@ocap/tx-protocols 1.28.9 → 1.29.1

package/lib/protocols/rollup/join.cjs

@@ -0,0 +1,157 @@
+Object.defineProperty(exports, '__esModule', { value: true });
+const require_rolldown_runtime = require('../../_virtual/rolldown_runtime.cjs');
+const require_pipes_ensure_cost = require('../../pipes/ensure-cost.cjs');
+const require_pipes_ensure_gas = require('../../pipes/ensure-gas.cjs');
+const require_protocols_rollup_pipes_verify_signers = require('./pipes/verify-signers.cjs');
+const require_protocols_rollup_pipes_verify_status = require('./pipes/verify-status.cjs');
+const require_protocols_rollup_pipes_verify_evidence = require('./pipes/verify-evidence.cjs');
+let _ocap_tx_pipeline = require("@ocap/tx-pipeline");
+let _ocap_util_lib_error = require("@ocap/util/lib/error");
+let _arcblock_did = require("@arcblock/did");
+let _arcblock_did_util = require("@arcblock/did-util");
+let _ocap_state = require("@ocap/state");
+let _ocap_util = require("@ocap/util");
+let debug = require("debug");
+debug = require_rolldown_runtime.__toESM(debug);
+let _arcblock_validator = require("@arcblock/validator");
+let _ocap_merkle_tree = require("@ocap/merkle-tree");
+_ocap_merkle_tree = require_rolldown_runtime.__toESM(_ocap_merkle_tree);
+let url_join = require("url-join");
+url_join = require_rolldown_runtime.__toESM(url_join);
+
+//#region src/protocols/rollup/join.ts
+const debug$1 = (0, debug.default)("@ocap/tx-protocols:join-rollup");
+const runner = new _ocap_tx_pipeline.Runner("join_rollup");
+const schema = _arcblock_validator.Joi.object({
+	rollup: _arcblock_validator.Joi.DID().prefix().role("ROLE_ROLLUP").required(),
+	endpoint: _arcblock_validator.Joi.string().uri({ scheme: [/https?/] }).required(),
+	evidence: _arcblock_validator.Joi.object({ hash: _arcblock_validator.Joi.string().regex(_arcblock_validator.patterns.txHash).required() }).required(),
+	signaturesList: _arcblock_validator.schemas.multiSig.min(1).required(),
+	data: _arcblock_validator.Joi.any().optional().allow(null)
+}).options({
+	stripUnknown: true,
+	noDefaults: false
+});
+runner.use(({ itx }, next) => {
+	const { error } = schema.validate(itx);
+	return next(error ? new _ocap_util_lib_error.CustomError("INVALID_TX", `Invalid itx: ${error.message}`) : void 0);
+});
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "itx.rollup",
+	to: "rollupState",
+	status: "INVALID_ROLLUP",
+	table: "rollup"
+}));
+runner.use(require_protocols_rollup_pipes_verify_status.default({ paused: false }));
+runner.use((context, next) => {
+	const { tx, itx, rollupState } = context;
+	const validator = {
+		pk: (0, _ocap_util.toHex)(tx.pk),
+		address: tx.from,
+		endpoint: itx.endpoint
+	};
+	if ((0, _arcblock_did.isEthereumDid)(tx.from) === false) return next(new _ocap_util_lib_error.CustomError("INVALID_TX", "Invalid tx.from: only ethereum compatible address can join rollup"));
+	if (rollupState?.validators.some((x) => x.address === validator.address)) return next(new _ocap_util_lib_error.CustomError("INVALID_TX", `Address ${validator.address} already exist in validators`));
+	if (rollupState?.validators.some((x) => (0, url_join.default)(x.endpoint, "/") === (0, url_join.default)(validator.endpoint, "/"))) return next(new _ocap_util_lib_error.CustomError("INVALID_TX", `Endpoint ${validator.endpoint} already exist in validators`));
+	context.newValidator = validator;
+	context.validatorsHash = _ocap_merkle_tree.default.getListHash([validator.address]);
+	return next();
+});
+runner.use(require_protocols_rollup_pipes_verify_signers.default({
+	signersKey: "itx.signaturesList",
+	allowSender: false
+}));
+runner.use(require_protocols_rollup_pipes_verify_evidence.default({
