Add SolidStart example

[thomasbuilds]

Added fully functional SolidStart template with SSR support
More info on the readme.md of example

Summary by CodeRabbit

• New Features

  • SolidStart + Web3Onboard starter: SSR-ready app with client/server auth, session-backed wallet onboarding, simple persistent user storage, Web3 helpers, and UI components (nav, balance, error, icons). Home, About and 404 pages plus client/server entry points included.

• Documentation

  • Added README with setup, usage, and environment guidance; included example env template (SESSION_SECRET).

• Chores

  • Project scaffold: package manifest, gitignore, app config, TypeScript config, Tailwind styles, and build/dev scripts.

[coderabbitai]

Walkthrough

Adds a new SolidStart example "with-solidstart" implementing Web3 wallet onboarding, session-backed auth (server actions), simple filesystem persistence, UI components and routes, Tailwind/Vite setup, TypeScript config, and documentation including .env and .gitignore.

Changes

Cohort / File(s)	Summary
Project scaffold & config examples/with-solidstart/package.json, examples/with-solidstart/tsconfig.json, examples/with-solidstart/app.config.ts, examples/with-solidstart/.gitignore, examples/with-solidstart/.env.example, examples/with-solidstart/src/global.d.ts	New project manifest, TypeScript and SolidStart/Vite/Tailwind config, .gitignore, example SESSION_SECRET env, and global ambient typings.
Entrypoints & app shell examples/with-solidstart/src/entry-client.tsx, examples/with-solidstart/src/entry-server.tsx, examples/with-solidstart/src/app.tsx, examples/with-solidstart/src/app.css	Adds client/server entries, app root with Router, Meta/Auth providers, Suspense and route preload via querySession, and Tailwind stylesheet.
Authentication (client + server) examples/with-solidstart/src/auth/Provider.tsx, examples/with-solidstart/src/auth/context.ts, examples/with-solidstart/src/auth/index.ts, examples/with-solidstart/src/auth/server.ts, examples/with-solidstart/src/auth/web3.ts	Implements AuthProvider and context, useAuth, protected-route logic, typed Session, getSession/updateSession/safeRedirect, wallet signing helper, and server actions (querySession, authWalletAction, addWalletAction, signOutAction).
Web3 integration & utils examples/with-solidstart/src/web3/index.ts, examples/with-solidstart/src/web3/utils.ts	Adds Web3Onboard loader and hook (connect/setChain/disconnect), Web3 type, and utilities shortenAddress, formatBalance, placeFirst.
Database persistence examples/with-solidstart/src/db/schema.ts, examples/with-solidstart/src/db/index.ts	Adds User schema and unstorage-based helpers: createUserFromWallet, getUserFromWallet, addNewWallet, persisted under .data.
UI components examples/with-solidstart/src/components/Balance.tsx, examples/with-solidstart/src/components/Error.tsx, examples/with-solidstart/src/components/Icons.tsx, examples/with-solidstart/src/components/Nav.tsx	Adds Balance (suspense-wrapped), ErrorNotification (URL-param auto-dismiss), SVG icon components, and Nav with wallet connect/disconnect UI and client-only Balance.
Routes & pages examples/with-solidstart/src/routes/index.tsx, examples/with-solidstart/src/routes/about.tsx, examples/with-solidstart/src/routes/[...404].tsx	Adds Home (session and wallets display, clientOnly wrapper), About, and 404 route components.
Docs examples/with-solidstart/README.md	Adds README documenting setup, usage, and clientOnly guidance for the SolidStart + Web3Onboard starter.

Sequence Diagram(s)

sequenceDiagram
    participant U as User
    participant B as Browser
    participant AP as AuthProvider (client)
    participant W as Wallet
    participant S as Server
    participant DB as Database

    U->>B: Click "Connect Wallet"
    B->>AP: set login query param / trigger auth flow
    AP->>W: request connect & sign challenge
    W-->>B: address + signature
    B->>S: authWalletAction(address, redirect?)
    S->>DB: getUserFromWallet(address)
    alt existing user
        DB-->>S: user
    else new user
        S->>DB: createUserFromWallet(address)
        DB-->>S: new user
    end
    S->>S: updateSession(wallets, userId)
    S-->>B: redirect + session cookie
    B->>AP: querySession() revalidate
    AP-->>B: authenticated state

Loading

sequenceDiagram
    participant U as User
    participant B as Browser
    participant AP as AuthProvider (client)
    participant W as Wallet
    participant S as Server

    U->>B: Click "Disconnect"
    B->>AP: logout()
    AP->>W: disconnect wallet
    AP->>S: signOutAction()
    S->>S: clear session.wallets
    S-->>B: redirect to /about
    B->>AP: querySession() revalidate
    AP-->>B: signed-out state

