Skip to content

feat(hive): clear-signed ops — vote/post/customJson/broadcast + full phase-2 Keychain surface#108

Open
BitHighlander wants to merge 3 commits into
developfrom
feat/hive-keychain-ops
Open

feat(hive): clear-signed ops — vote/post/customJson/broadcast + full phase-2 Keychain surface#108
BitHighlander wants to merge 3 commits into
developfrom
feat/hive-keychain-ops

Conversation

@BitHighlander

Copy link
Copy Markdown
Collaborator

What

Stacked on #107 (includes its commit — merge #107 first, or merge this and #107 collapses).

Two commits:

1. Ops wiring (hiveSignAndBroadcastOps)

Shared path for requestVote / requestPost / requestCustomJson / requestBroadcast: validate against the firmware clear-sign op table → side-panel approval (per-op summaries) → vault POST /hive/sign-operations (device parses + re-displays the Graphene bytes before signing) → Pioneer /hive/broadcast-ops with the exact TaPoS header the device signed. Keychain-shaped { id, tx_id, confirmed } result.

2. Phase-2 Keychain surface

Un-stubs six convenience methods as thin op builders over the same path, and extends the allowlist to the phase-2 table (transfer_to_vesting, withdraw_vesting, convert, comment_options, transfer_to/from_savings, claim_reward_balance, delegate_vesting_shares, account_update2):

Method Op
requestPowerUp transfer_to_vesting
requestPowerDown withdraw_vesting ('0.000' → stop)
requestDelegation delegate_vesting_shares (HP or VESTS)
requestSavingsOperation transfer_to/from_savings
requestConversion convert (HBD→HIVE; collateralized rejected — op 48 not clear-signable)
requestSendToken custom_json ssc-mainnet-hive (Hive Engine, active auth)

requestPost now honors comment_options — appended as op 19 with author/permlink forced to the comment's (vault serializer + firmware reject any mismatch; beneficiaries are shown per-account on approval, never summarized away).

HP→VESTS uses the vesting pool now exposed on Pioneer /hive/tx-params (coinmastersguild/pioneer#170) — no direct Hive-node calls, clear error if the deployed API predates the field.

Depends on

Verification

make type-check 15/15, make test green. End-to-end SkateHive runs (power up, beneficiary post, claim rewards, profile update) blocked on the firmware branch + Pioneer deploy — tracked in HIVE-STATUS.

BitHighlander and others added 3 commits July 15, 2026 12:14
…15.0)

- injected: real requestSignBuffer (Keychain signature incl. rpc/title);
  handler results can now shape the top-level Keychain response so
  publicKey sits beside result, matching Keychain's createMessage
- background: hive_signBuffer — role map Posting/Active/Memo (Owner
  rejected, matches firmware), Keychain JSON-Buffer unwrap host-side,
  username-mismatch reject, side-panel approval with the challenge text,
  vault POST /hive/sign-message, returns { result: sigHex, publicKey }

Depends on vault PR keepkey/keepkey-vault#357.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…ia vault sign-operations

Shared path: validate ops against the firmware clear-sign table, side-panel
approval, vault /hive/sign-operations (device parses + displays the Graphene
bytes), broadcast via Pioneer /hive/broadcast-ops with the exact header the
device signed. Keychain-shaped { id, tx_id, confirmed } result.
…ings, conversion, Hive Engine tokens, beneficiary posts

Un-stubs requestSendToken / requestDelegation / requestPowerUp /
requestPowerDown / requestSavingsOperation / requestConversion as thin op
builders over the existing sign-operations path, and extends the op
allowlist to the full firmware phase-2 clear-sign table (handoff-hive-
sign-operations-phase2.md).

- requestPost now honors comment_options: appended as op 19 with author/
  permlink forced to the comment's (the vault serializer + firmware reject
  any mismatch; beneficiaries displayed per-account on approval)
- HP -> VESTS via the vesting pool on Pioneer /hive/tx-params (no direct
  Hive-node calls); '0.000' power-down/delegation short-circuits to the
  stop/remove form without the conversion fetch
- requestSendToken = custom_json on ssc-mainnet-hive with active auth
- collateralized (HIVE->HBD) conversion stays rejected — op 48 is not in
  the clear-sign table
- same strict no-parseFloat amount validation as requestTransfer; '#'
  encrypted memos rejected on savings ops
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant