|
| 1 | +# CLAUDE.md |
| 2 | + |
| 3 | +This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository. |
| 4 | + |
| 5 | +## Commands |
| 6 | + |
| 7 | +### Development |
| 8 | +- `yarn start` - Start the application in development mode using nodemon for auto-reloading |
| 9 | +- `yarn build` - Build the TypeScript code (creates /dist folder) |
| 10 | +- `yarn lint` - Run ESLint to check for code issues |
| 11 | +- `yarn lint:fix` - Run ESLint and automatically fix issues when possible |
| 12 | + |
| 13 | +### Testing |
| 14 | +- `yarn test` - Run all tests |
| 15 | +- `yarn test:watch` - Run tests in watch mode |
| 16 | +- `yarn test:coverage` - Run tests with coverage report |
| 17 | +- `yarn generate-test-ssl` - Generate self-signed SSL certificates for testing |
| 18 | + |
| 19 | +### Container |
| 20 | +- `yarn container:build` - Build the container image using Podman (optionally use --build-arg PORT=3080) |
| 21 | + |
| 22 | +## Architecture Overview |
| 23 | + |
| 24 | +Enclaved BitGo Express is a secure cryptocurrency signing server with two operational modes: |
| 25 | + |
| 26 | +### 1. Enclaved Express Mode (`APP_MODE=enclaved`) |
| 27 | +- Lightweight server focused solely on secure signing operations |
| 28 | +- Runs on port 3080 by default |
| 29 | +- Integrates with KMS for key management |
| 30 | +- Handles cryptographic operations securely |
| 31 | +- Exposes minimal endpoints focused on key generation and signing |
| 32 | + |
| 33 | +### 2. Master Express Mode (`APP_MODE=master-express`) |
| 34 | +- Full BitGo API functionality with integrated signing capabilities |
| 35 | +- Runs on port 3081 by default |
| 36 | +- Acts as an API gateway and communicates with Enclaved Express for signing operations |
| 37 | +- Provides a broader set of BitGo wallet operations and transaction handling |
| 38 | + |
| 39 | +### Security Architecture |
| 40 | +- Both modes support mutual TLS (mTLS) authentication |
| 41 | +- Certificates can be loaded from files or environment variables |
| 42 | +- Client certificate validation for secure communications |
| 43 | +- Option to validate client certificate fingerprints |
| 44 | + |
| 45 | +### Code Structure |
| 46 | +- `src/app.ts` - Main entry point that determines mode and starts the appropriate app |
| 47 | +- `src/enclavedApp.ts` - Enclaved Express mode implementation |
| 48 | +- `src/masterExpressApp.ts` - Master Express mode implementation |
| 49 | +- `src/initConfig.ts` - Configuration loading and validation |
| 50 | +- `src/routes/` - Express routes for both modes |
| 51 | +- `src/api/` - API implementation for both modes |
| 52 | +- `src/kms/` - KMS client and operations |
| 53 | +- `src/shared/` - Shared utilities and types |
| 54 | + |
| 55 | +### Configuration |
| 56 | +Configuration is managed through environment variables with defaults defined in `src/initConfig.ts`. The application requires specific environment variables depending on the mode: |
| 57 | + |
| 58 | +#### Common Variables |
| 59 | +- `APP_MODE` - Set to "enclaved" or "master-express" |
| 60 | +- `TLS_MODE` - Set to "mtls" or "disabled" |
| 61 | +- `BIND` - Address to bind to (default: localhost) |
| 62 | +- `TIMEOUT` - Request timeout in milliseconds (default: 305000) |
| 63 | + |
| 64 | +#### Enclaved Mode Specific |
| 65 | +- `ENCLAVED_EXPRESS_PORT` - Port to listen on (default: 3080) |
| 66 | +- `KMS_URL` - Required KMS service URL |
| 67 | + |
| 68 | +#### Master Express Mode Specific |
| 69 | +- `MASTER_EXPRESS_PORT` - Port to listen on (default: 3081) |
| 70 | +- `BITGO_ENV` - BitGo environment (default: test) |
| 71 | +- `ENCLAVED_EXPRESS_URL` - Required URL for the Enclaved Express server |
| 72 | +- `ENCLAVED_EXPRESS_CERT` - Required path to Enclaved Express certificate |
| 73 | + |
| 74 | +## API Endpoints |
| 75 | + |
| 76 | +### Enclaved Express (Port 3080) |
| 77 | +- `POST /ping` - Health check |
| 78 | +- `GET /version` - Version information |
| 79 | +- `POST /:coin/key/independent` - Generate independent keychain |
| 80 | + |
| 81 | +### Master Express (Port 3081) |
| 82 | + |
| 83 | +#### Health and Status Endpoints |
| 84 | +- `POST /ping` - Health check |
| 85 | +- `GET /version` - Version information |
| 86 | +- `POST /ping/enclavedExpress` - Test connection to Enclaved Express |
| 87 | +- `GET /version/enclavedExpress` - Get Enclaved Express version information |
| 88 | + |
| 89 | +#### Wallet Management |
| 90 | +- `POST /api/:coin/wallet/generate` - Generate wallet (supports onchain and TSS multisig types) |
| 91 | + |
| 92 | +#### Transaction Operations |
| 93 | +- `POST /api/:coin/wallet/:walletId/sendMany` - Send transaction with multiple recipients |
| 94 | +- `POST /api/:coin/wallet/:walletId/accelerate` - Accelerate pending transactions (CPFP/RBF) |
| 95 | +- `POST /api/:coin/wallet/:walletId/consolidate` - Consolidate wallet addresses |
| 96 | +- `POST /api/:coin/wallet/:walletId/consolidateunspents` - Consolidate unspent transaction outputs |
| 97 | + |
| 98 | +#### Recovery |
| 99 | +- `POST /api/:coin/wallet/recovery` - Recover wallet funds |
0 commit comments