@bitcoinerlab/descriptors 2.3.6 → 3.0.0

package/dist/ledger.js

@@ -36,15 +36,17 @@ exports.ledgerPolicyFromState = ledgerPolicyFromState;
  */
 const descriptors_1 = require("./descriptors");
 const bitcoinjs_lib_1 = require("bitcoinjs-lib");
+const uint8array_tools_1 = require("uint8array-tools");
+const networkUtils_1 = require("./networkUtils");
 const re_1 = require("./re");
 /**
- * Dynamically imports the 'ledger-bitcoin' module and, if provided, checks if `ledgerClient` is an instance of `AppClient`.
+ * Dynamically imports the '@ledgerhq/ledger-bitcoin' module and, if provided, checks if `ledgerClient` is an instance of `AppClient`.
  *
  * @async
  * @param {unknown} ledgerClient - An optional parameter that, if provided, is checked to see if it's an instance of `AppClient`.
  * @throws {Error} Throws an error if `ledgerClient` is provided but is not an instance of `AppClient`.
- * @throws {Error} Throws an error if the 'ledger-bitcoin' module cannot be imported. This typically indicates that the 'ledger-bitcoin' peer dependency is not installed.
- * @returns {Promise<unknown>} Returns a promise that resolves with the entire 'ledger-bitcoin' module if it can be successfully imported. We force it to return an unknown type so that the declaration of this function won't break projects that don't use ledger-bitcoin as dependency
+ * @throws {Error} Throws an error if the '@ledgerhq/ledger-bitcoin' module cannot be imported. This typically indicates that the '@ledgerhq/ledger-bitcoin' peer dependency is not installed.
+ * @returns {Promise<unknown>} Returns a promise that resolves with the entire '@ledgerhq/ledger-bitcoin' module if it can be successfully imported. We force it to return an unknown type so that the declaration of this function won't break projects that don't use @ledgerhq/ledger-bitcoin as dependency
  *
  * @example
  *
@@ -59,22 +61,22 @@ async function importAndValidateLedgerBitcoin(ledgerClient) {
     let ledgerBitcoinModule;
     try {
         // Originally, the code used dynamic imports:
-        // ledgerBitcoinModule = await import('ledger-bitcoin');
+        // ledgerBitcoinModule = await import('@ledgerhq/ledger-bitcoin');
         // However, in React Native with the Metro bundler, there's an issue with
         // recognizing dynamic imports inside try-catch blocks. For details, refer to:
         // https://github.com/react-native-community/discussions-and-proposals/issues/120
         // The dynamic import gets transpiled to:
-        // ledgerBitcoinModule = Promise.resolve().then(() => __importStar(require('ledger-bitcoin')));
+        // ledgerBitcoinModule = Promise.resolve().then(() => __importStar(require('@ledgerhq/ledger-bitcoin')));
         // Metro bundler fails to recognize the above as conditional. Hence, it tries
-        // to require 'ledger-bitcoin' unconditionally, leading to potential errors if
-        // 'ledger-bitcoin' is not installed (given it's an optional peerDependency).
+        // to require '@ledgerhq/ledger-bitcoin' unconditionally, leading to potential errors if
+        // '@ledgerhq/ledger-bitcoin' is not installed (given it's an optional peerDependency).
         // To bypass this, we directly use require:
         // eslint-disable-next-line @typescript-eslint/no-require-imports
-        ledgerBitcoinModule = require('ledger-bitcoin');
+        ledgerBitcoinModule = require('@ledgerhq/ledger-bitcoin');
     }
     catch (error) {
         void error;
-        throw new Error('Could not import "ledger-bitcoin". This is a peer dependency and needs to be installed explicitly. Please run "npm install ledger-bitcoin" to use Ledger Hardware Wallet functionality.');
+        throw new Error('Could not import "@ledgerhq/ledger-bitcoin". This is a peer dependency and needs to be installed explicitly. Please run "npm install @ledgerhq/ledger-bitcoin" to use Ledger Hardware Wallet functionality.');
     }
     const { AppClient } = ledgerBitcoinModule;
     if (ledgerClient !== undefined && !(ledgerClient instanceof AppClient)) {
@@ -129,8 +131,10 @@ function isLedgerStandard({ ledgerTemplate, keyRoots, network = bitcoinjs_lib_1.
