feat: implement starknet for native

[NeOMakinG]

Implement starknet for native

Most of the things here are about derivation paths!

Summary by CodeRabbit

• New Features
  • Full StarkNet wallet support in native builds: derive addresses, fetch public keys, and sign StarkNet transactions; account paths follow standard HD conventions.
• Bug Fixes / Stability
  • Key management and initialization extended to include StarkNet master key with secure derivation and revocation; initialization/wipe flows updated.
• Chores
  • Added StarkNet coin id to coin registry, new crypto engine exports, test coverage updates, and package/version bumps with StarkNet runtime deps.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds Starknet support across core and native packages: new Starknet types/exports, slip44 entry, native Stark node implementation and adapters, Starknet mixins wired into NativeHDWallet, dependency bumps, and tests updated to pass a Stark master key.

Changes

Cohort / File(s)	Summary
Core exports & types packages/hdwallet-core/src/index.ts, packages/hdwallet-core/src/starknet.ts, packages/hdwallet-core/src/wallet.ts, packages/hdwallet-core/src/utils.ts	New Starknet interfaces and types (wallet messages, account path helpers), export * from "./starknet", type guards supportsStarknet / infoStarknet, and slip44 entry Starknet: 9004.
Native mixins & integration packages/hdwallet-native/src/native.ts, packages/hdwallet-native/src/starknet.ts	Added mixins MixinNativeStarknetWalletInfo / MixinNativeStarknetWallet; integrated starkMasterKey into init/describePath/wipe flows; NativeHDWallet/Info implement Starknet interfaces.
Isolation core & interfaces packages/hdwallet-native/src/crypto/isolation/core/index.ts, packages/hdwallet-native/src/crypto/isolation/core/stark/*, packages/hdwallet-native/src/crypto/isolation/core/bip32/interfaces.ts	New Stark export, Core.Stark.Node interface (getPublicKey, getChainCode, derive, sign), re-exports, and Seed.toStarkMasterKey() API on Seed interface.
Engine implementations (default & dummy) packages/hdwallet-native/src/crypto/isolation/engines/default/stark.ts, .../default/bip32.ts, .../dummy/bip32.ts, .../default/index.ts	Default Stark Node implementing SLIP-0010 derivation, grinding, signing, revocation; toStarkMasterKey() implemented in default engine; dummy engine throws for Stark; default engine re-exports Stark.
Isolation adapters packages/hdwallet-native/src/crypto/isolation/adapters/stark.ts, packages/hdwallet-native/src/crypto/isolation/adapters/starknet.ts, packages/hdwallet-native/src/crypto/isolation/adapters/index.ts	New StarkAdapter and StarknetAdapter (derive keys, compute OZ account address, sign txs); adapters exported from adapters index.
Native surface & tests packages/hdwallet-native/src/adapter.ts, packages/hdwallet-native/src/native.test.ts, packages/hdwallet-native/package.json	NativeAdapterArgs extended with optional starkMasterKey; tests updated to create/pass Stark.Node; package.json bumped and adds @scure/starknet and starknet deps.
Monorepo bumps lerna.json, integration/package.json, examples/sandbox/package.json, many packages/*/package.json	Version bumps from 1.62.32 → 1.62.33 across packages and dependent package pins updated to the new core/native versions.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Native as NativeHDWallet
    participant MixinInfo as StarknetInfoMixin
    participant MixinWallet as StarknetWalletMixin
    participant Adapter as StarknetAdapter
    participant Node as Core.Stark.Node
    participant Lib as `@scure/starknet`

    User->>Native: create(mnemonic)
    Native->>Native: derive seeds & master keys
    Native->>Node: toStarkMasterKey()
    Node-->>Native: Stark master key

    Native->>MixinWallet: starknetInitializeWallet(masterKey)
    MixinWallet->>Adapter: construct(node adapter)
    Adapter-->>MixinWallet: ready

    User->>Native: starknetGetAddress(path)
    Native->>MixinWallet: starknetGetAddress
    MixinWallet->>Adapter: getAddress(path)
    Adapter->>Node: getPublicKey()
    Node->>Lib: grindKey / getStarkKey
    Lib-->>Node: publicKey
    Adapter->>Lib: compute OZ account address
    Lib-->>Adapter: address
    Adapter-->>MixinWallet: address
    MixinWallet-->>User: address

    User->>Native: starknetSignTx(txHash, path)
    Native->>MixinWallet: starknetSignTx
    MixinWallet->>Adapter: signTransaction(txHash, path)
    Adapter->>Node: sign(txHash)
    Node->>Lib: sign with privateKey
    Lib-->>Node: {r, s}
    Adapter-->>MixinWallet: signature
    MixinWallet-->>User: signed tx

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Suggested reviewers

• kaladinlight

Poem

🐇 I hopped through code with tiny paws,
Grinding keys and minding paths and flaws.
Starknet springs from seed to sign,
Addresses shine like carrot rind.
A rabbit's nibble — tests pass fine! 🥕✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat: implement starknet for native' accurately and concisely summarizes the main change: implementing Starknet support in the native package, which is the primary focus across all modified files.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch starknet-integration

---

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between c1b54f1 and 2c1b669.

📒 Files selected for processing (28)

• examples/sandbox/package.json
• integration/package.json
• lerna.json
• packages/hdwallet-coinbase/package.json
• packages/hdwallet-core/package.json
• packages/hdwallet-gridplus/package.json
• packages/hdwallet-keepkey-chromeusb/package.json
• packages/hdwallet-keepkey-electron/package.json
• packages/hdwallet-keepkey-nodehid/package.json
• packages/hdwallet-keepkey-nodewebusb/package.json
• packages/hdwallet-keepkey-tcp/package.json
• packages/hdwallet-keepkey-webusb/package.json
• packages/hdwallet-keepkey/package.json
• packages/hdwallet-keplr/package.json
• packages/hdwallet-ledger-webhid/package.json
• packages/hdwallet-ledger-webusb/package.json
• packages/hdwallet-ledger/package.json
• packages/hdwallet-metamask-multichain/package.json
• packages/hdwallet-native-vault/package.json
• packages/hdwallet-native/package.json
• packages/hdwallet-native/src/native.test.ts
• packages/hdwallet-phantom/package.json
• packages/hdwallet-portis/package.json
• packages/hdwallet-trezor-connect/package.json
• packages/hdwallet-trezor/package.json
• packages/hdwallet-vultisig/package.json
• packages/hdwallet-walletconnect/package.json
• packages/hdwallet-walletconnectV2/package.json

✅ Files skipped from review due to trivial changes (3)

• packages/hdwallet-keepkey-nodewebusb/package.json
• packages/hdwallet-core/package.json
• packages/hdwallet-trezor-connect/package.json

🧰 Additional context used

🧠 Learnings (10)

📚 Learning: 2025-08-07T15:27:03.179Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: packages/hdwallet-ledger/package.json:36-36
Timestamp: 2025-08-07T15:27:03.179Z
Learning: In the shapeshiftoss/hdwallet monorepo, the ledgerhq/hw-transport dependency in packages/hdwallet-ledger/package.json is pinned to an exact version (without caret) due to type mismatches that occur with newer versions. Other Ledger dependencies can safely use caret ranges.

Applied to files:

• packages/hdwallet-ledger-webhid/package.json
• examples/sandbox/package.json
• packages/hdwallet-coinbase/package.json
• packages/hdwallet-walletconnectV2/package.json
• packages/hdwallet-keplr/package.json
• packages/hdwallet-ledger-webusb/package.json
• packages/hdwallet-gridplus/package.json
• packages/hdwallet-ledger/package.json
• packages/hdwallet-keepkey-tcp/package.json
• packages/hdwallet-keepkey/package.json
• packages/hdwallet-portis/package.json
• packages/hdwallet-keepkey-webusb/package.json
• packages/hdwallet-keepkey-chromeusb/package.json
• packages/hdwallet-native/src/native.test.ts
• packages/hdwallet-vultisig/package.json
• packages/hdwallet-native-vault/package.json
• packages/hdwallet-metamask-multichain/package.json
• packages/hdwallet-trezor/package.json
• packages/hdwallet-keepkey-nodehid/package.json
• packages/hdwallet-native/package.json
• packages/hdwallet-walletconnect/package.json
• packages/hdwallet-keepkey-electron/package.json
• integration/package.json
• packages/hdwallet-phantom/package.json

📚 Learning: 2025-08-07T15:23:54.858Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: packages/hdwallet-coinbase/package.json:18-18
Timestamp: 2025-08-07T15:23:54.858Z
Learning: In the shapeshiftoss/hdwallet monorepo, package version bumps are done in PRs before publishing. The packages are published after the PR is merged, so dependency versions may reference unpublished versions during the PR review phase. This is expected behavior in their release workflow.

Applied to files:

• packages/hdwallet-ledger-webhid/package.json
• examples/sandbox/package.json
• packages/hdwallet-coinbase/package.json
• packages/hdwallet-walletconnectV2/package.json
• packages/hdwallet-keplr/package.json
• packages/hdwallet-ledger-webusb/package.json
• packages/hdwallet-gridplus/package.json
• packages/hdwallet-ledger/package.json
• packages/hdwallet-keepkey-tcp/package.json
• packages/hdwallet-keepkey/package.json
• packages/hdwallet-portis/package.json
• packages/hdwallet-keepkey-webusb/package.json
• packages/hdwallet-keepkey-chromeusb/package.json
• packages/hdwallet-vultisig/package.json
• packages/hdwallet-native-vault/package.json
• packages/hdwallet-metamask-multichain/package.json
• packages/hdwallet-trezor/package.json
• packages/hdwallet-keepkey-nodehid/package.json
• packages/hdwallet-native/package.json
• packages/hdwallet-walletconnect/package.json
• packages/hdwallet-keepkey-electron/package.json
• integration/package.json
• packages/hdwallet-phantom/package.json

📚 Learning: 2025-08-07T15:24:19.530Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: packages/hdwallet-ledger-webusb/package.json:3-3
Timestamp: 2025-08-07T15:24:19.530Z
Learning: In the shapeshiftoss/hdwallet monorepo, the team runs `yarn build` before bumping versions and also before publishing packages. This ensures that dist/ artifacts (including UMD bundles) are properly regenerated after dependency updates.

Applied to files:

• packages/hdwallet-ledger-webhid/package.json
• examples/sandbox/package.json
• packages/hdwallet-coinbase/package.json
• packages/hdwallet-walletconnectV2/package.json
• packages/hdwallet-keplr/package.json
• packages/hdwallet-ledger-webusb/package.json
• packages/hdwallet-gridplus/package.json
• packages/hdwallet-ledger/package.json
• packages/hdwallet-keepkey-tcp/package.json
• packages/hdwallet-keepkey/package.json
• packages/hdwallet-portis/package.json
• packages/hdwallet-keepkey-webusb/package.json
• packages/hdwallet-keepkey-chromeusb/package.json
• packages/hdwallet-vultisig/package.json
• packages/hdwallet-native-vault/package.json
• packages/hdwallet-metamask-multichain/package.json
• packages/hdwallet-trezor/package.json
• packages/hdwallet-keepkey-nodehid/package.json
• packages/hdwallet-native/package.json
• packages/hdwallet-walletconnect/package.json
• packages/hdwallet-keepkey-electron/package.json
• integration/package.json
• packages/hdwallet-phantom/package.json

📚 Learning: 2025-08-07T15:47:26.835Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: packages/hdwallet-ledger-webusb/src/transport.ts:12-12
Timestamp: 2025-08-07T15:47:26.835Z
Learning: In the shapeshiftoss/hdwallet monorepo, ts-ignore is used instead of ts-expect-error for Ledger transport imports because the CI environment has different type checking behavior than local development. The code works locally without errors, but CI reports type issues, so ts-ignore is necessary to suppress the inconsistent type checking across environments.

Applied to files:

• packages/hdwallet-ledger-webhid/package.json
• examples/sandbox/package.json
• packages/hdwallet-coinbase/package.json
• packages/hdwallet-walletconnectV2/package.json
• packages/hdwallet-keplr/package.json
• packages/hdwallet-ledger-webusb/package.json
• packages/hdwallet-gridplus/package.json
• packages/hdwallet-ledger/package.json
• packages/hdwallet-keepkey-tcp/package.json
• packages/hdwallet-keepkey/package.json
• packages/hdwallet-portis/package.json
• packages/hdwallet-keepkey-webusb/package.json
• packages/hdwallet-keepkey-chromeusb/package.json
• packages/hdwallet-native/src/native.test.ts
• packages/hdwallet-vultisig/package.json
• packages/hdwallet-native-vault/package.json
• packages/hdwallet-metamask-multichain/package.json
• packages/hdwallet-trezor/package.json
• packages/hdwallet-keepkey-nodehid/package.json
• packages/hdwallet-walletconnect/package.json
• packages/hdwallet-keepkey-electron/package.json
• integration/package.json

📚 Learning: 2025-12-09T13:48:55.139Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 764
File: packages/hdwallet-gridplus/package.json:0-0
Timestamp: 2025-12-09T13:48:55.139Z
Learning: In the shapeshiftoss/hdwallet monorepo, the dist/ directory is not version controlled (not tracked in git). Build artifacts are generated during the build/publish workflow, not committed to the repository.

Applied to files:

• packages/hdwallet-ledger-webhid/package.json
• examples/sandbox/package.json
• packages/hdwallet-coinbase/package.json
• packages/hdwallet-walletconnectV2/package.json
• packages/hdwallet-keplr/package.json
• packages/hdwallet-ledger-webusb/package.json
• packages/hdwallet-gridplus/package.json
• packages/hdwallet-ledger/package.json
• packages/hdwallet-keepkey-tcp/package.json
• packages/hdwallet-keepkey/package.json
• packages/hdwallet-portis/package.json
• packages/hdwallet-keepkey-webusb/package.json
• packages/hdwallet-keepkey-chromeusb/package.json
• packages/hdwallet-vultisig/package.json
• packages/hdwallet-native-vault/package.json
• packages/hdwallet-metamask-multichain/package.json
• packages/hdwallet-trezor/package.json
• packages/hdwallet-keepkey-nodehid/package.json
• packages/hdwallet-native/package.json
• packages/hdwallet-walletconnect/package.json
• packages/hdwallet-keepkey-electron/package.json
• integration/package.json
• packages/hdwallet-phantom/package.json

📚 Learning: 2025-08-07T15:47:29.207Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: packages/hdwallet-ledger/src/transport.ts:10-10
Timestamp: 2025-08-07T15:47:29.207Z
Learning: In the shapeshiftoss/hdwallet monorepo, ts-ignore is used instead of ts-expect-error for Ledger transport imports because the code works locally without TypeScript errors but has issues in CI environment. Using ts-expect-error would fail locally since there are no actual errors to suppress.

Applied to files:

• packages/hdwallet-ledger-webhid/package.json
• examples/sandbox/package.json
• packages/hdwallet-coinbase/package.json
• packages/hdwallet-walletconnectV2/package.json
• packages/hdwallet-keplr/package.json
• packages/hdwallet-ledger-webusb/package.json
• packages/hdwallet-gridplus/package.json
• packages/hdwallet-ledger/package.json
• packages/hdwallet-keepkey-tcp/package.json
• packages/hdwallet-keepkey/package.json
• packages/hdwallet-portis/package.json
• packages/hdwallet-keepkey-webusb/package.json
• packages/hdwallet-keepkey-chromeusb/package.json
• packages/hdwallet-native/src/native.test.ts
• packages/hdwallet-vultisig/package.json
• packages/hdwallet-native-vault/package.json
• packages/hdwallet-metamask-multichain/package.json
• packages/hdwallet-trezor/package.json
• packages/hdwallet-keepkey-nodehid/package.json
• packages/hdwallet-native/package.json
• packages/hdwallet-walletconnect/package.json
• packages/hdwallet-keepkey-electron/package.json
• integration/package.json
• packages/hdwallet-phantom/package.json

📚 Learning: 2025-12-12T11:20:00.907Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 769
File: packages/hdwallet-walletconnectV2/src/walletconnectV2.ts:150-152
Timestamp: 2025-12-12T11:20:00.907Z
Learning: In the shapeshift/hdwallet monorepo, the `ethSupportsNetwork()` method in wallet implementations is a legacy/relic method that is no longer used. Chain support is determined by the `_supports*` flags (e.g., `_supportsMonad`, `_supportsPlasma`, `_supportsHyperEvm`) on the wallet classes, not by the `ethSupportsNetwork()` method.

Applied to files:

• packages/hdwallet-coinbase/package.json
• packages/hdwallet-trezor/package.json

📚 Learning: 2025-12-24T17:35:44.759Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 774
File: packages/hdwallet-native/src/starknet.ts:16-18
Timestamp: 2025-12-24T17:35:44.759Z
Learning: In the files under packages/hdwallet-native/src (e.g., tron.ts, sui.ts, solana.ts, starknet.ts), the NextAccountPath() methods in WalletInfo mixins intentionally throw new Error("Method not implemented"). These methods exist as placeholders and are not used by the chain implementations. Treat these methods as intentionally non-operational: do not call them, and consider removing or documenting them to avoid confusion. This guideline applies broadly to all chain implementation files in this directory.

Applied to files:

• packages/hdwallet-native/src/native.test.ts

📚 Learning: 2025-12-12T11:19:53.263Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 769
File: packages/hdwallet-walletconnectV2/src/walletconnectV2.ts:150-152
Timestamp: 2025-12-12T11:19:53.263Z
Learning: In the shapeshift/hdwallet monorepo, remove reliance on ethSupportsNetwork() across wallet implementations. This legacy method is no longer used to determine chain support. Instead, rely on the wallet class flags like _supportsMonad, _supportsPlasma, _supportsHyperEvm. Review all wallet implementations for ethSupportsNetwork() usage and migrate checks to the corresponding _supports* flags, updating tests and any affected logic accordingly.

Applied to files:

• packages/hdwallet-native/src/native.test.ts

📚 Learning: 2025-08-07T15:24:34.076Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: examples/sandbox/package.json:15-31
Timestamp: 2025-08-07T15:24:34.076Z
Learning: Lerna v6+ supports workspace protocol syntax (workspace:*) but does not automatically convert exact versions to workspace protocol during version bumps. It only preserves existing workspace protocol syntax. Teams using Lerna for automated version bumps would need manual conversion to use workspace protocol, which negates automation benefits.

Applied to files:

• lerna.json

🧬 Code graph analysis (1)

packages/hdwallet-native/src/native.test.ts (4)

packages/hdwallet-native/src/crypto/utils.ts (1)

• fromB64ToArray (13-15)

packages/hdwallet-native/src/crypto/isolation/core/bip32/interfaces.ts (1)

• Node (13-18)

packages/hdwallet-native/src/crypto/isolation/engines/default/bip32.ts (1)

• Node (12-152)

packages/hdwallet-native/src/crypto/isolation/core/ed25519/interfaces.ts (1)

• Node (3-7)

🪛 Gitleaks (8.30.0)

packages/hdwallet-native/src/native.test.ts

[high] 13-13: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Build and Release

🔇 Additional comments (28)

packages/hdwallet-keepkey-electron/package.json (1)

3-3: LGTM! Version coordination is correct.

The package version and its dependency on @shapeshiftoss/hdwallet-keepkey are properly synchronized at version 1.62.33. This patch increment aligns with the monorepo's version coordination strategy for propagating changes.

