@unlink-xyz/multisig 0.1.0

package/dist/src/frost/signing.js

@@ -0,0 +1,225 @@
+/**
+ * Generalized m-of-n FROST signing protocol.
+ *
+ * Reimplements core signing from poc.ts with:
+ * - Any m-of-n threshold support
+ * - Mandatory per-share verification (for ROAST compatibility)
+ * - Nonce reuse protection
+ *
+ * References:
+ * - RFC 9591: https://datatracker.ietf.org/doc/html/rfc9591
+ * - FROST Paper: https://eprint.iacr.org/2020/852.pdf
+ */
+import { poseidon } from "@unlink-xyz/core";
+import { babyjubjub, mod, modAdd, modInverse, modMul, randomScalar, } from "./curve.js";
+/**
+ * Compute Lagrange coefficient for participant i at x=0.
+ *
+ * lambda_i = product_{j in participants, j != i} (0 - j) / (i - j)
+ */
+export function lagrangeCoefficient(participantIndex, allParticipants) {
+    const n = babyjubjub.order;
+    let numerator = 1n;
+    let denominator = 1n;
+    for (const j of allParticipants) {
+        if (j === participantIndex)
+            continue;
+        numerator = modMul(numerator, mod(-BigInt(j), n), n);
+        denominator = modMul(denominator, mod(BigInt(participantIndex) - BigInt(j), n), n);
+    }
+    return modMul(numerator, modInverse(denominator, n), n);
+}
+/**
+ * Round 1: Generate nonces and commitments.
+ * Caller MUST store nonces securely and never reuse them.
+ */
+export function generateCommitment(participantIndex) {
+    const hidingNonce = randomScalar();
+    const bindingNonce = randomScalar();
+    const hidingCommitment = babyjubjub.scalarMultGen(hidingNonce);
+    const bindingCommitment = babyjubjub.scalarMultGen(bindingNonce);
+    return {
+        nonces: {
+            hiding: hidingNonce,
+            binding: bindingNonce,
+        },
+        commitment: {
+            participantIndex,
+            hiding: hidingCommitment,
+            binding: bindingCommitment,
+        },
+    };
+}
+/**
+ * Compute binding factor for a participant.
+ * rho_i = H(i || message || encoded_commitments)
+ */
+export function computeBindingFactor(participantIndex, message, commitments) {
+    const sorted = [...commitments].sort((a, b) => a.participantIndex - b.participantIndex);
+    // Hash each commitment individually then combine.
+    // Poseidon has a 16-input arity limit — stage the hashing.
+    const commitmentHashes = [];
+    for (const c of sorted) {
+        commitmentHashes.push(poseidon([
+            BigInt(c.participantIndex),
+            c.hiding[0],
+            c.hiding[1],
+            c.binding[0],
+            c.binding[1],
+        ]));
+    }
+    const hash = poseidon([
+        BigInt(participantIndex),
+        message,
+        ...commitmentHashes,
+    ]);
+    return mod(hash, babyjubjub.order);
+}
+/**
+ * Compute the group commitment R from all participants' commitments.
+ * R = sum(D_i + rho_i * E_i) for all participants
+ */
+export function computeGroupCommitment(commitments, bindingFactors) {
+    let R = babyjubjub.identity;
+    for (const c of commitments) {
+        const rho = bindingFactors.get(c.participantIndex);
+        const bindingContrib = babyjubjub.scalarMult(c.binding, rho);
+        const contribution = babyjubjub.add(c.hiding, bindingContrib);
+        R = babyjubjub.add(R, contribution);
+    }
+    return R;
+}
+/**
+ * Round 2: Generate signature share.
+ * z_i = d_i + rho_i * e_i + 8 * c * lambda_i * s_i
+ *
+ * Nonces are zeroed after use to prevent reuse.
+ */
+export function generateSignatureShare(keyShare, nonces, message, commitments, groupPublicKey) {
+    if (nonces.hiding === 0n || nonces.binding === 0n) {
+        throw new Error("Nonce reuse detected: nonces have already been consumed");
+    }
+    const n = babyjubjub.order;
+    const participants = commitments.map((c) => c.participantIndex);
+    // Compute binding factors
+    const bindingFactors = new Map();
+    for (const c of commitments) {
+        const rho = computeBindingFactor(c.participantIndex, message, commitments);
+        bindingFactors.set(c.participantIndex, rho);
+    }
+    // Group commitment R
+    const R = computeGroupCommitment(commitments, bindingFactors);
+    // Challenge c = H(R, Y, M)
+    const challenge = poseidon([
+        R[0],
+        R[1],
+        groupPublicKey[0],
+        groupPublicKey[1],
+        message,
+    ]);
+    const c = mod(challenge, n);
+    const rho = bindingFactors.get(keyShare.participantIndex);
+    const lambda = lagrangeCoefficient(keyShare.participantIndex, participants);
+    // z_i = d_i + rho_i * e_i + 8 * c * lambda_i * s_i
+    const cofactor = 8n;
+    let z = nonces.hiding;
+    z = modAdd(z, modMul(rho, nonces.binding, n), n);
+    z = modAdd(z, modMul(cofactor, modMul(c, modMul(lambda, keyShare.secretShare, n), n), n), n);
+    // Zero nonces to prevent reuse
+    nonces.hiding = 0n;
+    nonces.binding = 0n;
+    return {
+        participantIndex: keyShare.participantIndex,
+        share: z,
+    };
+}
+/**
+ * Verify a single signature share before aggregation.
+ * z_i * G == D_i + rho_i * E_i + 8 * c * lambda_i * V_i
+ */
+export function verifySignatureShare(share, commitment, verificationShare, message, allCommitments, groupPublicKey) {
+    const n = babyjubjub.order;
+    const participants = allCommitments.map((c) => c.participantIndex);
+    // Compute binding factors
+    const bindingFactors = new Map();
+    for (const c of allCommitments) {
+        const rho = computeBindingFactor(c.participantIndex, message, allCommitments);
+        bindingFactors.set(c.participantIndex, rho);
+    }
+    // Group commitment R
+    const R = computeGroupCommitment(allCommitments, bindingFactors);
+    // Challenge
+    const challenge = poseidon([
+        R[0],
+        R[1],
+        groupPublicKey[0],
+        groupPublicKey[1],
+        message,
+    ]);
+    const c = mod(challenge, n);
+    const rho = bindingFactors.get(share.participantIndex);
+    const lambda = lagrangeCoefficient(share.participantIndex, participants);
+    // LHS: z_i * G
+    const lhs = babyjubjub.scalarMultGen(share.share);
+    // RHS: D_i + rho_i * E_i + 8 * c * lambda_i * V_i
+    const cofactor = 8n;
+    const bindingContrib = babyjubjub.scalarMult(commitment.binding, rho);
+    const nonceContrib = babyjubjub.add(commitment.hiding, bindingContrib);
+    const keyContrib = babyjubjub.scalarMult(verificationShare, modMul(cofactor, modMul(c, lambda, n), n));
+    const rhs = babyjubjub.add(nonceContrib, keyContrib);
+    return babyjubjub.equals(lhs, rhs);
+}
+/**
+ * Aggregate signature shares into final FROST signature.
+ * Optionally verifies each share before aggregation.
+ */
+export function aggregateSignatures(commitments, shares, message, options) {
+    const n = babyjubjub.order;
+    // Optional per-share verification
+    if (options?.verificationShares) {
+        if (!options.groupPublicKey) {
+            throw new Error("groupPublicKey required when verificationShares provided");
+        }
+        for (const share of shares) {
+            const commitment = commitments.find((c) => c.participantIndex === share.participantIndex);
+            if (!commitment) {
+                throw new Error(`No commitment found for participant ${share.participantIndex}`);
+            }
+            const vk = options.verificationShares.get(share.participantIndex);
+            if (!vk) {
+                throw new Error(`No verification share for participant ${share.participantIndex}`);
+            }
+            const valid = verifySignatureShare(share, commitment, vk, message, commitments, options.groupPublicKey);
+            if (!valid) {
+                throw new Error(`Invalid signature share from participant ${share.participantIndex}`);
+            }
+        }
+    }
+    // Compute binding factors
+    const bindingFactors = new Map();
+    for (const c of commitments) {
+        const rho = computeBindingFactor(c.participantIndex, message, commitments);
+        bindingFactors.set(c.participantIndex, rho);
+    }
+    // Group commitment R
+    const R = computeGroupCommitment(commitments, bindingFactors);
+    // Aggregate: S = sum(z_i)
+    let S = 0n;
+    for (const share of shares) {
+        S = modAdd(S, share.share, n);
+    }
+    return { R8: R, S };
+}
+/**
+ * Verify a FROST signature.
+ * S * G == R + 8 * c * Y
+ */
+export function verifyFrostSignature(signature, message, groupPublicKey) {
+    const { R8: R, S } = signature;
+    const c = mod(poseidon([R[0], R[1], groupPublicKey[0], groupPublicKey[1], message]), babyjubjub.order);
+    const cofactor = 8n;
+    const lhs = babyjubjub.scalarMultGen(S);
+    const c8Y = babyjubjub.scalarMult(groupPublicKey, modMul(cofactor, c, babyjubjub.order));
+    const rhs = babyjubjub.add(R, c8Y);
+    return babyjubjub.equals(lhs, rhs);
+}

