Refactor: Use new protobuf to compatible with different versions of protocols

[wabicai]

Summary by CodeRabbit

• New Features

  • Enhanced device information extraction and display, including detailed build IDs, firmware, hardware, and secure element (SE) data.
  • Added support for new protocol message versions and expanded device message schemas for improved compatibility.
  • Introduced new utility functions for unified device info parsing and protocol compatibility.

• Bug Fixes

  • Improved type safety and error handling in device info rendering and feature extraction.
  • Enhanced null and undefined value handling for safer UI rendering.

• Refactor

  • Centralized and streamlined device reboot, bootloader entry, and version extraction logic.
  • Replaced legacy firmware submodule with a new protocol submodule for better maintainability.
  • Unified device feature retrieval and post-processing to support multiple protocol versions.

• Chores

  • Updated submodule references and build scripts to use the new protocol source.
  • Expanded test coverage and updated test fixtures for renamed protocol messages.
  • Improved debug logging throughout device initialization and transport configuration.

• Documentation

  • Extended and clarified type definitions for device messages, protocols, and blockchain operations.

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

This update removes the old firmware submodule and adds a new onekey-protocol submodule. It refactors device info extraction, unifies feature handling, and updates protobuf message schemas and types. Several classes now use a new base for firmware updates, and device communication uses new message types and commands. Many type definitions are expanded or renamed for clarity and consistency.

Changes

File(s) / Path(s)	Change Summary
.gitmodules, submodules/firmware, submodules/onekey-protocol	Removed the firmware submodule and added the onekey-protocol submodule, updating paths and URLs accordingly.
packages/hd-transport/scripts/protobuf-build.sh	Updated script to use onekey-protocol as the protobuf source. Added logic to copy prebuilt messages if available. Adjusted proto combination for new namespaces.
packages/hd-transport/scripts/protobuf-types.js	Added mapping for float protobuf type to JavaScript number.
packages/hd-transport/tests/encode-decode.test.js, packages/hd-transport/tests/messages.test.js	Renamed test fixtures and message types from "Initialize" to "StartSession". Updated enums accordingly.
packages/hd-transport/src/serialization/protobuf/decode.ts	Improved type checks for field.resolvedType and added explicit handling for null resolved types.
packages/hd-transport/src/types/messages.ts	Major expansion and update of message types, enums, and interfaces. Added new device, firmware, blockchain, and protocol types. Renamed and removed deprecated types. Updated many fields to be required.
packages/hd-transport-http/src/index.ts	Added debug logging. Changed timeout logic to trigger on "StartSession" instead of "Initialize".
packages/core/src/api/FirmwareUpdateV2.ts, packages/core/src/api/device/DeviceRebootToBoardloader.ts, packages/core/src/api/device/DeviceRebootToBootloader.ts, packages/core/src/api/device/DeviceUpdateReboot.ts	Refactored classes to extend FirmwareUpdateBaseMethod. Centralized reboot logic via new reboot method. Removed or updated local bootloader entry/check logic.
packages/core/src/api/FirmwareUpdateV3.ts	Disabled bootloader version error, changed firmware update path, and updated device reconnection command from "Initialize" to "StartSession".
packages/core/src/api/GetOnekeyFeatures.ts	Replaced legacy feature fetch with conditional logic based on message version. Removed firmware version fix logic.
packages/core/src/api/firmware/FirmwareUpdateBaseMethod.ts	Added a new reboot method for device reboots. Refactored enterBootloaderMode to use this method. Made some methods public. Improved error handling and logging.
packages/core/src/api/firmware/bootloaderHelper.ts	Updated bootloader version check to use a utility function for version extraction.
packages/core/src/api/firmware/uploadFirmware.ts	Changed device session start from "Initialize" with timeout to "StartSession" with parameters. Removed race logic.
packages/core/src/api/test/TestInitializeDeviceDuration.ts	Switched device command from "Initialize" to "StartSession".
packages/core/src/data-manager/DataManager.ts	Added support for message version 'v2' and included its JSON schema.
packages/core/src/data-manager/MessagesConfig.ts	Changed message version mapping for device models to use 'v2' instead of 'latest'.
packages/core/src/data-manager/TransportManager.ts	Enhanced debug logging with message version info.
packages/core/src/data/messages/messages_legacy_v1.json	Renamed message and enum from "Initialize" to "StartSession".
packages/core/src/device/Device.ts	Changed feature retrieval to use "StartSession" with parameters. Added post-processing for features. Improved feature update logic and logging.
packages/core/src/device/utils.ts	Added cherryPickFeaturesParams utility for feature request parameters.
packages/core/src/types/api/cardano.ts	Changed a property type in CardanoCVoteRegistrationParameters to use the new enum.
packages/core/src/types/api/deviceRebootToBoardloader.ts	Changed type alias for parameters from a specific type to object.
packages/core/src/types/api/deviceRecovery.ts	Updated recovery type property to use a new enum.
packages/core/src/types/device.ts	Changed OnekeyFeatures type alias to reference PROTO.Features.
packages/core/src/utils/deviceFeaturesUtils.ts	Added shortcut for message version detection. Improved version fixing logic and type safety.
packages/core/src/utils/deviceInfoUtils.ts	Refactored device info extraction to use new utility functions for hardware and firmware info.
packages/core/src/utils/deviceUtils.ts	Refactored device info extraction to use consolidated utility functions. Simplified null handling and info retrieval.
packages/core/src/utils/deviceVersionUtils.ts	Centralized version extraction using a new utility function. Removed legacy fallback logic.
packages/core/src/utils/findDefectiveBatchDevice.ts	Refactored to use new utility functions for serial number and SE version extraction.
packages/core/src/utils/index.ts	Added exports for new hardware, firmware, and SE info utility functions.
packages/core/src/utils/onekeyInfoUtils.ts	New module providing functions to extract and normalize hardware, firmware, and SE info from features. Added merging logic for old and new feature formats.
packages/connect-examples/expo-example/src/components/BaseTestRunner/Context/TestRunnerProvider.tsx	Changed type annotations for device features from a specific type to any. Updated state and context accordingly.
packages/connect-examples/expo-example/src/components/BaseTestRunner/useRunnerTest.ts	Removed a TypeScript error suppression comment.
packages/connect-examples/expo-example/src/utils/deviceUtils.ts	Refactored device info retrieval to use new consolidated utility functions. Simplified function signatures and logic.
packages/connect-examples/expo-example/src/views/FirmwareScreen/DeviceField.tsx	Improved null checks and type assertions. Updated conditional rendering logic for field values.
packages/connect-examples/expo-example/src/views/FirmwareScreen/ExportDeviceInfo.tsx	Removed use of secondary features object. Refined type safety and extended SE info keys.
packages/connect-examples/expo-example/src/views/FirmwareScreen/index.tsx	Merged feature objects before extracting device info. Appended build IDs to version strings in UI.

Sequence Diagram(s)

sequenceDiagram
    participant App
    participant Device
    participant FirmwareUpdateBaseMethod
    participant TransportManager

    App->>Device: StartSession({ ok_dev_info_req })
    Device->>Device: fixFeaturesBetweenProtocol()
    Device->>TransportManager: reconfigure(features)
    Device-->>App: features

    App->>FirmwareUpdateBaseMethod: enterBootloaderMode()
    FirmwareUpdateBaseMethod->>Device: reboot(BootLoader)
    Device-->>FirmwareUpdateBaseMethod: Success/Error (logs error, continues)
    FirmwareUpdateBaseMethod->>Device: check bootloader status
    FirmwareUpdateBaseMethod->>TransportManager: clear device cache
    FirmwareUpdateBaseMethod-->>App: Bootloader mode entered

    App->>FirmwareUpdateBaseMethod: reboot(OneKeyRebootType)
    FirmwareUpdateBaseMethod->>Device: typedCall (command depends on message version)
    Device-->>FirmwareUpdateBaseMethod: Success/Error (logs error, continues)

Loading

sequenceDiagram
    participant App
    participant Device
    participant onekeyInfoUtils

    App->>Device: getFeatures()
    Device->>Device: StartSession({ ok_dev_info_req: { factory, normal } })
    Device->>Device: fixFeaturesBetweenProtocol()
    Device->>onekeyInfoUtils: getHardwareInfoFromFeatures()
    Device->>onekeyInfoUtils: getFirmwareInfoFromFeatures()
    Device->>onekeyInfoUtils: getSeInfoFromFeatures()
    Device-->>App: features (normalized)

Loading

sequenceDiagram
    participant App
    participant DataManager

    App->>DataManager: get messages for version
    DataManager-->>App: messages (latest, v1, or v2)

Loading

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary or Summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 32

🔭 Outside diff range comments (5)

packages/core/src/types/api/cardano.ts (3)

141-162: 🛠️ Refactor suggestion

Naming inconsistency needs attention

While you updated the format property type, other related names remain inconsistent. The interface is still called CardanoCVoteRegistrationParameters and uses CardanoCVoteRegistrationDelegation. These should be renamed to match the new Governance prefix pattern.

-export interface CardanoCVoteRegistrationDelegation {
+export interface CardanoGovernanceRegistrationDelegation {
   votePublicKey: string;
   weight: number;
 }

-export interface CardanoCVoteRegistrationParameters {
+export interface CardanoGovernanceRegistrationParameters {
   votePublicKey?: string;
   stakingPath: string | number[];
   paymentAddressParameters: CardanoAddressParameters;
   nonce: string;
   format?: PROTO.CardanoGovernanceRegistrationFormat;
-  delegations?: CardanoCVoteRegistrationDelegation[];
+  delegations?: CardanoGovernanceRegistrationDelegation[];
   votingPurpose?: number;
   paymentAddress?: string;
 }

---

164-167: 🛠️ Refactor suggestion

Additional naming update needed

Update this interface to use the new governance naming pattern.

 export interface CardanoAuxiliaryData {
   hash?: string;
-  cVoteRegistrationParameters?: CardanoCVoteRegistrationParameters;
+  governanceRegistrationParameters?: CardanoGovernanceRegistrationParameters;
 }

---

202-206: 🛠️ Refactor suggestion

Rename field to match naming pattern

Update cVoteRegistrationSignature to governanceRegistrationSignature for consistency.

 export interface CardanoAuxiliaryDataSupplement {
   type: PROTO.CardanoTxAuxiliaryDataSupplementType;
   auxiliaryDataHash: string;
-  cVoteRegistrationSignature?: string;
+  governanceRegistrationSignature?: string;
 }

packages/core/src/device/Device.ts (1)

360-384: 🧹 Nitpick (assertive)

Swap console.error for the project logger

Raw console.error calls pollute stdout and can hurt performance on mobile. Use Log.debug/Log.error (already imported) or remove the statement.

