Tech Debt Zero: ship real or remove — 15 issues fixed#142
Merged
Conversation
Payment links used randomBytes(32) as dummy spending/viewing keys — funds sent to those addresses were unclaimable. Now requires actual stealth meta-address keys so recipients can scan and claim via their viewing key.
…#131) Vault GET endpoint now queries Connection.getBalance() for native SOL and getTokenAccountsByOwner() for SPL tokens. Returns real wallet balances alongside activity history. Gracefully handles RPC failures.
VITE_API_URL was undefined — API calls had no base URL. Added .env.production pointing to sipher.sip-protocol.org and .env.development for localhost. Also added VITE_API_URL to vite-env.d.ts type declarations.
#133) Both providers were 100% mock — no production SDK exists for REST integration. Arcium MPC requires on-chain MXE interaction, Inco FHE is EVM-only. Deleted 8 files (providers, backends, routes, tests), cleaned 8 more (route registry, OpenAPI spec, backend enums, metering, session, demo). 6 fake endpoints removed. 534 tests remain passing.
…134) jupiter-provider.ts now calls live Jupiter Quote + Swap API via HTTP. getQuote() → GET lite-api.jup.ag/swap/v1/quote buildSwapTransaction() → POST lite-api.jup.ag/swap/v1/swap Base URL configurable via JUPITER_API_URL env var. Removed hardcoded token whitelist (Jupiter supports thousands). Updated private-swap route, builder, and tests accordingly.
Proof generation endpoints used MockProofProvider (no cryptographic validity) and mock STARK range proofs. Removed entirely — proof generation belongs client-side for privacy (server shouldn't see private inputs). Deleted 6 files (2 providers, 2 routes, 2 test suites). 8 endpoints removed. 497 tests remain passing.
…136) Added JUPITER_API_URL (defaults to free tier). Clarified Jito comment — code already supports real mode when JITO_BLOCK_ENGINE_URL is set. VPS configuration needed: set env var on production server.
Phantom-only wallet adapter excluded Solflare users. Added SolflareWalletAdapter from @solana/wallet-adapter-wallets. Backpack adapter not available in installed version — skipped.
Conversations were in-memory Map — lost on every restart. Added conversations table to SQLite schema and rewrote session.ts to use DB-backed storage. Same API surface, same 100-message limit, same 30-min idle purge — now survives restarts.
…loses #141) Added 6 missing env vars: SOLANA_NETWORK, AUTHORIZED_WALLETS, SIPHER_BASE_URL, SIPHER_OPENROUTER_API_KEY, SIPHER_MODEL, SIPHER_HELIUS_API_KEY. Removed dev-only Stripe secret default. AUTHORIZED_WALLETS needs RECTOR's wallet pubkey on VPS.
balance, scan, status, history, refund, and viewing-key tools all
had createConnection('devnet'). Without this fix, read-path tools
would query devnet while write-path tools target mainnet — user's
mainnet operations would be invisible.
6 error enum values and catalog entries remained after provider removal. Exposed via /v1/errors endpoint — misleading for consumers.
This was referenced Apr 10, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Eliminates all mocks, hardcodes, and incomplete features from Sipher. Every remaining endpoint is backed by real operations.
Net result: 573→497 tests (removed mock tests), 71→55 endpoints (removed 16 fake), ~3,700 lines of mock code deleted.
Closes
#127, #128, #129, #130, #131, #132, #133, #134, #135, #136, #137, #138, #139, #140, #141
VPS TODO (post-merge)
JITO_BLOCK_ENGINE_URL=https://mainnet.block-engine.jito.wtf/api/v1/bundlesAUTHORIZED_WALLETS=<wallet pubkey>Test plan
pnpm test -- --run— 497 tests, 32 suites, all passingcd app && pnpm build— frontend builds clean