feat(dev): auto-init wallet from VITE_DEV_NSEC for local testing

[sahilc0]

Summary

Adds a dev-only shortcut that automatically initializes the wallet from a VITE_DEV_NSEC environment variable, completely bypassing the onboarding and unlock screens during local development.

Why

Every time you reload the page, switch worktrees, or start a new dev session, you currently have to manually enter your NSEC seed phrase and go through the full onboarding flow before you can test anything. This is extremely slow when doing UI passes, debugging, or testing features that have nothing to do with onboarding.

What it does

1. wallet.tsx — Adds a useEffect that checks for VITE_DEV_NSEC when the app boots. If present, it converts the NSEC to a private key and calls initWallet() directly, skipping both onboarding and the unlock screen.
2. App.tsx — Adds a routing guard that prevents redirecting to the Init/Unlock screens while the dev auto-init is in progress. The user sees the normal loading screen until the wallet is ready, then lands straight in the wallet.

Safety

• Completely dev-only: gated behind import.meta.env.DEV, so it's tree-shaken out of production builds
• No-op without the env var: if VITE_DEV_NSEC is not set, the code does absolutely nothing — zero impact for other developers or production
• Secret stays local: the NSEC goes in .env.local which is already in .gitignore — it never touches git or GitHub

How to use

Add this to your .env.local:

VITE_DEV_NSEC=nsec1your_nsec_here

Then pnpm start — the wallet boots straight into the main screen, no onboarding, no unlock.

Test plan

• With VITE_DEV_NSEC set: app boots directly into wallet, no onboarding/unlock screens shown
• Without VITE_DEV_NSEC: app behaves exactly as before (normal onboarding/unlock flow)
• Production build: no dev-init code present (tree-shaken)
• Wallet locking: if wallet is locked during a dev session, auto-init re-fires and unlocks again

Summary by CodeRabbit

• Chores
  • Enhanced wallet initialization flow during development to streamline developer experience.

---

Note: This release contains development-focused improvements with no end-user feature changes.

[sahilc0]

Hey team — are you guys OK with this?

This is a small dev-only QoL improvement so I don't have to re-enter the NSEC seed phrase every time I reload or switch branches during local testing. It's gated behind import.meta.env.DEV and a VITE_DEV_NSEC env var in .env.local, so it has zero impact on production or on anyone who doesn't opt in.

If any of you want to use it too, just add VITE_DEV_NSEC=your_nsec_here to your .env.local and you'll skip straight to the wallet on boot.

[coderabbitai]

Walkthrough

Development-only wallet auto-initialization has been added. When DEV mode is enabled with VITE_DEV_NSEC set, the wallet automatically initializes using the provided NSEC, bypassing onboarding and unlock. The loading screen is preserved during this initialization process.

Changes

Cohort / File(s)	Summary
Dev wallet auto-initialization src/App.tsx, src/providers/wallet.tsx	Added a development-only guard in App's redirect logic that prevents navigation when auto-initializing, and implemented a useEffect in WalletProvider that converts dev NSEC to private key and calls initWallet during DEV mode with VITE_DEV_NSEC set.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• fix(ui): remove double loading animation on app startup #386: Modifies wallet-loading redirect logic in src/App.tsx to prevent unwanted navigation, directly related to the loading screen preservation in this PR.

Suggested reviewers

• bordalix
• pietro909

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and concisely describes the main feature: adding auto-initialization of the wallet from a VITE_DEV_NSEC environment variable for local development testing.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch wt-dev-nsec-bypass-20260318

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

You can generate walkthrough in a markdown collapsible section to save space.

Enable the reviews.collapse_walkthrough setting to generate walkthrough in a markdown collapsible section.

[cloudflare-workers-and-pages]

Deploying wallet-bitcoin with    Cloudflare Pages

Latest commit:	323133f
Status:	✅  Deploy successful!
Preview URL:	https://f249e9e7.wallet-bitcoin.pages.dev
Branch Preview URL:	https://wt-dev-nsec-bypass-20260318.wallet-bitcoin.pages.dev

View logs

[arkanaai]

🔍 Review — feat(dev): auto-init wallet from VITE_DEV_NSEC

Clean, well-scoped DX improvement. Two files, 22 lines, does exactly what it says.

