ox 0.14.26 → 0.14.28

package/tempo/SignatureEnvelope.ts

@@ -13,16 +13,19 @@ import type {
 import * as Json from '../core/Json.js'
 import * as ox_P256 from '../core/P256.js'
 import type * as PublicKey from '../core/PublicKey.js'
+import * as Rlp from '../core/Rlp.js'
 import * as ox_Secp256k1 from '../core/Secp256k1.js'
 import * as Signature from '../core/Signature.js'
 import type * as WebAuthnP256 from '../core/WebAuthnP256.js'
 import * as ox_WebAuthnP256 from '../core/WebAuthnP256.js'
+import * as MultisigConfig from './MultisigConfig.js'
 
 /** Signature type identifiers for encoding/decoding */
 const serializedP256Type = '0x01'
 const serializedWebAuthnType = '0x02'
 const serializedKeychainType = '0x03'
 const serializedKeychainV2Type = '0x04'
+const serializedMultisigType = '0x05'
 
 /** Serialized magic identifier for Tempo signature envelopes. */
 export const magicBytes =
@@ -69,7 +72,13 @@ export type GetType<
                   userAddress: Address.Address
                 }
               ? 'keychain'
-              : never
+              : envelope extends {
+                    account: Address.Address
+                    configId: `0x${string}`
+                    signatures: any
+                  }
+                ? 'multisig'
+                : never
 
 /**
  * Represents a signature envelope that can contain different signature types.
@@ -99,13 +108,14 @@ export type SignatureEnvelope<bigintType = bigint, numberType = number> = OneOf<
   | P256<bigintType, numberType>
   | WebAuthn<bigintType, numberType>
   | Keychain<bigintType, numberType>
+  | Multisig<bigintType, numberType>
 >
 
 /**
  * RPC-formatted signature envelope.
  */
 export type SignatureEnvelopeRpc = OneOf<
-  Secp256k1Rpc | P256Rpc | WebAuthnRpc | KeychainRpc
+  Secp256k1Rpc | P256Rpc | WebAuthnRpc | KeychainRpc | MultisigRpc
 >
 
 /**
@@ -137,6 +147,43 @@ export type KeychainRpc = {
   version?: KeychainVersion | undefined
 }
 
+/**
+ * Native multisig signature (type `0x05`).
+ *
+ * Wraps a set of primitive owner approvals (secp256k1, p256, or webAuthn) over the
+ * multisig owner approval digest. The transaction sender is the derived `account`,
+ * authorized once the recovered owner weights meet the configured threshold.
+ *
+ * [TIP-1061](https://tips.sh/1061)
+ */
+export type Multisig<bigintType = bigint, numberType = number> = {
+  type: 'multisig'
+  /** Native multisig account address. */
+  account: Address.Address
+  /** Permanent config ID derived from the initial multisig config. */
+  configId: Hex.Hex
+  /** Primitive owner approvals over the multisig owner approval digest. */
+  signatures: readonly SignatureEnvelope<bigintType, numberType>[]
+  /**
+   * Initial native multisig config for bootstrapping this account. Present only on
+   * the first (bootstrap) transaction from the derived account; absent on every
+   * subsequent transaction.
+   */
+  init?: MultisigConfig.Config<numberType> | undefined
+}
+
+export type MultisigRpc = {
+  type: 'multisig'
+  account: Address.Address
+  configId: Hex.Hex
+  /**
+   * Encoded primitive owner approvals (raw serialized signatures), matching the
+   * node's `Vec<Bytes>` representation.
+   */
+  signatures: readonly Serialized[]
+  init?: MultisigConfig.Config | undefined
+}
+
 export type P256<bigintType = bigint, numberType = number> = {
   prehash: boolean
   publicKey: PublicKey.PublicKey
@@ -276,12 +323,26 @@ export function assert(envelope: PartialBy<SignatureEnvelope, 'type'>): void {
     assert(keychain.inner)
     return
   }
+
+  if (type === 'multisig') {
+    const multisig = envelope as Multisig
+    const missing: string[] = []
+    if (!multisig.account) missing.push('account')
+    if (!multisig.configId) missing.push('configId')
+    if (!Array.isArray(multisig.signatures)) missing.push('signatures')
+    if (missing.length > 0)
+      throw new MissingPropertiesError({ envelope, missing, type: 'multisig' })
+    for (const inner of multisig.signatures) assert(inner)
+    if (multisig.init) MultisigConfig.assert(multisig.init)
+    return
+  }
 }
 
 export declare namespace assert {
   type ErrorType =
     | CoercionError
     | MissingPropertiesError
+    | MultisigConfig.assert.ErrorType
     | Signature.assert.ErrorType
     | Errors.GlobalErrorType
 }
@@ -319,6 +380,9 @@ export function extractAddress(
     if (root) return signature.userAddress
     return extractAddress({ ...options, signature: signature.inner })
   }
+  // Native multisig signatures have no single signer; the recovered sender is the
+  // derived multisig account address.
+  if (signature.type === 'multisig') return signature.account
   return Address.fromPublicKey(extractPublicKey(options))
 }
 
