@cello-protocol/daemon 0.0.3 → 0.0.5

package/dist/manifest-loader.js

@@ -0,0 +1,70 @@
+/**
+ * M7-MANIFEST-002 — FileManifestProvider: production IManifestProvider implementation.
+ *
+ * Reads the bundled consortium-manifest.json from the package root, parses it,
+ * verifies the threshold signatures, and caches the result for subsequent calls
+ * to getCurrentManifest().
+ *
+ * Tests use TestManifestProvider (from @cello-protocol/transport) which
+ * takes a pre-built ConsortiumManifest and skips file read and signature verification.
+ *
+ * Crypto reference: RFC 8032 (Ed25519 threshold signature verification via verifyManifest).
+ */
+import { readFile } from "node:fs/promises";
+import { join, dirname } from "node:path";
+import { fileURLToPath } from "node:url";
+import { verifyManifest } from "@cello-protocol/crypto";
+/**
+ * FileManifestProvider — reads consortium-manifest.json from the package root.
+ *
+ * Pseudocode:
+ *   loadAndVerify(rootKeys, threshold):
+ *     1. Read consortium-manifest.json from the package root (same directory as this file).
+ *     2. Parse as JSON — throw on parse failure.
+ *     3. Call verifyManifest(parsed, rootKeys, threshold) — RFC 8032 Ed25519 threshold check.
+ *     4. If ok: cache the manifest, return it.
+ *     5. If not ok: throw Error with reason from verifyManifest diagnostics.
+ */
+export class FileManifestProvider {
+    #manifestPath;
+    #cachedManifest = null;
+    constructor(manifestPath) {
+        // Default: consortium-manifest.json in the same directory as this file
+        this.#manifestPath = manifestPath ?? join(dirname(fileURLToPath(import.meta.url)), "consortium-manifest.json");
+    }
+    async loadAndVerify(rootKeys, threshold) {
+        // Step 1: read the manifest file
+        let raw;
+        try {
+            raw = await readFile(this.#manifestPath, "utf-8");
+        }
+        catch (err) {
+            throw new Error(`manifest_file_unreadable: cannot read ${this.#manifestPath}: ${err instanceof Error ? err.message : String(err)}`);
+        }
+        // Step 2: parse JSON
+        let parsed;
+        try {
+            parsed = JSON.parse(raw);
+        }
+        catch (err) {
+            throw new Error(`manifest_parse_failed: ${err instanceof Error ? err.message : String(err)}`);
+        }
+        // Cast to ConsortiumManifestInput for verifyManifest (uses indexed record type)
+        const manifest = parsed;
+        // Step 3: verify threshold signatures (RFC 8032)
+        const result = verifyManifest(manifest, rootKeys, threshold);
+        if (!result.ok) {
+            throw new Error(`${result.reason}: ${result.detail} (threshold=${result.diagnostics.threshold}, valid=${result.diagnostics.validOfficers.length})`);
+        }
+        // Step 4: cache and return (cast back to ConsortiumManifest for consumers)
+        this.#cachedManifest = manifest;
+        return this.#cachedManifest;
+    }
+    getCurrentManifest() {
+        return this.#cachedManifest;
+    }
+    updateManifest(manifest) {
+        this.#cachedManifest = manifest;
+    }
+}
+//# sourceMappingURL=manifest-loader.js.map

