@bcts/frost-hubert 1.0.0-alpha.22 → 1.0.0-beta.0

package/dist/round1-CcQCGlIT.mjs

@@ -0,0 +1,208 @@
+import { t as __exportAll } from "./chunk-CjcI7cDX.mjs";
+import { Registry, resolveRegistryPath } from "./registry/index.mjs";
+import { c as parseAridUr } from "./common-CvH6dFvQ.mjs";
+import { n as putWithIndicator } from "./busy-DkM2jAIZ.mjs";
+import { t as createStorageClient } from "./storage-Bkkliz0K.mjs";
+import { createRng, deserializeKeyPackage, serializeSigningCommitments, serializeSigningNonces, signingRound1 } from "./frost/index.mjs";
+import { n as signingStateDir } from "./common-DUWvtc08.mjs";
+import { ARID, JSON as JSON$1, XID } from "@bcts/components";
+import { CborDate } from "@bcts/dcbor";
+import { Envelope, Function } from "@bcts/envelope";
+import { SealedRequest, SealedResponse } from "@bcts/gstp";
+import * as fs from "node:fs";
+import * as path from "node:path";
+//#region src/cmd/sign/participant/round1.ts
+/**
+* Copyright © 2023-2026 Blockchain Commons, LLC
+* Copyright © 2025-2026 Parity Technologies
+*
+*
+* Sign participant round 1 command.
+*
+* Port of cmd/sign/participant/round1.rs from frost-hubert-rust.
+*
+* @module
+*/
+var round1_exports = /* @__PURE__ */ __exportAll({ round1: () => round1 });
+/**
+* Load receive state from persisted sign_receive.json.
+*
+* Port of `load_receive_state()` from cmd/sign/participant/round1.rs lines 285-411.
+*/
+function loadReceiveState(registryPath, sessionId, groupHint, registry) {
+	const base = path.dirname(registryPath);
+	const groupStateDir = path.join(base, "group-state");
+	let groupDirs;
+	if (groupHint !== void 0) groupDirs = [[groupHint, path.join(groupStateDir, groupHint.hex())]];
+	else {
+		groupDirs = [];
+		if (fs.existsSync(groupStateDir)) {
+			for (const entry of fs.readdirSync(groupStateDir, { withFileTypes: true })) if (entry.isDirectory()) {
+				const dirName = entry.name;
+				if (dirName.length === 64 && /^[0-9a-fA-F]+$/.test(dirName)) {
+					const groupId = ARID.fromHex(dirName);
+					groupDirs.push([groupId, path.join(groupStateDir, dirName)]);
+				}
+			}
+		}
+	}
+	const candidates = [];
+	for (const [groupId, groupDir] of groupDirs) {
+		const candidate = path.join(groupDir, "signing", sessionId.hex(), "sign_receive.json");
+		if (fs.existsSync(candidate)) candidates.push([groupId, candidate]);
+	}
+	if (candidates.length === 0) throw new Error("No sign_receive.json found for this session; run `frost sign participant receive` first");
+	if (candidates.length > 1) throw new Error("Multiple groups contain this session; use --group to disambiguate");
+	const [groupId, filePath] = candidates[0];
+	const raw = JSON.parse(fs.readFileSync(filePath, "utf-8"));
+	const sessionInState = parseAridUr(raw.session);
+	if (sessionInState.urString() !== sessionId.urString()) throw new Error(`Session ${sessionInState.urString()} in sign_receive.json does not match requested session ${sessionId.urString()}`);
+	const responseArid = parseAridUr(raw.response_arid);
+	const targetUr = raw.target;
+	const coordinatorUr = raw.coordinator;
+	const coordinatorXid = XID.fromURString(coordinatorUr);
+	let coordinatorDoc;
+	const participantRecord = registry.participant(coordinatorXid);
+	if (participantRecord !== null && participantRecord !== void 0) coordinatorDoc = participantRecord.xidDocument();
+	else {
+		const owner = registry.owner();
+		if (owner?.xid().urString() === coordinatorXid.urString()) coordinatorDoc = owner.xidDocument();
+		else throw new Error(`Coordinator ${coordinatorXid.urString()} not found in registry and cannot resolve encryption key`);
+	}
+	const requestEnvelope = Envelope.fromURString(raw.request_envelope);
+	const participants = raw.participants.map((s) => XID.fromURString(s));
+	return {
+		groupId,
+		coordinatorDoc,
+		responseArid,
+		targetUr,
+		participants,
+		requestEnvelope
+	};
+}
+/**
+* Validate the commit request from persisted state.
+*
+* Port of request validation in `CommandArgs::exec()` from cmd/sign/participant/round1.rs lines 100-138.
+*/
+function validateCommitRequest(receiveState, sessionId, ownerXid, ownerPrivateKeys) {
+	const now = CborDate.now();
+	const sealedRequest = SealedRequest.tryFromEnvelope(receiveState.requestEnvelope, void 0, now.datetime(), ownerPrivateKeys);
+	if (!sealedRequest.request().function().equals(Function.fromString("signInvite"))) throw new Error(`Unexpected request function: ${String(sealedRequest.request().function())}`);
+	if (sealedRequest.request().id().urString() !== sessionId.urString()) throw new Error(`Session ID mismatch (state ${sessionId.urString()}, request ${sealedRequest.request().id().urString()})`);
+	const requestGroup = sealedRequest.extractObjectForParameter("group");
+	if (requestGroup.urString() !== receiveState.groupId.urString()) throw new Error(`Group ID mismatch (state ${receiveState.groupId.urString()}, request ${requestGroup.urString()})`);
+	if (!receiveState.participants.map((p) => p.urString()).includes(ownerXid.urString())) throw new Error("Persisted signInvite request does not include this participant");
+	return sealedRequest;
+}
+/**
+* Build the response body envelope.
+*
+* Port of response body building from cmd/sign/participant/round1.rs lines 191-195.
+*/
+function buildResponseBody(sessionId, commitments, responseArid) {
+	const serializedCommitments = serializeSigningCommitments(commitments);
+	const jsonStr = JSON.stringify(serializedCommitments);
+	const jsonBytes = new TextEncoder().encode(jsonStr);
+	const commitmentsJson = JSON$1.fromData(jsonBytes);
+	return Envelope.unit().addType("signRound1Response").addAssertion("session", sessionId).addAssertion("commitments", commitmentsJson.taggedCborData()).addAssertion("response_arid", responseArid);
+}
+/**
+* Persist commit state (nonces and commitments) to disk.
+*
+* Port of `persist_commit_state()` from cmd/sign/participant/round1.rs lines 413-461.
+*/
+function persistCommitState(registryPath, groupId, sessionId, receiveState, signingNonces, signingCommitments, targetEnvelope, nextShareArid) {
+	const dir = signingStateDir(registryPath, groupId.hex(), sessionId.hex());
+	fs.mkdirSync(dir, { recursive: true });
+	const serializedNonces = serializeSigningNonces(signingNonces);
+	const serializedCommitments = serializeSigningCommitments(signingCommitments);
+	const commitState = {
+		session: sessionId.urString(),
+		response_arid: receiveState.responseArid.urString(),
+		next_share_arid: nextShareArid.urString(),
+		target: targetEnvelope.urString(),
+		signing_nonces: serializedNonces,
+		signing_commitments: serializedCommitments
+	};
+	fs.writeFileSync(path.join(dir, "commit.json"), JSON.stringify(commitState, null, 2));
+}
+/**
+* Execute the sign participant round 1 command.
+*
+* Responds to the sign invite with signing commitments.
+*
+* Port of `CommandArgs::exec()` from cmd/sign/participant/round1.rs lines 58-273.
+*/
+async function round1(_client, options, cwd) {
+	if (options.storageSelection === void 0 && options.preview !== true) throw new Error("Hubert storage is required for sign commit");
+	if (options.storageSelection !== void 0 && options.preview === true) throw new Error("--preview cannot be used with Hubert storage options");
+	const registryPath = resolveRegistryPath(options.registryPath, cwd);
+	const registry = Registry.load(registryPath);
+	const owner = registry.owner();
+	if (!owner) throw new Error("Registry owner is required");
+	const sessionId = parseAridUr(options.sessionId);
+	const receiveState = loadReceiveState(registryPath, sessionId, options.groupId !== void 0 ? parseAridUr(options.groupId) : void 0, registry);
+	const groupId = receiveState.groupId;
+	const groupRecord = registry.group(groupId);
+	if (groupRecord === null || groupRecord === void 0) throw new Error("Group not found in registry");
+	const ownerKeys = owner.xidDocument().inceptionPrivateKeys();
+	if (ownerKeys === void 0) throw new Error("Owner XID document has no private keys");
+	const sealedRequest = validateCommitRequest(receiveState, sessionId, owner.xid(), ownerKeys);
+	const contributions = groupRecord.contributions();
+	if (contributions === null || contributions === void 0) throw new Error("Key package path not found; did you finish DKG?");
+	const keyPackagePath = contributions.keyPackage;
+	if (keyPackagePath === void 0) throw new Error("Key package path not found; did you finish DKG?");
+	const keyPackage = deserializeKeyPackage(JSON.parse(fs.readFileSync(keyPackagePath, "utf-8")).key_package);
+	const targetEnvelope = Envelope.fromURString(receiveState.targetUr);
+	const signerPrivateKeys = owner.xidDocument().inceptionPrivateKeys();
+	if (signerPrivateKeys === void 0) throw new Error("Owner XID document has no signing keys");
+	let sealedResponse;
+	let nextShareArid;
+	if (options.rejectReason !== void 0) {
+		const errorBody = Envelope.new("signCommitReject").addAssertion("group", groupId).addAssertion("session", sessionId).addAssertion("reason", options.rejectReason);
