@winbit32/wallet-kit 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 FungeLLC
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,117 @@
+# @winbit32/wallet-kit
+
+Embeddable Zcash + Monero wallet primitives extracted from
+[Winbit32](https://winbit32.com). The goal: anyone who wants to add a
+Zcash/Monero wallet (scanning, shielded sends, FROST co-signing) to their
+site installs this package and calls functions — no Winbit32 UI required.
+
+## Status / roadmap
+
+Extraction happens in slices (each slice moves source here and leaves a
+re-export shim at the old Winbit32 path, so the app keeps working):
+
+| Slice | Contents | Status |
+| --- | --- | --- |
+| Scanner clients | Zcash Orchard scan-job/UTXO/broadcast client, Monero LWS scan-job client, base-URL resolution | **Done** |
+| Cosign client | WB32COSIGN relay transports, `.wult` share handling, FROST/Orchard ceremony, headless initiator pipeline | **Done** |
+| MCP payment tools | `make_payment` tools ship in the seneschal.space payments-gateway, which consumes this kit; `request_payment` was already there | **Done** (lives in payments-gateway) |
+| Shielded send/scan core | `shielded-transaction-client` (PCZT build/sign/broadcast via WebZjs), note cache | Planned |
+
+## What's in the box today
+
+```ts
+import {
+	resolveWalletScannerBaseUrl,
+	createWalletScannerClient,        // Zcash: Orchard scan jobs, UTXOs, tx broadcast
+	createMoneroWalletScannerClient,  // Monero: LWS scan jobs
+	mapScannerBalanceToSnapshot,      // wire → bigint balance snapshot
+} from '@winbit32/wallet-kit';
+
+const zec = createWalletScannerClient({ baseUrl: 'https://api.zcash.winbit32.com/api' });
+const { data } = await zec.startOrchardScanJob({ ufvk, autoDetect: true });
+
+const xmr = createMoneroWalletScannerClient();
+const job = await xmr.startMoneroScanJob({ address, viewKey });
+```
+
+- All clients take an optional `baseUrl`/`apiKey`; without them the
+  public `api.zcash.winbit32.com` host is used (its nginx injects the
+  upstream API key, so browsers need none).
+- `resolveWalletScannerBaseUrl()` honours `REACT_APP_WALLET_SCANNER_URL`
+  and falls back to a same-origin `/api` proxy in development and the
+  public host in production. Non-CRA embedders should pass `baseUrl`
+  explicitly.
+- No runtime dependencies; browser-first (uses `fetch`); works in Node ≥ 18.
+
+## Co-signing (FROST/Orchard, 2-of-2)
+
+The canonical WB32COSIGN client lives here (`src/cosign/`). It powers both
+browser initiators (Secresea-style "send from a `.wult` share" flows) and
+fully headless Node hosts such as the seneschal.space payments-gateway:
+
+```ts
+import {
+	unwrapVaultShare, toOrchardBundle,        // .wult → key bundle
+	deriveOrchardAddressFromBundle,           // bundle → UFVK + u1… address
+	runHeadlessCosignSend,                    // scan → build → ceremony → broadcast
+	resolveCosignConfig,
+} from '@winbit32/wallet-kit';
+
+const share = await unwrapVaultShare(wultBytes, password);
+const bundle = toOrchardBundle(share);
+const { txid } = await runHeadlessCosignSend({
+	config: resolveCosignConfig({ relayBaseUrl, pcztApiBaseUrl, fetchImpl: fetch }),
+	wasm, bundle, ufvk, unifiedAddress, scanner,
+	toAddress: 'u1…', amountZat: 25_000, // zatoshis
+	onQrReady: (qr) => showToHuman(qr),       // WB32COSIGN:1:… pairing payload
+});
+```
+
+- The host holds **one** share; the human's cosigner (winbit32.com `#cosign`)
+  holds the other. Neither side ever has the full spending key.
+- Transports are pluggable (`BroadcastChannel` same-device, HTTPS relay
+  cross-device); messages are AES-GCM encrypted with the QR session key.
+- The `orchard-frost` WASM is loaded by the host: browsers fetch it from
+  `public/orchard-frost/`, Node hosts read the same artefacts from disk
+  (see `loadOrchardFrostWasmNode` in the payments-gateway for the pattern).
+
+## Building
+
+```sh
+cd packages/wallet-kit
+npm run build   # tsc → dist/ (CommonJS + .d.ts; ESM hosts use src/ via bundler)
+```
+
+The compiled `dist/` is CommonJS so plain Node hosts (e.g. the
+payments-gateway via a `file:` dependency) can `require`/`import` it without
+a bundler. Browser consumers (Winbit32 itself) compile `src/` directly
+through their own bundler via the alias seam described below.
+
+## Tests
+
+Kit tests run under the host repo's jest (CRA 27) in a Node environment:
+
+```sh
+CI=true npx react-app-rewired test --watchAll=false --testPathPattern='packages/wallet-kit'
+```
+
+`src/cosign/__tests__/ceremony.integration.test.ts` runs a **real**
+FROST/Orchard ceremony against the staged WASM — initiator and an
+independently-implemented cosigner stand-in — plus the whole
+`runHeadlessCosignSend` pipeline against fake PCZT/scanner endpoints. It
+skips (not fails) if `public/orchard-frost/` artefacts are missing.
+
+## How Winbit32 consumes it
+
+The app imports `@winbit32/wallet-kit` directly from `packages/wallet-kit/src`
+via a webpack alias + jest `moduleNameMapper` + tsconfig `paths` (see
+`config-overrides.js`). npm workspaces are deliberately NOT used yet: the
+CRA + WASM webpack setup is sensitive to `node_modules` hoisting, so the
+alias seam gives us the package boundary without the install churn. When
+the kit is published, the alias is simply dropped and the app depends on
+the npm package like everyone else.
+
+Old Winbit32 paths (`src/components/toolbox/walletScannerBaseUrl.ts`,
+`.../zcash-extensions/api/walletScannerClient.ts`,
+`.../monero-extensions/api/moneroWalletScannerClient.ts`) remain as
+re-export shims; new code should import from `@winbit32/wallet-kit`.

