refactor(evm-wallet-experiment): drop unused SubtleCrypto endowment

sirtimid · claude · sirtimid · commit ec1cc4f70249 · 2026-04-24T00:03:48.000+02:00
Per principle of least authority. Neither the keyring nor delegator
vat references `crypto.subtle` (mnemonic encryption uses `@noble/*`
pure-JS implementations of AES-GCM and PBKDF2). Endowing only `crypto`
keeps `crypto.getRandomValues` available to both vats while shrinking
the capability surface.

Co-Authored-By: Claude Opus 4.7 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/packages/evm-wallet-experiment/scripts/setup-away.sh b/packages/evm-wallet-experiment/scripts/setup-away.sh
@@ -373,7 +373,7 @@ CONFIG=$(BUNDLE_DIR="$BUNDLE_DIR" DM="$DELEGATION_MANAGER" RPC_HOST="$AWAY_RPC_H
         },
         keyring: {
           bundleSpec: bd + '/keyring-vat.bundle',
-          globals: ['TextEncoder', 'TextDecoder', 'crypto', 'SubtleCrypto']
+          globals: ['TextEncoder', 'TextDecoder', 'crypto']
         },
         provider: {
           bundleSpec: bd + '/provider-vat.bundle',
diff --git a/packages/evm-wallet-experiment/scripts/setup-home.sh b/packages/evm-wallet-experiment/scripts/setup-home.sh
@@ -338,7 +338,7 @@ CONFIG=$(BUNDLE_DIR="$BUNDLE_DIR" DM="$DELEGATION_MANAGER" RPC_HOST="$RPC_HOST"
         },
         keyring: {
           bundleSpec: bd + '/keyring-vat.bundle',
-          globals: ['TextEncoder', 'TextDecoder', 'crypto', 'SubtleCrypto']
+          globals: ['TextEncoder', 'TextDecoder', 'crypto']
         },
         provider: {
           bundleSpec: bd + '/provider-vat.bundle',
diff --git a/packages/evm-wallet-experiment/src/cluster-config.test.ts b/packages/evm-wallet-experiment/src/cluster-config.test.ts
@@ -113,7 +113,6 @@ describe('cluster-config', () => {
           'TextEncoder',
           'TextDecoder',
           'crypto',
-          'SubtleCrypto',
         ]);
       }
 
diff --git a/packages/evm-wallet-experiment/src/cluster-config.ts b/packages/evm-wallet-experiment/src/cluster-config.ts
@@ -37,7 +37,7 @@ export function makeWalletClusterConfig(
       ? {
           delegator: {
             bundleSpec: `${bundleBaseUrl}/delegator-vat.bundle`,
-            globals: ['TextEncoder', 'TextDecoder', 'crypto', 'SubtleCrypto'],
+            globals: ['TextEncoder', 'TextDecoder', 'crypto'],
           },
         }
       : {
@@ -58,7 +58,7 @@ export function makeWalletClusterConfig(
       },
       keyring: {
         bundleSpec: `${bundleBaseUrl}/keyring-vat.bundle`,
-        globals: ['TextEncoder', 'TextDecoder', 'crypto', 'SubtleCrypto'],
+        globals: ['TextEncoder', 'TextDecoder', 'crypto'],
       },
       provider: {
         bundleSpec: `${bundleBaseUrl}/provider-vat.bundle`,
diff --git a/packages/evm-wallet-experiment/test/e2e/docker/helpers/wallet-setup.ts b/packages/evm-wallet-experiment/test/e2e/docker/helpers/wallet-setup.ts
@@ -45,7 +45,7 @@ export function launchWalletSubcluster(
       ? {
           delegator: {
             bundleSpec: `${BUNDLE_BASE}/delegator-vat.bundle`,
-            globals: ['TextEncoder', 'TextDecoder', 'crypto', 'SubtleCrypto'],
+            globals: ['TextEncoder', 'TextDecoder', 'crypto'],
           },
         }
       : {
@@ -66,7 +66,7 @@ export function launchWalletSubcluster(
       },
       keyring: {
         bundleSpec: `${BUNDLE_BASE}/keyring-vat.bundle`,
-        globals: ['TextEncoder', 'TextDecoder', 'crypto', 'SubtleCrypto'],
+        globals: ['TextEncoder', 'TextDecoder', 'crypto'],
       },
       provider: {
         bundleSpec: `${BUNDLE_BASE}/provider-vat.bundle`,

Original file line number	Diff line number	Diff line change
`@@ -113,7 +113,6 @@ describe('cluster-config', () => {`
`113`	`113`	`'TextEncoder',`
`114`	`114`	`'TextDecoder',`
`115`	`115`	`'crypto',`
`116`		`- 'SubtleCrypto',`
`117`	`116`	`]);`
`118`	`117`	`}`
`119`	`118`