@bitgo/wasm-utxo 2.0.0 → 3.0.0

package/dist/cjs/js/testutils/AcidTest.js

@@ -4,6 +4,7 @@ exports.AcidTest = exports.outputScriptTypes = exports.inputScriptTypes = export
 const BitGoPsbt_js_1 = require("../fixedScriptWallet/BitGoPsbt.js");
 const ZcashBitGoPsbt_js_1 = require("../fixedScriptWallet/ZcashBitGoPsbt.js");
 const ecpair_js_1 = require("../ecpair.js");
+const transaction_js_1 = require("../transaction.js");
 const index_js_1 = require("../fixedScriptWallet/index.js");
 Object.defineProperty(exports, "inputScriptTypes", { enumerable: true, get: function () { return index_js_1.inputScriptTypes; } });
 Object.defineProperty(exports, "outputScriptTypes", { enumerable: true, get: function () { return index_js_1.outputScriptTypes; } });
@@ -11,6 +12,21 @@ const coinName_js_1 = require("../coinName.js");
 const keys_js_1 = require("./keys.js");
 exports.signStages = ["unsigned", "halfsigned", "fullsigned"];
 exports.txFormats = ["psbt", "psbt-lite"];
+/** Map InputScriptType to the OutputScriptType used for chain code derivation */
+function inputScriptTypeToOutputScriptType(scriptType) {
+    switch (scriptType) {
+        case "p2sh":
+        case "p2shP2wsh":
+        case "p2wsh":
+        case "p2trLegacy":
+            return scriptType;
+        case "p2shP2pk":
+            return "p2sh";
+        case "p2trMusig2ScriptPath":
+        case "p2trMusig2KeyPath":
+            return "p2trMusig2";
+    }
+}
 /**
  * Creates a valid PSBT with as many features as possible (kitchen sink).
  *
@@ -33,7 +49,7 @@ exports.txFormats = ["psbt", "psbt-lite"];
  * - psbt-lite: Only witness_utxo (no non_witness_utxo)
  */
 class AcidTest {
-    network;
+    coin;
     signStage;
     txFormat;
     rootWalletKeys;
@@ -44,8 +60,8 @@ class AcidTest {
     userXprv;
     backupXprv;
     bitgoXprv;
-    constructor(network, signStage, txFormat, rootWalletKeys, otherWalletKeys, inputs, outputs, xprvTriple) {
-        this.network = network;
+    constructor(coin, signStage, txFormat, rootWalletKeys, otherWalletKeys, inputs, outputs, xprvTriple) {
+        this.coin = coin;
         this.signStage = signStage;
         this.txFormat = txFormat;
         this.rootWalletKeys = rootWalletKeys;
@@ -59,7 +75,7 @@ class AcidTest {
     /**
      * Create an AcidTest with specific configuration
      */
-    static withConfig(network, signStage, txFormat, suiteConfig = {}) {
+    static withConfig(coin, signStage, txFormat, suiteConfig = {}) {
         const rootWalletKeys = (0, keys_js_1.getDefaultWalletKeys)();
         const otherWalletKeys = (0, keys_js_1.getWalletKeysForSeed)("too many secrets");
         // Filter inputs based on network support
@@ -70,9 +86,9 @@ class AcidTest {
                 return true;
             // Map input script types to output script types for support check
             if (scriptType === "p2trMusig2KeyPath" || scriptType === "p2trMusig2ScriptPath") {
-                return (0, index_js_1.supportsScriptType)(network, "p2trMusig2");
+                return (0, index_js_1.supportsScriptType)(coin, "p2trMusig2");
             }
-            return (0, index_js_1.supportsScriptType)(network, scriptType);
+            return (0, index_js_1.supportsScriptType)(coin, scriptType);
         })
             .filter((scriptType) => (suiteConfig.includeP2trMusig2ScriptPath ?? false) ||
             scriptType !== "p2trMusig2ScriptPath")
@@ -82,7 +98,7 @@ class AcidTest {
         }));
         // Filter outputs based on network support
         const outputs = index_js_1.outputScriptTypes
-            .filter((scriptType) => (0, index_js_1.supportsScriptType)(network, scriptType))
+            .filter((scriptType) => (0, index_js_1.supportsScriptType)(coin, scriptType))
