@cogcoin/client 0.5.15 → 1.0.0

package/dist/wallet/read/project.js

@@ -21,55 +21,20 @@ function tryDecodeUtf8(value) {
 }
 export function createWalletReadModel(walletState, snapshot) {
     const snapshotState = snapshot?.state ?? null;
-    const localIdentityByScript = new Map();
-    const identities = walletState.identities
-        .slice()
-        .sort((left, right) => left.index - right.index)
-        .map((identity) => {
-        const scriptBytes = scriptHexToBytes(identity.scriptPubKeyHex);
-        const ownedDomains = snapshotState === null
-            ? []
-            : listDomainsByOwner(snapshotState, scriptBytes).sort((left, right) => left.name.localeCompare(right.name));
-        const anchoredOwnedDomains = ownedDomains.filter((domain) => domain.anchored);
-        const canonicalDomainId = snapshotState === null ? null : resolveCanonical(snapshotState, scriptBytes);
-        const canonicalDomainName = canonicalDomainId === null || snapshotState === null
-            ? null
-            : (snapshotState ? lookupDomainById(snapshotState, canonicalDomainId)?.name ?? null : null);
-        const readOnly = identity.status === "read-only" || anchoredOwnedDomains.length > 1;
-        const observedCogBalance = snapshotState === null ? null : getBalance(snapshotState, scriptBytes);
-        const view = {
-            index: identity.index,
-            scriptPubKeyHex: identity.scriptPubKeyHex,
-            address: identity.address,
-            selectors: [
-                `id:${identity.index}`,
-                ...ownedDomains.map((domain) => `domain:${domain.name}`),
-                ...(identity.address === null ? [] : [identity.address]),
-                `spk:${identity.scriptPubKeyHex}`,
-            ],
-            assignedDomainNames: identity.assignedDomainNames.slice().sort((left, right) => left.localeCompare(right)),
-            localStatus: identity.status,
-            effectiveStatus: readOnly ? "read-only" : identity.status,
-            canonicalDomainId,
-            canonicalDomainName,
-            ownedDomainNames: ownedDomains.map((domain) => domain.name),
-            anchoredOwnedDomainNames: anchoredOwnedDomains.map((domain) => domain.name),
-            observedCogBalance,
-            readOnly,
-        };
-        localIdentityByScript.set(identity.scriptPubKeyHex, view);
-        return view;
-    });
+    const localScriptHexes = new Set([
+        walletState.funding.scriptPubKeyHex,
+        ...(walletState.localScriptPubKeyHexes ?? []),
+    ]);
+    const fundingScriptBytes = scriptHexToBytes(walletState.funding.scriptPubKeyHex);
+    const ownedDomains = snapshotState === null
+        ? []
+        : listDomainsByOwner(snapshotState, fundingScriptBytes).sort((left, right) => left.name.localeCompare(right.name));
     const domainNames = new Set();
     for (const domain of walletState.domains) {
         domainNames.add(domain.name);
     }
-    if (snapshotState !== null) {
-        for (const identity of identities) {
-            for (const name of identity.ownedDomainNames) {
-                domainNames.add(name);
-            }
-        }
+    for (const name of ownedDomains.map((domain) => domain.name)) {
+        domainNames.add(name);
     }
     const domains = [...domainNames]
         .sort((left, right) => left.localeCompare(right))
@@ -77,20 +42,14 @@ export function createWalletReadModel(walletState, snapshot) {
         const localRecord = walletState.domains.find((domain) => domain.name === name) ?? null;
         const chainRecord = snapshotState === null ? null : lookupDomain(snapshotState, name);
         const ownerScriptPubKeyHex = chainRecord ? bytesToHex(chainRecord.ownerScriptPubKey) : localRecord?.currentOwnerScriptPubKeyHex ?? null;
-        const ownerIdentity = ownerScriptPubKeyHex === null ? null : localIdentityByScript.get(ownerScriptPubKeyHex) ?? null;
+        const ownerIsLocal = ownerScriptPubKeyHex !== null && localScriptHexes.has(ownerScriptPubKeyHex);
         const fields = chainRecord && snapshotState ? listFields(snapshotState, chainRecord.domainId) : null;
         const listing = chainRecord && snapshotState ? getListing(snapshotState, chainRecord.domainId) : null;
         const activeLocks = chainRecord && snapshotState ? listActiveLocksByDomain(snapshotState, chainRecord.domainId) : null;
         const reputation = chainRecord && snapshotState ? getReputation(snapshotState, chainRecord.domainId) : null;
-        const readOnly = ownerIdentity?.readOnly ?? (localRecord?.currentOwnerLocalIndex !== null && localRecord?.currentOwnerLocalIndex !== undefined
-            ? identities.find((identity) => identity.index === localRecord.currentOwnerLocalIndex)?.readOnly ?? false
-            : false);
         let localRelationship = "external";
-        if (ownerIdentity !== null) {
-            localRelationship = readOnly ? "read-only" : "owned";
-        }
-        else if (localRecord !== null) {
-            localRelationship = "tracked";
+        if (ownerIsLocal) {
+            localRelationship = "local";
         }
         else if (ownerScriptPubKeyHex === null) {
             localRelationship = "unknown";
@@ -100,15 +59,13 @@ export function createWalletReadModel(walletState, snapshot) {
             domainId: chainRecord?.domainId ?? localRecord?.domainId ?? null,
             anchored: chainRecord?.anchored ?? (localRecord?.canonicalChainStatus === "anchored" ? true : localRecord?.canonicalChainStatus === "registered-unanchored" ? false : null),
             ownerScriptPubKeyHex,
-            ownerLocalIndex: ownerIdentity?.index ?? localRecord?.currentOwnerLocalIndex ?? null,
-            ownerAddress: ownerIdentity?.address ?? null,
+            ownerAddress: ownerScriptPubKeyHex === walletState.funding.scriptPubKeyHex ? walletState.funding.address : null,
             localTracked: localRecord !== null,
             localRecord,
             chainFound: chainRecord !== null,
             chainStatus: chainRecord === null
                 ? localRecord?.canonicalChainStatus ?? "unknown"
                 : chainRecord.anchored ? "anchored" : "registered-unanchored",
-            localAnchorIntent: localRecord?.localAnchorIntent ?? null,
             foundingMessageText: chainRecord?.foundingMessage ?? localRecord?.foundingMessageText ?? null,
             endpointText: tryDecodeUtf8(chainRecord?.endpoint),
             delegateScriptPubKeyHex: bytesToHex(chainRecord?.delegate),
@@ -120,31 +77,21 @@ export function createWalletReadModel(walletState, snapshot) {
             supportedStakeCogtoshi: reputation?.supportedStake ?? null,
             totalSupportedCogtoshi: reputation?.totalSupported ?? null,
             totalRevokedCogtoshi: reputation?.totalRevoked ?? null,
-            readOnly,
+            readOnly: false,
             localRelationship,
         };
     });
     return {
         walletRootId: walletState.walletRootId,
-        fundingIdentity: identities.find((identity) => identity.index === walletState.fundingIndex) ?? null,
-        identities,
+        walletAddress: walletState.funding.address,
+        walletScriptPubKeyHex: walletState.funding.scriptPubKeyHex,
         domains,
-        readOnlyIdentityCount: identities.filter((identity) => identity.readOnly).length,
     };
 }
-function lookupDomainById(state, domainId) {
-    for (const record of state.consensus.domainsById.values()) {
-        if (record.domainId === domainId) {
-            return { name: record.name };
-        }
-    }
-    return null;
-}
 export function listWalletLocks(context) {
     if (context.snapshot === null || context.model === null) {
         return null;
     }
-    const localScriptToIndex = new Map(context.model.identities.map((identity) => [identity.scriptPubKeyHex, identity.index]));
     const localDomainIds = new Set(context.model.domains
         .map((domain) => domain.domainId)
         .filter((domainId) => domainId !== null));
@@ -155,30 +102,32 @@ export function listWalletLocks(context) {
     const locks = [...context.snapshot.state.consensus.locks.values()]
         .filter((lock) => {
         const lockerHex = bytesToHex(lock.lockerScriptPubKey);
-        return (lockerHex !== null && localScriptToIndex.has(lockerHex)) || localDomainIds.has(lock.recipientDomainId);
