@bsv/sdk 2.1.4 → 2.1.6

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bsv/sdk",
-  "version": "2.1.4",
+  "version": "2.1.6",
   "type": "module",
   "description": "BSV Blockchain Software Development Kit",
   "main": "dist/cjs/mod.js",
@@ -239,21 +239,21 @@
   "devDependencies": {
     "@eslint/js": "^10.0.1",
     "@jest/globals": "^30.4.1",
-    "@rspack/cli": "^2.0.4",
-    "@rspack/core": "^2.0.4",
+    "@rspack/cli": "^2.0.8",
+    "@rspack/core": "^2.0.8",
     "@types/jest": "^30.0.0",
-    "@types/node": "^25.9.1",
-    "eslint": "^10.4.0",
+    "@types/node": "^25.9.3",
+    "eslint": "^10.5.0",
     "globals": "^17.6.0",
     "jest": "^30.4.2",
     "jest-environment-jsdom": "^30.4.1",
     "ts-jest": "^29.4.11",
-    "ts-loader": "^9.5.4",
+    "ts-loader": "^9.6.0",
     "ts-standard": "^12.0.2",
     "ts2md": "^0.2.8",
     "tsconfig-to-dual-package": "^1.2.0",
     "typescript": "^6.0.3",
-    "typescript-eslint": "^8.60.0"
+    "typescript-eslint": "^8.61.0"
   },
   "ts-standard": {
     "project": "tsconfig.eslint.json",

package/src/compat/Utxo.ts

@@ -44,7 +44,7 @@ export default function fromUtxo (
   }
 ): TransactionInput {
   const sourceTransaction = new Transaction(0, [], [], 0)
-  sourceTransaction.outputs = Array(utxo.vout + 1).fill(null)
+  sourceTransaction.outputs = new Array(utxo.vout + 1).fill(null)
   sourceTransaction.outputs[utxo.vout] = {
     satoshis: utxo.satoshis,
     lockingScript: LockingScript.fromHex(utxo.script)

package/src/compat/__tests/Mnemonic.additional.test.ts

@@ -15,7 +15,7 @@ describe('Mnemonic – additional coverage', () => {
     })
 
     it('uses 128 bits when bits is NaN', () => {
-      const m = new Mnemonic().fromRandom(NaN)
+      const m = new Mnemonic().fromRandom(Number.NaN)
       expect(m.mnemonic.split(' ')).toHaveLength(12)
     })
 

package/src/compat/__tests/Mnemonic.test.ts

@@ -41,7 +41,7 @@ describe('Mnemonic', function () {
     m = new Mnemonic().fromRandom(128)
     expect(m.check()).toEqual(true)
 
-    const entropy = Array(32)
+    const entropy = new Array(32)
     entropy.fill(0)
     m = new Mnemonic().fromEntropy(entropy)
     expect(m.check()).toEqual(true)

package/src/kvstore/GlobalKVStore.ts

@@ -89,11 +89,26 @@ export class GlobalKVStore {
     this.config = { ...DEFAULT_CONFIG, ...config }
     this.wallet = config.wallet ?? new WalletClient()
     this.historian = new Historian<string, KVContext>(kvStoreInterpreter)
-    this.lookupResolver = new LookupResolver({
-      networkPreset: this.config.networkPreset
+    // Resolve overlay hosts via, in order of precedence: an injected resolver,
+    // otherwise a default resolver built from `networkPreset` plus any
+    // `hostOverrides` / `slapTrackers`. The same resolver is shared with the
+    // topic broadcaster so read lookups and the broadcaster's SHIP host
+    // discovery both go through it. Note this shares the *lookup* path, not the
+    // broadcast target: writes still go to whatever hosts the `ls_ship` SHIP
+    // lookup returns, so pinning the broadcast backend requires that lookup to
+    // return the desired host (a host override alone does not force it). With no
+    // overrides this is behaviourally identical to the previous
+    // networkPreset-only construction.
+    // `hostOverrides` / `slapTrackers` are passed straight through; LookupResolver
+    // already falls back to its defaults when they're undefined.
+    this.lookupResolver = this.config.lookupResolver ?? new LookupResolver({
+      networkPreset: this.config.networkPreset,
+      hostOverrides: this.config.hostOverrides,
+      slapTrackers: this.config.slapTrackers
     })
     this.topicBroadcaster = new TopicBroadcaster(this.config.topics as string[], {
-      networkPreset: this.config.networkPreset
+      networkPreset: this.config.networkPreset,
+      resolver: this.lookupResolver
     })
   }
 

