@freedomofpress/cometbft 0.1.0

package/src/tests/lightclient.test.ts

@@ -0,0 +1,317 @@
+import { describe, expect, it } from "vitest";
+
+import { importCommit } from "../commit";
+import {
+  base64ToUint8Array,
+  Uint8ArrayToBase64,
+  Uint8ArrayToHex,
+} from "../encoding";
+import { verifyCommit } from "../lightclient";
+import type { CommitJson, ValidatorJson } from "../types";
+import { importValidators } from "../validators";
+import commitFixture from "./fixtures/commit-12.json";
+import validatorsFixture from "./fixtures/validators-12.json";
+
+function clone<T>(x: T): T {
+  return JSON.parse(JSON.stringify(x));
+}
+
+describe("lightclient.verifyCommit", () => {
+  it("verifies a valid commit against the validator set", async () => {
+    const vResp = validatorsFixture as unknown as ValidatorJson;
+    const cResp = commitFixture as unknown as CommitJson;
+
+    const { proto: vset, cryptoIndex } = await importValidators(vResp);
+    const sh = importCommit(cResp);
+
+    const out = await verifyCommit(sh, vset, cryptoIndex);
+
+    expect(out.quorum).toBe(true);
+    expect(out.ok).toBe(true);
+    expect(out.signedPower > 0n).toBe(true);
+    expect(out.signedPower <= out.totalPower).toBe(true);
+    expect(out.headerTime).toBeDefined();
+    expect(out.appHash instanceof Uint8Array).toBe(true);
+    expect(out.blockIdHash instanceof Uint8Array).toBe(true);
+    expect(out.unknownValidators.length).toBe(0);
+    expect(out.invalidSignatures.length).toBe(0);
+    expect(out.countedSignatures).toBeGreaterThan(0);
+  });
+
+  it("fails quorum and invalidates all signatures when block_id.hash is tampered", async () => {
+    const vResp = validatorsFixture as unknown as ValidatorJson;
+    const { proto: vset, cryptoIndex } = await importValidators(vResp);
+
+    const badCommit = clone(commitFixture) as any;
+    const h: string = badCommit.signed_header.commit.block_id.hash;
+    badCommit.signed_header.commit.block_id.hash =
+      h.slice(0, -2) + (h.slice(-2) === "00" ? "01" : "00");
+
+    const sh = importCommit(badCommit as CommitJson);
+    const out = await verifyCommit(sh, vset, cryptoIndex);
+
+    expect(out.quorum).toBe(false);
+    expect(out.invalidSignatures.length).toBe(out.countedSignatures);
+    expect(out.ok).toBe(false);
+  });
+
+  it("drops below 2/3 quorum when two votes are ABSENT", async () => {
+    const vResp = validatorsFixture as unknown as ValidatorJson;
+    const { proto: vset, cryptoIndex } = await importValidators(vResp);
+
+    const lowPower = clone(commitFixture) as any;
+    for (let i = 0; i < 2; i++) {
+      lowPower.signed_header.commit.signatures[i].block_id_flag = 1;
+      lowPower.signed_header.commit.signatures[i].signature = "";
+    }
+
+    const sh = importCommit(lowPower as CommitJson);
+    const out = await verifyCommit(sh, vset, cryptoIndex);
+
+    expect(out.quorum).toBe(false);
+    expect(out.ok).toBe(false);
+    expect(out.invalidSignatures.length).toBe(0);
+  });
+
+  it("keeps quorum when one signature is corrupted and reports it as invalid", async () => {
+    const vResp = validatorsFixture as unknown as ValidatorJson;
+    const { proto: vset, cryptoIndex } = await importValidators(vResp);
+
+    const badSigResp = clone(commitFixture) as any;
+    const sigB64: string =
+      badSigResp.signed_header.commit.signatures[0].signature;
+    const sigBytes = base64ToUint8Array(sigB64);
+    sigBytes[0] ^= 0x01;
+    badSigResp.signed_header.commit.signatures[0].signature =
+      Uint8ArrayToBase64(sigBytes);
+
+    const sh = importCommit(badSigResp as CommitJson);
+    const out = await verifyCommit(sh, vset, cryptoIndex);
+
+    expect(out.quorum).toBe(true);
+    expect(out.invalidSignatures.length).toBe(1);
+    expect(out.ok).toBe(true);
+  });
+
+  it("adds 0 power when a validator's votingPower is undefined but signature is valid", async () => {