+        return (lockerHex !== null && lockerHex === context.model.walletScriptPubKeyHex) || localDomainIds.has(lock.recipientDomainId);
     })
         .sort((left, right) => left.timeoutHeight - right.timeoutHeight || left.lockId - right.lockId);
     return locks.map((lock) => {
         const lockerScriptPubKeyHex = bytesToHex(lock.lockerScriptPubKey);
-        const lockerLocalIndex = lockerScriptPubKeyHex === null ? null : localScriptToIndex.get(lockerScriptPubKeyHex) ?? null;
         const recipientDomain = context.snapshot.state.consensus.domainsById.get(lock.recipientDomainId) ?? null;
         const recipientOwnerHex = recipientDomain === null ? null : bytesToHex(recipientDomain.ownerScriptPubKey);
         const claimableNow = currentHeight !== null
             && currentHeight < lock.timeoutHeight
             && recipientOwnerHex !== null
-            && localScriptToIndex.has(recipientOwnerHex);
+            && recipientOwnerHex === context.model.walletScriptPubKeyHex;
         return {
             lockId: lock.lockId,
             status: "active",
             amountCogtoshi: lock.amount,
             timeoutHeight: lock.timeoutHeight,
             lockerScriptPubKeyHex: lockerScriptPubKeyHex ?? "",
-            lockerLocalIndex,
+            lockerLocal: lockerScriptPubKeyHex === context.model.walletScriptPubKeyHex,
+            lockerLocalIndex: lockerScriptPubKeyHex === context.model.walletScriptPubKeyHex ? 0 : null,
             recipientDomainId: lock.recipientDomainId,
             recipientDomainName: domainsById.get(lock.recipientDomainId) ?? null,
             recipientLocal: localDomainIds.has(lock.recipientDomainId),
             claimableNow,
-            reclaimableNow: currentHeight !== null && currentHeight >= lock.timeoutHeight && lockerLocalIndex !== null,
+            reclaimableNow: currentHeight !== null
+                && currentHeight >= lock.timeoutHeight
+                && lockerScriptPubKeyHex === context.model.walletScriptPubKeyHex,
         };
     });
 }
@@ -201,13 +150,11 @@ export function findWalletDomain(context, name) {
                     domainId: chainDomain.domainId,
                     anchored: chainDomain.anchored,
                     ownerScriptPubKeyHex: bytesToHex(chainDomain.ownerScriptPubKey),
-                    ownerLocalIndex: null,
                     ownerAddress: null,
                     localTracked: false,
                     localRecord: null,
                     chainFound: true,
                     chainStatus: chainDomain.anchored ? "anchored" : "registered-unanchored",
-                    localAnchorIntent: null,
                     foundingMessageText: chainDomain.foundingMessage,
                     endpointText: tryDecodeUtf8(chainDomain.endpoint),
                     delegateScriptPubKeyHex: bytesToHex(chainDomain.delegate),

package/dist/wallet/read/types.d.ts

@@ -2,18 +2,19 @@ import type { IndexerState } from "@cogcoin/indexer/types";
 import type { ManagedBitcoindHealth, ManagedBitcoindObservedStatus, ManagedCoreWalletReplicaStatus, ManagedIndexerDaemonObservedStatus, ManagedIndexerTruthSource } from "../../bitcoind/types.js";
 import type { ClientTip } from "../../types.js";
 import type { MiningControlPlaneView } from "../mining/index.js";
-import type { DomainRecord as LocalDomainRecord, LocalIdentityRecord, WalletStateV1 } from "../types.js";
-export type WalletStateAvailability = "uninitialized" | "locked" | "ready" | "local-state-corrupt";
+import type { DomainRecord as LocalDomainRecord, WalletStateV1 } from "../types.js";
+import type { ClientPasswordReadiness } from "../state/client-password.js";
+export type WalletStateAvailability = "uninitialized" | "ready" | "local-state-corrupt";
 export type WalletServiceHealth = "synced" | "catching-up" | "reorging" | "starting" | "stale-heartbeat" | "failed" | "schema-mismatch" | "service-version-mismatch" | "wallet-root-mismatch" | "unavailable";
 export interface WalletLocalStateStatus {
     availability: WalletStateAvailability;
+    clientPasswordReadiness: ClientPasswordReadiness;
+    unlockRequired: boolean;
     walletRootId: string | null;
     state: WalletStateV1 | null;
