@oxyhq/services 10.2.10 → 10.3.0

package/src/ui/components/StepBasedScreen.tsx

@@ -13,20 +13,31 @@ import Animated, {
 } from 'react-native-reanimated';
 import { useTheme } from '@oxyhq/bloom/theme';
 import type { ThemeColors } from '@oxyhq/bloom/theme';
+import type { OxyServices } from '@oxyhq/core';
 import { createAuthStyles } from '../styles/authStyles';
 import type { BaseScreenProps, StepController } from '../types/navigation';
-import type { RouteName } from '../types/navigation';
+import type { RouteName } from '../navigation/routes';
 import { screenContentStyle } from '../constants/spacing';
 import { useSafeAreaInsets } from 'react-native-safe-area-context';
 
-/** Style map type used throughout step-based screens */
-// biome-ignore lint/suspicious/noExplicitAny: styles object contains mixed ViewStyle/TextStyle with platform-specific properties
-type StepStyles = Record<string, any>;
+type StepStyles = Record<string, unknown> & {
+    stepContainer: ViewStyle;
+    progressContainer: ViewStyle;
+    progressDot: ViewStyle;
+};
+type StepComponentProps = BaseScreenProps & Record<string, unknown>;
+
+function isVoidCallback(value: unknown): value is () => void {
+    return typeof value === 'function';
+}
+
+function isAuthenticatedCallback(value: unknown): value is (payload?: unknown) => void {
+    return typeof value === 'function';
+}
 
 export interface StepConfig {
     id: string;
-    // biome-ignore lint/suspicious/noExplicitAny: step components accept varying props that cannot be statically typed
-    component: React.ComponentType<any>;
+    component: React.ComponentType<StepComponentProps>;
     props?: Record<string, unknown>;
     canProceed?: (stepData?: unknown) => boolean;
     onEnter?: () => void;
@@ -42,8 +53,7 @@ export interface StepBasedScreenProps extends Omit<BaseScreenProps, 'navigate'>
     onComplete?: (stepData: unknown[]) => void;
     stepData?: unknown[];
     navigate: (screen: RouteName, props?: Record<string, unknown>) => void;
-    // biome-ignore lint/suspicious/noExplicitAny: OxyServices type cannot be fully resolved due to mixin composition pattern
-    oxyServices: any;
+    oxyServices: OxyServices;
     getNavigationProps?: () => Record<string, unknown>;
 }
 
@@ -153,7 +163,7 @@ const StepBasedScreen: React.FC<StepBasedScreenProps> = ({
         secondaryText: colors.textSecondary,
     }), [colors]);
     const insets = useSafeAreaInsets();
-    const styles = useMemo(() => ({
+    const styles = useMemo<StepStyles>(() => ({
         ...createAuthStyles(authColors, themeString),
         // Additional styles for step components
         modernHeader: {
@@ -222,7 +232,7 @@ const StepBasedScreen: React.FC<StepBasedScreenProps> = ({
         },
         progressContainer: {
             flexDirection: 'row' as const,
-            width: '100%',
+            width: '100%' as const,
             justifyContent: 'center' as const,
             marginTop: 24, // Space for bottom sheet handle (~20px) + small buffer
             marginBottom: 0, // BottomSheet handles all bottom spacing
@@ -410,15 +420,26 @@ const StepBasedScreen: React.FC<StepBasedScreenProps> = ({
         [currentStep, updateStepData]
     );
 
-    const stepProps = useMemo(() => ({
+    const normalizedTheme = typeof theme === 'string' ? theme : undefined;
+    const normalizedGoBack = isVoidCallback(goBack) ? goBack : undefined;
+    const normalizedOnAuthenticated = isAuthenticatedCallback(onAuthenticated) ? onAuthenticated : undefined;
+
+    const baseStepProps = useMemo<BaseScreenProps>(() => ({
+        theme: normalizedTheme,
+        navigate,
+        goBack: normalizedGoBack,
+        onAuthenticated: normalizedOnAuthenticated,
+    }), [normalizedTheme, navigate, normalizedGoBack, normalizedOnAuthenticated]);
+
+    const stepProps = useMemo<StepComponentProps>(() => ({
         ...currentStepConfig?.props,
+        // Step data - spread before base props so navigation/auth props remain stable.
+        ...(state.stepData[currentStep] as Record<string, unknown> | undefined),
+
         // Common props
+        ...baseStepProps,
         colors,
         styles,
-        theme,
-        navigate,
-        goBack,
-        onAuthenticated,
         oxyServices,
 
