feat/solana alt

[l3wi]

• fix(cctp): handle MessageExpired (0x1780) on Solana mint with auto re-attestation
• fix(cctp): add CCTP v2 Solana error code mapping with user-friendly messages
• fix(cctp): toast-friendly error messages with specific titles and full log capture
• fix(cctp): add EVM revert reason mapping with toast-friendly error messages
• fix(history): resolve Solana wallet address from ATA when recovering transactions
• feat(bridge): ship multi-page tracking and app-owned rpc pipeline — add /bridge recovery flow, wallet-first transports, and generated metadata hooks
• chore(build): move generated artifacts to ignored .generated dir — switch metadata refresh to prebuild

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
cctp-bridge	Ready	Preview, Comment	Feb 22, 2026 8:02pm

[l3wi]

@codex pls take a look

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 785d870956

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Clear executed intent guard after execution attempts

The execute-intent dedupe uses a module-level Set and returns early when the same key is seen, but that key is only removed in handleBackToNew; the normal success path redirects to /bridge/... without clearing it, and failed starts also leave it set, so revisiting the same execute URL in-session can silently skip handleSend and leave users stuck on the waiting state.

Useful? React with 👍 / 👎.

[l3wi]

@claude please take a look

[l3wi]

@claude review the changes

[claude]

PR Review: feat/solana alt

This is a substantial PR — 10k+ lines covering multi-page tracking, an app-owned RPC pipeline, transaction recovery, structured error mapping, and auto re-attestation. Overall the architecture is solid and well-tested. Below are findings organized by severity.

---

Medium Issues

1. Silent failure when requestReattestation fails (lib/hooks/useMintPolling.ts)

The auto re-attestation useEffect swallows errors silently:

requestReattestation(burnChainId, reattestNonce).catch((err) => {
  console.error("[useMintPolling] reattestation request failed:", err);
});

If the Iris re-attestation POST fails (network error, rate limit, API down), the polling loop will keep checking for a fresh attestation that never arrives, and the user will eventually hit the 10-minute reattestTimedOut wall with no intermediate feedback. Consider showing a toast on catch so the user knows re-attestation is struggling, or at least set a dedicated error state.

2. allowsPostMethod fallback in scripts/generate-rpc-candidates.ts

function allowsPostMethod(response: Response): boolean {
  const allowMethods = response.headers.get("access-control-allow-methods");
  if (!allowMethods) {
    // Falls back to checking if origin is wildcard
    return response.headers.get("access-control-allow-origin") === "*";
  }
  ...
}

Absence of Access-Control-Allow-Methods in a preflight response does not mean POST is allowed — it means the preflight itself is malformed/incomplete. Some servers omit the header and still accept the actual request, so this produces false positives in the validation report. The workaround is acceptable for a build-time heuristic, but the warnings field should document when this fallback was triggered so it's visible in the report.

3. timedOut state in useBurnPolling may not be surfaced to the user

useBurnPolling now exposes timedOut: true after 60 seconds, but it's unclear from the diff whether the consuming components (bridging-state.tsx, etc.) render any distinct UI for this state. If timedOut is silently dropped, the user will see an indefinitely-spinning burn step with no error message. Worth verifying the full render path.

---

Low / Style Issues

4. setBoundedCacheEntry eviction order (lib/iris.ts)

function setBoundedCacheEntry<T>(cache, key, value, ttlMs) {
  // 1. sweep expired entries
  for (const [k, entry] of cache) {
    if (entry.expiresAt <= now) cache.delete(k);
  }
  cache.set(key, ...);
  // 2. if still over cap, evict oldest-by-insertion-order
  while (cache.size > IRIS_MAX_CACHE_ENTRIES) {
    const oldestKey = cache.keys().next().value;
    if (!oldestKey) break;
    cache.delete(oldestKey);
  }
}

After the expired-entry sweep, step 2 evicts the oldest-inserted key — which may be a recently written entry with a long TTL (e.g., a complete result with 60s TTL written just before 200 short-lived pending entries). A min-heap or evicting the entry with the nearest expiresAt would be more correct, though for 200 entries the practical impact is minimal.

5. formatAmount always produces 6 decimal places (lib/transactionRecovery.ts)

formatAmount("1000000") returns "1.000000" rather than "1". This may produce awkward display strings in the tracking page (e.g., "Transferred 1.000000 USDC"). Consider trimming trailing zeros: return ${whole}.${String(fractional).padStart(6, "0")}.replace(/\.?0+$/, '').

6. add-pending-transaction-card.tsx is 581 lines

The component blends attestation fetching, validation logic, wallet resolution, and rendering. This works, but it will be harder to test and maintain as edge cases accumulate. Extracting a useAddPendingTransaction hook for the async logic would help keep the component focused on rendering.

7. isRequestKeyForNetwork key-splitting assumption

const isRequestKeyForNetwork = (requestKey: string, ...) => {
  const [domain, , network] = requestKey.split(":");
  ...
};

The key format is {domain}:{normalizedHash}:{network}. EVM hashes are 0x… (no colons) and Solana hashes are Base58 (no colons), so this is safe today. But if the format ever changes this will silently mismatch. A comment or named constant for the separator position would make this more robust.

---

Behaviour Changes Worth Documenting

8. Analytics event timing change

Previously POST /api/meta was called client-side immediately after a successful burn (in useCrossEcosystemBridge). Now trackVerifiedBridgeView fires server-side when the /bridge/[sourceChainId]/[id] page is loaded. This means:

• Bridges that never navigate to the tracking page won't generate an analytics event
• The event now fires on every page load (including reloads and share-link visits), not just once on completion

The recipientResolution: "verified_from_iris" field is a nice addition for data quality, but the semantics of the bridge event have changed. Update the analytics README/docs if you track event definitions anywhere.

9. requestReattestation POST has no Content-Type header

The old implementation sent Content-Type: application/json with a presumably empty body. The new version sends a bare POST with no content-type. Verify that the Iris API documents this as the expected call signature — the lack of a request body with a CCTP-domain parameter is unusual and worth a comment confirming intent.

---

Positive Observations

• Deduplication of concurrent Iris requests — the pending*Requests maps cleanly prevent duplicate in-flight calls, which is important during rapid re-renders.
• Comprehensive CCTP error maps — covering 15+ Solana program errors and EVM revert patterns with user-friendly copy is excellent for debuggability.
• simulateSignedTransaction before Solana send — attaching simulationLogs to thrown errors will make Solana debugging dramatically easier.
• SSR-safe Zustand storage — the serverStorage shim is the correct pattern for Next.js.
• RPC validation script — the CORS preflight + chain ID verification approach is robust and the CORS_ORIGIN env guard in CI is a good footgun preventer.
• Test coverage — the new tests cover the non-trivial paths (nonce lookup, re-attestation polling, EVM/Solana error parsing, transaction recovery). The useMint tests that simulate MessageExpired are particularly valuable.
• recoveryAttemptRef in tracking page — cleanly prevents redundant Iris calls on re-render without reaching for useCallback over the entire recovery path.