chore: update starknet.js version

[MartianGreed]

Closes #

Introduced changes

Checklist

• Linked relevant issue
• Updated relevant documentation
• Added relevant tests
• Add a dedicated CI job for new examples
• Performed self-review of the code

Summary by CodeRabbit

• New Features

  • waitForEntityChange now resolves immediately if an entity already satisfies the predicate.
  • Account creation unified to an options-object style across examples and tooling.

• Bug Fixes

  • Entity IDs are now consistently padded to 66-character 0x-prefixed hex strings across SDK/utilities.
  • Improved primitive parsing (timestamps, numeric types) for entity data.

• Chores

  • Multiple packages bumped (1.7.x previews/RCs); dependency and workspace upgrades.

• Documentation

  • Changelogs and release metadata updated.

[coderabbitai]

Walkthrough

This PR applies multiple 1.7.x RC/preview version bumps, migrates Account/Contract constructors to options-object signatures, ensures entity IDs are zero‑padded to 66 chars, revises primitive parsing, adds an immediate-check path to waitForEntityChange, and introduces a newAccount factory in create-burner.

Changes

Cohort / File(s)	Summary
Release metadata & changesets .changeset/*, /.changeset/pre.json	Added many changeset files and a pre-release descriptor for 1.7-rc including listed changesets.
Version bumps & changelogs packages/*/CHANGELOG.md, packages/*/package.json, packages/torii-wasm/dojo.c	Inserted RC/preview changelog blocks and bumped versions across many @dojoengine packages; updated torii-wasm submodule pointer.
Account/Contract constructor migration (examples & mocks) examples/**/src/**/DojoContext.tsx, examples/**/src/**/setup.ts, examples/**/src/**/createBurner.ts, examples/example-vue-app-recs/src/utils/index.ts, packages/create-burner/test/mocks/mocks.ts	Replaced positional Account(...)/new Contract(...) usage with object-based { provider, address, signer, ... } forms; removed trailing numeric args.
Core provider call changes packages/core/src/provider/DojoProvider.ts	Switched Contract instantiation and call paths to options-object form; changed DojoProvider.call return type to CallResult and improved error messages.
create-burner: factory & managers packages/create-burner/src/manager/*	Added exported newAccount factory and setupBurnerManager; replaced direct Account instantiation with newAccount(...); BurnerManager now accepts feeTokenAddress.
predeployed-connector: account/paymaster & packaging packages/predeployed-connector/src/index.ts, packages/predeployed-connector/package.json	Migrated wallet/account construction to object signatures (explicit cairoVersion: "1", paymaster), switched transaction enum to ETransactionVersion.V3, adjusted error codes/messages, and tweaked package devDeps/build script.
Entity parsing (internal) packages/internal/src/parseEntities.ts, packages/internal/src/__tests__/parseEntities.test.ts	Use addAddressPadding for entityId; refactored primitive parsing (u64/i64 handling, BigInt for 128/256); updated and added tests to reflect padding and numeric parsing.
Utils: getEntityIdFromKeys & tests packages/utils/src/utils/index.ts, packages/utils/src/_test_/utils/index.test.ts	Exported getEntityIdFromKeys, updated it to return padded 66-char IDs via addAddressPadding, and added tests asserting format/determinism.
State: waitForEntityChange immediate path & tests packages/state/src/zustand/zustand.ts, packages/state/src/__tests__/state.test.ts, packages/state/src/__tests__/zustand-implementation.test.ts	waitForEntityChange now checks current state and resolves immediately if predicate matches; added immediate-resolution test and removed an obsolete timeout test.
SDK: Contract usage packages/sdk/src/web/execute.ts	Switched Contract construction to options-object form in world proxy creation.
Repo deps & examples package.json, examples/example-vite-token-balance/package.json	Bumped starknet and @starknet-react packages, updated workspace catalog entries, and updated example Cartridge deps.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor App
  participant Store as Zustand Store
  note over App,Store: waitForEntityChange(entityId, predicate, timeout)
  App->>Store: waitForEntityChange(...)
  alt Predicate already true
    Store-->>App: Resolve immediately with entity
  else Await changes
    Store->>Store: Subscribe to state changes
    par Timeout window
      Store-->>App: Reject on timeout
    and On matching update
      Store->>Store: Unsubscribe, clear timeout
      Store-->>App: Resolve with entity
    end
  end

Loading

sequenceDiagram
  autonumber
  participant Client
  participant DojoProvider
  participant Contract
  Client->>DojoProvider: call(namespace, call)
  DojoProvider->>Contract: new Contract({ abi, address, providerOrAccount })
  DojoProvider->>Contract: invoke call
  alt Success
    Contract-->>DojoProvider: CallResult
    DojoProvider-->>Client: CallResult
  else Error
    Contract-->>DojoProvider: Error
    DojoProvider-->>Client: Throw Error("Failed to callContract <name>: ...")
  end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• feat: sdk reusable query hooks #402 — Adds hooks and consumers that rely on getEntityIdFromKeys; closely related to the exported padding change.
• feat: add ToriiQueryBuilder and ClauseBuilder #378 — Modifies parseEntities and ID/address padding; overlaps with internal parsing/padding updates.
• fix: predeployed connector warning #400 — Changes Account/PredeployedWalletAccount construction and related imports; aligns with predeployed-connector changes here.

Pre-merge checks (3 warnings)

❌ Failed checks (3 warnings)

Check name	Status	Explanation	Resolution
Title Check	⚠️ Warning	The pull request title “chore: update starknet.js version” does not accurately describe the primary changes in this release candidate, which include bumping multiple @dojoengine packages to 1.7.0-rc versions, adding SDK fixes for entity ID padding, refactoring example code, and updating changelogs across the monorepo.	Rename the pull request to clearly summarise the main objective, for example “chore: prepare 1.7.0-rc release – bump packages, apply SDK entity ID padding fix and update examples to object-based Account constructor”.
Description Check	⚠️ Warning	The pull request description is essentially empty and does not follow the repository template: it lacks referenced issue numbers, a summary of introduced changes, and checklist details, making it impossible to understand what this PR delivers.	Populate the description sections by listing the resolved issue IDs, a concise but comprehensive summary of the changes (package bumps, patches, example updates, and tests added), and update the checklist to reflect completed tasks or remove irrelevant items.
Docstring Coverage	⚠️ Warning	Docstring coverage is 30.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

Poem

I nibble keys and pad each one,
0x and sixty-four hex done.
Accounts now tidy in an object snug,
Provider calls are neat and snug.
Store wakes quick — no waiting, just fun. 🐇✨

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch release/1.7

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 8

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (4)

packages/create-burner/package.json (1)

31-56: Duplicate @scure/bip32 in deps and devDeps with different ranges.

This can cause resolution ambiguity. Keep it in one place and align versions.

Apply one of the following diffs:

Option A: Keep in dependencies only

   "devDependencies": {
-    "@scure/bip32": "^1.4.0",
   },
   "dependencies": {
-    "@scure/bip32": "^1.5.0",
+    "@scure/bip32": "^1.5.0",
   }

Option B: Keep in devDependencies only (if not required at runtime)

   "devDependencies": {
-    "@scure/bip32": "^1.4.0",
+    "@scure/bip32": "^1.5.0",
   },
   "dependencies": {
-    "@scure/bip32": "^1.5.0",
   }

packages/predeployed-connector/src/index.ts (1)

251-268: Use the new static connect and pass rpc; ensure type matches.

Ensure the returned type is PredeployedWalletAccount and rpc is threaded.

-            account: PredeployedWalletAccount.connect(
-                provider,
-                new PredeployedWallet(
-                    `${id}-${idx}`,
-                    `${name} ${idx}`,
-                    new Account({
-                        provider,
-                        address: a.address,
-                        signer: a.privateKey,
-                        cairoVersion: "1",
-                        transactionVersion: ETransactionVersion.V3,
-                    })
-                )
-            ),
+            account: PredeployedWalletAccount.connect(
+                provider,
+                new PredeployedWallet(
+                    `${id}-${idx}`,
+                    `${name} ${idx}`,
+                    new Account({
+                        provider,
+                        address: a.address,
+                        signer: a.privateKey,
+                        cairoVersion: "1",
+                        transactionVersion: ETransactionVersion.V3,
+                    })
+                ),
+                options.rpc
+            ),

packages/core/src/provider/DojoProvider.ts (2)

156-168: uuid(): callContract response handling is incorrect with starknet.js >= v6.

RpcProvider.callContract returns { result: string[] }, not a string[]. Access result.result and fix parsing. Also standardize error messages.

-            const result = await this.provider.callContract({
+            const { result } = await this.provider.callContract({
                 contractAddress: this.getWorldAddress(),
                 entrypoint: WorldEntryPoints.uuid,
                 calldata: [],
             });
-            if (result && result.length === 1) {
-                return parseInt(result[0]);
+            if (result?.length === 1) {
+                return Number(BigInt(result[0]));
             }
             throw new Error("Contract did not return expected uuid");
         } catch (error) {
-            this.logger.error(`Failed to fetch uuid: ${error}`);
-            throw new Error(`Failed to fetch uuid: ${error}`);
+            const message = error instanceof Error ? error.message : String(error);
+            this.logger.error(`Failed to fetch uuid: ${message}`);
+            throw new Error(`Failed to fetch uuid: ${message}`);
         }

---

112-119: entities(): returning an awaited value as Promise is a type bug.

You await then cast to Promise<...>. Return the value, not a Promise.

-            return (await this.contract.call(WorldEntryPoints.entities, [
+            return (await this.contract.call(WorldEntryPoints.entities, [
                 shortString.encodeShortString(model),
                 index,
                 values,
                 valuesLength,
                 valuesLayout,
-            ])) as unknown as Promise<Array<Array<bigint>>>;
+            ])) as unknown as Array<Array<bigint>>;

🧹 Nitpick comments (28)

examples/example-vite-react-threejs-recs/src/dojo/DojoContext.tsx (1)

41-47: Optional: make tx version explicit and confirm RPC compatibility

Consider adding transactionVersion: ETransactionVersion.V3 for clarity, and ensure your RPC endpoint supports RPC v0.8.x or v0.9.x which v8 targets. (starknetjs.com)

-import { Account, RpcProvider } from "starknet";
+import { Account, RpcProvider, ETransactionVersion } from "starknet";

   const masterAccount = useMemo(
     () =>
       new Account({
         provider: rpcProvider,
         address: masterAddress,
         signer: masterPrivateKey,
+        transactionVersion: ETransactionVersion.V3,
       }),
     [rpcProvider, masterAddress, masterPrivateKey]
   );

examples/example-vite-react-app-recs/src/dojo/setup.ts (2)

40-42: Fix broken comment line wrap.
Apply:

-    // Initialize the Dojo provider with t
-    // he manifest and RPC URL
+    // Initialize the Dojo provider with the manifest and RPC URL

---

56-66: Optional: validate masterPrivateKey format before constructing Account.

Guard against empty/invalid hex to fail fast in examples.
Example:

-    const burnerManager = new BurnerManager({
-        masterAccount: new Account({
+    const burnerManager = new BurnerManager({
+        masterAccount: new Account({
             provider: dojoProvider.provider,
             address: config.masterAddress,
             signer: config.masterPrivateKey,
         }),

Add above:

const assertHexKey = (k: string) => {
  if (!/^0x[0-9a-fA-F]+$/.test(k)) throw new Error("masterPrivateKey must be 0x-prefixed hex");
};
assertHexKey(config.masterPrivateKey);

examples/example-vite-react-app-recs/src/dojo/DojoContext.tsx (1)

32-40: Optional: dependency stability.

If dojoProvider.provider can be re-created upstream, masterAccount will be rebuilt often. If the provider instance is stable, you're fine; otherwise consider memoizing the provider itself at creation site.

.changeset/plenty-women-read.md (1)

1-16: Nit: expand the release note.

Consider adding a one-liner describing which primitives were fixed to aid consumers scanning changelogs.

.changeset/tiny-suns-read.md (1)

16-16: Clarify scope of the fix in the note.

Add a short clause that padded entityIds affect SDK consumers (utils/state/core) so downstream packages know why they’re bumped.

.changeset/smooth-dragons-write.md (1)

16-16: Include the concrete starknet.js version(s).

Listing exact versions (e.g., “starknet.js 7.x → 7.y”) improves traceability in release notes.

.changeset/huge-paths-switch.md (1)

16-16: Tighten the note.

Consider “chore(core): bump dojo.c version” (or whichever package actually requires dojo.c) to make the scope explicit.

packages/utils/src/utils/index.ts (1)

268-282: Docstring vs implementation mismatch on single-key entities.

Comment says “single key → direct ID,” but code always hashes. Either restore the single-key fast-path or update the doc to “always hashed (padded)”.

Option A (update docs):

- * Determines the entity ID from an array of keys. If only one key is provided,
- * it's directly used as the entity ID. Otherwise, a poseidon hash of the keys is calculated.
+ * Determines the entity ID from an array of keys by hashing the keys with Poseidon,
+ * then padding to a 0x-prefixed 64-hex address for consistency.

Option B (restore single-key path):

 export function getEntityIdFromKeys(keys: bigint[]): Entity {
-    // calculate the poseidon hash of the keys
-    const poseidon = poseidonHashMany(keys);
-    // Ensure consistent padding for entity IDs
-    return addAddressPadding("0x" + poseidon.toString(16)) as Entity;
+    if (keys.length === 1) {
+        return addAddressPadding("0x" + keys[0].toString(16)) as Entity;
+    }
+    const poseidon = poseidonHashMany(keys);
+    return addAddressPadding("0x" + poseidon.toString(16)) as Entity;
 }

examples/example-vite-react-pwa-recs/src/dojo/DojoContext.tsx (1)

35-39: Confirm behavioral parity with the old ctor (dropped trailing “1”).

If the previous fourth arg selected cairoVersion or chainId, ensure the object-form ctor defaults match, or set the field explicitly.