package/dist/manifest-loader.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"manifest-loader.js","sourceRoot":"","sources":["../src/manifest-loader.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAKxD;;;;;;;;;;GAUG;AACH,MAAM,OAAO,oBAAoB;IACtB,aAAa,CAAS;IAC/B,eAAe,GAA8B,IAAI,CAAC;IAElD,YAAY,YAAqB;QAC/B,uEAAuE;QACvE,IAAI,CAAC,aAAa,GAAG,YAAY,IAAI,IAAI,CACvC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EACvC,0BAA0B,CAC3B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,QAA2B,EAAE,SAAiB;QAChE,iCAAiC;QACjC,IAAI,GAAW,CAAC;QAChB,IAAI,CAAC;YACH,GAAG,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACpD,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CACb,yCAAyC,IAAI,CAAC,aAAa,KAAK,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CACnH,CAAC;QACJ,CAAC;QAED,qBAAqB;QACrB,IAAI,MAAe,CAAC;QACpB,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC3B,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,0BAA0B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChG,CAAC;QAED,gFAAgF;QAChF,MAAM,QAAQ,GAAG,MAAiC,CAAC;QAEnD,iDAAiD;QACjD,MAAM,MAAM,GAAG,cAAc,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;QAC7D,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CACb,GAAG,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,eAAe,MAAM,CAAC,WAAW,CAAC,SAAS,WAAW,MAAM,CAAC,WAAW,CAAC,aAAa,CAAC,MAAM,GAAG,CACnI,CAAC;QACJ,CAAC;QAED,2EAA2E;QAC3E,IAAI,CAAC,eAAe,GAAG,QAAyC,CAAC;QACjE,OAAO,IAAI,CAAC,eAAe,CAAC;IAC9B,CAAC;IAED,kBAAkB;QAChB,OAAO,IAAI,CAAC,eAAe,CAAC;IAC9B,CAAC;IAED,cAAc,CAAC,QAA4B;QACzC,IAAI,CAAC,eAAe,GAAG,QAAQ,CAAC;IAClC,CAAC;CACF"}

package/dist/manifest-poll-scheduler.d.ts

@@ -0,0 +1,31 @@
+/**
+ * M7-MANIFEST-002 — Manifest poll scheduler implementations.
+ *
+ * IManifestPollScheduler schedules the background manifest poll that keeps the
+ * in-memory manifest current over long-lived daemon sessions.
+ *
+ * RandomizedPollScheduler: production implementation — fires after a random delay
+ * in the 6-12 hour window (prevents thundering-herd against the directory).
+ *
+ * ImmediatePollScheduler: test stub — fires once with a configurable delay (0ms default).
+ * Exported from @cello-protocol/transport.
+ */
+import type { IManifestPollScheduler } from "@cello-protocol/transport";
+export { ImmediatePollScheduler } from "@cello-protocol/transport";
+export type { IManifestPollScheduler };
+/**
+ * RandomizedPollScheduler — fires after a random interval between 6 and 12 hours.
+ *
+ * The randomization window prevents thundering-herd scenarios where many agents
+ * all poll simultaneously. Each agent picks an independent random delay.
+ */
+export declare class RandomizedPollScheduler implements IManifestPollScheduler {
+    #private;
+    constructor(opts?: {
+        minMs?: number;
+        maxMs?: number;
+    });
+    scheduleNext(callbackFn: () => Promise<void>): void;
+    cancel(): void;
+}
+//# sourceMappingURL=manifest-poll-scheduler.d.ts.map

package/dist/manifest-poll-scheduler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"manifest-poll-scheduler.d.ts","sourceRoot":"","sources":["../src/manifest-poll-scheduler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AAGxE,OAAO,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AACnE,YAAY,EAAE,sBAAsB,EAAE,CAAC;AAOvC;;;;;GAKG;AACH,qBAAa,uBAAwB,YAAW,sBAAsB;;gBAMxD,IAAI,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE;IAKrD,YAAY,CAAC,UAAU,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI;IAkBnD,MAAM,IAAI,IAAI;CAOf"}

