@did-btcr2/aggregation 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +373 -0
- package/README.md +19 -0
- package/dist/.tsbuildinfo +1 -0
- package/dist/browser.js +24017 -0
- package/dist/browser.mjs +24011 -0
- package/dist/cjs/index.js +5690 -0
- package/dist/cjs/package.json +1 -0
- package/dist/esm/beacon-strategy.js +76 -0
- package/dist/esm/beacon-strategy.js.map +1 -0
- package/dist/esm/cohort.js +316 -0
- package/dist/esm/cohort.js.map +1 -0
- package/dist/esm/conditions.js +102 -0
- package/dist/esm/conditions.js.map +1 -0
- package/dist/esm/errors.js +22 -0
- package/dist/esm/errors.js.map +1 -0
- package/dist/esm/fallback-spend.js +132 -0
- package/dist/esm/fallback-spend.js.map +1 -0
- package/dist/esm/index.js +21 -0
- package/dist/esm/index.js.map +1 -0
- package/dist/esm/logger.js +15 -0
- package/dist/esm/logger.js.map +1 -0
- package/dist/esm/messages/base.js +36 -0
- package/dist/esm/messages/base.js.map +1 -0
- package/dist/esm/messages/bodies.js +149 -0
- package/dist/esm/messages/bodies.js.map +1 -0
- package/dist/esm/messages/constants.js +37 -0
- package/dist/esm/messages/constants.js.map +1 -0
- package/dist/esm/messages/factories.js +139 -0
- package/dist/esm/messages/factories.js.map +1 -0
- package/dist/esm/messages/guards.js +40 -0
- package/dist/esm/messages/guards.js.map +1 -0
- package/dist/esm/messages/index.js +6 -0
- package/dist/esm/messages/index.js.map +1 -0
- package/dist/esm/participant.js +588 -0
- package/dist/esm/participant.js.map +1 -0
- package/dist/esm/phases.js +45 -0
- package/dist/esm/phases.js.map +1 -0
- package/dist/esm/recovery-policy.js +156 -0
- package/dist/esm/recovery-policy.js.map +1 -0
- package/dist/esm/recovery-spend.js +106 -0
- package/dist/esm/recovery-spend.js.map +1 -0
- package/dist/esm/runner/aggregation-runner.js +75 -0
- package/dist/esm/runner/aggregation-runner.js.map +1 -0
- package/dist/esm/runner/events.js +2 -0
- package/dist/esm/runner/events.js.map +1 -0
- package/dist/esm/runner/index.js +6 -0
- package/dist/esm/runner/index.js.map +1 -0
- package/dist/esm/runner/participant-runner.js +407 -0
- package/dist/esm/runner/participant-runner.js.map +1 -0
- package/dist/esm/runner/service-runner.js +701 -0
- package/dist/esm/runner/service-runner.js.map +1 -0
- package/dist/esm/runner/typed-emitter.js +80 -0
- package/dist/esm/runner/typed-emitter.js.map +1 -0
- package/dist/esm/service.js +774 -0
- package/dist/esm/service.js.map +1 -0
- package/dist/esm/signer.js +33 -0
- package/dist/esm/signer.js.map +1 -0
- package/dist/esm/signing-session.js +195 -0
- package/dist/esm/signing-session.js.map +1 -0
- package/dist/esm/transport/didcomm.js +41 -0
- package/dist/esm/transport/didcomm.js.map +1 -0
- package/dist/esm/transport/error.js +12 -0
- package/dist/esm/transport/error.js.map +1 -0
- package/dist/esm/transport/factory.js +29 -0
- package/dist/esm/transport/factory.js.map +1 -0
- package/dist/esm/transport/http/client.js +342 -0
- package/dist/esm/transport/http/client.js.map +1 -0
- package/dist/esm/transport/http/envelope.js +126 -0
- package/dist/esm/transport/http/envelope.js.map +1 -0
- package/dist/esm/transport/http/errors.js +11 -0
- package/dist/esm/transport/http/errors.js.map +1 -0
- package/dist/esm/transport/http/inbox-buffer.js +45 -0
- package/dist/esm/transport/http/inbox-buffer.js.map +1 -0
- package/dist/esm/transport/http/index.js +12 -0
- package/dist/esm/transport/http/index.js.map +1 -0
- package/dist/esm/transport/http/nonce-cache.js +38 -0
- package/dist/esm/transport/http/nonce-cache.js.map +1 -0
- package/dist/esm/transport/http/protocol.js +28 -0
- package/dist/esm/transport/http/protocol.js.map +1 -0
- package/dist/esm/transport/http/rate-limiter.js +45 -0
- package/dist/esm/transport/http/rate-limiter.js.map +1 -0
- package/dist/esm/transport/http/request-auth.js +100 -0
- package/dist/esm/transport/http/request-auth.js.map +1 -0
- package/dist/esm/transport/http/server.js +475 -0
- package/dist/esm/transport/http/server.js.map +1 -0
- package/dist/esm/transport/http/sse-stream.js +110 -0
- package/dist/esm/transport/http/sse-stream.js.map +1 -0
- package/dist/esm/transport/http/sse-writer.js +25 -0
- package/dist/esm/transport/http/sse-writer.js.map +1 -0
- package/dist/esm/transport/in-memory.js +149 -0
- package/dist/esm/transport/in-memory.js.map +1 -0
- package/dist/esm/transport/index.js +8 -0
- package/dist/esm/transport/index.js.map +1 -0
- package/dist/esm/transport/nostr.js +491 -0
- package/dist/esm/transport/nostr.js.map +1 -0
- package/dist/esm/transport/transport.js +2 -0
- package/dist/esm/transport/transport.js.map +1 -0
- package/dist/types/beacon-strategy.d.ts +56 -0
- package/dist/types/beacon-strategy.d.ts.map +1 -0
- package/dist/types/cohort.d.ts +188 -0
- package/dist/types/cohort.d.ts.map +1 -0
- package/dist/types/conditions.d.ts +86 -0
- package/dist/types/conditions.d.ts.map +1 -0
- package/dist/types/errors.d.ts +14 -0
- package/dist/types/errors.d.ts.map +1 -0
- package/dist/types/fallback-spend.d.ts +94 -0
- package/dist/types/fallback-spend.d.ts.map +1 -0
- package/dist/types/index.d.ts +17 -0
- package/dist/types/index.d.ts.map +1 -0
- package/dist/types/logger.d.ts +22 -0
- package/dist/types/logger.d.ts.map +1 -0
- package/dist/types/messages/base.d.ts +58 -0
- package/dist/types/messages/base.d.ts.map +1 -0
- package/dist/types/messages/bodies.d.ts +177 -0
- package/dist/types/messages/bodies.d.ts.map +1 -0
- package/dist/types/messages/constants.d.ts +31 -0
- package/dist/types/messages/constants.d.ts.map +1 -0
- package/dist/types/messages/factories.d.ts +217 -0
- package/dist/types/messages/factories.d.ts.map +1 -0
- package/dist/types/messages/guards.d.ts +11 -0
- package/dist/types/messages/guards.d.ts.map +1 -0
- package/dist/types/messages/index.d.ts +6 -0
- package/dist/types/messages/index.d.ts.map +1 -0
- package/dist/types/participant.d.ts +162 -0
- package/dist/types/participant.d.ts.map +1 -0
- package/dist/types/phases.d.ts +55 -0
- package/dist/types/phases.d.ts.map +1 -0
- package/dist/types/recovery-policy.d.ts +132 -0
- package/dist/types/recovery-policy.d.ts.map +1 -0
