chia-walletconnect

⚠Review·Scanned 2/18/2026

This skill implements a Telegram Web App to verify Chia wallet ownership via WalletConnect and MintGarden. It performs network calls to https://api.mintgarden.io, requires environment variables such as WALLETCONNECT_PROJECT_ID stored in .env, and includes CLI/shell steps like npm install and node server.

from clawhub.ai·v962c18f·169.3 KB·0 installs

Scanned from 1.0.0 at 962c18f · Transparency log ↗

$ vett add clawhub.ai/koba42corp/chia-walletconnectReview findings below

🌱 Chia WalletConnect - Telegram Signature Verification

Verify Chia wallet ownership via Telegram using WalletConnect and Sage Wallet.

A Telegram Web App (Mini App) that enables seamless wallet signature verification for Chia blockchain addresses through WalletConnect integration with Sage Wallet, powered by MintGarden's signature verification API.

✨ Features

🔗 WalletConnect v2 Integration — Industry-standard wallet connection protocol
📱 Telegram Mini App — Native in-app experience
🔐 Signature Verification — Cryptographic proof of wallet ownership
✅ MintGarden API — Trusted signature validation
🎯 CHIP-0002 Support — Sage Wallet compatibility
💚 Mobile-First — Optimized for Telegram mobile clients
🚀 Zero Manual Copy/Paste — Seamless user experience

🏗️ Architecture

┌─────────────────┐
│  Telegram Bot   │
│ (Clawdbot)      │
└────────┬────────┘
         │ /verify command
         │ Opens Web App →
         ▼
┌─────────────────────────────┐
│   Telegram Mini App         │
│   (Hosted Web Frontend)     │
│                             │
│  ┌──────────────────────┐  │
│  │  WalletConnect v2    │  │
│  │  Sign Client         │  │
│  └──────────┬───────────┘  │
│             │               │
│             │ Connect & Sign
│             ▼               │
│      ┌──────────────┐      │
│      │ Sage Wallet  │      │
│      │   (Mobile)   │      │
│      └──────┬───────┘      │
│             │               │
│             │ Returns signature
│             ▼               │
│  ┌──────────────────────┐  │
│  │  Send to Bot via     │  │
│  │  Telegram.sendData() │  │
│  └──────────────────────┘  │
└─────────────────────────────┘
              │
              │ web_app_data
              ▼
┌─────────────────────────┐
│  Bot Webhook Handler    │
│  (Verifies signature)   │
└────────┬────────────────┘
         │
         │ POST /verify_signature
         ▼
┌─────────────────────────┐
│  MintGarden API         │
│  (Signature validation) │
└─────────────────────────┘

🚀 Quick Start

Installation

# Install skill via ClawdHub
clawdhub install chia-walletconnect

# Install dependencies
cd skills/chia-walletconnect
npm install

# Make CLI executable
chmod +x cli.js

Local Development

# Start the development server
npm start
# Server runs on http://localhost:3000

# Test in browser
open http://localhost:3000

CLI Usage

# Generate a challenge
node cli.js challenge xch1abc... telegram_user_123

# Verify a signature
node cli.js verify xch1abc... "message" "signature" "pubkey"

# Validate address format
node cli.js validate xch1abc...

# Start web server
node cli.js server

📱 Telegram Bot Integration

Step 1: Deploy Web App

Deploy the webapp/ folder to a public HTTPS URL:

Option A: Vercel

# Install Vercel CLI
npm i -g vercel

# Deploy
cd webapp
vercel

# Copy the deployment URL (e.g., https://your-app.vercel.app)

Option B: Netlify

# Install Netlify CLI
npm i -g netlify-cli

# Deploy
cd webapp
netlify deploy --prod

# Copy the deployment URL

Option C: Your Own Server

# Run the server on your VPS
npm start

# Use ngrok for testing
ngrok http 3000

Step 2: Register with BotFather

Open Telegram and message @BotFather
Send /newapp or /editapp
Select your bot
Web App URL: Enter your deployed URL (e.g., https://your-app.vercel.app)
Short Name: verify (or any unique identifier)

