@bitgo/wasm-utxo 1.4.0 → 1.5.0

package/dist/esm/test/descriptorUtil.js

@@ -0,0 +1,52 @@
+import * as assert from "node:assert";
+import * as fs from "fs/promises";
+import * as utxolib from "@bitgo/utxo-lib";
+import { formatNode } from "../js/ast/index.js";
+async function assertEqualJSON(path, value) {
+    try {
+        const data = JSON.parse(await fs.readFile(path, "utf8"));
+        assert.deepStrictEqual(data, value);
+    }
+    catch (e) {
+        if (e.code === "ENOENT") {
+            await fs.writeFile(path, JSON.stringify(value, null, 2));
+            throw new Error("Expected file not found, wrote it instead");
+        }
+        throw e;
+    }
+}
+export async function assertEqualFixture(path, content) {
+    await assertEqualJSON(path, content);
+}
+/** Expand a template with the given root wallet keys and chain code */
+function expand(rootWalletKeys, keyIndex, chainCode) {
+    if (keyIndex !== 0 && keyIndex !== 1 && keyIndex !== 2) {
+        throw new Error("Invalid key index");
+    }
+    const xpub = rootWalletKeys.triple[keyIndex].neutered().toBase58();
+    const prefix = rootWalletKeys.derivationPrefixes[keyIndex];
+    return xpub + "/" + prefix + "/" + chainCode + "/*";
+}
+/**
+ * Get a standard output descriptor that corresponds to the proprietary HD wallet setup
+ * used in BitGo wallets.
+ * Only supports a subset of script types.
+ */
+export function getDescriptorForScriptType(rootWalletKeys, scriptType, scope) {
+    const chain = scope === "external"
+        ? utxolib.bitgo.getExternalChainCode(scriptType)
+        : utxolib.bitgo.getInternalChainCode(scriptType);
+    const multi = {
+        multi: [2, ...rootWalletKeys.triple.map((_, i) => expand(rootWalletKeys, i, chain))],
+    };
+    switch (scriptType) {
+        case "p2sh":
+            return formatNode({ sh: multi });
+        case "p2shP2wsh":
+            return formatNode({ sh: { wsh: multi } });
+        case "p2wsh":
+            return formatNode({ wsh: multi });
+        default:
+            throw new Error(`Unsupported script type ${scriptType}`);
+    }
+}

package/dist/esm/test/fixedScript/address.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/esm/test/fixedScript/address.js

