cowprotocol · igorroncevic · May 5, 2026 · May 5, 2026 · May 5, 2026 · May 5, 2026
@@ -0,0 +1,10 @@
+########################################
+##         Keys and Addresses         ##
+########################################
+PRIVATE_KEY=
+DEPLOYER_ADDRESS=
+
+########################################
+##              RPC URLs              ##
+########################################
+ETH_RPC_URL=
@@ -0,0 +1,14 @@
+name: "Setup"
+description: "Install Foundry"
+
+runs:
+  using: "composite"
+  steps:
+    - name: "Install Foundry"
+      uses: "foundry-rs/foundry-toolchain@c7450ba673e133f5ee30098b3b54f444d3a2ca2d"
+      with:
+        version: "stable"
+
+    - name: "Show the Foundry config"
+      shell: "bash"
+      run: "forge --version && echo '\n' && forge config"
-    - name: "Show the Foundry config"
-      shell: "bash"
-      run: "forge --version && echo '\n' && forge config"
+    - name: "Show the Foundry version"
+      run: "forge --version"
+
+    - name: "Show the Foundry config"
+      run: "forge config"
-    - name: "Show the Foundry config"
-      shell: "bash"
-      run: "forge --version && echo '\n' && forge config"
+    - name: "Show the Foundry version"
+      run: "forge --version"
+
+    - name: "Show the Foundry config"
+      run: "forge config"
@@ -0,0 +1,99 @@
+name: "CI"
+
+permissions: {}
+
-permissions: {}
-permissions: {}
+# Uncomment to use secrets
+# env:
+# ETHERSCAN_API_KEY: ${{ secrets.ETHERSCAN_API_KEY }}
+# ETH_RPC_URL: ${{ secrets.ETH_RPC_URL }}
+
+on:
+  workflow_dispatch:
+  pull_request:
+  push:
+    branches:
+      - "main"
-    branches:
-      - "main"
-    branches:
-      - "main"
+
+jobs:
+  build:
+    runs-on: "ubuntu-latest"
+    steps:
+      - name: "Check out the repo"
+        uses: "actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd"
+        with:
+          submodules: recursive
+
+      - name: "Setup"
+        uses: "./.github/actions/setup"
+
+      - name: "Build the contracts and print their size"
+        run: "forge build --sizes --deny warnings"
+
+  format:
+    runs-on: "ubuntu-latest"
+    needs: build
+    steps:
+      - name: "Check out the repo"
+        uses: "actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd"
+        with:
+          submodules: recursive
+
+      - name: "Setup"
+        uses: "./.github/actions/setup"
+
+      - name: "Install solhint"
+        run: "npm i -g solhint"
+
+      - name: "Print solhint version"
+        run: "solhint --version"
+
+      - name: "Lint the code"
+        run: "make lint"
+
+  slither:
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+      - name: "Check out the repo"
+        uses: "actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd"
+        with:
+          submodules: recursive
+
+      - name: "Setup"
+        uses: "./.github/actions/setup"
+
+      - name: "Build contracts in src/ folder"
+        run: forge build --build-info --skip test script
+
+      - name: "Run slither analyzer"
+        uses: crytic/slither-action@f197989dea5b53e986d0f88c60a034ddd77ec9a8
+        with:
+          ignore-compile: false
+          slither-version: "0.11.0"
+          fail-on: "low"
+
+  test:
+    runs-on: "ubuntu-latest"
+    needs: build
+    steps:
+      - name: "Check out the repo"
+        uses: "actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd"
+        with:
+          submodules: recursive
+
+      - name: "Setup"
+        uses: "./.github/actions/setup"
+
+      - name: "Generate a fuzz seed that changes weekly to avoid burning through RPC allowance"
+        run: >
+          echo "FOUNDRY_FUZZ_SEED=$(
+            echo $(($EPOCHSECONDS - $EPOCHSECONDS % 604800))
+          )" >> $GITHUB_ENV
+
+      - name: "Run the tests"
+        run: "FOUNDRY_PROFILE=ci forge test --force --isolate -vvv --show-progress --gas-snapshot-check true"
+
+      - name: "Check test coverage"
+        env:
+          COVERAGE_MIN: 100
+        run: make coverage-check
@@ -1,6 +1,7 @@
 # Compiler files
 cache/
 out/
+coverage
 
 # Ignores development broadcast logs
 !/broadcast
@@ -12,3 +13,16 @@ docs/
 
 # Dotenv file
 .env
+
+# Agents
+.claude
+.agents
+
+# Miscellaneous
+*.log
+.DS_Store
+.pnp.*
+lcov.info
+.gas-snapshot
+.cursorignore
+coverage.txt
@@ -0,0 +1,37 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.5.0
+    hooks:
+      - id: mixed-line-ending
+        name: Mixed Line Ending (convert to LF)
+        args: ["--fix=lf"]
+        description: Forces to replace line ending by the UNIX 'lf' character.
