@bitcoinerlab/descriptors 2.3.6 → 3.0.1

package/dist/resourceLimits.js

@@ -0,0 +1,89 @@
+"use strict";
+// Copyright (c) 2026 Jose-Luis Landabaso
+// Distributed under the MIT software license
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MAX_STANDARD_P2WSH_SCRIPT_SIZE = exports.MAX_SCRIPT_ELEMENT_SIZE = void 0;
+exports.assertScriptNonPushOnlyOpsLimit = assertScriptNonPushOnlyOpsLimit;
+exports.assertConsensusStackResourceLimits = assertConsensusStackResourceLimits;
+exports.assertWitnessV0SatisfactionResourceLimits = assertWitnessV0SatisfactionResourceLimits;
+exports.assertTaprootScriptPathSatisfactionResourceLimits = assertTaprootScriptPathSatisfactionResourceLimits;
+exports.assertP2shScriptSigStandardSize = assertP2shScriptSigStandardSize;
+const bitcoinjs_lib_1 = require("bitcoinjs-lib");
+const { p2sh } = bitcoinjs_lib_1.payments;
+// See Sipa's Miniscript "Resource limitations":
+// https://bitcoin.sipa.be/miniscript/
+// and Bitcoin Core policy/consensus constants.
+//https://github.com/bitcoin/bitcoin/blob/master/src/policy/policy.h
+// Consensus: max number of elements in initial stack (and stack+altstack after
+// each opcode execution).
+const MAX_STACK_SIZE = 1000;
+// Consensus: max size for any stack element is 520 bytes.
+// This is a per-element limit, not a full script-size limit.
+// In legacy P2SH, redeemScript is pushed as a stack element,
+// ( this is why we typically say that the redeemScript cannot be larger than 520 ).
+// But the same per-element rule applies to other stack items as well.
+exports.MAX_SCRIPT_ELEMENT_SIZE = 520;
+// Standardness policy limits.
+// See Sipa's Miniscript "Resource limitations":
+// https://bitcoin.sipa.be/miniscript/
+// and Bitcoin Core policy/consensus constants.
+//https://github.com/bitcoin/bitcoin/blob/master/src/policy/policy.h
+exports.MAX_STANDARD_P2WSH_SCRIPT_SIZE = 3600;
+const MAX_STANDARD_P2WSH_STACK_ITEMS = 100;
+const MAX_OPS_PER_SCRIPT = 201;
+const MAX_STANDARD_SCRIPTSIG_SIZE = 1650;
+const MAX_STANDARD_P2WSH_STACK_ITEM_SIZE = 80;
+const MAX_STANDARD_TAPSCRIPT_STACK_ITEM_SIZE = 80;
+function countNonPushOnlyOPs(script) {
+    const chunks = bitcoinjs_lib_1.script.decompile(script);
+    if (!chunks)
+        throw new Error(`Error: could not decompile ${script}`);
+    return bitcoinjs_lib_1.script.countNonPushOnlyOPs(chunks);
+}
+function assertScriptNonPushOnlyOpsLimit({ script }) {
+    const nonPushOnlyOps = countNonPushOnlyOPs(script);
+    if (nonPushOnlyOps > MAX_OPS_PER_SCRIPT)
+        throw new Error(`Error: too many non-push ops, ${nonPushOnlyOps} non-push ops is larger than ${MAX_OPS_PER_SCRIPT}`);
+}
+/**
+ * Enforces consensus stack resource limits.
