2.3.7 (#131)

[Dargon789]

• fix broken guard private key

• Expose access to passkey credential list

• Dapp client direct txn request (Dapp client direct txn request 0xsequence/sequence.js#856)

• Signature request refactor

• WIP

• Refactor

• Update dapp-client exports (Update dapp-client exports 0xsequence/sequence.js#858)

• Add hasPermission method to DappClient (Add hasPermission method to DappClient 0xsequence/sequence.js#859)

• Save discovered passkey credentials upon login

• Expose name property in PasskeySignupArgs

• Fix blacklist sort

• Add multi server script

• relayer: /SimulateV3 (relayer: /SimulateV3 0xsequence/sequence.js#857)

• Add await for handleOpenDB scheduleExpiration

• Update increment to always include native once used

• Fix session tests

• Adding lastLoginAt to PasskeyCredential

• LoginToPasskeyArgs now accept a credentialId which is used to specify which credential to use

• Adding onSignatureRequestStatus function to register single use callbacks for when a request reaches a terminal state of completed or cancelled

• When a login is cancelled we can remove the wallet which is logging-in

• Add RC3 contracts

• Sessions space restriction

• Dedupe signers for encoding

• Support RC3 sessions

• Tightly increment call validation

• CLI defaults to RC3 wallet code

• Rc3 address test

• Fix hashing tests

• Add deprecated encoding test

• wdk: throw errors from otp respond callback (wdk: throw errors from otp respond callback 0xsequence/sequence.js#864)

• wdk: throw errors from otp respond callback

• wdk: otp auth error and handler refactor

• Handle guard 2FA (Handle guard 2FA 0xsequence/sequence.js#861)

• guard: return a specific error when auth required

• core: pass guard token to the service

• wdk: handle prompting for guard 2FA code

• dapp-client: handle prompting for guard 2FA code

• guard 2fa tests

• wdk: separate wallet and sessions guards

• dapp-client: remove guard 2fa

• dapp-client: fix imports

• fix guard tests

• wdk: remove unneeded promise resolve

• Update relayer and api gen.ts, force public packages

• Add standalone fetch queued payloads

• Replacing GuardRole enum with string union type, as well as replacing guardAddresses Map with Record<GuardRole, Address>

• Fallback to chain for non-logged in recovery

• Add Katana, Sandbox Tesnet, Incentiv Testnet v2 (Add Katana, Sandbox Tesnet, Incentiv Testnet v2 0xsequence/sequence.js#873)

• Update a few remaining dev1 contract addresses to rc3 (Update a few remaining dev1 contract addresses to rc3 0xsequence/sequence.js#874)

• Remove unnecessary console.error where we already throw error

• Improve DappClient hasPermission method

• Wallet db try checksum and lowercase

• Update dapp client json utils to include Map reviver and replacer

• Bump next in the npm_and_yarn group across 1 directory

Bumps the npm_and_yarn group with 1 update in the / directory: next.

Updates next from 15.4.2 to 15.4.7

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: next dependency-version: 15.4.7 dependency-type: direct:production dependency-group: npm_and_yarn ...

• Update type name, update exports for dapp client

• Expired explicit sessions can't sign

• Improve session validity test

• session isValid returns invalid reason

• InvalidReason is typed

• Support multiple identity signers in sessions configuration

• Device signers can approve implicit sessions

• Remove invalid test

• Fix recursion

• Fix comment

• Improve test stability by reducing race conditions

• Do not set passkey signer as identity signer

• Use length checks

• Throw on missing identity signer

• Encoding requires identity signer to encode

• Fix test

• Refactor/types namings tsdoc redundant code (Refactor/types namings tsdoc redundant code 0xsequence/sequence.js#880)

• refactor types, namings, ts doc

• fix session response payload

• change parameter name

• change parameter name

• change type in tests

• improve types and dapp client methods

• fix session test to use new types

• refactor

• refactor implicit sessions array in chain session manager

• remove unused types

• remove unused types and add ConnectionError

• update pnpm lock

• move reusable session types to wallet-core

• Update some imports and update some response type names

---

• Fix check for explicit session for the updated type in dapp-client

• Update api.gen.ts and relayer.gen.ts

• Add missing chainId for dapp client event

• Fix initializing new chain session manager on redirect

• Add support for non-viem, custom Sequence chains (Add support for non-viem, custom Sequence chains 0xsequence/sequence.js#882)

