fix: replace direct console calls with Logger to comply with no-con…#849
Merged
Bran18 merged 2 commits intoApr 28, 2026
Merged
Conversation
Contributor
|
@AlonsoFi is attempting to deploy a commit to the kindfi Team on Vercel. A member of the Team first needs to authorize it. |
|
@AlonsoFi Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
Contributor
|
Warning Rate limit exceeded
To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Repository UI Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (3)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Bran18
added a commit
that referenced
this pull request
May 26, 2026
* feat: add guard for mainnet release (#819) * feat: add guard for mainnet release * fix: spread overwrite * fix: placeholder * feat(web): standardize Zod validation for all API routes (#817) * feat(web): add validateRequest helper and Zod schemas for API validation - Add validateRequest utility for consistent validation responses - Add schemas for auth, comments, contributions, escrow, foundations, governance, kyc, nft, passkey, profile, projects, quests, referrals, stellar, streaks, tags - Add safeJsonParse in parseFormData for tags/socialLinks Made-with: Cursor * feat(web): migrate API routes to Zod validation - Replace manual validation with validateRequest + schemas across 55+ routes - Auth: callback, confirm - Comments: list, update - Contributions: create, sync - Escrow: initialize, fund, review, sign-and-submit, dispute - Foundations: create, check-slug, update, campaigns, milestones - Governance: rounds, vote - KYC: create-session - NFTs: mint, evolve, [address] - Passkey: generate options, verify registration/auth - Profile: follow, update-slug - Projects: create, update, pitch, team, highlights, members - Quests: list, progress - Referrals: create, donation, onboard - Stellar: account-info, approve, check-approval, balances, contract/invoke, devices, faucet, transfer prepare/submit - Streaks, tags, waitlist Made-with: Cursor --------- Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * chore: upt nft and quest performance (#821) * feat(audit): add structured audit logging for escrow and NFT operations (#822) * improve event listener performance and stabilize handlers (#825) * improve event listener performance and stabilize handlers * fix: avoid stale callback in kyc status listener * Feat/api helpers standardization (#824) * feat(web): add standardized API helper functions Introduces three helper functions in apps/web/lib/api-helpers.ts to unify the inconsistent auth, response, and error patterns across 60+ API routes: - requireSession(): validates Supabase or NextAuth sessions and returns a discriminated union { user, error: null } | { user: null, error: NextResponse } - respond(): builds consistent { success: true, data, pagination? } responses - error(): builds consistent { success: false, error: { code, message, details? } } responses with optional structured logging via the shared Logger * test(web): add unit tests for API helper functions 23 tests covering requireSession, respond, and error helpers: - requireSession: supabase/nextauth providers, authenticated and unauthenticated paths, edge cases (null user, missing session id) - respond: default 200, custom status, pagination, null/array data - error: default 500, custom status/code, details inclusion/omission, logging with true/Error/arbitrary objects, silent mode Uses dynamic import pattern with mock.module to work without a full dependency install in CI. --------- Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * refactor(escrow): break down escrow-admin-panel into compound components + providers (#806) (#823) - Extract EscrowFormProvider/useEscrowForm context (RORO pattern) to manage all form state in one place, replacing 15+ individual useState hooks - Add shared types.ts (EscrowFormData, MilestoneItem, EscrowAdminPanelProps) - Extract hooks: - use-project-defaults: fetches escrow count, derives suggested title/engagementId/description - use-wallet-sync: syncs wallet address into empty role fields and milestone receivers - use-escrow-validation: pure useMemo validation, no side-effects in main component - use-escrow-transaction: full deploy→sign→send→save flow, both single/multi-release - Extract compound UI components: - EscrowTypeSelector: radio group with milestone type conversion - EscrowBasicFields: title, engagementId, trustline, platformFee, amount, memo, description - EscrowRoleFields: approver, serviceProvider, releaseSigner, disputeResolver, platformAddress, receiver - EscrowMilestones: add/remove/update milestones for both escrow types - Add EscrowAdminPanelContent (~60 LOC): composes all sub-components, wires hooks - Reduce escrow-admin-panel.tsx to ~40 LOC: thin provider wrapper only - Zero TypeScript diagnostics across all new files - All existing functionality preserved with no breaking changes Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * fix(security): remove PII logging and enforce no-console rule (#826) * Feat/rate limit middleware #801 (#827) * fix(security): remove PII logging and enforce no-console rule * feat: add reusable withRateLimit middleware and refactor nft evolve route --------- Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * fix: login and formating * refactor(escrow): migrate initialize route to use API helpers (#840) * refactor(escrow): migrate initialize route to use API helpers Use requireSession for auth validation, respond/error helpers for consistent response shapes, and replace console.error with Logger via the error helper's log option. Closes #835 * refactor(escrow): address CodeRabbit review on initialize route - Add actorId: user.id to all audit log entries for consistent actor trail - Guard against sendTransaction returning falsy with audit log + 502 response - Add missing audit log on DB-insert failure branch - Align audit errorCode with client-visible response code (ESCROW_INIT_ERROR, INTERNAL_ERROR) * fix(security): prevent privilege escalation via user_id in NFT routes (#799) (#842) Centralizes the user_id override check in a shared `authorizeUserOverride` helper used by /api/nfts/evolve and /api/nfts/mint. Non-admin sessions can no longer have a body-supplied `user_id` override the authenticated identity; admin overrides return a structured `NextResponse.json` 403 and are recorded via the audit logger so privilege escalation attempts are observable. Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * fix: remove formdata from useeffect deps (#843) * fix: remove formdata from useeffect deps * fix: use stable milestoneReceiversKey instead of formData.milestones in useEffect deps --------- Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * fix(rate-limit): use preset.block instead of preset.window for Retry-After header (#844) * fix(rate-limit): use preset.block instead of preset.window for Retry-After header - Changed Retry-After header to reflect actual block duration instead of window - Updated test to verify Retry-After matches preset.block for all presets - Fixes #831 * test(rate-limit): include preset name in Retry-After assertion failures Address CodeRabbit feedback on PR #844: when the assertion fails, the error message now identifies which preset (strict/moderate/lenient) produced the mismatch, making regressions easier to diagnose. * fix(rate-limit): apply preset config to RateLimiter instance (#845) RateLimiter now accepts maxAttempts, windowSecs, blockSecs, and configId via constructor, falling back to module-level defaults for backward compatibility. The withRateLimit middleware passes preset values so strict/moderate/lenient actually behave differently. Cache keys include configId to prevent counter collisions across presets sharing an IP. Closes #830 Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * chore(web): remove ignorebuilderrors and fix surfaced typescript issues (#847) Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * refactor(api): migrate mint route to withRateLimit middleware (#836) (#848) * refactor(api): migrate mint route to withRateLimit middleware (#836) * fix(indexer): add missing tslib dependency for subql codegen * fix(indexer): resolve ESM/CommonJS issues in codegen by using process.env directly * fix(indexer): remove all ESM and workspace dependencies from codegen * fix(indexer): align stellar-sdk to v14 and resolve type mismatches in mappings * fix(indexer): update project.ts to use @stellar/stellar-sdk * Revert "fix(indexer): update project.ts to use @stellar/stellar-sdk" This reverts commit a4a1a26. * Reapply "fix(indexer): update project.ts to use @stellar/stellar-sdk" This reverts commit a49ac80. --------- Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * feat(security): enforce auth and Zod validation in Server Actions (#802) (#846) * feat(security): enforce auth and Zod validation in Server Actions (#802) Server Actions ("use server") are exposed as public endpoints, so each one must verify its caller and validate inputs even when middleware has already run. This change introduces a shared auth/validation layer and applies it to every action under apps/web/app/actions: - Add lib/auth/server-action-auth helpers: requireAuthenticatedSession, requireAdminSession, validateInput (Zod), enforceRateLimit, and a ServerActionError -> structured failure helper. - Add lib/schemas/server-actions.schemas with strict Zod schemas for every action input (UUIDs, emails, escrow status enum, Stellar shapes, foundation create payload, etc). - auth.ts: await CSRF check (was unawaited Promise -> always passed), validate sign-up / reset / session / device payloads, gate all escrow admin actions behind requireAdminSession, derive userId from the session in updateDeviceWithDeployee instead of trusting client