[SDK] Fix waitUntil facilitator parameter not being respected

[joaquim-verges]

---

PR-Codex overview

This PR focuses on updating the waitUtil parameter to waitUntil in various parts of the codebase and adding a GitHub Actions workflow for auto-assigning authors to pull requests. It also modifies the GET function in the API route to handle payment processing.

Detailed summary

• Renamed waitUtil to waitUntil in facilitator.ts and related functions.
• Updated settle function to use waitUntil parameter.
• Added a new GitHub Actions workflow in .github/workflows/auto-assign.yml for auto-assigning authors.
• Enhanced the GET function in route.ts to process payments with the new waitUntil parameter and improved error handling.

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

Summary by CodeRabbit

• New Features
  • None
• Bug Fixes
  • Paywall settlement now respects the waitUntil parameter and returns clearer settlement responses.
• Refactor
  • Paywall handling moved out of global middleware into a dedicated API route.
  • Facilitator API surface renamed for consistency (waitUntil).
• Documentation
  • Added a changeset noting the patch release and the waitUntil fix.
• Chores
  • Added an automated workflow to assign PR authors on PR creation/reopen.

[changeset-bot]

🦋 Changeset detected

Latest commit: 0fafe9f

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 4 packages

Name	Type
thirdweb	Patch
@thirdweb-dev/nebula	Patch
@thirdweb-dev/wagmi-adapter	Patch
wagmi-inapp	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
docs-v2	Canceled			Oct 4, 2025 0:14am
nebula	Ready	Preview	Comment	Oct 4, 2025 0:14am
thirdweb_playground	Ready	Preview	Comment	Oct 4, 2025 0:14am
thirdweb-www	Ready	Preview	Comment	Oct 4, 2025 0:14am
wallet-ui	Ready	Preview	Comment	Oct 4, 2025 0:14am

[joaquim-verges]

• [SDK] Fix waitUntil facilitator parameter not being respected #8184 👈 (View in Graphite)
• main

---

How to use the Graphite Merge Queue

Add either label to this PR to merge it via the merge queue:

• merge-queue - adds this PR to the back of the merge queue
• hotfix - for urgent hot fixes, skip the queue and merge this PR next

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

Replaces the Next.js paywall middleware with a typed Next.js API route, adds an auto-assign GitHub Actions workflow, adds a changeset, and renames the x402 facilitator parameter waitUtil → waitUntil across types and implementation.

Changes

Cohort / File(s)	Summary of Changes
Release metadata \.changeset/ten-donuts-fail.md	New changeset documenting a patch release for thirdweb noting a fix for the facilitator waitUntil param.
CI workflow .github/workflows/auto-assign.yml	New "Auto Author Assign" GitHub Actions workflow that auto-assigns PR authors on open/reopen/ready_for_review using toshimaru/auto-author-assign; job gated to trusted roles and granted write permission on pull-requests.
Playground paywall route apps/playground-web/src/app/api/paywall/route.ts	Adds a typed GET(request: NextRequest) handler that initializes a thirdweb client/facilitator, reads X-PAYMENT header and query params (chainId, amount, tokenAddress, decimals, waitUntil), constructs a settlement request (price → units, network), calls facilitator settlement, and returns or forwards settlement responses and headers.
Middleware removal apps/playground-web/src/middleware.ts	Deleted: removed the Next.js middleware that previously intercepted /api/paywall and its exported config matcher.
X402 facilitator API packages/thirdweb/src/x402/facilitator.ts	API and runtime rename: waitUtil → waitUntil in ThirdwebX402FacilitatorConfig, ThirdwebX402Facilitator.settle signature, and payload construction; implementation updated to compute/send waitUntil.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant C as Client
  participant R as Next.js API /api/paywall
  participant F as Thirdweb Facilitator
  participant X as X402 Service

  C->>R: GET /api/paywall?chainId=&amount=&tokenAddress=&decimals=&waitUntil (or X-PAYMENT header)
  R->>R: Parse query/headers, validate chainId, build price/asset, set waitUntil
  R->>F: settle({ network, price, asset, waitUntil, facilitator })
  F->>X: POST /settle (payload includes waitUntil)
  X-->>F: Settlement response (status, headers, body)
  alt status 200
    F-->>R: Success + headers
    R-->>C: 200 JSON (receipt) + allowed headers
  else non-200
    F-->>R: Error response + headers
    R-->>C: forwarded status + body + headers
  end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description Check	⚠️ Warning	The pull request description includes the template comments but none of the required sections—such as the formatted title placeholder, notes for the reviewer, and testing instructions—have been completed, and the PR-Codex overview does not replace these mandatory fields, so the description does not adhere to the repository template.	Please complete the description template by providing a proper formatted title under the “## title” heading, adding relevant notes for the reviewer under “## Notes for the reviewer,” and including clear steps or commands for testing under “## How to test.”
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The pull request title succinctly identifies the main fix—ensuring the waitUntil facilitator parameter is respected—and follows the repository convention by prefixing with “[SDK]”, making it clear and relevant to the core change.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch _thirdweb_Fix_waitUntil_facilitator_parameter_not_being_respected

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 7a08ea7 and 0fafe9f.

📒 Files selected for processing (5)

• .changeset/ten-donuts-fail.md (1 hunks)
• .github/workflows/auto-assign.yml (1 hunks)
• apps/playground-web/src/app/api/paywall/route.ts (1 hunks)
• apps/playground-web/src/middleware.ts (0 hunks)
• packages/thirdweb/src/x402/facilitator.ts (4 hunks)

💤 Files with no reviewable changes (1)

• apps/playground-web/src/middleware.ts

✅ Files skipped from review due to trivial changes (1)

• .github/workflows/auto-assign.yml

🚧 Files skipped from review as they are similar to previous changes (1)

• .changeset/ten-donuts-fail.md

🧰 Additional context used

📓 Path-based instructions (4)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{ts,tsx}: Write idiomatic TypeScript with explicit function declarations and return types
Limit each file to one stateless, single-responsibility function for clarity
Re-use shared types from @/types or local types.ts barrels
Prefer type aliases over interface except for nominal shapes
Avoid any and unknown unless unavoidable; narrow generics when possible
Choose composition over inheritance; leverage utility types (Partial, Pick, etc.)
Comment only ambiguous logic; avoid restating TypeScript in prose

**/*.{ts,tsx}: Use explicit function declarations and explicit return types in TypeScript
Limit each file to one stateless, single‑responsibility function
Re‑use shared types from @/types where applicable
Prefer type aliases over interface except for nominal shapes
Avoid any and unknown unless unavoidable; narrow generics when possible
Prefer composition over inheritance; use utility types (Partial, Pick, etc.)
Lazy‑import optional features and avoid top‑level side‑effects to reduce bundle size

Files:

• apps/playground-web/src/app/api/paywall/route.ts
• packages/thirdweb/src/x402/facilitator.ts

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (CLAUDE.md)

Load heavy dependencies inside async paths to keep initial bundle lean (lazy loading)

Files:

• apps/playground-web/src/app/api/paywall/route.ts
• packages/thirdweb/src/x402/facilitator.ts

apps/{dashboard,playground-web}/**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

apps/{dashboard,playground-web}/**/*.{ts,tsx}: Import UI primitives from @/components/ui/* (Button, Input, Select, Tabs, Card, Sidebar, Badge, Separator) in dashboard and playground apps
Use NavLink for internal navigation with automatic active states in dashboard and playground apps
Use Tailwind CSS only – no inline styles or CSS modules
Use cn() from @/lib/utils for conditional class logic
Use design system tokens (e.g., bg-card, border-border, text-muted-foreground)
Server Components (Node edge): Start files with import "server-only";
Client Components (browser): Begin files with 'use client';
Always call getAuthToken() to retrieve JWT from cookies on server side
Use Authorization: Bearer header – never embed tokens in URLs
Return typed results (e.g., Project[], User[]) – avoid any
Wrap client-side data fetching calls in React Query (@tanstack/react-query)
Use descriptive, stable queryKeys for React Query cache hits
Configure staleTime/cacheTime in React Query based on freshness (default ≥ 60s)
Keep tokens secret via internal API routes or server actions
Never import posthog-js in server components

Files:

• apps/playground-web/src/app/api/paywall/route.ts

packages/thirdweb/**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

packages/thirdweb/**/*.{ts,tsx}: Every public symbol must have comprehensive TSDoc with at least one compiling @example and a custom tag (@beta, @internal, @experimental, etc.)
Comment only ambiguous logic; avoid restating TypeScript in prose
Lazy‑load heavy dependencies inside async paths (e.g., const { jsPDF } = await import("jspdf"))

