Feature: Adds onramp webhook schema to sdk

[gregfromstl]

---

PR-Codex overview

This PR focuses on adding onramp webhook parsing for the Universal Bridge in the thirdweb package, along with updates to existing tests and schema definitions.

Detailed summary

• Introduced onramp webhook parsing logic.
• Updated test cases in Status.test.ts with new chainId and transactionHash.
• Refactored Webhook.test.ts to use bigint for amounts and added new payload validation.
• Expanded Webhook.ts with new schemas for onramp transactions.
• Adjusted parsing functions to accommodate new payload structure.

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

Summary by CodeRabbit

• New Features

  • Enhanced webhook parsing to support onramp webhooks for the Universal Bridge.

• Refactor

  • Improved validation and structure of webhook payloads for clearer distinction between onchain and onramp types.
  • Updated numeric fields to ensure correct data types and improved payload handling.

• Documentation

  • Added a changeset file describing the new onramp webhook parsing capability.

[linear]

TOOL-4883 Add Onramp Webhook Schema to SDK

[changeset-bot]

🦋 Changeset detected

Latest commit: fa5e13b

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 3 packages

Name	Type
thirdweb	Patch
@thirdweb-dev/nebula	Patch
@thirdweb-dev/wagmi-adapter	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
docs-v2	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jun 26, 2025 9:39pm
nebula	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jun 26, 2025 9:39pm
thirdweb_playground	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jun 26, 2025 9:39pm
thirdweb-www	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jun 26, 2025 9:39pm
wallet-ui	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jun 26, 2025 9:39pm

[coderabbitai]

Walkthrough

The webhook payload validation schema was refactored to use a new reusable tokenSchema for token details, replacing repeated inline definitions. The schema structure was split into discriminated unions for "pay.onchain-transaction" and "pay.onramp-transaction" types, each keyed by a version field. Numeric fields are coerced to bigint or number as appropriate. The parse function signature now explicitly returns a Promise<WebhookPayload>. Test cases were updated to reflect these schema changes.

Changes

File(s)	Change Summary
packages/thirdweb/src/bridge/Webhook.ts	Refactored webhook schema to use reusable tokenSchema; split into discriminated unions for "pay.onchain-transaction" and "pay.onramp-transaction" with explicit version and type literals; coerced numeric fields to bigint/number; updated type alias and parse function signature.
packages/thirdweb/src/bridge/Webhook.test.ts	Updated tests to use BigInt for amount fields and added type field in payloads to align with new schema structure.
packages/thirdweb/src/bridge/Status.test.ts	Updated test cases with new blockchain network and transaction hash values; no logic changes.
.changeset/eleven-taxis-mix.md	Added changeset documenting the addition of onramp webhook parsing without source code changes.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant Webhook
    participant Validator

    Client->>Webhook: Send payload (string), headers, secret
    Webhook->>Validator: Validate payload using webhookSchema
    Validator-->>Webhook: Return parsed and validated WebhookPayload
    Webhook-->>Client: Return Promise<WebhookPayload>

Loading

Possibly related PRs

• [Dashboard] Fix: Purchase Data #7225: Refactors webhook schema’s transactions field and improves typing of purchaseData, related to webhook payload structure changes.
• Add webhook verification functionality for secure payload validation #7103: Introduced the original Webhook.parse function with signature and timestamp verification; foundational to the current parsing enhancements.
• [SDK] Fix: Webhook Schema #7151: Expanded token representation and refined webhook schema structure, closely related to this PR’s schema refactoring.

Suggested reviewers

• gregfromstl

Warning

Review ran into problems

🔥 Problems

Errors were encountered while retrieving linked issues.

Errors (1)

• TEAM-0000: Entity not found: Issue - Could not find referenced Issue.

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 90db465 and fa5e13b.

