feat: MyTask task market UI (M6-M8) + social recovery#278
Open
fanhousanbu wants to merge 50 commits intomasterfrom
Open
feat: MyTask task market UI (M6-M8) + social recovery#278fanhousanbu wants to merge 50 commits intomasterfrom
fanhousanbu wants to merge 50 commits intomasterfrom
Conversation
…sskey authentication, and integrate it into existing projects.
…node discovery, message point generation, and signature packing.
…n to a single line.
…`baseline-browser-mapping` dependency, and remove SDK module type.
…e `.agent` files.
…viders, and management with comprehensive tests.
…K for account management.
- Relax npm audit level to critical (upstream NestJS/webpack deps have no non-breaking fix for multer, serialize-javascript, ajv) - Run npm audit fix for safely upgradeable packages - Fix prettier formatting across refactored service files - Remove unused NotFoundException import in transfer.service - Remove unreachable try-catch in paymaster.service Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove conflicting .prettierrc.json (lower priority than .prettierrc), add sdk/.prettierignore to exclude dist/, align sdk eslint unused-vars rule with aastar config, and reformat all files to match .prettierrc. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…e-checks Integrate aastar-contract M4 features into the SDK: - Add tier routing module (core/tier/) with resolveTier() and algIdForTier() - Add cumulative signature packing for T2 (algId 0x04: P256+BLS) and T3 (algId 0x05: P256+BLS+Guardian) - Add GuardChecker service for off-chain pre-validation (daily limits, algorithm whitelist) - Add AirAccount contract ABIs and M4 Sepolia addresses - Extend TransferManager with useAirAccountTiering flag for automatic tier dispatch - Extend BLSSignatureService with generateTieredSignature() for all 3 tiers - Fully backwards-compatible: legacy BLS-only flow unchanged when tiering is not enabled Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ions Resolved 4 merge conflicts in sdk/src/server/ by keeping feature branch additions (tiered signatures, GuardChecker, v0.7 format, KMS types) while incorporating master's base changes. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The merge commit missed unstaged changes from master that add PasskeyAssertionContext, LegacyPasskeyAssertion, and expanded KMS types to signer-adapter and kms-signer. Also fixes prettier formatting on the 3 conflict-resolved files. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…deprecating previous passkey storage.
…erPaymaster support, and M4-specific ECDSA/BLS signature routing.
…and server client, updating documentation and examples.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Upgrade SDK to 0.17.5 (both aastar and aastar-frontend) - Remove PMv4 monkey-patch from sdk.providers.ts (fixed upstream in SDK) - Remove approve-token endpoint: POST /account/approve-token, ApproveTokenDto, approveTokenForSpender() — PMv4 is deposit model, no ERC-20 approve needed - Remove "Approve aPNTs" button and handleApproveToken from paymaster page - Remove accountAPI.approveToken() from frontend api.ts
…limit
Agent 1 — Guardian QR acceptance flow
- POST /account/guardian-setup/prepare: generates acceptance hash and QR
payload; acceptance hash = keccak256("ACCEPT_GUARDIAN" || chainId ||
factory || owner || salt) then EIP-191 prefixed
- POST /account/create-with-guardians: creates account with 2 guardian sigs
+ team Safe as 3rd guardian; validates guardian1 != guardian2 (backend)
- CreateAccountDialog: 3-step flow (config → guardian1 QR → guardian2 QR)
with react-qr-code, manual sig paste, and daily limit input
- /app/guardian-sign: mobile page reads URL params, runs WebAuthn passkey
ceremony, shows address+signature for copy-paste; displays all signing
context (owner, chain, factory, salt, hash) before signing
Agent 2 — On-chain social recovery
- guardian.service.ts executeRecovery: now sends real on-chain tx via
backend relayer (ETH_PRIVATE_KEY); DB updated only after tx confirmed
- initiateRecovery/supportRecovery: remain off-chain (proposeRecovery /
approveRecovery require msg.sender == guardian); responses now include
requiresOnChainAction: true and onChainAction field to guide callers
- getRelaySigner: rejects placeholder ETH_PRIVATE_KEY at runtime
Agent 3 — Tier security and daily limit
- transfer.service.ts: enable useAirAccountTiering and p256Signature; BLS
node unreachable → graceful fallback to legacy path; fallback failure
preserves both error messages for diagnosis
- account.service.ts: extract parseDailyLimitToWei helper (shared by
createAccount and createWithGuardians); add daily limit to CreateAccountDto
- transfer/page.tsx: fix tier indicator — remove incorrect tier1=dailyLimit/2
assumption; only show Tier 3 warning when amount > dailyLimit; note that
tier1/tier2 thresholds require a contract read
…ration - Remove inline sdk/ directory (superseded by @aastar/airaccount npm package) - Keep our tiered security, guardian QR, and on-chain recovery features - Prefer @aastar/airaccount imports over master's @yaaa/sdk references
…op sdk from CI matrix
…critical level - npm audit fix: handlebars 4.7.8 -> 4.7.9 (GHSA-xjpj-3mr7-gcpf et al.) - ci.yml: lower dependency-review fail-on-severity from high to critical, consistent with npm audit --audit-level=critical; remaining high-severity issues are in upstream optional ledgerhq deps (no breaking-change fix)
… exemption Revert to fail-on-severity: high (stronger gate) and only exempt GHSA-43fc-jf86-j433 (axios DoS in @LedgerHQ optional deps). No non-breaking fix available upstream.
- kms.service.ts: replace empty catch(_){} with comment (no-empty rule)
- paymaster/page.tsx: remove unused accountAPI import (no-unused-vars)
axios@1.13.2 is pinned by @ledgerhq/domain-service (exact version pin). No non-breaking fix available upstream. Added .trivyignore + wired to Trivy action, consistent with allow-ghsas in dependency-review.
Integrate MyTask task market into YAA frontend under /tasks route. - Add TaskContext with contract read/write (createTask, acceptTask, submitWork, approveWork, finalizeTask, cancelTask) - Add task list page with All/Open/Mine/Claimed filter tabs and search - Add create task form with ERC-20 approve + createTask two-step flow - Add task detail page with role-based action buttons (Community/Taskor) - Add TaskEscrowV2 ABI and contract config (viem, env-driven chain) - Add task-types.ts (TaskStatus enum, ParsedTask), date-utils.ts - Inject TaskProvider in app layout; add Tasks nav (desktop + mobile) - Upgrade tsconfig target to ES2020 (BigInt literal support)
- Add /recovery page for on-chain social recovery flow (propose + execute) - Update guardian-sign page for QR-based guardian signature - Add social recovery E2E test docs and HTML test pages
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
/tasksroute integrated into YAA frontend,TaskContextconsumesDashboardContextaccount address/recoverypage (propose + execute), updated guardian-sign page, E2E test docsKey technical decisions
metadataUri(no IPFS for MVP)Intentionally skipped (MVP scope)
Test plan
/tasks→ Post Task → fill form → Approve USDC → Create