feat: implement BitGo signing in SDK#8624
Open
alextse-bg wants to merge 4 commits intomasterfrom
Open
Conversation
alextse-bg
force-pushed
the
WCN-217
branch
2 times, most recently
from
8fd8f9f to
3e4c1a5
Compare
alextse-bg
requested review from
kaustubhbitgo,
pranavjain97 and
zahin-mohammad
|
|
||
| /** | ||
| * Returns the wallet passphrase from the environment, or undefined if not set. | ||
| * Unlike getWalletPwFromEnv, this does not throw when the env variable is absent. |
Contributor
There was a problem hiding this comment.
Why not just update getWalletPwFromEnv to make the throwing behaviour configurable?
Contributor
There was a problem hiding this comment.
I went with a separate function to keep the return types unambiguous, getWalletPwFromEnv always returns string so all existing callers remain unchanged, while findWalletPwFromEnv explicitly returns string | undefined making it clear at the call site that the caller must handle the missing case.
zahin-mohammad
previously approved these changes
Apr 24, 2026
Contributor
zahin-mohammad
left a comment
zahin-mohammad
left a comment
There was a problem hiding this comment.
lgtm, just a few suggestions/comments.
alextse-bg
force-pushed
the
WCN-217
branch
3 times, most recently
from
284ffac to
13f39ae
Compare
allow wallet and coins object to sign using the BitGo key if the passphrase is not provided during signing Ticket: WCN-217-2
When no walletPassphrase is present in the request body or environment, pass undefined to tradingAccount.signPayload() instead of throwing. The SDK routes passphrase-less signing through KMS internally. Ticket: WCN-215-1
Contributor
Author
Commit 3Make wallet passphrase optional for preapreAllocation Ticket: WCN-216 |
zahin-mohammad
approved these changes
Apr 28, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Commit 1: allowing trading wallet transaction signing on Trading Account Objects
make wallet passphrase optional when signing OFC transactions.
if not present, the SDK attempts to sign using the wallet's BitGo key instead.
Commit 2: allowing trading wallet transaction signing on Wallet and Coins object
The following are all of the currently valid methods to create a signature on an OFC wallet's
payloadstringofcToken.signMessage({prv}, message): encrypts the message locally using prvofcToken.signTransaction(params): signs a half signed transaction by calling the above methodwallet.baseCoin.signMessage: see abovewallet.baseCoin.signTransaction: see abovewallet.signTransaction(params): signs a half signed transaction by getting the prv through a wallet passphrase then callingthis.baseCoin.signTransactionwallet.prebuildAndSignTransaction(params): builds and sign a transaction by callingwallet.signTransactionwallet.prebuildAndSignTransaction(e.g. sendMany)wallet.toTradingAccount().signPayload: signs a half signed transaction using the wallet passphraseChanges in commit 1 address path 8 already.
For paths that creates the signature using methods of wallet object (i.e. 5-7), all of them eventually calls
wallet.signTransaction, which pass itselfthisas an argument towallet.baseCoin.signTransaction(see here), allowing us to sign via BitGo key if we add the implementation toofcTokenAs for
ofcToken.signMessage, add overloads to the method to allow SDK user to pass in the wallet object instead, which creates the signature via the BitGo key.Note that the
walletPassphraseis already an optional parameter when calling wallet level methods.Ticket: WCN-217