Conversation
This is the first stable native+web version. Unlike the norm for similar packages, it requires no setup of the dependee project’s HTML and no post-processing with web-pack, but this may still be considered if it brings significant gains.
Migrate the automated build system from the main project. Credit to @takenagain and @naezith for their initial implementation of the coin assets fetching and KDF binary fetching steps, respectively.
Init `komodo_wallet_cli` package which will be used as a utility for managing build and other general dev tools
Initial version with macOS and web support. Fully automated KDF integration for Flutter projects.
Re-organise komodo_defi_framework as a sub-package in preparation to use it in a new higher-level package that abstracts out the specifics of the API and provides (amongst other things) an auth system and data persistence.
Init using `dart create -t package komodo_defi_types`
Init using `very_good create dart_package komodo_defi_rpc_methods --publishable --description "A package containing the RPC methods and responses for the Komodo DeFi Framework API”`
Scaffold out the architecture for adding RPC methods. See (packages/komodo_defi_rpc_methods/lib/src/rpc_methods/hd_wallet/get_new_address.dart)[packages/komodo_defi_rpc_methods/lib/src/rpc_methods/hd_wallet/get_new_address.dart] for an example.
Init symbol converter package using `very_good create dart_package komodo_symbol_converter --description "A lightweight package to convert fiat/crypto prices and charts”`
Init UI package with `very_good create flutter_package komodo_dapp_components --description "A high-level widget catalog relevant to building UI apps with Komodo DeFi Framework”`
Init widgetbook as per https://docs.widgetbook.io/guides/quick-start. This will serve as the example app for the package `komodo_ui`
First somewhat feature-rich version
Fix upgraded linter errors for `komodo_defi_framework`
Rename ‘web’ references to ‘wasm’ to avoid confusion since web platform support is not exclusive to the WASM implementation.
Allow changing config while running in case RPC pass is incorrect.
Init local authentication package using `very_good create flutter_package komodo_defi_local_auth --description "A package responsible for managing and abstracting out an authentication service on top of the API's methods”`
Co-authored-by: GitHub Actions <github-actions[bot]@users.noreply.github.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Comment on lines
+17
to
+85
| runs-on: ubuntu-latest | ||
| outputs: | ||
| has_updates: ${{ steps.check-updates.outputs.has_updates }} | ||
| branch: ${{ steps.determine-branch.outputs.branch }} | ||
| current_commit: ${{ steps.current-details.outputs.commit }} | ||
| new_commit: ${{ steps.check-updates.outputs.new_commit }} | ||
| source_urls: ${{ steps.get-source-urls.outputs.source_urls }} | ||
|
|
||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Set up Dart SDK | ||
| uses: dart-lang/setup-dart@v1 | ||
|
|
||
| - name: Install dependencies | ||
| run: | | ||
| cd packages/komodo_wallet_cli | ||
| dart pub get | ||
|
|
||
| - name: Determine branch from config | ||
| id: determine-branch | ||
| run: | | ||
| BRANCH=$(cat packages/komodo_defi_framework/app_build/build_config.json | jq -r '.api.branch') | ||
| # If workflow dispatch provided a branch, use that instead | ||
| if [[ "${{ github.event_name }}" == "workflow_dispatch" && -n "${{ github.event.inputs.branch }}" ]]; then | ||
