@bitcoinerlab/descriptors-core 3.1.0

package/dist/descriptors.js

@@ -0,0 +1,1888 @@
+"use strict";
+// Copyright (c) 2026 Jose-Luis Landabaso - https://bitcoinerlab.com
+// Distributed under the MIT software license
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
+    if (kind === "m") throw new TypeError("Private method is not writable");
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
+    return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
+};
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DescriptorsFactory = DescriptorsFactory;
+const lodash_memoize_1 = __importDefault(require("lodash.memoize")); //TODO: make sure this is propoely used
+const bitcoinjs_lib_internals_1 = require("./bitcoinjs-lib-internals");
+const varuint_bitcoin_1 = require("varuint-bitcoin");
+const uint8array_tools_1 = require("uint8array-tools");
+const psbt_1 = require("./psbt");
+const checksum_1 = require("./checksum");
+const networks_1 = require("./networks");
+const keyExpressions_1 = require("./keyExpressions");
+const RE = __importStar(require("./re"));
+const miniscript_1 = require("./miniscript");
+const tapTree_1 = require("./tapTree");
+const tapMiniscript_1 = require("./tapMiniscript");
+const parseUtils_1 = require("./parseUtils");
+const multipath_1 = require("./multipath");
+const resourceLimits_1 = require("./resourceLimits");
+const ECDSA_FAKE_SIGNATURE_SIZE = 72;
+const TAPROOT_FAKE_SIGNATURE_SIZE = 64;
+/** Detect if the adapter was created with native bitcoinjs key factories. */
+function isBitcoinJsLib(lib) {
+    const BITCOINJS_KEY_PROBE_PRIVKEY = Uint8Array.from([
+        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+        0, 0, 0, 0, 0, 0, 1
+    ]);
+    const BITCOINJS_KEY_PROBE_SEED = new Uint8Array(32).fill(1);
+    try {
+        const maybeECPairWithFromPrivateKey = lib.ECPair;
+        const maybeBIP32WithFromSeed = lib.BIP32;
+        if (typeof maybeECPairWithFromPrivateKey.fromPrivateKey !== 'function')
+            return false;
+        if (typeof maybeBIP32WithFromSeed.fromSeed !== 'function')
+            return false;
+        const ecpair = maybeECPairWithFromPrivateKey.fromPrivateKey(BITCOINJS_KEY_PROBE_PRIVKEY);
+        const bip32 = maybeBIP32WithFromSeed.fromSeed(BITCOINJS_KEY_PROBE_SEED, networks_1.networks.regtest);
+        const looksLikeNativeECPair = typeof ecpair.toWIF === 'function' &&
+            typeof ecpair.compressed === 'boolean';
+        const looksLikeNativeBIP32 = bip32.chainCode instanceof Uint8Array &&
+            typeof bip32.toWIF === 'function' &&
+            typeof bip32.depth === 'number';
+        return looksLikeNativeECPair && looksLikeNativeBIP32;
+    }
+    catch {
+        return false;
+    }
+}
+function unsupportedKeyApi(apiName) {
+    const msg = `Error: ${apiName} is unavailable with this backend. ` +
+        `You initialized @bitcoinerlab/descriptors with a non-bitcoinjs lib. ` +
+        `Use DescriptorsFactory(ecc) or createBitcoinjsLib(ecc) for full bitcoinjs ${apiName} APIs.`;
+    return new Proxy({}, {
+        get(_target, prop) {
+            throw new Error(`${msg} Tried to access ${apiName}.${String(prop)}.`);
+        }
+    });
+}
+function vectorSize(someVector) {
+    const length = someVector.length;
+    return ((0, varuint_bitcoin_1.encodingLength)(length) +
+        someVector.reduce((sum, witness) => {
+            return sum + varSliceSize(witness);
+        }, 0));
+}
+function varSliceSize(someScript) {
+    const length = someScript.length;
+    return (0, varuint_bitcoin_1.encodingLength)(length) + length;
+}
+/*
+ * Returns a bare descriptor without checksum and particularized for a certain
+ * index (if desc was a range descriptor)
+ * @hidden
+ */
+function evaluate({ descriptor, checksumRequired, index, change }) {
+    if (!descriptor)
+        throw new Error('You must provide a descriptor.');
+    const mChecksum = descriptor.match(String.raw `(${RE.reChecksum})$`);
+    if (mChecksum === null && checksumRequired === true)
+        throw new Error(`Error: descriptor ${descriptor} has not checksum`);
+    //evaluatedDescriptor: a bare desc without checksum and particularized for a certain
+    //index (if desc was a range descriptor)
+    let evaluatedDescriptor = descriptor;
+    if (mChecksum !== null) {
+        const checksum = mChecksum[0].substring(1); //remove the leading #
+        evaluatedDescriptor = descriptor.substring(0, descriptor.length - mChecksum[0].length);
+        if (checksum !== (0, checksum_1.DescriptorChecksum)(evaluatedDescriptor)) {
+            throw new Error(`Error: invalid descriptor checksum for ${descriptor}`);
+        }
+    }
+    evaluatedDescriptor = (0, multipath_1.resolveMultipathDescriptor)({
+        descriptor: evaluatedDescriptor,
+        ...(change !== undefined ? { change } : {})
+    });
+    if (index !== undefined) {
+        const mWildcard = evaluatedDescriptor.match(/\*/g);
+        if (mWildcard && mWildcard.length > 0) {
+            //From  https://github.com/bitcoin/bitcoin/blob/master/doc/descriptors.md
+            //To prevent a combinatorial explosion of the search space, if more than
+            //one of the multi() key arguments is a BIP32 wildcard path ending in /* or
+            //*', the multi() descriptor only matches multisig scripts with the ith
+            //child key from each wildcard path in lockstep, rather than scripts with
+            //any combination of child keys from each wildcard path.
+            //We extend this reasoning for musig for all cases
+            evaluatedDescriptor = evaluatedDescriptor.replaceAll('*', index.toString());
+        }
+        else
+            throw new Error(`Error: index passed for non-ranged descriptor: ${descriptor}`);
+    }
+    return evaluatedDescriptor;
+}
+// Helper: parse sortedmulti(M, k1, k2,...)
+function parseSortedMulti(inner) {
+    // inner: "2,key1,key2,key3"
+    const parts = inner.split(',').map(p => p.trim());
+    if (parts.length < 2)
+        throw new Error(`sortedmulti(): must contain M and at least one key: ${inner}`);
+    const m = Number(parts[0]);
+    if (!Number.isInteger(m) || m < 1 || m > 20)
+        throw new Error(`sortedmulti(): invalid M=${parts[0]}`);
+    const keyExpressions = parts.slice(1);
+    if (keyExpressions.length < m)
+        throw new Error(`sortedmulti(): M cannot exceed number of keys: ${inner}`);
+    if (keyExpressions.length > 20)
+        throw new Error(`sortedmulti(): descriptors support up to 20 keys (per BIP 380/383).`);
+    return { m, keyExpressions };
+}
+const MAX_PUBKEYS_PER_MULTI_A = 999;
+// Helper: parse sortedmulti_a(M, k1, k2,...)
+function parseSortedMultiA(inner) {
+    const parts = inner.split(',').map(p => p.trim());
+    if (parts.length < 2)
+        throw new Error(`sortedmulti_a(): must contain M and at least one key: ${inner}`);
+    const m = Number(parts[0]);
+    if (!Number.isInteger(m) || m < 1)
+        throw new Error(`sortedmulti_a(): invalid M=${parts[0]}`);
+    const keyExpressions = parts.slice(1);
+    if (keyExpressions.length < m)
+        throw new Error(`sortedmulti_a(): M cannot exceed number of keys: ${inner}`);
+    if (keyExpressions.length > MAX_PUBKEYS_PER_MULTI_A)
+        throw new Error(`sortedmulti_a(): descriptors support up to ${MAX_PUBKEYS_PER_MULTI_A} keys.`);
+    return { m, keyExpressions };
+}
+function parseTrExpression(expression) {
+    if (!expression.startsWith('tr(') || !expression.endsWith(')'))
+        throw new Error(`Error: invalid descriptor ${expression}`);
+    const innerExpression = expression.slice(3, -1).trim();
+    if (!innerExpression)
+        throw new Error(`Error: invalid descriptor ${expression}`);
+    const splitResult = (0, parseUtils_1.splitTopLevelComma)({
+        expression: innerExpression,
+        onError: () => new Error(`Error: invalid descriptor ${expression}`)
+    });
+    //if no commas: innerExpression === keyExpression
+    if (!splitResult)
+        return { keyExpression: innerExpression };
+    return { keyExpression: splitResult.left, treeExpression: splitResult.right };
+}
+/**
+ * Constructs the necessary functions and classes for working with descriptors,
+ * using either an external elliptic curve (`ecc`) library or a core Bitcoin
+ * library (e.g.
+ * [bitcoinjs-lib](https://github.com/bitcoinjs/bitcoinjs-lib) or
+ * [@scure/btc-signer](https://github.com/paulmillr/scure-btc-signer)).
+ *
+ * Note:
+ * Most users do not need to call `DescriptorsFactory(...)` directly.
+ * - `@bitcoinerlab/descriptors` already provides the bitcoinjs-ready defaults.
+ * - `@bitcoinerlab/descriptors-scure` already provides the scure-ready defaults.
+ *
+ * This factory is mainly useful for:
+ * - backwards compatibility with pre-`3.1.x` bitcoinjs usage, and
+ * - advanced `@bitcoinerlab/descriptors-core` use cases where you want to bind
+ *   a specific `TinySecp256k1Interface` or a custom `BitcoinLib`.
+ *
+ * In the default bitcoinjs package, the implicit `TinySecp256k1Interface` is
+ * `@bitcoinerlab/secp256k1`.
+ *
+ * Notably, it returns the {@link _Internal_.Output | `Output`} class, which
+ * provides methods to create, sign, and finalize transactions from descriptor
+ * expressions.
+ *
+ * The factory also returns utility methods like `expand` (detailed below)
+ * and `parseKeyExpression` (see {@link KeyExpressionParser}).
+ *
+ * Additionally, for convenience, the factory returns
+ * {@link https://github.com/bitcoinjs/bip32 | `BIP32`} and
+ * {@link https://github.com/bitcoinjs/ecpair | `ECPair`}.
+ * In bitcoinjs mode, these are the already initialized bitcoinjs factories,
+ * equivalent to `BIP32 = BIP32Factory(ecc)` and `ECPair = ECPairFactory(ecc)`.
+ * When using scure, prefer scure-native key types
+ * ({@link https://github.com/paulmillr/scure-bip32 | `HDKey`} and
+ * `Uint8Array` for private keys), which do not require key-factory initialization.
+ *
+ * @param {TinySecp256k1Interface | BitcoinLib} eccOrBitcoinLib - The core
+ * Bitcoin library input used by the factory.
+ *
+ * You can pass this parameter in three common ways:
+ *
+ * ```ts
+ * import { DescriptorsFactory } from '@bitcoinerlab/descriptors-core';
+ * import { createScureLib } from '@bitcoinerlab/descriptors-core/scure';
+ *
+ * const { Output } = DescriptorsFactory(createScureLib());
+ * ```
+ *
+ * ```ts
+ * import * as ecc from '@bitcoinerlab/secp256k1';
+ * import { DescriptorsFactory } from '@bitcoinerlab/descriptors-core';
+ * import { createBitcoinjsLib } from '@bitcoinerlab/descriptors-core/bitcoinjs';
+ *
+ * const { Output } = DescriptorsFactory(createBitcoinjsLib(ecc));
+ * ```
+ *
+ * ```ts
+ * import * as ecc from '@bitcoinerlab/secp256k1';
+ * import { DescriptorsFactory } from '@bitcoinerlab/descriptors';
+ *
+ * // Equivalent to `DescriptorsFactory(createBitcoinjsLib(ecc))`, but implicit.
