feat: update tutorial to use CoW SDK v7

[shoom3301]

Follow up on #45

1. Updated the examples with using SDK v7
2. Removed app-data examples, because SDK encapsulates app-data building
3. Removed "advanced orders" examples, because SDK encapsulates it

Review

There is not a lot of sense to review files, it's better to open preview link and try every step in the tutorial

Summary by CodeRabbit

• New Features

  • Added CoW Protocol Trading tutorials (getting started, provider adapters, quote, approve, submit, view, cancel).
  • Added MEV Blocker user flows for connecting network and sending/canceling transactions.

• Documentation

  • Added new trading and MEV guides; removed legacy Simple Orders and many Advanced tutorials and related docs.

• Refactor

  • Reworked wallet/runtime integration to a viem-based client model and updated tutorial run flow and redirects.

• Chores

  • Upgraded Cow SDK and tooling, added a viem adapter, and removed deprecated packages.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Updated (UTC)
learn	Ready	Preview	Oct 8, 2025 7:53am

[coderabbitai]

Walkthrough

Adds new viem-based CoW Protocol "Trading" and MEV Blocker tutorials, migrates common infra from ethers/Web3Provider to viem PublicClient/WalletClient, updates dependencies, adds many new run.ts examples and meta files, and removes legacy "Simple orders", various advanced-order tutorials, ABIs, and helpers.

Changes

Cohort / File(s)	Summary
Routing redirects src/routes/+page.server.js, src/routes/tutorial/+page.js, src/routes/tutorial/[slug]/+page.server.js	Redirect targets updated to use runtime base + /tutorial/getting-started.
Common infra — viem migration content/tutorial/common/src/web3-provider.ts, content/tutorial/common/src/main.ts, content/tutorial/common/src/lib/run.ts, content/tutorial/common/package.json, content/tutorial/common/src/*, content/tutorial/common/tsconfig.json, content/tutorial/common/index.html, content/tutorial/common/src/types.ts, content/tutorial/common/vite.config.ts, content/tutorial/common/src/style.css	Replace ethers/Web3Provider flows with viem PublicClient/WalletClient; add setupWeb3Provider, chain switching, BigInt-safe JSON formatting; update dependencies (cow-sdk 7.x, sdk-viem-adapter), remove ethers/app-data; styling and small formatting updates.
CoW Protocol — Trading tutorials (new) content/tutorial/01-cow-protocol/**, content/tutorial/01-cow-protocol/01-trading/**, .../00-getting-started/**, .../01-provider-adapters/**, .../02-quote-order/**, .../03-approve-cow-protocol/**, .../04-submit-order/**, .../05-view-order/**, .../06-cancel-off-chain-order/**, .../07-cancel-on-chain-order/**, content/tutorial/01-cow-protocol/tsconfig.json	Add new tutorial docs, meta.json, tsconfig, and run.ts examples (app-b implementations and app-a stubs) demonstrating ViemAdapter usage and TradingSdk flows: getQuote, approveCowProtocol, postSwapOrderFromQuote, view-order, off-chain/on-chain cancel, and provider-adapter patterns.
MEV Blocker (new viem examples) content/tutorial/02-mevblocker/** (app-a/app-b run.ts files), content/tutorial/02-mevblocker/meta.json, content/tutorial/02-mevblocker/tsconfig.json	Add viem-based examples for wallet_addEthereumChain, sending transactions, and cancellation via replacement (nonce reuse). app-b contains full implementations; app-a contains stubs.
Removed: Simple orders tutorials content/tutorial/01-simple-orders/** (all README.md, app-a/app-b run.ts, app-data steps, meta.json)	Delete legacy "Simple orders" docs and all associated run.ts implementations and metadata.
Removed: Advanced orders & Eth-flow / Pre-signed content/tutorial/02-advanced-orders/**, content/tutorial/02-advanced-orders/tsconfig.json, content/tutorial/02-advanced-orders/common/src/lib/gpv2Order.ts, EthFlow ABIs and many run.ts files	Remove advanced tutorials, EthFlow ABIs, gpv2Order helper, pre-signed order flows, related run.ts files and metadata.
Removed: Legacy MEV Blocker (ethers) content/tutorial/05-mevblocker/**, content/tutorial/05-mevblocker/tsconfig.json	Remove ethers-based MEV Blocker tutorials and configs.
Metadata / new metas multiple content/tutorial/.../meta.json under 01-cow-protocol and 02-mevblocker	Add and update meta.json files for new tutorial steps and titles (Provider Adapters, Approve CoW Protocol, Trading, MEV Blocker, etc.).
Styling & small docs edits content/tutorial/common/src/style.css, assorted README formatting changes	Add hover/focus CSS rules; minor formatting/indentation fixes in READMEs.
Examples & minor app changes content/tutorial/common/index.html, content/tutorial/common/src/types.ts, content/tutorial/common/vite.config.ts	Minor formatting and attribute reordering; typing style tweaks; no behavioral changes.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor User
  participant BrowserApp
  participant setup as SetupCallback
  participant WalletClient
  participant PublicClient
  participant ViemAdapter
  participant TradingSdk

  User->>BrowserApp: Click "Run tutorial"
  BrowserApp->>setup: setup(SupportedChainId.GNOSIS_CHAIN)
  setup-->>BrowserApp: { publicClient, walletClient }
  BrowserApp->>PublicClient: getChainId()
  PublicClient-->>BrowserApp: chainId
  BrowserApp->>ViemAdapter: new(provider=publicClient, signer=walletClient)
  BrowserApp->>TradingSdk: new({ chainId, appCode, adapter })
  BrowserApp->>TradingSdk: getQuote(params)
  TradingSdk-->>BrowserApp: quoteResults
  BrowserApp->>TradingSdk: approveCowProtocol(token, amount)
  TradingSdk-->>BrowserApp: approvalTxHash
  BrowserApp->>TradingSdk: postSwapOrderFromQuote(quote)
  TradingSdk-->>BrowserApp: postingResult

Loading

sequenceDiagram
  autonumber
  actor User
  participant BrowserApp
  participant setup as SetupCallback
  participant WalletClient
  participant PublicClient

  User->>BrowserApp: Run MEV Blocker example
  BrowserApp->>setup: setup(SupportedChainId.MAINNET)
  setup-->>BrowserApp: { publicClient, walletClient }
  BrowserApp->>WalletClient: getAddresses()
  WalletClient-->>BrowserApp: [owner]
  BrowserApp->>WalletClient: sendTransaction(tx nonce=N)
  WalletClient-->>BrowserApp: txHashA
  par Replacement (cancel)
    BrowserApp->>WalletClient: sendTransaction(replacement tx nonce=N)
    WalletClient-->>BrowserApp: txHashB
  and Await
    BrowserApp->>PublicClient: waitForTransactionReceipt(txHashA or txHashB)
    PublicClient-->>BrowserApp: receipt
  end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Poem

I hop through modules, paws on keys so light,
Swapping Web3 for viem in the night.
Adapters align, quotes leap in a row,
MEV tricks dodged with a nimble hop—go!
Old paths cleared, new carrots in sight. 🐇✨

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description Check	⚠️ Warning	The pull request description does not follow the required template structure, missing the mandatory “# Description” and “# Changes” headings and the detailed checklist format. Instead it uses a custom format with a “## Review” section that is not part of the repository’s template. This makes it harder for reviewers to locate key context and change details in the expected sections.	Please update the description to include a “# Description” section that explains the context and motivation for the changes, followed by a “# Changes” section listing each detailed modification using the provided checklist format. Remove or relocate the “## Review” note into an appropriate section of the template and, if applicable, add a “Related Issues” segment at the end. Ensuring alignment with the repository’s template will improve clarity and consistency for reviewers.
Docstring Coverage	⚠️ Warning	Docstring coverage is 33.33% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title uses a conventional commit prefix and concisely describes the primary change of updating the tutorial to the new SDK version, directly reflecting the pull request’s main objective. It is clear, specific, and avoids unnecessary details or file lists, making it easy for teammates to understand the update at a glance. The phrasing accurately captures the essence of the changeset without being overly broad or vague.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/sdkv7

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​cowprotocol/​sdk-order-signing@​0.1.4
	isows@​1.0.7
	@​cowprotocol/​sdk-viem-adapter@​0.1.1
	@​cowprotocol/​sdk-config@​0.1.0
	@​cowprotocol/​sdk-order-book@​0.1.1
	@​cowprotocol/​sdk-app-data@​4.0.1
	@​cowprotocol/​sdk-common@​0.2.0
	@​cowprotocol/​sdk-contracts-ts@​0.3.0
	abitype@​1.1.0
	@​noble/​ciphers@​1.3.0
	ox@​0.9.6
	viem@​2.37.13
	@​cowprotocol/​sdk-trading@​0.3.0
	@​cowprotocol/​cow-sdk@​5.0.0 ⏵ 7.0.6	+22		+2	+3

View full report

[coderabbitai]

Actionable comments posted: 9

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

content/tutorial/common/src/main.ts (1)

71-88: Restore button state and validate wallet accounts before proceeding

If walletClient.switchChain or walletClient.request('eth_requestAccounts') rejects (user cancels, wallet errors, etc.), the function exits before reaching the .finally() tied to run(). The button label remains “Running…” permanently, and the user cannot retry. Additionally, accounts[0] is used without verifying the request returned at least one address, so a wallet that resolves with [] (or an unexpected payload) will assign undefined to walletClient.account.address, causing later SDK calls to fail.

Wrap the whole flow in try/finally, and bail out when no account is returned before mutating walletClient.account.

-  runExampleBtn.addEventListener('click', async () => {
-    runExampleBtn.innerHTML = 'Running...'
-
-		await walletClient!.switchChain({ id: gnosis.id })
-		const accounts = await walletClient!.request({ method: 'eth_requestAccounts' })
-
-		walletClient!.account = {
-			address: accounts[0],
-			type: 'json-rpc'
-		}
-
-		console.log('Assign account to walletClient', walletClient, accounts[0])
-
-    run(publicClient!, walletClient!).then(result => {
-      outputContainer.innerHTML = JSON.stringify(result, jsonWithBigintReplacer, 4)
-    }).catch(error => {
-			console.error(error)
-      outputContainer.innerHTML = error.message
-    }).finally(() => {
-      runExampleBtn.innerHTML = 'Run example'
-    })
-  })
+  runExampleBtn.addEventListener('click', async () => {
+    runExampleBtn.innerHTML = 'Running...'
+    try {
+      await walletClient!.switchChain({ id: gnosis.id })
+      const accounts = await walletClient!.request({ method: 'eth_requestAccounts' })
+      if (!Array.isArray(accounts) || accounts.length === 0) {
+        throw new Error('Wallet returned no accounts')
+      }
+
+      walletClient!.account = {
+        address: accounts[0],
+        type: 'json-rpc'
+      }
+
+      console.log('Assign account to walletClient', walletClient, accounts[0])
+
+      const result = await run(publicClient!, walletClient!)
+      outputContainer.innerHTML = JSON.stringify(result, jsonWithBigintReplacer, 4)
+    } catch (error) {
+      console.error(error)
+      outputContainer.innerHTML = error instanceof Error ? error.message : String(error)
+    } finally {
+      runExampleBtn.innerHTML = 'Run example'
+    }
+  })

🧹 Nitpick comments (11)

content/tutorial/01-cow-protocol/01-trading/07-cancel-on-chain-order/app-b/src/lib/run.ts (1)

24-34: Consider structuring error responses for consistency.

The success case returns a well-structured object, but the catch block returns the raw error. For a tutorial, structured error handling provides a better learning example and prevents potential information leakage.

Apply this diff to structure the error response:

 	try {
 		const txHash = await sdk.onChainCancelOrder({ orderUid });
 
 		return {
 			txHash,
 			explorerLink: `https://gnosisscan.io/tx/${txHash}`,
 			message: 'Order cancelled on-chain successfully'
 		};
 	} catch (e) {
-		return e;
+		return {
+			error: true,
+			message: e instanceof Error ? e.message : 'Unknown error occurred',
+		};
 	}

content/tutorial/01-cow-protocol/01-trading/03-approve-cow-protocol/app-b/src/lib/run.ts (1)

33-41: Consider adding error handling for SDK operations.

The tutorial fetches a quote and performs an approval without try-catch blocks. For production code, these async operations should include error handling to gracefully manage network failures, insufficient allowances, or rejected transactions.

For example:

+	try {
 		const { quoteResults } = await sdk.getQuote(parameters);
 
 		console.log('QuoteResults', quoteResults);
 
 		// Approve CoW Protocol to spend the sell token
 		const approvalTx = await sdk.approveCowProtocol({
 			tokenAddress: sellToken,
 			amount: BigInt(parameters.amount),
 		});
 
 		return {
 			approvalTxHash: approvalTx,
 			message: 'CoW Protocol has been approved to spend your wxDAI'
 		};
+	} catch (error) {
+		return {
+			error: error instanceof Error ? error.message : 'Unknown error occurred',
+			message: 'Failed to approve CoW Protocol'
+		};
+	}

content/tutorial/01-cow-protocol/01-trading/01-provider-adapters/app-a/src/lib/run.ts (1)

3-10: Placeholder ready for implementation.

