@did-btcr2/method 0.27.0 → 0.29.0

package/dist/cjs/index.js

@@ -32,6 +32,7 @@ var index_exports = {};
 __export(index_exports, {
   AGGREGATED_NONCE: () => AGGREGATED_NONCE,
   AGGREGATION_MESSAGE_PREFIX: () => AGGREGATION_MESSAGE_PREFIX,
+  AGGREGATION_WIRE_VERSION: () => AGGREGATION_WIRE_VERSION,
   AUTHORIZATION_REQUEST: () => AUTHORIZATION_REQUEST,
   AggregateBeaconError: () => AggregateBeaconError,
   AggregationCohort: () => AggregationCohort,
@@ -58,6 +59,10 @@ __export(index_exports, {
   COHORT_OPT_IN: () => COHORT_OPT_IN,
   COHORT_OPT_IN_ACCEPT: () => COHORT_OPT_IN_ACCEPT,
   COHORT_READY: () => COHORT_READY,
+  CONSOLE_LOGGER: () => CONSOLE_LOGGER,
+  DEFAULT_ADVERT_REPEAT_INTERVAL_MS: () => DEFAULT_ADVERT_REPEAT_INTERVAL_MS,
+  DEFAULT_BROADCAST_LOOKBACK_MS: () => DEFAULT_BROADCAST_LOOKBACK_MS,
+  DEFAULT_MAX_UPDATE_SIZE_BYTES: () => DEFAULT_MAX_UPDATE_SIZE_BYTES,
   DEFAULT_NOSTR_RELAYS: () => DEFAULT_NOSTR_RELAYS,
   DID_REGEX: () => DID_REGEX,
   DISTRIBUTE_AGGREGATED_DATA: () => DISTRIBUTE_AGGREGATED_DATA,
@@ -75,6 +80,7 @@ __export(index_exports, {
   ParticipantCohortPhase: () => ParticipantCohortPhase,
   Resolver: () => Resolver,
   SIGNATURE_AUTHORIZATION: () => SIGNATURE_AUTHORIZATION,
+  SILENT_LOGGER: () => SILENT_LOGGER,
   SMTBeacon: () => SMTBeacon,
   SMTBeaconError: () => SMTBeaconError,
   SUBMIT_UPDATE: () => SUBMIT_UPDATE,
@@ -83,12 +89,14 @@ __export(index_exports, {
   SigningSessionPhase: () => SigningSessionPhase,
   SingletonBeacon: () => SingletonBeacon,
   SingletonBeaconError: () => SingletonBeaconError,
+  StaticFeeEstimator: () => StaticFeeEstimator,
   TransportAdapterError: () => TransportAdapterError,
   TransportError: () => TransportError,
   TransportFactory: () => TransportFactory,
   TypedEventEmitter: () => TypedEventEmitter,
-  Update: () => Update,
+  Updater: () => Updater,
   VALIDATION_ACK: () => VALIDATION_ACK,
+  buildAggregationBeaconTx: () => buildAggregationBeaconTx,
   createAggregatedNonceMessage: () => createAggregatedNonceMessage,
   createAuthorizationRequestMessage: () => createAuthorizationRequestMessage,
   createCohortAdvertMessage: () => createCohortAdvertMessage,
@@ -100,41 +108,114 @@ __export(index_exports, {
   createSignatureAuthorizationMessage: () => createSignatureAuthorizationMessage,
   createSubmitUpdateMessage: () => createSubmitUpdateMessage,
   createValidationAckMessage: () => createValidationAckMessage,
+  getBeaconStrategy: () => getBeaconStrategy,
+  isAggregatedNonceMessage: () => isAggregatedNonceMessage,
   isAggregationMessageType: () => isAggregationMessageType,
+  isAuthorizationRequestMessage: () => isAuthorizationRequestMessage,
+  isCohortAdvertMessage: () => isCohortAdvertMessage,
+  isCohortOptInAcceptMessage: () => isCohortOptInAcceptMessage,
+  isCohortOptInMessage: () => isCohortOptInMessage,
+  isCohortReadyMessage: () => isCohortReadyMessage,
+  isDistributeAggregatedDataMessage: () => isDistributeAggregatedDataMessage,
   isKeygenMessageType: () => isKeygenMessageType,
+  isNonceContributionMessage: () => isNonceContributionMessage,
   isSignMessageType: () => isSignMessageType,
-  isUpdateMessageType: () => isUpdateMessageType
+  isSignatureAuthorizationMessage: () => isSignatureAuthorizationMessage,
+  isSubmitUpdateMessage: () => isSubmitUpdateMessage,
+  isUpdateMessageType: () => isUpdateMessageType,
+  isValidationAckMessage: () => isValidationAckMessage,
+  opReturnScript: () => opReturnScript,
+  registerBeaconStrategy: () => registerBeaconStrategy
 });
 module.exports = __toCommonJS(index_exports);
 
 // src/core/aggregation/service.ts
+var import_common4 = require("@did-btcr2/common");
+var import_cryptosuite = require("@did-btcr2/cryptosuite");
 var import_utils2 = require("@noble/hashes/utils");
 
-// src/core/aggregation/cohort.ts
-var import_common2 = require("@did-btcr2/common");
+// src/core/aggregation/beacon-strategy.ts
+var import_common = require("@did-btcr2/common");
 var import_smt = require("@did-btcr2/smt");
+var CAS_STRATEGY = {
+  type: "CASBeacon",
+  buildAggregatedData(cohort) {
+    cohort.buildCASAnnouncement();
+  },
+  getDistributePayload(cohort) {
+    return { casAnnouncement: cohort.casAnnouncement };
+  },
+  validateParticipantView({ participantDid, expectedHash, body }) {
+    const casAnnouncement = body.casAnnouncement;
+    if (!casAnnouncement) return { matches: false };
+    return {
+      matches: casAnnouncement[participantDid] === expectedHash,
+      casAnnouncement
+    };
+  }
+};
+var SMT_STRATEGY = {
+  type: "SMTBeacon",
+  buildAggregatedData(cohort) {
+    cohort.buildSMTTree();
+  },
+  getDistributePayload(cohort, participantDid) {
+    const proof = cohort.smtProofs?.get(participantDid);
+    return { smtProof: proof };
+  },
+  validateParticipantView({ participantDid, submittedUpdate, body }) {
+    const smtProof = body.smtProof;
+    if (!smtProof?.updateId || !smtProof?.nonce) return { matches: false };
+    const canonicalBytes = new TextEncoder().encode((0, import_common.canonicalize)(submittedUpdate));
+    const expectedUpdateId = (0, import_smt.hashToHex)((0, import_smt.blockHash)(canonicalBytes));
+    if (smtProof.updateId !== expectedUpdateId) {
+      return { matches: false, smtProof };
+    }
+    const index = (0, import_smt.didToIndex)(participantDid);
+    const candidateHash = (0, import_smt.blockHash)((0, import_smt.blockHash)((0, import_smt.hexToHash)(smtProof.nonce)), (0, import_smt.hexToHash)(smtProof.updateId));
+    return {
+      matches: (0, import_smt.verifySerializedProof)(smtProof, index, candidateHash),
+      smtProof
+    };
+  }
+};
+var STRATEGIES = /* @__PURE__ */ new Map([
+  [CAS_STRATEGY.type, CAS_STRATEGY],
+  [SMT_STRATEGY.type, SMT_STRATEGY]
+]);
+function registerBeaconStrategy(strategy) {
+  STRATEGIES.set(strategy.type, strategy);
+}
+function getBeaconStrategy(type) {
+  return STRATEGIES.get(type);
+}
+
+// src/core/aggregation/cohort.ts
+var import_common3 = require("@did-btcr2/common");
+var import_smt2 = require("@did-btcr2/smt");
+var import_secp256k1 = require("@noble/curves/secp256k1.js");
 var import_utils = require("@noble/hashes/utils");
+var import_btc_signer = require("@scure/btc-signer");
 var import_musig2 = require("@scure/btc-signer/musig2");
-var import_bitcoinjs_lib = require("bitcoinjs-lib");
 
 // src/core/aggregation/errors.ts
-var import_common = require("@did-btcr2/common");
-var AggregationServiceError = class extends import_common.MethodError {
+var import_common2 = require("@did-btcr2/common");
+var AggregationServiceError = class extends import_common2.MethodError {
   constructor(message, type = "AggregationServiceError", data) {
     super(message, type, data);
   }
 };
-var AggregationParticipantError = class extends import_common.MethodError {
+var AggregationParticipantError = class extends import_common2.MethodError {
   constructor(message, type = "AggregationParticipantError", data) {
     super(message, type, data);
   }
 };
-var AggregationCohortError = class extends import_common.MethodError {
+var AggregationCohortError = class extends import_common2.MethodError {
   constructor(message, type = "AggregationCohortError", data) {
     super(message, type, data);
   }
 };
-var SigningSessionError = class extends import_common.MethodError {
+var SigningSessionError = class extends import_common2.MethodError {
   constructor(message, type = "SigningSessionError", data) {
     super(message, type, data);
   }
@@ -154,10 +235,21 @@ var AggregationCohort = class {
   beaconType;
   /** List of participant DIDs that have been accepted into the cohort. */
   participants = [];
+  /**
+   * Mapping from participant DID → their compressed secp256k1 public key.
+   * Distinct from {@link cohortKeys} (which is sorted per BIP-327) — this lets
+   * callers look up a participant's key without knowing their position in the
+   * sorted array. Populated by the service at `acceptParticipant` time.
+   */
+  participantKeys = /* @__PURE__ */ new Map();
   /** Sorted list of cohort participants' compressed public keys. */
   #cohortKeys = [];
-  /** Taproot tweak (BIP-341 key-path-only). */
-  trMerkleRoot = new Uint8Array();
+  /**
+   * BIP-341 TapTweak — `taggedHash("TapTweak", internalPubkey)` for a key-path-only
+   * Taproot output. Despite prior naming, this is NOT a Merkle root: key-path-only
+   * spends have no script tree.
+   */
+  tapTweak = new Uint8Array();
   /** The n-of-n MuSig2 Taproot beacon address. */
   beaconAddress = "";
   /** Pending DID updates submitted by participants, keyed by DID. */
@@ -188,7 +280,7 @@ var AggregationCohort = class {
   }
   /**
    * Computes the n-of-n MuSig2 Taproot beacon address from cohort keys.
-   * Sets `trMerkleRoot` to the BIP-341 key-path-only tweak.
+   * Sets `tapTweak` to the BIP-341 key-path-only tweak.
    */
   computeBeaconAddress() {
     if (this.#cohortKeys.length === 0) {
@@ -200,8 +292,8 @@ var AggregationCohort = class {
     }
     const keyAggContext = (0, import_musig2.keyAggregate)(this.#cohortKeys);
     const aggPubkey = (0, import_musig2.keyAggExport)(keyAggContext);
-    const payment = import_bitcoinjs_lib.payments.p2tr({ internalPubkey: aggPubkey });
-    this.trMerkleRoot = payment.hash ?? import_bitcoinjs_lib.crypto.taggedHash("TapTweak", aggPubkey);
+    const payment = (0, import_btc_signer.p2tr)(aggPubkey);
+    this.tapTweak = import_secp256k1.schnorr.utils.taggedHash("TapTweak", aggPubkey);
     if (!payment.address) {
       throw new AggregationCohortError(
         "Failed to compute Taproot address",
@@ -235,6 +327,18 @@ var AggregationCohort = class {
       );
     }
   }
+  /**
+   * Returns the position of a participant's public key in the sorted
+   * {@link cohortKeys} array, or -1 if the participant is not in the cohort.
+   * Required by MuSig2 partial-sig verification which indexes by signer position.
+   */
+  indexOfParticipant(did) {
+    const pk = this.participantKeys.get(did);
+    if (!pk) return -1;
+    return this.#cohortKeys.findIndex(
+      (k) => k.length === pk.length && k.every((b, i) => b === pk[i])
+    );
+  }
   addUpdate(participantDid, signedUpdate) {
     if (!this.participants.includes(participantDid)) {
       throw new AggregationCohortError(
@@ -263,10 +367,10 @@ var AggregationCohort = class {
     }
     const announcement = {};
     for (const [did, signedUpdate] of this.pendingUpdates) {
-      announcement[did] = (0, import_common2.canonicalHash)(signedUpdate);
+      announcement[did] = (0, import_common3.canonicalHash)(signedUpdate);
     }
     this.casAnnouncement = announcement;
-    this.signalBytes = (0, import_common2.hash)((0, import_common2.canonicalize)(announcement));
+    this.signalBytes = (0, import_common3.hash)((0, import_common3.canonicalize)(announcement));
     return announcement;
   }
   /**
@@ -282,11 +386,11 @@ var AggregationCohort = class {
         { cohortId: this.id }
       );
     }
-    const tree = new import_smt.BTCR2MerkleTree();
+    const tree = new import_smt2.BTCR2MerkleTree();
     const entries = [];
     const encoder = new TextEncoder();
     for (const [did, signedUpdate] of this.pendingUpdates) {
-      const canonicalBytes = encoder.encode((0, import_common2.canonicalize)(signedUpdate));
+      const canonicalBytes = encoder.encode((0, import_common3.canonicalize)(signedUpdate));
       const nonce = (0, import_utils.randomBytes)(32);
       entries.push({ did, nonce, signedUpdate: canonicalBytes });
     }
@@ -328,28 +432,17 @@ var AggregationCohort = class {
   }
 };
 
-// src/core/aggregation/messages/constants.ts
-var AGGREGATION_MESSAGE_PREFIX = "https://btcr2.dev/aggregation";
-var COHORT_ADVERT = `${AGGREGATION_MESSAGE_PREFIX}/keygen/cohort_advert`;
-var COHORT_OPT_IN = `${AGGREGATION_MESSAGE_PREFIX}/keygen/cohort_opt_in`;
-var COHORT_OPT_IN_ACCEPT = `${AGGREGATION_MESSAGE_PREFIX}/keygen/cohort_opt_in_accept`;
-var COHORT_READY = `${AGGREGATION_MESSAGE_PREFIX}/keygen/cohort_ready`;
-var SUBMIT_UPDATE = `${AGGREGATION_MESSAGE_PREFIX}/update/submit_update`;
-var DISTRIBUTE_AGGREGATED_DATA = `${AGGREGATION_MESSAGE_PREFIX}/update/distribute_aggregated_data`;
-var VALIDATION_ACK = `${AGGREGATION_MESSAGE_PREFIX}/update/validation_ack`;
-var AUTHORIZATION_REQUEST = `${AGGREGATION_MESSAGE_PREFIX}/sign/authorization_request`;
-var NONCE_CONTRIBUTION = `${AGGREGATION_MESSAGE_PREFIX}/sign/nonce_contribution`;
-var AGGREGATED_NONCE = `${AGGREGATION_MESSAGE_PREFIX}/sign/aggregated_nonce`;
-var SIGNATURE_AUTHORIZATION = `${AGGREGATION_MESSAGE_PREFIX}/sign/signature_authorization`;
-
 // src/core/aggregation/messages/base.ts
+var AGGREGATION_WIRE_VERSION = 1;
 var BaseMessage = class {
   type;
+  version;
   to;
   from;
   body;
-  constructor({ type, to, from: from2, body }) {
+  constructor({ type, version, to, from: from2, body }) {
     this.type = type;
+    this.version = version ?? AGGREGATION_WIRE_VERSION;
     this.to = to;
     this.from = from2;
     this.body = body;
@@ -361,6 +454,7 @@ var BaseMessage = class {
   toJSON() {
     return {
       type: this.type,
+      version: this.version,
       to: this.to,
       from: this.from,
       body: this.body
@@ -368,6 +462,20 @@ var BaseMessage = class {
   }
 };
 
+// src/core/aggregation/messages/constants.ts
+var AGGREGATION_MESSAGE_PREFIX = "https://btcr2.dev/aggregation";
+var COHORT_ADVERT = `${AGGREGATION_MESSAGE_PREFIX}/keygen/cohort_advert`;
+var COHORT_OPT_IN = `${AGGREGATION_MESSAGE_PREFIX}/keygen/cohort_opt_in`;
+var COHORT_OPT_IN_ACCEPT = `${AGGREGATION_MESSAGE_PREFIX}/keygen/cohort_opt_in_accept`;
+var COHORT_READY = `${AGGREGATION_MESSAGE_PREFIX}/keygen/cohort_ready`;
+var SUBMIT_UPDATE = `${AGGREGATION_MESSAGE_PREFIX}/update/submit_update`;
+var DISTRIBUTE_AGGREGATED_DATA = `${AGGREGATION_MESSAGE_PREFIX}/update/distribute_aggregated_data`;
+var VALIDATION_ACK = `${AGGREGATION_MESSAGE_PREFIX}/update/validation_ack`;
+var AUTHORIZATION_REQUEST = `${AGGREGATION_MESSAGE_PREFIX}/sign/authorization_request`;
+var NONCE_CONTRIBUTION = `${AGGREGATION_MESSAGE_PREFIX}/sign/nonce_contribution`;
+var AGGREGATED_NONCE = `${AGGREGATION_MESSAGE_PREFIX}/sign/aggregated_nonce`;
+var SIGNATURE_AUTHORIZATION = `${AGGREGATION_MESSAGE_PREFIX}/sign/signature_authorization`;
+
 // src/core/aggregation/messages/factories.ts
 function createCohortAdvertMessage(fields) {
   const { from: from2, ...body } = fields;
@@ -455,8 +563,8 @@ var SigningSessionPhase = /* @__PURE__ */ ((SigningSessionPhase2) => {
 })(SigningSessionPhase || {});
 
