npm - @bcts/frost-hubert - Versions diffs - 1.0.0-alpha.23 → 1.0.0-beta.1 - Mend

@bcts/frost-hubert 1.0.0-alpha.23 → 1.0.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (165) hide show

package/README.md +1 -1
package/dist/bin/frost.cjs +344 -72
package/dist/bin/frost.cjs.map +1 -1
package/dist/bin/frost.mjs +344 -71
package/dist/bin/frost.mjs.map +1 -1
package/dist/busy-B_h0bNAJ.cjs +38 -0
package/dist/busy-B_h0bNAJ.cjs.map +1 -0
package/dist/busy-BlU8_pS2.mjs +27 -0
package/dist/busy-BlU8_pS2.mjs.map +1 -0
package/dist/cmd/index.cjs +27 -22
package/dist/cmd/index.d.cts +2 -2
package/dist/cmd/index.d.mts +2 -2
package/dist/cmd/index.mjs +6 -3
package/dist/cmd-CCVhHzG7.cjs +129 -0
package/dist/cmd-CCVhHzG7.cjs.map +1 -0
package/dist/cmd-DNsHd19v.mjs +112 -0
package/dist/cmd-DNsHd19v.mjs.map +1 -0
package/dist/common-7-BOgaTt.cjs +113 -0
package/dist/common-7-BOgaTt.cjs.map +1 -0
package/dist/common-Cf1UvJaP.mjs +282 -0
package/dist/common-Cf1UvJaP.mjs.map +1 -0
package/dist/common-CnvAUC2b.cjs +372 -0
package/dist/common-CnvAUC2b.cjs.map +1 -0
package/dist/common-DNrD_-EI.mjs +96 -0
package/dist/common-DNrD_-EI.mjs.map +1 -0
package/dist/dkg/index.cjs +6 -103
package/dist/dkg/index.cjs.map +1 -1
package/dist/dkg/index.d.cts +2 -2
package/dist/dkg/index.d.mts +2 -2
package/dist/dkg/index.mjs +4 -101
package/dist/dkg/index.mjs.map +1 -1
package/dist/finalize-BpC0rz93.mjs +389 -0
package/dist/finalize-BpC0rz93.mjs.map +1 -0
package/dist/finalize-Cb0obTSo.cjs +402 -0
package/dist/finalize-Cb0obTSo.cjs.map +1 -0
package/dist/finalize-DHEnKobp.cjs +303 -0
package/dist/finalize-DHEnKobp.cjs.map +1 -0
package/dist/finalize-DQ0VGUHO.cjs +265 -0
package/dist/finalize-DQ0VGUHO.cjs.map +1 -0
package/dist/finalize-DtRxHZ7H.mjs +290 -0
package/dist/finalize-DtRxHZ7H.mjs.map +1 -0
package/dist/finalize-T83Ko8nG.mjs +252 -0
package/dist/finalize-T83Ko8nG.mjs.map +1 -0
package/dist/frost/index.cjs +1 -1
package/dist/frost/index.cjs.map +1 -1
package/dist/frost/index.d.cts.map +1 -1
package/dist/frost/index.d.mts.map +1 -1
package/dist/frost/index.mjs +1 -1
package/dist/frost/index.mjs.map +1 -1
package/dist/{index-BJlwbPYu.d.cts → index-BErX9AZF.d.cts} +101 -79
package/dist/index-BErX9AZF.d.cts.map +1 -0
package/dist/{index-BkqLimZT.d.mts → index-BaUVw4b1.d.mts} +25 -2
package/dist/index-BaUVw4b1.d.mts.map +1 -0
package/dist/{index-BMbPgH0W.d.cts → index-CD50Qtgw.d.cts} +46 -2
package/dist/index-CD50Qtgw.d.cts.map +1 -0
package/dist/{index-DoV5HFvV.d.mts → index-CD50Qtgw.d.mts} +46 -2
package/dist/index-CD50Qtgw.d.mts.map +1 -0
package/dist/{index-Dzm1v4_4.d.mts → index-Drklne-Y.d.mts} +101 -79
package/dist/index-Drklne-Y.d.mts.map +1 -0
package/dist/{index-DmxfT59Y.d.cts → index-gkmZzEuD.d.cts} +25 -2
package/dist/index-gkmZzEuD.d.cts.map +1 -0
package/dist/index.cjs +30 -23
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +4 -4
package/dist/index.d.cts.map +1 -1
package/dist/index.d.mts +4 -4
package/dist/index.d.mts.map +1 -1
package/dist/index.mjs +8 -4
package/dist/index.mjs.map +1 -1
package/dist/invite-1tzg0B0P.cjs +274 -0
package/dist/invite-1tzg0B0P.cjs.map +1 -0
package/dist/invite-BLwtexAu.cjs +109 -0
package/dist/invite-BLwtexAu.cjs.map +1 -0
package/dist/invite-Be2v2SVc.mjs +96 -0
package/dist/invite-Be2v2SVc.mjs.map +1 -0
package/dist/invite-D8mQSnFz.mjs +219 -0
package/dist/invite-D8mQSnFz.mjs.map +1 -0
package/dist/parallel-PZiwHZT8.mjs +235 -0
package/dist/parallel-PZiwHZT8.mjs.map +1 -0
package/dist/parallel-szwYx-bi.cjs +318 -0
package/dist/parallel-szwYx-bi.cjs.map +1 -0
package/dist/proposed-participant-BvHNnpcZ.cjs +140 -0
package/dist/proposed-participant-BvHNnpcZ.cjs.map +1 -0
package/dist/proposed-participant-Detb823_.mjs +129 -0
package/dist/proposed-participant-Detb823_.mjs.map +1 -0
package/dist/receive-BR-knnGv.cjs +213 -0
package/dist/receive-BR-knnGv.cjs.map +1 -0
package/dist/receive-D_r4Mryr.cjs +190 -0
package/dist/receive-D_r4Mryr.cjs.map +1 -0
package/dist/receive-dkSCSGpl.mjs +188 -0
package/dist/receive-dkSCSGpl.mjs.map +1 -0
package/dist/receive-g8EhZF2Y.mjs +177 -0
package/dist/receive-g8EhZF2Y.mjs.map +1 -0
package/dist/registry/index.cjs +86 -11
package/dist/registry/index.cjs.map +1 -1
package/dist/registry/index.d.cts +1 -1
package/dist/registry/index.d.mts +1 -1
package/dist/registry/index.mjs +85 -10
package/dist/registry/index.mjs.map +1 -1
package/dist/{registry-loI1_Mh1.cjs → registry-CkIbA7nt.cjs} +79 -2
package/dist/registry-CkIbA7nt.cjs.map +1 -0
package/dist/{registry-CgrCZ4En.mjs → registry-DGjs4qDK.mjs} +74 -3
package/dist/registry-DGjs4qDK.mjs.map +1 -0
package/dist/round1-9FAqFvL5.cjs +465 -0
package/dist/round1-9FAqFvL5.cjs.map +1 -0
package/dist/round1-B8haiMM8.mjs +208 -0
package/dist/round1-B8haiMM8.mjs.map +1 -0
package/dist/round1-BOIE1E4O.mjs +452 -0
package/dist/round1-BOIE1E4O.mjs.map +1 -0
package/dist/round1-Bq0vweyQ.cjs +422 -0
package/dist/round1-Bq0vweyQ.cjs.map +1 -0
package/dist/round1-CXkXoVQU.cjs +208 -0
package/dist/round1-CXkXoVQU.cjs.map +1 -0
package/dist/round1-D8t7EzIo.mjs +373 -0
package/dist/round1-D8t7EzIo.mjs.map +1 -0
package/dist/round1-DriPu15x.cjs +221 -0
package/dist/round1-DriPu15x.cjs.map +1 -0
package/dist/round1-Y2kcVwnR.mjs +195 -0
package/dist/round1-Y2kcVwnR.mjs.map +1 -0
package/dist/round2-AMDYMUIg.cjs +305 -0
package/dist/round2-AMDYMUIg.cjs.map +1 -0
package/dist/round2-BHQKVJFo.cjs +410 -0
package/dist/round2-BHQKVJFo.cjs.map +1 -0
package/dist/round2-BfetYacV.mjs +450 -0
package/dist/round2-BfetYacV.mjs.map +1 -0
package/dist/round2-Cf5CJc_8.mjs +397 -0
package/dist/round2-Cf5CJc_8.mjs.map +1 -0
package/dist/round2-CvrmylN1.cjs +293 -0
package/dist/round2-CvrmylN1.cjs.map +1 -0
package/dist/round2-Dk_w97nl.cjs +499 -0
package/dist/round2-Dk_w97nl.cjs.map +1 -0
package/dist/round2-Z2JhMwxc.mjs +292 -0
package/dist/round2-Z2JhMwxc.mjs.map +1 -0
package/dist/round2-mF6UlkT-.mjs +280 -0
package/dist/round2-mF6UlkT-.mjs.map +1 -0
package/package.json +14 -14
package/src/bin/frost.ts +849 -128
package/src/cmd/common.ts +19 -1
package/src/cmd/dkg/common.ts +97 -10
package/src/cmd/dkg/coordinator/invite.ts +5 -2
package/src/cmd/dkg/participant/finalize.ts +51 -17
package/src/cmd/dkg/participant/round1.ts +39 -38
package/src/cmd/dkg/participant/round2.ts +60 -26
package/src/cmd/sign/coordinator/round2.ts +5 -1
package/src/cmd/sign/participant/finalize.ts +6 -2
package/src/cmd/sign/participant/receive.ts +5 -2
package/src/dkg/group-invite.ts +12 -2
package/src/dkg/proposed-participant.ts +32 -3
package/src/registry/owner-record.ts +12 -0
package/src/registry/participant-record.ts +35 -2
package/src/registry/registry-impl.ts +74 -18
package/dist/cmd-5yLeC_QL.mjs +0 -4708
package/dist/cmd-5yLeC_QL.mjs.map +0 -1
package/dist/cmd-BfZjC3Uh.cjs +0 -4847
package/dist/cmd-BfZjC3Uh.cjs.map +0 -1
package/dist/index-BJlwbPYu.d.cts.map +0 -1
package/dist/index-BMbPgH0W.d.cts.map +0 -1
package/dist/index-BkqLimZT.d.mts.map +0 -1
package/dist/index-DmxfT59Y.d.cts.map +0 -1
package/dist/index-DoV5HFvV.d.mts.map +0 -1
package/dist/index-Dzm1v4_4.d.mts.map +0 -1
package/dist/registry-CgrCZ4En.mjs.map +0 -1
package/dist/registry-loI1_Mh1.cjs.map +0 -1
/package/dist/{chunk-CZWwpsFl.cjs → chunk-DakpK96I.cjs} +0 -0
/package/dist/{chunk-CjcI7cDX.mjs → chunk-z9aeyW2b.mjs} +0 -0

package/dist/finalize-DHEnKobp.cjs ADDED Viewed

@@ -0,0 +1,303 @@
+const require_chunk = require("./chunk-DakpK96I.cjs");
+const require_registry_index = require("./registry/index.cjs");
+const require_common = require("./common-CnvAUC2b.cjs");
+const require_busy = require("./busy-B_h0bNAJ.cjs");
+const require_parallel = require("./parallel-szwYx-bi.cjs");
+let _bcts_gstp = require("@bcts/gstp");
+let node_fs = require("node:fs");
+node_fs = require_chunk.__toESM(node_fs, 1);
+let node_path = require("node:path");
+node_path = require_chunk.__toESM(node_path, 1);
+//#region src/cmd/dkg/coordinator/finalize.ts
+/**
+* Copyright © 2023-2026 Blockchain Commons, LLC
+* Copyright © 2025-2026 Parity Technologies
+*
+*
+* DKG coordinator finalize command.
