@bytezhang/ledger-adapter 0.0.6 → 0.0.7

package/dist/index.d.mts

@@ -1,4 +1,4 @@
-import { IHardwareWallet, IConnector, TransportType, IUiHandler, DeviceInfo, Response, ChainCapability, HardwareEventMap, DeviceEventListener, EvmGetAddressParams, EvmAddress, ProgressCallback, EvmGetPublicKeyParams, EvmPublicKey, EvmSignTxParams, EvmSignedTx, EvmSignMsgParams, EvmSignature, EvmSignTypedDataParams, BtcGetAddressParams, BtcAddress, BtcGetPublicKeyParams, BtcPublicKey, BtcSignTxParams, BtcSignedTx, BtcSignMsgParams, BtcSignature, SolGetAddressParams, SolAddress, SolGetPublicKeyParams, SolPublicKey, SolSignTxParams, SolSignedTx, SolSignMsgParams, SolSignature, DeviceDescriptor, DeviceChangeEvent, HardwareErrorCode } from '@bytezhang/hardware-wallet-core';
+import { IHardwareWallet, IConnector, TransportType, IUiHandler, DeviceInfo, Response, ChainCapability, HardwareEventMap, DeviceEventListener, ChainForFingerprint, EvmGetAddressParams, EvmAddress, ProgressCallback, EvmGetPublicKeyParams, EvmPublicKey, EvmSignTxParams, EvmSignedTx, EvmSignMsgParams, EvmSignature, EvmSignTypedDataParams, BtcGetAddressParams, BtcAddress, BtcGetPublicKeyParams, BtcPublicKey, BtcSignTxParams, BtcSignedTx, BtcSignMsgParams, BtcSignature, SolGetAddressParams, SolAddress, SolGetPublicKeyParams, SolPublicKey, SolSignTxParams, SolSignedTx, SolSignMsgParams, SolSignature, DeviceDescriptor, DeviceChangeEvent, HardwareErrorCode } from '@bytezhang/hardware-wallet-core';
 
 /**
  * Ledger hardware wallet adapter that delegates to an IConnector.
@@ -34,6 +34,18 @@ declare class LedgerAdapter implements IHardwareWallet {
     off<K extends keyof HardwareEventMap>(event: K, listener: (event: HardwareEventMap[K]) => void): void;
     off(event: string, listener: DeviceEventListener): void;
     cancel(connectId: string): void;
+    getChainFingerprint(connectId: string, deviceId: string, chain: ChainForFingerprint): Promise<Response<string>>;
+    /**
+     * Verify that the connected device matches the expected fingerprint.
+     *
+     * - If deviceId is empty, verification is skipped (returns true).
+     * - deviceId is used here as the stored fingerprint to compare against.
+     */
+    private _verifyDeviceFingerprint;
+    /**
+     * Derive an address at the fixed testnet path for fingerprint generation.
+     */
+    private _deriveAddressForFingerprint;
     evmGetAddress(connectId: string, _deviceId: string, params: EvmGetAddressParams): Promise<Response<EvmAddress>>;
     evmGetAddresses(connectId: string, deviceId: string, params: EvmGetAddressParams[], onProgress?: ProgressCallback): Promise<Response<EvmAddress[]>>;
     evmGetPublicKey(connectId: string, _deviceId: string, params: EvmGetPublicKeyParams): Promise<Response<EvmPublicKey>>;
@@ -45,9 +57,7 @@ declare class LedgerAdapter implements IHardwareWallet {
     btcGetPublicKey(connectId: string, _deviceId: string, params: BtcGetPublicKeyParams): Promise<Response<BtcPublicKey>>;
     btcSignTransaction(connectId: string, _deviceId: string, params: BtcSignTxParams): Promise<Response<BtcSignedTx>>;
     btcSignMessage(_connectId: string, _deviceId: string, _params: BtcSignMsgParams): Promise<Response<BtcSignature>>;
-    btcGetMasterFingerprint(connectId: string, _deviceId: string, params?: {
-        skipOpenApp?: boolean;
-    }): Promise<Response<{
+    btcGetMasterFingerprint(connectId: string, _deviceId: string): Promise<Response<{
         masterFingerprint: string;
     }>>;
     solGetAddress(_connectId: string, _deviceId: string, _params: SolGetAddressParams): Promise<Response<SolAddress>>;
@@ -64,6 +74,7 @@ declare class LedgerAdapter implements IHardwareWallet {
      */
     private static readonly MAX_DEVICE_RETRY;
     private _deviceConnectResolve;
+    private _connectingPromise;
     private static readonly DEVICE_CONNECT_TIMEOUT_MS;
     /**
      * Wait for user to connect and unlock device.
