Codesandbox dev

[Dargon789]

Summary by Sourcery

Add a new wagmi-based demo app and integrate additional security and CI workflows.

New Features:

• Introduce a new Vite/React wagmi demo application with wallet connectors for mainnet and sepolia.

Enhancements:

• Add basic styling and configuration for the wagmi demo app, including TypeScript and Vite setup.
• Update the indexer service changelog with a new 2.0.0 entry.

Build:

• Add an Azure Pipelines configuration to install Node.js, install dependencies, and run the build.
• Add Codesandbox task configuration and project metadata files for the new wagmi app.

CI:

• Introduce a Fortify AST GitHub Actions workflow to run SAST scans on pushes, pull requests, and scheduled runs.

Deployment:

• Add a CNAME configuration file for custom domain setup.

Documentation:

• Add a SECURITY policy document describing supported versions and vulnerability reporting.
• Add GitHub issue templates for bugs, feature requests, and custom issues.
• Document the wagmi demo app as a Vite project bootstrapped with create-wagmi.

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[vercel]

Deployment failed with the following error:

Resource is limited - try again in 24 hours (more than 100, code: "api-deployments-free-per-day").

Learn More: https://vercel.com/dargon789-forge?upgradeToPro=build-rate-limit

[sourcery-ai]

Reviewer's Guide

Adds a new Codesandbox-friendly wagmi Vite demo app plus security/CI workflows and repository metadata, and bumps the indexer service changelog with a 2.0.0 entry.

Sequence diagram for wallet connect and disconnect in the wagmi app

sequenceDiagram
  actor BrowserUser
  participant AppComponent
  participant WagmiProvider
  participant Connector
  participant BlockchainNetwork

  BrowserUser->>AppComponent: Load_application
  AppComponent->>WagmiProvider: Initialize_useAccount_useConnect_useDisconnect
  WagmiProvider-->>AppComponent: Provide_account_connectors_status

  BrowserUser->>AppComponent: Click_connect_button_with_selected_connector
  AppComponent->>WagmiProvider: connect(connector)
  WagmiProvider->>Connector: Start_connection
  Connector->>BrowserUser: Prompt_for_wallet_approval
  BrowserUser-->>Connector: Approve_connection
  Connector->>BlockchainNetwork: Establish_session
  BlockchainNetwork-->>Connector: Session_established
  Connector-->>WagmiProvider: Connection_success
  WagmiProvider-->>AppComponent: Update_account_status_connected
  AppComponent-->>BrowserUser: Render_account_info_and_Disconnect_button

  BrowserUser->>AppComponent: Click_Disconnect_button
  AppComponent->>WagmiProvider: disconnect()
  WagmiProvider->>Connector: Terminate_session
  Connector->>BlockchainNetwork: Close_session
  BlockchainNetwork-->>Connector: Session_closed
  Connector-->>WagmiProvider: Disconnected
  WagmiProvider-->>AppComponent: Update_account_status_disconnected
  AppComponent-->>BrowserUser: Render_disconnected_state

Loading

Class diagram for the wagmi Vite demo app structure

classDiagram
  class AppComponent {
    +useAccount account
    +useConnectResult connectResult
    +useDisconnectResult disconnectResult
    +render(): JSX
  }

  class MainEntry {
    +Buffer globalBuffer
    +QueryClient queryClient
    +bootstrap(rootElementId)
  }

  class WagmiConfigModule {
    +Config config
    +createConfig(chains, connectors, transports)
  }

  class QueryClient {
    +QueryClient()
  }

  class WagmiProvider {
    +config Config
  }

  class QueryClientProvider {
    +client QueryClient
  }

  class Connector {
    +string uid
    +string name
  }

  class AccountState {
    +string status
    +string[] addresses
    +number chainId
  }

  class ConnectResult {
    +Connector[] connectors
    +function connect(connector)
    +string status
    +Error error
  }

  class DisconnectResult {
    +function disconnect()
  }

  AppComponent --> AccountState : uses
  AppComponent --> ConnectResult : uses
  AppComponent --> DisconnectResult : uses
  ConnectResult --> Connector : exposes

  MainEntry --> WagmiProvider : wraps
  MainEntry --> QueryClientProvider : wraps
  MainEntry --> AppComponent : renders
  MainEntry --> WagmiConfigModule : imports
  MainEntry --> QueryClient : instantiates

  WagmiProvider --> WagmiConfigModule : uses_config
  QueryClientProvider --> QueryClient : uses

  WagmiConfigModule --> Connector : defines
  WagmiConfigModule --> WagmiProvider : config_type_declaration

  AccountState <.. WagmiProvider : provided_by
  ConnectResult <.. WagmiProvider : provided_by
  DisconnectResult <.. WagmiProvider : provided_by

