@buildonspark/spark-sdk 0.1.46 → 0.2.0

package/src/proto/spark_token.ts

@@ -332,7 +332,16 @@ export interface TokenTransactionConfirmationMetadata {
 export interface TokenTransactionWithStatus {
   tokenTransaction: TokenTransaction | undefined;
   status: TokenTransactionStatus;
-  confirmationMetadata: TokenTransactionConfirmationMetadata | undefined;
+  confirmationMetadata:
+    | TokenTransactionConfirmationMetadata
+    | undefined;
+  /**
+   * In rare cases the above reconstructed token transaction may not match the original token transaction due to:
+   * a) a pre-empted transfer transaction having its input TTXOs remapped to the newer transaction
+   * b) proto migrations or field deprecations resulting in missing/swapped fields (eg. token public key -> token identifier)
+   * Include the original hash to ensure clients can reconcile this transaction with the original if needed.
+   */
+  tokenTransactionHash: Uint8Array;
 }
 
 function createBaseTokenOutputToSpend(): TokenOutputToSpend {
@@ -2674,7 +2683,12 @@ export const TokenTransactionConfirmationMetadata: MessageFns<TokenTransactionCo
 };
 
 function createBaseTokenTransactionWithStatus(): TokenTransactionWithStatus {
-  return { tokenTransaction: undefined, status: 0, confirmationMetadata: undefined };
+  return {
+    tokenTransaction: undefined,
+    status: 0,
+    confirmationMetadata: undefined,
+    tokenTransactionHash: new Uint8Array(0),
+  };
 }
 
 export const TokenTransactionWithStatus: MessageFns<TokenTransactionWithStatus> = {
@@ -2688,6 +2702,9 @@ export const TokenTransactionWithStatus: MessageFns<TokenTransactionWithStatus>
     if (message.confirmationMetadata !== undefined) {
       TokenTransactionConfirmationMetadata.encode(message.confirmationMetadata, writer.uint32(26).fork()).join();
     }
+    if (message.tokenTransactionHash.length !== 0) {
+      writer.uint32(34).bytes(message.tokenTransactionHash);
+    }
     return writer;
   },
 
@@ -2722,6 +2739,14 @@ export const TokenTransactionWithStatus: MessageFns<TokenTransactionWithStatus>
           message.confirmationMetadata = TokenTransactionConfirmationMetadata.decode(reader, reader.uint32());
           continue;
         }
+        case 4: {
+          if (tag !== 34) {
+            break;
+          }
+
+          message.tokenTransactionHash = reader.bytes();
+          continue;
+        }
       }
       if ((tag & 7) === 4 || tag === 0) {
         break;
@@ -2738,6 +2763,9 @@ export const TokenTransactionWithStatus: MessageFns<TokenTransactionWithStatus>
       confirmationMetadata: isSet(object.confirmationMetadata)
         ? TokenTransactionConfirmationMetadata.fromJSON(object.confirmationMetadata)
         : undefined,
+      tokenTransactionHash: isSet(object.tokenTransactionHash)
+        ? bytesFromBase64(object.tokenTransactionHash)
+        : new Uint8Array(0),
     };
   },
 
@@ -2752,6 +2780,9 @@ export const TokenTransactionWithStatus: MessageFns<TokenTransactionWithStatus>
     if (message.confirmationMetadata !== undefined) {
       obj.confirmationMetadata = TokenTransactionConfirmationMetadata.toJSON(message.confirmationMetadata);
     }
+    if (message.tokenTransactionHash.length !== 0) {
+      obj.tokenTransactionHash = base64FromBytes(message.tokenTransactionHash);
+    }
     return obj;
   },
 