Based on learnings, version bumps are done in PRs before publishing, and the packages will be published after the PR is merged.

Also applies to: 17-17

examples/sandbox/package.json (1)

3-3: LGTM! Consistent version bump across monorepo.

The version bumps from 1.62.32 to 1.62.33 are consistent across the sandbox package and all its @shapeshiftoss/hdwallet-* dependencies. This coordinated update aligns with the PR's Starknet implementation and follows the established monorepo workflow.

Based on learnings, version bumps in PRs before publishing with unpublished dependency versions are expected in this repository's release workflow.

Also applies to: 15-33

packages/hdwallet-portis/package.json (1)

3-3: LGTM! Standard version alignment with core package.

The coordinated version bumps (1.62.32 → 1.62.33) appropriately update this package to reference the new hdwallet-core version that includes Starknet support. This follows the expected monorepo workflow where dependency versions are bumped in the PR before publishing.

Also applies to: 19-19

packages/hdwallet-phantom/package.json (2)

3-3: LGTM - Coordinated version bump.

The package version bump to 1.62.33 aligns with the broader monorepo release that adds Starknet support. This maintains version consistency across packages.

---

18-18: LGTM - Dependency version aligned.

The hdwallet-core dependency bump to 1.62.33 maintains consistency with the package version. This pulls in the updated core package that now includes Starknet exports.

Based on learnings, dependency versions referencing unpublished versions during PR review is expected behavior in this monorepo's release workflow.

packages/hdwallet-native-vault/package.json (1)

3-3: LGTM! Version alignment looks good.

The version bump and dependency update correctly align the vault package with the updated hdwallet-native package that now includes Starknet support.

Also applies to: 18-18

packages/hdwallet-ledger-webhid/package.json (1)

3-3: LGTM! Version bumps are consistent and aligned.

The version bumps across the package and its internal dependencies are consistent (all moving from 1.62.32 to 1.62.33). This aligns the ledger-webhid package with the Starknet feature additions in core and native packages without requiring functional changes here.

Based on learnings, version bumps before publishing and referencing unpublished versions in PRs is expected workflow behavior in this monorepo.

Also applies to: 21-22

packages/hdwallet-ledger/package.json (1)

3-3: LGTM! Standard version alignment.

The version bump to 1.62.33 and the corresponding hdwallet-core dependency update correctly align this package with the Starknet integration in hdwallet-core.

Based on learnings, version bumps referencing unpublished versions during PR review are expected in this monorepo's release workflow.

Also applies to: 31-31

packages/hdwallet-ledger-webusb/package.json (1)

3-3: LGTM! Dependency cascade properly maintained.

The version bump to 1.62.33 and the corresponding updates to both hdwallet-core and hdwallet-ledger dependencies correctly propagate the Starknet integration changes through the package hierarchy.

Based on learnings, version bumps referencing unpublished versions during PR review are expected in this monorepo's release workflow.

Also applies to: 23-24

packages/hdwallet-metamask-multichain/package.json (1)

3-3: Verify whether this package bump is necessary for the Starknet PR.

The version bumps are consistent and follow standard monorepo practices. However, since this PR focuses on Starknet support for the native package and this is the MetaMask multichain package, please confirm whether this package actually needs to be updated as part of this PR, or if it's being bumped solely to maintain version consistency across the monorepo.

Based on learnings, version bumps in PRs before publishing are expected in this repository's workflow.

Also applies to: 20-20

lerna.json (1)

3-3: LGTM! Version bump is consistent across the monorepo.

The coordinated patch version bump (1.62.32 → 1.62.33) aligns all packages for this Starknet integration release.

packages/hdwallet-coinbase/package.json (1)

3-3: LGTM! Version and dependency alignment are correct.

The package version and @shapeshiftoss/hdwallet-core dependency are properly synchronized at 1.62.33, maintaining monorepo consistency.

Also applies to: 18-18

integration/package.json (1)

3-3: LGTM! All dependency versions are properly aligned.

The integration package and all hdwallet dependencies are correctly synchronized at version 1.62.33.

Also applies to: 15-24

packages/hdwallet-vultisig/package.json (1)

3-3: Version bumps aligned with Starknet integration.

The version and dependency updates are consistent with the PR's addition of Starknet support to hdwallet-core.

Also applies to: 20-20

packages/hdwallet-native/src/native.test.ts (3)

3-3: Stark engine import added correctly.

The Stark import is properly added alongside BIP32 and ED25519 for Starknet support.

---

13-14: Test constants are appropriate fixtures.

These base64-encoded test constants are derived from the 'all all all' mnemonic and are suitable for test scenarios.

---

178-185: Proper Stark.Node instantiation and usage.

The starkMasterKey is correctly created using Stark.Node.create with the test constants and properly passed to wallet creation and loadDevice.

packages/hdwallet-keepkey-webusb/package.json (1)

3-3: Consistent version alignment for Starknet support.

Package and dependency versions are properly synchronized with the Starknet integration changes in hdwallet-core.

Also applies to: 17-18

packages/hdwallet-walletconnect/package.json (1)

3-3: Version update aligns with core package changes.

The version bump and hdwallet-core dependency update are consistent with the PR's Starknet integration.

Also applies to: 18-18

packages/hdwallet-keepkey-chromeusb/package.json (1)

3-3: Package versions properly synchronized.

Version and dependency updates are consistent across the monorepo for Starknet support.

Also applies to: 17-18

packages/hdwallet-trezor/package.json (1)

3-3: Version updates aligned with core changes.

The package and dependency version bumps are properly coordinated with the Starknet additions to hdwallet-core.

Also applies to: 20-20

packages/hdwallet-gridplus/package.json (1)

3-3: Monorepo versions properly coordinated.

Version bump and core dependency update align with the PR's Starknet integration work.

Also applies to: 23-23

packages/hdwallet-keplr/package.json (1)

3-3: Version synchronization complete.

Package and dependency versions are properly updated to match the Starknet integration changes.

Also applies to: 20-20

packages/hdwallet-keepkey/package.json (1)

3-3: LGTM! Coordinated version bump.

The package version and core dependency are properly synchronized at 1.62.33, maintaining consistency across the monorepo for the Starknet integration.

Also applies to: 24-24

packages/hdwallet-walletconnectV2/package.json (1)

3-3: LGTM! Coordinated version bump.

The package version and core dependency are properly synchronized at 1.62.33.

Also applies to: 18-18

packages/hdwallet-keepkey-nodehid/package.json (1)

3-3: LGTM! Coordinated version bump.

The package version and keepkey dependency are properly synchronized at 1.62.33.

Also applies to: 17-17

packages/hdwallet-native/package.json (1)

3-3: LGTM! Starknet support enabled.

The package version and core dependency are properly synchronized at 1.62.33. The addition of @scure/starknet and starknet dependencies appropriately enables Starknet functionality in the native wallet implementation, aligning with the PR's objectives.

Also applies to: 19-19, 21-21, 42-42

packages/hdwallet-keepkey-tcp/package.json (1)

3-3: LGTM! Coordinated version bump.

The package version and dependencies (@shapeshiftoss/hdwallet-core, @shapeshiftoss/hdwallet-keepkey) are properly synchronized at 1.62.33.

Also applies to: 17-18

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (3)

packages/hdwallet-native/src/crypto/isolation/adapters/starknet.ts (2)

17-28: Type safety concern with as any cast.

The use of (nodeAdapter.node as any).starknetGetPublicKey() bypasses TypeScript's type checking. Consider adding proper type definitions to the Node interface to include Starknet-specific methods, or create a separate typed interface.

Additionally, the comment indicates that returning the public key as the address is a simplified approach. Ensure that downstream consumers are aware that this is not a deployed contract address but rather a "counterfactual" address identifier.

Consider adding proper type definitions

Instead of using as any, define the Starknet methods on the Node interface or create a separate interface:

// In the appropriate type definition file
interface StarknetNode {
  starknetGetPublicKey(): Promise<string>;
  starknetSign(txHash: string): Promise<{ r: string; s: string }>;
}

// Then use a type guard
async getAddress(addressNList: core.BIP32Path): Promise<string> {
  const nodeAdapter = await this.nodeAdapter.derivePath(core.addressNListToBIP32(addressNList));
  
  if (!('starknetGetPublicKey' in nodeAdapter.node)) {
    throw new Error('Node does not support Starknet operations');
  }
  
  const publicKey = await (nodeAdapter.node as any).starknetGetPublicKey();
  return publicKey;
}

---

34-43: Type safety concern and signature format dependency.

Similar to getAddress, this method uses (nodeAdapter.node as any).starknetSign(txHash) which bypasses type safety. The same recommendation about adding proper type definitions applies here.

Additionally, the signature format returned here depends entirely on the implementation in packages/hdwallet-native/src/crypto/isolation/engines/default/bip32.ts. If that implementation doesn't pad the hex strings, the signatures returned here will also be unpadded, which could cause issues with downstream consumers expecting fixed-length hex strings.

Consider verifying the signature format expectations with downstream consumers and ensuring consistency across the implementation chain.

packages/hdwallet-native/src/starknet.ts (1)

36-40: Missing await on async adapter method.

starknetGetAddress is declared async and returns Promise<string | null>, but the callback passed to needsMnemonic returns this.starknetAdapter!.getAddress(...) directly without await. While this still works because the Promise is returned, the inconsistency with starknetSignTx (which uses async callback) could cause confusion.

For consistency with starknetSignTx and other similar methods in the codebase, consider making the callback explicitly async:

🔎 Suggested refactor for consistency

 async starknetGetAddress(msg: core.StarknetGetAddress): Promise<string | null> {
-  return this.needsMnemonic(!!this.starknetAdapter, () => {
-    return this.starknetAdapter!.getAddress(msg.addressNList);
+  return this.needsMnemonic(!!this.starknetAdapter, async () => {
+    return await this.starknetAdapter!.getAddress(msg.addressNList);
   });
 }

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between a462b56 and 6a2302a.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (36)

• examples/sandbox/package.json
• integration/package.json
• lerna.json
• packages/hdwallet-coinbase/package.json
• packages/hdwallet-core/package.json
• packages/hdwallet-core/src/index.ts
• packages/hdwallet-core/src/starknet.ts
• packages/hdwallet-core/src/utils.ts
• packages/hdwallet-core/src/wallet.ts
• packages/hdwallet-gridplus/package.json
• packages/hdwallet-keepkey-chromeusb/package.json
• packages/hdwallet-keepkey-electron/package.json
• packages/hdwallet-keepkey-nodehid/package.json
• packages/hdwallet-keepkey-nodewebusb/package.json
• packages/hdwallet-keepkey-tcp/package.json
• packages/hdwallet-keepkey-webusb/package.json
• packages/hdwallet-keepkey/package.json
• packages/hdwallet-keplr/package.json
• packages/hdwallet-ledger-webhid/package.json
• packages/hdwallet-ledger-webusb/package.json
• packages/hdwallet-ledger/package.json
• packages/hdwallet-metamask-multichain/package.json
• packages/hdwallet-native-vault/package.json
• packages/hdwallet-native/package.json
• packages/hdwallet-native/src/crypto/isolation/adapters/index.ts
• packages/hdwallet-native/src/crypto/isolation/adapters/starknet.ts
• packages/hdwallet-native/src/crypto/isolation/engines/default/bip32.ts
• packages/hdwallet-native/src/native.ts
• packages/hdwallet-native/src/starknet.ts
• packages/hdwallet-phantom/package.json
• packages/hdwallet-portis/package.json
• packages/hdwallet-trezor-connect/package.json
• packages/hdwallet-trezor/package.json
• packages/hdwallet-vultisig/package.json
• packages/hdwallet-walletconnect/package.json
• packages/hdwallet-walletconnectV2/package.json

🧰 Additional context used

🧠 Learnings (13)

📓 Common learnings

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 769
File: packages/hdwallet-walletconnectV2/src/walletconnectV2.ts:150-152
Timestamp: 2025-12-12T11:20:00.907Z
Learning: In the shapeshift/hdwallet monorepo, the `ethSupportsNetwork()` method in wallet implementations is a legacy/relic method that is no longer used. Chain support is determined by the `_supports*` flags (e.g., `_supportsMonad`, `_supportsPlasma`, `_supportsHyperEvm`) on the wallet classes, not by the `ethSupportsNetwork()` method.

📚 Learning: 2025-08-07T15:27:03.179Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: packages/hdwallet-ledger/package.json:36-36
Timestamp: 2025-08-07T15:27:03.179Z
Learning: In the shapeshiftoss/hdwallet monorepo, the ledgerhq/hw-transport dependency in packages/hdwallet-ledger/package.json is pinned to an exact version (without caret) due to type mismatches that occur with newer versions. Other Ledger dependencies can safely use caret ranges.

Applied to files:

• packages/hdwallet-core/package.json
• packages/hdwallet-keepkey-nodehid/package.json
• packages/hdwallet-keepkey-electron/package.json
• packages/hdwallet-metamask-multichain/package.json
• packages/hdwallet-portis/package.json
• packages/hdwallet-keepkey-chromeusb/package.json
• packages/hdwallet-gridplus/package.json
• packages/hdwallet-ledger-webusb/package.json
• examples/sandbox/package.json
• integration/package.json
• packages/hdwallet-ledger-webhid/package.json
• packages/hdwallet-keepkey/package.json
• packages/hdwallet-keplr/package.json
• packages/hdwallet-vultisig/package.json
• packages/hdwallet-trezor/package.json
• packages/hdwallet-ledger/package.json
• packages/hdwallet-coinbase/package.json
• packages/hdwallet-keepkey-nodewebusb/package.json
• packages/hdwallet-keepkey-webusb/package.json
• packages/hdwallet-walletconnectV2/package.json
• packages/hdwallet-native-vault/package.json
• packages/hdwallet-walletconnect/package.json
• packages/hdwallet-keepkey-tcp/package.json
• packages/hdwallet-trezor-connect/package.json
• packages/hdwallet-phantom/package.json
• packages/hdwallet-native/package.json

📚 Learning: 2025-08-07T15:23:54.858Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: packages/hdwallet-coinbase/package.json:18-18
Timestamp: 2025-08-07T15:23:54.858Z
Learning: In the shapeshiftoss/hdwallet monorepo, package version bumps are done in PRs before publishing. The packages are published after the PR is merged, so dependency versions may reference unpublished versions during the PR review phase. This is expected behavior in their release workflow.

Applied to files:

• packages/hdwallet-core/package.json
• packages/hdwallet-keepkey-nodehid/package.json
• packages/hdwallet-keepkey-electron/package.json
• packages/hdwallet-metamask-multichain/package.json
• packages/hdwallet-portis/package.json
• packages/hdwallet-keepkey-chromeusb/package.json
• packages/hdwallet-gridplus/package.json
• packages/hdwallet-ledger-webusb/package.json
• examples/sandbox/package.json
• integration/package.json
• packages/hdwallet-ledger-webhid/package.json
• packages/hdwallet-keepkey/package.json
• packages/hdwallet-keplr/package.json
• packages/hdwallet-vultisig/package.json
• packages/hdwallet-trezor/package.json
• packages/hdwallet-ledger/package.json
• packages/hdwallet-coinbase/package.json
• packages/hdwallet-keepkey-nodewebusb/package.json
• packages/hdwallet-keepkey-webusb/package.json
• packages/hdwallet-walletconnectV2/package.json
• packages/hdwallet-native-vault/package.json
• packages/hdwallet-walletconnect/package.json
• packages/hdwallet-keepkey-tcp/package.json
• packages/hdwallet-trezor-connect/package.json
• packages/hdwallet-phantom/package.json
• packages/hdwallet-native/package.json

📚 Learning: 2025-12-09T13:48:55.139Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 764
File: packages/hdwallet-gridplus/package.json:0-0
Timestamp: 2025-12-09T13:48:55.139Z
Learning: In the shapeshiftoss/hdwallet monorepo, the dist/ directory is not version controlled (not tracked in git). Build artifacts are generated during the build/publish workflow, not committed to the repository.

Applied to files:

• packages/hdwallet-core/package.json
• packages/hdwallet-keepkey-nodehid/package.json
• packages/hdwallet-keepkey-electron/package.json
• packages/hdwallet-metamask-multichain/package.json
• packages/hdwallet-portis/package.json
• packages/hdwallet-keepkey-chromeusb/package.json
• packages/hdwallet-gridplus/package.json
• packages/hdwallet-ledger-webusb/package.json
• examples/sandbox/package.json
• integration/package.json
• packages/hdwallet-ledger-webhid/package.json
• packages/hdwallet-keepkey/package.json
• packages/hdwallet-keplr/package.json
• packages/hdwallet-vultisig/package.json
• packages/hdwallet-trezor/package.json
• packages/hdwallet-ledger/package.json
• packages/hdwallet-coinbase/package.json
• packages/hdwallet-keepkey-nodewebusb/package.json
• packages/hdwallet-keepkey-webusb/package.json
• packages/hdwallet-walletconnectV2/package.json
• packages/hdwallet-native-vault/package.json
• packages/hdwallet-walletconnect/package.json
• packages/hdwallet-keepkey-tcp/package.json
• packages/hdwallet-trezor-connect/package.json
• packages/hdwallet-phantom/package.json
• packages/hdwallet-native/package.json

📚 Learning: 2025-08-07T15:24:19.530Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: packages/hdwallet-ledger-webusb/package.json:3-3
Timestamp: 2025-08-07T15:24:19.530Z
Learning: In the shapeshiftoss/hdwallet monorepo, the team runs `yarn build` before bumping versions and also before publishing packages. This ensures that dist/ artifacts (including UMD bundles) are properly regenerated after dependency updates.

Applied to files:

• packages/hdwallet-core/package.json
• packages/hdwallet-keepkey-nodehid/package.json
• packages/hdwallet-keepkey-electron/package.json
• packages/hdwallet-metamask-multichain/package.json
• packages/hdwallet-portis/package.json
• packages/hdwallet-keepkey-chromeusb/package.json
• lerna.json
• packages/hdwallet-gridplus/package.json
• packages/hdwallet-ledger-webusb/package.json
• examples/sandbox/package.json
• integration/package.json
• packages/hdwallet-ledger-webhid/package.json
• packages/hdwallet-keepkey/package.json
• packages/hdwallet-keplr/package.json
• packages/hdwallet-vultisig/package.json
• packages/hdwallet-trezor/package.json
• packages/hdwallet-ledger/package.json
• packages/hdwallet-coinbase/package.json
• packages/hdwallet-keepkey-nodewebusb/package.json
• packages/hdwallet-keepkey-webusb/package.json
• packages/hdwallet-walletconnectV2/package.json
• packages/hdwallet-native-vault/package.json
• packages/hdwallet-walletconnect/package.json
• packages/hdwallet-keepkey-tcp/package.json
• packages/hdwallet-trezor-connect/package.json
• packages/hdwallet-phantom/package.json
• packages/hdwallet-native/package.json

📚 Learning: 2025-08-07T15:47:29.207Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: packages/hdwallet-ledger/src/transport.ts:10-10
Timestamp: 2025-08-07T15:47:29.207Z
Learning: In the shapeshiftoss/hdwallet monorepo, ts-ignore is used instead of ts-expect-error for Ledger transport imports because the code works locally without TypeScript errors but has issues in CI environment. Using ts-expect-error would fail locally since there are no actual errors to suppress.

