bolt12-utils 0.1.0

package/dist/index.js

@@ -0,0 +1,125 @@
+"use strict";
+/**
+ * bolt12-decoder: Pure JS/TS BOLT12 implementation.
+ *
+ * Supports decoding and validating BOLT12 offers, invoice requests,
+ * and invoices using only pure JavaScript dependencies:
+ *   - @noble/curves for secp256k1/schnorr
+ *   - @noble/hashes for SHA256
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.INVOICE_CREATED_AT = exports.INVOICE_BLINDEDPAY = exports.INVOICE_PATHS = exports.SIGNATURE = exports.INVREQ_BIP_353_NAME = exports.INVREQ_PATHS = exports.INVREQ_PAYER_NOTE = exports.INVREQ_PAYER_ID = exports.INVREQ_QUANTITY = exports.INVREQ_FEATURES = exports.INVREQ_AMOUNT = exports.INVREQ_CHAIN = exports.INVREQ_METADATA = exports.OFFER_ISSUER_ID = exports.OFFER_QUANTITY_MAX = exports.OFFER_ISSUER = exports.OFFER_PATHS = exports.OFFER_ABSOLUTE_EXPIRY = exports.OFFER_FEATURES = exports.OFFER_DESCRIPTION = exports.OFFER_AMOUNT = exports.OFFER_CURRENCY = exports.OFFER_METADATA = exports.OFFER_CHAINS = exports.INVOICE_ERROR_TLV_NAMES = exports.KNOWN_INVOICE_ERROR_TYPES = exports.extractInvoiceErrorFields = exports.INVOICE_TLV_NAMES = exports.KNOWN_INVOICE_TYPES = exports.extractInvoiceFields = exports.INVOICE_REQUEST_TLV_NAMES = exports.KNOWN_INVOICE_REQUEST_TYPES = exports.extractInvoiceRequestFields = exports.OFFER_TLV_NAMES = exports.KNOWN_OFFER_TYPES = exports.extractGeneratedOfferFields = exports.createPayerProof = exports.verifyPayerProof = exports.reconstructMerkleRoot = exports.parsePayerProof = exports.extractOfferFields = exports.validateOffer = exports.verifySignature = exports.taggedHash = exports.computeMerkleRoot = exports.parseTlvStream = exports.writeBigSize = exports.readBigSize = exports.encodeBolt12 = exports.decodeBolt12 = void 0;
+exports.INVOICE_NODE_ID = exports.INVOICE_FEATURES = exports.INVOICE_FALLBACKS = exports.INVOICE_AMOUNT = exports.INVOICE_PAYMENT_HASH = exports.INVOICE_RELATIVE_EXPIRY = void 0;
+exports.decodeOffer = decodeOffer;
+exports.decodePayerProof = decodePayerProof;
+var bech32_js_1 = require("./bech32.js");
+Object.defineProperty(exports, "decodeBolt12", { enumerable: true, get: function () { return bech32_js_1.decodeBolt12; } });
+Object.defineProperty(exports, "encodeBolt12", { enumerable: true, get: function () { return bech32_js_1.encodeBolt12; } });
+var bigsize_js_1 = require("./bigsize.js");
+Object.defineProperty(exports, "readBigSize", { enumerable: true, get: function () { return bigsize_js_1.readBigSize; } });
+Object.defineProperty(exports, "writeBigSize", { enumerable: true, get: function () { return bigsize_js_1.writeBigSize; } });
+var tlv_js_1 = require("./tlv.js");
+Object.defineProperty(exports, "parseTlvStream", { enumerable: true, get: function () { return tlv_js_1.parseTlvStream; } });
+var merkle_js_1 = require("./merkle.js");
+Object.defineProperty(exports, "computeMerkleRoot", { enumerable: true, get: function () { return merkle_js_1.computeMerkleRoot; } });
+Object.defineProperty(exports, "taggedHash", { enumerable: true, get: function () { return merkle_js_1.taggedHash; } });
+Object.defineProperty(exports, "verifySignature", { enumerable: true, get: function () { return merkle_js_1.verifySignature; } });
+var offer_js_1 = require("./offer.js");
+Object.defineProperty(exports, "validateOffer", { enumerable: true, get: function () { return offer_js_1.validateOffer; } });
+/**
+ * @deprecated Use `extractGeneratedOfferFields` and `GeneratedOfferFields` from
+ * the auto-generated module instead. These hand-written exports use non-spec
+ * field names (e.g. `description` instead of `offer_description`) and only
+ * cover offers — the generated module covers all BOLT12 message types.
