ci: sign release archives, docker images, and publish SBOMs #520
Merged
Conversation
Co-authored-by: Amp <amp@ampcode.com> Co-authored-by: steven <corderosteven6@gmail.com> Co-authored-by: stevencartavia <112043913+stevencartavia@users.noreply.github.com> Co-authored-by: Matthias Seitz <matthias.seitz@outlook.de>
Co-authored-by: Matthias Seitz <matthias.seitz@outlook.de>
* chore(clippy): fix for_kv_map and useless_borrows_in_formatting Amp-Thread-ID: https://ampcode.com/threads/T-019df0f9-62e7-74b8-bd5e-da2acce678fb Co-authored-by: Amp <amp@ampcode.com> * chore(clippy): drop redundant borrows in cheatcodes assert formatters Amp-Thread-ID: https://ampcode.com/threads/T-019df0f9-62e7-74b8-bd5e-da2acce678fb Co-authored-by: Amp <amp@ampcode.com> --------- Co-authored-by: Amp <amp@ampcode.com>
flake.lock: Update
Flake lock file updates:
• Updated input 'fenix':
'github:nix-community/fenix/f374034' (2026-04-25)
→ 'github:nix-community/fenix/74c1591' (2026-05-02)
• Updated input 'fenix/rust-analyzer-src':
'github:rust-lang/rust-analyzer/8954b66' (2026-04-21)
→ 'github:rust-lang/rust-analyzer/64cdaeb' (2026-05-01)
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/01fbdee' (2026-04-23)
→ 'github:NixOS/nixpkgs/c6d6588' (2026-05-01)
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: zerosnacks <95942363+zerosnacks@users.noreply.github.com> Co-authored-by: Mablr <59505383+mablr@users.noreply.github.com>
* feat(cast): add tempo keychain policy commands * fix(cast): address keychain policy review
`cast` panicked with this message coming from jsonwebtoken: ``` Call CryptoProvider::install_default() before this point to select a provider manually, or make sure exactly one of the 'rust_crypto' and 'aws_lc_rs' features is enabled. See the documentation of the CryptoProvider type for more information. ``` This seemingly was introduced with the bump of jsonwebtoken to 10. Now it requires you to pick one backend used by default controlled by the compile time cargo features or call `CryptoProvider::install_default()` at the beginning. I realized that probably it would be better to just select the feature and I picked `aws_lc_rs` as it seems to be increasingly a default and we already are using the C toolchain. Co-authored-by: zerosnacks <95942363+zerosnacks@users.noreply.github.com>
…14559) Follow-up to #14555: - Drop the redundant flashbots branch in RpcOpts::dict; self.url(None) already returns FLASHBOTS_URL when --flashbots is set, so the subsequent overwrite was dead code. - Inline the resolve_rpc_url helper back into RpcCommonOpts::url; it was only called from one place and added unneeded surface area. - Restore the doc comment on RpcCommonOpts and document why ETH_RPC_URL is intentionally not a clap env on the shared field (so EvmArgs cannot inherit it). - Add an integration test that runs forge config with ETH_RPC_URL set in the environment and asserts that eth_rpc_url stays None, directly exercising the regression scenario from #14538. Amp-Thread-ID: https://ampcode.com/threads/T-019df243-267f-7779-93e1-5d6686082444 Co-authored-by: zerosnacks <zerosnacks@protonmail.com> Co-authored-by: Amp <amp@ampcode.com>
* feat(cast): open Tempo wallet fund flow for MPP failures * ci(tempo): skip network checks without rpc secrets * Revert "ci(tempo): skip network checks without rpc secrets" This reverts commit f8dd701. * fix(common): address mpp funding review --------- Co-authored-by: zerosnacks <95942363+zerosnacks@users.noreply.github.com>
- release.yml: emit per-archive sha256 + SPDX SBOM (Syft), cosign keyless sign-blob of the archive, and use actions/attest@v4 for both build provenance and SBOM attestations. Upload all artifacts to the draft release. - docker-publish.yml: enable BuildKit SBOM, capture the build digest, cosign keyless sign each pushed tag, and publish a Sigstore-signed SLSA provenance attestation via actions/attest with push-to-registry. - SECURITY.md: document how external users verify archives and the docker image (gh attestation, cosign, plain sha256, buildx imagetools). - README.md: link to the new verification section.
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
There was a problem hiding this comment.
Sorry @Dargon789, your pull request is larger than the review limit of 150000 diff characters
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request migrates Chisel's type-inference and inspection logic to the solar compiler, introduces new keychain inspect and policy subcommands to Cast, and enables per-test network overrides in Forge using inline configuration. Additionally, it implements a too-many-digits lint, adds a convenience --tempo.expires flag for expiring nonces, and integrates an interactive funding flow for paid RPC requests. Review feedback identifies an opportunity to improve consistency for transaction pool assertions in Anvil, a potential for branch name collisions in benchmark scripts, and a need to clarify the logic for zero-valued periods in keychain policy updates.
GitHub api.github.com occasionally returns transient 403s on certain VMs (per-IP rate limiting / WAF hiccups), causing foundryup to fail to resolve the latest stable / nightly release tag, e.g.: foundryup: fetching latest nightly releases from foundry-rs/foundry... Error: curl: (56) The requested URL returned error: 403 foundryup: failed to fetch releases from GitHub API Add curl/wget retry logic to the `fetch` helper (used exclusively for GitHub API releases endpoints): - curl: --retry 5 --retry-delay 2 --retry-max-time 60, plus --retry-all-errors when supported (curl 7.71+, feature-detected so older curl does not hard-fail). --retry-all-errors is required to retry HTTP 403, which is not in curl's default retryable set. - wget fallback: --tries=5 --waitretry=2 --retry-on-http-error=403,408,429,5xx. `fetch` now buffers to a temp file before emitting to stdout, since curl's --retry-all-errors is unsafe with piped consumers (mid-stream retries can duplicate bytes). Existing callers pipe into awk/grep. Tunable via FOUNDRYUP_MAX_RETRIES (default 5). `download` (binary tarballs, attestations, manpages) is intentionally left unchanged — those rarely fail and changing them affects the attestation existence check semantics. Bumps installer version 1.8.1 -> 1.8.2. Amp-Thread-ID: https://ampcode.com/threads/T-019df2f5-9b97-717a-b959-cf7cbc7ca3bb Co-authored-by: Amp <amp@ampcode.com>
…ge` (#14610) fix --fuzz-seed not effective in forge coverage
* fix(foundryup): mirror tag resolution for install & use * fix(foundryup): mirror semver version normalization in `use` `install` auto-prepends `v` to bare semver versions (e.g. `1.7.0` -> `v1.7.0`) so the on-disk directory is always `v`-prefixed. `use` was doing a literal lookup, so `foundryup -u 1.7.0` failed even though `foundryup -i 1.7.0` had succeeded. Broaden the channel `case` in `use()` to also match bare semver inputs (`MAJOR.MINOR.PATCH[-prerelease]`) so they go through the same `resolve_version_and_tag` normalizer. The pattern is intentionally tighter than `install`'s `[[:digit:]]*` so locally-built versions whose names happen to start with a digit are still looked up literally. Amp-Thread-ID: https://ampcode.com/threads/T-019dfc78-8557-712b-9944-bbff9a4a3b76 Co-authored-by: Amp <amp@ampcode.com> * chore(foundryup): clarify tag-resolution log and error messages Distinguish the GitHub API tag-resolution phase from the actual binary download by consistently referring to "release tag(s)" in the `resolve_version_and_tag` helper's `say` and `err` messages. Amp-Thread-ID: https://ampcode.com/threads/T-019dfc78-8557-712b-9944-bbff9a4a3b76 Co-authored-by: Amp <amp@ampcode.com> --------- Co-authored-by: zerosnacks <95942363+zerosnacks@users.noreply.github.com> Co-authored-by: Amp <amp@ampcode.com>
…14517) * feat: cast unauthorized flow → wallet.tempo access-key authorization Amp-Thread-ID: https://ampcode.com/threads/T-019df174-9538-713b-b8c9-5001b1ad4719 Co-authored-by: Amp <amp@ampcode.com> * fmt * feat(cast): replace TEMPO_NO_BROWSER env with flag * revert token addresses --------- Co-authored-by: Amp <amp@ampcode.com> Co-authored-by: Mablr <59505383+mablr@users.noreply.github.com>
…revert leak (#14620) docs(cheatcodes): clarify expectEmit next-call semantics and caught-revert leak expectEmit is a 'next call' assertion. If the call immediately after expectEmit reverts and the revert is swallowed by the caller (low-level call or try/catch), the unmatched expectation can leak forward and be satisfied by a later unrelated emission, silently turning a broken test green. Document the constraint on the natspec for both no-arg and topic-checking overloads, and regenerate cheatcodes.json. Refs: #14618 Amp-Thread-ID: https://ampcode.com/threads/T-019dfd96-7a03-7249-8c10-af20ee2729f5 Co-authored-by: Amp <amp@ampcode.com>
…rames (#14615) * fix(cheatcodes): enforce `expectRevert` reverter address for CREATE frames The reverter address argument to `vm.expectRevert` was silently ignored when the innermost reverting frame was a CREATE (top-level or nested), because create_end never populated `expected_revert.reverted_by`. Mirror call_end's logic in create_end: when the outcome reverts and a reverter address is expected, record outcome.address (revm guarantees this is Some(would-be address) whenever the constructor executed). Adds positive regression tests for top-level and nested-CREATE reverts, and a negative regression test asserting wrong-reverter now fails. Co-authored-by: Amp <amp@ampcode.com> * improve coverage * add Derek's suggested test cases * fix: forge fmt for ExpectRevert.t.sol Amp-Thread-ID: https://ampcode.com/threads/T-019dfdc5-5414-70b6-9f49-cb5797a37a29 Co-authored-by: Amp <amp@ampcode.com> --------- Co-authored-by: Amp <amp@ampcode.com> Co-authored-by: zerosnacks <95942363+zerosnacks@users.noreply.github.com>
* fix(script): don't force Tempo AA fee_token from --network tempo alone
Plain --network tempo (or any selection that just sets the network to
Tempo) does not by itself imply a Tempo AA / type 0x76 transaction.
