ox 0.14.27 → 0.14.28

package/_esm/tempo/MultisigConfig.js

@@ -0,0 +1,312 @@
+import * as Address from '../core/Address.js';
+import * as Errors from '../core/Errors.js';
+import * as Hash from '../core/Hash.js';
+import * as Hex from '../core/Hex.js';
+/** Maximum number of owners allowed in a native multisig config. */
+export const maxOwners = 10;
+/** Maximum encoded byte length for one primitive owner approval. */
+export const maxOwnerSignatureBytes = 2049;
+/** Tempo signature type byte for native multisig signatures. */
+export const signatureTypeByte = '0x05';
+/** Zero 32-byte salt (the default when no salt is provided). */
+export const zeroSalt = `0x${'00'.repeat(32)}`;
+/** Domain prefix for the native multisig account address derivation. */
+const accountDomain = 'tempo:multisig:account';
+/** Domain prefix for the native multisig config ID derivation. */
+const configDomain = 'tempo:multisig:config';
+/** Domain prefix for native multisig owner approvals. */
+const signatureDomain = 'tempo:multisig:signature';
+/**
+ * Asserts that a native multisig {@link ox#MultisigConfig.Config} is valid.
+ *
+ * Mirrors the Tempo `validate_multisig_config` rules: owners non-empty and
+ * `<= maxOwners`, strictly ascending unique nonzero owner addresses, nonzero
+ * owner weights, `threshold >= 1`, total weight `<= u32::MAX`, and
+ * `threshold <= total weight`.
+ *
+ * @example
+ * ```ts twoslash
+ * import { MultisigConfig } from 'ox/tempo'
+ *
+ * MultisigConfig.assert({
+ *   threshold: 1,
+ *   owners: [
+ *     { owner: '0x1111111111111111111111111111111111111111', weight: 1 },
+ *   ],
+ * })
+ * ```
+ *
+ * @param config - The multisig config.
+ */
+export function assert(config) {
+    const { salt, threshold, owners } = config;
+    if (typeof salt !== 'undefined' && Hex.size(salt) !== 32)
+        throw new InvalidConfigError({ reason: 'salt must be 32 bytes' });
+    if (owners.length === 0)
+        throw new InvalidConfigError({ reason: 'owners cannot be empty' });
+    if (owners.length > maxOwners)
+        throw new InvalidConfigError({ reason: 'too many owners' });
+    if (Number(threshold) < 1)
+        throw new InvalidConfigError({ reason: 'threshold cannot be zero' });
+    let totalWeight = 0;
+    let previous;
+    for (const owner of owners) {
+        if (!Address.validate(owner.owner) || Hex.toBigInt(owner.owner) === 0n)
+            throw new InvalidConfigError({ reason: 'owner cannot be zero' });
+        if (Number(owner.weight) < 1)
+            throw new InvalidConfigError({ reason: 'owner weight cannot be zero' });
+        const current = Hex.toBigInt(owner.owner);
+        if (typeof previous !== 'undefined' && previous >= current)
+            throw new InvalidConfigError({
+                reason: 'owners must be strictly ascending',
+            });
+        previous = current;
+        totalWeight += Number(owner.weight);
+    }
+    if (totalWeight > 0xffffffff)
+        throw new InvalidConfigError({
+            reason: 'total owner weight exceeds u32 max',
+        });
+    if (Number(threshold) > totalWeight)
+        throw new InvalidConfigError({
+            reason: 'threshold exceeds total owner weight',
+        });
+}
+/**
+ * Normalizes a native multisig {@link ox#MultisigConfig.Config}.
+ *
+ * Sorts owners into strictly ascending `owner` address order (the canonical
+ * form required for config ID derivation) and asserts the config is valid.
+ *
+ * @example
+ * ```ts twoslash
+ * import { MultisigConfig } from 'ox/tempo'
+ *
+ * const config = MultisigConfig.from({
+ *   threshold: 2,
+ *   owners: [
+ *     { owner: '0x2222222222222222222222222222222222222222', weight: 1 },
+ *     { owner: '0x1111111111111111111111111111111111111111', weight: 1 },
+ *   ],
+ * })
+ * // owners are now sorted ascending by address
+ * ```
+ *
+ * @param config - The multisig config.
+ * @returns The normalized multisig config.
