fix: ios & ext exchange firmware

[wabicai]

Summary by CodeRabbit

• New Features

  • WebUSB bootloader reauthorization prompt to improve device reconnection during firmware updates.

• Bug Fixes

  • Firmware update polling now continues for in-progress updates and surfaces update-mode progress; reconnect handling refined to reduce premature completion.

• Compatibility

  • Firmware support surface updated from v7 to v8 across device types.

• Chores

  • Multiple packages bumped to 1.1.21-alpha.1.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Bump many packages to 1.1.21-alpha.1. Rename firmware metadata keys v7→v8 and update firmware lookup logic. Modify firmware update flow: treat firmwareVersion "0.0.0" as in-progress, add error parsing/normalization and progress extraction, and add a one-time WebUSB bootloader reauth prompt before reconnect.

Changes

Cohort / File(s)	Summary
Package version & dependency bumps packages/shared/package.json, packages/hd-transport/package.json, packages/hd-transport-electron/package.json, packages/hd-transport-emulator/package.json, packages/hd-transport-http/package.json, packages/hd-transport-lowlevel/package.json, packages/hd-transport-react-native/package.json, packages/hd-transport-web-device/package.json, packages/hd-ble-sdk/package.json, packages/hd-common-connect-sdk/package.json, packages/hd-web-sdk/package.json, packages/core/package.json, packages/connect-examples/electron-example/package.json, packages/connect-examples/expo-example/package.json, packages/connect-examples/expo-playground/package.json	Bumped package version and in-repo dependency references from 1.1.20 → 1.1.21-alpha.1.
Firmware metadata & device-feature logic (v7 → v8) packages/core/src/data-manager/DataManager.ts, packages/core/src/types/settings.ts, packages/core/src/utils/deviceFeaturesUtils.ts	Replace keys and mappings from firmware-v7/firmware-btc-v7 → firmware-v8/firmware-btc-v8 and adjust firmware-field selection logic accordingly.
Firmware update flow, error handling & WebUSB reauth packages/core/src/api/FirmwareUpdateV3.ts, packages/core/src/api/firmware/FirmwareUpdateBaseMethod.ts	Treat firmwareVersion "0.0.0" as still installing (continue polling); add extractUpdateModeProgress and normalizeErrorMessage helpers and related error-parsing logic; call ensureWebUsbBootloaderReauthPrompt() before reconnect attempts; add hasPromptedWebUsbBootloaderReauth flag and show prompt once without throwing on failures.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant UI as UI / Prompt Listener
  participant Base as FirmwareUpdateBaseMethod
  participant Updater as FirmwareUpdateV3
  participant Device as Device / Transport

  Note over Updater,Device: Install started — polling loop
  Updater->>Device: query firmwareVersion
  alt firmwareVersion != "0.0.0"
    Device-->>Updater: firmwareVersion (completed)
    Updater->>Base: mark completion
  else firmwareVersion == "0.0.0"
    Device-->>Updater: firmwareVersion "0.0.0" (in-progress)
    Updater->>Updater: wait 1s and continue polling
  end

  Note over Device,Updater: Error during polling/install
  Device-->>Updater: error
  Updater->>Updater: normalizeErrorMessage(error)
  Updater->>Updater: extractUpdateModeProgress(error)
  alt progress found
    Updater->>Updater: emit progress and continue polling
  else
    Updater->>Base: ensureWebUsbBootloaderReauthPrompt()
    Base->>UI: post web-device bootloader tip (once)
    UI-->>Base: user selects device / reauth
    Base-->>Updater: prompt resolved
    Updater->>Device: attempt reconnect
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Pay extra attention to:
  • packages/core/src/api/FirmwareUpdateV3.ts — polling behavior for "0.0.0", error normalization and progress extraction, and reconnect sequence.
  • packages/core/src/api/firmware/FirmwareUpdateBaseMethod.ts — one-time prompt gating, WebUSB availability checks, and no-throw behavior on prompt failures.
  • packages/core/src/data-manager/DataManager.ts, packages/core/src/types/settings.ts, packages/core/src/utils/deviceFeaturesUtils.ts — consistent v7→v8 renames and runtime lookup correctness.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.
Title check	❓ Inconclusive	The title 'fix: ios & ext exchange firmware' is vague and doesn't clearly convey the main changes, which center on version bumps, firmware v8 migration, and WebUSB bootloader fixes.	Clarify the title to reflect the primary change: consider 'Bump version to 1.1.21-alpha.1 and migrate firmware-v7 to firmware-v8' or 'Add WebUSB bootloader reauth and firmware v8 support'.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/btc-only-upgrade

