Skip to content

docs: signing examples & secret management docs#550

Merged
joe-p merged 27 commits intodecouplingfrom
decoupling-docs/wrapped_docs
Mar 16, 2026
Merged

docs: signing examples & secret management docs#550
joe-p merged 27 commits intodecouplingfrom
decoupling-docs/wrapped_docs

Conversation

@joe-p
Copy link
Copy Markdown
Contributor

@joe-p joe-p commented Mar 2, 2026
edited
Loading

Adds 3 examples for working with ed25518 seed, xHD extended private key, and AWS KMS.

Also includes documentation for secret management which refers to these examples.

Based on conversations with Marco, we probably want to add a utiltiy function that does the wrap/unwrap, generate ed25519 signing key, generate algorand address with signers in one call but that will be in a follow-up PR

@joe-p joe-p changed the base branch from decoupling-feat/wrapped_seed to decoupling March 2, 2026 23:56
@joe-p joe-p marked this pull request as ready for review March 2, 2026 23:56
@joe-p joe-p requested a review from Copilot March 2, 2026 23:56
@joe-p joe-p marked this pull request as draft March 3, 2026 00:02
Copilot AI reviewed Mar 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds new API for signing Algorand transactions using wrapped secrets (key-wrapping patterns), along with signing example scripts, documentation, and dependency updates. It introduces nobleEd25519SigningKeyFromWrappedSecret / ed25519SigningKeyFromWrappedSecret which can derive a public key and create a signer from a wrapped Ed25519 seed or HD extended private key. The HD account API is also refactored to return an accountGenerator closure instead of exposing peikertXHdAccountGenerator as a separate top-level function.

Changes:

  • New nobleEd25519SigningKeyFromWrappedSecret and ed25519SigningKeyFromWrappedSecret functions in packages/crypto/src/index.ts supporting both WrappedEd25519Seed and WrappedHdExtendedPrivateKey
  • Refactored HD wallet API (hd.ts): peikertXHdAccountGenerator is removed; peikertXHdWalletGenerator now returns an accountGenerator closure instead
  • New signing examples (examples/signing/) and updated documentation (docs/src/content/docs/concepts/core/secret-management.md), plus package-lock/dependency updates

Reviewed changes

Copilot reviewed 12 out of 14 changed files in this pull request and generated 12 comments.

Show a summary per file
File Description
packages/crypto/src/index.ts Core new API: nobleEd25519SigningKeyFromWrappedSecret, ed25519SigningKeyFromWrappedSecret, and internal rawSign/rawPubkey helpers for HD key signing
packages/crypto/src/ed25519.ts New Ed25519SigningKey and WrappedEd25519Seed types
packages/crypto/src/hd.ts Refactored HdWalletGenerator/HdAccountGenerator types; removed peikertXHdAccountGenerator; added WrappedHdExtendedPrivateKey type; accountGenerator now returned as closure
packages/transact/src/signer.spec.ts New tests for wrapped seed/HD key signing, error handling, zeroing, and updated HD wallet usage
examples/signing/01-ed25519-from-keyring.ts Example: sign using ed25519 seed from OS keyring
examples/signing/02-hd-from-keyring.ts Example: sign using HD extended private key from OS keyring
examples/signing/03-aws-kms.ts Example: sign using AWS KMS
examples/signing/verify-all.sh Script to run and verify all signing examples
examples/package.json Added @aws-sdk/client-kms and @napi-rs/keyring dependencies
docs/src/content/docs/concepts/core/secret-management.md New documentation page covering secret management, KMS, wrapped secrets, multisig, key rotation
docs/astro.config.mjs Registers the new documentation page in the sidebar
package-lock.json, examples/package-lock.json Dependency version updates
.nsprc Updated security advisory suppressions for updated dependencies
Files not reviewed (1)
  • examples/package-lock.json: Language not supported

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@joe-p joe-p force-pushed the decoupling-docs/wrapped_docs branch from e43f970 to ef16f71 Compare March 6, 2026 18:06
@joe-p joe-p requested a review from Copilot March 13, 2026 13:48
Copilot AI reviewed Mar 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 8 out of 9 changed files in this pull request and generated 9 comments.

Files not reviewed (1)
  • examples/package-lock.json: Language not supported

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

@joe-p
Apply suggestions from code review
464b329 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
@joe-p joe-p requested a review from Copilot March 13, 2026 15:36
Copilot AI reviewed Mar 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 8 out of 9 changed files in this pull request and generated 5 comments.

Files not reviewed (1)
  • examples/package-lock.json: Language not supported

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

joe-p and others added 4 commits March 13, 2026 11:43
@joe-p
Potential fix for pull request finding
b2257a1 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
@joe-p
docs: fix grammar
9b950fe 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
@joe-p
Merge branch 'decoupling' into decoupling-docs/wrapped_docs
208134e
@joe-p
chore: use sidebar config json
77ac1ac
@joe-p joe-p marked this pull request as ready for review March 13, 2026 15:56
@joe-p joe-p requested a review from mrcointreau March 13, 2026 15:56
mrcointreau
mrcointreau approved these changes Mar 13, 2026
View reviewed changes
Copy link
Copy Markdown

@mrcointreau mrcointreau left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pushed a couple of commits for:

  • adding signing in the sidebar config and signig examples to the astro docs
  • updating the README.md with the new signing examples
  • adding crypto package path mapping to examples/tsconfig.json
  • including signing in the top-level verify-all.sh suite list
  • adding eslint -> flatted vuln to .nsprc

LGTM

@joe-p joe-p merged commit 6c4df76 into decoupling Mar 16, 2026
3 checks passed
@engineering-ci
Copy link
Copy Markdown
Contributor

engineering-ci bot commented Mar 16, 2026

🎉 This PR is included in version 10.0.0-alpha.45 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mrcointreau mrcointreau mrcointreau approved these changes

Assignees

No one assigned

Labels

released on @decoupling

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@joe-p @mrcointreau