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

• Areas needing focused review:
  • src/auth/Provider.tsx — async wallet flows, search-param login handling, and error propagation.
  • src/auth/web3.ts — signature handling, verification and server-action side effects.
  • src/auth/server.ts — session typing, useSession usage and safeRedirect validation.
  • src/db/index.ts — persistence logic, concurrency and error handling.
  • src/components/Nav.tsx — clientOnly usage and connect/disconnect wiring.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The pull request description is minimal and does not follow the provided template structure. While it mentions the addition of a 'fully functional SolidStart template with SSR support' and references the readme.md, it lacks the required sections such as Description details, Checklist items, and Docs Checklist. The description provides only two sentences without addressing any of the mandatory checklist requirements defined in the template.	The description should be updated to follow the template structure more comprehensively. At minimum, add a detailed Description section explaining the changes, complete the mandatory Checklist items (version increment, local testing, yarn check-all, Circle CI confirmation), and address applicable Docs Checklist items such as confirming the example README is complete and any necessary updates to documentation. If checklist items are not applicable, explicitly state why they are not needed for this example contribution.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title check	✅ Passed	The pull request title 'Add SolidStart example' is clear, concise, and directly reflects the main change in the changeset. The PR adds a complete new example directory with SolidStart framework integration, and the title accurately captures this primary objective. The title is specific enough to convey the purpose while following good naming conventions.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between edda5be and eb3d5f5.

📒 Files selected for processing (2)

• examples/with-solidstart/README.md (1 hunks)
• examples/with-solidstart/src/components/Icons.tsx (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• examples/with-solidstart/src/components/Icons.tsx

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: thomasbuilds
Repo: thirdweb-dev/web3-onboard PR: 2387
File: examples/with-solidstart/src/auth/index.ts:23-27
Timestamp: 2025-11-01T16:25:13.776Z
Learning: In examples/with-solidstart/src/auth/index.ts, the signOutAction intentionally only clears the wallets field and preserves the session id. This design keeps the session id persistent across wallet disconnections as a feature.

📚 Learning: 2025-11-01T16:25:13.776Z

Learnt from: thomasbuilds
Repo: thirdweb-dev/web3-onboard PR: 2387
File: examples/with-solidstart/src/auth/index.ts:23-27
Timestamp: 2025-11-01T16:25:13.776Z
Learning: In examples/with-solidstart/src/auth/index.ts, the signOutAction intentionally only clears the wallets field and preserves the session id. This design keeps the session id persistent across wallet disconnections as a feature.

Applied to files:

• examples/with-solidstart/README.md

🪛 markdownlint-cli2 (0.18.1)

examples/with-solidstart/README.md

62-62: Images should have alternate text (alt text)

(MD045, no-alt-text)

🔇 Additional comments (1)

examples/with-solidstart/README.md (1)

1-61: Content and structure look good.

The documentation is well-organized with clear setup instructions, helpful code examples, and appropriate references to external resources.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 11

🧹 Nitpick comments (2)

examples/with-solidstart/.env.example (1)

2-2: Consider using a more obviously placeholder value or an actual generated example.

The current placeholder might tempt users to leave it unchanged. Consider either using an obviously fake value like your-secret-here-change-me or including an actual generated example that demonstrates the expected format.

Example diff:

 # Generate using `openssl rand -hex 32`
-SESSION_SECRET=myverylongsessionsecretkeythatishouldchange
+SESSION_SECRET=your-secret-here-change-me

Or provide an actual generated example:

 # Generate using `openssl rand -hex 32`
-SESSION_SECRET=myverylongsessionsecretkeythatishouldchange
+SESSION_SECRET=a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2

examples/with-solidstart/src/entry-server.tsx (1)

15-18: Consider noscript styling fallback.

The noscript element uses Tailwind utility classes, which won't be applied if JavaScript is disabled and CSS fails to load. Consider adding inline styles as a fallback to ensure the message is properly displayed.

Apply this diff to add inline fallback styles:

-          <noscript class="flex flex-col justify-center items-center h-screen px-8 text-center gap-2 select-none">
+          <noscript class="flex flex-col justify-center items-center h-screen px-8 text-center gap-2 select-none" style="display: flex; flex-direction: column; justify-content: center; align-items: center; height: 100vh; padding: 0 2rem; text-align: center; gap: 0.5rem;">
             <h1 class="text-2xl font-medium">JavaScript Disabled</h1>
             <p class="text-gray-500">Please enable it and refresh the page</p>
           </noscript>

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between e3b8623 and 103b9b4.

