improvements

Author: TheTrunk

src/lib/wallet.ts

@@ -409,10 +409,16 @@ export function generateAddressKeypairSOL(
 export function generateSolanaPubkeyArray(
   xpriv: string,
   chain: keyof cryptos,
+  typeIndex: number,
 ): string[] {
+  // typeIndex selects the BIP32 child slot under which we derive the 20
+  // ed25519 leaves. Consumer wallet passes 0 (receiving). Enterprise
+  // vaults pass `vault.vaultIndex` so each vault in an org gets a distinct
+  // pubkey pool — mirrors EVM/UTXO per-vault key separation. Wallet + Key
+  // must pass the same typeIndex per vault or their multisig PDAs diverge.
   const pubkeys: string[] = [];
   for (let i = 0; i < 20; i++) {
-    const { pubKey } = generateAddressKeypairSOL(xpriv, 0, i, chain);
+    const { pubKey } = generateAddressKeypairSOL(xpriv, typeIndex, i, chain);
     pubkeys.push(pubKey);
   }
   return pubkeys;

src/screens/Home/Home.tsx

@@ -636,9 +636,13 @@ function Home({ navigation }: Props) {
         ) {
           const xprk = CryptoJS.AES.decrypt(xprivKey, pwForEncryption);
           const xprivKeyDecrypted = xprk.toString(CryptoJS.enc.Utf8);
+          // Consumer wallet on-the-fly migration: derive at typeIndex=0
+          // (receiving slot). Enterprise vaults take a different code path
+          // (handleVaultXpubAction) which passes vault.vaultIndex.
           const keyPubkeys = generateSolanaPubkeyArray(
             xprivKeyDecrypted,
             chain,
+            0,
           );
           xpubKeyDecrypted = JSON.stringify(keyPubkeys);
           // Persist the JSON-encoded form back to encrypted storage so
@@ -2318,15 +2322,48 @@ function Home({ navigation }: Props) {
         throw new Error('Unsupported chain: ' + vaultXpubData.chain);
       }
 
-      // Derive xpub at m/48'/coin'/orgIndex'/scriptType'
-      const vaultXpub = getMasterXpub(
-        mnemonicPhrase,
-        48,
-        blockchainConfig.slip,
-        vaultXpubData.orgIndex,
-        blockchainConfig.scriptType,
-        vaultChain,
-      );
+      // For UTXO/EVM: BIP32 xpub at m/48'/coin'/orgIndex'/scriptType'. Backend
+      // derives child pubkeys per addressIndex on demand.
+      // For Solana: pre-derive 20 ed25519 pubkeys at /[vaultIndex]/0..19 from
+      // the master xpriv and send as JSON array. vaultIndex (from the wallet's
+      // relay payload) provides per-vault key separation — mirrors EVM/UTXO
+      // behavior where vault.vaultIndex shifts the HD derivation.
+      let vaultXpub: string;
+      if (
+        typeof vaultXpubData.vaultIndex !== 'number' ||
+        !Number.isInteger(vaultXpubData.vaultIndex) ||
+        vaultXpubData.vaultIndex < 0
+      ) {
+        throw new Error(
+          'vaultXpub request missing valid vaultIndex (wallet must send a non-negative integer)',
+        );
+      }
+      const solVaultTypeIndex = vaultXpubData.vaultIndex;
+      if (blockchainConfig.chainType === 'sol') {
+        const solVaultXpriv = getMasterXpriv(
+          mnemonicPhrase,
+          48,
+          blockchainConfig.slip,
+          vaultXpubData.orgIndex,
+          blockchainConfig.scriptType,
+          vaultChain,
+        );
+        const pubkeys = generateSolanaPubkeyArray(
+          solVaultXpriv,
+          vaultChain,
+          solVaultTypeIndex,
+        );
+        vaultXpub = JSON.stringify(pubkeys);
+      } else {
+        vaultXpub = getMasterXpub(
+          mnemonicPhrase,
+          48,
+          blockchainConfig.slip,
+          vaultXpubData.orgIndex,
+          blockchainConfig.scriptType,
+          vaultChain,
+        );
+      }
 
       // Sign the keyXpub with identity key for verification
       const { xprivKey: idXprivKey } = identityChainState || {};
@@ -2505,6 +2542,11 @@ function Home({ navigation }: Props) {
           typeof solInputDetailsParsed[0]?.addressIndex === 'number'
             ? solInputDetailsParsed[0].addressIndex
             : 0;
+        // Sign at HD path [vaultIndex][addressIndex]. Mirrors the per-vault
+        // xpub flow (generateSolanaPubkeyArray now also derives at
+        // typeIndex=vault.vaultIndex), so the wallet's signing pubkey
+        // matches the multisig slot pubkey computed from the stored xpub
+        // array. Identical to EVM/UTXO per-vault key separation.
         const signingKeypair = generateAddressKeypair(
           vaultXpriv,
           vaultSigningData.vaultIndex,

src/types.d.ts

@@ -599,6 +599,10 @@ interface wkSigningRequest {
 interface vaultXpubRequest {
   chain: string;
   orgIndex: number;
+  // Per-vault HD typeIndex slot. Solana xpub generation uses this to derive
+  // a vault-specific 20-pubkey array (mirrors EVM/UTXO per-vault keys).
+  // Always present — the wallet's relay payload includes it.
+  vaultIndex: number;
   vaultName: string;
   orgName: string;
   xpubWallet: string;

tests/lib/walletSolana.test.ts

@@ -48,7 +48,7 @@ describe('Solana wallet lib (key device)', () => {
 
   describe('generateSolanaPubkeyArray', () => {
     test('produces 20 distinct base58 pubkeys', () => {
-      const arr = generateSolanaPubkeyArray(xprivWallet, 'solDevnet');
+      const arr = generateSolanaPubkeyArray(xprivWallet, 'solDevnet', 0);
       expect(arr).toHaveLength(20);
       expect(new Set(arr).size).toBe(20);
       for (const pk of arr) {
@@ -57,7 +57,7 @@ describe('Solana wallet lib (key device)', () => {
     });
 
     test('matches generateAddressKeypairSOL element-by-element', () => {
-      const arr = generateSolanaPubkeyArray(xprivWallet, 'solDevnet');
+      const arr = generateSolanaPubkeyArray(xprivWallet, 'solDevnet', 0);
       for (let i = 0; i < arr.length; i += 7) {
         const { pubKey } = generateAddressKeypairSOL(
           xprivWallet,