npm - @bcts/frost-hubert - Versions diffs - 1.0.0-alpha.22 → 1.0.0-beta.0 - Mend

@bcts/frost-hubert 1.0.0-alpha.22 → 1.0.0-beta.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (174) hide show

package/dist/bin/frost.cjs +347 -75
package/dist/bin/frost.cjs.map +1 -1
package/dist/bin/frost.mjs +347 -75
package/dist/bin/frost.mjs.map +1 -1
package/dist/busy-DkM2jAIZ.mjs +27 -0
package/dist/busy-DkM2jAIZ.mjs.map +1 -0
package/dist/busy-EZU7EKr6.cjs +38 -0
package/dist/busy-EZU7EKr6.cjs.map +1 -0
package/dist/{chunk-uaV2rQ02.cjs → chunk-CZWwpsFl.cjs} +22 -32
package/dist/{chunk-ClPoSABd.mjs → chunk-CjcI7cDX.mjs} +6 -12
package/dist/cmd/index.cjs +46 -43
package/dist/cmd/index.d.cts +2 -4
package/dist/cmd/index.d.mts +2 -4
package/dist/cmd/index.mjs +7 -6
package/dist/cmd-Bw9_i2_f.cjs +130 -0
package/dist/cmd-Bw9_i2_f.cjs.map +1 -0
package/dist/cmd-CS1uJtuD.mjs +113 -0
package/dist/cmd-CS1uJtuD.mjs.map +1 -0
package/dist/common-CvH6dFvQ.mjs +282 -0
package/dist/common-CvH6dFvQ.mjs.map +1 -0
package/dist/common-DUWvtc08.mjs +96 -0
package/dist/common-DUWvtc08.mjs.map +1 -0
package/dist/common-lKP5EzHy.cjs +372 -0
package/dist/common-lKP5EzHy.cjs.map +1 -0
package/dist/common-lThIvJmZ.cjs +114 -0
package/dist/common-lThIvJmZ.cjs.map +1 -0
package/dist/dkg/index.cjs +245 -7
package/dist/dkg/index.cjs.map +1 -0
package/dist/dkg/index.d.cts +2 -2
package/dist/dkg/index.d.mts +2 -2
package/dist/dkg/index.mjs +238 -2
package/dist/dkg/index.mjs.map +1 -0
package/dist/finalize-BRgJK-Xv.cjs +402 -0
package/dist/finalize-BRgJK-Xv.cjs.map +1 -0
package/dist/finalize-BfLgzn8f.cjs +303 -0
package/dist/finalize-BfLgzn8f.cjs.map +1 -0
package/dist/finalize-CNTDj6aS.mjs +389 -0
package/dist/finalize-CNTDj6aS.mjs.map +1 -0
package/dist/finalize-EC3ikHQq.mjs +252 -0
package/dist/finalize-EC3ikHQq.mjs.map +1 -0
package/dist/finalize-IA01t_Qq.mjs +290 -0
package/dist/finalize-IA01t_Qq.mjs.map +1 -0
package/dist/finalize-UPyI1yb1.cjs +265 -0
package/dist/finalize-UPyI1yb1.cjs.map +1 -0
package/dist/frost/index.cjs +8 -9
package/dist/frost/index.cjs.map +1 -1
package/dist/frost/index.mjs +2 -3
package/dist/frost/index.mjs.map +1 -1
package/dist/{group-invite-Dz1Jmiky.d.cts → index-B3c-80VS.d.cts} +25 -2
package/dist/index-B3c-80VS.d.cts.map +1 -0
package/dist/{index-CcvTi5EA.d.cts → index-BgbSGpxn.d.mts} +102 -80
package/dist/index-BgbSGpxn.d.mts.map +1 -0
package/dist/{registry-impl-CE76sTXQ.d.cts → index-C8QeHNwa.d.cts} +46 -2
package/dist/index-C8QeHNwa.d.cts.map +1 -0
package/dist/{group-invite-Wk9CIbHL.d.mts → index-D3QTWkEm.d.mts} +25 -2
package/dist/index-D3QTWkEm.d.mts.map +1 -0
package/dist/{registry-impl-BETn_lEO.d.mts → index-DVbWyOs7.d.mts} +46 -2
package/dist/index-DVbWyOs7.d.mts.map +1 -0
package/dist/{index-DNCPeLNM.d.mts → index-F1iNEAJR.d.cts} +102 -80
package/dist/index-F1iNEAJR.d.cts.map +1 -0
package/dist/index.cjs +72 -68
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +4 -7
package/dist/index.d.cts.map +1 -1
package/dist/index.d.mts +4 -7
package/dist/index.d.mts.map +1 -1
package/dist/index.mjs +11 -10
package/dist/index.mjs.map +1 -1
package/dist/invite-5277FQVT.cjs +274 -0
package/dist/invite-5277FQVT.cjs.map +1 -0
package/dist/invite-DUTcfTgX.cjs +109 -0
package/dist/invite-DUTcfTgX.cjs.map +1 -0
package/dist/invite-IU4n0dq2.mjs +96 -0
package/dist/invite-IU4n0dq2.mjs.map +1 -0
package/dist/invite-RU-OXTNS.mjs +219 -0
package/dist/invite-RU-OXTNS.mjs.map +1 -0
package/dist/parallel-D1R6ZGlY.cjs +318 -0
package/dist/parallel-D1R6ZGlY.cjs.map +1 -0
package/dist/parallel-D6zc6VW4.mjs +235 -0
package/dist/parallel-D6zc6VW4.mjs.map +1 -0
package/dist/proposed-participant-Dm1Eq6mX.cjs +141 -0
package/dist/proposed-participant-Dm1Eq6mX.cjs.map +1 -0
package/dist/proposed-participant-cWM7iUrO.mjs +129 -0
package/dist/proposed-participant-cWM7iUrO.mjs.map +1 -0
package/dist/receive-CAI-x4II.cjs +213 -0
package/dist/receive-CAI-x4II.cjs.map +1 -0
package/dist/receive-D2Nn68L7.mjs +188 -0
package/dist/receive-D2Nn68L7.mjs.map +1 -0
package/dist/receive-DA_KQEgk.mjs +177 -0
package/dist/receive-DA_KQEgk.mjs.map +1 -0
package/dist/receive-kZMsXhbK.cjs +190 -0
package/dist/receive-kZMsXhbK.cjs.map +1 -0
package/dist/registry/index.cjs +881 -13
package/dist/registry/index.cjs.map +1 -0
package/dist/registry/index.d.cts +1 -1
package/dist/registry/index.d.mts +1 -1
package/dist/registry/index.mjs +867 -2
package/dist/registry/index.mjs.map +1 -0
package/dist/{registry-FMU-ec5K.cjs → registry-9puTaRrD.cjs} +28 -31
package/dist/registry-9puTaRrD.cjs.map +1 -0
package/dist/{registry-BDnNV1Rk.mjs → registry-BpCwtrRt.mjs} +7 -10
package/dist/{registry-BDnNV1Rk.mjs.map → registry-BpCwtrRt.mjs.map} +1 -1
package/dist/round1-4Hyx8w0x.cjs +422 -0
package/dist/round1-4Hyx8w0x.cjs.map +1 -0
package/dist/round1-7v9LlE11.mjs +373 -0
package/dist/round1-7v9LlE11.mjs.map +1 -0
package/dist/round1-BHBjru1m.cjs +465 -0
package/dist/round1-BHBjru1m.cjs.map +1 -0
package/dist/round1-CMLKN2RR.mjs +195 -0
package/dist/round1-CMLKN2RR.mjs.map +1 -0
package/dist/round1-CWSXZx5R.cjs +208 -0
package/dist/round1-CWSXZx5R.cjs.map +1 -0
package/dist/round1-CcQCGlIT.mjs +208 -0
package/dist/round1-CcQCGlIT.mjs.map +1 -0
package/dist/round1-Cgm7j1kI.mjs +452 -0
package/dist/round1-Cgm7j1kI.mjs.map +1 -0
package/dist/round1-DQ0fnc1H.cjs +221 -0
package/dist/round1-DQ0fnc1H.cjs.map +1 -0
package/dist/round2-BWz9SQIi.cjs +305 -0
package/dist/round2-BWz9SQIi.cjs.map +1 -0
package/dist/round2-BkNRCXgS.mjs +292 -0
package/dist/round2-BkNRCXgS.mjs.map +1 -0
package/dist/round2-Bl2uK93U.mjs +450 -0
package/dist/round2-Bl2uK93U.mjs.map +1 -0
package/dist/round2-CdUT-AhH.cjs +499 -0
package/dist/round2-CdUT-AhH.cjs.map +1 -0
package/dist/round2-DOA3rnV-.mjs +280 -0
package/dist/round2-DOA3rnV-.mjs.map +1 -0
package/dist/round2-Dg24w-TU.mjs +397 -0
package/dist/round2-Dg24w-TU.mjs.map +1 -0
package/dist/round2-LylCa84n.cjs +293 -0
package/dist/round2-LylCa84n.cjs.map +1 -0
package/dist/round2-o2Q-GMbX.cjs +410 -0
package/dist/round2-o2Q-GMbX.cjs.map +1 -0
package/dist/storage-B-Gu68-O.cjs +79 -0
package/dist/storage-B-Gu68-O.cjs.map +1 -0
package/dist/storage-Bkkliz0K.mjs +74 -0
package/dist/storage-Bkkliz0K.mjs.map +1 -0
package/package.json +17 -17
package/src/bin/frost.ts +849 -128
package/src/cmd/common.ts +19 -1
package/src/cmd/dkg/common.ts +97 -10
package/src/cmd/dkg/coordinator/invite.ts +5 -2
package/src/cmd/dkg/participant/finalize.ts +52 -18
package/src/cmd/dkg/participant/round1.ts +39 -38
package/src/cmd/dkg/participant/round2.ts +60 -26
package/src/cmd/sign/coordinator/round2.ts +5 -1
package/src/cmd/sign/participant/finalize.ts +6 -2
package/src/cmd/sign/participant/receive.ts +5 -2
package/src/dkg/group-invite.ts +12 -2
package/src/dkg/proposed-participant.ts +33 -5
package/src/frost/index.ts +1 -1
package/src/registry/owner-record.ts +13 -2
package/src/registry/participant-record.ts +36 -4
package/src/registry/registry-impl.ts +74 -18
package/dist/group-invite-CrbOabFL.cjs +0 -368
package/dist/group-invite-CrbOabFL.cjs.map +0 -1
package/dist/group-invite-Dz1Jmiky.d.cts.map +0 -1
package/dist/group-invite-RPElq-fm.mjs +0 -338
package/dist/group-invite-RPElq-fm.mjs.map +0 -1
package/dist/group-invite-Wk9CIbHL.d.mts.map +0 -1
package/dist/index-CcvTi5EA.d.cts.map +0 -1
package/dist/index-DNCPeLNM.d.mts.map +0 -1
package/dist/registry-FMU-ec5K.cjs.map +0 -1
package/dist/registry-impl-BETn_lEO.d.mts.map +0 -1
package/dist/registry-impl-C7w4awTv.cjs +0 -865
package/dist/registry-impl-C7w4awTv.cjs.map +0 -1
package/dist/registry-impl-CE76sTXQ.d.cts.map +0 -1
package/dist/registry-impl-eYXVSPwM.mjs +0 -797
package/dist/registry-impl-eYXVSPwM.mjs.map +0 -1
package/dist/sign-2bOp18Fs.cjs +0 -4875
package/dist/sign-2bOp18Fs.cjs.map +0 -1
package/dist/sign-D8C3HJ4B.mjs +0 -4736
package/dist/sign-D8C3HJ4B.mjs.map +0 -1

package/dist/finalize-EC3ikHQq.mjs ADDED Viewed

@@ -0,0 +1,252 @@
+import { t as __exportAll } from "./chunk-CjcI7cDX.mjs";
+import { n as compareXidBytes } from "./proposed-participant-cWM7iUrO.mjs";
+import { Registry, resolveRegistryPath } from "./registry/index.mjs";
+import { c as parseAridUr, h as signingKeyFromVerifying, n as isVerbose, t as groupStateDir } from "./common-CvH6dFvQ.mjs";
+import { n as putWithIndicator, t as getWithIndicator } from "./busy-DkM2jAIZ.mjs";
+import { t as createStorageClient } from "./storage-Bkkliz0K.mjs";
+import { bytesToHex, dkgPart3, hexToBytes, identifierFromU16, identifierToHex, serializeKeyPackage, serializePublicKeyPackage } from "./frost/index.mjs";
+import { ARID, JSON as JSON$1, XID } from "@bcts/components";
+import { CborDate } from "@bcts/dcbor";
+import { Envelope, Function } from "@bcts/envelope";
+import { SealedRequest, SealedResponse } from "@bcts/gstp";
+import * as fs from "node:fs";
+import * as path from "node:path";
+import { Ed25519Sha512, serde } from "@frosts/ed25519";
+import { CoefficientCommitment, VerifiableSecretSharingCommitment, round2 } from "@frosts/core";
+//#region src/cmd/dkg/participant/finalize.ts
+/**
+* Copyright © 2023-2026 Blockchain Commons, LLC
+* Copyright © 2025-2026 Parity Technologies
+*
+*
+* DKG participant finalize command.
