@frontiercompute/zcash-ika 0.4.0 → 0.6.0

package/dist/btc-tx-builder.d.ts

@@ -0,0 +1,87 @@
+/**
+ * Bitcoin P2PKH transaction builder.
+ *
+ * Builds legacy (non-segwit) P2PKH transactions for MPC-signed spends.
+ * The signing itself happens via Ika dWallet (secp256k1 ECDSA).
+ * This module handles UTXO fetch, TX structure, sighash computation,
+ * signature attachment, and broadcast via Blockstream API.
+ */
+export type BtcNetwork = "mainnet" | "testnet";
+export interface BtcUTXO {
+    txid: string;
+    vout: number;
+    scriptPubKey: string;
+    value: number;
+}
+export interface BtcTxOutput {
+    address: string;
+    value: number;
+}
+interface BtcInput {
+    prevTxid: Buffer;
+    prevIndex: number;
+    scriptPubKey: Buffer;
+    value: number;
+    sequence: number;
+}
+interface BtcOutput {
+    value: number;
+    script: Buffer;
+}
+/**
+ * Fetch UTXOs for a Bitcoin P2PKH address from Blockstream API.
+ */
+export declare function fetchBtcUTXOs(address: string, network?: BtcNetwork): Promise<BtcUTXO[]>;
+/**
+ * Estimate transaction size in bytes for P2PKH.
+ * ~148 bytes per input, ~34 bytes per output, 10 bytes overhead.
+ */
+export declare function estimateBtcFee(numInputs: number, numOutputs: number, feeRate: number): number;
+/**
+ * Select UTXOs to cover the target amount + estimated fee.
+ * Greedy largest-first selection. Re-estimates fee after selection.
+ */
+export declare function selectBtcUTXOs(utxos: BtcUTXO[], targetAmount: number, feeRate: number): {
+    selected: BtcUTXO[];
+    fee: number;
+    totalInput: number;
+};
+/**
+ * Compute the legacy P2PKH sighash for a specific input.
+ *
+ * For each input being signed:
+ * 1. Copy the transaction
+ * 2. Set all input scriptSigs to empty
+ * 3. Set the current input's scriptSig to the previous output's scriptPubKey
+ * 4. Append SIGHASH_ALL (0x01000000) as 4 bytes LE
+ * 5. Double-SHA256 the result
+ */
+export declare function computeBtcSighash(inputs: BtcInput[], outputs: BtcOutput[], inputIndex: number, hashType?: number): Buffer;
+/**
+ * Build an unsigned Bitcoin P2PKH transaction.
+ *
+ * Returns the per-input sighashes that need to be signed via MPC,
+ * plus the internal tx structure needed for signature attachment.
+ */
+export declare function buildUnsignedBtcTx(utxos: BtcUTXO[], txOutputs: BtcTxOutput[], changeAddress: string, fee: number): {
+    sighashes: Buffer[];
+    inputs: BtcInput[];
+    outputs: BtcOutput[];
+};
+/**
+ * Attach DER signatures to an unsigned transaction.
+ * Returns the fully serialized signed transaction as a Buffer.
+ */
+export declare function attachBtcSignatures(inputs: BtcInput[], outputs: BtcOutput[], signatures: Buffer[], pubkey: Buffer): Buffer;
+/**
+ * Serialize a Bitcoin transaction (version 1, no witness).
+ * If scriptSigs is provided, inputs get signed scriptSigs.
+ * Otherwise inputs get empty scriptSigs (unsigned).
+ */
+export declare function serializeBtcTx(inputs: BtcInput[], outputs: BtcOutput[], scriptSigs?: Buffer[]): Buffer;
+/**
+ * Broadcast a signed transaction via Blockstream API.
+ * Returns the txid on success.
+ */
+export declare function broadcastBtcTx(rawHex: string, network?: BtcNetwork): Promise<string>;
+export {};

package/dist/btc-tx-builder.js

@@ -0,0 +1,373 @@
+/**
+ * Bitcoin P2PKH transaction builder.
+ *
+ * Builds legacy (non-segwit) P2PKH transactions for MPC-signed spends.
+ * The signing itself happens via Ika dWallet (secp256k1 ECDSA).
+ * This module handles UTXO fetch, TX structure, sighash computation,
+ * signature attachment, and broadcast via Blockstream API.