• Update issue templates

• Provider sent to prepareBlankEnvelope

• Add session signature decoding

• Add feeTokens endpoint to relayer (Add feeTokens endpoint to relayer 0xsequence/sequence.js#885)

• const for node length

• Clearer blacklist size encoding

• identity signer node length

• Potential fix for code scanning alert no. 84: Insecure randomness

• add getFeeTokens to dapp client (add getFeeTokens to dapp client 0xsequence/sequence.js#889)

• add getFeeTokens to dapp client

• fix typo

• make getFeeTokens independent of chain session manager and initialize state (make getFeeTokens independent of chain session manager and initialize state 0xsequence/sequence.js#890)

• make getFeeTokens independent of chain session manager and initialized state

• remove getFeeTokens from chain session manager

• Throw specific error when trying to sign with an expired session (Throw specific error when trying to sign with an expired session 0xsequence/sequence.js#887)

• Throw when supported session signer is expired

• Fix tests

• Make dapp-client implicit sessions chain agnostic (Make dapp-client implicit sessions chain agnostic 0xsequence/sequence.js#893)

• Add Monad, remove LAOS and Root Network

• Bump the npm_and_yarn group across 3 directories with 1 update

Bumps the npm_and_yarn group with 1 update in the / directory: happy-dom.
Bumps the npm_and_yarn group with 1 update in the /packages/wallet/dapp-client directory: happy-dom.
Bumps the npm_and_yarn group with 1 update in the /packages/wallet/wdk directory: happy-dom.

Updates happy-dom from 17.6.3 to 20.0.0

• Release notes
• Commits

Updates happy-dom from 17.6.3 to 20.0.0

• Release notes
• Commits

Updates happy-dom from 17.6.3 to 20.0.0

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: happy-dom dependency-version: 20.0.0 dependency-type: direct:development dependency-group: npm_and_yarn
• dependency-name: happy-dom dependency-version: 20.0.0 dependency-type: direct:development dependency-group: npm_and_yarn
• dependency-name: happy-dom dependency-version: 20.0.0 dependency-type: direct:development dependency-group: npm_and_yarn ...

• Bump happy-dom in the npm_and_yarn group across 1 directory (Bump happy-dom from 20.0.0 to 20.0.2 in the npm_and_yarn group across 1 directory #69)

Bumps the npm_and_yarn group with 1 update in the / directory: happy-dom.

Updates happy-dom from 20.0.0 to 20.0.2

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: happy-dom dependency-version: 20.0.2 dependency-type: direct:development dependency-group: npm_and_yarn ...

• Create SECURITY.md for security policy (Create SECURITY.md for security policy #70)

• Create SECURITY.md for security policy

Add a security policy document outlining supported versions and vulnerability reporting.

• Update SECURITY.md

• Update SECURITY.md

---

• Update SECURITY.md

• Add support for sessionless dapp connection (Add support for sessionless dapp connection 0xsequence/sequence.js#896)

• Refactor relayer package & update dependant packages (Refactor relayer package & update dependant packages  0xsequence/sequence.js#891)

• refactor exports for relayer (refactor exports for relayer 0xsequence/sequence.js#900)

• Add Arc Testnet

• Fix changelog config

• Sessionless connection upgrade and error handling in DappClient (Sessionless connection upgrade and error handling in DappClient 0xsequence/sequence.js#902)

• dapp-client: add sessionless snapshot restore flow

• Bump the npm_and_yarn group across 3 directories with 1 update

Bumps the npm_and_yarn group with 1 update in the / directory: happy-dom.
Bumps the npm_and_yarn group with 1 update in the /packages/wallet/dapp-client directory: happy-dom.
Bumps the npm_and_yarn group with 1 update in the /packages/wallet/wdk directory: happy-dom.

