feat: Zcash Orchard shielded transaction support#11
Draft
BitHighlander wants to merge 12 commits intodevelopfrom
Draft
feat: Zcash Orchard shielded transaction support#11BitHighlander wants to merge 12 commits intodevelopfrom
BitHighlander wants to merge 12 commits intodevelopfrom
Conversation
…s access in watch-only - Engine: auto-trigger promptPin() on needs_passphrase so device sends PASSPHRASE_REQUEST - Engine: route applySettings through updateState so passphrase toggle triggers full flow - PassphraseEntry: show "Confirm on your KeepKey" spinner after submit instead of dismissing - App: auto-dismiss passphrase overlay when device transitions away from needs_passphrase - App: show needs_pin/needs_passphrase as splash (not ready) to prevent dashboard flash - App: enable settings gear + drawer in watch-only/claimed mode - TopNav: remove watchOnly disable on settings button - i18n: add passphrase.confirmOnDevice strings (10 languages) - i18n: enable partialBundledLanguages for graceful fallback - Bump version to 1.1.2
- Rename build folder to _build (electrobun.config, collect-externals, build-windows-production.ps1) - Add cross-platform window drag to TopNav (useWindowDrag on Windows, CSS class on Mac) - Update Makefile verify/clean targets to match _build rename Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
xcrun stapler staple fails with relative paths — it can't resolve the file. Using $(pwd) ensures all tools (hdiutil, codesign, stapler) get a consistent absolute path.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- engine-controller: updatePhase = 'idle' (not null) on reboot poll timeout, emit disconnected state so UI recovers; reduce poll log frequency to every 30s - reports: add safeRoundSats() guard for satoshi values near MAX_SAFE_INTEGER, validate Pioneer API response shapes, export SECTION_TITLES constants - tax-export: use shared SECTION_TITLES constants, add row bounds checking to prevent silent data corruption on schema changes - PassphraseEntry: catch onSubmit errors to reset spinner (device disconnect during confirm no longer leaves overlay stuck) - App: suppress PIN auto-show during all firmware phases (not just rebooting) - index: post-decode firmware size validation (7.5MB binary limit)
release: v1.1.2 — passphrase flow, Windows drag, build fixes
Add ZEC chain config, UTXO tx builder with Zcash v4 overwintered params (NU6.1 branchId), t1/t3 address encoding, fee defaults, and REST API passthrough for Zcash-specific fields. Fix dangling symlink cleanup in collect-externals build script. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Complete shielded (Orchard) transaction support for KeepKey Vault v11: - Rust sidecar (zcash-cli): NDJSON IPC process handling chain scanning, PCZT construction, Halo2 proving, ZIP-244 sighash, and tx finalization. Communicates via stdin/stdout, never opens USB device. - Privacy tab UI: new "Privacy" pill on Zcash AssetPage with shielded balance display, Orchard Unified Address (u1...) with QR code, chain scan controls, and shielded send form with device signing flow. - Device FVK export: wallet.zcashGetOrchardFVK() retrieves the Full Viewing Key (ak, nk, rivk) from device firmware — seed never leaves the device. Sidecar reconstructs FVK and derives Unified Address. - Sidecar lifecycle: auto-starts on app boot, graceful shutdown on quit, multi-path binary resolution for dev/production builds. - Hidden chain support: zcash-shielded chain hidden from Dashboard grid but accessible internally via Privacy tab. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sidecar improvements: - Enhanced startup lifecycle with health check retries - Better error handling for binary path resolution - Improved NDJSON IPC robustness Scanner improvements: - Subtree root fetching for ShardTree construction - Improved compact block trial decryption - Better nullifier tracking for spend detection - GetTreeState and GetSubtreeRoots gRPC integration PCZT builder improvements: - Real Merkle witness computation from ShardTree - Halo2 proof generation for Orchard actions - v5 transaction serialization with proper padding - RedPallas signature application Frontend: - Enhanced ZcashPrivacyTab with better status display - Improved scanning progress and error feedback Update submodule refs: - device-protocol: feature-zcash (messages-zcash.proto) - hdwallet: feature-zcash (zcash.ts + wallet wiring)
- Remove dev-only startHeight:3260068 from ZcashPrivacyTab scan - Wire memo through full stack: buildShieldedTx → sidecar IPC → Rust build_pczt → Orchard note encryption - Add enc_ciphertext length validation before buffer slicing (panic guard) - Add sendCommand timeout (300s default) to prevent hung sidecar requests - Fix JSON parse error to reject pending request instead of leaving it hanging - Add REST API input validation: seed_hex format, amount bounds, signature format - Redact FVK key material from debug logs, move signature diagnostics to debug level - Fix init failure status: show not_running instead of masking as ready - Suppress 6 Rust compiler warnings (dead_code on reference implementations) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
BitHighlander
force-pushed
the
feature-zcash
branch
from
0a9b2b4 to
05c9ce3
Compare
H1-1: Fix witness ordering — iterate sorted_by_pos for checkpoint ID alignment H1-2: Replace FIFO queue with request-ID Map in sidecar IPC (TS + Rust) H2-1: Validate signature count matches action count in finalize_pczt H2-2: Replace .unwrap() with .ok()? in scanner for untrusted gRPC data H2-3: Disable seed_hex REST endpoint (dev-only path removed) H2-4: Add concurrency guard to prevent concurrent sendShielded calls H2-5: Validate device signature array length matches n_actions M1: Promote verify_result log to hard error on signature failure M2: Use full 32-byte ak hash for FVK fingerprint comparison M3: String-based decimal→zatoshi conversion (no float precision loss) M4: Validate memo byte-length (512 max) before send L1: Extract hardcoded English strings to i18n keys Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Hardening (code review fixes)
Won't Do (this PR)
Test plan