 // src/core/aggregation/signing-session.ts
+var import_btc_signer2 = require("@scure/btc-signer");
 var musig2 = __toESM(require("@scure/btc-signer/musig2"), 1);
-var import_bitcoinjs_lib2 = require("bitcoinjs-lib");
 var BeaconSigningSession = class {
   /** Unique identifier for this signing session. */
   id;
@@ -498,11 +606,11 @@ var BeaconSigningSession = class {
         "SIGHASH_ERROR"
       );
     }
-    return this.pendingTx.hashForWitnessV1(
+    return this.pendingTx.preimageWitnessV1(
       0,
       this.prevOutScripts,
-      this.prevOutValues,
-      import_bitcoinjs_lib2.Transaction.SIGHASH_DEFAULT
+      import_btc_signer2.SigHash.DEFAULT,
+      this.prevOutValues
     );
   }
   addNonceContribution(participantDid, nonceContribution) {
@@ -513,6 +621,13 @@ var BeaconSigningSession = class {
         { phase: this.phase }
       );
     }
+    if (!this.cohort.participants.includes(participantDid)) {
+      throw new SigningSessionError(
+        `Participant ${participantDid} is not a member of cohort ${this.cohort.id}.`,
+        "UNKNOWN_PARTICIPANT",
+        { cohortId: this.cohort.id, participantDid }
+      );
+    }
     if (nonceContribution.length !== 66) {
       throw new SigningSessionError(
         `Invalid nonce contribution: expected 66 bytes, got ${nonceContribution.length}.`,
@@ -548,6 +663,13 @@ var BeaconSigningSession = class {
         "INVALID_PHASE"
       );
     }
+    if (!this.cohort.participants.includes(participantDid)) {
+      throw new SigningSessionError(
+        `Participant ${participantDid} is not a member of cohort ${this.cohort.id}.`,
+        "UNKNOWN_PARTICIPANT",
+        { cohortId: this.cohort.id, participantDid }
+      );
+    }
     if (this.partialSignatures.has(participantDid)) {
       throw new SigningSessionError(
         `Duplicate partial signature from ${participantDid}.`,
@@ -573,9 +695,39 @@ var BeaconSigningSession = class {
       this.aggregatedNonce,
       this.cohort.cohortKeys,
       this.sigHash,
-      [this.cohort.trMerkleRoot],
+      [this.cohort.tapTweak],
       [true]
     );
+    const pubNoncesByIndex = new Array(this.cohort.cohortKeys.length);
+    for (const [did, nonce] of this.nonceContributions) {
+      const idx = this.cohort.indexOfParticipant(did);
+      if (idx < 0) {
+        throw new SigningSessionError(
+          `Cannot verify nonce from ${did}: participant key missing from cohort.`,
+          "UNKNOWN_PARTICIPANT_KEY",
+          { participantDid: did }
+        );
+      }
+      pubNoncesByIndex[idx] = nonce;
+    }
+    for (const [did, partialSig] of this.partialSignatures) {
+      const idx = this.cohort.indexOfParticipant(did);
+      if (idx < 0) {
+        throw new SigningSessionError(
+          `Cannot verify partial signature from ${did}: participant key missing from cohort.`,
+          "UNKNOWN_PARTICIPANT_KEY",
+          { participantDid: did }
+        );
+      }
+      const ok = session.partialSigVerify(partialSig, pubNoncesByIndex, idx);
+      if (!ok) {
+        throw new SigningSessionError(
+          `Bad partial signature from ${did}.`,
+          "BAD_PARTIAL_SIG",
+          { participantDid: did, index: idx }
+        );
+      }
+    }
     this.signature = session.partialSigAgg([...this.partialSignatures.values()]);
     this.phase = "Complete" /* Complete */;
     return this.signature;
@@ -593,6 +745,10 @@ var BeaconSigningSession = class {
   /**
    * Generates a partial signature using the participant's secret key + secret nonce.
    * Requires the aggregated nonce to have been set first (via the service).
+   *
+   * Zeros the stored `secretNonce` after use. JS cannot truly erase memory (GC
+   * and immutable strings), but overwriting the bytes shortens the exposure
+   * window and prevents accidental reuse or serialization of a spent nonce.
    */
   generatePartialSignature(participantSecretKey) {
     if (!this.aggregatedNonce) {
@@ -605,10 +761,13 @@ var BeaconSigningSession = class {
       this.aggregatedNonce,
       this.cohort.cohortKeys,
       this.sigHash,
-      [this.cohort.trMerkleRoot],
+      [this.cohort.tapTweak],
       [true]
     );
-    return session.sign(this.secretNonce, participantSecretKey);
+    const partialSig = session.sign(this.secretNonce, participantSecretKey);
+    this.secretNonce.fill(0);
+    this.secretNonce = void 0;
+    return partialSig;
   }
   isComplete() {
     return this.phase === "Complete" /* Complete */;
@@ -619,16 +778,32 @@ var BeaconSigningSession = class {
 };
 
 // src/core/aggregation/service.ts
+var DEFAULT_MAX_UPDATE_SIZE_BYTES = 256 * 1024;
 var AggregationService = class {
   did;
   keys;
+  maxUpdateSizeBytes;
   /** Per-cohort state, keyed by cohortId. */
   #cohortStates = /* @__PURE__ */ new Map();
-  constructor({ did, keys }) {
+  constructor({ did, keys, maxUpdateSizeBytes }) {
     this.did = did;
     this.keys = keys;
+    this.maxUpdateSizeBytes = maxUpdateSizeBytes ?? DEFAULT_MAX_UPDATE_SIZE_BYTES;
   }
   receive(message) {
+    const version = message.version;
+    if (version === void 0 || version !== AGGREGATION_WIRE_VERSION) {
+      const cohortId = message.body?.cohortId;
+      const state = cohortId ? this.#cohortStates.get(cohortId) : void 0;
+      if (state) {
+        state.rejections.push({
+          from: message.from,
+          code: "WRONG_VERSION",
+          reason: `Expected wire version ${AGGREGATION_WIRE_VERSION}, got ${String(version)}`
+        });
+      }
+      return;
+    }
     const type = message.type;
     switch (type) {
       case COHORT_OPT_IN:
@@ -650,6 +825,18 @@ var AggregationService = class {
         break;
     }
   }
+  /**
+   * Drain the rejection log for a cohort. Used by runners to surface silent
+   * drops (bad proof, oversized update, wrong version, etc.) as structured
+   * events without breaking the sans-I/O state machine contract.
+   */
+  drainRejections(cohortId) {
+    const state = this.#cohortStates.get(cohortId);
+    if (!state) return [];
+    const out = state.rejections;
+    state.rejections = [];
+    return out;
+  }
   /**
    * Create a new cohort with the given config. Returns the cohort ID.
    * Cohort starts in `Created` phase — call `advertise()` to broadcast.
@@ -666,7 +853,8 @@ var AggregationService = class {
       cohort,
       config,
       pendingOptIns: /* @__PURE__ */ new Map(),
-      acceptedParticipants: /* @__PURE__ */ new Set()
+      acceptedParticipants: /* @__PURE__ */ new Set(),
+      rejections: []
     });
     return cohort.id;
   }
@@ -719,6 +907,7 @@ var AggregationService = class {
     const participantPk = message.body?.participantPk;
     const communicationPk = message.body?.communicationPk;
     if (!participantPk || !communicationPk) return;
+    if (state.acceptedParticipants.has(participantDid)) return;
     state.pendingOptIns.set(participantDid, {
       cohortId,
       participantDid,
@@ -752,6 +941,7 @@ var AggregationService = class {
     }
     state.acceptedParticipants.add(participantDid);
     state.cohort.participants.push(participantDid);
+    state.cohort.participantKeys.set(participantDid, optIn.participantPk);
     state.cohort.cohortKeys = [...state.cohort.cohortKeys, optIn.participantPk];
     return [createCohortOptInAcceptMessage({
       from: this.did,
@@ -802,6 +992,13 @@ var AggregationService = class {
     if (!state) return /* @__PURE__ */ new Map();
     return state.cohort.pendingUpdates;
   }
+  /**
+   * Handle an incoming SUBMIT_UPDATE message from a participant containing their signed update to
+   * submit for aggregation.
+   * @param {BaseMessage} message - incoming SUBMIT_UPDATE message containing a participant's signed
+   * update to submit for aggregation
+   * @returns {void} - no return value; updates the service state with the submitted update if valid
+   */
   #handleSubmitUpdate(message) {
     const cohortId = message.body?.cohortId;
     if (!cohortId) return;
@@ -809,7 +1006,31 @@ var AggregationService = class {
     if (!state) return;
     if (state.phase !== "CohortSet" /* CohortSet */ && state.phase !== "CollectingUpdates" /* CollectingUpdates */) return;
     const signedUpdate = message.body?.signedUpdate;
-    if (!signedUpdate) return;
+    if (!signedUpdate) {
+      state.rejections.push({
+        from: message.from,
+        code: "UPDATE_MALFORMED",
+        reason: "SUBMIT_UPDATE missing signedUpdate body"
+      });
+      return;
+    }
+    const canonicalSize = (0, import_common4.canonicalize)(signedUpdate).length;
+    if (canonicalSize > this.maxUpdateSizeBytes) {
+      state.rejections.push({
+        from: message.from,
+        code: "UPDATE_TOO_LARGE",
+        reason: `Canonicalized update is ${canonicalSize} bytes; max allowed is ${this.maxUpdateSizeBytes}`
+      });
+      return;
+    }
+    if (!this.#verifySubmittedUpdate(state, message.from, signedUpdate)) {
+      state.rejections.push({
+        from: message.from,
+        code: "UPDATE_VERIFICATION_FAILED",
+        reason: "BIP-340 Data Integrity proof verification failed"
+      });
+      return;
+    }
     state.cohort.addUpdate(message.from, signedUpdate);
     if (state.phase === "CohortSet" /* CohortSet */) {
       state.phase = "CollectingUpdates" /* CollectingUpdates */;
@@ -818,6 +1039,36 @@ var AggregationService = class {
       state.phase = "UpdatesCollected" /* UpdatesCollected */;
     }
   }
+  /**
+   * Verify the BIP-340 Schnorr Data Integrity proof on a submitted update using the
+   * participant's public key from their cohort opt-in. Returns `false` (and the
+   * update is silently dropped) if the proof is missing, the verificationMethod does
+   * not name the sender's DID, the participant has no opt-in on record, or the
+   * signature fails verification.
+   * @param {ServiceCohortState} state - the current state of the cohort to which the update was submitted
+   * @param {string} sender - the DID of the participant who submitted the update
+   * @param {SignedBTCR2Update} signedUpdate - the signed update containing the proof to verify
+   * @returns {boolean} - `true` if the proof is valid and the update can be accepted; `false` otherwise
+   */
+  #verifySubmittedUpdate(state, sender, signedUpdate) {
+    const proof = signedUpdate.proof;
+    if (!proof?.verificationMethod || !proof.proofValue) return false;
+    const vmDid = proof.verificationMethod.split("#")[0];
+    if (vmDid !== sender) return false;
+    const optIn = state.pendingOptIns.get(sender);
+    if (!optIn) return false;
+    try {
+      const multikey = import_cryptosuite.SchnorrMultikey.fromPublicKey({
+        id: proof.verificationMethod,
+        controller: sender,
+        publicKeyBytes: optIn.participantPk
+      });
+      const suite = new import_cryptosuite.BIP340Cryptosuite(multikey);
+      return suite.verifyProof(signedUpdate).verified === true;
+    } catch {
+      return false;
+    }
+  }
   /**
    * Build the aggregated data structure (CAS Announcement or SMT tree) and
    * return distribute messages to send to all participants for validation.
@@ -834,29 +1085,28 @@ var AggregationService = class {
         { cohortId, phase: state.phase }
       );
     }
-    if (state.config.beaconType === "CASBeacon") {
-      state.cohort.buildCASAnnouncement();
-    } else if (state.config.beaconType === "SMTBeacon") {
-      state.cohort.buildSMTTree();
-    } else {
+    const strategy = getBeaconStrategy(state.config.beaconType);
+    if (!strategy) {
       throw new AggregationServiceError(
         `Unsupported beacon type: ${state.config.beaconType}`,
         "UNSUPPORTED_BEACON_TYPE",
         { cohortId, beaconType: state.config.beaconType }
       );
     }
+    strategy.buildAggregatedData(state.cohort);
     const signalBytesHex = (0, import_utils2.bytesToHex)(state.cohort.signalBytes);
     state.phase = "DataDistributed" /* DataDistributed */;
     const messages = [];
     for (const participantDid of state.cohort.participants) {
+      const payload = strategy.getDistributePayload(state.cohort, participantDid);
       messages.push(createDistributeAggregatedDataMessage({
         from: this.did,
         to: participantDid,
         cohortId,
         beaconType: state.config.beaconType,
         signalBytesHex,
-        casAnnouncement: state.config.beaconType === "CASBeacon" ? state.cohort.casAnnouncement : void 0,
-        smtProof: state.config.beaconType === "SMTBeacon" ? state.cohort.smtProofs?.get(participantDid) : void 0
+        casAnnouncement: payload.casAnnouncement,
+        smtProof: payload.smtProof
       }));
     }
     return messages;
@@ -918,6 +1168,14 @@ var AggregationService = class {
     });
     state.signingSession = session;
     state.phase = "SigningStarted" /* SigningStarted */;
+    const prevOutScript = txData.prevOutScripts[0];
+    if (!prevOutScript) {
+      throw new AggregationServiceError(
+        `Cannot start signing for cohort ${cohortId}: txData.prevOutScripts[0] is missing.`,
+        "MISSING_PREV_OUT_SCRIPT",
+        { cohortId }
+      );
+    }
     const messages = [];
     for (const participantDid of state.cohort.participants) {
       messages.push(createAuthorizationRequestMessage({
@@ -925,7 +1183,8 @@ var AggregationService = class {
         to: participantDid,
         cohortId,
         sessionId: session.id,
-        pendingTx: txData.tx.toHex(),
+        pendingTx: txData.tx.hex,
+        prevOutScriptHex: (0, import_utils2.bytesToHex)(prevOutScript),
         prevOutValue: txData.prevOutValues[0]?.toString() ?? "0"
       }));
     }
@@ -989,7 +1248,7 @@ var AggregationService = class {
     state.signingSession.addPartialSignature(message.from, partialSignature);
     if (state.signingSession.partialSignatures.size === state.cohort.participants.length) {
       const signature = state.signingSession.generateFinalSignature();
-      state.signingSession.pendingTx.setWitness(0, [signature]);
+      state.signingSession.pendingTx.updateInput(0, { finalScriptWitness: [signature] });
       state.result = {
         cohortId,
         signature,
@@ -1018,13 +1277,19 @@ var AggregationService = class {
   get cohorts() {
     return [...this.#cohortStates.values()].map((s) => s.cohort);
   }
+  /**
+   * Remove a cohort from the state map. Used by runners to GC state on cohort
+   * completion, failure, or expiry. No-op if the cohort doesn't exist.
+   */
+  removeCohort(cohortId) {
+    this.#cohortStates.delete(cohortId);
+  }
 };
 
 // src/core/aggregation/participant.ts
-var import_common3 = require("@did-btcr2/common");
-var import_smt2 = require("@did-btcr2/smt");
+var import_common5 = require("@did-btcr2/common");
 var import_utils3 = require("@noble/hashes/utils");
-var import_bitcoinjs_lib3 = require("bitcoinjs-lib");
+var import_btc_signer3 = require("@scure/btc-signer");
 var AggregationParticipant = class {
   did;
   keys;
@@ -1039,6 +1304,9 @@ var AggregationParticipant = class {
    * outgoing messages — those come exclusively from action methods.
    */
   receive(message) {
+    if (message.version === void 0 || message.version !== AGGREGATION_WIRE_VERSION) {
+      return;
+    }
     const type = message.type;
     switch (type) {
       case COHORT_ADVERT:
@@ -1195,42 +1463,26 @@ var AggregationParticipant = class {
     if (!state || state.phase !== "UpdateSubmitted" /* UpdateSubmitted */) return;
     if (!state.submittedUpdate) return;
     const beaconType = message.body?.beaconType;
+    if (!beaconType) return;
+    const strategy = getBeaconStrategy(beaconType);
+    if (!strategy) return;
     const signalBytesHex = message.body?.signalBytesHex ?? "";
-    const expectedHash = (0, import_common3.canonicalHash)(state.submittedUpdate);
-    let matches = false;
-    if (beaconType === "CASBeacon") {
-      const casAnnouncement = message.body?.casAnnouncement;
-      if (casAnnouncement) {
-        matches = casAnnouncement[this.did] === expectedHash;
-        state.validation = {
-          cohortId,
-          beaconType,
-          signalBytesHex,
-          casAnnouncement,
-          expectedHash,
-          matches
-        };
-      }
-    } else if (beaconType === "SMTBeacon") {
-      const smtProof = message.body?.smtProof;
-      if (smtProof?.updateId && smtProof?.nonce) {
-        const canonicalBytes = new TextEncoder().encode((0, import_common3.canonicalize)(state.submittedUpdate));
-        const expectedUpdateId = (0, import_smt2.hashToHex)((0, import_smt2.blockHash)(canonicalBytes));
-        if (smtProof.updateId === expectedUpdateId) {
-          const index = (0, import_smt2.didToIndex)(this.did);
-          const candidateHash = (0, import_smt2.blockHash)((0, import_smt2.blockHash)((0, import_smt2.hexToHash)(smtProof.nonce)), (0, import_smt2.hexToHash)(smtProof.updateId));
-          matches = (0, import_smt2.verifySerializedProof)(smtProof, index, candidateHash);
-        }
-        state.validation = {
-          cohortId,
-          beaconType,
-          signalBytesHex,
-          smtProof,
-          expectedHash,
-          matches
-        };
-      }
-    }
+    const expectedHash = (0, import_common5.canonicalHash)(state.submittedUpdate);
+    const result = strategy.validateParticipantView({
+      participantDid: this.did,
+      submittedUpdate: state.submittedUpdate,
+      expectedHash,
+      body: message.body
+    });
+    state.validation = {
+      cohortId,
+      beaconType,
+      signalBytesHex,
+      expectedHash,
+      matches: result.matches,
+      casAnnouncement: result.casAnnouncement,
+      smtProof: result.smtProof
+    };
     state.phase = "AwaitingValidation" /* AwaitingValidation */;
   }
   /**
@@ -1291,12 +1543,14 @@ var AggregationParticipant = class {
     if (state.phase !== "ValidationSent" /* ValidationSent */) return;
     const sessionId = message.body?.sessionId;
     const pendingTxHex = message.body?.pendingTx;
+    const prevOutScriptHex = message.body?.prevOutScriptHex;
     const prevOutValue = message.body?.prevOutValue;
-    if (!sessionId || !pendingTxHex || !prevOutValue) return;
+    if (!sessionId || !pendingTxHex || !prevOutScriptHex || !prevOutValue) return;
     state.signingRequest = {
       cohortId,
       sessionId,
       pendingTxHex,
+      prevOutScriptHex,
       prevOutValue
     };
     state.phase = "AwaitingSigning" /* AwaitingSigning */;
@@ -1320,8 +1574,8 @@ var AggregationParticipant = class {
         { cohortId }
       );
     }
-    const tx = import_bitcoinjs_lib3.Transaction.fromHex(state.signingRequest.pendingTxHex);
-    const prevOutScripts = tx.outs.length > 0 ? [tx.outs[0].script] : [];
+    const tx = import_btc_signer3.Transaction.fromRaw((0, import_utils3.hexToBytes)(state.signingRequest.pendingTxHex));
+    const prevOutScripts = [(0, import_utils3.hexToBytes)(state.signingRequest.prevOutScriptHex)];
     const prevOutValues = [BigInt(state.signingRequest.prevOutValue)];
     const session = new BeaconSigningSession({
       id: state.signingRequest.sessionId,
@@ -1391,6 +1645,67 @@ var AggregationParticipant = class {
   }
 };
 