✅ What looks good

• Proper dev-only gating: both import.meta.env.DEV and env var check mean zero production impact
• Guard against re-init: if (initialized) return prevents loops
• Waits for aspInfo.url before calling initWallet — correct dependency ordering
• Routing guard in App.tsx prevents redirect flicker during auto-init

⚠️ Minor observations

1. No password set on the auto-inited wallet — if initWallet(privateKey) normally expects a password-protected store, this could leave the dev wallet in a different state than a manually-created one. Fine for dev, but worth noting if any downstream code assumes wallet.isLocked() behaves the same.

2. eslint-disable on the useEffect deps — the comment says it's needed but the actual missing deps aren't listed. Consider // eslint-disable-next-line react-hooks/exhaustive-deps -- initWallet is stable from context to be explicit about what's excluded.

3. Error handling: consoleError(err, 'Dev auto-init failed') is reasonable, but a developer hitting this path with a malformed nsec won't see it unless they check the console. Could add a brief console.warn or a visible toast in dev mode only.

Security

No concerns — import.meta.env.DEV is Vite's compile-time flag, tree-shaken in production. The nsec never leaves the local dev environment.

Verdict: Ship it. Good DX win for the team. 👍

[cloudflare-workers-and-pages]

Deploying wallet-mutinynet with    Cloudflare Pages

Latest commit:	323133f
Status:	✅  Deploy successful!
Preview URL:	https://715d5b15.arkade-wallet.pages.dev
Branch Preview URL:	https://wt-dev-nsec-bypass-20260318.arkade-wallet.pages.dev

View logs

[coderabbitai]

🧹 Nitpick comments (1)

src/providers/wallet.tsx (1)

135-152: Consider adding a guard ref to prevent overlapping initialization attempts.

If aspInfo.url changes while initWallet is in-flight (before initialized becomes true), the effect will re-fire and start a second concurrent initialization. While unlikely in practice during dev startup, overlapping initSvcWorkerWallet calls could leave the service worker in an inconsistent state.

🛡️ Optional: add an `initializingRef` guard

+  const devInitializing = useRef(false)
+
   // dev-only: auto-initialize wallet from VITE_DEV_NSEC, bypassing onboarding and unlock
   useEffect(() => {
     if (!import.meta.env.DEV || !import.meta.env.VITE_DEV_NSEC) return
     if (initialized) return
     if (!aspInfo.url) return
+    if (devInitializing.current) return
 
     const autoInit = async () => {
+      devInitializing.current = true
       try {
         const privateKey = nsecToPrivateKey(import.meta.env.VITE_DEV_NSEC)
         await initWallet(privateKey)
       } catch (err) {
         consoleError(err, 'Dev auto-init failed')
+      } finally {
+        devInitializing.current = false
       }
     }
 
     autoInit()
-    // eslint-disable-next-line react-hooks/exhaustive-deps
+    // eslint-disable-next-line react-hooks/exhaustive-deps -- initWallet is intentionally excluded; including it would cause infinite re-runs
   }, [aspInfo.url, initialized])

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/providers/wallet.tsx` around lines 135 - 152, The effect can start
overlapping initWallet runs when aspInfo.url changes; add a guard ref (e.g.,
initializingRef = useRef(false)) and check it at the top of the
useEffect/autoinit to return early if already initializing, set
initializingRef.current = true before calling initWallet, and clear it in a
finally block (or keep it set if initialized becomes true) so only one
initWallet(nsecToPrivateKey(...)) / initSvcWorkerWallet flow runs at a time;
reference the existing useEffect, initialized, aspInfo.url, autoInit,
nsecToPrivateKey and initWallet symbols when making the change.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@src/providers/wallet.tsx`:
- Around line 135-152: The effect can start overlapping initWallet runs when
aspInfo.url changes; add a guard ref (e.g., initializingRef = useRef(false)) and
check it at the top of the useEffect/autoinit to return early if already
initializing, set initializingRef.current = true before calling initWallet, and
clear it in a finally block (or keep it set if initialized becomes true) so only
one initWallet(nsecToPrivateKey(...)) / initSvcWorkerWallet flow runs at a time;
reference the existing useEffect, initialized, aspInfo.url, autoInit,
nsecToPrivateKey and initWallet symbols when making the change.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: caa2550e-1295-4b90-8f5c-b687b4dee8da

📥 Commits

Reviewing files that changed from the base of the PR and between da3a767 and 323133f.

📒 Files selected for processing (2)

• src/App.tsx
• src/providers/wallet.tsx