@onekeyfe/hwk-adapter-core 1.1.26 → 1.1.27-alpha.100

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.d.mts CHANGED
@@ -40,6 +40,8 @@ declare enum HardwareErrorCode {
40
40
  DeviceAppStuck = 10107,
41
41
  /** Vendor (Ledger / Trezor) doesn't support the chain at all. */
42
42
  ChainNotSupported = 10108,
43
+ /** Current operation supports only one connected device. */
44
+ DeviceOneDeviceOnly = 10109,
43
45
  FirmwareTooOld = 10200,
44
46
  FirmwareUpdateRequired = 10201,
45
47
  TransportError = 10300,
@@ -59,14 +61,32 @@ declare enum HardwareErrorCode {
59
61
  * (generic) and from DeviceLocked (Secure Element actually locked).
60
62
  */
61
63
  BlePairingTimeout = 10304,
64
+ /**
65
+ * Host-managed pairing handshake failed (Trezor THP). The device rejected the
66
+ * pairing exchange — e.g. CodeEntry: the user mistyped the code shown on the
67
+ * device, so the CPace tag didn't match ("Unexpected Code Entry Tag").
68
+ * Recoverable: the user re-pairs and re-enters the code. Distinct from
69
+ * BlePairingTimeout (BLE SMP bonding window) and UserRejected (on-device
70
+ * reject button).
71
+ */
72
+ ThpPairingFailed = 10305,
62
73
  PinInvalid = 10400,
63
74
  PinCancelled = 10401,
64
75
  PassphraseRejected = 10402,
76
+ /**
77
+ * The passphrase entered produced a different wallet (master fingerprint /
78
+ * passphraseState) than the one the caller asked to operate on. Trezor-only:
79
+ * the host pins a wallet by its XFP and the SDK refuses to sign with a
80
+ * mismatched passphrase session. Surfaced by TrezorAdapter.getPassphraseState.
81
+ */
82
+ PassphraseStateMismatch = 10403,
65
83
  /** Chain app NOT INSTALLED on device. User must install via Ledger Live. */
66
84
  AppNotInstalled = 10500,
67
85
  WrongApp = 10501,
68
86
  /** 0x911c Command code not supported — app predates current SDK. */
69
87
  AppTooOld = 10502,
88
+ /** Not enough free storage for install/update; user must uninstall apps first. */
89
+ DeviceOutOfMemory = 10503,
70
90
  /** 0x6a80 Invalid data — observed on blindSignTransactionFallback when the
71
91
  * user has not enabled Blind signing on the device. */
72
92
  EvmBlindSigningRequired = 11000,
@@ -159,13 +179,38 @@ interface DeviceInfo {
159
179
  serialNumber?: string;
160
180
  /** Device capabilities — varies by vendor, model, and connection type */
161
181
  capabilities?: DeviceCapabilities;
182
+ /**
183
+ * Vendor-specific raw payload from the post-handshake `Features` (Trezor)
184
+ * or device-info call. Populated by the connector with `{ transport,
185
+ * descriptor, features }` so the app layer can read fields we haven't
186
+ * promoted to the typed surface yet. Treat as informational — promote
187
+ * any consumed field above.
188
+ */
189
+ raw?: Record<string, unknown>;
162
190
  }
163
191
  interface DeviceTarget {
164
192
  connectId: string;
165
193
  deviceId: string;
166
194
  }
167
195
 
168
- interface EvmGetAddressParams {
196
+ /**
197
+ * Mixin for chain-operation params that can be pinned to a specific passphrase
198
+ * wallet.
199
+ *
200
+ * Trezor-only. `passphraseState` is the wallet's master fingerprint (XFP, 8 hex
201
+ * chars) — the same value `btcGetMasterFingerprint` returns and the host gets
202
+ * back from `getPassphraseState`. When present, the adapter aligns (selects or
203
+ * recreates+verifies) the matching THP application session before issuing the
204
+ * call, so the address/signature comes from the intended passphrase wallet.
205
+ *
206
+ * Ledger has no equivalent and ignores the field — it never reaches the
207
+ * protobuf layer (the adapter strips it before forwarding to the connector).
208
+ */
209
+ interface PassphraseStateAware {
210
+ passphraseState?: string;
211
+ }
212
+
213
+ interface EvmGetAddressParams extends PassphraseStateAware {
169
214
  path: string;
170
215
  showOnDevice?: boolean;
171
216
  chainId?: number;
@@ -176,7 +221,7 @@ interface EvmAddress {
176
221
  /** Device-reported secp256k1 public key; populated when the transport exposes it. */
177
222
  publicKey?: string;
178
223
  }
179
- interface EvmSignTxParams {
224
+ interface EvmSignTxParams extends PassphraseStateAware {
180
225
  path: string;
181
226
  /**
182
227
  * RLP-serialized transaction hex (0x-prefixed or plain).