Files:

• packages/thirdweb/src/x402/facilitator.ts

🧠 Learnings (1)

📚 Learning: 2025-05-27T19:56:16.920Z

Learnt from: MananTank
PR: thirdweb-dev/js#7177
File: apps/dashboard/src/app/(app)/(dashboard)/(chain)/[chain_id]/[contractAddress]/public-pages/erc20/_hooks/useTokenTransfers.ts:41-44
Timestamp: 2025-05-27T19:56:16.920Z
Learning: When reviewing hooks that use environment variables like NEXT_PUBLIC_DASHBOARD_THIRDWEB_CLIENT_ID for API calls, MananTank prefers not to add explicit validation checks for these variables, trusting they will be set in the deployment environment.

Applied to files:

• apps/playground-web/src/app/api/paywall/route.ts

🧬 Code graph analysis (2)

apps/playground-web/src/app/api/paywall/route.ts (3)

apps/playground-web/src/app/ai/api/types.ts (1)

• API_URL (1-1)

packages/thirdweb/src/x402/facilitator.ts (1)

• facilitator (107-262)

apps/playground-web/src/app/payments/x402/components/constants.ts (1)

• token (4-9)

packages/thirdweb/src/x402/facilitator.ts (2)

packages/thirdweb/src/x402/schemas.ts (1)

• FacilitatorSettleResponse (58-60)

packages/ai-sdk-provider/src/types.ts (1)

• DEFAULT_BASE_URL (10-10)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Size
• GitHub Check: Analyze (javascript)

🔇 Additional comments (1)

packages/thirdweb/src/x402/facilitator.ts (1)

18-18: LGTM! Typo fix applied consistently.

The rename from waitUtil to waitUntil corrects the parameter name throughout the config type, public interface, implementation, and payload construction. The change is consistent and maintains backward compatibility for callers who did not use this optional parameter.

Also applies to: 43-43, 188-188, 195-195, 204-204

Warning

Review ran into problems

🔥 Problems

Errors were encountered while retrieving linked issues.

Errors (1)

• TEAM-0000: Entity not found: Issue - Could not find referenced Issue.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

size-limit report 📦

Path	Size	Loading time (3g)	Running time (snapdragon)	Total time
thirdweb (esm)	64.6 KB (0%)	1.3 s (0%)	216 ms (+190.4% 🔺)	1.6 s
thirdweb (cjs)	365.75 KB (0%)	7.4 s (0%)	796 ms (+13.04% 🔺)	8.2 s
thirdweb (minimal + tree-shaking)	5.73 KB (0%)	115 ms (0%)	117 ms (+3295.05% 🔺)	232 ms
thirdweb/chains (tree-shaking)	526 B (0%)	11 ms (0%)	42 ms (+1371.03% 🔺)	52 ms
thirdweb/react (minimal + tree-shaking)	19.13 KB (0%)	383 ms (0%)	65 ms (+1599.22% 🔺)	448 ms

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

.github/workflows/auto-assign.yml (1)

14-17: Include first-time contributor associations

Authors with FIRST_TIMER or FIRST_TIMER_CONTRIBUTOR associations currently skip assignment, defeating the “always assign the author” goal for new contributors. Add those associations to the guard so the workflow behaves consistently.

       github.event.pull_request.author_association == 'MEMBER' ||
       github.event.pull_request.author_association == 'OWNER' ||
       github.event.pull_request.author_association == 'COLLABORATOR' ||
-      github.event.pull_request.author_association == 'CONTRIBUTOR'
+      github.event.pull_request.author_association == 'CONTRIBUTOR' ||
+      github.event.pull_request.author_association == 'FIRST_TIMER' ||
+      github.event.pull_request.author_association == 'FIRST_TIMER_CONTRIBUTOR'

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 34c5d24 and 11629cf.