- package/dist/types/recovery-spend.d.ts +94 -0
- package/dist/types/recovery-spend.d.ts.map +1 -0
- package/dist/types/runner/aggregation-runner.d.ts +72 -0
- package/dist/types/runner/aggregation-runner.d.ts.map +1 -0
- package/dist/types/runner/events.d.ts +147 -0
- package/dist/types/runner/events.d.ts.map +1 -0
- package/dist/types/runner/index.d.ts +6 -0
- package/dist/types/runner/index.d.ts.map +1 -0
- package/dist/types/runner/participant-runner.d.ts +122 -0
- package/dist/types/runner/participant-runner.d.ts.map +1 -0
- package/dist/types/runner/service-runner.d.ts +228 -0
- package/dist/types/runner/service-runner.d.ts.map +1 -0
- package/dist/types/runner/typed-emitter.d.ts +41 -0
- package/dist/types/runner/typed-emitter.d.ts.map +1 -0
- package/dist/types/service.d.ts +177 -0
- package/dist/types/service.d.ts.map +1 -0
- package/dist/types/signer.d.ts +50 -0
- package/dist/types/signer.d.ts.map +1 -0
- package/dist/types/signing-session.d.ts +81 -0
- package/dist/types/signing-session.d.ts.map +1 -0
- package/dist/types/transport/didcomm.d.ts +23 -0
- package/dist/types/transport/didcomm.d.ts.map +1 -0
- package/dist/types/transport/error.d.ts +8 -0
- package/dist/types/transport/error.d.ts.map +1 -0
- package/dist/types/transport/factory.d.ts +28 -0
- package/dist/types/transport/factory.d.ts.map +1 -0
- package/dist/types/transport/http/client.d.ts +56 -0
- package/dist/types/transport/http/client.d.ts.map +1 -0
- package/dist/types/transport/http/envelope.d.ts +64 -0
- package/dist/types/transport/http/envelope.d.ts.map +1 -0
- package/dist/types/transport/http/errors.d.ts +9 -0
- package/dist/types/transport/http/errors.d.ts.map +1 -0
- package/dist/types/transport/http/inbox-buffer.d.ts +32 -0
- package/dist/types/transport/http/inbox-buffer.d.ts.map +1 -0
- package/dist/types/transport/http/index.d.ts +12 -0
- package/dist/types/transport/http/index.d.ts.map +1 -0
- package/dist/types/transport/http/nonce-cache.d.ts +26 -0
- package/dist/types/transport/http/nonce-cache.d.ts.map +1 -0
- package/dist/types/transport/http/protocol.d.ts +53 -0
- package/dist/types/transport/http/protocol.d.ts.map +1 -0
- package/dist/types/transport/http/rate-limiter.d.ts +41 -0
- package/dist/types/transport/http/rate-limiter.d.ts.map +1 -0
- package/dist/types/transport/http/request-auth.d.ts +50 -0
- package/dist/types/transport/http/request-auth.d.ts.map +1 -0
- package/dist/types/transport/http/server.d.ts +118 -0
- package/dist/types/transport/http/server.d.ts.map +1 -0
- package/dist/types/transport/http/sse-stream.d.ts +34 -0
- package/dist/types/transport/http/sse-stream.d.ts.map +1 -0
- package/dist/types/transport/http/sse-writer.d.ts +12 -0
- package/dist/types/transport/http/sse-writer.d.ts.map +1 -0
- package/dist/types/transport/in-memory.d.ts +64 -0
- package/dist/types/transport/in-memory.d.ts.map +1 -0
- package/dist/types/transport/index.d.ts +8 -0
- package/dist/types/transport/index.d.ts.map +1 -0
- package/dist/types/transport/nostr.d.ts +153 -0
- package/dist/types/transport/nostr.d.ts.map +1 -0
- package/dist/types/transport/transport.d.ts +62 -0
- package/dist/types/transport/transport.d.ts.map +1 -0
- package/package.json +128 -0
- package/src/beacon-strategy.ts +142 -0
- package/src/cohort.ts +422 -0
- package/src/conditions.ts +172 -0
- package/src/errors.ts +25 -0
- package/src/fallback-spend.ts +223 -0
- package/src/index.ts +23 -0
- package/src/logger.ts +33 -0
- package/src/messages/base.ts +80 -0
- package/src/messages/bodies.ts +328 -0
- package/src/messages/constants.ts +40 -0
- package/src/messages/factories.ts +297 -0
- package/src/messages/guards.ts +61 -0
- package/src/messages/index.ts +5 -0
- package/src/participant.ts +779 -0
- package/src/phases.ts +91 -0
- package/src/recovery-policy.ts +237 -0
- package/src/recovery-spend.ts +192 -0
- package/src/runner/aggregation-runner.ts +125 -0
- package/src/runner/events.ts +129 -0
- package/src/runner/index.ts +5 -0
- package/src/runner/participant-runner.ts +488 -0
- package/src/runner/service-runner.ts +891 -0
- package/src/runner/typed-emitter.ts +87 -0
- package/src/service.ts +1000 -0
- package/src/signer.ts +67 -0
- package/src/signing-session.ts +290 -0
- package/src/transport/didcomm.ts +59 -0
- package/src/transport/error.ts +13 -0
- package/src/transport/factory.ts +65 -0
- package/src/transport/http/client.ts +409 -0
- package/src/transport/http/envelope.ts +204 -0
- package/src/transport/http/errors.ts +11 -0
- package/src/transport/http/inbox-buffer.ts +53 -0
- package/src/transport/http/index.ts +11 -0
- package/src/transport/http/nonce-cache.ts +43 -0
- package/src/transport/http/protocol.ts +57 -0
- package/src/transport/http/rate-limiter.ts +75 -0
- package/src/transport/http/request-auth.ts +164 -0
- package/src/transport/http/server.ts +617 -0
- package/src/transport/http/sse-stream.ts +121 -0
- package/src/transport/http/sse-writer.ts +23 -0
- package/src/transport/in-memory.ts +178 -0
- package/src/transport/index.ts +7 -0
- package/src/transport/nostr.ts +576 -0
- package/src/transport/transport.ts +79 -0
package/src/cohort.ts
ADDED
|
@@ -0,0 +1,422 @@
|
|
|
1
|
+
import { getNetwork } from '@did-btcr2/bitcoin';
|
|
2
|
+
import { canonicalHash, canonicalize, hash } from '@did-btcr2/common';
|
|
3
|
+
import type { SignedBTCR2Update } from '@did-btcr2/cryptosuite';
|
|
4
|
+
import type { SerializedSMTProof, TreeEntry } from '@did-btcr2/smt';
|
|
5
|
+
import { BTCR2MerkleTree } from '@did-btcr2/smt';
|
|
6
|
+
import { schnorr } from '@noble/curves/secp256k1.js';
|
|
7
|
+
import { concatBytes, hexToBytes, randomBytes } from '@noble/hashes/utils';
|
|
8
|
+
import { p2tr } from '@scure/btc-signer';
|
|
9
|
+
import { keyAggExport, keyAggregate, sortKeys } from '@scure/btc-signer/musig2';
|
|
10
|
+
import { AggregationCohortError } from './errors.js';
|
|
11
|
+
import type { FundingModel } from './recovery-policy.js';
|
|
12
|
+
import { DEFAULT_FUNDING_MODEL, buildRecoveryLeaves, resolveFallbackThreshold } from './recovery-policy.js';
|
|
13
|
+
|
|
14
|
+
/**
|
|
15
|
+
* The CAS Beacon Announcement Map a cohort produces: a record of DID to update hash.
