@vbyte/btc-dev 1.0.14 → 1.1.0

package/dist/module.mjs

@@ -785,7 +785,7 @@ const crypto$1 = typeof globalThis === 'object' && 'crypto' in globalThis ? glob
 // Makes the utils un-importable in browsers without a bundler.
 // Once node.js 18 is deprecated (2025-04-30), we can just drop the import.
 /** Checks if something is Uint8Array. Be careful: nodejs Buffer will return true. */
-function isBytes$3(a) {
+function isBytes$1(a) {
     return a instanceof Uint8Array || (ArrayBuffer.isView(a) && a.constructor.name === 'Uint8Array');
 }
 /** Asserts something is positive integer. */
@@ -795,7 +795,7 @@ function anumber$1(n) {
 }
 /** Asserts something is Uint8Array. */
 function abytes$1(b, ...lengths) {
-    if (!isBytes$3(b))
+    if (!isBytes$1(b))
         throw new Error('Uint8Array expected');
     if (lengths.length > 0 && !lengths.includes(b.length))
         throw new Error('Uint8Array expected of length ' + lengths + ', got length=' + b.length);
@@ -829,7 +829,7 @@ function clean(...arrays) {
     }
 }
 /** Create DataView of an array for easy byte-level manipulation. */
-function createView$1(arr) {
+function createView(arr) {
     return new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
 }
 /** The rotate right (circular right shift) operation for uint32 */
@@ -841,7 +841,7 @@ function rotl(word, shift) {
     return (word << shift) | ((word >>> (32 - shift)) >>> 0);
 }
 // Built-in hex conversion https://caniuse.com/mdn-javascript_builtins_uint8array_fromhex
-const hasHexBuiltin$1 = /* @__PURE__ */ (() => 
+const hasHexBuiltin = /* @__PURE__ */ (() => 
 // @ts-ignore
 typeof Uint8Array.from([]).toHex === 'function' && typeof Uint8Array.fromHex === 'function')();
 // Array where index 0xf0 (240) is mapped to string 'f0'
@@ -853,7 +853,7 @@ const hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(1
 function bytesToHex(bytes) {
     abytes$1(bytes);
     // @ts-ignore
-    if (hasHexBuiltin$1)
+    if (hasHexBuiltin)
         return bytes.toHex();
     // pre-caching improves the speed 6x
     let hex = '';
@@ -881,7 +881,7 @@ function hexToBytes(hex) {
     if (typeof hex !== 'string')
         throw new Error('hex string expected, got ' + typeof hex);
     // @ts-ignore
-    if (hasHexBuiltin$1)
+    if (hasHexBuiltin)
         return Uint8Array.fromHex(hex);
     const hl = hex.length;
     const al = hl / 2;
@@ -920,7 +920,7 @@ function toBytes(data) {
     return data;
 }
 /** Copies several Uint8Arrays into one. */
-function concatBytes$2(...arrays) {
+function concatBytes(...arrays) {
     let sum = 0;
     for (let i = 0; i < arrays.length; i++) {
         const a = arrays[i];
@@ -1000,7 +1000,7 @@ class HashMD extends Hash {
         this.padOffset = padOffset;
         this.isLE = isLE;
         this.buffer = new Uint8Array(blockLen);
-        this.view = createView$1(this.buffer);
+        this.view = createView(this.buffer);
     }
     update(data) {
         aexists(this);
@@ -1012,7 +1012,7 @@ class HashMD extends Hash {
             const take = Math.min(blockLen - this.pos, len - pos);
             // Fast path: we have at least one block in input, cast it to view and process
             if (take === blockLen) {
-                const dataView = createView$1(data);
+                const dataView = createView(data);
                 for (; blockLen <= len - pos; pos += blockLen)
                     this.process(dataView, pos);
                 continue;
@@ -1055,7 +1055,7 @@ class HashMD extends Hash {
         // So we just write lowest 64 bits of that value.
         setBigUint64(view, blockLen - 8, BigInt(this.length * 8), isLE);
         this.process(view, 0);
-        const oview = createView$1(out);
+        const oview = createView(out);
         const len = this.outputLen;
         // NOTE: we do division by 4 later, which should be fused in single op with modulo by JIT
         if (len % 4)
@@ -1346,7 +1346,7 @@ function ensureBytes(title, hex, expectedLength) {
             throw new Error(title + ' must be hex string or Uint8Array, cause: ' + e);
         }
     }
-    else if (isBytes$3(hex)) {
+    else if (isBytes$1(hex)) {
         // Uint8Array.from() instead of hash.slice() because node.js Buffer
         // is instance of Uint8Array, and its slice() creates **mutable** copy
         res = Uint8Array.from(hex);
@@ -1451,7 +1451,7 @@ function createHmacDrbg(hashLen, qByteLen, hmacFn) {
             out.push(sl);
             len += v.length;
         }
-        return concatBytes$2(...out);
+        return concatBytes(...out);
     };
     const genUntil = (seed, pred) => {
         reset();
@@ -2521,10 +2521,10 @@ function weierstrassN(CURVE, curveOpts = {}) {
         if (isCompressed) {
             assertCompressionIsSupported();
             const hasEvenY = !Fp.isOdd(y);
-            return concatBytes$2(pprefix(hasEvenY), bx);
+            return concatBytes(pprefix(hasEvenY), bx);
         }
         else {
-            return concatBytes$2(Uint8Array.of(0x04), bx, Fp.toBytes(y));
+            return concatBytes(Uint8Array.of(0x04), bx, Fp.toBytes(y));
         }
     }
     function pointFromBytes(bytes) {
@@ -2971,7 +2971,7 @@ function ecdsa(Point, ecdsaOpts, curveOpts = {}) {
     });
     const randomBytes_ = ecdsaOpts.randomBytes || randomBytes;
     const hmac_ = ecdsaOpts.hmac ||
-        ((key, ...msgs) => hmac(ecdsaOpts.hash, key, concatBytes$2(...msgs)));
+        ((key, ...msgs) => hmac(ecdsaOpts.hash, key, concatBytes(...msgs)));
     const { Fp, Fn } = Point;
     const { ORDER: CURVE_ORDER, BITS: fnBits } = Fn;
     function isBiggerThanHalfOrder(number) {
@@ -3039,7 +3039,7 @@ function ecdsa(Point, ecdsaOpts, curveOpts = {}) {
             if (!Fp.isValid(radj))
                 throw new Error('recovery id 2 or 3 invalid');
             const x = Fp.toBytes(radj);
-            const R = Point.fromHex(concatBytes$2(pprefix((rec & 1) === 0), x));
+            const R = Point.fromHex(concatBytes(pprefix((rec & 1) === 0), x));
             const ir = Fn.inv(radj); // r^-1
             const h = bits2int_modN(ensureBytes('msgHash', msgHash)); // Truncate hash
             const u1 = Fn.create(-h * ir); // -hr^-1
@@ -3060,7 +3060,7 @@ function ecdsa(Point, ecdsaOpts, curveOpts = {}) {
         }
         toBytes(format) {
             if (format === 'compact')
-                return concatBytes$2(Fn.toBytes(this.r), Fn.toBytes(this.s));
+                return concatBytes(Fn.toBytes(this.r), Fn.toBytes(this.s));
             if (format === 'der')
                 return hexToBytes(DER.hexFromSig(this));
             throw new Error('invalid format');
@@ -3208,7 +3208,7 @@ function ecdsa(Point, ecdsaOpts, curveOpts = {}) {
             const e = ent === true ? randomBytes_(Fp.BYTES) : ent; // generate random bytes OR pass as-is
             seedArgs.push(ensureBytes('extraEntropy', e)); // check for being bytes
         }
-        const seed = concatBytes$2(...seedArgs); // Step D of RFC6979 3.2
+        const seed = concatBytes(...seedArgs); // Step D of RFC6979 3.2
         const m = h1int; // NOTE: no need to call bits2int second time here, it is inside truncateHash!
         // Converts signature params into point w r/s, checks result for validity.
         // Can use scalar blinding b^-1(bm + bdr) where b ∈ [1,q−1] according to
@@ -3285,7 +3285,7 @@ function ecdsa(Point, ecdsaOpts, curveOpts = {}) {
             throw new Error('options.strict was renamed to lowS');
         if (format !== undefined && !['compact', 'der', 'js'].includes(format))
             throw new Error('format must be "compact", "der" or "js"');
-        const isHex = typeof sg === 'string' || isBytes$3(sg);
+        const isHex = typeof sg === 'string' || isBytes$1(sg);
         const isObj = !isHex &&
             !format &&
             typeof sg === 'object' &&
@@ -3534,22 +3534,22 @@ function taggedHash(tag, ...messages) {
     let tagP = TAGGED_HASH_PREFIXES[tag];
     if (tagP === undefined) {
         const tagH = sha256$1(Uint8Array.from(tag, (c) => c.charCodeAt(0)));
-        tagP = concatBytes$2(tagH, tagH);
+        tagP = concatBytes(tagH, tagH);
         TAGGED_HASH_PREFIXES[tag] = tagP;
     }
-    return sha256$1(concatBytes$2(tagP, ...messages));
+    return sha256$1(concatBytes(tagP, ...messages));
 }
 // ECDSA compact points are 33-byte. Schnorr is 32: we strip first byte 0x02 or 0x03
 const pointToBytes = (point) => point.toBytes(true).slice(1);
 const numTo32b = (n) => numberToBytesBE(n, 32);
 const modP = (x) => mod(x, secp256k1_CURVE.p);
 const modN = (x) => mod(x, secp256k1_CURVE.n);
-const Point$1 = /* @__PURE__ */ (() => secp256k1.Point)();
+const Point = /* @__PURE__ */ (() => secp256k1.Point)();
 const hasEven = (y) => y % _2n === _0n$1;
 // Calculate point, scalar and bytes
 function schnorrGetExtPubKey(priv) {
     let d_ = secp256k1.utils.normPrivateKeyToScalar(priv); // same method executed in fromPrivateKey
-    let p = Point$1.fromPrivateKey(d_); // P = d'⋅G; 0 < d' < n check is done inside
+    let p = Point.fromPrivateKey(d_); // P = d'⋅G; 0 < d' < n check is done inside
     const scalar = hasEven(p.y) ? d_ : modN(-d_);
     return { scalar: scalar, bytes: pointToBytes(p) };
 }
@@ -3564,7 +3564,7 @@ function lift_x(x) {
     let y = sqrtMod(c); // Let y = c^(p+1)/4 mod p.
     if (!hasEven(y))
         y = modP(-y); // Return the unique point P such that x(P) = x and
-    const p = Point$1.fromAffine({ x, y }); // y(P) = y if y mod 2 = 0 or y(P) = p-y otherwise.
+    const p = Point.fromAffine({ x, y }); // y(P) = y if y mod 2 = 0 or y(P) = p-y otherwise.
     p.assertValidity();
     return p;
 }
@@ -3622,7 +3622,7 @@ function schnorrVerify(signature, message, publicKey) {
             return false;
         const e = challenge(numTo32b(r), pointToBytes(P), m); // int(challenge(bytes(r)||bytes(P)||m))%n
         // R = s⋅G - e⋅P, where -eP == (n-e)P
-        const R = Point$1.BASE.multiplyUnsafe(s).add(P.multiplyUnsafe(modN(-e)));
+        const R = Point.BASE.multiplyUnsafe(s).add(P.multiplyUnsafe(modN(-e)));
         const { x, y } = R.toAffine();
         // Fail if is_infinite(R) / not has_even_y(R) / x(R) ≠ r.
         if (R.is0() || !hasEven(y) || x !== r)
@@ -3841,7 +3841,7 @@ class RIPEMD160 extends HashMD {
  */
 const ripemd160 = /* @__PURE__ */ createHasher(() => new RIPEMD160());
 
-function hash160$1(...input) {
+function hash160(...input) {
     const buffer = Buff.join(input);
     const digest = ripemd160(sha256$1(buffer));
     return new Buff(digest);
@@ -7768,7 +7768,7 @@ float.refine((e) => {
     const parts = String(e).split('.').at(1);
     return parts !== undefined && parts.length <= 2;
 });
-const hex$1 = stringType()
+const hex = stringType()
     .regex(/^[0-9a-fA-F]*$/)
     .refine(e => e.length % 2 === 0);
 const literal = unionType([
@@ -7779,11 +7779,11 @@ u8a.refine((e) => e.length === 20);
 const u8a32 = u8a.refine((e) => e.length === 32);
 const u8a33 = u8a.refine((e) => e.length === 33);
 const u8a64 = u8a.refine((e) => e.length === 64);
-hex$1.refine((e) => e.length === 40);
-const hex32 = hex$1.refine((e) => e.length === 64);
-const hex33 = hex$1.refine((e) => e.length === 66);
-const hex64 = hex$1.refine((e) => e.length === 128);
-unionType([hex$1, u8a]);
+hex.refine((e) => e.length === 40);
+const hex32 = hex.refine((e) => e.length === 64);
+const hex33 = hex.refine((e) => e.length === 66);
+const hex64 = hex.refine((e) => e.length === 128);
+unionType([hex, u8a]);
 const byte32 = unionType([hex32, u8a32]);
 unionType([hex33, u8a33]);
 unionType([hex64, u8a64]);
@@ -7793,12 +7793,12 @@ stringType().regex(/^[a-zA-Z0-9\-_]+={0,2}$/);
 stringType().regex(/^[a-z]+1[023456789acdefghjklmnpqrstuvwxyz]+$/);
 
 /*! scure-base - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-function isBytes$2(a) {
+function isBytes(a) {
     return a instanceof Uint8Array || (ArrayBuffer.isView(a) && a.constructor.name === 'Uint8Array');
 }
 /** Asserts something is Uint8Array. */
 function abytes(b, ...lengths) {
-    if (!isBytes$2(b))
+    if (!isBytes(b))
         throw new Error('Uint8Array expected');
     if (lengths.length > 0 && !lengths.includes(b.length))
         throw new Error('Uint8Array expected of length ' + lengths + ', got length=' + b.length);
@@ -7933,13 +7933,6 @@ function padding(bits, chr = '=') {
         },
     };
 }
-/**
- * @__NO_SIDE_EFFECTS__
- */
-function normalize(fn) {
-    afn(fn);
-    return { encode: (from) => from, decode: (to) => fn(to) };
-}
 /**
  * Slow: O(n^2) time complexity
  */
@@ -8051,7 +8044,7 @@ function radix(num) {
     const _256 = 2 ** 8;
     return {
         encode: (bytes) => {
-            if (!isBytes$2(bytes))
+            if (!isBytes(bytes))
                 throw new Error('radix.encode input should be Uint8Array');
             return convertRadix(Array.from(bytes), _256, num);
         },
@@ -8074,7 +8067,7 @@ function radix2(bits, revPadding = false) {
         throw new Error('radix2: carry overflow');
     return {
         encode: (bytes) => {
-            if (!isBytes$2(bytes))
+            if (!isBytes(bytes))
                 throw new Error('radix2.encode input should be Uint8Array');
             return convertRadix2(Array.from(bytes), 8, bits, !revPadding);
         },
@@ -8098,7 +8091,7 @@ function checksum(len, fn) {
     afn(fn);
     return {
         encode(data) {
-            if (!isBytes$2(data))
+            if (!isBytes(data))
                 throw new Error('checksum.encode: input should be Uint8Array');
             const sum = fn(data).slice(0, len);
             const res = new Uint8Array(data.length + len);
@@ -8107,7 +8100,7 @@ function checksum(len, fn) {
             return res;
         },
         decode(data) {
-            if (!isBytes$2(data))
+            if (!isBytes(data))
                 throw new Error('checksum.decode: input should be Uint8Array');
             const payload = data.slice(0, -len);
             const oldChecksum = data.slice(-len);
@@ -8220,7 +8213,7 @@ function genBech32(encoding) {
     const fromWordsUnsafe = unsafeWrapper(fromWords);
     function encode(prefix, words, limit = 90) {
         astr('bech32.encode prefix', prefix);
-        if (isBytes$2(words))
+        if (isBytes(words))
             words = Array.from(words);
         anumArr('bech32.encode', words);
         const plen = prefix.length;
@@ -8287,42 +8280,6 @@ const bech32 = genBech32('bech32');
  * https://github.com/paulmillr/scure-btc-signer.
  */
 const bech32m = genBech32('bech32m');
-/**
- * UTF-8-to-byte decoder. Uses built-in TextDecoder / TextEncoder.
- * @example
- * ```js
- * const b = utf8.decode("hey"); // => new Uint8Array([ 104, 101, 121 ])
- * const str = utf8.encode(b); // "hey"
- * ```
- */
-const utf8 = {
-    encode: (data) => new TextDecoder().decode(data),
-    decode: (str) => new TextEncoder().encode(str),
-};
-// Built-in hex conversion https://caniuse.com/mdn-javascript_builtins_uint8array_fromhex
-// prettier-ignore
-const hasHexBuiltin = /* @__PURE__ */ (() => typeof Uint8Array.from([]).toHex === 'function' &&
-    typeof Uint8Array.fromHex === 'function')();
-// prettier-ignore
-const hexBuiltin = {
-    encode(data) { abytes(data); return data.toHex(); },
-    decode(s) { astr('hex', s); return Uint8Array.fromHex(s); },
-};
-/**
- * hex string decoder. Uses built-in function, when available.
- * @example
- * ```js
- * const b = hex.decode("0102ff"); // => new Uint8Array([ 1, 2, 255 ])
- * const str = hex.encode(b); // "0102ff"
- * ```
- */
-const hex = hasHexBuiltin
-    ? hexBuiltin
-    : chain(radix2(4), alphabet('0123456789abcdef'), join(''), normalize((s) => {
-        if (typeof s !== 'string' || s.length % 2 !== 0)
-            throw new TypeError(`hex.decode: expected string, got ${typeof s} with length ${s.length}`);
-        return s.toLowerCase();
-    }));
 
 var B58chk;
 (function (B58chk) {
@@ -8586,7 +8543,7 @@ var P2PKH;
 })(P2PKH || (P2PKH = {}));
 function create_p2pkh_address(script, network = 'main') {
     const bytes = Buff.bytes(script);
-    const hash = hash160$1(bytes);
+    const hash = hash160(bytes);
     return encode_p2pkh_address(hash, network);
 }
 function encode_p2pkh_address(pk_hash, network = 'main') {
@@ -8615,7 +8572,7 @@ var P2SH;
 })(P2SH || (P2SH = {}));
 function create_p2sh_address(script, network = 'main') {
     const bytes = Buff.bytes(script);
-    const hash = hash160$1(bytes);
+    const hash = hash160(bytes);
     return encode_p2sh_address(hash, network);
 }
 function encode_p2sh_address(script_hash, network = 'main') {
@@ -8645,7 +8602,7 @@ var P2WPKH;
 function create_p2wpkh_address(pubkey, network = 'main') {
     const bytes = Buff.bytes(pubkey);
     Assert.size(bytes, 33, `invalid payload size: ${bytes.length} !== 33`);
-    const hash = hash160$1(bytes);
+    const hash = hash160(bytes);
     return encode_p2wpkh_address(hash, network);
 }
 function encode_p2wpkh_address(pk_hash, network = 'main') {
@@ -8727,7 +8684,7 @@ var AddressTool;
     AddressTool.parse = parse_address;
 })(AddressTool || (AddressTool = {}));
 
-var index$9 = /*#__PURE__*/Object.freeze({
+var index$8 = /*#__PURE__*/Object.freeze({
     __proto__: null,
     get AddressTool () { return AddressTool; },
     get P2PKH () { return P2PKH; },
@@ -9398,7 +9355,7 @@ function parse_height(height) {
     return height;
 }
 
-var index$8 = /*#__PURE__*/Object.freeze({
+var index$7 = /*#__PURE__*/Object.freeze({
     __proto__: null,
     get LocktimeUtil () { return LocktimeUtil; },
     get RefEncoder () { return RefEncoder; },
@@ -9412,3977 +9369,81 @@ var index$8 = /*#__PURE__*/Object.freeze({
     encode_sequence: encode_sequence
 });
 
-/**
- * Define complex binary structures using composable primitives.
- * Main ideas:
- * - Encode / decode can be chained, same as in `scure-base`
- * - A complex structure can be created from an array and struct of primitive types
- * - Strings / bytes are arrays with specific optimizations: we can just read bytes directly
- *   without creating plain array first and reading each byte separately.
- * - Types are inferred from definition
- * @module
- * @example
- * import * as P from 'micro-packed';
- * const s = P.struct({
- *   field1: P.U32BE, // 32-bit unsigned big-endian integer
- *   field2: P.string(P.U8), // String with U8 length prefix
- *   field3: P.bytes(32), // 32 bytes
- *   field4: P.array(P.U16BE, P.struct({ // Array of structs with U16BE length
- *     subField1: P.U64BE, // 64-bit unsigned big-endian integer
- *     subField2: P.string(10) // 10-byte string
- *   }))
- * });
- */
-// TODO: remove dependency on scure-base & inline?
-/*
-Exports can be groupped like this:
-
-- Primitive types: P.bytes, P.string, P.hex, P.constant, P.pointer
-- Complex types: P.array, P.struct, P.tuple, P.map, P.tag, P.mappedTag
-- Padding, prefix, magic: P.padLeft, P.padRight, P.prefix, P.magic, P.magicBytes
-- Flags: P.flag, P.flagged, P.optional
-- Wrappers: P.apply, P.wrap, P.lazy
-- Bit fiddling: P.bits, P.bitset
-- utils: P.validate, coders.decimal
-- Debugger
-*/
-/** Shortcut to zero-length (empty) byte array */
-const EMPTY = /* @__PURE__ */ new Uint8Array();
-/** Shortcut to one-element (element is 0) byte array */
-const NULL = /* @__PURE__ */ new Uint8Array([0]);
-/** Checks if two Uint8Arrays are equal. Not constant-time. */
-function equalBytes$1(a, b) {
-    if (a.length !== b.length)
-        return false;
-    for (let i = 0; i < a.length; i++)
-        if (a[i] !== b[i])
-            return false;
-    return true;
+function prefix_script_size(script) {
+    return Buff.bytes(script).prefix_varint('le').hex;
 }
-/** Checks if the given value is a Uint8Array. */
-function isBytes$1(a) {
-    return a instanceof Uint8Array || (ArrayBuffer.isView(a) && a.constructor.name === 'Uint8Array');
+function parse_script_pubkeys(script) {
+    const scriptHex = typeof script === 'string' ? script : Buff.bytes(script).hex;
+    const pubkeyPattern = /20([0-9a-f]{64})(ac|ad|ba)/gi;
+    const matches = [...scriptHex.matchAll(pubkeyPattern)];
+    return matches.map(match => match[1]);
 }
-/**
- * Concatenates multiple Uint8Arrays.
- * Engines limit functions to 65K+ arguments.
- * @param arrays Array of Uint8Array elements
- * @returns Concatenated Uint8Array
- */
-function concatBytes$1(...arrays) {
-    let sum = 0;
-    for (let i = 0; i < arrays.length; i++) {
-        const a = arrays[i];
-        if (!isBytes$1(a))
-            throw new Error('Uint8Array expected');
-        sum += a.length;
-    }
-    const res = new Uint8Array(sum);
-    for (let i = 0, pad = 0; i < arrays.length; i++) {
-        const a = arrays[i];
-        res.set(a, pad);
-        pad += a.length;
-    }
-    return res;
+
+var ScriptUtil;
+(function (ScriptUtil) {
+    ScriptUtil.prefix_size = prefix_script_size;
+    ScriptUtil.decode = decode_script;
+    ScriptUtil.encode = encode_script;
+    ScriptUtil.is_valid = is_valid_script;
+    ScriptUtil.get_pubkeys = parse_script_pubkeys;
+    ScriptUtil.OPCODES = OPCODE_MAP;
+})(ScriptUtil || (ScriptUtil = {}));
+
+var index$6 = /*#__PURE__*/Object.freeze({
+    __proto__: null,
+    OPCODE_MAP: OPCODE_MAP,
+    get ScriptUtil () { return ScriptUtil; },
+    decode_script: decode_script,
+    encode_script: encode_script,
+    encode_script_word: encode_script_word,
+    get_asm_code: get_asm_code,
+    get_op_code: get_op_code,
+    get_op_type: get_op_type,
+    get_size_varint: get_size_varint,
+    is_valid_op: is_valid_op,
+    is_valid_script: is_valid_script,
+    parse_script_pubkeys: parse_script_pubkeys,
+    prefix_script_size: prefix_script_size,
+    prefix_word_size: prefix_word_size,
+    split_script_word: split_script_word
+});
+
+function get_prevout(vin) {
+    Assert.exists(vin.prevout, 'Prevout data missing for input: ' + String(vin.txid));
+    return vin.prevout;
 }
-/**
- * Creates DataView from Uint8Array
- * @param arr - bytes
- * @returns DataView
- */
-const createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
-/**
- * Checks if the provided value is a plain object, not created from any class or special constructor.