Applied to files:

• packages/hdwallet-core/package.json
• packages/hdwallet-core/src/index.ts
• packages/hdwallet-keepkey-nodehid/package.json
• packages/hdwallet-keepkey-electron/package.json
• packages/hdwallet-metamask-multichain/package.json
• packages/hdwallet-portis/package.json
• packages/hdwallet-keepkey-chromeusb/package.json
• packages/hdwallet-gridplus/package.json
• packages/hdwallet-ledger-webusb/package.json
• examples/sandbox/package.json
• integration/package.json
• packages/hdwallet-ledger-webhid/package.json
• packages/hdwallet-keepkey/package.json
• packages/hdwallet-keplr/package.json
• packages/hdwallet-vultisig/package.json
• packages/hdwallet-trezor/package.json
• packages/hdwallet-core/src/wallet.ts
• packages/hdwallet-ledger/package.json
• packages/hdwallet-coinbase/package.json
• packages/hdwallet-keepkey-nodewebusb/package.json
• packages/hdwallet-keepkey-webusb/package.json
• packages/hdwallet-native/src/starknet.ts
• packages/hdwallet-walletconnectV2/package.json
• packages/hdwallet-native-vault/package.json
• packages/hdwallet-walletconnect/package.json
• packages/hdwallet-keepkey-tcp/package.json
• packages/hdwallet-native/src/crypto/isolation/adapters/index.ts
• packages/hdwallet-trezor-connect/package.json
• packages/hdwallet-native/src/crypto/isolation/engines/default/bip32.ts
• packages/hdwallet-phantom/package.json
• packages/hdwallet-native/package.json

📚 Learning: 2025-12-12T11:19:53.263Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 769
File: packages/hdwallet-walletconnectV2/src/walletconnectV2.ts:150-152
Timestamp: 2025-12-12T11:19:53.263Z
Learning: In the shapeshift/hdwallet monorepo, remove reliance on ethSupportsNetwork() across wallet implementations. This legacy method is no longer used to determine chain support. Instead, rely on the wallet class flags like _supportsMonad, _supportsPlasma, _supportsHyperEvm. Review all wallet implementations for ethSupportsNetwork() usage and migrate checks to the corresponding _supports* flags, updating tests and any affected logic accordingly.

Applied to files:

• packages/hdwallet-core/src/index.ts
• packages/hdwallet-core/src/utils.ts
• packages/hdwallet-native/src/crypto/isolation/adapters/starknet.ts
• packages/hdwallet-core/src/starknet.ts
• packages/hdwallet-native/src/native.ts
• packages/hdwallet-core/src/wallet.ts
• packages/hdwallet-native/src/starknet.ts
• packages/hdwallet-native/src/crypto/isolation/adapters/index.ts
• packages/hdwallet-native/src/crypto/isolation/engines/default/bip32.ts

📚 Learning: 2025-12-12T11:19:53.179Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 769
File: packages/hdwallet-ledger/src/ledger.ts:403-405
Timestamp: 2025-12-12T11:19:53.179Z
Learning: In packages/hdwallet-ledger/src/ethereum.ts, the ethSupportsNetwork function is a legacy/unused function that only returns true for chainId === 1. The Ledger ETH module does not call ethSupportsNetwork to validate chain support during signing operations - it accepts any chainId passed in the ETHSignTx message directly, so chain support flags can be enabled without needing to update ethSupportsNetwork.

Applied to files:

• packages/hdwallet-core/src/utils.ts
• packages/hdwallet-ledger-webhid/package.json
• packages/hdwallet-core/src/wallet.ts
• packages/hdwallet-native/src/crypto/isolation/engines/default/bip32.ts

📚 Learning: 2025-08-07T15:47:26.835Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: packages/hdwallet-ledger-webusb/src/transport.ts:12-12
Timestamp: 2025-08-07T15:47:26.835Z
Learning: In the shapeshiftoss/hdwallet monorepo, ts-ignore is used instead of ts-expect-error for Ledger transport imports because the CI environment has different type checking behavior than local development. The code works locally without errors, but CI reports type issues, so ts-ignore is necessary to suppress the inconsistent type checking across environments.

Applied to files:

• packages/hdwallet-keepkey-nodehid/package.json
• packages/hdwallet-keepkey-electron/package.json
• packages/hdwallet-metamask-multichain/package.json
• packages/hdwallet-portis/package.json
• packages/hdwallet-keepkey-chromeusb/package.json
• packages/hdwallet-gridplus/package.json
• packages/hdwallet-ledger-webusb/package.json
• examples/sandbox/package.json
• integration/package.json
• packages/hdwallet-ledger-webhid/package.json
• packages/hdwallet-keepkey/package.json
• packages/hdwallet-keplr/package.json
• packages/hdwallet-vultisig/package.json
• packages/hdwallet-trezor/package.json
• packages/hdwallet-core/src/wallet.ts
• packages/hdwallet-ledger/package.json
• packages/hdwallet-coinbase/package.json
• packages/hdwallet-keepkey-nodewebusb/package.json
• packages/hdwallet-keepkey-webusb/package.json
• packages/hdwallet-walletconnectV2/package.json
• packages/hdwallet-native-vault/package.json
• packages/hdwallet-walletconnect/package.json
• packages/hdwallet-keepkey-tcp/package.json
• packages/hdwallet-native/src/crypto/isolation/adapters/index.ts
• packages/hdwallet-trezor-connect/package.json
• packages/hdwallet-phantom/package.json

📚 Learning: 2025-12-12T11:20:00.907Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 769
File: packages/hdwallet-walletconnectV2/src/walletconnectV2.ts:150-152
Timestamp: 2025-12-12T11:20:00.907Z
Learning: In the shapeshift/hdwallet monorepo, the `ethSupportsNetwork()` method in wallet implementations is a legacy/relic method that is no longer used. Chain support is determined by the `_supports*` flags (e.g., `_supportsMonad`, `_supportsPlasma`, `_supportsHyperEvm`) on the wallet classes, not by the `ethSupportsNetwork()` method.

Applied to files:

• packages/hdwallet-metamask-multichain/package.json
• packages/hdwallet-gridplus/package.json
• packages/hdwallet-trezor/package.json
• packages/hdwallet-coinbase/package.json
• packages/hdwallet-walletconnectV2/package.json
• packages/hdwallet-walletconnect/package.json

📚 Learning: 2025-08-07T15:24:34.076Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: examples/sandbox/package.json:15-31
Timestamp: 2025-08-07T15:24:34.076Z
Learning: Lerna v6+ supports workspace protocol syntax (workspace:*) but does not automatically convert exact versions to workspace protocol during version bumps. It only preserves existing workspace protocol syntax. Teams using Lerna for automated version bumps would need manual conversion to use workspace protocol, which negates automation benefits.

Applied to files:

• lerna.json

📚 Learning: 2025-10-15T23:22:26.842Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 731
File: packages/hdwallet-gridplus/src/thormaya.ts:99-105
Timestamp: 2025-10-15T23:22:26.842Z
Learning: In packages/hdwallet-gridplus/src/thormaya.ts, the GridPlus SDK (gridplus-sdk) automatically pads the r and s signature components to 32 bytes, so explicit padding in the code may be redundant but is not required. The thorchainSignTx implementation works without explicit padding because the SDK handles it.

Applied to files:

• packages/hdwallet-native/src/crypto/isolation/engines/default/bip32.ts

📚 Learning: 2025-11-20T11:04:44.808Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 737
File: packages/hdwallet-trezor/src/ethereum.ts:122-138
Timestamp: 2025-11-20T11:04:44.808Z
Learning: In packages/hdwallet-trezor/src/ethereum.ts, the ethSignTypedData function correctly returns the signature from res.payload.signature without adding a "0x" prefix. This works correctly in practice and has been tested, despite appearing inconsistent with ethSignMessage which does add the prefix. The Trezor Connect ethereumSignTypedData response already provides the signature in the correct format for consumption.

Applied to files:

• packages/hdwallet-native/src/crypto/isolation/engines/default/bip32.ts

🧬 Code graph analysis (5)

packages/hdwallet-native/src/crypto/isolation/adapters/starknet.ts (1)

packages/hdwallet-core/src/wallet.ts (1)

• BIP32Path (23-23)

packages/hdwallet-core/src/starknet.ts (2)

packages/hdwallet-core/src/wallet.ts (4)

• BIP32Path (23-23)
• HDWalletInfo (303-359)
• HDWallet (361-476)
• PathDescription (88-98)

packages/hdwallet-core/src/utils.ts (2)

• addressNListToBIP32 (96-98)
• slip44ByCoin (179-181)

packages/hdwallet-native/src/native.ts (2)

packages/hdwallet-native/src/starknet.ts (2)

• MixinNativeStarknetWalletInfo (7-19)
• MixinNativeStarknetWallet (21-52)

packages/hdwallet-core/src/starknet.ts (2)

• StarknetWalletInfo (26-31)
• StarknetWallet (33-38)

packages/hdwallet-core/src/wallet.ts (1)

packages/hdwallet-core/src/starknet.ts (2)

• StarknetWallet (33-38)
• StarknetWalletInfo (26-31)

packages/hdwallet-native/src/starknet.ts (4)

packages/hdwallet-core/src/wallet.ts (1)

• HDWalletInfo (303-359)

packages/hdwallet-core/src/starknet.ts (6)

• StarknetWalletInfo (26-31)
• StarknetGetAccountPaths (18-20)
• StarknetAccountPath (22-24)
• StarknetGetAddress (4-7)
• StarknetSignTx (9-12)
• StarknetSignedTx (14-16)

packages/hdwallet-native/src/native.ts (1)

• NativeHDWalletBase (93-124)

packages/hdwallet-native/src/crypto/isolation/adapters/starknet.ts (1)

• StarknetAdapter (5-44)

🔇 Additional comments (49)

packages/hdwallet-walletconnectV2/package.json (1)

3-3: Version bump is appropriate for the Starknet feature branch.

The pre-release version format follows semver conventions and is suitable for this feature integration work.

lerna.json (1)

3-3: LGTM: Standard pre-release version bump.

The version bump to 1.62.32-starknet.0 follows standard pre-release conventions for feature branches. The ignoreChanges formatting change improves readability without altering its semantic meaning.

Also applies to: 11-16

packages/hdwallet-core/package.json (1)

3-3: LGTM: Core package version bump aligned with monorepo.

The version bump is consistent with the repository-wide Starknet pre-release. Note that while the AI summary mentions Starknet library dependencies (@scure/starknet, starknet), they're not visible in this package.json—these likely exist in implementation packages like hdwallet-native.

packages/hdwallet-keepkey/package.json (1)

3-3: LGTM: Version and dependency updates aligned.

The version bump and dependency update to ^1.62.32-starknet.0 are consistent with the monorepo-wide Starknet pre-release.

Also applies to: 24-24

packages/hdwallet-keepkey-nodehid/package.json (1)

3-3: LGTM: Consistent version alignment.

Version and dependency updates follow the monorepo-wide pattern for the Starknet pre-release.

Also applies to: 17-17

packages/hdwallet-trezor/package.json (1)

3-3: LGTM: Standard version alignment.

Version and dependency updates are consistent with the Starknet pre-release line.

Also applies to: 20-20

packages/hdwallet-coinbase/package.json (1)

3-3: LGTM: Aligned with monorepo versioning.

Version and dependency updates follow the established pattern for the Starknet pre-release.

Also applies to: 18-18

packages/hdwallet-trezor-connect/package.json (1)

3-3: LGTM: Complete dependency alignment.

Version bump and both dependency updates are consistent with the monorepo-wide Starknet pre-release.

Also applies to: 17-18

packages/hdwallet-core/src/utils.ts (1)

160-160: The SLIP-44 coin type 9004 for Starknet is correct according to the official SLIP-44 registry and confirmed by the Starknet community specification and MetaMask's implementation.

packages/hdwallet-keepkey-webusb/package.json (1)

3-3: LGTM! Version bump aligns with Starknet integration.

The version bump to 1.62.32-starknet.0 and dependency updates to use caret ranges are consistent with the monorepo-wide Starknet prerelease strategy.

Also applies to: 17-18

packages/hdwallet-portis/package.json (1)

3-3: LGTM! Version bump aligns with Starknet integration.

The version bump to 1.62.32-starknet.0 and dependency update to use caret range are consistent with the monorepo-wide Starknet prerelease strategy.

Also applies to: 19-19

packages/hdwallet-keplr/package.json (1)

3-3: LGTM! Version bump aligns with Starknet integration.

The version bump to 1.62.32-starknet.0 and dependency update to use caret range are consistent with the monorepo-wide Starknet prerelease strategy.

Also applies to: 20-20

packages/hdwallet-metamask-multichain/package.json (1)

3-3: LGTM! Version bump aligns with Starknet integration.

The version bump to 1.62.32-starknet.0 and dependency update to use caret range are consistent with the monorepo-wide Starknet prerelease strategy.

Also applies to: 20-20

packages/hdwallet-vultisig/package.json (1)

3-3: LGTM! Version bump aligns with Starknet integration.

The version bump to 1.62.32-starknet.0 and dependency update to use caret range are consistent with the monorepo-wide Starknet prerelease strategy.

Also applies to: 20-20

packages/hdwallet-phantom/package.json (1)

3-3: LGTM! Version bump aligns with Starknet integration.

The version bump to 1.62.32-starknet.0 and dependency update to use caret range are consistent with the monorepo-wide Starknet prerelease strategy.

Also applies to: 18-18

packages/hdwallet-keepkey-electron/package.json (1)

3-3: LGTM! Version bump aligns with Starknet integration.

The version bump to 1.62.32-starknet.0 and dependency update to use caret range are consistent with the monorepo-wide Starknet prerelease strategy.

Also applies to: 17-17

packages/hdwallet-gridplus/package.json (1)

3-3: LGTM! Version bump aligns with Starknet integration.

The version bump to 1.62.32-starknet.0 and dependency update to use caret range are consistent with the monorepo-wide Starknet prerelease strategy.

Also applies to: 23-23

packages/hdwallet-walletconnect/package.json (1)

3-3: LGTM! Version bump and dependency alignment are consistent.

The version bump to 1.62.32-starknet.0 and the updated dependency on @shapeshiftoss/hdwallet-core align with the PR's Starknet integration prerelease strategy.

Also applies to: 18-18

packages/hdwallet-ledger/package.json (1)

3-3: LGTM! Version bump and dependency update are consistent.

The package version and @shapeshiftoss/hdwallet-core dependency are properly aligned with the Starknet prerelease line.

Also applies to: 31-31

packages/hdwallet-keepkey-chromeusb/package.json (1)

3-3: LGTM! Version bump and dependency updates are consistent.

All version updates align with the Starknet prerelease strategy, including both @shapeshiftoss/hdwallet-core and @shapeshiftoss/hdwallet-keepkey dependencies.

Also applies to: 17-18

packages/hdwallet-ledger-webusb/package.json (1)

3-3: LGTM! Version bump and dependency updates are consistent.

The package version and both internal dependencies (@shapeshiftoss/hdwallet-core and @shapeshiftoss/hdwallet-ledger) are properly aligned with the Starknet prerelease.

Also applies to: 23-24

packages/hdwallet-native/package.json (1)

3-3: LGTM! Version bump and hdwallet-core dependency update are consistent.

The package version and @shapeshiftoss/hdwallet-core dependency align correctly with the Starknet prerelease strategy.

Also applies to: 21-21

packages/hdwallet-native-vault/package.json (1)

3-3: LGTM! Version bump and dependency update are consistent.

The package version and @shapeshiftoss/hdwallet-native dependency are properly aligned with the Starknet prerelease line.

Also applies to: 18-18

packages/hdwallet-keepkey-tcp/package.json (1)

3-3: LGTM! Version bump and dependency updates are consistent.

All version updates align with the Starknet prerelease strategy, including both @shapeshiftoss/hdwallet-core and @shapeshiftoss/hdwallet-keepkey dependencies.

Also applies to: 17-18

packages/hdwallet-native/src/crypto/isolation/adapters/index.ts (1)

9-9: LGTM! Starknet adapter export added correctly.

The new Starknet adapter export follows the established pattern and maintains alphabetical ordering among the adapter exports.

packages/hdwallet-core/src/index.ts (1)

20-20: LGTM!

The Starknet export is correctly placed in alphabetical order and follows the established pattern for exposing blockchain-specific modules.

packages/hdwallet-ledger-webhid/package.json (1)

3-3: LGTM!

Version bump and dependency updates are aligned with the Starknet integration prerelease. The use of caret ranges for prerelease versions is consistent with the monorepo's versioning strategy.

Also applies to: 21-22

packages/hdwallet-keepkey-nodewebusb/package.json (1)

3-3: LGTM!

Version bump and dependency updates are consistent with the Starknet integration prerelease across the monorepo.

Also applies to: 17-18

packages/hdwallet-core/src/wallet.ts (2)

16-16: LGTM!

The Starknet import is properly placed in alphabetical order and follows the established pattern.

---

275-281: LGTM!

The Starknet type guards follow the established pattern used throughout the codebase and are correctly positioned in alphabetical order.

examples/sandbox/package.json (1)

3-3: LGTM!

Version bump and dependency updates are consistent with the Starknet integration prerelease across the monorepo. All hdwallet package dependencies are properly updated to the prerelease version range.

Also applies to: 15-32

packages/hdwallet-native/src/crypto/isolation/adapters/starknet.ts (1)

5-10: LGTM!

The StarknetAdapter class structure follows the adapter pattern consistently used in the codebase for other blockchain integrations.

integration/package.json (1)

3-3: LGTM!

Version bump and dependency updates are consistent with the Starknet integration prerelease across the monorepo.

Also applies to: 15-24

packages/hdwallet-native/src/crypto/isolation/engines/default/bip32.ts (1)

3-3: Verify @scure/starknet library version and API compatibility.

The @scure/starknet version ^1.0.0 is confirmed to be installed. The library documentation confirms all required APIs exist and are compatible with this implementation:

• grindKey: Derives a usable key from input
• getStarkKey: Converts private key to public key (Stark key)
• sign: Signs a message hash and returns signature with r and s properties

The implementation correctly uses these APIs in sequence (grindKey → getStarkKey for key derivation, grindKey → sign for signing) and properly converts the signature components to hexadecimal strings via toString(16), matching the documented return types.

packages/hdwallet-native/src/native.ts (6)

19-19: LGTM!

Import follows the established pattern for chain-specific mixins.

---

132-148: LGTM!

Starknet wallet info mixin is correctly integrated into the mixin chain, following the same pattern as other chain integrations.

Also applies to: 161-161

---

220-222: LGTM!

Starknet path description handling supports both "starknet" and "strk" coin identifiers, consistent with how other chains handle aliases (e.g., "rune"/"thorchain", "luna"/"terra").

---

238-251: LGTM!

Starknet wallet mixin is correctly integrated into the mixin chain and implements core.StarknetWallet interface.

Also applies to: 265-265

---

391-391: LGTM!

Starknet initialization correctly uses secp256k1MasterKey, which aligns with Starknet's key derivation (Starknet derives keys from secp256k1 and then "grinds" them into Stark curve keys).

---

448-448: LGTM!

starknetWipe() properly integrated into the wallet cleanup sequence.

packages/hdwallet-core/src/starknet.ts (5)

1-2: LGTM!

Imports are minimal and appropriate for the module's needs.

