@txnod/sdk 1.0.1

package/dist/verify/chains/ton.d.ts

@@ -0,0 +1,84 @@
+/**
+ * TON address verification — operator-wallet StateInit reconstruction.
+ * Mirrors apps/web/lib/derivation/ton.ts byte-for-byte against the @ton/ton
+ * reference (parity test in ton.test.ts).
+ *
+ * Sources:
+ *   - PRD FR96 / NFR-S11 (locally verify createInvoice address derives from xpub).
+ *   - Architecture addendum + research §4.10.5.
+ *   - TEP-0002 address layout, TON Cells representation-hash spec.
+ *
+ * @noTonRuntimeImport — verify/chains/ton.ts intentionally does NOT import
+ * `@ton/core` or `@ton/ton` at runtime; vendored cell builder lives in the
+ * sibling `ton-cell.ts`.
+ */
+import type { WalletEdgeKind } from '../../_shared/index.js';
+/**
+ * Input shape for {@link verifyTonAddress}. Mirrors research §4.10.5 — the
+ * canonical 7-field tuple covering wallet version, subwallet id, workchain,
+ * project kind (production / testnet), and the API-returned address.
+ *
+ * `kind` controls only the testOnly bit on the user-friendly address
+ * encoding (`UQ`/`EQ` vs `kQ`/`0Q`). The TON wallet StateInit (and therefore
+ * the raw `<wc>:<hex>` address) is identical across kinds.
+ *
+ * @example
+ * ```ts
+ * import { verifyTonAddress, type VerifyTonInput } from '@txnod/sdk';
+ *
+ * const input: VerifyTonInput = {
+ *   chain: 'ton',
+ *   publicKeyHex: '0000000000000000000000000000000000000000000000000000000000000001',
+ *   walletVersion: 'v3R2',
+ *   subwalletId: 698_983_191,
+ *   workchain: 0,
+ *   kind: 'production',
+ *   expectedAddress: 'UQBV4AQh9C66sbBNTwFMo96Tg7mtzmJZWDJzbRXxe8G8MXnb',
+ * };
+ * verifyTonAddress(input);
+ * ```
+ */
+export interface VerifyTonInput {
+    chain: 'ton';
+    publicKeyHex: string;
+    walletVersion: 'v3R2' | 'v4R2' | 'v5R1';
+    subwalletId: number;
+    workchain: 0 | -1;
+    kind: WalletEdgeKind;
+    expectedAddress: string;
+}
+/**
+ * Locally verify that a TON operator-wallet address derives from the
+ * `(walletVersion, subwalletId, publicKeyHex, workchain)` tuple. Throws
+ * `AddressVerificationError` on mismatch (raw `<wc>:<hex>` form is compared
+ * after parse, never the user-friendly string). Throws
+ * `TxnodInvalidXpubFormatError` for malformed `publicKeyHex` (length ≠ 64,
+ * non-hex), unknown `walletVersion`, or workchain ∉ `{0, -1}`.
+ *
+ * Returns void on success.
+ *
+ * @example
+ * ```ts
+ * import { verifyTonAddress, AddressVerificationError } from '@txnod/sdk';
+ *
+ * try {
+ *   verifyTonAddress({
+ *     chain: 'ton',
+ *     publicKeyHex: '0000000000000000000000000000000000000000000000000000000000000001',
+ *     walletVersion: 'v3R2',
+ *     subwalletId: 698_983_191,
+ *     workchain: 0,
+ *     kind: 'production',
+ *     expectedAddress: 'UQBV4AQh9C66sbBNTwFMo96Tg7mtzmJZWDJzbRXxe8G8MXnb',
+ *   });
+ * } catch (err) {
+ *   if (err instanceof AddressVerificationError) {
+ *     console.error('ton verify failed', err.expected_address, err.derived_address);
+ *   } else {
+ *     throw err;
+ *   }
+ * }
+ * ```
+ */
+export declare function verifyTonAddress(input: VerifyTonInput): void;
+//# sourceMappingURL=ton.d.ts.map

package/dist/verify/chains/ton.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ton.d.ts","sourceRoot":"","sources":["../../../src/verify/chains/ton.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AACH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAYpD;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,KAAK,CAAC;IACb,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;IACxC,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAClB,IAAI,EAAE,cAAc,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;CACzB;AAgED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,cAAc,GAAG,IAAI,CA4D5D"}

package/dist/verify/chains/ton.js

@@ -0,0 +1,131 @@
+import { beginCell, computeWalletAddress, parseAddress, serializeAddressUserFriendly, } from './ton-cell.js';
+import { TxnodInvalidXpubFormatError } from '../../errors.js';
+import { syntheticDetails } from '../../internals/synthetic-details.js';
+import { AddressVerificationError } from '../errors.js';
+const DERIVATION_PATH_SENTINEL = 'ton-stateinit';
+// Vendored wallet code BoCs — kept in lockstep with
+// packages/shared/src/chains/ton-wallet-versions.ts (see Story 34.2). Drift is
+// caught by the cell-parity test in ton.test.ts.
+const WALLET_CODE_BOC = {
+    v3R2: 'b5ee9c724101010100710000deff0020dd2082014c97ba218201339cbab19f71b0ed44d0d31fd31f31d70bffe304e0a4f2608308d71820d31fd31fd31ff82313bbf263ed44d0d31fd31fd3ffd15132baf2a15144baf2a204f901541055f910f2a3f8009320d74a96d307d402fb00e8d101a4c8cb1fcb1fcbffc9ed5410bd6dad',
+    v4R2: 'b5ee9c72010214010002d4000114ff00f4a413f4bcf2c80b010201200203020148040504f8f28308d71820d31fd31fd31f02f823bbf264ed44d0d31fd31fd3fff404d15143baf2a15151baf2a205f901541064f910f2a3f80024a4c8cb1f5240cb1f5230cbff5210f400c9ed54f80f01d30721c0009f6c519320d74a96d307d402fb00e830e021c001e30021c002e30001c0039130e30d03a4c8cb1f12cb1fcbff1011121302e6d001d0d3032171b0925f04e022d749c120925f04e002d31f218210706c7567bd22821064737472bdb0925f05e003fa403020fa4401c8ca07cbffc9d0ed44d0810140d721f404305c810108f40a6fa131b3925f07e005d33fc8258210706c7567ba923830e30d03821064737472ba925f06e30d06070201200809007801fa00f40430f8276f2230500aa121bef2e0508210706c7567831eb17080185004cb0526cf1658fa0219f400cb6917cb1f5260cb3f20c98040fb0006008a5004810108f45930ed44d0810140d720c801cf16f400c9ed540172b08e23821064737472831eb17080185005cb055003cf1623fa0213cb6acb1fcb3fc98040fb00925f03e20201200a0b0059bd242b6f6a2684080a06b90fa0218470d4080847a4937d29910ce6903e9ff9837812801b7810148987159f31840201580c0d0011b8c97ed44d0d70b1f8003db29dfb513420405035c87d010c00b23281f2fff274006040423d029be84c600201200e0f0019adce76a26840206b90eb85ffc00019af1df6a26840106b90eb858fc0006ed207fa00d4d422f90005c8ca0715cbffc9d077748018c8cb05cb0222cf165005fa0214cb6b12ccccc973fb00c84014810108f451f2a7020070810108d718fa00d33fc8542047810108f451f2a782106e6f746570748018c8cb05cb025006cf165004fa0214cb6a12cb1fcb3fc973fb0002006c810108d718fa00d33f305224810108f459f2a782106473747270748018c8cb05cb025005cf165003fa0213cb6acb1f12cb3fc973fb00000af400c9ed54',
+    v5R1: 'b5ee9c7241021401000281000114ff00f4a413f4bcf2c80b01020120020d020148030402dcd020d749c120915b8f6320d70b1f2082106578746ebd21821073696e74bdb0925f03e082106578746eba8eb48020d72101d074d721fa4030fa44f828fa443058bd915be0ed44d0810141d721f4058307f40e6fa1319130e18040d721707fdb3ce03120d749810280b99130e070e2100f020120050c020120060902016e07080019adce76a2684020eb90eb85ffc00019af1df6a2684010eb90eb858fc00201480a0b0017b325fb51341c75c875c2c7e00011b262fb513435c280200019be5f0f6a2684080a0eb90fa02c0102f20e011e20d70b1f82107369676ebaf2e08a7f0f01e68ef0eda2edfb218308d722028308d723208020d721d31fd31fd31fed44d0d200d31f20d31fd3ffd70a000af90140ccf9109a28945f0adb31e1f2c087df02b35007b0f2d0845125baf2e0855036baf2e086f823bbf2d0882292f800de01a47fc8ca00cb1f01cf16c9ed542092f80fde70db3cd81003f6eda2edfb02f404216e926c218e4c0221d73930709421c700b38e2d01d72820761e436c20d749c008f2e09320d74ac002f2e09320d71d06c712c2005230b0f2d089d74cd7393001a4e86c128407bbf2e093d74ac000f2e093ed55e2d20001c000915be0ebd72c08142091709601d72c081c12e25210b1e30f20d74a111213009601fa4001fa44f828fa443058baf2e091ed44d0810141d718f405049d7fc8ca0040048307f453f2e08b8e14038307f45bf2e08c22d70a00216e01b3b0f2d090e2c85003cf1612f400c9ed54007230d72c08248e2d21f2e092d200ed44d0d2005113baf2d08f54503091319c01810140d721d70a00f2e08ee2c8ca0058cf16c9ed5493f2c08de20010935bdb31e1d74cd0b4d6c35e',
+};
+function pathError(message) {
+    return new TxnodInvalidXpubFormatError(syntheticDetails('invalid_xpub_format', 400, message));
+}
+function hex32(hex) {
+    if (hex.length !== 64 || !/^[0-9a-fA-F]+$/.test(hex)) {
+        throw pathError(`publicKeyHex must be 32 bytes (64 lowercase-hex chars), got '${hex}'.`);
+    }
+    const out = new Uint8Array(32);
+    for (let i = 0; i < 32; i++)
+        out[i] = parseInt(hex.slice(i * 2, i * 2 + 2), 16);
+    return out;
+}
+function buildDataCell(version, subwalletId, publicKeyHex) {
+    const pk = hex32(publicKeyHex);
+    switch (version) {
+        case 'v3R2':
+            return beginCell()
+                .storeUint(0, 32) // seqno
+                .storeUint(subwalletId, 32)
+                .storeBuffer(pk)
+                .endCell();
+        case 'v4R2':
+            return beginCell()
+                .storeUint(0, 32) // seqno
+                .storeUint(subwalletId, 32)
+                .storeBuffer(pk)
+                .storeBit(0) // empty plugins dict
+                .endCell();
+        case 'v5R1':
+            return beginCell()
+                .storeUint(1, 1) // signature auth allowed
+                .storeUint(0, 32) // seqno
+                .storeInt(subwalletId, 32) // walletId is signed int32 per W5 spec
+                .storeBuffer(pk)
+                .storeBit(0) // empty plugins dict
+                .endCell();
+    }
+}
+/**
+ * Locally verify that a TON operator-wallet address derives from the
+ * `(walletVersion, subwalletId, publicKeyHex, workchain)` tuple. Throws
+ * `AddressVerificationError` on mismatch (raw `<wc>:<hex>` form is compared
+ * after parse, never the user-friendly string). Throws
+ * `TxnodInvalidXpubFormatError` for malformed `publicKeyHex` (length ≠ 64,
+ * non-hex), unknown `walletVersion`, or workchain ∉ `{0, -1}`.
+ *
+ * Returns void on success.
+ *
+ * @example
+ * ```ts
+ * import { verifyTonAddress, AddressVerificationError } from '@txnod/sdk';
+ *
+ * try {
+ *   verifyTonAddress({
+ *     chain: 'ton',
+ *     publicKeyHex: '0000000000000000000000000000000000000000000000000000000000000001',
+ *     walletVersion: 'v3R2',
+ *     subwalletId: 698_983_191,
+ *     workchain: 0,
+ *     kind: 'production',
+ *     expectedAddress: 'UQBV4AQh9C66sbBNTwFMo96Tg7mtzmJZWDJzbRXxe8G8MXnb',
+ *   });
+ * } catch (err) {
+ *   if (err instanceof AddressVerificationError) {
+ *     console.error('ton verify failed', err.expected_address, err.derived_address);
+ *   } else {
+ *     throw err;
+ *   }
+ * }
+ * ```
+ */
+export function verifyTonAddress(input) {
+    if (input.workchain !== 0 && input.workchain !== -1) {
+        throw pathError(`workchain must be 0 or -1, got ${String(input.workchain)}.`);
+    }
+    if (!Object.hasOwn(WALLET_CODE_BOC, input.walletVersion)) {
+        throw pathError(`walletVersion '${String(input.walletVersion)}' is not supported (allowed: v3R2, v4R2, v5R1).`);
+    }
+    const codeBoCHex = WALLET_CODE_BOC[input.walletVersion];
+    if (!Number.isInteger(input.subwalletId) ||
+        input.subwalletId < -0x80000000 ||
+        input.subwalletId > 0xffffffff) {
+        throw pathError(`subwalletId must be a 32-bit integer, got ${String(input.subwalletId)}.`);
+    }
+    const parts = computeWalletAddress({
+        codeBoCHex,
+        subwalletId: input.subwalletId,
+        publicKeyHex: input.publicKeyHex,
+        workchain: input.workchain,
+        dataCellBuilder: ({ subwalletId, publicKeyHex }) => buildDataCell(input.walletVersion, subwalletId, publicKeyHex),
+    });
+    let expectedParts;
+    try {
+        expectedParts = parseAddress(input.expectedAddress);
+    }
+    catch {
+        throw pathError(`expectedAddress '${input.expectedAddress}' is not a valid TON address.`);
+    }
+    const isTestnet = input.kind === 'testnet';
+    const derivedAddress = serializeAddressUserFriendly(parts, {
+        bounceable: false,
+        testOnly: isTestnet,
+    });
+    // Raw `<wc>:<hex>` form carries no testOnly bit, so we only enforce the
+    // kind flag when the partner supplied a user-friendly EQ/UQ/kQ/0Q form.
+    const isUserFriendly = !input.expectedAddress.includes(':');
+    if (expectedParts.workchain !== parts.workchain ||
+        expectedParts.hex !== parts.hex ||
+        (isUserFriendly && expectedParts.testOnly !== isTestnet)) {
+        throw new AddressVerificationError({
+            chain: 'ton',
+            derivation_path: DERIVATION_PATH_SENTINEL,
+            expected_address: input.expectedAddress,
+            derived_address: derivedAddress,
+        });
+    }
+}
+//# sourceMappingURL=ton.js.map

