V3 HMAC Support

[codabrink]

Summary by CodeRabbit

Release Notes

• Dependency Updates

  • Updated viem library version
  • Replaced @xmtp/xmtp-js with @xmtp/node-sdk

• Infrastructure Changes

  • Modified .gitignore to exclude mise.toml and swift/mls_validation
  • Updated Docker command syntax from docker-compose to docker compose

• Testing Improvements

  • Refined integration test cases for messaging and conversation handling
  • Updated test methods to use new SDK functionality

• Backend Enhancements

  • Improved logging in API subscription method
  • Updated client creation and subscription logic

[coderabbitai]

Important

Review skipped

Review was skipped as selected files did not have any reviewable changes.

💤 Files selected but had no reviewable changes (1)

• pkg/topics/topics.go

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

This pull request encompasses modifications across multiple files in a project, focusing on dependency updates, test case revisions, and subtle configuration changes. The changes primarily involve updating the XMTP Node SDK, adjusting Docker composition commands, modifying integration tests, and refining API server logging. The modifications suggest an evolution of the project's communication and integration infrastructure, with a particular emphasis on group messaging and SDK compatibility.

Changes

File	Change Summary
.gitignore	Added mise.toml and updated swift/mls_validation ignore rules
dev/integration	Replaced docker-compose with docker compose command syntax
integration/package.json	Replaced @xmtp/xmtp-js with @xmtp/node-sdk, updated viem version
integration/src/index.test.ts	Updated test cases with new account addressing, group conversation methods, and topic generation
integration/src/index.ts	Migrated to @xmtp/node-sdk, modified client creation and subscription logic
pkg/api/api.go	Enhanced logging in SubscribeWithMetadata method

Sequence Diagram

sequenceDiagram
    participant Client
    participant XMTPNodeSDK
    participant APIServer
    
    Client->>XMTPNodeSDK: Create Client
    XMTPNodeSDK-->>Client: Client Instance
    Client->>APIServer: Subscribe with Metadata
    APIServer->>XMTPNodeSDK: Process Subscriptions
    XMTPNodeSDK-->>APIServer: Subscription Confirmation
    APIServer-->>Client: Subscription Response

Loading

Poem

🐰 In the realm of code, where rabbits hop and play,
SDK changes dance, leading the way!
From compose to node, from old to new,
Integration's path, a technological brew 🚀
Hoppity-change, our updates shine bright! 🌟

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (4)

integration/src/index.ts (2)

63-63: Use a constant or enum for consentState comparison

Comparing consentState directly to the numeric value 1 can reduce code readability. Consider defining a constant or enum to represent the consent state.

Apply this diff to improve readability:

+const CONSENT_STATE_ALLOWED = 1;
...
   const consentedConversations = (await xmtpClient.conversations.list()).filter(
-    (c) => c.consentState === 1
+    (c) => c.consentState === CONSENT_STATE_ALLOWED
   );

---

92-92: Remove unused variable inviteAndIntroSubscriptions

The inviteAndIntroSubscriptions array is initialized but not used. Consider removing it to clean up the code.

Apply this diff to remove the unused variable:

-  const inviteAndIntroSubscriptions: Subscription[] = [];

integration/src/index.test.ts (2)

116-117: Clarify message delivery expectations in the test

The test sends messages with comments about delivery expectations. Ensure that the messages correspond with the intended delivery logic, and adjust the comments or logic if needed.

---

2-2: Remove unnecessary import of expect if globally available

If expect is globally available in your testing environment, consider removing the explicit import to clean up the code.

Apply this diff to remove the redundant import:

-import { expect, test, afterAll, describe } from "bun:test";
+import { test, afterAll, describe } from "bun:test";

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e21c0d3 and 07e0e22.

