npm - @www.hyperlinks.space/program-kit - Versions diffs - 1.2.91881 → 7.8.3 - Mend

@www.hyperlinks.space/program-kit 1.2.91881 → 7.8.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (65) hide show

package/.eas/workflows/create-development-builds.yml +21 -0
package/.eas/workflows/create-draft.yml +15 -0
package/.eas/workflows/deploy-to-production.yml +68 -0
package/.env.example +19 -0
package/.gitattributes +48 -0
package/.gitignore +52 -0
package/.nvmrc +1 -0
package/.vercelignore +6 -0
package/README.md +10 -5
package/ai/openai.ts +202 -0
package/ai/transmitter.ts +367 -0
package/api/{base.ts → _base.ts} +1 -1
package/api/wallet/_auth.ts +143 -0
package/api/wallet/register.ts +151 -0
package/api/wallet/status.ts +89 -0
package/app/index.tsx +319 -5
package/assets/images/PreviewImage.png +0 -0
package/backlogs/medium_term_backlog.md +26 -0
package/backlogs/short_term_backlog.md +42 -0
package/database/start.ts +0 -1
package/database/wallets.ts +266 -0
package/eslint.config.cjs +10 -0
package/fullREADME.md +142 -71
package/index.js +3 -0
package/npmReadMe.md +10 -5
package/npmrc.example +1 -0
package/package.json +7 -27
package/polyfills/buffer.ts +9 -0
package/research & docs/auth-and-centralized-encrypted-keys-plan.md +440 -0
package/research & docs/github-gitlab-bidirectional-mirroring.md +154 -0
package/research & docs/keys-retrieval-console-scripts.js +131 -0
package/{docs/security_plan_raw.md → research & docs/security_plan_raw.md } +1 -1
package/{docs/security_raw.md → research & docs/security_raw.md } +22 -13
package/research & docs/storage-availability-console-script.js +152 -0
package/research & docs/storage-lifetime.md +33 -0
package/research & docs/telegram-raw-keys-cloud-storage-risks.md +31 -0
package/{docs/wallets_hosting_architecture.md → research & docs/wallets_hosting_architecture.md } +147 -1
package/scripts/test-api-base.ts +2 -2
package/services/wallet/tonWallet.ts +73 -0
package/telegram/post.ts +44 -8
package/ui/components/GlobalBottomBar.tsx +447 -0
package/ui/components/GlobalBottomBarWeb.tsx +362 -0
package/ui/components/GlobalLogoBar.tsx +108 -0
package/ui/components/GlobalLogoBarFallback.tsx +66 -0
package/ui/components/GlobalLogoBarWithFallback.tsx +24 -0
package/ui/components/HyperlinksSpaceLogo.tsx +29 -0
package/ui/components/Telegram.tsx +677 -0
package/ui/components/telegramWebApp.ts +359 -0
package/ui/fonts.ts +12 -0
package/ui/theme.ts +117 -0
/package/{docs → research & docs}/ai_and_search_bar_input.md +0 -0
/package/{docs → research & docs}/ai_bot_messages.md +0 -0
/package/{docs → research & docs}/blue_bar_tackling.md +0 -0
/package/{docs → research & docs}/bot_async_streaming.md +0 -0
/package/{docs → research & docs}/build_and_install.md +0 -0
/package/{docs → research & docs}/database_messages.md +0 -0
/package/{docs → research & docs}/fonts.md +0 -0
/package/{docs → research & docs}/npm-release.md +0 -0
/package/{docs → research & docs}/releases.md +0 -0
/package/{docs → research & docs}/releases_github_actions.md +0 -0
/package/{docs → research & docs}/scalability.md +0 -0
/package/{docs → research & docs}/timing_raw.md +0 -0
/package/{docs → research & docs}/tma_logo_bar_jump_investigation.md +0 -0
/package/{docs → research & docs}/update.md +0 -0
/package/{docs → research & docs}/wallet_telegram_standalone_multichain_proposal.md +0 -0

