fix: auth server api and bundler api image fixes

packages/auth-server-api/Dockerfile

@@ -59,24 +59,52 @@ WORKDIR /usr/src/app/packages/erc4337-contracts
 RUN forge soldeer install
 RUN forge build
 
-# Build ERC-4337 related packages
+# Build ERC-4337 related packages (following CI build order)
 WORKDIR /usr/src/app
 
-# Build auth-server-api
-RUN pnpm nx build auth-server-api
+# Build in correct dependency order: web-sdk -> sdk-4337 -> auth-server-api
+RUN pnpm nx build web-sdk
+RUN pnpm nx build sdk-4337 || (echo "===SDK-4337 Build Failed, trying direct build===" && cd packages/sdk-4337 && pnpm build)
+RUN pnpm nx build auth-server-api || (echo "===Auth-Server-API Build Failed, trying direct build===" && cd packages/auth-server-api && pnpm build)
 
 # Deploy only production dependencies for auth-server-api
 RUN pnpm deploy --filter=auth-server-api --prod /prod/auth-server-api
 
 # Stage 3: Production runtime
-# Using distroless for minimal attack surface
-FROM gcr.io/distroless/nodejs22-debian12:nonroot AS production
+FROM node:22-slim AS production
+
+# Install curl for healthcheck
+RUN apt-get update && apt-get install -y curl && rm -rf /var/lib/apt/lists/*
 
 # Copy the deployed auth-server-api with its dependencies
-COPY --from=builder --chown=nonroot:nonroot /prod/auth-server-api /prod/auth-server-api
+COPY --from=builder /prod/auth-server-api /prod/auth-server-api
 
 # Copy the built dist folder
-COPY --from=builder --chown=nonroot:nonroot /usr/src/app/packages/auth-server-api/dist /prod/auth-server-api/dist
+COPY --from=builder /usr/src/app/packages/auth-server-api/dist /prod/auth-server-api/dist
+
+# Copy sdk-4337 built files to node_modules
+COPY --from=builder /usr/src/app/packages/sdk-4337/dist /prod/auth-server-api/node_modules/zksync-sso-4337/dist
+
+# Copy web-sdk built files and WASM packages to .pnpm directory structure
+RUN mkdir -p $(find /prod/auth-server-api/node_modules/.pnpm -type d -name "zksync-sso-web-sdk" 2>/dev/null | head -1)
+COPY --from=builder /usr/src/app/packages/sdk-platforms/web/pkg-bundler /tmp/pkg-bundler
+COPY --from=builder /usr/src/app/packages/sdk-platforms/web/pkg-node /tmp/pkg-node
+COPY --from=builder /usr/src/app/packages/sdk-platforms/web/dist /tmp/web-dist
+RUN PNPM_WEB_SDK=$(find /prod/auth-server-api/node_modules/.pnpm -type d -name "zksync-sso-web-sdk" 2>/dev/null | head -1) && \
+    if [ -n "$PNPM_WEB_SDK" ]; then \
+      cp -r /tmp/pkg-bundler "$PNPM_WEB_SDK/" && \
+      cp -r /tmp/pkg-node "$PNPM_WEB_SDK/" && \
+      cp -r /tmp/web-dist "$PNPM_WEB_SDK/dist"; \
+    fi && \
+    rm -rf /tmp/pkg-bundler /tmp/pkg-node /tmp/web-dist
+
+# Copy sdk-4337 built files to .pnpm directory structure
+COPY --from=builder /usr/src/app/packages/sdk-4337/dist /tmp/sdk-4337-dist
+RUN PNPM_SDK_4337=$(find /prod/auth-server-api/node_modules/.pnpm -type d -name "zksync-sso-4337" 2>/dev/null | head -1) && \
+    if [ -n "$PNPM_SDK_4337" ]; then \
+      cp -r /tmp/sdk-4337-dist "$PNPM_SDK_4337/dist"; \
+    fi && \
+    rm -rf /tmp/sdk-4337-dist
 