+	evidenceKey: "validatorsHash",
+	signaturesKey: "itx.signaturesList",
+	verifyMethod: "ethVerify"
+}));
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "itx.evidence.hash",
+	to: "evidenceState",
+	status: "OK",
+	table: "evidence"
+}));
+runner.use(({ evidenceState }, next) => {
+	if (evidenceState) return next(new _ocap_util_lib_error.CustomError("INVALID_TX", "Join evidence already seen on this chain"));
+	return next();
+});
+runner.use(require_protocols_rollup_pipes_verify_signers.default({
+	signersKey: "tx.signaturesList",
+	allowSender: false
+}));
+runner.use(_ocap_tx_pipeline.pipes.VerifyMultiSigV2({ signersKey: "signers" }));
+runner.use((context, next) => {
+	const { tx, itx } = context;
+	context.stakeAddress = (0, _arcblock_did_util.toStakeAddress)(tx.from, itx.rollup);
+	return next();
+});
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "stakeAddress",
+	to: "stakeState",
+	status: "INVALID_STAKE_STATE",
+	table: "stake"
+}));
+runner.use((context, next) => {
+	const { stakeState, rollupState } = context;
+	if (stakeState?.revocable === false) return next(new _ocap_util_lib_error.CustomError("INVALID_STAKE_STATE", `Staking already locked: ${stakeState.address}`));
+	const actualStake = new _ocap_util.BN(stakeState?.tokens[rollupState?.tokenAddress || ""] || 0);
+	const requiredStake = new _ocap_util.BN(rollupState?.minStakeAmount || 0);
+	if (actualStake.lt(requiredStake)) return next(new _ocap_util_lib_error.CustomError("INVALID_STAKE_STATE", `Staking does not match min stake amount: ${requiredStake}`));
+	return next();
+});
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "tx.from",
+	to: "senderState",
+	status: "INVALID_SENDER_STATE",
+	table: "account"
+}));
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "signers",
+	to: "signerStates",
+	status: "INVALID_SIGNER_STATE",
+	table: "account"
+}));
+runner.use(_ocap_tx_pipeline.pipes.VerifyAccountMigration({
+	signerKey: "signerStates",
+	stateKey: "senderState",
+	addressKey: "tx.from"
+}));
+runner.use(require_pipes_ensure_gas.default(() => ({
+	create: 1,
+	update: 3,
+	payment: 0
+})));
+runner.use(require_pipes_ensure_cost.default({ attachSenderChanges: true }));
+runner.use(_ocap_tx_pipeline.pipes.TakeStateSnapshot());
+runner.use(async (context, next) => {
+	const { tx, itx, rollupState, statedb, senderState, stakeState, newValidator, stakeAddress, senderUpdates, updateVaults } = context;
+	const newValidators = rollupState.validators.concat([newValidator]);
+	const [newSenderState, newRollupState, newStakeState, newEvidenceState] = await Promise.all([
+		statedb.account.update(senderState.address, _ocap_state.account.update(senderState, {
+			nonce: tx.nonce,
+			...senderUpdates
+		}, context), context),
+		statedb.rollup.update(rollupState.address, _ocap_state.rollup.update(rollupState, { validators: newValidators }, context), context),
+		statedb.stake.update(stakeAddress, _ocap_state.stake.update(stakeState, {
+			revocable: false,
+			revokeWaitingPeriod: rollupState.leaveWaitingPeriod
+		}, context), context),
+		statedb.evidence.create(itx.evidence.hash, _ocap_state.evidence.create({
+			hash: itx.evidence.hash,
+			data: "rollup-join"
+		}, context), context)
+	]);
+	if (updateVaults) await updateVaults();
+	context.senderState = newSenderState;
+	context.rollupState = newRollupState;
+	context.stakeState = newStakeState;
+	context.evidenceState = newEvidenceState;
+	debug$1("join-rollup", newValidators);
+	next();
+}, { persistError: true });
+runner.use(_ocap_tx_pipeline.pipes.VerifyStateDiff());
+var join_default = runner;
+
+//#endregion
+exports.default = join_default;

package/lib/protocols/rollup/join.d.cts

@@ -0,0 +1,4 @@
+//#region src/protocols/rollup/join.d.ts
+declare const runner: any;
+//#endregion
+export { runner as default };

package/lib/protocols/rollup/leave.cjs

@@ -0,0 +1,141 @@
+Object.defineProperty(exports, '__esModule', { value: true });
+const require_rolldown_runtime = require('../../_virtual/rolldown_runtime.cjs');
+const require_pipes_ensure_cost = require('../../pipes/ensure-cost.cjs');
+const require_pipes_ensure_gas = require('../../pipes/ensure-gas.cjs');
+const require_protocols_rollup_pipes_ensure_validator = require('./pipes/ensure-validator.cjs');
+const require_protocols_rollup_pipes_verify_signers = require('./pipes/verify-signers.cjs');
+const require_protocols_rollup_pipes_verify_status = require('./pipes/verify-status.cjs');
+const require_protocols_rollup_pipes_verify_evidence = require('./pipes/verify-evidence.cjs');
+let _ocap_tx_pipeline = require("@ocap/tx-pipeline");
+let _ocap_util_lib_error = require("@ocap/util/lib/error");
+let _arcblock_did_util = require("@arcblock/did-util");
+let _ocap_state = require("@ocap/state");
+let debug = require("debug");
+debug = require_rolldown_runtime.__toESM(debug);
+let _arcblock_validator = require("@arcblock/validator");
+let _ocap_merkle_tree = require("@ocap/merkle-tree");
+_ocap_merkle_tree = require_rolldown_runtime.__toESM(_ocap_merkle_tree);
+
+//#region src/protocols/rollup/leave.ts
+const debug$1 = (0, debug.default)("@ocap/tx-protocols:leave-rollup");
+const runner = new _ocap_tx_pipeline.Runner("leave_rollup");
+const schema = _arcblock_validator.Joi.object({
+	rollup: _arcblock_validator.Joi.DID().prefix().role("ROLE_ROLLUP").required(),
+	evidence: _arcblock_validator.Joi.object({ hash: _arcblock_validator.Joi.string().regex(_arcblock_validator.patterns.txHash).required() }).required(),
+	signaturesList: _arcblock_validator.schemas.multiSig.min(1).required(),
+	data: _arcblock_validator.Joi.any().optional().allow(null)
+}).options({
+	stripUnknown: true,
+	noDefaults: false
+});
+runner.use(({ itx }, next) => {
+	const { error } = schema.validate(itx);
+	return next(error ? new _ocap_util_lib_error.CustomError("INVALID_TX", `Invalid itx: ${error.message}`) : void 0);
+});
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "itx.rollup",
+	to: "rollupState",
+	status: "INVALID_ROLLUP",
+	table: "rollup"
+}));
+runner.use(require_protocols_rollup_pipes_ensure_validator.default(false));
+runner.use(require_protocols_rollup_pipes_verify_status.default({ paused: false }));
+runner.use((context, next) => {
+	context.validatorsHash = _ocap_merkle_tree.default.getListHash([context.tx.from]);
+	return next();
+});
+runner.use(require_protocols_rollup_pipes_verify_signers.default({
+	signersKey: "itx.signaturesList",
+	allowSender: false,
+	allowShrink: true
+}));
+runner.use(require_protocols_rollup_pipes_verify_evidence.default({
+	evidenceKey: "validatorsHash",
+	signaturesKey: "itx.signaturesList",
+	verifyMethod: "ethVerify"
+}));
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "itx.evidence.hash",
+	to: "evidenceState",
+	status: "OK",
+	table: "evidence"
+}));
+runner.use((context, next) => {
