feat(auth): add Supabase passkey support + stabilize backend Flow startup#153
Closed
feat(auth): add Supabase passkey support + stabilize backend Flow startup#153
Conversation
The heredoc content starting with [Unit] was interpreted as a YAML flow sequence, breaking the workflow file. Replace heredocs with printf. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…Docker build - Runner: mobile layout with floating Run FAB and AI chat overlay - Runner: hide explorer/sidebar on mobile, simplify header - Server: preload 10 core Flow contracts (mainnet+testnet) on LSP init - ai/chat: fix Docker build by re-copying flowtoken after COPY to avoid symlink Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Default to timeline mode with infinite scroll and time-grouped sections - Pages mode retains existing paginated Prev/Next behavior - Full row layout uses separate From/To address columns (grid) - Home page compact variant unchanged Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…led pages Add pendingComponent skeletons to 6 routes so client-side navigations show animated placeholders instead of blocking until data loads. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…mapping
Get Transaction:
- Map all backend fields (events, arguments, script, timestamp, fee,
gasLimit, eventCount, error, evmHash, contractImports)
- Handle backend's snake_case response format
- Handle array-wrapped response: { data: [tx] }
Get Block:
- Remove broken block-by-ID input (backend only supports height)
- Map snake_case fields: tx_count, evm_tx_count, total_gas_used, fees
- Handle array-wrapped response: { data: [block] }
- Add evmTransactionCount, totalGasUsed, fees outputs
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Requests from flowindex.io, run.flowindex.io, ai.flowindex.io, and studio.flowindex.io get 30 RPS (vs 5 RPS anonymous default). Uses browser Origin/Referer headers which cannot be spoofed via JS. Configurable via: - API_RATE_LIMIT_TRUSTED_RPS (default: 30) - API_RATE_LIMIT_TRUSTED_ORIGINS (comma-separated, overrides defaults) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Each sub-project now has its own CLAUDE.md with project-specific context (tech stack, structure, commands, gotchas) plus a reference to the root CLAUDE.md for full architecture details. agent.md symlinks point to CLAUDE.md so other AI tools can consume the same context. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Bridge module endpoint: use pre-computed analytics.daily_metrics instead of heavy live query joining ft_transfers + raw.transactions - KPI cards: use most recent day with actual tx data instead of always using today's date (which may have no data yet) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
localStorage is not available during server-side rendering, causing 500 errors on all pages. Wrap with typeof window check. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add maximum-scale=1.0, user-scalable=no to viewport meta tag - Use 16px font size for Monaco editor on mobile (iOS zoom threshold) - Force 16px on all input/textarea elements on mobile via CSS Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…hment Fix formatShort() returning full string when tail=0 (slice(-0) === slice(0)). Add contract identifier detection in tx args with logo, link, and tooltip. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ication Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Thread signing_secret from endpoint through deliverToURL/postToURL and compute HMAC-SHA256 of the body when the secret is set. The signature is sent as X-FlowIndex-Signature: sha256=<hex> header. Telegram/Discord/Slack endpoints are unaffected (no signing secret configured for those). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…torage Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…schema Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove FLOWINDEX_INTERNAL_API_KEY (replaced by per-user keys), add FLOWINDEX_API_URL to .env.example. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…sing route, cleanup args)
- Hide signing_secret from API list/get responses, only return on creation
- Add GET /endpoints/{id} route with ownership check
- Handle race condition on API key provisioning with unique constraint catch
- Fix deleteFlowSubscription receiving webhook instead of workflow
- Capture signing_secret on reused endpoints
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add FLOWINDEX_API_URL env var to sim-studio.env template and docker run command so the webhook subscription bridge can reach the FlowIndex backend. Defaults to http://127.0.0.1:8080 (same-host backend). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Three independent code paths were creating workspaces concurrently (auth middleware, GET /api/workspaces, and client-side POST), causing dozens of duplicate "default-agent" workspaces on iframe reload. - Add per-user Promise lock + DB transaction to ensurePersonalWorkspace - Remove workspace creation side effect from GET /api/workspaces - Replace client POST fallback with retry polling for auth completion Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Explicitly recreate the @flowindex/flowtoken symlink after COPY steps to prevent Buildx cache from serving a stale/invalid symlink. Also copy the flowtoken package into the runtime stage so next start can resolve it. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…line diff mode Redirect AI auto-apply edits into a PendingDiffMap instead of mutating project state directly. This enables the upcoming CadenceDiffEditor to display Cursor-style inline diffs without re-rendering during streaming. - Add PendingDiffEntry/PendingDiffMap types and pendingDiffs state - Rewrite handleAutoApplyEdits to write into pendingDiffs - Add handleAcceptAllDiffs, handleRejectAllDiffs for bulk operations - Add handleAcceptHunk, handleRejectHunk for per-hunk accept/reject - Add findSubarray helper for hunk line matching - Remove old pendingAiRevert state and amber revert bar UI Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Wraps Monaco DiffEditor in inline mode with Cadence language/theme support, per-hunk Accept/Reject zone widgets, a toolbar showing change count, and keyboard shortcuts (Cmd+Shift+Enter to accept all, Escape to reject all). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Conditionally render CadenceDiffEditor when there's a pending diff for the active file, falling back to the normal CadenceEditor otherwise. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Larger per-hunk Accept/Reject buttons with more gap - Accept is solid green, Reject is subtle outline (Cursor-style) - Toolbar: amber dot indicator, keyboard shortcut hints - Accept All is solid emerald, more prominent Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ton UX - Use inmemory:// URI scheme for diff model paths to avoid conflicts with regular editor models (fixes "TextModel got disposed" error) - Add key prop to CadenceDiffEditor for clean React mount/unmount lifecycle - Add pointer-events, z-index, and mousedown preventDefault for clickable zone widget buttons - Subtler button styling: semi-transparent green Accept, ghost gray Reject - Safer cleanup on unmount with try/catch for already-disposed editors Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- deploy/api.ts: FlowIndex contract API + edge function address calls - deploy/useAddresses.ts: React hook for verified address management - deploy/AddressSidebar.tsx: FCL wallet verification sidebar UI Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- ContractCard.tsx: card component for each contract with stats - DeployDashboard.tsx: full layout with address sidebar, contract grid, subroutes Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…encies Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Call configureFcl('mainnet') in Router on mount
- AddressSidebar calls configureFcl(network) before fcl.authenticate()
- Use shared fcl import from flow/fclConfig instead of raw @onflow/fcl
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Disable signature verification, add simple /addresses/add endpoint - Auto-load all local key accounts on deploy page - Manual address input for view-only access - Local key addresses show deploy badge, others show view-only - Add source column to runner_verified_addresses (manual/fcl/local-key) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…, boring avatars
- Switch contract data source from broken /flow/v1/ path to correct /flow/contract
- FlowIndex API primary with Flow Access Node RPC as fallback
- Add fetchWithTimeout (8s) to prevent hanging requests (events endpoint)
- Add token metadata types (logo, banner, socials, holder_count)
- Add fetchTokenMetadata and fetchContractTransactions API functions
- Fix holder count to use token metadata endpoint instead of top-account
- Fix dependencies parsing (API returns {imports, dependents, graph})
- Add boring-avatars to address sidebar for consistent look
- localStorage fallback for address storage when not authenticated
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…cel-style cards - Add ReactFlow dependency graph with dagre layout, expandable fullscreen - Add Source tab with Shiki syntax highlighting (Cadence theme) - Add version sidebar with diff mode (unified diff view) - Persist active tab in URL query params (?tab=source) - Rewrite ContractCard as Vercel-style project cards with FT/NFT badges - Add banner hero with gradient overlay, social icons, FlowIndex links - Fix FlowIndex URLs to use /contracts/ path - Add rich token metadata (holders, supply, description, socials) - Update API to return full dependency graph (imports + dependents + graph) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…actions, sidebar layout - Restructure contract detail into sidebar navigation with 7 sections - Add holders tab with pie chart (Top 50/100/200 distribution), boring avatars, pagination - Add NFT items gallery with pagination and click-to-FlowIndex links - Add transactions tab with recent contract transactions - Move dependencies graph inline under Overview - Fix FlowIndex API identifier normalization (strip 0x prefix) - Fix holder endpoint (/holding not /holder) - Add normalizeIdentifier to all FlowIndex API calls Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add error, contract_imports, gas_used, block_height to ContractTransaction type - Replace plain table with row-based card layout - Show green/red status dots with Success/Error badges - Display TX ID as first6...last4 format - Render contract import tags as colored pills (8-color palette) - Show event count with Zap icon and relative timestamps Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add AnimatePresence + motion.div for live transaction feed with spring
