🔖 (release) [NO-ISSUE]: New release incoming: DMK 1.4.0 (#1468)

Author: aussedatlo

.changeset/eager-queens-prove.md

@@ -0,0 +1,6 @@
+---
+"@ledgerhq/device-management-kit-sample": minor
+---
+
+Add Language Package install device action
+Add List and Delete Language Package commands

.changeset/kind-ideas-matter.md

@@ -0,0 +1,5 @@
+---
+"@ledgerhq/device-signer-kit-solana": minor
+---
+
+Add additional signers input for solana signMessage v1

.changeset/social-baths-fold.md

@@ -0,0 +1,5 @@
+---
+"@ledgerhq/device-signer-kit-bitcoin": patch
+---
+
+Always use protocol version 1 on all Bitcoin APDUs for consistency and to ease future upgrades

apps/docs/pages/docs/getting-started.mdx

@@ -39,7 +39,7 @@ Here you can find a summary of all the libraries that compose the DMK.
 
 | Device Management Kit (DMK) | NPM                                                                                              | Version |
 | --------------------------- | ------------------------------------------------------------------------------------------------ | ------- |
-| Device Management Kit       | [@ledgerhq/device-management-kit](https://www.npmjs.com/package/@ledgerhq/device-management-kit) | 1.3.0   |
+| Device Management Kit       | [@ledgerhq/device-management-kit](https://www.npmjs.com/package/@ledgerhq/device-management-kit) | 1.4.0   |
 
 | Signers & Trusted App Kit | NPM                                                                                                                                                | Version |
 | ------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
@@ -70,3 +70,11 @@ Here you can find a summary of all the libraries that compose the DMK.
 | DevTools Websocket Common    | [@ledgerhq/device-management-kit-devtools-websocket-common](https://www.npmjs.com/package/@ledgerhq/device-management-kit-devtools-websocket-common)       | 1.0.2   |
 | DevTools Websocket Connector | [@ledgerhq/device-management-kit-devtools-websocket-connector](https://www.npmjs.com/package/@ledgerhq/device-management-kit-devtools-websocket-connector) | 1.1.1   |
 | DevTools Websocket Server    | [@ledgerhq/device-management-kit-devtools-websocket-server](https://www.npmjs.com/package/@ledgerhq/device-management-kit-devtools-websocket-server)       | 1.0.1   |
+
+## Legal notice
+
+The Device Management Kit (DMK) is made available under an open source license and is free to use for development, testing, and integration purposes.
+
+Please note that access to the DMK does not grant you any rights to access Ledger SAS backend services, nor any rights to use tokens, APIs, or infrastructure beyond what is explicitly allowed under the open source license. Access to Ledger SAS backend is strictly prohibited unless explicitly authorized by Ledger SAS.
+
+Use of any token to gain access to Ledger SAS backend without a formal, written legal agreement is forbidden. Unauthorized use or access may lead to legal claims, including but not limited to injunctive relief, damages, or other remedies permitted under applicable law.

apps/docs/pages/docs/references/signers/solana.mdx

@@ -240,7 +240,7 @@ Sign a Solana off-chain message on Ledger devices. Supports multiple signing
 modes via `SignMessageVersion`:
 
 - **V0** (default) — original [off-chain message](https://docs.anza.xyz/proposals/off-chain-message-signing) header with `appDomain` and signer fields. Supported on all firmware with off-chain signing. Falls back to Legacy on `6a81`.
-- **V1** — simplified header without `appDomain`; supports lexicographically sorted multi-signer payloads. Requires Solana device app version 1.14+. Falls back to V0 then Legacy on `6a81`.
+- **V1** — simplified header per [sRFC 38](https://github.com/solana-foundation/SRFCs/discussions/3): no `appDomain`, no format byte. Use `signers` to bind the message to a specific application instead. Requires Solana device app version 1.14+. Falls back to V0 then Legacy on `6a81`.
 - **Legacy** — compact header for backward compatibility with very old Solana app firmware. Current firmware will reject it.
 - **Raw** — pass-through: the caller provides the fully formatted payload as a `Uint8Array` and the SDK sends it as-is with no header wrapping.
 
@@ -279,6 +279,11 @@ const { observable, cancel } = signerSolana.signMessage(
     (UTF-8 encoded, padded/truncated to 32 bytes). Defaults to 32 zero bytes.
     Ignored for V1, Legacy, and Raw.
 
+  - **signers** `Uint8Array[]`
+    V1 only: additional required signers to include in the off-chain message header alongside the user's key. Per sRFC 38, this is the recommended replacement for the V0 `appDomain` field — pass the dApp's public key here to bind the message to a specific application. Signers are sorted and deduplicated automatically.
+    Each entry must be a 32-byte Ed25519 public key. At most 254 additional signers are supported (1 slot is reserved for the user's key). Passing a signer with the wrong length or exceeding the limit returns an error before any device communication.
+    Ignored for V0, Legacy, and Raw.
+
   - **skipOpenApp** `boolean`
     If `true`, skips opening the Solana app on the device.
 
