@empereur-rouge/pms-sdk 0.3.8 → 0.5.0

package/dist/index.cjs

@@ -20,14 +20,21 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 // src/index.ts
 var index_exports = {};
 __export(index_exports, {
+  DAY_MS: () => DAY_MS,
   PmsClient: () => PmsClient,
   PmsWallet: () => PmsWallet,
   decryptPayload: () => decryptPayload,
+  effectiveValue: () => effectiveValue,
   formatAmount: () => formatAmount,
   fromHex: () => fromHex,
+  hashlockHash: () => hashlockHash,
   isValidMnemonic: () => isValidMnemonic,
+  makeUnlock: () => makeUnlock,
+  multisigAddress: () => multisigAddress,
   parseAmount: () => parseAmount,
-  toHex: () => toHex
+  spendableUtxos: () => spendableUtxos,
+  toHex: () => toHex,
+  txSigningMessage: () => txSigningMessage
 });
 module.exports = __toCommonJS(index_exports);
 
@@ -42,6 +49,7 @@ var import_english = require("@scure/bip39/wordlists/english");
 // src/utils.ts
 var import_sha2 = require("@noble/hashes/sha2");
 var import_utils = require("@noble/hashes/utils");
+var import_base = require("@scure/base");
 function sha256Hash(data) {
   return (0, import_sha2.sha256)(data);
 }
@@ -54,12 +62,103 @@ function fromHex(hex) {
 function encodeUtf8(str) {
   return new TextEncoder().encode(str);
 }
-function computeBlockId(parents, payloadJson, nonce) {
-  const parentsStr = parents.sort().join(",");
-  const payloadStr = payloadJson ?? "";
-  const content = `${parentsStr}|${payloadStr}|${nonce}`;
-  const hash = sha256Hash(encodeUtf8(content));
-  return toHex(hash);
+function toBase64(bytes) {
+  return import_base.base64.encode(bytes);
+}
+function txSigningMessage(networkId, inputs, outputs, fee) {
+  const canonInputs = inputs.map((i) => ({
+    out: { txid: i.out.txid, index: i.out.index }
+  }));
+  const canonOutputs = outputs.map((o) => {
+    const out = {
+      address: o.address,
+      amount: o.amount
+    };
+    if (o.asset_id !== void 0 && o.asset_id !== null) {
+      out.asset_id = o.asset_id;
+    }
+    if (o.locked_until !== void 0 && o.locked_until !== null) {
+      out.locked_until = o.locked_until;
+    }
+    if (o.spend_condition !== void 0 && o.spend_condition !== null) {
+      out.spend_condition = o.spend_condition;
+    }
+    if (o.created_at !== void 0 && o.created_at !== null) {
+      out.created_at = o.created_at;
+    }
+    return out;
+  });
+  const canon = {
+    network_id: networkId,
+    inputs: canonInputs,
+    outputs: canonOutputs,
+    fee
+  };
+  return toHex(sha256Hash(encodeUtf8(JSON.stringify(canon))));
+}
+var PLAIN_VARIANT_TO_PAYLOAD_TYPE = {
+  Genesis: "Genesis",
+  Mint: "Mint",
+  TxUtxo: "Transaction",
+  Milestone: "Milestone",
+  Nft: "Nft",
+  ConfigUpdate: "ConfigUpdate",
+  Reward: "Reward",
+  EncryptedReward: "EncryptedReward",
+  TokenCreate: "TokenCreate",
+  BridgeLock: "BridgeLock",
+  BridgeMint: "BridgeMint",
+  Freeze: "Freeze",
+  Unfreeze: "Unfreeze",
+  Seize: "Seize",
+  Reverse: "Reverse",
+  ContractRegister: "ContractRegister",
+  ContractUpdate: "ContractUpdate",
+  LedgerOwnershipTransfer: "LedgerOwnershipTransfer",
+  CoordinatorKeyRotate: "CoordinatorKeyRotate"
+};
+var EMPTY_COMMITMENT = "0000000000000000000000000000000000000000000000000000000000000000";
+function computeBlockId(parents, payload, nonce) {
+  let payload_type;
+  let commitment;
+  let len_hint;
+  let key_version;
+  if (payload === void 0 || payload === null) {
+    payload_type = "None";
+    commitment = EMPTY_COMMITMENT;
+    len_hint = 0;
+    key_version = 0;
+  } else if ("Plain" in payload) {
+    const plain = payload.Plain;
+    const variant = typeof plain === "string" ? plain : Object.keys(plain)[0];
+    payload_type = PLAIN_VARIANT_TO_PAYLOAD_TYPE[variant] ?? variant;
+    const plainBytes = encodeUtf8(JSON.stringify(plain));
+    commitment = toHex(sha256Hash(plainBytes));
+    len_hint = plainBytes.length;
+    key_version = 0;
+  } else {
+    const enc = payload.Encrypted;
+    payload_type = "Encrypted";
+    commitment = enc.commitment;
+    len_hint = enc.ciphertext_b64.length;
+    key_version = enc.key_version;
