soldeer migration#33
Merged
Merged
Conversation
Migrate from git submodules to soldeer. Mirrors the float / rainlang pattern. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
Warning Rate limit exceeded
You’ve run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: ⛔ Files ignored due to path filters (2)
📒 Files selected for processing (25)
WalkthroughThis PR migrates the project from Git submodules to Soldeer package management, updates all Solidity dependency imports to versioned package paths, refactors CI workflows to use reusable Rainix workflows with updated Nix tooling, adds comprehensive vendored Flare interface files, and updates licensing/configuration metadata. ChangesDependency Management & Tooling Migration
CI Workflow Refactoring
Solidity Import Path Standardization
Vendored Flare Interface Definitions
Licensing & Metadata Configuration
Estimated code review effort🎯 4 (Complex) | ⏱️ ~60 minutes Possibly related issues
Suggested reviewers
✨ Finishing Touches🧪 Generate unit tests (beta)
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 9
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (9)
src/vendor/flare-smart-contracts/ftso/interface/IIFtso.sol (1)
1-199:⚠️ Potential issue | 🟠 Major | ⚡ Quick winResolve formatting failures blocking CI.
Pipeline reports formatting mismatches (lines 25-184):
returns (...)spacing and function signature wrapping/indentation. Same vendored-code formatting issue as other files.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/vendor/flare-smart-contracts/ftso/interface/IIFtso.sol` around lines 1 - 199, Formatting mismatches in multiple function signatures (e.g., finalizePriceEpoch, configureEpochs, epochsConfiguration, getVoteWeightingParameters) need to be normalized to the project's Solidity formatter style: collapse or reflow the function parameter and returns blocks so the `returns(...)` token spacing and line-wrapping match other vendored files (no extra indentation, consistent comma placement and use of `memory`/types), and ensure single-line or aligned multi-line signatures as used elsewhere in vendor contracts; run the repo's solidity formatter/clang-format settings (or apply the same wrapping rules) over the IIFtso interface to fix spacing around `returns` and the function signature wrapping for all affected functions.src/vendor/flare-smart-contracts/token/interface/IIGovernanceVotePower.sol (1)
1-97:⚠️ Potential issue | 🟠 Major | ⚡ Quick winResolve formatting failures blocking CI.
Pipeline reports formatting mismatches in events and function declarations (lines 18-96): spacing in
returns (...)and parameter layout (inline vs multi-line). Same vendored-code formatting issue—choose to reformat or exclude from checks.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/vendor/flare-smart-contracts/token/interface/IIGovernanceVotePower.sol` around lines 1 - 97, The CI failures are caused by inconsistent Solidity formatting in IIGovernanceVotePower (events DelegateVotesChanged, DelegateChanged and functions updateAtTokenTransfer, setCleanupBlockNumber, setCleanerContract, ownerToken, pChainStakeMirror, getCleanupBlockNumber); reformat these declarations to match the project's Solidity style (consistent spacing around returns, parameter lists aligned either all-inline or multi-line as used elsewhere, and spacing inside parentheses), e.g. make event parameter lines and function signatures follow the exact style used in other vendor interfaces in the repo, then run the project's formatter/linter to ensure the file passes CI.src/vendor/flare-smart-contracts/userInterfaces/IPChainStakeMirror.sol (1)
1-111:⚠️ Potential issue | 🟠 Major | ⚡ Quick winResolve formatting failures blocking CI.
The pipeline reports formatting mismatches throughout this vendored interface file (spacing in
returns (...), event/function parameter layout). Since these are vendored files from upstream Flare contracts, you have two options:
Reformat vendored files: Run
forge fmt(or your project's Solidity formatter) onsrc/vendor/to match project conventions. This fixes CI but diverges from upstream.Exclude vendor directory from formatting checks: Update your formatter configuration to skip
src/vendor/directories, preserving upstream code exactly as published.Recommendation: Option 2 is typical for vendored dependencies—it prevents formatting drift on every upstream sync and keeps the audit trail clean.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/vendor/flare-smart-contracts/userInterfaces/IPChainStakeMirror.sol` around lines 1 - 111, The vendored Solidity interface IPChainStakeMirror (events like StakeConfirmed, StakeEnded, functions like mirrorStake, totalSupply, balanceOfAt) is failing CI due to formatting differences; either reformat the vendored files by running your Solidity formatter on that directory (e.g., run forge fmt targeting src/vendor/) to normalize spacing/returns/param layout, or (preferred) update the project formatter configuration to exclude src/vendor/ from formatting checks so upstream files remain untouched; apply one of these fixes and re-run CI.src/vendor/flare-smart-contracts/userInterfaces/IFtso.sol (1)
1-245:⚠️ Potential issue | 🟠 Major | ⚡ Quick winResolve formatting failures blocking CI.
Pipeline reports formatting mismatches in event declarations (lines 44-88) and function signatures (lines 42-245). Same vendored-code tradeoff as other files: either reformat
src/vendor/to match project style, or exclude the vendor directory from formatting checks to preserve upstream code.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/vendor/flare-smart-contracts/userInterfaces/IFtso.sol` around lines 1 - 245, CI failing due to formatting mismatches in vendored Solidity interface IFtso (specifically around event declarations PriceRevealed, PriceFinalized, PriceEpochInitializedOnFtso, LowTurnout and function signatures like getCurrentPriceWithDecimals, getCurrentPriceWithDecimalsFromTrustedProviders, getCurrentPriceDetails, getEpochId, getEpochPriceForVoter, etc.); fix by either (A) running the project formatter on this file and committing the formatted IFtso.sol to match the repo style, or (B) adding src/vendor/** to the formatter/CI ignore list (e.g., .prettierignore/.clang-format-ignore/.editorconfig/formatter config used by CI) and updating CI config so vendor files are excluded; choose one approach, apply it, and commit the change so the pipeline no longer flags IFtso.sol.src/vendor/flare-smart-contracts/token/interface/IIVPToken.sol (1)
1-56:⚠️ Potential issue | 🟠 Major | ⚡ Quick winResolve formatting failures blocking CI.