Updates happy-dom from 17.6.3 to 20.0.2

• Release notes
• Commits

Updates happy-dom from 17.6.3 to 20.0.2

• Release notes
• Commits

Updates happy-dom from 17.6.3 to 20.0.2

• Release notes
• Commits

---

updated-dependencies:

• dependency-name: happy-dom dependency-version: 20.0.2 dependency-type: direct:development dependency-group: npm_and_yarn
• dependency-name: happy-dom dependency-version: 20.0.2 dependency-type: direct:development dependency-group: npm_and_yarn
• dependency-name: happy-dom dependency-version: 20.0.2 dependency-type: direct:development dependency-group: npm_and_yarn ...

• Allow to logout a wallet with skipRemoveDevice even if the wallet is not in a ready state to allow force removing of wallets (Allow to logout a wallet with skipRemoveDevice even if the wallet is not in a ready state to allow force removing of wallets 0xsequence/sequence.js#906)

• Pass request to PromptCodeHandler in guard registerUI (Pass request to PromptCodeHandler in guard registerUI 0xsequence/sequence.js#909)

• Pass request to PromptCodeHandler in guard registerUI

• Fixing guard registerUI test

• guard: allow using recovery code as 2FA token (guard: allow using recovery code as 2FA token 0xsequence/sequence.js#910)

• guard: allow using recovery code as 2FA token

• Cleanup types of ResponseFn

---

• Add a way to reset 2fa when using a backup code (Add a way to reset 2fa when using a backup code 0xsequence/sequence.js#911)

• Add a way to reset 2fa when using a backup code

• use the GuardToken type instead of breaking out the props

• Update SECURITY.md

• Update packages/wallet/dapp-client/src/DappTransport.ts

• Update package.json

• Update SECURITY.md

• Update wagmi-project/package.json

• Update wagmi-project/package.json

• Update wagmi-project/src/App.tsx

• Create FUNDING.json (Create FUNDING.json #90)

Enhancements:
Include FUNDING.json to display GitHub sponsorship options in the repository

• Create config.yml (Create config.yml #91)

Add initial CircleCI configuration to enable automated builds using a custom Docker executor and a defined workflow.

Build:

Add .circleci/config.yml with version 2.1 specification and custom Docker executor. CI:

Define web3-defi-game-project job with checkout step. Set up my-custom-workflow to run the job.

• Add rc4 contracts

• Set rc4 as default and add it to lists

• Session enhanced replay protection

• New sessions replay protection hashes payload

• Use the 4337 factory wrapper

• Update keymachine url in dapp-client constants

• Update keymachine url in Provider constructor

• SSR safety (SSR safety 0xsequence/sequence.js#915)

• SSR safety test

• Fix CI job

• Guard dapp-client for SSR (lazy transport, browser checks, gated storage)

• Fix guard topology (Fix guard topology 0xsequence/sequence.js#918)

• Use proper guard topology

• Test and fixes

• login and setup tests

• Switch prod manager settings (Switch prod manager settings 0xsequence/sequence.js#917)

• Add prod guard and identity instrument info

• Remove completed TODOs

• Small JS tweaks (Small JS tweaks 0xsequence/sequence.js#919)

• Fix type exports to built declarations

• Update repository links to current package paths

• Improve Next app tooling and React typings

• Expose primitives CLI bin and use base lint config

• Update relayer.gen.ts and TransactionPrecondition interface

• Update api.gen.ts

• Update metadata.gen.ts

• Update marketplace.gen.ts

• Update guard.gen.ts

• Support multiple identity signers in sessions configuration

• Device signers can approve implicit sessions

• Remove invalid test

• Fix recursion

• Fix comment

• Improve test stability by reducing race conditions

• Do not set passkey signer as identity signer

• Use length checks

• Throw on missing identity signer

• Encoding requires identity signer to encode

• Fix test

• Refactor/types namings tsdoc redundant code (Refactor/types namings tsdoc redundant code 0xsequence/sequence.js#880)

• refactor types, namings, ts doc

• fix session response payload

• change parameter name

• change parameter name

• change type in tests

• improve types and dapp client methods

• fix session test to use new types

• refactor

• refactor implicit sessions array in chain session manager

• remove unused types

• remove unused types and add ConnectionError

• update pnpm lock

• move reusable session types to wallet-core

• Update some imports and update some response type names

---

• Fix check for explicit session for the updated type in dapp-client

• Update api.gen.ts and relayer.gen.ts

• Add missing chainId for dapp client event

• Fix initializing new chain session manager on redirect

• Add support for non-viem, custom Sequence chains (Add support for non-viem, custom Sequence chains 0xsequence/sequence.js#882)