Defaulting tempo.common.fee_token to PATH_USD_ADDRESS solely from
evm_opts.networks.is_tempo() caused every unsigned broadcast tx to flow
through TempoOpts::apply, which set fee_token on the request and
promoted it to the Tempo AA tx envelope. Signers that only know how to
sign ordinary Ethereum transactions (e.g. the Ledger Ethereum app)
then rejected the transaction with 'received an unexpected empty
response'.
Gate the default on an actual Tempo AA opt-in:
- --batch (Tempo batch txs are themselves AA and need a fee token), or
- any explicit --tempo.* flag (sponsor, expiring nonce, nonce key/lane,
...) which already forces an AA tx and benefits from a default fee
token.
Explicit --tempo.fee-token continues to win over the default in all
cases, and non-Tempo networks never default the fee token.
Add unit tests for each scenario.
Amp-Thread-ID: https://ampcode.com/threads/T-019dfd37-2354-712f-95b1-2584fd47ad5e
Co-authored-by: Amp <amp@ampcode.com>
* fix(script): don't force eth_estimateGas on plain Tempo broadcasts
Plain --network tempo produces an ordinary EIP-1559/legacy transaction
(see tempo-alloy::TempoTransactionRequest::output_tx_type), so the local
simulation gas estimate is sufficient. Forcing RPC re-estimation in this
case can surface node-side errors such as 'gas required exceeds
allowance (0)' (Geth-style balance/gasPrice cap from eth_estimateGas)
on flows that previously worked, including Ledger-signed broadcasts
that just got unblocked from the type 0x76 regression.
Match tempo-foundry's behaviour: only force eth_estimateGas on Tempo
when the user has actually opted into Tempo AA semantics (--batch or
any explicit --tempo.* flag).
Extract the gating into needs_tempo_aa_rpc_estimate(...) and add
focused unit tests mirroring the fee-token gating tests.
Amp-Thread-ID: https://ampcode.com/threads/T-019dfd37-2354-712f-95b1-2584fd47ad5e
Co-authored-by: Amp <amp@ampcode.com>
* fix(script): don't re-estimate plain Tempo chain broadcasts
---------
Co-authored-by: Amp <amp@ampcode.com>
* test: added regression test * fix: re-order revert handling * refactor: simplify * lint: fmt * polish: tighten comment, extend test with revert reason and custom error Amp-Thread-ID: https://ampcode.com/threads/T-019dfd96-7a03-7249-8c10-af20ee2729f5 Co-authored-by: Amp <amp@ampcode.com> --------- Co-authored-by: zerosnacks <95942363+zerosnacks@users.noreply.github.com> Co-authored-by: Amp <amp@ampcode.com>
* feat(lint): add tx-origin detector * test(lint): address tx-origin review feedback * fix: ui bless * fix(lint): cover tx-origin index and ternary predicates * test(lint): bless tx-origin snapshot --------- Co-authored-by: Mablr <59505383+mablr@users.noreply.github.com>
fix(tempo): prepare batch access key txs before estimation
fix(anvil): respect non-zero genesis block in Otterscan APIs The three Otterscan address-history endpoints (`ots_searchTransactionsBefore`/`After`, `ots_getTransactionBySenderAndNonce`) hardcoded `unwrap_or(1)` / `unwrap_or_default()` as the lower bound of their block scan, which breaks when `genesis_block_number` is non-zero (e.g. `genesis.json` `number: 73`). Expose `Backend::genesis_number()` and fall back to `genesis_number() + 1` in non-fork mode, mirroring the existing post-fork `f.block_number() + 1` convention.
Dargon789
added a commit
that referenced
this pull request
May 7, 2026
* chore(deps): bump strum from 0.27.2 to 0.28.0
Bumps [strum](https://github.com/Peternator7/strum) from 0.27.2 to 0.28.0.
- [Release notes](https://github.com/Peternator7/strum/releases)
- [Changelog](https://github.com/Peternator7/strum/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Peternator7/strum/compare/v0.27.2...v0.28.0)
---
updated-dependencies:
- dependency-name: strum
dependency-version: 0.28.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* Update crates/script/src/simulate.rs
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
* Update crates/anvil/server/src/handler.rs
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
* fix(forge): adjust gas assertion CounterWithFallback (foundry-rs#14465 ) (#498)
* chore(deps): bump rui314/setup-mold from 725a8794d15fc7563f59595bd9556495c0564878 to 9c9c13bf4c3f1adef0cc596abc155580bcb04444 (#14442)
chore(deps): bump rui314/setup-mold
Bumps [rui314/setup-mold](https://github.com/rui314/setup-mold) from 725a8794d15fc7563f59595bd9556495c0564878 to 9c9c13bf4c3f1adef0cc596abc155580bcb04444.
- [Commits](https://github.com/rui314/setup-mold/compare/725a8794d15fc7563f59595bd9556495c0564878...9c9c13bf4c3f1adef0cc596abc155580bcb04444)
---
updated-dependencies:
- dependency-name: rui314/setup-mold
dependency-version: 9c9c13bf4c3f1adef0cc596abc155580bcb04444
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update flake.lock (#14458)
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* fix(forge): adjust gas assertion `CounterWithFallback` (#14465)
* chore: update latest benchmarks (#14467)
* ci: split MPP e2e into its own workflow (#14468)
* ci: split MPP e2e into its own workflow
Move the MPP e2e step from ci-tempo.yml into a standalone ci-mpp.yml
workflow so transient HTTP 402 failures from the MPP RPC do not block
the Tempo CI workflow.
Amp-Thread-ID: https://ampcode.com/threads/T-019dceb8-61e5-734f-b047-17665b4ea7d3
Co-authored-by: Amp <amp@ampcode.com>
* ci: rename sanity-check job to tempo-check
Amp-Thread-ID: https://ampcode.com/threads/T-019dceb8-61e5-734f-b047-17665b4ea7d3
Co-authored-by: Amp <amp@ampcode.com>
* ci: rename mpp-e2e job to mpp-check
Amp-Thread-ID: https://ampcode.com/threads/T-019dceb8-61e5-734f-b047-17665b4ea7d3
Co-authored-by: Amp <amp@ampcode.com>
---------
Co-authored-by: Amp <amp@ampcode.com>
* Improve GH actions (#14473)
* fix(benches): add repos + extra args support to prevent blocking errors (#14470)
* fix(benches): add repos + extra args support to prevent blocking errors
* fix(ci): set `inputs.repos` default to empty
* fix: remove `--verbose` flags
* fix: exclude `uniswap/v4-core` `TickMathTestTest`
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Mablr <59505383+mablr@users.noreply.github.com>
Co-authored-by: zerosnacks <95942363+zerosnacks@users.noreply.github.com>
Co-authored-by: Amp <amp@ampcode.com>
Co-authored-by: grandizzy <38490174+grandizzy@users.noreply.github.com>
* chore(deps): bump strum from 0.27.2 to 0.28.0 (#509)
Bumps [strum](https://github.com/Peternator7/strum) from 0.27.2 to 0.28.0.
- [Release notes](https://github.com/Peternator7/strum/releases)
- [Changelog](https://github.com/Peternator7/strum/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Peternator7/strum/compare/v0.27.2...v0.28.0)
---
updated-dependencies:
- dependency-name: strum
dependency-version: 0.28.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
* gas-snapshot
* chore(deps): bump similar-asserts from 1.7.0 to 2.0.0 (#508)
Bumps [similar-asserts](https://github.com/mitsuhiko/similar-asserts) from 1.7.0 to 2.0.0.
- [Changelog](https://github.com/mitsuhiko/similar-asserts/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mitsuhiko/similar-asserts/compare/1.7.0...2.0.0)
---
updated-dependencies:
- dependency-name: similar-asserts
dependency-version: 2.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* ci: sign release archives, docker images, and publish SBOMs (#520)
* anvil: unify Tempo nonce markers across send RPCs (#14536)
Co-authored-by: Amp <amp@ampcode.com>
Co-authored-by: steven <corderosteven6@gmail.com>
Co-authored-by: stevencartavia <112043913+stevencartavia@users.noreply.github.com>
Co-authored-by: Matthias Seitz <matthias.seitz@outlook.de>
* fix(forge): `flaky_gas_report_fallback_with_calldata` deployment cost (#14545)
* chore(lint): add missing lints to README (#14551)
* chore(bench): update `benchmark.sh` (#14548)
Co-authored-by: Matthias Seitz <matthias.seitz@outlook.de>
* chore(clippy): fix for_kv_map and useless_borrows_in_formatting (#14554)
* chore(clippy): fix for_kv_map and useless_borrows_in_formatting
Amp-Thread-ID: https://ampcode.com/threads/T-019df0f9-62e7-74b8-bd5e-da2acce678fb
Co-authored-by: Amp <amp@ampcode.com>
* chore(clippy): drop redundant borrows in cheatcodes assert formatters
Amp-Thread-ID: https://ampcode.com/threads/T-019df0f9-62e7-74b8-bd5e-da2acce678fb
Co-authored-by: Amp <amp@ampcode.com>
---------
Co-authored-by: Amp <amp@ampcode.com>
* fix(ci): use `PATH_USD` fallback fee token in Mail templates (#14546)
* chore(deps): bump the actions-weekly group with 3 updates (#14497)
* refactor(chisel): migrate to solar (#14532)
* feat(lint): add too-many-digits lint (#14549)
* feat: feature-gate optimism deps in common-fmt, common, cast (#14539)
* feat(forge): support per-test network selection via inline config (#14530)
* feat(cli): `--tempo.expires` retry-safe mode (TIP-1009 expiring nonces) (#14521)
* fix(forge): `per_test_network_routing` match undeterministic order (#14557)
output
* chore(ci): run tempo mainnet and testnet checks before devnet (#14556)
* Update flake.lock (#14553)
flake.lock: Update
Flake lock file updates:
• Updated input 'fenix':
'github:nix-community/fenix/f374034' (2026-04-25)
→ 'github:nix-community/fenix/74c1591' (2026-05-02)
• Updated input 'fenix/rust-analyzer-src':
'github:rust-lang/rust-analyzer/8954b66' (2026-04-21)
→ 'github:rust-lang/rust-analyzer/64cdaeb' (2026-05-01)
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/01fbdee' (2026-04-23)
→ 'github:NixOS/nixpkgs/c6d6588' (2026-05-01)
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* chore(bench): update benchmark results (#14552)
* fix(forge): ignore ETH_RPC_URL for test forking (#14555)
Co-authored-by: zerosnacks <95942363+zerosnacks@users.noreply.github.com>
Co-authored-by: Mablr <59505383+mablr@users.noreply.github.com>
* feat(cast): add Tempo keychain policy commands (#14531)
* feat(cast): add tempo keychain policy commands
* fix(cast): address keychain policy review
* fix(cli): fix jsonwebtoken panic (#14562)
`cast` panicked with this message coming from jsonwebtoken:
```
Call CryptoProvider::install_default() before this point to select a provider manually, or make sure exactly one of the
'rust_crypto' and 'aws_lc_rs' features is enabled.
