Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
65 commits
Select commit Hold shift + click to select a range
efa0b32
feat: init next
w84april May 22, 2026
d26ff8d
feat: cleanup + remove more vite
w84april May 22, 2026
893f216
feat: make routing next native
w84april May 22, 2026
8a68945
feat: hydrate public vault data on the server
w84april May 22, 2026
664aa6e
fix: align migrated holdings route tests
w84april Jun 2, 2026
55c2799
perf: cache vaults page for fast landing navigation
w84april Jun 2, 2026
fad11da
chore: bun
w84april Jun 2, 2026
94b5e3b
chore: add vercel
w84april Jun 3, 2026
541850d
chore: upd codeql
w84april Jun 3, 2026
a578dfd
chore: upd to v4
w84april Jun 3, 2026
301acb5
chore: codeql upg
w84april Jun 3, 2026
5091dd8
chore: migrate ai support
w84april Jun 4, 2026
034884f
feat: make robots happy
w84april Jun 4, 2026
84e20f2
feat: revalidate landing 6h
w84april Jun 4, 2026
a9fcba6
refactor: split app shell from client providers
w84april Jun 5, 2026
91481b7
chore: add ssr measurement baseline
w84april Jun 5, 2026
112514b
refactor: scope app providers by route
w84april Jun 5, 2026
40a5a08
chore: increase performance for /vaults
w84april Jun 5, 2026
bee4550
fix: context lags
w84april Jun 5, 2026
cdfa203
Merge branch 'main' into feat/init-next
w84april Jun 5, 2026
af74b0a
Merge branch 'main' into feat/init-next
w84april Jun 8, 2026
e8aad1f
feat: improve vault SSR and SEO
w84april Jun 8, 2026
e5e1f4e
feat: prefetchRelatedVaultDetailSnapshots
w84april Jun 9, 2026
0441df8
feat: optimize token balances
w84april Jun 9, 2026
5102a9c
peft: wallet context isolation
w84april Jun 10, 2026
cc9d414
perf: split wallet context and defer vault token lists
w84april Jun 10, 2026
1251cd4
feat: initial logo update
w84april Jun 10, 2026
855ded2
feat: kill old logo
w84april Jun 10, 2026
10ae633
fix: logo display in widget
w84april Jun 10, 2026
c022d51
fix: displayname
w84april Jun 10, 2026
32baf11
fix: list fetch
w84april Jun 10, 2026
b04d11e
fix: decimals
w84april Jun 10, 2026
66451a4
fix: hide staking token from widget
w84april Jun 10, 2026
0b30fe7
fix: chart style
w84april Jun 10, 2026
34c7f39
Merge branch 'main' into feat/init-next
w84april Jun 12, 2026
2ce91cc
feat: server-hydrate cached vault list
w84april Jun 12, 2026
b354d7c
fix: skeleton
w84april Jun 12, 2026
05c7081
style: skeleton
w84april Jun 12, 2026
d62cd10
style: display icons on loading
w84april Jun 12, 2026
53bb22c
feat: ignore performance docs
w84april Jun 12, 2026
c850261
feat: vaults page improvements
w84april Jun 12, 2026
e05e840
feat: playwright
w84april Jun 16, 2026
c580776
chore: rm custom rate limit
w84april Jun 16, 2026
398b5ba
fix: skeleton
w84april Jun 16, 2026
28d16b3
fix: escape json-ld script content
w84april Jun 18, 2026
a9c6139
fix: validate gamma source urls
w84april Jun 18, 2026
8a1e0d9
fix: require route chain for vault detail
w84april Jun 18, 2026
15f029e
chore: gitignore
w84april Jun 18, 2026
70e85ff
fix: validate enso approval router
w84april Jun 18, 2026
75a50b9
fix: prevent shared caching for holdings
w84april Jun 18, 2026
9ead54a
feat: use yearn-price
w84april Jun 23, 2026
20d47ac
fix: gauge balance
w84april Jun 23, 2026
eb86575
chore: block tenderly in prod
w84april Jun 23, 2026
db5835f
fix: facets
w84april Jun 23, 2026
3bf5925
fix: cache
w84april Jun 23, 2026
4d64585
fix: address broken json
w84april Jun 23, 2026
d40f9dc
feat: improve seo
w84april Jun 23, 2026
bf6c160
fix: seo
w84april Jun 23, 2026
d903562
Merge branch 'main' into feat/init-next
w84april Jun 23, 2026
4deba8c
Merge branch 'main' into feat/init-next
w84april Jun 24, 2026
8f5c609
fix: widget price
w84april Jun 24, 2026
09e31eb
Merge branch 'main' into feat/init-next
w84april Jun 25, 2026
701afbc
fix: codeql
w84april Jun 25, 2026
6081611
fix: lint
w84april Jun 25, 2026
6ba344a
feat: init calldata validation
w84april Jun 26, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
68 changes: 39 additions & 29 deletions .env.example
Original file line number Diff line number Diff line change
@@ -1,59 +1,69 @@
# Client-exposed env vars must be prefixed with VITE_. Server-only vars must NOT be prefixed.
VITE_RPC_URI_FOR_1=
VITE_RPC_URI_FOR_10=
VITE_RPC_URI_FOR_100=
VITE_RPC_URI_FOR_137=
VITE_RPC_URI_FOR_146=
VITE_RPC_URI_FOR_250=
VITE_RPC_URI_FOR_8453=
VITE_RPC_URI_FOR_42161=
VITE_RPC_URI_FOR_747474=
# Client-exposed env vars must be prefixed with NEXT_PUBLIC_. Server-only vars must NOT be prefixed.
NEXT_PUBLIC_RPC_URI_FOR_1=
NEXT_PUBLIC_RPC_URI_FOR_10=
NEXT_PUBLIC_RPC_URI_FOR_100=
NEXT_PUBLIC_RPC_URI_FOR_137=
NEXT_PUBLIC_RPC_URI_FOR_146=
NEXT_PUBLIC_RPC_URI_FOR_250=
NEXT_PUBLIC_RPC_URI_FOR_8453=
NEXT_PUBLIC_RPC_URI_FOR_42161=
NEXT_PUBLIC_RPC_URI_FOR_747474=

# Tenderly Virtual TestNet mode: opt-in execution-chain override layer.
# Keep the app canonical on chain IDs like 1/10/8453 and map execution only through these vars.
# Repeat the *_FOR_<canonical_chain_id> pattern for each canonical chain you enable.
VITE_TENDERLY_MODE=
VITE_TENDERLY_CHAIN_ID_FOR_1=
VITE_TENDERLY_RPC_URI_FOR_1=
# Server-only Admin RPC for local scripts and cheatcodes. Keep this private and out of client-exposed VITE_ vars.
NEXT_PUBLIC_TENDERLY_MODE=
NEXT_PUBLIC_TENDERLY_CHAIN_ID_FOR_1=
NEXT_PUBLIC_TENDERLY_RPC_URI_FOR_1=
# Server-only Admin RPC for local scripts and cheatcodes. Keep this private and out of client-exposed NEXT_PUBLIC_ vars.
TENDERLY_ADMIN_RPC_URI_FOR_1=
VITE_TENDERLY_EXPLORER_URI_FOR_1=
NEXT_PUBLIC_TENDERLY_EXPLORER_URI_FOR_1=

PERSONAL_TENDERLY_API_KEY=
PERSONAL_ACCOUNT_SLUG=
PERSONAL_PROJECT_SLUG=
PERSONAL_TENDERLY_RPC_NAME=
TENDERLY_TEST_TX_FROM_ADDRESS=

VITE_ALCHEMY_KEY=
VITE_INFURA_PROJECT_ID=
VITE_PARTNER_ID_ADDRESS=
VITE_SHOULD_USE_PARTNER_CONTRACT=true
VITE_WALLETCONNECT_PROJECT_ID=
VITE_BASE_YEARN_ASSETS_URI=https://cdn.jsdelivr.net/gh/yearn/tokenassets@main
VITE_YDAEMON_BASE_URI=https://ydaemon.yearn.fi
VITE_KONG_REST_URL=https://kong.yearn.fi/api/rest
VITE_SENTRY_DSN=
NEXT_PUBLIC_ALCHEMY_KEY=
NEXT_PUBLIC_INFURA_PROJECT_ID=
NEXT_PUBLIC_PARTNER_ID_ADDRESS=
NEXT_PUBLIC_SHOULD_USE_PARTNER_CONTRACT=true
NEXT_PUBLIC_WALLETCONNECT_PROJECT_ID=