+    const vResp = validatorsFixture as unknown as ValidatorJson;
+    const { proto: vset, cryptoIndex } = await importValidators(vResp);
+    const sh = importCommit(commitFixture as unknown as CommitJson);
+
+    const vsetZeroOne = {
+      validators: vset.validators.map((vv, i) =>
+        i === 0 ? { ...vv, votingPower: undefined as any } : vv,
+      ),
+      proposer: vset.proposer,
+      totalVotingPower: vset.totalVotingPower, // still 4n
+    } as any;
+
+    const out = await verifyCommit(sh, vsetZeroOne, cryptoIndex);
+
+    expect(out.countedSignatures).toBe(4);
+    expect(out.invalidSignatures.length).toBe(0);
+    expect(out.signedPower).toBe(out.totalPower - 1n); // 3n of 4n
+    expect(out.quorum).toBe(true);
+    expect(out.ok).toBe(true);
+  });
+
+  it("throws when SignedHeader is missing header/commit", async () => {
+    const vResp = validatorsFixture as unknown as ValidatorJson;
+    const { proto: vset, cryptoIndex } = await importValidators(vResp);
+    const sh = importCommit(commitFixture as unknown as CommitJson);
+
+    delete (sh as any).header;
+    await expect(verifyCommit(sh as any, vset, cryptoIndex)).rejects.toThrow(
+      /SignedHeader missing header\/commit/i,
+    );
+  });
+
+  it("throws on header/commit height mismatch", async () => {
+    const vResp = validatorsFixture as unknown as ValidatorJson;
+    const { proto: vset, cryptoIndex } = await importValidators(vResp);
+    const sh = importCommit(commitFixture as unknown as CommitJson);
+    (sh.commit as any).height = 13n;
+    await expect(verifyCommit(sh, vset, cryptoIndex)).rejects.toThrow(
+      /height mismatch/i,
+    );
+  });
+
+  it("throws when validator set is empty", async () => {
+    const vResp = validatorsFixture as unknown as ValidatorJson;
+    const { proto: vset0, cryptoIndex } = await importValidators(vResp);
+    const sh = importCommit(commitFixture as unknown as CommitJson);
+    const vset = { ...vset0, validators: [] };
+    await expect(verifyCommit(sh, vset, cryptoIndex)).rejects.toThrow(
+      /no validators/i,
+    );
+  });
+
+  it("throws when validator set totalVotingPower is missing (defaults to 0n)", async () => {
+    const vResp = validatorsFixture as unknown as ValidatorJson;
+    const { proto: vset, cryptoIndex } = await importValidators(vResp);
+    const sh = importCommit(commitFixture as unknown as CommitJson);
+
+    const vsetMissing = {
+      validators: vset.validators,
+      proposer: vset.proposer,
+      totalVotingPower: undefined as any, // triggers ?? 0n path
+    } as any;
+
+    await expect(verifyCommit(sh, vsetMissing, cryptoIndex)).rejects.toThrow(
+      /total power must be positive/i,
+    );
+  });
+
+  it("throws when total voting power is non-positive", async () => {
+    const vResp = validatorsFixture as unknown as ValidatorJson;
+    const { proto: vset0, cryptoIndex } = await importValidators(vResp);
+    const sh = importCommit(commitFixture as unknown as CommitJson);
+    const vset = { ...vset0, totalVotingPower: 0n };
+    await expect(verifyCommit(sh, vset, cryptoIndex)).rejects.toThrow(
+      /total power/i,
+    );
+  });
+
+  it("throws on duplicate validator address in the set", async () => {
+    const vResp = validatorsFixture as unknown as ValidatorJson;
+    const { proto: vset0, cryptoIndex } = await importValidators(vResp);
+    const sh = importCommit(commitFixture as unknown as CommitJson);
+    const dup = vset0.validators[0];
+    const vset = { ...vset0, validators: [...vset0.validators, dup] };
+    await expect(verifyCommit(sh, vset, cryptoIndex)).rejects.toThrow(
+      /duplicate validator address/i,
+    );
+  });
+
+  it("throws when commit BlockID is missing", async () => {
+    const vResp = validatorsFixture as unknown as ValidatorJson;
+    const { proto: vset, cryptoIndex } = await importValidators(vResp);
+    const sh = importCommit(commitFixture as unknown as CommitJson);
+    (sh.commit as any).blockId = undefined;
+    await expect(verifyCommit(sh, vset, cryptoIndex)).rejects.toThrow(
+      /missing blockid/i,
+    );
+  });
+
+  it("throws when PartSetHeader is missing or malformed", async () => {
+    const vResp = validatorsFixture as unknown as ValidatorJson;
+    const { proto: vset, cryptoIndex } = await importValidators(vResp);
+
+    const sh1 = importCommit(commitFixture as unknown as CommitJson);
+    (sh1.commit!.blockId as any).partSetHeader = undefined;
+    await expect(verifyCommit(sh1, vset, cryptoIndex)).rejects.toThrow(
+      /partsetheader is missing/i,
+    );
+
+    const sh2 = importCommit(commitFixture as unknown as CommitJson);
+    (sh2.commit!.blockId!.partSetHeader as any).hash = new Uint8Array(0);
+    await expect(verifyCommit(sh2, vset, cryptoIndex)).rejects.toThrow(
+      /partsetheader hash is missing/i,
+    );
+  });
+
+  it("throws when PartSetHeader.total is invalid", async () => {
+    const vResp = validatorsFixture as unknown as ValidatorJson;
+    const { proto: vset, cryptoIndex } = await importValidators(vResp);
+    const sh = importCommit(commitFixture as unknown as CommitJson);
+    (sh.commit!.blockId!.partSetHeader as any).total = -1;
+    await expect(verifyCommit(sh, vset, cryptoIndex)).rejects.toThrow(
+      /total is invalid/i,
+    );
+  });
+
+  it("collects unknown validator addresses without counting them", async () => {
+    const vResp = validatorsFixture as unknown as ValidatorJson;
+    const { proto: vset, cryptoIndex } = await importValidators(vResp);
+    const sh = importCommit(commitFixture as unknown as CommitJson);
+
+    const u = new Uint8Array(20);
+    u.fill(0xff);
+    sh.commit!.signatures[0].validatorAddress = u;
+
+    const out = await verifyCommit(sh, vset, cryptoIndex);
+
+    expect(out.quorum).toBe(true);
+    expect(out.ok).toBe(true);
+    expect(out.unknownValidators.length).toBe(1);
+    expect(out.invalidSignatures.length).toBe(0);
+    expect(out.countedSignatures).toBe(3);
+  });
+
+  it("marks a COMMIT with empty signature as invalid and does not count it", async () => {
+    const vResp = validatorsFixture as unknown as ValidatorJson;
+    const { proto: vset, cryptoIndex } = await importValidators(vResp);
+    const sh = importCommit(commitFixture as unknown as CommitJson);
+
+    sh.commit!.signatures[1].signature = new Uint8Array(0);
+
+    const out = await verifyCommit(sh, vset, cryptoIndex);
+
+    expect(out.invalidSignatures.length).toBe(1);
+    expect(out.countedSignatures).toBe(3);
+    expect(out.quorum).toBe(true);
+    expect(out.ok).toBe(true);
+  });
+
+  it("keeps quorum when one verify() call throws (caught) and marks that vote invalid", async () => {
+    const vResp = validatorsFixture as unknown as ValidatorJson;
+    const { proto: vset, cryptoIndex } = await importValidators(vResp);
+    const sh = importCommit(commitFixture as unknown as CommitJson);
+
+    const originalVerify = crypto.subtle.verify.bind(crypto.subtle) as (
+      ...args: Parameters<SubtleCrypto["verify"]>
+    ) => ReturnType<SubtleCrypto["verify"]>;
+
+    let calls = 0;
+
+    (crypto.subtle as any).verify = (
+      ...args: Parameters<SubtleCrypto["verify"]>
+    ): ReturnType<SubtleCrypto["verify"]> => {
+      calls += 1;
+      if (calls === 1) {
+        return Promise.reject(new Error("forced verify error")) as ReturnType<
+          SubtleCrypto["verify"]
+        >;
+      }
+      return originalVerify(...args);
+    };
+
+    try {
+      const out = await verifyCommit(sh, vset, cryptoIndex);
+      expect(out.quorum).toBe(true);
+      expect(out.ok).toBe(true);
+      expect(out.invalidSignatures.length).toBe(1);
+      expect(out.countedSignatures).toBe(4);
+    } finally {
+      (crypto.subtle as any).verify = originalVerify;
+    }
+  });
+
+  it("treats a known validator without a crypto key as invalid but still counts the vote attempt", async () => {
+    const vResp = validatorsFixture as unknown as ValidatorJson;
+    const { proto: vset, cryptoIndex } = await importValidators(vResp);
+    const sh = importCommit(commitFixture as unknown as CommitJson);
+
+    const addrHex = Uint8ArrayToHex(
+      sh.commit!.signatures[0].validatorAddress,
+    ).toUpperCase();
+    cryptoIndex.delete(addrHex);
+
+    const out = await verifyCommit(sh, vset, cryptoIndex);
+
+    expect(out.quorum).toBe(true);
+    expect(out.ok).toBe(true);
+    expect(out.invalidSignatures.includes(addrHex)).toBe(true);
+    expect(out.countedSignatures).toBe(4);
+  });
+
+  it("throws when BlockID hash is empty", async () => {
+    const vResp = validatorsFixture as unknown as ValidatorJson;
+    const { proto: vset, cryptoIndex } = await importValidators(vResp);
+    const sh = importCommit(commitFixture as unknown as CommitJson);
+    (sh.commit!.blockId as any).hash = new Uint8Array(0);
+    await expect(verifyCommit(sh, vset, cryptoIndex)).rejects.toThrow(
+      /blockid hash is missing/i,
+    );
+  });
+});

package/src/tests/validators.test.ts

@@ -0,0 +1,238 @@
+import { describe, expect, it } from "vitest";
+
+import {
+  base64ToUint8Array,
+  Uint8ArrayToBase64,
+  Uint8ArrayToHex,
+} from "../encoding";
+import type { ValidatorJson } from "../types";
+import { importValidators } from "../validators";
+import validatorsFixture from "./fixtures/validators-12.json";
+
+/* eslint-disable @typescript-eslint/no-explicit-any */
+
+async function sha256(u8: Uint8Array): Promise<Uint8Array> {
+  const buf = await crypto.subtle.digest("SHA-256", new Uint8Array(u8));
+  return new Uint8Array(buf);
+}
+
+function filledBytes(seed: number, len = 32): Uint8Array {
+  const u = new Uint8Array(len);
+  u.fill(seed & 0xff);
+  // small variation so different seeds give different keys
+  if (len > 0) u[0] = (seed * 17) & 0xff;
+  if (len > 1) u[len - 1] = (seed * 29) & 0xff;
+  return u;
+}
+
+async function makeValidatorEntry(
+  pub: Uint8Array,
+  power: number,
+  opts?: { lowercaseAddr?: boolean; keyType?: string },
+) {
+  const keyType = opts?.keyType ?? "tendermint/PubKeyEd25519";
+  const addr = Uint8ArrayToHex((await sha256(pub)).slice(0, 20));
+  return {
+    address: opts?.lowercaseAddr ? addr : addr.toUpperCase(),
+    pub_key: { type: keyType, value: Uint8ArrayToBase64(pub) },
+    voting_power: String(power),
+    proposer_priority: "0",
+  };
+}
+
+function makeResponse(
+  entries: any[],
+  height = "12",
+  countOverride?: string,
+  totalOverride?: string,
+): ValidatorJson {
+  const count = countOverride ?? String(entries.length);
+  const total = totalOverride ?? String(entries.length);
+  return {
+    block_height: height,
+    validators: entries,
+    count,
+    total,
+  };
+}
+// ---------------------- tests -------------------------
+
+describe("importValidators (browser crypto)", () => {
+  it("happy path: imports full single-page set and sums power", async () => {
+    const v1 = await makeValidatorEntry(filledBytes(1), 1);
+    const v2 = await makeValidatorEntry(filledBytes(2), 2);
+    const v3 = await makeValidatorEntry(filledBytes(3), 3);
+    const v4 = await makeValidatorEntry(filledBytes(4), 4);
+    const resp = makeResponse([v1, v2, v3, v4], "42");
+
+    const out = await importValidators(resp);
+
+    expect(out.proto.validators).toHaveLength(4);
+    expect(out.proto.totalVotingPower).toBe(10n); // 1+2+3+4
+
+    // cryptoIndex should have 4 entries keyed by uppercase hex
+    expect(out.cryptoIndex.size).toBe(4);
+    for (const [addrHex, key] of out.cryptoIndex.entries()) {
+      expect(addrHex).toMatch(/^[0-9A-F]{40}$/);
+      expect(key.type).toBe("public");
+      expect((key.algorithm as EcKeyAlgorithm).name).toBe("Ed25519");
+      expect(key.usages).toEqual(["verify"]);
+      expect(key.extractable).toBe(false);
+    }
+
+    // proto validators should have bytes + bigint fields
+    for (const pv of out.proto.validators) {
+      expect(pv.address instanceof Uint8Array).toBe(true);
+      expect(pv.address.length).toBe(20);
+      expect(typeof pv.votingPower).toBe("bigint");
+      expect(pv.votingPower).toBeGreaterThanOrEqual(1n);
+      expect(pv.pubKeyType).toBe("ed25519");
+      expect(pv.pubKeyBytes instanceof Uint8Array).toBe(true);
+      expect(pv.pubKeyBytes.length).toBe(32);
+    }
+  });
+
+  it("accepts lowercase input addresses but normalizes keys to uppercase in cryptoIndex", async () => {
+    const v1 = await makeValidatorEntry(filledBytes(10), 1, {
+      lowercaseAddr: true,
+    });
+    const v2 = await makeValidatorEntry(filledBytes(11), 1, {
+      lowercaseAddr: true,
+    });
+    const resp = makeResponse([v1, v2], "99");
+
+    const out = await importValidators(resp);
+
+    // Derive expected addresses (uppercase) from pubkeys and confirm present in cryptoIndex
+    for (const e of resp.validators) {
+      const pubRaw = base64ToUint8Array(e.pub_key.value);
+      const derived = Uint8ArrayToHex(
+        (await sha256(pubRaw)).slice(0, 20),
+      ).toUpperCase();
+      expect(out.cryptoIndex.has(derived)).toBe(true);
+    }
+  });
+
+  it("throws when validators array is empty", async () => {
+    const resp = {
+      jsonrpc: "2.0",
+      id: -1,
+      result: {
+        block_height: "12",
+        validators: [], // <-- empty
+        count: "0",
+        total: "0",
+      },
+    } as any;
+
+    await expect(importValidators(resp)).rejects.toThrow(/Missing validators/i);
+  });
+
+  it("throws on invalid address (wrong length/format)", async () => {
+    const pub = filledBytes(1);
+    const good = await makeValidatorEntry(pub, 1);
+    const bad = { ...good, address: good.address.slice(0, 39) }; // 39 chars
+    const resp = makeResponse([bad, good], "7");
+    await expect(importValidators(resp)).rejects.toThrow(/address.*40/i);
+  });
+
+  it("throws on invalid pub_key object", async () => {
+    const v1 = await makeValidatorEntry(filledBytes(1), 1);
+    const bad = { ...v1, pub_key: { type: "tendermint/PubKeyEd25519" } }; // missing value
+    const resp = makeResponse([bad, v1], "7");
+    await expect(importValidators(resp)).rejects.toThrow(
+      /key object is invalid/i,
+    );
+  });
+
+  it("throws on unsupported pub_key.type", async () => {
+    const bad = await makeValidatorEntry(filledBytes(1), 1, {
+      keyType: "tendermint/PubKeySecp256k1",
+    });
+    const v2 = await makeValidatorEntry(filledBytes(2), 1);
+    const resp = makeResponse([bad, v2], "7");
+    await expect(importValidators(resp)).rejects.toThrow(/unsupported/i);
+  });
+
+  it("throws on wrong pubkey length (31 bytes)", async () => {
+    const pub31 = filledBytes(5, 31); // 31 bytes
+    const vBad = await makeValidatorEntry(pub31, 1);
+    const v2 = await makeValidatorEntry(filledBytes(2), 1);
+    const resp = makeResponse([vBad, v2], "7");
+    await expect(importValidators(resp)).rejects.toThrow();
+  });
+
+  it("throws on address/pubkey mismatch", async () => {
+    const v1 = await makeValidatorEntry(filledBytes(1), 1);
+    const v2 = await makeValidatorEntry(filledBytes(2), 1);
+    (v2 as any).address = v1.address; // duplicate/mismatch
+    const resp = makeResponse([v1, v2], "7");
+    await expect(importValidators(resp)).rejects.toThrow(
+      /does not match its public key|mismatch/i,
+    );
+  });
+
+  it("throws on duplicate address", async () => {
+    const pub = filledBytes(9);
+    const v1 = await makeValidatorEntry(pub, 1);
+    const v2 = await makeValidatorEntry(pub, 1); // same address
+    const resp = makeResponse([v1, v2], "7");
+    await expect(importValidators(resp)).rejects.toThrow(/Duplicate entry/i);
+  });
+