-console.error('======> StartSession', options);
+Log.debug('StartSession', options);

packages/core/src/api/FirmwareUpdateV2.ts (1)

126-166: ⚠️ Potential issue

Undeclared methods – compile will fail

_promptDeviceInBootloaderForWebDevice and _checkDeviceInBootloaderMode no longer exist after the refactor to FirmwareUpdateBaseMethod.
Calls here will break the build.

-            const confirmed = await this._promptDeviceInBootloaderForWebDevice();
+            const confirmed = await this.promptDeviceInBootloaderForWebDevice();

...
-          await this._checkDeviceInBootloaderMode(connectId, intervalTimer, timeoutTimer);
+          await this.checkDeviceInBootloaderMode(connectId, intervalTimer, timeoutTimer);

Do the same replacement for the call in the else branch below.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7b0cba7 and b3ee0be.

📒 Files selected for processing (43)

• .gitmodules (1 hunks)
• packages/connect-examples/expo-example/src/components/BaseTestRunner/Context/TestRunnerProvider.tsx (3 hunks)
• packages/connect-examples/expo-example/src/components/BaseTestRunner/useRunnerTest.ts (0 hunks)
• packages/connect-examples/expo-example/src/utils/deviceUtils.ts (4 hunks)
• packages/connect-examples/expo-example/src/views/FirmwareScreen/DeviceField.tsx (3 hunks)
• packages/connect-examples/expo-example/src/views/FirmwareScreen/ExportDeviceInfo.tsx (6 hunks)
• packages/connect-examples/expo-example/src/views/FirmwareScreen/index.tsx (2 hunks)
• packages/core/src/api/FirmwareUpdateV2.ts (7 hunks)
• packages/core/src/api/FirmwareUpdateV3.ts (3 hunks)
• packages/core/src/api/GetOnekeyFeatures.ts (2 hunks)
• packages/core/src/api/device/DeviceRebootToBoardloader.ts (2 hunks)
• packages/core/src/api/device/DeviceRebootToBootloader.ts (2 hunks)
• packages/core/src/api/device/DeviceUpdateBootloader.ts (1 hunks)
• packages/core/src/api/device/DeviceUpdateReboot.ts (1 hunks)
• packages/core/src/api/firmware/FirmwareUpdateBaseMethod.ts (5 hunks)
• packages/core/src/api/firmware/bootloaderHelper.ts (2 hunks)
• packages/core/src/api/firmware/uploadFirmware.ts (2 hunks)
• packages/core/src/api/test/TestInitializeDeviceDuration.ts (2 hunks)
• packages/core/src/data-manager/DataManager.ts (3 hunks)
• packages/core/src/data-manager/MessagesConfig.ts (1 hunks)
• packages/core/src/data-manager/TransportManager.ts (2 hunks)
• packages/core/src/data/messages/messages_legacy_v1.json (2 hunks)
• packages/core/src/device/Device.ts (6 hunks)
• packages/core/src/device/utils.ts (1 hunks)
• packages/core/src/types/api/cardano.ts (1 hunks)
• packages/core/src/types/api/deviceRebootToBoardloader.ts (1 hunks)
• packages/core/src/types/api/deviceRecovery.ts (2 hunks)
• packages/core/src/types/device.ts (1 hunks)
• packages/core/src/utils/deviceFeaturesUtils.ts (3 hunks)
• packages/core/src/utils/deviceInfoUtils.ts (3 hunks)
• packages/core/src/utils/deviceVersionUtils.ts (2 hunks)
• packages/core/src/utils/findDefectiveBatchDevice.ts (1 hunks)
• packages/core/src/utils/index.ts (1 hunks)
• packages/core/src/utils/onekeyInfoUtils.ts (1 hunks)
• packages/hd-transport-http/src/index.ts (2 hunks)
• packages/hd-transport/__tests__/encode-decode.test.js (1 hunks)
• packages/hd-transport/__tests__/messages.test.js (3 hunks)
• packages/hd-transport/scripts/protobuf-build.sh (3 hunks)
• packages/hd-transport/scripts/protobuf-types.js (1 hunks)
• packages/hd-transport/src/serialization/protobuf/decode.ts (2 hunks)
• packages/hd-transport/src/types/messages.ts (75 hunks)
• submodules/firmware (0 hunks)
• submodules/onekey-protocol (1 hunks)

💤 Files with no reviewable changes (2)

