Architecture

How the Manifest V3 extension and the reusable @keetanetwork/wallet-core library fit together in the Keythings Wallet monorepo.

Monorepo layout

The open-source repository exposes two main pieces:

  • src/ — the Keythings Wallet browser extension (background/service worker, popup UI, content scripts, inpage provider, shared libs).
  • packages/wallet-core/ — the @keetanetwork/wallet-core TypeScript library, published as a standalone package.

At the root, a Bun workspace configuration ensures the extension consumes wallet-core the same way external integrators would, keeping the public integration surface honest.

Extension components

Background service worker

  • Implements the wallet provider handler and JSON-RPC bridge to dApps.
  • Holds sensitive material only in memory while unlocked.
  • Coordinates key lifecycle, capability grants, and network access rules.

External data from dApps (for example, anchor payloads and smart contract calls) is carried either as the data field of keeta_sendTransaction or as per-operation data/external fields when using the builder.

The background service validates these fields with Zod and maps them into the Keeta SDK's send builder external parameter, so anchors and other protocols see a consistent external payload on-chain.

Content scripts & inpage provider

  • A content script injects the inpage provider into allowed origins, exposing window.keeta.
  • Messages between inpage, content script, and service worker are validated and schema-checked before use.
  • Each origin receives scoped capability tokens that gate read and transaction operations.

Popup UI

  • Built with React and TypeScript using Vite for development and bundling.
  • Surfaces balances, activity, network selection, and approval flows.
  • Calls into shared libs for state management, Keeta SDK helpers, and secure storage.

@keetanetwork/wallet-core

The wallet-core package collects reusable logic used by the extension and external applications:

  • Keeta SDK integration (account derivation, history pagination, fee quoting).
  • Helpers for activity normalization and history querying.
  • Typed interfaces for accounts, tokens, and network configuration.

By consuming this package through the workspace dependency graph, the extension ensures that dApps and enterprise integrators can rely on the same public APIs without reaching into private SDK internals.

Security & testing integration

Architecture and security are validated continuously via automated tests and security suites. The root README documents the commands used to exercise the system:

  • bun run test — full test suite (unit, integration, e2e, validation, security).
  • bun run lint — static analysis and linting.
  • bun run build — production build of the extension (run once per change set).
  • bun run security:all — security-focused suites including fuzzing and crypto checks.

For deeper detail on threat modelling and control coverage, see the Security and Testing sections in this docs site and the SECURITY.md file in the monorepo.

6 of 27