+*
+* Port of cmd/dkg/coordinator/finalize.rs from frost-hubert-rust.
+*
+* @module
+*/
+var finalize_exports = /* @__PURE__ */ require_chunk.__exportAll({ finalize: () => finalize });
+/**
+* Validate that the owner is the coordinator of the group.
+*
+* Port of coordinator check from finalize.rs lines 76-82.
+*/
+function validateCoordinator(groupRecord, ownerXid) {
+	if (groupRecord.coordinator().xid().urString() !== ownerXid.urString()) throw new Error(`Only the coordinator can collect finalize responses. Coordinator: ${groupRecord.coordinator().xid().urString()}, Owner: ${ownerXid.urString()}`);
+}
+/**
+* Validate envelope and extract finalize data (for parallel fetch).
+*
+* Port of `validate_and_extract_finalize_response()` from finalize.rs lines 407-466.
+*/
+function validateAndExtractFinalizeResponse(envelope, coordinatorKeys, expectedGroupId, expectedParticipant) {
+	const now = /* @__PURE__ */ new Date();
+	let sealed;
+	try {
+		sealed = _bcts_gstp.SealedResponse.tryFromEncryptedEnvelope(envelope, void 0, now, coordinatorKeys);
+	} catch (err) {
+		return { rejected: `Failed to decrypt/parse response: ${err instanceof Error ? err.message : String(err)}` };
+	}
+	if (!sealed.isOk()) try {
+		return { rejected: `Participant reported error: ${sealed.error().optionalObjectForPredicate("reason")?.extractString() ?? "unknown reason"}` };
+	} catch {
+		return { rejected: "Participant reported error: unknown reason" };
+	}
+	let result;
+	try {
+		result = sealed.result();
+	} catch {
+		return { rejected: "Finalize response has no result" };
+	}
+	try {
+		result.checkSubjectUnit();
+		result.checkType("dkgFinalizeResponse");
+	} catch (err) {
+		return { rejected: `Invalid response type: ${err instanceof Error ? err.message : String(err)}` };
+	}
+	try {
+		const groupId = require_common.parseAridUr(result.objectForPredicate("group").extractString());
+		if (groupId.urString() !== expectedGroupId.urString()) return { rejected: `Group ${groupId.urString()} does not match expected ${expectedGroupId.urString()}` };
+	} catch (err) {
+		return { rejected: `Failed to extract group: ${err instanceof Error ? err.message : String(err)}` };
+	}
+	try {
+		const participantStr = result.objectForPredicate("participant").extractString();
+		const { XID: XIDClass } = require("@bcts/components");
+		const participantXid = XIDClass.fromURString(participantStr);
+		if (participantXid.urString() !== expectedParticipant.urString()) return { rejected: `Participant ${participantXid.urString()} does not match expected ${expectedParticipant.urString()}` };
+	} catch (err) {
+		return { rejected: `Failed to extract participant: ${err instanceof Error ? err.message : String(err)}` };
+	}
+	let keyPackage;
+	let publicKeyPackage;
+	try {
+		const keyJsonStr = result.objectForPredicate("key_package").extractString();
+		keyPackage = JSON.parse(keyJsonStr);
+	} catch (err) {
+		return { rejected: `Failed to parse key_package: ${err instanceof Error ? err.message : String(err)}` };
+	}
+	try {
+		const pubJsonStr = result.objectForPredicate("public_key_package").extractString();
+		publicKeyPackage = JSON.parse(pubJsonStr);
+	} catch (err) {
+		return { rejected: `Failed to parse public_key_package: ${err instanceof Error ? err.message : String(err)}` };
+	}
+	return {
+		keyPackage,
+		publicKeyPackage
+	};
+}
+/**
+* Fetch a finalize response sequentially.
+*
+* Port of `fetch_finalize_response()` from finalize.rs lines 282-358.
+*/
+async function fetchFinalizeResponse(client, responseArid, timeout, coordinatorKeys, expectedGroup, expectedParticipant, participantName) {
+	const envelope = await require_busy.getWithIndicator(client, responseArid, participantName, timeout, require_common.isVerbose());
+	if (envelope === null || envelope === void 0) throw new Error("Finalize response not found in Hubert storage");
+	const result = validateAndExtractFinalizeResponse(envelope, coordinatorKeys, expectedGroup, expectedParticipant);
+	if ("rejected" in result) throw new Error(result.rejected);
+	return {
+		participant: expectedParticipant,
+		keyPackage: result.keyPackage,
+		publicKeyPackage: result.publicKeyPackage
+	};
+}
+/**
+* Collect finalize responses in parallel with progress display.
+*
+* Port of `collect_finalize_parallel()` from finalize.rs lines 371-404.
+*/
+async function collectFinalizeParallel(client, registry, pendingRequests, coordinatorKeys, expectedGroupId, timeout) {
+	const requests = [];
+	for (const [xid, arid] of pendingRequests.iterCollect()) {
+		const name = registry.participant(xid)?.petName() ?? xid.urString();
+		requests.push([
+			xid,
+			arid,
+			name
+		]);
+	}
+	return require_parallel.parallelFetch(client, requests, (envelope, xid) => validateAndExtractFinalizeResponse(envelope, coordinatorKeys, expectedGroupId, xid), require_parallel.parallelFetchConfigWithTimeout(timeout));
+}
+/**
+* Finalize collection results: persist, update registry, print summary.
+*
+* Port of `finalize_collection_results()` from finalize.rs lines 469-590.
+*/
+function finalizeFinalizeCollectionResults(collection, registryPath, registry, groupId) {
+	if (collection.rejections.length > 0) {
+		console.error();
+		console.error("Rejections:");
+		for (const [xid, reason] of collection.rejections) console.error(`  ${xid.urString()}: ${reason}`);
+	}
+	if (collection.errors.length > 0) {
+		console.error();
+		console.error("Errors:");
+		for (const [xid, error] of collection.errors) console.error(`  ${xid.urString()}: ${error}`);
+	}
+	if (collection.timeouts.length > 0) {
+		console.error();
+		console.error("Timeouts:");
+		for (const xid of collection.timeouts) console.error(`  ${xid.urString()}`);
+	}
+	if (!collection.allSucceeded()) throw new Error(`Finalize collection incomplete: ${collection.successes.length} succeeded, ${collection.rejections.length} rejected, ${collection.errors.length} errors, ${collection.timeouts.length} timeouts`);
+	let groupVerifyingKey;
+	for (const [xid, data] of collection.successes) {
+		const pubKeyPkg = data.publicKeyPackage;
+		if (!pubKeyPkg.verifying_key) throw new Error(`Failed to extract verifying key for ${xid.urString()}: missing verifying_key field`);
+		let signingKey;
+		try {
+			signingKey = require_common.signingKeyFromVerifying(hexToBytes(pubKeyPkg.verifying_key));
+		} catch (err) {
+			throw new Error(`Failed to extract verifying key for ${xid.urString()}: ${err instanceof Error ? err.message : String(err)}`, { cause: err });
+		}
+		if (groupVerifyingKey !== void 0) {
+			if (groupVerifyingKey.urString() !== signingKey.urString()) throw new Error(`Group verifying key mismatch for participant ${xid.urString()}`);
+		} else groupVerifyingKey = signingKey;
+	}
+	const stateDir = require_common.groupStateDir(registryPath, groupId.hex());
+	node_fs.mkdirSync(stateDir, { recursive: true });
+	const collectedPath = node_path.join(stateDir, "collected_finalize.json");
+	const root = {};
+	for (const [xid, data] of collection.successes) root[xid.urString()] = {
+		key_package: data.keyPackage,
+		public_key_package: data.publicKeyPackage
+	};
+	node_fs.writeFileSync(collectedPath, JSON.stringify(root, null, 2));
+	const groupRecord = registry.group(groupId);
+	if (groupRecord === void 0) throw new Error("Group not found in registry");
+	if (groupVerifyingKey !== void 0) groupRecord.setVerifyingKey(groupVerifyingKey);
+	groupRecord.clearPendingRequests();
+	registry.save(registryPath);
+	if (require_common.isVerbose()) {
+		console.error();
+		console.error(`Collected ${collection.successes.length} finalize responses. Saved to ${collectedPath}`);
+		if (groupVerifyingKey !== void 0) console.error(groupVerifyingKey.urString());
+	} else if (groupVerifyingKey !== void 0) console.log(groupVerifyingKey.urString());
+	return groupVerifyingKey;
+}
+/**
+* Helper to convert hex string to bytes.