input, rate-limit sensitive flows, and disable insertTestEscrowRecordAction in production. - foundations/create-foundation.ts: require auth, Zod-validate input, rate-limit, and emit structured audit logs. - escrow/save-escrow-contract.ts: require auth, Zod-validate input, rate-limit, and emit structured audit logs alongside the existing ownership/admin authorization check. Closes #802 * fix(security): tighten validation and fail-closed paths in server actions Address review feedback on PR #846: - Fail closed on rate limiter errors in production so abuse protection stays in place during a Redis outage; keep dev behaviour permissive. - Reject incomplete escrow payloads instead of fabricating placeholder Stellar addresses, engagement IDs and amounts in saveEscrowContract. - Apply stellarAddressSchema to escrow role and receiver fields so malformed account IDs are rejected before persistence. - Reject released > funded in updateEscrowFinancialsInputSchema. - Stop showing a misleading success redirect in requestResetAccountAction while the reset flow is still a TODO; surface a clear unavailable error. * fix(security): address review comments on PR #846 - Migrate validateInput to z.treeifyError (Zod 4 API), replacing the deprecated ZodError.format(). - Make enforceRateLimit truly fail-closed in production: surface a SERVER_ERROR on the increment() result when Redis is unavailable, and reject the request when NODE_ENV === 'production'. The rate limiter catches Redis errors internally, so the previous outer try/catch was unreachable. - Add per-user rate limiting to updateDeviceWithDeployee, matching the rest of the auth actions touched by this PR. - Fix payer/receiver mapping in saveEscrowContractAction: payerAddress now derives from roles.approver (the funder), not roles.serviceProvider (the recipient). - Reject multi-receiver milestone escrows at the schema layer; the DB only stores a single receiver per escrow, so silently collapsing onto milestones[0].receiver could persist incorrect data. --------- Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * refactor: eliminate prop-drilling of suggestedTitle/EngagementId/Description through EscrowAdminPanelContent (#841) Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * fix: replace direct console calls with Logger to comply with no-console ESLint rule (#849) * Remove unused escrowContractAddress prop for cleaner component (#850) * removing the unused escrowContractAddress prop from the component and its associated interfaces to keep the component signature clean and maintainable. * update workflow * chore: add stable version tranch submit post drips wave fix * chore: upgrade Bun to 1.3.14 across the monorepo Align packageManager, CI workflows, and @types/bun so local development and CI use the same runtime version. Co-authored-by: Cursor <cursoragent@cursor.com> * feat(web): redesign home hero and waitlist onboarding Improve LATAM-focused hero and projects sections, rebuild the waitlist flow, and fix waitlist inserts with the Supabase service role client. Co-authored-by: Cursor <cursoragent@cursor.com> * feat(web): redesign profile dashboard and harden auth logging Refresh /profile with product-grade layout aligned to the home redesign, fix passkey login feedback to only surface after failed auth, and move notification logging to a server-side path with a new notification_logs migration. Co-authored-by: Cursor <cursoragent@cursor.com> * feat(web): redesign projects listing and unify form UX Add an emotional projects hero with metrics, a floating category ticker, and shared form primitives across auth and project flows. Require external G-address wallets for Trustless Work escrow until smart account signing is supported. Co-authored-by: Cursor <cursoragent@cursor.com> * fix(web): stabilize projects filters hydration and URL sync Derive category/sort state from search params, defer Radix and marquee until mount, and simplify category badges to prevent update loops and SSR id mismatches. Co-authored-by: Cursor <cursoragent@cursor.com> * feat(web): redesign governance page and wire community navigation Align the governance experience with KindFi’s visual language, add i18n copy, and expose /governance from header, profile, and footer entry points. Co-authored-by: Cursor <cursoragent@cursor.com> * fix(web): resolve governance tab keys and profile wallet hydration Use a single keyed motion panel for governance tabs and defer external wallet UI until mount. Co-authored-by: Cursor <cursoragent@cursor.com> * fix: replace boolean with a narrowed * fix(ci): stabilize indexer PR checks on develop and main Provide testnet CHAIN_ID/ENDPOINT in CI, install from the monorepo root with bun.lock, scope the workflow to indexer changes, and add testnet fallbacks in project.ts. Co-authored-by: Cursor <cursoragent@cursor.com> * fix(ci): remove invalid paths-ignore from indexer workflow GitHub only allows paths or paths-ignore per event, not both. Co-authored-by: Cursor <cursoragent@cursor.com> * fix(ci): skip empty indexer SubQuery tests in PR workflow Codegen and build already validate the indexer; remove the SubQuery test step until mapping handler tests are implemented. Co-authored-by: Cursor <cursoragent@cursor.com> --------- Co-authored-by: Matias Aguilar <aaguilar1x@gmail.com> Co-authored-by: Anouk Rímola <77553677+AnoukRImola@users.noreply.github.com> Co-authored-by: Kim <72054684+kimcascante@users.noreply.github.com> Co-authored-by: Kevin Membreño Brenes <130603817+KevinMB0220@users.noreply.github.com> Co-authored-by: Sendi John <johnsendi727@gmail.com> Co-authored-by: Florencia Irupe Alonso <108772706+AlonsoFi@users.noreply.github.com> Co-authored-by: Josué Araya Marín <104031367+Josue19-08@users.noreply.github.com> Co-authored-by: Francisco Campos Díaz <sasasamaes@users.noreply.github.com> Co-authored-by: legend4Tech <121477316+legend4tech@users.noreply.github.com> Co-authored-by: Jenny T. <112415373+JennyT3@users.noreply.github.com> Co-authored-by: Sameer Ali <140313541+devxsameer@users.noreply.github.com> Co-authored-by: MiraBello <miraclebello23@gmail.com> Co-authored-by: is_reel <israelolatunle2015@gmail.com> Co-authored-by: Cursor <cursoragent@cursor.com>
Bran18
added a commit
that referenced
this pull request
May 27, 2026
…863) * feat: add guard for mainnet release (#819) * feat: add guard for mainnet release * fix: spread overwrite * fix: placeholder * feat(web): standardize Zod validation for all API routes (#817) * feat(web): add validateRequest helper and Zod schemas for API validation - Add validateRequest utility for consistent validation responses - Add schemas for auth, comments, contributions, escrow, foundations, governance, kyc, nft, passkey, profile, projects, quests, referrals, stellar, streaks, tags - Add safeJsonParse in parseFormData for tags/socialLinks Made-with: Cursor * feat(web): migrate API routes to Zod validation - Replace manual validation with validateRequest + schemas across 55+ routes - Auth: callback, confirm - Comments: list, update - Contributions: create, sync - Escrow: initialize, fund, review, sign-and-submit, dispute - Foundations: create, check-slug, update, campaigns, milestones - Governance: rounds, vote - KYC: create-session - NFTs: mint, evolve, [address] - Passkey: generate options, verify registration/auth - Profile: follow, update-slug - Projects: create, update, pitch, team, highlights, members - Quests: list, progress - Referrals: create, donation, onboard - Stellar: account-info, approve, check-approval, balances, contract/invoke, devices, faucet, transfer prepare/submit - Streaks, tags, waitlist Made-with: Cursor --------- Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * chore: upt nft and quest performance (#821) * feat(audit): add structured audit logging for escrow and NFT operations (#822) * improve event listener performance and stabilize handlers (#825) * improve event listener performance and stabilize handlers * fix: avoid stale callback in kyc status listener * Feat/api helpers standardization (#824) * feat(web): add standardized API helper functions Introduces three helper functions in apps/web/lib/api-helpers.ts to unify the inconsistent auth, response, and error patterns across 60+ API routes: - requireSession(): validates Supabase or NextAuth sessions and returns a discriminated union { user, error: null } | { user: null, error: NextResponse } - respond(): builds consistent { success: true, data, pagination? } responses - error(): builds consistent { success: false, error: { code, message, details? } } responses with optional structured logging via the shared Logger * test(web): add unit tests for API helper functions 23 tests covering requireSession, respond, and error helpers: - requireSession: supabase/nextauth providers, authenticated and unauthenticated paths, edge cases (null user, missing session id) - respond: default 200, custom status, pagination, null/array data - error: default 500, custom status/code, details inclusion/omission, logging with true/Error/arbitrary objects, silent mode Uses dynamic import pattern with mock.module to work without a full dependency install in CI. --------- Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * refactor(escrow): break down escrow-admin-panel into compound components + providers (#806) (#823) - Extract EscrowFormProvider/useEscrowForm context (RORO pattern) to manage all form state in one place, replacing 15+ individual useState hooks - Add shared types.ts (EscrowFormData, MilestoneItem, EscrowAdminPanelProps) - Extract hooks: - use-project-defaults: fetches escrow count, derives suggested title/engagementId/description - use-wallet-sync: syncs wallet address into empty role fields and milestone receivers - use-escrow-validation: pure useMemo validation, no