refactor: extract browser wallet into dedicated crate

Author: rplusq

Cargo.lock

@@ -24,6 +24,8 @@ members = [
     "crates/macros/",
     "crates/test-utils/",
     "crates/lint/",
+    "crates/wallets/",
+    "crates/browser-wallet/",
 ]
 resolver = "2"
 
@@ -200,6 +202,7 @@ foundry-evm-traces = { path = "crates/evm/traces" }
 foundry-macros = { path = "crates/macros" }
 foundry-test-utils = { path = "crates/test-utils" }
 foundry-wallets = { path = "crates/wallets" }
+foundry-browser-wallet = { path = "crates/browser-wallet" }
 foundry-linking = { path = "crates/linking" }
 
 # solc & compilation utilities

Cargo.toml

@@ -0,0 +1,41 @@
+[package]
+name = "foundry-browser-wallet"
+version.workspace = true
+edition.workspace = true
+license.workspace = true
+homepage.workspace = true
+repository.workspace = true
+exclude.workspace = true
+
+[lints]
+workspace = true
+
+[dependencies]
+alloy-primitives.workspace = true
+alloy-signer = { workspace = true, features = ["eip712"] }
+alloy-rpc-types.workspace = true
+alloy-consensus.workspace = true
+alloy-network.workspace = true
+alloy-sol-types.workspace = true
+alloy-dyn-abi.workspace = true
+foundry-common.workspace = true
+
+axum.workspace = true
+tokio = { workspace = true, features = ["net", "rt-multi-thread", "macros"] }
+tower.workspace = true
+tower-http = { workspace = true, features = ["cors", "set-header"] }
+uuid = { workspace = true, features = ["v4", "serde"] }
+hex = "0.4"
+parking_lot.workspace = true
+serde = { workspace = true, features = ["derive"] }
+serde_json.workspace = true
+thiserror.workspace = true
+async-trait.workspace = true
+tracing.workspace = true
+webbrowser = "1.0"
+
+[dev-dependencies]
+tokio = { workspace = true, features = ["test-util"] }
+reqwest = { workspace = true, features = ["json"] }
+alloy-signer-local.workspace = true
+alloy-provider.workspace = true