- * Array, Uint8Array and others are not plain objects.
- * @param obj - The value to be checked.
- */
-function isPlainObject(obj) {
-    return Object.prototype.toString.call(obj) === '[object Object]';
-}
-function isNum(num) {
-    return Number.isSafeInteger(num);
-}
-const utils = {
-    equalBytes: equalBytes$1,
-    isBytes: isBytes$1,
-    concatBytes: concatBytes$1};
-// NOTE: we can't have terminator separate function, since it won't know about boundaries
-// E.g. array of U16LE ([1,2,3]) would be [1, 0, 2, 0, 3, 0]
-// But terminator will find array at index '1', which happens to be inside of an element itself
-/**
- * Can be:
- * - Dynamic (CoderType)
- * - Fixed (number)
- * - Terminated (usually zero): Uint8Array with terminator
- * - Field path to field with length (string)
- * - Infinity (null) - decodes until end of buffer
- * Used in:
- * - bytes (string, prefix is implementation of bytes)
- * - array
- */
-const lengthCoder = (len) => {
-    if (len !== null && typeof len !== 'string' && !isCoder(len) && !isBytes$1(len) && !isNum(len)) {
-        throw new Error(`lengthCoder: expected null | number | Uint8Array | CoderType, got ${len} (${typeof len})`);
-    }
-    return {
-        encodeStream(w, value) {
-            if (len === null)
-                return;
-            if (isCoder(len))
-                return len.encodeStream(w, value);
-            let byteLen;
-            if (typeof len === 'number')
-                byteLen = len;
-            else if (typeof len === 'string')
-                byteLen = Path.resolve(w.stack, len);
-            if (typeof byteLen === 'bigint')
-                byteLen = Number(byteLen);
-            if (byteLen === undefined || byteLen !== value)
-                throw w.err(`Wrong length: ${byteLen} len=${len} exp=${value} (${typeof value})`);
-        },
-        decodeStream(r) {
-            let byteLen;
-            if (isCoder(len))
-                byteLen = Number(len.decodeStream(r));
-            else if (typeof len === 'number')
-                byteLen = len;
-            else if (typeof len === 'string')
-                byteLen = Path.resolve(r.stack, len);
-            if (typeof byteLen === 'bigint')
-                byteLen = Number(byteLen);
-            if (typeof byteLen !== 'number')
-                throw r.err(`Wrong length: ${byteLen}`);
-            return byteLen;
-        },
-    };
-};
-/**
- * Small bitset structure to store position of ranges that have been read.
- * Can be more efficient when internal trees are utilized at the cost of complexity.
- * Needs `O(N/8)` memory for parsing.
- * Purpose: if there are pointers in parsed structure,
- * they can cause read of two distinct ranges:
- * [0-32, 64-128], which means 'pos' is not enough to handle them
- */
-const Bitset = {
-    BITS: 32,
-    FULL_MASK: -1 >>> 0, // 1<<32 will overflow
-    len: (len) => Math.ceil(len / 32),
-    create: (len) => new Uint32Array(Bitset.len(len)),
-    clean: (bs) => bs.fill(0),
-    debug: (bs) => Array.from(bs).map((i) => (i >>> 0).toString(2).padStart(32, '0')),
-    checkLen: (bs, len) => {
-        if (Bitset.len(len) === bs.length)
-            return;
-        throw new Error(`wrong length=${bs.length}. Expected: ${Bitset.len(len)}`);
-    },
-    chunkLen: (bsLen, pos, len) => {
-        if (pos < 0)
-            throw new Error(`wrong pos=${pos}`);
-        if (pos + len > bsLen)
-            throw new Error(`wrong range=${pos}/${len} of ${bsLen}`);
-    },
-    set: (bs, chunk, value, allowRewrite = true) => {
-        if (!allowRewrite && (bs[chunk] & value) !== 0)
-            return false;
-        bs[chunk] |= value;
-        return true;
-    },
-    pos: (pos, i) => ({
-        chunk: Math.floor((pos + i) / 32),
-        mask: 1 << (32 - ((pos + i) % 32) - 1),
-    }),
-    indices: (bs, len, invert = false) => {
-        Bitset.checkLen(bs, len);
-        const { FULL_MASK, BITS } = Bitset;
-        const left = BITS - (len % BITS);
-        const lastMask = left ? (FULL_MASK >>> left) << left : FULL_MASK;
-        const res = [];
-        for (let i = 0; i < bs.length; i++) {
-            let c = bs[i];
-            if (invert)
-                c = ~c; // allows to gen unset elements
-            // apply mask to last element, so we won't iterate non-existent items
-            if (i === bs.length - 1)
-                c &= lastMask;
-            if (c === 0)
-                continue; // fast-path
-            for (let j = 0; j < BITS; j++) {
-                const m = 1 << (BITS - j - 1);
-                if (c & m)
-                    res.push(i * BITS + j);
-            }
-        }
-        return res;
-    },
-    range: (arr) => {
-        const res = [];
-        let cur;
-        for (const i of arr) {
-            if (cur === undefined || i !== cur.pos + cur.length)
-                res.push((cur = { pos: i, length: 1 }));
-            else
-                cur.length += 1;
-        }
-        return res;
-    },
-    rangeDebug: (bs, len, invert = false) => `[${Bitset.range(Bitset.indices(bs, len, invert))
-        .map((i) => `(${i.pos}/${i.length})`)
-        .join(', ')}]`,
-    setRange: (bs, bsLen, pos, len, allowRewrite = true) => {
-        Bitset.chunkLen(bsLen, pos, len);
-        const { FULL_MASK, BITS } = Bitset;
-        // Try to set range with maximum efficiency:
-        // - first chunk is always    '0000[1111]' (only right ones)
-        // - middle chunks are set to '[1111 1111]' (all ones)
-        // - last chunk is always     '[1111]0000' (only left ones)
-        // - max operations:          (N/32) + 2 (first and last)
-        const first = pos % BITS ? Math.floor(pos / BITS) : undefined;
-        const lastPos = pos + len;
-        const last = lastPos % BITS ? Math.floor(lastPos / BITS) : undefined;
-        // special case, whole range inside single chunk
-        if (first !== undefined && first === last)
-            return Bitset.set(bs, first, (FULL_MASK >>> (BITS - len)) << (BITS - len - pos), allowRewrite);
-        if (first !== undefined) {
-            if (!Bitset.set(bs, first, FULL_MASK >>> pos % BITS, allowRewrite))
-                return false; // first chunk
-        }
-        // middle chunks
-        const start = first !== undefined ? first + 1 : pos / BITS;
-        const end = last !== undefined ? last : lastPos / BITS;
-        for (let i = start; i < end; i++)
-            if (!Bitset.set(bs, i, FULL_MASK, allowRewrite))
-                return false;
-        if (last !== undefined && first !== last)
-            if (!Bitset.set(bs, last, FULL_MASK << (BITS - (lastPos % BITS)), allowRewrite))
-                return false; // last chunk
-        return true;
-    },
-};
-const Path = {
-    /**
-     * Internal method for handling stack of paths (debug, errors, dynamic fields via path)
-     * This is looks ugly (callback), but allows us to force stack cleaning by construction (.pop always after function).
-     * Also, this makes impossible:
-     * - pushing field when stack is empty
-     * - pushing field inside of field (real bug)
-     * NOTE: we don't want to do '.pop' on error!
-     */
-    pushObj: (stack, obj, objFn) => {
-        const last = { obj };
-        stack.push(last);
-        objFn((field, fieldFn) => {
-            last.field = field;
-            fieldFn();
-            last.field = undefined;
-        });
-        stack.pop();
-    },
-    path: (stack) => {
-        const res = [];
-        for (const i of stack)
-            if (i.field !== undefined)
-                res.push(i.field);
-        return res.join('/');
-    },
-    err: (name, stack, msg) => {
-        const err = new Error(`${name}(${Path.path(stack)}): ${typeof msg === 'string' ? msg : msg.message}`);
-        if (msg instanceof Error && msg.stack)
-            err.stack = msg.stack;
-        return err;
-    },
-    resolve: (stack, path) => {
-        const parts = path.split('/');
-        const objPath = stack.map((i) => i.obj);
-        let i = 0;
-        for (; i < parts.length; i++) {
-            if (parts[i] === '..')
-                objPath.pop();
-            else
-                break;
-        }
-        let cur = objPath.pop();
-        for (; i < parts.length; i++) {
-            if (!cur || cur[parts[i]] === undefined)
-                return undefined;
-            cur = cur[parts[i]];
-        }
-        return cur;
-    },
-};
-/**
- * Internal structure. Reader class for reading from a byte array.
- * `stack` is internal: for debugger and logging
- * @class Reader
- */
-class _Reader {
-    constructor(data, opts = {}, stack = [], parent = undefined, parentOffset = 0) {
-        this.pos = 0;
-        this.bitBuf = 0;
-        this.bitPos = 0;
-        this.data = data;
-        this.opts = opts;
-        this.stack = stack;
-        this.parent = parent;
-        this.parentOffset = parentOffset;
-        this.view = createView(data);
-    }
-    /** Internal method for pointers. */
-    _enablePointers() {
-        if (this.parent)
-            return this.parent._enablePointers();
-        if (this.bs)
-            return;
-        this.bs = Bitset.create(this.data.length);
-        Bitset.setRange(this.bs, this.data.length, 0, this.pos, this.opts.allowMultipleReads);
-    }
-    markBytesBS(pos, len) {
-        if (this.parent)
-            return this.parent.markBytesBS(this.parentOffset + pos, len);
-        if (!len)
-            return true;
-        if (!this.bs)
-            return true;
-        return Bitset.setRange(this.bs, this.data.length, pos, len, false);
-    }
-    markBytes(len) {
-        const pos = this.pos;
-        this.pos += len;
-        const res = this.markBytesBS(pos, len);
-        if (!this.opts.allowMultipleReads && !res)
-            throw this.err(`multiple read pos=${this.pos} len=${len}`);
-        return res;
-    }
-    pushObj(obj, objFn) {
-        return Path.pushObj(this.stack, obj, objFn);
-    }
-    readView(n, fn) {
-        if (!Number.isFinite(n))
-            throw this.err(`readView: wrong length=${n}`);
-        if (this.pos + n > this.data.length)
-            throw this.err('readView: Unexpected end of buffer');
-        const res = fn(this.view, this.pos);
-        this.markBytes(n);
-        return res;
-    }
-    // read bytes by absolute offset
-    absBytes(n) {
-        if (n > this.data.length)
-            throw new Error('Unexpected end of buffer');
-        return this.data.subarray(n);
-    }
-    finish() {
-        if (this.opts.allowUnreadBytes)
-            return;
-        if (this.bitPos) {
-            throw this.err(`${this.bitPos} bits left after unpack: ${hex.encode(this.data.slice(this.pos))}`);
-        }
-        if (this.bs && !this.parent) {
-            const notRead = Bitset.indices(this.bs, this.data.length, true);
-            if (notRead.length) {
-                const formatted = Bitset.range(notRead)
-                    .map(({ pos, length }) => `(${pos}/${length})[${hex.encode(this.data.subarray(pos, pos + length))}]`)
-                    .join(', ');
-                throw this.err(`unread byte ranges: ${formatted} (total=${this.data.length})`);
-            }
-            else
-                return; // all bytes read, everything is ok
-        }
-        // Default: no pointers enabled
-        if (!this.isEnd()) {
-            throw this.err(`${this.leftBytes} bytes ${this.bitPos} bits left after unpack: ${hex.encode(this.data.slice(this.pos))}`);
-        }
-    }
-    // User methods
-    err(msg) {
-        return Path.err('Reader', this.stack, msg);
-    }
-    offsetReader(n) {
-        if (n > this.data.length)
-            throw this.err('offsetReader: Unexpected end of buffer');
-        return new _Reader(this.absBytes(n), this.opts, this.stack, this, n);
-    }
-    bytes(n, peek = false) {
-        if (this.bitPos)
-            throw this.err('readBytes: bitPos not empty');
-        if (!Number.isFinite(n))
-            throw this.err(`readBytes: wrong length=${n}`);
-        if (this.pos + n > this.data.length)
-            throw this.err('readBytes: Unexpected end of buffer');
-        const slice = this.data.subarray(this.pos, this.pos + n);
-        if (!peek)
-            this.markBytes(n);
-        return slice;
-    }
-    byte(peek = false) {
-        if (this.bitPos)
-            throw this.err('readByte: bitPos not empty');
-        if (this.pos + 1 > this.data.length)
-            throw this.err('readBytes: Unexpected end of buffer');
-        const data = this.data[this.pos];
-        if (!peek)
-            this.markBytes(1);
-        return data;
-    }
-    get leftBytes() {
-        return this.data.length - this.pos;
-    }
-    get totalBytes() {
-        return this.data.length;
-    }
-    isEnd() {
-        return this.pos >= this.data.length && !this.bitPos;
-    }
-    // bits are read in BE mode (left to right): (0b1000_0000).readBits(1) == 1
-    bits(bits) {
-        if (bits > 32)
-            throw this.err('BitReader: cannot read more than 32 bits in single call');
-        let out = 0;
-        while (bits) {
-            if (!this.bitPos) {
-                this.bitBuf = this.byte();
-                this.bitPos = 8;
-            }
-            const take = Math.min(bits, this.bitPos);
-            this.bitPos -= take;
-            out = (out << take) | ((this.bitBuf >> this.bitPos) & (2 ** take - 1));
-            this.bitBuf &= 2 ** this.bitPos - 1;
-            bits -= take;
-        }
-        // Fix signed integers
-        return out >>> 0;
-    }
-    find(needle, pos = this.pos) {
-        if (!isBytes$1(needle))
-            throw this.err(`find: needle is not bytes! ${needle}`);
-        if (this.bitPos)
-            throw this.err('findByte: bitPos not empty');
-        if (!needle.length)
-            throw this.err(`find: needle is empty`);
-        // indexOf should be faster than full equalBytes check
-        for (let idx = pos; (idx = this.data.indexOf(needle[0], idx)) !== -1; idx++) {
-            if (idx === -1)
-                return;
-            const leftBytes = this.data.length - idx;
-            if (leftBytes < needle.length)
-                return;
-            if (equalBytes$1(needle, this.data.subarray(idx, idx + needle.length)))
-                return idx;
+function parse_txinput(txdata, config) {
+    let { txindex, txinput } = config ?? {};
+    if (txindex !== undefined) {
+        if (txindex >= txdata.vin.length) {
+            throw new Error('Input index out of bounds: ' + String(txindex));
         }
-        return;
+        txinput = txdata.vin.at(txindex);
     }
+    Assert.ok(txinput !== undefined);
+    return txinput;
 }
-/**
- * Internal structure. Writer class for writing to a byte array.
- * The `stack` argument of constructor is internal, for debugging and logs.
- * @class Writer
- */
-class _Writer {
-    constructor(stack = []) {
-        this.pos = 0;
-        // We could have a single buffer here and re-alloc it with
-        // x1.5-2 size each time it full, but it will be slower:
-        // basic/encode bench: 395ns -> 560ns
-        this.buffers = [];
-        this.ptrs = [];
-        this.bitBuf = 0;
-        this.bitPos = 0;
-        this.viewBuf = new Uint8Array(8);
-        this.finished = false;
-        this.stack = stack;
-        this.view = createView(this.viewBuf);
-    }
-    pushObj(obj, objFn) {
-        return Path.pushObj(this.stack, obj, objFn);
-    }
-    writeView(len, fn) {
-        if (this.finished)
-            throw this.err('buffer: finished');
-        if (!isNum(len) || len > 8)
-            throw new Error(`wrong writeView length=${len}`);
-        fn(this.view);
-        this.bytes(this.viewBuf.slice(0, len));
-        this.viewBuf.fill(0);
-    }
-    // User methods
-    err(msg) {
-        if (this.finished)
-            throw this.err('buffer: finished');
-        return Path.err('Reader', this.stack, msg);
-    }
-    bytes(b) {
-        if (this.finished)
-            throw this.err('buffer: finished');
-        if (this.bitPos)
-            throw this.err('writeBytes: ends with non-empty bit buffer');
-        this.buffers.push(b);
-        this.pos += b.length;
-    }
-    byte(b) {
-        if (this.finished)
-            throw this.err('buffer: finished');
-        if (this.bitPos)
-            throw this.err('writeByte: ends with non-empty bit buffer');
-        this.buffers.push(new Uint8Array([b]));
-        this.pos++;
-    }
-    finish(clean = true) {
-        if (this.finished)
-            throw this.err('buffer: finished');
-        if (this.bitPos)
-            throw this.err('buffer: ends with non-empty bit buffer');
-        // Can't use concatBytes, because it limits amount of arguments (65K).
-        const buffers = this.buffers.concat(this.ptrs.map((i) => i.buffer));
-        const sum = buffers.map((b) => b.length).reduce((a, b) => a + b, 0);
-        const buf = new Uint8Array(sum);
-        for (let i = 0, pad = 0; i < buffers.length; i++) {
-            const a = buffers[i];
-            buf.set(a, pad);
-            pad += a.length;
-        }
-        for (let pos = this.pos, i = 0; i < this.ptrs.length; i++) {
-            const ptr = this.ptrs[i];
-            buf.set(ptr.ptr.encode(pos), ptr.pos);
-            pos += ptr.buffer.length;
-        }
-        // Cleanup
-        if (clean) {
-            // We cannot cleanup buffers here, since it can be static user provided buffer.
-            // Only '.byte' and '.bits' create buffer which we can safely clean.
-            // for (const b of this.buffers) b.fill(0);
-            this.buffers = [];
-            for (const p of this.ptrs)
-                p.buffer.fill(0);
-            this.ptrs = [];
-            this.finished = true;
-            this.bitBuf = 0;
-        }
-        return buf;
-    }
-    bits(value, bits) {
-        if (bits > 32)
-            throw this.err('writeBits: cannot write more than 32 bits in single call');
-        if (value >= 2 ** bits)
-            throw this.err(`writeBits: value (${value}) >= 2**bits (${bits})`);
-        while (bits) {
-            const take = Math.min(bits, 8 - this.bitPos);
-            this.bitBuf = (this.bitBuf << take) | (value >> (bits - take));
-            this.bitPos += take;
-            bits -= take;
-            value &= 2 ** bits - 1;
-            if (this.bitPos === 8) {
-                this.bitPos = 0;
-                this.buffers.push(new Uint8Array([this.bitBuf]));
-                this.pos++;
-            }
-        }
-    }
-}
-// Immutable LE<->BE
-const swapEndianness = (b) => Uint8Array.from(b).reverse();
-/** Internal function for checking bit bounds of bigint in signed/unsinged form */
-function checkBounds(value, bits, signed) {
-    if (signed) {
-        // [-(2**(32-1)), 2**(32-1)-1]
-        const signBit = 2n ** (bits - 1n);
-        if (value < -signBit || value >= signBit)
-            throw new Error(`value out of signed bounds. Expected ${-signBit} <= ${value} < ${signBit}`);
-    }
-    else {
-        // [0, 2**32-1]
-        if (0n > value || value >= 2n ** bits)
-            throw new Error(`value out of unsigned bounds. Expected 0 <= ${value} < ${2n ** bits}`);
+function get_annex_data(witness) {
+    if (witness === undefined)
+        return;
+    if (witness.length < 2)
+        return;
+    const annex = witness.at(-1);
+    if (typeof annex === 'string' && annex.startsWith('50')) {
+        const bytes = Buff.hex(annex).prefix_varint('be');
+        return sha256(bytes);
     }
+    return undefined;
 }
-function _wrap(inner) {
-    return {
-        // NOTE: we cannot export validate here, since it is likely mistake.
-        encodeStream: inner.encodeStream,
-        decodeStream: inner.decodeStream,
-        size: inner.size,
-        encode: (value) => {
-            const w = new _Writer();
-            inner.encodeStream(w, value);
-            return w.finish();
-        },
-        decode: (data, opts = {}) => {
-            const r = new _Reader(data, opts);
-            const res = inner.decodeStream(r);
-            r.finish();
-            return res;
-        },
-    };
-}
-/**
- * Validates a value before encoding and after decoding using a provided function.
- * @param inner - The inner CoderType.
- * @param fn - The validation function.
- * @returns CoderType which check value with validation function.
- * @example
- * const val = (n: number) => {
- *   if (n > 10) throw new Error(`${n} > 10`);
- *   return n;
- * };
- *
- * const RangedInt = P.validate(P.U32LE, val); // Will check if value is <= 10 during encoding and decoding
- */
-function validate(inner, fn) {
-    if (!isCoder(inner))
-        throw new Error(`validate: invalid inner value ${inner}`);
-    if (typeof fn !== 'function')
-        throw new Error('validate: fn should be function');
-    return _wrap({
-        size: inner.size,
-        encodeStream: (w, value) => {
-            let res;
-            try {
-                res = fn(value);
-            }
-            catch (e) {
-                throw w.err(e);
-            }
-            inner.encodeStream(w, res);
-        },
-        decodeStream: (r) => {
-            const res = inner.decodeStream(r);
-            try {
-                return fn(res);
-            }
-            catch (e) {
-                throw r.err(e);
-            }
-        },
-    });
-}
-/**
- * Wraps a stream encoder into a generic encoder and optionally validation function
- * @param {inner} inner BytesCoderStream & { validate?: Validate<T> }.
- * @returns The wrapped CoderType.
- * @example
- * const U8 = P.wrap({
- *   encodeStream: (w: Writer, value: number) => w.byte(value),
- *   decodeStream: (r: Reader): number => r.byte()
- * });
- * const checkedU8 = P.wrap({
- *   encodeStream: (w: Writer, value: number) => w.byte(value),
- *   decodeStream: (r: Reader): number => r.byte()
- *   validate: (n: number) => {
- *    if (n > 10) throw new Error(`${n} > 10`);
- *    return n;
- *   }
- * });
- */
-const wrap = (inner) => {
-    const res = _wrap(inner);
-    return inner.validate ? validate(res, inner.validate) : res;
+
+const COINBASE = {
+    TXID: '00'.repeat(32),
+    VOUT: 0xFFFFFFFF,
 };
-const isBaseCoder = (elm) => isPlainObject(elm) && typeof elm.decode === 'function' && typeof elm.encode === 'function';
-/**
- * Checks if the given value is a CoderType.
- * @param elm - The value to check.
- * @returns True if the value is a CoderType, false otherwise.
- */
-function isCoder(elm) {
-    return (isPlainObject(elm) &&
-        isBaseCoder(elm) &&
-        typeof elm.encodeStream === 'function' &&
-        typeof elm.decodeStream === 'function' &&
-        (elm.size === undefined || isNum(elm.size)));
-}
-// Coders (like in @scure/base) for common operations
-/**
- * Base coder for working with dictionaries (records, objects, key-value map)
- * Dictionary is dynamic type like: `[key: string, value: any][]`
- * @returns base coder that encodes/decodes between arrays of key-value tuples and dictionaries.
- * @example
- * const dict: P.CoderType<Record<string, number>> = P.apply(
- *  P.array(P.U16BE, P.tuple([P.cstring, P.U32LE] as const)),
- *  P.coders.dict()
- * );
- */
-function dict() {
-    return {
-        encode: (from) => {
-            if (!Array.isArray(from))
-                throw new Error('array expected');
-            const to = {};
-            for (const item of from) {
-                if (!Array.isArray(item) || item.length !== 2)
-                    throw new Error(`array of two elements expected`);
-                const name = item[0];
-                const value = item[1];
-                if (to[name] !== undefined)
-                    throw new Error(`key(${name}) appears twice in struct`);
-                to[name] = value;
-            }
-            return to;
-        },
-        decode: (to) => {
-            if (!isPlainObject(to))
-                throw new Error(`expected plain object, got ${to}`);
-            return Object.entries(to);
-        },
-    };
-}
-/**
- * Safely converts bigint to number.