+		sealedResponse = SealedResponse.newFailure(sealedRequest.request().id(), owner.xidDocument()).withError(errorBody).withPeerContinuation(sealedRequest.peerContinuation());
+	} else {
+		const [signingNonces, signingCommitments] = signingRound1(keyPackage, createRng());
+		const nextShare = ARID.new();
+		nextShareArid = nextShare;
+		const responseBody = buildResponseBody(sessionId, signingCommitments, nextShare);
+		if (options.preview !== true) {
+			persistCommitState(registryPath, groupId, sessionId, receiveState, signingNonces, signingCommitments, targetEnvelope, nextShare);
+			const groupRecordMut = registry.group(groupId);
+			if (groupRecordMut !== null && groupRecordMut !== void 0) {
+				groupRecordMut.setListeningAtArid(nextShare);
+				registry.save(registryPath);
+			}
+		}
+		sealedResponse = SealedResponse.newSuccess(sealedRequest.request().id(), owner.xidDocument()).withResult(responseBody).withPeerContinuation(sealedRequest.peerContinuation());
+	}
+	if (options.preview === true) {
+		const envelopeUr = sealedResponse.toEnvelope(void 0, signerPrivateKeys, void 0).urString();
+		console.log(envelopeUr);
+		return {
+			accepted: options.rejectReason === void 0,
+			envelopeUr
+		};
+	}
+	const validUntil = new Date(Date.now() + 3600 * 1e3);
+	const responseEnvelope = sealedResponse.toEnvelope(validUntil, signerPrivateKeys, receiveState.coordinatorDoc);
+	if (options.storageSelection === void 0) throw new Error("Storage selection is required to post response");
+	const client = await createStorageClient(options.storageSelection);
+	if (options.verbose === true) console.error(`Posting signInvite response to ${receiveState.responseArid.urString()}`);
+	await putWithIndicator(client, receiveState.responseArid, responseEnvelope, "Commitments", options.verbose ?? false);
+	if (options.rejectReason !== void 0) {
+		const groupRecordMut = registry.group(groupId);
+		if (groupRecordMut !== null && groupRecordMut !== void 0) {
+			groupRecordMut.clearListeningAtArid();
+			registry.save(registryPath);
+		}
+	}
+	const result = { accepted: options.rejectReason === void 0 };
+	if (nextShareArid !== void 0) result.listeningArid = nextShareArid.urString();
+	return result;
+}
+//#endregion
+export { round1_exports as n, round1 as t };
+
+//# sourceMappingURL=round1-CcQCGlIT.mjs.map

package/dist/round1-CcQCGlIT.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"round1-CcQCGlIT.mjs","names":["EnvelopeFunction","JSONWrapper"],"sources":["../src/cmd/sign/participant/round1.ts"],"sourcesContent":["/**\n * Copyright © 2023-2026 Blockchain Commons, LLC\n * Copyright © 2025-2026 Parity Technologies\n *\n *\n * Sign participant round 1 command.\n *\n * Port of cmd/sign/participant/round1.rs from frost-hubert-rust.\n *\n * @module\n */\n\nimport * as fs from \"node:fs\";\nimport * as path from \"node:path\";\n\nimport { ARID, JSON as JSONWrapper, type PrivateKeys, XID } from \"@bcts/components\";\nimport { CborDate } from \"@bcts/dcbor\";\nimport { Envelope, Function as EnvelopeFunction } from \"@bcts/envelope\";\nimport { SealedRequest, SealedResponse } from \"@bcts/gstp\";\nimport type { XIDDocument } from \"@bcts/xid\";\n\nimport { Registry, resolveRegistryPath } from \"../../../registry/index.js\";\nimport { putWithIndicator } from \"../../busy.js\";\nimport { createStorageClient, type StorageClient, type StorageSelection } from \"../../storage.js\";\nimport { parseAridUr } from \"../../dkg/common.js\";\nimport { signingStateDir } from \"../common.js\";\nimport {\n  signingRound1,\n  deserializeKeyPackage,\n  serializeSigningNonces,\n  serializeSigningCommitments,\n  createRng,\n  type SerializedKeyPackage,\n  type SerializedSigningNonces,\n  type SerializedSigningCommitments,\n  type Ed25519SigningNonces,\n  type Ed25519SigningCommitments,\n} from \"../../../frost/index.js\";\n\n/**\n * Options for the sign round1 command.\n */\nexport interface SignRound1Options {\n  registryPath?: string;\n  sessionId: string;\n  groupId?: string;\n  preview?: boolean;\n  rejectReason?: string;\n  storageSelection?: StorageSelection;\n  verbose?: boolean;\n}\n\n/**\n * Result of the sign round1 command.\n */\nexport interface SignRound1Result {\n  accepted: boolean;\n  listeningArid?: string;\n  envelopeUr?: string;\n}\n\n/**\n * Persisted receive state from sign_receive.json.\n *\n * Port of `struct ReceiveState` from cmd/sign/participant/round1.rs.\n */\ninterface ReceiveState {\n  groupId: ARID;\n  coordinatorDoc: XIDDocument;\n  responseArid: ARID;\n  targetUr: string;\n  participants: XID[];\n  requestEnvelope: Envelope;\n}\n\n/**\n * Load receive state from persisted sign_receive.json.\n *\n * Port of `load_receive_state()` from cmd/sign/participant/round1.rs lines 285-411.\n */\nfunction loadReceiveState(\n  registryPath: string,\n  sessionId: ARID,\n  groupHint: ARID | undefined,\n  registry: Registry,\n): ReceiveState {\n  const base = path.dirname(registryPath);\n  const groupStateDir = path.join(base, \"group-state\");\n\n  // Collect candidate directories\n  let groupDirs: [ARID, string][];\n  if (groupHint !== undefined) {\n    groupDirs = [[groupHint, path.join(groupStateDir, groupHint.hex())]];\n  } else {\n    groupDirs = [];\n    if (fs.existsSync(groupStateDir)) {\n      for (const entry of fs.readdirSync(groupStateDir, { withFileTypes: true })) {\n        if (entry.isDirectory()) {\n          const dirName = entry.name;\n          // Check if it's a 64-character hex string (ARID hex)\n          if (dirName.length === 64 && /^[0-9a-fA-F]+$/.test(dirName)) {\n            const groupId = ARID.fromHex(dirName);\n            groupDirs.push([groupId, path.join(groupStateDir, dirName)]);\n          }\n        }\n      }\n    }\n  }\n\n  // Search for sign_receive.json\n  const candidates: [ARID, string][] = [];\n  for (const [groupId, groupDir] of groupDirs) {\n    const candidate = path.join(groupDir, \"signing\", sessionId.hex(), \"sign_receive.json\");\n    if (fs.existsSync(candidate)) {\n      candidates.push([groupId, candidate]);\n    }\n  }\n\n  if (candidates.length === 0) {\n    throw new Error(\n      \"No sign_receive.json found for this session; run `frost sign participant receive` first\",\n    );\n  }\n  if (candidates.length > 1) {\n    throw new Error(\"Multiple groups contain this session; use --group to disambiguate\");\n  }\n\n  const [groupId, filePath] = candidates[0];\n\n  // Parse the JSON file\n  interface SignReceiveJson {\n    session: string;\n    group: string;\n    response_arid: string;\n    target: string;\n    coordinator: string;\n    participants: string[];\n    request_envelope: string;\n  }\n\n  const raw = JSON.parse(fs.readFileSync(filePath, \"utf-8\")) as SignReceiveJson;\n\n  // Validate session matches\n  const sessionInState = parseAridUr(raw.session);\n  if (sessionInState.urString() !== sessionId.urString()) {\n    throw new Error(\n      `Session ${sessionInState.urString()} in sign_receive.json does not match requested session ${sessionId.urString()}`,\n    );\n  }\n\n  const responseArid = parseAridUr(raw.response_arid);\n  const targetUr = raw.target;\n  const coordinatorUr = raw.coordinator;\n  const coordinatorXid = XID.fromURString(coordinatorUr);\n\n  // Resolve coordinator document from registry\n  let coordinatorDoc: XIDDocument;\n  const participantRecord = registry.participant(coordinatorXid);\n  if (participantRecord !== null && participantRecord !== undefined) {\n    coordinatorDoc = participantRecord.xidDocument();\n  } else {\n    const owner = registry.owner();\n    if (owner?.xid().urString() === coordinatorXid.urString()) {\n      coordinatorDoc = owner.xidDocument();\n    } else {\n      throw new Error(\n        `Coordinator ${coordinatorXid.urString()} not found in registry and cannot resolve encryption key`,\n      );\n    }\n  }\n\n  // Parse request envelope\n  const requestEnvelope = Envelope.fromURString(raw.request_envelope);\n\n  // Parse participants\n  const participants: XID[] = raw.participants.map((s: string) => XID.fromURString(s));\n\n  return {\n    groupId,\n    coordinatorDoc,\n    responseArid,\n    targetUr,\n    participants,\n    requestEnvelope,\n  };\n}\n\n/**\n * Validate the commit request from persisted state.