     source: "primary" | "backup" | null;
-    unlockUntilUnixMs: number | null;
     hasPrimaryStateFile: boolean;
     hasBackupStateFile: boolean;
-    hasUnlockSessionFile: boolean;
     message: string | null;
 }
 export interface WalletNodeStatus {
@@ -52,33 +53,16 @@ export interface WalletSnapshotView {
     snapshotSeq?: string | null;
     openedAtUnixMs?: number | null;
 }
-export interface WalletIdentityView {
-    index: number;
-    scriptPubKeyHex: string;
-    address: string | null;
-    selectors: string[];
-    assignedDomainNames: string[];
-    localStatus: LocalIdentityRecord["status"];
-    effectiveStatus: LocalIdentityRecord["status"];
-    canonicalDomainId: number | null;
-    canonicalDomainName: string | null;
-    ownedDomainNames: string[];
-    anchoredOwnedDomainNames: string[];
-    observedCogBalance: bigint | null;
-    readOnly: boolean;
-}
 export interface WalletDomainView {
     name: string;
     domainId: number | null;
     anchored: boolean | null;
     ownerScriptPubKeyHex: string | null;
-    ownerLocalIndex: number | null;
     ownerAddress: string | null;
     localTracked: boolean;
     localRecord: LocalDomainRecord | null;
     chainFound: boolean;
     chainStatus: LocalDomainRecord["canonicalChainStatus"];
-    localAnchorIntent: LocalDomainRecord["localAnchorIntent"] | null;
     foundingMessageText: string | null;
     endpointText: string | null;
     delegateScriptPubKeyHex: string | null;
@@ -91,14 +75,13 @@ export interface WalletDomainView {
     totalSupportedCogtoshi: bigint | null;
     totalRevokedCogtoshi: bigint | null;
     readOnly: boolean;
-    localRelationship: "owned" | "read-only" | "tracked" | "external" | "unknown";
+    localRelationship: "local" | "external" | "unknown";
 }
 export interface WalletReadModel {
     walletRootId: string;
-    fundingIdentity: WalletIdentityView | null;
-    identities: WalletIdentityView[];
+    walletAddress: string | null;
+    walletScriptPubKeyHex: string;
     domains: WalletDomainView[];
-    readOnlyIdentityCount: number;
 }
 export interface WalletReadContext {
     dataDir: string;
@@ -111,6 +94,7 @@ export interface WalletReadContext {
     indexer: WalletIndexerStatus;
     snapshot: WalletSnapshotView | null;
     model: WalletReadModel | null;
+    fundingSpendableSats: bigint | null;
     mining?: MiningControlPlaneView;
     close(): Promise<void>;
 }
@@ -120,6 +104,7 @@ export interface WalletLockView {
     amountCogtoshi: bigint;
     timeoutHeight: number;
     lockerScriptPubKeyHex: string;
+    lockerLocal?: boolean;
     lockerLocalIndex: number | null;
     recipientDomainId: number;
     recipientDomainName: string | null;

package/dist/wallet/reset.d.ts

@@ -40,7 +40,6 @@ export interface WalletResetPreview {
         defaultAction: "retain-mnemonic";
         acceptedInputs: ["", "skip", "delete wallet"];
         entropyRetainingResetAvailable: boolean;
-        requiresPassphrase: boolean;
         envelopeSource: "primary" | "backup" | null;
     };
     bootstrapSnapshot: {

package/dist/wallet/reset.js

@@ -6,12 +6,13 @@ import { createRpcClient } from "../bitcoind/node.js";
 import { resolveBootstrapPathsForTesting } from "../bitcoind/bootstrap/paths.js";
 import { validateSnapshotFileForTesting } from "../bitcoind/bootstrap/snapshot-file.js";
 import { attachOrStartManagedBitcoindService, createManagedWalletReplica, } from "../bitcoind/service.js";
+import { resolveLegacyHooksRootPath } from "../app-paths.js";
 import { resolveNormalizedWalletDescriptorState } from "./descriptor-normalization.js";
 import { acquireFileLock } from "./fs/lock.js";
 import { createInternalCoreWalletPassphrase, deriveWalletIdentityMaterial, deriveWalletMaterialFromMnemonic, } from "./material.js";
 import { loadMiningRuntimeStatus } from "./mining/runtime-artifacts.js";
+import { clearLegacyWalletLockArtifacts, withUnlockedManagedCoreWallet } from "./managed-core-wallet.js";
 import { resolveWalletRuntimePathsForTesting } from "./runtime.js";
-import { loadWalletExplicitLock } from "./state/explicit-lock.js";
 import { createDefaultWalletSecretProvider, createWalletRootId, createWalletSecretReference, } from "./state/provider.js";
