Conversation
* Update test names * Fix handling for multiple explicit signers
use isIncrementCall in signCall
* Add WDK Google ID token auth flow * Unify Google WDK auth kinds * Refine WDK Google id token flow * Fix id-token auth key cleanup on signer mismatch * Restore guard error logging * Unify Google WDK signer kind * Fix WDK auth flow cleanup and implicit session metadata
* wdk: account federation * wdk: address review comments; refactor auth commitments * wdk: update tests * fix test
Bumps [happy-dom](https://github.com/capricorn86/happy-dom) from 20.7.0 to 20.8.8. - [Release notes](https://github.com/capricorn86/happy-dom/releases) - [Commits](capricorn86/happy-dom@v20.7.0...v20.8.8) --- updated-dependencies: - dependency-name: happy-dom dependency-version: 20.8.8 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [next](https://github.com/vercel/next.js) from 15.5.10 to 15.5.14. - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.5.10...v15.5.14) --- updated-dependencies: - dependency-name: next dependency-version: 15.5.14 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [happy-dom](https://github.com/capricorn86/happy-dom) from 20.8.8 to 20.8.9. - [Release notes](https://github.com/capricorn86/happy-dom/releases) - [Commits](capricorn86/happy-dom@v20.8.8...v20.8.9) --- updated-dependencies: - dependency-name: happy-dom dependency-version: 20.8.9 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [next](https://github.com/vercel/next.js) from 15.5.14 to 15.5.15. - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v15.5.14...v15.5.15) --- updated-dependencies: - dependency-name: next dependency-version: 15.5.15 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
#1007) * feat(relayer): propagate sponsored signal and mark swallowed errors `RpcRelayer.feeOptions` now forwards the server's `sponsored: boolean` to callers, and both `feeOptions` and `feeTokens` mark their swallowed-error returns with `failed: true`. The `Relayer` interface and all bundled implementations (Rpc, Sequence, Local, EIP6963, Pk) are widened to match. Additive change: existing consumers ignoring the new fields are unaffected. Downstream sponsorship classifiers should switch from `!feeOption` inference to `sponsored === true` so a real subsidy is no longer indistinguishable from a swallowed `/FeeOptions` error. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * feat(wallet-wdk): carry sponsored/failed on StandardRelayerOption `StandardRelayerOption` gains optional `sponsored` and `failed` fields, populated on both construction branches in `transactions.ts` from the relayer SDK's new `feeOptions` return. `isStandardRelayerOption` / `isERC4337RelayerOption` are re-exported so consumers can narrow before reading the new fields. UI consumers that classified sponsorship by "no fee option attached" should switch to `sponsored === true` to distinguish a real subsidy from a swallowed `/FeeOptions` error. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * feat(dapp-client): add isSponsored for explicit sponsorship checks `DappClient.isSponsored(chainId, transactions)` and `ChainSessionManager.isSponsored(calls)` return true only when the relayer's `/FeeOptions` endpoint explicitly reports sponsorship; any error, network failure, or absence of sponsorship returns false. A true result is always safe to surface as "free gas" in UI. Prefer this over inferring sponsorship from an empty `getFeeOptions` array — a swallowed `/FeeOptions` error produces the same empty shape as a real subsidy. `getFeeOptions` is unchanged. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Bumps [turbo](https://github.com/vercel/turborepo) from 2.9.8 to 2.9.14. - [Release notes](https://github.com/vercel/turborepo/releases) - [Changelog](https://github.com/vercel/turborepo/blob/main/RELEASE.md) - [Commits](vercel/turborepo@v2.9.8...v2.9.14) --- updated-dependencies: - dependency-name: turbo dependency-version: 2.9.14 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
There was a problem hiding this comment.
Sorry @Dargon789, your pull request is larger than the review limit of 150000 diff characters
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
Review or Edit in CodeSandboxOpen the branch in Web Editor • VS Code • Insiders |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces OIDC ID token login support, account federation, and Arweave state reader integration, alongside explicit transaction sponsorship checks (isSponsored) and safe-mode self-transfer fixes. The code review highlights several critical issues: a missing Signers import in wallets.ts, missing data parameter forwarding in EIP6963Relayer and PkRelayer's feeOptions methods, an async promise executor anti-pattern in IdTokenHandler, and potential runtime crashes in wallets.ts due to unsafe casting of handlers without instanceof AuthCodeHandler checks.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| import { Address, Hex, Provider, RpcTransport } from 'ox' | ||
| import { AuthCommitment } from '../dbs/auth-commitments.js' | ||
| import { AuthCodeHandler } from './handlers/authcode.js' | ||
| import { IdTokenHandler } from './handlers/idtoken.js' |
There was a problem hiding this comment.