+ */
+var fields_js_1 = require("./fields.js");
+Object.defineProperty(exports, "extractOfferFields", { enumerable: true, get: function () { return fields_js_1.extractOfferFields; } });
+var payer_proof_js_1 = require("./payer_proof.js");
+Object.defineProperty(exports, "parsePayerProof", { enumerable: true, get: function () { return payer_proof_js_1.parsePayerProof; } });
+Object.defineProperty(exports, "reconstructMerkleRoot", { enumerable: true, get: function () { return payer_proof_js_1.reconstructMerkleRoot; } });
+Object.defineProperty(exports, "verifyPayerProof", { enumerable: true, get: function () { return payer_proof_js_1.verifyPayerProof; } });
+Object.defineProperty(exports, "createPayerProof", { enumerable: true, get: function () { return payer_proof_js_1.createPayerProof; } });
+// Auto-generated types and extractors from BOLT12 spec CSV
+var generated_js_1 = require("./generated.js");
+Object.defineProperty(exports, "extractGeneratedOfferFields", { enumerable: true, get: function () { return generated_js_1.extractOfferFields; } });
+Object.defineProperty(exports, "KNOWN_OFFER_TYPES", { enumerable: true, get: function () { return generated_js_1.KNOWN_OFFER_TYPES; } });
+Object.defineProperty(exports, "OFFER_TLV_NAMES", { enumerable: true, get: function () { return generated_js_1.OFFER_TLV_NAMES; } });
+Object.defineProperty(exports, "extractInvoiceRequestFields", { enumerable: true, get: function () { return generated_js_1.extractInvoiceRequestFields; } });
+Object.defineProperty(exports, "KNOWN_INVOICE_REQUEST_TYPES", { enumerable: true, get: function () { return generated_js_1.KNOWN_INVOICE_REQUEST_TYPES; } });
+Object.defineProperty(exports, "INVOICE_REQUEST_TLV_NAMES", { enumerable: true, get: function () { return generated_js_1.INVOICE_REQUEST_TLV_NAMES; } });
+Object.defineProperty(exports, "extractInvoiceFields", { enumerable: true, get: function () { return generated_js_1.extractInvoiceFields; } });
+Object.defineProperty(exports, "KNOWN_INVOICE_TYPES", { enumerable: true, get: function () { return generated_js_1.KNOWN_INVOICE_TYPES; } });
+Object.defineProperty(exports, "INVOICE_TLV_NAMES", { enumerable: true, get: function () { return generated_js_1.INVOICE_TLV_NAMES; } });
+Object.defineProperty(exports, "extractInvoiceErrorFields", { enumerable: true, get: function () { return generated_js_1.extractInvoiceErrorFields; } });
+Object.defineProperty(exports, "KNOWN_INVOICE_ERROR_TYPES", { enumerable: true, get: function () { return generated_js_1.KNOWN_INVOICE_ERROR_TYPES; } });
+Object.defineProperty(exports, "INVOICE_ERROR_TLV_NAMES", { enumerable: true, get: function () { return generated_js_1.INVOICE_ERROR_TLV_NAMES; } });
+// Constants (all)
+Object.defineProperty(exports, "OFFER_CHAINS", { enumerable: true, get: function () { return generated_js_1.OFFER_CHAINS; } });
+Object.defineProperty(exports, "OFFER_METADATA", { enumerable: true, get: function () { return generated_js_1.OFFER_METADATA; } });
+Object.defineProperty(exports, "OFFER_CURRENCY", { enumerable: true, get: function () { return generated_js_1.OFFER_CURRENCY; } });
+Object.defineProperty(exports, "OFFER_AMOUNT", { enumerable: true, get: function () { return generated_js_1.OFFER_AMOUNT; } });
+Object.defineProperty(exports, "OFFER_DESCRIPTION", { enumerable: true, get: function () { return generated_js_1.OFFER_DESCRIPTION; } });
+Object.defineProperty(exports, "OFFER_FEATURES", { enumerable: true, get: function () { return generated_js_1.OFFER_FEATURES; } });
+Object.defineProperty(exports, "OFFER_ABSOLUTE_EXPIRY", { enumerable: true, get: function () { return generated_js_1.OFFER_ABSOLUTE_EXPIRY; } });
+Object.defineProperty(exports, "OFFER_PATHS", { enumerable: true, get: function () { return generated_js_1.OFFER_PATHS; } });
+Object.defineProperty(exports, "OFFER_ISSUER", { enumerable: true, get: function () { return generated_js_1.OFFER_ISSUER; } });