@@ -2767,6 +2798,7 @@ export const TokenTransactionWithStatus: MessageFns<TokenTransactionWithStatus>
     message.confirmationMetadata = (object.confirmationMetadata !== undefined && object.confirmationMetadata !== null)
       ? TokenTransactionConfirmationMetadata.fromPartial(object.confirmationMetadata)
       : undefined;
+    message.tokenTransactionHash = object.tokenTransactionHash ?? new Uint8Array(0);
     return message;
   },
 };

package/src/services/config.ts

@@ -8,9 +8,7 @@ import { DefaultSparkSigner, SparkSigner } from "../signer/signer.js";
 import { Network, NetworkToProto, NetworkType } from "../utils/network.js";
 import {
   ConfigOptions,
-  LOCAL_WALLET_CONFIG,
-  MAINNET_WALLET_CONFIG,
-  REGTEST_WALLET_CONFIG,
+  WalletConfig,
   SigningOperator,
 } from "./wallet-config.js";
 import { ConfigurationError } from "../errors/types.js";
@@ -39,11 +37,11 @@ export class WalletConfigService
   private getDefaultConfig(network: Network): Required<ConfigOptions> {
     switch (network) {
       case Network.MAINNET:
-        return MAINNET_WALLET_CONFIG;
+        return WalletConfig.MAINNET;
       case Network.REGTEST:
-        return REGTEST_WALLET_CONFIG;
+        return WalletConfig.REGTEST;
       default:
-        return LOCAL_WALLET_CONFIG;
+        return WalletConfig.LOCAL;
     }
   }
 

package/src/services/connection.ts

@@ -1,4 +1,4 @@
-import { isNode } from "@lightsparkdev/core";
+import { isError, isNode } from "@lightsparkdev/core";
 import { sha256 } from "@noble/hashes/sha2";
 import type { Channel, ClientFactory } from "nice-grpc";
 import { retryMiddleware } from "nice-grpc-client-middleware-retry";
@@ -23,6 +23,10 @@ import {
   SparkTokenServiceDefinition,
 } from "../proto/spark_token.js";
 
+type SparkAuthnServiceClientWithClose = SparkAuthnServiceClient & {
+  close?: () => void;
+};
+
 export class ConnectionManager {
   private config: WalletConfigService;
   private clients: Map<
@@ -52,6 +56,9 @@ export class ConnectionManager {
     }
   > = new Map();
 
+  // Tracks in-flight authenticate() promises so concurrent callers share one
+  private authPromises: Map<string, Promise<string>> = new Map();
+
   constructor(config: WalletConfigService) {
     this.config = config;
   }
@@ -231,57 +238,105 @@ export class ConnectionManager {
   }
 
   private async authenticate(address: string, certPath?: string) {
-    try {
-      const identityPublicKey = await this.config.signer.getIdentityPublicKey();
-      const sparkAuthnClient = await this.createSparkAuthnGrpcConnection(
-        address,
-        certPath,
-      );
+    const existing = this.authPromises.get(address);
+    if (existing) {
+      return existing;
+    }
+
+    const authPromise = (async () => {
+      const MAX_ATTEMPTS = 3;
+      let lastError: Error | undefined;
+
+      /* React Native can cause some outgoing requests to be paused which can result
+         in challenges expiring, so we'll retry any authentication failures: */
+      for (let attempt = 0; attempt < MAX_ATTEMPTS; attempt++) {
+        let sparkAuthnClient: SparkAuthnServiceClientWithClose | undefined;
+        try {
+          const identityPublicKey =
+            await this.config.signer.getIdentityPublicKey();
+          sparkAuthnClient = await this.createSparkAuthnGrpcConnection(
+            address,
+            certPath,
+          );
 
-      const challengeResp = await sparkAuthnClient.get_challenge({
-        publicKey: identityPublicKey,
-      });
+          const challengeResp = await sparkAuthnClient.get_challenge({
+            publicKey: identityPublicKey,
+          });
 
-      if (!challengeResp.protectedChallenge?.challenge) {
-        throw new AuthenticationError("Invalid challenge response", {
-          endpoint: "get_challenge",
-          reason: "Missing challenge in response",
-        });
-      }
+          if (!challengeResp.protectedChallenge?.challenge) {
+            throw new AuthenticationError("Invalid challenge response", {
+              endpoint: "get_challenge",
+              reason: "Missing challenge in response",
+            });
+          }
 
-      const challengeBytes = Challenge.encode(
-        challengeResp.protectedChallenge.challenge,
-      ).finish();
-      const hash = sha256(challengeBytes);
+          const challengeBytes = Challenge.encode(
+            challengeResp.protectedChallenge.challenge,
+          ).finish();
+          const hash = sha256(challengeBytes);
 