+ */
+function assertConsensusStackResourceLimits({ stackItems, stackLabel = 'stack', stackItemLabel = 'stack item' }) {
+    if (stackItems.length > MAX_STACK_SIZE)
+        throw new Error(`Error: ${stackLabel} has too many items, ${stackItems.length} is larger than ${MAX_STACK_SIZE}`);
+    for (const stackItem of stackItems) {
+        if (stackItem.length > exports.MAX_SCRIPT_ELEMENT_SIZE)
+            throw new Error(`Error: ${stackItemLabel} is too large, ${stackItem.length} bytes is larger than ${exports.MAX_SCRIPT_ELEMENT_SIZE} bytes`);
+    }
+}
+function assertWitnessV0SatisfactionResourceLimits({ stackItems }) {
+    assertConsensusStackResourceLimits({ stackItems });
+    if (stackItems.length > MAX_STANDARD_P2WSH_STACK_ITEMS)
+        throw new Error(`Error: witness stack has too many items, ${stackItems.length} is larger than ${MAX_STANDARD_P2WSH_STACK_ITEMS}`);
+    for (const stackItem of stackItems) {
+        if (stackItem.length > MAX_STANDARD_P2WSH_STACK_ITEM_SIZE)
+            throw new Error(`Error: witness stack item exceeds standard policy, ${stackItem.length} bytes is larger than ${MAX_STANDARD_P2WSH_STACK_ITEM_SIZE} bytes`);
+    }
+}
+function assertTaprootScriptPathSatisfactionResourceLimits({ stackItems }) {
+    assertConsensusStackResourceLimits({
+        stackItems,
+        stackLabel: 'taproot script-path stack',
+        stackItemLabel: 'taproot script-path stack item'
+    });
+    // Standardness policy for tapscript (leaf version 0xc0): <= 80 bytes.
+    for (const stackItem of stackItems) {
+        if (stackItem.length > MAX_STANDARD_TAPSCRIPT_STACK_ITEM_SIZE)
+            throw new Error(`Error: taproot script-path stack item exceeds standard policy, ${stackItem.length} bytes is larger than ${MAX_STANDARD_TAPSCRIPT_STACK_ITEM_SIZE} bytes`);
+    }
+}
+function assertP2shScriptSigStandardSize({ scriptSatisfaction, redeemScript, network }) {
+    const scriptSig = p2sh({
+        redeem: { input: scriptSatisfaction, output: redeemScript, network },
+        network
+    }).input;
+    if (!scriptSig)
+        throw new Error(`Error: could not build scriptSig from satisfaction`);
+    if (scriptSig.length > MAX_STANDARD_SCRIPTSIG_SIZE)
+        throw new Error(`Error: scriptSig is too large, ${scriptSig.length} bytes is larger than ${MAX_STANDARD_SCRIPTSIG_SIZE} bytes`);
+}

package/dist/scriptExpressions.d.ts

@@ -1,5 +1,5 @@
 import { Network } from 'bitcoinjs-lib';
-import type { LedgerState, LedgerManager } from './ledger';
+import type { LedgerManager } from './ledger';
 import type { BIP32Interface } from 'bip32';
 /** @function */
 export declare const pkhBIP32: ({ masterNode, network, keyPath, account, change, index, isPublic }: {
@@ -62,82 +62,34 @@ export declare const trBIP32: ({ masterNode, network, keyPath, account, change,
     isPublic?: boolean;
 }) => string;
 /** @function */
-export declare const pkhLedger: {
-    ({ ledgerManager, account, keyPath, change, index }: {
-        ledgerManager: LedgerManager;
-        account: number;
-        keyPath?: string;
-        change?: number | undefined;
-        index?: number | undefined | "*";
-    }): Promise<string>;
-    ({ ledgerClient, ledgerState, network, account, keyPath, change, index }: {
-        ledgerClient: unknown;
-        ledgerState: LedgerState;
-        /** @default networks.bitcoin */
-        network?: Network;
-        account: number;
-        keyPath?: string;
-        change?: number | undefined;
-        index?: number | undefined | "*";
-    }): Promise<string>;
-};
+export declare const pkhLedger: ({ ledgerManager, account, keyPath, change, index }: {
+    ledgerManager: LedgerManager;
+    account: number;
+    keyPath?: string;
+    change?: number | undefined;
+    index?: number | undefined | "*";
+}) => Promise<string>;
 /** @function */
-export declare const shWpkhLedger: {
-    ({ ledgerManager, account, keyPath, change, index }: {
-        ledgerManager: LedgerManager;
-        account: number;
-        keyPath?: string;
-        change?: number | undefined;
-        index?: number | undefined | "*";
-    }): Promise<string>;
-    ({ ledgerClient, ledgerState, network, account, keyPath, change, index }: {
-        ledgerClient: unknown;
-        ledgerState: LedgerState;
-        /** @default networks.bitcoin */
-        network?: Network;
-        account: number;
-        keyPath?: string;
-        change?: number | undefined;
-        index?: number | undefined | "*";
-    }): Promise<string>;
-};
+export declare const shWpkhLedger: ({ ledgerManager, account, keyPath, change, index }: {
+    ledgerManager: LedgerManager;
+    account: number;
+    keyPath?: string;
+    change?: number | undefined;
+    index?: number | undefined | "*";
+}) => Promise<string>;
 /** @function */
-export declare const wpkhLedger: {
-    ({ ledgerManager, account, keyPath, change, index }: {
-        ledgerManager: LedgerManager;
-        account: number;
-        keyPath?: string;
-        change?: number | undefined;
-        index?: number | undefined | "*";
-    }): Promise<string>;
-    ({ ledgerClient, ledgerState, network, account, keyPath, change, index }: {
-        ledgerClient: unknown;
-        ledgerState: LedgerState;
-        /** @default networks.bitcoin */
-        network?: Network;
-        account: number;
-        keyPath?: string;
-        change?: number | undefined;
-        index?: number | undefined | "*";
-    }): Promise<string>;
-};
+export declare const wpkhLedger: ({ ledgerManager, account, keyPath, change, index }: {
+    ledgerManager: LedgerManager;
+    account: number;
+    keyPath?: string;
+    change?: number | undefined;
+    index?: number | undefined | "*";
+}) => Promise<string>;
 /** @function */
-export declare const trLedger: {
-    ({ ledgerManager, account, keyPath, change, index }: {
-        ledgerManager: LedgerManager;
-        account: number;
-        keyPath?: string;
-        change?: number | undefined;
-        index?: number | undefined | "*";
-    }): Promise<string>;
-    ({ ledgerClient, ledgerState, network, account, keyPath, change, index }: {
-        ledgerClient: unknown;
-        ledgerState: LedgerState;
-        /** @default networks.bitcoin */
-        network?: Network;
-        account: number;
-        keyPath?: string;
-        change?: number | undefined;
-        index?: number | undefined | "*";
-    }): Promise<string>;
-};
+export declare const trLedger: ({ ledgerManager, account, keyPath, change, index }: {
+    ledgerManager: LedgerManager;
+    account: number;
+    keyPath?: string;
+    change?: number | undefined;
+    index?: number | undefined | "*";
+}) => Promise<string>;

package/dist/scriptExpressions.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.trLedger = exports.wpkhLedger = exports.shWpkhLedger = exports.pkhLedger = exports.trBIP32 = exports.wpkhBIP32 = exports.shWpkhBIP32 = exports.pkhBIP32 = void 0;
 const bitcoinjs_lib_1 = require("bitcoinjs-lib");
 const keyExpressions_1 = require("./keyExpressions");
+const networkUtils_1 = require("./networkUtils");
 function assertStandardKeyPath(keyPath) {
     // Regular expression to match "/change/index" or "/change/*" format
     const regex = /^\/[01]\/(\d+|\*)$/;
@@ -25,7 +26,7 @@ function standardExpressionsBIP32Maker(purpose, scriptTemplate) {
      * - `{change:0, index:'*'}`.
      */
     function standardScriptExpressionBIP32({ masterNode, network = bitcoinjs_lib_1.networks.bitcoin, keyPath, account, change, index, isPublic = true }) {
-        const originPath = `/${purpose}'/${network === bitcoinjs_lib_1.networks.bitcoin ? 0 : 1}'/${account}'`;
+        const originPath = `/${purpose}'/${(0, networkUtils_1.coinTypeFromNetwork)(network)}'/${account}'`;
         if (keyPath !== undefined)
             assertStandardKeyPath(keyPath);
         const keyExpression = (0, keyExpressions_1.keyExpressionBIP32)({
@@ -49,24 +50,26 @@ exports.wpkhBIP32 = standardExpressionsBIP32Maker(84, 'wpkh(KEYEXPRESSION)');
 /** @function */
 exports.trBIP32 = standardExpressionsBIP32Maker(86, 'tr(KEYEXPRESSION)');
 function standardExpressionsLedgerMaker(purpose, scriptTemplate) {
-    /** @overload */
-    async function standardScriptExpressionLedger({ ledgerClient, ledgerState, ledgerManager, network, account, keyPath, change, index }) {
-        if (ledgerManager && (ledgerClient || ledgerState))
-            throw new Error(`ledgerClient and ledgerState have been deprecated`);
-        if (ledgerManager && network)
-            throw new Error(`ledgerManager already includes the network object`);
-        if (!ledgerManager && !network)
-            network = bitcoinjs_lib_1.networks.bitcoin;
-        if (ledgerManager)
-            ({ ledgerClient, ledgerState, network } = ledgerManager);
-        if (!ledgerClient || !ledgerState)
-            throw new Error(`Could not retrieve ledgerClient or ledgerState`);
-        const originPath = `/${purpose}'/${network === bitcoinjs_lib_1.networks.bitcoin ? 0 : 1}'/${account}'`;
+    /**
+     * Computes the standard descriptor based on given parameters.