     const originPath = keyRoots[0]?.match(re_1.reOriginPath)?.[1];
     if (!originPath)
         return false;
-    //Network is the 6th character: /44'/0'
-    if (originPath[5] !== (network === bitcoinjs_lib_1.networks.bitcoin ? '0' : '1'))
+    const originCoinType = originPath.match(/^\/\d+'\/([01])'/)?.[1];
+    if (!originCoinType)
+        return false;
+    if (originCoinType !== `${(0, networkUtils_1.coinTypeFromNetwork)(network)}`)
         return false;
     if ((ledgerTemplate === 'pkh(@0/**)' &&
         originPath.match(/^\/44'\/[01]'\/(\d+)'$/)) ||
@@ -143,32 +147,20 @@ function isLedgerStandard({ ledgerTemplate, keyRoots, network = bitcoinjs_lib_1.
         return true;
     return false;
 }
-/** @overload */
-async function getLedgerMasterFingerPrint({ ledgerClient, ledgerState, ledgerManager }) {
-    if (ledgerManager && (ledgerClient || ledgerState))
-        throw new Error(`ledgerClient and ledgerState have been deprecated`);
-    if (ledgerManager)
-        ({ ledgerClient, ledgerState } = ledgerManager);
-    if (!ledgerClient || !ledgerState)
-        throw new Error(`Could not retrieve ledgerClient or ledgerState`);
+async function getLedgerMasterFingerPrint({ ledgerManager }) {
+    const { ledgerClient, ledgerState } = ledgerManager;
     const { AppClient } = (await importAndValidateLedgerBitcoin(ledgerClient));
     if (!(ledgerClient instanceof AppClient))
         throw new Error(`Error: pass a valid ledgerClient`);
     let masterFingerprint = ledgerState.masterFingerprint;
     if (!masterFingerprint) {
-        masterFingerprint = Buffer.from(await ledgerClient.getMasterFingerprint(), 'hex');
+        masterFingerprint = (0, uint8array_tools_1.fromHex)(await ledgerClient.getMasterFingerprint());
         ledgerState.masterFingerprint = masterFingerprint;
     }
     return masterFingerprint;
 }
-/** @hidden */
-async function getLedgerXpub({ originPath, ledgerClient, ledgerState, ledgerManager }) {
-    if (ledgerManager && (ledgerClient || ledgerState))
-        throw new Error(`ledgerClient and ledgerState have been deprecated`);
-    if (ledgerManager)
-        ({ ledgerClient, ledgerState } = ledgerManager);
-    if (!ledgerClient || !ledgerState)
-        throw new Error(`Could not retrieve ledgerClient or ledgerState`);
+async function getLedgerXpub({ originPath, ledgerManager }) {
+    const { ledgerClient, ledgerState } = ledgerManager;
     const { AppClient } = (await importAndValidateLedgerBitcoin(ledgerClient));
     if (!(ledgerClient instanceof AppClient))
         throw new Error(`Error: pass a valid ledgerClient`);
@@ -199,7 +191,7 @@ async function getLedgerXpub({ originPath, ledgerClient, ledgerState, ledgerMana
  * All considerations in the header of this file are applied
  */
 async function ledgerPolicyFromPsbtInput({ ledgerManager, psbt, index }) {
-    const { ledgerState, ledgerClient, ecc, network } = ledgerManager;
+    const { ledgerState, ecc, network } = ledgerManager;
     const { Output } = (0, descriptors_1.DescriptorsFactory)(ecc);
     const input = psbt.data.inputs[index];
     if (!input)
@@ -209,28 +201,31 @@ async function ledgerPolicyFromPsbtInput({ ledgerManager, psbt, index }) {
         const vout = psbt.txInputs[index]?.index;
         if (vout === undefined)
             throw new Error(`Could not extract vout from nonWitnessUtxo for input ${index}.`);
-        scriptPubKey = bitcoinjs_lib_1.Transaction.fromBuffer(input.nonWitnessUtxo).outs[vout]
-            ?.script;
+        const nonWitnessScript = bitcoinjs_lib_1.Transaction.fromBuffer(input.nonWitnessUtxo).outs[vout]?.script;
+        scriptPubKey = nonWitnessScript;
     }
     else if (input.witnessUtxo) {
         scriptPubKey = input.witnessUtxo.script;
     }
     if (!scriptPubKey)
         throw new Error(`Could not retrieve scriptPubKey for input ${index}.`);
-    const bip32Derivations = input.bip32Derivation;
-    if (!bip32Derivations || !bip32Derivations.length)
-        throw new Error(`Input ${index} does not contain bip32 derivations.`);
+    const keyDerivations = [
+        ...(input.bip32Derivation || []),
+        ...(input.tapBip32Derivation || [])
+    ];
+    if (keyDerivations.length === 0)
+        throw new Error(`Input ${index} does not contain bip32 or tapBip32 derivations.`);
     const ledgerMasterFingerprint = await getLedgerMasterFingerPrint({
         ledgerManager
     });
