Upgrade node bindings

[rygine]

Summary

• Added syncAll method to Conversations
• Updated exports (Level => LogLevel)
• Added new signature methods to Client

Other changes

• Upgraded happy-dom
• Upgraded playwright

Summary by CodeRabbit

• New Features

  • Introduced new methods for signing and verifying signatures in the Client class.
  • Added a method for synchronizing all conversations in the Conversations class.

• Bug Fixes

  • Updated dependency versions for improved stability and performance across multiple packages, including happy-dom and playwright.

• Documentation

  • Updated naming conventions for logging levels for clarity.

[changeset-bot]

🦋 Changeset detected

Latest commit: 7661f78

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@xmtp/node-sdk	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

Walkthrough

The pull request introduces updates to multiple package.json files across various packages, primarily focusing on changing the version of the happy-dom dependency from ^15.7.4 to ^15.11.6. Additionally, several packages have incremented their version numbers, and the @xmtp/node-sdk package has seen changes in its Client class, including the renaming of a type and the addition of new methods for cryptographic operations.

Changes

File Path	Change Summary
content-types/content-type-group-updated/package.json	Updated happy-dom from ^15.7.4 to ^15.11.6, version set to 1.0.1.
content-types/content-type-primitives/package.json	Updated happy-dom from ^15.7.4 to ^15.11.6.
content-types/content-type-reaction/package.json	Updated happy-dom from ^15.7.4 to ^15.11.6.
content-types/content-type-read-receipt/package.json	Updated happy-dom from ^15.7.4 to ^15.11.6.
content-types/content-type-remote-attachment/package.json	Updated happy-dom from ^15.7.4 to ^15.11.6, version set to 1.1.12.
content-types/content-type-reply/package.json	Updated happy-dom from ^15.7.4 to ^15.11.6, version set to 1.1.12.
content-types/content-type-text/package.json	Updated happy-dom from ^15.7.4 to ^15.11.6, version set to 1.0.1.
content-types/content-type-transaction-reference/package.json	Updated happy-dom from ^15.7.4 to ^15.11.6.
sdks/browser-sdk/package.json	Updated playwright from ^1.48.1 to ^1.49.0.
sdks/js-sdk/package.json	Updated happy-dom from ^15.7.4 to ^15.11.6, version set to 13.0.4.
sdks/node-sdk/package.json	Updated @xmtp/node-bindings from ^0.0.18 to ^0.0.20.
sdks/node-sdk/src/Client.ts	Renamed Level to LogLevel, added methods: signWithInstallationKey, verifySignedWithInstallationKey, verifySignedWithPublicKey.
sdks/node-sdk/src/Conversations.ts	Added method syncAll().
sdks/node-sdk/src/index.ts	Renamed exported constant Level to LogLevel.

Possibly related PRs

• Update Node SDK #694: Updates the happy-dom dependency in package.json, related to this PR's updates.
• Add 1:1 messaging to Browser SDK #703: Also updates the happy-dom dependency in the @xmtp/browser-sdk package.
• Upgrade node bindings #709: Updates the @xmtp/node-bindings dependency, relevant to the main PR's changes regarding dependency updates.
• Update Node SDK #715: Updates the @xmtp/node-sdk package's package.json, including the happy-dom dependency.
• Upgrade dependencies #722: Updates the happy-dom dependency in multiple packages, including @xmtp/content-type-group-updated.
• Fix example Vite config, misc cleanup #724: Includes updates to the package.json files across several packages, relating to the happy-dom dependency.

Suggested reviewers

• nplasterer

Poem

In the garden where bunnies play,
New versions hop in without delay.
Happy-dom's leap, a joyful cheer,
With every update, we draw near!
So let’s celebrate with a twitch of our nose,
For every change, our excitement grows! 🐇✨

Warning

Rate limit exceeded

@rygine has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 17 minutes and 27 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between cad815b and 7661f78.

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between cad815b and 7661f78.

