Conversation
🦋 Changeset detectedLatest commit: 5aeb5aa The changes in this PR will be included in the next version bump. This PR includes changesets to release 3 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
WalkthroughCredential salt is added to the shared credential contract, database schema, address derivation, authentication and passkey responses, client account initialization, Intercom flows, tests, and package Changesets. ChangesCredential salt flow
Estimated code review effort: 3 (Moderate) | ~20 minutes Possibly related PRs
🚥 Pre-merge checks | ✅ 4✅ Passed checks (4 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
✨ Simplify code
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Code Review
This pull request introduces a credential salt for address derivation and account initialization across the common, server, and mobile packages. It adds a salt column with a hex check constraint to the database schema, updates API endpoints (authentication, registration, and passkey) to retrieve and return the salt, and integrates it into the account client creation process. There are no review comments, so I have no feedback to provide.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
There was a problem hiding this comment.
Actionable comments posted: 1
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 7163f50a-fc04-4626-aa68-304a73dc98f3
📒 Files selected for processing (14)
.changeset/fuzzy-cows-breathe.md.changeset/neat-eggs-turn.md.changeset/quick-koalas-thread.mdcommon/accountInit.tscommon/deriveAddress.tscommon/validation.tsserver/api/auth/authentication.tsserver/api/auth/registration.tsserver/api/passkey.tsserver/database/schema.tsserver/test/api/auth.test.tsserver/utils/createCredential.tssrc/utils/accountClient.tssrc/utils/server.ts
| const authResponse = parse(Authentication, await response.json()); | ||
|
|
||
| assert.ok(authResponse.intercomToken); | ||
| expect(authResponse.salt).toBe(zeroAddress); |
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win
Add an end-to-end non-default salt test.
All four assertions validate only zeroAddress, so a regression that discards a stored custom salt and returns the default would pass. Add one persisted non-zero salt fixture and assert the exact value through authentication and registration.
📍 Affects 1 file
server/test/api/auth.test.ts#L87-L87(this comment)server/test/api/auth.test.ts#L469-L470server/test/api/auth.test.ts#L566-L568server/test/api/auth.test.ts#L714-L715
|
close #1143 |
Summary
Testing
Summary by CodeRabbit
New Features
Bug Fixes