@ocap/tx-pipeline 1.30.2 → 1.30.4

package/esm/helpers/encode-tx-by-context.d.mts

@@ -0,0 +1,10 @@
+//#region src/helpers/encode-tx-by-context.d.ts
+/**
+ * Pick the encoder matching `context.txEncoding`. Centralizes the ternary
+ * that lived in three verify pipes so future encoding additions touch one
+ * place. Chain-side only — client bundles that want tree-shake keep their
+ * local selection.
+ */
+declare function encodeTxByEncoding(encoding: string | undefined, tx: Record<string, unknown>): Uint8Array;
+//#endregion
+export { encodeTxByEncoding };

package/esm/helpers/encode-tx-by-context.mjs

@@ -0,0 +1,16 @@
+import { encodeTx } from "@ocap/message/cbor";
+import { encodeTx as encodeTx$1 } from "@ocap/message/protobuf";
+
+//#region src/helpers/encode-tx-by-context.ts
+/**
+* Pick the encoder matching `context.txEncoding`. Centralizes the ternary
+* that lived in three verify pipes so future encoding additions touch one
+* place. Chain-side only — client bundles that want tree-shake keep their
+* local selection.
+*/
+function encodeTxByEncoding(encoding, tx) {
+	return encoding === "cbor" ? encodeTx(tx) : encodeTx$1(tx);
+}
+
+//#endregion
+export { encodeTxByEncoding };

package/esm/helpers/unwrap-opaque-any.d.mts

@@ -0,0 +1,17 @@
+//#region src/helpers/unwrap-opaque-any.d.ts
+interface DecodedAny {
+  type?: string;
+  value?: unknown;
+}
+/**
+ * Undo the duplicate base64+JSON serialization that `decodeAny` leaves on
+ * `json` / `vc` typed Any payloads. Mutates `decoded.value` in place when
+ * applicable and is a no-op otherwise (including on malformed JSON — we
+ * swallow the parse error to keep legacy behavior).
+ *
+ * HACK carried forward from pre-Phase-43 multisig verifiers; kept in one
+ * place so the two verify pipes share the exact same fallback.
+ */
+declare function unwrapOpaqueAnyData(decoded: DecodedAny | undefined): DecodedAny | undefined;
+//#endregion
+export { unwrapOpaqueAnyData };

package/esm/helpers/unwrap-opaque-any.mjs

@@ -0,0 +1,19 @@
+//#region src/helpers/unwrap-opaque-any.ts
+/**
+* Undo the duplicate base64+JSON serialization that `decodeAny` leaves on
+* `json` / `vc` typed Any payloads. Mutates `decoded.value` in place when
+* applicable and is a no-op otherwise (including on malformed JSON — we
+* swallow the parse error to keep legacy behavior).
+*
+* HACK carried forward from pre-Phase-43 multisig verifiers; kept in one
+* place so the two verify pipes share the exact same fallback.
+*/
+function unwrapOpaqueAnyData(decoded) {
+	if (decoded?.type && ["json", "vc"].includes(decoded.type)) try {
+		decoded.value = JSON.parse(Buffer.from(decoded.value, "base64").toString());
+	} catch (_e) {}
+	return decoded;
+}
+
+//#endregion
+export { unwrapOpaqueAnyData };

package/esm/pipes/decode-itx.mjs

@@ -1,17 +1,64 @@
 import { CustomError } from "@ocap/util/lib/error";
-import { decodeAny } from "@ocap/message";
+import { createMessage, decodeAny, fromTypeUrl, toTypeUrl } from "@ocap/message";
 
 //#region src/pipes/decode-itx.ts
+/**
+* Normalize `tx.itx` to a `{ typeUrl, value }` pair across the three shapes
+* that reach this pipe:
+*
+*   protobuf wire → jspb Any.toObject() → `{ typeUrl, value: <base64-bytes> }`
+*   cbor wire     → canonical-cbor flat Any → `{ typeUrl, ...inner }`
+*   client raw    → pre-encoding object → `{ type, value: { ...inner } }`
+*
+* Downstream protocol schemas and pipes expect the jspb-shaped inner object
+* (repeated fields carry the `xxxList` alias, bytes fields are base64 strings,
+* BigUint wrappers are `{ value: Uint8Array }`). We round-trip the cbor /
+* client-raw cases through `createMessage().toObject()` so downstream code
+* sees a single, stable shape regardless of wire format.
+*/
+function toJspbObject(typeUrl, inner) {
+	const msg = createMessage(fromTypeUrl(typeUrl), inner);
+	return msg?.toObject ? msg.toObject() : inner;
+}
+function normalizeItx(raw) {
+	if (!raw || typeof raw !== "object") return null;
+	if (raw.typeUrl) {
+		if (typeof raw.value === "string") {
+			const decoded = decodeAny(raw);
+			return {
+				typeUrl: raw.typeUrl,
+				value: decoded.value
+			};
+		}
+		const inner = {};
+		for (const [key, val] of Object.entries(raw)) {
+			if (key === "typeUrl" || key === "type_url") continue;
+			inner[key] = val;
+		}
+		return {
+			typeUrl: raw.typeUrl,
+			value: toJspbObject(raw.typeUrl, inner)
+		};
+	}
+	if (raw.type) {
+		const typeUrl = toTypeUrl(raw.type);
+		return {
+			typeUrl,
+			value: toJspbObject(typeUrl, raw.value || {})
+		};
+	}
+	return null;
+}
 function DecodeItx(context, next) {
 	try {
-		const decoded = decodeAny(context.tx.itx);
-		const txType = context.tx.itx.typeUrl;
+		const normalized = normalizeItx(context.tx.itx);
+		if (!normalized) return next(new CustomError("INVALID_TX", "Failed to decode itx"));
 		Object.defineProperty(context, "itx", {
-			value: decoded.value,
+			value: normalized.value,
 			enumerable: true
 		});
 		Object.defineProperty(context, "txType", {
-			value: txType,
+			value: normalized.typeUrl,
 			enumerable: true
 		});
 		context.logger?.info("Tx decoded", {
@@ -19,7 +66,7 @@ function DecodeItx(context, next) {
 			txHash: context.txHash,
 			txTime: context.txTime,
 			txSize: context.txSize,
-			txType,
+			txType: normalized.typeUrl,
 			request: context.extra?.request
 		});
 	} catch (_err) {

