[SDK] Support full MetaMask disconnection on wallet disconnect

[joaquim-verges]

---

PR-Codex overview

This PR focuses on enhancing the thirdweb library by adding support for fully disconnecting from MetaMask and updating tests to skip a specific case until functionality is restored.

Detailed summary

• Added functionality to fully disconnect from MetaMask using wallet_revokePermissions.
• Implemented a timeout for the disconnect request to prevent hangs.
• Updated the test case in getNFT.test.ts to skip until owner functionality is restored.

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

Summary by CodeRabbit

• New Features

  • Disconnecting from MetaMask now fully revokes wallet permissions for a cleaner logout.

• Tests

  • One NFT owner test was temporarily skipped pending indexer owner functionality restoration.

• Chores

  • Added a changeset entry preparing a patch release for the thirdweb package.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
docs-v2	Ready	Preview	Comment	Sep 11, 2025 11:49pm
nebula	Ready	Preview	Comment	Sep 11, 2025 11:49pm
thirdweb_playground	Ready	Preview	Comment	Sep 11, 2025 11:49pm
thirdweb-www	Ready	Preview	Comment	Sep 11, 2025 11:49pm
wallet-ui	Ready	Preview	Comment	Sep 11, 2025 11:49pm

[changeset-bot]

🦋 Changeset detected

Latest commit: 2daa563

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 3 packages

Name	Type
thirdweb	Patch
@thirdweb-dev/nebula	Patch
@thirdweb-dev/wagmi-adapter	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

Walkthrough

Adds a changeset for a patch release, updates the injected wallet disconnect flow to attempt an experimental MetaMask permission revocation (wallet_revokePermissions for eth_accounts) with a 100ms timeout (errors swallowed), and skips one ERC721 owner test. No public API changes.

Changes

Cohort / File(s)	Summary
Release metadata \.changeset/petite-lizards-create.md	Adds a changeset entry indicating a patch release for the thirdweb package documenting the full MetaMask disconnect attempt.
Injected wallet disconnect packages/thirdweb/src/wallets/injected/index.ts	Imports withTimeout from viem. On disconnect, attempts wallet_revokePermissions with [{ eth_accounts: {} }] wrapped in a 100ms timeout and ignores any errors (RPC/timeout). No exported/public API signature changes.
Tests packages/thirdweb/src/extensions/erc721/read/getNFT.test.ts	Converts one test to skipped (it → it.skip) with comment "skip until indexer restores owner functionality." No other test logic changed.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor User
  participant App
  participant InjectedWallet
  participant Provider as EIP-1193 Provider (MetaMask)

  User->>App: trigger disconnect
  App->>InjectedWallet: disconnect()
  note right of InjectedWallet #f9f7e8: New step — attempt permission revoke
  par Revoke attempt (with 100ms timeout)
    InjectedWallet->>Provider: request("wallet_revokePermissions", [{ eth_accounts: {} }])
  and Timeout
    InjectedWallet-->>InjectedWallet: abort if >100ms
  end
  note right of InjectedWallet #f0f7ff: Swallow errors (RPC/timeout)
  InjectedWallet-->>App: disconnect complete
  App-->>User: disconnected

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Pre-merge checks (1 passed, 2 warnings)

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description Check	⚠️ Warning	The PR description includes the commented repository template and a PR‑Codex overview summarizing the changes, but it does not populate the required template fields (notably "Notes for the reviewer" and "How to test") and does not include an explicit issue tag, so it does not meet the repository's description template requirements.	Please complete the template by adding an explicit "Notes for the reviewer" (e.g., Graphite merge queue instructions, scope/impact, and any behavioral changes), a "How to test" section with concrete steps (unit tests to run and a manual reproduction flow such as connecting/disconnecting MetaMask and verifying permission revocation), and include the Linear/issue tag if applicable; keep the PR‑Codex overview as supplemental context.
Docstring Coverage	⚠️ Warning	Docstring coverage is 33.33% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The PR title "[SDK] Support full MetaMask disconnection on wallet disconnect" is concise and accurately summarizes the primary change (adding full MetaMask disconnection support), making it clear to reviewers and teammates what the main intent of the changeset is.

Warning

Review ran into problems

🔥 Problems

Errors were encountered while retrieving linked issues.

Errors (1)

• TEAM-0000: Entity not found: Issue - Could not find referenced Issue.

✨ Finishing touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch Support_full_MetaMask_disconnection_on_wallet_disconnect

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[joaquim-verges]

• [SDK] Support full MetaMask disconnection on wallet disconnect #8039 👈 (View in Graphite)
• main

---

How to use the Graphite Merge Queue

Add either label to this PR to merge it via the merge queue:

• merge-queue - adds this PR to the back of the merge queue
• hotfix - for urgent hot fixes, skip the queue and merge this PR next

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

[github-actions]

size-limit report 📦

Path	Size	Loading time (3g)	Running time (snapdragon)	Total time
thirdweb (esm)	63.96 KB (0%)	1.3 s (0%)	312 ms (+78.76% 🔺)	1.6 s
thirdweb (cjs)	356.86 KB (0%)	7.2 s (0%)	1.5 s (-1.72% 🔽)	8.7 s
thirdweb (minimal + tree-shaking)	5.73 KB (0%)	115 ms (0%)	68 ms (+735.31% 🔺)	183 ms
thirdweb/chains (tree-shaking)	526 B (0%)	11 ms (0%)	63 ms (+1639.23% 🔺)	74 ms
thirdweb/react (minimal + tree-shaking)	19.15 KB (0%)	383 ms (0%)	91 ms (+1130.8% 🔺)	474 ms

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

.changeset/petite-lizards-create.md (1)

1-6: Capitalize MetaMask and clarify the mechanism in the changeset note

Suggest tightening the note and naming the RPC for clearer release notes. Also fix “metamask” casing.

 Support fully disconnecting from metamask on disconnect
+Support fully disconnecting from MetaMask on disconnect by revoking the
+eth_accounts permission via `wallet_revokePermissions` (experimental).

packages/thirdweb/src/wallets/injected/index.ts (1)

405-417: Gate MetaMask-only revoke, raise timeout, and await disconnect flow

• Only MetaMask documents wallet_revokePermissions for eth_accounts; other wallets may error or hang. Gate on MetaMask (provider flag or wallet id). (docs.metamask.io)
• 100ms is too aggressive; MetaMask’s confirmation can legitimately take longer. Recommend 500–1000ms to reduce false timeouts while still preventing hangs. (github.com)
• Since disconnect() is now meaningfully async, consider await disconnect() inside onDisconnect() to ensure listeners are removed and revoke is attempted before emitting.

Proposed patch:

   async function disconnect() {
     provider.removeListener("accountsChanged", onAccountsChanged);
     provider.removeListener("chainChanged", onChainChanged);
     provider.removeListener("disconnect", onDisconnect);

     // Experimental support for MetaMask disconnect
     // https://github.com/MetaMask/metamask-improvement-proposals/blob/main/MIPs/mip-2.md
-    try {
-      // Adding timeout as not all wallets support this method and can hang
-      await withTimeout(
-        () =>
-          provider.request({
-            method: "wallet_revokePermissions",
-            params: [{ eth_accounts: {} }],
-          }),
-        { timeout: 100 }
-      );
-    } catch {}
+    try {
+      const isMetaMask =
+        // common provider flag
+        (provider as any)?.isMetaMask === true ||
+        // wallet id hints (adjust to your generated ids)
+        id === "io.metamask" || id === "com.metamask" || id === "metamask";
+      if (isMetaMask) {
+        // Adding timeout as not all wallets support this method and can hang
+        await withTimeout(
+          () =>
+            provider.request({
+              method: "wallet_revokePermissions",
+              params: [{ eth_accounts: {} }],
+            }),
+          { timeout: 750 } // 500–1000ms recommended
+        );
+      }
+    } catch {
+      // swallow: best-effort revoke
+    }
   }

Additionally (outside this hunk), in onDisconnect():

-  async function onDisconnect() {
-    disconnect();
+  async function onDisconnect() {
+    await disconnect();
     emitter.emit("disconnect", undefined);
   }

Docs for revoke shape (params [{ eth_accounts: {} }]) confirm current usage. (docs.metamask.io)

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between bd17c08 and 875ff8d.

📒 Files selected for processing (2)

• .changeset/petite-lizards-create.md (1 hunks)
• packages/thirdweb/src/wallets/injected/index.ts (6 hunks)

🧰 Additional context used

📓 Path-based instructions (5)

.changeset/*.md

📄 CodeRabbit inference engine (AGENTS.md)

.changeset/*.md: Each change in packages/* must include a changeset for the appropriate package
Version bump rules: patch for non‑API changes; minor for new/modified public API

Files:

• .changeset/petite-lizards-create.md

**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{ts,tsx}: Write idiomatic TypeScript with explicit function declarations and return types
Limit each file to one stateless, single-responsibility function for clarity
Re-use shared types from @/types or local types.ts barrels
Prefer type aliases over interface except for nominal shapes
Avoid any and unknown unless unavoidable; narrow generics when possible
Choose composition over inheritance; leverage utility types (Partial, Pick, etc.)
Comment only ambiguous logic; avoid restating TypeScript in prose