package/api/wallet/status.ts ADDED Viewed

@@ -0,0 +1,89 @@
+import { getDefaultWalletByUsername } from '../../database/wallets.js';
+import { upsertUserFromTma } from '../../database/users.js';
+import { authByInitData } from './_auth.js';
+const JSON_HEADERS = { 'Content-Type': 'application/json' };
+function jsonResponse(body: object, status: number): Response {
+  return new Response(JSON.stringify(body), { status, headers: JSON_HEADERS });
+}
+async function getBody(
+  request:
+    | Request
+    | {
+        json?: () => Promise<unknown>;
+        body?: unknown;
+      },
+): Promise<unknown> {
+  if (typeof (request as { json?: () => Promise<unknown> }).json === 'function') {
+    return (request as Request).json();
+  }
+  return (request as { body?: unknown }).body ?? null;
+}
+async function handler(request: Request): Promise<Response> {
+  const method = (request as { method?: string }).method ?? request.method;
+  if (method === 'GET') {
+    return jsonResponse(
+      { ok: true, endpoint: 'wallet/status', use: 'POST with initData' },
+      200,
+    );
+  }
+  if (method !== 'POST') {
+    return new Response('Method Not Allowed', { status: 405 });
+  }
+  const body = (await getBody(request)) as { initData?: unknown } | null;
+  const initData = typeof body?.initData === 'string' ? body.initData : '';
+  if (!initData) return jsonResponse({ ok: false, error: 'missing_initData' }, 400);
+  try {
+    const auth = authByInitData(initData);
+    await upsertUserFromTma({
+      telegramUsername: auth.telegramUsername,
+      locale: auth.locale,
+    });
+    const wallet = await getDefaultWalletByUsername(auth.telegramUsername);
+    if (!wallet) {
+      return jsonResponse(
+        {
+          ok: true,
+          telegram_username: auth.telegramUsername,
+          has_wallet: false,
+          wallet_required: true,
+        },
+        200,
+      );
+    }
+    return jsonResponse(
+      {
+        ok: true,
+        telegram_username: auth.telegramUsername,
+        has_wallet: true,
+        wallet: {
+          id: wallet.id,
+          wallet_address: wallet.wallet_address,
+          wallet_blockchain: wallet.wallet_blockchain,
+          wallet_net: wallet.wallet_net,
+          type: wallet.type,
+          label: wallet.label,
+          is_default: wallet.is_default,
+          source: wallet.source,
+        },
+      },
+      200,
+    );
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : 'internal_error';
+    const status = msg === 'bot_token_not_configured' ? 500 : msg === 'invalid_initdata' ? 401 : 400;
+    return jsonResponse({ ok: false, error: msg }, status);
+  }
+}
+export default handler;
+export const GET = handler;
+export const POST = handler;

package/app/index.tsx CHANGED Viewed

@@ -1,8 +1,288 @@
-import { Text, View } from "react-native";
+import { useCallback, useEffect, useState } from "react";
+import { Button, Text, View } from "react-native";
 import { useTelegram } from "../ui/components/Telegram";
+import {
+  createSeedCipher,
+  deriveAddressFromMnemonic,
+  deriveMasterKeyFromMnemonic,
+  generateMnemonic,
+} from "../services/wallet/tonWallet";
+type CreateStep = "idle" | "saving" | "done";
+type TelegramWebAppBridge = {
+  SecureStorage?: {
+    setItem?: (key: string, value: string, callback?: (err: unknown, stored?: boolean) => void) => void;
+  };
+  DeviceStorage?: {
+    setItem?: (key: string, value: string, callback?: (err: unknown, stored?: boolean) => void) => void;
+  };
+  CloudStorage?: {
+    setItem?: (key: string, value: string, callback?: (err: unknown, stored?: boolean) => void) => void;
+  };
+  onEvent?: (eventType: string, callback: (...args: unknown[]) => void) => void;
+  offEvent?: (eventType: string, callback: (...args: unknown[]) => void) => void;
+};
+function getTelegramWebApp(): TelegramWebAppBridge | undefined {
+  if (typeof window === "undefined") return undefined;
+  return (window as unknown as { Telegram?: { WebApp?: TelegramWebAppBridge } }).Telegram?.WebApp;
+}
+/**
+ * SecureStorage.setItem: on error the first callback argument is the error; on success it is null
+ * and the second is whether the value was stored. Some clients also emit web events; see
+ * https://core.telegram.org/bots/webapps#securestorage
+ */
+async function setTmaSecureStorageItem(key: string, value: string): Promise<boolean> {
+  const webApp = getTelegramWebApp();
+  if (!webApp) return false;
+  const storage = webApp.SecureStorage;
+  const setItem = storage?.setItem;
+  if (typeof setItem !== "function") return false;
+  return new Promise<boolean>((resolve) => {
+    let settled = false;
+    const finish = (ok: boolean) => {
+      if (settled) return;
+      settled = true;
+      cleanup();
+      resolve(ok);
+    };
+    const onSecureStorageFailed = (payload?: unknown) => {
+      if (typeof __DEV__ !== "undefined" && __DEV__) {
+        console.warn("[wallet] secure_storage_failed", payload);
+      }
+      finish(false);
+    };
+    /** Fired when a value was saved (bridge may deliver this if the JS callback is delayed). */
+    const onSecureStorageKeySaved = () => {
+      finish(true);
+    };
+    const cleanup = () => {
+      try {
+        webApp.offEvent?.("secure_storage_failed", onSecureStorageFailed);
+      } catch {
+        /* ignore */
+      }
+      try {
+        webApp.offEvent?.("secure_storage_key_saved", onSecureStorageKeySaved);
+      } catch {
+        /* ignore */
+      }
+    };
+    try {
+      webApp.onEvent?.("secure_storage_failed", onSecureStorageFailed);
+      webApp.onEvent?.("secure_storage_key_saved", onSecureStorageKeySaved);
+    } catch {
+      /* older clients */
+    }
+    try {
+      setItem(key, value, (err: unknown, stored?: boolean) => {
+        if (err != null) {
+          finish(false);
+          return;
+        }
+        finish(stored !== false);
+      });
+    } catch {
+      cleanup();
+      resolve(false);
+    }
+  });
+}
+/**
+ * DeviceStorage: persistent local KV inside the Telegram client (not Keychain/Keystore).
+ * Same callback shape as SecureStorage; some clients emit device_storage_* web events.
+ * @see https://core.telegram.org/bots/webapps#devicestorage
+ */
+async function setTmaDeviceStorageItem(key: string, value: string): Promise<boolean> {
+  const webApp = getTelegramWebApp();
+  if (!webApp) return false;
+  const storage = webApp.DeviceStorage;
+  const setItem = storage?.setItem;
+  if (typeof setItem !== "function") return false;
+  return new Promise<boolean>((resolve) => {
+    let settled = false;
+    const finish = (ok: boolean) => {
+      if (settled) return;
+      settled = true;
+      cleanup();
+      resolve(ok);
+    };
+    const onDeviceStorageFailed = (payload?: unknown) => {
+      if (typeof __DEV__ !== "undefined" && __DEV__) {
+        console.warn("[wallet] device_storage_failed", payload);
+      }
+      finish(false);
+    };
+    const onDeviceStorageKeySaved = () => {
+      finish(true);
+    };
+    const cleanup = () => {
+      try {
+        webApp.offEvent?.("device_storage_failed", onDeviceStorageFailed);
+      } catch {
+        /* ignore */
+      }
+      try {
+        webApp.offEvent?.("device_storage_key_saved", onDeviceStorageKeySaved);
+      } catch {
+        /* ignore */
+      }
+    };
+    try {
+      webApp.onEvent?.("device_storage_failed", onDeviceStorageFailed);
+      webApp.onEvent?.("device_storage_key_saved", onDeviceStorageKeySaved);
+    } catch {
+      /* older clients */
+    }
+    try {
+      setItem(key, value, (err: unknown, stored?: boolean) => {
+        if (err != null) {
+          finish(false);
+          return;
+        }
+        finish(stored !== false);
+      });
+    } catch {
+      cleanup();
+      resolve(false);
+    }
+  });
+}
+export type WalletMasterKeyStorageTier = "secure" | "device" | "none";
+/**
+ * Prefer hardware-backed SecureStorage; if missing or UNSUPPORTED, fall back to DeviceStorage
+ * so Desktop and older clients can still persist the key (weaker — see docs/security_raw.md).
+ */
+async function persistWalletMasterKey(masterKey: string): Promise<WalletMasterKeyStorageTier> {
+  const okSecure = await setTmaSecureStorageItem("wallet_master_key", masterKey);
+  if (okSecure) return "secure";
+  const okDevice = await setTmaDeviceStorageItem("wallet_master_key", masterKey);
+  if (okDevice) return "device";
+  if (typeof __DEV__ !== "undefined" && __DEV__) {
+    console.warn("[wallet] wallet_master_key not persisted (no SecureStorage nor DeviceStorage)");
+  }
+  return "none";
+}
+/** CloudStorage.setItem uses the same callback shape as SecureStorage. */
