3.0.0-beta.10

[Dargon789]

Summary by Sourcery

Introduce new dapp-client helpers for explicit session configuration, extend login and type exports, and roll forward all wallet and services packages to 3.0.0-beta.10 with Apple auth adjustments.

New Features:

• Add typed helpers and parameters for constructing explicit session configurations in the dapp-client utilities, including optional native token spending controls.
• Expose additional dapp-client types and utility exports such as network and relayer URL helpers, value forwarder address, and transport/message types for easier integration.
• Extend supported login methods to include externally owned account (EOA) logins.

Bug Fixes:

• Adjust Apple authentication flow to omit the OAuth scope parameter for Apple signups to align with provider expectations and update tests accordingly.

Enhancements:

• Re-export wallet primitive network and permission types and related helpers from the dapp-client index to simplify consumer imports.

Build:

• Bump versions of core, dapp-client, primitives, WDK, ABI, and all associated service packages to 3.0.0-beta.10 and add corresponding changeset entries and changelog updates.

[codesandbox]

Review or Edit in CodeSandbox

Open the branch in Web Editor • VS Code • Insiders

Open Preview

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[sourcery-ai]

Reviewer's Guide

Adds explicit session configuration utilities and exports to the dapp-client, extends login methods to support EOA, adjusts Apple OAuth authcode flow to omit scope, and bumps multiple package versions and changelogs for 3.0.0-beta.10 with associated changesets.

Sequence diagram for Apple authcode OAuth URL generation without scope

sequenceDiagram
  actor User
  participant DappClient
  participant AuthCodeHandler
  participant OAuthProvider

  User->>DappClient: initiateLogin(method apple)
  DappClient->>AuthCodeHandler: buildAuthUrl(signupKind apple)
  AuthCodeHandler->>AuthCodeHandler: generateState()
  AuthCodeHandler->>AuthCodeHandler: buildSearchParams(client_id, redirect_uri, response_type, state)
  AuthCodeHandler-->>DappClient: oauthUrlWithoutScope
  DappClient-->>User: redirectTo(oauthUrlWithoutScope)
  User->>OAuthProvider: open oauthUrlWithoutScope
  OAuthProvider-->>User: Apple consent and login flow

Loading

Class diagram for explicit session configuration utilities in dapp-client

classDiagram
  class SessionDuration {
    +number days
    +number hours
    +number minutes
  }

  class NativeTokenSpending {
    +bigint valueLimit
    +Address.Address[] allowedRecipients
  }

  class ExplicitSessionParams {
    +number chainId
    +SessionDuration expiresIn
    +Permission.Permission[] permissions
    +NativeTokenSpending nativeTokenSpending
  }

  class ExplicitSessionConfig {
    +number chainId
    +bigint valueLimit
    +bigint deadline
    +Permission.Permission[] permissions
  }

  class DappClientUtils {
    +createExplicitSessionConfig(params ExplicitSessionParams) ExplicitSessionConfig
  }

  class Permission {
  }

  class Address {
  }

  ExplicitSessionParams --> SessionDuration : uses
  ExplicitSessionParams --> NativeTokenSpending : optional
  ExplicitSessionParams --> Permission : uses
  NativeTokenSpending --> Address : allowedRecipients
  ExplicitSessionConfig --> Permission : uses
  DappClientUtils ..> ExplicitSessionParams : input
  DappClientUtils ..> ExplicitSessionConfig : output