I can generate a codemod and an eslint rule to prevent future positional-ctor regressions. Want me to add it?

examples/example-vanillajs-phaser-recs/src/dojo/setup.ts (1)

91-91: Use console.error for error path.

Minor consistency/readability.

-        console.log("Failed to create burner manager:", e);
+        console.error("Failed to create burner manager:", e);

examples/example-vue-app-recs/src/utils/index.ts (1)

74-81: Optional: use a private key generator, not randomAddress, for clarity.

If the new starknet.js prefers a Signer or explicit key type, consider using ec.starkCurve.utils.randomPrivateKey().

-    const privateKey = stark.randomAddress();
+    const privateKey = ec.starkCurve.utils.randomPrivateKey();

packages/core/src/provider/DojoProvider.ts (1)

199-201: Fix logging typos and avoid leaking raw Error objects.

Use “occurred” and normalize error messages for consistency.

-            this.logger.error("Error occured: ", error);
+            this.logger.error("Error occurred: ", error);

And prefer:

-            this.logger.error("Error occurred: ", error);
-            throw error;
+            const message = error instanceof Error ? error.message : String(error);
+            this.logger.error("Error occurred: ", message);
+            throw new Error(message);

Also applies to: 90-91, 120-121, 137-138

packages/sdk/src/web/state/zustand.ts (1)

320-337: Minor robustness: declare timer before subscribe; use selector to reduce re-renders.

Avoid TDZ foot-guns and subscribe only to the entity slice.

-                            const unsubscribe = useStore.subscribe((state) => {
-                                const entity = state.entities[entityId];
-                                if (predicate(entity)) {
-                                    clearTimeout(timer);
-                                    unsubscribe();
-                                    resolve(entity);
-                                }
-                            });
-
-                            const timer = setTimeout(() => {
+                            const timer = setTimeout(() => {
                                 unsubscribe();
                                 reject(
                                     new Error(
                                         `waitForEntityChange: Timeout of ${timeout}ms exceeded`
                                     )
                                 );
                             }, timeout);
+                            const unsubscribe = useStore.subscribe(
+                                (state) => state.entities[entityId],
+                                (entity) => {
+                                    if (predicate(entity)) {
+                                        clearTimeout(timer);
+                                        unsubscribe();
+                                        resolve(entity);
+                                    }
+                                }
+                            );

packages/utils/CHANGELOG.md (1)

3-13: Changelog reads well; consider linking issues.

Optional: add GitHub links for #484 and #485 for easier navigation.

packages/create-burner/src/manager/predeployedManager.ts (3)

136-142: Avoid hardcoding Cairo version.

Consider threading cairoVersion from options or a class constant instead of repeating "1".

-        this.account = newAccount(
+        this.account = newAccount(
             this.provider,
             address,
             storage[address].privateKey,
-            "1"
+            this.cairoVersion ?? "1"
         );

Add a class field initialized from constructor options if appropriate.

---

150-156: Return path consistency.

Same suggestion as above for cairoVersion to keep consistency across getters.

---

177-183: Consistency for getActiveAccount().

Reuse the same cairoVersion source to avoid drift.

packages/create-burner/src/manager/index.ts (1)

9-21: Simple, cohesive factory. Consider defaulting cairoVersion to "1".

Removes repetitive literals at call sites.

-export function newAccount(
+export function newAccount(
     provider: ProviderOptions | ProviderInterface,
     address: string,
     signer: Uint8Array | string | SignerInterface,
-    cairoVersion: CairoVersion
+    cairoVersion: CairoVersion = "1"
 ): Account {

packages/utils/src/_test_/utils/index.test.ts (1)

167-173: Add a negative case to ensure different keys produce different IDs.

Guards against accidental collisions/ordering bugs.

 it("should produce consistent entity IDs for the same keys", () => {
     const keys = [BigInt(42), BigInt(100)];
     const id1 = getEntityIdFromKeys(keys);
     const id2 = getEntityIdFromKeys(keys);
     expect(id1).toBe(id2);
 });
+it("should produce different IDs for different keys", () => {
+    const idA = getEntityIdFromKeys([1n, 2n]);
+    const idB = getEntityIdFromKeys([2n, 1n]);
+    expect(idA).not.toBe(idB);
+});

packages/create-burner/src/manager/burnerManager.ts (1)

236-242: DRY the Cairo version argument.

Same optional improvement: source cairoVersion from a single place to avoid magic strings.

Also applies to: 259-265, 286-292, 327-327

packages/sdk/src/internal/parseEntities.ts (4)

22-22: Harden hashed_keys handling (string vs array) before padding.

Some Torii shapes expose hashed_keys as an array. Guarding this avoids surprises.

-        const entityId = addAddressPadding(entity.hashed_keys);
+        const key = Array.isArray(entity.hashed_keys)
+            ? entity.hashed_keys[0]
+            : entity.hashed_keys;
+        const entityId = addAddressPadding(key);

---

129-153: Avoid precision loss for 64-bit ints; auto-upgrade to BigInt when unsafe.

Parsing u64/i64 with Number(...) silently corrupts values > 2^53-1 in JS. Suggest “auto” behavior: return a Number when safe, otherwise BigInt. Backward compatible for small values.

-        case "u64":
-        case "i64":
-            return Number(value.value as string);
+        case "u64":
+        case "i64": {
+            const raw = value.value as string | number;
+            if (typeof raw === "number") return raw;
+            const bi = BigInt(raw);
+            if (bi > BigInt(Number.MAX_SAFE_INTEGER) || bi < BigInt(Number.MIN_SAFE_INTEGER)) {
+                return bi; // preserve exactness for large 64-bit values
+            }
+            return Number(raw);
+        }

If you prefer an explicit policy (e.g., always number/bigint), I can add an optional parsing flag to parseEntities(options) and thread it through.

---

139-151: Document intentional fall-through cases.

The explicit cases for small ints/bool/addresses fall through to default. Add a one-liner to avoid confusion for future readers.

-        case "u8":
+        case "u8": // intentional fall-through to default (use raw value)

---

62-62: Return result directly.

Object.values(result) on an array is redundant; returning result is clearer.

-    return Object.values(result);
+    return result;

packages/create-burner/src/manager/setupBurnerManager.ts (1)

6-18: Reuse a single RpcProvider instance for both Account and manager.

You construct two providers for the same URL. Reuse one to cut connection overhead and keep telemetry consistent.

 export const setupBurnerManager = async (config: DojoConfig) => {
-    const burnerManager = new BurnerManager({
-        masterAccount: newAccount(
-            {
-                nodeUrl: config.rpcUrl,
-            },
-            config.masterAddress,
-            config.masterPrivateKey,
-            "1"
-        ),
-        accountClassHash: config.accountClassHash,
-        rpcProvider: new RpcProvider({ nodeUrl: config.rpcUrl }),
+    const rpc = new RpcProvider({ nodeUrl: config.rpcUrl });
+    const burnerManager = new BurnerManager({
+        masterAccount: newAccount(
+            rpc,
+            config.masterAddress,
+            config.masterPrivateKey,
+            "1"
+        ),
+        accountClassHash: config.accountClassHash,
+        rpcProvider: rpc,
         feeTokenAddress: config.feeTokenAddress,
     });

packages/sdk/src/__tests__/parseEntities.test.ts (2)

601-606: Test relies on imprecise JS Numbers for 64-bit extremes.

18446744073709551615 and -9223372036854775808 cannot be represented exactly as JS numbers; assertions pass but mask precision loss. Consider switching expectations to BigInt once parser uses the “auto” strategy, or assert on string form if you keep numbers.

Example update (if adopting BigInt on overflow):

-        expect(model?.u64_value).toBe(18446744073709551615);
-        expect(model?.i64_value).toBe(-9223372036854775808);
-        expect(typeof model?.u64_value).toBe("number");
-        expect(typeof model?.i64_value).toBe("number");
+        expect(model?.u64_value).toBe(BigInt("18446744073709551615"));
+        expect(model?.i64_value).toBe(BigInt("-9223372036854775808"));
+        expect(typeof model?.u64_value).toBe("bigint");
+        expect(typeof model?.i64_value).toBe("bigint");

---

625-637: Gitleaks “Generic API Key” is likely a false positive.

These 0x-prefixed values (addresses/hashes) often trip Gitleaks. If CI blocks, add a targeted allowlist for these patterns in .gitleaks.toml rather than disabling the rule globally.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2ac7b98 and 5bbb749.

⛔ Files ignored due to path filters (3)

• examples/example-vite-react-pwa-recs/src/dojo/generated/setup.ts is excluded by !**/generated/**
• examples/example-vite-react-threejs-recs/src/dojo/generated/setup.ts is excluded by !**/generated/**
• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (51)

• .changeset/fifty-moons-film.md (1 hunks)
• .changeset/huge-paths-switch.md (1 hunks)
• .changeset/plenty-women-read.md (1 hunks)
• .changeset/pre.json (1 hunks)
• .changeset/smooth-dragons-write.md (1 hunks)
• .changeset/tiny-suns-read.md (1 hunks)
• examples/example-vanillajs-phaser-recs/src/dojo/setup.ts (1 hunks)
• examples/example-vite-react-app-recs/src/dojo/DojoContext.tsx (1 hunks)
• examples/example-vite-react-app-recs/src/dojo/setup.ts (1 hunks)
• examples/example-vite-react-phaser-recs/src/dojo/createBurner.ts (1 hunks)
• examples/example-vite-react-pwa-recs/src/dojo/DojoContext.tsx (1 hunks)
• examples/example-vite-react-threejs-recs/src/dojo/DojoContext.tsx (1 hunks)
• examples/example-vue-app-recs/src/utils/index.ts (2 hunks)
• packages/core/CHANGELOG.md (1 hunks)
• packages/core/package.json (1 hunks)
• packages/core/src/provider/DojoProvider.ts (3 hunks)
• packages/create-burner/CHANGELOG.md (15 hunks)
• packages/create-burner/package.json (1 hunks)
• packages/create-burner/src/manager/burnerManager.ts (6 hunks)
• packages/create-burner/src/manager/index.ts (1 hunks)
• packages/create-burner/src/manager/predeployedManager.ts (5 hunks)
• packages/create-burner/src/manager/setupBurnerManager.ts (1 hunks)
• packages/create-dojo/CHANGELOG.md (1 hunks)
• packages/create-dojo/package.json (1 hunks)
• packages/grpc/CHANGELOG.md (1 hunks)
• packages/grpc/package.json (1 hunks)
• packages/predeployed-connector/CHANGELOG.md (1 hunks)
• packages/predeployed-connector/package.json (2 hunks)
• packages/predeployed-connector/src/index.ts (3 hunks)
• packages/react/CHANGELOG.md (15 hunks)
• packages/react/package.json (1 hunks)
• packages/sdk/CHANGELOG.md (20 hunks)
• packages/sdk/package.json (1 hunks)
• packages/sdk/src/__tests__/parseEntities.test.ts (6 hunks)
• packages/sdk/src/__tests__/state.test.ts (1 hunks)
• packages/sdk/src/internal/parseEntities.ts (3 hunks)
• packages/sdk/src/web/state/zustand.ts (1 hunks)
• packages/state/CHANGELOG.md (15 hunks)
• packages/state/package.json (1 hunks)
• packages/torii-client/CHANGELOG.md (16 hunks)
• packages/torii-client/package.json (1 hunks)
• packages/torii-wasm/CHANGELOG.md (1 hunks)
• packages/torii-wasm/dojo.c (1 hunks)
• packages/torii-wasm/package.json (1 hunks)
• packages/utils-wasm/CHANGELOG.md (1 hunks)
• packages/utils-wasm/package.json (1 hunks)
• packages/utils/CHANGELOG.md (1 hunks)
• packages/utils/package.json (1 hunks)
• packages/utils/src/_test_/utils/index.test.ts (2 hunks)
• packages/utils/src/utils/index.ts (2 hunks)
• pnpm-workspace.yaml (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (6)

packages/utils/src/_test_/utils/index.test.ts (1)

packages/utils/src/utils/index.ts (1)

• getEntityIdFromKeys (274-282)

packages/create-burner/src/manager/predeployedManager.ts (1)

packages/create-burner/src/manager/index.ts (1)

• newAccount (9-21)

packages/sdk/src/__tests__/parseEntities.test.ts (1)

packages/sdk/src/internal/parseEntities.ts (1)

• parseEntities (14-63)

packages/create-burner/src/manager/setupBurnerManager.ts (1)

packages/create-burner/src/manager/index.ts (1)

• newAccount (9-21)

packages/create-burner/src/manager/burnerManager.ts (1)

packages/create-burner/src/manager/index.ts (1)

• newAccount (9-21)

packages/core/src/provider/DojoProvider.ts (1)

packages/core/src/utils/index.ts (1)

• getContractByName (13-21)

🪛 Gitleaks (8.27.2)

packages/sdk/src/__tests__/parseEntities.test.ts

[high] 481-481: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🔇 Additional comments (44)

packages/sdk/package.json (1)

3-3: SDK version bump LGTM; verify catalog pin for starknet.js.

Given peers list starknet: "catalog:", confirm the root catalog pin reflects the targeted starknet.js version and SDK builds/export paths still align with produced artifacts.

Reuse the catalog verification script from the create-burner comment to confirm pins and consumers.

packages/grpc/package.json (1)

3-3: Approve gRPC version bump and pnpm version alignment. Pnpm is set to [email protected] in both the root and packages/grpc/package.json, so no further changes needed.

packages/utils-wasm/package.json (1)

3-3: utils-wasm version bump OK.

No additional changes detected; publish files/sideEffects entries remain consistent.

packages/create-dojo/package.json (1)

3-3: create-dojo version bump OK.

Pre-release tag aligns with the rest of the workspace.

packages/core/package.json (1)

3-3: core version bump OK; confirm starknet catalog pin.

Core depends on starknet: "catalog:". Verify the root catalog is updated to the intended starknet.js version for this release.

Use the catalog verification script shared earlier.

packages/torii-client/package.json (1)

3-3: torii-client version bump OK.