@@ -208,13 +253,13 @@ interface EvmSignedTx {
208
253
  s: string;
209
254
  serializedTx?: string;
210
255
  }
211
- interface EvmSignMsgParams {
256
+ interface EvmSignMsgParams extends PassphraseStateAware {
212
257
  path: string;
213
258
  message: string;
214
259
  hex?: boolean;
215
260
  }
216
261
  type EvmSignTypedDataParams = EvmSignTypedDataFull | EvmSignTypedDataHash;
217
- interface EvmSignTypedDataFull {
262
+ interface EvmSignTypedDataFull extends PassphraseStateAware {
218
263
  path: string;
219
264
  /** Defaults to `'full'` when omitted. */
220
265
  mode?: 'full';
@@ -229,7 +274,7 @@ interface EvmSignTypedDataFull {
229
274
  };
230
275
  metamaskV4Compat?: boolean;
231
276
  }
232
- interface EvmSignTypedDataHash {
277
+ interface EvmSignTypedDataHash extends PassphraseStateAware {
233
278
  path: string;
234
279
  mode: 'hash';
235
280
  domainSeparatorHash: string;
@@ -255,7 +300,7 @@ interface IEvmMethods {
255
300
  evmSignTypedData(connectId: string, deviceId: string, params: EvmSignTypedDataParams): Promise<Response<EvmSignature>>;
256
301
  }
257
302
 
258
- interface BtcGetAddressParams {
303
+ interface BtcGetAddressParams extends PassphraseStateAware {
259
304
  path: string;
260
305
  coin?: string;
261
306
  showOnDevice?: boolean;
@@ -267,7 +312,7 @@ interface BtcAddress {
267
312
  address: string;
268
313
  path: string;
269
314
  }
270
- interface BtcGetPublicKeyParams {
315
+ interface BtcGetPublicKeyParams extends PassphraseStateAware {
271
316
  path: string;
272
317
  coin?: string;
273
318
  showOnDevice?: boolean;
@@ -281,7 +326,7 @@ interface BtcPublicKey {
281
326
  path: string;
282
327
  depth: number;
283
328
  }
284
- interface BtcSignTxParams {
329
+ interface BtcSignTxParams extends PassphraseStateAware {
285
330
  psbt?: string;
286
331
  inputs?: BtcTxInput[];
287
332
  outputs?: BtcTxOutput[];
@@ -327,7 +372,7 @@ interface BtcSignedTx {
327
372
  signatures?: string[];
328
373
  txid?: string;
329
374
  }
330
- interface BtcSignPsbtParams {
375
+ interface BtcSignPsbtParams extends PassphraseStateAware {
331
376
  psbt: string;
332
377
  coin?: string;
333
378
  /** Account-level derivation path (e.g. "84'/0'/0'") for wallet template. */
@@ -336,7 +381,7 @@ interface BtcSignPsbtParams {
336
381
  interface BtcSignedPsbt {
337
382
  signedPsbt: string;
338
383
  }
339
- interface BtcSignMsgParams {
384
+ interface BtcSignMsgParams extends PassphraseStateAware {
340
385
  path: string;
341
386
  message: string;
342
387
  coin?: string;
@@ -357,7 +402,7 @@ interface IBtcMethods {
357
402
  }>>;
358
403
  }
359
404
 
360
- interface SolGetAddressParams {
405
+ interface SolGetAddressParams extends PassphraseStateAware {
361
406
  path: string;
362
407
  showOnDevice?: boolean;
363
408
  }
@@ -366,7 +411,7 @@ interface SolAddress {
366
411
  address: string;
367
412
  path: string;
368
413
  }
369
- interface SolSignTxParams {
414
+ interface SolSignTxParams extends PassphraseStateAware {
370
415
  path: string;
371
416
  /** Hex-encoded serialized transaction bytes (no 0x prefix) */
372
417
  serializedTx: string;
@@ -383,7 +428,7 @@ interface SolSignedTx {
383
428
  /** Hex-encoded Ed25519 signature (no 0x prefix) */
384
429
  signature: string;
385
430
  }
386
- interface SolSignMsgParams {
431
+ interface SolSignMsgParams extends PassphraseStateAware {
387
432
  path: string;
388
433
  /** Message bytes as hex string (no 0x prefix) */
389
434
  message: string;
@@ -398,7 +443,7 @@ interface ISolMethods {
398
443
  solSignMessage(connectId: string, deviceId: string, params: SolSignMsgParams): Promise<Response<SolSignature>>;
399
444
  }
400
445
 
401
- interface TronGetAddressParams {
446
+ interface TronGetAddressParams extends PassphraseStateAware {
402
447
  path: string;
403
448
  showOnDevice?: boolean;
404
449
  }
@@ -407,16 +452,110 @@ interface TronAddress {
407
452
  address: string;
408
453
  path: string;
409
454
  }
410
- interface TronSignTxParams {
455
+ /** TRON network resource, used by freeze/unfreeze contracts. */
456
+ type TronResource = 'BANDWIDTH' | 'ENERGY';
457
+ interface TronTransferContract {
458
+ /**
459
+ * Recipient address as hex, 0x41-prefixed (`41` + 20-byte hash, 42 hex chars).
