Part of #998.
Scope
Add automated testing and polishing support for hardware wallet flows:
- UI test hooks (
testTags / accessibility IDs) on the new hardware screens.
- Hardware-wallet E2E shard so connect and transfer flows are runnable by AI agents and in CI.
- E2E path should be driven by a Trezor emulator, not a physical device.
- Polishing and optimisation of device communication, especially reconnection reliability, passphrase-enabled wallet behavior, and Bitkit's Trezor ping cadence.
Polishing
- Improve reconnection reliability.
- Optimise how often Bitkit pings the Trezor device: repeated pings can currently keep the device busy and prevent the user from unlocking it, see PR adding support to query the Trezor device lock state in bitkit-core:
- Handle passphrase-enabled Trezor wallets explicitly and safely.
Passphrase-enabled wallets
Passphrase-enabled Trezors need a deliberate UX and persistence model rather than accidentally inheriting state from another Trezor session.
- Decide the user-facing model for pairing a passphrase-enabled device:
- default to the standard wallet unless the user explicitly chooses a hidden/passphrase wallet;
- if hidden wallets are supported in this flow, provide an explicit prompt/step for host-entered passphrase and/or on-device passphrase entry instead of silently reusing prior
TrezorUiHandler state.
- Treat the standard wallet and each hidden/passphrase wallet as separate hardware-wallet identities when their watched account xpubs/descriptors differ.
- Ensure the paired record, label,
walletId, activity metadata, and removal behavior all stay scoped to the selected wallet identity, not just the physical Trezor device.
- Reconnect and Transfer to Spending must reconnect/sign with the same wallet identity the user paired; they must not fall back to another hidden wallet or accidentally sign from the standard wallet.
- Never persist or log raw passphrases. Clear any cached host passphrase / wallet selection on cancel, disconnect, removal, and sheet dismissal unless the current session still intentionally needs it.
- Add emulator/device validation for:
- pairing the standard wallet on a passphrase-enabled Trezor;
- pairing a hidden/passphrase wallet if supported;
- reconnecting over USB and BLE;
- signing the Transfer to Spending flow;
- removing the wallet and cleaning up scoped activity metadata.
Part of #998.
Scope
Add automated testing and polishing support for hardware wallet flows:
testTags / accessibility IDs) on the new hardware screens.Polishing
Passphrase-enabled wallets
Passphrase-enabled Trezors need a deliberate UX and persistence model rather than accidentally inheriting state from another Trezor session.
TrezorUiHandlerstate.walletId, activity metadata, and removal behavior all stay scoped to the selected wallet identity, not just the physical Trezor device.