• packages/connect-examples/expo-example/src/components/BaseTestRunner/useRunnerTest.ts
• submodules/firmware

🧰 Additional context used

🧬 Code Graph Analysis (13)

packages/hd-transport-http/src/index.ts (3)

packages/hd-transport/src/serialization/send.ts (1)

• buildOne (13-22)

packages/shared/src/HardwareError.ts (1)

• HardwareErrorCode (46-402)

packages/hd-transport/src/serialization/receive.ts (1)

• receiveOne (8-18)

packages/core/src/api/firmware/bootloaderHelper.ts (2)

packages/core/src/utils/deviceVersionUtils.ts (1)

• getDeviceBoardloaderVersion (52-58)

packages/core/src/utils/index.ts (1)

• getDeviceBoardloaderVersion (15-15)

packages/core/src/types/device.ts (1)

packages/hd-transport/src/types/messages.ts (1)

• Features (2406-2463)

packages/core/src/api/GetOnekeyFeatures.ts (4)

packages/core/src/utils/deviceFeaturesUtils.ts (1)

• getSupportMessageVersion (14-56)

packages/core/src/types/device.ts (1)

• Features (79-79)

packages/hd-transport/src/types/messages.ts (2)

• Features (2406-2463)
• MessageKey (5028-5028)

packages/core/src/device/utils.ts (1)

• cherryPickFeaturesParams (4-25)

packages/hd-transport/scripts/protobuf-build.sh (2)

packages/hd-transport/__tests__/messages.test.js (1)

• json (8-58)

packages/hd-transport/scripts/protobuf-types.js (1)

• json (9-9)

packages/core/src/utils/findDefectiveBatchDevice.ts (3)

packages/core/src/types/device.ts (1)

• Features (79-79)

packages/hd-transport/src/types/messages.ts (1)

• Features (2406-2463)

packages/core/src/utils/onekeyInfoUtils.ts (2)

• getHardwareInfoFromFeatures (148-169)
• getSeInfoFromFeatures (171-280)

packages/core/src/utils/deviceFeaturesUtils.ts (1)

packages/core/src/data-manager/DataManager.ts (1)

• DataManager (33-357)

packages/connect-examples/expo-example/src/views/FirmwareScreen/DeviceField.tsx (2)

packages/connect-examples/expo-example/src/views/FirmwareScreen/DeviceFieldContext.ts (1)

• useDeviceFieldContext (17-19)

packages/connect-examples/expo-example/src/provider/MediaProvider.tsx (1)

• useMedia (20-20)

packages/connect-examples/expo-example/src/views/FirmwareScreen/index.tsx (3)

packages/connect-examples/expo-example/src/utils/deviceUtils.ts (1)

• getDeviceBasicInfo (50-99)

packages/hd-transport/src/types/messages.ts (1)

• Features (2406-2463)

packages/connect-examples/expo-example/src/views/FirmwareScreen/DeviceField.tsx (1)

• DeviceField (74-77)

packages/core/src/device/utils.ts (2)

packages/core/src/device/Device.ts (1)

• IFeaturesType (55-58)

packages/hd-transport/src/types/messages.ts (2)

• OneKeyInfoTargets (3612-3621)
• OneKeyInfoTypes (3624-3629)

packages/core/src/utils/deviceInfoUtils.ts (3)

packages/core/src/utils/onekeyInfoUtils.ts (2)

• getHardwareInfoFromFeatures (148-169)
• getFirmwareInfoFromFeatures (69-147)

packages/core/src/types/device.ts (1)

• Features (79-79)

packages/hd-transport/src/types/messages.ts (1)

• Features (2406-2463)

packages/core/src/api/device/DeviceUpdateReboot.ts (3)

packages/core/src/api/firmware/FirmwareUpdateBaseMethod.ts (1)

• FirmwareUpdateBaseMethod (32-451)

packages/hd-transport/src/types/messages.ts (1)

• DeviceBackToBoot (827-827)

packages/core/src/events/ui-request.ts (1)

• UI_REQUEST (8-44)

packages/connect-examples/expo-example/src/utils/deviceUtils.ts (3)

packages/core/src/types/device.ts (1)

• Features (79-79)

packages/hd-transport/src/types/messages.ts (1)

• Features (2406-2463)

packages/core/src/utils/onekeyInfoUtils.ts (3)

• getFirmwareInfoFromFeatures (69-147)
• getHardwareInfoFromFeatures (148-169)
• getSeInfoFromFeatures (171-280)

🪛 Biome (1.9.4)

packages/core/src/data-manager/TransportManager.ts

[error] 62-62: Using this in a static context can be confusing.

this refers to the class.
Unsafe fix: Use the class name instead.

(lint/complexity/noThisInStatic)

packages/connect-examples/expo-example/src/views/FirmwareScreen/DeviceField.tsx

[error] 45-45: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

packages/hd-transport/src/types/messages.ts

[error] 143-143: Don't use '{}' as a type.

Prefer explicitly define the object shape. '{}' means "any non-nullable value".

(lint/complexity/noBannedTypes)

---

[error] 245-245: Don't use '{}' as a type.

Prefer explicitly define the object shape. '{}' means "any non-nullable value".