|
|
16
|
+
* Defined locally so the aggregation package does not depend on method; it is
|
|
17
|
+
* structurally compatible with method's resolution-side `CASAnnouncement` type, which
|
|
18
|
+
* the resolver consumes when reading the announcement off the content-addressed store.
|
|
19
|
+
*/
|
|
20
|
+
export type CASAnnouncementMap = Record<string, string>;
|
|
21
|
+
|
|
22
|
+
export type AggregationCohortParams = {
|
|
23
|
+
id?: string;
|
|
24
|
+
serviceDid?: string;
|
|
25
|
+
minParticipants?: number;
|
|
26
|
+
network: string;
|
|
27
|
+
beaconType?: string;
|
|
28
|
+
/** Operator recovery key, x-only (32 bytes). Required to compute the beacon address. */
|
|
29
|
+
recoveryKey?: Uint8Array;
|
|
30
|
+
/** Relative-timelock (BIP-68 nSequence) before recovery is spendable. Required to compute the beacon address. */
|
|
31
|
+
recoverySequence?: number;
|
|
32
|
+
/** Funding model governing the recovery leaves. Defaults to 'operator-funded'. */
|
|
33
|
+
fundingModel?: FundingModel;
|
|
34
|
+
/** Advertised k of the k-of-n fallback leaf. Absent defaults to n-1 at address computation. */
|
|
35
|
+
fallbackThreshold?: number;
|
|
36
|
+
};
|
|
37
|
+
|
|
38
|
+
/**
|
|
39
|
+
* Represents an Aggregation Cohort: a set of Aggregation Participants who
|
|
40
|
+
* submitted cryptographic material to an Aggregation Service to coordinate
|
|
41
|
+
* signing of a shared n-of-n MuSig2 Bitcoin transaction.
|
|
42
|
+
*
|
|
43
|
+
* This is a pure data class: it holds cohort state and provides computation
|
|
44
|
+
* helpers (key aggregation, CAS Announcement building, SMT tree building).
|
|
45
|
+
* It performs no I/O and emits no messages. Both AggregationService and
|
|
46
|
+
* AggregationParticipant create their own AggregationCohort instances to
|
|
47
|
+
* track their respective views of the cohort state.
|
|
48
|
+
*
|
|
49
|
+
* @class AggregationCohort
|
|
50
|
+
*/
|
|
51
|
+
export class AggregationCohort {
|
|
52
|
+
/** Unique identifier for the cohort. */
|
|
53
|
+
id: string;
|
|
54
|
+
|
|
55
|
+
/** DID of the Aggregation Service managing this cohort. */
|
|
56
|
+
serviceDid: string;
|
|
57
|
+
|
|
58
|
+
/** Minimum number of participants required to finalize the cohort. */
|
|
59
|
+
minParticipants: number;
|
|
60
|
+
|
|
61
|
+
/** Network on which the cohort operates (mainnet, mutinynet, etc.). */
|
|
62
|
+
network: string;
|
|
63
|
+
|
|
64
|
+
/** Type of beacon used in the cohort: 'CASBeacon' or 'SMTBeacon'. */
|
|
65
|
+
beaconType: string;
|
|
66
|
+
|
|
67
|
+
/** List of participant DIDs that have been accepted into the cohort. */
|
|
68
|
+
participants: Array<string> = [];
|
|
69
|
+
|
|
70
|
+
/**
|
|
71
|
+
* Mapping from participant DID to their compressed secp256k1 public key.
|
|
72
|
+
* Distinct from {@link cohortKeys} (which is sorted per BIP-327): this lets
|
|
73
|
+
* callers look up a participant's key without knowing their position in the
|
|
74
|
+
* sorted array. Populated by the service at `acceptParticipant` time.
|
|
75
|
+
*/
|
|
76
|
+
participantKeys: Map<string, Uint8Array> = new Map();
|
|
77
|
+
|
|
78
|
+
/** Sorted list of cohort participants' compressed public keys. */
|
|
79
|
+
#cohortKeys: Array<Uint8Array> = [];
|
|
80
|
+
|
|
81
|
+
/**
|
|
82
|
+
* BIP-341 TapTweak scalar: `taggedHash("TapTweak", internalPubkey || tapMerkleRoot)`.
|
|
83
|
+
* The beacon output is an internal key (the MuSig2 aggregate) plus a script
|
|
84
|
+
* tree (the recovery leaves), so the tweak commits to the tree's Merkle root.
|
|
85
|
+
* The MuSig2 signing session applies this as an x-only tweak; a value that does
|
|
86
|
+
* not match the root the funded address was derived from silently yields an
|
|
87
|
+
* invalid key-path signature.
|
|
88
|
+
*/
|
|
89
|
+
tapTweak: Uint8Array = new Uint8Array();
|
|
90
|
+
|
|
91
|
+
/** The n-of-n MuSig2 aggregate internal key, x-only (32 bytes), set by computeBeaconAddress(). */
|
|
92
|
+
internalKey: Uint8Array = new Uint8Array();
|
|
93
|
+
|
|
94
|
+
/** BIP-341 Taproot Merkle root of the recovery script tree, set by computeBeaconAddress(). */
|
|
95
|
+
tapMerkleRoot: Uint8Array = new Uint8Array();
|
|
96
|
+
|
|
97
|
+
/** Operator recovery key, x-only (32 bytes). Used to build the CSV recovery leaf. */
|
|
98
|
+
recoveryKey?: Uint8Array;
|
|
99
|
+
|
|
100
|
+
/** Relative-timelock (BIP-68 nSequence) before the recovery leaf is spendable. */
|
|
101
|
+
recoverySequence?: number;
|
|
102
|
+
|
|
103
|
+
/** Funding model governing the recovery leaves (default 'operator-funded'). */
|
|
104
|
+
fundingModel: FundingModel;
|
|
105
|
+
|
|
106
|
+
/**
|
|
107
|
+
* Advertised k of the k-of-n fallback leaf, or undefined to default to n-1 at
|
|
108
|
+
* address computation. Read the resolved value via {@link effectiveFallbackThreshold}.
