Skip to content

live release#1112

Merged
gudnuf merged 23 commits into
livefrom
master
May 27, 2026
Merged

live release#1112
gudnuf merged 23 commits into
livefrom
master

Conversation

@gudnuf

@gudnuf gudnuf commented May 27, 2026

Copy link
Copy Markdown
Contributor

Adds

  • Fix shared-link/OG URLs baking in localhost on prerendered pages (canonical origin from Vercel env)
  • Zod → Zod Mini (smaller bundle)
  • Spark LUD-06 description_hash on LNURL-pay
  • Friendly UI when WebAssembly is unavailable (iOS Lockdown Mode)
  • Auth: only redirect on document navigations (don't trap cookieless users)
  • Sentry capture on claim errors; Cashu error-codes synced to NUT spec

Test

  • OG/shared links resolve to the deploy URL (not localhost) on preview + prod
  • LNURL send/receive works; Spark invoices carry description_hash
  • Cookieless SPA navigation isn't trapped; direct loads redirect with redirectTo
  • Smoke send/receive/buy (Zod Mini regression)

jbojcic1 and others added 23 commits May 21, 2026 16:11
Remove workaround added because Vercel issue was causing pre-rendered pages to also hit server
When WebAssembly is unavailable (iOS Lockdown Mode disables WASM in
WebKit; restricted in-app WebViews on Android can too), the Breez SDK
crashed deep in wasm-bindgen with an unrecognizable ReferenceError that
landed in the generic error card and was reported to Sentry.

- Gate ensureBreezWasm with a typed WebAssemblyUnavailableError so the
  failure has a stable identity instead of a minified bindings stack.
- Catch the fire-and-forget call in entry.client.tsx so the rejection
  doesn't double-report via unhandledrejection.
- Render a platform-aware message in the route ErrorBoundary: name
  Lockdown Mode explicitly for iOS / macOS Safari, generic browser-
  unsupported copy otherwise. Skip Sentry on this branch.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Match the spacing used by the storage-blocked case so the button isn't
crowding the message.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
fix(spark): handle missing WebAssembly with friendly error UI
Two enum values currently collide with current-spec codes, actively
misclassifying spec-compliant mints:

- `TRANSACTION_NOT_BALANCED = 11002` collides with spec
  `11002 Proofs are pending` (an already-resolved-shaped condition)
- `UNIT_NOT_SUPPORTED = 11005` collides with spec
  `11005 Transaction is not balanced`

Drift fixes (4 codes — names unchanged, values updated to current spec):

- `TOKEN_VERIFICATION_FAILED`     `10003` -> `10001`
- `OUTPUT_ALREADY_SIGNED`         `10002` -> `11003`
- `TRANSACTION_NOT_BALANCED`      `11002` -> `11005`
- `UNIT_NOT_SUPPORTED`            `11005` -> `11013`

New codes added from current spec (10 entries):

- `11002 PROOFS_ARE_PENDING`
- `11004 OUTPUTS_ARE_PENDING`
- `11011 AMOUNTLESS_INVOICE_UNSUPPORTED`
- `11012 AMOUNT_MISMATCH`
- `11014 MAX_INPUTS_EXCEEDED`
- `11015 MAX_OUTPUTS_EXCEEDED`
- `11016 DUPLICATE_QUOTE_IDS`
- `11017 MAX_BATCH_SIZE_EXCEEDED`
- `12003 KEYSET_EXPIRED`

Renumbering is safe: every callsite uses `CashuErrorCodes.NAME`, zero
raw-number references (verified via grep). Names did not change.

No behaviour changes — service-level recovery branches still match the
same constants they matched before; only the numeric values they expand
to have shifted.

