Skip to content

Comments

3.0.0 beta.9#228

Merged
Dargon789 merged 10 commits intomasterfrom
3.0.0-beta.9
Jan 19, 2026
Merged

3.0.0 beta.9#228
Dargon789 merged 10 commits intomasterfrom
3.0.0-beta.9

Conversation

@Dargon789
Copy link
Owner

@Dargon789 Dargon789 commented Jan 19, 2026
edited by sourcery-ai bot
Loading

Summary by Sourcery

Add support utilities and type exports needed for EOA login in the dapp client and propagate the 3.0.0-beta.9 patch release across wallet and service packages.

New Features:

  • Introduce helper types and a factory to build explicit session configurations, including native token spending constraints, and export them from the dapp client utilities.
  • Add EOA as a supported login method and expose additional transport and wallet primitive types from the dapp client API.

Bug Fixes:

  • Adjust Apple OAuth authorization URL generation to omit the scope parameter for Apple signups and add a regression test to verify the behavior.

Enhancements:

  • Export additional networking constants and helpers such as VALUE_FORWARDER_ADDRESS, network accessors, and relayer/RPC URL helpers from the dapp client utilities.
  • Align package versions and changelogs for the 3.0.0-beta.9 patch across core, services, and wallet packages, including updates for dapp client EOA login and Apple auth handling.

Tests:

  • Extend auth code handler tests to assert the absence of the scope parameter in Apple OAuth URLs.

Chores:

  • Add changeset entries describing Apple auth fixes and dapp client updates for EOA login across affected packages.

@codesandbox
Copy link

codesandbox bot commented Jan 19, 2026

Review or Edit in CodeSandbox

Open the branch in Web EditorVS CodeInsiders

Open Preview

@bolt-new-by-stackblitz
Copy link

bolt-new-by-stackblitz bot commented Jan 19, 2026

Review PR in StackBlitz Codeflow Run & review this pull request in StackBlitz Codeflow.

@sourcery-ai
Copy link

sourcery-ai bot commented Jan 19, 2026
edited
Loading

Reviewer's Guide

Implements 3.0.0-beta.9 release wiring: adds explicit session configuration utilities and exports for the dapp client (including support for native token spending and EOA login), adjusts Apple auth flow to omit OAuth scope for Apple signups, and bumps/package-wires all affected packages and changelogs to the new beta version using changesets.

Sequence diagram for building OAuth URL with conditional scope

sequenceDiagram
  actor User
  participant DappClient
  participant AuthCodeHandler
  participant OAuthProvider

  User->>DappClient: initiateLogin(loginMethod)
  DappClient->>AuthCodeHandler: buildAuthUrl(loginMethod)

  alt signupKind_is_apple
    AuthCodeHandler->>AuthCodeHandler: setQuery(state)
    AuthCodeHandler->>AuthCodeHandler: omit_scope_parameter
  else other_login_methods
    AuthCodeHandler->>AuthCodeHandler: setQuery(state, scope_openid_profile_email)
  end

  AuthCodeHandler-->>DappClient: oauthUrlWithQuery
  DappClient-->>User: redirectTo(oauthUrlWithQuery)
  User->>OAuthProvider: authorize
  OAuthProvider-->>DappClient: redirect_back_with_code
Loading

Class diagram for explicit session configuration utilities

classDiagram
  class SessionDuration {
    number days
    number hours
    number minutes
  }

  class NativeTokenSpending {
    bigint valueLimit
    Address.Address[] allowedRecipients
  }

  class ExplicitSessionParams {
    number chainId
    SessionDuration expiresIn
    Permission.Permission[] permissions
    NativeTokenSpending nativeTokenSpending
  }

  class ExplicitSessionConfig {
    number chainId
    bigint valueLimit
    bigint deadline
    Permission.Permission[] permissions
  }

  class Permission.Permission {
    Address.Address target
    any[] rules
  }

  class Address.Address

  class UtilsIndex {
    +createExplicitSessionConfig(params ExplicitSessionParams) ExplicitSessionConfig
  }

  ExplicitSessionParams --> SessionDuration : has
  ExplicitSessionParams --> NativeTokenSpending : optional
  ExplicitSessionParams --> Permission.Permission : uses
  NativeTokenSpending --> Address.Address : allowedRecipients
  ExplicitSessionConfig --> Permission.Permission : permissions
  UtilsIndex ..> ExplicitSessionParams : input
  UtilsIndex ..> ExplicitSessionConfig : output
Loading

