@dynamic-labs-wallet/forward-mpc-shared 0.7.0 → 0.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.d.cts CHANGED
@@ -108,6 +108,18 @@ declare const TraceContextCodec: io_ts.UnionC<[io_ts.PartialC<{
108
108
  */
109
109
  declare const OptionalStringCodec: io_ts.UnionC<[io_ts.StringC, io_ts.UndefinedC]>;
110
110
 
111
+ /**
112
+ * Creates an io-ts codec that validates an integer is within [min, max].
113
+ * Rejects non-integer numbers, NaN, and Infinity.
114
+ */
115
+ declare function BoundedIntCodec(name: string, min: number, max: number): Type<number, number, unknown>;
116
+
117
+ /**
118
+ * Validates a relay domain: must be a well-formed domain (via DomainCodec)
119
+ * AND must not resolve to a private/loopback/link-local address.
120
+ */
121
+ declare const RelayDomainCodec: Type<string, string, unknown>;
122
+
111
123
  /**
112
124
  * ReceiveKey Response Runtime Data
113
125
  */
@@ -191,9 +203,6 @@ interface ReceiveKeyRequestWire {
191
203
  environmentId?: string;
192
204
  traceContext?: TraceContext;
193
205
  }
194
- /**
195
- * ReceiveKey V1 Request Schema
196
- */
197
206
  declare const ReceiveKeyRequestSchema: io_ts.Type<any, any, unknown>;
198
207
  type ReceiveKeyRequest = TypeOf<typeof ReceiveKeyRequestSchema>;
199
208
  /**
@@ -267,6 +276,8 @@ declare const KeygenV1ResponseMessage: {
267
276
  }>;
268
277
  };
269
278
 
279
+ /** Upper bound for MPC party count — generous ceiling above any real ceremony. */
280
+ declare const MAX_KEYGEN_PARTIES = 10;
270
281
  /**
271
282
  * Keygen Request Runtime Data
272
283
  * Supports ECDSA and BIP340 algorithms only
@@ -1599,4 +1610,4 @@ declare class SigningAlgorithmRegistry {
1599
1610
  }
1600
1611
  declare const signingAlgorithmRegistry: SigningAlgorithmRegistry;
1601
1612
 
1602
- export { AES_256_GCM_KEY_SIZE, AES_256_GCM_NONCE_SIZE, AES_256_GCM_TAG_SIZE, ALGORITHMS, ALL_MESSAGE_CLASSES, ALL_MESSAGE_KEYS, ALL_SIGNING_ALGORITHM_NAMES, ALL_SIGNING_ALGORITHM_SCHEMA, type AllMessageTypes, type AllSigningAlgorithmSchemas, BIP340SigningAlgorithm, BaseMessage, BaseSigningAlgorithm, type BaseWebSocketMessage, type ConnectionAckRequest, type ConnectionAckRequestData, ConnectionAckRequestSchema, type ConnectionAckRequestWire, type ConnectionAckResponse, type ConnectionAckResponseData, ConnectionAckResponseSchema, type ConnectionAckResponseWire, ConnectionAckV1RequestMessage, ConnectionAckV1ResponseMessage, type DecryptPayloadOptions, type DecryptedSecretShare, EcdsaSigningAlgorithm, Ed25519SigningAlgorithm, type EncryptPayloadOptions, type EncryptedPayload, EncryptedPayloadCodec, EncryptionPurpose, type ErrorResponse, HKDF_SALT_SIZE, type HandshakeRequest, type HandshakeRequestData, HandshakeRequestSchema, type HandshakeRequestWire, type HandshakeResponse, type HandshakeResponseData, HandshakeResponseSchema, type HandshakeResponseWire, HandshakeV1RequestMessage, HandshakeV1ResponseMessage, type HashAlgorithm, type IMessage, type ISigningAlgorithm, type KeygenRequest, type KeygenRequestData, KeygenRequestSchema, type KeygenRequestWire, type