@@ -79,6 +90,7 @@ declare class LedgerAdapter implements IHardwareWallet {
      */
     deviceConnectResponse(type: 'confirm' | 'cancel'): void;
     private ensureConnected;
+    private _doConnect;
     private _connectFirstOrSelect;
     /**
      * Call the connector with automatic session resolution and disconnect retry.

package/dist/index.d.ts

@@ -1,4 +1,4 @@
-import { IHardwareWallet, IConnector, TransportType, IUiHandler, DeviceInfo, Response, ChainCapability, HardwareEventMap, DeviceEventListener, EvmGetAddressParams, EvmAddress, ProgressCallback, EvmGetPublicKeyParams, EvmPublicKey, EvmSignTxParams, EvmSignedTx, EvmSignMsgParams, EvmSignature, EvmSignTypedDataParams, BtcGetAddressParams, BtcAddress, BtcGetPublicKeyParams, BtcPublicKey, BtcSignTxParams, BtcSignedTx, BtcSignMsgParams, BtcSignature, SolGetAddressParams, SolAddress, SolGetPublicKeyParams, SolPublicKey, SolSignTxParams, SolSignedTx, SolSignMsgParams, SolSignature, DeviceDescriptor, DeviceChangeEvent, HardwareErrorCode } from '@bytezhang/hardware-wallet-core';
+import { IHardwareWallet, IConnector, TransportType, IUiHandler, DeviceInfo, Response, ChainCapability, HardwareEventMap, DeviceEventListener, ChainForFingerprint, EvmGetAddressParams, EvmAddress, ProgressCallback, EvmGetPublicKeyParams, EvmPublicKey, EvmSignTxParams, EvmSignedTx, EvmSignMsgParams, EvmSignature, EvmSignTypedDataParams, BtcGetAddressParams, BtcAddress, BtcGetPublicKeyParams, BtcPublicKey, BtcSignTxParams, BtcSignedTx, BtcSignMsgParams, BtcSignature, SolGetAddressParams, SolAddress, SolGetPublicKeyParams, SolPublicKey, SolSignTxParams, SolSignedTx, SolSignMsgParams, SolSignature, DeviceDescriptor, DeviceChangeEvent, HardwareErrorCode } from '@bytezhang/hardware-wallet-core';
 
 /**
  * Ledger hardware wallet adapter that delegates to an IConnector.
@@ -34,6 +34,18 @@ declare class LedgerAdapter implements IHardwareWallet {
     off<K extends keyof HardwareEventMap>(event: K, listener: (event: HardwareEventMap[K]) => void): void;
     off(event: string, listener: DeviceEventListener): void;
     cancel(connectId: string): void;
+    getChainFingerprint(connectId: string, deviceId: string, chain: ChainForFingerprint): Promise<Response<string>>;
+    /**
+     * Verify that the connected device matches the expected fingerprint.
+     *
+     * - If deviceId is empty, verification is skipped (returns true).
+     * - deviceId is used here as the stored fingerprint to compare against.
+     */
+    private _verifyDeviceFingerprint;
+    /**
+     * Derive an address at the fixed testnet path for fingerprint generation.
+     */
+    private _deriveAddressForFingerprint;
     evmGetAddress(connectId: string, _deviceId: string, params: EvmGetAddressParams): Promise<Response<EvmAddress>>;
     evmGetAddresses(connectId: string, deviceId: string, params: EvmGetAddressParams[], onProgress?: ProgressCallback): Promise<Response<EvmAddress[]>>;
     evmGetPublicKey(connectId: string, _deviceId: string, params: EvmGetPublicKeyParams): Promise<Response<EvmPublicKey>>;
@@ -45,9 +57,7 @@ declare class LedgerAdapter implements IHardwareWallet {
     btcGetPublicKey(connectId: string, _deviceId: string, params: BtcGetPublicKeyParams): Promise<Response<BtcPublicKey>>;
     btcSignTransaction(connectId: string, _deviceId: string, params: BtcSignTxParams): Promise<Response<BtcSignedTx>>;
     btcSignMessage(_connectId: string, _deviceId: string, _params: BtcSignMsgParams): Promise<Response<BtcSignature>>;
-    btcGetMasterFingerprint(connectId: string, _deviceId: string, params?: {
-        skipOpenApp?: boolean;
-    }): Promise<Response<{
+    btcGetMasterFingerprint(connectId: string, _deviceId: string): Promise<Response<{
         masterFingerprint: string;
     }>>;
     solGetAddress(_connectId: string, _deviceId: string, _params: SolGetAddressParams): Promise<Response<SolAddress>>;
@@ -64,6 +74,7 @@ declare class LedgerAdapter implements IHardwareWallet {
      */
     private static readonly MAX_DEVICE_RETRY;
     private _deviceConnectResolve;
+    private _connectingPromise;
     private static readonly DEVICE_CONNECT_TIMEOUT_MS;
     /**
      * Wait for user to connect and unlock device.