Step 3: Add Bot Command

Create a /verify command in your bot:

// In your Clawdbot skill or bot handler

bot.onText(/\/verify/, async (msg) => {
  const chatId = msg.chat.id;
  
  // Send inline button to launch Web App
  bot.sendMessage(chatId, 'Click below to verify your Chia wallet:', {
    reply_markup: {
      inline_keyboard: [[
        {
          text: '🌱 Verify Wallet',
          web_app: { url: 'https://your-app.vercel.app' }
        }
      ]]
    }
  });
});

Step 4: Handle Web App Data

Listen for signature data returned from the Web App:

// Handle web_app_data callback
bot.on('web_app_data', async (msg) => {
  const chatId = msg.chat.id;
  const data = JSON.parse(msg.web_app_data.data);
  
  const { address, message, signature, publicKey, userId } = data;
  
  console.log(`🔐 Received signature from ${address}`);
  
  // Verify signature with MintGarden API
  const { verifySignature } = require('./lib/verify');
  const result = await verifySignature(address, message, signature, publicKey);
  
  if (result.verified) {
    bot.sendMessage(chatId, `✅ Wallet verified!\n\nAddress: ${address}`);
    
    // Store verification in your database
    // await saveVerification(userId, address);
    
  } else {
    bot.sendMessage(chatId, `❌ Verification failed: ${result.error}`);
  }
});

🔧 Configuration

Environment Variables

Create a .env file:

# Server configuration
PORT=3000
NODE_ENV=production

# WalletConnect Project ID
# Get yours at https://cloud.walletconnect.com
WALLETCONNECT_PROJECT_ID=6d377259062295c0f6312b4f3e7a5d9b

# Optional: MintGarden API
MINTGARDEN_API_URL=https://api.mintgarden.io

# Optional: Your backend API
BACKEND_API_URL=https://your-backend.com/api

WalletConnect Project ID

The included Project ID (6d377259062295c0f6312b4f3e7a5d9b) is from the Dracattus reference implementation. For production:

Visit WalletConnect Cloud
Create a new project
Copy your Project ID
Update in webapp/app.js:

const WALLETCONNECT_PROJECT_ID = 'your-project-id-here';

🛠️ API Reference

MintGarden Signature Verification

Endpoint: POST https://api.mintgarden.io/address/verify_signature

Request:

{
  "address": "xch1abc...",
  "message": "Verify ownership of...",
  "signature": "signature_hex",
  "pubkey": "public_key_hex"
}

Response:

{
  "verified": true
}

CHIP-0002 Methods

The skill uses these WalletConnect methods for Sage Wallet:

Method	Description
`chip0002_getPublicKeys`	Fetch wallet public keys
`chip0002_signMessage`	Sign a message with wallet
`chia_getCurrentAddress`	Get current receive address

📂 Project Structure

chia-walletconnect/
├── webapp/                   # Telegram Web App frontend
│   ├── index.html           # Main UI
│   ├── app.js               # WalletConnect logic
│   └── styles.css           # Styling
├── lib/                      # Core libraries
│   ├── challenge.js         # Challenge generation
│   ├── verify.js            # MintGarden API client
│   └── telegram.js          # Telegram Web App helpers
├── server/                   # Optional backend
│   └── index.js             # Express server for webhooks
├── cli.js                    # CLI interface
├── package.json             # Dependencies
├── SKILL.md                 # Clawdbot skill documentation
└── README.md                # This file

🧪 Testing

Test Locally

Start server:
```
npm start
```
Open in browser:
```
http://localhost:3000
```
Test WalletConnect:
- Click "Connect Sage Wallet"
- Copy the URI or scan QR code
- Open Sage Wallet → paste URI
- Approve connection
- Sign the challenge message

Test with Telegram

Use ngrok for local testing:
```
ngrok http 3000
```
Update BotFather Web App URL to ngrok URL
Send /verify in your bot
Click the inline button
Complete verification flow