             .map((scriptType, index) => ({
             scriptType,
             value: BigInt(900 + index * 100), // Deterministic amounts
@@ -95,13 +111,13 @@ class AcidTest {
         outputs.push({ opReturn: "setec astronomy", value: BigInt(0) });
         // Get private keys for signing
         const xprvTriple = (0, keys_js_1.getKeyTriple)("default");
-        return new AcidTest(network, signStage, txFormat, rootWalletKeys, otherWalletKeys, inputs, outputs, xprvTriple);
+        return new AcidTest(coin, signStage, txFormat, rootWalletKeys, otherWalletKeys, inputs, outputs, xprvTriple);
     }
     /**
      * Get a human-readable name for this test configuration
      */
     get name() {
-        return `${this.network} ${this.signStage} ${this.txFormat}`;
+        return `${this.coin} ${this.signStage} ${this.txFormat}`;
     }
     /**
      * Get the BIP32 user key for replay protection (p2shP2pk)
@@ -114,58 +130,55 @@ class AcidTest {
      */
     createPsbt() {
         // Use ZcashBitGoPsbt for Zcash networks
-        const isZcash = this.network === "zec" || this.network === "tzec";
+        const isZcash = this.coin === "zec" || this.coin === "tzec";
         const psbt = isZcash
-            ? ZcashBitGoPsbt_js_1.ZcashBitGoPsbt.createEmptyWithConsensusBranchId(this.network, this.rootWalletKeys, {
-                version: 2,
-                lockTime: 0,
-                consensusBranchId: 0xc2d6d0b4, // NU5
+            ? ZcashBitGoPsbt_js_1.ZcashBitGoPsbt.createEmpty(this.coin, this.rootWalletKeys, {
+                // Sapling activation height: mainnet=419200, testnet=280000
+                blockHeight: this.coin === "zec" ? 419200 : 280000,
             })
-            : BitGoPsbt_js_1.BitGoPsbt.createEmpty(this.network, this.rootWalletKeys, {
+            : BitGoPsbt_js_1.BitGoPsbt.createEmpty(this.coin, this.rootWalletKeys, {
                 version: 2,
                 lockTime: 0,
             });
+        // Build a fake previous transaction for non_witness_utxo (psbt format)
+        const usePrevTx = this.txFormat === "psbt" && !isZcash;
+        const buildPrevTx = (vout, script, value) => {
+            if (!usePrevTx)
+                return undefined;
+            const tx = transaction_js_1.Transaction.create();
+            tx.addInput("0".repeat(64), 0xffffffff);
+            for (let i = 0; i < vout; i++) {
+                tx.addOutput(new Uint8Array(0), 0n);
+            }
+            tx.addOutput(script, value);
+            return tx.toBytes();
+        };
         // Add inputs with deterministic outpoints
         this.inputs.forEach((input, index) => {
-            // Resolve scriptId: either from explicit scriptId or from scriptType + index
-            const scriptId = input.scriptId ?? {
-                chain: index_js_1.ChainCode.value("p2sh", "external"),
-                index: input.index ?? index,
-            };
             const walletKeys = input.walletKeys ?? this.rootWalletKeys;
-            // Get scriptType: either explicit or derive from scriptId chain
-            const scriptType = input.scriptType ?? index_js_1.ChainCode.scriptType((0, index_js_1.assertChainCode)(scriptId.chain));
-            if (scriptType === "p2shP2pk") {
-                // Add replay protection input
-                const replayKey = this.getReplayProtectionKey();
-                // Convert BIP32 to ECPair using public key
-                const ecpair = ecpair_js_1.ECPair.fromPublicKey(replayKey.publicKey);
-                psbt.addReplayProtectionInput({
-                    txid: "0".repeat(64),
-                    vout: index,
-                    value: input.value,
-                }, ecpair);
