Vaults

[Rigidity]

Note

High Risk
Touches core wallet identity/storage, database schema, and coin/puzzle handling while adding new wallet types (vault/watch), increasing the chance of migration issues or subtle spend/sync regressions. Vault spending paths are partially unimplemented (todo!) and new selection restrictions may surface runtime errors in edge cases.

Overview
Adds multi-wallet types across the stack by replacing key-centric APIs with wallet-centric ones and introducing WalletRecord/WalletKind (BLS, Vault, Watch) in sage-api, updating OpenAPI/tauri bindings, and renaming endpoints (import_wallet, import_addresses, get_wallet(s), delete_wallet, rename_wallet).

Introduces initial vault and watch-only plumbing: database migration 0006_vaults.sql adds vault-related tables, the DB layer gains Vault asset/coin/p2-puzzle kinds plus "external" puzzles, the keychain can now store vault launcher IDs and watch puzzle hashes, and wallet sync/derivation logic is gated so only BLS wallets auto-derive addresses.

Frontend updates the login flow and wallet switcher to handle the new wallet types, adds screens for Watch Address import, a Keys management page, and stubbed Mint Vault/Recover Vault wizards; also refactors repeated duration and mnemonic UI into reusable DurationInput and MnemonicDisplay components.

^{Written by Cursor Bugbot for commit 021c349. This will update automatically on new commits. Configure here.}

[Rigidity]

bugbot run

[Rigidity]

@cursor review

[cursor]

Random fingerprint collision returns error instead of retrying

Low Severity

add_watch_p2_puzzle_hashes generates a random u32 fingerprint and returns KeychainError::KeyExists if it collides with an existing fingerprint. Since the fingerprint is random and the collision check doesn't retry, users could get an unexplained "Key already exists" error when importing a watch-only wallet, even though the addresses are unique. The add_vault method has the same issue deriving a fingerprint from launcher_id bytes.

 

[cursor]

Log message says "vault" for watch wallets too

Low Severity

The else branch on the matches!(wallet.info, WalletInfo::Bls { .. }) check covers both Vault and Watch wallet types, but the log message says "Wallet is a vault." Watch wallets would produce a misleading log entry, making debugging harder.

 

[cursor]

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

^{Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.}

[cursor]

Success toast used for unimplemented vault features

Medium Severity

toast.success is used to display "not yet implemented" messages in both MintVault and RecoverVault. After completing a multi-step wizard (generating and potentially saving mnemonics), users see a green success notification saying the feature doesn't work. This is actively misleading — toast.info or toast.warning would be appropriate for stub functionality.

Additional Locations (1)

• src/pages/RecoverVault.tsx#L69-L70

 

[cursor]

Details dialog shows empty Public Key for non-BLS

Low Severity

The "Wallet Details" dialog unconditionally renders the "Public Key" heading for all wallet types. For vault and watch wallets, info.type === 'bls' && info.public_key evaluates to false, leaving the heading visible with no content below it. The entire block needs to be conditional on info.type === 'bls'.