Skip to content

fix: miscellaneous bugs wrt stack upgrades and Jrpc V2#390

Merged
chaitanyapotti merged 9 commits intomasterfrom
fix/misc-bugs
Mar 10, 2026
Merged

fix: miscellaneous bugs wrt stack upgrades and Jrpc V2#390
chaitanyapotti merged 9 commits intomasterfrom
fix/misc-bugs

Conversation

@lwin-kyaw
Copy link
Contributor

@lwin-kyaw lwin-kyaw commented Mar 9, 2026
edited by chaitanyapotti
Loading

Motivation and Context

Jira Link:

Description

How has this been tested?

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist:

  • My code follows the code style of this project. (run lint)
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • My code requires a db migration.

Note

Medium Risk
Medium risk because it changes Auth.getUserInfo to async (API/behavior change) and adjusts session payload storage IDs and postMessage/JRPC stream transport behavior, which can affect login/session and iframe messaging flows.

Overview
Auth SDK: Auth.getUserInfo is now async and returns userInfo with idToken fetched from the session manager (Vue example updated to await it). Session payload storage now treats loginId as a Hex and stops re-wrapping it with add0x when creating the storage session.

JRPC/transport: PostMessageStream now deep-clones outbound payloads to avoid mutating (or failing on frozen) objects, safely extracts/rewrites the first params[0]._origin, and uses any prior _origin as the postMessage origin constraint. Adds createClientStreamMiddlewareV2 (exported from src/jrpc/v2) to send requests over a Duplex stream with pending-request correlation and notification emission.

Tests/deps: Adds tests for the new postMessage origin/mutation behavior and an Ed25519 RFC 8032 signing/verification vector; updates the Vue example lockfile and adds @toruslabs/tweetnacl-js for signing tests.

Written by Cursor Bugbot for commit b2b7b80. This will update automatically on new commits. Configure here.

@lwin-kyaw lwin-kyaw requested a review from a team as a code owner March 9, 2026 15:45
cursor[bot]
cursor bot reviewed Mar 9, 2026
View reviewed changes
cursor[bot]
cursor bot reviewed Mar 10, 2026
View reviewed changes
cursor[bot]
cursor bot reviewed Mar 10, 2026
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.

@chaitanyapotti chaitanyapotti merged commit e2e0752 into master Mar 10, 2026
5 checks passed
@chaitanyapotti chaitanyapotti deleted the fix/misc-bugs branch March 10, 2026 07:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@chaitanyapotti chaitanyapotti chaitanyapotti approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lwin-kyaw @chaitanyapotti @arch1995