Merge branch 'master' into WP-5414-express-migrate-api-v2-coin-keychain-local-to-typed-routes

Author: danielzhao122

.github/renovate.json

@@ -1,6 +1,18 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": ["github>BitGo/gha-renovate-bot//presets/onboarding#v1.15.1"],
+  "extends": ["github>BitGo/gha-renovate-bot//presets/default"],
   "baseBranches": ["master"],
-  "enabledManagers": ["github-actions", "regex"],
+  "enabledManagers": ["github-actions", "regex", "npm"],
+  "packageRules": [
+    {
+      "description": "Disable all npm dependencies by default",
+      "matchManagers": ["npm"],
+      "enabled": false
+    },
+    {
+      "description": "Enable updates only for @bitgo/public-types",
+      "matchPackageNames": ["@bitgo/public-types"],
+      "enabled": true
+    }
+  ]
 }

examples/ts/sol/stake-jito.ts

@@ -16,7 +16,7 @@ require('dotenv').config({ path: '../../.env' });
 
 const AMOUNT_LAMPORTS = 1000;
 const JITO_STAKE_POOL_ADDRESS = 'Jito4APyf642JPZPx3hGc6WWJ8zPKtRbRs4P815Awbb';
-const NETWORK = 'devnet';
+const NETWORK = 'testnet';
 
 const bitgo = new BitGoAPI({
   accessToken: process.env.TESTNET_ACCESS_TOKEN,

examples/ts/sol/unstake-jito.ts

@@ -0,0 +1,109 @@
+/**
+ * Unstakes JitoSOL tokens on Solana devnet.
+ *
+ * Copyright 2025, BitGo, Inc.  All Rights Reserved.
+ */
+import { SolStakingTypeEnum } from '@bitgo/public-types';
+import { BitGoAPI } from '@bitgo/sdk-api';
+import { TransactionBuilderFactory, Tsol } from '@bitgo/sdk-coin-sol';
+import { coins } from '@bitgo/statics';
+import { Connection, PublicKey, clusterApiUrl, Keypair } from '@solana/web3.js';
+import { getStakePoolAccount } from '@solana/spl-stake-pool';
+import * as bs58 from 'bs58';
+
+require('dotenv').config({ path: '../../.env' });
+
+const AMOUNT_TOKENS = 100;
+const JITO_STAKE_POOL_ADDRESS = 'Jito4APyf642JPZPx3hGc6WWJ8zPKtRbRs4P815Awbb';
+const NETWORK = 'testnet';
+// You must find a validator. Try prepareWithdrawAccounts.
+
+const bitgo = new BitGoAPI({
+  accessToken: process.env.TESTNET_ACCESS_TOKEN,
+  env: 'test',
+});
+const coin = coins.get('tsol');
+bitgo.register(coin.name, Tsol.createInstance);
+
+async function main() {
+  const account = getAccount();
+  const { validatorAddress } = getValidator();
+  const connection = new Connection(clusterApiUrl(NETWORK), 'confirmed');
+  const recentBlockhash = await connection.getLatestBlockhash();
+  const stakePoolAddress = new PublicKey(JITO_STAKE_POOL_ADDRESS);
+  const stakePoolAccount = await getStakePoolAccount(connection, stakePoolAddress);
+  console.info('Validator list account', stakePoolAccount.account.data.validatorList.toBase58());
+
+  const transferAuthority = Keypair.generate();
+  const stakeAccount = Keypair.generate();
+  console.info('Transfer authority public key:', transferAuthority.publicKey.toBase58());
+  console.info('Stake account public key:', stakeAccount.publicKey.toBase58());
+
+  // Use BitGoAPI to build withdrawStake instruction
+  const txBuilder = new TransactionBuilderFactory(coin).getStakingDeactivateBuilder();
+  txBuilder
+    .amount(`${AMOUNT_TOKENS}`)
+    .sender(account.publicKey.toBase58())
+    .stakingAddress(JITO_STAKE_POOL_ADDRESS)
+    .unstakingAddress(stakeAccount.publicKey.toBase58())
+    .stakingType(SolStakingTypeEnum.JITO)
+    .extraParams({
+      stakePoolData: {
+        managerFeeAccount: stakePoolAccount.account.data.managerFeeAccount.toBase58(),
+        poolMint: stakePoolAccount.account.data.poolMint.toBase58(),
+        validatorListAccount: stakePoolAccount.account.data.validatorList.toBase58(),
+      },
+      validatorAddress,
+      transferAuthorityAddress: transferAuthority.publicKey.toBase58(),
+    })
+    .nonce(recentBlockhash.blockhash);
+
+  txBuilder.sign({ key: account.secretKey });
+  txBuilder.sign({ key: bs58.encode(stakeAccount.secretKey) });
+  txBuilder.sign({ key: bs58.encode(transferAuthority.secretKey) });
+
+  const tx = await txBuilder.build();
+  const serializedTx = tx.toBroadcastFormat();
+  console.info(serializedTx);
+  console.info(`Transaction JSON:\n${JSON.stringify(tx.toJson(), undefined, 2)}`);
+
+  // Send transaction
+  try {
+    const sig = await connection.sendRawTransaction(Buffer.from(serializedTx, 'base64'));
+    await connection.confirmTransaction(sig);
+    console.log(`${AMOUNT_TOKENS} tokens withdrawn`, sig);
+  } catch (e) {
+    console.log('Error sending transaction');
+    console.error(e);
+  }
+}
+
+const getAccount = () => {
+  const publicKey = process.env.ACCOUNT_PUBLIC_KEY;
+  const secretKey = process.env.ACCOUNT_SECRET_KEY;
+  if (publicKey === undefined || secretKey === undefined) {
+    const { publicKey, secretKey } = Keypair.generate();
+    console.log('# Here is a new account to save into your .env file.');
+    console.log(`ACCOUNT_PUBLIC_KEY=${publicKey.toBase58()}`);
+    console.log(`ACCOUNT_SECRET_KEY=${bs58.encode(secretKey)}`);
+    throw new Error('Missing account information');
+  }
+
+  return {
+    publicKey: new PublicKey(publicKey),
+    secretKey,
+    secretKeyArray: new Uint8Array(bs58.decode(secretKey)),
+  };
+};
+
+const getValidator = () => {
+  const validatorAddress = process.env.VALIDATOR_PUBLIC_KEY;
+  if (validatorAddress === undefined) {
+    console.log('# You must select a validator, then define the entry below');
+    console.log('VALIDATOR_PUBLIC_KEY=');
+    throw new Error('Missing validator address');
+  }
+  return { validatorAddress };
+};
+
+main().catch((e) => console.error(e));