 WORKDIR /prod/auth-server-api
 
@@ -86,7 +114,7 @@ ENV NODE_ENV=production
 
 # Healthcheck
 HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
-  CMD ["node", "-e", "require('http').get('http://localhost:3004/api/health', (r) => process.exit(r.statusCode === 200 ? 0 : 1))"]
+  CMD ["curl", "-f", "http://localhost:3004/api/health"]
 
 # Expose port
 EXPOSE 3004

packages/auth-server-api/package.json

@@ -8,6 +8,8 @@
     "start": "node --experimental-wasm-modules dist/index.js"
   },
   "dependencies": {
+    "@simplewebauthn/browser": "13.x",
+    "@simplewebauthn/server": "13.x",
     "@t3-oss/env-core": "^0.12.0",
     "cors": "^2.8.5",
     "dotenv": "^16.4.7",

packages/bundler/Dockerfile

@@ -19,9 +19,15 @@
 # Stage 2: Production runtime
 FROM node:22-slim AS production
 
+# Install curl for healthcheck
+RUN apt-get update && apt-get install -y curl && rm -rf /var/lib/apt/lists/*
+
 # Install @pimlico/alto globally
 RUN npm install -g @pimlico/alto@0.0.19
 
+# Ensure npm global bin is in PATH
+ENV PATH="/usr/local/bin:$PATH"
+
 WORKDIR /app
 
 # Copy package.json for production dependencies
@@ -34,16 +40,16 @@
 COPY --from=builder /app/dist ./dist
 
 # Environment defaults (can be overridden at runtime)
 ENV EXECUTOR_PRIVATE_KEY="0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80"
 ENV UTILITY_PRIVATE_KEY="0x59c6995e998f97a5a0044966f0945389dc9e86dae88c7a8412f4603b6b78690d"
 ENV RPC_URL="http://localhost:8545"
 
-# Healthcheck on Alto bundler port (internal)
-HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
-  CMD ["node", "-e", "require('http').get('http://localhost:4338/health', (r) => process.exit(r.statusCode === 200 ? 0 : 1))"]
+# Healthcheck on CORS proxy port (external)
+HEALTHCHECK --interval=30s --timeout=3s --start-period=40s --retries=3 \
+  CMD ["curl", "-f", "http://localhost:4337/health"]
 
-# Expose only the CORS proxy port (4338 is internal)
-EXPOSE 4337
+# Expose both the CORS proxy port and Alto bundler port
+EXPOSE 4337 4338
 
 # Start the bundler
 CMD ["node", "dist/index.js"]

packages/bundler/src/bundler-with-proxy.ts

@@ -84,7 +84,7 @@ export async function startBundler(): Promise<void> {
 
   // Start Alto bundler
   log("SETUP", "Starting Alto bundler on port 4338...", colors.cyan);
-  alto = spawn("alto", ["--config", ALTO_CONFIG], {
+  alto = spawn("npx", ["alto", "--config", ALTO_CONFIG, "--port", "4338"], {
     stdio: "inherit",
     shell: true,
   });

packages/sdk-platforms/web/src/bundler.ts

@@ -1,5 +1,5 @@
 // Bundler-specific entry point for web applications
-import * as wasm from "../pkg-bundler/zksync_sso_erc4337_web_ffi";
+import * as wasm from "../pkg-bundler/zksync_sso_erc4337_web_ffi.js";
 
 export * from "./types";
 export * from "./webauthn";

packages/sdk-platforms/web/src/webauthn-helpers.ts

@@ -10,7 +10,7 @@ import {
   prepare_passkey_user_operation,
   SendTransactionConfig,
   submit_passkey_user_operation,
-} from "../pkg-bundler/zksync_sso_erc4337_web_ffi";
+} from "../pkg-bundler/zksync_sso_erc4337_web_ffi.js";
 
 /**
  * Convert hex string to Uint8Array