@smartledger/bsv 4.1.0 → 4.2.1

package/CHANGELOG.md

@@ -5,6 +5,74 @@ All notable changes to SmartLedger-BSV will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [4.2.1] - 2026-06-07
+
+### Docs
+
+- **Substantial README rewrite for the v4.x line.** The README still
+  headlined v3.4.x (4 minors and a major stale), showed the *old*
+  `lib/covenant-interface` API in the covenant examples instead of the
+  v4.2.0 `bsv.SmartContract.PushTx`/`PELS`/`Token`/`Locks`/`verifyScript`
+  surface, had a wrong CDN-Bundles size table (off by up to 7× on
+  `bsv-mnemonic`), duplicate "Complete Documentation" sections, a
+  "planned 3.5.0" security note that was overtaken by 4.0.0, and a
+  footer stamp claiming "v3.3.4 • 9 Loading Options". Replaced the
+  headline with the v4.2.0 covenant section, rewrote PUSHTX/PELS
+  examples to use the new API, added Ownership Tokens + end-to-end
+  verification snippets, merged the two Documentation sections (7
+  broken file paths fixed, 4 dead links removed), replaced the
+  inaccurate CDN sub-table with a pointer to the canonical
+  loading-options table, updated Security to point at the v4.0.0 GDAF
+  fix, and stamped the footer at v4.2.1.
+
+### Semver
+
+Patch — README only. No source changes; no `lib/`, `bin/`, `bsv.d.ts`,
+or test diffs. Out-of-band republish: `@smartledger/bsv@4.2.0` was
+published from a separate session with the OLD README, then
+unpublished after the rewrite. npm's anti-republish policy refuses to
+reuse the 4.2.0 version number; 4.2.1 is the canonical version with
+the corrected README content. `smartledger-bsv@4.2.0` (unscoped) was
+published with the new README; for parity, the unscoped is also
+republished at 4.2.1.
+
+## [4.2.0] - 2026-06-07
+
+### Added
+
+- **First-class, interpreter-verified covenants under `bsv.SmartContract`.**
+  A complete, tested stack of custom locking scripts that verify end-to-end
+  through `Script.Interpreter` (positive and negative cases), building on the
+  post-Genesis limits from 4.1.0:
+  - **`SmartContract.PushTx`** — a *correct* OP_PUSH_TX (nChain WP1605). The
+    locking script generates an ECDSA signature in-script from the pushed
+    preimage (`a=k=1`, `r=Gx`, `s=(e+Gx) mod n`, pubkey `02||Gx`) and verifies
+    it with `OP_CHECKSIG`, proving the preimage is this very transaction. Uses a
+    fixed-length DER template with an `nLockTime` grind (`PushTx.grind`). Exposes
+    `authenticator()`, `valueCovenant()`, `hashOutputs()`, `extractHashOutputs()`.
+  - **`SmartContract.PELS` / `perpetualCovenant(fee)`** — a Perpetually Enforcing
+    Locking Script: every spend must recreate the same script (value − fee).
+    Reads its own script from the authenticated preimage's `scriptCode`, so there
+    is no self-hash circularity.
+  - **`SmartContract.Token` / `ownershipToken(fee, ownerHash)`** — a stateful
+    ownership token (NFT) carrying its owner as on-chain state; transfer requires
+    the owner's secret and rewrites the state, perpetuating the token code.
+  - **`SmartContract.Locks`** — hash-lock, P2PKH, CLTV time-lock, m-of-n
+    multisig, and HTLC primitives.
+  - **`SmartContract.CovenantHelpers`** + convenience methods
+    `enableGenesis()`, `verifyScript()`, `valueCovenant()` — a consensus-flag
+    `verify()` harness, raw BIP-143 preimage access, signing, and fund/spend
+    scaffolding.
+- New mocha suite `test/smart_contract/covenants.js` (11 specs / 24 assertions),
+  all green; full suite 4178 → 4189 passing.
+
+### Notes
+
+- These covenants require post-Genesis limits: call `SmartContract.enableGenesis()`
+  (a.k.a `Interpreter.useGenesisLimits()`) before verifying. Research-grade and
+  interpreter-verified — review before mainnet value (the OP_PUSH_TX key is the
+  intentionally public `a=k=1`; low-S malleability is left unenforced).
+
 ## [4.1.0] - 2026-06-07
 
 ### Added