---

4-24: LGTM!

Interface definitions follow the established patterns from other chain implementations (Solana, Tron, etc.) in this monorepo.

---

26-38: LGTM!

Wallet interfaces correctly extend HDWalletInfo and HDWallet, with appropriate _supportsStarknetInfo and _supportsStarknet flags following the monorepo's convention for feature detection.

---

65-68: LGTM!

Account path generation follows the standard BIP44 pattern and correctly uses hardened derivation for purpose, coin type, and account index.

---

40-63: SLIP-44 coin type verified as correct.

The path validation correctly enforces BIP44 structure m/44'/9004'/account'/0/0. The SLIP-44 code for Starknet (9004) is confirmed, and the bitwise operations for hardened path detection are correct.

packages/hdwallet-native/src/starknet.ts (4)

1-5: LGTM!

Imports are appropriate and follow the established pattern for chain-specific mixins.

---

7-19: LGTM!

The wallet info mixin correctly implements core.StarknetWalletInfo. The starknetNextAccountPath throwing "Method not implemented" is consistent with several other chain implementations in this monorepo.

---

42-50: LGTM!

The sign transaction method correctly uses needsMnemonic guard with an async callback, properly awaits the adapter call, and returns the signature in the expected StarknetSignedTx format.

---

21-34: LGTM!

Mixin correctly implements:

• _supportsStarknet flag for feature detection
• starknetInitializeWallet creates the BIP32 adapter and StarknetAdapter
• starknetWipe properly clears the adapter reference

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
hdwallet	Ready	Preview, Comment	Dec 24, 2025 11:05pm

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

packages/hdwallet-native/src/starknet.ts (1)

15-17: Unimplemented method will throw at runtime.

The starknetNextAccountPath method throws an error when called. If this method is part of the public API contract, consider implementing it or documenting that it's intentionally deferred.

Do you want me to help implement this method or open a tracking issue for future implementation?

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 6a2302a and deb8f8e.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (29)

• examples/sandbox/package.json
• integration/package.json
• lerna.json
• packages/hdwallet-coinbase/package.json
• packages/hdwallet-core/package.json
• packages/hdwallet-gridplus/package.json
• packages/hdwallet-keepkey-chromeusb/package.json
• packages/hdwallet-keepkey-electron/package.json
• packages/hdwallet-keepkey-nodehid/package.json
• packages/hdwallet-keepkey-nodewebusb/package.json
• packages/hdwallet-keepkey-tcp/package.json
• packages/hdwallet-keepkey-webusb/package.json
• packages/hdwallet-keepkey/package.json
• packages/hdwallet-keplr/package.json
• packages/hdwallet-ledger-webhid/package.json
• packages/hdwallet-ledger-webusb/package.json
• packages/hdwallet-ledger/package.json
• packages/hdwallet-metamask-multichain/package.json
• packages/hdwallet-native-vault/package.json
• packages/hdwallet-native/package.json
• packages/hdwallet-native/src/crypto/isolation/engines/default/bip32.ts
• packages/hdwallet-native/src/starknet.ts
• packages/hdwallet-phantom/package.json
• packages/hdwallet-portis/package.json
• packages/hdwallet-trezor-connect/package.json
• packages/hdwallet-trezor/package.json
• packages/hdwallet-vultisig/package.json
• packages/hdwallet-walletconnect/package.json
• packages/hdwallet-walletconnectV2/package.json

🚧 Files skipped from review as they are similar to previous changes (19)

• packages/hdwallet-walletconnect/package.json
• packages/hdwallet-portis/package.json
• packages/hdwallet-trezor/package.json
• packages/hdwallet-ledger-webusb/package.json
• packages/hdwallet-keepkey-tcp/package.json
• packages/hdwallet-ledger-webhid/package.json
• packages/hdwallet-trezor-connect/package.json
• packages/hdwallet-core/package.json
• packages/hdwallet-native/package.json
• packages/hdwallet-keepkey-nodehid/package.json
• packages/hdwallet-native-vault/package.json
• packages/hdwallet-vultisig/package.json
• packages/hdwallet-keepkey-chromeusb/package.json
• packages/hdwallet-keepkey/package.json
• packages/hdwallet-native/src/crypto/isolation/engines/default/bip32.ts
• packages/hdwallet-keplr/package.json
• packages/hdwallet-ledger/package.json
• packages/hdwallet-phantom/package.json
• examples/sandbox/package.json

🧰 Additional context used

🧠 Learnings (10)

📓 Common learnings

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 769
File: packages/hdwallet-walletconnectV2/src/walletconnectV2.ts:150-152
Timestamp: 2025-12-12T11:20:00.907Z
Learning: In the shapeshift/hdwallet monorepo, the `ethSupportsNetwork()` method in wallet implementations is a legacy/relic method that is no longer used. Chain support is determined by the `_supports*` flags (e.g., `_supportsMonad`, `_supportsPlasma`, `_supportsHyperEvm`) on the wallet classes, not by the `ethSupportsNetwork()` method.

📚 Learning: 2025-08-07T15:24:34.076Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: examples/sandbox/package.json:15-31
Timestamp: 2025-08-07T15:24:34.076Z
Learning: Lerna v6+ supports workspace protocol syntax (workspace:*) but does not automatically convert exact versions to workspace protocol during version bumps. It only preserves existing workspace protocol syntax. Teams using Lerna for automated version bumps would need manual conversion to use workspace protocol, which negates automation benefits.

Applied to files:

• lerna.json

📚 Learning: 2025-08-07T15:24:19.530Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: packages/hdwallet-ledger-webusb/package.json:3-3
Timestamp: 2025-08-07T15:24:19.530Z
Learning: In the shapeshiftoss/hdwallet monorepo, the team runs `yarn build` before bumping versions and also before publishing packages. This ensures that dist/ artifacts (including UMD bundles) are properly regenerated after dependency updates.

Applied to files:

• lerna.json
• packages/hdwallet-keepkey-webusb/package.json
• packages/hdwallet-metamask-multichain/package.json
• integration/package.json
• packages/hdwallet-walletconnectV2/package.json
• packages/hdwallet-gridplus/package.json
• packages/hdwallet-keepkey-nodewebusb/package.json
• packages/hdwallet-keepkey-electron/package.json
• packages/hdwallet-coinbase/package.json

📚 Learning: 2025-08-07T15:23:54.858Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: packages/hdwallet-coinbase/package.json:18-18
Timestamp: 2025-08-07T15:23:54.858Z
Learning: In the shapeshiftoss/hdwallet monorepo, package version bumps are done in PRs before publishing. The packages are published after the PR is merged, so dependency versions may reference unpublished versions during the PR review phase. This is expected behavior in their release workflow.

Applied to files:

• lerna.json
• packages/hdwallet-keepkey-webusb/package.json
• packages/hdwallet-metamask-multichain/package.json
• integration/package.json
• packages/hdwallet-walletconnectV2/package.json
• packages/hdwallet-gridplus/package.json
• packages/hdwallet-keepkey-nodewebusb/package.json
• packages/hdwallet-keepkey-electron/package.json
• packages/hdwallet-coinbase/package.json

📚 Learning: 2025-08-07T15:27:03.179Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: packages/hdwallet-ledger/package.json:36-36
Timestamp: 2025-08-07T15:27:03.179Z
Learning: In the shapeshiftoss/hdwallet monorepo, the ledgerhq/hw-transport dependency in packages/hdwallet-ledger/package.json is pinned to an exact version (without caret) due to type mismatches that occur with newer versions. Other Ledger dependencies can safely use caret ranges.

Applied to files:

• packages/hdwallet-keepkey-webusb/package.json
• packages/hdwallet-metamask-multichain/package.json
• integration/package.json
• packages/hdwallet-walletconnectV2/package.json
• packages/hdwallet-gridplus/package.json
• packages/hdwallet-keepkey-nodewebusb/package.json
• packages/hdwallet-keepkey-electron/package.json
• packages/hdwallet-coinbase/package.json

📚 Learning: 2025-12-09T13:48:55.139Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 764
File: packages/hdwallet-gridplus/package.json:0-0
Timestamp: 2025-12-09T13:48:55.139Z
Learning: In the shapeshiftoss/hdwallet monorepo, the dist/ directory is not version controlled (not tracked in git). Build artifacts are generated during the build/publish workflow, not committed to the repository.

Applied to files:

• packages/hdwallet-keepkey-webusb/package.json
• packages/hdwallet-metamask-multichain/package.json
• integration/package.json
• packages/hdwallet-walletconnectV2/package.json
• packages/hdwallet-gridplus/package.json
• packages/hdwallet-keepkey-nodewebusb/package.json
• packages/hdwallet-keepkey-electron/package.json
• packages/hdwallet-coinbase/package.json

📚 Learning: 2025-08-07T15:47:29.207Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: packages/hdwallet-ledger/src/transport.ts:10-10
Timestamp: 2025-08-07T15:47:29.207Z
Learning: In the shapeshiftoss/hdwallet monorepo, ts-ignore is used instead of ts-expect-error for Ledger transport imports because the code works locally without TypeScript errors but has issues in CI environment. Using ts-expect-error would fail locally since there are no actual errors to suppress.

Applied to files:

• packages/hdwallet-keepkey-webusb/package.json
• packages/hdwallet-metamask-multichain/package.json
• packages/hdwallet-native/src/starknet.ts
• integration/package.json
• packages/hdwallet-walletconnectV2/package.json
• packages/hdwallet-gridplus/package.json
• packages/hdwallet-keepkey-nodewebusb/package.json
• packages/hdwallet-keepkey-electron/package.json
• packages/hdwallet-coinbase/package.json

📚 Learning: 2025-08-07T15:47:26.835Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: packages/hdwallet-ledger-webusb/src/transport.ts:12-12
Timestamp: 2025-08-07T15:47:26.835Z
Learning: In the shapeshiftoss/hdwallet monorepo, ts-ignore is used instead of ts-expect-error for Ledger transport imports because the CI environment has different type checking behavior than local development. The code works locally without errors, but CI reports type issues, so ts-ignore is necessary to suppress the inconsistent type checking across environments.

Applied to files:

• packages/hdwallet-keepkey-webusb/package.json
• packages/hdwallet-metamask-multichain/package.json
• integration/package.json
• packages/hdwallet-walletconnectV2/package.json
• packages/hdwallet-gridplus/package.json
• packages/hdwallet-keepkey-nodewebusb/package.json
• packages/hdwallet-keepkey-electron/package.json
• packages/hdwallet-coinbase/package.json

📚 Learning: 2025-12-12T11:20:00.907Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 769
File: packages/hdwallet-walletconnectV2/src/walletconnectV2.ts:150-152
Timestamp: 2025-12-12T11:20:00.907Z
Learning: In the shapeshift/hdwallet monorepo, the `ethSupportsNetwork()` method in wallet implementations is a legacy/relic method that is no longer used. Chain support is determined by the `_supports*` flags (e.g., `_supportsMonad`, `_supportsPlasma`, `_supportsHyperEvm`) on the wallet classes, not by the `ethSupportsNetwork()` method.

Applied to files:

• packages/hdwallet-metamask-multichain/package.json
• packages/hdwallet-walletconnectV2/package.json
• packages/hdwallet-gridplus/package.json
• packages/hdwallet-coinbase/package.json

📚 Learning: 2025-12-12T11:19:53.263Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 769
File: packages/hdwallet-walletconnectV2/src/walletconnectV2.ts:150-152
Timestamp: 2025-12-12T11:19:53.263Z
Learning: In the shapeshift/hdwallet monorepo, remove reliance on ethSupportsNetwork() across wallet implementations. This legacy method is no longer used to determine chain support. Instead, rely on the wallet class flags like _supportsMonad, _supportsPlasma, _supportsHyperEvm. Review all wallet implementations for ethSupportsNetwork() usage and migrate checks to the corresponding _supports* flags, updating tests and any affected logic accordingly.

Applied to files:

• packages/hdwallet-native/src/starknet.ts

🔇 Additional comments (11)

packages/hdwallet-metamask-multichain/package.json (1)

3-3: LGTM! Coordinated version bump aligns with Starknet integration.

The package version and core dependency have been updated consistently to the 1.62.33-starknet.0 prerelease, which aligns with the monorepo-wide Starknet integration effort described in the PR objectives.

Also applies to: 20-20

packages/hdwallet-keepkey-nodewebusb/package.json (1)

3-3: LGTM! Version bump follows the established monorepo release pattern.

The pre-release version bump to 1.62.33-starknet.0 and the corresponding dependency updates are consistent with the broader Starknet integration effort across the repository. The caret ranges on the pre-release versions appropriately allow for both additional starknet pre-releases and the eventual stable release.

Also applies to: 17-18

packages/hdwallet-walletconnectV2/package.json (1)

3-3: LGTM! Version bump aligns with monorepo Starknet integration.

The version bump to 1.62.33-starknet.0 and the dependency update to ^1.62.33-starknet.0 maintain compatibility with the updated core package. WalletConnect V2 does not require Starknet-specific implementation—it remains focused on Ethereum chain support while the core package provides Starknet wallet interfaces for other adapters.

lerna.json (1)

3-16: LGTM!

The version bump to 1.62.33-starknet.0 appropriately reflects the pre-release Starknet integration, and the formatting of ignoreChanges improves readability without altering behavior.

packages/hdwallet-coinbase/package.json (1)

3-18: LGTM!

Version and dependency updates are consistent with the monorepo's pre-release workflow for Starknet integration.

packages/hdwallet-keepkey-electron/package.json (1)

3-17: LGTM!

Version and dependency updates align with the monorepo's Starknet pre-release workflow.

integration/package.json (1)

3-24: LGTM!

Comprehensive version and dependency updates are consistent across all hdwallet packages, properly aligned with the Starknet pre-release workflow.

packages/hdwallet-native/src/starknet.ts (1)

21-52: LGTM!

The Starknet wallet mixin implementation follows the established patterns in the hdwallet-native codebase. The needsMnemonic wrapper provides proper safety checks before adapter access, and the initialization/wipe lifecycle is correctly implemented.

packages/hdwallet-keepkey-webusb/package.json (1)

3-3: LGTM: Version bump aligns with monorepo-wide Starknet integration.

The prerelease version bump to 1.62.33-starknet.0 is consistent with the broader Starknet integration effort across the monorepo.

packages/hdwallet-gridplus/package.json (2)

3-3: GridPlus does not implement Starknet support despite the version indicating otherwise.

The version bump to "1.62.33-starknet.0" suggests Starknet integration, but no Starknet-related code, types, or _supportsStarknet flag exists in the GridPlus wallet implementation. Either remove "-starknet.0" from the version if this package is not part of the Starknet feature, or add the missing Starknet implementation to align with the version label.

⛔ Skipped due to learnings

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: packages/hdwallet-coinbase/package.json:18-18
Timestamp: 2025-08-07T15:23:54.858Z
Learning: In the shapeshiftoss/hdwallet monorepo, package version bumps are done in PRs before publishing. The packages are published after the PR is merged, so dependency versions may reference unpublished versions during the PR review phase. This is expected behavior in their release workflow.

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: packages/hdwallet-ledger/package.json:36-36
Timestamp: 2025-08-07T15:27:03.179Z
Learning: In the shapeshiftoss/hdwallet monorepo, the ledgerhq/hw-transport dependency in packages/hdwallet-ledger/package.json is pinned to an exact version (without caret) due to type mismatches that occur with newer versions. Other Ledger dependencies can safely use caret ranges.

---

23-23: The "^1.62.33-starknet.0" caret range is consistent across all dependent packages in the monorepo. All 21+ packages that depend on hdwallet-core use the identical version specification, confirming this is the established monorepo practice.

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)

packages/hdwallet-native/src/native.ts (3)

282-308: Add support for pre-generated starkMasterKey to match the established pattern.

The constructor handles pre-generated secp256k1MasterKey and ed25519MasterKey (lines 306-307) but does not handle starkMasterKey. This creates an inconsistency where users can provide pre-generated secp256k1 and ed25519 keys but not Stark keys.

Update the LoadDevice type (lines 34-48) to include starkMasterKey and add handling in the constructor's else branch (lines 305-308).

🔎 Proposed fix

Update the LoadDevice type:

 type LoadDevice = Omit<core.LoadDevice, "mnemonic"> & {
   // Set this if your deviceId is dependent on the mnemonic
   deviceId?: string;
 } & (
     | {
         mnemonic: string | Isolation.Core.BIP39.Mnemonic;
         secp256k1MasterKey?: never;
         ed25519MasterKey?: never;
+        starkMasterKey?: never;
       }
     | {
         mnemonic?: never;
         secp256k1MasterKey: Isolation.Core.BIP32.Node;
         ed25519MasterKey: Isolation.Core.Ed25519.Node;
+        starkMasterKey: Isolation.Core.Stark.Node;
       }
   );

Update the constructor:

 constructor({ mnemonic, deviceId, secp256k1MasterKey, ed25519MasterKey }: NativeAdapterArgs) {
   super();
   if (mnemonic) {
     this.#secp256k1MasterKey = (async () => {
       const isolatedMnemonic =
         typeof mnemonic === "string" ? await Isolation.Engines.Default.BIP39.Mnemonic.create(mnemonic) : mnemonic;
       const seed = await isolatedMnemonic.toSeed();
       return await seed.toSecp256k1MasterKey();
     })();
     this.#ed25519MasterKey = (async () => {
       const isolatedMnemonic =
         typeof mnemonic === "string" ? await Isolation.Engines.Default.BIP39.Mnemonic.create(mnemonic) : mnemonic;
       const seed = await isolatedMnemonic.toSeed();
       return await seed.toEd25519MasterKey();
     })();
     this.#starkMasterKey = (async () => {
       const isolatedMnemonic =
         typeof mnemonic === "string" ? await Isolation.Engines.Default.BIP39.Mnemonic.create(mnemonic) : mnemonic;
       const seed = await isolatedMnemonic.toSeed();
       return await seed.toStarkMasterKey();
     })();
   } else {
     if (secp256k1MasterKey) this.#secp256k1MasterKey = Promise.resolve(secp256k1MasterKey);
     if (ed25519MasterKey) this.#ed25519MasterKey = Promise.resolve(ed25519MasterKey);
+    if (starkMasterKey) this.#starkMasterKey = Promise.resolve(starkMasterKey);
   }
   this.#deviceId = deviceId;
 }

---

441-467: Memory leak and security issue: #starkMasterKey is not cleaned up in wipe().

The wipe() method saves and revokes #secp256k1MasterKey and #ed25519MasterKey (lines 442-443, 465-466) but does not handle #starkMasterKey. This leaves sensitive cryptographic key material in memory after wiping and creates a memory leak.

🔎 Proposed fix

 async wipe(): Promise<void> {
   const oldSecp256k1MasterKey = this.#secp256k1MasterKey;
   const oldEd25519MasterKey = this.#ed25519MasterKey;
+  const oldStarkMasterKey = this.#starkMasterKey;

   this.#initialized = false;
   this.#secp256k1MasterKey = undefined;
   this.#ed25519MasterKey = undefined;
+  this.#starkMasterKey = undefined;

   super.solanaWipe();
   super.suiWipe();
   super.btcWipe();
   super.ethWipe();
   super.cosmosWipe();
   super.osmosisWipe();
   super.binanceWipe();
   super.starknetWipe();
   super.tronWipe();
   super.thorchainWipe();
   super.mayachainWipe();
   super.secretWipe();
   super.terraWipe();
   super.kavaWipe();
   super.arkeoWipe();

   (await oldSecp256k1MasterKey)?.revoke?.();
   (await oldEd25519MasterKey)?.revoke?.();
+  (await oldStarkMasterKey)?.revoke?.();
 }

---

475-533: Critical: loadDevice() does not regenerate #starkMasterKey from new mnemonic.