package/src/kvstore/__tests/GlobalKVStore.test.ts

@@ -264,6 +264,42 @@ describe('GlobalKVStore', () => {
     it('initializes Historian with kvStoreInterpreter', () => {
       expect(MockHistorian).toHaveBeenCalledWith(kvStoreInterpreter)
     })
+
+    it('builds a default resolver from networkPreset and shares it with the broadcaster', () => {
+      MockLookupResolver.mockClear()
+      MockTopicBroadcaster.mockClear()
+      const store = new GlobalKVStore({ wallet: mockWallet, networkPreset: 'testnet' })
+      expect(store).toBeInstanceOf(GlobalKVStore)
+      expect(MockLookupResolver).toHaveBeenCalledWith({ networkPreset: 'testnet' })
+      // The broadcaster must reuse the same resolver so read lookups and the
+      // broadcaster's SHIP host discovery share one lookup path.
+      const broadcasterConfig = MockTopicBroadcaster.mock.calls[0][1] as { resolver?: unknown }
+      expect(broadcasterConfig.resolver).toBe(mockResolver)
+    })
+
+    it('passes hostOverrides and slapTrackers into the default resolver', () => {
+      MockLookupResolver.mockClear()
+      const hostOverrides = { ls_kvstore: ['https://host.example'] }
+      const slapTrackers = ['https://slap.example']
+      const store = new GlobalKVStore({ wallet: mockWallet, hostOverrides, slapTrackers })
+      expect(store).toBeInstanceOf(GlobalKVStore)
+      expect(MockLookupResolver).toHaveBeenCalledWith({
+        networkPreset: 'mainnet',
+        hostOverrides,
+        slapTrackers,
+      })
+    })
+
+    it('uses an injected lookupResolver verbatim and does not build a default one', () => {
+      MockLookupResolver.mockClear()
+      MockTopicBroadcaster.mockClear()
+      const injected = { query: jest.fn() } as unknown as InstanceType<typeof LookupResolver>
+      const store = new GlobalKVStore({ wallet: mockWallet, lookupResolver: injected })
+      expect(store).toBeInstanceOf(GlobalKVStore)
+      expect(MockLookupResolver).not.toHaveBeenCalled()
+      const broadcasterConfig = MockTopicBroadcaster.mock.calls[0][1] as { resolver?: unknown }
+      expect(broadcasterConfig.resolver).toBe(injected)
+    })
   })
 
   // --------------------------------------------------------------------------

package/src/kvstore/types.ts

@@ -1,6 +1,8 @@
 import { Beef } from '../transaction/Beef.js'
 import { PubKeyHex, WalletProtocol } from '../wallet/Wallet.interfaces.js'
 import { WalletInterface } from '../wallet/index.js'
+// Type-only import — erased at runtime, so it introduces no module cycle with overlay-tools.
+import type { LookupResolver } from '../overlay-tools/index.js'
 