+ * const { Output } = DescriptorsFactory(ecc);
+ * ```
+ */
+function DescriptorsFactory(eccOrBitcoinLib) {
+    var _Output_instances, _Output_payment, _Output_preimages, _Output_signersPubKeys, _Output_miniscript, _Output_witnessScript, _Output_redeemScript, _Output_isSegwit, _Output_isTaproot, _Output_expandedExpression, _Output_expandedMiniscript, _Output_tapTreeExpression, _Output_tapTree, _Output_tapTreeInfo, _Output_taprootSpendPath, _Output_tapLeaf, _Output_expansionMap, _Output_network, _Output_resolveMiniscriptSignersPubKeys, _Output_assertMiniscriptSatisfactionResourceLimits, _Output_resolveTapTreeSignersPubKeys, _Output_getConstraints, _Output_assertPsbtInput;
+    // Detect whether we got a raw ecc interface or a full BitcoinLib adapter.
+    // BitcoinLib has a `payments` property; TinySecp256k1Interface does not.
+    let bitcoinLib;
+    if ('payments' in eccOrBitcoinLib && 'script' in eccOrBitcoinLib) {
+        bitcoinLib = eccOrBitcoinLib;
+    }
+    else {
+        let createBitcoinjsLib;
+        try {
+            // Lazy-load the bitcoinjs adapter to avoid hard-dep when using another backend
+            // eslint-disable-next-line @typescript-eslint/no-require-imports
+            ({ createBitcoinjsLib } = require('./adapters/bitcoinjs'));
+        }
+        catch (error) {
+            throw new Error('Could not load the bitcoinjs backend. Install bitcoinjs-lib, bip32 and ecpair ' +
+                'as peer dependencies, or use the scure backend with createScureLib(). ' +
+                'Original error: ' +
+                (error instanceof Error ? error.message : String(error)));
+        }
+        bitcoinLib = createBitcoinjsLib(eccOrBitcoinLib);
+    }
+    const { payments, script: scriptLib } = bitcoinLib;
+    const { p2sh, p2wpkh, p2pkh, p2pk, p2wsh, p2tr } = payments;
+    const address = bitcoinLib.address;
+    const Transaction = bitcoinLib.Transaction;
+    const BIP32 = bitcoinLib.BIP32; //This is in fact BIP32APILike
+    const ECPair = bitcoinLib.ECPair; //This is in fact ECPairAPILike
+    const signatureValidator = (pubkey, msghash, signature) => {
+        if (pubkey.length === 32) {
+            //x-only
+            return bitcoinLib.verifySchnorr(msghash, pubkey, signature);
+        }
+        else {
+            return ECPair.fromPublicKey(pubkey).verify(msghash, signature);
+        }
+    };
+    /**
+     * Takes a string key expression (xpub, xprv, pubkey or wif) and parses it
+     */
+    const parseKeyExpression = ({ keyExpression, isSegwit, isTaproot, network = networks_1.networks.bitcoin }) => {
+        return (0, keyExpressions_1.parseKeyExpression)({
+            keyExpression,
+            network,
+            ...(typeof isSegwit === 'boolean' ? { isSegwit } : {}),
+            ...(typeof isTaproot === 'boolean' ? { isTaproot } : {}),
+            ECPair,
+            BIP32
+        });
+    };
+    /**
+     * Builds a taproot leaf expansion override for descriptor-level
+     * `sortedmulti_a(...)`.
+     *
+     * Why this exists:
+     * - `sortedmulti_a` is a descriptor script expression (not a Miniscript
+     *   fragment).
+     *
+     * What this does:
+     * - Resolves each key expression to a concrete pubkey and builds a leaf-local
+     *   placeholder map (`@0`, `@1`, ... in input order).
+     * - Derives the internal compilation form by sorting placeholders by pubkey
+     *   bytes and lowering to `multi_a(...)`.
+     * - Compiles tapscript from that lowered form and returns it as override
+     *   data.
+     *
+     * Returns `undefined` for non-`sortedmulti_a` leaves so normal taproot miniscript
+     * expansion/compilation is used.
+     */
+    function buildTapLeafSortedMultiAOverride({ expression, network = networks_1.networks.bitcoin }) {
+        if (!/\bsortedmulti_a\(/.test(expression))
+            return undefined;
+        const trimmed = expression.trim();
+        const match = trimmed.match(/^sortedmulti_a\((.*)\)$/);
+        if (!match)
+            throw new Error(`Error: sortedmulti_a() must be a standalone taproot leaf expression`);
+        const inner = match[1];
+        if (!inner)
+            throw new Error(`Error: invalid sortedmulti_a() expression: ${expression}`);
+        const { m, keyExpressions } = parseSortedMultiA(inner);
+        const keyInfos = keyExpressions.map(keyExpression => {
+            const keyInfo = parseKeyExpression({
+                keyExpression,
+                isSegwit: true,
+                isTaproot: true,
+                network
+            });
+            if (!keyInfo.pubkey)
+                throw new Error(`Error: sortedmulti_a() key must resolve to a concrete pubkey: ${keyExpression}`);
+            return keyInfo;
+        });
+        const expansionMap = {};
+        keyInfos.forEach((keyInfo, index) => {
+            expansionMap[`@${index}`] = keyInfo;
+        });
+        // sortedmulti_a is descriptor-level sugar. We preserve it in
+        // expandedExpression, but compile tapscript from its internal multi_a
+        // lowering with sorted placeholders.
+        const expandedExpression = `sortedmulti_a(${[
+            m,
+            ...Object.keys(expansionMap)
+        ].join(',')})`;
+        const compileExpandedMiniscript = (0, tapMiniscript_1.compileSortedMultiAExpandedExpression)({
+            expandedExpression,
+            expansionMap
+        });
+        const tapScript = (0, miniscript_1.miniscript2Script)({
+            expandedMiniscript: compileExpandedMiniscript,
+            expansionMap,
+            tapscript: true,
+            scriptLib
+        });
+        return { expandedExpression, expansionMap, tapScript };
+    }
+    function expand({ descriptor, index, change, checksumRequired = false, network = networks_1.networks.bitcoin, allowMiniscriptInP2SH = false }) {
+        if (!descriptor)
+            throw new Error(`descriptor not provided`);
+        let expandedExpression;
+        let miniscript;
+        let expansionMap;
+        let isSegwit;
+        let isTaproot;
+        let expandedMiniscript;
+        let tapTreeExpression;
+        let tapTree;
+        let tapTreeInfo;
+        let payment;
+        let witnessScript;
+        let redeemScript;
+        const isRanged = descriptor.indexOf('*') !== -1;
+        if (index !== undefined)
+            if (!Number.isInteger(index) || index < 0)
+                throw new Error(`Error: invalid index ${index}`);
+        //Verify and remove checksum (if exists) and
+        //particularize range descriptor for index (if desc is range descriptor)
+        const canonicalExpression = evaluate({
+            descriptor,
+            ...(index !== undefined ? { index } : {}),
+            ...(change !== undefined ? { change } : {}),
+            checksumRequired
+        });
+        const isCanonicalRanged = canonicalExpression.indexOf('*') !== -1;
+        //addr(ADDR)
+        if (canonicalExpression.match(RE.reAddrAnchored)) {
+            if (isRanged)
+                throw new Error(`Error: addr() cannot be ranged`);
+            const matchedAddress = canonicalExpression.match(RE.reAddrAnchored)?.[1]; //[1]-> whatever is found addr(->HERE<-)
+            if (!matchedAddress)
+                throw new Error(`Error: could not get an address in ${descriptor}`);
+            let output;
+            try {
+                output = address.toOutputScript(matchedAddress, network);
+            }
+            catch (e) {
+                void e;
+                throw new Error(`Error: invalid address ${matchedAddress}`);
+            }
+            try {
+                payment = p2pkh({ output, network });
+                isSegwit = false;
+                isTaproot = false;
+            }
+            catch (e) {
+                void e;
+            }
+            try {
+                payment = p2sh({ output, network });
+                // It assumes that an addr(SH_ADDRESS) is always a add(SH_WPKH) address
+                isSegwit = true;
+                isTaproot = false;
+            }
+            catch (e) {
+                void e;
+            }
+            try {
+                payment = p2wpkh({ output, network });
+                isSegwit = true;
+                isTaproot = false;
+            }
+            catch (e) {
+                void e;
+            }
+            try {
+                payment = p2wsh({ output, network });
+                isSegwit = true;
+                isTaproot = false;
+            }
+            catch (e) {
+                void e;
+            }
+            try {
+                payment = p2tr({ output, network });
+                isSegwit = true;
+                isTaproot = true;
+            }
+            catch (e) {
+                void e;
+            }
+            if (!payment) {
+                throw new Error(`Error: invalid address ${matchedAddress}`);
+            }
+        }
+        //pk(KEY)
+        else if (canonicalExpression.match(RE.rePkAnchored)) {
+            isSegwit = false;
+            isTaproot = false;
+            const keyExpression = canonicalExpression.match(RE.reNonSegwitKeyExp)?.[0];
+            if (!keyExpression)
+                throw new Error(`Error: keyExpression could not me extracted`);
+            if (canonicalExpression !== `pk(${keyExpression})`)
+                throw new Error(`Error: invalid expression ${descriptor}`);
+            expandedExpression = 'pk(@0)';
+            const pKE = parseKeyExpression({ keyExpression, network, isSegwit });
+            expansionMap = { '@0': pKE };
+            if (!isCanonicalRanged) {
+                const pubkey = pKE.pubkey;
+                //Note there exists no address for p2pk, but we can still use the script
+                if (!pubkey)
+                    throw new Error(`Error: could not extract a pubkey from ${descriptor}`);
+                payment = p2pk({ pubkey, network });
+            }
+        }
+        //pkh(KEY) - legacy
+        else if (canonicalExpression.match(RE.rePkhAnchored)) {
+            isSegwit = false;
+            isTaproot = false;
+            const keyExpression = canonicalExpression.match(RE.reNonSegwitKeyExp)?.[0];
+            if (!keyExpression)
+                throw new Error(`Error: keyExpression could not me extracted`);
+            if (canonicalExpression !== `pkh(${keyExpression})`)
+                throw new Error(`Error: invalid expression ${descriptor}`);
+            expandedExpression = 'pkh(@0)';
+            const pKE = parseKeyExpression({ keyExpression, network, isSegwit });
+            expansionMap = { '@0': pKE };
+            if (!isCanonicalRanged) {
+                const pubkey = pKE.pubkey;
+                if (!pubkey)
+                    throw new Error(`Error: could not extract a pubkey from ${descriptor}`);
+                payment = p2pkh({ pubkey, network });
+            }
+        }
+        //sh(wpkh(KEY)) - nested segwit
+        else if (canonicalExpression.match(RE.reShWpkhAnchored)) {
+            isSegwit = true;
+            isTaproot = false;
+            const keyExpression = canonicalExpression.match(RE.reSegwitKeyExp)?.[0];
+            if (!keyExpression)
+                throw new Error(`Error: keyExpression could not me extracted`);
+            if (canonicalExpression !== `sh(wpkh(${keyExpression}))`)
+                throw new Error(`Error: invalid expression ${descriptor}`);
+            expandedExpression = 'sh(wpkh(@0))';
+            const pKE = parseKeyExpression({ keyExpression, network, isSegwit });
+            expansionMap = { '@0': pKE };
+            if (!isCanonicalRanged) {
+                const pubkey = pKE.pubkey;
+                if (!pubkey)
+                    throw new Error(`Error: could not extract a pubkey from ${descriptor}`);
+                payment = p2sh({ redeem: p2wpkh({ pubkey, network }), network });
+                redeemScript = payment.redeem?.output;
+                if (!redeemScript)
+                    throw new Error(`Error: could not calculate redeemScript for ${descriptor}`);
+            }
+        }
+        //wpkh(KEY) - native segwit
+        else if (canonicalExpression.match(RE.reWpkhAnchored)) {