📒 Files selected for processing (4)

• .changeset/eleven-taxis-mix.md (1 hunks)
• packages/thirdweb/src/bridge/Status.test.ts (2 hunks)
• packages/thirdweb/src/bridge/Webhook.test.ts (8 hunks)
• packages/thirdweb/src/bridge/Webhook.ts (4 hunks)

🚧 Files skipped from review as they are similar to previous changes (4)

• .changeset/eleven-taxis-mix.md
• packages/thirdweb/src/bridge/Status.test.ts
• packages/thirdweb/src/bridge/Webhook.test.ts
• packages/thirdweb/src/bridge/Webhook.ts

⏰ Context from checks skipped due to timeout of 90000ms (8)

• GitHub Check: E2E Tests (pnpm, esbuild)
• GitHub Check: Unit Tests
• GitHub Check: E2E Tests (pnpm, webpack)
• GitHub Check: E2E Tests (pnpm, vite)
• GitHub Check: Size
• GitHub Check: Build Packages
• GitHub Check: Lint Packages
• GitHub Check: Analyze (javascript)

✨ Finishing Touches

• 📝 Generate Docstrings

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[graphite-app]

How to use the Graphite Merge Queue

Add either label to this PR to merge it via the merge queue:

• merge-queue - adds this PR to the back of the merge queue
• hotfix - for urgent hot fixes, skip the queue and merge this PR next

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

packages/thirdweb/src/bridge/Webhook.ts (2)

5-10: Simplify zod schema definitions by removing redundant z.check().

The current usage of z.check(z.refine(...)) is redundant. The z.refine() method already provides the same validation functionality.

-const hexSchema = z
-  .string()
-  .check(z.refine(isHex, { message: "Invalid hex string" }));
-const addressSchema = z
-  .string()
-  .check(z.refine(isAddress, { message: "Invalid address" }));
+const hexSchema = z
+  .string()
+  .refine(isHex, { message: "Invalid hex string" });
+const addressSchema = z
+  .string()
+  .refine(isAddress, { message: "Invalid address" });

---

186-186: Remove redundant satisfies operator.

The satisfies operator is redundant since the function already has an explicit return type annotation. The TypeScript compiler will ensure type safety without it.

-  return parsedPayload satisfies WebhookPayload;
+  return parsedPayload;

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 45bb790 and b9b8ac5.

📒 Files selected for processing (1)

• packages/thirdweb/src/bridge/Webhook.ts (4 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

`**/*.@(ts|tsx)`: Accept a typed 'props' object and export a named function (e.g...

**/*.@(ts|tsx): Accept a typed 'props' object and export a named function (e.g., export function MyComponent()).
Combine class names via 'cn', expose 'className' prop if useful.
Reuse core UI primitives; avoid re-implementing buttons, cards, modals.
Local state or effects live inside; data fetching happens in hooks.
Merge class names with 'cn' from '@/lib/utils' to keep conditional logic readable.
Stick to design-tokens: background ('bg-card'), borders ('border-border'), muted text ('text-muted-foreground') etc.
Use the 'container' class with a 'max-w-7xl' cap for page width consistency.
Spacing utilities ('px-', 'py-', 'gap-*') are preferred over custom margins.
Responsive helpers follow mobile-first ('max-sm', 'md', 'lg', 'xl').
Never hard-code colors – always go through Tailwind variables.
Tailwind CSS is the styling system – avoid inline styles or CSS modules.
Prefix files with 'import "server-only";' so they never end up in the client bundle (for server-only code).

📄 Source: CodeRabbit Inference Engine (.cursor/rules/dashboard.mdc)

List of files the instruction was applied to:

• packages/thirdweb/src/bridge/Webhook.ts

🧠 Learnings (2)

📓 Common learnings

Learnt from: AmineAfia
PR: thirdweb-dev/js#7173
File: apps/dashboard/src/app/(app)/team/[team_slug]/[project_slug]/(sidebar)/webhooks/components/WebhooksTable.tsx:59-73
Timestamp: 2025-05-27T21:57:09.248Z
Learning: In the webhooks functionality, form validation prevents users from reaching test webhook functionality without entering a valid URL, ensuring data integrity before testing operations.

packages/thirdweb/src/bridge/Webhook.ts (1)

Learnt from: MananTank
PR: thirdweb-dev/js#7177
File: apps/dashboard/src/app/(app)/(dashboard)/(chain)/[chain_id]/[contractAddress]/public-pages/erc20/_hooks/useTokenPriceData.ts:49-49
Timestamp: 2025-05-27T19:55:25.056Z
Learning: In the ERC20 public pages token price data hook (`useTokenPriceData.ts`), direct array access on `json.data[0]` without optional chaining is intentionally correct and should not be changed to use safety checks.