460
+ * A leading `0x` is tolerated. Base58 (`T...`) is NOT accepted — convert first.
461
+ */
462
+ toAddress: string;
463
+ /** Amount in sun (1 TRX = 1e6 sun). */
464
+ amount: string | number;
465
+ }
466
+ interface TronTriggerSmartContract {
467
+ /** Smart-contract address, hex 0x41-prefixed. */
468
+ contractAddress: string;
469
+ /** ABI-encoded call data, hex (with or without `0x`). */
470
+ data: string;
471
+ }
472
+ interface TronFreezeBalanceV2Contract {
473
+ /** Amount to freeze, in sun. */
474
+ balance: number;
475
+ resource?: TronResource;
476
+ }
477
+ interface TronUnfreezeBalanceV2Contract {
478
+ /** Amount to unfreeze, in sun. */
479
+ balance: number;
480
+ resource?: TronResource;
481
+ }
482
+ interface TronVote {
483
+ /** Witness (SR) address, hex 0x41-prefixed. */
484
+ voteAddress: string;
485
+ voteCount: number;
486
+ }
487
+ interface TronVoteWitnessContract {
488
+ votes: TronVote[];
489
+ }
490
+ /** Withdraw-expired-unfreeze carries no fields beyond the implicit owner. */
491
+ type TronWithdrawExpireUnfreezeContract = Record<string, never>;
492
+ /**
493
+ * Exactly one field must be set — mirrors OneKey's `TronTransactionContract`.
494
+ * Only the six contract types Trezor firmware/protobuf supports are exposed.
495
+ */
496
+ interface TronContract {
497
+ transferContract?: TronTransferContract;
498
+ triggerSmartContract?: TronTriggerSmartContract;
499
+ freezeBalanceV2Contract?: TronFreezeBalanceV2Contract;
500
+ unfreezeBalanceV2Contract?: TronUnfreezeBalanceV2Contract;
501
+ voteWitnessContract?: TronVoteWitnessContract;
502
+ withdrawExpireUnfreezeContract?: TronWithdrawExpireUnfreezeContract;
503
+ }
504
+ /**
505
+ * Cross-vendor TRON sign params. Adapters consume different shapes:
506
+ *
507
+ * - **Ledger** signs the serialized transaction directly → needs `rawTxHex`.
508
+ * - **Trezor** runs a two-step contract flow → needs the structured fields
509
+ * (`ownerAddress` + `refBlock*` + `contract` …), mirroring OneKey hd-core.
510
+ *
511
+ * Both groups are optional at the type level; provide whichever your target
512
+ * vendor needs (or both for a vendor-agnostic call). Each adapter validates the
513
+ * fields it requires at runtime and ignores the rest — neither re-decodes the
514
+ * other's representation.
515
+ */
516
+ interface TronSignTxParams extends PassphraseStateAware {
411
517
  path: string;
412
- /** Protobuf-encoded raw transaction hex (no 0x prefix) */
413
- rawTxHex: string;
518
+ /**
519
+ * Protobuf-encoded raw TRON transaction, hex (with or without `0x`).
520
+ * Consumed by Ledger; ignored by Trezor.
521
+ */
522
+ rawTxHex?: string;
523
+ /**
524
+ * The signer's own TRON address, hex 0x41-prefixed. Required by Trezor
525
+ * (its contract messages carry an explicit `owner_address`); Ledger derives
526
+ * it from `rawTxHex`.