+     *
+     * You can define the output location either by:
+     * - Providing the full `keyPath` (e.g., "/0/2").
+     * OR
+     * - Specifying the `change` and `index` values separately (e.g., `{change:0, index:2}`).
+     *
+     * For ranged indexing, the `index` can be set as a wildcard '*'. For example:
+     * - `keyPath="/0/*"`
+     * OR
+     * - `{change:0, index:'*'}`.
+     */
+    async function standardScriptExpressionLedger({ ledgerManager, account, keyPath, change, index }) {
+        const { network } = ledgerManager;
+        const originPath = `/${purpose}'/${(0, networkUtils_1.coinTypeFromNetwork)(network)}'/${account}'`;
         if (keyPath !== undefined)
             assertStandardKeyPath(keyPath);
         const keyExpression = await (0, keyExpressions_1.keyExpressionLedger)({
-            ledgerClient,
-            ledgerState,
+            ledgerManager,
             originPath,
             keyPath,
             change,

package/dist/signers.d.ts

@@ -1,8 +1,7 @@
 import type { Psbt } from 'bitcoinjs-lib';
 import type { ECPairInterface } from 'ecpair';
 import type { BIP32Interface } from 'bip32';
-import type { DescriptorInstance } from './descriptors';
-import { LedgerState, LedgerManager } from './ledger';
+import { LedgerManager } from './ledger';
 /**
  * Signs a specific input of a PSBT with an ECPair.
  *
@@ -69,16 +68,6 @@ export declare function signInputLedger({ psbt, index, ledgerManager }: {
     index: number;
     ledgerManager: LedgerManager;
 }): Promise<void>;
-/**
- * @hidden
- */
-export declare function signInputLedger({ psbt, index, descriptor, ledgerClient, ledgerState }: {
-    psbt: Psbt;
-    index: number;
-    descriptor: DescriptorInstance;
-    ledgerClient: unknown;
-    ledgerState: LedgerState;
-}): Promise<void>;
 /**
  * Signs the inputs of the `psbt` where the keys are controlled by a Ledger
  * device.
@@ -93,12 +82,3 @@ export declare function signLedger({ psbt, ledgerManager }: {
     psbt: Psbt;
     ledgerManager: LedgerManager;
 }): Promise<void>;
-/**
- * @hidden
- */
-export declare function signLedger({ psbt, descriptors, ledgerClient, ledgerState }: {
-    psbt: Psbt;
-    descriptors: DescriptorInstance[];
-    ledgerClient: unknown;
-    ledgerState: LedgerState;
-}): Promise<void>;

package/dist/signers.js

@@ -8,8 +8,7 @@ exports.signInputBIP32 = signInputBIP32;
 exports.signBIP32 = signBIP32;
 exports.signInputLedger = signInputLedger;
 exports.signLedger = signLedger;
-const bip371_1 = require("bitcoinjs-lib/src/psbt/bip371");
-const bip341_1 = require("bitcoinjs-lib/src/payments/bip341");
+const bitcoinjs_lib_internals_1 = require("./bitcoinjs-lib-internals");
 const ledger_1 = require("./ledger");
 const applyPR2137_1 = require("./applyPR2137");
 function range(n) {
@@ -39,12 +38,12 @@ function signInputECPair({ psbt, index, ecpair }) {
     const input = psbt.data.inputs[index];
     if (!input)
         throw new Error('Invalid index');
-    if ((0, bip371_1.isTaprootInput)(input)) {
+    if ((0, bitcoinjs_lib_internals_1.isTaprootInput)(input)) {
         // If script-path (tapLeafScript present) -> DO NOT TWEAK
         if (input.tapLeafScript && input.tapLeafScript.length > 0)
             psbt.signInput(index, ecpair);
         else {
-            const hash = (0, bip341_1.tapTweakHash)(Buffer.from(ecpair.publicKey.slice(1, 33)), undefined);