Pipeline reports formatting mismatches (lines 30-55):
returns(uint256)spacing and multi-line function signature formatting forbatchVotePowerOfAt. Same vendored-code formatting issue as other files.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/vendor/flare-smart-contracts/token/interface/IIVPToken.sol` around lines 1 - 56, The formatting failures are due to inconsistent Solidity style in IIVPToken: change function return signatures to match project style by adding a space before the returns parenthesis (e.g. change returns(uint256) to returns (uint256)) for totalVotePowerAtCached and votePowerOfAtCached, and reformat the batchVotePowerOfAt declaration to match the repo's multi-line/signature style (align parameter lines and the returns (uint256[] memory) clause consistently with other vendored interfaces); update the IIVPToken interface declarations (functions totalVotePowerAtCached, votePowerOfAtCached, batchVotePowerOfAt) accordingly so the linter/formatter passes.src/vendor/flare-smart-contracts/userInterfaces/IFtsoRegistry.sol (1)
1-183:⚠️ Potential issue | 🟠 Major | ⚡ Quick winResolve formatting failures blocking CI.
Pipeline reports formatting mismatches (lines 33-193):
returns (...)spacing and multi-line function formatting. Same vendored-code formatting issue as other files.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/vendor/flare-smart-contracts/userInterfaces/IFtsoRegistry.sol` around lines 1 - 183, The interface has formatter mismatches around the function return signatures (e.g., getCurrentPrice, getCurrentPrice(string), getCurrentPriceWithDecimals(uint256), getCurrentPriceWithDecimals(string), getAllCurrentPrices, getCurrentPricesByIndices, getCurrentPricesBySymbols, getSupportedIndicesAndFtsos, getSupportedSymbolsAndFtsos, getSupportedIndicesAndSymbols, getSupportedIndicesSymbolsAndFtsos) — fix by normalizing the `returns` spacing and multi-line return formatting to match the repository style (use "returns ( ... )" with the same placement/line breaks as other vendored interfaces), then run the project's code formatter/format command to apply consistent whitespace across the file so CI formatting checks pass.src/vendor/flare-smart-contracts/userInterfaces/IVPToken.sol (1)
1-266:⚠️ Potential issue | 🟠 Major | ⚡ Quick winResolve formatting failures blocking CI.
Pipeline reports formatting mismatches (lines 33-188):
uintvsuint256,returns(...)spacing, and parameter layout. This vendored interface uses upstream Flare's style conventions. Apply the same remediation as other vendored files: reformat or excludesrc/vendor/from checks.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/vendor/flare-smart-contracts/userInterfaces/IVPToken.sol` around lines 1 - 266, The vendored IVPToken interface fails formatting (mixed `uint` vs `uint256`, inconsistent `returns(...)` spacing and parameter layout) across signatures such as delegateExplicit, undelegateAllExplicit, balanceOfAt, votePowerOfAt, delegatesOf / delegatesOfAt and others; fix by either (A) reformatting this file to match the project's vendored style: replace all `uint` with `uint256`, normalize function parameter layouts and `returns (...)` spacing to match other files (e.g., align multi-line parameter lists and return blocks), or (B) update the formatter/CI config to exclude src/vendor/ from formatting checks so vendored upstream style is preserved. Ensure changes touch only formatting/symbol types and do not alter interface semantics (function names: delegate, delegateExplicit, undelegateAllExplicit, balanceOfAt, votePowerOfAt, delegatesOf, delegatesOfAt, etc.) so CI passes.test/abstract/FtsoTest.sol (1)
9-11:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winResolve the formatting inconsistency flagged by CI.
The pipeline reports unexpected diff around the forge-lint disable comment/import block. Ensure the formatting matches the project's linter configuration.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@test/abstract/FtsoTest.sol` around lines 9 - 11, The forge-lint disable comment is causing a formatting mismatch around the import block; move or adjust the comment so it follows the project's linting style (place the disable comment immediately above the specific import or on the same line as the import if that is the repo standard), ensure consistent comma placement and spacing for the LibFlareContractRegistry and FLARE_CONTRACT_REGISTRY imports, and run the formatter/linter to confirm the block matches project conventions.test/src/lib/op/LibOpFtsoCurrentPriceUsd.t.sol (1)
179-186:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winResolve the formatting inconsistency flagged by CI.
The pipeline reports a formatting mismatch in the boolean expression parentheses and line-wrapping. Reformat this section to match the project's linter configuration.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@test/src/lib/op/LibOpFtsoCurrentPriceUsd.t.sol` around lines 179 - 186, The boolean expression around priceDetails.priceFinalizationType is misformatted; reflow it to match the project's linter by removing unnecessary enclosing parentheses and normalizing line breaks so the OR expression reads cleanly — e.g. directly compare priceDetails.priceFinalizationType to uint8(IFtso.PriceFinalizationType.WEIGHTED_MEDIAN) || uint8(IFtso.PriceFinalizationType.TRUSTED_ADDRESSES) without the extra outer parentheses and with consistent indentation to satisfy the CI (references: priceDetails.priceFinalizationType, IFtso.PriceFinalizationType.WEIGHTED_MEDIAN, IFtso.PriceFinalizationType.TRUSTED_ADDRESSES).