No API surface or build changes in this file.

packages/utils/package.json (1)

3-3: utils version bump OK.

Matches the preview series; no other changes.

packages/torii-wasm/package.json (1)

3-3: Version bump to 1.7.0-preview.3 — OK

Metadata-only change. No concerns.

packages/react/package.json (1)

3-3: Version bump to 1.7.0-preview.4 — OK

No API surface changes here.

packages/predeployed-connector/package.json (2)

3-3: Version bump to 1.7.0-preview.3 — OK

---

69-69: Verify and align @starknet-io/types-js version in workspace catalog
Could not locate a central catalog file pinning this dependency to ^0.8; please confirm its path and version and update line 69 in packages/predeployed-connector/package.json accordingly.

packages/state/package.json (1)

3-3: Version bump to 1.7.0-preview.3 — OK

examples/example-vite-react-threejs-recs/src/dojo/DojoContext.tsx (1)

41-47: Switch to object-based Account constructor is correct for starknet.js v8

The new new Account({ provider, address, signer }) form matches v8 guidance; passing a private key as signer is supported. (starknetjs.com)

pnpm-workspace.yaml (1)

6-9: No legacy v7-style constructors detected — upgrade safe to merge
Scanned all .ts/.tsx files for positional new Account(…) or new Contract(…) calls; none found.

packages/sdk/src/__tests__/state.test.ts (1)

313-343: Immediate-resolution test for waitForEntityChange — OK

Good coverage for the pre-check path.

packages/create-dojo/CHANGELOG.md (1)

3-25: Changelog entries for 1.7.0-previews — OK

Entries reflect the multi-package bump and padding fixes.

.changeset/pre.json (1)

1-42: Confirm pre-release intent and changeset files exist

• Verify that .changeset contains markdown files for each slug: fifty-moons-film, huge-paths-switch, plenty-women-read, smooth-dragons-write, tiny-suns-read
• Confirm that using tag 1.7-rc with "mode": "exit" aligns with your release flow versus the existing 1.7.0-preview.* builds; adjust tag or mode as needed

packages/grpc/CHANGELOG.md (1)

3-25: Changelog entries look consistent with the release train.

No issues spotted.

examples/example-vite-react-app-recs/src/dojo/setup.ts (1)

58-62: Account constructor migration is correct for newer starknet.js.

Object-form new Account({ provider, address, signer }) is valid and supports passing a private key string as signer. (starknetjs.com)

packages/utils-wasm/CHANGELOG.md (1)

3-26: Changelog additions are consistent with other packages.

All good.

examples/example-vite-react-app-recs/src/dojo/DojoContext.tsx (1)

34-38: Account constructor switch looks good.

Matches the current object-based API; passing a private key as signer is supported. (starknetjs.com)

packages/torii-wasm/CHANGELOG.md (1)

3-25: Consistent with 1.7.0-preview. series.*

No concerns.

packages/state/CHANGELOG.md (1)

3-46: Changelog updates align with dependency bumps.

Looks correct.

examples/example-vite-react-phaser-recs/src/dojo/createBurner.ts (1)

13-17: Verify Account constructor options-object signature and signer type
Ensure that passing a raw private key string to signer is compatible with your targeted starknet.js version (it may require a KeyPair or Signer instance), and confirm whether cairoVersion must be explicitly set in the options.

packages/core/CHANGELOG.md (1)

3-25: Changelog entries LGTM.

Pre-release blocks read well and align with the repo-wide 1.7.0-preview.* story.

packages/predeployed-connector/CHANGELOG.md (1)

3-25: Changelog entries LGTM.

Consistent with other packages’ 1.7.0-preview.* entries.

packages/utils/src/utils/index.ts (1)

11-11: Verify addAddressPadding availability in the pinned starknet.js.

If the targeted version lacks this export, fall back to manual left-pad to 64 hex digits.

If needed, I can wire a local helper:

-import { type ByteArray, byteArray, addAddressPadding } from "starknet";
+import { type ByteArray, byteArray } from "starknet";
+
+const addAddressPadding = (hex: string) =>
+  "0x" + hex.replace(/^0x/, "").padStart(64, "0");

packages/torii-client/CHANGELOG.md (1)

3-46: Changelog entries look consistent with torii-wasm bumps.

No issues from a docs perspective.

Also applies to: 72-72, 80-80, 89-89, 97-97, 105-105, 118-118, 126-126, 134-134, 142-142, 150-150, 160-160, 168-168, 176-176, 186-186, 194-194, 202-202, 210-210, 218-218, 226-226, 234-234, 242-242, 250-250, 258-258, 270-270, 278-278, 286-286, 294-294, 306-306, 314-314

packages/create-burner/CHANGELOG.md (1)

3-46: Changelog is coherent with core version bumps.

Looks good.

Also applies to: 70-70, 78-78, 86-86, 94-94, 102-102, 116-116, 124-124, 132-132, 140-140, 149-149, 157-157, 165-165, 173-173, 181-181, 189-189, 197-197, 205-205, 213-213, 221-221, 229-229, 237-237, 245-245, 253-253, 261-261, 269-269, 277-277, 285-285, 293-293, 301-301

examples/example-vanillajs-phaser-recs/src/dojo/setup.ts (1)

73-76: No changes required for Account({ signer }) usage
Per Starknet.js v7 documentation, the Account constructor accepts a hex‐string private key in the signer field (e.g. new Account({ provider, address, signer: privateKey })) without needing a separate Signer instance. (starknetjs.com)

packages/sdk/CHANGELOG.md (1)

3-16: Manually verify and link issues #484 and #485.
Unable to auto-verify in this environment—please confirm these issue numbers exist in the repo and add proper GH issue links for traceability.

packages/react/CHANGELOG.md (1)

3-61: Changelog updates align with dependent package bumps.

All good.

packages/predeployed-connector/src/index.ts (2)

254-268: Verify .connect subtype return type
Confirm that WalletAccount.connect is declared with a this-based return type so that PredeployedWalletAccount.connect(…) yields a PredeployedWalletAccount. If not, add an explicit as PredeployedWalletAccount assertion at the call site.

---

73-80: Use the correct paymaster shape for starknet.js v7+
In v7+, Account/WalletAccount accepts a paymaster option that must be either a PaymasterRpc instance or a PaymasterOptions object with the following (all optional) fields:

• nodeUrl?: string
• default?: boolean
• headers?: object
• baseFetch?: (input: RequestInfo | URL, init?: RequestInit) => Promise<Response>
  Your existing paymaster: { nodeUrl: rpc } is valid. For full flexibility (e.g. custom headers or default selection), you can also pass new PaymasterRpc({ nodeUrl: rpc }). (starknetjs.com)

packages/sdk/src/web/state/zustand.ts (1)

313-318: Nice early-resolution path.

Good UX improvement; resolves immediately when predicate is already satisfied.

packages/create-burner/src/manager/predeployedManager.ts (1)

79-85: Centralizing Account construction via newAccount looks good.

Keeps construction consistent with starknet.js object-style API.

.changeset/fifty-moons-film.md (1)

6-11: Changeset content is clear.

Nice, concise explanation of the padding fix and impact areas.

packages/utils/src/_test_/utils/index.test.ts (1)

142-165: Solid coverage of padding invariants.

Good checks for length, format, large numbers, and zero with preserved leading zeros.

packages/create-burner/src/manager/burnerManager.ts (1)

141-147: Good centralization via newAccount.

Keeps construction uniform across the manager.

packages/sdk/src/internal/parseEntities.ts (1)

2-7: Could you share which starknet.js version this PR targets (npm package version or commit SHA)? That way I can confirm whether addAddressPadding is exported at the top level or needs to be imported from a utils submodule.

packages/create-burner/src/manager/setupBurnerManager.ts (1)

13-14: Validate Cairo version literal.

Ensure "1" matches the CairoVersion type used by newAccount and the starknet.js Account constructor for the bumped version.

packages/sdk/src/__tests__/parseEntities.test.ts (3)

151-152: LGTM: entityId padding expectation is correct.

Expecting 0x + 64-hex padding aligns with address normalization.

---

172-173: LGTM: consistent padding across entities.

---

353-410: LGTM: timestamp parsing from decimal strings.

Covers the common Torii shape where u64 timestamps arrive as strings.

[coderabbitai]

🛠️ Refactor suggestion

Explicitly set cairoVersion on Account to avoid defaults drift.

Passing only signer may default to a different Cairo/tx version under newer starknet.js. Safer to pin Cairo 1 for these examples.

Apply:

-            masterAccount: new Account({
-                provider: rpcProvider,
-                address: config.masterAddress,
-                signer: config.masterPrivateKey,
-            }),
+            masterAccount: new Account({
+                provider: rpcProvider,
+                address: config.masterAddress,
+                signer: config.masterPrivateKey,
+                cairoVersion: "1",
+            }),

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	burnerManager = new BurnerManager({
	masterAccount: new Account(
	rpcProvider,
	config.masterAddress,
	config.masterPrivateKey
	),
	masterAccount: new Account({
	provider: rpcProvider,
	address: config.masterAddress,
	signer: config.masterPrivateKey,
	}),
	feeTokenAddress: config.feeTokenAddress,
	burnerManager = new BurnerManager({
	masterAccount: new Account({
	provider: rpcProvider,
	address: config.masterAddress,
	signer: config.masterPrivateKey,
	cairoVersion: "1",
	}),
	feeTokenAddress: config.feeTokenAddress,

🤖 Prompt for AI Agents

In examples/example-vanillajs-phaser-recs/src/dojo/setup.ts around lines 79 to
85 the Account is created without an explicit cairoVersion which can drift with
newer starknet.js defaults; update the Account constructor to include
cairoVersion: "1" (or the appropriate pinned value) in its options so the
example consistently uses Cairo 1 and avoids future default changes.

[coderabbitai]

🛠️ Refactor suggestion

Pin Cairo 1 in Account constructor.

Avoid relying on library defaults; match the classHash you deploy.

-    const account = new Account({
-        provider,
-        address,
-        signer: burners[address].privateKey,
-    });
+    const account = new Account({
+        provider,
+        address,
+        signer: burners[address].privateKey,
+        cairoVersion: "1",
+    });

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const account = new Account({
	provider,
	address,
	burners[address].privateKey,
	"1"
	);
	signer: burners[address].privateKey,
	});
	return account;
	const account = new Account({
	provider,
	address,
	signer: burners[address].privateKey,
	cairoVersion: "1",
	});
	return account;

🤖 Prompt for AI Agents

In examples/example-vue-app-recs/src/utils/index.ts around lines 58 to 63, the
Account constructor relies on the library default for Cairo version which can
yield an unexpected classHash; explicitly pin Cairo 1 in the Account options
when constructing the Account (e.g., add the appropriate option to indicate
Cairo version = 1) so the Account uses the same classHash as your deployed
contract.

[coderabbitai]

🛠️ Refactor suggestion

Pin Cairo 1 for the newly created account as well.

-    const account = new Account({ provider, address, signer: privateKey });
+    const account = new Account({
+        provider,
+        address,
+        signer: privateKey,
+        cairoVersion: "1",
+    });

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const account = new Account({ provider, address, signer: privateKey });
	const account = new Account({
	provider,
	address,
	signer: privateKey,
	cairoVersion: "1",
	});

🤖 Prompt for AI Agents

In examples/example-vue-app-recs/src/utils/index.ts around line 82, the newly
constructed Account does not pin the Cairo version; update the Account
constructor options to explicitly pin Cairo 1 (e.g., add the cairoVersion: 1
option to the new Account({...}) call) so the new account uses Cairo 1
consistently with the rest of the app and adjust any types/imports if required.

[coderabbitai]

🛠️ Refactor suggestion

Good migration to object-style Contract ctor, but validate manifest early.

Guard against missing/invalid manifest/world before constructing the Contract to avoid runtime crashes.

 constructor(
-        manifest?: any,
+        manifest?: any,
         url: string = LOCAL_KATANA,
         logLevel: LogLevel = "none"
     ) {
-        super(manifest.world.address);
+        if (!manifest?.world?.address || !manifest?.world?.abi) {
+            throw new Error("DojoProvider: manifest.world.{address,abi} is required");
+        }
+        super(manifest.world.address);
         this.provider = new RpcProvider({
             nodeUrl: url,
         });
 
-        this.contract = new Contract({
+        this.contract = new Contract({
             abi: manifest.world.abi,
             address: this.getWorldAddress(),
             providerOrAccount: this.provider,
         });

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	this.contract = new Contract({
	abi: manifest.world.abi,
	address: this.getWorldAddress(),
	providerOrAccount: this.provider,
	});
	constructor(
	manifest?: any,
	url: string = LOCAL_KATANA,
	logLevel: LogLevel = "none"
	) {
	if (!manifest?.world?.address || !manifest?.world?.abi) {
	throw new Error("DojoProvider: manifest.world.{address,abi} is required");
	}
	super(manifest.world.address);
	this.provider = new RpcProvider({
	nodeUrl: url,
	});
	this.contract = new Contract({
	abi: manifest.world.abi,
	address: this.getWorldAddress(),
	providerOrAccount: this.provider,
	});
	// ...rest of constructor...
	}

🤖 Prompt for AI Agents

In packages/core/src/provider/DojoProvider.ts around lines 54 to 58, the code
constructs a new Contract using manifest.world without validating manifest or
manifest.world first; add an early validation step that checks manifest exists
and manifest.world (and its abi/address) are present and throw or return a clear
error if invalid, before calling new Contract, to prevent runtime crashes when
manifest data is missing or malformed.

[coderabbitai]

🛠️ Refactor suggestion

Handle missing contract metadata from manifest.

getContractByName can return undefined; add a guard to throw a clear error before constructing Contract.

-                const contractInfos = getContractByName(
+                const contractInfos = getContractByName(
                     this.manifest,
                     nameSpace,
                     call.contractName
                 );
-                const contract = new Contract({
+                if (!contractInfos?.abi || !contractInfos?.address) {
+                    throw new Error(
+                        `Contract metadata not found for ${nameSpace}-${call.contractName}`
+                    );
+                }
+                const contract = new Contract({
                     abi: contractInfos.abi,
                     address: contractInfos.address,
                     providerOrAccount: this.provider,
                 });

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const contractInfos = getContractByName(
	this.manifest,
	nameSpace,
	call.contractName
	);
	const contract = new Contract(
	contractInfos.abi,
	contractInfos.address,
	this.provider
	);
	const contract = new Contract({
	abi: contractInfos.abi,
	address: contractInfos.address,
	providerOrAccount: this.provider,
	});
	return await contract.call(
	const contractInfos = getContractByName(
	this.manifest,
	nameSpace,
	call.contractName
	);
	if (!contractInfos?.abi || !contractInfos?.address) {
	throw new Error(
	`Contract metadata not found for ${nameSpace}-${call.contractName}`
	);
	}
	const contract = new Contract({
	abi: contractInfos.abi,
	address: contractInfos.address,
	providerOrAccount: this.provider,
	});
	return await contract.call(

🤖 Prompt for AI Agents

In packages/core/src/provider/DojoProvider.ts around lines 219 to 229,
getContractByName can return undefined but code immediately uses contractInfos;
add a guard that checks if contractInfos is falsy and throw a descriptive error
(e.g. include manifest, namespace and contractName in message) before
constructing the Contract so we never pass undefined into new Contract; after
the guard you can safely use contractInfos.abi and contractInfos.address (or
narrow the type) and then proceed with contract.call.

[coderabbitai]

⚠️ Potential issue

Constructor args mismatch and wrong base used as provider.

PredeployedWalletAccount’s ctor takes (base, rpc) then uses base both as provider and walletProvider and reads base.account.address. If base is the wallet, provider becomes wrong; if base is the provider, address lookup breaks. Also, static connect below doesn’t pass rpc, so paymaster never gets set.

Refactor ctor to accept (provider, wallet, rpc) and add a static connect that threads rpc:

-class PredeployedWalletAccount extends WalletAccount {
-    private _inner: PredeployedWallet;
-    constructor(base: any, rpc: string) {
-        super({
-            provider: base,
-            walletProvider: base,
-            address: base.account.address,
-            cairoVersion: "1",
-            paymaster: { nodeUrl: rpc },
-        });
-        this._inner = base;
-    }
+class PredeployedWalletAccount extends WalletAccount {
+    private _inner: PredeployedWallet;
+    constructor(provider: ProviderInterface, wallet: PredeployedWallet, rpc: string) {
+        super({
+            provider,
+            walletProvider: wallet,
+            address: wallet?.account?.address,
+            cairoVersion: "1",
+            paymaster: { nodeUrl: rpc },
+        });
+        this._inner = wallet;
+    }
+    static connect(
+        provider: ProviderInterface,
+        wallet: PredeployedWallet,
+        rpc: string
+    ): PredeployedWalletAccount {
+        return new PredeployedWalletAccount(provider, wallet, rpc);
+    }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	super({
	provider: base,
	walletProvider: base,
	address: base.account.address,
	cairoVersion: "1",
	paymaster: { nodeUrl: rpc },
	});
	this._inner = base;
	class PredeployedWalletAccount extends WalletAccount {
	private _inner: PredeployedWallet;
	constructor(provider: ProviderInterface, wallet: PredeployedWallet, rpc: string) {
	super({
	provider,
	walletProvider: wallet,
	address: wallet?.account?.address,
	cairoVersion: "1",
	paymaster: { nodeUrl: rpc },
	});
	this._inner = wallet;
	}
	static connect(
	provider: ProviderInterface,
	wallet: PredeployedWallet,
	rpc: string
	): PredeployedWalletAccount {
	return new PredeployedWalletAccount(provider, wallet, rpc);
	}
	}

🤖 Prompt for AI Agents

In packages/predeployed-connector/src/index.ts around lines 73 to 80, the
constructor currently accepts (base, rpc) and incorrectly uses base for both
provider and walletProvider and reads base.account.address, which breaks
depending on whether base is a wallet or provider; also the static connect call
doesn’t forward rpc so paymaster is never set. Change the constructor signature
to (provider, wallet, rpc) and initialize super with provider as provider,
wallet as walletProvider, address from wallet.account.address, cairoVersion "1",
and paymaster { nodeUrl: rpc }; store the wallet/provider on this._inner
appropriately. Update the static connect to accept and pass rpc through to the
constructor so paymaster is configured.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Submodule bump: verify target SHA, CI config, and tagging

• Confirm fec412d0ade8a1a16ffa6a0cbe118cdbf3d644f0 is the intended release/tag for torii-wasm and compatible with the 1.7 line.
• Ensure actions/checkout (or equivalent) fetches submodules recursively; otherwise builds may break.
• If you want traceability, consider pinning to an annotated tag or setting .gitmodules branch tracking; raw SHAs are harder to audit.
• If torii-wasm exports any WASM ABI consumed elsewhere, double-check for breaking changes and bump dependent packages accordingly.

Run to validate the gitlink and CI readiness:

Optionally switch to tagged refs or set a branch in .gitmodules for easier tracking:

• Add/ensure: submodule..branch = release/1.7 (if appropriate)
• Or move to an annotated tag (e.g., v1.7.0-preview.X) rather than a bare SHA.

If helpful, I can scan the repo for consumers of torii-wasm artifacts to flag any ABI surface that might require version bumps.

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail
TARGET="packages/torii-wasm/dojo.c"
SHA="fec412d0ade8a1a16ffa6a0cbe118cdbf3d644f0"

echo "Gitlink entry:"
git ls-tree HEAD "$TARGET"

echo ".gitmodules (near path):"
grep -nA2 -B2 "$TARGET" .gitmodules || true
grep -nA2 -B2 "packages/torii-wasm" .gitmodules || true

echo "Submodule status:"
git submodule status -- "$TARGET" || true

echo "Verifying SHA in tree…"
git ls-tree HEAD "$TARGET" | awk -v want="$SHA" '$3==want {ok=1} END{exit(ok?0:1)}' && echo "OK: matches" || { echo "Mismatch"; exit 1; }

echo "Tip: In CI, set actions/checkout with: submodules: recursive, fetch-depth: 0."

Length of output: 763

---

Your submodule SHA is correctly set and the .gitmodules entry is present. Next, verify your CI workflows include submodule recursion:

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "Checking for actions/checkout in CI workflows:"
grep -R "uses: actions/checkout" -n .github/workflows || echo "-> No actions/checkout found"

echo
echo "Inspecting checkout settings for submodule recursion:"
grep -R -n -C1 "uses: actions/checkout" -n .github/workflows | grep -E "submodules:|fetch-depth:" || echo "-> No submodule fetch settings found"

Length of output: 484

---

Ensure CI checks out submodules recursively

• SHA fec412d0ade8a1a16ffa6a0cbe118cdbf3d644f0 is correct.
• In each actions/checkout@v4 step (.github/workflows/ci.yaml, create_release.yaml, docs.yaml, pr-title.yaml, release.yaml), add:

  with:
    submodules: recursive
    fetch-depth: 0

• Optionally, pin the submodule to an annotated tag or add
  submodule."packages/torii-wasm/dojo.c".branch = release/1.7
  in .gitmodules for better traceability.
• Double-check any downstream WASM ABI consumers for breaking changes.

🤖 Prompt for AI Agents

In packages/torii-wasm/dojo.c around lines 1-1: update the CI workflow steps
that use actions/checkout@v4 in .github/workflows/ci.yaml, create_release.yaml,
docs.yaml, pr-title.yaml, and release.yaml to include a with: block setting
submodules: recursive and fetch-depth: 0 so submodules are checked out fully;
optionally pin the submodule to an annotated tag or add
submodule."packages/torii-wasm/dojo.c".branch = release/1.7 to .gitmodules for
traceability; finally, verify downstream WASM ABI consumers for any breaking
changes after updating the submodule reference.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (14)

packages/predeployed-connector/CHANGELOG.md (5)

9-14: Polish entry: link commit, clarify identifier casing

• Link the commit and consider “entity IDs” (or backtick the identifier) for clarity.

Proposed edit:

-## 1.7.0-preview.3
+## 1.7.0-preview.3
@@
-- 10314f1: fix(sdk): ensure entityIds are properly padded
+- [10314f1](https://github.com/dojoengine/dojo.js/commit/10314f1): fix(sdk): ensure `entityIds` are properly padded

---

15-20: Strengthen change description and link commit

• “primitive parsing” is vague; add a short scope (which primitives? impact area) and link the commit.

Proposed edit:

-## 1.7.0-preview.2
+## 1.7.0-preview.2
@@
-- c9a750e: fix(sdk): primitive parsing
+- [c9a750e](https://github.com/dojoengine/dojo.js/commit/c9a750e): fix(sdk): primitive parsing (e.g., felt252/u256 decoding)

---

27-31: Be explicit about dependency and version; link commit

• Say “starknet.js” (matches prior entries) and include the target version or range; link the commit.

Proposed edit:

-## 1.7.0-preview.0
+## 1.7.0-preview.0
@@
-- 88cac6e: chore: bump starknet versions
+- [88cac6e](https://github.com/dojoengine/dojo.js/commit/88cac6e): chore: bump starknet.js version (to X.Y.Z)

---

3-8: Add release date and commit link to CHANGELOG entry
Version header “1.7.0-1.7-rc.4” is consistent across packages; retain it. Include the release date (2025-09-09) and link the commit for parity:

## 1.7.0-1.7-rc.4 (2025-09-09)

- 1a580dd: chore: bump minor version
+ [1a580dd](https://github.com/dojoengine/dojo.js/commit/1a580dd): chore: bump minor version

---

21-26: Link commit hash in CHANGELOG

In packages/predeployed-connector/CHANGELOG.md, update the entry:

- 4790942: chore: bump dojo.c version
+ [4790942](https://github.com/dojoengine/dojo.js/commit/4790942): chore: bump dojo.c version

packages/create-dojo/CHANGELOG.md (2)

3-8: Clarify RC notes for readers

“chore: bump minor version” is vague for a top entry. Add a short note that this package had no functional changes and the bump aligns with the 1.7 RC train.

 ## 1.7.0-1.7-rc.4

 ### Minor Changes

-- 1a580dd: chore: bump minor version
+- 1a580dd: chore: bump minor version
+- No functional changes in @dojoengine/create-dojo; version aligned with 1.7 RC prerelease cycle.

---

9-31: Keep package-scoped changelog language accurate and consistent

These preview notes reference SDK internals (“entityIds padding”, “primitive parsing”). To avoid implying code changes in this package, add a brief qualifier and fix the “entityIds” spelling to “entity IDs” for consistency with other files.

 ## 1.7.0-preview.3

 ### Minor Changes

-- 10314f1: fix(sdk): ensure entityIds are properly padded
+- 10314f1: fix(sdk): ensure entity IDs are properly padded
+  (No code changes in @dojoengine/create-dojo; prerelease version bump only.)

 ## 1.7.0-preview.2

 ### Minor Changes

 - c9a750e: fix(sdk): primitive parsing
+  (No code changes in @dojoengine/create-dojo; prerelease version bump only.)

packages/sdk/CHANGELOG.md (3)

21-27: Improve issue references and phrasing

Use the conventional “Resolves #NNN” form and make the sentence tighter.

 - This fixes the issue where `waitForEntityChange` would return `undefined` when using entity IDs from `getEntityIdFromKeys`
 - Entity IDs are now consistently padded whether they come from Torii or are generated manually
-- Resolves issues #484 and #485
+- Resolves #484, #485

---

31-36: Standardize wording: “entity IDs” (with space)

Earlier in this changelog you use “entity IDs”; align this entry to match.

- 10314f1: fix(sdk): ensure entityIds are properly padded
+ 10314f1: fix(sdk): ensure entity IDs are properly padded

---

3-16: Clarify mixed rc.4/rc.5 dependency bump
Under “Patch Changes”, append a note indicating that only utils advanced to rc.5:

 ### Patch Changes

 - Updated dependencies [1a580dd]
   - @dojoengine/[email protected]
   - @dojoengine/[email protected]
   - @dojoengine/[email protected]
   - @dojoengine/[email protected]
+  - Note: Only @dojoengine/utils was bumped to 1.7.0-1.7-rc.5; other internal deps remain at rc.4.

packages/react/CHANGELOG.md (4)

3-74: Tighten 1.7.x entries: add context, exact upstream version, and links.

• Add a one‑liner summarizing scope (e.g., “update starknet.js across workspace; no breaking changes”) to rc.5 and preview blocks.
• Specify the exact starknet.js version(s) bumped to avoid ambiguity.
• Link short SHAs to commits for traceability.

Apply pattern like:

-### Minor Changes
-- 1a580dd: chore: bump minor version
+### Minor Changes
+- [1a580dd](https://github.com/dojoengine/dojo.js/commit/1a580dd): chore: bump minor version

-### Minor Changes
-- 88cac6e: chore: bump starknet versions
+### Minor Changes
+- [88cac6e](https://github.com/dojoengine/dojo.js/commit/88cac6e): chore: bump starknet.js to vX.Y.Z

---

27-35: Standardize terminology and add cross‑refs for fixes.

• Prefer “entity IDs” (or backticked entityIds if it’s an identifier) for consistency.
• Add an issue/PR reference for the padding fix to aid consumers.

-- 10314f1: fix(sdk): ensure entityIds are properly padded
+- 10314f1: fix(sdk): ensure entity IDs are properly padded (#<issue-or-pr>)

---

3-74: Optionally add dates/compare links for new headings to match older sections.

Your older entries include dates/compare URLs; mirroring that for 1.7.* would improve consistency.

Example:

-## 1.7.0-1.7-rc.5
+## [1.7.0-1.7-rc.5](https://github.com/dojoengine/dojo.js/compare/v1.7.0-1.7-rc.4...v1.7.0-1.7-rc.5) (2025-08-05)

---

11-14: Alphabetize dependency bullets (optional).

