@bitcoinerlab/descriptors 2.3.6 → 3.0.1

package/dist/miniscript.js

@@ -43,6 +43,7 @@ const bitcoinjs_lib_1 = require("bitcoinjs-lib");
 const keyExpressions_1 = require("./keyExpressions");
 const RE = __importStar(require("./re"));
 const miniscript_1 = require("@bitcoinerlab/miniscript");
+const uint8array_tools_1 = require("uint8array-tools");
 /**
  * Expand a miniscript to a generalized form using variables instead of key
  * expressions. Variables will be of this form: @0, @1, ...
@@ -51,24 +52,55 @@ const miniscript_1 = require("@bitcoinerlab/miniscript");
  * Also compute pubkeys from descriptors to use them later.
  */
 function expandMiniscript({ miniscript, isSegwit, isTaproot, network = bitcoinjs_lib_1.networks.bitcoin, ECPair, BIP32 }) {
-    if (isTaproot)
-        throw new Error('Taproot miniscript not yet supported.');
     const reKeyExp = isTaproot
         ? RE.reTaprootKeyExp
         : isSegwit
             ? RE.reSegwitKeyExp
             : RE.reNonSegwitKeyExp;
     const expansionMap = {};
-    const expandedMiniscript = miniscript.replace(RegExp(reKeyExp, 'g'), (keyExpression) => {
-        const key = '@' + Object.keys(expansionMap).length;
+    let keyIndex = 0;
+    const keyExpressionRegex = new RegExp(String.raw `^${reKeyExp}$`);
+    const replaceKeyExpression = (keyExpression) => {
+        const trimmed = keyExpression.trim();
+        if (!trimmed)
+            throw new Error(`Error: expected a keyExpression but got ${keyExpression}`);
+        if (!keyExpressionRegex.test(trimmed))
+            throw new Error(`Error: expected a keyExpression but got ${trimmed}`);
+        const key = `@${keyIndex}`;
+        keyIndex += 1;
         expansionMap[key] = (0, keyExpressions_1.parseKeyExpression)({
-            keyExpression,
+            keyExpression: trimmed,
             isSegwit,
+            isTaproot,
             network,
             ECPair,
             BIP32
         });
         return key;
+    };
+    // These are the Miniscript fragments where key arguments are expected.
+    // We only replace key expressions inside these fragments to avoid confusing
+    // hash preimages (e.g. sha256(03...)) with keys.
+    //
+    // Note: sorted script expressions (`sortedmulti`, `sortedmulti_a`) are
+    // intentionally excluded here. They are descriptor-level expressions (not
+    // Miniscript fragments) and are handled in descriptor/tap-tree code paths
+    // before Miniscript compilation.
+    const keyBearingFragmentRegex = /\b(pk|pkh|multi_a|multi)\(([^()]*)\)/g;
+    const expandedMiniscript = miniscript.replace(keyBearingFragmentRegex, (_, name, inner) => {
+        if (name === 'pk' || name === 'pkh')
+            return `${name}(${replaceKeyExpression(inner)})`;
+        //now do *multi* which has arguments:
+        const parts = inner.split(',').map(part => part.trim());
+        if (parts.length < 2)
+            throw new Error(`Error: invalid miniscript ${miniscript} (missing keys)`);
+        const k = parts[0] ?? '';
+        if (!k)
+            throw new Error(`Error: invalid miniscript ${miniscript} (missing threshold)`);
+        const replacedKeys = parts
+            .slice(1)
+            .map(keyExpression => replaceKeyExpression(keyExpression));
+        return `${name}(${[k, ...replacedKeys].join(',')})`;
     });
     //Do some assertions. Miniscript must not have duplicate keys, also all
     //keyExpressions must produce a valid pubkey (unless it's ranged and we want
@@ -78,7 +110,7 @@ function expandMiniscript({ miniscript, isSegwit, isTaproot, network = bitcoinjs
         .map(keyInfo => {
         if (!keyInfo.pubkey)
             throw new Error(`Error: keyExpression ${keyInfo.keyExpression} does not have a pubkey`);
-        return keyInfo.pubkey.toString('hex');
+        return (0, uint8array_tools_1.toHex)(keyInfo.pubkey);
     });
     if (new Set(pubkeysHex).size !== pubkeysHex.length) {
         throw new Error(`Error: miniscript ${miniscript} is not sane: contains duplicate public keys.`);
@@ -100,8 +132,8 @@ function substituteAsm({ expandedAsm, expansionMap }) {
             throw new Error(`Error: invalid expansionMap for ${key}`);
         }
         return accAsm
-            .replaceAll(`<${key}>`, `<${pubkey.toString('hex')}>`)
-            .replaceAll(`<HASH160(${key})>`, `<${bitcoinjs_lib_1.crypto.hash160(pubkey).toString('hex')}>`);
+            .replaceAll(`<${key}>`, `<${(0, uint8array_tools_1.toHex)(pubkey)}>`)