+ */
+import { createHash } from "node:crypto";
+// SIGHASH flags
+const SIGHASH_ALL = 0x01;
+// Script opcodes for P2PKH
+const OP_DUP = 0x76;
+const OP_HASH160 = 0xa9;
+const OP_EQUALVERIFY = 0x88;
+const OP_CHECKSIG = 0xac;
+// Bitcoin address version bytes
+const BTC_ADDR_VERSION = {
+    mainnet: 0x00,
+    testnet: 0x6f,
+};
+const BASE58_ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+function sha256(data) {
+    return createHash("sha256").update(data).digest();
+}
+function doubleSha256(data) {
+    return sha256(sha256(data));
+}
+function hash160(data) {
+    return createHash("ripemd160").update(sha256(data)).digest();
+}
+// Write uint32 little-endian
+function writeU32LE(buf, value, offset) {
+    buf.writeUInt32LE(value >>> 0, offset);
+}
+// Write int64 little-endian (as two uint32s, safe for values < 2^53)
+function writeI64LE(buf, value, offset) {
+    buf.writeUInt32LE(value & 0xffffffff, offset);
+    buf.writeUInt32LE(Math.floor(value / 0x100000000) & 0xffffffff, offset + 4);
+}
+// Compact size encoding (Bitcoin varint)
+function compactSize(n) {
+    if (n < 0xfd) {
+        return Buffer.from([n]);
+    }
+    else if (n <= 0xffff) {
+        const buf = Buffer.alloc(3);
+        buf[0] = 0xfd;
+        buf.writeUInt16LE(n, 1);
+        return buf;
+    }
+    else {
+        const buf = Buffer.alloc(5);
+        buf[0] = 0xfe;
+        buf.writeUInt32LE(n, 1);
+        return buf;
+    }
+}
+// Reverse a hex-encoded txid (Bitcoin internal byte order is reversed)
+function reverseTxid(txid) {
+    const buf = Buffer.from(txid, "hex");
+    if (buf.length !== 32)
+        throw new Error(`Invalid txid length: ${buf.length}`);
+    return Buffer.from(buf.reverse());
+}
+// Decode a Bitcoin base58check address to its 20-byte pubkey hash
+function decodeBtcAddress(addr) {
+    let num = BigInt(0);
+    for (const c of addr) {
+        const idx = BASE58_ALPHABET.indexOf(c);
+        if (idx < 0)
+            throw new Error(`Invalid base58 character: ${c}`);
+        num = num * 58n + BigInt(idx);
+    }
+    // 25 bytes: 1 version + 20 hash + 4 checksum
+    const bytes = new Uint8Array(25);
+    for (let i = 24; i >= 0; i--) {
+        bytes[i] = Number(num & 0xffn);
+        num = num >> 8n;
+    }
+    // Verify checksum
+    const payload = bytes.subarray(0, 21);
+    const checksum = doubleSha256(payload).subarray(0, 4);
+    for (let i = 0; i < 4; i++) {
+        if (bytes[21 + i] !== checksum[i]) {
+            throw new Error(`Invalid address checksum: ${addr}`);
+        }
+    }
+    const version = bytes[0];
+    let network;
+    if (version === BTC_ADDR_VERSION.mainnet) {
+        network = "mainnet";
+    }
+    else if (version === BTC_ADDR_VERSION.testnet) {
+        network = "testnet";
+    }
+    else {
+        throw new Error(`Unknown address version byte: 0x${version.toString(16)}`);
+    }
+    return {
+        pubkeyHash: Buffer.from(bytes.subarray(1, 21)),
+        network,
+    };
+}
+// Build a P2PKH scriptPubKey from a 20-byte pubkey hash
+function p2pkhScript(pubkeyHash) {
+    const script = Buffer.alloc(25);
+    script[0] = OP_DUP;
+    script[1] = OP_HASH160;
+    script[2] = 0x14; // push 20 bytes
+    pubkeyHash.copy(script, 3);
+    script[23] = OP_EQUALVERIFY;
+    script[24] = OP_CHECKSIG;
+    return script;
+}
+// Build P2PKH scriptPubKey from a Bitcoin address string
+function scriptFromAddress(addr) {
+    const { pubkeyHash } = decodeBtcAddress(addr);
+    return p2pkhScript(pubkeyHash);
+}
+// Blockstream API base URL
+function apiBase(network) {
+    return network === "mainnet"
+        ? "https://blockstream.info/api"
+        : "https://blockstream.info/testnet/api";
+}
+/**
+ * Fetch UTXOs for a Bitcoin P2PKH address from Blockstream API.
+ */
+export async function fetchBtcUTXOs(address, network = "mainnet") {
+    const base = apiBase(network);
+    const resp = await fetch(`${base}/address/${address}/utxo`);
+    if (!resp.ok) {
+        throw new Error(`Blockstream API error: ${resp.status} ${resp.statusText}`);
+    }
+    const data = (await resp.json());
+    // Blockstream returns {txid, vout, status, value} but no scriptPubKey.
+    // For P2PKH we can derive scriptPubKey from the address.
+    const { pubkeyHash } = decodeBtcAddress(address);
+    const script = p2pkhScript(pubkeyHash).toString("hex");
+    return data.map((u) => ({
+        txid: u.txid,
+        vout: u.vout,
+        scriptPubKey: script,
+        value: u.value,
+    }));
+}
+/**
+ * Estimate transaction size in bytes for P2PKH.
+ * ~148 bytes per input, ~34 bytes per output, 10 bytes overhead.