This placeholder function is structured correctly for the tutorial. The implementation should create a ViemAdapter as shown in the app-b counterpart.

Would you like me to generate the implementation code based on the pattern in app-b/src/lib/run.ts?

content/tutorial/01-cow-protocol/01-trading/02-quote-order/app-a/src/lib/run.ts (1)

3-6: Placeholder ready for implementation.

This placeholder function is structured correctly for the tutorial. The implementation should fetch a quote using the TradingSdk as demonstrated in the app-b counterpart.

Would you like me to generate the implementation code based on the pattern in app-b/src/lib/run.ts?

content/tutorial/01-cow-protocol/01-trading/03-approve-cow-protocol/app-a/src/lib/run.ts (1)

3-6: Placeholder ready for implementation.

This placeholder function is structured correctly for the tutorial. The implementation should perform a token approval using the TradingSdk as shown in the app-b counterpart.

Would you like me to generate the implementation code based on the pattern in app-b/src/lib/run.ts?

content/tutorial/02-mevblocker/01-users/03-cancel-transaction-mevblocker/app-b/src/lib/run.ts (1)

21-25: Consider clarifying which transaction hash is returned.

The code returns the hash of the original transaction, but the message says "Cancellation sent!". Since both transactions use the same nonce and race to be included, it might be clearer to either:

1. Return the cancellation transaction hash (second element from Promise.all)
2. Return both hashes with clear labels
3. Update the message to reflect that this is the original transaction URL

This would help users understand they should check both transactions to see which one was included.

content/tutorial/01-cow-protocol/01-trading/04-submit-order/app-a/src/lib/run.ts (1)

35-35: Track or implement the TODO comment.

The placeholder TODO indicates that this tutorial step is incomplete. Consider either implementing the postSwapOrderFromQuote() call or creating a tracking issue.

Do you want me to open a new issue to track this task, or would you prefer to implement the call in this PR?

content/tutorial/01-cow-protocol/01-trading/01-provider-adapters/app-b/src/lib/run.ts (1)

1-1: Minor: Remove space before comma in import.

There's an extra space before the comma in the import statement.

Apply this diff:

-import { setGlobalAdapter , getGlobalAdapter} from '@cowprotocol/cow-sdk'
+import { setGlobalAdapter, getGlobalAdapter } from '@cowprotocol/cow-sdk'

content/tutorial/01-cow-protocol/01-trading/06-cancel-off-chain-order/README.md (2)

24-42: Convert hard tabs to spaces.

The markdown linter flags hard tabs in the code examples. For consistency with the project's linting rules, convert tabs to spaces (typically 2 or 4 spaces).

This affects the TypeScript code block starting at line 23. Replace hard tabs with spaces for indentation.

---

66-67: Convert hard tabs to spaces.

The markdown linter flags hard tabs in the JSON code example. Convert tabs to spaces for consistency with the project's linting rules.

content/tutorial/01-cow-protocol/01-trading/03-approve-cow-protocol/README.md (1)

18-62: Convert hard tabs to spaces.

The markdown linter flags hard tabs throughout the code examples. For consistency with the project's linting rules, convert tabs to spaces (typically 2 or 4 spaces).

This affects multiple TypeScript code blocks in the file. Replace hard tabs with spaces for indentation.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5414e59 and cf4dc15.

⛔ Files ignored due to path filters (1)

• content/tutorial/common/yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (105)

• content/tutorial/01-cow-protocol/01-trading/00-getting-started/README.md (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/00-getting-started/app-a/src/lib/run.ts (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/00-getting-started/app-b/src/lib/run.ts (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/01-provider-adapters/README.md (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/01-provider-adapters/app-a/src/lib/run.ts (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/01-provider-adapters/app-b/src/lib/run.ts (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/01-provider-adapters/meta.json (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/02-quote-order/README.md (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/02-quote-order/app-a/src/lib/run.ts (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/02-quote-order/app-b/src/lib/run.ts (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/03-approve-cow-protocol/README.md (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/03-approve-cow-protocol/app-a/src/lib/run.ts (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/03-approve-cow-protocol/app-b/src/lib/run.ts (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/03-approve-cow-protocol/meta.json (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/04-submit-order/README.md (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/04-submit-order/app-a/src/lib/run.ts (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/04-submit-order/app-b/src/lib/run.ts (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/05-view-order/app-a/src/lib/run.ts (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/05-view-order/app-b/src/lib/run.ts (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/06-cancel-off-chain-order/README.md (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/06-cancel-off-chain-order/app-a/src/lib/run.ts (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/06-cancel-off-chain-order/app-b/src/lib/run.ts (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/07-cancel-on-chain-order/README.md (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/07-cancel-on-chain-order/app-a/src/lib/run.ts (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/07-cancel-on-chain-order/app-b/src/lib/run.ts (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/meta.json (1 hunks)
• content/tutorial/01-cow-protocol/meta.json (1 hunks)
• content/tutorial/01-cow-protocol/tsconfig.json (1 hunks)
• content/tutorial/01-simple-orders/01-order/00-getting-started-order/README.md (0 hunks)
• content/tutorial/01-simple-orders/01-order/00-getting-started-order/app-a/src/lib/run.ts (0 hunks)
• content/tutorial/01-simple-orders/01-order/00-getting-started-order/app-b/src/lib/run.ts (0 hunks)
• content/tutorial/01-simple-orders/01-order/01-approve-sell-token-order/README.md (0 hunks)
• content/tutorial/01-simple-orders/01-order/01-approve-sell-token-order/app-a/src/lib/run.ts (0 hunks)
• content/tutorial/01-simple-orders/01-order/01-approve-sell-token-order/app-b/src/lib/run.ts (0 hunks)
• content/tutorial/01-simple-orders/01-order/02-quote-order/README.md (0 hunks)
• content/tutorial/01-simple-orders/01-order/02-quote-order/app-a/src/lib/run.ts (0 hunks)
• content/tutorial/01-simple-orders/01-order/02-quote-order/app-b/src/lib/run.ts (0 hunks)
• content/tutorial/01-simple-orders/01-order/03-sign-order/README.md (0 hunks)
• content/tutorial/01-simple-orders/01-order/03-sign-order/app-a/src/lib/run.ts (0 hunks)
• content/tutorial/01-simple-orders/01-order/03-sign-order/app-b/src/lib/run.ts (0 hunks)
• content/tutorial/01-simple-orders/01-order/03-sign-order/meta.json (0 hunks)
• content/tutorial/01-simple-orders/01-order/04-submit-order/README.md (0 hunks)
• content/tutorial/01-simple-orders/01-order/04-submit-order/app-a/src/lib/run.ts (0 hunks)
• content/tutorial/01-simple-orders/01-order/04-submit-order/app-b/src/lib/run.ts (0 hunks)
• content/tutorial/01-simple-orders/01-order/05-view-order/app-a/src/lib/run.ts (0 hunks)
• content/tutorial/01-simple-orders/01-order/06-cancel-off-chain-order/README.md (0 hunks)
• content/tutorial/01-simple-orders/01-order/06-cancel-off-chain-order/app-b/src/lib/run.ts (0 hunks)
• content/tutorial/01-simple-orders/01-order/07-cancel-on-chain-order/README.md (0 hunks)
• content/tutorial/01-simple-orders/01-order/07-cancel-on-chain-order/app-a/src/lib/run.ts (0 hunks)
• content/tutorial/01-simple-orders/01-order/07-cancel-on-chain-order/app-b/src/lib/run.ts (0 hunks)
• content/tutorial/01-simple-orders/02-app-data/01-simple-app-data/README.md (0 hunks)
• content/tutorial/01-simple-orders/02-app-data/01-simple-app-data/app-a/src/lib/run.ts (0 hunks)
• content/tutorial/01-simple-orders/02-app-data/01-simple-app-data/app-b/src/lib/run.ts (0 hunks)
• content/tutorial/01-simple-orders/02-app-data/02-create-order-app-data/README.md (0 hunks)
• content/tutorial/01-simple-orders/02-app-data/02-create-order-app-data/app-a/src/lib/run.ts (0 hunks)
• content/tutorial/01-simple-orders/02-app-data/02-create-order-app-data/app-b/src/lib/run.ts (0 hunks)
• content/tutorial/01-simple-orders/02-app-data/03-orderbook-upload-app-data/README.md (0 hunks)
• content/tutorial/01-simple-orders/02-app-data/03-orderbook-upload-app-data/app-a/src/lib/run.ts (0 hunks)
• content/tutorial/01-simple-orders/02-app-data/03-orderbook-upload-app-data/app-b/src/lib/run.ts (0 hunks)
• content/tutorial/01-simple-orders/02-app-data/04-view-app-data/README.md (0 hunks)
• content/tutorial/01-simple-orders/02-app-data/04-view-app-data/app-a/src/lib/run.ts (0 hunks)
• content/tutorial/01-simple-orders/02-app-data/04-view-app-data/app-b/src/lib/run.ts (0 hunks)
• content/tutorial/01-simple-orders/02-app-data/meta.json (0 hunks)
• content/tutorial/02-advanced-orders/01-eth-flow/01-create-eth-flow/README.md (0 hunks)
• content/tutorial/02-advanced-orders/01-eth-flow/01-create-eth-flow/app-a/src/lib/run.ts (0 hunks)
• content/tutorial/02-advanced-orders/01-eth-flow/01-create-eth-flow/app-b/src/lib/ethFlow.abi.json (0 hunks)
• content/tutorial/02-advanced-orders/01-eth-flow/01-create-eth-flow/app-b/src/lib/run.ts (0 hunks)
• content/tutorial/02-advanced-orders/01-eth-flow/02-view-eth-flow/README.md (0 hunks)
• content/tutorial/02-advanced-orders/01-eth-flow/02-view-eth-flow/app-a/src/lib/ethFlow.abi.json (0 hunks)
• content/tutorial/02-advanced-orders/01-eth-flow/02-view-eth-flow/app-a/src/lib/run.ts (0 hunks)
• content/tutorial/02-advanced-orders/01-eth-flow/02-view-eth-flow/app-b/src/lib/run.ts (0 hunks)
• content/tutorial/02-advanced-orders/01-eth-flow/03-cancel-eth-flow/README.md (0 hunks)
• content/tutorial/02-advanced-orders/01-eth-flow/03-cancel-eth-flow/app-a/src/lib/ethFlow.abi.json (0 hunks)
• content/tutorial/02-advanced-orders/01-eth-flow/03-cancel-eth-flow/app-a/src/lib/run.ts (0 hunks)
• content/tutorial/02-advanced-orders/01-eth-flow/03-cancel-eth-flow/app-b/src/lib/run.ts (0 hunks)
• content/tutorial/02-advanced-orders/03-pre-signed-orders/01-create-pre-signed-order/README.md (0 hunks)
• content/tutorial/02-advanced-orders/03-pre-signed-orders/01-create-pre-signed-order/app-a/src/lib/run.ts (0 hunks)
• content/tutorial/02-advanced-orders/03-pre-signed-orders/01-create-pre-signed-order/app-b/src/lib/run.ts (0 hunks)
• content/tutorial/02-advanced-orders/03-pre-signed-orders/02-view-pre-signed-order/README.md (0 hunks)
• content/tutorial/02-advanced-orders/03-pre-signed-orders/03-cancel-pre-signed-order/README.md (0 hunks)
• content/tutorial/02-advanced-orders/03-pre-signed-orders/03-cancel-pre-signed-order/app-a/src/lib/run.ts (0 hunks)
• content/tutorial/02-advanced-orders/03-pre-signed-orders/03-cancel-pre-signed-order/app-b/src/lib/run.ts (0 hunks)
• content/tutorial/02-advanced-orders/03-pre-signed-orders/meta.json (0 hunks)
• content/tutorial/02-advanced-orders/common/src/lib/gpv2Order.ts (0 hunks)
• content/tutorial/02-advanced-orders/meta.json (0 hunks)
• content/tutorial/02-advanced-orders/tsconfig.json (0 hunks)
• content/tutorial/02-mevblocker/01-users/01-connect-mevblocker/app-a/src/lib/run.ts (1 hunks)
• content/tutorial/02-mevblocker/01-users/01-connect-mevblocker/app-b/src/lib/run.ts (2 hunks)
• content/tutorial/02-mevblocker/01-users/02-send-transaction-mevblocker/app-a/src/lib/run.ts (1 hunks)
• content/tutorial/02-mevblocker/01-users/02-send-transaction-mevblocker/app-b/src/lib/run.ts (1 hunks)
• content/tutorial/02-mevblocker/01-users/03-cancel-transaction-mevblocker/app-a/src/lib/run.ts (1 hunks)
• content/tutorial/02-mevblocker/01-users/03-cancel-transaction-mevblocker/app-b/src/lib/run.ts (1 hunks)
• content/tutorial/05-mevblocker/01-users/01-connect-mevblocker/app-a/src/lib/run.ts (0 hunks)
• content/tutorial/05-mevblocker/01-users/02-send-transaction-mevblocker/app-a/src/lib/run.ts (0 hunks)
• content/tutorial/05-mevblocker/01-users/02-send-transaction-mevblocker/app-b/src/lib/run.ts (0 hunks)
• content/tutorial/05-mevblocker/01-users/03-cancel-transaction-mevblocker/app-a/src/lib/run.ts (0 hunks)
• content/tutorial/05-mevblocker/01-users/03-cancel-transaction-mevblocker/app-b/src/lib/run.ts (0 hunks)
• content/tutorial/05-mevblocker/tsconfig.json (0 hunks)
• content/tutorial/common/package.json (1 hunks)
• content/tutorial/common/src/lib/run.ts (1 hunks)
• content/tutorial/common/src/main.ts (4 hunks)
• content/tutorial/common/src/web3-provider.ts (1 hunks)
• src/routes/+page.server.js (1 hunks)
• src/routes/tutorial/+page.js (1 hunks)
• src/routes/tutorial/[slug]/+page.server.js (1 hunks)