The Signers namespace/class is used in the newly added addLoginSignerFromPrepared method (e.g., Signers.isSapientSigner), but it is not imported in this file. This will cause a TypeScript compilation error. Please import Signers from @0xsequence/wallet-core.
| import { IdTokenHandler } from './handlers/idtoken.js' | |
| import { IdTokenHandler } from './handlers/idtoken.js' | |
| import { Signers } from '@0xsequence/wallet-core' |
| ): Promise<{ options: FeeOption[]; quote?: FeeQuote; sponsored: boolean; failed?: boolean }> { | ||
| return this.relayer.feeOptions(wallet, chainId, to, calls) |
There was a problem hiding this comment.
The feeOptions method in EIP6963Relayer does not accept or forward the optional data parameter to the underlying relayer. This prevents accurate simulation of transactions for undeployed wallets when using an EIP-6963 relayer. Please add the data parameter and forward it.
data?: Hex.Hex,
): Promise<{ options: FeeOption[]; quote?: FeeQuote; sponsored: boolean; failed?: boolean }> {
return this.relayer.feeOptions(wallet, chainId, to, calls, data)| ): Promise<{ options: FeeOption[]; quote?: FeeQuote; sponsored: boolean; failed?: boolean }> { | ||
| return this.relayer.feeOptions(wallet, chainId, to, calls) |
There was a problem hiding this comment.
The feeOptions method in PkRelayer does not accept or forward the optional data parameter to the underlying relayer. This prevents accurate simulation of transactions for undeployed wallets when using a private key relayer. Please add the data parameter and forward it.
data?: Hex.Hex,
): Promise<{ options: FeeOption[]; quote?: FeeQuote; sponsored: boolean; failed?: boolean }> {
return this.relayer.feeOptions(wallet, chainId, to, calls, data)| // eslint-disable-next-line no-async-promise-executor | ||
| return new Promise(async (resolve, reject) => { | ||
| try { | ||
| const respond: RespondFn = async (idToken) => { | ||
| try { | ||
| const [signer, metadata] = await this.completeAuth(idToken) | ||
| resolve({ signer, email: metadata.email || '' }) | ||
| } catch (error) { | ||
| reject(error) | ||
| } | ||
| } | ||
|
|
||
| await onPromptIdToken(this.signupKind, respond) | ||
| } catch (error) { | ||
| reject(error) | ||
| } | ||
| }) |
There was a problem hiding this comment.
Using an async executor in new Promise is an anti-pattern and violates the no-async-promise-executor ESLint rule. Any asynchronous rejection or error thrown inside the executor might not be caught properly. It is cleaner and safer to use a standard synchronous executor and handle promise rejection via .catch(reject).
return new Promise((resolve, reject) => {
const respond: RespondFn = async (idToken) => {
try {
const [signer, metadata] = await this.completeAuth(idToken)
resolve({ signer, email: metadata.email || '' })
} catch (error) {
reject(error)
}
}
onPromptIdToken(this.signupKind, respond).catch(reject)
})| const handler = this.shared.handlers.get(getSignupHandlerKey(args.kind)) as AuthCodeHandler | ||
| if (!handler) { | ||
| throw new Error('handler-not-registered') |
There was a problem hiding this comment.
When Google is configured for ID token authentication, the handler returned by getSignupHandlerKey will be an IdTokenHandler instead of an AuthCodeHandler. Casting it as AuthCodeHandler without checking will cause a runtime crash when calling completeAuth because IdTokenHandler.completeAuth has a different signature. Please add an instanceof AuthCodeHandler check.
| const handler = this.shared.handlers.get(getSignupHandlerKey(args.kind)) as AuthCodeHandler | |
| if (!handler) { | |
| throw new Error('handler-not-registered') | |
| const handler = this.shared.handlers.get(getSignupHandlerKey(args.kind)) | |
| if (!handler) { | |
| throw new Error('handler-not-registered') | |
| } | |
| if (!(handler instanceof AuthCodeHandler)) { | |
| throw new Error('handler-does-not-support-redirect') | |
| } |
| const handler = this.shared.handlers.get(args.kind) as AuthCodeHandler | ||
| if (!handler) { | ||
| throw new Error('handler-not-registered') |
There was a problem hiding this comment.
If a custom provider is configured as an ID token provider but the caller passes authcode arguments, the handler will not be an AuthCodeHandler. Casting it without checking will cause a runtime crash. Please add an instanceof AuthCodeHandler check.
const handler = this.shared.handlers.get(args.kind)
if (!handler) {
throw new Error('handler-not-registered')
}
if (!(handler instanceof AuthCodeHandler)) {
throw new Error('handler-does-not-support-redirect')
}
Dargon789
merged commit 67c1664
into
Dargon789:signing-optimisation-master
10 participants
No description provided.