+            isSegwit = true;
+            isTaproot = false;
+            const keyExpression = canonicalExpression.match(RE.reSegwitKeyExp)?.[0];
+            if (!keyExpression)
+                throw new Error(`Error: keyExpression could not me extracted`);
+            if (canonicalExpression !== `wpkh(${keyExpression})`)
+                throw new Error(`Error: invalid expression ${descriptor}`);
+            expandedExpression = 'wpkh(@0)';
+            const pKE = parseKeyExpression({ keyExpression, network, isSegwit });
+            expansionMap = { '@0': pKE };
+            if (!isCanonicalRanged) {
+                const pubkey = pKE.pubkey;
+                if (!pubkey)
+                    throw new Error(`Error: could not extract a pubkey from ${descriptor}`);
+                payment = p2wpkh({ pubkey, network });
+            }
+        }
+        // sortedmulti script expressions
+        // sh(sortedmulti())
+        else if (canonicalExpression.match(RE.reShSortedMultiAnchored)) {
+            isSegwit = false;
+            isTaproot = false;
+            const inner = canonicalExpression.match(RE.reShSortedMultiAnchored)?.[1];
+            if (!inner)
+                throw new Error(`Error extracting sortedmulti() in ${descriptor}`);
+            const { m, keyExpressions } = parseSortedMulti(inner);
+            const pKEs = keyExpressions.map(k => parseKeyExpression({ keyExpression: k, network, isSegwit: false }));
+            const map = {};
+            pKEs.forEach((pke, i) => (map['@' + i] = pke));
+            expansionMap = map;
+            expandedExpression =
+                'sh(sortedmulti(' +
+                    [m, ...Object.keys(expansionMap).map(k => k)].join(',') +
+                    '))';
+            if (!isCanonicalRanged) {
+                const pubkeys = pKEs.map(p => {
+                    if (!p.pubkey)
+                        throw new Error(`Error: key has no pubkey`);
+                    return p.pubkey;
+                });
+                pubkeys.sort((a, b) => (0, uint8array_tools_1.compare)(a, b));
+                const redeem = payments.p2ms({ m, pubkeys, network });
+                redeemScript = redeem.output;
+                if (!redeemScript)
+                    throw new Error(`Error creating redeemScript`);
+                payment = payments.p2sh({ redeem, network });
+            }
+        }
+        // wsh(sortedmulti())
+        else if (canonicalExpression.match(RE.reWshSortedMultiAnchored)) {
+            isSegwit = true;
+            isTaproot = false;
+            const inner = canonicalExpression.match(RE.reWshSortedMultiAnchored)?.[1];
+            if (!inner)
+                throw new Error(`Error extracting sortedmulti() in ${descriptor}`);
+            const { m, keyExpressions } = parseSortedMulti(inner);
+            const pKEs = keyExpressions.map(k => parseKeyExpression({ keyExpression: k, network, isSegwit: true }));
+            const map = {};
+            pKEs.forEach((pke, i) => (map['@' + i] = pke));
+            expansionMap = map;
+            expandedExpression =
+                'wsh(sortedmulti(' +
+                    [m, ...Object.keys(expansionMap).map(k => k)].join(',') +
+                    '))';
+            if (!isCanonicalRanged) {
+                const pubkeys = pKEs.map(p => {
+                    if (!p.pubkey)
+                        throw new Error(`Error: key has no pubkey`);
+                    return p.pubkey;
+                });
+                pubkeys.sort((a, b) => (0, uint8array_tools_1.compare)(a, b));
+                const redeem = payments.p2ms({ m, pubkeys, network });
+                witnessScript = redeem.output;
+                if (!witnessScript)
+                    throw new Error(`Error computing witnessScript`);
+                payment = payments.p2wsh({ redeem, network });
+            }
+        }
+        // sh(wsh(sortedmulti()))
+        else if (canonicalExpression.match(RE.reShWshSortedMultiAnchored)) {
+            isSegwit = true;
+            isTaproot = false;
+            const inner = canonicalExpression.match(RE.reShWshSortedMultiAnchored)?.[1];
+            if (!inner)
+                throw new Error(`Error extracting sortedmulti() in ${descriptor}`);
+            const { m, keyExpressions } = parseSortedMulti(inner);
+            const pKEs = keyExpressions.map(k => parseKeyExpression({ keyExpression: k, network, isSegwit: true }));
+            const map = {};
+            pKEs.forEach((pke, i) => (map['@' + i] = pke));
+            expansionMap = map;
+            expandedExpression =
+                'sh(wsh(sortedmulti(' +
+                    [m, ...Object.keys(expansionMap).map(k => k)].join(',') +
+                    ')))';
+            if (!isCanonicalRanged) {
+                const pubkeys = pKEs.map(p => {
+                    if (!p.pubkey)
+                        throw new Error(`Error: key has no pubkey`);
+                    return p.pubkey;
+                });
+                pubkeys.sort((a, b) => (0, uint8array_tools_1.compare)(a, b));
+                const redeem = payments.p2ms({ m, pubkeys, network });
+                const wsh = payments.p2wsh({ redeem, network });
+                witnessScript = redeem.output;
+                redeemScript = wsh.output;
+                payment = payments.p2sh({ redeem: wsh, network });
+            }
+        }
+        //sh(wsh(miniscript))
+        else if (canonicalExpression.match(RE.reShWshMiniscriptAnchored)) {
+            isSegwit = true;
+            isTaproot = false;
+            miniscript = canonicalExpression.match(RE.reShWshMiniscriptAnchored)?.[1]; //[1]-> whatever is found sh(wsh(->HERE<-))
+            if (!miniscript)
+                throw new Error(`Error: could not get miniscript in ${descriptor}`);
+            ({ expandedMiniscript, expansionMap } = expandMiniscript({
+                miniscript,
+                isSegwit,
+                network
+            }));
+            expandedExpression = `sh(wsh(${expandedMiniscript}))`;
+            if (!isCanonicalRanged) {
+                const script = (0, miniscript_1.miniscript2Script)({
+                    expandedMiniscript,
+                    expansionMap,
+                    scriptLib
+                });
+                witnessScript = script;
+                if (script.byteLength > resourceLimits_1.MAX_STANDARD_P2WSH_SCRIPT_SIZE) {
+                    throw new Error(`Error: script is too large, ${script.byteLength} bytes is larger than ${resourceLimits_1.MAX_STANDARD_P2WSH_SCRIPT_SIZE} bytes`);
+                }
+                (0, resourceLimits_1.assertScriptNonPushOnlyOpsLimit)({ script, scriptLib });
+                payment = p2sh({
+                    redeem: p2wsh({ redeem: { output: script, network }, network }),
+                    network
+                });
+                redeemScript = payment.redeem?.output;
+                if (!redeemScript)
+                    throw new Error(`Error: could not calculate redeemScript for ${descriptor}`);
+            }
+        }
+        //sh(miniscript)
+        else if (canonicalExpression.match(RE.reShMiniscriptAnchored)) {
+            //isSegwit false because we know it's a P2SH of a miniscript and not a
+            //P2SH that embeds a witness payment.
+            isSegwit = false;
+            isTaproot = false;
+            miniscript = canonicalExpression.match(RE.reShMiniscriptAnchored)?.[1]; //[1]-> whatever is found sh(->HERE<-)
+            if (!miniscript)
+                throw new Error(`Error: could not get miniscript in ${descriptor}`);
+            if (allowMiniscriptInP2SH === false &&
+                // These top-level script expressions are allowed inside sh(...).
+                // The sorted script expressions (`sortedmulti`, `sortedmulti_a`) are
+                // handled in dedicated descriptor/taproot branches and are intentionally
+                // not part of this miniscript gate.
+                // Here we only keep legacy top-level forms to avoid accepting arbitrary
+                // miniscript in P2SH unless explicitly enabled.
+                miniscript.search(/^(pk\(|pkh\(|wpkh\(|combo\(|multi\(|multi_a\()/) !==
+                    0) {
+                throw new Error(`Error: Miniscript expressions can only be used in wsh`);
+            }
+            ({ expandedMiniscript, expansionMap } = expandMiniscript({
+                miniscript,
+                isSegwit,
+                network
+            }));
+            expandedExpression = `sh(${expandedMiniscript})`;
+            if (!isCanonicalRanged) {
+                const script = (0, miniscript_1.miniscript2Script)({
+                    expandedMiniscript,
+                    expansionMap,
+                    scriptLib
+                });
+                redeemScript = script;
+                if (script.byteLength > resourceLimits_1.MAX_SCRIPT_ELEMENT_SIZE) {
+                    throw new Error(`Error: P2SH script is too large, ${script.byteLength} bytes is larger than ${resourceLimits_1.MAX_SCRIPT_ELEMENT_SIZE} bytes`);
+                }
+                (0, resourceLimits_1.assertScriptNonPushOnlyOpsLimit)({ script, scriptLib });
+                payment = p2sh({ redeem: { output: script, network }, network });
+            }
+        }
+        //wsh(miniscript)
+        else if (canonicalExpression.match(RE.reWshMiniscriptAnchored)) {
+            isSegwit = true;
+            isTaproot = false;
+            miniscript = canonicalExpression.match(RE.reWshMiniscriptAnchored)?.[1]; //[1]-> whatever is found wsh(->HERE<-)
+            if (!miniscript)
+                throw new Error(`Error: could not get miniscript in ${descriptor}`);
+            ({ expandedMiniscript, expansionMap } = expandMiniscript({
+                miniscript,
+                isSegwit,
+                network
+            }));
+            expandedExpression = `wsh(${expandedMiniscript})`;
+            if (!isCanonicalRanged) {
+                const script = (0, miniscript_1.miniscript2Script)({
+                    expandedMiniscript,
+                    expansionMap,
+                    scriptLib
+                });
+                witnessScript = script;
+                if (script.byteLength > resourceLimits_1.MAX_STANDARD_P2WSH_SCRIPT_SIZE) {
+                    throw new Error(`Error: script is too large, ${script.byteLength} bytes is larger than ${resourceLimits_1.MAX_STANDARD_P2WSH_SCRIPT_SIZE} bytes`);
+                }
+                (0, resourceLimits_1.assertScriptNonPushOnlyOpsLimit)({ script, scriptLib });
+                payment = p2wsh({ redeem: { output: script, network }, network });
+            }
+        }
+        //tr(KEY) or tr(KEY,TREE) - taproot
+        else if (canonicalExpression.startsWith('tr(')) {
+            isSegwit = true;
+            isTaproot = true;
+            const { keyExpression, treeExpression } = parseTrExpression(canonicalExpression);
+            expandedExpression = treeExpression
+                ? `tr(@0,${treeExpression})`
+                : 'tr(@0)';
+            const pKE = parseKeyExpression({
+                keyExpression,
+                network,
+                isSegwit,
+                isTaproot
+            });
+            expansionMap = { '@0': pKE };
+            if (treeExpression) {
+                tapTreeExpression = treeExpression;
+                tapTree = (0, tapTree_1.parseTapTreeExpression)(treeExpression);
+                if (!isCanonicalRanged) {
+                    tapTreeInfo = (0, tapMiniscript_1.buildTapTreeInfo)({
+                        tapTree,
+                        network,
+                        BIP32,
+                        ECPair,
+                        scriptLib,
+                        // `leafExpansionOverride` runs per leaf expression.
+                        // For non-matching leaves it returns undefined and
+                        // normal miniscript expansion is used;
+                        // for sortedmulti_a leaves it returns descriptor-level
+                        // metadata plus precompiled tapscript bytes.
+                        leafExpansionOverride: (expression) => buildTapLeafSortedMultiAOverride({ expression, network })
+                    });
+                }
+            }
+            if (!isCanonicalRanged) {
+                const pubkey = pKE.pubkey;
+                if (!pubkey)
+                    throw new Error(`Error: could not extract a pubkey from ${descriptor}`);
+                const internalPubkey = (0, tapMiniscript_1.normalizeTaprootPubkey)(pubkey);
+                if (treeExpression) {
+                    if (!tapTreeInfo)
+                        throw new Error(`Error: taproot tree info not available`);
+                    payment = p2tr({
+                        internalPubkey,
+                        scriptTree: (0, tapMiniscript_1.tapTreeInfoToScriptTree)(tapTreeInfo),
+                        network
+                    });
+                }
+                else {
+                    payment = p2tr({ internalPubkey, network });
+                }
+            }
+        }
+        else {
+            throw new Error(`Error: Could not parse descriptor ${descriptor}`);
+        }
+        return {
+            ...(payment !== undefined ? { payment } : {}),
+            ...(expandedExpression !== undefined ? { expandedExpression } : {}),
+            ...(miniscript !== undefined ? { miniscript } : {}),
+            ...(expansionMap !== undefined ? { expansionMap } : {}),
+            ...(isSegwit !== undefined ? { isSegwit } : {}),
+            ...(isTaproot !== undefined ? { isTaproot } : {}),
+            ...(expandedMiniscript !== undefined ? { expandedMiniscript } : {}),
+            ...(tapTreeExpression !== undefined ? { tapTreeExpression } : {}),
+            ...(tapTree !== undefined ? { tapTree } : {}),
+            ...(tapTreeInfo !== undefined ? { tapTreeInfo } : {}),
+            ...(redeemScript !== undefined ? { redeemScript } : {}),
+            ...(witnessScript !== undefined ? { witnessScript } : {}),
+            isRanged,
+            canonicalExpression
+        };
+    }
+    /**
+     * Expand a miniscript to a generalized form using variables instead of key
+     * expressions. Variables will be of this form: @0, @1, ...
+     * This is done so that it can be compiled with compileMiniscript and
+     * satisfied with satisfier.
+     * Also compute pubkeys from descriptors to use them later.
+     */
+    function expandMiniscript({ miniscript, isSegwit, network = networks_1.networks.bitcoin }) {
+        return (0, miniscript_1.expandMiniscript)({
+            miniscript,
+            isSegwit,
+            isTaproot: false, //TODO:
+            network,
+            BIP32,
+            ECPair
+        });
+    }
+    /**
+     * The `Output` class is the central component for managing descriptors.
+     * It facilitates the creation of outputs to receive funds and enables the
+     * signing and finalization of PSBTs (Partially Signed Bitcoin Transactions)
+     * for spending UTXOs (Unspent Transaction Outputs).
+     */
+    class Output {
+        /**
+         * @param options
+         * @throws {Error} - when descriptor is invalid
+         */
+        constructor({ descriptor, index, change, checksumRequired = false, allowMiniscriptInP2SH = false, network = networks_1.networks.bitcoin, preimages = [], signersPubKeys, taprootSpendPath, tapLeaf }) {
+            _Output_instances.add(this);
+            _Output_payment.set(this, void 0);
+            _Output_preimages.set(this, []);
+            _Output_signersPubKeys.set(this, void 0);
+            _Output_miniscript.set(this, void 0);
+            _Output_witnessScript.set(this, void 0);
+            _Output_redeemScript.set(this, void 0);
+            //isSegwit true if witnesses are needed to the spend coins sent to this descriptor.
+            //may be unset because we may get addr(P2SH) which we don't know if they have segwit.
+            _Output_isSegwit.set(this, void 0);
+            _Output_isTaproot.set(this, void 0);
+            _Output_expandedExpression.set(this, void 0);
+            _Output_expandedMiniscript.set(this, void 0);
+            _Output_tapTreeExpression.set(this, void 0);
+            _Output_tapTree.set(this, void 0);
+            _Output_tapTreeInfo.set(this, void 0);
+            _Output_taprootSpendPath.set(this, void 0);
+            _Output_tapLeaf.set(this, void 0);
+            _Output_expansionMap.set(this, void 0);
+            _Output_network.set(this, void 0);
+            __classPrivateFieldSet(this, _Output_network, network, "f");
+            __classPrivateFieldSet(this, _Output_preimages, preimages, "f");
+            if (typeof descriptor !== 'string')
+                throw new Error(`Error: invalid descriptor type`);
+            const expandedResult = expand({
+                descriptor,
+                ...(index !== undefined ? { index } : {}),
+                ...(change !== undefined ? { change } : {}),
+                checksumRequired,
+                network,
+                allowMiniscriptInP2SH
+            });
+            const isTaprootDescriptor = expandedResult.isTaproot === true;
+            const hasTapTree = expandedResult.expandedExpression?.startsWith('tr(@0,') ?? false;
+            const resolvedTaprootSpendPath = taprootSpendPath ?? (hasTapTree ? 'script' : 'key');
+            if (!isTaprootDescriptor) {
+                if (taprootSpendPath !== undefined || tapLeaf !== undefined)
+                    throw new Error(`Error: taprootSpendPath/tapLeaf require a taproot descriptor`);
+            }
+            else {
+                if (taprootSpendPath === 'script' && !hasTapTree)
+                    throw new Error(`Error: taprootSpendPath=script requires a tr(KEY,TREE) descriptor`);
+                if (resolvedTaprootSpendPath === 'key' && tapLeaf !== undefined)
+                    throw new Error(`Error: tapLeaf cannot be used when taprootSpendPath is key`);
+                if (tapLeaf !== undefined && !hasTapTree)
+                    throw new Error(`Error: tapLeaf can only be used with tr(KEY,TREE) descriptors`);
+            }
+            if (expandedResult.isRanged && index === undefined)
+                throw new Error(`Error: index was not provided for ranged descriptor`);
+            if (!expandedResult.payment)
+                throw new Error(`Error: could not extract a payment from ${descriptor}`);
+            __classPrivateFieldSet(this, _Output_payment, expandedResult.payment, "f");
+            if (expandedResult.expandedExpression !== undefined)
+                __classPrivateFieldSet(this, _Output_expandedExpression, expandedResult.expandedExpression, "f");
+            if (expandedResult.miniscript !== undefined)
+                __classPrivateFieldSet(this, _Output_miniscript, expandedResult.miniscript, "f");
+            if (expandedResult.expansionMap !== undefined)
+                __classPrivateFieldSet(this, _Output_expansionMap, expandedResult.expansionMap, "f");
+            if (expandedResult.isSegwit !== undefined)
+                __classPrivateFieldSet(this, _Output_isSegwit, expandedResult.isSegwit, "f");
+            if (expandedResult.isTaproot !== undefined)
+                __classPrivateFieldSet(this, _Output_isTaproot, expandedResult.isTaproot, "f");
+            if (expandedResult.expandedMiniscript !== undefined)
+                __classPrivateFieldSet(this, _Output_expandedMiniscript, expandedResult.expandedMiniscript, "f");
+            if (expandedResult.tapTreeExpression !== undefined)
+                __classPrivateFieldSet(this, _Output_tapTreeExpression, expandedResult.tapTreeExpression, "f");
+            if (expandedResult.tapTree !== undefined)
+                __classPrivateFieldSet(this, _Output_tapTree, expandedResult.tapTree, "f");
+            if (expandedResult.tapTreeInfo !== undefined)
+                __classPrivateFieldSet(this, _Output_tapTreeInfo, expandedResult.tapTreeInfo, "f");
+            if (expandedResult.redeemScript !== undefined)
+                __classPrivateFieldSet(this, _Output_redeemScript, expandedResult.redeemScript, "f");
+            if (expandedResult.witnessScript !== undefined)
+                __classPrivateFieldSet(this, _Output_witnessScript, expandedResult.witnessScript, "f");
+            if (signersPubKeys)
+                __classPrivateFieldSet(this, _Output_signersPubKeys, signersPubKeys, "f");
+            __classPrivateFieldSet(this, _Output_taprootSpendPath, resolvedTaprootSpendPath, "f");
+            if (tapLeaf !== undefined)
+                __classPrivateFieldSet(this, _Output_tapLeaf, tapLeaf, "f");
+            this.getSequence = (0, lodash_memoize_1.default)(this.getSequence);
+            this.getLockTime = (0, lodash_memoize_1.default)(this.getLockTime);
+            const getSignaturesKey = (signatures) => signatures === 'DANGEROUSLY_USE_FAKE_SIGNATURES'
+                ? signatures
+                : signatures
+                    .map(s => `${(0, uint8array_tools_1.toHex)(s.pubkey)}-${(0, uint8array_tools_1.toHex)(s.signature)}`)
+                    .join('|');
+            this.guessOutput = (0, lodash_memoize_1.default)(this.guessOutput);
+            this.inputWeight = (0, lodash_memoize_1.default)(this.inputWeight, 
+            // resolver function:
+            (isSegwitTx, signatures, options) => {
+                const segwitKey = isSegwitTx ? 'segwit' : 'non-segwit';
+                const signaturesKey = getSignaturesKey(signatures);
+                const taprootSighashKey = options?.taprootSighash ?? 'SIGHASH_DEFAULT';
+                return `${segwitKey}-${signaturesKey}-taprootSighash:${taprootSighashKey}`;
+            });
+            this.outputWeight = (0, lodash_memoize_1.default)(this.outputWeight);
+        }
+        /**
+         * Returns the compiled Script Satisfaction for a miniscript-based Output.
+         * The satisfaction is the unlocking script, derived by the Satisfier
+         * algorithm (https://bitcoin.sipa.be/miniscript/).
+         *
+         * This method uses a two-pass flow:
+         * 1) Planning: constraints (nLockTime/nSequence) are computed using fake
+         *    signatures. This is done since the final solution may not need all the
+         *    signatures in signersPubKeys. And we may avoid the user do extra
+         *    signing (tedious op with HWW).
+         * 2) Signing: the provided signatures are used to build the final
+         *    satisfaction, while enforcing the planned constraints so the same
+         *    solution is selected. Not all the signatures of signersPubKeys may
+         *    be required.
+         *
+         * The return value includes the satisfaction script and the constraints.
+         */
+        getScriptSatisfaction(
+        /**
+         * An array with all the signatures needed to
+         * build the Satisfaction of this miniscript-based `Output`.
+         *
+         * `signatures` must be passed using this format (pairs of `pubKey/signature`):
+         * `interface PartialSig { pubkey: Uint8Array; signature: Uint8Array; }`
+         */
+        signatures) {
+            const miniscript = __classPrivateFieldGet(this, _Output_miniscript, "f");
+            const expandedMiniscript = __classPrivateFieldGet(this, _Output_expandedMiniscript, "f");
+            const expansionMap = __classPrivateFieldGet(this, _Output_expansionMap, "f");
+            if (miniscript === undefined ||
+                expandedMiniscript === undefined ||
+                expansionMap === undefined)
+                throw new Error(`Error: cannot get satisfaction from not expanded miniscript ${miniscript}`);
+            //This crates the plans using fake signatures
+            const constraints = __classPrivateFieldGet(this, _Output_instances, "m", _Output_getConstraints).call(this);
+            const satisfaction = (0, miniscript_1.satisfyMiniscript)({
+                expandedMiniscript,
+                expansionMap,
+                signatures,
+                preimages: __classPrivateFieldGet(this, _Output_preimages, "f"),
+                //Here we pass the TimeConstraints obtained using signersPubKeys to
+                //verify that the solutions found using the final signatures have not
+                //changed
+                timeConstraints: {
+                    nLockTime: constraints?.nLockTime,
+                    nSequence: constraints?.nSequence
+                },
+                scriptLib
+            });
+            __classPrivateFieldGet(this, _Output_instances, "m", _Output_assertMiniscriptSatisfactionResourceLimits).call(this, satisfaction.scriptSatisfaction);
+            return satisfaction;
+        }
+        /**
+         * Returns the taproot script‑path satisfaction for a tap miniscript
+         * descriptor. This mirrors {@link getScriptSatisfaction} and uses the same
+         * two‑pass plan/sign flow.
+         *
+         * In addition to nLockTime/nSequence, it returns the selected tapLeafHash
+         * (the leaf chosen during planning) and the leaf’s tapscript.
+         */
+        getTapScriptSatisfaction(
+        /**
+         * An array with all the signatures needed to
+         * build the Satisfaction of this miniscript-based `Output`.
+         *
+         * `signatures` must be passed using this format (pairs of `pubKey/signature`):
+         * `interface PartialSig { pubkey: Uint8Array; signature: Uint8Array; }`
+         */
+        signatures) {
+            if (__classPrivateFieldGet(this, _Output_taprootSpendPath, "f") !== 'script')
+                throw new Error(`Error: taprootSpendPath is key; script-path satisfaction is not allowed`);
+            const tapTreeInfo = __classPrivateFieldGet(this, _Output_tapTreeInfo, "f");
+            if (!tapTreeInfo)
+                throw new Error(`Error: taproot tree info not available`);
+            const constraints = __classPrivateFieldGet(this, _Output_instances, "m", _Output_getConstraints).call(this);
+            return (0, tapMiniscript_1.satisfyTapTree)({
+                tapTreeInfo,
+                preimages: __classPrivateFieldGet(this, _Output_preimages, "f"),
+                signatures,
+                ...(constraints?.tapLeafHash
+                    ? { tapLeaf: constraints.tapLeafHash }
+                    : {}),
+                ...(constraints
+                    ? {
+                        timeConstraints: {
+                            nLockTime: constraints.nLockTime,
+                            nSequence: constraints.nSequence
+                        }
+                    }
+                    : {}),
+                scriptLib
+            });
+        }
+        /**
+         * Creates and returns an instance of bitcoinjs-lib
+         * [`Payment`](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/ts_src/payments/index.ts)'s interface with the `scriptPubKey` of this `Output`.
+         */
+        getPayment() {
+            return __classPrivateFieldGet(this, _Output_payment, "f");
+        }
+        /**
+         * Returns the Bitcoin Address of this `Output`.
+         */
+        getAddress() {
+            if (!__classPrivateFieldGet(this, _Output_payment, "f").address)
+                throw new Error(`Error: could extract an address from the payment`);
+            return __classPrivateFieldGet(this, _Output_payment, "f").address;
+        }
+        /**
+         * Returns this `Output`'s scriptPubKey.
+         */
+        getScriptPubKey() {
+            if (!__classPrivateFieldGet(this, _Output_payment, "f").output)
+                throw new Error(`Error: could extract output.script from the payment`);
+            return __classPrivateFieldGet(this, _Output_payment, "f").output;
+        }
+        /**
+         * Gets the nSequence required to fulfill this `Output`.
+         */
+        getSequence() {
+            return __classPrivateFieldGet(this, _Output_instances, "m", _Output_getConstraints).call(this)?.nSequence;
+        }
+        /**
+         * Gets the nLockTime required to fulfill this `Output`.
+         */
+        getLockTime() {
+            return __classPrivateFieldGet(this, _Output_instances, "m", _Output_getConstraints).call(this)?.nLockTime;
+        }
+        /**
+         * Returns the tapleaf hash selected during planning for taproot script-path
+         * spends. If signersPubKeys are provided, selection is optimized for those
+         * pubkeys. If a specific tapLeaf selector is used in spending calls, this
+         * reflects that selection.
+         */
+        getTapLeafHash() {
+            return __classPrivateFieldGet(this, _Output_instances, "m", _Output_getConstraints).call(this)?.tapLeafHash;
+        }
+        /**
+         * Gets the witnessScript required to fulfill this `Output`. Only applies to
+         * Segwit outputs.
+         */
+        getWitnessScript() {
+            return __classPrivateFieldGet(this, _Output_witnessScript, "f");
+        }
+        /**
+         * Gets the redeemScript required to fullfill this `Output`. Only applies to
+         * SH outputs: sh(wpkh), sh(wsh), sh(lockingScript).
+         */
+        getRedeemScript() {
+            return __classPrivateFieldGet(this, _Output_redeemScript, "f");
+        }
+        /**
+         * Gets the bitcoinjs-lib [`network`](https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/ts_src/networks.ts) used to create this `Output`.
+         */
+        getNetwork() {
+            return __classPrivateFieldGet(this, _Output_network, "f");
+        }
+        /**
+         * Whether this `Output` is Segwit.
+         *
+         * *NOTE:* When the descriptor in an input is `addr(address)`, it is assumed
+         * that any `addr(SH_TYPE_ADDRESS)` is in fact a Segwit `SH_WPKH`
+         * (Script Hash-Witness Public Key Hash).
+         * For inputs using arbitrary scripts (not standard addresses),
+         * use a descriptor in the format `sh(MINISCRIPT)`.
+         *
+         */
+        isSegwit() {
+            return __classPrivateFieldGet(this, _Output_isSegwit, "f");
+        }
+        /**
+         * Whether this `Output` is Taproot.
+         */
+        isTaproot() {
+            return __classPrivateFieldGet(this, _Output_isTaproot, "f");
+        }
+        /**
+         * Attempts to determine the type of output script by testing it against
+         * various payment types.
+         *
+         * This method tries to identify if the output is one of the following types:
+         * - P2SH (Pay to Script Hash)
+         * - P2WSH (Pay to Witness Script Hash)
+         * - P2WPKH (Pay to Witness Public Key Hash)
+         * - P2PKH (Pay to Public Key Hash)
+         * - P2TR (Pay to Taproot)
+         *
+         * @returns An object { isPKH: boolean; isWPKH: boolean; isSH: boolean; isWSH: boolean; isTR: boolean;}
+         * with boolean properties indicating the detected output type
+         */
+        guessOutput() {
+            function guessSH(output) {
+                try {
+                    payments.p2sh({ output });
+                    return true;
+                }
+                catch (err) {
+                    void err;
+                    return false;
+                }
+            }
+            function guessWSH(output) {
+                try {
+                    payments.p2wsh({ output });
+                    return true;
+                }
+                catch (err) {
+                    void err;
+                    return false;
+                }
+            }
+            function guessWPKH(output) {
+                try {
+                    payments.p2wpkh({ output });
+                    return true;
+                }
+                catch (err) {
+                    void err;
+                    return false;
+                }
+            }
+            function guessPKH(output) {
+                try {
+                    payments.p2pkh({ output });
+                    return true;
+                }
+                catch (err) {
+                    void err;
+                    return false;
+                }
+            }
+            function guessTR(output) {
+                try {
+                    payments.p2tr({ output });
+                    return true;
+                }
+                catch (err) {
+                    void err;
+                    return false;
+                }
+            }
+            const isPKH = guessPKH(this.getScriptPubKey());
+            const isWPKH = guessWPKH(this.getScriptPubKey());
+            const isSH = guessSH(this.getScriptPubKey());
+            const isWSH = guessWSH(this.getScriptPubKey());
+            const isTR = guessTR(this.getScriptPubKey());
+            if ([isPKH, isWPKH, isSH, isWSH, isTR].filter(Boolean).length > 1)
+                throw new Error('Cannot have multiple output types.');
+            return { isPKH, isWPKH, isSH, isWSH, isTR };
+        }
+        // References for inputWeight & outputWeight:
+        // https://gist.github.com/junderw/b43af3253ea5865ed52cb51c200ac19c
+        // https://bitcoinops.org/en/tools/calc-size/
+        // Look for byteLength: https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/ts_src/transaction.ts
+        // https://github.com/bitcoinjs/coinselect/blob/master/utils.js
+        // https://bitcoin.stackexchange.com/questions/111395/what-is-the-weight-of-a-p2tr-input
+        /**
+         * Computes the Weight Unit contributions of this Output as if it were the
+         * input in a tx.
+         *
+         * *NOTE:* When the descriptor in an input is `addr(address)`, it is assumed
+         * that any `addr(SH_TYPE_ADDRESS)` is in fact a Segwit `SH_WPKH`
+         * (Script Hash-Witness Public Key Hash).
+         *, Also any `addr(SINGLE_KEY_ADDRESS)` * is assumed to be a single key Taproot
+         * address (like those defined in BIP86).
+         * For inputs using arbitrary scripts (not standard addresses),
+         * use a descriptor in the format `sh(MINISCRIPT)`, `wsh(MINISCRIPT)` or
+         * `tr(KEY,TREE)` for taproot script-path expressions.
+         */
+        // NOTE(taproot-weight): Output instances are concrete. If descriptor has
+        // wildcards, constructor requires `index`. No ranged-without-index
+        // estimation is attempted here.
+        // TODO(taproot-weight): Remaining items:
+        // - Annex: not modeled; if annex is used, add witness item sizing.
+        // - Taproot sighash defaults: options.taprootSighash currently drives fake
+        //   signature sizing; ensure coinselector passes the intended mode.
+        // - After PSBT taproot script-path fields are fully populated, add regtest
+        //   integration fixtures comparing real tx vsize with inputWeight/outputWeight
+        //   estimates for taproot key-path and script-path spends.
+        inputWeight(
+        /**
+         * Indicates if the transaction is a Segwit transaction.
+         * If a transaction isSegwitTx, a single byte is then also required for
+         * non-witness inputs to encode the length of the empty witness stack:
+         * encodeLength(0) + 0 = 1
+         * Read more:
+         * https://gist.github.com/junderw/b43af3253ea5865ed52cb51c200ac19c?permalink_comment_id=4760512#gistcomment-4760512
+         */
+        isSegwitTx, 
+        /*
+         *  Array of `PartialSig`. Each `PartialSig` includes
+         *  a public key and its corresponding signature. This parameter
+         *  enables the accurate calculation of signature sizes for ECDSA.
+         *  Pass 'DANGEROUSLY_USE_FAKE_SIGNATURES' to assume
+         *  ECDSA_FAKE_SIGNATURE_SIZE bytes for ECDSA.
+         *  For taproot, the fake signature size is controlled by
+         *  options.taprootSighash (64 for 'SIGHASH_DEFAULT', 65
+         *  for 'non-SIGHASH_DEFAULT'). default value is SIGHASH_DEFAULT
+         *  Mainly used for testing.
+         */
+        signatures, 
+        /*
+         *  Options that affect taproot fake signature sizing.
+         *  taprootSighash: 'SIGHASH_DEFAULT' | 'non-SIGHASH_DEFAULT' (default: 'SIGHASH_DEFAULT').
+         *  This is only used when signatures === 'DANGEROUSLY_USE_FAKE_SIGNATURES'.
+         */
+        options = {
+            taprootSighash: 'SIGHASH_DEFAULT'
+        }) {
+            const taprootSighash = options.taprootSighash ?? 'SIGHASH_DEFAULT';
+            if (this.isSegwit() && !isSegwitTx)
+                throw new Error(`a tx is segwit if at least one input is segwit`);
+            //expand any miniscript-based descriptor. If not miniscript-based, then it's
+            //an addr() descriptor. For those, we can only guess their type.
