@bitgo/wasm-utxo 1.27.0 → 1.29.0

package/dist/cjs/js/testutils/AcidTest.js

@@ -0,0 +1,306 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AcidTest = exports.outputScriptTypes = exports.inputScriptTypes = exports.txFormats = exports.signStages = void 0;
+const BitGoPsbt_js_1 = require("../fixedScriptWallet/BitGoPsbt.js");
+const ZcashBitGoPsbt_js_1 = require("../fixedScriptWallet/ZcashBitGoPsbt.js");
+const ecpair_js_1 = require("../ecpair.js");
+const index_js_1 = require("../fixedScriptWallet/index.js");
+Object.defineProperty(exports, "inputScriptTypes", { enumerable: true, get: function () { return index_js_1.inputScriptTypes; } });
+Object.defineProperty(exports, "outputScriptTypes", { enumerable: true, get: function () { return index_js_1.outputScriptTypes; } });
+const coinName_js_1 = require("../coinName.js");
+const keys_js_1 = require("./keys.js");
+exports.signStages = ["unsigned", "halfsigned", "fullsigned"];
+exports.txFormats = ["psbt", "psbt-lite"];
+/**
+ * Creates a valid PSBT with as many features as possible (kitchen sink).
+ *
+ * - Inputs:
+ *   - All wallet script types supported by the network
+ *   - A p2shP2pk input (for replay protection)
+ * - Outputs:
+ *   - All wallet script types supported by the network
+ *   - A p2sh output with derivation info of a different wallet
+ *   - A p2sh output with no derivation info (external output)
+ *   - An OP_RETURN output
+ *
+ * Signature stages:
+ * - unsigned: No signatures
+ * - halfsigned: One signature per input (user key)
+ * - fullsigned: Two signatures per input (user + bitgo)
+ *
+ * Transaction formats:
+ * - psbt: Full PSBT with non_witness_utxo
+ * - psbt-lite: Only witness_utxo (no non_witness_utxo)
+ */
+class AcidTest {
+    network;
+    signStage;
+    txFormat;
+    rootWalletKeys;
+    otherWalletKeys;
+    inputs;
+    outputs;
+    // Store private keys for signing
+    userXprv;
+    backupXprv;
+    bitgoXprv;
+    constructor(network, signStage, txFormat, rootWalletKeys, otherWalletKeys, inputs, outputs, xprvTriple) {
+        this.network = network;
+        this.signStage = signStage;
+        this.txFormat = txFormat;
+        this.rootWalletKeys = rootWalletKeys;
+        this.otherWalletKeys = otherWalletKeys;
+        this.inputs = inputs;
+        this.outputs = outputs;
+        this.userXprv = xprvTriple[0];
+        this.backupXprv = xprvTriple[1];
+        this.bitgoXprv = xprvTriple[2];
+    }
+    /**
+     * Create an AcidTest with specific configuration
+     */
+    static withConfig(network, signStage, txFormat, suiteConfig = {}) {
+        const rootWalletKeys = (0, keys_js_1.getDefaultWalletKeys)();
+        const otherWalletKeys = (0, keys_js_1.getWalletKeysForSeed)("too many secrets");
+        // Filter inputs based on network support
+        const inputs = index_js_1.inputScriptTypes
+            .filter((scriptType) => {
+            // p2shP2pk is always supported (single-sig replay protection)
+            if (scriptType === "p2shP2pk")
+                return true;
+            // Map input script types to output script types for support check
+            if (scriptType === "p2trMusig2KeyPath" || scriptType === "p2trMusig2ScriptPath") {
+                return (0, index_js_1.supportsScriptType)(network, "p2trMusig2");
+            }
+            return (0, index_js_1.supportsScriptType)(network, scriptType);
+        })
+            .filter((scriptType) => (suiteConfig.includeP2trMusig2ScriptPath ?? false) ||
+            scriptType !== "p2trMusig2ScriptPath")
+            .map((scriptType, index) => ({
+            scriptType,
+            value: BigInt(10000 + index * 10000), // Deterministic amounts
+        }));
+        // Filter outputs based on network support
+        const outputs = index_js_1.outputScriptTypes
+            .filter((scriptType) => (0, index_js_1.supportsScriptType)(network, scriptType))
+            .map((scriptType, index) => ({
+            scriptType,
+            value: BigInt(900 + index * 100), // Deterministic amounts
+        }));
+        // Test other wallet output (with derivation info)
+        outputs.push({ scriptType: "p2sh", value: BigInt(800), walletKeys: otherWalletKeys });
+        // Test non-wallet output (no derivation info)
+        outputs.push({ scriptType: "p2sh", value: BigInt(700), walletKeys: null });
+        // Test OP_RETURN output
+        outputs.push({ opReturn: "setec astronomy", value: BigInt(0) });
+        // Get private keys for signing
+        const xprvTriple = (0, keys_js_1.getKeyTriple)("default");
+        return new AcidTest(network, signStage, txFormat, rootWalletKeys, otherWalletKeys, inputs, outputs, xprvTriple);
+    }
+    /**
+     * Get a human-readable name for this test configuration
+     */
+    get name() {
+        return `${this.network} ${this.signStage} ${this.txFormat}`;
