@did-btcr2/method 0.28.0 → 0.32.0

package/dist/cjs/index.js

@@ -32,6 +32,7 @@ var index_exports = {};
 __export(index_exports, {
   AGGREGATED_NONCE: () => AGGREGATED_NONCE,
   AGGREGATION_MESSAGE_PREFIX: () => AGGREGATION_MESSAGE_PREFIX,
+  AGGREGATION_WIRE_VERSION: () => AGGREGATION_WIRE_VERSION,
   AUTHORIZATION_REQUEST: () => AUTHORIZATION_REQUEST,
   AggregateBeaconError: () => AggregateBeaconError,
   AggregationCohort: () => AggregationCohort,
@@ -58,6 +59,12 @@ __export(index_exports, {
   COHORT_OPT_IN: () => COHORT_OPT_IN,
   COHORT_OPT_IN_ACCEPT: () => COHORT_OPT_IN_ACCEPT,
   COHORT_READY: () => COHORT_READY,
+  CONSOLE_LOGGER: () => CONSOLE_LOGGER,
+  DEFAULT_ADVERT_REPEAT_INTERVAL_MS: () => DEFAULT_ADVERT_REPEAT_INTERVAL_MS,
+  DEFAULT_BROADCAST_LOOKBACK_MS: () => DEFAULT_BROADCAST_LOOKBACK_MS,
+  DEFAULT_CLOCK_SKEW_SEC: () => DEFAULT_CLOCK_SKEW_SEC,
+  DEFAULT_MAX_UPDATE_SIZE_BYTES: () => DEFAULT_MAX_UPDATE_SIZE_BYTES,
+  DEFAULT_NONCE_LEN_BYTES: () => DEFAULT_NONCE_LEN_BYTES,
   DEFAULT_NOSTR_RELAYS: () => DEFAULT_NOSTR_RELAYS,
   DID_REGEX: () => DID_REGEX,
   DISTRIBUTE_AGGREGATED_DATA: () => DISTRIBUTE_AGGREGATED_DATA,
@@ -68,15 +75,31 @@ __export(index_exports, {
   DidVerificationMethod: () => DidVerificationMethod,
   Document: () => Document,
   GenesisDocument: () => GenesisDocument,
+  HTTP_ENVELOPE_VERSION: () => HTTP_ENVELOPE_VERSION,
+  HTTP_ROUTE: () => HTTP_ROUTE,
+  HttpClientTransport: () => HttpClientTransport,
+  HttpServerTransport: () => HttpServerTransport,
+  HttpTransportError: () => HttpTransportError,
   ID_PLACEHOLDER_VALUE: () => ID_PLACEHOLDER_VALUE,
   Identifier: () => Identifier,
+  InMemoryRateLimitStore: () => InMemoryRateLimitStore,
+  InboxBuffer: () => InboxBuffer,
   NONCE_CONTRIBUTION: () => NONCE_CONTRIBUTION,
+  NonceCache: () => NonceCache,
   NostrTransport: () => NostrTransport,
+  P2PKH_BEACON_TX_VSIZE: () => P2PKH_BEACON_TX_VSIZE,
+  P2TR_BEACON_TX_VSIZE: () => P2TR_BEACON_TX_VSIZE,
+  P2WPKH_BEACON_TX_VSIZE: () => P2WPKH_BEACON_TX_VSIZE,
   ParticipantCohortPhase: () => ParticipantCohortPhase,
+  REQUEST_AUTH_SCHEME: () => REQUEST_AUTH_SCHEME,
+  RateLimiter: () => RateLimiter,
   Resolver: () => Resolver,
   SIGNATURE_AUTHORIZATION: () => SIGNATURE_AUTHORIZATION,
+  SILENT_LOGGER: () => SILENT_LOGGER,
+  SINGLETON_BEACON_TX_VSIZE: () => SINGLETON_BEACON_TX_VSIZE,
   SMTBeacon: () => SMTBeacon,
   SMTBeaconError: () => SMTBeaconError,
+  SSE_EVENT: () => SSE_EVENT,
   SUBMIT_UPDATE: () => SUBMIT_UPDATE,
   ServiceCohortPhase: () => ServiceCohortPhase,
   SigningSessionError: () => SigningSessionError,
@@ -90,6 +113,8 @@ __export(index_exports, {
   TypedEventEmitter: () => TypedEventEmitter,
   Updater: () => Updater,
   VALIDATION_ACK: () => VALIDATION_ACK,
+  buildAggregationBeaconTx: () => buildAggregationBeaconTx,
+  buildRequestAuth: () => buildRequestAuth,
   createAggregatedNonceMessage: () => createAggregatedNonceMessage,
   createAuthorizationRequestMessage: () => createAuthorizationRequestMessage,
   createCohortAdvertMessage: () => createCohortAdvertMessage,
@@ -101,41 +126,126 @@ __export(index_exports, {
   createSignatureAuthorizationMessage: () => createSignatureAuthorizationMessage,
   createSubmitUpdateMessage: () => createSubmitUpdateMessage,
   createValidationAckMessage: () => createValidationAckMessage,
+  defaultReconnectBackoff: () => defaultReconnectBackoff,
+  deriveSingletonAddress: () => deriveSingletonAddress,
+  detectSingletonScriptKind: () => detectSingletonScriptKind,
+  formatSseComment: () => formatSseComment,
+  formatSseEvent: () => formatSseEvent,
+  getBeaconStrategy: () => getBeaconStrategy,
+  isAggregatedNonceMessage: () => isAggregatedNonceMessage,
   isAggregationMessageType: () => isAggregationMessageType,
+  isAuthorizationRequestMessage: () => isAuthorizationRequestMessage,
+  isCohortAdvertMessage: () => isCohortAdvertMessage,
+  isCohortOptInAcceptMessage: () => isCohortOptInAcceptMessage,
+  isCohortOptInMessage: () => isCohortOptInMessage,
+  isCohortReadyMessage: () => isCohortReadyMessage,
+  isDistributeAggregatedDataMessage: () => isDistributeAggregatedDataMessage,
   isKeygenMessageType: () => isKeygenMessageType,
+  isNonceContributionMessage: () => isNonceContributionMessage,
   isSignMessageType: () => isSignMessageType,
-  isUpdateMessageType: () => isUpdateMessageType
+  isSignatureAuthorizationMessage: () => isSignatureAuthorizationMessage,
+  isSubmitUpdateMessage: () => isSubmitUpdateMessage,
+  isUpdateMessageType: () => isUpdateMessageType,
+  isValidationAckMessage: () => isValidationAckMessage,
+  normalizeForWire: () => normalizeForWire,
+  opReturnScript: () => opReturnScript,
+  parseRequestAuth: () => parseRequestAuth,
+  parseSseStream: () => parseSseStream,
+  registerBeaconStrategy: () => registerBeaconStrategy,
+  reviveFromWire: () => reviveFromWire,
+  signEnvelope: () => signEnvelope,
+  verifyEnvelope: () => verifyEnvelope,
+  verifyRequestAuth: () => verifyRequestAuth
 });
 module.exports = __toCommonJS(index_exports);
 
 // src/core/aggregation/service.ts
+var import_common4 = require("@did-btcr2/common");
+var import_cryptosuite = require("@did-btcr2/cryptosuite");
 var import_utils2 = require("@noble/hashes/utils");
 
-// src/core/aggregation/cohort.ts
-var import_common2 = require("@did-btcr2/common");
+// src/core/aggregation/beacon-strategy.ts
+var import_common = require("@did-btcr2/common");
 var import_smt = require("@did-btcr2/smt");
+var CAS_STRATEGY = {
+  type: "CASBeacon",
+  buildAggregatedData(cohort) {
+    cohort.buildCASAnnouncement();
+  },
+  getDistributePayload(cohort) {
+    return { casAnnouncement: cohort.casAnnouncement };
+  },
+  validateParticipantView({ participantDid, expectedHash, body }) {
+    const casAnnouncement = body.casAnnouncement;
+    if (!casAnnouncement) return { matches: false };
+    return {
+      matches: casAnnouncement[participantDid] === expectedHash,
+      casAnnouncement
+    };
+  }
+};
+var SMT_STRATEGY = {
+  type: "SMTBeacon",
+  buildAggregatedData(cohort) {
+    cohort.buildSMTTree();
+  },
+  getDistributePayload(cohort, participantDid) {
+    const proof = cohort.smtProofs?.get(participantDid);
+    return { smtProof: proof };
+  },
+  validateParticipantView({ participantDid, submittedUpdate, body }) {
+    const smtProof = body.smtProof;
+    if (!smtProof?.updateId || !smtProof?.nonce) return { matches: false };
+    const canonicalBytes = new TextEncoder().encode((0, import_common.canonicalize)(submittedUpdate));
+    const expectedUpdateId = (0, import_smt.hashToHex)((0, import_smt.blockHash)(canonicalBytes));
+    if (smtProof.updateId !== expectedUpdateId) {
+      return { matches: false, smtProof };
+    }
+    const index = (0, import_smt.didToIndex)(participantDid);
+    const candidateHash = (0, import_smt.blockHash)((0, import_smt.blockHash)((0, import_smt.hexToHash)(smtProof.nonce)), (0, import_smt.hexToHash)(smtProof.updateId));
+    return {
+      matches: (0, import_smt.verifySerializedProof)(smtProof, index, candidateHash),
+      smtProof
+    };
+  }
+};
+var STRATEGIES = /* @__PURE__ */ new Map([
+  [CAS_STRATEGY.type, CAS_STRATEGY],
+  [SMT_STRATEGY.type, SMT_STRATEGY]
+]);
+function registerBeaconStrategy(strategy) {
+  STRATEGIES.set(strategy.type, strategy);
+}
+function getBeaconStrategy(type) {
+  return STRATEGIES.get(type);
+}
+
+// src/core/aggregation/cohort.ts
+var import_common3 = require("@did-btcr2/common");
+var import_smt2 = require("@did-btcr2/smt");
+var import_secp256k1 = require("@noble/curves/secp256k1.js");
 var import_utils = require("@noble/hashes/utils");
+var import_btc_signer = require("@scure/btc-signer");
 var import_musig2 = require("@scure/btc-signer/musig2");
-var import_bitcoinjs_lib = require("bitcoinjs-lib");
 
 // src/core/aggregation/errors.ts
-var import_common = require("@did-btcr2/common");
-var AggregationServiceError = class extends import_common.MethodError {
+var import_common2 = require("@did-btcr2/common");
+var AggregationServiceError = class extends import_common2.MethodError {
   constructor(message, type = "AggregationServiceError", data) {
     super(message, type, data);
   }
 };
-var AggregationParticipantError = class extends import_common.MethodError {
+var AggregationParticipantError = class extends import_common2.MethodError {
   constructor(message, type = "AggregationParticipantError", data) {
     super(message, type, data);
   }
 };
-var AggregationCohortError = class extends import_common.MethodError {
+var AggregationCohortError = class extends import_common2.MethodError {
   constructor(message, type = "AggregationCohortError", data) {
     super(message, type, data);
   }
 };
-var SigningSessionError = class extends import_common.MethodError {
+var SigningSessionError = class extends import_common2.MethodError {
   constructor(message, type = "SigningSessionError", data) {
     super(message, type, data);
   }
@@ -155,10 +265,21 @@ var AggregationCohort = class {
   beaconType;
   /** List of participant DIDs that have been accepted into the cohort. */
   participants = [];
+  /**
+   * Mapping from participant DID → their compressed secp256k1 public key.
+   * Distinct from {@link cohortKeys} (which is sorted per BIP-327) — this lets
+   * callers look up a participant's key without knowing their position in the
+   * sorted array. Populated by the service at `acceptParticipant` time.
+   */
+  participantKeys = /* @__PURE__ */ new Map();
   /** Sorted list of cohort participants' compressed public keys. */
   #cohortKeys = [];
-  /** Taproot tweak (BIP-341 key-path-only). */
-  trMerkleRoot = new Uint8Array();
+  /**
+   * BIP-341 TapTweak — `taggedHash("TapTweak", internalPubkey)` for a key-path-only
+   * Taproot output. Despite prior naming, this is NOT a Merkle root: key-path-only
+   * spends have no script tree.
+   */
+  tapTweak = new Uint8Array();
   /** The n-of-n MuSig2 Taproot beacon address. */
   beaconAddress = "";
   /** Pending DID updates submitted by participants, keyed by DID. */
@@ -189,7 +310,7 @@ var AggregationCohort = class {
   }
   /**
    * Computes the n-of-n MuSig2 Taproot beacon address from cohort keys.
-   * Sets `trMerkleRoot` to the BIP-341 key-path-only tweak.
+   * Sets `tapTweak` to the BIP-341 key-path-only tweak.
    */
   computeBeaconAddress() {
     if (this.#cohortKeys.length === 0) {
@@ -201,8 +322,8 @@ var AggregationCohort = class {
     }
     const keyAggContext = (0, import_musig2.keyAggregate)(this.#cohortKeys);
     const aggPubkey = (0, import_musig2.keyAggExport)(keyAggContext);
-    const payment = import_bitcoinjs_lib.payments.p2tr({ internalPubkey: aggPubkey });
-    this.trMerkleRoot = payment.hash ?? import_bitcoinjs_lib.crypto.taggedHash("TapTweak", aggPubkey);
+    const payment = (0, import_btc_signer.p2tr)(aggPubkey);
+    this.tapTweak = import_secp256k1.schnorr.utils.taggedHash("TapTweak", aggPubkey);
     if (!payment.address) {
       throw new AggregationCohortError(
         "Failed to compute Taproot address",
@@ -236,6 +357,18 @@ var AggregationCohort = class {
       );
     }
   }
+  /**
+   * Returns the position of a participant's public key in the sorted
+   * {@link cohortKeys} array, or -1 if the participant is not in the cohort.
+   * Required by MuSig2 partial-sig verification which indexes by signer position.
+   */
+  indexOfParticipant(did) {
+    const pk = this.participantKeys.get(did);
+    if (!pk) return -1;
+    return this.#cohortKeys.findIndex(
+      (k) => k.length === pk.length && k.every((b, i) => b === pk[i])
+    );
+  }
   addUpdate(participantDid, signedUpdate) {
     if (!this.participants.includes(participantDid)) {
       throw new AggregationCohortError(
@@ -264,10 +397,10 @@ var AggregationCohort = class {
     }
     const announcement = {};
     for (const [did, signedUpdate] of this.pendingUpdates) {
-      announcement[did] = (0, import_common2.canonicalHash)(signedUpdate);
+      announcement[did] = (0, import_common3.canonicalHash)(signedUpdate);
     }
     this.casAnnouncement = announcement;
-    this.signalBytes = (0, import_common2.hash)((0, import_common2.canonicalize)(announcement));
+    this.signalBytes = (0, import_common3.hash)((0, import_common3.canonicalize)(announcement));
     return announcement;
   }
   /**
@@ -283,11 +416,11 @@ var AggregationCohort = class {
         { cohortId: this.id }
       );
     }
-    const tree = new import_smt.BTCR2MerkleTree();
+    const tree = new import_smt2.BTCR2MerkleTree();
     const entries = [];
     const encoder = new TextEncoder();
     for (const [did, signedUpdate] of this.pendingUpdates) {
-      const canonicalBytes = encoder.encode((0, import_common2.canonicalize)(signedUpdate));
+      const canonicalBytes = encoder.encode((0, import_common3.canonicalize)(signedUpdate));
       const nonce = (0, import_utils.randomBytes)(32);
       entries.push({ did, nonce, signedUpdate: canonicalBytes });
     }
@@ -329,28 +462,17 @@ var AggregationCohort = class {
   }
 };
 
-// src/core/aggregation/messages/constants.ts
-var AGGREGATION_MESSAGE_PREFIX = "https://btcr2.dev/aggregation";
-var COHORT_ADVERT = `${AGGREGATION_MESSAGE_PREFIX}/keygen/cohort_advert`;
-var COHORT_OPT_IN = `${AGGREGATION_MESSAGE_PREFIX}/keygen/cohort_opt_in`;
-var COHORT_OPT_IN_ACCEPT = `${AGGREGATION_MESSAGE_PREFIX}/keygen/cohort_opt_in_accept`;
-var COHORT_READY = `${AGGREGATION_MESSAGE_PREFIX}/keygen/cohort_ready`;
-var SUBMIT_UPDATE = `${AGGREGATION_MESSAGE_PREFIX}/update/submit_update`;
-var DISTRIBUTE_AGGREGATED_DATA = `${AGGREGATION_MESSAGE_PREFIX}/update/distribute_aggregated_data`;
-var VALIDATION_ACK = `${AGGREGATION_MESSAGE_PREFIX}/update/validation_ack`;
-var AUTHORIZATION_REQUEST = `${AGGREGATION_MESSAGE_PREFIX}/sign/authorization_request`;
-var NONCE_CONTRIBUTION = `${AGGREGATION_MESSAGE_PREFIX}/sign/nonce_contribution`;
-var AGGREGATED_NONCE = `${AGGREGATION_MESSAGE_PREFIX}/sign/aggregated_nonce`;
-var SIGNATURE_AUTHORIZATION = `${AGGREGATION_MESSAGE_PREFIX}/sign/signature_authorization`;
-
 // src/core/aggregation/messages/base.ts
+var AGGREGATION_WIRE_VERSION = 1;
 var BaseMessage = class {
   type;
+  version;
   to;
   from;
   body;
-  constructor({ type, to, from: from2, body }) {
+  constructor({ type, version, to, from: from2, body }) {
     this.type = type;
+    this.version = version ?? AGGREGATION_WIRE_VERSION;
     this.to = to;
     this.from = from2;
     this.body = body;
@@ -362,6 +484,7 @@ var BaseMessage = class {
   toJSON() {
     return {
       type: this.type,
+      version: this.version,
       to: this.to,
       from: this.from,
       body: this.body
@@ -369,6 +492,20 @@ var BaseMessage = class {
   }
 };
 
+// src/core/aggregation/messages/constants.ts
+var AGGREGATION_MESSAGE_PREFIX = "https://btcr2.dev/aggregation";
+var COHORT_ADVERT = `${AGGREGATION_MESSAGE_PREFIX}/keygen/cohort_advert`;
+var COHORT_OPT_IN = `${AGGREGATION_MESSAGE_PREFIX}/keygen/cohort_opt_in`;
+var COHORT_OPT_IN_ACCEPT = `${AGGREGATION_MESSAGE_PREFIX}/keygen/cohort_opt_in_accept`;
+var COHORT_READY = `${AGGREGATION_MESSAGE_PREFIX}/keygen/cohort_ready`;
+var SUBMIT_UPDATE = `${AGGREGATION_MESSAGE_PREFIX}/update/submit_update`;
+var DISTRIBUTE_AGGREGATED_DATA = `${AGGREGATION_MESSAGE_PREFIX}/update/distribute_aggregated_data`;
+var VALIDATION_ACK = `${AGGREGATION_MESSAGE_PREFIX}/update/validation_ack`;
+var AUTHORIZATION_REQUEST = `${AGGREGATION_MESSAGE_PREFIX}/sign/authorization_request`;
+var NONCE_CONTRIBUTION = `${AGGREGATION_MESSAGE_PREFIX}/sign/nonce_contribution`;
+var AGGREGATED_NONCE = `${AGGREGATION_MESSAGE_PREFIX}/sign/aggregated_nonce`;
+var SIGNATURE_AUTHORIZATION = `${AGGREGATION_MESSAGE_PREFIX}/sign/signature_authorization`;
+
 // src/core/aggregation/messages/factories.ts
 function createCohortAdvertMessage(fields) {
   const { from: from2, ...body } = fields;
@@ -456,8 +593,8 @@ var SigningSessionPhase = /* @__PURE__ */ ((SigningSessionPhase2) => {
 })(SigningSessionPhase || {});
 
 // src/core/aggregation/signing-session.ts
+var import_btc_signer2 = require("@scure/btc-signer");
 var musig2 = __toESM(require("@scure/btc-signer/musig2"), 1);
-var import_bitcoinjs_lib2 = require("bitcoinjs-lib");
 var BeaconSigningSession = class {
   /** Unique identifier for this signing session. */
   id;
@@ -499,11 +636,11 @@ var BeaconSigningSession = class {
         "SIGHASH_ERROR"
       );
     }
-    return this.pendingTx.hashForWitnessV1(
+    return this.pendingTx.preimageWitnessV1(
       0,
       this.prevOutScripts,
-      this.prevOutValues,
-      import_bitcoinjs_lib2.Transaction.SIGHASH_DEFAULT
+      import_btc_signer2.SigHash.DEFAULT,
+      this.prevOutValues
     );
   }
   addNonceContribution(participantDid, nonceContribution) {
@@ -514,6 +651,13 @@ var BeaconSigningSession = class {
         { phase: this.phase }
       );
     }
+    if (!this.cohort.participants.includes(participantDid)) {
+      throw new SigningSessionError(
+        `Participant ${participantDid} is not a member of cohort ${this.cohort.id}.`,
+        "UNKNOWN_PARTICIPANT",
+        { cohortId: this.cohort.id, participantDid }
+      );
+    }
     if (nonceContribution.length !== 66) {
       throw new SigningSessionError(
         `Invalid nonce contribution: expected 66 bytes, got ${nonceContribution.length}.`,
@@ -549,6 +693,13 @@ var BeaconSigningSession = class {
         "INVALID_PHASE"
       );
     }
+    if (!this.cohort.participants.includes(participantDid)) {
+      throw new SigningSessionError(
+        `Participant ${participantDid} is not a member of cohort ${this.cohort.id}.`,
+        "UNKNOWN_PARTICIPANT",
+        { cohortId: this.cohort.id, participantDid }
+      );
+    }
     if (this.partialSignatures.has(participantDid)) {
       throw new SigningSessionError(
         `Duplicate partial signature from ${participantDid}.`,
@@ -574,9 +725,39 @@ var BeaconSigningSession = class {
       this.aggregatedNonce,
       this.cohort.cohortKeys,
       this.sigHash,
-      [this.cohort.trMerkleRoot],
+      [this.cohort.tapTweak],
       [true]
     );
+    const pubNoncesByIndex = new Array(this.cohort.cohortKeys.length);
+    for (const [did, nonce] of this.nonceContributions) {
+      const idx = this.cohort.indexOfParticipant(did);
+      if (idx < 0) {
+        throw new SigningSessionError(
+          `Cannot verify nonce from ${did}: participant key missing from cohort.`,
+          "UNKNOWN_PARTICIPANT_KEY",
+          { participantDid: did }
+        );
+      }
+      pubNoncesByIndex[idx] = nonce;
+    }
+    for (const [did, partialSig] of this.partialSignatures) {
+      const idx = this.cohort.indexOfParticipant(did);
+      if (idx < 0) {
+        throw new SigningSessionError(
+          `Cannot verify partial signature from ${did}: participant key missing from cohort.`,
+          "UNKNOWN_PARTICIPANT_KEY",
+          { participantDid: did }
+        );
+      }
+      const ok = session.partialSigVerify(partialSig, pubNoncesByIndex, idx);
+      if (!ok) {
+        throw new SigningSessionError(
+          `Bad partial signature from ${did}.`,
+          "BAD_PARTIAL_SIG",
+          { participantDid: did, index: idx }
+        );
+      }
+    }
     this.signature = session.partialSigAgg([...this.partialSignatures.values()]);
     this.phase = "Complete" /* Complete */;
     return this.signature;
@@ -594,6 +775,10 @@ var BeaconSigningSession = class {
   /**
    * Generates a partial signature using the participant's secret key + secret nonce.
    * Requires the aggregated nonce to have been set first (via the service).
+   *
+   * Zeros the stored `secretNonce` after use. JS cannot truly erase memory (GC
+   * and immutable strings), but overwriting the bytes shortens the exposure
+   * window and prevents accidental reuse or serialization of a spent nonce.
    */
   generatePartialSignature(participantSecretKey) {
     if (!this.aggregatedNonce) {
@@ -606,10 +791,13 @@ var BeaconSigningSession = class {
       this.aggregatedNonce,
       this.cohort.cohortKeys,
       this.sigHash,
-      [this.cohort.trMerkleRoot],
+      [this.cohort.tapTweak],
       [true]
     );
-    return session.sign(this.secretNonce, participantSecretKey);
+    const partialSig = session.sign(this.secretNonce, participantSecretKey);
+    this.secretNonce.fill(0);
+    this.secretNonce = void 0;
+    return partialSig;
   }
   isComplete() {
     return this.phase === "Complete" /* Complete */;
@@ -620,16 +808,32 @@ var BeaconSigningSession = class {
 };
 