+async function setTmaCloudStorageItem(key: string, value: string): Promise<boolean> {
+  const webApp = getTelegramWebApp();
+  const storage = webApp?.CloudStorage;
+  const setItem = storage?.setItem;
+  if (typeof setItem !== "function") return false;
+  return new Promise<boolean>((resolve) => {
+    try {
+      setItem(key, value, (err: unknown, stored?: boolean) => {
+        if (err != null) {
+          resolve(false);
+          return;
+        }
+        resolve(stored !== false);
+      });
+    } catch {
+      resolve(false);
+    }
+  });
+}
 export default function Index() {
-  const { status, telegramUsername, error, debug } = useTelegram();
+  const {
+    status,
+    telegramUsername,
+    hasWallet,
+    walletRequired,
+    wallet,
+    initData,
+    error,
+    debug,
+  } = useTelegram();
+  const [step, setStep] = useState<CreateStep>("idle");
+  const [flowError, setFlowError] = useState<string | null>(null);
+  const [createdWalletAddress, setCreatedWalletAddress] = useState<string | null>(null);
+  const [masterKeyStorageTier, setMasterKeyStorageTier] = useState<WalletMasterKeyStorageTier | null>(null);
+  const effectiveWalletAddress = wallet?.wallet_address ?? createdWalletAddress;
+  const effectiveHasWallet = hasWallet || Boolean(createdWalletAddress);
+  const createAndRegisterWalletFlow = useCallback(async () => {
+    if (!initData) {
+      setFlowError("Missing Telegram initData.");
+      return;
+    }
+    setFlowError(null);
+    setStep("saving");
+    try {
+      const mnemonic = await generateMnemonic();
+      const walletAddress = await deriveAddressFromMnemonic({ mnemonic, testnet: false });
+      const masterKey = await deriveMasterKeyFromMnemonic(mnemonic);
+      const seedCipher = await createSeedCipher(masterKey, mnemonic.join(" "));
+      // Register with API first: SecureStorage can fail/hang (see secure_storage_failed) and must not block.
+      const response = await fetch("/api/wallet/register", {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          initData,
+          wallet_address: walletAddress,
+          wallet_blockchain: "ton",
+          wallet_net: "mainnet",
+          type: "internal",
+          label: "Main wallet",
+          source: "miniapp",
+        }),
+      });
+      const json = await response.json().catch(() => ({}));
+      if (!response.ok || !json?.ok) {
+        throw new Error(json?.error || `HTTP ${response.status}`);
+      }
+      const [tier, cloudOk] = await Promise.all([
+        persistWalletMasterKey(masterKey),
+        setTmaCloudStorageItem("wallet_seed_cipher", seedCipher),
+      ]);
+      setMasterKeyStorageTier(tier);
+      if (!cloudOk && typeof __DEV__ !== "undefined" && __DEV__) {
+        console.warn("[wallet] wallet_seed_cipher not saved to CloudStorage");
+      }
+      setCreatedWalletAddress(walletAddress);
+      setStep("done");
+    } catch (e) {
+      setFlowError(e instanceof Error ? e.message : "Wallet registration failed");
+      setStep("idle");
+    }
+  }, [initData]);
+  useEffect(() => {
+    if (
+      status === "ok" &&
+      walletRequired &&
+      !hasWallet &&
+      !createdWalletAddress &&
+      step === "idle" &&
+      initData
+    ) {
+      void createAndRegisterWalletFlow();
+    }
+  }, [status, walletRequired, hasWallet, createdWalletAddress, step, initData, createAndRegisterWalletFlow]);
   if (status === "idle" || status === "loading") {
     return (
@@ -79,6 +359,21 @@ export default function Index() {
     );
   }
+  if (status === "ok" && walletRequired && !effectiveHasWallet) {
+    return (
+      <View style={{ flex: 1, justifyContent: "center", padding: 16, gap: 10 }}>
+        <Text style={{ fontWeight: "700", fontSize: 18 }}>Preparing your wallet</Text>
+        <Text>
+          No wallet found for this Telegram account. Creating one now and registering public wallet
+          data.
+        </Text>
+        {step === "saving" && <Text>Saving secrets and registering wallet...</Text>}
+        {flowError ? <Text style={{ color: "#b00020" }}>{flowError}</Text> : null}
+        {flowError ? <Button title="Retry wallet creation" onPress={createAndRegisterWalletFlow} /> : null}
+      </View>
+    );
+  }
   return (
     <View
       style={{
@@ -91,11 +386,30 @@ export default function Index() {
       <Text style={{ fontWeight: "600", marginBottom: 8 }}>
         HyperlinksSpace Wallet
       </Text>
-      {telegramUsername && (
-        <Text style={{ textAlign: "center" }}>
+      {telegramUsername ? (
+        <Text style={{ textAlign: "center", marginBottom: 8 }}>
           You are logged in via Telegram as @{telegramUsername}.
         </Text>
-      )}
+      ) : null}
+      {effectiveWalletAddress ? (
+        <View style={{ alignItems: "center" }}>
+          <Text style={{ textAlign: "center" }}>Wallet:</Text>
+          <Text style={{ textAlign: "center", marginTop: 4 }}>{effectiveWalletAddress}</Text>
+        </View>
+      ) : null}
+      {masterKeyStorageTier === "device" ? (
+        <Text style={{ marginTop: 14, fontSize: 12, color: "#856404", textAlign: "center", paddingHorizontal: 8 }}>
+          This Telegram client does not support SecureStorage, so your wallet key was stored in DeviceStorage
+          (persistent app storage, not the system keychain). That is weaker than SecureStorage; keep your seed
+          phrase safe and prefer Telegram on iOS/Android when possible.
+        </Text>
+      ) : null}
+      {masterKeyStorageTier === "none" ? (
+        <Text style={{ marginTop: 14, fontSize: 12, color: "#b00020", textAlign: "center", paddingHorizontal: 8 }}>
+          Could not save your wallet key on this device. Cloud ciphertext may still sync, but you will need your
+          recovery phrase to sign here until storage works. Try another Telegram client or update the app.
+        </Text>
+      ) : null}
     </View>
   );
 }

