@frontiercompute/zcash-ika 0.1.0 → 0.3.0

package/dist/tx-builder.d.ts

@@ -0,0 +1,67 @@
+/**
+ * Zcash v5 transparent transaction builder with ZIP 244 sighash.
+ *
+ * Builds P2PKH transactions for MPC-signed transparent spends.
+ * The signing itself happens via Ika dWallet (secp256k1 ECDSA).
+ * This module handles everything else: UTXO fetch, TX structure,
+ * sighash computation, signature attachment, and broadcast.
+ */
+export declare const BRANCH_ID: {
+    readonly NU5: 3268858036;
+    readonly NU6: 3370586197;
+};
+export interface UTXO {
+    txid: string;
+    outputIndex: number;
+    script: string;
+    satoshis: number;
+}
+export interface TxOutput {
+    address: string;
+    amount: number;
+}
+/**
+ * Fetch UTXOs for a transparent address from Zebra RPC.
+ * Uses getaddressutxos (requires Zebra with -indexer flag).
+ */
+export declare function fetchUTXOs(zebraRpcUrl: string, tAddress: string): Promise<UTXO[]>;
+/**
+ * Select UTXOs to cover the target amount + fee.
+ * Simple largest-first selection. Returns selected UTXOs and total value.
+ */
+export declare function selectUTXOs(utxos: UTXO[], targetAmount: number, fee: number): {
+    selected: UTXO[];
+    totalInput: number;
+};
+/**
+ * Build an unsigned Zcash v5 transparent transaction.
+ *
+ * Returns the unsigned serialized TX and per-input sighashes
+ * that need to be signed via MPC.
+ */
+export declare function buildUnsignedTx(utxos: UTXO[], recipient: string, amount: number, fee: number | undefined, changeAddress: string, branchId?: number): {
+    unsignedTx: Buffer;
+    sighashes: Buffer[];
+    txid: Buffer;
+};
+/**
+ * Attach MPC signatures to an unsigned transaction.
+ *
+ * Takes the original UTXO list (to reconstruct inputs/outputs),
+ * DER-encoded signatures from MPC, and the compressed pubkey.
+ * Returns hex-encoded signed transaction ready for broadcast.
+ */
+export declare function attachSignatures(utxos: UTXO[], recipient: string, amount: number, fee: number, changeAddress: string, signatures: Buffer[], pubkey: Buffer, branchId?: number): string;
+/**
+ * Broadcast a signed transaction via Zebra RPC.
+ * Returns the txid on success.
+ */
+export declare function broadcastTx(zebraRpcUrl: string, txHex: string): Promise<string>;
+/**
+ * Estimate fee for a transparent P2PKH transaction.
+ *
+ * ZIP 317 marginal fee: max(grace_actions, logical_actions) * 5000
+ * For simple P2PKH: 1 input + 2 outputs = 2 logical actions = 10000 zatoshis
+ * Each additional input adds 1 logical action = +5000 zatoshis
+ */
+export declare function estimateFee(numInputs: number, numOutputs: number): number;

package/dist/tx-builder.js

@@ -0,0 +1,534 @@
+/**
+ * Zcash v5 transparent transaction builder with ZIP 244 sighash.
+ *
+ * Builds P2PKH transactions for MPC-signed transparent spends.
+ * The signing itself happens via Ika dWallet (secp256k1 ECDSA).
+ * This module handles everything else: UTXO fetch, TX structure,
+ * sighash computation, signature attachment, and broadcast.
+ */
+import blakejs from "blakejs";
+const { blake2bInit, blake2bUpdate, blake2bFinal } = blakejs;
+import { createHash } from "node:crypto";
+// Zcash v5 transaction constants
+const TX_VERSION = 5;
+const TX_VERSION_GROUP_ID = 0x26a7270a;
+// Consensus branch IDs
+export const BRANCH_ID = {
+    NU5: 0xc2d6d0b4,
+    NU6: 0xc8e71055,
+};
+// SIGHASH flags
+const SIGHASH_ALL = 0x01;
+// Script opcodes for P2PKH
+const OP_DUP = 0x76;
+const OP_HASH160 = 0xa9;
+const OP_EQUALVERIFY = 0x88;
+const OP_CHECKSIG = 0xac;
+// Zcash t-address version prefixes (for decoding)
+const T_ADDR_VERSIONS = {
+    "1cb8": { mainnet: true }, // t1...
