Feat/shielded balance

[GabrielePicco]

Summary by CodeRabbit

• New Features

  • Added shielded payment functionality to deposit and withdraw tokens
  • Enabled splitting recipient balances between public and shielded destinations
  • Added Shield tab for managing shielded transactions

• Improvements

  • Updated branding terminology from "Private" to "Shielded" throughout the app
  • Enhanced authentication flows for shielded balance operations
  • Updated Developer API endpoint reference
  • Improved net worth panel layout and rendering

• Bug Fixes

  • Disabled swaps on devnet environment to prevent unintended operations

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
pay	Ready	Preview, Comment	May 26, 2026 5:02pm

[coderabbitai]

Warning

Review limit reached

@GabrielePicco, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 2 minutes and 34 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 40e47d1e-5c57-4d23-be9c-68ba06468a15

📥 Commits

Reviewing files that changed from the base of the PR and between 4fc5d18 and f589999.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (7)

• .snyk
• app/wallet/solana-wallet-provider.tsx
• components/one/payment-card.tsx
• components/one/shield-card.tsx
• lib/spl-private-balance.ts
• next.config.mjs
• package.json

Walkthrough

This PR introduces shielded (ephemeral) balance routing for SPL tokens and SOL transfers, adds a new Shield card component for shield/unshield workflows, extends PaymentCard to support balance location selection with authentication, adds Shield tab to TradeHub, disables swaps on devnet, and rebrands "Private" to "Shielded" throughout the UI and documentation.

Changes

Shielded & Ephemeral Payments Feature

Layer / File(s)	Summary
Payments API foundation & explorer helpers lib/payments.ts, lib/spl-private-balance.ts	Updated default API base URL to api.magicblock.app, added new endpoint paths (deposit, withdraw, transactionSend), extended getPaymentsExplorerTransactionUrl to accept custom RPC endpoint for explorer cluster=custom mode, and introduced auth token event dispatching (PRIVATE_AUTH_TOKEN_EVENT) when storing/clearing private tokens.
Shield transaction API routes app/api/payments/shield/route.ts, app/api/payments/transaction/send/route.ts, app/api/payments/transfer/route.ts	Implemented /api/payments/shield POST to build unsigned shield/unshield transactions with validation; added /api/payments/transaction/send to submit signed transactions with optional bearer auth and custom RPC endpoint; extended /api/payments/transfer with fromBalance/toBalance routing, ephemeral auth tokens, and dynamic initVaultIfMissing computation.
ShieldCard component for shield/unshield UI components/one/shield-card.tsx	New 982-line React component managing complete shield/unshield flows: query param initialization, wallet and private balance loading, SPL authentication (challenge/sign/login), unsigned transaction building via /api/payments/shield, signing and submission via /api/payments/transaction/send, confirmation, and UI rendering including mode toggle, token selector, amount input, auth prompts, and explorer links.
PaymentCard ephemeral balance routing & auth components/one/payment-card.tsx	Extended with source/recipient balance location selection (base vs ephemeral), private auth token sync from storage/events, private balance loading per mint, optional payments-API submission with bearer auth and confirmation RPC endpoint tracking, error signature extraction, new "Send to" recipient selector with tooltips, and refactored settings UI.
TradeHub Shield tab integration components/one/trade-hub.tsx	Added Shield tab with shamt/shmint query param support, tab-resolution logic, Shield query param cleanup on tab switches, undismissed "Shielded payments beta" notice, and ShieldCard rendering for shield tab.
Supporting UI component refinements components/one/private-routing-controls.tsx, components/one/net-worth-panel.tsx, components/one/swap-card.tsx	PrivateRoutingControls now accepts showRoutingControls prop to conditionally hide routing controls; NetWorthPanel removed early return and now renders responsive auth prompt; SwapCard switched token balance reading to raw account data decoding and added disabled prop to TokenSelector for buy-selection gating.
Branding updates from Private to Shielded components/one/header.tsx, components/one/net-worth-panel.tsx, components/one/swap-card.tsx	Updated FAQ entries, developer API links, and UI labels to use "Shielded" terminology instead of "Private"; changed API link from payments.magicblock.app to api.magicblock.app.
Config & dependency updates next.config.mjs, package.json, app/api/explorer/tx/route.ts	Added Turbopack root configuration, pinned dependency versions (axios 1.15.2, lodash, protobufjs, @solana/subscribable), and extended explorer route to support customUrl query parameter for custom RPC endpoint forwarding.

