Feat/cosmwasm@v3

[hard-nett]

User description

• bumps to lates cw version (v3.0.2)
• small QOL bumps to README

Testing Notes

• cargo test works
• cargo package errors: error: the package 'smart-account-auth' does not contain this feature: traits

Opening as draft as have not dove deep into resolving, needed a version compatible with v3 for improting as dep in bs-accounts

Summary by Sourcery

Upgrade to CosmWasm v3 and release v0.28.0 with dependency version bumps, macro cleanup, and README enhancements

Enhancements:

• Upgrade CosmWasm dependencies (cosmwasm-schema, cosmwasm-crypto, cosmwasm-std) to v3.0.2 across the workspace
• Bump workspace package version from 0.26.x to 0.28.0 for all crates
• Refactor macro implementation to remove unintended PartialEq derive
• Revise README structure and formatting with detailed tables for credentials, environments, and feature flags

---

PR Type

Enhancement

---

Description

• Upgrade CosmWasm dependencies to v3.0.2

• Bump all workspace packages to v0.28.0

• Remove PartialEq derive from error macro

• Improve README with formatted tables and documentation

---

Diagram Walkthrough

flowchart LR
  A["CosmWasm v1/v2"] --> B["CosmWasm v3.0.2"]
  C["Package v0.26.x"] --> D["Package v0.28.0"]
  E["Error Macro"] --> F["Remove PartialEq"]
  G["README"] --> H["Formatted Tables"]

Loading

File Walkthrough

	Relevant files
Dependencies	3 files Cargo.toml Update workspace dependencies to CosmWasm v3.0.2                  +17/-17  Cargo.toml Update CosmWasm std dependencies to v3.0.2                              +2/-2      Cargo.toml Update test dependencies to CosmWasm v3.0.2                            +1/-1
Configuration changes	7 files CHANGELOG.md Bump version to 0.28.0                                                                      +1/-1      Cargo.toml Bump bundle package version to 0.28.0                                        +1/-1      Cargo.toml Bump macro core version to 0.28.0                                                +1/-1      Cargo.toml Bump macro solana version to 0.28.0                                            +1/-1      Cargo.toml Bump macro substrate version to 0.28.0                                      +1/-1      Cargo.toml Bump macro wasm version to 0.28.0                                                +1/-1      Cargo.toml Bump schema package version to 0.28.0                                        +1/-1
Documentation	1 files README.md Improve documentation with formatted tables                            +73/-49
Bug fix	1 files lib.rs Remove PartialEq from error macro derive                                  +1/-1
Miscellaneous	1 files Cargo.toml Update commented ethabi version reference                                +1/-1

---

---

Important

Upgrade dependencies to support CosmWasm v3 and enhance documentation for clarity and completeness.

• Dependencies:
  • Upgrade cosmwasm-core, cosmwasm-crypto, cosmwasm-derive, cosmwasm-schema, and cosmwasm-std to v3.0.2 in Cargo.lock and Cargo.toml.
  • Update ark-* dependencies to v0.5.0 in Cargo.lock.
  • Bump saa-* package versions to 0.28.0 in Cargo.toml and Cargo.lock.
• Documentation:
  • Revise README.md with improved formatting and added tables for supported credentials, VM support, and feature flags.
  • Update CHANGELOG.md to reflect version 0.28.0 changes.
• Misc:
  • Fix saa_error_impl in lib.rs to remove PartialEq derive for enums.

^{This description was created by for 109c429. You can customize this summary. It will automatically update as commits are pushed.}

✨

Description by Callstackai

This PR upgrades CosmWasm dependencies to v3.0.2, bumps all workspace packages to version 0.28.0, removes PartialEq derive from error macro, and improves the README with formatted tables and documentation.

Diagrams of code changes

sequenceDiagram
    participant Client
    participant Auth
    participant Credential
    participant ReplayProtection

    Client->>Auth: Request Credential Verification
    Auth->>Credential: verify()
    Note over Credential: New unified verify method<br/>Returns CredentialInfo object

    alt Replay Protection Enabled
        Credential->>ReplayProtection: Check Nonce
        ReplayProtection-->>Credential: Validate No Replay
    end

    alt Multiple Credentials
        Auth->>Credential: with_native()
        Note over Credential: Returns copy instead<br/>of modifying in place
    end

    Credential-->>Auth: Return CredentialInfo
    Note over Auth: Optional address field<br/>for specific credentials
    Auth-->>Client: Verification Result

Loading

Files Changed

File	Summary
CHANGELOG.md	Bump version to 0.28.0 and document changes.
Cargo.toml	Update workspace package version to 0.28.0 and upgrade CosmWasm dependencies to v3.0.2.
README.md	Enhance documentation with formatted tables and improved clarity.
packages/macros-proto/core/src/lib.rs	Remove PartialEq derive from error macro.

