profullstack
diff --git a/‎src/app/api/escrow/multisig/[id]/broadcast/route.ts‎
Lines changed: 9 additions & 0 deletions b/‎src/app/api/escrow/multisig/[id]/broadcast/route.ts‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎src/app/api/escrow/multisig/[id]/dispute/route.ts‎
Lines changed: 6 additions & 0 deletions b/‎src/app/api/escrow/multisig/[id]/dispute/route.ts‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎src/app/api/escrow/multisig/[id]/propose/route.ts‎
Lines changed: 63 additions & 0 deletions b/‎src/app/api/escrow/multisig/[id]/propose/route.ts‎
Lines changed: 63 additions & 0 deletions
diff --git a/‎src/app/api/escrow/multisig/[id]/sign/route.ts‎
Lines changed: 6 additions & 0 deletions b/‎src/app/api/escrow/multisig/[id]/sign/route.ts‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎src/app/api/escrow/multisig/route.ts‎
Lines changed: 38 additions & 0 deletions b/‎src/app/api/escrow/multisig/route.ts‎
Lines changed: 38 additions & 0 deletions
diff --git a/‎src/lib/multisig/adapters/btc-multisig.test.ts‎
Lines changed: 24 additions & 0 deletions b/‎src/lib/multisig/adapters/btc-multisig.test.ts‎
Lines changed: 24 additions & 0 deletions
diff --git a/‎src/lib/multisig/adapters/btc-multisig.ts‎
Lines changed: 26 additions & 0 deletions b/‎src/lib/multisig/adapters/btc-multisig.ts‎
Lines changed: 26 additions & 0 deletions
diff --git a/‎src/lib/multisig/adapters/evm-safe.ts‎
Lines changed: 15 additions & 0 deletions b/‎src/lib/multisig/adapters/evm-safe.ts‎
Lines changed: 15 additions & 0 deletions
@@ -11,7 +11,10 @@ import {
   broadcastTransaction,
   broadcastTransactionSchema,
 } from '@/lib/multisig';
+<<<<<<< HEAD
 import { requireMultisigAuth } from '../../auth';
+=======
+>>>>>>> feat/multisig-escrow
 
 function getSupabase() {
   const url = process.env.NEXT_PUBLIC_SUPABASE_URL;
@@ -25,9 +28,12 @@ export async function POST(
   { params }: { params: Promise<{ id: string }> },
 ) {
   try {
+<<<<<<< HEAD
     const auth = await requireMultisigAuth(request);
     if (!auth.ok) return auth.response;
 
+=======
+>>>>>>> feat/multisig-escrow
     const { id: escrowId } = await params;
     const supabase = getSupabase();
     const body = await request.json();
@@ -54,8 +60,11 @@ export async function POST(
     return NextResponse.json({
       tx_hash: result.tx_hash,
       proposal: result.proposal,
+<<<<<<< HEAD
       broadcasted: result.broadcasted === true,
       stage: result.stage!,
+=======
+>>>>>>> feat/multisig-escrow
     });
   } catch (error) {
     console.error('Failed to broadcast transaction:', error);
 
@@ -12,7 +12,10 @@ import {
   disputeMultisigEscrow,
   disputeSchema,
 } from '@/lib/multisig';
+<<<<<<< HEAD
 import { requireMultisigAuth } from '../../auth';
+=======
+>>>>>>> feat/multisig-escrow
 
 function getSupabase() {
   const url = process.env.NEXT_PUBLIC_SUPABASE_URL;
@@ -26,9 +29,12 @@ export async function POST(
   { params }: { params: Promise<{ id: string }> },
 ) {
   try {
+<<<<<<< HEAD
     const auth = await requireMultisigAuth(request);
     if (!auth.ok) return auth.response;
 
+=======
+>>>>>>> feat/multisig-escrow
     const { id: escrowId } = await params;
     const supabase = getSupabase();
     const body = await request.json();
 
