@bcts/frost-hubert 1.0.0-alpha.23 → 1.0.0-beta.0

package/src/dkg/group-invite.ts

@@ -355,7 +355,14 @@ export class DkgInvitation {
       recipientPrivateKeys,
     );
 
-    if (expectedSender !== undefined && sealedRequest.sender().xid() !== expectedSender.xid()) {
+    // Rust `group_invite.rs:275-279` uses `!=` on `XID`, which is the
+    // derived `PartialEq` (byte-wise compare on the 32-byte ARID). TS
+    // `!==` is reference identity — two distinct XID instances with
+    // the same bytes would fail. Compare via hex equality instead.
+    if (
+      expectedSender !== undefined &&
+      !sealedRequest.sender().xid().equals(expectedSender.xid())
+    ) {
       throw new Error("Invite sender does not match expected sender");
     }
 
@@ -391,7 +398,10 @@ export class DkgInvitation {
         XIDVerifySignature.Inception,
       );
 
-      if (xidDocument.xid() !== recipientXid) {
+      // Rust `group_invite.rs` compares via `XID::PartialEq` (byte-wise).
+      // TS reference identity would never match for two distinct
+      // `XID` instances representing the same identity.
+      if (!xidDocument.xid().equals(recipientXid)) {
         continue;
       }
 

package/src/dkg/proposed-participant.ts

@@ -95,12 +95,41 @@ export class DkgProposedParticipant {
 
   /**
    * Compare participants by XID for sorting.
+   *
+   * Mirrors Rust `PartialOrd::partial_cmp` which uses
+   * `self.xid().cmp(&other.xid())` — i.e. the underlying 32-byte XID
+   * data is compared lexicographically (`Vec<u8>` ordering). The
+   * earlier port used `xid.toString().localeCompare(...)`, which (a)
+   * compares the UR-encoded base32-ish string, not the bytes, and (b)
+   * is locale-aware. Sorting on UR strings differs from the byte
+   * order whenever the underlying bytes contain values ≥ 0x80, so
+   * Rust and TS would assign different FROST identifiers to the same
+   * participant set — producing different secret shares.
    */
   compareTo(other: DkgProposedParticipant): number {
-    const thisXid = this.xid().toString();
-    const otherXid = other.xid().toString();
-    return thisXid.localeCompare(otherXid);
+    return compareXidBytes(this.xid().toData(), other.xid().toData());
+  }
+}
+
+/**
+ * Lexicographic byte compare matching Rust's `Vec<u8>::cmp` /
+ * `XID::cmp`. Exported so the cmd-tree call sites (round1 / finalize)
+ * can use the same comparator when they sort deduplicated XID lists.
+ *
+ * `XID` is exactly 32 bytes so this only ever compares two equal-length
+ * inputs; the length-tiebreak branch mirrors the generic `Ord` impl on
+ * `Vec<u8>` and is included for correctness if ever applied to other
+ * byte sequences.
+ *
+ * @internal
+ */
+export function compareXidBytes(a: Uint8Array, b: Uint8Array): number {
+  const minLen = Math.min(a.length, b.length);
+  for (let i = 0; i < minLen; i++) {
+    if (a[i] !== b[i]) return a[i] < b[i] ? -1 : 1;
   }
+  if (a.length !== b.length) return a.length < b.length ? -1 : 1;
+  return 0;
 }
 
 /**

package/src/registry/owner-record.ts

@@ -101,8 +101,20 @@ export class OwnerRecord {
 
   /**
    * Deserialize from JSON object.
+   *
+   * Mirrors Rust's `#[serde(deny_unknown_fields)]` derive on
+   * `OwnerRecord` (`owner_record.rs:13-17`) — any field not in
+   * `{xid_document, pet_name}` causes Rust's `serde_json::from_str`
+   * to error with `unknown field`, and we mirror that here so a
+   * registry file produced by a future Rust version with extra
+   * fields is rejected explicitly rather than silently lossy.
    */
   static fromJSON(json: Record<string, unknown>): OwnerRecord {
+    for (const key of Object.keys(json)) {
+      if (key !== "xid_document" && key !== "pet_name") {
+        throw new Error(`unknown field \`${key}\`, expected \`xid_document\` or \`pet_name\``);
+      }
+    }
     const xidDocumentUr = json["xid_document"] as string;
     const petName = json["pet_name"] as string | undefined;
     return OwnerRecord.fromSignedXidUr(xidDocumentUr, petName);

package/src/registry/participant-record.ts

@@ -141,8 +141,21 @@ export class ParticipantRecord {
 
   /**
    * Deserialize from JSON object.
+   *
+   * Mirrors Rust's `#[serde(deny_unknown_fields)]` derive on
+   * `ParticipantRecord` (`participant_record.rs:12-17`) — Rust's
+   * `serde_json::from_str` errors with `unknown field` for any
+   * field outside `{xid_document, pet_name}`. We mirror that
+   * behaviour so a registry file produced by a future Rust
+   * version with extra fields is rejected explicitly rather than
+   * silently lossy.
    */
   static fromJSON(json: Record<string, unknown>): ParticipantRecord {
+    for (const key of Object.keys(json)) {
+      if (key !== "xid_document" && key !== "pet_name") {
+        throw new Error(`unknown field \`${key}\`, expected \`xid_document\` or \`pet_name\``);
+      }
+    }
     const xidDocumentUr = json["xid_document"] as string;
     const petName = json["pet_name"] as string | undefined;
     return ParticipantRecord.recreateFromSerialized(xidDocumentUr, petName);
@@ -167,10 +180,30 @@ function parseSignedXidDocument(xidDocumentUr: string): [string, XIDDocument] {
   try {
     envelope = Envelope.fromTaggedCbor(envelopeCbor);
   } catch {
-    envelope = Envelope.fromUntaggedCbor(envelopeCbor);
+    try {
+      envelope = Envelope.fromUntaggedCbor(envelopeCbor);
+    } catch (e) {
+      throw new Error(
+        `Unable to decode XID document envelope: ${(e as Error).message ?? String(e)}`,
+        {
+          cause: e,
+        },
+      );
+    }
   }
 
-  const document = XIDDocument.fromEnvelope(envelope, undefined, XIDVerifySignature.Inception);
+  // Mirror Rust `participant_record.rs:198-203`'s `.context(...)` wrap:
+  // any failure from `XIDDocument::from_envelope(..., XIDVerifySignature::Inception)`
+  // is surfaced as "XID document must be signed by its inception key: <cause>".
+  let document: XIDDocument;
+  try {
+    document = XIDDocument.fromEnvelope(envelope, undefined, XIDVerifySignature.Inception);
+  } catch (e) {
+    throw new Error(
+      `XID document must be signed by its inception key: ${(e as Error).message ?? String(e)}`,
+      { cause: e },
+    );
+  }
 
   return [sanitized, document];
 }

package/src/registry/registry-impl.ts

@@ -13,7 +13,7 @@
 import * as fs from "node:fs";
 import * as path from "node:path";
 
-import { type ARID, type XID } from "@bcts/components";
+import { type ARID, type PublicKeys, type XID } from "@bcts/components";
 
 import { GroupRecord } from "./group-record.js";
 import { OwnerRecord } from "./owner-record.js";
@@ -140,20 +140,57 @@ export class Registry {
   /**
    * Add a participant.
    *
-   * Returns the outcome indicating whether the participant was already present or newly inserted.
+   * Mirrors Rust `Registry::add_participant`
+   * (`registry_impl.rs:83-124`):
+   *
+   * 1. If `record.pet_name()` is already used by some other XID,
+   *    bail with `"Pet name '{name}' already used by another
+   *    participant"`.
+   * 2. If `record.pet_name()` matches an existing record under the
+   *    *same* XID and the public keys also match, return
+   *    `AlreadyPresent`.
+   * 3. If the pet name matches the same XID but public keys don't,
+   *    bail with `"Participant already exists with a different pet
+   *    name"`.
+   * 4. Otherwise look up by XID. If present and public-keys + pet-name
+   *    both match, return `AlreadyPresent`; if XID is present but
+   *    anything differs, bail. If XID is new, insert and return
+   *    `Inserted`.
+   *
+   * The earlier port short-circuited on `participants.has(xidUr)` and
+   * always returned `AlreadyPresent` — silently allowing re-adds with
+   * a different pet name or different public keys, which Rust
+   * correctly forbids.
    */
   addParticipant(xid: XID, record: ParticipantRecord): AddOutcome {
     const xidUr = xid.urString();
+    const petName = record.petName();
 