⛔ Files ignored due to path filters (3)

• examples/with-solidstart/public/favicon.svg is excluded by !**/*.svg
• examples/with-solidstart/public/logo.svg is excluded by !**/*.svg
• examples/with-solidstart/public/onboard.svg is excluded by !**/*.svg

📒 Files selected for processing (27)

• examples/with-solidstart/.env.example (1 hunks)
• examples/with-solidstart/.gitignore (1 hunks)
• examples/with-solidstart/README.md (1 hunks)
• examples/with-solidstart/app.config.ts (1 hunks)
• examples/with-solidstart/package.json (1 hunks)
• examples/with-solidstart/src/app.css (1 hunks)
• examples/with-solidstart/src/app.tsx (1 hunks)
• examples/with-solidstart/src/auth/Provider.tsx (1 hunks)
• examples/with-solidstart/src/auth/context.ts (1 hunks)
• examples/with-solidstart/src/auth/index.ts (1 hunks)
• examples/with-solidstart/src/auth/server.ts (1 hunks)
• examples/with-solidstart/src/auth/web3.ts (1 hunks)
• examples/with-solidstart/src/components/Balance.tsx (1 hunks)
• examples/with-solidstart/src/components/Error.tsx (1 hunks)
• examples/with-solidstart/src/components/Icons.tsx (1 hunks)
• examples/with-solidstart/src/components/Nav.tsx (1 hunks)
• examples/with-solidstart/src/db/index.ts (1 hunks)
• examples/with-solidstart/src/db/schema.ts (1 hunks)
• examples/with-solidstart/src/entry-client.tsx (1 hunks)
• examples/with-solidstart/src/entry-server.tsx (1 hunks)
• examples/with-solidstart/src/global.d.ts (1 hunks)
• examples/with-solidstart/src/routes/[...404].tsx (1 hunks)
• examples/with-solidstart/src/routes/about.tsx (1 hunks)
• examples/with-solidstart/src/routes/index.tsx (1 hunks)
• examples/with-solidstart/src/web3/index.ts (1 hunks)
• examples/with-solidstart/src/web3/utils.ts (1 hunks)
• examples/with-solidstart/tsconfig.json (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (12)

examples/with-solidstart/src/app.tsx (4)

examples/with-solidstart/src/auth/index.ts (1)

• querySession (15-21)

examples/with-solidstart/src/auth/Provider.tsx (1)

• AuthProvider (14-100)

examples/with-solidstart/src/components/Nav.tsx (1)

• Nav (10-104)

examples/with-solidstart/src/components/Error.tsx (1)

• ErrorNotification (5-36)

examples/with-solidstart/src/components/Nav.tsx (4)

examples/with-solidstart/src/components/Balance.tsx (1)

• Balance (5-19)

examples/with-solidstart/src/auth/index.ts (1)

• useAuth (30-34)

examples/with-solidstart/src/components/Icons.tsx (2)

• Wallet (24-28)
• Logout (18-22)

examples/with-solidstart/src/web3/utils.ts (1)

• shortenAddress (1-2)

examples/with-solidstart/src/components/Balance.tsx (2)

examples/with-solidstart/src/auth/index.ts (1)

• useAuth (30-34)

examples/with-solidstart/src/web3/utils.ts (1)

• formatBalance (4-12)

examples/with-solidstart/src/auth/Provider.tsx (3)

examples/with-solidstart/src/auth/index.ts (2)

• querySession (15-21)
• signOutAction (23-28)

examples/with-solidstart/src/auth/web3.ts (3)

• authWalletAction (24-39)
• addWalletAction (41-48)
• sign (12-22)

examples/with-solidstart/src/web3/index.ts (3)

• useWeb3Onboard (37-57)
• BASE_ID (13-13)
• load (23-33)

examples/with-solidstart/src/routes/index.tsx (1)

examples/with-solidstart/src/auth/index.ts (1)

• useAuth (30-34)

examples/with-solidstart/src/auth/index.ts (2)

examples/with-solidstart/src/app.tsx (1)

• route (11-13)

examples/with-solidstart/src/auth/server.ts (1)

• getSession (9-19)

examples/with-solidstart/src/db/schema.ts (1)

examples/with-solidstart/src/db/index.ts (1)

• User (50-50)

examples/with-solidstart/src/auth/context.ts (2)

examples/with-solidstart/src/auth/server.ts (1)

• Session (4-7)

examples/with-solidstart/src/web3/index.ts (1)

• Web3 (35-35)

examples/with-solidstart/src/db/index.ts (1)

examples/with-solidstart/src/db/schema.ts (1)