+*
+* Port of cmd/dkg/participant/finalize.rs from frost-hubert-rust.
+*
+* @module
+*/
+var finalize_exports = /* @__PURE__ */ __exportAll({ finalize: () => finalize });
+/**
+* Load persisted round 2 state from disk.
+*
+* Port of round2_secret loading from cmd/dkg/participant/finalize.rs lines 82-106.
+*/
+function loadRound2State(registryPath, groupId) {
+	const stateDir = groupStateDir(registryPath, groupId.hex());
+	const round2SecretPath = path.join(stateDir, "round2_secret.json");
+	if (!fs.existsSync(round2SecretPath)) throw new Error(`Round 2 secret not found at ${round2SecretPath}. Did you run round2?`);
+	const secretJson = JSON.parse(fs.readFileSync(round2SecretPath, "utf-8"));
+	const idBytes = hexToBytes(secretJson.identifier);
+	let identifierU16 = 1;
+	if (idBytes.length >= 2) identifierU16 = idBytes[0] | idBytes[1] << 8;
+	if (identifierU16 === 0) identifierU16 = 1;
+	const identifier = identifierFromU16(identifierU16);
+	const commitment = new VerifiableSecretSharingCommitment(Ed25519Sha512, secretJson.commitment.map((hex) => CoefficientCommitment.deserialize(Ed25519Sha512, hexToBytes(hex))));
+	const secretShareScalar = Ed25519Sha512.deserializeScalar(hexToBytes(secretJson.secret_share));
+	const secretPackage = new round2.SecretPackage(Ed25519Sha512, identifier, commitment, secretShareScalar, secretJson.min_signers, secretJson.max_signers);
+	const round1Path = path.join(stateDir, "collected_round1.json");
+	if (!fs.existsSync(round1Path)) throw new Error(`Round 1 packages not found at ${round1Path}. Did you receive earlier phases?`);
+	const round1Json = JSON.parse(fs.readFileSync(round1Path, "utf-8"));
+	const round1Packages = /* @__PURE__ */ new Map();
+	for (const [xidStr, value] of Object.entries(round1Json)) {
+		const packageJson = value;
+		const pkg = serde.round1PackageFromJson(packageJson);
+		round1Packages.set(xidStr, pkg);
+	}
+	return {
+		secretPackage,
+		round1Packages
+	};
+}
+/**
+* Validate the finalize request from the coordinator.
+*
+* Port of request validation from cmd/dkg/participant/finalize.rs lines 139-161.
+*/
+function validateFinalizeRequest(sealedRequest, groupId, expectedCoordinator) {
+	if (!sealedRequest.function().equals(Function.fromString("dkgFinalize"))) throw new Error(`Unexpected request function: ${sealedRequest.function().toString()}`);
+	if (sealedRequest.sender().xid().urString() !== expectedCoordinator.urString()) throw new Error(`Unexpected request sender: ${sealedRequest.sender().xid().urString()} (expected coordinator ${expectedCoordinator.urString()})`);
+	const requestGroupIdEnvelope = sealedRequest.objectForParameter("group");
+	if (requestGroupIdEnvelope === void 0) throw new Error("Request missing group parameter");
+	const requestGroupId = requestGroupIdEnvelope.extractSubject((cbor) => ARID.fromTaggedCbor(cbor));
+	if (requestGroupId.urString() !== groupId.urString()) throw new Error(`Request group ID ${requestGroupId.urString()} does not match expected ${groupId.urString()}`);
+	const responseAridEnvelope = sealedRequest.objectForParameter("responseArid");
+	if (responseAridEnvelope === void 0) throw new Error("Request missing responseArid parameter");
+	return responseAridEnvelope.extractSubject((cbor) => ARID.fromTaggedCbor(cbor));
+}
+/**
+* Extract round 2 packages from the finalize request.
+*
+* Port of round2 package extraction from cmd/dkg/participant/finalize.rs lines 209-229.
+*/
+function extractFinalizePackages(request, groupRecord, ownerXid) {
+	const sortedXids = groupRecord.participants().map((p) => p.xid());
+	const ownerUrString = ownerXid.urString();
+	if (!sortedXids.some((xid) => xid.urString() === ownerUrString)) sortedXids.push(ownerXid);
+	sortedXids.sort((a, b) => compareXidBytes(a.toData(), b.toData()));
+	const deduped = [];
+	for (const xid of sortedXids) if (deduped.length === 0 || deduped[deduped.length - 1].urString() !== xid.urString()) deduped.push(xid);
+	const xidToIdentifier = /* @__PURE__ */ new Map();
+	for (let i = 0; i < deduped.length; i++) {
+		const identifier = identifierFromU16(i + 1);
+		xidToIdentifier.set(deduped[i].urString(), identifier);
+	}
+	const myXidStr = ownerXid.urString();
+	const packages = /* @__PURE__ */ new Map();
+	const packageEnvelopes = request.objectsForParameter("round2Package");
+	for (const packageEnvelope of packageEnvelopes) {
+		const senderEnvelope = packageEnvelope.objectForPredicate("sender");
+		if (senderEnvelope === void 0) throw new Error("round2Package missing sender predicate");
+		const senderXid = senderEnvelope.extractSubject((cbor) => XID.fromTaggedCbor(cbor));
+		if (senderXid.urString() === myXidStr) continue;
+		const identifier = xidToIdentifier.get(senderXid.urString());
+		if (identifier === void 0) throw new Error(`Unknown sender XID in round2Package: ${senderXid.urString()}`);
+		const packageJson = packageEnvelope.extractSubject((cbor) => JSON$1.fromTaggedCbor(cbor));
+		const packageData = JSON.parse(new TextDecoder().decode(packageJson.toData()));
+		const pkg = serde.round2PackageFromJson(packageData);
+		packages.set(identifierToHex(identifier), pkg);
+	}
+	return packages;
+}
+/**
+* Build the response body for the finalize response.
+*
+* Port of `build_response_body()` from cmd/dkg/participant/finalize.rs lines 344-359.
+*/
+function buildResponseBody(groupId, participantXid, keyPackage, publicKeyPackage) {
+	const keyPackageJson = serializeKeyPackage(keyPackage);
+	const publicKeyPackageJson = serializePublicKeyPackage(publicKeyPackage);
+	const keyJsonBytes = new TextEncoder().encode(JSON.stringify(keyPackageJson));
+	const keyJsonWrapper = JSON$1.fromData(keyJsonBytes);
+	const pubJsonBytes = new TextEncoder().encode(JSON.stringify(publicKeyPackageJson));
+	const pubJsonWrapper = JSON$1.fromData(pubJsonBytes);
+	return Envelope.unit().addType("dkgFinalizeResponse").addAssertion("group", groupId).addAssertion("participant", participantXid).addAssertion("key_package", keyJsonWrapper).addAssertion("public_key_package", pubJsonWrapper);
+}
+/**
+* Persist finalize state (key packages) to disk.
+*
+* Port of key package persistence from cmd/dkg/participant/finalize.rs lines 251-257.
+*/
+function persistFinalizeState(registryPath, groupId, keyPackage, publicKeyPackage) {
+	const stateDir = groupStateDir(registryPath, groupId.hex());
+	fs.mkdirSync(stateDir, { recursive: true });
+	const serializedKeyPackage = serializeKeyPackage(keyPackage);
+	const keyPackagePath = path.join(stateDir, "key_package.json");
+	fs.writeFileSync(keyPackagePath, JSON.stringify(serializedKeyPackage, null, 2));
+	const serializedPublicKeyPackage = serializePublicKeyPackage(publicKeyPackage);
+	const publicKeyPackagePath = path.join(stateDir, "public_key_package.json");
+	fs.writeFileSync(publicKeyPackagePath, JSON.stringify(serializedPublicKeyPackage, null, 2));
+	return {
+		keyPackagePath,
+		publicKeyPackagePath
+	};
+}
+/**
+* Execute the DKG participant finalize command.