- * Sometimes pointers / tags use u64 or other big numbers which cannot be represented by number,
- * but we still can use them since real value will be smaller than u32
- */
-const numberBigint = {
-    encode: (from) => {
-        if (typeof from !== 'bigint')
-            throw new Error(`expected bigint, got ${typeof from}`);
-        if (from > BigInt(Number.MAX_SAFE_INTEGER))
-            throw new Error(`element bigger than MAX_SAFE_INTEGER=${from}`);
-        return Number(from);
-    },
-    decode: (to) => {
-        if (!isNum(to))
-            throw new Error('element is not a safe integer');
-        return BigInt(to);
-    },
-};
-/**
- * Base coder for working with TypeScript enums.
- * @param e - TypeScript enum.
- * @returns base coder that encodes/decodes between numbers and enum keys.
- * @example
- * enum Color { Red, Green, Blue }
- * const colorCoder = P.coders.tsEnum(Color);
- * colorCoder.encode(Color.Red); // 'Red'
- * colorCoder.decode('Green'); // 1
- */
-function tsEnum(e) {
-    if (!isPlainObject(e))
-        throw new Error('plain object expected');
-    return {
-        encode: (from) => {
-            if (!isNum(from) || !(from in e))
-                throw new Error(`wrong value ${from}`);
-            return e[from];
-        },
-        decode: (to) => {
-            if (typeof to !== 'string')
-                throw new Error(`wrong value ${typeof to}`);
-            return e[to];
-        },
-    };
-}
-/**
- * Base coder for working with decimal numbers.
- * @param precision - Number of decimal places.
- * @param round - Round fraction part if bigger than precision (throws error by default)
- * @returns base coder that encodes/decodes between bigints and decimal strings.
- * @example
- * const decimal8 = P.coders.decimal(8);
- * decimal8.encode(630880845n); // '6.30880845'
- * decimal8.decode('6.30880845'); // 630880845n
- */
-function decimal(precision, round = false) {
-    if (!isNum(precision))
-        throw new Error(`decimal/precision: wrong value ${precision}`);
-    if (typeof round !== 'boolean')
-        throw new Error(`decimal/round: expected boolean, got ${typeof round}`);
-    const decimalMask = 10n ** BigInt(precision);
-    return {
-        encode: (from) => {
-            if (typeof from !== 'bigint')
-                throw new Error(`expected bigint, got ${typeof from}`);
-            let s = (from < 0n ? -from : from).toString(10);
-            let sep = s.length - precision;
-            if (sep < 0) {
-                s = s.padStart(s.length - sep, '0');
-                sep = 0;
-            }
-            let i = s.length - 1;
-            for (; i >= sep && s[i] === '0'; i--)
-                ;
-            let int = s.slice(0, sep);
-            let frac = s.slice(sep, i + 1);
-            if (!int)
-                int = '0';
-            if (from < 0n)
-                int = '-' + int;
-            if (!frac)
-                return int;
-            return `${int}.${frac}`;
-        },
-        decode: (to) => {
-            if (typeof to !== 'string')
-                throw new Error(`expected string, got ${typeof to}`);
-            if (to === '-0')
-                throw new Error(`negative zero is not allowed`);
-            let neg = false;
-            if (to.startsWith('-')) {
-                neg = true;
-                to = to.slice(1);
-            }
-            if (!/^(0|[1-9]\d*)(\.\d+)?$/.test(to))
-                throw new Error(`wrong string value=${to}`);
-            let sep = to.indexOf('.');
-            sep = sep === -1 ? to.length : sep;
-            // split by separator and strip trailing zeros from fraction. always returns [string, string] (.split doesn't).
-            const intS = to.slice(0, sep);
-            const fracS = to.slice(sep + 1).replace(/0+$/, '');
-            const int = BigInt(intS) * decimalMask;
-            if (!round && fracS.length > precision) {
-                throw new Error(`fractional part cannot be represented with this precision (num=${to}, prec=${precision})`);
-            }
-            const fracLen = Math.min(fracS.length, precision);
-            const frac = BigInt(fracS.slice(0, fracLen)) * 10n ** BigInt(precision - fracLen);
-            const value = int + frac;
-            return neg ? -value : value;
-        },
-    };
-}
-/**
- * Combines multiple coders into a single coder, allowing conditional encoding/decoding based on input.
- * Acts as a parser combinator, splitting complex conditional coders into smaller parts.
- *
- *   `encode = [Ae, Be]; decode = [Ad, Bd]`
- *   ->
- *   `match([{encode: Ae, decode: Ad}, {encode: Be; decode: Bd}])`
- *
- * @param lst - Array of coders to match.
- * @returns Combined coder for conditional encoding/decoding.
- */
-function match(lst) {
-    if (!Array.isArray(lst))
-        throw new Error(`expected array, got ${typeof lst}`);
-    for (const i of lst)
-        if (!isBaseCoder(i))
-            throw new Error(`wrong base coder ${i}`);
-    return {
-        encode: (from) => {
-            for (const c of lst) {
-                const elm = c.encode(from);
-                if (elm !== undefined)
-                    return elm;
-            }
-            throw new Error(`match/encode: cannot find match in ${from}`);
-        },
-        decode: (to) => {
-            for (const c of lst) {
-                const elm = c.decode(to);
-                if (elm !== undefined)
-                    return elm;
-            }
-            throw new Error(`match/decode: cannot find match in ${to}`);
-        },
-    };
-}
-/** Reverses direction of coder */
-const reverse = (coder) => {
-    if (!isBaseCoder(coder))
-        throw new Error('BaseCoder expected');
-    return { encode: coder.decode, decode: coder.encode };
-};
-const coders = { dict, numberBigint, tsEnum, decimal, match, reverse };
-/**
- * CoderType for working with bigint values.
- * Unsized bigint values should be wrapped in a container (e.g., bytes or string).
- *
- * `0n = new Uint8Array([])`
- *
- * `1n = new Uint8Array([1n])`
- *
- * Please open issue, if you need different behavior for zero.
- *
- * @param size - Size of the bigint in bytes.
- * @param le - Whether to use little-endian byte order.
- * @param signed - Whether the bigint is signed.
- * @param sized - Whether the bigint should have a fixed size.
- * @returns CoderType representing the bigint value.
- * @example
- * const U512BE = P.bigint(64, false, true, true); // Define a CoderType for a 512-bit unsigned big-endian integer
- */
-const bigint = (size, le = false, signed = false, sized = true) => {
-    if (!isNum(size))
-        throw new Error(`bigint/size: wrong value ${size}`);
-    if (typeof le !== 'boolean')
-        throw new Error(`bigint/le: expected boolean, got ${typeof le}`);
-    if (typeof signed !== 'boolean')
-        throw new Error(`bigint/signed: expected boolean, got ${typeof signed}`);
-    if (typeof sized !== 'boolean')
-        throw new Error(`bigint/sized: expected boolean, got ${typeof sized}`);
-    const bLen = BigInt(size);
-    const signBit = 2n ** (8n * bLen - 1n);
-    return wrap({
-        size: sized ? size : undefined,
-        encodeStream: (w, value) => {
-            if (signed && value < 0)
-                value = value | signBit;
-            const b = [];
-            for (let i = 0; i < size; i++) {
-                b.push(Number(value & 255n));
-                value >>= 8n;
-            }
-            let res = new Uint8Array(b).reverse();
-            if (!sized) {
-                let pos = 0;
-                for (pos = 0; pos < res.length; pos++)
-                    if (res[pos] !== 0)
-                        break;
-                res = res.subarray(pos); // remove leading zeros
-            }
-            w.bytes(le ? res.reverse() : res);
-        },
-        decodeStream: (r) => {
-            // TODO: for le we can read until first zero?
-            const value = r.bytes(sized ? size : Math.min(size, r.leftBytes));
-            const b = le ? value : swapEndianness(value);
-            let res = 0n;
-            for (let i = 0; i < b.length; i++)
-                res |= BigInt(b[i]) << (8n * BigInt(i));
-            if (signed && res & signBit)
-                res = (res ^ signBit) - signBit;
-            return res;
-        },
-        validate: (value) => {
-            if (typeof value !== 'bigint')
-                throw new Error(`bigint: invalid value: ${value}`);
-            checkBounds(value, 8n * bLen, !!signed);
-            return value;
-        },
-    });
-};
-/** Unsigned 256-bit big-endian integer CoderType. */
-const U256BE = /* @__PURE__ */ bigint(32, false);
-/** Unsigned 64-bit little-endian integer CoderType. */
-const U64LE = /* @__PURE__ */ bigint(8, true);
-/** Signed 64-bit little-endian integer CoderType. */
-const I64LE = /* @__PURE__ */ bigint(8, true, true);
-const view = (len, opts) => wrap({
-    size: len,
-    encodeStream: (w, value) => w.writeView(len, (view) => opts.write(view, value)),
-    decodeStream: (r) => r.readView(len, opts.read),
-    validate: (value) => {
-        if (typeof value !== 'number')
-            throw new Error(`viewCoder: expected number, got ${typeof value}`);
-        if (opts.validate)
-            opts.validate(value);
-        return value;
-    },
-});
-const intView = (len, signed, opts) => {
-    const bits = len * 8;
-    const signBit = 2 ** (bits - 1);
-    // Inlined checkBounds for integer
-    const validateSigned = (value) => {
-        if (!isNum(value))
-            throw new Error(`sintView: value is not safe integer: ${value}`);
-        if (value < -signBit || value >= signBit) {
-            throw new Error(`sintView: value out of bounds. Expected ${-signBit} <= ${value} < ${signBit}`);
-        }
-    };
-    const maxVal = 2 ** bits;
-    const validateUnsigned = (value) => {
-        if (!isNum(value))
-            throw new Error(`uintView: value is not safe integer: ${value}`);
-        if (0 > value || value >= maxVal) {
-            throw new Error(`uintView: value out of bounds. Expected 0 <= ${value} < ${maxVal}`);
-        }
-    };
-    return view(len, {
-        write: opts.write,
-        read: opts.read,
-        validate: signed ? validateSigned : validateUnsigned,
-    });
-};
-/** Unsigned 32-bit little-endian integer CoderType. */
-const U32LE = /* @__PURE__ */ intView(4, false, {
-    read: (view, pos) => view.getUint32(pos, true),
-    write: (view, value) => view.setUint32(0, value, true),
-});
-/** Unsigned 32-bit big-endian integer CoderType. */
-const U32BE = /* @__PURE__ */ intView(4, false, {
-    read: (view, pos) => view.getUint32(pos, false),
-    write: (view, value) => view.setUint32(0, value, false),
-});
-/** Signed 32-bit little-endian integer CoderType. */
-const I32LE = /* @__PURE__ */ intView(4, true, {
-    read: (view, pos) => view.getInt32(pos, true),
-    write: (view, value) => view.setInt32(0, value, true),
-});
-/** Unsigned 16-bit little-endian integer CoderType. */
-const U16LE = /* @__PURE__ */ intView(2, false, {
-    read: (view, pos) => view.getUint16(pos, true),
-    write: (view, value) => view.setUint16(0, value, true),
-});
-/** Unsigned 8-bit integer CoderType. */
-const U8 = /* @__PURE__ */ intView(1, false, {
-    read: (view, pos) => view.getUint8(pos),
-    write: (view, value) => view.setUint8(0, value),
-});
-/**
- * Bytes CoderType with a specified length and endianness.
- * The bytes can have:
- * - Dynamic size (prefixed with a length CoderType like U16BE)
- * - Fixed size (specified by a number)
- * - Unknown size (null, will parse until end of buffer)
- * - Zero-terminated (terminator can be any Uint8Array)
- * @param len - CoderType, number, Uint8Array (terminator) or null
- * @param le - Whether to use little-endian byte order.
- * @returns CoderType representing the bytes.
- * @example
- * // Dynamic size bytes (prefixed with P.U16BE number of bytes length)
- * const dynamicBytes = P.bytes(P.U16BE, false);
- * const fixedBytes = P.bytes(32, false); // Fixed size bytes
- * const unknownBytes = P.bytes(null, false); // Unknown size bytes, will parse until end of buffer
- * const zeroTerminatedBytes = P.bytes(new Uint8Array([0]), false); // Zero-terminated bytes
- */
-const createBytes = (len, le = false) => {
-    if (typeof le !== 'boolean')
-        throw new Error(`bytes/le: expected boolean, got ${typeof le}`);
-    const _length = lengthCoder(len);
-    const _isb = isBytes$1(len);
-    return wrap({
-        size: typeof len === 'number' ? len : undefined,
-        encodeStream: (w, value) => {
-            if (!_isb)
-                _length.encodeStream(w, value.length);
-            w.bytes(le ? swapEndianness(value) : value);
-            if (_isb)
-                w.bytes(len);
-        },
-        decodeStream: (r) => {
-            let bytes;
-            if (_isb) {
-                const tPos = r.find(len);
-                if (!tPos)
-                    throw r.err(`bytes: cannot find terminator`);
-                bytes = r.bytes(tPos - r.pos);
-                r.bytes(len.length);
-            }
-            else {
-                bytes = r.bytes(len === null ? r.leftBytes : _length.decodeStream(r));
-            }
-            return le ? swapEndianness(bytes) : bytes;
-        },
-        validate: (value) => {
-            if (!isBytes$1(value))
-                throw new Error(`bytes: invalid value ${value}`);
-            return value;
-        },
-    });
-};
-/**
- * Prefix-encoded value using a length prefix and an inner CoderType.
- * The prefix can have:
- * - Dynamic size (prefixed with a length CoderType like U16BE)
- * - Fixed size (specified by a number)
- * - Unknown size (null, will parse until end of buffer)
- * - Zero-terminated (terminator can be any Uint8Array)
- * @param len - Length CoderType (dynamic size), number (fixed size), Uint8Array (for terminator), or null (will parse until end of buffer)
- * @param inner - CoderType for the actual value to be prefix-encoded.
- * @returns CoderType representing the prefix-encoded value.
- * @example
- * const dynamicPrefix = P.prefix(P.U16BE, P.bytes(null)); // Dynamic size prefix (prefixed with P.U16BE number of bytes length)
- * const fixedPrefix = P.prefix(10, P.bytes(null)); // Fixed size prefix (always 10 bytes)
- */
-function prefix(len, inner) {
-    if (!isCoder(inner))
-        throw new Error(`prefix: invalid inner value ${inner}`);
-    return apply(createBytes(len), reverse(inner));
-}
-/**
- * String CoderType with a specified length and endianness.
- * The string can be:
- * - Dynamic size (prefixed with a length CoderType like U16BE)
- * - Fixed size (specified by a number)
- * - Unknown size (null, will parse until end of buffer)
- * - Zero-terminated (terminator can be any Uint8Array)
- * @param len - Length CoderType (dynamic size), number (fixed size), Uint8Array (for terminator), or null (will parse until end of buffer)
- * @param le - Whether to use little-endian byte order.
- * @returns CoderType representing the string.
- * @example
- * const dynamicString = P.string(P.U16BE, false); // Dynamic size string (prefixed with P.U16BE number of string length)
- * const fixedString = P.string(10, false); // Fixed size string
- * const unknownString = P.string(null, false); // Unknown size string, will parse until end of buffer
- * const nullTerminatedString = P.cstring; // NUL-terminated string
- * const _cstring = P.string(new Uint8Array([0])); // Same thing
- */
-const string = (len, le = false) => validate(apply(createBytes(len, le), utf8), (value) => {
-    // TextEncoder/TextDecoder will fail on non-string, but we create more readable errors earlier
-    if (typeof value !== 'string')
-        throw new Error(`expected string, got ${typeof value}`);
-    return value;
-});
-/**
- * Hexadecimal string CoderType with a specified length, endianness, and optional 0x prefix.
- * @param len - Length CoderType (dynamic size), number (fixed size), Uint8Array (for terminator), or null (will parse until end of buffer)
- * @param le - Whether to use little-endian byte order.
- * @param withZero - Whether to include the 0x prefix.
- * @returns CoderType representing the hexadecimal string.
- * @example
- * const dynamicHex = P.hex(P.U16BE, {isLE: false, with0x: true}); // Hex string with 0x prefix and U16BE length
- * const fixedHex = P.hex(32, {isLE: false, with0x: false}); // Fixed-length 32-byte hex string without 0x prefix
- */
-const createHex = (len, options = { isLE: false, with0x: false }) => {
-    let inner = apply(createBytes(len, options.isLE), hex);
-    const prefix = options.with0x;
-    if (typeof prefix !== 'boolean')
-        throw new Error(`hex/with0x: expected boolean, got ${typeof prefix}`);
-    if (prefix) {
-        inner = apply(inner, {
-            encode: (value) => `0x${value}`,
-            decode: (value) => {
-                if (!value.startsWith('0x'))
-                    throw new Error('hex(with0x=true).encode input should start with 0x');
-                return value.slice(2);
-            },
-        });
-    }
-    return inner;
-};
-/**
- * Applies a base coder to a CoderType.
- * @param inner - The inner CoderType.
- * @param b - The base coder to apply.
- * @returns CoderType representing the transformed value.
- * @example
- * import { hex } from '@scure/base';
- * const hex = P.apply(P.bytes(32), hex); // will decode bytes into a hex string
- */
-function apply(inner, base) {
-    if (!isCoder(inner))
-        throw new Error(`apply: invalid inner value ${inner}`);
-    if (!isBaseCoder(base))
-        throw new Error(`apply: invalid base value ${inner}`);
-    return wrap({
-        size: inner.size,
-        encodeStream: (w, value) => {
-            let innerValue;
-            try {
-                innerValue = base.decode(value);
-            }
-            catch (e) {
-                throw w.err('' + e);
-            }
-            return inner.encodeStream(w, innerValue);
-        },
-        decodeStream: (r) => {
-            const innerValue = inner.decodeStream(r);
-            try {
-                return base.encode(innerValue);
-            }
-            catch (e) {
-                throw r.err('' + e);
-            }
-        },
-    });
-}
-/**
- * Flag CoderType that encodes/decodes a boolean value based on the presence of a marker.
- * @param flagValue - Marker value.
- * @param xor - Whether to invert the flag behavior.
- * @returns CoderType representing the flag value.
- * @example
- * const flag = P.flag(new Uint8Array([0x01, 0x02])); // Encodes true as u8a([0x01, 0x02]), false as u8a([])
- * const flagXor = P.flag(new Uint8Array([0x01, 0x02]), true); // Encodes true as u8a([]), false as u8a([0x01, 0x02])
- * // Conditional encoding with flagged
- * const s = P.struct({ f: P.flag(new Uint8Array([0x0, 0x1])), f2: P.flagged('f', P.U32BE) });
- */
-const flag = (flagValue, xor = false) => {
-    if (!isBytes$1(flagValue))
-        throw new Error(`flag/flagValue: expected Uint8Array, got ${typeof flagValue}`);
-    if (typeof xor !== 'boolean')
-        throw new Error(`flag/xor: expected boolean, got ${typeof xor}`);
-    return wrap({
-        size: flagValue.length,
-        encodeStream: (w, value) => {
-            if (!!value !== xor)
-                w.bytes(flagValue);
-        },
-        decodeStream: (r) => {
-            let hasFlag = r.leftBytes >= flagValue.length;
-            if (hasFlag) {
-                hasFlag = equalBytes$1(r.bytes(flagValue.length, true), flagValue);
-                // Found flag, advance cursor position
-                if (hasFlag)
-                    r.bytes(flagValue.length);
-            }
-            return hasFlag !== xor; // hasFlag ^ xor
-        },
-        validate: (value) => {
-            if (value !== undefined && typeof value !== 'boolean')
-                throw new Error(`flag: expected boolean value or undefined, got ${typeof value}`);
-            return value;
-        },
-    });
-};
-/**
- * Conditional CoderType that encodes/decodes a value only if a flag is present.
- * @param path - Path to the flag value or a CoderType for the flag.
- * @param inner - Inner CoderType for the value.
- * @param def - Optional default value to use if the flag is not present.
- * @returns CoderType representing the conditional value.
- * @example
- * const s = P.struct({
- *   f: P.flag(new Uint8Array([0x0, 0x1])),
- *   f2: P.flagged('f', P.U32BE)
- * });
- *
- * @example
- * const s2 = P.struct({
- *   f: P.flag(new Uint8Array([0x0, 0x1])),
- *   f2: P.flagged('f', P.U32BE, 123)
- * });
- */
-function flagged(path, inner, def) {
-    if (!isCoder(inner))
-        throw new Error(`flagged: invalid inner value ${inner}`);
-    return wrap({
-        encodeStream: (w, value) => {
-            {
-                if (Path.resolve(w.stack, path))
-                    inner.encodeStream(w, value);
-            }
-        },
-        decodeStream: (r) => {
-            let hasFlag = false;
-            hasFlag = !!Path.resolve(r.stack, path);
-            // If there is a flag -- decode and return value
-            if (hasFlag)
-                return inner.decodeStream(r);
-            return;
-        },
-    });
-}
-/**
- * Magic value CoderType that encodes/decodes a constant value.
- * This can be used to check for a specific magic value or sequence of bytes at the beginning of a data structure.
- * @param inner - Inner CoderType for the value.
- * @param constant - Constant value.
- * @param check - Whether to check the decoded value against the constant.
- * @returns CoderType representing the magic value.
- * @example
- * // Always encodes constant as bytes using inner CoderType, throws if encoded value is not present
- * const magicU8 = P.magic(P.U8, 0x42);
- */
-function magic(inner, constant, check = true) {
-    if (!isCoder(inner))
-        throw new Error(`magic: invalid inner value ${inner}`);
-    if (typeof check !== 'boolean')
-        throw new Error(`magic: expected boolean, got ${typeof check}`);
-    return wrap({
-        size: inner.size,
-        encodeStream: (w, _value) => inner.encodeStream(w, constant),
-        decodeStream: (r) => {
-            const value = inner.decodeStream(r);
-            if ((check && typeof value !== 'object' && value !== constant) ||
-                (isBytes$1(constant) && !equalBytes$1(constant, value))) {
-                throw r.err(`magic: invalid value: ${value} !== ${constant}`);
-            }
-            return;
-        },
-        validate: (value) => {
-            if (value !== undefined)
-                throw new Error(`magic: wrong value=${typeof value}`);
-            return value;
-        },
-    });
-}
-function sizeof(fields) {
-    let size = 0;
-    for (const f of fields) {
-        if (f.size === undefined)
-            return;
-        if (!isNum(f.size))
-            throw new Error(`sizeof: wrong element size=${size}`);
-        size += f.size;
-    }
-    return size;
-}
-/**
- * Structure of composable primitives (C/Rust struct)
- * @param fields - Object mapping field names to CoderTypes.
- * @returns CoderType representing the structure.
- * @example
- * // Define a structure with a 32-bit big-endian unsigned integer, a string, and a nested structure
- * const myStruct = P.struct({
- *   id: P.U32BE,
- *   name: P.string(P.U8),
- *   nested: P.struct({
- *     flag: P.bool,
- *     value: P.I16LE
- *   })
- * });
- */
-function struct(fields) {
-    if (!isPlainObject(fields))
-        throw new Error(`struct: expected plain object, got ${fields}`);
-    for (const name in fields) {
-        if (!isCoder(fields[name]))
-            throw new Error(`struct: field ${name} is not CoderType`);
-    }
-    return wrap({
-        size: sizeof(Object.values(fields)),
-        encodeStream: (w, value) => {
-            w.pushObj(value, (fieldFn) => {
-                for (const name in fields)
-                    fieldFn(name, () => fields[name].encodeStream(w, value[name]));
-            });
-        },
-        decodeStream: (r) => {
-            const res = {};
-            r.pushObj(res, (fieldFn) => {
-                for (const name in fields)
-                    fieldFn(name, () => (res[name] = fields[name].decodeStream(r)));
-            });
-            return res;
-        },
-        validate: (value) => {
-            if (typeof value !== 'object' || value === null)
-                throw new Error(`struct: invalid value ${value}`);
-            return value;
-        },
-    });
-}
-/**
- * Tuple (unnamed structure) of CoderTypes. Same as struct but with unnamed fields.