 // src/core/aggregation/service.ts
+var DEFAULT_MAX_UPDATE_SIZE_BYTES = 256 * 1024;
 var AggregationService = class {
   did;
   keys;
+  maxUpdateSizeBytes;
   /** Per-cohort state, keyed by cohortId. */
   #cohortStates = /* @__PURE__ */ new Map();
-  constructor({ did, keys }) {
+  constructor({ did, keys, maxUpdateSizeBytes }) {
     this.did = did;
     this.keys = keys;
+    this.maxUpdateSizeBytes = maxUpdateSizeBytes ?? DEFAULT_MAX_UPDATE_SIZE_BYTES;
   }
   receive(message) {
+    const version = message.version;
+    if (version === void 0 || version !== AGGREGATION_WIRE_VERSION) {
+      const cohortId = message.body?.cohortId;
+      const state = cohortId ? this.#cohortStates.get(cohortId) : void 0;
+      if (state) {
+        state.rejections.push({
+          from: message.from,
+          code: "WRONG_VERSION",
+          reason: `Expected wire version ${AGGREGATION_WIRE_VERSION}, got ${String(version)}`
+        });
+      }
+      return;
+    }
     const type = message.type;
     switch (type) {
       case COHORT_OPT_IN:
@@ -651,6 +855,18 @@ var AggregationService = class {
         break;
     }
   }
+  /**
+   * Drain the rejection log for a cohort. Used by runners to surface silent
+   * drops (bad proof, oversized update, wrong version, etc.) as structured
+   * events without breaking the sans-I/O state machine contract.
+   */
+  drainRejections(cohortId) {
+    const state = this.#cohortStates.get(cohortId);
+    if (!state) return [];
+    const out = state.rejections;
+    state.rejections = [];
+    return out;
+  }
   /**
    * Create a new cohort with the given config. Returns the cohort ID.
    * Cohort starts in `Created` phase — call `advertise()` to broadcast.
@@ -667,7 +883,8 @@ var AggregationService = class {
       cohort,
       config,
       pendingOptIns: /* @__PURE__ */ new Map(),
-      acceptedParticipants: /* @__PURE__ */ new Set()
+      acceptedParticipants: /* @__PURE__ */ new Set(),
+      rejections: []
     });
     return cohort.id;
   }
@@ -720,6 +937,7 @@ var AggregationService = class {
     const participantPk = message.body?.participantPk;
     const communicationPk = message.body?.communicationPk;
     if (!participantPk || !communicationPk) return;
+    if (state.acceptedParticipants.has(participantDid)) return;
     state.pendingOptIns.set(participantDid, {
       cohortId,
       participantDid,
@@ -753,6 +971,7 @@ var AggregationService = class {
     }
     state.acceptedParticipants.add(participantDid);
     state.cohort.participants.push(participantDid);
+    state.cohort.participantKeys.set(participantDid, optIn.participantPk);
     state.cohort.cohortKeys = [...state.cohort.cohortKeys, optIn.participantPk];
     return [createCohortOptInAcceptMessage({
       from: this.did,
@@ -803,6 +1022,13 @@ var AggregationService = class {
     if (!state) return /* @__PURE__ */ new Map();
     return state.cohort.pendingUpdates;
   }
+  /**
+   * Handle an incoming SUBMIT_UPDATE message from a participant containing their signed update to
+   * submit for aggregation.
+   * @param {BaseMessage} message - incoming SUBMIT_UPDATE message containing a participant's signed
+   * update to submit for aggregation
+   * @returns {void} - no return value; updates the service state with the submitted update if valid
+   */
   #handleSubmitUpdate(message) {
     const cohortId = message.body?.cohortId;
     if (!cohortId) return;
@@ -810,7 +1036,31 @@ var AggregationService = class {
     if (!state) return;
     if (state.phase !== "CohortSet" /* CohortSet */ && state.phase !== "CollectingUpdates" /* CollectingUpdates */) return;
     const signedUpdate = message.body?.signedUpdate;
-    if (!signedUpdate) return;
+    if (!signedUpdate) {
+      state.rejections.push({
+        from: message.from,
+        code: "UPDATE_MALFORMED",
+        reason: "SUBMIT_UPDATE missing signedUpdate body"
+      });
+      return;
+    }
+    const canonicalSize = (0, import_common4.canonicalize)(signedUpdate).length;
+    if (canonicalSize > this.maxUpdateSizeBytes) {
+      state.rejections.push({
+        from: message.from,
+        code: "UPDATE_TOO_LARGE",
+        reason: `Canonicalized update is ${canonicalSize} bytes; max allowed is ${this.maxUpdateSizeBytes}`
+      });
+      return;
+    }
+    if (!this.#verifySubmittedUpdate(state, message.from, signedUpdate)) {
+      state.rejections.push({
+        from: message.from,
+        code: "UPDATE_VERIFICATION_FAILED",
+        reason: "BIP-340 Data Integrity proof verification failed"
+      });
+      return;
+    }
     state.cohort.addUpdate(message.from, signedUpdate);
     if (state.phase === "CohortSet" /* CohortSet */) {
       state.phase = "CollectingUpdates" /* CollectingUpdates */;
@@ -819,6 +1069,36 @@ var AggregationService = class {
       state.phase = "UpdatesCollected" /* UpdatesCollected */;
     }
   }
+  /**
+   * Verify the BIP-340 Schnorr Data Integrity proof on a submitted update using the
+   * participant's public key from their cohort opt-in. Returns `false` (and the
+   * update is silently dropped) if the proof is missing, the verificationMethod does
+   * not name the sender's DID, the participant has no opt-in on record, or the
+   * signature fails verification.
+   * @param {ServiceCohortState} state - the current state of the cohort to which the update was submitted
+   * @param {string} sender - the DID of the participant who submitted the update
+   * @param {SignedBTCR2Update} signedUpdate - the signed update containing the proof to verify
+   * @returns {boolean} - `true` if the proof is valid and the update can be accepted; `false` otherwise
+   */
+  #verifySubmittedUpdate(state, sender, signedUpdate) {
+    const proof = signedUpdate.proof;
+    if (!proof?.verificationMethod || !proof.proofValue) return false;
+    const vmDid = proof.verificationMethod.split("#")[0];
+    if (vmDid !== sender) return false;
+    const optIn = state.pendingOptIns.get(sender);
+    if (!optIn) return false;
+    try {
+      const multikey = import_cryptosuite.SchnorrMultikey.fromPublicKey({
+        id: proof.verificationMethod,
+        controller: sender,
+        publicKeyBytes: optIn.participantPk
+      });
+      const suite = new import_cryptosuite.BIP340Cryptosuite(multikey);
+      return suite.verifyProof(signedUpdate).verified === true;
+    } catch {
+      return false;
+    }
+  }
   /**
    * Build the aggregated data structure (CAS Announcement or SMT tree) and
    * return distribute messages to send to all participants for validation.
@@ -835,29 +1115,28 @@ var AggregationService = class {
         { cohortId, phase: state.phase }
       );
     }
-    if (state.config.beaconType === "CASBeacon") {
-      state.cohort.buildCASAnnouncement();
-    } else if (state.config.beaconType === "SMTBeacon") {
-      state.cohort.buildSMTTree();
-    } else {
+    const strategy = getBeaconStrategy(state.config.beaconType);
+    if (!strategy) {
       throw new AggregationServiceError(
         `Unsupported beacon type: ${state.config.beaconType}`,
         "UNSUPPORTED_BEACON_TYPE",
         { cohortId, beaconType: state.config.beaconType }
       );
     }
+    strategy.buildAggregatedData(state.cohort);
     const signalBytesHex = (0, import_utils2.bytesToHex)(state.cohort.signalBytes);
     state.phase = "DataDistributed" /* DataDistributed */;
     const messages = [];
     for (const participantDid of state.cohort.participants) {
+      const payload = strategy.getDistributePayload(state.cohort, participantDid);
       messages.push(createDistributeAggregatedDataMessage({
         from: this.did,
         to: participantDid,
         cohortId,
         beaconType: state.config.beaconType,
         signalBytesHex,
-        casAnnouncement: state.config.beaconType === "CASBeacon" ? state.cohort.casAnnouncement : void 0,
-        smtProof: state.config.beaconType === "SMTBeacon" ? state.cohort.smtProofs?.get(participantDid) : void 0
+        casAnnouncement: payload.casAnnouncement,
+        smtProof: payload.smtProof
       }));
     }
     return messages;
@@ -919,6 +1198,14 @@ var AggregationService = class {
     });
     state.signingSession = session;
     state.phase = "SigningStarted" /* SigningStarted */;
+    const prevOutScript = txData.prevOutScripts[0];
+    if (!prevOutScript) {
+      throw new AggregationServiceError(
+        `Cannot start signing for cohort ${cohortId}: txData.prevOutScripts[0] is missing.`,
+        "MISSING_PREV_OUT_SCRIPT",
+        { cohortId }
+      );
+    }
     const messages = [];
     for (const participantDid of state.cohort.participants) {
       messages.push(createAuthorizationRequestMessage({
@@ -926,7 +1213,8 @@ var AggregationService = class {
         to: participantDid,
         cohortId,
         sessionId: session.id,
-        pendingTx: txData.tx.toHex(),
+        pendingTx: txData.tx.hex,
+        prevOutScriptHex: (0, import_utils2.bytesToHex)(prevOutScript),
         prevOutValue: txData.prevOutValues[0]?.toString() ?? "0"
       }));
     }
@@ -990,7 +1278,7 @@ var AggregationService = class {
     state.signingSession.addPartialSignature(message.from, partialSignature);
     if (state.signingSession.partialSignatures.size === state.cohort.participants.length) {
       const signature = state.signingSession.generateFinalSignature();
-      state.signingSession.pendingTx.setWitness(0, [signature]);
+      state.signingSession.pendingTx.updateInput(0, { finalScriptWitness: [signature] });
       state.result = {
         cohortId,
         signature,
@@ -1019,13 +1307,19 @@ var AggregationService = class {
   get cohorts() {
     return [...this.#cohortStates.values()].map((s) => s.cohort);
   }
+  /**
+   * Remove a cohort from the state map. Used by runners to GC state on cohort
+   * completion, failure, or expiry. No-op if the cohort doesn't exist.
+   */
+  removeCohort(cohortId) {
+    this.#cohortStates.delete(cohortId);
+  }
 };
 
 // src/core/aggregation/participant.ts
-var import_common3 = require("@did-btcr2/common");
-var import_smt2 = require("@did-btcr2/smt");
+var import_common5 = require("@did-btcr2/common");
 var import_utils3 = require("@noble/hashes/utils");
-var import_bitcoinjs_lib3 = require("bitcoinjs-lib");
+var import_btc_signer3 = require("@scure/btc-signer");
 var AggregationParticipant = class {
   did;
   keys;
@@ -1040,6 +1334,9 @@ var AggregationParticipant = class {
    * outgoing messages — those come exclusively from action methods.
    */
   receive(message) {
+    if (message.version === void 0 || message.version !== AGGREGATION_WIRE_VERSION) {
+      return;
+    }
     const type = message.type;
     switch (type) {
       case COHORT_ADVERT:
@@ -1196,42 +1493,26 @@ var AggregationParticipant = class {
     if (!state || state.phase !== "UpdateSubmitted" /* UpdateSubmitted */) return;
     if (!state.submittedUpdate) return;
     const beaconType = message.body?.beaconType;
+    if (!beaconType) return;
+    const strategy = getBeaconStrategy(beaconType);
+    if (!strategy) return;
     const signalBytesHex = message.body?.signalBytesHex ?? "";
-    const expectedHash = (0, import_common3.canonicalHash)(state.submittedUpdate);
-    let matches = false;
-    if (beaconType === "CASBeacon") {
-      const casAnnouncement = message.body?.casAnnouncement;
-      if (casAnnouncement) {
-        matches = casAnnouncement[this.did] === expectedHash;
-        state.validation = {
-          cohortId,
-          beaconType,
-          signalBytesHex,
-          casAnnouncement,
-          expectedHash,
-          matches
-        };
-      }
-    } else if (beaconType === "SMTBeacon") {
-      const smtProof = message.body?.smtProof;
-      if (smtProof?.updateId && smtProof?.nonce) {
-        const canonicalBytes = new TextEncoder().encode((0, import_common3.canonicalize)(state.submittedUpdate));
-        const expectedUpdateId = (0, import_smt2.hashToHex)((0, import_smt2.blockHash)(canonicalBytes));
-        if (smtProof.updateId === expectedUpdateId) {
-          const index = (0, import_smt2.didToIndex)(this.did);
-          const candidateHash = (0, import_smt2.blockHash)((0, import_smt2.blockHash)((0, import_smt2.hexToHash)(smtProof.nonce)), (0, import_smt2.hexToHash)(smtProof.updateId));
-          matches = (0, import_smt2.verifySerializedProof)(smtProof, index, candidateHash);
-        }
-        state.validation = {
-          cohortId,
-          beaconType,
-          signalBytesHex,
-          smtProof,
-          expectedHash,
-          matches
-        };
-      }
-    }
+    const expectedHash = (0, import_common5.canonicalHash)(state.submittedUpdate);
+    const result = strategy.validateParticipantView({
+      participantDid: this.did,
+      submittedUpdate: state.submittedUpdate,
+      expectedHash,
+      body: message.body
+    });
+    state.validation = {
+      cohortId,
+      beaconType,
+      signalBytesHex,
+      expectedHash,
+      matches: result.matches,
+      casAnnouncement: result.casAnnouncement,
+      smtProof: result.smtProof
+    };
     state.phase = "AwaitingValidation" /* AwaitingValidation */;
   }
   /**
@@ -1292,12 +1573,14 @@ var AggregationParticipant = class {
     if (state.phase !== "ValidationSent" /* ValidationSent */) return;
     const sessionId = message.body?.sessionId;
     const pendingTxHex = message.body?.pendingTx;
+    const prevOutScriptHex = message.body?.prevOutScriptHex;
     const prevOutValue = message.body?.prevOutValue;
-    if (!sessionId || !pendingTxHex || !prevOutValue) return;
+    if (!sessionId || !pendingTxHex || !prevOutScriptHex || !prevOutValue) return;
     state.signingRequest = {
       cohortId,
       sessionId,
       pendingTxHex,
+      prevOutScriptHex,
       prevOutValue
     };
     state.phase = "AwaitingSigning" /* AwaitingSigning */;
@@ -1321,8 +1604,8 @@ var AggregationParticipant = class {
         { cohortId }
       );
     }
-    const tx = import_bitcoinjs_lib3.Transaction.fromHex(state.signingRequest.pendingTxHex);
-    const prevOutScripts = tx.outs.length > 0 ? [tx.outs[0].script] : [];
+    const tx = import_btc_signer3.Transaction.fromRaw((0, import_utils3.hexToBytes)(state.signingRequest.pendingTxHex));
+    const prevOutScripts = [(0, import_utils3.hexToBytes)(state.signingRequest.prevOutScriptHex)];
     const prevOutValues = [BigInt(state.signingRequest.prevOutValue)];
     const session = new BeaconSigningSession({
       id: state.signingRequest.sessionId,
@@ -1392,6 +1675,67 @@ var AggregationParticipant = class {
   }
 };
 
+// src/core/aggregation/logger.ts
+var CONSOLE_LOGGER = {
+  debug: (msg, ...args) => console.debug(msg, ...args),
+  info: (msg, ...args) => console.info(msg, ...args),
+  warn: (msg, ...args) => console.warn(msg, ...args),
+  error: (msg, ...args) => console.error(msg, ...args)
+};
+var SILENT_LOGGER = {
+  debug: () => {
+  },
+  info: () => {
+  },
+  warn: () => {
+  },
+  error: () => {
+  }
+};
+
+// src/core/aggregation/messages/bodies.ts
+var hasStr = (b, k) => !!b && typeof b[k] === "string";
+var hasNum = (b, k) => !!b && typeof b[k] === "number";
+var hasBool = (b, k) => !!b && typeof b[k] === "boolean";
+var hasBytes = (b, k) => !!b && b[k] instanceof Uint8Array;
+var hasBytesArray = (b, k) => {
+  const v = b ? b[k] : void 0;
+  return Array.isArray(v) && v.every((x) => x instanceof Uint8Array);
+};
+function isCohortAdvertMessage(m) {
+  return m.type === COHORT_ADVERT && hasStr(m.body, "cohortId") && hasNum(m.body, "cohortSize") && hasStr(m.body, "beaconType") && hasStr(m.body, "network") && hasBytes(m.body, "communicationPk");
+}
+function isCohortOptInMessage(m) {
+  return m.type === COHORT_OPT_IN && hasStr(m.body, "cohortId") && hasBytes(m.body, "participantPk") && hasBytes(m.body, "communicationPk");
+}
+function isCohortOptInAcceptMessage(m) {
+  return m.type === COHORT_OPT_IN_ACCEPT && hasStr(m.body, "cohortId");
+}
+function isCohortReadyMessage(m) {
+  return m.type === COHORT_READY && hasStr(m.body, "cohortId") && hasStr(m.body, "beaconAddress") && hasBytesArray(m.body, "cohortKeys");
+}
+function isSubmitUpdateMessage(m) {
+  return m.type === SUBMIT_UPDATE && hasStr(m.body, "cohortId") && !!m.body && typeof m.body.signedUpdate === "object";
+}
+function isDistributeAggregatedDataMessage(m) {
+  return m.type === DISTRIBUTE_AGGREGATED_DATA && hasStr(m.body, "cohortId") && hasStr(m.body, "beaconType") && hasStr(m.body, "signalBytesHex");
+}
+function isValidationAckMessage(m) {
+  return m.type === VALIDATION_ACK && hasStr(m.body, "cohortId") && hasBool(m.body, "approved");
+}
+function isAuthorizationRequestMessage(m) {
+  return m.type === AUTHORIZATION_REQUEST && hasStr(m.body, "cohortId") && hasStr(m.body, "sessionId") && hasStr(m.body, "pendingTx") && hasStr(m.body, "prevOutScriptHex") && hasStr(m.body, "prevOutValue");
+}
+function isNonceContributionMessage(m) {
+  return m.type === NONCE_CONTRIBUTION && hasStr(m.body, "cohortId") && hasStr(m.body, "sessionId") && hasBytes(m.body, "nonceContribution");
+}
+function isAggregatedNonceMessage(m) {
+  return m.type === AGGREGATED_NONCE && hasStr(m.body, "cohortId") && hasStr(m.body, "sessionId") && hasBytes(m.body, "aggregatedNonce");
+}
+function isSignatureAuthorizationMessage(m) {
+  return m.type === SIGNATURE_AUTHORIZATION && hasStr(m.body, "cohortId") && hasStr(m.body, "sessionId") && hasBytes(m.body, "partialSignature");
+}
+
 // src/core/aggregation/messages/guards.ts
 var KEYGEN_VALUES = /* @__PURE__ */ new Set([
   COHORT_ADVERT,
@@ -1424,132 +1768,1610 @@ function isSignMessageType(type) {
 }
 
 // src/core/aggregation/transport/error.ts
-var import_common4 = require("@did-btcr2/common");
-var TransportError = class extends import_common4.MethodError {
+var import_common6 = require("@did-btcr2/common");
+var TransportError = class extends import_common6.MethodError {
   constructor(message, type = "TransportError", data) {
     super(message, type, data);
   }
 };
-var TransportAdapterError = class extends import_common4.MethodError {
+var TransportAdapterError = class extends import_common6.MethodError {
   constructor(message, type = "TransportAdapterError", data) {
     super(message, type, data);
   }
 };
 
 // src/core/aggregation/transport/factory.ts
-var import_common5 = require("@did-btcr2/common");
+var import_common10 = require("@did-btcr2/common");
 