KeygenResponse, type KeygenResponseData, KeygenResponseSchema, type KeygenResponseWire, KeygenV1RequestMessage, KeygenV1ResponseMessage, MessageRegistry, OptionalStringCodec, type ReceiveKeyRequest, type ReceiveKeyRequestData, ReceiveKeyRequestSchema, type ReceiveKeyRequestWire, type ReceiveKeyResponse, type ReceiveKeyResponseData, ReceiveKeyResponseSchema, type ReceiveKeyResponseWire, ReceiveKeyV1RequestMessage, ReceiveKeyV1ResponseMessage, SIGNING_ALGORITHM_CLASSES, SIGNING_ALGORITHM_INSTANCES, type SecretShareData, type SignMessageRequest, type SignMessageRequestData, SignMessageRequestSchema, type SignMessageRequestWire, type SignMessageResponse, type SignMessageResponseData, SignMessageResponseSchema, type SignMessageResponseWire, SignMessageV1RequestMessage, SignMessageV1ResponseMessage, SignatureAlgoSchema, type SigningAlgorithmName, type SigningAlgorithmSchemaFor, type AllSigningAlgorithmSchemas as SigningAlgorithmSchemas, type TraceContext, TraceContextCodec, Uint32ArrayCodec, Uint8ArrayCodec, WebSocketCloseCode, type WebSocketConnectionInfo, type WebSocketError, WebSocketErrorType, assertDefined, assertNotNull, createKeyDerivationInfo, createKeygenResultFromSecretShare, decapsulateMlKem768, decryptKeygenResult, decryptPayload, deriveAESKey, encapsulateMlKem768, encryptKeygenInit, encryptKeyshare, encryptPayload, fromDynamicSigningAlgorithm, generateMlKem768Keypair, getAllSupportedMessages, getDefined, getMessageClass, isValidMessageType, isValidSigningAlgorithm, messageRegistry, parseMessageKey, signingAlgorithmRegistry, toDynamicSigningAlgorithm };
1613
+ export { AES_256_GCM_KEY_SIZE, AES_256_GCM_NONCE_SIZE, AES_256_GCM_TAG_SIZE, ALGORITHMS, ALL_MESSAGE_CLASSES, ALL_MESSAGE_KEYS, ALL_SIGNING_ALGORITHM_NAMES, ALL_SIGNING_ALGORITHM_SCHEMA, type AllMessageTypes, type AllSigningAlgorithmSchemas, BIP340SigningAlgorithm, BaseMessage, BaseSigningAlgorithm, type BaseWebSocketMessage, BoundedIntCodec, type ConnectionAckRequest, type ConnectionAckRequestData, ConnectionAckRequestSchema, type ConnectionAckRequestWire, type ConnectionAckResponse, type ConnectionAckResponseData, ConnectionAckResponseSchema, type ConnectionAckResponseWire, ConnectionAckV1RequestMessage, ConnectionAckV1ResponseMessage, type DecryptPayloadOptions, type DecryptedSecretShare, EcdsaSigningAlgorithm, Ed25519SigningAlgorithm, type EncryptPayloadOptions, type EncryptedPayload, EncryptedPayloadCodec, EncryptionPurpose, type ErrorResponse, HKDF_SALT_SIZE, type HandshakeRequest, type HandshakeRequestData, HandshakeRequestSchema, type HandshakeRequestWire, type HandshakeResponse, type HandshakeResponseData, HandshakeResponseSchema, type HandshakeResponseWire, HandshakeV1RequestMessage, HandshakeV1ResponseMessage, type HashAlgorithm, type IMessage, type ISigningAlgorithm, type KeygenRequest, type KeygenRequestData, KeygenRequestSchema, type KeygenRequestWire, type KeygenResponse, type KeygenResponseData, KeygenResponseSchema, type KeygenResponseWire, KeygenV1RequestMessage, KeygenV1ResponseMessage, MAX_KEYGEN_PARTIES, MessageRegistry, OptionalStringCodec, type ReceiveKeyRequest, type ReceiveKeyRequestData, ReceiveKeyRequestSchema, type ReceiveKeyRequestWire, type ReceiveKeyResponse, type ReceiveKeyResponseData, ReceiveKeyResponseSchema, type ReceiveKeyResponseWire, ReceiveKeyV1RequestMessage, ReceiveKeyV1ResponseMessage, RelayDomainCodec, SIGNING_ALGORITHM_CLASSES, SIGNING_ALGORITHM_INSTANCES, type SecretShareData, type SignMessageRequest, type SignMessageRequestData, SignMessageRequestSchema, type SignMessageRequestWire, type SignMessageResponse, type SignMessageResponseData, SignMessageResponseSchema, type SignMessageResponseWire, SignMessageV1RequestMessage, SignMessageV1ResponseMessage, SignatureAlgoSchema, type SigningAlgorithmName, type SigningAlgorithmSchemaFor, type AllSigningAlgorithmSchemas as SigningAlgorithmSchemas, type TraceContext, TraceContextCodec, Uint32ArrayCodec, Uint8ArrayCodec, WebSocketCloseCode, type WebSocketConnectionInfo, type WebSocketError, WebSocketErrorType, assertDefined, assertNotNull, createKeyDerivationInfo, createKeygenResultFromSecretShare, decapsulateMlKem768, decryptKeygenResult, decryptPayload, deriveAESKey, encapsulateMlKem768, encryptKeygenInit, encryptKeyshare, encryptPayload, fromDynamicSigningAlgorithm, generateMlKem768Keypair, getAllSupportedMessages, getDefined, getMessageClass, isValidMessageType, isValidSigningAlgorithm, messageRegistry, parseMessageKey, signingAlgorithmRegistry, toDynamicSigningAlgorithm };
package/dist/index.d.ts CHANGED
@@ -108,6 +108,18 @@ declare const TraceContextCodec: io_ts.UnionC<[io_ts.PartialC<{
108
108
  */
109
109
  declare const OptionalStringCodec: io_ts.UnionC<[io_ts.StringC, io_ts.UndefinedC]>;
110
110
 
111
+ /**
112
+ * Creates an io-ts codec that validates an integer is within [min, max].
113
+ * Rejects non-integer numbers, NaN, and Infinity.
114
+ */
115
+ declare function BoundedIntCodec(name: string, min: number, max: number): Type<number, number, unknown>;
116
+
117
+ /**
118
+ * Validates a relay domain: must be a well-formed domain (via DomainCodec)
119
+ * AND must not resolve to a private/loopback/link-local address.
120
+ */
121
+ declare const RelayDomainCodec: Type<string, string, unknown>;
122
+
111
123
  /**
112
124
  * ReceiveKey Response Runtime Data
113
125
  */
@@ -191,9 +203,6 @@ interface ReceiveKeyRequestWire {
191
203
  environmentId?: string;
192
204
  traceContext?: TraceContext;
193
205
  }
194
- /**
195
- * ReceiveKey V1 Request Schema
196
- */
197
206
  declare const ReceiveKeyRequestSchema: io_ts.Type<any, any, unknown>;
198
207
  type ReceiveKeyRequest = TypeOf<typeof ReceiveKeyRequestSchema>;
199
208
  /**
@@ -267,6 +276,8 @@ declare const KeygenV1ResponseMessage: {
267
276
  }>;
268
277
  };
269
278
 
279
+ /** Upper bound for MPC party count — generous ceiling above any real ceremony. */
280
+ declare const MAX_KEYGEN_PARTIES = 10;
270
281
  /**
271
282
  * Keygen Request Runtime Data
272
283
  * Supports ECDSA and BIP340 algorithms only
@@ -1599,4 +1610,4 @@ declare class SigningAlgorithmRegistry {
1599
1610
  }
1600
1611
  declare const signingAlgorithmRegistry: SigningAlgorithmRegistry;
1601
1612
 
1602
- export { AES_256_GCM_KEY_SIZE, AES_256_GCM_NONCE_SIZE, AES_256_GCM_TAG_SIZE, ALGORITHMS, ALL_MESSAGE_CLASSES, ALL_MESSAGE_KEYS, ALL_SIGNING_ALGORITHM_NAMES, ALL_SIGNING_ALGORITHM_SCHEMA, type AllMessageTypes, type AllSigningAlgorithmSchemas, BIP340SigningAlgorithm, BaseMessage, BaseSigningAlgorithm, type BaseWebSocketMessage, type ConnectionAckRequest, type ConnectionAckRequestData, ConnectionAckRequestSchema, type ConnectionAckRequestWire, type ConnectionAckResponse, type ConnectionAckResponseData, ConnectionAckResponseSchema, type ConnectionAckResponseWire, ConnectionAckV1RequestMessage, ConnectionAckV1ResponseMessage, type DecryptPayloadOptions, type DecryptedSecretShare, EcdsaSigningAlgorithm, Ed25519SigningAlgorithm, type EncryptPayloadOptions, type EncryptedPayload, EncryptedPayloadCodec, EncryptionPurpose, type ErrorResponse, HKDF_SALT_SIZE, type HandshakeRequest, type HandshakeRequestData, HandshakeRequestSchema, type HandshakeRequestWire, type HandshakeResponse, type HandshakeResponseData, HandshakeResponseSchema, type HandshakeResponseWire, HandshakeV1RequestMessage, HandshakeV1ResponseMessage, type HashAlgorithm, type IMessage, type ISigningAlgorithm, type KeygenRequest, type KeygenRequestData, KeygenRequestSchema, type KeygenRequestWire, type KeygenResponse, type KeygenResponseData, KeygenResponseSchema, type KeygenResponseWire, KeygenV1RequestMessage, KeygenV1ResponseMessage, MessageRegistry, OptionalStringCodec, type ReceiveKeyRequest, type ReceiveKeyRequestData, ReceiveKeyRequestSchema, type ReceiveKeyRequestWire, type ReceiveKeyResponse, type ReceiveKeyResponseData, ReceiveKeyResponseSchema, type ReceiveKeyResponseWire, ReceiveKeyV1RequestMessage, ReceiveKeyV1ResponseMessage, SIGNING_ALGORITHM_CLASSES, SIGNING_ALGORITHM_INSTANCES, type SecretShareData, type SignMessageRequest, type SignMessageRequestData, SignMessageRequestSchema, type SignMessageRequestWire, type SignMessageResponse, type SignMessageResponseData, SignMessageResponseSchema, type SignMessageResponseWire, SignMessageV1RequestMessage, SignMessageV1ResponseMessage, SignatureAlgoSchema, type SigningAlgorithmName, type SigningAlgorithmSchemaFor, type AllSigningAlgorithmSchemas as SigningAlgorithmSchemas, type TraceContext, TraceContextCodec, Uint32ArrayCodec, Uint8ArrayCodec, WebSocketCloseCode, type WebSocketConnectionInfo, type WebSocketError, WebSocketErrorType, assertDefined, assertNotNull, createKeyDerivationInfo, createKeygenResultFromSecretShare, decapsulateMlKem768, decryptKeygenResult, decryptPayload, deriveAESKey, encapsulateMlKem768, encryptKeygenInit, encryptKeyshare, encryptPayload, fromDynamicSigningAlgorithm, generateMlKem768Keypair, getAllSupportedMessages, getDefined, getMessageClass, isValidMessageType, isValidSigningAlgorithm, messageRegistry, parseMessageKey, signingAlgorithmRegistry, toDynamicSigningAlgorithm };
1613
