chore: update LICENSE copyright to Trade 2026#111
Merged
Conversation
The project was scaffolded from an Optimism template but is original work. Update copyright holder from Optimism to Trade and year to 2026.
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Plus Run ID: 📒 Files selected for processing (1)
💤 Files with no reviewable changes (1)
WalkthroughUpdated the LICENSE copyright attribution to "Copyright 2026 Trade" and removed the ChangesLicense Copyright Update
CodeQL Workflow Update
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Scanned FilesNone |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
CodeQL is a required check for all PRs. With a path filter, PRs that only touch files outside the filter (e.g. LICENSE, README) are blocked indefinitely waiting for CodeQL results that never come. Remove the pull_request path filter so CodeQL always runs on PRs. Keep the push path filter to avoid unnecessary runs on branch pushes.
iap
added a commit
that referenced
this pull request
May 17, 2026
* chore(deps): bump actions/setup-node from 5 to 6
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 5 to 6.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v5...v6)
---
updated-dependencies:
- dependency-name: actions/setup-node
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump actions/upload-artifact from 4 to 7
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 7.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v7)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-version: '7'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump actions/checkout from 5 to 6
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v5...v6)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump actions/github-script from 7 to 9
Bumps [actions/github-script](https://github.com/actions/github-script) from 7 to 9.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v7...v9)
---
updated-dependencies:
- dependency-name: actions/github-script
dependency-version: '9'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump the frontend-minor-patch group with 13 updates
Bumps the frontend-minor-patch group with 13 updates:
| Package | From | To |
| --- | --- | --- |
| [@eth-optimism/viem](https://github.com/ethereum-optimism/ecosystem/tree/HEAD/packages/viem) | `0.3.2` | `0.4.15` |
| [@radix-ui/react-separator](https://github.com/radix-ui/primitives) | `1.1.2` | `1.1.8` |
| [@radix-ui/react-slot](https://github.com/radix-ui/primitives) | `1.1.2` | `1.2.4` |
| [@tailwindcss/vite](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite) | `4.0.6` | `4.2.4` |
| [@tanstack/react-query](https://github.com/TanStack/query/tree/HEAD/packages/react-query) | `5.66.0` | `5.100.8` |
| [abitype](https://github.com/wevm/abitype) | `1.0.8` | `1.2.4` |
| [tailwind-merge](https://github.com/dcastil/tailwind-merge) | `3.0.1` | `3.5.0` |
| [tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss) | `4.0.6` | `4.2.4` |
| [viem](https://github.com/wevm/viem) | `2.23.1` | `2.48.8` |
| [eslint-plugin-react-refresh](https://github.com/ArnaudBarre/eslint-plugin-react-refresh) | `0.4.19` | `0.5.2` |
| [mprocs](https://github.com/pvolok/mprocs) | `0.7.2` | `0.9.2` |
| [prettier](https://github.com/prettier/prettier) | `3.5.0` | `3.8.3` |
| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.24.0` | `8.59.1` |
Updates `@eth-optimism/viem` from 0.3.2 to 0.4.15
- [Changelog](https://github.com/ethereum-optimism/ecosystem/blob/main/packages/viem/CHANGELOG.md)
- [Commits](https://github.com/ethereum-optimism/ecosystem/commits/HEAD/packages/viem)
Updates `@radix-ui/react-separator` from 1.1.2 to 1.1.8
- [Changelog](https://github.com/radix-ui/primitives/blob/main/release-process.md)
- [Commits](https://github.com/radix-ui/primitives/commits)
Updates `@radix-ui/react-slot` from 1.1.2 to 1.2.4
- [Changelog](https://github.com/radix-ui/primitives/blob/main/release-process.md)
- [Commits](https://github.com/radix-ui/primitives/commits)
Updates `@tailwindcss/vite` from 4.0.6 to 4.2.4
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.2.4/packages/@tailwindcss-vite)
Updates `@tanstack/react-query` from 5.66.0 to 5.100.8
- [Release notes](https://github.com/TanStack/query/releases)
- [Changelog](https://github.com/TanStack/query/blob/main/packages/react-query/CHANGELOG.md)
- [Commits](https://github.com/TanStack/query/commits/@tanstack/react-query@5.100.8/packages/react-query)
Updates `abitype` from 1.0.8 to 1.2.4
- [Release notes](https://github.com/wevm/abitype/releases)
- [Commits](https://github.com/wevm/abitype/compare/abitype@1.0.8...abitype@1.2.4)
Updates `tailwind-merge` from 3.0.1 to 3.5.0
- [Release notes](https://github.com/dcastil/tailwind-merge/releases)
- [Commits](https://github.com/dcastil/tailwind-merge/compare/v3.0.1...v3.5.0)
Updates `tailwindcss` from 4.0.6 to 4.2.4
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.2.4/packages/tailwindcss)
Updates `viem` from 2.23.1 to 2.48.8
- [Release notes](https://github.com/wevm/viem/releases)
- [Commits](https://github.com/wevm/viem/compare/viem@2.23.1...viem@2.48.8)
Updates `eslint-plugin-react-refresh` from 0.4.19 to 0.5.2
