Skip to content

feat: migrate connect flow to web-based auth via account.vana.org#10

Draft
Kahtaf wants to merge 16 commits intomainfrom
feat/web-connect-flow
Draft

feat: migrate connect flow to web-based auth via account.vana.org#10
Kahtaf wants to merge 16 commits intomainfrom
feat/web-connect-flow

Conversation

@Kahtaf
Copy link
Member

@Kahtaf Kahtaf commented Feb 18, 2026

Summary

  • Migrate from desktop deep-link flow (vana://connect) to web-based authentication through account.vana.org. Users now sign in on the web, then deep link into Data Connect in an already-authenticated state.
  • SDK: Rename deepLinkUrlconnectUrl throughout types, hooks, and components. connect() now builds an account.vana.org/connect?sessionId=...&secret=... URL. React hooks/components open the URL in a new tab.
  • Connect app: Add Privy React SDK integration with /login (email OTP + Google/Apple OAuth) and /connect (master key signing + deep link) pages, plus /api/sign server-side signing oracle with allowlist validation.

Changes

SDK (src/)

  • Add accountUrl to environment config in core/constants.ts (account-dev.vana.org / account.vana.org)
  • Rename deepLinkUrlconnectUrl in core/types.ts, react/useVanaConnect.ts, react/useVanaData.ts, react/ConnectButton.tsx
  • server/connect.ts: connect() builds web URL from relay response; SessionRelay returns raw relay response
  • server/session-relay.ts: New RelaySessionInitResult type for raw relay data
  • Default button label changed to "Connect with Vana"

Connect app (connect/)

  • New (connect)/ route group with PrivyProvider layout
  • /login page: email OTP + Google/Apple OAuth via Privy React SDK
  • /connect page: master key signing + deep link to Data Connect
  • /api/sign route: server-side signing oracle with allowlist validation
  • Added @privy-io/react-auth, @privy-io/node, viem dependencies
  • CSS fix for Privy modal min-height

Example (examples/nextjs-starter/)

  • Updated to use connectUrl instead of deepLinkUrl
  • Workspace dependency reference (workspace:*)

Tests

  • Updated connect.test.ts with new connectUrl assertions (3 new test cases)
  • New sign-validation.test.ts for signing allowlist
  • Updated constants.test.ts for accountUrl

Test plan

  • pnpm test passes (all 68 tests)
  • Manual: verify /login flow with email OTP
  • Manual: verify /connect page deep links correctly
  • Manual: verify ConnectButton opens new tab to account.vana.org
  • Manual: verify example app uses connectUrl correctly

Replace desktop deep-link flow (vana://connect) with web-based authentication
through account.vana.org. Users now sign in on the web, then deep link into
Data Connect in an already-authenticated state.

SDK changes:
- Add accountUrl to environment config (core/constants.ts)
- Rename deepLinkUrl → connectUrl in types, hooks, and components
- connect() builds account.vana.org/connect?sessionId=...&secret=... URL
- SessionRelay returns raw relay response; connect() wraps it with connectUrl
- React hooks/components open connectUrl in new tab instead of vana:// deep link
- Default button label: "Connect with Vana"

Connect app:
- New route group (connect)/ with PrivyProvider layout
- /login page: email OTP + Google/Apple OAuth via Privy React SDK
- /connect page: master key signing + deep link to Data Connect
- /api/sign route: server-side signing oracle with allowlist validation
- Added @privy-io/react-auth, @privy-io/node, viem dependencies
- CSS fix for Privy modal min-height

Tests:
- Updated connect.test.ts with new connectUrl assertions
- New sign-validation.test.ts for signing allowlist
- Updated constants.test.ts for accountUrl
@vercel
Copy link

vercel bot commented Feb 18, 2026

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
connect Error Error Feb 18, 2026 8:24am
vana-connect-nextjs-starter Ready Ready Preview Feb 18, 2026 8:24am

Request Review

callumflack and others added 6 commits February 18, 2026 16:06
Add initial admin registration UI with a debug-state helper and a
placeholder apps page so builder setup has a dedicated in-product surface.

Co-authored-by: Cursor <cursoragent@cursor.com>
Extend PageShell with optional top-right utility actions so routes can show
logout and builder navigation affordances consistently.

Co-authored-by: Cursor <cursoragent@cursor.com>
Update the grants page layout to expose logout and a direct builder
configuration link while keeping launch-first onboarding intact.

Co-authored-by: Cursor <cursoragent@cursor.com>
Clarify focus-visible and focus-within utility tokens and fix inline icon sizing
for spinner-based text content.

Co-authored-by: Cursor <cursoragent@cursor.com>
Register GT America Mono as a local variable font family and expose it through
the shared mono token for app typography usage.

Co-authored-by: Cursor <cursoragent@cursor.com>
Document VANA_SCOPES in the starter env template so scope selection is explicit
for local setup.

Co-authored-by: Cursor <cursoragent@cursor.com>
callumflack and others added 6 commits February 18, 2026 17:15
Use shared ghost button styles for top utility actions so shell navigation remains consistent.

Co-authored-by: Cursor <cursoragent@cursor.com>
Add a dedicated footer slot and reserved footer row so panel layout stays stable across pages.

Co-authored-by: Cursor <cursoragent@cursor.com>
Reuse shared components on admin page.

Co-authored-by: Cursor <cursoragent@cursor.com>
Add empty and seven-app scenarios, scrollable app rows, and docs for UI implementation patterns.

Co-authored-by: Cursor <cursoragent@cursor.com>
Read debug params at runtime and only apply debug overrides when explicitly enabled.

Co-authored-by: Cursor <cursoragent@cursor.com>
Move the grants builder CTA into the panel footer slot and keep the link inline with an arrow icon.

Co-authored-by: Cursor <cursoragent@cursor.com>
callumflack and others added 3 commits February 18, 2026 18:13
Split each app row into a link area and a delete control.
Gate removal behind an AlertDialog so users can safely remove and re-register apps.

Co-authored-by: Cursor <cursoragent@cursor.com>
Save registered apps with canonical URL dedupe, resolve names via a safe
metadata endpoint with timeout and hostname fallback, and align debug fixtures.

Co-authored-by: Cursor <cursoragent@cursor.com>
Place the copy action below env output for better visibility and tap targets.

Co-authored-by: Cursor <cursoragent@cursor.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants

Comments