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[revan-zhang]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	stream-browserify@​3.0.0
	ripple-keypairs@​1.3.1

View full report

[socket-security]

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report

[coderabbitai]

Actionable comments posted: 5

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

packages/core/src/types/settings.ts (1)

115-124: Update the "future" comment to reflect v8 is now current.

Lines 115-117 add v8 fields, but lines 119-120 still label v8 as "Future firmware versions." This is inconsistent.

📝 Suggested comment fix

     /** Universal firmware v7 */
     'firmware-v8'?: IFirmwareReleaseInfo[];
     /** Bitcoin-only firmware v7 */
     'firmware-btc-v8'?: IFirmwareReleaseInfo[];
-    // Future firmware versions should be added here as optional fields:
-    // 'firmware-v8'?: IFirmwareReleaseInfo[];
-    // 'firmware-btc-v8'?: IFirmwareReleaseInfo[];
+    // Future firmware versions (v9+) should be added here as optional fields:
+    // 'firmware-v9'?: IFirmwareReleaseInfo[];
+    // 'firmware-btc-v9'?: IFirmwareReleaseInfo[];
     /** BLE firmware (required) */
     ble: IBLEFirmwareReleaseInfo[];

📜 Review details

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 3f1367f and b7441bd.

📒 Files selected for processing (20)

• packages/connect-examples/electron-example/package.json (2 hunks)
• packages/connect-examples/expo-example/package.json (2 hunks)
• packages/connect-examples/expo-playground/package.json (2 hunks)
• packages/core/package.json (2 hunks)
• packages/core/src/api/FirmwareUpdateV3.ts (1 hunks)
• packages/core/src/api/firmware/FirmwareUpdateBaseMethod.ts (3 hunks)
• packages/core/src/data-manager/DataManager.ts (2 hunks)
• packages/core/src/types/settings.ts (2 hunks)
• packages/core/src/utils/deviceFeaturesUtils.ts (2 hunks)
• packages/hd-ble-sdk/package.json (2 hunks)
• packages/hd-common-connect-sdk/package.json (2 hunks)
• packages/hd-transport-electron/package.json (2 hunks)
• packages/hd-transport-emulator/package.json (2 hunks)
• packages/hd-transport-http/package.json (2 hunks)
• packages/hd-transport-lowlevel/package.json (2 hunks)
• packages/hd-transport-react-native/package.json (2 hunks)
• packages/hd-transport-web-device/package.json (2 hunks)
• packages/hd-transport/package.json (1 hunks)
• packages/hd-web-sdk/package.json (2 hunks)
• packages/shared/package.json (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (2)

packages/core/src/utils/deviceFeaturesUtils.ts (2)

packages/core/src/utils/deviceVersionUtils.ts (1)

• getDeviceFirmwareVersion (7-19)

packages/connect-examples/native-android-example/app/src/main/assets/index.e70e0048.js (1)

• getDeviceFirmwareVersion (4638-4652)

packages/core/src/api/firmware/FirmwareUpdateBaseMethod.ts (2)

packages/core/src/data-manager/DataManager.ts (1)

• DataManager (64-499)

packages/core/src/events/device.ts (1)

• DEVICE (6-31)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: build (22)
• GitHub Check: lint (22)
• GitHub Check: Analyze (javascript-typescript)

🔇 Additional comments (27)

packages/shared/package.json (1)

3-3: LGTM!