**/*.{ts,tsx}: Use explicit function declarations and explicit return types in TypeScript
Limit each file to one stateless, single‑responsibility function
Re‑use shared types from @/types where applicable
Prefer type aliases over interface except for nominal shapes
Avoid any and unknown unless unavoidable; narrow generics when possible
Prefer composition over inheritance; use utility types (Partial, Pick, etc.)
Lazy‑import optional features and avoid top‑level side‑effects to reduce bundle size

Files:

• packages/thirdweb/src/wallets/injected/index.ts

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (CLAUDE.md)

Load heavy dependencies inside async paths to keep initial bundle lean (lazy loading)

Files:

• packages/thirdweb/src/wallets/injected/index.ts

packages/thirdweb/src/wallets/**

📄 CodeRabbit inference engine (CLAUDE.md)

packages/thirdweb/src/wallets/**: Unified Wallet and Account interfaces in wallet architecture
Support for in-app wallets (social/email login)
Smart wallets with account abstraction
EIP-1193, EIP-5792, EIP-7702 standard support in wallet modules

Files:

• packages/thirdweb/src/wallets/injected/index.ts

packages/thirdweb/**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

packages/thirdweb/**/*.{ts,tsx}: Every public symbol must have comprehensive TSDoc with at least one compiling @example and a custom tag (@beta, @internal, @experimental, etc.)
Comment only ambiguous logic; avoid restating TypeScript in prose
Lazy‑load heavy dependencies inside async paths (e.g., const { jsPDF } = await import("jspdf"))

Files:

• packages/thirdweb/src/wallets/injected/index.ts

🧠 Learnings (2)

📓 Common learnings

Learnt from: CR
PR: thirdweb-dev/js#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-18T19:19:55.613Z
Learning: Applies to packages/thirdweb/src/wallets/** : EIP-1193, EIP-5792, EIP-7702 standard support in wallet modules

Learnt from: CR
PR: thirdweb-dev/js#0
File: AGENTS.md:0-0
Timestamp: 2025-08-29T15:37:38.513Z
Learning: Applies to .changeset/*.md : Version bump rules: patch for non‑API changes; minor for new/modified public API

📚 Learning: 2025-07-18T19:19:55.613Z

Learnt from: CR
PR: thirdweb-dev/js#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-18T19:19:55.613Z
Learning: Applies to packages/thirdweb/src/wallets/** : EIP-1193, EIP-5792, EIP-7702 standard support in wallet modules

Applied to files:

• packages/thirdweb/src/wallets/injected/index.ts

🧬 Code graph analysis (1)

packages/thirdweb/src/wallets/injected/index.ts (1)

packages/thirdweb/src/wallets/eip5792/send-calls.ts (1)

• toProviderCallParams (157-218)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: Size
• GitHub Check: E2E Tests (pnpm, webpack)
• GitHub Check: E2E Tests (pnpm, esbuild)
• GitHub Check: E2E Tests (pnpm, vite)
• GitHub Check: Unit Tests
• GitHub Check: Build Packages
• GitHub Check: Analyze (javascript)

🔇 Additional comments (6)

packages/thirdweb/src/wallets/injected/index.ts (6)

114-115: LGTM — clearer warning text

Punctuation tweak improves readability, no behavior change.

---

308-314: LGTM — explicit retry suppression

Keeping { retryCount: 0 } is appropriate for wallet UX here.

---

319-323: LGTM — cleaner call site

Passing account directly aligns with toProviderCallParams signature.

---

332-336: LGTM — actionable error message

Message now includes wallet id and normalized payload; good for support.

---

348-351: LGTM — consistent guidance for unsupported EIP-5792

Clearer wording without trailing punctuation artifact.

---

9-10: Import is correct — keep withTimeout imported from 'viem'

package.json pins [email protected] and viem re-exports withTimeout at the top level, so the current import is valid. (npmjs.com)

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

packages/thirdweb/src/extensions/erc721/read/getNFT.test.ts (1)

54-55: Avoid permanent skip; gate with env/runIf and add a clear TODO tracker

Test is still skipped at packages/thirdweb/src/extensions/erc721/read/getNFT.test.ts:54-55 — replace the unconditional it.skip with an env-gated run and add a TODO marker.