+    "1d25": { mainnet: false }, // tm...
+};
+const BASE58_ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+function sha256(data) {
+    return createHash("sha256").update(data).digest();
+}
+function hash160(data) {
+    return createHash("ripemd160").update(sha256(data)).digest();
+}
+// BLAKE2b-256 with personalization
+// blakejs types don't expose the personal param on blake2bInit, but the JS does
+function blake2b256(data, personal) {
+    const ctx = blake2bInit(32, undefined, undefined, personal);
+    blake2bUpdate(ctx, data);
+    return Buffer.from(blake2bFinal(ctx));
+}
+// Write uint32 little-endian into buffer
+function writeU32LE(buf, value, offset) {
+    buf.writeUInt32LE(value >>> 0, offset);
+}
+// Write int64 little-endian (as two uint32s, safe for values < 2^53)
+function writeI64LE(buf, value, offset) {
+    buf.writeUInt32LE(value & 0xffffffff, offset);
+    buf.writeUInt32LE(Math.floor(value / 0x100000000) & 0xffffffff, offset + 4);
+}
+// Compact size encoding (Bitcoin varint)
+function compactSize(n) {
+    if (n < 0xfd) {
+        return Buffer.from([n]);
+    }
+    else if (n <= 0xffff) {
+        const buf = Buffer.alloc(3);
+        buf[0] = 0xfd;
+        buf.writeUInt16LE(n, 1);
+        return buf;
+    }
+    else {
+        const buf = Buffer.alloc(5);
+        buf[0] = 0xfe;
+        buf.writeUInt32LE(n, 1);
+        return buf;
+    }
+}
+// Decode a Zcash t-address to its 20-byte pubkey hash
+function decodeTAddress(addr) {
+    // Base58 decode
+    let num = BigInt(0);
+    for (const c of addr) {
+        const idx = BASE58_ALPHABET.indexOf(c);
+        if (idx < 0)
+            throw new Error(`Invalid base58 character: ${c}`);
+        num = num * 58n + BigInt(idx);
+    }
+    // Convert to bytes (26 bytes: 2 version + 20 hash + 4 checksum)
+    const bytes = new Uint8Array(26);
+    for (let i = 25; i >= 0; i--) {
+        bytes[i] = Number(num & 0xffn);
+        num = num >> 8n;
+    }
+    // Verify checksum
+    const payload = bytes.subarray(0, 22);
+    const checksum = sha256(sha256(payload)).subarray(0, 4);
+    for (let i = 0; i < 4; i++) {
+        if (bytes[22 + i] !== checksum[i]) {
+            throw new Error(`Invalid t-address checksum: ${addr}`);
+        }
+    }
+    const versionHex = Buffer.from(bytes.subarray(0, 2)).toString("hex");
+    const info = T_ADDR_VERSIONS[versionHex];
+    if (!info) {
+        throw new Error(`Unknown t-address version: 0x${versionHex}`);
+    }
+    return {
+        pubkeyHash: Buffer.from(bytes.subarray(2, 22)),
+        mainnet: info.mainnet,
+    };
+}
+// Build a P2PKH scriptPubKey from a 20-byte pubkey hash
+function p2pkhScript(pubkeyHash) {
+    // OP_DUP OP_HASH160 <20 bytes> OP_EQUALVERIFY OP_CHECKSIG
+    const script = Buffer.alloc(25);
+    script[0] = OP_DUP;
+    script[1] = OP_HASH160;
+    script[2] = 0x14; // push 20 bytes
+    pubkeyHash.copy(script, 3);
+    script[23] = OP_EQUALVERIFY;
+    script[24] = OP_CHECKSIG;
+    return script;
+}
+// Build P2PKH scriptPubKey from a t-address string
+function scriptFromAddress(addr) {
+    const { pubkeyHash } = decodeTAddress(addr);
+    return p2pkhScript(pubkeyHash);
+}
+// Reverse a hex-encoded txid (internal byte order is reversed)
+function reverseTxid(txid) {
+    const buf = Buffer.from(txid, "hex");
+    if (buf.length !== 32)
+        throw new Error(`Invalid txid length: ${buf.length}`);
+    return Buffer.from(buf.reverse());
+}
+// Consensus branch ID as 4-byte LE buffer
+function branchIdBytes(branchId) {
+    const buf = Buffer.alloc(4);
+    writeU32LE(buf, branchId, 0);
+    return buf;
+}
+// ZIP 244 sighash computation for v5 transparent transactions
+// Personalization string as bytes, padded/truncated to 16 bytes
+function personalization(tag, suffix) {
+    const tagBytes = Buffer.from(tag, "ascii");
+    if (suffix) {
+        const result = Buffer.alloc(16);
+        tagBytes.copy(result, 0, 0, Math.min(tagBytes.length, 12));
+        suffix.copy(result, 12, 0, 4);
+        return result;
+    }
+    // Pad to 16 bytes with zeros
+    const result = Buffer.alloc(16);
+    tagBytes.copy(result, 0, 0, Math.min(tagBytes.length, 16));
+    return result;
+}
+// Hash of all prevouts (txid + index) for transparent inputs
+function hashPrevouts(inputs, branchId) {
+    const parts = [];
+    for (const inp of inputs) {
+        const outpoint = Buffer.alloc(36);
+        inp.prevTxid.copy(outpoint, 0);
+        writeU32LE(outpoint, inp.prevIndex, 32);
+        parts.push(outpoint);
+    }
+    const data = Buffer.concat(parts);
+    return blake2b256(data, personalization("ZTxIdPrevoutHash", branchIdBytes(branchId)));
+}
+// Hash of all input amounts
+function hashAmounts(inputs, branchId) {
+    const data = Buffer.alloc(inputs.length * 8);
+    for (let i = 0; i < inputs.length; i++) {
+        writeI64LE(data, inputs[i].value, i * 8);
+    }
+    return blake2b256(data, personalization("ZTxTrAmountsHash", branchIdBytes(branchId)));
+}
+// Hash of all input scriptPubKeys
+function hashScriptPubKeys(inputs, branchId) {
+    const parts = [];
+    for (const inp of inputs) {
+        parts.push(compactSize(inp.script.length));
+        parts.push(inp.script);
+    }
+    const data = Buffer.concat(parts);
+    return blake2b256(data, personalization("ZTxTrScriptsHash", branchIdBytes(branchId)));
+}
+// Hash of all sequences
+function hashSequences(inputs, branchId) {
+    const data = Buffer.alloc(inputs.length * 4);
+    for (let i = 0; i < inputs.length; i++) {
+        writeU32LE(data, inputs[i].sequence, i * 4);
+    }
+    return blake2b256(data, personalization("ZTxIdSequencHash", branchIdBytes(branchId)));
+}
+// Hash of all transparent outputs
+function hashOutputs(outputs, branchId) {
+    const parts = [];
+    for (const out of outputs) {
+        const valueBuf = Buffer.alloc(8);
+        writeI64LE(valueBuf, out.value, 0);
+        parts.push(valueBuf);
+        parts.push(compactSize(out.script.length));
+        parts.push(out.script);
+    }
+    const data = Buffer.concat(parts);
+    return blake2b256(data, personalization("ZTxIdOutputsHash", branchIdBytes(branchId)));
+}
+// Transparent inputs digest (ZIP 244 section T.3a)
+function transparentInputsDigest(inputs, branchId) {
+    const prevoutsHash = hashPrevouts(inputs, branchId);
+    const amountsHash = hashAmounts(inputs, branchId);
+    const scriptPubKeysHash = hashScriptPubKeys(inputs, branchId);
+    const sequencesHash = hashSequences(inputs, branchId);
+    const data = Buffer.concat([prevoutsHash, amountsHash, scriptPubKeysHash, sequencesHash]);
+    return blake2b256(data, personalization("ZTxIdTrInHash__", branchIdBytes(branchId)));
+}
+// Transparent outputs digest (ZIP 244 section T.3b)
+function transparentOutputsDigest(outputs, branchId) {
+    const outputsHash = hashOutputs(outputs, branchId);
+    return blake2b256(outputsHash, personalization("ZTxIdTrOutHash_", branchIdBytes(branchId)));
+}
+// Full transparent digest for txid (ZIP 244 T.3)
+function transparentDigest(inputs, outputs, branchId) {
