fix: resolve all merge conflict markers from multisig escrow branch

Kept HEAD (master) versions which include requireMultisigAuth
security checks in all escrow routes.

Author: ralyodio

src/app/api/escrow/multisig/[id]/broadcast/route.ts

@@ -11,10 +11,7 @@ import {
   broadcastTransaction,
   broadcastTransactionSchema,
 } from '@/lib/multisig';
-<<<<<<< HEAD
 import { requireMultisigAuth } from '../../auth';
-=======
->>>>>>> feat/multisig-escrow
 
 function getSupabase() {
   const url = process.env.NEXT_PUBLIC_SUPABASE_URL;
@@ -28,12 +25,9 @@ export async function POST(
   { params }: { params: Promise<{ id: string }> },
 ) {
   try {
-<<<<<<< HEAD
     const auth = await requireMultisigAuth(request);
     if (!auth.ok) return auth.response;
 
-=======
->>>>>>> feat/multisig-escrow
     const { id: escrowId } = await params;
     const supabase = getSupabase();
     const body = await request.json();
@@ -60,11 +54,8 @@ export async function POST(
     return NextResponse.json({
       tx_hash: result.tx_hash,
       proposal: result.proposal,
-<<<<<<< HEAD
       broadcasted: result.broadcasted === true,
       stage: result.stage!,
-=======
->>>>>>> feat/multisig-escrow
     });
   } catch (error) {
     console.error('Failed to broadcast transaction:', error);

src/app/api/escrow/multisig/[id]/dispute/route.ts

@@ -12,10 +12,7 @@ import {
   disputeMultisigEscrow,
   disputeSchema,
 } from '@/lib/multisig';
-<<<<<<< HEAD
 import { requireMultisigAuth } from '../../auth';
-=======
->>>>>>> feat/multisig-escrow
 
 function getSupabase() {
   const url = process.env.NEXT_PUBLIC_SUPABASE_URL;
@@ -29,12 +26,9 @@ export async function POST(
   { params }: { params: Promise<{ id: string }> },
 ) {
   try {
-<<<<<<< HEAD
     const auth = await requireMultisigAuth(request);
     if (!auth.ok) return auth.response;
 
-=======
->>>>>>> feat/multisig-escrow
     const { id: escrowId } = await params;
     const supabase = getSupabase();
     const body = await request.json();

src/app/api/escrow/multisig/[id]/sign/route.ts

@@ -12,10 +12,7 @@ import {
   signProposal,
   signProposalSchema,
 } from '@/lib/multisig';
-<<<<<<< HEAD
 import { requireMultisigAuth } from '../../auth';
-=======
->>>>>>> feat/multisig-escrow
 
 function getSupabase() {
   const url = process.env.NEXT_PUBLIC_SUPABASE_URL;
@@ -29,12 +26,9 @@ export async function POST(
   { params }: { params: Promise<{ id: string }> },
 ) {
   try {
-<<<<<<< HEAD
     const auth = await requireMultisigAuth(request);
     if (!auth.ok) return auth.response;
 
-=======
->>>>>>> feat/multisig-escrow
     const { id: escrowId } = await params;
     const supabase = getSupabase();
     const body = await request.json();

src/app/api/escrow/multisig/route.ts

@@ -8,20 +8,13 @@
 
 import { NextRequest, NextResponse } from 'next/server';
 import { createClient } from '@supabase/supabase-js';
-<<<<<<< HEAD
-=======
-import { authenticateRequest } from '@/lib/auth/middleware';
->>>>>>> feat/multisig-escrow
 import {
   createMultisigEscrow,
   getMultisigEscrow,
   createMultisigEscrowSchema,
   isMultisigEnabled,
 } from '@/lib/multisig';
-<<<<<<< HEAD
 import { requireMultisigAuth } from './auth';
-=======
->>>>>>> feat/multisig-escrow
 
 function getSupabase() {
   const url = process.env.NEXT_PUBLIC_SUPABASE_URL;
@@ -43,41 +36,10 @@ export async function POST(request: NextRequest) {
       );
     }
 
