LaWallet NWC
Roadmap

Month 1: Backend Infrastructure + Testing

Foundation phase: testing infrastructure, error handling, auth, security middleware.

Period: January 5 - February 5, 2026 Status: Completed Changelog: Month 1 Changelog

Summary

Month 1 significantly exceeded the original plan. While scoped for testing setup and bug fixes, it delivered a complete backend infrastructure overhaul including error handling, configuration, logging, authorization, security middleware, validation, and full test coverage for all API routes.

Delivered

Testing Infrastructure (Planned)

  • Vitest 3.2.4 with happy-dom environment and coverage reporting
  • MSW (Mock Service Worker) setup with handlers for all API routes
  • Prisma mocking utilities (mock-per-model pattern, not isolated DB)
  • Test helpers: auth-helpers, api-helpers, fixtures, route-helpers
  • 14 unit test suites covering all lib modules
  • 21 integration test files covering all 32 route handlers (154 tests)

Error Handling (Unplanned)

  • ApiError class hierarchy with 9 error subclasses
  • withErrorHandling HOF for all API routes
  • handleApiError centralized error formatter
  • Standardized error responses across all API routes

Configuration & Environment (Unplanned)

  • Zod-based environment variable validation (env.ts)
  • Structured AppConfig with caching and resetConfig()
  • .env.example updated with all variables

Logging (Originally Month 2)

  • Pino structured logging with request context (AsyncLocalStorage)
  • Request logging middleware
  • Log levels via environment variable
  • Replaced all console.log/error calls with Pino

Authorization & Security (Originally Month 3)

  • RBAC model: USER < VIEWER < OPERATOR < ADMIN
  • Prisma UserRole enum migration
  • Role management API endpoint (PUT /api/users/[userId]/role)
  • withAdminAuth, withRoleAuth, withPermissionAuth HOF wrappers
  • JWT authentication (/api/jwt, /api/jwt/protected)
  • Maintenance mode middleware with admin bypass

Security Middleware (Unplanned)

  • Rate limiting (in-memory + Upstash Redis support)
  • Request size limits (JSON, large, upload presets)

Validation (Unplanned)

  • Centralized Zod schemas for all API inputs
  • validateBody() and validateQuery() middleware
  • All API routes migrated to Zod validation

Framework & Dependencies

  • Next.js 16 upgrade with ESLint 9 flat config
  • @getalby/sdk migrated to v7 API
  • react-resizable-panels migrated to v4 API
  • Configs converted to ESM syntax

Deferred Items

ItemReasonMoved To
GitHub Actions CI/CDPrioritized infrastructureMonth 2
Hook unit testsFocus was on lib + integrationMonth 2
Coverage targets (50%)Thresholds lowered, coverage incrementalOngoing
Prisma isolated test DBMocking approach chosen insteadDropped

Stats

  • 118 files changed, 13,391 insertions, 3,215 deletions
  • 66 commits, 18 PRs merged
  • 7 epics completed, 18 issues closed

Roadmap

6-month development timeline for LaWallet NWC, funded by OpenSats.

Month 2: CI/CD + Client SDK + React Hooks

Foundation phase: GitHub Actions, TypeScript SDK, React Hooks package.

On this page

SummaryDeliveredTesting Infrastructure (Planned)Error Handling (Unplanned)Configuration & Environment (Unplanned)Logging (Originally Month 2)Authorization & Security (Originally Month 3)Security Middleware (Unplanned)Validation (Unplanned)Framework & DependenciesDeferred ItemsStats