• User (1-6)

examples/with-solidstart/src/auth/web3.ts (3)

examples/with-solidstart/src/auth/server.ts (3)

• getSession (9-19)
• updateSession (21-28)
• safeRedirect (30-31)

examples/with-solidstart/src/db/schema.ts (1)

• User (1-6)

examples/with-solidstart/src/web3/utils.ts (1)

• placeFirst (14-21)

examples/with-solidstart/src/components/Error.tsx (1)

examples/with-solidstart/src/components/Icons.tsx (1)

• X (3-16)

examples/with-solidstart/src/web3/index.ts (1)

packages/core/src/store/index.ts (1)

• state (291-294)

🪛 Biome (2.1.2)

examples/with-solidstart/src/auth/Provider.tsx

[error] 91-91: Unsafe usage of 'return'.

'return' in 'finally' overwrites the control flow statements inside 'try' and 'catch'.

(lint/correctness/noUnsafeFinally)

🪛 dotenv-linter (4.0.0)

examples/with-solidstart/.env.example

[warning] 2-2: [SpaceCharacter] The line has spaces around equal sign

(SpaceCharacter)

🪛 markdownlint-cli2 (0.18.1)

examples/with-solidstart/README.md

62-62: Images should have alternate text (alt text)

(MD045, no-alt-text)

🔇 Additional comments (13)

examples/with-solidstart/.gitignore (1)

1-5: LGTM!

The gitignore entries are appropriate for a SolidStart project, covering common build artifacts, dependencies, and environment files.

examples/with-solidstart/src/entry-client.tsx (1)

1-3: LGTM!

This is the standard SolidStart client entry point. The non-null assertion on the DOM element is appropriate as the app element is required for mounting.

examples/with-solidstart/src/db/schema.ts (1)

1-6: LGTM!

The User interface is well-defined with appropriate types. Good use of nullable updatedAt to track updates while allowing for initial creation without an update timestamp.

examples/with-solidstart/src/global.d.ts (1)

1-1: LGTM!

The triple-slash reference directive correctly includes SolidStart environment type definitions.

examples/with-solidstart/tsconfig.json (1)

1-19: LGTM!

The TypeScript configuration is appropriate for a SolidStart project with proper JSX handling, path aliases, and type definitions.

examples/with-solidstart/src/routes/[...404].tsx (1)

3-17: LGTM!

The 404 component is clean and functional. Optionally, you could wrap the message text (line 8) in a <p> tag for better semantic HTML, but the current implementation works fine.

examples/with-solidstart/src/app.css (1)

1-25: LGTM!

The CSS setup is well-structured with appropriate use of Tailwind directives. The @media (scripting: none) fallback on line 6-8 correctly hides the app when JavaScript is disabled, complementing the noscript message in the server entry.

examples/with-solidstart/src/components/Icons.tsx (1)

1-28: LGTM!

The icon components are cleanly implemented with appropriate prop handling for styling. The SVG paths are well-defined and the components follow a consistent pattern.

examples/with-solidstart/app.config.ts (1)

1-7: LGTM!

The configuration is appropriately minimal for an example template. The empty preset string with the comment clearly indicates where developers should specify their deployment target (e.g., "node-server", "vercel", "netlify").

examples/with-solidstart/src/components/Balance.tsx (1)

1-19: LGTM!

The Balance component is well-implemented with appropriate use of Suspense for async data loading. The skeleton fallback provides good UX while the balance loads, and the dimensions match the final content.

examples/with-solidstart/src/app.tsx (2)

11-13: LGTM!

The route preload function correctly fetches session data before rendering, which is essential for SSR and ensures authenticated state is available early in the render cycle.

---

15-33: LGTM!

The App component is well-structured with proper provider nesting. The layout places navigation, dynamic content, and error notifications in a logical hierarchy, ensuring global state and error handling are consistently available throughout the application.

examples/with-solidstart/package.json (1)

25-27: Verify the actual minimum Node.js requirement for @solidjs/start before adjusting the engines field.

The original review comment suggests lowering the Node.js requirement from >=22 to >=18 or >=20. However, findings show conflicting information:

• SolidStart's official repository pins Node.js 22.19.0 in .nvmrc and instructs to use that version
• A separate source indicates @solidjs/start supports Node 18+

The example project currently specifies engines: { "node": ">=22" }, which aligns with the upstream SolidStart repository's own requirement. However, without definitive verification of @solidjs/start's actual npm package engines field, it cannot be conclusively determined whether this is unnecessarily restrictive or intentionally aligned with upstream requirements.

Recommended action: Check the @solidjs/start package.json engines field on npm registry or test the example with Node 18/20 to confirm compatibility before adjusting this requirement.