@@ -0,0 +1,64 @@
+import assert from "node:assert";
+import * as utxolib from "@bitgo/utxo-lib";
+import { fixedScriptWallet } from "../../js/index.js";
+function getAddressUtxoLib(keys, chain, index, network, addressFormat) {
+    if (!utxolib.bitgo.isChainCode(chain)) {
+        throw new Error(`Invalid chain code: ${chain}`);
+    }
+    const derived = keys.deriveForChainAndIndex(chain, index);
+    const script = utxolib.bitgo.outputScripts.createOutputScript2of3(derived.publicKeys, utxolib.bitgo.outputScripts.scriptTypeForChain(chain));
+    const address = utxolib.addressFormat.fromOutputScriptWithFormat(script.scriptPubKey, addressFormat, network);
+    return address;
+}
+function runTest(network, { derivationPrefixes, addressFormat, } = {}) {
+    describe(`address for network ${utxolib.getNetworkName(network)}, derivationPrefixes=${Boolean(derivationPrefixes)}`, function () {
+        const keyTriple = utxolib.testutil.getKeyTriple("wasm");
+        const rootWalletKeys = new utxolib.bitgo.RootWalletKeys(keyTriple.map((k) => k.neutered()), derivationPrefixes);
+        const supportedChainCodes = utxolib.bitgo.chainCodes.filter((chainCode) => {
+            const scriptType = utxolib.bitgo.outputScripts.scriptTypeForChain(chainCode);
+            return utxolib.bitgo.outputScripts.isSupportedScriptType(network, scriptType);
+        });
+        it(`can recreate address from wallet keys for chain codes ${supportedChainCodes.join(", ")}`, function () {
+            for (const chainCode of supportedChainCodes) {
+                for (let index = 0; index < 2; index++) {
+                    const utxolibAddress = getAddressUtxoLib(rootWalletKeys, chainCode, index, network, addressFormat ?? "default");
+                    const wasmAddress = fixedScriptWallet.address(rootWalletKeys, chainCode, index, network, addressFormat);
+                    assert.strictEqual(utxolibAddress, wasmAddress);
+                }
+            }
+        });
+        const unsupportedChainCodes = utxolib.bitgo.chainCodes.filter((chainCode) => {
+            const scriptType = utxolib.bitgo.outputScripts.scriptTypeForChain(chainCode);
+            return !utxolib.bitgo.outputScripts.isSupportedScriptType(network, scriptType);
+        });
+        if (unsupportedChainCodes.length > 0) {
+            it(`throws error for unsupported chain codes ${unsupportedChainCodes.join(", ")}`, function () {
+                for (const chainCode of unsupportedChainCodes) {
+                    const scriptType = utxolib.bitgo.outputScripts.scriptTypeForChain(chainCode);
+                    assert.throws(() => {
+                        fixedScriptWallet.address(rootWalletKeys, chainCode, 0, network, addressFormat);
+                    }, (error) => {
+                        const errorMessage = error.message.toLowerCase();
+                        const isSegwitError = scriptType === "p2shP2wsh" || scriptType === "p2wsh";
+                        const isTaprootError = scriptType === "p2tr" || scriptType === "p2trMusig2";
+                        if (isSegwitError) {
+                            return errorMessage.includes("does not support segwit");
+                        }
+                        else if (isTaprootError) {
+                            return errorMessage.includes("does not support taproot");
+                        }
+                        return false;
+                    }, `Expected error for unsupported script type ${scriptType} on network ${utxolib.getNetworkName(network)}`);
+                }
+            });
+        }
+    });
+}
+utxolib.getNetworkList().forEach((network) => {
+    runTest(network);
+    runTest(network, { derivationPrefixes: ["m/1/2", "m/0/0", "m/0/0"] });
+    if (utxolib.getMainnet(network) === utxolib.networks.bitcoincash ||
+        utxolib.getMainnet(network) === utxolib.networks.ecash) {
+        runTest(network, { addressFormat: "cashaddr" });
+    }
+});

package/dist/esm/test/fixedScript/finalizeExtract.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/esm/test/fixedScript/finalizeExtract.js