         // Step navigation
@@ -428,20 +449,14 @@ const StepBasedScreen: React.FC<StepBasedScreenProps> = ({
         currentStep: currentStep,
         totalSteps: steps.length,
 
-        // Step data - spread the step data properties directly as props
-        ...(state.stepData[currentStep] as Record<string, unknown> | undefined),
-
         // Step data management
         updateStepData: updateCurrentStepData,
         allStepData: state.stepData,
     }), [
         currentStepConfig?.props,
+        baseStepProps,
         colors,
         styles,
-        theme,
-        navigate,
-        goBack,
-        onAuthenticated,
         oxyServices,
         nextStep,
         prevStep,

package/src/ui/context/hooks/useAuthOperations.ts

@@ -11,11 +11,6 @@ import { SignatureService } from '@oxyhq/core';
 import { isWebBrowser } from '../../hooks/useWebSSO';
 import { clearActiveAuthuser, clearSsoBounceState } from '../../utils/activeAuthuser';
 
-/** Type guard for error objects with optional code and status properties */
-function isErrorWithCodeOrStatus(error: unknown): error is { code?: string; status?: number; message?: string } {
-  return typeof error === 'object' && error !== null;
-}
-
 export interface UseAuthOperationsOptions {
   oxyServices: OxyServices;
   storage: StorageInterface | null;
@@ -55,7 +50,6 @@ const LOGOUT_ALL_ERROR_CODE = 'LOGOUT_ALL_ERROR';
  */
 export const useAuthOperations = ({
   oxyServices,
-  storage,
   sessions,
   activeSessionId,
   setActiveSessionId,
@@ -77,7 +71,7 @@ export const useAuthOperations = ({
   sessionsRef.current = sessions;
 
   /**
-   * Internal function to perform challenge-response sign in (works offline)
+   * Internal function to perform challenge-response sign in.
    */
   const performSignIn = useCallback(
     async (publicKey: string): Promise<User> => {
@@ -86,36 +80,8 @@ export const useAuthOperations = ({
       const deviceInfo = await DeviceManager.getDeviceInfo();
       const deviceName = deviceInfo.deviceName || DeviceManager.getDefaultDeviceName();
 
-      let challenge: string;
-      let isOffline = false;
-
-      // Try to request challenge from server (online)
-      try {
-        const challengeResponse = await oxyServices.requestChallenge(publicKey);
-        challenge = challengeResponse.challenge;
-      } catch (error) {
-        // Network error - generate challenge locally for offline sign-in
-        const errorMessage = error instanceof Error ? error.message : String(error);
-        const isNetworkError = 
-          errorMessage.includes('Network') ||
-          errorMessage.includes('network') ||
-          errorMessage.includes('Failed to fetch') ||
-          errorMessage.includes('fetch failed') ||
-          (isErrorWithCodeOrStatus(error) && error.code === 'NETWORK_ERROR') ||
-          (isErrorWithCodeOrStatus(error) && error.status === 0);
-
-        if (isNetworkError) {
-          if (__DEV__ && logger) {
-            logger('Network unavailable, performing offline sign-in');
-          }
-          // Generate challenge locally
-          challenge = await SignatureService.generateChallenge();
-          isOffline = true;
-        } else {
-          // Re-throw non-network errors
-          throw error;
-        }
-      }
+      const challengeResponse = await oxyServices.requestChallenge(publicKey);
+      const challenge = challengeResponse.challenge;
 
       // Note: Biometric authentication check should be handled by the app layer
       // (e.g., accounts app) before calling signIn. The biometric preference is stored
@@ -127,123 +93,65 @@ export const useAuthOperations = ({
       let fullUser: User;
       let sessionResponse: SessionLoginResponse;
 