+	if (context.evidenceState) return next(new _ocap_util_lib_error.CustomError("INVALID_TX", "Leave evidence already seen on this chain"));
+	return next();
+});
+runner.use(require_protocols_rollup_pipes_verify_signers.default({
+	signersKey: "tx.signaturesList",
+	allowSender: false,
+	allowShrink: true
+}));
+runner.use(_ocap_tx_pipeline.pipes.VerifyMultiSigV2({ signersKey: "signers" }));
+runner.use((context, next) => {
+	const { tx, rollupState } = context;
+	if (rollupState?.seedValidators.some((x) => x.address === tx.from)) return next(new _ocap_util_lib_error.CustomError("INVALID_TX", `Address ${tx.from} can not leave since it's seed validator`));
+	if (rollupState?.validators.some((x) => x.address === tx.from) === false) return next(new _ocap_util_lib_error.CustomError("INVALID_TX", `Address ${tx.from} not exist in validator whitelist`));
+	return next();
+});
+runner.use((context, next) => {
+	const { tx, itx } = context;
+	context.stakeAddress = (0, _arcblock_did_util.toStakeAddress)(tx.from, itx.rollup);
+	return next();
+});
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "stakeAddress",
+	to: "stakeState",
+	status: "INVALID_STAKE_STATE",
+	table: "stake"
+}));
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "tx.from",
+	to: "senderState",
+	status: "INVALID_SENDER_STATE",
+	table: "account"
+}));
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "signers",
+	to: "signerStates",
+	status: "INVALID_SIGNER_STATE",
+	table: "account"
+}));
+runner.use(_ocap_tx_pipeline.pipes.VerifyAccountMigration({
+	signerKey: "signerStates",
+	stateKey: "senderState",
+	addressKey: "tx.from"
+}));
+runner.use(require_pipes_ensure_gas.default(() => ({
+	create: 1,
+	update: 3,
+	payment: 0
+})));
+runner.use(require_pipes_ensure_cost.default({ attachSenderChanges: true }));
+runner.use(_ocap_tx_pipeline.pipes.TakeStateSnapshot());
+runner.use(async (context, next) => {
+	const { tx, itx, rollupState, statedb, senderState, stakeState, stakeAddress, senderUpdates, updateVaults } = context;
+	const newValidators = rollupState.validators.filter((x) => x.address !== tx.from);
+	const [newSenderState, newRollupState, newStakeState, newEvidenceState] = await Promise.all([
+		statedb.account.update(senderState.address, _ocap_state.account.update(senderState, {
+			nonce: tx.nonce,
+			...senderUpdates
+		}, context), context),
+		statedb.rollup.update(rollupState.address, _ocap_state.rollup.update(rollupState, { validators: newValidators }, context), context),
+		statedb.stake.update(stakeAddress, _ocap_state.stake.update(stakeState, { revocable: true }, context), context),
+		statedb.evidence.create(itx.evidence.hash, _ocap_state.evidence.create({
+			hash: itx.evidence.hash,
+			data: "rollup-leave"
+		}, context), context)
+	]);
+	if (updateVaults) await updateVaults();
+	context.senderState = newSenderState;
+	context.rollupState = newRollupState;
+	context.stakeState = newStakeState;
+	context.evidenceState = newEvidenceState;
+	debug$1("leave-rollup", newValidators);
+	next();
+}, { persistError: true });
+runner.use(_ocap_tx_pipeline.pipes.VerifyStateDiff());
+var leave_default = runner;
+
+//#endregion
+exports.default = leave_default;

