Merged
Conversation
Add 'cash sign-digest <hex>' command that signs a raw 32-byte digest
with the wallet's Schnorr key (BIP-340).
CLI Command (cli/src/commands/sign-digest.ts):
- Input validation (hex format, 64 char length)
- Normalization (strip 0x prefix, lowercase)
- Support for positional arg and --hex/--digest flags
- Detailed error messages with usage hints
- Daemon fallback when not running
- Proper ClwApiError handling
Daemon Route (cli/src/server.ts):
- POST /sign-digest endpoint
- Same validation as CLI
- Consistent response format with signatureFormat field
Unit Tests (test/sign-digest.test.ts):
- Missing digest rejection
- Invalid hex rejection
- Wrong length rejection (too short/long)
- 0x prefix handling
- --hex and --digest flag support
- Digest normalization
- Signature format validation
E2E Tests (test/e2e.test.ts):
- signDigest() combines sign-intent + sign in one call
- signDigest() signature is valid BIP-340 Schnorr (cryptographic verification)
- signDigest() with 0x prefix works
- signDigest() with invalid digest length throws
Usage:
cash sign-digest e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
cash sign-digest --hex 0xabc123...
Returns:
{
"digest": "...",
"signature": "...",
"publicKey": "...",
"signatureFormat": "BIP-340 Schnorr (64 bytes)"
}
Use case: Multi-agent Taproot multisig coordination where each agent
signs their BIP-341 sighash independently, then a coordinator
assembles the witness with OP_CHECKSIGADD.
All 61 tests pass (including cryptographic signature verification).
Tests: - Replace stub tests with complete assertions - Add input validation tests (missing, invalid, wrong length) - Add digest normalization tests (0x prefix, uppercase, mixed case) - Add input parsing tests (positional, --hex, --digest flags) - Add BIP-340 format validation tests - Add daemon route integration tests Docs: - Add sign-digest to command table - Add dedicated section with usage examples - Document output format and use cases
Addresses feedback from tiero - adds a safer alternative to sign-digest: - Parses PSBT to show transaction details before signing - Computes sighash automatically for each input - Returns updated PSBT with signatures added - Uses same scure-btc-signer library The sign-psbt command is recommended over sign-digest for production use as it prevents blind signing attacks.
Per tiero's feedback: - Remove sign-digest CLI command (prevents blind signing temptation) - Remove /sign-digest daemon route - Keep SDK signDigest method (used internally by sign-psbt) - Add comprehensive sign-psbt unit tests with test vectors - Add sign-psbt e2e tests for full scenario testing sign-psbt is the recommended way to sign - it parses the PSBT, shows transaction details, and prevents blind signing attacks.
- Add @scure/btc-signer and @scure/base as CLI dependencies - Add @scure/btc-signer and @scure/base as root dev dependencies for tests - Fix import path for tapLeafHash (@scure/btc-signer/payment.js) - Update tapLeafScript access for v2 API (tuple format) - Update tapScriptSig format for v2 API All 68 tests pass.
Deploying claw-cash-landing-page with
|
| Latest commit: |
cddd673
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://1758524e.claw-cash-landing-page.pages.dev |
| Branch Preview URL: | https://feat-sign-digest-command.claw-cash-landing-page.pages.dev |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces a new PSBT (Partially Signed Bitcoin Transaction) signing feature to the CLI, enabling secure Taproot multisig coordination. It also updates documentation and integrates new dependencies to support Bitcoin transaction parsing and signing. The main focus is on providing a safe, user-friendly way to sign Bitcoin transactions by parsing PSBTs and showing transaction details before signing, preventing blind signing attacks.
New PSBT Signing Feature
Added a new command
cash sign-psbtto the CLI for signing PSBTs, supporting both base64 and hex input formats, and displaying transaction details before signing. The command securely signs Taproot script-path inputs and updates the PSBT with signatures, ready for multisig coordination. (cli/src/commands/sign-psbt.ts,cli/src/index.ts,cli/README.md) [1] [2] [3] [4] [5]Updated the CLI help and documentation to describe the new
sign-psbtcommand, its usage, output format, and security rationale, emphasizing PSBT-aware signing as the recommended method. (cli/README.md,cli/src/index.ts) [1] [2]Dependency and Package Management
@scure/base,@scure/btc-signer, and@noble/secp256k1in bothpackage.jsonandpnpm-lock.yaml, ensuring the CLI can handle advanced Bitcoin transaction formats. (cli/package.json,package.json,pnpm-lock.yaml) [1] [2] [3] [4]