 /**
  * Configuration interface for GlobalKVStore operations.
@@ -23,6 +25,32 @@ export interface KVStoreConfig {
   wallet?: WalletInterface
   /** Network preset for overlay services */
   networkPreset?: 'mainnet' | 'testnet' | 'local'
+  /**
+   * A pre-built lookup resolver to use for all overlay queries — both reads and
+   * write-host (SHIP) discovery. When provided, it takes precedence and
+   * `hostOverrides` / `slapTrackers` are ignored for resolver construction.
+   * Use this to fully control overlay host resolution.
+   */
+  lookupResolver?: LookupResolver
+  /**
+   * Per-service overlay host overrides (`serviceName -> hosts`), applied when
+   * the store builds its default lookup resolver. This pins which hosts answer
+   * *lookup* queries for a given service (e.g. read lookups via `ls_kvstore`),
+   * instead of discovering them via SLAP.
+   *
+   * Note this does not by itself pin the *broadcast* target: writes are
+   * submitted to the hosts that the `ls_ship` SHIP lookup returns, so an
+   * `ls_ship` override only changes which tracker answers — the broadcast host
+   * is whatever advertisements that lookup names. To force writes to a specific
+   * backend, use a resolver / SHIP setup whose `ls_ship` results return the
+   * desired host. Ignored when `lookupResolver` is supplied.
+   */
+  hostOverrides?: Record<string, string[]>
+  /**
+   * Override the SLAP trackers used by the default lookup resolver. Ignored when
+   * `lookupResolver` is supplied.
+   */
+  slapTrackers?: string[]
   /** Whether to accept delayed broadcast */
   acceptDelayedBroadcast?: boolean
   /** Whether to let overlay handle broadcasting (prevents UTXO spending on rejection) */

package/src/overlay-tools/__tests/Historian.test.ts

@@ -34,7 +34,7 @@ function makeMockTx(txid: string, outputs: any[] = [], inputs: any[] = []): MTx
 
 function makeMockOutput(scriptHex?: string): TransactionOutput {
   const hex = scriptHex || '76a914' // Default to P2PKH prefix if no script provided
-  const scriptArray = hex.match(/.{2}/g)?.map(byte => parseInt(byte, 16)) || [0x76, 0xa9, 0x14]
+  const scriptArray = hex.match(/.{2}/g)?.map(byte => Number.parseInt(byte, 16)) || [0x76, 0xa9, 0x14]
 
   return {
     satoshis: 1,

package/src/overlay-tools/__tests/HostReputationTracker.additional.test.ts

@@ -93,7 +93,7 @@ describe('HostReputationTracker – additional coverage', () => {
 
     it('treats NaN latency as DEFAULT_LATENCY_MS (1500)', () => {
       const t = new HostReputationTracker()
-      t.recordSuccess('https://host.com', NaN)
+      t.recordSuccess('https://host.com', Number.NaN)
       const snap = t.snapshot('https://host.com')!
       expect(snap.avgLatencyMs).toBe(1500)
     })

package/src/primitives/Hash.ts

@@ -261,8 +261,10 @@ function appendUtf8CodeUnit (msg: string, i: number, out: number[]): number {
 
 function utf8StringToArray (msg: string): number[] {
   const res: number[] = []
-  for (let i = 0; i < msg.length; i++) {
-    i = appendUtf8CodeUnit(msg, i, res)
+  let i = 0
+  while (i < msg.length) {
+    const lastConsumed = appendUtf8CodeUnit(msg, i, res)
+    i = lastConsumed + 1
   }
   return res
 }

package/src/primitives/__tests/BigNumber.constructor.test.ts

@@ -52,7 +52,7 @@ describe('BN.js/Constructor', () => {
     it('should accept base-16 with spaces', () => {
       const num = 'a89c e5af8724 c0a23e0e 0ff77500'
       expect(new BigNumber(num, 16).toString(16)).toEqual(
-        num.replace(/ /g, '')
+        num.replaceAll(' ', '')
       )
     })
 

package/src/primitives/__tests/DRBG.test.ts

@@ -34,36 +34,28 @@ describe('DRBG', () => {
       const entropy = new Array(31).fill(0x01)
       const nonce = new Array(32).fill(0x02)
 
-      expect(() => {
-        new DRBG(entropy, nonce)
-      }).toThrow('Entropy must be exactly 32 bytes (256 bits)')
+      expect(() => new DRBG(entropy, nonce)).toThrow('Entropy must be exactly 32 bytes (256 bits)')
     })
 
     it('throws if entropy is longer than 32 bytes', () => {
       const entropy = new Array(33).fill(0x01)
       const nonce = new Array(32).fill(0x02)
 
-      expect(() => {
-        new DRBG(entropy, nonce)
-      }).toThrow('Entropy must be exactly 32 bytes (256 bits)')
+      expect(() => new DRBG(entropy, nonce)).toThrow('Entropy must be exactly 32 bytes (256 bits)')
     })
 
     it('throws if nonce is shorter than 32 bytes', () => {
       const entropy = new Array(32).fill(0x01)
       const nonce = new Array(31).fill(0x02)
 