+ */
+export function estimateBtcFee(numInputs, numOutputs, feeRate // sat/vbyte
+) {
+    const size = 10 + numInputs * 148 + numOutputs * 34;
+    return Math.ceil(size * feeRate);
+}
+/**
+ * Select UTXOs to cover the target amount + estimated fee.
+ * Greedy largest-first selection. Re-estimates fee after selection.
+ */
+export function selectBtcUTXOs(utxos, targetAmount, feeRate // sat/vbyte
+) {
+    const sorted = [...utxos].sort((a, b) => b.value - a.value);
+    const selected = [];
+    let total = 0;
+    // Initial estimate: 1 output + 1 change output
+    for (const u of sorted) {
+        selected.push(u);
+        total += u.value;
+        const fee = estimateBtcFee(selected.length, 2, feeRate);
+        if (total >= targetAmount + fee)
+            break;
+    }
+    const fee = estimateBtcFee(selected.length, 2, feeRate);
+    if (total < targetAmount + fee) {
+        throw new Error(`Insufficient funds: have ${total} sats, need ${targetAmount + fee} (${targetAmount} + ${fee} fee)`);
+    }
+    return { selected, fee, totalInput: total };
+}
+/**
+ * Compute the legacy P2PKH sighash for a specific input.
+ *
+ * For each input being signed:
+ * 1. Copy the transaction
+ * 2. Set all input scriptSigs to empty
+ * 3. Set the current input's scriptSig to the previous output's scriptPubKey
+ * 4. Append SIGHASH_ALL (0x01000000) as 4 bytes LE
+ * 5. Double-SHA256 the result
+ */
+export function computeBtcSighash(inputs, outputs, inputIndex, hashType = SIGHASH_ALL) {
+    const parts = [];
+    // version
+    const ver = Buffer.alloc(4);
+    writeU32LE(ver, 1, 0);
+    parts.push(ver);
+    // input count
+    parts.push(compactSize(inputs.length));
+    // inputs
+    for (let i = 0; i < inputs.length; i++) {
+        const inp = inputs[i];
+        // prevout (txid + vout)
+        const outpoint = Buffer.alloc(36);
+        inp.prevTxid.copy(outpoint, 0);
+        writeU32LE(outpoint, inp.prevIndex, 32);
+        parts.push(outpoint);
+        // scriptSig: empty for all inputs except the one being signed
+        if (i === inputIndex) {
+            parts.push(compactSize(inp.scriptPubKey.length));
+            parts.push(inp.scriptPubKey);
+        }
+        else {
+            parts.push(compactSize(0));
+        }
+        // sequence
+        const seq = Buffer.alloc(4);
+        writeU32LE(seq, inp.sequence, 0);
+        parts.push(seq);
+    }
+    // output count
+    parts.push(compactSize(outputs.length));
+    // outputs
+    for (const out of outputs) {
+        const valueBuf = Buffer.alloc(8);
+        writeI64LE(valueBuf, out.value, 0);
+        parts.push(valueBuf);
+        parts.push(compactSize(out.script.length));
+        parts.push(out.script);
+    }
+    // locktime
+    const lt = Buffer.alloc(4);
+    writeU32LE(lt, 0, 0);
+    parts.push(lt);
+    // Append hash type as 4 bytes LE
+    const ht = Buffer.alloc(4);
+    writeU32LE(ht, hashType, 0);
+    parts.push(ht);
+    return doubleSha256(Buffer.concat(parts));
+}
+/**
+ * Build an unsigned Bitcoin P2PKH transaction.
+ *
+ * Returns the per-input sighashes that need to be signed via MPC,
+ * plus the internal tx structure needed for signature attachment.
+ */
+export function buildUnsignedBtcTx(utxos, txOutputs, changeAddress, fee) {
+    if (utxos.length === 0)
+        throw new Error("No UTXOs provided");
+    // Build inputs
+    const inputs = utxos.map((u) => ({
+        prevTxid: reverseTxid(u.txid),
+        prevIndex: u.vout,
+        scriptPubKey: Buffer.from(u.scriptPubKey, "hex"),
+        value: u.value,
+        sequence: 0xffffffff,
+    }));
+    // Build outputs
+    const totalInput = utxos.reduce((s, u) => s + u.value, 0);
+    const totalOutput = txOutputs.reduce((s, o) => s + o.value, 0);
+    const change = totalInput - totalOutput - fee;
+    const outputs = txOutputs.map((o) => ({
+        value: o.value,
+        script: scriptFromAddress(o.address),
+    }));
+    if (change > 0) {
+        // Dust threshold: skip change if below 546 satoshis
+        if (change >= 546) {
+            outputs.push({ value: change, script: scriptFromAddress(changeAddress) });
+        }
+    }
+    else if (change < 0) {
+        throw new Error(`UTXOs total ${totalInput} < outputs ${totalOutput} + fee ${fee}`);
+    }
+    // Compute per-input sighashes
+    const sighashes = [];
+    for (let i = 0; i < inputs.length; i++) {
+        sighashes.push(computeBtcSighash(inputs, outputs, i, SIGHASH_ALL));
+    }
+    return { sighashes, inputs, outputs };
+}
+/**
+ * Build a P2PKH scriptSig from a DER signature and compressed pubkey.