Phase 1 of the spec at docs/cashu-error-classifier.md (#1104).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
…o-nut-spec

fix(cashu): sync error-codes enum to current NUT spec
Aligns the two receive-quote entity-tracker hooks with the
useTrackCashuSendSwap naming convention. Closes #414.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
refactor(hooks): adopt useTrack naming for receive-quote trackers
…ers without cookies

The session hint cookie added in 71e8a3d short-circuits SSR for
unauthenticated visits, but the loader redirected on every request —
including the single-fetch data requests that drive client-side
navigation. That broke recovery for any user whose hint cookie wasn't
present even though they were really authenticated: cookies disabled,
evicted from storage, cleared manually, or logged in before the cookie
existed. Their JWT was still in localStorage, but every navigation
through the SPA bounced them back to /home before clientMiddleware
could validate it.

Gate the redirect on Sec-Fetch-Mode === 'navigate' so only top-level
document navigations are intercepted. Single-fetch requests pass through
and clientMiddleware does its normal JWT check. The fresh-visit
"no flicker" path is unchanged.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…-hint

fix(auth): only redirect on document navigations to avoid trapping users without cookies
refactor(sentry): converge captureException calls on single pattern
Switch all schema files from `zod` to the tree-shakable `zod/mini`
API (same `zod` package, no dependency change). Method chaining is
replaced with standalone functions: `.optional()` -> `z.optional()`,
`.transform()` -> `z.pipe(s, z.transform())`, `.refine()` ->
`.check(z.refine())`, `.extend()`/`.and()` -> `z.extend()`/
`z.intersection()`, etc.

Closes #733
refactor: migrate Zod → Zod Mini for smaller bundle
Sets the BOLT11 `h` tag on spark-account invoices created via LNURL-pay so
wallets can verify the invoice commits to the metadata returned in the
LUD-16 response. Extracts a shared `buildLnurlpMetadata` helper so both
endpoints hash identical bytes.

getLightningQuote no longer forces an empty description when descriptionHash
is set — both fields are passed through to the Breez SDK as-is, which emits
only the `h` tag when descriptionHash is provided (BOLT11's "d and h are
alternatives" rule).

The Cashu path is unchanged (blocked on CDK; documented inline).

Closes #989
feat(spark): support LUD-06 description_hash on LNURL-pay
Prerendered routes (/home, /terms, ...) baked the request origin into
their static HTML, but at build-time prerender that origin is
http://localhost — so og:image/twitter:image/og:url pointed at an
unreachable host and link previews showed "Image failed to load".

Resolve the origin from Vercel's system env vars (production domain, or
branch/deploy URL on previews) with the request origin as fallback,
mirroring Next.js's metadataBase precedence. Keep the request origin for
in-app links and Lightning Address generation, which must reflect the
actual serving host.
fix(og): use Vercel deployment URL for absolute metadata URLs
…n't localhost

Shared token links, profile URLs and `username@domain` Lightning Addresses
were coming out as `http://localhost/...`. They all read `origin`/`domain`
from the root loader (via useLocationData), which returned the raw request
origin. At build-time prerender (`/home`, `/terms`) that origin is
`http://localhost`, baked into the static HTML; because the root loader never
revalidates, clients that enter via a prerendered route keep `localhost` for
the whole session. This surfaced once Vercel began serving prerendered routes
as static files instead of falling through to runtime SSR.

#1110 fixed the symptom for OG meta only by adding a separate `canonicalOrigin`
field. Fix it at the source instead: the loader now resolves `origin` (and
derives `domain`) through getCanonicalOrigin, so every consumer — meta, share
links, contacts, Lightning Address — gets a reachable host with no per-call
changes. Drops the now-redundant `canonicalOrigin` field and reverts the meta
functions to reading `origin`.
…igin

 derive origin/domain from the deployment URL, not the request
@supabase

supabase Bot commented May 27, 2026

Copy link
Copy Markdown

This pull request has been ignored for the connected project hrebgkfhjpkbxpztqqke because there are no changes detected in supabase directory. You can change this behaviour in Project Integrations Settings ↗︎.


Preview Branches by Supabase.
Learn more about Supabase Branching ↗︎.

@gudnuf gudnuf changed the title Release: master → live live release May 27, 2026
@gudnuf gudnuf merged commit 9d56c6a into live May 27, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

6 participants