@ocap/tx-protocols 1.28.9 → 1.29.1

package/lib/protocols/rollup/resume.cjs

@@ -0,0 +1,81 @@
+Object.defineProperty(exports, '__esModule', { value: true });
+const require_rolldown_runtime = require('../../_virtual/rolldown_runtime.cjs');
+const require_pipes_ensure_cost = require('../../pipes/ensure-cost.cjs');
+const require_pipes_ensure_gas = require('../../pipes/ensure-gas.cjs');
+const require_protocols_rollup_pipes_ensure_validator = require('./pipes/ensure-validator.cjs');
+const require_protocols_rollup_pipes_verify_signers = require('./pipes/verify-signers.cjs');
+const require_protocols_rollup_pipes_verify_status = require('./pipes/verify-status.cjs');
+let _ocap_tx_pipeline = require("@ocap/tx-pipeline");
+let _ocap_util_lib_error = require("@ocap/util/lib/error");
+let _ocap_state = require("@ocap/state");
+let _arcblock_validator = require("@arcblock/validator");
+
+//#region src/protocols/rollup/resume.ts
+const runner = new _ocap_tx_pipeline.Runner("resume_rollup");
+const schema = _arcblock_validator.Joi.object({
+	rollup: _arcblock_validator.Joi.DID().prefix().role("ROLE_ROLLUP").required(),
+	data: _arcblock_validator.Joi.any().optional().allow(null)
+}).options({
+	stripUnknown: true,
+	noDefaults: false
+});
+runner.use(({ itx }, next) => {
+	const { error } = schema.validate(itx);
+	return next(error ? new _ocap_util_lib_error.CustomError("INVALID_TX", `Invalid itx: ${error.message}`) : void 0);
+});
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "itx.rollup",
+	to: "rollupState",
+	status: "INVALID_ROLLUP",
+	table: "rollup"
+}));
+runner.use(require_protocols_rollup_pipes_ensure_validator.default(true));
+runner.use(require_protocols_rollup_pipes_verify_status.default({
+	paused: true,
+	closed: false
+}));
+runner.use(require_protocols_rollup_pipes_verify_signers.default({
+	signersKey: "tx.signaturesList",
+	allowSender: true
+}));
+runner.use(_ocap_tx_pipeline.pipes.VerifyMultiSigV2({ signersKey: "signers" }));
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "tx.from",
+	to: "senderState",
+	status: "INVALID_SENDER_STATE",
+	table: "account"
+}));
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "signers",
+	to: "signerStates",
+	status: "INVALID_SIGNER_STATE",
+	table: "account"
+}));
+runner.use(_ocap_tx_pipeline.pipes.VerifyAccountMigration({
+	signerKey: "signerStates",
+	stateKey: "senderState",
+	addressKey: "tx.from"
+}));
+runner.use(require_pipes_ensure_gas.default(() => ({
+	create: 0,
+	update: 2,
+	payment: 0
+})));
+runner.use(require_pipes_ensure_cost.default({ attachSenderChanges: true }));
+runner.use(_ocap_tx_pipeline.pipes.TakeStateSnapshot());
+runner.use(async (context, next) => {
+	const { tx, itx, rollupState, statedb, senderState, senderUpdates, updateVaults } = context;
+	const [newSenderState, newRollupState] = await Promise.all([statedb.account.update(senderState.address, _ocap_state.account.update(senderState, {
+		nonce: tx.nonce,
+		...senderUpdates
+	}, context), context), statedb.rollup.update(itx.rollup, _ocap_state.rollup.resume(rollupState, context), context)]);
+	if (updateVaults) await updateVaults();
+	context.senderState = newSenderState;
+	context.rollupState = newRollupState;
+	next();
+}, { persistError: true });
+runner.use(_ocap_tx_pipeline.pipes.VerifyStateDiff());
+var resume_default = runner;
+
+//#endregion
+exports.default = resume_default;

