BitGo · alextse-bg · Jun 11, 2026 · Jun 5, 2026 · Jun 5, 2026 · Jun 9, 2026
@@ -8,6 +8,15 @@ You are an expert code reviewer for the BitGoJS cryptocurrency wallet SDK. Pleas
 - Proper validation of transaction parameters
 - Safe handling of private keys and sensitive data
 
+## Internal Information Leakage (Public Repository)
+Comments and strings should describe what the code does, not the dev process. Flag in comments, JSDoc, test names, and error/log strings:
+- Verification/testing metadata (dates, "dry-run confirmed", "verified/tested on", investigation notes)
+- Internal team/system names or codenames (e.g. "by WP"), infra, or tooling
+- Internal ticket IDs or links to internal-only docs
+- Rationale on how/why a change was made rather than code behavior
+
+For each, suggest a behavior-only rewrite.
+
 ## Code Quality & Architecture
 - Adherence to BitGoJS coding standards and patterns
 - TypeScript type safety and interface compliance
@@ -35,8 +44,9 @@ You are an expert code reviewer for the BitGoJS cryptocurrency wallet SDK. Pleas
 
 Please provide constructive feedback focusing on:
 1. Critical issues that must be addressed
-2. Suggestions for improvement
-3. Questions about design decisions
-4. Acknowledgment of good practices
+2. Internal-information leaks in comments or strings (must be removed before merge)
+3. Suggestions for improvement
+4. Questions about design decisions
+5. Acknowledgment of good practices
 
 Be thorough but concise, and explain the reasoning behind your suggestions.
@@ -236,9 +236,13 @@ jobs:
         run: |
           yarn install --frozen-lockfile
 
+      - name: Install retry
+        uses: BitGo/install-github-release-binary@v2
+        with:
+          targets: EricCrosson/retry@v1.4.8:sha256-d207746ff0eda67c706df25e88c02520f0cf3172279eb8eec8224fb0d3558911
+
       - name: Run yarn audit
-        run: |
-          yarn run audit-high
+        run: retry --up-to 2x --every 3s -- yarn run audit-high --retry-on-network-failure
 
       - name: Run dependency check
         run: |

@@ -36,8 +36,13 @@ jobs:
       - name: Install BitGoJS
         run: sfw yarn install --with-frozen-lockfile
 
+      - name: Install retry
+        uses: BitGo/install-github-release-binary@v2
+        with:
+          targets: EricCrosson/retry@v1.4.8:sha256-d207746ff0eda67c706df25e88c02520f0cf3172279eb8eec8224fb0d3558911
+
       - name: Audit Dependencies
-        run: yarn run improved-yarn-audit --min-severity high
+        run: retry --up-to 2x --every 3s -- yarn run improved-yarn-audit --min-severity high --retry-on-network-failure
 
       - name: Set Environment Variable for Alpha
         if: github.ref != 'refs/heads/master' # only publish changes if on feature branches

@@ -78,6 +78,7 @@
   },
   "devDependencies": {
     "@bitgo/sdk-test": "^9.1.50",
+    "@bitgo/utxo-lib": "^11.24.0",
     "mocha": "^10.2.0"
   },
   "gitHead": "18e460ddf02de2dbf13c2aa243478188fb539f0c"

@@ -2,9 +2,7 @@ import assert from 'assert';
 import { randomBytes } from 'crypto';
 
 import _ from 'lodash';
-import * as utxolib from '@bitgo/utxo-lib';
-import { BIP32, fixedScriptWallet, hasPsbtMagic } from '@bitgo/wasm-utxo';
-import { bitgo, getMainnet } from '@bitgo/utxo-lib';
+import { address as wasmAddress, BIP32, fixedScriptWallet, hasPsbtMagic } from '@bitgo/wasm-utxo';
 import {
   AddressCoinSpecific,
   BaseCoin,
@@ -62,7 +60,6 @@ import { getReplayProtectionPubkeys, isReplayProtectionUnspent } from './transac
 import { supportedCrossChainRecoveries } from './config';
 import {
   assertValidTransactionRecipient,
-  DecodedTransaction,
   explainTx,
   fromExtendedAddressFormat,
   isScriptRecipient,
@@ -77,14 +74,7 @@ import {
   ErrorImplicitExternalOutputs,
 } from './transaction/descriptor/verifyTransaction';
 import { assertDescriptorWalletAddress, getDescriptorMapFromWallet, isDescriptorWallet } from './descriptor';
-import {
-  getFullNameFromCoinName,
-  getMainnetCoinName,
-  getNetworkFromCoinName,
-  isMainnetCoin,
-  UtxoCoinName,
-  UtxoCoinNameMainnet,
-} from './names';
+import { getFullNameFromCoinName, getMainnetCoinName, isMainnetCoin, UtxoCoinName, UtxoCoinNameMainnet } from './names';
 import { assertFixedScriptWalletAddress } from './address/fixedScript';
 import { ParsedTransaction } from './transaction/types';
 import { decodeDescriptorPsbt, decodePsbt, encodeTransaction, stringToBufferTryFormats } from './transaction/decode';
@@ -96,7 +86,7 @@ import { isUtxoWalletData, UtxoWallet } from './wallet';
 import { isDescriptorWalletData } from './descriptor/descriptorWallet';
 import type { Unspent } from './unspent';
 
-import ScriptType2Of3 = utxolib.bitgo.outputScripts.ScriptType2Of3;
+type ScriptType2Of3 = 'p2sh' | 'p2shP2wsh' | 'p2wsh' | 'p2tr' | 'p2trMusig2';
 
 export type TxFormat =
   // This is a legacy transaction format based around the bitcoinjs-lib serialization of unsigned transactions
@@ -142,28 +132,19 @@ type UtxoCustomSigningFunction<TNumber extends number | bigint> = {
   }): Promise<SignedTransaction>;
 };
 
-const { isChainCode, scriptTypeForChain, outputScripts } = bitgo;
-
 /**
  * Check if a decoded transaction has at least one taproot key path spend (MuSig2) input.
- * Works for both utxolib UtxoPsbt and wasm-utxo BitGoPsbt.
  */
-function hasKeyPathSpendInput<TNumber extends number | bigint>(
-  tx: DecodedTransaction<TNumber>,
+function hasKeyPathSpendInput(
+  tx: fixedScriptWallet.BitGoPsbt,
   pubs: string[] | undefined,
   coinName: UtxoCoinName
 ): boolean {
-  if (tx instanceof bitgo.UtxoPsbt) {
-    return bitgo.isTransactionWithKeyPathSpendInput(tx);
-  }
-  if (tx instanceof fixedScriptWallet.BitGoPsbt) {
-    assert(pubs && isTriple(pubs), 'pub triple is required to check for key path spend inputs in wasm-utxo PSBT');
-    const rootWalletKeys = fixedScriptWallet.RootWalletKeys.fromXpubs(pubs);
-    const replayProtection = { publicKeys: getReplayProtectionPubkeys(coinName) };
-    const parsed = tx.parseTransactionWithWalletKeys(rootWalletKeys, { replayProtection });
-    return parsed.inputs.some((input) => input.scriptType === 'p2trMusig2KeyPath');
-  }
-  return false;
+  assert(pubs && isTriple(pubs), 'pub triple is required to check for key path spend inputs in wasm-utxo PSBT');
+  const rootWalletKeys = fixedScriptWallet.RootWalletKeys.fromXpubs(pubs);
+  const replayProtection = { publicKeys: getReplayProtectionPubkeys(coinName) };
+  const parsed = tx.parseTransactionWithWalletKeys(rootWalletKeys, { replayProtection });
+  return parsed.inputs.some((input) => input.scriptType === 'p2trMusig2KeyPath');
 }
 
 /**
@@ -216,8 +197,6 @@ function convertValidationErrorToTxIntentMismatch(
 
 export type { DecodedTransaction } from './transaction/types';
 
-export type RootWalletKeys = bitgo.RootWalletKeys;
-
 export type UtxoCoinSpecific = AddressCoinSpecific | DescriptorAddressCoinSpecific;
 
 export interface VerifyAddressOptions<TCoinSpecific extends UtxoCoinSpecific> extends BaseVerifyAddressOptions {
@@ -252,8 +231,6 @@ export interface DecoratedExplainTransactionOptions<TNumber extends number | big
   changeInfo?: { address: string; chain: number; index: number }[];
 }
 