package/dist/src/frost/test-utils.d.ts

@@ -0,0 +1,2 @@
+export { startMockCoordinator } from "./mock-coordinator.js";
+//# sourceMappingURL=test-utils.d.ts.map

package/dist/src/frost/test-utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"test-utils.d.ts","sourceRoot":"","sources":["../../../src/frost/test-utils.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC"}

package/dist/src/frost/test-utils.js

@@ -0,0 +1 @@
+export { startMockCoordinator } from "./mock-coordinator.js";

package/dist/src/frost/types.d.ts

@@ -0,0 +1,154 @@
+/**
+ * FROST data types for threshold signatures.
+ */
+import type { ViewingKeyPair } from "@unlink-xyz/core";
+import type { Point } from "./curve.js";
+export type { ViewingKeyPair };
+/**
+ * FROST configuration for a multisig account.
+ */
+export type FrostConfig = {
+    /** Minimum signers required (threshold) */
+    threshold: number;
+    /** Total number of shares */
+    totalShares: number;
+};
+/**
+ * A participant's key share.
+ */
+export type KeyShare = {
+    /** Participant index (1-based, per FROST spec) */
+    participantIndex: number;
+    /** Secret share scalar */
+    secretShare: bigint;
+    /** Verification share (public key for this participant) */
+    verificationShare: Point;
+};
+/**
+ * Group public key derived from all participants.
+ */
+export type GroupPublicKey = Point;
+/**
+ * Round 1 commitment (hiding and binding nonces).
+ */
+export type SigningCommitment = {
+    /** Participant index */
+    participantIndex: number;
+    /** Hiding nonce commitment D_i = d_i * G */
+    hiding: Point;
+    /** Binding nonce commitment E_i = e_i * G */
+    binding: Point;
+};
+/**
+ * Round 1 nonces (kept secret by participant).
+ */
+export type SigningNonces = {
+    /** Hiding nonce d_i */
+    hiding: bigint;
+    /** Binding nonce e_i */
+    binding: bigint;
+};
+/**
+ * Round 2 signature share.
+ */
+export type SignatureShare = {
+    /** Participant index */
+    participantIndex: number;
+    /** Signature share z_i */
+    share: bigint;
+};
+/**
+ * Final FROST signature (compatible with EdDSA format).
+ */
+export type FrostSignature = {
+    /** R point (aggregated nonce commitment) */
+    R8: Point;
+    /** S scalar (aggregated signature) */
+    S: bigint;
+};
+/**
+ * Schnorr proof of knowledge for a_i0 (prevents rogue key attacks).
+ */
+export type SchnorrProof = {
+    /** R = k*G */
+    commitment: Point;