Keeping dependency lists alphabetical (state, torii-client, utils) makes diffs easier to scan.

Also applies to: 31-34, 44-47, 57-60, 70-73

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1a580dd and be9601c.

📒 Files selected for processing (25)

• .changeset/pre.json (1 hunks)
• packages/core/CHANGELOG.md (1 hunks)
• packages/core/package.json (1 hunks)
• packages/create-burner/CHANGELOG.md (15 hunks)
• packages/create-burner/package.json (1 hunks)
• packages/create-dojo/CHANGELOG.md (1 hunks)
• packages/create-dojo/package.json (1 hunks)
• packages/grpc/CHANGELOG.md (1 hunks)
• packages/grpc/package.json (1 hunks)
• packages/predeployed-connector/CHANGELOG.md (1 hunks)
• packages/predeployed-connector/package.json (2 hunks)
• packages/react/CHANGELOG.md (15 hunks)
• packages/react/package.json (1 hunks)
• packages/sdk/CHANGELOG.md (20 hunks)
• packages/sdk/package.json (1 hunks)
• packages/state/CHANGELOG.md (15 hunks)
• packages/state/package.json (1 hunks)
• packages/torii-client/CHANGELOG.md (16 hunks)
• packages/torii-client/package.json (1 hunks)
• packages/torii-wasm/CHANGELOG.md (1 hunks)
• packages/torii-wasm/package.json (1 hunks)
• packages/utils-wasm/CHANGELOG.md (1 hunks)
• packages/utils-wasm/package.json (1 hunks)
• packages/utils/CHANGELOG.md (1 hunks)
• packages/utils/package.json (1 hunks)

✅ Files skipped from review due to trivial changes (2)

• packages/torii-wasm/CHANGELOG.md
• packages/torii-client/package.json

🚧 Files skipped from review as they are similar to previous changes (19)

• packages/utils-wasm/package.json
• packages/sdk/package.json
• packages/create-burner/package.json
• packages/grpc/package.json
• packages/create-dojo/package.json
• packages/torii-client/CHANGELOG.md
• packages/utils-wasm/CHANGELOG.md
• .changeset/pre.json
• packages/grpc/CHANGELOG.md
• packages/react/package.json
• packages/utils/CHANGELOG.md
• packages/create-burner/CHANGELOG.md
• packages/state/package.json
• packages/torii-wasm/package.json
• packages/core/CHANGELOG.md
• packages/state/CHANGELOG.md
• packages/predeployed-connector/package.json
• packages/core/package.json
• packages/utils/package.json

🔇 Additional comments (3)

packages/react/CHANGELOG.md (3)

64-74: Call out upstream impact of starknet bump.

If the starknet.js bump involves API changes or peer/engines constraints, note any migration steps or confirm “no breaking changes”.

Would you add a brief note here (or confirm none) about breaking changes introduced by the starknet.js version in this range?

---

3-74: Changelog-only delta looks fine.

Content is confined to documentation; no runtime risk.

---

3-74: Verify changelog version consistency — Ensure every dependency version listed under “Updated dependencies” in packages/react/CHANGELOG.md (RC 4, RC 5, preview 0–4) is also recorded in the matching package changelogs (packages/torii-client, packages/state, packages/utils).

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (4)

.github/workflows/release.yaml (4)

115-121: Hardcoding rc for release/ is fine; also normalize non-release tags to lowercase.*

Today SANITIZED_BRANCH can contain uppercase, leading to multiple prerelease lines for the “same” tag. Lowercase it to avoid ambiguity.

-              SANITIZED_BRANCH=$(echo "$CURRENT_BRANCH" | sed 's/[^a-zA-Z0-9-]/-/g')
-              echo "prerelease_tag=$SANITIZED_BRANCH" >> $GITHUB_OUTPUT
+              SANITIZED_BRANCH=$(echo "$CURRENT_BRANCH" | sed 's/[^a-zA-Z0-9-]/-/g' | tr '[:upper:]' '[:lower:]')
+              echo "prerelease_tag=$SANITIZED_BRANCH" >> $GITHUB_OUTPUT

---

174-174: Trim trailing whitespace (YAMLlint error).

There’s trailing space on Line 174; remove to satisfy linters.

-          
+

---

292-296: Include “switch prerelease tag” in dry-run summary.

Currently only “enter/exit” messages are shown; add the “switch” scenario for clarity.

           if [ "${{ steps.release-strategy.outputs.use_prerelease }}" == "true" ] && [ "${{ steps.check-prerelease.outputs.in_prerelease }}" == "false" ]; then
             echo "Would enter prerelease mode: ${{ steps.release-strategy.outputs.prerelease_tag }}"
           fi
+          if [ "${{ steps.release-strategy.outputs.use_prerelease }}" == "true" ] \
+             && [ "${{ steps.check-prerelease.outputs.in_prerelease }}" == "true" ] \
+             && [ "${{ steps.check-prerelease.outputs.current_tag }}" != "${{ steps.release-strategy.outputs.prerelease_tag }}" ]; then
+            echo "Would switch prerelease tag: ${{ steps.check-prerelease.outputs.current_tag }} -> ${{ steps.release-strategy.outputs.prerelease_tag }}"
+          fi

---

27-30: Set explicit permissions for tag pushes and workflow triggers.

Ensure the GITHUB_TOKEN can push tags and run workflows (some orgs default to read-only).

Add near the top-level:

permissions:
  contents: write
  actions: write
  packages: write

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between be9601c and 7cf9710.

📒 Files selected for processing (1)

• .github/workflows/release.yaml (3 hunks)

🧰 Additional context used

🪛 YAMLlint (1.37.1)

.github/workflows/release.yaml

[error] 174-174: trailing spaces

(trailing-spaces)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: release

🔇 Additional comments (1)

.github/workflows/release.yaml (1)

143-156: LGTM: robust prerelease state detection.

Node is available earlier; outputs are correctly guarded; safe in both modes.

[coderabbitai]

⚠️ Potential issue

Pre-exit commit may never be pushed when there are no changesets.

If .changeset/pre.json is removed here and later “check-changesets” finds none, subsequent commit/push steps (gated by has_changesets) won’t run, leaving the repo stuck locally out-of-sync.

Apply one of:

• Push immediately in this step (simple).
• Or move this exit step after “check-changesets” and ensure commit/push is unconditional.

Minimal inline fix (push immediately):

           if [ "${{ github.event.inputs.dry_run }}" != "true" ]; then
             pnpm changeset pre exit
             # Commit the pre.json removal
             git add .
             git commit -m "chore: exit prerelease mode" || true
+            # Ensure the exit is pushed even when there are no changesets
+            CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD)
+            git push origin "refs/heads/$CURRENT_BRANCH:refs/heads/$CURRENT_BRANCH"
           else
             echo "DRY RUN: Would exit prerelease mode"
           fi

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Exit prerelease mode if transitioning to normal release
	if: steps.check-prerelease.outputs.in_prerelease == 'true' && steps.release-strategy.outputs.use_prerelease == 'false'
	run: |
	echo "Exiting prerelease mode to perform normal release"
	if [ "${{ github.event.inputs.dry_run }}" != "true" ]; then
	pnpm changeset pre enter "$PRERELEASE_TAG"
	pnpm changeset pre exit
	# Commit the pre.json removal
	git add .
	git commit -m "chore: exit prerelease mode" || true
	else
	echo "DRY RUN: Would exit prerelease mode"
	fi
	- name: Exit prerelease mode if transitioning to normal release
	if: steps.check-prerelease.outputs.in_prerelease == 'true' && steps.release-strategy.outputs.use_prerelease == 'false'
	run: |
	echo "Exiting prerelease mode to perform normal release"
	if [ "${{ github.event.inputs.dry_run }}" != "true" ]; then
	pnpm changeset pre exit
	# Commit the pre.json removal
	git add .
	git commit -m "chore: exit prerelease mode" || true
	# Ensure the exit is pushed even when there are no changesets
	CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD)
	git push origin "refs/heads/$CURRENT_BRANCH:refs/heads/$CURRENT_BRANCH"
	else
	echo "DRY RUN: Would exit prerelease mode"
	fi

🤖 Prompt for AI Agents

.github/workflows/release.yaml lines 157-169: the workflow commits removal of
.changeset/pre.json but may never push that commit if later steps are skipped,
leaving the repo out-of-sync; after the local commit in the non-dry-run branch,
immediately push the commit to the remote (e.g., push the current HEAD to the
repository) so the prerelease-exit change is persisted regardless of whether
later “check-changesets” gated steps run.

[coderabbitai]

Actionable comments posted: 5

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

packages/predeployed-connector/src/index.ts (1)

254-267: Implement static connect in PredeployedWalletAccount and thread options.rpc

• In packages/predeployed-connector/src/index.ts, add a static connect(base: SignerOrProvider, inner: PredeployedWallet, rpc?: string) on PredeployedWalletAccount that instantiates the class with the given RPC.
• Update its call site (lines 254–267) to pass options.rpc:

             account: PredeployedWalletAccount.connect(
                 provider,
                 new PredeployedWallet(
                     `${id}-${idx}`,
                     `${name} ${idx}`,
                     new Account({
                         provider,
                         address: a.address,
                         signer: a.privateKey,
                         cairoVersion: "1",
                         transactionVersion: ETransactionVersion.V3,
                     })
-                )
+                ),
+                options.rpc
             ),

This prevents the runtime TypeError and preserves paymaster configuration.

packages/internal/src/__tests__/parseEntities.test.ts (1)

1-640: Align 64-bit conversions and add BigInt serialization

• parseEntities coerces u64/i64 to number but core types and generated gRPC schemas use bigint – pick one (all-bigint or all-number) and update parseEntities or the type mappings to match.
• Replace direct JSON.stringify calls (e.g. packages/state/src/zustand/zustand.ts:29, sdk/web/index.ts:79, node/index.ts:77, gRPC scripts) with a replacer that serializes BigInt (e.g. JSON.stringify(obj, (_, v) => typeof v === 'bigint' ? v.toString() : v)).
• Audit all consumers (state deduplication, cache utils, example apps) to handle number|bigint fields consistently.

♻️ Duplicate comments (3)

packages/core/src/provider/DojoProvider.ts (2)

54-58: Validate manifest.world before constructing Contract.
Still missing the early guard; prevents crashes when manifest is undefined or malformed.

-        this.contract = new Contract({
-            abi: manifest.world.abi,
-            address: this.getWorldAddress(),
-            providerOrAccount: this.provider,
-        });
+        const w = manifest?.world;
+        if (!w?.address || !w?.abi) {
+            throw new Error("DojoProvider: manifest.world.{address,abi} is required");
+        }
+        this.contract = new Contract({
+            abi: w.abi,
+            address: this.getWorldAddress(),
+            providerOrAccount: this.provider,
+        });

---

224-228: Guard against missing contract metadata from manifest.
getContractByName can return undefined; using its fields directly can throw.

-                const contract = new Contract({
+                if (!contractInfos?.abi || !contractInfos?.address) {
+                    throw new Error(
+                        `Contract metadata not found for ${nameSpace}-${call.contractName}`
+                    );
+                }
+                const contract = new Contract({
                     abi: contractInfos.abi,
                     address: contractInfos.address,
                     providerOrAccount: this.provider,
                 });

packages/predeployed-connector/src/index.ts (1)

73-80: Constructor uses same object as provider and wallet; address source ambiguous.
Passing base for both provider and walletProvider and reading base.account.address is brittle and type-unsafe.

Refactor ctor to accept (provider, wallet, rpc) and set fields explicitly; also keep an inner reference to the wallet:

-class PredeployedWalletAccount extends WalletAccount {
-    private _inner: PredeployedWallet;
-    constructor(base: any, rpc: string) {
-        super({
-            provider: base,
-            walletProvider: base,
-            address: base.account.address,
-            cairoVersion: "1",
-            paymaster: { nodeUrl: rpc },
-        });
-        this._inner = base;
-    }
+class PredeployedWalletAccount extends WalletAccount {
+    private _inner: PredeployedWallet;
+    constructor(provider: ProviderInterface, wallet: PredeployedWallet, rpc: string) {
+        super({
+            provider,
+            walletProvider: wallet,
+            address: wallet?.account?.address,
+            cairoVersion: "1",
+            paymaster: { nodeUrl: rpc },
+        });
+        this._inner = wallet;
+    }
+    static connect(
+        provider: ProviderInterface,
+        wallet: PredeployedWallet,
+        rpc: string
+    ): PredeployedWalletAccount {
+        return new PredeployedWalletAccount(provider, wallet, rpc);
+    }

🧹 Nitpick comments (9)

packages/create-burner/src/manager/predeployedManager.ts (1)

79-85: Unify tx semantics and avoid the magic Cairo version string.

• All call sites pass "1" and omit transactionVersion; elsewhere (predeployed-connector) Account is created with transactionVersion V3. This divergence can cause mixed tx versions.
• Also, "1" appears in four places.

Actions:

• Either thread transactionVersion through newAccount (preferred) or document why default is correct here.
• Hoist Cairo version to a constant or a private helper to avoid repetition.

Would you like me to update the factory to accept an optional transactionVersion (defaulting to ETransactionVersion.V3) and refactor these sites to use a private makeAccount(address, pk) helper?

Also applies to: 136-142, 150-156, 177-183

packages/internal/src/parseEntities.ts (2)

18-19: Remove the ts-ignore by tightening the type.

The local variable can be typed without suppression.

Apply:

-    // @ts-ignore
-    const result: ParsedEntity<T>[] = [];
+    const result: ParsedEntity<T>[] = [];

---

62-63: Return the array directly.

Object.values(result) is a no-op for arrays and allocates unnecessarily.

-    return Object.values(result);
+    return result;

packages/internal/src/__tests__/parseEntities.test.ts (1)

353-410: Guard against unsafe integer timestamps.

