✨ app: provision alchemy rpc urls across lifi chains

[cruzdanilo]

---

Greptile Summary

replaces hardcoded optimism rpc url with dynamic provisioning across all lifi-supported evm chains by iterating through @account-kit/infra exports. adds preloadChains: false and async chain loading via config.loading to defer chain configuration until after the initial lifi setup.

• improves multi-chain support by automatically provisioning alchemy rpc urls for all chains in the @account-kit/infra package
• changes from synchronous to asynchronous chain loading pattern with config.loading promise
• critical issue: race condition at line 122 where configured = true is set before config.loading completes, which may cause subsequent function calls to proceed before chains are fully loaded

Confidence Score: 2/5

• this pr has a critical race condition that could cause runtime issues in production
• the race condition at line 122 where configured is set to true before the async config.loading promise completes could cause functions like getRoute, getAllTokens, and others to execute before chains are fully configured via config.setChains. this may lead to unpredictable behavior when lifi operations are called quickly after initialization.
• src/utils/lifi.ts requires attention for the race condition in ensureConfig function

Important Files Changed

Filename	Overview
src/utils/lifi.ts	dynamically provisions alchemy rpc urls across all lifi-supported chains by iterating through @account-kit/infra exports and adds async chain loading with preloadChains: false
.changeset/bright-llamas-provision.md	adds patch changeset documenting the lifi chain provisioning feature

_{Last reviewed commit: a3f82fa}

Summary by CodeRabbit

• Chores

  • Added a patch changelog entry for provisioning Alchemy RPC URLs across LiFi chains.

• Bug Fixes & Improvements

  • More reliable provisioning of Alchemy RPC endpoints across supported chains.
  • Dynamic, runtime discovery and asynchronous configuration of chains to reduce manual updates and report failures without interrupting the app.
  • Token preloading now avoids adding chain-specific extras on unrelated networks (extra token only fetched on Optimism).
  • Bridge token mappings limited to tokens that actually belong to each chain.

[changeset-bot]

🦋 Changeset detected

Latest commit: 3de6511

The changes in this PR will be included in the next version bump.

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Provisions Alchemy RPC URLs for LiFi by scanning @account-kit/infra exports, makes LiFi chain loading asynchronous to adjust MetaMask RPCs for configured chains, conditions token and balance preloads for Optimism/Exa, restricts bridge token mappings to per-chain tokens, and adds a changeset for a patch release.

Changes

Changeset

Layer / File(s)	Summary
Release Note .changeset/bright-llamas-provision.md	Adds a new changeset declaring a patch release for @exactly/mobile with message: "✨ provision alchemy rpc urls across lifi chains".

LiFi Configuration

Layer / File(s)	Summary
Imports / References src/utils/lifi.ts	Replaces named { optimism } import with namespace import * as infra, updating optimism references to infra.optimism.id.
Data Shape / rpcUrls Map src/utils/lifi.ts	Builds rpcUrls by iterating Object.values(infra) and extracting rpcUrls.alchemy.http (first) plus alchemyAPIKey; ensures rpcUrls[chain.id] uses publicClient.transport.alchemyRpcUrl.
Config Initialization / Async Loading src/utils/lifi.ts	Calls createLifiConfig with preloadChains: false; sets config.loading = getChains(...).then(...) to read config.get().rpcUrls, call config.setChains(...) clearing metamask.rpcUrls (set to []) only for chains that have configured rpcUrls, and report errors via reportError without throwing.
Token / Balance Preload src/utils/lifi.ts	Token preloading and balance augmentation now include the extra Exa token only when chain.id === infra.optimism.id; balances Promise.all skips Exa fetch when not on Optimism.
Bridge Sources / Token Mapping src/utils/lifi.ts	getBridgeSources now filters destinationTokens per chain so mappings include only tokens whose chainId matches the current chain id.
Wiring / Prefetch src/utils/lifi.ts	Await config.loading in chain/token query flows and prefetch lifiTokensOptions after configuration completes.
Tests / Documentation n/a	No tests or docs changed in this diff.

