feat: add OneKey keyring #353

Akaryatrh · 2025-08-25T13:44:54Z

Adds OneKey keyring based on OneKey libraries.

Relates to feat: support OneKey Hardware metamask-extension#32739
Also replaces feat: support OneKey #335

Note

Adds OneKey hardware wallet support to the monorepo via a new keyring package.

New @metamask/eth-onekey-keyring package with OneKeyKeyring and OneKeyWebBridge using @onekeyfe/hd-web-sdk to handle PIN/passphrase UI, passphrase state, and transport switching
Implements unlock via xpub, HD path handling (default/BIP44/legacy), account pagination, and signing flows: transactions (incl. EIP-1559), personal messages, and EIP-712 typed data with address verification
Extensive Jest test suites for keyring and bridge, plus package configs (jest, tsconfig, typedoc), changelog, license, and README; updates root README, tsconfig references, and yarn.lock to include the new package

^{Written by Cursor Bugbot for commit 2d9d5c0. This will update automatically on new commits. Configure here.}

socket-security · 2025-08-25T13:45:09Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@onekeyfe/hd-shared@1.1.17-patch.1
	@types/bytebuffer@5.0.49
	@onekeyfe/hd-transport@1.1.17-patch.1
	@onekeyfe/hd-web-sdk@1.1.17-patch.1
	@onekeyfe/hd-core@1.1.17-patch.1

View full report

Akaryatrh · 2025-08-25T13:48:54Z

@metamaskbot publish-preview

github-actions · 2025-08-25T13:51:02Z

Preview builds have been published. See these instructions (from the core monorepo) for more information about preview builds.

Expand for full list of packages and versions.

{
  "@metamask-previews/account-api": "0.9.0-a18c779",
  "@metamask-previews/keyring-api": "20.1.0-a18c779",
  "@metamask-previews/eth-hd-keyring": "12.1.0-a18c779",
  "@metamask-previews/eth-ledger-bridge-keyring": "11.1.2-a18c779",
  "@metamask-previews/eth-onekey-keyring": "0.1.0-a18c779",
  "@metamask-previews/eth-qr-keyring": "0.0.0-a18c779",
  "@metamask-previews/eth-simple-keyring": "10.0.0-a18c779",
  "@metamask-previews/eth-trezor-keyring": "9.0.0-a18c779",
  "@metamask-previews/keyring-internal-api": "8.1.0-a18c779",
  "@metamask-previews/keyring-internal-snap-client": "6.0.0-a18c779",
  "@metamask-previews/eth-snap-keyring": "16.1.0-a18c779",
  "@metamask-previews/keyring-snap-client": "7.0.0-a18c779",
  "@metamask-previews/keyring-snap-sdk": "6.0.0-a18c779",
  "@metamask-previews/keyring-utils": "3.1.0-a18c779"
}

Akaryatrh · 2025-08-26T08:37:37Z

@metamaskbot publish-preview

github-actions · 2025-08-26T08:39:40Z

Preview builds have been published. See these instructions (from the core monorepo) for more information about preview builds.

Expand for full list of packages and versions.

{
  "@metamask-previews/account-api": "0.9.0-a621908",
  "@metamask-previews/keyring-api": "20.1.0-a621908",
  "@metamask-previews/eth-hd-keyring": "12.1.0-a621908",
  "@metamask-previews/eth-ledger-bridge-keyring": "11.1.2-a621908",
  "@metamask-previews/eth-onekey-keyring": "0.1.0-a621908",
  "@metamask-previews/eth-qr-keyring": "0.0.0-a621908",
  "@metamask-previews/eth-simple-keyring": "10.0.0-a621908",
  "@metamask-previews/eth-trezor-keyring": "9.0.0-a621908",
  "@metamask-previews/keyring-internal-api": "8.1.0-a621908",
  "@metamask-previews/keyring-internal-snap-client": "6.0.0-a621908",
  "@metamask-previews/eth-snap-keyring": "16.1.0-a621908",
  "@metamask-previews/keyring-snap-client": "7.0.0-a621908",
  "@metamask-previews/keyring-snap-sdk": "6.0.0-a621908",
  "@metamask-previews/keyring-utils": "3.1.0-a621908"
}

Akaryatrh · 2025-08-27T09:08:53Z

@metamaskbot publish-preview

github-actions · 2025-08-27T09:11:03Z

Preview builds have been published. See these instructions (from the core monorepo) for more information about preview builds.

Expand for full list of packages and versions.