-      expect(() => {
-        new DRBG(entropy, nonce)
-      }).toThrow('Nonce must be exactly 32 bytes (256 bits)')
+      expect(() => new DRBG(entropy, nonce)).toThrow('Nonce must be exactly 32 bytes (256 bits)')
     })
 
     it('throws if nonce is longer than 32 bytes', () => {
       const entropy = new Array(32).fill(0x01)
       const nonce = new Array(33).fill(0x02)
 
-      expect(() => {
-        new DRBG(entropy, nonce)
-      }).toThrow('Nonce must be exactly 32 bytes (256 bits)')
+      expect(() => new DRBG(entropy, nonce)).toThrow('Nonce must be exactly 32 bytes (256 bits)')
     })
 
     it('accepts both hex strings and number[] inputs equivalently', () => {

package/src/primitives/__tests/Point.additional.test.ts

@@ -118,7 +118,7 @@ describe('Point – additional coverage', () => {
     })
 
     it('throws for unknown format', () => {
-      const der = [0x05, ...Array(32).fill(0x01)]
+      const der = [0x05, ...new Array(32).fill(0x01)]
       expect(() => Point.fromDER(der)).toThrow('Unknown point format')
     })
   })
@@ -147,7 +147,7 @@ describe('Point – additional coverage', () => {
     it('fromX accepts number', () => {
       // Use a valid x value that has a square root mod p
       const g = G.mul(new BigNumber(7))
-      const xNum = parseInt(g.getX().toString(16).slice(-4), 16)
+      const xNum = Number.parseInt(g.getX().toString(16).slice(-4), 16)
       // fromX with a number, may produce a point
       const p = Point.fromX(g.getX(), true)
       expect(p.validate()).toBe(true)

package/src/primitives/__tests/Point.test.ts

@@ -40,7 +40,7 @@ describe('Point.fromJSON / fromDER / fromX curve validation (TOB-24)', () => {
   it('rejects invalid compressed points in fromDER', () => {
     // 0x02 is a valid compressed prefix, but x = 0 gives y^2 = 7,
     // which has no square root mod p on secp256k1 → invalid point.
-    const der = [0x02, ...Array(32).fill(0x00)]
+    const der = [0x02, ...new Array(32).fill(0x00)]
     expect(() => Point.fromDER(der)).toThrow(/Invalid point/)
     })
 

package/src/primitives/__tests/SymmetricKeyCompatibility.test.ts

@@ -37,7 +37,7 @@ describe('Cross-SDK Compatibility Tests', () => {
         // Convert hex to byte array
         const ciphertext: number[] = []
         for (let i = 0; i < ciphertextHex.length; i += 2) {
-          ciphertext.push(parseInt(ciphertextHex.slice(i, i + 2), 16))
+          ciphertext.push(Number.parseInt(ciphertextHex.slice(i, i + 2), 16))
         }
 
         // Decrypt using TypeScript SDK
@@ -83,7 +83,7 @@ describe('Cross-SDK Compatibility Tests', () => {
         // Convert hex to byte array
         const ciphertext: number[] = []
         for (let i = 0; i < ciphertextHex.length; i += 2) {
-          ciphertext.push(parseInt(ciphertextHex.slice(i, i + 2), 16))
+          ciphertext.push(Number.parseInt(ciphertextHex.slice(i, i + 2), 16))
         }
 
         // Decrypt using TypeScript SDK
@@ -127,7 +127,7 @@ describe('Cross-SDK Compatibility Tests', () => {
         // Test TypeScript decrypting Go ciphertext
         const goCiphertextBytes: number[] = []
         for (let i = 0; i < goCiphertext.length; i += 2) {
-          goCiphertextBytes.push(parseInt(goCiphertext.substr(i, 2), 16))
+          goCiphertextBytes.push(Number.parseInt(goCiphertext.substr(i, 2), 16))
         }
 
