@bcts/frost-hubert 1.0.0-alpha.23 → 1.0.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (165) hide show
  1. package/README.md +1 -1
  2. package/dist/bin/frost.cjs +344 -72
  3. package/dist/bin/frost.cjs.map +1 -1
  4. package/dist/bin/frost.mjs +344 -71
  5. package/dist/bin/frost.mjs.map +1 -1
  6. package/dist/busy-B_h0bNAJ.cjs +38 -0
  7. package/dist/busy-B_h0bNAJ.cjs.map +1 -0
  8. package/dist/busy-BlU8_pS2.mjs +27 -0
  9. package/dist/busy-BlU8_pS2.mjs.map +1 -0
  10. package/dist/cmd/index.cjs +27 -22
  11. package/dist/cmd/index.d.cts +2 -2
  12. package/dist/cmd/index.d.mts +2 -2
  13. package/dist/cmd/index.mjs +6 -3
  14. package/dist/cmd-CCVhHzG7.cjs +129 -0
  15. package/dist/cmd-CCVhHzG7.cjs.map +1 -0
  16. package/dist/cmd-DNsHd19v.mjs +112 -0
  17. package/dist/cmd-DNsHd19v.mjs.map +1 -0
  18. package/dist/common-7-BOgaTt.cjs +113 -0
  19. package/dist/common-7-BOgaTt.cjs.map +1 -0
  20. package/dist/common-Cf1UvJaP.mjs +282 -0
  21. package/dist/common-Cf1UvJaP.mjs.map +1 -0
  22. package/dist/common-CnvAUC2b.cjs +372 -0
  23. package/dist/common-CnvAUC2b.cjs.map +1 -0
  24. package/dist/common-DNrD_-EI.mjs +96 -0
  25. package/dist/common-DNrD_-EI.mjs.map +1 -0
  26. package/dist/dkg/index.cjs +6 -103
  27. package/dist/dkg/index.cjs.map +1 -1
  28. package/dist/dkg/index.d.cts +2 -2
  29. package/dist/dkg/index.d.mts +2 -2
  30. package/dist/dkg/index.mjs +4 -101
  31. package/dist/dkg/index.mjs.map +1 -1
  32. package/dist/finalize-BpC0rz93.mjs +389 -0
  33. package/dist/finalize-BpC0rz93.mjs.map +1 -0
  34. package/dist/finalize-Cb0obTSo.cjs +402 -0
  35. package/dist/finalize-Cb0obTSo.cjs.map +1 -0
  36. package/dist/finalize-DHEnKobp.cjs +303 -0
  37. package/dist/finalize-DHEnKobp.cjs.map +1 -0
  38. package/dist/finalize-DQ0VGUHO.cjs +265 -0
  39. package/dist/finalize-DQ0VGUHO.cjs.map +1 -0
  40. package/dist/finalize-DtRxHZ7H.mjs +290 -0
  41. package/dist/finalize-DtRxHZ7H.mjs.map +1 -0
  42. package/dist/finalize-T83Ko8nG.mjs +252 -0
  43. package/dist/finalize-T83Ko8nG.mjs.map +1 -0
  44. package/dist/frost/index.cjs +1 -1
  45. package/dist/frost/index.cjs.map +1 -1
  46. package/dist/frost/index.d.cts.map +1 -1
  47. package/dist/frost/index.d.mts.map +1 -1
  48. package/dist/frost/index.mjs +1 -1
  49. package/dist/frost/index.mjs.map +1 -1
  50. package/dist/{index-BJlwbPYu.d.cts → index-BErX9AZF.d.cts} +101 -79
  51. package/dist/index-BErX9AZF.d.cts.map +1 -0
  52. package/dist/{index-BkqLimZT.d.mts → index-BaUVw4b1.d.mts} +25 -2
  53. package/dist/index-BaUVw4b1.d.mts.map +1 -0
  54. package/dist/{index-BMbPgH0W.d.cts → index-CD50Qtgw.d.cts} +46 -2
  55. package/dist/index-CD50Qtgw.d.cts.map +1 -0
  56. package/dist/{index-DoV5HFvV.d.mts → index-CD50Qtgw.d.mts} +46 -2
  57. package/dist/index-CD50Qtgw.d.mts.map +1 -0
  58. package/dist/{index-Dzm1v4_4.d.mts → index-Drklne-Y.d.mts} +101 -79
  59. package/dist/index-Drklne-Y.d.mts.map +1 -0
  60. package/dist/{index-DmxfT59Y.d.cts → index-gkmZzEuD.d.cts} +25 -2
  61. package/dist/index-gkmZzEuD.d.cts.map +1 -0
  62. package/dist/index.cjs +30 -23
  63. package/dist/index.cjs.map +1 -1
  64. package/dist/index.d.cts +4 -4
  65. package/dist/index.d.cts.map +1 -1
  66. package/dist/index.d.mts +4 -4
  67. package/dist/index.d.mts.map +1 -1
  68. package/dist/index.mjs +8 -4
  69. package/dist/index.mjs.map +1 -1
  70. package/dist/invite-1tzg0B0P.cjs +274 -0
  71. package/dist/invite-1tzg0B0P.cjs.map +1 -0
  72. package/dist/invite-BLwtexAu.cjs +109 -0
  73. package/dist/invite-BLwtexAu.cjs.map +1 -0
  74. package/dist/invite-Be2v2SVc.mjs +96 -0
  75. package/dist/invite-Be2v2SVc.mjs.map +1 -0
  76. package/dist/invite-D8mQSnFz.mjs +219 -0
  77. package/dist/invite-D8mQSnFz.mjs.map +1 -0
  78. package/dist/parallel-PZiwHZT8.mjs +235 -0
  79. package/dist/parallel-PZiwHZT8.mjs.map +1 -0
  80. package/dist/parallel-szwYx-bi.cjs +318 -0
  81. package/dist/parallel-szwYx-bi.cjs.map +1 -0
  82. package/dist/proposed-participant-BvHNnpcZ.cjs +140 -0
  83. package/dist/proposed-participant-BvHNnpcZ.cjs.map +1 -0
  84. package/dist/proposed-participant-Detb823_.mjs +129 -0
  85. package/dist/proposed-participant-Detb823_.mjs.map +1 -0
  86. package/dist/receive-BR-knnGv.cjs +213 -0
  87. package/dist/receive-BR-knnGv.cjs.map +1 -0
  88. package/dist/receive-D_r4Mryr.cjs +190 -0
  89. package/dist/receive-D_r4Mryr.cjs.map +1 -0
  90. package/dist/receive-dkSCSGpl.mjs +188 -0
  91. package/dist/receive-dkSCSGpl.mjs.map +1 -0
  92. package/dist/receive-g8EhZF2Y.mjs +177 -0
  93. package/dist/receive-g8EhZF2Y.mjs.map +1 -0
  94. package/dist/registry/index.cjs +86 -11
  95. package/dist/registry/index.cjs.map +1 -1
  96. package/dist/registry/index.d.cts +1 -1
  97. package/dist/registry/index.d.mts +1 -1
  98. package/dist/registry/index.mjs +85 -10
  99. package/dist/registry/index.mjs.map +1 -1
  100. package/dist/{registry-loI1_Mh1.cjs → registry-CkIbA7nt.cjs} +79 -2
  101. package/dist/registry-CkIbA7nt.cjs.map +1 -0
  102. package/dist/{registry-CgrCZ4En.mjs → registry-DGjs4qDK.mjs} +74 -3
  103. package/dist/registry-DGjs4qDK.mjs.map +1 -0
  104. package/dist/round1-9FAqFvL5.cjs +465 -0
  105. package/dist/round1-9FAqFvL5.cjs.map +1 -0
  106. package/dist/round1-B8haiMM8.mjs +208 -0
  107. package/dist/round1-B8haiMM8.mjs.map +1 -0
  108. package/dist/round1-BOIE1E4O.mjs +452 -0
  109. package/dist/round1-BOIE1E4O.mjs.map +1 -0
  110. package/dist/round1-Bq0vweyQ.cjs +422 -0
  111. package/dist/round1-Bq0vweyQ.cjs.map +1 -0
  112. package/dist/round1-CXkXoVQU.cjs +208 -0
  113. package/dist/round1-CXkXoVQU.cjs.map +1 -0
  114. package/dist/round1-D8t7EzIo.mjs +373 -0
  115. package/dist/round1-D8t7EzIo.mjs.map +1 -0
  116. package/dist/round1-DriPu15x.cjs +221 -0
  117. package/dist/round1-DriPu15x.cjs.map +1 -0
  118. package/dist/round1-Y2kcVwnR.mjs +195 -0
  119. package/dist/round1-Y2kcVwnR.mjs.map +1 -0
  120. package/dist/round2-AMDYMUIg.cjs +305 -0
  121. package/dist/round2-AMDYMUIg.cjs.map +1 -0
  122. package/dist/round2-BHQKVJFo.cjs +410 -0
  123. package/dist/round2-BHQKVJFo.cjs.map +1 -0
  124. package/dist/round2-BfetYacV.mjs +450 -0
  125. package/dist/round2-BfetYacV.mjs.map +1 -0
  126. package/dist/round2-Cf5CJc_8.mjs +397 -0
  127. package/dist/round2-Cf5CJc_8.mjs.map +1 -0
  128. package/dist/round2-CvrmylN1.cjs +293 -0
  129. package/dist/round2-CvrmylN1.cjs.map +1 -0
  130. package/dist/round2-Dk_w97nl.cjs +499 -0
  131. package/dist/round2-Dk_w97nl.cjs.map +1 -0
  132. package/dist/round2-Z2JhMwxc.mjs +292 -0
  133. package/dist/round2-Z2JhMwxc.mjs.map +1 -0
  134. package/dist/round2-mF6UlkT-.mjs +280 -0
  135. package/dist/round2-mF6UlkT-.mjs.map +1 -0
  136. package/package.json +14 -14
  137. package/src/bin/frost.ts +849 -128
  138. package/src/cmd/common.ts +19 -1
  139. package/src/cmd/dkg/common.ts +97 -10
  140. package/src/cmd/dkg/coordinator/invite.ts +5 -2
  141. package/src/cmd/dkg/participant/finalize.ts +51 -17
  142. package/src/cmd/dkg/participant/round1.ts +39 -38
  143. package/src/cmd/dkg/participant/round2.ts +60 -26
  144. package/src/cmd/sign/coordinator/round2.ts +5 -1
  145. package/src/cmd/sign/participant/finalize.ts +6 -2
  146. package/src/cmd/sign/participant/receive.ts +5 -2
  147. package/src/dkg/group-invite.ts +12 -2
  148. package/src/dkg/proposed-participant.ts +32 -3
  149. package/src/registry/owner-record.ts +12 -0
  150. package/src/registry/participant-record.ts +35 -2
  151. package/src/registry/registry-impl.ts +74 -18
  152. package/dist/cmd-5yLeC_QL.mjs +0 -4708
  153. package/dist/cmd-5yLeC_QL.mjs.map +0 -1
  154. package/dist/cmd-BfZjC3Uh.cjs +0 -4847
  155. package/dist/cmd-BfZjC3Uh.cjs.map +0 -1
  156. package/dist/index-BJlwbPYu.d.cts.map +0 -1
  157. package/dist/index-BMbPgH0W.d.cts.map +0 -1
  158. package/dist/index-BkqLimZT.d.mts.map +0 -1
  159. package/dist/index-DmxfT59Y.d.cts.map +0 -1
  160. package/dist/index-DoV5HFvV.d.mts.map +0 -1
  161. package/dist/index-Dzm1v4_4.d.mts.map +0 -1
  162. package/dist/registry-CgrCZ4En.mjs.map +0 -1
  163. package/dist/registry-loI1_Mh1.cjs.map +0 -1
  164. /package/dist/{chunk-CZWwpsFl.cjs → chunk-DakpK96I.cjs} +0 -0
  165. /package/dist/{chunk-CjcI7cDX.mjs → chunk-z9aeyW2b.mjs} +0 -0
@@ -0,0 +1,188 @@
1
+ import { t as __exportAll } from "./chunk-z9aeyW2b.mjs";
2
+ import { DkgInvitation } from "./dkg/index.mjs";
3
+ import { Registry, resolveRegistryPath } from "./registry/index.mjs";
4
+ import { a as dkgStateDir, c as parseAridUr, l as parseEnvelopeUr, m as resolveSenderName, u as participantNamesFromRegistry } from "./common-Cf1UvJaP.mjs";
5
+ import { t as getWithIndicator } from "./busy-BlU8_pS2.mjs";
6
+ import { i as createStorageClient } from "./registry-DGjs4qDK.mjs";
7
+ import { ARID, XID } from "@bcts/components";
8
+ import { CborDate } from "@bcts/dcbor";
9
+ import { Function } from "@bcts/envelope";
10
+ import { SealedRequest } from "@bcts/gstp";
11
+ import { XIDDocument, XIDVerifySignature } from "@bcts/xid";
12
+ import * as fs from "node:fs";
13
+ import * as path from "node:path";
14
+ //#region src/cmd/dkg/participant/receive.ts
15
+ /**
16
+ * Copyright © 2023-2026 Blockchain Commons, LLC
17
+ * Copyright © 2025-2026 Parity Technologies
18
+ *
19
+ *
20
+ * DKG participant receive command.
