SDK improvements

[feruzm]

Summary by CodeRabbit

• New Features

  • Smarter broadcasting with per-authority auth selection, credential prefetching, clearer errors, and blocking legacy auth for non-posting actions.
  • Authority-aware system detecting required authority (posting/active/owner/memo) across operations.
  • Web broadcast adapter and SDK-backed web mutation hooks for vote, comment, reblog, follow, and unfollow with integrated cache handling and auth flows.
  • Platform adapter additions for owner/memo key access, posting-authorization checks, auth-upgrade UI, and grant-posting flow.

• Bug Fixes

  • Ensure account RC cache invalidation after posting/commenting.

• Documentation

  • Expanded docs, examples, and migration guidance for new auth flows.

• Chores

  • SDK bumped to major version 2.0.0.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• ✅ Review completed - (🔄 Check again to review again)

📝 Walkthrough

Walkthrough

Adds authority-aware broadcasting with a smarter fallback flow, a new AuthorityLevel mapping and helpers, extended PlatformAdapter methods for key/authorization management and auth-upgrade UI, a web broadcast adapter, and web-facing SDK mutation wrapper hooks that delegate broadcasting to the SDK.

Changes

Cohort / File(s)	Summary
Broadcast Mutation Logic packages/sdk/src/modules/core/mutations/use-broadcast-mutation.ts	Added broadcastWithMethod(...); reworked broadcastWithFallback() and useBroadcastMutation() to use AuthorityLevel, prefetch per-authority keys/tokens, prefer adapter.getLoginType, implement per-method flows (key, hiveauth, hivesigner, keychain, custom), add auth-upgrade UI hooks, and improve error handling.
Platform Adapter Interface packages/sdk/src/modules/core/types/platform-adapter.ts	Extended PlatformAdapter with optional methods: getOwnerKey?, getMemoKey?, hasPostingAuthorization?, showAuthUpgradeUI?, and grantPostingAuthority? for owner/memo key retrieval, posting auth checks, upgrade prompts, and granting posting authority.
Authority Mapping Module packages/sdk/src/modules/operations/authority-map.ts, packages/sdk/src/modules/operations/index.ts	New AuthorityLevel type (`'posting'
Web integration / Adapter apps/web/src/providers/sdk/web-broadcast-adapter.ts, apps/web/src/providers/sdk/index.ts, apps/web/src/core/sdk-init.ts	Added createWebBroadcastAdapter and re-export; adapter implements web storage-backed key accessors, login-type detection, broadcast paths for Keychain/HiveSigner/HiveAuth, auth-upgrade UI hooks, posting-auth helpers, React Query invalidation integration, and docs for per-hook adapter creation.
Web SDK Mutations Wrappers apps/web/src/api/sdk-mutations/*, apps/web/src/api/mutations/entry-vote.ts, apps/web/src/api/mutations/create-reply.ts, apps/web/src/api/mutations/entry-reblog-sdk.ts	Introduced web wrapper hooks (useVoteMutation, useCommentMutation, useReblogMutation, useFollowMutation, useUnfollowMutation) that build the web adapter and delegate to SDK mutations; replaced some direct broadcasts with SDK-backed flows and adjusted optimistic/cache logic to rely on SDK invalidation.
Accounts mutations & hooks packages/sdk/src/modules/accounts/mutations/index.ts, .../use-follow.ts, .../use-unfollow.ts	Added useFollow and useUnfollow hooks and payload types; hooks construct follow/unfollow ops and invalidate related account caches when adapter supports invalidation.
Posts mutation cache tweak packages/sdk/src/modules/posts/mutations/use-comment.ts	Added additional invalidation ["account", username, "rc"] after comment/post broadcasts to refresh account RC.
Changelog & Package packages/sdk/CHANGELOG.md, packages/sdk/package.json	Bumped SDK version to 2.0.0, added changelog entries describing breaking changes and migration notes, and updated hivesigner peer dependency.

Sequence Diagram(s)

sequenceDiagram
    rect rgba(200,230,255,0.5)
    participant Client
    end
    rect rgba(220,255,220,0.5)
    participant Adapter
    end
    rect rgba(255,240,200,0.5)
    participant KeyStore
    end
    rect rgba(255,220,220,0.5)
    participant ExternalAuth as "HiveSigner/Keychain/HiveAuth"
    end
    rect rgba(240,240,240,0.5)
    participant Node as "Blockchain Node"
    end

    Client->>Adapter: broadcastWithMethod(username, ops, authority)
    Adapter->>Adapter: adapter.getLoginType(username)?
    alt loginType available
        Adapter->>Client: select preferred method
    end
    alt method == "key"
        Adapter->>KeyStore: get key for authority (getPostingKey/getActiveKey/getOwnerKey)
        KeyStore-->>Adapter: key
        Adapter->>Node: sign & broadcast tx
    else method == "hivesigner" or "hiveauth" or "keychain"
        Adapter->>ExternalAuth: request token/key & send broadcast
        ExternalAuth-->>Node: submit broadcast
    else method == "custom"
        Client->>Adapter: invoke custom broadcast handler
    end
    Node-->>Client: tx confirmation or error
    alt auth failure
        Client->>Adapter: showAuthUpgradeUI(requiredAuthority, operation)
        Adapter->>Client: user selects alternate method -> retry via fallback chain
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• SDK mutation hooks and adapters #648: Overlapping changes to broadcast/auth selection and PlatformAdapter extensions affecting fallback and adapter APIs.
• Move private api to sdk #606: Similar modifications touching broadcast fallback logic, credential selection, and error handling in mutation flows.
• Convert op, optimistic commenting fixes #613: Related adjustments to comment/reply broadcasting and optimistic/cache update migration to SDK-backed mutations.