Loading

File-Level Changes

Change	Details	Files
Introduce a standalone wagmi Vite demo application for wallet connection testing and Codesandbox usage.	Create a Vite+React TypeScript app scaffold with basic HTML entrypoint, build tooling, and TypeScript configuration. Implement a minimal App component that surfaces wagmi account state and allows connecting/disconnecting via configured connectors. Configure wagmi with mainnet/sepolia chains and injected, Coinbase Wallet, and WalletConnect connectors using an env-based WalletConnect project ID. Bootstrap React rendering with WagmiProvider and React Query, including a Buffer polyfill for browser use. Add basic dark/light root styling and project metadata (README, ignore files, npm/biome config).	wagmi-project/package.json wagmi-project/index.html wagmi-project/src/main.tsx wagmi-project/src/App.tsx wagmi-project/src/wagmi.ts wagmi-project/src/index.css wagmi-project/src/vite-env.d.ts wagmi-project/vite.config.ts wagmi-project/tsconfig.json wagmi-project/tsconfig.node.json wagmi-project/.gitignore wagmi-project/.npmrc wagmi-project/biome.json wagmi-project/README.md
Add security scanning and CI workflows plus repository security/issue policy documentation.	Introduce a Fortify AST GitHub Actions workflow to run SAST scans on master pushes, PRs, a weekly schedule, and manual dispatch, configured for FoD with secrets. Add an Azure Pipelines definition to run Node.js 10.x, install dependencies, and build the project on master. Document security policy and supported versions in SECURITY.md (placeholder content). Add GitHub issue templates for bug reports, feature requests, and a custom template skeleton.	.github/workflows/fortify.yml azure-pipelines.yml SECURITY.md .github/ISSUE_TEMPLATE/bug_report.md .github/ISSUE_TEMPLATE/feature_request.md .github/ISSUE_TEMPLATE/custom.md
Update indexer service changelog with a new 2.0.0 entry placeholder.	Add a 2.0.0 section marked as a major changes release with a placeholder 'changeset' entry above existing 1.10.14 patch notes.	packages/services/indexer/CHANGELOG.md
Add miscellaneous repo-level configuration and cached artifacts related to Codesandbox and build tooling.	Add a Codesandbox tasks configuration file (contents not shown in diff). Add a CNAME file for custom domain configuration (contents not shown in diff). Check in v8 compile cache map artifacts for preconstruct CLI, which may be unintended build outputs and worth double-checking.	.codesandbox/tasks.json CNAME v8-compile-cache-0/x64/11.3.244.8-node.19/zSprojectzSsequence.jszSnode_moduleszS.pnpmzS@preconstruct+cli@2.8.7zSnode_moduleszS@preconstructzSclizSbin.js.MAP v8-compile-cache-0/x64/11.3.244.8-node.19/zSprojectzSworkspacezSnode_moduleszS.pnpmzS@preconstruct+cli@2.8.7zSnode_moduleszS@preconstructzSclizSbin.js.MAP

Possibly linked issues

• Feature/integration #17: PR implements the wagmi React project, SECURITY.md, Azure pipeline, and related scaffolding requested in the issue.

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
🔚	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[sourcery-ai]

Hey - I've found 5 issues, and left some high level feedback:

• It looks like v8-compile-cache-0/... artifacts and other tooling/runtime outputs (e.g. .codesandbox/tasks.json) have been committed; consider removing these and updating .gitignore to prevent them from being tracked.
• The Azure pipeline is configured to install Node 10.x, which is incompatible with modern tooling like Vite 5 and React 18; align the pipeline Node version with the version required by the new wagmi-project.
• If wagmi-project is intended as a sample or sandbox app, consider relocating it under an examples/sandbox directory and/or wiring it into the existing workspace tooling so it’s clearly separated from production packages.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- It looks like `v8-compile-cache-0/...` artifacts and other tooling/runtime outputs (e.g. `.codesandbox/tasks.json`) have been committed; consider removing these and updating `.gitignore` to prevent them from being tracked.
- The Azure pipeline is configured to install Node 10.x, which is incompatible with modern tooling like Vite 5 and React 18; align the pipeline Node version with the version required by the new `wagmi-project`.
- If `wagmi-project` is intended as a sample or sandbox app, consider relocating it under an `examples`/`sandbox` directory and/or wiring it into the existing workspace tooling so it’s clearly separated from production packages.

## Individual Comments

### Comment 1
<location path="azure-pipelines.yml" line_range="15" />
<code_context>
+steps:
+- task: NodeTool@0
+  inputs:
+    versionSpec: '10.x'
+  displayName: 'Install Node.js'
+
</code_context>
<issue_to_address>
**issue (bug_risk):** Node 10 in the build pipeline is likely incompatible with the toolchain used in `wagmi-project`.

