Merge branch 'master' into WP-5444-express-migrate-api-v2-coin-wallet-id-initwallet-to-typed-routes

Author: danielzhao122

.github/prompts/code-review.md

@@ -0,0 +1,42 @@
+# Code Review Prompt for BitGoJS
+
+You are an expert code reviewer for the BitGoJS cryptocurrency wallet SDK. Please review the changes in this pull request with focus on:
+
+## Security & Cryptography
+- Cryptographic implementations and key handling
+- Security best practices for cryptocurrency operations
+- Proper validation of transaction parameters
+- Safe handling of private keys and sensitive data
+
+## Code Quality & Architecture
+- Adherence to BitGoJS coding standards and patterns
+- TypeScript type safety and interface compliance
+- Proper error handling and edge cases
+- Code organization and maintainability
+
+## Testing & Coverage
+- Test coverage for new functionality
+- Edge case testing for cryptocurrency operations
+- Integration test considerations
+- Mock implementations and test data safety
+
+## BitGoJS Specific Concerns
+- Compliance with existing coin SDK patterns
+- Proper inheritance from base classes (BaseCoin, AbstractUtxoCoin, etc.)
+- Transaction serialization and deserialization correctness
+- Multi-signature wallet compatibility
+- Fee calculation accuracy
+
+## Performance & Compatibility
+- Memory usage and performance implications
+- Node.js and browser compatibility
+- Dependency management and security
+- Breaking changes to public APIs
+
+Please provide constructive feedback focusing on:
+1. Critical issues that must be addressed
+2. Suggestions for improvement
+3. Questions about design decisions
+4. Acknowledgment of good practices
+
+Be thorough but concise, and explain the reasoning behind your suggestions.

.github/workflows/ci.yml

@@ -134,6 +134,43 @@ jobs:
         if: matrix.check == 'audit'
         run: yarn run improved-yarn-audit --min-severity high
 
+  license-analysis:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Setup node 22
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        with:
+          node-version: 22
+
+      - name: restore lerna dependencies
+        id: lerna-cache
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 #v4.2.3
+        with:
+          path: |
+            node_modules
+            modules/*/node_modules
+          key: ${{ runner.os }}-node22-${{ hashFiles('yarn.lock') }}-${{ hashFiles('tsconfig.packages.json') }}-${{ hashFiles('package.json') }}
+
+      - name: Install Packages
+        if: steps.lerna-cache.outputs.cache-hit != 'true'
+        run: yarn install --with-frozen-lockfile --ignore-scripts
+
+      - name: build packages
+        env:
+          # Workaround for https://github.com/nodejs/node/issues/51555
+          DISABLE_V8_COMPILE_CACHE: '1'
+        run: yarn run postinstall
+
+      - name: Run Fossa Analysis
+        uses: fossas/fossa-action@3ebcea1862c6ffbd5cf1b4d0bd6b3fe7bd6f2cac # v1.7.0
+        with:
+          api-key: ${{ secrets.FOSSA_API_KEY }}
+          branch: ${{ github.head_ref || github.ref_name }}
+          project: BitGo/BitGoJS
+
   browser-test:
     runs-on: ubuntu-22.04
 

.github/workflows/claude-pr.yml

@@ -0,0 +1,105 @@
+name: Claude PR
+
+permissions:
+  contents: write
+  pull-requests: write
+  issues: write
+  id-token: write
+
+on:
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+
+jobs:
+  claude-pr:
+    if: |
+      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'issues' && contains(github.event.issue.body, '@claude'))
+    runs-on: ubuntu-latest
+    env:
+      AWS_REGION: us-west-2
+      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+      AWS_SESSION_TOKEN: ${{ secrets.AWS_SESSION_TOKEN }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+
+      - name: Configure AWS Credentials (OIDC)
+        uses: aws-actions/configure-aws-credentials@v5
+        with:
+          role-to-assume: arn:aws:iam::199765120567:role/${{ github.event.repository.name }}-iam-protected
+          aws-region: us-west-2
+
+      - name: Assume inference role
+        id: inference-role
+        run: |
+          CREDS="$(aws sts assume-role \
+            --role-arn arn:aws:iam::168000258654:role/BedrockInferenceRole \
+            --role-session-name claude-inference-session \
+            --query 'Credentials' \
+            --output json)"
+
+          AWS_ACCESS_KEY_ID="$(echo "$CREDS" | jq -r '.AccessKeyId')"
+          AWS_SECRET_ACCESS_KEY="$(echo "$CREDS" | jq -r '.SecretAccessKey')"
+          AWS_SESSION_TOKEN="$(echo "$CREDS" | jq -r '.SessionToken')"
+
+          echo "::add-mask::$AWS_SECRET_ACCESS_KEY"
+          { echo "aws-access-key-id=$AWS_ACCESS_KEY_ID"; echo "aws-secret-access-key=$AWS_SECRET_ACCESS_KEY"; echo "aws-session-token=$AWS_SESSION_TOKEN"; } >> "$GITHUB_OUTPUT"
+
+      - name: Determine prompt to use
+        id: determine-prompt
+        env:
+          COMMENT_BODY: ${{ github.event.comment.body }}
+        run: |
+          # Safely trim whitespace and check if it's just @claude
+          TRIMMED_COMMENT=$(echo "$COMMENT_BODY" | xargs)
+
+          if [ "$TRIMMED_COMMENT" = "@claude" ]; then
+            echo "use-code-review-prompt=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "use-code-review-prompt=false" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Read code review prompt
+        id: read-prompt
+        if: steps.determine-prompt.outputs.use-code-review-prompt == 'true'
+        run: |
+          PROMPT_CONTENT=$(cat .github/prompts/code-review.md)
+          {
+            echo "prompt-content<<EOF"
+            echo "$PROMPT_CONTENT"
+            echo "EOF"
+          } >> "$GITHUB_OUTPUT"
+
+      - uses: anthropics/claude-code-action@69dec299f882fef0fff1652a1309b7e9771b9f98
+        if: steps.determine-prompt.outputs.use-code-review-prompt == 'true'
+        env:
+          AWS_REGION: us-west-2
+          AWS_ACCESS_KEY_ID: ${{ steps.inference-role.outputs.aws-access-key-id }}
+          AWS_SECRET_ACCESS_KEY: ${{ steps.inference-role.outputs.aws-secret-access-key }}
+          AWS_SESSION_TOKEN: ${{ steps.inference-role.outputs.aws-session-token }}
+        with:
+          timeout_minutes: '10'
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          use_bedrock: 'true'
+          anthropic_model: 'arn:aws:bedrock:us-west-2:168000258654:inference-profile/us.anthropic.claude-sonnet-4-20250514-v1:0'
+          direct_prompt: ${{ steps.read-prompt.outputs.prompt-content }}
+
+      - uses: anthropics/claude-code-action@69dec299f882fef0fff1652a1309b7e9771b9f98
+        if: steps.determine-prompt.outputs.use-code-review-prompt == 'false'
+        env:
+          AWS_REGION: us-west-2
+          AWS_ACCESS_KEY_ID: ${{ steps.inference-role.outputs.aws-access-key-id }}
+          AWS_SECRET_ACCESS_KEY: ${{ steps.inference-role.outputs.aws-secret-access-key }}
+          AWS_SESSION_TOKEN: ${{ steps.inference-role.outputs.aws-session-token }}
+          COMMENT_BODY: ${{ github.event.comment.body }}
+        with:
+          timeout_minutes: '10'
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          use_bedrock: 'true'
+          anthropic_model: 'arn:aws:bedrock:us-west-2:168000258654:inference-profile/us.anthropic.claude-sonnet-4-20250514-v1:0'
+          direct_prompt: $COMMENT_BODY

examples/ts/bulk-sign-account-based-midnight-claim-messages.ts

@@ -0,0 +1,44 @@
+/**
+ * Bulk sign account-based midnight claim messages for a wallet
+ *
+ * This example demonstrates how to use the BitGo API to sign multiple account-based midnight claim messages
+ * in bulk for a given wallet. It shows how to initialize the BitGo SDK, retrieve a wallet, and use the
+ * bulkSignAccountBasedMidnightClaimMessages utility to sign messages for a specified destination address.
+ *
+ * Usage:
+ *   - Configure your .env file with the appropriate TESTNET_ACCESS_TOKEN.
+ *   - Set the coin and wallet ID as needed.
+ *   - Optionally set the wallet passphrase if required for signing.
+ *
+ * Copyright 2025, BitGo, Inc.  All Rights Reserved.
+ */
+
+import {BitGoAPI} from '@bitgo/sdk-api';
+import {MessageStandardType, walletUtil} from "@bitgo/sdk-core";
+import {Tsol} from "@bitgo/sdk-coin-sol";
+require('dotenv').config({ path: '../../.env' });
+
+const bitgo = new BitGoAPI({
+  accessToken: process.env.TESTNET_ACCESS_TOKEN,
+  env: 'test', // Change this to env: 'production' when you are ready for production
+});
+
+// Set the coin name to match the blockchain and network
+// doge = dogecoin, tdoge = testnet dogecoin
+const coin = 'tsol';
+bitgo.register(coin, Tsol.createInstance);
+
+const id = '';
+const walletPassphrase = '';
+
+async function main() {
+  const wallet = await bitgo.coin(coin).wallets().get({ id });
+  console.log(`Wallet label: ${wallet.label()}`);
+
+  const adaTestnetDestinationAddress = '';
+
+  const response = await walletUtil.bulkSignAccountBasedMidnightClaimMessages(wallet, MessageStandardType.SIMPLE, adaTestnetDestinationAddress, walletPassphrase);
+  console.dir(response);
+}
+
+main().catch((e) => console.log(e));