+ */
+export function from(config) {
+    const owners = [...config.owners].sort((a, b) => Hex.toBigInt(a.owner) < Hex.toBigInt(b.owner) ? -1 : 1);
+    const normalized = {
+        salt: config.salt ? Hex.padLeft(config.salt, 32) : zeroSalt,
+        threshold: config.threshold,
+        owners,
+    };
+    assert(normalized);
+    return normalized;
+}
+/**
+ * Converts an RLP {@link ox#MultisigConfig.Tuple} back to a
+ * {@link ox#MultisigConfig.Config}.
+ *
+ * @example
+ * ```ts twoslash
+ * import { MultisigConfig } from 'ox/tempo'
+ *
+ * const config = MultisigConfig.fromTuple([
+ *   `0x${'00'.repeat(32)}`,
+ *   '0x01',
+ *   [['0x1111111111111111111111111111111111111111', '0x01']],
+ * ])
+ * ```
+ *
+ * @param tuple - The RLP tuple.
+ * @returns The multisig config.
+ */
+export function fromTuple(tuple) {
+    const [salt, threshold, owners] = tuple;
+    return {
+        salt: salt && salt !== '0x' ? Hex.padLeft(salt, 32) : zeroSalt,
+        threshold: threshold === '0x' ? 0 : Hex.toNumber(threshold),
+        owners: owners.map((owner) => {
+            const [ownerAddress, weight] = owner;
+            return {
+                owner: ownerAddress,
+                weight: !weight || weight === '0x' ? 0 : Hex.toNumber(weight),
+            };
+        }),
+    };
+}
+/**
+ * Derives the stable native multisig account address.
+ *
+ * `keccak256("tempo:multisig:account" || config_id)[12:32]`.
+ *
+ * @example
+ * ```ts twoslash
+ * import { MultisigConfig } from 'ox/tempo'
+ *
+ * const config = MultisigConfig.from({
+ *   threshold: 1,
+ *   owners: [
+ *     { owner: '0x1111111111111111111111111111111111111111', weight: 1 },
+ *   ],
+ * })
+ *
+ * const address = MultisigConfig.getAddress({ config })
+ * ```
+ *
+ * @param value - The config or config ID to derive the address from.
+ * @returns The multisig account address.
+ */
+export function getAddress(value) {
+    const id = 'configId' in value ? value.configId : toId(value.config);
+    const hash = Hash.keccak256(Hex.concat(Hex.fromString(accountDomain), id));
+    return Address.from(Hex.slice(hash, 12, 32));
+}
+/**
+ * Computes the digest a native multisig owner approves (signs).
+ *
+ * `keccak256("tempo:multisig:signature" || inner_digest || account || config_id)`,
+ * where `inner_digest` is the transaction sign payload
+ * ({@link ox#TxEnvelopeTempo.(getSignPayload:function)}).
+ *
+ * @example
+ * ```ts twoslash
+ * import { MultisigConfig, TxEnvelopeTempo } from 'ox/tempo'
+ *
+ * const config = MultisigConfig.from({
+ *   threshold: 1,
+ *   owners: [
+ *     { owner: '0x1111111111111111111111111111111111111111', weight: 1 },
+ *   ],
+ * })
+ * const configId = MultisigConfig.toId(config)
+ * const account = MultisigConfig.getAddress({ configId })
+ *
+ * const envelope = TxEnvelopeTempo.from({
+ *   chainId: 1,
+ *   calls: [],
+ * })
+ *
+ * const digest = MultisigConfig.getSignPayload({
+ *   payload: TxEnvelopeTempo.getSignPayload(envelope),
+ *   account,
+ *   configId,
+ * })
+ * ```
+ *
+ * @param value - The digest derivation parameters.
+ * @returns The owner approval digest.
+ */
+export function getSignPayload(value) {
+    const { payload, account, configId } = value;
+    return Hash.keccak256(Hex.concat(Hex.fromString(signatureDomain), Hex.from(payload), account, configId));
+}
+/**
+ * Derives the permanent config ID for a native multisig
+ * {@link ox#MultisigConfig.Config}.
+ *
+ * Preimage (fixed-width big-endian, **not** RLP):
+ * `keccak256("tempo:multisig:config" || salt || be_u32(threshold) || be_u32(owners.length) || (owner || be_u32(weight)) for each owner)`.
