0xsequence 1.9.19

.changeset/README.md

@@ -5,4 +5,4 @@ with multi-package repos, or single-package repos to help you version and publis
 find the full documentation for it [in our repository](https://github.com/changesets/changesets)
 
 We have a quick list of common questions to get you started engaging with this project in
-[our documentation](https://github.com/changesets/changesets/blob/main/docs/common-questions.md)
+[our documentation](https://github.com/changesets/changesets/blob/master/docs/common-questions.md)

.changeset/config.json

@@ -5,7 +5,7 @@
   "fixed": [],
   "linked": [],
   "access": "restricted",
-  "baseBranch": "master",
+  "baseBranch": "main",
   "updateInternalDependencies": "patch",
   "ignore": []
 }

.eslintignore

@@ -0,0 +1,2 @@
+.eslintrc.js
+packages/**/dist

.eslintrc.js

@@ -0,0 +1,48 @@
+const { off } = require("process")
+
+module.exports = {
+  parser: '@typescript-eslint/parser',
+  parserOptions: {
+    ecmaVersion: 2018,
+    sourceType: 'module'
+  },
+
+  extends: [
+    'plugin:@typescript-eslint/recommended',
+    'plugin:import/errors',
+    'plugin:import/warnings',
+    'plugin:import/typescript',
+    'prettier'
+  ],
+
+  rules: {
+    '@typescript-eslint/no-unused-vars': 'off',
+    '@typescript-eslint/no-explicit-any': 'off',
+    '@typescript-eslint/no-non-null-assertion': 'off',
+    '@typescript-eslint/explicit-module-boundary-types': 'off',
+    '@typescript-eslint/ban-types': 'off',
+    '@typescript-eslint/ban-ts-comment': 'off',
+    '@typescript-eslint/no-empty-function': 'off',
+    '@typescript-eslint/no-inferrable-types': 'off',
+    '@typescript-eslint/no-var-requires': 'off',
+    '@typescript-eslint/no-this-alias': 'off',
+
+    'import/no-unresolved': 'off',
+    'import/no-default-export': 2,
+    'import/no-named-as-default-member': 'off',
+    'import/export': 'off'
+
+
+    // 'import/order': [
+    //   'warn',
+    //   {
+    //     'groups': ['builtin', 'external', 'parent', 'sibling', 'index'],
+    //     'alphabetize': {
+    //       'order': 'asc', /* sort in ascending order. Options: ['ignore', 'asc', 'desc'] */
+    //       'caseInsensitive': true /* ignore case. Options: [true, false] */
+    //     }
+    //   },
+    // ]
+
+  }
+}

.github/ISSUE_TEMPLATE/bug_report.md

@@ -2,7 +2,7 @@
 name: Bug report
 about: Create a report to help us improve
 title: ''
-labels: ''
+labels: 'bug'
 assignees: ''
 ---
 

.github/ISSUE_TEMPLATE/feature_request.md

@@ -2,7 +2,7 @@
 name: Feature request
 about: Suggest an idea for this project
 title: ''
-labels: ''
+labels: 'enhancement'
 assignees: ''
 ---
 

.github/actions/install-dependencies/action.yml

@@ -4,15 +4,10 @@ runs:
   using: 'composite'
 
   steps:
-    - name: Setup Node
-      uses: actions/setup-node@v4
-      with:
-        node-version: 20
-
     - name: Setup PNPM
-      uses: pnpm/action-setup@v3
+      uses: pnpm/action-setup@v2
       with:
-        version: 10
+        version: 8
         run_install: false
 
     - name: Get pnpm store directory
@@ -22,7 +17,7 @@ runs:
         echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT
 
     - name: Setup pnpm cache
-      uses: actions/cache@v4
+      uses: actions/cache@v3
       with:
         path: |
           ${{ steps.pnpm-cache.outputs.STORE_PATH }}
@@ -33,6 +28,11 @@ runs:
         restore-keys: |
           ${{ runner.os }}-pnpm-store-
 
+    - name: Setup Node
+      uses: actions/setup-node@v3
+      with:
+        node-version: 20
+
     - name: Install dependencies
       shell: bash
       run: pnpm install --frozen-lockfile