package/dist/manifest-poll-scheduler.js

@@ -0,0 +1,59 @@
+/**
+ * M7-MANIFEST-002 — Manifest poll scheduler implementations.
+ *
+ * IManifestPollScheduler schedules the background manifest poll that keeps the
+ * in-memory manifest current over long-lived daemon sessions.
+ *
+ * RandomizedPollScheduler: production implementation — fires after a random delay
+ * in the 6-12 hour window (prevents thundering-herd against the directory).
+ *
+ * ImmediatePollScheduler: test stub — fires once with a configurable delay (0ms default).
+ * Exported from @cello-protocol/transport.
+ */
+// Re-export the test stub for convenience
+export { ImmediatePollScheduler } from "@cello-protocol/transport";
+// ─── RandomizedPollScheduler (production) ─────────────────────────────────────
+const POLL_MIN_MS = 6 * 60 * 60 * 1000; // 6 hours
+const POLL_MAX_MS = 12 * 60 * 60 * 1000; // 12 hours
+/**
+ * RandomizedPollScheduler — fires after a random interval between 6 and 12 hours.
+ *
+ * The randomization window prevents thundering-herd scenarios where many agents
+ * all poll simultaneously. Each agent picks an independent random delay.
+ */
+export class RandomizedPollScheduler {
+    #timer = null;
+    #cancelled = false;
+    #minMs;
+    #maxMs;
+    constructor(opts) {
+        this.#minMs = opts?.minMs ?? POLL_MIN_MS;
+        this.#maxMs = opts?.maxMs ?? POLL_MAX_MS;
+    }
+    scheduleNext(callbackFn) {
+        this.cancel();
+        // ADV-003: Reset cancelled flag when scheduling a new callback (cancel() sets it).
+        // If cancel() was called to clear a previous timer before scheduling the next one,
+        // the flag must be reset so the new callback can fire.
+        this.#cancelled = false;
+        const delay = this.#minMs + Math.random() * (this.#maxMs - this.#minMs);
+        this.#timer = setTimeout(() => {
+            this.#timer = null;
+            // ADV-003: Check cancelled flag at callback entry point. If cancel() was called
+            // between timer fire and callback execution, do not run the callback.
+            if (this.#cancelled)
+                return;
+            callbackFn().catch(() => {
+                // Poll errors are logged by the caller; scheduling errors don't crash the daemon
+            });
+        }, delay);
+    }
+    cancel() {
+        this.#cancelled = true;
+        if (this.#timer !== null) {
+            clearTimeout(this.#timer);
+            this.#timer = null;
+        }
+    }
+}
+//# sourceMappingURL=manifest-poll-scheduler.js.map

package/dist/manifest-poll-scheduler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"manifest-poll-scheduler.js","sourceRoot":"","sources":["../src/manifest-poll-scheduler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH,0CAA0C;AAC1C,OAAO,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AAGnE,iFAAiF;AAEjF,MAAM,WAAW,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAE,UAAU;AACnD,MAAM,WAAW,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW;AAEpD;;;;;GAKG;AACH,MAAM,OAAO,uBAAuB;IAClC,MAAM,GAAyC,IAAI,CAAC;IACpD,UAAU,GAAG,KAAK,CAAC;IACV,MAAM,CAAS;IACf,MAAM,CAAS;IAExB,YAAY,IAAyC;QACnD,IAAI,CAAC,MAAM,GAAG,IAAI,EAAE,KAAK,IAAI,WAAW,CAAC;QACzC,IAAI,CAAC,MAAM,GAAG,IAAI,EAAE,KAAK,IAAI,WAAW,CAAC;IAC3C,CAAC;IAED,YAAY,CAAC,UAA+B;QAC1C,IAAI,CAAC,MAAM,EAAE,CAAC;QACd,mFAAmF;QACnF,mFAAmF;QACnF,uDAAuD;QACvD,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC;QACxB,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;QACxE,IAAI,CAAC,MAAM,GAAG,UAAU,CAAC,GAAG,EAAE;YAC5B,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;YACnB,gFAAgF;YAChF,sEAAsE;YACtE,IAAI,IAAI,CAAC,UAAU;gBAAE,OAAO;YAC5B,UAAU,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE;gBACtB,iFAAiF;YACnF,CAAC,CAAC,CAAC;QACL,CAAC,EAAE,KAAK,CAAC,CAAC;IACZ,CAAC;IAED,MAAM;QACJ,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;QACvB,IAAI,IAAI,CAAC,MAAM,KAAK,IAAI,EAAE,CAAC;YACzB,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAC1B,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACrB,CAAC;IACH,CAAC;CACF"}

package/dist/manifest-version-store-file.d.ts

@@ -0,0 +1,18 @@
+/**
+ * FileManifestVersionStore — file-backed IManifestVersionStore.
+ *
+ * Persists the last-seen manifest version to a JSON file on disk, enabling
+ * version monotonicity enforcement across daemon restarts.
+ *
+ * Crypto reference: RFC 8032 (this module stores the manifest version number
+ * that backs the monotonicity invariant; the version itself is not cryptographic,
+ * but its correct persistence is load-bearing for anti-rollback security).
+ */
+import type { IManifestVersionStore } from "@cello-protocol/transport";
+export declare class FileManifestVersionStore implements IManifestVersionStore {
+    #private;
+    constructor(filePath: string);
+    getLastSeenVersion(): Promise<number | null>;
+    persistVersion(version: number): Promise<void>;
+}
+//# sourceMappingURL=manifest-version-store-file.d.ts.map