package/esm/pipes/decode-tx.mjs

@@ -1,18 +1,34 @@
 import { name } from "../package.mjs";
 import { fromBase64, toUint8Array } from "@ocap/util";
 import { CustomError } from "@ocap/util/lib/error";
-import { getMessageType } from "@ocap/message";
 import { toTxHash } from "@ocap/mcrypto";
+import { CANONICAL_SELF_DESCRIBE_PREFIX, decodeTx } from "@ocap/message/cbor";
+import { decodeTx as decodeTx$1 } from "@ocap/message/protobuf";
 import Debug from "debug";
 
 //#region src/pipes/decode-tx.ts
 const debug = Debug(`${name}:pipe:decode-tx`);
-const Transaction = getMessageType("Transaction").fn;
+/**
+* Detect the CBOR self-describe tag 55799 that our canonical encoder always
+* prepends to a Transaction. The first three bytes are unambiguously distinct
+* from any protobuf encoding of Transaction because `D9` = `(27 << 3) | 1`,
+* and `Transaction` has no top-level field number ≥ 27 (enforced by
+* `scripts/assert-proto-field-bound.ts`).
+*/
+function hasCborSelfDescribeTag(buf) {
+	return buf.length >= CANONICAL_SELF_DESCRIBE_PREFIX.length && buf[0] === CANONICAL_SELF_DESCRIBE_PREFIX[0] && buf[1] === CANONICAL_SELF_DESCRIBE_PREFIX[1] && buf[2] === CANONICAL_SELF_DESCRIBE_PREFIX[2];
+}
 function DecodeTx(context, next) {
 	try {
 		const txBuffer = toUint8Array(fromBase64(context.txBase64));
+		const isCbor = hasCborSelfDescribeTag(txBuffer);
+		const tx = isCbor ? decodeTx(txBuffer) : decodeTx$1(txBuffer);
 		Object.defineProperty(context, "tx", {
-			value: Transaction.deserializeBinary(txBuffer).toObject(),
+			value: tx,
+			enumerable: true
+		});
+		Object.defineProperty(context, "txEncoding", {
+			value: isCbor ? "cbor" : "protobuf",
 			enumerable: true
 		});
 		Object.defineProperty(context, "txSize", {

package/esm/pipes/verify-multisig-v2.mjs

@@ -1,7 +1,9 @@
+import { encodeTxByEncoding } from "../helpers/encode-tx-by-context.mjs";
+import { unwrapOpaqueAnyData } from "../helpers/unwrap-opaque-any.mjs";
 import { CustomError } from "@ocap/util/lib/error";
 import get from "lodash/get.js";
-import { createMessage, decodeAny } from "@ocap/message";
-import { getListField } from "@ocap/util/lib/get-list-field";
+import { decodeAny } from "@ocap/message";
+import { getListField, setListField } from "@ocap/util/lib/get-list-field";
 import { toTypeInfo } from "@arcblock/did";
 import cloneDeep from "lodash/cloneDeep.js";
 import { fromPublicKey } from "@ocap/wallet";
@@ -17,22 +19,17 @@ function CreateVerifyMultiSigV2Pipe({ signersKey }) {
 		if (signatures.length !== signers.length) return next(new CustomError("INVALID_SIGNATURE", `Expect ${signers.length} signatures but found ${signatures.length}`));
 		for (const signer of signers) if (!signatures.find((x) => [x.delegator, x.signer].includes(signer))) return next(new CustomError("INVALID_SIGNATURE", `Signature for ${signer} not found in tx.signatures`));
 		signatures.forEach((sig) => {
-			const decoded = sig.data ? decodeAny(sig.data) : void 0;
-			if (decoded?.type && ["json", "vc"].includes(decoded.type)) try {
-				decoded.value = JSON.parse(Buffer.from(decoded.value, "base64").toString());
-			} catch (_e) {}
-			sig.data = decoded;
+			sig.data = unwrapOpaqueAnyData(sig.data ? decodeAny(sig.data) : void 0);
 		});
 		tx.signature = void 0;
-		tx.signaturesList = signatures.map((x) => omit(x, "signature"));
+		setListField(tx, "signatures", signatures.map((x) => omit(x, "signature")));
 		for (let i = 0; i < signatures.length; i++) {
 			const { signer, pk, delegator, signature, extra = "" } = signatures[i];
 			const address = delegator || signer;
 			const wallet = fromPublicKey(pk, toTypeInfo(address));
-			const message = createMessage("Transaction", tx);
-			if (!message) return next(new CustomError("INVALID_SIGNATURE", `Failed to create message for ${address}`));
+			const txBytes = encodeTxByEncoding(context.txEncoding, tx);
 			try {
-				if (await wallet.verify(message.serializeBinary(), signature, true, extra) === false) return next(new CustomError("INVALID_SIGNATURE", `Signature for ${address} is not valid`));
+				if (await wallet.verify(txBytes, signature, true, extra) === false) return next(new CustomError("INVALID_SIGNATURE", `Signature for ${address} is not valid`));
 			} catch (err) {
 				console.error(err);
 				return next(new CustomError("INVALID_SIGNATURE", `Signature for ${address} verify failed: ${err.message}`));

