1.10.15

[Dargon789]

Summary by Sourcery

Add a new wagmi-based React dApp scaffold and configure multi-platform CI/security tooling.

New Features:

• Introduce a Vite-powered wagmi React frontend that connects to Ethereum mainnet and sepolia via common wallet connectors.

Enhancements:

• Add GitHub Fortify AST workflow, CircleCI config, and Azure DevOps pipeline definitions for Node.js builds.
• Add issue templates and security policy documentation for standardized project management and vulnerability reporting.

Build:

• Add Vite, TypeScript, and Biome configuration for the new wagmi frontend project.

CI:

• Introduce Fortify AST GitHub Actions workflow, CircleCI pipeline, and Azure DevOps pipeline for automated scanning and Node.js builds.

Documentation:

• Add basic README for the wagmi Vite project and SECURITY policy documentation.

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[codesandbox]

Review or Edit in CodeSandbox

Open the branch in Web Editor • VS Code • Insiders

Open Preview

[sourcery-ai]

Reviewer's Guide

Adds a new wagmi-based React/Vite dApp scaffold along with CI/CD and security tooling configuration for Fortify, CircleCI, Azure Pipelines, and GitHub issue/security templates.

Sequence diagram for wagmi dApp wallet connection flow

sequenceDiagram
  actor User
  participant App
  participant WagmiProvider
  participant Connector

  User->>App: click connector button
  App->>WagmiProvider: useConnect
  WagmiProvider-->>App: connectors
  App->>WagmiProvider: connect
  WagmiProvider->>Connector: connect
  Connector-->>WagmiProvider: [wallet connected]
  WagmiProvider-->>App: useAccount
  App-->>User: show account.status connected
  User->>App: click Disconnect
  App->>WagmiProvider: disconnect
  WagmiProvider-->>App: useAccount (status disconnected)

Loading

File-Level Changes

Change	Details	Files
Introduce wagmi React/Vite frontend application scaffold.	Add React App component using wagmi hooks to display account status and manage wallet connections. Set up React DOM entrypoint with WagmiProvider, React Query, and global Buffer polyfill. Configure wagmi with mainnet/sepolia chains and injected, Coinbase Wallet, and WalletConnect connectors. Add Vite configuration, TypeScript configs, basic styling, and project metadata (package.json, README, env typings, gitignore, npmrc, biome config).	wagmi-project/src/App.tsx wagmi-project/src/main.tsx wagmi-project/src/wagmi.ts wagmi-project/vite.config.ts wagmi-project/tsconfig.json wagmi-project/tsconfig.node.json wagmi-project/src/index.css wagmi-project/src/vite-env.d.ts wagmi-project/index.html wagmi-project/package.json wagmi-project/README.md wagmi-project/.gitignore wagmi-project/.npmrc wagmi-project/biome.json
Add security scanning and CI pipelines across multiple platforms.	Add GitHub Actions workflow to run Fortify AST SAST scans with FoD/SSC integration via fortify/github-action. Add CircleCI pipeline with custom Docker-based executor placeholder job for this repo. Add Azure Pipelines YAML to build a Node.js project with npm install and build steps.	.github/workflows/fortify.yml .circleci/config.yml azure-pipelines.yml
Define GitHub issue templates and security policy documentation.	Add bug report, feature request, and custom issue templates to standardize issue creation. Introduce SECURITY.md outlining supported versions and vulnerability reporting process.	.github/ISSUE_TEMPLATE/bug_report.md .github/ISSUE_TEMPLATE/feature_request.md .github/ISSUE_TEMPLATE/custom.md SECURITY.md
Add ancillary configuration and cached artifacts.	Introduce CNAME and CodeSandbox tasks configuration placeholder (contents not shown). Check in v8-compile-cache artifacts for preconstruct CLI (binary/source map cache files).	.codesandbox/tasks.json CNAME v8-compile-cache-0/x64/11.3.244.8-node.19/zSprojectzSsequence.jszSnode_moduleszS.pnpmzS@preconstruct+cli@2.8.7zSnode_moduleszS@preconstructzSclizSbin.js.MAP v8-compile-cache-0/x64/11.3.244.8-node.19/zSprojectzSworkspacezSnode_moduleszS.pnpmzS@preconstruct+cli@2.8.7zSnode_moduleszS@preconstructzSclizSbin.js.MAP

Possibly linked issues

• 0xsequence/master #79: The PR delivers the Fortify AST workflow, CircleCI config, and GitHub issue templates specified in the issue.
• Feature/integration #17: They describe the same wagmi integration PR, including new wagmi-project app, SECURITY.md, and Azure pipelines.

