npm - @bcts/frost-hubert - Versions diffs - 1.0.0-alpha.22 → 1.0.0-beta.0 - Mend

@bcts/frost-hubert 1.0.0-alpha.22 → 1.0.0-beta.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (174) hide show

package/dist/bin/frost.cjs +347 -75
package/dist/bin/frost.cjs.map +1 -1
package/dist/bin/frost.mjs +347 -75
package/dist/bin/frost.mjs.map +1 -1
package/dist/busy-DkM2jAIZ.mjs +27 -0
package/dist/busy-DkM2jAIZ.mjs.map +1 -0
package/dist/busy-EZU7EKr6.cjs +38 -0
package/dist/busy-EZU7EKr6.cjs.map +1 -0
package/dist/{chunk-uaV2rQ02.cjs → chunk-CZWwpsFl.cjs} +22 -32
package/dist/{chunk-ClPoSABd.mjs → chunk-CjcI7cDX.mjs} +6 -12
package/dist/cmd/index.cjs +46 -43
package/dist/cmd/index.d.cts +2 -4
package/dist/cmd/index.d.mts +2 -4
package/dist/cmd/index.mjs +7 -6
package/dist/cmd-Bw9_i2_f.cjs +130 -0
package/dist/cmd-Bw9_i2_f.cjs.map +1 -0
package/dist/cmd-CS1uJtuD.mjs +113 -0
package/dist/cmd-CS1uJtuD.mjs.map +1 -0
package/dist/common-CvH6dFvQ.mjs +282 -0
package/dist/common-CvH6dFvQ.mjs.map +1 -0
package/dist/common-DUWvtc08.mjs +96 -0
package/dist/common-DUWvtc08.mjs.map +1 -0
package/dist/common-lKP5EzHy.cjs +372 -0
package/dist/common-lKP5EzHy.cjs.map +1 -0
package/dist/common-lThIvJmZ.cjs +114 -0
package/dist/common-lThIvJmZ.cjs.map +1 -0
package/dist/dkg/index.cjs +245 -7
package/dist/dkg/index.cjs.map +1 -0
package/dist/dkg/index.d.cts +2 -2
package/dist/dkg/index.d.mts +2 -2
package/dist/dkg/index.mjs +238 -2
package/dist/dkg/index.mjs.map +1 -0
package/dist/finalize-BRgJK-Xv.cjs +402 -0
package/dist/finalize-BRgJK-Xv.cjs.map +1 -0
package/dist/finalize-BfLgzn8f.cjs +303 -0
package/dist/finalize-BfLgzn8f.cjs.map +1 -0
package/dist/finalize-CNTDj6aS.mjs +389 -0
package/dist/finalize-CNTDj6aS.mjs.map +1 -0
package/dist/finalize-EC3ikHQq.mjs +252 -0
package/dist/finalize-EC3ikHQq.mjs.map +1 -0
package/dist/finalize-IA01t_Qq.mjs +290 -0
package/dist/finalize-IA01t_Qq.mjs.map +1 -0
package/dist/finalize-UPyI1yb1.cjs +265 -0
package/dist/finalize-UPyI1yb1.cjs.map +1 -0
package/dist/frost/index.cjs +8 -9
package/dist/frost/index.cjs.map +1 -1
package/dist/frost/index.mjs +2 -3
package/dist/frost/index.mjs.map +1 -1
package/dist/{group-invite-Dz1Jmiky.d.cts → index-B3c-80VS.d.cts} +25 -2
package/dist/index-B3c-80VS.d.cts.map +1 -0
package/dist/{index-CcvTi5EA.d.cts → index-BgbSGpxn.d.mts} +102 -80
package/dist/index-BgbSGpxn.d.mts.map +1 -0
package/dist/{registry-impl-CE76sTXQ.d.cts → index-C8QeHNwa.d.cts} +46 -2
package/dist/index-C8QeHNwa.d.cts.map +1 -0
package/dist/{group-invite-Wk9CIbHL.d.mts → index-D3QTWkEm.d.mts} +25 -2
package/dist/index-D3QTWkEm.d.mts.map +1 -0
package/dist/{registry-impl-BETn_lEO.d.mts → index-DVbWyOs7.d.mts} +46 -2
package/dist/index-DVbWyOs7.d.mts.map +1 -0
package/dist/{index-DNCPeLNM.d.mts → index-F1iNEAJR.d.cts} +102 -80
package/dist/index-F1iNEAJR.d.cts.map +1 -0
package/dist/index.cjs +72 -68
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +4 -7
package/dist/index.d.cts.map +1 -1
package/dist/index.d.mts +4 -7
package/dist/index.d.mts.map +1 -1
package/dist/index.mjs +11 -10
package/dist/index.mjs.map +1 -1
package/dist/invite-5277FQVT.cjs +274 -0
package/dist/invite-5277FQVT.cjs.map +1 -0
package/dist/invite-DUTcfTgX.cjs +109 -0
package/dist/invite-DUTcfTgX.cjs.map +1 -0
package/dist/invite-IU4n0dq2.mjs +96 -0
package/dist/invite-IU4n0dq2.mjs.map +1 -0
package/dist/invite-RU-OXTNS.mjs +219 -0
package/dist/invite-RU-OXTNS.mjs.map +1 -0
package/dist/parallel-D1R6ZGlY.cjs +318 -0
package/dist/parallel-D1R6ZGlY.cjs.map +1 -0
package/dist/parallel-D6zc6VW4.mjs +235 -0
package/dist/parallel-D6zc6VW4.mjs.map +1 -0
package/dist/proposed-participant-Dm1Eq6mX.cjs +141 -0
package/dist/proposed-participant-Dm1Eq6mX.cjs.map +1 -0
package/dist/proposed-participant-cWM7iUrO.mjs +129 -0
package/dist/proposed-participant-cWM7iUrO.mjs.map +1 -0
package/dist/receive-CAI-x4II.cjs +213 -0
package/dist/receive-CAI-x4II.cjs.map +1 -0
package/dist/receive-D2Nn68L7.mjs +188 -0
package/dist/receive-D2Nn68L7.mjs.map +1 -0
package/dist/receive-DA_KQEgk.mjs +177 -0
package/dist/receive-DA_KQEgk.mjs.map +1 -0
package/dist/receive-kZMsXhbK.cjs +190 -0
package/dist/receive-kZMsXhbK.cjs.map +1 -0
package/dist/registry/index.cjs +881 -13
package/dist/registry/index.cjs.map +1 -0
package/dist/registry/index.d.cts +1 -1
package/dist/registry/index.d.mts +1 -1
package/dist/registry/index.mjs +867 -2
package/dist/registry/index.mjs.map +1 -0
package/dist/{registry-FMU-ec5K.cjs → registry-9puTaRrD.cjs} +28 -31
package/dist/registry-9puTaRrD.cjs.map +1 -0
package/dist/{registry-BDnNV1Rk.mjs → registry-BpCwtrRt.mjs} +7 -10
package/dist/{registry-BDnNV1Rk.mjs.map → registry-BpCwtrRt.mjs.map} +1 -1
package/dist/round1-4Hyx8w0x.cjs +422 -0
package/dist/round1-4Hyx8w0x.cjs.map +1 -0
package/dist/round1-7v9LlE11.mjs +373 -0
package/dist/round1-7v9LlE11.mjs.map +1 -0
package/dist/round1-BHBjru1m.cjs +465 -0
package/dist/round1-BHBjru1m.cjs.map +1 -0
package/dist/round1-CMLKN2RR.mjs +195 -0
package/dist/round1-CMLKN2RR.mjs.map +1 -0
package/dist/round1-CWSXZx5R.cjs +208 -0
package/dist/round1-CWSXZx5R.cjs.map +1 -0
package/dist/round1-CcQCGlIT.mjs +208 -0
package/dist/round1-CcQCGlIT.mjs.map +1 -0
package/dist/round1-Cgm7j1kI.mjs +452 -0
package/dist/round1-Cgm7j1kI.mjs.map +1 -0
package/dist/round1-DQ0fnc1H.cjs +221 -0
package/dist/round1-DQ0fnc1H.cjs.map +1 -0
package/dist/round2-BWz9SQIi.cjs +305 -0
package/dist/round2-BWz9SQIi.cjs.map +1 -0
package/dist/round2-BkNRCXgS.mjs +292 -0
package/dist/round2-BkNRCXgS.mjs.map +1 -0
package/dist/round2-Bl2uK93U.mjs +450 -0
package/dist/round2-Bl2uK93U.mjs.map +1 -0
package/dist/round2-CdUT-AhH.cjs +499 -0
package/dist/round2-CdUT-AhH.cjs.map +1 -0
package/dist/round2-DOA3rnV-.mjs +280 -0
package/dist/round2-DOA3rnV-.mjs.map +1 -0
package/dist/round2-Dg24w-TU.mjs +397 -0
package/dist/round2-Dg24w-TU.mjs.map +1 -0
package/dist/round2-LylCa84n.cjs +293 -0
package/dist/round2-LylCa84n.cjs.map +1 -0
package/dist/round2-o2Q-GMbX.cjs +410 -0
package/dist/round2-o2Q-GMbX.cjs.map +1 -0
package/dist/storage-B-Gu68-O.cjs +79 -0
package/dist/storage-B-Gu68-O.cjs.map +1 -0
package/dist/storage-Bkkliz0K.mjs +74 -0
package/dist/storage-Bkkliz0K.mjs.map +1 -0
package/package.json +17 -17
package/src/bin/frost.ts +849 -128
package/src/cmd/common.ts +19 -1
package/src/cmd/dkg/common.ts +97 -10
package/src/cmd/dkg/coordinator/invite.ts +5 -2
package/src/cmd/dkg/participant/finalize.ts +52 -18
package/src/cmd/dkg/participant/round1.ts +39 -38
package/src/cmd/dkg/participant/round2.ts +60 -26
package/src/cmd/sign/coordinator/round2.ts +5 -1
package/src/cmd/sign/participant/finalize.ts +6 -2
package/src/cmd/sign/participant/receive.ts +5 -2
package/src/dkg/group-invite.ts +12 -2
package/src/dkg/proposed-participant.ts +33 -5
package/src/frost/index.ts +1 -1
package/src/registry/owner-record.ts +13 -2
package/src/registry/participant-record.ts +36 -4
package/src/registry/registry-impl.ts +74 -18
package/dist/group-invite-CrbOabFL.cjs +0 -368
package/dist/group-invite-CrbOabFL.cjs.map +0 -1
package/dist/group-invite-Dz1Jmiky.d.cts.map +0 -1
package/dist/group-invite-RPElq-fm.mjs +0 -338
package/dist/group-invite-RPElq-fm.mjs.map +0 -1
package/dist/group-invite-Wk9CIbHL.d.mts.map +0 -1
package/dist/index-CcvTi5EA.d.cts.map +0 -1
package/dist/index-DNCPeLNM.d.mts.map +0 -1
package/dist/registry-FMU-ec5K.cjs.map +0 -1
package/dist/registry-impl-BETn_lEO.d.mts.map +0 -1
package/dist/registry-impl-C7w4awTv.cjs +0 -865
package/dist/registry-impl-C7w4awTv.cjs.map +0 -1
package/dist/registry-impl-CE76sTXQ.d.cts.map +0 -1
package/dist/registry-impl-eYXVSPwM.mjs +0 -797
package/dist/registry-impl-eYXVSPwM.mjs.map +0 -1
package/dist/sign-2bOp18Fs.cjs +0 -4875
package/dist/sign-2bOp18Fs.cjs.map +0 -1
package/dist/sign-D8C3HJ4B.mjs +0 -4736
package/dist/sign-D8C3HJ4B.mjs.map +0 -1

package/dist/round2-BWz9SQIi.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"round2-BWz9SQIi.cjs","names":["path","fs","ARIDClass","parseAridUr","XIDClass","signingStateDir","Nonce","Ed25519Sha512","serde","SigningNonces","deserializeSigningCommitments","EnvelopeFunction","JSONComponent","identifierFromU16","serializeSignatureShare","Envelope","serializeSigningCommitments","resolveRegistryPath","Registry","deserializeKeyPackage","getWithIndicator","CborDate","signingRound2","createSigningPackage","putWithIndicator"],"sources":["../src/cmd/sign/participant/round2.ts"],"sourcesContent":["/**\n * Copyright © 2023-2026 Blockchain Commons, LLC\n * Copyright © 2025-2026 Parity Technologies\n *\n *\n * Sign participant round 2 command.\n *\n * Port of cmd/sign/participant/round2.rs from frost-hubert-rust.\n *\n * @module\n */\n\n/* eslint-disable @typescript-eslint/no-unsafe-call */\n\nimport * as fs from \"node:fs\";\nimport * as path from \"node:path\";\n\nimport {\n type ARID,\n type XID,\n XID as XIDClass,\n ARID as ARIDClass,\n JSON as JSONComponent,\n type Digest,\n} from \"@bcts/components\";\nimport { CborDate } from \"@bcts/dcbor\";\nimport { Envelope, Function as EnvelopeFunction } from \"@bcts/envelope\";\nimport { type XIDDocument } from \"@bcts/xid\";\n\nimport { Registry, resolveRegistryPath } from \"../../../registry/index.js\";\nimport { getWithIndicator, putWithIndicator } from \"../../busy.js\";\nimport { type StorageClient } from \"../../storage.js\";\nimport { parseAridUr } from \"../../dkg/common.js\";\nimport { signingStateDir } from \"../common.js\";\nimport {\n signingRound2,\n createSigningPackage,\n deserializeKeyPackage,\n deserializeSigningCommitments,\n serializeSignatureShare,\n serializeSigningCommitments,\n identifierFromU16,\n type SerializedKeyPackage,\n type SerializedSigningCommitments,\n type FrostIdentifier,\n type FrostKeyPackage,\n type Ed25519SigningCommitments,\n type Ed25519SignatureShare,\n} from \"../../../frost/index.js\";\n\n// Import nonces from @frosts/core\nimport { Nonce, SigningNonces } from \"@frosts/core\";\nimport { Ed25519Sha512, serde } from \"@frosts/ed25519\";\n\n/**\n * Options for the sign round2 command.\n */\nexport interface SignRound2Options {\n registryPath?: string;\n sessionId: string;\n groupId?: string;\n timeoutSeconds?: number;\n preview?: boolean;\n verbose?: boolean;\n}\n\n/**\n * Result of the sign round2 command.\n */\nexport interface SignRound2Result {\n listeningArid: string;\n}\n\n/**\n * ReceiveState loaded from sign_receive.json.\n *\n * Port of `struct ReceiveState` from cmd/sign/participant/round2.rs.