@bsv/wallet-toolbox 1.2.27 → 1.2.30

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bsv/wallet-toolbox",
-  "version": "1.2.27",
+  "version": "1.2.30",
   "description": "BRC100 conforming wallet, wallet storage and wallet signer components",
   "main": "./out/src/index.js",
   "types": "./out/src/index.d.ts",
@@ -30,9 +30,9 @@
   },
   "homepage": "https://github.com/bitcoin-sv/wallet-toolbox#readme",
   "dependencies": {
-    "@bsv/auth-express-middleware": "^1.0.13",
-    "@bsv/payment-express-middleware": "^1.0.3",
-    "@bsv/sdk": "^1.4.9",
+    "@bsv/auth-express-middleware": "^1.1.2",
+    "@bsv/payment-express-middleware": "^1.0.4",
+    "@bsv/sdk": "^1.4.12",
     "express": "^4.21.2",
     "knex": "^3.1.0",
     "mysql2": "^3.12.0",

package/src/WalletPermissionsManager.ts

@@ -1,4 +1,4 @@
-import { WalletInterface, Utils, PushDrop, LockingScript, Transaction } from '@bsv/sdk'
+import { WalletInterface, Utils, PushDrop, LockingScript, Transaction, WalletProtocol, Base64String } from '@bsv/sdk'
 import { validateCreateActionArgs } from './sdk'
 
 ////// TODO: ADD SUPPORT FOR ADMIN COUNTERPARTIES BASED ON WALLET STORAGE
@@ -23,7 +23,7 @@ export interface PermissionRequest {
   type: 'protocol' | 'basket' | 'certificate' | 'spending'
   originator: string // The domain or FQDN of the requesting application
   privileged?: boolean // For "protocol" or "certificate" usage, indicating privileged key usage
-  protocolID?: [0 | 1 | 2, string] // For type='protocol': BRC-43 style (securityLevel, protocolName)
+  protocolID?: WalletProtocol // For type='protocol': BRC-43 style (securityLevel, protocolName)
   counterparty?: string // For type='protocol': e.g. target public key or "self"/"anyone"
 
   basket?: string // For type='basket': the basket name being requested
@@ -509,7 +509,7 @@ export class WalletPermissionsManager implements WalletInterface {
   }: {
     originator: string
     privileged: boolean
-    protocolID: [0 | 1 | 2, string]
+    protocolID: WalletProtocol
     counterparty: string
     reason?: string
     seekPermission?: boolean
@@ -939,7 +939,7 @@ export class WalletPermissionsManager implements WalletInterface {
    * @param plaintext The metadata to encrypt if configured to do so
    * @returns The encrypted metadata, or the original value if encryption was disabled.
    */
-  private async maybeEncryptMetadata(plaintext: string): Promise<string> {
+  private async maybeEncryptMetadata(plaintext: string): Promise<Base64String> {
     if (!this.config.encryptWalletMetadata) {
       return plaintext
     }
@@ -951,7 +951,7 @@ export class WalletPermissionsManager implements WalletInterface {
       },
       this.adminOriginator
     )
-    return Utils.toUTF8(ciphertext) // Still a string, but scrambled.
+    return Utils.toBase64(ciphertext)
   }
 
   /**
@@ -959,11 +959,11 @@ export class WalletPermissionsManager implements WalletInterface {
    * @param ciphertext The metadata to attempt decryption for.
    * @returns The decrypted metadata. If decryption fails, returns the original value instead.
    */
-  private async maybeDecryptMetadata(ciphertext: string): Promise<string> {
+  private async maybeDecryptMetadata(ciphertext: Base64String): Promise<string> {
     try {
       const { plaintext } = await this.underlying.decrypt(
         {
-          ciphertext: Utils.toArray(ciphertext, 'utf8'),
+          ciphertext: Utils.toArray(ciphertext, 'base64'),
           protocolID: WalletPermissionsManager.METADATA_ENCRYPTION_PROTOCOL,
           keyID: '1'
         },
@@ -985,7 +985,7 @@ export class WalletPermissionsManager implements WalletInterface {
   private async findProtocolToken(
     originator: string,
     privileged: boolean,
-    protocolID: [0 | 1 | 2, string],
+    protocolID: WalletProtocol,
     counterparty: string,
     includeExpired: boolean
   ): Promise<PermissionToken | undefined> {
@@ -1489,7 +1489,7 @@ export class WalletPermissionsManager implements WalletInterface {
   public async hasProtocolPermission(params: {
     originator: string
     privileged: boolean
-    protocolID: [0 | 1 | 2, string]
+    protocolID: WalletProtocol
     counterparty: string
   }): Promise<boolean> {
     try {
@@ -2369,7 +2369,7 @@ export class WalletPermissionsManager implements WalletInterface {
    *
    * If it violates these rules and the caller is not admin, we consider it "admin-only."
    */
-  private isAdminProtocol(proto: [0 | 1 | 2, string]): boolean {
+  private isAdminProtocol(proto: WalletProtocol): boolean {
     const protocolName = proto[1]
     if (protocolName.startsWith('admin') || protocolName.startsWith('p ')) {
       return true