package/esm/pipes/verify-multisig.mjs

@@ -1,6 +1,8 @@
+import { encodeTxByEncoding } from "../helpers/encode-tx-by-context.mjs";
+import { unwrapOpaqueAnyData } from "../helpers/unwrap-opaque-any.mjs";
 import { CustomError } from "@ocap/util/lib/error";
-import { createMessage, decodeAny } from "@ocap/message";
-import { getListField } from "@ocap/util/lib/get-list-field";
+import { decodeAny } from "@ocap/message";
+import { deleteListField, getListField, setListField } from "@ocap/util/lib/get-list-field";
 import { toTypeInfo } from "@arcblock/did";
 import cloneDeep from "lodash/cloneDeep.js";
 import { fromPublicKey } from "@ocap/wallet";
@@ -12,24 +14,19 @@ function CreateVerifyMultiSigPipe(numSigs = 0) {
 		const signatures = getListField(tx, "signatures");
 		if (signatures.length !== numSigs) return next(new CustomError("INVALID_SIGNATURE", `Expect ${numSigs} multi signatures but found ${signatures.length}`));
 		if (numSigs === 0) return next();
-		delete tx.signatures;
-		delete tx.signaturesList;
+		deleteListField(tx, "signatures");
 		while (signatures.length > 0) {
 			const { signer, pk, delegator, signature, data } = signatures.shift();
 			const address = delegator || signer;
 			const wallet = fromPublicKey(pk, toTypeInfo(address));
-			const decoded = data ? decodeAny(data) : void 0;
-			if (decoded?.type && ["json", "vc"].includes(decoded.type)) try {
-				decoded.value = JSON.parse(Buffer.from(decoded.value, "base64").toString());
-			} catch (_e) {}
-			tx.signatures = [{
+			setListField(tx, "signatures", [{
 				signer,
 				pk,
 				delegator,
-				data: decoded
-			}].concat(signatures);
-			const message = createMessage("Transaction", tx);
-			if (!message || await wallet.verify(message.serializeBinary(), signature) === false) return next(new CustomError("INVALID_SIGNATURE", `Multi signature for ${address} is not valid`));
+				data: unwrapOpaqueAnyData(data ? decodeAny(data) : void 0)
+			}].concat(signatures));
+			const txBytes = encodeTxByEncoding(context.txEncoding, tx);
+			if (await wallet.verify(txBytes, signature) === false) return next(new CustomError("INVALID_SIGNATURE", `Multi signature for ${address} is not valid`));
 		}
 		next();
 	};

package/esm/pipes/verify-signature.mjs

@@ -1,7 +1,8 @@
+import { encodeTxByEncoding } from "../helpers/encode-tx-by-context.mjs";
 import { CustomError } from "@ocap/util/lib/error";
 import get from "lodash/get.js";
-import { createMessage } from "@ocap/message";
 import { types } from "@ocap/mcrypto";
+import { deleteListField } from "@ocap/util/lib/get-list-field";
 import { isFromPublicKey, toTypeInfo } from "@arcblock/did";
 import cloneDeep from "lodash/cloneDeep.js";
 import { fromPublicKey } from "@ocap/wallet";
@@ -13,20 +14,16 @@ async function VerifySignature(context, next) {
 	tx.signature = void 0;
 	const multiSignV2Txs = get(context, "config.transaction.multiSignV2Txs", []);
 	const txType = context.txType;
-	if (!txType || multiSignV2Txs.includes(txType) === false) {
-		delete tx.signatures;
-		delete tx.signaturesList;
-	}
+	if (!txType || multiSignV2Txs.includes(txType) === false) deleteListField(tx, "signatures");
 	const { pk, delegator, from } = tx;
 	const signer = delegator || from;
 	if (isFromPublicKey(signer, pk) === false) return next(new CustomError("INVALID_SIGNATURE", "signer and pk does not match"));
-	const message = createMessage("Transaction", tx);
-	if (!message) return next(new CustomError("INVALID_SIGNATURE", "Failed to create transaction message"));
+	const txBytes = encodeTxByEncoding(context.txEncoding, tx);
 	const type = toTypeInfo(signer);
 	const wallet = fromPublicKey(pk, type);
 	const extra = type.role === types.RoleType.ROLE_PASSKEY ? get(context, "extra.txExtra") : "";
 	try {
-		if (!signature || await wallet.verify(message.serializeBinary(), signature, true, extra || "") === false) return next(new CustomError("INVALID_SIGNATURE", "tx.signature is invalid"));
+		if (!signature || await wallet.verify(txBytes, signature, true, extra || "") === false) return next(new CustomError("INVALID_SIGNATURE", "tx.signature is invalid"));
 	} catch (err) {
 		console.error("tx.signature verify failed", err);
 		return next(new CustomError("INVALID_SIGNATURE", "tx.signature verify failed"));

package/esm/pipes/verify-tx-size.mjs

@@ -1,11 +1,13 @@
 import { CustomError } from "@ocap/util/lib/error";
 import get from "lodash/get.js";
+import { toTypeUrl } from "@ocap/message";
 
 //#region src/pipes/verify-tx-size.ts
 function VerifyTxSize(context, next) {
 	const { txSize, txType, tx, config } = context;
 	const defaultSizeLimit = get(config, "transaction.maxTxSize.default");
-	const sizeLimit = get(config, `transaction.maxTxSize.${tx.itx.typeUrl}`, defaultSizeLimit);
+	const rawItx = tx.itx;
+	const sizeLimit = get(config, `transaction.maxTxSize.${txType || rawItx?.typeUrl || (rawItx?.type ? toTypeUrl(rawItx.type) : void 0)}`, defaultSizeLimit);
 	if (txSize > sizeLimit) return next(new CustomError("INVALID_TX_SIZE", `Transaction size too large for ${txType}: expect ${sizeLimit}, got ${txSize}`));
 	next();
 }

package/esm/pipes/verify-tx.mjs

@@ -1,5 +1,6 @@
 import { CustomError } from "@ocap/util/lib/error";
 import get from "lodash/get.js";
+import { toTypeUrl } from "@ocap/message";
 import { getListField } from "@ocap/util/lib/get-list-field";
 import { isFromPublicKey } from "@arcblock/did";
 import isEmpty from "lodash/isEmpty.js";
@@ -19,7 +20,9 @@ function VerifyTx(context, next) {
 	const n = Number(nonce);
 	if (Number.isNaN(n) || n < 0) return next(new CustomError("INVALID_NONCE", "tx.nonce should be a positive integer"));
 	const { supportedTxs, maxMultisig } = get(context, "config.transaction");
-	if (supportedTxs.includes(itx.typeUrl) === false) return next(new CustomError("UNSUPPORTED_TX", `Transaction ${itx.typeUrl} is not supported`));
+	const rawItx = itx;
+	const itxTypeUrl = rawItx.typeUrl || (rawItx.type ? toTypeUrl(rawItx.type) : void 0);
+	if (!itxTypeUrl || supportedTxs.includes(itxTypeUrl) === false) return next(new CustomError("UNSUPPORTED_TX", `Transaction ${itxTypeUrl} is not supported`));
 	if (getListField(context, "tx.signatures").length > maxMultisig) return next(new CustomError("INVALID_TX", "Too many multisig signatures"));
 	if (isFromPublicKey(delegator || from, pk) === false) return next(new CustomError("INVALID_TX", "Sender or delegator address does not match pk"));
 	next();

package/lib/helpers/encode-tx-by-context.cjs

@@ -0,0 +1,17 @@
+const require_rolldown_runtime = require('../_virtual/rolldown_runtime.cjs');
+let _ocap_message_cbor = require("@ocap/message/cbor");
+let _ocap_message_protobuf = require("@ocap/message/protobuf");
+
+//#region src/helpers/encode-tx-by-context.ts
+/**
+* Pick the encoder matching `context.txEncoding`. Centralizes the ternary
+* that lived in three verify pipes so future encoding additions touch one
+* place. Chain-side only — client bundles that want tree-shake keep their
+* local selection.
+*/
+function encodeTxByEncoding(encoding, tx) {
+	return encoding === "cbor" ? (0, _ocap_message_cbor.encodeTx)(tx) : (0, _ocap_message_protobuf.encodeTx)(tx);
+}
+
+//#endregion
+exports.encodeTxByEncoding = encodeTxByEncoding;

package/lib/helpers/encode-tx-by-context.d.cts

@@ -0,0 +1,10 @@
+//#region src/helpers/encode-tx-by-context.d.ts
+/**
+ * Pick the encoder matching `context.txEncoding`. Centralizes the ternary
+ * that lived in three verify pipes so future encoding additions touch one
+ * place. Chain-side only — client bundles that want tree-shake keep their
+ * local selection.
+ */
+declare function encodeTxByEncoding(encoding: string | undefined, tx: Record<string, unknown>): Uint8Array;
+//#endregion
+export { encodeTxByEncoding };

package/lib/helpers/unwrap-opaque-any.cjs

@@ -0,0 +1,20 @@
+
+//#region src/helpers/unwrap-opaque-any.ts
+/**
+* Undo the duplicate base64+JSON serialization that `decodeAny` leaves on
+* `json` / `vc` typed Any payloads. Mutates `decoded.value` in place when
+* applicable and is a no-op otherwise (including on malformed JSON — we
+* swallow the parse error to keep legacy behavior).
+*
+* HACK carried forward from pre-Phase-43 multisig verifiers; kept in one
+* place so the two verify pipes share the exact same fallback.
+*/
+function unwrapOpaqueAnyData(decoded) {
+	if (decoded?.type && ["json", "vc"].includes(decoded.type)) try {
+		decoded.value = JSON.parse(Buffer.from(decoded.value, "base64").toString());
+	} catch (_e) {}
+	return decoded;
+}
+
+//#endregion
+exports.unwrapOpaqueAnyData = unwrapOpaqueAnyData;