+*
+* Responds to the finalize request from the coordinator, runs FROST DKG part3
+* to generate the final key package, and posts the response back.
+*
+* Port of `CommandArgs::exec()` from cmd/dkg/participant/finalize.rs lines 52-341.
+*/
+async function finalize(_client, options, cwd) {
+	if (options.storageSelection === void 0) throw new Error("Hubert storage is required for finalize respond");
+	const registryPath = resolveRegistryPath(options.registryPath, cwd);
+	const registry = Registry.load(registryPath);
+	const owner = registry.owner();
+	if (owner === void 0) throw new Error("Registry owner is required");
+	const groupId = parseAridUr(options.groupId);
+	const groupRecord = registry.group(groupId);
+	if (groupRecord === void 0) throw new Error("Group not found in registry");
+	const listeningAtArid = groupRecord.listeningAtArid();
+	if (listeningAtArid === void 0) throw new Error("No listening ARID for this group. Did you receive finalize send?");
+	const round2State = loadRound2State(registryPath, groupId);
+	if (isVerbose() || options.verbose === true) console.error("Fetching finalize request from Hubert...");
+	const client = await createStorageClient(options.storageSelection);
+	const requestEnvelope = await getWithIndicator(client, listeningAtArid, "Finalize request", options.timeoutSeconds, options.verbose ?? false);
+	if (requestEnvelope === null || requestEnvelope === void 0) throw new Error("Finalize request not found in Hubert storage");
+	const ownerPrivateKeys = owner.xidDocument().inceptionPrivateKeys();
+	if (ownerPrivateKeys === void 0) throw new Error("Owner XID document has no private keys");
+	const now = CborDate.now().datetime();
+	const sealedRequest = SealedRequest.tryFromEnvelope(requestEnvelope, void 0, now, ownerPrivateKeys);
+	const responseArid = validateFinalizeRequest(sealedRequest, groupId, groupRecord.coordinator().xid());
+	const sortedXids = groupRecord.participants().map((p) => p.xid());
+	const ownerUrString = owner.xid().urString();
+	if (!sortedXids.some((xid) => xid.urString() === ownerUrString)) sortedXids.push(owner.xid());
+	sortedXids.sort((a, b) => compareXidBytes(a.toData(), b.toData()));
+	const deduped = [];
+	for (const xid of sortedXids) if (deduped.length === 0 || deduped[deduped.length - 1].urString() !== xid.urString()) deduped.push(xid);
+	const xidToIdentifier = /* @__PURE__ */ new Map();
+	for (let i = 0; i < deduped.length; i++) {
+		const identifier = identifierFromU16(i + 1);
+		xidToIdentifier.set(deduped[i].urString(), identifier);
+	}
+	const round1PackagesById = /* @__PURE__ */ new Map();
+	for (const [xidStr, pkg] of round2State.round1Packages) {
+		if (xidStr === ownerUrString) continue;
+		const identifier = xidToIdentifier.get(xidStr);
+		if (identifier === void 0) throw new Error(`Unknown participant XID ${xidStr}`);
+		round1PackagesById.set(identifierToHex(identifier), pkg);
+	}
+	const round2PackagesById = extractFinalizePackages(sealedRequest, groupRecord, owner.xid());
+	if (isVerbose() || options.verbose === true) console.error(`Received ${round2PackagesById.size} Round 2 packages. Running DKG part3...`);
+	const [keyPackage, publicKeyPackage] = await dkgPart3(round2State.secretPackage, round1PackagesById, round2PackagesById);
+	const verifyingKeyBytes = publicKeyPackage.verifyingKey;
+	const groupVerifyingKey = signingKeyFromVerifying(verifyingKeyBytes);
+	if (isVerbose() || options.verbose === true) console.error("Generated key package and public key package.");
+	const { keyPackagePath, publicKeyPackagePath } = persistFinalizeState(registryPath, groupId, keyPackage, publicKeyPackage);
+	const responseBody = buildResponseBody(groupId, owner.xid(), keyPackage, publicKeyPackage);
+	const signerPrivateKeys = owner.xidDocument().inceptionPrivateKeys();
+	if (signerPrivateKeys === void 0) throw new Error("Owner XID document has no signing keys");
+	const coordinatorXid = groupRecord.coordinator().xid();
+	const coordinatorRecord = registry.participant(coordinatorXid);
+	let coordinatorDoc;
+	if (coordinatorRecord !== void 0) coordinatorDoc = coordinatorRecord.xidDocument();
+	else if (owner.xid().urString() === coordinatorXid.urString()) coordinatorDoc = owner.xidDocument();
+	else throw new Error(`Coordinator ${coordinatorXid.urString()} not found in registry`);
+	const peerContinuation = sealedRequest.peerContinuation();
+	let sealed = SealedResponse.newSuccess(sealedRequest.id(), owner.xidDocument()).withResult(responseBody);
+	if (peerContinuation !== void 0) sealed = sealed.withPeerContinuation(peerContinuation);
+	if (options.preview === true) {
+		if (isVerbose() || options.verbose === true) {
+			const verifyingKeyWithUrString = groupVerifyingKey;
+			if (typeof verifyingKeyWithUrString.urString === "function") console.error(verifyingKeyWithUrString.urString());
+		}
+		const unsealedEnvelope = sealed.toEnvelope(void 0, signerPrivateKeys, void 0);
+		console.log(unsealedEnvelope.urString());
+		return {
+			verifyingKey: bytesToHex(verifyingKeyBytes),
+			keyPackagePath,
+			publicKeyPackagePath
+		};
+	}
+	await putWithIndicator(client, responseArid, sealed.toEnvelope(void 0, signerPrivateKeys, coordinatorDoc), "Finalize Response", options.verbose ?? false);
+	const updatedGroupRecord = registry.group(groupId);
+	if (updatedGroupRecord !== void 0) {
+		const contributions = updatedGroupRecord.contributions();
+		contributions.keyPackage = keyPackagePath;
+		updatedGroupRecord.setContributions(contributions);
+		updatedGroupRecord.clearListeningAtArid();
+		const recordWithVerifyingKey = updatedGroupRecord;
+		if (typeof recordWithVerifyingKey.setVerifyingKey === "function") recordWithVerifyingKey.setVerifyingKey(groupVerifyingKey);
+		registry.save(registryPath);
+	}
+	const verifyingKeyHex = bytesToHex(verifyingKeyBytes);
+	if (isVerbose() || options.verbose === true) {
+		console.error(`Posted finalize response to ${responseArid.urString()}`);
+		const verifyingKeyWithUrString = groupVerifyingKey;
+		if (typeof verifyingKeyWithUrString.urString === "function") console.error(verifyingKeyWithUrString.urString());
+	} else {
+		const verifyingKeyWithUrString = groupVerifyingKey;
+		if (typeof verifyingKeyWithUrString.urString === "function") console.log(verifyingKeyWithUrString.urString());
+	}
+	return {
+		verifyingKey: verifyingKeyHex,
+		keyPackagePath,
+		publicKeyPackagePath
+	};
+}
+//#endregion
+export { finalize_exports as n, finalize as t };
+//# sourceMappingURL=finalize-EC3ikHQq.mjs.map

package/dist/finalize-EC3ikHQq.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"finalize-EC3ikHQq.mjs","names":["EnvelopeFunction","JSONWrapper"],"sources":["../src/cmd/dkg/participant/finalize.ts"],"sourcesContent":["/**\n * Copyright © 2023-2026 Blockchain Commons, LLC\n * Copyright © 2025-2026 Parity Technologies\n *\n *\n * DKG participant finalize command.\n *\n * Port of cmd/dkg/participant/finalize.rs from frost-hubert-rust.\n *\n * @module\n */\n\nimport * as fs from \"node:fs\";\nimport * as path from \"node:path\";\n\nimport { ARID, JSON as JSONWrapper, XID } from \"@bcts/components\";\nimport { compareXidBytes } from \"../../../dkg/proposed-participant.js\";\nimport { CborDate } from \"@bcts/dcbor\";\nimport { Envelope, Function as EnvelopeFunction } from \"@bcts/envelope\";\nimport { SealedRequest, SealedResponse } from \"@bcts/gstp\";\nimport type { XIDDocument } from \"@bcts/xid\";\n\nimport { type GroupRecord, Registry, resolveRegistryPath } from \"../../../registry/index.js\";\nimport { getWithIndicator, putWithIndicator } from \"../../busy.js\";\nimport { groupStateDir, isVerbose } from \"../../common.js\";\nimport { createStorageClient, type StorageClient, type StorageSelection } from \"../../storage.js\";\nimport { parseAridUr, signingKeyFromVerifying } from \"../common.js\";\nimport {\n dkgPart3,\n identifierFromU16,\n identifierToHex,\n hexToBytes,\n bytesToHex,\n serializeKeyPackage,\n serializePublicKeyPackage,\n type DkgRound1Package,\n type DkgRound2Package,\n type DkgRound2SecretPackage,\n type FrostIdentifier,\n type FrostKeyPackage,\n type FrostPublicKeyPackage,\n} from \"../../../frost/index.js\";\nimport { Ed25519Sha512, serde } from \"@frosts/ed25519\";\nimport { round2, CoefficientCommitment, VerifiableSecretSharingCommitment } from \"@frosts/core\";\n\n/**\n * Options for the DKG finalize command.