This PR includes files in programming languages that we currently do not support. We have not reviewed files with the extensions .md, .toml, .ts, .rs. See list of supported languages.

Summary by Bito

This pull request upgrades CosmWasm dependencies to v3.0.2 and bumps workspace packages to version 0.28.0, ensuring consistency across modules. The changes include extensive library version updates in Cargo.lock, refinements to error macro implementation, and enhanced documentation in README and CHANGELOG files. These updates aim to improve compatibility, stability, and code clarity while paving the way for better performance.

[codesherlock-ai]

We could not run your PR Review. We noticed that you are part of an Org. We require everyone who is part of an Org to SignUp via GitHub so we can track your individual usage and maximize on your usage capacity. Enroll into CodeSherlock system by signing up via GitHub using the SignUp link. Also, please note — every user pays for their own usage.

[codoki-pr-intelligence]

Codoki - Action needed

Almost there! 🚀 We’ll run this review once you’re connected to Codoki.

Quick setup (≈2 minutes):

1. Sign up at codoki.ai with your GitHub (free).
2. If your team already uses Codoki, ask an admin to invite you (Codoki → Members). Otherwise create a workspace and connect this repo.
3. Re-run checks on this PR.

What you’ll get:

• ✅ 25 free PR reviews / month
• 🧠 Context-aware reviews that use your framework & rules
• ⚙️ Unlimited custom rules and team configs
• 🚀 Up to 5× faster merges with inline suggestions

_{Need help? info@codoki.ai}

[sourcery-ai]

Reviewer's Guide

This PR migrates the entire workspace to CosmWasm v3 by bumping crate versions to 0.28.0 and updating dependencies to 3.0.2, enhances documentation through structured markdown tables and layout improvements, and refines the procedural macro implementation by removing an unnecessary derive.

Class diagram for updated procedural macro derive in saa-proto-core

classDiagram
    class SAAError {
        <<derive(Debug, Error)>>
    }
    %% Note: PartialEq derive removed in v0.28.0
    %% SAAError previously had PartialEq, now only Debug and Error

Loading

File-Level Changes

Change	Details	Files
Migrate workspace and dependencies to CosmWasm v3	Bump workspace package version to 0.28.0 Update cosmwasm-schema and cosmwasm-crypto to v3.0.2 Upgrade cosmwasm-std and secretwasm-std optional features to v3.0.2 Bump crate versions across macros-proto, schema, common, crypto, auth, curves, passkeys, bundle to 0.28.0 Update CHANGELOG header for the 0.28.0 release	Cargo.toml CHANGELOG.md packages/common/Cargo.toml packages/tests/Cargo.toml packages/bundle/Cargo.toml packages/macros-proto/core/Cargo.toml packages/macros-proto/solana/Cargo.toml packages/macros-proto/substrate/Cargo.toml packages/macros-proto/wasm/Cargo.toml packages/schema/Cargo.toml packages/auth/Cargo.toml
Revise README with structured tables and improved formatting	Normalize list markers and fix typos Add markdown tables for supported credentials, VM support, and feature flags Refine installation and usage examples for clarity	README.md
Clean up procedural macro derive attributes	Remove PartialEq derive annotation from error enum implementation	packages/macros-proto/core/src/lib.rs

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[bito-code-review]

Bito Automatic Review Skipped - Draft PR

Bito didn't auto-review because this pull request is in draft status.
No action is needed if you didn't intend for the agent to review it. Otherwise, to manually trigger a review, type /review in a comment and save.
You can change draft PR review settings here, or contact your Bito workspace admin at kromsten@pm.me.

[bito-code-review]

Bito Automatic Review Skipped - Draft PR

Bito didn't auto-review because this pull request is in draft status.
No action is needed if you didn't intend for the agent to review it. Otherwise, to manually trigger a review, type /review in a comment and save.
You can change draft PR review settings here, or contact your Bito workspace admin at kromsten@pm.me.