+            .replaceAll(`<HASH160(${key})>`, `<${(0, uint8array_tools_1.toHex)(bitcoinjs_lib_1.crypto.hash160(pubkey))}>`);
     }, expandedAsm);
     //Now clean it and prepare it so that fromASM can be called:
     asm = asm
@@ -119,8 +151,8 @@ function substituteAsm({ expandedAsm, expansionMap }) {
         .replace(/[<>]/g, '');
     return asm;
 }
-function miniscript2Script({ expandedMiniscript, expansionMap }) {
-    const compiled = (0, miniscript_1.compileMiniscript)(expandedMiniscript);
+function miniscript2Script({ expandedMiniscript, expansionMap, tapscript = false }) {
+    const compiled = (0, miniscript_1.compileMiniscript)(expandedMiniscript, { tapscript });
     if (compiled.issane !== true) {
         throw new Error(`Error: Miniscript ${expandedMiniscript} is not sane`);
     }
@@ -137,12 +169,24 @@ function miniscript2Script({ expandedMiniscript, expansionMap }) {
  * Pass timeConstraints to search for the first solution with this nLockTime and
  * nSequence. Throw if no solution is possible using these constraints.
  *
+ * Time constraints are used to keep the chosen satisfaction stable between the
+ * planning pass (fake signatures) and the signing pass (real signatures).
+ * We run the satisfier once with fake signatures to discover the implied
+ * nLockTime/nSequence without requiring user signatures. If real signatures
+ * had the same length, the satisfier would typically pick the same
+ * minimal-weight solution again. But ECDSA signature sizes can vary (71–73
+ * bytes), which may change which solution is considered "smallest".
+ *
+ * Passing the previously derived timeConstraints in the second pass forces the
+ * same solution to be selected, ensuring locktime/sequence do not change
+ * between planning and finalization.
+ *
  * Don't pass timeConstraints (this is the default) if you want to get the
  * smallest size solution altogether.
  *
  * If a solution is not found this function throws.
  */
-function satisfyMiniscript({ expandedMiniscript, expansionMap, signatures = [], preimages = [], timeConstraints }) {
+function satisfyMiniscript({ expandedMiniscript, expansionMap, signatures = [], preimages = [], timeConstraints, tapscript = false }) {
     //convert 'sha256(6c...33)' to: { ['<sha256_preimage(6c...33)>']: '10...5f'}
     const preimageMap = {};
     preimages.forEach(preimage => {
@@ -153,15 +197,18 @@ function satisfyMiniscript({ expandedMiniscript, expansionMap, signatures = [],
     //get the keyExpressions: @0, @1 from the keys in expansionMap
     const expandedSignatureMap = {};
     signatures.forEach(signature => {
-        const pubkeyHex = signature.pubkey.toString('hex');
-        const keyExpression = Object.keys(expansionMap).find(k => expansionMap[k]?.pubkey?.toString('hex') === pubkeyHex);
+        const pubkeyHex = (0, uint8array_tools_1.toHex)(signature.pubkey);
+        const keyExpression = Object.keys(expansionMap).find(k => expansionMap[k]?.pubkey && (0, uint8array_tools_1.toHex)(expansionMap[k].pubkey) === pubkeyHex);
         expandedSignatureMap['<sig(' + keyExpression + ')>'] =
-            '<' + signature.signature.toString('hex') + '>';
+            '<' + (0, uint8array_tools_1.toHex)(signature.signature) + '>';
     });
     const expandedKnownsMap = { ...preimageMap, ...expandedSignatureMap };
     const knowns = Object.keys(expandedKnownsMap);
     //satisfier verifies again internally whether expandedKnownsMap with given knowns is sane
-    const { nonMalleableSats } = (0, miniscript_1.satisfier)(expandedMiniscript, { knowns });
+    const { nonMalleableSats } = (0, miniscript_1.satisfier)(expandedMiniscript, {
+        knowns,
+        tapscript
+    });
     if (!Array.isArray(nonMalleableSats) || !nonMalleableSats[0])
         throw new Error(`Error: unresolvable miniscript ${expandedMiniscript}`);
     let sat;
@@ -218,7 +265,7 @@ function satisfyMiniscript({ expandedMiniscript, expansionMap, signatures = [],
  * However, the `0` number is an edge case that we specially handle with this
  * function.
  *
- * bitcoinjs-lib's `bscript.number.encode(0)` produces an empty Buffer.
+ * bitcoinjs-lib's `bscript.number.encode(0)` produces an empty array.
  * This is what the Bitcoin interpreter does and it is what `script.number.encode` was
  * implemented to do.
  *
@@ -254,5 +301,5 @@ function numberEncodeAsm(number) {
         return 'OP_0';
     }
     else
-        return bitcoinjs_lib_1.script.number.encode(number).toString('hex');
+        return (0, uint8array_tools_1.toHex)(bitcoinjs_lib_1.script.number.encode(number));
 }

package/dist/multipath.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Resolves all multipath tuple segments (for example `/<0;1>/*`) in lockstep
+ * using the provided `change` value.
+ *
+ * - `/**` is first canonicalized to `/<0;1>/*`.
+ * - All tuples in the descriptor must have the same cardinality.
+ * - Tuple values must be strictly increasing decimal numbers.
+ * - `change` must match one of the values in each tuple.
+ */
+export declare function resolveMultipathDescriptor({ descriptor, change }: {
+    descriptor: string;
+    change?: number;
+}): string;

package/dist/multipath.js

@@ -0,0 +1,76 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolveMultipathDescriptor = resolveMultipathDescriptor;
+/**
+ * Replaces the receive/change shorthand `/**` with its canonical multipath
+ * representation `/<0;1>/*`.
+ */
+function expandReceiveChangeShorthand(descriptor) {
+    return descriptor.replace(/\/\*\*/g, '/<0;1>/*');
+}
+/**
+ * Parses a multipath tuple body from `<...>`.
+ *
+ * This implementation intentionally accepts only decimal numbers (no hardened
+ * suffixes) and enforces strict left-to-right increase as a safety feature to
+ * catch likely human errors such as `<1;0>`.
+ */
+function parseMultipathTuple(tupleBody) {
+    const parts = tupleBody.split(';');
+    if (parts.length < 2)
+        throw new Error(`Error: multipath tuple must contain at least 2 values, got <${tupleBody}>`);
+    const values = parts.map(part => {
+        if (!/^(0|[1-9]\d*)$/.test(part))
+            throw new Error(`Error: multipath tuple values must be decimal numbers, got <${tupleBody}>`);
+        const value = Number(part);
+        if (!Number.isSafeInteger(value))
+            throw new Error(`Error: multipath tuple value overflow, got <${tupleBody}>`);
+        return value;
+    });
+    for (let i = 1; i < values.length; i++) {
+        const prev = values[i - 1];
+        const current = values[i];
+        if (prev === undefined || current === undefined)
+            throw new Error(`Error: invalid multipath tuple <${tupleBody}>`);
+        if (current <= prev)
+            throw new Error(`Error: multipath tuple values must be strictly increasing from left to right, got <${tupleBody}>`);
+    }
+    return values;
+}
+/**
+ * Resolves all multipath tuple segments (for example `/<0;1>/*`) in lockstep
+ * using the provided `change` value.
+ *
+ * - `/**` is first canonicalized to `/<0;1>/*`.
+ * - All tuples in the descriptor must have the same cardinality.
+ * - Tuple values must be strictly increasing decimal numbers.
+ * - `change` must match one of the values in each tuple.
+ */
+function resolveMultipathDescriptor({ descriptor, change }) {
+    const canonicalDescriptor = expandReceiveChangeShorthand(descriptor);
+    const tupleMatches = Array.from(canonicalDescriptor.matchAll(/\/<([^<>]+)>/g), match => ({
+        token: match[0],
+        tupleBody: match[1],
+        values: parseMultipathTuple(match[1])
+    }));
+    if (tupleMatches.length === 0)
+        return canonicalDescriptor;
+    if (change === undefined)
+        throw new Error(`Error: change was not provided for multipath descriptor`);
+    if (!Number.isInteger(change) || change < 0)
+        throw new Error(`Error: invalid change ${change}`);
+    const tupleSize = tupleMatches[0]?.values.length;
+    if (!tupleSize)
+        throw new Error(`Error: invalid multipath tuple`);
+    for (const tupleMatch of tupleMatches) {
+        if (tupleMatch.values.length !== tupleSize)
+            throw new Error(`Error: all multipath tuples must have the same number of options`);
+    }
+    let resolvedDescriptor = canonicalDescriptor;
+    for (const tupleMatch of tupleMatches) {
+        if (!tupleMatch.values.includes(change))
+            throw new Error(`Error: change ${change} not found in multipath tuple <${tupleMatch.tupleBody}>`);
+        resolvedDescriptor = resolvedDescriptor.replaceAll(tupleMatch.token, `/${change}`);
+    }
+    return resolvedDescriptor;
+}