-    for (const bip32Derivation of bip32Derivations) {
+    for (const keyDerivation of keyDerivations) {
         //get the keyRoot and keyPath. If it matches one of our policies then
         //we are still not sure this is the policy that must be used yet
         //So we must use the template and the keyRoot of each policy and compute the
         //scriptPubKey:
-        if (Buffer.compare(bip32Derivation.masterFingerprint, ledgerMasterFingerprint) === 0) {
+        if ((0, uint8array_tools_1.compare)(keyDerivation.masterFingerprint, ledgerMasterFingerprint) === 0) {
             // Match /m followed by n consecutive hardened levels and then 2 consecutive unhardened levels:
-            const match = bip32Derivation.path.match(/m((\/\d+['hH])*)(\/\d+\/\d+)?/);
+            const match = keyDerivation.path.match(/m((\/\d+['hH])*)(\/\d+\/\d+)?/);
             const originPath = match ? match[1] : undefined; //n consecutive hardened levels
             const keyPath = match ? match[3] : undefined; //2 unhardened levels or undefined
             if (originPath && keyPath) {
@@ -239,7 +234,7 @@ async function ledgerPolicyFromPsbtInput({ ledgerManager, psbt, index }) {
                     throw new Error(`keyPath ${keyPath} incorrectly extracted`);
                 const change = parseInt(strChange, 10);
                 const index = parseInt(strIndex, 10);
-                const coinType = network === bitcoinjs_lib_1.networks.bitcoin ? 0 : 1;
+                const coinType = (0, networkUtils_1.coinTypeFromNetwork)(network);
                 //standard policy candidate. This policy will be added to the pool
                 //of policies below and check if it produces the correct scriptPubKey
                 let standardPolicy;
@@ -254,15 +249,11 @@ async function ledgerPolicyFromPsbtInput({ ledgerManager, psbt, index }) {
                                     ? 'tr(@0/**)'
                                     : undefined;
                     if (standardTemplate) {
-                        const xpub = await getLedgerXpub({
-                            originPath,
-                            ledgerClient,
-                            ledgerState
-                        });
+                        const xpub = await getLedgerXpub({ originPath, ledgerManager });
                         standardPolicy = {
                             ledgerTemplate: standardTemplate,
                             keyRoots: [
-                                `[${ledgerMasterFingerprint.toString('hex')}${originPath}]${xpub}`
+                                `[${(0, uint8array_tools_1.toHex)(ledgerMasterFingerprint)}${originPath}]${xpub}`
                             ]
                         };
                     }
@@ -310,8 +301,12 @@ async function ledgerPolicyFromPsbtInput({ ledgerManager, psbt, index }) {
                                 else
                                     descriptor = undefined;
                             }
-                            else
-                                descriptor = undefined;
+                            else {
+                                // Keys without origin info are treated as external by Ledger
+                                // and are allowed in policy matching.
+                                if (descriptor)
+                                    descriptor = descriptor.replace(new RegExp(`@${i}`, 'g'), keyRoot);
+                            }
                         }
                         //verify the scriptPubKey from the input vs. the one obtained from
                         //the policy after having filled in the keyPath in the template
@@ -320,7 +315,7 @@ async function ledgerPolicyFromPsbtInput({ ledgerManager, psbt, index }) {
                                 descriptor,
                                 network
                             }).getScriptPubKey();
-                            if (Buffer.compare(policyScriptPubKey, scriptPubKey) === 0) {
+                            if ((0, uint8array_tools_1.compare)(policyScriptPubKey, scriptPubKey) === 0) {
                                 return policy;
                             }
                         }
@@ -358,14 +353,52 @@ async function ledgerPolicyFromPsbtInput({ ledgerManager, psbt, index }) {
  * This function takes into account all the considerations regarding Ledger
  * policy implementation details expressed in the header of this file.
  */
-async function ledgerPolicyFromOutput({ output, ledgerClient, ledgerState }) {
-    const expandedExpression = output.expand().expandedExpression;
-    const expansionMap = output.expand().expansionMap;
+async function ledgerPolicyFromOutput({ output, ledgerManager }) {
+    const expanded = output.expand();
+    let expandedExpression = expanded.expandedExpression;
+    const expansionMap = expanded.expansionMap
+        ? { ...expanded.expansionMap }
+        : undefined;
+    // Taproot script-path keys are expanded in tapTreeInfo leaf expansion maps,
+    // not in the top-level expansionMap. For ledger policy derivation we remap
+    // leaf-local placeholders to global placeholders and merge all leaf keys into
+    // the top-level expansionMap.
+    if (expandedExpression?.startsWith('tr(@0,') &&
+        expansionMap &&
+        expanded.tapTreeInfo) {
+        const keyExpressionToGlobalPlaceholder = new Map(Object.entries(expansionMap).map(([placeholder, keyInfo]) => [
+            keyInfo.keyExpression,
+            placeholder
+        ]));
+        let nextPlaceholderIndex = Object.keys(expansionMap).length;
+        const globalPlaceholderFor = (keyInfo) => {
+            const existing = keyExpressionToGlobalPlaceholder.get(keyInfo.keyExpression);
+            if (existing)
+                return existing;
+            const placeholder = `@${nextPlaceholderIndex}`;
+            nextPlaceholderIndex += 1;
+            keyExpressionToGlobalPlaceholder.set(keyInfo.keyExpression, placeholder);
+            expansionMap[placeholder] = keyInfo;
+            return placeholder;
+        };
+        const remapTapTree = (node) => {
+            if ('miniscript' in node) {
+                let remappedMiniscript = node.expandedMiniscript;
+                const localEntries = Object.entries(node.expansionMap).sort(([placeholderA], [placeholderB]) => placeholderB.length - placeholderA.length);
+                for (const [localPlaceholder, keyInfo] of localEntries) {
+                    const globalPlaceholder = globalPlaceholderFor(keyInfo);
+                    remappedMiniscript = remappedMiniscript.replaceAll(localPlaceholder, globalPlaceholder);
+                }
+                return remappedMiniscript;
+            }
+            return `{${remapTapTree(node.left)},${remapTapTree(node.right)}}`;
+        };
+        expandedExpression = `tr(@0,${remapTapTree(expanded.tapTreeInfo)})`;
+    }
     if (!expandedExpression || !expansionMap)
         throw new Error(`Error: invalid output`);
     const ledgerMasterFingerprint = await getLedgerMasterFingerPrint({
-        ledgerClient,
-        ledgerState
+        ledgerManager
     });
     //It's important to have keys sorted in ascii order. keys
     //are of this type: @0, @1, @2, ....  and they also appear in the expandedExpression
@@ -375,7 +408,7 @@ async function ledgerPolicyFromOutput({ output, ledgerClient, ledgerState }) {
     const ledgerKeys = allKeys.filter(key => {
         const masterFingerprint = expansionMap[key]?.masterFingerprint;
         return (masterFingerprint &&
-            Buffer.compare(masterFingerprint, ledgerMasterFingerprint) === 0);
+            (0, uint8array_tools_1.compare)(masterFingerprint, ledgerMasterFingerprint) === 0);
     });
     if (ledgerKeys.length === 0)
         return null;
@@ -412,52 +445,42 @@ async function ledgerPolicyFromOutput({ output, ledgerClient, ledgerState }) {
         ledgerTemplate = ledgerTemplate.replaceAll(key, `@${keyRoots.length}/**`);
         const keyInfo = expansionMap[key];
         if (keyInfo.masterFingerprint && keyInfo.originPath)
-            keyRoots.push(`[${keyInfo.masterFingerprint?.toString('hex')}${keyInfo.originPath}]${keyInfo?.bip32?.neutered().toBase58()}`);
+            keyRoots.push(`[${(0, uint8array_tools_1.toHex)(keyInfo.masterFingerprint)}${keyInfo.originPath}]${keyInfo?.bip32?.neutered().toBase58()}`);
         else
             keyRoots.push(`${keyInfo?.bip32?.neutered().toBase58()}`);
     });
     return { ledgerTemplate, keyRoots };
 }
 /**
- * To be removed in v3.0 and replaced by a version that does not accept
- * descriptors
- * @overload
- **/
-async function registerLedgerWallet({ descriptor, ledgerClient, ledgerState, ledgerManager, policyName }) {
-    if (typeof descriptor !== 'string' && ledgerManager)
-        throw new Error(`Invalid usage: descriptor must be a string`);
-    if (ledgerManager && (ledgerClient || ledgerState))
-        throw new Error(`Invalid usage: either ledgerManager or ledgerClient + ledgerState`);
-    if (ledgerManager)
-        ({ ledgerClient, ledgerState } = ledgerManager);
-    if (!ledgerClient)
-        throw new Error(`ledgerManager not provided`);
-    if (!ledgerState)
-        throw new Error(`ledgerManager not provided`);
+ * Registers a policy based on a provided descriptor.