+            const outpoint = { txid: "0".repeat(64), vout: index, value: input.value };
+            // scriptId variant: caller provides explicit chain + index
+            if (input.scriptId) {
+                const script = (0, index_js_1.outputScript)(walletKeys, input.scriptId.chain, input.scriptId.index, this.coin);
+                psbt.addWalletInput({ ...outpoint, prevTx: buildPrevTx(index, script, input.value) }, walletKeys, { scriptId: input.scriptId, signPath: { signer: "user", cosigner: "bitgo" } });
+                return;
             }
-            else {
-                // Determine signing path based on input type
-                let signPath;
-                if (scriptType === "p2trMusig2ScriptPath") {
-                    // Script path uses user + backup
-                    signPath = { signer: "user", cosigner: "backup" };
-                }
-                else {
-                    // Default: user + bitgo
-                    signPath = { signer: "user", cosigner: "bitgo" };
-                }
-                psbt.addWalletInput({
-                    txid: "0".repeat(64),
-                    vout: index,
-                    value: input.value,
-                }, walletKeys, {
-                    scriptId,
-                    signPath,
-                });
+            const scriptType = input.scriptType ?? "p2sh";
+            if (scriptType === "p2shP2pk") {
+                const ecpair = ecpair_js_1.ECPair.fromPublicKey(this.getReplayProtectionKey().publicKey);
+                const script = (0, index_js_1.p2shP2pkOutputScript)(ecpair.publicKey);
+                psbt.addReplayProtectionInput({ ...outpoint, prevTx: buildPrevTx(index, script, input.value) }, ecpair);
+                return;
             }
+            const scriptId = {
+                chain: index_js_1.ChainCode.value(inputScriptTypeToOutputScriptType(scriptType), "external"),
+                index: input.index ?? index,
+            };
+            const signPath = scriptType === "p2trMusig2ScriptPath"
+                ? { signer: "user", cosigner: "backup" }
+                : { signer: "user", cosigner: "bitgo" };
+            const script = (0, index_js_1.outputScript)(walletKeys, scriptId.chain, scriptId.index, this.coin);
+            psbt.addWalletInput({ ...outpoint, prevTx: buildPrevTx(index, script, input.value) }, walletKeys, { scriptId, signPath });
         });
         // Add outputs
         this.outputs.forEach((output, index) => {
@@ -196,7 +209,7 @@ class AcidTest {
                         chain: scriptId.chain,
                         index: output.index ?? 1000 + index,
                     };
-                    const script = (0, index_js_1.outputScript)(this.rootWalletKeys, externalScriptId.chain, externalScriptId.index, this.network);
+                    const script = (0, index_js_1.outputScript)(this.rootWalletKeys, externalScriptId.chain, externalScriptId.index, this.coin);
                     psbt.addOutput(script, output.value);
                 }
                 else {
@@ -227,36 +240,22 @@ class AcidTest {
         // Generate MuSig2 nonces for user if needed
         const hasMusig2Inputs = this.inputs.some((input) => input.scriptType === "p2trMusig2KeyPath" || input.scriptType === "p2trMusig2ScriptPath");
         if (hasMusig2Inputs) {
-            const isZcash = this.network === "zec" || this.network === "tzec";
-            if (isZcash) {
+            if (this.coin === "zec" || this.coin === "tzec") {
                 throw new Error("Zcash does not support MuSig2/Taproot inputs");
             }
-            // Generate nonces with user key
+            // MuSig2 requires ALL participant nonces before ANY signing.