+Object.defineProperty(exports, "OFFER_QUANTITY_MAX", { enumerable: true, get: function () { return generated_js_1.OFFER_QUANTITY_MAX; } });
+Object.defineProperty(exports, "OFFER_ISSUER_ID", { enumerable: true, get: function () { return generated_js_1.OFFER_ISSUER_ID; } });
+Object.defineProperty(exports, "INVREQ_METADATA", { enumerable: true, get: function () { return generated_js_1.INVREQ_METADATA; } });
+Object.defineProperty(exports, "INVREQ_CHAIN", { enumerable: true, get: function () { return generated_js_1.INVREQ_CHAIN; } });
+Object.defineProperty(exports, "INVREQ_AMOUNT", { enumerable: true, get: function () { return generated_js_1.INVREQ_AMOUNT; } });
+Object.defineProperty(exports, "INVREQ_FEATURES", { enumerable: true, get: function () { return generated_js_1.INVREQ_FEATURES; } });
+Object.defineProperty(exports, "INVREQ_QUANTITY", { enumerable: true, get: function () { return generated_js_1.INVREQ_QUANTITY; } });
+Object.defineProperty(exports, "INVREQ_PAYER_ID", { enumerable: true, get: function () { return generated_js_1.INVREQ_PAYER_ID; } });
+Object.defineProperty(exports, "INVREQ_PAYER_NOTE", { enumerable: true, get: function () { return generated_js_1.INVREQ_PAYER_NOTE; } });
+Object.defineProperty(exports, "INVREQ_PATHS", { enumerable: true, get: function () { return generated_js_1.INVREQ_PATHS; } });
+Object.defineProperty(exports, "INVREQ_BIP_353_NAME", { enumerable: true, get: function () { return generated_js_1.INVREQ_BIP_353_NAME; } });
+Object.defineProperty(exports, "SIGNATURE", { enumerable: true, get: function () { return generated_js_1.SIGNATURE; } });
+Object.defineProperty(exports, "INVOICE_PATHS", { enumerable: true, get: function () { return generated_js_1.INVOICE_PATHS; } });
+Object.defineProperty(exports, "INVOICE_BLINDEDPAY", { enumerable: true, get: function () { return generated_js_1.INVOICE_BLINDEDPAY; } });
+Object.defineProperty(exports, "INVOICE_CREATED_AT", { enumerable: true, get: function () { return generated_js_1.INVOICE_CREATED_AT; } });
+Object.defineProperty(exports, "INVOICE_RELATIVE_EXPIRY", { enumerable: true, get: function () { return generated_js_1.INVOICE_RELATIVE_EXPIRY; } });
+Object.defineProperty(exports, "INVOICE_PAYMENT_HASH", { enumerable: true, get: function () { return generated_js_1.INVOICE_PAYMENT_HASH; } });
+Object.defineProperty(exports, "INVOICE_AMOUNT", { enumerable: true, get: function () { return generated_js_1.INVOICE_AMOUNT; } });
+Object.defineProperty(exports, "INVOICE_FALLBACKS", { enumerable: true, get: function () { return generated_js_1.INVOICE_FALLBACKS; } });
+Object.defineProperty(exports, "INVOICE_FEATURES", { enumerable: true, get: function () { return generated_js_1.INVOICE_FEATURES; } });
+Object.defineProperty(exports, "INVOICE_NODE_ID", { enumerable: true, get: function () { return generated_js_1.INVOICE_NODE_ID; } });
+const bech32_js_2 = require("./bech32.js");
+const tlv_js_2 = require("./tlv.js");
+const merkle_js_2 = require("./merkle.js");
+const offer_js_2 = require("./offer.js");
+const fields_js_2 = require("./fields.js");
+const payer_proof_js_2 = require("./payer_proof.js");
+/**
+ * Decode and validate a BOLT12 offer string.
+ *
+ * Returns typed fields directly:
+ *   const { description, amount, issuer_id, offer_id } = decodeOffer(str);
+ */
+function decodeOffer(bolt12String) {
+    const { hrp, data } = (0, bech32_js_2.decodeBolt12)(bolt12String);
+    if (hrp !== 'lno') {
+        throw new Error(`Expected offer (lno), got ${hrp}`);
+    }
+    const records = (0, tlv_js_2.parseTlvStream)(data);
+    // Validate offer semantics
+    (0, offer_js_2.validateOffer)(records);
+    // Extract typed fields
+    const fields = (0, fields_js_2.extractOfferFields)(records);
+    // Compute offer_id (merkle root of all TLVs)
+    const offer_id = (0, merkle_js_2.computeMerkleRoot)(records);
+    return { ...fields, hrp, offer_id };
+}
+/**
+ * Decode and validate a BOLT12 payer proof string (experimental, PR #1295).
