@bsv/sdk 2.1.1 → 2.1.3

package/src/primitives/__tests/Hash.additional.test.ts

@@ -1,5 +1,10 @@
+import { createHash, createHmac } from 'node:crypto'
 import { SHA1HMAC, SHA512HMAC, pbkdf2 } from '../../primitives/Hash'
 
+function toHex (arr: number[]): string {
+  return Buffer.from(arr).toString('hex')
+}
+
 describe('Hash – additional coverage', () => {
   describe('SHA1HMAC', () => {
     it('produces a correct HMAC-SHA1 digest', () => {
@@ -56,4 +61,64 @@ describe('Hash – additional coverage', () => {
       )
     })
   })
+
+  describe('pure-TS fallback parity', () => {
+    const msg = new Uint8Array([
+      0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+      0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+      0xff, 0xfe, 0xfd, 0xfc
+    ])
+    const key = new Uint8Array([0xde, 0xad, 0xbe, 0xef])
+
+    const expectedSha256 = createHash('sha256').update(msg).digest('hex')
+    const expectedSha512 = createHash('sha512').update(msg).digest('hex')
+    const expectedRipemd160 = createHash('ripemd160').update(msg).digest('hex')
+    const expectedHash256 = createHash('sha256')
+      .update(createHash('sha256').update(msg).digest())
+      .digest('hex')
+    const expectedHash160 = createHash('ripemd160')
+      .update(createHash('sha256').update(msg).digest())
+      .digest('hex')
+    const expectedSha256Hmac = createHmac('sha256', key)
+      .update(msg)
+      .digest('hex')
+    const expectedSha512Hmac = createHmac('sha512', key)
+      .update(msg)
+      .digest('hex')
+
+    it('matches native digests when node:crypto is unavailable', () => {
+      const originalGetBuiltin = (process as any).getBuiltinModule
+      ;(process as any).getBuiltinModule = (): never => {
+        throw new Error('blocked for test')
+      }
+      try {
+        jest.isolateModules(() => {
+          jest.doMock('node:crypto', () => {
+            throw new Error('blocked for test')
+          })
+          // eslint-disable-next-line @typescript-eslint/no-var-requires
+          const fallback = require('../../primitives/Hash')
+          expect(toHex(fallback.sha256(Array.from(msg)))).toBe(expectedSha256)
+          expect(toHex(fallback.sha512(Array.from(msg)))).toBe(expectedSha512)
+          expect(toHex(fallback.ripemd160(Array.from(msg)))).toBe(
+            expectedRipemd160
+          )
+          expect(toHex(fallback.hash256(Array.from(msg)))).toBe(
+            expectedHash256
+          )
+          expect(toHex(fallback.hash160(Array.from(msg)))).toBe(
+            expectedHash160
+          )
+          expect(
+            toHex(fallback.sha256hmac(Array.from(key), Array.from(msg)))
+          ).toBe(expectedSha256Hmac)
+          expect(
+            toHex(fallback.sha512hmac(Array.from(key), Array.from(msg)))
+          ).toBe(expectedSha512Hmac)
+        })
+      } finally {
+        ;(process as any).getBuiltinModule = originalGetBuiltin
+      }
+    })
+  })
 })

package/src/primitives/__tests/Hash.test.ts

@@ -42,6 +42,11 @@ describe('Hash', function () {
     ])
   })
 
+  it('preserves SDK hex normalization before hashing', function () {
+    expect(hash.sha256('abc', 'hex')).toEqual(hash.sha256([0x0a, 0xbc]))
+    expect(() => hash.sha256('zz', 'hex')).toThrow('Invalid hex string')
+  })
+
   it('should support ripemd160', function () {
     test(hash.RIPEMD160, [
       ['', '9c1185a5c5e9fc54612808977ee8f548b2258d31'],
@@ -230,7 +235,7 @@ describe('Hash', function () {
     it('realHtonl preserves value when system is big-endian (forced simulation)', () => {
       // We simulate the big-endian branch of realHtonl by calling
       // the fallback path directly.
-      const forceBigEndianRealHtonl = (w: number) => (w >>> 0)
+      const forceBigEndianRealHtonl = (w: number): number => (w >>> 0)
 
       expect(forceBigEndianRealHtonl(0x11223344)).toBe(0x11223344)
       expect(forceBigEndianRealHtonl(0xaabbccdd)).toBe(0xaabbccdd)

package/src/script/__tests/Spend.test.ts

@@ -512,7 +512,7 @@ describe('Spend', () => {
     })
   })
 