| BRANCH="${{ github.event.inputs.branch }}" | ||
| fi | ||
| echo "Using branch: $BRANCH" | ||
| echo "branch=$BRANCH" >> $GITHUB_OUTPUT | ||
|
|
||
| - name: Get source URLs from config | ||
| id: get-source-urls | ||
| run: | | ||
| SOURCE_URLS=$(cat packages/komodo_defi_framework/app_build/build_config.json | jq -c '.api.source_urls') | ||
| echo "source_urls=$SOURCE_URLS" >> $GITHUB_OUTPUT | ||
| echo "Source URLs: $SOURCE_URLS" | ||
|
|
||
| - name: Get current commit details | ||
| id: current-details | ||
| run: | | ||
| COMMIT=$(cat packages/komodo_defi_framework/app_build/build_config.json | jq -r '.api.api_commit_hash') | ||
| echo "commit=$COMMIT" >> $GITHUB_OUTPUT | ||
|
|
||
| - name: Check for new commit | ||
| id: check-updates | ||
| run: | | ||
| BRANCH="${{ steps.determine-branch.outputs.branch }}" | ||
| CURRENT_COMMIT="${{ steps.current-details.outputs.commit }}" | ||
|
|
||
| # Get latest commit for the branch | ||
| TOKEN=${{ secrets.GITHUB_TOKEN }} | ||
| RESPONSE=$(curl -s -H "Authorization: token $TOKEN" \ | ||
| "https://api.github.com/repos/KomodoPlatform/komodo-defi-framework/commits/$BRANCH") | ||
| NEW_COMMIT=$(echo $RESPONSE | jq -r '.sha') | ||
|
|
||
| echo "Current commit: $CURRENT_COMMIT" | ||
| echo "Latest commit: $NEW_COMMIT" | ||
|
|
||
| if [[ "$CURRENT_COMMIT" != "$NEW_COMMIT" ]]; then | ||
| echo "New commit found!" | ||
| echo "has_updates=true" >> $GITHUB_OUTPUT | ||
| echo "new_commit=$NEW_COMMIT" >> $GITHUB_OUTPUT | ||
| else | ||
| echo "No updates available." | ||
| echo "has_updates=false" >> $GITHUB_OUTPUT | ||
| fi | ||
|
|
||
| roll-kdf-version: |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Comment on lines
+86
to
+194
| needs: check-for-updates | ||
| if: ${{ needs.check-for-updates.outputs.has_updates == 'true' }} | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Set up Dart SDK | ||
| uses: dart-lang/setup-dart@v1 | ||
|
|
||
| - name: Install dependencies | ||
| run: | | ||
| cd packages/komodo_wallet_cli | ||
| dart pub get | ||
|
|
||
| - name: Create branch for roll | ||
| run: | | ||
| BRANCH="${{ needs.check-for-updates.outputs.branch }}" | ||
| NEW_COMMIT="${{ needs.check-for-updates.outputs.new_commit }}" | ||
| SHORT_COMMIT="${NEW_COMMIT:0:7}" | ||
| git config --global user.email "github-actions[bot]@users.noreply.github.com" | ||
| git config --global user.name "GitHub Actions" | ||
| git checkout -b kdf-roll/$BRANCH-$SHORT_COMMIT | ||
|
|
||
| - name: Roll KDF version | ||
| id: roll-version | ||
| run: | | ||
| BRANCH="${{ needs.check-for-updates.outputs.branch }}" | ||
| CURRENT_COMMIT="${{ needs.check-for-updates.outputs.current_commit }}" | ||
| NEW_COMMIT="${{ needs.check-for-updates.outputs.new_commit }}" | ||
| SOURCE_URLS='${{ needs.check-for-updates.outputs.source_urls }}' | ||
|
|
||
| echo "Running update_api_config tool..." | ||
| cd packages/komodo_wallet_cli | ||
| mkdir -p ../komodo_defi_framework/app_build/temp_downloads | ||
|
|
||
| # Try each source URL in order until one succeeds | ||
| SUCCESS=false | ||
| for SOURCE_URL in $(echo $SOURCE_URLS | jq -r '.[]'); do | ||
| echo "Trying source URL: $SOURCE_URL" | ||
|
|
||
| # Determine source type from URL | ||
| if [[ "$SOURCE_URL" == *"api.github.com"* ]]; then | ||
| SOURCE_TYPE="github" | ||
| else | ||
| SOURCE_TYPE="mirror" | ||
| fi | ||
|
|
||
| echo "Using source type: $SOURCE_TYPE" | ||
