@bcts/gstp 1.0.0-alpha.23 → 1.0.0-beta.0

package/src/continuation.ts

@@ -9,11 +9,28 @@
  * eliminating the need for local state storage and enhancing security
  * for devices with limited storage or requiring distributed state management.
  *
- * Ported from gstp-rust/src/continuation.rs
+ * Ported from gstp-rust/src/continuation.rs.
+ *
+ * Wire shape — mirrors Rust:
+ * ```
+ * {
+ *     <state envelope>
+ * } [
+ *     'id': ARID(...)
+ *     'validUntil': Date(...)        ← CBOR tag 1, not ISO 8601 text
+ * ]
+ * ```
+ *
+ * The `state` envelope is **wrapped** before assertions are attached,
+ * matching Rust `self.state.wrap().add_optional_assertion(...)`. The
+ * earlier port attached the assertions directly to the un-wrapped state,
+ * producing a different digest tree.
  */
 
 import { ARID, type Encrypter, type PrivateKeys } from "@bcts/components";
 import { Envelope, type EnvelopeEncodableValue } from "@bcts/envelope";
+import { CborDate } from "@bcts/dcbor";
+import type { Cbor } from "@bcts/dcbor";
 import { ID, VALID_UNTIL } from "@bcts/known-values";
 import { GstpError } from "./error";
 
@@ -132,8 +149,10 @@ export class Continuation {
   /**
    * Checks if the continuation is valid at the given time.
    *
-   * If no valid_until is set, always returns true.
-   * If no time is provided, always returns true.
+   * Mirrors Rust `is_valid_date(now)`: at the exact `valid_until`
+   * instant, the continuation is **expired** (returns `false`). The
+   * earlier port used `<=` here, which differed from Rust by one
+   * millisecond at the boundary.
    *
    * @param now - The time to check against, or undefined to skip time validation
    * @returns true if the continuation is valid at the given time
@@ -145,7 +164,8 @@ export class Continuation {
     if (now === undefined) {
       return true;
     }
-    return now.getTime() <= this._validUntil.getTime();
+    // Strict `<` mirrors Rust `valid_until > now`.
+    return now.getTime() < this._validUntil.getTime();
   }
 
   /**
@@ -181,25 +201,33 @@ export class Continuation {
   /**
    * Converts the continuation to an envelope.
    *
-   * If a recipient is provided, the envelope is encrypted to that recipient.
+   * Mirrors Rust `Continuation::to_envelope`:
+   *
+   * ```rust
+   * self.state.wrap()
+   *     .add_optional_assertion(ID, self.valid_id)
+   *     .add_optional_assertion(VALID_UNTIL, self.valid_until)
+   * ```
+   *
+   * The state is wrapped first; the optional assertions then live on
+   * the wrap node. `valid_until` is encoded as a CBOR-tagged Date
+   * (tag 1) — never as a plain ISO 8601 string.
    *
    * @param recipient - Optional recipient to encrypt the envelope to
    * @returns The continuation as an envelope
    */
   toEnvelope(recipient?: Encrypter): Envelope {
-    let envelope = this._state;
+    let envelope = this._state.wrap();
 
-    // Add ID assertion if set
     if (this._validId !== undefined) {
       envelope = envelope.addAssertion(ID, this._validId);
     }
 
-    // Add valid_until assertion if set
     if (this._validUntil !== undefined) {
-      envelope = envelope.addAssertion(VALID_UNTIL, this._validUntil.toISOString());
+      // Pass a tagged-CBOR Date; mirrors Rust `Date → CBOR` (tag 1).
+      envelope = envelope.addAssertion(VALID_UNTIL, CborDate.fromDatetime(this._validUntil));
     }
 
-    // Encrypt to recipient if provided
     if (recipient !== undefined) {
       envelope = envelope.encryptToRecipients([recipient]);
     }
@@ -210,6 +238,14 @@ export class Continuation {
   /**
    * Parses a continuation from an envelope.
    *
+   * Mirrors Rust `Continuation::try_from_envelope`:
+   *
+   * ```rust
+   * state: envelope.try_unwrap()?,                                     // unwrap
+   * valid_id: envelope.extract_optional_object_for_predicate(ID)?,
+   * valid_until: envelope.extract_optional_object_for_predicate(VALID_UNTIL)?,
+   * ```
+   *
    * @param encryptedEnvelope - The envelope to parse
    * @param expectedId - Optional ID to validate against
    * @param now - Optional time to validate against
@@ -223,8 +259,15 @@ export class Continuation {
     now?: Date,
     recipient?: PrivateKeys,
   ): Continuation {
-    // Decrypt if recipient is provided
-    let envelope = encryptedEnvelope;
+    type EnvelopeExt = Envelope & {
+      decryptToRecipient(p: PrivateKeys): Envelope;
+      tryUnwrap(): Envelope;
+      objectForPredicate(p: unknown): Envelope;
+      optionalObjectForPredicate(p: unknown): Envelope | undefined;
+      asLeaf(): Cbor | undefined;
+    };
+
+    let envelope = encryptedEnvelope as EnvelopeExt;
     if (recipient !== undefined) {
       try {
         envelope = encryptedEnvelope.decryptToRecipient(recipient);
@@ -233,47 +276,49 @@ export class Continuation {
       }
     }
 
-    // Extract the state (the subject of the envelope)
-    const state = envelope.subject();
+    // Mirrors Rust `envelope.try_unwrap()?` — peel off the
+    // `state.wrap()` introduced in `to_envelope`.
+    let state: Envelope;
+    try {
+      state = envelope.tryUnwrap();
+    } catch (e) {
+      throw GstpError.envelope(e instanceof Error ? e : new Error(String(e)));
+    }
 
-    // Extract optional ID
     let validId: ARID | undefined;
-    try {
-      const idObj = envelope.objectForPredicate(ID);
-      if (idObj !== undefined) {
-        // The ID is stored as a leaf envelope containing the ARID's tagged CBOR
-        const leafCbor = idObj.asLeaf();
-        if (leafCbor !== undefined) {
-          validId = ARID.fromTaggedCborData(leafCbor.toData());
+    const idObj = envelope.optionalObjectForPredicate(ID) as EnvelopeExt | undefined;
+    if (idObj !== undefined) {
+      const leafCbor = idObj.asLeaf();
+      if (leafCbor !== undefined) {
+        try {
+          validId = ARID.fromTaggedCbor(leafCbor);
+        } catch (e) {
+          throw GstpError.envelope(e instanceof Error ? e : new Error(String(e)));
         }
       }
-    } catch {
-      // ID is optional
     }
 
-    // Extract optional valid_until
     let validUntil: Date | undefined;
-    try {
-      const validUntilObj = envelope.objectForPredicate(VALID_UNTIL);
-      if (validUntilObj !== undefined) {
-        const dateStr = validUntilObj.asText();
-        if (dateStr !== undefined) {
-          validUntil = new Date(dateStr);
+    const validUntilObj = envelope.optionalObjectForPredicate(VALID_UNTIL) as
+      | EnvelopeExt
+      | undefined;
+    if (validUntilObj !== undefined) {
+      const leafCbor = validUntilObj.asLeaf();
+      if (leafCbor !== undefined) {
+        try {
+          validUntil = CborDate.fromTaggedCbor(leafCbor).datetime();
+        } catch (e) {
+          throw GstpError.envelope(e instanceof Error ? e : new Error(String(e)));
         }
       }
-    } catch {
-      // valid_until is optional
     }
 
-    // Create the continuation
     const continuation = new Continuation(state, validId, validUntil);
 
-    // Validate date
     if (!continuation.isValidDate(now)) {
       throw GstpError.continuationExpired();
     }
 
-    // Validate ID
     if (!continuation.isValidId(expectedId)) {
       throw GstpError.continuationIdInvalid();
     }
@@ -290,12 +335,10 @@ export class Continuation {
    * @returns true if the continuations are equal
    */
   equals(other: Continuation): boolean {
-    // Compare state envelopes by their digests
     if (!this._state.digest().equals(other._state.digest())) {
       return false;
     }
 
-    // Compare IDs
     if (this._validId === undefined && other._validId === undefined) {
       // Both undefined, equal
     } else if (this._validId !== undefined && other._validId !== undefined) {
@@ -303,11 +346,9 @@ export class Continuation {
         return false;
       }
     } else {
-      // One is undefined, one is not
       return false;
     }
 
-    // Compare valid_until
     if (this._validUntil === undefined && other._validUntil === undefined) {
       // Both undefined, equal
     } else if (this._validUntil !== undefined && other._validUntil !== undefined) {
@@ -315,7 +356,6 @@ export class Continuation {
         return false;
       }
     } else {
-      // One is undefined, one is not
       return false;
     }
 

package/src/sealed-event.ts

@@ -287,9 +287,12 @@ export class SealedEvent<T extends EnvelopeEncodableValue> implements SealedEven
     signer?: Signer,
     recipients?: XIDDocument[],
   ): Envelope {
-    // Get sender's encryption key (from inception key)
-    const senderInceptionKey = this._sender.inceptionKey();
-    const senderEncryptionKey = senderInceptionKey?.publicKeys()?.encapsulationPublicKey();
+    // Mirrors Rust `self.sender.encryption_key()` — uses the
+    // inception key's encapsulation public key when available, falls
+    // back to the first key in the document's key set. Eagerly fetched
+    // (matching Rust `sealed_event.rs:247–250`) so the error is raised
+    // even when neither state nor validUntil is present.
+    const senderEncryptionKey = this._sender.encryptionKey();
     if (senderEncryptionKey === undefined) {
       throw GstpError.senderMissingEncryptionKey();
     }
@@ -381,9 +384,9 @@ export class SealedEvent<T extends EnvelopeEncodableValue> implements SealedEven
       throw GstpError.xid(e instanceof Error ? e : new Error(String(e)));
     }
 
-    // Get sender's verification key and verify signature (from inception key)
-    const senderInceptionKey = sender.inceptionKey();
-    const senderVerificationKey = senderInceptionKey?.publicKeys()?.signingPublicKey();
+    // Mirrors Rust `sender.verification_key()` (with first-key
+    // fallback).
+    const senderVerificationKey = sender.verificationKey();
     if (senderVerificationKey === undefined) {
       throw GstpError.senderMissingVerificationKey();
     }

package/src/sealed-request.ts

@@ -11,7 +11,8 @@
  * Ported from gstp-rust/src/sealed_request.rs
  */
 
-import type { ARID, PrivateKeys, Signer } from "@bcts/components";
+import { ARID, type PrivateKeys, type Signer } from "@bcts/components";
+import { CborDate, type Cbor } from "@bcts/dcbor";
 import {
   Envelope,
   Request,
@@ -25,6 +26,45 @@ import { XIDDocument } from "@bcts/xid";
 import { Continuation } from "./continuation";
 import { GstpError } from "./error";
 
+/**
+ * Decode a CBOR value into a typed JS value.
+ *
+ * Mirrors the type-driven `T: TryFrom<CBOR>` dispatch Rust's
+ * `extract_object_for_parameter` relies on. TS lacks compile-time
+ * trait dispatch, so we hand-roll the most common cases:
+ *  - tag 1 (`Date`) → JS `Date`,
+ *  - tag 40012 (`ARID`) → `ARID`,
+ *  - integer / text / bool / number / byte-string primitives,
+ *  - everything else → the raw `Cbor` value.
+ *
+ * Callers needing other typed extraction should use
+ * `objectForParameter()` directly and decode the envelope themselves.
+ */
+function extractCborAsT<T>(cbor: Cbor): T {
+  const tagged = cbor.asTagged();
+  if (tagged !== undefined) {
+    const [tag] = tagged;
+    const tagNumber = Number(tag.value);
+    // Tag 1 — Standard date/time (RFC 8949 §3.4.2). Rust impls
+    // `TryFrom<CBOR> for chrono::DateTime`. We surface the JS
+    // `Date` to mirror what frost-hubert's typed callers expect.
+    if (tagNumber === 1) {
+      return CborDate.fromTaggedCbor(cbor).datetime() as T;
+    }
+    // Tag 40012 — ARID (`bc-tags::TAG_ARID`). Rust impls
+    // `TryFrom<CBOR> for ARID`.
+    if (tagNumber === 40012) {
+      return ARID.fromTaggedCbor(cbor) as T;
+    }
+  }
+  if (cbor.isInteger()) return cbor.toInteger() as T;
+  if (cbor.isText()) return cbor.toText() as T;
+  if (cbor.isBool()) return cbor.toBool() as T;
+  if (cbor.isNumber()) return cbor.toNumber() as T;
+  if (cbor.isByteString()) return cbor.toByteString() as T;
+  return cbor as T;
+}
+
 /**
  * Interface that defines the behavior of a sealed request.
  *
@@ -188,29 +228,35 @@ export class SealedRequest implements SealedRequestBehavior {
 
   /**
    * Returns all objects for a parameter.
+   *
+   * Mirrors Rust `SealedRequest::objects_for_parameter` which delegates
+   * to `Expression::objects_for_parameter`. GSTP requests can carry
+   * multiple parameters with the same ID — e.g. a DKG invite has
+   * one `participant` per group member — and a decoder must see
+   * every one of them.
    */
   objectsForParameter(param: ParameterID): Envelope[] {
-    const obj = this._request.body().getParameter(param);
-    return obj !== undefined ? [obj] : [];
+    return this._request.body().objectsForParameter(param);
   }
 
