Migrate to Next.js 16

[tom2drum]

Description and Related Issue(s)

This PR upgrades the frontend from Next.js 15 to Next.js 16 and adapts the build, config, and request pipeline to the new defaults and APIs.

Proposed Changes

• Next.js and related deps: Bump next, @next/bundle-analyzer, @next/eslint-plugin-next, and eslint-config-next to 16.x (16.1.7).
• Bundler: Next.js 16 defaults to Turbopack. The config adds a turbopack section that mirrors existing webpack customizations (SVG via @svgr/webpack, stubbing of Node built-ins fs/net/tls in the browser via nextjs/empty-module.js). Webpack remains in use when running with BUNDLE_ANALYZER=true or next build --webpack.
• Build script: New build:analyze script runs BUNDLE_ANALYZER=true next build --webpack for bundle analysis.
• Root middleware: Root middleware.ts has been replaced by proxy.ts. Middleware logic (account, app profile, theme, address format, etc.) is now invoked from the API proxy route (/api/proxy) instead of the root middleware, aligning with Next.js 16’s request handling.
• CSP: CSP initialization no longer depends on edge configs (config.edge) or app config at module load. Config loading is removed from the CSP module; app profile for private mode is read via req.cookies.get('app_profile') instead of a custom cookie helper.
• Configs: Removed configs/essential-dapps-chains/config.edge.ts and configs/multichain/config.edge.ts. Multichain and essential-dapps-chains now use the Node.js config only, with a fallback in the index when not in the browser.
• TypeScript/ESLint: tsconfig.json and eslint.config.mjs updated for the new Next/TS setup; next-env.d.ts and related types adjusted.
• MCP: .cursor/mcp.json updated for local tooling.

No new or changed environment variables. No updates to docs/ENVS.md or the validator.

Breaking or Incompatible Changes

• Bundler default: Default next build uses Turbopack. Use next build --webpack (or yarn build:analyze) when webpack-specific behavior or bundle analysis is required.
• Root middleware: Custom root middleware is no longer used; behavior is preserved via the proxy route. Any reliance on root middleware running on every request should be re-evaluated.

Additional Information

• Branch is up to date with origin/main (one commit ahead).
• yarn.lock and dependency versions updated for Next 16.

Checklist for PR author

• I have tested these changes locally.
• I added tests to cover any new functionality, following this guide
• Whenever I fix a bug, I include a regression test to ensure that the bug does not reappear silently.
• If I have added a feature or functionality that is not privacy-compliant (e.g., tracking, analytics, third-party services), I have disabled it for private mode.
• If I have added, changed, renamed, or removed an environment variable
  • I updated the list of environment variables in the documentation
  • I made the necessary changes to the validator script according to the guide
  • I added "ENVs" label to this pull request

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository. To trigger a review, include @coderabbitai review in the PR description. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: d7e057a2-c1f9-40d4-aac4-9c403c42a06b

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

You can make CodeRabbit's review stricter and more nitpicky using the `assertive` profile, if that's what you prefer.

Change the reviews.profile setting to assertive to make CodeRabbit's nitpick more issues in your PRs.