The loadDevice() method regenerates #secp256k1MasterKey and #ed25519MasterKey from the provided mnemonic or accepts pre-generated keys (lines 476-518), but does not handle #starkMasterKey. This creates an inconsistent state where calling loadDevice() with a new mnemonic will update secp256k1 and ed25519 keys but leave the Stark key pointing to the old mnemonic's key (or undefined), breaking StarkNet functionality.

🔎 Proposed fix

Add the following code after line 518 (after ed25519MasterKey initialization):

     })(msg?.mnemonic, msg?.ed25519MasterKey)
   );

+  this.#starkMasterKey = Promise.resolve(
+    await (async (mnemonic, starkMasterKey) => {
+      if (starkMasterKey !== undefined) {
+        return starkMasterKey;
+      } else if (mnemonic !== undefined) {
+        const isolatedMnemonic = await (async () => {
+          if (isMnemonicInterface(mnemonic)) return mnemonic;
+          if (typeof mnemonic === "string" && bip39.validateMnemonic(mnemonic)) {
+            return await Isolation.Engines.Default.BIP39.Mnemonic.create(mnemonic);
+          }
+          throw new Error("Required property [mnemonic] is invalid");
+        })();
+        const seed = await isolatedMnemonic.toSeed();
+        seed.addRevoker?.(() => isolatedMnemonic.revoke?.());
+        const out = await seed.toStarkMasterKey();
+        out.addRevoker?.(() => seed.revoke?.());
+        return out;
+      }
+      throw new Error("Either [mnemonic] or [starkMasterKey] is required");
+    })(msg?.mnemonic, msg?.starkMasterKey)
+  );
+
   if (typeof msg?.deviceId === "string") this.#deviceId = msg?.deviceId;

🧹 Nitpick comments (3)

packages/hdwallet-native/src/crypto/isolation/adapters/starknet.ts (2)

49-57: Encapsulation concern: accessing nodeAdapter.node directly.

The signTransaction method accesses nodeAdapter.node.sign(txHash) directly, bypassing the StarkAdapter wrapper. Consider adding a sign method to StarkAdapter to maintain proper encapsulation:

🔎 Proposed refactor in StarkAdapter (stark.ts)

Add to StarkAdapter:

async sign(txHash: string): Promise<{ r: string; s: string }> {
  return this.node.sign(txHash);
}

Then update StarknetAdapter.signTransaction:

  async signTransaction(txHash: string, addressNList: core.BIP32Path): Promise<string[]> {
    const nodeAdapter = await this.nodeAdapter.derivePath(core.addressNListToBIP32(addressNList));

-   const signature = await nodeAdapter.node.sign(txHash);
+   const signature = await nodeAdapter.sign(txHash);

    return [signature.r, signature.s];
  }

---

21-43: Code duplication between getPublicKey and getAddress.

Both methods share the same derivation and public key retrieval logic. Consider extracting the common derivation pattern, though this is acceptable given the TODO comment indicating getAddress will evolve to compute actual contract addresses.

packages/hdwallet-native/src/crypto/isolation/engines/default/stark.ts (1)

74-98: explicitPath not propagated during derivation.

When deriving a child node (line 95), the explicitPath is not passed to Node.create(), so derived nodes lose their path tracking. If path tracking is desired for debugging or auditing, consider propagating the path:

🔎 Proposed fix

-   const out = await Node.create(ki, IR);
+   const derivedPath = this.explicitPath ? `${this.explicitPath}/${index}` : undefined;
+   const out = await Node.create(ki, IR, derivedPath);

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between deb8f8e and d2979c0.

📒 Files selected for processing (41)

• examples/sandbox/package.json
• integration/package.json
• lerna.json
• packages/hdwallet-coinbase/package.json
• packages/hdwallet-core/package.json
• packages/hdwallet-core/src/starknet.ts
• packages/hdwallet-gridplus/package.json
• packages/hdwallet-keepkey-chromeusb/package.json
• packages/hdwallet-keepkey-electron/package.json
• packages/hdwallet-keepkey-nodehid/package.json
• packages/hdwallet-keepkey-nodewebusb/package.json
• packages/hdwallet-keepkey-tcp/package.json
• packages/hdwallet-keepkey-webusb/package.json
• packages/hdwallet-keepkey/package.json
• packages/hdwallet-keplr/package.json
• packages/hdwallet-ledger-webhid/package.json
• packages/hdwallet-ledger-webusb/package.json
• packages/hdwallet-ledger/package.json
• packages/hdwallet-metamask-multichain/package.json
• packages/hdwallet-native-vault/package.json
• packages/hdwallet-native/package.json
• packages/hdwallet-native/src/crypto/isolation/adapters/index.ts
• packages/hdwallet-native/src/crypto/isolation/adapters/stark.ts
• packages/hdwallet-native/src/crypto/isolation/adapters/starknet.ts
• packages/hdwallet-native/src/crypto/isolation/core/bip32/interfaces.ts
• packages/hdwallet-native/src/crypto/isolation/core/index.ts
• packages/hdwallet-native/src/crypto/isolation/core/stark/index.ts
• packages/hdwallet-native/src/crypto/isolation/core/stark/interfaces.ts
• packages/hdwallet-native/src/crypto/isolation/engines/default/bip32.ts
• packages/hdwallet-native/src/crypto/isolation/engines/default/index.ts
• packages/hdwallet-native/src/crypto/isolation/engines/default/stark.ts
• packages/hdwallet-native/src/crypto/isolation/engines/dummy/bip32.ts
• packages/hdwallet-native/src/native.ts
• packages/hdwallet-native/src/starknet.ts
• packages/hdwallet-phantom/package.json
• packages/hdwallet-portis/package.json
• packages/hdwallet-trezor-connect/package.json
• packages/hdwallet-trezor/package.json
• packages/hdwallet-vultisig/package.json
• packages/hdwallet-walletconnect/package.json
• packages/hdwallet-walletconnectV2/package.json

🚧 Files skipped from review as they are similar to previous changes (15)

• packages/hdwallet-core/package.json
• packages/hdwallet-keepkey-webusb/package.json
• packages/hdwallet-coinbase/package.json
• packages/hdwallet-portis/package.json
• packages/hdwallet-keepkey-chromeusb/package.json
• packages/hdwallet-ledger-webhid/package.json
• packages/hdwallet-keplr/package.json
• packages/hdwallet-gridplus/package.json
• packages/hdwallet-native-vault/package.json
• packages/hdwallet-phantom/package.json
• lerna.json
• packages/hdwallet-native/src/crypto/isolation/engines/default/bip32.ts
• packages/hdwallet-walletconnect/package.json
• packages/hdwallet-ledger-webusb/package.json
• packages/hdwallet-native/package.json

🧰 Additional context used

🧠 Learnings (9)

📚 Learning: 2025-12-12T11:19:53.263Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 769
File: packages/hdwallet-walletconnectV2/src/walletconnectV2.ts:150-152
Timestamp: 2025-12-12T11:19:53.263Z
Learning: In the shapeshift/hdwallet monorepo, remove reliance on ethSupportsNetwork() across wallet implementations. This legacy method is no longer used to determine chain support. Instead, rely on the wallet class flags like _supportsMonad, _supportsPlasma, _supportsHyperEvm. Review all wallet implementations for ethSupportsNetwork() usage and migrate checks to the corresponding _supports* flags, updating tests and any affected logic accordingly.

Applied to files:

• packages/hdwallet-native/src/crypto/isolation/engines/default/index.ts
• packages/hdwallet-native/src/crypto/isolation/core/index.ts
• packages/hdwallet-native/src/crypto/isolation/core/stark/interfaces.ts
• packages/hdwallet-native/src/crypto/isolation/core/bip32/interfaces.ts
• packages/hdwallet-native/src/crypto/isolation/engines/dummy/bip32.ts
• packages/hdwallet-native/src/crypto/isolation/adapters/stark.ts
• packages/hdwallet-core/src/starknet.ts
• packages/hdwallet-native/src/crypto/isolation/core/stark/index.ts
• packages/hdwallet-native/src/crypto/isolation/engines/default/stark.ts
• packages/hdwallet-native/src/starknet.ts
• packages/hdwallet-native/src/crypto/isolation/adapters/starknet.ts
• packages/hdwallet-native/src/native.ts
• packages/hdwallet-native/src/crypto/isolation/adapters/index.ts

📚 Learning: 2025-08-07T15:47:29.207Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: packages/hdwallet-ledger/src/transport.ts:10-10
Timestamp: 2025-08-07T15:47:29.207Z
Learning: In the shapeshiftoss/hdwallet monorepo, ts-ignore is used instead of ts-expect-error for Ledger transport imports because the code works locally without TypeScript errors but has issues in CI environment. Using ts-expect-error would fail locally since there are no actual errors to suppress.

Applied to files:

• packages/hdwallet-native/src/crypto/isolation/core/index.ts
• packages/hdwallet-keepkey-electron/package.json
• packages/hdwallet-native/src/crypto/isolation/core/bip32/interfaces.ts
• packages/hdwallet-vultisig/package.json
• packages/hdwallet-keepkey-tcp/package.json
• packages/hdwallet-metamask-multichain/package.json
• packages/hdwallet-keepkey/package.json
• packages/hdwallet-keepkey-nodewebusb/package.json
• packages/hdwallet-keepkey-nodehid/package.json
• integration/package.json
• packages/hdwallet-trezor/package.json
• packages/hdwallet-trezor-connect/package.json
• examples/sandbox/package.json
• packages/hdwallet-native/src/native.ts
• packages/hdwallet-ledger/package.json
• packages/hdwallet-walletconnectV2/package.json
• packages/hdwallet-native/src/crypto/isolation/adapters/index.ts

📚 Learning: 2025-08-07T15:27:03.179Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: packages/hdwallet-ledger/package.json:36-36
Timestamp: 2025-08-07T15:27:03.179Z
Learning: In the shapeshiftoss/hdwallet monorepo, the ledgerhq/hw-transport dependency in packages/hdwallet-ledger/package.json is pinned to an exact version (without caret) due to type mismatches that occur with newer versions. Other Ledger dependencies can safely use caret ranges.

Applied to files:

• packages/hdwallet-keepkey-electron/package.json
• packages/hdwallet-native/src/crypto/isolation/core/bip32/interfaces.ts
• packages/hdwallet-vultisig/package.json
• packages/hdwallet-keepkey-tcp/package.json
• packages/hdwallet-metamask-multichain/package.json
• packages/hdwallet-keepkey/package.json
• packages/hdwallet-keepkey-nodewebusb/package.json
• packages/hdwallet-keepkey-nodehid/package.json
• integration/package.json
• packages/hdwallet-trezor/package.json
• packages/hdwallet-trezor-connect/package.json
• examples/sandbox/package.json
• packages/hdwallet-ledger/package.json
• packages/hdwallet-walletconnectV2/package.json

📚 Learning: 2025-08-07T15:23:54.858Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: packages/hdwallet-coinbase/package.json:18-18
Timestamp: 2025-08-07T15:23:54.858Z
Learning: In the shapeshiftoss/hdwallet monorepo, package version bumps are done in PRs before publishing. The packages are published after the PR is merged, so dependency versions may reference unpublished versions during the PR review phase. This is expected behavior in their release workflow.

Applied to files:

• packages/hdwallet-keepkey-electron/package.json
• packages/hdwallet-vultisig/package.json
• packages/hdwallet-keepkey-tcp/package.json
• packages/hdwallet-metamask-multichain/package.json
• packages/hdwallet-keepkey/package.json
• packages/hdwallet-keepkey-nodewebusb/package.json
• packages/hdwallet-keepkey-nodehid/package.json
• integration/package.json
• packages/hdwallet-trezor/package.json
• packages/hdwallet-trezor-connect/package.json
• examples/sandbox/package.json
• packages/hdwallet-ledger/package.json
• packages/hdwallet-walletconnectV2/package.json

📚 Learning: 2025-08-07T15:24:19.530Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: packages/hdwallet-ledger-webusb/package.json:3-3
Timestamp: 2025-08-07T15:24:19.530Z
Learning: In the shapeshiftoss/hdwallet monorepo, the team runs `yarn build` before bumping versions and also before publishing packages. This ensures that dist/ artifacts (including UMD bundles) are properly regenerated after dependency updates.

Applied to files:

• packages/hdwallet-keepkey-electron/package.json
• packages/hdwallet-vultisig/package.json
• packages/hdwallet-keepkey-tcp/package.json
• packages/hdwallet-metamask-multichain/package.json
• packages/hdwallet-keepkey/package.json
• packages/hdwallet-keepkey-nodewebusb/package.json
• packages/hdwallet-keepkey-nodehid/package.json
• integration/package.json
• packages/hdwallet-trezor/package.json
• packages/hdwallet-trezor-connect/package.json
• examples/sandbox/package.json
• packages/hdwallet-ledger/package.json
• packages/hdwallet-walletconnectV2/package.json

📚 Learning: 2025-12-09T13:48:55.139Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 764
File: packages/hdwallet-gridplus/package.json:0-0
Timestamp: 2025-12-09T13:48:55.139Z
Learning: In the shapeshiftoss/hdwallet monorepo, the dist/ directory is not version controlled (not tracked in git). Build artifacts are generated during the build/publish workflow, not committed to the repository.

Applied to files:

• packages/hdwallet-keepkey-electron/package.json
• packages/hdwallet-vultisig/package.json
• packages/hdwallet-keepkey-tcp/package.json
• packages/hdwallet-metamask-multichain/package.json
• packages/hdwallet-keepkey/package.json
• packages/hdwallet-keepkey-nodewebusb/package.json
• packages/hdwallet-keepkey-nodehid/package.json
• integration/package.json
• packages/hdwallet-trezor/package.json
• packages/hdwallet-trezor-connect/package.json
• examples/sandbox/package.json
• packages/hdwallet-ledger/package.json
• packages/hdwallet-walletconnectV2/package.json

📚 Learning: 2025-08-07T15:47:26.835Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: packages/hdwallet-ledger-webusb/src/transport.ts:12-12
Timestamp: 2025-08-07T15:47:26.835Z
Learning: In the shapeshiftoss/hdwallet monorepo, ts-ignore is used instead of ts-expect-error for Ledger transport imports because the CI environment has different type checking behavior than local development. The code works locally without errors, but CI reports type issues, so ts-ignore is necessary to suppress the inconsistent type checking across environments.

Applied to files:

• packages/hdwallet-keepkey-electron/package.json
• packages/hdwallet-native/src/crypto/isolation/core/bip32/interfaces.ts
• packages/hdwallet-vultisig/package.json
• packages/hdwallet-keepkey-tcp/package.json
• packages/hdwallet-metamask-multichain/package.json
• packages/hdwallet-keepkey/package.json
• packages/hdwallet-keepkey-nodewebusb/package.json
• packages/hdwallet-keepkey-nodehid/package.json
• integration/package.json
• packages/hdwallet-trezor/package.json
• packages/hdwallet-trezor-connect/package.json
• examples/sandbox/package.json
• packages/hdwallet-ledger/package.json
• packages/hdwallet-walletconnectV2/package.json
• packages/hdwallet-native/src/crypto/isolation/adapters/index.ts

📚 Learning: 2025-12-12T11:19:53.179Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 769
File: packages/hdwallet-ledger/src/ledger.ts:403-405
Timestamp: 2025-12-12T11:19:53.179Z
Learning: In packages/hdwallet-ledger/src/ethereum.ts, the ethSupportsNetwork function is a legacy/unused function that only returns true for chainId === 1. The Ledger ETH module does not call ethSupportsNetwork to validate chain support during signing operations - it accepts any chainId passed in the ETHSignTx message directly, so chain support flags can be enabled without needing to update ethSupportsNetwork.

Applied to files:

• packages/hdwallet-native/src/crypto/isolation/core/bip32/interfaces.ts
• packages/hdwallet-core/src/starknet.ts
• packages/hdwallet-native/src/starknet.ts

📚 Learning: 2025-12-12T11:20:00.907Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 769
File: packages/hdwallet-walletconnectV2/src/walletconnectV2.ts:150-152
Timestamp: 2025-12-12T11:20:00.907Z
Learning: In the shapeshift/hdwallet monorepo, the `ethSupportsNetwork()` method in wallet implementations is a legacy/relic method that is no longer used. Chain support is determined by the `_supports*` flags (e.g., `_supportsMonad`, `_supportsPlasma`, `_supportsHyperEvm`) on the wallet classes, not by the `ethSupportsNetwork()` method.

Applied to files:

• packages/hdwallet-metamask-multichain/package.json
• packages/hdwallet-keepkey/package.json
• packages/hdwallet-trezor/package.json
• examples/sandbox/package.json
• packages/hdwallet-walletconnectV2/package.json

🧬 Code graph analysis (6)

packages/hdwallet-native/src/crypto/isolation/core/stark/interfaces.ts (3)

packages/hdwallet-native/src/crypto/isolation/core/bip32/interfaces.ts (1)

• Node (13-18)

packages/hdwallet-native/src/crypto/isolation/engines/default/stark.ts (1)

• Node (21-99)

packages/hdwallet-native/src/crypto/isolation/core/index.ts (1)

• Revocable (14-17)

packages/hdwallet-native/src/crypto/isolation/core/bip32/interfaces.ts (2)

packages/hdwallet-native/src/crypto/isolation/core/stark/interfaces.ts (1)

• Node (11-17)

packages/hdwallet-native/src/crypto/isolation/engines/default/stark.ts (1)

• Node (21-99)

packages/hdwallet-core/src/starknet.ts (4)

packages/hdwallet-core/src/wallet.ts (4)

• BIP32Path (23-23)
• HDWalletInfo (303-359)
• HDWallet (361-476)
• PathDescription (88-98)

packages/hdwallet-native/src/crypto/isolation/adapters/bip32.ts (1)

• path (98-106)

packages/hdwallet-core/src/utils.ts (2)

• addressNListToBIP32 (96-98)
• slip44ByCoin (179-181)

packages/hdwallet-native/src/starknet.ts (1)

• starknetGetAccountPaths (11-13)

packages/hdwallet-native/src/crypto/isolation/engines/default/stark.ts (4)

packages/hdwallet-native/src/crypto/isolation/core/bip32/interfaces.ts (1)

• Node (13-18)

packages/hdwallet-native/src/crypto/isolation/engines/default/bip32.ts (1)

• Node (12-153)

packages/hdwallet-native/src/crypto/isolation/core/index.ts (1)

• Revocable (14-17)

packages/hdwallet-native/src/crypto/isolation/types.ts (2)

• safeBufferFrom (157-163)
• checkType (104-107)

packages/hdwallet-native/src/starknet.ts (4)

packages/hdwallet-core/src/starknet.ts (7)

• StarknetWalletInfo (30-35)
• StarknetGetAccountPaths (22-24)
• StarknetAccountPath (26-28)
• StarknetGetAddress (4-7)
• StarknetGetPublicKey (9-11)
• StarknetSignTx (13-16)
• StarknetSignedTx (18-20)

packages/hdwallet-native/src/native.ts (1)

• NativeHDWalletBase (93-124)

packages/hdwallet-native/src/crypto/isolation/adapters/starknet.ts (1)

• StarknetAdapter (11-58)

packages/hdwallet-native/src/crypto/isolation/engines/default/stark.ts (1)

• Node (21-99)

packages/hdwallet-native/src/crypto/isolation/adapters/starknet.ts (1)

packages/hdwallet-core/src/wallet.ts (1)

• BIP32Path (23-23)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Build and Release

🔇 Additional comments (35)

packages/hdwallet-walletconnectV2/package.json (2)

3-3: LGTM! Pre-release version bump is correctly formatted.