package/lib/protocols/rollup/resume.d.cts

@@ -0,0 +1,4 @@
+//#region src/protocols/rollup/resume.d.ts
+declare const runner: any;
+//#endregion
+export { runner as default };

package/lib/protocols/rollup/update.cjs

@@ -0,0 +1,114 @@
+Object.defineProperty(exports, '__esModule', { value: true });
+const require_rolldown_runtime = require('../../_virtual/rolldown_runtime.cjs');
+const require_util = require('../../util.cjs');
+const require_pipes_ensure_cost = require('../../pipes/ensure-cost.cjs');
+const require_pipes_ensure_gas = require('../../pipes/ensure-gas.cjs');
+const require_protocols_rollup_pipes_ensure_validator = require('./pipes/ensure-validator.cjs');
+const require_protocols_rollup_pipes_verify_signers = require('./pipes/verify-signers.cjs');
+const require_protocols_rollup_pipes_verify_status = require('./pipes/verify-status.cjs');
+let _ocap_tx_pipeline = require("@ocap/tx-pipeline");
+let _ocap_util_lib_error = require("@ocap/util/lib/error");
+let _ocap_state = require("@ocap/state");
+let debug = require("debug");
+debug = require_rolldown_runtime.__toESM(debug);
+let _arcblock_validator = require("@arcblock/validator");
+
+//#region src/protocols/rollup/update.ts
+const debug$1 = (0, debug.default)("@ocap/tx-protocols:update-rollup");
+const runner = new _ocap_tx_pipeline.Runner("update_rollup");
+const schema = _arcblock_validator.Joi.object({
+	rollup: _arcblock_validator.Joi.DID().prefix().role("ROLE_ROLLUP").required(),
+	minStakeAmount: _arcblock_validator.Joi.BN().greater(0).required(),
+	maxStakeAmount: _arcblock_validator.Joi.BN().greater(_arcblock_validator.Joi.ref("minStakeAmount")).required(),
+	minSignerCount: _arcblock_validator.Joi.number().integer().required(),
+	maxSignerCount: _arcblock_validator.Joi.number().integer().min(1).max(8).greater(_arcblock_validator.Joi.ref("minSignerCount")).required(),
+	minBlockSize: _arcblock_validator.Joi.number().integer().min(1).required(),
+	maxBlockSize: _arcblock_validator.Joi.number().integer().min(1).max(10).greater(_arcblock_validator.Joi.ref("minBlockSize")).required(),
+	minBlockInterval: _arcblock_validator.Joi.number().integer().min(1).max(3600).required(),
+	minBlockConfirmation: _arcblock_validator.Joi.number().integer().min(1).max(100).required(),
+	minDepositAmount: _arcblock_validator.Joi.BN().positive().required(),
+	maxDepositAmount: _arcblock_validator.Joi.BN().greater(_arcblock_validator.Joi.ref("minDepositAmount")).required(),
+	minWithdrawAmount: _arcblock_validator.Joi.BN().positive().required(),
+	maxWithdrawAmount: _arcblock_validator.Joi.BN().greater(_arcblock_validator.Joi.ref("minWithdrawAmount")).required(),
+	depositFeeRate: _arcblock_validator.Joi.number().integer().min(1).max(1e4).required(),
+	withdrawFeeRate: _arcblock_validator.Joi.number().integer().min(1).max(1e4).required(),
+	publisherFeeShare: _arcblock_validator.Joi.number().integer().min(1).max(1e4).required(),
+	minDepositFee: _arcblock_validator.Joi.BN().positive().required(),