   /**
    * Extracts an object for a parameter as a specific type.
+   *
+   * Mirrors Rust `SealedRequest::extract_object_for_parameter` — Rust
+   * uses a `T: TryFrom<CBOR>` constraint and dispatches to whatever
+   * `From<CBOR> for T` impl is in scope (e.g. tag-1 CBOR decodes to
+   * `chrono::DateTime`, tag-40012 to `ARID`, etc.). TS lacks that
+   * trait dispatch, so we recognise the most common tagged types
+   * (`Date` via tag 1, `ARID` via tag 40012) plus the primitive
+   * fall-through. Callers needing other typed extraction should use
+   * `objectForParameter()` directly and decode the envelope themselves.
    */
   extractObjectForParameter<T>(param: ParameterID): T {
     const envelope = this.objectForParameter(param);
     if (envelope === undefined) {
       throw GstpError.envelope(new Error(`Parameter not found: ${param}`));
     }
-    return envelope.extractSubject((cbor) => {
-      // Extract primitive value from CBOR
-      if (cbor.isInteger()) return cbor.toInteger() as T;
-      if (cbor.isText()) return cbor.toText() as T;
-      if (cbor.isBool()) return cbor.toBool() as T;
-      if (cbor.isNumber()) return cbor.toNumber() as T;
-      if (cbor.isByteString()) return cbor.toByteString() as T;
-      return cbor as T;
-    });
+    return envelope.extractSubject((cbor) => extractCborAsT<T>(cbor));
   }
 
   /**
@@ -221,15 +267,7 @@ export class SealedRequest implements SealedRequestBehavior {
     if (envelope === undefined) {
       return undefined;
     }
-    return envelope.extractSubject((cbor) => {
-      // Extract primitive value from CBOR
-      if (cbor.isInteger()) return cbor.toInteger() as T;
-      if (cbor.isText()) return cbor.toText() as T;
-      if (cbor.isBool()) return cbor.toBool() as T;
-      if (cbor.isNumber()) return cbor.toNumber() as T;
-      if (cbor.isByteString()) return cbor.toByteString() as T;
-      return cbor as T;
-    });
+    return envelope.extractSubject((cbor) => extractCborAsT<T>(cbor));
   }
 
   /**
@@ -404,9 +442,12 @@ export class SealedRequest implements SealedRequestBehavior {
     const stateEnvelope = this._state ?? Envelope.new(null);
     const continuation = new Continuation(stateEnvelope, this.id(), validUntil);
 
-    // Get sender's encryption key (from inception key)
-    const senderInceptionKey = this._sender.inceptionKey();
-    const senderEncryptionKey = senderInceptionKey?.publicKeys()?.encapsulationPublicKey();
+    // Mirrors Rust `self.sender.encryption_key()` which prefers the
+    // inception key's encapsulation public key but falls back to the
+    // first key in the document's key set. The earlier port called
+    // `inceptionKey()?.publicKeys()?.encapsulationPublicKey()` directly
+    // and skipped that fallback.
+    const senderEncryptionKey = this._sender.encryptionKey();
     if (senderEncryptionKey === undefined) {
       throw GstpError.senderMissingEncryptionKey();
     }
@@ -485,9 +526,10 @@ export class SealedRequest implements SealedRequestBehavior {
       throw GstpError.xid(e instanceof Error ? e : new Error(String(e)));
     }
 
-    // Get sender's verification key and verify signature (from inception key)
-    const senderInceptionKey = sender.inceptionKey();
-    const senderVerificationKey = senderInceptionKey?.publicKeys()?.signingPublicKey();
+    // Mirrors Rust `sender.verification_key()` (with first-key
+    // fallback). The earlier port read the inception signing key
+    // directly and skipped that fallback.
+    const senderVerificationKey = sender.verificationKey();
     if (senderVerificationKey === undefined) {
       throw GstpError.senderMissingVerificationKey();
     }

package/src/sealed-response.ts

@@ -325,9 +325,10 @@ export class SealedResponse implements SealedResponseBehavior {
     if (this._state !== undefined) {
       const continuation = new Continuation(this._state, undefined, validUntil);
 
-      // Get sender's encryption key (from inception key)
-      const senderInceptionKey = this._sender.inceptionKey();
-      const senderEncryptionKey = senderInceptionKey?.publicKeys()?.encapsulationPublicKey();
+      // Mirrors Rust `self.sender.encryption_key()` — uses the
+      // inception key's encapsulation public key when available, falls
+      // back to the first key in the document's key set.
+      const senderEncryptionKey = this._sender.encryptionKey();
       if (senderEncryptionKey === undefined) {
         throw GstpError.senderMissingEncryptionKey();
       }
@@ -408,9 +409,9 @@ export class SealedResponse implements SealedResponseBehavior {
       throw GstpError.xid(e instanceof Error ? e : new Error(String(e)));
     }
 
-    // Get sender's verification key and verify signature (from inception key)
-    const senderInceptionKey = sender.inceptionKey();
-    const senderVerificationKey = senderInceptionKey?.publicKeys()?.signingPublicKey();
+    // Mirrors Rust `sender.verification_key()` (with first-key
+    // fallback).
+    const senderVerificationKey = sender.verificationKey();
     if (senderVerificationKey === undefined) {
       throw GstpError.senderMissingVerificationKey();
     }