+            const expansion = this.expand().expandedExpression;
+            const { isPKH, isWPKH, isSH, isTR } = this.guessOutput();
+            const errorMsg = `Input type not implemented. Currently supported: pkh(KEY), wpkh(KEY), tr(KEY), \
+sh(wpkh(KEY)), sh(wsh(MINISCRIPT)), sh(MINISCRIPT), wsh(MINISCRIPT), \
+addr(PKH_ADDRESS), addr(WPKH_ADDRESS), addr(SH_WPKH_ADDRESS), addr(SINGLE_KEY_ADDRESS). \
+expansion=${expansion}, isPKH=${isPKH}, isWPKH=${isWPKH}, isSH=${isSH}, isTR=${isTR}.`;
+            if (!expansion && !isPKH && !isWPKH && !isSH && !isTR)
+                throw new Error(errorMsg);
+            const resolveEcdsaSignatureSize = () => {
+                if (signatures === 'DANGEROUSLY_USE_FAKE_SIGNATURES')
+                    return ((0, varuint_bitcoin_1.encodingLength)(ECDSA_FAKE_SIGNATURE_SIZE) +
+                        ECDSA_FAKE_SIGNATURE_SIZE);
+                if (signatures.length !== 1)
+                    throw new Error('More than one signture was not expected');
+                const singleSignature = signatures[0];
+                if (!singleSignature)
+                    throw new Error('Signatures not present');
+                const length = singleSignature.signature.length;
+                return (0, varuint_bitcoin_1.encodingLength)(length) + length;
+            };
+            const resolveMiniscriptSignatures = () => {
+                const signerPubKeys = __classPrivateFieldGet(this, _Output_instances, "m", _Output_resolveMiniscriptSignersPubKeys).call(this);
+                if (signatures === 'DANGEROUSLY_USE_FAKE_SIGNATURES') {
+                    return signerPubKeys.map(pubkey => ({
+                        pubkey,
+                        // https://transactionfee.info/charts/bitcoin-script-ecdsa-length/
+                        signature: new Uint8Array(ECDSA_FAKE_SIGNATURE_SIZE)
+                    }));
+                }
+                const providedSignerPubKeysSet = new Set(signatures.map(sig => (0, uint8array_tools_1.toHex)(sig.pubkey)));
+                const missingSignerPubKeys = signerPubKeys.filter(pubkey => !providedSignerPubKeysSet.has((0, uint8array_tools_1.toHex)(pubkey)));
+                if (missingSignerPubKeys.length > 0)
+                    throw new Error(`Error: inputWeight expected signatures for all planned miniscript signers. Missing ${missingSignerPubKeys.length} signer(s)`);
+                const signerPubKeysSet = new Set(signerPubKeys.map(pubkey => (0, uint8array_tools_1.toHex)(pubkey)));
+                return signatures.filter(sig => signerPubKeysSet.has((0, uint8array_tools_1.toHex)(sig.pubkey)));
+            };
+            const taprootFakeSignatureSize = taprootSighash === 'SIGHASH_DEFAULT'
+                ? TAPROOT_FAKE_SIGNATURE_SIZE
+                : TAPROOT_FAKE_SIGNATURE_SIZE + 1;
+            const resolvePlannedTaprootRequiredPubKeys = () => {
+                const tapTreeSignerPubKeys = __classPrivateFieldGet(this, _Output_instances, "m", _Output_resolveTapTreeSignersPubKeys).call(this).map(tapMiniscript_1.normalizeTaprootPubkey);
+                const taggedFakeSignatures = tapTreeSignerPubKeys.map((pubkey, index) => ({
+                    pubkey,
+                    signature: new Uint8Array(taprootFakeSignatureSize).fill(index + 1)
+                }));
+                const plannedTaprootSatisfaction = this.getTapScriptSatisfaction(taggedFakeSignatures);
+                const requiredPubkeys = taggedFakeSignatures
+                    .filter(fakeSignature => plannedTaprootSatisfaction.stackItems.some(stackItem => (0, uint8array_tools_1.compare)(stackItem, fakeSignature.signature) === 0))
+                    .map(fakeSignature => fakeSignature.pubkey);
+                return Array.from(new Set(requiredPubkeys.map(pubkey => (0, uint8array_tools_1.toHex)(pubkey))))
+                    .map(hex => (0, uint8array_tools_1.fromHex)(hex))
+                    .map(tapMiniscript_1.normalizeTaprootPubkey);
+            };
+            const resolveTaprootSignatures = () => {
+                if (signatures === 'DANGEROUSLY_USE_FAKE_SIGNATURES') {
+                    return __classPrivateFieldGet(this, _Output_instances, "m", _Output_resolveTapTreeSignersPubKeys).call(this).map(pubkey => ({
+                        pubkey,
+                        signature: new Uint8Array(taprootFakeSignatureSize)
+                    }));
+                }
+                const normalizedSignatures = signatures.map(sig => ({
+                    pubkey: (0, tapMiniscript_1.normalizeTaprootPubkey)(sig.pubkey),
+                    signature: sig.signature
+                }));
+                const plannedRequiredPubKeys = resolvePlannedTaprootRequiredPubKeys();
+                const providedTapTreeSignerPubKeysSet = new Set(normalizedSignatures.map(sig => (0, uint8array_tools_1.toHex)(sig.pubkey)));
+                const missingTapTreeSignerPubKeys = plannedRequiredPubKeys.filter(pubkey => !providedTapTreeSignerPubKeysSet.has((0, uint8array_tools_1.toHex)(pubkey)));
+                if (missingTapTreeSignerPubKeys.length > 0)
+                    throw new Error(`Error: inputWeight expected signatures for the planned taproot script-path satisfaction. Missing ${missingTapTreeSignerPubKeys.length} signer(s)`);
+                const plannedRequiredPubKeysSet = new Set(plannedRequiredPubKeys.map(pubkey => (0, uint8array_tools_1.toHex)(pubkey)));
+                return normalizedSignatures.filter(sig => plannedRequiredPubKeysSet.has((0, uint8array_tools_1.toHex)(sig.pubkey)));
+            };
+            const resolveTaprootSignatureSize = () => {
+                let length;
+                if (signatures === 'DANGEROUSLY_USE_FAKE_SIGNATURES') {
+                    length = taprootFakeSignatureSize;
+                }
+                else {
+                    const normalizedSignatures = signatures.map(sig => ({
+                        pubkey: (0, tapMiniscript_1.normalizeTaprootPubkey)(sig.pubkey),
+                        signature: sig.signature
+                    }));
+                    const internalPubkey = this.getPayment().internalPubkey;
+                    if (!internalPubkey) {
+                        //addr() of tr addresses may not have internalPubkey
+                        if (normalizedSignatures.length !== 1)
+                            throw new Error('Error: inputWeight for addr(TR_ADDRESS) requires exactly one signature. Internal taproot pubkey is unavailable in addr() descriptors; use tr(KEY) for strict key matching.');
+                        const singleSignature = normalizedSignatures[0];
+                        if (!singleSignature)
+                            throw new Error('Signatures not present');
+                        length = singleSignature.signature.length;
+                        return (0, varuint_bitcoin_1.encodingLength)(length) + length;
+                    }
+                    const normalizedInternalPubkey = (0, tapMiniscript_1.normalizeTaprootPubkey)(internalPubkey);
+                    const keyPathSignatures = normalizedSignatures.filter(sig => (0, uint8array_tools_1.compare)(sig.pubkey, normalizedInternalPubkey) === 0);
+                    if (keyPathSignatures.length !== 1)
+                        throw new Error('More than one signture was not expected');
+                    const singleSignature = keyPathSignatures[0];
+                    if (!singleSignature)
+                        throw new Error('Signatures not present');
+                    length = singleSignature.signature.length;
+                }
+                return (0, varuint_bitcoin_1.encodingLength)(length) + length;
+            };
+            const taprootSpendPath = __classPrivateFieldGet(this, _Output_taprootSpendPath, "f");
+            if (expansion ? expansion.startsWith('pkh(') : isPKH) {
+                return (
+                // Non-segwit: (txid:32) + (vout:4) + (sequence:4) + (script_len:1) + (sig:73) + (pubkey:34)
+                (32 + 4 + 4 + 1 + resolveEcdsaSignatureSize() + 34) * 4 +
+                    //Segwit:
+                    (isSegwitTx ? 1 : 0));
+            }
+            else if (expansion ? expansion.startsWith('wpkh(') : isWPKH) {
+                if (!isSegwitTx)
+                    throw new Error('Should be SegwitTx');
+                return (
+                // Non-segwit: (txid:32) + (vout:4) + (sequence:4) + (script_len:1)
+                41 * 4 +
+                    // Segwit: (push_count:1) + (sig:73) + (pubkey:34)
+                    (1 + resolveEcdsaSignatureSize() + 34));
+            }
+            else if (expansion ? expansion.startsWith('sh(wpkh(') : isSH) {
+                if (!isSegwitTx)
+                    throw new Error('Should be SegwitTx');
+                return (
+                // Non-segwit: (txid:32) + (vout:4) + (sequence:4) + (script_len:1) + (p2wpkh:23)
+                //  -> p2wpkh_script: OP_0 OP_PUSH20 <public_key_hash>
+                //  -> p2wpkh: (script_len:1) + (script:22)
+                64 * 4 +
+                    // Segwit: (push_count:1) + (sig:73) + (pubkey:34)
+                    (1 + resolveEcdsaSignatureSize() + 34));
+            }
+            else if (expansion?.startsWith('sh(wsh(')) {
+                if (!isSegwitTx)
+                    throw new Error('Should be SegwitTx');
+                const witnessScript = this.getWitnessScript();
+                if (!witnessScript)
+                    throw new Error('sh(wsh) must provide witnessScript');
+                const payment = payments.p2sh({
+                    redeem: payments.p2wsh({
+                        redeem: {
+                            input: this.getScriptSatisfaction(resolveMiniscriptSignatures())
+                                .scriptSatisfaction,
+                            output: witnessScript
+                        }
+                    })
+                });
+                if (!payment || !payment.input || !payment.witness)
+                    throw new Error('Could not create payment');
+                return (
+                //Non-segwit
+                4 * (40 + varSliceSize(payment.input)) +
+                    //Segwit
+                    vectorSize(payment.witness));
+            }
+            else if (expansion?.startsWith('sh(')) {
+                const redeemScript = this.getRedeemScript();
+                if (!redeemScript)
+                    throw new Error('sh() must provide redeemScript');
+                const payment = payments.p2sh({
+                    redeem: {
+                        input: this.getScriptSatisfaction(resolveMiniscriptSignatures())
+                            .scriptSatisfaction,
+                        output: redeemScript
+                    }
+                });
+                if (!payment || !payment.input)
+                    throw new Error('Could not create payment');
+                if (payment.witness?.length)
+                    throw new Error('A legacy p2sh payment should not cointain a witness');
+                return (
+                //Non-segwit
+                4 * (40 + varSliceSize(payment.input)) +
+                    //Segwit:
+                    (isSegwitTx ? 1 : 0));
+            }
+            else if (expansion?.startsWith('wsh(')) {
+                const witnessScript = this.getWitnessScript();
+                if (!witnessScript)
+                    throw new Error('wsh must provide witnessScript');
+                const payment = payments.p2wsh({
+                    redeem: {
+                        input: this.getScriptSatisfaction(resolveMiniscriptSignatures())
+                            .scriptSatisfaction,
+                        output: witnessScript
+                    }
+                });
+                if (!payment || !payment.input || !payment.witness)
+                    throw new Error('Could not create payment');
+                return (
+                //Non-segwit
+                4 * (40 + varSliceSize(payment.input)) +
+                    //Segwit
+                    vectorSize(payment.witness));
+                // when tr(KEY,TREE): choose key-path or script-path based on
+                // constructor taprootSpendPath policy.
+            }
+            else if (expansion?.startsWith('tr(@0,')) {
+                if (!isSegwitTx)
+                    throw new Error('Should be SegwitTx');
+                if (taprootSpendPath === 'key')
+                    return 41 * 4 + (0, varuint_bitcoin_1.encodingLength)(1) + resolveTaprootSignatureSize();
+                const taprootSatisfaction = this.getTapScriptSatisfaction(resolveTaprootSignatures());
+                return 41 * 4 + taprootSatisfaction.totalWitnessSize;
+            }
+            else if (isTR && (!expansion || expansion === 'tr(@0)')) {
+                if (!isSegwitTx)
+                    throw new Error('Should be SegwitTx');
+                return (
+                // Non-segwit: (txid:32) + (vout:4) + (sequence:4) + (script_len:1)
+                41 * 4 +
+                    // Segwit: (push_count:1) + (sig_length(1) + schnorr_sig(64/65))
+                    ((0, varuint_bitcoin_1.encodingLength)(1) + resolveTaprootSignatureSize()));
+            }
+            else {
+                throw new Error(errorMsg);
+            }
+        }
+        /**
+         * Computes the Weight Unit contributions of this Output as if it were the
+         * output in a tx.