\n */\nexport interface DkgFinalizeOptions {\n registryPath?: string;\n groupId: string;\n timeoutSeconds?: number;\n preview?: boolean;\n storageSelection?: StorageSelection;\n verbose?: boolean;\n}\n\n/**\n * Result of the DKG finalize command.\n */\nexport interface DkgFinalizeResult {\n verifyingKey: string;\n keyPackagePath: string;\n publicKeyPackagePath: string;\n}\n\n/**\n * Persisted round 2 state loaded from disk.\n */\ninterface Round2State {\n secretPackage: DkgRound2SecretPackage;\n round1Packages: Map<string, DkgRound1Package>;\n}\n\n/**\n * Load persisted round 2 state from disk.\n *\n * Port of round2_secret loading from cmd/dkg/participant/finalize.rs lines 82-106.\n */\nfunction loadRound2State(registryPath: string, groupId: ARID): Round2State {\n const stateDir = groupStateDir(registryPath, groupId.hex());\n\n // Load Round 2 secret\n const round2SecretPath = path.join(stateDir, \"round2_secret.json\");\n if (!fs.existsSync(round2SecretPath)) {\n throw new Error(`Round 2 secret not found at ${round2SecretPath}. Did you run round2?`);\n }\n\n // Mirrors Rust `frost::keys::dkg::round2::SecretPackage` JSON\n // (`frost-rust/frost-core/src/keys/dkg.rs:269-287`):\n //\n // {\n // \"identifier\": \"<lowercase hex scalar>\",\n // \"commitment\": [\"<hex>\", \"<hex>\", ...],\n // \"secret_share\": \"<hex>\",\n // \"min_signers\": <u16>,\n // \"max_signers\": <u16>\n // }\n //\n // The struct is `#[serde(deny_unknown_fields)]` and the\n // `commitment` is a `VerifiableSecretSharingCommitment` (a\n // single-field tuple struct over `Vec<CoefficientCommitment>`),\n // which serde flattens to a bare JSON array. The earlier port\n // emitted camelCase keys plus a nested `commitment.coefficients`\n // shape and a numeric `identifier`, which Rust would reject and\n // which had no chance of being read by Rust's standard derive.\n const secretJson = JSON.parse(fs.readFileSync(round2SecretPath, \"utf-8\")) as {\n identifier: string;\n commitment: string[];\n secret_share: string;\n min_signers: number;\n max_signers: number;\n };\n\n // Identifier hex → little-endian u16 (the FROST 1-indexed\n // participant position). The scalar bytes are 32-LE for Ed25519, so\n // the first two bytes hold the u16 value when the identifier is in\n // the small-integer range (1..=N) used by the DKG.\n const idBytes = hexToBytes(secretJson.identifier);\n let identifierU16 = 1;\n if (idBytes.length >= 2) {\n identifierU16 = idBytes[0] | (idBytes[1] << 8);\n }\n if (identifierU16 === 0) {\n identifierU16 = 1;\n }\n const identifier = identifierFromU16(identifierU16);\n\n const coefficientCommitments = secretJson.commitment.map((hex) =>\n CoefficientCommitment.deserialize(Ed25519Sha512, hexToBytes(hex)),\n );\n\n const commitment = new VerifiableSecretSharingCommitment(Ed25519Sha512, coefficientCommitments);\n\n const secretShareScalar = Ed25519Sha512.deserializeScalar(hexToBytes(secretJson.secret_share));\n\n const secretPackage: DkgRound2SecretPackage = new round2.SecretPackage(\n Ed25519Sha512,\n identifier,\n commitment,\n secretShareScalar,\n secretJson.min_signers,\n secretJson.max_signers,\n );\n\n // Load collected Round 1 packages (from round2 phase)\n const round1Path = path.join(stateDir, \"collected_round1.json\");\n if (!fs.existsSync(round1Path)) {\n throw new Error(`Round 1 packages not found at ${round1Path}. Did you receive earlier phases?`);\n }\n\n const round1Json = JSON.parse(fs.readFileSync(round1Path, \"utf-8\")) as Record<string, unknown>;\n\n // Convert to Map<string, DkgRound1Package> - keyed by XID UR string\n const round1Packages = new Map<string, DkgRound1Package>();\n for (const [xidStr, value] of Object.entries(round1Json)) {\n const packageJson = value as {\n header: { version: number; ciphersuite: string };\n commitment: string[];\n proof_of_knowledge: string;\n };\n const pkg = serde.round1PackageFromJson(packageJson);\n round1Packages.set(xidStr, pkg);\n }\n\n return { secretPackage, round1Packages };\n}\n\n/**\n * Validate the finalize request from the coordinator.\n *\n * Port of request validation from cmd/dkg/participant/finalize.rs lines 139-161.\n */\nfunction validateFinalizeRequest(\n sealedRequest: SealedRequest,\n groupId: ARID,\n expectedCoordinator: XID,\n): ARID {\n // Validate the request function\n if (!sealedRequest.function().equals(EnvelopeFunction.fromString(\"dkgFinalize\"))) {\n throw new Error(`Unexpected request function: ${sealedRequest.function().toString()}`);\n }\n\n // Validate the sender is the expected coordinator\n if (sealedRequest.sender().xid().urString() !== expectedCoordinator.urString()) {\n throw new Error(\n `Unexpected request sender: ${sealedRequest.sender().xid().urString()} ` +\n `(expected coordinator ${expectedCoordinator.urString()})`,\n );\n }\n\n // Validate the group ID matches\n const requestGroupIdEnvelope = sealedRequest.objectForParameter(\"group\");\n if (requestGroupIdEnvelope === undefined) {\n throw new Error(\"Request missing group parameter\");\n }\n const requestGroupId = requestGroupIdEnvelope.extractSubject((cbor) => ARID.fromTaggedCbor(cbor));\n if (requestGroupId.urString() !== groupId.urString()) {\n throw new Error(\n `Request group ID ${requestGroupId.urString()} does not match expected ${groupId.urString()}`,\n );\n }\n\n // Extract where we should post our response\n const responseAridEnvelope = sealedRequest.objectForParameter(\"responseArid\");\n if (responseAridEnvelope === undefined) {\n throw new Error(\"Request missing responseArid parameter\");\n }\n const responseArid = responseAridEnvelope.extractSubject((cbor) => ARID.fromTaggedCbor(cbor));\n\n return responseArid;\n}\n\n/**\n * Extract round 2 packages from the finalize request.\n *\n * Port of round2 package extraction from cmd/dkg/participant/finalize.rs lines 209-229.\n */\nfunction extractFinalizePackages(\n request: SealedRequest,\n groupRecord: GroupRecord,\n ownerXid: XID,\n): Map<string, DkgRound2Package> {\n // Build XID -> Identifier mapping based on sorted participant order\n const sortedXids: XID[] = groupRecord.participants().map((p) => p.xid());\n\n // Add owner if not already in list\n const ownerUrString = ownerXid.urString();\n if (!sortedXids.some((xid) => xid.urString() === ownerUrString)) {\n sortedXids.push(ownerXid);\n }\n\n // Sort by XID byte order — mirrors Rust `XID::cmp` (raw 32-byte\n // lex compare). The earlier port used `urString().localeCompare(...)`,\n // which differs from byte order for any byte ≥ 0x80 and is locale-\n // aware, producing different FROST identifier assignments than Rust.\n sortedXids.sort((a, b) => compareXidBytes(a.toData(), b.toData()));\n\n // Deduplicate\n const deduped: XID[] = [];\n for (const xid of sortedXids) {\n if (deduped.length === 0 || deduped[deduped.length - 1].urString() !