Add Authline integrator SDK + rebrand the frontend (backend untouched)#13
Merged
Conversation
…emos
Additive integrator layer for third-party (exchange/broker/wallet) trustline
onboarding. Wraps the contracts this repo already ships — onboard() and the
live eurcv_auth authorize_trustline() — and adds the runtime two-asset-class
detection, the CAP-33 sponsored reserve-free path, SEP-7 handoffs, stellar.toml
discovery, a pinned registry, and an optional headless React hook.
No existing file is modified and no new contract is added; authorization stays
with eurcv_auth. The SDK is an inert top-level dir (not a workspace member), so
the lockfile, install:contracts, build, and CI are untouched — verified:
npm ci + install:contracts (skips) + tsc -b + vite build, and cargo test (10).
Adds only:
- authline-sdk/ the @theaha/authline SDK (build standalone or adopt into packages/)
- sep/SEP-XXXX-...md the draft standard
- examples/exchange-withdrawal/{demo,demo-open}.mjs runnable testnet references
- docs/authline-sdk.md overview + adoption steps
|
…space package
Bring the Authline experience to stellar-assets: the Authline landing page +
activation dApp as the new frontend, powered by @theaha/authline (now a
packages/authline-sdk workspace package, built first in the build script).
Backend untouched: contracts/, src/hooks/useOnboard, src/contracts/assets.ts and
the live eurcv_auth authorization are all unchanged — only the frontend/design
layer changes. The previous React app is kept in place; the entry now mounts the
Authline dApp.
- packages/authline-sdk/ moved from top-level; now a built workspace dependency
- index.html Authline landing (replaces the Vite entry)
- app.html + src/{main,authline,config}.tsx + authline.css the activation dApp
- vite.config.ts multi-page; keeps nodePolyfills + wasm
- package.json @theaha/authline dep; SDK build step; install:contracts via workspaces
Verified: npm run build, eslint ., cargo test (10) all green; landing + dApp render.
Dgetsylver
changed the title
…ata from the pinned registry The directory listed the live asset and its registry twin (e.g. two EURCV rows). Dedupe the roadmap against the live code, and enrich the live asset's name / capability / clawback flags from OFFICIAL_ASSETS when its code is known (env always wins; on-chain ids stay env-driven) so a single row shows the real name and the freeze/clawback warning.
…nd UI (#14) SDK (@theaha/authline): - react useActivation: bound the confirmation poll (180s deadline) and throw on sendTransaction ERROR instead of hanging the hook forever - status.assetAuthRequired: only treat 404 as "no auth required"; rethrow on transient/5xx errors instead of failing open (which would downgrade a regulated asset to the no-authorize path) - discovery: reconcile discovered configs against the pinned registry (discoverOnboarder({network}) + new reconcileWithRegistry) so a spoofed stellar.toml can't redirect a trustline/authorize to attacker ids; validate the domain (reject scheme/path/SSRF) and cap response size; accept single-quoted TOML values - exchange.onboardingRequest: drop the personal github.io hostedBase default; hostedUrl is omitted unless the integrator supplies an origin they control - builders: default allowHttp true only for localhost; document the registry-validation requirement for discovered configs - package.json: 0.2.0 (aligns with SEP v0.2); @stellar/stellar-sdk -> peer dep Frontend: - delete the now-unreachable pre-rebrand app (App, components/, hooks/, providers/, util/, contracts/, index.css) and prune its deps (@stellar/design-system, @tanstack/react-query, lossless-json, zod, @types/lodash) - config.ts: resolve the pinned asset by (code, network) not code alone; pin SAC/authorizer from the registry as fallback; warn on a misconfigured permissionedOneStep asset; canonical repo URL - authline.tsx: 180s poll deadline; map the wallet network from the passphrase (no longer collapse futurenet/standalone to testnet); StrKey-validate the ?address= deep-link Build/docs: - restore the empty-packages/ guard in install:contracts; build SDK before dev - un-ignore packages/authline-sdk from the generated-clients gitignore rule - add .prettierignore for build output - SEP: fill the verified EURCV SAC, document the cap73-onesig wire-token normalization, TODO for the SEP number/discussion placeholders - demo: ENOENT message for a missing stellar CLI; clarify the CLI-vs-SDK submit note; example hostedBase; docs note the CLI prerequisite Verified: npm run build, tsc -b, eslint, prettier --check, cargo test (10/10). Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this is
Brings the Authline experience to
stellar-assetsin two layers:@theaha/authlineintegrator SDK (packages/authline-sdk/) — the surface a third party (exchange / broker / wallet) uses to establish a trustline on behalf of a user during a withdrawal (the core of the "Trustline Onboarder" RFP).The backend is untouched. Contracts (
contracts/trustline-onboard,authorizer-stub), the onboarding logic (src/hooks/useOnboard.ts,src/contracts/assets.ts), and authorization via the liveeurcv_authare all unchanged. Only the frontend/design layer changes, and the SDK is additive.Backend untouched (verified)
git diffagainstmaintouches nocontracts/file and nosrc/{hooks,contracts,util,providers,components}/file. Your previous React app is kept on disk; the entry simply mounts the Authline dApp instead.Verified green — your exact CI
npm run build(SDK →tsc -b→ multi-page Vite)npm run lint(eslint .)npx prettier . --checkcargo testWhat changed
SDK (new,
packages/authline-sdk/):assetAuthRequired()(open vs regulated),buildSponsoredOnboardTx()(CAP-33 sponsored, reserve-free for a zero-XLM user),buildOnboardTx()(wraps youronboard()),buildAuthorizeTx()(permissionless authorize-on-behalf),onboardingRequest()(SEP-7 + deep-link + hosted), StrKey-validateddiscover(), a pinnedOFFICIAL_ASSETSregistry. No new contract —authorize_trustlineis satisfied byeurcv_auth.Frontend (rebrand):
index.html→ the Authline landing ("Hold any asset. In one tap.").app.html+src/{main,authline,config}.tsx+authline.css→ the activation dApp.vite.config.ts→ multi-page; keeps yournodePolyfills+wasmplugins.package.json→ adds the@theaha/authlineworkspace dep, builds the SDK first;install:contractsnow usesnpm run build --workspaces --if-present(was a malformed--workspace=packages).Also additive:
sep/SEP-XXXX-trustline-onboarder.md,examples/exchange-withdrawal/{demo,demo-open}.mjs,docs/authline-sdk.md.Decisions for review
src/App.tsx,components/,hooks/useOnboard.tsare left in place so the diff stays backend-safe — but the Authline dApp supersedes them. Remove in a follow-up if you prefer.@stellar/stellar-sdkpinned to your^14.4.3in the SDK; builds clean.eurcv_auth, for onboarding new regulated assets. Happy to open separately.Draft — your call to merge. No contracts touched.
🤖 Generated with Claude Code