- * @param fields - Array of CoderTypes.
- * @returns CoderType representing the tuple.
- * @example
- * const myTuple = P.tuple([P.U8, P.U16LE, P.string(P.U8)]);
- */
-function tuple(fields) {
-    if (!Array.isArray(fields))
-        throw new Error(`Packed.Tuple: got ${typeof fields} instead of array`);
-    for (let i = 0; i < fields.length; i++) {
-        if (!isCoder(fields[i]))
-            throw new Error(`tuple: field ${i} is not CoderType`);
-    }
-    return wrap({
-        size: sizeof(fields),
-        encodeStream: (w, value) => {
-            // TODO: fix types
-            if (!Array.isArray(value))
-                throw w.err(`tuple: invalid value ${value}`);
-            w.pushObj(value, (fieldFn) => {
-                for (let i = 0; i < fields.length; i++)
-                    fieldFn(`${i}`, () => fields[i].encodeStream(w, value[i]));
-            });
-        },
-        decodeStream: (r) => {
-            const res = [];
-            r.pushObj(res, (fieldFn) => {
-                for (let i = 0; i < fields.length; i++)
-                    fieldFn(`${i}`, () => res.push(fields[i].decodeStream(r)));
-            });
-            return res;
-        },
-        validate: (value) => {
-            if (!Array.isArray(value))
-                throw new Error(`tuple: invalid value ${value}`);
-            if (value.length !== fields.length)
-                throw new Error(`tuple: wrong length=${value.length}, expected ${fields.length}`);
-            return value;
-        },
-    });
-}
-/**
- * Array of items (inner type) with a specified length.
- * @param len - Length CoderType (dynamic size), number (fixed size), Uint8Array (for terminator), or null (will parse until end of buffer)
- * @param inner - CoderType for encoding/decoding each array item.
- * @returns CoderType representing the array.
- * @example
- * const a1 = P.array(P.U16BE, child); // Dynamic size array (prefixed with P.U16BE number of array length)
- * const a2 = P.array(4, child); // Fixed size array
- * const a3 = P.array(null, child); // Unknown size array, will parse until end of buffer
- * const a4 = P.array(new Uint8Array([0]), child); // zero-terminated array (NOTE: terminator can be any buffer)
- */
-function array(len, inner) {
-    if (!isCoder(inner))
-        throw new Error(`array: invalid inner value ${inner}`);
-    // By construction length is inside array (otherwise there will be various incorrect stack states)
-    // But forcing users always write '..' seems like bad idea. Also, breaking change.
-    const _length = lengthCoder(typeof len === 'string' ? `../${len}` : len);
-    return wrap({
-        size: typeof len === 'number' && inner.size ? len * inner.size : undefined,
-        encodeStream: (w, value) => {
-            const _w = w;
-            _w.pushObj(value, (fieldFn) => {
-                if (!isBytes$1(len))
-                    _length.encodeStream(w, value.length);
-                for (let i = 0; i < value.length; i++) {
-                    fieldFn(`${i}`, () => {
-                        const elm = value[i];
-                        const startPos = w.pos;
-                        inner.encodeStream(w, elm);
-                        if (isBytes$1(len)) {
-                            // Terminator is bigger than elm size, so skip
-                            if (len.length > _w.pos - startPos)
-                                return;
-                            const data = _w.finish(false).subarray(startPos, _w.pos);
-                            // There is still possible case when multiple elements create terminator,
-                            // but it is hard to catch here, will be very slow
-                            if (equalBytes$1(data.subarray(0, len.length), len))
-                                throw _w.err(`array: inner element encoding same as separator. elm=${elm} data=${data}`);
-                        }
-                    });
-                }
-            });
-            if (isBytes$1(len))
-                w.bytes(len);
-        },
-        decodeStream: (r) => {
-            const res = [];
-            r.pushObj(res, (fieldFn) => {
-                if (len === null) {
-                    for (let i = 0; !r.isEnd(); i++) {
-                        fieldFn(`${i}`, () => res.push(inner.decodeStream(r)));
-                        if (inner.size && r.leftBytes < inner.size)
-                            break;
-                    }
-                }
-                else if (isBytes$1(len)) {
-                    for (let i = 0;; i++) {
-                        if (equalBytes$1(r.bytes(len.length, true), len)) {
-                            // Advance cursor position if terminator found
-                            r.bytes(len.length);
-                            break;
-                        }
-                        fieldFn(`${i}`, () => res.push(inner.decodeStream(r)));
-                    }
-                }
-                else {
-                    let length;
-                    fieldFn('arrayLen', () => (length = _length.decodeStream(r)));
-                    for (let i = 0; i < length; i++)
-                        fieldFn(`${i}`, () => res.push(inner.decodeStream(r)));
-                }
-            });
-            return res;
-        },
-        validate: (value) => {
-            if (!Array.isArray(value))
-                throw new Error(`array: invalid value ${value}`);
-            return value;
-        },
-    });
-}
-
-const Point = secp256k1.ProjectivePoint;
-const CURVE_ORDER = secp256k1.CURVE.n;
-const isBytes = utils.isBytes;
-const concatBytes = utils.concatBytes;
-const equalBytes = utils.equalBytes;
-const hash160 = (msg) => ripemd160(sha256$1(msg));
-const sha256x2 = (...msgs) => sha256$1(sha256$1(concatBytes(...msgs)));
-const pubSchnorr = schnorr.getPublicKey;
-const pubECDSA = secp256k1.getPublicKey;
-// low-r signature grinding. Used to reduce tx size by 1 byte.
-// noble/secp256k1 does not support the feature: it is not used outside of BTC.
-// We implement it manually, because in BTC it's common.
-// Not best way, but closest to bitcoin implementation (easier to check)
-const hasLowR = (sig) => sig.r < CURVE_ORDER / 2n;
-function signECDSA(hash, privateKey, lowR = false) {
-    let sig = secp256k1.sign(hash, privateKey);
-    if (lowR && !hasLowR(sig)) {
-        const extraEntropy = new Uint8Array(32);
-        let counter = 0;
-        while (!hasLowR(sig)) {
-            extraEntropy.set(U32LE.encode(counter++));
-            sig = secp256k1.sign(hash, privateKey, { extraEntropy });
-            if (counter > 4294967295)
-                throw new Error('lowR counter overflow: report the error');
-        }
-    }
-    return sig.toDERRawBytes();
-}
-const signSchnorr = schnorr.sign;
-const tagSchnorr = schnorr.utils.taggedHash;
-var PubT;
-(function (PubT) {
-    PubT[PubT["ecdsa"] = 0] = "ecdsa";
-    PubT[PubT["schnorr"] = 1] = "schnorr";
-})(PubT || (PubT = {}));
-function validatePubkey(pub, type) {
-    const len = pub.length;
-    if (type === PubT.ecdsa) {
-        if (len === 32)
-            throw new Error('Expected non-Schnorr key');
-        Point.fromHex(pub); // does assertValidity
-        return pub;
-    }
-    else if (type === PubT.schnorr) {
-        if (len !== 32)
-            throw new Error('Expected 32-byte Schnorr key');
-        schnorr.utils.lift_x(schnorr.utils.bytesToNumberBE(pub));
-        return pub;
-    }
-    else {
-        throw new Error('Unknown key type');
-    }
-}
-function tapTweak(a, b) {
-    const u = schnorr.utils;
-    const t = u.taggedHash('TapTweak', a, b);
-    const tn = u.bytesToNumberBE(t);
-    if (tn >= CURVE_ORDER)
-        throw new Error('tweak higher than curve order');
-    return tn;
-}
-function taprootTweakPrivKey(privKey, merkleRoot = Uint8Array.of()) {
-    const u = schnorr.utils;
-    const seckey0 = u.bytesToNumberBE(privKey); // seckey0 = int_from_bytes(seckey0)
-    const P = Point.fromPrivateKey(seckey0); // P = point_mul(G, seckey0)
-    // seckey = seckey0 if has_even_y(P) else SECP256K1_ORDER - seckey0
-    const seckey = P.hasEvenY() ? seckey0 : u.mod(-seckey0, CURVE_ORDER);
-    const xP = u.pointToBytes(P);
-    // t = int_from_bytes(tagged_hash("TapTweak", bytes_from_int(x(P)) + h)); >= SECP256K1_ORDER check
-    const t = tapTweak(xP, merkleRoot);
-    // bytes_from_int((seckey + t) % SECP256K1_ORDER)
-    return u.numberToBytesBE(u.mod(seckey + t, CURVE_ORDER), 32);
-}
-function taprootTweakPubkey(pubKey, h) {
-    const u = schnorr.utils;
-    const t = tapTweak(pubKey, h); // t = int_from_bytes(tagged_hash("TapTweak", pubkey + h))
-    const P = u.lift_x(u.bytesToNumberBE(pubKey)); // P = lift_x(int_from_bytes(pubkey))
-    const Q = P.add(Point.fromPrivateKey(t)); // Q = point_add(P, point_mul(G, t))
-    const parity = Q.hasEvenY() ? 0 : 1; // 0 if has_even_y(Q) else 1
-    return [u.pointToBytes(Q), parity]; // bytes_from_int(x(Q))
-}
-// Another stupid decision, where lack of standard affects security.
-// Multisig needs to be generated with some key.
-// We are using approach from BIP 341/bitcoinjs-lib: SHA256(uncompressedDER(SECP256K1_GENERATOR_POINT))
-// It is possible to switch SECP256K1_GENERATOR_POINT with some random point;
-// but it's too complex to prove.
-// Also used by bitcoin-core and bitcoinjs-lib
-sha256$1(Point.BASE.toRawBytes(false));
-const NETWORK = {
-    bech32: 'bc',
-    pubKeyHash: 0x00,
-    scriptHash: 0x05,
-    wif: 0x80,
-};
-// Exported for tests, internal method
-function compareBytes(a, b) {
-    if (!isBytes(a) || !isBytes(b))
-        throw new Error(`cmp: wrong type a=${typeof a} b=${typeof b}`);
-    // -1 -> a<b, 0 -> a==b, 1 -> a>b
-    const len = Math.min(a.length, b.length);
-    for (let i = 0; i < len; i++)
-        if (a[i] != b[i])
-            return Math.sign(a[i] - b[i]);
-    return Math.sign(a.length - b.length);
-}
-
-// prettier-ignore
-var OP;
-(function (OP) {
-    OP[OP["OP_0"] = 0] = "OP_0";
-    OP[OP["PUSHDATA1"] = 76] = "PUSHDATA1";
-    OP[OP["PUSHDATA2"] = 77] = "PUSHDATA2";
-    OP[OP["PUSHDATA4"] = 78] = "PUSHDATA4";
-    OP[OP["1NEGATE"] = 79] = "1NEGATE";
-    OP[OP["RESERVED"] = 80] = "RESERVED";
-    OP[OP["OP_1"] = 81] = "OP_1";
-    OP[OP["OP_2"] = 82] = "OP_2";
-    OP[OP["OP_3"] = 83] = "OP_3";
-    OP[OP["OP_4"] = 84] = "OP_4";
-    OP[OP["OP_5"] = 85] = "OP_5";
-    OP[OP["OP_6"] = 86] = "OP_6";
-    OP[OP["OP_7"] = 87] = "OP_7";
-    OP[OP["OP_8"] = 88] = "OP_8";
-    OP[OP["OP_9"] = 89] = "OP_9";
-    OP[OP["OP_10"] = 90] = "OP_10";
-    OP[OP["OP_11"] = 91] = "OP_11";
-    OP[OP["OP_12"] = 92] = "OP_12";
-    OP[OP["OP_13"] = 93] = "OP_13";
-    OP[OP["OP_14"] = 94] = "OP_14";
-    OP[OP["OP_15"] = 95] = "OP_15";
-    OP[OP["OP_16"] = 96] = "OP_16";
-    // Control
-    OP[OP["NOP"] = 97] = "NOP";
-    OP[OP["VER"] = 98] = "VER";
-    OP[OP["IF"] = 99] = "IF";
-    OP[OP["NOTIF"] = 100] = "NOTIF";
-    OP[OP["VERIF"] = 101] = "VERIF";
-    OP[OP["VERNOTIF"] = 102] = "VERNOTIF";
-    OP[OP["ELSE"] = 103] = "ELSE";
-    OP[OP["ENDIF"] = 104] = "ENDIF";
-    OP[OP["VERIFY"] = 105] = "VERIFY";
-    OP[OP["RETURN"] = 106] = "RETURN";
-    // Stack
-    OP[OP["TOALTSTACK"] = 107] = "TOALTSTACK";
-    OP[OP["FROMALTSTACK"] = 108] = "FROMALTSTACK";
-    OP[OP["2DROP"] = 109] = "2DROP";
-    OP[OP["2DUP"] = 110] = "2DUP";
-    OP[OP["3DUP"] = 111] = "3DUP";
-    OP[OP["2OVER"] = 112] = "2OVER";
-    OP[OP["2ROT"] = 113] = "2ROT";
-    OP[OP["2SWAP"] = 114] = "2SWAP";
-    OP[OP["IFDUP"] = 115] = "IFDUP";
-    OP[OP["DEPTH"] = 116] = "DEPTH";
-    OP[OP["DROP"] = 117] = "DROP";
-    OP[OP["DUP"] = 118] = "DUP";
-    OP[OP["NIP"] = 119] = "NIP";
-    OP[OP["OVER"] = 120] = "OVER";
-    OP[OP["PICK"] = 121] = "PICK";
-    OP[OP["ROLL"] = 122] = "ROLL";
-    OP[OP["ROT"] = 123] = "ROT";
-    OP[OP["SWAP"] = 124] = "SWAP";
-    OP[OP["TUCK"] = 125] = "TUCK";
-    // Splice
-    OP[OP["CAT"] = 126] = "CAT";
-    OP[OP["SUBSTR"] = 127] = "SUBSTR";
-    OP[OP["LEFT"] = 128] = "LEFT";
-    OP[OP["RIGHT"] = 129] = "RIGHT";
-    OP[OP["SIZE"] = 130] = "SIZE";
-    // Boolean logic
-    OP[OP["INVERT"] = 131] = "INVERT";
-    OP[OP["AND"] = 132] = "AND";
-    OP[OP["OR"] = 133] = "OR";
-    OP[OP["XOR"] = 134] = "XOR";
-    OP[OP["EQUAL"] = 135] = "EQUAL";
-    OP[OP["EQUALVERIFY"] = 136] = "EQUALVERIFY";
-    OP[OP["RESERVED1"] = 137] = "RESERVED1";
-    OP[OP["RESERVED2"] = 138] = "RESERVED2";
-    // Numbers
-    OP[OP["1ADD"] = 139] = "1ADD";
-    OP[OP["1SUB"] = 140] = "1SUB";
-    OP[OP["2MUL"] = 141] = "2MUL";
-    OP[OP["2DIV"] = 142] = "2DIV";
-    OP[OP["NEGATE"] = 143] = "NEGATE";
-    OP[OP["ABS"] = 144] = "ABS";
-    OP[OP["NOT"] = 145] = "NOT";
-    OP[OP["0NOTEQUAL"] = 146] = "0NOTEQUAL";
-    OP[OP["ADD"] = 147] = "ADD";
-    OP[OP["SUB"] = 148] = "SUB";
-    OP[OP["MUL"] = 149] = "MUL";
-    OP[OP["DIV"] = 150] = "DIV";
-    OP[OP["MOD"] = 151] = "MOD";
-    OP[OP["LSHIFT"] = 152] = "LSHIFT";
-    OP[OP["RSHIFT"] = 153] = "RSHIFT";
-    OP[OP["BOOLAND"] = 154] = "BOOLAND";
-    OP[OP["BOOLOR"] = 155] = "BOOLOR";
-    OP[OP["NUMEQUAL"] = 156] = "NUMEQUAL";
-    OP[OP["NUMEQUALVERIFY"] = 157] = "NUMEQUALVERIFY";
-    OP[OP["NUMNOTEQUAL"] = 158] = "NUMNOTEQUAL";
-    OP[OP["LESSTHAN"] = 159] = "LESSTHAN";
-    OP[OP["GREATERTHAN"] = 160] = "GREATERTHAN";
-    OP[OP["LESSTHANOREQUAL"] = 161] = "LESSTHANOREQUAL";
-    OP[OP["GREATERTHANOREQUAL"] = 162] = "GREATERTHANOREQUAL";
-    OP[OP["MIN"] = 163] = "MIN";
-    OP[OP["MAX"] = 164] = "MAX";
-    OP[OP["WITHIN"] = 165] = "WITHIN";
-    // Crypto
-    OP[OP["RIPEMD160"] = 166] = "RIPEMD160";
-    OP[OP["SHA1"] = 167] = "SHA1";
-    OP[OP["SHA256"] = 168] = "SHA256";
-    OP[OP["HASH160"] = 169] = "HASH160";
-    OP[OP["HASH256"] = 170] = "HASH256";
-    OP[OP["CODESEPARATOR"] = 171] = "CODESEPARATOR";
-    OP[OP["CHECKSIG"] = 172] = "CHECKSIG";
-    OP[OP["CHECKSIGVERIFY"] = 173] = "CHECKSIGVERIFY";
-    OP[OP["CHECKMULTISIG"] = 174] = "CHECKMULTISIG";
-    OP[OP["CHECKMULTISIGVERIFY"] = 175] = "CHECKMULTISIGVERIFY";
-    // Expansion
-    OP[OP["NOP1"] = 176] = "NOP1";
-    OP[OP["CHECKLOCKTIMEVERIFY"] = 177] = "CHECKLOCKTIMEVERIFY";
-    OP[OP["CHECKSEQUENCEVERIFY"] = 178] = "CHECKSEQUENCEVERIFY";
-    OP[OP["NOP4"] = 179] = "NOP4";
-    OP[OP["NOP5"] = 180] = "NOP5";
-    OP[OP["NOP6"] = 181] = "NOP6";
-    OP[OP["NOP7"] = 182] = "NOP7";
-    OP[OP["NOP8"] = 183] = "NOP8";
-    OP[OP["NOP9"] = 184] = "NOP9";
-    OP[OP["NOP10"] = 185] = "NOP10";
-    // BIP 342
-    OP[OP["CHECKSIGADD"] = 186] = "CHECKSIGADD";
-    // Invalid
-    OP[OP["INVALID"] = 255] = "INVALID";
-})(OP || (OP = {}));
-// We can encode almost any number as ScriptNum, however, parsing will be a problem
-// since we can't know if buffer is a number or something else.
-function ScriptNum(bytesLimit = 6, forceMinimal = false) {
-    return wrap({
-        encodeStream: (w, value) => {
-            if (value === 0n)
-                return;
-            const neg = value < 0;
-            const val = BigInt(value);
-            const nums = [];
-            for (let abs = neg ? -val : val; abs; abs >>= 8n)
-                nums.push(Number(abs & 0xffn));
-            if (nums[nums.length - 1] >= 0x80)
-                nums.push(neg ? 0x80 : 0);
-            else if (neg)
-                nums[nums.length - 1] |= 0x80;
-            w.bytes(new Uint8Array(nums));
-        },
-        decodeStream: (r) => {
-            const len = r.leftBytes;
-            if (len > bytesLimit)
-                throw new Error(`ScriptNum: number (${len}) bigger than limit=${bytesLimit}`);
-            if (len === 0)
-                return 0n;
-            if (forceMinimal) {
-                const data = r.bytes(len, true);
-                // MSB is zero (without sign bit) -> not minimally encoded
-                if ((data[data.length - 1] & 0x7f) === 0) {
-                    // exception
-                    if (len <= 1 || (data[data.length - 2] & 0x80) === 0)
-                        throw new Error('Non-minimally encoded ScriptNum');
-                }
-            }
-            let last = 0;
-            let res = 0n;
-            for (let i = 0; i < len; ++i) {
-                last = r.byte();
-                res |= BigInt(last) << (8n * BigInt(i));
-            }
-            if (last >= 0x80) {
-                res &= (2n ** BigInt(len * 8) - 1n) >> 1n;
-                res = -res;
-            }
-            return res;
-        },
-    });
-}
-function OpToNum(op, bytesLimit = 4, forceMinimal = true) {
-    if (typeof op === 'number')
-        return op;
-    if (isBytes(op)) {
-        try {
-            const val = ScriptNum(bytesLimit, forceMinimal).decode(op);
-            if (val > Number.MAX_SAFE_INTEGER)
-                return;
-            return Number(val);
-        }
-        catch (e) {
-            return;
-        }
-    }
-    return;
-}
-// Converts script bytes to parsed script
-// 5221030000000000000000000000000000000000000000000000000000000000000001210300000000000000000000000000000000000000000000000000000000000000022103000000000000000000000000000000000000000000000000000000000000000353ae
-// =>
-// OP_2
-//   030000000000000000000000000000000000000000000000000000000000000001
-//   030000000000000000000000000000000000000000000000000000000000000002
-//   030000000000000000000000000000000000000000000000000000000000000003
-//   OP_3
-//   CHECKMULTISIG
-const Script = wrap({
-    encodeStream: (w, value) => {
-        for (let o of value) {
-            if (typeof o === 'string') {
-                if (OP[o] === undefined)
-                    throw new Error(`Unknown opcode=${o}`);
-                w.byte(OP[o]);
-                continue;
-            }
-            else if (typeof o === 'number') {
-                if (o === 0x00) {
-                    w.byte(0x00);
-                    continue;
-                }
-                else if (1 <= o && o <= 16) {
-                    w.byte(OP.OP_1 - 1 + o);
-                    continue;
-                }
-            }
-            // Encode big numbers
-            if (typeof o === 'number')
-                o = ScriptNum().encode(BigInt(o));
-            if (!isBytes(o))
-                throw new Error(`Wrong Script OP=${o} (${typeof o})`);
-            // Bytes
-            const len = o.length;
-            if (len < OP.PUSHDATA1)
-                w.byte(len);
-            else if (len <= 0xff) {
-                w.byte(OP.PUSHDATA1);
-                w.byte(len);
-            }
-            else if (len <= 0xffff) {
-                w.byte(OP.PUSHDATA2);
-                w.bytes(U16LE.encode(len));
-            }
-            else {
-                w.byte(OP.PUSHDATA4);
-                w.bytes(U32LE.encode(len));
-            }
-            w.bytes(o);
-        }
-    },
-    decodeStream: (r) => {
-        const out = [];
-        while (!r.isEnd()) {
-            const cur = r.byte();
-            // if 0 < cur < 78
-            if (OP.OP_0 < cur && cur <= OP.PUSHDATA4) {
-                let len;
-                if (cur < OP.PUSHDATA1)
-                    len = cur;
-                else if (cur === OP.PUSHDATA1)
-                    len = U8.decodeStream(r);
-                else if (cur === OP.PUSHDATA2)
-                    len = U16LE.decodeStream(r);
-                else if (cur === OP.PUSHDATA4)
-                    len = U32LE.decodeStream(r);
-                else
-                    throw new Error('Should be not possible');
-                out.push(r.bytes(len));
-            }
-            else if (cur === 0x00) {
-                out.push(0);
-            }
-            else if (OP.OP_1 <= cur && cur <= OP.OP_16) {
-                out.push(cur - (OP.OP_1 - 1));
-            }
-            else {
-                const op = OP[cur];
-                if (op === undefined)
-                    throw new Error(`Unknown opcode=${cur.toString(16)}`);
-                out.push(op);
-            }
-        }
-        return out;
-    },
-});
-// BTC specific variable length integer encoding
-// https://en.bitcoin.it/wiki/Protocol_documentation#Variable_length_integer
-const CSLimits = {
-    0xfd: [0xfd, 2, 253n, 65535n],
-    0xfe: [0xfe, 4, 65536n, 4294967295n],
-    0xff: [0xff, 8, 4294967296n, 18446744073709551615n],
-};
-const CompactSize = wrap({
-    encodeStream: (w, value) => {
-        if (typeof value === 'number')
-            value = BigInt(value);
-        if (0n <= value && value <= 252n)
-            return w.byte(Number(value));
-        for (const [flag, bytes, start, stop] of Object.values(CSLimits)) {
-            if (start > value || value > stop)
-                continue;
-            w.byte(flag);
-            for (let i = 0; i < bytes; i++)
-                w.byte(Number((value >> (8n * BigInt(i))) & 0xffn));
-            return;
-        }
-        throw w.err(`VarInt too big: ${value}`);
-    },
-    decodeStream: (r) => {
-        const b0 = r.byte();
-        if (b0 <= 0xfc)
-            return BigInt(b0);
-        const [_, bytes, start] = CSLimits[b0];
-        let num = 0n;
-        for (let i = 0; i < bytes; i++)
-            num |= BigInt(r.byte()) << (8n * BigInt(i));
-        if (num < start)
-            throw r.err(`Wrong CompactSize(${8 * bytes})`);
-        return num;
-    },
-});
-// Same thing, but in number instead of bigint. Checks for safe integer inside
-const CompactSizeLen = apply(CompactSize, coders.numberBigint);
-// ui8a of size <CompactSize>
-const VarBytes = createBytes(CompactSize);
-// SegWit v0 stack of witness buffers
-const RawWitness = array(CompactSizeLen, VarBytes);
-// Array of size <CompactSize>
-const BTCArray = (t) => array(CompactSize, t);
-const RawInput = struct({
-    txid: createBytes(32, true), // hash(prev_tx),
-    index: U32LE, // output number of previous tx
-    finalScriptSig: VarBytes, // btc merges input and output script, executes it. If ok = tx passes
-    sequence: U32LE, // ?