package/lib/helpers/unwrap-opaque-any.d.cts

@@ -0,0 +1,17 @@
+//#region src/helpers/unwrap-opaque-any.d.ts
+interface DecodedAny {
+  type?: string;
+  value?: unknown;
+}
+/**
+ * Undo the duplicate base64+JSON serialization that `decodeAny` leaves on
+ * `json` / `vc` typed Any payloads. Mutates `decoded.value` in place when
+ * applicable and is a no-op otherwise (including on malformed JSON — we
+ * swallow the parse error to keep legacy behavior).
+ *
+ * HACK carried forward from pre-Phase-43 multisig verifiers; kept in one
+ * place so the two verify pipes share the exact same fallback.
+ */
+declare function unwrapOpaqueAnyData(decoded: DecodedAny | undefined): DecodedAny | undefined;
+//#endregion
+export { unwrapOpaqueAnyData };

package/lib/pipes/decode-itx.cjs

@@ -4,16 +4,63 @@ let _ocap_util_lib_error = require("@ocap/util/lib/error");
 let _ocap_message = require("@ocap/message");
 
 //#region src/pipes/decode-itx.ts
+/**
+* Normalize `tx.itx` to a `{ typeUrl, value }` pair across the three shapes
+* that reach this pipe:
+*
+*   protobuf wire → jspb Any.toObject() → `{ typeUrl, value: <base64-bytes> }`
+*   cbor wire     → canonical-cbor flat Any → `{ typeUrl, ...inner }`
+*   client raw    → pre-encoding object → `{ type, value: { ...inner } }`
+*
+* Downstream protocol schemas and pipes expect the jspb-shaped inner object
+* (repeated fields carry the `xxxList` alias, bytes fields are base64 strings,
+* BigUint wrappers are `{ value: Uint8Array }`). We round-trip the cbor /
+* client-raw cases through `createMessage().toObject()` so downstream code
+* sees a single, stable shape regardless of wire format.
+*/
+function toJspbObject(typeUrl, inner) {
+	const msg = (0, _ocap_message.createMessage)((0, _ocap_message.fromTypeUrl)(typeUrl), inner);
+	return msg?.toObject ? msg.toObject() : inner;
+}
+function normalizeItx(raw) {
+	if (!raw || typeof raw !== "object") return null;
+	if (raw.typeUrl) {
+		if (typeof raw.value === "string") {
+			const decoded = (0, _ocap_message.decodeAny)(raw);
+			return {
+				typeUrl: raw.typeUrl,
+				value: decoded.value
+			};
+		}
+		const inner = {};
+		for (const [key, val] of Object.entries(raw)) {
+			if (key === "typeUrl" || key === "type_url") continue;
+			inner[key] = val;
+		}
+		return {
+			typeUrl: raw.typeUrl,
+			value: toJspbObject(raw.typeUrl, inner)
+		};
+	}
+	if (raw.type) {
+		const typeUrl = (0, _ocap_message.toTypeUrl)(raw.type);
+		return {
+			typeUrl,
+			value: toJspbObject(typeUrl, raw.value || {})
+		};
+	}
+	return null;
+}
 function DecodeItx(context, next) {
 	try {
-		const decoded = (0, _ocap_message.decodeAny)(context.tx.itx);
-		const txType = context.tx.itx.typeUrl;
+		const normalized = normalizeItx(context.tx.itx);
+		if (!normalized) return next(new _ocap_util_lib_error.CustomError("INVALID_TX", "Failed to decode itx"));
 		Object.defineProperty(context, "itx", {
-			value: decoded.value,
+			value: normalized.value,
 			enumerable: true
 		});
 		Object.defineProperty(context, "txType", {
-			value: txType,
+			value: normalized.typeUrl,
 			enumerable: true
 		});
 		context.logger?.info("Tx decoded", {
@@ -21,7 +68,7 @@ function DecodeItx(context, next) {
 			txHash: context.txHash,
 			txTime: context.txTime,
 			txSize: context.txSize,
-			txType,
+			txType: normalized.typeUrl,
 			request: context.extra?.request
 		});
 	} catch (_err) {

package/lib/pipes/decode-tx.cjs

@@ -3,19 +3,35 @@ const require_rolldown_runtime = require('../_virtual/rolldown_runtime.cjs');
 const require_package = require('../package.cjs');
 let _ocap_util = require("@ocap/util");
 let _ocap_util_lib_error = require("@ocap/util/lib/error");
-let _ocap_message = require("@ocap/message");
 let _ocap_mcrypto = require("@ocap/mcrypto");
+let _ocap_message_cbor = require("@ocap/message/cbor");
+let _ocap_message_protobuf = require("@ocap/message/protobuf");
 let debug = require("debug");
 debug = require_rolldown_runtime.__toESM(debug);
 