+  }
+  const head = {
+    parents,
+    nonce,
+    envelope: { payload_type, commitment, len_hint, key_version }
+  };
+  return toHex(sha256Hash(encodeUtf8(JSON.stringify(head))));
+}
+function x25519FromAddress(address) {
+  try {
+    const decoded = import_base.bech32m.decode(address, false);
+    const bytes = import_base.bech32m.fromWords(decoded.words);
+    if (bytes.length !== 52) return void 0;
+    return toHex(bytes.slice(20));
+  } catch {
+    return void 0;
+  }
 }
 function parseAmount(amount) {
   const [whole, frac = ""] = amount.split(".");
@@ -72,6 +171,47 @@ function formatAmount(sats) {
   const fracStr = frac.toString().padStart(8, "0");
   return `${whole}.${fracStr}`;
 }
+var DAY_MS = 864e5;
+function multisigAddress(m, pubkeys) {
+  const normalized = pubkeys.map((pk) => {
+    const t = pk.trim();
+    return (t.startsWith("0x") ? t.slice(2) : t).toLowerCase();
+  }).sort();
+  const parts = [
+    encodeUtf8("pms-multisig-v1"),
+    new Uint8Array([m, normalized.length]),
+    ...normalized.map((pk) => encodeUtf8(pk))
+  ];
+  const total = parts.reduce((n, p) => n + p.length, 0);
+  const buf = new Uint8Array(total);
+  let off = 0;
+  for (const p of parts) {
+    buf.set(p, off);
+    off += p.length;
+  }
+  return `msig1${toHex(sha256Hash(buf).slice(0, 20))}`;
+}
+function hashlockHash(preimage) {
+  const bytes = typeof preimage === "string" ? encodeUtf8(preimage) : preimage;
+  return toHex(sha256Hash(bytes));
+}
+function effectiveValue(amount, createdAtMs, nowMs, bpsPerDay) {
+  if (createdAtMs === void 0 || createdAtMs === null || !bpsPerDay) {
+    return amount;
+  }
+  const elapsed = nowMs - createdAtMs;
+  const days = elapsed > 0 ? BigInt(Math.floor(elapsed / DAY_MS)) : 0n;
+  if (days === 0n) return amount;
+  const sats = parseAmount(amount);
+  const scaled = sats * 10000n - sats * BigInt(bpsPerDay) * days;
+  if (scaled <= 0n) return "0.00000000";
+  return formatAmount(scaled / 10000n);
+}
+function spendableUtxos(utxos, nowMs = Date.now()) {
+  return utxos.filter(
+    (u) => u.locked_until === void 0 || u.locked_until === null || u.locked_until <= nowMs
+  );
+}
 
 // src/wallet.ts
 var PmsWallet = class _PmsWallet {
@@ -246,11 +386,33 @@ var PmsWallet = class _PmsWallet {
 function isValidMnemonic(mnemonic) {
   return (0, import_bip39.validateMnemonic)(mnemonic.trim().toLowerCase(), import_english.wordlist);
 }
+function makeUnlock(signers, txHashHex, opts) {
+  if (signers.length === 0) {
+    throw new Error("makeUnlock: at least one signer is required");
+  }
+  const msg = encodeUtf8(txHashHex);
+  const sign = (w) => toBase64(fromHex(w.sign(msg)));
+  const [primary, ...rest] = signers;
+  const unlock = {
+    pubkey_hex: primary.publicKeyHex,
+    signature_b64: sign(primary)
+  };
+  if (rest.length > 0) {
+    unlock.cosigners = rest.map((w) => ({
+      pubkey_hex: w.publicKeyHex,
+      signature_b64: sign(w)
+    }));
+  }
+  if (opts?.preimageHex !== void 0) {
+    unlock.preimage_hex = opts.preimageHex;
+  }
+  return unlock;
+}
 
 // src/types.ts
 var DEFAULT_CONFIG = {
   networkId: "pms-mainnet",
-  protocolVersion: 1,
+  protocolVersion: 3,
   timeout: 3e4,
   seedNodes: [],
   enableRacing: true,
@@ -265,13 +427,13 @@ var import_aes = require("@noble/ciphers/aes.js");
 var import_hkdf2 = require("@noble/hashes/hkdf");
 var import_sha23 = require("@noble/hashes/sha2");
 var import_utils3 = require("@noble/hashes/utils");
-var import_base = require("@scure/base");
+var import_base2 = require("@scure/base");
 var SCHEME = "x25519+aes256gcm";
 var HKDF_SALT = new TextEncoder().encode("pms-dek-wrap");
 var HKDF_INFO_KEK = new TextEncoder().encode("kek-v1");
 var HKDF_INFO_KID = new TextEncoder().encode("kid-v1");
 function fromBase64(str) {
-  return import_base.base64.decode(str);
+  return import_base2.base64.decode(str);
 }
 function sha256Hex(data) {
   return (0, import_utils3.bytesToHex)((0, import_sha23.sha256)(data));
@@ -436,11 +598,24 @@ var PmsClient = class {
   }
   /**
    * Récupère les UTXOs d'une adresse.
