When a descriptor is passed directly, strip its checksum, derive the
missing external/internal counterpart, and normalize both through
getdescriptorinfo before importing — matching the full address set
that --wallet produces.
- Replace frontend mock with real fetch calls to POST /api/wallet/analyze and GET /api/wallet/{id}/utxos
- Add Vite dev proxy for /api to avoid CORS in development
- Implement WalletResource.java with the two endpoints
- Add WalletMockData.java with the 5-UTXO dataset
- Configure CORS and port in application.properties
- Add backend/requests/wallet.http with kulala tests (29 assertions, all passing)
Three-screen state machine (input → loading → report) for analyzing
Bitcoin wallet descriptor privacy. Includes mock UTXO data with
ADDRESS_REUSE, DUST_SPEND, CONSOLIDATION, and CIOH vulnerability types.
Add full README covering purpose, the four privacy vulnerabilities
detected (address reuse, dust spend, UTXO consolidation, CIOH),
usage instructions, project structure, and a privacy notice.