package/dist/networkUtils.d.ts

@@ -0,0 +1,3 @@
+import type { Network } from 'bitcoinjs-lib';
+export declare function isBitcoinMainnet(network: Network): boolean;
+export declare function coinTypeFromNetwork(network: Network): 0 | 1;

package/dist/networkUtils.js

@@ -0,0 +1,16 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isBitcoinMainnet = isBitcoinMainnet;
+exports.coinTypeFromNetwork = coinTypeFromNetwork;
+const bitcoinjs_lib_1 = require("bitcoinjs-lib");
+function isBitcoinMainnet(network) {
+    return (network.bech32 === bitcoinjs_lib_1.networks.bitcoin.bech32 &&
+        network.bip32.public === bitcoinjs_lib_1.networks.bitcoin.bip32.public &&
+        network.bip32.private === bitcoinjs_lib_1.networks.bitcoin.bip32.private &&
+        network.pubKeyHash === bitcoinjs_lib_1.networks.bitcoin.pubKeyHash &&
+        network.scriptHash === bitcoinjs_lib_1.networks.bitcoin.scriptHash &&
+        network.wif === bitcoinjs_lib_1.networks.bitcoin.wif);
+}
+function coinTypeFromNetwork(network) {
+    return isBitcoinMainnet(network) ? 0 : 1;
+}

package/dist/parseUtils.d.ts

@@ -0,0 +1,7 @@
+export declare function splitTopLevelComma({ expression, onError }: {
+    expression: string;
+    onError: (expression: string) => Error;
+}): {
+    left: string;
+    right: string;
+} | null;

package/dist/parseUtils.js

@@ -0,0 +1,46 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.splitTopLevelComma = splitTopLevelComma;
+function splitTopLevelComma({ expression, onError }) {
+    let braceDepth = 0;
+    let parenDepth = 0;
+    let commaIndex = -1;
+    for (let i = 0; i < expression.length; i++) {
+        const char = expression[i];
+        if (!char)
+            continue;
+        if (char === '{') {
+            braceDepth++;
+        }
+        else if (char === '}') {
+            if (braceDepth === 0)
+                throw onError(expression);
+            braceDepth--;
+        }
+        else if (char === '(') {
+            //Track miniscript argument lists so we don't split on commas inside them.
+            parenDepth++;
+        }
+        else if (char === ')') {
+            if (parenDepth === 0)
+                throw onError(expression);
+            parenDepth--;
+        }
+        else if (char === ',') {
+            if (braceDepth === 0 && parenDepth === 0) {
+                if (commaIndex !== -1)
+                    throw onError(expression);
+                commaIndex = i;
+            }
+        }
+    }
+    if (braceDepth !== 0 || parenDepth !== 0)
+        throw onError(expression);
+    if (commaIndex === -1)
+        return null;
+    const left = expression.slice(0, commaIndex).trim();
+    const right = expression.slice(commaIndex + 1).trim();
+    if (!left || !right)
+        throw onError(expression);
+    return { left, right };
+}