+ */
+function decodePayerProof(bolt12String) {
+    const { hrp, data } = (0, bech32_js_2.decodeBolt12)(bolt12String);
+    if (hrp !== 'lnp') {
+        throw new Error(`Expected payer proof (lnp), got ${hrp}`);
+    }
+    const records = (0, tlv_js_2.parseTlvStream)(data);
+    const proof = (0, payer_proof_js_2.parsePayerProof)(records);
+    return { hrp, records, proof };
+}
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;;AAmFH,kCAmBC;AAWD,4CAWC;AA1HD,yCAAyD;AAAhD,yGAAA,YAAY,OAAA;AAAE,yGAAA,YAAY,OAAA;AACnC,2CAAyD;AAAhD,yGAAA,WAAW,OAAA;AAAE,0GAAA,YAAY,OAAA;AAClC,mCAA0D;AAAjD,wGAAA,cAAc,OAAA;AACvB,yCAA6E;AAApE,8GAAA,iBAAiB,OAAA;AAAE,uGAAA,UAAU,OAAA;AAAE,4GAAA,eAAe,OAAA;AACvD,uCAA2C;AAAlC,yGAAA,aAAa,OAAA;AACtB;;;;;GAKG;AACH,yCAIqB;AAHnB,+GAAA,kBAAkB,OAAA;AAIpB,mDAQ0B;AAPxB,iHAAA,eAAe,OAAA;AACf,uHAAA,qBAAqB,OAAA;AACrB,kHAAA,gBAAgB,OAAA;AAChB,kHAAA,gBAAgB,OAAA;AAMlB,2DAA2D;AAC3D,+CAkCwB;AA/BtB,2HAAA,kBAAkB,OAA+B;AACjD,iHAAA,iBAAiB,OAAA;AACjB,+GAAA,eAAe,OAAA;AAGf,2HAAA,2BAA2B,OAAA;AAC3B,2HAAA,2BAA2B,OAAA;AAC3B,yHAAA,yBAAyB,OAAA;AAGzB,oHAAA,oBAAoB,OAAA;AACpB,mHAAA,mBAAmB,OAAA;AACnB,iHAAA,iBAAiB,OAAA;AAGjB,yHAAA,yBAAyB,OAAA;AACzB,yHAAA,yBAAyB,OAAA;AACzB,uHAAA,uBAAuB,OAAA;AAIvB,kBAAkB;AAClB,4GAAA,YAAY,OAAA;AAAE,8GAAA,cAAc,OAAA;AAAE,8GAAA,cAAc,OAAA;AAAE,4GAAA,YAAY,OAAA;AAC1D,iHAAA,iBAAiB,OAAA;AAAE,8GAAA,cAAc,OAAA;AAAE,qHAAA,qBAAqB,OAAA;AACxD,2GAAA,WAAW,OAAA;AAAE,4GAAA,YAAY,OAAA;AAAE,kHAAA,kBAAkB,OAAA;AAAE,+GAAA,eAAe,OAAA;AAC9D,+GAAA,eAAe,OAAA;AAAE,4GAAA,YAAY,OAAA;AAAE,6GAAA,aAAa,OAAA;AAAE,+GAAA,eAAe,OAAA;AAC7D,+GAAA,eAAe,OAAA;AAAE,+GAAA,eAAe,OAAA;AAAE,iHAAA,iBAAiB,OAAA;AAAE,4GAAA,YAAY,OAAA;AACjE,mHAAA,mBAAmB,OAAA;AAAE,yGAAA,SAAS,OAAA;AAC9B,6GAAA,aAAa,OAAA;AAAE,kHAAA,kBAAkB,OAAA;AAAE,kHAAA,kBAAkB,OAAA;AACrD,uHAAA,uBAAuB,OAAA;AAAE,oHAAA,oBAAoB,OAAA;AAAE,8GAAA,cAAc,OAAA;AAC7D,iHAAA,iBAAiB,OAAA;AAAE,gHAAA,gBAAgB,OAAA;AAAE,+GAAA,eAAe,OAAA;AAGtD,2CAA2D;AAC3D,qCAA0D;AAC1D,2CAAiE;AACjE,yCAA2C;AAC3C,2CAAmE;AACnE,qDAAsJ;AAOtJ;;;;;GAKG;AACH,SAAgB,WAAW,CAAC,YAAoB;IAC9C,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,IAAA,wBAAY,EAAC,YAAY,CAAC,CAAC;IAEjD,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CAAC,6BAA6B,GAAG,EAAE,CAAC,CAAC;IACtD,CAAC;IAED,MAAM,OAAO,GAAG,IAAA,uBAAc,EAAC,IAAI,CAAC,CAAC;IAErC,2BAA2B;IAC3B,IAAA,wBAAa,EAAC,OAAO,CAAC,CAAC;IAEvB,uBAAuB;IACvB,MAAM,MAAM,GAAG,IAAA,8BAAkB,EAAC,OAAO,CAAC,CAAC;IAE3C,6CAA6C;IAC7C,MAAM,QAAQ,GAAG,IAAA,6BAAiB,EAAC,OAAO,CAAC,CAAC;IAE5C,OAAO,EAAE,GAAG,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC;AACtC,CAAC;AAQD;;GAEG;AACH,SAAgB,gBAAgB,CAAC,YAAoB;IACnD,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,IAAA,wBAAY,EAAC,YAAY,CAAC,CAAC;IAEjD,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CAAC,mCAAmC,GAAG,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,MAAM,OAAO,GAAG,IAAA,uBAAc,EAAC,IAAI,CAAC,CAAC;IACrC,MAAM,KAAK,GAAG,IAAA,gCAAe,EAAC,OAAO,CAAC,CAAC;IAEvC,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AACjC,CAAC"}

package/dist/merkle.d.ts

@@ -0,0 +1,55 @@
+/**
+ * Merkle tree computation for BOLT12 signature verification.
+ *
+ * Each TLV record is paired with a nonce derived from the first TLV:
+ *   leaf    = H("LnLeaf", tlv_bytes)
+ *   nonce   = H(SHA256("LnNonce" || first_tlv_bytes), type_bytes)
+ *   branch  = H("LnBranch", sorted(leaf, nonce))
+ *
+ * These branches are then paired up in a binary tree:
+ *   parent  = H("LnBranch", sorted(left, right))
+ *
+ * The root of the tree is the merkle root (offer_id for offers).
+ *
+ * Signature verification uses:
+ *   msg = H("lightning" || messagename || "signature", merkle_root)
+ */
+import type { TlvRecord } from './tlv.js';
+/**
+ * Tagged hash: H(tag, msg) = SHA256(SHA256(tag) || SHA256(tag) || msg)
+ */
+export declare function taggedHash(tag: Uint8Array, msg: Uint8Array): Uint8Array;
+/**
+ * Serialize a single TLV record to its wire format (type + length + value).
+ */
+export declare function tlvToBytes(record: TlvRecord): Uint8Array;
+/**
+ * Compute a branch from a pair of nodes, ordering them lexicographically.
+ */
+export declare function branchHash(a: Uint8Array, b: Uint8Array): Uint8Array;
+/**
+ * Compute per-TLV branch hashes (leaf+nonce combined).
+ * Returns the branch hash for each non-signature TLV, and the nonce tag hash.
+ */
+export declare function computePerTlvBranches(records: TlvRecord[]): {
+    branches: Uint8Array[];
+    nonceTagHash: Uint8Array;
+    leafTagHash: Uint8Array;
+    branchTagHash: Uint8Array;
+};
+/**
+ * Compute the merkle root from an array of TLV records.
+ *
+ * Excludes signature TLVs (types 240-1000) from the tree.
+ */
+export declare function computeMerkleRoot(records: TlvRecord[]): Uint8Array;
+/**
+ * Compute the signature verification message.
+ * tag = "lightning" + messagename + "signature"
+ */
+export declare function signatureTag(messageName: string): Uint8Array;
+/**
+ * Verify a BIP340 Schnorr signature on a BOLT12 message.
+ */
+export declare function verifySignature(messageName: string, merkleRoot: Uint8Array, pubkey32: Uint8Array, signature: Uint8Array): boolean;
+//# sourceMappingURL=merkle.d.ts.map

package/dist/merkle.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"merkle.d.ts","sourceRoot":"","sources":["../src/merkle.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAKH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAM1C;;GAEG;AACH,wBAAgB,UAAU,CAAC,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,UAAU,GAAG,UAAU,CAGvE;AASD;;GAEG;AACH,wBAAgB,UAAU,CAAC,MAAM,EAAE,SAAS,GAAG,UAAU,CAIxD;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,UAAU,GAAG,UAAU,CAInE;AAOD;;;GAGG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,SAAS,EAAE,GAAG;IAC3D,QAAQ,EAAE,UAAU,EAAE,CAAC;IACvB,YAAY,EAAE,UAAU,CAAC;IACzB,WAAW,EAAE,UAAU,CAAC;IACxB,aAAa,EAAE,UAAU,CAAC;CAC3B,CA0BA;AA6BD;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,SAAS,EAAE,GAAG,UAAU,CAGlE;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,WAAW,EAAE,MAAM,GAAG,UAAU,CAE5D;AAED;;GAEG;AACH,wBAAgB,eAAe,CAC7B,WAAW,EAAE,MAAM,EACnB,UAAU,EAAE,UAAU,EACtB,QAAQ,EAAE,UAAU,EACpB,SAAS,EAAE,UAAU,GACpB,OAAO,CAQT"}

package/dist/merkle.js

@@ -0,0 +1,144 @@
+"use strict";
+/**
+ * Merkle tree computation for BOLT12 signature verification.
+ *
+ * Each TLV record is paired with a nonce derived from the first TLV:
+ *   leaf    = H("LnLeaf", tlv_bytes)
+ *   nonce   = H(SHA256("LnNonce" || first_tlv_bytes), type_bytes)
+ *   branch  = H("LnBranch", sorted(leaf, nonce))
+ *
+ * These branches are then paired up in a binary tree:
+ *   parent  = H("LnBranch", sorted(left, right))
+ *
+ * The root of the tree is the merkle root (offer_id for offers).
