Derived inputs: wallet-computed cryptographic values#88
Merged
iamalwaysuncomfortable merged 1 commit intoMay 28, 2026
Merged
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
…lues
Adds a fourth `InputRequest` variant `{ type: "derived", algorithm, args }`
that asks the wallet to run a named cryptographic algorithm over its own
state (view key, wallet-maintained counters, etc.) plus dapp-supplied args,
and substitutes the result into a transaction input slot. The dapp never
observes the wallet-side inputs — only the output.
Strict opt-in via a new `algorithmsAllowed?: AlgorithmGrant[]` field on
`ConnectOptions`: each grant authorizes exactly one
`(algorithm, program, function, inputPosition)` call site, all four fields
required and exact-match. The wallet refuses every derived request whose
tuple is not present. No broad default.
A new `algorithmsSupported(): Promise<string[]>` adapter method lets dapps
discover what a wallet implements before populating the allowlist.
Wallets without derived-input support return `[]` (default) and connections
with non-empty `algorithmsAllowed` throw `WalletConnectOptionsNotSupportedError`
via the existing `hasUnsupportedConnectOptions` path.
Inaugural algorithm: `program-scoped-address-blind`. Inputs: `{ "domain-separator": field }`.
Output: `address`. Valid slot positions: `address`, `group`, `scalar`, `field`.
Updates the PrivateInputs example with a fourth `Derived` mode on primitive
slots whose baseType is in an algorithm's `validSlotTypes`, plus a
connect-time `AlgorithmGrant[]` editor with an "Auto-grant this function's
eligible slots" convenience button. The grant JSON preview now includes
`algorithmsAllowed`.
See docs/adapter-privacy-extension.md §"Derived inputs" for the spec and
docs/dapp-privacy-quickstart.md for an implementor's guide.
iamalwaysuncomfortable
force-pushed
the
feat/derived-inputs
branch
from
86077a1 to
a5d741c
Compare
iamalwaysuncomfortable
changed the base branch from
examples/private-inputs-example
to
master
iamalwaysuncomfortable
changed the base branch from
master
to
examples/private-inputs-example
iamalwaysuncomfortable
merged commit 756011a
into
examples/private-inputs-example
3 checks passed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Adds a fourth
InputRequestvariant{ type: "derived", algorithm, args }. The wallet runs a named cryptographic algorithm over its own state (view key, wallet-maintained counters) plus dapp-suppliedargs, and substitutes the result into the transaction input slot. The dapp never observes the wallet-side inputs — only the output.Strictly opt-in
A new
algorithmsAllowed?: AlgorithmGrant[]field onConnectOptionsauthorizes derived inputs at exact(algorithm, program, function, inputPosition)call sites. All four fields are required and exact-match — there is no wildcard and no broad default. The wallet refuses every derived request whose tuple is not present in the allowlist.A new adapter method
algorithmsSupported(): Promise<string[]>lets a dapp discover which algorithms a wallet implements before populating the allowlist. Wallets without derived-input support return[].Inaugural algorithm
program-scoped-address-blind— produces a per-program blinded address.args(dapp-provided){ "domain-separator": field }addressaddress,group,scalar,fieldBackward compatibility
Existing
connect()calls andinputs: string[]keep working — the newtype: "derived"variant is opt-in per-slot andalgorithmsAlloweddefaults toundefined. Adapters that do not yet implement derived inputs throwWalletConnectOptionsNotSupportedErrorvia the existinghasUnsupportedConnectOptionspath when a dapp sets the new field. Shield forwards the option through to the extension, which is expected to implement the receiving side.Type of Change
Packages Changed
@provablehq/aleo-types@provablehq/aleo-wallet-standard@provablehq/aleo-wallet-adaptor-core@provablehq/aleo-wallet-adaptor-react@provablehq/aleo-wallet-adaptor-shieldhasUnsupportedConnectOptionspath already rejectsalgorithmsAllowedfor legacy wallets.Derivedmode to primitive slots on the PrivateInputs demo and a connect-timeAlgorithmGrant[]editordocs/adapter-privacy-extension.md§ "Derived inputs";docs/dapp-privacy-quickstart.mdquickstart sectionChangeset
.changeset/derived-inputs.mdTesting
pnpm lintclean.pnpm --filter react-app-example buildsucceeds.aleo-types,aleo-wallet-standard,aleo-wallet-adaptor-core,aleo-wallet-adaptor-shield,aleo-wallet-adaptor-react, plus all legacy wallet adapters) clean.Additional Notes
examples/private-inputs-example(Private inputs example + dapp quickstart doc #87), not master — this builds on the example branch that introduces the PrivateInputs demo.docs/adapter-privacy-extension.md§ "Derived inputs".docs/dapp-privacy-quickstart.md§ "Derived inputs (type: "derived")".