package/src/WalletSettingsManager.ts

@@ -47,7 +47,7 @@ export const DEFAULT_SETTINGS = {
         name: 'Babbage Trust Services',
         description: 'Resolves identity information for Babbage-run APIs and Bitcoin infrastructure.',
         iconUrl: 'https://projectbabbage.com/favicon.ico',
-        identityKey: '028703956178067ea7ca405111f1ca698290a0112a3d7cf3d843e195bf58a7cfa6',
+        identityKey: '03daf815fe38f83da0ad83b5bedc520aa488aef5cbc93a93c67a7fe60406cbffe8',
         trust: 4
       },
       {
@@ -62,7 +62,7 @@ export const DEFAULT_SETTINGS = {
         description: 'Certifies social media handles, phone numbers and emails',
         iconUrl: 'https://socialcert.net/favicon.ico',
         trust: 3,
-        identityKey: '03285263f06139b66fb27f51cf8a92e9dd007c4c4b83876ad6c3e7028db450a4c2'
+        identityKey: '02cf6cdf466951d8dfc9e7c9367511d0007ed6fba35ed42d425cc412fd6cfd4a17'
       }
     ]
   },
@@ -107,10 +107,10 @@ export class WalletSettingsManager {
    */
   async get(): Promise<WalletSettings> {
     // List outputs in the 'wallet-settings' basket
+    // There should only be one settings token
     const results = await this.wallet.listOutputs({
       basket: SETTINGS_BASKET,
-      include: 'locking scripts',
-      limit: 1 // There should only be one settings token
+      include: 'locking scripts'
     })
 
     // Return defaults if no settings token is found
@@ -118,7 +118,9 @@ export class WalletSettingsManager {
       return this.config.defaultSettings
     }
 
-    const { fields } = PushDrop.decode(LockingScript.fromHex(results.outputs[0].lockingScript!))
+    const { fields } = PushDrop.decode(
+      LockingScript.fromHex(results.outputs[results.outputs.length - 1].lockingScript!)
+    )
     // Parse and return settings token
     return JSON.parse(Utils.toUTF8(fields[0]))
   }
@@ -164,15 +166,12 @@ export class WalletSettingsManager {
     // 1. List the existing token UTXO(s) for the settings basket.
     const existingUtxos = await this.wallet.listOutputs({
       basket: SETTINGS_BASKET,
-      include: 'entire transactions',
-      limit: 1
+      include: 'entire transactions'
     })
 
     // This is the "create a new token" path — no signAction, just a new locking script.
     if (!existingUtxos.outputs.length) {
       if (!newLockingScript) {
-        // The intention was to clear the token, but no tokn was found to clear.
-        // Thus, we are done.
         return true
       }
       await this.wallet.createAction({
@@ -186,14 +185,15 @@ export class WalletSettingsManager {
           }
         ],
         options: {
-          randomizeOutputs: false
+          randomizeOutputs: false,
+          acceptDelayedBroadcast: false
         }
       })
       return true
     }
 
     // 2. Prepare the token UTXO for consumption.
-    const tokenOutput = existingUtxos.outputs[0]
+    const tokenOutput = existingUtxos.outputs[existingUtxos.outputs.length - 1]
     const inputToConsume: CreateActionInput = {
       outpoint: tokenOutput.outpoint,
       unlockingScriptLength: 73,
@@ -219,7 +219,8 @@ export class WalletSettingsManager {
       inputs: [inputToConsume], // input index 0
       outputs,
       options: {
-        randomizeOutputs: false
+        randomizeOutputs: false,
+        acceptDelayedBroadcast: false
       }
     })
     const tx = Transaction.fromBEEF(signableTransaction!.tx)

package/src/__tests/WalletPermissionsManager.encryption.test.ts

@@ -1,6 +1,7 @@
 import { mockUnderlyingWallet, MockedBSV_SDK } from './WalletPermissionsManager.fixtures'
 import { WalletPermissionsManager } from '../WalletPermissionsManager'
 import { jest } from '@jest/globals'
+import { Utils } from '@bsv/sdk'
 
 jest.mock('@bsv/sdk', () => MockedBSV_SDK)
 