[coderabbitai]

Actionable comments posted: 2

♻️ Duplicate comments (1)

examples/with-solidstart/src/auth/Provider.tsx (1)

55-62: Guard against connectedChain() returning undefined.

The previous review comment on this segment remains unaddressed. onboard!.connectedChain() can return undefined when wallets briefly report no chains after connect, causing the .id access on line 58 to throw.

Apply the previously suggested fix:

-  const [web3] = createResource(
-    onboard?.connectedWallet,
-    async ({ provider }) => {
-      if (onboard!.connectedChain().id !== BASE_ID)
-        await onboard!.setChain({ chainId: BASE_ID });
-      return load(provider);
-    }
-  );
+  const [web3] = createResource(
+    onboard?.connectedWallet,
+    async ({ provider }) => {
+      if (!onboard) return load(provider);
+      const chain = onboard.connectedChain();
+      if (!chain || chain.id !== BASE_ID) {
+        await onboard.setChain({ chainId: BASE_ID });
+      }
+      return load(provider);
+    }
+  );

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 84b91f8 and 7a49ba6.

📒 Files selected for processing (2)

• examples/with-solidstart/src/auth/Provider.tsx (1 hunks)
• examples/with-solidstart/src/routes/about.tsx (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• examples/with-solidstart/src/routes/about.tsx

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: thomasbuilds
Repo: thirdweb-dev/web3-onboard PR: 2387
File: examples/with-solidstart/src/auth/index.ts:23-27
Timestamp: 2025-11-01T16:25:13.748Z
Learning: In examples/with-solidstart/src/auth/index.ts, the signOutAction intentionally only clears the wallets field and preserves the session id. This design keeps the session id persistent across wallet disconnections as a feature.

📚 Learning: 2025-11-01T16:25:13.748Z

Learnt from: thomasbuilds
Repo: thirdweb-dev/web3-onboard PR: 2387
File: examples/with-solidstart/src/auth/index.ts:23-27
Timestamp: 2025-11-01T16:25:13.748Z
Learning: In examples/with-solidstart/src/auth/index.ts, the signOutAction intentionally only clears the wallets field and preserves the session id. This design keeps the session id persistent across wallet disconnections as a feature.

Applied to files:

• examples/with-solidstart/src/auth/Provider.tsx

🧬 Code graph analysis (1)

examples/with-solidstart/src/auth/Provider.tsx (3)

examples/with-solidstart/src/auth/index.ts (2)

• querySession (15-21)
• signOutAction (23-28)

examples/with-solidstart/src/auth/web3.ts (3)

• authWalletAction (24-39)
• addWalletAction (41-48)
• sign (12-22)

examples/with-solidstart/src/web3/index.ts (3)

• useWeb3Onboard (37-57)
• BASE_ID (13-13)
• load (23-33)

🪛 Biome (2.1.2)

examples/with-solidstart/src/auth/Provider.tsx

[error] 98-102: Illegal return statement outside of a function

(parse)

---

[error] 102-103: Expected a statement but instead found '}'.

Expected a statement here.

(parse)

🔇 Additional comments (2)

examples/with-solidstart/src/auth/Provider.tsx (2)

37-53: LGTM! SSR protection correctly implemented.

The login resource now properly gates on onboard existing in the source predicate, preventing SSR crashes. The fetcher receives the guaranteed non-null instance, addressing the previous concern.

---

86-95: LGTM! Logout safety improved.

The logout function now correctly guards the wallet lookup before attempting to disconnect, and properly awaits signOut() in the finally block without using return. This addresses the previous review concerns.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (2)

examples/with-solidstart/src/auth/server.ts (1)

9-10: Verify session cookie configuration for local development.

A previous review raised concerns about secure: true cookie settings preventing session cookies from working over HTTP during local development. Verify whether useSession from vinxi/http defaults to secure cookies and, if so, whether the configuration can be made environment-aware.

Check the vinxi/http documentation for useSession cookie defaults:

Does vinxi/http useSession set secure: true by default for cookies?

examples/with-solidstart/README.md (1)

62-62: Add alt text for the logo image.

The logo image is missing an alt attribute, which is necessary for screen readers and accessibility compliance (WCAG).

Apply this diff:

-  <img src="public/logo.svg" width="300px">
+  <img src="public/logo.svg" width="300px" alt="Web3Onboard logo">

🧹 Nitpick comments (4)

examples/with-solidstart/src/routes/[...404].tsx (1)

8-8: Wrap the text in a paragraph element.

The error message is a bare text node. Wrapping it in a <p> element improves semantic HTML structure.

