Arkade script support

[louisinger]

Adds full client-side support for https://github.com/ArkLabsHQ/introspector and ArkadeScript

What's included

• Arkade opcodes & script codec — encode/decode Arkade extension opcodes (0xc4–0xf2) alongside standard Bitcoin opcodes, with ASM conversion helpers
• Script tweaking — compute introspector-bound public keys via tagged hash (ArkScriptHash) point addition
• ArkadeVtxoScript — extends VtxoScript to support arkade-enhanced tapscript leaves with automatic key tweaking
• Introspector provider — REST client for the introspector co-signing service (info, intent submission, finalization)
• Batch handler — createArkadeBatchHandler handles the full boarding + settlement flow with introspector co-signing
• PSBT fields — new ArkadeScript and ArkadeScriptWitness unknown fields, plus stricter key matching in existing field decoders
• Docker setup — docker-compose.yml and introspector.Dockerfile for local development

Tests

• Unit tests for opcodes, script encoding/decoding, ASM conversion, and key tweaking
• E2E tests covering boarding, settlement, and combined flows against a local Ark + introspector stack (with and without assets)

@Kukks @tiero please review

Summary by CodeRabbit

• New Features

  • Arkade scripting and VTXO support (ASM, opcode extensions, tweaked pubkeys).
  • Introspector service and REST client for intent/tx/finalization flows.
  • Contract system: ContractManager, ContractWatcher and built-in handlers (Default/Delegate/VHTLC).
  • Expo background tasks and an Expo-backed wallet with background/foreground processing.
  • MessageBus/service-worker wallet updater for typed wallet messaging.

• Repositories / Storage

  • New repository implementations: IndexedDB, SQLite, Realm, and in-memory; migration helpers and storage config.

• Tests

  • Extensive unit and end-to-end test coverage for Arkade, contracts, and flows.

[arkanaai]

🔍 Arkana PR Review — #319 (Arkade script support)

Scope: +5,677 / -217 across 48 files. Adds full client-side Arkade script support: opcodes, script codec, key tweaking, introspector provider, batch handler, banco swap maker/taker, PSBT field improvements, extension refactoring, and comprehensive tests.

---

✅ Strengths

1. Clean opcode registry (src/arkade/opcodes.ts): Bidirectional mappings with getOpcodeName/getOpcodeValue helpers. Covers the full range 0xb3, 0xc4–0xf3 matching the Go introspector reference.

2. ArkadeScript CoderType (src/arkade/script.ts): Correctly extends the @scure/btc-signer Script pattern. The encoder/decoder handles standard Bitcoin data pushes (OP_0, OP_1–OP_16, PUSHDATA1/2/4) alongside Arkade extension opcodes. Round-trip fidelity is validated by tests.

3. Key tweaking (src/arkade/tweak.ts): Uses BIP-340 tagged hash with "ArkScriptHash" tag, matches the Go introspector's lift_x → even-Y convention. The computeArkadeScriptPublicKey correctly forces even Y via "02" + xOnly before point addition.

4. ArkadeVtxoScript (src/arkade/vtxoScript.ts): Elegant design — extends VtxoScript, auto-tweaks introspector keys before encoding into taproot tree, and tracks arkade leaf indices via ReadonlyMap. The processScripts helper is well-factored.

5. Batch handler (src/arkade/batch.ts): Correctly handles the dual boarding+settlement flow. Properly separates boarding inputs (signed on commitment tx) from settlement inputs (forfeit txs via connectors). The introspector finalization step is correctly sequenced after user signing.

6. PSBT field matching fix (src/utils/unknownFields.ts): The checkKeyIncludes → checkKeyMatch rename with prefixOnly flag is a real bug fix — the old .includes() on hex strings could match partial key overlaps. The v !== null check (replacing truthy v) correctly allows zero/empty values.

7. Extension refactoring: Moving BufferReader/BufferWriter to src/extension/utils.ts with CompactSize support, adding IntrospectorPacket and BancoOffer packet types — clean architecture.

8. Test coverage: 776-line unit test suite covers opcodes, encoding, ASM, VtxoScript construction, witness hashing. E2E tests against local Ark+introspector stack.

---

⚠️ Concerns & Questions

Security

1. Hardcoded introspector secret key in docker-compose (docker-compose.yml:107):

   INTROSPECTOR_SECRET_KEY=b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9a0b1c4
   

   This is fine for local dev/testing. Just ensure this key is never referenced in production configs or documentation as a default. Consider adding a comment like # DEV ONLY — DO NOT USE IN PRODUCTION.