File-Level Changes

Change Details Files
Add explicit session configuration helpers and exports in the dapp client to support explicit sessions and native token spending limits.
  • Introduce SessionDuration, NativeTokenSpending, and ExplicitSessionParams types for configuring explicit sessions and native token controls.
  • Implement createExplicitSessionConfig helper that computes a deadline from a relative duration, validates presence of at least one permission, and merges base permissions with derived per-recipient spending permissions.
  • Export VALUE_FORWARDER_ADDRESS and new helpers (createExplicitSessionConfig, getNetwork, getRelayerUrl, getRpcUrl, json helpers) and related types from the dapp client public API, and expand re-exports to include Network and additional types.
  • Update imports to pull in ExplicitSessionConfig, Permission, Address, and Network types required by the new helpers.
 packages/wallet/dapp-client/src/utils/index.ts
packages/wallet/dapp-client/src/index.ts
Extend login capabilities to support EOA login in the dapp client.
  • Add 'eoa' to the LoginMethod union type used by the dapp client API, enabling external callers to request EOA login flows.
 packages/wallet/dapp-client/src/types/index.ts
Adjust Apple OAuth flow to comply with provider-specific requirements by omitting the scope parameter for Apple signups and update tests accordingly.
  • Change AuthCodeHandler so that when signupKind is 'apple', the auth URL query parameters exclude the scope field; for other providers, scope remains 'openid profile email'.
  • Extend unit tests to assert that Apple auth URLs no longer contain a scope parameter while preserving existing expectations.
 packages/wallet/wdk/src/sequence/handlers/authcode.ts
packages/wallet/wdk/test/authcode.test.ts
Version bump and changelog entries for 3.0.0-beta.7 through 3.0.0-beta.9 across wallet and services packages, capturing Apple auth fixes and dapp client updates for EOA login.
  • Update package.json versions from 3.0.0-beta.6 to 3.0.0-beta.9 for multiple service, utils, and wallet packages.
  • Add changelog sections for 3.0.0-beta.7, 3.0.0-beta.8, and 3.0.0-beta.9 across affected packages, describing Apple auth fixes and dapp client updates for EOA login as patch changes.
 packages/wallet/wdk/CHANGELOG.md
packages/wallet/dapp-client/CHANGELOG.md
packages/wallet/core/CHANGELOG.md
packages/services/relayer/CHANGELOG.md
packages/services/api/CHANGELOG.md
packages/services/builder/CHANGELOG.md
packages/services/guard/CHANGELOG.md
packages/services/identity-instrument/CHANGELOG.md
packages/services/indexer/CHANGELOG.md
packages/services/marketplace/CHANGELOG.md
packages/services/metadata/CHANGELOG.md
packages/services/userdata/CHANGELOG.md
packages/utils/abi/CHANGELOG.md
packages/wallet/primitives/CHANGELOG.md
packages/services/api/package.json
packages/services/builder/package.json
packages/services/guard/package.json
packages/services/identity-instrument/package.json
packages/services/indexer/package.json
packages/services/marketplace/package.json
packages/services/metadata/package.json
packages/services/relayer/package.json
packages/services/userdata/package.json
packages/utils/abi/package.json
packages/wallet/core/package.json
packages/wallet/dapp-client/package.json
packages/wallet/primitives/package.json
packages/wallet/wdk/package.json
Add changesets describing Apple auth fixes and dapp client EOA login updates to drive the patch release pipeline.
  • Introduce three changeset files that declare patch bumps for all impacted packages and summarize the nature of the changes (Apple auth fixes and dapp client EOA login updates).
 .changeset/new-turkeys-double.md
.changeset/nice-tips-slide.md
.changeset/tiny-files-chew.md

Possibly linked issues

Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@snyk-io
Copy link

snyk-io bot commented Jan 19, 2026

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

Repository owner deleted a comment from vercel bot Jan 19, 2026
sourcery-ai[bot]
sourcery-ai bot reviewed Jan 19, 2026
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've found 1 issue, and left some high level feedback:

  • In packages/wallet/dapp-client/src/utils/index.ts, the imported Network symbol from @0xsequence/wallet-primitives is no longer used and can be removed to avoid an unused import.
  • In createExplicitSessionConfig, consider validating that the computed sessionLifetimeSeconds is positive (e.g., reject an all-zero expiresIn) to avoid creating sessions that are already expired or effectively have no lifetime.
Prompt for AI Agents 
Please address the comments from this code review:

## Overall Comments
- In `packages/wallet/dapp-client/src/utils/index.ts`, the imported `Network` symbol from `@0xsequence/wallet-primitives` is no longer used and can be removed to avoid an unused import.
- In `createExplicitSessionConfig`, consider validating that the computed `sessionLifetimeSeconds` is positive (e.g., reject an all-zero `expiresIn`) to avoid creating sessions that are already expired or effectively have no lifetime.

## Individual Comments

### Comment 1
<location> `packages/wallet/dapp-client/src/utils/index.ts:147-153` </location>
<code_context>
+  nativeTokenSpending?: NativeTokenSpending
+}
+
+export const createExplicitSessionConfig = (params: ExplicitSessionParams): ExplicitSessionConfig => {
+  const nowInSeconds = BigInt(Math.floor(Date.now() / 1000))
+  const { days = 0, hours = 0, minutes = 0 } = params.expiresIn
+  const sessionLifetimeSeconds = days * 24 * 60 * 60 + hours * 60 * 60 + minutes * 60
+  const deadline = nowInSeconds + BigInt(sessionLifetimeSeconds)
+
+  if (params.permissions.length === 0) {
+    throw new Error('createExplicitSessionConfig: At least one permission is required.')
+  }
</code_context>

<issue_to_address>
**issue:** Consider validating that the session duration is positive and non-negative to avoid immediately-expired or retroactive sessions.

As written, `expiresIn` values of zero or negative (e.g., from unchecked user input) will compute a deadline `<= nowInSeconds`, so the session is expired immediately. Consider enforcing non-negative `days`/`hours`/`minutes` and requiring `sessionLifetimeSeconds > 0`, throwing otherwise.
</issue_to_address>
Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@Dargon789 Dargon789 enabled auto-merge (squash) January 19, 2026 09:11
Dargon789
Dargon789 commented Jan 19, 2026
View reviewed changes
Copy link
Owner Author

@Dargon789 Dargon789 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

3.0.0 beta.9#228

@Dargon789 Dargon789 merged commit 2144689 into master Jan 19, 2026
13 of 17 checks passed
@Dargon789 Dargon789 deleted the 3.0.0-beta.9 branch January 19, 2026 10:31
@github-project-automation github-project-automation bot moved this from Todo to Done in web3-Defi-Gamefi Feb 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

web3-Defi-Gamefi
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Dargon789 @tolgahan-arikan @taylanpince @corbanbrook