+// src/core/aggregation/logger.ts
+var CONSOLE_LOGGER = {
+  debug: (msg, ...args) => console.debug(msg, ...args),
+  info: (msg, ...args) => console.info(msg, ...args),
+  warn: (msg, ...args) => console.warn(msg, ...args),
+  error: (msg, ...args) => console.error(msg, ...args)
+};
+var SILENT_LOGGER = {
+  debug: () => {
+  },
+  info: () => {
+  },
+  warn: () => {
+  },
+  error: () => {
+  }
+};
+
+// src/core/aggregation/messages/bodies.ts
+var hasStr = (b, k) => !!b && typeof b[k] === "string";
+var hasNum = (b, k) => !!b && typeof b[k] === "number";
+var hasBool = (b, k) => !!b && typeof b[k] === "boolean";
+var hasBytes = (b, k) => !!b && b[k] instanceof Uint8Array;
+var hasBytesArray = (b, k) => {
+  const v = b ? b[k] : void 0;
+  return Array.isArray(v) && v.every((x) => x instanceof Uint8Array);
+};
+function isCohortAdvertMessage(m) {
+  return m.type === COHORT_ADVERT && hasStr(m.body, "cohortId") && hasNum(m.body, "cohortSize") && hasStr(m.body, "beaconType") && hasStr(m.body, "network") && hasBytes(m.body, "communicationPk");
+}
+function isCohortOptInMessage(m) {
+  return m.type === COHORT_OPT_IN && hasStr(m.body, "cohortId") && hasBytes(m.body, "participantPk") && hasBytes(m.body, "communicationPk");
+}
+function isCohortOptInAcceptMessage(m) {
+  return m.type === COHORT_OPT_IN_ACCEPT && hasStr(m.body, "cohortId");
+}
+function isCohortReadyMessage(m) {
+  return m.type === COHORT_READY && hasStr(m.body, "cohortId") && hasStr(m.body, "beaconAddress") && hasBytesArray(m.body, "cohortKeys");
+}
+function isSubmitUpdateMessage(m) {
+  return m.type === SUBMIT_UPDATE && hasStr(m.body, "cohortId") && !!m.body && typeof m.body.signedUpdate === "object";
+}
+function isDistributeAggregatedDataMessage(m) {
+  return m.type === DISTRIBUTE_AGGREGATED_DATA && hasStr(m.body, "cohortId") && hasStr(m.body, "beaconType") && hasStr(m.body, "signalBytesHex");
+}
+function isValidationAckMessage(m) {
+  return m.type === VALIDATION_ACK && hasStr(m.body, "cohortId") && hasBool(m.body, "approved");
+}
+function isAuthorizationRequestMessage(m) {
+  return m.type === AUTHORIZATION_REQUEST && hasStr(m.body, "cohortId") && hasStr(m.body, "sessionId") && hasStr(m.body, "pendingTx") && hasStr(m.body, "prevOutScriptHex") && hasStr(m.body, "prevOutValue");
+}
+function isNonceContributionMessage(m) {
+  return m.type === NONCE_CONTRIBUTION && hasStr(m.body, "cohortId") && hasStr(m.body, "sessionId") && hasBytes(m.body, "nonceContribution");
+}
+function isAggregatedNonceMessage(m) {
+  return m.type === AGGREGATED_NONCE && hasStr(m.body, "cohortId") && hasStr(m.body, "sessionId") && hasBytes(m.body, "aggregatedNonce");
+}
+function isSignatureAuthorizationMessage(m) {
+  return m.type === SIGNATURE_AUTHORIZATION && hasStr(m.body, "cohortId") && hasStr(m.body, "sessionId") && hasBytes(m.body, "partialSignature");
+}
+
 // src/core/aggregation/messages/guards.ts
 var KEYGEN_VALUES = /* @__PURE__ */ new Set([
   COHORT_ADVERT,
@@ -1423,20 +1738,20 @@ function isSignMessageType(type) {
 }
 
 // src/core/aggregation/transport/error.ts
-var import_common4 = require("@did-btcr2/common");
-var TransportError = class extends import_common4.MethodError {
+var import_common6 = require("@did-btcr2/common");
+var TransportError = class extends import_common6.MethodError {
   constructor(message, type = "TransportError", data) {
     super(message, type, data);
   }
 };
-var TransportAdapterError = class extends import_common4.MethodError {
+var TransportAdapterError = class extends import_common6.MethodError {
   constructor(message, type = "TransportAdapterError", data) {
     super(message, type, data);
   }
 };
 
 // src/core/aggregation/transport/factory.ts
-var import_common5 = require("@did-btcr2/common");
+var import_common7 = require("@did-btcr2/common");
 
 // src/core/aggregation/transport/nostr.ts
 var import_keypair = require("@did-btcr2/keypair");
@@ -1449,6 +1764,7 @@ var DEFAULT_NOSTR_RELAYS = [
   "wss://relay.snort.social",
   "wss://nostr-pub.wellorder.net"
 ];
+var DEFAULT_BROADCAST_LOOKBACK_MS = 5 * 60 * 1e3;
 var NostrTransport = class _NostrTransport {
   name = "nostr";
   pool;
@@ -1456,8 +1772,12 @@ var NostrTransport = class _NostrTransport {
   #actors = /* @__PURE__ */ new Map();
   #peerRegistry = /* @__PURE__ */ new Map();
   #started = false;
+  #logger;
+  #broadcastLookbackMs;
   constructor(config) {
     this.#relays = config?.relays ?? DEFAULT_NOSTR_RELAYS;
+    this.#logger = config?.logger ?? CONSOLE_LOGGER;
+    this.#broadcastLookbackMs = config?.broadcastLookbackMs ?? DEFAULT_BROADCAST_LOOKBACK_MS;
   }
   /**
    * Registers an actor (DID + keys) to send/receive messages with.
@@ -1468,19 +1788,68 @@ var NostrTransport = class _NostrTransport {
    * @example
    * const transport = new NostrTransport();
    * const keys = SchnorrKeyPair.generate();
-   * transport.registerActor('did:btcr2:...', keys);
+   * const did = DidBtcr2.create(keys.publicKey.compressed, { idType: 'KEY', network: 'mutinynet' });
+   * transport.registerActor(did, keys);
    * transport.start();
    */
   registerActor(did, keys) {
-    const entry = { keys, handlers: /* @__PURE__ */ new Map() };
+    const entry = { keys, handlers: /* @__PURE__ */ new Map(), subscriptions: [] };
     this.#actors.set(did, entry);
     if (this.#started && this.pool) {
       this.#subscribeDirected(did, entry);
     }
   }
+  /**
+   * Detach an actor: drop its handlers, close its relay subscriptions, and remove its keys + peer
+   * mapping. Idempotent.
+   * @param {string} did - The DID of the actor to unregister.
+   * @returns {void}
+   * @throws {TransportAdapterError} If the transport is not started or if the pool is unavailable.
+   * @example
+   * transport.unregisterActor(did);
+   */
+  unregisterActor(did) {
+    const entry = this.#actors.get(did);
+    if (!entry) return;
+    for (const sub of entry.subscriptions) {
+      try {
+        sub.close();
+      } catch (err) {
+        this.#logger.debug(`Error closing subscription for ${did}:`, err);
+      }
+    }
+    entry.subscriptions.length = 0;
+    entry.handlers.clear();
+    this.#actors.delete(did);
+    this.#peerRegistry.delete(did);
+  }
+  /**
+   * Remove a single (actor, messageType) handler. Idempotent.
+   * @param {string} actorDid - The DID of the actor.
+   * @param {string} messageType - The type of message to unregister the handler for.
+   * @returns {void}
+   * @example
+   * transport.unregisterMessageHandler(actorDid, messageType);
+   */
+  unregisterMessageHandler(actorDid, messageType) {
+    const actor = this.#actors.get(actorDid);
+    if (!actor) return;
+    actor.handlers.delete(messageType);
+  }
+  /**
+   * Gets the public key for a registered actor by their DID.
+   * @param {string} did - The DID of the registered actor to get the public key for.
+   * @returns {Uint8Array | undefined} The compressed public key bytes for the actor's DID, or
+   * undefined if the DID is not registered.
+   */
   getActorPk(did) {
     return this.#actors.get(did)?.keys.publicKey.compressed;
   }
+  /**
+   * Registers a peer's communication public key for encrypted messages.
+   * @param {string} did - The DID of the peer to register.
+   * @param {Uint8Array} communicationPk - The compressed secp256k1 public key bytes for the peer.
+   */
   registerPeer(did, communicationPk) {
     try {
       new import_keypair.CompressedSecp256k1PublicKey(communicationPk);
@@ -1493,9 +1862,25 @@ var NostrTransport = class _NostrTransport {
     }
     this.#peerRegistry.set(did, communicationPk);
   }
+  /**
+   * Gets the registered communication public key for a peer by their DID.
+   * @param {string} did - The DID of the peer to get the communication public key for.
+   * @returns {Uint8Array | undefined} The compressed secp256k1 public key bytes for the peer, or
+   * undefined if the peer is not registered.
+   */
   getPeerPk(did) {
     return this.#peerRegistry.get(did);
   }
+  /**
+   * Registers a message handler function for a specific actor and message type. The handler will be called
+   * when a message of the specified type is received for the actor's DID. The transport must have been
+   * started for handlers to be invoked. If the transport is already started, the handler will be registered
+   * immediately; otherwise, it will be registered when the transport starts and the actor's subscription is created.
+   * @param {string} actorDid - The DID of the actor to register the message handler for.
+   * @param {string} messageType - The type of message to handle.
+   * @param {MessageHandler} handler - The function to handle incoming messages of the specified type.
+   * @throws {TransportAdapterError} If the actor DID is not registered or if the handler is invalid.
+   */
   registerMessageHandler(actorDid, messageType, handler) {
     const actor = this.#actors.get(actorDid);
     if (!actor) {
@@ -1507,21 +1892,48 @@ var NostrTransport = class _NostrTransport {
     }
     actor.handlers.set(messageType, handler);
   }
+  /**
+   * Starts the transport by connecting to the configured Nostr relays and setting up subscriptions
+   * for all registered actors. This method must be called after registering actors via registerActor()
+   * and before sending or receiving messages. The transport will subscribe to broadcast events (kind 1)
+   * for cohort adverts and directed events (kinds 1 and 1059) for each registered actor based on their
+   * public keys. Incoming events are processed and dispatched to the appropriate handlers based on
+   * message type. If the transport is already started, this method has no effect.
+   * @returns {NostrTransport}
+   */
   start() {
     if (this.#started) return this;
     this.#started = true;
     this.pool = new import_pool.SimplePool();
-    const since = Math.floor(Date.now() / 1e3);
-    this.pool.subscribeMany(this.#relays, { kinds: [1], "#t": [COHORT_ADVERT], since }, {
-      onclose: (reasons) => console.debug("Nostr broadcast subscription closed", reasons),
+    const broadcastFilter = {
+      kinds: [1],
+      "#t": [COHORT_ADVERT]
+    };
+    if (this.#broadcastLookbackMs > 0) {
+      broadcastFilter.since = Math.floor((Date.now() - this.#broadcastLookbackMs) / 1e3);
+    }
+    this.pool.subscribeMany(this.#relays, broadcastFilter, {
+      onclose: (reasons) => this.#logger.debug("Nostr broadcast subscription closed", reasons),
       onevent: this.#handleBroadcastEvent.bind(this)
     });
     for (const [did, entry] of this.#actors) {
       this.#subscribeDirected(did, entry);
     }
-    console.info(`NostrTransport started, listening on ${this.#relays.length} relay(s)`);
+    this.#logger.info(`NostrTransport started, listening on ${this.#relays.length} relay(s)`);
     return this;
   }
+  /**
+   * Sends a message by publishing a Nostr event to the configured relays. The message is serialized
+   * as JSON and included in the event content.
+   * @param {BaseMessage} message - The aggregation message to send. Must include a valid `type` property.
+   * @param {Did} sender - The DID of the registered actor sending the message. Must have been
+   * registered via registerActor().
+   * @param {Did} [to] - Optional recipient DID for directed messages. Required for encrypted message
+   * types. If provided, must have been registered via registerPeer().
+   * @returns {Promise<void>} Resolves when the message has been published to the relays. Note that
+   * publication is best-effort: the method will resolve as long as at least one relay accepts the
+   * event, even if others reject it.
+   */
   async sendMessage(message, sender, to) {
     const type = message.type;
     if (!type) {
@@ -1558,7 +1970,7 @@ var NostrTransport = class _NostrTransport {
         tags,
         content: JSON.stringify(message, _NostrTransport.#jsonReplacer)
       }, senderKeys.secretKey.bytes);
-      console.debug(`Publishing kind 1 [${type}]`);
+      this.#logger.debug(`Publishing kind 1 [${type}]`);
       await this.#publishToRelays(event);
       return;
     }
@@ -1590,25 +2002,70 @@ var NostrTransport = class _NostrTransport {
         tags,
         content
       }, senderKeys.secretKey.bytes);
-      console.debug(`Publishing kind 1059 [${type}]`);
+      this.#logger.debug(`Publishing kind 1059 [${type}]`);
       await this.#publishToRelays(event);
       return;
     }
-    console.warn(`Unsupported message type: ${type}`);
+    this.#logger.warn(`Unsupported message type: ${type}`);
   }
+  /**
+   * Publish the message once immediately and then re-publish on an interval
+   * until the returned stop function is invoked.
+   *
+   * Useful for broadcast messages (COHORT_ADVERT) on relays that don't
+   * backfill historical events to late subscribers: republishing gives late
+   * joiners a window to discover the message without requiring protocol
+   * changes. Relay rate-limit / publish failures inside the interval are
+   * caught and logged rather than propagated — the caller should stop the
+   * repeater once the protocol condition is satisfied.
+   */
+  publishRepeating(message, sender, intervalMs, recipient) {
+    let stopped = false;
+    void this.sendMessage(message, sender, recipient).catch((err) => {
+      this.#logger.debug("publishRepeating first send failed:", err);
+    });
+    const timer = setInterval(() => {
+      if (stopped) return;
+      void this.sendMessage(message, sender, recipient).catch((err) => {
+        this.#logger.debug("publishRepeating retry failed:", err);
+      });
+    }, intervalMs);
+    return () => {
+      if (stopped) return;
+      stopped = true;
+      clearInterval(timer);
+    };
+  }
+  /**
+   * Creates a directed subscription for the given actor, filtering for messages that match the
+   * actor's public key. Messages received on this subscription are dispatched to the actor's
+   * registered handlers based on message type.
+   * @param {string} did - The DID of the actor to create the subscription for.
+   * @param {ActorEntry} entry - The actor's registration entry containing keys and handlers.
+   * @returns {void}
+   * @throws {TransportAdapterError} If the transport is not started or if the pool is unavailable.
+   */
   #subscribeDirected(did, entry) {
     if (!this.pool) return;
     const pkHex = (0, import_utils4.bytesToHex)(entry.keys.publicKey.x);
-    const since = Math.floor(Date.now() / 1e3);
-    this.pool.subscribeMany(this.#relays, { kinds: [1, 1059], "#p": [pkHex], since }, {
-      onclose: (reasons) => console.debug(`Nostr directed subscription closed for ${did}`, reasons),
+    const sub = this.pool.subscribeMany(this.#relays, { kinds: [1, 1059], "#p": [pkHex] }, {
+      onclose: (reasons) => this.#logger.debug(`Nostr directed subscription closed for ${did}`, reasons),
       onevent: this.#makeActorEventHandler(did)
     });
+    entry.subscriptions.push(sub);
   }
+  /**
+   * Creates an event handler function for a specific actor that processes incoming events, decrypts
+   * if necessary, and dispatches messages to the actor's registered handlers based on message type.
+   * @param {string} actorDid - The DID of the actor to create the event handler for.
+   * @returns {(event: Event) => Promise<void>} An asynchronous event handler function that
+   * processes incoming events for the specified actor.
+   */
   #makeActorEventHandler(actorDid) {
     return async (event) => {
       const actor = this.#actors.get(actorDid);
       if (!actor) return;
+      if (event.pubkey === (0, import_utils4.bytesToHex)(actor.keys.publicKey.x)) return;
       let message;
       try {
         if (event.kind === 1) {
@@ -1624,19 +2081,29 @@ var NostrTransport = class _NostrTransport {
           return;
         }
       } catch (err) {
-        console.debug(`Failed to parse event ${event.id} for ${actorDid}:`, err);
+        this.#logger.debug(`Failed to parse event ${event.id} for ${actorDid}:`, err);
         return;
       }
       this.#dispatchMessage(message, actor);
     };
   }
+  /**
+   * Handles incoming broadcast events (kind 1) by parsing the event content, validating it as an
+   * aggregation message, and dispatching it to all registered actors that have handlers for the
+   * message type. This is used for COHORT_ADVERT messages that need to be received by all actors
+   * regardless of DID.
+   * @param {Event} event - The Nostr event to handle, expected to be a kind 1 broadcast containing
+   * a COHORT_ADVERT message. The event content is parsed and dispatched to all registered actors
+   * that have handlers for the
+   * @returns
+   */
   async #handleBroadcastEvent(event) {
     if (event.kind !== 1) return;
     let message;
     try {
       message = JSON.parse(event.content, _NostrTransport.#jsonReviver);
     } catch (err) {
-      console.debug(`Failed to parse broadcast event ${event.id}:`, err);
+      this.#logger.debug(`Failed to parse broadcast event ${event.id}:`, err);
       return;
     }
     if (message.body && typeof message.body === "object") {
@@ -1649,6 +2116,18 @@ var NostrTransport = class _NostrTransport {
       if (handler) await handler(message);
     }
   }
+  /**
+   * Dispatches a parsed message to the appropriate handler of a registered actor based on message type.
+   * The message is expected to have already been parsed from the Nostr event content and validated as
+   * an aggregation message. If the message has a body, its properties are merged into the top-level
+   * message object for easier handler access. The message is then dispatched to the handler registered
+   * for its type, if one exists.
+   * @param {Record<string, unknown>} message - The message object parsed from a Nostr event, expected to
+   * @param {ActorEntry} actor - The registered actor entry containing keys and handlers to dispatch the message to.
+   * @returns {void}
+   * @throws {TransportAdapterError} If the message type is unsupported or if no handler is registered
+   * for the message type.
+   */
   #dispatchMessage(message, actor) {
     if (message.body && typeof message.body === "object") {
       message = { ...message, ...message.body };
@@ -1658,6 +2137,16 @@ var NostrTransport = class _NostrTransport {
     const handler = actor.handlers.get(messageType);
     if (handler) handler(message);
   }
+  /**
+   * Publishes a Nostr event to the configured relays and handles the results. The method waits for all
+   * relay promises to settle and checks how many accepted or rejected the event. If all relays reject the event,
+   * an error is thrown. Otherwise, the method completes successfully even if some relays rejected the event,
+   * as long as at least one relay accepted it. Relay rejections are logged for debugging purposes.
+   * @param {Event} event - The Nostr event to publish to the configured relays. The event should already
+   * @returns {Promise<void>} A promise that resolves if the event was accepted by at least one relay, or rejects
+   * with a TransportAdapterError if all relays rejected the event.
+   * @throws {TransportAdapterError} If the pool is not initialized or if all relays reject the event.
+   */
   async #publishToRelays(event) {
     const relayPromises = this.pool?.publish(this.#relays, event);
     if (!relayPromises?.length) return;
@@ -1665,7 +2154,7 @@ var NostrTransport = class _NostrTransport {
     const accepted = results.filter((r) => r.status === "fulfilled").length;
     const rejected = results.filter((r) => r.status === "rejected");
     for (const r of rejected) {
-      console.debug(`Relay rejected event ${event.id}: ${r.reason}`);
+      this.#logger.debug(`Relay rejected event ${event.id}: ${r.reason}`);
     }
     if (accepted === 0) {
       throw new TransportAdapterError(
@@ -1675,12 +2164,36 @@ var NostrTransport = class _NostrTransport {
       );
     }
   }
+  /**
+   * Custom JSON replacer to handle serialization of Uint8Array values as hex strings in message
+   * content. This allows messages containing binary data (e.g. public keys, signatures) to be correctly
+   * serialized to JSON for Nostr event content. The replacer checks if a value is a Uint8Array and, if so,
+   * converts it to a hex string wrapped in an object with a __bytes property. The corresponding reviver
+   * can then convert this back to a Uint8Array when parsing the message content from the event.
+   * @param {string} _key - The key of the property being processed.
+   * @param {unknown} value - The value to check if the message type is valid.
+   * @returns {unknown} The transformed value for JSON serialization. If the value is a Uint8Array,
+   * it returns an object with a __bytes property containing the hex string. Otherwise, it returns
+   * the value unchanged.
+   */
   static #jsonReplacer(_key, value) {
     if (value instanceof Uint8Array) {
       return { __bytes: (0, import_utils4.bytesToHex)(value) };
     }
     return value;
   }
+  /**
+   * Custom JSON reviver to handle deserialization of hex strings back into Uint8Array values in message
+   * content. This complements the custom replacer used during serialization, allowing messages that contain
+   * binary data (e.g. public keys, signatures) to be correctly reconstructed when parsing JSON from
+   * Nostr event content. The reviver checks if a value is an object with a __bytes property and,
+   * if so, converts the hex string back into a Uint8Array. Otherwise, it returns the value unchanged.
+   * @param {string} _key - The key of the property being processed.
+   * @param {unknown} value - The value to check if it is an object containing a __bytes property for
+   * hex string conversion.
+   * @returns {unknown} The transformed value for JSON deserialization. If the value is an object
+   * with a __bytes property, it returns a Uint8Array. Otherwise, it returns the value unchanged.
+   */
   static #jsonReviver(_key, value) {
     if (value && typeof value === "object" && "__bytes" in value) {
       return (0, import_utils4.hexToBytes)(value.__bytes);
@@ -1696,7 +2209,7 @@ var TransportFactory = class {
       case "nostr":
         return new NostrTransport({ relays: config.relays });
       case "didcomm":
-        throw new import_common5.NotImplementedError("DIDComm transport not implemented yet.");
+        throw new import_common7.NotImplementedError("DIDComm transport not implemented yet.");
       default:
         throw new TransportError(
           `Invalid transport type: ${config.type}`,
@@ -1708,29 +2221,38 @@ var TransportFactory = class {
 };
 