 import { loadWalletSeedIndex } from "./state/seed-index.js";
 import { extractWalletRootIdHintFromWalletStateEnvelope, loadRawWalletStateEnvelope, loadWalletState, saveWalletState, } from "./state/storage.js";
@@ -19,6 +20,9 @@ import { confirmTypedAcknowledgement } from "./tx/confirm.js";
 function sanitizeWalletName(walletRootId) {
     return `cogcoin-${walletRootId}`.replace(/[^a-zA-Z0-9._-]+/g, "-").slice(0, 63);
 }
+function providerUsesExternalSecretStore(provider) {
+    return provider.kind === "macos-keychain";
+}
 function isPathWithin(root, target) {
     const rel = relative(root, target);
     return rel === "" || (!rel.startsWith("..") && rel !== ".");
@@ -147,50 +151,17 @@ async function restoreStagedArtifacts(artifacts) {
         await moveFile(artifact.stagedPath, artifact.restorePath);
     }
 }
-function collectMnemonicDerivedIdentityIndices(state) {
-    const indices = new Set();
-    indices.add(state.fundingIndex);
-    for (const identity of state.identities) {
-        if (identity.status === "funding" || identity.status === "dedicated") {
-            indices.add(identity.index);
-        }
-    }
-    return [...indices].sort((left, right) => left - right);
-}
 function createEntropyRetainedWalletState(previousState, nowUnixMs) {
     const material = deriveWalletMaterialFromMnemonic(previousState.mnemonic.phrase);
     const walletRootId = createWalletRootId();
-    const preservedIndices = collectMnemonicDerivedIdentityIndices(previousState);
-    const identities = preservedIndices.map((index) => {
-        if (index === previousState.fundingIndex) {
-            return {
-                index,
-                scriptPubKeyHex: material.funding.scriptPubKeyHex,
-                address: material.funding.address,
-                status: "funding",
-                assignedDomainNames: [],
-            };
-        }
-        const identityMaterial = deriveWalletIdentityMaterial(material.keys.accountXprv, index);
-        return {
-            index,
-            scriptPubKeyHex: identityMaterial.scriptPubKeyHex,
-            address: identityMaterial.address,
-            status: "dedicated",
-            assignedDomainNames: [],
-        };
-    });
+    void deriveWalletIdentityMaterial;
     return {
-        schemaVersion: 1,
+        schemaVersion: 5,
         stateRevision: 1,
         lastWrittenAtUnixMs: nowUnixMs,
         walletRootId,
         network: previousState.network,
-        anchorValueSats: previousState.anchorValueSats,
-        proactiveReserveSats: previousState.proactiveReserveSats,
-        proactiveReserveOutpoints: previousState.proactiveReserveOutpoints,
-        nextDedicatedIndex: previousState.nextDedicatedIndex,
-        fundingIndex: previousState.fundingIndex,
+        localScriptPubKeyHexes: [material.funding.scriptPubKeyHex],
         mnemonic: {
             phrase: previousState.mnemonic.phrase,
             language: previousState.mnemonic.language,
@@ -217,13 +188,12 @@ function createEntropyRetainedWalletState(previousState, nowUnixMs) {
             walletName: sanitizeWalletName(walletRootId),
             internalPassphrase: createInternalCoreWalletPassphrase(),
             descriptorChecksum: null,
-            fundingAddress0: null,
-            fundingScriptPubKeyHex0: null,
+            walletAddress: null,
+            walletScriptPubKeyHex: null,
             proofStatus: "not-proven",
             lastImportedAtUnixMs: null,
             lastVerifiedAtUnixMs: null,
         },
-        identities,
         domains: [],
         miningState: {
             runMode: "stopped",
@@ -246,7 +216,7 @@ function createEntropyRetainedWalletState(previousState, nowUnixMs) {
             currentBlockTargetHeight: null,
             currentReferencedBlockHashDisplay: null,
             currentIntentFingerprintHex: null,
-            liveMiningFamilyInMempool: null,
+            livePublishInMempool: null,
             currentPublishDecision: null,
             replacementCount: 0,
             currentBlockFeeSpentSats: "0",
@@ -254,20 +224,6 @@ function createEntropyRetainedWalletState(previousState, nowUnixMs) {