side-effects in main component - use-escrow-transaction: full deploy→sign→send→save flow, both single/multi-release - Extract compound UI components: - EscrowTypeSelector: radio group with milestone type conversion - EscrowBasicFields: title, engagementId, trustline, platformFee, amount, memo, description - EscrowRoleFields: approver, serviceProvider, releaseSigner, disputeResolver, platformAddress, receiver - EscrowMilestones: add/remove/update milestones for both escrow types - Add EscrowAdminPanelContent (~60 LOC): composes all sub-components, wires hooks - Reduce escrow-admin-panel.tsx to ~40 LOC: thin provider wrapper only - Zero TypeScript diagnostics across all new files - All existing functionality preserved with no breaking changes Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * fix(security): remove PII logging and enforce no-console rule (#826) * Feat/rate limit middleware #801 (#827) * fix(security): remove PII logging and enforce no-console rule * feat: add reusable withRateLimit middleware and refactor nft evolve route --------- Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * fix: login and formating * refactor(escrow): migrate initialize route to use API helpers (#840) * refactor(escrow): migrate initialize route to use API helpers Use requireSession for auth validation, respond/error helpers for consistent response shapes, and replace console.error with Logger via the error helper's log option. Closes #835 * refactor(escrow): address CodeRabbit review on initialize route - Add actorId: user.id to all audit log entries for consistent actor trail - Guard against sendTransaction returning falsy with audit log + 502 response - Add missing audit log on DB-insert failure branch - Align audit errorCode with client-visible response code (ESCROW_INIT_ERROR, INTERNAL_ERROR) * fix(security): prevent privilege escalation via user_id in NFT routes (#799) (#842) Centralizes the user_id override check in a shared `authorizeUserOverride` helper used by /api/nfts/evolve and /api/nfts/mint. Non-admin sessions can no longer have a body-supplied `user_id` override the authenticated identity; admin overrides return a structured `NextResponse.json` 403 and are recorded via the audit logger so privilege escalation attempts are observable. Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * fix: remove formdata from useeffect deps (#843) * fix: remove formdata from useeffect deps * fix: use stable milestoneReceiversKey instead of formData.milestones in useEffect deps --------- Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * fix(rate-limit): use preset.block instead of preset.window for Retry-After header (#844) * fix(rate-limit): use preset.block instead of preset.window for Retry-After header - Changed Retry-After header to reflect actual block duration instead of window - Updated test to verify Retry-After matches preset.block for all presets - Fixes #831 * test(rate-limit): include preset name in Retry-After assertion failures Address CodeRabbit feedback on PR #844: when the assertion fails, the error message now identifies which preset (strict/moderate/lenient) produced the mismatch, making regressions easier to diagnose. * fix(rate-limit): apply preset config to RateLimiter instance (#845) RateLimiter now accepts maxAttempts, windowSecs, blockSecs, and configId via constructor, falling back to module-level defaults for backward compatibility. The withRateLimit middleware passes preset values so strict/moderate/lenient actually behave differently. Cache keys include configId to prevent counter collisions across presets sharing an IP. Closes #830 Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * chore(web): remove ignorebuilderrors and fix surfaced typescript issues (#847) Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * refactor(api): migrate mint route to withRateLimit middleware (#836) (#848) * refactor(api): migrate mint route to withRateLimit middleware (#836) * fix(indexer): add missing tslib dependency for subql codegen * fix(indexer): resolve ESM/CommonJS issues in codegen by using process.env directly * fix(indexer): remove all ESM and workspace dependencies from codegen * fix(indexer): align stellar-sdk to v14 and resolve type mismatches in mappings * fix(indexer): update project.ts to use @stellar/stellar-sdk * Revert "fix(indexer): update project.ts to use @stellar/stellar-sdk" This reverts commit a4a1a26. * Reapply "fix(indexer): update project.ts to use @stellar/stellar-sdk" This reverts commit a49ac80. --------- Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * feat(security): enforce auth and Zod validation in Server Actions (#802) (#846) * feat(security): enforce auth and Zod validation in Server Actions (#802) Server Actions ("use server") are exposed as public endpoints, so each one must verify its caller and validate inputs even when middleware has already run. This change introduces a shared auth/validation layer and applies it to every action under apps/web/app/actions: - Add lib/auth/server-action-auth helpers: requireAuthenticatedSession, requireAdminSession, validateInput (Zod), enforceRateLimit, and a ServerActionError -> structured failure helper. - Add lib/schemas/server-actions.schemas with strict Zod schemas for every action input (UUIDs, emails, escrow status enum, Stellar shapes, foundation create payload, etc). - auth.ts: await CSRF check (was unawaited Promise -> always passed), validate sign-up / reset / session / device payloads, gate all escrow admin actions behind requireAdminSession, derive userId from the session in updateDeviceWithDeployee instead of trusting client input, rate-limit sensitive flows, and disable insertTestEscrowRecordAction in production. - foundations/create-foundation.ts: require auth, Zod-validate input, rate-limit, and emit structured audit logs. - escrow/save-escrow-contract.ts: require auth, Zod-validate input, rate-limit, and emit structured audit logs alongside the existing ownership/admin authorization check. Closes #802 * fix(security): tighten validation and fail-closed paths in server actions Address review feedback on PR #846: - Fail closed on rate limiter errors in production so abuse protection stays in place during a Redis outage; keep dev behaviour permissive. - Reject incomplete escrow payloads instead of fabricating placeholder Stellar addresses, engagement IDs and amounts in saveEscrowContract. - Apply stellarAddressSchema to escrow role and receiver fields so malformed account IDs are rejected before persistence. - Reject released > funded in updateEscrowFinancialsInputSchema. - Stop showing a misleading success redirect in requestResetAccountAction while the reset flow is still a TODO; surface a clear unavailable error. * fix(security): address review comments on PR #846 - Migrate validateInput to z.treeifyError (Zod 4 API), replacing the deprecated ZodError.format(). - Make enforceRateLimit truly fail-closed in production: surface a SERVER_ERROR on the increment() result when Redis is unavailable, and reject the request when NODE_ENV === 'production'. The rate limiter catches Redis errors internally, so the previous outer try/catch was unreachable. - Add per-user rate limiting to updateDeviceWithDeployee, matching the rest of the auth actions touched by this PR. - Fix payer/receiver mapping in saveEscrowContractAction: payerAddress now derives from roles.approver (the funder), not roles.serviceProvider (the recipient). - Reject multi-receiver milestone escrows at the schema layer; the DB only stores a single receiver per escrow, so silently collapsing onto milestones[0].receiver could persist incorrect data. --------- Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * refactor: eliminate prop-drilling of suggestedTitle/EngagementId/Description through EscrowAdminPanelContent (#841) Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * fix: replace direct console calls with Logger to comply with no-console ESLint rule (#849) * Remove unused escrowContractAddress prop for cleaner component (#850) * removing the unused escrowContractAddress prop from the component and its associated interfaces to keep the component signature clean and maintainable. * update workflow * chore: add stable version tranch submit post drips wave fix * chore: upgrade Bun to 1.3.14 across the monorepo Align packageManager, CI workflows, and @types/bun so local development and CI use the same runtime version. Co-authored-by: Cursor <cursoragent@cursor.com> * feat(web): redesign home hero and waitlist onboarding Improve LATAM-focused hero and projects sections, rebuild the waitlist flow, and fix waitlist inserts with the Supabase service role client. Co-authored-by: Cursor <cursoragent@cursor.com> * feat(web): redesign profile dashboard and harden auth logging Refresh /profile with product-grade layout aligned to the home redesign, fix passkey login feedback to only surface after failed auth, and move notification logging to a server-side path with a new notification_logs migration. Co-authored-by: Cursor <cursoragent@cursor.com> * feat(web): redesign projects listing and unify form UX Add an emotional projects hero with metrics, a floating category ticker, and shared form primitives across auth and project flows. Require external G-address wallets for Trustless Work escrow until smart account signing is supported. Co-authored-by: Cursor <cursoragent@cursor.com> * fix(web): stabilize projects filters hydration and URL sync Derive category/sort state from search params, defer Radix and marquee until mount, and simplify category badges to prevent update loops and SSR id mismatches. Co-authored-by: Cursor <cursoragent@cursor.com> * feat(web): redesign governance page and wire community navigation Align the governance experience with KindFi’s