+    /** z = k + challenge * a_i0 */
+    response: bigint;
+};
+/**
+ * Round 1 output broadcast by each participant.
+ */
+export type DkgRound1Package = {
+    participantIndex: number;
+    /** Commitments to polynomial coefficients: C_k = a_ik * G */
+    coefficientCommitments: Point[];
+    /** Proof of knowledge for a_i0 */
+    proof: SchnorrProof;
+};
+/**
+ * A participant's secret state from Round 1 (kept private).
+ */
+export type DkgRound1Secret = {
+    participantIndex: number;
+    /** Polynomial coefficients a_i0, a_i1, ..., a_i(t-1) */
+    coefficients: bigint[];
+};
+/**
+ * An encrypted share sent from participant i to participant j.
+ */
+export type EncryptedShare = {
+    fromIndex: number;
+    toIndex: number;
+    /** ChaCha20-Poly1305 ciphertext */
+    ciphertext: Uint8Array;
+    /** 12-byte nonce */
+    nonce: Uint8Array;
+};
+/**
+ * Encrypted viewing key sent from creator to a peer during round 2.
+ */
+export type EncryptedViewingKey = {
+    toIndex: number;
+    /** ChaCha20-Poly1305 ciphertext (64 bytes plaintext + 16 byte tag) */
+    ciphertext: Uint8Array;
+    /** 12-byte nonce */
+    nonce: Uint8Array;
+};
+/**
+ * Round 2 output broadcast by each participant.
+ */
+export type DkgRound2Package = {
+    participantIndex: number;
+    encryptedShares: EncryptedShare[];
+    /** Encrypted viewing keys, set by the participant that provides the viewing key. */
+    encryptedViewingKeys?: EncryptedViewingKey[];
+};
+/**
+ * Complete DKG result stored by each participant.
+ */
+export type DkgResult = {
+    keyShare: KeyShare;
+    groupPublicKey: GroupPublicKey;
+    /** All participants' coefficient commitments (for share verification). */
+    coefficientCommitments: Map<number, Point[]>;
+    /** Viewing key pair, present when distributed during DKG. */
+    viewingKeyPair?: ViewingKeyPair;
+};
+/**
+ * High-level multisig account with derived keys and address.
+ */
+export type MultisigAccount = {
+    groupId: string;
+    config: FrostConfig;
+    participantIndex: number;
+    keyShare: KeyShare;
+    groupPublicKey: Point;
+    /** All participants' coefficient commitments (for per-share verification). */
+    coefficientCommitments: Map<number, Point[]>;
+    viewingKeyPair: ViewingKeyPair;
+    nullifyingKey: bigint;
+    masterPublicKey: bigint;
+    gatewayUrl: string;
+    address: string;
+};
+//# sourceMappingURL=types.d.ts.map