+            const hash = (0, bitcoinjs_lib_internals_1.tapTweakHash)(ecpair.publicKey.slice(1, 33), undefined);
             const tweakedEcpair = ecpair.tweak(hash);
             psbt.signInput(index, tweakedEcpair);
         }
@@ -101,136 +100,91 @@ function signBIP32({ psbt, masterNode }) {
 }
 const ledgerSignaturesForInputIndex = (index, ledgerSignatures) => ledgerSignatures
     .filter(([i]) => i === index)
-    .map(([_i, partialSignature]) => ({
-    pubkey: partialSignature.pubkey,
-    signature: partialSignature.signature
-}));
-/**
- * To be removed in v3.0 and replaced by a version that does not accept
- * descriptor
- * @overload
- */
-async function signInputLedger({ psbt, index, descriptor, ledgerClient, ledgerState, ledgerManager }) {
-    if (!descriptor && !ledgerManager)
-        throw new Error(`ledgerManager not provided`);
-    if (descriptor && ledgerManager)
-        throw new Error(`Invalid usage: don't pass descriptor`);
-    if (ledgerManager && (ledgerClient || ledgerState))
-        throw new Error(`Invalid usage: either ledgerManager or ledgerClient + ledgerState`);
-    const output = descriptor;
-    if (ledgerManager)
-        ({ ledgerClient, ledgerState } = ledgerManager);
-    if (!ledgerClient)
-        throw new Error(`ledgerManager not provided`);
-    if (!ledgerState)
-        throw new Error(`ledgerManager not provided`);
-    const { PsbtV2, DefaultWalletPolicy, WalletPolicy, AppClient } = (await (0, ledger_1.importAndValidateLedgerBitcoin)(ledgerClient));
-    if (!(ledgerClient instanceof AppClient))
-        throw new Error(`Error: pass a valid ledgerClient`);
-    let ledgerSignatures;
-    if (ledgerManager) {
-        if (psbt.data.inputs[index]?.tapInternalKey)
-            throw new Error('Taproot inputs not yet supported for the Ledger device');
-        const policy = await (0, ledger_1.ledgerPolicyFromPsbtInput)({
-            psbt,
-            index,
-            ledgerManager
-        });
-        if (!policy)
-            throw new Error(`Error: the ledger cannot sign this pstb input`);
-        if (policy.policyName && policy.policyHmac && policy.policyId) {
-            //non-standard policy
-            const walletPolicy = new WalletPolicy(policy.policyName, policy.ledgerTemplate, policy.keyRoots);
-            ledgerSignatures = await ledgerClient.signPsbt(new PsbtV2().fromBitcoinJS(psbt), walletPolicy, policy.policyHmac);
+    .map(([_i, partialSignature]) => partialSignature);
+function addLedgerSignaturesToInput({ psbt, index, ledgerSignatures }) {
+    const input = psbt.data.inputs[index];
+    if (!input)
+        throw new Error(`Error: input ${index} not available`);
+    const signatures = ledgerSignaturesForInputIndex(index, ledgerSignatures);
+    if (signatures.length === 0)
+        throw new Error(`Error: no ledger signatures found for input ${index}`);
+    if ((0, bitcoinjs_lib_internals_1.isTaprootInput)(input)) {
+        // Ledger returns per-input signatures as [pubkey, signature, tapleafHash?].
+        // For taproot we must map them to PSBT taproot fields (not partialSig):
+        // - signatures with tapleafHash -> tapScriptSig[] (script-path)
+        // - signature without tapleafHash -> tapKeySig (key-path)
+        // A taproot input may contain script-path signatures, key-path signature,
+        // or both in edge cases; each must be written to its corresponding field.
