fix(network): reject empty publisherIdBytes in dkgGossipMsgIdRaw (Codex PR #501 round 6)

The libp2p adapter (`dkgGossipMsgId`) rejects unsigned messages
because they have no publisher identity, but the raw primitive
(`dkgGossipMsgIdRaw`) used to silently accept the equivalent
`publisherIdBytes.length === 0` case — reopening the exact false-dedup
hazard the adapter was built to close. Any future backend or consumer
that forgot to plumb publisher-identity bytes through the raw
primitive would have shipped a quiet correctness bug at the
cross-backend boundary the primitive was meant to lock down.

Add `DkgGossipMissingPublisherError` (exported from network/index +
core/index) and throw it from `dkgGossipMsgIdRaw` on empty input.
Updated the "returns 32-byte SHA256" test to use a non-empty
publisher (the empty-publisher case is now an error, not a vector).
Added a regression test pinning the throw.

17/17 gossip-msg-id tests pass.

Co-authored-by: Cursor <cursoragent@cursor.com>

Author: 2 people

packages/core/src/index.ts

@@ -25,6 +25,7 @@ export {
   dkgGossipMsgIdRaw,
   type DkgGossipMsgIdInput,
   DkgGossipUnsignedMessageError,
+  DkgGossipMissingPublisherError,
 } from './network/index.js';
 export {
   ProtocolRouter,

packages/core/src/network/gossip-msg-id.ts

@@ -116,7 +116,8 @@ export class DkgGossipUnsignedMessageError extends Error {
  * - `data` — raw payload bytes.
  * - `publisherIdBytes` — canonical bytes identifying the publisher.
  *   For libp2p, this is `peerId.toMultihash().bytes`. For other
- *   backends, the equivalent canonical identity bytes.
+ *   backends, the equivalent canonical identity bytes. MUST be
+ *   non-empty — see `DkgGossipMissingPublisherError` below.
  * - `sequenceNumber` — per-publisher monotonic sequence (gossipsub
  *   seqno, iroh sequence, etc.).
  *
@@ -129,11 +130,40 @@ export interface DkgGossipMsgIdInput {
   sequenceNumber: bigint;
 }
 
+/**
+ * Thrown when `publisherIdBytes` is empty. The DKG msgId scheme is
+ * built on the invariant that two payload-identical publishes from
+ * different publishers must hash to different ids; an empty publisher
+ * identity collapses that distinction.
+ *
+ * @experimental
+ */
+export class DkgGossipMissingPublisherError extends Error {
+  constructor() {
+    super(
+      'dkgGossipMsgIdRaw: publisherIdBytes must be non-empty. The DKG ' +
+        'msgId scheme requires publisher identity to avoid false dedup of ' +
+        'payload-identical publishes from different publishers. Future ' +
+        'backends MUST plumb their canonical publisher-identity bytes ' +
+        'into this primitive.',
+    );
+    this.name = 'DkgGossipMissingPublisherError';
+  }
+}
+
 /**
  * Backend-agnostic msgId primitive. Every gossip backend adapter
  * normalises into `DkgGossipMsgIdInput` and the framing + hash
  * lives here once.
  *
+ * Throws `DkgGossipMissingPublisherError` if `publisherIdBytes` is
+ * empty. Codex review feedback PR #501 round 6: the libp2p adapter
+ * already rejects unsigned messages (where publisher identity is
+ * absent), but the raw primitive used to accept the equivalent
+ * `publisherIdBytes.length === 0` case, reopening the false-dedup
+ * hazard at the cross-backend boundary the primitive was meant to
+ * lock down.
+ *
  * @experimental
  */
 export function dkgGossipMsgIdRaw(input: DkgGossipMsgIdInput): Uint8Array {
@@ -142,6 +172,10 @@ export function dkgGossipMsgIdRaw(input: DkgGossipMsgIdInput): Uint8Array {
   const fromBytes = input.publisherIdBytes;
   const seqno = input.sequenceNumber;
 
+  if (fromBytes.length === 0) {
+    throw new DkgGossipMissingPublisherError();
+  }
+
   const total =
     4 + topicBytes.length +
     4 + data.length +

packages/core/src/network/index.ts

@@ -24,4 +24,5 @@ export {
   dkgGossipMsgId,
   dkgGossipMsgIdRaw,
   DkgGossipUnsignedMessageError,
+  DkgGossipMissingPublisherError,
 } from './gossip-msg-id.js';

packages/core/test/gossip-msg-id.test.ts

@@ -283,8 +283,21 @@ describe('dkgGossipMsgIdRaw (RFC 07 §5.4 — backend-agnostic primitive)', () =
   it('returns a 32-byte SHA256 digest', () => {
     const id = dkgGossipMsgIdRaw({
       topic: 't', data: new Uint8Array(),
-      publisherIdBytes: new Uint8Array(), sequenceNumber: 0n,
+      publisherIdBytes: new Uint8Array([1]), sequenceNumber: 0n,
     });
     expect(id.length).toBe(32);
   });
+
+  // Codex review feedback PR #501 round 6 (branarakic, gossip-msg-id.ts:142):
+  // the libp2p adapter rejects unsigned messages because they have no
+  // publisher identity, but the raw primitive used to silently accept
+  // an empty publisherIdBytes — reopening the false-dedup hazard the
+  // adapter fixed. Reject empty publishers at the raw API boundary too.
+  it('Codex PR #501 round 6: throws when publisherIdBytes is empty', () => {
+    expect(() => dkgGossipMsgIdRaw({
+      topic: 't', data: new Uint8Array([1, 2, 3]),
+      publisherIdBytes: new Uint8Array(),
+      sequenceNumber: 0n,
+    })).toThrow(/publisherIdBytes must be non-empty/);
+  });
 });