+ *
+ * @example
+ * ```ts twoslash
+ * import { MultisigConfig } from 'ox/tempo'
+ *
+ * const config = MultisigConfig.from({
+ *   threshold: 1,
+ *   owners: [
+ *     { owner: '0x1111111111111111111111111111111111111111', weight: 1 },
+ *   ],
+ * })
+ *
+ * const configId = MultisigConfig.toId(config)
+ * ```
+ *
+ * @param config - The multisig config.
+ * @returns The 32-byte config ID.
+ */
+export function toId(config) {
+    assert(config);
+    const id = Hash.keccak256(Hex.concat(Hex.fromString(configDomain), Hex.padLeft(config.salt ?? zeroSalt, 32), Hex.fromNumber(config.threshold, { size: 4 }), Hex.fromNumber(config.owners.length, { size: 4 }), ...config.owners.flatMap((owner) => [
+        owner.owner,
+        Hex.fromNumber(owner.weight, { size: 4 }),
+    ])));
+    if (Hex.toBigInt(id) === 0n)
+        throw new InvalidConfigError({ reason: 'config ID cannot be zero' });
+    return id;
+}
+/**
+ * Converts a {@link ox#MultisigConfig.Config} to its RLP tuple form (carried
+ * by the multisig signature `init`).
+ *
+ * Tuple shape: `[salt, threshold, [[owner, weight], ...]]`. The
+ * 32-byte `salt` encodes as a full fixed-width string; other integers use
+ * canonical RLP encoding (zero values encode as `0x`).
+ *
+ * @example
+ * ```ts twoslash
+ * import { MultisigConfig } from 'ox/tempo'
+ *
+ * const tuple = MultisigConfig.toTuple({
+ *   threshold: 1,
+ *   owners: [
+ *     { owner: '0x1111111111111111111111111111111111111111', weight: 1 },
+ *   ],
+ * })
+ * ```
+ *
+ * @param config - The multisig config.
+ * @returns The RLP tuple.
+ */
+export function toTuple(config) {
+    assert(config);
+    const owners = config.owners.map((owner) => [owner.owner, Hex.fromNumber(owner.weight)]);
+    // `salt` is a fixed 32-byte value: it RLP-encodes as a full 32-byte string
+    // (including the zero salt), never trimmed like an integer.
+    const salt = config.salt ? Hex.padLeft(config.salt, 32) : zeroSalt;
+    return [salt, Hex.fromNumber(config.threshold), owners];
+}
+/**
+ * Validates a native multisig {@link ox#MultisigConfig.Config}. Returns `true`
+ * if valid, `false` otherwise.
+ *
+ * @example
+ * ```ts twoslash
+ * import { MultisigConfig } from 'ox/tempo'
+ *
+ * const valid = MultisigConfig.validate({
+ *   threshold: 1,
+ *   owners: [
+ *     { owner: '0x1111111111111111111111111111111111111111', weight: 1 },
+ *   ],
+ * })
+ * // @log: true
+ * ```
+ *
+ * @param config - The multisig config.
+ * @returns Whether the config is valid.
+ */
+export function validate(config) {
+    try {
+        assert(config);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+/** Thrown when a native multisig config is invalid. */
+export class InvalidConfigError extends Errors.BaseError {
+    constructor({ reason }) {
+        super(`Invalid native multisig config: ${reason}.`);
+        Object.defineProperty(this, "name", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: 'MultisigConfig.InvalidConfigError'
+        });
+    }
+}
+//# sourceMappingURL=MultisigConfig.js.map

package/_esm/tempo/MultisigConfig.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"MultisigConfig.js","sourceRoot":"","sources":["../../tempo/MultisigConfig.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,OAAO,MAAM,oBAAoB,CAAA;AAE7C,OAAO,KAAK,MAAM,MAAM,mBAAmB,CAAA;AAC3C,OAAO,KAAK,IAAI,MAAM,iBAAiB,CAAA;AACvC,OAAO,KAAK,GAAG,MAAM,gBAAgB,CAAA;AAGrC,oEAAoE;AACpE,MAAM,CAAC,MAAM,SAAS,GAAG,EAAE,CAAA;AAE3B,oEAAoE;AACpE,MAAM,CAAC,MAAM,sBAAsB,GAAG,IAAI,CAAA;AAE1C,gEAAgE;AAChE,MAAM,CAAC,MAAM,iBAAiB,GAAG,MAAe,CAAA;AAEhD,gEAAgE;AAChE,MAAM,CAAC,MAAM,QAAQ,GAAG,KAAK,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,EAAW,CAAA;AAEvD,wEAAwE;AACxE,MAAM,aAAa,GAAG,wBAAwB,CAAA;AAE9C,kEAAkE;AAClE,MAAM,YAAY,GAAG,uBAAuB,CAAA;AAE5C,yDAAyD;AACzD,MAAM,eAAe,GAAG,0BAA0B,CAAA;AAiClD;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,UAAU,MAAM,CAAsB,MAA0B;IACpE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,MAAM,CAAA;IAE1C,IAAI,OAAO,IAAI,KAAK,WAAW,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE;QACtD,MAAM,IAAI,kBAAkB,CAAC,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC,CAAA;IACnE,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QACrB,MAAM,IAAI,kBAAkB,CAAC,EAAE,MAAM,EAAE,wBAAwB,EAAE,CAAC,CAAA;IACpE,IAAI,MAAM,CAAC,MAAM,GAAG,SAAS;QAC3B,MAAM,IAAI,kBAAkB,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC,CAAA;IAC7D,IAAI,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC;QACvB,MAAM,IAAI,kBAAkB,CAAC,EAAE,MAAM,EAAE,0BAA0B,EAAE,CAAC,CAAA;IAEtE,IAAI,WAAW,GAAG,CAAC,CAAA;IACnB,IAAI,QAA4B,CAAA;IAChC,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE;YACpE,MAAM,IAAI,kBAAkB,CAAC,EAAE,MAAM,EAAE,sBAAsB,EAAE,CAAC,CAAA;QAClE,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC;YAC1B,MAAM,IAAI,kBAAkB,CAAC,EAAE,MAAM,EAAE,6BAA6B,EAAE,CAAC,CAAA;QAEzE,MAAM,OAAO,GAAG,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;QACzC,IAAI,OAAO,QAAQ,KAAK,WAAW,IAAI,QAAQ,IAAI,OAAO;YACxD,MAAM,IAAI,kBAAkB,CAAC;gBAC3B,MAAM,EAAE,mCAAmC;aAC5C,CAAC,CAAA;QACJ,QAAQ,GAAG,OAAO,CAAA;QAElB,WAAW,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;IACrC,CAAC;IAED,IAAI,WAAW,GAAG,UAAU;QAC1B,MAAM,IAAI,kBAAkB,CAAC;YAC3B,MAAM,EAAE,oCAAoC;SAC7C,CAAC,CAAA;IACJ,IAAI,MAAM,CAAC,SAAS,CAAC,GAAG,WAAW;QACjC,MAAM,IAAI,kBAAkB,CAAC;YAC3B,MAAM,EAAE,sCAAsC;SAC/C,CAAC,CAAA;AACN,CAAC;AAMD;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,UAAU,IAAI,CAClB,MAA0B;IAE1B,MAAM,MAAM,GAAG,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAC9C,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACvD,CAAA;IACD,MAAM,UAAU,GAAG;QACjB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ;QAC3D,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,MAAM;KACe,CAAA;IACvB,MAAM,CAAC,UAAU,CAAC,CAAA;IAClB,OAAO,UAAU,CAAA;AACnB,CAAC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,UAAU,SAAS,CAAC,KAAY;IACpC,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,MAAM,CAAC,GAAG,KAAK,CAAA;IACvC,OAAO;QACL,IAAI,EAAE,IAAI,IAAI,IAAI,KAAK,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ;QAC9D,SAAS,EAAE,SAAS,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC;QAC3D,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE;YAC3B,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,GAAG,KAA2B,CAAA;YAC1D,OAAO;gBACL,KAAK,EAAE,YAA+B;gBACtC,MAAM,EAAE,CAAC,MAAM,IAAI,MAAM,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC;aAC9D,CAAA;QACH,CAAC,CAAC;KACH,CAAA;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,UAAU,UAAU,CAAC,KAAuB;IAChD,MAAM,EAAE,GAAG,UAAU,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;IACpE,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,EAAE,CAAC,CAAC,CAAA;IAC1E,OAAO,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,CAAA;AAC9C,CAAC;AAcD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkCG;AACH,MAAM,UAAU,cAAc,CAAC,KAA2B;IACxD,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,KAAK,CAAA;IAC5C,OAAO,IAAI,CAAC,SAAS,CACnB,GAAG,CAAC,MAAM,CACR,GAAG,CAAC,UAAU,CAAC,eAAe,CAAC,EAC/B,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,EACjB,OAAO,EACP,QAAQ,CACT,CACF,CAAA;AACH,CAAC;AAmBD;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,UAAU,IAAI,CAAC,MAAc;IACjC,MAAM,CAAC,MAAM,CAAC,CAAA;IACd,MAAM,EAAE,GAAG,IAAI,