\n *\n * Port of request validation in `CommandArgs::exec()` from cmd/sign/participant/round1.rs lines 100-138.\n */\nfunction validateCommitRequest(\n  receiveState: ReceiveState,\n  sessionId: ARID,\n  ownerXid: XID,\n  ownerPrivateKeys: PrivateKeys,\n): SealedRequest {\n  const now = CborDate.now();\n\n  // Decrypt and parse the request\n  const sealedRequest = SealedRequest.tryFromEnvelope(\n    receiveState.requestEnvelope,\n    undefined,\n    now.datetime(),\n    ownerPrivateKeys,\n  );\n\n  // Validate function\n  if (!sealedRequest.request().function().equals(EnvelopeFunction.fromString(\"signInvite\"))) {\n    throw new Error(`Unexpected request function: ${String(sealedRequest.request().function())}`);\n  }\n\n  // Validate session ID\n  if (sealedRequest.request().id().urString() !== sessionId.urString()) {\n    throw new Error(\n      `Session ID mismatch (state ${sessionId.urString()}, request ${sealedRequest.request().id().urString()})`,\n    );\n  }\n\n  // Validate group ID\n  const requestGroup = sealedRequest.extractObjectForParameter<ARID>(\"group\");\n  if (requestGroup.urString() !== receiveState.groupId.urString()) {\n    throw new Error(\n      `Group ID mismatch (state ${receiveState.groupId.urString()}, request ${requestGroup.urString()})`,\n    );\n  }\n\n  // Validate participant is included\n  const participantUrStrings = receiveState.participants.map((p) => p.urString());\n  if (!participantUrStrings.includes(ownerXid.urString())) {\n    throw new Error(\"Persisted signInvite request does not include this participant\");\n  }\n\n  return sealedRequest;\n}\n\n/**\n * Build the response body envelope.\n *\n * Port of response body building from cmd/sign/participant/round1.rs lines 191-195.\n */\nfunction buildResponseBody(\n  sessionId: ARID,\n  commitments: Ed25519SigningCommitments,\n  responseArid: ARID,\n): Envelope {\n  // Serialize commitments to JSON and wrap as CBOR JSON\n  const serializedCommitments = serializeSigningCommitments(commitments);\n  const jsonStr = JSON.stringify(serializedCommitments);\n  const jsonBytes = new TextEncoder().encode(jsonStr);\n  const commitmentsJson = JSONWrapper.fromData(jsonBytes);\n\n  // Build response body: unit subject with type and assertions\n  return Envelope.unit()\n    .addType(\"signRound1Response\")\n    .addAssertion(\"session\", sessionId)\n    .addAssertion(\"commitments\", commitmentsJson.taggedCborData())\n    .addAssertion(\"response_arid\", responseArid);\n}\n\n/**\n * Persist commit state (nonces and commitments) to disk.\n *\n * Port of `persist_commit_state()` from cmd/sign/participant/round1.rs lines 413-461.\n */\nfunction persistCommitState(\n  registryPath: string,\n  groupId: ARID,\n  sessionId: ARID,\n  receiveState: ReceiveState,\n  signingNonces: Ed25519SigningNonces,\n  signingCommitments: Ed25519SigningCommitments,\n  targetEnvelope: Envelope,\n  nextShareArid: ARID,\n): void {\n  const dir = signingStateDir(registryPath, groupId.hex(), sessionId.hex());\n  fs.mkdirSync(dir, { recursive: true });\n\n  // Serialize nonces and commitments\n  const serializedNonces = serializeSigningNonces(signingNonces);\n  const serializedCommitments = serializeSigningCommitments(signingCommitments);\n\n  // Build commit state JSON\n  const commitState: {\n    session: string;\n    response_arid: string;\n    next_share_arid: string;\n    target: string;\n    signing_nonces: SerializedSigningNonces;\n    signing_commitments: SerializedSigningCommitments;\n  } = {\n    session: sessionId.urString(),\n    response_arid: receiveState.responseArid.urString(),\n    next_share_arid: nextShareArid.urString(),\n    target: targetEnvelope.urString(),\n    signing_nonces: serializedNonces,\n    signing_commitments: serializedCommitments,\n  };\n\n  fs.writeFileSync(path.join(dir, \"commit.json\"), JSON.stringify(commitState, null, 2));\n}\n\n/**\n * Execute the sign participant round 1 command.