+ *
+ * This function will:
+ * 1. Store the policy in `ledgerState` inside the `ledgerManager`.
+ * 2. Avoid re-registering if the policy was previously registered.
+ * 3. Skip registration if the policy is considered "standard".
+ *
+ * It's important to understand the nature of the Ledger Policy being registered:
+ * - While a descriptor might point to a specific output index of a particular change address,
+ *   the corresponding Ledger Policy abstracts this and represents potential outputs for
+ *   all addresses (both external and internal).
+ * - This means that the registered Ledger Policy is a generalized version of the descriptor,
+ *   not assuming specific values for the keyPath.
+ */
+async function registerLedgerWallet({ descriptor, ledgerManager, policyName }) {
+    const { ledgerClient, ledgerState, ecc, network } = ledgerManager;
     const { WalletPolicy, AppClient } = (await importAndValidateLedgerBitcoin(ledgerClient));
     if (!(ledgerClient instanceof AppClient))
         throw new Error(`Error: pass a valid ledgerClient`);
-    let output;
-    if (typeof descriptor === 'string') {
-        if (!ledgerManager)
-            throw new Error(`ledgerManager not provided`);
-        const { Output } = (0, descriptors_1.DescriptorsFactory)(ledgerManager.ecc);
-        output = new Output({
-            descriptor,
-            ...(descriptor.includes('*') ? { index: 0 } : {}), //if ranged set any index
-            network: ledgerManager.network
-        });
-    }
-    else
-        output = descriptor;
-    if (await ledgerPolicyFromStandard({ output, ledgerClient, ledgerState }))
-        return;
-    const result = await ledgerPolicyFromOutput({
-        output,
-        ledgerClient,
-        ledgerState
+    const { Output } = (0, descriptors_1.DescriptorsFactory)(ecc);
+    const output = new Output({
+        descriptor,
+        ...(descriptor.includes('*') ? { index: 0 } : {}), //if ranged set any index
+        network
     });
-    if (await ledgerPolicyFromStandard({ output, ledgerClient, ledgerState }))
+    if (await ledgerPolicyFromStandard({ output, ledgerManager }))
+        return;
+    const result = await ledgerPolicyFromOutput({ output, ledgerManager });
+    if (await ledgerPolicyFromStandard({ output, ledgerManager }))
         return;
     if (!result)
         throw new Error(`Error: output does not have a ledger input`);
@@ -466,11 +489,7 @@ async function registerLedgerWallet({ descriptor, ledgerClient, ledgerState, led
         ledgerState.policies = [];
     let walletPolicy, policyHmac;
     //Search in ledgerState first
-    const policy = await ledgerPolicyFromState({
-        output,
-        ledgerClient,
-        ledgerState
-    });
+    const policy = await ledgerPolicyFromState({ output, ledgerManager });
     if (policy) {
         if (policy.policyName !== policyName)
             throw new Error(`Error: policy was already registered with a different name: ${policy.policyName}`);
@@ -493,11 +512,10 @@ async function registerLedgerWallet({ descriptor, ledgerClient, ledgerState, led
 /**
  * Retrieve a standard ledger policy or null if it does correspond.
  **/
-async function ledgerPolicyFromStandard({ output, ledgerClient, ledgerState }) {
+async function ledgerPolicyFromStandard({ output, ledgerManager }) {
     const result = await ledgerPolicyFromOutput({
         output,
-        ledgerClient,
-        ledgerState
+        ledgerManager
     });
     if (!result)
         throw new Error(`Error: descriptor does not have a ledger input`);
@@ -528,11 +546,11 @@ function comparePolicies(policyA, policyB) {
 /**
  * Retrieve a ledger policy from ledgerState or null if it does not exist yet.