Version bump to 1.1.21-alpha.0 is consistent with the monorepo-wide update.

packages/hd-transport/package.json (1)

3-3: LGTM!

Version bump aligns with the coordinated prerelease.

packages/hd-transport-emulator/package.json (1)

3-3: LGTM!

Version and internal dependencies are consistent at 1.1.21-alpha.0.

Also applies to: 27-28

packages/hd-transport-web-device/package.json (1)

3-3: LGTM!

Version bump and dependency updates are consistent across runtime and dev dependencies.

Also applies to: 23-24, 27-27

packages/hd-transport-electron/package.json (1)

3-3: LGTM!

All internal dependencies align with the 1.1.21-alpha.0 prerelease.

Also applies to: 28-30

packages/hd-transport-lowlevel/package.json (1)

3-3: LGTM!

Version and dependencies are in sync.

Also applies to: 22-23

packages/hd-transport-react-native/package.json (1)

3-3: LGTM!

Version and dependencies are consistent.

Also applies to: 22-23

packages/core/src/api/firmware/FirmwareUpdateBaseMethod.ts (2)

43-44: LGTM!

The flag prevents duplicate WebUSB prompts. Good pattern for one-time prompts.

---

157-160: LGTM!

The log message now correctly references the private method name _promptDeviceInBootloaderForWebDevice.

packages/core/src/api/FirmwareUpdateV3.ts (3)

361-372: Good defensive check for iOS edge case.

The firmwareVersion !== '0.0.0' check handles the iOS scenario where the device may return zero version during firmware switches. Clean and clear logic.

---

399-413: Clean regex extraction for progress parsing.

The extractUpdateModeProgress helper consolidates progress parsing. Good use of null return for no-match cases.

---

434-451: Solid error normalization utility.

The normalizeErrorMessage method handles strings, objects with message, and edge cases gracefully. Clean and defensive.

packages/connect-examples/electron-example/package.json (1)

5-5: Consistent alpha version bump.

Package version and hd-transport-electron dependency both updated to 1.1.21-alpha.0. Aligned with the coordinated release.

Also applies to: 25-25

packages/hd-ble-sdk/package.json (1)

3-3: Dependencies align with package version.

All internal @onekeyfe/* dependencies updated to 1.1.21-alpha.0. Clean and consistent.

Also applies to: 23-25

packages/connect-examples/expo-playground/package.json (1)

3-3: Coordinated version bump looks good.

Package and @onekeyfe/* dependencies all at 1.1.21-alpha.0. No mismatches.

Also applies to: 20-22

packages/hd-common-connect-sdk/package.json (1)

3-3: All internal dependencies updated consistently.

Six @onekeyfe/* packages bumped to 1.1.21-alpha.0. Version alignment across the monorepo is correct.

Also applies to: 23-28

packages/core/src/data-manager/DataManager.ts (1)

48-50: Type map correctly updated to match v8 field names.

The firmware field type mappings are consistent with the updated constants above.

packages/core/package.json (2)

3-3: Version bump to alpha prerelease looks correct.

Standard prerelease versioning for the firmware v8 migration.

---

28-29: Dependencies aligned with package version.

Both hd-shared and hd-transport updated to matching alpha version.

packages/hd-transport-http/package.json (1)

3-3: Version coordination looks good.

Transport package aligned with the alpha release series.

Also applies to: 27-28

packages/connect-examples/expo-example/package.json (1)

3-3: Example package dependencies updated correctly.

All OneKey SDK dependencies moved to the alpha release.

Also applies to: 22-25

packages/core/src/types/settings.ts (1)

101-107: Example comment updated correctly.

The documentation example now shows v8 fields.

packages/core/src/utils/deviceFeaturesUtils.ts (4)

236-241: Latest firmware field logic updated to v8.