@@ -0,0 +1,66 @@
+import assert from "node:assert";
+import * as utxolib from "@bitgo/utxo-lib";
+import { fixedScriptWallet } from "../../js/index.js";
+import { loadPsbtFixture, getPsbtBuffer, getExtractedTransactionHex, } from "./fixtureUtil.js";
+describe("finalize and extract transaction", function () {
+    const supportedNetworks = utxolib.getNetworkList().filter((network) => {
+        return (utxolib.isMainnet(network) &&
+            network !== utxolib.networks.bitcoincash &&
+            network !== utxolib.networks.bitcoingold &&
+            network !== utxolib.networks.bitcoinsv &&
+            network !== utxolib.networks.ecash &&
+            network !== utxolib.networks.zcash);
+    });
+    supportedNetworks.forEach((network) => {
+        const networkName = utxolib.getNetworkName(network);
+        describe(`network: ${networkName}`, function () {
+            let fullsignedFixture;
+            let fullsignedPsbtBuffer;
+            let fullsignedBitgoPsbt;
+            before(function () {
+                fullsignedFixture = loadPsbtFixture(networkName, "fullsigned");
+                fullsignedPsbtBuffer = getPsbtBuffer(fullsignedFixture);
+                fullsignedBitgoPsbt = fixedScriptWallet.BitGoPsbt.fromBytes(fullsignedPsbtBuffer, networkName);
+            });
+            it("should serialize and deserialize PSBT (round-trip)", function () {
+                const serialized = fullsignedBitgoPsbt.serialize();
+                // Verify we can deserialize what we serialized (functional round-trip)
+                const deserialized = fixedScriptWallet.BitGoPsbt.fromBytes(serialized, networkName);
+                // Verify the deserialized PSBT has the same unsigned txid
+                assert.strictEqual(deserialized.unsignedTxid(), fullsignedBitgoPsbt.unsignedTxid(), "Deserialized PSBT should have same unsigned txid after round-trip");
+                // Verify the re-deserialized PSBT can be serialized back to bytes
+                const reserialized = deserialized.serialize();
+                // Verify functional equivalence by deserializing again and checking txid
+                const redeserialized = fixedScriptWallet.BitGoPsbt.fromBytes(reserialized, networkName);
+                assert.strictEqual(redeserialized.unsignedTxid(), fullsignedBitgoPsbt.unsignedTxid(), "PSBT should maintain consistency through multiple serialize/deserialize cycles");
+            });
+            it("should finalize all inputs and be extractable", function () {
+                // Create a fresh instance for finalization
+                const psbt = fixedScriptWallet.BitGoPsbt.fromBytes(fullsignedPsbtBuffer, networkName);
+                // Finalize all inputs
+                psbt.finalizeAllInputs();
+                // Serialize the finalized PSBT
+                const serialized = psbt.serialize();
+                // Verify we can deserialize the finalized PSBT
+                const deserialized = fixedScriptWallet.BitGoPsbt.fromBytes(serialized, networkName);
+                // Verify it can be extracted (which confirms finalization worked)
+                const extractedTx = deserialized.extractTransaction();
+                const extractedTxHex = Buffer.from(extractedTx).toString("hex");
+                const expectedTxHex = getExtractedTransactionHex(fullsignedFixture);
+                assert.strictEqual(extractedTxHex, expectedTxHex, "Extracted transaction from finalized PSBT should match expected transaction");
+            });
+            it("should extract transaction from finalized PSBT", function () {
+                // Create a fresh instance for extraction
+                const psbt = fixedScriptWallet.BitGoPsbt.fromBytes(fullsignedPsbtBuffer, networkName);
+                // Finalize all inputs
+                psbt.finalizeAllInputs();
+                // Extract transaction
+                const extractedTx = psbt.extractTransaction();
+                const extractedTxHex = Buffer.from(extractedTx).toString("hex");
+                // Get expected transaction hex from fixture
+                const expectedTxHex = getExtractedTransactionHex(fullsignedFixture);
+                assert.strictEqual(extractedTxHex, expectedTxHex, "Extracted transaction should match expected transaction");
+            });
+        });
+    });
+});