Apply this diff:

-      Sorry, the page you're looking for doesn't exist
+      <p>Sorry, the page you're looking for doesn't exist</p>

examples/with-solidstart/src/components/Icons.tsx (1)

3-28: Consider adding ARIA attributes for improved accessibility.

The icon components lack accessibility attributes. Adding role="img" and descriptive aria-label attributes (or aria-hidden="true" if the icons are purely decorative with adjacent text labels) would improve screen reader support.

Example for the X icon:

 export const X = (props: Icon) => (
   <svg
     viewBox="0 0 24 24"
     fill="none"
     stroke="currentColor"
     stroke-width="2"
     stroke-linecap="round"
     stroke-linejoin="round"
     class={props.class}
+    role="img"
+    aria-label="Close"
   >
     <line x1="18" y1="6" x2="6" y2="18" />
     <line x1="6" y1="6" x2="18" y2="18" />
   </svg>
 )

examples/with-solidstart/src/auth/index.ts (1)

19-19: Encode the redirect URL parameter.

The path is concatenated directly into the redirect URL without encoding. If the path contains special characters, this could cause issues. Use encodeURIComponent to safely encode the redirect parameter.

Apply this diff:

-  if (protectedRoute(path)) throw redirect('/about?login=true&redirect=' + path)
+  if (protectedRoute(path)) throw redirect('/about?login=true&redirect=' + encodeURIComponent(path))

You'll also need to decode it when reading the parameter on the /about page.

examples/with-solidstart/src/auth/server.ts (1)

9-10: Add explicit runtime validation for SESSION_SECRET.

Documentation for SESSION_SECRET already exists in .env.example and the README (with openssl rand -hex 32 command). However, the code only relies on TypeScript's non-null assertion (!), which doesn't prevent undefined at runtime since it's stripped during compilation. Add explicit validation at server startup—for example:

if (!process.env.SESSION_SECRET) {
  throw new Error('SESSION_SECRET environment variable is not set')
}

This ensures developers get a clear error message immediately if the variable is missing, rather than a cryptic failure when useSession tries to use an undefined password.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 7a49ba6 and 2bcd3fa.

📒 Files selected for processing (24)

• examples/with-solidstart/.env.example (1 hunks)
• examples/with-solidstart/README.md (1 hunks)
• examples/with-solidstart/app.config.ts (1 hunks)
• examples/with-solidstart/package.json (1 hunks)
• examples/with-solidstart/src/app.css (1 hunks)
• examples/with-solidstart/src/app.tsx (1 hunks)
• examples/with-solidstart/src/auth/Provider.tsx (1 hunks)
• examples/with-solidstart/src/auth/context.ts (1 hunks)
• examples/with-solidstart/src/auth/index.ts (1 hunks)
• examples/with-solidstart/src/auth/server.ts (1 hunks)
• examples/with-solidstart/src/auth/web3.ts (1 hunks)
• examples/with-solidstart/src/components/Balance.tsx (1 hunks)
• examples/with-solidstart/src/components/Error.tsx (1 hunks)
• examples/with-solidstart/src/components/Icons.tsx (1 hunks)
• examples/with-solidstart/src/components/Nav.tsx (1 hunks)
• examples/with-solidstart/src/db/index.ts (1 hunks)
• examples/with-solidstart/src/db/schema.ts (1 hunks)
• examples/with-solidstart/src/entry-client.tsx (1 hunks)
• examples/with-solidstart/src/entry-server.tsx (1 hunks)
• examples/with-solidstart/src/routes/[...404].tsx (1 hunks)
• examples/with-solidstart/src/routes/about.tsx (1 hunks)
• examples/with-solidstart/src/routes/index.tsx (1 hunks)
• examples/with-solidstart/src/web3/index.ts (1 hunks)
• examples/with-solidstart/src/web3/utils.ts (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• examples/with-solidstart/src/db/schema.ts

🚧 Files skipped from review as they are similar to previous changes (17)

• examples/with-solidstart/src/entry-client.tsx
• examples/with-solidstart/src/components/Nav.tsx
• examples/with-solidstart/.env.example
• examples/with-solidstart/src/auth/context.ts
• examples/with-solidstart/package.json
• examples/with-solidstart/app.config.ts
• examples/with-solidstart/src/auth/Provider.tsx
• examples/with-solidstart/src/web3/index.ts
• examples/with-solidstart/src/routes/index.tsx
• examples/with-solidstart/src/web3/utils.ts
• examples/with-solidstart/src/routes/about.tsx
• examples/with-solidstart/src/entry-server.tsx
• examples/with-solidstart/src/app.css
• examples/with-solidstart/src/auth/web3.ts
• examples/with-solidstart/src/components/Error.tsx
• examples/with-solidstart/src/app.tsx
• examples/with-solidstart/src/db/index.ts

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: thomasbuilds
Repo: thirdweb-dev/web3-onboard PR: 2387
File: examples/with-solidstart/src/auth/index.ts:23-27
Timestamp: 2025-11-01T16:25:13.748Z
Learning: In examples/with-solidstart/src/auth/index.ts, the signOutAction intentionally only clears the wallets field and preserves the session id. This design keeps the session id persistent across wallet disconnections as a feature.