-      const derSignatureBytes =
-        await this.config.signer.signMessageWithIdentityKey(hash);
+          const derSignatureBytes =
+            await this.config.signer.signMessageWithIdentityKey(hash);
 
-      const verifyResp = await sparkAuthnClient.verify_challenge({
-        protectedChallenge: challengeResp.protectedChallenge,
-        signature: derSignatureBytes,
-        publicKey: identityPublicKey,
-      });
+          const verifyResp = await sparkAuthnClient.verify_challenge({
+            protectedChallenge: challengeResp.protectedChallenge,
+            signature: derSignatureBytes,
+            publicKey: identityPublicKey,
+          });
+
+          sparkAuthnClient.close?.();
+          return verifyResp.sessionToken;
+        } catch (error: unknown) {
+          if (isError(error)) {
+            sparkAuthnClient?.close?.();
+
+            if (error.message.includes("challenge expired")) {
+              console.warn(
+                `Authentication attempt ${attempt + 1} failed due to expired challenge, retrying...`,
+              );
+              lastError = error;
+              continue;
+            }
+
+            throw new AuthenticationError(
+              "Authentication failed",
+              {
+                endpoint: "authenticate",
+                reason: error.message,
+              },
+              error,
+            );
+          } else {
+            lastError = new Error(
+              `Unknown error during authentication: ${String(error)}`,
+            );
+          }
+        }
+      }
 
-      sparkAuthnClient.close?.();
-      return verifyResp.sessionToken;
-    } catch (error: any) {
-      console.error("Authentication error:", error);
       throw new AuthenticationError(
-        "Authentication failed",
+        "Authentication failed after retrying expired challenges",
         {
           endpoint: "authenticate",
-          reason: error.message,
+          reason: lastError?.message ?? "Unknown error",
         },
-        error,
+        lastError,
       );
+    })();
+
+    this.authPromises.set(address, authPromise);
+
+    try {
+      return await authPromise;
+    } finally {
+      this.authPromises.delete(address);
     }
   }
 
   private async createSparkAuthnGrpcConnection(
     address: string,
     certPath?: string,
-  ): Promise<SparkAuthnServiceClient & { close?: () => void }> {
+  ): Promise<SparkAuthnServiceClientWithClose> {
     const channel = await this.createChannelWithTLS(address, certPath);
     const authnMiddleware = this.createAuthnMiddleware();
     return this.createGrpcClient<SparkAuthnServiceClient>(
@@ -335,6 +390,32 @@ export class ConnectionManager {
     }
   }
 
+  private async *handleMiddlewareError(
+    error: unknown,
+    address: string,
+    call: ClientMiddlewareCall<any, any>,
+    metadata: Metadata,
+    options: SparkCallOptions,
+  ) {
+    if (isError(error)) {
+      if (error.message.includes("token has expired")) {
+        const newAuthToken = await this.authenticate(address);
+        const clientData = this.clients.get(address);
+        if (!clientData) {
+          throw new Error(`No client found for address: ${address}`);
+        }
+        clientData.authToken = newAuthToken;
+
+        return yield* call.next(call.request, {
+          ...options,
+          metadata: metadata.set("Authorization", `Bearer ${newAuthToken}`),
+        });
+      }
+    }
+
+    throw error;
+  }
+
   private createNodeMiddleware(address: string, initialAuthToken: string) {
     return async function* (
       this: ConnectionManager,
@@ -353,21 +434,14 @@ export class ConnectionManager {
             `Bearer ${this.clients.get(address)?.authToken || initialAuthToken}`,
           ),
         });
-      } catch (error: any) {
-        if (error.message?.includes("token has expired")) {
-          const newAuthToken = await this.authenticate(address);
-          const clientData = this.clients.get(address);
-          if (!clientData) {
-            throw new Error(`No client found for address: ${address}`);
-          }
-          clientData.authToken = newAuthToken;
-
-          return yield* call.next(call.request, {
-            ...options,
-            metadata: metadata.set("Authorization", `Bearer ${newAuthToken}`),
-          });
-        }
-        throw error;
+      } catch (error: unknown) {
+        return yield* this.handleMiddlewareError(
+          error,
+          address,
+          call,
+          metadata,
+          options,
+        );
       }
     }.bind(this);
   }
@@ -393,20 +467,13 @@ export class ConnectionManager {
           ),
         });
       } catch (error: any) {
-        if (error.message?.includes("token has expired")) {
-          const newAuthToken = await this.authenticate(address);
-          const clientData = this.clients.get(address);
-          if (!clientData) {
-            throw new Error(`No client found for address: ${address}`);
-          }
-          clientData.authToken = newAuthToken;
-
-          return yield* call.next(call.request, {
-            ...options,
-            metadata: metadata.set("Authorization", `Bearer ${newAuthToken}`),
-          });
-        }
-        throw error;
+        return yield* this.handleMiddlewareError(
+          error,
+          address,
+          call,
+          metadata,
+          options,
+        );
       }
     }.bind(this);
   }

