[Don't merge] docs: add Switching to Production section and env-driven SDK environment#20
Open
maciejwitowski wants to merge 1 commit into
Open
[Don't merge] docs: add Switching to Production section and env-driven SDK environment#20maciejwitowski wants to merge 1 commit into
maciejwitowski wants to merge 1 commit into
Conversation
Add NEXT_PUBLIC_VANA_ENV support to the nextjs-starter so the SDK environment (dev/prod) is controlled via a single env var. Document the production checklist: npm package, env flag, Data Connect release, app registration, and deployment. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
4 tasks
tnunamak
added a commit
that referenced
this pull request
May 4, 2026
…ns (#124) Stacked on PR #112. Targets that branch so the integration lands as part of the OIDC slice. ## Summary When a user approves an account-action with `execution_mode === "embedded_wallet_account_hosted"`, account.vana.org now mints a real on-chain grant on the user's Personal Server. Replaces the mock-only path. Also addresses the hardcoded/missing-data audit findings flagged earlier. ## What's wired 1. **`oauth_clients` registry table** (migration 007) — replaces the localStorage admin store. Builder identity (`grantee_address`, `builder_id`, `public_key`) is optional (Sign-in-with-Vana works without it) but all-or-nothing when set. 2. **Admin API** (`/api/admin/oauth-clients`) — POST upsert, GET list, DELETE; owner-auth via masterKeySignature. 3. **`executeGrantViaPersonalServer` helper** — pure function: resolves user PS + OAuth client, POSTs `<ps-url>/v1/grants` with `Bearer <control_plane_token>`. 4. **`handleActionDecision` real-grant branch** — when execution_mode is `embedded_wallet_account_hosted`, calls executor before persisting; failure aborts approval with a typed error. 5. **Consent event audit** — populates `subject_wallet_address` (primary linked wallet), `application_id` (oauth_clients.protocolPrincipal), `authorization_reference` ({grantId, granteeAddress, personalServer}). Subject wallet on denial too. 6. **`DEFAULT_ACCOUNT_ACTION_ISSUER`** reads `VANA_ACCOUNT_ISSUER` env with literal fallback. 7. **DB-backed registry** with `DEV_MEMORY_APP_CLIENT` fallback so demo flows keep working when the table is empty. ## Migration `007_add_oauth_clients.sql` already applied to dev (`ep-red-river`) and prod (`ep-hidden-glade`) Neon branches. ## Tests 322 passed / 17 skipped (matches baseline). ## Out of scope - Migrate device-code state from sessionStorage → DB (#20) - Migrate passport agreement from localStorage → consent event (#21) - Wire admin UI to use the new API (currently still writes localStorage; the API is in place) - Action-result revocation wiring ## Test plan - [ ] CI passes - [ ] On account-dev: register an OAuth client with builder identity via POST /api/admin/oauth-clients - [ ] Trigger an action request from the demo Memory App with execution_mode=embedded_wallet_account_hosted - [ ] Approve the action — observe POST to `<user-ps>/v1/grants` succeed, `grantId` populated, `authorization_reference` set on consent event
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add NEXT_PUBLIC_VANA_ENV support to the nextjs-starter so the SDK environment (dev/prod) is controlled via a single env var. Document the production checklist: npm package, env flag, Data Connect release, app registration, and deployment.