package/lib/protocols/rollup/leave.d.cts

@@ -0,0 +1,4 @@
+//#region src/protocols/rollup/leave.d.ts
+declare const runner: any;
+//#endregion
+export { runner as default };

package/lib/protocols/rollup/migrate.cjs

@@ -0,0 +1,87 @@
+Object.defineProperty(exports, '__esModule', { value: true });
+const require_rolldown_runtime = require('../../_virtual/rolldown_runtime.cjs');
+const require_pipes_ensure_cost = require('../../pipes/ensure-cost.cjs');
+const require_pipes_ensure_gas = require('../../pipes/ensure-gas.cjs');
+const require_protocols_rollup_pipes_ensure_validator = require('./pipes/ensure-validator.cjs');
+const require_protocols_rollup_pipes_verify_signers = require('./pipes/verify-signers.cjs');
+const require_protocols_rollup_pipes_verify_status = require('./pipes/verify-status.cjs');
+let _ocap_tx_pipeline = require("@ocap/tx-pipeline");
+let _ocap_util_lib_error = require("@ocap/util/lib/error");
+let _ocap_state = require("@ocap/state");
+let _arcblock_validator = require("@arcblock/validator");
+
+//#region src/protocols/rollup/migrate.ts
+const runner = new _ocap_tx_pipeline.Runner("migrate_rollup");
+const schema = _arcblock_validator.Joi.object({
+	rollup: _arcblock_validator.Joi.DID().prefix().role("ROLE_ROLLUP").required(),
+	to: _arcblock_validator.Joi.DID().prefix().wallet("ethereum").required(),
+	type: _arcblock_validator.Joi.string().trim().valid("vault", "contract").required(),
+	message: _arcblock_validator.Joi.string().trim().min(1).max(512).required(),
+	data: _arcblock_validator.Joi.any().optional().allow(null)
+}).options({
+	stripUnknown: true,
+	noDefaults: false
+});
+runner.use(({ itx }, next) => {
+	const { error } = schema.validate(itx);
+	return next(error ? new _ocap_util_lib_error.CustomError("INVALID_TX", `Invalid itx: ${error.message}`) : void 0);
+});
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "itx.rollup",
+	to: "rollupState",
+	status: "INVALID_ROLLUP",
+	table: "rollup"
+}));
+runner.use(require_protocols_rollup_pipes_ensure_validator.default(true));
+runner.use(require_protocols_rollup_pipes_verify_status.default({
+	paused: true,
+	closed: false
+}));
+runner.use(require_protocols_rollup_pipes_verify_signers.default({
+	signersKey: "tx.signaturesList",
+	allowSender: true
+}));
+runner.use(_ocap_tx_pipeline.pipes.VerifyMultiSigV2({ signersKey: "signers" }));
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "tx.from",
+	to: "senderState",
+	status: "INVALID_SENDER_STATE",
+	table: "account"
+}));
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "signers",
+	to: "signerStates",
+	status: "INVALID_SIGNER_STATE",
+	table: "account"
+}));
+runner.use(_ocap_tx_pipeline.pipes.VerifyAccountMigration({
+	signerKey: "signerStates",
+	stateKey: "senderState",
+	addressKey: "tx.from"
+}));
+runner.use(require_pipes_ensure_gas.default(() => ({
+	create: 0,
+	update: 2,
+	payment: 0
+})));
+runner.use(require_pipes_ensure_cost.default({ attachSenderChanges: true }));
+runner.use(_ocap_tx_pipeline.pipes.TakeStateSnapshot());
+runner.use(async (context, next) => {
+	const { tx, itx, statedb, rollupState, senderState, senderUpdates, updateVaults } = context;
+	let updates = {};
+	if (itx.type === "vault") updates = _ocap_state.rollup.migrateVault(rollupState, itx.to, context);
+	if (itx.type === "contract") updates = _ocap_state.rollup.migrateContract(rollupState, itx.to, context);
+	const [newSenderState, newRollupState] = await Promise.all([statedb.account.update(senderState.address, _ocap_state.account.update(senderState, {
+		nonce: tx.nonce,
+		...senderUpdates
+	}, context), context), statedb.rollup.update(itx.rollup, updates, context)]);
+	if (updateVaults) await updateVaults();
+	context.senderState = newSenderState;
+	context.rollupState = newRollupState;
+	next();
+}, { persistError: true });
+runner.use(_ocap_tx_pipeline.pipes.VerifyStateDiff());
+var migrate_default = runner;
+
+//#endregion
+exports.default = migrate_default;

package/lib/protocols/rollup/migrate.d.cts

@@ -0,0 +1,4 @@
+//#region src/protocols/rollup/migrate.d.ts
+declare const runner: any;
+//#endregion
+export { runner as default };