{
  "@metamask-previews/account-api": "0.9.0-3e52ac6",
  "@metamask-previews/keyring-api": "20.1.0-3e52ac6",
  "@metamask-previews/eth-hd-keyring": "12.1.0-3e52ac6",
  "@metamask-previews/eth-ledger-bridge-keyring": "11.1.2-3e52ac6",
  "@metamask-previews/eth-onekey-keyring": "0.1.0-3e52ac6",
  "@metamask-previews/eth-qr-keyring": "0.0.0-3e52ac6",
  "@metamask-previews/eth-simple-keyring": "10.0.0-3e52ac6",
  "@metamask-previews/eth-trezor-keyring": "9.0.0-3e52ac6",
  "@metamask-previews/keyring-internal-api": "8.1.0-3e52ac6",
  "@metamask-previews/keyring-internal-snap-client": "6.0.0-3e52ac6",
  "@metamask-previews/eth-snap-keyring": "16.1.0-3e52ac6",
  "@metamask-previews/keyring-snap-client": "7.0.0-3e52ac6",
  "@metamask-previews/keyring-snap-sdk": "6.0.0-3e52ac6",
  "@metamask-previews/keyring-utils": "3.1.0-3e52ac6"
}

Akaryatrh · 2025-09-04T11:11:44Z

@metamaskbot publish-preview

Akaryatrh · 2025-09-04T11:36:45Z

@metamaskbot publish-preview

Akaryatrh · 2025-09-04T13:38:59Z

@metamaskbot publish-preview

github-actions · 2025-09-04T13:41:06Z

Preview builds have been published. See these instructions (from the core monorepo) for more information about preview builds.

Expand for full list of packages and versions.

{
  "@metamask-previews/account-api": "0.9.0-a4bb524",
  "@metamask-previews/keyring-api": "20.1.0-a4bb524",
  "@metamask-previews/eth-hd-keyring": "12.1.0-a4bb524",
  "@metamask-previews/eth-ledger-bridge-keyring": "11.1.2-a4bb524",
  "@metamask-previews/eth-onekey-keyring": "0.1.0-a4bb524",
  "@metamask-previews/eth-qr-keyring": "0.0.0-a4bb524",
  "@metamask-previews/eth-simple-keyring": "10.0.0-a4bb524",
  "@metamask-previews/eth-trezor-keyring": "9.0.0-a4bb524",
  "@metamask-previews/keyring-internal-api": "8.1.0-a4bb524",
  "@metamask-previews/keyring-internal-snap-client": "6.0.0-a4bb524",
  "@metamask-previews/eth-snap-keyring": "16.1.0-a4bb524",
  "@metamask-previews/keyring-snap-client": "7.0.0-a4bb524",
  "@metamask-previews/keyring-snap-sdk": "6.0.0-a4bb524",
  "@metamask-previews/keyring-utils": "3.1.0-a4bb524"
}

github-actions · 2026-01-08T10:28:43Z

Preview builds have been published. See these instructions (from the core monorepo) for more information about preview builds.

Expand for full list of packages and versions.

{
  "@metamask-previews/account-api": "0.12.0-ca02a28",
  "@metamask-previews/keyring-api": "21.3.0-ca02a28",
  "@metamask-previews/eth-hd-keyring": "13.0.0-ca02a28",
  "@metamask-previews/eth-ledger-bridge-keyring": "11.1.2-ca02a28",
  "@metamask-previews/eth-onekey-keyring": "0.1.0-ca02a28",
  "@metamask-previews/eth-qr-keyring": "1.1.0-ca02a28",
  "@metamask-previews/eth-simple-keyring": "11.0.0-ca02a28",
  "@metamask-previews/eth-trezor-keyring": "9.0.0-ca02a28",
  "@metamask-previews/keyring-internal-api": "9.1.1-ca02a28",
  "@metamask-previews/keyring-internal-snap-client": "8.0.1-ca02a28",
  "@metamask-previews/eth-snap-keyring": "18.0.2-ca02a28",
  "@metamask-previews/keyring-snap-client": "8.1.1-ca02a28",
  "@metamask-previews/keyring-snap-sdk": "7.1.1-ca02a28",
  "@metamask-previews/keyring-utils": "3.1.0-ca02a28"
}

Akaryatrh · 2026-01-09T10:27:39Z

@SocketSecurity ignore npm/async-function

Akaryatrh · 2026-01-09T10:31:29Z

@metamaskbot publish-preview

github-actions · 2026-01-09T10:33:22Z

Preview builds have been published. See these instructions (from the core monorepo) for more information about preview builds.

Expand for full list of packages and versions.