         const goDecrypted = symKey.decrypt(goCiphertextBytes, 'utf8')
@@ -136,7 +136,7 @@ describe('Cross-SDK Compatibility Tests', () => {
         // Test TypeScript decrypting TypeScript ciphertext (sanity check)
         const tsCiphertextBytes: number[] = []
         for (let i = 0; i < tsCiphertext.length; i += 2) {
-          tsCiphertextBytes.push(parseInt(tsCiphertext.substr(i, 2), 16))
+          tsCiphertextBytes.push(Number.parseInt(tsCiphertext.substr(i, 2), 16))
         }
 
         const tsDecrypted = symKey.decrypt(tsCiphertextBytes, 'utf8')

package/src/registry/__tests/RegistryClient.additional.test.ts

@@ -77,10 +77,10 @@ jest.mock('../../transaction/index.js', () => ({
 jest.mock('../../primitives/index.js', () => ({
   Utils: {
     toArray: jest.fn().mockImplementation((str: string) =>
-      Array.from(str).map((c) => c.charCodeAt(0))
+      Array.from(str).map((c) => c.codePointAt(0))
     ),
     toUTF8: jest.fn().mockImplementation((arr: number[] | string) => {
-      if (Array.isArray(arr)) return arr.map((n) => String.fromCharCode(n)).join('')
+      if (Array.isArray(arr)) return arr.map((n) => String.fromCodePoint(n)).join('')
       return arr
     })
   }
@@ -628,7 +628,7 @@ describe('RegistryClient.resolve – protocol and certificate parsing', () => {
     // protocol has 7 fields: protocolID, name, iconURL, description, docURL, operator, sig
     ;(PushDrop.decode as jest.Mock).mockReturnValueOnce({
       fields: [
-        Array.from('[1,"proto"]').map((c) => c.charCodeAt(0)), // protocolID JSON
+        Array.from('[1,"proto"]').map((c) => c.codePointAt(0)), // protocolID JSON
         [110, 97, 109, 101],  // 'name'
         [105, 99, 111, 110],  // 'icon'
         [100, 101, 115, 99],  // 'desc'
@@ -658,7 +658,7 @@ describe('RegistryClient.resolve – protocol and certificate parsing', () => {
         [105, 99, 111, 110],   // 'icon'
         [100, 101, 115, 99],   // 'desc'
         [100, 111, 99],        // 'doc'
-        Array.from(fieldsJSON).map((c) => c.charCodeAt(0)), // fieldsJSON
+        Array.from(fieldsJSON).map((c) => c.codePointAt(0)), // fieldsJSON
         [111, 112],            // 'op' - operator
         [115, 105, 103]        // signature
       ]

package/src/registry/__tests/RegistryClient.test.ts

@@ -82,11 +82,11 @@ jest.mock('../../primitives/index.js', () => {
   return {
     Utils: {
       toArray: jest.fn().mockImplementation((str: string) =>
-        Array.from(str).map((c) => c.charCodeAt(0))
+        Array.from(str).map((c) => c.codePointAt(0))
       ),
       toUTF8: jest.fn().mockImplementation((arr: number[] | string) => {
         if (Array.isArray(arr)) {
-          return arr.map((n) => String.fromCharCode(n)).join('')
+          return arr.map((n) => String.fromCodePoint(n)).join('')
         }
         return arr
       })

package/src/script/Spend.ts

@@ -1213,7 +1213,14 @@ export default class Spend {
               sig = this.parseChecksigSignature(bufSig)
 
               const scriptForChecksig: Script = this.context === 'UnlockingScript' ? this.unlockingScript : this.lockingScript
-              const scriptCodeChunks = scriptForChecksig.chunks.slice(this.lastCodeSeparator === null ? 0 : this.lastCodeSeparator + 1)
+              let scriptCodeChunks = scriptForChecksig.chunks.slice(this.lastCodeSeparator === null ? 0 : this.lastCodeSeparator + 1)
+              // When an OP_CODESEPARATOR appears in the unlocking script, the CHECKSIG subscript
+              // continues across the unlock/lock boundary into the full locking script (legacy
+              // combined-script semantics; matches BSV node consensus). Without this, signatures
+              // taken over such a subscript (e.g. OP_PUSH_TX-style contracts) are wrongly rejected.
+              if (this.context === 'UnlockingScript') {
+                scriptCodeChunks = scriptCodeChunks.concat(this.lockingScript.chunks)
+              }
               subscript = new Script(scriptCodeChunks)
               subscript.findAndDelete(new Script().writeBin(bufSig))
 