package/dist/cosign/bytes.d.ts

@@ -0,0 +1,10 @@
+/**
+ * @fileoverview Small hex / base64 helpers shared across the cosign module.
+ * Browser-safe (uses `btoa`/`atob`); no Node Buffer dependency so the module
+ * stays portable when extracted into a standalone package.
+ */
+export declare const hexToBytes: (hex: string) => Uint8Array;
+export declare const bytesToHex: (bytes: Uint8Array) => string;
+export declare const toBase64: (bytes: Uint8Array) => string;
+export declare const fromBase64: (b64: string) => Uint8Array;
+//# sourceMappingURL=bytes.d.ts.map

package/dist/cosign/bytes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"bytes.d.ts","sourceRoot":"","sources":["../../src/cosign/bytes.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,eAAO,MAAM,UAAU,QAAS,MAAM,KAAG,UAQxC,CAAC;AAEF,eAAO,MAAM,UAAU,UAAW,UAAU,KAAG,MACoB,CAAC;AAEpE,eAAO,MAAM,QAAQ,UAAW,UAAU,KAAG,MAI5C,CAAC;AAEF,eAAO,MAAM,UAAU,QAAS,MAAM,KAAG,UAKxC,CAAC"}

package/dist/cosign/bytes.js

@@ -0,0 +1,37 @@
+"use strict";
+/**
+ * @fileoverview Small hex / base64 helpers shared across the cosign module.
+ * Browser-safe (uses `btoa`/`atob`); no Node Buffer dependency so the module
+ * stays portable when extracted into a standalone package.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.fromBase64 = exports.toBase64 = exports.bytesToHex = exports.hexToBytes = void 0;
+const hexToBytes = (hex) => {
+    const clean = hex.startsWith('0x') ? hex.slice(2) : hex;
+    if (clean.length % 2 !== 0)
+        throw new Error('hex string must have an even length');
+    const bytes = new Uint8Array(clean.length / 2);
+    for (let i = 0; i < bytes.length; i++) {
+        bytes[i] = parseInt(clean.slice(i * 2, i * 2 + 2), 16);
+    }
+    return bytes;
+};
+exports.hexToBytes = hexToBytes;
+const bytesToHex = (bytes) => Array.from(bytes, (b) => b.toString(16).padStart(2, '0')).join('');
+exports.bytesToHex = bytesToHex;
+const toBase64 = (bytes) => {
+    let s = '';
+    for (let i = 0; i < bytes.length; i++)
+        s += String.fromCharCode(bytes[i]);
+    return btoa(s);
+};
+exports.toBase64 = toBase64;
+const fromBase64 = (b64) => {
+    const binary = atob(b64);
+    const bytes = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++)
+        bytes[i] = binary.charCodeAt(i);
+    return bytes;
+};
+exports.fromBase64 = fromBase64;
+//# sourceMappingURL=bytes.js.map

package/dist/cosign/bytes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"bytes.js","sourceRoot":"","sources":["../../src/cosign/bytes.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEI,MAAM,UAAU,GAAG,CAAC,GAAW,EAAc,EAAE;IACrD,MAAM,KAAK,GAAG,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IACxD,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACnF,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC/C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;QACtC,KAAK,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;KACvD;IACD,OAAO,KAAK,CAAC;AACd,CAAC,CAAC;AARW,QAAA,UAAU,cAQrB;AAEK,MAAM,UAAU,GAAG,CAAC,KAAiB,EAAU,EAAE,CACvD,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AADvD,QAAA,UAAU,cAC6C;AAE7D,MAAM,QAAQ,GAAG,CAAC,KAAiB,EAAU,EAAE;IACrD,IAAI,CAAC,GAAG,EAAE,CAAC;IACX,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,CAAC,IAAI,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1E,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC;AAChB,CAAC,CAAC;AAJW,QAAA,QAAQ,YAInB;AAEK,MAAM,UAAU,GAAG,CAAC,GAAW,EAAc,EAAE;IACrD,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;IACzB,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IACxE,OAAO,KAAK,CAAC;AACd,CAAC,CAAC;AALW,QAAA,UAAU,cAKrB"}

package/dist/cosign/config.d.ts

@@ -0,0 +1,58 @@
+/**
+ * @fileoverview Configuration boundary for the wallet-kit co-signing module.
+ *
+ * Everything host-specific (API base, relay base, where the WASM is served,
+ * which `fetch` to use, network) is injected here rather than hardcoded —
+ * this package IS the standalone "add MPC co-signing to your Zcash site"
+ * module (canonical home; ported from Secresea's `services/cosign/`, which
+ * migrates onto this package once it consumes npm deps). Per project
+ * conventions we never export mutable objects/arrays or `let` bindings —
+ * config is passed by value through function parameters;
+ * `resolveCosignConfig()` returns a fresh frozen object.
+ *
+ * The defaults assume the common single-origin deployment (frontend + NFPT
+ * API on one origin), so a host that mounts the NFPT API at `/api` and
+ * serves the WASM from `/orchard-frost` needs to pass nothing. Node hosts
+ * (e.g. payments-gateway) pass absolute URLs + a WASM loader instead.
+ */
+import type { OrchardFrostWasmModule } from './orchardFrost';
+/** Zcash network selector understood by the PCZT endpoints. */
+export type ZcashNetwork = 'main' | 'test';
+export interface CosignConfig {
+    /**
+     * Base path/URL for the PCZT endpoints
+     * (`/build`, `/orchard-sighash`, `/apply-orchard-frost`, `/broadcast`).
+     */
+    pcztApiBaseUrl: string;
+    /**
+     * Base path/URL for the WB32COSIGN relay
+     * (`POST /:sessionId`, `POST /message/:sessionId`, `GET /message/:sessionId/:partyId`).
+     */
+    relayBaseUrl: string;
+    /** Base path/URL under which the orchard-frost WASM assets are served. */
+    wasmBaseUrl: string;
+    /** Zcash network for builds/proofs. */
+    network: ZcashNetwork;
+    /** `fetch` implementation (injectable for tests / non-browser hosts). */
+    fetchImpl: typeof fetch;
+    /**
+     * Optional override for loading the Orchard FROST WASM. Hosts that bundle
+     * the WASM with their own toolchain provide this; otherwise the default
+     * loader fetches the artefacts from `wasmBaseUrl`.
+     */
+    loadOrchardFrostWasm?: () => Promise<OrchardFrostWasmModule>;
+    /** Optional cache-bust token appended to WASM asset URLs (e.g. a build id). */
+    assetCacheBustToken?: string;
+}
+export declare const DEFAULT_PCZT_API_BASE_URL = "/api/pczt";
+export declare const DEFAULT_RELAY_BASE_URL = "/api/cosign";
+export declare const DEFAULT_WASM_BASE_URL = "/orchard-frost";
+export declare const DEFAULT_NETWORK: ZcashNetwork;
+/**
+ * Merge caller overrides with the defaults and return a fresh, frozen config.
+ *
+ * @param partial Any subset of {@link CosignConfig}; omitted fields fall back
+ *   to the module defaults.
+ */
+export declare const resolveCosignConfig: (partial?: Partial<CosignConfig>) => Readonly<CosignConfig>;
+//# sourceMappingURL=config.d.ts.map

