Add a "Miner updater (xmrig)" section to CLAUDE.md: the update flow + verification
(TLS + archive SHA-256 + enforced ed25519 signature against a pinned key), and the
release-process consequence — every drg-xmrig release must be signed
(scripts/sign-xmrig-release.sh) with the .sig uploaded per archive, or the in-app
updater refuses it; the signing secret key stays offline (gitignored), only the base64
public key is pinned in source.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The mac-release path was mostly ObsidianDragon-hardcoded, so `--lite --mac-release`
would produce a broken bundle. Make it variant-aware, mirroring the linux/win lite
handling that already keys off APP_BASENAME + should_bundle_full_node_assets:
- SDL3 rpath fix, the launcher script + its .bin pair, and CFBundleExecutable now
follow ${APP_BASENAME} (ObsidianDragonLite), so the bundle's executable resolves.
- Lite variant gets its own CFBundleName/CFBundleDisplayName ("DragonX Wallet Lite"),
CFBundleIdentifier (is.hush.dragonx.lite), DMG filename (DragonX_Wallet_Lite-…)
and volume name, so it can coexist with the full-node app.
- Full-node assets (daemon, Sapling params, asmap) were already gated out for lite;
the lite backend artifact is auto-selected for the macos platform by the existing
--lite-backend logic, and CMAKE_LITE_ARGS already reaches the mac configure.
Authored + validated on Linux (bash -n; launcher heredoc, plist, and DMG naming
render correctly for the lite variant) but NOT yet built/run — that needs macOS or
osxcross, neither available here. CLAUDE.md updated to reflect the wired-but-unverified
status; remaining M5b is verifying it on a Mac plus CI backend-artifact build + signing.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Adds a fail-open, local-only gate that decides whether the lite wallet may run,
so a post-release issue can disable it and rollout can be staged — without any
phone-home (privacy posture: no runtime network fetch; the per-install rollout
bucket is a hashed, never-transmitted local id).
- wallet/lite_rollout_policy.{h,cpp}: a pure decision core. Order — emergency env
kill-switch (absolute) -> local override -> manifest gates (global enable /
version floor-ceiling / blocklist / staged-rollout permille) -> fail-open allow.
Plus a JSON manifest loader (missing/invalid -> fail-open) and FNV-1a bucketing.
- Threads the decision through LiteWalletController -> LiteWalletLifecycleService:
new availability() reason RolloutDisabled blocks create/open/restore and surfaces
the gate's user-facing message via the lifecycle status.
- App::rebuildLiteWallet() resolves it from: DRAGONX_LITE_KILL_SWITCH (env), the
lite_rollout setting (auto/force_on/force_off), and a locally-cached manifest at
<config-dir>/lite_rollout.json. install id generated once via libsodium.
- Settings: persist lite_rollout override + the install id.
A signed remote fetcher can populate the manifest cache later without touching the
policy. Unit-tested (version compare, bucketing, override/env precedence, manifest
gates, staged rollout, loader fail-open, controller integration) and runtime-verified
on Linux (env kill-switch, manifest disable, control sync). Both variants build;
full suite passes; hygiene clean.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
~9,988 lines of header-only UI code that no compiled translation unit reached,
verified by transitive include-reachability from every .cpp plus a symbol sweep
(all 28 component classes — Snackbar, Ripple, NavDrawerSpec, TabBarSpec,
TransitionManager, … — had zero references in live code):
- src/ui/material/ component library: the material.h umbrella, components/*
(app_bar, cards, chips, dialogs, inputs, lists, nav_drawer, progress, slider,
snackbar, tabs, text_fields), and the animation system (elevation, motion,
ripple, transitions, app_layout) — 19 headers. Kept the live helpers the app
actually uses directly: color_theme, colors, type/typography, draw_helpers,
layout, project_icons, and components/buttons (included by mining_tab).
- src/ui/screens/ layer: main_layout, home_screen, send_screen, etc. — the
original screen stack and the only consumer of the dead component library.
The live UI runs through ui/windows/ (34 .cpp) + ui/pages/.
- src/embedded/resources.h: a superseded dragonx::embedded::Resources duplicate;
the app uses src/resources/embedded_resources.h.
None were in CMakeLists or included by live code, so the build is unaffected.
Both variants build; full test suite passes; source-hygiene check clean.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
lite_backend_artifact_{contract,resolver}.{cpp,h} (~1,960 lines) were
app-linked but never invoked: all 14 public entry points
(evaluateLiteBackendArtifactContract/Resolver, evaluateLiteBackendActivation-
Readiness, the resolve*/...Name helpers) had zero callers in the app, the
lite_smoke tool, build scripts, or surviving tests. The real backend load
path (LiteClientBridge::linkedSdxl) uses direct litelib_* externs, and the
DRAGONX_ENABLE_LITE_BACKEND symbol check is done in CMake against the symbols
inventory (FATAL_ERROR on a missing symbol) — not via these C++ files. The
files were saturated with churn markers (disabled / dry-dispatch / scaffold).
- Delete the four artifact files and their 8 CMakeLists references.
- Drop the orphaned test cruft in test_phase4.cpp: the contract include,
5 type aliases, and 3 never-called helpers (heapConstructPlanResult,
makeReadyLiteBackendArtifactProvenance, liteBackendArtifactContractHasIssue)
left over from the already-removed bridge-runtime tests.
- Correct the CLAUDE.md lite-wallet description (it credited these files with
backend validation that CMake actually performs) and drop the stale
lite_bridge_runtime mention.
Both variants build; full test suite passes; source-hygiene check clean.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The lite-wallet v2 plan was the last tracked lite doc. Fold its still-live
content — current status, remaining M5b work (macOS/CI/signing/rollout), and the
push plan — into a concise "Lite wallet status" section in CLAUDE.md (the
canonical project doc), then move the full milestone plan to docs/_archive/
(untracked) alongside the other lite design docs.
Result: docs/ has no tracked markdown; tracked .md is now just repo essentials
(README, CONTRIBUTING, CODE_OF_CONDUCT, SECURITY, CLAUDE.md). No dangling links.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- docs/lite-wallet-implementation-plan-v2-2026-06-04.md: vertical-slice plan that
supersedes the v1 plan (now banner-marked); carries over the inherited artifact/
signing/phase-2 design docs for reference.
- scripts/check-source-hygiene.sh: pre-commit/CI guard rejecting >80-char filenames
and chained churn-token names, to stop the deleted "_plan"/"_batch" scaffolding
from regrowing.
- CLAUDE.md: repository guidance for future sessions.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