(lint/complexity/noBannedTypes)

---

[error] 788-788: Don't use '{}' as a type.

Prefer explicitly define the object shape. '{}' means "any non-nullable value".

(lint/complexity/noBannedTypes)

---

[error] 824-824: Don't use '{}' as a type.

Prefer explicitly define the object shape. '{}' means "any non-nullable value".

(lint/complexity/noBannedTypes)

---

[error] 827-827: Don't use '{}' as a type.

Prefer explicitly define the object shape. '{}' means "any non-nullable value".

(lint/complexity/noBannedTypes)

---

[error] 830-830: Don't use '{}' as a type.

Prefer explicitly define the object shape. '{}' means "any non-nullable value".

(lint/complexity/noBannedTypes)

---

[error] 887-887: Don't use '{}' as a type.

Prefer explicitly define the object shape. '{}' means "any non-nullable value".

(lint/complexity/noBannedTypes)

---

[error] 1586-1586: Don't use '{}' as a type.

Prefer explicitly define the object shape. '{}' means "any non-nullable value".

(lint/complexity/noBannedTypes)

---

[error] 1589-1589: Don't use '{}' as a type.

Prefer explicitly define the object shape. '{}' means "any non-nullable value".

(lint/complexity/noBannedTypes)

---

[error] 2466-2466: Don't use '{}' as a type.

Prefer explicitly define the object shape. '{}' means "any non-nullable value".

(lint/complexity/noBannedTypes)

---

[error] 2695-2695: Don't use '{}' as a type.

Prefer explicitly define the object shape. '{}' means "any non-nullable value".

(lint/complexity/noBannedTypes)

---

[error] 2714-2714: Don't use '{}' as a type.

Prefer explicitly define the object shape. '{}' means "any non-nullable value".

(lint/complexity/noBannedTypes)

---

[error] 2717-2717: Don't use '{}' as a type.

Prefer explicitly define the object shape. '{}' means "any non-nullable value".

(lint/complexity/noBannedTypes)

---

[error] 2870-2870: Don't use '{}' as a type.

Prefer explicitly define the object shape. '{}' means "any non-nullable value".

(lint/complexity/noBannedTypes)

---

[error] 3119-3119: Don't use '{}' as a type.

Prefer explicitly define the object shape. '{}' means "any non-nullable value".

(lint/complexity/noBannedTypes)

---

[error] 3179-3179: Don't use '{}' as a type.

Prefer explicitly define the object shape. '{}' means "any non-nullable value".

(lint/complexity/noBannedTypes)

---

[error] 4388-4388: Don't use '{}' as a type.

Prefer explicitly define the object shape. '{}' means "any non-nullable value".

(lint/complexity/noBannedTypes)

🪛 Shellcheck (0.10.0)

packages/hd-transport/scripts/protobuf-build.sh

[info] 46-46: Double quote to prevent globbing and word splitting.

(SC2086)

---

[info] 47-47: Double quote to prevent globbing and word splitting.

(SC2086)

---

[info] 50-50: Double quote to prevent globbing and word splitting.

(SC2086)

---

[info] 58-58: Double quote to prevent globbing and word splitting.

(SC2086)

---

[info] 70-70: Double quote to prevent globbing and word splitting.

(SC2086)

---

[info] 70-70: Double quote to prevent globbing and word splitting.

(SC2086)

---

[info] 71-71: Double quote to prevent globbing and word splitting.

(SC2086)

🔇 Additional comments (64)

packages/core/src/types/api/cardano.ts (1)

158-158: Type update looks good

The change from PROTO.CardanoCVoteRegistrationFormat to PROTO.CardanoGovernanceRegistrationFormat aligns with the broader renaming of Cardano governance types mentioned in the PR summary.

submodules/onekey-protocol (1)

1-1: Pin onekey-protocol submodule to correct commit
The subproject file now references commit 8f7a537fc0950866d43da08d4fca76f4635ccdd3, matching the updated .gitmodules.

packages/core/src/api/device/DeviceUpdateBootloader.ts (1)

9-9: Imports reduced to only what's needed.

Good job simplifying the import statement to include only the necessary checkBootloaderLength function. This improves code clarity and reduces bundle size.

packages/hd-transport/scripts/protobuf-types.js (1)

24-24: Support for protobuf float type added.

Adding the float to number mapping completes the protobuf primitive type conversion set. This enables proper handling of floating-point values in protobuf definitions.

packages/hd-transport/__tests__/encode-decode.test.js (1)

94-97: Message name updated from "Initialize" to "StartSession".

The fixture update aligns with the protocol-level message rename. This change maintains consistency across the codebase.

packages/hd-transport/__tests__/messages.test.js (3)

10-10: Protocol message renamed from "Initialize" to "StartSession"

The message schema has been renamed to improve clarity about its purpose - starting a session rather than general initialization.

---

54-54: MessageType enum value updated to match renamed message

Consistent renaming of the enum value to match the message type name change.

---

63-63: Test case updated to use new message name

Test case properly updated to use the new message name.

packages/core/src/types/api/deviceRecovery.ts (2)

1-1: Import updated to use the new RecoveryType

Import correctly updated to use the new type name.