package/dist/manifest-version-store-file.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"manifest-version-store-file.d.ts","sourceRoot":"","sources":["../src/manifest-version-store-file.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAIH,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAMvE,qBAAa,wBAAyB,YAAW,qBAAqB;;gBAGxD,QAAQ,EAAE,MAAM;IAItB,kBAAkB,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAU5C,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAWrD"}

package/dist/manifest-version-store-file.js

@@ -0,0 +1,40 @@
+/**
+ * FileManifestVersionStore — file-backed IManifestVersionStore.
+ *
+ * Persists the last-seen manifest version to a JSON file on disk, enabling
+ * version monotonicity enforcement across daemon restarts.
+ *
+ * Crypto reference: RFC 8032 (this module stores the manifest version number
+ * that backs the monotonicity invariant; the version itself is not cryptographic,
+ * but its correct persistence is load-bearing for anti-rollback security).
+ */
+import { readFile, writeFile, rename, mkdir } from "node:fs/promises";
+import { dirname } from "node:path";
+export class FileManifestVersionStore {
+    #filePath;
+    constructor(filePath) {
+        this.#filePath = filePath;
+    }
+    async getLastSeenVersion() {
+        try {
+            const raw = await readFile(this.#filePath, "utf-8");
+            const parsed = JSON.parse(raw);
+            return typeof parsed.lastSeenVersion === "number" ? parsed.lastSeenVersion : null;
+        }
+        catch {
+            return null;
+        }
+    }
+    async persistVersion(version) {
+        await mkdir(dirname(this.#filePath), { recursive: true });
+        const content = { lastSeenVersion: version };
+        // ADV-005: Atomic write using write-to-temp-then-rename pattern.
+        // rename() is atomic on POSIX (same filesystem). This prevents a crash
+        // during write from corrupting the version file and resetting the
+        // monotonicity check (which would enable a rollback attack on next start).
+        const tmpPath = this.#filePath + ".tmp";
+        await writeFile(tmpPath, JSON.stringify(content), "utf-8");
+        await rename(tmpPath, this.#filePath);
+    }
+}
+//# sourceMappingURL=manifest-version-store-file.js.map

package/dist/manifest-version-store-file.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"manifest-version-store-file.js","sourceRoot":"","sources":["../src/manifest-version-store-file.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACtE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAOpC,MAAM,OAAO,wBAAwB;IAC1B,SAAS,CAAS;IAE3B,YAAY,QAAgB;QAC1B,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;IAC5B,CAAC;IAED,KAAK,CAAC,kBAAkB;QACtB,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YACpD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAqB,CAAC;YACnD,OAAO,OAAO,MAAM,CAAC,eAAe,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC;QACpF,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,OAAe;QAClC,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1D,MAAM,OAAO,GAAqB,EAAE,eAAe,EAAE,OAAO,EAAE,CAAC;QAC/D,iEAAiE;QACjE,uEAAuE;QACvE,kEAAkE;QAClE,2EAA2E;QAC3E,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC;QACxC,MAAM,SAAS,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC,CAAC;QAC3D,MAAM,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IACxC,CAAC;CACF"}

package/dist/manifest-version-store.d.ts

@@ -0,0 +1,14 @@
+/**
+ * M7-MANIFEST-002 — Manifest version store re-exports.
+ *
+ * IManifestVersionStore persists the last-seen manifest version number to enforce
+ * version monotonicity across daemon restarts. A manifest with a lower version
+ * number than the last-seen version is rejected as a potential rollback attack.
+ *
+ * InMemoryManifestVersionStore: stub for tests and initial deployments.
+ * FileManifestVersionStore: file-backed bridge for cross-process persistence (AC-005).
+ */
+import type { IManifestVersionStore } from "@cello-protocol/transport";
+export { InMemoryManifestVersionStore } from "@cello-protocol/transport";
+export type { IManifestVersionStore };
+//# sourceMappingURL=manifest-version-store.d.ts.map

package/dist/manifest-version-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"manifest-version-store.d.ts","sourceRoot":"","sources":["../src/manifest-version-store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAGvE,OAAO,EAAE,4BAA4B,EAAE,MAAM,2BAA2B,CAAC;AAEzE,YAAY,EAAE,qBAAqB,EAAE,CAAC"}