visual language, add i18n copy, and expose /governance from header, profile, and footer entry points. Co-authored-by: Cursor <cursoragent@cursor.com> * fix(web): resolve governance tab keys and profile wallet hydration Use a single keyed motion panel for governance tabs and defer external wallet UI until mount. Co-authored-by: Cursor <cursoragent@cursor.com> * fix: replace boolean with a narrowed * fix(ci): stabilize indexer PR checks on develop and main Provide testnet CHAIN_ID/ENDPOINT in CI, install from the monorepo root with bun.lock, scope the workflow to indexer changes, and add testnet fallbacks in project.ts. Co-authored-by: Cursor <cursoragent@cursor.com> * fix(ci): remove invalid paths-ignore from indexer workflow GitHub only allows paths or paths-ignore per event, not both. Co-authored-by: Cursor <cursoragent@cursor.com> * fix(ci): skip empty indexer SubQuery tests in PR workflow Codegen and build already validate the indexer; remove the SubQuery test step until mapping handler tests are implemented. Co-authored-by: Cursor <cursoragent@cursor.com> * fix(auth): fail open when Redis rate limiter is unavailable Allow sign-up and other server actions to continue in production when Upstash is missing or unreachable, matching API route rate-limit behavior. Co-authored-by: Cursor <cursoragent@cursor.com> --------- Co-authored-by: Matias Aguilar <aaguilar1x@gmail.com> Co-authored-by: Anouk Rímola <77553677+AnoukRImola@users.noreply.github.com> Co-authored-by: Kim <72054684+kimcascante@users.noreply.github.com> Co-authored-by: Kevin Membreño Brenes <130603817+KevinMB0220@users.noreply.github.com> Co-authored-by: Sendi John <johnsendi727@gmail.com> Co-authored-by: Florencia Irupe Alonso <108772706+AlonsoFi@users.noreply.github.com> Co-authored-by: Josué Araya Marín <104031367+Josue19-08@users.noreply.github.com> Co-authored-by: Francisco Campos Díaz <sasasamaes@users.noreply.github.com> Co-authored-by: legend4Tech <121477316+legend4tech@users.noreply.github.com> Co-authored-by: Jenny T. <112415373+JennyT3@users.noreply.github.com> Co-authored-by: Sameer Ali <140313541+devxsameer@users.noreply.github.com> Co-authored-by: MiraBello <miraclebello23@gmail.com> Co-authored-by: is_reel <israelolatunle2015@gmail.com> Co-authored-by: Cursor <cursoragent@cursor.com>
Bran18
added a commit
that referenced
this pull request
Jun 2, 2026
* feat: add guard for mainnet release (#819) * feat: add guard for mainnet release * fix: spread overwrite * fix: placeholder * feat(web): standardize Zod validation for all API routes (#817) * feat(web): add validateRequest helper and Zod schemas for API validation - Add validateRequest utility for consistent validation responses - Add schemas for auth, comments, contributions, escrow, foundations, governance, kyc, nft, passkey, profile, projects, quests, referrals, stellar, streaks, tags - Add safeJsonParse in parseFormData for tags/socialLinks Made-with: Cursor * feat(web): migrate API routes to Zod validation - Replace manual validation with validateRequest + schemas across 55+ routes - Auth: callback, confirm - Comments: list, update - Contributions: create, sync - Escrow: initialize, fund, review, sign-and-submit, dispute - Foundations: create, check-slug, update, campaigns, milestones - Governance: rounds, vote - KYC: create-session - NFTs: mint, evolve, [address] - Passkey: generate options, verify registration/auth - Profile: follow, update-slug - Projects: create, update, pitch, team, highlights, members - Quests: list, progress - Referrals: create, donation, onboard - Stellar: account-info, approve, check-approval, balances, contract/invoke, devices, faucet, transfer prepare/submit - Streaks, tags, waitlist Made-with: Cursor --------- Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * chore: upt nft and quest performance (#821) * feat(audit): add structured audit logging for escrow and NFT operations (#822) * improve event listener performance and stabilize handlers (#825) * improve event listener performance and stabilize handlers * fix: avoid stale callback in kyc status listener * Feat/api helpers standardization (#824) * feat(web): add standardized API helper functions Introduces three helper functions in apps/web/lib/api-helpers.ts to unify the inconsistent auth, response, and error patterns across 60+ API routes: - requireSession(): validates Supabase or NextAuth sessions and returns a discriminated union { user, error: null } | { user: null, error: NextResponse } - respond(): builds consistent { success: true, data, pagination? } responses - error(): builds consistent { success: false, error: { code, message, details? } } responses with optional structured logging via the shared Logger * test(web): add unit tests for API helper functions 23 tests covering requireSession, respond, and error helpers: - requireSession: supabase/nextauth providers, authenticated and unauthenticated paths, edge cases (null user, missing session id) - respond: default 200, custom status, pagination, null/array data - error: default 500, custom status/code, details inclusion/omission, logging with true/Error/arbitrary objects, silent mode Uses dynamic import pattern with mock.module to work without a full dependency install in CI. --------- Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * refactor(escrow): break down escrow-admin-panel into compound components + providers (#806) (#823) - Extract EscrowFormProvider/useEscrowForm context (RORO pattern) to manage all form state in one place, replacing 15+ individual useState hooks - Add shared types.ts (EscrowFormData, MilestoneItem, EscrowAdminPanelProps) - Extract hooks: - use-project-defaults: fetches escrow count, derives suggested title/engagementId/description - use-wallet-sync: syncs wallet address into empty role fields and milestone receivers - use-escrow-validation: pure useMemo validation, no side-effects in main component - use-escrow-transaction: full deploy→sign→send→save flow, both single/multi-release - Extract compound UI components: - EscrowTypeSelector: radio group with milestone type conversion - EscrowBasicFields: title, engagementId, trustline, platformFee, amount, memo, description - EscrowRoleFields: approver, serviceProvider, releaseSigner, disputeResolver, platformAddress, receiver - EscrowMilestones: add/remove/update milestones for both escrow types - Add EscrowAdminPanelContent (~60 LOC): composes all sub-components, wires hooks - Reduce escrow-admin-panel.tsx to ~40 LOC: thin provider wrapper only - Zero TypeScript diagnostics across all new files - All existing functionality preserved with no breaking changes Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * fix(security): remove PII logging and enforce no-console rule (#826) * Feat/rate limit middleware #801 (#827) * fix(security): remove PII logging and enforce no-console rule * feat: add reusable withRateLimit middleware and refactor nft evolve route --------- Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * fix: login and formating * refactor(escrow): migrate initialize route to use API helpers (#840) * refactor(escrow): migrate initialize route to use API helpers Use requireSession for auth validation, respond/error helpers for consistent response shapes, and replace console.error with Logger via the error helper's log option. Closes #835 * refactor(escrow): address CodeRabbit review on initialize route - Add actorId: user.id to all audit log entries for consistent actor trail - Guard against sendTransaction returning falsy with audit log + 502 response - Add missing audit log on DB-insert failure branch - Align audit errorCode with client-visible response code (ESCROW_INIT_ERROR, INTERNAL_ERROR) * fix(security): prevent privilege escalation via user_id in NFT routes (#799) (#842) Centralizes the user_id override check in a shared `authorizeUserOverride` helper used by /api/nfts/evolve and /api/nfts/mint. Non-admin sessions can no longer have a body-supplied `user_id` override the authenticated identity; admin overrides return a structured `NextResponse.json` 403 and are recorded via the audit logger so privilege escalation attempts are observable. Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * fix: remove formdata from useeffect deps (#843) * fix: remove formdata from useeffect deps * fix: use stable milestoneReceiversKey instead of formData.milestones in useEffect deps --------- Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * fix(rate-limit): use preset.block instead of preset.window for Retry-After header (#844) * fix(rate-limit): use preset.block instead of preset.window for Retry-After header - Changed Retry-After header to reflect actual block duration instead of window - Updated test to verify Retry-After matches preset.block for all presets - Fixes #831 * test(rate-limit): include preset name in Retry-After assertion failures Address CodeRabbit feedback on PR #844: when the assertion fails, the error message now identifies which preset (strict/moderate/lenient) produced the mismatch, making regressions easier to diagnose. * fix(rate-limit): apply preset config to RateLimiter instance (#845) RateLimiter now accepts maxAttempts, windowSecs, blockSecs, and configId via constructor, falling back to module-level defaults for backward compatibility. The withRateLimit middleware passes preset values so strict/moderate/lenient actually behave differently. Cache keys include configId to prevent counter collisions across presets sharing an IP. Closes #830 Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * chore(web): remove ignorebuilderrors and fix surfaced typescript issues (#847) Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * refactor(api): migrate mint route to withRateLimit middleware (#836) (#848) * refactor(api): migrate