@@ -62,7 +63,7 @@ describe('WalletPermissionsManager - Metadata Encryption & Decryption', () => {
         plaintext: [72, 105] // 'Hi'
       })
 
-      const ciphertext = 'random-string-representing-ciphertext'
+      const ciphertext = Utils.toBase64(Utils.toArray('random-string-representing-ciphertext'))
       const result = await manager['maybeDecryptMetadata'](ciphertext)
 
       // We expect underlying.decrypt() to have been called
@@ -153,19 +154,19 @@ describe('WalletPermissionsManager - Metadata Encryption & Decryption', () => {
         totalActions: 1,
         actions: [
           {
-            description: 'fake-encrypted-string-for-description',
+            description: Utils.toBase64(Utils.toArray('fake-encrypted-string-for-description')),
             inputs: [
               {
                 outpoint: 'txid1.0',
-                inputDescription: 'fake-encrypted-string-for-inputDesc'
+                inputDescription: Utils.toBase64(Utils.toArray('fake-encrypted-string-for-inputDesc'))
               }
             ],
             outputs: [
               {
                 lockingScript: 'OP_RETURN 1234',
                 satoshis: 500,
-                outputDescription: 'fake-encrypted-string-for-outputDesc',
-                customInstructions: 'fake-encrypted-string-for-customInstr'
+                outputDescription: Utils.toBase64(Utils.toArray('fake-encrypted-string-for-outputDesc')),
+                customInstructions: Utils.toBase64(Utils.toArray('fake-encrypted-string-for-customInstr'))
               }
             ]
           }
@@ -268,7 +269,7 @@ describe('WalletPermissionsManager - Metadata Encryption & Decryption', () => {
       // To simulate, we make decryption pass through.
       underlying.decrypt.mockImplementation(x => x)
       const listResult = await (manager as any).listActions({}, 'nonadmin.com')
-      expect(underlying.decrypt).toHaveBeenCalledTimes(4)
+      expect(underlying.decrypt).toHaveBeenCalledTimes(3)
 
       // Confirm the returned data is the same as originally provided (plaintext)
       const [first] = listResult.actions
@@ -297,7 +298,7 @@ describe('WalletPermissionsManager - Metadata Encryption & Decryption', () => {
             satoshis: 999,
             lockingScript: 'OP_RETURN something',
             basket: 'some-basket',
-            customInstructions: 'fake-encrypted-instructions-string'
+            customInstructions: Utils.toBase64(Utils.toArray('fake-encrypted-instructions-string'))
           }
         ]
       })

package/src/__tests/WalletPermissionsManager.fixtures.ts

@@ -153,6 +153,12 @@ export const MockUtils = {
   toUTF8: (arr: number[]) => {
     // Converts an array of numbers to a UTF-8 string.
     return String.fromCharCode(...arr)
+  },
+
+  toBase64: (arr: number[]) => {
+    // Converts an array of numbers to a Base64 string.
+    const binaryStr = String.fromCharCode(...arr)
+    return btoa(binaryStr)
   }
 }
 

package/test/Wallet/local/localWallet2.man.test.ts

@@ -1,5 +1,5 @@
-import { EntitySyncState, sdk, Services, Setup, StorageKnex } from '../../../src'
-import { _tu } from '../../utils/TestUtilsWalletStorage'
+import { EntitySyncState, sdk, Services, Setup, StorageKnex, TableOutput, TableUser } from '../../../src'
+import { _tu, TuEnv } from '../../utils/TestUtilsWalletStorage'
 import { specOpInvalidChange, ValidListOutputsArgs, WERR_REVIEW_ACTIONS } from '../../../src/sdk'
 import {
   burnOneSatTestOutput,
@@ -12,6 +12,7 @@ import {
 import { abort } from 'process'
 
 import * as dotenv from 'dotenv'
+import { WalletOutput } from '@bsv/sdk'
 dotenv.config()
 
 const chain: sdk.Chain = 'main'
@@ -97,44 +98,73 @@ describe('localWallet2 tests', () => {
     await setup.wallet.destroy()
   })
 