+    if (inputs.length === 0 && outputs.length === 0) {
+        return blake2b256(Buffer.alloc(0), personalization("ZTxIdTranspaHash", branchIdBytes(branchId)));
+    }
+    const inDigest = transparentInputsDigest(inputs, branchId);
+    const outDigest = transparentOutputsDigest(outputs, branchId);
+    return blake2b256(Buffer.concat([inDigest, outDigest]), personalization("ZTxIdTranspaHash", branchIdBytes(branchId)));
+}
+// Sapling digest (empty bundle)
+function emptyBundleDigest(tag, branchId) {
+    return blake2b256(Buffer.alloc(0), personalization(tag, branchIdBytes(branchId)));
+}
+// Header digest (ZIP 244 T.1)
+function headerDigest(version, versionGroupId, branchId, lockTime, expiryHeight) {
+    const data = Buffer.alloc(4 + 4 + 4 + 4 + 4);
+    writeU32LE(data, version, 0);
+    writeU32LE(data, versionGroupId, 4);
+    writeU32LE(data, branchId, 8);
+    writeU32LE(data, lockTime, 12);
+    writeU32LE(data, expiryHeight, 16);
+    return blake2b256(data, personalization("ZTxIdHeadersHash", branchIdBytes(branchId)));
+}
+// Transaction digest for txid (ZIP 244 T)
+function txidDigest(inputs, outputs, branchId, lockTime, expiryHeight) {
+    const hdrDigest = headerDigest(TX_VERSION, TX_VERSION_GROUP_ID, branchId, lockTime, expiryHeight);
+    const txpDigest = transparentDigest(inputs, outputs, branchId);
+    const sapDigest = emptyBundleDigest("ZTxIdSaplingHash", branchId);
+    const orchDigest = emptyBundleDigest("ZTxIdOrchardHash", branchId);
+    return blake2b256(Buffer.concat([hdrDigest, txpDigest, sapDigest, orchDigest]), personalization("ZcashTxHash__", branchIdBytes(branchId)));
+}
+// Per-input sighash for signing (ZIP 244 S.2 - transparent)
+// This is the hash that actually gets signed by ECDSA
+function transparentSighash(inputs, outputs, branchId, lockTime, expiryHeight, inputIndex, hashType) {
+    // T.1: header digest
+    const hdrDigest = headerDigest(TX_VERSION, TX_VERSION_GROUP_ID, branchId, lockTime, expiryHeight);
+    // T.3: transparent digest (full, for the txid computation)
+    const txpDigest = transparentDigest(inputs, outputs, branchId);
+    // T.4: sapling digest (empty)
+    const sapDigest = emptyBundleDigest("ZTxIdSaplingHash", branchId);
+    // T.5: orchard digest (empty)
+    const orchDigest = emptyBundleDigest("ZTxIdOrchardHash", branchId);
+    // S.2: per-input transparent sighash data
+    // hash_type (1 byte)
+    // prevout (32 + 4 bytes)
+    // value (8 bytes)
+    // scriptPubKey (compact size + script bytes)
+    // sequence (4 bytes)
+    const inp = inputs[inputIndex];
+    const prevout = Buffer.alloc(36);
+    inp.prevTxid.copy(prevout, 0);
+    writeU32LE(prevout, inp.prevIndex, 32);
+    const valueBuf = Buffer.alloc(8);
+    writeI64LE(valueBuf, inp.value, 0);
+    const seqBuf = Buffer.alloc(4);
+    writeU32LE(seqBuf, inp.sequence, 0);
+    const txinSigDigestData = Buffer.concat([
+        Buffer.from([hashType]),
+        prevout,
+        valueBuf,
+        compactSize(inp.script.length),
+        inp.script,
+        seqBuf,
+    ]);
+    const txinSigDigest = blake2b256(txinSigDigestData, personalization("Zcash___TxInHash", branchIdBytes(branchId)));
+    // Final sighash: BLAKE2b of all digests
+    return blake2b256(Buffer.concat([hdrDigest, txpDigest, sapDigest, orchDigest, txinSigDigest]), personalization("ZcashTxHash__", branchIdBytes(branchId)));
+}
+// Serialize a v5 transparent-only transaction to raw bytes.
+// If scriptSigs is provided, inputs get signed scriptSigs.