 //#region src/pipes/decode-tx.ts
 const debug$1 = (0, debug.default)(`${require_package.name}:pipe:decode-tx`);
-const Transaction = (0, _ocap_message.getMessageType)("Transaction").fn;
+/**
+* Detect the CBOR self-describe tag 55799 that our canonical encoder always
+* prepends to a Transaction. The first three bytes are unambiguously distinct
+* from any protobuf encoding of Transaction because `D9` = `(27 << 3) | 1`,
+* and `Transaction` has no top-level field number ≥ 27 (enforced by
+* `scripts/assert-proto-field-bound.ts`).
+*/
+function hasCborSelfDescribeTag(buf) {
+	return buf.length >= _ocap_message_cbor.CANONICAL_SELF_DESCRIBE_PREFIX.length && buf[0] === _ocap_message_cbor.CANONICAL_SELF_DESCRIBE_PREFIX[0] && buf[1] === _ocap_message_cbor.CANONICAL_SELF_DESCRIBE_PREFIX[1] && buf[2] === _ocap_message_cbor.CANONICAL_SELF_DESCRIBE_PREFIX[2];
+}
 function DecodeTx(context, next) {
 	try {
 		const txBuffer = (0, _ocap_util.toUint8Array)((0, _ocap_util.fromBase64)(context.txBase64));
+		const isCbor = hasCborSelfDescribeTag(txBuffer);
+		const tx = isCbor ? (0, _ocap_message_cbor.decodeTx)(txBuffer) : (0, _ocap_message_protobuf.decodeTx)(txBuffer);
 		Object.defineProperty(context, "tx", {
-			value: Transaction.deserializeBinary(txBuffer).toObject(),
+			value: tx,
+			enumerable: true
+		});
+		Object.defineProperty(context, "txEncoding", {
+			value: isCbor ? "cbor" : "protobuf",
 			enumerable: true
 		});
 		Object.defineProperty(context, "txSize", {

package/lib/pipes/verify-multisig-v2.cjs

@@ -1,5 +1,7 @@
 Object.defineProperty(exports, '__esModule', { value: true });
 const require_rolldown_runtime = require('../_virtual/rolldown_runtime.cjs');
+const require_helpers_encode_tx_by_context = require('../helpers/encode-tx-by-context.cjs');
+const require_helpers_unwrap_opaque_any = require('../helpers/unwrap-opaque-any.cjs');
 let _ocap_util_lib_error = require("@ocap/util/lib/error");
 let lodash_get = require("lodash/get");
 lodash_get = require_rolldown_runtime.__toESM(lodash_get);
@@ -22,22 +24,17 @@ function CreateVerifyMultiSigV2Pipe({ signersKey }) {
 		if (signatures.length !== signers.length) return next(new _ocap_util_lib_error.CustomError("INVALID_SIGNATURE", `Expect ${signers.length} signatures but found ${signatures.length}`));
 		for (const signer of signers) if (!signatures.find((x) => [x.delegator, x.signer].includes(signer))) return next(new _ocap_util_lib_error.CustomError("INVALID_SIGNATURE", `Signature for ${signer} not found in tx.signatures`));
 		signatures.forEach((sig) => {
-			const decoded = sig.data ? (0, _ocap_message.decodeAny)(sig.data) : void 0;
-			if (decoded?.type && ["json", "vc"].includes(decoded.type)) try {
-				decoded.value = JSON.parse(Buffer.from(decoded.value, "base64").toString());
-			} catch (_e) {}
-			sig.data = decoded;
+			sig.data = require_helpers_unwrap_opaque_any.unwrapOpaqueAnyData(sig.data ? (0, _ocap_message.decodeAny)(sig.data) : void 0);
 		});
 		tx.signature = void 0;
-		tx.signaturesList = signatures.map((x) => (0, lodash_omit.default)(x, "signature"));
+		(0, _ocap_util_lib_get_list_field.setListField)(tx, "signatures", signatures.map((x) => (0, lodash_omit.default)(x, "signature")));
 		for (let i = 0; i < signatures.length; i++) {
 			const { signer, pk, delegator, signature, extra = "" } = signatures[i];
 			const address = delegator || signer;
 			const wallet = (0, _ocap_wallet.fromPublicKey)(pk, (0, _arcblock_did.toTypeInfo)(address));
-			const message = (0, _ocap_message.createMessage)("Transaction", tx);
-			if (!message) return next(new _ocap_util_lib_error.CustomError("INVALID_SIGNATURE", `Failed to create message for ${address}`));
+			const txBytes = require_helpers_encode_tx_by_context.encodeTxByEncoding(context.txEncoding, tx);
 			try {
-				if (await wallet.verify(message.serializeBinary(), signature, true, extra) === false) return next(new _ocap_util_lib_error.CustomError("INVALID_SIGNATURE", `Signature for ${address} is not valid`));
+				if (await wallet.verify(txBytes, signature, true, extra) === false) return next(new _ocap_util_lib_error.CustomError("INVALID_SIGNATURE", `Signature for ${address} is not valid`));
 			} catch (err) {
 				console.error(err);
 				return next(new _ocap_util_lib_error.CustomError("INVALID_SIGNATURE", `Signature for ${address} verify failed: ${err.message}`));