+        const tapScriptSig = signatures
+            .filter((sig) => sig.tapleafHash)
+            .map((sig) => ({
+            pubkey: sig.pubkey,
+            signature: sig.signature,
+            leafHash: sig.tapleafHash
+        }));
+        const tapKeySigs = signatures.filter((sig) => !sig.tapleafHash);
+        if (tapScriptSig.length > 0) {
+            psbt.updateInput(index, { tapScriptSig });
         }
-        else {
-            //standard policy
-            ledgerSignatures = await ledgerClient.signPsbt(new PsbtV2().fromBitcoinJS(psbt), new DefaultWalletPolicy(policy.ledgerTemplate, policy.keyRoots[0]), null);
+        if (tapKeySigs.length > 1)
+            throw new Error(`Error: expected at most one tapKeySig for input ${index}`);
+        const tapKeySig = tapKeySigs[0]?.signature;
+        if (tapKeySig) {
+            psbt.updateInput(index, { tapKeySig });
         }
+        if (tapScriptSig.length === 0 && !tapKeySig)
+            throw new Error(`Error: no valid taproot ledger signatures found for input ${index}`);
     }
     else {
-        if (!output)
-            throw new Error(`outputs not provided`);
-        const result = await (0, ledger_1.ledgerPolicyFromOutput)({
-            output,
-            ledgerClient,
-            ledgerState
-        });
-        if (!result)
-            throw new Error(`Error: output does not have a ledger input`);
-        const { ledgerTemplate, keyRoots } = result;
-        const standardPolicy = await (0, ledger_1.ledgerPolicyFromStandard)({
-            output,
-            ledgerClient,
-            ledgerState
-        });
-        if (standardPolicy) {
-            ledgerSignatures = await ledgerClient.signPsbt(new PsbtV2().fromBitcoinJS(psbt), new DefaultWalletPolicy(ledgerTemplate, keyRoots[0]), null);
-        }
-        else {
-            const policy = await (0, ledger_1.ledgerPolicyFromState)({
-                output,
-                ledgerClient,
-                ledgerState
-            });
-            if (!policy || !policy.policyName || !policy.policyHmac)
-                throw new Error(`Error: the descriptor's policy is not registered`);
-            const walletPolicy = new WalletPolicy(policy.policyName, ledgerTemplate, keyRoots);
-            ledgerSignatures = await ledgerClient.signPsbt(new PsbtV2().fromBitcoinJS(psbt), walletPolicy, policy.policyHmac);
-        }
+        const partialSig = signatures.map((sig) => ({
+            pubkey: sig.pubkey,
+            signature: sig.signature
+        }));
+        psbt.updateInput(index, { partialSig });
     }
-    //Add the signatures to the Psbt object using PartialSig format:
-    psbt.updateInput(index, {
-        partialSig: ledgerSignaturesForInputIndex(index, ledgerSignatures)
+}
+async function signInputLedger({ psbt, index, ledgerManager }) {
+    const { ledgerClient } = ledgerManager;
+    const { DefaultWalletPolicy, WalletPolicy, AppClient } = (await (0, ledger_1.importAndValidateLedgerBitcoin)(ledgerClient));
+    if (!(ledgerClient instanceof AppClient))
+        throw new Error(`Error: pass a valid ledgerClient`);
+    const policy = await (0, ledger_1.ledgerPolicyFromPsbtInput)({
+        psbt,
+        index,
+        ledgerManager
     });
+    if (!policy)
+        throw new Error(`Error: the ledger cannot sign this pstb input`);
+    let ledgerSignatures;
+    if (policy.policyName && policy.policyHmac && policy.policyId) {
+        //non-standard policy
+        const walletPolicy = new WalletPolicy(policy.policyName, policy.ledgerTemplate, policy.keyRoots);
+        const walletHmac = policy.policyHmac;
+        ledgerSignatures = await ledgerClient.signPsbt(psbt.toBase64(), walletPolicy, walletHmac);
+    }
+    else {
+        //standard policy
+        ledgerSignatures = await ledgerClient.signPsbt(psbt.toBase64(), new DefaultWalletPolicy(policy.ledgerTemplate, policy.keyRoots[0]), null);
+    }
+    addLedgerSignaturesToInput({ psbt, index, ledgerSignatures });
 }
-/**
- * To be removed in v3.0 and replaced by a version that does not accept
- * descriptors
- * @overload
- */
-async function signLedger({ psbt, descriptors, ledgerClient, ledgerState, ledgerManager }) {
