This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
Core Extension is a non-custodial browser extension for Chromium browsers built using Manifest V3. It enables users to seamlessly and securely interact with Web3 applications powered by Avalanche, supporting Bitcoin, Ethereum, and Solana networks.
The project uses a monorepo structure with yarn workspaces and contains two main applications:
- Next: The next-generation version (React 19, modern architecture) in
apps/next/
# Start development (defaults to legacy)
yarn dev
yarn start
# Setup project (install deps + allow-scripts)
yarn setup# Build for production
yarn build # Production build
# Build alpha versions
yarn build:alpha # Alpha
yarn build:alpha:no-source-maps # Alpha without source maps
# Create extension packages
yarn zip # Zip for Chrome Store# Run tests
yarn test # Tests
yarn test:watch # Watch mode
yarn test:path <pattern> # Test specific pattern
# Code quality
yarn lint # Lint
yarn typecheck # Typecheck
yarn prettify # Format all code
# Internationalization
yarn scanner # i18n scanBuilt with Rsbuild (Rspack-based) instead of Webpack. Each package has its own build configuration:
- Apps use environment-specific configs (
rsbuild.{app}.{env}.ts) - Packages have shared common configs with dev/prod variants
The extension follows the standard Manifest V3 architecture with 4 isolated components:
- Service Worker (
packages/service-worker/): Background script handling business logic, network communication, transaction signing, and encrypted storage - Frontend (
apps/legacy/orapps/next/): React UI for onboarding, main interface, and approval windows - Content Script (
packages/content-script/): Bridge between service worker and injected provider - Injected Provider (
packages/inpage/): EIP-1193 compliant provider injected into web pages for dApp communication
@core/common: Shared utilities, constants, and helper functions@core/messaging: Cross-context communication system with JSON serialization@core/service-worker: Background script services and business logic@core/types: Comprehensive TypeScript type definitions@core/ui: Shared React components, hooks, and providers@core/content-script: Content script for web page injection bridge@core/inpage: In-page provider implementing EIP-1193 standard@core/offscreen: Offscreen document for secure DOM operations
The service worker uses dependency injection (TSyringe) with service-oriented architecture:
Core Services:
AccountsService: Multi-wallet account managementBalancesService: Token balances and portfolio aggregationNetworkService: Blockchain network configuration and switchingWalletService: Transaction signing and wallet operationsPermissionsService: dApp permission managementBridgeService: Cross-chain bridge operationsSeedlessService: Seedless wallet authentication via CubeSignerLedgerService: Hardware wallet integrationKeystoneService: Keystone hardware wallet supportStorageService: Encrypted data persistence
Architecture Patterns:
- Handlers: RPC method processors combining service functionality
- Events: Pub/sub system for cross-component communication
- Middleware: Request processing pipeline (auth, logging, permissions)
The frontend supports multiple contexts determined by isSpecificContextContainer.ts:
- POPUP: Main extension UI (browser icon click)
- CONFIRM: Approval windows for dApp interactions
- HOME: Fullscreen onboarding experience
- No XMLHttpRequest: Use
fetch()only - No DOM/window: Use offscreen documents for DOM operations
- Service Worker Restarts: Background script can restart anytime - never rely on in-memory state
- Strict CSP: No eval(), limited inline scripts
- Storage: Always use encrypted
StorageService, never direct chrome.storage
- Encrypt Everything: All storage must be encrypted via
StorageService - No Plain Text Secrets: Never expose private keys outside respective services
- Password Fields: Use password inputs for sensitive data (Chrome caches regular inputs)
- No Frontend Storage: Never use localStorage - all state in encrypted background storage
- Single Purpose Services: Keep services focused, combine functionality in handlers
- Clean State: Reset all state when wallet locks
- Event-Driven Communication: Services communicate via events, not direct calls
- Handler-Service Pattern: Handlers orchestrate multiple services for complex operations
- Uses K2 Components for UI consistency
- Avoid overriding MUI classes - update K2 or Figma instead
- Ask in
k2-product-design-systemSlack for design system questions
- Copy
.env.exampleto.env.devfor development - Requires Node.js 20.18.0 and Yarn 4.7.0 (managed by Volta)
- Requires access to
@avalabspackages on npmjs.com with 2FA
- Build:
yarn dev - Chrome: Go to
chrome://extensions/, enable Developer mode - Load: Click "Load unpacked", select
dist/ - Hot reload: Changes reload automatically during development
- Service Worker: Requires extension reload for background script changes
- Avalanche: C-Chain, P-Chain, X-Chain (primary focus)
- Bitcoin: Native Bitcoin and testnet support
- Ethereum: EVM-compatible chains
- Solana: Solana support behind feature flag
- Unit tests co-located with source (
.test.tsfiles) - Integration tests for service interactions
- Mocks in
__mocks__/directories - Jest testing framework across all packages
- Test both when changing shared code
- Uses semantic versioning with conventional commits
feat:= minor version bumpfix:= patch version bumpBREAKING CHANGE:= major version bump- Alpha builds: Automatic on main branch merge
- Production: Manual GitHub Action trigger
- Service worker 5-minute idle timeout and random restarts
- EIP-1193 provider race conditions with other wallets (MetaMask, Rabby)
- WebUSB limitations in service worker (requires frontend for Ledger)
- Encrypted storage key derivation using Scrypt KDF
- Cross-chain bridge complexity with multi-step state management
- Content Security Policy restrictions in Manifest V3
- Balance polling service manages network requests efficiently
- Use incremental promise resolution for batch operations
- Implement proper cleanup in service constructors
- Avoid memory leaks in long-running background processes
Always run yarn lint and yarn typecheck before committing changes.