== xid.urString()) {\n deduped.push(xid);\n }\n }\n\n // Build XID -> Identifier mapping (1-indexed)\n const xidToIdentifier = new Map<string, FrostIdentifier>();\n for (let i = 0; i < deduped.length; i++) {\n const identifier = identifierFromU16(i + 1);\n xidToIdentifier.set(deduped[i].urString(), identifier);\n }\n\n const myXidStr = ownerXid.urString();\n\n // Extract all round2Package parameters\n const packages = new Map<string, DkgRound2Package>();\n\n const packageEnvelopes = request.objectsForParameter(\"round2Package\");\n for (const packageEnvelope of packageEnvelopes) {\n // Extract sender XID from the envelope\n const senderEnvelope = packageEnvelope.objectForPredicate(\"sender\");\n if (senderEnvelope === undefined) {\n throw new Error(\"round2Package missing sender predicate\");\n }\n const senderXid = senderEnvelope.extractSubject((cbor) => XID.fromTaggedCbor(cbor));\n\n // Skip our own package\n if (senderXid.urString() === myXidStr) {\n continue;\n }\n\n // Get the identifier for this sender\n const identifier = xidToIdentifier.get(senderXid.urString());\n if (identifier === undefined) {\n throw new Error(`Unknown sender XID in round2Package: ${senderXid.urString()}`);\n }\n\n // Extract the package bytes (stored as JSON tag)\n const packageJson = packageEnvelope.extractSubject((cbor) => JSONWrapper.fromTaggedCbor(cbor));\n const packageData = JSON.parse(new TextDecoder().decode(packageJson.toData())) as {\n header: { version: number; ciphersuite: string };\n signing_share: string;\n };\n\n const pkg = serde.round2PackageFromJson(packageData);\n packages.set(identifierToHex(identifier), pkg);\n }\n\n return packages;\n}\n\n/**\n * Build the response body for the finalize response.\n *\n * Port of `build_response_body()` from cmd/dkg/participant/finalize.rs lines 344-359.\n */\nfunction buildResponseBody(\n groupId: ARID,\n participantXid: XID,\n keyPackage: FrostKeyPackage,\n publicKeyPackage: FrostPublicKeyPackage,\n): Envelope {\n // Serialize key packages to JSON\n const keyPackageJson = serializeKeyPackage(keyPackage);\n const publicKeyPackageJson = serializePublicKeyPackage(publicKeyPackage);\n\n const keyJsonBytes = new TextEncoder().encode(JSON.stringify(keyPackageJson));\n const keyJsonWrapper = JSONWrapper.fromData(keyJsonBytes);\n\n const pubJsonBytes = new TextEncoder().encode(JSON.stringify(publicKeyPackageJson));\n const pubJsonWrapper = JSONWrapper.fromData(pubJsonBytes);\n\n return Envelope.unit()\n .addType(\"dkgFinalizeResponse\")\n .addAssertion(\"group\", groupId)\n .addAssertion(\"participant\", participantXid)\n .addAssertion(\"key_package\", keyJsonWrapper)\n .addAssertion(\"public_key_package\", pubJsonWrapper);\n}\n\n/**\n * Persist finalize state (key packages) to disk.\n *\n * Port of key package persistence from cmd/dkg/participant/finalize.rs lines 251-257.\n */\nfunction persistFinalizeState(\n registryPath: string,\n groupId: ARID,\n keyPackage: FrostKeyPackage,\n publicKeyPackage: FrostPublicKeyPackage,\n): { keyPackagePath: string; publicKeyPackagePath: string } {\n const stateDir = groupStateDir(registryPath, groupId.hex());\n fs.mkdirSync(stateDir, { recursive: true });\n\n // Serialize and save key package\n const serializedKeyPackage = serializeKeyPackage(keyPackage);\n const keyPackagePath = path.join(stateDir, \"key_package.json\");\n fs.writeFileSync(keyPackagePath, JSON.stringify(serializedKeyPackage, null, 2));\n\n // Serialize and save public key package\n const serializedPublicKeyPackage = serializePublicKeyPackage(publicKeyPackage);\n const publicKeyPackagePath = path.join(stateDir, \"public_key_package.json\");\n fs.writeFileSync(publicKeyPackagePath, JSON.stringify(serializedPublicKeyPackage, null, 2));\n\n return { keyPackagePath, publicKeyPackagePath };\n}\n\n/**\n * Execute the DKG participant finalize command.\n *\n * Responds to the finalize request from the coordinator, runs FROST DKG part3\n * to generate the final key package, and posts the response back.\n *\n * Port of `CommandArgs::exec()` from cmd/dkg/participant/finalize.rs lines 52-341.\n */\nexport async function finalize(\n _client: StorageClient | undefined,\n options: DkgFinalizeOptions,\n cwd: string,\n): Promise<DkgFinalizeResult> {\n if (options.storageSelection === undefined) {\n throw new Error(\"Hubert storage is required for finalize respond\");\n }\n\n const registryPath = resolveRegistryPath(options.registryPath, cwd);\n const registry = Registry.load(registryPath);\n\n const owner = registry.owner();\n if (owner === undefined) {\n throw new Error(\"Registry owner is required\");\n }\n\n const groupId = parseAridUr(options.groupId);\n const groupRecord = registry.group(groupId);\n if (groupRecord === undefined) {\n throw new Error(\"Group not found in registry\");\n }\n\n // Get the ARID where we're listening for the finalize request\n const listeningAtArid = groupRecord.listeningAtArid();\n if (listeningAtArid === undefined) {\n throw new Error(\"No listening ARID for this group. Did you receive finalize send?\");\n }\n\n // Load Round 2 state (secret and collected round1 packages)\n const round2State = loadRound2State(registryPath, groupId);\n\n if (isVerbose() || options.verbose === true) {\n console.error(\"Fetching finalize request from Hubert...\");\n }\n\n const client = await createStorageClient(options.storageSelection);\n\n // Fetch the finalize request from where we're listening\n const requestEnvelope = await getWithIndicator(\n client,\n listeningAtArid,\n \"Finalize request\",\n options.timeoutSeconds,\n options.verbose ?? false,\n );\n\n if (requestEnvelope === null || requestEnvelope === undefined) {\n throw new Error(\"Finalize request not found in Hubert storage\");\n }\n\n // Decrypt and validate the request\n const ownerPrivateKeys = owner.xidDocument().inceptionPrivateKeys();\n if (ownerPrivateKeys === undefined) {\n throw new Error(\"Owner XID document has no private keys\");\n }\n\n const now = CborDate.now().datetime();\n const sealedRequest = SealedRequest.tryFromEnvelope(\n requestEnvelope,\n undefined,\n now,\n ownerPrivateKeys,\n );\n\n // Validate the request and extract response ARID\n const expectedCoordinator = groupRecord.coordinator().xid();\n const responseArid = validateFinalizeRequest(sealedRequest, groupId, expectedCoordinator);\n\n // Build identifier mapping for round1 packages (XID UR -> Identifier hex)\n const sortedXids: XID[] = groupRecord.participants().map((p) => p.xid());\n\n // Add owner if not already in list\n const ownerUrString = owner.xid().urString();\n if (!sortedXids.some((xid) => xid.urString() === ownerUrString)) {\n sortedXids.push(owner.xid());\n }\n\n // Sort by XID byte order — mirrors Rust `XID::cmp` (raw 32-byte\n // lex compare). The earlier port used `urString().localeCompare(...)`,\n // which differs from byte order for any byte ≥ 0x80 and is locale-\n // aware, producing different FROST identifier assignments than Rust.\n sortedXids.sort((a, b) => compareXidBytes(a.toData(), b.toData()));\n\n // Deduplicate\n const deduped: XID[] = [];\n for (const xid of sortedXids) {\n if (deduped.length === 0 || deduped[deduped.length - 1].urString() !== xid.urString()) {\n deduped.push(xid);\n }\n }\n\n // Build XID -> Identifier mapping (1-indexed)\n const xidToIdentifier = new Map<string, FrostIdentifier>();\n for (let i = 0; i < deduped.length; i++) {\n const identifier = identifierFromU16(i + 1);\n xidToIdentifier.set(deduped[i].urString(), identifier);\n }\n\n // Convert round1 packages from XID-keyed to identifier-keyed (exclude self)\n const round1PackagesById = new Map<string, DkgRound1Package>();\n for (const [xidStr, pkg] of round2State.round1Packages) {\n if (xidStr === ownerUrString) {\n continue;\n }\n const identifier = xidToIdentifier.get(xidStr);\n if (identifier === undefined) {\n throw new Error(`Unknown participant XID ${xidStr}`);\n }\n round1PackagesById.set(identifierToHex(identifier), pkg);\n }\n\n // Extract Round 2 packages from the request (exclude self)\n const round2PackagesById = extractFinalizePackages(sealedRequest, groupRecord, owner.xid());\n\n if (isVerbose() || options.verbose === true) {\n console.error(`Received ${round2PackagesById.size} Round 2 packages. Running DKG part3...