|
|
109
|
+
*/
|
|
110
|
+
fallbackThreshold?: number;
|
|
111
|
+
|
|
112
|
+
/** The Taproot beacon address: key path is the MuSig2 aggregate, script path is fallback + recovery. */
|
|
113
|
+
beaconAddress: string = '';
|
|
114
|
+
|
|
115
|
+
/** Pending DID updates submitted by participants, keyed by DID. */
|
|
116
|
+
pendingUpdates: Map<string, SignedBTCR2Update> = new Map();
|
|
117
|
+
|
|
118
|
+
/**
|
|
119
|
+
* Participant DIDs that explicitly declined to submit an update this round
|
|
120
|
+
* (cooperative non-inclusion). A decliner is absent from the CAS Announcement
|
|
121
|
+
* Map and carries a non-inclusion leaf in the SMT, yet still signs. Kept
|
|
122
|
+
* disjoint from {@link pendingUpdates} so CAS correctness holds by construction.
|
|
123
|
+
*/
|
|
124
|
+
nonIncluded: Set<string> = new Set();
|
|
125
|
+
|
|
126
|
+
/** CAS Beacon Announcement Map (DID to updateHash), set by buildCASAnnouncement(). */
|
|
127
|
+
casAnnouncement?: CASAnnouncementMap;
|
|
128
|
+
|
|
129
|
+
/** Per-participant SMT proofs, set by buildSMTTree(). */
|
|
130
|
+
smtProofs?: Map<string, SerializedSMTProof>;
|
|
131
|
+
|
|
132
|
+
/** Signal bytes (32 bytes) for OP_RETURN: SHA-256 of CAS announcement OR SMT root. */
|
|
133
|
+
signalBytes?: Uint8Array;
|
|
134
|
+
|
|
135
|
+
/** Set of participant DIDs that have approved the aggregated data. */
|
|
136
|
+
validationAcks: Set<string> = new Set();
|
|
137
|
+
|
|
138
|
+
/** Set of participant DIDs that have rejected the aggregated data. */
|
|
139
|
+
validationRejections: Set<string> = new Set();
|
|
140
|
+
|
|
141
|
+
constructor({ id, minParticipants, serviceDid, network, beaconType, recoveryKey, recoverySequence, fundingModel, fallbackThreshold }: AggregationCohortParams) {
|
|
142
|
+
this.id = id || crypto.randomUUID();
|
|
143
|
+
// `?? 2` (not `|| 2`) so a deliberately-passed 0 is preserved rather than
|
|
144
|
+
// silently coerced; the service rejects an invalid count at createCohort.
|
|
145
|
+
this.minParticipants = minParticipants ?? 2;
|
|
146
|
+
this.serviceDid = serviceDid || '';
|
|
147
|
+
this.network = network;
|
|
148
|
+
this.beaconType = beaconType || 'CASBeacon';
|
|
149
|
+
this.recoveryKey = recoveryKey;
|
|
150
|
+
this.recoverySequence = recoverySequence;
|
|
151
|
+
this.fundingModel = fundingModel ?? DEFAULT_FUNDING_MODEL;
|
|
152
|
+
this.fallbackThreshold = fallbackThreshold;
|
|
153
|
+
}
|
|
154
|
+
|
|
155
|
+
/** Sorted cohort keys (sorted on assignment per BIP-327). */
|
|
156
|
+
get cohortKeys(): Array<Uint8Array> {
|
|
157
|
+
return this.#cohortKeys;
|
|
158
|
+
}
|
|
159
|
+
|
|
160
|
+
set cohortKeys(keys: Array<Uint8Array>) {
|
|
161
|
+
this.#cohortKeys = sortKeys(keys);
|
|
162
|
+
}
|
|
163
|
+
|
|
164
|
+
/**
|
|
165
|
+
* The resolved k of the k-of-n fallback leaf: the advertised
|
|
166
|
+
* {@link fallbackThreshold}, or n-1 (floored at 1) when unadvertised, where n is
|
|
167
|
+
* the current cohort size. This is the value the beacon address commits to and
|
|
168
|
+
* the spend builders must reproduce. Returns 0 before any cohort keys are set.
|
|
169
|
+
*/
|
|
170
|
+
public get effectiveFallbackThreshold(): number {
|
|
171
|
+
if(this.#cohortKeys.length === 0) return 0;
|
|
172
|
+
return resolveFallbackThreshold(this.fallbackThreshold, this.#cohortKeys.length);
|
|
173
|
+
}
|
|
174
|
+
|
|
175
|
+
/**
|
|
176
|
+
* Computes the Taproot beacon address from the cohort keys and recovery params.
|
|
177
|
+
*
|
|
178
|
+
* The output's key path is the n-of-n MuSig2 aggregate of the cohort keys; its
|
|
179
|
+
* script path is the recovery tree (a CSV recovery leaf so a missing signer
|
|
180
|
+
* cannot permanently lock the UTXO). Sets `internalKey`, `tapMerkleRoot`, and
|
|
181
|
+
* the `tapTweak` the MuSig2 session must apply for the key-path spend.
|
|
182
|
+
*
|
|
183
|
+
* The tweak is derived from the Merkle root the address was built with (read
|
|
184
|
+
* back from the payment), never recomputed by hand, so the MuSig2 key-path
|
|
185
|
+
* signature is guaranteed to validate against the funded address.
|
|
186
|
+
*/
|
|
187
|
+
public computeBeaconAddress(): string {
|
|
188
|
+
if(this.#cohortKeys.length === 0) {
|
|
189
|
+
throw new AggregationCohortError(
|
|
190
|
+
'Cannot compute beacon address: no cohort keys.',
|
|
191
|
+
'NO_COHORT_KEYS', { cohortId: this.id }
|
|
192
|
+
);
|
|
193
|
+
}
|
|
194
|
+
if(!this.recoveryKey || this.recoveryKey.length === 0 || this.recoverySequence === undefined) {
|
|
195
|
+
throw new AggregationCohortError(
|
|
196
|
+
'Cannot compute beacon address: missing recovery key or sequence.',
|
|
197
|
+
'NO_RECOVERY_PARAMS', { cohortId: this.id }
|
|
198
|
+
);
|
|
199
|
+
}
|
|
200
|
+
const keyAggContext = keyAggregate(this.#cohortKeys);
|
|
201
|
+
const aggPubkey = keyAggExport(keyAggContext);
|
|
202
|
+
|
|
203
|
+
// The beacon output commits to the script tree (k-of-n fallback leaf + CSV
|
|
204
|
+
// recovery leaf) alongside the MuSig2 internal key. Derive the address for
|
|
205
|
+
// the cohort's network. Without the network arg p2tr defaults to mainnet, so
|
|
206
|
+
// a mutinynet/signet/regtest cohort would otherwise advertise a `bc1p...`
|
|
207
|
+
// address that no participant can fund.