Both bitcoin-only and universal paths now return v8 field names.

---

303-304: Classic device types correctly point to v8.

Classic, classic1s, mini, and classicpure all use firmware-v8 field.

---

306-318: Touch device firmware selection updated to v8.

All Touch firmware field arrays now reference v8 instead of v7.

---

320-322: Pro device uses v8 firmware field.

Consistent with other device types.

packages/hd-web-sdk/package.json (1)

3-3: Web SDK version and dependencies aligned.

All OneKey packages updated to the alpha release series.

Also applies to: 24-27

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

packages/core/src/api/FirmwareUpdateV3.ts (1)

380-393: Typo: "firmwware" → "firmware".

Line 383 has a spelling error in the comment.

🔎 Proposed fix

-             * 1. While including 'Ble firmwware' in ble connect type
+             * 1. While including 'Ble firmware' in ble connect type

📜 Review details

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 07cd6d6 and f436a6a.

📒 Files selected for processing (16)

• packages/connect-examples/electron-example/package.json (2 hunks)
• packages/connect-examples/expo-example/package.json (2 hunks)
• packages/connect-examples/expo-playground/package.json (2 hunks)
• packages/core/package.json (2 hunks)
• packages/core/src/api/FirmwareUpdateV3.ts (2 hunks)
• packages/hd-ble-sdk/package.json (2 hunks)
• packages/hd-common-connect-sdk/package.json (2 hunks)
• packages/hd-transport-electron/package.json (2 hunks)
• packages/hd-transport-emulator/package.json (2 hunks)
• packages/hd-transport-http/package.json (2 hunks)
• packages/hd-transport-lowlevel/package.json (2 hunks)
• packages/hd-transport-react-native/package.json (2 hunks)
• packages/hd-transport-web-device/package.json (2 hunks)
• packages/hd-transport/package.json (1 hunks)
• packages/hd-web-sdk/package.json (2 hunks)
• packages/shared/package.json (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: lint (22)
• GitHub Check: build (22)
• GitHub Check: Analyze (javascript-typescript)

🔇 Additional comments (19)

packages/hd-transport/package.json (1)

3-3: Version bump looks good.

The version upgrade to 1.1.21-alpha.1 is correct and aligns with the monorepo-wide prerelease versioning.

packages/hd-transport-http/package.json (1)

3-3: Version and dependency updates are correct.

The package version and internal dependencies are properly aligned to 1.1.21-alpha.1.

Also applies to: 27-28

packages/shared/package.json (1)

3-3: LGTM.

The version bump to 1.1.21-alpha.1 is correct.

packages/hd-transport-web-device/package.json (1)

3-3: Version and dependency alignment looks good.

All version strings are correctly updated to 1.1.21-alpha.1, including dependencies and devDependencies.

Also applies to: 23-24, 27-27

packages/connect-examples/expo-playground/package.json (1)

3-3: Version and dependencies updated correctly.

The example package and its internal dependencies are properly aligned to 1.1.21-alpha.1.

Also applies to: 20-22

packages/hd-common-connect-sdk/package.json (1)

3-3: LGTM.

Package version and all internal dependencies are correctly updated to 1.1.21-alpha.1.

Also applies to: 23-28

packages/connect-examples/electron-example/package.json (1)

5-5: Version and dependency updates are correct.

The electron example package and its hd-transport-electron dependency are properly aligned to 1.1.21-alpha.1.

Also applies to: 25-25

packages/hd-transport-emulator/package.json (1)

3-3: LGTM.

Package version and dependencies are correctly bumped to 1.1.21-alpha.1.

Also applies to: 27-28

packages/hd-transport-lowlevel/package.json (1)

3-3: LGTM! Coordinated alpha version bump.

Version and internal dependencies updated consistently to 1.1.21-alpha.1.

Also applies to: 22-23

packages/core/package.json (1)

3-3: LGTM! Core package version aligned.