+   *
+   * Depuis dag-pms v0.10.0, chaque UTXO expose aussi ses contraintes de
+   * dépense : `locked_until` (time-lock), `spend_condition`
+   * (MultiSig/HashLock) et `created_at` (base du demurrage). Utiliser
+   * [`spendableUtxos`] pour exclure les UTXOs encore verrouillés avant
+   * toute sélection de coins côté client.
    */
   async getUtxos(address) {
     const res = await this.fetch(`/v1/wallet/${address}/utxos`, void 0, { idempotent: true });
     return res.utxos ?? [];
   }
+  /**
+   * Dernier snapshot de preuve de réserves ancré (protocole 2.6,
+   * `GET /v1/reserves/latest`). 404 si aucun snapshot n'a encore été ancré.
+   */
+  async getLatestReserves() {
+    return this.fetch("/v1/reserves/latest", void 0, { idempotent: true });
+  }
   // ═══════════════════════════════════════════════════════════════════════
   // Wallet API (Custodial — Server-Side)
   // ═══════════════════════════════════════════════════════════════════════
@@ -897,101 +1072,83 @@ var PmsClient = class {
   }
   /**
    * Envoie des tokens à une adresse.
-   * Construit automatiquement la transaction, la signe et la soumet.
+   *
+   * Flux aligné sur dag-pms v0.9.0 (single-writer + vérification des
+   * signatures de transaction par l'engine) :
+   * 1. `POST /v1/tx/prepare` — le serveur sélectionne les UTXOs et calcule
+   *    les frais.
+   * 2. Vérification défensive côté client : l'output destinataire demandé
+   *    existe bien, et le `tx_hash` retourné correspond au message canonique
+   *    recalculé localement (`txSigningMessage`). On ne signe JAMAIS un hash
+   *    opaque non vérifié.
+   * 3. Le wallet signe la TRANSACTION (unlocks) — pas le bloc. C'est le
+   *    serveur qui forge et signe le bloc (single-writer enforcement).
+   * 4. `POST /v1/wallet/tx/send` avec la TX signée + les clés X25519 des
+   *    destinataires pour le chiffrement du payload.
+   *
+   * @param params.to - Adresse destinataire (Bech32m de préférence)
+   * @param params.amount - Montant décimal (ex: "10.0")
+   * @param params.wallet - Wallet signataire (propriétaire des UTXOs)
+   * @param params.assetId - Asset ID optionnel (undefined = PMS natif)
+   * @returns `{id, status, block_id}` — id du bloc forgé par le serveur
    */
   async send(params) {
-    const { to, amount, wallet, memo: _memo } = params;
-    const utxos = await this.getUtxos(wallet.address);
-    if (utxos.length === 0) {
-      throw new Error("No UTXOs available");
-    }
-    const netConfig = await this.getNetworkConfig();
-    const baseFeeSats = parseAmount(netConfig.base_fee || "0");
-    const feeRateBps = BigInt(netConfig.fee_rate_bps || 0);
-    const amountSats = parseAmount(amount);
-    const variableFee = amountSats * feeRateBps / 10000n;
-    const fee = baseFeeSats + variableFee;
-    const totalNeeded = amountSats + fee;
-    let selectedSats = 0n;
-    const selectedUtxos = [];
-    for (const utxo of utxos) {
-      selectedUtxos.push(utxo);
-      selectedSats += parseAmount(utxo.amount || "0");
-      if (selectedSats >= totalNeeded) break;
+    const { to, amount, wallet, assetId } = params;
+    const prepareBody = {
+      from: wallet.address,
+      to,
+      amount
+    };
+    if (assetId !== void 0) {
+      prepareBody.asset_id = assetId;
     }
-    if (selectedSats < totalNeeded) {
+    const prepared = await this.prepareTx(prepareBody);
+    const { unsigned_tx, tx_hash } = prepared;
+    const requestedSats = parseAmount(amount);
+    const recipientOutput = unsigned_tx.outputs.find(
+      (o) => o.address === to && (o.asset_id ?? void 0) === (assetId ?? void 0) && parseAmount(o.amount) >= requestedSats
+    );
+    if (!recipientOutput) {
       throw new Error(
-        `Insufficient balance: have ${formatAmount(selectedSats)}, need ${formatAmount(totalNeeded)} (incl. fee ${formatAmount(fee)})`