package/dist/src/frost/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/frost/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAEvD,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AAExC,YAAY,EAAE,cAAc,EAAE,CAAC;AAE/B;;GAEG;AACH,MAAM,MAAM,WAAW,GAAG;IACxB,2CAA2C;IAC3C,SAAS,EAAE,MAAM,CAAC;IAClB,6BAA6B;IAC7B,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,QAAQ,GAAG;IACrB,kDAAkD;IAClD,gBAAgB,EAAE,MAAM,CAAC;IACzB,0BAA0B;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,2DAA2D;IAC3D,iBAAiB,EAAE,KAAK,CAAC;CAC1B,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG,KAAK,CAAC;AAEnC;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC9B,wBAAwB;IACxB,gBAAgB,EAAE,MAAM,CAAC;IACzB,4CAA4C;IAC5C,MAAM,EAAE,KAAK,CAAC;IACd,6CAA6C;IAC7C,OAAO,EAAE,KAAK,CAAC;CAChB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG;IAC1B,uBAAuB;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,wBAAwB;IACxB,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG;IAC3B,wBAAwB;IACxB,gBAAgB,EAAE,MAAM,CAAC;IACzB,0BAA0B;IAC1B,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG;IAC3B,4CAA4C;IAC5C,EAAE,EAAE,KAAK,CAAC;IACV,sCAAsC;IACtC,CAAC,EAAE,MAAM,CAAC;CACX,CAAC;AAIF;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG;IACzB,cAAc;IACd,UAAU,EAAE,KAAK,CAAC;IAClB,+BAA+B;IAC/B,QAAQ,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG;IAC7B,gBAAgB,EAAE,MAAM,CAAC;IACzB,6DAA6D;IAC7D,sBAAsB,EAAE,KAAK,EAAE,CAAC;IAChC,kCAAkC;IAClC,KAAK,EAAE,YAAY,CAAC;CACrB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,eAAe,GAAG;IAC5B,gBAAgB,EAAE,MAAM,CAAC;IACzB,wDAAwD;IACxD,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,mCAAmC;IACnC,UAAU,EAAE,UAAU,CAAC;IACvB,oBAAoB;IACpB,KAAK,EAAE,UAAU,CAAC;CACnB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,sEAAsE;IACtE,UAAU,EAAE,UAAU,CAAC;IACvB,oBAAoB;IACpB,KAAK,EAAE,UAAU,CAAC;CACnB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG;IAC7B,gBAAgB,EAAE,MAAM,CAAC;IACzB,eAAe,EAAE,cAAc,EAAE,CAAC;IAClC,oFAAoF;IACpF,oBAAoB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC9C,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,SAAS,GAAG;IACtB,QAAQ,EAAE,QAAQ,CAAC;IACnB,cAAc,EAAE,cAAc,CAAC;IAC/B,0EAA0E;IAC1E,sBAAsB,EAAE,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;IAC7C,6DAA6D;IAC7D,cAAc,CAAC,EAAE,cAAc,CAAC;CACjC,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,eAAe,GAAG;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,WAAW,CAAC;IACpB,gBAAgB,EAAE,MAAM,CAAC;IACzB,QAAQ,EAAE,QAAQ,CAAC;IACnB,cAAc,EAAE,KAAK,CAAC;IACtB,8EAA8E;IAC9E,sBAAsB,EAAE,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;IAC7C,cAAc,EAAE,cAAc,CAAC;IAC/B,aAAa,EAAE,MAAM,CAAC;IACtB,eAAe,EAAE,MAAM,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC"}

package/dist/src/frost/types.js

@@ -0,0 +1,4 @@
+/**
+ * FROST data types for threshold signatures.
+ */
+export {};

package/dist/src/index.d.ts

@@ -0,0 +1,9 @@
+/**
+ * @unlink-xyz/multisig - FROST threshold signatures for Unlink
+ *
+ * This SDK enables m-of-n multisig accounts that produce EdDSA signatures
+ * compatible with the existing JoinSplit circuit (no circuit changes).
+ */
+export * from "./frost/index.js";
+export * from "./wallet/index.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/src/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,cAAc,kBAAkB,CAAC;AACjC,cAAc,mBAAmB,CAAC"}

package/dist/src/index.js

@@ -0,0 +1,8 @@
+/**
+ * @unlink-xyz/multisig - FROST threshold signatures for Unlink
+ *
+ * This SDK enables m-of-n multisig accounts that produce EdDSA signatures
+ * compatible with the existing JoinSplit circuit (no circuit changes).
+ */
+export * from "./frost/index.js";
+export * from "./wallet/index.js";

package/dist/src/node.d.ts

@@ -0,0 +1,2 @@
+export { FsStore } from "./wallet/fs-store.js";
+//# sourceMappingURL=node.d.ts.map

package/dist/src/node.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"node.d.ts","sourceRoot":"","sources":["../../src/node.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAC"}

package/dist/src/node.js

@@ -0,0 +1 @@
+export { FsStore } from "./wallet/fs-store.js";