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/publish-soldeer.yaml:
- Line 7: The reusable workflow reference currently uses a mutable ref ("uses:
rainlanguage/rainix/.github/workflows/publish-soldeer.yaml@main"); change this
to pin a full commit SHA (replace "@main" with the repository commit SHA) so the
workflow is immutable and reproducible, and update every other workflow that
uses the same reusable-workflow reference to the same pinned SHA to keep them
consistent.
- Line 8: Replace the broad "secrets: inherit" usage with an explicit secrets
mapping for the reusable workflow: remove the "secrets: inherit" line and pass
only the required secrets (e.g., SOLDEER_TOKEN, NPM_TOKEN, or whatever publish
credentials the reusable workflow expects) by adding a secrets block mapping
each required input to the corresponding repository secret (for example mapping
SOLDEER_TOKEN to ${{ secrets.SOLDEER_TOKEN }}); ensure the secret names match
the parameters expected by the called workflow so only least-privilege
credentials are forwarded instead of inheriting all secrets.
In `@src/vendor/flare-smart-contracts/genesis/interface/IFtsoGenesis.sol`:
- Around line 19-25: The function declaration for revealPriceSubmitter in
IFtsoGenesis.sol is formatted across multiple lines and must match the
repository's canonical single-line signature style; update the declaration of
revealPriceSubmitter(address _voter, uint256 _epochId, uint256 _price, uint256
_voterWNatVP) to a single-line function signature (keeping name and parameter
names identical) so the file matches the vendored formatter expectations.
In `@src/vendor/flare-smart-contracts/genesis/interface/IFtsoRegistryGenesis.sol`:
- Line 19: The function signature for getFtsos uses non-canonical spacing in its
return clause; update the declaration of getFtsos to use formatter-compliant
Solidity spacing by changing the returns clause to the form returns
(IFtsoGenesis[] memory _ftsos) in the IFtsoRegistryGenesis interface so the
signature reads getFtsos(uint256[] memory _indices) external view returns
(IFtsoGenesis[] memory _ftsos).
In `@src/vendor/flare-smart-contracts/userInterfaces/IFlareContractRegistry.sol`:
- Line 16: Function signatures in IFlareContractRegistry.sol are missing a space
between the keyword "returns" and the opening parenthesis; update each signature
(e.g., getContractAddressByName, getContractNameByAddress, getContractNames,
getContractAddresses, and any other declared functions in that interface) so
they use the canonical Solidity spacing "returns (...)" instead of
"returns(...)" throughout the file, keeping calldata/visibility/return types
unchanged and running the Solidity formatter afterwards to ensure consistent
style.
In `@src/vendor/flare-smart-contracts/userInterfaces/IGovernanceSettings.sol`:
- Around line 1-7: The vendored Solidity interface text for IGovernanceSettings
has formatting/whitespace differences causing static CI failures; update this
file by reformatting it to the repository's canonical Solidity style or by
replacing its contents with the exact upstream canonical text for the interface
(preserving the SPDX header, pragma line, and the interface name
IGovernanceSettings) so spacing, line breaks, and comment formatting match the
project's formatter and the upstream source exactly.
In `@src/vendor/flare-smart-contracts/userInterfaces/IGovernanceVotePower.sol`:
- Around line 26-49: The interface uses non-canonical Solidity spacing in
function signatures (e.g., returns(uint256)); run the project Solidity formatter
or reapply the repo's formatting rules to this file and normalize signatures so
they match the enforced style (space before/open parenthesis in returns and
consistent spacing in parameter lists). Specifically update the declarations for
votePowerOfAt, getVotes, getDelegateOfAt, and getDelegateOfAtNow to the
formatter's canonical form (for example "returns (uint256)" and consistent
spacing around parameters) and commit the formatted file.
In `@src/vendor/flare-smart-contracts/userInterfaces/IPChainVotePower.sol`:
- Around line 17-137: The vendored interface’s event and function signatures
(e.g., event VotePowerChanged, event VotePowerCacheCreated, functions
votePowerOfAtCached, totalVotePowerAtCached, totalVotePower, totalVotePowerAt,
stakesOf, stakesOfAt, votePowerOf, votePowerOfAt, votePowerFromTo,
votePowerFromToAt, batchVotePowerOfAt) are misformatted compared to the repo
canonical style; fix by running the project’s Solidity formatter (or
re-importing the exact upstream canonical file) to normalize spacing and
line-wrapping for events and function declarations so signatures match CI
expectations.
In `@test/src/concrete/FlareFtsoWords.ftsoCurrentPricePair.t.sol`:
- Line 5: Replace the incorrect OpTest import with the project's FtsoTest test
base so StackItem/OperandV2 types match; specifically, in
FlareFtsoWords.ftsoCurrentPricePair.t.sol remove the import of OpTest (and its
StackItem) and import test/abstract/FtsoTest.sol (which exports compatible
StackItem/OperandV2), then rebuild to ensure subParseWord2 uses the unified
StackItem type and the InvalidJump errors are resolved.
---
Outside diff comments:
In `@src/vendor/flare-smart-contracts/ftso/interface/IIFtso.sol`:
- Around line 1-199: Formatting mismatches in multiple function signatures
(e.g., finalizePriceEpoch, configureEpochs, epochsConfiguration,
getVoteWeightingParameters) need to be normalized to the project's Solidity
formatter style: collapse or reflow the function parameter and returns blocks so
the `returns(...)` token spacing and line-wrapping match other vendored files
(no extra indentation, consistent comma placement and use of `memory`/types),
and ensure single-line or aligned multi-line signatures as used elsewhere in
vendor contracts; run the repo's solidity formatter/clang-format settings (or
apply the same wrapping rules) over the IIFtso interface to fix spacing around
`returns` and the function signature wrapping for all affected functions.
