AlgoScan

* fix: correctly log address

* chore: npm audit fix

* feat: ed25519 wrapped seed interface

* chore: fix npm audit

* chore: PR review feedback

* test: await runTests

* fix: ensure seed is properly zeroed out

* feat: wrapped secret

* chore: update .nsprc

* chore: PR review

* chore: remove 64-byte secret wrapping/unwrapping

* chore: add signing examples

* chore: add mock KMSClient for CI

* docs: add secret-management.md

* docs: AWS comment

* docs: add imports

* docs: add header comments

* chore: use utils/crypto

* Apply suggestions from code review

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* chore: rm FIXME from docs/examples

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* docs: fix grammar

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* chore: use sidebar config json

* chore: update sidebar config, examples loader and verification scripts

* chore: add nsprc exception for flatted vuln (1114526)

---------

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Luca Martini <luca.martini@algorand.foundation>

* chore: assert top bit isn't set

In the xHD lib, the signing function uses
[crypto_scalarmult_ed25519_base_noclamp](https://github.com/algorandfoundation/xHD-Wallet-API-ts/blob/96e7a4be6bca67a4f77252206811f7676e59e5ec/src/x.hd.wallet.api.crypto.ts#L144-L144)
to get the public key  which [clears the top
bit](https://github.com/algorandfoundation/xHD-Wallet-API-ts/blob/9849fb3e90cecfb6348e188ff445b55806bfde00/src/sumo.facade.ts#L106-L106).
Then for the signing, the [raw
scalar](https://github.com/algorandfoundation/xHD-Wallet-API-ts/blob/96e7a4be6bca67a4f77252206811f7676e59e5ec/src/x.hd.wallet.api.crypto.ts#L156-L156)
is used without clearing the top bit. Since this is not an exported
function and the keys used are always from the known derivation function
(which ensure the top bit is clear), then this is not an issue. In
AlgoKit, however, we have no guarantees about where the scalar comes
from. As such, it's possible for someone to pass a scalar that does not
have the top bit cleared. The two options are to either clear it
automatically or error, but since a scalar without the top bit cleared
is invalid ed255519 scalar it seems preferable to just throw an error.

* test: add scalar top-bit tests

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>