- [Release notes](https://github.com/ArnaudBarre/eslint-plugin-react-refresh/releases)
- [Changelog](https://github.com/ArnaudBarre/eslint-plugin-react-refresh/blob/main/CHANGELOG.md)
- [Commits](https://github.com/ArnaudBarre/eslint-plugin-react-refresh/compare/v0.4.19...v0.5.2)
Updates `mprocs` from 0.7.2 to 0.9.2
- [Release notes](https://github.com/pvolok/mprocs/releases)
- [Changelog](https://github.com/pvolok/mprocs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/pvolok/mprocs/compare/v0.7.2...v0.9.2)
Updates `prettier` from 3.5.0 to 3.8.3
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/3.5.0...3.8.3)
Updates `typescript-eslint` from 8.24.0 to 8.59.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.59.1/packages/typescript-eslint)
---
updated-dependencies:
- dependency-name: "@eth-optimism/viem"
dependency-version: 0.4.15
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: frontend-minor-patch
- dependency-name: "@radix-ui/react-separator"
dependency-version: 1.1.8
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: frontend-minor-patch
- dependency-name: "@radix-ui/react-slot"
dependency-version: 1.2.4
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: frontend-minor-patch
- dependency-name: "@tailwindcss/vite"
dependency-version: 4.2.4
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: frontend-minor-patch
- dependency-name: "@tanstack/react-query"
dependency-version: 5.100.8
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: frontend-minor-patch
- dependency-name: abitype
dependency-version: 1.2.4
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: frontend-minor-patch
- dependency-name: tailwind-merge
dependency-version: 3.5.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: frontend-minor-patch
- dependency-name: tailwindcss
dependency-version: 4.2.4
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: frontend-minor-patch
- dependency-name: viem
dependency-version: 2.48.8
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: frontend-minor-patch
- dependency-name: eslint-plugin-react-refresh
dependency-version: 0.5.2
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: frontend-minor-patch
- dependency-name: mprocs
dependency-version: 0.9.2
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: frontend-minor-patch
- dependency-name: prettier
dependency-version: 3.8.3
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: frontend-minor-patch
- dependency-name: typescript-eslint
dependency-version: 8.59.1
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: frontend-minor-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix(readiness): run pre-checks before contracts working directory exists
* fix(frontend): remove non-component export from button ui
* ci(security): add codeql and dependency review gates
* chore(security): add local slither install and core scan targets
* docs(phase1): add comprehensive contributor & deployment runbooks
Add Phase 1 foundation documentation for team scaling and professional maintenance:
CONTRIBUTING.md:
- Local development setup instructions (Node, Foundry, super-cli)
- Feature branch workflow with conventional commits
- Code standards (TypeScript, Solidity, Testing)
- PR submission checklist and review process
- Testing guidelines and test structure
- Troubleshooting for common dev issues
DEPLOYMENT.md:
- Step-by-step staging deployment runbook (OP Sepolia)
- Mainnet deployment procedures with gates
- Pre/post-deployment checklists
- Evidence generation and verification
- Monitoring and health checks
- Rollback procedures for emergency scenarios
- Comprehensive troubleshooting guide
- Command cheat sheet and timeline estimates
TROUBLESHOOTING.md:
- Development setup issues (pnpm, Node, Foundry, super-cli, git hooks)
- Smart contract issues (architecture guard, layering guard, Slither findings)
- Frontend development issues (port conflicts, TypeScript errors, module resolution)
- Testing issues (hanging tests, gas, balance)
- Deployment issues (insufficient funds, timeouts, RPC problems)
- CI/CD workflow issues (stuck workflows, secrets, version mismatches)
- Network & RPC issues (timeouts, contract not found, chain ID)
.github/CODEOWNERS:
- Enhanced documentation with clear sections
- Added review requirements annotations
- Better organization for team scaling
- Maintains strict single-owner model (ready for multi-owner when scaling)
Impact:
- Enables solo maintainer to self-document workflows
- Provides clear onboarding path for new contributors
- Establishes professional deployment procedures
- Reduces support burden with comprehensive troubleshooting
- Foundation for team collaboration (docs ready for team addition)
- Production-ready documentation for auditors and stakeholders
This commit fulfills Phase 1 foundation requirements:
✅ CONTRIBUTING.md created
✅ DEPLOYMENT.md runbook created
✅ TROUBLESHOOTING.md created
✅ CODEOWNERS enhanced and documented
Ready for: Phase 2 (interactive UI) and Phase 3 (security audit planning)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* chore(deps): bump github/codeql-action from 3 to 4 (#16)
Bump github/codeql-action from v3 to v4 to resolve Node.js 20 deprecation warnings on CI.