💤 Files with no reviewable changes (64)

• content/tutorial/01-simple-orders/02-app-data/01-simple-app-data/README.md
• content/tutorial/01-simple-orders/02-app-data/02-create-order-app-data/README.md
• content/tutorial/02-advanced-orders/01-eth-flow/03-cancel-eth-flow/app-a/src/lib/run.ts
• content/tutorial/02-advanced-orders/01-eth-flow/01-create-eth-flow/app-b/src/lib/run.ts
• content/tutorial/01-simple-orders/01-order/02-quote-order/app-b/src/lib/run.ts
• content/tutorial/05-mevblocker/01-users/03-cancel-transaction-mevblocker/app-b/src/lib/run.ts
• content/tutorial/01-simple-orders/02-app-data/03-orderbook-upload-app-data/app-a/src/lib/run.ts
• content/tutorial/01-simple-orders/01-order/05-view-order/app-a/src/lib/run.ts
• content/tutorial/01-simple-orders/01-order/07-cancel-on-chain-order/app-a/src/lib/run.ts
• content/tutorial/01-simple-orders/02-app-data/02-create-order-app-data/app-a/src/lib/run.ts
• content/tutorial/01-simple-orders/02-app-data/01-simple-app-data/app-a/src/lib/run.ts
• content/tutorial/01-simple-orders/01-order/01-approve-sell-token-order/app-b/src/lib/run.ts
• content/tutorial/02-advanced-orders/01-eth-flow/01-create-eth-flow/app-a/src/lib/run.ts
• content/tutorial/02-advanced-orders/01-eth-flow/02-view-eth-flow/app-b/src/lib/run.ts
• content/tutorial/01-simple-orders/01-order/01-approve-sell-token-order/app-a/src/lib/run.ts
• content/tutorial/02-advanced-orders/03-pre-signed-orders/01-create-pre-signed-order/app-b/src/lib/run.ts
• content/tutorial/02-advanced-orders/01-eth-flow/01-create-eth-flow/README.md
• content/tutorial/05-mevblocker/tsconfig.json
• content/tutorial/01-simple-orders/01-order/04-submit-order/app-a/src/lib/run.ts
• content/tutorial/02-advanced-orders/03-pre-signed-orders/03-cancel-pre-signed-order/app-b/src/lib/run.ts
• content/tutorial/01-simple-orders/02-app-data/01-simple-app-data/app-b/src/lib/run.ts
• content/tutorial/01-simple-orders/02-app-data/04-view-app-data/app-a/src/lib/run.ts
• content/tutorial/01-simple-orders/02-app-data/03-orderbook-upload-app-data/app-b/src/lib/run.ts
• content/tutorial/02-advanced-orders/01-eth-flow/03-cancel-eth-flow/README.md
• content/tutorial/02-advanced-orders/01-eth-flow/01-create-eth-flow/app-b/src/lib/ethFlow.abi.json
• content/tutorial/02-advanced-orders/01-eth-flow/02-view-eth-flow/README.md
• content/tutorial/01-simple-orders/02-app-data/03-orderbook-upload-app-data/README.md
• content/tutorial/01-simple-orders/01-order/00-getting-started-order/README.md
• content/tutorial/02-advanced-orders/01-eth-flow/02-view-eth-flow/app-a/src/lib/run.ts
• content/tutorial/02-advanced-orders/03-pre-signed-orders/01-create-pre-signed-order/README.md
• content/tutorial/02-advanced-orders/01-eth-flow/03-cancel-eth-flow/app-a/src/lib/ethFlow.abi.json
• content/tutorial/02-advanced-orders/meta.json
• content/tutorial/02-advanced-orders/03-pre-signed-orders/meta.json
• content/tutorial/05-mevblocker/01-users/02-send-transaction-mevblocker/app-b/src/lib/run.ts
• content/tutorial/01-simple-orders/01-order/02-quote-order/README.md
• content/tutorial/01-simple-orders/02-app-data/meta.json
• content/tutorial/01-simple-orders/01-order/03-sign-order/meta.json
• content/tutorial/01-simple-orders/01-order/03-sign-order/app-a/src/lib/run.ts
• content/tutorial/01-simple-orders/02-app-data/02-create-order-app-data/app-b/src/lib/run.ts
• content/tutorial/05-mevblocker/01-users/01-connect-mevblocker/app-a/src/lib/run.ts
• content/tutorial/01-simple-orders/01-order/06-cancel-off-chain-order/app-b/src/lib/run.ts
• content/tutorial/02-advanced-orders/common/src/lib/gpv2Order.ts
• content/tutorial/02-advanced-orders/03-pre-signed-orders/03-cancel-pre-signed-order/README.md
• content/tutorial/01-simple-orders/01-order/04-submit-order/README.md
• content/tutorial/01-simple-orders/01-order/01-approve-sell-token-order/README.md
• content/tutorial/01-simple-orders/01-order/03-sign-order/app-b/src/lib/run.ts
• content/tutorial/02-advanced-orders/01-eth-flow/03-cancel-eth-flow/app-b/src/lib/run.ts
• content/tutorial/01-simple-orders/01-order/00-getting-started-order/app-b/src/lib/run.ts
• content/tutorial/01-simple-orders/01-order/00-getting-started-order/app-a/src/lib/run.ts
• content/tutorial/01-simple-orders/01-order/07-cancel-on-chain-order/app-b/src/lib/run.ts
• content/tutorial/02-advanced-orders/01-eth-flow/02-view-eth-flow/app-a/src/lib/ethFlow.abi.json
• content/tutorial/05-mevblocker/01-users/03-cancel-transaction-mevblocker/app-a/src/lib/run.ts
• content/tutorial/02-advanced-orders/03-pre-signed-orders/02-view-pre-signed-order/README.md
• content/tutorial/01-simple-orders/01-order/06-cancel-off-chain-order/README.md
• content/tutorial/01-simple-orders/01-order/07-cancel-on-chain-order/README.md
• content/tutorial/02-advanced-orders/03-pre-signed-orders/01-create-pre-signed-order/app-a/src/lib/run.ts
• content/tutorial/01-simple-orders/02-app-data/04-view-app-data/app-b/src/lib/run.ts
• content/tutorial/01-simple-orders/01-order/03-sign-order/README.md
• content/tutorial/01-simple-orders/01-order/02-quote-order/app-a/src/lib/run.ts
• content/tutorial/01-simple-orders/02-app-data/04-view-app-data/README.md
• content/tutorial/01-simple-orders/01-order/04-submit-order/app-b/src/lib/run.ts
• content/tutorial/02-advanced-orders/03-pre-signed-orders/03-cancel-pre-signed-order/app-a/src/lib/run.ts
• content/tutorial/02-advanced-orders/tsconfig.json
• content/tutorial/05-mevblocker/01-users/02-send-transaction-mevblocker/app-a/src/lib/run.ts

🧰 Additional context used

🧬 Code graph analysis (25)

content/tutorial/01-cow-protocol/01-trading/01-provider-adapters/app-a/src/lib/run.ts (2)

content/tutorial/01-cow-protocol/01-trading/01-provider-adapters/app-b/src/lib/run.ts (1)

• run (5-33)

content/tutorial/common/src/web3-provider.ts (2)

• publicClient (6-11)
• walletClient (13-18)

content/tutorial/01-cow-protocol/01-trading/02-quote-order/app-b/src/lib/run.ts (4)

content/tutorial/01-cow-protocol/01-trading/01-provider-adapters/app-b/src/lib/run.ts (1)

• run (5-33)

content/tutorial/01-cow-protocol/01-trading/03-approve-cow-protocol/app-b/src/lib/run.ts (1)

• run (5-47)

content/tutorial/01-cow-protocol/01-trading/04-submit-order/app-b/src/lib/run.ts (1)

• run (5-46)

content/tutorial/common/src/web3-provider.ts (2)

• publicClient (6-11)
• walletClient (13-18)

content/tutorial/01-cow-protocol/01-trading/03-approve-cow-protocol/app-a/src/lib/run.ts (2)

content/tutorial/01-cow-protocol/01-trading/03-approve-cow-protocol/app-b/src/lib/run.ts (1)

• run (5-47)

content/tutorial/common/src/web3-provider.ts (2)

• publicClient (6-11)
• walletClient (13-18)

content/tutorial/01-cow-protocol/01-trading/03-approve-cow-protocol/app-b/src/lib/run.ts (3)

content/tutorial/01-cow-protocol/01-trading/01-provider-adapters/app-b/src/lib/run.ts (1)

• run (5-33)

content/tutorial/01-cow-protocol/01-trading/02-quote-order/app-b/src/lib/run.ts (1)

• run (5-38)

content/tutorial/common/src/web3-provider.ts (2)

• publicClient (6-11)
• walletClient (13-18)

content/tutorial/01-cow-protocol/01-trading/00-getting-started/app-b/src/lib/run.ts (2)

content/tutorial/01-cow-protocol/01-trading/00-getting-started/app-a/src/lib/run.ts (1)

• run (3-6)

content/tutorial/common/src/web3-provider.ts (2)

• publicClient (6-11)
• walletClient (13-18)

content/tutorial/02-mevblocker/01-users/03-cancel-transaction-mevblocker/app-b/src/lib/run.ts (3)

content/tutorial/02-mevblocker/01-users/02-send-transaction-mevblocker/app-b/src/lib/run.ts (1)

• run (4-22)

content/tutorial/02-mevblocker/01-users/03-cancel-transaction-mevblocker/app-a/src/lib/run.ts (1)

• run (4-16)

content/tutorial/common/src/web3-provider.ts (2)

• publicClient (6-11)
• walletClient (13-18)

content/tutorial/02-mevblocker/01-users/02-send-transaction-mevblocker/app-b/src/lib/run.ts (3)

content/tutorial/02-mevblocker/01-users/03-cancel-transaction-mevblocker/app-a/src/lib/run.ts (1)

• run (4-16)

content/tutorial/02-mevblocker/01-users/03-cancel-transaction-mevblocker/app-b/src/lib/run.ts (1)

• run (4-26)

content/tutorial/common/src/web3-provider.ts (2)

• publicClient (6-11)
• walletClient (13-18)

content/tutorial/01-cow-protocol/01-trading/07-cancel-on-chain-order/app-b/src/lib/run.ts (4)

content/tutorial/01-cow-protocol/01-trading/01-provider-adapters/app-b/src/lib/run.ts (1)

• run (5-33)

content/tutorial/01-cow-protocol/01-trading/02-quote-order/app-b/src/lib/run.ts (1)

• run (5-38)

content/tutorial/01-cow-protocol/01-trading/05-view-order/app-b/src/lib/run.ts (1)

• run (4-26)

content/tutorial/01-cow-protocol/01-trading/06-cancel-off-chain-order/app-a/src/lib/run.ts (1)

• run (5-24)

content/tutorial/01-cow-protocol/01-trading/07-cancel-on-chain-order/app-a/src/lib/run.ts (4)

content/tutorial/01-cow-protocol/01-trading/01-provider-adapters/app-b/src/lib/run.ts (1)

• run (5-33)

content/tutorial/01-cow-protocol/01-trading/02-quote-order/app-b/src/lib/run.ts (1)

• run (5-38)

content/tutorial/01-cow-protocol/01-trading/06-cancel-off-chain-order/app-a/src/lib/run.ts (1)

• run (5-24)

content/tutorial/common/src/web3-provider.ts (2)

• publicClient (6-11)
• walletClient (13-18)

content/tutorial/01-cow-protocol/01-trading/05-view-order/app-a/src/lib/run.ts (2)

content/tutorial/01-cow-protocol/01-trading/05-view-order/app-b/src/lib/run.ts (1)

• run (4-26)

content/tutorial/common/src/web3-provider.ts (2)

• publicClient (6-11)
• walletClient (13-18)

content/tutorial/02-mevblocker/01-users/02-send-transaction-mevblocker/app-a/src/lib/run.ts (1)

content/tutorial/02-mevblocker/01-users/02-send-transaction-mevblocker/app-b/src/lib/run.ts (1)

• run (4-22)

content/tutorial/01-cow-protocol/01-trading/02-quote-order/app-a/src/lib/run.ts (2)

content/tutorial/01-cow-protocol/01-trading/02-quote-order/app-b/src/lib/run.ts (1)

• run (5-38)

content/tutorial/common/src/web3-provider.ts (2)

• publicClient (6-11)
• walletClient (13-18)

content/tutorial/02-mevblocker/01-users/01-connect-mevblocker/app-a/src/lib/run.ts (2)

content/tutorial/02-mevblocker/01-users/02-send-transaction-mevblocker/app-b/src/lib/run.ts (1)

• run (4-22)

content/tutorial/02-mevblocker/01-users/03-cancel-transaction-mevblocker/app-b/src/lib/run.ts (1)

• run (4-26)

content/tutorial/02-mevblocker/01-users/01-connect-mevblocker/app-b/src/lib/run.ts (1)

content/tutorial/common/src/web3-provider.ts (2)

• publicClient (6-11)
• walletClient (13-18)

content/tutorial/01-cow-protocol/01-trading/06-cancel-off-chain-order/app-a/src/lib/run.ts (2)

content/tutorial/01-cow-protocol/01-trading/06-cancel-off-chain-order/app-b/src/lib/run.ts (1)

• run (5-35)

content/tutorial/common/src/web3-provider.ts (2)

• publicClient (6-11)
• walletClient (13-18)

content/tutorial/01-cow-protocol/01-trading/06-cancel-off-chain-order/app-b/src/lib/run.ts (4)

content/tutorial/01-cow-protocol/01-trading/01-provider-adapters/app-b/src/lib/run.ts (1)

• run (5-33)

content/tutorial/01-cow-protocol/01-trading/02-quote-order/app-b/src/lib/run.ts (1)

• run (5-38)

content/tutorial/01-cow-protocol/01-trading/05-view-order/app-b/src/lib/run.ts (1)

• run (4-26)

content/tutorial/common/src/web3-provider.ts (2)

• publicClient (6-11)
• walletClient (13-18)

content/tutorial/common/src/lib/run.ts (1)

content/tutorial/common/src/web3-provider.ts (2)

• publicClient (6-11)
• walletClient (13-18)

content/tutorial/01-cow-protocol/01-trading/00-getting-started/app-a/src/lib/run.ts (2)

content/tutorial/01-cow-protocol/01-trading/00-getting-started/app-b/src/lib/run.ts (1)

• run (3-15)

content/tutorial/common/src/web3-provider.ts (2)

• publicClient (6-11)
• walletClient (13-18)

content/tutorial/02-mevblocker/01-users/03-cancel-transaction-mevblocker/app-a/src/lib/run.ts (3)

content/tutorial/02-mevblocker/01-users/02-send-transaction-mevblocker/app-b/src/lib/run.ts (1)

• run (4-22)

content/tutorial/02-mevblocker/01-users/03-cancel-transaction-mevblocker/app-b/src/lib/run.ts (1)

• run (4-26)

content/tutorial/common/src/web3-provider.ts (2)

• publicClient (6-11)
• walletClient (13-18)

src/routes/+page.server.js (2)

src/routes/tutorial/+page.js (1)

• load (3-5)

src/routes/tutorial/[slug]/+page.server.js (1)

• load (9-23)

content/tutorial/01-cow-protocol/01-trading/01-provider-adapters/app-b/src/lib/run.ts (3)

content/tutorial/01-cow-protocol/01-trading/00-getting-started/app-b/src/lib/run.ts (1)

• run (3-15)

content/tutorial/01-cow-protocol/01-trading/01-provider-adapters/app-a/src/lib/run.ts (1)

• run (3-10)

content/tutorial/common/src/web3-provider.ts (2)

• publicClient (6-11)
• walletClient (13-18)

content/tutorial/01-cow-protocol/01-trading/04-submit-order/app-b/src/lib/run.ts (5)

content/tutorial/01-cow-protocol/01-trading/01-provider-adapters/app-b/src/lib/run.ts (1)

• run (5-33)

content/tutorial/01-cow-protocol/01-trading/02-quote-order/app-b/src/lib/run.ts (1)

• run (5-38)

content/tutorial/01-cow-protocol/01-trading/03-approve-cow-protocol/app-b/src/lib/run.ts (1)

• run (5-47)

content/tutorial/01-cow-protocol/01-trading/04-submit-order/app-a/src/lib/run.ts (1)

• run (5-41)

content/tutorial/common/src/web3-provider.ts (2)

• publicClient (6-11)
• walletClient (13-18)

content/tutorial/01-cow-protocol/01-trading/05-view-order/app-b/src/lib/run.ts (3)

content/tutorial/01-cow-protocol/01-trading/00-getting-started/app-b/src/lib/run.ts (1)

• run (3-15)

content/tutorial/01-cow-protocol/01-trading/05-view-order/app-a/src/lib/run.ts (1)

• run (4-15)

content/tutorial/common/src/web3-provider.ts (2)

• publicClient (6-11)
• walletClient (13-18)

content/tutorial/01-cow-protocol/01-trading/04-submit-order/app-a/src/lib/run.ts (1)

content/tutorial/01-cow-protocol/01-trading/04-submit-order/app-b/src/lib/run.ts (1)

• run (5-46)

content/tutorial/common/src/main.ts (2)

content/tutorial/common/src/web3-provider.ts (2)

• publicClient (6-11)
• walletClient (13-18)

content/tutorial/common/src/lib/run.ts (1)

• run (3-10)

🪛 ast-grep (0.39.5)

content/tutorial/common/src/main.ts

[warning] 30-32: Direct modification of innerHTML or outerHTML properties detected. Modifying these properties with unsanitized user input can lead to XSS vulnerabilities. Use safe alternatives or sanitize content first.
Context: appContainer.innerHTML = <p>Please, install some injected browser wallet first. For example: Rabby, Metamask</p>
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://owasp.org/www-community/xss-filter-evasion-cheatsheet
- https://cwe.mitre.org/data/definitions/79.html

(dom-content-modification)

---

[warning] 30-32: Direct HTML content assignment detected. Modifying innerHTML, outerHTML, or using document.write with unsanitized content can lead to XSS vulnerabilities. Use secure alternatives like textContent or sanitize HTML with libraries like DOMPurify.
Context: appContainer.innerHTML = <p>Please, install some injected browser wallet first. For example: Rabby, Metamask</p>
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://www.dhairyashah.dev/posts/why-innerhtml-is-a-bad-idea-and-how-to-avoid-it/
- https://cwe.mitre.org/data/definitions/79.html

(unsafe-html-content-assignment)

---

[warning] 81-81: Direct modification of innerHTML or outerHTML properties detected. Modifying these properties with unsanitized user input can lead to XSS vulnerabilities. Use safe alternatives or sanitize content first.
Context: outputContainer.innerHTML = JSON.stringify(result, jsonWithBigintReplacer, 4)
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://owasp.org/www-community/xss-filter-evasion-cheatsheet
- https://cwe.mitre.org/data/definitions/79.html

(dom-content-modification)

---

[warning] 84-84: Direct modification of innerHTML or outerHTML properties detected. Modifying these properties with unsanitized user input can lead to XSS vulnerabilities. Use safe alternatives or sanitize content first.
Context: outputContainer.innerHTML = error.message
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://owasp.org/www-community/xss-filter-evasion-cheatsheet
- https://cwe.mitre.org/data/definitions/79.html

(dom-content-modification)

---

[warning] 81-81: Direct HTML content assignment detected. Modifying innerHTML, outerHTML, or using document.write with unsanitized content can lead to XSS vulnerabilities. Use secure alternatives like textContent or sanitize HTML with libraries like DOMPurify.
Context: outputContainer.innerHTML = JSON.stringify(result, jsonWithBigintReplacer, 4)
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://www.dhairyashah.dev/posts/why-innerhtml-is-a-bad-idea-and-how-to-avoid-it/
- https://cwe.mitre.org/data/definitions/79.html

(unsafe-html-content-assignment)

---

[warning] 84-84: Direct HTML content assignment detected. Modifying innerHTML, outerHTML, or using document.write with unsanitized content can lead to XSS vulnerabilities. Use secure alternatives like textContent or sanitize HTML with libraries like DOMPurify.
Context: outputContainer.innerHTML = error.message
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://www.dhairyashah.dev/posts/why-innerhtml-is-a-bad-idea-and-how-to-avoid-it/
- https://cwe.mitre.org/data/definitions/79.html

(unsafe-html-content-assignment)

🪛 Gitleaks (8.28.0)

content/tutorial/01-cow-protocol/01-trading/02-quote-order/app-b/src/lib/run.ts

[high] 21-21: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

[high] 22-22: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

content/tutorial/01-cow-protocol/01-trading/03-approve-cow-protocol/app-b/src/lib/run.ts

[high] 21-21: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

[high] 22-22: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

content/tutorial/01-cow-protocol/01-trading/02-quote-order/README.md

[high] 88-88: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

[high] 89-89: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

content/tutorial/01-cow-protocol/01-trading/04-submit-order/app-b/src/lib/run.ts

[high] 21-21: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

[high] 22-22: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

content/tutorial/01-cow-protocol/01-trading/04-submit-order/app-a/src/lib/run.ts

[high] 21-21: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

[high] 22-22: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🪛 markdownlint-cli2 (0.18.1)

content/tutorial/01-cow-protocol/01-trading/03-approve-cow-protocol/README.md

18-18: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

20-20: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

22-22: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

24-24: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

25-25: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

26-26: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

27-27: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

29-29: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

30-30: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

31-31: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

32-32: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

59-59: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

60-60: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

61-61: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

62-62: Hard tabs
Column: 1

(MD010, no-hard-tabs)

content/tutorial/01-cow-protocol/01-trading/04-submit-order/README.md

24-24: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

27-27: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

28-28: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

30-30: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

31-31: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

33-33: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

34-34: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

35-35: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

36-36: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

37-37: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

38-38: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

39-39: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

66-66: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

67-67: Hard tabs
Column: 1

(MD010, no-hard-tabs)

content/tutorial/01-cow-protocol/01-trading/07-cancel-on-chain-order/README.md

24-24: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

27-27: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

28-28: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

30-30: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

31-31: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

33-33: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

34-34: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

35-35: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

36-36: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

37-37: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

38-38: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

39-39: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

66-66: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

67-67: Hard tabs
Column: 1

(MD010, no-hard-tabs)

content/tutorial/01-cow-protocol/01-trading/06-cancel-off-chain-order/README.md

24-24: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

27-27: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

28-28: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

30-30: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

31-31: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

33-33: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

34-34: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

35-35: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

36-36: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

37-37: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

38-38: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

39-39: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

66-66: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

67-67: Hard tabs
Column: 1

(MD010, no-hard-tabs)

🔇 Additional comments (32)

content/tutorial/01-cow-protocol/01-trading/07-cancel-on-chain-order/app-a/src/lib/run.ts (1)

5-24: LGTM!

The placeholder setup is consistent with the tutorial pattern, providing learners with the boilerplate structure while the TODO comment clearly indicates the next implementation step.

content/tutorial/01-cow-protocol/01-trading/07-cancel-on-chain-order/app-b/src/lib/run.ts (1)

5-19: LGTM!

The chain validation and SDK initialization follow the established tutorial patterns and are correctly implemented.

src/routes/+page.server.js (1)

2-5: LGTM! Correct use of base path.

The addition of the base import and its use in the redirect URL ensures this route works correctly regardless of the deployment context (root or subpath).

content/tutorial/01-cow-protocol/tsconfig.json (1)

1-10: LGTM!

The TypeScript configuration correctly sets up shared module resolution for the tutorial, allowing imports from the common node_modules directory.

content/tutorial/02-mevblocker/01-users/03-cancel-transaction-mevblocker/app-a/src/lib/run.ts (1)

4-16: LGTM!

This is the exercise version (app-a) where the cancellation logic is intentionally left for the user to implement. The structure provides a clear starting point with the transaction setup and a comment indicating where the cancellation should be added.

content/tutorial/01-cow-protocol/01-trading/00-getting-started/app-a/src/lib/run.ts (1)

3-6: LGTM!