package/dist/manifest-version-store.js

@@ -0,0 +1,13 @@
+/**
+ * M7-MANIFEST-002 — Manifest version store re-exports.
+ *
+ * IManifestVersionStore persists the last-seen manifest version number to enforce
+ * version monotonicity across daemon restarts. A manifest with a lower version
+ * number than the last-seen version is rejected as a potential rollback attack.
+ *
+ * InMemoryManifestVersionStore: stub for tests and initial deployments.
+ * FileManifestVersionStore: file-backed bridge for cross-process persistence (AC-005).
+ */
+// Re-export from transport stubs for convenience
+export { InMemoryManifestVersionStore } from "@cello-protocol/transport";
+//# sourceMappingURL=manifest-version-store.js.map

package/dist/manifest-version-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"manifest-version-store.js","sourceRoot":"","sources":["../src/manifest-version-store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAIH,iDAAiD;AACjD,OAAO,EAAE,4BAA4B,EAAE,MAAM,2BAA2B,CAAC"}

package/dist/network-directory-node.d.ts

@@ -0,0 +1,94 @@
+/**
+ * NetworkDirectoryNode — DirectoryNodeStub backed by a real libp2p connection.
+ *
+ * Implements the DirectoryNodeStub interface by dialing the directory node's
+ * /cello/frost/1.0.0 endpoint. Used in live e2e mode instead of InProcessDirectoryNodeStub.
+ *
+ * Wire protocol (one stream per operation, CBOR + it-length-prefixed):
+ *   frost_bootstrap:      push share material to directory (called from bootstrapKeyShares)
+ *   frost_commit_request: ask directory to generate a nonce commitment
+ *   frost_sign_request:   ask directory to compute a partial signature
+ */
+import { FrostThresholdSigner } from "@cello-protocol/crypto";
+import type { CelloNode } from "@cello-protocol/transport";
+import type { Logger } from "./types.js";
+import type { DirectoryNodeStub, StubCommitment, StubSignParams } from "@cello-protocol/crypto/frost/types.js";
+export declare class NetworkDirectoryNode implements DirectoryNodeStub {
+    #private;
+    readonly id: string;
+    constructor(opts: {
+        id: string;
+        node: CelloNode;
+        directoryPeerId: string;
+        directoryMultiaddrs: string[];
+        logger?: Logger;
+    });
+    isReachable(): boolean;
+    /** Return the FrostPublic from the last receiveShare call. Used by tests to construct signRound params. */
+    getLastPub(): Parameters<DirectoryNodeStub["receiveShare"]>[1] | null;
+    receiveShare(...[secret, pub]: Parameters<DirectoryNodeStub["receiveShare"]>): Promise<void>;
+    generateCommitment(): Promise<StubCommitment>;
+    signRound(params: StubSignParams): Promise<Uint8Array | null>;
+    setBootstrapContext(agentPubkeyHex: string, epochId: string): void;
+    /** Open a /cello/frost/1.0.0 stream to this directory node. Used by DKG coordinator. */
+    openStream(): Promise<import("@libp2p/interface").Stream>;
+}
+/**
+ * Network-aware FROST bootstrap for live e2e mode.
+ *
+ * Runs trustedDealer locally, then pushes each directory node's share over the
+ * /cello/frost/1.0.0 network protocol. Returns a FrostThresholdSigner configured
+ * to use NetworkDirectoryNodes, plus the primaryPubkey.
+ *
+ * NODE_ENV=test guard is kept because this still uses the trustedDealer shortcut.
+ * Real DKG (M3) will replace this entirely.
+ */
+export declare function bootstrapNetworkKeyShares(agentPubkey: Uint8Array, opts: {
+    threshold: number;
+    participants: number;
+    directoryNodes: NetworkDirectoryNode[];
+}): Promise<{
+    signer: FrostThresholdSigner;
+    primaryPubkey: Uint8Array;
+}>;
+/**
+ * Run a real 3-round FROST DKG ceremony with directory nodes over /cello/frost/1.0.0.
+ *
+ * Production path for key establishment. The client acts as DKG coordinator:
+ *   Round 1: All nodes generate their secret polynomials. Client does the same.
+ *   Round 2: Client collects all round1 broadcasts and distributes them to all nodes.
+ *            All nodes compute shares for every other participant.
+ *   Round 3: Client routes round2 shares to recipients and all nodes finalize.
+ *            All nodes return shareCommitment = group public key.
+ *
+ * Validates that all nodes derive the same primary_pubkey before returning.
+ *
+ * After a successful DKG:
+ *   - Each directory node has its FrostSecret stored (via dkgRound3)
+ *   - The client's local share is stored via storeDkgResult
+ *   - Returns a FrostThresholdSigner for future signing ceremonies
+ *
+ * Crypto reference: RFC 9591 (FROST DKG)
+ *
+ * @param agentPubkey - client's Ed25519 K_local public key (32 bytes)
+ * @param opts.threshold - minimum signers required (t in t-of-n)
+ * @param opts.directoryNodes - the n directory nodes (each will hold a share)
+ */
+export declare function runNetworkDkg(agentPubkey: Uint8Array, opts: {
+    threshold: number;
+    participants: number;
+    directoryNodes: NetworkDirectoryNode[];
+    /** OPS-AGENT-001: Pre-authorization token to present in Round 1 frame. */
+    preAuthToken?: string;
+}): Promise<{
+    signer: FrostThresholdSigner;
+    primaryPubkey: Uint8Array;
+    /** PERSIST-024: serializable FROST share data for DB persistence. SI-001: never log signingShare. */
+    signingShare: Uint8Array;
+    identifier: string;
+    commitments: Uint8Array[];
+    verifyingShares: Record<string, Uint8Array>;
+    threshold: number;
+    participants: number;
+}>;
+//# sourceMappingURL=network-directory-node.d.ts.map

