refactor(wallet-flow): stable signerIds for React keys; tripwire test

[jinglescode]

Summary

Both new-wallet-flow and wallet-migration flow used the raw signer address as a React key in ReviewSignersCard. That breaks badly:

1. The address can be empty/undefined while the user is editing → the key is non-unique → React reuses inputs across rows, swapping names and addresses while typing
2. Two signers can momentarily share the same partial input → duplicate keys → same swap

Fix: every signer row gets a stable opaque signerId generated when the row is created; the component uses signerId as the React key. Address becomes regular state, free to be empty/duplicate transiently without breaking React identity.

The same fix applied to both useWalletFlowState and useMigrationWalletFlowState. The shared signerRows.ts module emits the id and keeps the parallel arrays in sync.

Tripwire test

reviewSignersCardKey.test.ts is a source-regex tripwire suite that:

• greps ReviewSignersCard.tsx to assert the raw address is never used as a React key
• verifies both flow-state hooks expose signerIds parallel to signersAddresses

This catches future regressions structurally — the type system can't enforce "don't use address as key", but a regex over source can.

Base branch

This PR targets #237 (feat/server-hardening-and-audit-log) because it depends on the test infrastructure changes in that PR. Once #237 merges to main, this will auto-retarget to main.

Test plan

• 171/171 tests pass deterministically (verified locally on top of feat(server): AuditLog, DB indexes, security hardening, observability #237)
• Typecheck clean (verified locally)
• Manually verify in dev: rapidly typing in two empty signer rows no longer swaps inputs

🤖 Generated with Claude Code

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
multisig	Ready	Preview, Comment	May 10, 2026 8:35am