|
|
208
|
+
const leaves = buildRecoveryLeaves(this.fundingModel, {
|
|
209
|
+
recoveryKey : this.recoveryKey,
|
|
210
|
+
recoverySequence : this.recoverySequence,
|
|
211
|
+
cohortKeys : this.#cohortKeys,
|
|
212
|
+
fallbackThreshold : resolveFallbackThreshold(this.fallbackThreshold, this.#cohortKeys.length),
|
|
213
|
+
});
|
|
214
|
+
// allowUnknownOutputs: the CSV recovery leaf is a custom script, not one of
|
|
215
|
+
// p2tr's recognized templates (tr_ns/tr_ms), so the template check must be
|
|
216
|
+
// waived. The leaf hash (and thus the address) is computed from the raw
|
|
217
|
+
// script bytes regardless.
|
|
218
|
+
const payment = p2tr(aggPubkey, leaves, getNetwork(this.network), true);
|
|
219
|
+
|
|
220
|
+
// BIP-341: the key-path tweak commits to the script tree's Merkle root.
|
|
221
|
+
// taggedHash("TapTweak", internalPubkey || tapMerkleRoot). Use the root the
|
|
222
|
+
// library committed to (payment.tapMerkleRoot) so the tweak matches the
|
|
223
|
+
// funded address byte-for-byte.
|
|
224
|
+
this.internalKey = aggPubkey;
|
|
225
|
+
this.tapMerkleRoot = payment.tapMerkleRoot;
|
|
226
|
+
this.tapTweak = schnorr.utils.taggedHash('TapTweak', concatBytes(aggPubkey, payment.tapMerkleRoot));
|
|
227
|
+
|
|
228
|
+
if(!payment.address) {
|
|
229
|
+
throw new AggregationCohortError(
|
|
230
|
+
'Failed to compute Taproot address',
|
|
231
|
+
'BEACON_ADDRESS_ERROR', { cohortId: this.id }
|
|
232
|
+
);
|
|
233
|
+
}
|
|
234
|
+
this.beaconAddress = payment.address;
|
|
235
|
+
return payment.address;
|
|
236
|
+
}
|
|
237
|
+
|
|
238
|
+
/**
|
|
239
|
+
* Validates that the participant's key is in the cohort and the beacon address
|
|
240
|
+
* matches the locally-computed one. Used by participants to verify cohort ready
|
|
241
|
+
* messages from the service.
|
|
242
|
+
*/
|
|
243
|
+
public validateMembership(
|
|
244
|
+
participantPkHex: string,
|
|
245
|
+
cohortKeysHex: Array<string>,
|
|
246
|
+
expectedBeaconAddress: string
|
|
247
|
+
): void {
|
|
248
|
+
if(!cohortKeysHex.includes(participantPkHex)) {
|
|
249
|
+
throw new AggregationCohortError(
|
|
250
|
+
`Participant key not found in cohort ${this.id}.`,
|
|
251
|
+
'COHORT_VALIDATION_ERROR', { cohortId: this.id, participantPkHex }
|
|
252
|
+
);
|
|
253
|
+
}
|
|
254
|
+
this.cohortKeys = cohortKeysHex.map(k => hexToBytes(k));
|
|
255
|
+
const computed = this.computeBeaconAddress();
|
|
256
|
+
if(computed !== expectedBeaconAddress) {
|
|
257
|
+
throw new AggregationCohortError(
|
|
258
|
+
`Computed beacon address ${computed} does not match expected ${expectedBeaconAddress}.`,
|
|
259
|
+
'BEACON_ADDRESS_MISMATCH', { cohortId: this.id, computed, expected: expectedBeaconAddress }
|
|
260
|
+
);
|
|
261
|
+
}
|
|
262
|
+
}
|
|
263
|
+
|
|
264
|
+
/**
|
|
265
|
+
* Returns the position of a participant's public key in the sorted
|
|
266
|
+
* {@link cohortKeys} array, or -1 if the participant is not in the cohort.
|
|
267
|
+
* Required by MuSig2 partial-sig verification which indexes by signer position.
|
|
268
|
+
*/
|
|
269
|
+
public indexOfParticipant(did: string): number {
|
|
270
|
+
const pk = this.participantKeys.get(did);
|
|
271
|
+
if(!pk) return -1;
|
|
272
|
+
return this.#cohortKeys.findIndex(k =>
|
|
273
|
+
k.length === pk.length && k.every((b, i) => b === pk[i])
|
|
274
|
+
);
|
|
275
|
+
}
|
|
276
|
+
|
|
277
|
+
public addUpdate(participantDid: string, signedUpdate: SignedBTCR2Update): void {
|
|
278
|
+
if(!this.participants.includes(participantDid)) {
|
|
279
|
+
throw new AggregationCohortError(
|
|
280
|
+
`Participant ${participantDid} is not in cohort ${this.id}.`,
|
|
281
|
+
'UNKNOWN_PARTICIPANT', { cohortId: this.id, participantDid }
|
|
282
|
+
);
|
|
283
|
+
}
|
|
284
|
+
this.pendingUpdates.set(participantDid, signedUpdate);
|
|
285
|
+
}
|
|
286
|
+
|
|
287
|
+
/**
|
|
288
|
+
* Record that a participant declined to submit an update this round
|
|
289
|
+
* (cooperative non-inclusion). The member stays in the cohort and still signs.
|
|
290
|
+
*/
|
|
291
|
+
public addNonInclusion(participantDid: string): void {
|
|
292
|
+
if(!this.participants.includes(participantDid)) {
|
|
293
|
+
throw new AggregationCohortError(
|
|
294
|
+
`Participant ${participantDid} is not in cohort ${this.id}.`,
|
|
295
|
+
'UNKNOWN_PARTICIPANT', { cohortId: this.id, participantDid }
|
|
296
|
+
);
|
|
297
|
+
}
|
|
298
|
+
// A DID cannot both submit and decline. The service guards re-submission, but
|
|
299
|
+
// keep the invariant local so the response gate and builders stay consistent.
|
|
300
|
+
if(this.pendingUpdates.has(participantDid)) {
|
|
301
|
+
throw new AggregationCohortError(
|
|
302
|
+
`Participant ${participantDid} already submitted an update; cannot also decline.`,
|
|
303
|
+
'CONFLICTING_RESPONSE', { cohortId: this.id, participantDid }
|
|
304
|
+
);
|
|
305
|
+
}
|
|
306
|
+
this.nonIncluded.add(participantDid);
|
|
307
|
+
}
|
|
308
|
+
|
|
309
|
+
public hasAllUpdates(): boolean {
|
|
310
|
+
return this.pendingUpdates.size === this.participants.length;
|
|
311
|
+
}
|
|
312
|
+
|
|
313
|
+
/**
|
|
314
|
+
* True when every participant has responded for this round, either with an
|
|
315
|
+
* update or with an explicit non-inclusion. This is the aggregation gate when
|
|
316
|
+
* non-inclusion is in play; it generalizes {@link hasAllUpdates} the same way
|
|
317
|
+
* {@link hasAllValidationResponses} generalizes a unanimous ack.