package/dist/esm/test/fixedScript/fixtureUtil.d.ts

@@ -0,0 +1,93 @@
+import * as utxolib from "@bitgo/utxo-lib";
+export type SignatureState = "unsigned" | "halfsigned" | "fullsigned";
+export type Triple<T> = [T, T, T];
+export type Bip32Derivation = {
+    masterFingerprint: string;
+    pubkey: string;
+    path: string;
+};
+export type TapBip32Derivation = Bip32Derivation & {
+    leafHashes: string[];
+};
+export type WitnessUtxo = {
+    value: string;
+    script: string;
+};
+export type TapLeafScript = {
+    controlBlock: string;
+    script: string;
+    leafVersion: number;
+};
+export type PsbtInput = {
+    type: string;
+    sighashType: number;
+    redeemScript?: string;
+    witnessScript?: string;
+    bip32Derivation?: Bip32Derivation[];
+    tapBip32Derivation?: TapBip32Derivation[];
+    witnessUtxo?: WitnessUtxo;
+    tapLeafScript?: TapLeafScript[];
+    tapInternalKey?: string;
+    tapMerkleRoot?: string;
+    musig2Participants?: {
+        tapOutputKey: string;
+        tapInternalKey: string;
+        participantPubKeys: string[];
+    };
+    unknownKeyVals?: Array<{
+        key: string;
+        value: string;
+    }>;
+};
+export type Input = {
+    hash: string;
+    index: number;
+    sequence: number;
+};
+export type Output = {
+    script: string;
+    value: string;
+    address?: string;
+};
+export type TapTreeLeaf = {
+    depth: number;
+    leafVersion: number;
+    script: string;
+};
+export type PsbtOutput = {
+    redeemScript?: string;
+    witnessScript?: string;
+    bip32Derivation?: Bip32Derivation[];
+    tapBip32Derivation?: TapBip32Derivation[];
+    tapInternalKey?: string;
+    tapTree?: {
+        leaves: TapTreeLeaf[];
+    };
+};
+export type Fixture = {
+    walletKeys: [string, string, string];
+    psbtBase64: string;
+    psbtBase64Finalized: string | null;
+    inputs: Input[];
+    psbtInputs: PsbtInput[];
+    psbtInputsFinalized: PsbtInput[] | null;
+    outputs: Output[];
+    psbtOutputs: PsbtOutput[];
+    extractedTransaction: any | null;
+};
+/**
+ * Get PSBT buffer from a fixture
+ */
+export declare function getPsbtBuffer(fixture: Fixture): Buffer;
+/**
+ * Load a PSBT fixture from JSON file
+ */
+export declare function loadPsbtFixture(network: string, signatureState: string): Fixture;
+/**
+ * Load wallet keys from fixture
+ */
+export declare function loadWalletKeysFromFixture(network: string): utxolib.bitgo.RootWalletKeys;
+/**
+ * Get extracted transaction hex from fixture
+ */
+export declare function getExtractedTransactionHex(fixture: Fixture): string;

package/dist/esm/test/fixedScript/fixtureUtil.js

@@ -0,0 +1,44 @@
+import * as fs from "node:fs";
+import * as path from "node:path";
+import { fileURLToPath } from "node:url";
+import { dirname } from "node:path";
+import * as utxolib from "@bitgo/utxo-lib";
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+/**
+ * Get PSBT buffer from a fixture
+ */
+export function getPsbtBuffer(fixture) {
+    return Buffer.from(fixture.psbtBase64, "base64");
+}
+/**
+ * Load a PSBT fixture from JSON file
+ */
+export function loadPsbtFixture(network, signatureState) {
+    const fixturePath = path.join(__dirname, "..", "fixtures", "fixed-script", `psbt-lite.${network}.${signatureState}.json`);
+    const fixtureContent = fs.readFileSync(fixturePath, "utf-8");
+    return JSON.parse(fixtureContent);
+}
+/**
+ * Load wallet keys from fixture
+ */
+export function loadWalletKeysFromFixture(network) {
+    const fixturePath = path.join(__dirname, "..", "fixtures", "fixed-script", `psbt-lite.${network}.fullsigned.json`);
+    const fixtureContent = fs.readFileSync(fixturePath, "utf-8");
+    const fixture = JSON.parse(fixtureContent);
+    // Parse xprvs and convert to xpubs
+    const xpubs = fixture.walletKeys.map((xprv) => {
+        const key = utxolib.bip32.fromBase58(xprv);
+        return key.neutered();
+    });
+    return new utxolib.bitgo.RootWalletKeys(xpubs);
+}
+/**
+ * Get extracted transaction hex from fixture
+ */
+export function getExtractedTransactionHex(fixture) {
+    if (fixture.extractedTransaction === null) {
+        throw new Error("Fixture does not have an extracted transaction");
+    }
+    return fixture.extractedTransaction;
+}

package/dist/esm/test/fixedScript/parseTransactionWithWalletKeys.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/esm/test/fixedScript/parseTransactionWithWalletKeys.js

