feat: migrate to TypeScript (+ types, vitest, build in CI)#4
Merged
Conversation
Part A — TypeScript migration: - Convert src/*.js -> src/*.ts; add tsconfig.json (strict, NodeNext ESM, declaration output to dist/) mirroring the ecosystem style. - Export proper types/interfaces for the parsed-transaction shape (ParsedTransaction), the chunk shape (Chunk), B/MAP data (BData, MapData), ExtractedProtocols, engine options (EngineOptions, Engine, Subscription), and AipVerifyResult — re-exported from index for consumer autocomplete. - package.json: build script (tsc), main/types/exports point at dist/, vitest as the test runner, typescript + @types devDeps. npm test works. - CI now also runs npm run build (keeps npm install, no lockfile). - parseScript opcode handling (0x4c/0x4d/0x4e + direct pushes) ported faithfully. Part B — real AIP (BITCOIN_ECDSA) signature verification: - New src/aip.ts. Mirrors the proven Go indexer preimage construction EXACTLY: the preimage is the concatenated decoded CONTENT bytes of chunks[0 .. aipStartIdx+2] (B/MAP pushes, pipe separators, AIP prefix, "BITCOIN_ECDSA", signing address) — pushdata length prefixes and the OP_FALSE OP_RETURN prefix are NOT included, and the signature push is excluded. - Computes the Bitcoin-Signed-Message digest via @bsv/sdk BSM.magicHash, recovers the pubkey from the 65-byte compact signature (Signature.fromCompact + RecoverPublicKey, recovery id from the header byte), derives the P2PKH address (PublicKey.toAddress) and compares to the claimed signer. Also matches the compressed-pubkey-hex signer variant. - extractProtocols now returns signerVerified + signerAddress alongside the backward-compatible claimed signer. ParsedTransaction carries them through. - BRC-77 deliberately NOT ported — generic AIP only. Part C — real-crypto tests (vitest): - aip.test.ts signs a canonical preimage with a real secp256k1 key and asserts verify=true with the recovered address matching; negative cases (tampered content, spoofed address, legacy sha256(content) shortcut, truncated block) assert false. 17 tests pass locally; the negatives were confirmed load-bearing (forcing verified=true makes them fail). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…on removed The TypeScript migration (types, vitest, build-in-CI, exported types) stays. The AIP *signature verification* is removed: it failed against real-world AIP data and we don't want unproven crypto in a public library. - Delete src/aip.ts and test/aip.test.ts - Remove verifyAip/buildAipPreimage/AIP_PROTOCOL/AipVerifyResult exports - Drop signerVerified/signerAddress from ExtractedProtocols, ParsedTransaction, and the engine per-tx object; keep `signer` as the claimed (unverified) signing address extracted from the AIP BITCOIN_ECDSA block (backward compatible) - README: stop claiming verification; annotate `signer` as claimed/unverified and add an honest "A note on AIP verification" section explaining the deliberate scope decision (verified authorship belongs in an identity layer) Build clean, 11/11 tests green, no dangling references to the removed module. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
kryp2
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this lands
Migrates
junglebus-indexerto TypeScript with full type definitions, vitest tests, and a build step wired into CI.engine,parser,db,indexwith exported types (ParsedTransaction,ExtractedProtocols,Chunk,BData,MapData,EngineOptions,Engine,Subscription)tscbuildsignerfield onextractProtocols/ParsedTransactionexposes the claimed signing address from the AIP block (backward compatible)Scope decision: AIP signature verification left out (intentional)
The branch originally also added AIP ECDSA signature verification. That has been deliberately removed before merge: it failed against real-world on-chain AIP data, and we don't want unproven crypto shipping in a public library.
The large majority of historical on-chain AIP data is absent, malformed, or uses non-standard signing variants, so signature verification yields little reliable signal in practice. Verified authorship belongs in an identity layer (e.g. BRC-100 / overlay-based identity), not a generic transaction indexer.
So this PR extracts the claimed
signeraddress only and documents it as an unverified hint. See the new "A note on AIP verification" section in the README for the full rationale, so reviewers aren't surprised by the missing verification.Verification
npm run build— clean (tsc)npm test— 11/11 greenaipmodule (grep verifyAip|signerVerified|buildAipPreimage|AipVerify src testreturns nothing)🤖 Generated with Claude Code