These examples are within safe bounds, but add explicit checks to prevent accidental regression to out-of-range values.

         expect(
             typeof res[0]?.models?.test_namespace?.TimestampModel?.created_at
         ).toBe("number");
+        expect(
+            Number.isSafeInteger(
+                res[0]?.models?.test_namespace?.TimestampModel?.created_at as number
+            )
+        ).toBe(true);
         expect(
             typeof res[0]?.models?.test_namespace?.TimestampModel?.updated_at
         ).toBe("number");
+        expect(
+            Number.isSafeInteger(
+                res[0]?.models?.test_namespace?.TimestampModel?.updated_at as number
+            )
+        ).toBe(true);
         expect(
             typeof res[0]?.models?.test_namespace?.TimestampModel?.expires_at
         ).toBe("number");
+        expect(
+            Number.isSafeInteger(
+                res[0]?.models?.test_namespace?.TimestampModel?.expires_at as number
+            )
+        ).toBe(true);

.changeset/tiny-suns-read.md (1)

16-16: Nit: unify terminology “entity IDs” vs “entityIds”

Changelogs elsewhere use “entity IDs.” Consider standardizing here for consistency.

-fix(sdk): ensure entityIds are properly padded
+fix(sdk): ensure entity IDs are properly padded

packages/sdk/CHANGELOG.md (1)

3-16: Clarify rationale for minor bump

“Minor Changes: chore: bump minor version” is vague. Briefly note what’s new for consumers (e.g., starknet.js compatibility, any API adjustments) or downgrade to patch if no new functionality.

-### Minor Changes
-
-- 1a580dd: chore: bump minor version
+### Minor Changes
+
+- 1a580dd: Align with starknet.js vX.Y.Z and internal deps; no API changes.

.changeset/fifty-moons-film.md (1)

6-11: Solid changeset; consider explicitly naming affected APIs

Optional: add a short note like “Affects getEntityIdFromKeys and waitForEntityChange consumers” so downstreams scanning changesets know what to test.

 - Entity IDs are now consistently padded whether they come from Torii or are generated manually
+- Affects consumers of `getEntityIdFromKeys` and `waitForEntityChange`; validate any code comparing entity IDs as raw hex.

packages/state/src/zustand/zustand.ts (1)

317-322: Avoid potential temporal-dead-zone read of timer and harden predicate handling

Declare timer before subscribing and guard clearTimeout. Wrap predicate to avoid leaking a subscription on exceptions.

-                            // Check current state immediately
-                            const currentEntity = get().entities[entityId];
-                            if (predicate(currentEntity)) {
-                                resolve(currentEntity);
-                                return;
-                            }
-
-                            const unsubscribe = useStore.subscribe((state) => {
-                                const entity = state.entities[entityId];
-                                if (predicate(entity)) {
-                                    clearTimeout(timer);
-                                    unsubscribe();
-                                    resolve(entity);
-                                }
-                            });
-
-                            const timer = setTimeout(() => {
+                            // Check current state immediately
+                            const currentEntity = get().entities[entityId];
+                            try {
+                                if (predicate(currentEntity)) {
+                                    resolve(currentEntity);
+                                    return;
+                                }
+                            } catch (e) {
+                                reject(e as Error);
+                                return;
+                            }
+
+                            let timer: ReturnType<typeof setTimeout> | undefined;
+                            const unsubscribe = useStore.subscribe((state) => {
+                                const entity = state.entities[entityId];
+                                let ok = false;
+                                try {
+                                    ok = predicate(entity);
+                                } catch (e) {
+                                    ok = false;
+                                    // reject and cleanup on predicate error
+                                    if (timer) clearTimeout(timer);
+                                    unsubscribe();
+                                    reject(e as Error);
+                                    return;
+                                }
+                                if (ok) {
+                                    if (timer) clearTimeout(timer);
+                                    unsubscribe();
+                                    resolve(entity);
+                                }
+                            });
+
+                            timer = setTimeout(() => {
                                 unsubscribe();
                                 reject(
                                     new Error(
                                         `waitForEntityChange: Timeout of ${timeout}ms exceeded`
                                     )
                                 );
                             }, timeout);

packages/state/src/__tests__/state.test.ts (1)

313-343: Nice coverage for immediate-resolution path

Test clearly proves the fast-path behavior and guards against regressions. Consider using a very small timeout (e.g., 10ms) to reduce flakiness if this ever regresses.

-                1000
+                10

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7cf9710 and 6d02265.

⛔ Files ignored due to path filters (3)

• examples/example-vite-react-pwa-recs/src/dojo/generated/setup.ts is excluded by !**/generated/**
• examples/example-vite-react-threejs-recs/src/dojo/generated/setup.ts is excluded by !**/generated/**
• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (52)

• .changeset/fifty-moons-film.md (1 hunks)
• .changeset/huge-paths-switch.md (1 hunks)
• .changeset/orange-points-prove.md (1 hunks)
• .changeset/plenty-women-read.md (1 hunks)
• .changeset/pre.json (1 hunks)
• .changeset/smooth-dragons-write.md (1 hunks)
• .changeset/tiny-suns-read.md (1 hunks)
• examples/example-vanillajs-phaser-recs/src/dojo/setup.ts (1 hunks)
• examples/example-vite-react-app-recs/src/dojo/DojoContext.tsx (1 hunks)
• examples/example-vite-react-app-recs/src/dojo/setup.ts (1 hunks)
• examples/example-vite-react-phaser-recs/src/dojo/createBurner.ts (1 hunks)
• examples/example-vite-react-pwa-recs/src/dojo/DojoContext.tsx (1 hunks)
• examples/example-vite-react-threejs-recs/src/dojo/DojoContext.tsx (1 hunks)
• examples/example-vue-app-recs/src/utils/index.ts (2 hunks)
• packages/core/CHANGELOG.md (1 hunks)
• packages/core/package.json (1 hunks)
• packages/core/src/provider/DojoProvider.ts (3 hunks)
• packages/create-burner/CHANGELOG.md (1 hunks)
• packages/create-burner/package.json (1 hunks)
• packages/create-burner/src/manager/burnerManager.ts (6 hunks)
• packages/create-burner/src/manager/index.ts (1 hunks)
• packages/create-burner/src/manager/predeployedManager.ts (5 hunks)
• packages/create-burner/src/manager/setupBurnerManager.ts (1 hunks)
• packages/create-dojo/CHANGELOG.md (1 hunks)
• packages/create-dojo/package.json (1 hunks)
• packages/grpc/CHANGELOG.md (1 hunks)
• packages/grpc/package.json (1 hunks)
• packages/internal/src/__tests__/parseEntities.test.ts (6 hunks)
• packages/internal/src/parseEntities.ts (3 hunks)
• packages/predeployed-connector/CHANGELOG.md (1 hunks)
• packages/predeployed-connector/package.json (2 hunks)
• packages/predeployed-connector/src/index.ts (3 hunks)
• packages/react/CHANGELOG.md (1 hunks)
• packages/react/package.json (1 hunks)
• packages/sdk/CHANGELOG.md (1 hunks)
• packages/sdk/package.json (1 hunks)
• packages/state/CHANGELOG.md (1 hunks)
• packages/state/package.json (1 hunks)
• packages/state/src/__tests__/state.test.ts (1 hunks)
• packages/state/src/zustand/zustand.ts (1 hunks)
• packages/torii-client/CHANGELOG.md (1 hunks)
• packages/torii-client/package.json (1 hunks)
• packages/torii-wasm/CHANGELOG.md (1 hunks)
• packages/torii-wasm/dojo.c (1 hunks)
• packages/torii-wasm/package.json (1 hunks)
• packages/utils-wasm/CHANGELOG.md (1 hunks)
• packages/utils-wasm/package.json (1 hunks)
• packages/utils/CHANGELOG.md (1 hunks)
• packages/utils/package.json (1 hunks)
• packages/utils/src/_test_/utils/index.test.ts (2 hunks)
• packages/utils/src/utils/index.ts (2 hunks)
• pnpm-workspace.yaml (1 hunks)

✅ Files skipped from review due to trivial changes (8)

• packages/create-dojo/package.json
• packages/torii-client/CHANGELOG.md
• packages/create-dojo/CHANGELOG.md
• packages/react/package.json
• packages/core/package.json
• packages/predeployed-connector/CHANGELOG.md
• packages/create-burner/CHANGELOG.md
• packages/grpc/CHANGELOG.md

🚧 Files skipped from review as they are similar to previous changes (34)

• packages/torii-wasm/dojo.c
• .changeset/pre.json
• .changeset/huge-paths-switch.md
• packages/torii-client/package.json
• packages/state/package.json
• examples/example-vite-react-app-recs/src/dojo/DojoContext.tsx
• .changeset/orange-points-prove.md
• packages/grpc/package.json
• packages/sdk/package.json
• packages/utils-wasm/package.json
• examples/example-vite-react-pwa-recs/src/dojo/DojoContext.tsx
• packages/create-burner/src/manager/burnerManager.ts
• examples/example-vite-react-app-recs/src/dojo/setup.ts
• packages/create-burner/package.json
• packages/create-burner/src/manager/setupBurnerManager.ts
• .changeset/plenty-women-read.md
• packages/utils/src/utils/index.ts
• packages/react/CHANGELOG.md
• packages/torii-wasm/package.json
• examples/example-vite-react-threejs-recs/src/dojo/DojoContext.tsx
• examples/example-vanillajs-phaser-recs/src/dojo/setup.ts
• pnpm-workspace.yaml
• examples/example-vite-react-phaser-recs/src/dojo/createBurner.ts
• packages/utils/src/test/utils/index.test.ts
• packages/utils/package.json
• packages/create-burner/src/manager/index.ts
• packages/torii-wasm/CHANGELOG.md
• packages/predeployed-connector/package.json
• packages/utils-wasm/CHANGELOG.md
• packages/state/CHANGELOG.md
• packages/core/CHANGELOG.md
• examples/example-vue-app-recs/src/utils/index.ts
• .changeset/smooth-dragons-write.md
• packages/utils/CHANGELOG.md

🧰 Additional context used

🧬 Code graph analysis (3)

packages/create-burner/src/manager/predeployedManager.ts (1)

packages/create-burner/src/manager/index.ts (1)

• newAccount (9-21)

packages/internal/src/__tests__/parseEntities.test.ts (1)

packages/internal/src/parseEntities.ts (1)

• parseEntities (14-63)

packages/core/src/provider/DojoProvider.ts (1)

packages/core/src/utils/index.ts (1)

• getContractByName (13-21)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: build-packages
• GitHub Check: build-examples
• GitHub Check: build

🔇 Additional comments (8)

packages/create-burner/src/manager/predeployedManager.ts (1)

2-2: Good move: centralizing Account construction via factory.
Importing and using newAccount improves consistency and future migrations.

packages/predeployed-connector/src/index.ts (1)

259-265: LGTM: move to object-style Account ctor with explicit V3.
Clearer and aligns with starknet.js updates.

packages/internal/src/parseEntities.ts (3)

2-7: Importing addAddressPadding is the right move for consistent IDs.

This aligns IDs across the SDK and removes downstream ambiguity. Looks good.

---

22-22: Good: pad entityId at the source.

Deriving entityId via addAddressPadding(entity.hashed_keys) is correct and prevents length inconsistencies.

---

135-139: LGTM: use BigInt for 128/256-bit ints.

This is the correct choice for i128/u128/u256 and matches expectations.

packages/internal/src/__tests__/parseEntities.test.ts (3)

151-152: LGTM: assertions reflect padded, 66-char entity IDs.

Matches addAddressPadding behavior and prevents inconsistent IDs.

Also applies to: 172-173

---

221-222: LGTM: 64-bit fields supplied as decimal strings in fixtures.

This aligns with Torii JSON shape and downstream parsing.

Also applies to: 281-282, 309-310

---

412-476: LGTM: padding tests cover unpadded, partially padded, and pre-padded IDs.

Solid coverage for the normalization path.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Validate semver bump levels across packages

Most entries are marked "minor" while the body calls out a fix. Confirm whether any user‑visible features or API changes justify minor bumps; otherwise prefer "patch" to avoid unnecessary version churn.

Run to list public API changes since last tag:

---

🏁 Script executed:

#!/bin/bash
git fetch --tags --quiet
last_tag=$(git tag --list | sort -V | tail -n1)
echo "Comparing against $last_tag"
rg -nP '^(export|public)\s' -g 'packages/**/src/**/*.ts' -C2

Length of output: 209241

---

Switch bumps from minor to patch
All this changeset contains are bug fixes with no new public APIs—update the version bumps in .changeset/tiny-suns-read.md (lines 2–13) from minor to patch.

🤖 Prompt for AI Agents

In .changeset/tiny-suns-read.md around lines 2 to 13, the package version bumps
are incorrectly set to "minor" but these changes are bug fixes only; change each
occurrence of "minor" to "patch" for the listed packages so the changeset
reflects patch-level releases.

[coderabbitai]

🛠️ Refactor suggestion

Update expectations for 64-bit extremes to avoid precision loss.

If parsePrimitive adopts “auto (number|bigint)” for i64/u64, the max/min cases should be BigInt. Keep small ints and timestamps as numbers.