.github/workflows/Publish-Dists.yml

@@ -0,0 +1,91 @@
+name: Publish Dists for Packages
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - uses: ./.github/actions/install-dependencies
+
+      - name: Build package
+        run: pnpm run build
+
+      - name: Prepare dist branch
+        run: |
+          PACKAGES=("services/guard" "services/identity-instrument" "services/relayer" "wallet/core" "wallet/primitives" "wallet/wdk" "wallet/dapp-client")
+
+          for PACKAGE in "${PACKAGES[@]}"; do
+            BRANCH="dists/$PACKAGE"
+            PKG_DIR="packages/$PACKAGE"
+
+            echo "📦 Publishing $PACKAGE to $BRANCH"
+
+            mkdir -p "/tmp/$PACKAGE"
+            cp -r "$PKG_DIR"/. "/tmp/$PACKAGE" || true
+
+            cd /tmp/$PACKAGE
+            git init
+            git checkout -b $BRANCH
+
+            git config user.name "github-actions"
+            git config user.email "actions@github.com"
+
+            echo "🔧 Rewriting workspace: deps in package.json..."
+            node -e '
+              const fs = require("fs");
+              const path = require("path");
+              const pkgPath = path.resolve("package.json");
+              const pkg = JSON.parse(fs.readFileSync(pkgPath, "utf8"));
+              const repo = "github:0xsequence/sequence.js";
+
+              const versions = {
+                "@0xsequence/guard": `${repo}#dists/services/guard`,
+                "@0xsequence/identity-instrument": `${repo}#dists/services/identity-instrument`,
+                "@0xsequence/relayer": `${repo}#dists/services/relayer`,
+                "@0xsequence/wallet-core": `${repo}#dists/wallet/core`,
+                "@0xsequence/wallet-primitives": `${repo}#dists/wallet/primitives`,
+                "@0xsequence/wallet-wdk": `${repo}#dists/wallet/wdk`,
+              };
+
+              const rewrite = (deps = {}) => {
+                for (const k in deps) {
+                  if (deps[k].startsWith("workspace:")) {
+                    const version = versions[k];
+
+                    if (!version) {
+                      console.warn(`No version found for ${k}, skipping...`);
+                      continue;
+                    }
+
+                    deps[k] = version;
+                    console.log(`→ ${k} → ${deps[k]}`);
+                  }
+                }
+              };
+
+              ['dependencies', 'devDependencies', 'peerDependencies', 'optionalDependencies'].forEach((field) => {
+                if (pkg[field]) {
+                  rewrite(pkg[field]);
+                }
+              });
+              fs.writeFileSync(pkgPath, JSON.stringify(pkg, null, 2));
+            '
+
+            git add .
+            git commit -m "Build: publish $PACKAGE dist"
+
+            git remote add origin https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.git
+            git push -f origin HEAD:$BRANCH
+
+            cd -
+          done