-// src/core/aggregation/transport/nostr.ts
+// src/core/aggregation/transport/http/client.ts
+var import_keypair2 = require("@did-btcr2/keypair");
+
+// src/core/identifier.ts
+var import_common7 = require("@did-btcr2/common");
 var import_keypair = require("@did-btcr2/keypair");
-var import_utils4 = require("@noble/hashes/utils");
-var import_nostr_tools = require("nostr-tools");
-var import_pool = require("nostr-tools/pool");
-var DEFAULT_NOSTR_RELAYS = [
-  "wss://relay.damus.io",
-  "wss://nos.lol",
-  "wss://relay.snort.social",
-  "wss://nostr-pub.wellorder.net"
-];
-var NostrTransport = class _NostrTransport {
-  name = "nostr";
-  pool;
-  #relays;
-  #actors = /* @__PURE__ */ new Map();
-  #peerRegistry = /* @__PURE__ */ new Map();
-  #started = false;
-  constructor(config) {
-    this.#relays = config?.relays ?? DEFAULT_NOSTR_RELAYS;
-  }
+var import_base4 = require("@scure/base");
+var Identifier = class _Identifier {
   /**
-   * Registers an actor (DID + keys) to send/receive messages with.
-   * Must be called before start() to ensure subscriptions are created for the actor.
-   * @param {string} did - The DID of the actor.
-   * @param {SchnorrKeyPair} keys - The Schnorr key pair for the actor.
-   * @throws {TransportAdapterError} If the actor is already registered or if the transport has already started.
-   * @example
-   * const transport = new NostrTransport();
-   * const keys = SchnorrKeyPair.generate();
-   * transport.registerActor('did:btcr2:...', keys);
-   * transport.start();
+   * Implements {@link https://dcdpr.github.io/did-btcr2/#didbtcr2-identifier-encoding | 3.2 did:btcr2 Identifier Encoding}.
+   *
+   * A did:btcr2 DID consists of a did:btcr2 prefix, followed by an id-bech32 value, which is a Bech32m encoding of:
+   *  - the specification version;
+   *  - the Bitcoin network identifier; and
+   *  - either:
+   *    - a key-value representing a secp256k1 public key; or
+   *    - a hash-value representing the hash of an initiating external DID document.
+   *
+   * @param {KeyBytes | DocumentBytes} genesisBytes The genesis bytes (public key or document bytes).
+   * @param {DidCreateOptions} options The DID creation options.
+   * @returns {string} The new did:btcr2 identifier.
    */
-  registerActor(did, keys) {
-    const entry = { keys, handlers: /* @__PURE__ */ new Map() };
-    this.#actors.set(did, entry);
-    if (this.#started && this.pool) {
-      this.#subscribeDirected(did, entry);
+  static encode(genesisBytes, options) {
+    const { idType, version = 1, network } = options;
+    if (!(idType in import_common7.IdentifierTypes)) {
+      throw new import_common7.IdentifierError('Expected "idType" to be "KEY" or "EXTERNAL"', import_common7.INVALID_DID, { idType });
     }
-  }
-  getActorPk(did) {
-    return this.#actors.get(did)?.keys.publicKey.compressed;
-  }
-  registerPeer(did, communicationPk) {
-    try {
-      new import_keypair.CompressedSecp256k1PublicKey(communicationPk);
-    } catch {
-      throw new TransportAdapterError(
-        `Invalid communication public key for peer ${did}: expected a 33-byte compressed secp256k1 key.`,
-        "INVALID_PEER_KEY",
-        { adapter: this.name, did, keyLength: communicationPk.length }
-      );
+    if (isNaN(version) || version > 1) {
+      throw new import_common7.IdentifierError('Expected "version" to be 1', import_common7.INVALID_DID, { version });
     }
-    this.#peerRegistry.set(did, communicationPk);
-  }
-  getPeerPk(did) {
-    return this.#peerRegistry.get(did);
-  }
-  registerMessageHandler(actorDid, messageType, handler) {
-    const actor = this.#actors.get(actorDid);
-    if (!actor) {
-      throw new TransportAdapterError(
-        `Cannot register handler: actor ${actorDid} not registered. Call registerActor() first.`,
-        "UNKNOWN_ACTOR_ERROR",
-        { adapter: this.name, did: actorDid }
-      );
+    if (typeof network === "string" && !(network in import_common7.BitcoinNetworkNames)) {
+      throw new import_common7.IdentifierError('Invalid "network" name', import_common7.INVALID_DID, { network });
     }
-    actor.handlers.set(messageType, handler);
-  }
-  start() {
-    if (this.#started) return this;
-    this.#started = true;
-    this.pool = new import_pool.SimplePool();
-    const since = Math.floor(Date.now() / 1e3);
-    this.pool.subscribeMany(this.#relays, { kinds: [1], "#t": [COHORT_ADVERT], since }, {
-      onclose: (reasons) => console.debug("Nostr broadcast subscription closed", reasons),
-      onevent: this.#handleBroadcastEvent.bind(this)
-    });
-    for (const [did, entry] of this.#actors) {
-      this.#subscribeDirected(did, entry);
+    if (typeof network === "number" && (network < 0 || network > 8)) {
+      throw new import_common7.IdentifierError('Invalid "network" number', import_common7.INVALID_DID, { network });
     }
-    console.info(`NostrTransport started, listening on ${this.#relays.length} relay(s)`);
-    return this;
-  }
-  async sendMessage(message, sender, to) {
-    const type = message.type;
-    if (!type) {
-      throw new TransportAdapterError(
-        "Message type is undefined",
-        "SEND_MESSAGE_ERROR",
-        { adapter: this.name, type }
-      );
+    if (idType === "KEY") {
+      try {
+        new import_keypair.CompressedSecp256k1PublicKey(genesisBytes);
+      } catch {
+        throw new import_common7.IdentifierError(
+          'Expected "genesisBytes" to be a valid compressed secp256k1 public key',
+          import_common7.INVALID_DID,
+          { genesisBytes }
+        );
+      }
     }
-    const actor = this.#actors.get(sender);
-    if (!actor) {
-      throw new TransportAdapterError(
-        `Unknown sender: ${sender}. Call registerActor() before sending messages.`,
+    const hrp = idType === "KEY" ? "k" : "x";
+    const nibbles = [];
+    const fCount = Math.floor((version - 1) / 15);
+    for (let i = 0; i < fCount; i++) {
+      nibbles.push(15);
+    }
+    nibbles.push((version - 1) % 15);
+    if (typeof network === "string") {
+      nibbles.push(import_common7.BitcoinNetworkNames[network]);
+    } else if (typeof network === "number") {
+      nibbles.push(network + 11);
+    }
+    if (nibbles.length % 2 !== 0) {
+      nibbles.push(0);
+    }
+    if (fCount !== 0) {
+      for (const index in Array.from({ length: nibbles.length / 2 - 1 })) {
+        throw new import_common7.IdentifierError("Not implemented", "NOT_IMPLEMENTED", { index });
+      }
+    }
+    const dataBytes = new Uint8Array([nibbles[2 * 0] << 4 | nibbles[2 * 0 + 1], ...genesisBytes]);
+    return `did:btcr2:${import_base4.bech32m.encodeFromBytes(hrp, dataBytes)}`;
+  }
+  /**
+   * Implements {@link https://dcdpr.github.io/did-btcr2/#didbtcr2-identifier-decoding | 3.3 did:btcr2 Identifier Decoding}.
+   * @param {string} identifier The BTCR2 DID to be parsed
+   * @returns {DidComponents} The parsed identifier components. See {@link DidComponents} for details.
+   * @throws {DidError} if an error occurs while parsing the identifier
+   * @throws {DidErrorCode.InvalidDid} if identifier is invalid
+   * @throws {DidErrorCode.MethodNotSupported} if the method is not supported
+   */
+  static decode(identifier) {
+    const components = identifier.split(":");
+    if (components.length !== 3) {
+      throw new import_common7.IdentifierError(`Invalid did: ${identifier}`, import_common7.INVALID_DID, { identifier });
+    }
+    const [scheme, method, encoded] = components;
+    if (scheme !== "did") {
+      throw new import_common7.IdentifierError(`Invalid did: ${identifier}`, import_common7.INVALID_DID, { identifier });
+    }
+    if (method !== "btcr2") {
+      throw new import_common7.IdentifierError(`Invalid did method: ${method}`, import_common7.METHOD_NOT_SUPPORTED, { identifier });
+    }
+    if (!encoded) {
+      throw new import_common7.IdentifierError(`Invalid method-specific id: ${identifier}`, import_common7.INVALID_DID, { identifier });
+    }
+    const { prefix: hrp, bytes: dataBytes } = import_base4.bech32m.decodeToBytes(encoded);
+    if (!["x", "k"].includes(hrp)) {
+      throw new import_common7.IdentifierError(`Invalid hrp: ${hrp}`, import_common7.INVALID_DID, { identifier });
+    }
+    if (!dataBytes) {
+      throw new import_common7.IdentifierError(`Failed to decode id: ${encoded}`, import_common7.INVALID_DID, { identifier });
+    }
+    const idType = hrp === "k" ? "KEY" : "EXTERNAL";
+    let version = 1;
+    let byteIndex = 0;
+    let nibblesConsumed = 0;
+    let currentByte = dataBytes[byteIndex];
+    let versionNibble = currentByte >>> 4;
+    while (versionNibble === 15) {
+      version += 15;
+      if (nibblesConsumed % 2 === 0) {
+        versionNibble = currentByte & 15;
+      } else {
+        currentByte = dataBytes[++byteIndex];
+        versionNibble = currentByte >>> 4;
+      }
+      nibblesConsumed += 1;
+      if (version > 1) {
+        throw new import_common7.IdentifierError(`Invalid version: ${version}`, import_common7.INVALID_DID, { identifier });
+      }
+    }
+    version += versionNibble;
+    nibblesConsumed += 1;
+    let networkValue = nibblesConsumed % 2 === 0 ? dataBytes[++byteIndex] >>> 4 : currentByte & 15;
+    nibblesConsumed += 1;
+    let network = import_common7.BitcoinNetworkNames[networkValue];
+    if (!network) {
+      if (networkValue >= 8 && networkValue <= 15) {
+        network = networkValue - 11;
+      } else {
+        throw new import_common7.IdentifierError(`Invalid did: ${identifier}`, import_common7.INVALID_DID, { identifier });
+      }
+    }
+    if (nibblesConsumed % 2 === 1) {
+      const fillerNibble = currentByte & 15;
+      if (fillerNibble !== 0) {
+        throw new import_common7.IdentifierError(`Invalid did: ${identifier}`, import_common7.INVALID_DID, { identifier });
+      }
+    }
+    const genesisBytes = dataBytes.slice(byteIndex + 1);
+    if (idType === "KEY") {
+      try {
+        new import_keypair.CompressedSecp256k1PublicKey(genesisBytes);
+      } catch {
+        throw new import_common7.IdentifierError(`Invalid genesisBytes: ${genesisBytes}`, import_common7.INVALID_DID, { identifier });
+      }
+    }
+    return { idType, hrp, version, network, genesisBytes };
+  }
+  /**
+   * Generates a new did:btcr2 identifier based on a newly generated key pair.
+   * @returns {string} The new did:btcr2 identifier.
+   */
+  static generate() {
+    const keyPair = import_keypair.SchnorrKeyPair.generate();
+    const did = this.encode(
+      keyPair.publicKey.compressed,
+      {
+        idType: "KEY",
+        version: 1,
+        network: "regtest"
+      }
+    );
+    return { keyPair: keyPair.exportJSON(), did };
+  }
+  /**
+   * Extracts the compressed secp256k1 public key from a KEY-type did:btcr2 identifier.
+   * @param {string} did The did:btcr2 identifier to extract the public key from.
+   * @returns {CompressedSecp256k1PublicKey} The compressed public key.
+   * @throws {IdentifierError} If the DID is EXTERNAL type (genesis bytes are a hash, not a pubkey).
+   */
+  static getPublicKey(did) {
+    const { idType, genesisBytes } = _Identifier.decode(did);
+    if (idType !== "KEY") {
+      throw new import_common7.IdentifierError(
+        `Cannot extract public key from EXTERNAL DID: ${did}. EXTERNAL DIDs encode a document hash, not a public key.`,
+        import_common7.INVALID_DID,
+        { did, idType }
+      );
+    }
+    return new import_keypair.CompressedSecp256k1PublicKey(genesisBytes);
+  }
+  /**
+   * Validates a did:btcr2 identifier.
+   * @param {string} identifier The did:btcr2 identifier to validate.
+   * @returns {boolean} True if the identifier is valid, false otherwise.
+   */
+  static isValid(identifier) {
+    try {
+      this.decode(identifier);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+};
+
+// src/core/aggregation/transport/http/envelope.ts
+var import_common8 = require("@did-btcr2/common");
+var import_utils4 = require("@noble/hashes/utils");
+
+// src/core/aggregation/transport/http/errors.ts
+var HttpTransportError = class extends TransportAdapterError {
+  constructor(message, type = "HttpTransportError", data) {
+    super(message, type, { adapter: "http", ...data ?? {} });
+  }
+};
+
+// src/core/aggregation/transport/http/protocol.ts
+var HTTP_ENVELOPE_VERSION = 1;
+var HTTP_ROUTE = {
+  ADVERTS: "/v1/adverts",
+  MESSAGES: "/v1/messages",
+  ACTOR_INBOX: "/v1/actors/{did}/inbox",
+  WELL_KNOWN: "/v1/.well-known/aggregation"
+};
+var SSE_EVENT = {
+  ADVERT: "advert",
+  MESSAGE: "message",
+  HEARTBEAT: "heartbeat"
+};
+var DEFAULT_CLOCK_SKEW_SEC = 60;
+var DEFAULT_NONCE_LEN_BYTES = 16;
+
+// src/core/aggregation/transport/http/envelope.ts
+function signEnvelope(message, sender, opts = {}) {
+  const timestamp = opts.timestamp ?? Math.floor(Date.now() / 1e3);
+  const nonce = opts.nonce ?? (0, import_utils4.bytesToHex)((0, import_utils4.randomBytes)(DEFAULT_NONCE_LEN_BYTES));
+  const messageJson = normalizeForWire(normalizeMessage(message));
+  const unsigned = {
+    v: HTTP_ENVELOPE_VERSION,
+    from: sender.did,
+    ...opts.to !== void 0 ? { to: opts.to } : {},
+    timestamp,
+    nonce,
+    message: messageJson
+  };
+  const digest = (0, import_common8.canonicalHashBytes)(unsigned);
+  const sig = sender.keys.secretKey.sign(digest, { scheme: "schnorr" });
+  return { ...unsigned, sig: (0, import_utils4.bytesToHex)(sig) };
+}
+function verifyEnvelope(envelope, senderPk, opts = {}) {
+  if (envelope.v !== HTTP_ENVELOPE_VERSION) {
+    throw new HttpTransportError(
+      `Unsupported envelope version: ${envelope.v}`,
+      "ENVELOPE_VERSION_MISMATCH",
+      { version: envelope.v, expected: HTTP_ENVELOPE_VERSION }
+    );
+  }
+  if (opts.expectedFrom !== void 0 && envelope.from !== opts.expectedFrom) {
+    throw new HttpTransportError(
+      `Envelope from mismatch: expected ${opts.expectedFrom}, got ${envelope.from}`,
+      "ENVELOPE_FROM_MISMATCH",
+      { expected: opts.expectedFrom, got: envelope.from }
+    );
+  }
+  if ("expectedTo" in opts && envelope.to !== opts.expectedTo) {
+    throw new HttpTransportError(
+      `Envelope to mismatch: expected ${opts.expectedTo ?? "<broadcast>"}, got ${envelope.to ?? "<broadcast>"}`,
+      "ENVELOPE_TO_MISMATCH",
+      { expected: opts.expectedTo, got: envelope.to }
+    );
+  }
+  const skewSec = opts.clockSkewSec ?? DEFAULT_CLOCK_SKEW_SEC;
+  const nowMs = opts.now ? opts.now() : Date.now();
+  const nowSec = Math.floor(nowMs / 1e3);
+  const diff = Math.abs(nowSec - envelope.timestamp);
+  if (diff > skewSec) {
+    throw new HttpTransportError(
+      `Envelope timestamp out of skew: ${diff}s > ${skewSec}s`,
+      "ENVELOPE_TIMESTAMP_SKEW",
+      { diff, skewSec, timestamp: envelope.timestamp, now: nowSec }
+    );
+  }
+  let sigBytes;
+  try {
+    sigBytes = (0, import_utils4.hexToBytes)(envelope.sig);
+  } catch {
+    throw new HttpTransportError(
+      "Envelope signature is not valid hex",
+      "ENVELOPE_SIG_HEX"
+    );
+  }
+  if (sigBytes.length !== 64) {
+    throw new HttpTransportError(
+      `Invalid signature length: ${sigBytes.length} (expected 64)`,
+      "ENVELOPE_SIG_LENGTH",
+      { length: sigBytes.length }
+    );
+  }
+  const { sig: _sig, ...unsigned } = envelope;
+  const digest = (0, import_common8.canonicalHashBytes)(unsigned);
+  const ok = senderPk.verify(sigBytes, digest, { scheme: "schnorr" });
+  if (!ok) {
+    throw new HttpTransportError(
+      "Envelope signature verification failed",
+      "ENVELOPE_SIG_INVALID"
+    );
+  }
+}
+function normalizeMessage(message) {
+  const maybeToJSON = message.toJSON;
+  if (typeof maybeToJSON === "function") {
+    return maybeToJSON.call(message);
+  }
+  return message;
+}
+function normalizeForWire(value) {
+  if (value instanceof Uint8Array) {
+    return { __bytes: (0, import_utils4.bytesToHex)(value) };
+  }
+  if (Array.isArray(value)) {
+    return value.map((v) => normalizeForWire(v));
+  }
+  if (value && typeof value === "object") {
+    const out = {};
+    for (const [k, v] of Object.entries(value)) {
+      out[k] = normalizeForWire(v);
+    }
+    return out;
+  }
+  return value;
+}
+function reviveFromWire(value) {
+  if (value && typeof value === "object" && !Array.isArray(value)) {
+    const rec = value;
+    const keys = Object.keys(rec);
+    if (keys.length === 1 && keys[0] === "__bytes" && typeof rec.__bytes === "string") {
+      return (0, import_utils4.hexToBytes)(rec.__bytes);
+    }
+    const out = {};
+    for (const [k, v] of Object.entries(rec)) out[k] = reviveFromWire(v);
+    return out;
+  }
+  if (Array.isArray(value)) {
+    return value.map((v) => reviveFromWire(v));
+  }
+  return value;
+}
+
+// src/core/aggregation/transport/http/request-auth.ts
+var import_common9 = require("@did-btcr2/common");
+var import_utils5 = require("@noble/hashes/utils");
+var REQUEST_AUTH_SCHEME = "BTCR2-Sig";
+function buildRequestAuth(did, keys, path, opts = {}) {
+  const ts = opts.timestamp ?? Math.floor(Date.now() / 1e3);
+  const nonce = opts.nonce ?? (0, import_utils5.bytesToHex)((0, import_utils5.randomBytes)(DEFAULT_NONCE_LEN_BYTES));
+  const digest = (0, import_common9.canonicalHashBytes)({
+    v: HTTP_ENVELOPE_VERSION,
+    did,
+    ts,
+    nonce,
+    path
+  });
+  const sig = keys.secretKey.sign(digest, { scheme: "schnorr" });
+  return `${REQUEST_AUTH_SCHEME} v=${HTTP_ENVELOPE_VERSION},did=${did},ts=${ts},nonce=${nonce},sig=${(0, import_utils5.bytesToHex)(sig)}`;
+}
+function parseRequestAuth(headerValue) {
+  const prefix = `${REQUEST_AUTH_SCHEME} `;
+  if (!headerValue.startsWith(prefix)) {
+    throw new HttpTransportError(
+      `Unexpected auth scheme (want ${REQUEST_AUTH_SCHEME})`,
+      "REQUEST_AUTH_SCHEME"
+    );
+  }
+  const params = {};
+  for (const piece of headerValue.slice(prefix.length).split(",")) {
+    const eq = piece.indexOf("=");
+    if (eq === -1) continue;
+    const key = piece.slice(0, eq).trim();
+    const val = piece.slice(eq + 1).trim();
+    if (key.length > 0) params[key] = val;
+  }
+  const v = Number(params.v);
+  const ts = Number(params.ts);
+  if (!Number.isInteger(v) || !Number.isInteger(ts) || !params.did || !params.nonce || !params.sig) {
+    throw new HttpTransportError(
+      "Malformed auth header (missing or invalid field)",
+      "REQUEST_AUTH_MALFORMED",
+      { received: Object.keys(params) }
+    );
+  }
+  return { v, did: params.did, ts, nonce: params.nonce, sig: params.sig };
+}
+function verifyRequestAuth(headerValue, expectedPath, senderPk, opts = {}) {
+  const parsed = parseRequestAuth(headerValue);
+  if (parsed.v !== HTTP_ENVELOPE_VERSION) {
+    throw new HttpTransportError(
+      `Unsupported auth version: ${parsed.v}`,
+      "REQUEST_AUTH_VERSION_MISMATCH",
+      { version: parsed.v, expected: HTTP_ENVELOPE_VERSION }
+    );
+  }
+  const skewSec = opts.clockSkewSec ?? DEFAULT_CLOCK_SKEW_SEC;
+  const nowMs = opts.now ? opts.now() : Date.now();
+  const nowSec = Math.floor(nowMs / 1e3);
+  const diff = Math.abs(nowSec - parsed.ts);
+  if (diff > skewSec) {
+    throw new HttpTransportError(
+      `Auth timestamp out of skew: ${diff}s > ${skewSec}s`,
+      "REQUEST_AUTH_TIMESTAMP_SKEW",
+      { diff, skewSec }
+    );
+  }
+  let sigBytes;
+  try {
+    sigBytes = (0, import_utils5.hexToBytes)(parsed.sig);
+  } catch {
+    throw new HttpTransportError("Auth signature is not valid hex", "REQUEST_AUTH_SIG_HEX");
+  }
+  if (sigBytes.length !== 64) {
+    throw new HttpTransportError(
+      `Invalid auth signature length: ${sigBytes.length}`,
+      "REQUEST_AUTH_SIG_LENGTH",
+      { length: sigBytes.length }
+    );
+  }
+  const digest = (0, import_common9.canonicalHashBytes)({
+    v: parsed.v,
+    did: parsed.did,
+    ts: parsed.ts,
+    nonce: parsed.nonce,
+    path: expectedPath
+  });
+  const ok = senderPk.verify(sigBytes, digest, { scheme: "schnorr" });
+  if (!ok) {
+    throw new HttpTransportError("Auth signature verification failed", "REQUEST_AUTH_SIG_INVALID");
+  }
+  return parsed;
+}
+
+// src/core/aggregation/transport/http/sse-stream.ts
+async function* parseSseStream(readable) {
+  const decoder = new TextDecoder("utf-8");
+  const reader = readable.getReader();
+  let buffer = "";
+  let pending = {};
+  const dispatchPending = () => {
+    if (pending.data === void 0) {
+      pending = {};
+      return null;
+    }
+    const ev = { data: pending.data };
+    if (pending.event !== void 0) ev.event = pending.event;
+    if (pending.id !== void 0) ev.id = pending.id;
+    if (pending.retry !== void 0) ev.retry = pending.retry;
+    pending = {};
+    return ev;
+  };
+  const processLine = (line) => {
+    if (line.startsWith(":")) return;
+    const colon = line.indexOf(":");
+    const field = colon === -1 ? line : line.slice(0, colon);
+    let value = colon === -1 ? "" : line.slice(colon + 1);
+    if (value.startsWith(" ")) value = value.slice(1);
+    switch (field) {
+      case "data":
+        pending.data = pending.data === void 0 ? value : `${pending.data}
+${value}`;
+        break;
+      case "event":
+        pending.event = value;
+        break;
+      case "id":
+        if (!value.includes("\0")) pending.id = value;
+        break;
+      case "retry": {
+        const n = Number(value);
+        if (Number.isInteger(n) && n >= 0) pending.retry = n;
+        break;
+      }
+    }
+  };
+  try {
+    for (; ; ) {
+      const { value, done } = await reader.read();
+      if (done) {
+        buffer += decoder.decode();
+        if (buffer.length > 0) {
+          const line = buffer.endsWith("\r") ? buffer.slice(0, -1) : buffer;
+          if (line.length > 0) processLine(line);
+          buffer = "";
+        }
+        const tail = dispatchPending();
+        if (tail) yield tail;
+        return;
+      }
+      buffer += decoder.decode(value, { stream: true });
+      let lineEnd = buffer.indexOf("\n");
+      while (lineEnd !== -1) {
+        let line = buffer.slice(0, lineEnd);
+        if (line.endsWith("\r")) line = line.slice(0, -1);
+        buffer = buffer.slice(lineEnd + 1);
+        if (line.length === 0) {
+          const ev = dispatchPending();
+          if (ev) yield ev;
+        } else {
+          processLine(line);
+        }
+        lineEnd = buffer.indexOf("\n");
+      }
+    }
+  } finally {
+    try {
+      reader.releaseLock();
+    } catch {
+    }
+  }
+}
+
+// src/core/aggregation/transport/http/client.ts
+function defaultReconnectBackoff(attempt) {
+  const base2 = Math.min(1e3 * 2 ** attempt, 3e4);
+  const jitter = base2 * 0.2 * Math.random();
+  return Math.floor(base2 + jitter);
+}
+var HttpClientTransport = class {
+  name = "http";
+  #baseUrl;
+  #fetch;
+  #logger;
+  #backoff;
+  #clockSkewSec;
+  #actors = /* @__PURE__ */ new Map();
+  #peers = /* @__PURE__ */ new Map();
+  #started = false;
+  #broadcastAbort;
+  constructor(config) {
+    const base2 = typeof config.baseUrl === "string" ? new URL(config.baseUrl) : new URL(config.baseUrl.href);
+    if (!base2.pathname.endsWith("/")) base2.pathname += "/";
+    this.#baseUrl = base2;
+    this.#logger = config.logger ?? CONSOLE_LOGGER;
+    this.#backoff = config.reconnectBackoff ?? defaultReconnectBackoff;
+    this.#clockSkewSec = config.clockSkewSec ?? DEFAULT_CLOCK_SKEW_SEC;
+    const fetchImpl = config.fetchImpl ?? globalThis.fetch;
+    if (typeof fetchImpl !== "function") {
+      throw new HttpTransportError(
+        "No fetch implementation available. Pass config.fetchImpl explicitly.",
+        "NO_FETCH_IMPL"
+      );
+    }
+    this.#fetch = fetchImpl;
+  }
+  start() {
+    if (this.#started) return;
+    this.#started = true;
+    this.#broadcastAbort = new AbortController();
+    this.#runBroadcastLoop(this.#broadcastAbort.signal);
+    for (const [did, entry] of this.#actors) {
+      this.#openInbox(did, entry);
+    }
+  }
+  /**
+   * Tear down all SSE subscriptions and stop reconnect loops. Not part of the
+   * {@link Transport} interface, but needed in tests and whenever a client
+   * wants to cleanly disconnect without unregistering every actor.
+   *
+   * Idempotent. Actors remain registered (re-call {@link start} to resume).
+   */
+  stop() {
+    this.#broadcastAbort?.abort();
+    this.#broadcastAbort = void 0;
+    for (const entry of this.#actors.values()) {
+      entry.inboxAbort?.abort();
+      entry.inboxAbort = void 0;
+    }
+    this.#started = false;
+  }
+  registerActor(did, keys) {
+    const existing = this.#actors.get(did);
+    if (existing?.inboxAbort) existing.inboxAbort.abort();
+    const entry = { keys, handlers: /* @__PURE__ */ new Map() };
+    this.#actors.set(did, entry);
+    if (this.#started) this.#openInbox(did, entry);
+  }
+  unregisterActor(did) {
+    const entry = this.#actors.get(did);
+    if (!entry) return;
+    entry.inboxAbort?.abort();
+    this.#actors.delete(did);
+    this.#peers.delete(did);
+  }
+  getActorPk(did) {
+    return this.#actors.get(did)?.keys.publicKey.compressed;
+  }
+  registerPeer(did, communicationPk) {
+    try {
+      new import_keypair2.CompressedSecp256k1PublicKey(communicationPk);
+    } catch {
+      throw new HttpTransportError(
+        `Invalid communication public key for peer ${did}: expected a 33-byte compressed secp256k1 key.`,
+        "INVALID_PEER_KEY",
+        { did, keyLength: communicationPk.length }
+      );
+    }
+    this.#peers.set(did, communicationPk);
+  }
+  getPeerPk(did) {
+    return this.#peers.get(did);
+  }
+  registerMessageHandler(actorDid, messageType, handler) {
+    const actor = this.#actors.get(actorDid);
+    if (!actor) {
+      throw new HttpTransportError(
+        `Cannot register handler: actor ${actorDid} not registered. Call registerActor() first.`,
+        "UNKNOWN_ACTOR",
+        { did: actorDid }
+      );
+    }
+    actor.handlers.set(messageType, handler);
+  }
+  unregisterMessageHandler(actorDid, messageType) {
+    this.#actors.get(actorDid)?.handlers.delete(messageType);
+  }
+  async sendMessage(message, sender, recipient) {
+    const actor = this.#actors.get(sender);
+    if (!actor) {
+      throw new HttpTransportError(
+        `Unknown sender: ${sender}. Call registerActor() before sending messages.`,
+        "UNKNOWN_SENDER",
+        { did: sender }
+      );
+    }
+    const envelope = signEnvelope(
+      message,
+      { did: sender, keys: actor.keys },
+      { to: recipient }
+    );
+    const url = this.#route(HTTP_ROUTE.MESSAGES);
+    const res = await this.#fetch(url, {
+      method: "POST",
+      headers: { "content-type": "application/json" },
+      body: JSON.stringify(envelope)
+    });
+    if (!res.ok) {
+      const body = await safeText(res);
+      throw new HttpTransportError(
+        `sendMessage failed: HTTP ${res.status}`,
+        "SEND_MESSAGE_HTTP",
+        { status: res.status, body: body.slice(0, 256), messageType: message.type }
+      );
+    }
+  }
+  publishRepeating(message, sender, intervalMs, recipient) {
+    let stopped = false;
+    const attempt = () => {
+      if (stopped) return;
+      this.sendMessage(message, sender, recipient).catch((err) => {
+        this.#logger.debug("publishRepeating send failed:", err);
+      });
+    };
+    attempt();
+    const timer = setInterval(attempt, intervalMs);
+    return () => {
+      if (stopped) return;
+      stopped = true;
+      clearInterval(timer);
+    };
+  }
+  #route(template) {
+    return new URL(template.replace(/^\//, ""), this.#baseUrl);
+  }
+  #openInbox(did, entry) {
+    const abort = new AbortController();
+    entry.inboxAbort = abort;
+    this.#runInboxLoop(did, entry, abort.signal);
+  }
+  async #runBroadcastLoop(signal) {
+    const url = this.#route(HTTP_ROUTE.ADVERTS);
+    let attempt = 0;
+    while (!signal.aborted) {
+      try {
+        const res = await this.#fetch(url, {
+          method: "GET",
+          headers: { accept: "text/event-stream" },
+          signal
+        });
+        if (!res.ok || !res.body) {
+          this.#logger.warn(`Broadcast subscribe failed: HTTP ${res.status}`);
+          await sleep(this.#backoff(attempt++), signal);
+          continue;
+        }
+        attempt = 0;
+        for await (const ev of parseSseStream(res.body)) {
+          if (signal.aborted) return;
+          if (ev.event !== SSE_EVENT.ADVERT) continue;
+          this.#dispatchBroadcast(ev.data);
+        }
+      } catch (err) {
+        if (signal.aborted) return;
+        this.#logger.debug("Broadcast loop error:", err);
+        try {
+          await sleep(this.#backoff(attempt++), signal);
+        } catch {
+          return;
+        }
+      }
+    }
+  }
+  async #runInboxLoop(did, entry, signal) {
+    const url = this.#route(HTTP_ROUTE.ACTOR_INBOX.replace("{did}", encodeURIComponent(did)));
+    let attempt = 0;
+    while (!signal.aborted) {
+      try {
+        const auth = buildRequestAuth(did, entry.keys, url.pathname);
+        const res = await this.#fetch(url, {
+          method: "GET",
+          headers: { accept: "text/event-stream", authorization: auth },
+          signal
+        });
+        if (!res.ok || !res.body) {
+          this.#logger.warn(`Inbox subscribe failed for ${did}: HTTP ${res.status}`);
+          await sleep(this.#backoff(attempt++), signal);
+          continue;
+        }
+        attempt = 0;
+        for await (const ev of parseSseStream(res.body)) {
+          if (signal.aborted) return;
+          if (ev.event !== SSE_EVENT.MESSAGE) continue;
+          await this.#dispatchInbox(ev.data, did, entry);
+        }
+      } catch (err) {
+        if (signal.aborted) return;
+        this.#logger.debug(`Inbox loop error for ${did}:`, err);
+        try {
+          await sleep(this.#backoff(attempt++), signal);
+        } catch {
+          return;
+        }
+      }
+    }
+  }
+  #dispatchBroadcast(dataJson) {
+    const envelope = parseEnvelope(dataJson, this.#logger);
+    if (!envelope) return;
+    const senderPk = this.#resolveSenderPk(envelope.from);
+    if (!senderPk) {
+      this.#logger.debug(`Broadcast from unresolvable DID: ${envelope.from}`);
+      return;
+    }
+    try {
+      verifyEnvelope(envelope, senderPk, { clockSkewSec: this.#clockSkewSec });
+    } catch (err) {
+      this.#logger.debug("Broadcast envelope verification failed:", err);
+      return;
+    }
+    const revived = reviveFromWire(envelope.message);
+    const flat = flattenMessage(revived);
+    const messageType = typeof flat.type === "string" ? flat.type : void 0;
+    if (!messageType) return;
+    for (const actor of this.#actors.values()) {
+      const handler = actor.handlers.get(messageType);
+      if (handler) void Promise.resolve(handler(flat));
+    }
+  }
+  async #dispatchInbox(dataJson, actorDid, entry) {
+    const envelope = parseEnvelope(dataJson, this.#logger);
+    if (!envelope) return;
+    const senderPk = this.#resolveSenderPk(envelope.from);
+    if (!senderPk) {
+      this.#logger.debug(`Inbox message from unresolvable DID: ${envelope.from}`);
+      return;
+    }
+    try {
+      verifyEnvelope(envelope, senderPk, {
+        clockSkewSec: this.#clockSkewSec,
+        expectedTo: actorDid
+      });
+    } catch (err) {
+      this.#logger.debug(`Inbox envelope verification failed for ${actorDid}:`, err);
+      return;
+    }
+    const revived = reviveFromWire(envelope.message);
+    const flat = flattenMessage(revived);
+    const messageType = typeof flat.type === "string" ? flat.type : void 0;
+    if (!messageType) return;
+    const handler = entry.handlers.get(messageType);
+    if (handler) await handler(flat);
+  }
+  #resolveSenderPk(did) {
+    const peerBytes = this.#peers.get(did);
+    if (peerBytes) {
+      try {
+        return new import_keypair2.CompressedSecp256k1PublicKey(peerBytes);
+      } catch {
+      }
+    }
+    try {
+      const components = Identifier.decode(did);
+      if (components.idType === "KEY") {
+        return new import_keypair2.CompressedSecp256k1PublicKey(components.genesisBytes);
+      }
+    } catch {
+    }
+    return void 0;
+  }
+};
+function sleep(ms, signal) {
+  if (ms <= 0) return Promise.resolve();
+  return new Promise((resolve, reject) => {
+    const onAbort = () => {
+      clearTimeout(timer);
+      reject(new Error("aborted"));
+    };
+    const timer = setTimeout(() => {
+      signal.removeEventListener("abort", onAbort);
+      resolve();
+    }, ms);
+    if (signal.aborted) onAbort();
+    else signal.addEventListener("abort", onAbort, { once: true });
+  });
+}
+async function safeText(res) {
+  try {
+    return await res.text();
+  } catch {
+    return "";
+  }
+}
+function parseEnvelope(dataJson, logger) {
+  try {
+    return JSON.parse(dataJson);
+  } catch (err) {
+    logger.debug("SSE event: failed to parse envelope JSON:", err);
+    return void 0;
+  }
+}
+function flattenMessage(msg) {
+  if (msg.body && typeof msg.body === "object") {
+    return { ...msg, ...msg.body };
+  }
+  return msg;
+}
+
+// src/core/aggregation/transport/http/server.ts
+var import_keypair3 = require("@did-btcr2/keypair");
+
+// src/core/aggregation/transport/http/inbox-buffer.ts
+var InboxBuffer = class {
+  #capacity;
+  #entries = [];
+  #nextId = 1;
+  constructor(capacity = 100) {
+    if (capacity < 1) throw new Error(`InboxBuffer capacity must be >= 1; got ${capacity}`);
+    this.#capacity = capacity;
+  }
+  /** Append an event. Returns the stored record (including its assigned id). */
+  append(event, data) {
+    const stored = { id: String(this.#nextId++), event, data };
+    this.#entries.push(stored);
+    if (this.#entries.length > this.#capacity) this.#entries.shift();
+    return stored;
+  }
+  /**
+   * Return stored events with id strictly greater than `lastEventId`. If
+   * `lastEventId` is unset or unparseable, returns everything currently
+   * retained.
+   */
+  since(lastEventId) {
+    if (!lastEventId) return this.#entries.slice();
+    const boundary = Number(lastEventId);
+    if (!Number.isFinite(boundary)) return this.#entries.slice();
+    return this.#entries.filter((e) => Number(e.id) > boundary);
+  }
+  /** Currently retained event count. */
+  size() {
+    return this.#entries.length;
+  }
+};
+
+// src/core/aggregation/transport/http/nonce-cache.ts
+var NonceCache = class {
+  #maxEntries;
+  #entries = /* @__PURE__ */ new Map();
+  constructor(config = {}) {
+    this.#maxEntries = config.maxEntries ?? 1e4;
+  }
+  /**
+   * Record a nonce. Returns `true` if it was novel (caller should accept the
+   * request) or `false` if it was a replay (caller should reject).
+   */
+  store(did, nonce, timestampSec) {
+    const key = `${did}:${nonce}`;
+    if (this.#entries.has(key)) return false;
+    this.#entries.set(key, timestampSec);
+    if (this.#entries.size > this.#maxEntries) {
+      const oldest = this.#entries.keys().next();
+      if (!oldest.done) this.#entries.delete(oldest.value);
+    }
+    return true;
+  }
+  /** Current cache size. Exposed for observability and tests. */
+  size() {
+    return this.#entries.size;
+  }
+};
+
+// src/core/aggregation/transport/http/rate-limiter.ts
+var InMemoryRateLimitStore = class {
+  #buckets = /* @__PURE__ */ new Map();
+  get(key) {
+    return this.#buckets.get(key);
+  }
+  set(key, state) {
+    this.#buckets.set(key, state);
+  }
+};
+var RateLimiter = class {
+  #rps;
+  #burst;
+  #store;
+  constructor(config = {}) {
+    this.#rps = config.rps ?? 10;
+    this.#burst = config.burst ?? 30;
+    this.#store = config.store ?? new InMemoryRateLimitStore();
+  }
+  /** Consume one token for `key`. Returns `true` if accepted, `false` if throttled. */
+  consume(key, nowMs) {
+    const existing = this.#store.get(key);
+    const state = existing ?? { tokens: this.#burst, lastRefillMs: nowMs };
+    if (existing) {
+      const elapsedSec = Math.max(0, (nowMs - existing.lastRefillMs) / 1e3);
+      state.tokens = Math.min(this.#burst, existing.tokens + elapsedSec * this.#rps);
+      state.lastRefillMs = nowMs;
+    }
+    if (state.tokens < 1) {
+      this.#store.set(key, state);
+      return false;
+    }
+    state.tokens -= 1;
+    this.#store.set(key, state);
+    return true;
+  }
+};
+
+// src/core/aggregation/transport/http/server.ts
+var INBOX_PATH_PREFIX = "/v1/actors/";
+var INBOX_PATH_SUFFIX = "/inbox";
+var DEFAULT_ADVERT_TTL_MS = 5 * 60 * 1e3;
+var DEFAULT_HEARTBEAT_MS = 2e4;
+var HttpServerTransport = class {
+  name = "http";
+  #logger;
+  #cors;
+  #clockSkewSec;
+  #inboxBufferSize;
+  #advertTtlMs;
+  #heartbeatMs;
+  #rateLimiter;
+  #nonceCache;
+  #now;
+  #actors = /* @__PURE__ */ new Map();
+  #peers = /* @__PURE__ */ new Map();
+  #inboxes = /* @__PURE__ */ new Map();
+  #broadcastSubscribers = /* @__PURE__ */ new Set();
+  #currentAdvert;
+  #advertSeq = 0;
+  constructor(config = {}) {
+    this.#logger = config.logger ?? CONSOLE_LOGGER;
+    this.#cors = config.cors ?? { mode: "permissive" };
+    this.#clockSkewSec = config.clockSkewSec ?? DEFAULT_CLOCK_SKEW_SEC;
+    this.#inboxBufferSize = config.inboxBufferSize ?? 100;
+    this.#advertTtlMs = config.advertTtlMs ?? DEFAULT_ADVERT_TTL_MS;
+    this.#heartbeatMs = config.heartbeatIntervalMs ?? DEFAULT_HEARTBEAT_MS;
+    this.#rateLimiter = config.rateLimiter ?? new RateLimiter();
+    this.#nonceCache = config.nonceCache ?? new NonceCache();
+    this.#now = config.now ?? (() => Date.now());
+  }
+  // ----------------------------------------------------------------
+  // Transport interface
+  // ----------------------------------------------------------------
+  start() {
+  }
+  /**
+   * Detach the transport: close every open SSE subscription, clear the advert
+   * cache, and drop all actor / peer / inbox state. Intended for shutdown and
+   * for test teardown.
+   */
+  stop() {
+    for (const sub of this.#broadcastSubscribers) this.#closeBroadcastSubscriber(sub);
+    this.#broadcastSubscribers.clear();
+    for (const inbox of this.#inboxes.values()) {
+      for (const sub of inbox.subscribers) this.#closeInboxSubscriber(sub);
+      inbox.subscribers.clear();
+    }
+    this.#inboxes.clear();
+    this.#currentAdvert = void 0;
+  }
+  registerActor(did, keys) {
+    this.#actors.set(did, { keys, handlers: /* @__PURE__ */ new Map() });
+  }
+  unregisterActor(did) {
+    this.#actors.delete(did);
+    this.#peers.delete(did);
+  }
+  getActorPk(did) {
+    return this.#actors.get(did)?.keys.publicKey.compressed;
+  }
+  registerPeer(did, communicationPk) {
+    try {
+      new import_keypair3.CompressedSecp256k1PublicKey(communicationPk);
+    } catch {
+      throw new HttpTransportError(
+        `Invalid peer public key for ${did}`,
+        "INVALID_PEER_KEY",
+        { did, keyLength: communicationPk.length }
+      );
+    }
+    this.#peers.set(did, communicationPk);
+  }
+  getPeerPk(did) {
+    return this.#peers.get(did);
+  }
+  registerMessageHandler(actorDid, messageType, handler) {
+    const actor = this.#actors.get(actorDid);
+    if (!actor) {
+      throw new HttpTransportError(
+        `Cannot register handler: actor ${actorDid} not registered`,
+        "UNKNOWN_ACTOR",
+        { did: actorDid }
+      );
+    }
+    actor.handlers.set(messageType, handler);
+  }
+  unregisterMessageHandler(actorDid, messageType) {
+    this.#actors.get(actorDid)?.handlers.delete(messageType);
+  }
+  async sendMessage(message, sender, recipient) {
+    if (!recipient) {
+      throw new HttpTransportError(
+        "HttpServerTransport.sendMessage requires a recipient. Use publishRepeating for broadcasts.",
+        "MISSING_RECIPIENT",
+        { messageType: message.type }
+      );
+    }
+    const actor = this.#actors.get(sender);
+    if (!actor) {
+      throw new HttpTransportError(
+        `Unknown sender: ${sender}`,
+        "UNKNOWN_SENDER",
+        { did: sender }
+      );
+    }
+    const envelope = signEnvelope(message, { did: sender, keys: actor.keys }, { to: recipient });
+    const dataJson = JSON.stringify(envelope);
+    const inbox = this.#getOrCreateInbox(recipient);
+    const stored = inbox.buffer.append(SSE_EVENT.MESSAGE, dataJson);
+    for (const sub of inbox.subscribers) {
+      this.#safeWrite(sub.stream, stored.event, stored.data, stored.id);
+    }
+  }
+  publishRepeating(message, sender, _intervalMs, _recipient) {
+    const actor = this.#actors.get(sender);
+    if (!actor) {
+      throw new HttpTransportError(`Unknown sender: ${sender}`, "UNKNOWN_SENDER", { did: sender });
+    }
+    const envelope = signEnvelope(message, { did: sender, keys: actor.keys });
+    const dataJson = JSON.stringify(envelope);
+    const id = String(++this.#advertSeq);
+    const expiresAtMs = this.#now() + this.#advertTtlMs;
+    this.#currentAdvert = { dataJson, id, expiresAtMs };
+    for (const sub of this.#broadcastSubscribers) {
+      this.#safeWrite(sub.stream, SSE_EVENT.ADVERT, dataJson, id);
+    }
+    return () => {
+      if (this.#currentAdvert?.id === id) this.#currentAdvert = void 0;
+    };
+  }
+  // ----------------------------------------------------------------
+  // Sans-I/O HTTP surface
+  // ----------------------------------------------------------------
+  /**
+   * Handle a POST / GET request (non-SSE). The caller dispatches SSE paths to
+   * {@link handleSse} instead. Returns a fully formed response; the caller's
+   * adapter turns it into an HTTP write.
+   */
+  async handleRequest(req) {
+    const method = req.method.toUpperCase();
+    if (method === "OPTIONS") return this.#respond(204, "", req);
+    const path = extractPath(req.url);
+    if (method === "GET" && path === HTTP_ROUTE.WELL_KNOWN) {
+      return this.#respondJson(200, this.#wellKnownMetadata(), req);
+    }
+    if (method === "POST" && path === HTTP_ROUTE.MESSAGES) {
+      return await this.#handleMessagesPost(req);
+    }
+    if (method === "POST" && path === HTTP_ROUTE.ADVERTS) {
+      return await this.#handleAdvertsPost(req);
+    }
+    return this.#respondJson(404, { error: "not_found" }, req);
+  }
+  /**
+   * Open an SSE stream for a GET request. The caller is responsible for
+   * flushing writes and propagating the `onClose` callback when the HTTP
+   * connection ends.
+   */
+  handleSse(req, stream) {
+    if (req.method.toUpperCase() !== "GET") {
+      stream.close();
+      return;
+    }
+    const path = extractPath(req.url);
+    if (path === HTTP_ROUTE.ADVERTS) {
+      this.#openBroadcastSubscription(stream);
+      return;
+    }
+    const inboxMatch = matchInboxPath(path);
+    if (inboxMatch) {
+      this.#openInboxSubscription(req, stream, inboxMatch.did, path);
+      return;
+    }
+    stream.close();
+  }
+  // ----------------------------------------------------------------
+  // Request handlers
+  // ----------------------------------------------------------------
+  async #handleMessagesPost(req) {
+    const envelope = parseJsonBody(req.body);
+    if (!envelope) return this.#respondJson(400, { error: "invalid_json" }, req);
+    const senderPk = this.#resolveSenderPk(envelope.from);
+    if (!senderPk) {
+      return this.#respondJson(401, { error: "unknown_sender" }, req);
+    }
+    try {
+      verifyEnvelope(envelope, senderPk, { clockSkewSec: this.#clockSkewSec });
+    } catch (err) {
+      this.#logger.debug("POST /v1/messages: envelope verification failed:", err);
+      return this.#respondJson(401, { error: "invalid_envelope" }, req);
+    }
+    if (!this.#nonceCache.store(envelope.from, envelope.nonce, envelope.timestamp)) {
+      return this.#respondJson(409, { error: "replay" }, req);
+    }
+    if (!this.#rateLimiter.consume(envelope.from, this.#now())) {
+      return this.#respondJson(429, { error: "rate_limited" }, req);
+    }
+    if (!envelope.to) {
+      return this.#respondJson(400, { error: "missing_recipient" }, req);
+    }
+    const actor = this.#actors.get(envelope.to);
+    if (!actor) {
+      return this.#respondJson(404, { error: "unknown_recipient" }, req);
+    }
+    const revived = reviveFromWire(envelope.message);
+    const flat = flattenMessage2(revived);
+    const messageType = typeof flat.type === "string" ? flat.type : void 0;
+    if (!messageType) return this.#respondJson(400, { error: "missing_message_type" }, req);
+    const handler = actor.handlers.get(messageType);
+    if (handler) {
+      try {
+        await handler(flat);
+      } catch (err) {
+        this.#logger.debug(`Handler threw for ${messageType}:`, err);
+      }
+    }
+    return this.#respondJson(202, { ok: true }, req);
+  }
+  async #handleAdvertsPost(req) {
+    const envelope = parseJsonBody(req.body);
+    if (!envelope) return this.#respondJson(400, { error: "invalid_json" }, req);
+    const senderPk = this.#resolveSenderPk(envelope.from);
+    if (!senderPk) return this.#respondJson(401, { error: "unknown_sender" }, req);
+    try {
+      verifyEnvelope(envelope, senderPk, { clockSkewSec: this.#clockSkewSec });
+    } catch {
+      return this.#respondJson(401, { error: "invalid_envelope" }, req);
+    }
+    if (!this.#nonceCache.store(envelope.from, envelope.nonce, envelope.timestamp)) {
+      return this.#respondJson(409, { error: "replay" }, req);
+    }
+    if (!this.#rateLimiter.consume(envelope.from, this.#now())) {
+      return this.#respondJson(429, { error: "rate_limited" }, req);
+    }
+    if (!this.#actors.has(envelope.from)) {
+      return this.#respondJson(403, { error: "not_an_actor" }, req);
+    }
+    const id = String(++this.#advertSeq);
+    this.#currentAdvert = {
+      dataJson: JSON.stringify(envelope),
+      id,
+      expiresAtMs: this.#now() + this.#advertTtlMs
+    };
+    for (const sub of this.#broadcastSubscribers) {
+      this.#safeWrite(sub.stream, SSE_EVENT.ADVERT, this.#currentAdvert.dataJson, id);
+    }
+    return this.#respondJson(202, { ok: true }, req);
+  }
+  #openBroadcastSubscription(stream) {
+    const sub = { stream };
+    this.#broadcastSubscribers.add(sub);
+    stream.onClose(() => {
+      this.#closeBroadcastSubscriber(sub);
+      this.#broadcastSubscribers.delete(sub);
+    });
+    if (this.#currentAdvert && this.#currentAdvert.expiresAtMs > this.#now()) {
+      this.#safeWrite(stream, SSE_EVENT.ADVERT, this.#currentAdvert.dataJson, this.#currentAdvert.id);
+    }
+    if (this.#heartbeatMs > 0) {
+      sub.heartbeatTimer = setInterval(() => {
+        try {
+          stream.writeComment("hb");
+        } catch {
+        }
+      }, this.#heartbeatMs);
+    }
+  }
+  #openInboxSubscription(req, stream, did, path) {
+    const auth = req.headers.authorization;
+    if (!auth) {
+      this.#logger.debug(`Inbox subscribe: missing authorization header for ${did}`);
+      stream.close();
+      return;
+    }
+    const senderPk = this.#resolveSenderPk(did);
+    if (!senderPk) {
+      stream.close();
+      return;
+    }
+    let parsedTs = 0;
+    let parsedNonce = "";
+    try {
+      const parsed = verifyRequestAuth(auth, path, senderPk, {
+        clockSkewSec: this.#clockSkewSec,
+        now: () => this.#now()
+      });
+      if (parsed.did !== did) {
+        stream.close();
+        return;
+      }
+      parsedTs = parsed.ts;
+      parsedNonce = parsed.nonce;
+    } catch (err) {
+      this.#logger.debug(`Inbox subscribe: auth verification failed for ${did}:`, err);
+      stream.close();
+      return;
+    }
+    if (!this.#nonceCache.store(did, parsedNonce, parsedTs)) {
+      stream.close();
+      return;
+    }
+    if (!this.#rateLimiter.consume(did, this.#now())) {
+      stream.close();
+      return;
+    }
+    const inbox = this.#getOrCreateInbox(did);
+    const sub = { stream };
+    inbox.subscribers.add(sub);
+    stream.onClose(() => {
+      this.#closeInboxSubscriber(sub);
+      inbox.subscribers.delete(sub);
+    });
+    const lastEventId = req.headers["last-event-id"];
+    for (const stored of inbox.buffer.since(lastEventId)) {
+      this.#safeWrite(stream, stored.event, stored.data, stored.id);
+    }
+    if (this.#heartbeatMs > 0) {
+      sub.heartbeatTimer = setInterval(() => {
+        try {
+          stream.writeComment("hb");
+        } catch {
+        }
+      }, this.#heartbeatMs);
+    }
+  }
+  // ----------------------------------------------------------------
+  // Internal helpers
+  // ----------------------------------------------------------------
+  #getOrCreateInbox(did) {
+    let inbox = this.#inboxes.get(did);
+    if (!inbox) {
+      inbox = { buffer: new InboxBuffer(this.#inboxBufferSize), subscribers: /* @__PURE__ */ new Set() };
+      this.#inboxes.set(did, inbox);
+    }
+    return inbox;
+  }
+  #resolveSenderPk(did) {
+    const peerBytes = this.#peers.get(did);
+    if (peerBytes) {
+      try {
+        return new import_keypair3.CompressedSecp256k1PublicKey(peerBytes);
+      } catch {
+      }
+    }
+    try {
+      const components = Identifier.decode(did);
+      if (components.idType === "KEY") {
+        return new import_keypair3.CompressedSecp256k1PublicKey(components.genesisBytes);
+      }
+    } catch {
+    }
+    return void 0;
+  }
+  #safeWrite(stream, event, data, id) {
+    try {
+      stream.writeEvent(event, data, id);
+    } catch (err) {
+      this.#logger.debug("SSE writeEvent failed:", err);
+    }
+  }
+  #closeBroadcastSubscriber(sub) {
+    if (sub.heartbeatTimer) clearInterval(sub.heartbeatTimer);
+    try {
+      sub.stream.close();
+    } catch {
+    }
+  }
+  #closeInboxSubscriber(sub) {
+    if (sub.heartbeatTimer) clearInterval(sub.heartbeatTimer);
+    try {
+      sub.stream.close();
+    } catch {
+    }
+  }
+  #respondJson(status, body, req) {
+    return {
+      status,
+      headers: { "content-type": "application/json", ...this.#corsHeaders(req) },
+      body: JSON.stringify(body)
+    };
+  }
+  #respond(status, body, req) {
+    return { status, headers: this.#corsHeaders(req), body };
+  }
+  #corsHeaders(req) {
+    const origin = req.headers.origin;
+    if (!origin) return {};
+    const common = {
+      "access-control-allow-methods": "GET, POST, OPTIONS",
+      "access-control-allow-headers": "authorization, content-type, last-event-id",
+      "access-control-max-age": "86400"
+    };
+    switch (this.#cors.mode) {
+      case "permissive":
+        return { "access-control-allow-origin": "*", ...common };
+      case "allowlist":
+        if (this.#cors.origins.includes(origin)) {
+          return { "access-control-allow-origin": origin, vary: "origin", ...common };
+        }
+        return {};
+      case "same-origin":
+        return {};
+    }
+  }
+  #wellKnownMetadata() {
+    return {
+      envelopeVersion: HTTP_ENVELOPE_VERSION,
+      heartbeatIntervalMs: this.#heartbeatMs,
+      inboxBufferSize: this.#inboxBufferSize,
+      advertTtlMs: this.#advertTtlMs
+    };
+  }
+};
+function extractPath(reqUrl) {
+  if (reqUrl.startsWith("http://") || reqUrl.startsWith("https://")) {
+    return new URL(reqUrl).pathname;
+  }
+  const q = reqUrl.indexOf("?");
+  return q === -1 ? reqUrl : reqUrl.slice(0, q);
+}
+function matchInboxPath(path) {
+  if (!path.startsWith(INBOX_PATH_PREFIX) || !path.endsWith(INBOX_PATH_SUFFIX)) return void 0;
+  const encodedDid = path.slice(INBOX_PATH_PREFIX.length, path.length - INBOX_PATH_SUFFIX.length);
+  if (!encodedDid) return void 0;
+  try {
+    return { did: decodeURIComponent(encodedDid) };
+  } catch {
+    return void 0;
+  }
+}
+function parseJsonBody(body) {
+  if (body === void 0 || body === "") return void 0;
+  try {
+    return JSON.parse(body);
+  } catch {
+    return void 0;
+  }
+}
+function flattenMessage2(msg) {
+  if (msg.body && typeof msg.body === "object") {
+    return { ...msg, ...msg.body };
+  }
+  return msg;
+}
+
+// src/core/aggregation/transport/nostr.ts
+var import_keypair4 = require("@did-btcr2/keypair");
+var import_utils6 = require("@noble/hashes/utils");
+var import_nostr_tools = require("nostr-tools");
+var import_pool = require("nostr-tools/pool");
+var DEFAULT_NOSTR_RELAYS = [
+  "wss://relay.damus.io",
+  "wss://nos.lol",
+  "wss://relay.snort.social",
+  "wss://nostr-pub.wellorder.net"
+];
+var DEFAULT_BROADCAST_LOOKBACK_MS = 5 * 60 * 1e3;
+var NostrTransport = class _NostrTransport {
+  name = "nostr";
+  pool;
+  #relays;
+  #actors = /* @__PURE__ */ new Map();
+  #peerRegistry = /* @__PURE__ */ new Map();
+  #started = false;
+  #logger;
+  #broadcastLookbackMs;
+  constructor(config) {
+    this.#relays = config?.relays ?? DEFAULT_NOSTR_RELAYS;
+    this.#logger = config?.logger ?? CONSOLE_LOGGER;
+    this.#broadcastLookbackMs = config?.broadcastLookbackMs ?? DEFAULT_BROADCAST_LOOKBACK_MS;
+  }
+  /**
+   * Registers an actor (DID + keys) to send/receive messages with.
+   * Must be called before start() to ensure subscriptions are created for the actor.
+   * @param {string} did - The DID of the actor.
+   * @param {SchnorrKeyPair} keys - The Schnorr key pair for the actor.
+   * @throws {TransportAdapterError} If the actor is already registered or if the transport has already started.
+   * @example
+   * const transport = new NostrTransport();
+   * const keys = SchnorrKeyPair.generate();
+   * const did = DidBtcr2.create(keys.publicKey.compressed, { idType: 'KEY', network: 'mutinynet' });
+   * transport.registerActor(did, keys);
+   * transport.start();
+   */
+  registerActor(did, keys) {
+    const entry = { keys, handlers: /* @__PURE__ */ new Map(), subscriptions: [] };
+    this.#actors.set(did, entry);
+    if (this.#started && this.pool) {
+      this.#subscribeDirected(did, entry);
+    }
+  }
+  /**
+   * Detach an actor: drop its handlers, close its relay subscriptions, and remove its keys + peer
+   * mapping. Idempotent.
+   * @param {string} did - The DID of the actor to unregister.
+   * @returns {void}
+   * @throws {TransportAdapterError} If the transport is not started or if the pool is unavailable.
+   * @example
+   * transport.unregisterActor(did);
+   */
+  unregisterActor(did) {
+    const entry = this.#actors.get(did);
+    if (!entry) return;
+    for (const sub of entry.subscriptions) {
+      try {
+        sub.close();
+      } catch (err) {
+        this.#logger.debug(`Error closing subscription for ${did}:`, err);
+      }
+    }
+    entry.subscriptions.length = 0;
+    entry.handlers.clear();
+    this.#actors.delete(did);
+    this.#peerRegistry.delete(did);
+  }
+  /**
+   * Remove a single (actor, messageType) handler. Idempotent.
+   * @param {string} actorDid - The DID of the actor.
+   * @param {string} messageType - The type of message to unregister the handler for.
+   * @returns {void}
+   * @example
+   * transport.unregisterMessageHandler(actorDid, messageType);
+   */
+  unregisterMessageHandler(actorDid, messageType) {
+    const actor = this.#actors.get(actorDid);
+    if (!actor) return;
+    actor.handlers.delete(messageType);
+  }
+  /**
+   * Gets the public key for a registered actor by their DID.
+   * @param {string} did - The DID of the registered actor to get the public key for.
+   * @returns {Uint8Array | undefined} The compressed public key bytes for the actor's DID, or
+   * undefined if the DID is not registered.
+   */
+  getActorPk(did) {
+    return this.#actors.get(did)?.keys.publicKey.compressed;
+  }
+  /**
+   * Registers a peer's communication public key for encrypted messages.
+   * @param {string} did - The DID of the peer to register.
+   * @param {Uint8Array} communicationPk - The compressed secp256k1 public key bytes for the peer.
+   */
+  registerPeer(did, communicationPk) {
+    try {
+      new import_keypair4.CompressedSecp256k1PublicKey(communicationPk);
+    } catch {
+      throw new TransportAdapterError(
+        `Invalid communication public key for peer ${did}: expected a 33-byte compressed secp256k1 key.`,
+        "INVALID_PEER_KEY",
+        { adapter: this.name, did, keyLength: communicationPk.length }
+      );
+    }
+    this.#peerRegistry.set(did, communicationPk);
+  }
+  /**
+   * Gets the registered communication public key for a peer by their DID.
+   * @param {string} did - The DID of the peer to get the communication public key for.
+   * @returns {Uint8Array | undefined} The compressed secp256k1 public key bytes for the peer, or
+   * undefined if the peer is not registered.
+   */
+  getPeerPk(did) {
+    return this.#peerRegistry.get(did);
+  }
+  /**
+   * Registers a message handler function for a specific actor and message type. The handler will be called
+   * when a message of the specified type is received for the actor's DID. The transport must have been
+   * started for handlers to be invoked. If the transport is already started, the handler will be registered
+   * immediately; otherwise, it will be registered when the transport starts and the actor's subscription is created.
+   * @param {string} actorDid - The DID of the actor to register the message handler for.
+   * @param {string} messageType - The type of message to handle.
+   * @param {MessageHandler} handler - The function to handle incoming messages of the specified type.
+   * @throws {TransportAdapterError} If the actor DID is not registered or if the handler is invalid.
+   */
+  registerMessageHandler(actorDid, messageType, handler) {
+    const actor = this.#actors.get(actorDid);
+    if (!actor) {
+      throw new TransportAdapterError(
+        `Cannot register handler: actor ${actorDid} not registered. Call registerActor() first.`,
+        "UNKNOWN_ACTOR_ERROR",
+        { adapter: this.name, did: actorDid }
+      );
+    }
+    actor.handlers.set(messageType, handler);
+  }
+  /**
+   * Starts the transport by connecting to the configured Nostr relays and setting up subscriptions
+   * for all registered actors. This method must be called after registering actors via registerActor()
+   * and before sending or receiving messages. The transport will subscribe to broadcast events (kind 1)
+   * for cohort adverts and directed events (kinds 1 and 1059) for each registered actor based on their
+   * public keys. Incoming events are processed and dispatched to the appropriate handlers based on
+   * message type. If the transport is already started, this method has no effect.
+   * @returns {NostrTransport}
+   */
+  start() {
+    if (this.#started) return this;
+    this.#started = true;
+    this.pool = new import_pool.SimplePool();
+    const broadcastFilter = {
+      kinds: [1],
+      "#t": [COHORT_ADVERT]
+    };
+    if (this.#broadcastLookbackMs > 0) {
+      broadcastFilter.since = Math.floor((Date.now() - this.#broadcastLookbackMs) / 1e3);
+    }
+    this.pool.subscribeMany(this.#relays, broadcastFilter, {
+      onclose: (reasons) => this.#logger.debug("Nostr broadcast subscription closed", reasons),
+      onevent: this.#handleBroadcastEvent.bind(this)
+    });
+    for (const [did, entry] of this.#actors) {
+      this.#subscribeDirected(did, entry);
+    }
+    this.#logger.info(`NostrTransport started, listening on ${this.#relays.length} relay(s)`);
+    return this;
+  }
+  /**
+   * Sends a message by publishing a Nostr event to the configured relays. The message is serialized
+   * as JSON and included in the event content.
+   * @param {BaseMessage} message - The aggregation message to send. Must include a valid `type` property.
+   * @param {Did} sender - The DID of the registered actor sending the message. Must have been
+   * registered via registerActor().
+   * @param {Did} [to] - Optional recipient DID for directed messages. Required for encrypted message
+   * types. If provided, must have been registered via registerPeer().
+   * @returns {Promise<void>} Resolves when the message has been published to the relays. Note that
+   * publication is best-effort: the method will resolve as long as at least one relay accepts the
+   * event, even if others reject it.
+   */
+  async sendMessage(message, sender, to) {
+    const type = message.type;
+    if (!type) {
+      throw new TransportAdapterError(
+        "Message type is undefined",
+        "SEND_MESSAGE_ERROR",
+        { adapter: this.name, type }
+      );
+    }
+    const actor = this.#actors.get(sender);
+    if (!actor) {
+      throw new TransportAdapterError(
+        `Unknown sender: ${sender}. Call registerActor() before sending messages.`,
         "UNKNOWN_ACTOR_ERROR",
         { adapter: this.name, did: sender }
       );
     }
     const senderKeys = actor.keys;
     const tags = [
-      ["p", (0, import_utils4.bytesToHex)(senderKeys.publicKey.x)],
+      ["p", (0, import_utils6.bytesToHex)(senderKeys.publicKey.x)],
       ["t", type]
     ];
     if (to) {
       const recipientPkBytes = this.#peerRegistry.get(to);
       if (recipientPkBytes) {
-        const recipientPk = new import_keypair.CompressedSecp256k1PublicKey(recipientPkBytes);
-        tags.push(["p", (0, import_utils4.bytesToHex)(recipientPk.x)]);
+        const recipientPk = new import_keypair4.CompressedSecp256k1PublicKey(recipientPkBytes);
+        tags.push(["p", (0, import_utils6.bytesToHex)(recipientPk.x)]);
       }
     }
     if (isKeygenMessageType(type)) {
@@ -1559,7 +3381,7 @@ var NostrTransport = class _NostrTransport {
         tags,
         content: JSON.stringify(message, _NostrTransport.#jsonReplacer)
       }, senderKeys.secretKey.bytes);
-      console.debug(`Publishing kind 1 [${type}]`);
+      this.#logger.debug(`Publishing kind 1 [${type}]`);
       await this.#publishToRelays(event);
       return;
     }
@@ -1579,10 +3401,10 @@ var NostrTransport = class _NostrTransport {
           { adapter: this.name, did: to }
         );
       }
-      const recipientPk = new import_keypair.CompressedSecp256k1PublicKey(recipientPkBytes);
+      const recipientPk = new import_keypair4.CompressedSecp256k1PublicKey(recipientPkBytes);
       const conversationKey = import_nostr_tools.nip44.v2.utils.getConversationKey(
         senderKeys.secretKey.bytes,
-        (0, import_utils4.bytesToHex)(recipientPk.x)
+        (0, import_utils6.bytesToHex)(recipientPk.x)
       );
       const content = import_nostr_tools.nip44.v2.encrypt(JSON.stringify(message, _NostrTransport.#jsonReplacer), conversationKey);
       const event = (0, import_nostr_tools.finalizeEvent)({
@@ -1591,25 +3413,70 @@ var NostrTransport = class _NostrTransport {
         tags,
         content
       }, senderKeys.secretKey.bytes);
-      console.debug(`Publishing kind 1059 [${type}]`);
+      this.#logger.debug(`Publishing kind 1059 [${type}]`);
       await this.#publishToRelays(event);
       return;
     }
-    console.warn(`Unsupported message type: ${type}`);
+    this.#logger.warn(`Unsupported message type: ${type}`);
+  }
+  /**
+   * Publish the message once immediately and then re-publish on an interval
+   * until the returned stop function is invoked.
+   *
+   * Useful for broadcast messages (COHORT_ADVERT) on relays that don't
+   * backfill historical events to late subscribers: republishing gives late
+   * joiners a window to discover the message without requiring protocol
+   * changes. Relay rate-limit / publish failures inside the interval are
+   * caught and logged rather than propagated — the caller should stop the
+   * repeater once the protocol condition is satisfied.
+   */
+  publishRepeating(message, sender, intervalMs, recipient) {
+    let stopped = false;
+    void this.sendMessage(message, sender, recipient).catch((err) => {
+      this.#logger.debug("publishRepeating first send failed:", err);
+    });
+    const timer = setInterval(() => {
+      if (stopped) return;
+      void this.sendMessage(message, sender, recipient).catch((err) => {
+        this.#logger.debug("publishRepeating retry failed:", err);
+      });
+    }, intervalMs);
+    return () => {
+      if (stopped) return;
+      stopped = true;
+      clearInterval(timer);
+    };
   }
+  /**
+   * Creates a directed subscription for the given actor, filtering for messages that match the
+   * actor's public key. Messages received on this subscription are dispatched to the actor's
+   * registered handlers based on message type.
+   * @param {string} did - The DID of the actor to create the subscription for.
+   * @param {ActorEntry} entry - The actor's registration entry containing keys and handlers.
+   * @returns {void}
+   * @throws {TransportAdapterError} If the transport is not started or if the pool is unavailable.
+   */
   #subscribeDirected(did, entry) {
     if (!this.pool) return;
-    const pkHex = (0, import_utils4.bytesToHex)(entry.keys.publicKey.x);
-    const since = Math.floor(Date.now() / 1e3);
-    this.pool.subscribeMany(this.#relays, { kinds: [1, 1059], "#p": [pkHex], since }, {
-      onclose: (reasons) => console.debug(`Nostr directed subscription closed for ${did}`, reasons),
+    const pkHex = (0, import_utils6.bytesToHex)(entry.keys.publicKey.x);
+    const sub = this.pool.subscribeMany(this.#relays, { kinds: [1, 1059], "#p": [pkHex] }, {
+      onclose: (reasons) => this.#logger.debug(`Nostr directed subscription closed for ${did}`, reasons),
       onevent: this.#makeActorEventHandler(did)
     });
+    entry.subscriptions.push(sub);
   }
+  /**
+   * Creates an event handler function for a specific actor that processes incoming events, decrypts
+   * if necessary, and dispatches messages to the actor's registered handlers based on message type.
+   * @param {string} actorDid - The DID of the actor to create the event handler for.
+   * @returns {(event: Event) => Promise<void>} An asynchronous event handler function that
+   * processes incoming events for the specified actor.
+   */
   #makeActorEventHandler(actorDid) {
     return async (event) => {
       const actor = this.#actors.get(actorDid);
       if (!actor) return;
+      if (event.pubkey === (0, import_utils6.bytesToHex)(actor.keys.publicKey.x)) return;
       let message;
       try {
         if (event.kind === 1) {
@@ -1625,19 +3492,29 @@ var NostrTransport = class _NostrTransport {
           return;
         }
       } catch (err) {
-        console.debug(`Failed to parse event ${event.id} for ${actorDid}:`, err);
+        this.#logger.debug(`Failed to parse event ${event.id} for ${actorDid}:`, err);
         return;
       }
       this.#dispatchMessage(message, actor);
     };
   }
+  /**
+   * Handles incoming broadcast events (kind 1) by parsing the event content, validating it as an
+   * aggregation message, and dispatching it to all registered actors that have handlers for the
+   * message type. This is used for COHORT_ADVERT messages that need to be received by all actors
+   * regardless of DID.
+   * @param {Event} event - The Nostr event to handle, expected to be a kind 1 broadcast containing
+   * a COHORT_ADVERT message. The event content is parsed and dispatched to all registered actors
+   * that have handlers for the
+   * @returns
+   */
   async #handleBroadcastEvent(event) {
     if (event.kind !== 1) return;
     let message;
     try {
       message = JSON.parse(event.content, _NostrTransport.#jsonReviver);
     } catch (err) {
-      console.debug(`Failed to parse broadcast event ${event.id}:`, err);
+      this.#logger.debug(`Failed to parse broadcast event ${event.id}:`, err);
       return;
     }
     if (message.body && typeof message.body === "object") {
@@ -1650,6 +3527,18 @@ var NostrTransport = class _NostrTransport {
       if (handler) await handler(message);
     }
   }
+  /**
+   * Dispatches a parsed message to the appropriate handler of a registered actor based on message type.
+   * The message is expected to have already been parsed from the Nostr event content and validated as
+   * an aggregation message. If the message has a body, its properties are merged into the top-level
+   * message object for easier handler access. The message is then dispatched to the handler registered
+   * for its type, if one exists.
+   * @param {Record<string, unknown>} message - The message object parsed from a Nostr event, expected to
+   * @param {ActorEntry} actor - The registered actor entry containing keys and handlers to dispatch the message to.
+   * @returns {void}
+   * @throws {TransportAdapterError} If the message type is unsupported or if no handler is registered
+   * for the message type.
+   */
   #dispatchMessage(message, actor) {
     if (message.body && typeof message.body === "object") {
       message = { ...message, ...message.body };
@@ -1659,6 +3548,16 @@ var NostrTransport = class _NostrTransport {
     const handler = actor.handlers.get(messageType);
     if (handler) handler(message);
   }
+  /**
+   * Publishes a Nostr event to the configured relays and handles the results. The method waits for all
+   * relay promises to settle and checks how many accepted or rejected the event. If all relays reject the event,
+   * an error is thrown. Otherwise, the method completes successfully even if some relays rejected the event,
+   * as long as at least one relay accepted it. Relay rejections are logged for debugging purposes.
+   * @param {Event} event - The Nostr event to publish to the configured relays. The event should already
+   * @returns {Promise<void>} A promise that resolves if the event was accepted by at least one relay, or rejects
+   * with a TransportAdapterError if all relays rejected the event.
+   * @throws {TransportAdapterError} If the pool is not initialized or if all relays reject the event.
+   */
   async #publishToRelays(event) {
     const relayPromises = this.pool?.publish(this.#relays, event);
     if (!relayPromises?.length) return;
@@ -1666,7 +3565,7 @@ var NostrTransport = class _NostrTransport {
     const accepted = results.filter((r) => r.status === "fulfilled").length;
     const rejected = results.filter((r) => r.status === "rejected");
     for (const r of rejected) {
-      console.debug(`Relay rejected event ${event.id}: ${r.reason}`);
+      this.#logger.debug(`Relay rejected event ${event.id}: ${r.reason}`);
     }
     if (accepted === 0) {
       throw new TransportAdapterError(
@@ -1676,15 +3575,39 @@ var NostrTransport = class _NostrTransport {
       );
     }
   }
+  /**
+   * Custom JSON replacer to handle serialization of Uint8Array values as hex strings in message
+   * content. This allows messages containing binary data (e.g. public keys, signatures) to be correctly
+   * serialized to JSON for Nostr event content. The replacer checks if a value is a Uint8Array and, if so,
+   * converts it to a hex string wrapped in an object with a __bytes property. The corresponding reviver
+   * can then convert this back to a Uint8Array when parsing the message content from the event.
+   * @param {string} _key - The key of the property being processed.
+   * @param {unknown} value - The value to check if the message type is valid.
+   * @returns {unknown} The transformed value for JSON serialization. If the value is a Uint8Array,
+   * it returns an object with a __bytes property containing the hex string. Otherwise, it returns
+   * the value unchanged.
+   */
   static #jsonReplacer(_key, value) {
     if (value instanceof Uint8Array) {
-      return { __bytes: (0, import_utils4.bytesToHex)(value) };
+      return { __bytes: (0, import_utils6.bytesToHex)(value) };
     }
     return value;
   }
+  /**
+   * Custom JSON reviver to handle deserialization of hex strings back into Uint8Array values in message
+   * content. This complements the custom replacer used during serialization, allowing messages that contain
+   * binary data (e.g. public keys, signatures) to be correctly reconstructed when parsing JSON from
+   * Nostr event content. The reviver checks if a value is an object with a __bytes property and,
+   * if so, converts the hex string back into a Uint8Array. Otherwise, it returns the value unchanged.
+   * @param {string} _key - The key of the property being processed.
+   * @param {unknown} value - The value to check if it is an object containing a __bytes property for
+   * hex string conversion.
+   * @returns {unknown} The transformed value for JSON deserialization. If the value is an object
+   * with a __bytes property, it returns a Uint8Array. Otherwise, it returns the value unchanged.
+   */
   static #jsonReviver(_key, value) {
     if (value && typeof value === "object" && "__bytes" in value) {
-      return (0, import_utils4.hexToBytes)(value.__bytes);
+      return (0, import_utils6.hexToBytes)(value.__bytes);
     }
     return value;
   }
@@ -1695,9 +3618,19 @@ var TransportFactory = class {
   static establish(config) {
     switch (config.type) {
       case "nostr":
-        return new NostrTransport({ relays: config.relays });
+        return new NostrTransport({
+          relays: config.relays,
+          logger: config.logger,
+          broadcastLookbackMs: config.broadcastLookbackMs
+        });
       case "didcomm":
-        throw new import_common5.NotImplementedError("DIDComm transport not implemented yet.");
+        throw new import_common10.NotImplementedError("DIDComm transport not implemented yet.");
+      case "http":
+        if (config.role === "client") return new HttpClientTransport(config);
+        if (config.role === "server") return new HttpServerTransport(config);
+        throw new import_common10.NotImplementedError(
+          `HTTP transport role not implemented: ${config.role}`
+        );
       default:
         throw new TransportError(
           `Invalid transport type: ${config.type}`,
@@ -1709,32 +3642,58 @@ var TransportFactory = class {
 };
 