mint route to withRateLimit middleware (#836) * fix(indexer): add missing tslib dependency for subql codegen * fix(indexer): resolve ESM/CommonJS issues in codegen by using process.env directly * fix(indexer): remove all ESM and workspace dependencies from codegen * fix(indexer): align stellar-sdk to v14 and resolve type mismatches in mappings * fix(indexer): update project.ts to use @stellar/stellar-sdk * Revert "fix(indexer): update project.ts to use @stellar/stellar-sdk" This reverts commit a4a1a26. * Reapply "fix(indexer): update project.ts to use @stellar/stellar-sdk" This reverts commit a49ac80. --------- Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * feat(security): enforce auth and Zod validation in Server Actions (#802) (#846) * feat(security): enforce auth and Zod validation in Server Actions (#802) Server Actions ("use server") are exposed as public endpoints, so each one must verify its caller and validate inputs even when middleware has already run. This change introduces a shared auth/validation layer and applies it to every action under apps/web/app/actions: - Add lib/auth/server-action-auth helpers: requireAuthenticatedSession, requireAdminSession, validateInput (Zod), enforceRateLimit, and a ServerActionError -> structured failure helper. - Add lib/schemas/server-actions.schemas with strict Zod schemas for every action input (UUIDs, emails, escrow status enum, Stellar shapes, foundation create payload, etc). - auth.ts: await CSRF check (was unawaited Promise -> always passed), validate sign-up / reset / session / device payloads, gate all escrow admin actions behind requireAdminSession, derive userId from the session in updateDeviceWithDeployee instead of trusting client input, rate-limit sensitive flows, and disable insertTestEscrowRecordAction in production. - foundations/create-foundation.ts: require auth, Zod-validate input, rate-limit, and emit structured audit logs. - escrow/save-escrow-contract.ts: require auth, Zod-validate input, rate-limit, and emit structured audit logs alongside the existing ownership/admin authorization check. Closes #802 * fix(security): tighten validation and fail-closed paths in server actions Address review feedback on PR #846: - Fail closed on rate limiter errors in production so abuse protection stays in place during a Redis outage; keep dev behaviour permissive. - Reject incomplete escrow payloads instead of fabricating placeholder Stellar addresses, engagement IDs and amounts in saveEscrowContract. - Apply stellarAddressSchema to escrow role and receiver fields so malformed account IDs are rejected before persistence. - Reject released > funded in updateEscrowFinancialsInputSchema. - Stop showing a misleading success redirect in requestResetAccountAction while the reset flow is still a TODO; surface a clear unavailable error. * fix(security): address review comments on PR #846 - Migrate validateInput to z.treeifyError (Zod 4 API), replacing the deprecated ZodError.format(). - Make enforceRateLimit truly fail-closed in production: surface a SERVER_ERROR on the increment() result when Redis is unavailable, and reject the request when NODE_ENV === 'production'. The rate limiter catches Redis errors internally, so the previous outer try/catch was unreachable. - Add per-user rate limiting to updateDeviceWithDeployee, matching the rest of the auth actions touched by this PR. - Fix payer/receiver mapping in saveEscrowContractAction: payerAddress now derives from roles.approver (the funder), not roles.serviceProvider (the recipient). - Reject multi-receiver milestone escrows at the schema layer; the DB only stores a single receiver per escrow, so silently collapsing onto milestones[0].receiver could persist incorrect data. --------- Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * refactor: eliminate prop-drilling of suggestedTitle/EngagementId/Description through EscrowAdminPanelContent (#841) Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * fix: replace direct console calls with Logger to comply with no-console ESLint rule (#849) * Remove unused escrowContractAddress prop for cleaner component (#850) * removing the unused escrowContractAddress prop from the component and its associated interfaces to keep the component signature clean and maintainable. * update workflow * chore: add stable version tranch submit post drips wave fix * chore: upgrade Bun to 1.3.14 across the monorepo Align packageManager, CI workflows, and @types/bun so local development and CI use the same runtime version. Co-authored-by: Cursor <cursoragent@cursor.com> * feat(web): redesign home hero and waitlist onboarding Improve LATAM-focused hero and projects sections, rebuild the waitlist flow, and fix waitlist inserts with the Supabase service role client. Co-authored-by: Cursor <cursoragent@cursor.com> * feat(web): redesign profile dashboard and harden auth logging Refresh /profile with product-grade layout aligned to the home redesign, fix passkey login feedback to only surface after failed auth, and move notification logging to a server-side path with a new notification_logs migration. Co-authored-by: Cursor <cursoragent@cursor.com> * feat(web): redesign projects listing and unify form UX Add an emotional projects hero with metrics, a floating category ticker, and shared form primitives across auth and project flows. Require external G-address wallets for Trustless Work escrow until smart account signing is supported. Co-authored-by: Cursor <cursoragent@cursor.com> * fix(web): stabilize projects filters hydration and URL sync Derive category/sort state from search params, defer Radix and marquee until mount, and simplify category badges to prevent update loops and SSR id mismatches. Co-authored-by: Cursor <cursoragent@cursor.com> * feat(web): redesign governance page and wire community navigation Align the governance experience with KindFi’s visual language, add i18n copy, and expose /governance from header, profile, and footer entry points. Co-authored-by: Cursor <cursoragent@cursor.com> * fix(web): resolve governance tab keys and profile wallet hydration Use a single keyed motion panel for governance tabs and defer external wallet UI until mount. Co-authored-by: Cursor <cursoragent@cursor.com> * fix: replace boolean with a narrowed * fix(ci): stabilize indexer PR checks on develop and main Provide testnet CHAIN_ID/ENDPOINT in CI, install from the monorepo root with bun.lock, scope the workflow to indexer changes, and add testnet fallbacks in project.ts. Co-authored-by: Cursor <cursoragent@cursor.com> * fix(ci): remove invalid paths-ignore from indexer workflow GitHub only allows paths or paths-ignore per event, not both. Co-authored-by: Cursor <cursoragent@cursor.com> * fix(ci): skip empty indexer SubQuery tests in PR workflow Codegen and build already validate the indexer; remove the SubQuery test step until mapping handler tests are implemented. Co-authored-by: Cursor <cursoragent@cursor.com> * fix(auth): fail open when Redis rate limiter is unavailable Allow sign-up and other server actions to continue in production when Upstash is missing or unreachable, matching API route rate-limit behavior. Co-authored-by: Cursor <cursoragent@cursor.com> * fix(project-detail): persist comments, likes, follows and enable Supabase session validation (#864) * chore: remove all TODO comments from codebase (#866) * # Performance: Expand code splitting, dynamic imports, and Suspense boundaries (#868) * perf(admin): lazy-load AdminOverview with dynamic import and Suspense * perf(admin): lazy-load AdminGovernanceManager with dynamic import and Suspense * perf(admin): lazy-load AdminAnalytics with dynamic import and Suspense * perf(admin): lazy-load AdminGamificationManager with dynamic import and Suspense * perf(admin): add skeleton loaders for admin panel components * perf(profile): lazy-load CreatorProfile and DonorProfile with dynamic imports * perf(profile): lazy-load NFTCollection in creator profile * perf(profile): lazy-load NFTCollection in donor profile * perf(profile): add skeleton loader for profile view components * perf(home): lazy-load WaitlistModal in hero section * perf(home): lazy-load WaitlistModal in highlighted projects * perf(home): lazy-load WaitlistModal in user journey section * perf(shared): lazy-load WaitlistModal in CTA form * perf(gamification): lazy-load NFTCollection component * perf(demo): lazy-load SmartWalletTransferDemo with Suspense boundary * Fix spacing in Code of Conduct title * refactor: standardize logging infrastructure and unify backend request handlers across the application. (#867) Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * feat: remove smart wallet demo route and component (#869)- (#870) * feat: apply rate limiting to all sensitive API routes (#871) Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * feat(seo): align KindFi with AIO and Search Everywhere Optimization standards (#872) * feat(seo): align KindFi with AIO and technical SEO standards - Add robots.ts with explicit AI crawler policies (GPTBot, Google-Extended, PerplexityBot, ClaudeBot, anthropic-ai, Bingbot) - Add public/llms.txt to communicate platform intent to LLM crawlers - Expand sitemap with missing routes (governance, faqs, foundations) and differentiated priorities/changeFrequencies per page type - Add JSON-LD reusable component and structured-data helpers for Organization, WebSite, FAQPage, BreadcrumbList, and Event schemas - Inject Organization + WebSite JSON-LD in root layout (site-wide) - Add FAQPage + BreadcrumbList JSON-LD to /faqs page using existing FAQ data - Add BreadcrumbList JSON-LD to /projects, /about, /governance, and /projects/[slug] pages - Add Event + BreadcrumbList JSON-LD to project detail pages - Add complete metadata (title, description, OG, Twitter