|
|
318
|
+
*/
|
|
319
|
+
public hasAllResponses(): boolean {
|
|
320
|
+
return this.pendingUpdates.size + this.nonIncluded.size === this.participants.length;
|
|
321
|
+
}
|
|
322
|
+
|
|
323
|
+
/**
|
|
324
|
+
* Builds a CAS Announcement Map from collected updates.
|
|
325
|
+
* Maps each participant DID to base64url canonical hash of their signed update.
|
|
326
|
+
* Computes signal bytes as SHA-256 of canonicalized announcement.
|
|
327
|
+
*
|
|
328
|
+
* Members who declined (cooperative non-inclusion) are naturally absent from
|
|
329
|
+
* the map: the body iterates {@link pendingUpdates}, which never holds a
|
|
330
|
+
* decliner. Absence from the map is exactly the CAS non-inclusion signal.
|
|
331
|
+
*/
|
|
332
|
+
public buildCASAnnouncement(): CASAnnouncementMap {
|
|
333
|
+
if(!this.hasAllResponses()) {
|
|
334
|
+
throw new AggregationCohortError(
|
|
335
|
+
'Cannot build CAS Announcement: not all participants have responded.',
|
|
336
|
+
'INCOMPLETE_RESPONSES', { cohortId: this.id, updates: this.pendingUpdates.size, declined: this.nonIncluded.size, total: this.participants.length }
|
|
337
|
+
);
|
|
338
|
+
}
|
|
339
|
+
const announcement: CASAnnouncementMap = {};
|
|
340
|
+
for(const [did, signedUpdate] of this.pendingUpdates) {
|
|
341
|
+
announcement[did] = canonicalHash(signedUpdate);
|
|
342
|
+
}
|
|
343
|
+
this.casAnnouncement = announcement;
|
|
344
|
+
this.signalBytes = hash(canonicalize(announcement));
|
|
345
|
+
return announcement;
|
|
346
|
+
}
|
|
347
|
+
|
|
348
|
+
/**
|
|
349
|
+
* Builds an SMT tree with one leaf per participant.
|
|
350
|
+
*
|
|
351
|
+
* A member who submitted an update gets an inclusion leaf
|
|
352
|
+
* (SHA-256(SHA-256(nonce) || SHA-256(update))); a member who declined gets a
|
|
353
|
+
* non-inclusion leaf (SHA-256(SHA-256(nonce)), the `signedUpdate` entry field
|
|
354
|
+
* omitted). The cohort mints each member's nonce and returns it inside that
|
|
355
|
+
* member's serialized proof, so a decliner can self-validate its own
|
|
356
|
+
* non-inclusion slot and the resolver can recompute the leaf. Stores
|
|
357
|
+
* per-participant proofs and the SMT root as signalBytes.
|
|
358
|
+
*/
|
|
359
|
+
public buildSMTTree(): Map<string, SerializedSMTProof> {
|
|
360
|
+
if(!this.hasAllResponses()) {
|
|
361
|
+
throw new AggregationCohortError(
|
|
362
|
+
'Cannot build SMT tree: not all participants have responded.',
|
|
363
|
+
'INCOMPLETE_RESPONSES', { cohortId: this.id, updates: this.pendingUpdates.size, declined: this.nonIncluded.size, total: this.participants.length }
|
|
364
|
+
);
|
|
365
|
+
}
|
|
366
|
+
const tree = new BTCR2MerkleTree();
|
|
367
|
+
const entries: TreeEntry[] = [];
|
|
368
|
+
const encoder = new TextEncoder();
|
|
369
|
+
|
|
370
|
+
// Slot every participant: an inclusion leaf for submitters, a non-inclusion
|
|
371
|
+
// leaf (signedUpdate omitted) for decliners.
|
|
372
|
+
for(const did of this.participants) {
|
|
373
|
+
const nonce = randomBytes(32);
|
|
374
|
+
const signedUpdate = this.pendingUpdates.get(did);
|
|
375
|
+
if(signedUpdate) {
|
|
376
|
+
entries.push({ did, nonce, signedUpdate: encoder.encode(canonicalize(signedUpdate)) });
|
|
377
|
+
} else {
|
|
378
|
+
entries.push({ did, nonce });
|
|
379
|
+
}
|
|
380
|
+
}
|
|
381
|
+
|
|
382
|
+
tree.addEntries(entries);
|
|
383
|
+
tree.finalize();
|
|
384
|
+
|
|
385
|
+
this.signalBytes = tree.rootHash;
|
|
386
|
+
this.smtProofs = new Map();
|
|
387
|
+
for(const did of this.participants) {
|
|
388
|
+
this.smtProofs.set(did, tree.proof(did));
|
|
389
|
+
}
|
|
390
|
+
return this.smtProofs;
|
|
391
|
+
}
|
|
392
|
+
|
|
393
|
+
public addValidation(participantDid: string, approved: boolean): void {
|
|
394
|
+
if(!this.participants.includes(participantDid)) {
|
|
395
|
+
throw new AggregationCohortError(
|
|
396
|
+
`Unknown participant ${participantDid} in cohort ${this.id}.`,
|
|
397
|
+
'UNKNOWN_PARTICIPANT', { cohortId: this.id, participantDid }
|
|
398
|
+
);
|
|
399
|
+
}
|
|
400
|
+
if(approved) {
|
|
401
|
+
this.validationAcks.add(participantDid);
|
|
402
|
+
} else {
|
|
403
|
+
this.validationRejections.add(participantDid);
|
|
404
|
+
}
|
|
405
|
+
}
|
|
406
|
+
|
|
407
|
+
/**
|
|
408
|
+
* True when every participant has either approved or rejected the aggregated data.
|
|
409
|
+
*/
|
|
410
|
+
public hasAllValidationResponses(): boolean {
|
|
411
|
+
return this.validationAcks.size + this.validationRejections.size === this.participants.length;
|
|
412
|
+
}
|
|
413
|
+
|
|
414
|
+
/**
|
|
415
|
+
* True when all participants approved. Note: differs from {@link hasAllValidationResponses},
|
|
416
|
+
* this returns false if any participant rejected, even if all responses are in.
|
|
417
|
+
*/
|
|
418
|
+
public isFullyValidated(): boolean {
|
|
419
|
+
return this.validationRejections.size === 0
|
|
420
|
+
&& this.validationAcks.size === this.participants.length;
|
|
421
|
+
}
|
|
422
|
+
}
|
|
@@ -0,0 +1,172 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Cohort conditions: the constraints an Aggregation Service advertises for a
|
|
3
|
+
* cohort (did:btcr2 spec, "Step 1: Create Aggregation Cohort"). See ADR 039.