+ *
+ * Format: <sig_length> <DER_sig + SIGHASH_ALL_byte> <pubkey_length> <compressed_pubkey>
+ */
+function buildScriptSig(derSig, pubkey) {
+    const sigWithHashType = Buffer.concat([derSig, Buffer.from([SIGHASH_ALL])]);
+    const parts = [
+        Buffer.from([sigWithHashType.length]),
+        sigWithHashType,
+        Buffer.from([pubkey.length]),
+        pubkey,
+    ];
+    return Buffer.concat(parts);
+}
+/**
+ * Attach DER signatures to an unsigned transaction.
+ * Returns the fully serialized signed transaction as a Buffer.
+ */
+export function attachBtcSignatures(inputs, outputs, signatures, pubkey) {
+    if (signatures.length !== inputs.length) {
+        throw new Error(`Expected ${inputs.length} signatures, got ${signatures.length}`);
+    }
+    if (pubkey.length !== 33) {
+        throw new Error(`Expected 33-byte compressed pubkey, got ${pubkey.length}`);
+    }
+    const scriptSigs = signatures.map((sig) => buildScriptSig(sig, pubkey));
+    return serializeBtcTx(inputs, outputs, scriptSigs);
+}
+/**
+ * Serialize a Bitcoin transaction (version 1, no witness).
+ * If scriptSigs is provided, inputs get signed scriptSigs.
+ * Otherwise inputs get empty scriptSigs (unsigned).
+ */
+export function serializeBtcTx(inputs, outputs, scriptSigs) {
+    const parts = [];
+    // version: 4 bytes LE
+    const ver = Buffer.alloc(4);
+    writeU32LE(ver, 1, 0);
+    parts.push(ver);
+    // input count
+    parts.push(compactSize(inputs.length));
+    // inputs
+    for (let i = 0; i < inputs.length; i++) {
+        const inp = inputs[i];
+        // prevout
+        const outpoint = Buffer.alloc(36);
+        inp.prevTxid.copy(outpoint, 0);
+        writeU32LE(outpoint, inp.prevIndex, 32);
+        parts.push(outpoint);
+        // scriptSig
+        const sig = scriptSigs ? scriptSigs[i] : Buffer.alloc(0);
+        parts.push(compactSize(sig.length));
+        if (sig.length > 0)
+            parts.push(sig);
+        // sequence
+        const seq = Buffer.alloc(4);
+        writeU32LE(seq, inp.sequence, 0);
+        parts.push(seq);
+    }
+    // output count
+    parts.push(compactSize(outputs.length));
+    // outputs
+    for (const out of outputs) {
+        const valueBuf = Buffer.alloc(8);
+        writeI64LE(valueBuf, out.value, 0);
+        parts.push(valueBuf);
+        parts.push(compactSize(out.script.length));
+        parts.push(out.script);
+    }
+    // locktime: 4 bytes LE
+    const lt = Buffer.alloc(4);
+    writeU32LE(lt, 0, 0);
+    parts.push(lt);
+    return Buffer.concat(parts);
+}
+/**
+ * Broadcast a signed transaction via Blockstream API.
+ * Returns the txid on success.
+ */
+export async function broadcastBtcTx(rawHex, network = "mainnet") {
+    const base = apiBase(network);
+    const resp = await fetch(`${base}/tx`, {
+        method: "POST",
+        headers: { "Content-Type": "text/plain" },
+        body: rawHex,
+    });
+    if (!resp.ok) {
+        const body = await resp.text();
+        throw new Error(`Broadcast failed: ${resp.status} ${body}`);
+    }
+    // Blockstream returns the txid as plain text
+    return (await resp.text()).trim();
+}

package/dist/index.d.ts

@@ -16,6 +16,8 @@
 export { Curve, Hash, SignatureAlgorithm, IkaClient, IkaTransaction, UserShareEncryptionKeys, getNetworkConfig, createClassGroupsKeypair, createRandomSessionIdentifier, prepareDKG, prepareDKGAsync, prepareDKGSecondRound, prepareDKGSecondRoundAsync, createDKGUserOutput, publicKeyFromDWalletOutput, parseSignatureFromSignOutput, } from "@ika.xyz/sdk";
 export { fetchUTXOs, selectUTXOs, buildUnsignedTx, attachSignatures, broadcastTx, estimateFee, BRANCH_ID, } from "./tx-builder.js";
 export type { UTXO } from "./tx-builder.js";
+export { fetchBtcUTXOs, selectBtcUTXOs, buildUnsignedBtcTx, attachBtcSignatures, serializeBtcTx, broadcastBtcTx, estimateBtcFee, computeBtcSighash, } from "./btc-tx-builder.js";
+export type { BtcUTXO, BtcTxOutput, BtcNetwork } from "./btc-tx-builder.js";
 export type Chain = "zcash-transparent" | "bitcoin" | "ethereum";
 export interface ZcashIkaConfig {
     /** Ika network: mainnet or testnet */
@@ -214,6 +216,64 @@ export declare function setPolicy(config: ZcashIkaConfig, walletId: string, poli
 export declare function checkPolicy(config: ZcashIkaConfig, policyId: string, amount?: number, recipient?: string): Promise<PolicyState & {
     allowed: boolean;
 }>;
+export interface VaultResult {
+    /** CustodyVault shared object ID on Sui */
+    vaultId: string;
+    /** AdminCap object ID (vault creator holds this) */
+    adminCapId: string;
+    /** Sui transaction digest */
+    txDigest: string;
+}
+export interface AgentResult {
+    /** AgentCap object ID (issued to the registered agent) */
+    agentCapId: string;
+    /** Sui transaction digest */
+    txDigest: string;
+}
+export interface VaultState {
+    vaultId: string;
+    dwalletId: string;
+    maxPerTx: number;
+    maxDaily: number;
+    dailySpent: number;
+    totalSpent: number;
+    totalTxCount: number;
+    agentCount: number;
+    frozen: boolean;
+}
+/**
+ * Create a CustodyVault for a dWallet.
+ * The vault enforces spend policy on-chain and tracks agent access.
+ * Returns the vault ID and AdminCap (transferred to caller).
+ */
+export declare function createVault(config: ZcashIkaConfig, dwalletId: string, maxPerTx: number, maxDaily: number): Promise<VaultResult>;
+/**
+ * Register an agent on a CustodyVault.
+ * Only the admin (holder of AdminCap) can do this.
+ * Returns the AgentCap which should be transferred to the agent.
+ */
+export declare function registerAgent(config: ZcashIkaConfig, vaultId: string, adminCapId: string, agentAddress: string, agentName: string): Promise<AgentResult>;
+/**
+ * Request a spend through the CustodyVault.
+ * The Move contract checks all policy constraints on-chain.
+ * Aborts if the spend violates any limit.
+ */
+export declare function requestSpend(config: ZcashIkaConfig, vaultId: string, agentCapId: string, amount: number, recipient: string, chain: string): Promise<{
+    approved: boolean;
+    txDigest: string;
+}>;
+/**
+ * Read the on-chain state of a CustodyVault.
+ */
+export declare function getVaultState(config: ZcashIkaConfig, vaultId: string): Promise<VaultState>;
+/**
+ * Freeze a CustodyVault. All spend requests will be rejected until unfrozen.
+ */
+export declare function freezeVault(config: ZcashIkaConfig, vaultId: string, adminCapId: string): Promise<string>;
+/**
+ * Unfreeze a CustodyVault. Resumes normal spend processing.
+ */
+export declare function unfreezeVault(config: ZcashIkaConfig, vaultId: string, adminCapId: string): Promise<string>;
 /**
  * Spend from a Zcash transparent wallet.
  *
@@ -228,7 +288,14 @@ export declare function checkPolicy(config: ZcashIkaConfig, policyId: string, am
 export declare function spendTransparent(config: ZcashIkaConfig, walletId: string, encryptionSeed: string, request: SpendRequest): Promise<SpendResult>;
 /**
  * Spend from a Bitcoin wallet.
- * Same MPC flow as Zcash transparent - DoubleSHA256 sighash, ECDSA signature.
+ *
+ * Full pipeline:
+ * 1. Fetch UTXOs from Blockstream API
+ * 2. Build unsigned TX, compute legacy P2PKH sighashes
+ * 3. Sign each sighash via Ika 2PC-MPC
+ * 4. Attach signatures, serialize signed TX
+ * 5. Broadcast via Blockstream API
+ * 6. Attest to ZAP1 as AGENT_ACTION
  */
 export declare function spendBitcoin(config: ZcashIkaConfig, walletId: string, encryptionSeed: string, request: SpendRequest): Promise<SpendResult>;
 /**

package/dist/index.js

@@ -21,6 +21,8 @@ import { decodeSuiPrivateKey } from "@mysten/sui/cryptography";
 import { createHash } from "node:crypto";
 import { fetchUTXOs, selectUTXOs, buildUnsignedTx, attachSignatures, broadcastTx, estimateFee, BRANCH_ID, } from "./tx-builder.js";
 export { fetchUTXOs, selectUTXOs, buildUnsignedTx, attachSignatures, broadcastTx, estimateFee, BRANCH_ID, } from "./tx-builder.js";
+import { fetchBtcUTXOs, selectBtcUTXOs, buildUnsignedBtcTx, attachBtcSignatures, broadcastBtcTx, } from "./btc-tx-builder.js";
+export { fetchBtcUTXOs, selectBtcUTXOs, buildUnsignedBtcTx, attachBtcSignatures, serializeBtcTx, broadcastBtcTx, estimateBtcFee, computeBtcSighash, } from "./btc-tx-builder.js";
 const IKA_COIN_TYPE = "0x1f26bb2f711ff82dcda4d02c77d5123089cb7f8418751474b9fb744ce031526a::ika::IKA";
 /** Parameters for dWallet creation per chain.