This toolchain (Vite 5, React 18.3, TS 5.x) requires a modern Node version (typically ≥18); using Node 10 is likely to break the build or cause runtime issues. Please update `versionSpec` to something like `'18.x'` or `'20.x'`. If this pipeline is meant to build `wagmi-project`, also ensure the working directory is set there (or `cd wagmi-project`) before `npm install`/`npm run build` so the correct package is built.
</issue_to_address>

### Comment 2
<location path="wagmi-project/package.json" line_range="14-17" />
<code_context>
+    "@tanstack/react-query": "5.45.1",
+    "react": "^18.3.1",
+    "react-dom": "^18.3.1",
+    "viem": "latest",
+    "wagmi": "latest"
+  },
+  "devDependencies": {
</code_context>
<issue_to_address>
**suggestion (bug_risk):** Using `latest` for `viem` and `wagmi` can introduce unexpected breaking changes over time.

Please pin `viem` and `wagmi` to specific versions (or a caret range like `^x.y.z`) so builds remain reproducible and don’t break when new major or breaking releases ship, especially given how fast these web3 libraries change.

```suggestion
    "react": "^18.3.1",
    "react-dom": "^18.3.1",
    "viem": "^2.7.20",
    "wagmi": "^2.10.5"
```
</issue_to_address>

### Comment 3
<location path="wagmi-project/package.json" line_range="25" />
<code_context>
+    "@types/react-dom": "^18.3.0",
+    "@vitejs/plugin-react": "^4.2.1",
+    "@wagmi/cli": "latest",
+    "buffer": "^6.0.3",
+    "typescript": "^5.4.5",
+    "vite": "^5.2.11"
</code_context>
<issue_to_address>
**issue (bug_risk):** The `buffer` package is used at runtime but is listed under `devDependencies`.

Since `src/main.tsx` assigns `buffer` to `globalThis.Buffer` in the browser bundle, it’s required at runtime. Keeping it in `devDependencies` risks it not being installed in production, so it should be moved to `dependencies` to ensure it’s always available.
</issue_to_address>

### Comment 4
<location path="wagmi-project/src/wagmi.ts" line_range="10" />
<code_context>
+  connectors: [
+    injected(),
+    coinbaseWallet(),
+    walletConnect({ projectId: import.meta.env.VITE_WC_PROJECT_ID }),
+  ],
+  transports: {
</code_context>
<issue_to_address>
**issue (bug_risk):** Using `walletConnect` without guarding against a missing `VITE_WC_PROJECT_ID` can cause runtime failures.

If this env var is undefined or empty, `walletConnect` may throw on startup or produce a broken connector. Please validate `import.meta.env.VITE_WC_PROJECT_ID` before constructing this connector, or only add it to `connectors` when the env var is set, so misconfigured environments fail gracefully.
</issue_to_address>

### Comment 5
<location path="SECURITY.md" line_range="5-14" />
<code_context>
+
+## Supported Versions
+
+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 5.1.x   | :white_check_mark: |
+| 5.0.x   | :x:                |
+| 4.0.x   | :white_check_mark: |
+| < 4.0   | :x:                |
+
+## Reporting a Vulnerability
+
+Use this section to tell people how to report a vulnerability.
+
+Tell them where to go, how often they can expect to get an update on a
+reported vulnerability, what to expect if the vulnerability is accepted or
+declined, etc.
</code_context>
<issue_to_address>
**🚨 suggestion (security):** Replace placeholder security policy text with project-specific details.

This section still uses the default template text (e.g., “Use this section to tell people…”). Please replace it with your actual supported versions matrix and concrete instructions for reporting vulnerabilities, including where to report and typical response timelines.
</issue_to_address>

Fix all in Cursor

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[gemini-code-assist]

Code Review

This pull request introduces a new project structure using Vite and Wagmi, including CI/CD pipelines, issue templates, and environment configurations. Feedback focuses on modernizing the azure-pipelines.yml by updating the Node.js version to LTS and switching to pnpm for consistency. Critical issues were identified regarding the accidental commitment of cache files and the use of "latest" for package dependencies, which should be pinned. Additionally, the reviewer suggested validating environment variables in wagmi.ts, removing placeholder text from documentation and templates, and stripping non-standard comments from JSON files.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
sequence.js	Ready	Preview, Comment	May 11, 2026 10:30am
wagmi-project	Ready	Preview, Comment	May 11, 2026 10:30am

2 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
sequence-js-docs	Skipped		May 11, 2026 10:30am
sequence-js-web	Skipped		May 11, 2026 10:30am

[vercel]

Deployment failed with the following error:

Resource is limited - try again in 1 day (more than 100, code: "api-deployments-free-per-day").

Learn More: https://vercel.com/dargon789-forge?upgradeToPro=build-rate-limit