|
|
4
|
+
*
|
|
5
|
+
* The spec frames these as an optional menu ("the Aggregation Service can define
|
|
6
|
+
* conditions such as ..."), so only `beaconType` and `minParticipants` are
|
|
7
|
+
* required here; every other condition is optional and, when absent, means
|
|
8
|
+
* unconstrained.
|
|
9
|
+
*
|
|
10
|
+
* Enforcement is staged (ADR 039): `beaconType` and the participant bounds are
|
|
11
|
+
* enforced by the state machine now; DIDs-per-participant, timing/cadence, and
|
|
12
|
+
* the pending-update trigger are modeled and advertised here but enforced when
|
|
13
|
+
* the multi-cohort (AGG-4) and non-inclusion (AGG-5) tracks land. The two cost
|
|
14
|
+
* conditions are advertised metadata only - the protocol performs no payment or
|
|
15
|
+
* settlement (consistent with ADR 008).
|
|
16
|
+
*/
|
|
17
|
+
|
|
18
|
+
import type { FundingModel } from './recovery-policy.js';
|
|
19
|
+
import { MAX_RECOVERY_SEQUENCE } from './recovery-policy.js';
|
|
20
|
+
|
|
21
|
+
/** Beacon types that support aggregation (singleton is single-party only, per ADR 037). */
|
|
22
|
+
export const KNOWN_BEACON_TYPES = ['CASBeacon', 'SMTBeacon'] as const;
|
|
23
|
+
|
|
24
|
+
/** Funding models an operator may advertise. Only 'operator-funded' is implemented (ADR 042). */
|
|
25
|
+
export const KNOWN_FUNDING_MODELS = ['operator-funded', 'participant-funded'] as const;
|
|
26
|
+
|
|
27
|
+
/**
|
|
28
|
+
* An advertised price. `unit` is operator-defined (the spec does not specify a
|
|
29
|
+
* currency); `basis` distinguishes a per-DID from a per-participant charge for
|
|
30
|
+
* "cost per announcement". Advertised only - never settled by the protocol.
|
|
31
|
+
*/
|
|
32
|
+
export interface CohortCost {
|
|
33
|
+
amount: number;
|
|
34
|
+
unit: string;
|
|
35
|
+
basis?: 'per-did' | 'per-participant';
|
|
36
|
+
}
|
|
37
|
+
|
|
38
|
+
/** The seven spec cohort conditions. Only beaconType + minParticipants are required. */
|
|
39
|
+
export interface CohortConditions {
|
|
40
|
+
/** 1. Beacon mechanism: 'CASBeacon' or 'SMTBeacon'. Enforced. */
|
|
41
|
+
beaconType: string;
|
|
42
|
+
/** 2. Lower bound on cohort size. Enforced (finalize floor). */
|
|
43
|
+
minParticipants: number;
|
|
44
|
+
/** 2. Upper bound on cohort size. Enforced (accept/finalize ceiling). */
|
|
45
|
+
maxParticipants?: number;
|
|
46
|
+
/** 3. Lower bound on DIDs a participant may register. Advertised; enforcement staged (AGG-5). */
|
|
47
|
+
minDidsPerParticipant?: number;
|
|
48
|
+
/** 3. Upper bound on DIDs a participant may register. Advertised; enforcement staged (AGG-5). */
|
|
49
|
+
maxDidsPerParticipant?: number;
|
|
50
|
+
/** 4. One-time enrollment price. Advertised only - no settlement. */
|
|
51
|
+
costOfEnrollment?: CohortCost;
|
|
52
|
+
/** 5. Recurring per-announcement price. Advertised only - no settlement. */
|
|
53
|
+
costPerAnnouncement?: CohortCost;
|
|
54
|
+
/** 6. Floor on time between announcements (seconds). Advertised; enforcement staged (AGG-4/5). */
|
|
55
|
+
minSecondsBetweenAnnouncements?: number;
|
|
56
|
+
/** 6. Ceiling on time between announcements (seconds). Advertised; enforcement staged - generalizes the ADR 027 Cohort TTL. */
|
|
57
|
+
maxSecondsBetweenAnnouncements?: number;
|
|
58
|
+
/** 7. Pending-update count that triggers an announcement. Advertised; enforcement staged (AGG-5) - generalizes hasAllUpdates(). */
|
|
59
|
+
pendingUpdateTrigger?: number;
|
|
60
|
+
/**
|
|
61
|
+
* Who funds the beacon UTXO and holds the recovery path. Defaults to
|
|
62
|
+
* 'operator-funded' when absent. See ADR 042.
|
|
63
|
+
*/
|
|
64
|
+
fundingModel?: FundingModel;
|
|
65
|
+
/**
|
|
66
|
+
* Operator recovery key, x-only (64-character hex / 32 bytes). The beacon
|
|
67
|
+
* output commits to a CSV recovery leaf keyed to this key, so a missing signer
|
|
68
|
+
* can never permanently lock the funded UTXO. Required (ADR 042).
|
|
69
|
+
*/
|
|
70
|
+
recoveryKey: string;
|
|
71
|
+
/**
|
|
72
|
+
* Relative-timelock (BIP-68 nSequence, in blocks) before the recovery leaf is
|
|
73
|
+
* spendable. Required, >= 1 (ADR 042).
|
|
74
|
+
*/
|
|
75
|
+
recoverySequence: number;
|
|
76
|
+
/**
|
|
77
|
+
* Number of signers (k) the k-of-n fallback leaf requires, so any k cohort
|
|
78
|
+
* members can still announce when the optimistic n-of-n key path stalls
|
|
79
|
+
* (graceful liveness, ADR 042). Optional: when absent it defaults to n-1 at
|
|
80
|
+
* keygen, where n is the finalized participant count. When advertised it must
|
|
81
|
+
* be an integer >= 1 (and <= maxParticipants when that is set); the upper bound
|
|
82
|
+
* against the actual cohort size n is enforced at keygen.
|
|
83
|
+
*/
|
|
84
|
+
fallbackThreshold?: number;
|
|
85
|
+
}
|
|
86
|
+
|
|
87
|
+
/** Validate an optional [min, max] integer pair. */
|
|
88
|
+
function checkPair(problems: string[], label: string, min?: number, max?: number): void {
|
|
89
|
+
if(min !== undefined && (!Number.isInteger(min) || min < 0)) {
|
|
90
|
+
problems.push(`min${label} must be an integer >= 0`);
|
|
91
|
+
}
|
|
92
|
+
if(max !== undefined && (!Number.isInteger(max) || max < 0)) {
|
|
93
|
+
problems.push(`max${label} must be an integer >= 0`);
|
|
94
|
+
}
|
|
95
|
+
if(min !== undefined && max !== undefined && Number.isInteger(min) && Number.isInteger(max) && max < min) {
|
|
96
|
+
problems.push(`max${label} must be >= min${label}`);
|
|
97
|
+
}
|
|
98
|
+
}
|
|
99
|
+
|
|
100
|
+
/** Validate an optional advertised cost. */
|
|
101
|
+
function checkCost(problems: string[], label: string, cost?: CohortCost): void {
|
|
102
|
+
if(cost === undefined) return;
|
|
103
|
+
if(typeof cost.amount !== 'number' || !Number.isFinite(cost.amount) || cost.amount < 0) {
|
|
104
|
+
problems.push(`${label}.amount must be a finite number >= 0`);
|
|
105
|
+
}
|
|
106
|
+
if(typeof cost.unit !== 'string' || cost.unit.length === 0) {
|
|
107
|
+
problems.push(`${label}.unit must be a non-empty string`);
|
|
108
|
+
}
|
|
109
|
+
if(cost.basis !== undefined && cost.basis !== 'per-did' && cost.basis !== 'per-participant') {
|
|
110
|
+
problems.push(`${label}.basis must be 'per-did' or 'per-participant'`);
|
|
111
|
+
}
|
|
112
|
+
}
|
|
113
|
+
|
|
114
|
+
/**
|
|
115
|
+
* Validate a set of cohort conditions. Returns a list of human-readable problems
|
|
116
|
+
* (empty when valid) so the caller can decide how to surface them. Used by
|
|
117
|
+
* `createCohort()` to fail fast instead of discovering invalidity at finalize.