modules/abstract-lightning/src/codecs/api/wallet.ts

@@ -52,11 +52,15 @@ export const WatchOnlyAccount = t.type({
 
 export type WatchOnlyAccount = t.TypeOf<typeof WatchOnlyAccount>;
 
-export const WatchOnly = t.type({
-  master_key_birthday_timestamp: t.string,
-  master_key_fingerprint: t.string,
-  accounts: t.array(WatchOnlyAccount),
-});
+export const WatchOnly = t.intersection([
+  t.type({
+    accounts: t.array(WatchOnlyAccount),
+  }),
+  t.partial({
+    master_key_birthday_timestamp: t.string,
+    master_key_fingerprint: t.string,
+  }),
+]);
 
 export type WatchOnly = t.TypeOf<typeof WatchOnly>;
 

modules/abstract-lightning/src/lightning/lightningUtils.ts

@@ -154,14 +154,18 @@ function convertXpubPrefix(xpub: string, purpose: ExtendedKeyPurpose, isMainnet:
 /**
  * Derives watch-only accounts from the master HD node for the given purposes and network.
  */
-function deriveWatchOnlyAccounts(masterHDNode: utxolib.BIP32Interface, isMainnet: boolean): WatchOnlyAccount[] {
+export function deriveWatchOnlyAccounts(
+  masterHDNode: utxolib.BIP32Interface,
+  isMainnet: boolean,
+  params: { onlyAddressCreationAccounts?: boolean } = { onlyAddressCreationAccounts: false }
+): WatchOnlyAccount[] {
   // https://github.com/lightningnetwork/lnd/blob/master/docs/remote-signing.md#required-accounts
   if (masterHDNode.isNeutered()) {
     throw new Error('masterHDNode must not be neutered');
   }
-
-  const purposes = [PURPOSE_WRAPPED_P2WKH, PURPOSE_P2WKH, PURPOSE_P2TR, PURPOSE_ALL_OTHERS] as const;
-
+  const purposes = params.onlyAddressCreationAccounts
+    ? ([PURPOSE_WRAPPED_P2WKH, PURPOSE_P2WKH, PURPOSE_P2TR] as const)
+    : ([PURPOSE_WRAPPED_P2WKH, PURPOSE_P2WKH, PURPOSE_P2TR, PURPOSE_ALL_OTHERS] as const);
   return purposes.flatMap((purpose) => {
     const maxAccount = purpose === PURPOSE_ALL_OTHERS ? 255 : 0;
     const coinType = purpose !== PURPOSE_ALL_OTHERS || isMainnet ? 0 : 1;