+*/
+function hexToBytes(hex) {
+	const bytes = new Uint8Array(hex.length / 2);
+	for (let i = 0; i < bytes.length; i++) bytes[i] = parseInt(hex.slice(i * 2, i * 2 + 2), 16);
+	return bytes;
+}
+/**
+* Execute the DKG coordinator finalize command.
+*
+* Collects finalize responses (key/public key packages) from all participants.
+*
+* Port of `finalize()` from cmd/dkg/coordinator/finalize.rs.
+*/
+async function finalize(client, options, cwd) {
+	const registryPath = require_registry_index.resolveRegistryPath(options.registryPath, cwd);
+	const registry = require_registry_index.Registry.load(registryPath);
+	const owner = registry.owner();
+	if (owner === void 0) throw new Error("Registry owner is required");
+	const groupId = require_common.parseAridUr(options.groupId);
+	const groupRecord = registry.group(groupId);
+	if (groupRecord === void 0) throw new Error(`Group ${options.groupId} not found in registry`);
+	validateCoordinator(groupRecord, owner.xid());
+	const pendingRequests = groupRecord.pendingRequests();
+	if (pendingRequests.isEmpty()) throw new Error("No pending requests for this group. Did you run 'frost dkg coordinator finalize send'?");
+	const coordinatorKeys = owner.xidDocument().inceptionPrivateKeys();
+	if (coordinatorKeys === void 0) throw new Error("Coordinator XID document has no private keys");
+	let verifyingKey;
+	let collected;
+	let rejected = 0;
+	let errors;
+	let timeouts = 0;
+	if (options.parallel === true) {
+		const collection = await collectFinalizeParallel(client, registry, pendingRequests, coordinatorKeys, groupId, options.timeoutSeconds);
+		verifyingKey = finalizeFinalizeCollectionResults(collection, registryPath, registry, groupId);
+		collected = collection.successes.length;
+		rejected = collection.rejections.length;
+		errors = collection.errors.length;
+		timeouts = collection.timeouts.length;
+	} else {
+		const collectedEntries = [];
+		const errorEntries = [];
+		let groupVerifyingKey;
+		if (require_common.isVerbose()) console.error(`Collecting finalize responses from ${pendingRequests.len()} participants...`);
+		for (const [participantXid, collectFromArid] of pendingRequests.iterCollect()) {
+			const name = registry.participant(participantXid)?.petName() ?? participantXid.urString();
+			try {
+				const entry = await fetchFinalizeResponse(client, collectFromArid, options.timeoutSeconds, coordinatorKeys, groupId, participantXid, name);
+				const pubKeyPkg = entry.publicKeyPackage;
+				if (!pubKeyPkg.verifying_key) throw new Error("missing verifying_key field");
+				const signingKey = require_common.signingKeyFromVerifying(hexToBytes(pubKeyPkg.verifying_key));
+				if (groupVerifyingKey !== void 0) {
+					if (groupVerifyingKey.urString() !== signingKey.urString()) {
+						if (require_common.isVerbose()) console.error("error: group verifying key mismatch");
+						errorEntries.push([participantXid, "Group verifying key mismatch across responses"]);
+						continue;
+					}
+				} else groupVerifyingKey = signingKey;
+				collectedEntries.push(entry);
+			} catch (err) {
+				if (require_common.isVerbose()) console.error(`error: ${err instanceof Error ? err.message : String(err)}`);
+				errorEntries.push([participantXid, err instanceof Error ? err.message : String(err)]);
+			}
+		}
+		if (errorEntries.length > 0) {
+			if (require_common.isVerbose()) {
+				console.error();
+				console.error(`Failed to collect from ${errorEntries.length} participants:`);
+				for (const [xid, error] of errorEntries) console.error(`  ${xid.urString()}: ${error}`);
+			}
+			throw new Error(`Finalize collection incomplete: ${errorEntries.length} of ${pendingRequests.len()} responses failed`);
+		}
+		const stateDir = require_common.groupStateDir(registryPath, groupId.hex());
+		node_fs.mkdirSync(stateDir, { recursive: true });
+		const collectedPath = node_path.join(stateDir, "collected_finalize.json");
+		const root = {};
+		for (const entry of collectedEntries) root[entry.participant.urString()] = {
+			key_package: entry.keyPackage,
+			public_key_package: entry.publicKeyPackage
+		};
+		node_fs.writeFileSync(collectedPath, JSON.stringify(root, null, 2));
+		const groupRecordMut = registry.group(groupId);
+		if (groupRecordMut === void 0) throw new Error("Group not found in registry");
+		if (groupVerifyingKey !== void 0) groupRecordMut.setVerifyingKey(groupVerifyingKey);
+		groupRecordMut.clearPendingRequests();
+		registry.save(registryPath);
+		if (require_common.isVerbose()) {
+			console.error();
+			console.error(`Collected ${collectedEntries.length} finalize responses. Saved to ${collectedPath}`);
+			if (groupVerifyingKey !== void 0) console.error(groupVerifyingKey.urString());
+		} else if (groupVerifyingKey !== void 0) console.log(groupVerifyingKey.urString());
+		verifyingKey = groupVerifyingKey;
+		collected = collectedEntries.length;
+		errors = errorEntries.length;
+	}
+	return {
+		verifyingKey: verifyingKey?.urString() ?? "",
+		collected,
+		rejected,
+		errors,
+		timeouts
+	};
+}
+//#endregion
+Object.defineProperty(exports, "finalize", {
+	enumerable: true,
+	get: function() {
+		return finalize;
+	}
+});
+Object.defineProperty(exports, "finalize_exports", {
+	enumerable: true,
+	get: function() {
+		return finalize_exports;
+	}
+});
+//# sourceMappingURL=finalize-DHEnKobp.cjs.map

package/dist/finalize-DHEnKobp.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"finalize-DHEnKobp.cjs","names":["SealedResponse","parseAridUr","getWithIndicator","isVerbose","parallelFetch","parallelFetchConfigWithTimeout","signingKeyFromVerifying","groupStateDir","path","resolveRegistryPath","Registry"],"sources":["../src/cmd/dkg/coordinator/finalize.ts"],"sourcesContent":["/**\n * Copyright © 2023-2026 Blockchain Commons, LLC\n * Copyright © 2025-2026 Parity Technologies\n *\n *\n * DKG coordinator finalize command.\n *\n * Port of cmd/dkg/coordinator/finalize.rs from frost-hubert-rust.\n *\n * @module\n */\n\nimport * as fs from \"node:fs\";\nimport * as path from \"node:path\";\n\nimport { type ARID, type PrivateKeys, type SigningPublicKey, type XID } from \"@bcts/components\";\nimport { type Envelope } from \"@bcts/envelope\";\nimport { SealedResponse } from \"@bcts/gstp\";\n\nimport {\n type GroupRecord,\n type PendingRequests,\n Registry,\n resolveRegistryPath,\n} from \"../../../registry/index.js\";\nimport { groupStateDir, isVerbose } from \"../../common.js\";\nimport {\n type CollectionResult,\n parallelFetch,\n type ParallelFetchConfig,\n parallelFetchConfigWithTimeout,\n} from \"../../parallel.js\";\nimport { type StorageClient } from \"../../storage.js\";\nimport { getWithIndicator } from \"../../busy.js\";\nimport { parseAridUr, signingKeyFromVerifying } from \"../common.js\";\n\n/**\n * Options for the DKG finalize command.\n */\nexport interface DkgFinalizeOptions {\n registryPath?: string;\n groupId: string;\n parallel?: boolean;\n timeoutSeconds?: number;\n verbose?: boolean;\n}\n\n/**\n * Result of the DKG finalize command.\n */\nexport interface DkgFinalizeResult {\n verifyingKey: string;\n collected: number;\n rejected: number;\n errors: number;\n timeouts: number;\n}\n\n/**\n * Data extracted from a successful finalize response.\n *\n * Port of `struct FinalizeResponseData` from finalize.rs.\n */\ninterface FinalizeResponseData {\n keyPackage: unknown;\n publicKeyPackage: unknown;\n}\n\n/**\n * Entry for a collected finalize response.\n *\n * Port of `struct FinalizeEntry` from finalize.rs.\n */\ninterface FinalizeEntry {\n participant: XID;\n keyPackage: unknown;\n publicKeyPackage: unknown;\n}\n\n/**\n * Validate that the owner is the coordinator of the group.\n *\n * Port of coordinator check from finalize.rs lines 76-82.\n */\nfunction validateCoordinator(groupRecord: GroupRecord, ownerXid: XID): void {\n if (groupRecord.coordinator().xid().urString() !== ownerXid.urString()) {\n throw new Error(\n `Only the coordinator can collect finalize responses. Coordinator: ${groupRecord.coordinator().xid().urString()}, Owner: ${ownerXid.urString()}`,\n );\n }\n}\n\n/**\n * Validate envelope and extract finalize data (for parallel fetch).\n *\n * Port of `validate_and_extract_finalize_response()` from finalize.rs lines 407-466.\n */\nfunction validateAndExtractFinalizeResponse(\n envelope: Envelope,\n coordinatorKeys: PrivateKeys,\n expectedGroupId: ARID,\n expectedParticipant: XID,\n): FinalizeResponseData | { rejected: string } {\n const now = new Date();\n\n let sealed: SealedResponse;\n try {\n sealed = SealedResponse.tryFromEncryptedEnvelope(envelope, undefined, now, coordinatorKeys);\n } catch (err) {\n return {\n rejected: `Failed to decrypt/parse response: ${err instanceof Error ? err.message : String(err)}`,\n };\n }\n\n // Check for error response\n if (!sealed.isOk()) {\n try {\n const error = sealed.error();\n const reasonEnv = error.optionalObjectForPredicate(\"reason\");\n const reason = reasonEnv?.extractString() ?? \"unknown reason\";\n return { rejected: `Participant reported error: ${reason}` };\n } catch {\n return { rejected: \"Participant reported error: unknown reason\" };\n }\n }\n\n // Get and validate result\n let result: Envelope;\n try {\n result = sealed.result();\n } catch {\n return { rejected: \"Finalize response has no result\" };\n }\n\n // Validate response type\n try {\n result.checkSubjectUnit();\n result.checkType(\"dkgFinalizeResponse\");\n } catch (err) {\n return {\n rejected: `Invalid response type: ${err instanceof Error ? err.message : String(err)}`,\n };\n }\n\n // Validate group ID\n try {\n const groupEnv = result.objectForPredicate(\"group\");\n const groupIdStr = groupEnv.extractString();\n const groupId = parseAridUr(groupIdStr);\n if (groupId.urString() !== expectedGroupId.urString()) {\n return {\n rejected: `Group ${groupId.urString()} does not match expected ${expectedGroupId.urString()}`,\n };\n }\n } catch (err) {\n return {\n rejected: `Failed to extract group: ${err instanceof Error ? err.message : String(err)}`,\n };\n }\n\n // Validate participant\n try {\n const participantEnv = result.objectForPredicate(\"participant\");\n const participantStr = participantEnv.extractString();\n // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-require-imports, no-undef\n const { XID: XIDClass } = require(\"@bcts/components\");\n // eslint-disable-next-line @typescript-eslint/no-unsafe-call, @typescript-eslint/no-unsafe-member-access\n const participantXid = XIDClass.fromURString(participantStr) as XID;\n if (participantXid.urString() !== expectedParticipant.urString()) {\n return {\n rejected: `Participant ${participantXid.urString()} does not match expected ${expectedParticipant.urString()}`,\n };\n }\n } catch (err) {\n return {\n rejected: `Failed to extract participant: ${err instanceof Error ? err.message : String(err)}`,\n };\n }\n\n // Extract key packages\n let keyPackage: unknown;\n let publicKeyPackage: unknown;\n\n try {\n const keyJsonEnv = result.objectForPredicate(\"key_package\");\n const keyJsonStr = keyJsonEnv.extractString();\n keyPackage = JSON.parse(keyJsonStr);\n } catch (err) {\n return {\n rejected: `Failed to parse key_package: ${err instanceof Error ? err.message : String(err)}`,\n };\n }\n\n try {\n const pubJsonEnv = result.objectForPredicate(\"public_key_package\");\n const pubJsonStr = pubJsonEnv.extractString();\n publicKeyPackage = JSON.parse(pubJsonStr);\n } catch (err) {\n return {\n rejected: `Failed to parse public_key_package: ${err instanceof Error ? err.message : String(err)}`,\n };\n }\n\n return { keyPackage, publicKeyPackage };\n}\n\n/**\n * Fetch a finalize response sequentially.\n *\n * Port of `fetch_finalize_response()` from finalize.rs lines 282-358.\n */\nasync function fetchFinalizeResponse(\n client: StorageClient,\n responseArid: ARID,\n timeout: number | undefined,\n coordinatorKeys: PrivateKeys,\n expectedGroup: ARID,\n expectedParticipant: XID,\n participantName: string,\n): Promise<FinalizeEntry> {\n const envelope = await getWithIndicator(\n client,\n responseArid,\n participantName,\n timeout,\n isVerbose(),\n );\n\n if (envelope === null || envelope === undefined) {\n throw new Error(\"Finalize response not found in Hubert storage\");\n }\n\n const result = validateAndExtractFinalizeResponse(\n envelope,\n coordinatorKeys,\n expectedGroup,\n expectedParticipant,\n );\n\n if (\"rejected\" in result) {\n throw new Error(result.rejected);\n }\n\n return {\n participant: expectedParticipant,\n keyPackage: result.keyPackage,\n publicKeyPackage: result.publicKeyPackage,\n };\n}\n\n/**\n * Collect finalize responses in parallel with progress display.\n *\n * Port of `collect_finalize_parallel()` from finalize.rs lines 371-404.\n */\nasync function collectFinalizeParallel(\n client: StorageClient,\n registry: Registry,\n pendingRequests: PendingRequests,\n coordinatorKeys: PrivateKeys,\n expectedGroupId: ARID,\n timeout: number | undefined,\n): Promise<CollectionResult<FinalizeResponseData>> {\n const requests: [XID, ARID, string][] = [];\n\n for (const [xid, arid] of pendingRequests.iterCollect()) {\n const record = registry.participant(xid);\n const name = record?.petName() ?? xid.urString();\n requests.push([xid, arid, name]);\n }\n\n const config: ParallelFetchConfig = parallelFetchConfigWithTimeout(timeout);\n\n return parallelFetch(\n client,\n requests,\n (envelope: Envelope, xid: XID) =>\n validateAndExtractFinalizeResponse(envelope, coordinatorKeys, expectedGroupId, xid),\n config,\n );\n}\n\n/**\n * Finalize collection results: persist, update registry, print summary.\n *\n * Port of `finalize_collection_results()` from finalize.rs lines 469-590.\n */\nfunction finalizeFinalizeCollectionResults(\n collection: CollectionResult<FinalizeResponseData>,\n registryPath: string,\n registry: Registry,\n groupId: ARID,\n): SigningPublicKey | undefined {\n // Report any failures\n if (collection.rejections.length > 0) {\n console.error();\n console.error(\"Rejections:\");\n for (const [xid, reason] of collection.rejections) {\n console.error(` ${xid.urString()}: ${reason}`);\n }\n }\n if (collection.errors.length > 0) {\n console.error();\n console.error(\"Errors:\");\n for (const [xid, error] of collection.errors) {\n console.error(` ${xid.urString()}: ${error}`);\n }\n }\n if (collection.timeouts.length > 0) {\n console.error();\n console.error(\"Timeouts:\");\n for (const xid of collection.timeouts) {\n console.error(` ${xid.urString()}`);\n }\n }\n\n if (!collection.allSucceeded()) {\n throw new Error(\n `Finalize collection incomplete: ${collection.successes.length} succeeded, ` +\n `${collection.rejections.length} rejected, ${collection.errors.length} errors, ` +\n `${collection.timeouts.length} timeouts`,\n );\n }\n\n // Validate group verifying key consistency\n let groupVerifyingKey: SigningPublicKey | undefined;\n\n for (const [xid, data] of collection.successes) {\n // Extract verifying_key from public_key_package\n const pubKeyPkg = data.publicKeyPackage as { verifying_key?: string };\n if (!pubKeyPkg.verifying_key) {\n throw new Error(\n `Failed to extract verifying key for ${xid.urString()}: missing verifying_key field`,\n );\n }\n\n // The verifying key is typically hex-encoded\n let signingKey: SigningPublicKey;\n try {\n const verifyingKeyBytes = hexToBytes(pubKeyPkg.verifying_key);\n signingKey = signingKeyFromVerifying(verifyingKeyBytes) as SigningPublicKey;\n } catch (err) {\n throw new Error(\n `Failed to extract verifying key for ${xid.urString()}: ${err instanceof Error ? err.message : String(err)}`,\n { cause: err },\n );\n }\n\n if (groupVerifyingKey !