package/src/script/__tests/Spend.codeseparator.test.ts

@@ -0,0 +1,88 @@
+import PrivateKey from '../../primitives/PrivateKey'
+import { sha256 } from '../../primitives/Hash'
+import Spend from '../../script/Spend'
+import Transaction from '../../transaction/Transaction'
+import TransactionSignature from '../../primitives/TransactionSignature'
+import LockingScript from '../../script/LockingScript'
+import UnlockingScript from '../../script/UnlockingScript'
+import Script from '../../script/Script'
+import OP from '../../script/OP'
+
+/**
+ * Regression test for the CHECKSIG subscript across an OP_CODESEPARATOR in the unlocking script.
+ *
+ * When an OP_CODESEPARATOR is executed in the *unlocking* script and an OP_CHECKSIG then runs
+ * (still in unlocking-script context), the signature's subscript must span from after that
+ * separator across the unlock/lock boundary into the FULL locking script (legacy combined-script
+ * semantics, which BSV nodes enforce). This is the basis of OP_PUSH_TX-style contracts.
+ *
+ * Before the fix, Spend built the subscript from the unlocking script alone, so a signature taken
+ * over <unlock-tail> ++ <locking-script> was rejected ("OP_CHECKSIGVERIFY requires a valid
+ * signature"), even though BSV consensus accepts the transaction.
+ */
+describe('Spend — CHECKSIG subscript across OP_CODESEPARATOR in the unlocking script', () => {
+  it('validates a signature whose subscript spans into the locking script', () => {
+    const priv = new PrivateKey(42)
+    const pub = priv.toPublicKey()
+    const pubEnc = pub.encode(true) as number[]
+    const satoshis = 1000
+    const scope = TransactionSignature.SIGHASH_ALL | TransactionSignature.SIGHASH_FORKID
+
+    // Non-empty locking-script tail that MUST be part of the subscript (proves the concat).
+    const lockingScript = new LockingScript([{ op: OP.OP_NOP }, { op: OP.OP_NOP }])
+
+    // Version 2 -> "relaxed" rules (post-Genesis/Chronicle), so the non-push unlocking script
+    // below is permitted (push-only is only enforced for legacy v1 transactions).
+    const sourceTx = new Transaction(2, [], [{ lockingScript, satoshis }], 0)
+
+    // The subscript the interpreter derives (after findAndDelete removes the signature push):
+    //   <unlock-after-codesep without the sig> ++ <locking script>
+    //   = [ <pubkey> OP_CHECKSIG ] ++ [ OP_NOP OP_NOP ]
+    const subscript = new Script([
+      { op: pubEnc.length, data: pubEnc },
+      { op: OP.OP_CHECKSIG },
+      ...lockingScript.chunks
+    ])
+
+    const preimage = TransactionSignature.formatBytes({
+      sourceTXID: sourceTx.id('hex'),
+      sourceOutputIndex: 0,
+      sourceSatoshis: satoshis,
+      transactionVersion: 2,
+      otherInputs: [],
+      outputs: [],
+      inputIndex: 0,
+      subscript,
+      inputSequence: 0xffffffff,
+      lockTime: 0,
+      scope
+    })
+    const raw = priv.sign(sha256(preimage))
+    const sig = new TransactionSignature(raw.r, raw.s, scope)
+    const sigForScript = sig.toChecksigFormat()
+
+    // Unlocking script: OP_CODESEPARATOR then <sig> <pubkey> OP_CHECKSIG (checksig runs here).
+    const unlockingScript = new UnlockingScript([
+      { op: OP.OP_CODESEPARATOR },
+      { op: sigForScript.length, data: sigForScript },
+      { op: pubEnc.length, data: pubEnc },
+      { op: OP.OP_CHECKSIG }
+    ])
+
+    const spend = new Spend({
+      sourceTXID: sourceTx.id('hex'),
+      sourceOutputIndex: 0,
+      sourceSatoshis: satoshis,
+      lockingScript,
+      transactionVersion: 2,
+      otherInputs: [],
+      inputIndex: 0,
+      unlockingScript,
+      outputs: [],
+      inputSequence: 0xffffffff,
+      lockTime: 0
+    })
+
+    expect(spend.validate()).toBe(true)
+  })
+})

package/src/storage/__tests/StorageUploader.test.ts

@@ -376,7 +376,7 @@ describe('StorageUploader — multi-provider behavior', () => {
     })
 