package/lib/protocols/rollup/pause.cjs

@@ -0,0 +1,78 @@
+Object.defineProperty(exports, '__esModule', { value: true });
+const require_rolldown_runtime = require('../../_virtual/rolldown_runtime.cjs');
+const require_pipes_ensure_cost = require('../../pipes/ensure-cost.cjs');
+const require_pipes_ensure_gas = require('../../pipes/ensure-gas.cjs');
+const require_protocols_rollup_pipes_ensure_validator = require('./pipes/ensure-validator.cjs');
+const require_protocols_rollup_pipes_verify_signers = require('./pipes/verify-signers.cjs');
+const require_protocols_rollup_pipes_verify_status = require('./pipes/verify-status.cjs');
+let _ocap_tx_pipeline = require("@ocap/tx-pipeline");
+let _ocap_util_lib_error = require("@ocap/util/lib/error");
+let _ocap_state = require("@ocap/state");
+let _arcblock_validator = require("@arcblock/validator");
+
+//#region src/protocols/rollup/pause.ts
+const runner = new _ocap_tx_pipeline.Runner("pause_rollup");
+const schema = _arcblock_validator.Joi.object({
+	rollup: _arcblock_validator.Joi.DID().prefix().role("ROLE_ROLLUP").required(),
+	data: _arcblock_validator.Joi.any().optional().allow(null)
+}).options({
+	stripUnknown: true,
+	noDefaults: false
+});
+runner.use(({ itx }, next) => {
+	const { error } = schema.validate(itx);
+	return next(error ? new _ocap_util_lib_error.CustomError("INVALID_TX", `Invalid itx: ${error.message}`) : void 0);
+});
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "itx.rollup",
+	to: "rollupState",
+	status: "INVALID_ROLLUP",
+	table: "rollup"
+}));
+runner.use(require_protocols_rollup_pipes_ensure_validator.default(true));
+runner.use(require_protocols_rollup_pipes_verify_status.default({ paused: false }));
+runner.use(require_protocols_rollup_pipes_verify_signers.default({
+	signersKey: "tx.signaturesList",
+	allowSender: true
+}));
+runner.use(_ocap_tx_pipeline.pipes.VerifyMultiSigV2({ signersKey: "signers" }));
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "tx.from",
+	to: "senderState",
+	status: "INVALID_SENDER_STATE",
+	table: "account"
+}));
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "signers",
+	to: "signerStates",
+	status: "INVALID_SIGNER_STATE",
+	table: "account"
+}));
+runner.use(_ocap_tx_pipeline.pipes.VerifyAccountMigration({
+	signerKey: "signerStates",
+	stateKey: "senderState",
+	addressKey: "tx.from"
+}));
+runner.use(require_pipes_ensure_gas.default(() => ({
+	create: 0,
+	update: 2,
+	payment: 0
+})));
+runner.use(require_pipes_ensure_cost.default({ attachSenderChanges: true }));
+runner.use(_ocap_tx_pipeline.pipes.TakeStateSnapshot());
+runner.use(async (context, next) => {
+	const { tx, itx, rollupState, statedb, senderState, senderUpdates, updateVaults } = context;
+	const [newSenderState, newRollupState] = await Promise.all([statedb.account.update(senderState.address, _ocap_state.account.update(senderState, {
+		nonce: tx.nonce,
+		...senderUpdates
+	}, context), context), statedb.rollup.update(itx.rollup, _ocap_state.rollup.pause(rollupState, context), context)]);
+	if (updateVaults) await updateVaults();
+	context.senderState = newSenderState;
+	context.rollupState = newRollupState;
+	next();
+}, { persistError: true });
+runner.use(_ocap_tx_pipeline.pipes.VerifyStateDiff());
+var pause_default = runner;
+
+//#endregion
+exports.default = pause_default;

package/lib/protocols/rollup/pause.d.cts

@@ -0,0 +1,4 @@
+//#region src/protocols/rollup/pause.d.ts
+declare const runner: any;
+//#endregion
+export { runner as default };

package/lib/protocols/rollup/pipes/ensure-validator.cjs

@@ -0,0 +1,14 @@
+Object.defineProperty(exports, '__esModule', { value: true });
+const require_rolldown_runtime = require('../../../_virtual/rolldown_runtime.cjs');
+let _ocap_util_lib_error = require("@ocap/util/lib/error");
+
+//#region src/protocols/rollup/pipes/ensure-validator.ts
+const ensure_validator = (isSeed) => (context, next) => {
+	const { rollupState, tx } = context;
+	if ((isSeed ? rollupState.seedValidators : rollupState.validators).some((x) => x.address === tx?.from) === false) return next(new _ocap_util_lib_error.CustomError("INVALID_TX", "Tx sender is not an expected validator"));
+	return next();
+};
+var ensure_validator_default = ensure_validator;
+
+//#endregion
+exports.default = ensure_validator_default;

