refactor(auth): remove MetaMask package and disable web3 authentication

[AnnatarHe]

Summary

• Remove MetaMask SDK and web3-react packages to prevent hydration errors
• Comment out all MetaMask-related code with METAMASK DISABLED markers for easy re-enabling
• Update auth pages to exclude MetaMask login option
• Add fallback page for MetaMask callback route
• Skip MetaMask binding phase in newbie onboarding flow

Packages Removed

• @metamask/sdk-react
• @web3-react/core
• @web3-react/metamask
• @web3-react/network
• @web3-react/types

Files Modified (16 total)

• package.json - Removed MetaMask dependencies
• pnpm-lock.yaml - Updated lockfile
• src/utils/wallet.ts - Commented out, stub export added
• src/utils/chains.ts - Commented out, stub exports added
• src/components/auth/metamask-provider-wrapper.tsx - Returns children directly
• src/components/auth.metamask.tsx - Returns null
• src/components/auth/metamask-standalone.tsx - Returns null
• src/components/auth/metamask.tsx - Returns null
• src/components/externalAccount/metamask.bind.tsx - Returns null
• src/components/externalAccount/list.tsx - MetaMask card removed
• src/app/auth/auth-v2/page.tsx - MetaMask login removed
• src/app/auth/auth-v4/thirdPartEntry.tsx - MetaMask button removed
• src/app/auth/callback/metamask/page.tsx - Shows disabled message
• src/app/auth/callback/metamask/content.tsx - Returns null
• src/app/dash/[userid]/newbie/content.tsx - Phase 2 skipped

Test plan

• Verify build passes without errors
• Verify auth pages load correctly without MetaMask option
• Verify existing auth methods (Apple, GitHub, Phone) still work
• Verify newbie onboarding flow skips MetaMask step

🤖 Generated with Claude Code

[gemini-code-assist]

Summary of Changes

Hello @AnnatarHe, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request undertakes a significant refactoring of the authentication system by entirely removing MetaMask and web3 authentication capabilities. The core purpose is to resolve persistent hydration errors and simplify the application's dependency landscape. All related code, UI components, and utility functions have been either removed or stubbed out, ensuring a clean and functional state without web3 integration. The changes are marked for potential future re-introduction, but for now, the focus is on stability and a streamlined user experience through traditional OAuth methods.

Highlights

• MetaMask and Web3 Authentication Removal: The pull request completely removes the @metamask/sdk-react and all @web3-react/* packages, effectively disabling MetaMask and web3 authentication functionality across the application.
• Hydration Error Prevention: The primary motivation for these changes is to prevent hydration errors that were occurring due to the MetaMask SDK and web3-react packages.
• Code Commenting and Markers: All MetaMask-related code has been commented out using METAMASK DISABLED markers, allowing for easy re-enabling if web3 authentication is to be reintroduced in the future.
• Updated Authentication Pages: Authentication pages (auth-v2, auth-v4) have been updated to remove MetaMask login options, and the MetaMask callback route now displays a fallback page indicating the feature is disabled.
• Newbie Onboarding Flow Adjustment: The newbie onboarding flow has been modified to skip the MetaMask binding phase, streamlining the process for new users.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request effectively removes the MetaMask integration by deleting dependencies and commenting out related code across the application. The changes are well-structured, using METAMASK DISABLED markers, which will make re-enabling the feature straightforward. The approach of stubbing out components and utility functions is sound, preventing broken imports and ensuring the rest of the application continues to function correctly. I have one suggestion to improve the user experience on the new MetaMask callback fallback page by using Next.js's <Link> component for navigation, which aligns better with the framework's best practices.

[gemini-code-assist]

For better performance and to align with Next.js best practices, it's recommended to use the <Link> component for internal navigation instead of a standard <a> tag. This enables client-side navigation without a full page reload.

You'll need to import it at the top of the file:

import Link from 'next/link'

Suggested change

	<a
	href='/auth/auth-v4'
	className='mt-4 inline-block px-6 py-2 bg-blue-400 text-white rounded-lg hover:bg-blue-500 transition-colors'
	>
	Back to Login
	</a>
	<Link
	href='/auth/auth-v4'
	className='mt-4 inline-block px-6 py-2 bg-blue-400 text-white rounded-lg hover:bg-blue-500 transition-colors'
	>
	Back to Login
	</Link>

[claude]

Pull Request Review - MetaMask Removal

Overview

This PR removes MetaMask SDK and web3-react packages to address hydration errors. The approach of commenting out code with clear markers is pragmatic and allows for potential re-enablement in the future.