`);\n }\n\n // Run FROST DKG part3 (finalize)\n const [keyPackage, publicKeyPackage] = await dkgPart3(\n round2State.secretPackage,\n round1PackagesById,\n round2PackagesById,\n );\n\n // Get the group verifying key\n const verifyingKeyBytes = publicKeyPackage.verifyingKey;\n const groupVerifyingKey = signingKeyFromVerifying(verifyingKeyBytes);\n\n if (isVerbose() || options.verbose === true) {\n console.error(\"Generated key package and public key package.\");\n }\n\n // Persist key packages\n const { keyPackagePath, publicKeyPackagePath } = persistFinalizeState(\n registryPath,\n groupId,\n keyPackage,\n publicKeyPackage,\n );\n\n // Build response body\n const responseBody = buildResponseBody(groupId, owner.xid(), keyPackage, publicKeyPackage);\n\n const signerPrivateKeys = owner.xidDocument().inceptionPrivateKeys();\n if (signerPrivateKeys === undefined) {\n throw new Error(\"Owner XID document has no signing keys\");\n }\n\n // Get coordinator's XID document for encryption\n const coordinatorXid = groupRecord.coordinator().xid();\n const coordinatorRecord = registry.participant(coordinatorXid);\n let coordinatorDoc: XIDDocument;\n if (coordinatorRecord !== undefined) {\n coordinatorDoc = coordinatorRecord.xidDocument();\n } else {\n // Check if coordinator is the owner\n if (owner.xid().urString() === coordinatorXid.urString()) {\n coordinatorDoc = owner.xidDocument();\n } else {\n throw new Error(`Coordinator ${coordinatorXid.urString()} not found in registry`);\n }\n }\n\n // Get peer continuation from the request\n const peerContinuation = sealedRequest.peerContinuation();\n\n let sealed = SealedResponse.newSuccess(sealedRequest.id(), owner.xidDocument()).withResult(\n responseBody,\n );\n\n if (peerContinuation !== undefined) {\n sealed = sealed.withPeerContinuation(peerContinuation);\n }\n\n if (options.preview === true) {\n // Show the response envelope structure without encryption\n if (isVerbose() || options.verbose === true) {\n // Cast to access urString method\n const verifyingKeyWithUrString = groupVerifyingKey as { urString?: () => string };\n if (typeof verifyingKeyWithUrString.urString === \"function\") {\n console.error(verifyingKeyWithUrString.urString());\n }\n }\n const unsealedEnvelope = sealed.toEnvelope(\n undefined, // No expiration for responses\n signerPrivateKeys,\n undefined,\n );\n console.log(unsealedEnvelope.urString());\n\n return {\n verifyingKey: bytesToHex(verifyingKeyBytes),\n keyPackagePath,\n publicKeyPackagePath,\n };\n }\n\n const responseEnvelope = sealed.toEnvelope(\n undefined, // No expiration for responses\n signerPrivateKeys,\n coordinatorDoc,\n );\n\n // Post the response\n await putWithIndicator(\n client,\n responseArid,\n responseEnvelope,\n \"Finalize Response\",\n options.verbose ?? false,\n );\n\n // Update registry: contributions and verifying key\n const updatedGroupRecord = registry.group(groupId);\n if (updatedGroupRecord !== undefined) {\n const contributions = updatedGroupRecord.contributions();\n contributions.keyPackage = keyPackagePath;\n updatedGroupRecord.setContributions(contributions);\n updatedGroupRecord.clearListeningAtArid();\n\n // Set verifying key if the method exists\n const recordWithVerifyingKey = updatedGroupRecord as {\n setVerifyingKey?: (key: unknown) => void;\n };\n if (typeof recordWithVerifyingKey.setVerifyingKey === \"function\") {\n recordWithVerifyingKey.setVerifyingKey(groupVerifyingKey);\n }\n\n registry.save(registryPath);\n }\n\n // Get verifying key for output\n const verifyingKeyHex = bytesToHex(verifyingKeyBytes);\n\n if (isVerbose() || options.verbose === true) {\n console.error(`Posted finalize response to ${responseArid.urString()}`);\n // Cast to access urString method\n const verifyingKeyWithUrString = groupVerifyingKey as { urString?: () => string };\n if (typeof verifyingKeyWithUrString.urString === \"function\") {\n console.error(verifyingKeyWithUrString.urString());\n }\n } else {\n // Cast to access urString method\n const verifyingKeyWithUrString = groupVerifyingKey as { urString?: () => string };\n if (typeof verifyingKeyWithUrString.urString === \"function\") {\n console.log(verifyingKeyWithUrString.urString());\n }\n }\n\n return {\n verifyingKey: verifyingKeyHex,\n keyPackagePath,\n publicKeyPackagePath,\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+EA,SAAS,gBAAgB,cAAsB,SAA4B;CACzE,MAAM,WAAW,cAAc,cAAc,QAAQ,KAAK,CAAC;CAG3D,MAAM,mBAAmB,KAAK,KAAK,UAAU,qBAAqB;AAClE,KAAI,CAAC,GAAG,WAAW,iBAAiB,CAClC,OAAM,IAAI,MAAM,+BAA+B,iBAAiB,uBAAuB;CAqBzF,MAAM,aAAa,KAAK,MAAM,GAAG,aAAa,kBAAkB,QAAQ,CAAC;CAYzE,MAAM,UAAU,WAAW,WAAW,WAAW;CACjD,IAAI,gBAAgB;AACpB,KAAI,QAAQ,UAAU,EACpB,iBAAgB,QAAQ,KAAM,QAAQ,MAAM;AAE9C,KAAI,kBAAkB,EACpB,iBAAgB;CAElB,MAAM,aAAa,kBAAkB,cAAc;CAMnD,MAAM,aAAa,IAAI,kCAAkC,eAJ1B,WAAW,WAAW,KAAK,QACxD,sBAAsB,YAAY,eAAe,WAAW,IAAI,CAAC,CAG2B,CAAC;CAE/F,MAAM,oBAAoB,cAAc,kBAAkB,WAAW,WAAW,aAAa,CAAC;CAE9F,MAAM,gBAAwC,IAAI,OAAO,cACvD,eACA,YACA,YACA,mBACA,WAAW,aACX,WAAW,YACZ;CAGD,MAAM,aAAa,KAAK,KAAK,UAAU,wBAAwB;AAC/D,KAAI,CAAC,GAAG,WAAW,WAAW,CAC5B,OAAM,IAAI,MAAM,iCAAiC,WAAW,mCAAmC;CAGjG,MAAM,aAAa,KAAK,MAAM,GAAG,aAAa,YAAY,QAAQ,CAAC;CAGnE,MAAM,iCAAiB,IAAI,KAA+B;AAC1D,MAAK,MAAM,CAAC,QAAQ,UAAU,OAAO,QAAQ,WAAW,EAAE;EACxD,MAAM,cAAc;EAKpB,MAAM,MAAM,MAAM,sBAAsB,YAAY;AACpD,iBAAe,IAAI,QAAQ,IAAI;;AAGjC,QAAO;EAAE;EAAe;EAAgB;;;;;;;AAQ1C,SAAS,wBACP,eACA,SACA,qBACM;AAEN,KAAI,CAAC,cAAc,UAAU,CAAC,OAAOA,SAAiB,WAAW,cAAc,CAAC,CAC9E,OAAM,IAAI,MAAM,gCAAgC,cAAc,UAAU,CAAC,UAAU,GAAG;AAIxF,KAAI,cAAc,QAAQ,CAAC,KAAK,CAAC,UAAU,KAAK,oBAAoB,UAAU,CAC5E,OAAM,IAAI,MACR,8BAA8B,cAAc,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,yBAC3C,oBAAoB,UAAU,CAAC,GAC3D;CAIH,MAAM,yBAAyB,cAAc,mBAAmB,QAAQ;AACxE,KAAI,2BAA2B,KAAA,EAC7B,OAAM,IAAI,MAAM,kCAAkC;CAEpD,MAAM,iBAAiB,uBAAuB,gBAAgB,SAAS,KAAK,eAAe,KAAK,CAAC;AACjG,KAAI,eAAe,UAAU,KAAK,QAAQ,UAAU,CAClD,OAAM,IAAI,MACR,oBAAoB,eAAe,UAAU,CAAC,2BAA2B,QAAQ,UAAU,GAC5F;CAIH,MAAM,uBAAuB,cAAc,mBAAmB,eAAe;AAC7E,KAAI,yBAAyB,KAAA,EAC3B,OAAM,IAAI,MAAM,yCAAyC;AAI3D,QAFqB,qBAAqB,gBAAgB,SAAS,KAAK,eAAe,KAAK,CAEzE;;;;;;;AAQrB,SAAS,wBACP,SACA,aACA,UAC+B;CAE/B,MAAM,aAAoB,YAAY,cAAc,CAAC,KAAK,MAAM,EAAE,KAAK,CAAC;CAGxE,MAAM,gBAAgB,SAAS,UAAU;AACzC,KAAI,CAAC,WAAW,MAAM,QAAQ,IAAI,UAAU,KAAK,cAAc,CAC7D,YAAW,KAAK,SAAS;AAO3B,YAAW,MAAM,GAAG,MAAM,gBAAgB,EAAE,QAAQ,EAAE,EAAE,QAAQ,CAAC,CAAC;CAGlE,MAAM,UAAiB,EAAE;AACzB,MAAK,MAAM,OAAO,WAChB,KAAI,QAAQ,WAAW,KAAK,QAAQ,QAAQ,SAAS,GAAG,UAAU,KAAK,IAAI,UAAU,CACnF,SAAQ,KAAK,IAAI;CAKrB,MAAM,kCAAkB,IAAI,KAA8B;AAC1D,MAAK,IAAI,IAAI,GAAG,IAAI,QAAQ,QAAQ,KAAK;EACvC,MAAM,aAAa,kBAAkB,IAAI,EAAE;AAC3C,kBAAgB,IAAI,QAAQ,GAAG,UAAU,EAAE,WAAW;;CAGxD,MAAM,WAAW,SAAS,UAAU;CAGpC,MAAM,2BAAW,IAAI,KAA+B;CAEpD,MAAM,mBAAmB,QAAQ,oBAAoB,gBAAgB;AACrE,MAAK,MAAM,mBAAmB,kBAAkB;EAE9C,MAAM,iBAAiB,gBAAgB,mBAAmB,SAAS;AACnE,MAAI,mBAAmB,KAAA,EACrB,OAAM,IAAI,MAAM,yCAAyC;EAE3D,MAAM,YAAY,eAAe,gBAAgB,SAAS,IAAI,eAAe,KAAK,CAAC;AAGnF,MAAI,UAAU,UAAU,KAAK,SAC3B;EAIF,MAAM,aAAa,gBAAgB,IAAI,UAAU,UAAU,CAAC;AAC5D,MAAI,eAAe,KAAA,EACjB,OAAM,IAAI,MAAM,wCAAwC,UAAU,UAAU,GAAG;EAIjF,MAAM,cAAc,gBAAgB,gBAAgB,SAASC,OAAY,eAAe,KAAK,CAAC;EAC9F,MAAM,cAAc,KAAK,MAAM,IAAI,aAAa,CAAC,OAAO,YAAY,QAAQ,CAAC,CAAC;EAK9E,MAAM,MAAM,MAAM,sBAAsB,YAAY;AACpD,WAAS,IAAI,gBAAgB,WAAW,EAAE,IAAI;;AAGhD,QAAO;;;;;;;AAQT,SAAS,kBACP,SACA,gBACA,YACA,kBACU;CAEV,MAAM,iBAAiB,oBAAoB,WAAW;CACtD,MAAM,uBAAuB,0BAA0B,iBAAiB;CAExE,MAAM,eAAe,IAAI,aAAa,CAAC,OAAO,KAAK,UAAU,eAAe,CAAC;CAC7E,MAAM,iBAAiBA,OAAY,SAAS,aAAa;CAEzD,MAAM,eAAe,IAAI,aAAa,CAAC,OAAO,KAAK,UAAU,qBAAqB,CAAC;CACnF,MAAM,iBAAiBA,OAAY,SAAS,aAAa;AAEzD,QAAO,SAAS,MAAM,CACnB,QAAQ,sBAAsB,CAC9B,aAAa,SAAS,QAAQ,CAC9B,aAAa,eAAe,eAAe,CAC3C,aAAa,eAAe,eAAe,CAC3C,aAAa,sBAAsB,eAAe;;;;;;;AAQvD,SAAS,qBACP,cACA,SACA,YACA,kBAC0D;CAC1D,MAAM,WAAW,cAAc,cAAc,QAAQ,KAAK,CAAC;AAC3D,IAAG,UAAU,UAAU,EAAE,WAAW,MAAM,CAAC;CAG3C,MAAM,uBAAuB,oBAAoB,WAAW;CAC5D,MAAM,iBAAiB,KAAK,KAAK,UAAU,mBAAmB;AAC9D,IAAG,cAAc,gBAAgB,KAAK,UAAU,sBAAsB,MAAM,EAAE,CAAC;CAG/E,MAAM,6BAA6B,0BAA0B,iBAAiB;CAC9E,MAAM,uBAAuB,KAAK,KAAK,UAAU,0BAA0B;AAC3E,IAAG,cAAc,sBAAsB,KAAK,UAAU,4BAA4B,MAAM,EAAE,CAAC;AAE3F,QAAO;EAAE;EAAgB;EAAsB;;;;;;;;;;AAWjD,eAAsB,SACpB,SACA,SACA,KAC4B;AAC5B,KAAI,QAAQ,qBAAqB,KAAA,EAC/B,OAAM,IAAI,MAAM,kDAAkD;CAGpE,MAAM,eAAe,oBAAoB,QAAQ,cAAc,IAAI;CACnE,MAAM,WAAW,SAAS,KAAK,aAAa;CAE5C,MAAM,QAAQ,SAAS,OAAO;AAC9B,KAAI,UAAU,KAAA,EACZ,OAAM,IAAI,MAAM,6BAA6B;CAG/C,MAAM,UAAU,YAAY,QAAQ,QAAQ;CAC5C,MAAM,cAAc,SAAS,MAAM,QAAQ;AAC3C,KAAI,gBAAgB,KAAA,EAClB,OAAM,IAAI,MAAM,8BAA8B;CAIhD,MAAM,kBAAkB,YAAY,iBAAiB;AACrD,KAAI,oBAAoB,KAAA,EACtB,OAAM,IAAI,MAAM,mEAAmE;CAIrF,MAAM,cAAc,gBAAgB,cAAc,QAAQ;AAE1D,KAAI,WAAW,IAAI,QAAQ,YAAY,KACrC,SAAQ,MAAM,2CAA2C;CAG3D,MAAM,SAAS,MAAM,oBAAoB,QAAQ,iBAAiB;CAGlE,MAAM,kBAAkB,MAAM,iBAC5B,QACA,iBACA,oBACA,QAAQ,gBACR,QAAQ,WAAW,MACpB;AAED,KAAI,oBAAoB,QAAQ,oBAAoB,KAAA,EAClD,OAAM,IAAI,MAAM,+CAA+C;CAIjE,MAAM,mBAAmB,MAAM,aAAa,CAAC,sBAAsB;AACnE,KAAI,qBAAqB,KAAA,EACvB,OAAM,IAAI,MAAM,yCAAyC;CAG3D,MAAM,MAAM,SAAS,KAAK,CAAC,UAAU;CACrC,MAAM,gBAAgB,cAAc,gBAClC,iBACA,KAAA,GACA,KACA,iBACD;CAID,MAAM,eAAe,wBAAwB,eAAe,SADhC,YAAY,aAAa,CAAC,KACkC,CAAC;CAGzF,MAAM,aAAoB,YAAY,cAAc,CAAC,KAAK,MAAM,EAAE,KAAK,CAAC;CAGxE,MAAM,gBAAgB,MAAM,KAAK,CAAC,UAAU;AAC5C,KAAI,CAAC,WAAW,MAAM,QAAQ,IAAI,UAAU,KAAK,cAAc,CAC7D,YAAW,KAAK,MAAM,KAAK,CAAC;AAO9B,YAAW,MAAM,GAAG,MAAM,gBAAgB,EAAE,QAAQ,EAAE,EAAE,QAAQ,CAAC,CAAC;CAGlE,MAAM,UAAiB,EAAE;AACzB,MAAK,MAAM,OAAO,WAChB,KAAI,QAAQ,WAAW,KAAK,QAAQ,QAAQ,SAAS,GAAG,UAAU,KAAK,IAAI,UAAU,CACnF,SAAQ,KAAK,IAAI;CAKrB,MAAM,kCAAkB,IAAI,KAA8B;AAC1D,MAAK,IAAI,IAAI,GAAG,IAAI,QAAQ,QAAQ,KAAK;EACvC,MAAM,aAAa,kBAAkB,IAAI,EAAE;AAC3C,kBAAgB,IAAI,QAAQ,GAAG,UAAU,EAAE,WAAW;;CAIxD,MAAM,qCAAqB,IAAI,KAA+B;AAC9D,MAAK,MAAM,CAAC,QAAQ,QAAQ,YAAY,gBAAgB;AACtD,MAAI,WAAW,cACb;EAEF,MAAM,aAAa,gBAAgB,IAAI,OAAO;AAC9C,MAAI,eAAe,KAAA,EACjB,OAAM,IAAI,MAAM,2BAA2B,SAAS;AAEtD,qBAAmB,IAAI,gBAAgB,WAAW,EAAE,IAAI;;CAI1D,MAAM,qBAAqB,wBAAwB,eAAe,aAAa,MAAM,KAAK,CAAC;AAE3F,KAAI,WAAW,IAAI,QAAQ,YAAY,KACrC,SAAQ,MAAM,YAAY,mBAAmB,KAAK,yCAAyC;CAI7F,MAAM,CAAC,YAAY,oBAAoB,MAAM,SAC3C,YAAY,eACZ,oBACA,mBACD;CAGD,MAAM,oBAAoB,iBAAiB;CAC3C,MAAM,oBAAoB,wBAAwB,kBAAkB;AAEpE,KAAI,WAAW,IAAI,QAAQ,YAAY,KACrC,SAAQ,MAAM,gDAAgD;CAIhE,MAAM,EAAE,gBAAgB,yBAAyB,qBAC/C,cACA,SACA,YACA,iBACD;CAGD,MAAM,eAAe,kBAAkB,SAAS,MAAM,KAAK,EAAE,YAAY,iBAAiB;CAE1F,MAAM,oBAAoB,MAAM,aAAa,CAAC,sBAAsB;AACpE,KAAI,sBAAsB,KAAA,EACxB,OAAM,IAAI,MAAM,yCAAyC;CAI3D,MAAM,iBAAiB,YAAY,aAAa,CAAC,KAAK;CACtD,MAAM,oBAAoB,SAAS,YAAY,eAAe;CAC9D,IAAI;AACJ,KAAI,sBAAsB,KAAA,EACxB,kBAAiB,kBAAkB,aAAa;UAG5C,MAAM,KAAK,CAAC,UAAU,KAAK,eAAe,UAAU,CACtD,kBAAiB,MAAM,aAAa;KAEpC,OAAM,IAAI,MAAM,eAAe,eAAe,UAAU,CAAC,wBAAwB;CAKrF,MAAM,mBAAmB,cAAc,kBAAkB;CAEzD,IAAI,SAAS,eAAe,WAAW,cAAc,IAAI,EAAE,MAAM,aAAa,CAAC,CAAC,WAC9E,aACD;AAED,KAAI,qBAAqB,KAAA,EACvB,UAAS,OAAO,qBAAqB,iBAAiB;AAGxD,KAAI,QAAQ,YAAY,MAAM;AAE5B,MAAI,WAAW,IAAI,QAAQ,YAAY,MAAM;GAE3C,MAAM,2BAA2B;AACjC,OAAI,OAAO,yBAAyB,aAAa,WAC/C,SAAQ,MAAM,yBAAyB,UAAU,CAAC;;EAGtD,MAAM,mBAAmB,OAAO,WAC9B,KAAA,GACA,mBACA,KAAA,EACD;AACD,UAAQ,IAAI,iBAAiB,UAAU,CAAC;AAExC,SAAO;GACL,cAAc,WAAW,kBAAkB;GAC3C;GACA;GACD;;AAUH,OAAM,iBACJ,QACA,cATuB,OAAO,WAC9B,KAAA,GACA,mBACA,eAOgB,EAChB,qBACA,QAAQ,WAAW,MACpB;CAGD,MAAM,qBAAqB,SAAS,MAAM,QAAQ;AAClD,KAAI,uBAAuB,KAAA,GAAW;EACpC,MAAM,gBAAgB,mBAAmB,eAAe;AACxD,gBAAc,aAAa;AAC3B,qBAAmB,iBAAiB,cAAc;AAClD,qBAAmB,sBAAsB;EAGzC,MAAM,yBAAyB;AAG/B,MAAI,OAAO,uBAAuB,oBAAoB,WACpD,wBAAuB,gBAAgB,kBAAkB;AAG3D,WAAS,KAAK,aAAa;;CAI7B,MAAM,kBAAkB,WAAW,kBAAkB;AAErD,KAAI,WAAW,IAAI,QAAQ,YAAY,MAAM;AAC3C,UAAQ,MAAM,+BAA+B,aAAa,UAAU,GAAG;EAEvE,MAAM,2BAA2B;AACjC,MAAI,OAAO,yBAAyB,aAAa,WAC/C,SAAQ,MAAM,yBAAyB,UAAU,CAAC;QAE/C;EAEL,MAAM,2BAA2B;AACjC,MAAI,OAAO,yBAAyB,aAAa,WAC/C,SAAQ,IAAI,yBAAyB,UAAU,CAAC;;AAIpD,QAAO;EACL,cAAc;EACd;EACA;EACD"}

package/dist/finalize-IA01t_Qq.mjs ADDED Viewed

@@ -0,0 +1,290 @@
+import { n as __require, t as __exportAll } from "./chunk-CjcI7cDX.mjs";
+import { Registry, resolveRegistryPath } from "./registry/index.mjs";
+import { c as parseAridUr, h as signingKeyFromVerifying, n as isVerbose, t as groupStateDir } from "./common-CvH6dFvQ.mjs";
+import { t as getWithIndicator } from "./busy-DkM2jAIZ.mjs";
+import { f as parallelFetch, p as parallelFetchConfigWithTimeout } from "./parallel-D6zc6VW4.mjs";
+import { SealedResponse } from "@bcts/gstp";
+import * as fs from "node:fs";
+import * as path from "node:path";
+//#region src/cmd/dkg/coordinator/finalize.ts
+/**
+* Copyright © 2023-2026 Blockchain Commons, LLC
+* Copyright © 2025-2026 Parity Technologies
+*
+*
+* DKG coordinator finalize command.
+*
+* Port of cmd/dkg/coordinator/finalize.rs from frost-hubert-rust.
+*
+* @module
+*/
+var finalize_exports = /* @__PURE__ */ __exportAll({ finalize: () => finalize });
+/**
+* Validate that the owner is the coordinator of the group.
+*
+* Port of coordinator check from finalize.rs lines 76-82.
+*/
+function validateCoordinator(groupRecord, ownerXid) {
+	if (groupRecord.coordinator().xid().urString() !== ownerXid.urString()) throw new Error(`Only the coordinator can collect finalize responses. Coordinator: ${groupRecord.coordinator().xid().urString()}, Owner: ${ownerXid.urString()}`);
+}
+/**
+* Validate envelope and extract finalize data (for parallel fetch).
+*
+* Port of `validate_and_extract_finalize_response()` from finalize.rs lines 407-466.
+*/
+function validateAndExtractFinalizeResponse(envelope, coordinatorKeys, expectedGroupId, expectedParticipant) {
+	const now = /* @__PURE__ */ new Date();
+	let sealed;
+	try {
+		sealed = SealedResponse.tryFromEncryptedEnvelope(envelope, void 0, now, coordinatorKeys);
+	} catch (err) {
+		return { rejected: `Failed to decrypt/parse response: ${err instanceof Error ? err.message : String(err)}` };
+	}
+	if (!sealed.isOk()) try {
+		return { rejected: `Participant reported error: ${sealed.error().optionalObjectForPredicate("reason")?.extractString() ?? "unknown reason"}` };
+	} catch {
+		return { rejected: "Participant reported error: unknown reason" };
+	}
+	let result;
+	try {
+		result = sealed.result();
+	} catch {
+		return { rejected: "Finalize response has no result" };
+	}
+	try {
+		result.checkSubjectUnit();
+		result.checkType("dkgFinalizeResponse");
+	} catch (err) {
+		return { rejected: `Invalid response type: ${err instanceof Error ? err.message : String(err)}` };
+	}
+	try {
+		const groupId = parseAridUr(result.objectForPredicate("group").extractString());
+		if (groupId.urString() !== expectedGroupId.urString()) return { rejected: `Group ${groupId.urString()} does not match expected ${expectedGroupId.urString()}` };
+	} catch (err) {
+		return { rejected: `Failed to extract group: ${err instanceof Error ? err.message : String(err)}` };
+	}
+	try {
+		const participantStr = result.objectForPredicate("participant").extractString();
+		const { XID: XIDClass } = __require("@bcts/components");
+		const participantXid = XIDClass.fromURString(participantStr);
+		if (participantXid.urString() !== expectedParticipant.urString()) return { rejected: `Participant ${participantXid.urString()} does not match expected ${expectedParticipant.urString()}` };
+	} catch (err) {
+		return { rejected: `Failed to extract participant: ${err instanceof Error ? err.message : String(err)}` };
+	}
+	let keyPackage;
+	let publicKeyPackage;
+	try {
+		const keyJsonStr = result.objectForPredicate("key_package").extractString();
+		keyPackage = JSON.parse(keyJsonStr);
+	} catch (err) {
+		return { rejected: `Failed to parse key_package: ${err instanceof Error ? err.message : String(err)}` };
+	}
+	try {
+		const pubJsonStr = result.objectForPredicate("public_key_package").extractString();
+		publicKeyPackage = JSON.parse(pubJsonStr);
+	} catch (err) {
+		return { rejected: `Failed to parse public_key_package: ${err instanceof Error ? err.message : String(err)}` };
+	}
+	return {
+		keyPackage,
+		publicKeyPackage
+	};
+}
+/**
+* Fetch a finalize response sequentially.