In `@src/vendor/flare-smart-contracts/token/interface/IIGovernanceVotePower.sol`:
- Around line 1-97: The CI failures are caused by inconsistent Solidity
formatting in IIGovernanceVotePower (events DelegateVotesChanged,
DelegateChanged and functions updateAtTokenTransfer, setCleanupBlockNumber,
setCleanerContract, ownerToken, pChainStakeMirror, getCleanupBlockNumber);
reformat these declarations to match the project's Solidity style (consistent
spacing around returns, parameter lists aligned either all-inline or multi-line
as used elsewhere, and spacing inside parentheses), e.g. make event parameter
lines and function signatures follow the exact style used in other vendor
interfaces in the repo, then run the project's formatter/linter to ensure the
file passes CI.
In `@src/vendor/flare-smart-contracts/token/interface/IIVPToken.sol`:
- Around line 1-56: The formatting failures are due to inconsistent Solidity
style in IIVPToken: change function return signatures to match project style by
adding a space before the returns parenthesis (e.g. change returns(uint256) to
returns (uint256)) for totalVotePowerAtCached and votePowerOfAtCached, and
reformat the batchVotePowerOfAt declaration to match the repo's
multi-line/signature style (align parameter lines and the returns (uint256[]
memory) clause consistently with other vendored interfaces); update the
IIVPToken interface declarations (functions totalVotePowerAtCached,
votePowerOfAtCached, batchVotePowerOfAt) accordingly so the linter/formatter
passes.
In `@src/vendor/flare-smart-contracts/userInterfaces/IFtso.sol`:
- Around line 1-245: CI failing due to formatting mismatches in vendored
Solidity interface IFtso (specifically around event declarations PriceRevealed,
PriceFinalized, PriceEpochInitializedOnFtso, LowTurnout and function signatures
like getCurrentPriceWithDecimals,
getCurrentPriceWithDecimalsFromTrustedProviders, getCurrentPriceDetails,
getEpochId, getEpochPriceForVoter, etc.); fix by either (A) running the project
formatter on this file and committing the formatted IFtso.sol to match the repo
style, or (B) adding src/vendor/** to the formatter/CI ignore list (e.g.,
.prettierignore/.clang-format-ignore/.editorconfig/formatter config used by CI)
and updating CI config so vendor files are excluded; choose one approach, apply
it, and commit the change so the pipeline no longer flags IFtso.sol.
In `@src/vendor/flare-smart-contracts/userInterfaces/IFtsoRegistry.sol`:
- Around line 1-183: The interface has formatter mismatches around the function
return signatures (e.g., getCurrentPrice, getCurrentPrice(string),
getCurrentPriceWithDecimals(uint256), getCurrentPriceWithDecimals(string),
getAllCurrentPrices, getCurrentPricesByIndices, getCurrentPricesBySymbols,
getSupportedIndicesAndFtsos, getSupportedSymbolsAndFtsos,
getSupportedIndicesAndSymbols, getSupportedIndicesSymbolsAndFtsos) — fix by
normalizing the `returns` spacing and multi-line return formatting to match the
repository style (use "returns ( ... )" with the same placement/line breaks as
other vendored interfaces), then run the project's code formatter/format command
to apply consistent whitespace across the file so CI formatting checks pass.
In `@src/vendor/flare-smart-contracts/userInterfaces/IPChainStakeMirror.sol`:
- Around line 1-111: The vendored Solidity interface IPChainStakeMirror (events
like StakeConfirmed, StakeEnded, functions like mirrorStake, totalSupply,
balanceOfAt) is failing CI due to formatting differences; either reformat the
vendored files by running your Solidity formatter on that directory (e.g., run
forge fmt targeting src/vendor/) to normalize spacing/returns/param layout, or
(preferred) update the project formatter configuration to exclude src/vendor/
from formatting checks so upstream files remain untouched; apply one of these
fixes and re-run CI.
In `@src/vendor/flare-smart-contracts/userInterfaces/IVPToken.sol`:
- Around line 1-266: The vendored IVPToken interface fails formatting (mixed
`uint` vs `uint256`, inconsistent `returns(...)` spacing and parameter layout)
across signatures such as delegateExplicit, undelegateAllExplicit, balanceOfAt,
votePowerOfAt, delegatesOf / delegatesOfAt and others; fix by either (A)
reformatting this file to match the project's vendored style: replace all `uint`
with `uint256`, normalize function parameter layouts and `returns (...)` spacing
to match other files (e.g., align multi-line parameter lists and return blocks),
or (B) update the formatter/CI config to exclude src/vendor/ from formatting
checks so vendored upstream style is preserved. Ensure changes touch only
formatting/symbol types and do not alter interface semantics (function names:
delegate, delegateExplicit, undelegateAllExplicit, balanceOfAt, votePowerOfAt,
delegatesOf, delegatesOfAt, etc.) so CI passes.
In `@test/abstract/FtsoTest.sol`:
- Around line 9-11: The forge-lint disable comment is causing a formatting
mismatch around the import block; move or adjust the comment so it follows the
project's linting style (place the disable comment immediately above the
specific import or on the same line as the import if that is the repo standard),
ensure consistent comma placement and spacing for the LibFlareContractRegistry
and FLARE_CONTRACT_REGISTRY imports, and run the formatter/linter to confirm the
block matches project conventions.