+         */
+        outputWeight() {
+            //expand any miniscript-based descriptor. If not miniscript-based, then it's
+            //an addr() descriptor. For those, we can only guess their type.
+            const { isPKH, isWPKH, isSH, isWSH, isTR } = this.guessOutput();
+            const errorMsg = `Output type not implemented. Currently supported: pkh=${isPKH}, wpkh=${isWPKH}, tr=${isTR}, sh=${isSH} and wsh=${isWSH}.`;
+            if (isPKH) {
+                // (p2pkh:26) + (amount:8)
+                return 34 * 4;
+            }
+            else if (isWPKH) {
+                // (p2wpkh:23) + (amount:8)
+                return 31 * 4;
+            }
+            else if (isSH) {
+                // (p2sh:24) + (amount:8)
+                return 32 * 4;
+            }
+            else if (isWSH) {
+                // (p2wsh:35) + (amount:8)
+                return 43 * 4;
+            }
+            else if (isTR) {
+                // (script_pubKey_length:1) + (p2t2(OP_1 OP_PUSH32 <schnorr_public_key>):34) + (amount:8)
+                return 43 * 4;
+            }
+            else {
+                throw new Error(errorMsg);
+            }
+        }
+        /**
+         * Sets this output as an input of the provided `psbt` and updates the
+         * `psbt` locktime if required by the descriptor.
+         *
+         * `psbt` and `vout` are mandatory. Include `txHex` as well. The pair
+         * `vout` and `txHex` define the transaction and output number this instance
+         * pertains to.
+         *
+         * Though not advised, for Segwit inputs you can pass `txId` and `value`
+         * in lieu of `txHex`. If doing so, ensure `value` accuracy to avoid
+         * potential fee attacks -
+         * [See this issue](https://github.com/bitcoinjs/bitcoinjs-lib/issues/1625).
+         *
+         * Note: Hardware wallets need the [full `txHex` for Segwit](https://blog.trezor.io/details-of-firmware-updates-for-trezor-one-version-1-9-1-and-trezor-model-t-version-2-3-1-1eba8f60f2dd).
+         *
+         * When unsure, always use `txHex`, and skip `txId` and `value` for safety.
+         *
+         * Use `rbf` to mark whether this tx can be replaced with another with
+         * higher fee while being in the mempool. Note that a tx will automatically
+         * be marked as replacable if a single input requests it.
+         * Note that any transaction using a relative timelock (nSequence < 0x80000000)
+         * also falls within the RBF range (nSequence < 0xFFFFFFFE), making it
+         * inherently replaceable. So don't set `rbf` to false if this is tx uses
+         * relative time locks.
+         *
+         * @returns A finalizer function to be used after signing the `psbt`.
+         * This function ensures that this input is properly finalized.
+         * The finalizer completes the PSBT input by adding the unlocking script
+         * (`scriptWitness` or `scriptSig`) that satisfies this `Output`'s spending
+         * conditions. Because these scripts include signatures, you should finish
+         * all signing operations before calling the finalizer.
+         * The finalizer has this signature:
+         *
+         * `( { psbt, validate = true } : { psbt: PsbtLike | ScureTransactionLike; validate: boolean | undefined } ) => void`
+         *
+         * where `psbt` can be either a
+         * {@link https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/ts_src/psbt.ts | bitcoinjs-lib `Psbt`}
+         * or a {@link https://github.com/paulmillr/scure-btc-signer | `@scure/btc-signer` `Transaction`}.
+         *
+         */
+        updatePsbtAsInput({ psbt, txHex, txId, value, vout, //vector output index
+        rbf = true }) {
+            // Normalize to Psbt interface
+            psbt = (0, psbt_1.toPsbt)(psbt);
+            if (value !== undefined && typeof value !== 'bigint')
+                throw new Error(`Error: value must be a bigint`);
+            if (value !== undefined && value < 0n)
+                throw new Error(`Error: value must be >= 0n`);
+            if (txHex === undefined) {
+                console.warn(`Warning: missing txHex may allow fee attacks`);
+            }
+            const isSegwit = this.isSegwit();
+            if (isSegwit === undefined) {
+                //This should only happen when using addr() expressions
+                throw new Error(`Error: could not determine whether this is a segwit descriptor`);
+            }
+            const isTaproot = this.isTaproot();
+            if (isTaproot === undefined) {
+                //This should only happen when using addr() expressions
+                throw new Error(`Error: could not determine whether this is a taproot descriptor`);
+            }
+            const paymentInternalPubkey = this.getPayment().internalPubkey;
+            const tapInternalKey = isTaproot
+                ? paymentInternalPubkey
+                    ? paymentInternalPubkey
+                    : undefined
+                : undefined;
+            let tapLeafScript;
+            let tapBip32Derivation;
+            if (isTaproot && __classPrivateFieldGet(this, _Output_taprootSpendPath, "f") === 'script') {
+                const tapTreeInfo = __classPrivateFieldGet(this, _Output_tapTreeInfo, "f");
+                if (!tapTreeInfo)
+                    throw new Error(`Error: taprootSpendPath=script requires taproot tree info`);
+                if (!tapInternalKey)
+                    throw new Error(`Error: taprootSpendPath=script requires taproot internal key`);
+                const taprootLeafMetadata = (0, tapMiniscript_1.buildTaprootLeafPsbtMetadata)({
+                    tapTreeInfo,
+                    internalPubkey: tapInternalKey,
+                    payments
+                });
+                tapLeafScript = taprootLeafMetadata.map(({ leaf, controlBlock }) => ({
+                    script: leaf.tapScript,
+                    leafVersion: leaf.version,
+                    controlBlock
+                }));
+                const internalKeyInfo = __classPrivateFieldGet(this, _Output_expansionMap, "f")?.['@0'];
+                if (!internalKeyInfo)
+                    throw new Error(`Error: taproot internal key info not available in expansionMap`);
+                tapBip32Derivation = (0, tapMiniscript_1.buildTaprootBip32Derivations)({
+                    tapTreeInfo,
+                    internalKeyInfo
+                });
+            }
+            const index = (0, psbt_1.addPsbtInput)({
+                psbt,
+                vout,
+                ...(txHex !== undefined ? { txHex } : {}),
+                ...(txId !== undefined ? { txId } : {}),
+                ...(value !== undefined ? { value } : {}),
+                tapInternalKey,
+                tapLeafScript,
+                tapBip32Derivation,
+                sequence: this.getSequence(),
+                locktime: this.getLockTime(),
+                keysInfo: __classPrivateFieldGet(this, _Output_expansionMap, "f") ? Object.values(__classPrivateFieldGet(this, _Output_expansionMap, "f")) : [],
+                scriptPubKey: this.getScriptPubKey(),
+                isSegwit,
+                witnessScript: this.getWitnessScript(),
+                redeemScript: this.getRedeemScript(),
+                rbf,
+                Transaction
+            });
+            //The finalizer adds the unlocking script (scriptSig/scriptWitness) once
+            //signatures are ready.
+            const finalizer = ({ psbt, validate = true }) => {
+                // Normalize to Psbt interface for finalization
+                psbt = (0, psbt_1.toPsbt)(psbt);
+                if (validate &&
+                    !psbt.validateSignaturesOfInput(index, signatureValidator)) {
+                    throw new Error(`Error: invalid signatures on input ${index}`);
+                }
+                //An index must be passed since finding the index in the psbt cannot be
+                //done:
+                //Imagine the case where you received money twice to
+                //the same miniscript-based address. You would have the same scriptPubKey,
+                //same sequences, ... The descriptor does not store the hash of the previous
+                //transaction since it is a general Output instance. Indices must be kept
+                //out of the scope of this class and then passed.
+                __classPrivateFieldGet(this, _Output_instances, "m", _Output_assertPsbtInput).call(this, { index, psbt });
+                if (__classPrivateFieldGet(this, _Output_isTaproot, "f") &&
+                    __classPrivateFieldGet(this, _Output_taprootSpendPath, "f") === 'script' &&
+                    !__classPrivateFieldGet(this, _Output_tapTreeInfo, "f"))
+                    throw new Error(`Error: taprootSpendPath=script requires taproot tree info`);
+                if (__classPrivateFieldGet(this, _Output_tapTreeInfo, "f") && __classPrivateFieldGet(this, _Output_taprootSpendPath, "f") === 'script') {
+                    const input = psbt.data.inputs[index];
+                    const tapLeafScript = input?.tapLeafScript;
+                    if (!tapLeafScript || tapLeafScript.length === 0)
+                        throw new Error(`Error: cannot finalize taproot script-path without tapLeafScript`);
+                    const tapScriptSig = input?.tapScriptSig;
+                    if (!tapScriptSig || tapScriptSig.length === 0)
+                        throw new Error(`Error: cannot finalize taproot script-path without tapScriptSig`);
+                    const taprootSatisfaction = this.getTapScriptSatisfaction(tapScriptSig);
+                    const matchingLeaf = tapLeafScript.find(leafScript => (0, uint8array_tools_1.compare)((0, bitcoinjs_lib_internals_1.tapleafHash)({
+                        output: leafScript.script,
+                        version: leafScript.leafVersion
+                    }), taprootSatisfaction.tapLeafHash) === 0);
+                    if (!matchingLeaf)
+                        throw new Error(`Error: tapLeafScript does not match planned tapLeafHash`);
+                    if ((0, uint8array_tools_1.compare)(matchingLeaf.script, taprootSatisfaction.leaf.tapScript) !==
+                        0 ||
+                        matchingLeaf.leafVersion !== taprootSatisfaction.leaf.version)
+                        throw new Error(`Error: tapLeafScript does not match planned leaf script`);
+                    const witness = [
+                        ...taprootSatisfaction.stackItems,
+                        matchingLeaf.script,
+                        matchingLeaf.controlBlock
+                    ];
+                    const finalScriptWitness = (0, bitcoinjs_lib_internals_1.witnessStackToScriptWitness)(witness);
+                    psbt.finalizeTaprootInput(index, undefined, () => ({
+                        finalScriptWitness
+                    }));
+                }
+                else if (!__classPrivateFieldGet(this, _Output_miniscript, "f")) {
+                    //Use standard finalizers
+                    psbt.finalizeInput(index);
+                }
+                else {
+                    const signatures = psbt.data.inputs[index]?.partialSig;
+                    if (!signatures)
+                        throw new Error(`Error: cannot finalize without signatures`);
+                    const { scriptSatisfaction } = this.getScriptSatisfaction(signatures);
+                    psbt.finalizeInput(index, (0, psbt_1.finalScriptsFuncFactory)(scriptSatisfaction, __classPrivateFieldGet(this, _Output_network, "f"), payments));
+                }
+            };
+            return finalizer;
+        }
+        /**
+         * Adds this output as an output of the provided `psbt` with the given
+         * value.
+         * @param params - The parameters for the method.
+         * @param params.psbt - Either a
+         * {@link https://github.com/bitcoinjs/bitcoinjs-lib/blob/master/ts_src/psbt.ts | bitcoinjs-lib `Psbt`}
+         * or a {@link https://github.com/paulmillr/scure-btc-signer | `@scure/btc-signer` `Transaction`}.
+         * @param params.value - The value for the output in satoshis.
+         */
+        updatePsbtAsOutput({ psbt, value }) {
+            if (typeof value !== 'bigint')
+                throw new Error(`Error: value must be a bigint`);
+            if (value < 0n)
+                throw new Error(`Error: value must be >= 0n`);
+            // Normalize to Psbt interface
+            psbt = (0, psbt_1.toPsbt)(psbt);
+            psbt.addOutput({ script: this.getScriptPubKey(), value });
+        }
+        /**
+         * Decomposes the descriptor used to form this `Output` into its elemental
+         * parts. See {@link ExpansionMap ExpansionMap} for a detailed explanation.
