refactor(wallet-cli): Replace { wallet, store } with { wallet, dispose }#8847
Closed
sirtimid wants to merge 1 commit into
Closed
refactor(wallet-cli): Replace { wallet, store } with { wallet, dispose }#8847sirtimid wants to merge 1 commit into
sirtimid wants to merge 1 commit into
Conversation
`createWallet` now returns a `dispose` callback that owns the `wallet.destroy()` → `store.close()` ordering and reports per-step failures through the supplied logger. Both daemon-entry cleanup ladders (startup-failure catch and SIGTERM/SIGINT shutdown) call `dispose` instead of inlining the order, so a future third call site or extra teardown step (e.g. SQLite WAL flush) can't drift. The disposer is idempotent across concurrent and sequential calls, closes the store even when destroy rejects, and falls back to `console.error` if no logger (or a throwing one) is supplied. The pre-resolution catch block in `createWallet` was also tightened to route through the same reporter so a `store.close()` throw can't mask the original failure (e.g. bad SRP). Closes #8779 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
1 task
Member
Author
|
Superseded by #9226, which lands |
pull Bot
pushed a commit
to dmrazzy/core
that referenced
this pull request
Jun 25, 2026
…#9226) ## Explanation Adds the wallet factory and daemon entry point for `@metamask/wallet-cli`, after the scaffold (MetaMask#9065), persistence (MetaMask#9067), and transport (MetaMask#9108) slices: - **`wallet-factory.ts`** — `createWallet()` builds a `@metamask/wallet` `Wallet` over the SQLite `KeyValueStore`, hydrates it from persisted state, imports the SRP on first run, and returns `{ wallet, dispose }`. `dispose` (idempotent, resilient) runs unsubscribe → `wallet.destroy()` → `store.close()`. - **`daemon-entry.ts`** — the daemon process: claims the PID slot, builds the wallet, serves the messenger over the owner-only Unix socket, and tears down via `dispose` on shutdown. It uses the current `@metamask/wallet` `instanceOptions` API — `storageService` (in-memory adapter), `connectivityController` (`AlwaysOnlineAdapter`), and `remoteFeatureFlagController`. `NetworkController` and `TransactionController` slots are left as TODOs until they're wired on `main`. Supersedes draft MetaMask#8847 (the `{ wallet, dispose }` refactor), folded in here on top of `main`. Closes MetaMask#8779. ## Checklist - [x] `build`, `test` (100% coverage on both new files), `lint`, `changelog:validate`, and `constraints` pass. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **High Risk** > Touches keyring/SRP import, encrypted vault persistence, and exposes the full wallet messenger over a Unix socket with only filesystem permissions as the access boundary. > > **Overview** > Adds **`createWallet`** and **`daemon-entry`** so the CLI can run a long-lived background wallet process backed by SQLite persistence. > > **`createWallet`** opens a `KeyValueStore`, hydrates controller state (via a short-lived metadata probe `Wallet`), wires headless `instanceOptions` (in-memory `storageService`, `AlwaysOnlineAdapter`, Infura + remote feature flags), subscribes persistence, runs **`wallet.init()`** (startup aborts if any step fails), imports the SRP on first run when no vault exists, and returns **`{ wallet, dispose }`** with ordered, idempotent teardown. First-run failures can delete on-disk DB files. > > **`daemon-entry`** validates required env vars, **removes password/SRP from `process.env`** after capture, locks the data dir to **`0o700`**, runs **`claimDaemonSlot`** (stale socket/PID cleanup, refuse live siblings), claims the daemon with an **exclusive PID write before opening the DB**, builds the wallet, and serves **`getStatus`** plus a **`call`** RPC that forwards arbitrary messenger actions. Shutdown/SIG handlers coalesce teardown and only remove PID files the process owns. > > Also adds **`remote-feature-flag-controller`** and **`storage-service`** dependencies and a small **`Readonly`** typing tweak in persistence subscriptions. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 180ffc1. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
createWalletindaemon/wallet-factorynow returns{ wallet, dispose }instead of{ wallet, store }.disposeis the single owner of teardown — it runsawait wallet.destroy()thenstore.close(), with per-step failures forwarded to the supplied logger (orconsole.errorif none).daemon-entry.ts(startup-failurecatchblock + SIGTERM/SIGINTshutdownclosure) now both calldisposeinstead of inlining the order, so a future third call site or extra teardown step can't drift.wallet.destroy()rejects, and survives a throwing user-supplied logger.createWalletwas tightened to route through the same reporter, so astore.close()throw during first-run cleanup can no longer mask the original failure (e.g. bad SRP).Closes #8779. Builds on #8446 (the deferred refactor was tracked there).
Test plan
yarn workspace @metamask/wallet-cli run test— 250 passing, 100% statements/branches/funcs/lines onwallet-factory.tsanddaemon-entry.ts.yarn workspace @metamask/wallet-cli run build— clean.yarn eslint packages/wallet-cli/src— clean.yarn workspace @metamask/wallet-cli run changelog:validate— clean (no entry; the package is unreleased and this is internal).🤖 Generated with Claude Code