In `@test/src/lib/op/LibOpFtsoCurrentPriceUsd.t.sol`:
- Around line 179-186: The boolean expression around
priceDetails.priceFinalizationType is misformatted; reflow it to match the
project's linter by removing unnecessary enclosing parentheses and normalizing
line breaks so the OR expression reads cleanly — e.g. directly compare
priceDetails.priceFinalizationType to
uint8(IFtso.PriceFinalizationType.WEIGHTED_MEDIAN) ||
uint8(IFtso.PriceFinalizationType.TRUSTED_ADDRESSES) without the extra outer
parentheses and with consistent indentation to satisfy the CI (references:
priceDetails.priceFinalizationType, IFtso.PriceFinalizationType.WEIGHTED_MEDIAN,
IFtso.PriceFinalizationType.TRUSTED_ADDRESSES).
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: d8d6ab27-4346-4f9b-8e0d-7cab1f1ca917
⛔ Files ignored due to path filters (3)
flake.lockis excluded by!**/*.lockfoundry.lockis excluded by!**/*.locksoldeer.lockis excluded by!**/*.lock
📒 Files selected for processing (63)
.github/workflows/git-clean.yaml.github/workflows/manual-sol-artifacts.yaml.github/workflows/manual-sol-artifacts.yml.github/workflows/publish-soldeer.yaml.github/workflows/rainix-sol.yaml.github/workflows/rainix.yml.gitignore.gitmodules.soldeerignoreLICENSES/MIT.txtREUSE.tomlflake.nixfoundry.tomllib/flare-smart-contractslib/flare-smart-contracts-v2lib/rain.interpretermeta/FlareFtsoSubParserAuthoringMeta.rain.metameta/FlareFtsoWords.rain.metaremappings.txtscript/BuildAuthoringMeta.solscript/BuildPointers.solscript/Deploy.solslither.config.jsonsrc/abstract/FlareFtsoExtern.solsrc/abstract/FlareFtsoSubParser.solsrc/concrete/FlareFtsoWords.solsrc/lib/op/LibOpFtsoCurrentPricePair.solsrc/lib/op/LibOpFtsoCurrentPriceUsd.solsrc/lib/op/LibOpSFlrCurrentExchangeRate.solsrc/lib/parse/LibFlareFtsoSubParser.solsrc/vendor/flare-smart-contracts-v2/userInterfaces/IFeeCalculator.solsrc/vendor/flare-smart-contracts-v2/userInterfaces/LTS/FtsoV2Interface.solsrc/vendor/flare-smart-contracts/ftso/interface/IIFtso.solsrc/vendor/flare-smart-contracts/genesis/interface/IFtsoGenesis.solsrc/vendor/flare-smart-contracts/genesis/interface/IFtsoRegistryGenesis.solsrc/vendor/flare-smart-contracts/token/interface/IICleanable.solsrc/vendor/flare-smart-contracts/token/interface/IIGovernanceVotePower.solsrc/vendor/flare-smart-contracts/token/interface/IIVPContract.solsrc/vendor/flare-smart-contracts/token/interface/IIVPToken.solsrc/vendor/flare-smart-contracts/userInterfaces/IFlareContractRegistry.solsrc/vendor/flare-smart-contracts/userInterfaces/IFtso.solsrc/vendor/flare-smart-contracts/userInterfaces/IFtsoRegistry.solsrc/vendor/flare-smart-contracts/userInterfaces/IGovernanceSettings.solsrc/vendor/flare-smart-contracts/userInterfaces/IGovernanceVotePower.solsrc/vendor/flare-smart-contracts/userInterfaces/IPChainStakeMirror.solsrc/vendor/flare-smart-contracts/userInterfaces/IPChainStakeMirrorVerifier.solsrc/vendor/flare-smart-contracts/userInterfaces/IPChainVotePower.solsrc/vendor/flare-smart-contracts/userInterfaces/IVPContractEvents.solsrc/vendor/flare-smart-contracts/userInterfaces/IVPToken.soltest/abstract/FtsoTest.soltest/fork/LibFork.soltest/src/concrete/FlareFtsoWords.describedByMeta.t.soltest/src/concrete/FlareFtsoWords.ftsoCurrentPricePair.t.soltest/src/concrete/FlareFtsoWords.ftsoCurrentPriceUsd.t.soltest/src/concrete/FlareFtsoWords.ierc165.t.soltest/src/concrete/FlareFtsoWords.pointers.t.soltest/src/concrete/FlareFtsoWords.sflrCurrentExchangeRate.t.soltest/src/lib/flreth/LibDineroFlrEth.t.soltest/src/lib/lts/LibFtsoV2LTS.t.soltest/src/lib/op/LibOpFtsoCurrentPricePair.t.soltest/src/lib/op/LibOpFtsoCurrentPriceUsd.t.soltest/src/lib/registry/LibFlareContractRegistry.t.soltest/src/lib/sflr/LibSceptreStakedFlare.t.sol
💤 Files with no reviewable changes (6)
- lib/rain.interpreter
- .github/workflows/manual-sol-artifacts.yml
- lib/flare-smart-contracts
- lib/flare-smart-contracts-v2
- .gitmodules
- .github/workflows/rainix.yml
| tags: ["v*"] | ||
| jobs: | ||
| publish: | ||
| uses: rainlanguage/rainix/.github/workflows/publish-soldeer.yaml@main |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Verify all reusable workflow references are pinned (no branch/tag refs).
rg -nP '^\s*uses:\s*rainlanguage/rainix/\.github/workflows/.*@' .github/workflows \
| sed -n 'p'
echo
echo "Any line ending with `@main` or `@v`* should be pinned to a full SHA."Repository: rainlanguage/rain.flare
Length of output: 487
Pin reusable workflow to an immutable commit SHA.