-});
-const RawOutput = struct({ amount: U64LE, script: VarBytes });
-// https://en.bitcoin.it/wiki/Protocol_documentation#tx
-const _RawTx = struct({
-    version: I32LE,
-    segwitFlag: flag(new Uint8Array([0x00, 0x01])),
-    inputs: BTCArray(RawInput),
-    outputs: BTCArray(RawOutput),
-    witnesses: flagged('segwitFlag', array('inputs/length', RawWitness)),
-    // < 500000000	Block number at which this transaction is unlocked
-    // >= 500000000	UNIX timestamp at which this transaction is unlocked
-    // Handled as part of PSBTv2
-    lockTime: U32LE,
-});
-function validateRawTx(tx) {
-    if (tx.segwitFlag && tx.witnesses && !tx.witnesses.length)
-        throw new Error('Segwit flag with empty witnesses array');
-    return tx;
-}
-const RawTx = validate(_RawTx, validateRawTx);
-// Pre-SegWit serialization format (for PSBTv0)
-const RawOldTx = struct({
-    version: I32LE,
-    inputs: BTCArray(RawInput),
-    outputs: BTCArray(RawOutput),
-    lockTime: U32LE,
-});
-
-// PSBT BIP174, BIP370, BIP371
-// Can be 33 or 64 bytes
-const PubKeyECDSA = validate(createBytes(null), (pub) => validatePubkey(pub, PubT.ecdsa));
-const PubKeySchnorr = validate(createBytes(32), (pub) => validatePubkey(pub, PubT.schnorr));
-const SignatureSchnorr = validate(createBytes(null), (sig) => {
-    if (sig.length !== 64 && sig.length !== 65)
-        throw new Error('Schnorr signature should be 64 or 65 bytes long');
-    return sig;
-});
-const BIP32Der = struct({
-    fingerprint: U32BE,
-    path: array(null, U32LE),
-});
-const TaprootBIP32Der = struct({
-    hashes: array(CompactSizeLen, createBytes(32)),
-    der: BIP32Der,
-});
-// The 78 byte serialized extended public key as defined by BIP 32.
-const GlobalXPUB = createBytes(78);
-const tapScriptSigKey = struct({ pubKey: PubKeySchnorr, leafHash: createBytes(32) });
-// Complex structure for PSBT fields
-// <control byte with leaf version and parity bit> <internal key p> <C> <E> <AB>
-const _TaprootControlBlock = struct({
-    version: U8, // With parity :(
-    internalKey: createBytes(32),
-    merklePath: array(null, createBytes(32)),
-});
-const TaprootControlBlock = validate(_TaprootControlBlock, (cb) => {
-    if (cb.merklePath.length > 128)
-        throw new Error('TaprootControlBlock: merklePath should be of length 0..128 (inclusive)');
-    return cb;
-});
-// {<8-bit uint depth> <8-bit uint leaf version> <compact size uint scriptlen> <bytes script>}*
-const tapTree = array(null, struct({
-    depth: U8,
-    version: U8,
-    script: VarBytes,
-}));
-const BytesInf = createBytes(null); // Bytes will conflict with Bytes type
-const Bytes20 = createBytes(20);
-const Bytes32 = createBytes(32);
-// versionsRequiringExclusing = !versionsAllowsInclusion (as set)
-// {name: [tag, keyCoder, valueCoder, versionsRequiringInclusion, versionsRequiringExclusing, versionsAllowsInclusion, silentIgnore]}
-// SilentIgnore: we use some v2 fields for v1 representation too, so we just clean them before serialize
-// Tables from BIP-0174 (https://github.com/bitcoin/bips/blob/master/bip-0174.mediawiki)
-// prettier-ignore
-const PSBTGlobal = {
-    unsignedTx: [0x00, false, RawOldTx, [0], [0], false],
-    xpub: [0x01, GlobalXPUB, BIP32Der, [], [0, 2], false],
-    txVersion: [0x02, false, U32LE, [2], [2], false],
-    fallbackLocktime: [0x03, false, U32LE, [], [2], false],
-    inputCount: [0x04, false, CompactSizeLen, [2], [2], false],
-    outputCount: [0x05, false, CompactSizeLen, [2], [2], false],
-    txModifiable: [0x06, false, U8, [], [2], false], // TODO: bitfield
-    version: [0xfb, false, U32LE, [], [0, 2], false],
-    proprietary: [0xfc, BytesInf, BytesInf, [], [0, 2], false],
-};
-// prettier-ignore
-const PSBTInput = {
-    nonWitnessUtxo: [0x00, false, RawTx, [], [0, 2], false],
-    witnessUtxo: [0x01, false, RawOutput, [], [0, 2], false],
-    partialSig: [0x02, PubKeyECDSA, BytesInf, [], [0, 2], false],
-    sighashType: [0x03, false, U32LE, [], [0, 2], false],
-    redeemScript: [0x04, false, BytesInf, [], [0, 2], false],
-    witnessScript: [0x05, false, BytesInf, [], [0, 2], false],
-    bip32Derivation: [0x06, PubKeyECDSA, BIP32Der, [], [0, 2], false],
-    finalScriptSig: [0x07, false, BytesInf, [], [0, 2], false],
-    finalScriptWitness: [0x08, false, RawWitness, [], [0, 2], false],
-    porCommitment: [0x09, false, BytesInf, [], [0, 2], false],
-    ripemd160: [0x0a, Bytes20, BytesInf, [], [0, 2], false],
-    sha256: [0x0b, Bytes32, BytesInf, [], [0, 2], false],
-    hash160: [0x0c, Bytes20, BytesInf, [], [0, 2], false],
-    hash256: [0x0d, Bytes32, BytesInf, [], [0, 2], false],
-    txid: [0x0e, false, Bytes32, [2], [2], true],
-    index: [0x0f, false, U32LE, [2], [2], true],
-    sequence: [0x10, false, U32LE, [], [2], true],
-    requiredTimeLocktime: [0x11, false, U32LE, [], [2], false],
-    requiredHeightLocktime: [0x12, false, U32LE, [], [2], false],
-    tapKeySig: [0x13, false, SignatureSchnorr, [], [0, 2], false],
-    tapScriptSig: [0x14, tapScriptSigKey, SignatureSchnorr, [], [0, 2], false],
-    tapLeafScript: [0x15, TaprootControlBlock, BytesInf, [], [0, 2], false],
-    tapBip32Derivation: [0x16, Bytes32, TaprootBIP32Der, [], [0, 2], false],
-    tapInternalKey: [0x17, false, PubKeySchnorr, [], [0, 2], false],
-    tapMerkleRoot: [0x18, false, Bytes32, [], [0, 2], false],
-    proprietary: [0xfc, BytesInf, BytesInf, [], [0, 2], false],
-};
-// All other keys removed when finalizing
-const PSBTInputFinalKeys = [
-    'txid',
-    'sequence',
-    'index',
-    'witnessUtxo',
-    'nonWitnessUtxo',
-    'finalScriptSig',
-    'finalScriptWitness',
-    'unknown',
-];
-// Can be modified even on signed input
-const PSBTInputUnsignedKeys = [
-    'partialSig',
-    'finalScriptSig',
-    'finalScriptWitness',
-    'tapKeySig',
-    'tapScriptSig',
-];
-// prettier-ignore
-const PSBTOutput = {
-    redeemScript: [0x00, false, BytesInf, [], [0, 2], false],
-    witnessScript: [0x01, false, BytesInf, [], [0, 2], false],
-    bip32Derivation: [0x02, PubKeyECDSA, BIP32Der, [], [0, 2], false],
-    amount: [0x03, false, I64LE, [2], [2], true],
-    script: [0x04, false, BytesInf, [2], [2], true],
-    tapInternalKey: [0x05, false, PubKeySchnorr, [], [0, 2], false],
-    tapTree: [0x06, false, tapTree, [], [0, 2], false],
-    tapBip32Derivation: [0x07, PubKeySchnorr, TaprootBIP32Der, [], [0, 2], false],
-    proprietary: [0xfc, BytesInf, BytesInf, [], [0, 2], false],
-};
-// Can be modified even on signed input
-const PSBTOutputUnsignedKeys = [];
-const PSBTKeyPair = array(NULL, struct({
-    //  <key> := <keylen> <keytype> <keydata> WHERE keylen = len(keytype)+len(keydata)
-    key: prefix(CompactSizeLen, struct({ type: CompactSizeLen, key: createBytes(null) })),
-    //  <value> := <valuelen> <valuedata>
-    value: createBytes(CompactSizeLen),
-}));
-function PSBTKeyInfo(info) {
-    const [type, kc, vc, reqInc, allowInc, silentIgnore] = info;
-    return { type, kc, vc, reqInc, allowInc, silentIgnore };
-}
-struct({ type: CompactSizeLen, key: createBytes(null) });
-// Key cannot be 'unknown', value coder cannot be array for elements with empty key
-function PSBTKeyMap(psbtEnum) {
-    // -> Record<type, [keyName, ...coders]>
-    const byType = {};
-    for (const k in psbtEnum) {
-        const [num, kc, vc] = psbtEnum[k];
-        byType[num] = [k, kc, vc];
-    }
-    return wrap({
-        encodeStream: (w, value) => {
-            let out = [];
-            // Because we use order of psbtEnum, keymap is sorted here
-            for (const name in psbtEnum) {
-                const val = value[name];
-                if (val === undefined)
-                    continue;
-                const [type, kc, vc] = psbtEnum[name];
-                if (!kc) {
-                    out.push({ key: { type, key: EMPTY }, value: vc.encode(val) });
-                }
-                else {
-                    // Low level interface, returns keys as is (with duplicates). Useful for debug
-                    const kv = val.map(([k, v]) => [
-                        kc.encode(k),
-                        vc.encode(v),
-                    ]);
-                    // sort by keys
-                    kv.sort((a, b) => compareBytes(a[0], b[0]));
-                    for (const [key, value] of kv)
-                        out.push({ key: { key, type }, value });
-                }
-            }
-            if (value.unknown) {
-                value.unknown.sort((a, b) => compareBytes(a[0].key, b[0].key));
-                for (const [k, v] of value.unknown)
-                    out.push({ key: k, value: v });
-            }
-            PSBTKeyPair.encodeStream(w, out);
-        },
-        decodeStream: (r) => {
-            const raw = PSBTKeyPair.decodeStream(r);
-            const out = {};
-            const noKey = {};
-            for (const elm of raw) {
-                let name = 'unknown';
-                let key = elm.key.key;
-                let value = elm.value;
-                if (byType[elm.key.type]) {
-                    const [_name, kc, vc] = byType[elm.key.type];
-                    name = _name;
-                    if (!kc && key.length) {
-                        throw new Error(`PSBT: Non-empty key for ${name} (key=${hex.encode(key)} value=${hex.encode(value)}`);
-                    }
-                    key = kc ? kc.decode(key) : undefined;
-                    value = vc.decode(value);
-                    if (!kc) {
-                        if (out[name])
-                            throw new Error(`PSBT: Same keys: ${name} (key=${key} value=${value})`);
-                        out[name] = value;
-                        noKey[name] = true;
-                        continue;
-                    }
-                }
-                else {
-                    // For unknown: add key type inside key
-                    key = { type: elm.key.type, key: elm.key.key };
-                }
-                // Only keyed elements at this point
-                if (noKey[name])
-                    throw new Error(`PSBT: Key type with empty key and no key=${name} val=${value}`);
-                if (!out[name])
-                    out[name] = [];
-                out[name].push([key, value]);
-            }
-            return out;
-        },
-    });
-}
-const PSBTInputCoder = validate(PSBTKeyMap(PSBTInput), (i) => {
-    if (i.finalScriptWitness && !i.finalScriptWitness.length)
-        throw new Error('validateInput: empty finalScriptWitness');
-    //if (i.finalScriptSig && !i.finalScriptSig.length) throw new Error('validateInput: empty finalScriptSig');
-    if (i.partialSig && !i.partialSig.length)
-        throw new Error('Empty partialSig');
-    if (i.partialSig)
-        for (const [k] of i.partialSig)
-            validatePubkey(k, PubT.ecdsa);
-    if (i.bip32Derivation)
-        for (const [k] of i.bip32Derivation)
-            validatePubkey(k, PubT.ecdsa);
-    // Locktime = unsigned little endian integer greater than or equal to 500000000 representing
-    if (i.requiredTimeLocktime !== undefined && i.requiredTimeLocktime < 500000000)
-        throw new Error(`validateInput: wrong timeLocktime=${i.requiredTimeLocktime}`);
-    // unsigned little endian integer greater than 0 and less than 500000000
-    if (i.requiredHeightLocktime !== undefined &&
-        (i.requiredHeightLocktime <= 0 || i.requiredHeightLocktime >= 500000000))
-        throw new Error(`validateInput: wrong heighLocktime=${i.requiredHeightLocktime}`);
-    if (i.tapLeafScript) {
-        // tap leaf version appears here twice: in control block and at the end of script
-        for (const [k, v] of i.tapLeafScript) {
-            if ((k.version & 254) !== v[v.length - 1])
-                throw new Error('validateInput: tapLeafScript version mimatch');
-            if (v[v.length - 1] & 1)
-                throw new Error('validateInput: tapLeafScript version has parity bit!');
-        }
-    }
-    return i;
-});
-const PSBTOutputCoder = validate(PSBTKeyMap(PSBTOutput), (o) => {
-    if (o.bip32Derivation)
-        for (const [k] of o.bip32Derivation)
-            validatePubkey(k, PubT.ecdsa);
-    return o;
-});
-const PSBTGlobalCoder = validate(PSBTKeyMap(PSBTGlobal), (g) => {
-    const version = g.version || 0;
-    if (version === 0) {
-        if (!g.unsignedTx)
-            throw new Error('PSBTv0: missing unsignedTx');
-        for (const inp of g.unsignedTx.inputs)
-            if (inp.finalScriptSig && inp.finalScriptSig.length)
-                throw new Error('PSBTv0: input scriptSig found in unsignedTx');
-    }
-    return g;
-});
-const _RawPSBTV0 = struct({
-    magic: magic(string(new Uint8Array([0xff])), 'psbt'),
-    global: PSBTGlobalCoder,
-    inputs: array('global/unsignedTx/inputs/length', PSBTInputCoder),
-    outputs: array(null, PSBTOutputCoder),
-});
-const _RawPSBTV2 = struct({
-    magic: magic(string(new Uint8Array([0xff])), 'psbt'),
-    global: PSBTGlobalCoder,
-    inputs: array('global/inputCount', PSBTInputCoder),
-    outputs: array('global/outputCount', PSBTOutputCoder),
-});
-struct({
-    magic: magic(string(new Uint8Array([0xff])), 'psbt'),
-    items: array(null, apply(array(NULL, tuple([createHex(CompactSizeLen), createBytes(CompactSize)])), coders.dict())),
-});
-function validatePSBTFields(version, info, lst) {
-    for (const k in lst) {
-        if (k === 'unknown')
-            continue;
-        if (!info[k])
-            continue;
-        const { allowInc } = PSBTKeyInfo(info[k]);
-        if (!allowInc.includes(version))
-            throw new Error(`PSBTv${version}: field ${k} is not allowed`);
-    }
-    for (const k in info) {
-        const { reqInc } = PSBTKeyInfo(info[k]);
-        if (reqInc.includes(version) && lst[k] === undefined)
-            throw new Error(`PSBTv${version}: missing required field ${k}`);
-    }
-}
-function cleanPSBTFields(version, info, lst) {
-    const out = {};
-    for (const _k in lst) {
-        const k = _k;
-        if (k !== 'unknown') {
-            if (!info[k])
-                continue;
-            const { allowInc, silentIgnore } = PSBTKeyInfo(info[k]);
-            if (!allowInc.includes(version)) {
-                if (silentIgnore)
-                    continue;
-                throw new Error(`Failed to serialize in PSBTv${version}: ${k} but versions allows inclusion=${allowInc}`);
-            }
-        }
-        out[k] = lst[k];
-    }
-    return out;
-}
-function validatePSBT(tx) {
-    const version = (tx && tx.global && tx.global.version) || 0;
-    validatePSBTFields(version, PSBTGlobal, tx.global);
-    for (const i of tx.inputs)
-        validatePSBTFields(version, PSBTInput, i);
-    for (const o of tx.outputs)
-        validatePSBTFields(version, PSBTOutput, o);
-    // We allow only one empty element at the end of map (compat with bitcoinjs-lib bug)
-    const inputCount = !version ? tx.global.unsignedTx.inputs.length : tx.global.inputCount;
-    if (tx.inputs.length < inputCount)
-        throw new Error('Not enough inputs');
-    const inputsLeft = tx.inputs.slice(inputCount);
-    if (inputsLeft.length > 1 || (inputsLeft.length && Object.keys(inputsLeft[0]).length))
-        throw new Error(`Unexpected inputs left in tx=${inputsLeft}`);
-    // Same for inputs
-    const outputCount = !version ? tx.global.unsignedTx.outputs.length : tx.global.outputCount;
-    if (tx.outputs.length < outputCount)
-        throw new Error('Not outputs inputs');
-    const outputsLeft = tx.outputs.slice(outputCount);
-    if (outputsLeft.length > 1 || (outputsLeft.length && Object.keys(outputsLeft[0]).length))
-        throw new Error(`Unexpected outputs left in tx=${outputsLeft}`);
-    return tx;
-}
-function mergeKeyMap(psbtEnum, val, cur, allowedFields, allowUnknown) {
-    const res = { ...cur, ...val };
-    // All arguments can be provided as hex
-    for (const k in psbtEnum) {
-        const key = k;
-        const [_, kC, vC] = psbtEnum[key];
-        const cannotChange = allowedFields && !allowedFields.includes(k);
-        if (val[k] === undefined && k in val) {
-            if (cannotChange)
-                throw new Error(`Cannot remove signed field=${k}`);
-            delete res[k];
-        }
-        else if (kC) {
-            const oldKV = (cur && cur[k] ? cur[k] : []);
-            let newKV = val[key];
-            if (newKV) {
-                if (!Array.isArray(newKV))
-                    throw new Error(`keyMap(${k}): KV pairs should be [k, v][]`);
-                // Decode hex in k-v
-                newKV = newKV.map((val) => {
-                    if (val.length !== 2)
-                        throw new Error(`keyMap(${k}): KV pairs should be [k, v][]`);
-                    return [
-                        typeof val[0] === 'string' ? kC.decode(hex.decode(val[0])) : val[0],
-                        typeof val[1] === 'string' ? vC.decode(hex.decode(val[1])) : val[1],
-                    ];
-                });
-                const map = {};
-                const add = (kStr, k, v) => {
-                    if (map[kStr] === undefined) {
-                        map[kStr] = [k, v];
-                        return;
-                    }
-                    const oldVal = hex.encode(vC.encode(map[kStr][1]));
-                    const newVal = hex.encode(vC.encode(v));
-                    if (oldVal !== newVal)
-                        throw new Error(`keyMap(${key}): same key=${kStr} oldVal=${oldVal} newVal=${newVal}`);
-                };
-                for (const [k, v] of oldKV) {
-                    const kStr = hex.encode(kC.encode(k));
-                    add(kStr, k, v);
-                }
-                for (const [k, v] of newKV) {
-                    const kStr = hex.encode(kC.encode(k));
-                    // undefined removes previous value
-                    if (v === undefined) {
-                        if (cannotChange)
-                            throw new Error(`Cannot remove signed field=${key}/${k}`);
-                        delete map[kStr];
-                    }
-                    else
-                        add(kStr, k, v);
-                }
-                res[key] = Object.values(map);
-            }
-        }
-        else if (typeof res[k] === 'string') {
-            res[k] = vC.decode(hex.decode(res[k]));
-        }
-        else if (cannotChange && k in val && cur && cur[k] !== undefined) {
-            if (!equalBytes(vC.encode(val[k]), vC.encode(cur[k])))
-                throw new Error(`Cannot change signed field=${k}`);
-        }
-    }
-    // Remove unknown keys except the "unknown" array if allowUnknown is true
-    for (const k in res) {
-        if (!psbtEnum[k]) {
-            if (allowUnknown && k === 'unknown')
-                continue;
-            delete res[k];
-        }
-    }
-    return res;
-}
-const RawPSBTV0 = validate(_RawPSBTV0, validatePSBT);
-const RawPSBTV2 = validate(_RawPSBTV2, validatePSBT);
-
-const OutP2A = {
-    encode(from) {
-        if (from.length !== 2 || from[0] !== 1 || !isBytes(from[1]) || hex.encode(from[1]) !== '4e73')
-            return;
-        return { type: 'p2a', script: Script.encode(from) };
-    },
-    decode: (to) => {
-        if (to.type !== 'p2a')
-            return;
-        return [1, hex.decode('4e73')];
-    },
-};
-function isValidPubkey(pub, type) {
-    try {
-        validatePubkey(pub, type);
-        return true;
-    }
-    catch (e) {
-        return false;
-    }
-}
-const OutPK = {
-    encode(from) {
-        if (from.length !== 2 ||
-            !isBytes(from[0]) ||
-            !isValidPubkey(from[0], PubT.ecdsa) ||
-            from[1] !== 'CHECKSIG')
-            return;
-        return { type: 'pk', pubkey: from[0] };
-    },
-    decode: (to) => (to.type === 'pk' ? [to.pubkey, 'CHECKSIG'] : undefined),
-};
-const OutPKH = {
-    encode(from) {
-        if (from.length !== 5 || from[0] !== 'DUP' || from[1] !== 'HASH160' || !isBytes(from[2]))
-            return;
-        if (from[3] !== 'EQUALVERIFY' || from[4] !== 'CHECKSIG')
-            return;
-        return { type: 'pkh', hash: from[2] };
-    },
-    decode: (to) => to.type === 'pkh' ? ['DUP', 'HASH160', to.hash, 'EQUALVERIFY', 'CHECKSIG'] : undefined,
-};
-const OutSH = {
-    encode(from) {
-        if (from.length !== 3 || from[0] !== 'HASH160' || !isBytes(from[1]) || from[2] !== 'EQUAL')
-            return;
-        return { type: 'sh', hash: from[1] };
-    },
-    decode: (to) => to.type === 'sh' ? ['HASH160', to.hash, 'EQUAL'] : undefined,
-};
-const OutWSH = {
-    encode(from) {
-        if (from.length !== 2 || from[0] !== 0 || !isBytes(from[1]))
-            return;
-        if (from[1].length !== 32)
-            return;
-        return { type: 'wsh', hash: from[1] };
-    },
-    decode: (to) => (to.type === 'wsh' ? [0, to.hash] : undefined),
-};
-const OutWPKH = {
-    encode(from) {
-        if (from.length !== 2 || from[0] !== 0 || !isBytes(from[1]))
-            return;
-        if (from[1].length !== 20)
-            return;
-        return { type: 'wpkh', hash: from[1] };
-    },
-    decode: (to) => (to.type === 'wpkh' ? [0, to.hash] : undefined),
-};
-const OutMS = {
-    encode(from) {
-        const last = from.length - 1;
-        if (from[last] !== 'CHECKMULTISIG')
-            return;
-        const m = from[0];
-        const n = from[last - 1];
-        if (typeof m !== 'number' || typeof n !== 'number')
-            return;
-        const pubkeys = from.slice(1, -2);
-        if (n !== pubkeys.length)
-            return;
-        for (const pub of pubkeys)
-            if (!isBytes(pub))
-                return;
-        return { type: 'ms', m, pubkeys: pubkeys }; // we don't need n, since it is the same as pubkeys
-    },
-    // checkmultisig(n, ..pubkeys, m)
-    decode: (to) => to.type === 'ms' ? [to.m, ...to.pubkeys, to.pubkeys.length, 'CHECKMULTISIG'] : undefined,
-};
-const OutTR = {
-    encode(from) {
-        if (from.length !== 2 || from[0] !== 1 || !isBytes(from[1]))
-            return;
-        return { type: 'tr', pubkey: from[1] };
-    },
-    decode: (to) => (to.type === 'tr' ? [1, to.pubkey] : undefined),
-};
-const OutTRNS = {
-    encode(from) {
-        const last = from.length - 1;
-        if (from[last] !== 'CHECKSIG')
-            return;
-        const pubkeys = [];
-        // On error return, since it can be different script
-        for (let i = 0; i < last; i++) {
-            const elm = from[i];
-            if (i & 1) {
-                if (elm !== 'CHECKSIGVERIFY' || i === last - 1)
-                    return;
-                continue;
-            }
-            if (!isBytes(elm))
-                return;
-            pubkeys.push(elm);
-        }
-        return { type: 'tr_ns', pubkeys };
-    },
-    decode: (to) => {
-        if (to.type !== 'tr_ns')
-            return;
-        const out = [];
-        for (let i = 0; i < to.pubkeys.length - 1; i++)
-            out.push(to.pubkeys[i], 'CHECKSIGVERIFY');
-        out.push(to.pubkeys[to.pubkeys.length - 1], 'CHECKSIG');
-        return out;
-    },
-};
-const OutTRMS = {
-    encode(from) {
-        const last = from.length - 1;
-        if (from[last] !== 'NUMEQUAL' || from[1] !== 'CHECKSIG')
-            return;
-        const pubkeys = [];
-        const m = OpToNum(from[last - 1]);
-        if (typeof m !== 'number')
-            return;
-        for (let i = 0; i < last - 1; i++) {
-            const elm = from[i];
-            if (i & 1) {
-                if (elm !== (i === 1 ? 'CHECKSIG' : 'CHECKSIGADD'))
-                    throw new Error('OutScript.encode/tr_ms: wrong element');
-                continue;
-            }
-            if (!isBytes(elm))
-                throw new Error('OutScript.encode/tr_ms: wrong key element');
-            pubkeys.push(elm);
-        }
-        return { type: 'tr_ms', pubkeys, m };
-    },
-    decode: (to) => {
-        if (to.type !== 'tr_ms')