\n *\n * Responds to the sign invite with signing commitments.\n *\n * Port of `CommandArgs::exec()` from cmd/sign/participant/round1.rs lines 58-273.\n */\nexport async function round1(\n  _client: StorageClient | undefined,\n  options: SignRound1Options,\n  cwd: string,\n): Promise<SignRound1Result> {\n  // Validate options\n  if (options.storageSelection === undefined && options.preview !== true) {\n    throw new Error(\"Hubert storage is required for sign commit\");\n  }\n  if (options.storageSelection !== undefined && options.preview === true) {\n    throw new Error(\"--preview cannot be used with Hubert storage options\");\n  }\n\n  const registryPath = resolveRegistryPath(options.registryPath, cwd);\n  const registry = Registry.load(registryPath);\n\n  const owner = registry.owner();\n  if (!owner) {\n    throw new Error(\"Registry owner is required\");\n  }\n\n  const sessionId = parseAridUr(options.sessionId);\n  const groupHint = options.groupId !== undefined ? parseAridUr(options.groupId) : undefined;\n\n  // Load receive state\n  const receiveState = loadReceiveState(registryPath, sessionId, groupHint, registry);\n  const groupId = receiveState.groupId;\n\n  // Get group record\n  const groupRecord = registry.group(groupId);\n  if (groupRecord === null || groupRecord === undefined) {\n    throw new Error(\"Group not found in registry\");\n  }\n\n  // Get owner private keys\n  const ownerKeys = owner.xidDocument().inceptionPrivateKeys();\n  if (ownerKeys === undefined) {\n    throw new Error(\"Owner XID document has no private keys\");\n  }\n\n  // Validate the commit request\n  const sealedRequest = validateCommitRequest(receiveState, sessionId, owner.xid(), ownerKeys);\n\n  // Load key package\n  const contributions = groupRecord.contributions();\n  if (contributions === null || contributions === undefined) {\n    throw new Error(\"Key package path not found; did you finish DKG?\");\n  }\n  const keyPackagePath = contributions.keyPackage;\n  if (keyPackagePath === undefined) {\n    throw new Error(\"Key package path not found; did you finish DKG?\");\n  }\n\n  interface KeyPackageFile {\n    group: string;\n    key_package: SerializedKeyPackage;\n  }\n\n  const keyPackageFile = JSON.parse(fs.readFileSync(keyPackagePath, \"utf-8\")) as KeyPackageFile;\n  const keyPackage = deserializeKeyPackage(keyPackageFile.key_package);\n\n  // Parse target envelope\n  const targetEnvelope = Envelope.fromURString(receiveState.targetUr);\n\n  const signerPrivateKeys = owner.xidDocument().inceptionPrivateKeys();\n  if (signerPrivateKeys === undefined) {\n    throw new Error(\"Owner XID document has no signing keys\");\n  }\n\n  let sealedResponse: SealedResponse;\n  let nextShareArid: ARID | undefined;\n\n  if (options.rejectReason !== undefined) {\n    // Build rejection response\n    const errorBody = Envelope.new(\"signCommitReject\")\n      .addAssertion(\"group\", groupId)\n      .addAssertion(\"session\", sessionId)\n      .addAssertion(\"reason\", options.rejectReason);\n\n    sealedResponse = SealedResponse.newFailure(sealedRequest.request().id(), owner.xidDocument())\n      .withError(errorBody)\n      .withPeerContinuation(sealedRequest.peerContinuation());\n  } else {\n    // Run signing round 1 - generate nonces and commitments\n    const rng = createRng();\n    const [signingNonces, signingCommitments] = signingRound1(keyPackage, rng);\n\n    const nextShare = ARID.new();\n    nextShareArid = nextShare;\n\n    // Build response body\n    const responseBody = buildResponseBody(sessionId, signingCommitments, nextShare);\n\n    // Persist commit state (unless preview mode)\n    if (options.preview !