+ *
+ * Note that `fromASM` already converts integers from 1 to 16 to
+ * OP_1 ... OP_16 {@link https://github.com/bitcoinjs/bitcoinjs-lib/blob/59b21162a2c4645c64271ca004c7a3755a3d72fb/src/script.js#L33 here}.
+ * This is done in Bitcoin to save some bits.
+ *
+ * Neither this function nor `script.number.encode` convert numbers to
+ * their op code equivalent since this is done later in `fromASM`.
+ *
+ * Both functions simply convert numbers to Little Endian.
+ *
+ * However, the `0` number is an edge case that we specially handle with this
+ * function.
+ *
+ * bitcoinjs-lib's `scriptLib.number.encode(0)` produces an empty array.
+ * This is what the Bitcoin interpreter does and it is what `script.number.encode` was
+ * implemented to do.
+ *
+ * The problem is `scriptLib.number.encode(0).toString('hex')` produces an
+ * empty string and thus it should not be used to serialize number zero before `fromASM`.
+ *
+ * A zero should produce the OP_0 ASM symbolic code (corresponding to a `0` when
+ * compiled).
+ *
+ * So, this function will produce a string in hex format in Little Endian
+ * encoding for integers not equal to `0` and it will return `OP_0` for `0`.
+ *
+ * Read more about the this {@link https://github.com/bitcoinjs/bitcoinjs-lib/issues/1799#issuecomment-1122591738 here}.
+ *
+ * Use it in combination with `fromASM` like this:
+ *
+ * ```javascript
+ * //To produce "0 1 OP_ADD":
+ * fromASM(
+ * `${numberEncodeAsm(0)} ${numberEncodeAsm(1)} OP_ADD`
+ *   .trim().replace(/\s+/g, ' ')
+ * )
+ * ```
+ *
+ * @param {number} number An integer.
+ * @returns {string} Returns `"OP_0"` for `number === 0` and a hex string representing other numbers in Little Endian encoding.
+ */
+function numberEncodeAsm(number, scriptLib) {
+    if (Number.isSafeInteger(number) === false) {
+        throw new Error(`Error: invalid number ${number}`);
+    }
+    if (number === 0) {
+        return 'OP_0';
+    }
+    else
+        return (0, uint8array_tools_1.toHex)(scriptLib.number.encode(number));
+}

package/dist/multipath.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Resolves all multipath tuple segments (for example `/<0;1>/*`) in lockstep
+ * using the provided `change` value.
+ *
+ * - `/**` is first canonicalized to `/<0;1>/*`.
+ * - All tuples in the descriptor must have the same cardinality.
+ * - Tuple values must be strictly increasing decimal numbers.
+ * - `change` must match one of the values in each tuple.
+ */
+export declare function resolveMultipathDescriptor({ descriptor, change }: {
+    descriptor: string;
+    change?: number;
+}): string;

package/dist/multipath.js

@@ -0,0 +1,76 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolveMultipathDescriptor = resolveMultipathDescriptor;
+/**
+ * Replaces the receive/change shorthand `/**` with its canonical multipath
+ * representation `/<0;1>/*`.
+ */
+function expandReceiveChangeShorthand(descriptor) {
+    return descriptor.replace(/\/\*\*/g, '/<0;1>/*');
+}
+/**
+ * Parses a multipath tuple body from `<...>`.
+ *
+ * This implementation intentionally accepts only decimal numbers (no hardened
+ * suffixes) and enforces strict left-to-right increase as a safety feature to
+ * catch likely human errors such as `<1;0>`.
+ */
+function parseMultipathTuple(tupleBody) {
+    const parts = tupleBody.split(';');
+    if (parts.length < 2)
+        throw new Error(`Error: multipath tuple must contain at least 2 values, got <${tupleBody}>`);
+    const values = parts.map(part => {
+        if (!/^(0|[1-9]\d*)$/.test(part))
+            throw new Error(`Error: multipath tuple values must be decimal numbers, got <${tupleBody}>`);
+        const value = Number(part);
+        if (!Number.isSafeInteger(value))
+            throw new Error(`Error: multipath tuple value overflow, got <${tupleBody}>`);
+        return value;
+    });
+    for (let i = 1; i < values.length; i++) {
+        const prev = values[i - 1];
+        const current = values[i];
+        if (prev === undefined || current === undefined)
+            throw new Error(`Error: invalid multipath tuple <${tupleBody}>`);
+        if (current <= prev)
+            throw new Error(`Error: multipath tuple values must be strictly increasing from left to right, got <${tupleBody}>`);
+    }
+    return values;
+}
+/**
+ * Resolves all multipath tuple segments (for example `/<0;1>/*`) in lockstep
+ * using the provided `change` value.
+ *
+ * - `/**` is first canonicalized to `/<0;1>/*`.
+ * - All tuples in the descriptor must have the same cardinality.
+ * - Tuple values must be strictly increasing decimal numbers.
+ * - `change` must match one of the values in each tuple.
+ */
+function resolveMultipathDescriptor({ descriptor, change }) {
+    const canonicalDescriptor = expandReceiveChangeShorthand(descriptor);
+    const tupleMatches = Array.from(canonicalDescriptor.matchAll(/\/<([^<>]+)>/g), match => ({
+        token: match[0],
+        tupleBody: match[1],
+        values: parseMultipathTuple(match[1])
+    }));
+    if (tupleMatches.length === 0)
+        return canonicalDescriptor;
+    if (change === undefined)
+        throw new Error(`Error: change was not provided for multipath descriptor`);
+    if (!Number.isInteger(change) || change < 0)
+        throw new Error(`Error: invalid change ${change}`);
+    const tupleSize = tupleMatches[0]?.values.length;
+    if (!tupleSize)
+        throw new Error(`Error: invalid multipath tuple`);
+    for (const tupleMatch of tupleMatches) {
+        if (tupleMatch.values.length !== tupleSize)
+            throw new Error(`Error: all multipath tuples must have the same number of options`);
+    }
+    let resolvedDescriptor = canonicalDescriptor;
+    for (const tupleMatch of tupleMatches) {
+        if (!tupleMatch.values.includes(change))
+            throw new Error(`Error: change ${change} not found in multipath tuple <${tupleMatch.tupleBody}>`);
+        resolvedDescriptor = resolvedDescriptor.replaceAll(tupleMatch.token, `/${change}`);
+    }
+    return resolvedDescriptor;
+}