package/dist/verify/chains/ton.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ton.js","sourceRoot":"","sources":["../../../src/verify/chains/ton.ts"],"names":[],"mappings":"AAeA,OAAO,EACL,SAAS,EACT,oBAAoB,EACpB,YAAY,EACZ,4BAA4B,GAE7B,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,2BAA2B,EAAE,MAAM,iBAAiB,CAAC;AAC9D,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;AACxE,OAAO,EAAE,wBAAwB,EAAE,MAAM,cAAc,CAAC;AAqCxD,MAAM,wBAAwB,GAAG,eAAe,CAAC;AAEjD,oDAAoD;AACpD,+EAA+E;AAC/E,iDAAiD;AACjD,MAAM,eAAe,GAAoD;IACvE,IAAI,EACF,kQAAkQ;IACpQ,IAAI,EACF,k8CAAk8C;IACp8C,IAAI,EACF,oyCAAoyC;CACvyC,CAAC;AAEF,SAAS,SAAS,CAAC,OAAe;IAChC,OAAO,IAAI,2BAA2B,CACpC,gBAAgB,CAAC,qBAAqB,EAAE,GAAG,EAAE,OAAO,CAAC,CACtD,CAAC;AACJ,CAAC;AAED,SAAS,KAAK,CAAC,GAAW;IACxB,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACrD,MAAM,SAAS,CACb,gEAAgE,GAAG,IAAI,CACxE,CAAC;IACJ,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IAC/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE;QAAE,GAAG,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAChF,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,aAAa,CACpB,OAAwC,EACxC,WAAmB,EACnB,YAAoB;IAEpB,MAAM,EAAE,GAAG,KAAK,CAAC,YAAY,CAAC,CAAC;IAC/B,QAAQ,OAAO,EAAE,CAAC;QAChB,KAAK,MAAM;YACT,OAAO,SAAS,EAAE;iBACf,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,QAAQ;iBACzB,SAAS,CAAC,WAAW,EAAE,EAAE,CAAC;iBAC1B,WAAW,CAAC,EAAE,CAAC;iBACf,OAAO,EAAE,CAAC;QACf,KAAK,MAAM;YACT,OAAO,SAAS,EAAE;iBACf,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,QAAQ;iBACzB,SAAS,CAAC,WAAW,EAAE,EAAE,CAAC;iBAC1B,WAAW,CAAC,EAAE,CAAC;iBACf,QAAQ,CAAC,CAAC,CAAC,CAAC,qBAAqB;iBACjC,OAAO,EAAE,CAAC;QACf,KAAK,MAAM;YACT,OAAO,SAAS,EAAE;iBACf,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,yBAAyB;iBACzC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,QAAQ;iBACzB,QAAQ,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,uCAAuC;iBACjE,WAAW,CAAC,EAAE,CAAC;iBACf,QAAQ,CAAC,CAAC,CAAC,CAAC,qBAAqB;iBACjC,OAAO,EAAE,CAAC;IACjB,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AACH,MAAM,UAAU,gBAAgB,CAAC,KAAqB;IACpD,IAAI,KAAK,CAAC,SAAS,KAAK,CAAC,IAAI,KAAK,CAAC,SAAS,KAAK,CAAC,CAAC,EAAE,CAAC;QACpD,MAAM,SAAS,CACb,kCAAkC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG,CAC7D,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,eAAe,EAAE,KAAK,CAAC,aAAa,CAAC,EAAE,CAAC;QACzD,MAAM,SAAS,CACb,kBAAkB,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,iDAAiD,CAC/F,CAAC;IACJ,CAAC;IACD,MAAM,UAAU,GAAG,eAAe,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;IACxD,IACE,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,WAAW,CAAC;QACpC,KAAK,CAAC,WAAW,GAAG,CAAC,UAAU;QAC/B,KAAK,CAAC,WAAW,GAAG,UAAU,EAC9B,CAAC;QACD,MAAM,SAAS,CACb,6CAA6C,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,CAC1E,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,oBAAoB,CAAC;QACjC,UAAU;QACV,WAAW,EAAE,KAAK,CAAC,WAAW;QAC9B,YAAY,EAAE,KAAK,CAAC,YAAY;QAChC,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,eAAe,EAAE,CAAC,EAAE,WAAW,EAAE,YAAY,EAAE,EAAE,EAAE,CACjD,aAAa,CAAC,KAAK,CAAC,aAAa,EAAE,WAAW,EAAE,YAAY,CAAC;KAChE,CAAC,CAAC;IAEH,IAAI,aAAoE,CAAC;IACzE,IAAI,CAAC;QACH,aAAa,GAAG,YAAY,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;IACtD,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,SAAS,CACb,oBAAoB,KAAK,CAAC,eAAe,+BAA+B,CACzE,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,KAAK,SAAS,CAAC;IAC3C,MAAM,cAAc,GAAG,4BAA4B,CAAC,KAAK,EAAE;QACzD,UAAU,EAAE,KAAK;QACjB,QAAQ,EAAE,SAAS;KACpB,CAAC,CAAC;IACH,wEAAwE;IACxE,wEAAwE;IACxE,MAAM,cAAc,GAAG,CAAC,KAAK,CAAC,eAAe,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAC5D,IACE,aAAa,CAAC,SAAS,KAAK,KAAK,CAAC,SAAS;QAC3C,aAAa,CAAC,GAAG,KAAK,KAAK,CAAC,GAAG;QAC/B,CAAC,cAAc,IAAI,aAAa,CAAC,QAAQ,KAAK,SAAS,CAAC,EACxD,CAAC;QACD,MAAM,IAAI,wBAAwB,CAAC;YACjC,KAAK,EAAE,KAAK;YACZ,eAAe,EAAE,wBAAwB;YACzC,gBAAgB,EAAE,KAAK,CAAC,eAAe;YACvC,eAAe,EAAE,cAAc;SAChC,CAAC,CAAC;IACL,CAAC;AACH,CAAC"}

