6529 Update command

[prxt6529]

Summary by CodeRabbit

• New Features

  • Added secure CLI commands for targeted dependency fixes and broader updates.
  • Wallet behavior now toggles an integrated payment option based on runtime platform.

• Documentation

  • Updated docs and README with usage notes for the new update commands and secure wrapper path.

• Chores

  • Bumped axios, uuid, and postcss; removed deprecated uuid type definitions.

[coderabbitai]

Warning

Rate limit exceeded

@prxt6529 has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 22 minutes and 20 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: d1aec689-fbbc-467f-87ad-cddc6259a95e

📥 Commits

Reviewing files that changed from the base of the PR and between a095038 and 91698e9.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (3)

• __tests__/components/providers/AppKitAdapterManager.test.ts
• __tests__/utils/appkit-initialization.utils.test.ts
• package.json

📝 Walkthrough

Walkthrough

Adds two CLI commands (6529 update and 6529 update:all), documents their use in README and developer docs (including Socket Firewall guidance), pins/upgrades several dependencies in package.json and pnpm-workspace.yaml, and updates AppKit initialization to pass an isCapacitor flag with accompanying tests.

Changes

Cohort / File(s)	Summary
CLI + Documentation bin/6529, README.md, docs/developer/pnpm-and-socket-firewall.md	Adds 6529 update (argument-less, runs pnpm audit --fix via secure runner) and 6529 update:all (for broader updates) with help text; documents both commands and their Socket Firewall/direnv wrapper usage.
Dependency pins & workspace overrides package.json, pnpm-workspace.yaml	Adds @wagmi/* runtime deps, upgrades axios and uuid, bumps postcss, removes @types/uuid, and pins axios/postcss in workspace overrides.
AppKit init logic & tests utils/appkit-initialization.utils.ts, __tests__/utils/appkit-initialization.utils.test.ts	initializeAppKit and buildAppKitConfig now accept/propagate isCapacitor and toggle enableCoinbase accordingly; new tests verify behavior for capacitor vs non-capacitor flows.

Sequence Diagram

sequenceDiagram
    actor User
    participant CLI as 6529 CLI
    participant Assert as assert-no-package-lock.cjs
    participant SecurePnpm as run-secure-pnpm.cjs
    participant Pnpm as pnpm

    User->>CLI: run "6529 update" or "6529 update:all" [args]
    CLI->>Assert: verify no package-lock.json
    Assert-->>CLI: result (pass/fail)
    CLI->>SecurePnpm: invoke secure runner with action (audit --fix or update + args)
    SecurePnpm->>Pnpm: execute pnpm command
    Pnpm-->>SecurePnpm: command result
    SecurePnpm-->>CLI: exit status/output
    CLI-->>User: final status/output

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• wip #2193: Overlaps pnpm workspace overrides and transitive package pinning (related axios/postcss pins).
• PNPM Audit #2283: Overlapping dependency version updates (axios, workspace overrides) and related package.json edits.

Suggested reviewers

• ragnep

Poem

"A rabbit taps keys in the moonlit crate,
Adds 6529 update to keep packages straight,
Pins and tests snug in a tidy file,
Hops back to commit with a joyful smile. 🐰"

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title '6529 Update command' directly describes the primary change: adding new '6529 update' and '6529 update:all' CLI commands with supporting documentation.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch 6529-update

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 0/1 reviews remaining, refill in 22 minutes and 20 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@README.md`:
- Around line 146-147: The phrase "`6529 add` and `6529 update` go through the
same Socket Firewall protected path as secure installs." uses an un-hyphenated
compound modifier; change "Socket Firewall protected path" to "Socket
Firewall-protected path" so the compound adjective is hyphenated
correctly—update the README sentence containing the backticked "`6529 add` and
`6529 update`" text to use "Socket Firewall-protected path."

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 4e7b11c5-4f82-4f3e-a248-9acf2b505f8c

📥 Commits

Reviewing files that changed from the base of the PR and between fe6bcd5 and 13473c1.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (5)

• README.md
• bin/6529
• docs/developer/pnpm-and-socket-firewall.md
• package.json
• pnpm-workspace.yaml

[coderabbitai]

🧹 Nitpick comments (1)

__tests__/utils/appkit-initialization.utils.test.ts (1)

45-50: ⚡ Quick win

Also assert adapter creation args to lock platform wiring end-to-end.

Right now the tests verify final AppKit config, but not that isCapacitor and chains are forwarded into createAdapterWithCache. Adding that assertion makes regressions easier to catch.

Suggested test additions

   it("disables AppKit's default Coinbase connector on Capacitor", () => {
     initializeAppKit({
       wallets: [],
       adapterManager: adapterManager as unknown as AppKitAdapterManager,
       isCapacitor: true,
       chains: [mainnet],
     });
+    expect(adapterManager.createAdapterWithCache).toHaveBeenCalledWith(
+      [],
+      true,
+      [mainnet]
+    );

     expect(createAppKit).toHaveBeenCalledWith(
       expect.objectContaining({
         enableCoinbase: false,
       })
     );
   });

   it("keeps AppKit's default Coinbase connector enabled outside Capacitor", () => {
     initializeAppKit({
       wallets: [],
       adapterManager: adapterManager as unknown as AppKitAdapterManager,
       isCapacitor: false,
       chains: [mainnet],
     });
+    expect(adapterManager.createAdapterWithCache).toHaveBeenCalledWith(
+      [],
+      false,
+      [mainnet]
+    );

     expect(createAppKit).toHaveBeenCalledWith(
       expect.objectContaining({
         enableCoinbase: true,
       })
     );
   });

Also applies to: 60-65

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@__tests__/utils/appkit-initialization.utils.test.ts` around lines 45 - 50,
The test should assert that initializeAppKit forwards platform and chain args
into createAdapterWithCache: spy or mock the createAdapterWithCache call used by
initializeAppKit and add expectations that it was invoked with an options object
containing isCapacitor: true and chains: [mainnet] (and do the same for the
other case around lines 60-65); locate the call site by referencing
initializeAppKit and the createAdapterWithCache utility and add assertions to
verify the adapter creation args include the expected isCapacitor and chains
values to lock the end-to-end wiring.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@__tests__/utils/appkit-initialization.utils.test.ts`:
- Around line 45-50: The test should assert that initializeAppKit forwards
platform and chain args into createAdapterWithCache: spy or mock the
createAdapterWithCache call used by initializeAppKit and add expectations that
it was invoked with an options object containing isCapacitor: true and chains:
[mainnet] (and do the same for the other case around lines 60-65); locate the
call site by referencing initializeAppKit and the createAdapterWithCache utility
and add assertions to verify the adapter creation args include the expected
isCapacitor and chains values to lock the end-to-end wiring.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5d6bbf32-b91a-46be-a474-94fb8422fda8

📥 Commits

Reviewing files that changed from the base of the PR and between 13473c1 and a095038.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (7)

• README.md
• __tests__/utils/appkit-initialization.utils.test.ts
• bin/6529
• docs/developer/pnpm-and-socket-firewall.md
• package.json
• pnpm-workspace.yaml
• utils/appkit-initialization.utils.ts

✅ Files skipped from review due to trivial changes (2)

• docs/developer/pnpm-and-socket-firewall.md
• README.md

🚧 Files skipped from review as they are similar to previous changes (2)

• pnpm-workspace.yaml
• package.json

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud