Beta

GANDALF — Development Wallet Extension

Rust Core • WASM Boundary • Secrets Shall Not Pass

A Chrome Manifest V3 wallet built for protocol developers — with every security-critical operation locked inside Rust compiled to WebAssembly, so JavaScript never touches a plaintext secret. Argon2id and XChaCha20-Poly1305 seal the vault; BIP39 mnemonics and HD derivation drive Ed25519 signing on Tetra and ECDSA/Schnorr signing on a private Bitcoin devnet, from segwit to Taproot. Strict CSP, no content scripts, no remote code: a wallet for devnets that takes security more seriously than most wallets for mainnet.

Rust WebAssembly Chrome Extension Bitcoin Cryptography Security
🦀
100%
Security-Critical Logic in Rust → WASM
🚫
0
Plaintext Secrets Ever Exposed to JavaScript
⛓️
2 Ledgers
Tetra + Private Bitcoin Devnet (Segwit & Taproot)
The Problem

Browser Wallets Trust JavaScript Too Much

Extension wallets live in the most hostile runtime there is — and most of them keep their deepest secrets in the scripting language of that runtime.

🐒

Secrets in Script Memory

Typical extension wallets decrypt mnemonics and keys straight into JavaScript objects — inspectable, copyable, and never reliably erased by a garbage collector.

📦

Sprawling Attack Surface

Content scripts injected into every page, remote code, and deep dependency trees each add a path from a hostile web page to your keys.

🧪

Devnets Get Leftover Wallets

Protocol developers test custom chains and private Bitcoin networks with mainnet wallets that don't speak their protocols — or with real-fund wallets that shouldn't be anywhere near a debugger.

🔓

Dated Vault Crypto

Wallet vaults still lean on fast, GPU-friendly KDFs, leaving exported or synced vault files one wordlist away from compromise.

The Solution

A Wallet Where JavaScript Never Sees a Secret

Gandalf draws one hard line: everything security-critical lives in Rust compiled to WebAssembly. JavaScript renders screens and relays messages — signatures come out, secrets never do.

🧙

The WASM Wall

All key handling lives in the gandalf-core and gandalf-wasm Rust crates. The serialized WASM boundary never returns plaintext secrets, and sensitive buffers are zeroized after use.

🔐

Modern Vault Crypto

The vault is sealed with an Argon2id KDF — memory-hard by design — and XChaCha20-Poly1305 authenticated encryption with authenticated metadata.

⛓️

Multi-Ledger by Design

One BIP39 seed, HD path m/1204'/1980'/account'/0/0, two signature families: Ed25519 for Tetra, k256 ECDSA and Schnorr for Bitcoin — bech32 and bs58 addresses included.

🛡️

Strict MV3 Posture

Strict Content-Security-Policy, no content scripts, no remote code. The extension asks for storage and an optional local-node host permission — nothing more.

Four Layers, One Hard Boundary

The stack is organized around a single principle: the further up you go, the less there is to steal. Everything above the WASM boundary handles only public data.

4
Layer 4
🖥️

Extension Shell

Manifest V3 popup, onboarding tab, and background service worker with shared typed messages. It renders accounts, addresses, and confirmations — and holds nothing worth stealing.

🧩Manifest V3 🚫No Content Scripts 📜Strict CSP 🌐No Remote Code
Public Data Only
3
Layer 3
🕸️

WASM Boundary

The gandalf-wasm crate exposes a serialized API that by construction never returns plaintext secrets. Requests go in, signatures and public data come out; plaintext buffers are zeroized behind the wall.

🦀gandalf-wasm Crate 🔁Serialized Typed API 🧹Zeroized Buffers 🚧No Plaintext Egress
Signatures Out, Secrets Never
2
Layer 2
🔑

Multi-Ledger Wallet Core

gandalf-core implements BIP39 mnemonics, HD derivation at m/1204'/1980'/account'/0/0, and per-ledger signing: Ed25519 for Tetra; k256 ECDSA and Schnorr for the Bitcoin devnet, covering BIP143 P2WPKH segwit and BIP341 P2TR Taproot key-path spends.

🧠BIP39 + HD Derivation ✍️Ed25519 + k256 Segwit & Taproot Signing 🏷️bech32 / bs58 Addresses
Unlocked On Demand
1
Foundation
🔐

Vault Foundation

An encrypted vault sealed with Argon2id and XChaCha20-Poly1305 with authenticated metadata — wrong-password and tamper cases are covered by tests, alongside 32 Rust tests across the gandalf crates.

🧂Argon2id KDF 🔒XChaCha20-Poly1305 AEAD 🏷️Authenticated Metadata 🧪32 Rust Tests

Life of a Signature

From password to broadcast, secrets exist only inside the WASM module — and only for as long as the operation needs them.

01

Unlock

Password → WASM

What Happens

  • Argon2id stretches the password into a vault key
  • XChaCha20-Poly1305 decrypts the vault inside WASM
  • Authenticated metadata rejects tampered vaults
  • Wrong-password paths covered by dedicated tests
Checkpoint: Secrets exist only behind the boundary
02

Derive

One Seed, Two Ledgers

What Happens

  • BIP39 mnemonic expands to the HD tree
  • Path m/1204'/1980'/account'/0/0 selects the account
  • Ed25519 keys for Tetra, k256 for Bitcoin
  • bech32 and bs58 addresses surface as public data
Checkpoint: Every account reproducible from the backup
03

Sign

Inside the Wall

What Happens

  • Transaction reviewed in the UI — amount, fee, inputs, change
  • Ed25519 signing for Tetra transfers
  • BIP143 P2WPKH and BIP341 Taproot key-path signing for Bitcoin
  • Only the finished signature crosses into JavaScript
Checkpoint: JavaScript relays, never signs
04

Zeroize & Broadcast

Cleanup

What Happens

  • Plaintext buffers zeroized after use
  • Signed transaction submitted to the target devnet
  • Confirmation tracked against Tetra or the private Bitcoin fork
  • End-to-end proof: P2WPKH send and P2TR round trip confirmed on the devnet
Checkpoint: Nothing sensitive outlives the operation

Ten Stages, Acceptance-Tested

Gandalf follows a staged roadmap where an item moves to done only after its acceptance tests pass. Stages 0–6 are complete; the path to release is explicit.

Done

Stages 0–6 + Bitcoin

Shipped

Delivered

  • Rust core, vault crypto, and the sealed WASM boundary
  • MV3 shell, onboarding, accounts, read-only sync
  • First end-to-end Tetra transfer on a five-node localnet
  • Bitcoin devnet adapter: segwit and Taproot sends confirmed
Milestone: End-to-end signing on both ledgers
Next

Reliability & Recovery

Stage 7

Planned Deliverables

  • Failure handling matrix — funds, network, expiry, duplicates
  • Encrypted vault export and import
  • Password-authorized mnemonic reveal
  • Service-worker restart resilience tests
Milestone: Graceful failure on every path
Next

Security & Release

Stage 8

Planned Deliverables

  • Dependency and license review, fuzzing, threat-model review
  • No secrets in logs, analytics, or clipboard persistence
  • Chrome end-to-end test suite
  • Reproducible builds and install documentation
Milestone: A release checklist that passes on a clean machine
Planned

Extended Capabilities

Stages 9–10

Planned Deliverables

  • Fee-economics simulator with governed parameters
  • Multi-asset transfers and script budgets
  • Website connectivity once wallet-owned transfers are stable
  • Additional ledger adapters (Cardano next)
Milestone: From dev tool toward a full multi-ledger wallet

Who Gandalf Is For

A development wallet for devnets and testnets — deliberately not for mainnet funds — that treats its threat model like production anyway.

🧑‍💻

For Protocol Developers

Speaks Tetra and a private Bitcoin devnet out of the box
Exercise segwit and Taproot flows without touching real funds
Devnet-quickstart onboarding against local nodes
Explicit host permissions and genesis-hash network identity checks
🛡️

For Security Engineers

A working Rust-to-WASM isolation pattern for MV3 extensions
Argon2id + XChaCha20-Poly1305 vault with authenticated metadata
Zeroized buffers; a boundary that cannot return plaintext
No content scripts, no remote code, strict CSP
🏗️

For Wallet Builders

A reference architecture with the trust line drawn below JavaScript
Two signature families behind one HD seed and one vault
Public design docs: multi-ledger UX and Bitcoin-devnet integration
32 Rust tests plus browser E2E evidence for both ledgers

Draw the Line Below JavaScript

Whether you're building a wallet, hardening an extension, or standing up a devnet your team can actually test against — let's talk about putting the secrets where the scripts can't reach.

100%
Rust-to-WASM Security Core
0
Plaintext Secrets in JavaScript
2 Ledgers
Tetra + Bitcoin Devnet