package/dist/src/wallet/fs-store.d.ts

@@ -0,0 +1,16 @@
+import type { MultisigAccount } from "../frost/types.js";
+import type { MultisigAccountStore } from "./store.js";
+/**
+ * Filesystem-backed MultisigAccountStore for Node/CLI environments.
+ * Stores one JSON file per account: `<dir>/<groupId>.json`.
+ */
+export declare class FsStore implements MultisigAccountStore {
+    private readonly dir;
+    constructor(dir: string);
+    save(account: MultisigAccount): Promise<void>;
+    load(groupId: string): Promise<MultisigAccount | null>;
+    delete(groupId: string): Promise<void>;
+    list(): Promise<string[]>;
+    private path;
+}
+//# sourceMappingURL=fs-store.d.ts.map

package/dist/src/wallet/fs-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fs-store.d.ts","sourceRoot":"","sources":["../../../src/wallet/fs-store.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACzD,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAEvD;;;GAGG;AACH,qBAAa,OAAQ,YAAW,oBAAoB;IACtC,OAAO,CAAC,QAAQ,CAAC,GAAG;gBAAH,GAAG,EAAE,MAAM;IAElC,IAAI,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC;IAS7C,IAAI,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAUtD,MAAM,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAStC,IAAI,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;IAY/B,OAAO,CAAC,IAAI;CAOb"}

package/dist/src/wallet/fs-store.js

@@ -0,0 +1,62 @@
+import { mkdir, readdir, readFile, rename, rm, writeFile, } from "node:fs/promises";
+import { resolve } from "node:path";
+import { deserializeMultisigAccount, serializeMultisigAccount, } from "../frost/serialization.js";
+/**
+ * Filesystem-backed MultisigAccountStore for Node/CLI environments.
+ * Stores one JSON file per account: `<dir>/<groupId>.json`.
+ */
+export class FsStore {
+    dir;
+    constructor(dir) {
+        this.dir = dir;
+    }
+    async save(account) {
+        await mkdir(this.dir, { recursive: true });
+        const data = serializeMultisigAccount(account);
+        const dest = this.path(account.groupId);
+        const tmp = `${dest}.tmp`;
+        await writeFile(tmp, JSON.stringify(data), "utf-8");
+        await rename(tmp, dest);
+    }
+    async load(groupId) {
+        try {
+            const raw = await readFile(this.path(groupId), "utf-8");
+            return deserializeMultisigAccount(JSON.parse(raw));
+        }
+        catch (err) {
+            if (err.code === "ENOENT")
+                return null;
+            throw err;
+        }
+    }
+    async delete(groupId) {
+        try {
+            await rm(this.path(groupId));
+        }
+        catch (err) {
+            if (err.code === "ENOENT")
+                return;
+            throw err;
+        }
+    }
+    async list() {
+        try {
+            const files = await readdir(this.dir);
+            return files
+                .filter((f) => f.endsWith(".json"))
+                .map((f) => f.slice(0, -5));
+        }
+        catch (err) {
+            if (err.code === "ENOENT")
+                return [];
+            throw err;
+        }
+    }
+    path(groupId) {
+        const resolved = resolve(this.dir, `${groupId}.json`);
+        if (!resolved.startsWith(resolve(this.dir) + "/")) {
+            throw new Error(`invalid groupId: path traversal detected`);
+        }
+        return resolved;
+    }
+}

package/dist/src/wallet/index.d.ts

@@ -0,0 +1,5 @@
+export { createMultisigWallet } from "./wallet.js";
+export type * from "./types.js";
+export type { MultisigAccountStore } from "./store.js";
+export { IndexedDbStore } from "./indexeddb-store.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/src/wallet/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/wallet/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AACnD,mBAAmB,YAAY,CAAC;AAChC,YAAY,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AACvD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC"}

package/dist/src/wallet/index.js

@@ -0,0 +1,2 @@
+export { createMultisigWallet } from "./wallet.js";
+export { IndexedDbStore } from "./indexeddb-store.js";