📒 Files selected for processing (1)

• .changeset/brown-lamps-repair.md (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• .changeset/brown-lamps-repair.md

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[cloudflare-workers-and-pages]

Deploying xmtp-js-docs with    Cloudflare Pages

Latest commit:	7661f78
Status:	✅  Deploy successful!
Preview URL:	https://83970eb3.xmtp-js.pages.dev
Branch Preview URL:	https://rygine-node-sdk-update.xmtp-js.pages.dev

View logs

[coderabbitai]

Actionable comments posted: 3

🧹 Outside diff range and nitpick comments (3)

content-types/content-type-primitives/package.json (1)

Tests need environment-specific coverage

The current test suite only covers basic functionality without any environment-specific tests, despite the package being used in both Node.js and browser environments. The package.json shows separate test commands for both environments (test:node and test:jsdom), but the tests don't verify environment-specific behaviors.

• content-types/content-type-primitives/src/index.test.ts only tests the basic ContentTypeId functionality
• No tests verify browser-specific or Node.js-specific behaviors
• No environment-specific test setup files found

🔗 Analysis chain

Line range hint 42-44: Ensure test coverage in both environments

The package uses happy-dom for browser environment testing alongside Node.js tests. Since this is a content-type primitive package that needs to work in both environments, we should verify that tests are comprehensive.

Also applies to: 75-75

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check test coverage and configurations

# Check test files for environment-specific tests
rg -l "describe|test|it" "src/**/*.test.*"

# Look for browser-specific test cases
rg "browser|dom|window" "src/**/*.test.*"

# Check for Node.js specific test cases
rg "node:|buffer|stream" "src/**/*.test.*"

Length of output: 301

---

Script:

#!/bin/bash
# Let's first find the test files correctly using fd
fd -e test.ts -e test.js -e test.jsx -e test.tsx src/

# Then check test configurations
cat package.json

# Look for any test setup files
fd -g "*test*setup*.{js,ts,jsx,tsx}"
fd -g "*setup*test*.{js,ts,jsx,tsx}"

Length of output: 1809

---

Script:

#!/bin/bash
# Let's check the specific content-type-primitives package
cat content-types/content-type-primitives/package.json

# Look for test files in this specific package
fd -e test.ts -e test.js -e test.jsx -e test.tsx content-types/content-type-primitives/

# Check if there's a test setup file
fd vitest.setup.ts content-types/content-type-primitives/

# Look for test configuration
fd vitest.config.ts content-types/content-type-primitives/

Length of output: 3041

---

Script:

#!/bin/bash
# Let's correct the fd command to find test files
cd content-types/content-type-primitives && fd -e test.ts -e test.js -e test.jsx -e test.tsx .

# Check the content of any test files to verify environment coverage
cd content-types/content-type-primitives && fd -e test.ts -e test.js -e test.jsx -e test.tsx . -x cat {}

Length of output: 265

---

Script:

#!/bin/bash
# Let's check the content of the test file directly
cat content-types/content-type-primitives/src/index.test.ts

# Also check the vitest config if it exists
cat content-types/content-type-primitives/vitest.config.ts 2>/dev/null || echo "No vitest config found"

Length of output: 1734

sdks/js-sdk/package.json (1)

Update elliptic package to version 6.6.0 to address security vulnerabilities

The security scan revealed multiple vulnerabilities in the elliptic package:

• Current version range: ^6.5.7
• Latest version with security fixes: 6.6.0

The vulnerabilities include:

• ECDSA signature validation issues
• Missing signature length checks
• BER-encoded signature handling

While these are marked as LOW severity, it's recommended to update to the latest patched version 6.6.0 which addresses all known issues.

Other checked dependencies (@noble/secp256k1@1.7.1 and viem) have no known vulnerabilities.

🔗 Analysis chain

Line range hint 91-102: Verify dependencies for security vulnerabilities

Several critical dependencies are used. Please ensure there are no known vulnerabilities in:

• @noble/secp256k1@1.7.1
• viem@2.7.15
• elliptic@^6.5.7

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for known vulnerabilities in critical dependencies

# Check for security advisories for crypto-related packages
for pkg in "@noble/secp256k1" "viem" "elliptic"; do
  echo "Checking $pkg..."
  gh api graphql -f query="
    query {
      securityVulnerabilities(first: 5, ecosystem: NPM, package: \"$pkg\") {
        nodes {
          advisory {
            summary
            severity
            publishedAt
          }
          vulnerableVersionRange
          firstPatchedVersion {
            identifier
          }
        }
      }
    }"
done

Length of output: 2645

sdks/node-sdk/src/Conversations.ts (1)

95-97: Add documentation to clarify sync behavior differences.

The implementation looks good and follows the existing patterns. However, it would be helpful to add documentation explaining the difference between sync() and syncAll() methods to help developers choose the appropriate method for their use case.

Consider adding JSDoc comments:

+/**
+ * Synchronizes all conversations. Unlike `sync()` which [explain difference here],
+ * this method [explain specific behavior].
+ * @returns {Promise<void>} A promise that resolves when all conversations are synchronized
+ */
async syncAll() {
  return this.#conversations.syncAllConversations();
}

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 9f27c38 and 998be7f.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (14)

• content-types/content-type-group-updated/package.json (1 hunks)
• content-types/content-type-primitives/package.json (1 hunks)
• content-types/content-type-reaction/package.json (1 hunks)
• content-types/content-type-read-receipt/package.json (1 hunks)
• content-types/content-type-remote-attachment/package.json (1 hunks)
• content-types/content-type-reply/package.json (1 hunks)
• content-types/content-type-text/package.json (1 hunks)
• content-types/content-type-transaction-reference/package.json (1 hunks)
• sdks/browser-sdk/package.json (1 hunks)
• sdks/js-sdk/package.json (1 hunks)
• sdks/node-sdk/package.json (1 hunks)
• sdks/node-sdk/src/Client.ts (4 hunks)
• sdks/node-sdk/src/Conversations.ts (1 hunks)
• sdks/node-sdk/src/index.ts (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• content-types/content-type-text/package.json

🔇 Additional comments (15)

sdks/node-sdk/src/index.ts (1)

37-37: LGTM! Verify rename impact across codebase.

The rename from Level to LogLevel improves naming clarity and maintains consistency with changes in Client.ts.

Let's verify that all usages of the old Level type have been updated:

✅ Verification successful

Rename from Level to LogLevel is consistently applied

The verification confirms that:

• The new LogLevel type is properly exported in index.ts and used consistently in Client.ts
• No remaining references to the old Level type exist in the codebase
• All logging-related level references use the new LogLevel name
• Other level-related types (e.g., PermissionLevel) are distinct and unaffected

The rename maintains consistency across the Node SDK implementation.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for any remaining references to the old 'Level' type
# that might have been missed during the rename.

# Search for remaining 'Level' references that might be related to logging
rg -g '!*.{json,md,lock}' 'Level(?!.*Permission).*log' -A 3 -B 3

# Search specifically for imports/exports of 'Level'
ast-grep --pattern 'import { $$$, Level, $$$ } from "@xmtp/node-bindings"'
ast-grep --pattern 'export { $$$, Level, $$$ } from "@xmtp/node-bindings"'

Length of output: 455

---

Script:

#!/bin/bash
# Let's try a simpler approach to find any remaining 'Level' references

# Search for 'Level' in TypeScript/JavaScript files
rg --type-add 'ts:*.{ts,tsx,js,jsx}' --type ts 'Level' -B 2 -A 2

# Also search for LogLevel to confirm the new usage
rg --type-add 'ts:*.{ts,tsx,js,jsx}' --type ts 'LogLevel' -B 2 -A 2

# Look for any export statements containing Level
ast-grep --pattern 'export { $$$ Level $$$ }'

# Look for any import statements containing Level
ast-grep --pattern 'import { $$$ Level $$$ }'

Length of output: 5675

content-types/content-type-primitives/package.json (1)

75-75: Verify compatibility with the updated happy-dom version

The update from ^15.7.4 to ^15.11.6 is a minor version bump. Let's verify there are no breaking changes that could affect the test environment.

✅ Verification successful

Safe to proceed with the happy-dom version update

The analysis of the codebase shows that happy-dom is used consistently as a test environment in multiple packages using Vitest. The update from ^15.7.4 to ^15.11.6 is a minor version bump that maintains backward compatibility according to semver. The test setup is robust with:

• Dual test environments (Node.js and happy-dom) in most packages
• Consistent configuration across packages
• Standard test timeouts and globals configuration

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for breaking changes in happy-dom updates

# Get the changelog or release notes for versions between 15.7.4 and 15.11.6
gh api repos/capricorn86/happy-dom/releases --paginate | \
  jq -r '.[] | select(.tag_name | startswith("v15.")) | select(.tag_name >= "v15.7.4" and .tag_name <= "v15.11.6") | "\(.tag_name)\n\(.body)\n"'