  *
@@ -515,9 +517,9 @@ export async function sign(config, request) {
         signTxDigest: signResult.digest,
     };
 }
-// Published package ID - set after sui client publish
-// Override via POLICY_PACKAGE_ID env var or pass directly
-const DEFAULT_POLICY_PACKAGE_ID = "0x0";
+// Sui testnet deployment (zap1_policy package)
+// Override via POLICY_PACKAGE_ID env var for mainnet or redeployments
+const DEFAULT_POLICY_PACKAGE_ID = "0xb0468033d854e95ad89de4b6fec8f6d8e8187778c9d8337a6aa30a5c24775a77";
 function getPolicyPackageId() {
     return process.env.POLICY_PACKAGE_ID || DEFAULT_POLICY_PACKAGE_ID;
 }
@@ -528,10 +530,6 @@ function getPolicyPackageId() {
  */
 export async function setPolicy(config, walletId, policy) {
     const packageId = getPolicyPackageId();
-    if (packageId === "0x0") {
-        throw new Error("Policy Move module not deployed. Set POLICY_PACKAGE_ID env var " +
-            "after running: sui client publish --path move/");
-    }
     const { suiClient, keypair } = await initClients(config);
     const tx = new Transaction();
     // 0x6 is the shared Clock object on Sui
@@ -653,6 +651,211 @@ export async function checkPolicy(config, policyId, amount, recipient) {
     }
     return { ...state, allowed };
 }
+/**
+ * Create a CustodyVault for a dWallet.
+ * The vault enforces spend policy on-chain and tracks agent access.
+ * Returns the vault ID and AdminCap (transferred to caller).
+ */
+export async function createVault(config, dwalletId, maxPerTx, maxDaily) {
+    const packageId = getPolicyPackageId();
+    const { suiClient, keypair } = await initClients(config);
+    const sender = keypair.getPublicKey().toSuiAddress();
+    const tx = new Transaction();
+    const adminCap = tx.moveCall({
+        target: `${packageId}::custody::create_vault`,
+        arguments: [
+            tx.pure.address(dwalletId),
+            tx.pure.u64(maxPerTx),
+            tx.pure.u64(maxDaily),
+            tx.object("0x6"), // Clock
+        ],
+    });
+    tx.transferObjects([adminCap], sender);
+    const result = await suiClient.signAndExecuteTransaction({
+        transaction: tx,
+        signer: keypair,
+        options: { showEffects: true, showObjectChanges: true },
+    });
+    if (result.effects?.status?.status !== "success") {
+        throw new Error(`createVault TX failed: ${result.effects?.status?.error}`);
+    }
+    let vaultId = "";
+    let adminCapId = "";
+    const changes = result.objectChanges || [];
+    for (const change of changes) {
+        if (change.type !== "created")
+            continue;
+        const objType = change.objectType || "";
+        if (objType.includes("::custody::CustodyVault")) {
+            vaultId = change.objectId;
+        }
+        else if (objType.includes("::custody::AdminCap")) {
+            adminCapId = change.objectId;
+        }
+    }
+    if (!vaultId || !adminCapId) {
+        const created = result.effects?.created || [];
+        for (const obj of created) {
+            const id = obj.reference?.objectId || obj.objectId;
+            if (id && !vaultId)
+                vaultId = id;
+            else if (id && !adminCapId)
+                adminCapId = id;
+        }
+    }
+    return { vaultId, adminCapId, txDigest: result.digest };
+}
+/**
+ * Register an agent on a CustodyVault.
+ * Only the admin (holder of AdminCap) can do this.
+ * Returns the AgentCap which should be transferred to the agent.
+ */
+export async function registerAgent(config, vaultId, adminCapId, agentAddress, agentName) {
+    const packageId = getPolicyPackageId();
+    const { suiClient, keypair } = await initClients(config);
+    const sender = keypair.getPublicKey().toSuiAddress();
+    const tx = new Transaction();
+    const nameBytes = Array.from(new TextEncoder().encode(agentName));
+    const agentCap = tx.moveCall({
+        target: `${packageId}::custody::register_agent`,
+        arguments: [
+            tx.object(vaultId),
+            tx.object(adminCapId),
+            tx.pure.address(agentAddress),
+            tx.pure.vector("u8", nameBytes),
+            tx.object("0x6"), // Clock
+        ],
+    });
+    // Transfer AgentCap to the agent address
+    tx.transferObjects([agentCap], agentAddress);
+    const result = await suiClient.signAndExecuteTransaction({
+        transaction: tx,
+        signer: keypair,
+        options: { showEffects: true, showObjectChanges: true },
+    });
+    if (result.effects?.status?.status !== "success") {
+        throw new Error(`registerAgent TX failed: ${result.effects?.status?.error}`);
+    }
+    let agentCapId = "";
+    const changes = result.objectChanges || [];
+    for (const change of changes) {
+        if (change.type !== "created")
+            continue;
+        const objType = change.objectType || "";
+        if (objType.includes("::custody::AgentCap")) {
+            agentCapId = change.objectId;
+        }
+    }
+    return { agentCapId, txDigest: result.digest };
+}
+/**
+ * Request a spend through the CustodyVault.