@@ -0,0 +1,140 @@
+import assert from "node:assert";
+import * as utxolib from "@bitgo/utxo-lib";
+import { fixedScriptWallet } from "../../js/index.js";
+import { loadPsbtFixture, loadWalletKeysFromFixture, getPsbtBuffer } from "./fixtureUtil.js";
+function getOtherWalletKeys() {
+    const otherWalletKeys = utxolib.testutil.getKeyTriple("too many secrets");
+    return new utxolib.bitgo.RootWalletKeys(otherWalletKeys);
+}
+describe("parseTransactionWithWalletKeys", function () {
+    // Replay protection script that matches Rust tests
+    const replayProtectionScript = Buffer.from("a91420b37094d82a513451ff0ccd9db23aba05bc5ef387", "hex");
+    const supportedNetworks = utxolib.getNetworkList().filter((network) => {
+        return (utxolib.isMainnet(network) &&
+            network !== utxolib.networks.bitcoincash &&
+            network !== utxolib.networks.bitcoingold &&
+            network !== utxolib.networks.bitcoinsv &&
+            network !== utxolib.networks.ecash &&
+            network !== utxolib.networks.zcash);
+    });
+    function hasReplayProtection(network) {
+        const mainnet = utxolib.getMainnet(network);
+        return mainnet === utxolib.networks.bitcoincash;
+    }
+    supportedNetworks.forEach((network) => {
+        const networkName = utxolib.getNetworkName(network);
+        describe(`network: ${networkName}`, function () {
+            let fullsignedPsbtBytes;
+            let bitgoPsbt;
+            let rootWalletKeys;
+            before(function () {
+                fullsignedPsbtBytes = getPsbtBuffer(loadPsbtFixture(networkName, "fullsigned"));
+                bitgoPsbt = fixedScriptWallet.BitGoPsbt.fromBytes(fullsignedPsbtBytes, networkName);
+                rootWalletKeys = loadWalletKeysFromFixture(networkName);
+            });
+            it("should have matching unsigned transaction ID", function () {
+                const unsignedTxid = bitgoPsbt.unsignedTxid();
+                const expectedUnsignedTxid = utxolib.bitgo
+                    .createPsbtFromBuffer(fullsignedPsbtBytes, network)
+                    .getUnsignedTx()
+                    .getId();
+                assert.strictEqual(unsignedTxid, expectedUnsignedTxid);
+            });
+            it("should parse transaction and identify internal/external outputs", function () {
+                const parsed = bitgoPsbt.parseTransactionWithWalletKeys(rootWalletKeys, {
+                    outputScripts: [replayProtectionScript],
+                });
+                // Verify all inputs have addresses and values
+                parsed.inputs.forEach((input, i) => {
+                    assert.ok(input.address, `Input ${i} should have an address`);
+                    assert.ok(typeof input.value === "bigint", `Input ${i} value should be bigint`);
+                    assert.ok(input.value > 0n, `Input ${i} value should be > 0`);
+                });
+                // Validate outputs
+                assert.ok(parsed.outputs.length > 0, "Should have at least one output");
+                // Count internal outputs (scriptId is defined and not null)
+                const internalOutputs = parsed.outputs.filter((o) => o.scriptId);
+                // Count external outputs (scriptId is null or undefined)
+                const externalOutputs = parsed.outputs.filter((o) => o.scriptId === null);
+                assert.ok(externalOutputs.every((o) => o.address || o.script));
+                const nonAddressOutputs = externalOutputs.filter((o) => o.address === null);
+                assert.strictEqual(nonAddressOutputs.length, 1);
+                const [opReturnOutput] = nonAddressOutputs;
+                const expectedOpReturn = utxolib.payments.embed({
+                    data: [Buffer.from("setec astronomy")],
+                }).output;
+                assert.strictEqual(Buffer.from(opReturnOutput.script).toString("hex"), expectedOpReturn.toString("hex"));
+                // Fixtures now have 3 external outputs
+                assert.ok(internalOutputs.length > 0, "Should have internal outputs (have scriptId)");
+                assert.strictEqual(externalOutputs.length, 3, "Should have 3 external outputs in test fixture");
+                // Verify all outputs have proper structure
+                parsed.outputs.forEach((output, i) => {
+                    assert.ok(output.script instanceof Uint8Array, `Output ${i} script should be Uint8Array`);
+                    assert.ok(typeof output.value === "bigint", `Output ${i} value should be bigint`);
+                    assert.ok(output.value > 0n, `Output ${i} value should be > 0`);
+                    // Address is optional for non-standard scripts
+                });
+                // Verify spend amount (should be > 0 since there are external outputs)
+                assert.strictEqual(parsed.spendAmount, 900n * 3n);
+                // Verify miner fee calculation
+                const totalInputValue = parsed.inputs.reduce((sum, i) => sum + i.value, 0n);
+                const totalOutputValue = parsed.outputs.reduce((sum, o) => sum + o.value, 0n);
+                assert.strictEqual(parsed.minerFee, totalInputValue - totalOutputValue, "Miner fee should equal inputs minus outputs");
+                assert.ok(parsed.minerFee > 0n, "Miner fee should be > 0");
+                // Verify virtual size
+                assert.ok(typeof parsed.virtualSize === "number", "Virtual size should be a number");
+                assert.ok(parsed.virtualSize > 0, "Virtual size should be > 0");
+            });
+            it("should fail to parse with other wallet keys", function () {
+                assert.throws(() => {
+                    bitgoPsbt.parseTransactionWithWalletKeys(getOtherWalletKeys(), {
+                        outputScripts: [replayProtectionScript],
+                    });
+                }, (error) => {
+                    return error.message.includes("Failed to parse transaction: Input 0: wallet validation failed");
+                });
+            });
+            it("should recognize output for other wallet keys", function () {
+                const parsedOutputs = bitgoPsbt.parseOutputsWithWalletKeys(getOtherWalletKeys());
+                // Should return an array of parsed outputs
+                assert.ok(Array.isArray(parsedOutputs), "Should return an array");
+                assert.ok(parsedOutputs.length > 0, "Should have at least one output");
+                // Verify all outputs have proper structure
+                parsedOutputs.forEach((output, i) => {
+                    assert.ok(output.script instanceof Uint8Array, `Output ${i} script should be Uint8Array`);
+                    assert.ok(typeof output.value === "bigint", `Output ${i} value should be bigint`);
+                    assert.ok(output.value > 0n, `Output ${i} value should be > 0`);
+                    // Address can be null for non-standard scripts
+                    assert.ok(typeof output.address === "string" || output.address === null, `Output ${i} address should be string or null`);
+                    // scriptId can be null for external outputs
+                    assert.ok(output.scriptId === null ||
+                        (typeof output.scriptId === "object" &&
+                            typeof output.scriptId.chain === "number" &&
+                            typeof output.scriptId.index === "number"), `Output ${i} scriptId should be null or an object with chain and index`);
+                });
+                // Compare with the original wallet keys to verify we get different results
+                const originalParsedOutputs = bitgoPsbt.parseOutputsWithWalletKeys(rootWalletKeys);
+                // Should have the same number of outputs
+                assert.strictEqual(parsedOutputs.length, originalParsedOutputs.length, "Should parse the same number of outputs");
+                // Find outputs that belong to the other wallet keys (scriptId !== null)
+                const otherWalletOutputs = parsedOutputs.filter((o) => o.scriptId !== null);
+                // Should have exactly one output for the other wallet keys
+                assert.strictEqual(otherWalletOutputs.length, 1, "Should have exactly one output belonging to the other wallet keys");
+                // Verify that this output is marked as external (scriptId === null) under regular wallet keys
+                const otherWalletOutputIndex = parsedOutputs.findIndex((o) => o.scriptId !== null);
+                const sameOutputWithRegularKeys = originalParsedOutputs[otherWalletOutputIndex];
+                assert.strictEqual(sameOutputWithRegularKeys.scriptId, null, "The output belonging to other wallet keys should be marked as external (scriptId === null) when parsed with regular wallet keys");
+            });
+        });
+    });
+    describe("error handling", function () {
+        it("should throw error for invalid PSBT bytes", function () {
+            const invalidBytes = new Uint8Array([0x00, 0x01, 0x02]);
+            assert.throws(() => {
+                fixedScriptWallet.BitGoPsbt.fromBytes(invalidBytes, "bitcoin");
+            }, (error) => {
+                return error.message.includes("Failed to deserialize PSBT");
+            }, "Should throw error for invalid PSBT bytes");
+        });
+    });
+});

package/dist/esm/test/fixedScript/verifySignature.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/esm/test/fixedScript/verifySignature.js

@@ -0,0 +1,141 @@
+import assert from "node:assert";
+import * as utxolib from "@bitgo/utxo-lib";
+import { fixedScriptWallet } from "../../js/index.js";
+import { loadPsbtFixture, loadWalletKeysFromFixture, getPsbtBuffer, } from "./fixtureUtil.js";
+/**
+ * Get expected signature state for an input based on type and signing stage
+ * @param inputType - The type of input (e.g., "p2shP2pk", "p2trMusig2")
+ * @param signatureStage - The signing stage (unsigned, halfsigned, fullsigned)
+ * @returns Expected signature state for replay protection OR multi-key signatures
+ */
+function getExpectedSignatures(inputType, signatureStage) {
+    // p2shP2pk inputs use replay protection signature verification
+    if (inputType === "p2shP2pk") {
+        return {
+            hasReplayProtectionSignature: signatureStage === "halfsigned" || signatureStage === "fullsigned",
+        };
+    }
+    switch (signatureStage) {
+        case "unsigned":
+            return { user: false, backup: false, bitgo: false };
+        case "halfsigned":
+            // User signs first
+            return { user: true, backup: false, bitgo: false };
+        case "fullsigned":
+            // p2trMusig2 uses user + backup for 2-of-2 MuSig2
+            if (inputType === "p2trMusig2") {
+                return { user: true, backup: true, bitgo: false };
+            }
+            // Regular multisig uses user + bitgo
+            return { user: true, backup: false, bitgo: true };
+        default:
+            throw new Error(`Unknown signature stage: ${signatureStage}`);
+    }
+}
+/**
+ * Verify signature state for a specific input in a PSBT
+ * @param bitgoPsbt - The PSBT to verify
+ * @param rootWalletKeys - Wallet keys for verification
+ * @param inputIndex - The input index to verify
+ * @param inputType - The type of input (for replay protection handling)
+ * @param expectedSignatures - Expected signature state for each key or replay protection
+ */
+function verifyInputSignatures(bitgoPsbt, rootWalletKeys, inputIndex, expectedSignatures) {
+    // Handle replay protection inputs (P2shP2pk)
+    if ("hasReplayProtectionSignature" in expectedSignatures) {
+        const replayProtectionScript = Buffer.from("a91420b37094d82a513451ff0ccd9db23aba05bc5ef387", "hex");
+        const hasReplaySig = bitgoPsbt.verifyReplayProtectionSignature(inputIndex, {
+            outputScripts: [replayProtectionScript],
+        });
+        assert.strictEqual(hasReplaySig, expectedSignatures.hasReplayProtectionSignature, `Input ${inputIndex} replay protection signature mismatch`);
+        return;
+    }
+    // Handle standard multisig inputs
+    const xpubs = rootWalletKeys.triple;
+    const hasUserSig = bitgoPsbt.verifySignature(inputIndex, xpubs[0].toBase58());
+    const hasBackupSig = bitgoPsbt.verifySignature(inputIndex, xpubs[1].toBase58());
+    const hasBitGoSig = bitgoPsbt.verifySignature(inputIndex, xpubs[2].toBase58());
+    assert.strictEqual(hasUserSig, expectedSignatures.user, `Input ${inputIndex} user key signature mismatch`);
+    assert.strictEqual(hasBackupSig, expectedSignatures.backup, `Input ${inputIndex} backup key signature mismatch`);
+    assert.strictEqual(hasBitGoSig, expectedSignatures.bitgo, `Input ${inputIndex} BitGo key signature mismatch`);
+}
+describe("verifySignature", function () {
+    const supportedNetworks = utxolib.getNetworkList().filter((network) => {
+        return (utxolib.isMainnet(network) &&
+            network !== utxolib.networks.bitcoincash &&
+            network !== utxolib.networks.bitcoingold &&
+            network !== utxolib.networks.bitcoinsv &&
+            network !== utxolib.networks.ecash &&
+            network !== utxolib.networks.zcash);
+    });
+    supportedNetworks.forEach((network) => {
+        const networkName = utxolib.getNetworkName(network);
+        describe(`network: ${networkName}`, function () {
+            let rootWalletKeys;
+            let unsignedFixture;