📒 Files selected for processing (5)

• .changeset/ten-donuts-fail.md (1 hunks)
• .github/workflows/auto-assign.yml (1 hunks)
• apps/playground-web/src/app/api/paywall/route.ts (1 hunks)
• apps/playground-web/src/middleware.ts (0 hunks)
• packages/thirdweb/src/x402/facilitator.ts (4 hunks)

💤 Files with no reviewable changes (1)

• apps/playground-web/src/middleware.ts

🧰 Additional context used

📓 Path-based instructions (5)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{ts,tsx}: Write idiomatic TypeScript with explicit function declarations and return types
Limit each file to one stateless, single-responsibility function for clarity
Re-use shared types from @/types or local types.ts barrels
Prefer type aliases over interface except for nominal shapes
Avoid any and unknown unless unavoidable; narrow generics when possible
Choose composition over inheritance; leverage utility types (Partial, Pick, etc.)
Comment only ambiguous logic; avoid restating TypeScript in prose

**/*.{ts,tsx}: Use explicit function declarations and explicit return types in TypeScript
Limit each file to one stateless, single‑responsibility function
Re‑use shared types from @/types where applicable
Prefer type aliases over interface except for nominal shapes
Avoid any and unknown unless unavoidable; narrow generics when possible
Prefer composition over inheritance; use utility types (Partial, Pick, etc.)
Lazy‑import optional features and avoid top‑level side‑effects to reduce bundle size

Files:

• apps/playground-web/src/app/api/paywall/route.ts
• packages/thirdweb/src/x402/facilitator.ts

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (CLAUDE.md)

Load heavy dependencies inside async paths to keep initial bundle lean (lazy loading)

Files:

• apps/playground-web/src/app/api/paywall/route.ts
• packages/thirdweb/src/x402/facilitator.ts

apps/{dashboard,playground-web}/**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

apps/{dashboard,playground-web}/**/*.{ts,tsx}: Import UI primitives from @/components/ui/* (Button, Input, Select, Tabs, Card, Sidebar, Badge, Separator) in dashboard and playground apps
Use NavLink for internal navigation with automatic active states in dashboard and playground apps
Use Tailwind CSS only – no inline styles or CSS modules
Use cn() from @/lib/utils for conditional class logic
Use design system tokens (e.g., bg-card, border-border, text-muted-foreground)
Server Components (Node edge): Start files with import "server-only";
Client Components (browser): Begin files with 'use client';
Always call getAuthToken() to retrieve JWT from cookies on server side
Use Authorization: Bearer header – never embed tokens in URLs
Return typed results (e.g., Project[], User[]) – avoid any
Wrap client-side data fetching calls in React Query (@tanstack/react-query)
Use descriptive, stable queryKeys for React Query cache hits
Configure staleTime/cacheTime in React Query based on freshness (default ≥ 60s)
Keep tokens secret via internal API routes or server actions
Never import posthog-js in server components

Files:

• apps/playground-web/src/app/api/paywall/route.ts

packages/thirdweb/**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

packages/thirdweb/**/*.{ts,tsx}: Every public symbol must have comprehensive TSDoc with at least one compiling @example and a custom tag (@beta, @internal, @experimental, etc.)
Comment only ambiguous logic; avoid restating TypeScript in prose
Lazy‑load heavy dependencies inside async paths (e.g., const { jsPDF } = await import("jspdf"))

Files:

• packages/thirdweb/src/x402/facilitator.ts

.changeset/*.md

📄 CodeRabbit inference engine (AGENTS.md)

.changeset/*.md: Each change in packages/* must include a changeset for the appropriate package
Version bump rules: patch for non‑API changes; minor for new/modified public API

Files:

• .changeset/ten-donuts-fail.md

🧬 Code graph analysis (2)

apps/playground-web/src/app/api/paywall/route.ts (2)

packages/thirdweb/src/x402/facilitator.ts (1)

• facilitator (107-262)

apps/playground-web/src/app/payments/x402/components/constants.ts (1)

• token (4-9)

packages/thirdweb/src/x402/facilitator.ts (3)

packages/thirdweb/src/exports/x402.ts (1)

• WaitUntil (6-6)

packages/thirdweb/src/x402/schemas.ts (1)

• FacilitatorSettleResponse (58-60)

packages/ai-sdk-provider/src/types.ts (1)

• DEFAULT_BASE_URL (10-10)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)

• GitHub Check: E2E Tests (pnpm, esbuild)
• GitHub Check: E2E Tests (pnpm, webpack)
• GitHub Check: E2E Tests (pnpm, vite)
• GitHub Check: Size
• GitHub Check: Unit Tests
• GitHub Check: Build Packages
• GitHub Check: Lint Packages
• GitHub Check: Analyze (javascript)

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 55.04%. Comparing base (34c5d24) to head (0fafe9f).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #8184   +/-   ##
=======================================
  Coverage   55.04%   55.04%           
=======================================
  Files         919      919           
  Lines       60562    60562           
  Branches     4126     4131    +5     
=======================================
  Hits        33337    33337           
  Misses      27121    27121           
  Partials      104      104           

Flag	Coverage Δ
packages	55.04% <ø> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 2

♻️ Duplicate comments (1)

apps/playground-web/src/app/api/paywall/route.ts (1)

30-63: Validate query parameters before use.