             lifetimeFeeSpentSats: "0",
             sharedMiningConflictOutpoint: null,
         },
-        hookClientState: {
-            mining: {
-                mode: "builtin",
-                validationState: "never",
-                lastValidationAtUnixMs: null,
-                lastValidationError: null,
-                validatedLaunchFingerprint: null,
-                validatedFullFingerprint: null,
-                fullTrustWarningAcknowledgedAtUnixMs: null,
-                consecutiveFailureCount: 0,
-                cooldownUntilUnixMs: null,
-            },
-        },
-        proactiveFamilies: [],
         pendingMutations: [],
     };
 }
@@ -285,22 +241,23 @@ async function recreateManagedCoreWalletReplicaForReset(options) {
     });
     const normalizedDescriptors = await resolveNormalizedWalletDescriptorState(options.state, rpc);
     const walletName = sanitizeWalletName(options.state.walletRootId);
-    await rpc.walletPassphrase(walletName, options.state.managedCoreWallet.internalPassphrase, 10);
-    try {
-        const importResults = await rpc.importDescriptors(walletName, [{
-                desc: normalizedDescriptors.privateExternal,
-                timestamp: options.state.walletBirthTime,
-                active: false,
-                internal: false,
-                range: [0, options.state.descriptor.rangeEnd],
-            }]);
-        if (!importResults.every((result) => result.success)) {
-            throw new Error(`wallet_descriptor_import_failed_${JSON.stringify(importResults)}`);
-        }
-    }
-    finally {
-        await rpc.walletLock(walletName).catch(() => undefined);
-    }
+    await withUnlockedManagedCoreWallet({
+        rpc,
+        walletName,
+        internalPassphrase: options.state.managedCoreWallet.internalPassphrase,
+        run: async () => {
+            const importResults = await rpc.importDescriptors(walletName, [{
+                    desc: normalizedDescriptors.privateExternal,
+                    timestamp: options.state.walletBirthTime,
+                    active: false,
+                    internal: false,
+                    range: [0, options.state.descriptor.rangeEnd],
+                }]);
+            if (!importResults.every((result) => result.success)) {
+                throw new Error(`wallet_descriptor_import_failed_${JSON.stringify(importResults)}`);
+            }
+        },
+    });
     const derivedFunding = await rpc.deriveAddresses(normalizedDescriptors.publicExternal, [0, 0]);
     if (derivedFunding[0] !== options.state.funding.address) {
         throw new Error("wallet_funding_address_verification_failed");
@@ -324,8 +281,8 @@ async function recreateManagedCoreWalletReplicaForReset(options) {
             ...options.state.managedCoreWallet,
             walletName,
             descriptorChecksum: normalizedDescriptors.checksum,
-            fundingAddress0: options.state.funding.address,
-            fundingScriptPubKeyHex0: options.state.funding.scriptPubKeyHex,
+            walletAddress: options.state.funding.address,
+            walletScriptPubKeyHex: options.state.funding.scriptPubKeyHex,
             proofStatus: "ready",
             lastImportedAtUnixMs: options.nowUnixMs,
             lastVerifiedAtUnixMs: options.nowUnixMs,
@@ -337,12 +294,6 @@ async function recreateManagedCoreWalletReplicaForReset(options) {
     }, nextState, options.access);
     return nextState;
 }
-async function promptHiddenOrVisible(prompter, message) {
-    if (typeof prompter.promptHidden === "function") {
-        return await prompter.promptHidden(message);
-    }
-    return await prompter.prompt(message);
-}
 async function loadWalletForEntropyReset(options) {
     if (options.wallet.rawEnvelope === null) {
         throw new Error("reset_wallet_entropy_reset_unavailable");
@@ -366,28 +317,7 @@ async function loadWalletForEntropyReset(options) {
             throw new Error("reset_wallet_entropy_reset_unavailable");
         }
     }
-    if (options.wallet.mode !== "passphrase-wrapped") {
-        throw new Error("reset_wallet_entropy_reset_unavailable");
-    }