modules/bitgo/test/v2/fixtures/staking/stakingWallet.ts

@@ -77,4 +77,42 @@ export default {
     },
     senderWalletId: 'btcDescriptorWalletId',
   },
+
+  matchingDataBuildParams: {
+    memo: 'matching-memo',
+    gasLimit: 200000,
+    type: 'pay',
+    solInstructions: [{ programId: 'Stake111', keys: [], data: 'delegate' }],
+    aptosCustomTransactionParams: { moduleName: '0x1::staking', functionName: 'stake' },
+  },
+
+  mismatchMemoBuildParams: {
+    memo: 'user-memo',
+  },
+
+  mismatchGasLimitBuildParams: {
+    gasLimit: 100000,
+  },
+
+  mismatchTypeBuildParams: {
+    type: 'stake',
+  },
+
+  mismatchSolInstructionsBuildParams: {
+    solInstructions: [
+      {
+        programId: 'UserStakeProgram1111111111111111111111111111',
+        keys: [{ pubkey: 'user-key', isSigner: true, isWritable: true }],
+        data: 'user-delegate-data',
+      },
+    ],
+  },
+
+  mismatchAptosParamsBuildParams: {
+    aptosCustomTransactionParams: {
+      moduleName: '0x1::staking',
+      functionName: 'stake',
+      functionArguments: ['10000'],
+    },
+  },
 };

modules/express/src/clientRoutes.ts

@@ -1558,6 +1558,7 @@ export function setupAPIRoutes(app: express.Application, config: Config): void {
   router.post('express.decrypt', [prepareBitGo(config), typedPromiseWrapper(handleDecrypt)]);
   router.post('express.encrypt', [prepareBitGo(config), typedPromiseWrapper(handleEncrypt)]);
   router.post('express.verifyaddress', [prepareBitGo(config), typedPromiseWrapper(handleVerifyAddress)]);
+  router.post('express.lightning.initWallet', [prepareBitGo(config), typedPromiseWrapper(handleInitLightningWallet)]);
   app.post(
     '/api/v[12]/calculateminerfeeinfo',
     parseBody,
@@ -1777,12 +1778,6 @@ export function setupEnclavedExpressRoutes(app: express.Application, config: Con
 }
 
 export function setupLightningSignerNodeRoutes(app: express.Application, config: Config): void {
-  app.post(
-    '/api/v2/:coin/wallet/:id/initwallet',
-    parseBody,
-    prepareBitGo(config),
-    promiseWrapper(handleInitLightningWallet)
-  );
   app.post(
     '/api/v2/:coin/wallet/:id/signermacaroon',
     parseBody,

modules/express/src/lightning/lightningSignerRoutes.ts

@@ -14,14 +14,10 @@ import {
 import * as utxolib from '@bitgo/utxo-lib';
 import { Buffer } from 'buffer';
 
-import {
-  CreateSignerMacaroonRequest,
-  GetWalletStateResponse,
-  InitLightningWalletRequest,
-  UnlockLightningWalletRequest,
-} from './codecs';
+import { CreateSignerMacaroonRequest, GetWalletStateResponse, UnlockLightningWalletRequest } from './codecs';
 import { LndSignerClient } from './lndSignerClient';
 import { ApiResponseError } from '../errors';
+import { ExpressApiRouteRequest } from '../typedRoutes/api';
 
 type Decrypt = (params: { input: string; password: string }) => string;
 