+ *
+ * Signature verification uses:
+ *   msg = H("lightning" || messagename || "signature", merkle_root)
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.taggedHash = taggedHash;
+exports.tlvToBytes = tlvToBytes;
+exports.branchHash = branchHash;
+exports.computePerTlvBranches = computePerTlvBranches;
+exports.computeMerkleRoot = computeMerkleRoot;
+exports.signatureTag = signatureTag;
+exports.verifySignature = verifySignature;
+const sha2_1 = require("@noble/hashes/sha2");
+const utils_1 = require("@noble/hashes/utils");
+const secp256k1_1 = require("@noble/curves/secp256k1");
+const bigsize_js_1 = require("./bigsize.js");
+const utils_js_1 = require("./utils.js");
+const encoder = new TextEncoder();
+/**
+ * Tagged hash: H(tag, msg) = SHA256(SHA256(tag) || SHA256(tag) || msg)
+ */
+function taggedHash(tag, msg) {
+    const tagHash = (0, sha2_1.sha256)(tag);
+    return (0, sha2_1.sha256)((0, utils_1.concatBytes)(tagHash, tagHash, msg));
+}
+/**
+ * Tagged hash using a pre-computed tag hash.
+ */
+function taggedHashWithHash(tagHash, msg) {
+    return (0, sha2_1.sha256)((0, utils_1.concatBytes)(tagHash, tagHash, msg));
+}
+/**
+ * Serialize a single TLV record to its wire format (type + length + value).
+ */
+function tlvToBytes(record) {
+    const typeBytes = (0, bigsize_js_1.writeBigSize)(record.type);
+    const lengthBytes = (0, bigsize_js_1.writeBigSize)(record.length);
+    return (0, utils_1.concatBytes)(typeBytes, lengthBytes, record.value);
+}
+/**
+ * Compute a branch from a pair of nodes, ordering them lexicographically.
+ */
+function branchHash(a, b) {
+    const branchTagHash = (0, sha2_1.sha256)(encoder.encode('LnBranch'));
+    const [smaller, larger] = (0, utils_js_1.compareBytes)(a, b) < 0 ? [a, b] : [b, a];
+    return taggedHashWithHash(branchTagHash, (0, utils_1.concatBytes)(smaller, larger));
+}
+/** Signature TLV type range (240-1000 inclusive). */
+function isSignatureType(type) {
+    return type >= 240n && type <= 1000n;
+}
+/**
+ * Compute per-TLV branch hashes (leaf+nonce combined).
+ * Returns the branch hash for each non-signature TLV, and the nonce tag hash.
+ */
+function computePerTlvBranches(records) {
+    const nonSig = records.filter(r => !isSignatureType(r.type));
+    if (nonSig.length === 0) {
+        throw new Error('Cannot compute merkle root of empty TLV set');
+    }
+    // Nonce tag: SHA256("LnNonce" || first_record_bytes)
+    const firstRecBytes = tlvToBytes(nonSig[0]);
+    const nonceTagHash = (0, sha2_1.sha256)((0, utils_1.concatBytes)(encoder.encode('LnNonce'), firstRecBytes));
+    const leafTagHash = (0, sha2_1.sha256)(encoder.encode('LnLeaf'));
+    const branchTagHash = (0, sha2_1.sha256)(encoder.encode('LnBranch'));
+    const branches = nonSig.map((record) => {
+        const recBytes = tlvToBytes(record);
+        const typeBytes = (0, bigsize_js_1.writeBigSize)(record.type);
+        const leaf = taggedHashWithHash(leafTagHash, recBytes);
+        const nonce = taggedHashWithHash(nonceTagHash, typeBytes);
+        // Combine leaf and nonce with lexicographic ordering
+        const [smaller, larger] = (0, utils_js_1.compareBytes)(leaf, nonce) < 0 ? [leaf, nonce] : [nonce, leaf];
+        return taggedHashWithHash(branchTagHash, (0, utils_1.concatBytes)(smaller, larger));
+    });
+    return { branches, nonceTagHash, leafTagHash, branchTagHash };
+}
+/**
+ * Build merkle tree from per-TLV branch hashes, bottom-up.
+ */
+function buildMerkleTree(nodes) {
+    const branchTagHash = (0, sha2_1.sha256)(encoder.encode('LnBranch'));
+    while (nodes.length > 1) {
+        const parents = [];
+        let i = 0;
+        while (i < nodes.length) {
+            if (i + 1 < nodes.length) {
+                const [smaller, larger] = (0, utils_js_1.compareBytes)(nodes[i], nodes[i + 1]) < 0
+                    ? [nodes[i], nodes[i + 1]]
+                    : [nodes[i + 1], nodes[i]];
+                parents.push(taggedHashWithHash(branchTagHash, (0, utils_1.concatBytes)(smaller, larger)));
+                i += 2;
+            }
+            else {
+                parents.push(nodes[i]);
+                i += 1;
+            }
+        }
+        nodes = parents;
+    }
+    return nodes[0];
+}
+/**
+ * Compute the merkle root from an array of TLV records.