package/dist/src/wallet/indexeddb-store.d.ts

@@ -0,0 +1,12 @@
+import type { MultisigAccount } from "../frost/types.js";
+import type { MultisigAccountStore } from "./store.js";
+/**
+ * IndexedDB-backed MultisigAccountStore for browser environments.
+ */
+export declare class IndexedDbStore implements MultisigAccountStore {
+    save(account: MultisigAccount): Promise<void>;
+    load(groupId: string): Promise<MultisigAccount | null>;
+    delete(groupId: string): Promise<void>;
+    list(): Promise<string[]>;
+}
+//# sourceMappingURL=indexeddb-store.d.ts.map

package/dist/src/wallet/indexeddb-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"indexeddb-store.d.ts","sourceRoot":"","sources":["../../../src/wallet/indexeddb-store.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACzD,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAkCvD;;GAEG;AACH,qBAAa,cAAe,YAAW,oBAAoB;IACnD,IAAI,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC;IAW7C,IAAI,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAUtD,MAAM,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAStC,IAAI,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;CAShC"}

package/dist/src/wallet/indexeddb-store.js

@@ -0,0 +1,69 @@
+import { deserializeMultisigAccount, serializeMultisigAccount, } from "../frost/serialization.js";
+const DB_NAME = "unlink-multisig";
+const DB_VERSION = 1;
+const STORE_NAME = "accounts";
+function openDb() {
+    return new Promise((resolve, reject) => {
+        const req = indexedDB.open(DB_NAME, DB_VERSION);
+        req.onupgradeneeded = () => {
+            const db = req.result;
+            if (!db.objectStoreNames.contains(STORE_NAME)) {
+                db.createObjectStore(STORE_NAME, { keyPath: "groupId" });
+            }
+        };
+        req.onsuccess = () => resolve(req.result);
+        req.onerror = () => reject(req.error);
+    });
+}
+function tx(db, mode, fn) {
+    return new Promise((resolve, reject) => {
+        const transaction = db.transaction(STORE_NAME, mode);
+        const store = transaction.objectStore(STORE_NAME);
+        const req = fn(store);
+        req.onsuccess = () => resolve(req.result);
+        req.onerror = () => reject(req.error);
+    });
+}
+/**
+ * IndexedDB-backed MultisigAccountStore for browser environments.
+ */
+export class IndexedDbStore {
+    async save(account) {
+        const db = await openDb();
+        try {
+            await tx(db, "readwrite", (store) => store.put(serializeMultisigAccount(account)));
+        }
+        finally {
+            db.close();
+        }
+    }
+    async load(groupId) {
+        const db = await openDb();
+        try {
+            const data = await tx(db, "readonly", (store) => store.get(groupId));
+            return data ? deserializeMultisigAccount(data) : null;
+        }
+        finally {
+            db.close();
+        }
+    }
+    async delete(groupId) {
+        const db = await openDb();
+        try {
+            await tx(db, "readwrite", (store) => store.delete(groupId));
+        }
+        finally {
+            db.close();
+        }
+    }
+    async list() {
+        const db = await openDb();
+        try {
+            const keys = await tx(db, "readonly", (store) => store.getAllKeys());
+            return keys.map(String);
+        }
+        finally {
+            db.close();
+        }
+    }
+}

package/dist/src/wallet/store.d.ts

@@ -0,0 +1,14 @@
+import type { MultisigAccount } from "../frost/types.js";
+/**
+ * Persistence interface for MultisigAccount instances.
+ *
+ * Implementations handle platform-specific storage (IndexedDB, filesystem, etc.)
+ * and use serialization internally.
+ */
+export interface MultisigAccountStore {
+    save(account: MultisigAccount): Promise<void>;
+    load(groupId: string): Promise<MultisigAccount | null>;
+    delete(groupId: string): Promise<void>;
+    list(): Promise<string[]>;
+}
+//# sourceMappingURL=store.d.ts.map

package/dist/src/wallet/store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"store.d.ts","sourceRoot":"","sources":["../../../src/wallet/store.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAEzD;;;;;GAKG;AACH,MAAM,WAAW,oBAAoB;IACnC,IAAI,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9C,IAAI,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAAC;IACvD,MAAM,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACvC,IAAI,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;CAC3B"}

package/dist/src/wallet/store.js

@@ -0,0 +1 @@
+export {};