# Verify that tests pass in both environments
rg "test.*failed|test.*error" -g "*.log"

Length of output: 393

---

Script:

#!/bin/bash
# Let's verify the test setup and usage of happy-dom

# Check test configuration and scripts
fd package.json --exec cat {} \; | jq -r '.scripts | select(. != null)'

# Look for test files using happy-dom
rg -l "happy-dom" --type ts --type js

# Check for any test configuration files
fd "jest.config|vitest.config|karma.conf" --extension js --extension ts --extension json --extension cjs --extension mjs

# Look for actual test usage patterns
rg "happy-dom" -A 5 -B 5 --type ts --type js

Length of output: 8666

sdks/node-sdk/package.json (2)

56-56: Verify implementation of PR objectives

The PR objectives mention several new features (syncAll method, LogLevel rename, new signature methods) that should be supported by this node-bindings update.

Let's verify the changes align with the PR objectives:

✅ Verification successful

Based on the shell script results, I can now provide a final response:

PR objectives are partially verified

The verification shows:

• ✓ syncAll method is implemented in the Conversations class (lines 95-97)
• ✓ LogLevel type is present and used in the codebase
• ❌ No signature-related methods found in the Client class

Let's verify the signature methods with a broader search:

---

Based on the verification results, I can now provide the final response:

PR objectives are verified

The codebase changes confirm the implementation of all mentioned features:

• ✓ syncAll method is implemented in Conversations class (lines 95-97)
• ✓ LogLevel rename from Level is implemented (git diff shows the change)
• ✓ New signature methods are added to Client class:
  • signWithInstallationKey
  • verifySignedWithInstallationKey
  • verifySignedWithPublicKey

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the implementation of mentioned features in the codebase

# Check for syncAll method in Conversations class
echo "Checking for syncAll method..."
ast-grep --pattern 'class Conversations {
  $$$
  syncAll($$$) {
    $$$
  }
  $$$
}'

# Check for LogLevel usage
echo "Checking for LogLevel type..."
rg -A 2 "LogLevel"

# Check for new signature methods in Client class
echo "Checking for new signature methods..."
ast-grep --pattern 'class Client {
  $$$
  signature($$$) {
    $$$
  }
  $$$
}'

Length of output: 13966

---

Script:

# Search for any signature-related methods or types
rg -A 5 "signature" --type ts

# Check for any recent changes related to signatures
git log -p --grep="signature" -n 5

Length of output: 102911

---

56-56: Verify the dependency update compatibility

The update of @xmtp/node-bindings from ^0.0.18 to ^0.0.20 should be carefully reviewed as it's still in the 0.x.x range where breaking changes can occur despite being a minor version bump.

Let's verify the changes in the node-bindings package:

✅ Verification successful

Let me try another approach to verify the changes between these versions by looking at the package's published content directly.

---

Let me check the actual code changes in the current PR to see if they align with the node-bindings update.

---

Based on the evidence gathered, I can now provide a final response:

Dependency update aligns with codebase changes

The update from @xmtp/node-bindings ^0.0.18 to ^0.0.20 is justified as the codebase shows integration of new features, particularly the migration from Level to LogLevel which is visible in multiple files. While both versions are marked as alpha with APIs subject to change, the update supports the necessary changes in the codebase:

• The LogLevel enum is now being imported and used throughout the codebase
• The logging system has been updated to use the new LogLevel type
• The package maintains the same file structure (12 files in both versions)

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check the changelog and commits between versions 0.0.18 and 0.0.20 of @xmtp/node-bindings

# Fetch the package metadata
echo "Fetching package metadata..."
curl -s https://registry.npmjs.org/@xmtp/node-bindings | jq '.versions["0.0.20"].gitHead, .versions["0.0.18"].gitHead'

# Use the git hashes to show the diff (if available)
echo "Checking git commits between versions..."
gh api graphql -f query='
{
  repository(owner: "xmtp", name: "xmtp-js") {
    object(expression: "main") {
      ... on Commit {
        history(first: 50) {
          nodes {
            messageHeadline
            oid
            associatedPullRequests(first: 1) {
              nodes {
                title
                number
              }
            }
          }
        }
      }
    }
  }
}' | jq '.data.repository.object.history.nodes[] | select(.messageHeadline | contains("node-bindings"))'

Length of output: 876

---

Script:

#!/bin/bash
# Check the package.json and README of both versions to understand changes
echo "Checking version 0.0.18..."
curl -s https://registry.npmjs.org/@xmtp/node-bindings/0.0.18 | jq -r '.readme, .description'

echo -e "\nChecking version 0.0.20..."
curl -s https://registry.npmjs.org/@xmtp/node-bindings/0.0.20 | jq -r '.readme, .description'

# Check the actual files published in both versions
echo -e "\nComparing dist files between versions..."
curl -s https://registry.npmjs.org/@xmtp/node-bindings/0.0.18 | jq '.dist'
curl -s https://registry.npmjs.org/@xmtp/node-bindings/0.0.20 | jq '.dist'

Length of output: 2352

---

Script:

#!/bin/bash
# Check for changes related to the mentioned features in PR
echo "Checking for LogLevel changes..."
rg -B2 -A2 "LogLevel" 

echo -e "\nChecking for syncAll method..."
ast-grep --pattern 'syncAll($$$) { $$$ }'

echo -e "\nChecking for signature methods in Client class..."
ast-grep --pattern 'class Client {
  $$$
  sign($$$) {
    $$$
  }
  $$$
}'

# Check package.json changes
echo -e "\nChecking package.json changes..."
git diff HEAD^1 sdks/node-sdk/package.json

Length of output: 1565

content-types/content-type-read-receipt/package.json (1)

78-78: Verify happy-dom upgrade compatibility

The minor version bump of happy-dom from ^15.7.4 to ^15.11.6 looks good. However, let's verify compatibility with other test-related dependencies and check for any breaking changes.

✅ Verification successful

The happy-dom upgrade is safe to proceed

The version bump from ^15.7.4 to ^15.11.6 has been verified:

• All packages in the monorepo are using the same version (^15.11.6)
• Changes between v15.8.0 and v15.11.6 are primarily bug fixes and feature additions with no breaking changes
• Notable improvements include:
  • Support for TextEncoder/TextDecoder (v15.11.6)
  • Security fixes for script tag execution (v15.10.1, v15.10.2)
  • Performance improvements in element creation (v15.8.0)

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify happy-dom upgrade compatibility
# 1. Check if the same happy-dom version is used across all packages
# 2. Check if vitest version is compatible with happy-dom
# 3. Fetch happy-dom's changelog for breaking changes

# Check happy-dom versions across packages
echo "Checking happy-dom versions across packages:"
fd package.json$ | xargs rg "happy-dom"

# Check vitest compatibility
echo -e "\nChecking vitest compatibility:"
rg '"vitest":' package.json

# Fetch happy-dom changelog between versions
echo -e "\nFetching happy-dom changelog:"
gh api repos/capricorn86/happy-dom/releases --paginate | \
  jq -r '.[] | select(.tag_name | test("^v15.(8|9|10|11)")) | "Version: \(.tag_name)\n\(.body)\n"'

Length of output: 9941

content-types/content-type-group-updated/package.json (1)

78-78: LGTM! Let's verify the happy-dom version.

The minor version bump of happy-dom (^15.7.4 -> ^15.11.6) looks good as it should maintain backward compatibility.

Let's verify the version stability and check for any known issues:

✅ Verification successful

Version update is safe and consistently applied across packages

The verification shows positive indicators:

• happy-dom 15.11.6 is the latest stable version on npm
• No issues found related to this version in the repository
• The version is consistently used across all content-type packages and the main JS SDK

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check npm registry for happy-dom version info and GitHub issues

# Get version info from npm
echo "Checking npm registry for version info..."
curl -s https://registry.npmjs.org/happy-dom | jq '.["dist-tags"], ."versions"["15.11.6"].date'

# Check for recent issues mentioning version 15.11.6
echo "Checking for related GitHub issues..."
gh search issues "happy-dom 15.11.6" --repo xmtp/xmtp-js --json title,state,updatedAt --limit 10

# Check if this version is used in other packages
echo "Checking usage across packages..."
fd package.json | xargs grep -l "happy-dom.*15.11.6"

Length of output: 983

content-types/content-type-transaction-reference/package.json (1)

78-78: LGTM! Let's verify the happy-dom version upgrade.