The validation issues flagged in the previous review comment are still present. The code does not validate that chainId and decimals are valid numbers, and waitUntil is not constrained to allowed values. This can lead to runtime exceptions when calling defineChain(NaN) or toUnits() with invalid decimals.

Please apply the comprehensive validation diff from the previous review comment to fix these issues.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 11629cf and e254a69.

📒 Files selected for processing (5)

• .changeset/ten-donuts-fail.md (1 hunks)
• .github/workflows/auto-assign.yml (1 hunks)
• apps/playground-web/src/app/api/paywall/route.ts (1 hunks)
• apps/playground-web/src/middleware.ts (0 hunks)
• packages/thirdweb/src/x402/facilitator.ts (4 hunks)

💤 Files with no reviewable changes (1)

• apps/playground-web/src/middleware.ts

🚧 Files skipped from review as they are similar to previous changes (2)

• .changeset/ten-donuts-fail.md
• .github/workflows/auto-assign.yml

🧰 Additional context used

📓 Path-based instructions (4)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{ts,tsx}: Write idiomatic TypeScript with explicit function declarations and return types
Limit each file to one stateless, single-responsibility function for clarity
Re-use shared types from @/types or local types.ts barrels
Prefer type aliases over interface except for nominal shapes
Avoid any and unknown unless unavoidable; narrow generics when possible
Choose composition over inheritance; leverage utility types (Partial, Pick, etc.)
Comment only ambiguous logic; avoid restating TypeScript in prose

**/*.{ts,tsx}: Use explicit function declarations and explicit return types in TypeScript
Limit each file to one stateless, single‑responsibility function
Re‑use shared types from @/types where applicable
Prefer type aliases over interface except for nominal shapes
Avoid any and unknown unless unavoidable; narrow generics when possible
Prefer composition over inheritance; use utility types (Partial, Pick, etc.)
Lazy‑import optional features and avoid top‑level side‑effects to reduce bundle size

Files:

• apps/playground-web/src/app/api/paywall/route.ts
• packages/thirdweb/src/x402/facilitator.ts

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (CLAUDE.md)

Load heavy dependencies inside async paths to keep initial bundle lean (lazy loading)

Files:

• apps/playground-web/src/app/api/paywall/route.ts
• packages/thirdweb/src/x402/facilitator.ts

apps/{dashboard,playground-web}/**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

apps/{dashboard,playground-web}/**/*.{ts,tsx}: Import UI primitives from @/components/ui/* (Button, Input, Select, Tabs, Card, Sidebar, Badge, Separator) in dashboard and playground apps
Use NavLink for internal navigation with automatic active states in dashboard and playground apps
Use Tailwind CSS only – no inline styles or CSS modules
Use cn() from @/lib/utils for conditional class logic
Use design system tokens (e.g., bg-card, border-border, text-muted-foreground)
Server Components (Node edge): Start files with import "server-only";
Client Components (browser): Begin files with 'use client';
Always call getAuthToken() to retrieve JWT from cookies on server side
Use Authorization: Bearer header – never embed tokens in URLs
Return typed results (e.g., Project[], User[]) – avoid any
Wrap client-side data fetching calls in React Query (@tanstack/react-query)
Use descriptive, stable queryKeys for React Query cache hits
Configure staleTime/cacheTime in React Query based on freshness (default ≥ 60s)
Keep tokens secret via internal API routes or server actions
Never import posthog-js in server components

Files:

• apps/playground-web/src/app/api/paywall/route.ts

packages/thirdweb/**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

packages/thirdweb/**/*.{ts,tsx}: Every public symbol must have comprehensive TSDoc with at least one compiling @example and a custom tag (@beta, @internal, @experimental, etc.)
Comment only ambiguous logic; avoid restating TypeScript in prose
Lazy‑load heavy dependencies inside async paths (e.g., const { jsPDF } = await import("jspdf"))