This is the exercise template (app-a) with an appropriate TODO placeholder for users to implement. The app-b version demonstrates the expected implementation pattern.

content/tutorial/01-cow-protocol/01-trading/06-cancel-off-chain-order/app-a/src/lib/run.ts (1)

5-24: LGTM!

This is the exercise template (app-a) with appropriate setup code and a clear TODO for the user to implement the order cancellation. The chain validation and SDK initialization are correct.

content/tutorial/02-mevblocker/01-users/01-connect-mevblocker/app-a/src/lib/run.ts (1)

3-22: LGTM!

This is the exercise version (app-a) with an intentional placeholder for the rpcUrls. The network configuration structure is correct and provides a clear starting point for users.

content/tutorial/02-mevblocker/01-users/01-connect-mevblocker/app-b/src/lib/run.ts (1)

3-22: LGTM!

This is the complete solution (app-b) showing the proper implementation with the full MEV Blocker RPC URL including the necessary query parameters. The implementation correctly demonstrates how to add the MEV Blocker network to the user's wallet.

content/tutorial/common/package.json (2)

12-13: All new CoW Protocol package versions are valid and have no known security advisories.

---

16-16: Confirmed viem@2.28.4 exists and has no known security advisories.

content/tutorial/01-cow-protocol/01-trading/03-approve-cow-protocol/app-b/src/lib/run.ts (2)

21-22: Static analysis false positive: these are token addresses, not API keys.

The Gitleaks tool flagged these lines as potential API keys, but they are valid Ethereum contract addresses for wxDAI and COW tokens on Gnosis Chain.

---

5-46: LGTM! The approval flow is correctly implemented.

The function properly:

• Validates the network (Gnosis Chain)
• Creates the ViemAdapter with provided clients
• Initializes the TradingSdk
• Fetches a quote (useful for displaying expected swap rates)
• Approves the CoW Protocol to spend tokens
• Returns the transaction hash with a user-friendly message

content/tutorial/01-cow-protocol/01-trading/meta.json (1)

2-2: LGTM! Title update aligns with the SDK v7 migration.

The title change from "Basic orders" to "Trading" better reflects the tutorial's focus on the TradingSdk.

content/tutorial/01-cow-protocol/meta.json (1)

2-2: LGTM! Title update improves clarity.

The title change from "Basic orders" to "CoW Protocol" provides better context for the tutorial section.

content/tutorial/01-cow-protocol/01-trading/01-provider-adapters/meta.json (1)

2-2: LGTM! Title accurately describes the tutorial content.

The title change from "Simple orders" to "Provider Adapters" correctly reflects the focus on adapter configuration and usage patterns.

content/tutorial/01-cow-protocol/01-trading/03-approve-cow-protocol/meta.json (1)

2-2: LGTM! Title more clearly describes the approval action.

The title change from "Approve sell token" to "Approve CoW Protocol" better conveys that the user is approving the protocol to spend their tokens.

content/tutorial/02-mevblocker/01-users/02-send-transaction-mevblocker/app-a/src/lib/run.ts (1)

1-6: LGTM! Starter template is correctly structured.

This starter template follows the tutorial pattern where app-a provides a skeleton for learners to implement, while app-b contains the complete solution.

content/tutorial/01-cow-protocol/01-trading/01-provider-adapters/README.md (1)

1-200: LGTM! Comprehensive and well-structured documentation.

The provider adapters documentation clearly explains the adapter pattern, provides examples for all three supported libraries (Viem, Ethers v6, Ethers v5), and includes practical guidance on configuration and usage. The tutorial flow is logical and easy to follow.

content/tutorial/01-cow-protocol/01-trading/00-getting-started/README.md (1)

1-79: LGTM! Clear and accessible getting-started guide.

The documentation effectively introduces the tutorial system, lists prerequisites, and provides a practical walkthrough of the code execution flow. The viem client explanation and run function pattern are well-documented.

content/tutorial/common/src/lib/run.ts (1)

1-10: LGTM! Clean migration to viem clients.

The function signature has been correctly updated to use viem's PublicClient and WalletClient instead of the legacy Web3Provider, aligning with the broader migration across all tutorials.

content/tutorial/02-mevblocker/01-users/02-send-transaction-mevblocker/app-b/src/lib/run.ts (1)

1-22: LGTM! Clean transaction submission implementation.

The implementation correctly demonstrates the MEV blocker transaction flow: constructing the transaction, sending it via walletClient, waiting for confirmation, and returning the Etherscan URL for tracking.

content/tutorial/01-cow-protocol/01-trading/02-quote-order/app-b/src/lib/run.ts (2)

21-22: Static analysis false positive: Token addresses are not secrets.

The Gitleaks tool flagged these Ethereum token addresses as potential secrets. These are public blockchain addresses for wxDAI and COW tokens on Gnosis chain and are safe to commit. The addresses can be verified on public blockchain explorers.

---

5-38: LGTM! Well-structured quote retrieval implementation.

The implementation correctly demonstrates the CoW Protocol quote flow:

• Chain validation to ensure Gnosis chain
• ViemAdapter initialization
• TradingSdk configuration
• Trade parameters setup
• Quote retrieval and result handling

The logic is sound and follows the tutorial patterns.

content/tutorial/01-cow-protocol/01-trading/04-submit-order/app-a/src/lib/run.ts (1)

21-22: Gitleaks false positive on public blockchain addresses.

The static analysis tool flagged these lines as potential API keys, but these are public contract addresses on Gnosis Chain (wxDAI and COW tokens). This is a false positive and can be safely ignored.

content/tutorial/01-cow-protocol/01-trading/05-view-order/app-b/src/lib/run.ts (1)

4-26: LGTM!

The migration to Viem's PublicClient/WalletClient is clean and correct. The chain validation, OrderBookApi usage, and error handling are all properly implemented.

content/tutorial/01-cow-protocol/01-trading/04-submit-order/app-b/src/lib/run.ts (2)

5-46: LGTM!

This implementation correctly completes the order submission flow. The chain validation, adapter setup, SDK initialization, and order posting logic are all properly implemented. The validTo calculation (2 minutes from now) is correct.

---

21-22: Gitleaks false positive on public blockchain addresses.

The static analysis tool flagged these lines as potential API keys, but these are public contract addresses on Gnosis Chain (wxDAI and COW tokens). This is a false positive and can be safely ignored.

content/tutorial/01-cow-protocol/01-trading/00-getting-started/app-b/src/lib/run.ts (1)

3-15: LGTM!

This is a clean, simple introduction to the Viem-based tutorial structure. The implementation correctly demonstrates how to use PublicClient and WalletClient to retrieve basic information.

content/tutorial/01-cow-protocol/01-trading/01-provider-adapters/app-b/src/lib/run.ts (1)

5-33: LGTM!

This implementation effectively demonstrates the global adapter pattern. The adapter setup, testing, and information retrieval are all correctly implemented.

content/tutorial/01-cow-protocol/01-trading/02-quote-order/README.md (2)

88-89: Gitleaks false positive on public blockchain addresses.

The static analysis tool flagged these lines as potential API keys, but these are public contract addresses on Gnosis Chain (wxDAI and COW tokens) used in documentation examples. This is a false positive and can be safely ignored.

---

1-140: LGTM!

This documentation provides a comprehensive, step-by-step guide to obtaining quotes using the TradingSdk with Viem adapters. The code examples are clear, well-structured, and align with the implementation in the related run.ts files.

[coderabbitai]

Actionable comments posted: 9

♻️ Duplicate comments (1)

content/tutorial/common/src/web3-provider.ts (1)

18-31: Restore chain-agnostic clients; the current exports reintroduce the Gnosis lock.

publicClient/walletClient are recreated here with chain: gnosis, so anything importing them (e.g., common/main.ts) still forces Gnosis and breaks tutorials that target other networks. Please derive these clients from the requested SupportedChainId (or drop the exports entirely and rely on setupWeb3Provider). This is the same issue we previously flagged.

Apply this diff:

-export const publicClient: PublicClient | null = window.ethereum
-	? createPublicClient({
-			transport: custom(window.ethereum),
-			chain: gnosis
-		})
-	: null;
-
-export const walletClient: WalletClient | null = window.ethereum
-	? createWalletClient({
-			transport: custom(window.ethereum),
-			chain: gnosis
-		})
-	: null;
+export const publicClient: PublicClient | null = null;
+export const walletClient: WalletClient | null = null;

(then have callers obtain properly configured clients via setupWeb3Provider.)

🧹 Nitpick comments (6)

content/tutorial/01-cow-protocol/01-trading/05-view-order/app-b/src/lib/run.ts (1)

7-7: Consider removing unused destructured variables.

The publicClient and walletClient are destructured but never used in this tutorial step. If they're not needed for future steps, consider removing them for clarity.

Apply this diff if they're not needed:

-	const { publicClient, walletClient } = await setup(SupportedChainId.GNOSIS_CHAIN);
+	await setup(SupportedChainId.GNOSIS_CHAIN);

content/tutorial/02-mevblocker/01-users/01-connect-mevblocker/app-b/src/lib/run.ts (1)

8-8: Consider destructuring publicClient for consistency.

While publicClient is not needed for wallet_addEthereumChain, other tutorial files consistently destructure both clients from the setup callback. This improves consistency across tutorial examples.

Apply this diff if you prefer consistency:

-	const { walletClient } = await setup(SupportedChainId.MAINNET);
+	const { publicClient, walletClient } = await setup(SupportedChainId.MAINNET);

content/tutorial/01-cow-protocol/01-trading/04-submit-order/app-a/src/lib/run.ts (1)

46-49: Consider formatting the template literal.

The multi-line template literal works but could be more readable on a single line or with proper indentation.

Apply this diff for cleaner formatting:

 	return {
-		confirm: `Do you want to ${quote.kind}
-		${afterSlippage.sellAmount} wxDAI for at least ${afterSlippage.buyAmount} COW?`
+		confirm: `Do you want to ${quote.kind} ${afterSlippage.sellAmount} wxDAI for at least ${afterSlippage.buyAmount} COW?`
 	};

content/tutorial/common/src/lib/run.ts (2)

7-7: Add missing semicolon.

Missing semicolon after the await setup() call. While ASI (Automatic Semicolon Insertion) handles this, explicit semicolons prevent potential issues.

Apply this diff:

-	const { publicClient, walletClient } = await setup(SupportedChainId.GNOSIS_CHAIN)
+	const { publicClient, walletClient } = await setup(SupportedChainId.GNOSIS_CHAIN);

---

10-10: Simplify the return statement.

Promise.resolve('') is unnecessarily verbose since the function is already async.

Apply this diff:

-	return Promise.resolve('');
+	return '';

content/tutorial/01-cow-protocol/01-trading/03-approve-cow-protocol/app-b/src/lib/run.ts (1)

41-44: Consider mentioning allowance checking in production scenarios.

The approval logic approves the exact amount needed for the trade. While this is fine for tutorial purposes, production applications typically check the existing allowance first or approve a larger amount to avoid repeated approval transactions.

This is acceptable for an educational tutorial, but you might want to add a comment or note explaining that production code would typically:

1. Check the current allowance before approving
2. Consider approving a larger amount or unlimited allowance to reduce transaction costs for users

Example comment to add:

 // Approve CoW Protocol to spend the sell token
+// Note: In production, check current allowance first or approve a larger amount
 const approvalTx = await sdk.approveCowProtocol({
   tokenAddress: sellToken,
   amount: BigInt(parameters.amount)
 });

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between cf4dc15 and 8bb404d.

⛔ Files ignored due to path filters (2)

• content/tutorial/common/public/vite.svg is excluded by !**/*.svg
• content/tutorial/common/src/typescript.svg is excluded by !**/*.svg

📒 Files selected for processing (56)

• content/tutorial/01-cow-protocol/01-trading/00-getting-started/README.md (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/00-getting-started/app-a/src/lib/run.ts (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/00-getting-started/app-b/src/lib/run.ts (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/00-getting-started/meta.json (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/01-provider-adapters/README.md (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/01-provider-adapters/app-a/src/lib/run.ts (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/01-provider-adapters/app-b/src/lib/run.ts (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/01-provider-adapters/meta.json (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/02-quote-order/README.md (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/02-quote-order/app-a/src/lib/run.ts (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/02-quote-order/app-b/src/lib/run.ts (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/02-quote-order/meta.json (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/03-approve-cow-protocol/README.md (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/03-approve-cow-protocol/app-a/src/lib/run.ts (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/03-approve-cow-protocol/app-b/src/lib/run.ts (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/03-approve-cow-protocol/meta.json (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/04-submit-order/README.md (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/04-submit-order/app-a/src/lib/run.ts (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/04-submit-order/app-b/src/lib/run.ts (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/04-submit-order/meta.json (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/05-view-order/app-a/src/lib/run.ts (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/05-view-order/app-b/src/lib/run.ts (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/05-view-order/meta.json (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/06-cancel-off-chain-order/README.md (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/06-cancel-off-chain-order/app-a/src/lib/run.ts (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/06-cancel-off-chain-order/app-b/src/lib/run.ts (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/06-cancel-off-chain-order/meta.json (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/07-cancel-on-chain-order/README.md (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/07-cancel-on-chain-order/app-a/src/lib/run.ts (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/07-cancel-on-chain-order/app-b/src/lib/run.ts (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/07-cancel-on-chain-order/meta.json (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/meta.json (1 hunks)
• content/tutorial/01-cow-protocol/meta.json (1 hunks)
• content/tutorial/01-cow-protocol/tsconfig.json (1 hunks)
• content/tutorial/02-mevblocker/01-users/01-connect-mevblocker/README.md (1 hunks)
• content/tutorial/02-mevblocker/01-users/01-connect-mevblocker/app-a/src/lib/run.ts (1 hunks)
• content/tutorial/02-mevblocker/01-users/01-connect-mevblocker/app-b/src/lib/run.ts (1 hunks)
• content/tutorial/02-mevblocker/01-users/02-send-transaction-mevblocker/README.md (1 hunks)
• content/tutorial/02-mevblocker/01-users/02-send-transaction-mevblocker/app-a/src/lib/run.ts (1 hunks)
• content/tutorial/02-mevblocker/01-users/02-send-transaction-mevblocker/app-b/src/lib/run.ts (1 hunks)
• content/tutorial/02-mevblocker/01-users/03-cancel-transaction-mevblocker/README.md (3 hunks)
• content/tutorial/02-mevblocker/01-users/03-cancel-transaction-mevblocker/app-a/src/lib/run.ts (1 hunks)
• content/tutorial/02-mevblocker/01-users/03-cancel-transaction-mevblocker/app-b/src/lib/run.ts (1 hunks)
• content/tutorial/02-mevblocker/01-users/meta.json (1 hunks)
• content/tutorial/02-mevblocker/meta.json (1 hunks)
• content/tutorial/02-mevblocker/tsconfig.json (1 hunks)
• content/tutorial/common/index.html (1 hunks)
• content/tutorial/common/src/lib/run.ts (1 hunks)
• content/tutorial/common/src/main.ts (2 hunks)
• content/tutorial/common/src/style.css (3 hunks)
• content/tutorial/common/src/types.ts (1 hunks)
• content/tutorial/common/src/web3-provider.ts (1 hunks)
• content/tutorial/common/tsconfig.json (1 hunks)
• content/tutorial/common/vite.config.ts (1 hunks)
• src/routes/tutorial/+page.js (1 hunks)
• src/routes/tutorial/[slug]/+page.server.js (2 hunks)

✅ Files skipped from review due to trivial changes (13)

• content/tutorial/01-cow-protocol/01-trading/05-view-order/meta.json
• content/tutorial/02-mevblocker/tsconfig.json
• content/tutorial/01-cow-protocol/01-trading/07-cancel-on-chain-order/meta.json
• content/tutorial/common/tsconfig.json
• content/tutorial/02-mevblocker/01-users/03-cancel-transaction-mevblocker/README.md
• content/tutorial/02-mevblocker/01-users/02-send-transaction-mevblocker/README.md
• content/tutorial/common/vite.config.ts
• content/tutorial/01-cow-protocol/01-trading/02-quote-order/meta.json
• content/tutorial/common/index.html
• content/tutorial/02-mevblocker/01-users/01-connect-mevblocker/README.md
• content/tutorial/01-cow-protocol/01-trading/00-getting-started/meta.json
• content/tutorial/common/src/types.ts
• content/tutorial/02-mevblocker/meta.json

🚧 Files skipped from review as they are similar to previous changes (13)

• content/tutorial/02-mevblocker/01-users/03-cancel-transaction-mevblocker/app-b/src/lib/run.ts
• content/tutorial/01-cow-protocol/01-trading/03-approve-cow-protocol/app-a/src/lib/run.ts
• content/tutorial/01-cow-protocol/tsconfig.json
• content/tutorial/01-cow-protocol/01-trading/01-provider-adapters/app-b/src/lib/run.ts
• src/routes/tutorial/[slug]/+page.server.js
• content/tutorial/01-cow-protocol/01-trading/01-provider-adapters/README.md
• content/tutorial/01-cow-protocol/01-trading/07-cancel-on-chain-order/README.md
• content/tutorial/01-cow-protocol/01-trading/06-cancel-off-chain-order/app-a/src/lib/run.ts
• content/tutorial/01-cow-protocol/01-trading/meta.json
• content/tutorial/01-cow-protocol/meta.json
• content/tutorial/01-cow-protocol/01-trading/07-cancel-on-chain-order/app-a/src/lib/run.ts
• content/tutorial/01-cow-protocol/01-trading/07-cancel-on-chain-order/app-b/src/lib/run.ts
• content/tutorial/01-cow-protocol/01-trading/04-submit-order/README.md

🧰 Additional context used

🧬 Code graph analysis (19)

content/tutorial/01-cow-protocol/01-trading/00-getting-started/app-b/src/lib/run.ts (1)

content/tutorial/01-cow-protocol/01-trading/00-getting-started/app-a/src/lib/run.ts (1)

• run (5-11)

content/tutorial/02-mevblocker/01-users/01-connect-mevblocker/app-a/src/lib/run.ts (2)

content/tutorial/01-cow-protocol/01-trading/00-getting-started/app-a/src/lib/run.ts (1)

• run (5-11)

content/tutorial/common/src/web3-provider.ts (1)

• walletClient (26-31)

content/tutorial/01-cow-protocol/01-trading/02-quote-order/app-a/src/lib/run.ts (1)

content/tutorial/01-cow-protocol/01-trading/02-quote-order/app-b/src/lib/run.ts (1)

• run (5-41)

content/tutorial/01-cow-protocol/01-trading/04-submit-order/app-a/src/lib/run.ts (1)

content/tutorial/01-cow-protocol/01-trading/04-submit-order/app-b/src/lib/run.ts (1)

• run (5-49)

content/tutorial/02-mevblocker/01-users/03-cancel-transaction-mevblocker/app-a/src/lib/run.ts (3)

content/tutorial/02-mevblocker/01-users/02-send-transaction-mevblocker/app-b/src/lib/run.ts (1)

• run (6-27)

content/tutorial/02-mevblocker/01-users/03-cancel-transaction-mevblocker/app-b/src/lib/run.ts (1)

• run (6-31)

content/tutorial/common/src/web3-provider.ts (1)

• walletClient (26-31)

content/tutorial/common/src/lib/run.ts (2)

content/tutorial/01-cow-protocol/01-trading/00-getting-started/app-b/src/lib/run.ts (1)

• run (5-20)

content/tutorial/01-cow-protocol/01-trading/01-provider-adapters/app-b/src/lib/run.ts (1)

• run (5-38)

content/tutorial/02-mevblocker/01-users/02-send-transaction-mevblocker/app-b/src/lib/run.ts (3)

content/tutorial/02-mevblocker/01-users/03-cancel-transaction-mevblocker/app-a/src/lib/run.ts (1)

• run (6-21)

content/tutorial/02-mevblocker/01-users/03-cancel-transaction-mevblocker/app-b/src/lib/run.ts (1)

• run (6-31)

content/tutorial/common/src/web3-provider.ts (2)

• walletClient (26-31)
• publicClient (19-24)

content/tutorial/02-mevblocker/01-users/01-connect-mevblocker/app-b/src/lib/run.ts (2)

content/tutorial/01-cow-protocol/01-trading/00-getting-started/app-b/src/lib/run.ts (1)

• run (5-20)

content/tutorial/common/src/web3-provider.ts (1)

• walletClient (26-31)

content/tutorial/common/src/main.ts (2)

content/tutorial/common/src/lib/run.ts (1)

• run (4-11)

content/tutorial/common/src/web3-provider.ts (2)

• setupWeb3Provider (34-62)
• walletClient (26-31)

content/tutorial/01-cow-protocol/01-trading/05-view-order/app-b/src/lib/run.ts (1)

content/tutorial/01-cow-protocol/01-trading/05-view-order/app-a/src/lib/run.ts (1)

• run (4-14)

src/routes/tutorial/+page.js (2)

src/routes/tutorial/[slug]/+page.server.js (1)

• load (10-24)

src/routes/+page.server.js (1)

• load (4-6)

content/tutorial/01-cow-protocol/01-trading/06-cancel-off-chain-order/app-b/src/lib/run.ts (6)

content/tutorial/01-cow-protocol/01-trading/00-getting-started/app-b/src/lib/run.ts (1)

• run (5-20)

content/tutorial/01-cow-protocol/01-trading/01-provider-adapters/app-b/src/lib/run.ts (1)

• run (5-38)

content/tutorial/01-cow-protocol/01-trading/02-quote-order/app-b/src/lib/run.ts (1)

• run (5-41)

content/tutorial/01-cow-protocol/01-trading/04-submit-order/app-b/src/lib/run.ts (1)

• run (5-49)

content/tutorial/01-cow-protocol/01-trading/05-view-order/app-b/src/lib/run.ts (1)

• run (4-25)

content/tutorial/01-cow-protocol/01-trading/07-cancel-on-chain-order/app-b/src/lib/run.ts (1)

• run (5-39)

content/tutorial/01-cow-protocol/01-trading/02-quote-order/app-b/src/lib/run.ts (3)

content/tutorial/01-cow-protocol/01-trading/00-getting-started/app-b/src/lib/run.ts (1)

• run (5-20)

content/tutorial/01-cow-protocol/01-trading/01-provider-adapters/app-b/src/lib/run.ts (1)

• run (5-38)

content/tutorial/01-cow-protocol/01-trading/04-submit-order/app-b/src/lib/run.ts (1)

• run (5-49)

content/tutorial/01-cow-protocol/01-trading/05-view-order/app-a/src/lib/run.ts (1)

content/tutorial/01-cow-protocol/01-trading/05-view-order/app-b/src/lib/run.ts (1)

• run (4-25)

content/tutorial/02-mevblocker/01-users/02-send-transaction-mevblocker/app-a/src/lib/run.ts (2)

content/tutorial/01-cow-protocol/01-trading/00-getting-started/app-a/src/lib/run.ts (1)

• run (5-11)

content/tutorial/01-cow-protocol/01-trading/00-getting-started/app-b/src/lib/run.ts (1)

• run (5-20)

content/tutorial/01-cow-protocol/01-trading/01-provider-adapters/app-a/src/lib/run.ts (1)

content/tutorial/01-cow-protocol/01-trading/01-provider-adapters/app-b/src/lib/run.ts (1)

• run (5-38)

content/tutorial/01-cow-protocol/01-trading/00-getting-started/app-a/src/lib/run.ts (1)

content/tutorial/01-cow-protocol/01-trading/00-getting-started/app-b/src/lib/run.ts (1)

• run (5-20)

content/tutorial/01-cow-protocol/01-trading/03-approve-cow-protocol/app-b/src/lib/run.ts (1)

content/tutorial/01-cow-protocol/01-trading/02-quote-order/app-b/src/lib/run.ts (1)

• run (5-41)

content/tutorial/01-cow-protocol/01-trading/04-submit-order/app-b/src/lib/run.ts (3)

content/tutorial/01-cow-protocol/01-trading/02-quote-order/app-b/src/lib/run.ts (1)

• run (5-41)

content/tutorial/01-cow-protocol/01-trading/03-approve-cow-protocol/app-b/src/lib/run.ts (1)

• run (5-50)

content/tutorial/01-cow-protocol/01-trading/04-submit-order/app-a/src/lib/run.ts (1)

• run (5-50)

🪛 ast-grep (0.39.5)

content/tutorial/common/src/main.ts

[warning] 30-32: Direct modification of innerHTML or outerHTML properties detected. Modifying these properties with unsanitized user input can lead to XSS vulnerabilities. Use safe alternatives or sanitize content first.
Context: appContainer.innerHTML = <p>Please, install some injected browser wallet first. For example: Rabby, Metamask</p>
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://owasp.org/www-community/xss-filter-evasion-cheatsheet
- https://cwe.mitre.org/data/definitions/79.html

(dom-content-modification)

---

[warning] 45-48: Direct modification of innerHTML or outerHTML properties detected. Modifying these properties with unsanitized user input can lead to XSS vulnerabilities. Use safe alternatives or sanitize content first.
Context: appContainer.innerHTML = <p>Connect your wallet to continue</p> <button id="connectWallet">Connect wallet</button>
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://owasp.org/www-community/xss-filter-evasion-cheatsheet
- https://cwe.mitre.org/data/definitions/79.html

(dom-content-modification)

---

[warning] 56-61: Direct modification of innerHTML or outerHTML properties detected. Modifying these properties with unsanitized user input can lead to XSS vulnerabilities. Use safe alternatives or sanitize content first.
Context: appContainer.innerHTML = <button id="runExample">Run example</button> <br/> <p>Output:</p> <textarea id="outputContainer" readonly></textarea>
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://owasp.org/www-community/xss-filter-evasion-cheatsheet
- https://cwe.mitre.org/data/definitions/79.html