{
  "@metamask-previews/account-api": "0.12.0-ca5bb42",
  "@metamask-previews/keyring-api": "21.3.0-ca5bb42",
  "@metamask-previews/eth-hd-keyring": "13.0.0-ca5bb42",
  "@metamask-previews/eth-ledger-bridge-keyring": "11.1.2-ca5bb42",
  "@metamask-previews/eth-onekey-keyring": "0.1.0-ca5bb42",
  "@metamask-previews/eth-qr-keyring": "1.1.0-ca5bb42",
  "@metamask-previews/eth-simple-keyring": "11.0.0-ca5bb42",
  "@metamask-previews/eth-trezor-keyring": "9.0.0-ca5bb42",
  "@metamask-previews/keyring-internal-api": "9.1.1-ca5bb42",
  "@metamask-previews/keyring-internal-snap-client": "8.0.1-ca5bb42",
  "@metamask-previews/eth-snap-keyring": "18.0.2-ca5bb42",
  "@metamask-previews/keyring-snap-client": "8.1.1-ca5bb42",
  "@metamask-previews/keyring-snap-sdk": "7.1.1-ca5bb42",
  "@metamask-previews/keyring-utils": "3.1.0-ca5bb42"
}

cursor · 2026-01-09T10:36:06Z

packages/keyring-eth-onekey/src/onekey-keyring.ts

+              reject(new Error('signature doesnt match the right address'));
+            }
+            // eslint-disable-next-line promise/no-multiple-resolved
+            resolve(signature);


Missing return after reject causes double promise resolution

Medium Severity

In signPersonalMessage, when the recovered signature address doesn't match the expected account, reject() is called but execution continues and resolve(signature) is also invoked. The eslint-disable-next-line promise/no-multiple-resolved comment confirms this was caught by the linter but suppressed rather than fixed. While Promise semantics mean the rejection wins, calling both reject and resolve on the same promise is incorrect behavior and could lead to confusion or bugs if the code is modified later. A return statement is needed after the reject() call.

cursor · 2026-01-09T10:36:06Z

packages/keyring-eth-onekey/src/onekey-web-bridge.ts

+  #onUIEvent?: ((event: Unsuccessful['payload']) => void) | undefined;
+
+  #handleBlockErrorEvent(payload: Unsuccessful): void {
+    const { code } = payload.payload;


Missing null check causes crash in error handler

Medium Severity

The #handleBlockErrorEvent method immediately destructures payload.payload without a null check, but callers pass result after checking result?.success with optional chaining. This inconsistency means if an SDK method returns null or undefined, the optional chaining check passes (since undefined?.success is falsy), but then #handleBlockErrorEvent(result) crashes with a TypeError when accessing undefined.payload. The pattern repeats in getPublicKey, getPassphraseState, ethereumSignTransaction, ethereumSignMessage, and ethereumSignTypedData.

Additional Locations (2)

packages/keyring-eth-onekey/src/onekey-web-bridge.ts#L149-L150

packages/keyring-eth-onekey/src/onekey-web-bridge.ts#L177-L179

Akaryatrh · 2026-01-09T10:58:14Z

@SocketSecurity ignore npm/[email protected]

cursor · 2026-01-09T11:17:10Z

packages/keyring-eth-onekey/src/onekey-keyring.ts

+              reject(new Error('signature doesnt match the right address'));
+            }
+            // eslint-disable-next-line promise/no-multiple-resolved
+            resolve(signature);


Missing return after reject causes multiple promise settlements

Medium Severity

In signPersonalMessage, when the recovered address doesn't match the expected address, reject() is called but execution continues and resolve(signature) is also called. The eslint-disable comment for promise/no-multiple-resolved acknowledges this issue but masks it rather than fixing it. A return statement is needed after the reject() call to prevent the promise from being settled twice and to avoid returning an invalid signature path.

packages/keyring-eth-onekey/src/onekey-web-bridge.ts

Akaryatrh · 2026-01-09T13:45:48Z

@metamaskbot publish-preview

github-actions · 2026-01-09T13:47:51Z

Preview builds have been published. See these instructions (from the core monorepo) for more information about preview builds.

Expand for full list of packages and versions.

{
  "@metamask-previews/account-api": "0.12.0-e40d1ad",
  "@metamask-previews/keyring-api": "21.3.0-e40d1ad",
  "@metamask-previews/eth-hd-keyring": "13.0.0-e40d1ad",
  "@metamask-previews/eth-ledger-bridge-keyring": "11.1.2-e40d1ad",
  "@metamask-previews/eth-onekey-keyring": "0.1.0-e40d1ad",
  "@metamask-previews/eth-qr-keyring": "1.1.0-e40d1ad",
  "@metamask-previews/eth-simple-keyring": "11.0.0-e40d1ad",
  "@metamask-previews/eth-trezor-keyring": "9.0.0-e40d1ad",
  "@metamask-previews/keyring-internal-api": "9.1.1-e40d1ad",
  "@metamask-previews/keyring-internal-snap-client": "8.0.1-e40d1ad",
  "@metamask-previews/eth-snap-keyring": "18.0.2-e40d1ad",
  "@metamask-previews/keyring-snap-client": "8.1.1-e40d1ad",
  "@metamask-previews/keyring-snap-sdk": "7.1.1-e40d1ad",
  "@metamask-previews/keyring-utils": "3.1.0-e40d1ad"
}

Akaryatrh · 2026-01-21T09:40:44Z

@metamaskbot publish-preview

Akaryatrh · 2026-01-21T09:54:32Z

@metamaskbot publish-preview

Akaryatrh · 2026-01-21T10:17:45Z

@metamaskbot publish-preview

Akaryatrh · 2026-01-21T10:30:23Z

@metamaskbot publish-preview

github-actions · 2026-01-21T10:32:30Z

Preview builds have been published. See these instructions (from the core monorepo) for more information about preview builds.

Expand for full list of packages and versions.

{
  "@metamask-previews/account-api": "0.12.0-feb98c5",
  "@metamask-previews/hw-wallet-sdk": "0.2.0-feb98c5",
  "@metamask-previews/keyring-api": "21.3.0-feb98c5",
  "@metamask-previews/eth-hd-keyring": "13.0.0-feb98c5",
  "@metamask-previews/eth-ledger-bridge-keyring": "11.1.2-feb98c5",
  "@metamask-previews/eth-onekey-keyring": "0.1.0-feb98c5",
  "@metamask-previews/eth-qr-keyring": "1.1.0-feb98c5",
  "@metamask-previews/eth-simple-keyring": "11.0.0-feb98c5",
  "@metamask-previews/eth-trezor-keyring": "9.0.0-feb98c5",
  "@metamask-previews/keyring-internal-api": "9.1.1-feb98c5",
  "@metamask-previews/keyring-internal-snap-client": "8.0.1-feb98c5",
  "@metamask-previews/eth-snap-keyring": "18.0.2-feb98c5",
  "@metamask-previews/keyring-snap-client": "8.1.1-feb98c5",
  "@metamask-previews/keyring-snap-sdk": "7.1.1-feb98c5",
  "@metamask-previews/keyring-utils": "3.1.0-feb98c5"
}

cursor

Cursor Bugbot has reviewed your changes and found 1 potential issue.

packages/keyring-eth-onekey/src/onekey-keyring.ts

Akaryatrh · 2026-01-21T11:12:07Z

@metamaskbot publish-preview

github-actions · 2026-01-21T11:14:09Z

Preview builds have been published. See these instructions (from the core monorepo) for more information about preview builds.

Expand for full list of packages and versions.

{
  "@metamask-previews/account-api": "0.12.0-2d9d5c0",
  "@metamask-previews/hw-wallet-sdk": "0.2.0-2d9d5c0",
  "@metamask-previews/keyring-api": "21.3.0-2d9d5c0",
  "@metamask-previews/eth-hd-keyring": "13.0.0-2d9d5c0",
  "@metamask-previews/eth-ledger-bridge-keyring": "11.1.2-2d9d5c0",
  "@metamask-previews/eth-onekey-keyring": "0.1.0-2d9d5c0",
  "@metamask-previews/eth-qr-keyring": "1.1.0-2d9d5c0",
  "@metamask-previews/eth-simple-keyring": "11.0.0-2d9d5c0",
  "@metamask-previews/eth-trezor-keyring": "9.0.0-2d9d5c0",
  "@metamask-previews/keyring-internal-api": "9.1.1-2d9d5c0",
  "@metamask-previews/keyring-internal-snap-client": "8.0.1-2d9d5c0",
  "@metamask-previews/eth-snap-keyring": "18.0.2-2d9d5c0",
  "@metamask-previews/keyring-snap-client": "8.1.1-2d9d5c0",
  "@metamask-previews/keyring-snap-sdk": "7.1.1-2d9d5c0",
  "@metamask-previews/keyring-utils": "3.1.0-2d9d5c0"
}

ByteZhang1024 added 9 commits August 15, 2025 11:36

feat: support onekey

ec02eda

feat: sofe derive

be93f69

feat: update jd sdk

7bd08e8

feat: update jd sdk

8648ef2

feat: update jd sdk

cbc7a7d

fix: build

f8dc1e0

feat: add error tip

04710f6

chore: add test case

deea5da

chore: fix lint

a18c779

Akaryatrh requested a review from a team as a code owner August 25, 2025 13:44

Akaryatrh force-pushed the feat/onekey-keyring branch from 2dc83be to a18c779 Compare August 25, 2025 13:46

Akaryatrh added the team-hardware-wallets This should be handled by the Hardware Wallets Team label Aug 25, 2025

This comment was marked as outdated.