+        `Prepared transaction does not contain the requested output (to=${to}, amount=${amount}, asset=${assetId ?? "PMS"}). Refusing to sign a transaction that does not pay the intended recipient.`
       );
     }
-    const outputs = [
-      { address: to, amount: formatAmount(amountSats) }
-    ];
-    if (fee > 0n) {
-      outputs.push({
-        address: netConfig.fee_recipient,
-        amount: formatAmount(fee)
-      });
-    }
-    const change = selectedSats - amountSats - fee;
-    if (change > 0n) {
-      outputs.push({ address: wallet.address, amount: formatAmount(change) });
+    const localHash = txSigningMessage(
+      this.config.networkId,
+      unsigned_tx.inputs,
+      unsigned_tx.outputs,
+      unsigned_tx.fee
+    );
+    if (localHash !== tx_hash) {
+      throw new Error(
+        `tx_hash mismatch: server returned ${tx_hash}, locally computed ${localHash}. Either the client networkId ("${this.config.networkId}") does not match the node's network, or the server response was tampered with. Refusing to sign.`
+      );
     }
-    const inputs = selectedUtxos.map((utxo) => ({
-      out: {
-        txid: utxo.outpoint.txid,
-        index: utxo.outpoint.index
-      }
-    }));
-    const txCanonical = {
-      inputs,
-      outputs,
-      fee: formatAmount(fee)
-    };
-    const txMessage = JSON.stringify(txCanonical);
-    const txSignatureHex = wallet.sign(encodeUtf8(txMessage));
-    const txSigBytes = fromHex(txSignatureHex);
-    const txSigB64 = btoa(String.fromCharCode(...txSigBytes));
-    const unlocks = inputs.map(() => ({
+    const sigHex = wallet.sign(encodeUtf8(tx_hash));
+    const sigB64 = toBase64(fromHex(sigHex));
+    const unlocks = unsigned_tx.inputs.map(() => ({
       pubkey_hex: wallet.publicKeyHex,
-      signature_b64: txSigB64
+      signature_b64: sigB64
     }));
     const tx = {
-      inputs,
-      outputs,
-      fee: formatAmount(fee),
+      inputs: unsigned_tx.inputs,
+      outputs: unsigned_tx.outputs,
+      fee: unsigned_tx.fee,
       unlocks
     };
-    const tips = await this.getTips();
-    const parents = tips.slice(0, 2);
-    const payload = { Plain: { TxUtxo: tx } };
-    const payloadJson = JSON.stringify(payload);
-    let nonce = 0;
-    let blockId = computeBlockId(parents, payloadJson, nonce);
-    const canonicalView = {
-      id: blockId,
-      parents,
-      payload_json: payloadJson,
-      nonce,
-      network_id: this.config.networkId,
-      protocol_version: this.config.protocolVersion,
-      signer_pk_hex: wallet.publicKeyHex
-    };
-    const messageToSign = JSON.stringify(canonicalView);
-    const signatureHex = wallet.sign(encodeUtf8(messageToSign));
-    const signatureBytes = fromHex(signatureHex);
-    const signatureB64 = btoa(String.fromCharCode(...signatureBytes));
-    const wireBlock = {
-      id: blockId,
-      parents,
-      payload_json: payloadJson,
-      nonce,
-      network_id: this.config.networkId,
-      protocol_version: this.config.protocolVersion,
-      signer_pk_hex: wallet.publicKeyHex,
-      signature_hex: signatureB64
-    };
-    return this.submitBlock(wireBlock);
+    const recipientsXpk = [wallet.x25519PublicKeyHex];
+    const toXpk = x25519FromAddress(to);
+    if (toXpk && !recipientsXpk.includes(toXpk)) {
+      recipientsXpk.push(toXpk);
+    }
+    const resp = await this.fetch(
+      "/v1/wallet/tx/send",
+      {
+        method: "POST",
+        body: JSON.stringify({ tx, recipients_xpk: recipientsXpk })
+      }
+    );
+    return { ...resp, block_id: resp.id };
   }
   // ═══════════════════════════════════════════════════════════════════════
   // Méthodes NFT Cube (Burn et Mint spécialisé)
@@ -999,7 +1156,15 @@ var PmsClient = class {
   /**
    * Transférer un NFT à un autre propriétaire.