-    // Check if already present
-    if (this._participants.has(xidUr)) {
-      return AddOutcome.AlreadyPresent;
+    // Steps 1–3: pet-name conflict resolution.
+    if (petName !== undefined) {
+      for (const [existingXidUr, existingRecord] of this._participants) {
+        if (existingRecord.petName() === petName) {
+          if (existingXidUr !== xidUr) {
+            throw new Error(`Pet name '${petName}' already used by another participant`);
+          }
+          if (publicKeysEqual(existingRecord.publicKeys(), record.publicKeys())) {
+            return AddOutcome.AlreadyPresent;
+          }
+          throw new Error("Participant already exists with a different pet name");
+        }
+      }
     }
 
-    // Check for conflicting pet name
-    const petName = record.petName();
-    if (petName !== undefined && this.petNameExists(petName)) {
-      throw new Error(`Pet name "${petName}" is already used by another participant`);
+    // Step 4: XID lookup.
+    const existing = this._participants.get(xidUr);
+    if (existing !== undefined) {
+      if (
+        publicKeysEqual(existing.publicKeys(), record.publicKeys()) &&
+        existing.petName() === record.petName()
+      ) {
+        return AddOutcome.AlreadyPresent;
+      }
+      throw new Error("Participant already exists with a different pet name");
     }
 
     this._participants.set(xidUr, record);
@@ -287,26 +324,34 @@ export class Registry {
 
   /**
    * Serialize to JSON object.
+   *
+   * Mirrors Rust `Registry`'s field declaration order
+   * (`registry_impl.rs:8-14` — `owner, participants, groups`). JSON
+   * object member order is not semantically significant, but
+   * `serde_json::to_string_pretty` emits keys in declaration order,
+   * so for byte-equal `registry.json` (used by the integration tests
+   * as a string assertion) the TS port must match Rust's order.
+   * Empty `owner` is omitted via `Option::None` skip in Rust; we
+   * reproduce that by only setting the key when the owner exists.
    */
   toJSON(): Record<string, unknown> {
+    const obj: Record<string, unknown> = {};
+
+    if (this._owner !== undefined) {
+      obj["owner"] = this._owner.toJSON();
+    }
+
     const participants: Record<string, unknown> = {};
     for (const [xidUr, record] of this._participants) {
       participants[xidUr] = record.toJSON();
     }
+    obj["participants"] = participants;
 
     const groups: Record<string, unknown> = {};
     for (const [aridHex, record] of this._groups) {
       groups[aridHex] = record.toJSON();
     }
-
-    const obj: Record<string, unknown> = {
-      groups,
-      participants,
-    };
-
-    if (this._owner !== undefined) {
-      obj["owner"] = this._owner.toJSON();
-    }
+    obj["groups"] = groups;
 
     return obj;
   }
@@ -366,3 +411,14 @@ export function resolveRegistryPath(registryArg: string | undefined, cwd: string
   // Otherwise, treat as relative path
   return path.resolve(cwd, registryArg);
 }
+
+/**
+ * Structural equality on `PublicKeys`, mirroring Rust's
+ * `PartialEq::eq` derive (per-component comparison of the signing
+ * and encapsulation public keys).
+ *
+ * @internal
+ */
+function publicKeysEqual(a: PublicKeys, b: PublicKeys): boolean {
+  return a.equals(b);
+}