== undefined) {\n if (groupVerifyingKey.urString() !== signingKey.urString()) {\n throw new Error(`Group verifying key mismatch for participant ${xid.urString()}`);\n }\n } else {\n groupVerifyingKey = signingKey;\n }\n }\n\n // Persist collected finalize data\n const stateDir = groupStateDir(registryPath, groupId.hex());\n fs.mkdirSync(stateDir, { recursive: true });\n\n const collectedPath = path.join(stateDir, \"collected_finalize.json\");\n const root: Record<string, { key_package: unknown; public_key_package: unknown }> = {};\n\n for (const [xid, data] of collection.successes) {\n root[xid.urString()] = {\n key_package: data.keyPackage,\n public_key_package: data.publicKeyPackage,\n };\n }\n\n fs.writeFileSync(collectedPath, JSON.stringify(root, null, 2));\n\n // Update registry\n const groupRecord = registry.group(groupId);\n if (groupRecord === undefined) {\n throw new Error(\"Group not found in registry\");\n }\n\n if (groupVerifyingKey !== undefined) {\n groupRecord.setVerifyingKey(groupVerifyingKey);\n }\n groupRecord.clearPendingRequests();\n registry.save(registryPath);\n\n if (isVerbose()) {\n console.error();\n console.error(\n `Collected ${collection.successes.length} finalize responses. Saved to ${collectedPath}`,\n );\n if (groupVerifyingKey !== undefined) {\n console.error(groupVerifyingKey.urString());\n }\n } else if (groupVerifyingKey !== undefined) {\n console.log(groupVerifyingKey.urString());\n }\n\n return groupVerifyingKey;\n}\n\n/**\n * Helper to convert hex string to bytes.\n */\nfunction hexToBytes(hex: string): Uint8Array {\n const bytes = new Uint8Array(hex.length / 2);\n for (let i = 0; i < bytes.length; i++) {\n bytes[i] = parseInt(hex.slice(i * 2, i * 2 + 2), 16);\n }\n return bytes;\n}\n\n/**\n * Execute the DKG coordinator finalize command.\n *\n * Collects finalize responses (key/public key packages) from all participants.\n *\n * Port of `finalize()` from cmd/dkg/coordinator/finalize.rs.\n */\nexport async function finalize(\n client: StorageClient,\n options: DkgFinalizeOptions,\n cwd: string,\n): Promise<DkgFinalizeResult> {\n const registryPath = resolveRegistryPath(options.registryPath, cwd);\n const registry = Registry.load(registryPath);\n\n const owner = registry.owner();\n if (owner === undefined) {\n throw new Error(\"Registry owner is required\");\n }\n\n const groupId = parseAridUr(options.groupId);\n const groupRecord = registry.group(groupId);\n\n if (groupRecord === undefined) {\n throw new Error(`Group ${options.groupId} not found in registry`);\n }\n\n // Validate that owner is the coordinator\n validateCoordinator(groupRecord, owner.xid());\n\n const pendingRequests = groupRecord.pendingRequests();\n if (pendingRequests.isEmpty()) {\n throw new Error(\n \"No pending requests for this group. Did you run 'frost dkg coordinator finalize send'?\",\n );\n }\n\n const coordinatorKeys = owner.xidDocument().inceptionPrivateKeys();\n if (coordinatorKeys === undefined) {\n throw new Error(\"Coordinator XID document has no private keys\");\n }\n\n let verifyingKey: SigningPublicKey | undefined;\n let collected: number;\n let rejected = 0;\n let errors: number;\n let timeouts = 0;\n\n if (options.parallel === true) {\n // Parallel path with progress display\n const collection = await collectFinalizeParallel(\n client,\n registry,\n pendingRequests,\n coordinatorKeys,\n groupId,\n options.timeoutSeconds,\n );\n\n verifyingKey = finalizeFinalizeCollectionResults(collection, registryPath, registry, groupId);\n\n collected = collection.successes.length;\n rejected = collection.rejections.length;\n errors = collection.errors.length;\n timeouts = collection.timeouts.length;\n } else {\n // Sequential path (original behavior)\n const collectedEntries: FinalizeEntry[] = [];\n const errorEntries: [XID, string][] = [];\n let groupVerifyingKey: SigningPublicKey | undefined;\n\n if (isVerbose()) {\n console.error(`Collecting finalize responses from ${pendingRequests.len()} participants...`);\n }\n\n for (const [participantXid, collectFromArid] of pendingRequests.iterCollect()) {\n const record = registry.participant(participantXid);\n const name = record?.petName() ?? participantXid.urString();\n\n try {\n const entry = await fetchFinalizeResponse(\n client,\n collectFromArid,\n options.timeoutSeconds,\n coordinatorKeys,\n groupId,\n participantXid,\n name,\n );\n\n // Extract verifying key from public_key_package\n const pubKeyPkg = entry.publicKeyPackage as { verifying_key?: string };\n if (!pubKeyPkg.verifying_key) {\n throw new Error(\"missing verifying_key field\");\n }\n\n const verifyingKeyBytes = hexToBytes(pubKeyPkg.verifying_key);\n const signingKey = signingKeyFromVerifying(verifyingKeyBytes) as SigningPublicKey;\n\n if (groupVerifyingKey !== undefined) {\n if (groupVerifyingKey.urString() !== signingKey.urString()) {\n if (isVerbose()) {\n console.error(\"error: group verifying key mismatch\");\n }\n errorEntries.push([participantXid, \"Group verifying key mismatch across responses\"]);\n continue;\n }\n } else {\n groupVerifyingKey = signingKey;\n }\n\n collectedEntries.push(entry);\n } catch (err) {\n if (isVerbose()) {\n console.error(`error: ${err instanceof Error ? err.message : String(err)}`);\n }\n errorEntries.push([participantXid, err instanceof Error ? err.message : String(err)]);\n }\n }\n\n if (errorEntries.length > 0) {\n if (isVerbose()) {\n console.error();\n console.error(`Failed to collect from ${errorEntries.length} participants:`);\n for (const [xid, error] of errorEntries) {\n console.error(` ${xid.urString()}: ${error}`);\n }\n }\n throw new Error(\n `Finalize collection incomplete: ${errorEntries.length} of ${pendingRequests.len()} responses failed`,\n );\n }\n\n // Persist collected finalize data\n const stateDir = groupStateDir(registryPath, groupId.hex());\n fs.mkdirSync(stateDir, { recursive: true });\n\n const collectedPath = path.join(stateDir, \"collected_finalize.json\");\n const root: Record<string, { key_package: unknown; public_key_package: unknown }> = {};\n\n for (const entry of collectedEntries) {\n root[entry.participant.urString()] = {\n key_package: entry.keyPackage,\n public_key_package: entry.publicKeyPackage,\n };\n }\n\n fs.writeFileSync(collectedPath, JSON.stringify(root, null, 2));\n\n // Update registry pending requests cleared\n const groupRecordMut = registry.group(groupId);\n if (groupRecordMut === undefined) {\n throw new Error(\"Group not found in registry\");\n }\n\n if (groupVerifyingKey !