 // src/core/aggregation/transport/didcomm.ts
-var import_common6 = require("@did-btcr2/common");
+var import_common8 = require("@did-btcr2/common");
 var DidCommTransport = class {
   name = "didcomm";
   start() {
-    throw new import_common6.NotImplementedError("DidCommTransport not implemented. Use NostrTransport instead.");
+    throw new import_common8.NotImplementedError("DidCommTransport not implemented. Use NostrTransport instead.");
   }
   registerActor(_did, _keys) {
-    throw new import_common6.NotImplementedError("DidCommTransport not implemented.");
+    throw new import_common8.NotImplementedError("DidCommTransport not implemented.");
   }
   getActorPk(_did) {
-    throw new import_common6.NotImplementedError("DidCommTransport not implemented.");
+    throw new import_common8.NotImplementedError("DidCommTransport not implemented.");
   }
   registerPeer(_did, _communicationPk) {
-    throw new import_common6.NotImplementedError("DidCommTransport not implemented.");
+    throw new import_common8.NotImplementedError("DidCommTransport not implemented.");
   }
   getPeerPk(_did) {
-    throw new import_common6.NotImplementedError("DidCommTransport not implemented.");
+    throw new import_common8.NotImplementedError("DidCommTransport not implemented.");
   }
   registerMessageHandler(_actorDid, _messageType, _handler) {
-    throw new import_common6.NotImplementedError("DidCommTransport not implemented.");
+    throw new import_common8.NotImplementedError("DidCommTransport not implemented.");
+  }
+  unregisterMessageHandler(_actorDid, _messageType) {
+    throw new import_common8.NotImplementedError("DidCommTransport not implemented.");
+  }
+  unregisterActor(_did) {
+    throw new import_common8.NotImplementedError("DidCommTransport not implemented.");
   }
   async sendMessage(_message, _sender, _recipient) {
-    throw new import_common6.NotImplementedError("DidCommTransport not implemented.");
+    throw new import_common8.NotImplementedError("DidCommTransport not implemented.");
+  }
+  publishRepeating(_message, _sender, _intervalMs, _recipient) {
+    throw new import_common8.NotImplementedError("DidCommTransport not implemented.");
   }
 };
 
@@ -1789,7 +2311,8 @@ var TypedEventEmitter = class {
 };
 
 // src/core/aggregation/runner/service-runner.ts
-var AggregationServiceRunner = class extends TypedEventEmitter {
+var DEFAULT_ADVERT_REPEAT_INTERVAL_MS = 6e4;
+var AggregationServiceRunner = class _AggregationServiceRunner extends TypedEventEmitter {
   /** Direct access to the underlying state machine for advanced use. */
   session;
   #transport;
@@ -1798,11 +2321,26 @@ var AggregationServiceRunner = class extends TypedEventEmitter {
   #onOptInReceived;
   #onReadyToFinalize;
   #onProvideTxData;
+  #cohortTtlMs;
+  #phaseTimeoutMs;
+  #advertRepeatIntervalMs;
   #cohortId;
   #handlersRegistered = false;
   #stopped = false;
+  /**
+   * Guard against the async race where two concurrent #handleOptIn invocations
+   * both pass the `participants.length >= minParticipants` check before either
+   * mutates the cohort phase. Set synchronously before any `await` so subsequent
+   * handlers observe it on their next resumption.
+   */
+  #finalizing = false;
   #resolveRun;
   #rejectRun;
+  #cohortTtlTimer;
+  #phaseTimer;
+  #lastObservedPhase;
+  /** Stop handle for the repeating COHORT_ADVERT publish loop. */
+  #stopAdvertRepeat;
   constructor(options) {
     super();
     this.#transport = options.transport;
@@ -1813,7 +2351,25 @@ var AggregationServiceRunner = class extends TypedEventEmitter {
       finalize: acceptedCount >= minRequired
     }));
     this.#onProvideTxData = options.onProvideTxData;
-    this.session = new AggregationService({ did: options.did, keys: options.keys });
+    this.#cohortTtlMs = options.cohortTtlMs;
+    this.#phaseTimeoutMs = options.phaseTimeoutMs;
+    this.#advertRepeatIntervalMs = options.advertRepeatIntervalMs ?? DEFAULT_ADVERT_REPEAT_INTERVAL_MS;
+    this.session = new AggregationService({
+      did: options.did,
+      keys: options.keys,
+      maxUpdateSizeBytes: options.maxUpdateSizeBytes
+    });
+  }
+  /**
+   * Drain any silent rejections the state machine recorded during the most
+   * recent receive() and surface them as `message-rejected` events. Safe to
+   * call even before a cohortId is assigned.
+   */
+  #drainRejections() {
+    if (!this.#cohortId) return;
+    for (const r of this.session.drainRejections(this.#cohortId)) {
+      this.emit("message-rejected", { cohortId: this.#cohortId, ...r });
+    }
   }
   /**
    * Run the protocol to completion. Resolves with the final aggregation result
@@ -1828,22 +2384,103 @@ var AggregationServiceRunner = class extends TypedEventEmitter {
       try {
         this.#registerHandlers();
         this.#cohortId = this.session.createCohort(this.#config);
+        this.#startTimers();
         const advertMsgs = this.session.advertise(this.#cohortId);
+        this.#onPhaseMaybeChanged();
         this.emit("cohort-advertised", { cohortId: this.#cohortId });
-        this.#sendAll(advertMsgs).catch((err) => this.#fail(err));
+        if (this.#advertRepeatIntervalMs > 0) {
+          this.#startAdvertRepeat(advertMsgs);
+        } else {
+          this.#sendAll(advertMsgs).catch((err) => this.#fail(err));
+        }
       } catch (err) {
         this.#fail(err);
       }
     });
   }
   /**
-   * Stop the runner early. Cleans up internal state.
-   * Note: does not unregister transport handlers (the transport interface
-   * does not currently expose unregister).
+   * Begin publishing the cohort advert immediately and on a repeating interval
+   * until {@link #stopAdvertRepeating} is called. Each advert is broadcast
+   * (no recipient) via the transport's `publishRepeating` primitive.
+   */
+  #startAdvertRepeat(advertMsgs) {
+    const stops = [];
+    for (const msg of advertMsgs) {
+      stops.push(this.#transport.publishRepeating(msg, this.#did, this.#advertRepeatIntervalMs));
+    }
+    this.#stopAdvertRepeat = () => {
+      for (const stop of stops) {
+        try {
+          stop();
+        } catch {
+        }
+      }
+    };
+  }
+  /** Stop the advert republish loop. Idempotent. */
+  #stopAdvertRepeating() {
+    if (!this.#stopAdvertRepeat) return;
+    const stop = this.#stopAdvertRepeat;
+    this.#stopAdvertRepeat = void 0;
+    stop();
+  }
+  /** Schedule cohort TTL + phase timeout at the start of a run. */
+  #startTimers() {
+    if (this.#cohortTtlMs !== void 0) {
+      this.#cohortTtlTimer = setTimeout(() => {
+        const reason = `Cohort ${this.#cohortId ?? ""} exceeded TTL of ${this.#cohortTtlMs}ms`;
+        this.emit("cohort-failed", { cohortId: this.#cohortId ?? "", reason });
+        this.#fail(new Error(reason));
+      }, this.#cohortTtlMs);
+    }
+    this.#resetPhaseTimer();
+  }
+  /** Reset the per-phase stall timer. Called when a phase transition is observed. */
+  #resetPhaseTimer() {
+    if (this.#phaseTimer) clearTimeout(this.#phaseTimer);
+    this.#phaseTimer = void 0;
+    if (this.#phaseTimeoutMs === void 0) return;
+    this.#phaseTimer = setTimeout(() => {
+      const reason = `Cohort ${this.#cohortId ?? ""} stalled in phase ${this.#lastObservedPhase ?? "?"} for ${this.#phaseTimeoutMs}ms`;
+      this.emit("cohort-failed", { cohortId: this.#cohortId ?? "", reason });
+      this.#fail(new Error(reason));
+    }, this.#phaseTimeoutMs);
+  }
+  /** Detect a phase change since the last observation and reset the phase timer. */
+  #onPhaseMaybeChanged() {
+    if (!this.#cohortId) return;
+    const phase = this.session.getCohortPhase(this.#cohortId);
+    if (phase !== this.#lastObservedPhase) {
+      this.#lastObservedPhase = phase;
+      this.#resetPhaseTimer();
+    }
+  }
+  /** Clear both timers. Called on successful completion, stop(), and #fail. */
+  #clearTimers() {
+    if (this.#cohortTtlTimer) clearTimeout(this.#cohortTtlTimer);
+    if (this.#phaseTimer) clearTimeout(this.#phaseTimer);
+    this.#cohortTtlTimer = void 0;
+    this.#phaseTimer = void 0;
+  }
+  /**
+   * Stop the runner early. Marks the runner stopped and detaches transport
+   * handlers so a restart or a new runner doesn't inherit stale dispatch.
    */
   stop() {
     this.#stopped = true;
-  }
+    this.#stopAdvertRepeating();
+    this.#clearTimers();
+    this.#unregisterHandlers();
+    if (this.#cohortId) this.session.removeCohort(this.#cohortId);
+  }
+  /** Message types this runner listens for on the transport. */
+  static #HANDLED_MESSAGE_TYPES = [
+    COHORT_OPT_IN,
+    SUBMIT_UPDATE,
+    VALIDATION_ACK,
+    NONCE_CONTRIBUTION,
+    SIGNATURE_AUTHORIZATION
+  ];
   /**
    * Internal: handler registration with the transport. Idempotent.
    */
@@ -1856,6 +2493,14 @@ var AggregationServiceRunner = class extends TypedEventEmitter {
     this.#transport.registerMessageHandler(this.#did, NONCE_CONTRIBUTION, this.#handleNonceContribution.bind(this));
     this.#transport.registerMessageHandler(this.#did, SIGNATURE_AUTHORIZATION, this.#handleSignatureAuthorization.bind(this));
   }
+  /** Internal: detach from the transport. Safe to call repeatedly. */
+  #unregisterHandlers() {
+    if (!this.#handlersRegistered) return;
+    this.#handlersRegistered = false;
+    for (const type of _AggregationServiceRunner.#HANDLED_MESSAGE_TYPES) {
+      this.#transport.unregisterMessageHandler(this.#did, type);
+    }
+  }
   /**
    * Internal: message handlers for each protocol step. Each handler:
    * 1) feeds the message into the state machine via session.receive()
@@ -1872,6 +2517,8 @@ var AggregationServiceRunner = class extends TypedEventEmitter {
     if (this.#stopped) return;
     try {
       this.session.receive(msg);
+      this.#drainRejections();
+      this.#onPhaseMaybeChanged();
       const optIn = this.session.pendingOptIns(this.#cohortId).get(msg.from);
       if (!optIn) return;
       this.emit("opt-in-received", optIn);
@@ -1883,19 +2530,23 @@ var AggregationServiceRunner = class extends TypedEventEmitter {
       await this.#sendAll(this.session.acceptParticipant(this.#cohortId, msg.from));
       this.emit("participant-accepted", { participantDid: msg.from });
       const cohort = this.session.getCohort(this.#cohortId);
-      if (cohort.participants.length >= this.#config.minParticipants) {
+      if (cohort.participants.length >= this.#config.minParticipants && !this.#finalizing) {
+        this.#finalizing = true;
         const finalizeDecision = await this.#onReadyToFinalize({
           acceptedCount: cohort.participants.length,
           minRequired: this.#config.minParticipants
         });
-        if (finalizeDecision.finalize) {
-          const readyMsgs = this.session.finalizeKeygen(this.#cohortId);
-          this.emit("keygen-complete", {
-            cohortId: this.#cohortId,
-            beaconAddress: cohort.beaconAddress
-          });
-          await this.#sendAll(readyMsgs);
+        if (!finalizeDecision.finalize) {
+          this.#finalizing = false;
+          return;
         }
+        const readyMsgs = this.session.finalizeKeygen(this.#cohortId);
+        this.#stopAdvertRepeating();
+        this.emit("keygen-complete", {
+          cohortId: this.#cohortId,
+          beaconAddress: cohort.beaconAddress
+        });
+        await this.#sendAll(readyMsgs);
       }
     } catch (err) {
       this.#fail(err);
@@ -1913,6 +2564,8 @@ var AggregationServiceRunner = class extends TypedEventEmitter {
     if (this.#stopped) return;
     try {
       this.session.receive(msg);
+      this.#drainRejections();
+      this.#onPhaseMaybeChanged();
       this.emit("update-received", { participantDid: msg.from });
       if (this.session.getCohortPhase(this.#cohortId) === "UpdatesCollected" /* UpdatesCollected */) {
         const distributeMsgs = this.session.buildAndDistribute(this.#cohortId);
@@ -1935,9 +2588,18 @@ var AggregationServiceRunner = class extends TypedEventEmitter {
     if (this.#stopped) return;
     try {
       this.session.receive(msg);
+      this.#drainRejections();
+      this.#onPhaseMaybeChanged();
       const approved = !!msg.body?.approved;
       this.emit("validation-received", { participantDid: msg.from, approved });
-      if (this.session.getCohortPhase(this.#cohortId) === "Validated" /* Validated */) {
+      const phase = this.session.getCohortPhase(this.#cohortId);
+      if (phase === "Failed" /* Failed */) {
+        const reason = `Validation rejected by participant ${msg.from}`;
+        this.emit("cohort-failed", { cohortId: this.#cohortId, reason });
+        this.#fail(new Error(reason));
+        return;
+      }
+      if (phase === "Validated" /* Validated */) {
         const cohort = this.session.getCohort(this.#cohortId);
         const txData = await this.#onProvideTxData({
           cohortId: this.#cohortId,
@@ -1965,6 +2627,8 @@ var AggregationServiceRunner = class extends TypedEventEmitter {
     if (this.#stopped) return;
     try {
       this.session.receive(msg);
+      this.#drainRejections();
+      this.#onPhaseMaybeChanged();
       this.emit("nonce-received", { participantDid: msg.from });
       if (this.session.getCohortPhase(this.#cohortId) === "NoncesCollected" /* NoncesCollected */) {
         await this.#sendAll(this.session.sendAggregatedNonce(this.#cohortId));
@@ -1985,8 +2649,12 @@ var AggregationServiceRunner = class extends TypedEventEmitter {
     if (this.#stopped) return;
     try {
       this.session.receive(msg);
+      this.#drainRejections();
+      this.#onPhaseMaybeChanged();
       const result = this.session.getResult(this.#cohortId);
       if (result) {
+        this.#clearTimers();
+        this.#unregisterHandlers();
         this.emit("signing-complete", result);
         this.#resolveRun?.(result);
       }
@@ -2011,6 +2679,10 @@ var AggregationServiceRunner = class extends TypedEventEmitter {
    * @param {Error} err - The error to handle.
    */
   #fail(err) {
+    this.#stopAdvertRepeating();
+    this.#clearTimers();
+    this.#unregisterHandlers();
+    if (this.#cohortId) this.session.removeCohort(this.#cohortId);
     this.emit("error", err);
     this.#rejectRun?.(err);
   }
@@ -2045,9 +2717,27 @@ var AggregationParticipantRunner = class _AggregationParticipantRunner extends T
   async start() {
     this.#registerHandlers();
   }
-  /** Stop the runner. Does not unregister transport handlers. */
+  /** Stop the runner and detach transport handlers. Safe to call repeatedly. */
   stop() {
     this.#stopped = true;
+    this.#unregisterHandlers();
+  }
+  /** Message types this runner listens for on the transport. */
+  static #HANDLED_MESSAGE_TYPES = [
+    COHORT_ADVERT,
+    COHORT_OPT_IN_ACCEPT,
+    COHORT_READY,
+    DISTRIBUTE_AGGREGATED_DATA,
+    AUTHORIZATION_REQUEST,
+    AGGREGATED_NONCE
+  ];
+  /** Internal: detach from the transport. Safe to call repeatedly. */
+  #unregisterHandlers() {
+    if (!this.#handlersRegistered) return;
+    this.#handlersRegistered = false;
+    for (const type of _AggregationParticipantRunner.#HANDLED_MESSAGE_TYPES) {
+      this.#transport.unregisterMessageHandler(this.#did, type);
+    }
   }
   /**
    * Single-shot helper: start, join the first cohort that passes `shouldJoin`,
@@ -2212,7 +2902,14 @@ var AggregationParticipantRunner = class _AggregationParticipantRunner extends T
       if (this.session.getCohortPhase(cohortId) === "Complete" /* Complete */) {
         const info = this.session.joinedCohorts.get(cohortId);
         if (info) {
-          this.emit("cohort-complete", { cohortId, beaconAddress: info.beaconAddress });
+          const validation = this.session.pendingValidations.get(cohortId);
+          this.emit("cohort-complete", {
+            cohortId,
+            beaconAddress: info.beaconAddress,
+            beaconType: validation?.beaconType ?? "",
+            casAnnouncement: validation?.casAnnouncement,
+            smtProof: validation?.smtProof
+          });
         }
       }
     } catch (err) {
@@ -2234,33 +2931,33 @@ var AggregationParticipantRunner = class _AggregationParticipantRunner extends T
 };
 
