feat: add Ledger hardware wallet support #109
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… registration Co-authored-by: petersalomonsen <[email protected]>
…rse errors, use specific icon commit Co-authored-by: petersalomonsen <[email protected]>
Co-authored-by: petersalomonsen <[email protected]>
Co-authored-by: petersalomonsen <[email protected]>
Copilot
AI
changed the title
[WIP] Add Ledger hardware wallet support to treasury26 app
feat: add Ledger hardware wallet support
Jan 25, 2026
Copilot stopped work on behalf of
petersalomonsen due to an error
January 29, 2026 18:56
- Add user gesture prompt for WebHID connection in sandbox iframe - Fix RPC endpoint to use FastNEAR instead of broken window.selector.providers - Update @near-js/transactions imports to use actionCreators namespace - Add connectWithDevice method for pre-authorized devices
- Add Playwright configuration and Ledger login test - Add GitHub Actions workflow for E2E tests - Add Docker Compose setup for running tests with sandbox - Update devcontainer with desktop-lite for Playwright UI - Add test artifacts to .gitignore
- Add comprehensive WebHID API mock that intercepts navigator.hid - Implement MockHIDDevice class with proper Ledger HID framing - Handle APDU commands: GET_PUBLIC_KEY, SIGN_TRANSACTION, GET_VERSION - Echo back channel ID from requests (fixes "Invalid channel" error) - Use sandbox genesis public key (ed25519:5BGSaf6YjVm7565VzWQHNxoyEjwr3jUpRJSGjREvU9dB) - Use context.addInitScript() to inject mock before any JS runs The mock successfully: - Shows the "Connect Ledger" button - Handles requestDevice() calls - Returns mock public key from Ledger - Shows account ID input dialog Note: Full E2E flow requires sandbox to be running for access key verification. Co-Authored-By: Claude Opus 4.5 <[email protected]>
- Wait for account ID input to be attached (not visible) since iframe hides quickly - Use frame.evaluate() to fill and click confirm in single JS execution - Add stabilization wait before clicking Connect Ledger button - Add comprehensive console logging for debugging The test now passes with the WebHID mock: - Connect Ledger button appears and is clickable - Mock handles requestDevice() and GET_PUBLIC_KEY - Account ID is filled and confirm is clicked Note: RPC verification still calls mainnet instead of sandbox, causing a "FullAccess permission" error that doesn't fail the test. Co-Authored-By: Claude Opus 4.5 <[email protected]>
Redirect FastNEAR RPC calls to local sandbox for access key verification and add assertion to verify successful login redirect. Co-Authored-By: Claude Opus 4.5 <[email protected]>
- Add pauses between steps for clearer video recording - Force iframe visibility to show account ID input - Type account ID character by character for visual effect - Add final pause to show successful login result Co-Authored-By: Claude Opus 4.5 <[email protected]>
- Increase iframe height to 320px to show all content - Make iframe parent elements visible with proper z-index - Style input field with white background and large font for video visibility - Type characters with 200ms delay for clear video capture - Add visual button feedback before clicking confirm Co-Authored-By: Claude Opus 4.5 <[email protected]>
Remove heavy CSS overrides that replaced the Ledger library's dialog. Now only make the iframe parent chain visible (minimal fix for Playwright) while preserving the original dark-themed "Enter Account ID" dialog. The typing is clearly visible in the original Ledger dialog. Co-Authored-By: Claude Opus 4.5 <[email protected]>
The mock's 10ms response delay caused a race condition with the wallet selector's iframe hide/show transitions, causing the account ID dialog to fade out immediately. Increased to 500ms to match real Ledger timing. Changes: - Increase mock response delay from 10ms to 500ms - Fix RPC route pattern to properly intercept FastNEAR URLs - Remove CSS visibility hack (no longer needed) - Add 120s test timeout for video recording pauses - Enable video recording in playwright config Co-Authored-By: Claude Opus 4.5 <[email protected]>
- Change platform from {} to [] to match WalletManifest type
- Add test video artifact upload to E2E workflow
Co-Authored-By: Claude Opus 4.5 <[email protected]>
- Add signTransaction: true to ledger manifest features - Remove npm cache from setup-node (was causing path resolution errors) Co-Authored-By: Claude Opus 4.5 <[email protected]>
Project uses bun.lock (package-lock.json is gitignored), so the E2E workflow needs to use bun for dependency installation. Co-Authored-By: Claude Opus 4.5 <[email protected]>
Collaborator
|
@race-of-sloths include |
|
@Copilot Thank you for your contribution! Your pull request is now a part of the Race of Sloths! Current status: waiting for finalizationThe pull request is merged, you have 24 hours to finalize your scoring. The scoring ends Wed Feb 4 16:41:29 2026
Your contribution is much appreciated with a final score of 5! @petersalomonsen received 25 Sloth Points for reviewing and scoring this pull request. What is the Race of SlothsRace of Sloths is a friendly competition where you can participate in challenges and compete with other open-source contributors within your normal workflow For contributors:
For maintainers:
Feel free to check our website for additional details! Bot commands
|
Collaborator
|
@race-of-sloths score 5 |
petersalomonsen
approved these changes
Jan 31, 2026
- Fix base64 encoding for broadcast_tx_commit RPC call - Remove double JSON serialization of function call args Co-Authored-By: Claude Opus 4.5 <[email protected]>
akorchyn
approved these changes
Feb 1, 2026
| @@ -0,0 +1,666 @@ | |||
| // Ledger Hardware Wallet Executor for hot-connect | |||
Member
There was a problem hiding this comment.
Should we move this to hot connect instead and use newer version?
Resolve conflicts in near-store.ts by keeping both Ledger wallet support and new auth API imports. Co-Authored-By: Claude Opus 4.5 <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds Ledger hardware wallet integration using
@hot-labs/near-connect's custom wallet executor framework, bringing feature parity with the Web4 implementation.Video generated from Playwright test
ledgerlogin.mp4
Implementation
Executor (
public/ledger-executor.js)LedgerClientclass handles APDU communication (CLA 0x80, 250-byte chunking, derivation path44'/397'/0'/0'/1')Manifest (
lib/ledger-manifest.ts)Registration (
stores/near-store.ts)E2E Testing
Playwright Test (
e2e/ledger-login.spec.ts)Browser Support
WebHID API requirement limits support to Chrome/Edge/Opera 89+ on desktop. Gracefully skips registration on unsupported browsers (Firefox, Safari, mobile).
Dependencies
All dependencies loaded from CDN (no build-time imports):
@ledgerhq/[email protected]@near-js/[email protected],@near-js/[email protected],@near-js/[email protected]Documentation
docs/ledger-wallet-support.md: Technical architecture, APDU protocol details, security modeldocs/ledger-testing-guide.md: Manual testing procedures for device interactionResolves #89