@@ -287,7 +292,8 @@ import { SignMessageVersion } from "@ledgerhq/device-signer-kit-solana";
 
 type MessageOptions = {
   version?: SignMessageVersion;
-  appDomain?: string;
+  appDomain?: string; // V0 only
+  signers?: Uint8Array[]; // V1 only
   skipOpenApp?: boolean;
 };
 ```
@@ -324,11 +330,14 @@ type SignMessageDAOutput = {
 ```typescript
 import { SignMessageVersion } from "@ledgerhq/device-signer-kit-solana";
 
-// V0 (default) — sign a simple text message
+// V0 — sign with app domain
 const { observable } = signerSolana.signMessage(
   "44'/501'/0'/0'",
   "Hello World",
-  { version: SignMessageVersion.V0 },
+  {
+    version: SignMessageVersion.V0,
+    appDomain: "my-app.com",
+  },
 );
 
 observable.subscribe({
@@ -350,6 +359,22 @@ observable.subscribe({
 });
 ```
 
+#### V1 with Additional Signers
+
+V1 removes `appDomain` (no central registry — anyone could spoof it). To bind a message to a specific application, add the dApp's public key as a required signer instead:
+
+```typescript
+// V1 — bind message to dApp via required signer (sRFC 38)
+const { observable } = signerSolana.signMessage(
+  "44'/501'/0'/0'",
+  "Hello World",
+  {
+    version: SignMessageVersion.V1,
+    signers: [dAppPubkeyBytes], // dApp's Ed25519 public key as Uint8Array(32)
+  },
+);
+```
+
 #### Raw Mode
 
 In Raw mode, the caller is responsible for constructing the full off-chain

apps/sample/package.json

@@ -41,6 +41,7 @@
     "@ledgerhq/react-ui": "catalog:",
     "@ledgerhq/solana-tools": "workspace:^",
     "@noble/secp256k1": "^2.3.0",
+    "bs58": "catalog:",
     "@playwright/test": "catalog:",
     "@reduxjs/toolkit": "catalog:",
     "@sentry/nextjs": "catalog:",

apps/sample/src/components/CommandsView/index.tsx

@@ -5,6 +5,9 @@ import {
   type BackupStorageCommandResponse,
   BatteryStatusType,
   CloseAppCommand,
+  DeleteLanguagePackCommand,
+  type DeleteLanguagePackCommandArgs,
+  type DeleteLanguagePackErrorCodes,
   GetAppAndVersionCommand,
   type GetAppAndVersionResponse,
   GetAppStorageInfoCommand,
@@ -20,6 +23,10 @@ import {
   ListAppsCommand,
   type ListAppsErrorCodes,
   type ListAppsResponse,
+  ListLanguagePackCommand,
+  type ListLanguagePackCommandArgs,
+  type ListLanguagePackErrorCodes,
+  type ListLanguagePackResponse,
   type OpenAppArgs,
   OpenAppCommand,
   type OpenAppErrorCodes,
@@ -154,6 +161,40 @@ export const CommandsView: React.FC<{ sessionId: string }> = ({
         BackupStorageCommandResponse,
         BackupStorageCommandErrorCodes
       >,
+      {
+        title: "List language packs",
+        description:
+          "List installed language packages (first chunk or continue)",
+        sendCommand: ({ firstChunk }) => {
+          const command = new ListLanguagePackCommand({ firstChunk });
+          return dmk.sendCommand({
+            sessionId: selectedSessionId,
+            command,
+          });
+        },
+        initialValues: { firstChunk: true },
+      } satisfies CommandProps<
+        ListLanguagePackCommandArgs,
+        ListLanguagePackResponse,
+        ListLanguagePackErrorCodes
+      >,
+      {
+        title: "Delete language pack",
+        description:
+          "Delete an installed language pack by id (use 255 / 0xFF to remove all)",
+        sendCommand: ({ languagePackageId }) => {
+          const command = new DeleteLanguagePackCommand({ languagePackageId });
+          return dmk.sendCommand({
+            sessionId: selectedSessionId,
+            command,
+          });
+        },
+        initialValues: { languagePackageId: 1 },
+      } satisfies CommandProps<
+        DeleteLanguagePackCommandArgs,
+        void,
+        DeleteLanguagePackErrorCodes
+      >,
     ],
     [selectedSessionId, dmk],
   );

apps/sample/src/components/DeviceActionsView/AllDeviceActions.tsx

@@ -26,6 +26,11 @@ import {
   type InstallAppDAIntermediateValue,
   type InstallAppDAOutput,
   InstallAppDeviceAction,
+  type InstallLanguagePackageDAError,
+  type InstallLanguagePackageDAInput,
+  type InstallLanguagePackageDAIntermediateValue,
+  type InstallLanguagePackageDAOutput,
+  InstallLanguagePackageDeviceAction,
   type InstallOrUpdateAppsDAError,
   type InstallOrUpdateAppsDAIntermediateValue,
   type InstallOrUpdateAppsDAOutput,
@@ -203,6 +208,30 @@ export const AllDeviceActions: React.FC<{ sessionId: string }> = ({
         GoToDashboardDAError,
         GoToDashboardDAIntermediateValue
       >,
+      {
+        title: "Install language package",
+        description: "Install the language package for the given language",
+        executeDeviceAction: ({ unlockTimeout, language }, inspect) => {