+ export { AES_256_GCM_KEY_SIZE, AES_256_GCM_NONCE_SIZE, AES_256_GCM_TAG_SIZE, ALGORITHMS, ALL_MESSAGE_CLASSES, ALL_MESSAGE_KEYS, ALL_SIGNING_ALGORITHM_NAMES, ALL_SIGNING_ALGORITHM_SCHEMA, type AllMessageTypes, type AllSigningAlgorithmSchemas, BIP340SigningAlgorithm, BaseMessage, BaseSigningAlgorithm, type BaseWebSocketMessage, BoundedIntCodec, type ConnectionAckRequest, type ConnectionAckRequestData, ConnectionAckRequestSchema, type ConnectionAckRequestWire, type ConnectionAckResponse, type ConnectionAckResponseData, ConnectionAckResponseSchema, type ConnectionAckResponseWire, ConnectionAckV1RequestMessage, ConnectionAckV1ResponseMessage, type DecryptPayloadOptions, type DecryptedSecretShare, EcdsaSigningAlgorithm, Ed25519SigningAlgorithm, type EncryptPayloadOptions, type EncryptedPayload, EncryptedPayloadCodec, EncryptionPurpose, type ErrorResponse, HKDF_SALT_SIZE, type HandshakeRequest, type HandshakeRequestData, HandshakeRequestSchema, type HandshakeRequestWire, type HandshakeResponse, type HandshakeResponseData, HandshakeResponseSchema, type HandshakeResponseWire, HandshakeV1RequestMessage, HandshakeV1ResponseMessage, type HashAlgorithm, type IMessage, type ISigningAlgorithm, type KeygenRequest, type KeygenRequestData, KeygenRequestSchema, type KeygenRequestWire, type KeygenResponse, type KeygenResponseData, KeygenResponseSchema, type KeygenResponseWire, KeygenV1RequestMessage, KeygenV1ResponseMessage, MAX_KEYGEN_PARTIES, MessageRegistry, OptionalStringCodec, type ReceiveKeyRequest, type ReceiveKeyRequestData, ReceiveKeyRequestSchema, type ReceiveKeyRequestWire, type ReceiveKeyResponse, type ReceiveKeyResponseData, ReceiveKeyResponseSchema, type ReceiveKeyResponseWire, ReceiveKeyV1RequestMessage, ReceiveKeyV1ResponseMessage, RelayDomainCodec, SIGNING_ALGORITHM_CLASSES, SIGNING_ALGORITHM_INSTANCES, type SecretShareData, type SignMessageRequest, type SignMessageRequestData, SignMessageRequestSchema, type SignMessageRequestWire, type SignMessageResponse, type SignMessageResponseData, SignMessageResponseSchema, type SignMessageResponseWire, SignMessageV1RequestMessage, SignMessageV1ResponseMessage, SignatureAlgoSchema, type SigningAlgorithmName, type SigningAlgorithmSchemaFor, type AllSigningAlgorithmSchemas as SigningAlgorithmSchemas, type TraceContext, TraceContextCodec, Uint32ArrayCodec, Uint8ArrayCodec, WebSocketCloseCode, type WebSocketConnectionInfo, type WebSocketError, WebSocketErrorType, assertDefined, assertNotNull, createKeyDerivationInfo, createKeygenResultFromSecretShare, decapsulateMlKem768, decryptKeygenResult, decryptPayload, deriveAESKey, encapsulateMlKem768, encryptKeygenInit, encryptKeyshare, encryptPayload, fromDynamicSigningAlgorithm, generateMlKem768Keypair, getAllSupportedMessages, getDefined, getMessageClass, isValidMessageType, isValidSigningAlgorithm, messageRegistry, parseMessageKey, signingAlgorithmRegistry, toDynamicSigningAlgorithm };
package/dist/index.js CHANGED
@@ -1,5 +1,5 @@
1
1
  import { either } from 'fp-ts';
2
- import { Type, failure, success, type, partial, number, string, union, undefined as _undefined, intersection, literal, identity, unknown, array } from 'io-ts';
2