-      if (isOffline) {
-        // Offline sign-in: create local session and minimal user object
-        if (__DEV__ && logger) {
-          logger('Creating offline session');
-        }
-
-        // Generate a local session ID using cryptographically secure randomness
-        const Crypto = await import('expo-crypto');
-        const localSessionId = `offline_${Crypto.randomUUID()}`;
-        const localDeviceId = `device_${Crypto.randomUUID()}`;
-        const expiresAt = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000).toISOString(); // 7 days
-
-        // Create minimal user object with publicKey as id
-        fullUser = {
-          id: publicKey, // Use publicKey as id (per migration document)
-          publicKey,
-          username: '',
-          privacySettings: {},
-        } as User;
-
-        sessionResponse = {
-          sessionId: localSessionId,
-          deviceId: localDeviceId,
-          expiresAt,
-          user: {
-            id: publicKey,
-            username: '',
-          },
-        };
-
-        // Store offline session locally
-        const offlineSession: ClientSession = {
-          sessionId: localSessionId,
-          deviceId: localDeviceId,
-          expiresAt,
-          lastActive: new Date().toISOString(),
-          userId: publicKey,
-          isCurrent: true,
-        };
-
-        setActiveSessionId(localSessionId);
-        await saveActiveSessionId(localSessionId);
-        updateSessions([offlineSession], { merge: true });
-
-        // Mark session as offline for later sync
-        if (storage) {
-          await storage.setItem(`oxy_session_${localSessionId}_offline`, 'true');
-        }
-
+      // `verifyChallenge` plants the first access token internally, mirroring
+      // `claimSessionByToken`, so the client is authenticated as soon as this
+      // resolves.
+      sessionResponse = await oxyServices.verifyChallenge(
+        publicKey,
+        challenge,
+        signature,
+        timestamp,
+        deviceName,
+        deviceFingerprint,
+      );
+
+      // Get full user data
+      fullUser = await oxyServices.getUserBySession(sessionResponse.sessionId);
+
+      // Fetch device sessions
+      let allDeviceSessions: ClientSession[] = [];
+      try {
+        allDeviceSessions = await fetchSessionsWithFallback(oxyServices, sessionResponse.sessionId, {
+          fallbackDeviceId: sessionResponse.deviceId,
+          fallbackUserId: fullUser.id,
+          logger,
+        });
+      } catch (error) {
         if (__DEV__ && logger) {
-          logger('Offline sign-in successful');
+          logger('Failed to fetch device sessions after login', error);
         }
-      } else {
-        // Online sign-in: use normal flow.
-        // Verify and create session. `verifyChallenge` plants the first
-        // access token (and refresh token) from the `/auth/verify` response
-        // body internally — mirroring `claimSessionByToken` — so the client is
-        // authenticated as soon as this resolves. Session IDs are not public
-        // token-minting credentials; a token-less verify response simply leaves
-        // the client without a bearer here.
-        sessionResponse = await oxyServices.verifyChallenge(
-          publicKey,
-          challenge,
-          signature,
-          timestamp,
-          deviceName,
-          deviceFingerprint,
-        );
+      }
 
-        // Get full user data
-        fullUser = await oxyServices.getUserBySession(sessionResponse.sessionId);
+      // Check for existing session for same user and switch to it to avoid duplicates
+      const existingSession = allDeviceSessions.find(
+        (session) =>
+          session.userId?.toString() === fullUser.id?.toString() &&
+          session.sessionId !== sessionResponse.sessionId,
+      );
 
-        // Fetch device sessions
-        let allDeviceSessions: ClientSession[] = [];
+      if (existingSession) {
+        // Switch to existing session instead of creating duplicate
         try {
-          allDeviceSessions = await fetchSessionsWithFallback(oxyServices, sessionResponse.sessionId, {
-            fallbackDeviceId: sessionResponse.deviceId,
-            fallbackUserId: fullUser.id,
-            logger,
-          });
-        } catch (error) {
+          await oxyServices.logoutSession(sessionResponse.sessionId, sessionResponse.sessionId);
+        } catch (logoutError) {
+          // Non-critical - continue to switch session even if logout fails
           if (__DEV__ && logger) {
-            logger('Failed to fetch device sessions after login', error);
+            logger('Failed to logout duplicate session, continuing with switch', logoutError);
           }
         }
-
-        // Check for existing session for same user and switch to it to avoid duplicates
-        const existingSession = allDeviceSessions.find(
-          (session) =>
-            session.userId?.toString() === fullUser.id?.toString() &&
-            session.sessionId !== sessionResponse.sessionId,
+        await switchSession(existingSession.sessionId);
+        updateSessions(
+          allDeviceSessions.filter((session) => session.sessionId !== sessionResponse.sessionId),
+          { merge: false },
         );
-
-        if (existingSession) {
-          // Switch to existing session instead of creating duplicate
-          try {
-            await oxyServices.logoutSession(sessionResponse.sessionId, sessionResponse.sessionId);
-          } catch (logoutError) {
-            // Non-critical - continue to switch session even if logout fails
-            if (__DEV__ && logger) {
-              logger('Failed to logout duplicate session, continuing with switch', logoutError);
-            }
-          }
-          await switchSession(existingSession.sessionId);
-          updateSessions(
-            allDeviceSessions.filter((session) => session.sessionId !== sessionResponse.sessionId),
-            { merge: false },
-          );
-          onAuthStateChange?.(fullUser);
-          return fullUser;
-        }
-
-        setActiveSessionId(sessionResponse.sessionId);
-        await saveActiveSessionId(sessionResponse.sessionId);
-        updateSessions(allDeviceSessions, { merge: true });
+        onAuthStateChange?.(fullUser);
+        return fullUser;
       }
 