\n */\ninterface ReceiveState {\n groupId: ARID;\n participants: XID[];\n minSigners: number;\n targetUr: string;\n}\n\n/**\n * CommitState loaded from commit.json.\n *\n * Port of `struct CommitState` from cmd/sign/participant/round2.rs.\n */\ninterface CommitState {\n nextShareArid: ARID;\n targetUr: string;\n signingNonces: SigningNonces<typeof Ed25519Sha512>;\n signingCommitments: Ed25519SigningCommitments;\n}\n\n/**\n * Sealed request interface for GSTP.\n */\ninterface SealedRequestInstance {\n function: () => unknown;\n id: () => ARID;\n sender: () => { xid: () => XID };\n extractObjectForParameter: <T>(name: string) => T;\n objectsForParameter: (name: string) => Envelope[];\n}\n\n/**\n * Load receive state from sign_receive.json.\n *\n * Port of `load_receive_state()` from cmd/sign/participant/round2.rs.\n */\nfunction loadReceiveState(registryPath: string, sessionId: ARID, groupHint?: ARID): ReceiveState {\n const base = path.dirname(registryPath);\n const groupStateDir = path.join(base, \"group-state\");\n\n // Find candidate paths\n let groupDirs: [ARID, string][];\n\n if (groupHint) {\n groupDirs = [[groupHint, path.join(groupStateDir, groupHint.hex())]];\n } else {\n groupDirs = [];\n if (fs.existsSync(groupStateDir)) {\n for (const entry of fs.readdirSync(groupStateDir, { withFileTypes: true })) {\n if (entry.isDirectory() && entry.name.length === 64 && /^[0-9a-f]+$/i.test(entry.name)) {\n const groupId = ARIDClass.fromHex(entry.name);\n groupDirs.push([groupId, path.join(groupStateDir, entry.name)]);\n }\n }\n }\n }\n\n const candidates: [ARID, string][] = [];\n for (const [groupId, groupDir] of groupDirs) {\n const candidate = path.join(groupDir, \"signing\", sessionId.hex(), \"sign_receive.json\");\n if (fs.existsSync(candidate)) {\n candidates.push([groupId, candidate]);\n }\n }\n\n if (candidates.length === 0) {\n throw new Error(\n \"No sign_receive.json found for this session; run `frost sign participant receive` first\",\n );\n }\n if (candidates.length > 1) {\n throw new Error(\"Multiple groups contain this session; use --group to disambiguate\");\n }\n\n const [groupId, statePath] = candidates[0];\n const raw = JSON.parse(fs.readFileSync(statePath, \"utf-8\")) as Record<string, unknown>;\n\n const getStr = (key: string): string => {\n const value = raw[key];\n if (typeof value !== \"string\") {\n throw new Error(`Missing or invalid ${key} in sign_receive.json`);\n }\n return value;\n };\n\n // Validate session matches\n const sessionInState = parseAridUr(getStr(\"session\"));\n if (sessionInState.urString() !== sessionId.urString()) {\n throw new Error(\n `Session ${sessionInState.urString()} in sign_receive.json does not match requested session ${sessionId.urString()}`,\n );\n }\n\n // Validate group matches\n const groupInState = parseAridUr(getStr(\"group\"));\n if (groupInState.urString() !== groupId.urString()) {\n throw new Error(\n `Group ${groupInState.urString()} in sign_receive.json does not match directory group ${groupId.urString()}`,\n );\n }\n\n // Parse participants\n const participantsVal = raw[\"participants\"] as string[] | undefined;\n if (!participantsVal || !Array.isArray(participantsVal)) {\n throw new Error(\"Missing participants in sign_receive.json\");\n }\n\n const participants: XID[] = [];\n for (const entry of participantsVal) {\n if (typeof entry !== \"string\") {\n throw new Error(\"Invalid participant entry in sign_receive.json\");\n }\n participants.push(XIDClass.fromURString(entry));\n }\n\n // Parse min_signers\n const minSigners = raw[\"min_signers\"];\n if (typeof minSigners !== \"number\") {\n throw new Error(\"Missing min_signers in sign_receive.json\");\n }\n\n const targetUr = getStr(\"target\");\n\n return {\n groupId,\n participants,\n minSigners,\n targetUr,\n };\n}\n\n/**\n * Load commit state from commit.json (includes nonces).\n *\n * Port of `load_commit_state()` from cmd/sign/participant/round2.rs.\n */\nfunction loadCommitState(registryPath: string, groupId: ARID, sessionId: ARID): CommitState {\n const dir = signingStateDir(registryPath, groupId.hex(), sessionId.hex());\n const statePath = path.join(dir, \"commit.json\");\n\n if (!fs.existsSync(statePath)) {\n throw new Error(\n `Commit state not found at ${statePath}. Run \\`frost sign participant commit\\` first.`,\n );\n }\n\n const raw = JSON.parse(fs.readFileSync(statePath, \"utf-8\")) as Record<string, unknown>;\n\n const getStr = (key: string): string => {\n const value = raw[key];\n if (typeof value !== \"string\") {\n throw new Error(`Missing or invalid ${key} in commit.json`);\n }\n return value;\n };\n\n // Validate session matches\n const sessionInState = parseAridUr(getStr(\"session\"));\n if (sessionInState.urString() !== sessionId.urString()) {\n throw new Error(\n `Session ${sessionInState.urString()} in commit.json does not match requested session ${sessionId.urString()}`,\n );\n }\n\n const nextShareArid = parseAridUr(getStr(\"next_share_arid\"));\n const targetUr = getStr(\"target\");\n\n // Deserialize signing nonces\n const noncesRaw = raw[\"signing_nonces\"] as Record<string, string> | undefined;\n if (!noncesRaw) {\n throw new Error(\"Missing signing_nonces in commit.json\");\n }\n\n const hidingNonce = Nonce.deserialize(Ed25519Sha512, serde.hexToBytes(noncesRaw[\"hiding\"]));\n const bindingNonce = Nonce.deserialize(Ed25519Sha512, serde.hexToBytes(noncesRaw[\"binding\"]));\n const signingNonces = SigningNonces.fromNonces(Ed25519Sha512, hidingNonce, bindingNonce);\n\n // Deserialize signing commitments\n const commitmentsRaw = raw[\"signing_commitments\"] as SerializedSigningCommitments | undefined;\n if (!commitmentsRaw) {\n throw new Error(\"Missing signing_commitments in commit.json\");\n }\n const signingCommitments = deserializeSigningCommitments(commitmentsRaw);\n\n return {\n nextShareArid,\n targetUr,\n signingNonces,\n signingCommitments,\n };\n}\n\n/**\n * Validate the incoming GSTP request.\n *\n * Port of request validation logic from cmd/sign/participant/round2.rs.\n */\nfunction validateShareRequest(\n sealedRequest: SealedRequestInstance,\n sessionId: ARID,\n expectedCoordinator: XID,\n): void {\n // Check function\n const expectedFunction = EnvelopeFunction.fromString(\"signRound2\");\n const actualFunction = sealedRequest.function();\n // @ts-expect-error - function() returns unknown, but it should have .equals()\n if (actualFunction.equals(expectedFunction) !== true) {\n throw new Error(`Unexpected request function: ${String(sealedRequest.function())}`);\n }\n\n // Check session ID\n if (sealedRequest.id().urString() !== sessionId.urString()) {\n throw new Error(\n `Session ID mismatch (request ${sealedRequest.id().urString()}, expected ${sessionId.urString()})`,\n );\n }\n\n // Check sender (coordinator)\n if (sealedRequest.sender().xid().urString() !== expectedCoordinator.urString()) {\n throw new Error(\n `Unexpected request sender: ${sealedRequest.sender().xid().urString()} (expected coordinator ${expectedCoordinator.urString()})`,\n );\n }\n}\n\n/**\n * Extract all commitments from the signRound2 request.\n *\n * Port of `parse_commitments()` from cmd/sign/participant/round2.rs.\n */\nfunction extractCommitments(\n sealedRequest: SealedRequestInstance,\n receiveState: ReceiveState,\n): Map<string, Ed25519SigningCommitments> {\n const commitments = new Map<string, Ed25519SigningCommitments>();\n\n const commitmentObjects = sealedRequest.objectsForParameter(\"commitment\");\n\n for (const entry of commitmentObjects) {\n // Extract XID subject\n const xid = XIDClass.fromTaggedCbor(entry.subject().tryLeaf());\n\n // Extract commitments from the \"commitments\" predicate\n const commitmentsObjects = entry.objectsForPredicate(\"commitments\");\n if (commitmentsObjects.length === 0) {\n throw new Error(`Missing commitments for participant ${xid.urString()}`);\n }\n\n const commitmentsJson = JSONComponent.fromTaggedCbor(commitmentsObjects[0].subject().tryLeaf());\n const serializedCommitments = JSON.parse(\n commitmentsJson.asStr(),\n ) as SerializedSigningCommitments;\n const signingCommitments = deserializeSigningCommitments(serializedCommitments);\n\n const xidUr = xid.urString();\n if (commitments.has(xidUr)) {\n throw new Error(`Duplicate commitments for participant ${xidUr}`);\n }\n commitments.set(xidUr, signingCommitments);\n }\n\n if (commitments.size === 0) {\n throw new Error(\"signRound2 request contains no commitments\");\n }\n\n // Validate expected participant set\n const expectedSet = new Set(receiveState.participants.map((p) => p.urString()));\n const actualSet = new Set(commitments.keys());\n\n const missing: string[] = [];\n const extra: string[] = [];\n\n for (const xid of expectedSet) {\n if (!actualSet.has(xid)) {\n missing.push(xid);\n }\n }\n for (const xid of actualSet) {\n if (!expectedSet.has(xid)) {\n extra.push(xid);\n }\n }\n\n if (missing.length > 0 || extra.length > 0) {\n throw new Error(\n `signRound2 commitments do not match session participants (missing: ${missing.join(\", \")}; extra: ${extra.join(\", \")})`,\n );\n }\n\n return commitments;\n}\n\n/**\n * Build a map from XID to FROST identifier (sorted participant order).\n *\n * Port of `xid_identifier_map()` from cmd/sign/participant/round2.rs.\n */\nfunction xidIdentifierMap(participants: XID[]): Map<string, FrostIdentifier> {\n const map = new Map<string, FrostIdentifier>();\n for (let i = 0; i < participants.length; i++) {\n const identifier = identifierFromU16(i + 1);\n map.set(participants[i].urString(), identifier);\n }\n return map;\n}\n\n/**\n * Build signing commitments with identifiers.\n *\n * Port of `commitments_with_identifiers()` from cmd/sign/participant/round2.rs.\n */\nfunction commitmentsWithIdentifiers(\n commitments: Map<string, Ed25519SigningCommitments>,\n xidToIdentifier: Map<string, FrostIdentifier>,\n): Map<FrostIdentifier, Ed25519SigningCommitments> {\n const mapped = new Map<FrostIdentifier, Ed25519SigningCommitments>();\n for (const [xidUr, commits] of commitments) {\n const identifier = xidToIdentifier.get(xidUr);\n if (!identifier) {\n throw new Error(`Unknown participant ${xidUr}`);\n }\n mapped.set(identifier, commits);\n }\n return mapped;\n}\n\n/**\n * Build the signRound2Response body envelope.\n *\n * Port of response body construction from cmd/sign/participant/round2.rs.