    * Prend en charge le re-chiffrement des métadonnées via le coordinateur.
-   * 
+   *
+   * @deprecated Cette méthode soumet un WireBlock signé par la clé
+   * utilisateur via `/submit/block`. Depuis dag-pms v0.9.0, l'engine tourne
+   * en mode **single-writer** : tout bloc signé par une clé non-coordinateur
+   * est rejeté. Cette méthode ne fonctionne que sur un réseau SANS
+   * single-writer enforcement. Utilisez les flux server-side
+   * (`/v1/nft/transfer/prepare` + endpoints serveur) qui forgent et signent
+   * le bloc côté coordinateur.
+   *
    * @param params - Paramètres du transfert
    * @param params.tokenId - Identifiant du NFT
    * @param params.to - Adresse du nouveau propriétaire
@@ -1035,7 +1200,7 @@ var PmsClient = class {
     const payload = { Plain: { Nft: action } };
     const payloadJson = JSON.stringify(payload);
     const nonce = 0;
-    const blockId = computeBlockId(parents, payloadJson, nonce);
+    const blockId = computeBlockId(parents, payload, nonce);
     const canonicalView = {
       id: blockId,
       parents,
@@ -1067,10 +1232,17 @@ var PmsClient = class {
    * Seul le propriétaire du NFT peut le brûler.
    * Une fois brûlé, le NFT est supprimé définitivement.
    * 
-   * Pour les Cubes authentiques (avec signature Authority valide), 
+   * Pour les Cubes authentiques (avec signature Authority valide),
    * un remboursement est calculé selon la formule:
    * `(weight * size * density) / 10000` PMS
-   * 
+   *
+   * @deprecated Cette méthode poste un WireBlock signé par la clé
+   * utilisateur. Depuis dag-pms v0.9.0, l'engine tourne en mode
+   * **single-writer** : tout bloc signé par une clé non-coordinateur est
+   * rejeté. Cette méthode ne fonctionne que sur un réseau SANS single-writer
+   * enforcement. Le flux supporté est le burn server-side
+   * (`/v1/nft/burn-simple`), où le serveur forge et signe le bloc.
+   *
    * @param params - Paramètres du burn
    * @param params.tokenId - Identifiant du NFT à brûler
    * @param params.wallet - Wallet PMS du propriétaire (doit être l'owner actuel)
@@ -1104,7 +1276,7 @@ var PmsClient = class {
     };
     const payloadJson = JSON.stringify(payload);
     const nonce = 0;
-    const blockId = computeBlockId(parents, payloadJson, nonce);
+    const blockId = computeBlockId(parents, payload, nonce);
     const canonicalView = {
       id: blockId,
       parents,
@@ -1136,7 +1308,14 @@ var PmsClient = class {
   }
   /**
    * Brûle (détruit) plusieurs NFTs en une seule transaction.
-   * 
+   *
+   * @deprecated Cette méthode poste un WireBlock signé par la clé
+   * utilisateur. Depuis dag-pms v0.9.0, l'engine tourne en mode
+   * **single-writer** : tout bloc signé par une clé non-coordinateur est
+   * rejeté. Cette méthode ne fonctionne que sur un réseau SANS single-writer
+   * enforcement. Le flux supporté est le burn server-side
+   * (`/v1/nft/burn-simple`), où le serveur forge et signe le bloc.
+   *
    * @param params - Paramètres du batch burn
    * @param params.tokenIds - Liste des Identifiants des NFTs à brûler
    * @param params.wallet - Wallet PMS du propriétaire
@@ -1161,7 +1340,7 @@ var PmsClient = class {
     };
     const payloadJson = JSON.stringify(payload);
     const nonce = 0;
-    const blockId = computeBlockId(parents, payloadJson, nonce);
+    const blockId = computeBlockId(parents, payload, nonce);
     const canonicalView = {
       id: blockId,
       parents,
@@ -1430,12 +1609,19 @@ function mergeAbortSignals(a, b) {
 }
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
+  DAY_MS,
   PmsClient,
   PmsWallet,
   decryptPayload,
+  effectiveValue,
   formatAmount,
   fromHex,
+  hashlockHash,
   isValidMnemonic,
+  makeUnlock,
+  multisigAddress,
   parseAmount,
-  toHex
+  spendableUtxos,
+  toHex,
+  txSigningMessage
 });