-    const passphrase = (await promptHiddenOrVisible(options.prompter, "Wallet-state passphrase: ")).trim();
-    if (passphrase === "") {
-        throw new Error("reset_wallet_passphrase_required");
-    }
-    try {
-        return {
-            loaded: await loadWalletState({
-                primaryPath: options.paths.walletStatePath,
-                backupPath: options.paths.walletStateBackupPath,
-            }, passphrase),
-            access: {
-                kind: "passphrase",
-                passphrase,
-            },
-        };
-    }
-    catch {
-        throw new Error("reset_wallet_access_failed");
-    }
+    throw new Error("reset_wallet_entropy_reset_unavailable");
 }
 async function collectTrackedManagedProcesses(paths) {
     const trackedProcesses = [];
@@ -478,7 +408,10 @@ function resolveBitcoindPreservingRemovedRoots(paths) {
         paths.stateRoot,
         paths.runtimeRoot,
         configRoot,
-        paths.hooksRoot,
+        resolveLegacyHooksRootPath({
+            dataRoot: paths.dataRoot,
+            clientConfigPath: paths.clientConfigPath,
+        }),
     ]);
 }
 function resolveRemovedRoots(paths, options = {
@@ -497,7 +430,6 @@ async function preflightReset(options) {
         primaryPath: options.paths.walletStatePath,
         backupPath: options.paths.walletStateBackupPath,
     });
-    const explicitLock = await loadWalletExplicitLock(options.paths.walletExplicitLockPath).catch(() => null);
     const snapshotPaths = resolveBootstrapPathsForTesting(options.dataDir, DEFAULT_SNAPSHOT_METADATA);
     const validateSnapshot = options.validateSnapshotFile
         ?? ((path) => validateSnapshotFileForTesting(path, DEFAULT_SNAPSHOT_METADATA));
@@ -537,11 +469,10 @@ async function preflightReset(options) {
                 ? (hasWalletState ? "unknown" : "unknown")
                 : rawEnvelope.envelope.secretProvider != null
                     ? "provider-backed"
-                    : "passphrase-wrapped",
+                    : "unsupported-legacy",
             envelopeSource: rawEnvelope?.source ?? null,
             secretProviderKeyId,
             importedSeedSecretProviderKeyIds,
-            explicitLock,
             rawEnvelope,
         },
         snapshot: {
@@ -634,7 +565,6 @@ async function resolveResetExecutionDecision(options) {
                 wallet: options.preflight.wallet,
                 paths: options.paths,
                 provider: options.provider,
-                prompter: options.prompter,
             });
         }
     }
@@ -707,8 +637,7 @@ export async function previewResetWallet(options) {
             ? {
                 defaultAction: "retain-mnemonic",
                 acceptedInputs: ["", "skip", "delete wallet"],
-                entropyRetainingResetAvailable: preflight.wallet.mode !== "unknown",
-                requiresPassphrase: preflight.wallet.mode === "passphrase-wrapped",
+                entropyRetainingResetAvailable: preflight.wallet.mode === "provider-backed",
                 envelopeSource: preflight.wallet.envelopeSource,
             }
             : null,
@@ -729,8 +658,9 @@ export async function previewResetWallet(options) {
                 : null,
         },
         trackedProcessKinds: preflight.trackedProcessKinds,
-        willDeleteOsSecrets: preflight.wallet.secretProviderKeyId !== null
-            || preflight.wallet.importedSeedSecretProviderKeyIds.length > 0,
+        willDeleteOsSecrets: providerUsesExternalSecretStore(provider)
+            && (preflight.wallet.secretProviderKeyId !== null
+                || preflight.wallet.importedSeedSecretProviderKeyIds.length > 0),
         removedPaths,
     };
 }
@@ -782,7 +712,6 @@ export async function resetWallet(options) {
     const failedSecretRefs = [];
     const preservedSecretRefs = [];
     let walletOldRootId = extractWalletRootIdHintFromWalletStateEnvelope(preflight.wallet.rawEnvelope?.envelope ?? null)
-        ?? preflight.wallet.explicitLock?.walletRootId
         ?? null;
     let walletNewRootId = null;
     try {
@@ -790,16 +719,12 @@ export async function resetWallet(options) {
         if (walletAction === "kept-unchanged" || walletAction === "retain-mnemonic") {