package/dist/verify/chains/tron.d.ts

@@ -0,0 +1,21 @@
+/**
+ * TRON verification — BIP-44 coin_type=195'.
+ * Cross-checked byte-for-byte against server-side derivation in
+ * apps/web/lib/derivation/tron.ts (which uses the same allowlisted stack —
+ * near-verbatim port; Story 25.3 AC 9 fixture vectors).
+ *
+ * Sources:
+ *   - PRD FR96: SDK locally verifies createInvoice address derives from xpub.
+ *   - Architecture addendum §4.1, §4.3, AD-7.
+ *   - Discovery §C.6, §E.1.
+ *   - SLIP-0044 coin_type=195 (https://github.com/satoshilabs/slips/blob/master/slip-0044.md).
+ *   - TRON address spec (TRC-102).
+ */
+export interface VerifyTronInput {
+    xpub: string;
+    derivation_path: string;
+    expected_address: string;
+}
+/** Throws AddressVerificationError on mismatch; returns void on success. */
+export declare function verifyTron(input: VerifyTronInput): void;
+//# sourceMappingURL=tron.d.ts.map

package/dist/verify/chains/tron.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tron.d.ts","sourceRoot":"","sources":["../../../src/verify/chains/tron.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAWH,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,eAAe,EAAE,MAAM,CAAC;IACxB,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED,4EAA4E;AAC5E,wBAAgB,UAAU,CAAC,KAAK,EAAE,eAAe,GAAG,IAAI,CAoBvD"}

package/dist/verify/chains/tron.js

@@ -0,0 +1,42 @@
+/**
+ * TRON verification — BIP-44 coin_type=195'.
+ * Cross-checked byte-for-byte against server-side derivation in
+ * apps/web/lib/derivation/tron.ts (which uses the same allowlisted stack —
+ * near-verbatim port; Story 25.3 AC 9 fixture vectors).
+ *
+ * Sources:
+ *   - PRD FR96: SDK locally verifies createInvoice address derives from xpub.
+ *   - Architecture addendum §4.1, §4.3, AD-7.
+ *   - Discovery §C.6, §E.1.
+ *   - SLIP-0044 coin_type=195 (https://github.com/satoshilabs/slips/blob/master/slip-0044.md).
+ *   - TRON address spec (TRC-102).
+ */
+import { secp256k1 } from '@noble/curves/secp256k1.js';
+import { keccak_256 } from '@noble/hashes/sha3.js';
+import { sha256 } from '@noble/hashes/sha2.js';
+import { createBase58check } from '@scure/base';
+import { deriveSecp256k1ChildPubkey } from './secp256k1-bip32.js';
+import { AddressVerificationError } from '../errors.js';
+const b58check = createBase58check(sha256);
+/** Throws AddressVerificationError on mismatch; returns void on success. */
+export function verifyTron(input) {
+    const pubkey = deriveSecp256k1ChildPubkey({
+        xpub: input.xpub,
+        derivation_path: input.derivation_path,
+    });
+    const uncompressed = secp256k1.Point.fromBytes(pubkey).toBytes(false);
+    const hash = keccak_256(uncompressed.slice(1));
+    const addressBytes = new Uint8Array(21);
+    addressBytes[0] = 0x41;
+    addressBytes.set(hash.slice(-20), 1);
+    const derived = b58check.encode(addressBytes);
+    if (derived !== input.expected_address) {
+        throw new AddressVerificationError({
+            chain: 'tron',
+            derivation_path: input.derivation_path,
+            expected_address: input.expected_address,
+            derived_address: derived,
+        });
+    }
+}
+//# sourceMappingURL=tron.js.map

package/dist/verify/chains/tron.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tron.js","sourceRoot":"","sources":["../../../src/verify/chains/tron.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,4BAA4B,CAAC;AACvD,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AACnD,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EAAE,0BAA0B,EAAE,MAAM,sBAAsB,CAAC;AAClE,OAAO,EAAE,wBAAwB,EAAE,MAAM,cAAc,CAAC;AAExD,MAAM,QAAQ,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;AAQ3C,4EAA4E;AAC5E,MAAM,UAAU,UAAU,CAAC,KAAsB;IAC/C,MAAM,MAAM,GAAG,0BAA0B,CAAC;QACxC,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,eAAe,EAAE,KAAK,CAAC,eAAe;KACvC,CAAC,CAAC;IACH,MAAM,YAAY,GAAG,SAAS,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IACtE,MAAM,IAAI,GAAG,UAAU,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/C,MAAM,YAAY,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IACxC,YAAY,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;IACvB,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;IACrC,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IAE9C,IAAI,OAAO,KAAK,KAAK,CAAC,gBAAgB,EAAE,CAAC;QACvC,MAAM,IAAI,wBAAwB,CAAC;YACjC,KAAK,EAAE,MAAM;YACb,eAAe,EAAE,KAAK,CAAC,eAAe;YACtC,gBAAgB,EAAE,KAAK,CAAC,gBAAgB;YACxC,eAAe,EAAE,OAAO;SACzB,CAAC,CAAC;IACL,CAAC;AACH,CAAC"}

package/dist/verify/config.d.ts

@@ -0,0 +1,41 @@
+/**
+ * Parses TXNOD_*_XPUB env vars into a per-chain xpub-array record, plus the
+ * TON-specific tuple consumed by `verifyTonAddress`. Pure, sync, env-arg
+ * defaultable so tests can pass fixture records directly.
+ */
+import type { Chain } from '../_shared/index.js';
+declare const SUPPORTED_TON_WALLET_VERSIONS: readonly ["v3R2", "v4R2", "v5R1"];
+type TonWalletVersion = (typeof SUPPORTED_TON_WALLET_VERSIONS)[number];
+/** Resolved TON-specific config — all fields required, with sensible defaults. */
+export interface TonXpubConfig {
+    publicKeyHex: string;
+    walletVersion: TonWalletVersion;
+    subwalletId: number;
+    workchain: 0 | -1;
+}
+/**
+ * Parse the partner's TXNOD_*_XPUB env vars into a per-chain record of xpub
+ * arrays. Each value may be a single xpub, a comma-separated newest-first
+ * list, or a JSON array. Missing or empty entries become `[]`.
+ *
+ * TON has no xpub/derivation: see {@link parseTonConfig}.
+ */
+export declare function parseXpubConfig(env?: NodeJS.ProcessEnv): Record<Chain, string[]>;
+/**
+ * Parse the partner's TON-specific env vars into a {@link TonXpubConfig}.
+ * Returns `undefined` if `TXNOD_TON_PUBKEY` is unset — automatic TON address
+ * verification is then disabled (parity with omitting `TXNOD_<chain>_XPUB`
+ * for the HD chains).
+ *
+ * Required env: `TXNOD_TON_PUBKEY` — 64-char lowercase-hex of the operator's
+ * 32-byte Ed25519 public key (e.g. exported from a Ledger device or a TON
+ * wallet "Show recovery key" screen — never the secret key).
+ *
+ * Optional env (defaults match the most common Ledger TON setup):
+ *   - `TXNOD_TON_WALLET_VERSION` — 'v3R2' | 'v4R2' | 'v5R1' (default `v4R2`)
+ *   - `TXNOD_TON_SUBWALLET_ID`   — int32 (default 698_983_191)
+ *   - `TXNOD_TON_WORKCHAIN`      — 0 | -1 (default 0; basechain)
+ */
+export declare function parseTonConfig(env?: NodeJS.ProcessEnv): TonXpubConfig | undefined;
+export {};
+//# sourceMappingURL=config.d.ts.map

package/dist/verify/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/verify/config.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC;AAI3C,QAAA,MAAM,6BAA6B,mCAAoC,CAAC;AACxE,KAAK,gBAAgB,GAAG,CAAC,OAAO,6BAA6B,CAAC,CAAC,MAAM,CAAC,CAAC;AAEvE,kFAAkF;AAClF,MAAM,WAAW,aAAa;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,gBAAgB,CAAC;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;CACnB;AA8CD;;;;;;GAMG;AACH,wBAAgB,eAAe,CAC7B,GAAG,GAAE,MAAM,CAAC,UAAwB,GACnC,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,CAAC,CAazB;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,cAAc,CAC5B,GAAG,GAAE,MAAM,CAAC,UAAwB,GACnC,aAAa,GAAG,SAAS,CAkD3B"}

