feat(sdk-core, express): consume userKeySigningRequired from coinSpecific

[zahin-mohammad]

Summary

Phase 2 of the userKeySigningRequired location refactor (parent: WCN-460). The trading-account BitGo-key signing gate in BitGoJS now reads walletData.coinSpecific.ofc.userKeySigningRequired, falling back to the top-level userKeySigningRequired only when the coinSpecific subdocument is absent. The top-level field is marked @deprecated and will be removed in a follow-up major release (Phase 3).

The express WalletResponse codec gains typed visibility for coinSpecific.ofc.userKeySigningRequired via t.intersection([t.partial({ ofc: ... }), t.UnknownRecord]). The intersection preserves the existing permissive t.UnknownRecord decode for wallets carrying other coinSpecific subdocuments (eth, terc20, etc.) — silently rejecting previously-decoding wallet responses would itself be an AP-0002 breaking change.

• feat(sdk-core): extends WalletCoinSpecific with ofc?: { userKeySigningRequired?: boolean }, shifts the read in signPayloadByBitGoKey(), marks WalletData.userKeySigningRequired deprecated.
• feat(express): types coinSpecific.ofc on the WalletResponse codec.

Issue Number

WCN-471 — https://linear.app/bitgo/issue/WCN-471

Type of change

• New feature (non-breaking change which adds functionality)

How Has This Been Tested?

sdk-core (TradingAccount suite — 16 passing, +2 new cases):

• existing case (coinSpecific.ofc.userKeySigningRequired: true throws) — renamed and re-asserted
• new: top-level userKeySigningRequired: true still throws when coinSpecific.ofc is absent (fallback)
• new: coinSpecific.ofc takes precedence over top-level when both are present

express (io-ts decode tests suite — 23 passing, +4 new cases):

• decodes wallets with only non-ofc coinSpecific subdocuments (e.g. coinSpecific.eth)
• decodes wallets with coinSpecific.ofc.userKeySigningRequired: true
• decodes wallets with empty coinSpecific
• rejects coinSpecific.ofc.userKeySigningRequired of wrong type

yarn workspace @bitgo/sdk-core run unit-test --grep "TradingAccount"
yarn workspace @bitgo/express run unit-test --grep "io-ts decode tests"
yarn workspace @bitgo/sdk-core run lint
yarn workspace @bitgo/express run lint

Phase 3 (out of scope, follow-up PR)

Removal of the top-level fallback and the WalletData.userKeySigningRequired field is an AP-0002 breaking change, however no breaking change release will made as this is a feature still in development.

Checklist

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• My code compiles correctly (sdk-core, express tsc clean)
• My commits follow Conventional Commits and the ticket is referenced
• I have added tests covering both the new coinSpecific shape and the top-level fallback
• New and existing unit tests pass locally with my changes

🤖 Generated with Claude Code

[linear-code]

WCN-471

[zahin-mohammad]

Addressed all four review comments — pushed amended commits in place of the originals.

Confirmed in bitgo-microservices/packages/wallet-platform/app/models/v2/coins/ofc/ofc.schema.ts (defineSubDocumentToJson lines 48–55) that the OFC subdocument's toJSON flattens its fields directly under coinSpecific — there is no ofc wrapper key in the API response. The original Linear ticket description was wrong about the shape.

Updated:

• WalletCoinSpecific.userKeySigningRequired?: boolean (no nested ofc)
• Gate read: walletData.coinSpecific?.userKeySigningRequired ?? walletData.userKeySigningRequired
• Express codec: t.intersection([t.partial({ userKeySigningRequired: t.boolean }), t.UnknownRecord])
• Deprecation JSDoc points to coinSpecific.userKeySigningRequired
• Test mocks use flat shape (coinSpecific: {} / coinSpecific: { userKeySigningRequired: true })
• Decode tests now exercise wallets with arbitrary flat coinSpecific fields

All tests/lint pass. PR description updated implicitly via the new commit messages.