review: address PR #4000 review findings (deploy hardening + type-safety)

[piotr-roslaniec]

Context

Follow-up to #4000 addressing valid findings from the multi-agent review. Stacks on top of stack/testnet4-02-solidity-logic; merge after #4000.

Findings addressed

#	Fix	Commit
3	Allowlist redeploy-safe networks for EcdsaDkgValidator (was: mainnet-only denylist)	`fix(ecdsa/deploy): allowlist redeploy-safe networks`
5	README documenting vendored random-beacon-export regeneration policy (05_*.js diverges intentionally)	`docs(ecdsa/deploy): document vendored random-beacon-export format policy`
7	Restore `HardhatUserConfig` type annotation (TS 4.5 compatible, no `satisfies`)	`fix(ecdsa/hardhat): restore HardhatUserConfig type annotation`
8	`verifyOnTenderlyOrContinue` helper applied to all 4 deploy scripts (was: only 03 swallowed errors)	`fix(ecdsa/deploy): apply tenderly verify-or-continue helper everywhere`
9	Comment explaining sepolia named-account role collapse	`docs(ecdsa/hardhat): note sepolia named-account role collapse`
10	Comment marking the second `WalletRegistry.governance()` read as a deliberate TOCTOU recheck	`docs(ecdsa/tasks): explain TOCTOU recheck of WR.governance()`
extra	Move `README.md` out of `deploy/` (hardhat-deploy walks the dir and `require()`s every file)	`fix(ecdsa/deploy): move README out of deploy/ dir`

Findings rejected after review

• PR body wording on WalletRegistry.sol (NatSpec-only) — best handled by editing PR feat(solidity): improve Sepolia deploy behavior and wallet registry flows #4000's body directly, not as a code commit here.
• Skip-suite disclosure — same: belongs in PR feat(solidity): improve Sepolia deploy behavior and wallet registry flows #4000's body.
• `Glossary Groove: Additional tweaks to the glossary #4` (gate `00_resolve_*` on env var) — would break `deployments.fixture()` in tests (`yarn test` runs the hardhat network which needs the skip).
• `Circleci v2 setup #6` (drop `approveApplication` try/catch) — deliberate runtime backstop for forked/aliased networks where artifact ABI ≠ on-chain.

Test Plan

Verified locally with `FORKING_URL` unset:

• `cd solidity/ecdsa && yarn test` → 644 passing, 44 pending, 0 failing
• `cd solidity/random-beacon && yarn test` → 535 passing, 397 pending, 0 failing

The 44 + 397 pending are the pre-existing `describe.skip(...)` suites (legacy Keep TokenStaking ABI unavailable in current Threshold build).

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 805e8515-1f5a-45af-81f0-6f489b808e9c

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch review/pr-4000-solidity-logic-fixes

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}