@@ -0,0 +1,63 @@
+/**
+ * POST /api/escrow/multisig/:id/propose
+ *
+ * Propose a transaction (release or refund) for a multisig escrow.
+ * Returns transaction data that signers need to sign.
+ */
+
+import { NextRequest, NextResponse } from 'next/server';
+import { createClient } from '@supabase/supabase-js';
+import {
+  proposeTransaction,
+  proposeTransactionSchema,
+} from '@/lib/multisig';
+
+function getSupabase() {
+  const url = process.env.NEXT_PUBLIC_SUPABASE_URL;
+  const key = process.env.SUPABASE_SERVICE_ROLE_KEY;
+  if (!url || !key) throw new Error('Supabase not configured');
+  return createClient(url, key);
+}
+
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> },
+) {
+  try {
+    const { id: escrowId } = await params;
+    const supabase = getSupabase();
+    const body = await request.json();
+
+    // Validate input
+    const parsed = proposeTransactionSchema.safeParse(body);
+    if (!parsed.success) {
+      return NextResponse.json(
+        { error: parsed.error.errors[0].message },
+        { status: 400 },
+      );
+    }
+
+    const result = await proposeTransaction(
+      supabase,
+      escrowId,
+      parsed.data.proposal_type,
+      parsed.data.to_address,
+      parsed.data.signer_pubkey,
+    );
+
+    if (!result.success) {
+      return NextResponse.json({ error: result.error }, { status: 400 });
+    }
+
+    return NextResponse.json({
+      proposal: result.proposal,
+      tx_data: result.tx_data,
+    }, { status: 201 });
+  } catch (error) {
+    console.error('Failed to propose transaction:', error);
+    return NextResponse.json(
+      { error: 'Internal server error' },
+      { status: 500 },
+    );
+  }
+}
@@ -12,7 +12,10 @@ import {
   signProposal,
   signProposalSchema,
 } from '@/lib/multisig';
+<<<<<<< HEAD
 import { requireMultisigAuth } from '../../auth';
+=======
+>>>>>>> feat/multisig-escrow
 
 function getSupabase() {
   const url = process.env.NEXT_PUBLIC_SUPABASE_URL;
@@ -26,9 +29,12 @@ export async function POST(
   { params }: { params: Promise<{ id: string }> },
 ) {
   try {
+<<<<<<< HEAD
     const auth = await requireMultisigAuth(request);
     if (!auth.ok) return auth.response;
 
+=======
+>>>>>>> feat/multisig-escrow
     const { id: escrowId } = await params;
     const supabase = getSupabase();
     const body = await request.json();
 
@@ -8,13 +8,20 @@
 
 import { NextRequest, NextResponse } from 'next/server';
 import { createClient } from '@supabase/supabase-js';
+<<<<<<< HEAD
+=======
+import { authenticateRequest } from '@/lib/auth/middleware';
+>>>>>>> feat/multisig-escrow
 import {
   createMultisigEscrow,
   getMultisigEscrow,
   createMultisigEscrowSchema,
   isMultisigEnabled,
 } from '@/lib/multisig';
+<<<<<<< HEAD
 import { requireMultisigAuth } from './auth';
+=======
+>>>>>>> feat/multisig-escrow
 
 function getSupabase() {
   const url = process.env.NEXT_PUBLIC_SUPABASE_URL;
@@ -36,10 +43,41 @@ export async function POST(request: NextRequest) {
       );
     }
 
+<<<<<<< HEAD
     const auth = await requireMultisigAuth(request);
     if (!auth.ok) return auth.response;
 
     const supabase = getSupabase();
+=======
+    const supabase = getSupabase();
+
+    // Authentication required
+    const authHeader = request.headers.get('authorization');
+    const apiKeyHeader = request.headers.get('x-api-key');
+
+    if (!authHeader && !apiKeyHeader) {
+      return NextResponse.json(
+        { error: 'Authentication required. Provide Authorization header or X-API-Key.' },
+        { status: 401 },
+      );
+    }
+
+    try {
+      const authResult = await authenticateRequest(supabase, authHeader || apiKeyHeader);
+      if (!authResult.success) {
+        return NextResponse.json(
+          { error: 'Invalid or expired authentication' },
+          { status: 401 },
+        );
+      }
+    } catch {
+      return NextResponse.json(
+        { error: 'Authentication failed' },
+        { status: 401 },
+      );
+    }
+
+>>>>>>> feat/multisig-escrow
     const body = await request.json();
 
     // Validate input
 
@@ -5,8 +5,11 @@
  */
 
 import { describe, it, expect, beforeEach } from 'vitest';
+<<<<<<< HEAD
 import * as bitcoin from 'bitcoinjs-lib';
 import * as secp256k1 from 'tiny-secp256k1';
+=======
+>>>>>>> feat/multisig-escrow
 import { BtcMultisigAdapter } from './btc-multisig';
 
 // Sample compressed public keys (33 bytes hex)
@@ -139,6 +142,7 @@ describe('BtcMultisigAdapter', () => {
   });
 
   describe('verifySignature', () => {
+<<<<<<< HEAD
     it('should verify a valid secp256k1 signature against tx_hash_to_sign', async () => {
       const privkey = Buffer.alloc(32, 1);
       const pubkey = Buffer.from(secp256k1.pointFromScalar(privkey, true)!);
@@ -190,6 +194,26 @@ describe('BtcMultisigAdapter', () => {
         'BTC',
         { witness_script: 'abcdef', pubkeys: [PUB_KEY_2], tx_hash_to_sign: msgHash },
         'aa'.repeat(64),
+=======
+    it('should validate signature format', async () => {
+      // 64-byte signature (128 hex chars)
+      const validSig = 'aa'.repeat(64);
+      const valid = await adapter.verifySignature(
+        'BTC',
+        { witness_script: 'abcdef', pubkeys: [PUB_KEY_1] },
+        validSig,
+        PUB_KEY_1,
+      );
+      expect(valid).toBe(true);
+    });
+
+    it('should reject unknown pubkey', async () => {
+      const validSig = 'aa'.repeat(64);
+      const valid = await adapter.verifySignature(
+        'BTC',
+        { witness_script: 'abcdef', pubkeys: [PUB_KEY_2] },
+        validSig,
+>>>>>>> feat/multisig-escrow
         PUB_KEY_1, // not in pubkeys list
       );
       expect(valid).toBe(false);
 
@@ -19,7 +19,10 @@
  */
 
 import * as bitcoin from 'bitcoinjs-lib';
+<<<<<<< HEAD
 import * as secp256k1 from 'tiny-secp256k1';
+=======
+>>>>>>> feat/multisig-escrow
 import type { ChainAdapter } from './interface';
 import type {
   MultisigChain,
@@ -242,14 +245,26 @@ export class BtcMultisigAdapter implements ChainAdapter {
   ): Promise<boolean> {
     try {
       const pubkeyBuf = parsePubkey(signerPubkey);
+<<<<<<< HEAD
       const txHash = txData.tx_hash_to_sign as string | undefined;
 
       // Check that the pubkey is one of the expected participants when provided.
+=======
+      const sigBuf = Buffer.from(signature, 'hex');
+
+      // Verify the hash matches the pubkey and signature
+      // In production, this would verify the actual PSBT input signature
+      const witnessScript = txData.witness_script as string;
+      if (!witnessScript) return false;
+
+      // Check that the pubkey is one of the multisig participants
+>>>>>>> feat/multisig-escrow
       const pubkeys = txData.pubkeys as string[] | undefined;
       if (pubkeys && !pubkeys.includes(signerPubkey)) {
         return false;
       }
 
+<<<<<<< HEAD
       // tx_hash_to_sign is required for cryptographic verification.
       // Fail closed when missing/malformed.
       if (!txHash || txHash.length !== 64) {
@@ -274,6 +289,10 @@ export class BtcMultisigAdapter implements ChainAdapter {
         if (sigBuf.length !== 64) return false;
         return secp256k1.verify(msgHash, pubkeyBuf, sigBuf);
       }
+=======
+      // Basic signature format validation (DER-encoded or Schnorr)
+      return sigBuf.length >= 64 && pubkeyBuf.length >= 33;
+>>>>>>> feat/multisig-escrow
     } catch {
       return false;
     }
@@ -293,7 +312,11 @@ export class BtcMultisigAdapter implements ChainAdapter {
     }
 
     if (signatures.length < 2) {
+<<<<<<< HEAD
       return { tx_hash: '', success: false, broadcasted: false };
+=======
+      return { tx_hash: '', success: false };
+>>>>>>> feat/multisig-escrow
     }
 
     // In production:
@@ -311,7 +334,10 @@ export class BtcMultisigAdapter implements ChainAdapter {
     return {
       tx_hash: txid,
       success: true,
+<<<<<<< HEAD
       broadcasted: false,
+=======
+>>>>>>> feat/multisig-escrow
     };
   }
 }
 
@@ -214,11 +214,19 @@ export class EvmSafeAdapter implements ChainAdapter {
       ethers.ZeroAddress, // paymentReceiver
     ]);
 
+<<<<<<< HEAD
     // Generate deterministic salt from stable multisig parameters
     const saltNonce = BigInt(ethers.keccak256(
       ethers.solidityPacked(
         ['address', 'address', 'address', 'uint256'],
         [owners[0], owners[1], owners[2], threshold],
+=======
+    // Generate deterministic salt from participants
+    const saltNonce = BigInt(ethers.keccak256(
+      ethers.solidityPacked(
+        ['address', 'address', 'address', 'uint256'],
+        [owners[0], owners[1], owners[2], Date.now()],
+>>>>>>> feat/multisig-escrow
       ),
     ));
 
@@ -399,12 +407,19 @@ export class EvmSafeAdapter implements ChainAdapter {
       packedSignatures,
     ]);
 
+<<<<<<< HEAD
     // Return a deterministic id for the prepared payload.
     // NOTE: this does NOT broadcast to chain yet.
     return {
       tx_hash: ethers.keccak256(execData),
       success: true,
       broadcasted: false,
+=======
+    // Return the prepared transaction for relay/execution
+    return {
+      tx_hash: ethers.keccak256(execData),
+      success: true,
+>>>>>>> feat/multisig-escrow
     };
   }
 }