-            return;
-        const out = [to.pubkeys[0], 'CHECKSIG'];
-        for (let i = 1; i < to.pubkeys.length; i++)
-            out.push(to.pubkeys[i], 'CHECKSIGADD');
-        out.push(to.m, 'NUMEQUAL');
-        return out;
-    },
-};
-const OutUnknown = {
-    encode(from) {
-        return { type: 'unknown', script: Script.encode(from) };
-    },
-    decode: (to) => to.type === 'unknown' ? Script.decode(to.script) : undefined,
-};
-// /Payments
-const OutScripts = [
-    OutP2A,
-    OutPK,
-    OutPKH,
-    OutSH,
-    OutWSH,
-    OutWPKH,
-    OutMS,
-    OutTR,
-    OutTRNS,
-    OutTRMS,
-    OutUnknown,
-];
-// TODO: we can support user supplied output scripts now
-// - addOutScript
-// - removeOutScript
-// - We can do that as log we modify array in-place
-// - Actually is very hard, since there is sign/finalize logic
-const _OutScript = apply(Script, coders.match(OutScripts));
-// We can validate this once, because of packed & coders
-const OutScript = validate(_OutScript, (i) => {
-    if (i.type === 'pk' && !isValidPubkey(i.pubkey, PubT.ecdsa))
-        throw new Error('OutScript/pk: wrong key');
-    if ((i.type === 'pkh' || i.type === 'sh' || i.type === 'wpkh') &&
-        (!isBytes(i.hash) || i.hash.length !== 20))
-        throw new Error(`OutScript/${i.type}: wrong hash`);
-    if (i.type === 'wsh' && (!isBytes(i.hash) || i.hash.length !== 32))
-        throw new Error(`OutScript/wsh: wrong hash`);
-    if (i.type === 'tr' && (!isBytes(i.pubkey) || !isValidPubkey(i.pubkey, PubT.schnorr)))
-        throw new Error('OutScript/tr: wrong taproot public key');
-    if (i.type === 'ms' || i.type === 'tr_ns' || i.type === 'tr_ms')
-        if (!Array.isArray(i.pubkeys))
-            throw new Error('OutScript/multisig: wrong pubkeys array');
-    if (i.type === 'ms') {
-        const n = i.pubkeys.length;
-        for (const p of i.pubkeys)
-            if (!isValidPubkey(p, PubT.ecdsa))
-                throw new Error('OutScript/multisig: wrong pubkey');
-        if (i.m <= 0 || n > 16 || i.m > n)
-            throw new Error('OutScript/multisig: invalid params');
-    }
-    if (i.type === 'tr_ns' || i.type === 'tr_ms') {
-        for (const p of i.pubkeys)
-            if (!isValidPubkey(p, PubT.schnorr))
-                throw new Error(`OutScript/${i.type}: wrong pubkey`);
-    }
-    if (i.type === 'tr_ms') {
-        const n = i.pubkeys.length;
-        if (i.m <= 0 || n > 999 || i.m > n)
-            throw new Error('OutScript/tr_ms: invalid params');
-    }
-    return i;
-});
-// Basic sanity check for scripts
-function checkWSH(s, witnessScript) {
-    if (!equalBytes(s.hash, sha256$1(witnessScript)))
-        throw new Error('checkScript: wsh wrong witnessScript hash');
-    const w = OutScript.decode(witnessScript);
-    if (w.type === 'tr' || w.type === 'tr_ns' || w.type === 'tr_ms')
-        throw new Error(`checkScript: P2${w.type} cannot be wrapped in P2SH`);
-    if (w.type === 'wpkh' || w.type === 'sh')
-        throw new Error(`checkScript: P2${w.type} cannot be wrapped in P2WSH`);
-}
-function checkScript(script, redeemScript, witnessScript) {
-    if (script) {
-        const s = OutScript.decode(script);
-        // ms||pk maybe work, but there will be no address, hard to spend
-        if (s.type === 'tr_ns' || s.type === 'tr_ms' || s.type === 'ms' || s.type == 'pk')
-            throw new Error(`checkScript: non-wrapped ${s.type}`);
-        if (s.type === 'sh' && redeemScript) {
-            if (!equalBytes(s.hash, hash160(redeemScript)))
-                throw new Error('checkScript: sh wrong redeemScript hash');
-            const r = OutScript.decode(redeemScript);
-            if (r.type === 'tr' || r.type === 'tr_ns' || r.type === 'tr_ms')
-                throw new Error(`checkScript: P2${r.type} cannot be wrapped in P2SH`);
-            // Not sure if this unspendable, but we cannot represent this via PSBT
-            if (r.type === 'sh')
-                throw new Error('checkScript: P2SH cannot be wrapped in P2SH');
-        }
-        if (s.type === 'wsh' && witnessScript)
-            checkWSH(s, witnessScript);
-    }
-    if (redeemScript) {
-        const r = OutScript.decode(redeemScript);
-        if (r.type === 'wsh' && witnessScript)
-            checkWSH(r, witnessScript);
-    }
-}
-const TAP_LEAF_VERSION = 0xc0;
-const tapLeafHash = (script, version = TAP_LEAF_VERSION) => tagSchnorr('TapLeaf', new Uint8Array([version]), VarBytes.encode(script));
-const base58check = createBase58check(sha256$1);
-function validateWitness(version, data) {
-    if (data.length < 2 || data.length > 40)
-        throw new Error('Witness: invalid length');
-    if (version > 16)
-        throw new Error('Witness: invalid version');
-    if (version === 0 && !(data.length === 20 || data.length === 32))
-        throw new Error('Witness: invalid length for version');
-}
-function programToWitness(version, data, network = NETWORK) {
-    validateWitness(version, data);
-    const coder = version === 0 ? bech32 : bech32m;
-    return coder.encode(network.bech32, [version].concat(coder.toWords(data)));
-}
-function formatKey(hashed, prefix) {
-    return base58check.encode(concatBytes(Uint8Array.from(prefix), hashed));
-}
-// Returns OutType, which can be used to create outscript
-function Address(network = NETWORK) {
-    return {
-        encode(from) {
-            const { type } = from;
-            if (type === 'wpkh')
-                return programToWitness(0, from.hash, network);
-            else if (type === 'wsh')
-                return programToWitness(0, from.hash, network);
-            else if (type === 'tr')
-                return programToWitness(1, from.pubkey, network);
-            else if (type === 'pkh')
-                return formatKey(from.hash, [network.pubKeyHash]);
-            else if (type === 'sh')
-                return formatKey(from.hash, [network.scriptHash]);
-            throw new Error(`Unknown address type=${type}`);
-        },
-        decode(address) {
-            if (address.length < 14 || address.length > 74)
-                throw new Error('Invalid address length');
-            // Bech32
-            if (network.bech32 && address.toLowerCase().startsWith(`${network.bech32}1`)) {
-                let res;
-                try {
-                    res = bech32.decode(address);
-                    if (res.words[0] !== 0)
-                        throw new Error(`bech32: wrong version=${res.words[0]}`);
-                }
-                catch (_) {
-                    // Starting from version 1 it is decoded as bech32m
-                    res = bech32m.decode(address);
-                    if (res.words[0] === 0)
-                        throw new Error(`bech32m: wrong version=${res.words[0]}`);
-                }
-                if (res.prefix !== network.bech32)
-                    throw new Error(`wrong bech32 prefix=${res.prefix}`);
-                const [version, ...program] = res.words;
-                const data = bech32.fromWords(program);
-                validateWitness(version, data);
-                if (version === 0 && data.length === 32)
-                    return { type: 'wsh', hash: data };
-                else if (version === 0 && data.length === 20)
-                    return { type: 'wpkh', hash: data };
-                else if (version === 1 && data.length === 32)
-                    return { type: 'tr', pubkey: data };
-                else
-                    throw new Error('Unknown witness program');
-            }
-            const data = base58check.decode(address);
-            if (data.length !== 21)
-                throw new Error('Invalid base58 address');
-            // Pay To Public Key Hash
-            if (data[0] === network.pubKeyHash) {
-                return { type: 'pkh', hash: data.slice(1) };
-            }
-            else if (data[0] === network.scriptHash) {
-                return {
-                    type: 'sh',
-                    hash: data.slice(1),
-                };
-            }
-            throw new Error(`Invalid address prefix=${data[0]}`);
-        },
-    };
-}
-
-const EMPTY32 = new Uint8Array(32);
-const EMPTY_OUTPUT = {
-    amount: 0xffffffffffffffffn,
-    script: EMPTY,
-};
-const toVsize = (weight) => Math.ceil(weight / 4);
-const PRECISION = 8;
-const DEFAULT_VERSION$2 = 2;
-const DEFAULT_LOCKTIME = 0;
-const DEFAULT_SEQUENCE = 4294967295;
-coders.decimal(PRECISION);
-// Same as value || def, but doesn't overwrites zero ('0', 0, 0n, etc)
-const def = (value, def) => (value === undefined ? def : value);
-function cloneDeep(obj) {
-    if (Array.isArray(obj))
-        return obj.map((i) => cloneDeep(i));
-    // slice of nodejs Buffer doesn't copy
-    else if (isBytes(obj))
-        return Uint8Array.from(obj);
-    // immutable
-    else if (['number', 'bigint', 'boolean', 'string', 'undefined'].includes(typeof obj))
-        return obj;
-    // null is object
-    else if (obj === null)
-        return obj;
-    // should be last, so it won't catch other types
-    else if (typeof obj === 'object') {
-        return Object.fromEntries(Object.entries(obj).map(([k, v]) => [k, cloneDeep(v)]));
-    }
-    throw new Error(`cloneDeep: unknown type=${obj} (${typeof obj})`);
-}
-/**
- * Internal, exported only for backwards-compat. Use `SigHash` instead.
- * @deprecated
- */
-var SignatureHash;
-(function (SignatureHash) {
-    SignatureHash[SignatureHash["DEFAULT"] = 0] = "DEFAULT";
-    SignatureHash[SignatureHash["ALL"] = 1] = "ALL";
-    SignatureHash[SignatureHash["NONE"] = 2] = "NONE";
-    SignatureHash[SignatureHash["SINGLE"] = 3] = "SINGLE";
-    SignatureHash[SignatureHash["ANYONECANPAY"] = 128] = "ANYONECANPAY";
-})(SignatureHash || (SignatureHash = {}));
-var SigHash;
-(function (SigHash) {
-    SigHash[SigHash["DEFAULT"] = 0] = "DEFAULT";
-    SigHash[SigHash["ALL"] = 1] = "ALL";
-    SigHash[SigHash["NONE"] = 2] = "NONE";
-    SigHash[SigHash["SINGLE"] = 3] = "SINGLE";
-    SigHash[SigHash["DEFAULT_ANYONECANPAY"] = 128] = "DEFAULT_ANYONECANPAY";
-    SigHash[SigHash["ALL_ANYONECANPAY"] = 129] = "ALL_ANYONECANPAY";
-    SigHash[SigHash["NONE_ANYONECANPAY"] = 130] = "NONE_ANYONECANPAY";
-    SigHash[SigHash["SINGLE_ANYONECANPAY"] = 131] = "SINGLE_ANYONECANPAY";
-})(SigHash || (SigHash = {}));
-function getTaprootKeys(privKey, pubKey, internalKey, merkleRoot = EMPTY) {
-    if (equalBytes(internalKey, pubKey)) {
-        privKey = taprootTweakPrivKey(privKey, merkleRoot);
-        pubKey = pubSchnorr(privKey);
-    }
-    return { privKey, pubKey };
-}
-// Force check amount/script
-function outputBeforeSign(i) {
-    if (i.script === undefined || i.amount === undefined)
-        throw new Error('Transaction/output: script and amount required');
-    return { script: i.script, amount: i.amount };
-}
-// Force check index/txid/sequence
-function inputBeforeSign(i) {
-    if (i.txid === undefined || i.index === undefined)
-        throw new Error('Transaction/input: txid and index required');
-    return {
-        txid: i.txid,
-        index: i.index,
-        sequence: def(i.sequence, DEFAULT_SEQUENCE),
-        finalScriptSig: def(i.finalScriptSig, EMPTY),
-    };
-}
-function cleanFinalInput(i) {
-    for (const _k in i) {
-        const k = _k;
-        if (!PSBTInputFinalKeys.includes(k))
-            delete i[k];
-    }
-}
-// (TxHash, Idx)
-const TxHashIdx = struct({ txid: createBytes(32, true), index: U32LE });
-function validateSigHash(s) {
-    if (typeof s !== 'number' || typeof SigHash[s] !== 'string')
-        throw new Error(`Invalid SigHash=${s}`);
-    return s;
-}
-function unpackSighash(hashType) {
-    const masked = hashType & 0b0011111;
-    return {
-        isAny: !!(hashType & SignatureHash.ANYONECANPAY),
-        isNone: masked === SignatureHash.NONE,
-        isSingle: masked === SignatureHash.SINGLE,
-    };
-}
-function validateOpts(opts) {
-    if (opts !== undefined && {}.toString.call(opts) !== '[object Object]')
-        throw new Error(`Wrong object type for transaction options: ${opts}`);
-    const _opts = {
-        ...opts,
-        // Defaults
-        version: def(opts.version, DEFAULT_VERSION$2),
-        lockTime: def(opts.lockTime, 0),
-        PSBTVersion: def(opts.PSBTVersion, 0),
-    };
-    if (typeof _opts.allowUnknowInput !== 'undefined')
-        opts.allowUnknownInputs = _opts.allowUnknowInput;
-    if (typeof _opts.allowUnknowOutput !== 'undefined')
-        opts.allowUnknownOutputs = _opts.allowUnknowOutput;
-    if (typeof _opts.lockTime !== 'number')
-        throw new Error('Transaction lock time should be number');
-    U32LE.encode(_opts.lockTime); // Additional range checks that lockTime
-    // There is no PSBT v1, and any new version will probably have fields which we don't know how to parse, which
-    // can lead to constructing broken transactions
-    if (_opts.PSBTVersion !== 0 && _opts.PSBTVersion !== 2)
-        throw new Error(`Unknown PSBT version ${_opts.PSBTVersion}`);
-    // Flags
-    for (const k of [
-        'allowUnknownVersion',
-        'allowUnknownOutputs',
-        'allowUnknownInputs',
-        'disableScriptCheck',
-        'bip174jsCompat',
-        'allowLegacyWitnessUtxo',
-        'lowR',
-    ]) {
-        const v = _opts[k];
-        if (v === undefined)
-            continue; // optional
-        if (typeof v !== 'boolean')
-            throw new Error(`Transation options wrong type: ${k}=${v} (${typeof v})`);
-    }
-    // 0 and -1 happens in tests
-    if (_opts.allowUnknownVersion
-        ? typeof _opts.version === 'number'
-        : ![-1, 0, 1, 2, 3].includes(_opts.version))
-        throw new Error(`Unknown version: ${_opts.version}`);
-    if (_opts.customScripts !== undefined) {
-        const cs = _opts.customScripts;
-        if (!Array.isArray(cs)) {
-            throw new Error(`wrong custom scripts type (expected array): customScripts=${cs} (${typeof cs})`);
-        }
-        for (const s of cs) {
-            if (typeof s.encode !== 'function' || typeof s.decode !== 'function')
-                throw new Error(`wrong script=${s} (${typeof s})`);
-            if (s.finalizeTaproot !== undefined && typeof s.finalizeTaproot !== 'function')
-                throw new Error(`wrong script=${s} (${typeof s})`);
-        }
-    }
-    return Object.freeze(_opts);
-}
-// NOTE: we cannot do this inside PSBTInput coder, because there is no index/txid at this point!
-function validateInput(i) {
-    if (i.nonWitnessUtxo && i.index !== undefined) {
-        const last = i.nonWitnessUtxo.outputs.length - 1;
-        if (i.index > last)
-            throw new Error(`validateInput: index(${i.index}) not in nonWitnessUtxo`);
-        const prevOut = i.nonWitnessUtxo.outputs[i.index];
-        if (i.witnessUtxo &&
-            (!equalBytes(i.witnessUtxo.script, prevOut.script) || i.witnessUtxo.amount !== prevOut.amount))
-            throw new Error('validateInput: witnessUtxo different from nonWitnessUtxo');
-        if (i.txid) {
-            const outputs = i.nonWitnessUtxo.outputs;
-            if (outputs.length - 1 < i.index)
-                throw new Error('nonWitnessUtxo: incorect output index');
-            // At this point, we are using previous tx output to create new input.
-            // Script safety checks are unnecessary:
-            // - User has no control over previous tx. If somebody send money in same tx
-            //   as unspendable output, we still want user able to spend money
-            // - We still want some checks to notify user about possible errors early
-            //   in case user wants to use wrong input by mistake
-            // - Worst case: tx will be rejected by nodes. Still better than disallowing user
-            //   to spend real input, no matter how broken it looks
-            const tx = Transaction.fromRaw(RawTx.encode(i.nonWitnessUtxo), {
-                allowUnknownOutputs: true,
-                disableScriptCheck: true,
-                allowUnknownInputs: true,
-            });
-            const txid = hex.encode(i.txid);
-            // PSBTv2 vectors have non-final tx in inputs
-            if (tx.isFinal && tx.id !== txid)
-                throw new Error(`nonWitnessUtxo: wrong txid, exp=${txid} got=${tx.id}`);
-        }
-    }
-    return i;
-}
-// Normalizes input
-function getPrevOut(input) {
-    if (input.nonWitnessUtxo) {
-        if (input.index === undefined)
-            throw new Error('Unknown input index');
-        return input.nonWitnessUtxo.outputs[input.index];
-    }
-    else if (input.witnessUtxo)
-        return input.witnessUtxo;
-    else
-        throw new Error('Cannot find previous output info');
-}
-function normalizeInput(i, cur, allowedFields, disableScriptCheck = false, allowUnknown = false) {
-    let { nonWitnessUtxo, txid } = i;
-    // String support for common fields. We usually prefer Uint8Array to avoid errors
-    // like hex looking string accidentally passed, however, in case of nonWitnessUtxo
-    // it is better to expect string, since constructing this complex object will be
-    // difficult for user
-    if (typeof nonWitnessUtxo === 'string')
-        nonWitnessUtxo = hex.decode(nonWitnessUtxo);
-    if (isBytes(nonWitnessUtxo))
-        nonWitnessUtxo = RawTx.decode(nonWitnessUtxo);
-    if (!('nonWitnessUtxo' in i) && nonWitnessUtxo === undefined)
-        nonWitnessUtxo = cur?.nonWitnessUtxo;
-    if (typeof txid === 'string')
-        txid = hex.decode(txid);
-    // TODO: if we have nonWitnessUtxo, we can extract txId from here
-    if (txid === undefined)
-        txid = cur?.txid;
-    let res = { ...cur, ...i, nonWitnessUtxo, txid };
-    if (!('nonWitnessUtxo' in i) && res.nonWitnessUtxo === undefined)
-        delete res.nonWitnessUtxo;
-    if (res.sequence === undefined)
-        res.sequence = DEFAULT_SEQUENCE;
-    if (res.tapMerkleRoot === null)
-        delete res.tapMerkleRoot;
-    res = mergeKeyMap(PSBTInput, res, cur, allowedFields, allowUnknown);
-    PSBTInputCoder.encode(res); // Validates that everything is correct at this point
-    let prevOut;
-    if (res.nonWitnessUtxo && res.index !== undefined)
-        prevOut = res.nonWitnessUtxo.outputs[res.index];
-    else if (res.witnessUtxo)
-        prevOut = res.witnessUtxo;
-    if (prevOut && !disableScriptCheck)
-        checkScript(prevOut && prevOut.script, res.redeemScript, res.witnessScript);
-    return res;
-}
-function getInputType(input, allowLegacyWitnessUtxo = false) {
-    let txType = 'legacy';
-    let defaultSighash = SignatureHash.ALL;
-    const prevOut = getPrevOut(input);
-    const first = OutScript.decode(prevOut.script);
-    let type = first.type;
-    let cur = first;
-    const stack = [first];
-    if (first.type === 'tr') {
-        defaultSighash = SignatureHash.DEFAULT;
-        return {
-            txType: 'taproot',
-            type: 'tr',
-            last: first,
-            lastScript: prevOut.script,
-            defaultSighash,
-            sighash: input.sighashType || defaultSighash,
-        };
-    }
-    else {
-        if (first.type === 'wpkh' || first.type === 'wsh')
-            txType = 'segwit';
-        if (first.type === 'sh') {
-            if (!input.redeemScript)
-                throw new Error('inputType: sh without redeemScript');
-            let child = OutScript.decode(input.redeemScript);
-            if (child.type === 'wpkh' || child.type === 'wsh')
-                txType = 'segwit';
-            stack.push(child);
-            cur = child;
-            type += `-${child.type}`;
-        }
-        // wsh can be inside sh
-        if (cur.type === 'wsh') {
-            if (!input.witnessScript)
-                throw new Error('inputType: wsh without witnessScript');
-            let child = OutScript.decode(input.witnessScript);
-            if (child.type === 'wsh')
-                txType = 'segwit';
-            stack.push(child);
-            cur = child;
-            type += `-${child.type}`;
-        }
-        const last = stack[stack.length - 1];
-        if (last.type === 'sh' || last.type === 'wsh')
-            throw new Error('inputType: sh/wsh cannot be terminal type');
-        const lastScript = OutScript.encode(last);
-        const res = {
-            type,
-            txType,
-            last,
-            lastScript,
-            defaultSighash,
-            sighash: input.sighashType || defaultSighash,
-        };
-        if (txType === 'legacy' && !allowLegacyWitnessUtxo && !input.nonWitnessUtxo) {
-            throw new Error(`Transaction/sign: legacy input without nonWitnessUtxo, can result in attack that forces paying higher fees. Pass allowLegacyWitnessUtxo=true, if you sure`);
-        }
-        return res;
-    }
-}
-class Transaction {
-    constructor(opts = {}) {
-        this.global = {};
-        this.inputs = []; // use getInput()
-        this.outputs = []; // use getOutput()
-        const _opts = (this.opts = validateOpts(opts));
-        // Merge with global structure of PSBTv2
-        if (_opts.lockTime !== DEFAULT_LOCKTIME)
-            this.global.fallbackLocktime = _opts.lockTime;
-        this.global.txVersion = _opts.version;
-    }
-    // Import
-    static fromRaw(raw, opts = {}) {
-        const parsed = RawTx.decode(raw);
-        const tx = new Transaction({ ...opts, version: parsed.version, lockTime: parsed.lockTime });
-        for (const o of parsed.outputs)
-            tx.addOutput(o);
-        tx.outputs = parsed.outputs;
-        tx.inputs = parsed.inputs;
-        if (parsed.witnesses) {
-            for (let i = 0; i < parsed.witnesses.length; i++)
-                tx.inputs[i].finalScriptWitness = parsed.witnesses[i];
-        }
-        return tx;
-    }
-    // PSBT
-    static fromPSBT(psbt_, opts = {}) {
-        let parsed;
-        try {
-            parsed = RawPSBTV0.decode(psbt_);
-        }
-        catch (e0) {
-            try {
-                parsed = RawPSBTV2.decode(psbt_);
-            }
-            catch (e2) {
-                // Throw error for v0 parsing, since it popular, otherwise it would be shadowed by v2 error
-                throw e0;
-            }
-        }
-        const PSBTVersion = parsed.global.version || 0;
-        if (PSBTVersion !== 0 && PSBTVersion !== 2)
-            throw new Error(`Wrong PSBT version=${PSBTVersion}`);
-        const unsigned = parsed.global.unsignedTx;
-        const version = PSBTVersion === 0 ? unsigned?.version : parsed.global.txVersion;
-        const lockTime = PSBTVersion === 0 ? unsigned?.lockTime : parsed.global.fallbackLocktime;
-        const tx = new Transaction({ ...opts, version, lockTime, PSBTVersion });
-        // We need slice here, because otherwise
-        const inputCount = PSBTVersion === 0 ? unsigned?.inputs.length : parsed.global.inputCount;
-        tx.inputs = parsed.inputs.slice(0, inputCount).map((i, j) => validateInput({
-            finalScriptSig: EMPTY,
-            ...parsed.global.unsignedTx?.inputs[j],
-            ...i,
-        }));
-        const outputCount = PSBTVersion === 0 ? unsigned?.outputs.length : parsed.global.outputCount;
-        tx.outputs = parsed.outputs.slice(0, outputCount).map((i, j) => ({
-            ...i,
-            ...parsed.global.unsignedTx?.outputs[j],
-        }));
-        tx.global = { ...parsed.global, txVersion: version }; // just in case proprietary/unknown fields
-        if (lockTime !== DEFAULT_LOCKTIME)
-            tx.global.fallbackLocktime = lockTime;
-        return tx;
-    }
-    toPSBT(PSBTVersion = this.opts.PSBTVersion) {
-        if (PSBTVersion !== 0 && PSBTVersion !== 2)
-            throw new Error(`Wrong PSBT version=${PSBTVersion}`);
-        // if (PSBTVersion === 0 && this.inputs.length === 0) {
-        //   throw new Error(
-        //     'PSBT version=0 export for transaction without inputs disabled, please use version=2. Please check `toPSBT` method for explanation.'