+         */
+        expand() {
+            return {
+                ...(__classPrivateFieldGet(this, _Output_expandedExpression, "f") !== undefined
+                    ? { expandedExpression: __classPrivateFieldGet(this, _Output_expandedExpression, "f") }
+                    : {}),
+                ...(__classPrivateFieldGet(this, _Output_miniscript, "f") !== undefined
+                    ? { miniscript: __classPrivateFieldGet(this, _Output_miniscript, "f") }
+                    : {}),
+                ...(__classPrivateFieldGet(this, _Output_expandedMiniscript, "f") !== undefined
+                    ? { expandedMiniscript: __classPrivateFieldGet(this, _Output_expandedMiniscript, "f") }
+                    : {}),
+                ...(__classPrivateFieldGet(this, _Output_tapTreeExpression, "f") !== undefined
+                    ? { tapTreeExpression: __classPrivateFieldGet(this, _Output_tapTreeExpression, "f") }
+                    : {}),
+                ...(__classPrivateFieldGet(this, _Output_tapTree, "f") !== undefined ? { tapTree: __classPrivateFieldGet(this, _Output_tapTree, "f") } : {}),
+                ...(__classPrivateFieldGet(this, _Output_tapTreeInfo, "f") !== undefined
+                    ? { tapTreeInfo: __classPrivateFieldGet(this, _Output_tapTreeInfo, "f") }
+                    : {}),
+                ...(__classPrivateFieldGet(this, _Output_expansionMap, "f") !== undefined
+                    ? { expansionMap: __classPrivateFieldGet(this, _Output_expansionMap, "f") }
+                    : {})
+            };
+        }
+    }
+    _Output_payment = new WeakMap(), _Output_preimages = new WeakMap(), _Output_signersPubKeys = new WeakMap(), _Output_miniscript = new WeakMap(), _Output_witnessScript = new WeakMap(), _Output_redeemScript = new WeakMap(), _Output_isSegwit = new WeakMap(), _Output_isTaproot = new WeakMap(), _Output_expandedExpression = new WeakMap(), _Output_expandedMiniscript = new WeakMap(), _Output_tapTreeExpression = new WeakMap(), _Output_tapTree = new WeakMap(), _Output_tapTreeInfo = new WeakMap(), _Output_taprootSpendPath = new WeakMap(), _Output_tapLeaf = new WeakMap(), _Output_expansionMap = new WeakMap(), _Output_network = new WeakMap(), _Output_instances = new WeakSet(), _Output_resolveMiniscriptSignersPubKeys = function _Output_resolveMiniscriptSignersPubKeys() {
+        //If the user did not provide a pubkey subset (signersPubKeys), assume all
+        //miniscript pubkeys can sign.
+        if (__classPrivateFieldGet(this, _Output_signersPubKeys, "f"))
+            return __classPrivateFieldGet(this, _Output_signersPubKeys, "f");
+        const expansionMap = __classPrivateFieldGet(this, _Output_expansionMap, "f");
+        if (!expansionMap)
+            throw new Error(`Error: expansionMap not available for miniscript`);
+        return Object.values(expansionMap).map(keyInfo => {
+            const pubkey = keyInfo.pubkey;
+            if (!pubkey)
+                throw new Error(`Error: miniscript key missing pubkey`);
+            return pubkey;
+        });
+    }, _Output_assertMiniscriptSatisfactionResourceLimits = function _Output_assertMiniscriptSatisfactionResourceLimits(scriptSatisfaction) {
+        if (!__classPrivateFieldGet(this, _Output_miniscript, "f"))
+            return;
+        const satisfactionStackItems = scriptLib.toStack(scriptSatisfaction);
+        // For wsh(...) and sh(wsh(...)), enforce witness stack limits.
+        if (__classPrivateFieldGet(this, _Output_isSegwit, "f") && !__classPrivateFieldGet(this, _Output_isTaproot, "f")) {
+            (0, resourceLimits_1.assertWitnessV0SatisfactionResourceLimits)({
+                stackItems: satisfactionStackItems
+            });
+            return;
+        }
+        if (!__classPrivateFieldGet(this, _Output_isSegwit, "f")) {
+            // In legacy P2SH, after scriptSig execution, the stack is:
+            //   [ ...satisfactionStackItems, redeemScript ]
+            // Consensus limits apply here: each element must be <= 520 bytes and total
+            // stack items must be <= 1000.
+            // redeemScript size is already validated during script construction
+            // to fail early (look for MAX_SCRIPT_ELEMENT_SIZE checks in this file).
+            // Below we re-validate again the redeemScript + the rest of stack items.
+            const redeemScript = __classPrivateFieldGet(this, _Output_redeemScript, "f");
+            if (!redeemScript)
+                throw new Error(`Error: redeemScript not available for P2SH spend`);
+            (0, resourceLimits_1.assertConsensusStackResourceLimits)({
+                stackItems: [...satisfactionStackItems, redeemScript]
+            });
+            (0, resourceLimits_1.assertP2shScriptSigStandardSize)({
+                scriptSatisfaction,
+                redeemScript,
+                network: __classPrivateFieldGet(this, _Output_network, "f"),
+                payments
+            });
+        }
+    }, _Output_resolveTapTreeSignersPubKeys = function _Output_resolveTapTreeSignersPubKeys() {
+        //If the user did not provide a pubkey subset (signersPubKeys), assume all
+        //taproot leaf pubkeys can sign.
+        const tapTreeInfo = __classPrivateFieldGet(this, _Output_tapTreeInfo, "f");
+        if (!tapTreeInfo)
+            throw new Error(`Error: taproot tree info not available`);
+        const candidatePubkeys = __classPrivateFieldGet(this, _Output_signersPubKeys, "f")
+            ? __classPrivateFieldGet(this, _Output_signersPubKeys, "f").map(tapMiniscript_1.normalizeTaprootPubkey)
+            : (0, tapMiniscript_1.collectTapTreePubkeys)(tapTreeInfo);
+        return Array.from(new Set(candidatePubkeys.map(pubkey => (0, uint8array_tools_1.toHex)(pubkey)))).map(hex => (0, uint8array_tools_1.fromHex)(hex));
+    }, _Output_getConstraints = function _Output_getConstraints() {
+        const miniscript = __classPrivateFieldGet(this, _Output_miniscript, "f");
+        const preimages = __classPrivateFieldGet(this, _Output_preimages, "f");
+        const expandedMiniscript = __classPrivateFieldGet(this, _Output_expandedMiniscript, "f");
+        const expansionMap = __classPrivateFieldGet(this, _Output_expansionMap, "f");
+        const tapTreeInfo = __classPrivateFieldGet(this, _Output_tapTreeInfo, "f");
+        //Create a method. solvePreimages to solve them.
+        if (miniscript) {
+            if (expandedMiniscript === undefined || expansionMap === undefined)
+                throw new Error(`Error: cannot get time constraints from not expanded miniscript ${miniscript}`);
+            //We create some fakeSignatures since we may not have them yet.
+            //We only want to retrieve the nLockTime and nSequence of the satisfaction and
+            //signatures don't matter
+            const fakeSignatures = __classPrivateFieldGet(this, _Output_instances, "m", _Output_resolveMiniscriptSignersPubKeys).call(this).map(pubkey => ({
+                pubkey,
+                signature: new Uint8Array(ECDSA_FAKE_SIGNATURE_SIZE)
+            }));
+            const satisfaction = (0, miniscript_1.satisfyMiniscript)({
+                expandedMiniscript,
+                expansionMap,
+                signatures: fakeSignatures,
+                preimages,
+                scriptLib
+            });
+            __classPrivateFieldGet(this, _Output_instances, "m", _Output_assertMiniscriptSatisfactionResourceLimits).call(this, satisfaction.scriptSatisfaction);
+            const { nLockTime, nSequence } = satisfaction;
+            return { nLockTime, nSequence, tapLeafHash: undefined };
+        }
+        else if (tapTreeInfo && __classPrivateFieldGet(this, _Output_taprootSpendPath, "f") === 'script') {
+            const fakeSignatures = __classPrivateFieldGet(this, _Output_instances, "m", _Output_resolveTapTreeSignersPubKeys).call(this).map(pubkey => ({
+                pubkey,
+                signature: new Uint8Array(TAPROOT_FAKE_SIGNATURE_SIZE)
+            }));
+            const { nLockTime, nSequence, tapLeafHash } = (0, tapMiniscript_1.satisfyTapTree)({
+                tapTreeInfo,
+                preimages: __classPrivateFieldGet(this, _Output_preimages, "f"),
+                signatures: fakeSignatures,
+                ...(__classPrivateFieldGet(this, _Output_tapLeaf, "f") !== undefined ? { tapLeaf: __classPrivateFieldGet(this, _Output_tapLeaf, "f") } : {}),
+                scriptLib
+            });
+            return { nLockTime, nSequence, tapLeafHash };
+        }
+        return undefined;
+    }, _Output_assertPsbtInput = function _Output_assertPsbtInput({ psbt, index }) {
+        // Normalize to Psbt interface
+        psbt = (0, psbt_1.toPsbt)(psbt);
+        const input = psbt.data.inputs[index];
+        const txInput = psbt.txInputs[index];
+        if (!input || !txInput)
+            throw new Error(`Error: invalid input or txInput`);
+        const { sequence: inputSequence, index: vout } = txInput;
+        let scriptPubKey;
+        if (input.witnessUtxo)
+            scriptPubKey = input.witnessUtxo.script;
+        else {
+            if (!input.nonWitnessUtxo)
+                throw new Error(`Error: input should have either witnessUtxo or nonWitnessUtxo`);
+            const tx = Transaction.fromBuffer(input.nonWitnessUtxo);
+            const out = tx.outs[vout];
+            if (!out)
+                throw new Error(`Error: utxo should exist`);
+            scriptPubKey = out.script;
+        }
+        const locktime = this.getLockTime() || 0;
+        const sequence = this.getSequence();
+        //We don't know whether the user opted for RBF or not. So check that
+        //at least one of the 2 sequences matches.
+        const sequenceNoRBF = sequence !== undefined
+            ? sequence
+            : locktime === 0
+                ? 0xffffffff
+                : 0xfffffffe;
+        const sequenceRBF = sequence !== undefined ? sequence : 0xfffffffd;
+        const eqBytes = (bytes1, bytes2) => bytes1 === undefined || bytes2 === undefined
+            ? bytes1 === bytes2
+            : (0, uint8array_tools_1.compare)(bytes1, bytes2) === 0;
+        if ((0, uint8array_tools_1.compare)(scriptPubKey, this.getScriptPubKey()) !== 0 ||
+            (sequenceRBF !== inputSequence && sequenceNoRBF !== inputSequence) ||
+            locktime !== psbt.locktime ||
+            !eqBytes(this.getWitnessScript(), input.witnessScript) ||
+            !eqBytes(this.getRedeemScript(), input.redeemScript)) {
+            throw new Error(`Error: cannot finalize psbt index ${index} since it does not correspond to this descriptor`);
+        }
+    };
+    const nativeKeys = isBitcoinJsLib(bitcoinLib);
+    return {
+        Output,
+        parseKeyExpression,
+        expand,
+        ECPair: nativeKeys
+            ? // Expose full ECPairAPI typing only with native bitcoinjs adapter.
+                // In this branch ECPair comes from the real 'ecpair' package.
+                ECPair
+            : // Non-bitcoinjs adapters only implement the subset used internally.
+                // Expose a throwing proxy to prevent accidental external usage.
+                unsupportedKeyApi('ECPair'),
+        // Same behavior for BIP32: full API only for native bitcoinjs adapter.
+        BIP32: nativeKeys
+            ? BIP32
+            : unsupportedKeyApi('BIP32')
+    };
+}