\n */\nfunction buildResponseBody(\n sessionId: ARID,\n signatureShare: Ed25519SignatureShare,\n finalizeArid: ARID,\n): Envelope {\n const shareHex = serializeSignatureShare(signatureShare);\n const shareJson = JSONComponent.fromString(JSON.stringify({ share: shareHex }));\n\n return Envelope.unit()\n .addType(\"signRound2Response\")\n .addAssertion(\"session\", sessionId)\n .addAssertion(\"signature_share\", shareJson)\n .addAssertion(\"response_arid\", finalizeArid);\n}\n\n/**\n * Persist share state to share.json.\n *\n * Port of `persist_share_state()` from cmd/sign/participant/round2.rs.\n */\nfunction persistShareState(\n registryPath: string,\n groupId: ARID,\n sessionId: ARID,\n responseArid: ARID,\n finalizeArid: ARID,\n signatureShare: Ed25519SignatureShare,\n commitments: Map<string, Ed25519SigningCommitments>,\n): void {\n const dir = signingStateDir(registryPath, groupId.hex(), sessionId.hex());\n fs.mkdirSync(dir, { recursive: true });\n\n // Build commitments JSON object\n const commitmentsJson: Record<string, SerializedSigningCommitments> = {};\n for (const [xidUr, commits] of commitments) {\n commitmentsJson[xidUr] = serializeSigningCommitments(commits);\n }\n\n // Build root JSON object\n const root = {\n session: sessionId.urString(),\n response_arid: responseArid.urString(),\n finalize_arid: finalizeArid.urString(),\n signature_share: { share: serializeSignatureShare(signatureShare) },\n commitments: commitmentsJson,\n };\n\n fs.writeFileSync(path.join(dir, \"share.json\"), JSON.stringify(root, null, 2));\n}\n\n/**\n * Execute the sign participant round 2 command.\n *\n * Receives round 2 request and sends signature share.\n *\n * Port of `CommandArgs::exec()` from cmd/sign/participant/round2.rs.\n */\nexport async function round2(\n client: StorageClient,\n options: SignRound2Options,\n cwd: string,\n): Promise<SignRound2Result> {\n const registryPath = resolveRegistryPath(options.registryPath, cwd);\n const registry = Registry.load(registryPath);\n\n const owner = registry.owner();\n if (!owner) {\n throw new Error(\"Registry owner is required\");\n }\n const ownerXidDocument = owner.xidDocument();\n\n const sessionId = parseAridUr(options.sessionId);\n const groupHint = options.groupId ? parseAridUr(options.groupId) : undefined;\n\n // Load receive state (finds group automatically if not specified)\n const receiveState = loadReceiveState(registryPath, sessionId, groupHint);\n const groupId = receiveState.groupId;\n\n const groupRecord = registry.group(groupId);\n if (!groupRecord) {\n throw new Error(\"Group not found in registry\");\n }\n\n // Validate min_signers matches\n if (groupRecord.minSigners() !== receiveState.minSigners) {\n throw new Error(\n `Session min_signers ${receiveState.minSigners} does not match registry ${groupRecord.minSigners()}`,\n );\n }\n\n // Validate participants match\n const registryParticipants = new Set(groupRecord.participants().map((p) => p.xid().urString()));\n const sessionParticipants = new Set(receiveState.participants.map((p) => p.urString()));\n\n if (\n registryParticipants.size !== sessionParticipants.size ||\n ![...registryParticipants].every((p) => sessionParticipants.has(p))\n ) {\n throw new Error(\"Session participants do not match registry group participants\");\n }\n\n // Validate owner participates in this session\n if (!sessionParticipants.has(owner.xid().urString())) {\n throw new Error(\"This participant is not part of the signing session\");\n }\n\n // Get listening ARID from registry\n const listeningAtArid = groupRecord.listeningAtArid();\n if (!listeningAtArid) {\n throw new Error(\n \"No listening ARID for signRound2. Did you run `frost sign participant commit`?\",\n );\n }\n\n // Load commit state and validate\n const commitState = loadCommitState(registryPath, groupId, sessionId);\n\n if (commitState.nextShareArid.urString() !== listeningAtArid.urString()) {\n throw new Error(\n `Listening ARID in registry (${listeningAtArid.urString()}) does not match persisted commit state (${commitState.nextShareArid.urString()})`,\n );\n }\n\n if (commitState.targetUr !== receiveState.targetUr) {\n throw new Error(\"Target envelope in commit state does not match persisted signInvite request\");\n }\n\n // Load key package\n const keyPackagePath = groupRecord.contributions().keyPackage;\n if (!keyPackagePath) {\n throw new Error(\"Key package path not found; did you finish DKG?\");\n }\n\n interface KeyPackageFile {\n group?: string;\n key_package: SerializedKeyPackage;\n }\n\n const keyPackageFile = JSON.parse(fs.readFileSync(keyPackagePath, \"utf-8\")) as KeyPackageFile;\n const keyPackage: FrostKeyPackage = deserializeKeyPackage(keyPackageFile.key_package);\n\n // Create finalize ARID\n const finalizeArid = ARIDClass.new();\n\n // Compute target digest from persisted target envelope\n const targetEnvelope = Envelope.fromURString(receiveState.targetUr);\n const targetDigest: Digest = targetEnvelope.subject().digest();\n\n if (options.verbose === true) {\n console.error(\"Fetching signRound2 request from Hubert...\");\n }\n\n // Fetch request from storage\n const requestEnvelope = await getWithIndicator(\n client,\n listeningAtArid,\n \"signRound2 request\",\n options.timeoutSeconds,\n options.verbose ?? false,\n );\n\n if (!requestEnvelope) {\n throw new Error(\"signRound2 request not found in Hubert storage\");\n }\n\n // Parse sealed request\n const signerPrivateKeys = ownerXidDocument.inceptionPrivateKeys();\n if (!signerPrivateKeys) {\n throw new Error(\"Owner XID document has no private keys\");\n }\n\n // eslint-disable-next-line @typescript-eslint/no-require-imports, no-undef\n const { SealedRequest: SealedRequestClass } = require(\"@bcts/gstp\") as {\n SealedRequest: {\n tryFromEnvelope: (\n envelope: Envelope,\n expectedSender: XID | undefined,\n now: CborDate,\n recipientPrivateKeys: unknown,\n ) => SealedRequestInstance;\n };\n };\n\n const now = CborDate.now();\n const sealedRequest = SealedRequestClass.tryFromEnvelope(\n requestEnvelope,\n undefined,\n now,\n signerPrivateKeys,\n );\n\n // Validate request\n const expectedCoordinator = groupRecord.coordinator().xid();\n validateShareRequest(sealedRequest, sessionId, expectedCoordinator);\n\n // Extract response ARID from request\n const responseArid: ARID = sealedRequest.extractObjectForParameter(\"response_arid\");\n\n // Extract and validate commitments\n const commitmentsByXid = extractCommitments(sealedRequest, receiveState);\n\n // Verify our commitments match\n const myCommitments = commitmentsByXid.get(owner.xid().urString());\n if (!myCommitments) {\n throw new Error(\"signRound2 request missing commitments for this participant\");\n }\n\n // Compare commitments using serialized form\n const myCommitmentsSerialized = serializeSigningCommitments(myCommitments);\n const storedCommitmentsSerialized = serializeSigningCommitments(commitState.signingCommitments);\n\n if (\n myCommitmentsSerialized.hiding !== storedCommitmentsSerialized.hiding ||\n myCommitmentsSerialized.binding !== storedCommitmentsSerialized.binding\n ) {\n throw new Error(\"signRound2 request commitments do not match locally stored commitments\");\n }\n\n // Build XID to identifier map (sorted participant order)\n const xidToIdentifier = xidIdentifierMap(receiveState.participants);\n\n // Verify our identifier matches key package\n const myIdentifier = xidToIdentifier.get(owner.xid().urString());\n if (!myIdentifier) {\n throw new Error(\"Identifier for participant not found\");\n }\n\n // Verify key package min_signers matches\n if (keyPackage.minSigners !== receiveState.minSigners) {\n throw new Error(\n `Key package min_signers ${keyPackage.minSigners} does not match session ${receiveState.minSigners}`,\n );\n }\n\n // Verify enough commitments\n if (commitmentsByXid.size < receiveState.minSigners) {\n throw new Error(\n `signRound2 request contained ${commitmentsByXid.size} commitments but requires at least ${receiveState.minSigners} signers`,\n );\n }\n\n // Build signing commitments with identifiers\n const signingCommitments = commitmentsWithIdentifiers(commitmentsByXid, xidToIdentifier);\n\n // Create signing package\n const signingPackage = createSigningPackage(signingCommitments, targetDigest.data());\n\n // Generate signature share using FROST round 2\n const signatureShare = signingRound2(signingPackage, commitState.signingNonces, keyPackage);\n\n // Build response body\n const responseBody = buildResponseBody(sessionId, signatureShare, finalizeArid);\n\n // Build sealed response\n // eslint-disable-next-line @typescript-eslint/no-require-imports, no-undef\n const { SealedResponse: SealedResponseClass } = require(\"@bcts/gstp\") as {\n SealedResponse: {\n newSuccess: (\n requestId: ARID,\n sender: XIDDocument,\n ) => {\n withResult: (result: Envelope) => {\n withPeerContinuation: (continuation: unknown) => {\n toEnvelope: (\n expiry: CborDate | undefined,\n signerPrivateKeys: unknown,\n recipient: XIDDocument | undefined,\n ) => Envelope;\n };\n toEnvelope: (\n expiry: CborDate | undefined,\n signerPrivateKeys: unknown,\n recipient: XIDDocument | undefined,\n ) => Envelope;\n };\n };\n };\n };\n\n const sealedResponse = SealedResponseClass.newSuccess(\n sealedRequest.id(),\n ownerXidDocument,\n ).withResult(responseBody);\n\n // Preview mode - print unsealed response\n if (options.preview === true) {\n const unsealed = sealedResponse.toEnvelope(undefined, signerPrivateKeys, undefined);\n console.log(unsealed.urString());\n return {\n listeningArid: finalizeArid.urString(),\n };\n }\n\n // Get coordinator XID document for encryption\n let coordinatorDoc: XIDDocument;\n if (expectedCoordinator.urString() === owner.xid().urString()) {\n coordinatorDoc = ownerXidDocument;\n } else {\n const coordinatorRecord = registry.participant(expectedCoordinator);\n if (!coordinatorRecord) {\n throw new Error(`Coordinator ${expectedCoordinator.urString()} not found in registry`);\n }\n coordinatorDoc = coordinatorRecord.xidDocument();\n }\n\n // Create response envelope with expiry\n const expiry = CborDate.withDurationFromNow(60 * 60); // 1 hour\n const responseEnvelope = sealedResponse.toEnvelope(expiry, signerPrivateKeys, coordinatorDoc);\n\n // Send response\n await putWithIndicator(\n client,\n responseArid,\n responseEnvelope,\n \"Signature Share\",\n options.verbose ?? false,\n );\n\n // Persist share state\n persistShareState(\n registryPath,\n groupId,\n sessionId,\n responseArid,\n finalizeArid,\n signatureShare,\n commitmentsByXid,\n );\n\n // Update registry with finalize listening ARID\n const groupRecordMutable = registry.group(groupId);\n if (groupRecordMutable) {\n groupRecordMutable.setListeningAtArid(finalizeArid);\n registry.save(registryPath);\n }\n\n if (options.verbose === true) {\n console.error(`Posted signature share to ${responseArid.urString()}`);\n }\n\n return {\n listeningArid: finalizeArid.urString(),\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiHA,SAAS,iBAAiB,cAAsB,WAAiB,WAAgC;CAC/F,MAAM,OAAOA,UAAK,QAAQ,aAAa;CACvC,MAAM,gBAAgBA,UAAK,KAAK,MAAM,cAAc;CAGpD,IAAI;AAEJ,KAAI,UACF,aAAY,CAAC,CAAC,WAAWA,UAAK,KAAK,eAAe,UAAU,KAAK,CAAC,CAAC,CAAC;MAC/D;AACL,cAAY,EAAE;AACd,MAAIC,QAAG,WAAW,cAAc;QACzB,MAAM,SAASA,QAAG,YAAY,eAAe,EAAE,eAAe,MAAM,CAAC,CACxE,KAAI,MAAM,aAAa,IAAI,MAAM,KAAK,WAAW,MAAM,eAAe,KAAK,MAAM,KAAK,EAAE;IACtF,MAAM,UAAUC,iBAAAA,KAAU,QAAQ,MAAM,KAAK;AAC7C,cAAU,KAAK,CAAC,SAASF,UAAK,KAAK,eAAe,MAAM,KAAK,CAAC,CAAC;;;;CAMvE,MAAM,aAA+B,EAAE;AACvC,MAAK,MAAM,CAAC,SAAS,aAAa,WAAW;EAC3C,MAAM,YAAYA,UAAK,KAAK,UAAU,WAAW,UAAU,KAAK,EAAE,oBAAoB;AACtF,MAAIC,QAAG,WAAW,UAAU,CAC1B,YAAW,KAAK,CAAC,SAAS,UAAU,CAAC;;AAIzC,KAAI,WAAW,WAAW,EACxB,OAAM,IAAI,MACR,0FACD;AAEH,KAAI,WAAW,SAAS,EACtB,OAAM,IAAI,MAAM,oEAAoE;CAGtF,MAAM,CAAC,SAAS,aAAa,WAAW;CACxC,MAAM,MAAM,KAAK,MAAMA,QAAG,aAAa,WAAW,QAAQ,CAAC;CAE3D,MAAM,UAAU,QAAwB;EACtC,MAAM,QAAQ,IAAI;AAClB,MAAI,OAAO,UAAU,SACnB,OAAM,IAAI,MAAM,sBAAsB,IAAI,uBAAuB;AAEnE,SAAO;;CAIT,MAAM,iBAAiBE,eAAAA,YAAY,OAAO,UAAU,CAAC;AACrD,KAAI,eAAe,UAAU,KAAK,UAAU,UAAU,CACpD,OAAM,IAAI,MACR,WAAW,eAAe,UAAU,CAAC,yDAAyD,UAAU,UAAU,GACnH;CAIH,MAAM,eAAeA,eAAAA,YAAY,OAAO,QAAQ,CAAC;AACjD,KAAI,aAAa,UAAU,KAAK,QAAQ,UAAU,CAChD,OAAM,IAAI,MACR,SAAS,aAAa,UAAU,CAAC,uDAAuD,QAAQ,UAAU,GAC3G;CAIH,MAAM,kBAAkB,IAAI;AAC5B,KAAI,CAAC,mBAAmB,CAAC,MAAM,QAAQ,gBAAgB,CACrD,OAAM,IAAI,MAAM,4CAA4C;CAG9D,MAAM,eAAsB,EAAE;AAC9B,MAAK,MAAM,SAAS,iBAAiB;AACnC,MAAI,OAAO,UAAU,SACnB,OAAM,IAAI,MAAM,iDAAiD;AAEnE,eAAa,KAAKC,iBAAAA,IAAS,aAAa,MAAM,CAAC;;CAIjD,MAAM,aAAa,IAAI;AACvB,KAAI,OAAO,eAAe,SACxB,OAAM,IAAI,MAAM,2CAA2C;AAK7D,QAAO;EACL;EACA;EACA;EACA,UANe,OAAO,SAMd;EACT;;;;;;;AAQH,SAAS,gBAAgB,cAAsB,SAAe,WAA8B;CAC1F,MAAM,MAAMC,iBAAAA,gBAAgB,cAAc,QAAQ,KAAK,EAAE,UAAU,KAAK,CAAC;CACzE,MAAM,YAAYL,UAAK,KAAK,KAAK,cAAc;AAE/C,KAAI,CAACC,QAAG,WAAW,UAAU,CAC3B,OAAM,IAAI,MACR,6BAA6B,UAAU,gDACxC;CAGH,MAAM,MAAM,KAAK,MAAMA,QAAG,aAAa,WAAW,QAAQ,CAAC;CAE3D,MAAM,UAAU,QAAwB;EACtC,MAAM,QAAQ,IAAI;AAClB,MAAI,OAAO,UAAU,SACnB,OAAM,IAAI,MAAM,sBAAsB,IAAI,iBAAiB;AAE7D,SAAO;;CAIT,MAAM,iBAAiBE,eAAAA,YAAY,OAAO,UAAU,CAAC;AACrD,KAAI,eAAe,UAAU,KAAK,UAAU,UAAU,CACpD,OAAM,IAAI,MACR,WAAW,eAAe,UAAU,CAAC,mDAAmD,UAAU,UAAU,GAC7G;CAGH,MAAM,gBAAgBA,eAAAA,YAAY,OAAO,kBAAkB,CAAC;CAC5D,MAAM,WAAW,OAAO,SAAS;CAGjC,MAAM,YAAY,IAAI;AACtB,KAAI,CAAC,UACH,OAAM,IAAI,MAAM,wCAAwC;CAG1D,MAAM,cAAcG,aAAAA,MAAM,YAAYC,gBAAAA,eAAeC,gBAAAA,MAAM,WAAW,UAAU,UAAU,CAAC;CAC3F,MAAM,eAAeF,aAAAA,MAAM,YAAYC,gBAAAA,eAAeC,gBAAAA,MAAM,WAAW,UAAU,WAAW,CAAC;CAC7F,MAAM,gBAAgBC,aAAAA,cAAc,WAAWF,gBAAAA,eAAe,aAAa,aAAa;CAGxF,MAAM,iBAAiB,IAAI;AAC3B,KAAI,CAAC,eACH,OAAM,IAAI,MAAM,6CAA6C;AAI/D,QAAO;EACL;EACA;EACA;EACA,oBANyBG,oBAAAA,8BAA8B,eAMrC;EACnB;;;;;;;AAQH,SAAS,qBACP,eACA,WACA,qBACM;CAEN,MAAM,mBAAmBC,eAAAA,SAAiB,WAAW,aAAa;AAGlE,KAFuB,cAAc,UAEnB,CAAC,OAAO,iBAAiB,KAAK,KAC9C,OAAM,IAAI,MAAM,gCAAgC,OAAO,cAAc,UAAU,CAAC,GAAG;AAIrF,KAAI,cAAc,IAAI,CAAC,UAAU,KAAK,UAAU,UAAU,CACxD,OAAM,IAAI,MACR,gCAAgC,cAAc,IAAI,CAAC,UAAU,CAAC,aAAa,UAAU,UAAU,CAAC,GACjG;AAIH,KAAI,cAAc,QAAQ,CAAC,KAAK,CAAC,UAAU,KAAK,oBAAoB,UAAU,CAC5E,OAAM,IAAI,MACR,8BAA8B,cAAc,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,yBAAyB,oBAAoB,UAAU,CAAC,GAC/H;;;;;;;AASL,SAAS,mBACP,eACA,cACwC;CACxC,MAAM,8BAAc,IAAI,KAAwC;CAEhE,MAAM,oBAAoB,cAAc,oBAAoB,aAAa;AAEzE,MAAK,MAAM,SAAS,mBAAmB;EAErC,MAAM,MAAMP,iBAAAA,IAAS,eAAe,MAAM,SAAS,CAAC,SAAS,CAAC;EAG9D,MAAM,qBAAqB,MAAM,oBAAoB,cAAc;AACnE,MAAI,mBAAmB,WAAW,EAChC,OAAM,IAAI,MAAM,uCAAuC,IAAI,UAAU,GAAG;EAG1E,MAAM,kBAAkBQ,iBAAAA,KAAc,eAAe,mBAAmB,GAAG,SAAS,CAAC,SAAS,CAAC;EAI/F,MAAM,qBAAqBF,oBAAAA,8BAHG,KAAK,MACjC,gBAAgB,OAAO,CAEqD,CAAC;EAE/E,MAAM,QAAQ,IAAI,UAAU;AAC5B,MAAI,YAAY,IAAI,MAAM,CACxB,OAAM,IAAI,MAAM,yCAAyC,QAAQ;AAEnE,cAAY,IAAI,OAAO,mBAAmB;;AAG5C,KAAI,YAAY,SAAS,EACvB,OAAM,IAAI,MAAM,6CAA6C;CAI/D,MAAM,cAAc,IAAI,IAAI,aAAa,aAAa,KAAK,MAAM,EAAE,UAAU,CAAC,CAAC;CAC/E,MAAM,YAAY,IAAI,IAAI,YAAY,MAAM,CAAC;CAE7C,MAAM,UAAoB,EAAE;CAC5B,MAAM,QAAkB,EAAE;AAE1B,MAAK,MAAM,OAAO,YAChB,KAAI,CAAC,UAAU,IAAI,IAAI,CACrB,SAAQ,KAAK,IAAI;AAGrB,MAAK,MAAM,OAAO,UAChB,KAAI,CAAC,YAAY,IAAI,IAAI,CACvB,OAAM,KAAK,IAAI;AAInB,KAAI,QAAQ,SAAS,KAAK,MAAM,SAAS,EACvC,OAAM,IAAI,MACR,sEAAsE,QAAQ,KAAK,KAAK,CAAC,WAAW,MAAM,KAAK,KAAK,CAAC,GACtH;AAGH,QAAO;;;;;;;AAQT,SAAS,iBAAiB,cAAmD;CAC3E,MAAM,sBAAM,IAAI,KAA8B;AAC9C,MAAK,IAAI,IAAI,GAAG,IAAI,aAAa,QAAQ,KAAK;EAC5C,MAAM,aAAaG,oBAAAA,kBAAkB,IAAI,EAAE;AAC3C,MAAI,IAAI,aAAa,GAAG,UAAU,EAAE,WAAW;;AAEjD,QAAO;;;;;;;AAQT,SAAS,2BACP,aACA,iBACiD;CACjD,MAAM,yBAAS,IAAI,KAAiD;AACpE,MAAK,MAAM,CAAC,OAAO,YAAY,aAAa;EAC1C,MAAM,aAAa,gBAAgB,IAAI,MAAM;AAC7C,MAAI,CAAC,WACH,OAAM,IAAI,MAAM,uBAAuB,QAAQ;AAEjD,SAAO,IAAI,YAAY,QAAQ;;AAEjC,QAAO;;;;;;;AAQT,SAAS,kBACP,WACA,gBACA,cACU;CACV,MAAM,WAAWC,oBAAAA,wBAAwB,eAAe;CACxD,MAAM,YAAYF,iBAAAA,KAAc,WAAW,KAAK,UAAU,EAAE,OAAO,UAAU,CAAC,CAAC;AAE/E,QAAOG,eAAAA,SAAS,MAAM,CACnB,QAAQ,qBAAqB,CAC7B,aAAa,WAAW,UAAU,CAClC,aAAa,mBAAmB,UAAU,CAC1C,aAAa,iBAAiB,aAAa;;;;;;;AAQhD,SAAS,kBACP,cACA,SACA,WACA,cACA,cACA,gBACA,aACM;CACN,MAAM,MAAMV,iBAAAA,gBAAgB,cAAc,QAAQ,KAAK,EAAE,UAAU,KAAK,CAAC;AACzE,SAAG,UAAU,KAAK,EAAE,WAAW,MAAM,CAAC;CAGtC,MAAM,kBAAgE,EAAE;AACxE,MAAK,MAAM,CAAC,OAAO,YAAY,YAC7B,iBAAgB,SAASW,oBAAAA,4BAA4B,QAAQ;CAI/D,MAAM,OAAO;EACX,SAAS,UAAU,UAAU;EAC7B,eAAe,aAAa,UAAU;EACtC,eAAe,aAAa,UAAU;EACtC,iBAAiB,EAAE,OAAOF,oBAAAA,wBAAwB,eAAe,EAAE;EACnE,aAAa;EACd;AAED,SAAG,cAAcd,UAAK,KAAK,KAAK,aAAa,EAAE,KAAK,UAAU,MAAM,MAAM,EAAE,CAAC;;;;;;;;;AAU/E,eAAsB,OACpB,QACA,SACA,KAC2B;CAC3B,MAAM,eAAeiB,uBAAAA,oBAAoB,QAAQ,cAAc,IAAI;CACnE,MAAM,WAAWC,uBAAAA,SAAS,KAAK,aAAa;CAE5C,MAAM,QAAQ,SAAS,OAAO;AAC9B,KAAI,CAAC,MACH,OAAM,IAAI,MAAM,6BAA6B;CAE/C,MAAM,mBAAmB,MAAM,aAAa;CAE5C,MAAM,YAAYf,eAAAA,YAAY,QAAQ,UAAU;CAIhD,MAAM,eAAe,iBAAiB,cAAc,WAHlC,QAAQ,UAAUA,eAAAA,YAAY,QAAQ,QAAQ,GAAG,KAAA,EAGM;CACzE,MAAM,UAAU,aAAa;CAE7B,MAAM,cAAc,SAAS,MAAM,QAAQ;AAC3C,KAAI,CAAC,YACH,OAAM,IAAI,MAAM,8BAA8B;AAIhD,KAAI,YAAY,YAAY,KAAK,aAAa,WAC5C,OAAM,IAAI,MACR,uBAAuB,aAAa,WAAW,2BAA2B,YAAY,YAAY,GACnG;CAIH,MAAM,uBAAuB,IAAI,IAAI,YAAY,cAAc,CAAC,KAAK,MAAM,EAAE,KAAK,CAAC,UAAU,CAAC,CAAC;CAC/F,MAAM,sBAAsB,IAAI,IAAI,aAAa,aAAa,KAAK,MAAM,EAAE,UAAU,CAAC,CAAC;AAEvF,KACE,qBAAqB,SAAS,oBAAoB,QAClD,CAAC,CAAC,GAAG,qBAAqB,CAAC,OAAO,MAAM,oBAAoB,IAAI,EAAE,CAAC,CAEnE,OAAM,IAAI,MAAM,gEAAgE;AAIlF,KAAI,CAAC,oBAAoB,IAAI,MAAM,KAAK,CAAC,UAAU,CAAC,CAClD,OAAM,IAAI,MAAM,sDAAsD;CAIxE,MAAM,kBAAkB,YAAY,iBAAiB;AACrD,KAAI,CAAC,gBACH,OAAM,IAAI,MACR,iFACD;CAIH,MAAM,cAAc,gBAAgB,cAAc,SAAS,UAAU;AAErE,KAAI,YAAY,cAAc,UAAU,KAAK,gBAAgB,UAAU,CACrE,OAAM,IAAI,MACR,+BAA+B,gBAAgB,UAAU,CAAC,2CAA2C,YAAY,cAAc,UAAU,CAAC,GAC3I;AAGH,KAAI,YAAY,aAAa,aAAa,SACxC,OAAM,IAAI,MAAM,8EAA8E;CAIhG,MAAM,iBAAiB,YAAY,eAAe,CAAC;AACnD,KAAI,CAAC,eACH,OAAM,IAAI,MAAM,kDAAkD;CASpE,MAAM,aAA8BgB,oBAAAA,sBADb,KAAK,MAAMlB,QAAG,aAAa,gBAAgB,QAAQ,CACF,CAAC,YAAY;CAGrF,MAAM,eAAeC,iBAAAA,KAAU,KAAK;CAIpC,MAAM,eADiBa,eAAAA,SAAS,aAAa,aAAa,SACf,CAAC,SAAS,CAAC,QAAQ;AAE9D,KAAI,QAAQ,YAAY,KACtB,SAAQ,MAAM,6CAA6C;CAI7D,MAAM,kBAAkB,MAAMK,aAAAA,iBAC5B,QACA,iBACA,sBACA,QAAQ,gBACR,QAAQ,WAAW,MACpB;AAED,KAAI,CAAC,gBACH,OAAM,IAAI,MAAM,iDAAiD;CAInE,MAAM,oBAAoB,iBAAiB,sBAAsB;AACjE,KAAI,CAAC,kBACH,OAAM,IAAI,MAAM,yCAAyC;CAI3D,MAAM,EAAE,eAAe,uBAAuB,QAAQ,aAAa;CAWnE,MAAM,MAAMC,YAAAA,SAAS,KAAK;CAC1B,MAAM,gBAAgB,mBAAmB,gBACvC,iBACA,KAAA,GACA,KACA,kBACD;CAGD,MAAM,sBAAsB,YAAY,aAAa,CAAC,KAAK;AAC3D,sBAAqB,eAAe,WAAW,oBAAoB;CAGnE,MAAM,eAAqB,cAAc,0BAA0B,gBAAgB;CAGnF,MAAM,mBAAmB,mBAAmB,eAAe,aAAa;CAGxE,MAAM,gBAAgB,iBAAiB,IAAI,MAAM,KAAK,CAAC,UAAU,CAAC;AAClE,KAAI,CAAC,cACH,OAAM,IAAI,MAAM,8DAA8D;CAIhF,MAAM,0BAA0BL,oBAAAA,4BAA4B,cAAc;CAC1E,MAAM,8BAA8BA,oBAAAA,4BAA4B,YAAY,mBAAmB;AAE/F,KACE,wBAAwB,WAAW,4BAA4B,UAC/D,wBAAwB,YAAY,4BAA4B,QAEhE,OAAM,IAAI,MAAM,yEAAyE;CAI3F,MAAM,kBAAkB,iBAAiB,aAAa,aAAa;AAInE,KAAI,CADiB,gBAAgB,IAAI,MAAM,KAAK,CAAC,UAAU,CAC9C,CACf,OAAM,IAAI,MAAM,uCAAuC;AAIzD,KAAI,WAAW,eAAe,aAAa,WACzC,OAAM,IAAI,MACR,2BAA2B,WAAW,WAAW,0BAA0B,aAAa,aACzF;AAIH,KAAI,iBAAiB,OAAO,aAAa,WACvC,OAAM,IAAI,MACR,gCAAgC,iBAAiB,KAAK,qCAAqC,aAAa,WAAW,UACpH;CAUH,MAAM,iBAAiBM,oBAAAA,cAHAC,oBAAAA,qBAHI,2BAA2B,kBAAkB,gBAGV,EAAE,aAAa,MAAM,CAGhC,EAAE,YAAY,eAAe,WAAW;CAG3F,MAAM,eAAe,kBAAkB,WAAW,gBAAgB,aAAa;CAI/E,MAAM,EAAE,gBAAgB,wBAAwB,QAAQ,aAAa;CAwBrE,MAAM,iBAAiB,oBAAoB,WACzC,cAAc,IAAI,EAClB,iBACD,CAAC,WAAW,aAAa;AAG1B,KAAI,QAAQ,YAAY,MAAM;EAC5B,MAAM,WAAW,eAAe,WAAW,KAAA,GAAW,mBAAmB,KAAA,EAAU;AACnF,UAAQ,IAAI,SAAS,UAAU,CAAC;AAChC,SAAO,EACL,eAAe,aAAa,UAAU,EACvC;;CAIH,IAAI;AACJ,KAAI,oBAAoB,UAAU,KAAK,MAAM,KAAK,CAAC,UAAU,CAC3D,kBAAiB;MACZ;EACL,MAAM,oBAAoB,SAAS,YAAY,oBAAoB;AACnE,MAAI,CAAC,kBACH,OAAM,IAAI,MAAM,eAAe,oBAAoB,UAAU,CAAC,wBAAwB;AAExF,mBAAiB,kBAAkB,aAAa;;CAIlD,MAAM,SAASF,YAAAA,SAAS,oBAAoB,KAAQ;AAIpD,OAAMG,aAAAA,iBACJ,QACA,cALuB,eAAe,WAAW,QAAQ,mBAAmB,eAM5D,EAChB,mBACA,QAAQ,WAAW,MACpB;AAGD,mBACE,cACA,SACA,WACA,cACA,cACA,gBACA,iBACD;CAGD,MAAM,qBAAqB,SAAS,MAAM,QAAQ;AAClD,KAAI,oBAAoB;AACtB,qBAAmB,mBAAmB,aAAa;AACnD,WAAS,KAAK,aAAa;;AAG7B,KAAI,QAAQ,YAAY,KACtB,SAAQ,MAAM,6BAA6B,aAAa,UAAU,GAAG;AAGvE,QAAO,EACL,eAAe,aAAa,UAAU,EACvC"}

package/dist/round2-BkNRCXgS.mjs ADDED Viewed

@@ -0,0 +1,292 @@
+import { n as __require, t as __exportAll } from "./chunk-CjcI7cDX.mjs";
+import { Registry, resolveRegistryPath } from "./registry/index.mjs";
+import { c as parseAridUr } from "./common-CvH6dFvQ.mjs";
+import { n as putWithIndicator, t as getWithIndicator } from "./busy-DkM2jAIZ.mjs";
+import { createSigningPackage, deserializeKeyPackage, deserializeSigningCommitments, identifierFromU16, serializeSignatureShare, serializeSigningCommitments, signingRound2 } from "./frost/index.mjs";
+import { n as signingStateDir } from "./common-DUWvtc08.mjs";
+import { ARID, JSON as JSON$1, XID } from "@bcts/components";
+import { CborDate } from "@bcts/dcbor";
+import { Envelope, Function } from "@bcts/envelope";
+import * as fs from "node:fs";
+import * as path from "node:path";
+import { Ed25519Sha512, serde } from "@frosts/ed25519";
+import { Nonce, SigningNonces } from "@frosts/core";
+//#region src/cmd/sign/participant/round2.ts
+/**
+* Copyright © 2023-2026 Blockchain Commons, LLC
+* Copyright © 2025-2026 Parity Technologies
+*
+*
+* Sign participant round 2 command.
+*
+* Port of cmd/sign/participant/round2.rs from frost-hubert-rust.
+*
+* @module
+*/
+var round2_exports = /* @__PURE__ */ __exportAll({ round2: () => round2$1 });
+/**
+* Load receive state from sign_receive.json.
+*
+* Port of `load_receive_state()` from cmd/sign/participant/round2.rs.