(dom-content-modification)

---

[warning] 68-68: Direct modification of innerHTML or outerHTML properties detected. Modifying these properties with unsanitized user input can lead to XSS vulnerabilities. Use safe alternatives or sanitize content first.
Context: runExampleBtn.innerHTML = 'Running...'
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://owasp.org/www-community/xss-filter-evasion-cheatsheet
- https://cwe.mitre.org/data/definitions/79.html

(dom-content-modification)

---

[warning] 72-72: Direct modification of innerHTML or outerHTML properties detected. Modifying these properties with unsanitized user input can lead to XSS vulnerabilities. Use safe alternatives or sanitize content first.
Context: outputContainer.innerHTML = JSON.stringify(result, jsonWithBigintReplacer, 4)
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://owasp.org/www-community/xss-filter-evasion-cheatsheet
- https://cwe.mitre.org/data/definitions/79.html

(dom-content-modification)

---

[warning] 76-76: Direct modification of innerHTML or outerHTML properties detected. Modifying these properties with unsanitized user input can lead to XSS vulnerabilities. Use safe alternatives or sanitize content first.
Context: outputContainer.innerHTML = error.message
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://owasp.org/www-community/xss-filter-evasion-cheatsheet
- https://cwe.mitre.org/data/definitions/79.html

(dom-content-modification)

---

[warning] 79-79: Direct modification of innerHTML or outerHTML properties detected. Modifying these properties with unsanitized user input can lead to XSS vulnerabilities. Use safe alternatives or sanitize content first.
Context: runExampleBtn.innerHTML = 'Run example'
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://owasp.org/www-community/xss-filter-evasion-cheatsheet
- https://cwe.mitre.org/data/definitions/79.html

(dom-content-modification)

---

[warning] 30-32: Direct HTML content assignment detected. Modifying innerHTML, outerHTML, or using document.write with unsanitized content can lead to XSS vulnerabilities. Use secure alternatives like textContent or sanitize HTML with libraries like DOMPurify.
Context: appContainer.innerHTML = <p>Please, install some injected browser wallet first. For example: Rabby, Metamask</p>
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://www.dhairyashah.dev/posts/why-innerhtml-is-a-bad-idea-and-how-to-avoid-it/
- https://cwe.mitre.org/data/definitions/79.html

(unsafe-html-content-assignment)

---

[warning] 45-48: Direct HTML content assignment detected. Modifying innerHTML, outerHTML, or using document.write with unsanitized content can lead to XSS vulnerabilities. Use secure alternatives like textContent or sanitize HTML with libraries like DOMPurify.
Context: appContainer.innerHTML = <p>Connect your wallet to continue</p> <button id="connectWallet">Connect wallet</button>
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://www.dhairyashah.dev/posts/why-innerhtml-is-a-bad-idea-and-how-to-avoid-it/
- https://cwe.mitre.org/data/definitions/79.html

(unsafe-html-content-assignment)

---

[warning] 56-61: Direct HTML content assignment detected. Modifying innerHTML, outerHTML, or using document.write with unsanitized content can lead to XSS vulnerabilities. Use secure alternatives like textContent or sanitize HTML with libraries like DOMPurify.
Context: appContainer.innerHTML = <button id="runExample">Run example</button> <br/> <p>Output:</p> <textarea id="outputContainer" readonly></textarea>
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://www.dhairyashah.dev/posts/why-innerhtml-is-a-bad-idea-and-how-to-avoid-it/
- https://cwe.mitre.org/data/definitions/79.html

(unsafe-html-content-assignment)

---

[warning] 68-68: Direct HTML content assignment detected. Modifying innerHTML, outerHTML, or using document.write with unsanitized content can lead to XSS vulnerabilities. Use secure alternatives like textContent or sanitize HTML with libraries like DOMPurify.
Context: runExampleBtn.innerHTML = 'Running...'
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://www.dhairyashah.dev/posts/why-innerhtml-is-a-bad-idea-and-how-to-avoid-it/
- https://cwe.mitre.org/data/definitions/79.html

(unsafe-html-content-assignment)

---

[warning] 72-72: Direct HTML content assignment detected. Modifying innerHTML, outerHTML, or using document.write with unsanitized content can lead to XSS vulnerabilities. Use secure alternatives like textContent or sanitize HTML with libraries like DOMPurify.
Context: outputContainer.innerHTML = JSON.stringify(result, jsonWithBigintReplacer, 4)
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://www.dhairyashah.dev/posts/why-innerhtml-is-a-bad-idea-and-how-to-avoid-it/
- https://cwe.mitre.org/data/definitions/79.html

(unsafe-html-content-assignment)

---

[warning] 76-76: Direct HTML content assignment detected. Modifying innerHTML, outerHTML, or using document.write with unsanitized content can lead to XSS vulnerabilities. Use secure alternatives like textContent or sanitize HTML with libraries like DOMPurify.
Context: outputContainer.innerHTML = error.message
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://www.dhairyashah.dev/posts/why-innerhtml-is-a-bad-idea-and-how-to-avoid-it/
- https://cwe.mitre.org/data/definitions/79.html

(unsafe-html-content-assignment)

---

[warning] 79-79: Direct HTML content assignment detected. Modifying innerHTML, outerHTML, or using document.write with unsanitized content can lead to XSS vulnerabilities. Use secure alternatives like textContent or sanitize HTML with libraries like DOMPurify.
Context: runExampleBtn.innerHTML = 'Run example'
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://www.dhairyashah.dev/posts/why-innerhtml-is-a-bad-idea-and-how-to-avoid-it/
- https://cwe.mitre.org/data/definitions/79.html

(unsafe-html-content-assignment)

🪛 Gitleaks (8.28.0)

content/tutorial/01-cow-protocol/01-trading/04-submit-order/app-a/src/lib/run.ts

[high] 24-24: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

[high] 25-25: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

content/tutorial/01-cow-protocol/01-trading/02-quote-order/app-b/src/lib/run.ts

[high] 24-24: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

[high] 25-25: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

content/tutorial/01-cow-protocol/01-trading/04-submit-order/app-b/src/lib/run.ts

[high] 24-24: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

[high] 25-25: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🪛 markdownlint-cli2 (0.18.1)

content/tutorial/01-cow-protocol/01-trading/06-cancel-off-chain-order/README.md

29-29: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

32-32: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

33-33: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

35-35: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

36-36: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

38-38: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

39-39: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

40-40: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

41-41: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

42-42: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

43-43: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

44-44: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

72-72: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

73-73: Hard tabs
Column: 1

(MD010, no-hard-tabs)

🔇 Additional comments (13)

src/routes/tutorial/+page.js (1)

2-5: LGTM! Base path issue resolved.

This change correctly addresses the concern raised in the previous review. The redirect now uses the base path prefix, ensuring consistency with other route files and preventing breakage when the app is deployed at a non-root path.

content/tutorial/01-cow-protocol/01-trading/06-cancel-off-chain-order/app-b/src/lib/run.ts (1)

1-38: LGTM!

The implementation correctly follows the established pattern from other tutorial files. The ViemAdapter setup, TradingSdk initialization, and error handling are all appropriate for this off-chain cancellation tutorial.

content/tutorial/01-cow-protocol/01-trading/05-view-order/app-a/src/lib/run.ts (1)

4-14: LGTM! Appropriate tutorial starter template.

This file correctly serves as the starting point for the tutorial step, with a clear TODO indicating what learners need to implement. The structure matches the solution in app-b.

content/tutorial/01-cow-protocol/01-trading/00-getting-started/app-a/src/lib/run.ts (1)

5-11: LGTM! Intentional tutorial starting point.

The TODO placeholder is appropriate for the "app-a" starting point in the tutorial progression. The function signature correctly establishes the run(setup) pattern used throughout the tutorials.

content/tutorial/02-mevblocker/01-users/01-connect-mevblocker/app-a/src/lib/run.ts (1)

5-27: LGTM! Intentional tutorial starting point.

The /* IMPLEMENT */ placeholder at line 18 is appropriate for the "app-a" starting point in the tutorial progression. The MEV Blocker network configuration structure and wallet_addEthereumChain usage are correct.

content/tutorial/01-cow-protocol/01-trading/00-getting-started/app-b/src/lib/run.ts (1)

5-20: LGTM! Complete tutorial implementation.

The implementation correctly demonstrates the tutorial pattern: obtaining clients via the setup callback, using viem's publicClient.getChainId() and walletClient.getAddresses(), and returning a structured result. This serves as the solution for the getting-started tutorial.

content/tutorial/02-mevblocker/01-users/meta.json (1)

1-8: LGTM! Metadata structure is correct.

The metadata correctly defines the tutorial title, scope prefix, and focus file for the MEV Blocker Users tutorial.

content/tutorial/01-cow-protocol/01-trading/03-approve-cow-protocol/meta.json (1)

1-8: LGTM! Metadata structure is correct.

The metadata correctly defines the tutorial title, scope prefix, and focus file for the Approve CoW Protocol tutorial.

content/tutorial/02-mevblocker/01-users/02-send-transaction-mevblocker/app-a/src/lib/run.ts (1)

5-10: LGTM!

The skeleton implementation is appropriate for a tutorial starting point (app-a). The setup callback pattern and imports are correct, providing a clear foundation for learners to implement the transaction sending logic.

content/tutorial/01-cow-protocol/01-trading/04-submit-order/app-a/src/lib/run.ts (1)

24-25: Static analysis false positive.

The Gitleaks warning about "Generic API Keys" is a false positive. These are legitimate Ethereum token addresses:

• Line 24: wxDAI token address on Gnosis Chain
• Line 25: COW token address on Gnosis Chain

content/tutorial/01-cow-protocol/01-trading/01-provider-adapters/app-a/src/lib/run.ts (1)

5-14: LGTM!

The skeleton implementation is well-structured for a tutorial starting point. The TODO comment clearly indicates where learners should implement the ViemAdapter instantiation, and returning the clients allows for testing the setup callback.

content/tutorial/01-cow-protocol/01-trading/02-quote-order/app-a/src/lib/run.ts (1)

5-11: LGTM!

Clean skeleton implementation for the tutorial starting point. The TODO comment and empty return are appropriate for learners to build upon.

content/tutorial/02-mevblocker/01-users/02-send-transaction-mevblocker/app-b/src/lib/run.ts (1)

6-27: No change required—status endpoint https://rpc.mevblocker.io/tx/<tx_hash> is valid per the tutorial README

[coderabbitai]

Actionable comments posted: 2

♻️ Duplicate comments (3)

content/tutorial/01-cow-protocol/01-trading/06-cancel-off-chain-order/README.md (1)

26-42: Replace tabs with spaces to satisfy markdownlint.

Hard tabs remain throughout the TypeScript and JSON blocks, so the linter (MD010) still fails. Convert the indentation to spaces (repo convention) in both snippets.

Also applies to: 68-72

content/tutorial/01-cow-protocol/01-trading/07-cancel-on-chain-order/README.md (1)

22-37: Replace the remaining hard tabs with spaces.

These code blocks still contain tab characters, so markdownlint (MD010) continues to fail. Please swap the tabs for spaces in both the TypeScript and JSON snippets.

Apply this diff:

-const { publicClient, walletClient } = await setup(SupportedChainId.GNOSIS_CHAIN)
-	// ...
-
-	const orderUid = '0x8464affce2df48b60f6976e51414dbc079e9c30ef64f4c1f78c7abe2c7f96a0c29104bb91ada737a89393c78335e48ff4708727e659523a1';
-
-	try {
-		const txHash = await sdk.onChainCancelOrder({ orderUid });
-
-		return {
-			txHash,
-			explorerLink: `https://gnosisscan.io/tx/${txHash}`,
-			message: 'Order cancelled on-chain successfully'
-		};
-	} catch (e) {
-		return e;
-	}
+const { publicClient, walletClient } = await setup(SupportedChainId.GNOSIS_CHAIN)
+  // ...
+
+  const orderUid = '0x8464affce2df48b60f6976e51414dbc079e9c30ef64f4c1f78c7abe2c7f96a0c29104bb91ada737a89393c78335e48ff4708727e659523a1';
+
+  try {
+    const txHash = await sdk.onChainCancelOrder({ orderUid });
+
+    return {
+      txHash,
+      explorerLink: `https://gnosisscan.io/tx/${txHash}`,
+      message: 'Order cancelled on-chain successfully'
+    };
+  } catch (e) {
+    return e;
+  }

-	"txHash": "0x...",
-	"explorerLink": "https://gnosisscan.io/tx/0x...",
-	"message": "Order cancelled on-chain successfully"
+  "txHash": "0x...",
+  "explorerLink": "https://gnosisscan.io/tx/0x...",
+  "message": "Order cancelled on-chain successfully"

Also applies to: 68-70

content/tutorial/common/src/main.ts (1)

71-76: Use textContent for untrusted output to prevent XSS.

