Skip to content

feat(clearsign): vault/SDK identity-icon wiring + signing idle-timeout fix#342

Merged
BitHighlander merged 7 commits into
developfrom
feat/clearsign-identity-icons-vault
Jul 12, 2026
Merged

feat(clearsign): vault/SDK identity-icon wiring + signing idle-timeout fix#342
BitHighlander merged 7 commits into
developfrom
feat/clearsign-identity-icons-vault

Conversation

@BitHighlander

@BitHighlander BitHighlander commented Jul 9, 2026

Copy link
Copy Markdown
Collaborator

Vault/SDK half of the persistent clear-sign identity feature. Scope trimmed — the swap and Hive commits that were bundled here moved to #345 and #346; this PR is now clearsign-only.

  • POST /eth/clearsign/load-signer accepts icon (hex ≤384B) + iconWidth/iconHeight + persist, forwards to hdwallet loadClearsignSigner so a loaded identity's logo reaches the device. SDK LoadClearsignSignerParams + zod schema grow the fields.
  • Bun.serve idleTimeout: 0 — human-gated signing legitimately blocks the response past Bun's idle timeout; letting the socket close aborted the second consecutive sign mid-confirm (other side closed). Device signing shouldn't time out at the socket layer.
  • Icon encoder/catalog tooling under scripts/clearsign-icons/; Pioneer compass identity icon.
  • firmware-clearsign-gate.test.ts — pure unit test locking the firmwareClearSigns allowlist to the device's native clear-sign set.

Dependencies (both MERGED)

Test plan

  • tsc clean (hdwallet-keepkey, sdk, vault)
  • Emulator: load a signer with an icon → trust screen + per-tx confirm show the logo (Gate 3 OLED proof)

…t fix

- POST /eth/clearsign/load-signer accepts icon (hex, <=384B) + iconWidth/
  iconHeight + persist, forwards them to hdwallet loadClearsignSigner so a
  loaded identity's logo reaches the device (firmware 7.15 persistent
  identities). SDK LoadClearsignSignerParams + schema grow the fields.
- Bun.serve idleTimeout: 0 — human-gated signing legitimately blocks the
  response longer than Bun's 120s default; letting the socket close aborted
  the second consecutive sign mid-confirm ('other side closed'). Device
  signing has no business timing out at the socket layer.
- test: CLEARSIGN_FLOW=<key> runs a single clear-sign flow (isolates one
  flow / sidesteps the consecutive-sign path).
@BitHighlander BitHighlander requested a review from pastaghost as a code owner July 9, 2026 01:08
…nto device test

Turns any protocol/identity logo into the KeepKey 1bpp mono-RLE bitmap the
OLED renders (<=384B, <=64x64):
- encode-icon.mjs: image -> mono-RLE, self-verified by round-tripping through
  a mirror of the firmware draw_bitmap_mono_rle decoder + 384B cap check.
  ImageMagick does resize/center/threshold; this owns only the RLE codec.
- build-catalog.mjs: batch sources/*.{png,svg,jpg} -> generated catalog JSON.
- clearsign-signer-flows.js: loads the generated Pioneer identity logo with
  persist=true so the device renders it on the trust screen + every per-tx
  confirm (CLEARSIGN_NO_ICON=1 for the text-only path).

Foundation for per-protocol icons: drop a logo in sources/, run build-catalog.
The clearsigner is a third-party provider, not KeepKey — a KeepKey mark
would conflate the two and undermine the trust model. Replace the test
K glyph with a Pioneer compass rose (48x48, 316B). Test loads it under
alias 'Pioneer'.
One handoff per NEW feature/fix (persistent identities, clearsign allowlist,
emulator dead-click/capture/confirm-button, idle-timeout, icon tooling, SDK
tests, perf telemetry, RUJI icon, rujira failover, emu-ABI graft) + an INDEX
with test order, env prereqs, and open items.
@BitHighlander

Copy link
Copy Markdown
Collaborator Author

Added two UX commits on top of the identity-icon work:

  • feat(hive) — copy-to-clipboard on the @username + PeakD/Hive.blog/Ecency profile links (fills the empty Hive card).
  • fix(swap) — (1) token input defaults the output to its chain's native gas asset (USDT mainnet → ETH) instead of blank; only fills an empty output, never overrides a pick. (2) EVM summary collapsed-by-default (<details> accordion, status stays in header). (3) asset search autoCorrect/autoComplete/autoCapitalize=off + spellCheck=false so "USDT" isn't re-corrected into a scam-token match.

All frontend-only, typecheck clean vs the develop baseline. Firmware submodule pin intentionally left out (rc7 is cut & CI-green on the fork).

…dle-timeout, icon coupling, docs

- encode-icon: cap literal packets at 127 (128 emits control 0x80/-128 which
  overflows firmware int8 count and trips draw.c assertion). +boundary self-test.
- rest-api: drop server-wide idleTimeout:0; disable idle timeout per-request
  only for signing + clear-sign trust routes via server.timeout(req, 0).
- schemas: refine LoadClearsignSignerRequest so icon/iconWidth/iconHeight are
  all-present-or-all-absent; SDK type documents the coupling.
- docs: SDK loadClearsignSigner notes persist/icon; handoff #53 marked MERGED;
  drop stray </content> in INDEX.md.
@BitHighlander BitHighlander merged commit bfaf9f1 into develop Jul 12, 2026
1 check passed
@BitHighlander BitHighlander deleted the feat/clearsign-identity-icons-vault branch July 12, 2026 02:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant