Open
Conversation
…ce-local Two Windows build fixes: 1. collect-externals.ts: strip node_modules from file:-linked packages after copying to staging. Prevents Inno Setup MAX_PATH failures when npm/bun installs transitive deps inside source dirs (e.g. modules/proto-tx-builder/node_modules/). 2. patch-electrobun.sh: add --force-local to tar extraction command. Windows tar interprets "C:" in paths as a remote host, causing electrobun CLI download to fail. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
fix: Windows build — strip nested node_modules + tar --force-local
Two bugs:
1. Frontend catch {} silently swallowed errors — now shows error message
2. Backend threw when 0 transactions had timestamps, which is the common
case for fresh reports. Removed the guard — empty CSV with headers is
better than a silent failure.
fix: CSV report exports were dead clicks
CoinTracker/ZenLedger CSVs are tax-specific (transactions only) — empty when Pioneer returns no tx history. Added "KeepKey CSV" option that uses the existing reportToCsv() function to export ALL report sections: device info, chain balances, tokens, xpubs, addresses, and transactions.
… load
Two root causes:
1. Vault called GetTxHistory but Pioneer's operationId is GetTransactionHistory.
Swagger client returned undefined, parsed as empty array. Zero errors.
2. Pioneer's tx history is async — first call triggers background Blockbook
fetch and returns { transactions: [], loading: true }. Vault never retried.
Fix: correct method name + poll up to 3 times (5s apart) when Pioneer
indicates loading/cache-miss.
fix: transaction history empty — wrong Pioneer API method + missing retry
Enable unshielding from the Orchard pool to transparent t1/t3 addresses. No firmware changes needed — device signs Orchard spends with RedPallas (same as shielded send), transparent outputs require no device signatures. Sidecar: build_deshield_pczt + finalize_deshield IPC commands, transparent address decoding (P2PKH/P2SH), hybrid v5 tx serialization with transparent outputs. Backend: zcash-deshield.ts tx builder, zcashDeshieldZec RPC method. Frontend: "Unshield to Transparent" section in Privacy tab with address validation, amount input, max button, and progress feedback.
…hield 1. Base58Check checksum verification in transparent address decoder — rejects typo'd t1/t3 addresses before building the output script, preventing funds from being sent to invalid addresses. 2. Deshield Max button now uses ZIP-317 fee estimation based on actual unspent note count instead of hardcoded 10000 zatoshis. Reads notes_unspent from balance response and computes 5000 * max(2, max(n_spends, 1) + 1). 3. Separate deshield-progress RPC message channel so deshield stage transitions don't leak into the shield UI state. Added dedicated useEffect listener that updates deshieldStep/deshieldResult.
feat: add Zcash deshielding (Orchard → transparent)
Desktop vault derives all pubkeys from the connected KeepKey, POSTs them to vault.keepkey.com/api/pairing, and displays a QR code + 8-char code for the mobile app to scan. Pubkey format matches Pioneer SDK expectations (addressNList, context, path, available_scripts_types). Also adds a Mobile panel (phone icon in TopNav) with an App Store QR code linking to https://apps.apple.com/us/app/keepkey-mobile/id6755204956, a "Pair Device" button, and feature overview. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
feat: mobile pairing + App Store QR panel
Replace all hardcoded USD/en-US formatting with the user's chosen currency and locale from FiatProvider. Removes legacy formatUsd(), updates AnimatedUsd to use fiat symbol, fixes i18n strings that hardcoded "$0.00 USD", and adds browser language auto-detection on first launch.
…review restored 1. Reports: stored values are USD — keep USD currency label, only use user's number_locale for digit separators (no relabeling bug). 2. AnimatedUsd: replace brittle separator guessing with CountUp's formattingFn backed by Intl.NumberFormat. Correctly handles fr-FR spaces, pl-PL suffix symbols, de-CH apostrophes, and 0-decimal currencies (JPY/KRW/HUF). 3. SendForm: zero preview now falls back to fmt(0) instead of fmtCompact(0) which returns '' for zero values.
The x86_64 DMG shipped ARM64 binaries because build-intel used arch -x86_64 on ARM64-only Bun — Rosetta can't force a native binary to produce cross-arch output. CI: - Add macos-14 (ARM64) and macos-13 (Intel) runners to build matrix - Build zcash-cli sidecar on macOS runners (Rust pre-installed) - Verify binary architecture post-build (lipo -archs on launcher+bun) - Create unsigned DMGs in CI for testing - Generate combined SHA256SUMS in release job Makefile: - Add verify-arch target (now a dependency of dmg) - Deprecate build-intel/build-signed-intel with clear explanation - Add sign-release: downloads CI artifacts, signs both archs, uploads - Add upload-all-dmgs convenience target
… stale/missing artifacts Three review fixes: 1. _sign-one-dmg now re-packs the signed .app into a tar.zst so auto-update payloads on the release are signed, not just the DMGs. sign-release uploads both DMGs and signed tar.zst files. 2. build-intel deprecation message corrected: references release/* or v* tag (not develop) since only those trigger the draft release job. 3. sign-release now: verifies the draft release exists before starting, cleans stale DMGs/tar.zst from artifacts/ before signing, fails hard if zero CI artifacts were downloaded, and verifies at least one DMG was produced.
zcash-cli uses prost-build which requires the protoc compiler. GitHub macOS runners don't include it by default.
Electrobun's build tooling is ARM64-only, so we can't build natively on Intel CI runners. Instead, build on ARM64 (macos-14) then create the x64 variant by downloading pre-built x64 Electrobun core binaries from GitHub and swapping them into the app bundle. - Remove macos-15-intel matrix entry (Electrobun can't run there) - Single macOS runner produces both arm64 and x64 artifacts - Downloads electrobun-core-darwin-x64.tar.gz matching installed version - Swaps launcher, bun, libNativeWrapper.dylib, libasar.dylib - Removes zcash-cli from x64 bundle (not supported on Intel) - Verifies x86_64 architecture before creating DMG
fix: CI macOS dual-arch builds + architecture verification
…mware updates) node-hid HID-darwin-x64 prebuild exists in the npm package but collect-externals strips it during ARM64 builds. The x64 variant needs it for firmware updates, bootloader recovery, and OOB setup.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Notable changes
CI/Build
make sign-releasesigns + notarizes + uploads both architecturesZcash
Mobile
Known limitations (v1.2.10)
Test plan