+          const deviceAction = new InstallLanguagePackageDeviceAction({
+            input: { unlockTimeout, language },
+            inspect,
+          });
+          return dmk.executeDeviceAction({
+            sessionId,
+            deviceAction,
+          });
+        },
+        initialValues: {
+          unlockTimeout: UNLOCK_TIMEOUT,
+          language: "french",
+        },
+        deviceModelId,
+      } satisfies DeviceActionProps<
+        InstallLanguagePackageDAOutput,
+        InstallLanguagePackageDAInput,
+        InstallLanguagePackageDAError,
+        InstallLanguagePackageDAIntermediateValue
+      >,
       {
         title: "List apps",
         description: "List all applications installed on the device",

apps/sample/src/components/SignerSolanaView/index.tsx

@@ -30,6 +30,7 @@ import {
   type GenerateTransactionDAOutput,
   SolanaToolsBuilder,
 } from "@ledgerhq/solana-tools";
+import bs58 from "bs58";
 
 import { DeviceActionsList } from "@/components/DeviceActionsView/DeviceActionsList";
 import { type DeviceActionProps } from "@/components/DeviceActionsView/DeviceActionTester";
@@ -254,6 +255,8 @@ export const SignerSolanaView: React.FC<{ sessionId: string }> = ({
           message,
           version,
           skipOpenApp,
+          appDomain,
+          signers,
         }) => {
           if (!signer) {
             throw new Error("Signer not initialized");
@@ -270,16 +273,31 @@ export const SignerSolanaView: React.FC<{ sessionId: string }> = ({
               hex.match(/.{1,2}/g)?.map((b) => parseInt(b, 16)) ?? [],
             );
           }
+          const parsedSigners =
+            version === SignMessageVersion.V1 && signers.trim()
+              ? signers
+                  .split(",")
+                  .map((s) => s.trim())
+                  .filter(Boolean)
+                  .map((s) => bs58.decode(s))
+              : undefined;
           return signer.signMessage(derivationPath, payload, {
             version,
             skipOpenApp,
+            appDomain:
+              version === SignMessageVersion.V0 && appDomain
+                ? appDomain
+                : undefined,
+            signers: parsedSigners,
           });
         },
         initialValues: {
           derivationPath: DEFAULT_DERIVATION_PATH,
           message: "Hello World",
           version: SignMessageVersion.V0,
           skipOpenApp: false,
+          appDomain: "",
+          signers: "",
         },
         valueSelector: {
           version: signMessageVersionOptions,
@@ -289,6 +307,8 @@ export const SignerSolanaView: React.FC<{ sessionId: string }> = ({
           message: "Message (hex bytes for Raw mode)",
           version: "Signing mode",
           skipOpenApp: "Skip open app",
+          appDomain: "App domain (V0 only)",
+          signers: "Additional signers, comma-separated base58 (V1 only)",
         },
         deviceModelId,
       } satisfies DeviceActionProps<
@@ -298,6 +318,8 @@ export const SignerSolanaView: React.FC<{ sessionId: string }> = ({
           message: string;
           version: SignMessageVersion;
           skipOpenApp: boolean;
+          appDomain: string;
+          signers: string;
         },
         SignMessageDAError,
         SignMessageDAIntermediateValue

packages/device-management-kit/CHANGELOG.md

@@ -1,5 +1,17 @@
 # @ledgerhq/device-management-kit
 
+## 1.4.0
+
+### Minor Changes
+
+- [#1382](https://github.com/LedgerHQ/device-sdk-ts/pull/1382) [`68947bf`](https://github.com/LedgerHQ/device-sdk-ts/commit/68947bfa299c7c7620c7a3bf3de5788555ba4961) Thanks [@pvautherin-ledger](https://github.com/pvautherin-ledger)! - Add Language Package install device action and Delete command
+
+### Patch Changes
+
+- [#1467](https://github.com/LedgerHQ/device-sdk-ts/pull/1467) [`16e08f2`](https://github.com/LedgerHQ/device-sdk-ts/commit/16e08f2e504e5361f6a0e70de679ad588b5034b2) Thanks [@aussedatlo](https://github.com/aussedatlo)! - Fix React Native compatibility in `DmkNetworkClient`: serialize query params manually instead of using `URLSearchParams.set` (not implemented in React Native), and guard optional Web globals (`Blob`, `FormData`, `URLSearchParams`, `ReadableStream`) in `isRawBody` to avoid `ReferenceError` on runtimes where they are missing.
+
+- [#1461](https://github.com/LedgerHQ/device-sdk-ts/pull/1461) [`8051f90`](https://github.com/LedgerHQ/device-sdk-ts/commit/8051f908e987c178e3e54aa5132d4111a354969d) Thanks [@fAnselmi-Ledger](https://github.com/fAnselmi-Ledger)! - Add InvalidArgumentError error
+
 ## 1.3.0
 
 ### Minor Changes