package/dist/psbt.d.ts

@@ -1,40 +1,44 @@
-import type { PsbtInput } from 'bip174/src/lib/interfaces';
+import type { PsbtInput, TapBip32Derivation, TapLeafScript } from 'bip174';
 import type { KeyInfo } from './types';
 import { Network, Psbt } from 'bitcoinjs-lib';
 /**
  * This function must do two things:
  * 1. Check if the `input` can be finalized. If it can not be finalized, throw.
  *   ie. `Can not finalize input #${inputIndex}`
- * 2. Create the finalScriptSig and finalScriptWitness Buffers.
+ * 2. Create finalScriptSig and finalScriptWitness.
  */
 type FinalScriptsFunc = (inputIndex: number, // Which input is it?
 input: PsbtInput, // The PSBT input contents
-script: Buffer, // The "meaningful" locking script Buffer (redeemScript for P2SH etc.)
+script: Uint8Array, // The "meaningful" locking script (redeemScript for P2SH etc.)
 isSegwit: boolean, // Is it segwit?
 isP2SH: boolean, // Is it P2SH?
 isP2WSH: boolean) => {
-    finalScriptSig: Buffer | undefined;
-    finalScriptWitness: Buffer | undefined;
+    finalScriptSig: Uint8Array | undefined;
+    finalScriptWitness: Uint8Array | undefined;
 };
-export declare function finalScriptsFuncFactory(scriptSatisfaction: Buffer, network: Network): FinalScriptsFunc;
+export declare function finalScriptsFuncFactory(scriptSatisfaction: Uint8Array, network: Network): FinalScriptsFunc;
 /**
- * Important: Read comments on descriptor.updatePsbt regarding not passing txHex
+ * Important: Read comments on Output.updatePsbtAsInput regarding not passing txHex
  */
-export declare function updatePsbt({ psbt, vout, txHex, txId, value, sequence, locktime, keysInfo, scriptPubKey, isSegwit, tapInternalKey, witnessScript, redeemScript, rbf }: {
+export declare function addPsbtInput({ psbt, vout, txHex, txId, value, sequence, locktime, keysInfo, scriptPubKey, isSegwit, tapInternalKey, tapLeafScript, tapBip32Derivation, witnessScript, redeemScript, rbf }: {
     psbt: Psbt;
     vout: number;
     txHex?: string;
     txId?: string;
-    value?: number;
+    value?: bigint;
     sequence: number | undefined;
     locktime: number | undefined;
     keysInfo: KeyInfo[];
-    scriptPubKey: Buffer;
+    scriptPubKey: Uint8Array;
     isSegwit: boolean;
     /** for taproot **/
-    tapInternalKey?: Buffer | undefined;
-    witnessScript: Buffer | undefined;
-    redeemScript: Buffer | undefined;
+    tapInternalKey?: Uint8Array | undefined;
+    /** for taproot script-path **/
+    tapLeafScript?: TapLeafScript[] | undefined;
+    /** for taproot **/
+    tapBip32Derivation?: TapBip32Derivation[] | undefined;
+    witnessScript: Uint8Array | undefined;
+    redeemScript: Uint8Array | undefined;
     rbf: boolean;
 }): number;
 export {};