 // src/core/aggregation/transport/didcomm.ts
-var import_common6 = require("@did-btcr2/common");
+var import_common11 = require("@did-btcr2/common");
 var DidCommTransport = class {
   name = "didcomm";
   start() {
-    throw new import_common6.NotImplementedError("DidCommTransport not implemented. Use NostrTransport instead.");
+    throw new import_common11.NotImplementedError("DidCommTransport not implemented. Use NostrTransport instead.");
   }
   registerActor(_did, _keys) {
-    throw new import_common6.NotImplementedError("DidCommTransport not implemented.");
+    throw new import_common11.NotImplementedError("DidCommTransport not implemented.");
   }
   getActorPk(_did) {
-    throw new import_common6.NotImplementedError("DidCommTransport not implemented.");
+    throw new import_common11.NotImplementedError("DidCommTransport not implemented.");
   }
   registerPeer(_did, _communicationPk) {
-    throw new import_common6.NotImplementedError("DidCommTransport not implemented.");
+    throw new import_common11.NotImplementedError("DidCommTransport not implemented.");
   }
   getPeerPk(_did) {
-    throw new import_common6.NotImplementedError("DidCommTransport not implemented.");
+    throw new import_common11.NotImplementedError("DidCommTransport not implemented.");
   }
   registerMessageHandler(_actorDid, _messageType, _handler) {
-    throw new import_common6.NotImplementedError("DidCommTransport not implemented.");
+    throw new import_common11.NotImplementedError("DidCommTransport not implemented.");
+  }
+  unregisterMessageHandler(_actorDid, _messageType) {
+    throw new import_common11.NotImplementedError("DidCommTransport not implemented.");
+  }
+  unregisterActor(_did) {
+    throw new import_common11.NotImplementedError("DidCommTransport not implemented.");
   }
   async sendMessage(_message, _sender, _recipient) {
-    throw new import_common6.NotImplementedError("DidCommTransport not implemented.");
+    throw new import_common11.NotImplementedError("DidCommTransport not implemented.");
+  }
+  publishRepeating(_message, _sender, _intervalMs, _recipient) {
+    throw new import_common11.NotImplementedError("DidCommTransport not implemented.");
   }
 };
 