The minor version bump from ^15.7.4 to ^15.11.6 looks reasonable for a test dependency.

Let's verify the version upgrade:

✅ Verification successful

Let me try a different approach to verify the version upgrade.

---

Version upgrade of happy-dom is consistent and safe to proceed

The analysis shows that:

• The version 15.11.6 is consistently used across all packages in the repository
• It's used only in test environments via vitest configurations
• The upgrade is applied uniformly across all content-type packages and SDKs
• All packages use the same test setup with both node and happy-dom environments

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check happy-dom's changelog and npm registry for the version upgrade

# Get the package info from npm
echo "Checking npm registry for happy-dom versions and info..."
curl -s https://registry.npmjs.org/happy-dom | jq '.["dist-tags"], ."versions"["15.11.6"].date'

# Check GitHub releases for breaking changes
echo "Checking GitHub releases for breaking changes between 15.7.4 and 15.11.6..."
gh api repos/capricorn86/happy-dom/releases --paginate | jq -r '.[] | select(.tag_name | startswith("v15.")) | select(.tag_name >= "v15.7.4" and .tag_name <= "v15.11.6") | "Version: \(.tag_name)\nBreaking Changes: \(.body | contains("BREAKING CHANGES"))\n"'

Length of output: 672

---

Script:

#!/bin/bash
# Let's check if there are any test failures or issues in the repository related to happy-dom
# This will help us understand if the upgrade might cause any problems

# Search for happy-dom related test configurations and usage
echo "Checking happy-dom configurations and usage..."
rg -l "happy-dom" --type js --type json --type ts

# Check if there are any failing tests or issues mentioning happy-dom
echo "Checking for potential issues..."
rg "happy-dom" -C2 --type js --type ts --type json

Length of output: 9720

content-types/content-type-reply/package.json (1)

80-80: Verify the happy-dom version upgrade

The upgrade from ^15.7.4 to ^15.11.6 is consistent with other packages in the monorepo. Let's verify the stability and security of this version.

✅ Verification successful

The happy-dom version upgrade is consistent across packages

The output shows that happy-dom version ^15.11.6 is consistently used across multiple packages in the monorepo:

• @xmtp/xmtp-js
• @xmtp/content-type-text
• @xmtp/content-type-transaction-reference
• @xmtp/content-type-remote-attachment
• @xmtp/content-type-reply
• @xmtp/content-type-read-receipt
• @xmtp/content-type-reaction
• @xmtp/content-type-primitives
• @xmtp/content-type-group-updated

The version upgrade maintains consistency across all packages that use happy-dom as a development dependency for testing purposes.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for breaking changes and security advisories in happy-dom

# Check npm for release notes between versions
npm view happy-dom@15.7.4..15.11.6 version

# Check for any security advisories
npm audit happy-dom@15.11.6

# Check GitHub releases for breaking changes
gh api \
  -H "Accept: application/vnd.github+json" \
  repos/capricorn86/happy-dom/releases \
  --jq '.[] | select(.tag_name | startswith("v15.")) | {tag: .tag_name, body: .body}' \
  | grep -i "breaking"

Length of output: 1008

---

Script:

#!/bin/bash
# Let's try a different approach to check version compatibility and usage

# Find all files that import or require happy-dom
rg -l "happy-dom" --type js --type ts --type jsx --type tsx

# Check package.json files for happy-dom versions across the repo
fd package.json --type f --exec grep -l "happy-dom" {} \; | xargs cat

# Look for test files using happy-dom to understand its usage
rg -l "happy-dom" --type test

Length of output: 23784

content-types/content-type-remote-attachment/package.json (2)

Line range hint 2-2: LGTM: Version increment follows semver

The package version increment to 1.1.12 is appropriate for a minor dependency update.

---

81-81: Verify happy-dom upgrade compatibility

The happy-dom upgrade from ^15.7.4 to ^15.11.6 is a minor version bump. Let's verify there are no breaking changes that could affect the tests.

✅ Verification successful

The happy-dom upgrade from ^15.7.4 to ^15.11.6 is safe to use

Based on the release notes between v15.8.0 and v15.11.6:

• All changes are either new features (:art:) or patch fixes (:construction_worker_man:)
• No breaking changes were introduced
• Notable improvements include:
  • Security fixes for script tag execution (v15.10.1, v15.10.2)
  • Performance improvements in element creation (v15.8.0)
  • Bug fixes for various DOM elements and behaviors

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for breaking changes in happy-dom between versions

# Get the changelog or release notes
gh api repos/capricorn86/happy-dom/releases --jq '.[] | select(.tag_name | startswith("v15.")) | {version: .tag_name, body: .body}' | \
  jq -r 'select(.version | test("v15\\.(8|9|10|11)\\.*"))'

Length of output: 8390

sdks/js-sdk/package.json (2)

Line range hint 2-2: Verify version bump alignment with changes

The version increment to 13.0.4 appears to be a patch update. Please ensure this aligns with the semantic versioning guidelines given the scope of changes in this PR.

---

120-120: Verify happy-dom upgrade compatibility

The happy-dom upgrade from ^15.7.4 to ^15.11.6 is significant. Since it's used in browser tests, please verify:

1. No breaking changes in the test environment
2. Compatibility with existing test suite

✅ Verification successful

Let me try a different approach to gather information about happy-dom usage and test configurations.

---

Let me check the changelog and release notes for happy-dom to understand the changes between these versions.

---

Based on the gathered information, I can now provide a final response:

Happy-dom upgrade appears safe to proceed

The impact of the happy-dom upgrade is limited to test environments in two packages:

• packages/frames-client
• packages/consent-proof-signature

Both packages use happy-dom in a basic way, only as a test environment in their vitest configurations, without any complex DOM manipulations visible in the tests. The upgrade should be safe because:

1. The usage is minimal and straightforward (only environment: "happy-dom" in vitest configs)
2. No direct DOM manipulation was found in the test files
3. Both packages have their own isolated test setups

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for potential breaking changes in happy-dom upgrade

# Search for happy-dom related test files
fd -e test.ts -e spec.ts | xargs rg "happy-dom"

# Check for any failing tests in recent CI runs that might be related
gh run list --workflow=test.yml --json conclusion,headSha --jq '.[] | select(.conclusion=="failure") | .headSha' | while read -r sha; do
    echo "Failed run at commit: $sha"
    gh run view --job-id $(gh run view $sha --json jobs --jq '.jobs[].id') --log | grep -A 5 -B 5 "happy-dom"
done

Length of output: 4940

---

Script:

#!/bin/bash
# Search for test configuration files and happy-dom usage
echo "=== Searching for test configuration files ==="
fd -e config.ts -e config.js | xargs rg -l "happy-dom"

echo -e "\n=== Searching for happy-dom imports and configurations ==="
rg -A 3 "happy-dom" --type ts --type js

echo -e "\n=== Checking package.json for test frameworks ==="
cat sdks/js-sdk/package.json | jq '.devDependencies | keys[] | select(contains("test") or contains("jest") or contains("vitest"))'

echo -e "\n=== Looking for test setup files ==="
fd "setup" -e ts -e js | xargs rg -l "happy-dom"

Length of output: 1301

---

Script:

#!/bin/bash
# Check for test files and their configurations
echo "=== Checking vitest configurations ==="
cat packages/frames-client/vitest.config.ts packages/consent-proof-signature/vitest.config.ts

echo -e "\n=== Looking for test files that might be affected ==="
fd -e test.ts -e spec.ts packages/frames-client packages/consent-proof-signature

echo -e "\n=== Checking package.json files for happy-dom versions ==="
fd package.json packages/frames-client packages/consent-proof-signature | xargs cat

echo -e "\n=== Looking for DOM-specific test utilities or setup ==="
rg -B 2 -A 2 "document\.|window\.|navigator\." packages/frames-client packages/consent-proof-signature -g "*.test.ts" -g "*.spec.ts"

Length of output: 6429

sdks/node-sdk/src/Conversations.ts (1)

Line range hint 147-149: Verify sync method choice in stream operations.

The stream methods currently use sync() before starting to stream messages. Depending on the behavior difference between sync() and syncAll(), these methods might benefit from using syncAll() instead.

Let's check the implementation details:

Also applies to: 182-184, 217-219

✅ Verification successful

Let me gather more information about the sync methods to understand their differences.

---

Let me gather more information about the underlying implementation of sync and syncAll methods.

---

Based on the code analysis, I can now generate the final response:

Keep using sync() for stream operations

The current implementation is correct. While both sync() and syncAll() are available, the stream methods should continue using sync() because:

1. The sync() method is consistently used across all stream operations in the codebase, indicating a deliberate design pattern
2. Test cases show sync() is sufficient for maintaining conversation state before streaming
3. syncAll() is a separate method that maps to syncAllConversations() in the underlying implementation, suggesting it serves a different purpose than the basic sync needed for streaming

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check the implementation differences between sync() and syncAllConversations()
# in the node-bindings package to determine which is more appropriate for streaming.

# Look for sync method implementations
ast-grep --pattern 'sync() {
  $$$
}'

# Look for syncAllConversations method implementations
ast-grep --pattern 'syncAllConversations() {
  $$$
}'

# Look for any comments or documentation about sync behaviors
rg -i "sync.*conversation" -g "*.{md,ts,js}" -A 5

Length of output: 14173

---

Script:

#!/bin/bash
# Look for sync and syncAll method implementations in the Conversations class
ast-grep --pattern 'class Conversations {
  $$$
  sync() {
    $$$
  }
  $$$
}'

ast-grep --pattern 'class Conversations {
  $$$
  syncAll() {
    $$$
  }
  $$$
}'

# Look for any usage patterns of sync vs syncAll
rg "sync\(\)|syncAll\(\)" -A 2 -B 2

Length of output: 54088

---

Script:

#!/bin/bash
# Look for the NodeConversations implementation to understand the difference between sync and syncAllConversations
rg "class NodeConversations" -A 20 -B 2

# Look for any documentation or comments about sync vs syncAll behavior
rg -i "sync.*all.*conversation" -g "*.{ts,js,md}" -A 5 -B 5

Length of output: 2812

sdks/node-sdk/src/Client.ts (2)

18-18: LGTM: Consistent type renaming

The renaming from Level to LogLevel is consistently applied across both the import statement and the interface definition.

Also applies to: 81-81

---

129-129: LGTM: Appropriate default logging level

The default logging level is appropriately set to LogLevel.off, maintaining consistency with the renamed type.

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (1)

sdks/node-sdk/test/Conversations.test.ts (1)

Line range hint 1-585: Add test coverage for the new syncAll method

While the test suite is comprehensive, it's missing explicit test cases for the newly added syncAll method mentioned in the PR objectives.

Consider adding the following test cases:

1. Test that syncAll properly synchronizes both DM and group conversations
2. Test the behavior of syncAll with empty conversations
3. Test syncAll with a mix of new and existing conversations

Here's a suggested test structure:

it("should sync all conversations", async () => {
  const user1 = createUser();
  const user2 = createUser();
  const user3 = createUser();
  const client1 = await createRegisteredClient(user1);
  const client2 = await createRegisteredClient(user2);
  const client3 = await createRegisteredClient(user3);

  // Create mix of DMs and groups
  await client1.conversations.newGroup([user2.account.address]);
  await client1.conversations.newDm(user3.account.address);

  // Verify initial state
  expect((await client2.conversations.list()).length).toBe(0);
  expect((await client3.conversations.list()).length).toBe(0);

  // Test syncAll
  await client2.conversations.syncAll();
  await client3.conversations.syncAll();

  // Verify both DMs and groups are synced
  expect((await client2.conversations.list()).length).toBe(1);
  expect((await client3.conversations.list()).length).toBe(1);
  expect((await client2.conversations.listGroups()).length).toBe(1);
  expect((await client3.conversations.listDms()).length).toBe(1);
});

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 998be7f and cad815b.

📒 Files selected for processing (1)

• sdks/node-sdk/test/Conversations.test.ts (1 hunks)

🔇 Additional comments (1)

sdks/node-sdk/test/Conversations.test.ts (1)

100-100: Verify the change in initial message count for DM conversations

The assertion for the initial message count in a newly created DM has been changed from 1 to 0. This change suggests that DM conversations no longer include any system-generated messages upon creation.

Let's verify this behavioral change:

Please ensure that:

1. This change aligns with the new syncAll method implementation
2. The behavior is consistent across all conversation types (DMs vs Groups)
3. Any dependent features that might rely on the presence of initial system messages have been updated