@@ -79,6 +90,7 @@ declare class LedgerAdapter implements IHardwareWallet {
      */
     deviceConnectResponse(type: 'confirm' | 'cancel'): void;
     private ensureConnected;
+    private _doConnect;
     private _connectFirstOrSelect;
     /**
      * Call the connector with automatic session resolution and disconnect retry.

package/dist/index.js

@@ -169,6 +169,8 @@ var _LedgerAdapter = class _LedgerAdapter {
     this._sessions = /* @__PURE__ */ new Map();
     // Pending device-connect resolve — set by _waitForDeviceConnect, resolved by uiResponse
     this._deviceConnectResolve = null;
+    // Mutex for ensureConnected — prevents concurrent calls from establishing duplicate connections
+    this._connectingPromise = null;
     // ---------------------------------------------------------------------------
     // Event translation
     // ---------------------------------------------------------------------------
@@ -222,6 +224,8 @@ var _LedgerAdapter = class _LedgerAdapter {
   async init(_config) {
   }
   async dispose() {
+    this._deviceConnectResolve?.(true);
+    this._deviceConnectResolve = null;
     this.unregisterEventListeners();
     this.connector.reset();
     this._uiHandler = null;
@@ -293,10 +297,74 @@ var _LedgerAdapter = class _LedgerAdapter {
     void this.connector.cancel(sessionId);
   }
   // ---------------------------------------------------------------------------
+  // Chain fingerprint
+  // ---------------------------------------------------------------------------
+  async getChainFingerprint(connectId, deviceId, chain) {
+    await this._ensureDevicePermission(connectId, deviceId);
+    try {
+      const address = await this._deriveAddressForFingerprint(connectId, chain);
+      return (0, import_hardware_wallet_core2.success)((0, import_hardware_wallet_core2.deriveDeviceFingerprint)(address));
+    } catch (err) {
+      return this.errorToFailure(err);
+    }
+  }
+  /**
+   * Verify that the connected device matches the expected fingerprint.
+   *
+   * - If deviceId is empty, verification is skipped (returns true).
+   * - deviceId is used here as the stored fingerprint to compare against.
+   */
+  async _verifyDeviceFingerprint(connectId, deviceId, chain) {
+    if (!deviceId) return true;
+    try {
+      const address = await this._deriveAddressForFingerprint(connectId, chain);
+      const fingerprint = (0, import_hardware_wallet_core2.deriveDeviceFingerprint)(address);
+      return fingerprint === deviceId;
+    } catch (err) {
+      const mapped = mapLedgerError(err);
+      if (mapped.code === import_hardware_wallet_core2.HardwareErrorCode.WrongApp || mapped.code === import_hardware_wallet_core2.HardwareErrorCode.DeviceLocked) {
+        return true;
+      }
+      throw err;
+    }
+  }
+  /**
+   * Derive an address at the fixed testnet path for fingerprint generation.