See the documentation of the CryptoProvider type for more information.
```
This seemingly was introduced with the bump of jsonwebtoken to 10. Now
it requires you to pick one backend used by default controlled by the
compile time cargo features or call `CryptoProvider::install_default()`
at the beginning.
I realized that probably it would be better to just select the feature
and I picked `aws_lc_rs` as it seems to be increasingly a default and
we already are using the C toolchain.
Co-authored-by: zerosnacks <95942363+zerosnacks@users.noreply.github.com>
* chore(cli): tidy ETH_RPC_URL handling and add forge regression test (#14559)
Follow-up to #14555:
- Drop the redundant flashbots branch in RpcOpts::dict; self.url(None)
already returns FLASHBOTS_URL when --flashbots is set, so the
subsequent overwrite was dead code.
- Inline the resolve_rpc_url helper back into RpcCommonOpts::url; it
was only called from one place and added unneeded surface area.
- Restore the doc comment on RpcCommonOpts and document why
ETH_RPC_URL is intentionally not a clap env on the shared field
(so EvmArgs cannot inherit it).
- Add an integration test that runs forge config with ETH_RPC_URL set
in the environment and asserts that eth_rpc_url stays None,
directly exercising the regression scenario from #14538.
Amp-Thread-ID: https://ampcode.com/threads/T-019df243-267f-7779-93e1-5d6686082444
Co-authored-by: zerosnacks <zerosnacks@protonmail.com>
Co-authored-by: Amp <amp@ampcode.com>
* feat(cast): open Tempo wallet fund flow for MPP failures (#14505)
* feat(cast): open Tempo wallet fund flow for MPP failures
* ci(tempo): skip network checks without rpc secrets
* Revert "ci(tempo): skip network checks without rpc secrets"
This reverts commit f8dd70163f850b854888fd1c962174e1663284f4.
* fix(common): address mpp funding review
---------
Co-authored-by: zerosnacks <95942363+zerosnacks@users.noreply.github.com>
* ci: sign release archives, docker images, and publish SBOMs (#14563)
- release.yml: emit per-archive sha256 + SPDX SBOM (Syft), cosign
keyless sign-blob of the archive, and use actions/attest@v4 for both
build provenance and SBOM attestations. Upload all artifacts to the
draft release.
- docker-publish.yml: enable BuildKit SBOM, capture the build digest,
cosign keyless sign each pushed tag, and publish a Sigstore-signed
SLSA provenance attestation via actions/attest with push-to-registry.
- SECURITY.md: document how external users verify archives and the
docker image (gh attestation, cosign, plain sha256, buildx imagetools).
- README.md: link to the new verification section.
* perf(common): short-circuit `find_by_name_or_identifier` instead of `collect` (#14514)
* feat(foundryup): retry GitHub API fetches on transient errors (#14566)
GitHub api.github.com occasionally returns transient 403s on certain VMs
(per-IP rate limiting / WAF hiccups), causing foundryup to fail to
resolve the latest stable / nightly release tag, e.g.:
foundryup: fetching latest nightly releases from foundry-rs/foundry...
Error: curl: (56) The requested URL returned error: 403
foundryup: failed to fetch releases from GitHub API
Add curl/wget retry logic to the `fetch` helper (used exclusively for
GitHub API releases endpoints):
- curl: --retry 5 --retry-delay 2 --retry-max-time 60, plus
--retry-all-errors when supported (curl 7.71+, feature-detected so
older curl does not hard-fail). --retry-all-errors is required to
retry HTTP 403, which is not in curl's default retryable set.
- wget fallback: --tries=5 --waitretry=2
--retry-on-http-error=403,408,429,5xx.
`fetch` now buffers to a temp file before emitting to stdout, since
curl's --retry-all-errors is unsafe with piped consumers (mid-stream
retries can duplicate bytes). Existing callers pipe into awk/grep.
Tunable via FOUNDRYUP_MAX_RETRIES (default 5).
`download` (binary tarballs, attestations, manpages) is intentionally
left unchanged — those rarely fail and changing them affects the
attestation existence check semantics.
Bumps installer version 1.8.1 -> 1.8.2.
Amp-Thread-ID: https://ampcode.com/threads/T-019df2f5-9b97-717a-b959-cf7cbc7ca3bb
Co-authored-by: Amp <amp@ampcode.com>
* feat(lint): project-wide passes + pragma-inconsistent (#14543)
* feat(lint): project-wide passes + pragma-inconsistent
* rm hashset, msg
* test(lint): exhaustive pragma-inconsistent coverage + clearer testdata names (#14561)
* test(lint): exhaustive coverage for pragma-inconsistent
Follow-up to #14543 expanding test coverage for the cross-file
`pragma-inconsistent` lint across the syntax variants users encounter
in real Solidity projects.
Multi-file scenarios (added as `forgetest!` cases in
`crates/forge/tests/cli/lint.rs`, since they cannot be expressed in a
single `.sol` testdata file):
- Negative (must NOT warn):
- all files use the same exact pragma (`0.8.20`)
- all files use the same caret pragma (`^0.8.20`)
- single file in the project
- Positive (must warn):
- duplicates among a conflict -- two identical files plus one
different pragma still emits three warnings
- Mixed:
- file without an explicit pragma uses the test-utils default
(`add_raw_source` is used to bypass the auto-injected pragma)
Source bodies are pulled out into module-level `const` raw strings so
rustfmt does not collapse the inline `\n`-escaped strings into wide
horizontal blobs.
Single-file scenarios (added as `.sol` files under
`crates/lint/testdata/` in the existing `//~NOTE:` annotation style):
- `PragmaInconsistentCaretVsTilde.sol`: `^0.8.20` vs `~0.8.20`
- `PragmaInconsistentRangeVsExact.sol`: `>=0.8.0 <0.9.0` vs `0.8.20`
-- range satisfies exact but lint is intentionally string-based,
matching SLITHER-W1078
- `PragmaInconsistentOrVsExact.sol`: `0.8.20 || 0.8.21` vs `0.8.20`
- `PragmaInconsistentThreeDistinct.sol`: `>=0.8.0`, `^0.8.0`, `~0.8.0`
-- verifies the `others` list contains every other variant
* test(lint): rename pragma-inconsistent testdata to describe the case under test
The two testdata files added in #14543 were named `PragmaInconsistent.sol`
and `PragmaInconsistent2.sol`, which made them look like duplicates. They
actually exercise distinct edge cases of the same string-based detection:
- `PragmaInconsistentCaretAboveExact.sol` (was `PragmaInconsistent.sol`):
caret range whose lower bound is strictly below the exact version
(`^0.8.0` + `0.8.18`).
- `PragmaInconsistentCaretMatchesExact.sol` (was `PragmaInconsistent2.sol`):
caret range whose lower bound equals the exact version
(`^0.8.20` + `0.8.20`) -- the looks-the-same-but-still-distinct case
that guards SLITHER-W1078 parity (no semver intersection).
Amp-Thread-ID: https://ampcode.com/threads/T-019df243-267f-7779-93e1-5d6686082444
Co-authored-by: Amp <amp@ampcode.com>
---------
Co-authored-by: Amp <amp@ampcode.com>
---------
Co-authored-by: zerosnacks <95942363+zerosnacks@users.noreply.github.com>
Co-authored-by: Amp <amp@ampcode.com>
* refactor(script): reuse shared Tempo CLI opts (#14558)
* deps: bump tempo to 6bf9903 (T6 hardfork) + fix alloy-evm 0.34 compat (#14567)
* deps: bump tempo to 6bf9903 (T6 hardfork)
Bumps tempo crates to 6bf9903d, adding the T6 hardfork variant to
TempoHardfork. Without this, cast's tempo_forkSchedule lookup parses
the chain's reported active fork ("T6") into TempoHardfork::FromStr,
fails because T6 was unknown to the enum, and silently returns
is_hardfork_active(T3) = false. That made 'cast keychain auth' fall
back to the legacy authorizeKey selector and revert with
LegacyAuthorizeKeySelectorChanged on any T6 chain.
Also bumps alloy-evm to 0.34 and the optimism git pin to develop
(e3b59e7) so alloy-op-evm picks up an EvmFactory impl built against
alloy-evm 0.34. Removes the now-unused paradigmxyz/reth-core [patch]
entries.
No source changes; lockfile churn is transitive only.
* fix: adapt AnvilBlockExecutor to alloy-evm 0.34.0 breaking changes
- Add Send + 'static bounds to TxResult impl for AnvilTxResult<H>
- Change commit_transaction return type from Result<GasOutput, BlockExecutionError> to GasOutput
- Remove .expect() on commit_transaction call site
Amp-Thread-ID: https://ampcode.com/threads/T-019df322-c0f1-73e7-858c-5ca2d242ddb4
* style: rustfmt commit_transaction signature
Amp-Thread-ID: https://ampcode.com/threads/T-019df322-c0f1-73e7-858c-5ca2d242ddb4
---------
Co-authored-by: Centaur AI <ai@centaur.local>
* docs: add forge lint rule docs (#14571)
* feat(forge): add fuzz run selection (#14522)
* feat(forge): add fuzz run selection
* fix(fuzz): make metadata builder const
* test(fuzz): cover generated seed replay
* fix(forge): persist fuzz worker for run replay
* fix(evm): satisfy clippy in fuzz replay
* fix(fuzz): reuse fuzz run metadata
* forge(lint/docs): validate deployed forge lint docs (#14573)
test: validate deployed forge lint docs
* feat: gate foundry-primitives behind optimism feature (#14572)
* fix(ci): increase permissions for the enhanced attestation writing (#14584)
* increase permissions for artifact writing
* apply write permissions to release-docker
* feat(hardforks, networks): gate optimism behind cargo feature (#14581)
* fix(forge): encode Tempo creates as AA calls (#14585)
* feat(anvil): gate optimism behind cargo feature (#14577)
Co-authored-by: zerosnacks <95942363+zerosnacks@users.noreply.github.com>
* feat(cast): introduce `vaddr` cmd for TIP-1022 (#14508)
* feat(cast): introduce `vaddr` cmd for tip-1022
* fix: doc
* chore: touch-ups
* add tests
* chore: move tests to tempo ci
* feat: add vaddr watch test
* feat: count 0 hadling, add `no_register` flag
* fix: remove sweep subcommand
* fix: make clippy happy
* feat(bench): nightly regression tracking workflow (#14586)
* fix(cli): fix release version strings for immutable tags, bump to 1.7.1 (#14496)
* Fix release version metadata for immutable tags
Amp-Thread-ID: https://ampcode.com/threads/T-019dd617-b29f-7409-8523-9858a1504f17
Co-authored-by: Amp <amp@ampcode.com>
* Derive nightly release suffix from commit SHA
Amp-Thread-ID: https://ampcode.com/threads/T-019dd617-b29f-7409-8523-9858a1504f17
Co-authored-by: Amp <amp@ampcode.com>
* Apply suggestion from @zerosnacks
* Apply suggestion from @zerosnacks
* Apply suggestion from @zerosnacks
* bump to v1.7.1
* avoid appending whole sha hash, not necessary, handle version cmp correctly. after v1.7.1 release we need to bump to v1.7.2 for nightlies following it to compare correctly
* Make foundryVersionCmp tolerate new version format and add tests
- Strip both pre-release ('-nightly', '-dev') and build metadata ('+<sha>.<ts>.<profile>') from SEMVER_VERSION before comparison so the cheatcode keeps working for tagged releases (which have no '-' separator).
- Extract strip_semver_metadata helper and add Rust unit tests covering all SEMVER_VERSION shapes, version_cmp ordering, and parse_version rejection of pre-release/build/garbage input.
- Extend the Solidity test suite for vm.getFoundryVersion()/foundryVersionCmp/foundryVersionAtLeast: validate MAJOR.MINOR.PATCH parseability, build profile value, cmp/atLeast invariant, and error paths for invalid user-supplied versions.
Amp-Thread-ID: https://ampcode.com/threads/T-019dd971-fcb7-7149-9680-f0134130844c
Co-authored-by: Amp <amp@ampcode.com>
* fix(test): drop view from solidity tests using assert helpers and fix fmt
- assertTrue/assertEq aren't view, so testGetFoundryVersionBuildProfile and testFoundryVersionCmpAndAtLeastAreConsistent can't be view either.
- Collapse the buildType assertion onto one line to satisfy forge fmt.
Amp-Thread-ID: https://ampcode.com/threads/T-019dd971-fcb7-7149-9680-f0134130844c
Co-authored-by: Amp <amp@ampcode.com>
* test(version): assert build profile is non-empty instead of debug|release
The dist profile (used for distributed release binaries) is also valid; just require non-empty so any future profile works.
Amp-Thread-ID: https://ampcode.com/threads/T-019dd971-fcb7-7149-9680-f0134130844c
Co-authored-by: Amp <amp@ampcode.com>
* Normalize nightly-<sha> to nightly in release_version
Ensures tarball and Docker nightly artifacts produce the same version
string. The commit identifier is already included in the SemVer build
metadata (after `+`), so collapsing `nightly-<sha>` to `nightly`
avoids duplicating the SHA in the pre-release tag.
Co-authored-by: Amp <amp@ampcode.com>
Amp-Thread-ID: https://ampcode.com/threads/T-019df79e-d4c9-707c-85eb-2efbf59160b3
---------
Co-authored-by: Centaur AI <ai@centaur.local>
Co-authored-by: Amp <amp@ampcode.com>
Co-authored-by: zerosnacks <95942363+zerosnacks@users.noreply.github.com>
Co-authored-by: zerosnacks <zerosnacks@protonmail.com>
* fix(evm): query `state_snapshot.storage` in `ForkDbStateSnapshot::storage_ref` (#14007)
* fix(evm): query `state_snapshot.storage` in `ForkDbStateSnapshot::storage_ref`
* test(evm): cover `ForkDbStateSnapshot::storage_ref` snapshot lookup
* fix(cast): consistent `--json` output for `keychain` subcommands (#14590)
- `keychain rl`: wrap remaining limit in `{"remaining":"..."}` object
instead of emitting a bare JSON string
- `keychain policy add-call`: emit
`{"status":"already_present","target":"..."}`
when the rule already exists, instead of plain text
- `send_keychain_tx`: wrap sponsor hash in `{"sponsor_hash":"0x..."}`
object when --tempo.print-sponsor-hash is used with --json
Add CLI tests covering the rl and sponsor-hash JSON output shapes.
* feat(tempo): add sponsored transaction plumbing (#14560)
* feat(tempo): add sponsored transaction plumbing
* addressing mablr comments
* fix tempo sponsor signer future layout
* preserve json output for tempo sponsor preview
* fix(cast): `--json` output support for `vaddr` (#14591)
* feat(tempo): add named nonce lanes (#14527)
* fix(cheatcodes): transfer value for payable mock calls (#14547)
* test: updated tests
* fix: execute value transfer
* test: improve
* imp: review item
* test: vm.prank test
* imp: moved mocked-call handling after prank application
---------
Co-authored-by: Mablr <59505383+mablr@users.noreply.github.com>
* feat(lint): add inline-assembly lint (#14575)
* feat(lint): add inline-assembly lint
* lint(inline-assembly): also recognize `/// @solidity memory-safe-assembly` NatSpec
Amp-Thread-ID: https://ampcode.com/threads/T-019df4b6-1b76-734c-9a9b-29db9fb7d461
Co-authored-by: Amp <amp@ampcode.com>
---------
Co-authored-by: Amp <amp@ampcode.com>
* refactor(script): remove `ScriptConfig::{fee_token,expires_at}` in favour of `TempoOpts` (#14594)
* feat(evm-core): gate optimism behind cargo feature (#14593)
* fix(cli): resolve Tempo expires once (#14595)
fix(cli): resolve tempo expires once
* feat(cli): gate optimism behind cargo feature (#14596)
* fix(anvil): classify EVM halts as transaction rejections (#14592)
Co-authored-by: Mablr <59505383+mablr@users.noreply.github.com>
* feat: drop optimism deps under no-default-features (#14600)
* fix(forge): `--fuzz-seed` parameter is not effective in `forge coverage` (#14610)
fix --fuzz-seed not effective in forge coverage
* fix(foundryup): mirror tag resolution for install & use (#14611)
* fix(foundryup): mirror tag resolution for install & use
* fix(foundryup): mirror semver version normalization in `use`
`install` auto-prepends `v` to bare semver versions (e.g. `1.7.0` ->
`v1.7.0`) so the on-disk directory is always `v`-prefixed. `use` was
doing a literal lookup, so `foundryup -u 1.7.0` failed even though
`foundryup -i 1.7.0` had succeeded.
Broaden the channel `case` in `use()` to also match bare semver inputs
(`MAJOR.MINOR.PATCH[-prerelease]`) so they go through the same
`resolve_version_and_tag` normalizer. The pattern is intentionally
tighter than `install`'s `[[:digit:]]*` so locally-built versions whose
names happen to start with a digit are still looked up literally.
Amp-Thread-ID: https://ampcode.com/threads/T-019dfc78-8557-712b-9944-bbff9a4a3b76
Co-authored-by: Amp <amp@ampcode.com>
* chore(foundryup): clarify tag-resolution log and error messages
Distinguish the GitHub API tag-resolution phase from the actual binary
download by consistently referring to "release tag(s)" in the
`resolve_version_and_tag` helper's `say` and `err` messages.
Amp-Thread-ID: https://ampcode.com/threads/T-019dfc78-8557-712b-9944-bbff9a4a3b76
Co-authored-by: Amp <amp@ampcode.com>
---------
Co-authored-by: zerosnacks <95942363+zerosnacks@users.noreply.github.com>
Co-authored-by: Amp <amp@ampcode.com>
* fix(ci): keep no-default builds free of op deps (#14612)
* feat: cast unauthorized flow → wallet.tempo access-key authorization (#14517)
* feat: cast unauthorized flow → wallet.tempo access-key authorization
Amp-Thread-ID: https://ampcode.com/threads/T-019df174-9538-713b-b8c9-5001b1ad4719
Co-authored-by: Amp <amp@ampcode.com>
* fmt
* feat(cast): replace TEMPO_NO_BROWSER env with flag
* revert token addresses
---------
Co-authored-by: Amp <amp@ampcode.com>
Co-authored-by: Mablr <59505383+mablr@users.noreply.github.com>
* docs(expect-emit): clarify next-call semantics and warn about caught-revert leak (#14620)
docs(cheatcodes): clarify expectEmit next-call semantics and caught-revert leak
expectEmit is a 'next call' assertion. If the call immediately after expectEmit
reverts and the revert is swallowed by the caller (low-level call or try/catch),
the unmatched expectation can leak forward and be satisfied by a later unrelated
emission, silently turning a broken test green.
Document the constraint on the natspec for both no-arg and topic-checking
overloads, and regenerate cheatcodes.json.
Refs: https://github.com/foundry-rs/foundry/issues/14618
Amp-Thread-ID: https://ampcode.com/threads/T-019dfd96-7a03-7249-8c10-af20ee2729f5
Co-authored-by: Amp <amp@ampcode.com>
* fix(cheatcodes): enforce `expectRevert` reverter address for CREATE frames (#14615)
* fix(cheatcodes): enforce `expectRevert` reverter address for CREATE
frames
The reverter address argument to `vm.expectRevert` was silently ignored
when the innermost reverting frame was a CREATE (top-level or nested),
because create_end never populated `expected_revert.reverted_by`.
Mirror call_end's logic in create_end: when the outcome reverts and a
reverter address is expected, record outcome.address (revm guarantees
this is Some(would-be address) whenever the constructor executed).
Adds positive regression tests for top-level and nested-CREATE reverts,
and a negative regression test asserting wrong-reverter now fails.
Co-authored-by: Amp <amp@ampcode.com>
* improve coverage
* add Derek's suggested test cases
* fix: forge fmt for ExpectRevert.t.sol
Amp-Thread-ID: https://ampcode.com/threads/T-019dfdc5-5414-70b6-9f49-cb5797a37a29
Co-authored-by: Amp <amp@ampcode.com>
---------
Co-authored-by: Amp <amp@ampcode.com>
Co-authored-by: zerosnacks <95942363+zerosnacks@users.noreply.github.com>
* fix(script): keep plain Tempo broadcasts non-AA (#14616)
* fix(script): don't force Tempo AA fee_token from --network tempo alone
Plain --network tempo (or any selection that just sets the network to
Tempo) does not by itself imply a Tempo AA / type 0x76 transaction.
Defaulting tempo.common.fee_token to PATH_USD_ADDRESS solely from
evm_opts.networks.is_tempo() caused every unsigned broadcast tx to flow
through TempoOpts::apply, which set fee_token on the request and
promoted it to the Tempo AA tx envelope. Signers that only know how to
sign ordinary Ethereum transactions (e.g. the Ledger Ethereum app)
then rejected the transaction with 'received an unexpected empty
response'.
Gate the default on an actual Tempo AA opt-in:
- --batch (Tempo batch txs are themselves AA and need a fee token), or
- any explicit --tempo.* flag (sponsor, expiring nonce, nonce key/lane,
...) which already forces an AA tx and benefits from a default fee
token.
Explicit --tempo.fee-token continues to win over the default in all
cases, and non-Tempo networks never default the fee token.
Add unit tests for each scenario.
Amp-Thread-ID: https://ampcode.com/threads/T-019dfd37-2354-712f-95b1-2584fd47ad5e
Co-authored-by: Amp <amp@ampcode.com>
* fix(script): don't force eth_estimateGas on plain Tempo broadcasts
Plain --network tempo produces an ordinary EIP-1559/legacy transaction
(see tempo-alloy::TempoTransactionRequest::output_tx_type), so the local
simulation gas estimate is sufficient. Forcing RPC re-estimation in this
case can surface node-side errors such as 'gas required exceeds
allowance (0)' (Geth-style balance/gasPrice cap from eth_estimateGas)
on flows that previously worked, including Ledger-signed broadcasts
that just got unblocked from the type 0x76 regression.
Match tempo-foundry's behaviour: only force eth_estimateGas on Tempo
when the user has actually opted into Tempo AA semantics (--batch or
any explicit --tempo.* flag).
Extract the gating into needs_tempo_aa_rpc_estimate(...) and add
focused unit tests mirroring the fee-token gating tests.
Amp-Thread-ID: https://ampcode.com/threads/T-019dfd37-2354-712f-95b1-2584fd47ad5e
Co-authored-by: Amp <amp@ampcode.com>
* fix(script): don't re-estimate plain Tempo chain broadcasts
---------
Co-authored-by: Amp <amp@ampcode.com>
* fix(cheatcodes): preserve reverts with `expectEmit` (#14619)
* test: added regression test
* fix: re-order revert handling
* refactor: simplify
* lint: fmt
* polish: tighten comment, extend test with revert reason and custom error
Amp-Thread-ID: https://ampcode.com/threads/T-019dfd96-7a03-7249-8c10-af20ee2729f5
Co-authored-by: Amp <amp@ampcode.com>
---------
Co-authored-by: zerosnacks <95942363+zerosnacks@users.noreply.github.com>
Co-authored-by: Amp <amp@ampcode.com>
* feat(lint): add tx-origin detector (#14589)
* feat(lint): add tx-origin detector
* test(lint): address tx-origin review feedback
* fix: ui bless
* fix(lint): cover tx-origin index and ternary predicates
* test(lint): bless tx-origin snapshot
---------
Co-authored-by: Mablr <59505383+mablr@users.noreply.github.com>
* refactor(tempo): prepare batch access key txs w/ helper (#14597)
fix(tempo): prepare batch access key txs before estimation
* fix(anvil): respect non-zero genesis block in Otterscan APIs (#14490)
fix(anvil): respect non-zero genesis block in Otterscan APIs
The three Otterscan address-history endpoints (`ots_searchTransactionsBefore`/`After`, `ots_getTransactionBySenderAndNonce`) hardcoded `unwrap_or(1)` / `unwrap_or_default()` as the lower bound of their block scan, which breaks when `genesis_block_number` is non-zero (e.g. `genesis.json` `number: 73`). Expose `Backend::genesis_number()` and fall back to `genesis_number() + 1` in non-fork mode, mirroring the existing post-fork `f.block_number() + 1` convention.
---------
Co-authored-by: Isagi Yates <isagiyates@gmail.com>
Co-authored-by: Amp <amp@ampcode.com>
Co-authored-by: steven <corderosteven6@gmail.com>
Co-authored-by: stevencartavia <112043913+stevencartavia@users.noreply.github.com>
Co-authored-by: Matthias Seitz <matthias.seitz@outlook.de>
Co-authored-by: Mablr <59505383+mablr@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: figtracer <me@figtracer.com>
Co-authored-by: zerosnacks <95942363+zerosnacks@users.noreply.github.com>
Co-authored-by: Sergei Shulepov <s.pepyakin@gmail.com>
Co-authored-by: zerosnacks <zerosnacks@protonmail.com>
Co-authored-by: grandizzy <38490174+grandizzy@users.noreply.github.com>
Co-authored-by: cui <cuiweixie@gmail.com>
Co-authored-by: Centaur AI <ai@centaur.local>
Co-authored-by: Derek Cofausper <256792747+decofe@users.noreply.github.com>
Co-authored-by: Nikki <gutonosa@protonmail.com>
Co-authored-by: srdtrk <59252793+srdtrk@users.noreply.github.com>
Co-authored-by: Mikhail Mikheev <16622558+mmv08@users.noreply.github.com>
Co-authored-by: lazymio <mio@lazym.io>
Co-authored-by: Emma Jamieson-Hoare <emmajam@users.noreply.github.com>
Co-authored-by: VIkions <99107287+vikions@users.noreply.github.com>
Co-authored-by: Aïssata <mikeslowcoder@proton.me>
* ci: sign release archives, docker images, and publish SBOMs (#519)
* anvil: unify Tempo nonce markers across send RPCs (#14536)
Co-authored-by: Amp <amp@ampcode.com>
Co-authored-by: steven <corderosteven6@gmail.com>
Co-authored-by: stevencartavia <112043913+stevencartavia@users.noreply.github.com>
Co-authored-by: Matthias Seitz <matthias.seitz@outlook.de>
* fix(forge): `flaky_gas_report_fallback_with_calldata` deployment cost (#14545)
* chore(lint): add missing lints to README (#14551)
* chore(bench): update `benchmark.sh` (#14548)
Co-authored-by: Matthias Seitz <matthias.seitz@outlook.de>
* chore(clippy): fix for_kv_map and useless_borrows_in_formatting (#14554)
* chore(clippy): fix for_kv_map and useless_borrows_in_formatting
Amp-Thread-ID: https://ampcode.com/threads/T-019df0f9-62e7-74b8-bd5e-da2acce678fb
Co-authored-by: Amp <amp@ampcode.com>
* chore(clippy): drop redundant borrows in cheatcodes assert formatters
Amp-Thread-ID: https://ampcode.com/threads/T-019df0f9-62e7-74b8-bd5e-da2acce678fb
Co-authored-by: Amp <amp@ampcode.com>
---------
Co-authored-by: Amp <amp@ampcode.com>
* fix(ci): use `PATH_USD` fallback fee token in Mail templates (#14546)
* chore(deps): bump the actions-weekly group with 3 updates (#14497)
* refactor(chisel): migrate to solar (#14532)
* feat(lint): add too-many-digits lint (#14549)
* feat: feature-gate optimism deps in common-fmt, common, cast (#14539)
* feat(forge): support per-test network selection via inline config (#14530)
* feat(cli): `--tempo.expires` retry-safe mode (TIP-1009 expiring nonces) (#14521)
* fix(forge): `per_test_network_routing` match undeterministic order (#14557)
output
* chore(ci): run tempo mainnet and testnet checks before devnet (#14556)
* Update flake.lock (#14553)
flake.lock: Update
Flake lock file updates:
• Updated input 'fenix':
'github:nix-community/fenix/f374034' (2026-04-25)
→ 'github:nix-community/fenix/74c1591' (2026-05-02)
• Updated input 'fenix/rust-analyzer-src':
'github:rust-lang/rust-analyzer/8954b66' (2026-04-21)
→ 'github:rust-lang/rust-analyzer/64cdaeb' (2026-05-01)
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/01fbdee' (2026-04-23)
→ 'github:NixOS/nixpkgs/c6d6588' (2026-05-01)
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
* chore(bench): update benchmark results (#14552)
* fix(forge): ignore ETH_RPC_URL for test forking (#14555)
Co-authored-by: zerosnacks <95942363+zerosnacks@users.noreply.github.com>
Co-authored-by: Mablr <59505383+mablr@users.noreply.github.com>
* feat(cast): add Tempo keychain policy commands (#14531)
* feat(cast): add tempo keychain policy commands
* fix(cast): address keychain policy review
* fix(cli): fix jsonwebtoken panic (#14562)
`cast` panicked with this message coming from jsonwebtoken:
```
Call CryptoProvider::install_default() before this point to select a provider manually, or make sure exactly one of the
'rust_crypto' and 'aws_lc_rs' features is enabled.
See the documentation of the CryptoProvider type for more information.
```
This seemingly was introduced with the bump of jsonwebtoken to 10. Now
it requires you to pick one backend used by default controlled by the
compile time cargo features or call `CryptoProvider::install_default()`
at the beginning.
I realized that probably it would be better to just select the feature
and I picked `aws_lc_rs` as it seems to be increasingly a default and
we already are using the C toolchain.
Co-authored-by: zerosnacks <95942363+zerosnacks@users.noreply.github.com>
* chore(cli): tidy ETH_RPC_URL handling and add forge regression test (#14559)
Follow-up to #14555:
- Drop the redundant flashbots branch in RpcOpts::dict; self.url(None)
already returns FLASHBOTS_URL when --flashbots is set, so the
subsequent overwrite was dead code.
- Inline the resolve_rpc_url helper back into RpcCommonOpts::url; it
was only called from one place and added unneeded surface area.
- Restore the doc comment on RpcCommonOpts and document why
ETH_RPC_URL is intentionally not a clap env on the shared field
(so EvmArgs cannot inherit it).
- Add an integration test that runs forge config with ETH_RPC_URL set
in the environment and asserts that eth_rpc_url stays None,
directly exercising the regression scenario from #14538.
Amp-Thread-ID: https://ampcode.com/threads/T-019df243-267f-7779-93e1-5d6686082444
Co-authored-by: zerosnacks <zerosnacks@protonmail.com>
Co-authored-by: Amp <amp@ampcode.com>
* feat(cast): open Tempo wallet fund flow for MPP failures (#14505)
* feat(cast): open Tempo wallet fund flow for MPP failures
* ci(tempo): skip network checks without rpc secrets
* Revert "ci(tempo): skip network checks without rpc secrets"
This reverts commit f8dd70163f850b854888fd1c962174e1663284f4.
* fix(common): address mpp funding review
---------
Co-authored-by: zerosnacks <95942363+zerosnacks@users.noreply.github.com>
* ci: sign release archives, docker images, and publish SBOMs (#14563)
- release.yml: emit per-archive sha256 + SPDX SBOM (Syft), cosign
keyless sign-blob of the archive, and use actions/attest@v4 for both
build provenance and SBOM attestations. Upload all artifacts to the
draft release.
- docker-publish.yml: enable BuildKit SBOM, capture the build digest,
cosign keyless sign each pushed tag, and publish a Sigstore-signed
SLSA provenance attestation via actions/attest with push-to-registry.
- SECURITY.md: document how external users verify archives and the
docker image (gh attestation, cosign, plain sha256, buildx imagetools).
- README.md: link to the new verification section.
* perf(common): short-circuit `find_by_name_or_identifier` instead of `collect` (#14514)
* feat(foundryup): retry GitHub API fetches on transient errors (#14566)
GitHub api.github.com occasionally returns transient 403s on certain VMs
(per-IP rate limiting / WAF hiccups), causing foundryup to fail to
resolve the latest stable / nightly release tag, e.g.:
foundryup: fetching latest nightly releases from foundry-rs/foundry...
Error: curl: (56) The requested URL returned error: 403
foundryup: failed to fetch releases from GitHub API
Add curl/wget retry logic to the `fetch` helper (used exclusively for
GitHub API releases endpoints):
- curl: --retry 5 --retry-delay 2 --retry-max-time 60, plus
--retry-all-errors when supported (curl 7.71+, feature-detected so
older curl does not hard-fail). --retry-all-errors is required to
retry HTTP 403, which is not in curl's default retryable set.
- wget fallback: --tries=5 --waitretry=2
--retry-on-http-error=403,408,429,5xx.
`fetch` now buffers to a temp file before emitting to stdout, since
curl's --retry-all-errors is unsafe with piped consumers (mid-stream
retries can duplicate bytes). Existing callers pipe into awk/grep.
Tunable via FOUNDRYUP_MAX_RETRIES (default 5).
`download` (binary tarballs, attestations, manpages) is intentionally
left unchanged — those rarely fail and changing them affects the
attestation existence check semantics.
Bumps installer version 1.8.1 -> 1.8.2.
Amp-Thread-ID: https://ampcode.com/threads/T-019df2f5-9b97-717a-b959-cf7cbc7ca3bb
Co-authored-by: Amp <amp@ampcode.com>
* feat(lint): project-wide passes + pragma-inconsistent (#14543)
* feat(lint): project-wide passes + pragma-inconsistent
* rm hashset, msg
* test(lint): exhaustive pragma-inconsistent coverage + clearer testdata names (#14561)
* test(lint): exhaustive coverage for pragma-inconsistent
Follow-up to #14543 expanding test coverage for the cross-file
`pragma-inconsistent` lint across the syntax variants users encounter
in real Solidity projects.
Multi-file scenarios (added as `forgetest!` cases in
`crates/forge/tests/cli/lint.rs`, since they cannot be expressed in a
single `.sol` testdata file):
- Negative (must NOT warn):
- all files use the same exact pragma (`0.8.20`)
- all files use the same caret pragma (`^0.8.20`)
- single file in the project
- Positive (must warn):
- duplicates among a conflict -- two identical files plus one
different pragma still emits three warnings
- Mixed:
- file without an explicit pragma uses the test-utils default
(`add_raw_source` is used to bypass the auto-injected pragma)
Source bodies are pulled out into module-level `const` raw strings so
rustfmt does not collapse the inline `\n`-escaped strings into wide
horizontal blobs.
Single-file scenarios (added as `.sol` files under
`crates/lint/testdata/` in the existing `//~NOTE:` annotation style):
- `PragmaInconsistentCaretVsTilde.sol`: `^0.8.20` vs `~0.8.20`
- `PragmaInconsistentRangeVsExact.sol`: `>=0.8.0 <0.9.0` vs `0.8.20`
-- range satisfies exact but lint is intentionally string-based,
matching SLITHER-W1078
- `PragmaInconsistentOrVsExact.sol`: `0.8.20 || 0.8.21` vs `0.8.20`
- `PragmaInconsistentThreeDistinct.sol`: `>=0.8.0`, `^0.8.0`, `~0.8.0`
-- verifies the `others` list contains every other variant
* test(lint): rename pragma-inconsistent testdata to describe the case under test
The two testdata files added in #14543 were named `PragmaInconsistent.sol`
and `PragmaInconsistent2.sol`, which made them look like duplicates. They
actually exercise distinct edge cases of the same string-based detection:
- `PragmaInconsistentCaretAboveExact.sol` (was `PragmaInconsistent.sol`):
caret range whose lower bound is strictly below the exact version
(`^0.8.0` + `0.8.18`).
- `PragmaInconsistentCaretMatchesExact.sol` (was `PragmaInconsistent2.sol`):
caret range whose lower bound equals the exact version
(`^0.8.20` + `0.8.20`) -- the looks-the-same-but-still-distinct case
that guards SLITHER-W1078 parity (no semver intersection).
Amp-Thread-ID: https://ampcode.com/threads/T-019df243-267f-7779-93e1-5d6686082444
Co-authored-by: Amp <amp@ampcode.com>
---------
Co-authored-by: Amp <amp@ampcode.com>
---------
Co-authored-by: zerosnacks <95942363+zerosnacks@users.noreply.github.com>
Co-authored-by: Amp <amp@ampcode.com>
* refactor(script): reuse shared Tempo CLI opts (#14558)
* deps: bump tempo to 6bf9903 (T6 hardfork) + fix alloy-evm 0.34 compat (#14567)
* deps: bump tempo to 6bf9903 (T6 hardfork)
Bumps tempo crates to 6bf9903d, adding the T6 hardfork variant to
TempoHardfork. Without this, cast's tempo_forkSchedule lookup parses
the chain's reported active fork ("T6") into TempoHardfork::FromStr,
fails because T6 was unknown to the enum, and silently returns
is_hardfork_active(T3) = false. That made 'cast keychain auth' fall
back to the legacy authorizeKey selector and revert with
LegacyAuthorizeKeySelectorChanged on any T6 chain.
Also bumps alloy-evm to 0.34 and the optimism git pin to develop
(e3b59e7) so alloy-op-evm picks up an EvmFactory impl built against
alloy-evm 0.34. Removes the now-unused paradigmxyz/reth-core [patch]
entries.
No source changes; lockfile churn is transitive only.
* fix: adapt AnvilBlockExecutor to alloy-evm 0.34.0 breaking changes
- Add Send + 'static bounds to TxResult impl for AnvilTxResult<H>
- Change commit_transaction return type from Result<GasOutput, BlockExecutionError> to GasOutput
- Remove .expect() on commit_transaction call site
Amp-Thread-ID: https://ampcode.com/threads/T-019df322-c0f1-73e7-858c-5ca2d242ddb4
* style: rustfmt commit_transaction signature
Amp-Thread-ID: https://ampcode.com/threads/T-019df322-c0f1-73e7-858c-5ca2d242ddb4
---------
Co-authored-by: Centaur AI <ai@centaur.local>
* docs: add forge lint rule docs (#14571)
* feat(forge): add fuzz run selection (#14522)
* feat(forge): add fuzz run selection
* fix(fuzz): make metadata builder const
* test(fuzz): cover generated seed replay
* fix(forge): persist fuzz worker for run replay
* fix(evm): satisfy clippy in fuzz replay
* fix(fuzz): reuse fuzz run metadata
* forge(lint/docs): validate deployed forge lint docs (#14573)
test: validate deployed forge lint docs
* feat: gate foundry-primitives behind optimism feature (#14572)
* fix(ci): increase permissions for the enhanced attestation writing (#14584)
* increase permissions for artifact writing
* apply write permissions to release-docker
* feat(hardforks, networks): gate optimism behind cargo feature (#14581)
* fix(forge): encode Tempo creates as AA calls (#14585)
* feat(anvil): gate optimism behind cargo feature (#14577)
Co-authored-by: zerosnacks <95942363+zerosnacks@users.noreply.github.com>
* feat(cast): introduce `vaddr` cmd for TIP-1022 (#14508)
* feat(cast): introduce `vaddr` cmd for tip-1022
* fix: doc
* chore: touch-ups
* add tests
* chore: move tests to tempo ci
* feat: add vaddr watch test
* feat: count 0 hadling, add `no_register` flag
* fix: remove sweep subcommand
* fix: make clippy happy
* feat(bench): nightly regression tracking workflow (#14586)
* fix(cli): fix release version strings for immutable tags, bump to 1.7.1 (#14496)
* Fix release version metadata for immutable tags
Amp-Thread-ID: https://ampcode.com/threads/T-019dd617-b29f-7409-8523-9858a1504f17
Co-authored-by: Amp <amp@ampcode.com>
* Derive nightly release suffix from commit SHA
Amp-Thread-ID: https://ampcode.com/threads/T-019dd617-b29f-7409-8523-9858a1504f17
Co-authored-by: Amp <amp@ampcode.com>
* Apply suggestion from @zerosnacks
* Apply suggestion from @zerosnacks
* Apply suggestion from @zerosnacks
* bump to v1.7.1
* avoid appending whole sha hash, not necessary, handle version cmp correctly. after v1.7.1 release we need to bump to v1.7.2 for nightlies following it to compare correctly
* Make foundryVersionCmp tolerate new version format and add tests
- Strip both pre-release ('-nightly', '-dev') and build metadata ('+<sha>.<ts>.<profile>') from SEMVER_VERSION before comparison so the cheatcode keeps working for tagged releases (which have no '-' separator).
- Extract strip_semver_metadata helper and add Rust unit tests covering all SEMVER_VERSION shapes, version_cmp ordering, and parse_version rejection of pre-release/build/garbage input.
- Extend the Solidity test suite for vm.getFoundryVersion()/foundryVersionCmp/foundryVersionAtLeast: validate MAJOR.MINOR.PATCH parseability, build profile value, cmp/atLeast invariant, and error paths for invalid user-supplied versions.
Amp-Thread-ID: https://ampcode.com/threads/T-019dd971-fcb7-7149-9680-f0134130844c
Co-authored-by: Amp <amp@ampcode.com>
* fix(test): drop view from solidity tests using assert helpers and fix fmt
- assertTrue/assertEq aren't view, so testGetFoundryVersionBuildProfile and testFoundryVersionCmpAndAtLeastAreConsistent can't be view either.
- Collapse the buildType assertion onto one line to satisfy forge fmt.
Amp-Thread-ID: https://ampcode.com/threads/T-019dd971-fcb7-7149-9680-f0134130844c
Co-authored-by: Amp <amp@ampcode.com>
* test(version): assert build profile is non-empty instead of debug|release
The dist profile (used for distributed release binaries) is also valid; just require non-empty so any future profile works.
Amp-Thread-ID: https://ampcode.com/threads/T-019dd971-fcb7-7149-9680-f0134130844c
Co-authored-by: Amp <amp@ampcode.com>
* Normalize nightly-<sha> to nightly in release_version
Ensures tarball and Docker nightly artifacts produce the same version
string. The commit identifier is already included in the SemVer build
metadata (after `+`), so collapsing `nightly-<sha>` to `nightly`
avoids duplicating the SHA in the pre-release tag.
Co-authored-by: Amp <amp@ampcode.com>
Amp-Thread-ID: https://ampcode.com/threads/T-019df79e-d4c9-707c-85eb-2efbf59160b3
---------
Co-authored-by: Centaur AI <ai@centaur.local>
Co-authored-by: Amp <amp@ampcode.com>
Co-authored-by: zerosnacks <95942363+zerosnacks@users.noreply.github.com>
Co-authored-by: zerosnacks <zerosnacks@protonmail.com>
* fix(evm): query `state_snapshot.storage` in `ForkDbStateSnapshot::storage_ref` (#14007)
* fix(evm): query `state_snapshot.storage` in `ForkDbStateSnapshot::storage_ref`
* test(evm): cover `ForkDbStateSnapshot::storage_ref` snapshot lookup
* fix(cast): consistent `--json` output for `keychain` subcommands (#14590)
- `keychain rl`: wrap remaining limit in `{"remaining":"..."}` object
instead of emitting a bare JSON string
- `keychain policy add-call`: emit
`{"status":"already_present","target":"..."}`
when the rule already exists, instead of plain text
- `send_keychain_tx`: wrap sponsor hash in `{"sponsor_hash":"0x..."}`
object when --tempo.print-sponsor-hash is used with --json
Add CLI tests covering the rl and sponsor-hash JSON output shapes.
* feat(tempo): add sponsored transaction plumbing (#14560)
* feat(tempo): add sponsored transaction plumbing
* addressing mablr comments
* fix tempo sponsor signer future layout
* preserve json output for tempo sponsor preview
* fix(cast): `--json` output support for `vaddr` (#14591)
* feat(tempo): add named nonce lanes (#14527)
* fix(cheatcodes): transfer value for payable mock calls (#14547)
* test: updated tests
* fix: execute value transfer
* test: improve
* imp: review item
* test: vm.prank test
* imp: moved mocked-call handling after prank application
---------
Co-authored-by: Mablr <59505383+mablr@users.noreply.github.com>
* feat(lint): add inline-assembly lint (#14575)
* feat(lint): add inline-assembly lint
* lint(inline-assembly): also recognize `/// @solidity memory-safe-assembly` NatSpec
Amp-Thread-ID: https://ampcode.com/threads/T-019df4b6-1b76-734c-9a9b-29db9fb7d461
Co-authored-by: Amp <amp@ampcode.com>
---------
Co-authored-by: Amp <amp@ampcode.com>
* refactor(script): remove `ScriptConfig::{fee_token,expires_at}` in favour of `TempoOpts` (#14594)
* feat(evm-core): gate optimism behind cargo feature (#14593)
* fix(cli): resolve Tempo expires once (#14595)
fix(cli): resolve tempo expires once
* feat(cli): gate optimism behind cargo feature (#14596)
* fix(anvil): classify EVM halts as transaction rejections (#14592)
Co-authored-by: Mablr <59505383+mablr@users.noreply.github.com>
* feat: drop optimism deps under no-default-features (#14600)
* fix(forge): `--fuzz-seed` parameter is not effective in `forge coverage` (#14610)
fix --fuzz-seed not effective in forge coverage
* fix(foundryup): mirror tag resolution for install & use (#14611)
* fix(foundryup): mirror tag resolution for install & use
* fix(foundryup): mirror semver version normalization in `use`
`install` auto-prepends `v` to bare semver versions (e.g. `1.7.0` ->
`v1.7.0`) so the on-disk directory is always `v`-prefixed. `use` was
doing a literal lookup, so `foundryup -u 1.7.0` failed even though
`foundryup -i 1.7.0` had succeeded.
Broaden the channel `case` in `use()` to also match bare semver inputs
(`MAJOR.MINOR.PATCH[-prerelease]`) so they go through the same
`resolve_version_and_tag` normalizer. The pattern is intentionally
tighter than `install`'s `[[:digit:]]*` so locally-built versions whose
names happen to start with a digit are still looked up literally.
Amp-Thread-ID: https://ampcode.com/threads/T-019dfc78-8557-712b-9944-bbff9a4a3b76
Co-authored-by: Amp <amp@ampcode.com>
* chore(foundryup): clarify tag-resolution log and error messages
Distinguish the GitHub API tag-resolution phase from the actual binary
download by consistently referring to "release tag(s)" in the
`resolve_version_and_tag` helper's `say` and `err` messages.
Amp-Thread-ID: https://ampcode.com/threads/T-019dfc78-8557-712b-9944-bbff9a4a3b76
Co-authored-by: Amp <amp@ampcode.com>
---------
Co-authored-by: zerosnacks <95942363+zerosnacks@users.noreply.github.com>
Co-authored-by: Amp <amp@ampcode.com>
* fix(ci): keep no-default builds free of op deps (#14612)
* feat: cast unauthorized flow → wallet.tempo access-key authorization (#14517)
* feat: cast unauthorized flow → wallet.tempo access-key authorization
Amp-Thread-ID: https://ampcode.com/threads/T-019df174-9538-713b-b8c9-5001b1ad4719
Co-authored-by: Amp <amp@ampcode.com>
* fmt
* feat(cast): replace TEMPO_NO_BROWSER env with flag
* revert token addresses
---------
Co-authored-by: Amp <amp@ampcode.com>
Co-authored-by: Mablr <59505383+mablr@users.noreply.github.com>
* docs(expect-emit): clarify next-call semantics and warn about caught-revert leak (#14620)
docs(cheatcodes): clarify expectEmit next-call semantics and caught-revert leak
expectEmit is a 'next call' assertion. If the call immediately after expectEmit
reverts and the revert is swallowed by the caller (low-level call or try/catch),
the unmatched expectation can leak forward and be satisfied by a later unrelated
emission, silently turning a broken test green.
Document the constraint on the natspec for both no-arg and topic-checking
overloads, and regenerate cheatcodes.json.
Refs: https://github.com/foundry-rs/foundry/issues/14618
Amp-Thread-ID: https://ampcode.com/threads/T-019dfd96-7a03-7249-8c10-af20ee2729f5
Co-authored-by: Amp <amp@ampcode.com>
* fix(cheatcodes): enforce `expectRevert` reverter address for CREATE frames (#14615)
* fix(cheatcodes): enforce `expectRevert` reverter address for CREATE
frames
The reverter address argument to `vm.expectRevert` was silently ignored
when the innermost reverting frame was a CREATE (top-level or nested),
because create_end never populated `expected_revert.reverted_by`.