 // src/core/beacon/beacon.ts
-var import_keypair2 = require("@did-btcr2/keypair");
+var import_secp256k12 = require("@noble/secp256k1");
 var import_utils5 = require("@noble/hashes/utils");
-var import_bitcoinjs_lib4 = require("bitcoinjs-lib");
+var import_btc_signer4 = require("@scure/btc-signer");
 
 // src/core/beacon/error.ts
-var import_common7 = require("@did-btcr2/common");
-var BeaconError = class extends import_common7.MethodError {
+var import_common9 = require("@did-btcr2/common");
+var BeaconError = class extends import_common9.MethodError {
   constructor(message, type = "BeaconError", data) {
     super(message, type, data);
   }
 };
-var SingletonBeaconError = class extends import_common7.MethodError {
+var SingletonBeaconError = class extends import_common9.MethodError {
   constructor(message, type = "SingletonBeaconError", data) {
     super(message, type, data);
   }
 };
-var AggregateBeaconError = class extends import_common7.MethodError {
+var AggregateBeaconError = class extends import_common9.MethodError {
   constructor(message, type = "AggregateBeaconError", data) {
     super(message, type, data);
   }
 };
-var CASBeaconError = class extends import_common7.MethodError {
+var CASBeaconError = class extends import_common9.MethodError {
   constructor(message, type = "CASBeaconError", data) {
     super(message, type, data);
   }
 };
-var SMTBeaconError = class extends import_common7.MethodError {
+var SMTBeaconError = class extends import_common9.MethodError {
   constructor(message, type = "SMTBeaconError", data) {
     super(message, type, data);
   }
@@ -2288,6 +2985,62 @@ var StaticFeeEstimator = class {
 
 // src/core/beacon/beacon.ts
 var DEFAULT_FEE_ESTIMATOR = new StaticFeeEstimator(5);
+var P2TR_BEACON_TX_VSIZE = 140;
+function opReturnScript(signalBytes) {
+  return import_btc_signer4.Script.encode([import_btc_signer4.OP.RETURN, signalBytes]);
+}
+async function fetchSpendableUtxo(bitcoinAddress, bitcoin) {
+  const utxos = await bitcoin.rest.address.getUtxos(bitcoinAddress);
+  if (!utxos.length) {
+    throw new BeaconError(
+      "No UTXOs found, please fund address!",
+      "UNFUNDED_BEACON_ADDRESS",
+      { bitcoinAddress }
+    );
+  }
+  const utxo = utxos.sort((a, b) => b.status.block_height - a.status.block_height).shift();
+  if (!utxo) {
+    throw new BeaconError(
+      "Beacon bitcoin address unfunded or utxos unconfirmed.",
+      "UNFUNDED_BEACON_ADDRESS",
+      { bitcoinAddress }
+    );
+  }
+  const prevTxHex = await bitcoin.rest.transaction.getHex(utxo.txid);
+  return { utxo, prevTxBytes: (0, import_utils5.hexToBytes)(prevTxHex) };
+}
+async function buildAggregationBeaconTx(opts) {
+  const feeEstimator = opts.feeEstimator ?? DEFAULT_FEE_ESTIMATOR;
+  const { utxo, prevTxBytes } = await fetchSpendableUtxo(opts.beaconAddress, opts.bitcoin);
+  const tapOut = (0, import_btc_signer4.p2tr)(opts.internalPubkey, void 0, opts.network);
+  const witnessScript = tapOut.script;
+  const feeSats = await feeEstimator.estimateFee(P2TR_BEACON_TX_VSIZE);
+  if (BigInt(utxo.value) <= feeSats) {
+    throw new BeaconError(
+      `UTXO value (${utxo.value}) insufficient to cover fee (${feeSats}).`,
+      "INSUFFICIENT_FUNDS",
+      { bitcoinAddress: opts.beaconAddress, utxoValue: utxo.value, fee: feeSats.toString() }
+    );
+  }
+  const tx = new import_btc_signer4.Transaction();
+  tx.addInput({
+    txid: utxo.txid,
+    index: utxo.vout,
+    nonWitnessUtxo: prevTxBytes,
+    witnessUtxo: { amount: BigInt(utxo.value), script: witnessScript },
+    tapInternalKey: opts.internalPubkey
+  });
+  tx.addOutputAddress(opts.beaconAddress, BigInt(utxo.value) - feeSats, opts.network);
+  tx.addOutput({ script: opReturnScript(opts.signalBytes), amount: 0n });
+  return {
+    tx,
+    prevOutScripts: [witnessScript],
+    prevOutValues: [BigInt(utxo.value)],
+    beaconAddress: opts.beaconAddress,
+    utxo,
+    feeSats
+  };
+}
 var Beacon = class {
   /**
    * The Beacon service configuration parsed from the DID Document.
@@ -2297,79 +3050,108 @@ var Beacon = class {
     this.service = service;
   }
   /**
-   * Shared PSBT construction + signing + broadcast helper used by all beacon types.
-   *
-   * Steps:
-   * 1. Parse the beacon's `serviceEndpoint` (stripping `bitcoin:` prefix) into a Bitcoin address.
-   * 2. Query the address for unconfirmed/confirmed UTXOs.
-   * 3. Select the most recent confirmed UTXO.
-   * 4. Fetch the previous transaction hex for `nonWitnessUtxo`.
-   * 5. Build a PSBT: input (UTXO) → change output + OP_RETURN(signalBytes).
-   * 6. Compute the fee via the supplied (or default) {@link FeeEstimator} against the tx vsize.
-   * 7. Sign input 0 with an ECDSA signer derived from `secretKey`.
-   * 8. Finalize, extract, and broadcast via the REST transaction endpoint.
+   * Build + sign + broadcast a single-party beacon signal transaction (P2WPKH spend).
    *
-   * Fee handling: the PSBT is constructed with a placeholder change amount, signed to measure
-   * vsize, then the change is adjusted to pay the actual fee and the input re-signed. This
-   * two-pass approach avoids hardcoded fee constants and produces a tx that matches the
-   * estimator's rate.
+   * Composed from the three extracted phases ({@link buildSinglePartyTx},
+   * {@link signSinglePartyTx}, {@link broadcastRawTx}) so each piece can be exercised
+   * in isolation. Aggregation beacons use {@link buildAggregationBeaconTx} instead —
+   * the multi-party path can't share the signing phase, but the tx-construction
+   * plumbing (UTXO fetch + OP_RETURN output + change output) is shared.
    *
    * @param signalBytes 32-byte payload to embed in OP_RETURN.
    * @param secretKey Secret key used to sign the spending input.
    * @param bitcoin Bitcoin network connection.
    * @param options Broadcast options (fee estimator, etc.).
    * @returns The txid of the broadcast transaction.
-   * @throws {BeaconError} if the address is unfunded or no UTXO is available.
+   * @throws {BeaconError} if the address is unfunded, no UTXO is available, or fee exceeds value.
    */
   async buildSignAndBroadcast(signalBytes, secretKey, bitcoin, options) {
     const feeEstimator = options?.feeEstimator ?? DEFAULT_FEE_ESTIMATOR;
-    const bitcoinAddress = this.service.serviceEndpoint.replace("bitcoin:", "");
-    const utxos = await bitcoin.rest.address.getUtxos(bitcoinAddress);
-    if (!utxos.length) {
-      throw new BeaconError(
-        "No UTXOs found, please fund address!",
-        "UNFUNDED_BEACON_ADDRESS",
-        { bitcoinAddress }
-      );
-    }
-    const utxo = utxos.sort(
-      (a, b) => b.status.block_height - a.status.block_height
-    ).shift();
-    if (!utxo) {
-      throw new BeaconError(
-        "Beacon bitcoin address unfunded or utxos unconfirmed.",
-        "UNFUNDED_BEACON_ADDRESS",
-        { bitcoinAddress }
+    const beaconAddress = this.service.serviceEndpoint.replace("bitcoin:", "");
+    const { utxo, prevTxBytes } = await fetchSpendableUtxo(beaconAddress, bitcoin);
+    const plan = await this.buildSinglePartyTx({
+      signalBytes,
+      beaconAddress,
+      utxo,
+      prevTxBytes,
+      secretKey,
+      bitcoin,
+      feeEstimator
+    });
+    const signedHex = this.signSinglePartyTx(plan.tx, secretKey);
+    return this.broadcastRawTx(bitcoin, signedHex);
+  }
+  /**
+   * Build an unsigned P2WPKH single-party beacon tx + probe-sign to determine vsize,
+   * then rebuild with the real fee. Returns the tx and prev-output metadata.
+   *
+   * The secret key is required here (not just in `signSinglePartyTx`) because the
+   * two-pass fee estimation requires an actual signature to measure vsize accurately.
+   */
+  async buildSinglePartyTx(opts) {
+    const pubkey = this.#derivePubkey(opts.secretKey);
+    const witnessOut = (0, import_btc_signer4.p2wpkh)(pubkey, opts.bitcoin.data);
+    const witnessScript = witnessOut.script;
+    const build = (feeSats2) => {
+      const tx2 = new import_btc_signer4.Transaction();
+      tx2.addInput({
+        txid: opts.utxo.txid,
+        index: opts.utxo.vout,
+        nonWitnessUtxo: opts.prevTxBytes,
+        witnessUtxo: { amount: BigInt(opts.utxo.value), script: witnessScript }
+      });
+      tx2.addOutputAddress(
+        opts.beaconAddress,
+        BigInt(opts.utxo.value) - feeSats2,
+        opts.bitcoin.data
       );
-    }
-    const prevTx = await bitcoin.rest.transaction.getHex(utxo.txid);
-    const keyPair = import_keypair2.SchnorrKeyPair.fromSecret(secretKey);
-    const signer = {
-      publicKey: keyPair.publicKey.compressed,
-      sign: (hash5) => keyPair.secretKey.sign(hash5, { scheme: "ecdsa" })
+      tx2.addOutput({ script: opReturnScript(opts.signalBytes), amount: 0n });
+      return tx2;
     };
-    const build = (fee2) => new import_bitcoinjs_lib4.Psbt({ network: bitcoin.data }).addInput({
-      hash: utxo.txid,
-      index: utxo.vout,
-      nonWitnessUtxo: (0, import_utils5.hexToBytes)(prevTx)
-    }).addOutput({ address: bitcoinAddress, value: BigInt(utxo.value) - fee2 }).addOutput({ script: import_bitcoinjs_lib4.script.compile([import_bitcoinjs_lib4.opcodes.OP_RETURN, signalBytes]), value: 0n });
-    const probeTx = build(0n).signInput(0, signer).finalizeAllInputs().extractTransaction();
-    const vsize = probeTx.virtualSize();
-    const fee = await feeEstimator.estimateFee(vsize);
-    if (BigInt(utxo.value) <= fee) {
+    const probe = build(0n);
+    probe.signIdx(opts.secretKey, 0);
+    probe.finalize();
+    const vsize = probe.vsize;
+    const feeSats = await opts.feeEstimator.estimateFee(vsize);
+    if (BigInt(opts.utxo.value) <= feeSats) {
       throw new BeaconError(
-        `UTXO value (${utxo.value}) insufficient to cover fee (${fee}).`,
+        `UTXO value (${opts.utxo.value}) insufficient to cover fee (${feeSats}).`,
         "INSUFFICIENT_FUNDS",
-        { bitcoinAddress, utxoValue: utxo.value, fee: fee.toString() }
+        { bitcoinAddress: opts.beaconAddress, utxoValue: opts.utxo.value, fee: feeSats.toString() }
       );
     }
-    const signedTxHex = build(fee).signInput(0, signer).finalizeAllInputs().extractTransaction().toHex();
-    return bitcoin.rest.transaction.send(signedTxHex);
+    const tx = build(feeSats);
+    return {
+      tx,
+      prevOutScripts: [witnessScript],
+      prevOutValues: [BigInt(opts.utxo.value)],
+      beaconAddress: opts.beaconAddress,
+      utxo: opts.utxo,
+      feeSats
+    };
+  }
+  /**
+   * Sign + finalize the unsigned single-party tx and return its raw hex.
+   */
+  signSinglePartyTx(tx, secretKey) {
+    tx.signIdx(secretKey, 0);
+    tx.finalize();
+    return tx.hex;
+  }
+  /**
+   * Broadcast raw transaction hex via the Bitcoin REST endpoint. Returns the txid.
+   */
+  async broadcastRawTx(bitcoin, rawHex) {
+    return bitcoin.rest.transaction.send(rawHex);
+  }
+  /** Derive the compressed secp256k1 public key from a raw secret key. */
+  #derivePubkey(secretKey) {
+    return (0, import_secp256k12.getPublicKey)(secretKey, true);
   }
 };
 
 // src/core/beacon/cas-beacon.ts
-var import_common8 = require("@did-btcr2/common");
+var import_common10 = require("@did-btcr2/common");
 var CASBeacon = class extends Beacon {
   /**
    * Creates an instance of CASBeacon.
@@ -2410,7 +3192,7 @@ var CASBeacon = class extends Beacon {
       if (!updateHashEncoded) {
         continue;
       }
-      const updateHash = (0, import_common8.encode)((0, import_common8.decode)(updateHashEncoded, "base64urlnopad"), "hex");
+      const updateHash = (0, import_common10.encode)((0, import_common10.decode)(updateHashEncoded, "base64urlnopad"), "hex");
       const signedUpdate = sidecar.updateMap.get(updateHash);
       if (!signedUpdate) {
         needs.push({
@@ -2442,9 +3224,9 @@ var CASBeacon = class extends Beacon {
    */
   async broadcastSignal(signedUpdate, secretKey, bitcoin, options) {
     const did = this.service.id.split("#")[0];
-    const updateHash = (0, import_common8.canonicalHash)(signedUpdate);
+    const updateHash = (0, import_common10.canonicalHash)(signedUpdate);
     const casAnnouncement = { [did]: updateHash };
-    const announcementHash = (0, import_common8.hash)((0, import_common8.canonicalize)(casAnnouncement));
+    const announcementHash = (0, import_common10.hash)((0, import_common10.canonicalize)(casAnnouncement));
     await this.buildSignAndBroadcast(announcementHash, secretKey, bitcoin, options);
     if (options?.casPublish) {
       await options.casPublish(casAnnouncement);
@@ -2454,10 +3236,10 @@ var CASBeacon = class extends Beacon {
 };
 
 // src/core/beacon/factory.ts
-var import_common11 = require("@did-btcr2/common");
+var import_common13 = require("@did-btcr2/common");
 
 // src/core/beacon/singleton-beacon.ts
-var import_common9 = require("@did-btcr2/common");
+var import_common11 = require("@did-btcr2/common");
 var SingletonBeacon = class extends Beacon {
   /**
    * Creates an instance of SingletonBeacon.
@@ -2505,14 +3287,14 @@ var SingletonBeacon = class extends Beacon {
    * @throws {BeaconError} if the bitcoin address is invalid, unfunded, or UTXO cannot cover the fee.
    */
   async broadcastSignal(signedUpdate, secretKey, bitcoin, options) {
-    const signalBytes = (0, import_common9.hash)((0, import_common9.canonicalize)(signedUpdate));
+    const signalBytes = (0, import_common11.hash)((0, import_common11.canonicalize)(signedUpdate));
     await this.buildSignAndBroadcast(signalBytes, secretKey, bitcoin, options);
     return signedUpdate;
   }
 };
 
 // src/core/beacon/smt-beacon.ts
-var import_common10 = require("@did-btcr2/common");
+var import_common12 = require("@did-btcr2/common");
 var import_smt3 = require("@did-btcr2/smt");
 var import_utils6 = require("@noble/hashes/utils");
 var SMTBeacon = class extends Beacon {
@@ -2600,7 +3382,7 @@ var SMTBeacon = class extends Beacon {
    */
   async broadcastSignal(signedUpdate, secretKey, bitcoin, options) {
     const did = this.service.id.split("#")[0];
-    const canonicalBytes = new TextEncoder().encode((0, import_common10.canonicalize)(signedUpdate));
+    const canonicalBytes = new TextEncoder().encode((0, import_common12.canonicalize)(signedUpdate));
     const nonce = (0, import_utils6.randomBytes)(32);
     const tree = new import_smt3.BTCR2MerkleTree();
     tree.addEntries([{ did, nonce, signedUpdate: canonicalBytes }]);
@@ -2626,19 +3408,19 @@ var BeaconFactory = class {
       case "SMTBeacon":
         return new SMTBeacon(service);
       default:
-        throw new import_common11.MethodError("Invalid Beacon Type", "INVALID_BEACON_ERROR", service);
+        throw new import_common13.MethodError("Invalid Beacon Type", "INVALID_BEACON_ERROR", service);
     }
   }
 };
 
 // src/core/beacon/signal-discovery.ts
 var import_bitcoin2 = require("@did-btcr2/bitcoin");
-var import_common14 = require("@did-btcr2/common");
+var import_common16 = require("@did-btcr2/common");
 
 // src/core/beacon/utils.ts
 var import_bitcoin = require("@did-btcr2/bitcoin");
-var import_common13 = require("@did-btcr2/common");
-var import_bitcoinjs_lib5 = require("bitcoinjs-lib");
+var import_common15 = require("@did-btcr2/common");
+var import_btc_signer5 = require("@scure/btc-signer");
 
 // src/utils/appendix.ts
 var import_dids = require("@web5/dids");
@@ -3679,9 +4461,9 @@ var Appendix = class _Appendix {
 };
 
