chore(frontend): DO NOT MERGE — simulate chain-fusion-signer failures#13146
Draft
sbpublic wants to merge 9 commits into
Draft
chore(frontend): DO NOT MERGE — simulate chain-fusion-signer failures#13146sbpublic wants to merge 9 commits into
sbpublic wants to merge 9 commits into
Conversation
Demo-only harness to reproduce the signer-unavailable toast (#13145) and the fallback error paths end-to-end — including the cfs_sign Plausible event (#13144), since the error is thrown from inside the tracked signer call — without a real backend cycles outage. A dev/test-only guard (LOCAL || STAGING, opt-in via query param or localStorage) makes signer.api.ts signing calls throw a chosen error: a payment error (low cycles), a generic InternalError, or a SigningError. Reads are left untouched so the wallet still loads. Not for merge. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…toast' into demo/frontend/simulate-cfs-sign-failures
…simulator Adds the 'allowance' mode (exhausted per-user ICRC-2 allowance) so the new sign.error.limit_reached message can be reproduced alongside payment/internal/ signing. Merged latest PR #13145 so the limit_reached path is present. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…toast' into demo/frontend/simulate-cfs-sign-failures
…toast' into demo/frontend/simulate-cfs-sign-failures
…toast' into demo/frontend/simulate-cfs-sign-failures
…toast' into demo/frontend/simulate-cfs-sign-failures
…nd/simulate-cfs-sign-failures
…nd/simulate-cfs-sign-failures
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
The signer-unavailable / per-user-limit toasts (#13145) and the
cfs_signevent (#13144) are normally only triggered by an actual chain-fusion-signer failure, which is hard to produce on demand. This adds a tiny, opt-in simulator so a reviewer can trigger each error path from the running app and confirm the UX + analytics behave as intended.Changes
src/frontend/src/lib/utils/signer-failure-simulator.utils.ts—simulateSignerFailureIfEnabled(), which throws a chosen error when opted in.src/frontend/src/lib/api/signer.api.ts— calls it at the start of each signing call (signTransaction,signBtc,sendBtc,signMessage,signPrehash,signWithSchnorr,genericSignWithEcdsa). Address/balance reads are intentionally left untouched so the wallet still loads.Because the error is thrown from inside the tracked signer call, it flows through the exact real path:
cfs_signis emitted (PR #13144) → the error propagates to the wizard/service catch → the toast logic (PR #13145) runs.Safety: only active when
LOCAL || STAGING(never on theicproduction build) and only when explicitly opted in. No production code path can reach it.How to reproduce
1. Enable a simulated signer failure
Pick a mode and set it one of two ways (the query param wins):
?simulate_signer_failure=<mode>to the app URL.<mode>paymentSignerCanisterPaymentError(InsufficientFunds, low cycles)sign.error.unavailabletoast — no rawLedger error: …textallowanceSignerCanisterPaymentError(LedgerWithdrawFromError → InsufficientAllowance)sign.error.limit_reachedtoastinternalInternalErrorsend.error.unexpected, with the raw error appended)signingSigningError2. Trigger a signing operation
With a mode enabled, do any of these — each routes through a wrapped
signer.api.tscall:mapSolanaErrorMsgfallback.)personal_sign/eth_sign/ a WC send (covers all chains via the centralexecute()wrapper).payment/allowancemodes.→
payment: the neutral "Signing is temporarily unavailable. Please try again shortly." message.→
allowance: the "You've reached your signing limit. Please try again shortly." message.→
internal/signing: the normal per-flow error toast.3. Confirm the genuine user errors are unchanged (no simulation needed)
These are caught before signing, so they don't need the simulator — just use the UI normally:
destination_address_invalidtoast.This demonstrates the PR #13145 guarantee: only the signer payment failures are rewritten; real user errors keep their specific messages.
4. (Optional) Observe the
cfs_signevent (PR #13144)With a mode enabled and a signing attempt made, the
cfs_signevent fires withevent_context=cfs,result_status=error, and a matchingevent_code+result_error_severityper mode:cfs_payment_failed_backend_out_of_cycles/blocker(payment),cfs_payment_failed_user_allowance_exhausted/major(allowance),cfs_generic_error/critical(internal/signing). Success emitsevent_code=success. Observe it via the Plausible dashboard on a build where analytics is enabled, or the outgoing network request.Tests
None — demo branch, not for merge.
prettier,eslint --max-warnings 0, andsvelte-check(no problems in the changed files) pass.🤖 Generated with Claude Code — model: Claude Opus 4.8 (claude-opus-4-8)