Apply this diff:

-  // skip until indexer restores owner functionality
-  it.skip("with owner using indexer", async () => {
+  // TODO(indexer-owner): Remove when indexer restores owner lookups. Set TW_INDEXER_OWNERS_RESTORED=true locally to run.
+  it.runIf(process.env.TW_INDEXER_OWNERS_RESTORED === "true")("with owner using indexer", async () => {

Fallback if it.runIf isn't available:

const maybeIt = process.env.TW_INDEXER_OWNERS_RESTORED === "true" ? it : it.skip;
// ...
maybeIt("with owner using indexer", async () => {
  // existing body
});

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 9d4154c and 2daa563.

📒 Files selected for processing (3)

• .changeset/petite-lizards-create.md (1 hunks)
• packages/thirdweb/src/extensions/erc721/read/getNFT.test.ts (1 hunks)
• packages/thirdweb/src/wallets/injected/index.ts (2 hunks)

✅ Files skipped from review due to trivial changes (1)

• .changeset/petite-lizards-create.md

🚧 Files skipped from review as they are similar to previous changes (1)

• packages/thirdweb/src/wallets/injected/index.ts

🧰 Additional context used

📓 Path-based instructions (4)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{ts,tsx}: Write idiomatic TypeScript with explicit function declarations and return types
Limit each file to one stateless, single-responsibility function for clarity
Re-use shared types from @/types or local types.ts barrels
Prefer type aliases over interface except for nominal shapes
Avoid any and unknown unless unavoidable; narrow generics when possible
Choose composition over inheritance; leverage utility types (Partial, Pick, etc.)
Comment only ambiguous logic; avoid restating TypeScript in prose

**/*.{ts,tsx}: Use explicit function declarations and explicit return types in TypeScript
Limit each file to one stateless, single‑responsibility function
Re‑use shared types from @/types where applicable
Prefer type aliases over interface except for nominal shapes
Avoid any and unknown unless unavoidable; narrow generics when possible
Prefer composition over inheritance; use utility types (Partial, Pick, etc.)
Lazy‑import optional features and avoid top‑level side‑effects to reduce bundle size

Files:

• packages/thirdweb/src/extensions/erc721/read/getNFT.test.ts

**/*.test.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.test.{ts,tsx}: Place tests alongside code: foo.ts ↔ foo.test.ts
Use real function invocations with stub data in tests; avoid brittle mocks
Use Mock Service Worker (MSW) for fetch/HTTP call interception in tests
Keep tests deterministic and side-effect free
Use FORKED_ETHEREUM_CHAIN for mainnet interactions and ANVIL_CHAIN for isolated tests

**/*.test.{ts,tsx}: Co‑locate tests as foo.test.ts(x) next to the implementation
Use real function invocations with stub data; avoid brittle mocks
Use MSW to intercept HTTP calls for network interactions; mock only hard‑to‑reproduce scenarios
Keep tests deterministic and side‑effect free; use Vitest

Files:

• packages/thirdweb/src/extensions/erc721/read/getNFT.test.ts

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (CLAUDE.md)

Load heavy dependencies inside async paths to keep initial bundle lean (lazy loading)

Files:

• packages/thirdweb/src/extensions/erc721/read/getNFT.test.ts

packages/thirdweb/**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

packages/thirdweb/**/*.{ts,tsx}: Every public symbol must have comprehensive TSDoc with at least one compiling @example and a custom tag (@beta, @internal, @experimental, etc.)
Comment only ambiguous logic; avoid restating TypeScript in prose
Lazy‑load heavy dependencies inside async paths (e.g., const { jsPDF } = await import("jspdf"))

Files:

• packages/thirdweb/src/extensions/erc721/read/getNFT.test.ts

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)

• GitHub Check: Unit Tests
• GitHub Check: Build Packages
• GitHub Check: Lint Packages
• GitHub Check: E2E Tests (pnpm, esbuild)
• GitHub Check: Size
• GitHub Check: E2E Tests (pnpm, webpack)
• GitHub Check: E2E Tests (pnpm, vite)
• GitHub Check: Analyze (javascript)

[codecov]

Codecov Report

❌ Patch coverage is 90.00000% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 56.64%. Comparing base (bd17c08) to head (2daa563).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
packages/thirdweb/src/wallets/injected/index.ts	90.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #8039      +/-   ##
==========================================
+ Coverage   56.63%   56.64%   +0.01%     
==========================================
  Files         904      904              
  Lines       58684    58694      +10     
  Branches     4162     4163       +1     
==========================================
+ Hits        33233    33247      +14     
+ Misses      25345    25342       -3     
+ Partials      106      105       -1     

Flag	Coverage Δ
packages	56.64% <90.00%> (+0.01%)	⬆️

Files with missing lines	Coverage Δ
packages/thirdweb/src/wallets/injected/index.ts	32.38% <90.00%> (+1.53%)	⬆️

... and 3 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.