VITE_CLUSTERS_API_URL=https://api.clusters.xyz/v1
VITE_CLUSTERS_API_KEY=
# Optional local-only mock wallet for extensionless browser automation.
# Also supports ?agentWallet=true in dev, persisted in localStorage.
NEXT_PUBLIC_AGENT_WALLET=
NEXT_PUBLIC_AGENT_WALLET_ADDRESS=

NEXT_PUBLIC_BASE_YEARN_ASSETS_URI=https://cdn.jsdelivr.net/gh/yearn/tokenassets@main
NEXT_PUBLIC_YDAEMON_BASE_URI=https://ydaemon.yearn.fi
NEXT_PUBLIC_KONG_REST_URL=https://kong.yearn.fi/api/rest
NEXT_PUBLIC_SENTRY_DSN=

NEXT_PUBLIC_CLUSTERS_API_URL=https://api.clusters.xyz/v1
NEXT_PUBLIC_CLUSTERS_API_KEY=

# Balance fetching strategy: 'enso' (default) | 'multicall'
# Enso reduces RPC load by fetching all balances via their API in a single call
VITE_BALANCE_SOURCE=
NEXT_PUBLIC_BALANCE_SOURCE=
ENSO_API_KEY=
VITE_PLAUSIBLE_TRACK_LOCALHOST=
NEXT_PUBLIC_PLAUSIBLE_TRACK_LOCALHOST=

# Comma-separated extra Vite dev/preview hosts. Keep personal hostnames in local .env only.
ALLOWED_HOSTS=

# Enso routing: set to 'true' to disable Enso zaps, forcing direct deposit/withdraw only
VITE_ENSO_DISABLED=
NEXT_PUBLIC_ENSO_DISABLED=

# Holdings History API (server-only)
ENVIO_GRAPHQL_URL=http://localhost:8080/v1/graphql
ENVIO_PASSWORD=testing
HOLDINGS_TEST_WALLET_ADDRESS=
# Optional server-only Kong REST override. Falls back to NEXT_PUBLIC_KONG_REST_URL.
KONG_REST_URL=
# Optional private RPC for server-side holdings activity enrichment. Falls back to NEXT_PUBLIC_RPC_URI_FOR_<id>.
RPC_URI_FOR_1=
# Holdings storage
UPSTASH_REDIS_REST_URL_PORTFOLIO=
UPSTASH_REDIS_REST_TOKEN_PORTFOLIO=
Expand Down
77 changes: 21 additions & 56 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
@@ -1,28 +1,16 @@
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL"
name: CodeQL

on:
push:
branches: [ "main" ]
branches: ['main']
pull_request:
# The branches below must be a subset of the branches above
branches: [ "main" ]
branches: ['main']
schedule:
- cron: '24 20 * * 5'

jobs:
analyze:
name: Analyze
name: Analyze (${{ matrix.language }})
runs-on: ubuntu-latest
permissions:
actions: read
Expand All @@ -32,45 +20,22 @@ jobs:
strategy:
fail-fast: false
matrix:
language: [ 'javascript' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Use only 'java' to analyze code written in Java, Kotlin or both
# Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
include:
- language: javascript-typescript
category: /language:javascript
- language: actions
category: /language:actions

steps:
- name: Checkout repository
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v4
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.

# Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality


# Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v4

# ℹ️ Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun

# If the Autobuild fails above, remove it and uncomment the following three lines.
# modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.