-    if (!descriptors && !ledgerManager)
-        throw new Error(`ledgerManager not provided`);
-    if (descriptors && ledgerManager)
-        throw new Error(`Invalid usage: don't pass descriptors`);
-    if (ledgerManager && (ledgerClient || ledgerState))
-        throw new Error(`Invalid usage: either ledgerManager or ledgerClient + ledgerState`);
-    const outputs = descriptors;
-    if (ledgerManager)
-        ({ ledgerClient, ledgerState } = ledgerManager);
-    if (!ledgerClient)
-        throw new Error(`ledgerManager not provided`);
-    if (!ledgerState)
-        throw new Error(`ledgerManager not provided`);
-    const { PsbtV2, DefaultWalletPolicy, WalletPolicy, AppClient } = (await (0, ledger_1.importAndValidateLedgerBitcoin)(ledgerClient));
+async function signLedger({ psbt, ledgerManager }) {
+    const { ledgerClient } = ledgerManager;
+    const { DefaultWalletPolicy, WalletPolicy, AppClient } = (await (0, ledger_1.importAndValidateLedgerBitcoin)(ledgerClient));
     if (!(ledgerClient instanceof AppClient))
         throw new Error(`Error: pass a valid ledgerClient`);
     const ledgerPolicies = [];
-    if (ledgerManager)
-        for (let index = 0; index < psbt.data.inputs.length; index++) {
-            if (psbt.data.inputs[index]?.tapInternalKey)
-                throw new Error('Taproot inputs not yet supported for the Ledger device');
-            const policy = await (0, ledger_1.ledgerPolicyFromPsbtInput)({
-                psbt,
-                index,
-                ledgerManager
-            });
-            if (policy)
-                ledgerPolicies.push(policy);
-        }
-    else {
-        if (!outputs)
-            throw new Error(`outputs not provided`);
-        for (const output of outputs) {
-            const policy = (await (0, ledger_1.ledgerPolicyFromState)({ output, ledgerClient, ledgerState })) ||
-                (await (0, ledger_1.ledgerPolicyFromStandard)({ output, ledgerClient, ledgerState }));
-            if (policy)
-                ledgerPolicies.push(policy);
-        }
-        if (ledgerPolicies.length === 0)
-            throw new Error(`Error: there are no inputs which could be signed`);
+    for (let index = 0; index < psbt.data.inputs.length; index++) {
+        const policy = await (0, ledger_1.ledgerPolicyFromPsbtInput)({
+            psbt,
+            index,
+            ledgerManager
+        });
+        if (policy)
+            ledgerPolicies.push(policy);
     }
+    if (ledgerPolicies.length === 0)
+        throw new Error(`Error: there are no inputs which could be signed`);
     //cluster unique LedgerPolicies
     const uniquePolicies = [];
     for (const policy of ledgerPolicies) {
@@ -244,16 +198,18 @@ async function signLedger({ psbt, descriptors, ledgerClient, ledgerState, ledger
             uniquePolicy.policyId) {
             //non-standard policy
             const walletPolicy = new WalletPolicy(uniquePolicy.policyName, uniquePolicy.ledgerTemplate, uniquePolicy.keyRoots);
-            ledgerSignatures = await ledgerClient.signPsbt(new PsbtV2().fromBitcoinJS(psbt), walletPolicy, uniquePolicy.policyHmac);
+            const walletHmac = uniquePolicy.policyHmac;
+            ledgerSignatures = await ledgerClient.signPsbt(psbt.toBase64(), walletPolicy, walletHmac);
         }
         else {
             //standard policy
-            ledgerSignatures = await ledgerClient.signPsbt(new PsbtV2().fromBitcoinJS(psbt), new DefaultWalletPolicy(uniquePolicy.ledgerTemplate, uniquePolicy.keyRoots[0]), null);
+            ledgerSignatures = await ledgerClient.signPsbt(psbt.toBase64(), new DefaultWalletPolicy(uniquePolicy.ledgerTemplate, uniquePolicy.keyRoots[0]), null);
         }
-        for (const [index, ,] of ledgerSignatures) {
-            psbt.updateInput(index, {
-                partialSig: ledgerSignaturesForInputIndex(index, ledgerSignatures)
-            });
+        const signedIndexes = [
+            ...new Set(ledgerSignatures.map(([index]) => index))
+        ];
+        for (const index of signedIndexes) {
+            addLedgerSignaturesToInput({ psbt, index, ledgerSignatures });
         }
     }
 }