package/dist/cosign/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/cosign/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,gBAAgB,CAAC;AAE7D,+DAA+D;AAC/D,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,MAAM,CAAC;AAE3C,MAAM,WAAW,YAAY;IAC5B;;;OAGG;IACH,cAAc,EAAE,MAAM,CAAC;IACvB;;;OAGG;IACH,YAAY,EAAE,MAAM,CAAC;IACrB,0EAA0E;IAC1E,WAAW,EAAE,MAAM,CAAC;IACpB,uCAAuC;IACvC,OAAO,EAAE,YAAY,CAAC;IACtB,yEAAyE;IACzE,SAAS,EAAE,OAAO,KAAK,CAAC;IACxB;;;;OAIG;IACH,oBAAoB,CAAC,EAAE,MAAM,OAAO,CAAC,sBAAsB,CAAC,CAAC;IAC7D,+EAA+E;IAC/E,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAID,eAAO,MAAM,yBAAyB,cAAc,CAAC;AACrD,eAAO,MAAM,sBAAsB,gBAAgB,CAAC;AACpD,eAAO,MAAM,qBAAqB,mBAAmB,CAAC;AACtD,eAAO,MAAM,eAAe,EAAE,YAAqB,CAAC;AAYpD;;;;;GAKG;AACH,eAAO,MAAM,mBAAmB,aAAa,QAAQ,YAAY,CAAC,KAAQ,SAAS,YAAY,CAW9F,CAAC"}

package/dist/cosign/config.js

@@ -0,0 +1,54 @@
+"use strict";
+/**
+ * @fileoverview Configuration boundary for the wallet-kit co-signing module.
+ *
+ * Everything host-specific (API base, relay base, where the WASM is served,
+ * which `fetch` to use, network) is injected here rather than hardcoded —
+ * this package IS the standalone "add MPC co-signing to your Zcash site"
+ * module (canonical home; ported from Secresea's `services/cosign/`, which
+ * migrates onto this package once it consumes npm deps). Per project
+ * conventions we never export mutable objects/arrays or `let` bindings —
+ * config is passed by value through function parameters;
+ * `resolveCosignConfig()` returns a fresh frozen object.
+ *
+ * The defaults assume the common single-origin deployment (frontend + NFPT
+ * API on one origin), so a host that mounts the NFPT API at `/api` and
+ * serves the WASM from `/orchard-frost` needs to pass nothing. Node hosts
+ * (e.g. payments-gateway) pass absolute URLs + a WASM loader instead.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolveCosignConfig = exports.DEFAULT_NETWORK = exports.DEFAULT_WASM_BASE_URL = exports.DEFAULT_RELAY_BASE_URL = exports.DEFAULT_PCZT_API_BASE_URL = void 0;
+// Named defaults — single source of truth, easy to retune without hunting
+// through call sites.
+exports.DEFAULT_PCZT_API_BASE_URL = '/api/pczt';
+exports.DEFAULT_RELAY_BASE_URL = '/api/cosign';
+exports.DEFAULT_WASM_BASE_URL = '/orchard-frost';
+exports.DEFAULT_NETWORK = 'main';
+const stripTrailingSlash = (s) => s.replace(/\/+$/, '');
+const defaultFetch = () => {
+    const f = (typeof globalThis !== 'undefined' ? globalThis.fetch : undefined);
+    if (typeof f !== 'function') {
+        throw new Error('No fetch implementation available; pass `fetchImpl` in the cosign config.');
+    }
+    return f.bind(globalThis);
+};
+/**
+ * Merge caller overrides with the defaults and return a fresh, frozen config.
+ *
+ * @param partial Any subset of {@link CosignConfig}; omitted fields fall back
+ *   to the module defaults.
+ */
+const resolveCosignConfig = (partial = {}) => {
+    const config = {
+        pcztApiBaseUrl: stripTrailingSlash(partial.pcztApiBaseUrl ?? exports.DEFAULT_PCZT_API_BASE_URL),
+        relayBaseUrl: stripTrailingSlash(partial.relayBaseUrl ?? exports.DEFAULT_RELAY_BASE_URL),
+        wasmBaseUrl: stripTrailingSlash(partial.wasmBaseUrl ?? exports.DEFAULT_WASM_BASE_URL),
+        network: partial.network ?? exports.DEFAULT_NETWORK,
+        fetchImpl: partial.fetchImpl ?? defaultFetch(),
+        loadOrchardFrostWasm: partial.loadOrchardFrostWasm,
+        assetCacheBustToken: partial.assetCacheBustToken,
+    };
+    return Object.freeze(config);
+};
+exports.resolveCosignConfig = resolveCosignConfig;
+//# sourceMappingURL=config.js.map