2. Scalar reduction in computeArkadeScriptPublicKey (src/arkade/tweak.ts:67):

   const scalar = bytesToBigInt(hash) % secp256k1.Point.CURVE().n || 1n;

   The || 1n fallback handles the astronomically unlikely case where hash mod n == 0, which would produce the point at infinity. This is correct and defensive. However, the Go introspector should have equivalent handling — have you verified that the Go side also handles this edge case identically? A mismatch here would cause signing failures.

3. Banco partial-fill scripts — integer division truncation: In src/banco/taker.ts:198:

   const consumed = (fillAmount * offer.ratioNum!) / offer.ratioDen!;

   BigInt division truncates. The introspector's script verification must use the same truncation semantics. Is this confirmed to match the LE64 DIV64 opcode behavior in the introspector VM?

4. No nonce reuse protection in batch handler: The onTreeNonces handler calls session.sign() after aggregating nonces. If the same session object is reused across multiple batch attempts (e.g., server restarts a round), this could lead to nonce reuse in MuSig2. Is the SignerSession designed to be single-use? Worth a comment if so.

Protocol Correctness

5. VtxoScript.pkScript change (src/script/base.ts):
   The getter get pkScript() was replaced with a readonly property set in the constructor:

   this.pkScript = payment.script;

   This is semantically equivalent (both produce the same P2TR scriptPubKey) but uses @scure/btc-signer's computed payment.script instead of manually encoding [OP_1, tweakedPubkey]. This is correct and cleaner. Just noting it's a behavioral change that downstream consumers should be aware of.

6. Offer TLV encoding uses big-endian while the covenant scripts use LE64 for ratio values. This is internally consistent (wire format ≠ script format), but worth documenting to avoid future confusion.

7. assetForBtcScript and assetForAssetScript — these partial-fill scripts are complex (~100 opcodes each). They need to be verified against the introspector's expected execution model. Are there specific test vectors from the Go side that validate these scripts produce identical results?

Nits

8. src/worker/expo/index.ts: The diff shows runTasks moved from a regular export to a type export position. If runTasks is a runtime function (not just a type), this would be a breaking change for consumers.

9. server.Dockerfile:8: Branch changed from v0.9.0 to v0.9.0-rc.4. This is fine for testing but should be bumped to a stable release before merging to master.

10. FULMINE_DELEGATOR_FEE=0 removed from docker-compose. Intentional? This changes default behavior for the local dev stack.

---

🔗 Cross-Repo Impact

• arkade-os/introspector: The opcodes in opcodes.ts must stay in sync with pkg/arkade/opcode.go. The tagged hash tag strings ("ArkScriptHash", "ArkWitnessHash") must match exactly.
• ArkLabsHQ/introspector: REST API endpoints (/v1/info, /v1/tx, /v1/intent, /v1/finalization) and their request/response schemas must be aligned.
• arkade-os/wallet: The Recipient.extensions field addition and ExtensionPacket plumbing in wallet.ts are additive and backward-compatible.

---

Summary

This is a well-structured, significant feature addition. The core cryptographic operations (key tweaking, script encoding) look correct. The main risks are in the complex banco partial-fill scripts where any divergence from the introspector's execution semantics would cause silent failures. I'd recommend cross-validating the partial-fill script test vectors against the Go introspector test suite before merging.

The PSBT checkKeyMatch fix is a genuine security improvement worth highlighting.

Overall: strong work, needs cross-repo validation of the covenant scripts.

[arkanaai]

🔍 Arkana PR Review — #319 (incremental: 8eb98de)

Scope of new changes (since last review 2026-04-03): 2 commits — merge from master + introspector v0.0.1 update. +1,552 / -76 across 16 files.

✅ Looks good

• src/arkade/bignum.ts — encodeFixed sign-bit manipulation is correct; traces through positive, negative, and zero cases without data corruption.
• src/arkade/opcodes.ts — INSPECTPACKET (0xf4) / INSPECTINPUTPACKET (0xf5) correctly extend the opcode range.
• src/utils/unknownFields.ts — PrevArkTxField and PrevoutTxField encode/decode are symmetric and key-strings are distinct. Correct.
• src/extension/index.ts — getPackets() returns readonly, prevents mutation. Clean.
• src/providers/introspector.ts:221-245 — submitOnchainTx has proper error handling and response validation. Consistent with existing submit methods.
• E2E tests — All negative test cases genuinely test what they claim (wrong dest, wrong amount, missing packet, wrong prevout, arkd-signer-in-tapscript). enforcePayTo and enforceSelfSend match the Go reference implementations opcode-for-opcode.
• Test helpers (addIntrospectorPacket, randomP2TR, waitForUtxo) — correctly handle extension merge/insert logic and P2A anchor positioning.
• No cross-repo breakage — new APIs (submitOnchainTx, PrevArkTxField, PrevoutTxField, BigNum, new opcodes) are additive. No downstream SDK consumers found.