package/dist/networkUtils.d.ts

@@ -0,0 +1,3 @@
+import { type Network } from './networks';
+export declare function isBitcoinMainnet(network: Network): boolean;
+export declare function coinTypeFromNetwork(network: Network): 0 | 1;

package/dist/networkUtils.js

@@ -0,0 +1,16 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isBitcoinMainnet = isBitcoinMainnet;
+exports.coinTypeFromNetwork = coinTypeFromNetwork;
+const networks_1 = require("./networks");
+function isBitcoinMainnet(network) {
+    return (network.bech32 === networks_1.networks.bitcoin.bech32 &&
+        network.bip32.public === networks_1.networks.bitcoin.bip32.public &&
+        network.bip32.private === networks_1.networks.bitcoin.bip32.private &&
+        network.pubKeyHash === networks_1.networks.bitcoin.pubKeyHash &&
+        network.scriptHash === networks_1.networks.bitcoin.scriptHash &&
+        network.wif === networks_1.networks.bitcoin.wif);
+}
+function coinTypeFromNetwork(network) {
+    return isBitcoinMainnet(network) ? 0 : 1;
+}

package/dist/networks.d.ts

@@ -0,0 +1,16 @@
+export interface Network {
+    messagePrefix: string;
+    bech32: string;
+    bip32: {
+        public: number;
+        private: number;
+    };
+    pubKeyHash: number;
+    scriptHash: number;
+    wif: number;
+}
+export declare const networks: {
+    bitcoin: Network;
+    testnet: Network;
+    regtest: Network;
+};

package/dist/networks.js

@@ -0,0 +1,31 @@
+"use strict";
+// Copyright (c) 2026 Jose-Luis Landabaso - https://bitcoinerlab.com
+// Distributed under the MIT software license
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.networks = void 0;
+exports.networks = {
+    bitcoin: {
+        messagePrefix: '\x18Bitcoin Signed Message:\n',
+        bech32: 'bc',
+        bip32: { public: 0x0488b21e, private: 0x0488ade4 },
+        pubKeyHash: 0x00,
+        scriptHash: 0x05,
+        wif: 0x80
+    },
+    testnet: {
+        messagePrefix: '\x18Bitcoin Signed Message:\n',
+        bech32: 'tb',
+        bip32: { public: 0x043587cf, private: 0x04358394 },
+        pubKeyHash: 0x6f,
+        scriptHash: 0xc4,
+        wif: 0xef
+    },
+    regtest: {
+        messagePrefix: '\x18Bitcoin Signed Message:\n',
+        bech32: 'bcrt',
+        bip32: { public: 0x043587cf, private: 0x04358394 },
+        pubKeyHash: 0x6f,
+        scriptHash: 0xc4,
+        wif: 0xef
+    }
+};

package/dist/parseUtils.d.ts

@@ -0,0 +1,7 @@
+export declare function splitTopLevelComma({ expression, onError }: {
+    expression: string;
+    onError: (expression: string) => Error;
+}): {
+    left: string;
+    right: string;
+} | null;

package/dist/parseUtils.js

@@ -0,0 +1,46 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.splitTopLevelComma = splitTopLevelComma;
+function splitTopLevelComma({ expression, onError }) {
+    let braceDepth = 0;
+    let parenDepth = 0;
+    let commaIndex = -1;
+    for (let i = 0; i < expression.length; i++) {
+        const char = expression[i];
+        if (!char)
+            continue;
+        if (char === '{') {
+            braceDepth++;
+        }
+        else if (char === '}') {
+            if (braceDepth === 0)
+                throw onError(expression);
+            braceDepth--;
+        }
+        else if (char === '(') {
+            //Track miniscript argument lists so we don't split on commas inside them.
+            parenDepth++;
+        }
+        else if (char === ')') {
+            if (parenDepth === 0)
+                throw onError(expression);
+            parenDepth--;
+        }
+        else if (char === ',') {
+            if (braceDepth === 0 && parenDepth === 0) {
+                if (commaIndex !== -1)
+                    throw onError(expression);
+                commaIndex = i;
+            }
+        }
+    }
+    if (braceDepth !== 0 || parenDepth !== 0)
+        throw onError(expression);
+    if (commaIndex === -1)
+        return null;
+    const left = expression.slice(0, commaIndex).trim();
+    const right = expression.slice(commaIndex + 1).trim();
+    if (!left || !right)
+        throw onError(expression);
+    return { left, right };
+}