@@ -381,6 +445,10 @@ export function extractPublicKey(
       return signature.publicKey
     case 'keychain':
       return extractPublicKey({ payload, signature: signature.inner })
+    case 'multisig':
+      // A multisig signature aggregates multiple owner approvals and has no
+      // single public key; recover the multisig account via `extractAddress`.
+      throw new CoercionError({ envelope: signature })
   }
 }
 
@@ -395,6 +463,7 @@ export declare namespace extractPublicKey {
   type ReturnType = PublicKey.PublicKey
 
   type ErrorType =
+    | CoercionError
     | ox_Secp256k1.recoverPublicKey.ErrorType
     | Errors.GlobalErrorType
 }
@@ -543,8 +612,31 @@ export function deserialize(value: Serialized): SignatureEnvelope {
     } satisfies Keychain
   }
 
+  if (typeId === serializedMultisigType) {
+    // Wire format: `0x05 || rlp([account, configId, signatures, init])`. `init`
+    // is optional: absent when the element is missing or the `0x80` placeholder
+    // (decoded as the empty string `0x`), otherwise the bootstrap config list.
+    const [account, configId, signatures, init] = Rlp.toHex(data) as [
+      Hex.Hex,
+      Hex.Hex,
+      readonly Hex.Hex[],
+      (Hex.Hex | MultisigConfig.Tuple)?,
+    ]
+    return {
+      type: 'multisig',
+      account,
+      configId,
+      signatures: signatures.map((signature) => deserialize(signature)),
+      ...(init && init !== '0x'
+        ? {
+            init: MultisigConfig.fromTuple(init as MultisigConfig.Tuple),
+          }
+        : {}),
+    } satisfies Multisig
+  }
+
   throw new InvalidSerializedError({
-    reason: `Unknown signature type identifier: ${typeId}. Expected ${serializedP256Type} (P256), ${serializedWebAuthnType} (WebAuthn), ${serializedKeychainType} (Keychain V1), or ${serializedKeychainV2Type} (Keychain V2)`,
+    reason: `Unknown signature type identifier: ${typeId}. Expected ${serializedP256Type} (P256), ${serializedWebAuthnType} (WebAuthn), ${serializedKeychainType} (Keychain V1), ${serializedKeychainV2Type} (Keychain V2), or ${serializedMultisigType} (Multisig)`,
     serialized,
   })
 }
@@ -680,6 +772,19 @@ export function from<const value extends from.Value>(
     return { signature: value, type: 'secp256k1' } as never
 
   const type = getType(value)
+
+  if (type === 'multisig') {
+    const multisig = value as Multisig
+    return {
+      ...multisig,
+      signatures: multisig.signatures.map((signature) => from(signature)),
+      // Normalize the bootstrap config (sorts owners, defaults the salt) so the
+      // in-memory envelope matches what `deserialize` reconstructs.
+      ...(multisig.init ? { init: MultisigConfig.from(multisig.init) } : {}),
+      type,
+    } as never
+  }
+
   return {
     ...value,
     ...(type === 'p256' ? { prehash: value.prehash } : {}),
@@ -837,14 +942,35 @@ export function fromRpc(envelope: SignatureEnvelopeRpc): SignatureEnvelope {
   if (
     envelope.type === 'keychain' ||
     ('userAddress' in envelope && 'signature' in envelope)
-  )
+  ) {
+    const keychain = envelope as KeychainRpc
     return {
       type: 'keychain',
-      userAddress: envelope.userAddress,
-      inner: fromRpc(envelope.signature),
-      ...(envelope.keyId ? { keyId: envelope.keyId } : {}),
-      ...(envelope.version ? { version: envelope.version } : {}),
+      userAddress: keychain.userAddress,
+      inner: fromRpc(keychain.signature),
+      ...(keychain.keyId ? { keyId: keychain.keyId } : {}),
+      ...(keychain.version ? { version: keychain.version } : {}),
     }
+  }
+
+  if (
+    envelope.type === 'multisig' ||
+    ('account' in envelope &&
+      'configId' in envelope &&
+      'signatures' in envelope)
+  ) {
+    const multisig = envelope as MultisigRpc
+    return {
+      type: 'multisig',
+      account: multisig.account,
+      configId: multisig.configId,
+      // Owner approvals are raw serialized signatures (node `Vec<Bytes>`).
+      signatures: multisig.signatures.map((signature) =>
+        deserialize(signature),
+      ),
+      ...(multisig.init ? { init: MultisigConfig.from(multisig.init) } : {}),
+    }
+  }
 