+	maxDepositFee: _arcblock_validator.Joi.BN().greater(_arcblock_validator.Joi.ref("minDepositFee")).required(),
+	minWithdrawFee: _arcblock_validator.Joi.BN().positive().required(),
+	maxWithdrawFee: _arcblock_validator.Joi.BN().greater(_arcblock_validator.Joi.ref("minWithdrawFee")).required(),
+	data: _arcblock_validator.Joi.any().optional().allow(null)
+}).options({
+	stripUnknown: true,
+	noDefaults: false
+});
+runner.use(({ itx }, next) => {
+	const { error } = schema.validate(itx);
+	return next(error ? new _ocap_util_lib_error.CustomError("INVALID_TX", `Invalid itx: ${error.message}`) : void 0);
+});
+runner.use(_ocap_tx_pipeline.pipes.VerifyInfo([{
+	error: "INVALID_TX",
+	message: "Sum of itx.proposerFeeShare and itx.publisherFeeShare must be less than 10000",
+	fn: (ctx) => {
+		const context = ctx;
+		return context.itx.proposerFeeShare + context.itx.publisherFeeShare < 1e4;
+	}
+}]));
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "itx.rollup",
+	to: "rollupState",
+	status: "INVALID_ROLLUP",
+	table: "rollup"
+}));
+runner.use(require_protocols_rollup_pipes_ensure_validator.default(true));
+runner.use(require_protocols_rollup_pipes_verify_status.default({ paused: false }));
+runner.use(require_protocols_rollup_pipes_verify_signers.default({
+	signersKey: "tx.signaturesList",
+	allowSender: true
+}));
+runner.use(_ocap_tx_pipeline.pipes.VerifyMultiSigV2({ signersKey: "signers" }));
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "tx.from",
+	to: "senderState",
+	status: "INVALID_SENDER_STATE",
+	table: "account"
+}));
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "signers",
+	to: "signerStates",
+	status: "INVALID_SIGNER_STATE",
+	table: "account"
+}));
+runner.use(_ocap_tx_pipeline.pipes.VerifyAccountMigration({
+	signerKey: "signerStates",
+	stateKey: "senderState",
+	addressKey: "tx.from"
+}));
+runner.use(require_pipes_ensure_gas.default(() => ({
+	create: 0,
+	update: 2,
+	payment: 0
+})));
+runner.use(require_pipes_ensure_cost.default({ attachSenderChanges: true }));
+runner.use(_ocap_tx_pipeline.pipes.TakeStateSnapshot());
+runner.use(async (context, next) => {
+	const { tx, itx, rollupState, statedb, senderState, senderUpdates, updateVaults } = context;
+	const data = require_util.decodeAnySafe(itx.data ?? null);
+	const [newSenderState, newRollupState] = await Promise.all([statedb.account.update(senderState.address, _ocap_state.account.update(senderState, {
+		nonce: tx.nonce,
+		...senderUpdates
+	}, context), context), statedb.rollup.update(itx.rollup, _ocap_state.rollup.update(rollupState, {
+		...itx,
+		data
+	}, context), context)]);
+	if (updateVaults) await updateVaults();
+	context.senderState = newSenderState;
+	context.rollupState = newRollupState;
+	debug$1("update-rollup", newRollupState);
+	next();
+}, { persistError: true });
+runner.use(_ocap_tx_pipeline.pipes.VerifyStateDiff());
+var update_default = runner;
+
+//#endregion
+exports.default = update_default;