|
|
||
| # Try roll with this source | ||
| if dart bin/update_api_config.dart \ | ||
| --branch "$BRANCH" \ | ||
| --source "$SOURCE_TYPE" \ | ||
| --config ../komodo_defi_framework/app_build/build_config.json \ | ||
| --output-dir ../komodo_defi_framework/app_build/temp_downloads \ | ||
| --verbose; then | ||
|
|
||
| echo "Successfully rolled using $SOURCE_URL" | ||
| SUCCESS=true | ||
| break | ||
| else | ||
| echo "Failed to roll using $SOURCE_URL, trying next source..." | ||
| fi | ||
| done | ||
|
|
||
| if [ "$SUCCESS" = false ]; then | ||
| echo "All sources failed. Exiting with error." | ||
| exit 1 | ||
| fi | ||
|
|
||
| - name: Commit changes | ||
| run: | | ||
| BRANCH="${{ needs.check-for-updates.outputs.branch }}" | ||
| NEW_COMMIT="${{ needs.check-for-updates.outputs.new_commit }}" | ||
| SHORT_COMMIT="${NEW_COMMIT:0:7}" | ||
|
|
||
| # Check if there are changes to commit | ||
| if git diff --quiet; then | ||
| echo "No changes to commit" | ||
| exit 0 | ||
| fi | ||
|
|
||
| git add packages/komodo_defi_framework/app_build/build_config.json | ||
| git commit -m "chore: roll KDF version to commit $SHORT_COMMIT for branch $BRANCH" | ||
| git push origin kdf-roll/$BRANCH-$SHORT_COMMIT | ||
|
|
||
| - name: Create Pull Request | ||
| env: | ||
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| run: | | ||
| BRANCH="${{ needs.check-for-updates.outputs.branch }}" | ||
| NEW_COMMIT="${{ needs.check-for-updates.outputs.new_commit }}" | ||
| SHORT_COMMIT="${NEW_COMMIT:0:7}" | ||
|
|
||
| PR_TITLE="chore: roll KDF version to commit $SHORT_COMMIT for branch $BRANCH" | ||
| PR_BODY="This PR rolls the KDF version to the latest commit ($SHORT_COMMIT) for the '$BRANCH' branch. | ||
|
|
||
| **Changes:** | ||
| - Rolled KDF version from \`${{ needs.check-for-updates.outputs.current_commit }}\` to \`$NEW_COMMIT\` | ||
|
|
||
| This PR was automatically generated by GitHub Actions." | ||
|
|
||
| gh pr create \ | ||
| --title "$PR_TITLE" \ | ||
| --body "$PR_BODY" \ | ||
| --base "$BRANCH" \ | ||
| --head "kdf-roll/$BRANCH-$SHORT_COMMIT" |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Various QoL improvements for the playground tool.
Comment on lines
+34
to
+57
| needs: setup | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: subosito/flutter-action@v2 | ||
| with: | ||
| channel: "stable" | ||
| - name: Install Melos | ||
| run: dart pub global activate melos | ||
| - name: Bootstrap workspace | ||
| run: melos bootstrap | ||
| - name: Build playground web | ||
| run: cd playground && flutter build web --release | ||
| - uses: FirebaseExtended/action-hosting-deploy@v0 | ||
| with: | ||
| repoToken: ${{ secrets.GITHUB_TOKEN }} | ||
| firebaseServiceAccount: ${{ secrets.FIREBASE_SERVICE_ACCOUNT_KOMODO_PLAYGROUND }} | ||
| channelId: live | ||
| projectId: komodo-playground | ||
| entryPoint: ./playground | ||
| env: | ||
| FIREBASE_CLI_EXPERIMENTS: webframeworks | ||
|
|
||
| build_and_deploy_sdk_example: |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 11 months ago
To fix the issue, we will add an explicit permissions block to the workflow. This block will be added at the root level of the workflow to apply to all jobs unless overridden. Based on the workflow's actions, the minimal required permissions are contents: read. This ensures that the GITHUB_TOKEN has only the necessary access to repository contents and no unnecessary write permissions.