package/dist/verify/config.js

@@ -0,0 +1,120 @@
+/**
+ * Parses TXNOD_*_XPUB env vars into a per-chain xpub-array record, plus the
+ * TON-specific tuple consumed by `verifyTonAddress`. Pure, sync, env-arg
+ * defaultable so tests can pass fixture records directly.
+ */
+const SUPPORTED_CHAINS = ['btc', 'eth', 'tron', 'ada', 'polygon', 'bsc'];
+const SUPPORTED_TON_WALLET_VERSIONS = ['v3R2', 'v4R2', 'v5R1'];
+const DEFAULT_TON_WALLET_VERSION = 'v4R2';
+const DEFAULT_TON_SUBWALLET_ID = 698_983_191; // standard wallet_id for v3R2/v4R2
+const DEFAULT_TON_WORKCHAIN = 0;
+const ENV_VAR_TO_CHAIN = [
+    ['TXNOD_BTC_XPUB', 'btc'],
+    ['TXNOD_ETH_XPUB', 'eth'],
+    ['TXNOD_TRON_XPUB', 'tron'],
+    ['TXNOD_CARDANO_ACCOUNT_PUBKEY', 'ada'],
+    ['TXNOD_POLYGON_XPUB', 'polygon'],
+    ['TXNOD_BNB_XPUB', 'bsc'],
+];
+function parseValue(raw) {
+    // Disambiguation precedence: '[' → JSON array, ',' → CSV newest-first, else single.
+    const trimmedStart = raw.trimStart();
+    if (trimmedStart.startsWith('[')) {
+        const parsed = JSON.parse(trimmedStart);
+        if (!Array.isArray(parsed)) {
+            throw new TypeError(`xpub env var JSON value must be an array of strings; got ${typeof parsed}.`);
+        }
+        const out = [];
+        for (const el of parsed) {
+            if (typeof el !== 'string') {
+                throw new TypeError(`xpub env var JSON array element must be a string; got ${typeof el}.`);
+            }
+            const trimmed = el.trim();
+            if (trimmed.length > 0)
+                out.push(trimmed);
+        }
+        return out;
+    }
+    if (raw.includes(',')) {
+        return raw
+            .split(',')
+            .map((s) => s.trim())
+            .filter((s) => s.length > 0);
+    }
+    return [raw.trim()];
+}
+/**
+ * Parse the partner's TXNOD_*_XPUB env vars into a per-chain record of xpub
+ * arrays. Each value may be a single xpub, a comma-separated newest-first
+ * list, or a JSON array. Missing or empty entries become `[]`.
+ *
+ * TON has no xpub/derivation: see {@link parseTonConfig}.
+ */
+export function parseXpubConfig(env = process.env) {
+    const out = Object.fromEntries(SUPPORTED_CHAINS.map((c) => [c, []]));
+    out['ton'] = []; // TON is verified via parseTonConfig, not xpubs
+    for (const [envVar, chain] of ENV_VAR_TO_CHAIN) {
+        const raw = env[envVar];
+        if (raw === undefined)
+            continue;
+        const trimmed = raw.trim();
+        if (trimmed.length === 0)
+            continue;
+        out[chain] = parseValue(raw);
+    }
+    return out;
+}
+/**
+ * Parse the partner's TON-specific env vars into a {@link TonXpubConfig}.
+ * Returns `undefined` if `TXNOD_TON_PUBKEY` is unset — automatic TON address
+ * verification is then disabled (parity with omitting `TXNOD_<chain>_XPUB`
+ * for the HD chains).
+ *
+ * Required env: `TXNOD_TON_PUBKEY` — 64-char lowercase-hex of the operator's
+ * 32-byte Ed25519 public key (e.g. exported from a Ledger device or a TON
+ * wallet "Show recovery key" screen — never the secret key).
+ *
+ * Optional env (defaults match the most common Ledger TON setup):
+ *   - `TXNOD_TON_WALLET_VERSION` — 'v3R2' | 'v4R2' | 'v5R1' (default `v4R2`)
+ *   - `TXNOD_TON_SUBWALLET_ID`   — int32 (default 698_983_191)
+ *   - `TXNOD_TON_WORKCHAIN`      — 0 | -1 (default 0; basechain)
+ */
+export function parseTonConfig(env = process.env) {
+    const rawPk = env['TXNOD_TON_PUBKEY']?.trim();
+    if (rawPk === undefined || rawPk.length === 0)
+        return undefined;
+    const pk = rawPk.toLowerCase();
+    if (pk.length !== 64 || !/^[0-9a-f]{64}$/.test(pk)) {
+        throw new TypeError(`TXNOD_TON_PUBKEY must be 64 lowercase-hex chars (32-byte Ed25519 pubkey); got '${rawPk}'.`);
+    }
+    const versionRaw = env['TXNOD_TON_WALLET_VERSION']?.trim() ?? DEFAULT_TON_WALLET_VERSION;
+    if (!SUPPORTED_TON_WALLET_VERSIONS.includes(versionRaw)) {
+        throw new TypeError(`TXNOD_TON_WALLET_VERSION must be one of ${SUPPORTED_TON_WALLET_VERSIONS.join(', ')}; got '${versionRaw}'.`);
+    }
+    const walletVersion = versionRaw;
+    let subwalletId = DEFAULT_TON_SUBWALLET_ID;
+    const rawSwid = env['TXNOD_TON_SUBWALLET_ID']?.trim();
+    if (rawSwid !== undefined && rawSwid.length > 0) {
+        if (!/^-?\d+$/.test(rawSwid)) {
+            throw new TypeError(`TXNOD_TON_SUBWALLET_ID must be an integer; got '${rawSwid}'.`);
+        }
+        const n = Number(rawSwid);
+        if (!Number.isFinite(n) || !Number.isInteger(n) || n < -0x80000000 || n > 0xffffffff) {
+            throw new TypeError(`TXNOD_TON_SUBWALLET_ID out of int32 range; got ${rawSwid}.`);
+        }
+        subwalletId = n;
+    }
+    let workchain = DEFAULT_TON_WORKCHAIN;
+    const rawWc = env['TXNOD_TON_WORKCHAIN']?.trim();
+    if (rawWc !== undefined && rawWc.length > 0) {
+        if (rawWc === '0')
+            workchain = 0;
+        else if (rawWc === '-1')
+            workchain = -1;
+        else {
+            throw new TypeError(`TXNOD_TON_WORKCHAIN must be '0' or '-1'; got '${rawWc}'.`);
+        }
+    }
+    return { publicKeyHex: pk, walletVersion, subwalletId, workchain };
+}
+//# sourceMappingURL=config.js.map