 // src/core/identifier.ts
-var import_common12 = require("@did-btcr2/common");
-var import_keypair3 = require("@did-btcr2/keypair");
-var import_base5 = require("@scure/base");
+var import_common14 = require("@did-btcr2/common");
+var import_keypair2 = require("@did-btcr2/keypair");
+var import_base7 = require("@scure/base");
 var Identifier = class _Identifier {
   /**
    * Implements {@link https://dcdpr.github.io/did-btcr2/#didbtcr2-identifier-encoding | 3.2 did:btcr2 Identifier Encoding}.
@@ -3699,25 +4481,25 @@ var Identifier = class _Identifier {
    */
   static encode(genesisBytes, options) {
     const { idType, version = 1, network } = options;
-    if (!(idType in import_common12.IdentifierTypes)) {
-      throw new import_common12.IdentifierError('Expected "idType" to be "KEY" or "EXTERNAL"', import_common12.INVALID_DID, { idType });
+    if (!(idType in import_common14.IdentifierTypes)) {
+      throw new import_common14.IdentifierError('Expected "idType" to be "KEY" or "EXTERNAL"', import_common14.INVALID_DID, { idType });
     }
     if (isNaN(version) || version > 1) {
-      throw new import_common12.IdentifierError('Expected "version" to be 1', import_common12.INVALID_DID, { version });
+      throw new import_common14.IdentifierError('Expected "version" to be 1', import_common14.INVALID_DID, { version });
     }
-    if (typeof network === "string" && !(network in import_common12.BitcoinNetworkNames)) {
-      throw new import_common12.IdentifierError('Invalid "network" name', import_common12.INVALID_DID, { network });
+    if (typeof network === "string" && !(network in import_common14.BitcoinNetworkNames)) {
+      throw new import_common14.IdentifierError('Invalid "network" name', import_common14.INVALID_DID, { network });
     }
     if (typeof network === "number" && (network < 0 || network > 8)) {
-      throw new import_common12.IdentifierError('Invalid "network" number', import_common12.INVALID_DID, { network });
+      throw new import_common14.IdentifierError('Invalid "network" number', import_common14.INVALID_DID, { network });
     }
     if (idType === "KEY") {
       try {
-        new import_keypair3.CompressedSecp256k1PublicKey(genesisBytes);
+        new import_keypair2.CompressedSecp256k1PublicKey(genesisBytes);
       } catch {
-        throw new import_common12.IdentifierError(
+        throw new import_common14.IdentifierError(
           'Expected "genesisBytes" to be a valid compressed secp256k1 public key',
-          import_common12.INVALID_DID,
+          import_common14.INVALID_DID,
           { genesisBytes }
         );
       }
@@ -3730,7 +4512,7 @@ var Identifier = class _Identifier {
     }
     nibbles.push((version - 1) % 15);
     if (typeof network === "string") {
-      nibbles.push(import_common12.BitcoinNetworkNames[network]);
+      nibbles.push(import_common14.BitcoinNetworkNames[network]);
     } else if (typeof network === "number") {
       nibbles.push(network + 11);
     }
@@ -3739,11 +4521,11 @@ var Identifier = class _Identifier {
     }
     if (fCount !== 0) {
       for (const index in Array.from({ length: nibbles.length / 2 - 1 })) {
-        throw new import_common12.IdentifierError("Not implemented", "NOT_IMPLEMENTED", { index });
+        throw new import_common14.IdentifierError("Not implemented", "NOT_IMPLEMENTED", { index });
       }
     }
     const dataBytes = new Uint8Array([nibbles[2 * 0] << 4 | nibbles[2 * 0 + 1], ...genesisBytes]);
-    return `did:btcr2:${import_base5.bech32m.encodeFromBytes(hrp, dataBytes)}`;
+    return `did:btcr2:${import_base7.bech32m.encodeFromBytes(hrp, dataBytes)}`;
   }
   /**
    * Implements {@link https://dcdpr.github.io/did-btcr2/#didbtcr2-identifier-decoding | 3.3 did:btcr2 Identifier Decoding}.
@@ -3756,24 +4538,24 @@ var Identifier = class _Identifier {
   static decode(identifier) {
     const components = identifier.split(":");
     if (components.length !== 3) {
-      throw new import_common12.IdentifierError(`Invalid did: ${identifier}`, import_common12.INVALID_DID, { identifier });
+      throw new import_common14.IdentifierError(`Invalid did: ${identifier}`, import_common14.INVALID_DID, { identifier });
     }
     const [scheme, method, encoded] = components;
     if (scheme !== "did") {
-      throw new import_common12.IdentifierError(`Invalid did: ${identifier}`, import_common12.INVALID_DID, { identifier });
+      throw new import_common14.IdentifierError(`Invalid did: ${identifier}`, import_common14.INVALID_DID, { identifier });
     }
     if (method !== "btcr2") {
-      throw new import_common12.IdentifierError(`Invalid did method: ${method}`, import_common12.METHOD_NOT_SUPPORTED, { identifier });
+      throw new import_common14.IdentifierError(`Invalid did method: ${method}`, import_common14.METHOD_NOT_SUPPORTED, { identifier });
     }
     if (!encoded) {
-      throw new import_common12.IdentifierError(`Invalid method-specific id: ${identifier}`, import_common12.INVALID_DID, { identifier });
+      throw new import_common14.IdentifierError(`Invalid method-specific id: ${identifier}`, import_common14.INVALID_DID, { identifier });
     }
-    const { prefix: hrp, bytes: dataBytes } = import_base5.bech32m.decodeToBytes(encoded);
+    const { prefix: hrp, bytes: dataBytes } = import_base7.bech32m.decodeToBytes(encoded);
     if (!["x", "k"].includes(hrp)) {
-      throw new import_common12.IdentifierError(`Invalid hrp: ${hrp}`, import_common12.INVALID_DID, { identifier });
+      throw new import_common14.IdentifierError(`Invalid hrp: ${hrp}`, import_common14.INVALID_DID, { identifier });
     }
     if (!dataBytes) {
-      throw new import_common12.IdentifierError(`Failed to decode id: ${encoded}`, import_common12.INVALID_DID, { identifier });
+      throw new import_common14.IdentifierError(`Failed to decode id: ${encoded}`, import_common14.INVALID_DID, { identifier });
     }
     const idType = hrp === "k" ? "KEY" : "EXTERNAL";
     let version = 1;
@@ -3791,33 +4573,33 @@ var Identifier = class _Identifier {
       }
       nibblesConsumed += 1;
       if (version > 1) {
-        throw new import_common12.IdentifierError(`Invalid version: ${version}`, import_common12.INVALID_DID, { identifier });
+        throw new import_common14.IdentifierError(`Invalid version: ${version}`, import_common14.INVALID_DID, { identifier });
       }
     }
     version += versionNibble;
     nibblesConsumed += 1;
     let networkValue = nibblesConsumed % 2 === 0 ? dataBytes[++byteIndex] >>> 4 : currentByte & 15;
     nibblesConsumed += 1;
-    let network = import_common12.BitcoinNetworkNames[networkValue];
+    let network = import_common14.BitcoinNetworkNames[networkValue];
     if (!network) {
       if (networkValue >= 8 && networkValue <= 15) {
         network = networkValue - 11;
       } else {
-        throw new import_common12.IdentifierError(`Invalid did: ${identifier}`, import_common12.INVALID_DID, { identifier });
+        throw new import_common14.IdentifierError(`Invalid did: ${identifier}`, import_common14.INVALID_DID, { identifier });
       }
     }
     if (nibblesConsumed % 2 === 1) {
       const fillerNibble = currentByte & 15;
       if (fillerNibble !== 0) {
-        throw new import_common12.IdentifierError(`Invalid did: ${identifier}`, import_common12.INVALID_DID, { identifier });
+        throw new import_common14.IdentifierError(`Invalid did: ${identifier}`, import_common14.INVALID_DID, { identifier });
       }
     }
     const genesisBytes = dataBytes.slice(byteIndex + 1);
     if (idType === "KEY") {
       try {
-        new import_keypair3.CompressedSecp256k1PublicKey(genesisBytes);
+        new import_keypair2.CompressedSecp256k1PublicKey(genesisBytes);
       } catch {
-        throw new import_common12.IdentifierError(`Invalid genesisBytes: ${genesisBytes}`, import_common12.INVALID_DID, { identifier });
+        throw new import_common14.IdentifierError(`Invalid genesisBytes: ${genesisBytes}`, import_common14.INVALID_DID, { identifier });
       }
     }
     return { idType, hrp, version, network, genesisBytes };
@@ -3827,7 +4609,7 @@ var Identifier = class _Identifier {
    * @returns {string} The new did:btcr2 identifier.
    */
   static generate() {
-    const keyPair = import_keypair3.SchnorrKeyPair.generate();
+    const keyPair = import_keypair2.SchnorrKeyPair.generate();
     const did = this.encode(
       keyPair.publicKey.compressed,
       {
@@ -3847,13 +4629,13 @@ var Identifier = class _Identifier {
   static getPublicKey(did) {
     const { idType, genesisBytes } = _Identifier.decode(did);
     if (idType !== "KEY") {
-      throw new import_common12.IdentifierError(
+      throw new import_common14.IdentifierError(
         `Cannot extract public key from EXTERNAL DID: ${did}. EXTERNAL DIDs encode a document hash, not a public key.`,
-        import_common12.INVALID_DID,
+        import_common14.INVALID_DID,
         { did, idType }
       );
     }
-    return new import_keypair3.CompressedSecp256k1PublicKey(genesisBytes);
+    return new import_keypair2.CompressedSecp256k1PublicKey(genesisBytes);
   }
   /**
    * Validates a did:btcr2 identifier.
@@ -3880,7 +4662,7 @@ var BeaconUtils = class {
    */
   static parseBitcoinAddress(uri) {
     if (!uri.startsWith("bitcoin:")) {
-      throw new import_common13.MethodError("Invalid Bitcoin URI format", "BEACON_SERVICE_ERROR", { uri });
+      throw new import_common15.MethodError("Invalid Bitcoin URI format", "BEACON_SERVICE_ERROR", { uri });
     }
     return uri.replace("bitcoin:", "").split("?")[0];
   }
@@ -3938,7 +4720,8 @@ var BeaconUtils = class {
       const network = (0, import_bitcoin.getNetwork)(components.network);
       const pubkey = components.genesisBytes;
       const id = `${did}#initial${addressType.toUpperCase()}`;
-      const serviceEndpoint = `bitcoin:${import_bitcoinjs_lib5.payments[addressType]({ pubkey, network }).address}`;
+      const address = addressType === "p2tr" ? (0, import_btc_signer5.p2tr)(pubkey.slice(1, 33), void 0, network).address : addressType === "p2wpkh" ? (0, import_btc_signer5.p2wpkh)(pubkey, network).address : (0, import_btc_signer5.p2pkh)(pubkey, network).address;
+      const serviceEndpoint = `bitcoin:${address}`;
       return { id, type: beaconType, serviceEndpoint };
     } catch (error) {
       throw new BeaconError(
@@ -3956,27 +4739,27 @@ var BeaconUtils = class {
    */
   static generateBeaconServices({ id, publicKey, network, beaconType }) {
     try {
-      const p2pkh = import_bitcoinjs_lib5.payments.p2pkh({ pubkey: publicKey, network }).address;
-      const p2wpkh = import_bitcoinjs_lib5.payments.p2wpkh({ pubkey: publicKey, network }).address;
-      const p2tr = import_bitcoinjs_lib5.payments.p2tr({ network, internalPubkey: publicKey.slice(1, 33) }).address;
-      if (!p2pkh || !p2wpkh || !p2tr) {
-        throw new import_common13.DidMethodError("Failed to generate bitcoin addresses");
+      const p2pkhAddr = (0, import_btc_signer5.p2pkh)(publicKey, network).address;
+      const p2wpkhAddr = (0, import_btc_signer5.p2wpkh)(publicKey, network).address;
+      const p2trAddr = (0, import_btc_signer5.p2tr)(publicKey.slice(1, 33), void 0, network).address;
+      if (!p2pkhAddr || !p2wpkhAddr || !p2trAddr) {
+        throw new import_common15.DidMethodError("Failed to generate bitcoin addresses");
       }
       return [
         {
           id: `${id}#initialP2PKH`,
           type: beaconType,
-          serviceEndpoint: `bitcoin:${p2pkh}`
+          serviceEndpoint: `bitcoin:${p2pkhAddr}`
         },
         {
           id: `${id}#initialP2WPKH`,
           type: beaconType,
-          serviceEndpoint: `bitcoin:${p2wpkh}`
+          serviceEndpoint: `bitcoin:${p2wpkhAddr}`
         },
         {
           id: `${id}#initialP2TR`,
           type: beaconType,
-          serviceEndpoint: `bitcoin:${p2tr}`
+          serviceEndpoint: `bitcoin:${p2trAddr}`
         }
       ];
     } catch (error) {
@@ -4076,7 +4859,7 @@ var BeaconSignalDiscovery = class {
     }
     const rpc = bitcoin.rpc;
     if (!rpc) {
-      throw new import_common14.ResolveError("RPC connection is not available", "RPC_CONNECTION_ERROR", bitcoin);
+      throw new import_common16.ResolveError("RPC connection is not available", "RPC_CONNECTION_ERROR", bitcoin);
     }
     const targetHeight = await rpc.getBlockCount();
     const beaconServicesMap = BeaconUtils.getBeaconServicesMap(beaconServices);
@@ -4147,27 +4930,24 @@ var BeaconSignalDiscovery = class {
 
 // src/core/resolver.ts
 var import_bitcoin4 = require("@did-btcr2/bitcoin");
-var import_common18 = require("@did-btcr2/common");
-var import_cryptosuite2 = require("@did-btcr2/cryptosuite");
-var import_keypair5 = require("@did-btcr2/keypair");
+var import_common20 = require("@did-btcr2/common");
+var import_cryptosuite3 = require("@did-btcr2/cryptosuite");
+var import_keypair4 = require("@did-btcr2/keypair");
 
 // src/did-btcr2.ts
-var import_common17 = require("@did-btcr2/common");
+var import_common19 = require("@did-btcr2/common");
 var import_dids2 = require("@web5/dids");
-var ecc = __toESM(require("@bitcoinerlab/secp256k1"), 1);
-var import_utils9 = require("@noble/hashes/utils");
-var import_bitcoinjs_lib7 = require("bitcoinjs-lib");
 
-// src/core/update.ts
-var import_common16 = require("@did-btcr2/common");
-var import_cryptosuite = require("@did-btcr2/cryptosuite");
+// src/core/updater.ts
+var import_common18 = require("@did-btcr2/common");
+var import_cryptosuite2 = require("@did-btcr2/cryptosuite");
 
 // src/utils/did-document.ts
 var import_bitcoin3 = require("@did-btcr2/bitcoin");
-var import_common15 = require("@did-btcr2/common");
-var import_keypair4 = require("@did-btcr2/keypair");
+var import_common17 = require("@did-btcr2/common");
+var import_keypair3 = require("@did-btcr2/keypair");
 var import_utils8 = require("@web5/dids/utils");
-var import_bitcoinjs_lib6 = require("bitcoinjs-lib");
+var import_btc_signer6 = require("@scure/btc-signer");
 var BTCR2_DID_DOCUMENT_CONTEXT = [
   "https://www.w3.org/ns/did/v1.1",
   "https://btcr2.dev/context/v1"
@@ -4208,20 +4988,20 @@ var DidDocument = class _DidDocument {
   deactivated;
   constructor(document) {
     if (!document.id) {
-      throw new import_common15.DidDocumentError("DID Document must have an id", import_common15.INVALID_DID_DOCUMENT, document);
+      throw new import_common17.DidDocumentError("DID Document must have an id", import_common17.INVALID_DID_DOCUMENT, document);
     }
-    const idType = document.id.includes("k1") ? import_common15.IdentifierTypes.KEY : import_common15.IdentifierTypes.EXTERNAL;
+    const idType = document.id.includes("k1") ? import_common17.IdentifierTypes.KEY : import_common17.IdentifierTypes.EXTERNAL;
     const isGenesis = document.id === ID_PLACEHOLDER_VALUE;
     const { id, verificationMethod: vm, service } = document;
     if (!isGenesis) {
       if (!_DidDocument.isValidId(id)) {
-        throw new import_common15.DidDocumentError(`Invalid id: ${id}`, import_common15.INVALID_DID_DOCUMENT, document);
+        throw new import_common17.DidDocumentError(`Invalid id: ${id}`, import_common17.INVALID_DID_DOCUMENT, document);
       }
       if (!_DidDocument.isValidVerificationMethods(vm)) {
-        throw new import_common15.DidDocumentError("Invalid verificationMethod: " + vm, import_common15.INVALID_DID_DOCUMENT, document);
+        throw new import_common17.DidDocumentError("Invalid verificationMethod: " + vm, import_common17.INVALID_DID_DOCUMENT, document);
       }
       if (!_DidDocument.isValidServices(service)) {
-        throw new import_common15.DidDocumentError("Invalid service: " + service, import_common15.INVALID_DID_DOCUMENT, document);
+        throw new import_common17.DidDocumentError("Invalid service: " + service, import_common17.INVALID_DID_DOCUMENT, document);
       }
     }
     this.id = document.id;
@@ -4231,7 +5011,7 @@ var DidDocument = class _DidDocument {
       "https://www.w3.org/ns/did/v1.1",
       "https://btcr2.dev/context/v1"
     ];
-    if (idType === import_common15.IdentifierTypes.KEY) {
+    if (idType === import_common17.IdentifierTypes.KEY) {
       const keyRef = `${this.id}#initialKey`;
       this.authentication = document.authentication || [keyRef];
       this.assertionMethod = document.assertionMethod || [keyRef];
@@ -4317,19 +5097,19 @@ var DidDocument = class _DidDocument {
    */
   static isValid(didDocument) {
     if (!this.isValidContext(didDocument?.["@context"])) {
-      throw new import_common15.DidDocumentError('Invalid "@context"', import_common15.INVALID_DID_DOCUMENT, didDocument);
+      throw new import_common17.DidDocumentError('Invalid "@context"', import_common17.INVALID_DID_DOCUMENT, didDocument);
     }
     if (!this.isValidId(didDocument?.id)) {
-      throw new import_common15.DidDocumentError('Invalid "id"', import_common15.INVALID_DID_DOCUMENT, didDocument);
+      throw new import_common17.DidDocumentError('Invalid "id"', import_common17.INVALID_DID_DOCUMENT, didDocument);
     }
     if (!this.isValidVerificationMethods(didDocument?.verificationMethod)) {
-      throw new import_common15.DidDocumentError('Invalid "verificationMethod"', import_common15.INVALID_DID_DOCUMENT, didDocument);
+      throw new import_common17.DidDocumentError('Invalid "verificationMethod"', import_common17.INVALID_DID_DOCUMENT, didDocument);
     }
     if (!this.isValidServices(didDocument?.service)) {
-      throw new import_common15.DidDocumentError('Invalid "service"', import_common15.INVALID_DID_DOCUMENT, didDocument);
+      throw new import_common17.DidDocumentError('Invalid "service"', import_common17.INVALID_DID_DOCUMENT, didDocument);
     }
     if (!this.isValidVerificationRelationships(didDocument)) {
-      throw new import_common15.DidDocumentError("Invalid verification relationships", import_common15.INVALID_DID_DOCUMENT, didDocument);
+      throw new import_common17.DidDocumentError("Invalid verification relationships", import_common17.INVALID_DID_DOCUMENT, didDocument);
     }
     return true;
   }
@@ -4419,16 +5199,16 @@ var DidDocument = class _DidDocument {
    */
   validateGenesis() {
     if (this.id !== ID_PLACEHOLDER_VALUE) {
-      throw new import_common15.DidDocumentError("Invalid GenesisDocument ID", import_common15.INVALID_DID_DOCUMENT, this);
+      throw new import_common17.DidDocumentError("Invalid GenesisDocument ID", import_common17.INVALID_DID_DOCUMENT, this);
     }
     if (!this.verificationMethod.every((vm) => vm.id.includes(ID_PLACEHOLDER_VALUE) && vm.controller === ID_PLACEHOLDER_VALUE)) {
-      throw new import_common15.DidDocumentError("Invalid GenesisDocument verificationMethod", import_common15.INVALID_DID_DOCUMENT, this);
+      throw new import_common17.DidDocumentError("Invalid GenesisDocument verificationMethod", import_common17.INVALID_DID_DOCUMENT, this);
     }
     if (!this.service.every((svc) => svc.id.includes(ID_PLACEHOLDER_VALUE))) {
-      throw new import_common15.DidDocumentError("Invalid GenesisDocument service", import_common15.INVALID_DID_DOCUMENT, this);
+      throw new import_common17.DidDocumentError("Invalid GenesisDocument service", import_common17.INVALID_DID_DOCUMENT, this);
     }
     if (!_DidDocument.isValidVerificationRelationships(this)) {
-      throw new import_common15.DidDocumentError("Invalid GenesisDocument assertionMethod", import_common15.INVALID_DID_DOCUMENT, this);
+      throw new import_common17.DidDocumentError("Invalid GenesisDocument assertionMethod", import_common17.INVALID_DID_DOCUMENT, this);
     }
     return true;
   }
@@ -4438,7 +5218,7 @@ var DidDocument = class _DidDocument {
    */
   toIntermediate() {
     if (this.id.includes("k1")) {
-      throw new import_common15.DidDocumentError("Cannot convert a key identifier to an intermediate document", import_common15.INVALID_DID_DOCUMENT, this);
+      throw new import_common17.DidDocumentError("Cannot convert a key identifier to an intermediate document", import_common17.INVALID_DID_DOCUMENT, this);
     }
     return new GenesisDocument(this);
   }
@@ -4468,7 +5248,7 @@ var GenesisDocument = class _GenesisDocument extends DidDocument {
    * @returns {GenesisDocument} The GenesisDocument representation of the DidDocument.
    */
   static fromDidDocument(didDocument) {
-    const intermediateDocument = import_common15.JSONUtils.cloneReplace(didDocument, DID_REGEX, ID_PLACEHOLDER_VALUE);
+    const intermediateDocument = import_common17.JSONUtils.cloneReplace(didDocument, DID_REGEX, ID_PLACEHOLDER_VALUE);
     return new _GenesisDocument(intermediateDocument);
   }
   /**
@@ -4487,9 +5267,9 @@ var GenesisDocument = class _GenesisDocument extends DidDocument {
    * @returns {GenesisDocument} A new GenesisDocument with the placeholder ID.
    */
   static fromPublicKey(publicKey, network) {
-    const pk = new import_keypair4.CompressedSecp256k1PublicKey(publicKey);
+    const pk = new import_keypair3.CompressedSecp256k1PublicKey(publicKey);
     const id = ID_PLACEHOLDER_VALUE;
-    const address = import_bitcoinjs_lib6.payments.p2pkh({ pubkey: pk.compressed, network: (0, import_bitcoin3.getNetwork)(network) })?.address;
+    const address = (0, import_btc_signer6.p2pkh)(pk.compressed, (0, import_bitcoin3.getNetwork)(network)).address;
     const services = [{
       id: `${id}#service-0`,
       serviceEndpoint: `bitcoin:${address}`,
@@ -4525,21 +5305,41 @@ var GenesisDocument = class _GenesisDocument extends DidDocument {
    * @returns {Bytes} The genesis bytes.
    */
   static toGenesisBytes(genesisDocument) {
-    return (0, import_common15.hash)((0, import_common15.canonicalize)(genesisDocument));
+    return (0, import_common17.hash)((0, import_common17.canonicalize)(genesisDocument));
   }
 };
 