# - run: |
# echo "Run, Build Application using script"
# ./location_of_script_within_repo/buildscript.sh

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v4
with:
category: "/language:${{matrix.language}}"
- name: Checkout repository
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3

- name: Initialize CodeQL
uses: github/codeql-action/init@v4
with:
languages: ${{ matrix.language }}

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v4
with:
category: ${{ matrix.category }}
5 changes: 5 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -42,9 +42,12 @@ _app
# docs
/docs/plans
/docs/temp
/docs/performance

# playwright
.playwright-mcp
.playwright-cli/
output/playwright/

# local worktree clones
yearn.fi-worktree-*
Expand All @@ -58,3 +61,5 @@ yearn.fi-worktree-*
.codex
.codex/*
.gstack/

.deepsec/
3 changes: 3 additions & 0 deletions .husky/pre-commit
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,8 @@ set -e
echo 'husky: running lint-staged checks'
bunx lint-staged

echo 'husky: running client/server boundary check'
bun run check:client-server-boundary

echo 'husky: running type check'
bun run tslint
19 changes: 11 additions & 8 deletions CLAUDE.md
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
# yearn.fi

Yearn Finance vaults interface — React 19 + TypeScript SPA (Vite, TanStack Query, Tailwind CSS 4, Wagmi/Viem).
Yearn Finance vaults interface — Next.js 16 App Router + React 19 + TypeScript, TanStack Query, Tailwind CSS 4, Wagmi/Viem.

## Commands

```bash
bun install # Install dependencies
bun run dev # Vite dev server + Bun API server; prompts for an API port when needed
bun run preview # Vite preview + Bun API server; prompts for an API port when needed
bun run build # TypeScript check + Vite build
bun run dev # Next dev server on 127.0.0.1:3000
bun run preview # Next production server on 127.0.0.1:3000 after a build
bun run build # Next production build
bun run test # Full Vitest suite
bunx vitest run src/path/to/test.ts # Single test file
bun run lint:fix # Biome format and fix
Expand Down Expand Up @@ -60,23 +60,26 @@ When writing a new `useEffect`, add a brief comment explaining why an alternativ

## Architecture

**Tech stack:** React 19, Vite, React Router (lazy-loaded), Tailwind CSS 4, TanStack Query, Wagmi/Viem/RainbowKit
**Tech stack:** Next.js 16 App Router, React 19, Tailwind CSS 4, TanStack Query, Wagmi/Viem/RainbowKit

**Path aliases** (defined in vite.config.ts):
**Path aliases** (defined in tsconfig.json and next.config.ts):
- `@/*` → `src/*`
- `@shared/*` → `src/components/shared/*`
- `@pages/*` → `src/components/pages/*`
- `@components/*` → `src/components/*`

**Key directories:**
- `app/` — Next App Router pages, route handlers, metadata, redirects, and root layout
- `src/components/shared/` — shared library (contexts, hooks, utils, types, contracts)
- `src/components/pages/` — route pages (landing, portfolio, vaults)
- `api/` — Vercel serverless functions (prod) / Bun dev server (local)
- `src/server/` — focused API endpoint implementations and shared server-side helpers used by `app/api/**/route.ts`

**Key patterns:**
- Context provider chain defined in `App.tsx` — read that file for the full order
- Next route wrappers in `app/**/page.tsx` own route-level metadata and render client page components from `src/components/pages/`
- `src/navigation/` provides small client helpers backed by Next navigation context
- `/api/*` is served by explicit Next route handlers under `app/api/**/route.ts`; there is no catch-all API dispatcher
- Vault data flows through `useYearn` context → filtered/sorted via hooks in `@shared/hooks/`
- Dual server: `bun run dev` starts Vite plus a Bun API server and keeps `/api/*` proxied to the selected API port. In prod, `api/` runs as Vercel serverless functions.

## Multi-Chain

Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
git remote add upstream https://github.com/yearn/yearn.fi.git
```

- Optional: Create `.env` file in root directory of repo then copy contents of `.env.example` to `.env` and replace values with your own keys. If you do not do this the default values from `next.config.js` will be used.
- Optional: Create a `.env` file in the repo root, copy `.env.example`, and replace values with your own keys. Client-readable values must use the `NEXT_PUBLIC_` prefix; server-only secrets must stay unprefixed.

``` bash
cp .env.example .env
Expand Down
Loading