527
+ */
528
+ ownerAddress?: string;
529
+ /** Last 2 bytes of the reference block height, hex (4 chars). Trezor. */
530
+ refBlockBytes?: string;
531
+ /** Middle 8 bytes of the reference block hash, hex (16 chars). Trezor. */
532
+ refBlockHash?: string;
533
+ /** Expiration timestamp, milliseconds. Trezor. */
534
+ expiration?: number;
535
+ /** Transaction timestamp, milliseconds. Trezor. */
536
+ timestamp?: number;
537
+ /** Energy fee cap in sun (TriggerSmartContract only). Trezor. */
538
+ feeLimit?: number;
539
+ /** Optional memo/data, hex (with or without `0x`). Trezor. */
540
+ data?: string;
541
+ /** Exactly one contract — required by Trezor. */
542
+ contract?: TronContract;
414
543
  }
415
544
  interface TronSignedTx {
416
545
  /** 65-byte hex-encoded signature (no 0x prefix) */
417
546
  signature: string;
547
+ /**
548
+ * The transaction's `raw_data`, re-encoded host-side from the structured
549
+ * fields the device signed (hex, no prefix). The signature covers exactly
550
+ * this serialization, so callers should broadcast THIS rather than a
551
+ * pre-existing raw_data blob. Present only for contract types the host can
552
+ * re-encode (transfer / triggerSmart); `undefined` otherwise — callers then
553
+ * fall back to their own raw_data, which for single-contract txs is identical.
554
+ * Mirrors trezor-suite's serializedTx and OneKey's `serialized_tx`.
555
+ */
556
+ serializedTx?: string;
418
557
  }
419
- interface TronSignMsgParams {
558
+ interface TronSignMsgParams extends PassphraseStateAware {
420
559
  path: string;
421
560
  /** Message hex (no 0x prefix) */
422
561
  messageHex: string;
@@ -465,6 +604,17 @@ declare const DEVICE: {
465
604
  readonly CONNECT: "device-connect";
466
605
  readonly DISCONNECT: "device-disconnect";
467
606
  readonly CHANGED: "device-changed";
607
+ /**
608
+ * Trezor-only. Emitted after a successful THP handshake that minted or
609
+ * refreshed pairing credentials. The host should persist `credentials`
610
+ * keyed by `deviceId` and feed them back into the connector on the next
611
+ * connect to skip the CodeEntry/QrCode/NFC pairing UX.
612
+ *
613
+ * The `TREZOR_` prefix mirrors `UI_REQUEST.REQUEST_TREZOR_THP_PAIRING` —
614
+ * vendor-specific events live in the shared event taxonomy but are named
615
+ * so hosts can ignore them when they don't drive Trezor hardware.
616
+ */
617
+ readonly TREZOR_THP_CREDENTIALS_CHANGED: "device-trezor-thp-credentials-changed";
468
618
  };
469
619
 
470
620
  declare const UI_EVENT = "UI_EVENT";
@@ -479,6 +629,8 @@ declare const UI_REQUEST: {
479
629
  readonly REQUEST_SELECT_DEVICE: "ui-request-select-device";
480
630
  readonly REQUEST_DEVICE_CONNECT: "ui-request-device-connect";
481
631
  readonly REQUEST_BTC_HIGH_INDEX_CONFIRM: "ui-request-btc-high-index-confirm";
632
+ readonly REQUEST_PREEMPTION: "ui-request-preemption";
633
+ readonly REQUEST_TREZOR_THP_PAIRING: "ui-request-trezor-thp-pairing";
482
634
  readonly CLOSE_UI_WINDOW: "ui-close";
483
635
  readonly DEVICE_PROGRESS: "ui-device_progress";
484
636
  readonly FIRMWARE_PROGRESS: "ui-firmware-progress";
@@ -493,6 +645,8 @@ declare const UI_RESPONSE: {
493
645
  readonly RECEIVE_DEVICE_CONNECT: "receive-device-connect";
494
646
  readonly RECEIVE_DEVICE_PERMISSION: "receive-device-permission";
495
647
  readonly RECEIVE_BTC_HIGH_INDEX_CONFIRM: "receive-btc-high-index-confirm";
648
+ readonly RECEIVE_PREEMPTION: "receive-preemption";
649
+ readonly RECEIVE_TREZOR_THP_PAIRING: "receive-trezor-thp-pairing";
496
650
  readonly CANCEL: "cancel";
497
651
  };
498
652
  type DevicePermissionDeniedReason = 'bluetoothTurnedOff' | 'permissionDenied' | (string & Record<never, never>);
@@ -535,6 +689,12 @@ type UiResponseEvent = {
535
689
  payload: {
536
690
  confirmed: boolean;
537
691
  };
692
+ } | {
693
+ type: typeof UI_RESPONSE.RECEIVE_TREZOR_THP_PAIRING;
694
+ payload: {
695
+ selectedMethod?: number | string;
696
+ tag?: string;
697
+ };
538
698
  } | {
539
699
  type: typeof UI_RESPONSE.CANCEL;
540
700
  payload?: undefined;
@@ -556,6 +716,15 @@ interface ConnectorDevice {
556
716
  connectId: string;
557
717
  deviceId: string;
558
718
  name: string;
719
+ /**
720
+ * Physical transport this device was discovered on. Mirrors Trezor
721
+ * Connect's `descriptor.apiType` — when several transports are fused behind
722
+ * one connector (see `createCombinedConnector`), the merged device list
723
+ * carries this so the host can tell a USB entry from a BLE one and route
724
+ * `connect()` back to the owning transport. Single-transport connectors may
725
+ * leave it undefined.
726
+ */
727
+ connectionType?: ConnectionType;
559
728
  /** Machine model id (e.g. "nanoX"). */
560
729
  model?: string;
561
730
  /** Human-readable model name (e.g. "Ledger Nano X"). */
@@ -568,12 +737,19 @@ interface ConnectorDevice {
568
737
  serialNumber?: string;
569
738
  /** Device capabilities — available from scan time */
570
739
  capabilities?: DeviceCapabilities;
740
+ /**
741
+ * Vendor-specific raw blob from the transport descriptor (USB / BLE).
742
+ * Populated by `descriptorToConnectorDevice` in each connector. Treat as
743
+ * informational; promote any field consumed by the app layer onto the
744
+ * typed surface above.
745
+ */
746
+ raw?: Record<string, unknown>;
571
747
  }
572
748
  interface ConnectorSession {
573
749
  sessionId: string;
574
750
  deviceInfo: DeviceInfo;
575
751
  }
576
- type ConnectorEventType = 'device-connect' | 'device-disconnect' | 'ui-request' | 'ui-event';
752
+ type ConnectorEventType = 'device-connect' | 'device-disconnect' | 'device-trezor-thp-credentials-changed' | 'ui-request' | 'ui-event' | 'app-install-progress';
577
753
  /**
578
754
  * Interaction event types emitted via 'ui-event'.
579
755
  * These map to user-facing prompts (confirm on device, open app, etc.).
@@ -623,11 +799,21 @@ interface ConnectorEventMap {
623
799
  'device-disconnect': {
624
800
  connectId: string;
625
801
  };
802
+ 'device-trezor-thp-credentials-changed': {
803
+ connectId: string;
804
+ deviceId?: string;
805
+ credentials: Record<string, unknown>[];
806
+ };
626
807
  'ui-request': {
627
808
  type: string;
628
809
  payload?: unknown;
629
810
  };
630
811
  'ui-event': ConnectorUiEvent;
812
+ 'app-install-progress': {
813
+ sessionId: string;
814
+ appName: string;
815
+ progress: number;
816
+ };
631
817
  }
632
818
  interface IConnector {
633
819
  /** Physical connection type this connector uses. Fixed at construction. */
@@ -642,6 +828,7 @@ interface IConnector {
642
828
  on<K extends ConnectorEventType>(event: K, handler: (data: ConnectorEventMap[K]) => void): void;
643
829
  off<K extends ConnectorEventType>(event: K, handler: (data: ConnectorEventMap[K]) => void): void;
644
830
  reset(): void;
831
+ setKnownCredentials?(credentials: unknown[]): void;
645
832
  }
646
833
  interface IHardwareBridge {
647
834
  searchDevices(params: {
@@ -686,6 +873,15 @@ interface IHardwareBridge {
686
873
  type: ConnectorEventType;
687
874
  data: unknown;
688
875
  }) => void): void;
876
+ /**
877
+ * Warm-load vendor-specific persisted credentials. Currently only Trezor
878
+ * uses this (THP `knownCredentials`); the bridge implementation can
879
+ * dispatch on `vendor` and route to the right connector instance.
880
+ */
881
+ setKnownCredentials?(params: {
882
+ vendor: VendorType;
883
+ credentials: unknown[];
884
+ }): Promise<void> | void;
689
885
  }
690
886
  /**
691
887
  * Adapt an IHardwareBridge (multi-vendor backend) into a single-vendor IConnector.
@@ -696,6 +892,29 @@ interface IHardwareBridge {
696
892
  * (Electron main, extension background, native module, worker, iframe).
697
893
  */
698
894
  declare function createBridgedConnector(vendor: VendorType, connectionType: ConnectionType, bridge: IHardwareBridge): IConnector;
895
+ /**
896
+ * Fuse several single-transport IConnectors (e.g. WebUSB + BLE for one
897
+ * vendor) into one IConnector whose device list is the union of all of them.