+ import { Type, failure, success, type, partial, number, string, union, undefined as _undefined, identity, intersection, literal, unknown, array } from 'io-ts';
3
3
  import { hexToBytes, bytesToHex, randomBytes } from '@noble/hashes/utils.js';
4
4
  import { SigningAlgorithm } from '@dynamic-labs-wallet/primitives';
5
5
  import { ml_kem768 } from '@noble/post-quantum/ml-kem.js';
@@ -98,6 +98,57 @@ var OptionalStringCodec = union([
98
98
  string,
99
99
  _undefined
100
100
  ]);
101
+ function BoundedIntCodec(name, min, max) {
102
+ return new Type(name, (u) => typeof u === "number" && Number.isInteger(u) && u >= min && u <= max, (u, c) => {
103
+ if (typeof u !== "number") {
104
+ return failure(u, c, `${name}: expected a number`);
105
+ }
106
+ if (!Number.isInteger(u)) {
107
+ return failure(u, c, `${name}: expected an integer`);
108
+ }
109
+ if (u < min || u > max) {
110
+ return failure(u, c, `${name}: value ${u} out of range [${min}, ${max}]`);
111
+ }
112
+ return success(u);
113
+ }, (a) => a);
114
+ }
115
+ __name(BoundedIntCodec, "BoundedIntCodec");
116
+ var DomainCodec = new Type("DomainCodec", (u) => typeof u === "string", (u, c) => {
117
+ if (typeof u !== "string") {
118
+ return failure(u, c, "Value must be a string");
119
+ }
120
+ const domainPattern = /^[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*(?::\d{1,5})?$/;
121
+ if (!domainPattern.test(u)) {
122
+ return failure(u, c, "Invalid domain format");
123
+ }
124
+ return success(u);
125
+ }, identity);
126
+
127
+ // src/codecs/RelayDomainCodec.ts
128
+ var BLOCKED_PATTERNS = [
129
+ /^localhost(:\d+)?$/i,
130
+ /^127\.\d{1,3}\.\d{1,3}\.\d{1,3}(:\d+)?$/,
131
+ /^0\.0\.0\.0(:\d+)?$/,
132
+ /^10\.\d{1,3}\.\d{1,3}\.\d{1,3}(:\d+)?$/,
133
+ /^172\.(1[6-9]|2\d|3[01])\.\d{1,3}\.\d{1,3}(:\d+)?$/,
134
+ /^192\.168\.\d{1,3}\.\d{1,3}(:\d+)?$/,
135
+ /^169\.254\.\d{1,3}\.\d{1,3}(:\d+)?$/,
136
+ /^\[::1\](:\d+)?$/,
137
+ /^\[fd[0-9a-f]{2}:/i,
138
+ /^\[fe80:/i,
139
+ /^instance-data\.ec2\.internal(:\d+)?$/i
140
+ ];
141
+ var RelayDomainCodec = new Type("RelayDomainCodec", (u) => typeof u === "string", (u, c) => {
142
+ const base = DomainCodec.decode(u);
143
+ if (base._tag === "Left") return base;
144
+ const domain = base.right;
145
+ for (const pattern of BLOCKED_PATTERNS) {
146
+ if (pattern.test(domain)) {
147
+ return failure(u, c, "Relay domain must not be a private, loopback, or link-local address");
148
+ }
149
+ }
150
+ return success(domain);
151
+ }, identity);
101
152
  function buildMessageSchema(messageType, version, additionalFields = {}, ...additionalSchemas) {
102
153
  const schema = type({
103
154
  type: literal(messageType),
@@ -435,16 +486,6 @@ var WebSocketCloseCode = {
435
486
  /** Abnormal closure — no close frame (network drop, etc.). */
436
487
  ABNORMAL: 1006
437
488
  };
438
- var DomainCodec = new Type("DomainCodec", (u) => typeof u === "string", (u, c) => {
439
- if (typeof u !== "string") {
440
- return failure(u, c, "Value must be a string");
441
- }
442
- const domainPattern = /^[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*(?::\d{1,5})?$/;
443