Sequence Diagram

sequenceDiagram
    participant App as Application
    participant Ensure as ensureConfig
    participant Infra as infra exports
    participant LiFi as createLifiConfig
    participant Loader as getChains / config.setChains
    participant MetaMask as MetaMask (metamask.rpcUrls)

    App->>Ensure: call ensureConfig()
    Ensure->>Infra: scan exports for { id, rpcUrls.alchemy.http }
    Infra-->>Ensure: return rpc URL candidates
    Ensure->>LiFi: createLifiConfig(..., preloadChains:false) with rpcUrls
    Ensure->>Loader: set config.loading -> getChains(...)
    Loader->>Loader: filter chains with rpcUrls
    Loader->>MetaMask: clear metamask.rpcUrls for those chains
    Loader->>LiFi: call config.setChains(...)
    Loader-->>Ensure: resolve (errors sent to reportError)
    Ensure-->>App: LiFi config ready

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• exactly/exa#994: Adjusts RPC construction to derive Alchemy HTTP URLs from @account-kit/infra and wire Alchemy RPCs into client/config flows.

Suggested labels

high

Suggested reviewers

• dieguezguille
• franm91

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: provisioning Alchemy RPC URLs across LiFi chains, which is the core objective of the PR.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch lifi

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello @cruzdanilo, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the application's ability to interact with various blockchain networks by implementing a dynamic system for provisioning Alchemy RPC URLs across all supported LiFi chains. This change improves the flexibility and scalability of the LiFi integration, ensuring that the application can automatically configure RPC endpoints for new or existing chains without manual updates, leading to a more robust and maintainable system.

Highlights

• Dynamic RPC URL Provisioning: Implemented a dynamic mechanism to provision Alchemy RPC URLs for all LiFi chains defined within the @account-kit/infra module, replacing previous hardcoded configurations.
• Refactored Chain Imports: Updated the import of chain configurations from @account-kit/infra to use a namespace import, facilitating broader and more flexible access to chain properties.
• Enhanced LiFi Configuration: Modified the LiFi configuration process to asynchronously fetch and set available chains, ensuring that RPC URLs are correctly configured for all supported chains.

Changelog

• .changeset/bright-llamas-provision.md
  • Added a new changeset file documenting the provisioning of Alchemy RPC URLs across LiFi chains.
• src/utils/lifi.ts
  • Updated the import of chain configurations from @account-kit/infra to use a namespace import.
  • Modified the lifiTokensOptions query to reflect the updated import path for optimism.id.
  • Refactored the ensureConfig function to dynamically generate and provision Alchemy RPC URLs for all detected LiFi chains, replacing hardcoded RPC configurations.
  • Introduced preloadChains: false and added logic to asynchronously fetch and configure available chains, improving the robustness of chain setup.

Activity

• No human activity has occurred on this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[greptile-apps]

_{2 files reviewed, 3 comments}

_{Edit Code Review Agent Settings | Greptile}

[gemini-code-assist]

Code Review

This pull request refactors the LiFi configuration to dynamically provision Alchemy RPC URLs for all supported EVM chains from @account-kit/infra, which is a good improvement over hardcoding them. However, a high-severity security vulnerability was identified: a hardcoded LiFi API key in src/utils/lifi.ts that must be externalized to an environment variable to prevent secret exposure. Additionally, two potential runtime errors were found in the new logic: a missing null check when iterating through infra chains and an unguarded spread of an optional property when modifying chain configurations, both of which could lead to crashes. The rest of the changes, including @lifi/sdk dependency modifications, do not appear to introduce new security risks and include beneficial validation enhancements.

[sentry]

Codecov Report

❌ Patch coverage is 0% with 25 lines in your changes missing coverage. Please review.
✅ Project coverage is 70.96%. Comparing base (e8055b7) to head (3de6511).
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
src/utils/lifi.ts	0.00%	25 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##           recover     #833      +/-   ##
===========================================
- Coverage    71.53%   70.96%   -0.58%     
===========================================
  Files          240      239       -1     
  Lines         9251     9260       +9     
  Branches      2973     2974       +1     
===========================================
- Hits          6618     6571      -47     
- Misses        2377     2422      +45     
- Partials       256      267      +11     

Flag	Coverage Δ
e2e	70.96% <0.00%> (-0.04%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 3

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3b2b810 and a3f82fa.

📒 Files selected for processing (2)

• .changeset/bright-llamas-provision.md
• src/utils/lifi.ts

[coderabbitai]

Actionable comments posted: 1

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 0604116d-d4d4-4362-8076-23f8a0e5d2aa

📥 Commits

Reviewing files that changed from the base of the PR and between 188e011 and c9e125d.

📒 Files selected for processing (2)

• .changeset/bright-llamas-provision.md
• src/utils/lifi.ts

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 92efd0dad6

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[devin-ai-integration]

Devin Review found 1 new potential issue.

View 10 additional findings in Devin Review.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (2)

src/utils/lifi.ts (2)

109-140: ⚠️ Potential issue | 🔴 Critical | 🏗️ Heavy lift

Await LiFi chain loading before marking config ready.

configured flips to true immediately after config.loading is assigned, so later calls can enter getQuote/getTokenBalancesByChain before config.setChains(...) has run. The failure path is also sticky: if getChains(...) rejects once, the catch logs it but leaves configured = true, so initialization is never retried.

Make ensureConfig() return the loading promise, await it at each caller, and clear the guard on failure.

♻️ Suggested direction

-let configured = false;
-function ensureConfig() {
-  if (configured || chain.testnet || chain.id === anvil.id) return;
+let loading: Promise<void> | undefined;
+function ensureConfig() {
+  if (chain.testnet || chain.id === anvil.id) return Promise.resolve();
+  if (loading) return loading;

   createLifiConfig({
     integrator: "exa_app",
     apiKey: "4bdb54aa-4f28-4c61-992a-a2fdc87b0a0b.251e33ad-ef5e-40cb-9b0f-52d634b99e8f",
     preloadChains: false,
     providers: [EVM({ getWalletClient: () => Promise.resolve(publicClient) })],
     rpcUrls: {
       // ...
     },
   });

-  config.loading = getChains({ chainTypes: [ChainType.EVM] })
+  loading = getChains({ chainTypes: [ChainType.EVM] })
     .then((availableChains) => {
       const rpcs = config.get().rpcUrls as Partial<Record<number, readonly string[]>>;
       config.setChains(
         availableChains.map((c) => (rpcs[c.id]?.length ? { ...c, metamask: { ...c.metamask, rpcUrls: [] } } : c)),
       );
       queryClient.setQueryData(lifiChainsOptions.queryKey, availableChains);
     })
     .catch((error: unknown) => {
+      loading = undefined;
       reportError(error);
     });
-  configured = true;
+  config.loading = loading;
   queryClient.prefetchQuery(lifiTokensOptions).catch(reportError);
+  return loading;
 }

-ensureConfig();
+await ensureConfig();

For `@lifi/sdk` 3.7.7, with createConfig({ preloadChains: false }) and a manually assigned config.loading promise, do getQuote() and getTokenBalancesByChain() wait for config.loading internally, or must callers await the loading promise / call setChains() first?

---

118-119: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Guard null before probing dynamic infra exports.

typeof null === "object", so the current check still allows null to reach "id" in item / "rpcUrls" in item and throws during initialization. Add a truthiness guard before the property checks.

🛡️ Minimal fix

-        if (typeof item !== "object" || !("id" in item) || !("rpcUrls" in item)) return result;
+        if (!item || typeof item !== "object" || !("id" in item) || !("rpcUrls" in item)) return result;

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 755c889d-01d5-4135-ba85-0852f6f7086d

📥 Commits

Reviewing files that changed from the base of the PR and between c9e125d and 92efd0d.

📒 Files selected for processing (2)

• .changeset/bright-llamas-provision.md
• src/utils/lifi.ts

[coderabbitai]

♻️ Duplicate comments (3)

src/utils/lifi.ts (3)

108-141: ⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

configured = true on failure permanently prevents chain retry for the session.

This was flagged in the previous review and remains unresolved.

When getChains rejects (transient network error on first load):

• The .catch() handler calls reportError and returns undefined, so config.loading resolves without config.setChains() ever being called.
• configured = true (line 139) is already set, so ensureConfig() is a no-op on every subsequent call.
• MetaMask rpcUrls are never cleared for Alchemy-configured chains for the remainder of the session, degrading routing quality.
• The user must fully reload the app to recover.

The SDK preloads chains during initialization; preloadChains: false is the flag to disable that and let you specify chains yourself — but that transfers the retry responsibility entirely to the caller.

The previous review proposed returning the loading promise from ensureConfig and resetting on failure; that approach remains the correct fix.

🛡️ Proposed fix

-let configured = false;
-function ensureConfig() {
-  if (configured || chain.testnet || chain.id === anvil.id) return;
+let loading: Promise<void> | undefined;
+function ensureConfig() {
+  if (loading || chain.testnet || chain.id === anvil.id) return loading;
   createLifiConfig({
     integrator: "exa_app",
     apiKey: "4bdb54aa-4f28-4c61-992a-a2fdc87b0a0b.251e33ad-ef5e-40cb-9b0f-52d634b99e8f",
     preloadChains: false,
     providers: [EVM({ getWalletClient: () => Promise.resolve(publicClient) })],
     rpcUrls: { /* ... */ },
   });
-  config.loading = getChains({ chainTypes: [ChainType.EVM] })
+  loading = getChains({ chainTypes: [ChainType.EVM] })
     .then((availableChains) => {
       const rpcs = config.get().rpcUrls as Partial<Record<number, readonly string[]>>;
       config.setChains(
         availableChains.map((c) => (rpcs[c.id]?.length ? { ...c, metamask: { ...c.metamask, rpcUrls: [] } } : c)),
       );
       queryClient.setQueryData(lifiChainsOptions.queryKey, availableChains);
     })
     .catch((error: unknown) => {
+      loading = undefined;
       reportError(error);
     });
-  configured = true;
+  config.loading = loading;
   queryClient.prefetchQuery(lifiTokensOptions).catch(reportError);
+  return loading;
 }

All call sites that need to await chain configuration should then await ensureConfig().

---

116-126: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Three unaddressed guards in rpcUrls construction.

The previous review flagged the null guard and alchemyRpcUrl issues; neither has been fixed:

1. Line 118 — null bypass: typeof null === "object", so null exports pass the typeof check and "id" in null throws TypeError. Add !item || before the typeof guard.

2. Line 122 — falsy alchemyAPIKey: When alchemyAPIKey is null/undefined/"", the template literal produces an invalid URL (e.g. "https://eth-mainnet.g.alchemy.com/v2/undefined"). Add an early exit when alchemyAPIKey is falsy — or gate the entire block, since the same condition already disables the alchemy transport in publicClient.ts.

3. Line 125 — alchemyRpcUrl can be undefined: When alchemyAPIKey is falsy, publicClient uses an http() transport that has no alchemyRpcUrl property, making [publicClient.transport.alchemyRpcUrl] evaluate to [undefined].

🛡️ Proposed fix

-    rpcUrls: {
-      ...Object.values(infra).reduce<Record<number, string[]>>((result, item) => {
-        if (typeof item !== "object" || !("id" in item) || !("rpcUrls" in item)) return result;
-        const c = item as { id: number; rpcUrls: { alchemy?: { http?: readonly string[] } } };
-        const url = c.rpcUrls.alchemy?.http?.[0];
-        if (!url) return result;
-        result[c.id] = [`${url}/${alchemyAPIKey}`];
-        return result;
-      }, {}),
-      [chain.id]: [publicClient.transport.alchemyRpcUrl],
-    },
+    rpcUrls: {
+      ...(alchemyAPIKey
+        ? Object.values(infra).reduce<Record<number, string[]>>((result, item) => {
+            if (!item || typeof item !== "object" || !("id" in item) || !("rpcUrls" in item)) return result;
+            const c = item as { id: number; rpcUrls: { alchemy?: { http?: readonly string[] } } };
+            const url = c.rpcUrls.alchemy?.http?.[0];
+            if (!url) return result;
+            result[c.id] = [`${url}/${alchemyAPIKey}`];
+            return result;
+          }, {})
+        : {}),
+      ...(publicClient.transport.alchemyRpcUrl
+        ? { [chain.id]: [publicClient.transport.alchemyRpcUrl] }
+        : {}),
+    },

---

406-408: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

tokensByChain only covers chain.id; all other bridge-source chains get undefined.

This was flagged in the previous review and remains unresolved. getBridgeSources populates balancesByChain for every chain where the wallet holds balances, and consumers iterate tokensByChain[id] for each of those chains. For any chain other than chain.id, the lookup returns undefined, breaking source-token selection across chains.

🛡️ Proposed fix

-  const tokensByChain: Record<number, Token[]> = {
-    [chain.id]: destinationTokens.filter((token) => (token.chainId as number) === chain.id),
-  };
+  const tokensByChain = Object.fromEntries(
+    supportedChains.map(({ id }) => [id, destinationTokens.filter((token) => (token.chainId as number) === id)]),
+  ) as Record<number, Token[]>;

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: add91936-d93a-4d45-be8f-b7435bdd9170

📥 Commits

Reviewing files that changed from the base of the PR and between 92efd0d and 39b6eb6.

📒 Files selected for processing (2)

• .changeset/bright-llamas-provision.md
• src/utils/lifi.ts

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 1e4c215e00

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 859664b2f5

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".