21
+ *
22
+ * Port of cmd/dkg/participant/receive.rs from frost-hubert-rust.
23
+ *
24
+ * @module
25
+ */
26
+ var receive_exports = /* @__PURE__ */ __exportAll({
27
+ decodeInviteDetails: () => decodeInviteDetails,
28
+ receive: () => receive,
29
+ resolveInviteEnvelope: () => resolveInviteEnvelope
30
+ });
31
+ /**
32
+ * Resolve an invite envelope from either storage (ARID) or direct UR.
33
+ *
34
+ * Port of `resolve_invite_envelope()` from cmd/dkg/participant/receive.rs lines 122-152.
35
+ */
36
+ async function resolveInviteEnvelope(selection, invite, timeout) {
37
+ if (selection !== void 0) {
38
+ try {
39
+ const arid = parseAridUr(invite);
40
+ const envelope = await getWithIndicator(await createStorageClient(selection), arid, "Invite", timeout, false);
41
+ if (envelope === null || envelope === void 0) throw new Error("Invite not found in Hubert storage");
42
+ return envelope;
43
+ } catch (e) {
44
+ if (e instanceof Error && e.message.includes("Invite not found in Hubert storage")) throw e;
45
+ }
46
+ if (timeout !== void 0) throw new Error("--timeout is only valid when retrieving invites from Hubert");
47
+ return parseEnvelopeUr(invite);
48
+ }
49
+ try {
50
+ parseAridUr(invite);
51
+ throw new Error("Hubert storage parameters are required to retrieve invites by ARID");
52
+ } catch (e) {
53
+ if (e instanceof Error && e.message.includes("Hubert storage parameters are required")) throw e;
54
+ }
55
+ return parseEnvelopeUr(invite);
56
+ }
57
+ /**
58
+ * Decode and validate invite details from an envelope.
59
+ *
60
+ * Port of `decode_invite_details()` from cmd/dkg/participant/receive.rs lines 154-256.
61
+ */
62
+ function decodeInviteDetails(invite, now, registry, recipient, expectedSender) {
63
+ const recipientPrivateKeys = recipient.inceptionPrivateKeys();
64
+ if (recipientPrivateKeys === void 0) throw new Error("Recipient XID document has no inception private keys");
65
+ const sealedRequest = SealedRequest.tryFromEnvelope(invite, void 0, now, recipientPrivateKeys);
66
+ const senderDocument = sealedRequest.sender();
67
+ if (expectedSender !== void 0) {
68
+ if (senderDocument.xid().urString() !== expectedSender.xid().urString()) throw new Error("Invite sender does not match expected sender");
69
+ } else {
70
+ const senderXid = senderDocument.xid();
71
+ const knownOwner = registry.owner()?.xidDocument().xid().urString() === senderXid.urString();
72
+ const knownParticipant = registry.participant(senderXid) !== void 0;
73
+ if (!knownOwner && !knownParticipant) throw new Error(`Invite sender not found in registry: ${senderXid.urString()}`);
74
+ }
75
+ if (!sealedRequest.request().function().equals(Function.fromString("dkgInvite"))) throw new Error("Unexpected invite function");
76
+ if (sealedRequest.extractObjectForParameter("validUntil") <= now) throw new Error("Invitation expired");
77
+ const minSigners = sealedRequest.extractObjectForParameter("minSigners");
78
+ sealedRequest.extractObjectForParameter("charter");
79
+ sealedRequest.extractObjectForParameter("group");
80
+ const participantObjects = sealedRequest.objectsForParameter("participant");
81
+ if (minSigners < 2) throw new Error("min_signers must be at least 2");
82
+ if (minSigners > participantObjects.length) throw new Error("min_signers exceeds participant count");
83
+ const participantDocs = [];
84
+ let responseArid;
85
+ const recipientXid = recipient.xid();
86
+ for (const participant of participantObjects) {
87
+ const xidDocumentEnvelope = participant.tryUnwrap();
88
+ const xidDocument = XIDDocument.fromEnvelope(xidDocumentEnvelope, void 0, XIDVerifySignature.Inception);
89
+ if (xidDocument.xid().urString() === recipientXid.urString()) responseArid = participant.objectForPredicate("response_arid").decryptToRecipient(recipientPrivateKeys).extractSubject((cbor) => ARID.fromTaggedCbor(cbor));
90
+ participantDocs.push(xidDocument);
91
+ }
92
+ const invitation = DkgInvitation.fromInvite(invite, now, expectedSender, recipient);
93
+ if (responseArid === void 0) throw new Error("Invite does not include a response ARID for this recipient");
94
+ return {
95
+ invitation,
96
+ participants: participantDocs
97
+ };
98
+ }
99
+ /**
100
+ * Resolve a sender XID document from the registry by UR or pet name.
101
+ *
102
+ * Port of `resolve_sender()` usage in receive.rs for expected sender.
103
+ */
104
+ function resolveSenderXidDocument(registry, raw) {
105
+ try {
106
+ const xid = XID.fromURString(raw.trim());
107
+ const record = registry.participant(xid);
108
+ if (record) return record.xidDocument();
109
+ const owner = registry.owner();
110
+ if (owner?.xid().urString() === xid.urString()) return owner.xidDocument();
111
+ throw new Error(`Sender with XID ${xid.urString()} not found in registry`);
112
+ } catch {
113
+ const result = registry.participantByPetName(raw.trim());
114
+ if (result) {
115
+ const [, record] = result;
116
+ return record.xidDocument();
117
+ }
118
+ const owner = registry.owner();
119
+ if (owner?.petName() === raw.trim()) return owner.xidDocument();
120
+ throw new Error(`Sender '${raw}' not found in registry`);
121
+ }
122
+ }
123
+ /**
124
+ * Execute the DKG participant receive command.
125
+ *
126
+ * Fetches and validates a DKG invite from the coordinator.
127
+ *
128
+ * Port of `receive()` from cmd/dkg/participant/receive.rs.
129
+ */
130
+ async function receive(_client, options, cwd) {
131
+ if (options.storageSelection === void 0 && options.timeoutSeconds !== void 0) throw new Error("--timeout requires Hubert storage parameters");
132
+ const registryPath = resolveRegistryPath(options.registryPath, cwd);
133
+ const registry = Registry.load(registryPath);
134
+ const owner = registry.owner();
135
+ if (!owner) throw new Error("Registry owner with private keys is required");
136
+ const expectedSender = options.sender ? resolveSenderXidDocument(registry, options.sender) : void 0;
137
+ const inviteEnvelope = await resolveInviteEnvelope(options.storageSelection, options.invite, options.timeoutSeconds);
138
+ const details = decodeInviteDetails(inviteEnvelope, CborDate.now().datetime(), registry, owner.xidDocument(), expectedSender);
139
+ const participantNames = participantNamesFromRegistry(registry, details.participants, owner.xid(), owner.petName());
140
+ const coordinatorName = resolveSenderName(registry, details.invitation.sender());
141
+ const stateDir = dkgStateDir(registryPath, details.invitation.groupId().hex());
142
+ fs.mkdirSync(stateDir, { recursive: true });
143
+ const validUntilStr = details.invitation.validUntil().toString();
144
+ const receiveState = {
145
+ group: details.invitation.groupId().urString(),
146
+ request_id: details.invitation.requestId().urString(),
147
+ response_arid: details.invitation.responseArid().urString(),
148
+ valid_until: validUntilStr,
149
+ min_signers: details.invitation.minSigners(),
150
+ charter: details.invitation.charter(),
151
+ sender: details.invitation.sender().xid().urString()
152
+ };
153
+ fs.writeFileSync(path.join(stateDir, "receive.json"), JSON.stringify(receiveState, null, 2));
154
+ let envelopeUr;
155
+ if (options.noEnvelope !== true) {
156
+ envelopeUr = inviteEnvelope.urString();
157
+ console.log(envelopeUr);
158
+ }
159
+ if (options.info === true) {
160
+ console.error(`Charter: ${details.invitation.charter()}`);
161
+ console.error(`Min signers: ${details.invitation.minSigners()}`);
162
+ if (coordinatorName !== void 0) console.error(`Coordinator: ${coordinatorName}`);
163
+ console.error(`Participants: ${participantNames.join(", ")}`);
164
+ }
165
+ if (options.verbose === true) {
166
+ console.log(`Group ID: ${details.invitation.groupId().urString()}`);
167
+ console.log(`Min signers: ${details.invitation.minSigners()}`);
168
+ console.log(`Charter: ${details.invitation.charter()}`);
169
+ console.log(`Valid until: ${String(details.invitation.validUntil())}`);
170
+ console.log(`Response ARID: ${details.invitation.responseArid().urString()}`);
171
+ }
172
+ const resultValidUntilStr = details.invitation.validUntil().toString();
173
+ return {
174
+ groupId: details.invitation.groupId().urString(),
175
+ requestId: details.invitation.requestId().urString(),
176
+ minSigners: details.invitation.minSigners(),
177
+ charter: details.invitation.charter(),
178
+ validUntil: resultValidUntilStr,
179
+ responseArid: details.invitation.responseArid().urString(),
180
+ envelopeUr,
181
+ coordinatorName,
182
+ participantNames
183
+ };
184
+ }
185
+ //#endregion
186
+ export { resolveInviteEnvelope as i, receive as n, receive_exports as r, decodeInviteDetails as t };
187
+
188
+ //# sourceMappingURL=receive-dkSCSGpl.mjs.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"receive-dkSCSGpl.mjs","names":["EnvelopeFunction"],"sources":["../src/cmd/dkg/participant/receive.ts"],"sourcesContent":["/**\n * Copyright © 2023-2026 Blockchain Commons, LLC\n * Copyright © 2025-2026 Parity Technologies\n *\n *\n * DKG participant receive command.\n *\n * Port of cmd/dkg/participant/receive.rs from frost-hubert-rust.\n *\n * @module\n */\n\nimport * as fs from \"node:fs\";\nimport * as path from \"node:path\";\n\nimport { ARID, XID } from \"@bcts/components\";\nimport { CborDate } from \"@bcts/dcbor\";\nimport { type Envelope, Function as EnvelopeFunction } from \"@bcts/envelope\";\nimport { SealedRequest } from \"@bcts/gstp\";\nimport { XIDDocument, XIDVerifySignature } from \"@bcts/xid\";\n\nimport { DkgInvitation } from \"../../../dkg/index.js\";\nimport { Registry, resolveRegistryPath } from \"../../../registry/index.js\";\nimport { getWithIndicator } from \"../../busy.js\";\nimport { createStorageClient, type StorageClient, type StorageSelection } from \"../../storage.js\";\nimport {\n dkgStateDir,\n parseAridUr,\n parseEnvelopeUr,\n participantNamesFromRegistry,\n resolveSenderName,\n} from \"../common.js\";\n\n/**\n * Options for the DKG receive command.\n */\nexport interface DkgReceiveOptions {\n registryPath?: string;\n timeoutSeconds?: number;\n noEnvelope?: boolean;\n info?: boolean;\n sender?: string;\n invite: string;\n storageSelection?: StorageSelection;\n verbose?: boolean;\n}\n\n/**\n * Result of the DKG receive command.\n */\nexport interface DkgReceiveResult {\n groupId: string;\n requestId: string;\n minSigners: number;\n charter: string;\n validUntil: string;\n responseArid: string;\n envelopeUr?: string | undefined;\n coordinatorName?: string | undefined;\n participantNames?: string[] | undefined;\n}\n\n/**\n * Details extracted from a DKG invite.\n *\n * Port of `struct InviteDetails` from cmd/dkg/participant/receive.rs lines 117-120.\n */\nexport interface InviteDetails {\n invitation: DkgInvitation;\n participants: XIDDocument[];\n}\n\n/**\n * Resolve an invite envelope from either storage (ARID) or direct UR.\n *\n * Port of `resolve_invite_envelope()` from cmd/dkg/participant/receive.rs lines 122-152.\n */\nexport async function resolveInviteEnvelope(\n selection: StorageSelection | undefined,\n invite: string,\n timeout?: number,\n): Promise<Envelope> {\n if (selection !== undefined) {\n // Try to parse as ARID\n try {\n const arid = parseAridUr(invite);\n const client = await createStorageClient(selection);\n const envelope = await getWithIndicator(client, arid, \"Invite\", timeout, false);\n if (envelope === null || envelope === undefined) {\n throw new Error(\"Invite not found in Hubert storage\");\n }\n return envelope;\n } catch (e) {\n // Not an ARID, fall through to envelope parsing\n if (e instanceof Error && e.message.includes(\"Invite not found in Hubert storage\")) {\n throw e;\n }\n }\n\n if (timeout !== undefined) {\n throw new Error(\"--timeout is only valid when retrieving invites from Hubert\");\n }\n\n return parseEnvelopeUr(invite);\n }\n\n // No storage selection\n try {\n parseAridUr(invite);\n throw new Error(\"Hubert storage parameters are required to retrieve invites by ARID\");\n } catch (e) {\n // Not an ARID, parse as envelope\n if (e instanceof Error && e.message.includes(\"Hubert storage parameters are required\")) {\n throw e;\n }\n }\n\n return parseEnvelopeUr(invite);\n}\n\n/**\n * Decode and validate invite details from an envelope.\n *\n * Port of `decode_invite_details()` from cmd/dkg/participant/receive.rs lines 154-256.\n */\nexport function decodeInviteDetails(\n invite: Envelope,\n now: Date,\n registry: Registry,\n recipient: XIDDocument,\n expectedSender?: XIDDocument,\n): InviteDetails {\n const recipientPrivateKeys = recipient.inceptionPrivateKeys();\n\n if (recipientPrivateKeys === undefined) {\n throw new Error(\"Recipient XID document has no inception private keys\");\n }\n\n const sealedRequest = SealedRequest.tryFromEnvelope(invite, undefined, now, recipientPrivateKeys);\n\n const senderDocument = sealedRequest.sender();\n if (expectedSender !== undefined) {\n if (senderDocument.xid().urString() !== expectedSender.xid().urString()) {\n throw new Error(\"Invite sender does not match expected sender\");\n }\n } else {\n const senderXid = senderDocument.xid();\n const owner = registry.owner();\n const knownOwner = owner?.xidDocument().xid().urString() === senderXid.urString();\n const knownParticipant = registry.participant(senderXid) !== undefined;\n\n if (!knownOwner && !knownParticipant) {\n throw new Error(`Invite sender not found in registry: ${senderXid.urString()}`);\n }\n }\n\n if (!sealedRequest.request().function().equals(EnvelopeFunction.fromString(\"dkgInvite\"))) {\n throw new Error(\"Unexpected invite function\");\n }\n\n const validUntil = sealedRequest.extractObjectForParameter<Date>(\"validUntil\");\n if (validUntil <= now) {\n throw new Error(\"Invitation expired\");\n }\n\n const minSigners = sealedRequest.extractObjectForParameter<number>(\"minSigners\");\n sealedRequest.extractObjectForParameter<string>(\"charter\");\n sealedRequest.extractObjectForParameter<ARID>(\"group\");\n const participantObjects = sealedRequest.objectsForParameter(\"participant\");\n\n if (minSigners < 2) {\n throw new Error(\"min_signers must be at least 2\");\n }\n\n if (minSigners > participantObjects.length) {\n throw new Error(\"min_signers exceeds participant count\");\n }\n\n const participantDocs: XIDDocument[] = [];\n let responseArid: ARID | undefined;\n const recipientXid = recipient.xid();\n\n for (const participant of participantObjects) {\n const xidDocumentEnvelope = participant.tryUnwrap();\n const xidDocument = XIDDocument.fromEnvelope(\n xidDocumentEnvelope,\n undefined,\n XIDVerifySignature.Inception,\n );\n\n if (xidDocument.xid().urString() === recipientXid.urString()) {\n const encryptedResponseArid = participant.objectForPredicate(\"response_arid\");\n const responseAridEnvelope = encryptedResponseArid.decryptToRecipient(recipientPrivateKeys);\n responseArid = responseAridEnvelope.extractSubject((cbor) => ARID.fromTaggedCbor(cbor));\n }\n\n participantDocs.push(xidDocument);\n }\n\n const invitation = DkgInvitation.fromInvite(invite, now, expectedSender, recipient);\n\n if (responseArid === undefined) {\n throw new Error(\"Invite does not include a response ARID for this recipient\");\n }\n\n return { invitation, participants: participantDocs };\n}\n\n/**\n * Resolve a sender XID document from the registry by UR or pet name.\n *\n * Port of `resolve_sender()` usage in receive.rs for expected sender.\n */\nfunction resolveSenderXidDocument(registry: Registry, raw: string): XIDDocument {\n // Try parsing as XID UR first\n try {\n const xid = XID.fromURString(raw.trim());\n const record = registry.participant(xid);\n if (record) {\n return record.xidDocument();\n }\n const owner = registry.owner();\n if (owner?.xid().urString() === xid.urString()) {\n return owner.xidDocument();\n }\n throw new Error(`Sender with XID ${xid.urString()} not found in registry`);\n } catch {\n // Try looking up by pet name\n const result = registry.participantByPetName(raw.trim());\n if (result) {\n const [, record] = result;\n return record.xidDocument();\n }\n const owner = registry.owner();\n if (owner?.petName() === raw.trim()) {\n return owner.xidDocument();\n }\n throw new Error(`Sender '${raw}' not found in registry`);\n }\n}\n\n/**\n * Execute the DKG participant receive command.\n *\n * Fetches and validates a DKG invite from the coordinator.\n *\n * Port of `receive()` from cmd/dkg/participant/receive.rs.\n */\nexport async function receive(\n _client: StorageClient | undefined,\n options: DkgReceiveOptions,\n cwd: string,\n): Promise<DkgReceiveResult> {\n if (options.storageSelection === undefined && options.timeoutSeconds !== undefined) {\n throw new Error(\"--timeout requires Hubert storage parameters\");\n }\n\n const registryPath = resolveRegistryPath(options.registryPath, cwd);\n const registry = Registry.load(registryPath);\n\n const owner = registry.owner();\n if (!owner) {\n throw new Error(\"Registry owner with private keys is required\");\n }\n\n const expectedSender = options.sender\n ? resolveSenderXidDocument(registry, options.sender)\n : undefined;\n\n const inviteEnvelope = await resolveInviteEnvelope(\n options.storageSelection,\n options.invite,\n options.timeoutSeconds,\n );\n\n const now = CborDate.now().datetime();\n const details = decodeInviteDetails(\n inviteEnvelope,\n now,\n registry,\n owner.xidDocument(),\n expectedSender,\n );\n\n const participantNames = participantNamesFromRegistry(\n registry,\n details.participants,\n owner.xid(),\n owner.petName(),\n );\n\n const coordinatorName = resolveSenderName(registry, details.invitation.sender());\n\n // Save receive state\n const stateDir = dkgStateDir(registryPath, details.invitation.groupId().hex());\n fs.mkdirSync(stateDir, { recursive: true });\n\n const validUntilStr: string = (\n details.invitation.validUntil() as { toString(): string }\n ).toString();\n const receiveState = {\n group: details.invitation.groupId().urString(),\n request_id: details.invitation.requestId().urString(),\n response_arid: details.invitation.responseArid().urString(),\n valid_until: validUntilStr,\n min_signers: details.invitation.minSigners(),\n charter: details.invitation.charter(),\n sender: details.invitation.sender().xid().urString(),\n };\n\n fs.writeFileSync(path.join(stateDir, \"receive.json\"), JSON.stringify(receiveState, null, 2));\n\n // Output based on options\n let envelopeUr: string | undefined;\n if (options.noEnvelope !== true) {\n envelopeUr = inviteEnvelope.urString();\n console.log(envelopeUr);\n }\n\n if (options.info === true) {\n console.error(`Charter: ${details.invitation.charter()}`);\n console.error(`Min signers: ${details.invitation.minSigners()}`);\n if (coordinatorName !== undefined) {\n console.error(`Coordinator: ${coordinatorName}`);\n }\n console.error(`Participants: ${participantNames.join(\", \")}`);\n }\n\n if (options.verbose === true) {\n console.log(`Group ID: ${details.invitation.groupId().urString()}`);\n console.log(`Min signers: ${details.invitation.minSigners()}`);\n console.log(`Charter: ${details.invitation.charter()}`);\n console.log(`Valid until: ${String(details.invitation.validUntil())}`);\n console.log(`Response ARID: ${details.invitation.responseArid().urString()}`);\n }\n\n const resultValidUntilStr: string = (\n details.invitation.validUntil() as { toString(): string }\n ).toString();\n\n return {\n groupId: details.invitation.groupId().urString(),\n requestId: details.invitation.requestId().urString(),\n minSigners: details.invitation.minSigners(),\n charter: details.invitation.charter(),\n validUntil: resultValidUntilStr,\n responseArid: details.invitation.responseArid().urString(),\n envelopeUr,\n coordinatorName,\n participantNames,\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6EA,eAAsB,sBACpB,WACA,QACA,SACmB;CACnB,IAAI,cAAc,KAAA,GAAW;EAE3B,IAAI;GACF,MAAM,OAAO,YAAY,MAAM;GAE/B,MAAM,WAAW,MAAM,iBAAiB,MADnB,oBAAoB,SAAS,GACF,MAAM,UAAU,SAAS,KAAK;GAC9E,IAAI,aAAa,QAAQ,aAAa,KAAA,GACpC,MAAM,IAAI,MAAM,oCAAoC;GAEtD,OAAO;EACT,SAAS,GAAG;GAEV,IAAI,aAAa,SAAS,EAAE,QAAQ,SAAS,oCAAoC,GAC/E,MAAM;EAEV;EAEA,IAAI,YAAY,KAAA,GACd,MAAM,IAAI,MAAM,6DAA6D;EAG/E,OAAO,gBAAgB,MAAM;CAC/B;CAGA,IAAI;EACF,YAAY,MAAM;EAClB,MAAM,IAAI,MAAM,oEAAoE;CACtF,SAAS,GAAG;EAEV,IAAI,aAAa,SAAS,EAAE,QAAQ,SAAS,wCAAwC,GACnF,MAAM;CAEV;CAEA,OAAO,gBAAgB,MAAM;AAC/B;;;;;;AAOA,SAAgB,oBACd,QACA,KACA,UACA,WACA,gBACe;CACf,MAAM,uBAAuB,UAAU,qBAAqB;CAE5D,IAAI,yBAAyB,KAAA,GAC3B,MAAM,IAAI,MAAM,sDAAsD;CAGxE,MAAM,gBAAgB,cAAc,gBAAgB,QAAQ,KAAA,GAAW,KAAK,oBAAoB;CAEhG,MAAM,iBAAiB,cAAc,OAAO;CAC5C,IAAI,mBAAmB,KAAA;MACjB,eAAe,IAAI,EAAE,SAAS,MAAM,eAAe,IAAI,EAAE,SAAS,GACpE,MAAM,IAAI,MAAM,8CAA8C;CAAA,OAE3D;EACL,MAAM,YAAY,eAAe,IAAI;EAErC,MAAM,aADQ,SAAS,MACA,GAAG,YAAY,EAAE,IAAI,EAAE,SAAS,MAAM,UAAU,SAAS;EAChF,MAAM,mBAAmB,SAAS,YAAY,SAAS,MAAM,KAAA;EAE7D,IAAI,CAAC,cAAc,CAAC,kBAClB,MAAM,IAAI,MAAM,wCAAwC,UAAU,SAAS,GAAG;CAElF;CAEA,IAAI,CAAC,cAAc,QAAQ,EAAE,SAAS,EAAE,OAAOA,SAAiB,WAAW,WAAW,CAAC,GACrF,MAAM,IAAI,MAAM,4BAA4B;CAI9C,IADmB,cAAc,0BAAgC,YACpD,KAAK,KAChB,MAAM,IAAI,MAAM,oBAAoB;CAGtC,MAAM,aAAa,cAAc,0BAAkC,YAAY;CAC/E,cAAc,0BAAkC,SAAS;CACzD,cAAc,0BAAgC,OAAO;CACrD,MAAM,qBAAqB,cAAc,oBAAoB,aAAa;CAE1E,IAAI,aAAa,GACf,MAAM,IAAI,MAAM,gCAAgC;CAGlD,IAAI,aAAa,mBAAmB,QAClC,MAAM,IAAI,MAAM,uCAAuC;CAGzD,MAAM,kBAAiC,CAAC;CACxC,IAAI;CACJ,MAAM,eAAe,UAAU,IAAI;CAEnC,KAAK,MAAM,eAAe,oBAAoB;EAC5C,MAAM,sBAAsB,YAAY,UAAU;EAClD,MAAM,cAAc,YAAY,aAC9B,qBACA,KAAA,GACA,mBAAmB,SACrB;EAEA,IAAI,YAAY,IAAI,EAAE,SAAS,MAAM,aAAa,SAAS,GAGzD,eAF8B,YAAY,mBAAmB,eACZ,EAAE,mBAAmB,oBACpC,EAAE,gBAAgB,SAAS,KAAK,eAAe,IAAI,CAAC;EAGxF,gBAAgB,KAAK,WAAW;CAClC;CAEA,MAAM,aAAa,cAAc,WAAW,QAAQ,KAAK,gBAAgB,SAAS;CAElF,IAAI,iBAAiB,KAAA,GACnB,MAAM,IAAI,MAAM,4DAA4D;CAG9E,OAAO;EAAE;EAAY,cAAc;CAAgB;AACrD;;;;;;AAOA,SAAS,yBAAyB,UAAoB,KAA0B;CAE9E,IAAI;EACF,MAAM,MAAM,IAAI,aAAa,IAAI,KAAK,CAAC;EACvC,MAAM,SAAS,SAAS,YAAY,GAAG;EACvC,IAAI,QACF,OAAO,OAAO,YAAY;EAE5B,MAAM,QAAQ,SAAS,MAAM;EAC7B,IAAI,OAAO,IAAI,EAAE,SAAS,MAAM,IAAI,SAAS,GAC3C,OAAO,MAAM,YAAY;EAE3B,MAAM,IAAI,MAAM,mBAAmB,IAAI,SAAS,EAAE,uBAAuB;CAC3E,QAAQ;EAEN,MAAM,SAAS,SAAS,qBAAqB,IAAI,KAAK,CAAC;EACvD,IAAI,QAAQ;GACV,MAAM,GAAG,UAAU;GACnB,OAAO,OAAO,YAAY;EAC5B;EACA,MAAM,QAAQ,SAAS,MAAM;EAC7B,IAAI,OAAO,QAAQ,MAAM,IAAI,KAAK,GAChC,OAAO,MAAM,YAAY;EAE3B,MAAM,IAAI,MAAM,WAAW,IAAI,wBAAwB;CACzD;AACF;;;;;;;;AASA,eAAsB,QACpB,SACA,SACA,KAC2B;CAC3B,IAAI,QAAQ,qBAAqB,KAAA,KAAa,QAAQ,mBAAmB,KAAA,GACvE,MAAM,IAAI,MAAM,8CAA8C;CAGhE,MAAM,eAAe,oBAAoB,QAAQ,cAAc,GAAG;CAClE,MAAM,WAAW,SAAS,KAAK,YAAY;CAE3C,MAAM,QAAQ,SAAS,MAAM;CAC7B,IAAI,CAAC,OACH,MAAM,IAAI,MAAM,8CAA8C;CAGhE,MAAM,iBAAiB,QAAQ,SAC3B,yBAAyB,UAAU,QAAQ,MAAM,IACjD,KAAA;CAEJ,MAAM,iBAAiB,MAAM,sBAC3B,QAAQ,kBACR,QAAQ,QACR,QAAQ,cACV;CAGA,MAAM,UAAU,oBACd,gBAFU,SAAS,IAAI,EAAE,SAGvB,GACF,UACA,MAAM,YAAY,GAClB,cACF;CAEA,MAAM,mBAAmB,6BACvB,UACA,QAAQ,cACR,MAAM,IAAI,GACV,MAAM,QAAQ,CAChB;CAEA,MAAM,kBAAkB,kBAAkB,UAAU,QAAQ,WAAW,OAAO,CAAC;CAG/E,MAAM,WAAW,YAAY,cAAc,QAAQ,WAAW,QAAQ,EAAE,IAAI,CAAC;CAC7E,GAAG,UAAU,UAAU,EAAE,WAAW,KAAK,CAAC;CAE1C,MAAM,gBACJ,QAAQ,WAAW,WAAW,EAC9B,SAAS;CACX,MAAM,eAAe;EACnB,OAAO,QAAQ,WAAW,QAAQ,EAAE,SAAS;EAC7C,YAAY,QAAQ,WAAW,UAAU,EAAE,SAAS;EACpD,eAAe,QAAQ,WAAW,aAAa,EAAE,SAAS;EAC1D,aAAa;EACb,aAAa,QAAQ,WAAW,WAAW;EAC3C,SAAS,QAAQ,WAAW,QAAQ;EACpC,QAAQ,QAAQ,WAAW,OAAO,EAAE,IAAI,EAAE,SAAS;CACrD;CAEA,GAAG,cAAc,KAAK,KAAK,UAAU,cAAc,GAAG,KAAK,UAAU,cAAc,MAAM,CAAC,CAAC;CAG3F,IAAI;CACJ,IAAI,QAAQ,eAAe,MAAM;EAC/B,aAAa,eAAe,SAAS;EACrC,QAAQ,IAAI,UAAU;CACxB;CAEA,IAAI,QAAQ,SAAS,MAAM;EACzB,QAAQ,MAAM,YAAY,QAAQ,WAAW,QAAQ,GAAG;EACxD,QAAQ,MAAM,gBAAgB,QAAQ,WAAW,WAAW,GAAG;EAC/D,IAAI,oBAAoB,KAAA,GACtB,QAAQ,MAAM,gBAAgB,iBAAiB;EAEjD,QAAQ,MAAM,iBAAiB,iBAAiB,KAAK,IAAI,GAAG;CAC9D;CAEA,IAAI,QAAQ,YAAY,MAAM;EAC5B,QAAQ,IAAI,aAAa,QAAQ,WAAW,QAAQ,EAAE,SAAS,GAAG;EAClE,QAAQ,IAAI,gBAAgB,QAAQ,WAAW,WAAW,GAAG;EAC7D,QAAQ,IAAI,YAAY,QAAQ,WAAW,QAAQ,GAAG;EACtD,QAAQ,IAAI,gBAAgB,OAAO,QAAQ,WAAW,WAAW,CAAC,GAAG;EACrE,QAAQ,IAAI,kBAAkB,QAAQ,WAAW,aAAa,EAAE,SAAS,GAAG;CAC9E;CAEA,MAAM,sBACJ,QAAQ,WAAW,WAAW,EAC9B,SAAS;CAEX,OAAO;EACL,SAAS,QAAQ,WAAW,QAAQ,EAAE,SAAS;EAC/C,WAAW,QAAQ,WAAW,UAAU,EAAE,SAAS;EACnD,YAAY,QAAQ,WAAW,WAAW;EAC1C,SAAS,QAAQ,WAAW,QAAQ;EACpC,YAAY;EACZ,cAAc,QAAQ,WAAW,aAAa,EAAE,SAAS;EACzD;EACA;EACA;CACF;AACF"}
@@ -0,0 +1,177 @@
1
+ import { n as __require, t as __exportAll } from "./chunk-z9aeyW2b.mjs";
2
+ import { n as compareXidBytes } from "./proposed-participant-Detb823_.mjs";
3
+ import { Registry, resolveRegistryPath } from "./registry/index.mjs";
4
+ import { c as parseAridUr, l as parseEnvelopeUr, o as formatNameWithOwnerMarker } from "./common-Cf1UvJaP.mjs";
5
+ import { t as getWithIndicator } from "./busy-BlU8_pS2.mjs";
6
+ import { n as signingStateDir } from "./common-DNrD_-EI.mjs";
7
+ import { CborDate } from "@bcts/dcbor";
8
+ import * as fs from "node:fs";
9
+ import * as path from "node:path";
10
+ //#region src/cmd/sign/participant/receive.ts
11
+ /**
12
+ * Copyright © 2023-2026 Blockchain Commons, LLC
13
+ * Copyright © 2025-2026 Parity Technologies
14
+ *
15
+ *
16
+ * Sign participant receive command.
17
+ *
18
+ * Port of cmd/sign/participant/receive.rs from frost-hubert-rust.
19
+ *
20
+ * @module
21
+ */
22
+ var receive_exports = /* @__PURE__ */ __exportAll({ receive: () => receive });
23
+ /**
24
+ * Resolve sender from XID UR or pet name in registry.
25
+ *
26
+ * Port of `resolve_sender()` from cmd/dkg/common.rs lines 76-94.
27
+ */
28
+ function resolveSenderFromInput(registry, input) {
29
+ const trimmed = input.trim();
30
+ if (trimmed === "") throw new Error("Sender is required");
31
+ try {
32
+ const { XID: XIDClass } = __require("@bcts/components");
33
+ const xid = XIDClass.fromURString(trimmed);
34
+ const record = registry.participant(xid);
35
+ if (!record) throw new Error(`Sender with XID ${xid.urString()} not found`);
36
+ return record.xidDocument();
37
+ } catch {
38
+ const result = registry.participantByPetName(trimmed);
39
+ if (!result) throw new Error(`Sender with pet name '${trimmed}' not found`);
40
+ return result[1].xidDocument();
41
+ }
42
+ }
43
+ /**
44
+ * Resolve sign invite from ARID or envelope UR.
45
+ *
46
+ * Port of `resolve_sign_request()` from cmd/sign/participant/receive.rs lines 250-284.
47
+ */
48
+ async function resolveSignInviteEnvelope(client, selection, request, timeout) {
49
+ if (selection !== void 0 && client !== void 0) {
50
+ try {
51
+ const envelope = await getWithIndicator(client, parseAridUr(request), "Sign invite", timeout, false);
52
+ if (envelope === void 0 || envelope === null) throw new Error("signInvite request not found in Hubert storage");
53
+ return envelope;
54
+ } catch {}
55
+ if (timeout !== void 0) throw new Error("--timeout is only valid when retrieving requests from Hubert");
56
+ return parseEnvelopeUr(request);
57
+ }
58
+ try {
59
+ parseAridUr(request);
60
+ throw new Error("Hubert storage parameters are required to retrieve requests by ARID");
61
+ } catch (e) {
62
+ if (e instanceof Error && e.message.includes("Hubert storage parameters")) throw e;
63
+ }
64
+ return parseEnvelopeUr(request);
65
+ }
66
+ /**
67
+ * Get display name for sender from registry.
68
+ *
69
+ * Port of `resolve_sender_name()` from cmd/dkg/common.rs lines 96-116.
70
+ */
71
+ function resolveSenderName(registry, senderXid) {
72
+ const owner = registry.owner();
73
+ if (owner?.xid().urString() === senderXid.urString()) return formatNameWithOwnerMarker(owner.petName() ?? senderXid.urString(), true);
74
+ const record = registry.participant(senderXid);
75
+ if (record) return formatNameWithOwnerMarker(record.petName() ?? record.xid().urString(), false);
76
+ }
77
+ /**
78
+ * Format participant names with owner marker.
79
+ *
80
+ * Port of `format_participant_names()` from cmd/sign/participant/receive.rs lines 286-309.
81
+ */
82
+ function formatParticipantNames(registry, participants, owner) {
83
+ return participants.map((xid) => {
84
+ const isOwner = xid.urString() === owner.xid().urString();
85
+ let name;
86
+ if (isOwner) name = owner.petName() ?? xid.urString();
87
+ else name = registry.participant(xid)?.petName() ?? xid.urString();
88
+ return formatNameWithOwnerMarker(name, isOwner);
89
+ });
90
+ }
91
+ /**
92
+ * Execute the sign participant receive command.
93
+ *
94
+ * Fetches and validates a sign invite from the coordinator.
95
+ *
96
+ * Port of `CommandArgs::exec()` from cmd/sign/participant/receive.rs lines 56-247.
97
+ */
98
+ async function receive(client, selection, options, cwd) {
99
+ if (selection === void 0 && options.timeoutSeconds !== void 0) throw new Error("--timeout requires Hubert storage parameters");
100
+ const registryPath = resolveRegistryPath(options.registryPath, cwd);
101
+ const registry = Registry.load(registryPath);
102
+ const owner = registry.owner();
103
+ if (!owner) throw new Error("Registry owner with private keys is required");
104
+ let expectedSender;
105
+ if (options.sender !== void 0 && options.sender !== "") expectedSender = resolveSenderFromInput(registry, options.sender);
106
+ const envelope = await resolveSignInviteEnvelope(client, selection, options.request, options.timeoutSeconds);
107
+ const now = CborDate.now();
108
+ const recipientKeys = owner.xidDocument().inceptionPrivateKeys();
109
+ if (recipientKeys === null || recipientKeys === void 0) throw new Error("Owner XID document has no inception private keys");
110
+ const { SealedRequest: SealedRequestClass } = __require("@bcts/gstp");
111
+ const sealedRequest = SealedRequestClass.tryFromEnvelope(envelope, void 0, now, recipientKeys);
112
+ const senderXid = sealedRequest.sender().xid();
113
+ if (expectedSender !== void 0) {
114
+ if (senderXid.urString() !== expectedSender.xid().urString()) throw new Error(`Request sender does not match expected sender (got ${senderXid.urString()}, expected ${expectedSender.xid().urString()})`);
115
+ } else {
116
+ const knownOwner = owner.xid().urString() === senderXid.urString();
117
+ const knownParticipant = registry.participant(senderXid) !== void 0;
118
+ if (!knownOwner && !knownParticipant) throw new Error(`Request sender not found in registry: ${senderXid.urString()}`);
119
+ }
120
+ const { Function: FunctionClass } = __require("@bcts/envelope");
121
+ const requestFunction = sealedRequest.function();
122
+ const expectedFunction = FunctionClass.from("signInvite");
123
+ if (!(requestFunction.equals !== void 0 ? requestFunction.equals(expectedFunction) : String(requestFunction) === String(expectedFunction))) throw new Error(`Unexpected request function: ${String(requestFunction)}`);
124
+ if (sealedRequest.extractObjectForParameter("validUntil") <= now) throw new Error("signInvite request has expired");
125
+ const groupId = sealedRequest.extractObjectForParameter("group");
126
+ const sessionId = sealedRequest.extractObjectForParameter("session");
127
+ const minSigners = Number(sealedRequest.extractObjectForParameter("minSigners"));
128
+ const participantEntries = sealedRequest.objectsForParameter("participant");
129
+ const participants = [];
130
+ let responseArid;
131
+ for (const entry of participantEntries) {
132
+ const xid = entry.extractSubject();
133
+ if (xid.urString() === owner.xid().urString()) responseArid = entry.objectForPredicate("response_arid").decryptToRecipient(recipientKeys).extractSubject();
134
+ participants.push(xid);
135
+ }
136
+ if (participants.length === 0) throw new Error("signInvite request contains no participants");
137
+ if (minSigners < 2) throw new Error("minSigners must be at least 2");
138
+ if (minSigners > participants.length) throw new Error("minSigners exceeds participant count");
139
+ if (!participants.some((p) => p.urString() === owner.xid().urString())) throw new Error("signInvite request does not include this participant");
140
+ if (responseArid === void 0) throw new Error("signInvite request missing response ARID");
141
+ participants.sort((a, b) => compareXidBytes(a.toData(), b.toData()));
142
+ const targetEnvelope = sealedRequest.objectForParameter("target");
143
+ const coordinatorName = resolveSenderName(registry, senderXid) ?? senderXid.urString();
144
+ const participantNames = formatParticipantNames(registry, participants, owner);
145
+ console.log(`Group: ${groupId.urString()}`);
146
+ console.log(`Coordinator: ${coordinatorName}`);
147
+ console.log(`Min signers: ${minSigners}`);
148
+ console.log(`Participants: ${participantNames.join(", ")}`);
149
+ console.log("Target:");
150
+ console.log(targetEnvelope.format());
151
+ console.log(sessionId.urString());
152
+ const stateDir = signingStateDir(registryPath, groupId.hex(), sessionId.hex());
153
+ fs.mkdirSync(stateDir, { recursive: true });
154
+ const root = {
155
+ request_envelope: envelope.urString(),
156
+ group: groupId.urString(),
157
+ session: sessionId.urString(),
158
+ coordinator: senderXid.urString(),
159
+ min_signers: minSigners,
160
+ response_arid: responseArid.urString(),
161
+ participants: participants.map((xid) => xid.urString()),
162
+ target: targetEnvelope.urString()
163
+ };
164
+ fs.writeFileSync(path.join(stateDir, "sign_receive.json"), JSON.stringify(root, null, 2));
165
+ return {
166
+ sessionId: sessionId.urString(),
167
+ groupId: groupId.urString(),
168
+ targetUr: targetEnvelope.urString(),
169
+ coordinatorName,
170
+ minSigners,
171
+ participantNames
172
+ };
173
+ }
174
+ //#endregion
175
+ export { receive_exports as n, receive as t };
176
+
177
+ //# sourceMappingURL=receive-g8EhZF2Y.mjs.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"receive-g8EhZF2Y.mjs","names":[],"sources":["../src/cmd/sign/participant/receive.ts"],"sourcesContent":["/**\n * Copyright © 2023-2026 Blockchain Commons, LLC\n * Copyright © 2025-2026 Parity Technologies\n *\n *\n * Sign participant receive command.\n *\n * Port of cmd/sign/participant/receive.rs from frost-hubert-rust.\n *\n * @module\n */\n\nimport * as fs from \"node:fs\";\nimport * as path from \"node:path\";\n\nimport { type ARID, type XID } from \"@bcts/components\";\nimport { compareXidBytes } from \"../../../dkg/proposed-participant.js\";\nimport { CborDate } from \"@bcts/dcbor\";\nimport type { Envelope } from \"@bcts/envelope\";\n\nimport { Registry, resolveRegistryPath, type OwnerRecord } from \"../../../registry/index.js\";\nimport { getWithIndicator } from \"../../busy.js\";\nimport { type StorageClient, type StorageSelection } from \"../../storage.js\";\nimport { parseAridUr, parseEnvelopeUr, formatNameWithOwnerMarker } from \"../../dkg/common.js\";\nimport { signingStateDir } from \"../common.js\";\n\n/**\n * Options for the sign receive command.\n */\nexport interface SignReceiveOptions {\n registryPath?: string;\n /** ARID or envelope UR string */\n request: string;\n timeoutSeconds?: number;\n /** Show request details only (info mode) */\n info?: boolean;\n /** Expected sender (XID UR or pet name) */\n sender?: string;\n}\n\n/**\n * Result of the sign receive command.\n */\nexport interface SignReceiveResult {\n sessionId: string;\n groupId: string;\n targetUr: string;\n coordinatorName: string;\n minSigners: number;\n participantNames: string[];\n}\n\n/**\n * Resolve sender from XID UR or pet name in registry.\n *\n * Port of `resolve_sender()` from cmd/dkg/common.rs lines 76-94.\n */\nfunction resolveSenderFromInput(registry: Registry, input: string): { xid: () => XID } {\n const trimmed = input.trim();\n if (trimmed === \"\") {\n throw new Error(\"Sender is required\");\n }\n\n // Try parsing as XID UR first\n try {\n // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-require-imports, no-undef\n const { XID: XIDClass } = require(\"@bcts/components\");\n // eslint-disable-next-line @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access\n const xid = XIDClass.fromURString(trimmed) as XID;\n const record = registry.participant(xid);\n if (!record) {\n throw new Error(`Sender with XID ${xid.urString()} not found`);\n }\n return record.xidDocument();\n } catch {\n // Try looking up by pet name\n const result = registry.participantByPetName(trimmed);\n if (!result) {\n throw new Error(`Sender with pet name '${trimmed}' not found`);\n }\n return result[1].xidDocument();\n }\n}\n\n/**\n * Resolve sign invite from ARID or envelope UR.\n *\n * Port of `resolve_sign_request()` from cmd/sign/participant/receive.rs lines 250-284.\n */\nasync function resolveSignInviteEnvelope(\n client: StorageClient | undefined,\n selection: StorageSelection | undefined,\n request: string,\n timeout: number | undefined,\n): Promise<Envelope> {\n if (selection !== undefined && client !== undefined) {\n // Try to parse as ARID\n try {\n const arid = parseAridUr(request);\n const envelope = await getWithIndicator(client, arid, \"Sign invite\", timeout, false);\n if (envelope === undefined || envelope === null) {\n throw new Error(\"signInvite request not found in Hubert storage\");\n }\n return envelope;\n } catch {\n // Not an ARID, try as envelope\n }\n\n if (timeout !== undefined) {\n throw new Error(\"--timeout is only valid when retrieving requests from Hubert\");\n }\n return parseEnvelopeUr(request);\n }\n\n // No storage selection\n try {\n parseAridUr(request);\n throw new Error(\"Hubert storage parameters are required to retrieve requests by ARID\");\n } catch (e) {\n if (e instanceof Error && e.message.includes(\"Hubert storage parameters\")) {\n throw e;\n }\n // Not an ARID, parse as envelope\n }\n return parseEnvelopeUr(request);\n}\n\n/**\n * Get display name for sender from registry.\n *\n * Port of `resolve_sender_name()` from cmd/dkg/common.rs lines 96-116.\n */\nfunction resolveSenderName(registry: Registry, senderXid: XID): string | undefined {\n const owner = registry.owner();\n\n // Check if sender is the owner\n if (owner?.xid().urString() === senderXid.urString()) {\n const name = owner.petName() ?? senderXid.urString();\n return formatNameWithOwnerMarker(name, true);\n }\n\n // Look up in participants\n const record = registry.participant(senderXid);\n if (record) {\n const name = record.petName() ?? record.xid().urString();\n return formatNameWithOwnerMarker(name, false);\n }\n\n return undefined;\n}\n\n/**\n * Format participant names with owner marker.\n *\n * Port of `format_participant_names()` from cmd/sign/participant/receive.rs lines 286-309.\n */\nfunction formatParticipantNames(\n registry: Registry,\n participants: XID[],\n owner: OwnerRecord,\n): string[] {\n return participants.map((xid) => {\n const isOwner = xid.urString() === owner.xid().urString();\n let name: string;\n\n if (isOwner) {\n name = owner.petName() ?? xid.urString();\n } else {\n const record = registry.participant(xid);\n name = record?.petName() ?? xid.urString();\n }\n\n return formatNameWithOwnerMarker(name, isOwner);\n });\n}\n\n/**\n * Execute the sign participant receive command.\n *\n * Fetches and validates a sign invite from the coordinator.\n *\n * Port of `CommandArgs::exec()` from cmd/sign/participant/receive.rs lines 56-247.\n */\nexport async function receive(\n client: StorageClient | undefined,\n selection: StorageSelection | undefined,\n options: SignReceiveOptions,\n cwd: string,\n): Promise<SignReceiveResult> {\n // Validate timeout requires storage\n if (selection === undefined && options.timeoutSeconds !== undefined) {\n throw new Error(\"--timeout requires Hubert storage parameters\");\n }\n\n const registryPath = resolveRegistryPath(options.registryPath, cwd);\n const registry = Registry.load(registryPath);\n const owner = registry.owner();\n\n if (!owner) {\n throw new Error(\"Registry owner with private keys is required\");\n }\n\n // Resolve expected sender if provided\n let expectedSender: { xid: () => XID } | undefined;\n if (options.sender !== undefined && options.sender !== \"\") {\n expectedSender = resolveSenderFromInput(registry, options.sender);\n }\n\n // Resolve the invite envelope\n const envelope = await resolveSignInviteEnvelope(\n client,\n selection,\n options.request,\n options.timeoutSeconds,\n );\n\n const now: CborDate = CborDate.now();\n const recipientKeys = owner.xidDocument().inceptionPrivateKeys();\n\n if (recipientKeys === null || recipientKeys === undefined) {\n throw new Error(\"Owner XID document has no inception private keys\");\n }\n\n // eslint-disable-next-line @typescript-eslint/no-require-imports, no-undef\n const { SealedRequest: SealedRequestClass } = require(\"@bcts/gstp\") as {\n SealedRequest: {\n tryFromEnvelope: (\n envelope: Envelope,\n expectedSender: XID | undefined,\n now: CborDate,\n recipientPrivateKeys: unknown,\n ) => SealedRequestInstance;\n };\n };\n\n interface SealedRequestInstance {\n sender: () => { xid: () => XID };\n function: () => { equals?: (other: unknown) => boolean; toString?: () => string };\n extractObjectForParameter: <T>(name: string) => T;\n objectForParameter: (name: string) => Envelope;\n objectsForParameter: (name: string) => ParticipantEntry[];\n }\n\n interface ParticipantEntry {\n extractSubject: () => XID;\n objectForPredicate: (name: string) => {\n decryptToRecipient: (keys: unknown) => {\n extractSubject: () => ARID;\n };\n };\n }\n\n const sealedRequest: SealedRequestInstance = SealedRequestClass.tryFromEnvelope(\n envelope,\n undefined,\n now,\n recipientKeys,\n );\n\n // Validate sender\n const senderXid = sealedRequest.sender().xid();\n\n if (expectedSender !== undefined) {\n if (senderXid.urString() !== expectedSender.xid().urString()) {\n throw new Error(\n `Request sender does not match expected sender (got ${senderXid.urString()}, expected ${expectedSender.xid().urString()})`,\n );\n }\n } else {\n const knownOwner = owner.xid().urString() === senderXid.urString();\n const knownParticipant = registry.participant(senderXid) !== undefined;\n if (!knownOwner && !knownParticipant) {\n throw new Error(`Request sender not found in registry: ${senderXid.urString()}`);\n }\n }\n\n // eslint-disable-next-line @typescript-eslint/no-require-imports, no-undef\n const { Function: FunctionClass } = require(\"@bcts/envelope\") as {\n Function: { from: (name: string) => unknown };\n };\n\n // Validate function\n const requestFunction = sealedRequest.function();\n const expectedFunction = FunctionClass.from(\"signInvite\");\n const functionMatches =\n requestFunction.equals !== undefined\n ? requestFunction.equals(expectedFunction)\n : String(requestFunction) === String(expectedFunction);\n\n if (!functionMatches) {\n throw new Error(`Unexpected request function: ${String(requestFunction)}`);\n }\n\n // Extract parameters\n const validUntil = sealedRequest.extractObjectForParameter<CborDate>(\"validUntil\");\n if (validUntil <= now) {\n throw new Error(\"signInvite request has expired\");\n }\n\n const groupId = sealedRequest.extractObjectForParameter<ARID>(\"group\");\n const sessionId = sealedRequest.extractObjectForParameter<ARID>(\"session\");\n const minSigners = Number(sealedRequest.extractObjectForParameter<bigint | number>(\"minSigners\"));\n\n // Extract participants and find our response ARID\n const participantEntries = sealedRequest.objectsForParameter(\"participant\");\n const participants: XID[] = [];\n let responseArid: ARID | undefined;\n\n for (const entry of participantEntries) {\n const xid: XID = entry.extractSubject();\n if (xid.urString() === owner.xid().urString()) {\n const encryptedArid = entry.objectForPredicate(\"response_arid\");\n const aridEnv = encryptedArid.decryptToRecipient(recipientKeys);\n responseArid = aridEnv.extractSubject();\n }\n participants.push(xid);\n }\n\n // Validations\n if (participants.length === 0) {\n throw new Error(\"signInvite request contains no participants\");\n }\n if (minSigners < 2) {\n throw new Error(\"minSigners must be at least 2\");\n }\n if (minSigners > participants.length) {\n throw new Error(\"minSigners exceeds participant count\");\n }\n\n const ownerInParticipants = participants.some((p) => p.urString() === owner.xid().urString());\n if (!ownerInParticipants) {\n throw new Error(\"signInvite request does not include this participant\");\n }\n\n if (responseArid === undefined) {\n throw new Error(\"signInvite request missing response ARID\");\n }\n\n // Sort participants by XID byte order — mirrors Rust `XID::cmp`.\n // The earlier port used `urString().localeCompare(...)`, which\n // diverges from byte order for bytes ≥ 0x80 and is locale-aware.\n participants.sort((a, b) => compareXidBytes(a.toData(), b.toData()));\n\n const targetEnvelope = sealedRequest.objectForParameter(\"target\");\n\n const coordinatorName = resolveSenderName(registry, senderXid) ?? senderXid.urString();\n const participantNames = formatParticipantNames(registry, participants, owner);\n\n // Output\n console.log(`Group: ${groupId.urString()}`);\n console.log(`Coordinator: ${coordinatorName}`);\n console.log(`Min signers: ${minSigners}`);\n console.log(`Participants: ${participantNames.join(\", \")}`);\n console.log(\"Target:\");\n console.log(targetEnvelope.format());\n\n // Primary output for scripting: session ID on its own line (no header)\n console.log(sessionId.urString());\n\n // Persist request details for follow-up commands\n const stateDir = signingStateDir(registryPath, groupId.hex(), sessionId.hex());\n fs.mkdirSync(stateDir, { recursive: true });\n\n const root: Record<string, unknown> = {\n request_envelope: envelope.urString(),\n group: groupId.urString(),\n session: sessionId.urString(),\n coordinator: senderXid.urString(),\n min_signers: minSigners,\n response_arid: responseArid.urString(),\n participants: participants.map((xid) => xid.urString()),\n target: targetEnvelope.urString(),\n };\n\n fs.writeFileSync(path.join(stateDir, \"sign_receive.json\"), JSON.stringify(root, null, 2));\n\n return {\n sessionId: sessionId.urString(),\n groupId: groupId.urString(),\n targetUr: targetEnvelope.urString(),\n coordinatorName,\n minSigners,\n participantNames,\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;AAyDA,SAAS,uBAAuB,UAAoB,OAAmC;CACrF,MAAM,UAAU,MAAM,KAAK;CAC3B,IAAI,YAAY,IACd,MAAM,IAAI,MAAM,oBAAoB;CAItC,IAAI;EAEF,MAAM,EAAE,KAAK,aAAA,UAAqB,kBAAkB;EAEpD,MAAM,MAAM,SAAS,aAAa,OAAO;EACzC,MAAM,SAAS,SAAS,YAAY,GAAG;EACvC,IAAI,CAAC,QACH,MAAM,IAAI,MAAM,mBAAmB,IAAI,SAAS,EAAE,WAAW;EAE/D,OAAO,OAAO,YAAY;CAC5B,QAAQ;EAEN,MAAM,SAAS,SAAS,qBAAqB,OAAO;EACpD,IAAI,CAAC,QACH,MAAM,IAAI,MAAM,yBAAyB,QAAQ,YAAY;EAE/D,OAAO,OAAO,GAAG,YAAY;CAC/B;AACF;;;;;;AAOA,eAAe,0BACb,QACA,WACA,SACA,SACmB;CACnB,IAAI,cAAc,KAAA,KAAa,WAAW,KAAA,GAAW;EAEnD,IAAI;GAEF,MAAM,WAAW,MAAM,iBAAiB,QAD3B,YAAY,OAC0B,GAAG,eAAe,SAAS,KAAK;GACnF,IAAI,aAAa,KAAA,KAAa,aAAa,MACzC,MAAM,IAAI,MAAM,gDAAgD;GAElE,OAAO;EACT,QAAQ,CAER;EAEA,IAAI,YAAY,KAAA,GACd,MAAM,IAAI,MAAM,8DAA8D;EAEhF,OAAO,gBAAgB,OAAO;CAChC;CAGA,IAAI;EACF,YAAY,OAAO;EACnB,MAAM,IAAI,MAAM,qEAAqE;CACvF,SAAS,GAAG;EACV,IAAI,aAAa,SAAS,EAAE,QAAQ,SAAS,2BAA2B,GACtE,MAAM;CAGV;CACA,OAAO,gBAAgB,OAAO;AAChC;;;;;;AAOA,SAAS,kBAAkB,UAAoB,WAAoC;CACjF,MAAM,QAAQ,SAAS,MAAM;CAG7B,IAAI,OAAO,IAAI,EAAE,SAAS,MAAM,UAAU,SAAS,GAEjD,OAAO,0BADM,MAAM,QAAQ,KAAK,UAAU,SAAS,GACZ,IAAI;CAI7C,MAAM,SAAS,SAAS,YAAY,SAAS;CAC7C,IAAI,QAEF,OAAO,0BADM,OAAO,QAAQ,KAAK,OAAO,IAAI,EAAE,SAAS,GAChB,KAAK;AAIhD;;;;;;AAOA,SAAS,uBACP,UACA,cACA,OACU;CACV,OAAO,aAAa,KAAK,QAAQ;EAC/B,MAAM,UAAU,IAAI,SAAS,MAAM,MAAM,IAAI,EAAE,SAAS;EACxD,IAAI;EAEJ,IAAI,SACF,OAAO,MAAM,QAAQ,KAAK,IAAI,SAAS;OAGvC,OADe,SAAS,YAAY,GACxB,GAAG,QAAQ,KAAK,IAAI,SAAS;EAG3C,OAAO,0BAA0B,MAAM,OAAO;CAChD,CAAC;AACH;;;;;;;;AASA,eAAsB,QACpB,QACA,WACA,SACA,KAC4B;CAE5B,IAAI,cAAc,KAAA,KAAa,QAAQ,mBAAmB,KAAA,GACxD,MAAM,IAAI,MAAM,8CAA8C;CAGhE,MAAM,eAAe,oBAAoB,QAAQ,cAAc,GAAG;CAClE,MAAM,WAAW,SAAS,KAAK,YAAY;CAC3C,MAAM,QAAQ,SAAS,MAAM;CAE7B,IAAI,CAAC,OACH,MAAM,IAAI,MAAM,8CAA8C;CAIhE,IAAI;CACJ,IAAI,QAAQ,WAAW,KAAA,KAAa,QAAQ,WAAW,IACrD,iBAAiB,uBAAuB,UAAU,QAAQ,MAAM;CAIlE,MAAM,WAAW,MAAM,0BACrB,QACA,WACA,QAAQ,SACR,QAAQ,cACV;CAEA,MAAM,MAAgB,SAAS,IAAI;CACnC,MAAM,gBAAgB,MAAM,YAAY,EAAE,qBAAqB;CAE/D,IAAI,kBAAkB,QAAQ,kBAAkB,KAAA,GAC9C,MAAM,IAAI,MAAM,kDAAkD;CAIpE,MAAM,EAAE,eAAe,uBAAA,UAA+B,YAAY;CA4BlE,MAAM,gBAAuC,mBAAmB,gBAC9D,UACA,KAAA,GACA,KACA,aACF;CAGA,MAAM,YAAY,cAAc,OAAO,EAAE,IAAI;CAE7C,IAAI,mBAAmB,KAAA;MACjB,UAAU,SAAS,MAAM,eAAe,IAAI,EAAE,SAAS,GACzD,MAAM,IAAI,MACR,sDAAsD,UAAU,SAAS,EAAE,aAAa,eAAe,IAAI,EAAE,SAAS,EAAE,EAC1H;CAAA,OAEG;EACL,MAAM,aAAa,MAAM,IAAI,EAAE,SAAS,MAAM,UAAU,SAAS;EACjE,MAAM,mBAAmB,SAAS,YAAY,SAAS,MAAM,KAAA;EAC7D,IAAI,CAAC,cAAc,CAAC,kBAClB,MAAM,IAAI,MAAM,yCAAyC,UAAU,SAAS,GAAG;CAEnF;CAGA,MAAM,EAAE,UAAU,kBAAA,UAA0B,gBAAgB;CAK5D,MAAM,kBAAkB,cAAc,SAAS;CAC/C,MAAM,mBAAmB,cAAc,KAAK,YAAY;CAMxD,IAAI,EAJF,gBAAgB,WAAW,KAAA,IACvB,gBAAgB,OAAO,gBAAgB,IACvC,OAAO,eAAe,MAAM,OAAO,gBAAgB,IAGvD,MAAM,IAAI,MAAM,gCAAgC,OAAO,eAAe,GAAG;CAK3E,IADmB,cAAc,0BAAoC,YACxD,KAAK,KAChB,MAAM,IAAI,MAAM,gCAAgC;CAGlD,MAAM,UAAU,cAAc,0BAAgC,OAAO;CACrE,MAAM,YAAY,cAAc,0BAAgC,SAAS;CACzE,MAAM,aAAa,OAAO,cAAc,0BAA2C,YAAY,CAAC;CAGhG,MAAM,qBAAqB,cAAc,oBAAoB,aAAa;CAC1E,MAAM,eAAsB,CAAC;CAC7B,IAAI;CAEJ,KAAK,MAAM,SAAS,oBAAoB;EACtC,MAAM,MAAW,MAAM,eAAe;EACtC,IAAI,IAAI,SAAS,MAAM,MAAM,IAAI,EAAE,SAAS,GAG1C,eAFsB,MAAM,mBAAmB,eACnB,EAAE,mBAAmB,aAC5B,EAAE,eAAe;EAExC,aAAa,KAAK,GAAG;CACvB;CAGA,IAAI,aAAa,WAAW,GAC1B,MAAM,IAAI,MAAM,6CAA6C;CAE/D,IAAI,aAAa,GACf,MAAM,IAAI,MAAM,+BAA+B;CAEjD,IAAI,aAAa,aAAa,QAC5B,MAAM,IAAI,MAAM,sCAAsC;CAIxD,IAAI,CADwB,aAAa,MAAM,MAAM,EAAE,SAAS,MAAM,MAAM,IAAI,EAAE,SAAS,CACpE,GACrB,MAAM,IAAI,MAAM,sDAAsD;CAGxE,IAAI,iBAAiB,KAAA,GACnB,MAAM,IAAI,MAAM,0CAA0C;CAM5D,aAAa,MAAM,GAAG,MAAM,gBAAgB,EAAE,OAAO,GAAG,EAAE,OAAO,CAAC,CAAC;CAEnE,MAAM,iBAAiB,cAAc,mBAAmB,QAAQ;CAEhE,MAAM,kBAAkB,kBAAkB,UAAU,SAAS,KAAK,UAAU,SAAS;CACrF,MAAM,mBAAmB,uBAAuB,UAAU,cAAc,KAAK;CAG7E,QAAQ,IAAI,UAAU,QAAQ,SAAS,GAAG;CAC1C,QAAQ,IAAI,gBAAgB,iBAAiB;CAC7C,QAAQ,IAAI,gBAAgB,YAAY;CACxC,QAAQ,IAAI,iBAAiB,iBAAiB,KAAK,IAAI,GAAG;CAC1D,QAAQ,IAAI,SAAS;CACrB,QAAQ,IAAI,eAAe,OAAO,CAAC;CAGnC,QAAQ,IAAI,UAAU,SAAS,CAAC;CAGhC,MAAM,WAAW,gBAAgB,cAAc,QAAQ,IAAI,GAAG,UAAU,IAAI,CAAC;CAC7E,GAAG,UAAU,UAAU,EAAE,WAAW,KAAK,CAAC;CAE1C,MAAM,OAAgC;EACpC,kBAAkB,SAAS,SAAS;EACpC,OAAO,QAAQ,SAAS;EACxB,SAAS,UAAU,SAAS;EAC5B,aAAa,UAAU,SAAS;EAChC,aAAa;EACb,eAAe,aAAa,SAAS;EACrC,cAAc,aAAa,KAAK,QAAQ,IAAI,SAAS,CAAC;EACtD,QAAQ,eAAe,SAAS;CAClC;CAEA,GAAG,cAAc,KAAK,KAAK,UAAU,mBAAmB,GAAG,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;CAExF,OAAO;EACL,WAAW,UAAU,SAAS;EAC9B,SAAS,QAAQ,SAAS;EAC1B,UAAU,eAAe,SAAS;EAClC;EACA;EACA;CACF;AACF"}
@@ -1,5 +1,5 @@
1
1
  Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
2
- const require_chunk = require("../chunk-CZWwpsFl.cjs");
2
+ const require_chunk = require("../chunk-DakpK96I.cjs");
3
3
  let _bcts_components = require("@bcts/components");
4
4
  let _bcts_envelope = require("@bcts/envelope");
5
5
  let _bcts_xid = require("@bcts/xid");
@@ -375,8 +375,16 @@ var OwnerRecord = class OwnerRecord {
375
375
  }
376
376
  /**
377
377
  * Deserialize from JSON object.