📚 Learning: 2025-11-01T16:25:13.748Z

Learnt from: thomasbuilds
Repo: thirdweb-dev/web3-onboard PR: 2387
File: examples/with-solidstart/src/auth/index.ts:23-27
Timestamp: 2025-11-01T16:25:13.748Z
Learning: In examples/with-solidstart/src/auth/index.ts, the signOutAction intentionally only clears the wallets field and preserves the session id. This design keeps the session id persistent across wallet disconnections as a feature.

Applied to files:

• examples/with-solidstart/src/auth/server.ts
• examples/with-solidstart/src/components/Icons.tsx
• examples/with-solidstart/src/auth/index.ts

🧬 Code graph analysis (2)

examples/with-solidstart/src/auth/index.ts (2)

examples/with-solidstart/src/app.tsx (1)

• route (11-13)

examples/with-solidstart/src/auth/server.ts (1)

• getSession (9-10)

examples/with-solidstart/src/components/Balance.tsx (2)

examples/with-solidstart/src/auth/index.ts (1)

• useAuth (29-33)

examples/with-solidstart/src/web3/utils.ts (1)

• formatBalance (4-12)

🪛 markdownlint-cli2 (0.18.1)

examples/with-solidstart/README.md

62-62: Images should have alternate text (alt text)

(MD045, no-alt-text)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Socket Security: Pull Request Alerts

🔇 Additional comments (1)

examples/with-solidstart/src/components/Balance.tsx (1)

5-19: LGTM!

The Balance component properly handles async data loading with Suspense, uses optional chaining to prevent errors when web3 is not yet loaded, and provides a good user experience with the skeleton fallback.

[coderabbitai]

Actionable comments posted: 7

♻️ Duplicate comments (1)

examples/with-solidstart/README.md (1)

58-58: Add alt text and fix asset path.

Two issues with this image tag:

1. Missing alt text: The image lacks an alt attribute for accessibility (this was previously flagged).
2. Incorrect path: In Vite-based projects like SolidStart, assets in the public/ directory should be referenced without the "public/" prefix.

Apply this diff to fix both issues:

-  <img src="public/logo.png" width="350px">
+  <img src="/logo.png" width="350px" alt="Web3Onboard logo">

🧹 Nitpick comments (1)

examples/with-solidstart/src/routes/index.tsx (1)

12-21: Consider memoizing the chain name computation.

The getChainName function reads web3()?.chain.id on each call, and line 42 calls both getChainName() and web3()?.chain.id separately, resulting in multiple reactive signal accesses. In SolidJS, each signal read triggers reactivity tracking, which can impact performance.

Apply this diff to memoize the chain data:

+import { For, Suspense, createMemo } from "solid-js";
-import { For, Suspense } from "solid-js";
 
 function Home() {
   const { session, web3 } = useAuth();
 
+  const chain = createMemo(() => web3()?.chain);
+
   const getChainName = () => {
-    switch (web3()?.chain.id) {
+    switch (chain()?.id) {
       case "0x1":
         return "Ethereum Mainnet";
       case "0x2105":
         return "Base Mainnet";
       default:
         return "Unknown";
     }
   };

Then update line 42:

-            <Suspense fallback={<Fallback class="w-36 h-4" />}>
-              {getChainName()} - {web3()?.chain.id}
-            </Suspense>
+            <Suspense fallback={<Fallback class="w-36 h-4" />}>
+              {getChainName()} - {chain()?.id}
+            </Suspense>

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 67b3682 and 6c66b5b.