   throw new CoercionError({ envelope })
 }
@@ -922,6 +1048,14 @@ export function getType<
   if ('userAddress' in envelope && 'inner' in envelope)
     return 'keychain' as never
 
+  // Detect Multisig signature
+  if (
+    'account' in envelope &&
+    'configId' in envelope &&
+    'signatures' in envelope
+  )
+    return 'multisig' as never
+
   throw new CoercionError({
     envelope,
   })
@@ -1015,6 +1149,24 @@ export function serialize(
     )
   }
 
+  if (type === 'multisig') {
+    const multisig = envelope as Multisig
+    // Format: `0x05 || rlp([account, configId, signatures, init])`, where each
+    // owner approval is an encoded primitive signature. `init` is the bootstrap
+    // config (an RLP list) when present, otherwise the canonical empty-string
+    // placeholder (`0x` → RLP `0x80`).
+    return Hex.concat(
+      serializedMultisigType,
+      Rlp.fromHex([
+        multisig.account,
+        multisig.configId,
+        multisig.signatures.map((signature) => serialize(signature)),
+        multisig.init ? MultisigConfig.toTuple(multisig.init) : '0x',
+      ]),
+      options.magic ? magicBytes : '0x',
+    )
+  }
+
   throw new CoercionError({ envelope })
 }
 
@@ -1028,6 +1180,90 @@ export declare namespace serialize {
   }
 }
 
+/**
+ * Orders native multisig owner approvals into the strictly-ascending
+ * recovered-owner order the Tempo node requires for the multisig `signatures`
+ * array (the node enforces "recovered owners must be strictly ascending").
+ *
+ * Each approval is signed over the multisig owner approval digest
+ * ({@link ox#MultisigConfig.(getSignPayload:function)}), so the signer of
+ * every approval is recovered against that digest and the list is sorted by the
+ * recovered owner address. Works for any owner key type (secp256k1, p256,
+ * webAuthn, keychain).
+ *
+ * @example
+ * ```ts twoslash
+ * import { Secp256k1 } from 'ox'
+ * import { MultisigConfig, SignatureEnvelope, TxEnvelopeTempo } from 'ox/tempo'
+ *
+ * const config = MultisigConfig.from({
+ *   threshold: 2,
+ *   owners: [
+ *     { owner: '0x1111111111111111111111111111111111111111', weight: 1 },
+ *     { owner: '0x2222222222222222222222222222222222222222', weight: 1 },
+ *   ],
+ * })
+ * const configId = MultisigConfig.toId(config)
+ * const account = MultisigConfig.getAddress({ configId })
+ *
+ * const tx = TxEnvelopeTempo.from({ chainId: 1, calls: [] })
+ * const payload = TxEnvelopeTempo.getSignPayload(tx)
+ * const digest = MultisigConfig.getSignPayload({ payload, account, configId })
+ *
+ * const privateKeys = [Secp256k1.randomPrivateKey(), Secp256k1.randomPrivateKey()]
+ * const signatures = privateKeys.map((privateKey) =>
+ *   SignatureEnvelope.from(Secp256k1.sign({ payload: digest, privateKey })),
+ * )
+ *
+ * const ordered = SignatureEnvelope.sortMultisigApprovals({ // [!code focus]
+ *   account, // [!code focus]
+ *   configId, // [!code focus]
+ *   payload, // [!code focus]
+ *   signatures, // [!code focus]
+ * }) // [!code focus]
+ * ```
+ *
+ * @param value - The approval ordering parameters.
+ * @returns The owner approvals ordered ascending by recovered owner address.
+ */
+export function sortMultisigApprovals(
+  value: sortMultisigApprovals.Value,
+): readonly SignatureEnvelope[] {
+  const { account, configId, payload, signatures } = value
+  const digest = MultisigConfig.getSignPayload({
+    account,
+    configId,
+    payload,
+  })
+  // Recover each signer once (decorate–sort–undecorate) rather than inside the
+  // comparator.
+  return signatures
+    .map((signature) => ({
+      key: Hex.toBigInt(extractAddress({ payload: digest, signature })),
+      signature,
+    }))
+    .sort((a, b) => (a.key < b.key ? -1 : a.key > b.key ? 1 : 0))
+    .map((entry) => entry.signature)
+}
+
+export declare namespace sortMultisigApprovals {
+  type Value = {
+    /** The native multisig account address. */
+    account: Address.Address
+    /** The permanent config ID. */
+    configId: Hex.Hex
+    /** The inner transaction sign payload (`tx.signature_hash()`). */
+    payload: Hex.Hex | Bytes.Bytes
+    /** The primitive owner approvals to order. */
+    signatures: readonly SignatureEnvelope[]
+  }
+
+  type ErrorType =
+    | MultisigConfig.getSignPayload.ErrorType
+    | extractAddress.ErrorType
+    | Errors.GlobalErrorType
+}
+
 /**
  * Converts a signature envelope to RPC format.
  *
@@ -1095,6 +1331,18 @@ export function toRpc(envelope: SignatureEnvelope): SignatureEnvelopeRpc {
     }
   }
 
