Summary of Changes

Hello @AnnatarHe, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request undertakes a significant refactoring of the authentication system by entirely removing MetaMask and web3 authentication capabilities. The core purpose is to resolve persistent hydration errors and simplify the application's dependency landscape. All related code, UI components, and utility functions have been either removed or stubbed out, ensuring a clean and functional state without web3 integration. The changes are marked for potential future re-introduction, but for now, the focus is on stability and a streamlined user experience through traditional OAuth methods.

Highlights

• MetaMask and Web3 Authentication Removal: The pull request completely removes the @metamask/sdk-react and all @web3-react/* packages, effectively disabling MetaMask and web3 authentication functionality across the application.
• Hydration Error Prevention: The primary motivation for these changes is to prevent hydration errors that were occurring due to the MetaMask SDK and web3-react packages.
• Code Commenting and Markers: All MetaMask-related code has been commented out using METAMASK DISABLED markers, allowing for easy re-enabling if web3 authentication is to be reintroduced in the future.
• Updated Authentication Pages: Authentication pages (auth-v2, auth-v4) have been updated to remove MetaMask login options, and the MetaMask callback route now displays a fallback page indicating the feature is disabled.
• Newbie Onboarding Flow Adjustment: The newbie onboarding flow has been modified to skip the MetaMask binding phase, streamlining the process for new users.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Pull Request Review - MetaMask Removal

Overview

This PR removes MetaMask SDK and web3-react packages to address hydration errors. The approach of commenting out code with clear markers is pragmatic and allows for potential re-enablement in the future.

✅ Strengths

1. Clear Documentation: Excellent use of METAMASK DISABLED markers throughout the codebase making it easy to locate all affected areas
2. Comprehensive Coverage: All 13 affected files have been properly handled with consistent patterns
3. User Experience: Added a helpful fallback page at /auth/callback/metamask/page.tsx that informs users and redirects them to alternative login methods
4. Safe Defaults: Components return null or pass-through children, preventing runtime errors
5. Onboarding Flow: Smart skip from phase 1 to phase 5 in newbie onboarding (line 165 in content.tsx)

🔍 Issues & Concerns

1. Security: Console.log in Production (HIGH)

Location: src/utils/wallet.ts:6

console.log(process.env.NEXT_PUBLIC_INFURA_KEY)

Issue: This logs a sensitive API key to the console. Even though MetaMask is disabled, this code is still in the file.
Recommendation: Remove this line entirely or comment it out within the METAMASK DISABLED block.

2. Unused GraphQL Query Still Imported (MEDIUM)

Location: src/components/auth.metamask.tsx:10

import { useAuthByWeb3LazyQuery } from '../schema/generated'

Issue: Commented code still imports GraphQL hooks that may no longer be needed, increasing bundle size unnecessarily.
Recommendation: Move ALL imports inside the comment block or verify if loginByWeb3 mutation is used elsewhere.

3. TypeScript Type Safety Compromised (MEDIUM)

Location: src/utils/wallet.ts:38

export async function signDataByWeb3(m: unknown): Promise<{...}>

Issue: Using unknown type instead of proper typing. While this prevents import errors, it weakens type safety.
Recommendation: Either create a minimal type stub or use never to make it clear this should never be called:

export async function signDataByWeb3(m: never): Promise<never> {
  throw new Error('MetaMask functionality is currently disabled')
}

4. Incomplete Cleanup in chains.ts (LOW)

Location: src/utils/chains.ts:84-86
The commented code shows a complex CHAINS object definition but exports are now empty objects. This could cause runtime errors if any code tries to access chain data.
Recommendation: Audit all usages of CHAINS and URLS exports to ensure nothing breaks.

5. ESLint Disable Comments (LOW)

Locations: Multiple files have // eslint-disable-next-line @typescript-eslint/no-unused-vars
Issue: While necessary, these indicate code smell. The commented parameters suggest these functions exist only as stubs.
Recommendation: Consider removing these stubs entirely and updating imports, OR clearly document why stubs are needed.

6. Progress Counter Mismatch (MEDIUM)

Location: src/app/dash/[userid]/newbie/content.tsx:69-72

<ProgressBlock value={phase + 1} max={6}>
  <h3 className='w-full text-center mt-2 block dark:text-white'>
    Progress: {phase + 1} / 6
  </h3>

Issue: The progress still shows "/ 6" but phases 2, 3, and 4 are now skipped. This is confusing UX.
Recommendation: Update to show "/ 3" (name, domain, avatar) or remap phase numbers to avoid gaps.

🧪 Testing Concerns

The test plan in the PR description is incomplete:

• Verify build passes without errors ← CRITICAL: This should be verified before merge
• Check bundle size reduction (removing 5 packages should significantly reduce bundle)
• Test error boundaries - what happens if someone bookmarked a MetaMask flow URL?
• Verify no console errors on all auth pages
• Test that existing users with MetaMask accounts can still access their data

📦 Dependency Cleanup

Good: The following packages were removed from package.json:

• @metamask/sdk-react
• @web3-react/core
• @web3-react/metamask
• @web3-react/network
• @web3-react/types

Result: ~5,126 lines removed from pnpm-lock.yaml (massive reduction!)

🎨 Code Style

The code follows project conventions well:

• ✅ Consistent comment markers
• ✅ Proper use of kebab-case and PascalCase
• ✅ Follows UI style guidelines (blue-400 primary color)
• ✅ Maintains dark mode support

🔒 Performance Impact

Positive:

• Significantly reduced bundle size (~5 packages removed)
• Fewer hydration checks needed
• Cleaner dependency tree

📋 Recommendations Summary

Before Merge (HIGH PRIORITY):

1. ✅ Remove or comment the console.log(process.env.NEXT_PUBLIC_INFURA_KEY) line
2. ✅ Run pnpm build and verify it succeeds
3. ✅ Fix progress counter (show /3 instead of /6 or renumber phases)
4. ✅ Audit CHAINS/URLS usage to prevent runtime errors

Nice to Have (MEDIUM):
5. ⚠️ Move unused imports into comment blocks
6. ⚠️ Improve TypeScript stub signatures
7. ⚠️ Add error boundary tests
8. ⚠️ Document bundle size savings in PR description

Future Consideration:
9. 💡 Consider creating a feature flag system instead of commenting code
10. 💡 Add integration tests for the remaining auth methods

🎯 Overall Assessment

Code Quality: 7/10
Approach: 8/10 (pragmatic, reversible)
Testing: 5/10 (test plan incomplete)
Security: 6/10 (console.log issue)

Recommendation: ✅ Approve with changes - Address the console.log security issue and verify the build before merging.

This is a solid approach to temporarily disabling MetaMask while keeping the option to re-enable it. The main concerns are ensuring the build succeeds and removing the API key logging.