CAAC,SAAS,CACvB,GAAG,CAAC,MAAM,CACR,GAAG,CAAC,UAAU,CAAC,YAAY,CAAC,EAC5B,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,IAAI,QAAQ,EAAE,EAAE,CAAC,EACxC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,SAAS,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,EAC7C,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,EACjD,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC;QAClC,KAAK,CAAC,KAAK;QACX,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;KAC1C,CAAC,CACH,CACF,CAAA;IACD,IAAI,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,KAAK,EAAE;QACzB,MAAM,IAAI,kBAAkB,CAAC,EAAE,MAAM,EAAE,0BAA0B,EAAE,CAAC,CAAA;IACtE,OAAO,EAAE,CAAA;AACX,CAAC;AAYD;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,UAAU,OAAO,CAAC,MAAc;IACpC,MAAM,CAAC,MAAM,CAAC,CAAA;IACd,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,CAC9B,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,CAAc,CACpE,CAAA;IACD,2EAA2E;IAC3E,4DAA4D;IAC5D,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAA;IAClE,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,MAAM,CAAU,CAAA;AAClE,CAAC;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,UAAU,QAAQ,CAAC,MAAc;IACrC,IAAI,CAAC;QACH,MAAM,CAAC,MAAM,CAAC,CAAA;QACd,OAAO,IAAI,CAAA;IACb,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAA;IACd,CAAC;AACH,CAAC;AAED,uDAAuD;AACvD,MAAM,OAAO,kBAAmB,SAAQ,MAAM,CAAC,SAAS;IAEtD,YAAY,EAAE,MAAM,EAAsB;QACxC,KAAK,CAAC,mCAAmC,MAAM,GAAG,CAAC,CAAA;QAFnC;;;;mBAAO,mCAAmC;WAAA;IAG5D,CAAC;CACF"}

package/_esm/tempo/SignatureEnvelope.js

@@ -3,14 +3,17 @@ import * as Errors from '../core/Errors.js';
 import * as Hex from '../core/Hex.js';
 import * as Json from '../core/Json.js';
 import * as ox_P256 from '../core/P256.js';
+import * as Rlp from '../core/Rlp.js';
 import * as ox_Secp256k1 from '../core/Secp256k1.js';
 import * as Signature from '../core/Signature.js';
 import * as ox_WebAuthnP256 from '../core/WebAuthnP256.js';
+import * as MultisigConfig from './MultisigConfig.js';
 /** Signature type identifiers for encoding/decoding */
 const serializedP256Type = '0x01';
 const serializedWebAuthnType = '0x02';
 const serializedKeychainType = '0x03';
 const serializedKeychainV2Type = '0x04';
+const serializedMultisigType = '0x05';
 /** Serialized magic identifier for Tempo signature envelopes. */
 export const magicBytes = '0x7777777777777777777777777777777777777777777777777777777777777777'; // 32 "T"s
 /** List of supported signature types. */
@@ -95,6 +98,23 @@ export function assert(envelope) {
         assert(keychain.inner);
         return;
     }
+    if (type === 'multisig') {
+        const multisig = envelope;
+        const missing = [];
+        if (!multisig.account)
+            missing.push('account');
+        if (!multisig.configId)
+            missing.push('configId');
+        if (!Array.isArray(multisig.signatures))
+            missing.push('signatures');
+        if (missing.length > 0)
+            throw new MissingPropertiesError({ envelope, missing, type: 'multisig' });
+        for (const inner of multisig.signatures)
+            assert(inner);
+        if (multisig.init)
+            MultisigConfig.assert(multisig.init);
+        return;
+    }
 }
 /**
  * Extracts the address of the signer from a {@link ox#SignatureEnvelope.SignatureEnvelope}.
@@ -128,6 +148,10 @@ export function extractAddress(options) {
             return signature.userAddress;
         return extractAddress({ ...options, signature: signature.inner });
     }
+    // Native multisig signatures have no single signer; the recovered sender is the
+    // derived multisig account address.