Apply:

-        // u64 and i64 should be parsed from decimal strings to numbers
-        expect(model?.u64_value).toBe(18446744073709551615);
-        expect(model?.i64_value).toBe(-9223372036854775808);
-        expect(typeof model?.u64_value).toBe("number");
-        expect(typeof model?.i64_value).toBe("number");
+        // u64/i64 extremes promote to BigInt to preserve precision
+        expect(model?.u64_value).toBe(BigInt("18446744073709551615"));
+        expect(model?.i64_value).toBe(BigInt("-9223372036854775808"));
+        expect(typeof model?.u64_value).toBe("bigint");
+        expect(typeof model?.i64_value).toBe("bigint");

Optionally, add a second case verifying that in-range u64/i64 (e.g., "1734537235") parse as numbers.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	it("should parse all primitive types correctly according to Rust serialization", () => {
	const toriiResult: torii.Entity[] = [
	{
	hashed_keys: "0x1234567890abcdef",
	models: {
	"test-PrimitiveTypes": {
	// Small integers - come as JSON numbers
	u8_value: {
	type: "primitive",
	type_name: "u8",
	value: 255,
	key: false,
	},
	u16_value: {
	type: "primitive",
	type_name: "u16",
	value: 65535,
	key: false,
	},
	u32_value: {
	type: "primitive",
	type_name: "u32",
	value: 4294967295,
	key: false,
	},
	i8_value: {
	type: "primitive",
	type_name: "i8",
	value: -128,
	key: false,
	},
	i16_value: {
	type: "primitive",
	type_name: "i16",
	value: -32768,
	key: false,
	},
	i32_value: {
	type: "primitive",
	type_name: "i32",
	value: -2147483648,
	key: false,
	},
	bool_value: {
	type: "primitive",
	type_name: "bool",
	value: true,
	key: false,
	},
	// Large integers - come as decimal strings
	u64_value: {
	type: "primitive",
	type_name: "u64",
	value: "18446744073709551615",
	key: false,
	},
	i64_value: {
	type: "primitive",
	type_name: "i64",
	value: "-9223372036854775808",
	key: false,
	},
	u128_value: {
	type: "primitive",
	type_name: "u128",
	value: "340282366920938463463374607431768211455",
	key: false,
	},
	i128_value: {
	type: "primitive",
	type_name: "i128",
	value: "-170141183460469231731687303715884105728",
	key: false,
	},
	// u256 - comes as hex string
	u256_value: {
	type: "primitive",
	type_name: "u256",
	value: "0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
	key: false,
	},
	// Blockchain types - come as hex strings
	contract_address: {
	type: "primitive",
	type_name: "ContractAddress",
	value: "0x0127fd5f1fe78a71f8bcd1fec63e3fe2f0486b6ecd5c86a0466c3a21fa5cfcec",
	key: false,
	},
	class_hash: {
	type: "primitive",
	type_name: "ClassHash",
	value: "0x0000000000000000000000000000000000000000000000000000000000001234",
	key: false,
	},
	felt252_value: {
	type: "primitive",
	type_name: "felt252",
	value: "0x0000000000000000000000000000000000000000000000000000000000000042",
	key: false,
	},
	eth_address: {
	type: "primitive",
	type_name: "EthAddress",
	value: "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb7",
	key: false,
	},
	},
	},
	},
	];
	const res = parseEntities(toriiResult);
	const model = res[0]?.models?.test?.PrimitiveTypes;
	// Small integers should remain as numbers
	expect(model?.u8_value).toBe(255);
	expect(model?.u16_value).toBe(65535);
	expect(model?.u32_value).toBe(4294967295);
	expect(model?.i8_value).toBe(-128);
	expect(model?.i16_value).toBe(-32768);
	expect(model?.i32_value).toBe(-2147483648);
	expect(model?.bool_value).toBe(true);
	// u64 and i64 should be parsed from decimal strings to numbers
	expect(model?.u64_value).toBe(18446744073709551615);
	expect(model?.i64_value).toBe(-9223372036854775808);
	expect(typeof model?.u64_value).toBe("number");
	expect(typeof model?.i64_value).toBe("number");
	// u128 and i128 should be parsed from decimal strings to BigInt
	expect(model?.u128_value).toBe(
	BigInt("340282366920938463463374607431768211455")
	);
	expect(model?.i128_value).toBe(
	BigInt("-170141183460469231731687303715884105728")
	);
	expect(typeof model?.u128_value).toBe("bigint");
	expect(typeof model?.i128_value).toBe("bigint");
	// u256 should be parsed from hex string to BigInt
	expect(model?.u256_value).toBe(
	BigInt(
	"0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
	)
	);
	expect(typeof model?.u256_value).toBe("bigint");
	// Blockchain types should remain as hex strings
	expect(model?.contract_address).toBe(
	"0x0127fd5f1fe78a71f8bcd1fec63e3fe2f0486b6ecd5c86a0466c3a21fa5cfcec"
	);
	expect(model?.class_hash).toBe(
	"0x0000000000000000000000000000000000000000000000000000000000001234"
	);
	expect(model?.felt252_value).toBe(
	"0x0000000000000000000000000000000000000000000000000000000000000042"
	);
	expect(model?.eth_address).toBe(
	"0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb7"
	);
	});
	// u64/i64 extremes promote to BigInt to preserve precision
	expect(model?.u64_value).toBe(BigInt("18446744073709551615"));
	expect(model?.i64_value).toBe(BigInt("-9223372036854775808"));
	expect(typeof model?.u64_value).toBe("bigint");
	expect(typeof model?.i64_value).toBe("bigint");

🤖 Prompt for AI Agents

packages/internal/src/__tests__/parseEntities.test.ts lines 478-638: the test
currently expects the extreme 64-bit values (u64_value "18446744073709551615"
and i64_value "-9223372036854775808") to be JS numbers which will lose precision
if parsePrimitive uses an auto number|bigint strategy; update the assertions to
expect BigInt for those two extremes (use BigInt("...") equality and typeof
"bigint"), leave small integers and timestamps as numbers, and optionally add a
separate assertion case that an in-range u64/i64 string like "1734537235" parses
to a JS number with typeof "number".

[coderabbitai]

⚠️ Potential issue

Critical: 64-bit integers parsed as Number lose precision beyond 2^53−1.

u64/i64 values outside the safe integer range will be silently rounded (data integrity bug). Parse as BigInt when out-of-range (or always) to avoid corruption. This keeps timestamps (within range) as numbers but promotes extremes to bigint.

Apply:

-        case "u64":
-        case "i64":
-            return Number(value.value as string);
+        case "u64":
+            return parseInt64(value.value as string, false);
+        case "i64":
+            return parseInt64(value.value as string, true);

Add the helper (outside this switch):

function parseInt64(raw: string, _signed: boolean): number | bigint {
  // raw is decimal string per Torii
  const b = BigInt(raw);
  if (b <= BigInt(Number.MAX_SAFE_INTEGER) && b >= BigInt(Number.MIN_SAFE_INTEGER)) {
    return Number(b);
  }
  return b; // preserve full precision
}

Note: This introduces number|bigint at runtime for 64-bit fields. If you prefer strict types, consider an option (e.g., parse64As: "number" | "bigint" | "auto" with default "auto") and update types/docs accordingly.

🤖 Prompt for AI Agents

In packages/internal/src/parseEntities.ts around lines 131 to 134, u64/i64 are
being parsed with Number(...) which silently loses precision for values >
2^53-1; add a helper function parseInt64(raw: string, _signed: boolean): number
| bigint (placed outside the switch) that converts the decimal string to BigInt
and returns a Number only if it fits within
Number.MIN_SAFE_INTEGER..Number.MAX_SAFE_INTEGER, otherwise returns the BigInt,
then replace the current Number(value.value as string) return with a call to
parseInt64(value.value as string, type === "i64") so 64-bit integers preserve
precision (optionally later expose a parse64As option if strict typing is
required).

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Good detail; add links and keep terminology consistent

Consider auto-linking the referenced issues and standardizing wording.

-- Resolves issues #484 and #485
+- Resolves issues #484 and #485.

---

🏁 Script executed:

#!/bin/bash
# Verify that issues exist in this repo and are relevant
gh issue view 484 >/dev/null 2>&1 && echo "Issue #484 exists" || echo "Issue #484 missing"
gh issue view 485 >/dev/null 2>&1 && echo "Issue #485 exists" || echo "Issue #485 missing"

Length of output: 37

---

Update invalid GitHub issue references in CHANGELOG.md

In packages/sdk/CHANGELOG.md (lines 21–30), issue #484 and #485 do not exist; update to the correct issue numbers or remove that “Resolves issues #484 and #485” line.

🤖 Prompt for AI Agents

In packages/sdk/CHANGELOG.md around lines 21 to 30, the CHANGELOG references
non-existent GitHub issues "#484 and #485"; update that line to reference the
correct issue numbers or remove the "Resolves issues #484 and #485" sentence
entirely. Edit the file to either replace the incorrect issue references with
the actual issue IDs (or one accurate ID) or delete the resolves line, and run a
quick grep or local repo search to confirm no other CHANGELOG entries contain
invalid issue references before committing.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

package.json (1)

11-15: Optional: pin exact versions in catalog for release stability.

For a release branch, consider exact versions (no caret) to avoid unvetted minor bumps slipping into CI/publish.

Example:

-  "starknet": "^8.1.2",
-  "@starknet-react/core": "^5.0.1",
-  "@starknet-react/chains": "^5.0.1",
+  "starknet": "8.1.2",
+  "@starknet-react/core": "5.0.1",
+  "@starknet-react/chains": "5.0.1",

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6d02265 and d55d9fc.

⛔ Files ignored due to path filters (1)

• bun.lock is excluded by !**/*.lock

📒 Files selected for processing (1)

• package.json (1 hunks)

🔇 Additional comments (2)

package.json (2)

13-14: Audit @starknet-react v5 imports
Identified ~25 import sites across packages/ and examples/ (e.g. InjectedConnector in packages/predeployed-connector/src/index.ts, Connector in packages/create-burner, mainnet/jsonRpcProvider/StarknetConfig/voyager in Dojo template and examples, hooks like useAccount, useConnect, useDisconnect, useSendTransaction in various example apps). No CommonJS (require) imports found. Manually verify that all named exports and hook signatures match v5.0.1 to avoid type or runtime breaks.

---

11-11: Verify workspace starknet versions aligned to v8
Ensure no workspace package.json lists starknet ^7.x under dependencies/devDependencies/peerDependencies to prevent resolution/peer warnings.

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

package.json (1)

11-20: Replace legacy positional Account constructor calls in test mocks
In packages/create-burner/test/mocks/mocks.ts (around lines 12 and 35), update

new Account(
  new RpcProvider({ nodeUrl: LOCAL_KATANA })
)

to the v8 object-style API:

new Account({ provider: new RpcProvider({ nodeUrl: LOCAL_KATANA }) })

♻️ Duplicate comments (2)

packages/internal/src/__tests__/parseEntities.test.ts (1)

601-606: Use BigInt for 64-bit extremes to avoid precision loss.

JS numbers can’t precisely represent these extremes; promote to BigInt in expectations.

Apply:

-        // u64 and i64 should be parsed from decimal strings to numbers
-        expect(model?.u64_value).toBe(18446744073709551615);
-        expect(model?.i64_value).toBe(-9223372036854775808);
-        expect(typeof model?.u64_value).toBe("number");
-        expect(typeof model?.i64_value).toBe("number");
+        // u64/i64 extremes promote to BigInt to preserve precision
+        expect(model?.u64_value).toBe(BigInt("18446744073709551615"));
+        expect(model?.i64_value).toBe(BigInt("-9223372036854775808"));
+        expect(typeof model?.u64_value).toBe("bigint");
+        expect(typeof model?.i64_value).toBe("bigint");

packages/predeployed-connector/src/index.ts (1)

73-81: Constructor/provider mix-up, missing static connect, and paymaster not threaded.

• provider is set to the wallet object; walletProvider and provider must be distinct.
• static connect is used but not implemented here.
• rpc (paymaster) isn’t forwarded at the callsite; and the inner Account lacks paymaster.

Apply:

 class PredeployedWalletAccount extends WalletAccount {
     private _inner: PredeployedWallet;
-    constructor(base: any, rpc: string) {
-        super({
-            provider: base,
-            walletProvider: base,
-            address: base.account.address,
-            cairoVersion: "1",
-            paymaster: { nodeUrl: rpc },
-        });
-        this._inner = base;
-    }
+    constructor(provider: ProviderInterface, wallet: PredeployedWallet, rpc: string) {
+        super({
+            provider,
+            walletProvider: wallet,
+            address: wallet.account.address,
+            cairoVersion: "1",
+            paymaster: { nodeUrl: rpc },
+        });
+        this._inner = wallet;
+    }
+    static connect(
+        provider: ProviderInterface,
+        wallet: PredeployedWallet,
+        rpc: string
+    ): PredeployedWalletAccount {
+        return new PredeployedWalletAccount(provider, wallet, rpc);
+    }

-    constructor(
-        public id: string,
-        public name: string,
-        private account: AccountInterface
-    ) {
+    constructor(
+        public id: string,
+        public name: string,
+        public readonly account: AccountInterface
+    ) {

-            account: PredeployedWalletAccount.connect(
-                provider,
-                new PredeployedWallet(
-                    `${id}-${idx}`,
-                    `${name} ${idx}`,
-                    new Account({
-                        provider,
-                        address: a.address,
-                        signer: a.privateKey,
-                        cairoVersion: "1",
-                        transactionVersion: ETransactionVersion.V3,
-                    })
-                )
-            ),
+            account: PredeployedWalletAccount.connect(
+                provider,
+                new PredeployedWallet(
+                    `${id}-${idx}`,
+                    `${name} ${idx}`,
+                    new Account({
+                        provider,
+                        address: a.address,
+                        signer: a.privateKey,
+                        cairoVersion: "1",
+                        transactionVersion: ETransactionVersion.V3,
+                        paymaster: { nodeUrl: options.rpc },
+                    })
+                ),
+                options.rpc
+            ),

Also applies to: 251-268, 95-101

🧹 Nitpick comments (9)

packages/internal/src/__tests__/parseEntities.test.ts (4)

353-410: Add a boundary test around Number.MAX_SAFE_INTEGER.

Recommend a small case near 9_007_199_254_740_991 to detect accidental precision regressions for u64 timestamps.

You could append:

it("should keep u64 timestamps within safe JS range as numbers", () => {
  const toriiResult: torii.Entity[] = [{
    hashed_keys: "0x1",
    models: {
      "test_namespace-TimestampModel": {
        id: { type: "primitive", type_name: "u32", value: 2, key: true },
        created_at: { type: "primitive", type_name: "u64", value: "9007199254740991", key: false },
      },
    },
  }];
  const res = parseEntities(toriiResult);
  expect(res[0]?.models?.test_namespace?.TimestampModel?.created_at).toBe(9007199254740991);
  expect(typeof res[0]?.models?.test_namespace?.TimestampModel?.created_at).toBe("number");
});

---

412-476: Good coverage for entityId normalization; consider one more edge.

