fix(tbtc/signer): validate incoming attempt context before clearing active round

[mswilkison]

Summary

Follow-up to #4005 (FROST/ROAST signer). Fixes a session-bricking bug in the attempt-advance path of start_sign_round.

On an authorized attempt advance, start_sign_round cleared the active sign round (clear_active_sign_round_for_attempt_transition) before validating the incoming attempt context against the deterministic RFC-21 coordinator selection. A malformed advance whose transition evidence was internally consistent but whose coordinator_identifier failed deterministic validation destroyed the in-memory round, then returned an error without persisting. Because the original attempt id stayed in consumed_attempt_ids, that attempt could never be re-signed in-memory — the signing session was bricked until the durable (un-cleared) state was reloaded on restart.

Fix

Run validate_attempt_context on the incoming context before clearing the active round, so a rejected advance leaves the round intact. The same validation already ran later on the fresh-attempt path, so no legitimate advance is newly rejected — the check is simply moved ahead of the destructive clear.

Test

Adds rejected_forged_advance_preserves_active_sign_round: it forges the coordinator on an otherwise-valid advance and asserts the original attempt remains signable. Verified to fail against the unfixed code (ConsumedAttemptReplay) and pass with the fix.

Scope

Gated off in production by enforce_transitional_signing_disabled_in_production, so impact is limited to the dev/staging transitional-nonce path.

Found during review of #4005.

🤖 Generated with Claude Code

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 13a195f5-01e2-4d0f-950d-39cc932c1eef

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/signer-validate-attempt-context-before-clear

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}