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[gemini-code-assist]

Code Review

This pull request introduces various configuration files, templates, and a new React-based wagmi-project using Vite and TypeScript. Key feedback points out critical version mismatches: the wagmi dependency is set to an outdated version (^0.12.0) that is incompatible with the Wagmi v2 APIs and TanStack Query v5 used in the project, and the Azure pipeline configuration specifies an obsolete Node.js version (10.x) which will fail to build Vite 5.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
sequence-js-docs	Ready	Preview, Comment	Jun 5, 2026 9:28am
sequence-js-web	Ready	Preview, Comment	Jun 5, 2026 9:28am
wagmi-project	Ready	Preview, Comment	Jun 5, 2026 9:28am

[sourcery-ai]

Hey - I've found 2 issues, and left some high level feedback:

• The Azure DevOps pipeline is still pinned to Node 10.x, which is long EOL and unlikely to work with the Vite/React 18/TypeScript 5 stack in this repo; consider updating it to a modern LTS (e.g., 18 or 20) to keep CI aligned with the app’s runtime requirements.
• In wagmi-project/package.json, the @wagmi/cli devDependency version is set to ~0.x.x, which is not a valid or stable semver range; pin this to a specific supported version (e.g., ^0.1.0) to avoid install/resolve issues.
• The v8-compile-cache-0/... files appear to be build/cache artifacts and probably shouldn’t be committed; remove them from the repo and add the corresponding patterns to .gitignore to keep the tree clean.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The Azure DevOps pipeline is still pinned to Node 10.x, which is long EOL and unlikely to work with the Vite/React 18/TypeScript 5 stack in this repo; consider updating it to a modern LTS (e.g., 18 or 20) to keep CI aligned with the app’s runtime requirements.
- In `wagmi-project/package.json`, the `@wagmi/cli` devDependency version is set to `~0.x.x`, which is not a valid or stable semver range; pin this to a specific supported version (e.g., `^0.1.0`) to avoid install/resolve issues.
- The `v8-compile-cache-0/...` files appear to be build/cache artifacts and probably shouldn’t be committed; remove them from the repo and add the corresponding patterns to `.gitignore` to keep the tree clean.

## Individual Comments

### Comment 1
<location path="wagmi-project/package.json" line_range="24" />
<code_context>
+    "@types/react": "^18.3.1",
+    "@types/react-dom": "^18.3.0",
+    "@vitejs/plugin-react": "^4.2.1",
+    "@wagmi/cli": "~0.x.x",
+    "buffer": "^6.0.3",
+    "typescript": "^5.4.5",
</code_context>
<issue_to_address>
**issue (bug_risk):** Use a valid semver range for @wagmi/cli instead of the placeholder "~0.x.x".

"~0.x.x" is not a valid semver and will cause installs to fail. Please replace it with a concrete version or valid range (for example, "^0.2.0") so the dependency can be resolved.
</issue_to_address>

### Comment 2
<location path="wagmi-project/src/wagmi.ts" line_range="5-16" />
<code_context>
+  connectors: [
+    injected(),
+    coinbaseWallet(),
+    walletConnect({ projectId: import.meta.env.VITE_WC_PROJECT_ID }),
+  ],
+  transports: {
</code_context>
<issue_to_address>
**suggestion:** Handle the case where VITE_WC_PROJECT_ID is missing or misconfigured.

If `import.meta.env.VITE_WC_PROJECT_ID` is undefined or empty (e.g. in forks or non-local environments), `walletConnect` can fail at runtime. Consider validating this at startup and either failing fast with a clear error or only registering the connector when a valid `projectId` is available.

```suggestion
const wcProjectId = import.meta.env.VITE_WC_PROJECT_ID

if (!wcProjectId) {
  // eslint-disable-next-line no-console
  console.warn(
    '[wagmi] VITE_WC_PROJECT_ID is not set; WalletConnect connector will not be registered.'
  )
}

export const config = createConfig({
  chains: [mainnet, sepolia],
  connectors: [
    injected(),
    coinbaseWallet(),
    ...(wcProjectId ? [walletConnect({ projectId: wcProjectId })] : []),
  ],
  transports: {
    [mainnet.id]: http(),
    [sepolia.id]: http(),
  },
})
```
</issue_to_address>

Fix all in Cursor

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}