  **/
-async function ledgerPolicyFromState({ output, ledgerClient, ledgerState }) {
+async function ledgerPolicyFromState({ output, ledgerManager }) {
+    const { ledgerState } = ledgerManager;
     const result = await ledgerPolicyFromOutput({
         output,
-        ledgerClient,
-        ledgerState
+        ledgerManager
     });
     if (!result)
         throw new Error(`Error: output does not have a ledger input`);

package/dist/miniscript.d.ts

@@ -1,7 +1,7 @@
 import { Network } from 'bitcoinjs-lib';
 import type { ECPairAPI } from 'ecpair';
 import type { BIP32API } from 'bip32';
-import type { PartialSig } from 'bip174/src/lib/interfaces';
+import type { PartialSig } from 'bip174';
 import type { Preimage, TimeConstraints, ExpansionMap } from './types';
 /**
  * Expand a miniscript to a generalized form using variables instead of key
@@ -21,10 +21,11 @@ export declare function expandMiniscript({ miniscript, isSegwit, isTaproot, netw
     expandedMiniscript: string;
     expansionMap: ExpansionMap;
 };
-export declare function miniscript2Script({ expandedMiniscript, expansionMap }: {
+export declare function miniscript2Script({ expandedMiniscript, expansionMap, tapscript }: {
     expandedMiniscript: string;
     expansionMap: ExpansionMap;
-}): Buffer;
+    tapscript?: boolean;
+}): Uint8Array;
 /**
  * Assumptions:
  * The attacker does not have access to any of the private keys of public keys
@@ -36,19 +37,32 @@ export declare function miniscript2Script({ expandedMiniscript, expansionMap }:
  * Pass timeConstraints to search for the first solution with this nLockTime and
  * nSequence. Throw if no solution is possible using these constraints.
  *
+ * Time constraints are used to keep the chosen satisfaction stable between the
+ * planning pass (fake signatures) and the signing pass (real signatures).
+ * We run the satisfier once with fake signatures to discover the implied
+ * nLockTime/nSequence without requiring user signatures. If real signatures
+ * had the same length, the satisfier would typically pick the same
+ * minimal-weight solution again. But ECDSA signature sizes can vary (71–73
+ * bytes), which may change which solution is considered "smallest".
+ *
+ * Passing the previously derived timeConstraints in the second pass forces the
+ * same solution to be selected, ensuring locktime/sequence do not change
+ * between planning and finalization.
+ *
  * Don't pass timeConstraints (this is the default) if you want to get the
  * smallest size solution altogether.
  *
  * If a solution is not found this function throws.
  */
-export declare function satisfyMiniscript({ expandedMiniscript, expansionMap, signatures, preimages, timeConstraints }: {
+export declare function satisfyMiniscript({ expandedMiniscript, expansionMap, signatures, preimages, timeConstraints, tapscript }: {
     expandedMiniscript: string;
     expansionMap: ExpansionMap;
     signatures?: PartialSig[];
     preimages?: Preimage[];
     timeConstraints?: TimeConstraints;
+    tapscript?: boolean;
 }): {
-    scriptSatisfaction: Buffer;
+    scriptSatisfaction: Uint8Array;
     nLockTime: number | undefined;
     nSequence: number | undefined;
 };
@@ -78,7 +92,7 @@ export declare function satisfyMiniscript({ expandedMiniscript, expansionMap, si
  * However, the `0` number is an edge case that we specially handle with this
  * function.
  *
- * bitcoinjs-lib's `bscript.number.encode(0)` produces an empty Buffer.
+ * bitcoinjs-lib's `bscript.number.encode(0)` produces an empty array.
  * This is what the Bitcoin interpreter does and it is what `script.number.encode` was
  * implemented to do.
  *

package/dist/miniscript.js

@@ -43,6 +43,7 @@ const bitcoinjs_lib_1 = require("bitcoinjs-lib");
 const keyExpressions_1 = require("./keyExpressions");
 const RE = __importStar(require("./re"));
 const miniscript_1 = require("@bitcoinerlab/miniscript");
+const uint8array_tools_1 = require("uint8array-tools");
 /**
  * Expand a miniscript to a generalized form using variables instead of key
  * expressions. Variables will be of this form: @0, @1, ...
@@ -51,24 +52,50 @@ const miniscript_1 = require("@bitcoinerlab/miniscript");
  * Also compute pubkeys from descriptors to use them later.
  */
 function expandMiniscript({ miniscript, isSegwit, isTaproot, network = bitcoinjs_lib_1.networks.bitcoin, ECPair, BIP32 }) {
-    if (isTaproot)
-        throw new Error('Taproot miniscript not yet supported.');
     const reKeyExp = isTaproot
         ? RE.reTaprootKeyExp
         : isSegwit
             ? RE.reSegwitKeyExp
             : RE.reNonSegwitKeyExp;
     const expansionMap = {};
-    const expandedMiniscript = miniscript.replace(RegExp(reKeyExp, 'g'), (keyExpression) => {
-        const key = '@' + Object.keys(expansionMap).length;
+    let keyIndex = 0;
+    const keyExpressionRegex = new RegExp(String.raw `^${reKeyExp}$`);
+    const replaceKeyExpression = (keyExpression) => {
+        const trimmed = keyExpression.trim();
+        if (!trimmed)
+            throw new Error(`Error: expected a keyExpression but got ${keyExpression}`);
+        if (!keyExpressionRegex.test(trimmed))
+            throw new Error(`Error: expected a keyExpression but got ${trimmed}`);
+        const key = `@${keyIndex}`;
+        keyIndex += 1;
         expansionMap[key] = (0, keyExpressions_1.parseKeyExpression)({
-            keyExpression,
+            keyExpression: trimmed,
             isSegwit,
+            isTaproot,
             network,
             ECPair,
             BIP32
         });
         return key;
+    };
+    //These are the fragments where keys are allowed. Note that we only look
+    //inside these fragments to avoid problems in pregimages like sha256 which can
+    //contain hex values which could be confussed with a key
+    const keyFragmentRegex = /\b(pk|pkh|sortedmulti_a|sortedmulti|multi_a|multi)\(([^()]*)\)/g;
+    const expandedMiniscript = miniscript.replace(keyFragmentRegex, (_, name, inner) => {
+        if (name === 'pk' || name === 'pkh')
+            return `${name}(${replaceKeyExpression(inner)})`;
+        //now do *multi* which has arguments:
+        const parts = inner.split(',').map(part => part.trim());
+        if (parts.length < 2)
+            throw new Error(`Error: invalid miniscript ${miniscript} (missing keys)`);
+        const k = parts[0] ?? '';
+        if (!k)
+            throw new Error(`Error: invalid miniscript ${miniscript} (missing threshold)`);
+        const replacedKeys = parts
+            .slice(1)
+            .map(keyExpression => replaceKeyExpression(keyExpression));
+        return `${name}(${[k, ...replacedKeys].join(',')})`;
     });
     //Do some assertions. Miniscript must not have duplicate keys, also all
     //keyExpressions must produce a valid pubkey (unless it's ranged and we want
@@ -78,7 +105,7 @@ function expandMiniscript({ miniscript, isSegwit, isTaproot, network = bitcoinjs
         .map(keyInfo => {
         if (!keyInfo.pubkey)
             throw new Error(`Error: keyExpression ${keyInfo.keyExpression} does not have a pubkey`);
-        return keyInfo.pubkey.toString('hex');
+        return (0, uint8array_tools_1.toHex)(keyInfo.pubkey);
     });
     if (new Set(pubkeysHex).size !== pubkeysHex.length) {
         throw new Error(`Error: miniscript ${miniscript} is not sane: contains duplicate public keys.`);
@@ -100,8 +127,8 @@ function substituteAsm({ expandedAsm, expansionMap }) {
             throw new Error(`Error: invalid expansionMap for ${key}`);
         }
         return accAsm
-            .replaceAll(`<${key}>`, `<${pubkey.toString('hex')}>`)
-            .replaceAll(`<HASH160(${key})>`, `<${bitcoinjs_lib_1.crypto.hash160(pubkey).toString('hex')}>`);
+            .replaceAll(`<${key}>`, `<${(0, uint8array_tools_1.toHex)(pubkey)}>`)
+            .replaceAll(`<HASH160(${key})>`, `<${(0, uint8array_tools_1.toHex)(bitcoinjs_lib_1.crypto.hash160(pubkey))}>`);
     }, expandedAsm);
     //Now clean it and prepare it so that fromASM can be called:
     asm = asm
@@ -119,8 +146,8 @@ function substituteAsm({ expandedAsm, expansionMap }) {
         .replace(/[<>]/g, '');
     return asm;
 }
-function miniscript2Script({ expandedMiniscript, expansionMap }) {
-    const compiled = (0, miniscript_1.compileMiniscript)(expandedMiniscript);
+function miniscript2Script({ expandedMiniscript, expansionMap, tapscript = false }) {
+    const compiled = (0, miniscript_1.compileMiniscript)(expandedMiniscript, { tapscript });
     if (compiled.issane !== true) {
         throw new Error(`Error: Miniscript ${expandedMiniscript} is not sane`);
     }
@@ -137,12 +164,24 @@ function miniscript2Script({ expandedMiniscript, expansionMap }) {
  * Pass timeConstraints to search for the first solution with this nLockTime and
  * nSequence. Throw if no solution is possible using these constraints.