898
+ *
899
+ * This mirrors how Trezor Connect's `DeviceList` keeps one `TransportManager`
900
+ * per `apiType` running concurrently and merges their devices into a single
901
+ * list: there is no "switch" between transports — both are always live, and
902
+ * each discovered device carries its `connectionType` so the host knows which
903
+ * channel it came in on. `connect()` routes back to the transport that owns
904
+ * the chosen device; later calls route by `sessionId`.
905
+ *
906
+ * Notes / current limitations:
907
+ * - `searchDevices()` fans out concurrently; a transport that throws while
908
+ * scanning is treated as "no devices" so a dead/absent channel never sinks
909
+ * the others.
910
+ * - USB entries sort ahead of BLE ones (Trezor's `getPrioritizedDevices`).
911
+ * - The same physical device reachable on two transports surfaces as two
912
+ * entries with different `connectId`s — we do NOT dedup, so the host can
913
+ * present (or pick) a channel explicitly.
914
+ * - `uiResponse()` carries no sessionId, so it is broadcast to every child;
915
+ * a child with no matching pending request ignores it.
916
+ */
917
+ declare function createCombinedConnector(connectors: IConnector[]): IConnector;
699
918
 
700
919
  type ChainCapability = 'evm' | 'btc' | 'sol' | 'tron';
701
920
  interface PassphraseResponse {
@@ -714,11 +933,20 @@ type DeviceEvent = {
714
933
  } | {
715
934
  type: typeof DEVICE.CHANGED;
716
935
  payload: DeviceInfo;
936
+ } | {
937
+ type: typeof DEVICE.TREZOR_THP_CREDENTIALS_CHANGED;
938
+ payload: {
939
+ connectId: string;
940
+ deviceId?: string;
941
+ credentials: Record<string, unknown>[];
942
+ };
717
943
  };
718
944
  type UiRequestEvent = {
719
945
  type: typeof UI_REQUEST.REQUEST_PIN;
720
946
  payload: {
721
- device: DeviceInfo;
947
+ device?: DeviceInfo;
948
+ connectId?: string;
949
+ type?: string;
722
950
  };
723
951
  } | {
724
952
  type: typeof UI_REQUEST.REQUEST_PASSPHRASE;
@@ -779,6 +1007,14 @@ type UiRequestEvent = {
779
1007
  */
780
1008
  message: string;
781
1009
  };
1010
+ } | {
1011
+ type: typeof UI_REQUEST.REQUEST_TREZOR_THP_PAIRING;
1012
+ payload: {
1013
+ connectId: string;
1014
+ availableMethods: number[];
1015
+ selectedMethod: number;
1016
+ nfcData?: string;
1017
+ };
782
1018
  } | {
783
1019
  type: typeof UI_REQUEST.CLOSE_UI_WINDOW;
784
1020
  payload: Record<string, never>;
@@ -815,6 +1051,14 @@ type DeviceEventListener = (event: HardwareEvent) => void;
815
1051
  */
816
1052
  interface HardwareEventMap {
817
1053
  'ui-event': ConnectorUiEvent;
1054
+ 'app-install-progress': {
1055
+ type: 'app-install-progress';
1056
+ payload: {
1057
+ connectId: string;
1058
+ appName: string;
1059
+ progress: number;
1060
+ };
1061
+ };
818
1062
  [DEVICE.CONNECT]: {
819
1063
  type: typeof DEVICE.CONNECT;
820
1064
  payload: DeviceInfo;
@@ -829,10 +1073,20 @@ interface HardwareEventMap {
829
1073
  type: typeof DEVICE.CHANGED;
830
1074
  payload: DeviceInfo;
831
1075
  };
1076
+ [DEVICE.TREZOR_THP_CREDENTIALS_CHANGED]: {
1077
+ type: typeof DEVICE.TREZOR_THP_CREDENTIALS_CHANGED;
1078
+ payload: {
1079
+ connectId: string;
1080
+ deviceId?: string;
1081
+ credentials: Record<string, unknown>[];
1082
+ };
1083
+ };
832
1084
  [UI_REQUEST.REQUEST_PIN]: {
833
1085
  type: typeof UI_REQUEST.REQUEST_PIN;
834
1086
  payload: {
835
- device: DeviceInfo;
1087
+ device?: DeviceInfo;
1088
+ connectId?: string;
1089
+ type?: string;
836
1090
  };
837
1091
  };
838
1092
  [UI_REQUEST.REQUEST_PASSPHRASE]: {
@@ -897,6 +1151,15 @@ interface HardwareEventMap {
897
1151
  accountIndex: number;
898
1152
  };
899
1153
  };
1154
+ [UI_REQUEST.REQUEST_TREZOR_THP_PAIRING]: {
1155
+ type: typeof UI_REQUEST.REQUEST_TREZOR_THP_PAIRING;
1156
+ payload: {
1157
+ connectId: string;
1158
+ availableMethods: number[];
1159
+ selectedMethod: number;
1160
+ nfcData?: string;
1161
+ };
1162
+ };
900
1163
  [UI_REQUEST.CLOSE_UI_WINDOW]: {
901
1164
  type: typeof UI_REQUEST.CLOSE_UI_WINDOW;
902
1165
  payload: Record<string, never>;
@@ -953,6 +1216,28 @@ interface IHardwareWallet<TConfig = unknown> extends IEvmMethods, IBtcMethods, I
953
1216
  * especially for vendors with ephemeral connectId/deviceId.