package/lib/protocols/rollup/update.d.cts

@@ -0,0 +1,4 @@
+//#region src/protocols/rollup/update.d.ts
+declare const runner: any;
+//#endregion
+export { runner as default };

package/lib/protocols/token/create.cjs

@@ -0,0 +1,156 @@
+Object.defineProperty(exports, '__esModule', { value: true });
+const require_rolldown_runtime = require('../../_virtual/rolldown_runtime.cjs');
+const require_util = require('../../util.cjs');
+const require_pipes_ensure_cost = require('../../pipes/ensure-cost.cjs');
+const require_pipes_ensure_gas = require('../../pipes/ensure-gas.cjs');
+let _ocap_tx_pipeline = require("@ocap/tx-pipeline");
+let _ocap_util_lib_error = require("@ocap/util/lib/error");
+let _arcblock_did_util = require("@arcblock/did-util");
+let _ocap_state = require("@ocap/state");
+let _ocap_util = require("@ocap/util");
+let debug = require("debug");
+debug = require_rolldown_runtime.__toESM(debug);
+let lodash_cloneDeep = require("lodash/cloneDeep");
+lodash_cloneDeep = require_rolldown_runtime.__toESM(lodash_cloneDeep);
+let _arcblock_validator = require("@arcblock/validator");
+let lodash_uniq = require("lodash/uniq");
+lodash_uniq = require_rolldown_runtime.__toESM(lodash_uniq);
+let lodash_isEmpty = require("lodash/isEmpty");
+lodash_isEmpty = require_rolldown_runtime.__toESM(lodash_isEmpty);
+
+//#region src/protocols/token/create.ts
+const debug$1 = (0, debug.default)("@ocap/tx-protocols:create-token");
+const MAX_TOTAL_SUPPLY = (0, _ocap_util.fromTokenToUnit)(1e4 * 1e8, 18);
+const runner = new _ocap_tx_pipeline.Runner("create_token");
+runner.use(_ocap_tx_pipeline.pipes.VerifyMultiSig(0));
+const schema = _arcblock_validator.Joi.object({
+	address: _arcblock_validator.Joi.DID().prefix().role("ROLE_TOKEN").required(),
+	name: _arcblock_validator.Joi.string().min(1).max(32).required(),
+	description: _arcblock_validator.Joi.string().min(16).max(128).required(),
+	symbol: _arcblock_validator.Joi.string().min(2).max(6).uppercase().required(),
+	unit: _arcblock_validator.Joi.string().min(1).max(6).lowercase().required(),
+	decimal: _arcblock_validator.Joi.number().min(2).max(18).required(),
+	icon: _arcblock_validator.Joi.string().optional().allow(null).valid(""),
+	totalSupply: _arcblock_validator.Joi.BN().greater(0).max(MAX_TOTAL_SUPPLY).required(),
+	initialSupply: _arcblock_validator.Joi.BN().greater(0).max(_arcblock_validator.Joi.ref("totalSupply")).required(),
+	maxTotalSupply: _arcblock_validator.Joi.alternatives().try(_arcblock_validator.Joi.BN().greater(0).max(_arcblock_validator.Joi.ref("totalSupply")), _arcblock_validator.Joi.string().valid("")).optional().allow(null),
+	foreignToken: _arcblock_validator.schemas.foreignToken.optional().allow(null).default(null),
+	spendersList: _arcblock_validator.Joi.array().items(_arcblock_validator.Joi.DID().prefix()).max(30).optional().allow(null).default(null),
+	tokenFactoryAddress: _arcblock_validator.Joi.forbidden(),
+	data: _arcblock_validator.Joi.any().optional().allow(null)
+}).options({
+	stripUnknown: true,
+	noDefaults: false
+});
+runner.use(({ itx }, next) => {
+	const { error, value } = schema.validate(itx);
+	if (error) return next(new _ocap_util_lib_error.CustomError("INVALID_TX", `Invalid itx: ${error.message}`));
+	const spendersList = value.spendersList;
+	itx.spenders = spendersList?.length ? (0, lodash_uniq.default)(spendersList) : null;
+	delete itx.spendersList;
+	return next();
+});
+runner.use(_ocap_tx_pipeline.pipes.VerifyInfo([{
+	error: "INVALID_TOKEN",
+	message: "Token address is not valid",
+	fn: (ctx) => {
+		const context = ctx;
+		const itx = (0, lodash_cloneDeep.default)(context.itx);
+		itx.data = require_util.decodeAnySafe(itx.data ?? null);
+		itx.address = "";
+		return (0, _arcblock_did_util.toTokenAddress)(itx) === context.itx.address;
+	}
+}]));
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "tx.from",
+	to: "senderState",
+	status: "INVALID_SENDER_STATE",
+	table: "account"
+}));
+runner.use(_ocap_tx_pipeline.pipes.VerifyAccountMigration({
+	stateKey: "senderState",
+	addressKey: "tx.from"
+}));
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "tx.delegator",
+	to: "delegatorState",
+	status: "OK",
+	table: "account"
+}));
+runner.use(_ocap_tx_pipeline.pipes.VerifyAccountMigration({
+	stateKey: "delegatorState",
+	addressKey: "tx.delegator"
+}));
+runner.use(_ocap_tx_pipeline.pipes.VerifyDelegation({
+	type: "signature",
+	signerKey: "senderState",
+	delegatorKey: "delegatorState",
+	getRequirements: require_util.getDelegationRequirements
+}));
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "itx.address",
+	to: "tokenState",
+	table: "token",
+	status: "OK"
+}));
+runner.use(_ocap_tx_pipeline.pipes.VerifyInfo([{
+	error: "DUPLICATE_TOKEN",
+	message: "Token address already exists on chain",
+	fn: (ctx) => (0, lodash_isEmpty.default)(ctx.tokenState)
+}]));
+runner.use(async function EnsureTokenSymbol(context, next) {
+	const { symbol } = context.config.token;
+	if (symbol.toLowerCase() === context.itx.symbol.toLowerCase()) return next(new _ocap_util_lib_error.CustomError("DUPLICATE_SYMBOL", `Token symbol can not be ${symbol}`));
+	if (await context.statedb.token.existBySymbol(context.itx.symbol, context)) return next(new _ocap_util_lib_error.CustomError("DUPLICATE_SYMBOL", "Token symbol already exists"));
+	return next();
+}, { persistError: true });
+runner.use(require_pipes_ensure_gas.default((context) => {
+	const result = {
+		create: 1,
+		update: 2,
+		payment: 0
+	};
+	if (context.delegatorState) result.update += 1;
+	return result;
+}));
+runner.use(require_pipes_ensure_cost.default({ attachSenderChanges: true }));
+runner.use(_ocap_tx_pipeline.pipes.TakeStateSnapshot());
+runner.use(async (context, next) => {
+	const { tx, itx, statedb, senderState, delegatorState, delegationState, senderUpdates, updateVaults } = context;
+	const data = require_util.decodeAnySafe(itx.data ?? null);
+	const owner = delegatorState ? delegatorState.address : senderState.address;
+	const delegatorUpdates = {};
+	const updates = senderUpdates;
+	updates.tokens = updates.tokens || senderState.tokens || {};
+	if (delegatorState) {
+		delegatorUpdates.tokens = delegatorState.tokens || {};
+		delegatorUpdates.tokens[itx.address] = itx.initialSupply;
+	} else updates.tokens[itx.address] = itx.initialSupply;
+	const [newSenderState, tokenState, newDelegatorState, newDelegationState] = await Promise.all([
+		statedb.account.update(senderState.address, _ocap_state.account.update(senderState, {
+			nonce: tx.nonce,
+			pk: tx.pk,
+			...senderUpdates
+		}, context), context),
+		statedb.token.create(itx.address, _ocap_state.token.create({
+			...(0, lodash_cloneDeep.default)(itx),
+			data,
+			issuer: owner,
+			type: "Token"
+		}, context), context),
+		delegatorState ? statedb.account.update(delegatorState.address, _ocap_state.account.update(delegatorState, delegatorUpdates, context), context) : null,
+		context.isDelegationChanged ? statedb.delegation.update(delegationState.address, _ocap_state.delegation.update(delegationState, {}, context), context) : delegationState
+	]);
+	if (updateVaults) await updateVaults();
+	context.senderState = newSenderState;
+	context.tokenState = tokenState;
+	context.delegatorState = newDelegatorState ?? void 0;
+	context.delegationState = newDelegationState ?? void 0;
+	debug$1("create token v2", tokenState);
+	next();
+}, { persistError: true });
+runner.use(_ocap_tx_pipeline.pipes.VerifyStateDiff());
+var create_default = runner;
+
+//#endregion
+exports.default = create_default;