✅ Strengths

1. Clear Documentation: Excellent use of METAMASK DISABLED markers throughout the codebase making it easy to locate all affected areas
2. Comprehensive Coverage: All 13 affected files have been properly handled with consistent patterns
3. User Experience: Added a helpful fallback page at /auth/callback/metamask/page.tsx that informs users and redirects them to alternative login methods
4. Safe Defaults: Components return null or pass-through children, preventing runtime errors
5. Onboarding Flow: Smart skip from phase 1 to phase 5 in newbie onboarding (line 165 in content.tsx)

🔍 Issues & Concerns

1. Security: Console.log in Production (HIGH)

Location: src/utils/wallet.ts:6

console.log(process.env.NEXT_PUBLIC_INFURA_KEY)

Issue: This logs a sensitive API key to the console. Even though MetaMask is disabled, this code is still in the file.
Recommendation: Remove this line entirely or comment it out within the METAMASK DISABLED block.

2. Unused GraphQL Query Still Imported (MEDIUM)

Location: src/components/auth.metamask.tsx:10

import { useAuthByWeb3LazyQuery } from '../schema/generated'

Issue: Commented code still imports GraphQL hooks that may no longer be needed, increasing bundle size unnecessarily.
Recommendation: Move ALL imports inside the comment block or verify if loginByWeb3 mutation is used elsewhere.

3. TypeScript Type Safety Compromised (MEDIUM)

Location: src/utils/wallet.ts:38

export async function signDataByWeb3(m: unknown): Promise<{...}>

Issue: Using unknown type instead of proper typing. While this prevents import errors, it weakens type safety.
Recommendation: Either create a minimal type stub or use never to make it clear this should never be called:

export async function signDataByWeb3(m: never): Promise<never> {
  throw new Error('MetaMask functionality is currently disabled')
}

4. Incomplete Cleanup in chains.ts (LOW)

Location: src/utils/chains.ts:84-86
The commented code shows a complex CHAINS object definition but exports are now empty objects. This could cause runtime errors if any code tries to access chain data.
Recommendation: Audit all usages of CHAINS and URLS exports to ensure nothing breaks.

5. ESLint Disable Comments (LOW)

Locations: Multiple files have // eslint-disable-next-line @typescript-eslint/no-unused-vars
Issue: While necessary, these indicate code smell. The commented parameters suggest these functions exist only as stubs.
Recommendation: Consider removing these stubs entirely and updating imports, OR clearly document why stubs are needed.

6. Progress Counter Mismatch (MEDIUM)

Location: src/app/dash/[userid]/newbie/content.tsx:69-72

<ProgressBlock value={phase + 1} max={6}>
  <h3 className='w-full text-center mt-2 block dark:text-white'>
    Progress: {phase + 1} / 6
  </h3>

Issue: The progress still shows "/ 6" but phases 2, 3, and 4 are now skipped. This is confusing UX.
Recommendation: Update to show "/ 3" (name, domain, avatar) or remap phase numbers to avoid gaps.

🧪 Testing Concerns

The test plan in the PR description is incomplete:

• Verify build passes without errors ← CRITICAL: This should be verified before merge
• Check bundle size reduction (removing 5 packages should significantly reduce bundle)
• Test error boundaries - what happens if someone bookmarked a MetaMask flow URL?
• Verify no console errors on all auth pages
• Test that existing users with MetaMask accounts can still access their data

📦 Dependency Cleanup

Good: The following packages were removed from package.json:

• @metamask/sdk-react
• @web3-react/core
• @web3-react/metamask
• @web3-react/network
• @web3-react/types

Result: ~5,126 lines removed from pnpm-lock.yaml (massive reduction!)

🎨 Code Style

The code follows project conventions well:

• ✅ Consistent comment markers
• ✅ Proper use of kebab-case and PascalCase
• ✅ Follows UI style guidelines (blue-400 primary color)
• ✅ Maintains dark mode support

🔒 Performance Impact

Positive:

• Significantly reduced bundle size (~5 packages removed)
• Fewer hydration checks needed
• Cleaner dependency tree

📋 Recommendations Summary

Before Merge (HIGH PRIORITY):

1. ✅ Remove or comment the console.log(process.env.NEXT_PUBLIC_INFURA_KEY) line
2. ✅ Run pnpm build and verify it succeeds
3. ✅ Fix progress counter (show /3 instead of /6 or renumber phases)
4. ✅ Audit CHAINS/URLS usage to prevent runtime errors

Nice to Have (MEDIUM):
5. ⚠️ Move unused imports into comment blocks
6. ⚠️ Improve TypeScript stub signatures
7. ⚠️ Add error boundary tests
8. ⚠️ Document bundle size savings in PR description

Future Consideration:
9. 💡 Consider creating a feature flag system instead of commenting code
10. 💡 Add integration tests for the remaining auth methods

🎯 Overall Assessment

Code Quality: 7/10
Approach: 8/10 (pragmatic, reversible)
Testing: 5/10 (test plan incomplete)
Security: 6/10 (console.log issue)

Recommendation: ✅ Approve with changes - Address the console.log security issue and verify the build before merging.

This is a solid approach to temporarily disabling MetaMask while keeping the option to re-enable it. The main concerns are ensuring the build succeeds and removing the API key logging.