Loading

File-Level Changes

Change	Details	Files
Introduce utilities and exports for constructing explicit session configs in the dapp-client utils and main entrypoint.	Import ExplicitSessionConfig, Permission, Address types to support explicit session construction. Define SessionDuration, NativeTokenSpending, and ExplicitSessionParams types to describe session lifetimes and native token spending constraints. Implement createExplicitSessionConfig to compute a deadline from relative duration, enforce at least one base permission, derive native token spending permissions, and assemble ExplicitSessionConfig. Export VALUE_FORWARDER_ADDRESS and new helper functions (network/relayer/RPC URL accessors) plus new session-related types from the dapp-client index and utils. Re-export Network from wallet-primitives via the dapp-client entrypoint.	packages/wallet/dapp-client/src/utils/index.ts packages/wallet/dapp-client/src/index.ts
Extend authentication and login surface to support EOA and refine Apple OAuth behavior.	Add 'eoa' to the LoginMethod union type for dapp-client. Change AuthCodeHandler to conditionally omit the OAuth scope parameter when signupKind is 'apple' while preserving existing behavior otherwise. Update Apple auth unit test to assert that the scope parameter is not present for Apple auth URLs.	packages/wallet/dapp-client/src/types/index.ts packages/wallet/wdk/src/sequence/handlers/authcode.ts packages/wallet/wdk/test/authcode.test.ts
Release 3.0.0-beta.10 across packages, documenting and configuring patch releases for dapp-client, Apple auth fixes, and dependency bumps.	Add 3.0.0-beta.7 through 3.0.0-beta.10 sections to various package CHANGELOGs summarizing dapp-client updates, EOA login support, and Apple auth fixes. Bump versions from 3.0.0-beta.6 to 3.0.0-beta.10 across service, utils, wallet, and dapp-client package.json files. Introduce changeset definitions capturing patch bumps and notes for dapp-client updates, EOA login, and Apple auth fixes.	packages/wallet/wdk/CHANGELOG.md packages/wallet/dapp-client/CHANGELOG.md packages/wallet/core/CHANGELOG.md packages/services/relayer/CHANGELOG.md packages/services/api/CHANGELOG.md packages/services/builder/CHANGELOG.md packages/services/guard/CHANGELOG.md packages/services/identity-instrument/CHANGELOG.md packages/services/indexer/CHANGELOG.md packages/services/marketplace/CHANGELOG.md packages/services/metadata/CHANGELOG.md packages/services/userdata/CHANGELOG.md packages/utils/abi/CHANGELOG.md packages/wallet/primitives/CHANGELOG.md packages/services/api/package.json packages/services/builder/package.json packages/services/guard/package.json packages/services/identity-instrument/package.json packages/services/indexer/package.json packages/services/marketplace/package.json packages/services/metadata/package.json packages/services/relayer/package.json packages/services/userdata/package.json packages/utils/abi/package.json packages/wallet/core/package.json packages/wallet/dapp-client/package.json packages/wallet/primitives/package.json packages/wallet/wdk/package.json .changeset/crisp-zoos-retire.md .changeset/new-turkeys-double.md .changeset/nice-tips-slide.md .changeset/tiny-files-chew.md

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[gemini-code-assist]

Summary of Changes

Hello @Dargon789, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request marks a significant version update for the @0xsequence ecosystem, bumping all core packages to 3.0.0-beta.10. The changes primarily focus on refining authentication mechanisms, particularly for Apple users, and expanding the capabilities of the dapp-client for more flexible and secure session management. These updates aim to improve the developer experience and user interaction with the Sequence platform.

Highlights

• Version Bump: All @0xsequence packages have been updated to version 3.0.0-beta.10, incorporating several recent fixes and enhancements.
• Apple Authentication Fixes: The wallet-wdk package now correctly handles Apple authentication by conditionally omitting the scope parameter in the authorization URL, resolving previous issues.
• Dapp Client Enhancements: The dapp-client package has been significantly improved with support for EOA login, new types for session management (e.g., SessionDuration, ExplicitSessionParams), and a utility function (createExplicitSessionConfig) to simplify explicit session configuration with granular control over duration, permissions, and native token spending.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[sourcery-ai]

Hey - I've left some high level feedback:

• In createExplicitSessionConfig, consider validating that the computed sessionLifetimeSeconds is > 0 (or otherwise sane) so you don't silently create already-expired sessions when expiresIn is missing or all zeros.
• The sessionLifetimeSeconds math uses JS numbers before casting to BigInt; if callers could pass large days/hours/minutes values you may want to clamp or switch to purely BigInt arithmetic to avoid precision/overflow edge cases.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- In `createExplicitSessionConfig`, consider validating that the computed `sessionLifetimeSeconds` is > 0 (or otherwise sane) so you don't silently create already-expired sessions when `expiresIn` is missing or all zeros.
- The `sessionLifetimeSeconds` math uses JS `number`s before casting to `BigInt`; if callers could pass large `days`/`hours`/`minutes` values you may want to clamp or switch to purely `BigInt` arithmetic to avoid precision/overflow edge cases.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[gemini-code-assist]

Code Review

This pull request introduces version 3.0.0-beta.10, which includes new features for dapp-client such as helpers for explicit session configuration, EOA login support, and an adjustment to the Apple authentication flow. The majority of the changes are version bumps across multiple packages and corresponding changelog updates, which appear to be in order.

I've identified a logical issue in the new createExplicitSessionConfig helper function. The permission validation is performed prematurely, which could block valid use cases like creating a session solely for native token spending. I've provided a code suggestion to rectify this. The other changes, including the Apple auth fix and its test, seem correct.