Mirror call_end's logic in create_end: when the outcome reverts and a
reverter address is expected, record outcome.address (revm guarantees
this is Some(would-be address) whenever the constructor executed).
Adds positive regression tests for top-level and nested-CREATE reverts,
and a negative regression test asserting wrong-reverter now fails.
Co-authored-by: Amp <amp@ampcode.com>
* improve coverage
* add Derek's suggested test cases
* fix: forge fmt for ExpectRevert.t.sol
Amp-Thread-ID: https://ampcode.com/threads/T-019dfdc5-5414-70b6-9f49-cb5797a37a29
Co-authored-by: Amp <amp@ampcode.com>
---------
Co-authored-by: Amp <amp@ampcode.com>
Co-authored-by: zerosnacks <95942363+zerosnacks@users.noreply.github.com>
* fix(script): keep plain Tempo broadcasts non-AA (#14616)
* fix(script): don't force Tempo AA fee_token from --network tempo alone
Plain --network tempo (or any selection that just sets the network to
Tempo) does not by itself imply a Tempo AA / type 0x76 transaction.
Defaulting tempo.common.fee_token to PATH_USD_ADDRESS solely from
evm_opts.networks.is_tempo() caused every unsigned broadcast tx to flow
through TempoOpts::apply, which set fee_token on the request and
promoted it to the Tempo AA tx envelope. Signers that only know how to
sign ordinary Ethereum transactions (e.g. the Ledger Ethereum app)
then rejected the transaction with 'received an unexpected empty
response'.
Gate the default on an actual Tempo AA opt-in:
- --batch (Tempo batch txs are themselves AA and need a fee token), or
- any explicit --tempo.* flag (sponsor, expiring nonce, nonce key/lane,
...) which already forces an AA tx and benefits from a default fee
token.
Explicit --tempo.fee-token continues to win over the default in all
cases, and non-Tempo networks never default the fee token.
Add unit tests for each scenario.
Amp-Thread-ID: https://ampcode.com/threads/T-019dfd37-2354-712f-95b1-2584fd47ad5e
Co-authored-by: Amp <amp@ampcode.com>
* fix(script): don't force eth_estimateGas on plain Tempo broadcasts
Plain --network tempo produces an ordinary EIP-1559/legacy transaction
(see tempo-alloy::TempoTransactionRequest::output_tx_type), so the local
simulation gas estimate is sufficient. Forcing RPC re-estimation in this
case can surface node-side errors such as 'gas required exceeds
allowance (0)' (Geth-style balance/gasPrice cap from eth_estimateGas)
on flows that previously worked, including Ledger-signed broadcasts
that just got unblocked from the type 0x76 regression.
Match tempo-foundry's behaviour: only force eth_estimateGas on Tempo
when the user has actually opted into Tempo AA semantics (--batch or
any explicit --tempo.* flag).
Extract the gating into needs_tempo_aa_rpc_estimate(...) and add
focused unit tests mirroring the fee-token gating tests.
Amp-Thread-ID: https://ampcode.com/threads/T-019dfd37-2354-712f-95b1-2584fd47ad5e
Co-authored-by: Amp <amp@ampcode.com>
* fix(script): don't re-estimate plain Tempo chain broadcasts
---------
Co-authored-by: Amp <amp@ampcode.com>
* fix(cheatcodes): preserve reverts with `expectEmit` (#14619)
* test: added regression test
* fix: re-order revert handling
* refactor: simplify
* lint: fmt
* polish: tighten comment, extend test with revert reason and custom error
Amp-Thread-ID: https://ampcode.com/threads/T-019dfd96-7a03-7249-8c10-af20ee2729f5
Co-authored-by: Amp <amp@ampcode.com>
---------
Co-authored-by: zerosnacks <95942363+zerosnacks@users.noreply.github.com>
Co-authored-by: Amp <amp@ampcode.com>
* feat(lint): add tx-origin detector (#14589)
* feat(lint): add tx-origin detector
* test(lint): address tx-origin review feedback
* fix: ui bless
* fix(lint): cover tx-origin index and ternary predicates
* test(lint): bless tx-origin snapshot
---------
Co-authored-by: Mablr <59505383+mablr@users.noreply.github.com>
* refactor(tempo): prepare batch access key txs w/ helper (#14597)
fix(tempo): prepare batch access key txs before estimation
* fix(anvil): respect non-zero genesis block in Otterscan APIs (#14490)
fix(anvil): respect non-zero genesis block in Otterscan APIs
The three Otterscan address-history endpoints (`ots_searchTransactionsBefore`/`After`, `ots_getTransactionBySenderAndNonce`) hardcoded `unwrap_or(1)` / `unwrap_or_default()` as the lower bound of their block scan, which breaks when `genesis_block_number` is non-zero (e.g. `genesis.json` `number: 73`). Expose `Backend::genesis_number()` and fall back to `genesis_number() + 1` in non-fork mode, mirroring the existing post-fork `f.block_number() + 1` convention.
---------
Co-authored-by: Isagi Yates <isagiyates@gmail.com>
Co-authored-by: Amp <amp@ampcode.com>
Co-authored-by: steven <corderosteven6@gmail.com>
Co-authored-by: stevencartavia <112043913+stevencartavia@users.noreply.github.com>
Co-authored-by: Matthias Seitz <matthias.seitz@outlook.de>
Co-authored-by: Mablr <59505383+mablr@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: figtracer <me@figtracer.com>
Co-authored-by: zerosnacks <95942363+zerosnacks@users.noreply.github.com>
Co-authored-by: Sergei Shulepov <s.pepyakin@gmail.com>
Co-authored-by: zerosnacks <zerosnacks@protonmail.com>
Co-authored-by: grandizzy <38490174+grandizzy@users.noreply.github.com>
Co-authored-by: cui <cuiweixie@gmail.com>
Co-authored-by: Centaur AI <ai@centaur.local>
Co-authored-by: Derek Cofausper <256792747+decofe@users.noreply.github.com>
Co-authored-by: Nikki <gutonosa@protonmail.com>
Co-authored-by: srdtrk <59252793+srdtrk@users.noreply.github.com>
Co-authored-by: Mikhail Mikheev <16622558+mmv08@users.noreply.github.com>
Co-authored-by: lazymio <mio@lazym.io>
Co-authored-by: Emma Jamieson-Hoare <emmajam@users.noreply.github.com>
Co-authored-by: VIkions <99107287+vikions@users.noreply.github.com>
Co-authored-by: Aïssata <mikeslowcoder@proton.me>
* Update .github/ISSUE_TEMPLATE/bug_report.md
Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com>
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
* Tempo signer lookup and access key signing (#523)
* Fix formatting in cargo.yml
Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>
* Fix indentation for on_fail condition in CI config
Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>
* Fix indentation in CircleCI configuration
Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>
* chore(deps): bump taiki-e/install-action from 2.62.21 to 2.62.31 (#139)
Bumps [taiki-e/install-action](https://github.com/taiki-e/install-action) from 2.62.21 to 2.62.31.
- [Release notes](https://github.com/taiki-e/install-action/releases)
- [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/taiki-e/install-action/compare/v2.62.21...0005e0116e92d8489d8d96fbff83f061c79ba95a)
---
updated-dependencies:
- dependency-name: taiki-e/install-action
dependency-version: 2.62.31
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump github/codeql-action from 3 to 4 (#138)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v3...v4)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: '4'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump snyk/actions
Bumps [snyk/actions](https://github.com/snyk/actions) from 14818c4695ecc4045f33c9cee9e795a788711ca4 to 9adf32b1121593767fc3c057af55b55db032dc04.
- [Release notes](https://github.com/snyk/actions/releases)
- [Commits](https://github.com/snyk/actions/compare/14818c4695ecc4045f33c9cee9e795a788711ca4...9adf32b1121593767fc3c057af55b55db032dc04)
---
updated-dependencies:
- dependency-name: snyk/actions
dependency-version: 9adf32b1121593767fc3c057af55b55db032dc04
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
* Update CircleCI config with comments and formatting
Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>
* Update config.yml
Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>
* Update and rename ci-say-hello.yml to ci-web3-defi-gamefi.yml (#154)
Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>
* Delete .circleci/ci-web3-defi-gamefi.yml (#155)
Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>
* Delete .circleci/ci_deploy.yml (#158)
Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>
* Delete .circleci/cargo.yml (#159)
Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>
* chore(deps): bump taiki-e/install-action from 2.62.31 to 2.62.33 (#162)
Bumps [taiki-e/install-action](https://github.com/taiki-e/install-action) from 2.62.31 to 2.62.33.
- [Release notes](https://github.com/taiki-e/install-action/releases)
- [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/taiki-e/install-action/compare/0005e0116e92d8489d8d96fbff83f061c79ba95a...e43a5023a747770bfcb71ae048541a681714b951)
---
updated-dependencies:
- dependency-name: taiki-e/install-action
dependency-version: 2.62.33
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump actions/checkout from 4 to 5 (#163)
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Merge branch 'foundry-rs:master' (#164)
* Create ci_cargo.yml (#72)
Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>
* Create config.yml
Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>
* Rename ci_cargo.yml to cargo.yml
Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>
* fix(fmt): handle trailing coments between base contracts (#12127)
* fix(fmt): account for ternary operators when estimating size
* fix(fmt): handle comments between inherited base contracts
* test: layout + base inheritance
* feat(forge): add bypass prevrandao (#12125)
* feat(forge): add bypass prevrandao
* Update crates/evm/networks/src/lib.rs
Co-authored-by: 0xrusowsky <90208954+0xrusowsky@users.noreply.github.com>
* changes after review: remove duped code
---------
Co-authored-by: 0xrusowsky <90208954+0xrusowsky@users.noreply.github.com>
* fix(fmt): filter libs wh…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
17 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
Solution
PR Checklist