-<<<<<<< HEAD
     const auth = await requireMultisigAuth(request);
     if (!auth.ok) return auth.response;
 
     const supabase = getSupabase();
-=======
-    const supabase = getSupabase();
-
-    // Authentication required
-    const authHeader = request.headers.get('authorization');
-    const apiKeyHeader = request.headers.get('x-api-key');
-
-    if (!authHeader && !apiKeyHeader) {
-      return NextResponse.json(
-        { error: 'Authentication required. Provide Authorization header or X-API-Key.' },
-        { status: 401 },
-      );
-    }
-
-    try {
-      const authResult = await authenticateRequest(supabase, authHeader || apiKeyHeader);
-      if (!authResult.success) {
-        return NextResponse.json(
-          { error: 'Invalid or expired authentication' },
-          { status: 401 },
-        );
-      }
-    } catch {
-      return NextResponse.json(
-        { error: 'Authentication failed' },
-        { status: 401 },
-      );
-    }
-
->>>>>>> feat/multisig-escrow
     const body = await request.json();
 
     // Validate input

src/lib/multisig/adapters/btc-multisig.test.ts

@@ -5,11 +5,8 @@
  */
 
 import { describe, it, expect, beforeEach } from 'vitest';
-<<<<<<< HEAD
 import * as bitcoin from 'bitcoinjs-lib';
 import * as secp256k1 from 'tiny-secp256k1';
-=======
->>>>>>> feat/multisig-escrow
 import { BtcMultisigAdapter } from './btc-multisig';
 
 // Sample compressed public keys (33 bytes hex)
@@ -142,7 +139,6 @@ describe('BtcMultisigAdapter', () => {
   });
 
   describe('verifySignature', () => {
-<<<<<<< HEAD
     it('should verify a valid secp256k1 signature against tx_hash_to_sign', async () => {
       const privkey = Buffer.alloc(32, 1);
       const pubkey = Buffer.from(secp256k1.pointFromScalar(privkey, true)!);
@@ -194,26 +190,6 @@ describe('BtcMultisigAdapter', () => {
         'BTC',
         { witness_script: 'abcdef', pubkeys: [PUB_KEY_2], tx_hash_to_sign: msgHash },
         'aa'.repeat(64),
-=======
-    it('should validate signature format', async () => {
-      // 64-byte signature (128 hex chars)
-      const validSig = 'aa'.repeat(64);
-      const valid = await adapter.verifySignature(
-        'BTC',
-        { witness_script: 'abcdef', pubkeys: [PUB_KEY_1] },
-        validSig,
-        PUB_KEY_1,
-      );
-      expect(valid).toBe(true);
-    });
-
-    it('should reject unknown pubkey', async () => {
-      const validSig = 'aa'.repeat(64);
-      const valid = await adapter.verifySignature(
-        'BTC',
-        { witness_script: 'abcdef', pubkeys: [PUB_KEY_2] },
-        validSig,
->>>>>>> feat/multisig-escrow
         PUB_KEY_1, // not in pubkeys list
       );
       expect(valid).toBe(false);

src/lib/multisig/adapters/btc-multisig.ts

@@ -19,10 +19,7 @@
  */
 
 import * as bitcoin from 'bitcoinjs-lib';
-<<<<<<< HEAD
 import * as secp256k1 from 'tiny-secp256k1';
-=======
->>>>>>> feat/multisig-escrow
 import type { ChainAdapter } from './interface';
 import type {
   MultisigChain,
@@ -245,26 +242,14 @@ export class BtcMultisigAdapter implements ChainAdapter {
   ): Promise<boolean> {
     try {
       const pubkeyBuf = parsePubkey(signerPubkey);
-<<<<<<< HEAD
       const txHash = txData.tx_hash_to_sign as string | undefined;
 
       // Check that the pubkey is one of the expected participants when provided.
-=======
-      const sigBuf = Buffer.from(signature, 'hex');
-
-      // Verify the hash matches the pubkey and signature
-      // In production, this would verify the actual PSBT input signature
-      const witnessScript = txData.witness_script as string;
-      if (!witnessScript) return false;
-
-      // Check that the pubkey is one of the multisig participants
->>>>>>> feat/multisig-escrow
       const pubkeys = txData.pubkeys as string[] | undefined;
       if (pubkeys && !pubkeys.includes(signerPubkey)) {
         return false;
       }
 