|
|
118
|
+
*/
|
|
119
|
+
export function validateCohortConditions(c: CohortConditions): string[] {
|
|
120
|
+
const problems: string[] = [];
|
|
121
|
+
|
|
122
|
+
if(!(KNOWN_BEACON_TYPES as readonly string[]).includes(c.beaconType)) {
|
|
123
|
+
problems.push(`beaconType must be one of ${KNOWN_BEACON_TYPES.join(', ')}`);
|
|
124
|
+
}
|
|
125
|
+
if(!Number.isInteger(c.minParticipants) || c.minParticipants < 1) {
|
|
126
|
+
problems.push('minParticipants must be an integer >= 1');
|
|
127
|
+
}
|
|
128
|
+
if(c.maxParticipants !== undefined) {
|
|
129
|
+
if(!Number.isInteger(c.maxParticipants) || c.maxParticipants < 1) {
|
|
130
|
+
problems.push('maxParticipants must be an integer >= 1');
|
|
131
|
+
} else if(Number.isInteger(c.minParticipants) && c.maxParticipants < c.minParticipants) {
|
|
132
|
+
problems.push('maxParticipants must be >= minParticipants');
|
|
133
|
+
}
|
|
134
|
+
}
|
|
135
|
+
|
|
136
|
+
checkPair(problems, 'DidsPerParticipant', c.minDidsPerParticipant, c.maxDidsPerParticipant);
|
|
137
|
+
checkPair(problems, 'SecondsBetweenAnnouncements', c.minSecondsBetweenAnnouncements, c.maxSecondsBetweenAnnouncements);
|
|
138
|
+
|
|
139
|
+
if(c.pendingUpdateTrigger !== undefined && (!Number.isInteger(c.pendingUpdateTrigger) || c.pendingUpdateTrigger < 1)) {
|
|
140
|
+
problems.push('pendingUpdateTrigger must be an integer >= 1');
|
|
141
|
+
}
|
|
142
|
+
|
|
143
|
+
// Fallback threshold (k of the k-of-n fallback leaf). Optional; when advertised
|
|
144
|
+
// it must be a positive integer and cannot exceed maxParticipants (the binding
|
|
145
|
+
// upper bound against the actual cohort size n is checked at keygen, where n is
|
|
146
|
+
// known). See ADR 042.
|
|
147
|
+
if(c.fallbackThreshold !== undefined) {
|
|
148
|
+
if(!Number.isInteger(c.fallbackThreshold) || c.fallbackThreshold < 1) {
|
|
149
|
+
problems.push('fallbackThreshold must be an integer >= 1');
|
|
150
|
+
} else if(c.maxParticipants !== undefined && Number.isInteger(c.maxParticipants) && c.fallbackThreshold > c.maxParticipants) {
|
|
151
|
+
problems.push('fallbackThreshold must be <= maxParticipants');
|
|
152
|
+
}
|
|
153
|
+
}
|
|
154
|
+
|
|
155
|
+
checkCost(problems, 'costOfEnrollment', c.costOfEnrollment);
|
|
156
|
+
checkCost(problems, 'costPerAnnouncement', c.costPerAnnouncement);
|
|
157
|
+
|
|
158
|
+
// Recovery params: the beacon output's CSV recovery leaf. Required so a
|
|
159
|
+
// missing signer can never permanently lock the funded UTXO (ADR 042). The
|
|
160
|
+
// key is an x-only (32-byte) Schnorr public key, carried as 64 hex chars.
|
|
161
|
+
if(typeof c.recoveryKey !== 'string' || !/^[0-9a-fA-F]{64}$/.test(c.recoveryKey)) {
|
|
162
|
+
problems.push('recoveryKey must be a 64-character hex string (x-only public key)');
|
|
163
|
+
}
|
|
164
|
+
if(!Number.isInteger(c.recoverySequence) || c.recoverySequence < 1 || c.recoverySequence > MAX_RECOVERY_SEQUENCE) {
|
|
165
|
+
problems.push(`recoverySequence must be a block-based BIP-68 relative timelock in [1, ${MAX_RECOVERY_SEQUENCE}]`);
|
|
166
|
+
}
|
|
167
|
+
if(c.fundingModel !== undefined && !(KNOWN_FUNDING_MODELS as readonly string[]).includes(c.fundingModel)) {
|
|
168
|
+
problems.push(`fundingModel must be one of ${KNOWN_FUNDING_MODELS.join(', ')}`);
|
|
169
|
+
}
|
|
170
|
+
|
|
171
|
+
return problems;
|
|
172
|
+
}
|
package/src/errors.ts
ADDED
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
import { MethodError } from '@did-btcr2/common';
|
|
2
|
+
|
|
3
|
+
export class AggregationServiceError extends MethodError {
|
|
4
|
+
constructor(message: string, type: string = 'AggregationServiceError', data?: Record<string, any>) {
|
|
5
|
+
super(message, type, data);
|
|
6
|
+
}
|
|
7
|
+
}
|
|
8
|
+
|
|
9
|
+
export class AggregationParticipantError extends MethodError {
|
|
10
|
+
constructor(message: string, type: string = 'AggregationParticipantError', data?: Record<string, any>) {
|
|
11
|
+
super(message, type, data);
|
|
12
|
+
}
|
|
13
|
+
}
|
|
14
|
+
|
|
15
|
+
export class AggregationCohortError extends MethodError {
|
|
16
|
+
constructor(message: string, type: string = 'AggregationCohortError', data?: Record<string, any>) {
|
|
17
|
+
super(message, type, data);
|
|
18
|
+
}
|
|
19
|
+
}
|
|
20
|
+
|
|
21
|
+
export class SigningSessionError extends MethodError {
|
|
22
|
+
constructor(message: string, type: string = 'SigningSessionError', data?: Record<string, any>) {
|
|
23
|
+
super(message, type, data);
|
|
24
|
+
}
|
|
25
|
+
}
|