package/dist/verify/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/verify/config.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,MAAM,gBAAgB,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,CAAqC,CAAC;AAE7G,MAAM,6BAA6B,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAU,CAAC;AAWxE,MAAM,0BAA0B,GAAqB,MAAM,CAAC;AAC5D,MAAM,wBAAwB,GAAG,WAAW,CAAC,CAAC,mCAAmC;AACjF,MAAM,qBAAqB,GAAW,CAAC,CAAC;AAExC,MAAM,gBAAgB,GAA4C;IAChE,CAAC,gBAAgB,EAAE,KAAK,CAAC;IACzB,CAAC,gBAAgB,EAAE,KAAK,CAAC;IACzB,CAAC,iBAAiB,EAAE,MAAM,CAAC;IAC3B,CAAC,8BAA8B,EAAE,KAAK,CAAC;IACvC,CAAC,oBAAoB,EAAE,SAAS,CAAC;IACjC,CAAC,gBAAgB,EAAE,KAAK,CAAC;CAC1B,CAAC;AAEF,SAAS,UAAU,CAAC,GAAW;IAC7B,oFAAoF;IACpF,MAAM,YAAY,GAAG,GAAG,CAAC,SAAS,EAAE,CAAC;IACrC,IAAI,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACjC,MAAM,MAAM,GAAY,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QACjD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,SAAS,CACjB,4DAA4D,OAAO,MAAM,GAAG,CAC7E,CAAC;QACJ,CAAC;QACD,MAAM,GAAG,GAAa,EAAE,CAAC;QACzB,KAAK,MAAM,EAAE,IAAI,MAAM,EAAE,CAAC;YACxB,IAAI,OAAO,EAAE,KAAK,QAAQ,EAAE,CAAC;gBAC3B,MAAM,IAAI,SAAS,CACjB,yDAAyD,OAAO,EAAE,GAAG,CACtE,CAAC;YACJ,CAAC;YACD,MAAM,OAAO,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC;YAC1B,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC;gBAAE,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC5C,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO,GAAG;aACP,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;aACpB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACjC,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;AACtB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,eAAe,CAC7B,MAAyB,OAAO,CAAC,GAAG;IAEpC,MAAM,GAAG,GAAG,MAAM,CAAC,WAAW,CAC5B,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAc,CAAC,CAAC,CACtB,CAAC;IAC7B,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,gDAAgD;IACjE,KAAK,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,IAAI,gBAAgB,EAAE,CAAC;QAC/C,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC;QACxB,IAAI,GAAG,KAAK,SAAS;YAAE,SAAS;QAChC,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;QAC3B,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QACnC,GAAG,CAAC,KAAK,CAAC,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,cAAc,CAC5B,MAAyB,OAAO,CAAC,GAAG;IAEpC,MAAM,KAAK,GAAG,GAAG,CAAC,kBAAkB,CAAC,EAAE,IAAI,EAAE,CAAC;IAC9C,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IAChE,MAAM,EAAE,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;IAC/B,IAAI,EAAE,CAAC,MAAM,KAAK,EAAE,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;QACnD,MAAM,IAAI,SAAS,CACjB,kFAAkF,KAAK,IAAI,CAC5F,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,GAAG,CAAC,0BAA0B,CAAC,EAAE,IAAI,EAAE,IAAI,0BAA0B,CAAC;IACzF,IACE,CAAE,6BAAmD,CAAC,QAAQ,CAAC,UAAU,CAAC,EAC1E,CAAC;QACD,MAAM,IAAI,SAAS,CACjB,2CAA2C,6BAA6B,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,UAAU,IAAI,CAC5G,CAAC;IACJ,CAAC;IACD,MAAM,aAAa,GAAG,UAA8B,CAAC;IAErD,IAAI,WAAW,GAAG,wBAAwB,CAAC;IAC3C,MAAM,OAAO,GAAG,GAAG,CAAC,wBAAwB,CAAC,EAAE,IAAI,EAAE,CAAC;IACtD,IAAI,OAAO,KAAK,SAAS,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChD,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7B,MAAM,IAAI,SAAS,CACjB,mDAAmD,OAAO,IAAI,CAC/D,CAAC;QACJ,CAAC;QACD,MAAM,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC;QAC1B,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,IAAI,CAAC,GAAG,UAAU,EAAE,CAAC;YACrF,MAAM,IAAI,SAAS,CACjB,kDAAkD,OAAO,GAAG,CAC7D,CAAC;QACJ,CAAC;QACD,WAAW,GAAG,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,SAAS,GAAW,qBAAqB,CAAC;IAC9C,MAAM,KAAK,GAAG,GAAG,CAAC,qBAAqB,CAAC,EAAE,IAAI,EAAE,CAAC;IACjD,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5C,IAAI,KAAK,KAAK,GAAG;YAAE,SAAS,GAAG,CAAC,CAAC;aAC5B,IAAI,KAAK,KAAK,IAAI;YAAE,SAAS,GAAG,CAAC,CAAC,CAAC;aACnC,CAAC;YACJ,MAAM,IAAI,SAAS,CACjB,iDAAiD,KAAK,IAAI,CAC3D,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,YAAY,EAAE,EAAE,EAAE,aAAa,EAAE,WAAW,EAAE,SAAS,EAAE,CAAC;AACrE,CAAC"}