Line 7 uses @main, which is mutable and can change behavior/security without changes in this repo. Pin to a full commit SHA for reproducibility and supply-chain safety. This issue affects multiple workflow files in the repository (.github/workflows/rainix-sol.yaml:5 and manual-sol-artifacts.yaml:13 also use @main).
Suggested change
- uses: rainlanguage/rainix/.github/workflows/publish-soldeer.yaml@main
+ uses: rainlanguage/rainix/.github/workflows/publish-soldeer.yaml@<full_commit_sha>🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/publish-soldeer.yaml at line 7, The reusable workflow
reference currently uses a mutable ref ("uses:
rainlanguage/rainix/.github/workflows/publish-soldeer.yaml@main"); change this
to pin a full commit SHA (replace "@main" with the repository commit SHA) so the
workflow is immutable and reproducible, and update every other workflow that
uses the same reusable-workflow reference to the same pinned SHA to keep them
consistent.
| jobs: | ||
| publish: | ||
| uses: rainlanguage/rainix/.github/workflows/publish-soldeer.yaml@main | ||
| secrets: inherit |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
# First, let's find and read the workflow file
find . -name "publish-soldeer.yaml" -type fRepository: rainlanguage/rain.flare
Length of output: 108
🏁 Script executed:
# Look for GitHub workflow files to understand the repository structure
git ls-files '.github/workflows/'Repository: rainlanguage/rain.flare
Length of output: 217
🏁 Script executed:
cat -n .github/workflows/publish-soldeer.yamlRepository: rainlanguage/rain.flare
Length of output: 289
🏁 Script executed:
# Let's check if there are other workflow files that might show patterns for secret passing
cat -n .github/workflows/git-clean.yamlRepository: rainlanguage/rain.flare
Length of output: 1616
🏁 Script executed:
# Check for any documentation or comments about what secrets are needed
rg -i "secret" .github/workflows/ -A 2 -B 2Repository: rainlanguage/rain.flare
Length of output: 698
🏁 Script executed:
# Let's check if there's any documentation about required secrets
rg "secrets" . --type md -iRepository: rainlanguage/rain.flare
Length of output: 49
🏁 Script executed:
# Check if there's a README or docs that mention secrets
find . -name "README*" -o -name "SECURITY*" -o -name "docs" -type dRepository: rainlanguage/rain.flare
Length of output: 79
🏁 Script executed:
# Check all workflow files for secret usage patterns
cat -n .github/workflows/rainix-sol.yamlRepository: rainlanguage/rain.flare
Length of output: 247
🏁 Script executed:
# Let's check the README to understand the repository structure and any notes about secrets
cat -n README.md | head -100Repository: rainlanguage/rain.flare
Length of output: 4739
🏁 Script executed:
# Check if there are any GitHub environment files or configuration
find . -name ".env*" -o -name "*.env" | head -20Repository: rainlanguage/rain.flare
Length of output: 49
🏁 Script executed:
# Search for any credential or token references in the workflows
rg "token|credential|auth" .github/workflows/ -iRepository: rainlanguage/rain.flare
Length of output: 49
🏁 Script executed:
# Let's search for any soldeer-related configuration or documentation
rg "soldeer" . -i -A 3Repository: rainlanguage/rain.flare
Length of output: 3651
🏁 Script executed:
# Check if there's a flake.nix that might hint at what dependencies/secrets are needed
if [ -f flake.nix ]; then cat -n flake.nix | head -50; fiRepository: rainlanguage/rain.flare
Length of output: 1759
🏁 Script executed:
# Let's check if there are any comments or documentation about what secrets are needed
rg "github.com/rainlanguage/rainix" . -A 5 -B 5Repository: rainlanguage/rain.flare
Length of output: 49
🏁 Script executed:
# Search for any environment or secrets configuration in the workflows
rg "env|SECRETS|token" .github/workflows/ -iRepository: rainlanguage/rain.flare
Length of output: 320
🏁 Script executed:
# Let's check if there are any other GitHub workflows in the rainix repository reference
rg "rainlanguage/rainix" . -rRepository: rainlanguage/rain.flare
Length of output: 481
🏁 Script executed:
# Let's look at the manual-sol-artifacts workflow to understand the pattern
cat -n .github/workflows/manual-sol-artifacts.yamlRepository: rainlanguage/rain.flare
Length of output: 555
🌐 Web query:
GitHub Actions secrets inherit best practices security risks
💡 Result:
GitHub Actions secrets inheritance refers to the secrets: inherit feature in reusable (called) workflows, which passes all secrets from the calling workflow to the called one. This simplifies secret passing but introduces security risks if not managed properly.[1][2] Best practices: - Avoid secrets: inherit in reusable workflows; explicitly list and pass only required secrets to enforce least privilege and limit exposure.[3] - Use environment secrets with protection rules (required reviewers, branch restrictions) for sensitive operations instead of broad repository or organization secrets.[4][5] - Set permissions blocks at workflow and job levels to minimize GITHUB_TOKEN access, defaulting to read-only where possible.[6][7] - Reference secrets individually in steps (e.g., env: MY_SECRET: ${{ secrets.MY_SECRET }}) rather than broadly, as GitHub only injects explicitly referenced secrets.[8][9] - For reusable workflows, centralize secrets in the called repo's environments and reference via environment: in jobs.[10] - Rotate secrets regularly, audit usage, and register transformed secrets (e.g., base64) to ensure log redaction.[6][11] - Prefer OIDC for cloud providers over long-lived secrets to reduce exposure.[12] Security risks: - Write access to a repo allows viewing/overwriting all repo secrets (including environment ones via API, bypassing reviewers).[13][6] - secrets: inherit exposes all caller secrets to the reusable workflow, increasing blast radius if the reusable workflow or runner is compromised.[3][14] - Compromised workflows/runners can exfiltrate injected secrets (redaction isn't foolproof against obfuscation).[14][8] - Fork PRs from pull_request_target or untrusted triggers may access secrets if not restricted.[9][14] - Organization secrets propagate broadly if not scoped by policy.[11][5] Example safe reusable workflow call: jobs: call-reusable: uses: org/repo/.github/workflows/reusable.yml@main secrets: REQUIRED_SECRET: ${{ secrets.REQUIRED_SECRET }} # Explicit, not inherit [1][2]