Card, canonical) to pages that were missing it: home, faqs, profile, governance - Improve existing metadata on about, projects, project detail, and root layout with richer entity-based descriptions and Twitter Cards - Set robots: noindex/nofollow on /profile (private authenticated page) Closes #853 * fix(seo): address CodeRabbit review comments - json-ld: escape HTML-significant chars (<, >, &) before injection to prevent script tag breakout from adversarial payload values - structured-data: export SITE_URL constant and add explicit return types (OrganizationSchema, WebSiteSchema, BreadcrumbListSchema, FAQPageSchema) to all factory functions for stable consumer contracts - sitemap: replace localhost fallback with shared SITE_URL constant so URLs are always production-safe when NEXT_PUBLIC_SITE_URL is unset - layout: unify metadataBase and OG url with shared SITE_URL; remove broken og-home.png reference (file does not exist yet) - projects/[slug]: fail fast with notFound() when project is null to prevent 200 responses on missing slugs; seed query cache with already- fetched project via setQueryData instead of a redundant prefetchSupabaseQuery * Chore/remove commented out code pr851 (#873) * chore(middleware): remove tutorial boilerplate and dead session validation block - Remove Supabase SSR tutorial copy-paste comments (try/catch tutorial note) - Remove entirely commented-out getUser() + console.log + redirect block (lines 52-63) that referenced undefined variable cookieSessionToken and was never wired up - Replace generic catch comment with actionable env var guidance - Auth is handled via NextAuth (_userSession param); Supabase client is used only for SSR cookie refresh, not for session validation Closes #851 * chore(doc-utils): remove dead export for non-existent pdf-converter module The pdf-converter module does not exist in the doc-utils directory. The commented-out export was a dead reference to a feature that was never implemented and caused confusion about the public API surface. Closes #851 * chore(stellar): remove stale dev-note comment from passkey service Remove informal '// ! Some of these fns are already in other apps...' comment at the top of stellar-passkey.service.ts. This was a leftover investigation note with no actionable guidance and no linked issue. Any follow-up sync work should be tracked in a dedicated issue/PR. Closes #851 --------- Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * refactor: decompose monolithic components and split shared modules (#875) Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * fix: build issues post wave program * chore: align Biome with monorepo standards and enforce linting in CI. Pin Biome 2.4.5, enable React/Next/Tailwind domains, and apply formatting across the repo so `biome ci` passes locally and in pre-commit. Co-authored-by: Cursor <cursoragent@cursor.com> * fix: guard Supabase generated types from Biome and restore web build Restore database.types.ts, force-ignore generated Supabase artifacts in Biome, and add atomic generation with pre-commit and CI checks. Co-authored-by: Cursor <cursoragent@cursor.com> * chore: upd agent skills * chore: remove unused academy-wep app from monorepo Drop the stub workspace package and related Taskfile targets. Co-authored-by: Cursor <cursoragent@cursor.com> * feat(web): migrate Tailwind v4 and refresh marketing pages Upgrade web styling stack, align about/foundations/news with shared hero patterns, fix CTA and hydration issues, and add social icon helpers. * chore: exclude .agents from Biome checks Skip vendored Vercel and Stellar skill files so CI lint no longer fails on their formatting. * chore: exclude .claude/skills from Biome checks Skip symlinked agent skill paths so lint no longer traverses vendored skill installs. * chore: exclude .codex and .cursor skills from Biome Skip symlinked skill installs under .codex/skills and .cursor/skills in lint and format. * fix: resolve Biome CI errors for lint and formatting Remove root console usage, format skills-lock.json, drop ineffective skeleton suppressions, and stabilize QA realtime hook callbacks. Co-authored-by: Cursor <cursoragent@cursor.com> * fix(web): footer refresh, foundation cards, and NFT donation stats Align footer with main nav and marketing styling, restore foundation card navigation, and show correct donation counts in gamification. Co-authored-by: Cursor <cursoragent@cursor.com> --------- Co-authored-by: Matias Aguilar <aaguilar1x@gmail.com> Co-authored-by: Anouk Rímola <77553677+AnoukRImola@users.noreply.github.com> Co-authored-by: Kim <72054684+kimcascante@users.noreply.github.com> Co-authored-by: Kevin Membreño Brenes <130603817+KevinMB0220@users.noreply.github.com> Co-authored-by: Sendi John <johnsendi727@gmail.com> Co-authored-by: Florencia Irupe Alonso <108772706+AlonsoFi@users.noreply.github.com> Co-authored-by: Josué Araya Marín <104031367+Josue19-08@users.noreply.github.com> Co-authored-by: Francisco Campos Díaz <sasasamaes@users.noreply.github.com> Co-authored-by: legend4Tech <121477316+legend4tech@users.noreply.github.com> Co-authored-by: Jenny T. <112415373+JennyT3@users.noreply.github.com> Co-authored-by: Sameer Ali <140313541+devxsameer@users.noreply.github.com> Co-authored-by: MiraBello <miraclebello23@gmail.com> Co-authored-by: is_reel <israelolatunle2015@gmail.com> Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: Mmeso_Love <mmesolove2002@gmail.com> Co-authored-by: Jefferson Youashi <119521983+clintjeff2@users.noreply.github.com> Co-authored-by: Dev001 <146340502+od-hunter@users.noreply.github.com>
Bran18
added a commit
that referenced
this pull request
Jun 2, 2026
* feat: add guard for mainnet release (#819) * feat: add guard for mainnet release * fix: spread overwrite * fix: placeholder * feat(web): standardize Zod validation for all API routes (#817) * feat(web): add validateRequest helper and Zod schemas for API validation - Add validateRequest utility for consistent validation responses - Add schemas for auth, comments, contributions, escrow, foundations, governance, kyc, nft, passkey, profile, projects, quests, referrals, stellar, streaks, tags - Add safeJsonParse in parseFormData for tags/socialLinks Made-with: Cursor * feat(web): migrate API routes to Zod validation - Replace manual validation with validateRequest + schemas across 55+ routes - Auth: callback, confirm - Comments: list, update - Contributions: create, sync - Escrow: initialize, fund, review, sign-and-submit, dispute - Foundations: create, check-slug, update, campaigns, milestones - Governance: rounds, vote - KYC: create-session - NFTs: mint, evolve, [address] - Passkey: generate options, verify registration/auth - Profile: follow, update-slug - Projects: create, update, pitch, team, highlights, members - Quests: list, progress - Referrals: create, donation, onboard - Stellar: account-info, approve, check-approval, balances, contract/invoke, devices, faucet, transfer prepare/submit - Streaks, tags, waitlist Made-with: Cursor --------- Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * chore: upt nft and quest performance (#821) * feat(audit): add structured audit logging for escrow and NFT operations (#822) * improve event listener performance and stabilize handlers (#825) * improve event listener performance and stabilize handlers * fix: avoid stale callback in kyc status listener * Feat/api helpers standardization (#824) * feat(web): add standardized API helper functions Introduces three helper functions in apps/web/lib/api-helpers.ts to unify the inconsistent auth, response, and error patterns across 60+ API routes: - requireSession(): validates Supabase or NextAuth sessions and returns a discriminated union { user, error: null } | { user: null, error: NextResponse } - respond(): builds consistent { success: true, data, pagination? } responses - error(): builds consistent { success: false, error: { code, message, details? } } responses with optional structured logging via the shared Logger * test(web): add unit tests for API helper functions 23 tests covering requireSession, respond, and error helpers: - requireSession: supabase/nextauth providers, authenticated and unauthenticated paths, edge cases (null user, missing session id) - respond: default 200, custom status, pagination, null/array data - error: default 500, custom status/code, details inclusion/omission, logging with true/Error/arbitrary objects, silent mode Uses dynamic import pattern with mock.module to work without a full dependency install in CI. --------- Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * refactor(escrow): break down escrow-admin-panel into compound components + providers (#806) (#823) - Extract EscrowFormProvider/useEscrowForm context (RORO pattern) to manage all form state in one place, replacing 15+ individual useState hooks - Add shared types.ts (EscrowFormData, MilestoneItem, EscrowAdminPanelProps) - Extract hooks: - use-project-defaults: fetches escrow count, derives suggested title/engagementId/description - use-wallet-sync: syncs wallet address into empty role fields and milestone receivers - use-escrow-validation: pure useMemo validation, no side-effects in main component - use-escrow-transaction: full deploy→sign→send→save flow, both single/multi-release - Extract compound UI components: - EscrowTypeSelector: radio group with milestone type conversion - EscrowBasicFields: title, engagementId, trustline, platformFee, amount, memo, description - EscrowRoleFields: approver, serviceProvider, releaseSigner, disputeResolver, platformAddress, receiver - EscrowMilestones: add/remove/update milestones for both escrow types - Add EscrowAdminPanelContent (~60 LOC): composes all sub-components, wires hooks - Reduce escrow-admin-panel.tsx to ~40 LOC: thin