+  it("throws on invalid voting power (non-integer / <1)", async () => {
+    const v1 = await makeValidatorEntry(filledBytes(1), 0); // invalid: zero
+    const v2 = await makeValidatorEntry(filledBytes(2), 1);
+    const resp = makeResponse([v1, v2], "7");
+    await expect(importValidators(resp)).rejects.toThrow(
+      /Invalid voting power/i,
+    );
+  });
+});
+
+describe("validators fixture:", () => {
+  it("derives address as SHA-256(pubkey)[0..20] (uppercased)", async () => {
+    const resp = validatorsFixture as unknown as ValidatorJson;
+
+    for (const entry of resp.validators) {
+      const pubRaw = base64ToUint8Array(entry.pub_key.value);
+      const derived = Uint8ArrayToHex(
+        (await sha256(pubRaw)).slice(0, 20),
+      ).toUpperCase();
+      expect(derived).toBe(entry.address.toUpperCase());
+    }
+  });
+
+  it("imports Ed25519 keys and fills proto validators correctly", async () => {
+    const resp = validatorsFixture as unknown as ValidatorJson;
+
+    const out = await importValidators(resp);
+
+    expect(out.proto.validators).toHaveLength(4);
+    expect(out.proto.totalVotingPower).toBe(4n);
+
+    // cryptoIndex: correct WebCrypto attributes
+    for (const key of out.cryptoIndex.values()) {
+      expect(key.type).toBe("public");
+      expect((key.algorithm as EcKeyAlgorithm).name).toBe("Ed25519");
+      expect(key.usages).toEqual(["verify"]);
+      expect(key.extractable).toBe(false);
+      await expect(crypto.subtle.exportKey("raw", key)).rejects.toBeTruthy();
+    }
+
+    // proto validators content matches derived bytes
+    for (const e of resp.validators) {
+      const pubRaw = base64ToUint8Array(e.pub_key.value);
+      const sha = await sha256(pubRaw);
+      const addr20 = sha.slice(0, 20);
+
+      const match = out.proto.validators.find(
+        (pv) => Uint8ArrayToHex(pv.address) === Uint8ArrayToHex(addr20),
+      );
+      expect(match).toBeTruthy();
+      expect(match!.pubKeyType).toBe("ed25519");
+      expect(Uint8ArrayToHex(match!.pubKeyBytes)).toBe(Uint8ArrayToHex(pubRaw));
+      expect(match!.votingPower).toBe(1n);
+    }
+  });
+});

package/src/tests/webcat.test.ts

@@ -0,0 +1,114 @@
+import { describe, expect, it } from "vitest";
+
+import { importCommit } from "../commit";
+import { Uint8ArrayToBase64, Uint8ArrayToHex } from "../encoding";
+import { verifyCommit } from "../lightclient";
+import type { CommitJson, ValidatorJson } from "../types";
+import { importValidators } from "../validators";
+import blockFixture from "./fixtures/webcat.json";
+
+function clone<T>(x: T): T {
+  return JSON.parse(JSON.stringify(x));
+}
+
+describe("lightclient.verifyCommit", () => {
+  it("verifies a valid commit against the validator set", async () => {
+    const validators = blockFixture.validator_set as unknown as ValidatorJson;
+    const commit = blockFixture as unknown as CommitJson;
+
+    const { proto: vset, cryptoIndex } = await importValidators(validators);
+    const sh = importCommit(commit);
+
+    const out = await verifyCommit(sh, vset, cryptoIndex);
+
+    expect(out.quorum).toBe(true);
+    expect(out.ok).toBe(true);
+    expect(out.signedPower > 0n).toBe(true);
+    expect(out.signedPower <= out.totalPower).toBe(true);
+    expect(out.headerTime).toBeDefined();
+    expect(out.appHash instanceof Uint8Array).toBe(true);
+    expect(out.blockIdHash instanceof Uint8Array).toBe(true);
+    expect(out.unknownValidators.length).toBe(0);
+    expect(out.invalidSignatures.length).toBe(0);
+    expect(out.countedSignatures).toBeGreaterThan(0);
+  });
+
+  it("flags invalid signatures", async () => {
+    const validators = blockFixture.validator_set as unknown as ValidatorJson;
+    const commit = clone(blockFixture) as unknown as CommitJson;
+
+    // Flip one byte of the BlockID hash to keep the signature well-formed but
+    // cryptographically invalid for the mutated sign-bytes.
+    commit.signed_header.commit.block_id.hash =
+      "3A1D00CC2A092465E85EA2C24986BEE0105285039DC1873BB6B0CA7F610EC89D";
+
+    const { proto: vset, cryptoIndex } = await importValidators(validators);
+    const sh = importCommit(commit);
+
+    const out = await verifyCommit(sh, vset, cryptoIndex);
+
+    expect(out.quorum).toBe(false);
+    expect(out.ok).toBe(false);
+    expect(out.signedPower).toBe(0n);
+    expect(out.invalidSignatures).toEqual([
+      Uint8ArrayToHex(vset.validators[0].address).toUpperCase(),
+    ]);
+    expect(out.countedSignatures).toBe(1);
+  });
+
+  it("flags invalid signatures", async () => {
+    const validators = blockFixture.validator_set as unknown as ValidatorJson;
+    const commit = clone(blockFixture) as unknown as CommitJson;
+
+    commit.signed_header.commit.signatures[0].signature = Uint8ArrayToBase64(
+      new Uint8Array(64),
+    );
+
+    const { proto: vset, cryptoIndex } = await importValidators(validators);
+    const sh = importCommit(commit);
+
+    const out = await verifyCommit(sh, vset, cryptoIndex);
+
+    expect(out.quorum).toBe(false);
+    expect(out.ok).toBe(false);
+    expect(out.signedPower).toBe(0n);
+    expect(out.invalidSignatures).toEqual([
+      Uint8ArrayToHex(vset.validators[0].address).toUpperCase(),
+    ]);
+    expect(out.countedSignatures).toBe(1);
+  });
+
+  it("rejects malformed signature bytes", async () => {
+    const validators = blockFixture.validator_set as unknown as ValidatorJson;
+    const commit = clone(blockFixture) as unknown as CommitJson;
+
+    // Truncate the signature (must be 64 bytes for Ed25519)
+    commit.signed_header.commit.signatures[0].signature = "AA==";
+
+    await expect(async () => importCommit(commit)).rejects.toThrow(
+      /signature must be 64 bytes/,
+    );
+  });
+
+  it("reports unknown validators", async () => {
+    const validators = blockFixture.validator_set as unknown as ValidatorJson;
+    const commit = clone(blockFixture) as unknown as CommitJson;
+
+    commit.signed_header.commit.signatures[0].validator_address =
+      "0000000000000000000000000000000000000000";
+
+    const { proto: vset, cryptoIndex } = await importValidators(validators);
+    const sh = importCommit(commit);
+
+    const out = await verifyCommit(sh, vset, cryptoIndex);
+
+    expect(out.quorum).toBe(false);
+    expect(out.ok).toBe(false);
+    expect(out.signedPower).toBe(0n);
+    expect(out.invalidSignatures).toEqual([]);
+    expect(out.unknownValidators).toEqual([
+      "0000000000000000000000000000000000000000",
+    ]);
+    expect(out.countedSignatures).toBe(0);
+  });
+});