+*/
+function loadReceiveState(registryPath, sessionId, groupHint) {
+	const base = path.dirname(registryPath);
+	const groupStateDir = path.join(base, "group-state");
+	let groupDirs;
+	if (groupHint) groupDirs = [[groupHint, path.join(groupStateDir, groupHint.hex())]];
+	else {
+		groupDirs = [];
+		if (fs.existsSync(groupStateDir)) {
+			for (const entry of fs.readdirSync(groupStateDir, { withFileTypes: true })) if (entry.isDirectory() && entry.name.length === 64 && /^[0-9a-f]+$/i.test(entry.name)) {
+				const groupId = ARID.fromHex(entry.name);
+				groupDirs.push([groupId, path.join(groupStateDir, entry.name)]);
+			}
+		}
+	}
+	const candidates = [];
+	for (const [groupId, groupDir] of groupDirs) {
+		const candidate = path.join(groupDir, "signing", sessionId.hex(), "sign_receive.json");
+		if (fs.existsSync(candidate)) candidates.push([groupId, candidate]);
+	}
+	if (candidates.length === 0) throw new Error("No sign_receive.json found for this session; run `frost sign participant receive` first");
+	if (candidates.length > 1) throw new Error("Multiple groups contain this session; use --group to disambiguate");
+	const [groupId, statePath] = candidates[0];
+	const raw = JSON.parse(fs.readFileSync(statePath, "utf-8"));
+	const getStr = (key) => {
+		const value = raw[key];
+		if (typeof value !== "string") throw new Error(`Missing or invalid ${key} in sign_receive.json`);
+		return value;
+	};
+	const sessionInState = parseAridUr(getStr("session"));
+	if (sessionInState.urString() !== sessionId.urString()) throw new Error(`Session ${sessionInState.urString()} in sign_receive.json does not match requested session ${sessionId.urString()}`);
+	const groupInState = parseAridUr(getStr("group"));
+	if (groupInState.urString() !== groupId.urString()) throw new Error(`Group ${groupInState.urString()} in sign_receive.json does not match directory group ${groupId.urString()}`);
+	const participantsVal = raw["participants"];
+	if (!participantsVal || !Array.isArray(participantsVal)) throw new Error("Missing participants in sign_receive.json");
+	const participants = [];
+	for (const entry of participantsVal) {
+		if (typeof entry !== "string") throw new Error("Invalid participant entry in sign_receive.json");
+		participants.push(XID.fromURString(entry));
+	}
+	const minSigners = raw["min_signers"];
+	if (typeof minSigners !== "number") throw new Error("Missing min_signers in sign_receive.json");
+	return {
+		groupId,
+		participants,
+		minSigners,
+		targetUr: getStr("target")
+	};
+}
+/**
+* Load commit state from commit.json (includes nonces).
+*
+* Port of `load_commit_state()` from cmd/sign/participant/round2.rs.
+*/
+function loadCommitState(registryPath, groupId, sessionId) {
+	const dir = signingStateDir(registryPath, groupId.hex(), sessionId.hex());
+	const statePath = path.join(dir, "commit.json");
+	if (!fs.existsSync(statePath)) throw new Error(`Commit state not found at ${statePath}. Run \`frost sign participant commit\` first.`);
+	const raw = JSON.parse(fs.readFileSync(statePath, "utf-8"));
+	const getStr = (key) => {
+		const value = raw[key];
+		if (typeof value !== "string") throw new Error(`Missing or invalid ${key} in commit.json`);
+		return value;
+	};
+	const sessionInState = parseAridUr(getStr("session"));
+	if (sessionInState.urString() !== sessionId.urString()) throw new Error(`Session ${sessionInState.urString()} in commit.json does not match requested session ${sessionId.urString()}`);
+	const nextShareArid = parseAridUr(getStr("next_share_arid"));
+	const targetUr = getStr("target");
+	const noncesRaw = raw["signing_nonces"];
+	if (!noncesRaw) throw new Error("Missing signing_nonces in commit.json");
+	const hidingNonce = Nonce.deserialize(Ed25519Sha512, serde.hexToBytes(noncesRaw["hiding"]));
+	const bindingNonce = Nonce.deserialize(Ed25519Sha512, serde.hexToBytes(noncesRaw["binding"]));
+	const signingNonces = SigningNonces.fromNonces(Ed25519Sha512, hidingNonce, bindingNonce);
+	const commitmentsRaw = raw["signing_commitments"];
+	if (!commitmentsRaw) throw new Error("Missing signing_commitments in commit.json");
+	return {
+		nextShareArid,
+		targetUr,
+		signingNonces,
+		signingCommitments: deserializeSigningCommitments(commitmentsRaw)
+	};
+}
+/**
+* Validate the incoming GSTP request.
+*
+* Port of request validation logic from cmd/sign/participant/round2.rs.
+*/
+function validateShareRequest(sealedRequest, sessionId, expectedCoordinator) {
+	const expectedFunction = Function.fromString("signRound2");
+	if (sealedRequest.function().equals(expectedFunction) !== true) throw new Error(`Unexpected request function: ${String(sealedRequest.function())}`);
+	if (sealedRequest.id().urString() !== sessionId.urString()) throw new Error(`Session ID mismatch (request ${sealedRequest.id().urString()}, expected ${sessionId.urString()})`);
+	if (sealedRequest.sender().xid().urString() !== expectedCoordinator.urString()) throw new Error(`Unexpected request sender: ${sealedRequest.sender().xid().urString()} (expected coordinator ${expectedCoordinator.urString()})`);
+}
+/**
+* Extract all commitments from the signRound2 request.
+*
+* Port of `parse_commitments()` from cmd/sign/participant/round2.rs.
+*/
+function extractCommitments(sealedRequest, receiveState) {
+	const commitments = /* @__PURE__ */ new Map();
+	const commitmentObjects = sealedRequest.objectsForParameter("commitment");
+	for (const entry of commitmentObjects) {
+		const xid = XID.fromTaggedCbor(entry.subject().tryLeaf());
+		const commitmentsObjects = entry.objectsForPredicate("commitments");
+		if (commitmentsObjects.length === 0) throw new Error(`Missing commitments for participant ${xid.urString()}`);
+		const commitmentsJson = JSON$1.fromTaggedCbor(commitmentsObjects[0].subject().tryLeaf());
+		const signingCommitments = deserializeSigningCommitments(JSON.parse(commitmentsJson.asStr()));
+		const xidUr = xid.urString();
+		if (commitments.has(xidUr)) throw new Error(`Duplicate commitments for participant ${xidUr}`);
+		commitments.set(xidUr, signingCommitments);
+	}
+	if (commitments.size === 0) throw new Error("signRound2 request contains no commitments");
+	const expectedSet = new Set(receiveState.participants.map((p) => p.urString()));
+	const actualSet = new Set(commitments.keys());
+	const missing = [];
+	const extra = [];
+	for (const xid of expectedSet) if (!actualSet.has(xid)) missing.push(xid);
+	for (const xid of actualSet) if (!expectedSet.has(xid)) extra.push(xid);
+	if (missing.length > 0 || extra.length > 0) throw new Error(`signRound2 commitments do not match session participants (missing: ${missing.join(", ")}; extra: ${extra.join(", ")})`);
+	return commitments;
+}
+/**
+* Build a map from XID to FROST identifier (sorted participant order).
+*
+* Port of `xid_identifier_map()` from cmd/sign/participant/round2.rs.
+*/
+function xidIdentifierMap(participants) {
+	const map = /* @__PURE__ */ new Map();
+	for (let i = 0; i < participants.length; i++) {
+		const identifier = identifierFromU16(i + 1);
+		map.set(participants[i].urString(), identifier);
+	}
+	return map;
+}
+/**
+* Build signing commitments with identifiers.
+*
+* Port of `commitments_with_identifiers()` from cmd/sign/participant/round2.rs.
+*/
+function commitmentsWithIdentifiers(commitments, xidToIdentifier) {
+	const mapped = /* @__PURE__ */ new Map();
+	for (const [xidUr, commits] of commitments) {
+		const identifier = xidToIdentifier.get(xidUr);
+		if (!identifier) throw new Error(`Unknown participant ${xidUr}`);
+		mapped.set(identifier, commits);
+	}
+	return mapped;
+}
+/**
+* Build the signRound2Response body envelope.
+*
+* Port of response body construction from cmd/sign/participant/round2.rs.
+*/
+function buildResponseBody(sessionId, signatureShare, finalizeArid) {
+	const shareHex = serializeSignatureShare(signatureShare);
+	const shareJson = JSON$1.fromString(JSON.stringify({ share: shareHex }));
+	return Envelope.unit().addType("signRound2Response").addAssertion("session", sessionId).addAssertion("signature_share", shareJson).addAssertion("response_arid", finalizeArid);
+}
+/**
+* Persist share state to share.json.
+*
+* Port of `persist_share_state()` from cmd/sign/participant/round2.rs.
+*/
+function persistShareState(registryPath, groupId, sessionId, responseArid, finalizeArid, signatureShare, commitments) {
+	const dir = signingStateDir(registryPath, groupId.hex(), sessionId.hex());
+	fs.mkdirSync(dir, { recursive: true });
+	const commitmentsJson = {};
+	for (const [xidUr, commits] of commitments) commitmentsJson[xidUr] = serializeSigningCommitments(commits);
+	const root = {
+		session: sessionId.urString(),
+		response_arid: responseArid.urString(),
+		finalize_arid: finalizeArid.urString(),
+		signature_share: { share: serializeSignatureShare(signatureShare) },
+		commitments: commitmentsJson
+	};
+	fs.writeFileSync(path.join(dir, "share.json"), JSON.stringify(root, null, 2));
+}
+/**
+* Execute the sign participant round 2 command.
+*
+* Receives round 2 request and sends signature share.
+*
+* Port of `CommandArgs::exec()` from cmd/sign/participant/round2.rs.
+*/
+async function round2$1(client, options, cwd) {
+	const registryPath = resolveRegistryPath(options.registryPath, cwd);
+	const registry = Registry.load(registryPath);
+	const owner = registry.owner();
+	if (!owner) throw new Error("Registry owner is required");
+	const ownerXidDocument = owner.xidDocument();
+	const sessionId = parseAridUr(options.sessionId);
+	const receiveState = loadReceiveState(registryPath, sessionId, options.groupId ? parseAridUr(options.groupId) : void 0);
+	const groupId = receiveState.groupId;
+	const groupRecord = registry.group(groupId);
+	if (!groupRecord) throw new Error("Group not found in registry");
+	if (groupRecord.minSigners() !== receiveState.minSigners) throw new Error(`Session min_signers ${receiveState.minSigners} does not match registry ${groupRecord.minSigners()}`);
+	const registryParticipants = new Set(groupRecord.participants().map((p) => p.xid().urString()));
+	const sessionParticipants = new Set(receiveState.participants.map((p) => p.urString()));
+	if (registryParticipants.size !== sessionParticipants.size || ![...registryParticipants].every((p) => sessionParticipants.has(p))) throw new Error("Session participants do not match registry group participants");
+	if (!sessionParticipants.has(owner.xid().urString())) throw new Error("This participant is not part of the signing session");
+	const listeningAtArid = groupRecord.listeningAtArid();
+	if (!listeningAtArid) throw new Error("No listening ARID for signRound2. Did you run `frost sign participant commit`?");
+	const commitState = loadCommitState(registryPath, groupId, sessionId);
+	if (commitState.nextShareArid.urString() !== listeningAtArid.urString()) throw new Error(`Listening ARID in registry (${listeningAtArid.urString()}) does not match persisted commit state (${commitState.nextShareArid.urString()})`);
+	if (commitState.targetUr !== receiveState.targetUr) throw new Error("Target envelope in commit state does not match persisted signInvite request");
+	const keyPackagePath = groupRecord.contributions().keyPackage;
+	if (!keyPackagePath) throw new Error("Key package path not found; did you finish DKG?");
+	const keyPackage = deserializeKeyPackage(JSON.parse(fs.readFileSync(keyPackagePath, "utf-8")).key_package);
+	const finalizeArid = ARID.new();
+	const targetDigest = Envelope.fromURString(receiveState.targetUr).subject().digest();
+	if (options.verbose === true) console.error("Fetching signRound2 request from Hubert...");
+	const requestEnvelope = await getWithIndicator(client, listeningAtArid, "signRound2 request", options.timeoutSeconds, options.verbose ?? false);
+	if (!requestEnvelope) throw new Error("signRound2 request not found in Hubert storage");
+	const signerPrivateKeys = ownerXidDocument.inceptionPrivateKeys();
+	if (!signerPrivateKeys) throw new Error("Owner XID document has no private keys");
+	const { SealedRequest: SealedRequestClass } = __require("@bcts/gstp");
+	const now = CborDate.now();
+	const sealedRequest = SealedRequestClass.tryFromEnvelope(requestEnvelope, void 0, now, signerPrivateKeys);
+	const expectedCoordinator = groupRecord.coordinator().xid();
+	validateShareRequest(sealedRequest, sessionId, expectedCoordinator);
+	const responseArid = sealedRequest.extractObjectForParameter("response_arid");
+	const commitmentsByXid = extractCommitments(sealedRequest, receiveState);
+	const myCommitments = commitmentsByXid.get(owner.xid().urString());
+	if (!myCommitments) throw new Error("signRound2 request missing commitments for this participant");
+	const myCommitmentsSerialized = serializeSigningCommitments(myCommitments);
+	const storedCommitmentsSerialized = serializeSigningCommitments(commitState.signingCommitments);
+	if (myCommitmentsSerialized.hiding !== storedCommitmentsSerialized.hiding || myCommitmentsSerialized.binding !== storedCommitmentsSerialized.binding) throw new Error("signRound2 request commitments do not match locally stored commitments");
+	const xidToIdentifier = xidIdentifierMap(receiveState.participants);
+	if (!xidToIdentifier.get(owner.xid().urString())) throw new Error("Identifier for participant not found");
+	if (keyPackage.minSigners !== receiveState.minSigners) throw new Error(`Key package min_signers ${keyPackage.minSigners} does not match session ${receiveState.minSigners}`);
+	if (commitmentsByXid.size < receiveState.minSigners) throw new Error(`signRound2 request contained ${commitmentsByXid.size} commitments but requires at least ${receiveState.minSigners} signers`);
+	const signatureShare = signingRound2(createSigningPackage(commitmentsWithIdentifiers(commitmentsByXid, xidToIdentifier), targetDigest.data()), commitState.signingNonces, keyPackage);
+	const responseBody = buildResponseBody(sessionId, signatureShare, finalizeArid);
+	const { SealedResponse: SealedResponseClass } = __require("@bcts/gstp");
+	const sealedResponse = SealedResponseClass.newSuccess(sealedRequest.id(), ownerXidDocument).withResult(responseBody);
+	if (options.preview === true) {
+		const unsealed = sealedResponse.toEnvelope(void 0, signerPrivateKeys, void 0);
+		console.log(unsealed.urString());
+		return { listeningArid: finalizeArid.urString() };
+	}
+	let coordinatorDoc;
+	if (expectedCoordinator.urString() === owner.xid().urString()) coordinatorDoc = ownerXidDocument;
+	else {
+		const coordinatorRecord = registry.participant(expectedCoordinator);
+		if (!coordinatorRecord) throw new Error(`Coordinator ${expectedCoordinator.urString()} not found in registry`);
+		coordinatorDoc = coordinatorRecord.xidDocument();
+	}
+	const expiry = CborDate.withDurationFromNow(3600);
+	await putWithIndicator(client, responseArid, sealedResponse.toEnvelope(expiry, signerPrivateKeys, coordinatorDoc), "Signature Share", options.verbose ?? false);
+	persistShareState(registryPath, groupId, sessionId, responseArid, finalizeArid, signatureShare, commitmentsByXid);
+	const groupRecordMutable = registry.group(groupId);
+	if (groupRecordMutable) {
+		groupRecordMutable.setListeningAtArid(finalizeArid);
+		registry.save(registryPath);
+	}
+	if (options.verbose === true) console.error(`Posted signature share to ${responseArid.urString()}`);
+	return { listeningArid: finalizeArid.urString() };
+}
+//#endregion
+export { round2_exports as n, round2$1 as t };
+//# sourceMappingURL=round2-BkNRCXgS.mjs.map

package/dist/round2-BkNRCXgS.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"round2-BkNRCXgS.mjs","names":["ARIDClass","XIDClass","EnvelopeFunction","JSONComponent","round2"],"sources":["../src/cmd/sign/participant/round2.ts"],"sourcesContent":["/**\n * Copyright © 2023-2026 Blockchain Commons, LLC\n * Copyright © 2025-2026 Parity Technologies\n *\n *\n * Sign participant round 2 command.\n *\n * Port of cmd/sign/participant/round2.rs from frost-hubert-rust.\n *\n * @module\n */\n\n/* eslint-disable @typescript-eslint/no-unsafe-call */\n\nimport * as fs from \"node:fs\";\nimport * as path from \"node:path\";\n\nimport {\n type ARID,\n type XID,\n XID as XIDClass,\n ARID as ARIDClass,\n JSON as JSONComponent,\n type Digest,\n} from \"@bcts/components\";\nimport { CborDate } from \"@bcts/dcbor\";\nimport { Envelope, Function as EnvelopeFunction } from \"@bcts/envelope\";\nimport { type XIDDocument } from \"@bcts/xid\";\n\nimport { Registry, resolveRegistryPath } from \"../../../registry/index.js\";\nimport { getWithIndicator, putWithIndicator } from \"../../busy.js\";\nimport { type StorageClient } from \"../../storage.js\";\nimport { parseAridUr } from \"../../dkg/common.js\";\nimport { signingStateDir } from \"../common.js\";\nimport {\n signingRound2,\n createSigningPackage,\n deserializeKeyPackage,\n deserializeSigningCommitments,\n serializeSignatureShare,\n serializeSigningCommitments,\n identifierFromU16,\n type SerializedKeyPackage,\n type SerializedSigningCommitments,\n type FrostIdentifier,\n type FrostKeyPackage,\n type Ed25519SigningCommitments,\n type Ed25519SignatureShare,\n} from \"../../../frost/index.js\";\n\n// Import nonces from @frosts/core\nimport { Nonce, SigningNonces } from \"@frosts/core\";\nimport { Ed25519Sha512, serde } from \"@frosts/ed25519\";\n\n/**\n * Options for the sign round2 command.\n */\nexport interface SignRound2Options {\n registryPath?: string;\n sessionId: string;\n groupId?: string;\n timeoutSeconds?: number;\n preview?: boolean;\n verbose?: boolean;\n}\n\n/**\n * Result of the sign round2 command.\n */\nexport interface SignRound2Result {\n listeningArid: string;\n}\n\n/**\n * ReceiveState loaded from sign_receive.json.\n *\n * Port of `struct ReceiveState` from cmd/sign/participant/round2.rs.\n */\ninterface ReceiveState {\n groupId: ARID;\n participants: XID[];\n minSigners: number;\n targetUr: string;\n}\n\n/**\n * CommitState loaded from commit.json.\n *\n * Port of `struct CommitState` from cmd/sign/participant/round2.rs.\n */\ninterface CommitState {\n nextShareArid: ARID;\n targetUr: string;\n signingNonces: SigningNonces<typeof Ed25519Sha512>;\n signingCommitments: Ed25519SigningCommitments;\n}\n\n/**\n * Sealed request interface for GSTP.\n */\ninterface SealedRequestInstance {\n function: () => unknown;\n id: () => ARID;\n sender: () => { xid: () => XID };\n extractObjectForParameter: <T>(name: string) => T;\n objectsForParameter: (name: string) => Envelope[];\n}\n\n/**\n * Load receive state from sign_receive.json.\n *\n * Port of `load_receive_state()` from cmd/sign/participant/round2.rs.\n */\nfunction loadReceiveState(registryPath: string, sessionId: ARID, groupHint?: ARID): ReceiveState {\n const base = path.dirname(registryPath);\n const groupStateDir = path.join(base, \"group-state\");\n\n // Find candidate paths\n let groupDirs: [ARID, string][];\n\n if (groupHint) {\n groupDirs = [[groupHint, path.join(groupStateDir, groupHint.hex())]];\n } else {\n groupDirs = [];\n if (fs.existsSync(groupStateDir)) {\n for (const entry of fs.readdirSync(groupStateDir, { withFileTypes: true })) {\n if (entry.isDirectory() && entry.name.length === 64 && /^[0-9a-f]+$/i.test(entry.name)) {\n const groupId = ARIDClass.fromHex(entry.name);\n groupDirs.push([groupId, path.join(groupStateDir, entry.name)]);\n }\n }\n }\n }\n\n const candidates: [ARID, string][] = [];\n for (const [groupId, groupDir] of groupDirs) {\n const candidate = path.join(groupDir, \"signing\", sessionId.hex(), \"sign_receive.json\");\n if (fs.existsSync(candidate)) {\n candidates.push([groupId, candidate]);\n }\n }\n\n if (candidates.length === 0) {\n throw new Error(\n \"No sign_receive.json found for this session; run `frost sign participant receive` first\",\n );\n }\n if (candidates.length > 1) {\n throw new Error(\"Multiple groups contain this session; use --group to disambiguate\");\n }\n\n const [groupId, statePath] = candidates[0];\n const raw = JSON.parse(fs.readFileSync(statePath, \"utf-8\")) as Record<string, unknown>;\n\n const getStr = (key: string): string => {\n const value = raw[key];\n if (typeof value !== \"string\") {\n throw new Error(`Missing or invalid ${key} in sign_receive.json`);\n }\n return value;\n };\n\n // Validate session matches\n const sessionInState = parseAridUr(getStr(\"session\"));\n if (sessionInState.urString() !== sessionId.urString()) {\n throw new Error(\n `Session ${sessionInState.urString()} in sign_receive.json does not match requested session ${sessionId.urString()}`,\n );\n }\n\n // Validate group matches\n const groupInState = parseAridUr(getStr(\"group\"));\n if (groupInState.urString() !== groupId.urString()) {\n throw new Error(\n `Group ${groupInState.urString()} in sign_receive.json does not match directory group ${groupId.urString()}`,\n );\n }\n\n // Parse participants\n const participantsVal = raw[\"participants\"] as string[] | undefined;\n if (!participantsVal || !Array.isArray(participantsVal)) {\n throw new Error(\"Missing participants in sign_receive.json\");\n }\n\n const participants: XID[] = [];\n for (const entry of participantsVal) {\n if (typeof entry !== \"string\") {\n throw new Error(\"Invalid participant entry in sign_receive.json\");\n }\n participants.push(XIDClass.fromURString(entry));\n }\n\n // Parse min_signers\n const minSigners = raw[\"min_signers\"];\n if (typeof minSigners !== \"number\") {\n throw new Error(\"Missing min_signers in sign_receive.json\");\n }\n\n const targetUr = getStr(\"target\");\n\n return {\n groupId,\n participants,\n minSigners,\n targetUr,\n };\n}\n\n/**\n * Load commit state from commit.json (includes nonces).\n *\n * Port of `load_commit_state()` from cmd/sign/participant/round2.rs.\n */\nfunction loadCommitState(registryPath: string, groupId: ARID, sessionId: ARID): CommitState {\n const dir = signingStateDir(registryPath, groupId.hex(), sessionId.hex());\n const statePath = path.join(dir, \"commit.json\");\n\n if (!fs.existsSync(statePath)) {\n throw new Error(\n `Commit state not found at ${statePath}. Run \\`frost sign participant commit\\` first.`,\n );\n }\n\n const raw = JSON.parse(fs.readFileSync(statePath, \"utf-8\")) as Record<string, unknown>;\n\n const getStr = (key: string): string => {\n const value = raw[key];\n if (typeof value !== \"string\") {\n throw new Error(`Missing or invalid ${key} in commit.json`);\n }\n return value;\n };\n\n // Validate session matches\n const sessionInState = parseAridUr(getStr(\"session\"));\n if (sessionInState.urString() !== sessionId.urString()) {\n throw new Error(\n `Session ${sessionInState.urString()} in commit.json does not match requested session ${sessionId.urString()}`,\n );\n }\n\n const nextShareArid = parseAridUr(getStr(\"next_share_arid\"));\n const targetUr = getStr(\"target\");\n\n // Deserialize signing nonces\n const noncesRaw = raw[\"signing_nonces\"] as Record<string, string> | undefined;\n if (!noncesRaw) {\n throw new Error(\"Missing signing_nonces in commit.json\");\n }\n\n const hidingNonce = Nonce.deserialize(Ed25519Sha512, serde.hexToBytes(noncesRaw[\"hiding\"]));\n const bindingNonce = Nonce.deserialize(Ed25519Sha512, serde.hexToBytes(noncesRaw[\"binding\"]));\n const signingNonces = SigningNonces.fromNonces(Ed25519Sha512, hidingNonce, bindingNonce);\n\n // Deserialize signing commitments\n const commitmentsRaw = raw[\"signing_commitments\"] as SerializedSigningCommitments | undefined;\n if (!commitmentsRaw) {\n throw new Error(\"Missing signing_commitments in commit.json\");\n }\n const signingCommitments = deserializeSigningCommitments(commitmentsRaw);\n\n return {\n nextShareArid,\n targetUr,\n signingNonces,\n signingCommitments,\n };\n}\n\n/**\n * Validate the incoming GSTP request.