Optionally add a case for mixed-case hex or missing 0x (only if addAddressPadding supports it) to document behavior.

---

527-539: Add in-range 64-bit samples to assert number-return path.

This complements the BigInt-for-extremes assertion and documents the auto number|bigint contract.

Apply:

         // Large integers - come as decimal strings
         u64_value: {
           type: "primitive",
           type_name: "u64",
           value: "18446744073709551615",
           key: false,
         },
+        u64_small_value: {
+          type: "primitive",
+          type_name: "u64",
+          value: "1734537235",
+          key: false,
+        },
         i64_value: {
           type: "primitive",
           type_name: "i64",
           value: "-9223372036854775808",
           key: false,
         },
+        i64_small_value: {
+          type: "primitive",
+          type_name: "i64",
+          value: "-42",
+          key: false,
+        },

And append assertions (near the existing 64-bit checks):

+        expect(model?.u64_small_value).toBe(1734537235);
+        expect(typeof model?.u64_small_value).toBe("number");
+        expect(model?.i64_small_value).toBe(-42);
+        expect(typeof model?.i64_small_value).toBe("number");

---

481-481: Gitleaks false positive: annotate test fixture hex.

This short hex looks like a “generic API key” to scanners. Add an allow comment to prevent noise in CI.

Apply:

-                hashed_keys: "0x1234567890abcdef",
+                // gitleaks:allow test fixture hex, not a credential
+                hashed_keys: "0x1234567890abcdef",

examples/example-vite-token-balance/package.json (1)

16-17: Test build & flows with @cartridge/ v0.10.0; remove unused @cartridge/controller*
starknet-provider.tsx imports ControllerConnector from @cartridge/connector (no @cartridge/controller imports found) – drop or add its usage. Run local auth/connect and controller API workflows to confirm compatibility.

packages/create-burner/CHANGELOG.md (1)

3-57: Call out the newAccount factory in the changelog.

Since create-burner now exposes/uses newAccount(...), add a brief note under 1.7.0-1.7-rc.4 for easier discovery.

packages/predeployed-connector/src/index.ts (3)

138-147: Incorrect error message for wallet_requestChainId without account.

Message says wallet_deploymentData; should reflect the actual method or “Account not initialized.”

-                if (!this.account) {
-                    throw {
-                        code: 163,
-                        message: "An error occurred (UNKNOWN_ERROR)",
-                        data: "wallet_deploymentData not implemented",
-                    } as UNKNOWN_ERROR;
-                }
+                if (!this.account) {
+                    throw {
+                        code: 163,
+                        message: "An error occurred (UNKNOWN_ERROR)",
+                        data: "Account not initialized",
+                    } as UNKNOWN_ERROR;
+                }

---

164-171: Consider threading optional tx params and returning the receipt/hash.

Add support for nonce, version, maxFee/feeTokenAddress if present to align with starknet v8 execute; return structured result.

---

249-251: Avoid ts-ignore by exposing channel on the provider type.

Either widen ProviderInterface locally with an intersection or keep a narrow cast at the usage site.

-        // @ts-ignore
-        const res = await provider.channel.getPredeployedAccounts();
+        const res = await (provider as ProviderInterface & { channel: PredeployedAccountsChannel })
+            .channel.getPredeployedAccounts();

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d55d9fc and 7079692.

⛔ Files ignored due to path filters (3)

• bun.lock is excluded by !**/*.lock
• examples/example-vite-react-pwa-recs/src/dojo/generated/setup.ts is excluded by !**/generated/**
• examples/example-vite-react-threejs-recs/src/dojo/generated/setup.ts is excluded by !**/generated/**

📒 Files selected for processing (53)

• .changeset/fifty-moons-film.md (1 hunks)
• .changeset/huge-paths-switch.md (1 hunks)
• .changeset/orange-points-prove.md (1 hunks)
• .changeset/plenty-women-read.md (1 hunks)
• .changeset/pre.json (1 hunks)
• .changeset/smooth-dragons-write.md (1 hunks)
• .changeset/tiny-suns-read.md (1 hunks)
• examples/example-vanillajs-phaser-recs/src/dojo/setup.ts (1 hunks)
• examples/example-vite-react-app-recs/src/dojo/DojoContext.tsx (1 hunks)
• examples/example-vite-react-app-recs/src/dojo/setup.ts (1 hunks)
• examples/example-vite-react-phaser-recs/src/dojo/createBurner.ts (1 hunks)
• examples/example-vite-react-pwa-recs/src/dojo/DojoContext.tsx (1 hunks)
• examples/example-vite-react-threejs-recs/src/dojo/DojoContext.tsx (1 hunks)
• examples/example-vite-token-balance/package.json (1 hunks)
• examples/example-vue-app-recs/src/utils/index.ts (2 hunks)
• package.json (2 hunks)
• packages/core/CHANGELOG.md (1 hunks)
• packages/core/package.json (1 hunks)
• packages/core/src/provider/DojoProvider.ts (3 hunks)
• packages/create-burner/CHANGELOG.md (1 hunks)
• packages/create-burner/package.json (1 hunks)
• packages/create-burner/src/manager/burnerManager.ts (6 hunks)
• packages/create-burner/src/manager/index.ts (1 hunks)
• packages/create-burner/src/manager/predeployedManager.ts (5 hunks)
• packages/create-burner/src/manager/setupBurnerManager.ts (1 hunks)
• packages/create-dojo/CHANGELOG.md (1 hunks)
• packages/create-dojo/package.json (1 hunks)
• packages/grpc/CHANGELOG.md (1 hunks)
• packages/grpc/package.json (1 hunks)
• packages/internal/src/__tests__/parseEntities.test.ts (6 hunks)
• packages/internal/src/parseEntities.ts (3 hunks)
• packages/predeployed-connector/CHANGELOG.md (1 hunks)
• packages/predeployed-connector/package.json (4 hunks)
• packages/predeployed-connector/src/index.ts (7 hunks)
• packages/react/CHANGELOG.md (1 hunks)
• packages/react/package.json (1 hunks)
• packages/sdk/CHANGELOG.md (1 hunks)
• packages/sdk/package.json (1 hunks)
• packages/state/CHANGELOG.md (1 hunks)
• packages/state/package.json (1 hunks)
• packages/state/src/__tests__/state.test.ts (1 hunks)
• packages/state/src/zustand/zustand.ts (1 hunks)
• packages/torii-client/CHANGELOG.md (1 hunks)
• packages/torii-client/package.json (1 hunks)
• packages/torii-wasm/CHANGELOG.md (1 hunks)
• packages/torii-wasm/dojo.c (1 hunks)
• packages/torii-wasm/package.json (1 hunks)
• packages/utils-wasm/CHANGELOG.md (1 hunks)
• packages/utils-wasm/package.json (1 hunks)
• packages/utils/CHANGELOG.md (1 hunks)
• packages/utils/package.json (1 hunks)
• packages/utils/src/_test_/utils/index.test.ts (2 hunks)
• packages/utils/src/utils/index.ts (2 hunks)

✅ Files skipped from review due to trivial changes (2)

• .changeset/tiny-suns-read.md
• packages/core/package.json

🚧 Files skipped from review as they are similar to previous changes (45)

• packages/utils-wasm/package.json
• .changeset/plenty-women-read.md
• packages/torii-wasm/dojo.c
• packages/grpc/package.json
• packages/create-dojo/package.json
• packages/predeployed-connector/CHANGELOG.md
• packages/torii-wasm/package.json
• .changeset/orange-points-prove.md
• packages/create-burner/package.json
• packages/create-burner/src/manager/predeployedManager.ts
• packages/create-burner/src/manager/burnerManager.ts
• packages/sdk/package.json
• .changeset/huge-paths-switch.md
• examples/example-vue-app-recs/src/utils/index.ts
• packages/utils-wasm/CHANGELOG.md
• packages/create-burner/src/manager/index.ts
• .changeset/fifty-moons-film.md
• packages/torii-client/package.json
• packages/react/package.json
• packages/core/src/provider/DojoProvider.ts
• packages/grpc/CHANGELOG.md
• examples/example-vite-react-pwa-recs/src/dojo/DojoContext.tsx
• packages/utils/CHANGELOG.md
• packages/predeployed-connector/package.json
• .changeset/smooth-dragons-write.md
• examples/example-vite-react-app-recs/src/dojo/DojoContext.tsx
• packages/create-burner/src/manager/setupBurnerManager.ts
• packages/torii-client/CHANGELOG.md
• packages/state/src/zustand/zustand.ts
• examples/example-vite-react-threejs-recs/src/dojo/DojoContext.tsx
• packages/utils/src/utils/index.ts
• packages/core/CHANGELOG.md
• .changeset/pre.json
• packages/state/package.json
• packages/utils/src/test/utils/index.test.ts
• examples/example-vite-react-phaser-recs/src/dojo/createBurner.ts
• packages/torii-wasm/CHANGELOG.md
• packages/state/src/tests/state.test.ts
• packages/internal/src/parseEntities.ts
• packages/create-dojo/CHANGELOG.md
• examples/example-vanillajs-phaser-recs/src/dojo/setup.ts
• examples/example-vite-react-app-recs/src/dojo/setup.ts
• packages/state/CHANGELOG.md
• packages/react/CHANGELOG.md
• packages/sdk/CHANGELOG.md

🧰 Additional context used

🧬 Code graph analysis (1)

packages/internal/src/__tests__/parseEntities.test.ts (1)

packages/internal/src/parseEntities.ts (1)

• parseEntities (14-63)

🪛 Gitleaks (8.27.2)

packages/internal/src/__tests__/parseEntities.test.ts

[high] 481-481: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: build-packages
• GitHub Check: build-examples
• GitHub Check: build

🔇 Additional comments (4)

packages/internal/src/__tests__/parseEntities.test.ts (3)

151-152: Entity ID padding LGTM.

The expectations reflect 66-char 0x-prefixed IDs and align with addAddressPadding.

Also applies to: 172-173

---

221-221: Option parsed from decimal string to number — OK.

Expectation matches the new numeric parsing of u64 timestamps.

---

279-283: Timestamp fields as decimal strings — OK.

Values are within Number safe range; assertions look good.

Also applies to: 306-311

packages/utils/package.json (1)

3-3: Version bump looks fine.

No issues spotted with the prerelease tag and catalog-peered starknet.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

packages/create-burner/test/mocks/mocks.ts (1)

12-14: DRY: reuse a single RpcProvider instance.

Saves a couple of instantiations and keeps tests consistent.

-            provider: new RpcProvider({ nodeUrl: LOCAL_KATANA }),
+            provider,

Add once near the top of the factory/mocks:

const provider = new RpcProvider({ nodeUrl: LOCAL_KATANA });
// Also pass `rpcProvider: provider` at Line 19.

Also applies to: 19-20, 36-38

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7079692 and 11ac45a.

📒 Files selected for processing (2)

• packages/create-burner/test/mocks/mocks.ts (2 hunks)
• packages/state/src/__tests__/zustand-implementation.test.ts (0 hunks)

💤 Files with no reviewable changes (1)

• packages/state/src/tests/zustand-implementation.test.ts

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: build-examples
• GitHub Check: build-packages
• GitHub Check: build

🔇 Additional comments (3)

packages/create-burner/test/mocks/mocks.ts (3)

12-17: Migration to Account(options) looks correct.

The switch to the object-shaped constructor matches the new API and the supplied fields are sensible.

Also applies to: 36-41

---

18-18: accountClassHash is set to a private key — likely incorrect.

This should be the account contract class hash, not the prefunded private key. Please replace with the actual class hash used by BurnerManager deployments.

---

12-17: No changes needed for Account instantiation
The Account constructor in starknet.js accepts a string private key for signer and the cairoVersion field accepts "0" | "1", so the existing code is already correct.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (4)

packages/sdk/src/web/execute.ts (4)

110-114: Tiny style nit: use property shorthand.

 const contract = new Contract({
   abi: contractDef.abi as AbiItem[],
   address: contractDef.address,
-  providerOrAccount: providerOrAccount,
+  providerOrAccount,
 });

---

95-96: Consider widening the parameter type to accept Provider as well.

If read-only access is needed, allowing ProviderInterface | AccountInterface improves flexibility with the v8 API. (starknetjs.com)

-export function createWorldProxy<T extends readonly ContractDefinition[]>(
-    contractDefinitions: T,
-    providerOrAccount: AccountInterface
+export function createWorldProxy<T extends readonly ContractDefinition[]>(
+    contractDefinitions: T,
+    providerOrAccount: import("starknet").ProviderInterface | AccountInterface
 ): WorldContracts<T> {

---

23-24: u64 as number risks precision loss > 2^53−1; prefer bigint.

-    "core::integer::u64": number;
+    "core::integer::u64": bigint;

---

126-131: Add a fast guard for missing/undefined args to improve DX.

A quick check prevents cryptic errors from starknet.js when an input key is absent.

-                const inputs = functionAbi.inputs.map(
-                    (input) => args[input.name]
-                ) as any[];
+                const inputs = functionAbi.inputs.map((input) => {
+                    const v = (args as Record<string, unknown>)[input.name];
+                    if (v === undefined) {
+                        throw new Error(`Missing argument: ${functionAbi.name}(${input.name})`);
+                    }
+                    return v;
+                }) as any[];

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 11ac45a and 26e3383.

📒 Files selected for processing (1)

• packages/sdk/src/web/execute.ts (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: build-examples
• GitHub Check: build-packages
• GitHub Check: build

🔇 Additional comments (1)

packages/sdk/src/web/execute.ts (1)

110-114: Confirm Starknet.js ≥v8 and remove positional new Contract() calls
The object-based new Contract({ … }) signature requires Starknet.js v8+ and will break on v7 or earlier—verify all package manifests and lockfiles reference v8 or later, then grep for any remaining positional new Contract( invocations.