The version bump to 1.62.33-starknet.1 follows semver conventions for pre-release tags and aligns with the StarkNet integration objectives.

---

18-18: LGTM! Dependency version correctly aligned with StarkNet pre-release.

The dependency update to ^1.62.33-starknet.1 maintains version alignment with the core package's pre-release tag and follows the expected workflow for this monorepo.

Based on learnings, version bumps referencing unpublished versions during PR review are part of the normal release workflow.

packages/hdwallet-trezor/package.json (1)

3-3: LGTM! Standard version bump for StarkNet prerelease.

The version bump to 1.62.33-starknet.1 and the dependency update to ^1.62.33-starknet.1 align with the monorepo-wide StarkNet integration. The caret range allows compatible patch updates within the prerelease series.

Based on learnings, package version bumps in PRs before publishing are expected in this repository's release workflow.

Also applies to: 20-20

packages/hdwallet-trezor-connect/package.json (1)

3-3: LGTM! Consistent version updates.

Version and dependency updates align with the StarkNet prerelease strategy. Both hdwallet-core and hdwallet-trezor dependencies correctly reference ^1.62.33-starknet.1.

Also applies to: 17-18

packages/hdwallet-metamask-multichain/package.json (1)

3-3: LGTM! Version bump follows monorepo pattern.

The version and hdwallet-core dependency updates are consistent with the StarkNet prerelease across the monorepo.

Also applies to: 20-20

packages/hdwallet-keepkey/package.json (1)

3-3: LGTM! Standard StarkNet prerelease version bump.

Version and dependency updates are consistent with the broader StarkNet integration effort.

Also applies to: 24-24

packages/hdwallet-keepkey-nodehid/package.json (1)

3-3: LGTM! Transitive dependency update.

The version bump and hdwallet-keepkey dependency update maintain consistency across the KeepKey package family for the StarkNet prerelease.

Also applies to: 17-17

packages/hdwallet-keepkey-electron/package.json (1)

3-3: LGTM! Version alignment across KeepKey packages.

The version and hdwallet-keepkey dependency updates complete the consistent versioning across the KeepKey Electron integration for the StarkNet prerelease.

Also applies to: 17-17

packages/hdwallet-native/src/crypto/isolation/engines/default/index.ts (1)

4-4: The Stark module exists and properly exports Stark-related functionality.

The export follows the established pattern for isolation engines. The ./stark module at packages/hdwallet-native/src/crypto/isolation/engines/default/stark.ts correctly re-exports from ../../core/stark and exports a Node class implementing Core.Stark.Node.

packages/hdwallet-native/src/crypto/isolation/engines/dummy/bip32.ts (1)

122-124: LGTM! Consistent with dummy engine pattern.

The toStarkMasterKey method correctly follows the dummy engine pattern by throwing DummyEngineError, mirroring the existing toEd25519MasterKey implementation. The Core.Stark.Node type is properly defined and exported from the Core namespace.

packages/hdwallet-native/src/crypto/isolation/core/bip32/interfaces.ts (1)

3-3: LGTM - Consistent interface extension for Stark support.

The addition of Stark import and toStarkMasterKey() method follows the established pattern for master key derivation (secp256k1, Ed25519). The interface extension aligns with the broader Starknet integration across the codebase.

Also applies to: 10-10

packages/hdwallet-vultisig/package.json (1)

3-3: Standard pre-release version bump.

The version and dependency updates align with the Starknet integration release workflow. Based on learnings, these pre-release versions are expected to reference unpublished dependencies during PR review.

Also applies to: 20-20

packages/hdwallet-keepkey-nodewebusb/package.json (1)

3-3: Version bump consistent with Starknet release.

Package version and dependencies updated to the Starknet pre-release tag as expected.

Also applies to: 17-18

packages/hdwallet-core/src/starknet.ts (2)

4-43: LGTM - Well-structured Starknet wallet interfaces.

The interface hierarchy follows the established pattern in hdwallet-core:

• Message types for address retrieval, signing, and account paths
• StarknetWalletInfo for informational capabilities
• StarknetWallet for full wallet operations including async methods

The signature format using string[] aligns with ECDSA signature components (r, s).

---

70-73: Path generation consistent with validation logic.

The starknetGetAccountPaths function generates paths matching the validation rules in starknetDescribePath, maintaining consistency across the API.

packages/hdwallet-native/src/crypto/isolation/core/index.ts (1)

6-6: Consistent module export.

The Stark export follows the established pattern for crypto isolation core modules.

packages/hdwallet-keepkey-tcp/package.json (1)

3-3: Version alignment for Starknet release.

Package and dependencies updated consistently with the pre-release workflow.

Also applies to: 17-18

packages/hdwallet-native/src/crypto/isolation/core/stark/index.ts (1)

1-2: Clean barrel export for Stark isolation core.

Re-exporting derivePath from BIP32 is appropriate since Stark key derivation follows SLIP-0010 (BIP32-compatible) per the implementation notes.

packages/hdwallet-ledger/package.json (1)

3-3: Version bump for Starknet integration.

Package version and hdwallet-core dependency updated consistently. Note: The pinned @ledgerhq/hw-transport version (line 27) remains unchanged as expected per repository conventions.

Also applies to: 31-31

packages/hdwallet-native/src/crypto/isolation/adapters/index.ts (1)

4-12: LGTM!

The new Stark and Starknet adapter exports are correctly added and integrate well with the existing export structure.

packages/hdwallet-native/src/crypto/isolation/core/stark/interfaces.ts (1)

1-17: Well-structured interface.

The Stark Node interface is well-designed, following the same pattern as BIP32.Node while adapting return types for Stark-specific operations. The documentation clearly explains the hybrid approach (BIP32 secp256k1 derivation + Stark key grinding).

Note: The derive method accepts number while the implementation in engines/default/stark.ts uses Uint32. This works since Uint32 is a branded number, but consider using Uint32 in the interface for consistency if it's exported from the types module.

integration/package.json (1)

3-24: LGTM!

Version bump to 1.62.33-starknet.1 pre-release tag is appropriate for the StarkNet feature branch. Based on learnings, this monorepo's workflow expects dependency versions to reference unpublished versions during PR review, with packages published after merge.

examples/sandbox/package.json (1)

3-33: LGTM!

Consistent version bump to 1.62.33-starknet.1 across all hdwallet dependencies, aligning with the StarkNet feature release.

packages/hdwallet-native/src/crypto/isolation/engines/default/stark.ts (2)

45-65: LGTM on key grinding and signing.

The implementation correctly applies starknet.grindKey() before Stark curve operations and properly pads signatures to 64 hex characters (256 bits). This follows industry standards for Starknet key derivation.

---

21-40: LGTM on secure key handling.

Good practices observed:

• Private key length validation
• Revocation hook to zero-fill private key on cleanup
• ChainCode type validation
• Async factory pattern with revocable wrapper

packages/hdwallet-native/src/starknet.ts (2)

36-56: LGTM on wallet operations.

The starknetGetAddress, starknetGetPublicKey, and starknetSignTx methods correctly use the needsMnemonic guard pattern to ensure the wallet is initialized before performing operations. The async/await flow properly handles the Promise returns.

---

27-34: LGTM on initialization and cleanup.

The starknetInitializeWallet properly creates the adapter chain (Stark Node → StarkAdapter → StarknetAdapter), and starknetWipe cleans up by setting the adapter to undefined.

packages/hdwallet-native/src/crypto/isolation/adapters/stark.ts (1)

25-27: No changes needed. Stark.derivePath is properly exported from ../core (re-exported from ../bip32) and correctly handles StarkAdapter instances. The method signature matches the required Derivable interface constraint.

packages/hdwallet-native/src/native.ts (7)

19-19: LGTM! Import follows established pattern.

The StarkNet mixin imports are consistent with other chain integrations.

---

132-141: LGTM! Mixin chain integration is correct.

The StarkNet mixin is properly inserted into the NativeHDWalletInfo inheritance chain.

---

161-161: LGTM! Interface implementation declared correctly.

---

220-222: LGTM! Path description routing is correct.

The StarkNet path routing follows the established pattern and includes both the full name and ticker alias.

---

238-246: LGTM! Mixin chain integration is correct.

The StarkNet wallet mixin is properly inserted into the NativeHDWallet inheritance chain.

---

265-265: LGTM! Wallet interface implementation declared correctly.

---

387-399: LGTM! Initialization logic is correct.

The StarkNet master key is properly checked, awaited, and passed to the wallet initialization.

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

packages/hdwallet-native/src/native.ts (1)

448-474: Missing starkMasterKey revocation in wipe().

The wipe() method revokes oldSecp256k1MasterKey and oldEd25519MasterKey (lines 472-473) but doesn't store or revoke the stark master key. This leaves the Stark private key material in memory after wipe.

🔎 Proposed fix

   async wipe(): Promise<void> {
     const oldSecp256k1MasterKey = this.#secp256k1MasterKey;
     const oldEd25519MasterKey = this.#ed25519MasterKey;
+    const oldStarkMasterKey = this.#starkMasterKey;

     this.#initialized = false;
     this.#secp256k1MasterKey = undefined;
     this.#ed25519MasterKey = undefined;
+    this.#starkMasterKey = undefined;

     super.solanaWipe();
     super.suiWipe();
     super.btcWipe();
     super.ethWipe();
     super.cosmosWipe();
     super.osmosisWipe();
     super.binanceWipe();
     super.starknetWipe();
     super.tronWipe();
     super.thorchainWipe();
     super.mayachainWipe();
     super.secretWipe();
     super.terraWipe();
     super.kavaWipe();
     super.arkeoWipe();

     (await oldSecp256k1MasterKey)?.revoke?.();
     (await oldEd25519MasterKey)?.revoke?.();
+    (await oldStarkMasterKey)?.revoke?.();
   }

♻️ Duplicate comments (1)

packages/hdwallet-native/package.json (1)

19-19: StarkNet dependencies are outdated.

The added StarkNet dependencies (@scure/starknet@^1.0.0 and starknet@^6.11.0) are outdated. Current versions are @scure/starknet@2.0.0 and starknet@9.2.1, which include bug fixes, performance improvements, and newer API features.

Also applies to: 42-42

🧹 Nitpick comments (2)

packages/hdwallet-native/src/crypto/isolation/adapters/starknet.ts (1)

36-38: Consider making the account class hash configurable.

The OpenZeppelin account class hash is hardcoded to v0.15.0-rc.0. As OpenZeppelin releases new account contract versions, this hash will become stale and users won't be able to use newer contract implementations.

🔎 Suggested approach

Consider accepting the class hash as an optional constructor parameter with the current value as default:

 export class StarknetAdapter {
   protected readonly nodeAdapter: Isolation.Adapters.Stark;
+  private readonly accountClassHash: string;

-  // OpenZeppelin account v0.15.0-rc.0 class hash (used by most wallets)
-  // See: https://docs.openzeppelin.com/contracts-cairo/0.14.0/accounts
-  private readonly OZ_ACCOUNT_CLASS_HASH = "0x05b4b537eaa2399e3aa99c4e2e0208ebd6c71bc1467938cd52c798c601e43564";
+  // Default: OpenZeppelin account v0.15.0-rc.0 class hash
+  // See: https://docs.openzeppelin.com/contracts-cairo/0.14.0/accounts
+  private static readonly DEFAULT_OZ_ACCOUNT_CLASS_HASH = "0x05b4b537eaa2399e3aa99c4e2e0208ebd6c71bc1467938cd52c798c601e43564";

-  constructor(nodeAdapter: Isolation.Adapters.Stark) {
+  constructor(nodeAdapter: Isolation.Adapters.Stark, accountClassHash?: string) {
     this.nodeAdapter = nodeAdapter;
+    this.accountClassHash = accountClassHash ?? StarknetAdapter.DEFAULT_OZ_ACCOUNT_CLASS_HASH;
   }

packages/hdwallet-native/src/native.ts (1)

389-426: Clean initialization flow with proper error handling.

The initialization correctly:

• Requires all three master keys (secp256k1, ed25519, stark) before proceeding
• Includes starknetInitializeWallet in Promise.all for parallel initialization
• Wipes on error to prevent partial initialization state
• Previous debug logging has been removed

Note: The eslint-disable-next-line no-console on line 389 appears to be a leftover from previous debug statements that were removed. Consider removing it.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 1a2fc8c and 11f947d.

📒 Files selected for processing (36)

• examples/sandbox/package.json
• integration/package.json
• lerna.json
• packages/hdwallet-coinbase/package.json
• packages/hdwallet-core/package.json
• packages/hdwallet-gridplus/package.json
• packages/hdwallet-keepkey-chromeusb/package.json
• packages/hdwallet-keepkey-electron/package.json
• packages/hdwallet-keepkey-nodehid/package.json
• packages/hdwallet-keepkey-nodewebusb/package.json
• packages/hdwallet-keepkey-tcp/package.json
• packages/hdwallet-keepkey-webusb/package.json
• packages/hdwallet-keepkey/package.json
• packages/hdwallet-keplr/package.json
• packages/hdwallet-ledger-webhid/package.json
• packages/hdwallet-ledger-webusb/package.json
• packages/hdwallet-ledger/package.json
• packages/hdwallet-metamask-multichain/package.json
• packages/hdwallet-native-vault/package.json
• packages/hdwallet-native/package.json
• packages/hdwallet-native/src/adapter.ts
• packages/hdwallet-native/src/crypto/isolation/adapters/stark.ts
• packages/hdwallet-native/src/crypto/isolation/adapters/starknet.ts
• packages/hdwallet-native/src/crypto/isolation/core/stark/interfaces.ts
• packages/hdwallet-native/src/crypto/isolation/engines/default/bip32.ts
• packages/hdwallet-native/src/crypto/isolation/engines/default/stark.ts
• packages/hdwallet-native/src/crypto/isolation/engines/dummy/bip32.ts
• packages/hdwallet-native/src/native.ts
• packages/hdwallet-native/src/starknet.ts
• packages/hdwallet-phantom/package.json
• packages/hdwallet-portis/package.json
• packages/hdwallet-trezor-connect/package.json
• packages/hdwallet-trezor/package.json
• packages/hdwallet-vultisig/package.json
• packages/hdwallet-walletconnect/package.json
• packages/hdwallet-walletconnectV2/package.json

🚧 Files skipped from review as they are similar to previous changes (22)

• packages/hdwallet-walletconnect/package.json
• packages/hdwallet-trezor/package.json
• packages/hdwallet-keepkey-tcp/package.json
• packages/hdwallet-native/src/crypto/isolation/adapters/stark.ts
• packages/hdwallet-ledger-webhid/package.json
• packages/hdwallet-keepkey-electron/package.json
• examples/sandbox/package.json
• packages/hdwallet-keplr/package.json
• packages/hdwallet-phantom/package.json
• packages/hdwallet-keepkey-nodehid/package.json
• packages/hdwallet-ledger-webusb/package.json
• packages/hdwallet-metamask-multichain/package.json
• packages/hdwallet-vultisig/package.json
• packages/hdwallet-trezor-connect/package.json
• lerna.json
• packages/hdwallet-core/package.json
• packages/hdwallet-coinbase/package.json
• packages/hdwallet-walletconnectV2/package.json
• packages/hdwallet-keepkey-chromeusb/package.json
• packages/hdwallet-keepkey/package.json
• packages/hdwallet-portis/package.json
• packages/hdwallet-gridplus/package.json

🧰 Additional context used

🧠 Learnings (15)

📓 Common learnings

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 774
File: packages/hdwallet-native/src/starknet.ts:16-18
Timestamp: 2025-12-24T17:35:44.759Z
Learning: In packages/hdwallet-native/src/ chain implementation files (e.g., tron.ts, sui.ts, solana.ts, starknet.ts), the `NextAccountPath()` methods in WalletInfo mixins conventionally throw `new Error("Method not implemented")`. This is an intentional pattern across chain families and these methods are unused.

📚 Learning: 2025-12-12T11:19:53.263Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 769
File: packages/hdwallet-walletconnectV2/src/walletconnectV2.ts:150-152
Timestamp: 2025-12-12T11:19:53.263Z
Learning: In the shapeshift/hdwallet monorepo, remove reliance on ethSupportsNetwork() across wallet implementations. This legacy method is no longer used to determine chain support. Instead, rely on the wallet class flags like _supportsMonad, _supportsPlasma, _supportsHyperEvm. Review all wallet implementations for ethSupportsNetwork() usage and migrate checks to the corresponding _supports* flags, updating tests and any affected logic accordingly.

Applied to files:

• packages/hdwallet-native/src/adapter.ts
• packages/hdwallet-native/src/crypto/isolation/engines/dummy/bip32.ts
• packages/hdwallet-native/src/crypto/isolation/core/stark/interfaces.ts
• packages/hdwallet-native/src/crypto/isolation/engines/default/bip32.ts
• packages/hdwallet-native/src/crypto/isolation/adapters/starknet.ts
• packages/hdwallet-native/src/native.ts
• packages/hdwallet-native/src/starknet.ts
• packages/hdwallet-native/src/crypto/isolation/engines/default/stark.ts

📚 Learning: 2025-12-24T17:35:44.759Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 774
File: packages/hdwallet-native/src/starknet.ts:16-18
Timestamp: 2025-12-24T17:35:44.759Z
Learning: In the files under packages/hdwallet-native/src (e.g., tron.ts, sui.ts, solana.ts, starknet.ts), the NextAccountPath() methods in WalletInfo mixins intentionally throw new Error("Method not implemented"). These methods exist as placeholders and are not used by the chain implementations. Treat these methods as intentionally non-operational: do not call them, and consider removing or documenting them to avoid confusion. This guideline applies broadly to all chain implementation files in this directory.

Applied to files:

• packages/hdwallet-native/src/adapter.ts
• packages/hdwallet-native/src/native.ts
• packages/hdwallet-native/src/starknet.ts

📚 Learning: 2025-12-24T17:35:44.759Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 774
File: packages/hdwallet-native/src/starknet.ts:16-18
Timestamp: 2025-12-24T17:35:44.759Z
Learning: In packages/hdwallet-native/src/ chain implementation files (e.g., tron.ts, sui.ts, solana.ts, starknet.ts), the `NextAccountPath()` methods in WalletInfo mixins conventionally throw `new Error("Method not implemented")`. This is an intentional pattern across chain families and these methods are unused.

