feat: compliance checks

.github/workflows/build-extension.yml

@@ -2,20 +2,17 @@ name: PR extension build
 
 on: [pull_request, workflow_dispatch]
 
-jobs:
-  pre-run:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Cancel previous runs
-        uses: styfle/cancel-workflow-action@main
-        with:
-          access_token: ${{ github.token }}
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
 
+jobs:
   sha-hash:
     runs-on: ubuntu-latest
     outputs:
       SHORT_SHA: ${{ steps.short-sha.outputs.SHORT_SHA }}
     steps:
+      - run: echo "${{ github.workflow }}-${{ github.ref }}"
       - name: Make short commit SHA
         id: short-sha
         run: echo "SHORT_SHA=`echo ${{ github.event.pull_request.head.sha }} | cut -c1-7`" >> $GITHUB_OUTPUT
@@ -24,7 +21,6 @@ jobs:
     if: github.repository == 'leather-wallet/extension' && github.actor != 'dependabot[bot]'
     runs-on: ubuntu-latest
     needs:
-      - pre-run
       - sha-hash
     steps:
       - uses: kyranjamie/pull-request-fixed-header@v1.0.1
@@ -36,7 +32,6 @@ jobs:
     name: build-${{ matrix.target }}-extension
     runs-on: ubuntu-latest
     needs:
-      - pre-run
       - sha-hash
     strategy:
       matrix:
@@ -73,7 +68,6 @@ jobs:
     if: github.repository == 'leather-wallet/extension' && github.actor != 'dependabot[bot]'
     runs-on: ubuntu-latest
     needs:
-      - pre-run
       - sha-hash
       - build
     steps:

.github/workflows/playwright.yml

@@ -12,6 +12,10 @@ on:
     branches:
       - dev
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   test:
     name: Shard ${{ matrix.shardIndex }} of ${{ matrix.shardTotal }}

.github/workflows/publish-extensions.yml

@@ -17,14 +17,6 @@ env:
   IS_PUBLISHING: true
 
 jobs:
-  pre-run:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Cancel Previous Runs
-        uses: styfle/cancel-workflow-action@main
-        with:
-          access_token: ${{ github.token }}
-
   extract-version:
     runs-on: ubuntu-latest
     outputs:
@@ -44,7 +36,6 @@ jobs:
     runs-on: ubuntu-latest
     if: startsWith(github.ref, 'refs/tags/v')
     needs:
-      - pre-run
       - extract-version
     outputs:
       publish_status: ${{ steps.publish-chrome.outputs.publish_status }}
@@ -89,7 +80,6 @@ jobs:
     env:
       TARGET_BROWSER: firefox
     needs:
-      - pre-run
       - extract-version
     outputs:
       publish_status: ${{ steps.publish-firefox.outputs.publish_status }}

.github/workflows/publish-storybook.yml

@@ -4,7 +4,7 @@ on:
   workflow_dispatch:
   push:
     branches:
-      - 'dev'
+      - dev
 
 permissions:
   contents: read
@@ -13,7 +13,7 @@ permissions:
 
 concurrency:
   group: 'storybook-deploy'
-  cancel-in-progress: false
+  cancel-in-progress: true
 
 jobs:
   deploy:

src/app/common/hooks/account/use-refresh-all-account-data.ts

@@ -1,6 +1,7 @@
 import { useCallback } from 'react';
 
-import { delay } from '@app/common/utils';
+import { delay } from '@shared/utils';
+
 import { useCurrentAccountMempool } from '@app/query/stacks/mempool/mempool.hooks';
 
 // TODO: Can this be removed? It seems like we should be able

src/app/common/hooks/use-submit-stx-transaction.ts

@@ -4,7 +4,7 @@ import { bytesToHex } from '@stacks/common';
 import { StacksTransaction, broadcastTransaction } from '@stacks/transactions';
 
 import { logger } from '@shared/logger';
-import { isError } from '@shared/utils';
+import { delay, isError } from '@shared/utils';
 
 import { getErrorMessage } from '@app/common/get-error-message';
 import { useRefreshAllAccountData } from '@app/common/hooks/account/use-refresh-all-account-data';
@@ -15,8 +15,6 @@ import { useToast } from '@app/features/toasts/use-toast';
 import { useCurrentStacksNetworkState } from '@app/store/networks/networks.hooks';
 import { useSubmittedTransactionsActions } from '@app/store/submitted-transactions/submitted-transactions.hooks';
 
-import { delay } from '../utils';
-
 const timeForApiToUpdate = 250;
 
 interface UseSubmitTransactionArgs {

src/app/common/utils.ts

@@ -1,10 +1,5 @@
 import { hexToBytes } from '@stacks/common';
-import {
-  BytesReader,
-  ChainID,
-  PostCondition,
-  deserializePostCondition,
-} from '@stacks/transactions';
+import { BytesReader, PostCondition, deserializePostCondition } from '@stacks/transactions';
 import { toUnicode } from 'punycode';
 
 import { BitcoinChainConfig, BitcoinNetworkModes, KEBAB_REGEX } from '@shared/constants';
@@ -225,14 +220,6 @@ export function addPortSuffix(url: string) {
   return port ? `:${port}` : '';
 }
 
-export async function delay(ms: number) {
-  return new Promise(resolve => setTimeout(resolve, ms));
-}
-
-export function createDelay(ms: number) {
-  return async () => delay(ms);
-}
-
 export function with0x(value: string): string {
   return !value.startsWith('0x') ? `0x${value}` : value;
 }
@@ -249,9 +236,11 @@ export function doesBrowserSupportWebUsbApi() {
   return Boolean((navigator as any).usb);
 }
 
-const isFullPage = document.location.pathname.startsWith('/index.html');
+function isFullPage() {
+  return document.location.pathname.startsWith('/index.html');
+}
 
-const pageMode = isFullPage ? 'full' : 'popup';
+const pageMode = isFullPage() ? 'full' : 'popup';
 
 type PageMode = 'popup' | 'full';
 
@@ -266,14 +255,6 @@ export function isPopupMode() {
   return pageMode === 'popup';
 }
 
-interface WhenStacksChainIdMap<T> {
-  [ChainID.Mainnet]: T;
-  [ChainID.Testnet]: T;
-}
-export function whenStacksChainId(chainId: ChainID) {
-  return <T>(chainIdMap: WhenStacksChainIdMap<T>): T => chainIdMap[chainId];
-}
-
 export const parseIfValidPunycode = (s: string) => {
   try {
     return toUnicode(s);

src/app/common/validation/forms/compliance-validators.ts

@@ -0,0 +1,29 @@
+import { isString } from 'formik';
+import * as yup from 'yup';
+
+import type { NetworkModes } from '@shared/constants';
+
+import { checkEntityAddressIsCompliant } from '@app/query/common/compliance-checker/compliance-checker.query';
+
+export function complianceValidator(
+  shouldCheckCompliance: yup.StringSchema<string, yup.AnyObject>,
+  network: NetworkModes
+) {
+  return yup.string().test({
+    message: 'Compliance check failed',
+    async test(value) {
+      if (!isString(value)) return false;
+
+      if (network !== 'mainnet') return true;
+
+      if (!shouldCheckCompliance.isValidSync(value)) return true;
+
+      try {
+        const resp = await checkEntityAddressIsCompliant(value);
+        return !resp.isOnSanctionsList;
+      } catch (e) {
+        return true;
+      }
+    },
+  });
+}

src/app/common/validation/forms/recipient-validators.ts

@@ -1,4 +1,5 @@
 import { NetworkConfiguration } from '@shared/constants';
+import { stacksChainIdToCoreNetworkMode } from '@shared/crypto/stacks/stacks.utils';
 
 import { FormErrorMessages } from '@app/common/error-messages';
 
@@ -7,12 +8,19 @@ import {
   stxAddressNetworkValidator,
   stxAddressValidator,
 } from './address-validators';
+import { complianceValidator } from './compliance-validators';
 
 export function stxRecipientValidator(
   currentAddress: string,
   currentNetwork: NetworkConfiguration
 ) {
   return stxAddressValidator(FormErrorMessages.InvalidAddress)
     .concat(stxAddressNetworkValidator(currentNetwork))
-    .concat(notCurrentAddressValidator(currentAddress || ''));
+    .concat(notCurrentAddressValidator(currentAddress || ''))
+    .concat(
+      complianceValidator(
+        stxAddressValidator(FormErrorMessages.InvalidAddress),
+        stacksChainIdToCoreNetworkMode(currentNetwork.chain.stacks.chainId)
+      )
+    );
 }

src/app/components/loaders/bitcoin-account-loader.tsx

@@ -1,14 +1,17 @@
-import { BitcoinAccount } from '@shared/crypto/bitcoin/bitcoin.utils';
+import type { P2Ret, P2TROut } from '@scure/btc-signer';
 
-import { useCurrentNativeSegwitAccount } from '@app/store/accounts/blockchain/bitcoin/native-segwit-account.hooks';
-import { useCurrentTaprootAccount } from '@app/store/accounts/blockchain/bitcoin/taproot-account.hooks';
+import { ZERO_INDEX } from '@shared/constants';
 
-interface CurrentBitcoinAccountLoaderProps {
-  children(data: { nativeSegwit: BitcoinAccount; taproot: BitcoinAccount }): React.ReactNode;
+import type { Signer } from '@app/store/accounts/blockchain/bitcoin/bitcoin-signer';
+import { useCurrentAccountNativeSegwitSigner } from '@app/store/accounts/blockchain/bitcoin/native-segwit-account.hooks';
+import { useCurrentAccountTaprootSigner } from '@app/store/accounts/blockchain/bitcoin/taproot-account.hooks';
+
+interface CurrentBitcoinSignerLoaderProps {
+  children(data: { nativeSegwit: Signer<P2Ret>; taproot: Signer<P2TROut> }): React.ReactNode;
 }
-export function CurrentBitcoinAccountLoader({ children }: CurrentBitcoinAccountLoaderProps) {
-  const nativeSegwit = useCurrentNativeSegwitAccount();
-  const taproot = useCurrentTaprootAccount();
+export function CurrentBitcoinSignerLoader({ children }: CurrentBitcoinSignerLoaderProps) {
+  const nativeSegwit = useCurrentAccountNativeSegwitSigner()?.(ZERO_INDEX);
+  const taproot = useCurrentAccountTaprootSigner()?.(ZERO_INDEX);
   if (!taproot || !nativeSegwit) return null;
   return children({ nativeSegwit, taproot });
 }

src/app/components/no-fees-warning-row.tsx

@@ -1,7 +1,9 @@
 import { ChainID } from '@stacks/transactions';
 import { HStack, styled } from 'leather-styles/jsx';
 
-import { whenStacksChainId } from '@app/common/utils';
+import { stacksChainIdToCoreNetworkMode } from '@shared/crypto/stacks/stacks.utils';
+
+import { capitalize } from '@app/common/utils';
 
 interface NoFeesWarningRowProps {
   chainId: ChainID;
@@ -11,10 +13,7 @@ export function NoFeesWarningRow({ chainId }: NoFeesWarningRowProps) {
     <HStack alignItems="center" justifyContent="space-between">
       <styled.span textStyle="caption.01">No fees are incurred</styled.span>
       <styled.span textStyle="caption.01">
-        {whenStacksChainId(chainId)({
-          [ChainID.Testnet]: 'Testnet',
-          [ChainID.Mainnet]: 'Mainnet',
-        })}
+        {capitalize(stacksChainIdToCoreNetworkMode(chainId))}
       </styled.span>
     </HStack>
   );

src/app/features/asset-list/components/connect-ledger-asset-button.tsx

@@ -13,7 +13,6 @@ import { LedgerIcon } from '@app/ui/icons/ledger-icon';
 interface ConnectLedgerAssetBtnProps {
   chain: SupportedBlockchains;
 }
-
 export function ConnectLedgerAssetBtn({ chain }: ConnectLedgerAssetBtnProps) {
   const navigate = useNavigate();
 

src/app/features/collectibles/collectibles.tsx

@@ -6,7 +6,7 @@ import { useQueryClient } from '@tanstack/react-query';
 import { RouteUrls } from '@shared/route-urls';
 
 import { useWalletType } from '@app/common/use-wallet-type';
-import { CurrentBitcoinAccountLoader } from '@app/components/loaders/bitcoin-account-loader';
+import { CurrentBitcoinSignerLoader } from '@app/components/loaders/bitcoin-account-loader';
 import { CurrentStacksAccountLoader } from '@app/components/loaders/stacks-account-loader';
 import { useConfigNftMetadataEnabled } from '@app/query/common/remote-config/remote-config.query';
 
@@ -47,22 +47,22 @@ export function Collectibles() {
       isLoadingMore={isLoadingMore}
       onRefresh={() => void queryClient.refetchQueries({ type: 'active' })}
     >
-      <CurrentBitcoinAccountLoader>{() => <AddCollectible />}</CurrentBitcoinAccountLoader>
+      <CurrentBitcoinSignerLoader>{() => <AddCollectible />}</CurrentBitcoinSignerLoader>
 
       {isNftMetadataEnabled && (
         <CurrentStacksAccountLoader>
           {account => <StacksCryptoAssets account={account} />}
         </CurrentStacksAccountLoader>
       )}
 
-      <CurrentBitcoinAccountLoader>
+      <CurrentBitcoinSignerLoader>
         {() => (
           <>
             <Stamps />
             <Ordinals setIsLoadingMore={setIsLoadingMore} />
           </>
         )}
-      </CurrentBitcoinAccountLoader>
+      </CurrentBitcoinSignerLoader>
     </CollectiblesLayout>
   );
 }

src/app/features/dialogs/leather-intro-dialog/leather-intro-dialog.tsx

@@ -1,8 +1,9 @@
 import { createContext, useContext } from 'react';
 import { Outlet, Route, useNavigate } from 'react-router-dom';
 
+import { delay } from '@shared/utils';
+
 import { useAnalytics } from '@app/common/hooks/analytics/use-analytics';
-import { delay } from '@app/common/utils';
 import { openInNewTab } from '@app/common/utils/open-in-new-tab';
 
 import {

src/app/features/ledger/flows/bitcoin-tx-signing/ledger-bitcoin-sign-tx-container.tsx

@@ -9,11 +9,11 @@ import get from 'lodash.get';
 import { BitcoinInputSigningConfig } from '@shared/crypto/bitcoin/signer-config';
 import { logger } from '@shared/logger';
 import { RouteUrls } from '@shared/route-urls';
+import { delay } from '@shared/utils';
 
 import { useLocationStateWithCache } from '@app/common/hooks/use-location-state';
 import { useScrollLock } from '@app/common/hooks/use-scroll-lock';
 import { appEvents } from '@app/common/publish-subscribe';
-import { delay } from '@app/common/utils';
 import { ApproveSignLedgerBitcoinTx } from '@app/features/ledger/flows/bitcoin-tx-signing/steps/approve-bitcoin-sign-ledger-tx';
 import { ledgerSignTxRoutes } from '@app/features/ledger/generic-flows/tx-signing/ledger-sign-tx-route-generator';
 import { LedgerTxSigningContext } from '@app/features/ledger/generic-flows/tx-signing/ledger-sign-tx.context';

src/app/features/ledger/flows/jwt-signing/ledger-sign-jwt-container.tsx

@@ -7,15 +7,14 @@ import get from 'lodash.get';
 
 import { finalizeAuthResponse } from '@shared/actions/finalize-auth-response';
 import { logger } from '@shared/logger';
-import { isError } from '@shared/utils';
+import { delay, isError } from '@shared/utils';
 
 import { useGetLegacyAuthBitcoinAddresses } from '@app/common/authentication/use-legacy-auth-bitcoin-addresses';
 import { useOnboardingState } from '@app/common/hooks/auth/use-onboarding-state';
 import { useDefaultRequestParams } from '@app/common/hooks/use-default-request-search-params';
 import { useKeyActions } from '@app/common/hooks/use-key-actions';
 import { useScrollLock } from '@app/common/hooks/use-scroll-lock';
 import { makeLedgerCompatibleUnsignedAuthResponsePayload } from '@app/common/unsafe-auth-response';
-import { delay } from '@app/common/utils';
 import {
   getStacksAppVersion,
   prepareLedgerDeviceStacksAppConnection,