• Provider sent to prepareBlankEnvelope

• Add session signature decoding

• const for node length

• Clearer blacklist size encoding

• identity signer node length

• Add feeTokens endpoint to relayer (Add feeTokens endpoint to relayer 0xsequence/sequence.js#885)

• add getFeeTokens to dapp client (add getFeeTokens to dapp client 0xsequence/sequence.js#889)

• add getFeeTokens to dapp client

• fix typo

• make getFeeTokens independent of chain session manager and initialize state (make getFeeTokens independent of chain session manager and initialize state 0xsequence/sequence.js#890)

• make getFeeTokens independent of chain session manager and initialized state

• remove getFeeTokens from chain session manager

• Throw specific error when trying to sign with an expired session (Throw specific error when trying to sign with an expired session 0xsequence/sequence.js#887)

• Throw when supported session signer is expired

• Fix tests

• Make dapp-client implicit sessions chain agnostic (Make dapp-client implicit sessions chain agnostic 0xsequence/sequence.js#893)

• Add Monad, remove LAOS and Root Network

• Add support for sessionless dapp connection (Add support for sessionless dapp connection 0xsequence/sequence.js#896)

• Refactor relayer package & update dependant packages (Refactor relayer package & update dependant packages  0xsequence/sequence.js#891)

• refactor exports for relayer (refactor exports for relayer 0xsequence/sequence.js#900)

• Add Arc Testnet

• Fix changelog config

• Sessionless connection upgrade and error handling in DappClient (Sessionless connection upgrade and error handling in DappClient 0xsequence/sequence.js#902)

• dapp-client: add sessionless snapshot restore flow

• Allow to logout a wallet with skipRemoveDevice even if the wallet is not in a ready state to allow force removing of wallets (Allow to logout a wallet with skipRemoveDevice even if the wallet is not in a ready state to allow force removing of wallets 0xsequence/sequence.js#906)

• Pass request to PromptCodeHandler in guard registerUI (Pass request to PromptCodeHandler in guard registerUI 0xsequence/sequence.js#909)

• Pass request to PromptCodeHandler in guard registerUI

• Fixing guard registerUI test

• guard: allow using recovery code as 2FA token (guard: allow using recovery code as 2FA token 0xsequence/sequence.js#910)

• guard: allow using recovery code as 2FA token

• Cleanup types of ResponseFn

---

• Add a way to reset 2fa when using a backup code (Add a way to reset 2fa when using a backup code 0xsequence/sequence.js#911)

• Add a way to reset 2fa when using a backup code

• use the GuardToken type instead of breaking out the props

• Add rc4 contracts

• Set rc4 as default and add it to lists

• Session enhanced replay protection

• New sessions replay protection hashes payload

• Use the 4337 factory wrapper

• Update keymachine url in dapp-client constants

• Update keymachine url in Provider constructor

• SSR safety (SSR safety 0xsequence/sequence.js#915)

• Guard dapp-client for SSR (lazy transport, browser checks, gated storage)

• Fix guard topology (Fix guard topology 0xsequence/sequence.js#918)

• Use proper guard topology

• Test and fixes

• login and setup tests

• Switch prod manager settings (Switch prod manager settings 0xsequence/sequence.js#917)

• Add prod guard and identity instrument info

• Remove completed TODOs

• Small JS tweaks (Small JS tweaks 0xsequence/sequence.js#919)

• Fix type exports to built declarations

• Update repository links to current package paths

• Improve Next app tooling and React typings

• Expose primitives CLI bin and use base lint config

• Update relayer.gen.ts and TransactionPrecondition interface

• Update relayer.gen.ts and TransactionPrecondition interface (Update relayer.gen.ts and TransactionPrecondition interface 0xsequence/sequence.js#920)

• 3.0.0-beta.1

• identity-instrument: generate nonce from current time (identity-instrument: generate nonce from current time 0xsequence/sequence.js#921)

• Remove publish-dists.yml github action (Remove publish-dists.yml github action 0xsequence/sequence.js#923)