== undefined) {\n groupRecordMut.setVerifyingKey(groupVerifyingKey);\n }\n groupRecordMut.clearPendingRequests();\n registry.save(registryPath);\n\n if (isVerbose()) {\n console.error();\n console.error(\n `Collected ${collectedEntries.length} finalize responses. Saved to ${collectedPath}`,\n );\n if (groupVerifyingKey !== undefined) {\n console.error(groupVerifyingKey.urString());\n }\n } else if (groupVerifyingKey !== undefined) {\n console.log(groupVerifyingKey.urString());\n }\n\n verifyingKey = groupVerifyingKey;\n collected = collectedEntries.length;\n errors = errorEntries.length;\n }\n\n return {\n verifyingKey: verifyingKey?.urString() ?? \"\",\n collected,\n rejected,\n errors,\n timeouts,\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoFA,SAAS,oBAAoB,aAA0B,UAAqB;CAC1E,IAAI,YAAY,YAAY,EAAE,IAAI,EAAE,SAAS,MAAM,SAAS,SAAS,GACnE,MAAM,IAAI,MACR,qEAAqE,YAAY,YAAY,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,SAAS,SAAS,GAC/I;AAEJ;;;;;;AAOA,SAAS,mCACP,UACA,iBACA,iBACA,qBAC6C;CAC7C,MAAM,sBAAM,IAAI,KAAK;CAErB,IAAI;CACJ,IAAI;EACF,SAASA,WAAAA,eAAe,yBAAyB,UAAU,KAAA,GAAW,KAAK,eAAe;CAC5F,SAAS,KAAK;EACZ,OAAO,EACL,UAAU,qCAAqC,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,IAChG;CACF;CAGA,IAAI,CAAC,OAAO,KAAK,GACf,IAAI;EAIF,OAAO,EAAE,UAAU,+BAHL,OAAO,MACC,EAAE,2BAA2B,QAC5B,GAAG,cAAc,KAAK,mBACc;CAC7D,QAAQ;EACN,OAAO,EAAE,UAAU,6CAA6C;CAClE;CAIF,IAAI;CACJ,IAAI;EACF,SAAS,OAAO,OAAO;CACzB,QAAQ;EACN,OAAO,EAAE,UAAU,kCAAkC;CACvD;CAGA,IAAI;EACF,OAAO,iBAAiB;EACxB,OAAO,UAAU,qBAAqB;CACxC,SAAS,KAAK;EACZ,OAAO,EACL,UAAU,0BAA0B,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,IACrF;CACF;CAGA,IAAI;EAGF,MAAM,UAAUC,eAAAA,YAFC,OAAO,mBAAmB,OACjB,EAAE,cACS,CAAC;EACtC,IAAI,QAAQ,SAAS,MAAM,gBAAgB,SAAS,GAClD,OAAO,EACL,UAAU,SAAS,QAAQ,SAAS,EAAE,2BAA2B,gBAAgB,SAAS,IAC5F;CAEJ,SAAS,KAAK;EACZ,OAAO,EACL,UAAU,4BAA4B,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,IACvF;CACF;CAGA,IAAI;EAEF,MAAM,iBADiB,OAAO,mBAAmB,aACb,EAAE,cAAc;EAEpD,MAAM,EAAE,KAAK,aAAa,QAAQ,kBAAkB;EAEpD,MAAM,iBAAiB,SAAS,aAAa,cAAc;EAC3D,IAAI,eAAe,SAAS,MAAM,oBAAoB,SAAS,GAC7D,OAAO,EACL,UAAU,eAAe,eAAe,SAAS,EAAE,2BAA2B,oBAAoB,SAAS,IAC7G;CAEJ,SAAS,KAAK;EACZ,OAAO,EACL,UAAU,kCAAkC,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,IAC7F;CACF;CAGA,IAAI;CACJ,IAAI;CAEJ,IAAI;EAEF,MAAM,aADa,OAAO,mBAAmB,aACjB,EAAE,cAAc;EAC5C,aAAa,KAAK,MAAM,UAAU;CACpC,SAAS,KAAK;EACZ,OAAO,EACL,UAAU,gCAAgC,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,IAC3F;CACF;CAEA,IAAI;EAEF,MAAM,aADa,OAAO,mBAAmB,oBACjB,EAAE,cAAc;EAC5C,mBAAmB,KAAK,MAAM,UAAU;CAC1C,SAAS,KAAK;EACZ,OAAO,EACL,UAAU,uCAAuC,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,IAClG;CACF;CAEA,OAAO;EAAE;EAAY;CAAiB;AACxC;;;;;;AAOA,eAAe,sBACb,QACA,cACA,SACA,iBACA,eACA,qBACA,iBACwB;CACxB,MAAM,WAAW,MAAMC,aAAAA,iBACrB,QACA,cACA,iBACA,SACAC,eAAAA,UAAU,CACZ;CAEA,IAAI,aAAa,QAAQ,aAAa,KAAA,GACpC,MAAM,IAAI,MAAM,+CAA+C;CAGjE,MAAM,SAAS,mCACb,UACA,iBACA,eACA,mBACF;CAEA,IAAI,cAAc,QAChB,MAAM,IAAI,MAAM,OAAO,QAAQ;CAGjC,OAAO;EACL,aAAa;EACb,YAAY,OAAO;EACnB,kBAAkB,OAAO;CAC3B;AACF;;;;;;AAOA,eAAe,wBACb,QACA,UACA,iBACA,iBACA,iBACA,SACiD;CACjD,MAAM,WAAkC,CAAC;CAEzC,KAAK,MAAM,CAAC,KAAK,SAAS,gBAAgB,YAAY,GAAG;EAEvD,MAAM,OADS,SAAS,YAAY,GAClB,GAAG,QAAQ,KAAK,IAAI,SAAS;EAC/C,SAAS,KAAK;GAAC;GAAK;GAAM;EAAI,CAAC;CACjC;CAIA,OAAOC,iBAAAA,cACL,QACA,WACC,UAAoB,QACnB,mCAAmC,UAAU,iBAAiB,iBAAiB,GAAG,GANlDC,iBAAAA,+BAA+B,OAO5D,CACP;AACF;;;;;;AAOA,SAAS,kCACP,YACA,cACA,UACA,SAC8B;CAE9B,IAAI,WAAW,WAAW,SAAS,GAAG;EACpC,QAAQ,MAAM;EACd,QAAQ,MAAM,aAAa;EAC3B,KAAK,MAAM,CAAC,KAAK,WAAW,WAAW,YACrC,QAAQ,MAAM,KAAK,IAAI,SAAS,EAAE,IAAI,QAAQ;CAElD;CACA,IAAI,WAAW,OAAO,SAAS,GAAG;EAChC,QAAQ,MAAM;EACd,QAAQ,MAAM,SAAS;EACvB,KAAK,MAAM,CAAC,KAAK,UAAU,WAAW,QACpC,QAAQ,MAAM,KAAK,IAAI,SAAS,EAAE,IAAI,OAAO;CAEjD;CACA,IAAI,WAAW,SAAS,SAAS,GAAG;EAClC,QAAQ,MAAM;EACd,QAAQ,MAAM,WAAW;EACzB,KAAK,MAAM,OAAO,WAAW,UAC3B,QAAQ,MAAM,KAAK,IAAI,SAAS,GAAG;CAEvC;CAEA,IAAI,CAAC,WAAW,aAAa,GAC3B,MAAM,IAAI,MACR,mCAAmC,WAAW,UAAU,OAAO,cAC1D,WAAW,WAAW,OAAO,aAAa,WAAW,OAAO,OAAO,WACnE,WAAW,SAAS,OAAO,UAClC;CAIF,IAAI;CAEJ,KAAK,MAAM,CAAC,KAAK,SAAS,WAAW,WAAW;EAE9C,MAAM,YAAY,KAAK;EACvB,IAAI,CAAC,UAAU,eACb,MAAM,IAAI,MACR,uCAAuC,IAAI,SAAS,EAAE,8BACxD;EAIF,IAAI;EACJ,IAAI;GAEF,aAAaC,eAAAA,wBADa,WAAW,UAAU,aACM,CAAC;EACxD,SAAS,KAAK;GACZ,MAAM,IAAI,MACR,uCAAuC,IAAI,SAAS,EAAE,IAAI,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,KACzG,EAAE,OAAO,IAAI,CACf;EACF;EAEA,IAAI,sBAAsB,KAAA;OACpB,kBAAkB,SAAS,MAAM,WAAW,SAAS,GACvD,MAAM,IAAI,MAAM,gDAAgD,IAAI,SAAS,GAAG;EAAA,OAGlF,oBAAoB;CAExB;CAGA,MAAM,WAAWC,eAAAA,cAAc,cAAc,QAAQ,IAAI,CAAC;CAC1D,QAAG,UAAU,UAAU,EAAE,WAAW,KAAK,CAAC;CAE1C,MAAM,gBAAgBC,UAAK,KAAK,UAAU,yBAAyB;CACnE,MAAM,OAA8E,CAAC;CAErF,KAAK,MAAM,CAAC,KAAK,SAAS,WAAW,WACnC,KAAK,IAAI,SAAS,KAAK;EACrB,aAAa,KAAK;EAClB,oBAAoB,KAAK;CAC3B;CAGF,QAAG,cAAc,eAAe,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;CAG7D,MAAM,cAAc,SAAS,MAAM,OAAO;CAC1C,IAAI,gBAAgB,KAAA,GAClB,MAAM,IAAI,MAAM,6BAA6B;CAG/C,IAAI,sBAAsB,KAAA,GACxB,YAAY,gBAAgB,iBAAiB;CAE/C,YAAY,qBAAqB;CACjC,SAAS,KAAK,YAAY;CAE1B,IAAIL,eAAAA,UAAU,GAAG;EACf,QAAQ,MAAM;EACd,QAAQ,MACN,aAAa,WAAW,UAAU,OAAO,gCAAgC,eAC3E;EACA,IAAI,sBAAsB,KAAA,GACxB,QAAQ,MAAM,kBAAkB,SAAS,CAAC;CAE9C,OAAO,IAAI,sBAAsB,KAAA,GAC/B,QAAQ,IAAI,kBAAkB,SAAS,CAAC;CAG1C,OAAO;AACT;;;;AAKA,SAAS,WAAW,KAAyB;CAC3C,MAAM,QAAQ,IAAI,WAAW,IAAI,SAAS,CAAC;CAC3C,KAAK,IAAI,IAAI,GAAG,IAAI,MAAM,QAAQ,KAChC,MAAM,KAAK,SAAS,IAAI,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,GAAG,EAAE;CAErD,OAAO;AACT;;;;;;;;AASA,eAAsB,SACpB,QACA,SACA,KAC4B;CAC5B,MAAM,eAAeM,uBAAAA,oBAAoB,QAAQ,cAAc,GAAG;CAClE,MAAM,WAAWC,uBAAAA,SAAS,KAAK,YAAY;CAE3C,MAAM,QAAQ,SAAS,MAAM;CAC7B,IAAI,UAAU,KAAA,GACZ,MAAM,IAAI,MAAM,4BAA4B;CAG9C,MAAM,UAAUT,eAAAA,YAAY,QAAQ,OAAO;CAC3C,MAAM,cAAc,SAAS,MAAM,OAAO;CAE1C,IAAI,gBAAgB,KAAA,GAClB,MAAM,IAAI,MAAM,SAAS,QAAQ,QAAQ,uBAAuB;CAIlE,oBAAoB,aAAa,MAAM,IAAI,CAAC;CAE5C,MAAM,kBAAkB,YAAY,gBAAgB;CACpD,IAAI,gBAAgB,QAAQ,GAC1B,MAAM,IAAI,MACR,wFACF;CAGF,MAAM,kBAAkB,MAAM,YAAY,EAAE,qBAAqB;CACjE,IAAI,oBAAoB,KAAA,GACtB,MAAM,IAAI,MAAM,8CAA8C;CAGhE,IAAI;CACJ,IAAI;CACJ,IAAI,WAAW;CACf,IAAI;CACJ,IAAI,WAAW;CAEf,IAAI,QAAQ,aAAa,MAAM;EAE7B,MAAM,aAAa,MAAM,wBACvB,QACA,UACA,iBACA,iBACA,SACA,QAAQ,cACV;EAEA,eAAe,kCAAkC,YAAY,cAAc,UAAU,OAAO;EAE5F,YAAY,WAAW,UAAU;EACjC,WAAW,WAAW,WAAW;EACjC,SAAS,WAAW,OAAO;EAC3B,WAAW,WAAW,SAAS;CACjC,OAAO;EAEL,MAAM,mBAAoC,CAAC;EAC3C,MAAM,eAAgC,CAAC;EACvC,IAAI;EAEJ,IAAIE,eAAAA,UAAU,GACZ,QAAQ,MAAM,sCAAsC,gBAAgB,IAAI,EAAE,iBAAiB;EAG7F,KAAK,MAAM,CAAC,gBAAgB,oBAAoB,gBAAgB,YAAY,GAAG;GAE7E,MAAM,OADS,SAAS,YAAY,cAClB,GAAG,QAAQ,KAAK,eAAe,SAAS;GAE1D,IAAI;IACF,MAAM,QAAQ,MAAM,sBAClB,QACA,iBACA,QAAQ,gBACR,iBACA,SACA,gBACA,IACF;IAGA,MAAM,YAAY,MAAM;IACxB,IAAI,CAAC,UAAU,eACb,MAAM,IAAI,MAAM,6BAA6B;IAI/C,MAAM,aAAaG,eAAAA,wBADO,WAAW,UAAU,aACY,CAAC;IAE5D,IAAI,sBAAsB,KAAA;SACpB,kBAAkB,SAAS,MAAM,WAAW,SAAS,GAAG;MAC1D,IAAIH,eAAAA,UAAU,GACZ,QAAQ,MAAM,qCAAqC;MAErD,aAAa,KAAK,CAAC,gBAAgB,+CAA+C,CAAC;MACnF;KACF;WAEA,oBAAoB;IAGtB,iBAAiB,KAAK,KAAK;GAC7B,SAAS,KAAK;IACZ,IAAIA,eAAAA,UAAU,GACZ,QAAQ,MAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,GAAG;IAE5E,aAAa,KAAK,CAAC,gBAAgB,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC,CAAC;GACtF;EACF;EAEA,IAAI,aAAa,SAAS,GAAG;GAC3B,IAAIA,eAAAA,UAAU,GAAG;IACf,QAAQ,MAAM;IACd,QAAQ,MAAM,0BAA0B,aAAa,OAAO,eAAe;IAC3E,KAAK,MAAM,CAAC,KAAK,UAAU,cACzB,QAAQ,MAAM,KAAK,IAAI,SAAS,EAAE,IAAI,OAAO;GAEjD;GACA,MAAM,IAAI,MACR,mCAAmC,aAAa,OAAO,MAAM,gBAAgB,IAAI,EAAE,kBACrF;EACF;EAGA,MAAM,WAAWI,eAAAA,cAAc,cAAc,QAAQ,IAAI,CAAC;EAC1D,QAAG,UAAU,UAAU,EAAE,WAAW,KAAK,CAAC;EAE1C,MAAM,gBAAgBC,UAAK,KAAK,UAAU,yBAAyB;EACnE,MAAM,OAA8E,CAAC;EAErF,KAAK,MAAM,SAAS,kBAClB,KAAK,MAAM,YAAY,SAAS,KAAK;GACnC,aAAa,MAAM;GACnB,oBAAoB,MAAM;EAC5B;EAGF,QAAG,cAAc,eAAe,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;EAG7D,MAAM,iBAAiB,SAAS,MAAM,OAAO;EAC7C,IAAI,mBAAmB,KAAA,GACrB,MAAM,IAAI,MAAM,6BAA6B;EAG/C,IAAI,sBAAsB,KAAA,GACxB,eAAe,gBAAgB,iBAAiB;EAElD,eAAe,qBAAqB;EACpC,SAAS,KAAK,YAAY;EAE1B,IAAIL,eAAAA,UAAU,GAAG;GACf,QAAQ,MAAM;GACd,QAAQ,MACN,aAAa,iBAAiB,OAAO,gCAAgC,eACvE;GACA,IAAI,sBAAsB,KAAA,GACxB,QAAQ,MAAM,kBAAkB,SAAS,CAAC;EAE9C,OAAO,IAAI,sBAAsB,KAAA,GAC/B,QAAQ,IAAI,kBAAkB,SAAS,CAAC;EAG1C,eAAe;EACf,YAAY,iBAAiB;EAC7B,SAAS,aAAa;CACxB;CAEA,OAAO;EACL,cAAc,cAAc,SAAS,KAAK;EAC1C;EACA;EACA;EACA;CACF;AACF"}