== true) {\n      persistCommitState(\n        registryPath,\n        groupId,\n        sessionId,\n        receiveState,\n        signingNonces,\n        signingCommitments,\n        targetEnvelope,\n        nextShare,\n      );\n\n      // Update listening ARID for next request\n      const groupRecordMut = registry.group(groupId);\n      if (groupRecordMut !== null && groupRecordMut !== undefined) {\n        groupRecordMut.setListeningAtArid(nextShare);\n        registry.save(registryPath);\n      }\n    }\n\n    sealedResponse = SealedResponse.newSuccess(sealedRequest.request().id(), owner.xidDocument())\n      .withResult(responseBody)\n      .withPeerContinuation(sealedRequest.peerContinuation());\n  }\n\n  // Handle preview mode\n  if (options.preview === true) {\n    const unsealed = sealedResponse.toEnvelope(undefined, signerPrivateKeys, undefined);\n    const envelopeUr = unsealed.urString();\n    console.log(envelopeUr);\n    return {\n      accepted: options.rejectReason === undefined,\n      envelopeUr,\n    };\n  }\n\n  // Build encrypted response envelope\n  const validUntil = new Date(Date.now() + 60 * 60 * 1000); // 1 hour from now\n  const responseEnvelope = sealedResponse.toEnvelope(\n    validUntil,\n    signerPrivateKeys,\n    receiveState.coordinatorDoc,\n  );\n\n  // Post response to Hubert storage\n  if (options.storageSelection === undefined) {\n    throw new Error(\"Storage selection is required to post response\");\n  }\n  const client = await createStorageClient(options.storageSelection);\n\n  if (options.verbose === true) {\n    console.error(`Posting signInvite response to ${receiveState.responseArid.urString()}`);\n  }\n\n  await putWithIndicator(\n    client,\n    receiveState.responseArid,\n    responseEnvelope,\n    \"Commitments\",\n    options.verbose ?? false,\n  );\n\n  // On reject, clear listening ARID\n  if (options.rejectReason !== undefined) {\n    const groupRecordMut = registry.group(groupId);\n    if (groupRecordMut !== null && groupRecordMut !== undefined) {\n      groupRecordMut.clearListeningAtArid();\n      registry.save(registryPath);\n    }\n  }\n\n  const result: SignRound1Result = {\n    accepted: options.rejectReason === undefined,\n  };\n  if (nextShareArid !== undefined) {\n    result.listeningArid = nextShareArid.urString();\n  }\n  return result;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgFA,SAAS,iBACP,cACA,WACA,WACA,UACc;CACd,MAAM,OAAO,KAAK,QAAQ,aAAa;CACvC,MAAM,gBAAgB,KAAK,KAAK,MAAM,cAAc;CAGpD,IAAI;AACJ,KAAI,cAAc,KAAA,EAChB,aAAY,CAAC,CAAC,WAAW,KAAK,KAAK,eAAe,UAAU,KAAK,CAAC,CAAC,CAAC;MAC/D;AACL,cAAY,EAAE;AACd,MAAI,GAAG,WAAW,cAAc;QACzB,MAAM,SAAS,GAAG,YAAY,eAAe,EAAE,eAAe,MAAM,CAAC,CACxE,KAAI,MAAM,aAAa,EAAE;IACvB,MAAM,UAAU,MAAM;AAEtB,QAAI,QAAQ,WAAW,MAAM,iBAAiB,KAAK,QAAQ,EAAE;KAC3D,MAAM,UAAU,KAAK,QAAQ,QAAQ;AACrC,eAAU,KAAK,CAAC,SAAS,KAAK,KAAK,eAAe,QAAQ,CAAC,CAAC;;;;;CAQtE,MAAM,aAA+B,EAAE;AACvC,MAAK,MAAM,CAAC,SAAS,aAAa,WAAW;EAC3C,MAAM,YAAY,KAAK,KAAK,UAAU,WAAW,UAAU,KAAK,EAAE,oBAAoB;AACtF,MAAI,GAAG,WAAW,UAAU,CAC1B,YAAW,KAAK,CAAC,SAAS,UAAU,CAAC;;AAIzC,KAAI,WAAW,WAAW,EACxB,OAAM,IAAI,MACR,0FACD;AAEH,KAAI,WAAW,SAAS,EACtB,OAAM,IAAI,MAAM,oEAAoE;CAGtF,MAAM,CAAC,SAAS,YAAY,WAAW;CAavC,MAAM,MAAM,KAAK,MAAM,GAAG,aAAa,UAAU,QAAQ,CAAC;CAG1D,MAAM,iBAAiB,YAAY,IAAI,QAAQ;AAC/C,KAAI,eAAe,UAAU,KAAK,UAAU,UAAU,CACpD,OAAM,IAAI,MACR,WAAW,eAAe,UAAU,CAAC,yDAAyD,UAAU,UAAU,GACnH;CAGH,MAAM,eAAe,YAAY,IAAI,cAAc;CACnD,MAAM,WAAW,IAAI;CACrB,MAAM,gBAAgB,IAAI;CAC1B,MAAM,iBAAiB,IAAI,aAAa,cAAc;CAGtD,IAAI;CACJ,MAAM,oBAAoB,SAAS,YAAY,eAAe;AAC9D,KAAI,sBAAsB,QAAQ,sBAAsB,KAAA,EACtD,kBAAiB,kBAAkB,aAAa;MAC3C;EACL,MAAM,QAAQ,SAAS,OAAO;AAC9B,MAAI,OAAO,KAAK,CAAC,UAAU,KAAK,eAAe,UAAU,CACvD,kBAAiB,MAAM,aAAa;MAEpC,OAAM,IAAI,MACR,eAAe,eAAe,UAAU,CAAC,0DAC1C;;CAKL,MAAM,kBAAkB,SAAS,aAAa,IAAI,iBAAiB;CAGnE,MAAM,eAAsB,IAAI,aAAa,KAAK,MAAc,IAAI,aAAa,EAAE,CAAC;AAEpF,QAAO;EACL;EACA;EACA;EACA;EACA;EACA;EACD;;;;