Suggested changeset
1
.github/workflows/firebase-hosting-merge.yml
| @@ -4,2 +4,4 @@ | ||
| name: Deploy to Firebase Hosting on merge | ||
| permissions: | ||
| contents: read | ||
| on: |
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
Contributor
|
Visit the preview URL for this PR (updated for commit e2561b3): https://komodo-defi-sdk--pr27-dev-ov8g1qtp.web.app (expires Wed, 11 Jun 2025 14:09:24 GMT) 🔥 via Firebase Hosting GitHub Action 🌎 Sign: 7f9f5ac39928f333b6e8fcefb7138575e24ed347 |
…ng branch-specific content URL for non-master branches (#55) * fix(coin-assets-build-step): use the raw content url for non-main branch * fix(tendermint): change chainId to optional * fix(kdf-startup-config): temporarily remove chain-id from protocol field * refactor: improve coins fetch error handling
Add further parallelisation to avoid Codex’s 5 minute container setup time limit.
) * build: melos bootstrap pubspec overrides update * fix(withdrawal-manager): use legacy withdraw process for tendermint * fix(pubkey-manager): add retry logic to account for activation PlatformIsAlreadyActivated error seen in SDK example and KW. Ideal solution is to retry in the SDK before throwing an exception * fix(pubkey-manager): reduce delay, and run in zone for microtask errors exceptions thrown in microtask queues are not caught by traditional try-catch blocks (even when awaited), so run the function to be retried in a guarded zone to catch all exceptions * refactor(pubkey-manager): move retry function to type utils package * refactor: generalise and add unit tests
DeckerSU
requested changes
May 21, 2025
Contributor
DeckerSU
left a comment
DeckerSU
left a comment
There was a problem hiding this comment.
Overall, LGTM — no malicious code was found in the dependencies. However, I’d like to point out a few things:
-
The packages under the
packagesfolder use many of the same dependencies, but with different versions. For example, thehttpdependency is declared as1.3.0,^1.3.0,^1.2.2, and^1.4.0across different places, which feels a bit inconsistent. From a security review perspective, it would be cleaner and safer if all packages used the same version of shared dependencies. -
Not all
packagescontain apubspec.lockfile. This can result in unexpected versions being pulled in during the build. For example, a declaration likeequatable: ^2.0.5can lead to using any version in the>=2.0.5 <3.0.0range, which is unpredictable. We should make sure every package includes a.lockfile to guarantee that the build uses tested and approved versions of all dependencies.
…password policy (#58) * fix(kdf-startup-config): update password validation to match KDF policy * test(komodo-defi-type-utils): migrate validation unit tests from KW * test: add unit tests for generatePasswordSecure * refactor(security-utils): move validation check to generate function * fix(security-utils): off-by-one error and extend tests to validate
…onse format (#60) * fix(fee-info): add tendermint fee info rather than mapping to cosmosgas tendermint fee_details has an `amount` field which returns the fee, so no calculation is required * fix(fee-info): update qrc20 and eth20 constructors with new total fields added as optional parameters to mitigate potential breaking changes
NO CHANGES TO GENERATED BOILERPLATE. GENERATED USING: `very_good create flame_game dex_dungeon --org-name com.komodoplatform`
* feat(withdrawal): add ibc source channel support Modified version of 9bd8215 * fix(fee-info): change toJson type from Tendermint to CosmosGas
* fix(wallet): use CDN url for folder downloads * refactor: fix format issue and confirm function
* chore: align dependency versions * chore: commit pubspec.lock for example projects As per Flutter guidelines, `pubspec.lock` shouldn’t be committed for packages, but this does not apply to the example apps within the SDK project. This is useful for keeping track of which version the direct/transistive dependencies are resolving to.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Introduction
TODO
Changelog
TODO
OPSEC
Please review the code within this repository only. To avoid duplicate reviews of nested packages, the third-party package diff will be done on the
komodo-walletrepo's RC.Below is an overview of this repository's architecture. This will be further documented in the repo's docs in the near future.
Summary
Diff count
Well done team! We've really built something special here. We've moved a mountain one rock at a time. Less than 1% of the Dart changes are generated code. The rest were built with love.