-// src/core/update.ts
-var Update = class {
+// src/core/updater.ts
+var Updater = class _Updater {
+  #phase = "Construct" /* Construct */;
+  #sourceDocument;
+  #patches;
+  #sourceVersionId;
+  #verificationMethod;
+  #beaconService;
+  #unsignedUpdate = null;
+  #signedUpdate = null;
+  /**
+   * @internal — Use {@link DidBtcr2.update} to create instances.
+   */
+  constructor(params) {
+    this.#sourceDocument = params.sourceDocument;
+    this.#patches = params.patches;
+    this.#sourceVersionId = params.sourceVersionId;
+    this.#verificationMethod = params.verificationMethod;
+    this.#beaconService = params.beaconService;
+  }
+  // ─── Public static utility methods ─────────────────────────────────────────
+  // Used by generate-vector.ts and other scripts that need direct access to
+  // individual update steps outside the state machine flow.
   /**
    * Implements subsection {@link https://dcdpr.github.io/did-btcr2/operations/update.html#construct-btcr2-unsigned-update | 7.3.b Construct BTCR2 Unsigned Update}.
-   * This process constructs a BTCR2 Unsigned Update conformant to the spec template.
    *
    * @param {Btcr2DidDocument} sourceDocument The source DID document to be updated.
-   * @param {PatchOperation[]} patches The array of JSON Patch operations to apply to the sourceDocument.
+   * @param {PatchOperation[]} patches The JSON Patch operations to apply.
    * @param {number} sourceVersionId The version ID of the source document.
    * @returns {UnsignedBTCR2Update} The constructed UnsignedBTCR2Update object.
-   * @throws {UpdateError} InvalidDid if sourceDocument.id does not match identifier.
+   * @throws {UpdateError} If the target document fails DID Core validation.
    */
   static construct(sourceDocument, patches, sourceVersionId) {
     const unsignedUpdate = {
@@ -4552,35 +5352,34 @@ var Update = class {
       patch: patches,
       targetHash: "",
       targetVersionId: sourceVersionId + 1,
-      sourceHash: (0, import_common16.canonicalHash)(sourceDocument)
+      sourceHash: (0, import_common18.canonicalHash)(sourceDocument)
     };
-    const targetDocument = import_common16.JSONPatch.apply(sourceDocument, patches);
+    const targetDocument = import_common18.JSONPatch.apply(sourceDocument, patches);
     try {
       DidDocument.isValid(targetDocument);
     } catch (error) {
-      throw new import_common16.UpdateError(
+      throw new import_common18.UpdateError(
         "Error validating targetDocument: " + (error instanceof Error ? error.message : String(error)),
-        import_common16.INVALID_DID_UPDATE,
+        import_common18.INVALID_DID_UPDATE,
         targetDocument
       );
     }
-    unsignedUpdate.targetHash = (0, import_common16.canonicalHash)(targetDocument);
+    unsignedUpdate.targetHash = (0, import_common18.canonicalHash)(targetDocument);
     return unsignedUpdate;
   }
   /**
    * Implements subsection {@link http://dcdpr.github.io/did-btcr2/operations/update.html#construct-btcr2-signed-update | 7.3.c Construct BTCR2 Signed Update }.
-   * This process constructs a BTCR2 Signed Update from a BTCR2 Unsigned Update.
    *
-   * @param {string} did The did-btcr2 identifier to derive the root capability from
-   * @param {UnsignedBTCR2Update} unsignedUpdate The updatePayload object to be signed
-   * @param {DidVerificationMethod} verificationMethod The verificationMethod object to be used for signing
-   * @returns {SignedBTCR2Update} Did update payload secured with a proof => SignedBTCR2Update
-   * @throws {UpdateError} if the privateKeyBytes are invalid
+   * @param {string} did The did-btcr2 identifier to derive the root capability from.
+   * @param {UnsignedBTCR2Update} unsignedUpdate The unsigned update to sign.
+   * @param {DidVerificationMethod} verificationMethod The verification method for signing.
+   * @param {KeyBytes} secretKey The secret key bytes.
+   * @returns {SignedBTCR2Update} The signed update with a Data Integrity proof.
    */
   static sign(did, unsignedUpdate, verificationMethod, secretKey) {
     const controller = verificationMethod.controller;
     const id = verificationMethod.id.slice(verificationMethod.id.indexOf("#"));
-    const multikey = import_cryptosuite.SchnorrMultikey.fromSecretKey(id, controller, secretKey);
+    const multikey = import_cryptosuite2.SchnorrMultikey.fromSecretKey(id, controller, secretKey);
     const config = {
       "@context": [
         "https://w3id.org/security/v2",
@@ -4600,22 +5399,145 @@ var Update = class {
   }
   /**
    * Implements subsection {@link https://dcdpr.github.io/did-btcr2/operations/update.html#announce-did-update | 7.3.d Announce DID Update}.
-   * BTCR2 Signed Updates are announced to the Bitcoin blockchain depending on the Beacon Type.
-   * @param {BeaconService} beaconService The BeaconService object representing the funded beacon to announce the update to.
-   * @param {SignedBTCR2Update} update The signed update object to be announced.
-   * @param {KeyBytes} secretKey The private key used to sign the update for announcement.
-   * @returns {SignedBTCR2Update} The SignedBTCR2Update object containing data to validate the Beacon Signal
-   * @throws {UpdateError} if the beaconService type is invalid
+   * Announces a signed update to the Bitcoin blockchain via the specified beacon.
+   *
+   * @param {BeaconService} beaconService The beacon service to broadcast through.
+   * @param {SignedBTCR2Update} update The signed update to announce.
+   * @param {KeyBytes} secretKey The secret key for signing the Bitcoin transaction.
+   * @param {BitcoinConnection} bitcoin The Bitcoin network connection.
+   * @returns {Promise<SignedBTCR2Update>} The signed update that was broadcast.
    */
   static async announce(beaconService, update, secretKey, bitcoin) {
     const beacon = BeaconFactory.establish(beaconService);
-    const result = await beacon.broadcastSignal(update, secretKey, bitcoin);
-    return result;
+    return beacon.broadcastSignal(update, secretKey, bitcoin);
+  }
+  // ─── Private instance wrappers ─────────────────────────────────────────────
+  // Delegate to the public statics with bound instance fields for cleaner
+  // advance/provide code.
+  #construct() {
+    return _Updater.construct(this.#sourceDocument, this.#patches, this.#sourceVersionId);
+  }
+  #sign(secretKey) {
+    return _Updater.sign(this.#sourceDocument.id, this.#unsignedUpdate, this.#verificationMethod, secretKey);
+  }
+  // ─── State machine ─────────────────────────────────────────────────────────
+  /**
+   * Advance the state machine. Returns either:
+   * - `{ status: 'action-required', needs }` — caller must provide data via {@link provide}
+   * - `{ status: 'complete', result }` — update is signed and broadcast
+   */
+  advance() {
+    while (true) {
+      switch (this.#phase) {
+        // Phase: Construct
+        // Build the unsigned update from source doc + patches. Pure, synchronous.
+        case "Construct" /* Construct */: {
+          this.#unsignedUpdate = this.#construct();
+          this.#phase = "Sign" /* Sign */;
+          continue;
+        }
+        // Phase: Sign
+        // Emit NeedSigningKey — the caller supplies the secret key (or a KMS signature).
+        case "Sign" /* Sign */: {
+          return {
+            status: "action-required",
+            needs: [{
+              kind: "NeedSigningKey",
+              verificationMethodId: this.#verificationMethod.id,
+              unsignedUpdate: this.#unsignedUpdate
+            }]
+          };
+        }
+        // Phase: Fund
+        // Emit NeedFunding with the beacon address. The caller checks UTXOs,
+        // funds the address if needed, and provides to continue.
+        case "Fund" /* Fund */: {
+          const beaconAddress = this.#beaconService.serviceEndpoint.replace("bitcoin:", "");
+          return {
+            status: "action-required",
+            needs: [{
+              kind: "NeedFunding",
+              beaconAddress,
+              beaconService: this.#beaconService
+            }]
+          };
+        }
+        // Phase: Broadcast
+        // Emit NeedBroadcast with the signed update + beacon service. The caller performs
+        // the actual on-chain announcement (or hands off to the aggregation protocol).
+        case "Broadcast" /* Broadcast */: {
+          return {
+            status: "action-required",
+            needs: [{
+              kind: "NeedBroadcast",
+              beaconService: this.#beaconService,
+              signedUpdate: this.#signedUpdate
+            }]
+          };
+        }
+        // Phase: Complete
+        case "Complete" /* Complete */: {
+          return {
+            status: "complete",
+            result: { signedUpdate: this.#signedUpdate }
+          };
+        }
+      }
+    }
+  }
+  provide(need, data) {
+    switch (need.kind) {
+      case "NeedSigningKey": {
+        if (this.#phase !== "Sign" /* Sign */) {
+          throw new import_common18.UpdateError(
+            `Cannot provide NeedSigningKey: updater phase is ${this.#phase}, expected Sign.`,
+            import_common18.INVALID_DID_UPDATE,
+            { phase: this.#phase }
+          );
+        }
+        if (!data) {
+          throw new import_common18.UpdateError(
+            "NeedSigningKey requires secret key bytes.",
+            import_common18.INVALID_DID_UPDATE
+          );
+        }
+        if (!this.#unsignedUpdate) {
+          throw new import_common18.UpdateError(
+            "Internal error: unsigned update missing in Sign phase.",
+            import_common18.INVALID_DID_UPDATE
+          );
+        }
+        this.#signedUpdate = this.#sign(data);
+        this.#phase = "Fund" /* Fund */;
+        break;
+      }
+      case "NeedFunding": {
+        if (this.#phase !== "Fund" /* Fund */) {
+          throw new import_common18.UpdateError(
+            `Cannot provide NeedFunding: updater phase is ${this.#phase}, expected Fund.`,
+            import_common18.INVALID_DID_UPDATE,
+            { phase: this.#phase }
+          );
+        }
+        this.#phase = "Broadcast" /* Broadcast */;
+        break;
+      }
+      case "NeedBroadcast": {
+        if (this.#phase !== "Broadcast" /* Broadcast */) {
+          throw new import_common18.UpdateError(
+            `Cannot provide NeedBroadcast: updater phase is ${this.#phase}, expected Broadcast.`,
+            import_common18.INVALID_DID_UPDATE,
+            { phase: this.#phase }
+          );
+        }
+        this.#phase = "Complete" /* Complete */;
+        break;
+      }
+    }
   }
 };
 
 // src/did-btcr2.ts
-(0, import_bitcoinjs_lib7.initEccLib)(ecc);
 var DidBtcr2 = class {
   /**
    * Name of the DID method, as defined in the DID BTCR2 specification
@@ -4640,9 +5562,9 @@ var DidBtcr2 = class {
   static create(genesisBytes, options) {
     const { idType, version = 1, network = "bitcoin" } = options || {};
     if (!idType) {
-      throw new import_common17.MethodError(
+      throw new import_common19.MethodError(
         "idType is required for creating a did:btcr2 identifier",
-        import_common17.INVALID_DID_DOCUMENT,
+        import_common19.INVALID_DID_DOCUMENT,
         options
       );
     }
@@ -4672,7 +5594,7 @@ var DidBtcr2 = class {
   static resolve(did, resolutionOptions = {}) {
     const didComponents = Identifier.decode(did);
     const sidecarData = Resolver.sidecarData(resolutionOptions.sidecar);
-    const currentDocument = didComponents.hrp === import_common17.IdentifierHrp.k ? Resolver.deterministic(didComponents) : null;
+    const currentDocument = didComponents.hrp === import_common19.IdentifierHrp.k ? Resolver.deterministic(didComponents) : null;
     return new Resolver(didComponents, sidecarData, currentDocument, {
       versionId: resolutionOptions.versionId,
       versionTime: resolutionOptions.versionTime,
@@ -4680,90 +5602,79 @@ var DidBtcr2 = class {
     });
   }
   /**
-   * Entry point for section {@link https://dcdpr.github.io/did-btcr2/#read | 7.3 Update}.
-   * See specification for the {@link https://dcdpr.github.io/did-btcr2/operations/resolve.html#process | Resolve Process}.
-   * See {@link Update | Update (class)} for class implementation.
+   * Entry point for section {@link https://dcdpr.github.io/did-btcr2/#update | 7.3 Update}.
+   *
+   * Factory method that validates the update parameters and returns a sans-I/O
+   * {@link Updater} state machine. The caller drives the updater through its
+   * phases (Construct → Sign → Broadcast → Complete) by calling `advance()` and
+   * `provide()`. The method package performs **zero I/O** — signing key retrieval
+   * (or KMS delegation) and the on-chain broadcast are the caller's responsibility.
+   *
+   * For a fully-wired version with Bitcoin broadcast and key handling, see
+   * `DidMethodApi.update()` in `@did-btcr2/api`.
    *
-   * BTCR2 DID documents can be updated by anchoring BTCR2 Updates to Bitcoin transactions. These transactions MAY be
-   * published to the Bitcoin network. Any property in the DID document may be updated except the id. Doing so would
-   * invalidate the DID document.
-   * @param params An object containing the parameters for the update operation.
+   * @param params Update construction parameters.
    * @param {Btcr2DidDocument} params.sourceDocument The DID document being updated.
-   * @param {PatchOperation[]} params.patches The array of JSON Patch operations to apply to the sourceDocument.
-   * @param {string} params.sourceVersionId The version ID before applying the update.
-   * @param {string} params.verificationMethodId The verificationMethod ID to sign the update with.
-   * @param {string} params.beaconId The beacon ID associated with the update.
-   * @param {KeyBytes | HexString} [params.signingMaterial] Optional signing material (key bytes or hex string).
-   * @param {BitcoinConnection} [params.bitcoin] Optional Bitcoin network connection for announcing the update. If not provided, a default connection will be initialized.
-   * @return {Promise<SignedBTCR2Update>} Promise resolving to the signed BTCR2 update.
-   * @throws {UpdateError} if no verificationMethod, verificationMethod type is not `Multikey` or the publicKeyMultibase
-   * header is not `zQ3s`
-   */
-  static async update({
+   * @param {PatchOperation[]} params.patches The JSON Patch operations to apply.
+   * @param {number} params.sourceVersionId The version ID before applying the update.
+   * @param {string} params.verificationMethodId The verification method ID to sign with.
+   * @param {string} params.beaconId The beacon service ID to broadcast through.
+   * @returns {Updater} A sans-I/O state machine for driving the update.
+   * @throws {UpdateError} If the verification method is not authorized, not found,
+   *   not of type `Multikey`, or does not have a `zQ3s` publicKeyMultibase prefix.
+   *   Also throws if the beacon service is not found.
+   */
+  static update({
     sourceDocument,
     patches,
     sourceVersionId,
     verificationMethodId,
-    beaconId,
-    signingMaterial,
-    bitcoin
+    beaconId
   }) {
-    if (!signingMaterial) {
-      throw new import_common17.UpdateError(
-        "Missing signing material for update",
-        import_common17.INVALID_DID_UPDATE,
-        { signingMaterial }
-      );
-    }
-    const secretKey = typeof signingMaterial === "string" ? (0, import_utils9.hexToBytes)(signingMaterial) : signingMaterial;
     if (!sourceDocument.capabilityInvocation?.some((vr) => vr === verificationMethodId)) {
-      throw new import_common17.UpdateError(
+      throw new import_common19.UpdateError(
         "Invalid verificationMethodId: not authorized for capabilityInvocation",
-        import_common17.INVALID_DID_DOCUMENT,
+        import_common19.INVALID_DID_DOCUMENT,
         sourceDocument
       );
     }
     const verificationMethod = this.getSigningMethod(sourceDocument, verificationMethodId);
     if (!verificationMethod) {
-      throw new import_common17.UpdateError(
+      throw new import_common19.UpdateError(
         "Invalid verificationMethod: not found in source document",
-        import_common17.INVALID_DID_DOCUMENT,
+        import_common19.INVALID_DID_DOCUMENT,
         { sourceDocument, verificationMethodId }
       );
     }
     if (verificationMethod.type !== "Multikey") {
-      throw new import_common17.UpdateError(
+      throw new import_common19.UpdateError(
         'Invalid verificationMethod: verificationMethod.type must be "Multikey"',
-        import_common17.INVALID_DID_DOCUMENT,
+        import_common19.INVALID_DID_DOCUMENT,
         verificationMethod
       );
     }
     if (verificationMethod.publicKeyMultibase?.slice(0, 4) !== "zQ3s") {
-      throw new import_common17.UpdateError(
+      throw new import_common19.UpdateError(
         'Invalid verificationMethodId: publicKeyMultibase prefix must start with "zQ3s"',
-        import_common17.INVALID_DID_DOCUMENT,
+        import_common19.INVALID_DID_DOCUMENT,
         verificationMethod
       );
     }
-    const update = Update.construct(sourceDocument, patches, sourceVersionId);
-    const signed = Update.sign(sourceDocument.id, update, verificationMethod, secretKey);
     const beaconService = sourceDocument.service.filter((service) => service.id === beaconId).filter((service) => !!service).shift();
     if (!beaconService) {
-      throw new import_common17.UpdateError(
+      throw new import_common19.UpdateError(
         "No beacon service found for provided beaconId",
-        import_common17.INVALID_DID_UPDATE,
+        import_common19.INVALID_DID_UPDATE,
         { sourceDocument, beaconId }
       );
     }
-    if (!bitcoin) {
-      throw new import_common17.UpdateError(
-        "Bitcoin connection required for update. Pass a configured `bitcoin` parameter or use DidBtcr2Api which injects it automatically.",
-        import_common17.INVALID_DID_UPDATE,
-        { beaconId }
-      );
-    }
-    await Update.announce(beaconService, signed, secretKey, bitcoin);
-    return signed;
+    return new Updater({
+      sourceDocument,
+      patches,
+      sourceVersionId,
+      verificationMethod,
+      beaconService
+    });
   }
   /**
    * Given the W3C DID Document of a `did:btcr2` identifier, return the signing verification method that will be used
@@ -4779,7 +5690,7 @@ var DidBtcr2 = class {
     methodId ??= "#initialKey";
     const parsedDid = import_dids2.Did.parse(didDocument.id);
     if (parsedDid && parsedDid.method !== this.methodName) {
-      throw new import_common17.MethodError(`Method not supported: ${parsedDid.method}`, import_common17.METHOD_NOT_SUPPORTED, { identifier: didDocument.id });
+      throw new import_common19.MethodError(`Method not supported: ${parsedDid.method}`, import_common19.METHOD_NOT_SUPPORTED, { identifier: didDocument.id });
     }
     const verificationMethod = didDocument.verificationMethod?.find(
       (vm) => Appendix.extractDidFragment(vm.id) === (Appendix.extractDidFragment(methodId) ?? Appendix.extractDidFragment(didDocument.assertionMethod?.[0]))
@@ -4795,7 +5706,7 @@ var DidBtcr2 = class {
 };
 