package/lib/protocols/rollup/pipes/ensure-validator.d.cts

@@ -0,0 +1,6 @@
+import { PipeFunction } from "@ocap/tx-pipeline";
+
+//#region src/protocols/rollup/pipes/ensure-validator.d.ts
+declare const ensure_validator: (isSeed: boolean) => PipeFunction<any>;
+//#endregion
+export { ensure_validator as default };

package/lib/protocols/rollup/pipes/verify-evidence.cjs

@@ -0,0 +1,32 @@
+Object.defineProperty(exports, '__esModule', { value: true });
+const require_rolldown_runtime = require('../../../_virtual/rolldown_runtime.cjs');
+let _ocap_util_lib_error = require("@ocap/util/lib/error");
+let lodash_get = require("lodash/get");
+lodash_get = require_rolldown_runtime.__toESM(lodash_get);
+let _arcblock_did = require("@arcblock/did");
+let _ocap_util = require("@ocap/util");
+let _ocap_wallet = require("@ocap/wallet");
+
+//#region src/protocols/rollup/pipes/verify-evidence.ts
+function CreateVerifyEvidencePipe({ evidenceKey, signaturesKey, verifyMethod = "verify" }) {
+	if (["verify", "ethVerify"].includes(verifyMethod) === false) throw new _ocap_util_lib_error.CustomError("INVALID_ARGUMENT", `Invalid verify method: ${verifyMethod}, supported methods are: verify, ethVerify`);
+	return async (context, next) => {
+		const evidence = (0, lodash_get.default)(context, evidenceKey);
+		const signatures = (0, lodash_get.default)(context, signaturesKey);
+		for (const sig of signatures) {
+			const { signer, pk, delegator, signature } = sig;
+			const address = delegator || signer;
+			const wallet = (0, _ocap_wallet.fromPublicKey)(pk, (0, _arcblock_did.toTypeInfo)(address));
+			try {
+				if (await wallet[verifyMethod]((0, _ocap_util.toHex)(evidence), (0, _ocap_util.toHex)(signature)) === false) return next(new _ocap_util_lib_error.CustomError("INVALID_SIGNATURE", `Signature for evidence from ${address} is not valid`));
+			} catch (err) {
+				return next(new _ocap_util_lib_error.CustomError("INVALID_SIGNATURE", `Signature for evidence from ${address} verify failed: ${err.message}`));
+			}
+		}
+		return next();
+	};
+}
+var verify_evidence_default = CreateVerifyEvidencePipe;
+
+//#endregion
+exports.default = verify_evidence_default;

package/lib/protocols/rollup/pipes/verify-evidence.d.cts

@@ -0,0 +1,15 @@
+import { PipeFunction } from "@ocap/tx-pipeline";
+
+//#region src/protocols/rollup/pipes/verify-evidence.d.ts
+interface IVerifyEvidenceOptions {
+  evidenceKey: string;
+  signaturesKey: string;
+  verifyMethod?: 'verify' | 'ethVerify';
+}
+declare function CreateVerifyEvidencePipe({
+  evidenceKey,
+  signaturesKey,
+  verifyMethod
+}: IVerifyEvidenceOptions): PipeFunction<any>;
+//#endregion
+export { CreateVerifyEvidencePipe as default };