;;;AAQH,SAAS,sBACP,cACA,WACA,UACA,kBACe;CACf,MAAM,MAAM,SAAS,KAAK;CAG1B,MAAM,gBAAgB,cAAc,gBAClC,aAAa,iBACb,KAAA,GACA,IAAI,UAAU,EACd,iBACD;AAGD,KAAI,CAAC,cAAc,SAAS,CAAC,UAAU,CAAC,OAAOA,SAAiB,WAAW,aAAa,CAAC,CACvF,OAAM,IAAI,MAAM,gCAAgC,OAAO,cAAc,SAAS,CAAC,UAAU,CAAC,GAAG;AAI/F,KAAI,cAAc,SAAS,CAAC,IAAI,CAAC,UAAU,KAAK,UAAU,UAAU,CAClE,OAAM,IAAI,MACR,8BAA8B,UAAU,UAAU,CAAC,YAAY,cAAc,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,GACxG;CAIH,MAAM,eAAe,cAAc,0BAAgC,QAAQ;AAC3E,KAAI,aAAa,UAAU,KAAK,aAAa,QAAQ,UAAU,CAC7D,OAAM,IAAI,MACR,4BAA4B,aAAa,QAAQ,UAAU,CAAC,YAAY,aAAa,UAAU,CAAC,GACjG;AAKH,KAAI,CADyB,aAAa,aAAa,KAAK,MAAM,EAAE,UAAU,CACrD,CAAC,SAAS,SAAS,UAAU,CAAC,CACrD,OAAM,IAAI,MAAM,iEAAiE;AAGnF,QAAO;;;;;;;AAQT,SAAS,kBACP,WACA,aACA,cACU;CAEV,MAAM,wBAAwB,4BAA4B,YAAY;CACtE,MAAM,UAAU,KAAK,UAAU,sBAAsB;CACrD,MAAM,YAAY,IAAI,aAAa,CAAC,OAAO,QAAQ;CACnD,MAAM,kBAAkBC,OAAY,SAAS,UAAU;AAGvD,QAAO,SAAS,MAAM,CACnB,QAAQ,qBAAqB,CAC7B,aAAa,WAAW,UAAU,CAClC,aAAa,eAAe,gBAAgB,gBAAgB,CAAC,CAC7D,aAAa,iBAAiB,aAAa;;;;;;;AAQhD,SAAS,mBACP,cACA,SACA,WACA,cACA,eACA,oBACA,gBACA,eACM;CACN,MAAM,MAAM,gBAAgB,cAAc,QAAQ,KAAK,EAAE,UAAU,KAAK,CAAC;AACzE,IAAG,UAAU,KAAK,EAAE,WAAW,MAAM,CAAC;CAGtC,MAAM,mBAAmB,uBAAuB,cAAc;CAC9D,MAAM,wBAAwB,4BAA4B,mBAAmB;CAG7E,MAAM,cAOF;EACF,SAAS,UAAU,UAAU;EAC7B,eAAe,aAAa,aAAa,UAAU;EACnD,iBAAiB,cAAc,UAAU;EACzC,QAAQ,eAAe,UAAU;EACjC,gBAAgB;EAChB,qBAAqB;EACtB;AAED,IAAG,cAAc,KAAK,KAAK,KAAK,cAAc,EAAE,KAAK,UAAU,aAAa,MAAM,EAAE,CAAC;;;;;;;;;AAUvF,eAAsB,OACpB,SACA,SACA,KAC2B;AAE3B,KAAI,QAAQ,qBAAqB,KAAA,KAAa,QAAQ,YAAY,KAChE,OAAM,IAAI,MAAM,6CAA6C;AAE/D,KAAI,QAAQ,qBAAqB,KAAA,KAAa,QAAQ,YAAY,KAChE,OAAM,IAAI,MAAM,uDAAuD;CAGzE,MAAM,eAAe,oBAAoB,QAAQ,cAAc,IAAI;CACnE,MAAM,WAAW,SAAS,KAAK,aAAa;CAE5C,MAAM,QAAQ,SAAS,OAAO;AAC9B,KAAI,CAAC,MACH,OAAM,IAAI,MAAM,6BAA6B;CAG/C,MAAM,YAAY,YAAY,QAAQ,UAAU;CAIhD,MAAM,eAAe,iBAAiB,cAAc,WAHlC,QAAQ,YAAY,KAAA,IAAY,YAAY,QAAQ,QAAQ,GAAG,KAAA,GAGP,SAAS;CACnF,MAAM,UAAU,aAAa;CAG7B,MAAM,cAAc,SAAS,MAAM,QAAQ;AAC3C,KAAI,gBAAgB,QAAQ,gBAAgB,KAAA,EAC1C,OAAM,IAAI,MAAM,8BAA8B;CAIhD,MAAM,YAAY,MAAM,aAAa,CAAC,sBAAsB;AAC5D,KAAI,cAAc,KAAA,EAChB,OAAM,IAAI,MAAM,yCAAyC;CAI3D,MAAM,gBAAgB,sBAAsB,cAAc,WAAW,MAAM,KAAK,EAAE,UAAU;CAG5F,MAAM,gBAAgB,YAAY,eAAe;AACjD,KAAI,kBAAkB,QAAQ,kBAAkB,KAAA,EAC9C,OAAM,IAAI,MAAM,kDAAkD;CAEpE,MAAM,iBAAiB,cAAc;AACrC,KAAI,mBAAmB,KAAA,EACrB,OAAM,IAAI,MAAM,kDAAkD;CASpE,MAAM,aAAa,sBADI,KAAK,MAAM,GAAG,aAAa,gBAAgB,QAAQ,CACnB,CAAC,YAAY;CAGpE,MAAM,iBAAiB,SAAS,aAAa,aAAa,SAAS;CAEnE,MAAM,oBAAoB,MAAM,aAAa,CAAC,sBAAsB;AACpE,KAAI,sBAAsB,KAAA,EACxB,OAAM,IAAI,MAAM,yCAAyC;CAG3D,IAAI;CACJ,IAAI;AAEJ,KAAI,QAAQ,iBAAiB,KAAA,GAAW;EAEtC,MAAM,YAAY,SAAS,IAAI,mBAAmB,CAC/C,aAAa,SAAS,QAAQ,CAC9B,aAAa,WAAW,UAAU,CAClC,aAAa,UAAU,QAAQ,aAAa;AAE/C,mBAAiB,eAAe,WAAW,cAAc,SAAS,CAAC,IAAI,EAAE,MAAM,aAAa,CAAC,CAC1F,UAAU,UAAU,CACpB,qBAAqB,cAAc,kBAAkB,CAAC;QACpD;EAGL,MAAM,CAAC,eAAe,sBAAsB,cAAc,YAD9C,WAC6D,CAAC;EAE1E,MAAM,YAAY,KAAK,KAAK;AAC5B,kBAAgB;EAGhB,MAAM,eAAe,kBAAkB,WAAW,oBAAoB,UAAU;AAGhF,MAAI,QAAQ,YAAY,MAAM;AAC5B,sBACE,cACA,SACA,WACA,cACA,eACA,oBACA,gBACA,UACD;GAGD,MAAM,iBAAiB,SAAS,MAAM,QAAQ;AAC9C,OAAI,mBAAmB,QAAQ,mBAAmB,KAAA,GAAW;AAC3D,mBAAe,mBAAmB,UAAU;AAC5C,aAAS,KAAK,aAAa;;;AAI/B,mBAAiB,eAAe,WAAW,cAAc,SAAS,CAAC,IAAI,EAAE,MAAM,aAAa,CAAC,CAC1F,WAAW,aAAa,CACxB,qBAAqB,cAAc,kBAAkB,CAAC;;AAI3D,KAAI,QAAQ,YAAY,MAAM;EAE5B,MAAM,aADW,eAAe,WAAW,KAAA,GAAW,mBAAmB,KAAA,EAC9C,CAAC,UAAU;AACtC,UAAQ,IAAI,WAAW;AACvB,SAAO;GACL,UAAU,QAAQ,iBAAiB,KAAA;GACnC;GACD;;CAIH,MAAM,aAAa,IAAI,KAAK,KAAK,KAAK,GAAG,OAAU,IAAK;CACxD,MAAM,mBAAmB,eAAe,WACtC,YACA,mBACA,aAAa,eACd;AAGD,KAAI,QAAQ,qBAAqB,KAAA,EAC/B,OAAM,IAAI,MAAM,iDAAiD;CAEnE,MAAM,SAAS,MAAM,oBAAoB,QAAQ,iBAAiB;AAElE,KAAI,QAAQ,YAAY,KACtB,SAAQ,MAAM,kCAAkC,aAAa,aAAa,UAAU,GAAG;AAGzF,OAAM,iBACJ,QACA,aAAa,cACb,kBACA,eACA,QAAQ,WAAW,MACpB;AAGD,KAAI,QAAQ,iBAAiB,KAAA,GAAW;EACtC,MAAM,iBAAiB,SAAS,MAAM,QAAQ;AAC9C,MAAI,mBAAmB,QAAQ,mBAAmB,KAAA,GAAW;AAC3D,kBAAe,sBAAsB;AACrC,YAAS,KAAK,aAAa;;;CAI/B,MAAM,SAA2B,EAC/B,UAAU,QAAQ,iBAAiB,KAAA,GACpC;AACD,KAAI,kBAAkB,KAAA,EACpB,QAAO,gBAAgB,cAAc,UAAU;AAEjD,QAAO"}