Citations:
- 1: https://docs.github.com/en/actions/how-tos/reuse-automations/reuse-workflows
- 2: https://docs.github.com/actions/using-workflows/reusing-workflows
- 3: https://www.wiz.io/blog/github-actions-security-guide
- 4: https://platformsecurity.com/blog/github-actions-secrets
- 5: https://help.github.com/en/code-security/reference/secret-security/understanding-github-secret-types
- 6: https://help.github.com/en/actions/reference/secure-use-reference
- 7: https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-githubs-security-features-to-secure-your-use-of-github-actions
- 8: https://docs.github.com/en/actions/security-for-github-actions/security-guides/about-secrets
- 9: https://docs.github.com/actions/security-guides/using-secrets-in-github-actions
- 10: https://stackoverflow.com/questions/71524542/how-to-use-reusable-github-workflows-and-keep-secrets-in-a-single-place
- 11: https://help.github.com/en/actions/reference/security/secrets
- 12: https://dev.to/neil_4e5a9c0f3c99/stop-putting-aws-access-keys-in-github-secrets-use-oidc-instead-5c13
- 13: https://nopcorn.run/2026/02/12/github-actions-secrets
- 14: https://docs.github.com/en/actions/concepts/security/compromised-runners
Pass only required secrets explicitly; avoid secrets: inherit.
Line 8 forwards all secrets to an external reusable workflow, which increases exposure and violates least-privilege boundaries. Instead, explicitly pass only the secrets needed for the publish operation (e.g., SOLDEER_TOKEN or similar credentials).
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/publish-soldeer.yaml at line 8, Replace the broad
"secrets: inherit" usage with an explicit secrets mapping for the reusable
workflow: remove the "secrets: inherit" line and pass only the required secrets
(e.g., SOLDEER_TOKEN, NPM_TOKEN, or whatever publish credentials the reusable
workflow expects) by adding a secrets block mapping each required input to the
corresponding repository secret (for example mapping SOLDEER_TOKEN to ${{
secrets.SOLDEER_TOKEN }}); ensure the secret names match the parameters expected
by the called workflow so only least-privilege credentials are forwarded instead
of inheriting all secrets.
| pragma solidity =0.8.25; | ||
|
|
||
| import {OpTest, StackItem} from "rain.interpreter/../test/abstract/OpTest.sol"; | ||
| import {OpTest, StackItem} from "rainlang-0.1.1/src/../test/abstract/OpTest.sol"; |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "== Locate all OpTest imports and interpreter interface imports =="
rg -n --type sol -C2 'OpTest\.sol|IInterpreterV4\.sol|StackItem' .
echo
echo "== Locate rainlang package files that can resolve OpTest =="
fd -i 'OpTest.sol'
echo
echo "== Inspect the imported OpTest file(s) and nearby imports =="
for f in $(fd -i 'OpTest.sol'); do
echo "---- $f ----"
sed -n '1,120p' "$f" | rg -n 'import|contract|library|interface|type StackItem|OperandV2|IInterpreterV4' || true
done
echo
echo "== Check for mixed interpreter interface package paths in repo =="
rg -n --type sol 'rain-interpreter-interface-|rain\.interpreter\.interface|deprecated/v1|unstable'Repository: rainlanguage/rain.flare
Length of output: 179
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "== Find all OpTest.sol files in the repository =="
fd -i 'OpTest.sol' .
echo
echo "== Find the test file in question =="
fd 'FlareFtsoWords.ftsoCurrentPricePair.t.sol' .
echo
echo "== Search for all OpTest imports (without type filter) =="
rg -n 'OpTest' . --include='*.sol' -C2 | head -100
echo
echo "== Search for StackItem and IInterpreter references =="
rg -n 'StackItem|IInterpreter' . --include='*.sol' | head -100Repository: rainlanguage/rain.flare
Length of output: 736
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "== Read the test file to see current imports =="
cat -n ./test/src/concrete/FlareFtsoWords.ftsoCurrentPricePair.t.sol | head -30
echo
echo "== Search for OpTest with correct rg syntax =="
rg 'OpTest' . -g '*.sol' -C2 | head -100
echo
echo "== Check for foundry.toml or remappings.txt =="
fd 'foundry.toml|remappings.txt|.env' .
echo
echo "== List the test/src/concrete directory =="
ls -la ./test/src/concrete/ | head -20
echo
echo "== Search more broadly for OpTest definitions =="
rg 'contract.*OpTest|library.*OpTest' . -g '*.sol'Repository: rainlanguage/rain.flare
Length of output: 6814
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "== Read remappings.txt =="
cat remappings.txt
echo
echo "== Read foundry.toml =="
cat foundry.toml
echo
echo "== Check for rainlang dependency in lib or installed dependencies =="
ls -la lib/ 2>/dev/null | grep -i rain || echo "No rainlang in lib/"
echo
echo "== Search for any rainlang references in foundry.toml or config =="
rg 'rainlang|rain-' .