• 3.0.0-beta.2

• Clean up changeset config

• Improve test stability by removing race conditions

• Ensure build before test

• Updating happy-dom to 20.0.10 (Updating happy-dom to 20.0.10 0xsequence/sequence.js#926)

• Add support for custom auth providers (authcode & authcode-pkce only) (Add support for custom auth providers (authcode & authcode-pkce only) 0xsequence/sequence.js#894)

• Add support for custom auth providers (authcode & authcode-pkce only)

• fix authcode tests

• Updating Deps November 2025 (Updating Deps November 2025 0xsequence/sequence.js#927)

• Updating deps for the workspace root

• Updating deps for wallet/wdk

• Fixing sessions test for latest vitest

• Lets not upgrade to the latest typescript quite yet

• Updating to latest vitest

• Updating deps for wallet/core

• Updating deps for wallet/primitives-cli

• Updating deps for wallet/dapp-client

• Adding syncpack to check for dep version inconsistencies

• Setup syncpack versionGroups for pnpm workspace:^

• Fixing dep versions mismatches

• Fixing @types/node mismatches

• Adding syncpack to pre commit hook

• Remove the syncpack format script.

• Update ox to v9.17.0 (Update ox to v9.17.0 0xsequence/sequence.js#928)

• Upgrading ox to 9.17.0

• WrappedSignature renamed to SignatureErc6492

• Fixing PasskeySignatureValidator interface

• Lock ox lib dep to use the same version with pnpm overrides and update viem to latest

• Fix explicitSessionRequested check in dapp client

• Typescript 5.9.3 (Typescript 5.9.3 0xsequence/sequence.js#930)

• Upgrading to typescript v5.9.3

• Fix type errors that arose from typescript upgrade related to Bytes and Buffer source typings.

• Don't catch errors thrown by Guard 2FA or reject early to allow multiple attempts on incorrect TOTP (Don't catch errors thrown by Guard 2FA or reject early to allow multiple attempts on incorrect TOTP 0xsequence/sequence.js#931)

• Update pnpm

• Mark @0xsequence/wallet-primitives-cli as private

• 3.0.0-beta.3

• changeset cleanup

• Fix rc4 4337 factory (Fix RC4 4337 factory 0xsequence/sequence.js#933)

• Add rc5 and set it as default (Add RC5 and set it as default 0xsequence/sequence.js#934)

• 3.0.0-beta.4

• Update SECURITY.md

• Update wagmi-project/package.json

• Update wagmi-project/package.json

• Bump next from 15.5.5 to 15.5.7 (Bump next from 15.5.5 to 15.5.7 0xsequence/sequence.js#936)

Bumps next from 15.5.5 to 15.5.7.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: next dependency-version: 15.5.7 dependency-type: direct:production ...

• add userdata service client (add userdata service client 0xsequence/sequence.js#940)

• Skip LocalDevice identity signers not on current device (Skip LocalDevice identity signers not on current device 0xsequence/sequence.js#942)

• Skip LocalDevice identity signers not on current device

• Update log

• 3.0.0-beta.5

• Update config.yml (Update config.yml #102)

• Update config.yml

• Update .circleci/config.yml

---

• Update config.yml (Update config.yml #103)

• Update config.yml

• Update .circleci/config.yml

---

• fix: extras/web/package.json to reduce vulnerabilities ([Snyk] Security upgrade next from 15.4.7 to 15.4.8 #101)

The following vulnerabilities are fixed with an upgrade:

• https://snyk.io/vuln/SNYK-JS-NEXT-14173355

• fix: extras/docs/package.json to reduce vulnerabilities ([Snyk] Security upgrade next from 15.4.7 to 15.4.8 #100)

The following vulnerabilities are fixed with an upgrade:

• https://snyk.io/vuln/SNYK-JS-NEXT-14173355

• fix: package.json to reduce vulnerabilities ([Snyk] Security upgrade wagmi from 0.0.0-canary-20240806164344 to 0.0.1 #104)

The following vulnerabilities are fixed with an upgrade:

• https://snyk.io/vuln/SNYK-JS-BABELHELPERS-9397697
• https://snyk.io/vuln/SNYK-JS-BABELRUNTIME-10044504
• https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-9789073
• https://snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230
• https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916
• https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577917
• https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577918
• https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8187303
• https://snyk.io/vuln/SNYK-JS-ELLIPTIC-8720086
• https://snyk.io/vuln/SNYK-JS-IMAGESIZE-9634164
• https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
• https://snyk.io/vuln/SNYK-JS-JSYAML-13961110
• https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728
• https://snyk.io/vuln/SNYK-JS-NODEFORGE-14114940
• https://snyk.io/vuln/SNYK-JS-NODEFORGE-14125097
• https://snyk.io/vuln/SNYK-JS-NODEFORGE-14125745
• https://snyk.io/vuln/SNYK-JS-ONHEADERS-10773729
• https://snyk.io/vuln/SNYK-JS-ROLLUP-8073097
• https://snyk.io/vuln/SNYK-JS-SECP256K1-8237220
• https://snyk.io/vuln/SNYK-JS-SEND-7926862
• https://snyk.io/vuln/SNYK-JS-SERVESTATIC-7926865
• https://snyk.io/vuln/SNYK-JS-SHAJS-12089400

• Revert "Merge remote-tracking branch 'origin/dependabot/npm_and_yarn/npm_and_yarn-318c02e2da'"

This reverts commit fd0fdf9, reversing changes made to cba7894.

• fix: extras/web/package.json to reduce vulnerabilities ([Snyk] Security upgrade next from 15.4.7 to 15.4.10 #109)

The following vulnerabilities are fixed with an upgrade:

• https://snyk.io/vuln/SNYK-JS-NEXT-14173355

• fix: extras/docs/package.json to reduce vulnerabilities ([Snyk] Security upgrade next from 15.5.7 to 15.5.9 #106)

The following vulnerabilities are fixed with an upgrade:

• https://snyk.io/vuln/SNYK-JS-NEXT-14400636
• https://snyk.io/vuln/SNYK-JS-NEXT-14400644

• Bump next in the npm_and_yarn group across 1 directory (Bump next from 15.5.7 to 15.5.9 in the npm_and_yarn group across 1 directory #110)

Bumps the npm_and_yarn group with 1 update in the / directory: next.

Updates next from 15.5.7 to 15.5.9

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: next dependency-version: 15.5.9 dependency-type: direct:production dependency-group: npm_and_yarn ...

• Delete .github/workflows/fortify.yml (Delete .github/workflows/fortify.yml #111)

• fix: extras/web/package.json to reduce vulnerabilities ([Snyk] Security upgrade next from 15.5.7 to 15.5.9 #107)

The following vulnerabilities are fixed with an upgrade:

• https://snyk.io/vuln/SNYK-JS-NEXT-14400636
• https://snyk.io/vuln/SNYK-JS-NEXT-14400644

• Bump the npm_and_yarn group across 1 directory with 3 updates (Bump the npm_and_yarn group across 1 directory with 3 updates #115)

Bumps the npm_and_yarn group with 1 update in the / directory: next.

Updates next from 15.5.5 to 15.5.9

• Release notes
• Changelog
• Commits

Updates happy-dom from 17.6.3 to 20.0.11

• Release notes
• Commits

Updates vite from 7.1.10 to 7.2.7

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: next dependency-version: 15.5.9 dependency-type: direct:production dependency-group: npm_and_yarn
• dependency-name: happy-dom dependency-version: 20.0.11 dependency-type: direct:development dependency-group: npm_and_yarn
• dependency-name: vite dependency-version: 7.2.7 dependency-type: indirect dependency-group: npm_and_yarn ...

• Bump next from 15.5.7 to 15.5.9 (Bump next from 15.5.7 to 15.5.9 0xsequence/sequence.js#944)

Bumps next from 15.5.7 to 15.5.9.

• Release notes
• Changelog
• Commits

---

updated-dependencies:

• dependency-name: next dependency-version: 15.5.9 dependency-type: direct:production ...