package/lib/protocols/token/create.d.cts

@@ -0,0 +1,4 @@
+//#region src/protocols/token/create.d.ts
+declare const runner: any;
+//#endregion
+export { runner as default };

package/lib/protocols/token/deposit-v2.cjs

@@ -0,0 +1,219 @@
+Object.defineProperty(exports, '__esModule', { value: true });
+const require_rolldown_runtime = require('../../_virtual/rolldown_runtime.cjs');
+const require_util = require('../../util.cjs');
+const require_pipes_ensure_cost = require('../../pipes/ensure-cost.cjs');
+const require_pipes_ensure_gas = require('../../pipes/ensure-gas.cjs');
+const require_protocols_rollup_pipes_verify_signers = require('../rollup/pipes/verify-signers.cjs');
+const require_protocols_rollup_pipes_verify_status = require('../rollup/pipes/verify-status.cjs');
+let _ocap_tx_pipeline = require("@ocap/tx-pipeline");
+let _ocap_util_lib_error = require("@ocap/util/lib/error");
+let _arcblock_did_util = require("@arcblock/did-util");
+let _ocap_state = require("@ocap/state");
+let _ocap_util = require("@ocap/util");
+let debug = require("debug");
+debug = require_rolldown_runtime.__toESM(debug);
+let _ocap_util_lib_get_list_field = require("@ocap/util/lib/get-list-field");
+let _arcblock_validator = require("@arcblock/validator");
+
+//#region src/protocols/token/deposit-v2.ts
+const debug$1 = (0, debug.default)("@ocap/tx-protocols:deposit-token");
+const schema = _arcblock_validator.Joi.object({
+	token: _arcblock_validator.schemas.tokenInput.required(),
+	to: _arcblock_validator.Joi.DID().prefix().wallet("ethereum").required(),
+	proposer: _arcblock_validator.Joi.DID().prefix().wallet("ethereum").required(),
+	evidence: _arcblock_validator.Joi.object({ hash: _arcblock_validator.Joi.string().regex(_arcblock_validator.patterns.txHash).required() }).required(),
+	rollup: _arcblock_validator.Joi.DID().prefix().role("ROLE_ROLLUP").required(),
+	actualFee: _arcblock_validator.Joi.BN().min(0).required(),
+	data: _arcblock_validator.Joi.any().optional().allow(null)
+}).options({
+	stripUnknown: true,
+	noDefaults: false
+});
+const runner = new _ocap_tx_pipeline.Runner("deposit_token_v2");
+runner.use(({ tx, itx }, next) => {
+	const { error } = schema.validate(itx);
+	if (error) return next(new _ocap_util_lib_error.CustomError("INVALID_TX", `Invalid itx: ${error.message}`));
+	if (itx.to !== tx.from) return next(new _ocap_util_lib_error.CustomError("INVALID_TX", "You can only deposit to tx sender account"));
+	const signatures = (0, _ocap_util_lib_get_list_field.getListField)(tx, "signatures");
+	if (signatures.some((x) => x.signer === itx.proposer) === false) return next(new _ocap_util_lib_error.CustomError("INVALID_TX", "itx.proposer must exist in signatures"));
+	if (signatures.some((x) => x.signer === tx.from)) return next(new _ocap_util_lib_error.CustomError("INVALID_TX", "tx.from should not exist in signatures"));
+	return next();
+});
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "itx.rollup",
+	to: "rollupState",
+	status: "INVALID_ROLLUP",
+	table: "rollup"
+}));
+runner.use(require_protocols_rollup_pipes_verify_status.default({ paused: false }));
+runner.use((context, next) => {
+	const { itx, rollupState } = context;
+	if (rollupState.tokenAddress !== itx.token.address) return next(new _ocap_util_lib_error.CustomError("INVALID_TX", "Deposit token address does not match with rollup state"));
+	if (rollupState.validators.some((x) => x.address === itx.proposer) === false) return next(new _ocap_util_lib_error.CustomError("INVALID_TX", "itx.proposer does not exist in validators"));