Lines 72 and 76 still write dynamic data via innerHTML, allowing arbitrary HTML from wallet providers or API responses to execute. Switch to textContent to safely render the output.

Apply this diff:

-			.then((result) => {
-				outputContainer.innerHTML = JSON.stringify(result, jsonWithBigintReplacer, 4);
-			})
-			.catch((error) => {
-				console.error(error);
-				outputContainer.innerHTML = error.message;
-			})
+			.then((result) => {
+				outputContainer.textContent = JSON.stringify(result, jsonWithBigintReplacer, 4);
+			})
+			.catch((error) => {
+				console.error(error);
+				outputContainer.textContent = error?.message ?? String(error);
+			})

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8bb404d and 3339af5.

📒 Files selected for processing (7)

• content/tutorial/01-cow-protocol/01-trading/00-getting-started/README.md (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/02-quote-order/README.md (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/03-approve-cow-protocol/README.md (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/04-submit-order/README.md (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/06-cancel-off-chain-order/README.md (1 hunks)
• content/tutorial/01-cow-protocol/01-trading/07-cancel-on-chain-order/README.md (1 hunks)
• content/tutorial/common/src/main.ts (2 hunks)

✅ Files skipped from review due to trivial changes (1)

• content/tutorial/01-cow-protocol/01-trading/04-submit-order/README.md

🚧 Files skipped from review as they are similar to previous changes (1)

• content/tutorial/01-cow-protocol/01-trading/00-getting-started/README.md

🧰 Additional context used

🧬 Code graph analysis (1)

content/tutorial/common/src/main.ts (2)

content/tutorial/common/src/lib/run.ts (1)

• run (4-11)

content/tutorial/common/src/web3-provider.ts (2)

• setupWeb3Provider (34-62)
• walletClient (26-31)

🪛 ast-grep (0.39.5)

content/tutorial/common/src/main.ts

[warning] 29-31: Direct HTML content assignment detected. Modifying innerHTML, outerHTML, or using document.write with unsanitized content can lead to XSS vulnerabilities. Use secure alternatives like textContent or sanitize HTML with libraries like DOMPurify.
Context: appContainer.innerHTML = <p>Please, install some injected browser wallet first. For example: Rabby, Metamask</p>
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://www.dhairyashah.dev/posts/why-innerhtml-is-a-bad-idea-and-how-to-avoid-it/
- https://cwe.mitre.org/data/definitions/79.html

(unsafe-html-content-assignment)

---

[warning] 44-47: Direct HTML content assignment detected. Modifying innerHTML, outerHTML, or using document.write with unsanitized content can lead to XSS vulnerabilities. Use secure alternatives like textContent or sanitize HTML with libraries like DOMPurify.
Context: appContainer.innerHTML = <p>Connect your wallet to continue</p> <button id="connectWallet">Connect wallet</button>
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://www.dhairyashah.dev/posts/why-innerhtml-is-a-bad-idea-and-how-to-avoid-it/
- https://cwe.mitre.org/data/definitions/79.html

(unsafe-html-content-assignment)

---

[warning] 55-60: Direct HTML content assignment detected. Modifying innerHTML, outerHTML, or using document.write with unsanitized content can lead to XSS vulnerabilities. Use secure alternatives like textContent or sanitize HTML with libraries like DOMPurify.
Context: appContainer.innerHTML = <button id="runExample">Run example</button> <br/> <p>Output:</p> <textarea id="outputContainer" readonly></textarea>
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://www.dhairyashah.dev/posts/why-innerhtml-is-a-bad-idea-and-how-to-avoid-it/
- https://cwe.mitre.org/data/definitions/79.html

(unsafe-html-content-assignment)

---

[warning] 67-67: Direct HTML content assignment detected. Modifying innerHTML, outerHTML, or using document.write with unsanitized content can lead to XSS vulnerabilities. Use secure alternatives like textContent or sanitize HTML with libraries like DOMPurify.
Context: runExampleBtn.innerHTML = 'Running...'
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://www.dhairyashah.dev/posts/why-innerhtml-is-a-bad-idea-and-how-to-avoid-it/
- https://cwe.mitre.org/data/definitions/79.html

(unsafe-html-content-assignment)

---

[warning] 71-71: Direct HTML content assignment detected. Modifying innerHTML, outerHTML, or using document.write with unsanitized content can lead to XSS vulnerabilities. Use secure alternatives like textContent or sanitize HTML with libraries like DOMPurify.
Context: outputContainer.innerHTML = JSON.stringify(result, jsonWithBigintReplacer, 4)
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://www.dhairyashah.dev/posts/why-innerhtml-is-a-bad-idea-and-how-to-avoid-it/
- https://cwe.mitre.org/data/definitions/79.html

(unsafe-html-content-assignment)

---

[warning] 75-75: Direct HTML content assignment detected. Modifying innerHTML, outerHTML, or using document.write with unsanitized content can lead to XSS vulnerabilities. Use secure alternatives like textContent or sanitize HTML with libraries like DOMPurify.
Context: outputContainer.innerHTML = error.message
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://www.dhairyashah.dev/posts/why-innerhtml-is-a-bad-idea-and-how-to-avoid-it/
- https://cwe.mitre.org/data/definitions/79.html

(unsafe-html-content-assignment)

---

[warning] 78-78: Direct HTML content assignment detected. Modifying innerHTML, outerHTML, or using document.write with unsanitized content can lead to XSS vulnerabilities. Use secure alternatives like textContent or sanitize HTML with libraries like DOMPurify.
Context: runExampleBtn.innerHTML = 'Run example'
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://www.dhairyashah.dev/posts/why-innerhtml-is-a-bad-idea-and-how-to-avoid-it/
- https://cwe.mitre.org/data/definitions/79.html

(unsafe-html-content-assignment)

---

[warning] 29-31: Direct modification of innerHTML or outerHTML properties detected. Modifying these properties with unsanitized user input can lead to XSS vulnerabilities. Use safe alternatives or sanitize content first.
Context: appContainer.innerHTML = <p>Please, install some injected browser wallet first. For example: Rabby, Metamask</p>
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://owasp.org/www-community/xss-filter-evasion-cheatsheet
- https://cwe.mitre.org/data/definitions/79.html

(dom-content-modification)

---

[warning] 44-47: Direct modification of innerHTML or outerHTML properties detected. Modifying these properties with unsanitized user input can lead to XSS vulnerabilities. Use safe alternatives or sanitize content first.
Context: appContainer.innerHTML = <p>Connect your wallet to continue</p> <button id="connectWallet">Connect wallet</button>
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://owasp.org/www-community/xss-filter-evasion-cheatsheet
- https://cwe.mitre.org/data/definitions/79.html

(dom-content-modification)

---

[warning] 55-60: Direct modification of innerHTML or outerHTML properties detected. Modifying these properties with unsanitized user input can lead to XSS vulnerabilities. Use safe alternatives or sanitize content first.
Context: appContainer.innerHTML = <button id="runExample">Run example</button> <br/> <p>Output:</p> <textarea id="outputContainer" readonly></textarea>
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://owasp.org/www-community/xss-filter-evasion-cheatsheet
- https://cwe.mitre.org/data/definitions/79.html

(dom-content-modification)

---

[warning] 67-67: Direct modification of innerHTML or outerHTML properties detected. Modifying these properties with unsanitized user input can lead to XSS vulnerabilities. Use safe alternatives or sanitize content first.
Context: runExampleBtn.innerHTML = 'Running...'
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://owasp.org/www-community/xss-filter-evasion-cheatsheet
- https://cwe.mitre.org/data/definitions/79.html

(dom-content-modification)

---

[warning] 71-71: Direct modification of innerHTML or outerHTML properties detected. Modifying these properties with unsanitized user input can lead to XSS vulnerabilities. Use safe alternatives or sanitize content first.
Context: outputContainer.innerHTML = JSON.stringify(result, jsonWithBigintReplacer, 4)
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://owasp.org/www-community/xss-filter-evasion-cheatsheet
- https://cwe.mitre.org/data/definitions/79.html

(dom-content-modification)

---

[warning] 75-75: Direct modification of innerHTML or outerHTML properties detected. Modifying these properties with unsanitized user input can lead to XSS vulnerabilities. Use safe alternatives or sanitize content first.
Context: outputContainer.innerHTML = error.message
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://owasp.org/www-community/xss-filter-evasion-cheatsheet
- https://cwe.mitre.org/data/definitions/79.html

(dom-content-modification)

---

[warning] 78-78: Direct modification of innerHTML or outerHTML properties detected. Modifying these properties with unsanitized user input can lead to XSS vulnerabilities. Use safe alternatives or sanitize content first.
Context: runExampleBtn.innerHTML = 'Run example'
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://owasp.org/www-community/xss-filter-evasion-cheatsheet
- https://cwe.mitre.org/data/definitions/79.html

(dom-content-modification)

🪛 Gitleaks (8.28.0)

content/tutorial/01-cow-protocol/01-trading/03-approve-cow-protocol/README.md

[high] 44-44: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

[high] 45-45: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

content/tutorial/01-cow-protocol/01-trading/02-quote-order/README.md

[high] 85-85: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

[high] 86-86: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🪛 markdownlint-cli2 (0.18.1)

content/tutorial/01-cow-protocol/01-trading/06-cancel-off-chain-order/README.md

27-27: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

30-30: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

31-31: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

33-33: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

34-34: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

36-36: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

37-37: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

38-38: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

39-39: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

40-40: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

41-41: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

42-42: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

70-70: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

71-71: Hard tabs
Column: 1

(MD010, no-hard-tabs)

content/tutorial/01-cow-protocol/01-trading/07-cancel-on-chain-order/README.md

23-23: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

25-25: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

27-27: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

28-28: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

30-30: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

31-31: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

32-32: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

33-33: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

34-34: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

35-35: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

36-36: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

37-37: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

68-68: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

69-69: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

70-70: Hard tabs
Column: 1

(MD010, no-hard-tabs)

🔇 Additional comments (1)

content/tutorial/common/src/main.ts (1)

87-90: Good: Removed hard-coded chain switch from connect flow.

The previous hard-coded switchChain({ id: gnosis.id }) call has been removed from connectWallet, addressing the concern that common connection logic was forcing Gnosis chain for all tutorials. Chain selection now happens within setupWeb3Provider, allowing tutorials to specify their required chain.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Fix typo in postSwapOrderFromQuote description.

The sentence currently says the function will “sing and send the order.” It should read “sign and send the order.”

- - `orderToSign`: The order data ready to be signed. Important! You don't have to sign exactly that object, `sdk.getQuote()` also returns `postSwapOrderFromQuote` function which will sing and send the order
+ - `orderToSign`: The order data ready to be signed. Important! You don't have to sign exactly that object, `sdk.getQuote()` also returns `postSwapOrderFromQuote` function which will sign and send the order

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- `orderToSign`: The order data ready to be signed. Important! You don't have to sign exactly that object, `sdk.getQuote()` also returns `postSwapOrderFromQuote` function which will sing and send the order
	- `orderToSign`: The order data ready to be signed. Important! You don't have to sign exactly that object, `sdk.getQuote()` also returns `postSwapOrderFromQuote` function which will sign and send the order

🤖 Prompt for AI Agents

In content/tutorial/01-cow-protocol/01-trading/02-quote-order/README.md around
lines 135-136, there's a typo in the description of postSwapOrderFromQuote:
change “sing and send the order” to “sign and send the order” so the sentence
correctly reads that the function will sign and send the order.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Initialize the SDK before calling offChainCancelOrder.

sdk is referenced without being defined. Readers copying this snippet will hit a runtime/compile failure. Add the missing TradingSdk instantiation (using the imported ViemAdapter, signer, etc.) before invoking sdk.offChainCancelOrder.

🧰 Tools

🪛 markdownlint-cli2 (0.18.1)

27-27: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

30-30: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

31-31: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

33-33: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

34-34: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

36-36: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

37-37: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

38-38: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

39-39: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

40-40: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

41-41: Hard tabs
Column: 1

(MD010, no-hard-tabs)

---

42-42: Hard tabs
Column: 1

(MD010, no-hard-tabs)

🤖 Prompt for AI Agents

In
content/tutorial/01-cow-protocol/01-trading/06-cancel-off-chain-order/README.md
around lines 26–42, the snippet calls sdk.offChainCancelOrder but never defines
sdk; instantiate the TradingSdk before calling offChainCancelOrder by creating a
new TradingSdk using the ViemAdapter wired to the publicClient and walletClient
returned from setup (or the signer), ensure you import TradingSdk and
ViemAdapter, await any async initialization if required, assign it to the sdk
variable, then call sdk.offChainCancelOrder as shown.