🔐 Security Considerations

✅ What's Secure

Challenge Nonces — Prevents replay attacks
Timestamp Validation — Challenges expire after 5 minutes
MintGarden Verification — Cryptographic signature validation
HTTPS Required — Telegram enforces HTTPS for Web Apps
No Private Keys — Never requests or stores private keys

⚠️ Important Notes

Store Verifications Securely
- Use encrypted database
- Don't log signatures/public keys
- Implement rate limiting
Validate User Identity
- Link Telegram user ID to verified address
- Prevent address spoofing
- Implement cooldown periods
Production Checklist
- Use your own WalletConnect Project ID
- Enable CORS only for your domain
- Implement rate limiting on verification endpoint
- Log verification attempts for auditing
- Use environment variables for secrets
- Deploy behind CDN for DDoS protection

💡 Use Cases

1. NFT Gated Chats

Verify users own a specific NFT before granting access to Telegram groups.

2. Airdrop Eligibility

Verify wallet ownership before distributing tokens.

3. Authentication

Use wallet as login credential (Web3-style auth).

4. Proof of Holdings

Verify users hold a minimum XCH balance or specific CATs.

5. DAO Voting

Authenticate voters based on token holdings.

🐛 Troubleshooting

Problem: WalletConnect URI Not Working

Solutions:

Check Sage Wallet supports WalletConnect v2
Try manual URI paste instead of QR scan
Ensure Sage is on the latest version
Check console for connection errors

Problem: Signature Verification Fails

Solutions:

Ensure correct message format (exact match)
Verify public key matches address
Check MintGarden API status
Confirm signature encoding (hex/base64)

Problem: Web App Doesn't Load

Solutions:

Verify HTTPS deployment (Telegram requires SSL)
Check CORS headers
Test URL directly in browser
Review Telegram Bot logs

Problem: "No Public Key Available"

Solutions:

Sage may not expose public key via WalletConnect
Try alternative method (signature still works)
Public key is optional for verification

🔄 Workflow Diagram

User              Telegram           Web App          Sage Wallet      MintGarden
 │                   │                  │                   │               │
 ├─ /verify ────────>│                  │                   │               │
 │                   ├─ Web App button >│                   │               │
 │                   │                  ├─ WC connect ─────>│               │
 │                   │                  │<── approve ───────┤               │
 │                   │                  ├─ sign request ───>│               │
 │                   │                  │<── signature ─────┤               │
 │                   │<─ sendData() ────┤                   │               │
 │                   ├──────────────────────── verify ──────────────────────>│
 │                   │<──────────────────────── verified ────────────────────┤
 │<─ ✅ Verified ────┤                  │                   │               │
 │                   │                  │                   │               │

📊 Performance

Metrics

Stage	Time
WalletConnect Init	~1-2s
Connection Approval	User-dependent
Signature Request	~2-5s
MintGarden Verification	~0.5-1s
Total (optimal)	~5-10s

Optimization Tips

Cache WalletConnect sessions — Reconnect faster on repeat use
Batch verifications — Verify multiple addresses at once
Implement retry logic — Handle transient network errors
Use CDN — Serve static assets faster

🤝 Contributing

Contributions welcome! Please:

Fork the repository
Create a feature branch
Add tests for new features
Submit a pull request

📜 License

MIT License — Koba42 Corp

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software.

🔗 Links

MintGarden API: https://api.mintgarden.io/docs
WalletConnect: https://docs.walletconnect.com/
Telegram Web Apps: https://core.telegram.org/bots/webapps
Sage Wallet: https://www.sagewallet.io/
CHIP-0002: https://github.com/Chia-Network/chips/blob/main/CHIPs/chip-0002.md

🌟 Credits

Built by: Koba42 Corp
Inspired by: Dracattus Web App WalletConnect implementation
Powered by: MintGarden API, WalletConnect, Sage Wallet, Telegram Bot API

🌱 Verify with confidence. Own with proof. 🌱

</div>