\n *\n * Port of request validation logic from cmd/sign/participant/round2.rs.\n */\nfunction validateShareRequest(\n sealedRequest: SealedRequestInstance,\n sessionId: ARID,\n expectedCoordinator: XID,\n): void {\n // Check function\n const expectedFunction = EnvelopeFunction.fromString(\"signRound2\");\n const actualFunction = sealedRequest.function();\n // @ts-expect-error - function() returns unknown, but it should have .equals()\n if (actualFunction.equals(expectedFunction) !== true) {\n throw new Error(`Unexpected request function: ${String(sealedRequest.function())}`);\n }\n\n // Check session ID\n if (sealedRequest.id().urString() !== sessionId.urString()) {\n throw new Error(\n `Session ID mismatch (request ${sealedRequest.id().urString()}, expected ${sessionId.urString()})`,\n );\n }\n\n // Check sender (coordinator)\n if (sealedRequest.sender().xid().urString() !== expectedCoordinator.urString()) {\n throw new Error(\n `Unexpected request sender: ${sealedRequest.sender().xid().urString()} (expected coordinator ${expectedCoordinator.urString()})`,\n );\n }\n}\n\n/**\n * Extract all commitments from the signRound2 request.\n *\n * Port of `parse_commitments()` from cmd/sign/participant/round2.rs.\n */\nfunction extractCommitments(\n sealedRequest: SealedRequestInstance,\n receiveState: ReceiveState,\n): Map<string, Ed25519SigningCommitments> {\n const commitments = new Map<string, Ed25519SigningCommitments>();\n\n const commitmentObjects = sealedRequest.objectsForParameter(\"commitment\");\n\n for (const entry of commitmentObjects) {\n // Extract XID subject\n const xid = XIDClass.fromTaggedCbor(entry.subject().tryLeaf());\n\n // Extract commitments from the \"commitments\" predicate\n const commitmentsObjects = entry.objectsForPredicate(\"commitments\");\n if (commitmentsObjects.length === 0) {\n throw new Error(`Missing commitments for participant ${xid.urString()}`);\n }\n\n const commitmentsJson = JSONComponent.fromTaggedCbor(commitmentsObjects[0].subject().tryLeaf());\n const serializedCommitments = JSON.parse(\n commitmentsJson.asStr(),\n ) as SerializedSigningCommitments;\n const signingCommitments = deserializeSigningCommitments(serializedCommitments);\n\n const xidUr = xid.urString();\n if (commitments.has(xidUr)) {\n throw new Error(`Duplicate commitments for participant ${xidUr}`);\n }\n commitments.set(xidUr, signingCommitments);\n }\n\n if (commitments.size === 0) {\n throw new Error(\"signRound2 request contains no commitments\");\n }\n\n // Validate expected participant set\n const expectedSet = new Set(receiveState.participants.map((p) => p.urString()));\n const actualSet = new Set(commitments.keys());\n\n const missing: string[] = [];\n const extra: string[] = [];\n\n for (const xid of expectedSet) {\n if (!actualSet.has(xid)) {\n missing.push(xid);\n }\n }\n for (const xid of actualSet) {\n if (!expectedSet.has(xid)) {\n extra.push(xid);\n }\n }\n\n if (missing.length > 0 || extra.length > 0) {\n throw new Error(\n `signRound2 commitments do not match session participants (missing: ${missing.join(\", \")}; extra: ${extra.join(\", \")})`,\n );\n }\n\n return commitments;\n}\n\n/**\n * Build a map from XID to FROST identifier (sorted participant order).\n *\n * Port of `xid_identifier_map()` from cmd/sign/participant/round2.rs.\n */\nfunction xidIdentifierMap(participants: XID[]): Map<string, FrostIdentifier> {\n const map = new Map<string, FrostIdentifier>();\n for (let i = 0; i < participants.length; i++) {\n const identifier = identifierFromU16(i + 1);\n map.set(participants[i].urString(), identifier);\n }\n return map;\n}\n\n/**\n * Build signing commitments with identifiers.\n *\n * Port of `commitments_with_identifiers()` from cmd/sign/participant/round2.rs.\n */\nfunction commitmentsWithIdentifiers(\n commitments: Map<string, Ed25519SigningCommitments>,\n xidToIdentifier: Map<string, FrostIdentifier>,\n): Map<FrostIdentifier, Ed25519SigningCommitments> {\n const mapped = new Map<FrostIdentifier, Ed25519SigningCommitments>();\n for (const [xidUr, commits] of commitments) {\n const identifier = xidToIdentifier.get(xidUr);\n if (!identifier) {\n throw new Error(`Unknown participant ${xidUr}`);\n }\n mapped.set(identifier, commits);\n }\n return mapped;\n}\n\n/**\n * Build the signRound2Response body envelope.\n *\n * Port of response body construction from cmd/sign/participant/round2.rs.\n */\nfunction buildResponseBody(\n sessionId: ARID,\n signatureShare: Ed25519SignatureShare,\n finalizeArid: ARID,\n): Envelope {\n const shareHex = serializeSignatureShare(signatureShare);\n const shareJson = JSONComponent.fromString(JSON.stringify({ share: shareHex }));\n\n return Envelope.unit()\n .addType(\"signRound2Response\")\n .addAssertion(\"session\", sessionId)\n .addAssertion(\"signature_share\", shareJson)\n .addAssertion(\"response_arid\", finalizeArid);\n}\n\n/**\n * Persist share state to share.json.\n *\n * Port of `persist_share_state()` from cmd/sign/participant/round2.rs.\n */\nfunction persistShareState(\n registryPath: string,\n groupId: ARID,\n sessionId: ARID,\n responseArid: ARID,\n finalizeArid: ARID,\n signatureShare: Ed25519SignatureShare,\n commitments: Map<string, Ed25519SigningCommitments>,\n): void {\n const dir = signingStateDir(registryPath, groupId.hex(), sessionId.hex());\n fs.mkdirSync(dir, { recursive: true });\n\n // Build commitments JSON object\n const commitmentsJson: Record<string, SerializedSigningCommitments> = {};\n for (const [xidUr, commits] of commitments) {\n commitmentsJson[xidUr] = serializeSigningCommitments(commits);\n }\n\n // Build root JSON object\n const root = {\n session: sessionId.urString(),\n response_arid: responseArid.urString(),\n finalize_arid: finalizeArid.urString(),\n signature_share: { share: serializeSignatureShare(signatureShare) },\n commitments: commitmentsJson,\n };\n\n fs.writeFileSync(path.join(dir, \"share.json\"), JSON.stringify(root, null, 2));\n}\n\n/**\n * Execute the sign participant round 2 command.\n *\n * Receives round 2 request and sends signature share.\n *\n * Port of `CommandArgs::exec()` from cmd/sign/participant/round2.rs.\n */\nexport async function round2(\n client: StorageClient,\n options: SignRound2Options,\n cwd: string,\n): Promise<SignRound2Result> {\n const registryPath = resolveRegistryPath(options.registryPath, cwd);\n const registry = Registry.load(registryPath);\n\n const owner = registry.owner();\n if (!owner) {\n throw new Error(\"Registry owner is required\");\n }\n const ownerXidDocument = owner.xidDocument();\n\n const sessionId = parseAridUr(options.sessionId);\n const groupHint = options.groupId ? parseAridUr(options.groupId) : undefined;\n\n // Load receive state (finds group automatically if not specified)\n const receiveState = loadReceiveState(registryPath, sessionId, groupHint);\n const groupId = receiveState.groupId;\n\n const groupRecord = registry.group(groupId);\n if (!groupRecord) {\n throw new Error(\"Group not found in registry\");\n }\n\n // Validate min_signers matches\n if (groupRecord.minSigners() !== receiveState.minSigners) {\n throw new Error(\n `Session min_signers ${receiveState.minSigners} does not match registry ${groupRecord.minSigners()}`,\n );\n }\n\n // Validate participants match\n const registryParticipants = new Set(groupRecord.participants().map((p) => p.xid().urString()));\n const sessionParticipants = new Set(receiveState.participants.map((p) => p.urString()));\n\n if (\n registryParticipants.size !== sessionParticipants.size ||\n ![...registryParticipants].every((p) => sessionParticipants.has(p))\n ) {\n throw new Error(\"Session participants do not match registry group participants\");\n }\n\n // Validate owner participates in this session\n if (!sessionParticipants.has(owner.xid().urString())) {\n throw new Error(\"This participant is not part of the signing session\");\n }\n\n // Get listening ARID from registry\n const listeningAtArid = groupRecord.listeningAtArid();\n if (!listeningAtArid) {\n throw new Error(\n \"No listening ARID for signRound2. Did you run `frost sign participant commit`?\",\n );\n }\n\n // Load commit state and validate\n const commitState = loadCommitState(registryPath, groupId, sessionId);\n\n if (commitState.nextShareArid.urString() !== listeningAtArid.urString()) {\n throw new Error(\n `Listening ARID in registry (${listeningAtArid.urString()}) does not match persisted commit state (${commitState.nextShareArid.urString()})`,\n );\n }\n\n if (commitState.targetUr !== receiveState.targetUr) {\n throw new Error(\"Target envelope in commit state does not match persisted signInvite request\");\n }\n\n // Load key package\n const keyPackagePath = groupRecord.contributions().keyPackage;\n if (!keyPackagePath) {\n throw new Error(\"Key package path not found; did you finish DKG?\");\n }\n\n interface KeyPackageFile {\n group?: string;\n key_package: SerializedKeyPackage;\n }\n\n const keyPackageFile = JSON.parse(fs.readFileSync(keyPackagePath, \"utf-8\")) as KeyPackageFile;\n const keyPackage: FrostKeyPackage = deserializeKeyPackage(keyPackageFile.key_package);\n\n // Create finalize ARID\n const finalizeArid = ARIDClass.new();\n\n // Compute target digest from persisted target envelope\n const targetEnvelope = Envelope.fromURString(receiveState.targetUr);\n const targetDigest: Digest = targetEnvelope.subject().digest();\n\n if (options.verbose === true) {\n console.error(\"Fetching signRound2 request from Hubert...\");\n }\n\n // Fetch request from storage\n const requestEnvelope = await getWithIndicator(\n client,\n listeningAtArid,\n \"signRound2 request\",\n options.timeoutSeconds,\n options.verbose ?? false,\n );\n\n if (!requestEnvelope) {\n throw new Error(\"signRound2 request not found in Hubert storage\");\n }\n\n // Parse sealed request\n const signerPrivateKeys = ownerXidDocument.inceptionPrivateKeys();\n if (!signerPrivateKeys) {\n throw new Error(\"Owner XID document has no private keys\");\n }\n\n // eslint-disable-next-line @typescript-eslint/no-require-imports, no-undef\n const { SealedRequest: SealedRequestClass } = require(\"@bcts/gstp\") as {\n SealedRequest: {\n tryFromEnvelope: (\n envelope: Envelope,\n expectedSender: XID | undefined,\n now: CborDate,\n recipientPrivateKeys: unknown,\n ) => SealedRequestInstance;\n };\n };\n\n const now = CborDate.now();\n const sealedRequest = SealedRequestClass.tryFromEnvelope(\n requestEnvelope,\n undefined,\n now,\n signerPrivateKeys,\n );\n\n // Validate request\n const expectedCoordinator = groupRecord.coordinator().xid();\n validateShareRequest(sealedRequest, sessionId, expectedCoordinator);\n\n // Extract response ARID from request\n const responseArid: ARID = sealedRequest.extractObjectForParameter(\"response_arid\");\n\n // Extract and validate commitments\n const commitmentsByXid = extractCommitments(sealedRequest, receiveState);\n\n // Verify our commitments match\n const myCommitments = commitmentsByXid.get(owner.xid().urString());\n if (!myCommitments) {\n throw new Error(\"signRound2 request missing commitments for this participant\");\n }\n\n // Compare commitments using serialized form\n const myCommitmentsSerialized = serializeSigningCommitments(myCommitments);\n const storedCommitmentsSerialized = serializeSigningCommitments(commitState.signingCommitments);\n\n if (\n myCommitmentsSerialized.hiding !== storedCommitmentsSerialized.hiding ||\n myCommitmentsSerialized.binding !== storedCommitmentsSerialized.binding\n ) {\n throw new Error(\"signRound2 request commitments do not match locally stored commitments\");\n }\n\n // Build XID to identifier map (sorted participant order)\n const xidToIdentifier = xidIdentifierMap(receiveState.participants);\n\n // Verify our identifier matches key package\n const myIdentifier = xidToIdentifier.get(owner.xid().urString());\n if (!myIdentifier) {\n throw new Error(\"Identifier for participant not found\");\n }\n\n // Verify key package min_signers matches\n if (keyPackage.minSigners !