package/lib/pipes/verify-multisig.cjs

@@ -1,5 +1,7 @@
 Object.defineProperty(exports, '__esModule', { value: true });
 const require_rolldown_runtime = require('../_virtual/rolldown_runtime.cjs');
+const require_helpers_encode_tx_by_context = require('../helpers/encode-tx-by-context.cjs');
+const require_helpers_unwrap_opaque_any = require('../helpers/unwrap-opaque-any.cjs');
 let _ocap_util_lib_error = require("@ocap/util/lib/error");
 let _ocap_message = require("@ocap/message");
 let _ocap_util_lib_get_list_field = require("@ocap/util/lib/get-list-field");
@@ -15,24 +17,19 @@ function CreateVerifyMultiSigPipe(numSigs = 0) {
 		const signatures = (0, _ocap_util_lib_get_list_field.getListField)(tx, "signatures");
 		if (signatures.length !== numSigs) return next(new _ocap_util_lib_error.CustomError("INVALID_SIGNATURE", `Expect ${numSigs} multi signatures but found ${signatures.length}`));
 		if (numSigs === 0) return next();
-		delete tx.signatures;
-		delete tx.signaturesList;
+		(0, _ocap_util_lib_get_list_field.deleteListField)(tx, "signatures");
 		while (signatures.length > 0) {
 			const { signer, pk, delegator, signature, data } = signatures.shift();
 			const address = delegator || signer;
 			const wallet = (0, _ocap_wallet.fromPublicKey)(pk, (0, _arcblock_did.toTypeInfo)(address));
-			const decoded = data ? (0, _ocap_message.decodeAny)(data) : void 0;
-			if (decoded?.type && ["json", "vc"].includes(decoded.type)) try {
-				decoded.value = JSON.parse(Buffer.from(decoded.value, "base64").toString());
-			} catch (_e) {}
-			tx.signatures = [{
+			(0, _ocap_util_lib_get_list_field.setListField)(tx, "signatures", [{
 				signer,
 				pk,
 				delegator,
-				data: decoded
-			}].concat(signatures);
-			const message = (0, _ocap_message.createMessage)("Transaction", tx);
-			if (!message || await wallet.verify(message.serializeBinary(), signature) === false) return next(new _ocap_util_lib_error.CustomError("INVALID_SIGNATURE", `Multi signature for ${address} is not valid`));
+				data: require_helpers_unwrap_opaque_any.unwrapOpaqueAnyData(data ? (0, _ocap_message.decodeAny)(data) : void 0)
+			}].concat(signatures));
+			const txBytes = require_helpers_encode_tx_by_context.encodeTxByEncoding(context.txEncoding, tx);
+			if (await wallet.verify(txBytes, signature) === false) return next(new _ocap_util_lib_error.CustomError("INVALID_SIGNATURE", `Multi signature for ${address} is not valid`));
 		}
 		next();
 	};

package/lib/pipes/verify-signature.cjs

@@ -1,10 +1,11 @@
 Object.defineProperty(exports, '__esModule', { value: true });
 const require_rolldown_runtime = require('../_virtual/rolldown_runtime.cjs');
+const require_helpers_encode_tx_by_context = require('../helpers/encode-tx-by-context.cjs');
 let _ocap_util_lib_error = require("@ocap/util/lib/error");
 let lodash_get = require("lodash/get");
 lodash_get = require_rolldown_runtime.__toESM(lodash_get);
-let _ocap_message = require("@ocap/message");
 let _ocap_mcrypto = require("@ocap/mcrypto");
+let _ocap_util_lib_get_list_field = require("@ocap/util/lib/get-list-field");
 let _arcblock_did = require("@arcblock/did");
 let lodash_cloneDeep = require("lodash/cloneDeep");
 lodash_cloneDeep = require_rolldown_runtime.__toESM(lodash_cloneDeep);
@@ -17,20 +18,16 @@ async function VerifySignature(context, next) {
 	tx.signature = void 0;
 	const multiSignV2Txs = (0, lodash_get.default)(context, "config.transaction.multiSignV2Txs", []);
 	const txType = context.txType;
-	if (!txType || multiSignV2Txs.includes(txType) === false) {
-		delete tx.signatures;
-		delete tx.signaturesList;
-	}
+	if (!txType || multiSignV2Txs.includes(txType) === false) (0, _ocap_util_lib_get_list_field.deleteListField)(tx, "signatures");
 	const { pk, delegator, from } = tx;
 	const signer = delegator || from;
 	if ((0, _arcblock_did.isFromPublicKey)(signer, pk) === false) return next(new _ocap_util_lib_error.CustomError("INVALID_SIGNATURE", "signer and pk does not match"));
-	const message = (0, _ocap_message.createMessage)("Transaction", tx);
-	if (!message) return next(new _ocap_util_lib_error.CustomError("INVALID_SIGNATURE", "Failed to create transaction message"));
+	const txBytes = require_helpers_encode_tx_by_context.encodeTxByEncoding(context.txEncoding, tx);
 	const type = (0, _arcblock_did.toTypeInfo)(signer);
 	const wallet = (0, _ocap_wallet.fromPublicKey)(pk, type);
 	const extra = type.role === _ocap_mcrypto.types.RoleType.ROLE_PASSKEY ? (0, lodash_get.default)(context, "extra.txExtra") : "";
 	try {
-		if (!signature || await wallet.verify(message.serializeBinary(), signature, true, extra || "") === false) return next(new _ocap_util_lib_error.CustomError("INVALID_SIGNATURE", "tx.signature is invalid"));
+		if (!signature || await wallet.verify(txBytes, signature, true, extra || "") === false) return next(new _ocap_util_lib_error.CustomError("INVALID_SIGNATURE", "tx.signature is invalid"));
 	} catch (err) {
 		console.error("tx.signature verify failed", err);
 		return next(new _ocap_util_lib_error.CustomError("INVALID_SIGNATURE", "tx.signature verify failed"));