+// Otherwise inputs get empty scriptSigs (unsigned).
+function serializeTx(inputs, outputs, branchId, lockTime, expiryHeight, scriptSigs) {
+    const parts = [];
+    // Header
+    const header = Buffer.alloc(4);
+    // v5: version field encodes (version | fOverwintered flag)
+    // fOverwintered = 1 << 31
+    writeU32LE(header, (TX_VERSION | (1 << 31)) >>> 0, 0);
+    parts.push(header);
+    // nVersionGroupId
+    const vgid = Buffer.alloc(4);
+    writeU32LE(vgid, TX_VERSION_GROUP_ID, 0);
+    parts.push(vgid);
+    // nConsensusBranchId
+    parts.push(branchIdBytes(branchId));
+    // nLockTime
+    const lt = Buffer.alloc(4);
+    writeU32LE(lt, lockTime, 0);
+    parts.push(lt);
+    // nExpiryHeight
+    const eh = Buffer.alloc(4);
+    writeU32LE(eh, expiryHeight, 0);
+    parts.push(eh);
+    // Transparent bundle
+    // tx_in_count
+    parts.push(compactSize(inputs.length));
+    // tx_in
+    for (let i = 0; i < inputs.length; i++) {
+        const inp = inputs[i];
+        // prevout
+        const outpoint = Buffer.alloc(36);
+        inp.prevTxid.copy(outpoint, 0);
+        writeU32LE(outpoint, inp.prevIndex, 32);
+        parts.push(outpoint);
+        // scriptSig
+        const sig = scriptSigs ? scriptSigs[i] : Buffer.alloc(0);
+        parts.push(compactSize(sig.length));
+        if (sig.length > 0)
+            parts.push(sig);
+        // sequence
+        const seq = Buffer.alloc(4);
+        writeU32LE(seq, inp.sequence, 0);
+        parts.push(seq);
+    }
+    // tx_out_count
+    parts.push(compactSize(outputs.length));
+    // tx_out
+    for (const out of outputs) {
+        const valueBuf = Buffer.alloc(8);
+        writeI64LE(valueBuf, out.value, 0);
+        parts.push(valueBuf);
+        parts.push(compactSize(out.script.length));
+        parts.push(out.script);
+    }
+    // Sapling bundle (empty)
+    parts.push(compactSize(0)); // nSpendsSapling
+    parts.push(compactSize(0)); // nOutputsSapling
+    // Orchard bundle (empty)
+    parts.push(Buffer.from([0x00])); // nActionsOrchard = 0
+    return Buffer.concat(parts);
+}
+/**
+ * Fetch UTXOs for a transparent address from Zebra RPC.
+ * Uses getaddressutxos (requires Zebra with -indexer flag).
+ */
+export async function fetchUTXOs(zebraRpcUrl, tAddress) {
+    const resp = await fetch(zebraRpcUrl, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+            jsonrpc: "2.0",
+            id: 1,
+            method: "getaddressutxos",
+            params: [{ addresses: [tAddress] }],
+        }),
+    });
+    if (!resp.ok) {
+        throw new Error(`Zebra RPC error: ${resp.status} ${resp.statusText}`);
+    }
+    const data = (await resp.json());
+    if (data.error) {
+        throw new Error(`Zebra RPC: ${data.error.message || JSON.stringify(data.error)}`);
+    }
+    const utxos = (data.result || []).map((u) => ({
+        txid: u.txid,
+        outputIndex: u.outputIndex ?? u.vout ?? u.index,
+        script: u.script ?? u.scriptPubKey,
+        satoshis: u.satoshis ?? u.value ?? u.amount,
+    }));
+    return utxos;
+}
+/**
+ * Select UTXOs to cover the target amount + fee.
+ * Simple largest-first selection. Returns selected UTXOs and total value.
+ */
+export function selectUTXOs(utxos, targetAmount, fee) {
+    const needed = targetAmount + fee;
+    // Sort descending by value
+    const sorted = [...utxos].sort((a, b) => b.satoshis - a.satoshis);
+    const selected = [];
+    let total = 0;
+    for (const u of sorted) {
+        selected.push(u);
+        total += u.satoshis;
+        if (total >= needed)
+            break;
+    }
+    if (total < needed) {
+        throw new Error(`Insufficient funds: have ${total} zatoshis, need ${needed} (${targetAmount} + ${fee} fee)`);
+    }
+    return { selected, totalInput: total };
+}
+/**
+ * Build an unsigned Zcash v5 transparent transaction.