+// src/core/aggregation/transport/http/sse-writer.ts
+function formatSseEvent(event, data, id) {
+  const lines = [];
+  if (id !== void 0) lines.push(`id: ${id}`);
+  lines.push(`event: ${event}`);
+  for (const part of data.split("\n")) lines.push(`data: ${part}`);
+  lines.push("");
+  lines.push("");
+  return lines.join("\n");
+}
+function formatSseComment(comment) {
+  const safe = comment.replace(/\n/g, " ");
+  return `: ${safe}
+
+`;
+}
+
 // src/core/aggregation/runner/typed-emitter.ts
 var TypedEventEmitter = class {
   #listeners = /* @__PURE__ */ new Map();
@@ -1790,7 +3749,8 @@ var TypedEventEmitter = class {
 };
 
 // src/core/aggregation/runner/service-runner.ts
-var AggregationServiceRunner = class extends TypedEventEmitter {
+var DEFAULT_ADVERT_REPEAT_INTERVAL_MS = 6e4;
+var AggregationServiceRunner = class _AggregationServiceRunner extends TypedEventEmitter {
   /** Direct access to the underlying state machine for advanced use. */
   session;
   #transport;
@@ -1799,11 +3759,26 @@ var AggregationServiceRunner = class extends TypedEventEmitter {
   #onOptInReceived;
   #onReadyToFinalize;
   #onProvideTxData;
+  #cohortTtlMs;
+  #phaseTimeoutMs;
+  #advertRepeatIntervalMs;
   #cohortId;
   #handlersRegistered = false;
   #stopped = false;
+  /**
+   * Guard against the async race where two concurrent #handleOptIn invocations
+   * both pass the `participants.length >= minParticipants` check before either
+   * mutates the cohort phase. Set synchronously before any `await` so subsequent
+   * handlers observe it on their next resumption.
+   */
+  #finalizing = false;
   #resolveRun;
   #rejectRun;
+  #cohortTtlTimer;
+  #phaseTimer;
+  #lastObservedPhase;
+  /** Stop handle for the repeating COHORT_ADVERT publish loop. */
+  #stopAdvertRepeat;
   constructor(options) {
     super();
     this.#transport = options.transport;
@@ -1814,7 +3789,25 @@ var AggregationServiceRunner = class extends TypedEventEmitter {
       finalize: acceptedCount >= minRequired
     }));
     this.#onProvideTxData = options.onProvideTxData;
-    this.session = new AggregationService({ did: options.did, keys: options.keys });
+    this.#cohortTtlMs = options.cohortTtlMs;
+    this.#phaseTimeoutMs = options.phaseTimeoutMs;
+    this.#advertRepeatIntervalMs = options.advertRepeatIntervalMs ?? DEFAULT_ADVERT_REPEAT_INTERVAL_MS;
+    this.session = new AggregationService({
+      did: options.did,
+      keys: options.keys,
+      maxUpdateSizeBytes: options.maxUpdateSizeBytes
+    });
+  }
+  /**
+   * Drain any silent rejections the state machine recorded during the most
+   * recent receive() and surface them as `message-rejected` events. Safe to
+   * call even before a cohortId is assigned.
+   */
+  #drainRejections() {
+    if (!this.#cohortId) return;
+    for (const r of this.session.drainRejections(this.#cohortId)) {
+      this.emit("message-rejected", { cohortId: this.#cohortId, ...r });
+    }
   }
   /**
    * Run the protocol to completion. Resolves with the final aggregation result
@@ -1829,22 +3822,103 @@ var AggregationServiceRunner = class extends TypedEventEmitter {
       try {
         this.#registerHandlers();
         this.#cohortId = this.session.createCohort(this.#config);
+        this.#startTimers();
         const advertMsgs = this.session.advertise(this.#cohortId);
+        this.#onPhaseMaybeChanged();
         this.emit("cohort-advertised", { cohortId: this.#cohortId });
-        this.#sendAll(advertMsgs).catch((err) => this.#fail(err));
+        if (this.#advertRepeatIntervalMs > 0) {
+          this.#startAdvertRepeat(advertMsgs);
+        } else {
+          this.#sendAll(advertMsgs).catch((err) => this.#fail(err));
+        }
       } catch (err) {
         this.#fail(err);
       }
     });
   }
   /**
-   * Stop the runner early. Cleans up internal state.
-   * Note: does not unregister transport handlers (the transport interface
-   * does not currently expose unregister).
+   * Begin publishing the cohort advert immediately and on a repeating interval
+   * until {@link #stopAdvertRepeating} is called. Each advert is broadcast
+   * (no recipient) via the transport's `publishRepeating` primitive.
+   */
+  #startAdvertRepeat(advertMsgs) {
+    const stops = [];
+    for (const msg of advertMsgs) {
+      stops.push(this.#transport.publishRepeating(msg, this.#did, this.#advertRepeatIntervalMs));
+    }
+    this.#stopAdvertRepeat = () => {
+      for (const stop of stops) {
+        try {
+          stop();
+        } catch {
+        }
+      }
+    };
+  }
+  /** Stop the advert republish loop. Idempotent. */
+  #stopAdvertRepeating() {
+    if (!this.#stopAdvertRepeat) return;
+    const stop = this.#stopAdvertRepeat;
+    this.#stopAdvertRepeat = void 0;
+    stop();
+  }
+  /** Schedule cohort TTL + phase timeout at the start of a run. */
+  #startTimers() {
+    if (this.#cohortTtlMs !== void 0) {
+      this.#cohortTtlTimer = setTimeout(() => {
+        const reason = `Cohort ${this.#cohortId ?? ""} exceeded TTL of ${this.#cohortTtlMs}ms`;
+        this.emit("cohort-failed", { cohortId: this.#cohortId ?? "", reason });
+        this.#fail(new Error(reason));
+      }, this.#cohortTtlMs);
+    }
+    this.#resetPhaseTimer();
+  }
+  /** Reset the per-phase stall timer. Called when a phase transition is observed. */
+  #resetPhaseTimer() {
+    if (this.#phaseTimer) clearTimeout(this.#phaseTimer);
+    this.#phaseTimer = void 0;
+    if (this.#phaseTimeoutMs === void 0) return;
+    this.#phaseTimer = setTimeout(() => {
+      const reason = `Cohort ${this.#cohortId ?? ""} stalled in phase ${this.#lastObservedPhase ?? "?"} for ${this.#phaseTimeoutMs}ms`;
+      this.emit("cohort-failed", { cohortId: this.#cohortId ?? "", reason });
+      this.#fail(new Error(reason));
+    }, this.#phaseTimeoutMs);
+  }
+  /** Detect a phase change since the last observation and reset the phase timer. */
+  #onPhaseMaybeChanged() {
+    if (!this.#cohortId) return;
+    const phase = this.session.getCohortPhase(this.#cohortId);
+    if (phase !== this.#lastObservedPhase) {
+      this.#lastObservedPhase = phase;
+      this.#resetPhaseTimer();
+    }
+  }
+  /** Clear both timers. Called on successful completion, stop(), and #fail. */
+  #clearTimers() {
+    if (this.#cohortTtlTimer) clearTimeout(this.#cohortTtlTimer);
+    if (this.#phaseTimer) clearTimeout(this.#phaseTimer);
+    this.#cohortTtlTimer = void 0;
+    this.#phaseTimer = void 0;
+  }
+  /**
+   * Stop the runner early. Marks the runner stopped and detaches transport
+   * handlers so a restart or a new runner doesn't inherit stale dispatch.
    */
   stop() {
     this.#stopped = true;
-  }
+    this.#stopAdvertRepeating();
+    this.#clearTimers();
+    this.#unregisterHandlers();
+    if (this.#cohortId) this.session.removeCohort(this.#cohortId);
+  }
+  /** Message types this runner listens for on the transport. */
+  static #HANDLED_MESSAGE_TYPES = [
+    COHORT_OPT_IN,
+    SUBMIT_UPDATE,
+    VALIDATION_ACK,
+    NONCE_CONTRIBUTION,
+    SIGNATURE_AUTHORIZATION
+  ];
   /**
    * Internal: handler registration with the transport. Idempotent.
    */
@@ -1857,6 +3931,14 @@ var AggregationServiceRunner = class extends TypedEventEmitter {
     this.#transport.registerMessageHandler(this.#did, NONCE_CONTRIBUTION, this.#handleNonceContribution.bind(this));
     this.#transport.registerMessageHandler(this.#did, SIGNATURE_AUTHORIZATION, this.#handleSignatureAuthorization.bind(this));
   }
+  /** Internal: detach from the transport. Safe to call repeatedly. */
+  #unregisterHandlers() {
+    if (!this.#handlersRegistered) return;
+    this.#handlersRegistered = false;
+    for (const type of _AggregationServiceRunner.#HANDLED_MESSAGE_TYPES) {
+      this.#transport.unregisterMessageHandler(this.#did, type);
+    }
+  }
   /**
    * Internal: message handlers for each protocol step. Each handler:
    * 1) feeds the message into the state machine via session.receive()
@@ -1873,6 +3955,8 @@ var AggregationServiceRunner = class extends TypedEventEmitter {
     if (this.#stopped) return;
     try {
       this.session.receive(msg);
+      this.#drainRejections();
+      this.#onPhaseMaybeChanged();
       const optIn = this.session.pendingOptIns(this.#cohortId).get(msg.from);
       if (!optIn) return;
       this.emit("opt-in-received", optIn);
@@ -1884,19 +3968,23 @@ var AggregationServiceRunner = class extends TypedEventEmitter {
       await this.#sendAll(this.session.acceptParticipant(this.#cohortId, msg.from));
       this.emit("participant-accepted", { participantDid: msg.from });
       const cohort = this.session.getCohort(this.#cohortId);
-      if (cohort.participants.length >= this.#config.minParticipants) {
+      if (cohort.participants.length >= this.#config.minParticipants && !this.#finalizing) {
+        this.#finalizing = true;
         const finalizeDecision = await this.#onReadyToFinalize({
           acceptedCount: cohort.participants.length,
           minRequired: this.#config.minParticipants
         });
-        if (finalizeDecision.finalize) {
-          const readyMsgs = this.session.finalizeKeygen(this.#cohortId);
-          this.emit("keygen-complete", {
-            cohortId: this.#cohortId,
-            beaconAddress: cohort.beaconAddress
-          });
-          await this.#sendAll(readyMsgs);
+        if (!finalizeDecision.finalize) {
+          this.#finalizing = false;
+          return;
         }
+        const readyMsgs = this.session.finalizeKeygen(this.#cohortId);
+        this.#stopAdvertRepeating();
+        this.emit("keygen-complete", {
+          cohortId: this.#cohortId,
+          beaconAddress: cohort.beaconAddress
+        });
+        await this.#sendAll(readyMsgs);
       }
     } catch (err) {
       this.#fail(err);
@@ -1914,6 +4002,8 @@ var AggregationServiceRunner = class extends TypedEventEmitter {
     if (this.#stopped) return;
     try {
       this.session.receive(msg);
+      this.#drainRejections();
+      this.#onPhaseMaybeChanged();
       this.emit("update-received", { participantDid: msg.from });
       if (this.session.getCohortPhase(this.#cohortId) === "UpdatesCollected" /* UpdatesCollected */) {
         const distributeMsgs = this.session.buildAndDistribute(this.#cohortId);
@@ -1936,9 +4026,18 @@ var AggregationServiceRunner = class extends TypedEventEmitter {
     if (this.#stopped) return;
     try {
       this.session.receive(msg);
+      this.#drainRejections();
+      this.#onPhaseMaybeChanged();
       const approved = !!msg.body?.approved;
       this.emit("validation-received", { participantDid: msg.from, approved });
-      if (this.session.getCohortPhase(this.#cohortId) === "Validated" /* Validated */) {
+      const phase = this.session.getCohortPhase(this.#cohortId);
+      if (phase === "Failed" /* Failed */) {
+        const reason = `Validation rejected by participant ${msg.from}`;
+        this.emit("cohort-failed", { cohortId: this.#cohortId, reason });
+        this.#fail(new Error(reason));
+        return;
+      }
+      if (phase === "Validated" /* Validated */) {
         const cohort = this.session.getCohort(this.#cohortId);
         const txData = await this.#onProvideTxData({
           cohortId: this.#cohortId,
@@ -1966,6 +4065,8 @@ var AggregationServiceRunner = class extends TypedEventEmitter {
     if (this.#stopped) return;
     try {
       this.session.receive(msg);
+      this.#drainRejections();
+      this.#onPhaseMaybeChanged();
       this.emit("nonce-received", { participantDid: msg.from });
       if (this.session.getCohortPhase(this.#cohortId) === "NoncesCollected" /* NoncesCollected */) {
         await this.#sendAll(this.session.sendAggregatedNonce(this.#cohortId));
@@ -1986,8 +4087,12 @@ var AggregationServiceRunner = class extends TypedEventEmitter {
     if (this.#stopped) return;
     try {
       this.session.receive(msg);
+      this.#drainRejections();
+      this.#onPhaseMaybeChanged();
       const result = this.session.getResult(this.#cohortId);
       if (result) {
+        this.#clearTimers();
+        this.#unregisterHandlers();
         this.emit("signing-complete", result);
         this.#resolveRun?.(result);
       }
@@ -2012,6 +4117,10 @@ var AggregationServiceRunner = class extends TypedEventEmitter {
    * @param {Error} err - The error to handle.
    */
   #fail(err) {
+    this.#stopAdvertRepeating();
+    this.#clearTimers();
+    this.#unregisterHandlers();
+    if (this.#cohortId) this.session.removeCohort(this.#cohortId);
     this.emit("error", err);
     this.#rejectRun?.(err);
   }
@@ -2046,9 +4155,27 @@ var AggregationParticipantRunner = class _AggregationParticipantRunner extends T
   async start() {
     this.#registerHandlers();
   }
-  /** Stop the runner. Does not unregister transport handlers. */
+  /** Stop the runner and detach transport handlers. Safe to call repeatedly. */
   stop() {
     this.#stopped = true;
+    this.#unregisterHandlers();
+  }
+  /** Message types this runner listens for on the transport. */
+  static #HANDLED_MESSAGE_TYPES = [
+    COHORT_ADVERT,
+    COHORT_OPT_IN_ACCEPT,
+    COHORT_READY,
+    DISTRIBUTE_AGGREGATED_DATA,
+    AUTHORIZATION_REQUEST,
+    AGGREGATED_NONCE
+  ];
+  /** Internal: detach from the transport. Safe to call repeatedly. */
+  #unregisterHandlers() {
+    if (!this.#handlersRegistered) return;
+    this.#handlersRegistered = false;
+    for (const type of _AggregationParticipantRunner.#HANDLED_MESSAGE_TYPES) {
+      this.#transport.unregisterMessageHandler(this.#did, type);
+    }
   }
   /**
    * Single-shot helper: start, join the first cohort that passes `shouldJoin`,
@@ -2213,7 +4340,14 @@ var AggregationParticipantRunner = class _AggregationParticipantRunner extends T
       if (this.session.getCohortPhase(cohortId) === "Complete" /* Complete */) {
         const info = this.session.joinedCohorts.get(cohortId);
         if (info) {
-          this.emit("cohort-complete", { cohortId, beaconAddress: info.beaconAddress });
+          const validation = this.session.pendingValidations.get(cohortId);
+          this.emit("cohort-complete", {
+            cohortId,
+            beaconAddress: info.beaconAddress,
+            beaconType: validation?.beaconType ?? "",
+            casAnnouncement: validation?.casAnnouncement,
+            smtProof: validation?.smtProof
+          });
         }
       }
     } catch (err) {
@@ -2235,33 +4369,32 @@ var AggregationParticipantRunner = class _AggregationParticipantRunner extends T
 };
 
