feat(wallet): worker-status superpower + signing hardening (calldata decode, EIP-712)#76
Merged
Conversation
…decode, EIP-712) Further develops the wallet on both axes. Superpower (read-only, via lightnode-sdk): - In-wallet Worker panel: shows whether the connected address is a registered LightChain worker, its stake, min-stake, headroom, claimable rewards, and a below-floor warning, via WorkerOperator.status(). Acting links out to lightnode. A new background workerStatus op runs the read and returns only number/bool fields (structured clone rejects bigint). Signing hardening (the mainnet-gate items, no new deps): - Dangerous-calldata decoding: decodeDangerousCall() classifies tx data and the approval popup now hard-warns on UNLIMITED approve / increaseAllowance / setApprovalForAll(true) / permit, and labels transfers; unrecognized calls are flagged "only approve if you trust this site". Includes both safeTransferFrom selectors (3-arg + 4-arg-with-bytes) per the review. - eth_signTypedData_v4: was allow-listed but unimplemented; now signs (binding to chainId 9200/8200) and the popup shows the EIP-712 domain name, verifyingContract, primaryType, a wrong-chain warning, and a Permit/order warning. 10 new pure unit tests (decode-call + typed-data); 24 wallet tests total. wxt build + tsc green. Encrypted inference + bridge remain deferred (the inference session flow collides with the MV3 service-worker lifecycle, per the review).
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Further develops the wallet on both axes from the last round.
Superpower: in-wallet worker status (read-only, via lightnode-sdk)
A Worker panel shows whether the connected address is a registered LightChain worker, its stake / min-stake / headroom / claimable rewards, and a below-floor warning, via
WorkerOperator.status(). A new backgroundworkerStatusop runs the read and returns only number/bool fields (structured clone rejects bigint). Acting links out to lightnode. No other wallet knows LightChain workers exist.Signing hardening (the "mainnet gate" items, no new deps)
decodeDangerousCall()classifiestx.data; the approval popup hard-warns on UNLIMITEDapprove/increaseAllowance,setApprovalForAll(true), andpermit, labels transfers, and flags unrecognized calls. Includes bothsafeTransferFromselectors (3-arg + 4-arg-with-bytes) per the review.eth_signTypedData_v4: was allow-listed but unimplemented (popped, then failed); now signs - bound to chainId 9200/8200 - and the popup renders the EIP-712 domain name, verifyingContract, primaryType, a wrong-chain warning, and a Permit/order warning (review H5).Verification
10 new pure unit tests (calldata decode + typed-data); 24 wallet tests total;
wxt build+tscgreen. The SDK bundles cleanly into the extension.Encrypted inference + bridge remain deferred: the inference session flow (SIWE bearer + on-chain session + WebSocket relay) collides with the MV3 service-worker 30s lifecycle, so a read-only quote slice is the honest next step there.
Root CI unaffected (
wallet/is excluded from the Next app); 491 root tests green.