+            // Generate nonces directly on the same PSBT for each participant key.
             psbt.generateMusig2Nonces(userKey);
-            if (this.signStage === "fullsigned") {
-                // Create a second PSBT with cosigner nonces for combination
-                // For p2trMusig2ScriptPath use backup, for p2trMusig2KeyPath use bitgo
-                // Since we might have both types, we need to generate nonces separately
-                const bytes = psbt.serialize();
-                const hasKeyPath = this.inputs.some((input) => input.scriptType === "p2trMusig2KeyPath");
-                const hasScriptPath = this.inputs.some((input) => input.scriptType === "p2trMusig2ScriptPath");
-                if (hasKeyPath && !hasScriptPath) {
-                    // Only key path inputs - generate bitgo nonces for all
-                    const psbt2 = BitGoPsbt_js_1.BitGoPsbt.fromBytes(bytes, this.network);
-                    psbt2.generateMusig2Nonces(bitgoKey);
-                    psbt.combineMusig2Nonces(psbt2);
-                }
-                else if (hasScriptPath && !hasKeyPath) {
-                    // Only script path inputs - generate backup nonces for all
-                    const psbt2 = BitGoPsbt_js_1.BitGoPsbt.fromBytes(bytes, this.network);
-                    psbt2.generateMusig2Nonces(backupKey);
-                    psbt.combineMusig2Nonces(psbt2);
-                }
-                else {
-                    const psbt2 = BitGoPsbt_js_1.BitGoPsbt.fromBytes(bytes, this.network);
-                    psbt2.generateMusig2Nonces(bitgoKey);
-                    psbt.combineMusig2Nonces(psbt2);
-                }
+            const hasKeyPath = this.inputs.some((input) => input.scriptType === "p2trMusig2KeyPath");
+            const hasScriptPath = this.inputs.some((input) => input.scriptType === "p2trMusig2ScriptPath");
+            // Key path uses user+bitgo, script path uses user+backup.
+            // generateMusig2Nonces fails if the key isn't a participant in any musig2 input,
+            // so we only call it for keys that match.
+            if (hasKeyPath) {
+                psbt.generateMusig2Nonces(bitgoKey);
+            }
+            if (hasScriptPath) {
+                psbt.generateMusig2Nonces(backupKey);
             }
         }
         // Sign all wallet inputs with user key (bulk - more efficient)
@@ -299,7 +298,7 @@ class AcidTest {
      */
     static forAllNetworksSignStagesTxFormats(suiteConfig = {}) {
         return coinName_js_1.coinNames
-            .filter((network) => (0, coinName_js_1.isMainnet)(network) && network !== "bsv") // Exclude bitcoinsv
+            .filter((network) => (0, coinName_js_1.isMainnet)(network) && network !== "bsv")
             .flatMap((network) => exports.signStages.flatMap((signStage) => exports.txFormats.map((txFormat) => AcidTest.withConfig(network, signStage, txFormat, suiteConfig))));
     }
 }

package/dist/cjs/js/wasm/wasm_utxo.d.ts

@@ -318,12 +318,7 @@ export class BitGoPsbt {
      * generated for security. Custom session_id is only allowed on testnets for testing purposes.
      */
     generate_musig2_nonces(xpriv: WasmBIP32, session_id_bytes?: Uint8Array | null): void;
-    /**
-     * Get all PSBT inputs as an array of PsbtInputData
-     *
-     * Returns an array with witness_utxo, bip32_derivation, and tap_bip32_derivation
-     * for each input.
-     */
+    get_global_xpubs(): any;
     get_inputs(): any;
     /**
      * Get the network type for transaction extraction
@@ -332,23 +327,8 @@ export class BitGoPsbt {
      * wrapper class should be used in TypeScript.
      */
     get_network_type(): string;
-    /**
-     * Get all PSBT outputs as an array of PsbtOutputData
-     *
-     * Returns an array with script, value, bip32_derivation, and tap_bip32_derivation
-     * for each output.
-     */
     get_outputs(): any;
-    /**
-     * Get all PSBT outputs with resolved address strings.
-     *
-     * Unlike the generic WrapPsbt which requires a coin parameter, BitGoPsbt
-     * uses the network it was created/deserialized with to resolve addresses.
-     */
     get_outputs_with_address(): any;
-    /**
-     * Get the number of inputs in the PSBT
-     */
     input_count(): number;
     /**
      * Check if an input is a MuSig2 keypath input.
@@ -364,17 +344,11 @@ export class BitGoPsbt {
      * - `false` otherwise (or if input_index is out of bounds)
      */
     is_musig2_input(input_index: number): boolean;
-    /**
-     * Get the transaction lock time
-     */
     lock_time(): number;
     /**
      * Get the network of the PSBT
      */
     network(): string;
-    /**
-     * Get the number of outputs in the PSBT
-     */
     output_count(): number;
     /**
      * Parse outputs with wallet keys to identify which outputs belong to a wallet
@@ -655,9 +629,6 @@ export class BitGoPsbt {
      * - `Err(WasmUtxoError)` if the input index is out of bounds, derivation fails, or verification fails
      */
     verify_signature_with_xpub(input_index: number, xpub: WasmBIP32): boolean;
-    /**
-     * Get the transaction version
-     */
     version(): number;
     /**
      * Get the Zcash version group ID (returns None for non-Zcash PSBTs)
@@ -718,6 +689,12 @@ export class FixedScriptWalletNamespace {
      * - Dogecoin only supports legacy scripts (p2sh)
      */
     static supports_script_type(coin: string, script_type: string): boolean;
+    /**
+     * Sort an xpub triple into [user, backup, bitgo] order by validating
+     * against the PSBT's wallet inputs. Returns a RootWalletKeys with the
+     * correct ordering.
+     */
+    static to_wallet_keys(psbt: BitGoPsbt, user_or_a: WasmBIP32, backup_or_b: WasmBIP32, bitgo_or_c: WasmBIP32): WasmRootWalletKeys;
 }
 
 /**
@@ -1301,7 +1278,7 @@ export class WrapMiniscript {
 export class WrapPsbt {
     free(): void;
     [Symbol.dispose](): void;
-    addInput(txid: string, vout: number, value: bigint, script: Uint8Array, sequence?: number | null): number;
+    add_input(txid: string, vout: number, value: bigint, script: Uint8Array, sequence?: number | null): number;
     /**
      * Add an input to the PSBT
      *
@@ -1315,8 +1292,8 @@ export class WrapPsbt {
      * # Returns
      * The index of the newly added input
      */
-    addInputAtIndex(index: number, txid: string, vout: number, value: bigint, script: Uint8Array, sequence?: number | null): number;
-    addOutput(script: Uint8Array, value: bigint): number;
+    add_input_at_index(index: number, txid: string, vout: number, value: bigint, script: Uint8Array, sequence?: number | null): number;
+    add_output(script: Uint8Array, value: bigint): number;
     /**
      * Add an output to the PSBT
      *
@@ -1327,7 +1304,7 @@ export class WrapPsbt {
      * # Returns
      * The index of the newly added output
      */
-    addOutputAtIndex(index: number, script: Uint8Array, value: bigint): number;
+    add_output_at_index(index: number, script: Uint8Array, value: bigint): number;
     clone(): WrapPsbt;
     static deserialize(psbt: Uint8Array): WrapPsbt;
     /**
@@ -1340,53 +1317,23 @@ export class WrapPsbt {
      * - `Ok(WasmTransaction)` containing the extracted transaction
      * - `Err(WasmUtxoError)` if the PSBT is not fully finalized or extraction fails
      */
-    extractTransaction(): WasmTransaction;
-    finalize(): void;
-    /**
-     * Get all PSBT inputs as an array of PsbtInputData
-     *
-     * Returns an array with witness_utxo, bip32_derivation, and tap_bip32_derivation
-     * for each input. This is useful for introspecting the PSBT structure.
-     */
-    getInputs(): any;
-    /**
-     * Get all PSBT outputs as an array of PsbtOutputData
-     *
-     * Returns an array with script, value, bip32_derivation, and tap_bip32_derivation
-     * for each output. This is useful for introspecting the PSBT structure.
-     */
-    getOutputs(): any;
-    /**
-     * Get all PSBT outputs with resolved address strings.
-     *
-     * Like `getOutputs()` but each element also includes an `address` field
-     * derived from the output script using the given coin name (e.g. "btc", "tbtc").