---

11-11: Type definition updated to match imported type

Parameter type properly updated to use RecoveryType.

packages/core/src/utils/index.ts (1)

38-42:

✅ Verification successful

New utility functions exported for device info extraction

Good addition of utility functions that centralize device feature extraction.

---

🏁 Script executed:

#!/bin/bash
# Check if the onekeyInfoUtils file exists
cat packages/core/src/utils/onekeyInfoUtils.ts | head -20

Length of output: 576

---

🏁 Script executed:

#!/bin/bash
set -e
file="packages/core/src/utils/onekeyInfoUtils.ts"
echo "Searching for utility function definitions in $file"
grep -n "getHardwareInfoFromFeatures" $file || echo "getHardwareInfoFromFeatures not found"
grep -n "getFirmwareInfoFromFeatures" $file || echo "getFirmwareInfoFromFeatures not found"
grep -n "getSeInfoFromFeatures" $file || echo "getSeInfoFromFeatures not found"

Length of output: 872

---

Verification Complete – Exports Match Definitions
All three utilities—getHardwareInfoFromFeatures, getFirmwareInfoFromFeatures, and getSeInfoFromFeatures—are defined in onekeyInfoUtils.ts and correctly re-exported in utils/index.ts. No further action needed.

packages/hd-transport-http/src/index.ts (1)

121-121: Protocol update from 'Initialize' to 'StartSession'.

The timeout condition correctly reflects the protocol update where 'Initialize' was renamed to 'StartSession'.

packages/core/src/api/test/TestInitializeDeviceDuration.ts (1)

18-18: Protocol update from 'Initialize' to 'StartSession'.

The command name update is correct, and the empty object parameter matches the new API signature.

packages/core/src/data-manager/MessagesConfig.ts (1)

13-13: Explicit version labeling improves clarity.

Changing from 'latest' to 'v2' makes the version requirements more explicit and less ambiguous.

Also applies to: 17-17

packages/core/src/data/messages/messages_legacy_v1.json (2)

4831-4849: Great rename of Initialize to StartSession.
You’ve preserved the original numeric ID (0) and deprecated the old field. The structure is concise and clear.

---

9235-9236:

✅ Verification successful

Verify no leftover Initialize references.
Ensure all code and tests now use StartSession. Run this script to catch any stray mentions:

---

🏁 Script executed:

#!/bin/bash
# Find any remaining "Initialize" in the repo
rg -n '"Initialize\b"'

Length of output: 24

---

No leftover “Initialize” references found
RG returned no matches. All code and tests now use StartSession.

packages/core/src/data-manager/DataManager.ts (3)

6-6: Import added for the new v2 legacy messages.

This import brings in the new protobuf message definitions needed for the v2 protocol support.

---

31-31: Type definition updated to include the new v2 message version.

The MessageVersion type now correctly includes 'v2' alongside existing options.

---

68-68: Added v2 message version to the static messages dictionary.

Good implementation - follows the existing pattern for message version support.

packages/hd-transport/src/serialization/protobuf/decode.ts (4)

48-49: Improved type safety for enum fields.

Added explicit property check before accessing valuesById on field.resolvedType.

---

50-51: Enhanced type check for message fields.

The code now verifies that field.resolvedType exists and has a 'fields' property before attempting to access it.

---

59-60: Better type checking for enum resolution.

Similar to the repeated fields section, this improves safety when handling enum types.

---

63-66: Added comprehensive type checks and null handling.

This change improves error prevention by:

1. Checking for the existence of resolvedType and its fields property
2. Adding explicit handling for null resolved types

Good defensive programming that prevents potential runtime errors.

packages/core/src/api/firmware/uploadFirmware.ts (2)

27-28: Added imports for new feature parameter utilities.

These utility functions support the updated device session initialization.

---

245-247: Replaced race pattern with direct StartSession call.

This change:

1. Replaces the Initialize command with the new StartSession command
2. Removes the timeout-based race pattern
3. Explicitly requests specific features with cherryPickFeaturesParams

The code is now cleaner and uses the modern protocol command.

packages/core/src/utils/findDefectiveBatchDevice.ts (3)

2-2: Updated imports to use the new utility functions.

Good move to import the centralized feature extraction utilities.

---

6-7: Refactored to use utility functions instead of direct property access.

Now uses getHardwareInfoFromFeatures and getSeInfoFromFeatures to extract device data. This approach better handles differences between protocol versions.

---

11-11: Updated condition to use extracted SE version property.

Now references se01Version from the utility function rather than directly accessing feature properties.

packages/core/src/api/firmware/bootloaderHelper.ts (1)

4-4: Good move: centralizing version parsing

Switching to getDeviceBoardloaderVersion and getDeviceType keeps all version/feature parsing logic in one place, which cuts duplication and future‐proofs maintenance.

packages/core/src/api/device/DeviceRebootToBootloader.ts (3)

1-2: Import updates align with new class inheritance

The imports now include OneKeyRebootType for specifying reboot types and FirmwareUpdateBaseMethod as the new parent class.

