fix: rename BIP322 commands, validate address ownership before signing and add Bip322Error variant

aagbotemi · aagbotemi · commit d85feeccff1c · 2026-03-10T18:46:15.000+01:00
diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
@@ -3,17 +3,10 @@ name: Audit
 on:
   push:
     paths:
-      # Run if workflow changes
-      - '.github/workflows/audit.yml'
-      # Run on changed dependencies
       - '**/Cargo.toml'
       - '**/Cargo.lock'
-      # Run if the configuration file changes
-      - '**/audit.toml'
   schedule:
     - cron: '0 0 * * 0' # Once per week
-  # Run manually
-  workflow_dispatch:
 
 jobs:
 
diff --git a/src/commands.rs b/src/commands.rs
@@ -407,7 +407,7 @@ pub enum OfflineWalletSubCommand {
     },
     /// Sign a message using BIP322
     #[cfg(feature = "bip322")]
-    SignBip322 {
+    SignMessage {
         /// The message to sign
         #[arg(long)]
         message: String,
@@ -422,7 +422,7 @@ pub enum OfflineWalletSubCommand {
     },
     /// Verify a BIP322 signature
     #[cfg(feature = "bip322")]
-    VerifyBip322 {
+    VerifyMessage {
         /// The signature proof to verify
         #[arg(long)]
         proof: String,
diff --git a/src/error.rs b/src/error.rs
@@ -140,6 +140,10 @@ pub enum BDKCliError {
     #[cfg(feature = "payjoin")]
     #[error("Payjoin create request error: {0}")]
     PayjoinCreateRequest(#[from] payjoin::send::v2::CreateRequestError),
+
+    #[cfg(feature = "bip322")]
+    #[error("BIP-322 error: {0}")]
+    Bip322Error(#[from] bdk_bip322::error::Error),
 }
 
 impl From<ExtractTxError> for BDKCliError {
diff --git a/src/handlers.rs b/src/handlers.rs
@@ -597,7 +597,7 @@ pub fn handle_offline_wallet_subcommand(
             )?)
         }
         #[cfg(feature = "bip322")]
-        SignBip322 {
+        SignMessage {
             message,
             signature_type,
             address,
@@ -606,16 +606,20 @@ pub fn handle_offline_wallet_subcommand(
             let address: Address = parse_address(&address)?;
             let signature_format = parse_signature_format(&signature_type)?;
 
-            let proof: Bip322Proof = wallet
-                .sign_bip322(message.as_str(), signature_format, &address, utxos)
-                .map_err(|e| {
-                    BDKCliError::Generic(format!("Failed to sign BIP-322 message: {e}"))
-                })?;
+            if !wallet.is_mine(address.script_pubkey()) {
+                return Err(Error::Generic(format!(
+                    "Address {} does not belong to this wallet.",
+                    address
+                )));
+            }
+
+            let proof: Bip322Proof =
+                wallet.sign_bip322(message.as_str(), signature_format, &address, utxos)?;
 
             Ok(json!({"proof": proof.to_base64()}).to_string())
         }
         #[cfg(feature = "bip322")]
-        VerifyBip322 {
+        VerifyMessage {
             proof,
             message,
             signature_type,