 // src/core/beacon/beacon.ts
-var import_keypair2 = require("@did-btcr2/keypair");
-var import_utils5 = require("@noble/hashes/utils");
-var import_bitcoinjs_lib4 = require("bitcoinjs-lib");
+var import_utils7 = require("@noble/hashes/utils.js");
+var import_btc_signer4 = require("@scure/btc-signer");
 
 // src/core/beacon/error.ts
-var import_common7 = require("@did-btcr2/common");
-var BeaconError = class extends import_common7.MethodError {
+var import_common12 = require("@did-btcr2/common");
+var BeaconError = class extends import_common12.MethodError {
   constructor(message, type = "BeaconError", data) {
     super(message, type, data);
   }
 };
-var SingletonBeaconError = class extends import_common7.MethodError {
+var SingletonBeaconError = class extends import_common12.MethodError {
   constructor(message, type = "SingletonBeaconError", data) {
     super(message, type, data);
   }
 };
-var AggregateBeaconError = class extends import_common7.MethodError {
+var AggregateBeaconError = class extends import_common12.MethodError {
   constructor(message, type = "AggregateBeaconError", data) {
     super(message, type, data);
   }
 };
-var CASBeaconError = class extends import_common7.MethodError {
+var CASBeaconError = class extends import_common12.MethodError {
   constructor(message, type = "CASBeaconError", data) {
     super(message, type, data);
   }
 };
-var SMTBeaconError = class extends import_common7.MethodError {
+var SMTBeaconError = class extends import_common12.MethodError {
   constructor(message, type = "SMTBeaconError", data) {
     super(message, type, data);
   }
@@ -2289,6 +4422,121 @@ var StaticFeeEstimator = class {
 
 // src/core/beacon/beacon.ts
 var DEFAULT_FEE_ESTIMATOR = new StaticFeeEstimator(5);
+var P2TR_BEACON_TX_VSIZE = 160;
+var P2WPKH_BEACON_TX_VSIZE = 155;
+var P2PKH_BEACON_TX_VSIZE = 240;
+var SINGLETON_BEACON_TX_VSIZE = {
+  p2pkh: P2PKH_BEACON_TX_VSIZE,
+  p2wpkh: P2WPKH_BEACON_TX_VSIZE,
+  p2tr: P2TR_BEACON_TX_VSIZE
+};
+function detectSingletonScriptKind(bitcoinAddress, network) {
+  const decoded = (0, import_btc_signer4.Address)(network).decode(bitcoinAddress);
+  if (decoded.type === "pkh") return "p2pkh";
+  if (decoded.type === "wpkh") return "p2wpkh";
+  if (decoded.type === "tr") return "p2tr";
+  throw new BeaconError(
+    `Unsupported singleton beacon address type "${decoded.type}". Expected P2PKH, P2WPKH, or P2TR (taproot key-path).`,
+    "UNSUPPORTED_BEACON_ADDRESS_TYPE",
+    { address: bitcoinAddress, kind: decoded.type }
+  );
+}
+function deriveSingletonAddress(kind, pubkey, network) {
+  if (kind === "p2pkh") return (0, import_btc_signer4.p2pkh)(pubkey, network).address;
+  if (kind === "p2wpkh") return (0, import_btc_signer4.p2wpkh)(pubkey, network).address;
+  return (0, import_btc_signer4.p2tr)(pubkey.slice(1, 33), void 0, network).address;
+}
+function opReturnScript(signalBytes) {
+  return import_btc_signer4.Script.encode(["RETURN", signalBytes]);
+}
+async function fetchSpendableUtxo(bitcoinAddress, bitcoin) {
+  const utxos = await bitcoin.rest.address.getUtxos(bitcoinAddress);
+  if (!utxos.length) {
+    throw new BeaconError(
+      "No UTXOs found, please fund address!",
+      "UNFUNDED_BEACON_ADDRESS",
+      { address: bitcoinAddress }
+    );
+  }
+  const utxo = utxos.sort((a, b) => b.status.block_height - a.status.block_height).shift();
+  if (!utxo) {
+    throw new BeaconError(
+      "Beacon bitcoin address unfunded or utxos unconfirmed.",
+      "UNFUNDED_BEACON_ADDRESS",
+      { address: bitcoinAddress }
+    );
+  }
+  const prevTxHex = await bitcoin.rest.transaction.getHex(utxo.txid);
+  return { utxo, prevTxBytes: (0, import_utils7.hexToBytes)(prevTxHex) };
+}
+async function buildAggregationBeaconTx(opts) {
+  const feeEstimator = opts.feeEstimator ?? DEFAULT_FEE_ESTIMATOR;
+  const { utxo, prevTxBytes } = await fetchSpendableUtxo(opts.beaconAddress, opts.bitcoin);
+  const tapOut = (0, import_btc_signer4.p2tr)(opts.internalPubkey, void 0, opts.network);
+  const witnessScript = tapOut.script;
+  const feeSats = await feeEstimator.estimateFee(P2TR_BEACON_TX_VSIZE);
+  if (BigInt(utxo.value) <= feeSats) {
+    throw new BeaconError(
+      `UTXO value (${utxo.value}) insufficient to cover fee (${feeSats}).`,
+      "INSUFFICIENT_FUNDS",
+      { address: opts.beaconAddress, valueSats: utxo.value, feeSats }
+    );
+  }
+  const tx = new import_btc_signer4.Transaction({ allowUnknownOutputs: true });
+  tx.addInput({
+    txid: utxo.txid,
+    index: utxo.vout,
+    nonWitnessUtxo: prevTxBytes,
+    witnessUtxo: { amount: BigInt(utxo.value), script: witnessScript },
+    tapInternalKey: opts.internalPubkey
+  });
+  tx.addOutputAddress(opts.beaconAddress, BigInt(utxo.value) - feeSats, opts.network);
+  tx.addOutput({ script: opReturnScript(opts.signalBytes), amount: 0n });
+  return {
+    tx,
+    prevOutScripts: [witnessScript],
+    prevOutValues: [BigInt(utxo.value)],
+    beaconAddress: opts.beaconAddress,
+    utxo,
+    feeSats,
+    scriptKind: "p2tr"
+  };
+}
+async function signSingletonInput(tx, inputIdx, kind, signer, prevOutScript, amount) {
+  const pubkey = signer.publicKey;
+  if (kind === "p2pkh") {
+    const sighashType = import_btc_signer4.SigHash.ALL;
+    const sighash2 = tx.preimageLegacy(inputIdx, prevOutScript, sighashType);
+    const sig2 = signer.sign(sighash2, "ecdsa");
+    const sigWithType = (0, import_utils7.concatBytes)(sig2, new Uint8Array([sighashType]));
+    tx.updateInput(inputIdx, { partialSig: [[pubkey, sigWithType]] }, true);
+    tx.finalize();
+    return tx.hex;
+  }
+  if (kind === "p2wpkh") {
+    const decoded = import_btc_signer4.OutScript.decode(prevOutScript);
+    if (decoded.type !== "wpkh") {
+      throw new BeaconError(
+        `Expected P2WPKH prev-output script, got "${decoded.type}".`,
+        "PREVOUT_SCRIPT_MISMATCH",
+        { kind, observedScriptType: decoded.type }
+      );
+    }
+    const sighashScript = import_btc_signer4.OutScript.encode({ type: "pkh", hash: decoded.hash });
+    const sighashType = import_btc_signer4.SigHash.ALL;
+    const sighash2 = tx.preimageWitnessV0(inputIdx, sighashScript, sighashType, amount);
+    const sig2 = signer.sign(sighash2, "ecdsa");
+    const sigWithType = (0, import_utils7.concatBytes)(sig2, new Uint8Array([sighashType]));
+    tx.updateInput(inputIdx, { partialSig: [[pubkey, sigWithType]] }, true);
+    tx.finalize();
+    return tx.hex;
+  }
+  const sighash = tx.preimageWitnessV1(inputIdx, [prevOutScript], import_btc_signer4.SigHash.DEFAULT, [amount]);
+  const sig = signer.sign(sighash, "bip341");
+  tx.updateInput(inputIdx, { tapKeySig: sig });
+  tx.finalize();
+  return tx.hex;
+}
 var Beacon = class {
   /**
    * The Beacon service configuration parsed from the DID Document.
@@ -2298,79 +4546,134 @@ var Beacon = class {
     this.service = service;
   }
   /**
-   * Shared PSBT construction + signing + broadcast helper used by all beacon types.
-   *
-   * Steps:
-   * 1. Parse the beacon's `serviceEndpoint` (stripping `bitcoin:` prefix) into a Bitcoin address.
-   * 2. Query the address for unconfirmed/confirmed UTXOs.
-   * 3. Select the most recent confirmed UTXO.
-   * 4. Fetch the previous transaction hex for `nonWitnessUtxo`.
-   * 5. Build a PSBT: input (UTXO) → change output + OP_RETURN(signalBytes).
-   * 6. Compute the fee via the supplied (or default) {@link FeeEstimator} against the tx vsize.
-   * 7. Sign input 0 with an ECDSA signer derived from `secretKey`.
-   * 8. Finalize, extract, and broadcast via the REST transaction endpoint.
+   * Build + sign + broadcast a singleton beacon signal transaction. The beacon
+   * address's script kind (P2PKH / P2WPKH / P2TR) is detected automatically
+   * and the input is constructed and signed accordingly.
    *
-   * Fee handling: the PSBT is constructed with a placeholder change amount, signed to measure
-   * vsize, then the change is adjusted to pay the actual fee and the input re-signed. This
-   * two-pass approach avoids hardcoded fee constants and produces a tx that matches the
-   * estimator's rate.
+   * Composed from the three extracted phases ({@link buildSinglePartyTx},
+   * {@link signSinglePartyTx}, {@link broadcastRawTx}) so each piece can be exercised
+   * in isolation. Aggregation beacons use {@link buildAggregationBeaconTx} instead —
+   * the multi-party path can't share the signing phase, but the tx-construction
+   * plumbing (UTXO fetch + OP_RETURN output + change output) is shared.
    *
    * @param signalBytes 32-byte payload to embed in OP_RETURN.
-   * @param secretKey Secret key used to sign the spending input.
+   * @param signer Signer used to sign the spending input.
    * @param bitcoin Bitcoin network connection.
    * @param options Broadcast options (fee estimator, etc.).
    * @returns The txid of the broadcast transaction.
-   * @throws {BeaconError} if the address is unfunded or no UTXO is available.
+   * @throws {BeaconError} if the address is unfunded, no UTXO is available, or fee exceeds value.
    */
-  async buildSignAndBroadcast(signalBytes, secretKey, bitcoin, options) {
+  async buildSignAndBroadcast(signalBytes, signer, bitcoin, options) {
     const feeEstimator = options?.feeEstimator ?? DEFAULT_FEE_ESTIMATOR;
-    const bitcoinAddress = this.service.serviceEndpoint.replace("bitcoin:", "");
-    const utxos = await bitcoin.rest.address.getUtxos(bitcoinAddress);
-    if (!utxos.length) {
-      throw new BeaconError(
-        "No UTXOs found, please fund address!",
-        "UNFUNDED_BEACON_ADDRESS",
-        { bitcoinAddress }
-      );
-    }
-    const utxo = utxos.sort(
-      (a, b) => b.status.block_height - a.status.block_height
-    ).shift();
-    if (!utxo) {
+    const beaconAddress = this.service.serviceEndpoint.replace("bitcoin:", "");
+    const { utxo, prevTxBytes } = await fetchSpendableUtxo(beaconAddress, bitcoin);
+    const plan = await this.buildSinglePartyTx({
+      signalBytes,
+      beaconAddress,
+      utxo,
+      prevTxBytes,
+      signer,
+      bitcoin,
+      feeEstimator
+    });
+    const signedHex = await this.signSinglePartyTx(plan, signer);
+    return this.broadcastRawTx(bitcoin, signedHex);
+  }
+  /**
+   * Build an unsigned singleton beacon tx ready for {@link signSinglePartyTx}.
+   *
+   * Detects the beacon address script kind (P2PKH / P2WPKH / P2TR) and configures
+   * the input accordingly. Validates that the signer's pubkey produces the beacon
+   * address under that script kind — without this check, a misconfigured caller
+   * would burn a real UTXO on a tx that fails at broadcast. Fees are computed from
+   * the per-kind {@link SINGLETON_BEACON_TX_VSIZE} constant, avoiding any probe-sign
+   * round-trip.
+   */
+  async buildSinglePartyTx(opts) {
+    const network = opts.bitcoin.data;
+    const pubkey = opts.signer.publicKey;
+    const kind = detectSingletonScriptKind(opts.beaconAddress, network);
+    const derivedAddress = deriveSingletonAddress(kind, pubkey, network);
+    if (derivedAddress !== opts.beaconAddress) {
       throw new BeaconError(
-        "Beacon bitcoin address unfunded or utxos unconfirmed.",
-        "UNFUNDED_BEACON_ADDRESS",
-        { bitcoinAddress }
+        `Signer pubkey produces ${kind.toUpperCase()} address "${derivedAddress}", but beacon address is "${opts.beaconAddress}".`,
+        "SIGNER_KEY_MISMATCH",
+        { kind, address: opts.beaconAddress, derivedAddress }
       );
     }
-    const prevTx = await bitcoin.rest.transaction.getHex(utxo.txid);
-    const keyPair = import_keypair2.SchnorrKeyPair.fromSecret(secretKey);
-    const signer = {
-      publicKey: keyPair.publicKey.compressed,
-      sign: (hash5) => keyPair.secretKey.sign(hash5, { scheme: "ecdsa" })
-    };
-    const build = (fee2) => new import_bitcoinjs_lib4.Psbt({ network: bitcoin.data }).addInput({
-      hash: utxo.txid,
-      index: utxo.vout,
-      nonWitnessUtxo: (0, import_utils5.hexToBytes)(prevTx)
-    }).addOutput({ address: bitcoinAddress, value: BigInt(utxo.value) - fee2 }).addOutput({ script: import_bitcoinjs_lib4.script.compile([import_bitcoinjs_lib4.opcodes.OP_RETURN, signalBytes]), value: 0n });
-    const probeTx = build(0n).signInput(0, signer).finalizeAllInputs().extractTransaction();
-    const vsize = probeTx.virtualSize();
-    const fee = await feeEstimator.estimateFee(vsize);
-    if (BigInt(utxo.value) <= fee) {
+    const feeSats = await opts.feeEstimator.estimateFee(SINGLETON_BEACON_TX_VSIZE[kind]);
+    const amount = BigInt(opts.utxo.value);
+    if (amount <= feeSats) {
       throw new BeaconError(
-        `UTXO value (${utxo.value}) insufficient to cover fee (${fee}).`,
+        `UTXO value (${opts.utxo.value}) insufficient to cover fee (${feeSats}).`,
         "INSUFFICIENT_FUNDS",
-        { bitcoinAddress, utxoValue: utxo.value, fee: fee.toString() }
+        { address: opts.beaconAddress, valueSats: opts.utxo.value, feeSats }
       );
     }
-    const signedTxHex = build(fee).signInput(0, signer).finalizeAllInputs().extractTransaction().toHex();
-    return bitcoin.rest.transaction.send(signedTxHex);
+    const tx = new import_btc_signer4.Transaction({ allowUnknownOutputs: true });
+    let prevOutScript;
+    if (kind === "p2pkh") {
+      prevOutScript = (0, import_btc_signer4.p2pkh)(pubkey, network).script;
+      tx.addInput({
+        txid: opts.utxo.txid,
+        index: opts.utxo.vout,
+        nonWitnessUtxo: opts.prevTxBytes
+      });
+    } else if (kind === "p2wpkh") {
+      prevOutScript = (0, import_btc_signer4.p2wpkh)(pubkey, network).script;
+      tx.addInput({
+        txid: opts.utxo.txid,
+        index: opts.utxo.vout,
+        nonWitnessUtxo: opts.prevTxBytes,
+        witnessUtxo: { amount, script: prevOutScript }
+      });
+    } else {
+      const internalKey = pubkey.slice(1, 33);
+      prevOutScript = (0, import_btc_signer4.p2tr)(internalKey, void 0, network).script;
+      tx.addInput({
+        txid: opts.utxo.txid,
+        index: opts.utxo.vout,
+        nonWitnessUtxo: opts.prevTxBytes,
+        witnessUtxo: { amount, script: prevOutScript },
+        tapInternalKey: internalKey
+      });
+    }
+    tx.addOutputAddress(opts.beaconAddress, amount - feeSats, network);
+    tx.addOutput({ script: opReturnScript(opts.signalBytes), amount: 0n });
+    return {
+      tx,
+      prevOutScripts: [prevOutScript],
+      prevOutValues: [amount],
+      beaconAddress: opts.beaconAddress,
+      utxo: opts.utxo,
+      feeSats,
+      scriptKind: kind
+    };
+  }
+  /**
+   * Sign + finalize the unsigned single-party tx and return its raw hex.
+   * Dispatches to the correct signing primitive based on `plan.scriptKind`.
+   */
+  async signSinglePartyTx(plan, signer) {
+    return signSingletonInput(
+      plan.tx,
+      0,
+      plan.scriptKind,
+      signer,
+      plan.prevOutScripts[0],
+      plan.prevOutValues[0]
+    );
+  }
+  /**
+   * Broadcast raw transaction hex via the Bitcoin REST endpoint. Returns the txid.
+   */
+  async broadcastRawTx(bitcoin, rawHex) {
+    return bitcoin.rest.transaction.send(rawHex);
   }
 };
 
 // src/core/beacon/cas-beacon.ts
-var import_common8 = require("@did-btcr2/common");
+var import_common13 = require("@did-btcr2/common");
 var CASBeacon = class extends Beacon {
   /**
    * Creates an instance of CASBeacon.
@@ -2411,7 +4714,7 @@ var CASBeacon = class extends Beacon {
       if (!updateHashEncoded) {
         continue;
       }
-      const updateHash = (0, import_common8.encode)((0, import_common8.decode)(updateHashEncoded, "base64urlnopad"), "hex");
+      const updateHash = (0, import_common13.encode)((0, import_common13.decode)(updateHashEncoded, "base64urlnopad"), "hex");
       const signedUpdate = sidecar.updateMap.get(updateHash);
       if (!signedUpdate) {
         needs.push({
@@ -2434,19 +4737,19 @@ var CASBeacon = class extends Beacon {
    * and broadcast are delegated to {@link Beacon.buildSignAndBroadcast}.
    *
    * @param {SignedBTCR2Update} signedUpdate The signed BTCR2 update to broadcast.
-   * @param {KeyBytes} secretKey The secret key for signing the Bitcoin transaction.
+   * @param {Signer} signer Signer that produces the ECDSA signature for the Bitcoin transaction.
    * @param {BitcoinConnection} bitcoin The Bitcoin network connection.
    * @param {CASBroadcastOptions} [options] Optional broadcast configuration, including a
    *   `casPublish` callback to publish the announcement off-chain and a `feeEstimator`.
    * @returns {Promise<SignedBTCR2Update>} The signed update that was broadcast.
    * @throws {BeaconError} if the bitcoin address is invalid, unfunded, or UTXO cannot cover the fee.
    */
-  async broadcastSignal(signedUpdate, secretKey, bitcoin, options) {
+  async broadcastSignal(signedUpdate, signer, bitcoin, options) {
     const did = this.service.id.split("#")[0];
-    const updateHash = (0, import_common8.canonicalHash)(signedUpdate);
+    const updateHash = (0, import_common13.canonicalHash)(signedUpdate);
     const casAnnouncement = { [did]: updateHash };
-    const announcementHash = (0, import_common8.hash)((0, import_common8.canonicalize)(casAnnouncement));
-    await this.buildSignAndBroadcast(announcementHash, secretKey, bitcoin, options);
+    const announcementHash = (0, import_common13.hash)((0, import_common13.canonicalize)(casAnnouncement));
+    await this.buildSignAndBroadcast(announcementHash, signer, bitcoin, options);
     if (options?.casPublish) {
       await options.casPublish(casAnnouncement);
     }
@@ -2455,10 +4758,10 @@ var CASBeacon = class extends Beacon {
 };
 
 // src/core/beacon/factory.ts
-var import_common11 = require("@did-btcr2/common");
+var import_common16 = require("@did-btcr2/common");
 
 // src/core/beacon/singleton-beacon.ts
-var import_common9 = require("@did-btcr2/common");
+var import_common14 = require("@did-btcr2/common");
 var SingletonBeacon = class extends Beacon {
   /**
    * Creates an instance of SingletonBeacon.
@@ -2499,23 +4802,23 @@ var SingletonBeacon = class extends Beacon {
    * {@link Beacon.buildSignAndBroadcast}.
    *
    * @param {SignedBTCR2Update} signedUpdate The signed BTCR2 update to broadcast.
-   * @param {KeyBytes} secretKey The secret key for signing the Bitcoin transaction.
+   * @param {Signer} signer Signer that produces the ECDSA signature for the Bitcoin transaction.
    * @param {BitcoinConnection} bitcoin The Bitcoin network connection.
    * @param {BroadcastOptions} [options] Optional broadcast configuration (e.g. fee estimator).
    * @returns {Promise<SignedBTCR2Update>} The signed update that was broadcast.
    * @throws {BeaconError} if the bitcoin address is invalid, unfunded, or UTXO cannot cover the fee.
    */
-  async broadcastSignal(signedUpdate, secretKey, bitcoin, options) {
-    const signalBytes = (0, import_common9.hash)((0, import_common9.canonicalize)(signedUpdate));
-    await this.buildSignAndBroadcast(signalBytes, secretKey, bitcoin, options);
+  async broadcastSignal(signedUpdate, signer, bitcoin, options) {
+    const signalBytes = (0, import_common14.hash)((0, import_common14.canonicalize)(signedUpdate));
+    await this.buildSignAndBroadcast(signalBytes, signer, bitcoin, options);
     return signedUpdate;
   }
 };
 
 // src/core/beacon/smt-beacon.ts
-var import_common10 = require("@did-btcr2/common");
+var import_common15 = require("@did-btcr2/common");
 var import_smt3 = require("@did-btcr2/smt");
-var import_utils6 = require("@noble/hashes/utils");
+var import_utils8 = require("@noble/hashes/utils");
 var SMTBeacon = class extends Beacon {
   /**
    * Creates an instance of SMTBeacon.
@@ -2593,20 +4896,20 @@ var SMTBeacon = class extends Beacon {
    * signing, and broadcast are delegated to {@link Beacon.buildSignAndBroadcast}.
    *
    * @param {SignedBTCR2Update} signedUpdate The signed BTCR2 update to broadcast.
-   * @param {KeyBytes} secretKey The secret key for signing the Bitcoin transaction.
+   * @param {Signer} signer Signer that produces the ECDSA signature for the Bitcoin transaction.
    * @param {BitcoinConnection} bitcoin The Bitcoin network connection.
    * @param {BroadcastOptions} [options] Optional broadcast configuration (e.g. fee estimator).
    * @return {Promise<SignedBTCR2Update>} The signed update that was broadcast.
    * @throws {BeaconError} if the bitcoin address is invalid, unfunded, or UTXO cannot cover the fee.
    */
-  async broadcastSignal(signedUpdate, secretKey, bitcoin, options) {
+  async broadcastSignal(signedUpdate, signer, bitcoin, options) {
     const did = this.service.id.split("#")[0];
-    const canonicalBytes = new TextEncoder().encode((0, import_common10.canonicalize)(signedUpdate));
-    const nonce = (0, import_utils6.randomBytes)(32);
+    const canonicalBytes = new TextEncoder().encode((0, import_common15.canonicalize)(signedUpdate));
+    const nonce = (0, import_utils8.randomBytes)(32);
     const tree = new import_smt3.BTCR2MerkleTree();
     tree.addEntries([{ did, nonce, signedUpdate: canonicalBytes }]);
     tree.finalize();
-    await this.buildSignAndBroadcast(tree.rootHash, secretKey, bitcoin, options);
+    await this.buildSignAndBroadcast(tree.rootHash, signer, bitcoin, options);
     return signedUpdate;
   }
 };
@@ -2627,19 +4930,19 @@ var BeaconFactory = class {
       case "SMTBeacon":
         return new SMTBeacon(service);
       default:
-        throw new import_common11.MethodError("Invalid Beacon Type", "INVALID_BEACON_ERROR", service);
+        throw new import_common16.MethodError("Invalid Beacon Type", "INVALID_BEACON_ERROR", service);
     }
   }
 };
 
 // src/core/beacon/signal-discovery.ts
 var import_bitcoin2 = require("@did-btcr2/bitcoin");
-var import_common14 = require("@did-btcr2/common");
+var import_common18 = require("@did-btcr2/common");
 
 // src/core/beacon/utils.ts
 var import_bitcoin = require("@did-btcr2/bitcoin");
-var import_common13 = require("@did-btcr2/common");
-var import_bitcoinjs_lib5 = require("bitcoinjs-lib");
+var import_common17 = require("@did-btcr2/common");
+var import_btc_signer5 = require("@scure/btc-signer");
 
 // src/utils/appendix.ts
 var import_dids = require("@web5/dids");
@@ -3679,198 +5982,6 @@ var Appendix = class _Appendix {
   }
 };
 