package/lib/protocols/rollup/pipes/verify-signers.cjs

@@ -0,0 +1,39 @@
+Object.defineProperty(exports, '__esModule', { value: true });
+const require_rolldown_runtime = require('../../../_virtual/rolldown_runtime.cjs');
+let _ocap_util_lib_error = require("@ocap/util/lib/error");
+let lodash_get = require("lodash/get");
+lodash_get = require_rolldown_runtime.__toESM(lodash_get);
+
+//#region src/protocols/rollup/pipes/verify-signers.ts
+function CreateVerifySignersPipe({ signersKey, allowSender = true, allowShrink = false }) {
+	return (context, next) => {
+		const { tx, rollupState } = context;
+		const rollup = rollupState;
+		const { minSignerCount, maxSignerCount } = rollup;
+		const signatures = (0, lodash_get.default)(context, signersKey);
+		const signerCount = signatures.length;
+		const seedValidators = rollup.seedValidators.map((x) => x.address);
+		const validators = rollup.validators.map((x) => x.address);
+		if (!allowSender && signatures.some((x) => x.signer === tx.from)) return next(new _ocap_util_lib_error.CustomError("INVALID_SIGNATURE", `Invalid: ${signersKey}, sender not allowed to sign`));
+		if (validators.length > minSignerCount) {
+			if (signerCount < minSignerCount) return next(new _ocap_util_lib_error.CustomError("INVALID_SIGNATURE", `Invalid: ${signersKey}, expect at least ${minSignerCount} signatures, got ${signerCount}`));
+			if (signerCount > maxSignerCount) return next(new _ocap_util_lib_error.CustomError("INVALID_SIGNATURE", `Invalid: ${signersKey}, Expect at most ${maxSignerCount} signatures, got ${signerCount}`));
+		} else {
+			let actualValidatorCount = validators.length;
+			if (!allowSender && allowShrink) actualValidatorCount -= 1;
+			const expectedSignerCount = Math.min(actualValidatorCount, minSignerCount);
+			if (signerCount < expectedSignerCount) return next(new _ocap_util_lib_error.CustomError("INVALID_SIGNATURE", `Invalid ${signersKey}, all validators are expected to sign because we have less than ${expectedSignerCount} validators`));
+		}
+		const signers = signatures.map((x) => x.signer);
+		const missingSigner = seedValidators.find((x) => signers.includes(x) === false);
+		if (missingSigner) return next(new _ocap_util_lib_error.CustomError("INVALID_SIGNATURE", `Invalid: ${signersKey}, missing signature from seed validator: ${missingSigner}`));
+		const invalidSigner = signers.find((x) => validators.includes(x) === false);
+		if (invalidSigner) return next(new _ocap_util_lib_error.CustomError("INVALID_SIGNATURE", `Invalid: ${signersKey}, signer ${invalidSigner} does not exist in validator whitelist`));
+		context.signers = signers;
+		return next();
+	};
+}
+var verify_signers_default = CreateVerifySignersPipe;
+
+//#endregion
+exports.default = verify_signers_default;

package/lib/protocols/rollup/pipes/verify-signers.d.cts

@@ -0,0 +1,15 @@
+import { PipeFunction } from "@ocap/tx-pipeline";
+
+//#region src/protocols/rollup/pipes/verify-signers.d.ts
+interface IVerifySignersOptions {
+  signersKey: string;
+  allowSender?: boolean;
+  allowShrink?: boolean;
+}
+declare function CreateVerifySignersPipe({
+  signersKey,
+  allowSender,
+  allowShrink
+}: IVerifySignersOptions): PipeFunction<any>;
+//#endregion
+export { CreateVerifySignersPipe as default };

package/lib/protocols/rollup/pipes/verify-status.cjs

@@ -0,0 +1,28 @@
+Object.defineProperty(exports, '__esModule', { value: true });
+const require_rolldown_runtime = require('../../../_virtual/rolldown_runtime.cjs');
+let _ocap_tx_pipeline = require("@ocap/tx-pipeline");
+
+//#region src/protocols/rollup/pipes/verify-status.ts
+const verify_status = ({ paused, closed } = {}) => {
+	const fns = [];
+	if (paused === false) fns.push({
+		error: "INVALID_TX",
+		message: "The rollup is paused",
+		fn: (context) => !context.rollupState.paused
+	});
+	if (paused === true) fns.push({
+		error: "INVALID_TX",
+		message: "The rollup is not paused",
+		fn: (context) => context.rollupState.paused
+	});
+	if (closed === false) fns.push({
+		error: "INVALID_TX",
+		message: "The rollup is closed",
+		fn: (context) => !context.rollupState.closed
+	});
+	return _ocap_tx_pipeline.pipes.VerifyInfo(fns);
+};
+var verify_status_default = verify_status;
+
+//#endregion
+exports.default = verify_status_default;

package/lib/protocols/rollup/pipes/verify-status.d.cts

@@ -0,0 +1,13 @@
+import { PipeFunction } from "@ocap/tx-pipeline";
+
+//#region src/protocols/rollup/pipes/verify-status.d.ts
+interface IVerifyStatusOptions {
+  paused?: boolean;
+  closed?: boolean;
+}
+declare const verify_status: ({
+  paused,
+  closed
+}?: IVerifyStatusOptions) => PipeFunction<any>;
+//#endregion
+export { verify_status as default };