954
1217
  */
955
1218
  getChainFingerprint(connectId: string, deviceId: string, chain: ChainForFingerprint): Promise<Response<string>>;
1219
+ /**
1220
+ * Resolve the device's active passphrase wallet identity (master fingerprint
1221
+ * / `passphraseState`). Two modes:
1222
+ *
1223
+ * - **Discover** (no `passphraseState`): for a **standard wallet** (passphrase
1224
+ * protection off) returns `null` — there's one wallet, nothing to pin, and
1225
+ * no session/prompt happens. For a **passphrase wallet** it creates a fresh
1226
+ * session (prompts the user), derives its XFP, and returns it so the host
1227
+ * can persist the wallet. Mirrors OneKey's null-for-standard convention.
1228
+ * - **Verify** (`passphraseState` given): align the device to that wallet and
1229
+ * confirm the derived XFP matches. Fails with `PassphraseStateMismatch`
1230
+ * when the entered passphrase yields a different wallet.
1231
+ *
1232
+ * SECURITY: every wallet-bound op that carries a `passphraseState` (getAddress,
1233
+ * sign, …) re-derives and confirms the XFP — the session cache only saves
1234
+ * re-entering the passphrase, never the verification. Standard wallets pass no
1235
+ * `passphraseState`, so they're never pinned or verified.
1236
+ *
1237
+ * Optional: vendors without host-managed passphrase sessions (Ledger) omit
1238
+ * it. Implemented by `TrezorAdapter`.
1239
+ */
1240
+ getPassphraseState?(connectId: string, passphraseState?: string): Promise<Response<string | null>>;
956
1241
  on<K extends keyof HardwareEventMap>(event: K, listener: (event: HardwareEventMap[K]) => void): void;
957
1242
  on(event: string, listener: DeviceEventListener): void;
958
1243
  off<K extends keyof HardwareEventMap>(event: K, listener: (event: HardwareEventMap[K]) => void): void;
@@ -1082,6 +1367,8 @@ declare class TypedEventEmitter<TMap extends Record<string, any> = Record<string
1082
1367
  emit<K extends keyof TMap & string>(event: K, data: TMap[K]): void;
1083
1368
  emit(event: string, data: unknown): void;
1084
1369
  removeAllListeners(): void;
1370
+ /** Number of listeners registered for `event`. 0 if none. */
1371
+ listenerCount(event: string): number;
1085
1372
  }
1086
1373
 
1087
1374
  /** 10 min — every UI request is human-in-the-loop; bias toward "wait long". */
@@ -1145,4 +1432,4 @@ declare function batchCall<TParam, TResult>(params: TParam[], callFn: (p: TParam
1145
1432
  total: number;
1146
1433
  }) => void): Promise<Response<TResult[]>>;
1147
1434
 
1148
- export { type ActiveJobInfo, type BtcAddress, type BtcGetAddressParams, type BtcGetPublicKeyParams, type BtcPublicKey, type BtcRefTransaction, type BtcSignMsgParams, type BtcSignPsbtParams, type BtcSignTxParams, type BtcSignature, type BtcSignedPsbt, type BtcSignedTx, type BtcTxInput, type BtcTxOutput, CHAIN_FINGERPRINT_PATHS, type ChainCapability, type ChainForFingerprint, type ConnectionType, type ConnectorDevice, type ConnectorEventMap, type ConnectorEventType, type ConnectorSession, type ConnectorUiEvent, DEVICE, DEVICE_EVENT, type DeviceCapabilities, type DeviceChangeEvent, type DeviceConnectEvent, type DeviceDescriptor, type DeviceDisconnectEvent, type DeviceEvent, type DeviceEventListener, type DeviceInfo, DeviceJobQueue, type DevicePermissionDeniedReason, type DevicePermissionResponse, type DeviceTarget, EConnectorInteraction, type EIP712Domain, type EvmAddress, type EvmGetAddressParams, type EvmSignMsgParams, type EvmSignTxParams, type EvmSignTypedDataFull, type EvmSignTypedDataHash, type EvmSignTypedDataParams, type EvmSignature, type