⚠️ Minor findings (non-blocking)

1. src/arkade/script.ts:66-72 — bigint MINIMALDATA concern: bigint values 1n–16n bypass the small-integer opcode optimization (OP_1–OP_16) and produce data pushes instead. If the arkade VM enforces MINIMALDATA, this would cause script failures. Currently not triggered by any code in the PR (all bigint usage is for amounts >> 16), but it's a latent footgun. Consider adding the small-integer check for bigint too:

   if (typeof o === "bigint" && o >= 1n && o <= 16n) {
     w.byte(Number(o) + 0x50); continue;
   }

2. Missing negative E2E tests (nice-to-have):

   • HTLC: no "wrong preimage" test — would confirm HASH160 <hash> EQUAL enforcement
   • Delegate: no "version 3" test — would confirm the v2-only gate that blocks off-chain Ark txs
   • Onchain: no "wrong destination, correct amount" test — would isolate the INSPECTOUTPUTSCRIPTPUBKEY check path

3. Design note (codebase-wide, not new): submitOnchainTx (and all submit* methods) trust the introspector's response without verifying outputs haven't been tampered with. Callers should verify the returned PSBT preserves their intended outputs. Not a regression — consistent with existing patterns.

Verdict

The introspector v0.0.1 update is clean. BigNum encoding is correct, new PSBT fields are symmetric, new opcodes are properly registered, and test coverage is solid with meaningful negative cases. The signing flow change (introspector auto-finalizes as last non-arkd signer) simplifies the client flow and the tests correctly adapt.

Approving — no protocol-correctness or security issues found. The MINIMALDATA concern is latent and not triggered by current code.

Review by Arkana 🔍 — [Agent: pr-reviewer]

Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com

[arkanaai]

🔍 Arkana PR Review — #319 (incremental: 8eb98de)

Scope of new changes (since last review 2026-04-03): 2 commits — merge from master + introspector v0.0.1 update. +1,552 / -76 across 16 files.

✅ Looks good

• src/arkade/bignum.ts — encodeFixed sign-bit manipulation is correct; traces through positive, negative, and zero cases without data corruption.
• src/arkade/opcodes.ts — INSPECTPACKET (0xf4) / INSPECTINPUTPACKET (0xf5) correctly extend the opcode range.
• src/utils/unknownFields.ts — PrevArkTxField and PrevoutTxField encode/decode are symmetric and key-strings are distinct. Correct.
• src/extension/index.ts — getPackets() returns readonly, prevents mutation. Clean.
• src/providers/introspector.ts:221-245 — submitOnchainTx has proper error handling and response validation. Consistent with existing submit methods.
• E2E tests — All negative test cases genuinely test what they claim (wrong dest, wrong amount, missing packet, wrong prevout, arkd-signer-in-tapscript). enforcePayTo and enforceSelfSend match the Go reference implementations opcode-for-opcode.
• Test helpers (addIntrospectorPacket, randomP2TR, waitForUtxo) — correctly handle extension merge/insert logic and P2A anchor positioning.
• No cross-repo breakage — new APIs (submitOnchainTx, PrevArkTxField, PrevoutTxField, BigNum, new opcodes) are additive. No downstream SDK consumers found.

⚠️ Minor findings (non-blocking)

1. src/arkade/script.ts:66-72 — bigint MINIMALDATA concern: bigint values 1n–16n bypass the small-integer opcode optimization (OP_1–OP_16) and produce data pushes instead. If the arkade VM enforces MINIMALDATA, this would cause script failures. Currently not triggered by any code in the PR (all bigint usage is for amounts >> 16), but it's a latent footgun. Consider adding the small-integer check for bigint too:

   if (typeof o === "bigint" && o >= 1n && o <= 16n) {
     w.byte(Number(o) + 0x50); continue;
   }

2. Missing negative E2E tests (nice-to-have):

   • HTLC: no "wrong preimage" test — would confirm HASH160 <hash> EQUAL enforcement
   • Delegate: no "version 3" test — would confirm the v2-only gate that blocks off-chain Ark txs
   • Onchain: no "wrong destination, correct amount" test — would isolate the INSPECTOUTPUTSCRIPTPUBKEY check path

3. Design note (codebase-wide, not new): submitOnchainTx (and all submit* methods) trust the introspector's response without verifying outputs haven't been tampered with. Callers should verify the returned PSBT preserves their intended outputs. Not a regression — consistent with existing patterns.