 // src/core/resolver.ts
-var import_utils11 = require("@noble/curves/utils.js");
+var import_utils10 = require("@noble/curves/utils.js");
 var Resolver = class _Resolver {
   // --- Immutable inputs ---
   #didComponents;
@@ -4835,7 +5746,7 @@ var Resolver = class _Resolver {
   static deterministic(didComponents) {
     const genesisBytes = didComponents.genesisBytes;
     const did = Identifier.encode(genesisBytes, didComponents);
-    const { multibase } = new import_keypair5.CompressedSecp256k1PublicKey(genesisBytes);
+    const { multibase } = new import_keypair4.CompressedSecp256k1PublicKey(genesisBytes);
     const service = BeaconUtils.generateBeaconServices({
       id: did,
       publicKey: genesisBytes,
@@ -4861,14 +5772,14 @@ var Resolver = class _Resolver {
    * @throws {ResolveError} InvalidDidDocument if not conformant to DID Core v1.1
    */
   static external(didComponents, genesisDocument) {
-    const genesisDocumentHash = (0, import_common18.canonicalHashBytes)(genesisDocument);
-    if (!(0, import_utils11.equalBytes)(didComponents.genesisBytes, genesisDocumentHash)) {
-      throw new import_common18.ResolveError(
+    const genesisDocumentHash = (0, import_common20.canonicalHashBytes)(genesisDocument);
+    if (!(0, import_utils10.equalBytes)(didComponents.genesisBytes, genesisDocumentHash)) {
+      throw new import_common20.ResolveError(
         `Initial document mismatch: genesisBytes !== genesisDocumentHash`,
-        import_common18.INVALID_DID_DOCUMENT,
+        import_common20.INVALID_DID_DOCUMENT,
         {
-          genesisBytes: (0, import_common18.encode)(didComponents.genesisBytes, "hex"),
-          genesisDocumentHash: (0, import_common18.encode)(genesisDocumentHash, "hex")
+          genesisBytes: (0, import_common20.encode)(didComponents.genesisBytes, "hex"),
+          genesisDocumentHash: (0, import_common20.encode)(genesisDocumentHash, "hex")
         }
       );
     }
@@ -4887,12 +5798,12 @@ var Resolver = class _Resolver {
     const updateMap = /* @__PURE__ */ new Map();
     if (sidecar.updates?.length)
       for (const update of sidecar.updates) {
-        updateMap.set((0, import_common18.canonicalHash)(update, { encoding: "hex" }), update);
+        updateMap.set((0, import_common20.canonicalHash)(update, { encoding: "hex" }), update);
       }
     const casMap = /* @__PURE__ */ new Map();
     if (sidecar.casUpdates?.length)
       for (const update of sidecar.casUpdates) {
-        casMap.set((0, import_common18.canonicalHash)(update, { encoding: "hex" }), update);
+        casMap.set((0, import_common20.canonicalHash)(update, { encoding: "hex" }), update);
       }
     const smtMap = /* @__PURE__ */ new Map();
     if (sidecar.smtProofs?.length)
@@ -4925,12 +5836,12 @@ var Resolver = class _Resolver {
       }
     };
     for (const [update, block] of updates) {
-      const currentDocumentHash = (0, import_common18.canonicalHashBytes)(response.didDocument);
-      const blocktime = import_common18.DateUtils.blocktimeToTimestamp(block.time);
-      response.metadata.updated = import_common18.DateUtils.toISOStringNonFractional(blocktime);
+      const currentDocumentHash = (0, import_common20.canonicalHashBytes)(response.didDocument);
+      const blocktime = import_common20.DateUtils.blocktimeToTimestamp(block.time);
+      response.metadata.updated = import_common20.DateUtils.toISOStringNonFractional(blocktime);
       response.metadata.confirmations = block.confirmations;
       if (versionTime) {
-        if (blocktime > import_common18.DateUtils.dateStringToTimestamp(versionTime)) {
+        if (blocktime > import_common20.DateUtils.dateStringToTimestamp(versionTime)) {
           return response;
         }
       }
@@ -4938,22 +5849,22 @@ var Resolver = class _Resolver {
         updateHashHistory.push(currentDocumentHash);
         this.confirmDuplicate(update, updateHashHistory);
       } else if (update.targetVersionId === currentVersionId + 1) {
-        const sourceHashBytes = (0, import_common18.decode)(update.sourceHash, "base64urlnopad");
-        if (!(0, import_utils11.equalBytes)(sourceHashBytes, currentDocumentHash)) {
-          throw new import_common18.ResolveError(
+        const sourceHashBytes = (0, import_common20.decode)(update.sourceHash, "base64urlnopad");
+        if (!(0, import_utils10.equalBytes)(sourceHashBytes, currentDocumentHash)) {
+          throw new import_common20.ResolveError(
             `Hash mismatch: update.sourceHash !== currentDocumentHash`,
-            import_common18.INVALID_DID_UPDATE,
+            import_common20.INVALID_DID_UPDATE,
             {
               sourceHash: update.sourceHash,
-              currentDocumentHash: (0, import_common18.encode)(currentDocumentHash, "hex")
+              currentDocumentHash: (0, import_common20.encode)(currentDocumentHash, "hex")
             }
           );
         }
         response.didDocument = this.applyUpdate(response.didDocument, update);
-        const unsignedUpdate = import_common18.JSONUtils.deleteKeys(update, ["proof"]);
-        updateHashHistory.push((0, import_common18.canonicalHashBytes)(unsignedUpdate));
+        const unsignedUpdate = import_common20.JSONUtils.deleteKeys(update, ["proof"]);
+        updateHashHistory.push((0, import_common20.canonicalHashBytes)(unsignedUpdate));
       } else if (update.targetVersionId > currentVersionId + 1) {
-        throw new import_common18.ResolveError(
+        throw new import_common20.ResolveError(
           `Version Id Mismatch: targetVersionId cannot be > currentVersionId + 1`,
           "LATE_PUBLISHING_ERROR",
           {
@@ -4984,15 +5895,15 @@ var Resolver = class _Resolver {
    */
   static confirmDuplicate(update, updateHashHistory) {
     const { proof: _, ...unsignedUpdate } = update;
-    const unsignedUpdateHash = (0, import_common18.canonicalHashBytes)(unsignedUpdate);
+    const unsignedUpdateHash = (0, import_common20.canonicalHashBytes)(unsignedUpdate);
     const historicalUpdateHash = updateHashHistory[update.targetVersionId - 2];
-    if (!(0, import_utils11.equalBytes)(historicalUpdateHash, unsignedUpdateHash)) {
-      throw new import_common18.ResolveError(
+    if (!(0, import_utils10.equalBytes)(historicalUpdateHash, unsignedUpdateHash)) {
+      throw new import_common20.ResolveError(
         `Invalid duplicate: unsigned update hash does not match historical hash`,
-        import_common18.LATE_PUBLISHING_ERROR,
+        import_common20.LATE_PUBLISHING_ERROR,
         {
-          unsignedUpdateHash: (0, import_common18.encode)(unsignedUpdateHash, "hex"),
-          historicalHash: (0, import_common18.encode)(historicalUpdateHash, "hex")
+          unsignedUpdateHash: (0, import_common20.encode)(unsignedUpdateHash, "hex"),
+          historicalHash: (0, import_common20.encode)(historicalUpdateHash, "hex")
         }
       );
     }
@@ -5007,42 +5918,42 @@ var Resolver = class _Resolver {
   static applyUpdate(currentDocument, update) {
     const capabilityId = update.proof?.capability;
     if (!capabilityId) {
-      throw new import_common18.ResolveError("No root capability found in update", import_common18.INVALID_DID_UPDATE, update);
+      throw new import_common20.ResolveError("No root capability found in update", import_common20.INVALID_DID_UPDATE, update);
     }
     const rootCapability = Appendix.dereferenceZcapId(capabilityId);
     const { invocationTarget, controller: rootController } = rootCapability;
     if (![invocationTarget, rootController].every((id) => id === currentDocument.id)) {
-      throw new import_common18.ResolveError(
+      throw new import_common20.ResolveError(
         "Invalid root capability",
-        import_common18.INVALID_DID_UPDATE,
+        import_common20.INVALID_DID_UPDATE,
         { rootCapability, currentDocument }
       );
     }
     const verificationMethodId = update.proof?.verificationMethod;
     if (!verificationMethodId) {
-      throw new import_common18.ResolveError("No verificationMethod found in update", import_common18.INVALID_DID_UPDATE, update);
+      throw new import_common20.ResolveError("No verificationMethod found in update", import_common20.INVALID_DID_UPDATE, update);
     }
     const vm = DidBtcr2.getSigningMethod(currentDocument, verificationMethodId);
-    const multikey = import_cryptosuite2.SchnorrMultikey.fromVerificationMethod(vm);
-    const cryptosuite = new import_cryptosuite2.BIP340Cryptosuite(multikey);
-    const canonicalUpdate = (0, import_common18.canonicalize)(update);
-    const diProof = new import_cryptosuite2.BIP340DataIntegrityProof(cryptosuite);
+    const multikey = import_cryptosuite3.SchnorrMultikey.fromVerificationMethod(vm);
+    const cryptosuite = new import_cryptosuite3.BIP340Cryptosuite(multikey);
+    const canonicalUpdate = (0, import_common20.canonicalize)(update);
+    const diProof = new import_cryptosuite3.BIP340DataIntegrityProof(cryptosuite);
     const verificationResult = diProof.verifyProof(canonicalUpdate, "capabilityInvocation");
     if (!verificationResult.verified) {
-      throw new import_common18.ResolveError(
+      throw new import_common20.ResolveError(
         "Invalid update: proof not verified",
-        import_common18.INVALID_DID_UPDATE,
+        import_common20.INVALID_DID_UPDATE,
         verificationResult
       );
     }
-    const updatedDocument = import_common18.JSONPatch.apply(currentDocument, update.patch);
+    const updatedDocument = import_common20.JSONPatch.apply(currentDocument, update.patch);
     DidDocument.validate(updatedDocument);
-    const currentDocumentHash = (0, import_common18.canonicalHashBytes)(updatedDocument);
-    const updateTargetHash = (0, import_common18.decode)(update.targetHash);
-    if (!(0, import_utils11.equalBytes)(updateTargetHash, currentDocumentHash)) {
-      throw new import_common18.ResolveError(
+    const currentDocumentHash = (0, import_common20.canonicalHashBytes)(updatedDocument);
+    const updateTargetHash = (0, import_common20.decode)(update.targetHash);
+    if (!(0, import_utils10.equalBytes)(updateTargetHash, currentDocumentHash)) {
+      throw new import_common20.ResolveError(
         `Invalid update: update.targetHash !== currentDocumentHash`,
-        import_common18.INVALID_DID_UPDATE,
+        import_common20.INVALID_DID_UPDATE,
         { updateTargetHash, currentDocumentHash }
       );
     }
@@ -5070,7 +5981,7 @@ var Resolver = class _Resolver {
             this.#phase = "BeaconDiscovery" /* BeaconDiscovery */;
             continue;
           }
-          const genesisHash = (0, import_common18.encode)(this.#didComponents.genesisBytes, "hex");
+          const genesisHash = (0, import_common20.encode)(this.#didComponents.genesisBytes, "hex");
           return {
             status: "action-required",
             needs: [{ kind: "NeedGenesisDocument", genesisHash }]
@@ -5174,21 +6085,21 @@ var Resolver = class _Resolver {
       }
       case "NeedCASAnnouncement": {
         const announcement = data;
-        this.#sidecarData.casMap.set((0, import_common18.canonicalHash)(announcement, { encoding: "hex" }), announcement);
+        this.#sidecarData.casMap.set((0, import_common20.canonicalHash)(announcement, { encoding: "hex" }), announcement);
         break;
       }
       case "NeedSignedUpdate": {
         const update = data;
-        this.#sidecarData.updateMap.set((0, import_common18.canonicalHash)(update, { encoding: "hex" }), update);
+        this.#sidecarData.updateMap.set((0, import_common20.canonicalHash)(update, { encoding: "hex" }), update);
         break;
       }
       case "NeedSMTProof": {
         const smtNeed = need;
         const proof = data;
         if (proof.id !== smtNeed.smtRootHash) {
-          throw new import_common18.ResolveError(
+          throw new import_common20.ResolveError(
             `SMT proof root hash mismatch: expected ${smtNeed.smtRootHash}, got ${proof.id}`,
-            import_common18.INVALID_DID_UPDATE,
+            import_common20.INVALID_DID_UPDATE,
             { expected: smtNeed.smtRootHash, actual: proof.id }
           );
         }
@@ -5200,12 +6111,12 @@ var Resolver = class _Resolver {
 };
 
 // src/utils/did-document-builder.ts
-var import_common19 = require("@did-btcr2/common");
+var import_common21 = require("@did-btcr2/common");
 var DidDocumentBuilder = class {
   document = {};
   constructor(initialDocument) {
     if (!initialDocument.id) {
-      throw new import_common19.DidDocumentError('Missing required "id" property', import_common19.INVALID_DID_DOCUMENT, initialDocument);
+      throw new import_common21.DidDocumentError('Missing required "id" property', import_common21.INVALID_DID_DOCUMENT, initialDocument);
     }
     this.document.id = initialDocument.id;
     this.document.verificationMethod = initialDocument.verificationMethod ?? [];
@@ -5257,6 +6168,7 @@ var DidDocumentBuilder = class {
 0 && (module.exports = {
   AGGREGATED_NONCE,
   AGGREGATION_MESSAGE_PREFIX,
+  AGGREGATION_WIRE_VERSION,
   AUTHORIZATION_REQUEST,
   AggregateBeaconError,
   AggregationCohort,
@@ -5283,6 +6195,10 @@ var DidDocumentBuilder = class {
   COHORT_OPT_IN,
   COHORT_OPT_IN_ACCEPT,
   COHORT_READY,
+  CONSOLE_LOGGER,
+  DEFAULT_ADVERT_REPEAT_INTERVAL_MS,
+  DEFAULT_BROADCAST_LOOKBACK_MS,
+  DEFAULT_MAX_UPDATE_SIZE_BYTES,
   DEFAULT_NOSTR_RELAYS,
   DID_REGEX,
   DISTRIBUTE_AGGREGATED_DATA,
@@ -5300,6 +6216,7 @@ var DidDocumentBuilder = class {
   ParticipantCohortPhase,
   Resolver,
   SIGNATURE_AUTHORIZATION,
+  SILENT_LOGGER,
   SMTBeacon,
   SMTBeaconError,
   SUBMIT_UPDATE,
@@ -5308,12 +6225,14 @@ var DidDocumentBuilder = class {
   SigningSessionPhase,
   SingletonBeacon,
   SingletonBeaconError,
+  StaticFeeEstimator,
   TransportAdapterError,
   TransportError,
   TransportFactory,
   TypedEventEmitter,
-  Update,
+  Updater,
   VALIDATION_ACK,
+  buildAggregationBeaconTx,
   createAggregatedNonceMessage,
   createAuthorizationRequestMessage,
   createCohortAdvertMessage,
@@ -5325,8 +6244,22 @@ var DidDocumentBuilder = class {
   createSignatureAuthorizationMessage,
   createSubmitUpdateMessage,
   createValidationAckMessage,
+  getBeaconStrategy,
+  isAggregatedNonceMessage,
   isAggregationMessageType,
+  isAuthorizationRequestMessage,
+  isCohortAdvertMessage,
+  isCohortOptInAcceptMessage,
+  isCohortOptInMessage,
+  isCohortReadyMessage,
+  isDistributeAggregatedDataMessage,
   isKeygenMessageType,
+  isNonceContributionMessage,
   isSignMessageType,
-  isUpdateMessageType
+  isSignatureAuthorizationMessage,
+  isSubmitUpdateMessage,
+  isUpdateMessageType,
+  isValidationAckMessage,
+  opReturnScript,
+  registerBeaconStrategy
 });