Skip to content

Feat/ledger install app#808

Merged
ByteZhang1024 merged 9 commits into
onekeyfrom
feat/ledger-install-app
May 27, 2026
Merged

Feat/ledger install app#808
ByteZhang1024 merged 9 commits into
onekeyfrom
feat/ledger-install-app

Conversation

@ByteZhang1024
Copy link
Copy Markdown
Contributor

@ByteZhang1024 ByteZhang1024 commented May 27, 2026

No description provided.

@ByteZhang1024
feat(ledger): install / list / firmware for Ledger device apps
db2a08f 
Add OS-level Ledger app management alongside the existing chain handlers:

- DeviceApps + DeviceAppsManager: install, list installed/available, and read
  firmware/device info via DMK device actions, built per-call with signer-style
  onInteraction / onRegisterCanceller wiring.
- installApp uses InstallOrUpdateAppsDeviceAction so DMK refreshes metadata,
  prechecks memory, and fails OOM before writing any bytes; install progress is
  surfaced as 'app-install-progress' events.
- Custom duck-typed DeviceActions (GetOsVersion, catalog lookup) so unlock
  prompts flow through onInteraction like every other method.
- New DeviceOutOfMemory error code for install OOM.
- deviceActionToPromise gains a raw intermediateValue hook for progress.

Scope: Ledger-only (hwk-ledger-adapter / hwk-adapter-core). Does not touch the
OneKey SDK stack.
@ByteZhang1024
fix: clear ledger interaction on none state
60af886
@ByteZhang1024
chore: trim ledger interaction debug logs
22b1e76
@ByteZhang1024
fix(ledger): address app-install review findings
794a28a 
- progress now flows through ConnectorEventMap 'app-install-progress'
  instead of passing an onProgress function ref via connector.call
  params (would have been stripped by IHardwareBridge structured-clone
  / JSON serializers). Adapter forwards the event with sessionId →
  connectId mapping; both ConnectorEventMap and HardwareEventMap have
  typed entries (no more `as never`).
- device-app dispatch cases (installApp / listInstalledApps /
  listAvailableApps / getFirmwareVersion / getDeviceInfo) wrap errors
  with ctx.wrapError and invalidate the session on failure, mirroring
  chain handlers — DMK errors now flow through mapLedgerError /
  isOutOfMemoryError instead of bypassing classification.
- InstallProgress payload drops the raw DMK requiredUserInteraction
  string; raw signals go to debugLog for post-hoc diagnosis. The
  public 'ui-event' channel continues to surface the collapsed
  EConnectorInteraction so install UI keeps working.
- DeviceApps.install throws AppNotFoundInCatalogError when DMK
  resolves Completed with missingApplications populated, so a no-op
  install doesn't silently look like success.
- deviceActionToPromise consolidates four reject paths (watchdog
  timeout / external canceller / rxjs error / rxjs complete) through
  a shared completeInteraction() helper so an outstanding interaction
  prompt always gets a closing 'interaction-complete'.
- Drop the dead InstallAppCallParams.unlockTimeout field
  (LedgerConnectorBase never forwarded it to apps.install and the
  public adapter API never exposed it).
@revan-zhang
Copy link
Copy Markdown
Contributor

revan-zhang commented May 27, 2026
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

github-advanced-security[bot]
github-advanced-security AI found potential problems May 27, 2026
View reviewed changes
Comment thread packages/hwk-ledger-adapter/src/errors.ts Fixed
@ByteZhang1024
fix(ledger): replace ReDoS-prone OOM regex with string includes
908beb3 
CodeQL flagged the previous `/out of memory|not enough.*space|
insufficient.*memory/i` pattern as polynomial-time on uncontrolled
input — `.*` could backtrack catastrophically on adversarial strings
like "not enough" repeated N times.

Switch to plain Array.some + String.includes which runs in linear
time and is impossible to ReDoS. Matched substrings are the same
three phrases.
@ByteZhang1024 ByteZhang1024 enabled auto-merge (squash) May 27, 2026 06:44
@ByteZhang1024
chore(ledger): fix prettier / eslint lint issues
a1b39d8 
Apply prettier auto-fix to LedgerAdapter, LedgerConnectorBase,
DeviceApps, DeviceAppsManager (line-wrapping + trailing-comma cleanup,
imports collapsed to single line where they fit).

Add scoped eslint-disable for max-classes-per-file and the
no-useless-constructor / no-empty-function pair on TS parameter-property
constructors, matching the existing convention in SignerEth/Btc/Sol.
@ByteZhang1024
refactor(ledger): split device-apps into focused files
bff8398 
Standard fix for the max-classes-per-file lint error instead of
suppressing the rule at file scope. AppNotFoundInCatalogError and the
two duck-typed DMK custom DeviceActions are independent concerns and
already had their own scope of concerns.

- device-apps/errors.ts        — AppNotFoundInCatalogError
- device-apps/customActions.ts — GetOsVersionDeviceAction +
                                 ListAvailableAppsDeviceAction
                                 (still co-located: shared internal
                                 OsVersionDeps / InternalApiLike /
                                 AnyState types, two same-shape
                                 DeviceAction implementations; matches
                                 the slip39.ts precedent in the repo)
- device-apps/DeviceApps.ts    — main class + public API types
@ByteZhang1024
fix(ledger): restore semantic equivalence of OOM substring check
f74dc5e 
The previous ReDoS fix (908beb3) lost matching coverage: the old
regex `/not enough.*space|insufficient.*memory/i` matched intermediate
tokens like "Not enough free space" / "Insufficient available memory"
via `.*`, but the substring list only had the exact phrases.

Switch to AND-checks ('not enough' && 'space', 'insufficient' &&
'memory') so any message containing both anchor tokens — regardless
of words in between — still hits, while keeping linear-time
evaluation. Verified equivalent to the original regex on 10
representative cases including the tricky token-order edge cases.
@ByteZhang1024
fix(ledger): identify OOM solely by DMK _tag, drop message heuristics
484be56 
The original regex was added as a "safety net" for messages that
happen to carry the OOM phrasing but lack `_tag = OutOfMemoryDAError`.
In practice DMK always sets that tag for `OutOfMemoryDAError`, so the
message heuristic was speculative — and the two attempts at safely
rewriting the regex either lost coverage (literal substrings) or
over-classified (token AND-checks).

Drop the heuristic entirely. `isOutOfMemoryError` now identifies only
the canonical DMK tag. If we ever observe a real OOM that doesn't
carry the tag, add a precise check then — don't speculate now.

Eliminates the CodeQL ReDoS finding and the equivalence concern in
one go.
@ByteZhang1024 ByteZhang1024 merged commit dcceff5 into onekey May 27, 2026
9 checks passed
@ByteZhang1024 ByteZhang1024 deleted the feat/ledger-install-app branch May 27, 2026 09:46
@ByteZhang1024 ByteZhang1024 mentioned this pull request May 27, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wabicai wabicai wabicai approved these changes

+1 more reviewer

@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ByteZhang1024 @revan-zhang @github-advanced-security @wabicai