EvmSignedTx, type Failure, HardwareErrorCode, type HardwareEvent, type HardwareEventMap, type IBtcMethods, type IConnector, type IEvmMethods, type IHardwareBridge, type IHardwareWallet, type ISolMethods, type ITronMethods, type JobOptions, ORPHAN_ELIGIBLE_ERROR_CODES, type PassphraseResponse, type QrDisplayData, type QrResponseData, type Response, SDK, type SdkEvent, type SearchDevicesOptions, type SolAddress, type SolGetAddressParams, type SolSignMsgParams, type SolSignTxParams, type SolSignature, type SolSignedTx, type Success, type TransportType, type TronAddress, type TronGetAddressParams, type TronSignMsgParams, type TronSignTxParams, type TronSignature, type TronSignedTx, TypedEventEmitter, UI_EVENT, UI_REQUEST, UI_REQUEST_CANCELLED_TAG, UI_REQUEST_DEFAULT_TIMEOUT_MS, UI_REQUEST_PREEMPTED_TAG, UI_REQUEST_TIMEOUT_TAG, UI_RESPONSE, type UiRequestEvent, UiRequestRegistry, type UiResponseEvent, type VendorType, batchCall, bytesToHex, compareSemver, createBridgedConnector, deriveDeviceFingerprint, enrichErrorMessage, ensure0x, failure, hexToBytes, padHex64, stripHex, success };
1435
+ export { type ActiveJobInfo, type BtcAddress, type BtcGetAddressParams, type BtcGetPublicKeyParams, type BtcPublicKey, type BtcRefTransaction, type BtcSignMsgParams, type BtcSignPsbtParams, type BtcSignTxParams, type BtcSignature, type BtcSignedPsbt, type BtcSignedTx, type BtcTxInput, type BtcTxOutput, CHAIN_FINGERPRINT_PATHS, type ChainCapability, type ChainForFingerprint, type ConnectionType, type ConnectorDevice, type ConnectorEventMap, type ConnectorEventType, type ConnectorSession, type ConnectorUiEvent, DEVICE, DEVICE_EVENT, type DeviceCapabilities, type DeviceChangeEvent, type DeviceConnectEvent, type DeviceDescriptor, type DeviceDisconnectEvent, type DeviceEvent, type DeviceEventListener, type DeviceInfo, DeviceJobQueue, type DevicePermissionDeniedReason, type DevicePermissionResponse, type DeviceTarget, EConnectorInteraction, type EIP712Domain, type EvmAddress, type EvmGetAddressParams, type EvmSignMsgParams, type EvmSignTxParams, type EvmSignTypedDataFull, type EvmSignTypedDataHash, type EvmSignTypedDataParams, type EvmSignature, type EvmSignedTx, type Failure, HardwareErrorCode, type HardwareEvent, type HardwareEventMap, type IBtcMethods, type IConnector, type IEvmMethods, type IHardwareBridge, type IHardwareWallet, type ISolMethods, type ITronMethods, type JobOptions, ORPHAN_ELIGIBLE_ERROR_CODES, type PassphraseResponse, type PassphraseStateAware, type QrDisplayData, type QrResponseData, type Response, SDK, type SdkEvent, type SearchDevicesOptions, type SolAddress, type SolGetAddressParams, type SolSignMsgParams, type SolSignTxParams, type SolSignature, type SolSignedTx, type Success, type TransportType, type TronAddress, type TronContract, type TronFreezeBalanceV2Contract, type TronGetAddressParams, type TronResource, type TronSignMsgParams, type TronSignTxParams, type TronSignature, type TronSignedTx, type TronTransferContract, type TronTriggerSmartContract, type TronUnfreezeBalanceV2Contract, type TronVote, type TronVoteWitnessContract, type TronWithdrawExpireUnfreezeContract, TypedEventEmitter, UI_EVENT, UI_REQUEST, UI_REQUEST_CANCELLED_TAG, UI_REQUEST_DEFAULT_TIMEOUT_MS, UI_REQUEST_PREEMPTED_TAG, UI_REQUEST_TIMEOUT_TAG, UI_RESPONSE, type UiRequestEvent, UiRequestRegistry, type UiResponseEvent, type VendorType, batchCall, bytesToHex, compareSemver, createBridgedConnector, createCombinedConnector, deriveDeviceFingerprint, enrichErrorMessage, ensure0x, failure, hexToBytes, padHex64, stripHex, success };