+ *
+ * Excludes signature TLVs (types 240-1000) from the tree.
+ */
+function computeMerkleRoot(records) {
+    const { branches } = computePerTlvBranches(records);
+    return buildMerkleTree([...branches]);
+}
+/**
+ * Compute the signature verification message.
+ * tag = "lightning" + messagename + "signature"
+ */
+function signatureTag(messageName) {
+    return encoder.encode(`lightning${messageName}signature`);
+}
+/**
+ * Verify a BIP340 Schnorr signature on a BOLT12 message.
+ */
+function verifySignature(messageName, merkleRoot, pubkey32, signature) {
+    const tag = signatureTag(messageName);
+    const msg = taggedHash(tag, merkleRoot);
+    try {
+        return secp256k1_1.schnorr.verify(signature, msg, pubkey32);
+    }
+    catch {
+        return false;
+    }
+}
+//# sourceMappingURL=merkle.js.map

package/dist/merkle.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"merkle.js","sourceRoot":"","sources":["../src/merkle.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;AAcH,gCAGC;AAYD,gCAIC;AAKD,gCAIC;AAWD,sDA+BC;AAkCD,8CAGC;AAMD,oCAEC;AAKD,0CAaC;AAjJD,6CAA4C;AAC5C,+CAAkD;AAClD,uDAAkD;AAElD,6CAA4C;AAC5C,yCAA0C;AAE1C,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;AAElC;;GAEG;AACH,SAAgB,UAAU,CAAC,GAAe,EAAE,GAAe;IACzD,MAAM,OAAO,GAAG,IAAA,aAAM,EAAC,GAAG,CAAC,CAAC;IAC5B,OAAO,IAAA,aAAM,EAAC,IAAA,mBAAW,EAAC,OAAO,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC;AACpD,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,OAAmB,EAAE,GAAe;IAC9D,OAAO,IAAA,aAAM,EAAC,IAAA,mBAAW,EAAC,OAAO,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC;AACpD,CAAC;AAED;;GAEG;AACH,SAAgB,UAAU,CAAC,MAAiB;IAC1C,MAAM,SAAS,GAAG,IAAA,yBAAY,EAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAC5C,MAAM,WAAW,GAAG,IAAA,yBAAY,EAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAChD,OAAO,IAAA,mBAAW,EAAC,SAAS,EAAE,WAAW,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;AAC3D,CAAC;AAED;;GAEG;AACH,SAAgB,UAAU,CAAC,CAAa,EAAE,CAAa;IACrD,MAAM,aAAa,GAAG,IAAA,aAAM,EAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;IACzD,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,IAAA,uBAAY,EAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACnE,OAAO,kBAAkB,CAAC,aAAa,EAAE,IAAA,mBAAW,EAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;AACzE,CAAC;AAED,qDAAqD;AACrD,SAAS,eAAe,CAAC,IAAY;IACnC,OAAO,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,KAAK,CAAC;AACvC,CAAC;AAED;;;GAGG;AACH,SAAgB,qBAAqB,CAAC,OAAoB;IAMxD,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAC7D,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IACjE,CAAC;IAED,qDAAqD;IACrD,MAAM,aAAa,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5C,MAAM,YAAY,GAAG,IAAA,aAAM,EAAC,IAAA,mBAAW,EAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,aAAa,CAAC,CAAC,CAAC;IAEnF,MAAM,WAAW,GAAG,IAAA,aAAM,EAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;IACrD,MAAM,aAAa,GAAG,IAAA,aAAM,EAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;IAEzD,MAAM,QAAQ,GAAiB,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE;QACnD,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;QACpC,MAAM,SAAS,GAAG,IAAA,yBAAY,EAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAE5C,MAAM,IAAI,GAAG,kBAAkB,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;QACvD,MAAM,KAAK,GAAG,kBAAkB,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;QAE1D,qDAAqD;QACrD,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,IAAA,uBAAY,EAAC,IAAI,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QACxF,OAAO,kBAAkB,CAAC,aAAa,EAAE,IAAA,mBAAW,EAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;IACzE,CAAC,CAAC,CAAC;IAEH,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,CAAC;AAChE,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,KAAmB;IAC1C,MAAM,aAAa,GAAG,IAAA,aAAM,EAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;IAEzD,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,OAAO,GAAiB,EAAE,CAAC;QACjC,IAAI,CAAC,GAAG,CAAC,CAAC;QACV,OAAO,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC;YACxB,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC;gBACzB,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,IAAA,uBAAY,EAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;oBAChE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;oBAC1B,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC7B,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,aAAa,EAAE,IAAA,mBAAW,EAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC;gBAC9E,CAAC,IAAI,CAAC,CAAC;YACT,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;gBACvB,CAAC,IAAI,CAAC,CAAC;YACT,CAAC;QACH,CAAC;QACD,KAAK,GAAG,OAAO,CAAC;IAClB,CAAC;IAED,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED;;;;GAIG;AACH,SAAgB,iBAAiB,CAAC,OAAoB;IACpD,MAAM,EAAE,QAAQ,EAAE,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;IACpD,OAAO,eAAe,CAAC,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC;AACxC,CAAC;AAED;;;GAGG;AACH,SAAgB,YAAY,CAAC,WAAmB;IAC9C,OAAO,OAAO,CAAC,MAAM,CAAC,YAAY,WAAW,WAAW,CAAC,CAAC;AAC5D,CAAC;AAED;;GAEG;AACH,SAAgB,eAAe,CAC7B,WAAmB,EACnB,UAAsB,EACtB,QAAoB,EACpB,SAAqB;IAErB,MAAM,GAAG,GAAG,YAAY,CAAC,WAAW,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;IACxC,IAAI,CAAC;QACH,OAAO,mBAAO,CAAC,MAAM,CAAC,SAAS,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IAClD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}

package/dist/offer.d.ts

@@ -0,0 +1,45 @@
+/**
+ * BOLT12 Offer validation.
+ *
+ * An offer is a TLV stream encoded with the "lno" prefix.
+ * This module validates the semantic rules for offers as specified
+ * in BOLT 12.
+ *
+ * Offer TLV types (from the spec):
+ *   2  - offer_chains          (array of 32-byte chain_hashes)
+ *   4  - offer_metadata        (arbitrary bytes)
+ *   6  - offer_currency        (UTF-8 ISO 4217 code)
+ *   8  - offer_amount          (tu64 msat or currency units)
+ *   10 - offer_description     (UTF-8 string)
+ *   12 - offer_features        (feature bits)
+ *   14 - offer_absolute_expiry (tu64 seconds since epoch)
+ *   16 - offer_paths           (blinded_path array)
+ *   18 - offer_issuer          (UTF-8 string)
+ *   20 - offer_quantity_max    (tu64)
+ *   22 - offer_issuer_id       (point, 33 bytes)
+ */
+import type { TlvRecord } from './tlv.js';
+export declare const OFFER_CHAINS = 2n;
+export declare const OFFER_METADATA = 4n;
+export declare const OFFER_CURRENCY = 6n;
+export declare const OFFER_AMOUNT = 8n;
+export declare const OFFER_DESCRIPTION = 10n;
+export declare const OFFER_FEATURES = 12n;
+export declare const OFFER_ABSOLUTE_EXPIRY = 14n;
+export declare const OFFER_PATHS = 16n;
+export declare const OFFER_ISSUER = 18n;
+export declare const OFFER_QUANTITY_MAX = 20n;
+export declare const OFFER_ISSUER_ID = 22n;
+export interface ValidatedOffer {
+    records: TlvRecord[];
+    hasDescription: boolean;
+    hasAmount: boolean;
+    hasCurrency: boolean;
+    hasIssuerId: boolean;
+    hasPaths: boolean;
+}
+/**
+ * Validate an offer's TLV records according to BOLT12 semantic rules.
+ */
+export declare function validateOffer(records: TlvRecord[]): ValidatedOffer;
+//# sourceMappingURL=offer.d.ts.map

package/dist/offer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"offer.d.ts","sourceRoot":"","sources":["../src/offer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAGH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAI1C,eAAO,MAAM,YAAY,KAAK,CAAC;AAC/B,eAAO,MAAM,cAAc,KAAK,CAAC;AACjC,eAAO,MAAM,cAAc,KAAK,CAAC;AACjC,eAAO,MAAM,YAAY,KAAK,CAAC;AAC/B,eAAO,MAAM,iBAAiB,MAAM,CAAC;AACrC,eAAO,MAAM,cAAc,MAAM,CAAC;AAClC,eAAO,MAAM,qBAAqB,MAAM,CAAC;AACzC,eAAO,MAAM,WAAW,MAAM,CAAC;AAC/B,eAAO,MAAM,YAAY,MAAM,CAAC;AAChC,eAAO,MAAM,kBAAkB,MAAM,CAAC;AACtC,eAAO,MAAM,eAAe,MAAM,CAAC;AAgMnC,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,SAAS,EAAE,CAAC;IACrB,cAAc,EAAE,OAAO,CAAC;IACxB,SAAS,EAAE,OAAO,CAAC;IACnB,WAAW,EAAE,OAAO,CAAC;IACrB,WAAW,EAAE,OAAO,CAAC;IACrB,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,SAAS,EAAE,GAAG,cAAc,CAuFlE"}