Files:

• packages/thirdweb/src/x402/facilitator.ts

🧬 Code graph analysis (2)

apps/playground-web/src/app/api/paywall/route.ts (2)

packages/thirdweb/src/x402/facilitator.ts (1)

• facilitator (107-262)

apps/playground-web/src/app/payments/x402/components/constants.ts (1)

• token (4-9)

packages/thirdweb/src/x402/facilitator.ts (3)

packages/thirdweb/src/exports/x402.ts (1)

• WaitUntil (6-6)

packages/thirdweb/src/x402/schemas.ts (1)

• FacilitatorSettleResponse (58-60)

packages/ai-sdk-provider/src/types.ts (1)

• DEFAULT_BASE_URL (10-10)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Size
• GitHub Check: Analyze (javascript)

🔇 Additional comments (1)

packages/thirdweb/src/x402/facilitator.ts (1)

18-18: LGTM! Parameter rename fixes typo consistently.

The rename from waitUtil to waitUntil is correctly applied across the type definitions (ThirdwebX402FacilitatorConfig, ThirdwebX402Facilitator.settle) and implementation. The payload construction now correctly sends waitUntil instead of waitUtil, and the parameter resolution at line 195 properly reads from both the function parameter and config property.

Note: This is a breaking change to the public API. Ensure it's documented in the changeset and migration guide if needed.

Also applies to: 43-43, 188-188, 195-195, 204-204

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (3)

apps/playground-web/src/app/api/paywall/route.ts (3)

15-18: Validate required environment variables at initialization.

Environment variables are cast to string without checking if they exist. If any are missing, the application will fail at runtime with confusing errors. This concern was previously raised and remains unaddressed.

---

31-45: Validate chainId, decimals, and waitUntil before using them.

The code does not validate that chainId is a valid integer, decimals is numeric, or waitUntil is one of the allowed values. This can cause runtime errors when invalid input is provided (e.g., ?chainId=mainnet results in NaN). This concern was previously raised and remains unaddressed.

---

47-64: Add error handling for settlePayment.

The settlePayment call can throw exceptions (network errors, facilitator errors), but there's no try-catch block. Unhandled exceptions result in a 500 response without a meaningful error message. This concern was previously raised and remains unaddressed.

🧹 Nitpick comments (3)

apps/playground-web/src/app/api/paywall/route.ts (3)

10-10: Add explicit return type annotation.

Per coding guidelines, TypeScript functions should have explicit return types. The GET handler should specify its return type.

Apply this diff:

-export async function GET(request: NextRequest) {
+export async function GET(request: NextRequest): Promise<NextResponse> {

---

16-16: Remove commented-out code.

The commented line referencing ENGINE_BACKEND_SMART_WALLET should be removed to keep the codebase clean. If this alternative configuration is needed, consider using an environment variable to toggle between options rather than leaving dead code.

Apply this diff:

 const BACKEND_WALLET_ADDRESS = process.env.ENGINE_BACKEND_WALLET as string;
-// const BACKEND_WALLET_ADDRESS = process.env.ENGINE_BACKEND_SMART_WALLET as string;
 const ENGINE_VAULT_ACCESS_TOKEN = process.env

---

42-42: Simplify decimals handling.

Line 42 converts token.decimals (a number) to a string, but lines 53 and 56 immediately parse it back to an integer. This is redundant and can be simplified.

Apply this diff:

-const decimals = queryParams.get("decimals") || token.decimals.toString();
+const decimals = queryParams.get("decimals") ? parseInt(queryParams.get("decimals")!) : token.decimals;

Then update lines 53 and 56 to use decimals directly:

   price: {
-    amount: toUnits(amount, parseInt(decimals)).toString(),
+    amount: toUnits(amount, decimals).toString(),
     asset: {
       address: tokenAddress as `0x${string}`,
-      decimals: decimals ? parseInt(decimals) : token.decimals,
+      decimals,
     },
   },

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between e254a69 and 7a08ea7.