⛔ Files ignored due to path filters (45)

• integration/bun.lockb is excluded by !**/bun.lockb
• integration/gen/notifications/v1/service_pb.d.ts is excluded by !**/gen/**
• integration/gen/notifications/v1/service_pb.js is excluded by !**/gen/**
• pkg/proto/identity/api/v1/identity.pb.go is excluded by !**/*.pb.go
• pkg/proto/identity/api/v1/identity_grpc.pb.go is excluded by !**/*.pb.go
• pkg/proto/identity/associations/association.pb.go is excluded by !**/*.pb.go
• pkg/proto/identity/associations/signature.pb.go is excluded by !**/*.pb.go
• pkg/proto/identity/credential.pb.go is excluded by !**/*.pb.go
• pkg/proto/keystore_api/v1/keystore.pb.go is excluded by !**/*.pb.go
• pkg/proto/message_api/v1/authn.pb.go is excluded by !**/*.pb.go
• pkg/proto/message_api/v1/message_api.pb.go is excluded by !**/*.pb.go
• pkg/proto/message_contents/ciphertext.pb.go is excluded by !**/*.pb.go
• pkg/proto/message_contents/composite.pb.go is excluded by !**/*.pb.go
• pkg/proto/message_contents/contact.pb.go is excluded by !**/*.pb.go
• pkg/proto/message_contents/content.pb.go is excluded by !**/*.pb.go
• pkg/proto/message_contents/conversation_reference.pb.go is excluded by !**/*.pb.go
• pkg/proto/message_contents/ecies.pb.go is excluded by !**/*.pb.go
• pkg/proto/message_contents/frames.pb.go is excluded by !**/*.pb.go
• pkg/proto/message_contents/invitation.pb.go is excluded by !**/*.pb.go
• pkg/proto/message_contents/message.pb.go is excluded by !**/*.pb.go
• pkg/proto/message_contents/private_key.pb.go is excluded by !**/*.pb.go
• pkg/proto/message_contents/private_preferences.pb.go is excluded by !**/*.pb.go
• pkg/proto/message_contents/public_key.pb.go is excluded by !**/*.pb.go
• pkg/proto/message_contents/signature.pb.go is excluded by !**/*.pb.go
• pkg/proto/message_contents/signed_payload.pb.go is excluded by !**/*.pb.go
• pkg/proto/mls/api/v1/mls.pb.go is excluded by !**/*.pb.go
• pkg/proto/mls/database/intents.pb.go is excluded by !**/*.pb.go
• pkg/proto/mls/message_contents/association.pb.go is excluded by !**/*.pb.go
• pkg/proto/mls/message_contents/content.pb.go is excluded by !**/*.pb.go
• pkg/proto/mls/message_contents/content_types/reaction.pb.go is excluded by !**/*.pb.go
• pkg/proto/mls/message_contents/credential.pb.go is excluded by !**/*.pb.go
• pkg/proto/mls/message_contents/group_membership.pb.go is excluded by !**/*.pb.go
• pkg/proto/mls/message_contents/group_metadata.pb.go is excluded by !**/*.pb.go
• pkg/proto/mls/message_contents/group_mutable_metadata.pb.go is excluded by !**/*.pb.go
• pkg/proto/mls/message_contents/group_permissions.pb.go is excluded by !**/*.pb.go
• pkg/proto/mls/message_contents/transcript_messages.pb.go is excluded by !**/*.pb.go
• pkg/proto/mls_validation/v1/service.pb.go is excluded by !**/*.pb.go
• pkg/proto/mls_validation/v1/service_grpc.pb.go is excluded by !**/*.pb.go
• pkg/proto/xmtpv4/envelopes/envelopes.pb.go is excluded by !**/*.pb.go
• pkg/proto/xmtpv4/message_api/message_api.pb.go is excluded by !**/*.pb.go
• pkg/proto/xmtpv4/message_api/message_api_grpc.pb.go is excluded by !**/*.pb.go
• pkg/proto/xmtpv4/message_api/misbehavior_api.pb.go is excluded by !**/*.pb.go
• pkg/proto/xmtpv4/message_api/misbehavior_api_grpc.pb.go is excluded by !**/*.pb.go
• pkg/proto/xmtpv4/payer_api/payer_api.pb.go is excluded by !**/*.pb.go
• pkg/proto/xmtpv4/payer_api/payer_api_grpc.pb.go is excluded by !**/*.pb.go

📒 Files selected for processing (6)

• .gitignore (2 hunks)
• dev/integration (1 hunks)
• integration/package.json (1 hunks)
• integration/src/index.test.ts (4 hunks)
• integration/src/index.ts (4 hunks)
• pkg/api/api.go (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• dev/integration

🔇 Additional comments (13)

integration/src/index.ts (4)

24-24: Ensure all callers handle the new asynchronous randomClient function

The randomClient function has been changed to async. Please verify that all places where randomClient() is called are updated to handle the returned Promise appropriately.

