v0.3.2

What's Changed

Bug Fixes

• Fix "Something went wrong" on xcpdex.com — The proxy layer was killing interactive provider requests (connection approvals, transaction signing) after 30 seconds while the user was still interacting with the popup
• Fix "download extension" modal on already-open tabs — After extension updates, the provider bridge between window.xcpwallet and the background was torn down. The bridge now survives extension updates and reconnects automatically
• Fix "checkScript: non-wrapped ms" error — Transactions whose ancestors used Counterparty's multisig data encoding failed to sign because Transaction.fromRaw() for previous transactions was missing disableScriptCheck

Improvements

• Port-based proxy communication — Replaced chrome.runtime.sendMessage (fire-and-forget) with chrome.runtime.connect (persistent ports) for all service communication. Ports give instant disconnect detection and natural reconnection — no more timeout hacks or retry loops
• BFCache handling — Added pageshow/pagehide handlers so the provider reconnects correctly when the browser restores a page from back-forward cache

Full Changelog

v0.3.1...v0.3.2

v0.3.1

Bug Fixes

• Fix CORS errors during transaction approval — The approval popup was spamming CORS errors when fetching transaction details from mempool.space and blockstream.info. Root cause: apiClient.get() added a Content-Type: application/json header to GET requests, triggering CORS preflight that third-party APIs reject from chrome-extension:// origins. Fixed by removing Content-Type from GET/DELETE requests.

• Fix provider timeout causing "Something went wrong" on dapps — The injected provider script had a 60-second blanket timeout on all requests, including interactive ones like signTransaction where the user needs time to review. Dapps (xcpfolio, xcpdex, etc.) would show errors while the approval popup was still open. Interactive methods now have no injected-side timeout, matching MetaMask's approach. The background's 10-minute timeout remains as a safety net.

• Show subasset names in approval popup — Subassets like XCPFOLIO.NAME were displayed as their numeric ID (A12449262800694938003). The approval popup now fetches and displays asset_longname for all asset fields in transaction details.

Improvements

• Standardize all HTTP requests on apiClient — Migrated all plain fetch() calls to apiClient for consistent timeouts, retry logic, and error handling. Previously, 7 API endpoints had zero timeout and could hang forever. Added retries option to RequestConfig so fallback chains can use retries: 0 for instant failover.

Dependencies

• TypeScript 5.9.3 → 6.0.2
• vitest 4.0.18 → 4.1.1
• wxt 0.20.18 → 0.20.20
• tailwindcss 4.2.1 → 4.2.2
• react-router-dom 7.13.1 → 7.13.2
• happy-dom 20.8.3 → 20.8.8 (security fix)
• fast-check 4.5.3 → 4.6.0
• @types/chrome 0.1.37 → 0.1.38

v0.3.0

Connection Proof

xcp_requestAccounts now returns a cryptographic proof of address ownership alongside the account list. The extension auto-signs a BIP-322 message during connection — no additional user prompt beyond the connect approval.

const result = await xcpwallet.request({ method: 'xcp_requestAccounts' });
// {
//   accounts: ['bc1q...'],
//   proof: {
//     address: 'bc1q...',
//     message: 'xcp-wallet\norigin:https://example.com\nnonce:...\nissued:...',
//     signature: '<BIP-322 signature>',
//     verification: { method: 'BIP-322', format: 'p2wpkh' }
//   }
// }

The proof message is generated by the extension (not the website), includes the requesting origin and a random nonce, and can be verified server-side using standard BIP-322 signature verification.

Reliable Provider Detection

• Content script now runs at document_start instead of document_idle, ensuring the provider is available before page JavaScript executes
• Added xcp-wallet#discover event — dApps can request the extension to re-announce itself, eliminating race conditions for SPAs and late-mounting components

Provider Documentation

Added PROVIDER.md documenting all provider methods, events, SDK usage, and security model.

Bug Fixes

• Fixed swap list page showing infinite loading spinner when navigated to without a UTXO parameter
• Fixed deep link guard redirecting compose and swap routes on every page load instead of only on popup reopen
• Fixed URL substring sanitization in balance endpoint parsing (CodeQL alerts #24, #25)
• Added infinite scroll pagination to asset list

Test Coverage

Closed coverage gaps identified between v0.1.0 and v0.3.0:

• providerVerify.ts — 53 unit tests for provider transaction verification across all 14+ Counterparty message types (security-critical mismatch detection)
• transaction.ts — 42 unit tests for decodeRawTransaction, fetchInputValues, decodeCounterpartyMessage, and describeCounterpartyMessage
• xcpdex-api.ts — 21 unit tests for all 8 swap marketplace API functions
• settings.ts — 28 regression tests pinning DEFAULT_SETTINGS values, SETTINGS_VERSION, and auto-lock timer mappings
• utxo.ts — 7 unit tests for fetchBitcoinTransaction (parallel fetch, caching, fallback)
• expiry-input — E2E tests for the new ExpiryInput component
• message/approve — 7 E2E tests for the sign message approval page

Test Fixes

• Fixed market page E2E tests using stale selectors for icon-only view mode toggles
• Fixed provider resilience test trying to click lock button on approval page
• Fixed bareMultisig tests to mock fetch instead of apiClient after 0.2.1 migration
• Fixed Counterwallet import test wallet context hydration on CI

v0.2.1

Bug Fixes

• Fix CORS errors on Max button and UTXO lookups — external API calls to mempool.space, blockstream.info, and app.xcp.io were failing in production because apiClient.get() adds a Content-Type: application/json header that triggers CORS preflight requests. Switched to raw fetch() matching the pattern used by fee rate and balance lookups.
• Fix failing unit tests — update assertions for type:'address' balance filter replacing removed excludeUtxos option; fix balance-list test to match updated fetchTokenBalance call signature

Improvements

• Asset name in amount placeholder — when the BTC output row is enabled via More Outputs, the counterparty amount placeholder now shows the asset name for clarity (e.g., "0.00000000 XCP")

v0.2.0

Highlights

UTXO Atomic Swap Marketplace

List, browse, and buy UTXO-attached Counterparty assets via xcpdex.com atomic swaps — directly from the extension.

• List for Sale — set a BTC price and expiry for any UTXO asset, sign with SIGHASH_SINGLE|ANYONECANPAY, and publish to xcpdex.com
• Browse & Buy — Swaps tab on the Market page with explore/manage views, asset detail pages sorted by cheapest unit rate, and an in-wallet buy flow with platform fee and network fee estimates
• Cancel Listings — BIP-322 signed challenge cancellation from the manage view
• Buyer PSBT Approval — when buying on xcpdex.com via the provider, the approval popup now shows seller payment, platform fee (%), and network fee breakdown instead of generic "Total Value"

More Outputs

Power-user feature for attaching BTC to Counterparty asset sends.

• Enable in Settings > Advanced > Enable More Outputs
• + BTC toggle appears on the send form Amount label (non-BTC, single-destination only)
• Uses the Counterparty API more_outputs parameter (<sats>:<address> format)
• Max button accounts for the extra output in fee estimation
• Review page shows the attached BTC amount with USD conversion

Balance Filtering

UTXO-attached balances are now excluded from the Balances tab and compose form headers. If you have 275 XCP total but 100 is on a UTXO, the balance shows 175 XCP — the amount actually available to send. UTXO balances are visible on the UTXOs tab.

Other Changes

• UTXOs tab on the home page dashboard for viewing UTXO-attached assets
• Transaction safety analysis on provider approval pages (dangerous operation warnings, suspicious output detection)
• Deep link safety — compose forms and approval windows redirect to safe pages on popup reopen
• BIP-322 P2PKH fix — legacy sighash computation rewritten with dynamic construction (eliminates hardcoded byte offset fragility)
• Spent UTXO cache — prevents race conditions when broadcasting rapid transactions
• Service worker restart fix — active wallet no longer lost on background restart
• Outline copy icon on UTXO detail page
• ExpiryInput component — Listbox dropdown with presets (No expiration, 30 days) and custom days input
• All dependencies updated to latest

v0.1.1

Features

• Freewallet BIP39 address format — import Freewallet wallets using BIP39 mnemonics with legacy and SegWit derivation paths (#177)

Security

• Improved sensitive data handling and cleanup in password and encryption flows (#178)

Maintenance

• Removed dead code (#179)
• Pinned dependency versions (removed carets)
• Updated dependencies to latest patch versions

v0.1.0

Initial Release

First public release of XCP Wallet on the Chrome Web Store.

Features

• Send BTC and Counterparty assets (XCP, named assets, subassets, numeric assets)
• Dispensers: create, close, and interact with dispensers
• Orders: create DEX orders with market pricing
• Issuance: create, transfer, and lock assets
• Trezor hardware wallet support
• BIP39 mnemonic wallet import (Counterwallet format)
• Side panel and popup modes
• API caching for improved performance
• Privacy policy

Security

• PBKDF2 key derivation with 600,000 iterations
• AES-GCM encryption for stored keys
• Auto-lock on idle
• Brute force protection