  *
+ * Time constraints are used to keep the chosen satisfaction stable between the
+ * planning pass (fake signatures) and the signing pass (real signatures).
+ * We run the satisfier once with fake signatures to discover the implied
+ * nLockTime/nSequence without requiring user signatures. If real signatures
+ * had the same length, the satisfier would typically pick the same
+ * minimal-weight solution again. But ECDSA signature sizes can vary (71–73
+ * bytes), which may change which solution is considered "smallest".
+ *
+ * Passing the previously derived timeConstraints in the second pass forces the
+ * same solution to be selected, ensuring locktime/sequence do not change
+ * between planning and finalization.
+ *
  * Don't pass timeConstraints (this is the default) if you want to get the
  * smallest size solution altogether.
  *
  * If a solution is not found this function throws.
  */
-function satisfyMiniscript({ expandedMiniscript, expansionMap, signatures = [], preimages = [], timeConstraints }) {
+function satisfyMiniscript({ expandedMiniscript, expansionMap, signatures = [], preimages = [], timeConstraints, tapscript = false }) {
     //convert 'sha256(6c...33)' to: { ['<sha256_preimage(6c...33)>']: '10...5f'}
     const preimageMap = {};
     preimages.forEach(preimage => {
@@ -153,15 +192,18 @@ function satisfyMiniscript({ expandedMiniscript, expansionMap, signatures = [],
     //get the keyExpressions: @0, @1 from the keys in expansionMap
     const expandedSignatureMap = {};
     signatures.forEach(signature => {
-        const pubkeyHex = signature.pubkey.toString('hex');
-        const keyExpression = Object.keys(expansionMap).find(k => expansionMap[k]?.pubkey?.toString('hex') === pubkeyHex);
+        const pubkeyHex = (0, uint8array_tools_1.toHex)(signature.pubkey);
+        const keyExpression = Object.keys(expansionMap).find(k => expansionMap[k]?.pubkey && (0, uint8array_tools_1.toHex)(expansionMap[k].pubkey) === pubkeyHex);
         expandedSignatureMap['<sig(' + keyExpression + ')>'] =
-            '<' + signature.signature.toString('hex') + '>';
+            '<' + (0, uint8array_tools_1.toHex)(signature.signature) + '>';
     });
     const expandedKnownsMap = { ...preimageMap, ...expandedSignatureMap };
     const knowns = Object.keys(expandedKnownsMap);
     //satisfier verifies again internally whether expandedKnownsMap with given knowns is sane
-    const { nonMalleableSats } = (0, miniscript_1.satisfier)(expandedMiniscript, { knowns });
+    const { nonMalleableSats } = (0, miniscript_1.satisfier)(expandedMiniscript, {
+        knowns,
+        tapscript
+    });
     if (!Array.isArray(nonMalleableSats) || !nonMalleableSats[0])
         throw new Error(`Error: unresolvable miniscript ${expandedMiniscript}`);
     let sat;
@@ -218,7 +260,7 @@ function satisfyMiniscript({ expandedMiniscript, expansionMap, signatures = [],
  * However, the `0` number is an edge case that we specially handle with this
  * function.
  *
- * bitcoinjs-lib's `bscript.number.encode(0)` produces an empty Buffer.
+ * bitcoinjs-lib's `bscript.number.encode(0)` produces an empty array.
  * This is what the Bitcoin interpreter does and it is what `script.number.encode` was
  * implemented to do.
  *
@@ -254,5 +296,5 @@ function numberEncodeAsm(number) {
         return 'OP_0';
     }
     else
-        return bitcoinjs_lib_1.script.number.encode(number).toString('hex');
+        return (0, uint8array_tools_1.toHex)(bitcoinjs_lib_1.script.number.encode(number));
 }

package/dist/multipath.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Resolves all multipath tuple segments (for example `/<0;1>/*`) in lockstep
+ * using the provided `change` value.
+ *
+ * - `/**` is first canonicalized to `/<0;1>/*`.
+ * - All tuples in the descriptor must have the same cardinality.
+ * - Tuple values must be strictly increasing decimal numbers.
+ * - `change` must match one of the values in each tuple.
+ */
+export declare function resolveMultipathDescriptor({ descriptor, change }: {
+    descriptor: string;
+    change?: number;
+}): string;