.github/workflows/fortify.yml

@@ -0,0 +1,85 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+################################################################################################################################################
+# Fortify Application Security provides your team with solutions to empower DevSecOps practices, enable cloud transformation, and secure your  #
+# software supply chain. To learn more about Fortify, start a free trial or contact our sales team, visit fortify.com.                         #
+#                                                                                                                                              #
+# Use this starter workflow as a basis for integrating Fortify Application Security Testing into your GitHub workflows. This template          #
+# demonstrates the steps to package the code+dependencies, initiate a scan, and optionally import SAST vulnerabilities into GitHub Security    #
+# Code Scanning Alerts. Additional information is available in the workflow comments and the Fortify AST Action / fcli / Fortify product       #
+# documentation. If you need additional assistance, please contact Fortify support.                                                            #
+################################################################################################################################################
+
+name: Fortify AST Scan
+
+# Customize trigger events based on your DevSecOps process and/or policy
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "master" ]
+  schedule:
+    - cron: '31 12 * * 4'
+  workflow_dispatch:
+
+jobs:
+  Fortify-AST-Scan:
+    # Use the appropriate runner for building your source code. Ensure dev tools required to build your code are present and configured appropriately (MSBuild, Python, etc).
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+      # Check out source code
+      - name: Check Out Source Code
+        uses: actions/checkout@v4
+
+      # Java is required to run the various Fortify utilities. Ensuring proper version is installed on the runner.
+      - name: Setup Java
+        uses: actions/setup-java@v4
+        with:
+          java-version: 17
+          distribution: 'temurin'
+
+      # Perform SAST and optionally SCA scan via Fortify on Demand/Fortify Hosted/Software Security Center, then
+      # optionally export SAST results to the GitHub code scanning dashboard. In case further customization is
+      # required, you can use sub-actions like fortify/github-action/setup@v1 to set up the various Fortify tools
+      # and run them directly from within your pipeline; see https://github.com/fortify/github-action#readme for
+      # details.
+
+      - name: Run FoD SAST Scan
+        uses: fortify/github-action@a92347297e02391b857e7015792cd1926a4cd418
+        with:
+          sast-scan: true
+        env:
+          ### Required configuration when integrating with Fortify on Demand
+          FOD_URL: https://ams.fortify.com
+          FOD_TENANT: ${{secrets.FOD_TENANT}}
+          FOD_USER: ${{secrets.FOD_USER}}
+          FOD_PASSWORD: ${{secrets.FOD_PAT}}
+          ### Optional configuration when integrating with Fortify on Demand
+          # EXTRA_PACKAGE_OPTS: -oss                       # Extra 'scancentral package' options, like '-oss'' if
+                                                           # Debricked SCA scan is enabled on Fortify on Demand
+          # EXTRA_FOD_LOGIN_OPTS: --socket-timeout=60s     # Extra 'fcli fod session login' options
+          # FOD_RELEASE: MyApp:MyRelease                   # FoD release name, default: <org>/<repo>:<branch>; may
+                                                           # replace app+release name with numeric release ID
+          # DO_WAIT: true                                  # Wait for scan completion, implied if 'DO_EXPORT: true'
+          # DO_EXPORT: true                                # Export SAST results to GitHub code scanning dashboard
+          ### Required configuration when integrating with Fortify Hosted / Software Security Center & ScanCentral
+          # SSC_URL: ${{secrets.SSC_URL}}                            # SSC URL
+          # SSC_TOKEN: ${{secrets.SSC_TOKEN}}                        # SSC CIToken or AutomationToken
+          # SC_SAST_TOKEN: ${{secrets.SC_SAST_TOKEN}}                # ScanCentral SAST client auth token
+          # SC_SAST_SENSOR_VERSION: ${{vars.SC_SAST_SENSOR_VERSION}} # Sensor version on which to run the scan;
+                                                                     # usually defined as organization or repo variable
+          ### Optional configuration when integrating with Fortify Hosted / Software Security Center & ScanCentral
+          # EXTRA_SC_SAST_LOGIN_OPTS: --socket-timeout=60s # Extra 'fcli sc-sast session login' options
+          # SSC_APPVERSION: MyApp:MyVersion                # SSC application version, default: <org>/<repo>:<branch>
+          # EXTRA_PACKAGE_OPTS: -bv myCustomPom.xml        # Extra 'scancentral package' options
+          # DO_WAIT: true                                  # Wait for scan completion, implied if 'DO_EXPORT: true'
+          # DO_EXPORT: true                                # Export SAST results to GitHub code scanning dashboard

.github/workflows/tests.yml

@@ -1,6 +1,8 @@
 on: [push]
 
 name: tests
+permissions:
+  contents: read
 
 jobs:
   install:
@@ -19,6 +21,8 @@ jobs:
       - uses: ./.github/actions/install-dependencies
       - run: pnpm clean
       - run: pnpm build
+      - run: pnpm typecheck
+      - run: pnpm lint
 
   tests:
     name: Run all tests
@@ -31,8 +35,9 @@ jobs:
         uses: foundry-rs/foundry-toolchain@v1
         with:
           version: nightly
+        # Fork latest mainnet state
       - name: Start Anvil in background
-        run: anvil --fork-url https://nodes.sequence.app/arbitrum &
+        run: anvil --fork-url https://reth-ethereum.ithaca.xyz/nodes.sequence.app/rpc &
       - run: pnpm test
 
   # NOTE: if you'd like to see example of how to run