Applied to files:

• packages/hdwallet-native/src/crypto/isolation/engines/dummy/bip32.ts
• packages/hdwallet-native/src/crypto/isolation/core/stark/interfaces.ts
• packages/hdwallet-native/src/crypto/isolation/engines/default/bip32.ts
• packages/hdwallet-native/src/crypto/isolation/adapters/starknet.ts
• packages/hdwallet-native/src/crypto/isolation/engines/default/stark.ts

📚 Learning: 2025-08-07T15:23:54.858Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: packages/hdwallet-coinbase/package.json:18-18
Timestamp: 2025-08-07T15:23:54.858Z
Learning: In the shapeshiftoss/hdwallet monorepo, package version bumps are done in PRs before publishing. The packages are published after the PR is merged, so dependency versions may reference unpublished versions during the PR review phase. This is expected behavior in their release workflow.

Applied to files:

• packages/hdwallet-native-vault/package.json
• packages/hdwallet-keepkey-webusb/package.json
• packages/hdwallet-keepkey-nodewebusb/package.json
• integration/package.json
• packages/hdwallet-ledger/package.json
• packages/hdwallet-native/package.json

📚 Learning: 2025-08-07T15:27:03.179Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: packages/hdwallet-ledger/package.json:36-36
Timestamp: 2025-08-07T15:27:03.179Z
Learning: In the shapeshiftoss/hdwallet monorepo, the ledgerhq/hw-transport dependency in packages/hdwallet-ledger/package.json is pinned to an exact version (without caret) due to type mismatches that occur with newer versions. Other Ledger dependencies can safely use caret ranges.

Applied to files:

• packages/hdwallet-native-vault/package.json
• packages/hdwallet-keepkey-webusb/package.json
• packages/hdwallet-keepkey-nodewebusb/package.json
• integration/package.json
• packages/hdwallet-ledger/package.json
• packages/hdwallet-native/package.json
• packages/hdwallet-native/src/starknet.ts

📚 Learning: 2025-08-07T15:24:19.530Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: packages/hdwallet-ledger-webusb/package.json:3-3
Timestamp: 2025-08-07T15:24:19.530Z
Learning: In the shapeshiftoss/hdwallet monorepo, the team runs `yarn build` before bumping versions and also before publishing packages. This ensures that dist/ artifacts (including UMD bundles) are properly regenerated after dependency updates.

Applied to files:

• packages/hdwallet-native-vault/package.json
• packages/hdwallet-keepkey-webusb/package.json
• packages/hdwallet-keepkey-nodewebusb/package.json
• integration/package.json
• packages/hdwallet-ledger/package.json
• packages/hdwallet-native/package.json

📚 Learning: 2025-12-09T13:48:55.139Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 764
File: packages/hdwallet-gridplus/package.json:0-0
Timestamp: 2025-12-09T13:48:55.139Z
Learning: In the shapeshiftoss/hdwallet monorepo, the dist/ directory is not version controlled (not tracked in git). Build artifacts are generated during the build/publish workflow, not committed to the repository.

Applied to files:

• packages/hdwallet-native-vault/package.json
• packages/hdwallet-keepkey-webusb/package.json
• packages/hdwallet-keepkey-nodewebusb/package.json
• integration/package.json
• packages/hdwallet-ledger/package.json
• packages/hdwallet-native/package.json

📚 Learning: 2025-08-07T15:47:29.207Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: packages/hdwallet-ledger/src/transport.ts:10-10
Timestamp: 2025-08-07T15:47:29.207Z
Learning: In the shapeshiftoss/hdwallet monorepo, ts-ignore is used instead of ts-expect-error for Ledger transport imports because the code works locally without TypeScript errors but has issues in CI environment. Using ts-expect-error would fail locally since there are no actual errors to suppress.

Applied to files:

• packages/hdwallet-native-vault/package.json
• packages/hdwallet-keepkey-webusb/package.json
• packages/hdwallet-keepkey-nodewebusb/package.json
• integration/package.json
• packages/hdwallet-native/src/crypto/isolation/engines/default/bip32.ts
• packages/hdwallet-native/src/native.ts
• packages/hdwallet-ledger/package.json
• packages/hdwallet-native/package.json
• packages/hdwallet-native/src/starknet.ts

📚 Learning: 2025-08-07T15:47:26.835Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: packages/hdwallet-ledger-webusb/src/transport.ts:12-12
Timestamp: 2025-08-07T15:47:26.835Z
Learning: In the shapeshiftoss/hdwallet monorepo, ts-ignore is used instead of ts-expect-error for Ledger transport imports because the CI environment has different type checking behavior than local development. The code works locally without errors, but CI reports type issues, so ts-ignore is necessary to suppress the inconsistent type checking across environments.

Applied to files:

• packages/hdwallet-native-vault/package.json
• packages/hdwallet-keepkey-webusb/package.json
• packages/hdwallet-keepkey-nodewebusb/package.json
• integration/package.json
• packages/hdwallet-native/src/crypto/isolation/engines/default/bip32.ts
• packages/hdwallet-native/src/native.ts
• packages/hdwallet-ledger/package.json
• packages/hdwallet-native/src/starknet.ts

📚 Learning: 2025-10-15T23:22:26.842Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 731
File: packages/hdwallet-gridplus/src/thormaya.ts:99-105
Timestamp: 2025-10-15T23:22:26.842Z
Learning: In packages/hdwallet-gridplus/src/thormaya.ts, the GridPlus SDK (gridplus-sdk) automatically pads the r and s signature components to 32 bytes, so explicit padding in the code may be redundant but is not required. The thorchainSignTx implementation works without explicit padding because the SDK handles it.

Applied to files:

• packages/hdwallet-native/src/crypto/isolation/engines/default/bip32.ts

📚 Learning: 2025-11-20T11:04:44.808Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 737
File: packages/hdwallet-trezor/src/ethereum.ts:122-138
Timestamp: 2025-11-20T11:04:44.808Z
Learning: In packages/hdwallet-trezor/src/ethereum.ts, the ethSignTypedData function correctly returns the signature from res.payload.signature without adding a "0x" prefix. This works correctly in practice and has been tested, despite appearing inconsistent with ethSignMessage which does add the prefix. The Trezor Connect ethereumSignTypedData response already provides the signature in the correct format for consumption.

Applied to files:

• packages/hdwallet-native/src/crypto/isolation/engines/default/bip32.ts
• packages/hdwallet-native/src/starknet.ts

📚 Learning: 2025-10-14T20:59:48.768Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 731
File: packages/hdwallet-gridplus/src/ethereum.ts:117-124
Timestamp: 2025-10-14T20:59:48.768Z
Learning: In packages/hdwallet-gridplus/src/ethereum.ts, the GridPlus SDK's sign method returns v as a number (integer), not a Buffer, so the Buffer.isBuffer(v) check is always false and vRaw = v is used directly.

Applied to files:

• packages/hdwallet-native/src/crypto/isolation/engines/default/bip32.ts

📚 Learning: 2025-12-12T11:20:00.907Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 769
File: packages/hdwallet-walletconnectV2/src/walletconnectV2.ts:150-152
Timestamp: 2025-12-12T11:20:00.907Z
Learning: In the shapeshift/hdwallet monorepo, the `ethSupportsNetwork()` method in wallet implementations is a legacy/relic method that is no longer used. Chain support is determined by the `_supports*` flags (e.g., `_supportsMonad`, `_supportsPlasma`, `_supportsHyperEvm`) on the wallet classes, not by the `ethSupportsNetwork()` method.

Applied to files:

• packages/hdwallet-native/package.json

📚 Learning: 2025-12-12T11:19:53.179Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 769
File: packages/hdwallet-ledger/src/ledger.ts:403-405
Timestamp: 2025-12-12T11:19:53.179Z
Learning: In packages/hdwallet-ledger/src/ethereum.ts, the ethSupportsNetwork function is a legacy/unused function that only returns true for chainId === 1. The Ledger ETH module does not call ethSupportsNetwork to validate chain support during signing operations - it accepts any chainId passed in the ETHSignTx message directly, so chain support flags can be enabled without needing to update ethSupportsNetwork.

Applied to files:

• packages/hdwallet-native/src/starknet.ts

🧬 Code graph analysis (6)

packages/hdwallet-native/src/adapter.ts (3)

packages/hdwallet-native/src/crypto/isolation/core/bip39/interfaces.ts (1)

• Mnemonic (4-6)

packages/hdwallet-native/src/crypto/isolation/core/bip32/interfaces.ts (1)

• Node (13-18)

packages/hdwallet-native/src/crypto/isolation/core/ed25519/interfaces.ts (1)

• Node (3-7)

packages/hdwallet-native/src/crypto/isolation/engines/dummy/bip32.ts (2)

packages/hdwallet-native/src/crypto/isolation/core/stark/interfaces.ts (1)

• Node (30-40)

packages/hdwallet-native/src/crypto/isolation/engines/dummy/types.ts (1)

• DummyEngineError (4-8)

packages/hdwallet-native/src/crypto/isolation/core/stark/interfaces.ts (4)

packages/hdwallet-native/src/crypto/isolation/engines/default/stark.ts (1)

• Node (43-132)

packages/hdwallet-native/src/crypto/isolation/engines/dummy/bip32.ts (1)

• Node (11-101)

packages/hdwallet-native/src/crypto/isolation/core/bip32/interfaces.ts (1)

• Node (13-18)

packages/hdwallet-native/src/crypto/isolation/core/index.ts (1)

• Revocable (14-17)

packages/hdwallet-native/src/crypto/isolation/engines/default/bip32.ts (5)

packages/hdwallet-native/src/crypto/isolation/engines/default/stark.ts (1)

• Node (43-132)

packages/hdwallet-native/src/crypto/isolation/core/stark/interfaces.ts (1)

• Node (30-40)

packages/hdwallet-native/src/crypto/isolation/core/bip32/interfaces.ts (1)

• Node (13-18)

packages/hdwallet-native/src/crypto/isolation/core/ed25519/interfaces.ts (1)

• Node (3-7)

packages/hdwallet-native/src/crypto/isolation/types.ts (1)

• safeBufferFrom (157-163)

packages/hdwallet-native/src/crypto/isolation/adapters/starknet.ts (1)

packages/hdwallet-core/src/wallet.ts (1)

• BIP32Path (23-23)

packages/hdwallet-native/src/crypto/isolation/engines/default/stark.ts (5)

packages/hdwallet-native/src/crypto/isolation/engines/default/bip32.ts (1)

• Node (12-152)

packages/hdwallet-native/src/crypto/isolation/core/stark/interfaces.ts (1)

• Node (30-40)

packages/hdwallet-native/src/crypto/isolation/core/bip32/interfaces.ts (1)

• Node (13-18)

packages/hdwallet-native/src/crypto/isolation/core/index.ts (1)

• Revocable (14-17)

packages/hdwallet-native/src/crypto/isolation/types.ts (2)

• safeBufferFrom (157-163)
• checkType (104-107)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Build and Release

🔇 Additional comments (14)

packages/hdwallet-keepkey-nodewebusb/package.json (1)

3-3: Verify caret ranges work as intended with pre-release versions.

The use of caret ranges (^1.62.33-starknet.13) for internal dependencies may behave unexpectedly with pre-release versions due to semver resolution rules. In monorepos, exact versions (without ^) are typically preferred for pre-release dependencies to ensure all packages stay synchronized during the pre-release phase.

Please confirm this is intentional and aligns with your publish workflow.

Also applies to: 17-18

packages/hdwallet-native/package.json (1)

3-3: LGTM! Version bump is consistent.

The version bump to 1.62.33-starknet.13 and the hdwallet-core dependency update are consistent with the monorepo release pattern for StarkNet integration.

Also applies to: 21-21

packages/hdwallet-native-vault/package.json (1)

3-3: LGTM! Consistent version bumps.

The version bump and hdwallet-native dependency update are correctly aligned with the StarkNet integration release (1.62.33-starknet.13).

Also applies to: 18-18

packages/hdwallet-ledger/package.json (1)

3-3: LGTM! Consistent version bumps.

The version bump and hdwallet-core dependency update are correctly synchronized with the monorepo StarkNet integration release.

Also applies to: 31-31

integration/package.json (1)

3-3: LGTM! Comprehensive dependency synchronization.

The version bump and all hdwallet-* dependency updates are correctly synchronized to 1.62.33-starknet.13 across the integration package, maintaining consistency for the StarkNet integration release.

Also applies to: 15-24

packages/hdwallet-keepkey-webusb/package.json (1)

3-3: LGTM! Version bump aligns with StarkNet integration.

The version bump to 1.62.33-starknet.13 and corresponding dependency updates to ^1.62.33-starknet.13 are consistent with the coordinated StarkNet release across the monorepo. The package correctly inherits StarkNet support through its updated core dependencies.

Based on learnings, referencing unpublished prerelease versions during PR review is expected in your workflow.

Note that prerelease versions with caret ranges have specific semver behavior: ^1.62.33-starknet.13 will match subsequent starknet prereleases (e.g., 1.62.33-starknet.14) and patch versions (1.62.34+), but requires explicit version updates when promoting to a stable 1.62.33 release. Verify this prerelease strategy aligns with your intended release workflow.

Also applies to: 17-18

packages/hdwallet-native/src/adapter.ts (1)

6-36: LGTM! Clean type extension for StarkNet master key support.

The documentation clearly explains the different master key types and their purposes. The union type pattern correctly enforces mutual exclusivity between mnemonic-based and master-key-based initialization.

packages/hdwallet-native/src/crypto/isolation/core/stark/interfaces.ts (1)

1-40: Well-documented interface with clear STARK curve specifications.

The interface correctly adapts the BIP32 Node pattern for STARK curve operations. The documentation provides valuable context about the derivation approach and references to specifications.

packages/hdwallet-native/src/crypto/isolation/engines/default/bip32.ts (1)

188-212: LGTM! Consistent implementation following the established master key derivation pattern.

The toStarkMasterKey() correctly mirrors the toSecp256k1MasterKey() implementation:

• Uses "Bitcoin seed" HMAC key per SLIP-0010 standard (matching Argent/Ledger implementations)
• Properly splits HMAC output into private key (IL) and chain code (IR)
• Correctly wires revocation to clean up derived keys

The referenced community standard link validates this approach.

packages/hdwallet-native/src/crypto/isolation/engines/dummy/bip32.ts (1)

121-128: LGTM! Consistent with dummy engine pattern.

The dummy engine correctly throws DummyEngineError for Stark operations since STARK curve operations require actual private key material for key grinding and signing. This matches the existing toEd25519MasterKey() behavior.

packages/hdwallet-native/src/crypto/isolation/adapters/starknet.ts (1)

63-78: LGTM! Address computation correctly implements OpenZeppelin counterfactual deployment.

The implementation correctly:

• Compiles constructor calldata with the public key
• Uses the public key as salt (standard practice)
• Sets deployer to 0 for counterfactual deployment
• Zero-pads the result to 64 hex characters per Starknet spec

packages/hdwallet-native/src/starknet.ts (1)

7-54: LGTM! Wallet mixins follow established patterns.

The implementation correctly follows the chain mixin pattern used by other chains (Solana, Tron, Sui):

• _supportsStarknetInfo and _supportsStarknet flags properly set
• needsMnemonic guard consistently applied to all wallet operations
• Initialization creates adapter from master key
• Wipe clears the adapter

Based on learnings, the starknetNextAccountPath() throwing "Method not implemented" is an intentional pattern across chain families.

packages/hdwallet-native/src/crypto/isolation/engines/default/stark.ts (1)

43-131: LGTM! Robust Stark Node implementation with proper security practices.

The implementation correctly:

• Validates private key length and zeroes it on revocation
• Applies key grinding for both getPublicKey() and sign() per Starknet spec
• Pads signature components to 64 hex characters (addressed from previous review)
• Uses secp256k1 BIP32 derivation math per SLIP-0010 industry standard
• Properly chains revocation for derived keys

The documentation provides excellent context about the STARK curve parameters and derivation approach.

packages/hdwallet-native/src/native.ts (1)

527-547: LGTM! loadDevice correctly handles Stark master key derivation.

The implementation follows the same pattern as secp256k1 and ed25519 master key derivation:

• Accepts either pre-derived key or mnemonic
• Validates mnemonic before use
• Properly chains revocation from mnemonic → seed → master key

[coderabbitai]

Actionable comments posted: 4

♻️ Duplicate comments (1)

packages/hdwallet-native/package.json (1)

19-19: Starknet dependencies are outdated.

This has already been flagged in a previous review. The specified versions (@scure/starknet@1.0.0 and starknet@6.11.0) are significantly behind the latest releases (@scure/starknet@2.0.0 and starknet@9.2.1). Consider updating to benefit from bug fixes, performance improvements, and newer API features.

🧹 Nitpick comments (2)

packages/hdwallet-core/package.json (1)

25-25: Consider upgrading to a more recent RxJS 6.x or 7.x version.

Version 6.4.0 is from January 2019 and no longer receives updates. While no known security vulnerabilities exist, upgrading to at least 6.6.x (the last 6.x release) would improve long-term maintainability. If upgrading to 7.x, note that significant breaking changes exist, including migration of operator imports, toPromise → firstValueFrom/lastValueFrom, shareReplay patterns, multicasting API changes, and increased TypeScript version requirements.

packages/hdwallet-keepkey-electron/package.json (1)

20-22: Consider peer dependency flexibility.

Pinning electron to an exact version (12.0.9) as a peer dependency may be overly restrictive for consumers who use a compatible but different patch version. If consumers typically use a range of Electron 12.x versions, consider keeping the caret range for the peerDependency while pinning only the devDependency.

That said, if this aligns with the team's intentional policy for strict compatibility guarantees, the change is acceptable.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between bf77265 and 2a80641.

📒 Files selected for processing (26)

• examples/sandbox/package.json
• integration/package.json
• package.json
• packages/hdwallet-coinbase/package.json
• packages/hdwallet-core/package.json
• packages/hdwallet-gridplus/package.json
• packages/hdwallet-keepkey-electron/package.json
• packages/hdwallet-keepkey-nodehid/package.json
• packages/hdwallet-keepkey-nodewebusb/package.json
• packages/hdwallet-keepkey-tcp/package.json
• packages/hdwallet-keepkey-webusb/package.json
• packages/hdwallet-keepkey/package.json
• packages/hdwallet-keplr/package.json
• packages/hdwallet-ledger-webhid/package.json
• packages/hdwallet-ledger-webusb/package.json
• packages/hdwallet-ledger/package.json
• packages/hdwallet-metamask-multichain/package.json
• packages/hdwallet-native-vault/package.json
• packages/hdwallet-native/package.json
• packages/hdwallet-phantom/package.json
• packages/hdwallet-portis/package.json
• packages/hdwallet-trezor-connect/package.json
• packages/hdwallet-trezor/package.json
• packages/hdwallet-vultisig/package.json
• packages/hdwallet-walletconnect/package.json
• packages/hdwallet-walletconnectV2/package.json

✅ Files skipped from review due to trivial changes (2)

• packages/hdwallet-keepkey-nodehid/package.json
• packages/hdwallet-trezor-connect/package.json

🧰 Additional context used

🧠 Learnings (8)

📓 Common learnings

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: packages/hdwallet-ledger/package.json:36-36
Timestamp: 2025-08-07T15:27:03.179Z
Learning: In the shapeshiftoss/hdwallet monorepo, the ledgerhq/hw-transport dependency in packages/hdwallet-ledger/package.json is pinned to an exact version (without caret) due to type mismatches that occur with newer versions. Other Ledger dependencies can safely use caret ranges.

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 774
File: packages/hdwallet-native/src/starknet.ts:16-18
Timestamp: 2025-12-24T17:35:44.759Z
Learning: In packages/hdwallet-native/src/ chain implementation files (e.g., tron.ts, sui.ts, solana.ts, starknet.ts), the `NextAccountPath()` methods in WalletInfo mixins conventionally throw `new Error("Method not implemented")`. This is an intentional pattern across chain families and these methods are unused.

📚 Learning: 2025-08-07T15:27:03.179Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: packages/hdwallet-ledger/package.json:36-36
Timestamp: 2025-08-07T15:27:03.179Z
Learning: In the shapeshiftoss/hdwallet monorepo, the ledgerhq/hw-transport dependency in packages/hdwallet-ledger/package.json is pinned to an exact version (without caret) due to type mismatches that occur with newer versions. Other Ledger dependencies can safely use caret ranges.

Applied to files:

• packages/hdwallet-ledger-webusb/package.json
• packages/hdwallet-trezor/package.json
• packages/hdwallet-keplr/package.json
• packages/hdwallet-native-vault/package.json
• packages/hdwallet-keepkey-electron/package.json
• packages/hdwallet-ledger-webhid/package.json
• packages/hdwallet-keepkey/package.json
• packages/hdwallet-vultisig/package.json
• packages/hdwallet-core/package.json
• packages/hdwallet-ledger/package.json
• packages/hdwallet-walletconnect/package.json
• packages/hdwallet-gridplus/package.json
• packages/hdwallet-keepkey-tcp/package.json
• packages/hdwallet-metamask-multichain/package.json
• packages/hdwallet-phantom/package.json
• packages/hdwallet-keepkey-nodewebusb/package.json
• packages/hdwallet-coinbase/package.json
• examples/sandbox/package.json
• integration/package.json
• packages/hdwallet-walletconnectV2/package.json
• packages/hdwallet-keepkey-webusb/package.json
• packages/hdwallet-native/package.json
• package.json
• packages/hdwallet-portis/package.json

📚 Learning: 2025-08-07T15:23:54.858Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: packages/hdwallet-coinbase/package.json:18-18
Timestamp: 2025-08-07T15:23:54.858Z
Learning: In the shapeshiftoss/hdwallet monorepo, package version bumps are done in PRs before publishing. The packages are published after the PR is merged, so dependency versions may reference unpublished versions during the PR review phase. This is expected behavior in their release workflow.

Applied to files:

• packages/hdwallet-ledger-webusb/package.json
• packages/hdwallet-trezor/package.json
• packages/hdwallet-keplr/package.json
• packages/hdwallet-native-vault/package.json
• packages/hdwallet-keepkey-electron/package.json
• packages/hdwallet-ledger-webhid/package.json
• packages/hdwallet-keepkey/package.json
• packages/hdwallet-vultisig/package.json
• packages/hdwallet-core/package.json
• packages/hdwallet-ledger/package.json
• packages/hdwallet-walletconnect/package.json
• packages/hdwallet-gridplus/package.json
• packages/hdwallet-keepkey-tcp/package.json
• packages/hdwallet-metamask-multichain/package.json
• packages/hdwallet-phantom/package.json
• packages/hdwallet-keepkey-nodewebusb/package.json
• packages/hdwallet-coinbase/package.json
• examples/sandbox/package.json
• integration/package.json
• packages/hdwallet-walletconnectV2/package.json
• packages/hdwallet-keepkey-webusb/package.json
• packages/hdwallet-native/package.json
• packages/hdwallet-portis/package.json

📚 Learning: 2025-08-07T15:47:29.207Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: packages/hdwallet-ledger/src/transport.ts:10-10
Timestamp: 2025-08-07T15:47:29.207Z
Learning: In the shapeshiftoss/hdwallet monorepo, ts-ignore is used instead of ts-expect-error for Ledger transport imports because the code works locally without TypeScript errors but has issues in CI environment. Using ts-expect-error would fail locally since there are no actual errors to suppress.

Applied to files:

• packages/hdwallet-ledger-webusb/package.json
• packages/hdwallet-trezor/package.json
• packages/hdwallet-keplr/package.json
• packages/hdwallet-native-vault/package.json
• packages/hdwallet-keepkey-electron/package.json
• packages/hdwallet-ledger-webhid/package.json
• packages/hdwallet-keepkey/package.json
• packages/hdwallet-vultisig/package.json
• packages/hdwallet-core/package.json
• packages/hdwallet-ledger/package.json
• packages/hdwallet-gridplus/package.json
• packages/hdwallet-keepkey-tcp/package.json
• packages/hdwallet-metamask-multichain/package.json
• packages/hdwallet-phantom/package.json
• packages/hdwallet-keepkey-nodewebusb/package.json
• packages/hdwallet-coinbase/package.json
• examples/sandbox/package.json
• integration/package.json
• packages/hdwallet-walletconnectV2/package.json
• packages/hdwallet-keepkey-webusb/package.json
• packages/hdwallet-portis/package.json

📚 Learning: 2025-08-07T15:47:26.835Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: packages/hdwallet-ledger-webusb/src/transport.ts:12-12
Timestamp: 2025-08-07T15:47:26.835Z
Learning: In the shapeshiftoss/hdwallet monorepo, ts-ignore is used instead of ts-expect-error for Ledger transport imports because the CI environment has different type checking behavior than local development. The code works locally without errors, but CI reports type issues, so ts-ignore is necessary to suppress the inconsistent type checking across environments.

Applied to files:

• packages/hdwallet-ledger-webusb/package.json
• packages/hdwallet-trezor/package.json
• packages/hdwallet-keplr/package.json
• packages/hdwallet-native-vault/package.json
• packages/hdwallet-keepkey-electron/package.json
• packages/hdwallet-ledger-webhid/package.json
• packages/hdwallet-core/package.json
• packages/hdwallet-ledger/package.json
• packages/hdwallet-keepkey-tcp/package.json
• packages/hdwallet-metamask-multichain/package.json
• packages/hdwallet-phantom/package.json
• packages/hdwallet-coinbase/package.json
• examples/sandbox/package.json
• integration/package.json
• packages/hdwallet-keepkey-webusb/package.json
• packages/hdwallet-portis/package.json

📚 Learning: 2025-08-07T15:24:19.530Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: packages/hdwallet-ledger-webusb/package.json:3-3
Timestamp: 2025-08-07T15:24:19.530Z
Learning: In the shapeshiftoss/hdwallet monorepo, the team runs `yarn build` before bumping versions and also before publishing packages. This ensures that dist/ artifacts (including UMD bundles) are properly regenerated after dependency updates.

Applied to files:

• packages/hdwallet-ledger-webusb/package.json
• packages/hdwallet-trezor/package.json
• packages/hdwallet-keplr/package.json
• packages/hdwallet-native-vault/package.json
• packages/hdwallet-keepkey-electron/package.json
• packages/hdwallet-ledger-webhid/package.json
• packages/hdwallet-keepkey/package.json
• packages/hdwallet-vultisig/package.json
• packages/hdwallet-core/package.json
• packages/hdwallet-ledger/package.json
• packages/hdwallet-walletconnect/package.json
• packages/hdwallet-gridplus/package.json
• packages/hdwallet-keepkey-tcp/package.json
• packages/hdwallet-metamask-multichain/package.json
• packages/hdwallet-phantom/package.json
• packages/hdwallet-coinbase/package.json
• examples/sandbox/package.json
• integration/package.json
• packages/hdwallet-walletconnectV2/package.json
• packages/hdwallet-keepkey-webusb/package.json
• packages/hdwallet-native/package.json
• packages/hdwallet-portis/package.json

📚 Learning: 2025-11-20T11:04:44.808Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 737
File: packages/hdwallet-trezor/src/ethereum.ts:122-138
Timestamp: 2025-11-20T11:04:44.808Z
Learning: In packages/hdwallet-trezor/src/ethereum.ts, the ethSignTypedData function correctly returns the signature from res.payload.signature without adding a "0x" prefix. This works correctly in practice and has been tested, despite appearing inconsistent with ethSignMessage which does add the prefix. The Trezor Connect ethereumSignTypedData response already provides the signature in the correct format for consumption.

Applied to files:

• packages/hdwallet-trezor/package.json

📚 Learning: 2025-12-09T13:48:55.139Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 764
File: packages/hdwallet-gridplus/package.json:0-0
Timestamp: 2025-12-09T13:48:55.139Z
Learning: In the shapeshiftoss/hdwallet monorepo, the dist/ directory is not version controlled (not tracked in git). Build artifacts are generated during the build/publish workflow, not committed to the repository.

Applied to files:

• packages/hdwallet-trezor/package.json
• packages/hdwallet-keplr/package.json
• packages/hdwallet-native-vault/package.json
• packages/hdwallet-keepkey-electron/package.json
• packages/hdwallet-keepkey/package.json
• packages/hdwallet-vultisig/package.json
• packages/hdwallet-walletconnect/package.json
• packages/hdwallet-keepkey-tcp/package.json
• packages/hdwallet-metamask-multichain/package.json
• packages/hdwallet-coinbase/package.json
• examples/sandbox/package.json
• integration/package.json
• packages/hdwallet-walletconnectV2/package.json

🔇 Additional comments (19)

packages/hdwallet-ledger-webhid/package.json (1)

23-23: LGTM - Type definition pinning improves build reproducibility.

Pinning @types/w3c-web-hid to an exact version ensures consistent type checking across environments.

packages/hdwallet-ledger/package.json (1)

18-47: Dependency pinning aligns with established patterns.

The exact version pinning for Ledger-related dependencies is consistent with the project's existing practice of pinning @ledgerhq/hw-transport to avoid type mismatches. The version stabilization improves build reproducibility.

Based on learnings, Ledger transport dependencies are intentionally pinned to exact versions due to type compatibility issues.

packages/hdwallet-phantom/package.json (1)

20-26: LGTM - Dependency pinning improves reproducibility.

The version pinning for these dependencies ensures deterministic builds across environments. lodash 4.17.21 is the latest in the 4.x series, which is appropriate.

packages/hdwallet-keepkey-webusb/package.json (1)

21-21: LGTM - Type definition pinning ensures consistency.

Pinning @types/w3c-web-usb to an exact version prevents type mismatches across different development and CI environments.

packages/hdwallet-coinbase/package.json (1)

17-23: Dependency pinning is sound and secure.

The version pinning strategy is appropriate for reproducible builds. Both @coinbase/wallet-sdk@3.6.6 and eth-rpc-errors@4.0.3 are actively maintained and have no known vulnerabilities.

packages/hdwallet-gridplus/package.json (1)

18-33: Dependency version pinning is consistent with the PR's reproducible build goals.

The systematic removal of caret ranges supports deterministic dependency resolution across the monorepo.

Given the crypto-sensitive nature of several pinned packages (crypto-js, @metamask/eth-sig-util, @bitcoinerlab/secp256k1), verify that these versions are secure and up-to-date.

integration/package.json (1)

13-27: Version pinning in integration tests ensures reproducible test environments.

Pinning test dependencies like msw to exact versions aligns with the goal of consistent, reproducible builds across the CI/CD pipeline.

packages/hdwallet-keplr/package.json (1)

17-30: CosmJS and Keplr dependency pinning supports build reproducibility.

The exact version pins for @cosmjs packages and @keplr-wallet/types align with the PR's systematic approach to dependency management.

packages/hdwallet-keepkey/package.json (1)

18-48: Extensive dependency pinning supports the KeepKey package's reproducible builds.

The systematic removal of version ranges across 18+ dependencies and devDependencies is consistent with the PR's objectives.

Given the number of security-sensitive packages (crypto-js, @metamask/eth-sig-util, @bitcoinerlab/secp256k1), ensure these pinned versions are free from known vulnerabilities.

packages/hdwallet-walletconnectV2/package.json (1)

19-21: WalletConnect V2 dependency pinning is consistent with PR objectives.

The exact version pins for @WalletConnect packages and ethers support reproducible builds. Ensure the pinned ethers version (5.6.5) is free from security vulnerabilities.

packages/hdwallet-walletconnect/package.json (1)

19-21: WalletConnect V1 dependency pinning completes the systematic version locking.

The exact version pins for @WalletConnect V1 packages and ethers are consistent with the PR's reproducible build goals.

packages/hdwallet-trezor/package.json (1)

21-28: Dependency version pinning aligns with PR objectives and security best practices.

The removal of caret ranges and pinning to exact versions supports reproducible builds. Notably, lodash 4.17.21 is the minimum version that fixes multiple vulnerabilities (CVE-2019-10744, CVE-2020-28500, CVE-2021-23337), and base64-js 1.5.1, bchaddrjs 0.4.4, and typedoc 0.20.36 have no known security issues. This pinning approach matches the deliberate monorepo pattern for dependency stability.

packages/hdwallet-keepkey-nodewebusb/package.json (1)

21-25: LGTM!

Consistent pinning of usb to exact version 2.3.1 across both peer and dev dependencies aligns with the repo-wide deterministic build policy.

examples/sandbox/package.json (1)

13-51: LGTM!

Pinning all dependencies to exact versions in this private sandbox package ensures reproducible builds for development and testing purposes.

packages/hdwallet-native/package.json (1)

17-43: Version pinning aligns with repo policy.

The remaining dependency pinning changes (removing caret ranges for @bitcoinerlab/secp256k1, @noble/curves, bech32, lodash, etc.) are consistent with the monorepo's shift to deterministic dependency resolution.

packages/hdwallet-vultisig/package.json (1)

17-28: LGTM!

Consistent exact version pinning for CosmJS and utility dependencies.

packages/hdwallet-portis/package.json (1)

20-28: LGTM!

Version pinning for Portis package dependencies is consistent with the repo-wide policy.

package.json (1)

44-68: LGTM!

Pinning root-level toolchain dependencies (ESLint, Jest, TypeScript, Lerna, Prettier) ensures consistent behavior across all contributors and CI environments. The p-queue resolution pin at line 62 also helps avoid transitive dependency conflicts.

packages/hdwallet-metamask-multichain/package.json (1)

17-29: LGTM!

Pinning MetaMask-related and utility dependencies to exact versions maintains consistency with the repo-wide deterministic build policy.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between cfb2b6a and c1b54f1.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (1)

• packages/hdwallet-native/src/native.test.ts

🧰 Additional context used

🧠 Learnings (8)

📓 Common learnings

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 774
File: packages/hdwallet-native/src/starknet.ts:16-18
Timestamp: 2025-12-24T17:35:44.759Z
Learning: In packages/hdwallet-native/src/ chain implementation files (e.g., tron.ts, sui.ts, solana.ts, starknet.ts), the `NextAccountPath()` methods in WalletInfo mixins conventionally throw `new Error("Method not implemented")`. This is an intentional pattern across chain families and these methods are unused.

📚 Learning: 2025-12-24T17:35:44.759Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 774
File: packages/hdwallet-native/src/starknet.ts:16-18
Timestamp: 2025-12-24T17:35:44.759Z
Learning: In the files under packages/hdwallet-native/src (e.g., tron.ts, sui.ts, solana.ts, starknet.ts), the NextAccountPath() methods in WalletInfo mixins intentionally throw new Error("Method not implemented"). These methods exist as placeholders and are not used by the chain implementations. Treat these methods as intentionally non-operational: do not call them, and consider removing or documenting them to avoid confusion. This guideline applies broadly to all chain implementation files in this directory.

Applied to files:

• packages/hdwallet-native/src/native.test.ts

📚 Learning: 2025-12-12T11:19:53.179Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 769
File: packages/hdwallet-ledger/src/ledger.ts:403-405
Timestamp: 2025-12-12T11:19:53.179Z
Learning: In packages/hdwallet-ledger/src/ethereum.ts, the ethSupportsNetwork function is a legacy/unused function that only returns true for chainId === 1. The Ledger ETH module does not call ethSupportsNetwork to validate chain support during signing operations - it accepts any chainId passed in the ETHSignTx message directly, so chain support flags can be enabled without needing to update ethSupportsNetwork.

Applied to files:

• packages/hdwallet-native/src/native.test.ts

📚 Learning: 2025-08-07T15:47:29.207Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: packages/hdwallet-ledger/src/transport.ts:10-10
Timestamp: 2025-08-07T15:47:29.207Z
Learning: In the shapeshiftoss/hdwallet monorepo, ts-ignore is used instead of ts-expect-error for Ledger transport imports because the code works locally without TypeScript errors but has issues in CI environment. Using ts-expect-error would fail locally since there are no actual errors to suppress.

Applied to files:

• packages/hdwallet-native/src/native.test.ts

📚 Learning: 2025-11-20T11:04:44.808Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 737
File: packages/hdwallet-trezor/src/ethereum.ts:122-138
Timestamp: 2025-11-20T11:04:44.808Z
Learning: In packages/hdwallet-trezor/src/ethereum.ts, the ethSignTypedData function correctly returns the signature from res.payload.signature without adding a "0x" prefix. This works correctly in practice and has been tested, despite appearing inconsistent with ethSignMessage which does add the prefix. The Trezor Connect ethereumSignTypedData response already provides the signature in the correct format for consumption.

Applied to files:

• packages/hdwallet-native/src/native.test.ts

📚 Learning: 2025-08-07T15:47:26.835Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: packages/hdwallet-ledger-webusb/src/transport.ts:12-12
Timestamp: 2025-08-07T15:47:26.835Z
Learning: In the shapeshiftoss/hdwallet monorepo, ts-ignore is used instead of ts-expect-error for Ledger transport imports because the CI environment has different type checking behavior than local development. The code works locally without errors, but CI reports type issues, so ts-ignore is necessary to suppress the inconsistent type checking across environments.

Applied to files:

• packages/hdwallet-native/src/native.test.ts

📚 Learning: 2025-08-07T15:27:03.179Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 726
File: packages/hdwallet-ledger/package.json:36-36
Timestamp: 2025-08-07T15:27:03.179Z
Learning: In the shapeshiftoss/hdwallet monorepo, the ledgerhq/hw-transport dependency in packages/hdwallet-ledger/package.json is pinned to an exact version (without caret) due to type mismatches that occur with newer versions. Other Ledger dependencies can safely use caret ranges.

Applied to files:

• packages/hdwallet-native/src/native.test.ts

📚 Learning: 2025-12-12T11:19:53.263Z

Learnt from: gomesalexandre
Repo: shapeshift/hdwallet PR: 769
File: packages/hdwallet-walletconnectV2/src/walletconnectV2.ts:150-152
Timestamp: 2025-12-12T11:19:53.263Z
Learning: In the shapeshift/hdwallet monorepo, remove reliance on ethSupportsNetwork() across wallet implementations. This legacy method is no longer used to determine chain support. Instead, rely on the wallet class flags like _supportsMonad, _supportsPlasma, _supportsHyperEvm. Review all wallet implementations for ethSupportsNetwork() usage and migrate checks to the corresponding _supports* flags, updating tests and any affected logic accordingly.

Applied to files:

• packages/hdwallet-native/src/native.test.ts

🪛 Gitleaks (8.30.0)

packages/hdwallet-native/src/native.test.ts

[high] 13-13: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Build and Release

🔇 Additional comments (1)

packages/hdwallet-native/src/native.test.ts (1)

178-185: LGTM!

The Stark master key is properly created and passed to both native.create and loadDevice, following the same pattern as the existing secp256k1 and ed25519 master keys.

[gomesalexandre]

Merry Christmas ser 🎄

https://jam.dev/c/cc9c56e9-44cb-4a44-baa7-00b96e8576dc