package/dist/finalize-DQ0VGUHO.cjs ADDED Viewed

@@ -0,0 +1,265 @@
+const require_chunk = require("./chunk-DakpK96I.cjs");
+const require_proposed_participant = require("./proposed-participant-BvHNnpcZ.cjs");
+const require_registry_index = require("./registry/index.cjs");
+const require_common = require("./common-CnvAUC2b.cjs");
+const require_busy = require("./busy-B_h0bNAJ.cjs");
+const require_registry = require("./registry-CkIbA7nt.cjs");
+const require_frost_index = require("./frost/index.cjs");
+let _bcts_components = require("@bcts/components");
+let _bcts_dcbor = require("@bcts/dcbor");
+let _bcts_envelope = require("@bcts/envelope");
+let _bcts_gstp = require("@bcts/gstp");
+let node_fs = require("node:fs");
+node_fs = require_chunk.__toESM(node_fs, 1);
+let node_path = require("node:path");
+node_path = require_chunk.__toESM(node_path, 1);
+let _frosts_ed25519 = require("@frosts/ed25519");
+let _frosts_core = require("@frosts/core");
+//#region src/cmd/dkg/participant/finalize.ts
+/**
+* Copyright © 2023-2026 Blockchain Commons, LLC
+* Copyright © 2025-2026 Parity Technologies
+*
+*
+* DKG participant finalize command.
+*
+* Port of cmd/dkg/participant/finalize.rs from frost-hubert-rust.
+*
+* @module
+*/
+var finalize_exports = /* @__PURE__ */ require_chunk.__exportAll({ finalize: () => finalize });
+/**
+* Load persisted round 2 state from disk.
+*
+* Port of round2_secret loading from cmd/dkg/participant/finalize.rs lines 82-106.
+*/
+function loadRound2State(registryPath, groupId) {
+	const stateDir = require_common.groupStateDir(registryPath, groupId.hex());
+	const round2SecretPath = node_path.join(stateDir, "round2_secret.json");
+	if (!node_fs.existsSync(round2SecretPath)) throw new Error(`Round 2 secret not found at ${round2SecretPath}. Did you run round2?`);
+	const secretJson = JSON.parse(node_fs.readFileSync(round2SecretPath, "utf-8"));
+	const idBytes = require_frost_index.hexToBytes(secretJson.identifier);
+	let identifierU16 = 1;
+	if (idBytes.length >= 2) identifierU16 = idBytes[0] | idBytes[1] << 8;
+	if (identifierU16 === 0) identifierU16 = 1;
+	const identifier = require_frost_index.identifierFromU16(identifierU16);
+	const commitment = new _frosts_core.VerifiableSecretSharingCommitment(_frosts_ed25519.Ed25519Sha512, secretJson.commitment.map((hex) => _frosts_core.CoefficientCommitment.deserialize(_frosts_ed25519.Ed25519Sha512, require_frost_index.hexToBytes(hex))));
+	const secretShareScalar = _frosts_ed25519.Ed25519Sha512.deserializeScalar(require_frost_index.hexToBytes(secretJson.secret_share));
+	const secretPackage = new _frosts_core.round2.SecretPackage(_frosts_ed25519.Ed25519Sha512, identifier, commitment, secretShareScalar, secretJson.min_signers, secretJson.max_signers);
+	const round1Path = node_path.join(stateDir, "collected_round1.json");
+	if (!node_fs.existsSync(round1Path)) throw new Error(`Round 1 packages not found at ${round1Path}. Did you receive earlier phases?`);
+	const round1Json = JSON.parse(node_fs.readFileSync(round1Path, "utf-8"));
+	const round1Packages = /* @__PURE__ */ new Map();
+	for (const [xidStr, value] of Object.entries(round1Json)) {
+		const packageJson = value;
+		const pkg = _frosts_ed25519.serde.round1PackageFromJson(packageJson);
+		round1Packages.set(xidStr, pkg);
+	}
+	return {
+		secretPackage,
+		round1Packages
+	};
+}
+/**
+* Validate the finalize request from the coordinator.
+*
+* Port of request validation from cmd/dkg/participant/finalize.rs lines 139-161.
+*/
+function validateFinalizeRequest(sealedRequest, groupId, expectedCoordinator) {
+	if (!sealedRequest.function().equals(_bcts_envelope.Function.fromString("dkgFinalize"))) throw new Error(`Unexpected request function: ${sealedRequest.function().toString()}`);
+	if (sealedRequest.sender().xid().urString() !== expectedCoordinator.urString()) throw new Error(`Unexpected request sender: ${sealedRequest.sender().xid().urString()} (expected coordinator ${expectedCoordinator.urString()})`);
+	const requestGroupIdEnvelope = sealedRequest.objectForParameter("group");
+	if (requestGroupIdEnvelope === void 0) throw new Error("Request missing group parameter");
+	const requestGroupId = requestGroupIdEnvelope.extractSubject((cbor) => _bcts_components.ARID.fromTaggedCbor(cbor));
+	if (requestGroupId.urString() !== groupId.urString()) throw new Error(`Request group ID ${requestGroupId.urString()} does not match expected ${groupId.urString()}`);
+	const responseAridEnvelope = sealedRequest.objectForParameter("responseArid");
+	if (responseAridEnvelope === void 0) throw new Error("Request missing responseArid parameter");
+	return responseAridEnvelope.extractSubject((cbor) => _bcts_components.ARID.fromTaggedCbor(cbor));
+}
+/**
+* Extract round 2 packages from the finalize request.
+*
+* Port of round2 package extraction from cmd/dkg/participant/finalize.rs lines 209-229.
+*/
+function extractFinalizePackages(request, groupRecord, ownerXid) {
+	const sortedXids = groupRecord.participants().map((p) => p.xid());
+	const ownerUrString = ownerXid.urString();
+	if (!sortedXids.some((xid) => xid.urString() === ownerUrString)) sortedXids.push(ownerXid);
+	sortedXids.sort((a, b) => require_proposed_participant.compareXidBytes(a.toData(), b.toData()));
+	const deduped = [];
+	for (const xid of sortedXids) if (deduped.length === 0 || deduped[deduped.length - 1].urString() !== xid.urString()) deduped.push(xid);
+	const xidToIdentifier = /* @__PURE__ */ new Map();
+	for (let i = 0; i < deduped.length; i++) {
+		const identifier = require_frost_index.identifierFromU16(i + 1);
+		xidToIdentifier.set(deduped[i].urString(), identifier);
+	}
+	const myXidStr = ownerXid.urString();
+	const packages = /* @__PURE__ */ new Map();
+	const packageEnvelopes = request.objectsForParameter("round2Package");
+	for (const packageEnvelope of packageEnvelopes) {
+		const senderEnvelope = packageEnvelope.objectForPredicate("sender");
+		if (senderEnvelope === void 0) throw new Error("round2Package missing sender predicate");
+		const senderXid = senderEnvelope.extractSubject((cbor) => _bcts_components.XID.fromTaggedCbor(cbor));
+		if (senderXid.urString() === myXidStr) continue;
+		const identifier = xidToIdentifier.get(senderXid.urString());
+		if (identifier === void 0) throw new Error(`Unknown sender XID in round2Package: ${senderXid.urString()}`);
+		const packageJson = packageEnvelope.extractSubject((cbor) => _bcts_components.JSON.fromTaggedCbor(cbor));
+		const packageData = JSON.parse(new TextDecoder().decode(packageJson.toData()));
+		const pkg = _frosts_ed25519.serde.round2PackageFromJson(packageData);
+		packages.set(require_frost_index.identifierToHex(identifier), pkg);
+	}
+	return packages;
+}
+/**
+* Build the response body for the finalize response.