-        //   );
-        // }
-        const inputs = this.inputs.map((i) => validateInput(cleanPSBTFields(PSBTVersion, PSBTInput, i)));
-        for (const inp of inputs) {
-            // Don't serialize empty fields
-            if (inp.partialSig && !inp.partialSig.length)
-                delete inp.partialSig;
-            if (inp.finalScriptSig && !inp.finalScriptSig.length)
-                delete inp.finalScriptSig;
-            if (inp.finalScriptWitness && !inp.finalScriptWitness.length)
-                delete inp.finalScriptWitness;
-        }
-        const outputs = this.outputs.map((i) => cleanPSBTFields(PSBTVersion, PSBTOutput, i));
-        const global = { ...this.global };
-        if (PSBTVersion === 0) {
-            /*
-            - Bitcoin raw transaction expects to have at least 1 input because it uses case with zero inputs as marker for SegWit
-            - this means we cannot serialize raw tx with zero inputs since it will be parsed as SegWit tx
-            - Parsing of PSBTv0 depends on unsignedTx (it looks for input count here)
-            - BIP-174 requires old serialization format (without witnesses) inside global, which solves this
-            */
-            global.unsignedTx = RawOldTx.decode(RawOldTx.encode({
-                version: this.version,
-                lockTime: this.lockTime,
-                inputs: this.inputs.map(inputBeforeSign).map((i) => ({
-                    ...i,
-                    finalScriptSig: EMPTY,
-                })),
-                outputs: this.outputs.map(outputBeforeSign),
-            }));
-            delete global.fallbackLocktime;
-            delete global.txVersion;
-        }
-        else {
-            global.version = PSBTVersion;
-            global.txVersion = this.version;
-            global.inputCount = this.inputs.length;
-            global.outputCount = this.outputs.length;
-            if (global.fallbackLocktime && global.fallbackLocktime === DEFAULT_LOCKTIME)
-                delete global.fallbackLocktime;
-        }
-        if (this.opts.bip174jsCompat) {
-            if (!inputs.length)
-                inputs.push({});
-            if (!outputs.length)
-                outputs.push({});
-        }
-        return (PSBTVersion === 0 ? RawPSBTV0 : RawPSBTV2).encode({
-            global,
-            inputs,
-            outputs,
-        });
-    }
-    // BIP370 lockTime (https://github.com/bitcoin/bips/blob/master/bip-0370.mediawiki#determining-lock-time)
-    get lockTime() {
-        let height = DEFAULT_LOCKTIME;
-        let heightCnt = 0;
-        let time = DEFAULT_LOCKTIME;
-        let timeCnt = 0;
-        for (const i of this.inputs) {
-            if (i.requiredHeightLocktime) {
-                height = Math.max(height, i.requiredHeightLocktime);
-                heightCnt++;
-            }
-            if (i.requiredTimeLocktime) {
-                time = Math.max(time, i.requiredTimeLocktime);
-                timeCnt++;
-            }
-        }
-        if (heightCnt && heightCnt >= timeCnt)
-            return height;
-        if (time !== DEFAULT_LOCKTIME)
-            return time;
-        return this.global.fallbackLocktime || DEFAULT_LOCKTIME;
-    }
-    get version() {
-        // Should be not possible
-        if (this.global.txVersion === undefined)
-            throw new Error('No global.txVersion');
-        return this.global.txVersion;
-    }
-    inputStatus(idx) {
-        this.checkInputIdx(idx);
-        const input = this.inputs[idx];
-        // Finalized
-        if (input.finalScriptSig && input.finalScriptSig.length)
-            return 'finalized';
-        if (input.finalScriptWitness && input.finalScriptWitness.length)
-            return 'finalized';
-        // Signed taproot
-        if (input.tapKeySig)
-            return 'signed';
-        if (input.tapScriptSig && input.tapScriptSig.length)
-            return 'signed';
-        // Signed
-        if (input.partialSig && input.partialSig.length)
-            return 'signed';
-        return 'unsigned';
-    }
-    // Cannot replace unpackSighash, tests rely on very generic implemenetation with signing inputs outside of range
-    // We will lose some vectors -> smaller test coverage of preimages (very important!)
-    inputSighash(idx) {
-        this.checkInputIdx(idx);
-        const inputSighash = this.inputs[idx].sighashType;
-        const sighash = inputSighash === undefined ? SignatureHash.DEFAULT : inputSighash;
-        // ALL or DEFAULT -- everything signed
-        // NONE           -- all inputs + no outputs
-        // SINGLE         -- all inputs + output with same index
-        // ALL + ANYONE   -- specific input + all outputs
-        // NONE + ANYONE  -- specific input + no outputs
-        // SINGLE         -- specific inputs + output with same index
-        const sigOutputs = sighash === SignatureHash.DEFAULT ? SignatureHash.ALL : sighash & 0b11;
-        const sigInputs = sighash & SignatureHash.ANYONECANPAY;
-        return { sigInputs, sigOutputs };
-    }
-    // Very nice for debug purposes, but slow. If there is too much inputs/outputs to add, will be quadratic.
-    // Some cache will be nice, but there chance to have bugs with cache invalidation
-    signStatus() {
-        // if addInput or addOutput is not possible, then all inputs or outputs are signed
-        let addInput = true, addOutput = true;
-        let inputs = [], outputs = [];
-        for (let idx = 0; idx < this.inputs.length; idx++) {
-            const status = this.inputStatus(idx);
-            // Unsigned input doesn't affect anything
-            if (status === 'unsigned')
-                continue;
-            const { sigInputs, sigOutputs } = this.inputSighash(idx);
-            // Input type
-            if (sigInputs === SignatureHash.ANYONECANPAY)
-                inputs.push(idx);
-            else
-                addInput = false;
-            // Output type
-            if (sigOutputs === SignatureHash.ALL)
-                addOutput = false;
-            else if (sigOutputs === SignatureHash.SINGLE)
-                outputs.push(idx);
-            else if (sigOutputs === SignatureHash.NONE) ;
-            else
-                throw new Error(`Wrong signature hash output type: ${sigOutputs}`);
-        }
-        return { addInput, addOutput, inputs, outputs };
-    }
-    get isFinal() {
-        for (let idx = 0; idx < this.inputs.length; idx++)
-            if (this.inputStatus(idx) !== 'finalized')
-                return false;
-        return true;
-    }
-    // Info utils
-    get hasWitnesses() {
-        let out = false;
-        for (const i of this.inputs)
-            if (i.finalScriptWitness && i.finalScriptWitness.length)
-                out = true;
-        return out;
-    }
-    // https://en.bitcoin.it/wiki/Weight_units
-    get weight() {
-        if (!this.isFinal)
-            throw new Error('Transaction is not finalized');
-        let out = 32;
-        // Outputs
-        const outputs = this.outputs.map(outputBeforeSign);
-        out += 4 * CompactSizeLen.encode(this.outputs.length).length;
-        for (const o of outputs)
-            out += 32 + 4 * VarBytes.encode(o.script).length;
-        // Inputs
-        if (this.hasWitnesses)
-            out += 2;
-        out += 4 * CompactSizeLen.encode(this.inputs.length).length;
-        for (const i of this.inputs) {
-            out += 160 + 4 * VarBytes.encode(i.finalScriptSig || EMPTY).length;
-            if (this.hasWitnesses && i.finalScriptWitness)
-                out += RawWitness.encode(i.finalScriptWitness).length;
-        }
-        return out;
-    }
-    get vsize() {
-        return toVsize(this.weight);
-    }
-    toBytes(withScriptSig = false, withWitness = false) {
-        return RawTx.encode({
-            version: this.version,
-            lockTime: this.lockTime,
-            inputs: this.inputs.map(inputBeforeSign).map((i) => ({
-                ...i,
-                finalScriptSig: (withScriptSig && i.finalScriptSig) || EMPTY,
-            })),
-            outputs: this.outputs.map(outputBeforeSign),
-            witnesses: this.inputs.map((i) => i.finalScriptWitness || []),
-            segwitFlag: withWitness && this.hasWitnesses,
-        });
-    }
-    get unsignedTx() {
-        return this.toBytes(false, false);
-    }
-    get hex() {
-        return hex.encode(this.toBytes(true, this.hasWitnesses));
-    }
-    get hash() {
-        if (!this.isFinal)
-            throw new Error('Transaction is not finalized');
-        return hex.encode(sha256x2(this.toBytes(true)));
-    }
-    get id() {
-        if (!this.isFinal)
-            throw new Error('Transaction is not finalized');
-        return hex.encode(sha256x2(this.toBytes(true)).reverse());
-    }
-    // Input stuff
-    checkInputIdx(idx) {
-        if (!Number.isSafeInteger(idx) || 0 > idx || idx >= this.inputs.length)
-            throw new Error(`Wrong input index=${idx}`);
-    }
-    getInput(idx) {
-        this.checkInputIdx(idx);
-        return cloneDeep(this.inputs[idx]);
-    }
-    get inputsLength() {
-        return this.inputs.length;
-    }
-    // Modification
-    addInput(input, _ignoreSignStatus = false) {
-        if (!_ignoreSignStatus && !this.signStatus().addInput)
-            throw new Error('Tx has signed inputs, cannot add new one');
-        this.inputs.push(normalizeInput(input, undefined, undefined, this.opts.disableScriptCheck));
-        return this.inputs.length - 1;
-    }
-    updateInput(idx, input, _ignoreSignStatus = false) {
-        this.checkInputIdx(idx);
-        let allowedFields = undefined;
-        if (!_ignoreSignStatus) {
-            const status = this.signStatus();
-            if (!status.addInput || status.inputs.includes(idx))
-                allowedFields = PSBTInputUnsignedKeys;
-        }
-        this.inputs[idx] = normalizeInput(input, this.inputs[idx], allowedFields, this.opts.disableScriptCheck, this.opts.allowUnknown);
-    }
-    // Output stuff
-    checkOutputIdx(idx) {
-        if (!Number.isSafeInteger(idx) || 0 > idx || idx >= this.outputs.length)
-            throw new Error(`Wrong output index=${idx}`);
-    }
-    getOutput(idx) {
-        this.checkOutputIdx(idx);
-        return cloneDeep(this.outputs[idx]);
-    }
-    getOutputAddress(idx, network = NETWORK) {
-        const out = this.getOutput(idx);
-        if (!out.script)
-            return;
-        return Address(network).encode(OutScript.decode(out.script));
-    }
-    get outputsLength() {
-        return this.outputs.length;
-    }
-    normalizeOutput(o, cur, allowedFields) {
-        let { amount, script } = o;
-        if (amount === undefined)
-            amount = cur?.amount;
-        if (typeof amount !== 'bigint')
-            throw new Error(`Wrong amount type, should be of type bigint in sats, but got ${amount} of type ${typeof amount}`);
-        if (typeof script === 'string')
-            script = hex.decode(script);
-        if (script === undefined)
-            script = cur?.script;
-        let res = { ...cur, ...o, amount, script };
-        if (res.amount === undefined)
-            delete res.amount;
-        res = mergeKeyMap(PSBTOutput, res, cur, allowedFields, this.opts.allowUnknown);
-        PSBTOutputCoder.encode(res);
-        if (res.script &&
-            !this.opts.allowUnknownOutputs &&
-            OutScript.decode(res.script).type === 'unknown') {
-            throw new Error('Transaction/output: unknown output script type, there is a chance that input is unspendable. Pass allowUnknownOutputs=true, if you sure');
-        }
-        if (!this.opts.disableScriptCheck)
-            checkScript(res.script, res.redeemScript, res.witnessScript);
-        return res;
-    }
-    addOutput(o, _ignoreSignStatus = false) {
-        if (!_ignoreSignStatus && !this.signStatus().addOutput)
-            throw new Error('Tx has signed outputs, cannot add new one');
-        this.outputs.push(this.normalizeOutput(o));
-        return this.outputs.length - 1;
-    }
-    updateOutput(idx, output, _ignoreSignStatus = false) {
-        this.checkOutputIdx(idx);
-        let allowedFields = undefined;
-        if (!_ignoreSignStatus) {
-            const status = this.signStatus();
-            if (!status.addOutput || status.outputs.includes(idx))
-                allowedFields = PSBTOutputUnsignedKeys;
-        }
-        this.outputs[idx] = this.normalizeOutput(output, this.outputs[idx], allowedFields);
-    }
-    addOutputAddress(address, amount, network = NETWORK) {
-        return this.addOutput({ script: OutScript.encode(Address(network).decode(address)), amount });
-    }
-    // Utils
-    get fee() {
-        let res = 0n;
-        for (const i of this.inputs) {
-            const prevOut = getPrevOut(i);
-            if (!prevOut)
-                throw new Error('Empty input amount');
-            res += prevOut.amount;
-        }
-        const outputs = this.outputs.map(outputBeforeSign);
-        for (const o of outputs)
-            res -= o.amount;
-        return res;
-    }
-    // Signing
-    // Based on https://github.com/bitcoin/bitcoin/blob/5871b5b5ab57a0caf9b7514eb162c491c83281d5/test/functional/test_framework/script.py#L624
-    // There is optimization opportunity to re-use hashes for multiple inputs for witness v0/v1,
-    // but we are trying to be less complicated for audit purpose for now.
-    preimageLegacy(idx, prevOutScript, hashType) {
-        const { isAny, isNone, isSingle } = unpackSighash(hashType);
-        if (idx < 0 || !Number.isSafeInteger(idx))
-            throw new Error(`Invalid input idx=${idx}`);
-        if ((isSingle && idx >= this.outputs.length) || idx >= this.inputs.length)
-            return U256BE.encode(1n);
-        prevOutScript = Script.encode(Script.decode(prevOutScript).filter((i) => i !== 'CODESEPARATOR'));
-        let inputs = this.inputs
-            .map(inputBeforeSign)
-            .map((input, inputIdx) => ({
-            ...input,
-            finalScriptSig: inputIdx === idx ? prevOutScript : EMPTY,
-        }));
-        if (isAny)
-            inputs = [inputs[idx]];
-        else if (isNone || isSingle) {
-            inputs = inputs.map((input, inputIdx) => ({
-                ...input,
-                sequence: inputIdx === idx ? input.sequence : 0,
-            }));
-        }
-        let outputs = this.outputs.map(outputBeforeSign);
-        if (isNone)
-            outputs = [];
-        else if (isSingle) {
-            outputs = outputs.slice(0, idx).fill(EMPTY_OUTPUT).concat([outputs[idx]]);
-        }
-        const tmpTx = RawTx.encode({
-            lockTime: this.lockTime,
-            version: this.version,
-            segwitFlag: false,
-            inputs,
-            outputs,
-        });
-        return sha256x2(tmpTx, I32LE.encode(hashType));
-    }
-    preimageWitnessV0(idx, prevOutScript, hashType, amount) {
-        const { isAny, isNone, isSingle } = unpackSighash(hashType);
-        let inputHash = EMPTY32;
-        let sequenceHash = EMPTY32;
-        let outputHash = EMPTY32;
-        const inputs = this.inputs.map(inputBeforeSign);
-        const outputs = this.outputs.map(outputBeforeSign);
-        if (!isAny)
-            inputHash = sha256x2(...inputs.map(TxHashIdx.encode));
-        if (!isAny && !isSingle && !isNone)
-            sequenceHash = sha256x2(...inputs.map((i) => U32LE.encode(i.sequence)));
-        if (!isSingle && !isNone) {
-            outputHash = sha256x2(...outputs.map(RawOutput.encode));
-        }
-        else if (isSingle && idx < outputs.length)
-            outputHash = sha256x2(RawOutput.encode(outputs[idx]));
-        const input = inputs[idx];
-        return sha256x2(I32LE.encode(this.version), inputHash, sequenceHash, createBytes(32, true).encode(input.txid), U32LE.encode(input.index), VarBytes.encode(prevOutScript), U64LE.encode(amount), U32LE.encode(input.sequence), outputHash, U32LE.encode(this.lockTime), U32LE.encode(hashType));
-    }
-    preimageWitnessV1(idx, prevOutScript, hashType, amount, codeSeparator = -1, leafScript, leafVer = 0xc0, annex) {
-        if (!Array.isArray(amount) || this.inputs.length !== amount.length)
-            throw new Error(`Invalid amounts array=${amount}`);
-        if (!Array.isArray(prevOutScript) || this.inputs.length !== prevOutScript.length)
-            throw new Error(`Invalid prevOutScript array=${prevOutScript}`);
-        const out = [
-            U8.encode(0),
-            U8.encode(hashType), // U8 sigHash
-            I32LE.encode(this.version),
-            U32LE.encode(this.lockTime),
-        ];
-        const outType = hashType === SignatureHash.DEFAULT ? SignatureHash.ALL : hashType & 0b11;
-        const inType = hashType & SignatureHash.ANYONECANPAY;
-        const inputs = this.inputs.map(inputBeforeSign);
-        const outputs = this.outputs.map(outputBeforeSign);
-        if (inType !== SignatureHash.ANYONECANPAY) {
-            out.push(...[
-                inputs.map(TxHashIdx.encode),
-                amount.map(U64LE.encode),
-                prevOutScript.map(VarBytes.encode),
-                inputs.map((i) => U32LE.encode(i.sequence)),
-            ].map((i) => sha256$1(concatBytes(...i))));
-        }
-        if (outType === SignatureHash.ALL) {
-            out.push(sha256$1(concatBytes(...outputs.map(RawOutput.encode))));
-        }
-        const spendType = (annex ? 1 : 0) | (leafScript ? 2 : 0);
-        out.push(new Uint8Array([spendType]));
-        if (inType === SignatureHash.ANYONECANPAY) {
-            const inp = inputs[idx];
-            out.push(TxHashIdx.encode(inp), U64LE.encode(amount[idx]), VarBytes.encode(prevOutScript[idx]), U32LE.encode(inp.sequence));
-        }
-        else
-            out.push(U32LE.encode(idx));
-        if (spendType & 1)
-            out.push(sha256$1(VarBytes.encode(annex || EMPTY)));
-        if (outType === SignatureHash.SINGLE)
-            out.push(idx < outputs.length ? sha256$1(RawOutput.encode(outputs[idx])) : EMPTY32);
-        if (leafScript)
-            out.push(tapLeafHash(leafScript, leafVer), U8.encode(0), I32LE.encode(codeSeparator));
-        return tagSchnorr('TapSighash', ...out);
-    }
-    // Signer can be privateKey OR instance of bip32 HD stuff
-    signIdx(privateKey, idx, allowedSighash, _auxRand) {
-        this.checkInputIdx(idx);
-        const input = this.inputs[idx];
-        const inputType = getInputType(input, this.opts.allowLegacyWitnessUtxo);
-        // Handle BIP32 HDKey
-        if (!isBytes(privateKey)) {
-            if (!input.bip32Derivation || !input.bip32Derivation.length)
-                throw new Error('bip32Derivation: empty');
-            const signers = input.bip32Derivation
-                .filter((i) => i[1].fingerprint == privateKey.fingerprint)
-                .map(([pubKey, { path }]) => {
-                let s = privateKey;
-                for (const i of path)
-                    s = s.deriveChild(i);
-                if (!equalBytes(s.publicKey, pubKey))
-                    throw new Error('bip32Derivation: wrong pubKey');
-                if (!s.privateKey)
-                    throw new Error('bip32Derivation: no privateKey');
-                return s;
-            });
-            if (!signers.length)
-                throw new Error(`bip32Derivation: no items with fingerprint=${privateKey.fingerprint}`);
-            let signed = false;
-            for (const s of signers)
-                if (this.signIdx(s.privateKey, idx))
-                    signed = true;
-            return signed;
-        }
-        // Sighash checks
-        // Just for compat with bitcoinjs-lib, so users won't face unexpected behaviour.
-        if (!allowedSighash)
-            allowedSighash = [inputType.defaultSighash];
-        else
-            allowedSighash.forEach(validateSigHash);
-        const sighash = inputType.sighash;
-        if (!allowedSighash.includes(sighash)) {
-            throw new Error(`Input with not allowed sigHash=${sighash}. Allowed: ${allowedSighash.join(', ')}`);
-        }
-        // It is possible to sign these inputs for legacy/segwit v0 (but no taproot!),
-        // however this was because of bug in bitcoin-core, which remains here because of consensus.
-        // If this is absolutely neccessary for your case, please open issue.
-        // We disable it to avoid complicated workflow where SINGLE will block adding new outputs
-        const { sigOutputs } = this.inputSighash(idx);
-        if (sigOutputs === SignatureHash.SINGLE && idx >= this.outputs.length) {
-            throw new Error(`Input with sighash SINGLE, but there is no output with corresponding index=${idx}`);
-        }
-        // Actual signing
-        // Taproot
-        const prevOut = getPrevOut(input);
-        if (inputType.txType === 'taproot') {
-            const prevOuts = this.inputs.map(getPrevOut);
-            const prevOutScript = prevOuts.map((i) => i.script);
-            const amount = prevOuts.map((i) => i.amount);
-            let signed = false;
-            let schnorrPub = pubSchnorr(privateKey);
-            let merkleRoot = input.tapMerkleRoot || EMPTY;
-            if (input.tapInternalKey) {
-                // internal + tweak = tweaked key
-                // if internal key == current public key, we need to tweak private key,
-                // otherwise sign as is. bitcoinjs implementation always wants tweaked
-                // priv key to be provided
-                const { pubKey, privKey } = getTaprootKeys(privateKey, schnorrPub, input.tapInternalKey, merkleRoot);
-                const [taprootPubKey, _] = taprootTweakPubkey(input.tapInternalKey, merkleRoot);
-                if (equalBytes(taprootPubKey, pubKey)) {
-                    const hash = this.preimageWitnessV1(idx, prevOutScript, sighash, amount);
-                    const sig = concatBytes(signSchnorr(hash, privKey, _auxRand), sighash !== SignatureHash.DEFAULT ? new Uint8Array([sighash]) : EMPTY);
-                    this.updateInput(idx, { tapKeySig: sig }, true);
-                    signed = true;
-                }
-            }
-            if (input.tapLeafScript) {
-                input.tapScriptSig = input.tapScriptSig || [];
-                for (const [_, _script] of input.tapLeafScript) {
-                    const script = _script.subarray(0, -1);
-                    const scriptDecoded = Script.decode(script);
-                    const ver = _script[_script.length - 1];
-                    const hash = tapLeafHash(script, ver);
-                    // NOTE: no need to tweak internal key here, since we don't support nested p2tr
-                    const pos = scriptDecoded.findIndex((i) => isBytes(i) && equalBytes(i, schnorrPub));
-                    // Skip if there is no public key in tapLeafScript
-                    if (pos === -1)
-                        continue;
-                    const msg = this.preimageWitnessV1(idx, prevOutScript, sighash, amount, undefined, script, ver);
-                    const sig = concatBytes(signSchnorr(msg, privateKey, _auxRand), sighash !== SignatureHash.DEFAULT ? new Uint8Array([sighash]) : EMPTY);
-                    this.updateInput(idx, { tapScriptSig: [[{ pubKey: schnorrPub, leafHash: hash }, sig]] }, true);
-                    signed = true;
-                }
-            }
-            if (!signed)
-                throw new Error('No taproot scripts signed');
-            return true;
-        }
-        else {
-            // only compressed keys are supported for now
-            const pubKey = pubECDSA(privateKey);
-            // TODO: replace with explicit checks
-            // Check if script has public key or its has inside
-            let hasPubkey = false;
-            const pubKeyHash = hash160(pubKey);
-            for (const i of Script.decode(inputType.lastScript)) {
-                if (isBytes(i) && (equalBytes(i, pubKey) || equalBytes(i, pubKeyHash)))
-                    hasPubkey = true;
-            }
-            if (!hasPubkey)
-                throw new Error(`Input script doesn't have pubKey: ${inputType.lastScript}`);
-            let hash;
-            if (inputType.txType === 'legacy') {
-                hash = this.preimageLegacy(idx, inputType.lastScript, sighash);
-            }
-            else if (inputType.txType === 'segwit') {
-                let script = inputType.lastScript;
-                // If wpkh OR sh-wpkh, wsh-wpkh is impossible, so looks ok
-                if (inputType.last.type === 'wpkh')
-                    script = OutScript.encode({ type: 'pkh', hash: inputType.last.hash });
-                hash = this.preimageWitnessV0(idx, script, sighash, prevOut.amount);
-            }
-            else
-                throw new Error(`Transaction/sign: unknown tx type: ${inputType.txType}`);
-            const sig = signECDSA(hash, privateKey, this.opts.lowR);
-            this.updateInput(idx, {
-                partialSig: [[pubKey, concatBytes(sig, new Uint8Array([sighash]))]],
-            }, true);
-        }
-        return true;
-    }
-    // This is bad API. Will work if user creates and signs tx, but if
-    // there is some complex workflow with exchanging PSBT and signing them,
-    // then it is better to validate which output user signs. How could a better API look like?
-    // Example: user adds input, sends to another party, then signs received input (mixer etc),
-    // another user can add different input for same key and user will sign it.
-    // Even worse: another user can add bip32 derivation, and spend money from different address.
-    // Better api: signIdx
-    sign(privateKey, allowedSighash, _auxRand) {
-        let num = 0;
-        for (let i = 0; i < this.inputs.length; i++) {
-            try {
-                if (this.signIdx(privateKey, i, allowedSighash, _auxRand))
-                    num++;
-            }
-            catch (e) { }
-        }
-        if (!num)
-            throw new Error('No inputs signed');
-        return num;
-    }
-    finalizeIdx(idx) {
-        this.checkInputIdx(idx);
-        if (this.fee < 0n)
-            throw new Error('Outputs spends more than inputs amount');
-        const input = this.inputs[idx];
-        const inputType = getInputType(input, this.opts.allowLegacyWitnessUtxo);
-        // Taproot finalize
-        if (inputType.txType === 'taproot') {
-            if (input.tapKeySig)
-                input.finalScriptWitness = [input.tapKeySig];
-            else if (input.tapLeafScript && input.tapScriptSig) {
-                // Sort leafs by control block length.
-                const leafs = input.tapLeafScript.sort((a, b) => TaprootControlBlock.encode(a[0]).length -
-                    TaprootControlBlock.encode(b[0]).length);
-                for (const [cb, _script] of leafs) {
-                    // Last byte is version
-                    const script = _script.slice(0, -1);
-                    const ver = _script[_script.length - 1];
-                    const outScript = OutScript.decode(script);
-                    const hash = tapLeafHash(script, ver);
-                    const scriptSig = input.tapScriptSig.filter((i) => equalBytes(i[0].leafHash, hash));
-                    let signatures = [];
-                    if (outScript.type === 'tr_ms') {
-                        const m = outScript.m;
-                        const pubkeys = outScript.pubkeys;
-                        let added = 0;
-                        for (const pub of pubkeys) {
-                            const sigIdx = scriptSig.findIndex((i) => equalBytes(i[0].pubKey, pub));
-                            // Should have exact amount of signatures (more -- will fail)
-                            if (added === m || sigIdx === -1) {
-                                signatures.push(EMPTY);
-                                continue;
-                            }
-                            signatures.push(scriptSig[sigIdx][1]);
-                            added++;
-                        }
-                        // Should be exact same as m
-                        if (added !== m)
-                            continue;
-                    }
-                    else if (outScript.type === 'tr_ns') {
-                        for (const pub of outScript.pubkeys) {
-                            const sigIdx = scriptSig.findIndex((i) => equalBytes(i[0].pubKey, pub));
-                            if (sigIdx === -1)
-                                continue;
-                            signatures.push(scriptSig[sigIdx][1]);
-                        }
-                        if (signatures.length !== outScript.pubkeys.length)
-                            continue;
-                    }
-                    else if (outScript.type === 'unknown' && this.opts.allowUnknownInputs) {
-                        // Trying our best to sign what we can
-                        const scriptDecoded = Script.decode(script);
-                        signatures = scriptSig
-                            .map(([{ pubKey }, signature]) => {
-                            const pos = scriptDecoded.findIndex((i) => isBytes(i) && equalBytes(i, pubKey));
-                            if (pos === -1)
-                                throw new Error('finalize/taproot: cannot find position of pubkey in script');
-                            return { signature, pos };
-                        })
-                            // Reverse order (because witness is stack and we take last element first from it)
-                            .sort((a, b) => a.pos - b.pos)
-                            .map((i) => i.signature);
-                        if (!signatures.length)
-                            continue;
-                    }
-                    else {
-                        const custom = this.opts.customScripts;
-                        if (custom) {
-                            for (const c of custom) {
-                                if (!c.finalizeTaproot)
-                                    continue;
-                                const scriptDecoded = Script.decode(script);
-                                const csEncoded = c.encode(scriptDecoded);
-                                if (csEncoded === undefined)
-                                    continue;
-                                const finalized = c.finalizeTaproot(script, csEncoded, scriptSig);
-                                if (!finalized)
-                                    continue;
-                                input.finalScriptWitness = finalized.concat(TaprootControlBlock.encode(cb));
-                                input.finalScriptSig = EMPTY;
-                                cleanFinalInput(input);
-                                return;
-                            }
-                        }
-                        throw new Error('Finalize: Unknown tapLeafScript');
-                    }
-                    // Witness is stack, so last element will be used first
-                    input.finalScriptWitness = signatures
-                        .reverse()
-                        .concat([script, TaprootControlBlock.encode(cb)]);
-                    break;
-                }
-                if (!input.finalScriptWitness)
-                    throw new Error('finalize/taproot: empty witness');
-            }
-            else
-                throw new Error('finalize/taproot: unknown input');
-            input.finalScriptSig = EMPTY;
-            cleanFinalInput(input);
-            return;
-        }
-        if (!input.partialSig || !input.partialSig.length)
-            throw new Error('Not enough partial sign');
-        let inputScript = EMPTY;
-        let witness = [];
-        // TODO: move input scripts closer to payments/output scripts
-        // Multisig
-        if (inputType.last.type === 'ms') {
-            const m = inputType.last.m;
-            const pubkeys = inputType.last.pubkeys;
-            let signatures = [];
-            // partial: [pubkey, sign]
-            for (const pub of pubkeys) {
-                const sign = input.partialSig.find((s) => equalBytes(pub, s[0]));
-                if (!sign)
-                    continue;
-                signatures.push(sign[1]);
-            }
-            signatures = signatures.slice(0, m);
-            if (signatures.length !== m) {
-                throw new Error(`Multisig: wrong signatures count, m=${m} n=${pubkeys.length} signatures=${signatures.length}`);
-            }
-            inputScript = Script.encode([0, ...signatures]);
-        }
-        else if (inputType.last.type === 'pk') {
-            inputScript = Script.encode([input.partialSig[0][1]]);
-        }
-        else if (inputType.last.type === 'pkh') {
-            inputScript = Script.encode([input.partialSig[0][1], input.partialSig[0][0]]);
-        }
-        else if (inputType.last.type === 'wpkh') {
-            inputScript = EMPTY;
-            witness = [input.partialSig[0][1], input.partialSig[0][0]];
-        }
-        else if (inputType.last.type === 'unknown' && !this.opts.allowUnknownInputs)
-            throw new Error('Unknown inputs not allowed');
-        // Create final scripts (generic part)
-        let finalScriptSig, finalScriptWitness;
-        if (inputType.type.includes('wsh-')) {
-            // P2WSH
-            if (inputScript.length && inputType.lastScript.length) {
-                witness = Script.decode(inputScript).map((i) => {
-                    if (i === 0)
-                        return EMPTY;
-                    if (isBytes(i))
-                        return i;
-                    throw new Error(`Wrong witness op=${i}`);
-                });
-            }
-            witness = witness.concat(inputType.lastScript);
-        }
-        if (inputType.txType === 'segwit')
-            finalScriptWitness = witness;
-        if (inputType.type.startsWith('sh-wsh-')) {
-            finalScriptSig = Script.encode([Script.encode([0, sha256$1(inputType.lastScript)])]);
-        }
-        else if (inputType.type.startsWith('sh-')) {
-            finalScriptSig = Script.encode([...Script.decode(inputScript), inputType.lastScript]);
-        }
-        else if (inputType.type.startsWith('wsh-')) ;
-        else if (inputType.txType !== 'segwit')
-            finalScriptSig = inputScript;
-        if (!finalScriptSig && !finalScriptWitness)
-            throw new Error('Unknown error finalizing input');
-        if (finalScriptSig)
-            input.finalScriptSig = finalScriptSig;
-        if (finalScriptWitness)
-            input.finalScriptWitness = finalScriptWitness;
-        cleanFinalInput(input);
-    }
-    finalize() {
-        for (let i = 0; i < this.inputs.length; i++)
-            this.finalizeIdx(i);
-    }
-    extract() {
-        if (!this.isFinal)
-            throw new Error('Transaction has unfinalized inputs');
-        if (!this.outputs.length)
-            throw new Error('Transaction has no outputs');
-        if (this.fee < 0n)
-            throw new Error('Outputs spends more than inputs amount');
-        return this.toBytes(true, true);
-    }
-    combine(other) {
-        for (const k of ['PSBTVersion', 'version', 'lockTime']) {
-            if (this.opts[k] !== other.opts[k]) {
-                throw new Error(`Transaction/combine: different ${k} this=${this.opts[k]} other=${other.opts[k]}`);
-            }
-        }
-        for (const k of ['inputs', 'outputs']) {
-            if (this[k].length !== other[k].length) {
-                throw new Error(`Transaction/combine: different ${k} length this=${this[k].length} other=${other[k].length}`);
-            }
-        }
-        const thisUnsigned = this.global.unsignedTx ? RawOldTx.encode(this.global.unsignedTx) : EMPTY;
-        const otherUnsigned = other.global.unsignedTx
-            ? RawOldTx.encode(other.global.unsignedTx)
-            : EMPTY;
-        if (!equalBytes(thisUnsigned, otherUnsigned))
-            throw new Error(`Transaction/combine: different unsigned tx`);
-        this.global = mergeKeyMap(PSBTGlobal, this.global, other.global, undefined, this.opts.allowUnknown);
-        for (let i = 0; i < this.inputs.length; i++)
-            this.updateInput(i, other.inputs[i], true);
-        for (let i = 0; i < this.outputs.length; i++)
-            this.updateOutput(i, other.outputs[i], true);
-        return this;
-    }
-    clone() {
-        // deepClone probably faster, but this enforces that encoding is valid
-        return Transaction.fromPSBT(this.toPSBT(this.opts.PSBTVersion), this.opts);
-    }
-}
-
-function decode_psbt(b64str) {
-    const psbt = Base64.decode(b64str);
-    return Transaction.fromPSBT(psbt, { allowUnknownOutputs: true });
-}
-function encode_psbt(psbt) {
-    const psbt_bytes = psbt.toPSBT(0);
-    return Base64.encode(psbt_bytes);
-}
-function parse_psbt(psbt) {
-    if (psbt instanceof Transaction) {
-        return psbt;
-    }
-    else if (typeof psbt === 'string') {
-        return decode_psbt(psbt);
-    }
-    else {
-        throw new Error('invalid psbt input: ' + psbt);
-    }
-}
-
-function collect_vins(psbt) {
-    const pdata = parse_psbt(psbt);
-    const count = pdata.inputsLength;
-    const vins = [];
-    for (let i = 0; i < count; i++) {
-        const vin = pdata.getInput(i);
-        vins.push(vin);
-    }
-    return vins;
-}
-function collect_vouts(psbt) {
-    const pdata = parse_psbt(psbt);
-    const count = pdata.outputsLength;
-    const vouts = [];
-    for (let i = 0; i < count; i++) {
-        const vout = pdata.getOutput(i);
-        vouts.push(vout);
-    }
-    return vouts;
-}
-function collect_prevouts(psbt) {
-    const amounts = [], scripts = [];
-    const pdata = parse_psbt(psbt);
-    for (let i = 0; i < pdata.inputsLength; i++) {
-        const txin = pdata.getInput(i);
-        Assert.exists(txin.witnessUtxo, `witness utxo does not exist for input ${i}`);
-        amounts.push(txin.witnessUtxo.amount);
-        scripts.push(txin.witnessUtxo.script);
-    }
-    return { amounts, scripts };
-}
-function finalize_legacy_inputs(pdata) {
-    for (let i = 0; i < pdata.inputsLength; i++) {
-        const pvin = pdata.getInput(i);
-        const script = pvin.redeemScript;
-        const psig = pvin.partialSig?.at(0);
-        if (script !== undefined && psig !== undefined) {
-            pdata.finalizeIdx(i);
-        }
-    }
-    return pdata;
-}
-
-function get_vsize$1(psbt) {
-    const pdata = parse_psbt(psbt);
-    return pdata.vsize;
-}
-function get_txhex(psbt) {
-    let pdata = parse_psbt(psbt);
-    pdata = finalize_legacy_inputs(pdata);
-    return pdata.hex;
-}
-
-function assert_psbt_is_funded(psbt) {
-    const pdata = parse_psbt(psbt);
-    const pvouts = collect_vins(pdata);
-    const txouts = collect_vouts(pdata);
-    const vin_amt = pvouts.reduce((p, n) => p + Number(n.witnessUtxo?.amount ?? 0), 0);
-    const out_amt = txouts.reduce((p, n) => p + Number(n.amount ?? 0), 0);
-    Assert.ok(vin_amt >= out_amt, `value in (${vin_amt}) < value out (${out_amt})`);
-}
-
-var index$7 = /*#__PURE__*/Object.freeze({
-    __proto__: null,
-    assert_psbt_is_funded: assert_psbt_is_funded,
-    collect_prevouts: collect_prevouts,
-    collect_vins: collect_vins,
-    collect_vouts: collect_vouts,
-    decode_psbt: decode_psbt,
-    encode_psbt: encode_psbt,
-    finalize_legacy_inputs: finalize_legacy_inputs,
-    get_txhex: get_txhex,
-    get_vsize: get_vsize$1,
-    parse_psbt: parse_psbt
-});
-
-function prefix_script_size(script) {
-    return Buff.bytes(script).prefix_varint('le').hex;
-}
-function parse_script_pubkeys(script) {
-    const scriptHex = typeof script === 'string' ? script : Buff.bytes(script).hex;
-    const pubkeyPattern = /20([0-9a-f]{64})(ac|ad|ba)/gi;
-    const matches = [...scriptHex.matchAll(pubkeyPattern)];
-    return matches.map(match => match[1]);
-}
-
-var ScriptUtil;
-(function (ScriptUtil) {
-    ScriptUtil.prefix_size = prefix_script_size;
-    ScriptUtil.decode = decode_script;
-    ScriptUtil.encode = encode_script;
-    ScriptUtil.is_valid = is_valid_script;
-    ScriptUtil.get_pubkeys = parse_script_pubkeys;
-    ScriptUtil.OPCODES = OPCODE_MAP;
-})(ScriptUtil || (ScriptUtil = {}));
-
-var index$6 = /*#__PURE__*/Object.freeze({
-    __proto__: null,
-    OPCODE_MAP: OPCODE_MAP,
-    get ScriptUtil () { return ScriptUtil; },
-    decode_script: decode_script,
-    encode_script: encode_script,
-    encode_script_word: encode_script_word,
-    get_asm_code: get_asm_code,
-    get_op_code: get_op_code,
-    get_op_type: get_op_type,
-    get_size_varint: get_size_varint,
-    is_valid_op: is_valid_op,
-    is_valid_script: is_valid_script,
-    parse_script_pubkeys: parse_script_pubkeys,
-    prefix_script_size: prefix_script_size,
-    prefix_word_size: prefix_word_size,
-    split_script_word: split_script_word
-});
-
-function get_prevout(vin) {
-    Assert.exists(vin.prevout, 'Prevout data missing for input: ' + String(vin.txid));
-    return vin.prevout;
-}
-function parse_txinput(txdata, config) {
-    let { txindex, txinput } = config ?? {};
-    if (txindex !== undefined) {
-        if (txindex >= txdata.vin.length) {
-            throw new Error('Input index out of bounds: ' + String(txindex));
-        }
-        txinput = txdata.vin.at(txindex);
-    }
-    Assert.ok(txinput !== undefined);
-    return txinput;
-}
-function get_annex_data(witness) {
-    if (witness === undefined)
-        return;
-    if (witness.length < 2)
-        return;
-    const annex = witness.at(-1);
-    if (typeof annex === 'string' && annex.startsWith('50')) {
-        const bytes = Buff.hex(annex).prefix_varint('be');
-        return sha256(bytes);
-    }
-    return undefined;
-}
-
-const COINBASE = {
-    TXID: '00'.repeat(32),
-    VOUT: 0xFFFFFFFF,
-};
-const DEFAULT = {
-    LOCKTIME: 0,
-    SEQUENCE: 0xFFFFFFFF,
-    VERSION: 2,
+const DEFAULT = {
+    LOCKTIME: 0,
+    SEQUENCE: 0xFFFFFFFF,
+    VERSION: 2,
 };
 const TAPLEAF_VERSIONS = [
     0xc0, 0xc2, 0xc4, 0xc6, 0xc8, 0xca, 0xcc, 0xce,
@@ -13440,19 +9501,19 @@ var taproot = /*#__PURE__*/Object.freeze({
     taptree: taptree
 });
 
-const sats = bigIntType().positive().max(2100000000000000n);
+const sats = bigIntType().min(0n).max(2100000000000000n);
 const tx_output = objectType({
     value: sats,
-    script_pk: hex$1,
+    script_pk: hex,
 });
 const tx_input = objectType({
-    coinbase: hex$1.nullable(),
+    coinbase: hex.nullable(),
     txid: hex32,
     vout: uint,
     prevout: tx_output.nullable(),
-    script_sig: hex$1.nullable(),
+    script_sig: hex.nullable(),
     sequence: uint,
-    witness: arrayType(hex$1)
+    witness: arrayType(hex)
 });
 const tx_data = objectType({
     version: uint,
@@ -13464,16 +9525,16 @@ const vout_template = tx_output.extend({
     value: unionType([uint, sats])
 });
 const vin_template = tx_input.extend({
-    coinbase: hex$1.nullable().optional(),
+    coinbase: hex.nullable().optional(),
     prevout: vout_template.nullable().optional(),
-    script_sig: hex$1.nullable().optional(),
-    sequence: unionType([hex$1, uint]).optional(),
-    witness: arrayType(hex$1).optional(),
+    script_sig: hex.nullable().optional(),
+    sequence: unionType([hex, uint]).optional(),
+    witness: arrayType(hex).optional(),
 });
 const tx_template = objectType({
-    version: uint.default(1),
-    vin: arrayType(vin_template).default([]),
-    vout: arrayType(vout_template).default([]),
+    version: uint.optional(),
+    vin: arrayType(vin_template),
+    vout: arrayType(vout_template),
     locktime: uint.optional(),
 });
 
@@ -13972,7 +10033,7 @@ function hash_segwit_tx(txdata, options = {}) {
     }
     let { pubkey, script } = options;
     if (script === undefined && pubkey !== undefined) {
-        const pkhash = hash160$1(pubkey).hex;
+        const pkhash = hash160(pubkey).hex;
         script = `76a914${String(pkhash)}88ac`;
     }
     if (script === undefined) {
@@ -14403,6 +10464,7 @@ function create_taproot(config$1) {
     const cblock = Buff.join(block);
     return {
         int_key: Buff.bytes(pubkey).hex,
+        path,
         parity,
         taproot: taproot ?? null,
         cblock: cblock.hex,
@@ -14459,5 +10521,5 @@ var index = /*#__PURE__*/Object.freeze({
     parse_witness: parse_witness
 });
 
-export { index$9 as ADDRESS, _const as CONST, index$8 as META, index$7 as PSBT, index$5 as SCHEMA, index$6 as SCRIPT, index$3 as SIGHASH, index$2 as SIGNER, index$1 as TAPROOT, index$4 as TX, index as WITNESS };
+export { index$8 as ADDRESS, _const as CONST, index$7 as META, index$5 as SCHEMA, index$6 as SCRIPT, index$3 as SIGHASH, index$2 as SIGNER, index$1 as TAPROOT, index$4 as TX, index as WITNESS };
 //# sourceMappingURL=module.mjs.map