You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Extends the existing Connect Hardware Paired step (standard wallet): secondary Passphrase action → enter passphrase → confirm label/balance → Passphrase again or Finish.
Goal
Pair and watch multiple Trezor wallet identities from one physical device:
Standard wallet (empty passphrase) — already shipped.
Hidden wallet(s) — user enters a passphrase; Bitkit persists xpubs and shows a separate hardware balance tile.
Trezor does not store passphrases or list hidden wallets. Bitkit must never persist raw passphrases — watch-only via xpubs; re-enter passphrase when signing.
Scope
Connect flow: Passphrase button on Paired → Enter Passphrase → Passphrase Paired (label + balance) → loop or Finish.
Passphrase entry: host (phone) and/or on-device on capable models (Safe 5/7), same as dev Trezor screen.
Identity model: each passphrase-derived xpub set = separate walletKey / home tile / settings row / remove action.
Settings follow-up: Add passphrase wallet on an already-paired device (not only during initial connect loop).
Zero balance: allow add; non-blocking warning if balance is 0 ("No balance found — double-check passphrase if you expected funds").
Duplicate: same xpub already watched → "already added", no duplicate tile.
Part of #998.
Related (iOS epic): synonymdev/bitkit-ios#589
Related: #1030 — reconnect/signing safety for passphrase identities (runtime). This issue owns the pairing UX and watch-only identity model.
Design
Extends the existing Connect Hardware Paired step (standard wallet): secondary Passphrase action → enter passphrase → confirm label/balance → Passphrase again or Finish.
Goal
Pair and watch multiple Trezor wallet identities from one physical device:
Trezor does not store passphrases or list hidden wallets. Bitkit must never persist raw passphrases — watch-only via xpubs; re-enter passphrase when signing.
Scope
walletKey/ home tile / settings row / remove action.Out of scope
Acceptance criteria
Unknowns (need product / eng decision)
"Trezor Safe 3B"suffix; pattern for auto-naming vs user-only?Cross-platform spec — comment here for decisions that affect both platforms.