-// src/core/identifier.ts
-var import_common12 = require("@did-btcr2/common");
-var import_keypair3 = require("@did-btcr2/keypair");
-var import_base5 = require("@scure/base");
-var Identifier = class _Identifier {
-  /**
-   * Implements {@link https://dcdpr.github.io/did-btcr2/#didbtcr2-identifier-encoding | 3.2 did:btcr2 Identifier Encoding}.
-   *
-   * A did:btcr2 DID consists of a did:btcr2 prefix, followed by an id-bech32 value, which is a Bech32m encoding of:
-   *  - the specification version;
-   *  - the Bitcoin network identifier; and
-   *  - either:
-   *    - a key-value representing a secp256k1 public key; or
-   *    - a hash-value representing the hash of an initiating external DID document.
-   *
-   * @param {KeyBytes | DocumentBytes} genesisBytes The genesis bytes (public key or document bytes).
-   * @param {DidCreateOptions} options The DID creation options.
-   * @returns {string} The new did:btcr2 identifier.
-   */
-  static encode(genesisBytes, options) {
-    const { idType, version = 1, network } = options;
-    if (!(idType in import_common12.IdentifierTypes)) {
-      throw new import_common12.IdentifierError('Expected "idType" to be "KEY" or "EXTERNAL"', import_common12.INVALID_DID, { idType });
-    }
-    if (isNaN(version) || version > 1) {
-      throw new import_common12.IdentifierError('Expected "version" to be 1', import_common12.INVALID_DID, { version });
-    }
-    if (typeof network === "string" && !(network in import_common12.BitcoinNetworkNames)) {
-      throw new import_common12.IdentifierError('Invalid "network" name', import_common12.INVALID_DID, { network });
-    }
-    if (typeof network === "number" && (network < 0 || network > 8)) {
-      throw new import_common12.IdentifierError('Invalid "network" number', import_common12.INVALID_DID, { network });
-    }
-    if (idType === "KEY") {
-      try {
-        new import_keypair3.CompressedSecp256k1PublicKey(genesisBytes);
-      } catch {
-        throw new import_common12.IdentifierError(
-          'Expected "genesisBytes" to be a valid compressed secp256k1 public key',
-          import_common12.INVALID_DID,
-          { genesisBytes }
-        );
-      }
-    }
-    const hrp = idType === "KEY" ? "k" : "x";
-    const nibbles = [];
-    const fCount = Math.floor((version - 1) / 15);
-    for (let i = 0; i < fCount; i++) {
-      nibbles.push(15);
-    }
-    nibbles.push((version - 1) % 15);
-    if (typeof network === "string") {
-      nibbles.push(import_common12.BitcoinNetworkNames[network]);
-    } else if (typeof network === "number") {
-      nibbles.push(network + 11);
-    }
-    if (nibbles.length % 2 !== 0) {
-      nibbles.push(0);
-    }
-    if (fCount !== 0) {
-      for (const index in Array.from({ length: nibbles.length / 2 - 1 })) {
-        throw new import_common12.IdentifierError("Not implemented", "NOT_IMPLEMENTED", { index });
-      }
-    }
-    const dataBytes = new Uint8Array([nibbles[2 * 0] << 4 | nibbles[2 * 0 + 1], ...genesisBytes]);
-    return `did:btcr2:${import_base5.bech32m.encodeFromBytes(hrp, dataBytes)}`;
-  }
-  /**
-   * Implements {@link https://dcdpr.github.io/did-btcr2/#didbtcr2-identifier-decoding | 3.3 did:btcr2 Identifier Decoding}.
-   * @param {string} identifier The BTCR2 DID to be parsed
-   * @returns {DidComponents} The parsed identifier components. See {@link DidComponents} for details.
-   * @throws {DidError} if an error occurs while parsing the identifier
-   * @throws {DidErrorCode.InvalidDid} if identifier is invalid
-   * @throws {DidErrorCode.MethodNotSupported} if the method is not supported
-   */
-  static decode(identifier) {
-    const components = identifier.split(":");
-    if (components.length !== 3) {
-      throw new import_common12.IdentifierError(`Invalid did: ${identifier}`, import_common12.INVALID_DID, { identifier });
-    }
-    const [scheme, method, encoded] = components;
-    if (scheme !== "did") {
-      throw new import_common12.IdentifierError(`Invalid did: ${identifier}`, import_common12.INVALID_DID, { identifier });
-    }
-    if (method !== "btcr2") {
-      throw new import_common12.IdentifierError(`Invalid did method: ${method}`, import_common12.METHOD_NOT_SUPPORTED, { identifier });
-    }
-    if (!encoded) {
-      throw new import_common12.IdentifierError(`Invalid method-specific id: ${identifier}`, import_common12.INVALID_DID, { identifier });
-    }
-    const { prefix: hrp, bytes: dataBytes } = import_base5.bech32m.decodeToBytes(encoded);
-    if (!["x", "k"].includes(hrp)) {
-      throw new import_common12.IdentifierError(`Invalid hrp: ${hrp}`, import_common12.INVALID_DID, { identifier });
-    }
-    if (!dataBytes) {
-      throw new import_common12.IdentifierError(`Failed to decode id: ${encoded}`, import_common12.INVALID_DID, { identifier });
-    }
-    const idType = hrp === "k" ? "KEY" : "EXTERNAL";
-    let version = 1;
-    let byteIndex = 0;
-    let nibblesConsumed = 0;
-    let currentByte = dataBytes[byteIndex];
-    let versionNibble = currentByte >>> 4;
-    while (versionNibble === 15) {
-      version += 15;
-      if (nibblesConsumed % 2 === 0) {
-        versionNibble = currentByte & 15;
-      } else {
-        currentByte = dataBytes[++byteIndex];
-        versionNibble = currentByte >>> 4;
-      }
-      nibblesConsumed += 1;
-      if (version > 1) {
-        throw new import_common12.IdentifierError(`Invalid version: ${version}`, import_common12.INVALID_DID, { identifier });
-      }
-    }
-    version += versionNibble;
-    nibblesConsumed += 1;
-    let networkValue = nibblesConsumed % 2 === 0 ? dataBytes[++byteIndex] >>> 4 : currentByte & 15;
-    nibblesConsumed += 1;
-    let network = import_common12.BitcoinNetworkNames[networkValue];
-    if (!network) {
-      if (networkValue >= 8 && networkValue <= 15) {
-        network = networkValue - 11;
-      } else {
-        throw new import_common12.IdentifierError(`Invalid did: ${identifier}`, import_common12.INVALID_DID, { identifier });
-      }
-    }
-    if (nibblesConsumed % 2 === 1) {
-      const fillerNibble = currentByte & 15;
-      if (fillerNibble !== 0) {
-        throw new import_common12.IdentifierError(`Invalid did: ${identifier}`, import_common12.INVALID_DID, { identifier });
-      }
-    }
-    const genesisBytes = dataBytes.slice(byteIndex + 1);
-    if (idType === "KEY") {
-      try {
-        new import_keypair3.CompressedSecp256k1PublicKey(genesisBytes);
-      } catch {
-        throw new import_common12.IdentifierError(`Invalid genesisBytes: ${genesisBytes}`, import_common12.INVALID_DID, { identifier });
-      }
-    }
-    return { idType, hrp, version, network, genesisBytes };
-  }
-  /**
-   * Generates a new did:btcr2 identifier based on a newly generated key pair.
-   * @returns {string} The new did:btcr2 identifier.
-   */
-  static generate() {
-    const keyPair = import_keypair3.SchnorrKeyPair.generate();
-    const did = this.encode(
-      keyPair.publicKey.compressed,
-      {
-        idType: "KEY",
-        version: 1,
-        network: "regtest"
-      }
-    );
-    return { keyPair: keyPair.exportJSON(), did };
-  }
-  /**
-   * Extracts the compressed secp256k1 public key from a KEY-type did:btcr2 identifier.
-   * @param {string} did The did:btcr2 identifier to extract the public key from.
-   * @returns {CompressedSecp256k1PublicKey} The compressed public key.
-   * @throws {IdentifierError} If the DID is EXTERNAL type (genesis bytes are a hash, not a pubkey).
-   */
-  static getPublicKey(did) {
-    const { idType, genesisBytes } = _Identifier.decode(did);
-    if (idType !== "KEY") {
-      throw new import_common12.IdentifierError(
-        `Cannot extract public key from EXTERNAL DID: ${did}. EXTERNAL DIDs encode a document hash, not a public key.`,
-        import_common12.INVALID_DID,
-        { did, idType }
-      );
-    }
-    return new import_keypair3.CompressedSecp256k1PublicKey(genesisBytes);
-  }
-  /**
-   * Validates a did:btcr2 identifier.
-   * @param {string} identifier The did:btcr2 identifier to validate.
-   * @returns {boolean} True if the identifier is valid, false otherwise.
-   */
-  static isValid(identifier) {
-    try {
-      this.decode(identifier);
-      return true;
-    } catch {
-      return false;
-    }
-  }
-};
-
 // src/core/beacon/utils.ts
 var BeaconUtils = class {
   /**
@@ -3881,7 +5992,7 @@ var BeaconUtils = class {
    */
   static parseBitcoinAddress(uri) {
     if (!uri.startsWith("bitcoin:")) {
-      throw new import_common13.MethodError("Invalid Bitcoin URI format", "BEACON_SERVICE_ERROR", { uri });
+      throw new import_common17.MethodError("Invalid Bitcoin URI format", "BEACON_SERVICE_ERROR", { uri });
     }
     return uri.replace("bitcoin:", "").split("?")[0];
   }
@@ -3939,7 +6050,8 @@ var BeaconUtils = class {
       const network = (0, import_bitcoin.getNetwork)(components.network);
       const pubkey = components.genesisBytes;
       const id = `${did}#initial${addressType.toUpperCase()}`;
-      const serviceEndpoint = `bitcoin:${import_bitcoinjs_lib5.payments[addressType]({ pubkey, network }).address}`;
+      const address = addressType === "p2tr" ? (0, import_btc_signer5.p2tr)(pubkey.slice(1, 33), void 0, network).address : addressType === "p2wpkh" ? (0, import_btc_signer5.p2wpkh)(pubkey, network).address : (0, import_btc_signer5.p2pkh)(pubkey, network).address;
+      const serviceEndpoint = `bitcoin:${address}`;
       return { id, type: beaconType, serviceEndpoint };
     } catch (error) {
       throw new BeaconError(
@@ -3957,27 +6069,27 @@ var BeaconUtils = class {
    */
   static generateBeaconServices({ id, publicKey, network, beaconType }) {
     try {
-      const p2pkh = import_bitcoinjs_lib5.payments.p2pkh({ pubkey: publicKey, network }).address;
-      const p2wpkh = import_bitcoinjs_lib5.payments.p2wpkh({ pubkey: publicKey, network }).address;
-      const p2tr = import_bitcoinjs_lib5.payments.p2tr({ network, internalPubkey: publicKey.slice(1, 33) }).address;
-      if (!p2pkh || !p2wpkh || !p2tr) {
-        throw new import_common13.DidMethodError("Failed to generate bitcoin addresses");
+      const p2pkhAddr = (0, import_btc_signer5.p2pkh)(publicKey, network).address;
+      const p2wpkhAddr = (0, import_btc_signer5.p2wpkh)(publicKey, network).address;
+      const p2trAddr = (0, import_btc_signer5.p2tr)(publicKey.slice(1, 33), void 0, network).address;
+      if (!p2pkhAddr || !p2wpkhAddr || !p2trAddr) {
+        throw new import_common17.DidMethodError("Failed to generate bitcoin addresses");
       }
       return [
         {
           id: `${id}#initialP2PKH`,
           type: beaconType,
-          serviceEndpoint: `bitcoin:${p2pkh}`
+          serviceEndpoint: `bitcoin:${p2pkhAddr}`
         },
         {
           id: `${id}#initialP2WPKH`,
           type: beaconType,
-          serviceEndpoint: `bitcoin:${p2wpkh}`
+          serviceEndpoint: `bitcoin:${p2wpkhAddr}`
         },
         {
           id: `${id}#initialP2TR`,
           type: beaconType,
-          serviceEndpoint: `bitcoin:${p2tr}`
+          serviceEndpoint: `bitcoin:${p2trAddr}`
         }
       ];
     } catch (error) {
@@ -4077,7 +6189,7 @@ var BeaconSignalDiscovery = class {
     }
     const rpc = bitcoin.rpc;
     if (!rpc) {
-      throw new import_common14.ResolveError("RPC connection is not available", "RPC_CONNECTION_ERROR", bitcoin);
+      throw new import_common18.ResolveError("RPC connection is not available", "RPC_CONNECTION_ERROR", bitcoin);
     }
     const targetHeight = await rpc.getBlockCount();
     const beaconServicesMap = BeaconUtils.getBeaconServicesMap(beaconServices);
@@ -4148,26 +6260,24 @@ var BeaconSignalDiscovery = class {
 
 // src/core/resolver.ts
 var import_bitcoin4 = require("@did-btcr2/bitcoin");
-var import_common18 = require("@did-btcr2/common");
-var import_cryptosuite2 = require("@did-btcr2/cryptosuite");
-var import_keypair5 = require("@did-btcr2/keypair");
+var import_common22 = require("@did-btcr2/common");
+var import_cryptosuite3 = require("@did-btcr2/cryptosuite");
+var import_keypair6 = require("@did-btcr2/keypair");
 
 // src/did-btcr2.ts
-var import_common17 = require("@did-btcr2/common");
+var import_common21 = require("@did-btcr2/common");
 var import_dids2 = require("@web5/dids");
-var ecc = __toESM(require("@bitcoinerlab/secp256k1"), 1);
-var import_bitcoinjs_lib7 = require("bitcoinjs-lib");
 
 // src/core/updater.ts
-var import_common16 = require("@did-btcr2/common");
-var import_cryptosuite = require("@did-btcr2/cryptosuite");
+var import_common20 = require("@did-btcr2/common");
+var import_cryptosuite2 = require("@did-btcr2/cryptosuite");
 
 // src/utils/did-document.ts
 var import_bitcoin3 = require("@did-btcr2/bitcoin");
-var import_common15 = require("@did-btcr2/common");
-var import_keypair4 = require("@did-btcr2/keypair");
-var import_utils8 = require("@web5/dids/utils");
-var import_bitcoinjs_lib6 = require("bitcoinjs-lib");
+var import_common19 = require("@did-btcr2/common");
+var import_keypair5 = require("@did-btcr2/keypair");
+var import_utils10 = require("@web5/dids/utils");
+var import_btc_signer6 = require("@scure/btc-signer");
 var BTCR2_DID_DOCUMENT_CONTEXT = [
   "https://www.w3.org/ns/did/v1.1",
   "https://btcr2.dev/context/v1"
@@ -4208,20 +6318,20 @@ var DidDocument = class _DidDocument {
   deactivated;
   constructor(document) {
     if (!document.id) {
-      throw new import_common15.DidDocumentError("DID Document must have an id", import_common15.INVALID_DID_DOCUMENT, document);
+      throw new import_common19.DidDocumentError("DID Document must have an id", import_common19.INVALID_DID_DOCUMENT, document);
     }
-    const idType = document.id.includes("k1") ? import_common15.IdentifierTypes.KEY : import_common15.IdentifierTypes.EXTERNAL;
+    const idType = document.id.includes("k1") ? import_common19.IdentifierTypes.KEY : import_common19.IdentifierTypes.EXTERNAL;
     const isGenesis = document.id === ID_PLACEHOLDER_VALUE;
     const { id, verificationMethod: vm, service } = document;
     if (!isGenesis) {
       if (!_DidDocument.isValidId(id)) {
-        throw new import_common15.DidDocumentError(`Invalid id: ${id}`, import_common15.INVALID_DID_DOCUMENT, document);
+        throw new import_common19.DidDocumentError(`Invalid id: ${id}`, import_common19.INVALID_DID_DOCUMENT, document);
       }
       if (!_DidDocument.isValidVerificationMethods(vm)) {
-        throw new import_common15.DidDocumentError("Invalid verificationMethod: " + vm, import_common15.INVALID_DID_DOCUMENT, document);
+        throw new import_common19.DidDocumentError("Invalid verificationMethod: " + vm, import_common19.INVALID_DID_DOCUMENT, document);
       }
       if (!_DidDocument.isValidServices(service)) {
-        throw new import_common15.DidDocumentError("Invalid service: " + service, import_common15.INVALID_DID_DOCUMENT, document);
+        throw new import_common19.DidDocumentError("Invalid service: " + service, import_common19.INVALID_DID_DOCUMENT, document);
       }
     }
     this.id = document.id;
@@ -4231,7 +6341,7 @@ var DidDocument = class _DidDocument {
       "https://www.w3.org/ns/did/v1.1",
       "https://btcr2.dev/context/v1"
     ];
-    if (idType === import_common15.IdentifierTypes.KEY) {
+    if (idType === import_common19.IdentifierTypes.KEY) {
       const keyRef = `${this.id}#initialKey`;
       this.authentication = document.authentication || [keyRef];
       this.assertionMethod = document.assertionMethod || [keyRef];
@@ -4317,19 +6427,19 @@ var DidDocument = class _DidDocument {
    */
   static isValid(didDocument) {
     if (!this.isValidContext(didDocument?.["@context"])) {
-      throw new import_common15.DidDocumentError('Invalid "@context"', import_common15.INVALID_DID_DOCUMENT, didDocument);
+      throw new import_common19.DidDocumentError('Invalid "@context"', import_common19.INVALID_DID_DOCUMENT, didDocument);
     }
     if (!this.isValidId(didDocument?.id)) {
-      throw new import_common15.DidDocumentError('Invalid "id"', import_common15.INVALID_DID_DOCUMENT, didDocument);
+      throw new import_common19.DidDocumentError('Invalid "id"', import_common19.INVALID_DID_DOCUMENT, didDocument);
     }
     if (!this.isValidVerificationMethods(didDocument?.verificationMethod)) {
-      throw new import_common15.DidDocumentError('Invalid "verificationMethod"', import_common15.INVALID_DID_DOCUMENT, didDocument);
+      throw new import_common19.DidDocumentError('Invalid "verificationMethod"', import_common19.INVALID_DID_DOCUMENT, didDocument);
     }
     if (!this.isValidServices(didDocument?.service)) {
-      throw new import_common15.DidDocumentError('Invalid "service"', import_common15.INVALID_DID_DOCUMENT, didDocument);
+      throw new import_common19.DidDocumentError('Invalid "service"', import_common19.INVALID_DID_DOCUMENT, didDocument);
     }
     if (!this.isValidVerificationRelationships(didDocument)) {
-      throw new import_common15.DidDocumentError("Invalid verification relationships", import_common15.INVALID_DID_DOCUMENT, didDocument);
+      throw new import_common19.DidDocumentError("Invalid verification relationships", import_common19.INVALID_DID_DOCUMENT, didDocument);
     }
     return true;
   }
@@ -4376,7 +6486,7 @@ var DidDocument = class _DidDocument {
    * @returns {boolean} True if the services are valid.
    */
   static isValidServices(service) {
-    return Array.isArray(service) && service.every(import_utils8.isDidService);
+    return Array.isArray(service) && service.every(import_utils10.isDidService);
   }
   /**
    * Validates verification relationships (authentication, assertionMethod, capabilityInvocation, capabilityDelegation).
@@ -4419,16 +6529,16 @@ var DidDocument = class _DidDocument {
    */
   validateGenesis() {
     if (this.id !== ID_PLACEHOLDER_VALUE) {
-      throw new import_common15.DidDocumentError("Invalid GenesisDocument ID", import_common15.INVALID_DID_DOCUMENT, this);
+      throw new import_common19.DidDocumentError("Invalid GenesisDocument ID", import_common19.INVALID_DID_DOCUMENT, this);
     }
     if (!this.verificationMethod.every((vm) => vm.id.includes(ID_PLACEHOLDER_VALUE) && vm.controller === ID_PLACEHOLDER_VALUE)) {
-      throw new import_common15.DidDocumentError("Invalid GenesisDocument verificationMethod", import_common15.INVALID_DID_DOCUMENT, this);
+      throw new import_common19.DidDocumentError("Invalid GenesisDocument verificationMethod", import_common19.INVALID_DID_DOCUMENT, this);
     }
     if (!this.service.every((svc) => svc.id.includes(ID_PLACEHOLDER_VALUE))) {
-      throw new import_common15.DidDocumentError("Invalid GenesisDocument service", import_common15.INVALID_DID_DOCUMENT, this);
+      throw new import_common19.DidDocumentError("Invalid GenesisDocument service", import_common19.INVALID_DID_DOCUMENT, this);
     }
     if (!_DidDocument.isValidVerificationRelationships(this)) {
-      throw new import_common15.DidDocumentError("Invalid GenesisDocument assertionMethod", import_common15.INVALID_DID_DOCUMENT, this);
+      throw new import_common19.DidDocumentError("Invalid GenesisDocument assertionMethod", import_common19.INVALID_DID_DOCUMENT, this);
     }
     return true;
   }
@@ -4438,7 +6548,7 @@ var DidDocument = class _DidDocument {
    */
   toIntermediate() {
     if (this.id.includes("k1")) {
-      throw new import_common15.DidDocumentError("Cannot convert a key identifier to an intermediate document", import_common15.INVALID_DID_DOCUMENT, this);
+      throw new import_common19.DidDocumentError("Cannot convert a key identifier to an intermediate document", import_common19.INVALID_DID_DOCUMENT, this);
     }
     return new GenesisDocument(this);
   }
@@ -4468,7 +6578,7 @@ var GenesisDocument = class _GenesisDocument extends DidDocument {
    * @returns {GenesisDocument} The GenesisDocument representation of the DidDocument.
    */
   static fromDidDocument(didDocument) {
-    const intermediateDocument = import_common15.JSONUtils.cloneReplace(didDocument, DID_REGEX, ID_PLACEHOLDER_VALUE);
+    const intermediateDocument = import_common19.JSONUtils.cloneReplace(didDocument, DID_REGEX, ID_PLACEHOLDER_VALUE);
     return new _GenesisDocument(intermediateDocument);
   }
   /**
@@ -4487,9 +6597,9 @@ var GenesisDocument = class _GenesisDocument extends DidDocument {
    * @returns {GenesisDocument} A new GenesisDocument with the placeholder ID.
    */
   static fromPublicKey(publicKey, network) {
-    const pk = new import_keypair4.CompressedSecp256k1PublicKey(publicKey);
+    const pk = new import_keypair5.CompressedSecp256k1PublicKey(publicKey);
     const id = ID_PLACEHOLDER_VALUE;
-    const address = import_bitcoinjs_lib6.payments.p2pkh({ pubkey: pk.compressed, network: (0, import_bitcoin3.getNetwork)(network) })?.address;
+    const address = (0, import_btc_signer6.p2pkh)(pk.compressed, (0, import_bitcoin3.getNetwork)(network)).address;
     const services = [{
       id: `${id}#service-0`,
       serviceEndpoint: `bitcoin:${address}`,
@@ -4525,20 +6635,18 @@ var GenesisDocument = class _GenesisDocument extends DidDocument {
    * @returns {Bytes} The genesis bytes.
    */
   static toGenesisBytes(genesisDocument) {
-    return (0, import_common15.hash)((0, import_common15.canonicalize)(genesisDocument));
+    return (0, import_common19.hash)((0, import_common19.canonicalize)(genesisDocument));
   }
 };
 
 // src/core/updater.ts
 var Updater = class _Updater {
-  #phase = "Construct" /* Construct */;
+  #state = { phase: "Construct" };
   #sourceDocument;
   #patches;
   #sourceVersionId;
   #verificationMethod;
   #beaconService;
-  #unsignedUpdate = null;
-  #signedUpdate = null;
   /**
    * @internal — Use {@link DidBtcr2.update} to create instances.
    */
@@ -4572,19 +6680,26 @@ var Updater = class _Updater {
       patch: patches,
       targetHash: "",
       targetVersionId: sourceVersionId + 1,
-      sourceHash: (0, import_common16.canonicalHash)(sourceDocument)
+      sourceHash: (0, import_common20.canonicalHash)(sourceDocument)
     };
-    const targetDocument = import_common16.JSONPatch.apply(sourceDocument, patches);
+    const targetDocument = import_common20.JSONPatch.apply(sourceDocument, patches);
+    if (targetDocument.id !== sourceDocument.id) {
+      throw new import_common20.UpdateError(
+        `Patches must not change the DID document id (source "${sourceDocument.id}" \u2192 target "${targetDocument.id}").`,
+        import_common20.INVALID_DID_UPDATE,
+        { sourceId: sourceDocument.id, targetId: targetDocument.id }
+      );
+    }
     try {
       DidDocument.isValid(targetDocument);
     } catch (error) {
-      throw new import_common16.UpdateError(
+      throw new import_common20.UpdateError(
         "Error validating targetDocument: " + (error instanceof Error ? error.message : String(error)),
-        import_common16.INVALID_DID_UPDATE,
+        import_common20.INVALID_DID_UPDATE,
         targetDocument
       );
     }
-    unsignedUpdate.targetHash = (0, import_common16.canonicalHash)(targetDocument);
+    unsignedUpdate.targetHash = (0, import_common20.canonicalHash)(targetDocument);
     return unsignedUpdate;
   }
   /**
@@ -4593,13 +6708,28 @@ var Updater = class _Updater {
    * @param {string} did The did-btcr2 identifier to derive the root capability from.
    * @param {UnsignedBTCR2Update} unsignedUpdate The unsigned update to sign.
    * @param {DidVerificationMethod} verificationMethod The verification method for signing.
-   * @param {KeyBytes} secretKey The secret key bytes.
+   * @param {Signer} signer Signer that produces the BIP-340 Schnorr signature.
    * @returns {SignedBTCR2Update} The signed update with a Data Integrity proof.
    */
-  static sign(did, unsignedUpdate, verificationMethod, secretKey) {
+  static sign(did, unsignedUpdate, verificationMethod, signer) {
+    if (!did.startsWith("did:btcr2:")) {
+      throw new import_common20.UpdateError(
+        `Expected a did:btcr2 identifier for the root capability; got "${did}".`,
+        import_common20.INVALID_DID_UPDATE,
+        { did }
+      );
+    }
     const controller = verificationMethod.controller;
-    const id = verificationMethod.id.slice(verificationMethod.id.indexOf("#"));
-    const multikey = import_cryptosuite.SchnorrMultikey.fromSecretKey(id, controller, secretKey);
+    const hashIdx = verificationMethod.id.indexOf("#");
+    if (hashIdx < 0) {
+      throw new import_common20.UpdateError(
+        `Verification method id must contain a fragment (e.g. "${verificationMethod.id}#initialKey"); got "${verificationMethod.id}".`,
+        import_common20.INVALID_DID_UPDATE,
+        { verificationMethodId: verificationMethod.id }
+      );
+    }
+    const id = verificationMethod.id.slice(hashIdx);
+    const multikey = import_cryptosuite2.SchnorrMultikey.fromSigner(id, controller, signer);
     const config = {
       "@context": [
         "https://w3id.org/security/v2",
@@ -4623,24 +6753,20 @@ var Updater = class _Updater {
    *
    * @param {BeaconService} beaconService The beacon service to broadcast through.
    * @param {SignedBTCR2Update} update The signed update to announce.
-   * @param {KeyBytes} secretKey The secret key for signing the Bitcoin transaction.
+   * @param {Signer} signer Signer that produces the ECDSA signature for the Bitcoin transaction.
    * @param {BitcoinConnection} bitcoin The Bitcoin network connection.
    * @returns {Promise<SignedBTCR2Update>} The signed update that was broadcast.
    */
-  static async announce(beaconService, update, secretKey, bitcoin) {
+  static async announce(beaconService, update, signer, bitcoin) {
     const beacon = BeaconFactory.establish(beaconService);
-    return beacon.broadcastSignal(update, secretKey, bitcoin);
+    return beacon.broadcastSignal(update, signer, bitcoin);
   }
-  // ─── Private instance wrappers ─────────────────────────────────────────────
+  // Private instance wrappers
   // Delegate to the public statics with bound instance fields for cleaner
   // advance/provide code.
   #construct() {
     return _Updater.construct(this.#sourceDocument, this.#patches, this.#sourceVersionId);
   }
-  #sign(secretKey) {
-    return _Updater.sign(this.#sourceDocument.id, this.#unsignedUpdate, this.#verificationMethod, secretKey);
-  }
-  // ─── State machine ─────────────────────────────────────────────────────────
   /**
    * Advance the state machine. Returns either:
    * - `{ status: 'action-required', needs }` — caller must provide data via {@link provide}
@@ -4648,30 +6774,30 @@ var Updater = class _Updater {
    */
   advance() {
     while (true) {
-      switch (this.#phase) {
+      switch (this.#state.phase) {
         // Phase: Construct
         // Build the unsigned update from source doc + patches. Pure, synchronous.
-        case "Construct" /* Construct */: {
-          this.#unsignedUpdate = this.#construct();
-          this.#phase = "Sign" /* Sign */;
+        case "Construct": {
+          const unsignedUpdate = this.#construct();
+          this.#state = { phase: "Sign", unsignedUpdate };
           continue;
         }
         // Phase: Sign
         // Emit NeedSigningKey — the caller supplies the secret key (or a KMS signature).
-        case "Sign" /* Sign */: {
+        case "Sign": {
           return {
             status: "action-required",
             needs: [{
               kind: "NeedSigningKey",
               verificationMethodId: this.#verificationMethod.id,
-              unsignedUpdate: this.#unsignedUpdate
+              unsignedUpdate: this.#state.unsignedUpdate
             }]
           };
         }
         // Phase: Fund
         // Emit NeedFunding with the beacon address. The caller checks UTXOs,
         // funds the address if needed, and provides to continue.
-        case "Fund" /* Fund */: {
+        case "Fund": {
           const beaconAddress = this.#beaconService.serviceEndpoint.replace("bitcoin:", "");
           return {
             status: "action-required",
@@ -4685,21 +6811,21 @@ var Updater = class _Updater {
         // Phase: Broadcast
         // Emit NeedBroadcast with the signed update + beacon service. The caller performs
         // the actual on-chain announcement (or hands off to the aggregation protocol).
-        case "Broadcast" /* Broadcast */: {
+        case "Broadcast": {
           return {
             status: "action-required",
             needs: [{
               kind: "NeedBroadcast",
               beaconService: this.#beaconService,
-              signedUpdate: this.#signedUpdate
+              signedUpdate: this.#state.signedUpdate
             }]
           };
         }
         // Phase: Complete
-        case "Complete" /* Complete */: {
+        case "Complete": {
           return {
             status: "complete",
-            result: { signedUpdate: this.#signedUpdate }
+            result: { signedUpdate: this.#state.signedUpdate }
           };
         }
       }
@@ -4708,49 +6834,63 @@ var Updater = class _Updater {
   provide(need, data) {
     switch (need.kind) {
       case "NeedSigningKey": {
-        if (this.#phase !== "Sign" /* Sign */) {
-          throw new import_common16.UpdateError(
-            `Cannot provide NeedSigningKey: updater phase is ${this.#phase}, expected Sign.`,
-            import_common16.INVALID_DID_UPDATE,
-            { phase: this.#phase }
+        if (this.#state.phase !== "Sign") {
+          throw new import_common20.UpdateError(
+            `Cannot provide NeedSigningKey: updater phase is ${this.#state.phase}, expected Sign.`,
+            import_common20.INVALID_DID_UPDATE,
+            { phase: this.#state.phase }
           );
         }
         if (!data) {
-          throw new import_common16.UpdateError(
-            "NeedSigningKey requires secret key bytes.",
-            import_common16.INVALID_DID_UPDATE
+          throw new import_common20.UpdateError(
+            "NeedSigningKey requires a Signer.",
+            import_common20.INVALID_DID_UPDATE
           );
         }
-        if (!this.#unsignedUpdate) {
-          throw new import_common16.UpdateError(
-            "Internal error: unsigned update missing in Sign phase.",
-            import_common16.INVALID_DID_UPDATE
-          );
-        }
-        this.#signedUpdate = this.#sign(data);
-        this.#phase = "Fund" /* Fund */;
+        const unsignedUpdate = this.#state.unsignedUpdate;
+        const signedUpdate = _Updater.sign(
+          this.#sourceDocument.id,
+          unsignedUpdate,
+          this.#verificationMethod,
+          data
+        );
+        this.#state = { phase: "Fund", unsignedUpdate, signedUpdate };
         break;
       }
       case "NeedFunding": {
-        if (this.#phase !== "Fund" /* Fund */) {
-          throw new import_common16.UpdateError(
-            `Cannot provide NeedFunding: updater phase is ${this.#phase}, expected Fund.`,
-            import_common16.INVALID_DID_UPDATE,
-            { phase: this.#phase }
+        if (this.#state.phase !== "Fund") {
+          throw new import_common20.UpdateError(
+            `Cannot provide NeedFunding: updater phase is ${this.#state.phase}, expected Fund.`,
+            import_common20.INVALID_DID_UPDATE,
+            { phase: this.#state.phase }
           );
         }
-        this.#phase = "Broadcast" /* Broadcast */;
+        if (data !== void 0) {
+          const proof = data;
+          if (typeof proof.utxoCount !== "number" || !Number.isFinite(proof.utxoCount) || proof.utxoCount < 1) {
+            throw new import_common20.UpdateError(
+              `NeedFunding proof must have utxoCount >= 1; got ${String(proof.utxoCount)}.`,
+              import_common20.INVALID_DID_UPDATE,
+              { utxoCount: proof.utxoCount }
+            );
+          }
+        }
+        this.#state = {
+          phase: "Broadcast",
+          unsignedUpdate: this.#state.unsignedUpdate,
+          signedUpdate: this.#state.signedUpdate
+        };
         break;
       }
       case "NeedBroadcast": {
-        if (this.#phase !== "Broadcast" /* Broadcast */) {
-          throw new import_common16.UpdateError(
-            `Cannot provide NeedBroadcast: updater phase is ${this.#phase}, expected Broadcast.`,
-            import_common16.INVALID_DID_UPDATE,
-            { phase: this.#phase }
+        if (this.#state.phase !== "Broadcast") {
+          throw new import_common20.UpdateError(
+            `Cannot provide NeedBroadcast: updater phase is ${this.#state.phase}, expected Broadcast.`,
+            import_common20.INVALID_DID_UPDATE,
+            { phase: this.#state.phase }
           );
         }
-        this.#phase = "Complete" /* Complete */;
+        this.#state = { phase: "Complete", signedUpdate: this.#state.signedUpdate };
         break;
       }
     }
@@ -4758,7 +6898,6 @@ var Updater = class _Updater {
 };
 
 // src/did-btcr2.ts
-(0, import_bitcoinjs_lib7.initEccLib)(ecc);
 var DidBtcr2 = class {
   /**
    * Name of the DID method, as defined in the DID BTCR2 specification
@@ -4783,9 +6922,9 @@ var DidBtcr2 = class {
   static create(genesisBytes, options) {
     const { idType, version = 1, network = "bitcoin" } = options || {};
     if (!idType) {
-      throw new import_common17.MethodError(
+      throw new import_common21.MethodError(
         "idType is required for creating a did:btcr2 identifier",
-        import_common17.INVALID_DID_DOCUMENT,
+        import_common21.INVALID_DID_DOCUMENT,
         options
       );
     }
@@ -4815,7 +6954,7 @@ var DidBtcr2 = class {
   static resolve(did, resolutionOptions = {}) {
     const didComponents = Identifier.decode(did);
     const sidecarData = Resolver.sidecarData(resolutionOptions.sidecar);
-    const currentDocument = didComponents.hrp === import_common17.IdentifierHrp.k ? Resolver.deterministic(didComponents) : null;
+    const currentDocument = didComponents.hrp === import_common21.IdentifierHrp.k ? Resolver.deterministic(didComponents) : null;
     return new Resolver(didComponents, sidecarData, currentDocument, {
       versionId: resolutionOptions.versionId,
       versionTime: resolutionOptions.versionTime,
@@ -4853,39 +6992,39 @@ var DidBtcr2 = class {
     beaconId
   }) {
     if (!sourceDocument.capabilityInvocation?.some((vr) => vr === verificationMethodId)) {
-      throw new import_common17.UpdateError(
+      throw new import_common21.UpdateError(
         "Invalid verificationMethodId: not authorized for capabilityInvocation",
-        import_common17.INVALID_DID_DOCUMENT,
+        import_common21.INVALID_DID_DOCUMENT,
         sourceDocument
       );
     }
     const verificationMethod = this.getSigningMethod(sourceDocument, verificationMethodId);
     if (!verificationMethod) {
-      throw new import_common17.UpdateError(
+      throw new import_common21.UpdateError(
         "Invalid verificationMethod: not found in source document",
-        import_common17.INVALID_DID_DOCUMENT,
+        import_common21.INVALID_DID_DOCUMENT,
         { sourceDocument, verificationMethodId }
       );
     }
     if (verificationMethod.type !== "Multikey") {
-      throw new import_common17.UpdateError(
+      throw new import_common21.UpdateError(
         'Invalid verificationMethod: verificationMethod.type must be "Multikey"',
-        import_common17.INVALID_DID_DOCUMENT,
+        import_common21.INVALID_DID_DOCUMENT,
         verificationMethod
       );
     }
     if (verificationMethod.publicKeyMultibase?.slice(0, 4) !== "zQ3s") {
-      throw new import_common17.UpdateError(
+      throw new import_common21.UpdateError(
         'Invalid verificationMethodId: publicKeyMultibase prefix must start with "zQ3s"',
-        import_common17.INVALID_DID_DOCUMENT,
+        import_common21.INVALID_DID_DOCUMENT,
         verificationMethod
       );
     }
     const beaconService = sourceDocument.service.filter((service) => service.id === beaconId).filter((service) => !!service).shift();
     if (!beaconService) {
-      throw new import_common17.UpdateError(
+      throw new import_common21.UpdateError(
         "No beacon service found for provided beaconId",
-        import_common17.INVALID_DID_UPDATE,
+        import_common21.INVALID_DID_UPDATE,
         { sourceDocument, beaconId }
       );
     }
@@ -4911,7 +7050,7 @@ var DidBtcr2 = class {
     methodId ??= "#initialKey";
     const parsedDid = import_dids2.Did.parse(didDocument.id);
     if (parsedDid && parsedDid.method !== this.methodName) {
-      throw new import_common17.MethodError(`Method not supported: ${parsedDid.method}`, import_common17.METHOD_NOT_SUPPORTED, { identifier: didDocument.id });
+      throw new import_common21.MethodError(`Method not supported: ${parsedDid.method}`, import_common21.METHOD_NOT_SUPPORTED, { identifier: didDocument.id });
     }
     const verificationMethod = didDocument.verificationMethod?.find(
       (vm) => Appendix.extractDidFragment(vm.id) === (Appendix.extractDidFragment(methodId) ?? Appendix.extractDidFragment(didDocument.assertionMethod?.[0]))
@@ -4927,7 +7066,7 @@ var DidBtcr2 = class {
 };
 
 // src/core/resolver.ts
-var import_utils10 = require("@noble/curves/utils.js");
+var import_utils12 = require("@noble/curves/utils.js");
 var Resolver = class _Resolver {
   // --- Immutable inputs ---
   #didComponents;
@@ -4967,7 +7106,7 @@ var Resolver = class _Resolver {
   static deterministic(didComponents) {
     const genesisBytes = didComponents.genesisBytes;
     const did = Identifier.encode(genesisBytes, didComponents);
-    const { multibase } = new import_keypair5.CompressedSecp256k1PublicKey(genesisBytes);
+    const { multibase } = new import_keypair6.CompressedSecp256k1PublicKey(genesisBytes);
     const service = BeaconUtils.generateBeaconServices({
       id: did,
       publicKey: genesisBytes,
@@ -4993,14 +7132,14 @@ var Resolver = class _Resolver {
    * @throws {ResolveError} InvalidDidDocument if not conformant to DID Core v1.1
    */
   static external(didComponents, genesisDocument) {
-    const genesisDocumentHash = (0, import_common18.canonicalHashBytes)(genesisDocument);
-    if (!(0, import_utils10.equalBytes)(didComponents.genesisBytes, genesisDocumentHash)) {
-      throw new import_common18.ResolveError(
+    const genesisDocumentHash = (0, import_common22.canonicalHashBytes)(genesisDocument);
+    if (!(0, import_utils12.equalBytes)(didComponents.genesisBytes, genesisDocumentHash)) {
+      throw new import_common22.ResolveError(
         `Initial document mismatch: genesisBytes !== genesisDocumentHash`,
-        import_common18.INVALID_DID_DOCUMENT,
+        import_common22.INVALID_DID_DOCUMENT,
         {
-          genesisBytes: (0, import_common18.encode)(didComponents.genesisBytes, "hex"),
-          genesisDocumentHash: (0, import_common18.encode)(genesisDocumentHash, "hex")
+          genesisBytes: (0, import_common22.encode)(didComponents.genesisBytes, "hex"),
+          genesisDocumentHash: (0, import_common22.encode)(genesisDocumentHash, "hex")
         }
       );
     }
@@ -5019,12 +7158,12 @@ var Resolver = class _Resolver {
     const updateMap = /* @__PURE__ */ new Map();
     if (sidecar.updates?.length)
       for (const update of sidecar.updates) {
-        updateMap.set((0, import_common18.canonicalHash)(update, { encoding: "hex" }), update);
+        updateMap.set((0, import_common22.canonicalHash)(update, { encoding: "hex" }), update);
       }
     const casMap = /* @__PURE__ */ new Map();
     if (sidecar.casUpdates?.length)
       for (const update of sidecar.casUpdates) {
-        casMap.set((0, import_common18.canonicalHash)(update, { encoding: "hex" }), update);
+        casMap.set((0, import_common22.canonicalHash)(update, { encoding: "hex" }), update);
       }
     const smtMap = /* @__PURE__ */ new Map();
     if (sidecar.smtProofs?.length)
@@ -5057,12 +7196,12 @@ var Resolver = class _Resolver {
       }
     };
     for (const [update, block] of updates) {
-      const currentDocumentHash = (0, import_common18.canonicalHashBytes)(response.didDocument);
-      const blocktime = import_common18.DateUtils.blocktimeToTimestamp(block.time);
-      response.metadata.updated = import_common18.DateUtils.toISOStringNonFractional(blocktime);
+      const currentDocumentHash = (0, import_common22.canonicalHashBytes)(response.didDocument);
+      const blocktime = import_common22.DateUtils.blocktimeToTimestamp(block.time);
+      response.metadata.updated = import_common22.DateUtils.toISOStringNonFractional(blocktime);
       response.metadata.confirmations = block.confirmations;
       if (versionTime) {
-        if (blocktime > import_common18.DateUtils.dateStringToTimestamp(versionTime)) {
+        if (blocktime > import_common22.DateUtils.dateStringToTimestamp(versionTime)) {
           return response;
         }
       }
@@ -5070,22 +7209,22 @@ var Resolver = class _Resolver {
         updateHashHistory.push(currentDocumentHash);
         this.confirmDuplicate(update, updateHashHistory);
       } else if (update.targetVersionId === currentVersionId + 1) {
-        const sourceHashBytes = (0, import_common18.decode)(update.sourceHash, "base64urlnopad");
-        if (!(0, import_utils10.equalBytes)(sourceHashBytes, currentDocumentHash)) {
-          throw new import_common18.ResolveError(
+        const sourceHashBytes = (0, import_common22.decode)(update.sourceHash, "base64urlnopad");
+        if (!(0, import_utils12.equalBytes)(sourceHashBytes, currentDocumentHash)) {
+          throw new import_common22.ResolveError(
             `Hash mismatch: update.sourceHash !== currentDocumentHash`,
-            import_common18.INVALID_DID_UPDATE,
+            import_common22.INVALID_DID_UPDATE,
             {
               sourceHash: update.sourceHash,
-              currentDocumentHash: (0, import_common18.encode)(currentDocumentHash, "hex")
+              currentDocumentHash: (0, import_common22.encode)(currentDocumentHash, "hex")
             }
           );
         }
         response.didDocument = this.applyUpdate(response.didDocument, update);
-        const unsignedUpdate = import_common18.JSONUtils.deleteKeys(update, ["proof"]);
-        updateHashHistory.push((0, import_common18.canonicalHashBytes)(unsignedUpdate));
+        const unsignedUpdate = import_common22.JSONUtils.deleteKeys(update, ["proof"]);
+        updateHashHistory.push((0, import_common22.canonicalHashBytes)(unsignedUpdate));
       } else if (update.targetVersionId > currentVersionId + 1) {
-        throw new import_common18.ResolveError(
+        throw new import_common22.ResolveError(
           `Version Id Mismatch: targetVersionId cannot be > currentVersionId + 1`,
           "LATE_PUBLISHING_ERROR",
           {
@@ -5116,15 +7255,15 @@ var Resolver = class _Resolver {
    */
   static confirmDuplicate(update, updateHashHistory) {
     const { proof: _, ...unsignedUpdate } = update;
-    const unsignedUpdateHash = (0, import_common18.canonicalHashBytes)(unsignedUpdate);
+    const unsignedUpdateHash = (0, import_common22.canonicalHashBytes)(unsignedUpdate);
     const historicalUpdateHash = updateHashHistory[update.targetVersionId - 2];
-    if (!(0, import_utils10.equalBytes)(historicalUpdateHash, unsignedUpdateHash)) {
-      throw new import_common18.ResolveError(
+    if (!(0, import_utils12.equalBytes)(historicalUpdateHash, unsignedUpdateHash)) {
+      throw new import_common22.ResolveError(
         `Invalid duplicate: unsigned update hash does not match historical hash`,
-        import_common18.LATE_PUBLISHING_ERROR,
+        import_common22.LATE_PUBLISHING_ERROR,
         {
-          unsignedUpdateHash: (0, import_common18.encode)(unsignedUpdateHash, "hex"),
-          historicalHash: (0, import_common18.encode)(historicalUpdateHash, "hex")
+          unsignedUpdateHash: (0, import_common22.encode)(unsignedUpdateHash, "hex"),
+          historicalHash: (0, import_common22.encode)(historicalUpdateHash, "hex")
         }
       );
     }
@@ -5139,42 +7278,42 @@ var Resolver = class _Resolver {
   static applyUpdate(currentDocument, update) {
     const capabilityId = update.proof?.capability;
     if (!capabilityId) {
-      throw new import_common18.ResolveError("No root capability found in update", import_common18.INVALID_DID_UPDATE, update);
+      throw new import_common22.ResolveError("No root capability found in update", import_common22.INVALID_DID_UPDATE, update);
     }
     const rootCapability = Appendix.dereferenceZcapId(capabilityId);
     const { invocationTarget, controller: rootController } = rootCapability;
     if (![invocationTarget, rootController].every((id) => id === currentDocument.id)) {
-      throw new import_common18.ResolveError(
+      throw new import_common22.ResolveError(
         "Invalid root capability",
-        import_common18.INVALID_DID_UPDATE,
+        import_common22.INVALID_DID_UPDATE,
         { rootCapability, currentDocument }
       );
     }
     const verificationMethodId = update.proof?.verificationMethod;
     if (!verificationMethodId) {
-      throw new import_common18.ResolveError("No verificationMethod found in update", import_common18.INVALID_DID_UPDATE, update);
+      throw new import_common22.ResolveError("No verificationMethod found in update", import_common22.INVALID_DID_UPDATE, update);
     }
     const vm = DidBtcr2.getSigningMethod(currentDocument, verificationMethodId);
-    const multikey = import_cryptosuite2.SchnorrMultikey.fromVerificationMethod(vm);
-    const cryptosuite = new import_cryptosuite2.BIP340Cryptosuite(multikey);
-    const canonicalUpdate = (0, import_common18.canonicalize)(update);
-    const diProof = new import_cryptosuite2.BIP340DataIntegrityProof(cryptosuite);
+    const multikey = import_cryptosuite3.SchnorrMultikey.fromVerificationMethod(vm);
+    const cryptosuite = new import_cryptosuite3.BIP340Cryptosuite(multikey);
+    const canonicalUpdate = (0, import_common22.canonicalize)(update);
+    const diProof = new import_cryptosuite3.BIP340DataIntegrityProof(cryptosuite);
     const verificationResult = diProof.verifyProof(canonicalUpdate, "capabilityInvocation");
     if (!verificationResult.verified) {
-      throw new import_common18.ResolveError(
+      throw new import_common22.ResolveError(
         "Invalid update: proof not verified",
-        import_common18.INVALID_DID_UPDATE,
+        import_common22.INVALID_DID_UPDATE,
         verificationResult
       );
     }
-    const updatedDocument = import_common18.JSONPatch.apply(currentDocument, update.patch);
+    const updatedDocument = import_common22.JSONPatch.apply(currentDocument, update.patch);
     DidDocument.validate(updatedDocument);
-    const currentDocumentHash = (0, import_common18.canonicalHashBytes)(updatedDocument);
-    const updateTargetHash = (0, import_common18.decode)(update.targetHash);
-    if (!(0, import_utils10.equalBytes)(updateTargetHash, currentDocumentHash)) {
-      throw new import_common18.ResolveError(
+    const currentDocumentHash = (0, import_common22.canonicalHashBytes)(updatedDocument);
+    const updateTargetHash = (0, import_common22.decode)(update.targetHash);
+    if (!(0, import_utils12.equalBytes)(updateTargetHash, currentDocumentHash)) {
+      throw new import_common22.ResolveError(
         `Invalid update: update.targetHash !== currentDocumentHash`,
-        import_common18.INVALID_DID_UPDATE,
+        import_common22.INVALID_DID_UPDATE,
         { updateTargetHash, currentDocumentHash }
       );
     }
@@ -5202,7 +7341,7 @@ var Resolver = class _Resolver {
             this.#phase = "BeaconDiscovery" /* BeaconDiscovery */;
             continue;
           }
-          const genesisHash = (0, import_common18.encode)(this.#didComponents.genesisBytes, "hex");
+          const genesisHash = (0, import_common22.encode)(this.#didComponents.genesisBytes, "hex");
           return {
             status: "action-required",
             needs: [{ kind: "NeedGenesisDocument", genesisHash }]
@@ -5306,21 +7445,21 @@ var Resolver = class _Resolver {
       }
       case "NeedCASAnnouncement": {
         const announcement = data;
-        this.#sidecarData.casMap.set((0, import_common18.canonicalHash)(announcement, { encoding: "hex" }), announcement);
+        this.#sidecarData.casMap.set((0, import_common22.canonicalHash)(announcement, { encoding: "hex" }), announcement);
         break;
       }
       case "NeedSignedUpdate": {
         const update = data;
-        this.#sidecarData.updateMap.set((0, import_common18.canonicalHash)(update, { encoding: "hex" }), update);
+        this.#sidecarData.updateMap.set((0, import_common22.canonicalHash)(update, { encoding: "hex" }), update);
         break;
       }
       case "NeedSMTProof": {
         const smtNeed = need;
         const proof = data;
         if (proof.id !== smtNeed.smtRootHash) {
-          throw new import_common18.ResolveError(
+          throw new import_common22.ResolveError(
             `SMT proof root hash mismatch: expected ${smtNeed.smtRootHash}, got ${proof.id}`,
-            import_common18.INVALID_DID_UPDATE,
+            import_common22.INVALID_DID_UPDATE,
             { expected: smtNeed.smtRootHash, actual: proof.id }
           );
         }
@@ -5332,12 +7471,12 @@ var Resolver = class _Resolver {
 };
 
 // src/utils/did-document-builder.ts
-var import_common19 = require("@did-btcr2/common");
+var import_common23 = require("@did-btcr2/common");
 var DidDocumentBuilder = class {
   document = {};
   constructor(initialDocument) {
     if (!initialDocument.id) {
-      throw new import_common19.DidDocumentError('Missing required "id" property', import_common19.INVALID_DID_DOCUMENT, initialDocument);
+      throw new import_common23.DidDocumentError('Missing required "id" property', import_common23.INVALID_DID_DOCUMENT, initialDocument);
     }
     this.document.id = initialDocument.id;
     this.document.verificationMethod = initialDocument.verificationMethod ?? [];
@@ -5389,6 +7528,7 @@ var DidDocumentBuilder = class {
 0 && (module.exports = {
   AGGREGATED_NONCE,
   AGGREGATION_MESSAGE_PREFIX,
+  AGGREGATION_WIRE_VERSION,
   AUTHORIZATION_REQUEST,
   AggregateBeaconError,
   AggregationCohort,
@@ -5415,6 +7555,12 @@ var DidDocumentBuilder = class {
   COHORT_OPT_IN,
   COHORT_OPT_IN_ACCEPT,
   COHORT_READY,
+  CONSOLE_LOGGER,
+  DEFAULT_ADVERT_REPEAT_INTERVAL_MS,
+  DEFAULT_BROADCAST_LOOKBACK_MS,
+  DEFAULT_CLOCK_SKEW_SEC,
+  DEFAULT_MAX_UPDATE_SIZE_BYTES,
+  DEFAULT_NONCE_LEN_BYTES,
   DEFAULT_NOSTR_RELAYS,
   DID_REGEX,
   DISTRIBUTE_AGGREGATED_DATA,
@@ -5425,15 +7571,31 @@ var DidDocumentBuilder = class {
   DidVerificationMethod,
   Document,
   GenesisDocument,
+  HTTP_ENVELOPE_VERSION,
+  HTTP_ROUTE,
+  HttpClientTransport,
+  HttpServerTransport,
+  HttpTransportError,
   ID_PLACEHOLDER_VALUE,
   Identifier,
+  InMemoryRateLimitStore,
+  InboxBuffer,
   NONCE_CONTRIBUTION,
+  NonceCache,
   NostrTransport,
+  P2PKH_BEACON_TX_VSIZE,
+  P2TR_BEACON_TX_VSIZE,
+  P2WPKH_BEACON_TX_VSIZE,
   ParticipantCohortPhase,
+  REQUEST_AUTH_SCHEME,
+  RateLimiter,
   Resolver,
   SIGNATURE_AUTHORIZATION,
+  SILENT_LOGGER,
+  SINGLETON_BEACON_TX_VSIZE,
   SMTBeacon,
   SMTBeaconError,
+  SSE_EVENT,
   SUBMIT_UPDATE,
   ServiceCohortPhase,
   SigningSessionError,
@@ -5447,6 +7609,8 @@ var DidDocumentBuilder = class {
   TypedEventEmitter,
   Updater,
   VALIDATION_ACK,
+  buildAggregationBeaconTx,
+  buildRequestAuth,
   createAggregatedNonceMessage,
   createAuthorizationRequestMessage,
   createCohortAdvertMessage,
@@ -5458,8 +7622,34 @@ var DidDocumentBuilder = class {
   createSignatureAuthorizationMessage,
   createSubmitUpdateMessage,
   createValidationAckMessage,
+  defaultReconnectBackoff,
+  deriveSingletonAddress,
+  detectSingletonScriptKind,
+  formatSseComment,
+  formatSseEvent,
+  getBeaconStrategy,
+  isAggregatedNonceMessage,
   isAggregationMessageType,
+  isAuthorizationRequestMessage,
+  isCohortAdvertMessage,
+  isCohortOptInAcceptMessage,
+  isCohortOptInMessage,
+  isCohortReadyMessage,
+  isDistributeAggregatedDataMessage,
   isKeygenMessageType,
+  isNonceContributionMessage,
   isSignMessageType,
-  isUpdateMessageType
+  isSignatureAuthorizationMessage,
+  isSubmitUpdateMessage,
+  isUpdateMessageType,
+  isValidationAckMessage,
+  normalizeForWire,
+  opReturnScript,
+  parseRequestAuth,
+  parseSseStream,
+  registerBeaconStrategy,
+  reviveFromWire,
+  signEnvelope,
+  verifyEnvelope,
+  verifyRequestAuth
 });