crates/browser-wallet/Cargo.toml

@@ -0,0 +1,220 @@
+# Browser Wallet
+
+Browser wallet integration for Foundry tools, enabling interaction with MetaMask and other browser-based wallets.
+
+## Overview
+
+This crate provides a bridge between Foundry CLI tools and browser wallets using a local HTTP server. It implements support for:
+- Transaction sending via `cast send --browser`
+- Contract deployment via `forge create --browser`
+- Message signing (personal_sign and eth_signTypedData_v4) via `cast wallet sign --browser`
+
+## Architecture
+
+The browser wallet integration follows this flow:
+
+1. CLI starts a local HTTP server on a random port
+2. Opens the user's browser to `http://localhost:PORT`
+3. Web interface connects to the browser wallet (e.g., MetaMask)
+4. CLI queues requests (transactions/signatures) for browser processing
+5. Browser polls for pending requests and prompts user for approval
+6. Results are returned to CLI via the HTTP API
+
+## HTTP API Reference
+
+All API endpoints follow JSON-RPC 2.0 conventions and are served from `http://localhost:PORT`.
+
+### GET `/api/heartbeat`
+Health check endpoint to verify server is running.
+
+**Response:**
+```json
+{
+  "success": true,
+  "data": {
+    "status": "ok",
+    "connected": true,
+    "address": "0x1234..."
+  }
+}
+```
+
+### GET `/api/transaction/pending`
+Retrieve the next pending transaction for user approval.
+
+**Response:**
+```json
+{
+  "success": true,
+  "data": {
+    "id": "uuid-v4",
+    "from": "0x1234...",
+    "to": "0x5678...",
+    "value": "0x1000000000000000",
+    "data": "0x...",
+    "chainId": "0x1"
+  }
+}
+```
+
+### POST `/api/transaction/response`
+Submit transaction approval/rejection result.
+
+**Request:**
+```json
+{
+  "id": "uuid-v4",
+  "hash": "0xabcd...",
+  "error": null
+}
+```
+
+**Response:**
+```json
+{
+  "success": true
+}
+```
+
+### GET `/api/sign/pending`
+Retrieve pending message signing request.
+
+**Response:**
+```json
+{
+  "success": true,
+  "data": {
+    "id": "uuid-v4",
+    "message": "Hello World",
+    "address": "0x1234...",
+    "type": "personal_sign"
+  }
+}
+```
+
+### POST `/api/sign/response`
+Submit message signing result.
+
+**Request:**
+```json
+{
+  "id": "uuid-v4",
+  "signature": "0xabcd...",
+  "error": null
+}
+```
+
+**Response:**
+```json
+{
+  "success": true
+}
+```
+
+### GET `/api/network`
+Get current network configuration.
+
+**Response:**
+```json
+{
+  "success": true,
+  "data": {
+    "chainId": 1,
+    "name": "mainnet"
+  }
+}
+```
+
+### POST `/api/account`
+Update connected wallet account status.
+
+**Request:**
+```json
+{
+  "address": "0x1234...",
+  "chainId": 1
+}
+```
+
+**Response:**
+```json
+{
+  "success": true
+}
+```
+
+## Message Types
+
+### Transaction Request (`BrowserTransaction`)
+```rust
+{
+  id: String,              // Unique transaction ID
+  from: Address,           // Sender address
+  to: Option<Address>,     // Recipient (None for contract creation)
+  value: U256,             // ETH value to send
+  data: Bytes,             // Transaction data
+  chainId: ChainId,        // Network chain ID
+}
+```
+
+### Sign Request (`SignRequest`)
+```rust
+{
+  id: String,              // Unique request ID
+  message: String,         // Message to sign
+  address: Address,        // Address to sign with
+  type: SignType,          // "personal_sign" or "sign_typed_data"
+}
+```
+
+### Sign Type (`SignType`)
+- `personal_sign`: Standard message signing
+- `sign_typed_data`: EIP-712 typed data signing
+
+## JavaScript API
+
+The web interface uses the standard EIP-1193 provider interface:
+
+```javascript
+// Connect wallet
+await window.ethereum.request({ method: 'eth_requestAccounts' });
+
+// Send transaction
+const hash = await window.ethereum.request({
+  method: 'eth_sendTransaction',
+  params: [transaction]
+});
+
+// Sign message
+const signature = await window.ethereum.request({
+  method: 'personal_sign',
+  params: [message, address]
+});
+
+// Sign typed data
+const signature = await window.ethereum.request({
+  method: 'eth_signTypedData_v4',
+  params: [address, typedData]
+});
+```
+
+## Security
+
+- Server only accepts connections from localhost
+- Content Security Policy headers prevent XSS attacks
+- No sensitive data is stored; all operations are transient
+- Automatic timeout after 5 minutes of inactivity
+
+## Standards Compliance
+
+- [EIP-1193](https://eips.ethereum.org/EIPS/eip-1193): Ethereum Provider JavaScript API
+- [EIP-712](https://eips.ethereum.org/EIPS/eip-712): Typed structured data hashing and signing
+- [JSON-RPC 2.0](https://www.jsonrpc.org/specification): Communication protocol
+
+## Contributing
+
+When adding new functionality:
+1. Update message types in `lib.rs`
+2. Add corresponding HTTP endpoints in `server.rs`
+3. Update JavaScript handlers in `assets/web/js/`
+4. Add integration tests in `tests/integration/`

crates/browser-wallet/README.md

@@ -49,6 +49,21 @@ h3 {
     font-size: 0.875rem;
 }
 
+/* Loading state animation */
+@keyframes pulse {
+    0%, 100% {
+        opacity: 1;
+    }
+    50% {
+        opacity: 0.5;
+    }
+}
+
+.status-value.initializing {
+    animation: pulse 1.5s ease-in-out infinite;
+    color: #60a5fa;
+}
+
 .status {
     background: #27272a;
     border-radius: 8px;
@@ -249,4 +264,16 @@ h3 {
     color: #71717a;
     font-size: 0.75rem;
     margin-top: 2rem;
+}
+
+.security-warning {
+    background: #f59e0b1a;
+    border: 1px solid #f59e0b;
+    color: #f59e0b;
+    padding: 1rem;
+    border-radius: 8px;
+    text-align: center;
+    font-size: 0.875rem;
+    margin-bottom: 1rem;
+    font-weight: 500;
 }

crates/wallets/src/browser/assets.rs renamed to crates/browser-wallet/src/assets.rs

@@ -17,7 +17,7 @@ <h1>⚒️ Foundry Browser Wallet</h1>
                 <div id="status-container" class="status">
                     <div class="status-row">
                         <span class="status-label">Status:</span>
-                        <span id="connection-status" class="status-value">Checking...</span>
+                        <span id="connection-status" class="status-value">Initializing...</span>
                     </div>
                     <div class="status-row">
                         <span class="status-label">Account:</span>