+    if (signature.type === 'multisig')
+        return signature.account;
     return Address.fromPublicKey(extractPublicKey(options));
 }
 /**
@@ -168,6 +192,10 @@ export function extractPublicKey(options) {
             return signature.publicKey;
         case 'keychain':
             return extractPublicKey({ payload, signature: signature.inner });
+        case 'multisig':
+            // A multisig signature aggregates multiple owner approvals and has no
+            // single public key; recover the multisig account via `extractAddress`.
+            throw new CoercionError({ envelope: signature });
     }
 }
 /**
@@ -290,8 +318,25 @@ export function deserialize(value) {
             version: typeId === serializedKeychainV2Type ? 'v2' : 'v1',
         };
     }
+    if (typeId === serializedMultisigType) {
+        // Wire format: `0x05 || rlp([account, configId, signatures, init])`. `init`
+        // is optional: absent when the element is missing or the `0x80` placeholder
+        // (decoded as the empty string `0x`), otherwise the bootstrap config list.
+        const [account, configId, signatures, init] = Rlp.toHex(data);
+        return {
+            type: 'multisig',
+            account,
+            configId,
+            signatures: signatures.map((signature) => deserialize(signature)),
+            ...(init && init !== '0x'
+                ? {
+                    init: MultisigConfig.fromTuple(init),
+                }
+                : {}),
+        };
+    }
     throw new InvalidSerializedError({
-        reason: `Unknown signature type identifier: ${typeId}. Expected ${serializedP256Type} (P256), ${serializedWebAuthnType} (WebAuthn), ${serializedKeychainType} (Keychain V1), or ${serializedKeychainV2Type} (Keychain V2)`,
+        reason: `Unknown signature type identifier: ${typeId}. Expected ${serializedP256Type} (P256), ${serializedWebAuthnType} (WebAuthn), ${serializedKeychainType} (Keychain V1), ${serializedKeychainV2Type} (Keychain V2), or ${serializedMultisigType} (Multisig)`,
         serialized,
     });
 }
@@ -420,6 +465,17 @@ export function from(value, options) {
         'yParity' in value)
         return { signature: value, type: 'secp256k1' };
     const type = getType(value);
+    if (type === 'multisig') {
+        const multisig = value;
+        return {
+            ...multisig,
+            signatures: multisig.signatures.map((signature) => from(signature)),
+            // Normalize the bootstrap config (sorts owners, defaults the salt) so the
+            // in-memory envelope matches what `deserialize` reconstructs.
+            ...(multisig.init ? { init: MultisigConfig.from(multisig.init) } : {}),
+            type,
+        };
+    }
     return {
         ...value,
         ...(type === 'p256' ? { prehash: value.prehash } : {}),
@@ -532,14 +588,30 @@ export function fromRpc(envelope) {
         };
     }
     if (envelope.type === 'keychain' ||
-        ('userAddress' in envelope && 'signature' in envelope))
+        ('userAddress' in envelope && 'signature' in envelope)) {
+        const keychain = envelope;
         return {
             type: 'keychain',
-            userAddress: envelope.userAddress,
-            inner: fromRpc(envelope.signature),
-            ...(envelope.keyId ? { keyId: envelope.keyId } : {}),
-            ...(envelope.version ? { version: envelope.version } : {}),
+            userAddress: keychain.userAddress,
+            inner: fromRpc(keychain.signature),
+            ...(keychain.keyId ? { keyId: keychain.keyId } : {}),
+            ...(keychain.version ? { version: keychain.version } : {}),
         };
+    }
+    if (envelope.type === 'multisig' ||
+        ('account' in envelope &&
+            'configId' in envelope &&
+            'signatures' in envelope)) {
+        const multisig = envelope;
+        return {
+            type: 'multisig',
+            account: multisig.account,
+            configId: multisig.configId,
+            // Owner approvals are raw serialized signatures (node `Vec<Bytes>`).
+            signatures: multisig.signatures.map((signature) => deserialize(signature)),
+            ...(multisig.init ? { init: MultisigConfig.from(multisig.init) } : {}),
+        };
+    }
     throw new CoercionError({ envelope });
 }
 /**
@@ -590,6 +662,11 @@ export function getType(envelope) {
     // Detect Keychain signature
     if ('userAddress' in envelope && 'inner' in envelope)
         return 'keychain';
+    // Detect Multisig signature
+    if ('account' in envelope &&
+        'configId' in envelope &&
+        'signatures' in envelope)
+        return 'multisig';
     throw new CoercionError({
         envelope,
     });
@@ -645,8 +722,84 @@ export function serialize(envelope, options = {}) {
             : serializedKeychainV2Type;
         return Hex.concat(keychainTypeId, keychain.userAddress, serialize(keychain.inner), options.magic ? magicBytes : '0x');
     }
+    if (type === 'multisig') {
+        const multisig = envelope;
+        // Format: `0x05 || rlp([account, configId, signatures, init])`, where each
+        // owner approval is an encoded primitive signature. `init` is the bootstrap
+        // config (an RLP list) when present, otherwise the canonical empty-string
+        // placeholder (`0x` → RLP `0x80`).