+            let halfsignedFixture;
+            let fullsignedFixture;
+            let unsignedBitgoPsbt;
+            let halfsignedBitgoPsbt;
+            let fullsignedBitgoPsbt;
+            before(function () {
+                rootWalletKeys = loadWalletKeysFromFixture(networkName);
+                unsignedFixture = loadPsbtFixture(networkName, "unsigned");
+                halfsignedFixture = loadPsbtFixture(networkName, "halfsigned");
+                fullsignedFixture = loadPsbtFixture(networkName, "fullsigned");
+                unsignedBitgoPsbt = fixedScriptWallet.BitGoPsbt.fromBytes(getPsbtBuffer(unsignedFixture), networkName);
+                halfsignedBitgoPsbt = fixedScriptWallet.BitGoPsbt.fromBytes(getPsbtBuffer(halfsignedFixture), networkName);
+                fullsignedBitgoPsbt = fixedScriptWallet.BitGoPsbt.fromBytes(getPsbtBuffer(fullsignedFixture), networkName);
+            });
+            describe("unsigned PSBT", function () {
+                it("should return false for unsigned inputs", function () {
+                    // Verify all xpubs return false for all inputs
+                    unsignedFixture.psbtInputs.forEach((input, index) => {
+                        verifyInputSignatures(unsignedBitgoPsbt, rootWalletKeys, index, getExpectedSignatures(input.type, "unsigned"));
+                    });
+                });
+            });
+            describe("half-signed PSBT", function () {
+                it("should return true for signed xpubs and false for unsigned", function () {
+                    halfsignedFixture.psbtInputs.forEach((input, index) => {
+                        verifyInputSignatures(halfsignedBitgoPsbt, rootWalletKeys, index, getExpectedSignatures(input.type, "halfsigned"));
+                    });
+                });
+            });
+            describe("fully signed PSBT", function () {
+                it("should have 2 signatures (2-of-3 multisig)", function () {
+                    // In fullsigned fixtures, verify 2 signatures exist per multisig input
+                    fullsignedFixture.psbtInputs.forEach((input, index) => {
+                        verifyInputSignatures(fullsignedBitgoPsbt, rootWalletKeys, index, getExpectedSignatures(input.type, "fullsigned"));
+                    });
+                });
+            });
+            describe("error handling", function () {
+                it("should throw error for out of bounds input index", function () {
+                    const xpubs = rootWalletKeys.triple;
+                    assert.throws(() => {
+                        fullsignedBitgoPsbt.verifySignature(999, xpubs[0].toBase58());
+                    }, (error) => {
+                        return error.message.includes("Input index 999 out of bounds");
+                    }, "Should throw error for out of bounds input index");
+                });
+                it("should throw error for invalid xpub", function () {
+                    assert.throws(() => {
+                        fullsignedBitgoPsbt.verifySignature(0, "invalid-xpub");
+                    }, (error) => {
+                        return error.message.includes("Invalid xpub");
+                    }, "Should throw error for invalid xpub");
+                });
+                it("should return false for xpub not in derivation path", function () {
+                    // Create a different xpub that's not in the wallet
+                    // Use a proper 32-byte seed (256 bits)
+                    const differentSeed = Buffer.alloc(32, 0xaa); // 32 bytes filled with 0xaa
+                    const differentKey = utxolib.bip32.fromSeed(differentSeed, network);
+                    const differentXpub = differentKey.neutered();
+                    const result = fullsignedBitgoPsbt.verifySignature(0, differentXpub.toBase58());
+                    assert.strictEqual(result, false, "Should return false for xpub not in PSBT derivation paths");
+                });
+            });
+        });
+    });
+});

package/dist/esm/test/fixedScriptToDescriptor.d.ts

@@ -0,0 +1 @@
+export {};