Incorrect members returned by multisig AID members endpoint when more than one group in an agent

[lenkan]

See reproduction script here: lenkan/signify-ts@7261f97

Steps to reproduce:

1. Create two signify clients with AID member1 and member2, respectively.
2. Create a multisig group multisig1 with participating members member1 and member2.
3. Call GET /identifiers/multisig1/members
4. Verify that the number and ids of the returned signing and rotating members are correct.
5. Create another multisig group multisig2 with same participating members member1 and member2, add a witness or change the signing thresholds so a new prefix is generated.
6. Call GET /identifiers/multisig2/members

Expected result

The signing and rotating members should only contain member1 and member2:

    {
      signing: [
        {
          aid: 'member1',
          ends: [Object]
        },
        {
          aid: 'member2'
          ends: [Object]
        },
      ],
      rotation: [
        {
          aid: 'member1',
          ends: [Object]
        },
        {
          aid: 'member2'
          ends: [Object]
        },
      ]
    }

Actual result

The signing and rotating members of group multisig2 contains member1, member2 AND two entries of the group multisig1: (Note: multisig1, not multisig2). Like this:

    {
      signing: [
        {
          aid: 'member1',
          ends: [Object]
        },
        {
          aid: 'multisig1',
          ends: [Object]
        },
        {
          aid: 'member2'
          ends: [Object]
        },
        {
          aid: 'multisig1'
          ends: [Object]
        }
      ],
      rotation: [
        {
          aid: 'member1',
          ends: [Object]
        },
        {
          aid: 'multisig1',
          ends: [Object]
        },
        {
          aid: 'member2'
          ends: [Object]
        },
        {
          aid: 'multisig1'
          ends: [Object]
        }
      ]
    }

[psteniusubi]

I believe support for this is not currently implemented.
See here #165

[lenkan]

I believe support for this is not currently implemented. See here #165

I believe that is a different issue. That one describes the issue of creating a multisig AID with two members from the same agent. Notice in the repro that we create one client, i.e. keria agent, for each of the participants.

[psteniusubi]

Yes you're right.
It looks like it's problematic if you have local or remote multisig identifiers with overlapping public key members.

[lenkan]

@pfeairheller I did some digging today and found that this is originating from keripy basing. I tried to create a reproduction unit test for it here: WebOfTrust/keripy@62348bd.

I.e, creating multiple groups in the same hab yields unexpected results.

[pfeairheller]

Sorry, @lenkan I already know the cause and we are working on a much more comprehensive solution inside of KERIpy.

[pfeairheller]

Actually, closing this because it is not a KERIA issue. you can track progress here:

WebOfTrust/keripy#694