[KLC-2394] feat: operator add ms sign subcommand to sign multisi (#66)

## Summary

Add operator ms sign subcommand to sign a multisign transaction and post the signature to the multisign API, also supporting an interactive mode to choose between pending multisignature transactions.

## Problem

Previously the user would have to fetch, sign and post the signature manually with multiple commands, which was fragile.

## Solution

- Add operator ms sign to fetch a pending transaction, sign it, and post the signature to the multisign API.

- Support both a specific TX hash and interactive pending transaction selection.

- Consolidate helper logic for fetching, signing, encoding, and posting multisign data.

- Keep --multisign-api persistent on ms.

- Having no pending transactions returns a friendly message

- Trying to sign an already signed transaction returns a message indicating the no-op.

## Key Changes

-[cmd/operator/multisign.go](): add sign subcommand, interactive selection UI, and reusable helper flow.

-[cmd/operator/multsignHelper.go](): add getMSApiTransaction, doSignAndPost, and doPostMSTransaction; clarify API signature posting.

-[cmd/operator/main.go](): tighten command detection for operator sign and operator ms encode.

-Flags: moved --multisign-api to ms persistent flags;.

## Testing

- [x] cmd/operator existing tests pass

- [x] Added new tests

- [x] Manually tested reading updates to transaction's signature states both between addresses and from the same address. Also tested impeding the signing of a transaction multiple times from the same user.

## Configuration Changes

None

## Breaking Changes

None

## Related Issues

--

## Checklist

- [x] Code follows project style guidelines (`make goimports`)

- [x] Tests added/updated and passing

- [x] Documentation updated (added ms sign markdown file to cmd/operator/docs)

- [x] Commit messages follow [Conventional Commits](https://www.conventionalcommits.org/)

- [x] No unnecessary files included

- [x] Breaking changes documented above

- [x] Configuration changes documented above

Author: n4t4l

cmd/operator/main.go

@@ -99,8 +99,8 @@ var rootCmd = &cobra.Command{
 		}
 
 		if createOnly ||
-			strings.HasPrefix(cmd.Use, "sign") ||
-			strings.HasPrefix(cmd.Use, "encode") {
+			cmd.CommandPath() == "operator sign" ||
+			cmd.CommandPath() == "operator ms encode" {
 			log.SetLevel(logger.LogNone)
 		}
 
@@ -179,7 +179,7 @@ OPERATOR interface to Klever Blockchain
 }
 
 func init() {
-	rootCmd.PersistentFlags().StringVarP(&walletPemFile, "key-file", "k", "./walletKey.pem", "set walelt pem file --key-file=./walletKey.pem")
+	rootCmd.PersistentFlags().StringVarP(&walletPemFile, "key-file", "k", "./walletKey.pem", "set wallet pem file --key-file=./walletKey.pem")
 	rootCmd.PersistentFlags().StringVarP(&nodeAPI, "node", "n", "http://localhost:8080", "entrypoint to node API --node=https://node.testnet.klever.org")
 	rootCmd.PersistentFlags().Uint64Var(&txNonce, "nonce", 0, "set TX nonce --nonce=33")
 	rootCmd.PersistentFlags().StringVar(&nonceCheck, "nonce-check", "current", fmt.Sprintf("use [%s, %s, %s] nonce for the account", NONCE_CHECK_CURRENT, NONCE_CHECK_FIRST_PENDING, NONCE_CHECK_PENDING))

cmd/operator/multisign.go

@@ -3,11 +3,14 @@ package main
 import (
 	"encoding/hex"
 	"encoding/json"
+	"errors"
 	"fmt"
+	"io"
 	"strings"
 
 	"github.com/klever-io/klever-go/cmd/operator/utils"
 	"github.com/klever-io/klever-go/data/transaction"
+
 	"github.com/spf13/cobra"
 )
 
@@ -80,38 +83,15 @@ func subMS() []*cobra.Command {
 					return err
 				}
 			}
+			return doPostMSTransactionSignature(encoded)
 