- if (!domainPattern.test(u)) {
444
- return failure(u, c, "Invalid domain format");
445
- }
446
- return success(u);
447
- }, identity);
448
489
  var Uint8ArrayOrHexCodec = new Type(
449
490
  "Uint8ArrayOrHex",
450
491
  (u) => u instanceof Uint8Array,
@@ -477,7 +518,7 @@ var Uint8ArrayOrHexCodec = new Type(
477
518
 
478
519
  // src/messages/SignMessageV1Request.ts
479
520
  var SignMessageRequestSchema = buildMessageSchema("signMessage", 1, {
480
- relayDomain: DomainCodec,
521
+ relayDomain: RelayDomainCodec,
481
522
  keyshare: EncryptedPayloadCodec,
482
523
  message: Uint8ArrayOrHexCodec,
483
524
  roomUuid: string,
@@ -565,11 +606,14 @@ var ConnectionAckV1ResponseMessage = createSimpleMessage({
565
606
  version: 1,
566
607
  schema: ConnectionAckResponseSchema
567
608
  });
609
+ var MAX_KEYGEN_PARTIES = 10;
610
+ var NumPartiesCodec = BoundedIntCodec("numParties", 2, MAX_KEYGEN_PARTIES);
611
+ var ThresholdCodec = BoundedIntCodec("threshold", 1, MAX_KEYGEN_PARTIES);
568
612
  var BaseKeygenParamsCodec = type({
569
- relayDomain: DomainCodec,
613
+ relayDomain: RelayDomainCodec,
570
614
  roomUuid: string,
571
- numParties: number,
572
- threshold: number,
615
+ numParties: NumPartiesCodec,
616
+ threshold: ThresholdCodec,
573
617
  keygenInit: EncryptedPayloadCodec,
574
618
  keygenIds: array(string),
575
619
  userId: OptionalStringCodec,
@@ -589,10 +633,10 @@ var KeygenAlgoParamsCodec = union([
589
633
  BIP340KeygenParamsCodec
590
634
  ]);
591
635
  var KeygenRequestSchema = buildMessageSchema("keygen", 1, {
592
- relayDomain: DomainCodec,
636
+ relayDomain: RelayDomainCodec,
593
637
  roomUuid: string,
594
- numParties: number,
595
- threshold: number,
638
+ numParties: NumPartiesCodec,
639
+ threshold: ThresholdCodec,
596
640
  keygenInit: EncryptedPayloadCodec,
597
641
  keygenIds: array(string),
598
642
  userId: OptionalStringCodec,
@@ -642,12 +686,14 @@ var KeygenV1ResponseMessage = createStandardMessage({
642
686
  error: decoded.error
643
687
  }))
644
688
  });
689
+ var NumPartiesCodec2 = BoundedIntCodec("numParties", 2, MAX_KEYGEN_PARTIES);
690
+ var ThresholdCodec2 = BoundedIntCodec("threshold", 1, MAX_KEYGEN_PARTIES);
645
691
  var ReceiveKeyRequestSchema = buildMessageSchema("receiveKey", 1, {
646
- relayDomain: DomainCodec,
692
+ relayDomain: RelayDomainCodec,
647
693
  signingAlgo: literal("ed25519"),
648
694
  roomUuid: string,
649
- numParties: number,
650
- threshold: number,
695
+ numParties: NumPartiesCodec2,
696
+ threshold: ThresholdCodec2,
651
697
  keygenInit: EncryptedPayloadCodec,
652
698
  keygenIds: array(string),
653
699
  userId: OptionalStringCodec,
@@ -1019,6 +1065,6 @@ var SigningAlgorithmRegistry = class SigningAlgorithmRegistry2 {
1019
1065
  };
1020
1066
  var signingAlgorithmRegistry = new SigningAlgorithmRegistry();
1021
1067
 
1022