+*
+* Port of `build_response_body()` from cmd/dkg/participant/finalize.rs lines 344-359.
+*/
+function buildResponseBody(groupId, participantXid, keyPackage, publicKeyPackage) {
+	const keyPackageJson = require_frost_index.serializeKeyPackage(keyPackage);
+	const publicKeyPackageJson = require_frost_index.serializePublicKeyPackage(publicKeyPackage);
+	const keyJsonBytes = new TextEncoder().encode(JSON.stringify(keyPackageJson));
+	const keyJsonWrapper = _bcts_components.JSON.fromData(keyJsonBytes);
+	const pubJsonBytes = new TextEncoder().encode(JSON.stringify(publicKeyPackageJson));
+	const pubJsonWrapper = _bcts_components.JSON.fromData(pubJsonBytes);
+	return _bcts_envelope.Envelope.unit().addType("dkgFinalizeResponse").addAssertion("group", groupId).addAssertion("participant", participantXid).addAssertion("key_package", keyJsonWrapper).addAssertion("public_key_package", pubJsonWrapper);
+}
+/**
+* Persist finalize state (key packages) to disk.
+*
+* Port of key package persistence from cmd/dkg/participant/finalize.rs lines 251-257.
+*/
+function persistFinalizeState(registryPath, groupId, keyPackage, publicKeyPackage) {
+	const stateDir = require_common.groupStateDir(registryPath, groupId.hex());
+	node_fs.mkdirSync(stateDir, { recursive: true });
+	const serializedKeyPackage = require_frost_index.serializeKeyPackage(keyPackage);
+	const keyPackagePath = node_path.join(stateDir, "key_package.json");
+	node_fs.writeFileSync(keyPackagePath, JSON.stringify(serializedKeyPackage, null, 2));
+	const serializedPublicKeyPackage = require_frost_index.serializePublicKeyPackage(publicKeyPackage);
+	const publicKeyPackagePath = node_path.join(stateDir, "public_key_package.json");
+	node_fs.writeFileSync(publicKeyPackagePath, JSON.stringify(serializedPublicKeyPackage, null, 2));
+	return {
+		keyPackagePath,
+		publicKeyPackagePath
+	};
+}
+/**
+* Execute the DKG participant finalize command.
+*
+* Responds to the finalize request from the coordinator, runs FROST DKG part3
+* to generate the final key package, and posts the response back.
+*
+* Port of `CommandArgs::exec()` from cmd/dkg/participant/finalize.rs lines 52-341.
+*/
+async function finalize(_client, options, cwd) {
+	if (options.storageSelection === void 0) throw new Error("Hubert storage is required for finalize respond");
+	const registryPath = require_registry_index.resolveRegistryPath(options.registryPath, cwd);
+	const registry = require_registry_index.Registry.load(registryPath);
+	const owner = registry.owner();
+	if (owner === void 0) throw new Error("Registry owner is required");
+	const groupId = require_common.parseAridUr(options.groupId);
+	const groupRecord = registry.group(groupId);
+	if (groupRecord === void 0) throw new Error("Group not found in registry");
+	const listeningAtArid = groupRecord.listeningAtArid();
+	if (listeningAtArid === void 0) throw new Error("No listening ARID for this group. Did you receive finalize send?");
+	const round2State = loadRound2State(registryPath, groupId);
+	if (require_common.isVerbose() || options.verbose === true) console.error("Fetching finalize request from Hubert...");
+	const client = await require_registry.createStorageClient(options.storageSelection);
+	const requestEnvelope = await require_busy.getWithIndicator(client, listeningAtArid, "Finalize request", options.timeoutSeconds, options.verbose ?? false);
+	if (requestEnvelope === null || requestEnvelope === void 0) throw new Error("Finalize request not found in Hubert storage");
+	const ownerPrivateKeys = owner.xidDocument().inceptionPrivateKeys();
+	if (ownerPrivateKeys === void 0) throw new Error("Owner XID document has no private keys");
+	const now = _bcts_dcbor.CborDate.now().datetime();
+	const sealedRequest = _bcts_gstp.SealedRequest.tryFromEnvelope(requestEnvelope, void 0, now, ownerPrivateKeys);
+	const responseArid = validateFinalizeRequest(sealedRequest, groupId, groupRecord.coordinator().xid());
+	const sortedXids = groupRecord.participants().map((p) => p.xid());
+	const ownerUrString = owner.xid().urString();
+	if (!sortedXids.some((xid) => xid.urString() === ownerUrString)) sortedXids.push(owner.xid());
+	sortedXids.sort((a, b) => require_proposed_participant.compareXidBytes(a.toData(), b.toData()));
+	const deduped = [];
+	for (const xid of sortedXids) if (deduped.length === 0 || deduped[deduped.length - 1].urString() !== xid.urString()) deduped.push(xid);
+	const xidToIdentifier = /* @__PURE__ */ new Map();
+	for (let i = 0; i < deduped.length; i++) {
+		const identifier = require_frost_index.identifierFromU16(i + 1);
+		xidToIdentifier.set(deduped[i].urString(), identifier);
+	}
+	const round1PackagesById = /* @__PURE__ */ new Map();
+	for (const [xidStr, pkg] of round2State.round1Packages) {
+		if (xidStr === ownerUrString) continue;
+		const identifier = xidToIdentifier.get(xidStr);
+		if (identifier === void 0) throw new Error(`Unknown participant XID ${xidStr}`);
+		round1PackagesById.set(require_frost_index.identifierToHex(identifier), pkg);
+	}
+	const round2PackagesById = extractFinalizePackages(sealedRequest, groupRecord, owner.xid());
+	if (require_common.isVerbose() || options.verbose === true) console.error(`Received ${round2PackagesById.size} Round 2 packages. Running DKG part3...`);
+	const [keyPackage, publicKeyPackage] = await require_frost_index.dkgPart3(round2State.secretPackage, round1PackagesById, round2PackagesById);
+	const verifyingKeyBytes = publicKeyPackage.verifyingKey;
+	const groupVerifyingKey = require_common.signingKeyFromVerifying(verifyingKeyBytes);
+	if (require_common.isVerbose() || options.verbose === true) console.error("Generated key package and public key package.");
+	const { keyPackagePath, publicKeyPackagePath } = persistFinalizeState(registryPath, groupId, keyPackage, publicKeyPackage);
+	const responseBody = buildResponseBody(groupId, owner.xid(), keyPackage, publicKeyPackage);
+	const signerPrivateKeys = owner.xidDocument().inceptionPrivateKeys();
+	if (signerPrivateKeys === void 0) throw new Error("Owner XID document has no signing keys");
+	const coordinatorXid = groupRecord.coordinator().xid();
+	const coordinatorRecord = registry.participant(coordinatorXid);
+	let coordinatorDoc;
+	if (coordinatorRecord !== void 0) coordinatorDoc = coordinatorRecord.xidDocument();
+	else if (owner.xid().urString() === coordinatorXid.urString()) coordinatorDoc = owner.xidDocument();
+	else throw new Error(`Coordinator ${coordinatorXid.urString()} not found in registry`);
+	const peerContinuation = sealedRequest.peerContinuation();
+	let sealed = _bcts_gstp.SealedResponse.newSuccess(sealedRequest.id(), owner.xidDocument()).withResult(responseBody);
+	if (peerContinuation !== void 0) sealed = sealed.withPeerContinuation(peerContinuation);
+	if (options.preview === true) {
+		if (require_common.isVerbose() || options.verbose === true) {
+			const verifyingKeyWithUrString = groupVerifyingKey;
+			if (typeof verifyingKeyWithUrString.urString === "function") console.error(verifyingKeyWithUrString.urString());
+		}
+		const unsealedEnvelope = sealed.toEnvelope(void 0, signerPrivateKeys, void 0);
+		console.log(unsealedEnvelope.urString());
+		return {
+			verifyingKey: require_frost_index.bytesToHex(verifyingKeyBytes),
+			keyPackagePath,
+			publicKeyPackagePath
+		};
+	}
+	await require_busy.putWithIndicator(client, responseArid, sealed.toEnvelope(void 0, signerPrivateKeys, coordinatorDoc), "Finalize Response", options.verbose ?? false);
+	const updatedGroupRecord = registry.group(groupId);
+	if (updatedGroupRecord !== void 0) {
+		const contributions = updatedGroupRecord.contributions();
+		contributions.keyPackage = keyPackagePath;
+		updatedGroupRecord.setContributions(contributions);
+		updatedGroupRecord.clearListeningAtArid();
+		const recordWithVerifyingKey = updatedGroupRecord;
+		if (typeof recordWithVerifyingKey.setVerifyingKey === "function") recordWithVerifyingKey.setVerifyingKey(groupVerifyingKey);
+		registry.save(registryPath);
+	}
+	const verifyingKeyHex = require_frost_index.bytesToHex(verifyingKeyBytes);
+	if (require_common.isVerbose() || options.verbose === true) {
+		console.error(`Posted finalize response to ${responseArid.urString()}`);
+		const verifyingKeyWithUrString = groupVerifyingKey;
+		if (typeof verifyingKeyWithUrString.urString === "function") console.error(verifyingKeyWithUrString.urString());
+	} else {
+		const verifyingKeyWithUrString = groupVerifyingKey;
+		if (typeof verifyingKeyWithUrString.urString === "function") console.log(verifyingKeyWithUrString.urString());
+	}
+	return {
+		verifyingKey: verifyingKeyHex,
+		keyPackagePath,
+		publicKeyPackagePath
+	};
+}
+//#endregion
+Object.defineProperty(exports, "finalize", {
+	enumerable: true,
+	get: function() {
+		return finalize;
+	}
+});
+Object.defineProperty(exports, "finalize_exports", {
+	enumerable: true,
+	get: function() {
+		return finalize_exports;
+	}
+});
+//# sourceMappingURL=finalize-DQ0VGUHO.cjs.map