Version and dependencies bumped consistently to 1.1.21-alpha.1.

Also applies to: 28-29

packages/hd-transport-electron/package.json (1)

3-3: LGTM! Electron transport version synchronized.

All internal dependencies updated to 1.1.21-alpha.1.

Also applies to: 28-30

packages/hd-transport-react-native/package.json (1)

3-3: LGTM! React Native transport aligned.

Version and dependencies updated consistently to 1.1.21-alpha.1.

Also applies to: 22-23

packages/connect-examples/expo-example/package.json (1)

3-3: LGTM! Example app dependencies updated.

All @onekeyfe SDK dependencies bumped to 1.1.21-alpha.1.

Also applies to: 22-25

packages/hd-web-sdk/package.json (1)

3-3: LGTM! Web SDK dependencies synchronized.

Version and all transport/core dependencies updated to 1.1.21-alpha.1.

Also applies to: 24-27

packages/hd-ble-sdk/package.json (1)

3-3: LGTM! BLE SDK version coordinated.

Version and dependencies updated consistently to 1.1.21-alpha.1.

Also applies to: 23-25

packages/core/src/api/FirmwareUpdateV3.ts (4)

250-266: LGTM!

Comment is clear and concise. The zip processing logic is correct.

---

361-372: LGTM!

Clean logic. Treating '0.0.0' as "update in progress" is a sensible heuristic. The inline comment adds helpful context.

---

399-413: Good refactor. One caveat: regex still couples to message format.

The regex approach is cleaner than hardcoded message.includes(). However, if the device changes its error message format (e.g., "Updating: 50%"), this will silently break. Consider logging when message contains "update" but the regex doesn't match. This helps catch format drift early.

---

435-452: LGTM!

Solid defensive helper. Handles all common error shapes cleanly.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

packages/core/src/api/FirmwareUpdateV3.ts (1)

382-382: Typo: "firmwware" → "firmware".

Fix the spelling in the comment.

🔎 Proposed fix

-           * 1. While including 'Ble firmwware' in ble connect type
+           * 1. While including 'Ble firmware' in ble connect type

📜 Review details

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between f436a6a and 933dbbc.

📒 Files selected for processing (1)

• packages/core/src/api/FirmwareUpdateV3.ts (3 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

packages/core/src/api/FirmwareUpdateV3.ts (1)

packages/core/src/utils/index.ts (1)

• wait (40-43)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: build (22)
• GitHub Check: lint (22)
• GitHub Check: Analyze (javascript-typescript)

🔇 Additional comments (5)

packages/core/src/api/FirmwareUpdateV3.ts (5)

250-250: LGTM!

Comment is clear.

---

374-378: LGTM!

Using a dedicated extraction method is cleaner than inline string matching. Good refactor.

---

397-411: LGTM!

The regex-based extraction is robust. Centralizing this logic improves maintainability.

---

413-430: LGTM!

Good defensive handling of various error shapes. The fallback to empty string is safe.

---

390-391: Good addition to the reconnect flow.

Adding the WebUSB reauth prompt before reconnect handles browser device reauthentication properly and improves the reconnect logic.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 933dbbc and 9607f75.

📒 Files selected for processing (1)

• packages/core/src/api/firmware/FirmwareUpdateBaseMethod.ts

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: lint (22)
• GitHub Check: build (22)
• GitHub Check: Analyze (javascript-typescript)

🔇 Additional comments (3)

packages/core/src/api/firmware/FirmwareUpdateBaseMethod.ts (3)

158-158: LGTM!

Log message correctly references the internal method name.

---

458-459: LGTM!

Clearer documentation. The RebootType reference helps callers understand the parameter.

---

43-43: The flag at line 43 prevents duplicate prompts within a single firmware update, which is intentional per the method's comment. Each firmware update creates a fresh instance with the flag reset to false, so the prompt will appear in subsequent updates.

Likely an incorrect or invalid review comment.