🧬 Code Graph Analysis (1)

packages/thirdweb/src/bridge/Webhook.ts (2)

apps/dashboard/src/app/(app)/team/[team_slug]/[project_slug]/(sidebar)/tokens/create/_common/schema.ts (1)

• addressSchema (25-35)

packages/thirdweb/src/bridge/index.ts (1)

• WebhookPayload (21-21)

⏰ Context from checks skipped due to timeout of 90000ms (8)

• GitHub Check: E2E Tests (pnpm, vite)
• GitHub Check: E2E Tests (pnpm, webpack)
• GitHub Check: Size
• GitHub Check: E2E Tests (pnpm, esbuild)
• GitHub Check: Lint Packages
• GitHub Check: Unit Tests
• GitHub Check: Build Packages
• GitHub Check: Analyze (javascript)

🔇 Additional comments (4)

packages/thirdweb/src/bridge/Webhook.ts (4)

11-19: LGTM! Well-structured reusable token schema.

The tokenSchema provides good type safety and reusability across both onchain and onramp webhooks. The field types are appropriate and consistent.

---

21-55: LGTM! Proper discriminated union structure for onchain webhooks.

The discriminated union on version provides excellent type safety. The schema correctly:

• Separates version 1 (deprecated) from version 2 (current)
• Uses the reusable tokenSchema for token fields
• Includes appropriate type: "ONCHAIN" literals for discrimination

---

83-86: LGTM! Excellent use of discriminated union for webhook types.

The top-level discrimination on type field provides clear separation between "ONCHAIN" and "ONRAMP" webhooks, enabling proper type narrowing in consuming code.

---

121-121: Good addition of explicit return type.

The explicit Promise<WebhookPayload> return type improves API clarity and ensures type safety for consumers of this function.

[github-actions]

size-limit report 📦

Path	Size	Loading time (3g)	Running time (snapdragon)	Total time
thirdweb (esm)	63.13 KB (+0.62% 🔺)	1.3 s (+0.62% 🔺)	276 ms (+129.41% 🔺)	1.6 s
thirdweb (cjs)	351.84 KB (+0.02% 🔺)	7.1 s (+0.02% 🔺)	1.1 s (+7.99% 🔺)	8.1 s
thirdweb (minimal + tree-shaking)	5.72 KB (0%)	115 ms (0%)	105 ms (+1138.58% 🔺)	220 ms
thirdweb/chains (tree-shaking)	530 B (0%)	11 ms (0%)	34 ms (+1258.01% 🔺)	45 ms
thirdweb/react (minimal + tree-shaking)	19.61 KB (0%)	393 ms (0%)	86 ms (+382.14% 🔺)	478 ms

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 51.94%. Comparing base (45bb790) to head (fa5e13b).
Report is 2 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #7450      +/-   ##
==========================================
+ Coverage   51.92%   51.94%   +0.01%     
==========================================
  Files         947      947              
  Lines       63875    63899      +24     
  Branches     4214     4216       +2     
==========================================
+ Hits        33166    33190      +24     
  Misses      30603    30603              
  Partials      106      106              

Flag	Coverage Δ
packages	51.94% <100.00%> (+0.01%)	⬆️

Files with missing lines	Coverage Δ
packages/thirdweb/src/bridge/Webhook.ts	100.00% <100.00%> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[gregfromstl]

Merge activity

• Jun 26, 9:29 PM UTC: The merge label 'merge-queue' was detected. This PR will be added to the Graphite merge queue once it meets the requirements.
• Jun 26, 9:29 PM UTC: gregfromstl added this pull request to the Graphite merge queue.
• Jun 26, 9:40 PM UTC: Merged by the Graphite merge queue.