package/dist/psbt.js

@@ -3,43 +3,23 @@
 // Distributed under the MIT software license
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.finalScriptsFuncFactory = finalScriptsFuncFactory;
-exports.updatePsbt = updatePsbt;
+exports.addPsbtInput = addPsbtInput;
 const bitcoinjs_lib_1 = require("bitcoinjs-lib");
-const varuint_bitcoin_1 = require("varuint-bitcoin");
-function reverseBuffer(buffer) {
+const uint8array_tools_1 = require("uint8array-tools");
+const bitcoinjs_lib_internals_1 = require("./bitcoinjs-lib-internals");
+function reverseBytes(buffer) {
     if (buffer.length < 1)
         return buffer;
-    let j = buffer.length - 1;
+    const copy = Uint8Array.from(buffer);
+    let j = copy.length - 1;
     let tmp = 0;
-    for (let i = 0; i < buffer.length / 2; i++) {
-        tmp = buffer[i];
-        buffer[i] = buffer[j];
-        buffer[j] = tmp;
+    for (let i = 0; i < copy.length / 2; i++) {
+        tmp = copy[i];
+        copy[i] = copy[j];
+        copy[j] = tmp;
         j--;
     }
-    return buffer;
-}
-function witnessStackToScriptWitness(witness) {
-    let buffer = Buffer.allocUnsafe(0);
-    function writeSlice(slice) {
-        buffer = Buffer.concat([buffer, Buffer.from(slice)]);
-    }
-    function writeVarInt(i) {
-        const currentLen = buffer.length;
-        const varintLen = (0, varuint_bitcoin_1.encodingLength)(i);
-        buffer = Buffer.concat([buffer, Buffer.allocUnsafe(varintLen)]);
-        (0, varuint_bitcoin_1.encode)(i, buffer, currentLen);
-    }
-    function writeVarSlice(slice) {
-        writeVarInt(slice.length);
-        writeSlice(slice);
-    }
-    function writeVector(vector) {
-        writeVarInt(vector.length);
-        vector.forEach(writeVarSlice);
-    }
-    writeVector(witness);
-    return buffer;
+    return copy;
 }
 function finalScriptsFuncFactory(scriptSatisfaction, network) {
     const finalScriptsFunc = (_index, _input, lockingScript /*witnessScript or redeemScript*/, isSegwit, isP2SH, _isP2WSH) => {
@@ -53,7 +33,7 @@ function finalScriptsFuncFactory(scriptSatisfaction, network) {
             });
             if (!payment.witness)
                 throw new Error(`Error: p2wsh failed producing a witness`);
-            finalScriptWitness = witnessStackToScriptWitness(payment.witness);
+            finalScriptWitness = (0, bitcoinjs_lib_internals_1.witnessStackToScriptWitness)(payment.witness);
         }
         //p2sh-p2wsh
         else if (isSegwit && isP2SH) {
@@ -66,7 +46,7 @@ function finalScriptsFuncFactory(scriptSatisfaction, network) {
             });
             if (!payment.witness)
                 throw new Error(`Error: p2sh-p2wsh failed producing a witness`);
-            finalScriptWitness = witnessStackToScriptWitness(payment.witness);
+            finalScriptWitness = (0, bitcoinjs_lib_internals_1.witnessStackToScriptWitness)(payment.witness);
             finalScriptSig = payment.input;
         }
         //p2sh
@@ -84,9 +64,14 @@ function finalScriptsFuncFactory(scriptSatisfaction, network) {
     return finalScriptsFunc;
 }
 /**
- * Important: Read comments on descriptor.updatePsbt regarding not passing txHex
+ * Important: Read comments on Output.updatePsbtAsInput regarding not passing txHex
  */
-function updatePsbt({ psbt, vout, txHex, txId, value, sequence, locktime, keysInfo, scriptPubKey, isSegwit, tapInternalKey, witnessScript, redeemScript, rbf }) {
+function addPsbtInput({ psbt, vout, txHex, txId, value, sequence, locktime, keysInfo, scriptPubKey, isSegwit, tapInternalKey, tapLeafScript, tapBip32Derivation, witnessScript, redeemScript, rbf }) {
+    if (value !== undefined && typeof value !== 'bigint')
+        throw new Error(`Error: value must be a bigint`);
+    if (value !== undefined && value < 0n)
+        throw new Error(`Error: value must be >= 0n`);
+    let normalizedValue = value;
     //Some data-sanity checks:
     if (sequence !== undefined && rbf && sequence > 0xfffffffd)
         throw new Error(`Error: incompatible sequence and rbf settings`);
@@ -104,7 +89,7 @@ function updatePsbt({ psbt, vout, txHex, txId, value, sequence, locktime, keysIn
         const outputScript = out.script;
         if (!outputScript)
             throw new Error(`Error: could not extract outputScript for txHex ${txHex} and vout ${vout}`);
-        if (Buffer.compare(outputScript, scriptPubKey) !== 0)
+        if ((0, uint8array_tools_1.compare)(outputScript, scriptPubKey) !== 0)
             throw new Error(`Error: txHex ${txHex} for vout ${vout} does not correspond to scriptPubKey ${scriptPubKey}`);
         if (txId !== undefined) {
             if (tx.getId() !== txId)
@@ -113,15 +98,15 @@ function updatePsbt({ psbt, vout, txHex, txId, value, sequence, locktime, keysIn
         else {
             txId = tx.getId();
         }
-        if (value !== undefined) {
-            if (out.value !== value)
+        if (normalizedValue !== undefined) {
+            if (out.value !== normalizedValue)
                 throw new Error(`Error: value for ${txHex} and vout ${vout} does not correspond to ${value}`);
         }
         else {
-            value = out.value;
+            normalizedValue = out.value;
         }
     }
-    if (txId === undefined || !value)
+    if (txId === undefined || normalizedValue === undefined)
         throw new Error(`Error: txHex+vout required. Alternatively, but ONLY for Segwit inputs, txId+value can also be passed.`);
     if (locktime) {
         if (psbt.locktime && psbt.locktime !== locktime)
@@ -149,7 +134,7 @@ function updatePsbt({ psbt, vout, txHex, txId, value, sequence, locktime, keysIn
         }
     }
     const input = {
-        hash: reverseBuffer(Buffer.from(txId, 'hex')),
+        hash: reverseBytes((0, uint8array_tools_1.fromHex)(txId)),
         index: vout
     };
     if (txHex !== undefined) {
@@ -157,7 +142,7 @@ function updatePsbt({ psbt, vout, txHex, txId, value, sequence, locktime, keysIn
     }
     if (tapInternalKey) {
         //Taproot
-        const tapBip32Derivation = keysInfo
+        const fallbackTapBip32Derivation = keysInfo
             .filter((keyInfo) => keyInfo.pubkey && keyInfo.masterFingerprint && keyInfo.path)
             .map((keyInfo) => {
             const pubkey = keyInfo.pubkey;
@@ -167,16 +152,15 @@ function updatePsbt({ psbt, vout, txHex, txId, value, sequence, locktime, keysIn
                 masterFingerprint: keyInfo.masterFingerprint,
                 pubkey,
                 path: keyInfo.path,
-                leafHashes: [] // TODO: Empty array for tr(KEY) taproot key spend - this is the only type currently supported
+                leafHashes: []
             };
         });
-        if (tapBip32Derivation.length)
-            input.tapBip32Derivation = tapBip32Derivation;
+        const resolvedTapBip32Derivation = tapBip32Derivation || fallbackTapBip32Derivation;
+        if (resolvedTapBip32Derivation.length)
+            input.tapBip32Derivation = resolvedTapBip32Derivation;
         input.tapInternalKey = tapInternalKey;
-        //TODO: currently only single-key taproot supported.
-        //https://github.com/bitcoinjs/bitcoinjs-lib/blob/6ba8bb3ce20ba533eeaba6939cfc2891576d9969/test/integration/taproot.spec.ts#L243
-        if (tapBip32Derivation.length > 1)
-            throw new Error('Only single key taproot inputs are currently supported');
+        if (tapLeafScript && tapLeafScript.length > 0)
+            input.tapLeafScript = tapLeafScript;
     }
     else {
         const bip32Derivation = keysInfo
@@ -196,7 +180,7 @@ function updatePsbt({ psbt, vout, txHex, txId, value, sequence, locktime, keysIn
     }
     if (isSegwit && txHex !== undefined) {
         //There's no need to put both witnessUtxo and nonWitnessUtxo
-        input.witnessUtxo = { script: scriptPubKey, value };
+        input.witnessUtxo = { script: scriptPubKey, value: normalizedValue };
     }
     if (sequence !== undefined)
         input.sequence = sequence;

package/dist/resourceLimits.d.ts

@@ -0,0 +1,25 @@
+import type { Network } from 'bitcoinjs-lib';
+export declare const MAX_SCRIPT_ELEMENT_SIZE = 520;
+export declare const MAX_STANDARD_P2WSH_SCRIPT_SIZE = 3600;
+export declare function assertScriptNonPushOnlyOpsLimit({ script }: {
+    script: Uint8Array;
+}): void;
+/**
+ * Enforces consensus stack resource limits.
+ */
+export declare function assertConsensusStackResourceLimits({ stackItems, stackLabel, stackItemLabel }: {
+    stackItems: Uint8Array[];
+    stackLabel?: string;
+    stackItemLabel?: string;
+}): void;
+export declare function assertWitnessV0SatisfactionResourceLimits({ stackItems }: {
+    stackItems: Uint8Array[];
+}): void;
+export declare function assertTaprootScriptPathSatisfactionResourceLimits({ stackItems }: {
+    stackItems: Uint8Array[];
+}): void;
+export declare function assertP2shScriptSigStandardSize({ scriptSatisfaction, redeemScript, network }: {
+    scriptSatisfaction: Uint8Array;
+    redeemScript: Uint8Array;
+    network: Network;
+}): void;