---

5-5: Class now extends FirmwareUpdateBaseMethod

The class inheritance change unifies reboot handling with other firmware update methods, improving consistency.

---

23-23: Standardized reboot method call

Using the base class's reboot method with OneKeyRebootType.BootLoader centralizes reboot logic and improves maintainability.

packages/hd-transport/scripts/protobuf-build.sh (3)

9-10: Updated source path to use onekey-protocol

The source directory correctly points to the new submodule path.

---

33-42: Added optimization to reuse existing messages.json

Smart performance improvement that checks if a pre-built messages.json already exists in the submodule.

---

82-82: Added completion message

Helpful confirmation for users that the build process finished.

packages/core/src/utils/deviceFeaturesUtils.ts (3)

23-28: Added shortcut for new protocol version detection

Smart optimization that returns the latest message version immediately when the device supports the new protocol.

---

231-232: Enhanced version fallback handling

The fixVersion function now safely handles undefined inputs by returning a default version.

---

257-259: Consistent version normalization for onekey_version

Same fix applied to the onekey_version field for complete consistency.

packages/connect-examples/expo-example/src/views/FirmwareScreen/DeviceField.tsx (3)

13-17: Strengthened empty value detection

The isNil function now checks both null and undefined values, and safely calls trim() only when available.

---

24-24: Safer type casting for features access

Using unknown as an intermediate type offers better type safety when accessing dynamic feature properties.

---

58-58: Added null fallback for text rendering

Using fieldValue ?? '' ensures we always render a valid string, preventing rendering issues.

packages/connect-examples/expo-example/src/views/FirmwareScreen/ExportDeviceInfo.tsx (8)

2-2: Great addition of explicit type import.

Adding the Features type import improves type safety throughout the component.

---

8-9: Uncommented first array entry properly.

Fixed the previously commented-out device_id and label fields in deviceInfoKeys.

---

28-62: Good expansion of device SE info keys.

Adding the type fields (onekey_se0X_type) to each SE device array improves the completeness of exported device information.

---

82-82: Simplified device context usage.

Removing reliance on separate onekeyFeatures object streamlines the code.

---

84-84: Improved type safety with keyof operator.

The getFieldValue function now accepts keys strictly of type keyof Features, preventing potential runtime errors.

---

96-96: Simplified API call.

Updated getDeviceBasicInfo call to only use features parameter, aligning with the unified feature handling approach.

---

134-135: Added necessary type casting.

Proper type casting ensures type safety when accessing dynamic properties from the features object.

---

147-148: Consistent type casting approach.

Maintaining the same type casting pattern for SE info keys as used for device info keys.

packages/core/src/device/utils.ts (2)

1-3: Good imports for feature parameter building.

Importing the necessary types for feature parameter cherry-picking.

---

4-25:

✅ Verification successful

Well-structured feature parameter builder.

The cherryPickFeaturesParams function cleanly builds feature request parameters based on the factory flag:

• Always includes basic targets (status, hw, fw, bt) and types (version, specific)
• Conditionally adds advanced targets (SE devices) and types (build_id, hash) when in factory mode

This supports the new protocol's selective feature request approach.

---

🏁 Script executed:

#!/bin/bash
# Check usage of this function to verify proper integration
rg -A 3 "cherryPickFeaturesParams" --type ts

Length of output: 2614

---

🏁 Script executed:

#!/bin/bash
# Locate the definition of IFeaturesType
rg -n "IFeaturesType" --type ts

Length of output: 291

---

🏁 Script executed:

#!/bin/bash
# Show full IFeaturesType definition
rg -A10 -B2 "export interface IFeaturesType" --type ts packages/core/src/device/Device.ts

Length of output: 345

---

✅ Approve cherryPickFeaturesParams integration

The function correctly builds feature request parameters:

• Always includes basic targets: status, hw, fw, bt
• Always includes basic types: version, specific
• Adds SE targets (se1–se4) and extra types (build_id, hash) when factory = true

We verified its usage in Device.ts, GetOnekeyFeatures.ts, and uploadFirmware.ts. No issues found.

packages/core/src/utils/deviceInfoUtils.ts (4)

6-6: Good import of centralized utility functions.

Importing the helper functions from onekeyInfoUtils centralizes feature extraction logic.

---

16-17: Improved hardware info extraction.

Refactored to use the centralized getHardwareInfoFromFeatures helper instead of direct property access, supporting both legacy and new feature formats.

---

86-88: Simplified BLE name retrieval.

Refactored to use getFirmwareInfoFromFeatures, which handles both old and new property formats consistently.

---

95-96: Streamlined device UUID extraction.

Using the centralized helper function improves maintainability and ensures consistent handling of both old and new serial number formats.

packages/core/src/api/device/DeviceUpdateReboot.ts (4)

1-3: Good imports for reboot functionality.

Added OneKeyRebootType enum and switched to FirmwareUpdateBaseMethod for centralized reboot handling.

---

6-6: Improved class inheritance.

Extending FirmwareUpdateBaseMethod gives access to centralized firmware update utilities.

---

10-10: Better UI control with BOOTLOADER restriction.