package/dist/verify/errors.d.ts

@@ -0,0 +1,56 @@
+import { TxnodError } from '../errors.js';
+import type { Chain } from '../_shared/index.js';
+/**
+ * Thrown by chain-level verify functions (verifyBtc, verifyEvm, verifyTron,
+ * verifyPolygon, verifyBsc) when the address derived from the operator's
+ * registered xpub at the given derivation_path does NOT match the address
+ * returned by the API. The orchestrator (Story 25.5) re-throws after
+ * iterating all xpubs in the multi-xpub list (AD-10).
+ *
+ * Sources:
+ *   - PRD FR96: SDK locally verifies createInvoice address derives from xpub.
+ *   - Architecture addendum §4.3 (public API + edge cases (a)(b)).
+ *   - Discovery §E.2 (Cardano stake-substitution defense informs why no
+ *     stake-only compare is permitted; for BTC/EVM/TRON the address fully
+ *     determines the funds destination, so a strict-equality compare suffices).
+ *
+ * @example
+ * ```ts
+ * import { TxnodClient } from '@txnod/sdk';
+ *
+ * const client = new TxnodClient({
+ *   projectId: process.env.TXNOD_PROJECT_ID!,
+ *   apiSecret: process.env.TXNOD_API_SECRET!,
+ * });
+ *
+ * try {
+ *   const invoice = await client.createInvoice({
+ *     amount_usd: 10.0,
+ *     coin: 'btc',
+ *     external_id: 'order-123',
+ *     callback_url: 'https://my-site.com/webhooks/txnod',
+ *   });
+ *   console.log(invoice.address);
+ * } catch (err) {
+ *   if (err instanceof AddressVerificationError) {
+ *     console.error('Address verify failed', err.chain, err.expected_address, err.derived_address);
+ *   } else {
+ *     throw err;
+ *   }
+ * }
+ * ```
+ */
+export declare class AddressVerificationError extends TxnodError {
+    readonly kind: "address_verification";
+    readonly chain: Chain;
+    readonly derivation_path: string;
+    readonly expected_address: string;
+    readonly derived_address: string;
+    constructor(input: {
+        chain: Chain;
+        derivation_path: string;
+        expected_address: string;
+        derived_address: string;
+    });
+}
+//# sourceMappingURL=errors.d.ts.map

package/dist/verify/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../src/verify/errors.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAE1C,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC;AAE3C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuCG;AACH,qBAAa,wBAAyB,SAAQ,UAAU;IACtD,SAAkB,IAAI,EAAG,sBAAsB,CAAU;IACzD,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC;IACtB,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;gBAErB,KAAK,EAAE;QACjB,KAAK,EAAE,KAAK,CAAC;QACb,eAAe,EAAE,MAAM,CAAC;QACxB,gBAAgB,EAAE,MAAM,CAAC;QACzB,eAAe,EAAE,MAAM,CAAC;KACzB;CAcF"}

package/dist/verify/errors.js

@@ -0,0 +1,58 @@
+import { TxnodError } from '../errors.js';
+import { syntheticDetails } from '../internals/synthetic-details.js';
+/**
+ * Thrown by chain-level verify functions (verifyBtc, verifyEvm, verifyTron,
+ * verifyPolygon, verifyBsc) when the address derived from the operator's
+ * registered xpub at the given derivation_path does NOT match the address
+ * returned by the API. The orchestrator (Story 25.5) re-throws after
+ * iterating all xpubs in the multi-xpub list (AD-10).
+ *
+ * Sources:
+ *   - PRD FR96: SDK locally verifies createInvoice address derives from xpub.
+ *   - Architecture addendum §4.3 (public API + edge cases (a)(b)).
+ *   - Discovery §E.2 (Cardano stake-substitution defense informs why no
+ *     stake-only compare is permitted; for BTC/EVM/TRON the address fully
+ *     determines the funds destination, so a strict-equality compare suffices).
+ *
+ * @example
+ * ```ts
+ * import { TxnodClient } from '@txnod/sdk';
+ *
+ * const client = new TxnodClient({
+ *   projectId: process.env.TXNOD_PROJECT_ID!,
+ *   apiSecret: process.env.TXNOD_API_SECRET!,
+ * });
+ *
+ * try {
+ *   const invoice = await client.createInvoice({
+ *     amount_usd: 10.0,
+ *     coin: 'btc',
+ *     external_id: 'order-123',
+ *     callback_url: 'https://my-site.com/webhooks/txnod',
+ *   });
+ *   console.log(invoice.address);
+ * } catch (err) {
+ *   if (err instanceof AddressVerificationError) {
+ *     console.error('Address verify failed', err.chain, err.expected_address, err.derived_address);
+ *   } else {
+ *     throw err;
+ *   }
+ * }
+ * ```
+ */
+export class AddressVerificationError extends TxnodError {
+    kind = 'address_verification';
+    chain;
+    derivation_path;
+    expected_address;
+    derived_address;
+    constructor(input) {
+        super(syntheticDetails('auth_invalid', 400, `Address verification failed for chain '${input.chain}': expected '${input.expected_address}', derived '${input.derived_address}' from path '${input.derivation_path}'.`));
+        this.name = 'AddressVerificationError';
+        this.chain = input.chain;
+        this.derivation_path = input.derivation_path;
+        this.expected_address = input.expected_address;
+        this.derived_address = input.derived_address;
+    }
+}
+//# sourceMappingURL=errors.js.map

package/dist/verify/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../src/verify/errors.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AAGrE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuCG;AACH,MAAM,OAAO,wBAAyB,SAAQ,UAAU;IACpC,IAAI,GAAG,sBAA+B,CAAC;IAChD,KAAK,CAAQ;IACb,eAAe,CAAS;IACxB,gBAAgB,CAAS;IACzB,eAAe,CAAS;IAEjC,YAAY,KAKX;QACC,KAAK,CACH,gBAAgB,CACd,cAAc,EACd,GAAG,EACH,0CAA0C,KAAK,CAAC,KAAK,gBAAgB,KAAK,CAAC,gBAAgB,eAAe,KAAK,CAAC,eAAe,gBAAgB,KAAK,CAAC,eAAe,IAAI,CACzK,CACF,CAAC;QACF,IAAI,CAAC,IAAI,GAAG,0BAA0B,CAAC;QACvC,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC;QACzB,IAAI,CAAC,eAAe,GAAG,KAAK,CAAC,eAAe,CAAC;QAC7C,IAAI,CAAC,gBAAgB,GAAG,KAAK,CAAC,gBAAgB,CAAC;QAC/C,IAAI,CAAC,eAAe,GAAG,KAAK,CAAC,eAAe,CAAC;IAC/C,CAAC;CACF"}