+ * The Move contract checks all policy constraints on-chain.
+ * Aborts if the spend violates any limit.
+ */
+export async function requestSpend(config, vaultId, agentCapId, amount, recipient, chain) {
+    const packageId = getPolicyPackageId();
+    const { suiClient, keypair } = await initClients(config);
+    const tx = new Transaction();
+    const recipientBytes = Array.from(new TextEncoder().encode(recipient));
+    const chainBytes = Array.from(new TextEncoder().encode(chain));
+    tx.moveCall({
+        target: `${packageId}::custody::request_spend_entry`,
+        arguments: [
+            tx.object(vaultId),
+            tx.object(agentCapId),
+            tx.pure.u64(amount),
+            tx.pure.vector("u8", recipientBytes),
+            tx.pure.vector("u8", chainBytes),
+            tx.object("0x6"), // Clock
+        ],
+    });
+    const result = await suiClient.signAndExecuteTransaction({
+        transaction: tx,
+        signer: keypair,
+        options: { showEffects: true },
+    });
+    if (result.effects?.status?.status !== "success") {
+        return { approved: false, txDigest: result.digest };
+    }
+    return { approved: true, txDigest: result.digest };
+}
+/**
+ * Read the on-chain state of a CustodyVault.
+ */
+export async function getVaultState(config, vaultId) {
+    const { suiClient } = await initClients(config);
+    const obj = await suiClient.getObject({
+        id: vaultId,
+        options: { showContent: true },
+    });
+    const content = obj.data?.content;
+    if (!content || content.dataType !== "moveObject") {
+        throw new Error(`Vault object ${vaultId} not found or not a Move object`);
+    }
+    const fields = content.fields;
+    return {
+        vaultId,
+        dwalletId: fields.dwallet_id,
+        maxPerTx: Number(fields.max_per_tx),
+        maxDaily: Number(fields.max_daily),
+        dailySpent: Number(fields.daily_spent),
+        totalSpent: Number(fields.total_spent),
+        totalTxCount: Number(fields.total_tx_count),
+        agentCount: Number(fields.agent_count),
+        frozen: fields.frozen,
+    };
+}
+/**
+ * Freeze a CustodyVault. All spend requests will be rejected until unfrozen.
+ */
+export async function freezeVault(config, vaultId, adminCapId) {
+    const packageId = getPolicyPackageId();
+    const { suiClient, keypair } = await initClients(config);
+    const tx = new Transaction();
+    tx.moveCall({
+        target: `${packageId}::custody::freeze_vault`,
+        arguments: [
+            tx.object(vaultId),
+            tx.object(adminCapId),
+            tx.object("0x6"), // Clock
+        ],
+    });
+    const result = await suiClient.signAndExecuteTransaction({
+        transaction: tx,
+        signer: keypair,
+        options: { showEffects: true },
+    });
+    if (result.effects?.status?.status !== "success") {
+        throw new Error(`freezeVault TX failed: ${result.effects?.status?.error}`);
+    }
+    return result.digest;
+}
+/**
+ * Unfreeze a CustodyVault. Resumes normal spend processing.
+ */
+export async function unfreezeVault(config, vaultId, adminCapId) {
+    const packageId = getPolicyPackageId();
+    const { suiClient, keypair } = await initClients(config);
+    const tx = new Transaction();
+    tx.moveCall({
+        target: `${packageId}::custody::unfreeze_vault`,
+        arguments: [
+            tx.object(vaultId),
+            tx.object(adminCapId),
+            tx.object("0x6"), // Clock
+        ],
+    });
+    const result = await suiClient.signAndExecuteTransaction({
+        transaction: tx,
+        signer: keypair,
+        options: { showEffects: true },
+    });
+    if (result.effects?.status?.status !== "success") {
+        throw new Error(`unfreezeVault TX failed: ${result.effects?.status?.error}`);
+    }
+    return result.digest;
+}
 /**
  * Spend from a Zcash transparent wallet.
  *
@@ -751,11 +954,93 @@ export async function spendTransparent(config, walletId, encryptionSeed, request
 }
 /**
  * Spend from a Bitcoin wallet.