378
+ *
379
+ * Mirrors Rust's `#[serde(deny_unknown_fields)]` derive on
380
+ * `OwnerRecord` (`owner_record.rs:13-17`) — any field not in
381
+ * `{xid_document, pet_name}` causes Rust's `serde_json::from_str`
382
+ * to error with `unknown field`, and we mirror that here so a
383
+ * registry file produced by a future Rust version with extra
384
+ * fields is rejected explicitly rather than silently lossy.
378
385
  */
379
386
  static fromJSON(json) {
387
+ for (const key of Object.keys(json)) if (key !== "xid_document" && key !== "pet_name") throw new Error(`unknown field \`${key}\`, expected \`xid_document\` or \`pet_name\``);
380
388
  const xidDocumentUr = json["xid_document"];
381
389
  const petName = json["pet_name"];
382
390
  return OwnerRecord.fromSignedXidUr(xidDocumentUr, petName);
@@ -506,8 +514,17 @@ var ParticipantRecord = class ParticipantRecord {
506
514
  }
507
515
  /**
508
516
  * Deserialize from JSON object.
517
+ *
518
+ * Mirrors Rust's `#[serde(deny_unknown_fields)]` derive on
519
+ * `ParticipantRecord` (`participant_record.rs:12-17`) — Rust's
520
+ * `serde_json::from_str` errors with `unknown field` for any
521
+ * field outside `{xid_document, pet_name}`. We mirror that
522
+ * behaviour so a registry file produced by a future Rust
523
+ * version with extra fields is rejected explicitly rather than
524
+ * silently lossy.
509
525
  */
510
526
  static fromJSON(json) {
527
+ for (const key of Object.keys(json)) if (key !== "xid_document" && key !== "pet_name") throw new Error(`unknown field \`${key}\`, expected \`xid_document\` or \`pet_name\``);
511
528
  const xidDocumentUr = json["xid_document"];
512
529
  const petName = json["pet_name"];
513
530
  return ParticipantRecord.recreateFromSerialized(xidDocumentUr, petName);
@@ -527,9 +544,19 @@ function parseSignedXidDocument(xidDocumentUr) {
527
544
  try {
528
545
  envelope = _bcts_envelope.Envelope.fromTaggedCbor(envelopeCbor);
529
546
  } catch {
530
- envelope = _bcts_envelope.Envelope.fromUntaggedCbor(envelopeCbor);
547
+ try {
548
+ envelope = _bcts_envelope.Envelope.fromUntaggedCbor(envelopeCbor);
549
+ } catch (e) {
550
+ throw new Error(`Unable to decode XID document envelope: ${e.message ?? String(e)}`, { cause: e });
551
+ }
552
+ }
553
+ let document;
554
+ try {
555
+ document = _bcts_xid.XIDDocument.fromEnvelope(envelope, void 0, _bcts_xid.XIDVerifySignature.Inception);
556
+ } catch (e) {
557
+ throw new Error(`XID document must be signed by its inception key: ${e.message ?? String(e)}`, { cause: e });
531
558
  }
532
- return [sanitized, _bcts_xid.XIDDocument.fromEnvelope(envelope, void 0, _bcts_xid.XIDVerifySignature.Inception)];
559
+ return [sanitized, document];
533
560
  }
534
561
  /**
535
562
  * Sanitize XID UR input.
@@ -652,13 +679,43 @@ var Registry = class Registry {
652
679
  /**
653
680
  * Add a participant.
654
681
  *
655
- * Returns the outcome indicating whether the participant was already present or newly inserted.
682
+ * Mirrors Rust `Registry::add_participant`
683
+ * (`registry_impl.rs:83-124`):
684
+ *
685
+ * 1. If `record.pet_name()` is already used by some other XID,
686
+ * bail with `"Pet name '{name}' already used by another
687
+ * participant"`.
688
+ * 2. If `record.pet_name()` matches an existing record under the
689
+ * *same* XID and the public keys also match, return
690
+ * `AlreadyPresent`.
691
+ * 3. If the pet name matches the same XID but public keys don't,
692
+ * bail with `"Participant already exists with a different pet
693
+ * name"`.
694
+ * 4. Otherwise look up by XID. If present and public-keys + pet-name
695
+ * both match, return `AlreadyPresent`; if XID is present but
696
+ * anything differs, bail. If XID is new, insert and return
697
+ * `Inserted`.
698
+ *
699
+ * The earlier port short-circuited on `participants.has(xidUr)` and
700
+ * always returned `AlreadyPresent` — silently allowing re-adds with
701
+ * a different pet name or different public keys, which Rust
702
+ * correctly forbids.
656
703
  */
657
704
  addParticipant(xid, record) {
658
705
  const xidUr = xid.urString();
659
- if (this._participants.has(xidUr)) return "already_present";
660
706
  const petName = record.petName();
661
- if (petName !== void 0 && this.petNameExists(petName)) throw new Error(`Pet name "${petName}" is already used by another participant`);
707
+ if (petName !== void 0) {
708
+ for (const [existingXidUr, existingRecord] of this._participants) if (existingRecord.petName() === petName) {
709
+ if (existingXidUr !== xidUr) throw new Error(`Pet name '${petName}' already used by another participant`);
710
+ if (publicKeysEqual(existingRecord.publicKeys(), record.publicKeys())) return "already_present";
711
+ throw new Error("Participant already exists with a different pet name");
712
+ }
713
+ }
714
+ const existing = this._participants.get(xidUr);
715
+ if (existing !== void 0) {
716
+ if (publicKeysEqual(existing.publicKeys(), record.publicKeys()) && existing.petName() === record.petName()) return "already_present";
717
+ throw new Error("Participant already exists with a different pet name");
718
+ }
662
719
  this._participants.set(xidUr, record);
663
720
  return "inserted";
664
721
  }
@@ -748,17 +805,25 @@ var Registry = class Registry {
748
805
  }
749
806
  /**
750
807
  * Serialize to JSON object.
808
+ *
809
+ * Mirrors Rust `Registry`'s field declaration order
810
+ * (`registry_impl.rs:8-14` — `owner, participants, groups`). JSON
811
+ * object member order is not semantically significant, but
812
+ * `serde_json::to_string_pretty` emits keys in declaration order,
813
+ * so for byte-equal `registry.json` (used by the integration tests
814
+ * as a string assertion) the TS port must match Rust's order.
815
+ * Empty `owner` is omitted via `Option::None` skip in Rust; we
816
+ * reproduce that by only setting the key when the owner exists.
751
817
  */
752
818
  toJSON() {
819
+ const obj = {};
820
+ if (this._owner !== void 0) obj["owner"] = this._owner.toJSON();
753
821
  const participants = {};
754
822
  for (const [xidUr, record] of this._participants) participants[xidUr] = record.toJSON();
823
+ obj["participants"] = participants;
755
824
  const groups = {};
756
825
  for (const [aridHex, record] of this._groups) groups[aridHex] = record.toJSON();
757
- const obj = {
758
- groups,
759
- participants
760
- };
761
- if (this._owner !== void 0) obj["owner"] = this._owner.toJSON();
826
+ obj["groups"] = groups;
762
827
  return obj;
763
828
  }
764
829
  /**
@@ -791,6 +856,16 @@ function resolveRegistryPath(registryArg, cwd) {
791
856
  if (!registryArg.includes("/") && !registryArg.includes(node_path.sep)) return node_path.join(cwd, registryArg);
792
857
  return node_path.resolve(cwd, registryArg);
793
858
  }
859
+ /**
860
+ * Structural equality on `PublicKeys`, mirroring Rust's
861
+ * `PartialEq::eq` derive (per-component comparison of the signing
862
+ * and encapsulation public keys).
863
+ *
864
+ * @internal
865
+ */
866
+ function publicKeysEqual(a, b) {
867
+ return a.equals(b);
868
+ }
794
869
  //#endregion
795
870
  exports.AddOutcome = AddOutcome;
796
871
  exports.ContributionPaths = ContributionPaths;