+      setActiveSessionId(sessionResponse.sessionId);
+      await saveActiveSessionId(sessionResponse.sessionId);
+      updateSessions(allDeviceSessions, { merge: true });
+
       await applyLanguagePreference(fullUser);
       loginSuccess(fullUser);
       onAuthStateChange?.(fullUser);
@@ -260,7 +168,6 @@ export const useAuthOperations = ({
       setActiveSessionId,
       switchSession,
       updateSessions,
-      storage,
     ],
   );
 

package/src/ui/hooks/mutations/useAccountMutations.ts

@@ -7,6 +7,7 @@ import type {
   User,
   UserPreferences,
 } from '@oxyhq/core';
+import type { UserProfileUpdate } from '@oxyhq/contracts';
 import {
   queryKeys,
   invalidateAccountQueries,
@@ -29,7 +30,7 @@ export const useUpdateProfile = () => {
 
   return useMutation({
     mutationKey: [...mutationKeys.account.updateProfile],
-    mutationFn: async (updates: Partial<User>) => {
+    mutationFn: async (updates: UserProfileUpdate) => {
       return authenticatedApiCall<User>(
         oxyServices,
         activeSessionId,
@@ -46,17 +47,18 @@ export const useUpdateProfile = () => {
 
       // Optimistically update
       if (previousUser) {
-        queryClient.setQueryData<User>(queryKeys.accounts.current(), {
+        const optimisticUser: User = {
           ...previousUser,
           ...updates,
-        });
+          name: updates.name
+            ? { ...previousUser.name, ...updates.name }
+            : previousUser.name,
+        };
+        queryClient.setQueryData<User>(queryKeys.accounts.current(), optimisticUser);
 
         // Also update profile query if sessionId is available
         if (activeSessionId) {
-          queryClient.setQueryData<User>(queryKeys.users.profile(activeSessionId), {
-            ...previousUser,
-            ...updates,
-          });
+          queryClient.setQueryData<User>(queryKeys.users.profile(activeSessionId), optimisticUser);
         }
       }
 
@@ -684,4 +686,3 @@ export const useUploadFile = () => {
     },
   });
 };
-

package/src/ui/hooks/useDeviceAccounts.ts

@@ -252,19 +252,16 @@ export function useDeviceAccounts(): UseDeviceAccountsResult {
 