Devnet Swap Disabling

Layer / File(s)	Summary
Swap endpoint devnet guards app/api/swap/quote/route.ts, app/api/swap/route.ts	Added early cluster checks returning 403 "Swap is disabled on devnet" when PAYMENTS_CLUSTER === "devnet", and updated shielded swap validation error message.
Homepage swap disable integration app/page.tsx	Homepage imports PAYMENTS_CLUSTER, computes isSwapDisabled, passes it to TradeHub, and moves NetWorthPanel outside centered column for layout separation.

---

🎯 4 (Complex) | ⏱️ ~60 minutes

---

Possibly Related PRs

• magicblock-labs/one#10: Both PRs modify swap API endpoints (app/api/swap/quote/route.ts and app/api/swap/route.ts) and may have overlapping changes to swap logic and gating.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 5.26% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Feat/shielded balance' is directly related to the primary changes in this changeset, which extensively implement shielded/ephemeral balance functionality across multiple components and API routes.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/shielded-balance

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 4c29c1c3a8

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 4fc5d18182

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

components/one/payment-card.tsx (1)

1282-1282: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Remove debug log statement.

This console.log appears to be a development artifact and should be removed before merging.

🧹 Suggested fix

-      console.log("Res:\n%s", JSON.stringify(jsonResponse, null, 2));

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@components/one/payment-card.tsx` at line 1282, Remove the development debug
console.log call that prints the response—specifically the line
console.log("Res:\n%s", JSON.stringify(jsonResponse, null, 2)); in the
payment-card component; simply delete this statement (leaving any surrounding
logic intact) so jsonResponse is no longer logged to the console in production.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@components/one/shield-card.tsx`:
- Around line 646-653: The amount validation currently compares rawAmount to
sourceBalanceRaw only when sourceBalanceRaw !== null, which lets shield
submissions bypass validation while the public balance is still loading; update
the submit-button disabled condition (the JSX prop that currently checks things
like amountError and other flags around the submit handler) to include
publicBalanceLoading so the button is disabled while public balance is loading,
ensuring the validation in the sourceBalanceRaw/BigInt(rawAmount) branch (and
setAmountError with mode) always runs before submit.

In `@lib/spl-private-balance.ts`:
- Around line 24-31: setStoredPrivateAuthToken and clearStoredPrivateAuthToken
perform localStorage.setItem/removeItem directly which can throw in
restricted-storage environments; wrap those calls in the same defensive
try/catch used by getStoredPrivateAuthToken so failures don't propagate and
still call dispatchPrivateAuthTokenEvent(pubkeyBase58). Specifically, in
setStoredPrivateAuthToken (function name) catch errors around
localStorage.setItem and swallow/log them, and in clearStoredPrivateAuthToken
(function name) catch errors around localStorage.removeItem and swallow/log
them, preserving existing behavior of
dispatchPrivateAuthTokenEvent(pubkeyBase58).

---

Outside diff comments:
In `@components/one/payment-card.tsx`:
- Line 1282: Remove the development debug console.log call that prints the
response—specifically the line console.log("Res:\n%s",
JSON.stringify(jsonResponse, null, 2)); in the payment-card component; simply
delete this statement (leaving any surrounding logic intact) so jsonResponse is
no longer logged to the console in production.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: ec23c613-dcf6-4af4-9fcd-3aff248e7cee

📥 Commits

Reviewing files that changed from the base of the PR and between 5a33a04 and 4fc5d18.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (19)

• .snyk
• app/api/explorer/tx/route.ts
• app/api/payments/shield/route.ts
• app/api/payments/transaction/send/route.ts
• app/api/payments/transfer/route.ts
• app/api/swap/quote/route.ts
• app/api/swap/route.ts
• app/page.tsx
• components/one/header.tsx
• components/one/net-worth-panel.tsx
• components/one/payment-card.tsx
• components/one/private-routing-controls.tsx
• components/one/shield-card.tsx
• components/one/swap-card.tsx
• components/one/trade-hub.tsx
• lib/payments.ts
• lib/spl-private-balance.ts
• next.config.mjs
• package.json

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d79fc82e65

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f589999600

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".