+    }
+    /**
+     * Get the BIP32 user key for replay protection (p2shP2pk)
+     */
+    getReplayProtectionKey() {
+        return this.rootWalletKeys.userKey();
+    }
+    /**
+     * Create the actual PSBT with all inputs and outputs
+     */
+    createPsbt() {
+        // Use ZcashBitGoPsbt for Zcash networks
+        const isZcash = this.network === "zec" || this.network === "tzec";
+        const psbt = isZcash
+            ? ZcashBitGoPsbt_js_1.ZcashBitGoPsbt.createEmptyWithConsensusBranchId(this.network, this.rootWalletKeys, {
+                version: 2,
+                lockTime: 0,
+                consensusBranchId: 0xc2d6d0b4, // NU5
+            })
+            : BitGoPsbt_js_1.BitGoPsbt.createEmpty(this.network, this.rootWalletKeys, {
+                version: 2,
+                lockTime: 0,
+            });
+        // Add inputs with deterministic outpoints
+        this.inputs.forEach((input, index) => {
+            // Resolve scriptId: either from explicit scriptId or from scriptType + index
+            const scriptId = input.scriptId ?? {
+                chain: index_js_1.ChainCode.value("p2sh", "external"),
+                index: input.index ?? index,
+            };
+            const walletKeys = input.walletKeys ?? this.rootWalletKeys;
+            // Get scriptType: either explicit or derive from scriptId chain
+            const scriptType = input.scriptType ?? index_js_1.ChainCode.scriptType((0, index_js_1.assertChainCode)(scriptId.chain));
+            if (scriptType === "p2shP2pk") {
+                // Add replay protection input
+                const replayKey = this.getReplayProtectionKey();
+                // Convert BIP32 to ECPair using public key
+                const ecpair = ecpair_js_1.ECPair.fromPublicKey(replayKey.publicKey);
+                psbt.addReplayProtectionInput({
+                    txid: "0".repeat(64),
+                    vout: index,
+                    value: input.value,
+                }, ecpair);
+            }
+            else {
+                // Determine signing path based on input type
+                let signPath;
+                if (scriptType === "p2trMusig2ScriptPath") {
+                    // Script path uses user + backup
+                    signPath = { signer: "user", cosigner: "backup" };
+                }
+                else {
+                    // Default: user + bitgo
+                    signPath = { signer: "user", cosigner: "bitgo" };
+                }
+                psbt.addWalletInput({
+                    txid: "0".repeat(64),
+                    vout: index,
+                    value: input.value,
+                }, walletKeys, {
+                    scriptId,
+                    signPath,
+                });
+            }
+        });
+        // Add outputs
+        this.outputs.forEach((output, index) => {
+            if (output.opReturn !== undefined) {
+                // OP_RETURN output
+                const data = new TextEncoder().encode(output.opReturn);
+                const script = (0, index_js_1.createOpReturnScript)(data);
+                psbt.addOutput(script, output.value);
+            }
+            else if (output.address !== undefined) {
+                // Address-based output
+                psbt.addOutput(output.address, output.value);
+            }
+            else if (output.script !== undefined) {
+                // Raw script output
+                psbt.addOutput(output.script, output.value);
+            }
+            else {
+                // Wallet output: resolve scriptId from scriptType or explicit scriptId
+                const scriptId = output.scriptId ?? {
+                    chain: output.scriptType ? index_js_1.ChainCode.value(output.scriptType, "external") : 0,
+                    index: output.index ?? index,
+                };
+                if (output.walletKeys === null) {
+                    // External output (no wallet keys, no bip32 derivation)
+                    // Use high index for external outputs if not specified
+                    const externalScriptId = output.scriptId ?? {
+                        chain: scriptId.chain,
+                        index: output.index ?? 1000 + index,
+                    };
+                    const script = (0, index_js_1.outputScript)(this.rootWalletKeys, externalScriptId.chain, externalScriptId.index, this.network);
+                    psbt.addOutput(script, output.value);
+                }
+                else {
+                    // Wallet output (with or without different wallet keys)
+                    const walletKeys = output.walletKeys ?? this.rootWalletKeys;
+                    psbt.addWalletOutput(walletKeys, {
+                        chain: scriptId.chain,
+                        index: scriptId.index,
+                        value: output.value,
+                    });
+                }
+            }
+        });
+        // Apply signing based on stage
+        if (this.signStage !== "unsigned") {
+            this.signPsbt(psbt);
+        }
+        return psbt;
+    }
+    /**
+     * Sign the PSBT according to the sign stage
+     */
+    signPsbt(psbt) {
+        // Use private keys stored in constructor
+        const userKey = this.userXprv;
+        const backupKey = this.backupXprv;
+        const bitgoKey = this.bitgoXprv;
+        // Generate MuSig2 nonces for user if needed
+        const hasMusig2Inputs = this.inputs.some((input) => input.scriptType === "p2trMusig2KeyPath" || input.scriptType === "p2trMusig2ScriptPath");
+        if (hasMusig2Inputs) {
+            const isZcash = this.network === "zec" || this.network === "tzec";
+            if (isZcash) {
+                throw new Error("Zcash does not support MuSig2/Taproot inputs");
+            }
+            // Generate nonces with user key
+            psbt.generateMusig2Nonces(userKey);
+            if (this.signStage === "fullsigned") {
+                // Create a second PSBT with cosigner nonces for combination
+                // For p2trMusig2ScriptPath use backup, for p2trMusig2KeyPath use bitgo
+                // Since we might have both types, we need to generate nonces separately
+                const bytes = psbt.serialize();
+                const hasKeyPath = this.inputs.some((input) => input.scriptType === "p2trMusig2KeyPath");
+                const hasScriptPath = this.inputs.some((input) => input.scriptType === "p2trMusig2ScriptPath");
+                if (hasKeyPath && !hasScriptPath) {
+                    // Only key path inputs - generate bitgo nonces for all
+                    const psbt2 = BitGoPsbt_js_1.BitGoPsbt.fromBytes(bytes, this.network);
+                    psbt2.generateMusig2Nonces(bitgoKey);
+                    psbt.combineMusig2Nonces(psbt2);
+                }
+                else if (hasScriptPath && !hasKeyPath) {
+                    // Only script path inputs - generate backup nonces for all
+                    const psbt2 = BitGoPsbt_js_1.BitGoPsbt.fromBytes(bytes, this.network);
+                    psbt2.generateMusig2Nonces(backupKey);
+                    psbt.combineMusig2Nonces(psbt2);
+                }
+                else {
+                    const psbt2 = BitGoPsbt_js_1.BitGoPsbt.fromBytes(bytes, this.network);
+                    psbt2.generateMusig2Nonces(bitgoKey);
+                    psbt.combineMusig2Nonces(psbt2);
+                }
+            }
+        }
+        // Sign all wallet inputs with user key (bulk - more efficient)
+        psbt.sign(userKey);
+        // Sign replay protection inputs with raw private key
+        const hasReplayProtection = this.inputs.some((input) => input.scriptType === "p2shP2pk");
+        if (hasReplayProtection) {
+            if (!userKey.privateKey) {
+                throw new Error("User key must have private key for signing replay protection inputs");
+            }
+            psbt.sign(userKey.privateKey);
+        }
+        // For fullsigned, sign with cosigner
+        if (this.signStage === "fullsigned") {
+            const hasScriptPath = this.inputs.some((input) => input.scriptType === "p2trMusig2ScriptPath");
+            if (hasScriptPath) {
+                // Mixed case: script path uses backup, others use bitgo
+                // Need per-input signing (slow) to handle different cosigners
+                this.inputs.forEach((input, index) => {
+                    if (input.scriptType === "p2shP2pk") {
+                        // Replay protection is single-sig, already fully signed
+                        return;
+                    }
+                    if (input.scriptType === "p2trMusig2ScriptPath") {
+                        psbt.signInput(index, backupKey);
+                    }
+                    else {
+                        psbt.signInput(index, bitgoKey);
+                    }
+                });
+            }
+            else {
+                // No script path - can use bulk signing with bitgo (fast)
+                psbt.sign(bitgoKey);
+            }
+        }
+    }
+    /**
+     * Generate test suite for all networks, sign stages, and tx formats
+     */
+    static forAllNetworksSignStagesTxFormats(suiteConfig = {}) {
+        return coinName_js_1.coinNames
+            .filter((network) => (0, coinName_js_1.isMainnet)(network) && network !== "bsv") // Exclude bitcoinsv
+            .flatMap((network) => exports.signStages.flatMap((signStage) => exports.txFormats.map((txFormat) => AcidTest.withConfig(network, signStage, txFormat, suiteConfig))));
+    }
+}
+exports.AcidTest = AcidTest;

package/dist/cjs/js/testutils/index.d.ts

@@ -0,0 +1,2 @@
+export * from "./keys.js";
+export * from "./AcidTest.js";

package/dist/cjs/js/testutils/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./keys.js"), exports);
+__exportStar(require("./AcidTest.js"), exports);

package/dist/cjs/js/testutils/keys.d.ts

@@ -0,0 +1,76 @@
+import { BIP32 } from "../bip32.js";
+import { RootWalletKeys } from "../fixedScriptWallet/RootWalletKeys.js";
+import type { Triple } from "../triple.js";
+/**
+ * Generate a deterministic BIP32 key from a seed string.
+ * Uses SHA256 hash of the seed to create the key, matching utxo-lib's implementation.
+ *
+ * @param seed - Seed string for deterministic key generation
+ * @returns BIP32 key derived from the seed
+ *
+ * @example
+ * ```typescript
+ * const key = getKey("user");
+ * const xpub = key.neutered().toBase58();
+ * ```
+ */
+export declare function getKey(seed: string): BIP32;
+/**
+ * Generate a triple of BIP32 keys for a 2-of-3 multisig wallet.
+ * Keys are generated deterministically from the seed string with suffixes .0, .1, .2
+ * for user, backup, and bitgo keys respectively.
+ *
+ * @param seed - Base seed string for key generation
+ * @returns Triple of BIP32 keys [user, backup, bitgo]
+ *
+ * @example
+ * ```typescript
+ * const keys = getKeyTriple("default");
+ * const [user, backup, bitgo] = keys;
+ * ```
+ */
+export declare function getKeyTriple(seed: string): Triple<BIP32>;
+/**
+ * Create RootWalletKeys from a seed string.
+ * Uses standard derivation prefixes ["m/0/0", "m/0/0", "m/0/0"].
+ *
+ * @param seed - Seed string for key generation
+ * @returns RootWalletKeys instance
+ *
+ * @example
+ * ```typescript
+ * const walletKeys = getWalletKeysForSeed("default");
+ * ```
+ */
+export declare function getWalletKeysForSeed(seed: string): RootWalletKeys;
+/**
+ * Get the default wallet keys for testing.
+ * Equivalent to getWalletKeysForSeed("default").
+ *
+ * @returns RootWalletKeys instance with default seed
+ *
+ * @example
+ * ```typescript
+ * const walletKeys = getDefaultWalletKeys();
+ * ```
+ */
+export declare function getDefaultWalletKeys(): RootWalletKeys;
+/**
+ * Get the key name (user, backup, or bitgo) for a given key in a triple.
+ *
+ * @param triple - Triple of BIP32 keys
+ * @param key - Key to find in the triple
+ * @returns "user", "backup", "bitgo", or undefined if not found
+ */
+export declare function getKeyName(triple: Triple<BIP32>, key: BIP32): "user" | "backup" | "bitgo" | undefined;
+/**
+ * Get the default cosigner for a given signer key.
+ * - If signer is user, returns bitgo
+ * - If signer is backup, returns bitgo
+ * - If signer is bitgo, returns user
+ *
+ * @param keyset - Triple of keys [user, backup, bitgo]
+ * @param signer - The signing key
+ * @returns The default cosigner key
+ */
+export declare function getDefaultCosigner<T>(keyset: Triple<T>, signer: T): T;