📒 Files selected for processing (5)

• .changeset/ten-donuts-fail.md (1 hunks)
• .github/workflows/auto-assign.yml (1 hunks)
• apps/playground-web/src/app/api/paywall/route.ts (1 hunks)
• apps/playground-web/src/middleware.ts (0 hunks)
• packages/thirdweb/src/x402/facilitator.ts (4 hunks)

💤 Files with no reviewable changes (1)

• apps/playground-web/src/middleware.ts

🚧 Files skipped from review as they are similar to previous changes (3)

• .github/workflows/auto-assign.yml
• .changeset/ten-donuts-fail.md
• packages/thirdweb/src/x402/facilitator.ts

🧰 Additional context used

📓 Path-based instructions (3)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{ts,tsx}: Write idiomatic TypeScript with explicit function declarations and return types
Limit each file to one stateless, single-responsibility function for clarity
Re-use shared types from @/types or local types.ts barrels
Prefer type aliases over interface except for nominal shapes
Avoid any and unknown unless unavoidable; narrow generics when possible
Choose composition over inheritance; leverage utility types (Partial, Pick, etc.)
Comment only ambiguous logic; avoid restating TypeScript in prose

**/*.{ts,tsx}: Use explicit function declarations and explicit return types in TypeScript
Limit each file to one stateless, single‑responsibility function
Re‑use shared types from @/types where applicable
Prefer type aliases over interface except for nominal shapes
Avoid any and unknown unless unavoidable; narrow generics when possible
Prefer composition over inheritance; use utility types (Partial, Pick, etc.)
Lazy‑import optional features and avoid top‑level side‑effects to reduce bundle size

Files:

• apps/playground-web/src/app/api/paywall/route.ts

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (CLAUDE.md)

Load heavy dependencies inside async paths to keep initial bundle lean (lazy loading)

Files:

• apps/playground-web/src/app/api/paywall/route.ts

apps/{dashboard,playground-web}/**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

apps/{dashboard,playground-web}/**/*.{ts,tsx}: Import UI primitives from @/components/ui/* (Button, Input, Select, Tabs, Card, Sidebar, Badge, Separator) in dashboard and playground apps
Use NavLink for internal navigation with automatic active states in dashboard and playground apps
Use Tailwind CSS only – no inline styles or CSS modules
Use cn() from @/lib/utils for conditional class logic
Use design system tokens (e.g., bg-card, border-border, text-muted-foreground)
Server Components (Node edge): Start files with import "server-only";
Client Components (browser): Begin files with 'use client';
Always call getAuthToken() to retrieve JWT from cookies on server side
Use Authorization: Bearer header – never embed tokens in URLs
Return typed results (e.g., Project[], User[]) – avoid any
Wrap client-side data fetching calls in React Query (@tanstack/react-query)
Use descriptive, stable queryKeys for React Query cache hits
Configure staleTime/cacheTime in React Query based on freshness (default ≥ 60s)
Keep tokens secret via internal API routes or server actions
Never import posthog-js in server components

Files:

• apps/playground-web/src/app/api/paywall/route.ts

🧠 Learnings (1)

📚 Learning: 2025-05-27T19:56:16.920Z

Learnt from: MananTank
PR: thirdweb-dev/js#7177
File: apps/dashboard/src/app/(app)/(dashboard)/(chain)/[chain_id]/[contractAddress]/public-pages/erc20/_hooks/useTokenTransfers.ts:41-44
Timestamp: 2025-05-27T19:56:16.920Z
Learning: When reviewing hooks that use environment variables like NEXT_PUBLIC_DASHBOARD_THIRDWEB_CLIENT_ID for API calls, MananTank prefers not to add explicit validation checks for these variables, trusting they will be set in the deployment environment.

Applied to files:

• apps/playground-web/src/app/api/paywall/route.ts

🧬 Code graph analysis (1)

apps/playground-web/src/app/api/paywall/route.ts (2)

packages/thirdweb/src/x402/facilitator.ts (1)

• facilitator (107-262)

apps/playground-web/src/app/payments/x402/components/constants.ts (1)

• token (4-9)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Size
• GitHub Check: E2E Tests (pnpm, webpack)
• GitHub Check: Analyze (javascript)

🔇 Additional comments (3)

apps/playground-web/src/app/api/paywall/route.ts (3)

1-6: LGTM!

The imports are appropriate for the paywall route implementation.

---

62-62: Correctly passes waitUntil parameter (PR fix).

The waitUntil parameter is now correctly passed to settlePayment, which forwards it to the facilitator's settle function. This addresses the core issue described in the PR.

---

66-89: LGTM!

The response handling correctly differentiates between successful payments (status 200) and payment requests, properly propagating headers and status codes in both cases.