feat: wallet login and improved onboarding#1589
Open
joelorzet wants to merge 190 commits into
Open
Conversation
Stop swallowing the duplicate error in the Get Started launcher: log it and show the server's actual message instead of a generic toast, so a failed clone (e.g. no active organization, or a missing source workflow) is diagnosable instead of silently doing nothing.
Drive a shared rootGate atom from the homepage and read it in PersistentCanvas: on "/" the canvas is not rendered at all while the session and onboarding decision is pending or redirecting to the welcome flow. Gating the render (instead of overlaying the canvas) removes the canvas-then-welcome flash entirely, independent of stacking or SSR.
resolveSessionOrg returned no organization when a session had no active org yet (e.g. a brand-new signup whose active-org backfill has not landed), which made org-scoped writes like workflow duplicate 409 with "no active organization". Fall back to the caller's first non-deactivated membership so their own writes resolve an org, matching how onboarding recommendations already resolves one.
On signup, seed three example workflows into the new user's organization (non-anonymous only) so the app is not an empty canvas. Onboarding now opens the first one on the canvas when the wizard finishes, and the trio shows in the sidebar. Seeding is best-effort and never fails signup.
PR Environment DeployedYour PR environment has been deployed! Environment Details:
Components:
The environment will be automatically cleaned up when this PR is closed or merged. |
Restructure the sign-in surface into a single default view: a Google, GitHub, and Wallet button row, an OR divider, and the email + password form inline (no more Email button). Wallet reveals the wallet picker via an onWalletClick handoff. Signup, forgot-password, verify, and MFA flows are unchanged.
Replace AuthDialog's bespoke social/email/verify/MFA implementation with the shared SignInChoices surface, so every trigger (sidebar requireAuth nav, activity, use-template, accept-invite, add-connection, the device page) shows the same modal as the Connect button and welcome page. Preserves the exported open/tracking API (controlled mode, children trigger, setConnectPanelActive, isAuthFlowInProgress).
Drop the Connect-agent / Monitor / Yield tabs and the Contact-us / Take-a-tour footer. The launcher now shows one linear checklist -- Wallet ready, Connect your agent, Run your first workflow -- and the only tour entry is the guided tour button inside the Run-your-first-workflow step.
Render the launcher inside the navigation sidebar, just above the Discord/Documentation divider, instead of a floating bottom-corner pill. The pill sits in-flow (icon-only when the sidebar is collapsed) and the expanded card floats up from it, opening and closing from the bottom-left corner.
Remove Take a tour and Contact support from the account dropdown, and move Getting started down into the section directly above Logout (where Take a tour was).
Drop the mandatory org API key and the bearer header; every client connects over MCP with browser OAuth. Group the setup into Agents (Claude Code, Claude Desktop, OpenClaw, Codex, Gemini CLI, Goose, other) and Plugins (Claude, Hermes, Eve), each with the real brand icon. Replace the API-keys preview with copyable example workflow prompts (green check on copy).
Use a translucent bg-muted/20 tab list in the connect-agent setup instead of the solid gray box, and swap Goose and Gemini CLI so the grid wraps cleanly.
…erience # Conflicts: # components/organization/manage-orgs-modal.tsx # drizzle/meta/_journal.json
PR Environment Deployment FailedThe PR environment deployment encountered an error. Please check the workflow logs for details. Common issues:
|
… complete connect-agent on open
…erience # Conflicts: # lib/auth.ts
PR Environment DeployedYour PR environment has been deployed! Environment Details:
Components:
The environment will be automatically cleaned up when this PR is closed or merged. |
PR Environment DeployedYour PR environment has been deployed! Environment Details:
Components:
The environment will be automatically cleaned up when this PR is closed or merged. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Turns the anonymous-first canvas into a real onboarding experience: a welcome / sign-in page for logged-out visitors, Sign-In With Ethereum (SIWE) wallet login alongside email and social, a post-signup setup wizard, and an in-app "connect your AI agent" flow that uses browser sign-in (OAuth) instead of API keys.
Sign-in and wallet login
/welcomelanding and the in-app modal: Google and GitHub, an email + password form, and a "Wallet" option that reveals the EIP-6963 wallet picker (MetaMask, Brave, Rabby, Coinbase, and so on, each with its own icon). TOTP-enrolled users get an MFA step-up dialog inline.siweplugin, verified offline with viem. The signature is the auth factor: wallet sessions are minted MFA-satisfied and the proxy exempts wallet users from the mandatory-TOTP gate (unless their org enforces MFA). Wallet accounts get a generated human-readable handle, never a raw0xaddress, and a first-login rename dialog persists it.Welcome landing and session gating
/welcome(at the proxy and the root client gate) instead of the bare canvas. An "Explore without signing in" escape hatch keeps the anonymous-first path: it mints an anonymous session, drops into the canvas, and does not re-wall on reload.Onboarding wizard
Getting-started launcher
MFA
Database
wallet_addresstable,users.display_name_confirmed,users.onboarding_completed, plus step-up-policy and org-MFA-enforcement tables, with migrations.Tests
/welcomesign-in landing.