-			// marshal
-			data, err := json.Marshal(encoded)
-			if err != nil {
-				return err
-			}
-
-			broadcastResult := struct {
-				Status string `json:"status"`
-				Error  string `json:"error"`
-			}{}
-
-			// broadcast
-			log.Info("broadcasting...")
-			err = utils.PostURL(fmt.Sprintf("%s/transaction", multisignAPI), string(data), nil, &broadcastResult)
-			if err != nil {
-				return err
-			}
-			if len(broadcastResult.Error) != 0 {
-				return fmt.Errorf("error broadcasting transaction: %s", broadcastResult.Error)
-			}
-			log.Info("successful added", "txHash", encoded.Hash, "address", encoded.Address)
-
-			return nil
 		},
 	}
-	cmdMultisignAddTransaction.Flags().StringVar(&multisignAPI, "multisign-api", "https://multisign.mainnet.klever.org", "multisign API URL")
 
 	cmdMultisignBroadcast := &cobra.Command{
 		Use:   "broadcast [Transaction]",
 		Args:  cobra.ExactArgs(1),
-		Short: "broadcast a transaction form multisign API",
+		Short: "broadcast a transaction from multisign API",
 		RunE: func(cmd *cobra.Command, args []string) error {
 			hash := args[0]
 			hash = strings.Replace(hash, "0x", "", 1)
@@ -140,33 +120,20 @@ func subMS() []*cobra.Command {
 			return nil
 		},
 	}
-	cmdMultisignBroadcast.Flags().StringVar(&multisignAPI, "multisign-api", "https://multisign.mainnet.klever.org", "multisign API URL")
 
 	cmdMultisignFetch := &cobra.Command{
 		Use:   "by-hash [Transaction]",
 		Args:  cobra.ExactArgs(1),
 		Short: "fetch a transaction form multisign API",
 		RunE: func(cmd *cobra.Command, args []string) error {
 			hash := args[0]
-			hash = strings.Replace(hash, "0x", "", 1)
-			if len(hash) != 64 {
-				return fmt.Errorf("invalid TX hash length: %d", len(hash))
-			}
-			_, err := hex.DecodeString(hash)
-			if len(hash) != 64 || err != nil {
-				return fmt.Errorf("invalid TX hash %s", hash)
-			}
-
-			result := MSApiTransaction{}
-			err = utils.GetURL(fmt.Sprintf("%s/transaction/%s", multisignAPI, hash), &result)
+			result, err := getMSApiTransaction(hash)
 			if err != nil {
 				return err
 			}
-
 			return DumpAsJson(result)
 		},
 	}
-	cmdMultisignFetch.Flags().StringVar(&multisignAPI, "multisign-api", "https://multisign.mainnet.klever.org", "multisign API URL")
 
 	cmdMultisignByAddress := &cobra.Command{
 		Use:   "by-address [Address]",
@@ -184,15 +151,65 @@ func subMS() []*cobra.Command {
 			return DumpAsJson(result)
 		},
 	}
-	cmdMultisignByAddress.Flags().StringVar(&multisignAPI, "multisign-api", "https://multisign.mainnet.klever.org", "multisign API URL")
-
+	cmdMultiSignAndPost := &cobra.Command{
+		Use:   "sign [txHash]",
+		Short: "sign a transaction from multisign API and post the signature",
+		Example: `operator ms sign <txHash>   — sign specific TX by hash
+operator ms sign <txHash> -s — sign specific TX by hash; skip confirmation prompt 
+operator ms sign             — interactively choose from pending transactions`,
+		Args: cobra.MaximumNArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			log.Info("signing transaction from multisign API", "address", signerAddress)
+			var tx *MSApiTransaction
+			userTxHash := ""
+			var err error
+			if len(args) == 1 {
+				userTxHash = strings.TrimPrefix(args[0], "0x")
+				tx, err = getMSApiTransaction(userTxHash)
+			} else {
+				autoSign = false
+				log.Info("fetching pending transactions for signing")
+				result := make([]MSApiTransaction, 0)
+				err = utils.GetURL(fmt.Sprintf("%s/transaction/by-address/%s", multisignAPI, signerAddress), &result)
+				if err != nil && !errors.Is(err, io.EOF) {
+					return err
+				}
+				if len(result) == 0 {
+					log.Info("no transactions found for signing")
+					return nil
+				}
+				tx, err = pendingMsTransactionPicker(&result)
+			}
+			if err != nil {
+				return err
+			}
+			if userTxHash != "" && tx != nil {
+				gotTxHash, err := computeTxHash(tx.Raw)
+				if err != nil {
+					return err
+				}
+				encodedGotTxHash := hex.EncodeToString(gotTxHash)
+				if encodedGotTxHash != userTxHash {
+					return fmt.Errorf("transaction hash mismatch: expected %s, got %s", userTxHash, encodedGotTxHash)
+				}
+			}
+			if tx != nil {
+				err = doSignAndPost(tx)
+				if err != nil {
+					return err
+				}
+			}
+			return nil
+		},
+	}
 	return []*cobra.Command{
 		cmdDecodeTransaction,
 		cmdMultisignEncodeTransaction,
 		cmdMultisignAddTransaction,
 		cmdMultisignBroadcast,
 		cmdMultisignFetch,
 		cmdMultisignByAddress,
+		cmdMultiSignAndPost,
 	}
 }
 