package/assets/images/PreviewImage.png CHANGED Viewed

Binary file

package/backlogs/medium_term_backlog.md ADDED Viewed

@@ -0,0 +1,26 @@
+header indent bag in fullsize<br>
+rotation on swap page<br>
+edit interval healthcheck<br>
+Ticker link<br>
+Scrolling in AI widget fix<br>
+Finish bot parts isolation<br>
+ld timeout<br>
+AI bd<br>
+Hovers<br>
+Languages<br>
+Favicon change<br>
+Wallet creation and nickname generation<br>
+Jetton lockup<br>
+Theme in Chrome<br>
+Bd<br>
+Wallet creation<br>
+Apps design<br>
+Plan users bd for search<br>
+Brand book<br>
+Fix<br>
+Starting Rewards<br>
+Feed items types<br>
+PAY BY QR<br>
+swap long rate state<br>
+swaps<br>
+tokns<br>

package/backlogs/short_term_backlog.md ADDED Viewed

@@ -0,0 +1,42 @@
+Polyfils refactoring<br>
+Wallet: Telegram, Connected, Unhosted<br>
+Username loaded without intermediate state<br>
+Bottom bar refactor<br>
+AI options page<br>
+Bottom bar icon review<br>
+AI chat page<br>
+Bring repository root app to demo design state<br>
+GitHub and GitLab bidirectional mirroring<br>
+readme.md<br>
+Windows setup refactor<br>
+https://azure.microsoft.com/en-us/products/artifact-signing<br>
+README.md: Project news, discussions, where to learn for contributions<br>
+Issues:<br>
+Several chats async streaming<br>
+Pull requests:<br>
+AI responce checkup in bot (message interruption on new prompt)<br>
+Typing in the middle of the text on large inputting<br>
+To think about:<br>
+Branding and naming
+Place of the install update dialog in the UI<br>
+Updater: fasten instant reload<br>
+Custom installer design<br>
+Fluent installer progress bar<br>
+Optional cleanup of legacy Forge v5 deps<br>
+Workflows dry mode (build check without releasing)<br>
+Move Telegram folder contents to API<br>
+https://www.npmjs.com/package/electron-log<br>
+PGP release signing<br>
+File's formats and folders structure<br>
+Selection and pointing text detalization<br>
+    on word tapping places at the end of the word<br>
+    zoom-in cursor placing on long tap<br>
+Instructions.ts in AI<br>
+Abandoned:<br>
+Placeholder refactor<br>
+Logo bar visibility<br>
+Overlay on screen expansion from mobile<br>

package/database/start.ts CHANGED Viewed

@@ -30,7 +30,6 @@ async function runSchemaMigrations() {
       last_tma_seen_at    TIMESTAMPTZ,
       locale              TEXT,
       time_zone           TEXT,
-      number_of_wallets   INTEGER NOT NULL DEFAULT 0,
       default_wallet      BIGINT
     );
   `;