- * Same MPC flow as Zcash transparent - DoubleSHA256 sighash, ECDSA signature.
+ *
+ * Full pipeline:
+ * 1. Fetch UTXOs from Blockstream API
+ * 2. Build unsigned TX, compute legacy P2PKH sighashes
+ * 3. Sign each sighash via Ika 2PC-MPC
+ * 4. Attach signatures, serialize signed TX
+ * 5. Broadcast via Blockstream API
+ * 6. Attest to ZAP1 as AGENT_ACTION
  */
 export async function spendBitcoin(config, walletId, encryptionSeed, request) {
-    throw new Error("spendBitcoin requires Bitcoin tx builder. " +
-        "Use sign() with chain='bitcoin' and a pre-computed sighash for now.");
+    // Fetch the dWallet to get the public key
+    const { ikaClient } = await initClients(config);
+    const dWallet = await ikaClient.getDWallet(walletId);
+    if (!dWallet?.state?.Active) {
+        throw new Error(`dWallet ${walletId} not Active`);
+    }
+    const rawOutput = dWallet.state.Active.public_output;
+    const outputBytes = new Uint8Array(Array.isArray(rawOutput) ? rawOutput : Array.from(rawOutput));
+    const pubkey = await publicKeyFromDWalletOutput(Curve.SECP256K1, outputBytes);
+    if (!pubkey || pubkey.length !== 33) {
+        throw new Error("Could not extract 33-byte compressed pubkey from dWallet");
+    }
+    const btcNetwork = config.network === "mainnet" ? "mainnet" : "testnet";
+    // Derive our BTC address from the pubkey
+    const ourAddress = deriveBitcoinAddress(pubkey, btcNetwork);
+    // Step 1: Fetch UTXOs
+    const allUtxos = await fetchBtcUTXOs(ourAddress, btcNetwork);
+    if (allUtxos.length === 0) {
+        throw new Error(`No UTXOs found for ${ourAddress}`);
+    }
+    // Step 2: Select UTXOs and build unsigned TX
+    const feeRate = 10; // sat/vbyte, conservative default
+    const { selected, fee } = selectBtcUTXOs(allUtxos, request.amount, feeRate);
+    const { sighashes, inputs, outputs } = buildUnsignedBtcTx(selected, [{ address: request.to, value: request.amount }], ourAddress, // change back to our address
+    fee);
+    // Step 3: Sign each sighash via MPC
+    const signatures = [];
+    for (const sighash of sighashes) {
+        const signResult = await sign(config, {
+            messageHash: new Uint8Array(sighash),
+            walletId,
+            chain: "bitcoin",
+            encryptionSeed,
+        });
+        signatures.push(Buffer.from(signResult.signature));
+    }
+    // Step 4: Attach signatures and serialize
+    const signedTx = attachBtcSignatures(inputs, outputs, signatures, Buffer.from(pubkey));
+    const txHex = signedTx.toString("hex");
+    // Step 5: Broadcast
+    const broadcastTxid = await broadcastBtcTx(txHex, btcNetwork);
+    // Step 6: Attest to ZAP1
+    let leafHash = "";
+    if (config.zap1ApiUrl && config.zap1ApiKey) {
+        try {
+            const attestResp = await fetch(`${config.zap1ApiUrl}/attest`, {
+                method: "POST",
+                headers: {
+                    "Content-Type": "application/json",
+                    "Authorization": `Bearer ${config.zap1ApiKey}`,
+                },
+                body: JSON.stringify({
+                    event_type: "AGENT_ACTION",
+                    agent_id: walletId,
+                    action: "bitcoin_spend",
+                    chain_txid: broadcastTxid,
+                    recipient: request.to,
+                    amount: request.amount,
+                    fee,
+                    memo: request.memo || "",
+                }),
+            });
+            if (attestResp.ok) {
+                const attestData = (await attestResp.json());
+                leafHash = attestData.leaf_hash || "";
+            }
+        }
+        catch {
+            // Attestation failure is non-fatal - tx already broadcast
+        }
+    }
+    return {
+        txid: broadcastTxid,
+        leafHash,
+        chain: "bitcoin",
+        policyChecked: false,
+    };
 }
 /**
  * Verify the wallet's attestation history via ZAP1.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@frontiercompute/zcash-ika",
-  "version": "0.4.0",
+  "version": "0.6.0",
   "description": "Split-key custody for Zcash, Bitcoin, and EVM. 2PC-MPC signing, on-chain spend policy, transparent TX builder, ZAP1 attestation.",
   "type": "module",
   "main": "dist/index.js",
@@ -25,7 +25,9 @@
     "dist/tx-builder.js",
     "dist/tx-builder.d.ts",
     "dist/hybrid.js",
-    "dist/hybrid.d.ts"
+    "dist/hybrid.d.ts",
+    "dist/btc-tx-builder.js",
+    "dist/btc-tx-builder.d.ts"
   ],
   "repository": {
     "type": "git",