+*
+* Port of `fetch_finalize_response()` from finalize.rs lines 282-358.
+*/
+async function fetchFinalizeResponse(client, responseArid, timeout, coordinatorKeys, expectedGroup, expectedParticipant, participantName) {
+	const envelope = await getWithIndicator(client, responseArid, participantName, timeout, isVerbose());
+	if (envelope === null || envelope === void 0) throw new Error("Finalize response not found in Hubert storage");
+	const result = validateAndExtractFinalizeResponse(envelope, coordinatorKeys, expectedGroup, expectedParticipant);
+	if ("rejected" in result) throw new Error(result.rejected);
+	return {
+		participant: expectedParticipant,
+		keyPackage: result.keyPackage,
+		publicKeyPackage: result.publicKeyPackage
+	};
+}
+/**
+* Collect finalize responses in parallel with progress display.
+*
+* Port of `collect_finalize_parallel()` from finalize.rs lines 371-404.
+*/
+async function collectFinalizeParallel(client, registry, pendingRequests, coordinatorKeys, expectedGroupId, timeout) {
+	const requests = [];
+	for (const [xid, arid] of pendingRequests.iterCollect()) {
+		const name = registry.participant(xid)?.petName() ?? xid.urString();
+		requests.push([
+			xid,
+			arid,
+			name
+		]);
+	}
+	return parallelFetch(client, requests, (envelope, xid) => validateAndExtractFinalizeResponse(envelope, coordinatorKeys, expectedGroupId, xid), parallelFetchConfigWithTimeout(timeout));
+}
+/**
+* Finalize collection results: persist, update registry, print summary.
+*
+* Port of `finalize_collection_results()` from finalize.rs lines 469-590.
+*/
+function finalizeFinalizeCollectionResults(collection, registryPath, registry, groupId) {
+	if (collection.rejections.length > 0) {
+		console.error();
+		console.error("Rejections:");
+		for (const [xid, reason] of collection.rejections) console.error(`  ${xid.urString()}: ${reason}`);
+	}
+	if (collection.errors.length > 0) {
+		console.error();
+		console.error("Errors:");
+		for (const [xid, error] of collection.errors) console.error(`  ${xid.urString()}: ${error}`);
+	}
+	if (collection.timeouts.length > 0) {
+		console.error();
+		console.error("Timeouts:");
+		for (const xid of collection.timeouts) console.error(`  ${xid.urString()}`);
+	}
+	if (!collection.allSucceeded()) throw new Error(`Finalize collection incomplete: ${collection.successes.length} succeeded, ${collection.rejections.length} rejected, ${collection.errors.length} errors, ${collection.timeouts.length} timeouts`);
+	let groupVerifyingKey;
+	for (const [xid, data] of collection.successes) {
+		const pubKeyPkg = data.publicKeyPackage;
+		if (!pubKeyPkg.verifying_key) throw new Error(`Failed to extract verifying key for ${xid.urString()}: missing verifying_key field`);
+		let signingKey;
+		try {
+			signingKey = signingKeyFromVerifying(hexToBytes(pubKeyPkg.verifying_key));
+		} catch (err) {
+			throw new Error(`Failed to extract verifying key for ${xid.urString()}: ${err instanceof Error ? err.message : String(err)}`, { cause: err });
+		}
+		if (groupVerifyingKey !== void 0) {
+			if (groupVerifyingKey.urString() !== signingKey.urString()) throw new Error(`Group verifying key mismatch for participant ${xid.urString()}`);
+		} else groupVerifyingKey = signingKey;
+	}
+	const stateDir = groupStateDir(registryPath, groupId.hex());
+	fs.mkdirSync(stateDir, { recursive: true });
+	const collectedPath = path.join(stateDir, "collected_finalize.json");
+	const root = {};
+	for (const [xid, data] of collection.successes) root[xid.urString()] = {
+		key_package: data.keyPackage,
+		public_key_package: data.publicKeyPackage
+	};
+	fs.writeFileSync(collectedPath, JSON.stringify(root, null, 2));
+	const groupRecord = registry.group(groupId);
+	if (groupRecord === void 0) throw new Error("Group not found in registry");
+	if (groupVerifyingKey !== void 0) groupRecord.setVerifyingKey(groupVerifyingKey);
+	groupRecord.clearPendingRequests();
+	registry.save(registryPath);
+	if (isVerbose()) {
+		console.error();
+		console.error(`Collected ${collection.successes.length} finalize responses. Saved to ${collectedPath}`);
+		if (groupVerifyingKey !== void 0) console.error(groupVerifyingKey.urString());
+	} else if (groupVerifyingKey !== void 0) console.log(groupVerifyingKey.urString());
+	return groupVerifyingKey;
+}
+/**
+* Helper to convert hex string to bytes.
+*/
+function hexToBytes(hex) {
+	const bytes = new Uint8Array(hex.length / 2);
+	for (let i = 0; i < bytes.length; i++) bytes[i] = parseInt(hex.slice(i * 2, i * 2 + 2), 16);
+	return bytes;
+}
+/**
+* Execute the DKG coordinator finalize command.
+*
+* Collects finalize responses (key/public key packages) from all participants.
+*
+* Port of `finalize()` from cmd/dkg/coordinator/finalize.rs.
+*/
+async function finalize(client, options, cwd) {
+	const registryPath = resolveRegistryPath(options.registryPath, cwd);
+	const registry = Registry.load(registryPath);
+	const owner = registry.owner();
+	if (owner === void 0) throw new Error("Registry owner is required");
+	const groupId = parseAridUr(options.groupId);
+	const groupRecord = registry.group(groupId);
+	if (groupRecord === void 0) throw new Error(`Group ${options.groupId} not found in registry`);
+	validateCoordinator(groupRecord, owner.xid());
+	const pendingRequests = groupRecord.pendingRequests();
+	if (pendingRequests.isEmpty()) throw new Error("No pending requests for this group. Did you run 'frost dkg coordinator finalize send'?");
+	const coordinatorKeys = owner.xidDocument().inceptionPrivateKeys();
+	if (coordinatorKeys === void 0) throw new Error("Coordinator XID document has no private keys");
+	let verifyingKey;
+	let collected;
+	let rejected = 0;
+	let errors;
+	let timeouts = 0;
+	if (options.parallel === true) {
+		const collection = await collectFinalizeParallel(client, registry, pendingRequests, coordinatorKeys, groupId, options.timeoutSeconds);
+		verifyingKey = finalizeFinalizeCollectionResults(collection, registryPath, registry, groupId);
+		collected = collection.successes.length;
+		rejected = collection.rejections.length;
+		errors = collection.errors.length;
+		timeouts = collection.timeouts.length;
+	} else {
+		const collectedEntries = [];
+		const errorEntries = [];
+		let groupVerifyingKey;
+		if (isVerbose()) console.error(`Collecting finalize responses from ${pendingRequests.len()} participants...`);
+		for (const [participantXid, collectFromArid] of pendingRequests.iterCollect()) {
+			const name = registry.participant(participantXid)?.petName() ?? participantXid.urString();
+			try {
+				const entry = await fetchFinalizeResponse(client, collectFromArid, options.timeoutSeconds, coordinatorKeys, groupId, participantXid, name);
+				const pubKeyPkg = entry.publicKeyPackage;
+				if (!pubKeyPkg.verifying_key) throw new Error("missing verifying_key field");
+				const signingKey = signingKeyFromVerifying(hexToBytes(pubKeyPkg.verifying_key));
+				if (groupVerifyingKey !== void 0) {
+					if (groupVerifyingKey.urString() !== signingKey.urString()) {
+						if (isVerbose()) console.error("error: group verifying key mismatch");
+						errorEntries.push([participantXid, "Group verifying key mismatch across responses"]);
+						continue;
+					}
+				} else groupVerifyingKey = signingKey;
+				collectedEntries.push(entry);
+			} catch (err) {
+				if (isVerbose()) console.error(`error: ${err instanceof Error ? err.message : String(err)}`);
+				errorEntries.push([participantXid, err instanceof Error ? err.message : String(err)]);
+			}
+		}
+		if (errorEntries.length > 0) {
+			if (isVerbose()) {
+				console.error();
+				console.error(`Failed to collect from ${errorEntries.length} participants:`);
+				for (const [xid, error] of errorEntries) console.error(`  ${xid.urString()}: ${error}`);
+			}
+			throw new Error(`Finalize collection incomplete: ${errorEntries.length} of ${pendingRequests.len()} responses failed`);
+		}
+		const stateDir = groupStateDir(registryPath, groupId.hex());
+		fs.mkdirSync(stateDir, { recursive: true });
+		const collectedPath = path.join(stateDir, "collected_finalize.json");
+		const root = {};
+		for (const entry of collectedEntries) root[entry.participant.urString()] = {
+			key_package: entry.keyPackage,
+			public_key_package: entry.publicKeyPackage
+		};
+		fs.writeFileSync(collectedPath, JSON.stringify(root, null, 2));
+		const groupRecordMut = registry.group(groupId);
+		if (groupRecordMut === void 0) throw new Error("Group not found in registry");
+		if (groupVerifyingKey !== void 0) groupRecordMut.setVerifyingKey(groupVerifyingKey);
+		groupRecordMut.clearPendingRequests();
+		registry.save(registryPath);
+		if (isVerbose()) {
+			console.error();
+			console.error(`Collected ${collectedEntries.length} finalize responses. Saved to ${collectedPath}`);
+			if (groupVerifyingKey !== void 0) console.error(groupVerifyingKey.urString());
+		} else if (groupVerifyingKey !== void 0) console.log(groupVerifyingKey.urString());
+		verifyingKey = groupVerifyingKey;
+		collected = collectedEntries.length;
+		errors = errorEntries.length;
+	}
+	return {
+		verifyingKey: verifyingKey?.urString() ?? "",
+		collected,
+		rejected,
+		errors,
+		timeouts
+	};
+}
+//#endregion
+export { finalize_exports as n, finalize as t };
+//# sourceMappingURL=finalize-IA01t_Qq.mjs.map