+	return next();
+});
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "itx.evidence.hash",
+	to: "evidenceState",
+	status: "OK",
+	table: "evidence"
+}));
+runner.use(({ evidenceState }, next) => {
+	if (evidenceState) return next(new _ocap_util_lib_error.CustomError("INVALID_TX", "Deposit evidence already seen on this chain"));
+	return next();
+});
+runner.use(require_protocols_rollup_pipes_verify_signers.default({
+	signersKey: "tx.signaturesList",
+	allowSender: true
+}));
+runner.use(_ocap_tx_pipeline.pipes.VerifyMultiSigV2({ signersKey: "signers" }));
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "itx.token.address",
+	to: "tokenState",
+	status: "INVALID_TOKEN",
+	table: "token"
+}));
+runner.use((context, next) => {
+	const { itx } = context;
+	context.stakeAddress = (0, _arcblock_did_util.toStakeAddress)(itx.proposer, itx.rollup);
+	context.lockerAddress = require_util.getRewardLocker(itx.rollup);
+	return next();
+});
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "lockerAddress",
+	to: "lockerState",
+	status: "OK",
+	table: "stake"
+}));
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "stakeAddress",
+	to: "stakeState",
+	status: "INVALID_STAKE_STATE",
+	table: "stake"
+}));
+runner.use((context, next) => {
+	const { itx, stakeState, tokenState, rollupState } = context;
+	if (stakeState.revocable === true) return next(new _ocap_util_lib_error.CustomError("INVALID_STAKE_STATE", `Staking not locked for deposit: ${stakeState.address}`));
+	const depositAmount = new _ocap_util.BN(itx.token.value).add(new _ocap_util.BN(itx.actualFee));
+	const minDepositAmount = new _ocap_util.BN(rollupState.minDepositAmount);
+	const maxDepositAmount = new _ocap_util.BN(rollupState.maxDepositAmount);
+	if (depositAmount.lt(minDepositAmount)) return next(new _ocap_util_lib_error.CustomError("INVALID_TX", `Deposit amount must be greater than minDepositAmount: ${(0, _ocap_util.fromUnitToToken)(minDepositAmount, tokenState.decimal)}`));
+	if (depositAmount.gt(maxDepositAmount)) return next(new _ocap_util_lib_error.CustomError("INVALID_TX", `Deposit amount must be less than maxDepositAmount: ${(0, _ocap_util.fromUnitToToken)(maxDepositAmount, tokenState.decimal)}`));
+	const stakedAmount = new _ocap_util.BN(stakeState.tokens[rollupState.tokenAddress] || 0);
+	if (depositAmount.gt(stakedAmount)) return next(new _ocap_util_lib_error.CustomError("INSUFFICIENT_STAKE", `Deposit amount must be less than available stake: ${(0, _ocap_util.fromUnitToToken)(stakedAmount, tokenState.decimal)}`));
+	return next();
+});
+runner.use((context, next) => {
+	const { itx, rollupState, tokenState } = context;
+	const { depositFeeRate, maxDepositFee, minDepositFee } = rollupState;
+	const { reward } = require_util.getTxFee({
+		amount: itx.token.value,
+		feeRate: depositFeeRate,
+		maxFee: maxDepositFee,
+		minFee: minDepositFee
+	});
+	if (new _ocap_util.BN(itx.actualFee).lt(new _ocap_util.BN(reward))) return next(new _ocap_util_lib_error.CustomError("INVALID_TX", `itx.actualFee too low, expect at least ${(0, _ocap_util.fromUnitToToken)(reward, tokenState.decimal)}, got ${(0, _ocap_util.fromUnitToToken)(itx.actualFee, tokenState.decimal)}`));
+	return next();
+});
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "tx.from",
+	to: "senderState",
+	status: "OK",
+	table: "account"
+}));
+runner.use(_ocap_tx_pipeline.pipes.ExtractState({
+	from: "signers",
+	to: "signerStates",
+	status: "INVALID_SIGNER_STATE",
+	table: "account"
+}));
+runner.use(_ocap_tx_pipeline.pipes.VerifyAccountMigration({