package/dist/cosign/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/cosign/config.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;GAgBG;;;AAkCH,0EAA0E;AAC1E,sBAAsB;AACT,QAAA,yBAAyB,GAAG,WAAW,CAAC;AACxC,QAAA,sBAAsB,GAAG,aAAa,CAAC;AACvC,QAAA,qBAAqB,GAAG,gBAAgB,CAAC;AACzC,QAAA,eAAe,GAAiB,MAAM,CAAC;AAEpD,MAAM,kBAAkB,GAAG,CAAC,CAAS,EAAU,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AAExE,MAAM,YAAY,GAAG,GAAiB,EAAE;IACvC,MAAM,CAAC,GAAG,CAAC,OAAO,UAAU,KAAK,WAAW,CAAC,CAAC,CAAE,UAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAA6B,CAAC;IAClH,IAAI,OAAO,CAAC,KAAK,UAAU,EAAE;QAC5B,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAC;KAC7F;IACD,OAAO,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;AAC3B,CAAC,CAAC;AAEF;;;;;GAKG;AACI,MAAM,mBAAmB,GAAG,CAAC,UAAiC,EAAE,EAA0B,EAAE;IAClG,MAAM,MAAM,GAAiB;QAC5B,cAAc,EAAE,kBAAkB,CAAC,OAAO,CAAC,cAAc,IAAI,iCAAyB,CAAC;QACvF,YAAY,EAAE,kBAAkB,CAAC,OAAO,CAAC,YAAY,IAAI,8BAAsB,CAAC;QAChF,WAAW,EAAE,kBAAkB,CAAC,OAAO,CAAC,WAAW,IAAI,6BAAqB,CAAC;QAC7E,OAAO,EAAE,OAAO,CAAC,OAAO,IAAI,uBAAe;QAC3C,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,YAAY,EAAE;QAC9C,oBAAoB,EAAE,OAAO,CAAC,oBAAoB;QAClD,mBAAmB,EAAE,OAAO,CAAC,mBAAmB;KAChD,CAAC;IACF,OAAO,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;AAC9B,CAAC,CAAC;AAXW,QAAA,mBAAmB,uBAW9B"}

package/dist/cosign/cosignSend.d.ts

@@ -0,0 +1,104 @@
+/**
+ * @fileoverview Orchard FROST send orchestration — ties the co-signing
+ * ceremony to the chain via the PCZT endpoints.
+ *
+ * Pipeline (mirrors WINBIT32's shielded-transaction-client FROST path):
+ *   1. POST /pczt/orchard-sighash  → sighash + per-action `alpha`s + action
+ *      indices + (optional) per-action fvk.ak + an IO-finalised PCZT.
+ *   2. For each Orchard action: run the two-round FROST ceremony with that
+ *      action's `alpha` as the randomiser (`runOrchardInitiatorAction`).
+ *   3. POST /pczt/apply-orchard-frost → inject sigs, prove, finalise.
+ *   4. POST /pczt/broadcast → txid.
+ *
+ * Everything host-specific is injected via {@link CosignConfig} (API base,
+ * network, fetch), and the WASM engine + loaded share are passed in — no
+ * globals. This file is the canonical standalone copy (ported from
+ * Secresea's `services/cosign/cosignSend.ts`).
+ *
+ * The PCZT *build* (gathering spendable notes for the FROST UFVK) belongs to
+ * the wallet/scan layer; this module starts from an already-built unsigned
+ * PCZT. `buildPczt` is provided as a thin typed wrapper for callers that want
+ * the server to build it from explicit spends/outputs.
+ */
+import type { CosignConfig } from './config';
+import type { CosignTransport } from './transports';
+import { type OrchardKeyShareForCosign, type SigningDisplay, type CosignCallbacks } from './relay';
+import type { OrchardFrostWasmModule } from './orchardFrost';
+export type PcztFormat = 'base64' | 'hex';
+export interface OrchardSighashResult {
+    success?: boolean;
+    /** ZIP-244 Orchard sighash (64 hex / 32 bytes), shared across all actions. */
+    orchardSighash: string;
+    /** Number of Orchard actions that need a FROST signature. */
+    orchardActionCount: number;
+    /** Per-action `alpha` randomisers the PCZT pre-committed to (64 hex each). */
+    orchardAlphas: string[];
+    /** PCZT action index for each entry in `orchardAlphas`. */
+    orchardFrostActionIndices: number[];
+    /** Total Orchard actions (incl. dummies that don't need signing). */
+    orchardActionTotal?: number;
+    /** Per-action fvk.ak, for verifying the PCZT was built with our group key. */
+    orchardFvkAks?: string[];
+    /** IO-finalised PCZT to feed back into apply (dummies pre-signed). */
+    pczt?: string;
+    pcztFormat?: PcztFormat;
+}
+export declare const extractOrchardSighash: (config: CosignConfig, pczt: string, pcztFormat?: PcztFormat) => Promise<OrchardSighashResult>;
+export interface ApplyOrchardFrostParams {
+    pczt: string;
+    pcztFormat?: PcztFormat;
+    orchardSignatures: string[];
+    orchardFrostActionIndices?: number[];
+    orchardGroupPublic?: string;
+    network?: CosignConfig['network'];
+}
+export declare const applyOrchardFrostSignatures: (config: CosignConfig, params: ApplyOrchardFrostParams) => Promise<{
+    pczt: string;
+}>;
+export interface BroadcastResult {
+    success?: boolean;
+    txid: string;
+    broadcastedAt?: string;
+}
+export declare const broadcastPczt: (config: CosignConfig, signedPczt: string, format?: PcztFormat) => Promise<BroadcastResult>;
+/** Thin pass-through to /pczt/build; the caller assembles spends/outputs. */
+export declare const buildPczt: <T = {
+    pczt: string;
+}>(config: CosignConfig, buildRequest: Record<string, unknown>) => Promise<T>;
+export interface CosignSendParams {
+    config: CosignConfig;
+    wasm: OrchardFrostWasmModule;
+    /** WB32COSIGN session AES key (hex). */
+    encKeyHex: string;
+    transport: CosignTransport;
+    /** This device's Vultisig localPartyId. */
+    myPartyId: string;
+    /** Our loaded Orchard FROST share (from the .wult). */
+    share: OrchardKeyShareForCosign;
+    publicKeyPackage: {
+        signerPubkeys: Record<string, string>;
+        groupPublic: string;
+    };
+    /** Unsigned PCZT (base64 by default) to co-sign. */
+    unsignedPczt: string;
+    pcztFormat?: PcztFormat;
+    display: SigningDisplay;
+    /**
+     * When provided, wait for a cosigner with one of these Vultisig
+     * localPartyIds to join before signing (the QR-pairing handshake).
+     * Omit if the caller already performed the join.
+     */
+    validSignerIds?: string[];
+    callbacks?: CosignCallbacks;
+}
+export interface CosignSendResult {
+    txid: string;
+    signedPczt: string;
+    signatures: string[];
+}
+/**
+ * Drive an unsigned PCZT through the Orchard FROST co-signing pipeline to a
+ * broadcast txid. The cosigner (WINBIT32) co-signs each action over the relay.
+ */
+export declare const cosignSendPczt: (p: CosignSendParams) => Promise<CosignSendResult>;
+//# sourceMappingURL=cosignSend.d.ts.map

package/dist/cosign/cosignSend.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cosignSend.d.ts","sourceRoot":"","sources":["../../src/cosign/cosignSend.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAC7C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAGN,KAAK,wBAAwB,EAE7B,KAAK,cAAc,EACnB,KAAK,eAAe,EACpB,MAAM,SAAS,CAAC;AACjB,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,gBAAgB,CAAC;AAE7D,MAAM,MAAM,UAAU,GAAG,QAAQ,GAAG,KAAK,CAAC;AAsB1C,MAAM,WAAW,oBAAoB;IACpC,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,8EAA8E;IAC9E,cAAc,EAAE,MAAM,CAAC;IACvB,6DAA6D;IAC7D,kBAAkB,EAAE,MAAM,CAAC;IAC3B,8EAA8E;IAC9E,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,2DAA2D;IAC3D,yBAAyB,EAAE,MAAM,EAAE,CAAC;IACpC,qEAAqE;IACrE,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,8EAA8E;IAC9E,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,sEAAsE;IACtE,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,UAAU,CAAC;CACxB;AAED,eAAO,MAAM,qBAAqB,WACzB,YAAY,QACd,MAAM,eACA,UAAU,KACpB,QAAQ,oBAAoB,CACkD,CAAC;AAElF,MAAM,WAAW,uBAAuB;IACvC,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,yBAAyB,CAAC,EAAE,MAAM,EAAE,CAAC;IACrC,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,OAAO,CAAC,EAAE,YAAY,CAAC,SAAS,CAAC,CAAC;CAClC;AAED,eAAO,MAAM,2BAA2B,WAC/B,YAAY,UACZ,uBAAuB,KAC7B,QAAQ;IAAE,IAAI,EAAE,MAAM,CAAA;CAAE,CAQxB,CAAC;AAEJ,MAAM,WAAW,eAAe;IAC/B,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,aAAa,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,eAAO,MAAM,aAAa,WACjB,YAAY,cACR,MAAM,WACV,UAAU,KAChB,QAAQ,eAAe,CAC8C,CAAC;AAEzE,6EAA6E;AAC7E,eAAO,MAAM,SAAS;UAAgB,MAAM;WAAY,YAAY,gBAAgB,OAAO,MAAM,EAAE,OAAO,CAAC,eAC/D,CAAC;AAI7C,MAAM,WAAW,gBAAgB;IAChC,MAAM,EAAE,YAAY,CAAC;IACrB,IAAI,EAAE,sBAAsB,CAAC;IAC7B,wCAAwC;IACxC,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,eAAe,CAAC;IAC3B,2CAA2C;IAC3C,SAAS,EAAE,MAAM,CAAC;IAClB,uDAAuD;IACvD,KAAK,EAAE,wBAAwB,CAAC;IAChC,gBAAgB,EAAE;QAAE,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAAC,WAAW,EAAE,MAAM,CAAA;KAAE,CAAC;IACjF,oDAAoD;IACpD,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,OAAO,EAAE,cAAc,CAAC;IACxB;;;;OAIG;IACH,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,SAAS,CAAC,EAAE,eAAe,CAAC;CAC5B;AAED,MAAM,WAAW,gBAAgB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,EAAE,CAAC;CACrB;AAED;;;GAGG;AACH,eAAO,MAAM,cAAc,MAAa,gBAAgB,KAAG,QAAQ,gBAAgB,CAyElF,CAAC"}

package/dist/cosign/cosignSend.js

@@ -0,0 +1,157 @@
+"use strict";
+/**
+ * @fileoverview Orchard FROST send orchestration — ties the co-signing
+ * ceremony to the chain via the PCZT endpoints.
+ *
+ * Pipeline (mirrors WINBIT32's shielded-transaction-client FROST path):
+ *   1. POST /pczt/orchard-sighash  → sighash + per-action `alpha`s + action
+ *      indices + (optional) per-action fvk.ak + an IO-finalised PCZT.
+ *   2. For each Orchard action: run the two-round FROST ceremony with that
+ *      action's `alpha` as the randomiser (`runOrchardInitiatorAction`).
+ *   3. POST /pczt/apply-orchard-frost → inject sigs, prove, finalise.
+ *   4. POST /pczt/broadcast → txid.
+ *
+ * Everything host-specific is injected via {@link CosignConfig} (API base,
+ * network, fetch), and the WASM engine + loaded share are passed in — no
+ * globals. This file is the canonical standalone copy (ported from
+ * Secresea's `services/cosign/cosignSend.ts`).
+ *
+ * The PCZT *build* (gathering spendable notes for the FROST UFVK) belongs to
+ * the wallet/scan layer; this module starts from an already-built unsigned
+ * PCZT. `buildPczt` is provided as a thin typed wrapper for callers that want
+ * the server to build it from explicit spends/outputs.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.cosignSendPczt = exports.buildPczt = exports.broadcastPczt = exports.applyOrchardFrostSignatures = exports.extractOrchardSighash = void 0;
+const relay_1 = require("./relay");
+const HEX64 = /^[0-9a-fA-F]{64}$/;
+// ── PCZT API client (config-injected fetch) ─────────────────────────
+const postJson = async (config, pathSuffix, body) => {
+    const resp = await config.fetchImpl(`${config.pcztApiBaseUrl}${pathSuffix}`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify(body),
+    });
+    const text = await resp.text();
+    let parsed = null;
+    try {
+        parsed = text ? JSON.parse(text) : null;
+    }
+    catch { /* non-JSON error body */ }
+    if (!resp.ok || (parsed && parsed.success === false)) {
+        const msg = (parsed && typeof parsed.error === 'string') ? parsed.error : (text || `HTTP ${resp.status}`);
+        throw new Error(`pczt${pathSuffix} failed: ${msg}`);
+    }
+    return parsed;
+};
+const extractOrchardSighash = (config, pczt, pcztFormat = 'base64') => postJson(config, '/orchard-sighash', { pczt, pcztFormat });
+exports.extractOrchardSighash = extractOrchardSighash;
+const applyOrchardFrostSignatures = (config, params) => postJson(config, '/apply-orchard-frost', {
+    pczt: params.pczt,
+    pcztFormat: params.pcztFormat ?? 'base64',
+    orchardSignatures: params.orchardSignatures,
+    ...(params.orchardFrostActionIndices ? { orchardFrostActionIndices: params.orchardFrostActionIndices } : {}),
+    ...(params.orchardGroupPublic ? { orchardGroupPublic: params.orchardGroupPublic } : {}),
+    network: params.network ?? config.network,
+});
+exports.applyOrchardFrostSignatures = applyOrchardFrostSignatures;
+const broadcastPczt = (config, signedPczt, format = 'base64') => postJson(config, '/broadcast', { signedPczt, format });
+exports.broadcastPczt = broadcastPczt;
+/** Thin pass-through to /pczt/build; the caller assembles spends/outputs. */
+const buildPczt = (config, buildRequest) => postJson(config, '/build', buildRequest);
+exports.buildPczt = buildPczt;
+/**
+ * Drive an unsigned PCZT through the Orchard FROST co-signing pipeline to a
+ * broadcast txid. The cosigner (WINBIT32) co-signs each action over the relay.
+ */
+const cosignSendPczt = async (p) => {
+    const { config, wasm, transport, share, publicKeyPackage, callbacks } = p;
+    const pcztFormat = p.pcztFormat ?? 'base64';
+    const groupPublicHex = (publicKeyPackage.groupPublic || '').toLowerCase();
+    if (p.validSignerIds && p.validSignerIds.length > 0) {
+        await (0, relay_1.waitForCosignerJoin)({ encKeyHex: p.encKeyHex, transport, validSignerIds: p.validSignerIds, callbacks });
+    }
+    callbacks?.onProgress?.('Requesting Orchard sighash from server...');
+    const sh = await (0, exports.extractOrchardSighash)(config, p.unsignedPczt, pcztFormat);
+    if (!sh.orchardSighash || !HEX64.test(sh.orchardSighash)) {
+        throw new Error('Server returned an invalid Orchard sighash (expected 64 hex chars).');
+    }
+    const actionCount = sh.orchardActionCount || 0;
+    const alphas = Array.isArray(sh.orchardAlphas) ? sh.orchardAlphas : [];
+    const indices = Array.isArray(sh.orchardFrostActionIndices) ? sh.orchardFrostActionIndices : [];
+    if (actionCount > 0) {
+        if (alphas.length !== actionCount) {
+            throw new Error(`Server returned ${alphas.length} Orchard alphas but ${actionCount} actions need signing — ` +
+                'upgrade the orchard-scanner so extract-orchard-sighash returns per-action alphas.');
+        }
+        alphas.forEach((a, i) => {
+            if (!HEX64.test(a || ''))
+                throw new Error(`Invalid Orchard alpha at index ${i} (expected 64 hex chars).`);
+        });
+        assertFvkMatchesGroup(sh, actionCount, groupPublicHex, indices);
+    }
+    const signatures = [];
+    for (let i = 0; i < actionCount; i++) {
+        callbacks?.onProgress?.(`Orchard FROST signing action ${i + 1} of ${actionCount}...`);
+        const frostOrchardData = {
+            sighash: sh.orchardSighash,
+            randomizer: alphas[i],
+            pubKeyPackage: { signerPubkeys: publicKeyPackage.signerPubkeys, groupPublic: publicKeyPackage.groupPublic },
+        };
+        const result = await (0, relay_1.runOrchardInitiatorAction)({
+            wasm,
+            encKeyHex: p.encKeyHex,
+            transport,
+            myPartyId: p.myPartyId,
+            orchardKeyShare: share,
+            frostOrchardData,
+            display: p.display,
+            callbacks,
+            keepAlive: i < actionCount - 1,
+        });
+        signatures.push(result.signature);
+    }
+    callbacks?.onProgress?.('Submitting signatures to server for proving...');
+    const applyPczt = sh.pczt ?? p.unsignedPczt;
+    const applyFormat = (sh.pczt ? sh.pcztFormat : pcztFormat) ?? 'base64';
+    const applied = await (0, exports.applyOrchardFrostSignatures)(config, {
+        pczt: applyPczt,
+        pcztFormat: applyFormat,
+        orchardSignatures: signatures,
+        orchardFrostActionIndices: indices.length === signatures.length ? indices : undefined,
+        orchardGroupPublic: HEX64.test(groupPublicHex) ? groupPublicHex : undefined,
+        network: config.network,
+    });
+    if (!applied?.pczt)
+        throw new Error('apply-orchard-frost returned no signed PCZT.');
+    callbacks?.onProgress?.('Broadcasting transaction...');
+    const broadcast = await (0, exports.broadcastPczt)(config, applied.pczt, 'base64');
+    if (!broadcast?.txid)
+        throw new Error('Broadcast returned no txid.');
+    callbacks?.onProgress?.('Transaction broadcast.');
+    return { txid: broadcast.txid, signedPczt: applied.pczt, signatures };
+};
+exports.cosignSendPczt = cosignSendPczt;
+/**
+ * Refuse to sign if any action's fvk.ak differs from our FROST group_public —
+ * no FROST signature can verify against a PCZT built with a different key.
+ */
+const assertFvkMatchesGroup = (sh, actionCount, groupPublicHex, indices) => {
+    const aks = Array.isArray(sh.orchardFvkAks) ? sh.orchardFvkAks : [];
+    if (!groupPublicHex || aks.length !== actionCount)
+        return; // nothing to verify against
+    const mismatches = [];
+    for (let i = 0; i < aks.length; i++) {
+        const ak = (aks[i] || '').trim().toLowerCase();
+        if (!HEX64.test(ak))
+            continue;
+        if (ak !== groupPublicHex)
+            mismatches.push(`action ${indices[i] ?? i}: ak=${ak.slice(0, 16)}…`);
+    }
+    if (mismatches.length > 0) {
+        throw new Error(`Orchard FROST keys do not match the PCZT's FVK (group_public=${groupPublicHex.slice(0, 16)}…, ` +
+            `but ${mismatches.join(', ')}). The PCZT was built with a different Orchard key than your share derives — ` +
+            'no signature can verify until both devices share the same bundle.');
+    }
+};
+//# sourceMappingURL=cosignSend.js.map