-<<<<<<< HEAD
       // tx_hash_to_sign is required for cryptographic verification.
       // Fail closed when missing/malformed.
       if (!txHash || txHash.length !== 64) {
@@ -289,10 +274,6 @@ export class BtcMultisigAdapter implements ChainAdapter {
         if (sigBuf.length !== 64) return false;
         return secp256k1.verify(msgHash, pubkeyBuf, sigBuf);
       }
-=======
-      // Basic signature format validation (DER-encoded or Schnorr)
-      return sigBuf.length >= 64 && pubkeyBuf.length >= 33;
->>>>>>> feat/multisig-escrow
     } catch {
       return false;
     }
@@ -312,11 +293,7 @@ export class BtcMultisigAdapter implements ChainAdapter {
     }
 
     if (signatures.length < 2) {
-<<<<<<< HEAD
       return { tx_hash: '', success: false, broadcasted: false };
-=======
-      return { tx_hash: '', success: false };
->>>>>>> feat/multisig-escrow
     }
 
     // In production:
@@ -334,10 +311,7 @@ export class BtcMultisigAdapter implements ChainAdapter {
     return {
       tx_hash: txid,
       success: true,
-<<<<<<< HEAD
       broadcasted: false,
-=======
->>>>>>> feat/multisig-escrow
     };
   }
 }

src/lib/multisig/adapters/evm-safe.ts

@@ -214,19 +214,11 @@ export class EvmSafeAdapter implements ChainAdapter {
       ethers.ZeroAddress, // paymentReceiver
     ]);
 
-<<<<<<< HEAD
     // Generate deterministic salt from stable multisig parameters
     const saltNonce = BigInt(ethers.keccak256(
       ethers.solidityPacked(
         ['address', 'address', 'address', 'uint256'],
         [owners[0], owners[1], owners[2], threshold],
-=======
-    // Generate deterministic salt from participants
-    const saltNonce = BigInt(ethers.keccak256(
-      ethers.solidityPacked(
-        ['address', 'address', 'address', 'uint256'],
-        [owners[0], owners[1], owners[2], Date.now()],
->>>>>>> feat/multisig-escrow
       ),
     ));
 
@@ -407,19 +399,12 @@ export class EvmSafeAdapter implements ChainAdapter {
       packedSignatures,
     ]);
 
-<<<<<<< HEAD
     // Return a deterministic id for the prepared payload.
     // NOTE: this does NOT broadcast to chain yet.
     return {
       tx_hash: ethers.keccak256(execData),
       success: true,
       broadcasted: false,
-=======
-    // Return the prepared transaction for relay/execution
-    return {
-      tx_hash: ethers.keccak256(execData),
-      success: true,
->>>>>>> feat/multisig-escrow
     };
   }
 }

src/lib/multisig/adapters/solana-multisig.test.ts

@@ -5,11 +5,8 @@
  */
 
 import { describe, it, expect, beforeEach } from 'vitest';
-<<<<<<< HEAD
 import nacl from 'tweetnacl';
 import bs58 from 'bs58';
-=======
->>>>>>> feat/multisig-escrow
 import { SolanaMultisigAdapter } from './solana-multisig';
 
 // Valid Solana base58 public keys (system program and well-known program addresses)
@@ -108,7 +105,6 @@ describe('SolanaMultisigAdapter', () => {
   });
 
   describe('verifySignature', () => {
-<<<<<<< HEAD
     it('should verify a valid Ed25519 signature against tx_hash_to_sign', async () => {
       const keypair = nacl.sign.keyPair();
       const signerPubkey = bs58.encode(Buffer.from(keypair.publicKey));
@@ -153,26 +149,6 @@ describe('SolanaMultisigAdapter', () => {
         { members: [SOL_PK_2], tx_hash_to_sign: msgHash.toString('hex') },
         Buffer.from(signature).toString('hex'),
         signerPubkey,
-=======
-    it('should accept valid Ed25519 signature format (64 bytes)', async () => {
-      const sig64bytes = 'aa'.repeat(64); // 64 bytes as hex
-      const valid = await adapter.verifySignature(
-        'SOL',
-        { members: [SOL_PK_1] },
-        sig64bytes,
-        SOL_PK_1,
-      );
-      expect(valid).toBe(true);
-    });
-
-    it('should reject signer not in members list', async () => {
-      const sig64bytes = 'aa'.repeat(64);
-      const valid = await adapter.verifySignature(
-        'SOL',
-        { members: [SOL_PK_2] },
-        sig64bytes,
-        SOL_PK_1, // not in members
->>>>>>> feat/multisig-escrow
       );
       expect(valid).toBe(false);
     });