animation and 3s green highlight glow on new items
- Add Scripts tab with split-panel layout: script list sidebar + code viewer
with "Open in Editor" button (API: /flow/contract/{id}/scripts)
- Show seconds ("23s ago") instead of "0m ago" for recent timestamps
- Add ContractScript type and fetchContractScripts/fetchScriptText API functions
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ighting Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
… boring avatars - Layout: KPI cards (total holders, supply, concentration, others) on left, pie chart on right - Replace external boringavatars.com img URLs with boring-avatars React component - Distribution selector and legend moved under KPI cards Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ysis - New AuditTab component with Google Docs-style inline annotations + comment sidebar - Shiki syntax-highlighted code with severity-colored gutter indicators, line highlights - Click comment → scroll to line, click line → scroll to comment - Streaming progress: thinking accordion, tool call badges, status text - New /api/runner-audit endpoint: Claude Opus 4.6 with extended thinking (16k budget) - Endpoint connects to Cadence MCP for security_scan, cadence_check, docs lookup - AI outputs structured JSON findings with severity, line, message, suggestion, source - Score badge (A-F) and summary bar after scan completes - "Beta" badge in sidebar tab label Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace manual fetch + stream parsing with useChat hook from @ai-sdk/react. This properly handles the UI message stream protocol including: - Reasoning/thinking parts (part.type === 'reasoning') shown in collapsible accordion - Tool invocation parts shown as progress badges - Text parts parsed for structured JSON findings - Automatic stream state management (submitted/streaming/ready) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The token_worker INSERT references evm_address but the column was never added to app.nft_collections, causing all token_worker and history_deriver processing to fail on testnet. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The catch-all /api/ was routing to the Python backend instead of Next.js. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
useChat status was stuck at 'streaming' after stream completed because dynamic-tool (MCP) parts never transitioned to 'result' state. Replaced with raw fetch + SSE event parsing for reliable stream completion. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Server sends `delta` not `textDelta`, and `tool-output-available` not `tool-result` for MCP tool results. Also handle `tool-input-available`. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Restored useChat + DefaultChatTransport pattern. Fixed part extraction: - reasoning parts have .text field - MCP tools appear as 'dynamic-tool' type with states: input-streaming → input-available → output-available - Added onError handler and onFinish for findings parsing - Backup findings parse on status transition to 'ready' Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ld names useChat from @ai-sdk/react hangs indefinitely with server-side MCP dynamic tools (status stays at 'streaming', never reaches 'ready'). Switch to raw fetch + SSE parsing which naturally completes when the stream closes. - Use evt.delta for reasoning-delta and text-delta events - Handle tool-input-start, tool-input-available, tool-output-available lifecycle - requestAnimationFrame throttling for streaming UI updates - Parse findings JSON from complete response text - Show code panel with inline annotations + findings sidebar after completion Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…rkdown - Track ordered stream parts (thinking → tool → text) instead of separate state, so they render in the order they arrive from the server - Show tool call output text inline with AnimatedMarkdown rendering - Tool results appear immediately when received, not just a loading spinner - Text deltas render as animated markdown in the stream flow Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…gging Tool output wasn't rendering because scheduleUpdate via rAF could batch the update with other events. Force an immediate setState when tool output arrives so the card expands to show results right away. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Need to trace why tool-output-available never fires for Security Scan. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Track tool-input-delta chars to show "Sending 12.3k chars..." progress - Show "Analyzing..." (blue) when input is complete and MCP tool is running - Show "Complete" (green) with AnimatedMarkdown output when results arrive - Force immediate setState on tool-input-available and tool-output-available Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
supakeysKey Changes
/developer/loginpasskey UX + support detectionsupabase/functions/passkey-auth/index.tssupabase/migrations/20260301144541_passkey_auth.sqlsupabase/gateway/nginx.confpasskey-auth+supabase-gatewayFLOW_ACCESS_NODESin composeValidation
bun run buildbun run lint(no errors, existing warnings remain)deno check --node-modules-dir=auto supabase/functions/passkey-auth/index.tscd backend && go test ./...backendcontainer stays running withRestartCount=0/functions/v1/passkey-authNotes
register/finish+login/finish) requires manual browser authenticator interaction