---

67-67: Verify the updated HMAC key retrieval method

The method for retrieving HMAC keys has changed to xmtpClient.conversations.hmacKeys(). Ensure this method returns the expected data structure compatible with the rest of the code.

---

35-39: Confirm parameters for Client.create

The parameters passed to Client.create have been updated. Verify that the signer, encKey, and configuration options align with the new SDK requirements.

---

13-13: Check compatibility of getRandomValues in your environment

Using getRandomValues from "node:crypto" requires Node.js 19 or newer. Ensure that your deployment environment supports this or consider a polyfill for earlier versions.

integration/src/index.test.ts (4)

39-39: Verify installationId usage with alix.accountAddress

In the registerInstallation call, installationId is set to alix.accountAddress. Confirm that accountAddress is the intended value for installationId in this context.

---

86-86: Handle the result of await bo.conversations.newGroup

Ensure that boGroup receives the correct conversation object and that any asynchronous operations are properly handled.

---

95-97: Validate the expected number of HMAC keys

You expect conversationHmacKeys.length to be 3. Verify that this aligns with the actual HMAC key generation logic, and adjust the test expectation if necessary.

---

88-91: ⚠️ Potential issue

Await synchronization before listing conversations

There might be a timing issue when syncing conversations. Make sure to await alix.conversations.syncAll() before listing conversations to ensure synchronization is complete.

Apply this diff to correctly await synchronization:

     expect((await alix.conversations.list()).length).toEqual(0);
-    await alix.conversations.syncAll();
+    await alix.conversations.syncAll();
     const alixGroups = await alix.conversations.list();

Likely invalid or redundant comment.

pkg/api/api.go (1)

145-146: Improved logging for SubscribeWithMetadata

The updated logging message "Subscribing" provides clearer insight into the operation being performed, enhancing debug ability.

integration/package.json (2)

14-14: Verify stability of @xmtp/[email protected]

The version number (0.0.x) suggests this is a pre-release or beta version. Please ensure:

1. This version is stable enough for production use
2. There are no critical bugs or breaking changes

---

15-15: Verify compatibility with viem@^2.22.2

The significant minor version jump (2.7 → 2.22) might introduce new features or deprecations.

✅ Verification successful

Version upgrade to viem@^2.22.2 appears safe

The codebase uses only stable, core wallet functionality from viem (wallet creation, signing, and chain operations). No breaking changes were found between v2.7 and v2.22.2 that would affect these basic operations.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check changelog for breaking changes
curl -s https://raw.githubusercontent.com/wagmi-dev/viem/main/CHANGELOG.md | grep -A 10 "2.22.2"

# Check for compatibility issues
gh api graphql -f query='
{
  repository(owner: "wagmi-dev", name: "viem") {
    issues(first: 5, states: OPEN, labels: ["breaking-change"], orderBy: {field: CREATED_AT, direction: DESC}) {
      nodes {
        title
        url
      }
    }
  }
}'

Length of output: 397

---

Script:

#!/bin/bash
# Try fetching release notes for relevant versions
gh api repos/wagmi-dev/viem/releases --paginate | jq -r '.[] | select(.tag_name | startswith("v2.")) | select(.tag_name >= "v2.7.0" and .tag_name <= "v2.22.2") | "Version: \(.tag_name)\n\(.body)\n---"'

# Search for viem usage patterns
rg -l "from ['\"](viem|@viem)" --type ts --type js

# Look for specific viem imports
ast-grep --pattern 'import { $_ } from "viem"'

Length of output: 332

---

Script:

#!/bin/bash
# Check specific viem usage in the file
cat integration/src/index.ts

# Look for specific viem function calls
ast-grep --pattern 'import { $WHAT } from "viem"' integration/src/index.ts

Length of output: 3384

.gitignore (2)

7-7: Verify if mise.toml should be version controlled

Development environment configuration files are typically version controlled to ensure consistent development environments across the team.

Please confirm if ignoring mise.toml aligns with the team's development environment management strategy.

---

25-25: LGTM: Consistent with other Swift ignores

The addition of swift/mls_validation follows the established pattern of ignoring generated Swift directories.