@@ -205,6 +222,6 @@ func init() {
 		},
 	}
 	cmdMS.AddCommand(subMS()...)
-
+	cmdMS.PersistentFlags().StringVar(&multisignAPI, "multisign-api", "https://multisign.mainnet.klever.org", "multisign API URL")
 	rootCmd.AddCommand(cmdMS)
 }

cmd/operator/multisign_test.go

@@ -0,0 +1,194 @@
+package main
+
+import (
+	"crypto/ed25519"
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/klever-io/klever-go/common/mock"
+	"github.com/klever-io/klever-go/crypto"
+	"github.com/klever-io/klever-go/data/transaction"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+// --- helpers ---
+
+const validHash = "abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890"
+
+func makeMSServer(t *testing.T, method, path string, status int, body interface{}) *httptest.Server {
+	t.Helper()
+	return httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, method, r.Method)
+		assert.Equal(t, path, r.URL.Path)
+		w.Header().Set("Content-Type", "application/json")
+		w.WriteHeader(status)
+		_ = json.NewEncoder(w).Encode(body)
+	}))
+}
+
+// --- getMSApiTransaction ---
+
+func TestGetMSApiTransaction_InvalidHashLength(t *testing.T) {
+	_, err := getMSApiTransaction("0xdeadbeef")
+	require.Error(t, err)
+	assert.Contains(t, err.Error(), "invalid TX hash length")
+}
+
+func TestGetMSApiTransaction_InvalidHex(t *testing.T) {
+	_, err := getMSApiTransaction("zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz")
+	require.Error(t, err)
+	assert.Contains(t, err.Error(), "invalid TX hash")
+}
+
+func TestGetMSApiTransaction_NotFound(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		// EOF — close without writing body
+	}))
+	defer srv.Close()
+	multisignAPI = srv.URL
+
+	_, err := getMSApiTransaction(validHash)
+	require.Error(t, err)
+	assert.Contains(t, err.Error(), "not found in multisign API")
+}
+
+func TestGetMSApiTransaction_Success(t *testing.T) {
+	want := MSApiTransaction{Hash: validHash}
+	srv := makeMSServer(t, http.MethodGet, "/transaction/"+validHash, http.StatusOK, want)
+	defer srv.Close()
+	multisignAPI = srv.URL
+
+	got, err := getMSApiTransaction(validHash)
+	require.NoError(t, err)
+	assert.Equal(t, validHash, got.Hash)
+}
+
+func TestGetMSApiTransaction_StripPrefix(t *testing.T) {
+	want := MSApiTransaction{Hash: validHash}
+	srv := makeMSServer(t, http.MethodGet, "/transaction/"+validHash, http.StatusOK, want)
+	defer srv.Close()
+	multisignAPI = srv.URL
+
+	got, err := getMSApiTransaction("0x" + validHash)
+	require.NoError(t, err)
+	assert.Equal(t, validHash, got.Hash)
+}
+
+// --- doSignAndPost ---
+
+func TestDoSignAndPost_NotAuthorized(t *testing.T) {
+	signerAddress = "addr_A"
+	tx := &MSApiTransaction{
+		Hash:    validHash,
+		Signers: []MSApiSigner{{Address: "addr_B", Signed: false}},
+		Raw:     &transaction.Transaction{},
+	}
+	err := doSignAndPost(tx)
+	require.Error(t, err)
+	assert.Contains(t, err.Error(), "not required to sign")
+}
+
+func TestDoSignAndPost_AlreadySigned(t *testing.T) {
+	signerAddress = "addr_A"
+
+	tx := &MSApiTransaction{
+		Hash:    validHash,
+		Signers: []MSApiSigner{{Address: "addr_A", Signed: true}},
+		Raw:     &transaction.Transaction{},
+	}
+	// Should return nil (already signed = no-op)
+	err := doSignAndPost(tx)
+	assert.NoError(t, err)
+}
+
+func TestDoSignAndPost_AutoSign_Success(t *testing.T) {
+	prevAutoSign := autoSign
+	prevSignerAddress := signerAddress
+	prevPrivateKey := privateKey
+	prevMSAPI := multisignAPI
+	t.Cleanup(func() {
+		autoSign = prevAutoSign
+		signerAddress = prevSignerAddress
+		privateKey = prevPrivateKey
+		multisignAPI = prevMSAPI
+	})
+
+	autoSign = true
+	signerAddress = "addr_A"
+
+	pubKey, rawPriv, _ := ed25519.GenerateKey(nil)
+	privateKey = &mock.PrivateKeyMock{
+		ScalarMock: func() crypto.Scalar {
+			return &mock.ScalarMock{
+				GetUnderlyingObjStub: func() interface{} {
+					return rawPriv
+				},
+			}
+		},
+	}
+
+	expectedAddress := walletPubKeyConverter.Encode(pubKey)
+
+	var capturedBody MSApiEncoded
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		require.NoError(t, json.NewDecoder(r.Body).Decode(&capturedBody))
+		w.Header().Set("Content-Type", "application/json")
+		_ = json.NewEncoder(w).Encode(map[string]string{"status": "ok", "error": ""})
+	}))
+	defer srv.Close()
+	multisignAPI = srv.URL
+
+	tx := &MSApiTransaction{
+		Hash:    validHash,
+		Signers: []MSApiSigner{{Address: "addr_A", Signed: false}},
+		Raw: &transaction.Transaction{
+			Signature: make([][]byte, 0),
+			RawData: &transaction.Transaction_Raw{
+				Sender: pubKey,
+			},
+		},
+	}
+
+	err := doSignAndPost(tx)
+	assert.NoError(t, err)
+
+	assert.Equal(t, expectedAddress, capturedBody.Address, "posted address should be the bech32-encoded sender pubkey")
+	assert.Len(t, tx.Raw.Signature, 1, "a signature should have been appended to the transaction")
+	assert.NotEmpty(t, tx.Raw.Signature[0], "appended signature should not be empty")
+}
+
+// --- doPostMSTransactionSignature ---
+
+func TestDoPostMSTransactionSignature_Success(t *testing.T) {
+	srv := makeMSServer(t, http.MethodPost, "/transaction", http.StatusOK,
+		map[string]string{"status": "ok", "error": ""})
+	defer srv.Close()
+	multisignAPI = srv.URL
+
+	encoded := &MSApiEncoded{Hash: validHash, Address: "addr_A"}
+	err := doPostMSTransactionSignature(encoded)
+	assert.NoError(t, err)
+}
+
+func TestDoPostMSTransactionSignature_APIError(t *testing.T) {
+	srv := makeMSServer(t, http.MethodPost, "/transaction", http.StatusOK,
+		map[string]string{"status": "error", "error": "invalid signature"})
+	defer srv.Close()
+	multisignAPI = srv.URL
+
+	encoded := &MSApiEncoded{Hash: validHash, Address: "addr_A"}
+	err := doPostMSTransactionSignature(encoded)
+	require.Error(t, err)
+	assert.Contains(t, err.Error(), "invalid signature")
+}
+
+func TestDoPostMSTransactionSignature_NetworkError(t *testing.T) {
+	multisignAPI = "http://127.0.0.1:1" // nothing listening
+
+	encoded := &MSApiEncoded{Hash: validHash, Address: "addr_A"}
+	err := doPostMSTransactionSignature(encoded)
+	assert.Error(t, err)
+}