+   */
+  async _deriveAddressForFingerprint(connectId, chain) {
+    const path = import_hardware_wallet_core2.CHAIN_FINGERPRINT_PATHS[chain];
+    if (chain === "evm") {
+      const result = await this.connectorCall(connectId, "evmGetAddress", {
+        path,
+        showOnDevice: false
+      });
+      return result.address;
+    }
+    if (chain === "btc") {
+      const result = await this.connectorCall(connectId, "btcGetAddress", {
+        path,
+        showOnDevice: false,
+        coin: "Testnet"
+      });
+      return result.address;
+    }
+    if (chain === "sol") {
+      const result = await this.connectorCall(connectId, "solGetAddress", {
+        path,
+        showOnDevice: false
+      });
+      return result.address;
+    }
+    throw new Error(`Unsupported chain for fingerprint: ${chain}`);
+  }
+  // ---------------------------------------------------------------------------
   // EVM methods
   // ---------------------------------------------------------------------------
   async evmGetAddress(connectId, _deviceId, params) {
     await this._ensureDevicePermission(connectId, _deviceId);
+    if (!await this._verifyDeviceFingerprint(connectId, _deviceId, "evm")) {
+      return (0, import_hardware_wallet_core2.failure)(import_hardware_wallet_core2.HardwareErrorCode.DeviceMismatch, "Wrong device connected");
+    }
     try {
       const result = await this.connectorCall(connectId, "evmGetAddress", {
         path: params.path,
@@ -320,6 +388,9 @@ var _LedgerAdapter = class _LedgerAdapter {
   }
   async evmGetPublicKey(connectId, _deviceId, params) {
     await this._ensureDevicePermission(connectId, _deviceId);
+    if (!await this._verifyDeviceFingerprint(connectId, _deviceId, "evm")) {
+      return (0, import_hardware_wallet_core2.failure)(import_hardware_wallet_core2.HardwareErrorCode.DeviceMismatch, "Wrong device connected");
+    }
     try {
       const result = await this.connectorCall(connectId, "evmGetAddress", {
         path: params.path,
@@ -335,21 +406,19 @@ var _LedgerAdapter = class _LedgerAdapter {
   }
   async evmSignTransaction(connectId, _deviceId, params) {
     await this._ensureDevicePermission(connectId, _deviceId);
+    if (!await this._verifyDeviceFingerprint(connectId, _deviceId, "evm")) {
+      return (0, import_hardware_wallet_core2.failure)(import_hardware_wallet_core2.HardwareErrorCode.DeviceMismatch, "Wrong device connected");
+    }
     try {
+      if (!params.serializedTx) {
+        return (0, import_hardware_wallet_core2.failure)(
+          import_hardware_wallet_core2.HardwareErrorCode.InvalidParams,
+          "Ledger requires a pre-serialized transaction (serializedTx). Provide an RLP-encoded hex string."
+        );
+      }
       const result = await this.connectorCall(connectId, "evmSignTransaction", {
         path: params.path,
-        transaction: {
-          to: params.to,
-          value: params.value,
-          chainId: params.chainId,
-          nonce: params.nonce,
-          gasLimit: params.gasLimit,
-          gasPrice: params.gasPrice,
-          maxFeePerGas: params.maxFeePerGas,
-          maxPriorityFeePerGas: params.maxPriorityFeePerGas,
-          accessList: params.accessList,
-          data: params.data
-        }
+        serializedTx: params.serializedTx
       });
       return (0, import_hardware_wallet_core2.success)({
         v: ensure0x(result.v),
@@ -362,6 +431,9 @@ var _LedgerAdapter = class _LedgerAdapter {
   }
   async evmSignMessage(connectId, _deviceId, params) {
     await this._ensureDevicePermission(connectId, _deviceId);
+    if (!await this._verifyDeviceFingerprint(connectId, _deviceId, "evm")) {
+      return (0, import_hardware_wallet_core2.failure)(import_hardware_wallet_core2.HardwareErrorCode.DeviceMismatch, "Wrong device connected");
+    }
     try {
       const result = await this.connectorCall(connectId, "evmSignMessage", {
         path: params.path,
@@ -376,6 +448,9 @@ var _LedgerAdapter = class _LedgerAdapter {
   }
   async evmSignTypedData(connectId, _deviceId, params) {
     await this._ensureDevicePermission(connectId, _deviceId);
+    if (!await this._verifyDeviceFingerprint(connectId, _deviceId, "evm")) {
+      return (0, import_hardware_wallet_core2.failure)(import_hardware_wallet_core2.HardwareErrorCode.DeviceMismatch, "Wrong device connected");
+    }
     if (params.mode === "hash") {
       return (0, import_hardware_wallet_core2.failure)(
         import_hardware_wallet_core2.HardwareErrorCode.MethodNotSupported,
@@ -399,6 +474,9 @@ var _LedgerAdapter = class _LedgerAdapter {
   // ---------------------------------------------------------------------------
   async btcGetAddress(connectId, _deviceId, params) {
     await this._ensureDevicePermission(connectId, _deviceId);
+    if (!await this._verifyDeviceFingerprint(connectId, _deviceId, "btc")) {
+      return (0, import_hardware_wallet_core2.failure)(import_hardware_wallet_core2.HardwareErrorCode.DeviceMismatch, "Wrong device connected");