-  it('Successfully validates a spend where sequence is set to undefined', async () => {
+  it('Rejects spending an immature coinbase transaction', async () => {
     const sourceTransaction = new Transaction(
       1,
       [{
@@ -531,8 +531,49 @@ describe('Spend', () => {
     )
     const txid = sourceTransaction.id('hex')
     sourceTransaction.merklePath = MerklePath.fromCoinbaseTxidAndHeight(txid, 0)
-    const chain = new MockChain({ blockheaders: [] })
-    chain.addBlock(txid)
+    const chain = new MockChain({ blockheaders: [txid] })
+
+    const spendTx = new Transaction(
+      1,
+      [
+        {
+          unlockingScript: Script.fromASM('OP_TRUE'),
+          sourceTransaction,
+          sourceOutputIndex: 0
+        }
+      ],
+      [{
+          lockingScript: Script.fromASM('OP_NOP'),
+          satoshis: 1
+      }],
+      0
+    )
+
+    await expect(spendTx.verify(chain)).rejects.toThrow(
+      `Invalid merkle path for transaction ${txid}`
+    )
+  })
+
+  it('Successfully validates a mature coinbase spend where sequence is set to undefined', async () => {
+    const sourceTransaction = new Transaction(
+      1,
+      [{
+        sourceTXID: '0000000000000000000000000000000000000000000000000000000000000000',
+        sourceOutputIndex: 0,
+        unlockingScript: Script.fromASM('OP_TRUE'),
+        sequence: 0xffffffff
+      }],
+      [
+        {
+          lockingScript: Script.fromASM('OP_NOP'),
+          satoshis: 2
+        }
+      ],
+      0
+    )
+    const txid = sourceTransaction.id('hex')
+    sourceTransaction.merklePath = MerklePath.fromCoinbaseTxidAndHeight(txid, 0)
+    const chain = new MockChain({ blockheaders: [txid, ...new Array(100).fill('')] })
 
     const spendTx = new Transaction(
       1,
@@ -551,7 +592,7 @@ describe('Spend', () => {
     )
 
     const valid = await spendTx.verify(chain)
-    
+
     expect(valid).toBe(true)
 
     const b = spendTx.toBinary()

package/src/transaction/MerklePath.ts

@@ -375,7 +375,7 @@ export default class MerklePath {
     if (this.indexOf(txid) === 0) {
       // Coinbase transaction outputs can only be spent once they're 100 blocks deep.
       const height = await chainTracker.currentHeight()
-      if (this.blockHeight + 100 < height) {
+      if (this.blockHeight + 100 > height) {
         return false
       }
     }

package/src/transaction/__tests/Transaction.test.ts

@@ -15,6 +15,23 @@ import MerklePath from '../../transaction/MerklePath'
 import { BEEF_V1 } from '../../transaction/Beef'
 import SatoshisPerKilobyte from '../../transaction/fee-models/SatoshisPerKilobyte'
 
+// Default Transaction.fee() resolves to LivePolicy.getInstance(), which fetches the live ARC
+// policy endpoint. Replace it with a deterministic 100 sat/kb model so tests never hit the
+// network — the live endpoint is unreliable and not part of what these tests exercise.
+jest.mock('../../transaction/fee-models/LivePolicy', () => {
+  // eslint-disable-next-line @typescript-eslint/no-var-requires
+  const SPKB = require('../../transaction/fee-models/SatoshisPerKilobyte').default
+  class MockLivePolicy extends SPKB {
+    static instance: MockLivePolicy | null = null
+    constructor () { super(100) }
+    static getInstance (): MockLivePolicy {
+      if (!MockLivePolicy.instance) MockLivePolicy.instance = new MockLivePolicy()
+      return MockLivePolicy.instance
+    }
+  }
+  return { __esModule: true, default: MockLivePolicy }
+})
+
 import sighashVectors from '../../primitives/__tests/sighash.vectors'
 import invalidTransactions from './tx.invalid.vectors'
 import validTransactions from './tx.valid.vectors'

package/src/wallet/Wallet.interfaces.ts

@@ -412,8 +412,23 @@ export interface AbortActionArgs {
   reference: Base64String
 }
 
+/**
+ * Result of an `abortAction` call.
+ *
+ * `aborted` is informative: `true` indicates the wallet successfully invalidated
+ * the action (it will not be broadcast and its inputs are released), `false`
+ * indicates the wallet refused to abort because the underlying transaction was
+ * found to already be on chain (mined or known to mempool). On a refusal the
+ * caller should typically invoke `internalizeAction` instead, which will treat
+ * the call as explicit authorization to advance the nosend lifecycle.
+ *
+ * Note that confirming on-chain status requires network reachability. When
+ * confirmation is impossible (services unreachable or returning errors), the
+ * wallet proceeds with the abort and returns `aborted: true` rather than
+ * refusing — refusal is reserved for positive on-chain confirmation.
+ */
 export interface AbortActionResult {
-  aborted: true
+  aborted: boolean
 }
 
 export type AcquireCertificateResult = WalletCertificate

package/src/wallet/WalletClient.ts

@@ -169,7 +169,7 @@ export default class WalletClient implements WalletInterface {
 
   async abortAction (args: {
     reference: Base64String
-  }): Promise<{ aborted: true }> {
+  }): Promise<{ aborted: boolean }> {
     validateAbortActionArgs(args)
     await this.connectToSubstrate()
     return await (this.substrate as WalletInterface).abortAction(

package/src/wallet/substrates/window.CWI.ts

@@ -130,7 +130,7 @@ export default class WindowCWISubstrate implements WalletInterface {
   async abortAction(
     args: { reference: Base64String },
     originator?: OriginatorDomainNameStringUnder250Bytes
-  ): Promise<{ aborted: true }> {
+  ): Promise<{ aborted: boolean }> {
     return await this.CWI.abortAction(args, originator)
   }