Poem

🐰 I hopped through ops and keys with glee,
I mapped authorities — posting, active, owner, memo — whee!
I nudged adapters to fetch and try,
When auth went sideways, I asked users why,
Now broadcasts hop out — hooray, set free! 🥕✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title "SDK improvements" is vague and does not clearly summarize the main changes, using non-descriptive language that fails to convey meaningful information about the substantial SDK modifications.	Provide a more specific title that describes the primary focus, such as 'Add authority-based broadcasting and smart auth strategy' or 'Implement operation authority detection and smart auth fallback'.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	Docstring coverage is 94.74% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch mutation

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@apps/web/src/providers/sdk/web-broadcast-adapter.ts`:
- Around line 63-74: getUser currently returns user.loginType directly causing
inconsistency with getLoginType; update getUser to map loginType the same way
getLoginType does (i.e. map 'privateKey' to 'key' and pass through other values)
before returning authType. Locate the getUser function and either apply the same
conditional/mapping logic used in getLoginType or call
getLoginType(user.loginType) to set authType = mapped value instead of
user.loginType so both methods produce the same authType for private-key
sessions.

🧹 Nitpick comments (3)

apps/web/src/providers/sdk/web-broadcast-adapter.ts (2)

163-173: Consider wiring UI feedback to your toast system.

Console-only feedback can hide errors in production. Hooking into the app’s existing toast/notification utilities would improve UX.

---

191-213: Use browser-safe timeout typing.

The apps/web/tsconfig.json is DOM-focused and doesn't explicitly include Node types (only DOM, DOM.Iterable, and ES targets). While NodeJS.Timeout works via the base config's "types": ["node"], using ReturnType<typeof setTimeout> is more appropriate for this web-only module and avoids unnecessary dependency on Node types.

♻️ Suggested typing tweak

-        let timeoutId: NodeJS.Timeout | undefined;
+        let timeoutId: ReturnType<typeof setTimeout> | undefined;

apps/web/src/api/mutations/create-reply.ts (1)

62-97: Only set beneficiaries when non-empty—follow the SDK's pattern.

The SDK's own useComment implementation explicitly guards against empty beneficiaries by checking if (beneficiaries.length > 0) before including the extension. Your code sets beneficiaries unconditionally, which can result in an empty array being sent and potentially rejected by builders/ops that treat it as an explicit extension.

♻️ Suggested tweak

-        commentPayload.options = {
+        const beneficiaries = extractBeneficiaries(options.extensions);
+        commentPayload.options = {
           maxAcceptedPayout: options.max_accepted_payout,
           percentHbd: options.percent_hbd,
           allowVotes: options.allow_votes,
           allowCurationRewards: options.allow_curation_rewards,
-          beneficiaries: extractBeneficiaries(options.extensions),
+          ...(beneficiaries.length ? { beneficiaries } : {}),
         };

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

rg -n "interface User|authType|broadcastWithMethod" --type ts -C3 packages/sdk

Repository: ecency/vision-next

Length of output: 11132

---

🏁 Script executed:

rg -A 20 "export interface User" packages/sdk/src/modules/core/types/platform-adapter.ts

Repository: ecency/vision-next

Length of output: 268

---

🏁 Script executed:

rg -n "loginType|privateKey|keychain|hivesigner|hiveauth" apps/web/src/providers/sdk/web-broadcast-adapter.ts -B2 -A2

Repository: ecency/vision-next

Length of output: 3296

---

🏁 Script executed:

rg -n "export.*loginType|type.*LoginType|enum.*LoginType" --type ts apps/web

Repository: ecency/vision-next

Length of output: 174

---

Consistency: getUser should map loginType like getLoginType does.

The getLoginType method explicitly maps 'privateKey' → 'key' (line 153), but getUser returns loginType without mapping. This creates an inconsistency: the same private-key session will report different authType values depending on which method is called. Apply the mapping in getUser to match getLoginType behavior.

Suggested mapping

-      return {
-        name: user.username,
-        authType: user.loginType, // 'hivesigner' | 'keychain' | 'hiveauth' | 'privateKey'
-      };
+      const authType =
+        user.loginType === 'privateKey' ? 'key' : user.loginType;
+      return {
+        name: user.username,
+        authType,
+      };

🤖 Prompt for AI Agents

In `@apps/web/src/providers/sdk/web-broadcast-adapter.ts` around lines 63 - 74,
getUser currently returns user.loginType directly causing inconsistency with
getLoginType; update getUser to map loginType the same way getLoginType does
(i.e. map 'privateKey' to 'key' and pass through other values) before returning
authType. Locate the getUser function and either apply the same
conditional/mapping logic used in getLoginType or call
getLoginType(user.loginType) to set authType = mapped value instead of
user.loginType so both methods produce the same authType for private-key
sessions.