package/lib/pipes/verify-tx-size.cjs

@@ -3,12 +3,14 @@ const require_rolldown_runtime = require('../_virtual/rolldown_runtime.cjs');
 let _ocap_util_lib_error = require("@ocap/util/lib/error");
 let lodash_get = require("lodash/get");
 lodash_get = require_rolldown_runtime.__toESM(lodash_get);
+let _ocap_message = require("@ocap/message");
 
 //#region src/pipes/verify-tx-size.ts
 function VerifyTxSize(context, next) {
 	const { txSize, txType, tx, config } = context;
 	const defaultSizeLimit = (0, lodash_get.default)(config, "transaction.maxTxSize.default");
-	const sizeLimit = (0, lodash_get.default)(config, `transaction.maxTxSize.${tx.itx.typeUrl}`, defaultSizeLimit);
+	const rawItx = tx.itx;
+	const sizeLimit = (0, lodash_get.default)(config, `transaction.maxTxSize.${txType || rawItx?.typeUrl || (rawItx?.type ? (0, _ocap_message.toTypeUrl)(rawItx.type) : void 0)}`, defaultSizeLimit);
 	if (txSize > sizeLimit) return next(new _ocap_util_lib_error.CustomError("INVALID_TX_SIZE", `Transaction size too large for ${txType}: expect ${sizeLimit}, got ${txSize}`));
 	next();
 }

package/lib/pipes/verify-tx.cjs

@@ -3,6 +3,7 @@ const require_rolldown_runtime = require('../_virtual/rolldown_runtime.cjs');
 let _ocap_util_lib_error = require("@ocap/util/lib/error");
 let lodash_get = require("lodash/get");
 lodash_get = require_rolldown_runtime.__toESM(lodash_get);
+let _ocap_message = require("@ocap/message");
 let _ocap_util_lib_get_list_field = require("@ocap/util/lib/get-list-field");
 let _arcblock_did = require("@arcblock/did");
 let lodash_isEmpty = require("lodash/isEmpty");
@@ -23,7 +24,9 @@ function VerifyTx(context, next) {
 	const n = Number(nonce);
 	if (Number.isNaN(n) || n < 0) return next(new _ocap_util_lib_error.CustomError("INVALID_NONCE", "tx.nonce should be a positive integer"));
 	const { supportedTxs, maxMultisig } = (0, lodash_get.default)(context, "config.transaction");
-	if (supportedTxs.includes(itx.typeUrl) === false) return next(new _ocap_util_lib_error.CustomError("UNSUPPORTED_TX", `Transaction ${itx.typeUrl} is not supported`));
+	const rawItx = itx;
+	const itxTypeUrl = rawItx.typeUrl || (rawItx.type ? (0, _ocap_message.toTypeUrl)(rawItx.type) : void 0);
+	if (!itxTypeUrl || supportedTxs.includes(itxTypeUrl) === false) return next(new _ocap_util_lib_error.CustomError("UNSUPPORTED_TX", `Transaction ${itxTypeUrl} is not supported`));
 	if ((0, _ocap_util_lib_get_list_field.getListField)(context, "tx.signatures").length > maxMultisig) return next(new _ocap_util_lib_error.CustomError("INVALID_TX", "Too many multisig signatures"));
 	if ((0, _arcblock_did.isFromPublicKey)(delegator || from, pk) === false) return next(new _ocap_util_lib_error.CustomError("INVALID_TX", "Sender or delegator address does not match pk"));
 	next();

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.30.2",
+  "version": "1.30.4",
   "description": "Pipeline runner and common pipelines to process transactions",
   "type": "module",
   "main": "./lib/index.cjs",
@@ -49,15 +49,15 @@
     "elliptic": "6.5.3"
   },
   "dependencies": {
-    "@arcblock/did": "1.30.2",
-    "@arcblock/did-util": "1.30.2",
-    "@ocap/client": "1.30.2",
-    "@ocap/mcrypto": "1.30.2",
-    "@ocap/message": "1.30.2",
-    "@ocap/state": "1.30.2",
-    "@ocap/types": "1.30.2",
-    "@ocap/util": "1.30.2",
-    "@ocap/wallet": "1.30.2",
+    "@arcblock/did": "1.30.4",
+    "@arcblock/did-util": "1.30.4",
+    "@ocap/client": "1.30.4",
+    "@ocap/mcrypto": "1.30.4",
+    "@ocap/message": "1.30.4",
+    "@ocap/state": "1.30.4",
+    "@ocap/types": "1.30.4",
+    "@ocap/util": "1.30.4",
+    "@ocap/wallet": "1.30.4",
     "debug": "^4.4.3",
     "lodash": "^4.17.23"
   }