Skip to content

Tech Debt Zero: ship real or remove — 15 issues fixed#142

Merged
rz1989s merged 14 commits intomainfrom
feat/tech-debt-zero
Apr 10, 2026
Merged

Tech Debt Zero: ship real or remove — 15 issues fixed#142
rz1989s merged 14 commits intomainfrom
feat/tech-debt-zero

Conversation

@rz1989s
Copy link
Copy Markdown
Member

@rz1989s rz1989s commented Apr 10, 2026

Summary

Eliminates all mocks, hardcodes, and incomplete features from Sipher. Every remaining endpoint is backed by real operations.

Net result: 573→497 tests (removed mock tests), 71→55 endpoints (removed 16 fake), ~3,700 lines of mock code deleted.

Closes

#127, #128, #129, #130, #131, #132, #133, #134, #135, #136, #137, #138, #139, #140, #141

VPS TODO (post-merge)

  • Set JITO_BLOCK_ENGINE_URL=https://mainnet.block-engine.jito.wtf/api/v1/bundles
  • Set AUTHORIZED_WALLETS=<wallet pubkey>

Test plan

  • pnpm test -- --run — 497 tests, 32 suites, all passing
  • cd app && pnpm build — frontend builds clean
  • Deploy to VPS, set missing env vars
  • Verify wallet connect with Phantom + Solflare
  • Verify vault shows real SOL balance
  • Send private payment on mainnet → verify stealth transfer

rz1989s added 14 commits April 10, 2026 07:32
@rz1989s
fix: use env-driven SOLANA_NETWORK instead of hardcoded devnet (closes
5c5a8c1 
…#127, closes #128)

All agent tools now read SOLANA_NETWORK from env with mainnet-beta default,
matching docker-compose.yml and sentinel scanner. Fixes send, deposit,
privacy-score, and consolidate tools.
@rz1989s
fix: require real stealth keys for payment links (closes #130)
2f2079f 
Payment links used randomBytes(32) as dummy spending/viewing keys — funds
sent to those addresses were unclaimable. Now requires actual stealth
meta-address keys so recipients can scan and claim via their viewing key.
@rz1989s
fix: add real on-chain SOL and SPL token balances to vault API (closes
0887982 
…#131)

Vault GET endpoint now queries Connection.getBalance() for native SOL and
getTokenAccountsByOwner() for SPL tokens. Returns real wallet balances
alongside activity history. Gracefully handles RPC failures.
@rz1989s
fix: add frontend env files for production and development (closes #137)
b68d85b 
VITE_API_URL was undefined — API calls had no base URL. Added .env.production
pointing to sipher.sip-protocol.org and .env.development for localhost.
Also added VITE_API_URL to vite-env.d.ts type declarations.
@rz1989s
feat: remove Arcium MPC and Inco FHE mock providers (closes #132, closes
41e32a7 
 #133)

Both providers were 100% mock — no production SDK exists for REST integration.
Arcium MPC requires on-chain MXE interaction, Inco FHE is EVM-only.
Deleted 8 files (providers, backends, routes, tests), cleaned 8 more
(route registry, OpenAPI spec, backend enums, metering, session, demo).
6 fake endpoints removed. 534 tests remain passing.
@rz1989s
feat: replace mock Jupiter provider with real API integration (closes #…
698840a 
…134)

jupiter-provider.ts now calls live Jupiter Quote + Swap API via HTTP.
getQuote() → GET lite-api.jup.ag/swap/v1/quote
buildSwapTransaction() → POST lite-api.jup.ag/swap/v1/swap
Base URL configurable via JUPITER_API_URL env var.
Removed hardcoded token whitelist (Jupiter supports thousands).
Updated private-swap route, builder, and tests accordingly.
@rz1989s
feat: remove mock proof providers and endpoints (closes #135)
25e713c 
Proof generation endpoints used MockProofProvider (no cryptographic validity)
and mock STARK range proofs. Removed entirely — proof generation belongs
client-side for privacy (server shouldn't see private inputs).
Deleted 6 files (2 providers, 2 routes, 2 test suites). 8 endpoints removed.
497 tests remain passing.
@rz1989s
chore: update .env.example with Jupiter API URL and Jito docs (closes #…
93df1f6 
…136)

Added JUPITER_API_URL (defaults to free tier). Clarified Jito comment —
code already supports real mode when JITO_BLOCK_ENGINE_URL is set.
VPS configuration needed: set env var on production server.
@rz1989s
fix: add Solflare wallet adapter alongside Phantom (closes #138)
219fc7f 
Phantom-only wallet adapter excluded Solflare users. Added
SolflareWalletAdapter from @solana/wallet-adapter-wallets.
Backpack adapter not available in installed version — skipped.
@rz1989s
fix: persist conversation history to SQLite (closes #139)
60bf7a4 
Conversations were in-memory Map — lost on every restart. Added
conversations table to SQLite schema and rewrote session.ts to use
DB-backed storage. Same API surface, same 100-message limit, same
30-min idle purge — now survives restarts.
@rz1989s
fix: complete .env.example with all missing variables (closes #140, c…
05fcbde 
…loses #141)

Added 6 missing env vars: SOLANA_NETWORK, AUTHORIZED_WALLETS,
SIPHER_BASE_URL, SIPHER_OPENROUTER_API_KEY, SIPHER_MODEL,
SIPHER_HELIUS_API_KEY. Removed dev-only Stripe secret default.
AUTHORIZED_WALLETS needs RECTOR's wallet pubkey on VPS.
@rz1989s
fix: reference #129 — blinding factor encryption included in 5c5a8c1
9f8e5f4 
The blinding factor fix (encrypt instead of void) was shipped in commit
5c5a8c1 alongside #127/#128 since all changes were in send.ts.
This commit explicitly closes the issue. (closes #129)
@rz1989s
fix: remove remaining devnet hardcodes in 6 agent tools
51148e6 
balance, scan, status, history, refund, and viewing-key tools all
had createConnection('devnet'). Without this fix, read-path tools
would query devnet while write-path tools target mainnet — user's
mainnet operations would be invisible.
@rz1989s
chore: remove dangling Arcium/Inco error codes
587c0b2 
6 error enum values and catalog entries remained after provider removal.
Exposed via /v1/errors endpoint — misleading for consumers.
@rz1989s rz1989s merged commit 96e42e2 into main Apr 10, 2026
1 check passed
This was referenced Apr 10, 2026
Merged
Merged
@rz1989s rz1989s deleted the feat/tech-debt-zero branch April 10, 2026 04:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rz1989s