-export type UtxoNetwork = utxolib.Network;
-
 export interface TransactionPrebuild<TNumber extends number | bigint = number> extends BaseTransactionPrebuild {
   txInfo?: TransactionInfo<TNumber>;
   blockHeight?: number;
@@ -335,11 +312,6 @@ type UtxoBaseSignTransactionOptions<TNumber extends number | bigint = number> =
    * When false, creates half-signed transaction with placeholder signatures.
    */
   isLastSignature?: boolean;
-  /**
-   * If true, allows signing a non-segwit input with a witnessUtxo instead requiring a previous
-   * transaction (nonWitnessUtxo)
-   */
-  allowNonSegwitSigningWithoutPrevTx?: boolean;
   /**
    * When true, the signed transaction will be converted from PSBT to legacy format before returning.
    * Set automatically by presignTransaction() when the caller explicitly requested txFormat: 'legacy'.
@@ -432,14 +404,6 @@ export abstract class AbstractUtxoCoin extends BaseCoin implements Musig2Partici
     this.amountType = amountType;
   }
 
-  /**
-   * @deprecated - will be removed when we drop support for utxolib
-   * Use `name` property instead.
-   */
-  get network(): utxolib.Network {
-    return getNetworkFromCoinName(this.name);
-  }
-
   getChain(): UtxoCoinName {
     return this.name;
   }
@@ -455,13 +419,8 @@ export abstract class AbstractUtxoCoin extends BaseCoin implements Musig2Partici
   /** Indicates whether the coin supports a block target */
   supportsBlockTarget(): boolean {
     // FIXME: the SDK does not seem to use this anywhere so it is unclear what the purpose of this method is
-    switch (getMainnet(this.network)) {
-      case utxolib.networks.bitcoin:
-      case utxolib.networks.dogecoin:
-        return true;
-      default:
-        return false;
-    }
+    const mainnet = getMainnetCoinName(this.name);
+    return mainnet === 'btc' || mainnet === 'doge';
   }
 
   sweepWithSendMany(): boolean {
@@ -470,7 +429,7 @@ export abstract class AbstractUtxoCoin extends BaseCoin implements Musig2Partici
 
   /** @deprecated */
   static get validAddressTypes(): ScriptType2Of3[] {
-    return [...outputScripts.scriptTypes2Of3];
+    return ['p2sh', 'p2shP2wsh', 'p2wsh', 'p2tr', 'p2trMusig2'];
   }
 
   /**
@@ -508,15 +467,20 @@ export abstract class AbstractUtxoCoin extends BaseCoin implements Musig2Partici
     // At the time of writing, the only additional address format is bch cashaddr.
     const anyFormat = (param as { anyFormat: boolean } | undefined)?.anyFormat ?? true;
     try {
-      // Find out if the address is valid for any format. Tries all supported formats by default.
-      // Throws if address cannot be decoded with any format.
-      const [format, script] = utxolib.addressFormat.toOutputScriptAndFormat(address, this.network);
-      // unless anyFormat is set, only 'default' is allowed.
-      if (!anyFormat && format !== 'default') {
-        return false;
+      const script = wasmAddress.toOutputScriptWithCoin(address, this.name);
+      // Determine which format the input address was in by round-tripping
+      // through each candidate and checking byte-equality. 'default' is tried
+      // first so canonical default-format addresses early-exit.
+      for (const format of ['default', 'cashaddr'] as const) {
+        try {
+          if (wasmAddress.fromOutputScriptWithCoin(script, this.name, format) === address) {
+            return anyFormat || format === 'default';
+          }
+        } catch {
+          // coin doesn't support this format; try the next one
+        }
       }
-      // make sure that address is in normal representation for given format.
-      return address === utxolib.addressFormat.fromOutputScriptWithFormat(script, format, this.network);
+      return false;
     } catch (e) {
       return false;
     }
@@ -596,13 +560,9 @@ export abstract class AbstractUtxoCoin extends BaseCoin implements Musig2Partici
    * @param addressDetails
    */
   static inferAddressType(addressDetails: { chain: number }): ScriptType2Of3 | null {
-    return isChainCode(addressDetails.chain) ? scriptTypeForChain(addressDetails.chain) : null;
-  }
-
-  createTransactionFromHex<TNumber extends number | bigint = number>(
-    hex: string
-  ): utxolib.bitgo.UtxoTransaction<TNumber> {
-    return utxolib.bitgo.createTransactionFromHex<TNumber>(hex, this.network, this.amountType);
+    return fixedScriptWallet.ChainCode.is(addressDetails.chain)
+      ? (fixedScriptWallet.ChainCode.scriptType(addressDetails.chain) as ScriptType2Of3)
+      : null;
   }
 
   decodeTransaction(input: Buffer | string): fixedScriptWallet.BitGoPsbt {
@@ -761,7 +721,7 @@ export abstract class AbstractUtxoCoin extends BaseCoin implements Musig2Partici
    * @returns true iff coin supports spending from unspentType
    */
   supportsAddressType(addressType: ScriptType2Of3): boolean {
-    return utxolib.bitgo.outputScripts.isSupportedScriptType(this.network, addressType);
+    return fixedScriptWallet.supportsScriptType(this.name, addressType);
   }
 
   /** inherited doc */
@@ -774,7 +734,10 @@ export abstract class AbstractUtxoCoin extends BaseCoin implements Musig2Partici
    * @return true iff coin supports spending from chain
    */
   supportsAddressChain(chain: number): boolean {
-    return isChainCode(chain) && this.supportsAddressType(utxolib.bitgo.scriptTypeForChain(chain));
+    return (
+      fixedScriptWallet.ChainCode.is(chain) &&
+      this.supportsAddressType(fixedScriptWallet.ChainCode.scriptType(chain) as ScriptType2Of3)
+    );
   }
 
   keyIdsForSigning(): number[] {
@@ -1063,17 +1026,6 @@ export abstract class AbstractUtxoCoin extends BaseCoin implements Musig2Partici
     }
 
     const returnLegacyFormat = (params as Record<string, unknown>).txFormat === 'legacy';
-
-    // In the case that we have a 'psbt-lite' transaction format, we want to indicate in signing to not fail
-    const txHex = (params.txHex ?? params.txPrebuild?.txHex) as string;
-    if (
-      txHex &&
-      utxolib.bitgo.isPsbt(txHex as string) &&
-      utxolib.bitgo.isPsbtLite(utxolib.bitgo.createPsbtFromHex(txHex, this.network)) &&
-      params.allowNonSegwitSigningWithoutPrevTx === undefined
-    ) {
-      return { ...params, allowNonSegwitSigningWithoutPrevTx: true, returnLegacyFormat };
-    }
     return { ...params, returnLegacyFormat };
   }
 

@@ -1,5 +1,4 @@
 import { BitGoBase, HalfSignedUtxoTransaction, SignedTransaction } from '@bitgo/sdk-core';
-import { bitgo } from '@bitgo/utxo-lib';
 
 import {
   AbstractUtxoCoin,
@@ -75,10 +74,6 @@ export class Doge extends AbstractUtxoCoin {
 
   /* postProcessPrebuild, isBitGoTaintedUnspent, verifyCustomChangeKeySignatures do not care whether they receive number or bigint */
 
-  createTransactionFromHex<TNumber extends number | bigint = bigint>(hex: string): bitgo.UtxoTransaction<TNumber> {
-    return super.createTransactionFromHex<TNumber>(hex);
-  }
-
   async parseTransaction<TNumber extends number | bigint = bigint>(
     params: ParseTransactionOptions<TNumber>
   ): /*

@@ -1,7 +1,6 @@
 import assert from 'assert';
 
 import * as t from 'io-ts';
-import { bitgo } from '@bitgo/utxo-lib';
 import { IRequestTracer, IWallet, KeyIndices, promiseProps, Triple } from '@bitgo/sdk-core';
 import { BIP32, bip32, fixedScriptWallet } from '@bitgo/wasm-utxo';
 
@@ -48,10 +47,10 @@ export function toKeychainTriple(keychains: UtxoNamedKeychains): Triple<UtxoKeyc
 }
 
 export function toBip32Triple(
-  keychains: bitgo.RootWalletKeys | UtxoNamedKeychains | Triple<{ pub: string }> | string[]
+  keychains: fixedScriptWallet.RootWalletKeys | UtxoNamedKeychains | Triple<{ pub: string }> | string[]
 ): Triple<BIP32> {
-  if (keychains instanceof bitgo.RootWalletKeys) {
-    return keychains.triple.map((k) => BIP32.fromBase58(k.toBase58())) as Triple<BIP32>;
+  if (keychains instanceof fixedScriptWallet.RootWalletKeys) {
+    return [keychains.userKey(), keychains.backupKey(), keychains.bitgoKey()];
   }
   if (Array.isArray(keychains)) {
     if (keychains.length !== 3) {