⛔ Files ignored due to path filters (1)

• examples/with-solidstart/public/logo.png is excluded by !**/*.png

📒 Files selected for processing (16)

• examples/with-solidstart/README.md (1 hunks)
• examples/with-solidstart/src/app.css (1 hunks)
• examples/with-solidstart/src/auth/Provider.tsx (1 hunks)
• examples/with-solidstart/src/auth/index.ts (1 hunks)
• examples/with-solidstart/src/auth/server.ts (1 hunks)
• examples/with-solidstart/src/components/Balance.tsx (1 hunks)
• examples/with-solidstart/src/components/Error.tsx (1 hunks)
• examples/with-solidstart/src/components/Icons.tsx (1 hunks)
• examples/with-solidstart/src/components/Nav.tsx (1 hunks)
• examples/with-solidstart/src/entry-server.tsx (1 hunks)
• examples/with-solidstart/src/global.d.ts (1 hunks)
• examples/with-solidstart/src/routes/[...404].tsx (1 hunks)
• examples/with-solidstart/src/routes/about.tsx (1 hunks)
• examples/with-solidstart/src/routes/index.tsx (1 hunks)
• examples/with-solidstart/src/web3/index.ts (1 hunks)
• examples/with-solidstart/src/web3/utils.ts (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (5)

• examples/with-solidstart/src/components/Balance.tsx
• examples/with-solidstart/src/entry-server.tsx
• examples/with-solidstart/src/web3/utils.ts
• examples/with-solidstart/src/web3/index.ts
• examples/with-solidstart/src/auth/Provider.tsx

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: thomasbuilds
Repo: thirdweb-dev/web3-onboard PR: 2387
File: examples/with-solidstart/src/auth/index.ts:23-27
Timestamp: 2025-11-01T16:25:13.748Z
Learning: In examples/with-solidstart/src/auth/index.ts, the signOutAction intentionally only clears the wallets field and preserves the session id. This design keeps the session id persistent across wallet disconnections as a feature.

📚 Learning: 2025-11-01T16:25:13.748Z

Learnt from: thomasbuilds
Repo: thirdweb-dev/web3-onboard PR: 2387
File: examples/with-solidstart/src/auth/index.ts:23-27
Timestamp: 2025-11-01T16:25:13.748Z
Learning: In examples/with-solidstart/src/auth/index.ts, the signOutAction intentionally only clears the wallets field and preserves the session id. This design keeps the session id persistent across wallet disconnections as a feature.

Applied to files:

• examples/with-solidstart/src/auth/index.ts
• examples/with-solidstart/src/auth/server.ts
• examples/with-solidstart/src/components/Icons.tsx
• examples/with-solidstart/src/components/Nav.tsx
• examples/with-solidstart/src/routes/index.tsx
• examples/with-solidstart/README.md

🧬 Code graph analysis (4)

examples/with-solidstart/src/auth/index.ts (2)

examples/with-solidstart/src/app.tsx (1)

• route (11-13)

examples/with-solidstart/src/auth/server.ts (1)

• getSession (9-10)

examples/with-solidstart/src/components/Error.tsx (1)

examples/with-solidstart/src/components/Icons.tsx (1)

• X (9-22)

examples/with-solidstart/src/components/Nav.tsx (4)

examples/with-solidstart/src/components/Balance.tsx (1)

• Balance (6-16)

examples/with-solidstart/src/auth/index.ts (1)

• useAuth (31-35)

examples/with-solidstart/src/components/Icons.tsx (4)

• Wallet (30-34)
• Arrow (36-40)
• Fallback (3-7)
• Logout (24-28)

examples/with-solidstart/src/web3/utils.ts (1)

• shortenAddress (1-2)

examples/with-solidstart/src/routes/index.tsx (2)

examples/with-solidstart/src/auth/index.ts (1)

• useAuth (31-35)

examples/with-solidstart/src/components/Icons.tsx (1)

• Fallback (3-7)

🪛 markdownlint-cli2 (0.18.1)

examples/with-solidstart/README.md

58-58: Images should have alternate text (alt text)

(MD045, no-alt-text)

🔇 Additional comments (4)

examples/with-solidstart/src/global.d.ts (1)

1-7: LGTM! Clean TypeScript ambient declarations.

The type declarations properly reference SolidStart types and augment the NodeJS namespace to provide type safety for the SESSION_SECRET environment variable. This aligns well with the documented setup in the README.

examples/with-solidstart/README.md (1)

1-55: Well-structured documentation with clear examples.

The README provides comprehensive setup instructions and usage examples. The inclusion of the secure SESSION_SECRET generation command using openssl is a good security practice, and the clientOnly usage patterns are clearly explained with practical examples.

examples/with-solidstart/src/auth/index.ts (2)

16-22: LGTM! Good use of query primitive for session validation.

The querySession function properly checks for authenticated wallets and redirects unauthenticated users away from protected routes with the target path preserved in the redirect parameter.

---

24-29: LGTM! Proper cache invalidation on sign out.

The signOutAction correctly clears the wallets field, redirects to the fallback page, and revalidates the query cache. The preservation of the session id is intentional per the learning note.

Based on learnings.

[thomasbuilds]

All right all issues fixed!