Sign in to view

fix: index error

a621908

This comment was marked as outdated.

Sign in to view

Akaryatrh mentioned this pull request Aug 26, 2025

feat: support OneKey #335

Closed

ByteZhang1024 added 2 commits August 26, 2025 21:10

chore: add get pubkey catch

f7e6591

chore: adjust jest config

3e52ac6

fix: get passphrase state error

a4bb524

Akaryatrh force-pushed the feat/onekey-keyring branch from ca02a28 to 89518ee Compare January 9, 2026 10:23

Akaryatrh force-pushed the feat/onekey-keyring branch from 89518ee to ca5bb42 Compare January 9, 2026 10:28

cursor bot reviewed Jan 9, 2026

View reviewed changes

fix: ai lint

e34af7d

Akaryatrh force-pushed the feat/onekey-keyring branch from e40d1ad to 15bb912 Compare January 16, 2026 10:05

This comment was marked as outdated.

Sign in to view

chrome: fix lint

63cd638

Akaryatrh force-pushed the feat/onekey-keyring branch from 15bb912 to acd41b7 Compare January 21, 2026 09:39

This comment was marked as outdated.

Sign in to view

cursor bot reviewed Jan 21, 2026

View reviewed changes

packages/keyring-eth-onekey/src/onekey-keyring.ts Show resolved Hide resolved

ByteZhang1024 and others added 3 commits January 21, 2026 18:59

fix: lock lint

dfda5e3

Merge remote-tracking branch 'origin/main' into feat/onekey-keyring

d73486d

fix: update lockfile and lint issue

2d9d5c0

Akaryatrh force-pushed the feat/onekey-keyring branch from feb98c5 to 2d9d5c0 Compare January 21, 2026 11:10

Uh oh!

feat: add OneKey keyring #353

Are you sure you want to change the base?

feat: add OneKey keyring #353

Uh oh!

Conversation

Akaryatrh commented Aug 25, 2025 • edited by cursor bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

socket-security bot commented Aug 25, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Akaryatrh commented Aug 25, 2025

Uh oh!

This comment was marked as outdated.

Uh oh!

github-actions bot commented Aug 25, 2025

Uh oh!

Akaryatrh commented Aug 26, 2025

Uh oh!

github-actions bot commented Aug 26, 2025

Uh oh!

This comment was marked as outdated.

Uh oh!

Akaryatrh commented Aug 27, 2025

Uh oh!

github-actions bot commented Aug 27, 2025

Uh oh!

Akaryatrh commented Sep 4, 2025

Uh oh!

Akaryatrh commented Sep 4, 2025

Uh oh!

Akaryatrh commented Sep 4, 2025

Uh oh!

github-actions bot commented Sep 4, 2025

Uh oh!

github-actions bot commented Jan 8, 2026

Uh oh!

Akaryatrh commented Jan 9, 2026

Uh oh!

Akaryatrh commented Jan 9, 2026

Uh oh!

github-actions bot commented Jan 9, 2026

Uh oh!

cursor bot Jan 9, 2026

Choose a reason for hiding this comment

Missing return after reject causes double promise resolution

Uh oh!

cursor bot Jan 9, 2026

Choose a reason for hiding this comment

Missing null check causes crash in error handler

Uh oh!

Akaryatrh commented Jan 9, 2026

Uh oh!

cursor bot Jan 9, 2026

Choose a reason for hiding this comment

Missing return after reject causes multiple promise settlements

Uh oh!

Uh oh!

Uh oh!

Akaryatrh commented Jan 9, 2026

Uh oh!

github-actions bot commented Jan 9, 2026

Uh oh!

This comment was marked as outdated.

Uh oh!

Akaryatrh commented Jan 21, 2026

Uh oh!

This comment was marked as outdated.

Uh oh!

Akaryatrh commented Jan 21, 2026

Uh oh!

This comment was marked as outdated.

Uh oh!

Akaryatrh commented Jan 21, 2026

Uh oh!

Akaryatrh commented Jan 21, 2026

Uh oh!

github-actions bot commented Jan 21, 2026

Uh oh!

Akaryatrh commented Aug 25, 2025 •

edited by cursor bot

Loading

socket-security bot commented Aug 25, 2025 •

edited

Loading