+        return Hex.concat(serializedMultisigType, Rlp.fromHex([
+            multisig.account,
+            multisig.configId,
+            multisig.signatures.map((signature) => serialize(signature)),
+            multisig.init ? MultisigConfig.toTuple(multisig.init) : '0x',
+        ]), options.magic ? magicBytes : '0x');
+    }
     throw new CoercionError({ envelope });
 }
+/**
+ * Orders native multisig owner approvals into the strictly-ascending
+ * recovered-owner order the Tempo node requires for the multisig `signatures`
+ * array (the node enforces "recovered owners must be strictly ascending").
+ *
+ * Each approval is signed over the multisig owner approval digest
+ * ({@link ox#MultisigConfig.(getSignPayload:function)}), so the signer of
+ * every approval is recovered against that digest and the list is sorted by the
+ * recovered owner address. Works for any owner key type (secp256k1, p256,
+ * webAuthn, keychain).
+ *
+ * @example
+ * ```ts twoslash
+ * import { Secp256k1 } from 'ox'
+ * import { MultisigConfig, SignatureEnvelope, TxEnvelopeTempo } from 'ox/tempo'
+ *
+ * const config = MultisigConfig.from({
+ *   threshold: 2,
+ *   owners: [
+ *     { owner: '0x1111111111111111111111111111111111111111', weight: 1 },
+ *     { owner: '0x2222222222222222222222222222222222222222', weight: 1 },
+ *   ],
+ * })
+ * const configId = MultisigConfig.toId(config)
+ * const account = MultisigConfig.getAddress({ configId })
+ *
+ * const tx = TxEnvelopeTempo.from({ chainId: 1, calls: [] })
+ * const payload = TxEnvelopeTempo.getSignPayload(tx)
+ * const digest = MultisigConfig.getSignPayload({ payload, account, configId })
+ *
+ * const privateKeys = [Secp256k1.randomPrivateKey(), Secp256k1.randomPrivateKey()]
+ * const signatures = privateKeys.map((privateKey) =>
+ *   SignatureEnvelope.from(Secp256k1.sign({ payload: digest, privateKey })),
+ * )
+ *
+ * const ordered = SignatureEnvelope.sortMultisigApprovals({ // [!code focus]
+ *   account, // [!code focus]
+ *   configId, // [!code focus]
+ *   payload, // [!code focus]
+ *   signatures, // [!code focus]
+ * }) // [!code focus]
+ * ```
+ *
+ * @param value - The approval ordering parameters.
+ * @returns The owner approvals ordered ascending by recovered owner address.
+ */
+export function sortMultisigApprovals(value) {
+    const { account, configId, payload, signatures } = value;
+    const digest = MultisigConfig.getSignPayload({
+        account,
+        configId,
+        payload,
+    });
+    // Recover each signer once (decorate–sort–undecorate) rather than inside the
+    // comparator.
+    return signatures
+        .map((signature) => ({
+        key: Hex.toBigInt(extractAddress({ payload: digest, signature })),
+        signature,
+    }))
+        .sort((a, b) => (a.key < b.key ? -1 : a.key > b.key ? 1 : 0))
+        .map((entry) => entry.signature);
+}
 /**
  * Converts a signature envelope to RPC format.
  *
@@ -705,6 +858,17 @@ export function toRpc(envelope) {
             ...(keychain.version ? { version: keychain.version } : {}),
         };
     }
+    if (type === 'multisig') {
+        const multisig = envelope;
+        return {
+            type: 'multisig',
+            account: multisig.account,
+            configId: multisig.configId,
+            // Owner approvals are raw serialized signatures (node `Vec<Bytes>`).
+            signatures: multisig.signatures.map((signature) => serialize(signature)),
+            ...(multisig.init ? { init: multisig.init } : {}),
+        };
+    }
     throw new CoercionError({ envelope });
 }
 /**