+        exclude: "^docs/autogen"
+
+  - repo: local
+    hooks:
+      - id: format
+        name: Run lint
+        description: Run lint with `make lint`
+        language: system
+        entry: make lint
+        exclude: "^lib/"
+        types: [solidity]
+        pass_filenames: false
+
+      - id: slither
+        name: Run Slither
+        description: Run Slither with `make slither`
+        language: system
+        entry: make slither
+        types: [solidity]
+        pass_filenames: false
+
+      - id: snapshot
+        name: Generate gas snapshot (might take a while)
+        description: Generate gas snapshot with `make snapshot` (might take a while)
+        language: system
+        entry: bash -c 'make snapshot-pre-commit 2>&1 | tee /dev/tty'
+        types: [solidity]
+        pass_filenames: true
+        require_serial: true
@@ -0,0 +1,55 @@
+{
+  "extends": "solhint:recommended",
+  "rules": {
+    "code-complexity": ["error", 8],
+    "compiler-version": ["error", ">=0.8.34"],
+    "func-visibility": [
+      "error",
+      {
+        "ignoreConstructors": true
+      }
+    ],
+    "max-line-length": ["error", 125],
+    "one-contract-per-file": "error",
+    "named-parameters-mapping": "error",
+    "func-param-name-mixedcase": "error",
+    "modifier-name-mixedcase": "error",
+    "ordering": "error",
+    "func-name-mixedcase": "error",
+    "private-vars-leading-underscore": "off",
+    "no-console": "error",
+    "not-rely-on-time": "off",
+    "gas-custom-errors": "error",
+    "no-unused-vars": "error",
+    "no-complex-fallback": "off",
+    "payable-fallback": "off",
+    "avoid-tx-origin": "error",
+    "no-inline-assembly": "off",
+    "avoid-low-level-calls": "off",
+    "import-path-check": "off",
+    "func-named-parameters": "warn",
+    "interface-starts-with-i": "error",
+    "use-natspec": [
+      "warn",
+      {
+        "notice": {
+          "enabled": true
+        },
+        "param": {
+          "enabled": true
+        },
+        "return": {
+          "enabled": true
+        },
+        "author": { "enabled": false }
+      }
+    ],
+    "gas-strict-inequalities": "off",
+    "no-empty-blocks": "off",
+    "gas-indexed-events": "off",
+    "gas-increment-by-one": "off",
+    "gas-struct-packing": "off",
+    "function-max-lines": "off",
+    "max-states-count": "off"
+  }
+}
@@ -0,0 +1,6 @@
+{
+  "solidity.compileUsingRemoteVersion": "v0.8.34+commit.80d5c536",
+  "[solidity]": {
+    "editor.defaultFormatter": "JuanBlanco.solidity"
+  }
+}
@@ -0,0 +1,65 @@
+ifneq (,$(wildcard ./.env))
+    include .env
+    export
+endif
+
+.PHONY: all clean build lint slither test fmt coverage-check snapshot
+
+help: ## Print all targets and descriptions
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[.a-zA-Z0-9_-]+:.*?##/ { printf "  \033[36m%-25s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } END { printf "\n" }' $(MAKEFILE_LIST)
+
+all: ## Build, fmt, slither, check coverage, and snapshot gas
+	make clean && \
+	make build && \
+	make fmt && \
+	make slither && \
+	make coverage-check && \
+	make snapshot
+
+clean: ## Clean the project
+	forge clean
+
+build: ## Build the contracts
+	forge build --force 
-	forge build --force 
+	forge build
-	forge build --force 
+	forge build
+
+lint: ## Run lint
+	forge fmt --check && \
+  	solhint -c .solhint.json --max-warnings 0 "src/**/*.sol"  && \
+  	solhint -c script/.solhint.json --max-warnings 0 "script/**/*.sol" && \
+  	solhint -c test/.solhint.json --max-warnings 0 "test/**/*.t.sol"
+
+fmt: ## Format the contracts
+	forge fmt && \
+  	solhint -c .solhint.json --max-warnings 0 "src/**/*.sol"  && \
+  	solhint -c script/.solhint.json --max-warnings 0 "script/**/*.sol" && \
+  	solhint -c test/.solhint.json --max-warnings 0 "test/**/*.t.sol"
+
+slither: ## Run slither (requires 0.11.0)
+	slither . --include-paths "(src)" --fail-low --config-file slither.config.json
+
+test: ## Run tests
+	forge test --force --isolate -vvv --show-progress --gas-snapshot-check true
+
+coverage-summary: ## Run tests and generate coverage summary
+	forge coverage --no-match-coverage "(test|script)" --force --report summary
+
+coverage-lcov: ## Run tests and generate coverage lcov report
+	forge coverage --no-match-coverage "(test|script)" --force --report lcov
+
+COVERAGE_MIN := 100
+coverage-check: ## Check if test coverage is above the minimum
+	make coverage-summary | tee coverage.txt
+	@coverage=$$(grep "| Total" coverage.txt | awk '{print $$4}' | sed 's/%//'); \
+	if [ -z "$$coverage" ]; then \
+		echo "\n❌ Failed to extract coverage percentage.\n"; \
+		exit 1; \
+	elif [ $$(echo "$$coverage < $(COVERAGE_MIN)" | bc -l) -eq 1 ]; then \
+		echo "\n❌ Current coverage of $$coverage% below the minimum of $(COVERAGE_MIN)%.\n"; \
+		exit 1; \
+	else \
+		echo "\n✅ Current coverage of $$coverage% meets the minimum of $(COVERAGE_MIN)%.\n"; \
+	fi
+	@rm coverage.txt
+
+snapshot: ## Create a snapshot
+	forge snapshot --force --isolate --desc --show-progress