package/dist/cosign/cosignSend.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cosignSend.js","sourceRoot":"","sources":["../../src/cosign/cosignSend.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;;;AAIH,mCAOiB;AAKjB,MAAM,KAAK,GAAG,mBAAmB,CAAC;AAElC,uEAAuE;AAEvE,MAAM,QAAQ,GAAG,KAAK,EAAK,MAAoB,EAAE,UAAkB,EAAE,IAAa,EAAc,EAAE;IACjG,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,GAAG,MAAM,CAAC,cAAc,GAAG,UAAU,EAAE,EAAE;QAC5E,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;KAC1B,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;IAC/B,IAAI,MAAM,GAAQ,IAAI,CAAC;IACvB,IAAI;QAAE,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;KAAE;IAAC,MAAM,EAAE,yBAAyB,EAAE;IACpF,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,OAAO,KAAK,KAAK,CAAC,EAAE;QACrD,MAAM,GAAG,GAAG,CAAC,MAAM,IAAI,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,QAAQ,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;QAC1G,MAAM,IAAI,KAAK,CAAC,OAAO,UAAU,YAAY,GAAG,EAAE,CAAC,CAAC;KACpD;IACD,OAAO,MAAW,CAAC;AACpB,CAAC,CAAC;AAqBK,MAAM,qBAAqB,GAAG,CACpC,MAAoB,EACpB,IAAY,EACZ,aAAyB,QAAQ,EACD,EAAE,CAClC,QAAQ,CAAuB,MAAM,EAAE,kBAAkB,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC;AALrE,QAAA,qBAAqB,yBAKgD;AAW3E,MAAM,2BAA2B,GAAG,CAC1C,MAAoB,EACpB,MAA+B,EACH,EAAE,CAC9B,QAAQ,CAAmB,MAAM,EAAE,sBAAsB,EAAE;IAC1D,IAAI,EAAE,MAAM,CAAC,IAAI;IACjB,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,QAAQ;IACzC,iBAAiB,EAAE,MAAM,CAAC,iBAAiB;IAC3C,GAAG,CAAC,MAAM,CAAC,yBAAyB,CAAC,CAAC,CAAC,EAAE,yBAAyB,EAAE,MAAM,CAAC,yBAAyB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC5G,GAAG,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC,CAAC,EAAE,kBAAkB,EAAE,MAAM,CAAC,kBAAkB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IACvF,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,OAAO;CACzC,CAAC,CAAC;AAXS,QAAA,2BAA2B,+BAWpC;AAQG,MAAM,aAAa,GAAG,CAC5B,MAAoB,EACpB,UAAkB,EAClB,SAAqB,QAAQ,EACF,EAAE,CAC7B,QAAQ,CAAkB,MAAM,EAAE,YAAY,EAAE,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,CAAC;AAL5D,QAAA,aAAa,iBAK+C;AAEzE,6EAA6E;AACtE,MAAM,SAAS,GAAG,CAAuB,MAAoB,EAAE,YAAqC,EAAc,EAAE,CAC1H,QAAQ,CAAI,MAAM,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC;AADhC,QAAA,SAAS,aACuB;AAkC7C;;;GAGG;AACI,MAAM,cAAc,GAAG,KAAK,EAAE,CAAmB,EAA6B,EAAE;IACtF,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,gBAAgB,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC;IAC1E,MAAM,UAAU,GAAG,CAAC,CAAC,UAAU,IAAI,QAAQ,CAAC;IAC5C,MAAM,cAAc,GAAG,CAAC,gBAAgB,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IAE1E,IAAI,CAAC,CAAC,cAAc,IAAI,CAAC,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE;QACpD,MAAM,IAAA,2BAAmB,EAAC,EAAE,SAAS,EAAE,CAAC,CAAC,SAAS,EAAE,SAAS,EAAE,cAAc,EAAE,CAAC,CAAC,cAAc,EAAE,SAAS,EAAE,CAAC,CAAC;KAC9G;IAED,SAAS,EAAE,UAAU,EAAE,CAAC,2CAA2C,CAAC,CAAC;IACrE,MAAM,EAAE,GAAG,MAAM,IAAA,6BAAqB,EAAC,MAAM,EAAE,CAAC,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;IAE3E,IAAI,CAAC,EAAE,CAAC,cAAc,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,cAAc,CAAC,EAAE;QACzD,MAAM,IAAI,KAAK,CAAC,qEAAqE,CAAC,CAAC;KACvF;IACD,MAAM,WAAW,GAAG,EAAE,CAAC,kBAAkB,IAAI,CAAC,CAAC;IAC/C,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC;IACvE,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,yBAAyB,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,yBAAyB,CAAC,CAAC,CAAC,EAAE,CAAC;IAEhG,IAAI,WAAW,GAAG,CAAC,EAAE;QACpB,IAAI,MAAM,CAAC,MAAM,KAAK,WAAW,EAAE;YAClC,MAAM,IAAI,KAAK,CACd,mBAAmB,MAAM,CAAC,MAAM,uBAAuB,WAAW,0BAA0B;gBAC5F,mFAAmF,CACnF,CAAC;SACF;QACD,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YACvB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,2BAA2B,CAAC,CAAC;QAC3G,CAAC,CAAC,CAAC;QACH,qBAAqB,CAAC,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE,OAAO,CAAC,CAAC;KAChE;IAED,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,WAAW,EAAE,CAAC,EAAE,EAAE;QACrC,SAAS,EAAE,UAAU,EAAE,CAAC,gCAAgC,CAAC,GAAG,CAAC,OAAO,WAAW,KAAK,CAAC,CAAC;QACtF,MAAM,gBAAgB,GAAsB;YAC3C,OAAO,EAAE,EAAE,CAAC,cAAc;YAC1B,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC;YACrB,aAAa,EAAE,EAAE,aAAa,EAAE,gBAAgB,CAAC,aAAa,EAAE,WAAW,EAAE,gBAAgB,CAAC,WAAW,EAAE;SAC3G,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,IAAA,iCAAyB,EAAC;YAC9C,IAAI;YACJ,SAAS,EAAE,CAAC,CAAC,SAAS;YACtB,SAAS;YACT,SAAS,EAAE,CAAC,CAAC,SAAS;YACtB,eAAe,EAAE,KAAK;YACtB,gBAAgB;YAChB,OAAO,EAAE,CAAC,CAAC,OAAO;YAClB,SAAS;YACT,SAAS,EAAE,CAAC,GAAG,WAAW,GAAG,CAAC;SAC9B,CAAC,CAAC;QACH,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;KAClC;IAED,SAAS,EAAE,UAAU,EAAE,CAAC,gDAAgD,CAAC,CAAC;IAC1E,MAAM,SAAS,GAAG,EAAE,CAAC,IAAI,IAAI,CAAC,CAAC,YAAY,CAAC;IAC5C,MAAM,WAAW,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,QAAQ,CAAC;IACvE,MAAM,OAAO,GAAG,MAAM,IAAA,mCAA2B,EAAC,MAAM,EAAE;QACzD,IAAI,EAAE,SAAS;QACf,UAAU,EAAE,WAAW;QACvB,iBAAiB,EAAE,UAAU;QAC7B,yBAAyB,EAAE,OAAO,CAAC,MAAM,KAAK,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;QACrF,kBAAkB,EAAE,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS;QAC3E,OAAO,EAAE,MAAM,CAAC,OAAO;KACvB,CAAC,CAAC;IACH,IAAI,CAAC,OAAO,EAAE,IAAI;QAAE,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAEpF,SAAS,EAAE,UAAU,EAAE,CAAC,6BAA6B,CAAC,CAAC;IACvD,MAAM,SAAS,GAAG,MAAM,IAAA,qBAAa,EAAC,MAAM,EAAE,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IACtE,IAAI,CAAC,SAAS,EAAE,IAAI;QAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;IAErE,SAAS,EAAE,UAAU,EAAE,CAAC,wBAAwB,CAAC,CAAC;IAClD,OAAO,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,UAAU,EAAE,OAAO,CAAC,IAAI,EAAE,UAAU,EAAE,CAAC;AACvE,CAAC,CAAC;AAzEW,QAAA,cAAc,kBAyEzB;AAEF;;;GAGG;AACH,MAAM,qBAAqB,GAAG,CAC7B,EAAwB,EACxB,WAAmB,EACnB,cAAsB,EACtB,OAAiB,EACV,EAAE;IACT,MAAM,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC;IACpE,IAAI,CAAC,cAAc,IAAI,GAAG,CAAC,MAAM,KAAK,WAAW;QAAE,OAAO,CAAC,4BAA4B;IACvF,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;QACpC,MAAM,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAC/C,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YAAE,SAAS;QAC9B,IAAI,EAAE,KAAK,cAAc;YAAE,UAAU,CAAC,IAAI,CAAC,UAAU,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC;KAChG;IACD,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE;QAC1B,MAAM,IAAI,KAAK,CACd,gEAAgE,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK;YAChG,OAAO,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,+EAA+E;YAC3G,mEAAmE,CACnE,CAAC;KACF;AACF,CAAC,CAAC"}