             const stagedPrimary = await stageArtifact(paths.walletStatePath, stagingRoot, "wallet/wallet-state.enc");
             const stagedBackup = await stageArtifact(paths.walletStateBackupPath, stagingRoot, "wallet/wallet-state.enc.bak");
-            const stagedExplicitLock = await stageArtifact(paths.walletExplicitLockPath, stagingRoot, "wallet/wallet-explicit-lock.json");
             if (stagedPrimary !== null) {
                 stagedWalletArtifacts.push(stagedPrimary);
             }
             if (stagedBackup !== null) {
                 stagedWalletArtifacts.push(stagedBackup);
             }
-            if (walletAction === "kept-unchanged" && stagedExplicitLock !== null) {
-                stagedWalletArtifacts.push(stagedExplicitLock);
-            }
         }
         if (snapshotResultStatus === "preserved" && isDeletedByRemovalPlan(removedPaths, preflight.snapshot.path)) {
             const stagedSnapshot = await stageArtifact(preflight.snapshot.path, stagingRoot, "snapshot/utxo-910000.dat");
@@ -823,28 +748,18 @@ export async function resetWallet(options) {
             let nextState = createEntropyRetainedWalletState(decision.loadedWalletForEntropyReset.loaded.state, nowUnixMs);
             walletOldRootId = decision.loadedWalletForEntropyReset.loaded.state.walletRootId;
             walletNewRootId = nextState.walletRootId;
-            let nextAccess;
-            if (decision.loadedWalletForEntropyReset.access.kind === "provider") {
-                const secretReference = createWalletSecretReference(nextState.walletRootId);
-                newProviderKeyId = secretReference.keyId;
-                await provider.storeSecret(secretReference.keyId, randomBytes(32));
-                nextAccess = {
-                    provider,
-                    secretReference,
-                };
-                await saveWalletState({
-                    primaryPath: paths.walletStatePath,
-                    backupPath: paths.walletStateBackupPath,
-                }, nextState, nextAccess);
-                preservedSecretRefs.push(secretReference.keyId);
-            }
-            else {
-                nextAccess = decision.loadedWalletForEntropyReset.access.passphrase;
-                await saveWalletState({
-                    primaryPath: paths.walletStatePath,
-                    backupPath: paths.walletStateBackupPath,
-                }, nextState, nextAccess);
-            }
+            const secretReference = createWalletSecretReference(nextState.walletRootId);
+            newProviderKeyId = secretReference.keyId;
+            await provider.storeSecret(secretReference.keyId, randomBytes(32));
+            const nextAccess = {
+                provider,
+                secretReference,
+            };
+            await saveWalletState({
+                primaryPath: paths.walletStatePath,
+                backupPath: paths.walletStateBackupPath,
+            }, nextState, nextAccess);
+            preservedSecretRefs.push(secretReference.keyId);
             nextState = await recreateManagedCoreWalletReplicaForReset({
                 state: nextState,
                 access: nextAccess,
@@ -892,12 +807,19 @@ export async function resetWallet(options) {
         else if (deletedSecretRefs.length > 0) {
             secretCleanupStatus = "deleted";
         }
-        else if (preflight.wallet.secretProviderKeyId === null
+        else if (providerUsesExternalSecretStore(provider)
+            && preflight.wallet.secretProviderKeyId === null
             && preflight.wallet.importedSeedSecretProviderKeyIds.length === 0
             && preflight.wallet.present
             && preflight.wallet.rawEnvelope === null) {
             secretCleanupStatus = "unknown";
         }
+        else if (preflight.wallet.secretProviderKeyId === null
+            && preflight.wallet.importedSeedSecretProviderKeyIds.length === 0
+            && preflight.wallet.present
+            && preflight.wallet.rawEnvelope === null) {
+            secretCleanupStatus = "not-found";
+        }
         else if (deletedSecretRefs.length === 0) {
             secretCleanupStatus = "not-found";
         }