refactor(embedded-wallet): consume upstream typed encryption API#3
Open
mverzilli wants to merge 2 commits into
Open
refactor(embedded-wallet): consume upstream typed encryption API#3mverzilli wants to merge 2 commits into
mverzilli wants to merge 2 commits into
Conversation
Removes the locally-maintained encryption-mismatch surface now that
`@aztec/wallets/embedded` ships:
- `EmbeddedWalletEncryptionError` (storeName: 'pxe' | 'wallet', cause:
SqliteEncryptionError)
- `openEncryptedEmbeddedStores(config, getEncryptionKey, log)` — opens
PXE + walletDB encrypted-at-rest with cohesive cleanup-on-failure
and `@aztec/kv-store/sqlite-opfs` ships:
- `SqliteEncryptionError` (code: 'invalid_key_length' |
'encryption_not_supported_for_ephemeral' | 'decrypt_failed')
Downstream changes:
- Drop `SQLITE3MC_DECRYPT_ERROR_PATTERNS`, `isDecryptError`,
`openEncryptedOrPlain` from `embedded-wallet.ts`. The common
encrypted-with-no-overrides path now goes straight through
`openEncryptedEmbeddedStores`. A fallback path handles plaintext +
caller-injected stores with the same cleanup discipline.
- Delete `encryption-key-mismatch-error.ts` — superseded by upstream's
`EmbeddedWalletEncryptionError`. The package's index re-exports the
upstream class under the same name space so apps continue to import
their error class from `@aztec-kit/embedded-wallet`.
- Re-target `apps/swap/src/services/walletService.ts` catch site to
`EmbeddedWalletEncryptionError`.
- Shrink `tests/encrypted-store.test.ts` to just the downstream-specific
ephemeral guard — the regex-matching, key-threading, two-store-cleanup,
and decrypt-error-wrapping tests are now upstream's responsibility
and are exercised by upstream's own test suite.
- Update README example.
Plus one infra change: add `customConditions: ["browser"]` to
`tsconfig.base.json` so TypeScript picks the `browser` branch of
`@aztec/wallets`'s conditional `exports` (otherwise the new
`openEncryptedEmbeddedStores` helper, which is only re-exported from the
browser entrypoint because sqlite3mc is browser-only, doesn't typecheck
when imported by downstream code). The codebase already declares
`lib: ["DOM", "DOM.Iterable"]`, so this is consistent.
Net diff: ~210 LOC removed, ~85 added (~125 LOC net deletion). Local
verification was done by overlaying the upstream branch's compiled
`dest/` files; the published nightly the package.json points at does
not yet contain these exports.
BLOCKED on:
- aztec-packages PR adding SqliteEncryptionError + openEncryptedEmbeddedStores
- A new Aztec nightly that bundles the merged upstream
- Bumping `@aztec/*` version pins in apps/* and packages/embedded-wallet
to that nightly
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…path The upstream PR was updated so `openEncryptedEmbeddedStores`, `EmbeddedWalletEncryptionError`, and the related types now live on the dedicated `@aztec/wallets/embedded/store-encryption` sub-path instead of being re-exported from `@aztec/wallets/embedded`. This was necessary so the playground (and any future consumer of `@aztec/wallets/embedded` that doesn't use encryption) doesn't transitively bundle `@aztec/kv-store/sqlite-opfs` and its Web Worker chain. Realign the two import sites in this cleanup branch to the new path. No other code or behavior change. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
(Hold: depends on AztecProtocol/aztec-packages#23231)
Removes the locally-maintained encryption-mismatch surface now that
@aztec/wallets/embeddedships:EmbeddedWalletEncryptionError(storeName: 'pxe' | 'wallet', cause: SqliteEncryptionError)openEncryptedEmbeddedStores(config, getEncryptionKey, log)— opens PXE + walletDB encrypted-at-rest with cohesive cleanup-on-failureand
@aztec/kv-store/sqlite-opfsships:SqliteEncryptionError(code: 'invalid_key_length' | 'encryption_not_supported_for_ephemeral' | 'decrypt_failed')Plus one infra change: add
customConditions: ["browser"]totsconfig.base.jsonso TypeScript picks thebrowserbranch of@aztec/wallets's conditionalexports(otherwise the newopenEncryptedEmbeddedStoreshelper, which is only re-exported from the browser entrypoint because sqlite3mc is browser-only, doesn't typecheck when imported by downstream code).BLOCKED on:
@aztec/*version pins in apps/* and packages/embedded-wallet to that nightly