package/dist/cjs/js/testutils/keys.js

@@ -0,0 +1,154 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getKey = getKey;
+exports.getKeyTriple = getKeyTriple;
+exports.getWalletKeysForSeed = getWalletKeysForSeed;
+exports.getDefaultWalletKeys = getDefaultWalletKeys;
+exports.getKeyName = getKeyName;
+exports.getDefaultCosigner = getDefaultCosigner;
+const crypto = __importStar(require("crypto"));
+const bip32_js_1 = require("../bip32.js");
+const RootWalletKeys_js_1 = require("../fixedScriptWallet/RootWalletKeys.js");
+/**
+ * Generate a deterministic BIP32 key from a seed string.
+ * Uses SHA256 hash of the seed to create the key, matching utxo-lib's implementation.
+ *
+ * @param seed - Seed string for deterministic key generation
+ * @returns BIP32 key derived from the seed
+ *
+ * @example
+ * ```typescript
+ * const key = getKey("user");
+ * const xpub = key.neutered().toBase58();
+ * ```
+ */
+function getKey(seed) {
+    return bip32_js_1.BIP32.fromSeed(crypto.createHash("sha256").update(seed).digest());
+}
+/**
+ * Generate a triple of BIP32 keys for a 2-of-3 multisig wallet.
+ * Keys are generated deterministically from the seed string with suffixes .0, .1, .2
+ * for user, backup, and bitgo keys respectively.
+ *
+ * @param seed - Base seed string for key generation
+ * @returns Triple of BIP32 keys [user, backup, bitgo]
+ *
+ * @example
+ * ```typescript
+ * const keys = getKeyTriple("default");
+ * const [user, backup, bitgo] = keys;
+ * ```
+ */
+function getKeyTriple(seed) {
+    return [getKey(seed + ".0"), getKey(seed + ".1"), getKey(seed + ".2")];
+}
+/**
+ * Create RootWalletKeys from a seed string.
+ * Uses standard derivation prefixes ["m/0/0", "m/0/0", "m/0/0"].
+ *
+ * @param seed - Seed string for key generation
+ * @returns RootWalletKeys instance
+ *
+ * @example
+ * ```typescript
+ * const walletKeys = getWalletKeysForSeed("default");
+ * ```
+ */
+function getWalletKeysForSeed(seed) {
+    const triple = getKeyTriple(seed);
+    return RootWalletKeys_js_1.RootWalletKeys.from({
+        triple,
+        derivationPrefixes: ["m/0/0", "m/0/0", "m/0/0"],
+    });
+}
+/**
+ * Get the default wallet keys for testing.
+ * Equivalent to getWalletKeysForSeed("default").
+ *
+ * @returns RootWalletKeys instance with default seed
+ *
+ * @example
+ * ```typescript
+ * const walletKeys = getDefaultWalletKeys();
+ * ```
+ */
+function getDefaultWalletKeys() {
+    return getWalletKeysForSeed("default");
+}
+/**
+ * Get the key name (user, backup, or bitgo) for a given key in a triple.
+ *
+ * @param triple - Triple of BIP32 keys
+ * @param key - Key to find in the triple
+ * @returns "user", "backup", "bitgo", or undefined if not found
+ */
+function getKeyName(triple, key) {
+    const index = triple.findIndex((k) => {
+        const kb58 = k.toBase58();
+        const keyb58 = key.toBase58();
+        return kb58 === keyb58;
+    });
+    if (index === 0)
+        return "user";
+    if (index === 1)
+        return "backup";
+    if (index === 2)
+        return "bitgo";
+    return undefined;
+}
+/**
+ * Get the default cosigner for a given signer key.
+ * - If signer is user, returns bitgo
+ * - If signer is backup, returns bitgo
+ * - If signer is bitgo, returns user
+ *
+ * @param keyset - Triple of keys [user, backup, bitgo]
+ * @param signer - The signing key
+ * @returns The default cosigner key
+ */
+function getDefaultCosigner(keyset, signer) {
+    const [user, backup, bitgo] = keyset;
+    if (signer === user) {
+        return bitgo;
+    }
+    if (signer === backup) {
+        return bitgo;
+    }
+    if (signer === bitgo) {
+        return user;
+    }
+    throw new Error("signer not in keyset");
+}