[qodo-merge-pro]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Breaking Change The derive for the error macro removed PartialEq; confirm that downstream code, tests, and public API expectations do not rely on equality comparisons of error enums. fn saa_error_impl(input: DeriveInput, options: Options) -> syn::Result<DeriveInput> { let crate_path = &options.crate_path; let error_path: syn::Path = syn::parse_quote!(#crate_path::thiserror::Error); let mut stream = quote! { #[derive( Debug, #error_path)] }; Typo/Date Error The new changelog entry uses an invalid date format which could confuse release automation or readers; validate and correct the release date. ## [0.28.0] - 2025-07-97 Documentation Typos Multiple spelling/grammar errors in newly added sections (e.g., 'crypthograpghic', 'abd', 'serilizations', 'Requsting', 'credemtial') reduce clarity; consider proofreading to improve developer experience. - Client-side tools for requesting credentials abd their serilizations - Verification (+ storage) logic for Rust environments. - Ideal for smart accounts, wallets and apps with build-in authentication ## Goals and Focus-Area - Definition of useful data structure, trais and utlity functions - Formatting data according to specs. Primarily with use of envelopes - Serialisation and deserialisation of the date depending on context - Passing data to underlying cryptographic APIs and libraries - Dealing with batches / multuple credentials at the same time - [FEAT] Protection against replay attacks - [FEAT] Encapsulated storage of the credentials - [FEAT] Encapsulated reconstruction & verification of credentials from payload ### Cryptography - ⚡ Delegations verifcation to available APIs for efficency - ⚙️ Native version relies on [cosmwasm-crypto](https://crates.io/crates/cosmwasm-crypto) ### Other Info - **Encoding:** By default using `base64` everywhere. The exceptions are primarily when it makes sence according to the specs of a credential such as Eth addresses using `hex` or webauthn challenge using `base64url` ## Supported Credentials | Credential | Feature Flag | Specification / Use Case | |--------------------------|------------------|----------------------------------------------------| | Ethereum Personal Sign | ``ethereum`` | EVM-compatible signing (EIP-191) | | Cosmos Arbitrary Sign | ``cosmos`` | Human-readable msgs (ADR-036) | | Passkeys (WebAuthn) | ``passkeys`` | FIDO2 / WebAuthn public key authentication | | Secp256k1 / Secp256r1 | ``curves`` or ``ethereum`` | Raw signature verification on ECDSA curves | | Ed25519 | ``curves`` or ``ed25519`` | EdDSA signatures (e.g., Solana, Substrate) | ## Virtual Machine Support | Virtual Machine | Version | Support Level | Notes | |-----------------------|-------------|-------------------|----------------------------------------| | CosmWasm | 1.x | Complete | Full signing and verification | | CosmWasm | 2.x | Partial | Ongoing updates for v2 changes | | SecretWasm | - | Partial | Based on CosmWasm; limited extensions | | Ink / Substrate | - | Partial | Core types supported; more in development | | Solana (Seahorse) | - | Serialization | Only message serialization; no signing | > Legend: Complete = fully supported, Partial = limited or experimental, Serialization = only data formatting available # Smart Contracts / Programs ## Instalation ```bash # Add the library to your project cargo add smart-account-auth You can also give the library an alias to simplify typing # tp import for CosmWasm(v1) contracts with all default features saa = { package = "smart-account-auth", version = "0.24.5", features = ["cosmwasm"] } Features Environment specific features that are mutually exclusive and shouldn't be used together. Pick depending on your virtual machine: Feature Target Environment Status native Native Rust execution Stable cosmwasm CosmWasm 2.x smart contracts Stable cosmwasm_v1 CosmWasm 1.x smart contracts Stable secretwasm Secret Network (CosmWasm fork) In Development substrate Substrate ink! smart contracts In Development solana Solana programs (BPF) In Development Credential specifc features allow you to include / exclude specific credential types for better control and optimisizing the binary size: Feature Purpose Specification ethereum Ethereum personal sign messages EIP-191 cosmos Cosmos arbitrary signing (human-readable) ADR-036 passkeys WebAuthn / FIDO2 passkey authentication WebAuthn curves Raw data sig verification (Ed25519, Secp256k1, Secp256r1) Multi-curve support ed25519 Sig verification only on Ed25519 curve Subset of curves The following features give you access to additional logic related to better control or additional security Feature Purpose session Tools & primitives for session keys and message typing replay Adds replay protection with nonce enforcement std Enables Rust std (vs no_std compatibility) The following features enable or disable inner primitives to ether help you out or to reduce the binary size as much as possible Feature Purpose utils Serialization and crypto preprocessing tools types Lightweight, VM-agnostic types (from cosmwasm_std / cw-utils) traits Exposes Verifiable used internally and CredentialsWrapper traits to customise or simply use the wrapper methods The following credentials are not meant to be specified directly and used only internal purposes 🚫 Feature Purpose wasm Shared logic for CosmWasm derivatives Verification Single Credential

[qodo-merge-pro]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
High-level	CosmWasm v1 support is likely broken The PR incorrectly updates the cosmwasm-std-v1 dependency alias to CosmWasm v3.0.2, breaking compatibility for CosmWasm 1.x contracts. This change should be reverted to maintain backward compatibility by keeping the dependency pinned to a 1.x version. Examples: packages/common/Cargo.toml [17] cosmwasm-std-v1 = { version = "3.0.2", optional = true, package = "cosmwasm-std" } Solution Walkthrough: Before: # packages/common/Cargo.toml [dependencies] ... cosmwasm-std = { version = "3.0.2", optional = true } cosmwasm-std-v1 = { version = "3.0.2", optional = true, package = "cosmwasm-std" } ... After: # packages/common/Cargo.toml [dependencies] ... cosmwasm-std = { version = "3.0.2", optional = true } cosmwasm-std-v1 = { version = "1.5.11", optional = true, package = "cosmwasm-std" } ... Suggestion importance[1-10]: 9 __ Why: The suggestion correctly identifies a critical regression where updating the cosmwasm-std-v1 dependency alias breaks the advertised CosmWasm 1.x support, which is a major breaking change for users of the cosmwasm_v1 feature.	High
General	Conditionally derive PartialEq on error enums Conditionally derive PartialEq for error enums by adding a macro attribute. This will avoid a breaking change for users who rely on error comparison, while allowing an opt-out for compatibility with newer CosmWasm versions. packages/macros-proto/core/src/lib.rs [101-113] fn saa_error_impl(input: DeriveInput, options: Options) -> syn::Result<DeriveInput> { let crate_path = &options.crate_path; let error_path: syn::Path = syn::parse_quote!(#crate_path::thiserror::Error); + + let derive_partial_eq = if options.args.iter().any(|arg| arg == "skip_partial_eq") { + quote! {} + } else { + quote! { PartialEq, } + }; + let mut stream = quote! { - #[derive( Debug, #error_path)] + #[derive(#derive_partial_eq Debug, #error_path)] }; match &input.data { syn::Data::Enum(_) => {}, _ => return Err(syn::Error::new_spanned(&input, "Only enums are supported")), }; stream.extend(input.to_token_stream()); syn::parse2(stream) } [To ensure code accuracy, apply this suggestion manually] Suggestion importance[1-10]: 7 __ Why: The suggestion correctly identifies that removing PartialEq is a breaking change and proposes a flexible, non-breaking alternative using a conditional derive, which improves backward compatibility and maintainability.	Medium
Update

[sourcery-ai]

Hey there - I've reviewed your changes - here's some feedback:

• Fix the missing traits feature in the root crate’s Cargo.toml to resolve the cargo package error by declaring it under the [features] section.
• Clean up duplicated bullet items and stray dash prefixes in the README before the tables to improve list consistency and formatting.
• Double-check the removal of PartialEq from the derive macro in macros-proto/core to ensure it was intentional and update any affected tests or code.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- Fix the missing `traits` feature in the root crate’s Cargo.toml to resolve the `cargo package` error by declaring it under the `[features]` section.
- Clean up duplicated bullet items and stray dash prefixes in the README before the tables to improve list consistency and formatting.
- Double-check the removal of `PartialEq` from the derive macro in `macros-proto/core` to ensure it was intentional and update any affected tests or code.

## Individual Comments

### Comment 1
<location> `README.md:6` </location>
<code_context>
 # Smart Account Authentication

 Authentication Library / SDK  for working with various crypthograpghic credentials / authenticators
-- Client-side tools for requesting credentials abd their serilizations 
-- Verification (+ storage) logic for Rust environments. 
</code_context>

<issue_to_address>
**issue (typo):** Typo: 'crypthograpghic' should be 'cryptographic'.

```suggestion
Authentication Library / SDK  for working with various cryptographic credentials / authenticators
```
</issue_to_address>

### Comment 2
<location> `README.md:8` </location>
<code_context>
 # Smart Account Authentication

 Authentication Library / SDK  for working with various crypthograpghic credentials / authenticators
-- Client-side tools for requesting credentials abd their serilizations 
-- Verification (+ storage) logic for Rust environments. 
-- Ideal for smart accounts, wallets and apps with build-in authentication 
</code_context>

<issue_to_address>
**issue (typo):** Typos: 'abd' should be 'and', 'serilizations' should be 'serializations'.

```suggestion
- Client-side tools for requesting credentials and their serializations
```
</issue_to_address>

### Comment 3
<location> `README.md:18` </location>
<code_context>
 - Formatting data according to specs. Primarily with use of envelopes
 - Serialisation and deserialisation of the date depending on context
 - Passing data to underlying cryptographic APIs and libraries
-- Dealing with batches / multuple credentials at the same time 
-- [FEAT] Protection against replay attacks 
-- [FEAT] Encapsulated storage of the credentials 
</code_context>

<issue_to_address>
**issue (typo):** Typo: 'multuple' should be 'multiple'.

```suggestion
- Dealing with batches / multiple credentials at the same time
```
</issue_to_address>

### Comment 4
<location> `README.md:25` </location>
<code_context>
 - [FEAT] Encapsulated reconstruction & verification of credentials from payload

 ### Cryptography
-- ⚡ Delegations verifcation to available APIs for efficency 
+
+- ⚡ Delegations verifcation to available APIs for efficency
</code_context>

<issue_to_address>
**issue (typo):** Typos: 'verifcation' should be 'verification', 'efficency' should be 'efficiency'.

```suggestion
- ⚡ Delegations verification to available APIs for efficiency
```
</issue_to_address>

### Comment 5
<location> `README.md:30` </location>
<code_context>

 ### Other Info

-- **Encoding:** By default using `base64` everywhere. The exceptions are primarily when it makes sence according to the specs of a credential such as Eth addresses using `hex` or webauthn challenge using `base64url` 
-
-
</code_context>

<issue_to_address>
**issue (typo):** Typo: 'sence' should be 'sense'.

```suggestion
-- **Encoding:** By default using `base64` everywhere. The exceptions are primarily when it makes sense according to the specs of a credential such as Eth addresses using `hex` or webauthn challenge using `base64url` 
```
</issue_to_address>

### Comment 6
<location> `README.md:83` </location>
<code_context>
+| ``solana``     | Solana programs (BPF)                  | In Development |

-Credential specifc features allow you to include / exclude specific credential types for better control and optimisizing the binary size
+Credential specifc features allow you to include / exclude specific credential types for better control and optimisizing the binary size:

-- `ethereum` - for Ethereum personal sign message specification (  [EIP-191](https://eips.ethereum.org/EIPS/eip-191) )
</code_context>

<issue_to_address>
**issue (typo):** Typos: 'specifc' should be 'specific', 'optimisizing' should be 'optimizing'.

```suggestion
Credential specific features allow you to include / exclude specific credential types for better control and optimizing the binary size:
```
</issue_to_address>

### Comment 7
<location> `README.md:185` </location>
<code_context>
 ### Basics

 Requsting a credemtial is as simple as calling a function with a message to be signed and passing the neccecary signer information
+
 ```typescript
</code_context>

<issue_to_address>
**issue (typo):** Typos: 'Requsting' should be 'Requesting', 'credemtial' should be 'credential', 'neccecary' should be 'necessary'.

```suggestion
Requesting a credential is as simple as calling a function with a message to be signed and passing the necessary signer information
```
</issue_to_address>

### Comment 8
<location> `README.md:257` </location>
<code_context>

 ### Meta / Usage
-- OpenSource -> Low Funding / Resources -> Contributions are especially needed and welcomed
-- Authors of the library are also its main users. The expirience is iteratively used to improve the SDK by understaning the needs and shifting more and more logic from apps to the lib. 
-- `CosmWasm` retains the status of the primary target and used the most often during feature design stage and for tests. The main reason is being funded through quadrating funding on [DoraHacks](https://dorahacks.io/aez). 
-
</code_context>

<issue_to_address>
**issue (typo):** Typos: 'expirience' should be 'experience', 'understaning' should be 'understanding'.

```suggestion
-- Authors of the library are also its main users. The experience is iteratively used to improve the SDK by understanding the needs and shifting more and more logic from apps to the lib. 
```
</issue_to_address>

### Comment 9
<location> `README.md:56` </location>
<code_context>
 # Smart Contracts / Programs

-
 ## Instalation

 ```bash
</code_context>

<issue_to_address>
**issue (typo):** Typo: 'Instalation' should be 'Installation'.

```suggestion
## Installation
```
</issue_to_address>

### Comment 10
<location> `README.md:66` </location>
<code_context>
 You can also give the library an alias to simplify typing
+
 ```toml
 # tp import for CosmWasm(v1) contracts with all default features 
 saa  = { package = "smart-account-auth", version = "0.24.5", features = ["cosmwasm"] }
</code_context>

<issue_to_address>
**issue (typo):** Typo: 'tp import' should be 'to import'.

```suggestion
# to import for CosmWasm(v1) contracts with all default features 
```
</issue_to_address>

### Comment 11
<location> `README.md:224` </location>
<code_context>
 ### Replay Attack Protection

 If replay attack protection is enabled on the contract side, the message to be signed must be a json strong of the following format
+
 ```typescript
</code_context>

<issue_to_address>
**issue (typo):** Typo: 'strong' should be 'string'.

```suggestion
If replay attack protection is enabled on the contract side, the message to be signed must be a json string of the following format
```
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[ellipsis-dev]

Caution

Changes requested ❌

Reviewed everything up to 109c429 in 2 minutes and 5 seconds. Click for details.

• Reviewed 1458 lines of code in 14 files
• Skipped 0 files when reviewing.
• Skipped posting 23 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. README.md:6

• Draft comment:
  Multiple typos found in the README – for example, 'crypthograpghic' (line 6), 'serilizations' (line 8), and 'Instalation' (line 56) should be corrected for clarity. Please proofread the document.
• Reason this comment was not posted:
  Comment was on unchanged code.

2. packages/auth/Cargo.toml:20

• Draft comment:
  The 'ethabi' dependency is commented out. Confirm if that is intentional or if it should be enabled (perhaps with version 0.28.0) for Ethereum signature support.
• Reason this comment was not posted:
  Confidence changes required: 50% <= threshold 50% None

3. packages/bundle/Cargo.toml:31

• Draft comment:
  Ensure consistency of feature flags (e.g. 'eth_personal', 'eth_typed_data', 'cosmos_arb', etc.) across packages. The use of optional dependency syntax (like 'saa-auth?') should be reviewed for clarity.
• Reason this comment was not posted:
  Comment was not on a location in the diff, so it can't be submitted as a review comment.

4. packages/common/Cargo.toml:87

• Draft comment:
  Review the 'eth_typed_data' feature dependency list; it depends on 'dep:serde_json', 'dep:schemars', and 'std'. Verify that these are the intended prerequisites for that feature.
• Reason this comment was not posted:
  Comment was not on a location in the diff, so it can't be submitted as a review comment.

5. packages/macros-proto/core/src/lib.rs:101

• Draft comment:
  Consider adding inline documentation for the procedural macros (such as 'saa_error' and 'saa_derivable'). The implementation in 'saa_error_impl' could benefit from comments explaining the derive behavior and error wrapping.
• Reason this comment was not posted:
  Comment was not on a location in the diff, so it can't be submitted as a review comment.

6. packages/tests/Cargo.toml:21

• Draft comment:
  Verify that the versions for dependencies like 'cosmwasm-std' (3.0.2), 'base64-url' (3.0.0) and 'hex' (0.4.3) in the tests are correct and consistent with the rest of the workspace.
• Reason this comment was not posted:
  Confidence changes required: 50% <= threshold 50% None

7. CHANGELOG.md:12

• Draft comment:
  Typographical error detected: The date '2025-07-97' appears invalid (day '97' is not a valid day). Consider correcting to a valid date format.
• Reason this comment was not posted:
  Comment was on unchanged code.

8. README.md:6

• Draft comment:
  Typo found: Instead of "crypthograpghic", consider using "cryptographic".
• Reason this comment was not posted:
  Comment was on unchanged code.

9. README.md:8

• Draft comment:
  Typo found: "abd" should be "and" and "serilizations" should be "serializations".
• Reason this comment was not posted:
  Comment was on unchanged code.

10. README.md:10

• Draft comment:
  Typo found: "build-in" should be "built-in".
• Reason this comment was not posted:
  Comment was on unchanged code.

11. README.md:14

• Draft comment:
  Typo found: "trais" should be "traits" and "utlity" should be "utility".
• Reason this comment was not posted:
  Comment was on unchanged code.

12. README.md:16

• Draft comment:
  Typo found: "date" should likely be "data".
• Reason this comment was not posted:
  Comment was on unchanged code.

13. README.md:18

• Draft comment:
  Typo found: "multuple" should be "multiple".
• Reason this comment was not posted:
  Comment was on unchanged code.

14. README.md:25

• Draft comment:
  Typo found: "verifcation" should be "verification" and "efficieny" should be "efficiency".
• Reason this comment was not posted:
  Comment was on unchanged code.

15. README.md:30

• Draft comment:
  Typo found: "sence" should be "sense".
• Reason this comment was not posted:
  Comment was on unchanged code.

16. README.md:56

• Draft comment:
  Typo found: "Instalation" should be "Installation".
• Reason this comment was not posted:
  Comment was on unchanged code.

17. README.md:66

• Draft comment:
  Typographical error: In the comment, "# tp import for CosmWasm(v1) contracts with all default features" should likely read "# to import for CosmWasm(v1) contracts with all default features".
• Reason this comment was not posted:
  Decided after close inspection that this draft comment was likely wrong and/or not actionable: usefulness confidence = 10% vs. threshold = 50% While the comment is technically correct about the typo, it's an extremely minor documentation issue. The meaning is still clear even with the typo. According to the rules, we should not make purely informative comments or comments about obvious/unimportant issues. This falls into that category. The typo could potentially confuse new users who are copy-pasting the example. Documentation accuracy is important for user experience. While documentation accuracy matters, this typo is in a comment (not code) and the meaning is still obvious. The cost of the noise from the PR comment outweighs the minor benefit of fixing this typo. Delete this comment as it violates the rule about not making comments that are obvious or unimportant. The typo is too minor to warrant a PR comment.

18. README.md:101

• Draft comment:
  Typo found: "ether" should be "either".
• Reason this comment was not posted:
  Decided after close inspection that this draft comment was likely wrong and/or not actionable: usefulness confidence = 0% vs. threshold = 50% While this is a valid typo correction, the review rules emphasize focusing on code changes and logic issues. Documentation typos, while good to fix, are not critical issues that require comments. The typo doesn't impact code functionality or understanding of the feature's purpose. The typo does make the documentation slightly less professional. Some could argue that maintaining high quality documentation is important for the project. However, this is a minor cosmetic issue in documentation. The review rules specifically say to focus on code changes and logic, not purely informative or obvious comments. This comment should be deleted as it addresses a minor documentation issue rather than a substantive code or logic problem.

19. README.md:171

• Draft comment:
  Minor typographical note: The heading reads "Typescript". It is typically styled as "TypeScript". Consider updating the capitalization for consistency.
• Reason this comment was not posted:
  Comment was on unchanged code.

20. README.md:185

• Draft comment:
  There are a few typographical errors on this line: - "Requsting" should be "Requesting". - "credemtial" should be "credential". - "neccecary" should be "necessary".
• Reason this comment was not posted:
  Comment was on unchanged code.

21. README.md:224

• Draft comment:
  Typo: "json strong" should be corrected to "JSON string".
• Reason this comment was not posted:
  Comment was on unchanged code.

22. README.md:257

• Draft comment:
  Typographical issues found: - "expirience" should be "experience". - "understaning" should be "understanding".
• Reason this comment was not posted:
  Comment was on unchanged code.

23. README.md:258

• Draft comment:
  Consider reviewing the phrase "quadrating funding". If the intended term is the commonly used "quadratic funding", please update it accordingly.
• Reason this comment was not posted:
  Comment was on unchanged code.

Workflow ID: wflow_JsKXMQVU6ly3lgvn

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}

[ellipsis-dev]

Typo found: "specifc" should be "specific" and "optimisizing" should be "optimizing".

Suggested change

	Credential specifc features allow you to include / exclude specific credential types for better control and optimisizing the binary size:
	Credential specific features allow you to include / exclude specific credential types for better control and optimizing the binary size:

[bito-code-review]

Changelist by Bito

This pull request implements the following key changes.

Key Change	Files Impacted
Feature Improvement - Dependency Version Upgrades	- Cargo.lock - Upgraded multiple dependencies including CosmWasm, ark, schemars, and darling with revised checksums and dependency syntax to support CosmWasm v3. - Cargo.toml - Bumped workspace package versions from 0.26.x to 0.28.0 and updated CosmWasm dependencies to v3.0.2. - Cargo.toml - Updated bundle version to 0.28.0. - Cargo.toml - Upgraded cosmwasm-std to v3.0.2 and adjusted related dependency entries. - Cargo.toml - Bumped version to 0.28.0. - Cargo.toml - Bumped version to 0.28.0. - Cargo.toml - Bumped version to 0.28.0. - Cargo.toml - Updated schema package version to 0.28.0. - Cargo.toml - Upgraded cosmwasm-std dependency to v3.0.2.
Bug Fix - Error Macro Correction	- lib.rs - Removed the PartialEq derive from the error macro, correcting unintended behavior.
Documentation - Documentation and Comment Enhancements	- README.md - Enhanced documentation with reformatted tables and clearer descriptions of credentials, environments, and feature flags. - CHANGELOG.md - Updated version details to 0.28.0 and documented the changes. - types.ts - Fixed typos in comments to improve clarity. - Cargo.toml - Revised commented ethabi version reference for consistency.

[bito-code-review]

Code Review Agent Run #678501

Actionable Suggestions - 6

• packages/tests/Cargo.toml - 1

  • Missing feature flags · Line 21-21
• packages/common/Cargo.toml - 1

  • Version mismatch breaks compatibility · Line 16-17
• Cargo.lock - 3

  • ark-* version upgrade risk · Line 99-99
  • Version conflict strsim · Line 713-713
  • Dependency duplication · Line 1503-1514
• packages/macros-proto/core/src/lib.rs - 1

  • Missing PartialEq trait · Line 104-106

Review Details

• Files reviewed - 12 · Commit Range: b53abbf..109c429

  • Cargo.lock
  • Cargo.toml
  • packages/auth/Cargo.toml
  • packages/bundle/Cargo.toml
  • packages/common/Cargo.toml
  • packages/macros-proto/core/Cargo.toml
  • packages/macros-proto/core/src/lib.rs
  • packages/macros-proto/solana/Cargo.toml
  • packages/macros-proto/substrate/Cargo.toml
  • packages/macros-proto/wasm/Cargo.toml
  • packages/schema/Cargo.toml
  • packages/tests/Cargo.toml
• Files skipped - 2

  • CHANGELOG.md - Reason: Filter setting
  • README.md - Reason: Filter setting
• Tools

  • Whispers (Secret Scanner) - ✔︎ Successful
  • Detect-secrets (Secret Scanner) - ✔︎ Successful

---

Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

• /review - Manually triggers a full AI review.

• /pause - Pauses automatic reviews on this pull request.

• /resume - Resumes automatic reviews.

• /resolve - Marks all Bito-posted review comments as resolved.

• /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Default Agent You can customize the agent settings here or contact your Bito workspace admin at kromsten@pm.me.

Documentation & Help

• Customize agent settings
• Review rules
• General documentation
• FAQ

AI Code Review powered by

[bito-code-review]

Missing feature flags

The cosmwasm-std upgrade from 2.2.2 to 3.0.2 is consistent with the broader codebase (common package also uses 3.0.2), but testing utilities may need feature flag adjustments. The current usage in src/utils.rs imports cosmwasm_std::testing::{message_info, mock_dependencies, MockApi, MockQuerier, MockStorage} which requires the 'staking' feature for full compatibility with v3.0.2. Add the 'staking' feature to ensure all testing utilities compile correctly.