+  if (type === 'multisig') {
+    const multisig = envelope as Multisig
+    return {
+      type: 'multisig',
+      account: multisig.account,
+      configId: multisig.configId,
+      // Owner approvals are raw serialized signatures (node `Vec<Bytes>`).
+      signatures: multisig.signatures.map((signature) => serialize(signature)),
+      ...(multisig.init ? { init: multisig.init } : {}),
+    }
+  }
+
   throw new CoercionError({ envelope })
 }
 
@@ -1332,7 +1580,7 @@ export class MissingPropertiesError extends Errors.BaseError {
   }: {
     envelope: unknown
     missing: string[]
-    type: Type
+    type: Type | 'keychain' | 'multisig'
   }) {
     super(
       `Signature envelope of type "${type}" is missing required properties: ${missing.map((m) => `\`${m}\``).join(', ')}.\n\nProvided: ${Json.stringify(envelope)}`,

package/tempo/e2e.test.ts

@@ -14,6 +14,7 @@ import { chain, client, fundAddress, nodeEnv } from '../../test/tempo/config.js'
 import {
   AuthorizationTempo,
   KeyAuthorization,
+  MultisigConfig,
   Period,
   SignatureEnvelope,
 } from './index.js'
@@ -2826,6 +2827,11 @@ describe('behavior: keyAuthorization', () => {
     },
   )
 
