BitGo
diff --git a/‎.commitlintrc.json‎
Lines changed: 1 addition & 1 deletion b/‎.commitlintrc.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎CLAUDE.md‎
Lines changed: 28 additions & 13 deletions b/‎CLAUDE.md‎
Lines changed: 28 additions & 13 deletions
diff --git a/‎Dockerfile‎
Lines changed: 2 additions & 2 deletions b/‎Dockerfile‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎README.md‎
Lines changed: 39 additions & 46 deletions b/‎README.md‎
Lines changed: 39 additions & 46 deletions
diff --git a/‎bin/enclaved-bitgo-express‎ ‎bin/advanced-wallet-manager‎bin/enclaved-bitgo-express renamed to bin/advanced-wallet-manager b/‎bin/enclaved-bitgo-express‎ ‎bin/advanced-wallet-manager‎bin/enclaved-bitgo-express renamed to bin/advanced-wallet-manager
@@ -5,7 +5,7 @@
     "header-max-length": [2, "always", 72],
     "references-empty": [1, "never"],
     "subject-case": [0],
-    "scope-enum": [2, "always", ["mbe", "ebe", "docker"]],
+    "scope-enum": [2, "always", ["mbe", "awm", "docker"]],
     "scope-empty": [0, "never"]
   },
   "parserPreset": {
 
@@ -5,46 +5,53 @@ This file provides guidance to Claude Code (claude.ai/code) when working with co
 ## Commands
 
 ### Development
+
 - `npm start` - Start the application in development mode using nodemon for auto-reloading
 - `npm run build` - Build the TypeScript code (creates /dist folder)
 - `npm run lint` - Run ESLint to check for code issues
 - `npm run lint:fix` - Run ESLint and automatically fix issues when possible
 
 ### Testing
+
 - `npm test` - Run all tests
 - `npm run test:watch` - Run tests in watch mode
 - `npm run test:coverage` - Run tests with coverage report
 - `npm run generate-test-ssl` - Generate self-signed SSL certificates for testing
 
 ### Container
+
 - `npm run container:build` - Build the container image using Podman (optionally use --build-arg PORT=3080)
 
 ## Architecture Overview
 
-Enclaved BitGo Express is a secure cryptocurrency signing server with two operational modes:
+Advanced Wallet Manager is a secure cryptocurrency signing server with two operational modes:
+
+### 1. Advanced Wallet Manager Mode (`APP_MODE=advanced-wallet-manager`)
 
-### 1. Enclaved Express Mode (`APP_MODE=enclaved`)
 - Lightweight server focused solely on secure signing operations
 - Runs on port 3080 by default
 - Integrates with KMS for key management
 - Handles cryptographic operations securely
 - Exposes minimal endpoints focused on key generation and signing
 
 ### 2. Master Express Mode (`APP_MODE=master-express`)
+
 - Full BitGo API functionality with integrated signing capabilities
 - Runs on port 3081 by default
-- Acts as an API gateway and communicates with Enclaved Express for signing operations
+- Acts as an API gateway and communicates with Advanced Wallet Manager for signing operations
 - Provides a broader set of BitGo wallet operations and transaction handling
 
 ### Security Architecture
+
 - Both modes support mutual TLS (mTLS) authentication
 - Certificates can be loaded from files or environment variables
 - Client certificate validation for secure communications
 - Option to validate client certificate fingerprints
 
 ### Code Structure
+
 - `src/app.ts` - Main entry point that determines mode and starts the appropriate app
-- `src/enclavedApp.ts` - Enclaved Express mode implementation
+- `src/advancedWalletManagerApp.ts` - Advanced Wallet Manager mode implementation
 - `src/masterExpressApp.ts` - Master Express mode implementation
 - `src/initConfig.ts` - Configuration loading and validation
 - `src/routes/` - Express routes for both modes
@@ -53,23 +60,27 @@ Enclaved BitGo Express is a secure cryptocurrency signing server with two operat
 - `src/shared/` - Shared utilities and types
 
 ### Configuration
+
 Configuration is managed through environment variables with defaults defined in `src/initConfig.ts`. The application requires specific environment variables depending on the mode:
 
 #### Common Variables
-- `APP_MODE` - Set to "enclaved" or "master-express"
+
+- `APP_MODE` - Set to "advanced-wallet-manager" or "master-express"
 - `TLS_MODE` - Set to "mtls" or "disabled"
 - `BIND` - Address to bind to (default: localhost)
 - `TIMEOUT` - Request timeout in milliseconds (default: 305000)
 
-#### Enclaved Mode Specific
-- `ENCLAVED_EXPRESS_PORT` - Port to listen on (default: 3080)
+#### Advanced Wallet Manager Mode Specific
+
+- `ADVANCED_WALLET_MANAGER_PORT` - Port to listen on (default: 3080)
 - `KMS_URL` - Required KMS service URL
 
 #### Master Express Mode Specific
+
 - `MASTER_EXPRESS_PORT` - Port to listen on (default: 3081)
 - `BITGO_ENV` - BitGo environment (default: test)
-- `ENCLAVED_EXPRESS_URL` - Required URL for the Enclaved Express server
-- `ENCLAVED_EXPRESS_CERT` - Required path to Enclaved Express certificate
+- `ADVANCED_WALLET_MANAGER_URL` - Required URL for the Advanced Wallet Manager
+- `ADVANCED_WALLET_MANAGER_CERT` - Required path to Advanced Wallet Manager certificate
 
 
 ## Abbreviations and Nomenclature
@@ -95,7 +106,7 @@ API responses follow a standard error format with `error` and `details` fields.
 
 ## API Endpoints
 
-### Enclaved Express (Port 3080)
+### Advanced Wallet Manager (Port 3080)
 
 #### Health and Information
 - `POST /ping` - Health check
@@ -120,19 +131,23 @@ API responses follow a standard error format with `error` and `details` fields.
 ### Master Express (Port 3081)
 
 #### Health and Status Endpoints
+
 - `POST /ping` - Health check
 - `GET /version` - Version information
-- `POST /ping/enclavedExpress` - Test connection to Enclaved Express
-- `GET /version/enclavedExpress` - Get Enclaved Express version information
+- `POST /ping/advancedWalletManager` - Test connection to Advanced Wallet Manager
+- `GET /version/advancedWalletManager` - Get Advanced Wallet Manager version information
 
 #### Wallet Management
+
 - `POST /api/:coin/wallet/generate` - Generate wallet (supports onchain and TSS multisig types)
 
 #### Transaction Operations
+
 - `POST /api/:coin/wallet/:walletId/sendMany` - Send transaction with multiple recipients
 - `POST /api/:coin/wallet/:walletId/accelerate` - Accelerate pending transactions (CPFP/RBF)
 - `POST /api/:coin/wallet/:walletId/consolidate` - Consolidate wallet addresses
 - `POST /api/:coin/wallet/:walletId/consolidateunspents` - Consolidate unspent transaction outputs
 
 #### Recovery
-- `POST /api/:coin/wallet/recovery` - Recover wallet funds
+
+- `POST /api/:coin/wallet/recovery` - Recover wallet funds
@@ -48,7 +48,7 @@ RUN --mount=type=cache,target=/usr/src/app/.npm-cache \
 COPY . .
 
 # Build TypeScript code with deterministic output
-RUN npm run build 
+RUN npm run build
 
 FROM node:22.1.0-alpine@sha256:487dc5d5122d578e13f2231aa4ac0f63068becd921099c4c677c850df93bede8 AS production
 
@@ -91,4 +91,4 @@ USER bitgo
 EXPOSE ${PORT}
 
 # Start the application using the binary
-CMD ["./bin/enclaved-bitgo-express"]
+CMD ["./bin/advanced-wallet-manager"]
@@ -1,28 +1,28 @@
-# Enclaved BitGo Express
+# Advanced Wallet Manager
 
-A secure, mTLS-enabled cryptocurrency signing server with two operational modes: Enclaved Express (dedicated signer) and Master Express (API gateway with integrated signing capabilities).
+A secure, mTLS-enabled cryptocurrency signing server with two operational modes: Advanced Wallet Manager (dedicated signer) and Master Express (API gateway with integrated signing capabilities).
 
 ## Overview
 
 This application provides secure cryptocurrency operations with mutual TLS (mTLS) authentication:
 
-- **Enclaved Mode**: Lightweight signing server for secure key operations
+- **Advanced Wallet Manager Mode**: Lightweight signing server for secure key operations
 - **Master Express Mode**: Full BitGo Express functionality with integrated signing
 - **mTLS Security**: Client certificate validation for secure communications
 - **Flexible Configuration**: Environment-based setup with file or variable-based certificates
 
 ## Architecture
 
-- **Enclaved Express** (Port 3080): Focused signing operations with KMS integration
-- **Master Express** (Port 3081): Full BitGo API functionality with secure communication to Enclaved Express
+- **Advanced Wallet Manager** (Port 3080): Focused signing operations with KMS integration
+- **Master Express** (Port 3081): Full BitGo API functionality with secure communication to Advanced Wallet Manager
 
 ## Configuration
 
 Configuration is managed through environment variables:
 
 ### Required Settings
 
-- `APP_MODE` - Application mode (required: "enclaved" or "master-express")
+- `APP_MODE` - Application mode (required: "advanced-wallet-manager" or "master-express")
 
 ### Network Settings
 
@@ -31,9 +31,9 @@ Configuration is managed through environment variables:
 - `KEEP_ALIVE_TIMEOUT` - Keep-alive timeout (optional)
 - `HEADERS_TIMEOUT` - Headers timeout (optional)
 
-#### Enclaved Mode Specific
+#### Advanced Wallet Manager Mode Specific
 
-- `ENCLAVED_EXPRESS_PORT` - Port to listen on (default: 3080)
+- `ADVANCED_WALLET_MANAGER_PORT` - Port to listen on (default: 3080)
 - `KMS_URL` - KMS service URL (required)
 
 #### Master Express Mode Specific
@@ -44,8 +44,8 @@ Configuration is managed through environment variables:
 - `BITGO_AUTH_VERSION` - Authentication version (default: 2)
 - `BITGO_CUSTOM_ROOT_URI` - Custom BitGo API root URI (optional)
 - `BITGO_CUSTOM_BITCOIN_NETWORK` - Custom Bitcoin network (optional)
-- `ENCLAVED_EXPRESS_URL` - Enclaved Express server URL (required)
-- `ENCLAVED_EXPRESS_CERT` - Path to Enclaved Express server certificate (required)
+- `ADVANCED_WALLET_MANAGER_URL` - Advanced Wallet Manager URL (required)
+- `ADVANCED_WALLET_MANAGER_CERT` - Path to Advanced Wallet Manager certificate (required)
 
 ### TLS/mTLS Configuration
 
@@ -100,10 +100,10 @@ openssl genrsa -out server.key 2048
 openssl req -new -x509 -key server.key -out server.crt -days 365 -subj "/CN=localhost"
 ```
 
-### 2. Start Enclaved Express
+### 2. Start Advanced Wallet Manager
 
 ```bash
-export APP_MODE=enclaved
+export APP_MODE=advanced-wallet-manager
 export KMS_URL=https://your-kms-service
 export TLS_KEY_PATH=./server.key
 export TLS_CERT_PATH=./server.crt
@@ -121,19 +121,19 @@ export APP_MODE=master-express
 export BITGO_ENV=test
 export TLS_KEY_PATH=./server.key
 export TLS_CERT_PATH=./server.crt
-export ENCLAVED_EXPRESS_URL=https://localhost:3080
-export ENCLAVED_EXPRESS_CERT=./server.crt
+export ADVANCED_WALLET_MANAGER_URL=https://localhost:3080
+export ADVANCED_WALLET_MANAGER_CERT=./server.crt
 export MTLS_REQUEST_CERT=false
 export ALLOW_SELF_SIGNED=true
 npm start
 ```
 
 ### 5. Test the Connection
 
-Test that Master Express can communicate with Enclaved Express:
+Test that Master Express can communicate with Advanced Wallet Manager:
 
 ```bash
-curl -k -X POST https://localhost:3081/ping/enclavedExpress
+curl -k -X POST https://localhost:3081/ping/advancedWalletManager
 ```
 
 ## Production Configuration
@@ -149,13 +149,13 @@ curl -k -X POST https://localhost:3081/ping/enclavedExpress
 
 ### Production Setup Example
 
-#### Enclaved Express (Production)
+#### Advanced Wallet Manager (Production)
 
 ```bash
-export APP_MODE=enclaved
+export APP_MODE=advanced-wallet-manager
 export KMS_URL=https://production-kms.example.com
-export TLS_KEY_PATH=/secure/path/enclaved.key
-export TLS_CERT_PATH=/secure/path/enclaved.crt
+export TLS_KEY_PATH=/secure/path/advanced-wallet-manager.key
+export TLS_CERT_PATH=/secure/path/advanced-wallet-manager.crt
 export MTLS_REQUEST_CERT=true
 export ALLOW_SELF_SIGNED=false
 export MTLS_ALLOWED_CLIENT_FINGERPRINTS=ABC123...,DEF456...
@@ -169,8 +169,8 @@ export APP_MODE=master-express
 export BITGO_ENV=prod
 export TLS_KEY_PATH=/secure/path/master.key
 export TLS_CERT_PATH=/secure/path/master.crt
-export ENCLAVED_EXPRESS_URL=https://enclaved.internal.example.com:3080
-export ENCLAVED_EXPRESS_CERT=/secure/path/enclaved.crt
+export ADVANCED_WALLET_MANAGER_URL=https://advanced-wallet-manager.internal.example.com:3080
+export ADVANCED_WALLET_MANAGER_CERT=/secure/path/advanced-wallet-manager.crt
 export MTLS_REQUEST_CERT=true
 export ALLOW_SELF_SIGNED=false
 npm start
@@ -184,22 +184,22 @@ First, build the container image:
 # For Master Express (default port 3081)
 npm run container:build
 
-# For Enclaved Express (port 3080)
+# For Advanced Wallet Manager (port 3080)
 npm run container:build --build-arg PORT=3080
 ```
 
-For local development, you'll need to run both the Enclaved Express and Master Express containers:
+For local development, you'll need to run both the Advanced Wallet Manager and Master Express containers:
 
 ```bash
-# Start Enclaved Express container
+# Start Advanced Wallet Manager container
 podman run -d \
   -p 3080:3080 \
   -v $(pwd)/certs:/app/certs:Z \
-  -e APP_MODE=enclaved \
+  -e APP_MODE=advanced-wallet-manager \
   -e BIND=0.0.0.0 \
   -e TLS_MODE=mtls \
-  -e TLS_KEY_PATH=/app/certs/enclaved-express-key.pem \
-  -e TLS_CERT_PATH=/app/certs/enclaved-express-cert.pem \
+  -e TLS_KEY_PATH=/app/certs/advanced-wallet-manager-key.pem \
+  -e TLS_CERT_PATH=/app/certs/advanced-wallet-manager-cert.pem \
   -e KMS_URL=host.containers.internal:3000 \
   -e NODE_ENV=development \
   -e ALLOW_SELF_SIGNED=true \
@@ -220,23 +220,23 @@ podman run -d \
   -e TLS_MODE=mtls \
   -e TLS_KEY_PATH=/app/certs/test-ssl-key.pem \
   -e TLS_CERT_PATH=/app/certs/test-ssl-cert.pem \
-  -e ENCLAVED_EXPRESS_URL=https://host.containers.internal:3080 \
-  -e ENCLAVED_EXPRESS_CERT=/app/certs/enclaved-express-cert.pem \
+  -e ADVANCED_WALLET_MANAGER_URL=https://host.containers.internal:3080 \
+  -e ADVANCED_WALLET_MANAGER_CERT=/app/certs/advanced-wallet-manager-cert.pem \
   -e ALLOW_SELF_SIGNED=true \
   bitgo-onprem-express
 
 # View logs
 podman logs -f <container_id>
 
 # Test the endpoints (note: using https and mTLS)
-# For Enclaved Express
-curl -k --cert certs/test-ssl-cert.pem --key certs/enclaved-express-key.pem -X POST https://localhost:3080/ping
+# For Advanced Wallet Manager
+curl -k --cert certs/test-ssl-cert.pem --key certs/advanced-wallet-manager-key.pem -X POST https://localhost:3080/ping
 
 # For Master Express
 curl -k --cert certs/test-ssl-cert.pem --key certs/test-ssl-key.pem -X POST https://localhost:3081/ping
 
 # Test the connection
-curl -k -X POST https://localhost:3081/ping/enclavedExpress
+curl -k -X POST https://localhost:3081/ping/advancedWalletManager
 ```
 
 Notes:
@@ -247,7 +247,7 @@ Notes:
 
 ## API Endpoints
 
-### Enclaved Express (Port 3080)
+### Advanced Wallet Manager (Port 3080)
 
 - `POST /ping` - Health check
 - `GET /version` - Version information
@@ -257,8 +257,8 @@ Notes:
 
 - `POST /ping` - Health check
 - `GET /version` - Version information
-- `POST /ping/enclavedExpress` - Test connection to Enclaved Express
-- `POST /api/:coin/wallet/generate` - Generate wallet (with Enclaved Express integration)
+- `POST /ping/advancedWalletManager` - Test connection to Advanced Wallet Manager
+- `POST /api/:coin/wallet/generate` - Generate wallet (with Advanced Wallet Manager integration)
 
 ## Troubleshooting
 
@@ -291,17 +291,10 @@ openssl x509 -in certificate.crt -text -noout
 
 ```bash
 # Check that required variables are set
-env | grep -E "(APP_MODE|KMS_URL|ENCLAVED_EXPRESS|TLS_)"
-```
-
-### Debug Mode
-
-Enable debug logging for detailed troubleshooting:
-
-```bash
-DEBUG_NAMESPACE=enclaved:*,master:* npm run start
-```
+env | grep -E "(APP_MODE|KMS_URL|ADVANCED_WALLET_MANAGER|TLS_)"
+``
 
 ## License
 
 MIT
+```