• Pin foundry to v1.5.0 instead of nightly (Pin foundry to v1.5.0 instead of nightly 0xsequence/sequence.js#947)

• Include repo and extras in syncpack config to ensure deps are synced (Include repo and extras in syncpack config to ensure deps are synced 0xsequence/sequence.js#945)

• Include repo and extras in syncpack config to ensure deps are synced across all

• Updating support deps

• Updating deps

• Updating pnpm lock

• Fixing type errors within wdk tests

• Short circuit 404s (Short circuit 404s 0xsequence/sequence.js#949)

• skip witness on signers that don't support it

• add passkey to test

• 3.0.0-beta.6

• Update tests.yml (Update tests.yml #119)

• Update config.yml (Update config.yml #120)

• Update packages/services/identity-instrument/src/index.ts

• feat: upgrade @wagmi/cli from 0.1.15 to 2.8.0 ([Snyk] Upgrade @wagmi/cli from 0.1.15 to 2.8.0 #126)

Snyk has created this PR to upgrade @wagmi/cli from 0.1.15 to 2.8.0.

See this package in npm:
@wagmi/cli

See this project in Snyk:
https://app.snyk.io/org/dargon789/project/bb845543-cbee-4e11-8cf9-8bfdf9205bf1?utm_source=github&utm_medium=referral&page=upgrade-pr

• Potential fix for code scanning alert no. 82: Workflow does not contain permissions

• Potential fix for code scanning alert no. 62: Information exposure through a stack trace

---

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[codesandbox]

Review or Edit in CodeSandbox

Open the branch in Web Editor • VS Code • Insiders

Open Preview

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
sequence-js-docs	Ready	Preview, Comment	Dec 23, 2025 2:09pm
sequence-js-web	Ready	Preview, Comment	Dec 23, 2025 2:09pm
sequence.js	Canceled		Dec 23, 2025 2:09pm
wagmi-project	Canceled		Dec 23, 2025 2:09pm

[sourcery-ai]

Sorry, we are unable to review this pull request

The GitHub API does not allow us to fetch diffs exceeding 300 files, and this pull request has 776

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[gemini-code-assist]

Summary of Changes

Hello @Dargon789, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request encompasses a broad range of foundational changes aimed at modernizing the project's development infrastructure and expanding its web-facing components. It transitions the monorepo to new tooling for improved efficiency, introduces new Next.js applications for documentation and web interfaces, and refines various project configurations and policies to enhance developer experience and security. The updates lay the groundwork for future releases, including several beta versions and an RC5 upgrade.

Highlights

• Monorepo Tooling Migration: The project has undergone a significant migration from preconstruct to turbo for monorepo management, streamlining build, test, and development workflows. This includes updates to the root package.json scripts and the introduction of lefthook for Git hooks.
• New Next.js Applications: Two new Next.js applications, extras/docs and extras/web, have been added to the monorepo. These include their respective configurations, basic page structures, and assets, indicating an expansion of the project's web presence and documentation.
• CI/CD and Dependency Management Enhancements: Continuous Integration configurations have been updated, including .circleci/config.yml and .github/actions/install-dependencies/action.yml, to reflect new tooling and dependency versions (PNPM 10, Node.js v4, cache action v4). syncpack has been integrated for consistent dependency versioning across the monorepo.
• Changeset Configuration Refinement: The .changeset/config.json has been updated to a newer schema, with changes to access control, removal of experimental options, and the addition of an ignore list for specific packages. Several new changeset files indicate various beta releases (3.0.0-beta.1 to 3.0.0-beta.5) and an RC5 upgrade.
• Developer Experience Improvements: New VSCode configurations (launch.json, settings.json) have been added to improve the developer experience, particularly for debugging the primitives-cli server. The .gitignore and .prettierrc files have also been updated for better project hygiene and code formatting consistency.
• Project Metadata and Policy Updates: A CODEOWNERS file has been introduced for better code ownership management. The LICENSE file has been simplified, and the SECURITY.md has been updated with clearer instructions for reporting vulnerabilities, including a dedicated email address.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Ignored Files

• Ignored by pattern: .github/workflows/** (4)
  • .github/workflows/fortify.yml
  • .github/workflows/on_pr_pnpm-format-label.yml
  • .github/workflows/pnpm-format.yml
  • .github/workflows/tests.yml

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a massive refactoring of the repository's structure and tooling, migrating to Turborepo. It includes updating configurations, adding new Next.js applications, and refreshing project documentation. My review has identified a few critical issues with dependency versions in package.json files that could prevent the project from building, as well as some medium-severity configuration issues that should be addressed for correctness and maintainability.