+  // TIP-1049 admin keys are not yet in any released tempo tag (only on
+  // `main` via PR #4265). CI runs the localnet job against the `edge`
+  // image which tracks main; devnet/testnet still ship the older
+  // release and would reject the 9-field wire format with
+  // `failed to decode signed transaction`.
   // TODO: remove skipIf when devnet/testnet have T6 (TIP-1049).
   test.skipIf(nodeEnv !== 'localnet')(
     'behavior: TIP-1049 admin access key round-trips through registration',
@@ -2993,3 +2999,214 @@ describe('behavior: keyAuthorization', () => {
     },
   )
 })
+
+// TODO: unskip once TIP-1061 native multisig is deployed to the standard
+// localnet/testnet nodes. Until then these only pass against the dedicated
+// PR-5178 devnet (run with VITE_TEMPO_RPC_URL pointed at it).
+describe.skip('behavior: multisig (TIP-1061)', () => {
+  // Helper: builds a fresh set of secp256k1 owners + the derived config.
+  function setup(parameters: { count: number; threshold: number }) {
+    const { count, threshold } = parameters
+    const ownerKeys = Array.from({ length: count }, () => {
+      const privateKey = Secp256k1.randomPrivateKey()
+      const address = Address.fromPublicKey(
+        Secp256k1.getPublicKey({ privateKey }),
+      )
+      return { address, privateKey } as const
+    })
+
+    const config = MultisigConfig.from({
+      // A fresh random salt yields a distinct account each run, exercising the
+      // salt-inclusive config-ID derivation against the node.
+      salt: Hex.random(32),
+      threshold,
+      owners: ownerKeys.map((key) => ({
+        owner: key.address,
+        weight: 1,
+      })),
+    })
+    const configId = MultisigConfig.toId(config)
+    const account = MultisigConfig.getAddress({ configId })
+
+    return { account, config, configId, ownerKeys } as const
+  }
+
+  // Signs the multisig owner digest with the provided owner keys, returning
+  // primitive approval envelopes ordered strictly ascending by recovered owner
+  // address (required by the node: "recovered owners must be strictly
+  // ascending").
+  function approve(parameters: {
+    account: Address.Address
+    configId: Hex.Hex
+    payload: Hex.Hex
+    signers: readonly { privateKey: Hex.Hex }[]
+  }) {
+    const { account, configId, payload, signers } = parameters
+    const digest = MultisigConfig.getSignPayload({
+      account,
+      configId,
+      payload,
+    })
+    const signatures = signers.map((signer) =>
+      SignatureEnvelope.from(
+        Secp256k1.sign({ payload: digest, privateKey: signer.privateKey }),
+      ),
+    )
+    return SignatureEnvelope.sortMultisigApprovals({
+      account,
+      configId,
+      payload,
+      signatures,
+    })
+  }
+
+  test('behavior: bootstrap + spend (2-of-3 secp256k1)', async () => {
+    const { account, config, configId, ownerKeys } = setup({
+      count: 3,
+      threshold: 2,
+    })
+
+    // The derived multisig account pays its own fees.
+    await fundAddress(client, { address: account })
+
+    // Bootstrap (first transaction): the bootstrap config travels in the
+    // multisig signature `init`, nonce 0.
+    const bootstrap = TxEnvelopeTempo.from({
+      calls: [{ to: '0x0000000000000000000000000000000000000000' }],
+      chainId,
+      feeToken: '0x20c0000000000000000000000000000000000001',
+      nonce: 0n,
+      gas: 2_000_000n,
+      maxFeePerGas: Value.fromGwei('20'),
+      maxPriorityFeePerGas: Value.fromGwei('10'),
+    })
+
+    const bootstrap_signed = TxEnvelopeTempo.serialize(bootstrap, {
+      signature: SignatureEnvelope.from({
+        type: 'multisig',
+        account,
+        configId,
+        // The bootstrap config is carried by the signature `init`.
+        init: config,
+        // Approve with 2 of the 3 owners to satisfy the threshold.
+        signatures: approve({
+          account,
+          configId,
+          payload: TxEnvelopeTempo.getSignPayload(bootstrap),
+          signers: [ownerKeys[0]!, ownerKeys[1]!],
+        }),
+      }),
+    })
+
+    const bootstrap_receipt = (await client
+      .request({
+        method: 'eth_sendRawTransactionSync',
+        params: [bootstrap_signed],
+      })
+      .then((tx) => TransactionReceipt.fromRpc(tx as any)))!
+    expect(bootstrap_receipt).toBeDefined()
+    expect(bootstrap_receipt.status).toBe('success')
+    expect(bootstrap_receipt.from).toBe(account)
+
+    {
+      const response = await client
+        .request({
+          method: 'eth_getTransactionByHash',
+          params: [bootstrap_receipt.transactionHash],
+        })
+        .then((tx) => Transaction.fromRpc(tx as any))
+      if (!response) throw new Error()
+      expect(response.from).toBe(account)
+      expect(response.signature?.type).toBe('multisig')
+      // The bootstrap config is carried by the multisig signature `init`.
+      expect(
+        (response.signature as SignatureEnvelope.Multisig | undefined)?.init,
+      ).toEqual(config)
+    }
+
+    // Spend (subsequent transaction): no signature `init`, nonce 1, uses the
+    // stored config loaded by the node.
+    const nonce = await getTransactionCount(client, {
+      address: account,
+      blockTag: 'pending',
+    })
+
+    const spend = TxEnvelopeTempo.from({
+      calls: [{ to: '0x0000000000000000000000000000000000000000' }],
+      chainId,
+      feeToken: '0x20c0000000000000000000000000000000000001',
+      nonce: BigInt(nonce),
+      gas: 2_000_000n,
+      maxFeePerGas: Value.fromGwei('20'),
+      maxPriorityFeePerGas: Value.fromGwei('10'),
+    })
+
+    const spend_signed = TxEnvelopeTempo.serialize(spend, {
+      signature: SignatureEnvelope.from({
+        type: 'multisig',
+        account,
+        configId,
+        // A different 2-of-3 subset still authorizes the transaction.
+        signatures: approve({
+          account,
+          configId,
+          payload: TxEnvelopeTempo.getSignPayload(spend),
+          signers: [ownerKeys[1]!, ownerKeys[2]!],
+        }),
+      }),
+    })
+
+    const spend_receipt = (await client
+      .request({
+        method: 'eth_sendRawTransactionSync',
+        params: [spend_signed],
+      })
+      .then((tx) => TransactionReceipt.fromRpc(tx as any)))!
+    expect(spend_receipt).toBeDefined()
+    expect(spend_receipt.status).toBe('success')
+    expect(spend_receipt.from).toBe(account)
+  })
+
+  test('behavior: rejects below-threshold approvals', async () => {
+    const { account, config, configId, ownerKeys } = setup({
+      count: 3,
+      threshold: 2,
+    })
+
+    await fundAddress(client, { address: account })
+
+    const bootstrap = TxEnvelopeTempo.from({
+      calls: [{ to: '0x0000000000000000000000000000000000000000' }],
+      chainId,
+      feeToken: '0x20c0000000000000000000000000000000000001',
+      nonce: 0n,
+      gas: 2_000_000n,
+      maxFeePerGas: Value.fromGwei('20'),
+      maxPriorityFeePerGas: Value.fromGwei('10'),
+    })
+
+    const serialized_signed = TxEnvelopeTempo.serialize(bootstrap, {
+      signature: SignatureEnvelope.from({
+        type: 'multisig',
+        account,
+        configId,
+        // The bootstrap config is carried by the signature `init`.
+        init: config,
+        // Only one approval — below the threshold of 2.
+        signatures: approve({
+          account,
+          configId,
+          payload: TxEnvelopeTempo.getSignPayload(bootstrap),
+          signers: [ownerKeys[0]!],
+        }),
+      }),
+    })
+
+    await expect(
+      client.request({
+        method: 'eth_sendRawTransactionSync',
+        params: [serialized_signed],
+      }),
+    ).rejects.toThrow()
+  })
+})

package/tempo/index.ts

@@ -102,6 +102,32 @@ export * as Channel from './Channel.js'
  * @category Reference
  */
 export * as KeyAuthorization from './KeyAuthorization.js'
+/**
+ * Native multisig account utilities (TIP-1061).
+ *
+ * Derives stable multisig account addresses and permanent config IDs from a weighted
+ * owner configuration, and computes the owner approval digest that owners sign.
+ *
+ * [TIP-1061](https://tips.sh/1061)
+ *
+ * @example
+ * ```ts twoslash
+ * import { MultisigConfig } from 'ox/tempo'
+ *
+ * const config = MultisigConfig.from({
+ *   threshold: 2,
+ *   owners: [
+ *     { owner: '0x1111111111111111111111111111111111111111', weight: 1 },
+ *     { owner: '0x2222222222222222222222222222222222222222', weight: 1 },
+ *   ],
+ * })
+ *
+ * const account = MultisigConfig.getAddress({ config })
+ * ```
+ *
+ * @category Reference
+ */
+export * as MultisigConfig from './MultisigConfig.js'
 /**
  * Utilities for constructing period durations (in seconds) for recurring spending limits.
  *
@@ -153,6 +179,28 @@ export * as Period from './Period.js'
  * @category Reference
  */
 export * as PoolId from './PoolId.js'
+/**
+ * TIP-1028 receive-policy claim receipt utilities.
+ *
+ * When an inbound transfer or mint violates the recipient's receive policy, the
+ * funds are redirected to the `ReceivePolicyGuard` and a `ClaimReceiptV1`
+ * witness is emitted. This module decodes those witnesses (required to later
+ * `claim` or `burn` the blocked funds) from raw bytes or transaction receipts.
+ *
+ * [TIP-1028](https://docs.tempo.xyz/protocol/tips/tip-1028)
+ *
+ * @example
+ * ```ts twoslash
+ * // @noErrors
+ * import { ReceivePolicyReceipt } from 'ox/tempo'
+ *
+ * const receipts = ReceivePolicyReceipt.fromTransactionReceipt(receipt)
+ * const decoded = ReceivePolicyReceipt.decode('0x...')
+ * ```
+ *
+ * @category Reference
+ */
+export * as ReceivePolicyReceipt from './ReceivePolicyReceipt.js'
 /**
  * Union of all JSON-RPC Methods for the `tempo_` namespace.
  *

package/version.ts

@@ -1,2 +1,2 @@
 /** @internal */
-export const version = '0.14.26'
+export const version = '0.14.28'