fix(privy): migrate wallet delegation to useSigners for TEE compatibility — GHB-200

[Gastonfoncea]

Summary

• Migrate AgentDelegationCard from useHeadlessDelegatedActions (on-device only, hangs in TEE) to useSigners().addSigners(...) (TEE-compatible) and source the Solana wallet from @privy-io/react-auth/solana so the SDK sees an initialized wallet proxy. Treat Privy's "Duplicate signer" response as idempotent success so the backend POST still runs if a previous attempt half-completed.
• MCP server (apps/mcp/lib/privy/delegated-signer.ts): pass authorization_context.authorization_private_keys to signTransaction using the new PRIVY_SIGNER_PRIVATE_KEY env var (PKCS8 base64, no PEM headers).
• Collateral fix on the same page: ApiKeysSection / ConnectedAppsSection depended on the full privy object (whose identity changes every render) inside useCallback, producing an infinite render loop once useSigners triggered more frequent re-renders. Captured privy via closure on mount.

Why the previous code was broken

The Privy app runs in TEE execution (keys in a secure enclave). The legacy hooks useHeadlessDelegatedActions and useDelegatedActions only support the on-device model and either hang (headless) or throw (modal variant) on a TEE app. The TEE-correct API is useSigners().addSigners({ signers: [{ signerId, policyIds }] }), which attaches a server-side key quorum registered in the Privy dashboard.

Env vars required after merge

Frontend (frontend/.env.local):

• NEXT_PUBLIC_PRIVY_SIGNER_ID — public quorum ID created in the Privy dashboard.

MCP server (apps/mcp/.env.local and prod equivalents):

• PRIVY_APP_ID — same value as frontend's NEXT_PUBLIC_PRIVY_APP_ID.
• PRIVY_APP_SECRET — server-side app secret.
• PRIVY_SIGNER_KEY_QUORUM_ID — same value as frontend's NEXT_PUBLIC_PRIVY_SIGNER_ID.
• PRIVY_SIGNER_PRIVATE_KEY — PKCS8 base64 of the EC P-256 private key, no PEM headers, single line.

Test plan

• /app/credentials → click "Authorize" → card shows "Authorized" with the wallet pubkey (verified manually)
• Click "Revoke authorization" → card returns to "Not authorized" (verify in this PR)
• No infinite render loop on /app/credentials (ApiKeys and ConnectedApps sections load once)
• apps/mcp/tests/privy/delegated-signer.test.ts — 5/5 passing
• pnpm typecheck workspace-wide — passes
• After stake + delegation: mcp__ghbounty__whoami returns wallet_pubkey populated (depends on stake; tracked separately, not a blocker for this PR)
• After delegation + stake: mcp__ghbounty__submissions_create against a valid PR returns the submission row (depends on stake; tracked separately)

Not included in this PR (tracked separately)

• DATABASE_URL in packages/db/drizzle.config.ts resolution — during testing, pnpm db:migrate applied migration 0026 to a different DB than the one the frontend uses. Worked around by running the SQL manually in Supabase Studio. To fix in a follow-up task.
• MCP support for external wallets (Phantom / Solflare / etc.) — only embedded TEE wallets work today, which limits the MCP to email-login users. Tracked as GHB-201.

🤖 Generated with Claude Code

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
gh-bounty-frontend	Ready	Preview, Comment	May 20, 2026 11:30pm
ghbounty-mcp	Ready	Preview, Comment	May 20, 2026 11:30pm