- export { AES_256_GCM_KEY_SIZE, AES_256_GCM_NONCE_SIZE, AES_256_GCM_TAG_SIZE, ALGORITHMS, ALL_MESSAGE_CLASSES, ALL_MESSAGE_KEYS, ALL_SIGNING_ALGORITHM_NAMES, ALL_SIGNING_ALGORITHM_SCHEMA, BIP340SigningAlgorithm, BaseMessage, BaseSigningAlgorithm, ConnectionAckRequestSchema, ConnectionAckResponseSchema, ConnectionAckV1RequestMessage, ConnectionAckV1ResponseMessage, EcdsaSigningAlgorithm, Ed25519SigningAlgorithm, EncryptedPayloadCodec, EncryptionPurpose, HKDF_SALT_SIZE, HandshakeRequestSchema, HandshakeResponseSchema, HandshakeV1RequestMessage, HandshakeV1ResponseMessage, KeygenRequestSchema, KeygenResponseSchema, KeygenV1RequestMessage, KeygenV1ResponseMessage, MessageRegistry, OptionalStringCodec, ReceiveKeyRequestSchema, ReceiveKeyResponseSchema, ReceiveKeyV1RequestMessage, ReceiveKeyV1ResponseMessage, SIGNING_ALGORITHM_CLASSES, SIGNING_ALGORITHM_INSTANCES, SignMessageRequestSchema, SignMessageResponseSchema, SignMessageV1RequestMessage, SignMessageV1ResponseMessage, SignatureAlgoSchema, TraceContextCodec, Uint32ArrayCodec, Uint8ArrayCodec, WebSocketCloseCode, WebSocketErrorType, assertDefined, assertNotNull, createKeyDerivationInfo, createKeygenResultFromSecretShare, decapsulateMlKem768, decryptKeygenResult, decryptPayload, deriveAESKey, encapsulateMlKem768, encryptKeygenInit, encryptKeyshare, encryptPayload, fromDynamicSigningAlgorithm, generateMlKem768Keypair, getAllSupportedMessages, getDefined, getMessageClass, isValidMessageType, isValidSigningAlgorithm, messageRegistry, parseMessageKey, signingAlgorithmRegistry, toDynamicSigningAlgorithm };
1068
+ export { AES_256_GCM_KEY_SIZE, AES_256_GCM_NONCE_SIZE, AES_256_GCM_TAG_SIZE, ALGORITHMS, ALL_MESSAGE_CLASSES, ALL_MESSAGE_KEYS, ALL_SIGNING_ALGORITHM_NAMES, ALL_SIGNING_ALGORITHM_SCHEMA, BIP340SigningAlgorithm, BaseMessage, BaseSigningAlgorithm, BoundedIntCodec, ConnectionAckRequestSchema, ConnectionAckResponseSchema, ConnectionAckV1RequestMessage, ConnectionAckV1ResponseMessage, EcdsaSigningAlgorithm, Ed25519SigningAlgorithm, EncryptedPayloadCodec, EncryptionPurpose, HKDF_SALT_SIZE, HandshakeRequestSchema, HandshakeResponseSchema, HandshakeV1RequestMessage, HandshakeV1ResponseMessage, KeygenRequestSchema, KeygenResponseSchema, KeygenV1RequestMessage, KeygenV1ResponseMessage, MAX_KEYGEN_PARTIES, MessageRegistry, OptionalStringCodec, ReceiveKeyRequestSchema, ReceiveKeyResponseSchema, ReceiveKeyV1RequestMessage, ReceiveKeyV1ResponseMessage, RelayDomainCodec, SIGNING_ALGORITHM_CLASSES, SIGNING_ALGORITHM_INSTANCES, SignMessageRequestSchema, SignMessageResponseSchema, SignMessageV1RequestMessage, SignMessageV1ResponseMessage, SignatureAlgoSchema, TraceContextCodec, Uint32ArrayCodec, Uint8ArrayCodec, WebSocketCloseCode, WebSocketErrorType, assertDefined, assertNotNull, createKeyDerivationInfo, createKeygenResultFromSecretShare, decapsulateMlKem768, decryptKeygenResult, decryptPayload, deriveAESKey, encapsulateMlKem768, encryptKeygenInit, encryptKeyshare, encryptPayload, fromDynamicSigningAlgorithm, generateMlKem768Keypair, getAllSupportedMessages, getDefined, getMessageClass, isValidMessageType, isValidSigningAlgorithm, messageRegistry, parseMessageKey, signingAlgorithmRegistry, toDynamicSigningAlgorithm };
1023
1069
  //# sourceMappingURL=index.js.map
1024
1070
  //# sourceMappingURL=index.js.map