         if (fromSharedApex) {
             // Shared apex path: every entry carries a real per-account user.
-            built = sharedAccounts.map((entry): DeviceAccount => {
-                // `entry.user` is non-null on the refresh-all path; the core
-                // mixin skips entries without a valid user. The fallback below
-                // keeps rendering defensive if a server response is incomplete.
-                const accountUser: DeviceAccountUser = entry.user ?? {
-                    id: '',
-                    username: '',
-                };
+            built = sharedAccounts.flatMap((entry): DeviceAccount[] => {
+                if (!entry.user) {
+                    return [];
+                }
+                const accountUser: DeviceAccountUser = entry.user;
                 const displayName = getAccountDisplayName(accountUser, locale);
                 const handle = getAccountFallbackHandle(accountUser);
-                const email = entry.user?.email ?? null;
+                const email = entry.user.email ?? null;
                 const secondaryHandle = handle ? `@${handle}` : null;
-                return {
+                return [{
                     sessionId: entry.sessionId,
                     authuser: entry.authuser,
                     // Provisional; finalised by `markCurrentAccount` below so the
@@ -274,37 +271,36 @@ export function useDeviceAccounts(): UseDeviceAccountsResult {
                     // Real email, or null (NEVER synthesized). The UI uses the
                     // `@handle` line only when email is genuinely absent.
                     email: email ?? secondaryHandle,
-                    avatarUrl: resolveAvatarUrl(entry.user?.avatar),
-                    color: entry.user?.color ?? null,
+                    avatarUrl: resolveAvatarUrl(entry.user.avatar),
+                    color: entry.user.color ?? null,
                     user: accountUser,
-                };
+                }];
             });
         } else {
             // Local fallback path: build from the SDK's multi-session store. The
             // active session row gets the full loaded `user`; inactive fallback
             // rows carry only what the `ClientSession` exposes (no synthesized
             // identity — they show the active user's data only when active).
-            built = (sessions ?? []).map((session: ClientSession): DeviceAccount => {
+            built = (sessions ?? []).flatMap((session: ClientSession): DeviceAccount[] => {
                 const isCurrent = session.sessionId === activeSessionId;
-                const accountUser: DeviceAccountUser = isCurrent && user
-                    ? user
-                    : { id: session.userId ?? '', username: '' };
+                if (!isCurrent || !user) {
+                    return [];
+                }
+                const accountUser: DeviceAccountUser = user;
                 const displayName = getAccountDisplayName(accountUser, locale);
                 const handle = getAccountFallbackHandle(accountUser);
-                const email = isCurrent && user?.email ? user.email : null;
+                const email = user.email ?? null;
                 const secondaryHandle = handle ? `@${handle}` : null;
-                const avatar = isCurrent && user ? user.avatar : undefined;
-                const color = isCurrent && user?.color ? user.color : null;
-                return {
+                return [{
                     sessionId: session.sessionId,
                     authuser: session.authuser,
                     isCurrent,
                     displayName,
                     email: email ?? secondaryHandle,
-                    avatarUrl: resolveAvatarUrl(avatar),
-                    color,
+                    avatarUrl: resolveAvatarUrl(user.avatar),
+                    color: user.color ?? null,
                     user: accountUser,
-                };
+                }];
             });
         }
 

package/src/ui/hooks/useFollow.ts

@@ -1,7 +1,7 @@
 import { useCallback, useMemo, useEffect } from 'react';
 import { useFollowStore } from '../stores/followStore';
 import { useOxy } from '../context/OxyContext';
-import { logger as loggerUtil, type OxyServices } from '@oxyhq/core';
+import { logger as loggerUtil, type OxyServices, type BulkFollowResult } from '@oxyhq/core';
 import { useShallow } from 'zustand/react/shallow';
 
 /**
@@ -144,6 +144,12 @@ export const useFollow = (userId?: string | string[]) => {
     await Promise.all(userIds.map(uid => store.fetchFollowStatus(uid, oxyServices)));
   }, [canUsePrivateApi, userIds, oxyServices]);
 
+  // Bulk follow — follows ALL users in ONE network call (never unfollows).
+  const followAllUsers = useCallback(async (): Promise<BulkFollowResult> => {
+    if (!canUsePrivateApi) throw new Error('Authentication is required to follow users');
+    return useFollowStore.getState().followManyUsers(userIds, oxyServices);
+  }, [canUsePrivateApi, userIds, oxyServices]);
+
   const clearErrorForUser = useCallback((targetUserId: string) => {
     useFollowStore.getState().clearFollowError(targetUserId);
   }, []);
@@ -177,6 +183,7 @@ export const useFollow = (userId?: string | string[]) => {
     setFollowStatusForUser,
     fetchStatusForUser,
     fetchAllStatuses,
+    followAllUsers,
     clearErrorForUser,
     isAnyLoading: multiUserLoadingState.isAnyLoading,
     hasAnyError: multiUserLoadingState.hasAnyError,

package/src/ui/hooks/useFollow.types.ts

@@ -1,6 +1,8 @@
 // Type-only definition for the useFollow hook to allow context exposure without runtime import cycles.
 // Expand this as needed to better reflect the real return type.
 
+import type { BulkFollowResult } from '@oxyhq/core';
+
 export type SingleFollowResult = {
   isFollowing: boolean;
   isLoading: boolean;
@@ -23,6 +25,7 @@ export type MultiFollowResult = {
   setFollowStatusForUser: (userId: string, following: boolean) => void;
   fetchStatusForUser: (userId: string) => Promise<void>;
   fetchAllStatuses: () => Promise<void>;
+  followAllUsers: () => Promise<BulkFollowResult>;
   clearErrorForUser: (userId: string) => void;
   isAnyLoading: boolean;
   hasAnyError: boolean;