echo
echo "== Check the actual path that the import would resolve to =="
echo "If rainlang-0.1.1 maps to lib/rainlang-0.1.1, the full path would be:"
echo " lib/rainlang-0.1.1/src/../test/abstract/OpTest.sol"
echo " which simplifies to: lib/rainlang-0.1.1/test/abstract/OpTest.sol"
</parameter>Repository: rainlanguage/rain.flare
Length of output: 12379
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "== Check all test files to see import patterns =="
find ./test -name "*.sol" -type f | head -20
echo
echo "== Look for other OpTest imports to compare =="
rg -l 'OpTest' ./test --max-count 20
echo
echo "== Check test/abstract directory for test base classes =="
ls -la ./test/abstract/
echo
echo "== Read FtsoTest.sol to see how it imports StackItem =="
cat -n ./test/abstract/FtsoTest.sol | head -50
echo
echo "== Check if there's git history showing what changed in line 5 =="
git log --oneline -n 20 -- ./test/src/concrete/FlareFtsoWords.ftsoCurrentPricePair.t.sol 2>/dev/null || echo "No git history available"Repository: rainlanguage/rain.flare
Length of output: 3523
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "== Check if any other test files use rainlang imports besides the three failing ones =="
rg 'rainlang-0.1.1' ./test -g '*.sol'
echo
echo "== Compare: which StackItem are the other lib tests using? =="
rg 'import.*StackItem' ./test -g '*.sol' -C1
echo
echo "== Check source files for StackItem usage to understand what version is expected =="
rg 'import.*StackItem' ./src -g '*.sol' -C1Repository: rainlanguage/rain.flare
Length of output: 3594
Replace OpTest import with FtsoTest to align StackItem type definitions.
The three failing Flare words tests import StackItem from rainlang-0.1.1/src/../test/abstract/OpTest.sol, while all other test files and source code import StackItem from rain-interpreter-interface-0.1.0/src/interface/IInterpreterV4.sol. This type mismatch is the likely cause of the InvalidJump errors in FlareFtsoWords.subParseWord2.
Import from the project's test base class instead: test/abstract/FtsoTest.sol (which provides compatible StackItem and OperandV2 definitions). This matches the pattern used by LibOpFtsoCurrentPricePair.t.sol and other library tests.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@test/src/concrete/FlareFtsoWords.ftsoCurrentPricePair.t.sol` at line 5,
Replace the incorrect OpTest import with the project's FtsoTest test base so
StackItem/OperandV2 types match; specifically, in
FlareFtsoWords.ftsoCurrentPricePair.t.sol remove the import of OpTest (and its
StackItem) and import test/abstract/FtsoTest.sol (which exports compatible
StackItem/OperandV2), then rebuild to ensure subParseWord2 uses the unified
StackItem type and the InvalidJump errors are resolved.
test/prod/FlareInterfacesProd.t.sol forks Flare at the existing pinned block and exercises every method this repo calls on the vendored Flare interfaces: - IFlareContractRegistry.getContractAddressByName - IFtsoRegistry.getFtsoBySymbol - IFtso.active + getCurrentPriceWithDecimals - IFtso.getCurrentPriceDetails - IFeeCalculator.calculateFeeByIds - FtsoV2Interface.getFeedByIdInWei (payable) If upstream Flare changes a method signature or removes a contract from the canonical name registry, the corresponding test fails — pinning the vendored copies to the on-chain ABI. Also apply forge fmt to the vendored files so git-clean passes; vendored layout is otherwise preserved. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Add multi-symbol IFtsoRegistry / IFtso prod tests, multi-feed IFeeCalculator, and a loop over all major FtsoV2 LTS feeds (FLR/SGB/BTC/XRP/LTC/XLM/DOGE/ADA/ETH). Catches drift in feed ID definitions and any per-symbol differences in the vendored interface behaviour. Regenerate FlareFtsoWords.pointers.sol against the soldeer-installed rainlang dep (testIntegrityPointers / testOpcodePointers etc were asserting the pre-soldeer values). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
rain.cli's new flake.lock now pins rainix at the same rev (998bd91d) that rain.flare's direct rainix input uses, so the duplicate rainix entry in our flake.lock collapses. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
These settings ended up under [soldeer] because of TOML section scoping — they followed [dependencies] / [soldeer] sections instead of [profile.default]. forge config then defaulted to bytecode_hash=ipfs / cbor_metadata=true, embedding non-deterministic IPFS metadata in every compile. BuildPointers iterated forever as a result. Moved settings under [profile.default] up top; BuildPointers now converges in two iterations. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Migrate from git submodules to soldeer for Solidity deps. Mirrors the float / rainlang pattern.
Dependency changes
Source changes
BaseRainterpreterExternNPE2→BaseRainlangExtern,BaseRainterpreterSubParserNPE2→BaseRainlangSubParser(renamed in the rainlang rebrand).IntOrAString.toString()→.toStringV3(),.fromString2→.fromStringV3(rain-intorastring API).unstable/and into thedeprecated/v1/tree.Vendored Flare interfaces
The flare-smart-contracts and flare-smart-contracts-v2 repos aren't on soldeer. 19 files under
src/vendor/{flare-smart-contracts,flare-smart-contracts-v2}/replace the submodules. Upstream MIT-licensed;LICENSES/MIT.txtadded, REUSE annotation covers the copyright.CI
submodules: recursive, drop sol-prelude.git-clean.yamlruns meta prelude + pointer build + fmt + diff (upstream reusable for this is tracked in Upstream a regen-derived-artifacts-and-assert-clean-tree reusable workflow rainix#173).Test plan
🤖 Generated with Claude Code
Summary by CodeRabbit
New Features
Chores