+ *
+ * Returns the unsigned serialized TX and per-input sighashes
+ * that need to be signed via MPC.
+ */
+export function buildUnsignedTx(utxos, recipient, amount, fee = 10000, changeAddress, branchId = BRANCH_ID.NU5) {
+    if (utxos.length === 0)
+        throw new Error("No UTXOs provided");
+    if (amount <= 0)
+        throw new Error("Amount must be positive");
+    // Build inputs
+    const inputs = utxos.map((u) => ({
+        prevTxid: reverseTxid(u.txid),
+        prevIndex: u.outputIndex,
+        script: Buffer.from(u.script, "hex"),
+        value: u.satoshis,
+        sequence: 0xffffffff,
+    }));
+    // Build outputs
+    const totalInput = utxos.reduce((s, u) => s + u.satoshis, 0);
+    const change = totalInput - amount - fee;
+    const outputs = [
+        { value: amount, script: scriptFromAddress(recipient) },
+    ];
+    if (change > 0) {
+        // Dust threshold: skip change if below 546 zatoshis
+        if (change >= 546) {
+            outputs.push({ value: change, script: scriptFromAddress(changeAddress) });
+        }
+    }
+    else if (change < 0) {
+        throw new Error(`UTXOs total ${totalInput} < amount ${amount} + fee ${fee}`);
+    }
+    const lockTime = 0;
+    const expiryHeight = 0;
+    // Serialize unsigned TX
+    const unsignedTx = serializeTx(inputs, outputs, branchId, lockTime, expiryHeight);
+    // Compute per-input sighashes
+    const sighashes = [];
+    for (let i = 0; i < inputs.length; i++) {
+        const sh = transparentSighash(inputs, outputs, branchId, lockTime, expiryHeight, i, SIGHASH_ALL);
+        sighashes.push(sh);
+    }
+    // Compute txid (hash of unsigned TX structure per ZIP 244)
+    const txid = txidDigest(inputs, outputs, branchId, lockTime, expiryHeight);
+    return { unsignedTx, sighashes, txid };
+}
+/**
+ * Build a P2PKH scriptSig from a DER signature and compressed pubkey.
+ *
+ * Format: <sig_length> <DER_sig + SIGHASH_ALL_byte> <pubkey_length> <compressed_pubkey>
+ */
+function buildScriptSig(derSig, pubkey) {
+    // Append SIGHASH_ALL byte to signature
+    const sigWithHashType = Buffer.concat([derSig, Buffer.from([SIGHASH_ALL])]);
+    const parts = [
+        Buffer.from([sigWithHashType.length]),
+        sigWithHashType,
+        Buffer.from([pubkey.length]),
+        pubkey,
+    ];
+    return Buffer.concat(parts);
+}
+/**
+ * Attach MPC signatures to an unsigned transaction.
+ *
+ * Takes the original UTXO list (to reconstruct inputs/outputs),
+ * DER-encoded signatures from MPC, and the compressed pubkey.
+ * Returns hex-encoded signed transaction ready for broadcast.
+ */
+export function attachSignatures(utxos, recipient, amount, fee, changeAddress, signatures, pubkey, branchId = BRANCH_ID.NU5) {
+    if (signatures.length !== utxos.length) {
+        throw new Error(`Expected ${utxos.length} signatures, got ${signatures.length}`);
+    }
+    if (pubkey.length !== 33) {
+        throw new Error(`Expected 33-byte compressed pubkey, got ${pubkey.length}`);
+    }
+    // Rebuild inputs/outputs (same as buildUnsignedTx)
+    const inputs = utxos.map((u) => ({
+        prevTxid: reverseTxid(u.txid),
+        prevIndex: u.outputIndex,
+        script: Buffer.from(u.script, "hex"),
+        value: u.satoshis,
+        sequence: 0xffffffff,
+    }));
+    const totalInput = utxos.reduce((s, u) => s + u.satoshis, 0);
+    const change = totalInput - amount - fee;
+    const outputs = [
+        { value: amount, script: scriptFromAddress(recipient) },
+    ];
+    if (change >= 546) {
+        outputs.push({ value: change, script: scriptFromAddress(changeAddress) });
+    }
+    // Build scriptSigs
+    const scriptSigs = signatures.map((sig) => buildScriptSig(sig, pubkey));
+    // Serialize signed TX
+    const signedTx = serializeTx(inputs, outputs, branchId, 0, 0, scriptSigs);
+    return signedTx.toString("hex");
+}
+/**
+ * Broadcast a signed transaction via Zebra RPC.