package/dist/network-directory-node.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"network-directory-node.d.ts","sourceRoot":"","sources":["../src/network-directory-node.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAIH,OAAO,EAAiB,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAE7E,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AAC3D,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,YAAY,CAAC;AACzC,OAAO,KAAK,EACV,iBAAiB,EACjB,cAAc,EACd,cAAc,EAEf,MAAM,uCAAuC,CAAC;AAqB/C,qBAAa,oBAAqB,YAAW,iBAAiB;;IAC5D,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;gBAcR,IAAI,EAAE;QAChB,EAAE,EAAE,MAAM,CAAC;QACX,IAAI,EAAE,SAAS,CAAC;QAChB,eAAe,EAAE,MAAM,CAAC;QACxB,mBAAmB,EAAE,MAAM,EAAE,CAAC;QAC9B,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB;IAQD,WAAW,IAAI,OAAO;IAMtB,2GAA2G;IAC3G,UAAU,IAAI,UAAU,CAAC,iBAAiB,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI;IAI/D,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,EAAE,UAAU,CAAC,iBAAiB,CAAC,cAAc,CAAC,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;IA+C5F,kBAAkB,IAAI,OAAO,CAAC,cAAc,CAAC;IAiD7C,SAAS,CAAC,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAkDnE,mBAAmB,CAAC,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI;IAKlE,wFAAwF;IAClF,UAAU,IAAI,OAAO,CAAC,OAAO,mBAAmB,EAAE,MAAM,CAAC;CA0BhE;AAoOD;;;;;;;;;GASG;AACH,wBAAsB,yBAAyB,CAC7C,WAAW,EAAE,UAAU,EACvB,IAAI,EAAE;IACJ,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,oBAAoB,EAAE,CAAC;CACxC,GACA,OAAO,CAAC;IAAE,MAAM,EAAE,oBAAoB,CAAC;IAAC,aAAa,EAAE,UAAU,CAAA;CAAE,CAAC,CAgCtE;AAID;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAsB,aAAa,CACjC,WAAW,EAAE,UAAU,EACvB,IAAI,EAAE;IACJ,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,oBAAoB,EAAE,CAAC;IACvC,0EAA0E;IAC1E,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,GACA,OAAO,CAAC;IACT,MAAM,EAAE,oBAAoB,CAAC;IAC7B,aAAa,EAAE,UAAU,CAAC;IAC1B,qGAAqG;IACrG,YAAY,EAAE,UAAU,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,UAAU,EAAE,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IAC5C,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;CACtB,CAAC,CAqKD"}