-  test('5 cleanup change for userId', async () => {
-    const env = _tu.getEnv('main')
-    const knex = Setup.createMySQLKnex(process.env.MAIN_CLOUD_MYSQL_CONNECTION!)
-    const storage = new StorageKnex({
-      chain: env.chain,
-      knex: knex,
-      commissionSatoshis: 0,
-      commissionPubKeyHex: undefined,
-      feeModel: { model: 'sat/kb', value: 1 }
-    })
-    const servicesOptions = Services.createDefaultOptions(env.chain)
-    if (env.whatsonchainApiKey) servicesOptions.whatsOnChainApiKey = env.whatsonchainApiKey
-    storage.setServices(new Services(servicesOptions))
-    await storage.makeAvailable()
-    for (const userId of [76, 48, 166, 94, 110, 111, 81]) {
+  test('5 review and release all production invalid change utxos', async () => {
+    const { env, storage } = await createMainReviewSetup()
+    const users = await storage.findUsers({ partial: {} })
+    const withInvalid: Record<number, { user: TableUser; outputs: WalletOutput[]; total: number }> = {}
+    // [76, 48, 166, 94, 110, 111, 81]
+    const vargs: ValidListOutputsArgs = {
+      basket: specOpInvalidChange,
+      tags: [],
+      tagQueryMode: 'all',
+      includeLockingScripts: false,
+      includeTransactions: false,
+      includeCustomInstructions: false,
+      includeTags: false,
+      includeLabels: false,
+      limit: 0,
+      offset: 0,
+      seekPermission: false,
+      knownTxids: []
+    }
+    for (const user of users) {
+      const { userId } = user
       const auth = { userId, identityKey: '' }
-      const vargs: ValidListOutputsArgs = {
-        basket: specOpInvalidChange,
-        tags: [],
-        tagQueryMode: 'all',
-        includeLockingScripts: false,
-        includeTransactions: false,
-        includeCustomInstructions: false,
-        includeTags: false,
-        includeLabels: false,
-        limit: 0,
-        offset: 0,
-        seekPermission: false,
-        knownTxids: []
-      }
       let r = await storage.listOutputs(auth, vargs)
       if (r.totalOutputs > 0) {
-        console.log(`userId ${userId} releasing ${r.totalOutputs} unspendable utxos`)
-        r = await storage.listOutputs(auth, { ...vargs, tags: ['release'] })
-        r = await storage.listOutputs(auth, vargs)
+        const total: number = r.outputs.reduce((s, o) => (s += o.satoshis), 0)
+        console.log(`userId ${userId}: ${r.totalOutputs} unspendable utxos, total ${total}, ${user.identityKey}`)
+        withInvalid[userId] = { user, outputs: r.outputs, total }
+      }
+    }
+    if (Object.keys(withInvalid).length > 0) {
+      debugger
+      // Release invalids
+      for (const { user, outputs } of Object.values(withInvalid)) {
+        const { userId } = user
+        const auth = { userId, identityKey: '' }
+        await storage.listOutputs(auth, { ...vargs, tags: ['release'] })
+      }
+      // Verify
+      for (const { user, outputs } of Object.values(withInvalid)) {
+        const { userId } = user
+        const auth = { userId, identityKey: '' }
+        const r = await storage.listOutputs(auth, vargs)
+        expect(r.totalOutputs).toBe(0)
       }
-      expect(r.totalOutputs).toBe(0)
     }
     await storage.destroy()
   })
 })
+
+async function createMainReviewSetup(): Promise<{
+  env: TuEnv
+  storage: StorageKnex
+  services: Services
+}> {
+  const env = _tu.getEnv('main')
+  const knex = Setup.createMySQLKnex(process.env.MAIN_CLOUD_MYSQL_CONNECTION!)
+  const storage = new StorageKnex({
+    chain: env.chain,
+    knex: knex,
+    commissionSatoshis: 0,
+    commissionPubKeyHex: undefined,
+    feeModel: { model: 'sat/kb', value: 1 }
+  })
+  const servicesOptions = Services.createDefaultOptions(env.chain)
+  if (env.whatsonchainApiKey) servicesOptions.whatsOnChainApiKey = env.whatsonchainApiKey
+  const services = new Services(servicesOptions)
+  storage.setServices(services)
+  await storage.makeAvailable()
+  return { env, storage, services }
+}