     // All three quotes requested (up to 2 * resilienceLevel = 4 allowed, but we only have 3 hosts).
-    expect(quoteCalls.sort()).toEqual([
+    expect(quoteCalls.sort((a, b) => a.localeCompare(b))).toEqual([
       'https://a.example/quote',
       'https://b.example/quote',
       'https://c.example/quote'
@@ -611,7 +611,7 @@ describe('StorageUploader — multi-provider behavior', () => {
     })
 
     // Only the first batch of 4 quote requests should have been issued.
-    expect(quoteCalls.sort()).toEqual([
+    expect(quoteCalls.sort((a, b) => a.localeCompare(b))).toEqual([
       'https://h1.example/quote',
       'https://h2.example/quote',
       'https://h3.example/quote',
@@ -649,7 +649,7 @@ describe('StorageUploader — multi-provider behavior', () => {
       retentionPeriod: 60
     })
 
-    expect(quoteCalls.sort()).toEqual([
+    expect(quoteCalls.sort((a, b) => a.localeCompare(b))).toEqual([
       'https://h1.example/quote',
       'https://h2.example/quote',
       'https://h3.example/quote',
@@ -696,7 +696,7 @@ describe('StorageUploader — multi-provider behavior', () => {
 
     // First batch queried h1-h4 (4 hosts), second batch queried only h5
     // (1 host, the exact remainder). Hosts h6-h8 are never contacted.
-    expect(quoteCalls.sort()).toEqual([
+    expect(quoteCalls.sort((a, b) => a.localeCompare(b))).toEqual([
       'https://h1.example/quote',
       'https://h2.example/quote',
       'https://h3.example/quote',
@@ -763,7 +763,7 @@ describe('StorageUploader — multi-host findFile / listUploads / renewFile', ()
 
     const result = await uploader.findFile('uhrp://x')
 
-    expect(calls.sort()).toEqual([
+    expect(calls.sort((a, b) => a.localeCompare(b))).toEqual([
       'https://a.example/find?uhrpUrl=uhrp%3A%2F%2Fx',
       'https://b.example/find?uhrpUrl=uhrp%3A%2F%2Fx',
       'https://c.example/find?uhrpUrl=uhrp%3A%2F%2Fx'
@@ -843,7 +843,7 @@ describe('StorageUploader — multi-host findFile / listUploads / renewFile', ()
     const listing = await uploader.listUploads()
     const byUrl = Object.fromEntries(listing.map((e: any) => [e.uhrpUrl, e]))
 
-    expect(Object.keys(byUrl).sort()).toEqual(['uhrp://one', 'uhrp://shared', 'uhrp://two'])
+    expect(Object.keys(byUrl).sort((a, b) => a.localeCompare(b))).toEqual(['uhrp://one', 'uhrp://shared', 'uhrp://two'])
     expect(byUrl['uhrp://shared'].expiryTime).toBe(300) // longest wins
     expect(byUrl['uhrp://shared'].hostedBy.sort()).toEqual(['https://a.example', 'https://b.example'])
     expect(byUrl['uhrp://one'].hostedBy).toEqual(['https://a.example'])
@@ -1026,7 +1026,7 @@ describe('StorageUploader — multi-host findFile / listUploads / renewFile', ()
       hostedBy: ['https://a.example', 'https://c.example']
     })
 