package/dist/cosign/index.d.ts

@@ -0,0 +1,33 @@
+/**
+ * @fileoverview Public surface of the WB32COSIGN co-signing client.
+ *
+ * Self-contained and framework-agnostic: load a WINBIT32 `.wult` share,
+ * derive the FROST UFVK / unified address, and drive a co-signed shielded
+ * send (QR pairing → two-round Orchard FROST ceremony → prove → broadcast)
+ * against any WB32COSIGN relay + NFPT PCZT endpoints. Wire format is
+ * byte-compatible with WINBIT32's `cosign.exe` and Secresea.
+ *
+ * Works in browsers and Node ≥ 18 (WebCrypto / Web Streams /
+ * BroadcastChannel are global in both; WebRTC is browser-only and skipped
+ * automatically by the transport factory).
+ *
+ *   - `vaultShare`   — load a WINBIT32 `.wult` co-signing share.
+ *   - `config`       — injectable host configuration (API/relay/WASM/network).
+ *   - `orchardFrost` — Orchard FROST WASM engine (load, derive, ceremony ops).
+ *   - `bytes`        — hex/base64 helpers.
+ *   - `seed`         — deterministic vault-identity → Zcash seed (HKDF).
+ *   - `transports`   — WB32COSIGN message transports (BroadcastChannel/HTTP/WebRTC).
+ *   - `relay`        — session/QR, encrypted envelopes, Orchard FROST initiator.
+ *   - `cosignSend`   — PCZT send orchestration + thin PCZT API client.
+ *   - `initiator`    — headless full pipeline (scan → select → build → ceremony).
+ */
+export * from './vaultShare';
+export * from './config';
+export * from './orchardFrost';
+export * from './bytes';
+export * from './seed';
+export * from './transports';
+export * from './relay';
+export * from './cosignSend';
+export * from './initiator';
+//# sourceMappingURL=index.d.ts.map

package/dist/cosign/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/cosign/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,cAAc,cAAc,CAAC;AAC7B,cAAc,UAAU,CAAC;AACzB,cAAc,gBAAgB,CAAC;AAC/B,cAAc,SAAS,CAAC;AACxB,cAAc,QAAQ,CAAC;AACvB,cAAc,cAAc,CAAC;AAC7B,cAAc,SAAS,CAAC;AACxB,cAAc,cAAc,CAAC;AAC7B,cAAc,aAAa,CAAC"}