Adding UI_REQUEST.BOOTLOADER to notAllowDeviceMode prevents using this method when device is already in bootloader mode.

---

14-14: Simplified reboot implementation.

Using the base class's reboot method with OneKeyRebootType.BootLoader parameter:

• Supports different message versions
• Provides better error handling
• Follows the unified device reboot pattern

This is more robust than directly calling device commands.

packages/connect-examples/expo-example/src/views/FirmwareScreen/index.tsx (1)

402-405: Check merge order of feature objects

You spread features first and onekeyFeatures second, so any overlapping keys from OneKey will silently override the original features. This is probably fine, but please double-check that this is the intended precedence – especially for critical flags such as bootloader_mode.

packages/core/src/utils/deviceVersionUtils.ts (1)

1-58: Looks good

Refactor to getFirmwareInfoFromFeatures removes duplication and increases consistency.

packages/core/src/api/FirmwareUpdateV3.ts (1)

388-395: Ensure every device firmware supports StartSession

Older firmware used Initialize. Swapping to StartSession unconditionally may break reconnect on legacy devices. Consider a feature-based fallback.

await Promise.race([
  typedCall(supportsStartSession ? 'StartSession' : 'Initialize', 'Features', {}),
  // …
]);

packages/core/src/device/Device.ts (1)

381-384: Check for undefined before asking for message version

getSupportMessageVersion(this.features) receives undefined on the very first call to initialize, which may break inside that helper. Guard with a null-check or default.

Would you confirm that getSupportMessageVersion handles undefined safely? If not, wrap the call:

const { messageVersion } = getSupportMessageVersion(this.features ?? ({} as any));

packages/core/src/utils/onekeyInfoUtils.ts (1)

148-170: Guard empty hardware version

oldHardwareVersion is set to an empty string, then passed into fixVersion.
If fixVersion('') returns "0.0.0" it may overwrite a valid new-protocol version with a bogus default.

Consider:

const rawVersion = newHardwareVersion ?? oldHardwareVersion;
hardwareVersion: rawVersion ? fixVersion(rawVersion) : undefined,

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	elliptic@​6.5.4
	@​types/​react-native@​0.73.0
	@​react-native-community/​cli-plugin-metro@​12.3.6
	@​react-native/​gradle-plugin@​0.73.4
	@​types/​deep-freeze-strict@​1.1.2
	has-property-descriptors@​1.0.0 ⏵ 1.0.1
	es6-symbol@​3.1.4
	boolbase@​1.0.0
	is-core-module@​2.13.1 ⏵ 2.15.1	+1		+1
	@​types/​lodash.isequal@​4.5.8
	is-arrayish@​0.3.2
	@​types/​webpack@​5.28.5
	indexof@​0.0.1
	caller-path@​2.0.0
	detect-node@​2.1.0
	@​babel/​plugin-syntax-dynamic-import@​7.8.3
	@​babel/​plugin-syntax-private-property-in-object@​7.14.5
	@​expo/​sdk-runtime-versions@​1.0.0
	@​polkadot/​x-bigint@​13.1.1
	@​babel/​plugin-proposal-class-properties@​7.18.6
	@​sideway/​pinpoint@​2.0.0
	@​react-native/​metro-babel-transformer@​0.73.15
See 419 more rows in the dashboard

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click for details)
Warn		[email protected] has a Critical CVE. CVE: GHSA-vjh7-7g9h-fjfh Elliptic's private key extraction in ECDSA upon signing a malformed input (e.g. a string) (CRITICAL) Affected versions: <= 6.6.0 Patched version: 6.6.1 From: packages/connect-examples/expo-example/package.json → npm/[email protected] ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		[email protected] has a Critical CVE. CVE: GHSA-vjh7-7g9h-fjfh Elliptic's private key extraction in ECDSA upon signing a malformed input (e.g. a string) (CRITICAL) Affected versions: <= 6.6.0 Patched version: 6.6.1 From: packages/connect-examples/expo-example/yarn.lock → npm/[email protected] → npm/[email protected] ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		@polkadot/[email protected] has Obfuscated code. Confidence: 0.91 Location: Package overview From: packages/connect-examples/expo-example/package.json → npm/@polkadot/[email protected] ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@polkadot/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		[email protected] is Protestware or potentially unwanted behavior. Note: This package prints a protestware console message on install regarding Ukraine for users with Russian language locale From: packages/connect-examples/expo-example/yarn.lock → npm/[email protected] ℹ Read more on: This package | This alert | What is protestware? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Consider that consuming this package may come along with functionality unrelated to its primary purpose. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		[email protected] is Protestware or potentially unwanted behavior. Note: The script attempts to run a local post-install script, which could potentially contain malicious code. The error handling suggests that it is designed to fail silently, which is a common tactic in malicious scripts. From: packages/connect-examples/expo-example/yarn.lock → npm/[email protected] ℹ Read more on: This package | This alert | What is protestware? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Consider that consuming this package may come along with functionality unrelated to its primary purpose. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[wabicai]

@coderabbitai resolve

[coderabbitai]

✅ Actions performed

Comments resolved.