package/src/services/coop-exit.ts

@@ -16,8 +16,8 @@ import { getNextTransactionSequence } from "../utils/transaction.js";
 import { WalletConfigService } from "./config.js";
 import { ConnectionManager } from "./connection.js";
 import { SigningService } from "./signing.js";
-import { BaseTransferService, LeafRefundSigningData } from "./transfer.js";
 import type { LeafKeyTweak } from "./transfer.js";
+import { BaseTransferService, LeafRefundSigningData } from "./transfer.js";
 
 export type GetConnectorRefundSignaturesParams = {
   leaves: LeafKeyTweak[];
@@ -50,6 +50,7 @@ export class CoopExitService extends BaseTransferService {
       connectorOutputs,
       receiverPubKey,
     );
+
     const transferTweak = await this.deliverTransferPackage(
       transfer,
       leaves,
@@ -152,7 +153,9 @@ export class CoopExitService extends BaseTransferService {
       const signingJob: LeafRefundTxSigningJob = {
         leafId: leaf.leaf.id,
         refundTxSigningJob: {
-          signingPublicKey: leaf.signingPubKey,
+          signingPublicKey: await this.config.signer.getPublicKeyFromDerivation(
+            leaf.keyDerivation,
+          ),
           rawTx: refundTx.toBytes(),
           signingNonceCommitment: signingNonceCommitment,
         },
@@ -164,7 +167,7 @@ export class CoopExitService extends BaseTransferService {
       signingJobs.push(signingJob);
       const tx = getTxFromRawTxBytes(leaf.leaf.nodeTx);
       leafDataMap.set(leaf.leaf.id, {
-        signingPubKey: leaf.signingPubKey,
+        keyDerivation: leaf.keyDerivation,
         refundTx,
         signingNonceCommitment,
         tx,

package/src/services/deposit.ts

@@ -12,6 +12,7 @@ import {
   GenerateDepositAddressResponse,
   StartDepositTreeCreationResponse,
 } from "../proto/spark.js";
+import { KeyDerivation } from "../signer/types.js";
 import {
   getP2TRAddressFromPublicKey,
   getSigHashFromTx,
@@ -20,10 +21,7 @@ import {
 import { subtractPublicKeys } from "../utils/keys.js";
 import { getNetwork } from "../utils/network.js";
 import { proofOfPossessionMessageHashForDepositAddress } from "../utils/proof.js";
-import {
-  DEFAULT_FEE_SATS,
-  getEphemeralAnchorOutput,
-} from "../utils/transaction.js";
+import { getEphemeralAnchorOutput } from "../utils/transaction.js";
 import { WalletConfigService } from "./config.js";
 import { ConnectionManager } from "./connection.js";
 
@@ -39,7 +37,7 @@ export type GenerateDepositAddressParams = {
 };
 
 export type CreateTreeRootParams = {
-  signingPubKey: Uint8Array;
+  keyDerivation: KeyDerivation;
   verifyingKey: Uint8Array;
   depositTx: Transaction;
   vout: number;
@@ -182,7 +180,7 @@ export class DepositService {
   }
 
   async createTreeRoot({
-    signingPubKey,
+    keyDerivation,
     verifyingKey,
     depositTx,
     vout,
@@ -242,6 +240,9 @@ export class DepositService {
       sequence,
     });
 
+    const signingPubKey =
+      await this.config.signer.getPublicKeyFromDerivation(keyDerivation);
+
     const refundP2trAddress = getP2TRAddressFromPublicKey(
       signingPubKey,
       this.config.getNetwork(),
@@ -346,7 +347,7 @@ export class DepositService {
     const rootSignature = await this.config.signer.signFrost({
       message: rootTxSighash,
       publicKey: signingPubKey,
-      privateAsPubKey: signingPubKey,
+      keyDerivation,
       verifyingKey,
       selfCommitment: rootNonceCommitment,
       statechainCommitments:
@@ -358,7 +359,7 @@ export class DepositService {
     const refundSignature = await this.config.signer.signFrost({
       message: refundTxSighash,
       publicKey: signingPubKey,
-      privateAsPubKey: signingPubKey,
+      keyDerivation,
       verifyingKey,
       selfCommitment: refundNonceCommitment,
       statechainCommitments:

package/src/services/lightning.ts

@@ -25,8 +25,6 @@ import { SigningService } from "./signing.js";
 import type { LeafKeyTweak } from "./transfer.js";
 import { decodeInvoice } from "./bolt11-spark.js";
 
-const crypto = getCrypto();
-
 export type CreateLightningInvoiceParams = {
   invoiceCreator: (
     amountSats: number,
@@ -76,6 +74,7 @@ export class LightningService {
     receiverIdentityPubkey,
     descriptionHash,
   }: CreateLightningInvoiceParams): Promise<LightningReceiveRequest> {
+    const crypto = getCrypto();
     const randBytes = crypto.getRandomValues(new Uint8Array(32));
     const preimage = numberToBytesBE(
       bytesToNumberBE(randBytes) % secp256k1.CURVE.n,
@@ -237,7 +236,9 @@ export class LightningService {
         );
       }
 
-      amountSats = isZeroAmountInvoice ? amountSatsToSend! : amountMsats / 1000;
+      amountSats = isZeroAmountInvoice
+        ? amountSatsToSend!
+        : Math.ceil(amountMsats / 1000);
 
       if (isNaN(amountSats) || amountSats <= 0) {
         throw new ValidationError("Invalid amount", {

package/src/services/signing.ts

@@ -1,12 +1,10 @@
-import { TransactionInput } from "@scure/btc-signer/psbt";
 import { hexToBytes } from "@noble/curves/abstract/utils";
+import { TransactionInput } from "@scure/btc-signer/psbt";
 import { ValidationError } from "../errors/types.js";
 import {
   RequestedSigningCommitments,
   UserSignedTxSigningJob,
 } from "../proto/spark.js";
-import type { LeafKeyTweak } from "./transfer.js";
-import { WalletConfigService } from "./config.js";
 import {
   getSigHashFromTx,
   getTxFromRawTxBytes,
@@ -16,6 +14,8 @@ import {
   createRefundTx,
   getNextTransactionSequence,
 } from "../utils/transaction.js";
+import { WalletConfigService } from "./config.js";
+import type { LeafKeyTweak } from "./transfer.js";
 
 export class SigningService {
   private readonly config: WalletConfigService;
@@ -83,8 +83,10 @@ export class SigningService {
       }
       const signingResult = await this.config.signer.signFrost({
         message: sighash,
-        publicKey: leaf.signingPubKey,
-        privateAsPubKey: leaf.signingPubKey,
+        keyDerivation: leaf.keyDerivation,
+        publicKey: await this.config.signer.getPublicKeyFromDerivation(
+          leaf.keyDerivation,
+        ),
         selfCommitment: signingCommitment,
         statechainCommitments: signingNonceCommitments,
         adaptorPubKey: new Uint8Array(),
@@ -93,7 +95,9 @@ export class SigningService {
 
       leafSigningJobs.push({
         leafId: leaf.leaf.id,
-        signingPublicKey: leaf.signingPubKey,
+        signingPublicKey: await this.config.signer.getPublicKeyFromDerivation(
+          leaf.keyDerivation,
+        ),
         rawTx: refundTx.toBytes(),
         signingNonceCommitment: signingCommitment,
         userSignature: signingResult,