-    expect(calls.sort()).toEqual([
+    expect(calls.sort((a, b) => a.localeCompare(b))).toEqual([
       'https://a.example/renew',
       'https://c.example/renew'
     ])

package/src/transaction/BdkVerifierInterface.ts

@@ -0,0 +1,22 @@
+import type Transaction from './Transaction.js'
+
+/**
+ * A pluggable backend that verifies ALL input scripts of a single transaction.
+ *
+ * Implementations (e.g. @bsv/verifast's BdkVerifier) typically delegate to a
+ * native/WASM engine. The backend operates at whole-transaction granularity,
+ * not per input.
+ */
+export default interface BdkVerifierInterface {
+  /**
+   * Verify all input scripts of `params.tx`.
+   * @returns Promise resolving true if every input script is valid, false otherwise.
+   * @throws If the backend itself fails (load error, marshalling error, unavailable).
+   */
+  verifyScripts: (params: {
+    tx: Transaction
+    blockHeight: number
+    consensus: boolean
+    verifyFlags?: string | string[]
+  }) => Promise<boolean>
+}

package/src/transaction/Transaction.ts

@@ -18,6 +18,10 @@ import P2PKH from '../script/templates/P2PKH.js'
 import type { WalletInterface, DescriptionString5to50Bytes, CreateActionOptions } from '../wallet/Wallet.interfaces.js'
 import TransactionSignature from '../primitives/TransactionSignature.js'
 import Random from '../primitives/Random.js'
+import type BdkVerifierInterface from './BdkVerifierInterface.js'
+
+/** Post-Chronicle height used when an input's source UTXO mined-height is unobtainable. */
+const POST_CHRONICLE_HEIGHT_FALLBACK = 943816
 
 /**
  * Represents a complete Bitcoin transaction. This class encapsulates all the details
@@ -833,7 +837,8 @@ export default class Transaction {
   async verify (
     chainTracker: ChainTracker | 'scripts only' = defaultChainTracker(),
     feeModel?: FeeModel,
-    memoryLimit?: number
+    memoryLimit?: number,
+    verifier?: BdkVerifierInterface
   ): Promise<boolean> {
     const verifiedTxids = new Set<string>()
     const txQueue: Transaction[] = [this]
@@ -910,23 +915,41 @@ export default class Transaction {
         const otherInputs = tx.inputs.filter((_, idx) => idx !== i)
         input.sourceTXID ??= sourceTxid
 
-        const spend = new Spend({
-          sourceTXID: input.sourceTXID,
-          sourceOutputIndex: input.sourceOutputIndex,
-          lockingScript: sourceOutput.lockingScript,
-          sourceSatoshis: sourceOutput.satoshis ?? 0,
-          transactionVersion: tx.version,
-          otherInputs,
-          unlockingScript: input.unlockingScript,
-          inputSequence: input.sequence ?? 0xffffffff, // default to max sequence
-          inputIndex: i,
-          outputs: tx.outputs,
-          lockTime: tx.lockTime,
-          memoryLimit
-        })
-        const spendValid = spend.validate()
+        if (verifier === undefined) {
+          const spend = new Spend({
+            sourceTXID: input.sourceTXID,
+            sourceOutputIndex: input.sourceOutputIndex,
+            lockingScript: sourceOutput.lockingScript,
+            sourceSatoshis: sourceOutput.satoshis ?? 0,
+            transactionVersion: tx.version,
+            otherInputs,
+            unlockingScript: input.unlockingScript,
+            inputSequence: input.sequence ?? 0xffffffff, // default to max sequence
+            inputIndex: i,
+            outputs: tx.outputs,
+            lockTime: tx.lockTime,
+            memoryLimit
+          })
+          const spendValid = spend.validate()
+
+          if (!spendValid) {
+            return false
+          }
+        }
+      }
 
-        if (!spendValid) {
+      // When a pluggable verifier is configured, hand the whole transaction to it
+      // once (BDK operates at whole-tx granularity). Strict: its verdict is
+      // authoritative and any thrown error propagates (no JS fallback).
+      if (verifier !== undefined) {
+        // A tx reaching here has no merkle proof (mined txs short-circuit above),
+        // so its source UTXO mined-height is unobtainable -> post-Chronicle fallback.
+        const scriptsValid = await verifier.verifyScripts({
+          tx,
+          blockHeight: POST_CHRONICLE_HEIGHT_FALLBACK,
+          consensus: true
+        })
+        if (!scriptsValid) {
           return false
         }
       }