From d0c504dcf3664cb95853c9c77c522b0019ba594a Mon Sep 17 00:00:00 2001
From: hailin <hailin.zhao@gdzx.xyz>
Date: Wed, 31 Dec 2025 08:19:27 -0800
Subject: [PATCH] fix(co-sign): adjust threshold for tss-lib (t-1) to match
 user expectation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

User says 3-of-5 meaning 3 signers needed, but tss-lib threshold t means t+1 signers.
Pass thresholdT-1 so tss-lib needs (t-1)+1 = t signers, matching user expectation.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 .claude/settings.local.json                         |  3 ++-
 .../services/service-party-app/tss-party/main.go    | 13 +++++--------
 2 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/.claude/settings.local.json b/.claude/settings.local.json
index eb349339..c6f3d2b3 100644
--- a/.claude/settings.local.json
+++ b/.claude/settings.local.json
@@ -506,7 +506,8 @@
       "Bash(powershell -Command:*)",
       "Bash(powershell -Command \"\n$content = Get-Content ''main.ts'' -Raw\n\n# 修改 threshold 部分\n$old1 = @''\n          threshold: {\n            t: activeCoSignSession?.threshold?.t || 0,\n            n: activeCoSignSession?.threshold?.n || 0,\n          },\n''@\n\n$new1 = @''\n          threshold: {\n            // 优先使用 API 返回的阈值，回退到 activeCoSignSession\n            t: result?.threshold_t || activeCoSignSession?.threshold?.t || 0,\n            n: result?.threshold_n || activeCoSignSession?.threshold?.n || 0,\n          },\n''@\n\n$content = $content.Replace\\($old1, $new1\\)\n\n# 修改 participants 部分\n$old2 = ''participants: result?.parties?.map\\(\\(p: { party_id: string; party_index: number }, idx: number\\) => \\({''\n$new2 = ''participants: \\(\\(result as { participants?: Array<{ party_id: string; party_index: number; status: string }> }\\)?.participants || []\\).map\\(\\(p, idx\\) => \\({''\n\n$content = $content.Replace\\($old2, $new2\\)\n\n# 修改 status 部分\n$old3 = \"\"            status: ''ready'',\"\"\n$new3 = \"\"            status: p.status || ''waiting'',\"\"\n\n$content = $content.Replace\\($old3, $new3\\)\n\n# 修改结尾部分\n$old4 = ''          }\\)\\) || [],''\n$new4 = ''          }\\)\\),''\n\n$content = $content.Replace\\($old4, $new4\\)\n\nSet-Content ''main.ts'' -Value $content -NoNewline\nWrite-Output ''Done''\n\")",
       "Bash(node fix_main.js:*)",
-      "Bash(git commit -m \"$\\(cat <<''EOF''\nfeat\\(co-sign\\): add debug logs for auto-join flow in CoSignJoin\n\nAdd console.log statements to trace the auto-join logic:\n- Log loaded shares with sessionId\n- Log auto-select share matching check\n- Log auto-join conditions and share match status\n- Log validateInviteCode results including joinToken\n- Log handleJoinSession parameters\n\n🤖 Generated with [Claude Code]\\(https://claude.com/claude-code\\)\n\nCo-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>\nEOF\n\\)\")"
+      "Bash(git commit -m \"$\\(cat <<''EOF''\nfeat\\(co-sign\\): add debug logs for auto-join flow in CoSignJoin\n\nAdd console.log statements to trace the auto-join logic:\n- Log loaded shares with sessionId\n- Log auto-select share matching check\n- Log auto-join conditions and share match status\n- Log validateInviteCode results including joinToken\n- Log handleJoinSession parameters\n\n🤖 Generated with [Claude Code]\\(https://claude.com/claude-code\\)\n\nCo-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>\nEOF\n\\)\")",
+      "Bash(git commit -m \"$\\(cat <<''EOF''\nfix\\(co-sign\\): use keygen session threshold_n for TSS signing\n\n- Query keygen session from mpc_sessions table to get correct threshold_n\n- Pass keygenThresholdN to CreateSigningSessionAuto instead of len\\(parties\\)\n- Return parties list and correct threshold values in GetSignSessionByInviteCode\n- This fixes TSS signing failure \"U doesn 't equal T\" caused by mismatched n values\n\n🤖 Generated with [Claude Code]\\(https://claude.com/claude-code\\)\n\nCo-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>\nEOF\n\\)\")"
     ],
     "deny": [],
     "ask": []
diff --git a/backend/mpc-system/services/service-party-app/tss-party/main.go b/backend/mpc-system/services/service-party-app/tss-party/main.go
index 43023996..a03618b7 100644
--- a/backend/mpc-system/services/service-party-app/tss-party/main.go
+++ b/backend/mpc-system/services/service-party-app/tss-party/main.go
@@ -595,15 +595,12 @@ func executeSign(
 	sortedPartyIDs := tss.SortPartyIDs(tssPartyIDs)
 
 	// Create peer context and parameters
-	// For signing with T parties from an N-party keygen:
-	// - The peer context contains only the T signing parties
-	// - IMPORTANT: partyCount must be the original N from keygen, NOT current signers count
-	// - threshold must be the original T from keygen, NOT T-1
-	// This matches how pkg/tss/signing.go creates parameters in server-party:
-	//   params := tss.NewParameters(tss.S256(), peerCtx, selfTSSID, config.TotalParties, config.Threshold)
-	// where TotalParties=N from keygen and Threshold=T from keygen
+	// For co-managed signing: user says "3-of-5" meaning 3 signers needed
+	// tss-lib threshold parameter t means t+1 signers required
+	// So we pass thresholdT-1 to get the correct number of signers
+	// Example: user wants 3 signers -> pass threshold=2 -> tss-lib needs 2+1=3 signers
 	peerCtx := tss.NewPeerContext(sortedPartyIDs)
-	params := tss.NewParameters(tss.S256(), peerCtx, selfTSSID, thresholdN, thresholdT)
+	params := tss.NewParameters(tss.S256(), peerCtx, selfTSSID, thresholdN, thresholdT-1)
 
 	// Create channels
 	outCh := make(chan tss.Message, thresholdT*10)