+ * Returns the txid on success.
+ */
+export async function broadcastTx(zebraRpcUrl, txHex) {
+    const resp = await fetch(zebraRpcUrl, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+            jsonrpc: "2.0",
+            id: 1,
+            method: "sendrawtransaction",
+            params: [txHex],
+        }),
+    });
+    if (!resp.ok) {
+        throw new Error(`Zebra RPC error: ${resp.status} ${resp.statusText}`);
+    }
+    const data = (await resp.json());
+    if (data.error) {
+        throw new Error(`Broadcast failed: ${data.error.message || JSON.stringify(data.error)}`);
+    }
+    return data.result;
+}
+/**
+ * Estimate fee for a transparent P2PKH transaction.
+ *
+ * ZIP 317 marginal fee: max(grace_actions, logical_actions) * 5000
+ * For simple P2PKH: 1 input + 2 outputs = 2 logical actions = 10000 zatoshis
+ * Each additional input adds 1 logical action = +5000 zatoshis
+ */
+export function estimateFee(numInputs, numOutputs) {
+    const logicalActions = Math.max(numInputs, numOutputs);
+    const graceActions = 2;
+    return Math.max(graceActions, logicalActions) * 5000;
+}

package/package.json

@@ -1,20 +1,48 @@
 {
   "name": "@frontiercompute/zcash-ika",
-  "version": "0.1.0",
-  "description": "Zero-trust Zcash agent custody via Ika dWallet. Born shielded, stay shielded.",
+  "version": "0.3.0",
+  "description": "Split-key custody for Zcash, Bitcoin, and EVM. 2PC-MPC signing, on-chain spend policy, transparent TX builder, ZAP1 attestation.",
   "type": "module",
   "main": "dist/index.js",
   "scripts": {
     "build": "tsc",
-    "test": "node --experimental-vm-modules dist/test.js"
+    "test:dkg": "node dist/test-dkg.js",
+    "test:sign": "node dist/test-sign.js"
   },
   "dependencies": {
     "@ika.xyz/sdk": "^0.3.1",
-    "@mysten/sui": "^2.5.0"
+    "@mysten/sui": "^2.5.0",
+    "blakejs": "^1.2.1"
   },
   "devDependencies": {
     "@types/node": "^25.5.2",
     "typescript": "^5.4.0"
   },
+  "files": [
+    "dist/index.js",
+    "dist/index.d.ts",
+    "dist/tx-builder.js",
+    "dist/tx-builder.d.ts",
+    "dist/hybrid.js",
+    "dist/hybrid.d.ts"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/Frontier-Compute/zcash-ika.git"
+  },
+  "author": "zk_nd3r <zk_nd3r@frontiercompute.io>",
+  "keywords": [
+    "zcash",
+    "ika",
+    "dwallet",
+    "mpc",
+    "custody",
+    "bitcoin",
+    "split-key",
+    "policy",
+    "sui-move",
+    "transparent-tx",
+    "attestation"
+  ],
   "license": "MIT"
 }

package/dist/test-dkg.d.ts

@@ -1,17 +0,0 @@
-/**
- * Ika DKG test - create dWallets on testnet.
- *
- * Creates:
- * 1. Ed25519 dWallet (Zcash Orchard shielded)
- * 2. secp256k1 dWallet (Bitcoin + USDC + USDT + any EVM)
- *
- * One operator, split-key custody across all chains.
- * Swiss bank in your pocket. Jailbroken but legal tender.
- *
- * Requires: SUI_PRIVATE_KEY env var (base64 Sui keypair)
- * Get testnet SUI: https://faucet.sui.io
- *
- * Usage:
- *   SUI_PRIVATE_KEY=... node dist/test-dkg.js
- */
-export {};