Code suggestion

Check the AI-generated fix before applying

Suggested change

	cosmwasm-std = { version = "3.0.2", default-features = false }
	cosmwasm-std = { version = "3.0.2", default-features = false, features = ["staking"] }

Code Review Run #678501

---

Should Bito avoid suggestions like this for future reviews? (Manage Rules)

• Yes, avoid them

[bito-code-review]

Version mismatch breaks compatibility

The cosmwasm-std-v1 dependency is being incorrectly updated to version 3.0.2, which breaks the intended version differentiation pattern. This creates semantic duplication where both cosmwasm-std and cosmwasm-std-v1 would point to the same 3.x API, eliminating the backward compatibility provided by the 1.x API. The cosmwasm_v1 feature specifically uses cosmwasm_std_v1 as cosmwasm_std in src/env.rs to provide compatibility with contracts written for the 1.x API. Reverting to 1.5.11 maintains this compatibility layer while allowing the main cosmwasm-std to use the latest 3.0.2 version.

Code suggestion

Check the AI-generated fix before applying

Suggested change

	cosmwasm-std = { version = "3.0.2", optional = true }
	cosmwasm-std-v1 = { version = "3.0.2", optional = true, package = "cosmwasm-std" }
	cosmwasm-std = { version = "3.0.2", optional = true }
	cosmwasm-std-v1 = { version = "1.5.11", optional = true, package = "cosmwasm-std" }

Code Review Run #678501

---

Should Bito avoid suggestions like this for future reviews? (Manage Rules)

• Yes, avoid them

[bito-code-review]

ark-* version upgrade risk

Major version upgrade of ark-* libraries from 0.4.2 to 0.5.0 introduces potential breaking changes. The cosmwasm-crypto package (v3.0.2) depends on these ark-* libraries, and upgrading them without compatibility verification could break cryptographic functionality. The changes include removal of derivative and rustc_version dependencies, addition of educe, arrayvec, and upgrade of itertools from 0.10.5 to 0.13.0. These changes may affect ark-ff trait implementations used by cosmwasm-crypto for BLS12-381 curve operations. Consider testing cryptographic operations thoroughly or pinning to compatible versions.

Code suggestion

Check the AI-generated fix before applying

 -version = "0.5.0"
 -checksum = "a177aba0ed1e0fbb62aa9f6d0502e9b46dad8c2eab04c14258a1212d2557ea70"
 +version = "0.4.2"
 +checksum = "ec847af850f44ad29048935519032c33da8aa03340876d351dfab5660d2966ba"

Code Review Run #678501

---

Should Bito avoid suggestions like this for future reviews? (Manage Rules)

• Yes, avoid them

[bito-code-review]

Dependency duplication

A new version of itertools (0.13.0) has been added alongside the existing 0.12.1 version. This creates a potential dependency duplication issue where both versions may coexist, increasing binary size and potentially causing type compatibility issues if types from different versions need to interact. The project should consolidate on a single itertools version.

Code suggestion

Check the AI-generated fix before applying

Suggested change

	[[package]]
	name = "itertools"
	version = "0.13.0"
	source = "registry+https://github.com/rust-lang/crates.io-index"
	checksum = "413ee7dfc52ee1a4949ceeb7dbc8a33f2d6c088194d9f922fb8318faf1f01186"
	dependencies = [
	"either",
	]
	[[package]]
	name = "itoa"
	version = "1.0.15"
	[[package]]
	name = "itoa"
	version = "1.0.15"

Code Review Run #678501

---

Should Bito avoid suggestions like this for future reviews? (Manage Rules)

• Yes, avoid them

[bito-code-review]

Code Review Agent Run #5e6067

Actionable Suggestions - 0

Review Details

• Files reviewed - 1 · Commit Range: 109c429..6a633b6

  • npm/src/credentials/types.ts
• Files skipped - 3

  • README.md - Reason: Filter setting
  • npm/README.md - Reason: Filter setting
  • CHANGELOG.md - Reason: Filter setting
• Tools

  • Whispers (Secret Scanner) - ✔︎ Successful
  • Detect-secrets (Secret Scanner) - ✔︎ Successful
  • Eslint (Linter) - ✔︎ Successful

---

Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

• /review - Manually triggers a full AI review.

• /pause - Pauses automatic reviews on this pull request.

• /resume - Resumes automatic reviews.

• /resolve - Marks all Bito-posted review comments as resolved.

• /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Default Agent You can customize the agent settings here or contact your Bito workspace admin at kromsten@pm.me.

Documentation & Help

• Customize agent settings
• Review rules
• General documentation
• FAQ

AI Code Review powered by