provider wrapper only - Zero TypeScript diagnostics across all new files - All existing functionality preserved with no breaking changes Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * fix(security): remove PII logging and enforce no-console rule (#826) * Feat/rate limit middleware #801 (#827) * fix(security): remove PII logging and enforce no-console rule * feat: add reusable withRateLimit middleware and refactor nft evolve route --------- Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * fix: login and formating * refactor(escrow): migrate initialize route to use API helpers (#840) * refactor(escrow): migrate initialize route to use API helpers Use requireSession for auth validation, respond/error helpers for consistent response shapes, and replace console.error with Logger via the error helper's log option. Closes #835 * refactor(escrow): address CodeRabbit review on initialize route - Add actorId: user.id to all audit log entries for consistent actor trail - Guard against sendTransaction returning falsy with audit log + 502 response - Add missing audit log on DB-insert failure branch - Align audit errorCode with client-visible response code (ESCROW_INIT_ERROR, INTERNAL_ERROR) * fix(security): prevent privilege escalation via user_id in NFT routes (#799) (#842) Centralizes the user_id override check in a shared `authorizeUserOverride` helper used by /api/nfts/evolve and /api/nfts/mint. Non-admin sessions can no longer have a body-supplied `user_id` override the authenticated identity; admin overrides return a structured `NextResponse.json` 403 and are recorded via the audit logger so privilege escalation attempts are observable. Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * fix: remove formdata from useeffect deps (#843) * fix: remove formdata from useeffect deps * fix: use stable milestoneReceiversKey instead of formData.milestones in useEffect deps --------- Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * fix(rate-limit): use preset.block instead of preset.window for Retry-After header (#844) * fix(rate-limit): use preset.block instead of preset.window for Retry-After header - Changed Retry-After header to reflect actual block duration instead of window - Updated test to verify Retry-After matches preset.block for all presets - Fixes #831 * test(rate-limit): include preset name in Retry-After assertion failures Address CodeRabbit feedback on PR #844: when the assertion fails, the error message now identifies which preset (strict/moderate/lenient) produced the mismatch, making regressions easier to diagnose. * fix(rate-limit): apply preset config to RateLimiter instance (#845) RateLimiter now accepts maxAttempts, windowSecs, blockSecs, and configId via constructor, falling back to module-level defaults for backward compatibility. The withRateLimit middleware passes preset values so strict/moderate/lenient actually behave differently. Cache keys include configId to prevent counter collisions across presets sharing an IP. Closes #830 Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * chore(web): remove ignorebuilderrors and fix surfaced typescript issues (#847) Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * refactor(api): migrate mint route to withRateLimit middleware (#836) (#848) * refactor(api): migrate mint route to withRateLimit middleware (#836) * fix(indexer): add missing tslib dependency for subql codegen * fix(indexer): resolve ESM/CommonJS issues in codegen by using process.env directly * fix(indexer): remove all ESM and workspace dependencies from codegen * fix(indexer): align stellar-sdk to v14 and resolve type mismatches in mappings * fix(indexer): update project.ts to use @stellar/stellar-sdk * Revert "fix(indexer): update project.ts to use @stellar/stellar-sdk" This reverts commit a4a1a26. * Reapply "fix(indexer): update project.ts to use @stellar/stellar-sdk" This reverts commit a49ac80. --------- Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * feat(security): enforce auth and Zod validation in Server Actions (#802) (#846) * feat(security): enforce auth and Zod validation in Server Actions (#802) Server Actions ("use server") are exposed as public endpoints, so each one must verify its caller and validate inputs even when middleware has already run. This change introduces a shared auth/validation layer and applies it to every action under apps/web/app/actions: - Add lib/auth/server-action-auth helpers: requireAuthenticatedSession, requireAdminSession, validateInput (Zod), enforceRateLimit, and a ServerActionError -> structured failure helper. - Add lib/schemas/server-actions.schemas with strict Zod schemas for every action input (UUIDs, emails, escrow status enum, Stellar shapes, foundation create payload, etc). - auth.ts: await CSRF check (was unawaited Promise -> always passed), validate sign-up / reset / session / device payloads, gate all escrow admin actions behind requireAdminSession, derive userId from the session in updateDeviceWithDeployee instead of trusting client input, rate-limit sensitive flows, and disable insertTestEscrowRecordAction in production. - foundations/create-foundation.ts: require auth, Zod-validate input, rate-limit, and emit structured audit logs. - escrow/save-escrow-contract.ts: require auth, Zod-validate input, rate-limit, and emit structured audit logs alongside the existing ownership/admin authorization check. Closes #802 * fix(security): tighten validation and fail-closed paths in server actions Address review feedback on PR #846: - Fail closed on rate limiter errors in production so abuse protection stays in place during a Redis outage; keep dev behaviour permissive. - Reject incomplete escrow payloads instead of fabricating placeholder Stellar addresses, engagement IDs and amounts in saveEscrowContract. - Apply stellarAddressSchema to escrow role and receiver fields so malformed account IDs are rejected before persistence. - Reject released > funded in updateEscrowFinancialsInputSchema. - Stop showing a misleading success redirect in requestResetAccountAction while the reset flow is still a TODO; surface a clear unavailable error. * fix(security): address review comments on PR #846 - Migrate validateInput to z.treeifyError (Zod 4 API), replacing the deprecated ZodError.format(). - Make enforceRateLimit truly fail-closed in production: surface a SERVER_ERROR on the increment() result when Redis is unavailable, and reject the request when NODE_ENV === 'production'. The rate limiter catches Redis errors internally, so the previous outer try/catch was unreachable. - Add per-user rate limiting to updateDeviceWithDeployee, matching the rest of the auth actions touched by this PR. - Fix payer/receiver mapping in saveEscrowContractAction: payerAddress now derives from roles.approver (the funder), not roles.serviceProvider (the recipient). - Reject multi-receiver milestone escrows at the schema layer; the DB only stores a single receiver per escrow, so silently collapsing onto milestones[0].receiver could persist incorrect data. --------- Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * refactor: eliminate prop-drilling of suggestedTitle/EngagementId/Description through EscrowAdminPanelContent (#841) Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * fix: replace direct console calls with Logger to comply with no-console ESLint rule (#849) * Remove unused escrowContractAddress prop for cleaner component (#850) * removing the unused escrowContractAddress prop from the component and its associated interfaces to keep the component signature clean and maintainable. * update workflow * chore: add stable version tranch submit post drips wave fix * chore: upgrade Bun to 1.3.14 across the monorepo Align packageManager, CI workflows, and @types/bun so local development and CI use the same runtime version. Co-authored-by: Cursor <cursoragent@cursor.com> * feat(web): redesign home hero and waitlist onboarding Improve LATAM-focused hero and projects sections, rebuild the waitlist flow, and fix waitlist inserts with the Supabase service role client. Co-authored-by: Cursor <cursoragent@cursor.com> * feat(web): redesign profile dashboard and harden auth logging Refresh /profile with product-grade layout aligned to the home redesign, fix passkey login feedback to only surface after failed auth, and move notification logging to a server-side path with a new notification_logs migration. Co-authored-by: Cursor <cursoragent@cursor.com> * feat(web): redesign projects listing and unify form UX Add an emotional projects hero with metrics, a floating category ticker, and shared form primitives across auth and project flows. Require external G-address wallets for Trustless Work escrow until smart account signing is supported. Co-authored-by: Cursor <cursoragent@cursor.com> * fix(web): stabilize projects filters hydration and URL sync Derive category/sort state from search params, defer Radix and marquee until mount, and simplify category badges to prevent update loops and SSR id mismatches. Co-authored-by: Cursor <cursoragent@cursor.com> * feat(web): redesign governance page and wire community navigation Align the governance experience with KindFi’s visual language, add i18n copy, and expose /governance from header, profile, and footer entry points. Co-authored-by: Cursor <cursoragent@cursor.com> * fix(web): resolve governance tab keys and profile wallet hydration Use a single keyed motion panel for governance tabs and defer external wallet UI until mount. Co-authored-by: Cursor <cursoragent@cursor.com> * fix: replace boolean with a narrowed * fix(ci): stabilize indexer PR checks on develop and main Provide testnet CHAIN_ID/ENDPOINT in CI, install from the monorepo root with bun.lock, scope the workflow to indexer changes, and add testnet fallbacks in project.ts. Co-authored-by: Cursor <cursoragent@cursor.com> * fix(ci): remove invalid paths-ignore from indexer workflow GitHub only allows paths or paths-ignore per event, not both. Co-authored-by: Cursor <cursoragent@cursor.com> * fix(ci): skip empty indexer SubQuery tests in PR workflow Codegen and build already validate the indexer; remove the SubQuery test step until mapping handler tests are implemented. Co-authored-by: Cursor <cursoragent@cursor.com> * fix(auth): fail open when Redis rate limiter is unavailable Allow sign-up and other server actions to continue in production when Upstash is missing or unreachable, matching API route rate-limit behavior. Co-authored-by: Cursor <cursoragent@cursor.com> * fix(project-detail): persist comments, likes, follows and enable Supabase session validation (#864) * chore: remove all TODO comments from codebase (#866) * # Performance: Expand code splitting, dynamic imports, and Suspense boundaries (#868) * perf(admin): lazy-load AdminOverview with dynamic import and Suspense * perf(admin): lazy-load AdminGovernanceManager with dynamic import and Suspense * perf(admin): lazy-load AdminAnalytics with dynamic import and Suspense * perf(admin): lazy-load AdminGamificationManager with dynamic import and Suspense * perf(admin): add skeleton loaders for admin panel components * perf(profile): lazy-load CreatorProfile and DonorProfile with dynamic imports * perf(profile): lazy-load NFTCollection in creator profile * perf(profile): lazy-load NFTCollection in donor profile * perf(profile): add skeleton loader for profile view components * perf(home): lazy-load WaitlistModal in hero section * perf(home): lazy-load WaitlistModal in highlighted projects * perf(home): lazy-load WaitlistModal in user journey section * perf(shared): lazy-load WaitlistModal in CTA form * perf(gamification): lazy-load NFTCollection component * perf(demo): lazy-load SmartWalletTransferDemo with Suspense boundary * Fix spacing in Code of Conduct title * refactor: standardize logging infrastructure and unify backend request handlers across the application. (#867) Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * feat: remove smart wallet demo route and component (#869)- (#870) * feat: apply rate limiting to all sensitive API routes (#871) Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * feat(seo): align KindFi with AIO and Search Everywhere Optimization standards (#872) * feat(seo): align KindFi with AIO and technical SEO standards - Add robots.ts with explicit AI crawler policies (GPTBot, Google-Extended, PerplexityBot, ClaudeBot, anthropic-ai, Bingbot) - Add public/llms.txt to communicate platform intent to LLM crawlers - Expand sitemap with missing routes (governance, faqs, foundations) and differentiated priorities/changeFrequencies per page type - Add JSON-LD reusable component and structured-data helpers for Organization, WebSite, FAQPage, BreadcrumbList, and Event schemas - Inject Organization + WebSite JSON-LD in root layout (site-wide) - Add FAQPage + BreadcrumbList JSON-LD to /faqs page using existing FAQ data - Add BreadcrumbList JSON-LD to /projects, /about, /governance, and /projects/[slug] pages - Add Event + BreadcrumbList JSON-LD to project detail pages - Add complete metadata (title, description, OG, Twitter Card, canonical) to pages that were missing it: home, faqs, profile, governance - Improve existing metadata on about, projects, project detail, and root layout with richer entity-based descriptions and Twitter Cards - Set robots: noindex/nofollow on /profile (private authenticated page) Closes #853 * fix(seo): address CodeRabbit review comments - json-ld: escape HTML-significant chars (<, >, &) before injection to prevent script tag breakout from adversarial payload values - structured-data: export SITE_URL constant and add explicit return types (OrganizationSchema, WebSiteSchema, BreadcrumbListSchema, FAQPageSchema) to all factory functions for stable consumer contracts - sitemap: replace localhost fallback with shared SITE_URL constant so URLs are always production-safe when NEXT_PUBLIC_SITE_URL is unset - layout: unify metadataBase and OG url with shared SITE_URL; remove broken og-home.png reference (file does not exist yet) - projects/[slug]: fail fast with notFound() when project is null to prevent 200 responses on missing slugs; seed query cache with already- fetched project via setQueryData instead of a redundant prefetchSupabaseQuery * Chore/remove commented out code pr851 (#873) * chore(middleware): remove tutorial boilerplate and dead session validation block - Remove Supabase SSR tutorial copy-paste comments (try/catch tutorial note) - Remove entirely commented-out getUser() + console.log + redirect block (lines 52-63) that referenced undefined variable cookieSessionToken and was never wired up - Replace generic catch comment with actionable env var guidance - Auth is handled via NextAuth (_userSession param); Supabase client is used only for SSR cookie refresh, not for session validation Closes #851 * chore(doc-utils): remove dead export for non-existent pdf-converter module The pdf-converter module does not exist in the doc-utils directory. The commented-out export was a dead reference to a feature that was never implemented and caused confusion about the public API surface. Closes #851 * chore(stellar): remove stale dev-note comment from passkey service Remove informal '// ! Some of these fns are already in other apps...' comment at the top of stellar-passkey.service.ts. This was a leftover investigation note with no actionable guidance and no linked issue. Any follow-up sync work should be tracked in a dedicated issue/PR. Closes #851 --------- Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * refactor: decompose monolithic components and split shared modules (#875) Co-authored-by: Brandon Fernández <31634868+Bran18@users.noreply.github.com> * fix: build issues post wave program * chore: align Biome with monorepo standards and enforce linting in CI. Pin Biome 2.4.5, enable React/Next/Tailwind domains, and apply formatting across the repo so `biome ci` passes locally and in pre-commit. Co-authored-by: Cursor <cursoragent@cursor.com> * fix: guard Supabase generated types from Biome and restore web build Restore database.types.ts, force-ignore generated Supabase artifacts in Biome, and add atomic generation with pre-commit and CI checks. Co-authored-by: Cursor <cursoragent@cursor.com> * chore: upd agent skills * chore: remove unused academy-wep app from monorepo Drop the stub workspace package and related Taskfile targets. Co-authored-by: Cursor <cursoragent@cursor.com> * feat(web): migrate Tailwind v4 and refresh marketing pages Upgrade web styling stack, align about/foundations/news with shared hero patterns, fix CTA and hydration issues, and add social icon helpers. * chore: exclude .agents from Biome checks Skip vendored Vercel and Stellar skill files so CI lint no longer fails on their formatting. * chore: exclude .claude/skills from Biome checks Skip symlinked agent skill paths so lint no longer traverses vendored skill installs. * chore: exclude .codex and .cursor skills from Biome Skip symlinked skill installs under .codex/skills and .cursor/skills in lint and format. * fix: resolve Biome CI errors for lint and formatting Remove root console usage, format skills-lock.json, drop ineffective skeleton suppressions, and stabilize QA realtime hook callbacks. Co-authored-by: Cursor <cursoragent@cursor.com> * fix(web): footer refresh, foundation cards, and NFT donation stats Align footer with main nav and marketing styling, restore foundation card navigation, and show correct donation counts in gamification. Co-authored-by: Cursor <cursoragent@cursor.com> * fix(web): shorten wallet reminder in project donation sidebar Use friendlier copy and a compact banner so the notice fits the Support This Project panel. --------- Co-authored-by: Matias Aguilar <aaguilar1x@gmail.com> Co-authored-by: Anouk Rímola <77553677+AnoukRImola@users.noreply.github.com> Co-authored-by: Kim <72054684+kimcascante@users.noreply.github.com> Co-authored-by: Kevin Membreño Brenes <130603817+KevinMB0220@users.noreply.github.com> Co-authored-by: Sendi John <johnsendi727@gmail.com> Co-authored-by: Florencia Irupe Alonso <108772706+AlonsoFi@users.noreply.github.com> Co-authored-by: Josué Araya Marín <104031367+Josue19-08@users.noreply.github.com> Co-authored-by: Francisco Campos Díaz <sasasamaes@users.noreply.github.com> Co-authored-by: legend4Tech <121477316+legend4tech@users.noreply.github.com> Co-authored-by: Jenny T. <112415373+JennyT3@users.noreply.github.com> Co-authored-by: Sameer Ali <140313541+devxsameer@users.noreply.github.com> Co-authored-by: MiraBello <miraclebello23@gmail.com> Co-authored-by: is_reel <israelolatunle2015@gmail.com> Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: Mmeso_Love <mmesolove2002@gmail.com> Co-authored-by: Jefferson Youashi <119521983+clintjeff2@users.noreply.github.com> Co-authored-by: Dev001 <146340502+od-hunter@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
use-escrow-transaction.ts: importedLoggerand replacedconsole.error(e)in catch block withlogger.error({ eventType: 'escrow.create.error', ... })audit-logger.ts: added// eslint-disable-next-line no-consolewith inline justification — intentionallast-resort fallback when the AuditLogger itself fails to persist
nfts/mint/route.ts: replaced 5 directconsole.warn/console.errorcalls withlogger.warn/logger.errorusing structured
LogDataformatescrow/initialize/route.ts: no changes needed — already cleanContext
PR #826 (bundled in #828) introduced the
no-consoleESLint rule. These files were part of the same bundle but stillused direct console calls, violating the newly added rule.
Closes #832