-     */
-    getOutputsWithAddress(coin: string): any;
-    /**
-     * Get partial signatures for an input
-     * Returns array of { pubkey: Uint8Array, signature: Uint8Array }
-     */
-    getPartialSignatures(input_index: number): any;
+    extract_transaction(): WasmTransaction;
+    finalize_mut(): void;
+    get_global_xpubs(): any;
+    get_inputs(): any;
+    get_outputs(): any;
+    get_outputs_with_address(coin: string): any;
+    get_partial_signatures(input_index: number): any;
     /**
      * Get the unsigned transaction bytes
      *
      * # Returns
      * The serialized unsigned transaction
      */
-    getUnsignedTx(): Uint8Array;
-    /**
-     * Check if an input has any partial signatures
-     */
-    hasPartialSignatures(input_index: number): boolean;
-    /**
-     * Get the number of inputs in the PSBT
-     */
-    inputCount(): number;
-    /**
-     * Get the transaction lock time
-     */
-    lockTime(): number;
+    get_unsigned_tx(): Uint8Array;
+    has_partial_signatures(input_index: number): boolean;
+    input_count(): number;
+    lock_time(): number;
     /**
      * Create an empty PSBT
      *
@@ -1395,12 +1342,9 @@ export class WrapPsbt {
      * * `lock_time` - Transaction lock time (default: 0)
      */
     constructor(version?: number | null, lock_time?: number | null);
-    /**
-     * Get the number of outputs in the PSBT
-     */
-    outputCount(): number;
-    removeInput(index: number): void;
-    removeOutput(index: number): void;
+    output_count(): number;
+    remove_input(index: number): void;
+    remove_output(index: number): void;
     serialize(): Uint8Array;
     /**
      * Sign all inputs with a WasmBIP32 key
@@ -1414,7 +1358,7 @@ export class WrapPsbt {
      * # Returns
      * A SigningKeysMap converted to JsValue (object mapping input indices to signing keys)
      */
-    signAll(key: WasmBIP32): any;
+    sign_all(key: WasmBIP32): any;
     /**
      * Sign all inputs with a WasmECPair key
      *
@@ -1427,23 +1371,13 @@ export class WrapPsbt {
      * # Returns
      * A SigningKeysMap converted to JsValue (object mapping input indices to signing keys)
      */
-    signAllWithEcpair(key: WasmECPair): any;
-    signWithPrv(prv: Uint8Array): any;
-    signWithXprv(xprv: string): any;
-    /**
-     * Get the unsigned transaction ID as a hex string
-     */
-    unsignedTxId(): string;
-    updateInputWithDescriptor(input_index: number, descriptor: WrapDescriptor): void;
-    updateOutputWithDescriptor(output_index: number, descriptor: WrapDescriptor): void;
-    /**
-     * Validate a signature at a specific input against a pubkey
-     * Returns true if the signature is valid
-     *
-     * This method handles both ECDSA (legacy/SegWit) and Schnorr (Taproot) signatures.
-     * The pubkey should be provided as bytes (33 bytes for compressed ECDSA, 32 bytes for x-only Schnorr).
-     */
-    validateSignatureAtInput(input_index: number, pubkey: Uint8Array): boolean;
+    sign_all_with_ecpair(key: WasmECPair): any;
+    sign_with_prv(prv: Uint8Array): any;
+    sign_with_xprv(xprv: string): any;
+    unsigned_tx_id(): string;
+    update_input_with_descriptor(input_index: number, descriptor: WrapDescriptor): void;
+    update_output_with_descriptor(output_index: number, descriptor: WrapDescriptor): void;
+    validate_signature_at_input(input_index: number, pubkey: Uint8Array): boolean;
     /**
      * Verify a signature at a specific input using a WasmBIP32 key
      *
@@ -1460,10 +1394,7 @@ export class WrapPsbt {
      * # Returns
      * `true` if a valid signature exists for the key, `false` otherwise
      */
-    verifySignatureWithKey(input_index: number, key: WasmBIP32): boolean;
-    /**
-     * Get the transaction version
-     */
+    verify_signature_with_key(input_index: number, key: WasmBIP32): boolean;
     version(): number;
 }