+	signerKey: "signerStates",
+	stateKey: "senderState",
+	addressKey: "tx.from"
+}));
+runner.use(require_pipes_ensure_gas.default((context) => {
+	const result = {
+		create: 1,
+		update: 1,
+		payment: 0
+	};
+	if (context.senderState) result.update += 1;
+	else result.create += 1;
+	if (context.lockerState) result.update += 1;
+	else result.create += 1;
+	return result;
+}));
+runner.use(require_pipes_ensure_cost.default({ attachSenderChanges: true }));
+runner.use(_ocap_tx_pipeline.pipes.TakeStateSnapshot());
+runner.use(async (context, next) => {
+	const { tx, itx, statedb, senderState, stakeState, stakeAddress, lockerState, lockerAddress, senderChange, updateVaults } = context;
+	const user = itx.token.value;
+	const fee = itx.actualFee;
+	const total = require_util.getBNSum(user, fee);
+	const stakeUpdates = require_util.applyTokenUpdates([{
+		address: itx.token.address,
+		value: total
+	}], stakeState, "sub");
+	let senderUpdates = require_util.applyTokenUpdates([{
+		address: itx.token.address,
+		value: user
+	}], senderState || {}, "add");
+	const lockerUpdates = require_util.applyTokenUpdates([{
+		address: itx.token.address,
+		value: fee
+	}], lockerState || { tokens: {} }, "add");
+	if (senderChange && senderState) senderUpdates = require_util.applyTokenChange(senderUpdates, senderChange);
+	const sender = senderState ? senderState.address : tx.from;
+	const [newSenderState, newStakeState, newLockerState, evidenceState] = await Promise.all([
+		statedb.account.updateOrCreate(senderState ?? null, _ocap_state.account.updateOrCreate(senderState ?? null, {
+			address: sender,
+			nonce: tx.nonce,
+			pk: tx.pk,
+			...senderUpdates
+		}, context), context),
+		statedb.stake.update(stakeAddress, _ocap_state.stake.update(stakeState, stakeUpdates, context), context),
+		lockerState ? statedb.stake.update(lockerState.address, _ocap_state.stake.update(lockerState, lockerUpdates, context), context) : statedb.stake.create(lockerAddress, _ocap_state.stake.create({
+			address: lockerAddress,
+			sender: itx.rollup,
+			receiver: itx.rollup,
+			revocable: false,
+			message: "pending-block-reward",
+			revokeWaitingPeriod: 0,
+			...lockerUpdates
+		}, context), context),
+		statedb.evidence.create(itx.evidence.hash, _ocap_state.evidence.create({
+			hash: itx.evidence.hash,
+			data: "rollup-deposit"
+		}, context), context)
+	]);
+	if (updateVaults) await updateVaults();
+	context.senderState = newSenderState;
+	context.stakeState = newStakeState;
+	context.evidenceState = evidenceState;
+	context.stakeStates = [newStakeState, newLockerState];
+	context.updatedAccounts = context.updatedAccounts || [];
+	context.updatedAccounts.push({
+		address: stakeAddress,
+		token: itx.token.address,
+		delta: `-${total}`,
+		action: "unlock"
+	}, {
+		address: sender,
+		token: itx.token.address,
+		delta: user,
+		action: "unlock"
+	}, {
+		address: lockerAddress,
+		token: itx.token.address,
+		delta: fee,
+		action: "pending"
+	});
+	debug$1("deposit-token-v2", itx);
+	next();
+}, { persistError: true });
+runner.use(_ocap_tx_pipeline.pipes.VerifyStateDiff());
+var deposit_v2_default = runner;
+
+//#endregion
+exports.default = deposit_v2_default;

package/lib/protocols/token/deposit-v2.d.cts

@@ -0,0 +1,11 @@
+//#region src/protocols/token/deposit-v2.d.ts
+/** Token change for updates */
+interface TokenChange {
+  address: string;
+  token: string;
+  delta: string;
+  action: string;
+}
+declare const runner: any;
+//#endregion
+export { TokenChange, runner as default };