== receiveState.minSigners) {\n throw new Error(\n `Key package min_signers ${keyPackage.minSigners} does not match session ${receiveState.minSigners}`,\n );\n }\n\n // Verify enough commitments\n if (commitmentsByXid.size < receiveState.minSigners) {\n throw new Error(\n `signRound2 request contained ${commitmentsByXid.size} commitments but requires at least ${receiveState.minSigners} signers`,\n );\n }\n\n // Build signing commitments with identifiers\n const signingCommitments = commitmentsWithIdentifiers(commitmentsByXid, xidToIdentifier);\n\n // Create signing package\n const signingPackage = createSigningPackage(signingCommitments, targetDigest.data());\n\n // Generate signature share using FROST round 2\n const signatureShare = signingRound2(signingPackage, commitState.signingNonces, keyPackage);\n\n // Build response body\n const responseBody = buildResponseBody(sessionId, signatureShare, finalizeArid);\n\n // Build sealed response\n // eslint-disable-next-line @typescript-eslint/no-require-imports, no-undef\n const { SealedResponse: SealedResponseClass } = require(\"@bcts/gstp\") as {\n SealedResponse: {\n newSuccess: (\n requestId: ARID,\n sender: XIDDocument,\n ) => {\n withResult: (result: Envelope) => {\n withPeerContinuation: (continuation: unknown) => {\n toEnvelope: (\n expiry: CborDate | undefined,\n signerPrivateKeys: unknown,\n recipient: XIDDocument | undefined,\n ) => Envelope;\n };\n toEnvelope: (\n expiry: CborDate | undefined,\n signerPrivateKeys: unknown,\n recipient: XIDDocument | undefined,\n ) => Envelope;\n };\n };\n };\n };\n\n const sealedResponse = SealedResponseClass.newSuccess(\n sealedRequest.id(),\n ownerXidDocument,\n ).withResult(responseBody);\n\n // Preview mode - print unsealed response\n if (options.preview === true) {\n const unsealed = sealedResponse.toEnvelope(undefined, signerPrivateKeys, undefined);\n console.log(unsealed.urString());\n return {\n listeningArid: finalizeArid.urString(),\n };\n }\n\n // Get coordinator XID document for encryption\n let coordinatorDoc: XIDDocument;\n if (expectedCoordinator.urString() === owner.xid().urString()) {\n coordinatorDoc = ownerXidDocument;\n } else {\n const coordinatorRecord = registry.participant(expectedCoordinator);\n if (!coordinatorRecord) {\n throw new Error(`Coordinator ${expectedCoordinator.urString()} not found in registry`);\n }\n coordinatorDoc = coordinatorRecord.xidDocument();\n }\n\n // Create response envelope with expiry\n const expiry = CborDate.withDurationFromNow(60 * 60); // 1 hour\n const responseEnvelope = sealedResponse.toEnvelope(expiry, signerPrivateKeys, coordinatorDoc);\n\n // Send response\n await putWithIndicator(\n client,\n responseArid,\n responseEnvelope,\n \"Signature Share\",\n options.verbose ?? false,\n );\n\n // Persist share state\n persistShareState(\n registryPath,\n groupId,\n sessionId,\n responseArid,\n finalizeArid,\n signatureShare,\n commitmentsByXid,\n );\n\n // Update registry with finalize listening ARID\n const groupRecordMutable = registry.group(groupId);\n if (groupRecordMutable) {\n groupRecordMutable.setListeningAtArid(finalizeArid);\n registry.save(registryPath);\n }\n\n if (options.verbose === true) {\n console.error(`Posted signature share to ${responseArid.urString()}`);\n }\n\n return {\n listeningArid: finalizeArid.urString(),\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiHA,SAAS,iBAAiB,cAAsB,WAAiB,WAAgC;CAC/F,MAAM,OAAO,KAAK,QAAQ,aAAa;CACvC,MAAM,gBAAgB,KAAK,KAAK,MAAM,cAAc;CAGpD,IAAI;AAEJ,KAAI,UACF,aAAY,CAAC,CAAC,WAAW,KAAK,KAAK,eAAe,UAAU,KAAK,CAAC,CAAC,CAAC;MAC/D;AACL,cAAY,EAAE;AACd,MAAI,GAAG,WAAW,cAAc;QACzB,MAAM,SAAS,GAAG,YAAY,eAAe,EAAE,eAAe,MAAM,CAAC,CACxE,KAAI,MAAM,aAAa,IAAI,MAAM,KAAK,WAAW,MAAM,eAAe,KAAK,MAAM,KAAK,EAAE;IACtF,MAAM,UAAUA,KAAU,QAAQ,MAAM,KAAK;AAC7C,cAAU,KAAK,CAAC,SAAS,KAAK,KAAK,eAAe,MAAM,KAAK,CAAC,CAAC;;;;CAMvE,MAAM,aAA+B,EAAE;AACvC,MAAK,MAAM,CAAC,SAAS,aAAa,WAAW;EAC3C,MAAM,YAAY,KAAK,KAAK,UAAU,WAAW,UAAU,KAAK,EAAE,oBAAoB;AACtF,MAAI,GAAG,WAAW,UAAU,CAC1B,YAAW,KAAK,CAAC,SAAS,UAAU,CAAC;;AAIzC,KAAI,WAAW,WAAW,EACxB,OAAM,IAAI,MACR,0FACD;AAEH,KAAI,WAAW,SAAS,EACtB,OAAM,IAAI,MAAM,oEAAoE;CAGtF,MAAM,CAAC,SAAS,aAAa,WAAW;CACxC,MAAM,MAAM,KAAK,MAAM,GAAG,aAAa,WAAW,QAAQ,CAAC;CAE3D,MAAM,UAAU,QAAwB;EACtC,MAAM,QAAQ,IAAI;AAClB,MAAI,OAAO,UAAU,SACnB,OAAM,IAAI,MAAM,sBAAsB,IAAI,uBAAuB;AAEnE,SAAO;;CAIT,MAAM,iBAAiB,YAAY,OAAO,UAAU,CAAC;AACrD,KAAI,eAAe,UAAU,KAAK,UAAU,UAAU,CACpD,OAAM,IAAI,MACR,WAAW,eAAe,UAAU,CAAC,yDAAyD,UAAU,UAAU,GACnH;CAIH,MAAM,eAAe,YAAY,OAAO,QAAQ,CAAC;AACjD,KAAI,aAAa,UAAU,KAAK,QAAQ,UAAU,CAChD,OAAM,IAAI,MACR,SAAS,aAAa,UAAU,CAAC,uDAAuD,QAAQ,UAAU,GAC3G;CAIH,MAAM,kBAAkB,IAAI;AAC5B,KAAI,CAAC,mBAAmB,CAAC,MAAM,QAAQ,gBAAgB,CACrD,OAAM,IAAI,MAAM,4CAA4C;CAG9D,MAAM,eAAsB,EAAE;AAC9B,MAAK,MAAM,SAAS,iBAAiB;AACnC,MAAI,OAAO,UAAU,SACnB,OAAM,IAAI,MAAM,iDAAiD;AAEnE,eAAa,KAAKC,IAAS,aAAa,MAAM,CAAC;;CAIjD,MAAM,aAAa,IAAI;AACvB,KAAI,OAAO,eAAe,SACxB,OAAM,IAAI,MAAM,2CAA2C;AAK7D,QAAO;EACL;EACA;EACA;EACA,UANe,OAAO,SAMd;EACT;;;;;;;AAQH,SAAS,gBAAgB,cAAsB,SAAe,WAA8B;CAC1F,MAAM,MAAM,gBAAgB,cAAc,QAAQ,KAAK,EAAE,UAAU,KAAK,CAAC;CACzE,MAAM,YAAY,KAAK,KAAK,KAAK,cAAc;AAE/C,KAAI,CAAC,GAAG,WAAW,UAAU,CAC3B,OAAM,IAAI,MACR,6BAA6B,UAAU,gDACxC;CAGH,MAAM,MAAM,KAAK,MAAM,GAAG,aAAa,WAAW,QAAQ,CAAC;CAE3D,MAAM,UAAU,QAAwB;EACtC,MAAM,QAAQ,IAAI;AAClB,MAAI,OAAO,UAAU,SACnB,OAAM,IAAI,MAAM,sBAAsB,IAAI,iBAAiB;AAE7D,SAAO;;CAIT,MAAM,iBAAiB,YAAY,OAAO,UAAU,CAAC;AACrD,KAAI,eAAe,UAAU,KAAK,UAAU,UAAU,CACpD,OAAM,IAAI,MACR,WAAW,eAAe,UAAU,CAAC,mDAAmD,UAAU,UAAU,GAC7G;CAGH,MAAM,gBAAgB,YAAY,OAAO,kBAAkB,CAAC;CAC5D,MAAM,WAAW,OAAO,SAAS;CAGjC,MAAM,YAAY,IAAI;AACtB,KAAI,CAAC,UACH,OAAM,IAAI,MAAM,wCAAwC;CAG1D,MAAM,cAAc,MAAM,YAAY,eAAe,MAAM,WAAW,UAAU,UAAU,CAAC;CAC3F,MAAM,eAAe,MAAM,YAAY,eAAe,MAAM,WAAW,UAAU,WAAW,CAAC;CAC7F,MAAM,gBAAgB,cAAc,WAAW,eAAe,aAAa,aAAa;CAGxF,MAAM,iBAAiB,IAAI;AAC3B,KAAI,CAAC,eACH,OAAM,IAAI,MAAM,6CAA6C;AAI/D,QAAO;EACL;EACA;EACA;EACA,oBANyB,8BAA8B,eAMrC;EACnB;;;;;;;AAQH,SAAS,qBACP,eACA,WACA,qBACM;CAEN,MAAM,mBAAmBC,SAAiB,WAAW,aAAa;AAGlE,KAFuB,cAAc,UAEnB,CAAC,OAAO,iBAAiB,KAAK,KAC9C,OAAM,IAAI,MAAM,gCAAgC,OAAO,cAAc,UAAU,CAAC,GAAG;AAIrF,KAAI,cAAc,IAAI,CAAC,UAAU,KAAK,UAAU,UAAU,CACxD,OAAM,IAAI,MACR,gCAAgC,cAAc,IAAI,CAAC,UAAU,CAAC,aAAa,UAAU,UAAU,CAAC,GACjG;AAIH,KAAI,cAAc,QAAQ,CAAC,KAAK,CAAC,UAAU,KAAK,oBAAoB,UAAU,CAC5E,OAAM,IAAI,MACR,8BAA8B,cAAc,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,yBAAyB,oBAAoB,UAAU,CAAC,GAC/H;;;;;;;AASL,SAAS,mBACP,eACA,cACwC;CACxC,MAAM,8BAAc,IAAI,KAAwC;CAEhE,MAAM,oBAAoB,cAAc,oBAAoB,aAAa;AAEzE,MAAK,MAAM,SAAS,mBAAmB;EAErC,MAAM,MAAMD,IAAS,eAAe,MAAM,SAAS,CAAC,SAAS,CAAC;EAG9D,MAAM,qBAAqB,MAAM,oBAAoB,cAAc;AACnE,MAAI,mBAAmB,WAAW,EAChC,OAAM,IAAI,MAAM,uCAAuC,IAAI,UAAU,GAAG;EAG1E,MAAM,kBAAkBE,OAAc,eAAe,mBAAmB,GAAG,SAAS,CAAC,SAAS,CAAC;EAI/F,MAAM,qBAAqB,8BAHG,KAAK,MACjC,gBAAgB,OAAO,CAEqD,CAAC;EAE/E,MAAM,QAAQ,IAAI,UAAU;AAC5B,MAAI,YAAY,IAAI,MAAM,CACxB,OAAM,IAAI,MAAM,yCAAyC,QAAQ;AAEnE,cAAY,IAAI,OAAO,mBAAmB;;AAG5C,KAAI,YAAY,SAAS,EACvB,OAAM,IAAI,MAAM,6CAA6C;CAI/D,MAAM,cAAc,IAAI,IAAI,aAAa,aAAa,KAAK,MAAM,EAAE,UAAU,CAAC,CAAC;CAC/E,MAAM,YAAY,IAAI,IAAI,YAAY,MAAM,CAAC;CAE7C,MAAM,UAAoB,EAAE;CAC5B,MAAM,QAAkB,EAAE;AAE1B,MAAK,MAAM,OAAO,YAChB,KAAI,CAAC,UAAU,IAAI,IAAI,CACrB,SAAQ,KAAK,IAAI;AAGrB,MAAK,MAAM,OAAO,UAChB,KAAI,CAAC,YAAY,IAAI,IAAI,CACvB,OAAM,KAAK,IAAI;AAInB,KAAI,QAAQ,SAAS,KAAK,MAAM,SAAS,EACvC,OAAM,IAAI,MACR,sEAAsE,QAAQ,KAAK,KAAK,CAAC,WAAW,MAAM,KAAK,KAAK,CAAC,GACtH;AAGH,QAAO;;;;;;;AAQT,SAAS,iBAAiB,cAAmD;CAC3E,MAAM,sBAAM,IAAI,KAA8B;AAC9C,MAAK,IAAI,IAAI,GAAG,IAAI,aAAa,QAAQ,KAAK;EAC5C,MAAM,aAAa,kBAAkB,IAAI,EAAE;AAC3C,MAAI,IAAI,aAAa,GAAG,UAAU,EAAE,WAAW;;AAEjD,QAAO;;;;;;;AAQT,SAAS,2BACP,aACA,iBACiD;CACjD,MAAM,yBAAS,IAAI,KAAiD;AACpE,MAAK,MAAM,CAAC,OAAO,YAAY,aAAa;EAC1C,MAAM,aAAa,gBAAgB,IAAI,MAAM;AAC7C,MAAI,CAAC,WACH,OAAM,IAAI,MAAM,uBAAuB,QAAQ;AAEjD,SAAO,IAAI,YAAY,QAAQ;;AAEjC,QAAO;;;;;;;AAQT,SAAS,kBACP,WACA,gBACA,cACU;CACV,MAAM,WAAW,wBAAwB,eAAe;CACxD,MAAM,YAAYA,OAAc,WAAW,KAAK,UAAU,EAAE,OAAO,UAAU,CAAC,CAAC;AAE/E,QAAO,SAAS,MAAM,CACnB,QAAQ,qBAAqB,CAC7B,aAAa,WAAW,UAAU,CAClC,aAAa,mBAAmB,UAAU,CAC1C,aAAa,iBAAiB,aAAa;;;;;;;AAQhD,SAAS,kBACP,cACA,SACA,WACA,cACA,cACA,gBACA,aACM;CACN,MAAM,MAAM,gBAAgB,cAAc,QAAQ,KAAK,EAAE,UAAU,KAAK,CAAC;AACzE,IAAG,UAAU,KAAK,EAAE,WAAW,MAAM,CAAC;CAGtC,MAAM,kBAAgE,EAAE;AACxE,MAAK,MAAM,CAAC,OAAO,YAAY,YAC7B,iBAAgB,SAAS,4BAA4B,QAAQ;CAI/D,MAAM,OAAO;EACX,SAAS,UAAU,UAAU;EAC7B,eAAe,aAAa,UAAU;EACtC,eAAe,aAAa,UAAU;EACtC,iBAAiB,EAAE,OAAO,wBAAwB,eAAe,EAAE;EACnE,aAAa;EACd;AAED,IAAG,cAAc,KAAK,KAAK,KAAK,aAAa,EAAE,KAAK,UAAU,MAAM,MAAM,EAAE,CAAC;;;;;;;;;AAU/E,eAAsBC,SACpB,QACA,SACA,KAC2B;CAC3B,MAAM,eAAe,oBAAoB,QAAQ,cAAc,IAAI;CACnE,MAAM,WAAW,SAAS,KAAK,aAAa;CAE5C,MAAM,QAAQ,SAAS,OAAO;AAC9B,KAAI,CAAC,MACH,OAAM,IAAI,MAAM,6BAA6B;CAE/C,MAAM,mBAAmB,MAAM,aAAa;CAE5C,MAAM,YAAY,YAAY,QAAQ,UAAU;CAIhD,MAAM,eAAe,iBAAiB,cAAc,WAHlC,QAAQ,UAAU,YAAY,QAAQ,QAAQ,GAAG,KAAA,EAGM;CACzE,MAAM,UAAU,aAAa;CAE7B,MAAM,cAAc,SAAS,MAAM,QAAQ;AAC3C,KAAI,CAAC,YACH,OAAM,IAAI,MAAM,8BAA8B;AAIhD,KAAI,YAAY,YAAY,KAAK,aAAa,WAC5C,OAAM,IAAI,MACR,uBAAuB,aAAa,WAAW,2BAA2B,YAAY,YAAY,GACnG;CAIH,MAAM,uBAAuB,IAAI,IAAI,YAAY,cAAc,CAAC,KAAK,MAAM,EAAE,KAAK,CAAC,UAAU,CAAC,CAAC;CAC/F,MAAM,sBAAsB,IAAI,IAAI,aAAa,aAAa,KAAK,MAAM,EAAE,UAAU,CAAC,CAAC;AAEvF,KACE,qBAAqB,SAAS,oBAAoB,QAClD,CAAC,CAAC,GAAG,qBAAqB,CAAC,OAAO,MAAM,oBAAoB,IAAI,EAAE,CAAC,CAEnE,OAAM,IAAI,MAAM,gEAAgE;AAIlF,KAAI,CAAC,oBAAoB,IAAI,MAAM,KAAK,CAAC,UAAU,CAAC,CAClD,OAAM,IAAI,MAAM,sDAAsD;CAIxE,MAAM,kBAAkB,YAAY,iBAAiB;AACrD,KAAI,CAAC,gBACH,OAAM,IAAI,MACR,iFACD;CAIH,MAAM,cAAc,gBAAgB,cAAc,SAAS,UAAU;AAErE,KAAI,YAAY,cAAc,UAAU,KAAK,gBAAgB,UAAU,CACrE,OAAM,IAAI,MACR,+BAA+B,gBAAgB,UAAU,CAAC,2CAA2C,YAAY,cAAc,UAAU,CAAC,GAC3I;AAGH,KAAI,YAAY,aAAa,aAAa,SACxC,OAAM,IAAI,MAAM,8EAA8E;CAIhG,MAAM,iBAAiB,YAAY,eAAe,CAAC;AACnD,KAAI,CAAC,eACH,OAAM,IAAI,MAAM,kDAAkD;CASpE,MAAM,aAA8B,sBADb,KAAK,MAAM,GAAG,aAAa,gBAAgB,QAAQ,CACF,CAAC,YAAY;CAGrF,MAAM,eAAeJ,KAAU,KAAK;CAIpC,MAAM,eADiB,SAAS,aAAa,aAAa,SACf,CAAC,SAAS,CAAC,QAAQ;AAE9D,KAAI,QAAQ,YAAY,KACtB,SAAQ,MAAM,6CAA6C;CAI7D,MAAM,kBAAkB,MAAM,iBAC5B,QACA,iBACA,sBACA,QAAQ,gBACR,QAAQ,WAAW,MACpB;AAED,KAAI,CAAC,gBACH,OAAM,IAAI,MAAM,iDAAiD;CAInE,MAAM,oBAAoB,iBAAiB,sBAAsB;AACjE,KAAI,CAAC,kBACH,OAAM,IAAI,MAAM,yCAAyC;CAI3D,MAAM,EAAE,eAAe,uBAAA,UAA+B,aAAa;CAWnE,MAAM,MAAM,SAAS,KAAK;CAC1B,MAAM,gBAAgB,mBAAmB,gBACvC,iBACA,KAAA,GACA,KACA,kBACD;CAGD,MAAM,sBAAsB,YAAY,aAAa,CAAC,KAAK;AAC3D,sBAAqB,eAAe,WAAW,oBAAoB;CAGnE,MAAM,eAAqB,cAAc,0BAA0B,gBAAgB;CAGnF,MAAM,mBAAmB,mBAAmB,eAAe,aAAa;CAGxE,MAAM,gBAAgB,iBAAiB,IAAI,MAAM,KAAK,CAAC,UAAU,CAAC;AAClE,KAAI,CAAC,cACH,OAAM,IAAI,MAAM,8DAA8D;CAIhF,MAAM,0BAA0B,4BAA4B,cAAc;CAC1E,MAAM,8BAA8B,4BAA4B,YAAY,mBAAmB;AAE/F,KACE,wBAAwB,WAAW,4BAA4B,UAC/D,wBAAwB,YAAY,4BAA4B,QAEhE,OAAM,IAAI,MAAM,yEAAyE;CAI3F,MAAM,kBAAkB,iBAAiB,aAAa,aAAa;AAInE,KAAI,CADiB,gBAAgB,IAAI,MAAM,KAAK,CAAC,UAAU,CAC9C,CACf,OAAM,IAAI,MAAM,uCAAuC;AAIzD,KAAI,WAAW,eAAe,aAAa,WACzC,OAAM,IAAI,MACR,2BAA2B,WAAW,WAAW,0BAA0B,aAAa,aACzF;AAIH,KAAI,iBAAiB,OAAO,aAAa,WACvC,OAAM,IAAI,MACR,gCAAgC,iBAAiB,KAAK,qCAAqC,aAAa,WAAW,UACpH;CAUH,MAAM,iBAAiB,cAHA,qBAHI,2BAA2B,kBAAkB,gBAGV,EAAE,aAAa,MAAM,CAGhC,EAAE,YAAY,eAAe,WAAW;CAG3F,MAAM,eAAe,kBAAkB,WAAW,gBAAgB,aAAa;CAI/E,MAAM,EAAE,gBAAgB,wBAAA,UAAgC,aAAa;CAwBrE,MAAM,iBAAiB,oBAAoB,WACzC,cAAc,IAAI,EAClB,iBACD,CAAC,WAAW,aAAa;AAG1B,KAAI,QAAQ,YAAY,MAAM;EAC5B,MAAM,WAAW,eAAe,WAAW,KAAA,GAAW,mBAAmB,KAAA,EAAU;AACnF,UAAQ,IAAI,SAAS,UAAU,CAAC;AAChC,SAAO,EACL,eAAe,aAAa,UAAU,EACvC;;CAIH,IAAI;AACJ,KAAI,oBAAoB,UAAU,KAAK,MAAM,KAAK,CAAC,UAAU,CAC3D,kBAAiB;MACZ;EACL,MAAM,oBAAoB,SAAS,YAAY,oBAAoB;AACnE,MAAI,CAAC,kBACH,OAAM,IAAI,MAAM,eAAe,oBAAoB,UAAU,CAAC,wBAAwB;AAExF,mBAAiB,kBAAkB,aAAa;;CAIlD,MAAM,SAAS,SAAS,oBAAoB,KAAQ;AAIpD,OAAM,iBACJ,QACA,cALuB,eAAe,WAAW,QAAQ,mBAAmB,eAM5D,EAChB,mBACA,QAAQ,WAAW,MACpB;AAGD,mBACE,cACA,SACA,WACA,cACA,cACA,gBACA,iBACD;CAGD,MAAM,qBAAqB,SAAS,MAAM,QAAQ;AAClD,KAAI,oBAAoB;AACtB,qBAAmB,mBAAmB,aAAa;AACnD,WAAS,KAAK,aAAa;;AAG7B,KAAI,QAAQ,YAAY,KACtB,SAAQ,MAAM,6BAA6B,aAAa,UAAU,GAAG;AAGvE,QAAO,EACL,eAAe,aAAa,UAAU,EACvC"}