@@ -61,29 +57,16 @@ function getMacaroonRootKey(passphrase: string, nodeAuthEncryptedPrv: string, de
 /**
  * Handle the request to initialise remote signer LND for a wallet.
  */
-export async function handleInitLightningWallet(req: express.Request): Promise<unknown> {
+export async function handleInitLightningWallet(
+  req: ExpressApiRouteRequest<'express.lightning.initWallet', 'post'>
+): Promise<unknown> {
   const bitgo = req.bitgo;
-  const coinName = req.params.coin;
+  const { coin: coinName, walletId, passphrase, expressHost } = req.decoded;
   if (!isLightningCoinName(coinName)) {
     throw new ApiResponseError(`Invalid coin ${coinName}. This is not a lightning coin.`, 400);
   }
   const coin = bitgo.coin(coinName);
 
-  const walletId = req.params.id;
-  if (typeof walletId !== 'string') {
-    throw new ApiResponseError(`Invalid wallet id: ${walletId}`, 400);
-  }
-
-  const { passphrase, expressHost } = decodeOrElse(
-    InitLightningWalletRequest.name,
-    InitLightningWalletRequest,
-    req.body,
-    (_) => {
-      // DON'T throw errors from decodeOrElse. It could leak sensitive information.
-      throw new ApiResponseError('Invalid request body to initialize lightning wallet', 400);
-    }
-  );
-
   const wallet = await coin.wallets().get({ id: walletId, includeBalance: false });
   if (wallet.subType() !== 'lightningSelfCustody') {
     throw new ApiResponseError(`not a self custodial lighting wallet ${walletId}`, 400);

modules/express/src/typedRoutes/api/index.ts

@@ -13,6 +13,7 @@ import { PostSimpleCreate } from './v1/simpleCreate';
 import { PutPendingApproval } from './v1/pendingApproval';
 import { PostSignTransaction } from './v1/signTransaction';
 import { PostKeychainLocal } from './v2/keychainLocal';
+import { PostLightningInitWallet } from './v2/lightningInitWallet';
 import { PostVerifyCoinAddress } from './v2/verifyAddress';
 
 export const ExpressApi = apiSpec({
@@ -49,6 +50,9 @@ export const ExpressApi = apiSpec({
   'express.keychain.local': {
     post: PostKeychainLocal,
   },
+  'express.lightning.initWallet': {
+    post: PostLightningInitWallet,
+  },
   'express.verifycoinaddress': {
     post: PostVerifyCoinAddress,
   },

modules/express/src/typedRoutes/api/v2/lightningInitWallet.ts

@@ -0,0 +1,48 @@
+import * as t from 'io-ts';
+import { httpRoute, httpRequest, optional } from '@api-ts/io-ts-http';
+import { BitgoExpressError } from '../../schemas/error';
+
+/**
+ * Path parameters for initializing a Lightning wallet
+ * @property {string} coin - A lightning coin name (e.g, lnbtc, tlnbtc).
+ * @property {string} walletId - The ID of the wallet.
+ */
+export const LightningInitWalletParams = {
+  coin: t.string,
+  walletId: t.string,
+} as const;
+
+/**
+ * Request body for initializing a Lightning wallet
+ */
+export const LightningInitWalletBody = {
+  /** Passphrase to encrypt the admin macaroon of the signer node. */
+  passphrase: t.string,
+  /** Optional hostname or IP address to set the `expressHost` field of the wallet. */
+  expressHost: optional(t.string),
+} as const;
+
+/**
+ * Response for initializing a Lightning wallet
+ */
+export const LightningInitWalletResponse = {
+  /** Returns the updated wallet. On success, the wallet's `coinSpecific` will include the encrypted admin macaroon for the Lightning signer node. */
+  200: t.unknown,
+  /** BitGo Express error payload when initialization cannot proceed (for example: invalid coin, unsupported environment, wallet not in an initializable state). */
+  400: BitgoExpressError,
+} as const;
+
+/**
+ * Lightning - This is only used for self-custody lightning. Initialize a newly created Lightning Network Daemon (LND) for the first time.
+ * Returns the updated wallet with the encrypted admin macaroon in the `coinSpecific` response field.
+ *
+ * @operationId express.lightning.initWallet
+ */
+export const PostLightningInitWallet = httpRoute({
+  path: '/api/v2/:coin/wallet/:walletId/initwallet',
+  method: 'POST',
+  request: httpRequest({ params: LightningInitWalletParams, body: LightningInitWalletBody }),
+  response: LightningInitWalletResponse,
+});
+
+export type PostLightningInitWallet = typeof PostLightningInitWallet;