+    }
     try {
       const result = await this.connectorCall(connectId, "btcGetAddress", {
         path: params.path,
@@ -423,6 +501,9 @@ var _LedgerAdapter = class _LedgerAdapter {
   }
   async btcGetPublicKey(connectId, _deviceId, params) {
     await this._ensureDevicePermission(connectId, _deviceId);
+    if (!await this._verifyDeviceFingerprint(connectId, _deviceId, "btc")) {
+      return (0, import_hardware_wallet_core2.failure)(import_hardware_wallet_core2.HardwareErrorCode.DeviceMismatch, "Wrong device connected");
+    }
     try {
       const result = await this.connectorCall(connectId, "btcGetPublicKey", {
         path: params.path,
@@ -443,6 +524,9 @@ var _LedgerAdapter = class _LedgerAdapter {
   }
   async btcSignTransaction(connectId, _deviceId, params) {
     await this._ensureDevicePermission(connectId, _deviceId);
+    if (!await this._verifyDeviceFingerprint(connectId, _deviceId, "btc")) {
+      return (0, import_hardware_wallet_core2.failure)(import_hardware_wallet_core2.HardwareErrorCode.DeviceMismatch, "Wrong device connected");
+    }
     if (!params.psbt) {
       return (0, import_hardware_wallet_core2.failure)(
         import_hardware_wallet_core2.HardwareErrorCode.InvalidParams,
@@ -463,12 +547,13 @@ var _LedgerAdapter = class _LedgerAdapter {
   // ---------------------------------------------------------------------------
   // Device fingerprint
   // ---------------------------------------------------------------------------
-  async btcGetMasterFingerprint(connectId, _deviceId, params) {
+  async btcGetMasterFingerprint(connectId, _deviceId) {
     await this._ensureDevicePermission(connectId, _deviceId);
+    if (!await this._verifyDeviceFingerprint(connectId, _deviceId, "btc")) {
+      return (0, import_hardware_wallet_core2.failure)(import_hardware_wallet_core2.HardwareErrorCode.DeviceMismatch, "Wrong device connected");
+    }
     try {
-      const result = await this.connectorCall(connectId, "btcGetMasterFingerprint", {
-        skipOpenApp: params?.skipOpenApp
-      });
+      const result = await this.connectorCall(connectId, "btcGetMasterFingerprint", {});
       return (0, import_hardware_wallet_core2.success)({ masterFingerprint: result.masterFingerprint });
     } catch (err) {
       return this.errorToFailure(err);
@@ -515,7 +600,10 @@ var _LedgerAdapter = class _LedgerAdapter {
         clearTimeout(timer);
         this._deviceConnectResolve = null;
         if (cancelled) {
-          reject(new Error("User cancelled Ledger connection"));
+          reject(Object.assign(
+            new Error("User cancelled Ledger connection"),
+            { _tag: "DeviceNotRecognizedError" }
+          ));
         } else {
           resolve();
         }
@@ -546,6 +634,17 @@ var _LedgerAdapter = class _LedgerAdapter {
     if (this._sessions.size > 0) {
       return this._sessions.keys().next().value;
     }
+    if (this._connectingPromise) {
+      return this._connectingPromise;
+    }
+    this._connectingPromise = this._doConnect();
+    try {
+      return await this._connectingPromise;
+    } finally {
+      this._connectingPromise = null;
+    }
+  }
+  async _doConnect() {
     for (let attempt = 0; attempt < _LedgerAdapter.MAX_DEVICE_RETRY; attempt++) {
       const devices = await this.searchDevices();
       if (devices.length > 0) {
@@ -779,7 +878,8 @@ var LedgerDeviceManager = class {
     return new Promise((resolve) => {
       let resolved = false;
       let syncResult = null;
-      const sub = this._dmk.listenToAvailableDevices().subscribe({
+      let sub = null;
+      sub = this._dmk.listenToAvailableDevices().subscribe({
         next: (devices) => {
           if (resolved) return;
           resolved = true;
@@ -787,7 +887,12 @@ var LedgerDeviceManager = class {
           for (const d of devices) {
             this._discovered.set(d.id, d);
           }
-          syncResult = devices;
+          if (sub) {
+            sub.unsubscribe();
+            resolve(devices.map((d) => ({ path: d.id, type: d.deviceModel.id })));
+          } else {
+            syncResult = devices;
+          }
         },
         error: () => {
           if (!resolved) {
@@ -799,7 +904,7 @@ var LedgerDeviceManager = class {
       if (syncResult !== null) {
         sub.unsubscribe();
         const devices = syncResult;
-        resolve(devices.map((d) => ({ path: d.id, type: d.deviceModel.name })));
+        resolve(devices.map((d) => ({ path: d.id, type: d.deviceModel.id })));
       }
     });
   }
@@ -820,7 +925,7 @@ var LedgerDeviceManager = class {
             name: d.name
           }));
           if (!previousIds.has(d.id)) {
-            onChange({ type: "device-connected", descriptor: { path: d.id, type: d.deviceModel.name } });
+            onChange({ type: "device-connected", descriptor: { path: d.id, type: d.deviceModel.id } });
           }
         }
         for (const id of previousIds) {