Verdict

The introspector v0.0.1 update is clean. BigNum encoding is correct, new PSBT fields are symmetric, new opcodes are properly registered, and test coverage is solid with meaningful negative cases. The signing flow change (introspector auto-finalizes as last non-arkd signer) simplifies the client flow and the tests correctly adapt.

Approving — no protocol-correctness or security issues found. The MINIMALDATA concern is latent and not triggered by current code.

Review by Arkana 🔍 — [Agent: pr-reviewer]

Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com

[arkanaai]

🔍 Arkana PR Review — #319 (incremental: 1673ce4d)

Review by Arkana 🔍 — [Agent: pr-reviewer]

Scope since last review (8eb98de): 1 functional commit + 1 merge from master.

1673ce4d — fix minimal data number encoding (src/arkade/script.ts:62-73)

This directly addresses the MINIMALDATA concern I flagged in my previous review. The fix:

• Merges the number and bigint branches into a single typeof o === "number" || typeof o === "bigint" check
• Adds OP_0 handling for 0n (o === 0 || o === 0n) — uses strict equality, correct since 0n === 0 is false in JS
• Extends OP_1–OP_16 small-integer encoding to bigint values via Number(o) coercion after the range check
• JS comparison operators (>=, <=) support mixed bigint/number operands, so 1n >= 1 and 16n <= 16 work correctly
• Negative numbers (-1, -1n) correctly fall through to BigNum encoding

The comment about Arkade VM enforcing MINIMALDATA is a good addition for future maintainers.

One note: No unit test was added for bigint MINIMALDATA encoding (e.g., ArkadeScript.encode([0n, 1n, 16n, 17n]) round-trip). Consider adding one to prevent regression.

Master merge (c1b01a86)

Two PR-touched files were modified by the merge:

• src/extension/index.ts: import path .js extension fix — trivial, correct
• src/utils/unknownFields.ts: bip68.decode → centralized sequenceToTimelock helper — clean refactor from master, no semantic change

No conflicts. No issues.

Approving — the MINIMALDATA fix is correct and addresses the last open concern.

Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com

[arkanaai]

🔍 Arkana PR Review — #319 (incremental: bf176026)

Review by Arkana 🔍 — [Agent: pr-reviewer]

Scope since last review (1673ce4d): 1 merge from master + 1 fix commit.

bf176026 — fix runTask import (src/worker/expo/index.ts)

Fixes a real bug I flagged in my first review (concern #8). runTasks is an async function (value export), not a type — placing it inside export type { ... } caused TypeScript to erase it, making it undefined at runtime for any consumer importing from the barrel.

The fix:

• Removes runTasks from the export type { ... } block
• Adds export { runTasks, createTaskDependencies } as a value re-export
• createTaskDependencies was also missing from the barrel — good catch including it

Verified: both runTasks (line 54) and createTaskDependencies (line 125) in taskRunner.ts are runtime function exports. The type-only re-exports (TaskProcessor, TaskDependencies, CreateTaskDependenciesOptions) remain correctly in the export type block.

No protocol-critical code touched. Approving.

Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com

[Kukks]

Cleaned-up replay in #532 — same arkade/introspector content, replayed onto current master and sequenced by topic (committed by @louisinger via --author).

What's different from this PR:

• Drops the committed dist/ artefacts (~60k LOC) — the un-ignore of dist in packages/ts-sdk/.gitignore is also gone. Consumers who need a prebuilt for git-based installs should use prepare.
• Skips reverts that would undo recent master fixes/perf this branch was unaware of: chore: deprecate URL string args in wallet config #511 (delegate-info validation), feat(vtxo-manager): per-call threshold on renewVtxos #512 (renewVtxos per-call threshold), chore: follow-up cleanups for delegator → delegate rename #520 (delegate normalisation), fix: widen RealmLike.create mode to boolean | string #527 (Realm create mode), perf: memoize per-contract tapscripts in annotateVtxos (#521) #529/chore: rename delegator -> delegate #519 (per-contract tapscript memoisation + clone), fix: suppress duplicate history entries for swept boarding deposits #530/[codex] Fix duplicate boarding refill history entries #531 (boarding-receive dedup).
• Drops the unrelated boltz-swap refactor and the test renames (delegate* → delegator*) — those weren't part of the arkade scope.

Leaving this PR open for reference and so you can pick it up if there's anything in #532 that doesn't capture your intent. Happy to close once you've had a look.

[tiero]

Why dist folder is committed?

[tiero]

can you explain? Seems to be good opportunity to abstract it in a way where we don't make developer aware of the packet and tweaking?

[tiero]

why plural?