* chore(ci): bump dependency-review-action from v4 to v5
* chore(ci): disable CodeQL triggers until repo transferred to org with GHAS
* Enable org-transfer governance: CodeQL, Gitleaks, release-gate container, and verification scripts (#19)
* docs: replace roadmap with lean security next-steps guide
* fix(docs): remove duplicate required-check entries in BRANCHING.md
* fix(ci): add USER root in release-gate Dockerfile for apt-get permissions
* ci(security): fix dependency review tag and use OSS gitleaks CLI
* ci(security): fix gitleaks PATH on github runner
* ci(security): run gitleaks scan via docker image
* ci(security): remove hardcoded key and scope gitleaks to workspace
* ci(contracts): fix anvil key extraction for release check
* ci(contracts): require 64-byte anvil private key extraction
* ci: always run contracts/frontend checks on protected branches (#21)
* ci: phase-1 reusable workflows for frontend, slither, and secrets scan (#23)
* ci: extract reusable frontend/slither/secrets workflows
* ci(security): apply codereview pinning and permissions fixes
* fix(contracts): bridge approval safety + IRYLA interface decoupling
- Wrap sendERC20 in try/catch; clear approval and revert with BridgeFailed() on failure
- Extract IRYLA interface (inherits IERC20); MARKSettlementModule decoupled from concrete RYLA type
- Add unit test for BridgeFailed catch branch
* docs: sync governance and CI docs with current protections
- Add missing required checks (Secrets Drift Guard, Release Gate Container) to all branch matrices
- Fix Analyze (JavaScript/TypeScript) casing to match canonical check names
- Fixes Validate Governance Policy Consistency CI check
* chore(deps): bump frontend minor/patch dependencies
105 minor and patch updates including:
- @tanstack/react-query 5.100.8 → 5.100.9
- typescript-eslint 8.59.1 → 8.59.2
- bufferutil 4.0.9 → 4.1.0
- jiti 2.6.1 → 2.7.0
- lockfile resolutions updated accordingly
All CI checks pass on Node 20 and 22.
* fix(deps): bump vite 6.1.0 → 6.4.2 (security)
Fixes high-severity arbitrary file read CVE and medium-severity path traversal in vite dev server.
* test(contracts): add missing unit test coverage
71 tests (was 59). Covers zero-input guards, exact error selectors, accumulator resets, supportsInterface, and isMint flag binding.
* chore(governance): migrate CODEOWNERS to @trade/maintainers team
Replaces @iap with @trade/maintainers across all CODEOWNERS entries. Team created with maintain permission on repo.
* chore(ci): switch CodeRabbit to assertive profile
profile: chill → assertive, request_changes_workflow: false → true
* fix(docs): add VALIDATE_MODE to staging checklist prerequisites
Adds missing VALIDATE_MODE env var to staging checklist. Clarifies operator/attester rotation step with RUNBOOK.md reference. Removes trailing newline from package.json.
* chore(docs): remove stale pre-transfer planning documents
Removes TRANSFER_NOW_CHECKLIST.md, ORG_TRANSFER_SECURITY_CHECKLIST.md, SECURITY_NEXT_STEPS.md, PROJECT_REVIEW.md — all completed with the org transfer on May 6, 2026.
* chore(governance): clean up CODEOWNERS
Remove decorative section dividers, redundant comments, and duplicate entry. Consolidate contract path globs.
* fix(ci): workflow correctness and consistency fixes
Pin slither-analyzer==0.11.5, fix secrets-drift-guard false positives, fix verify-governance.sh dismiss_stale_reviews on dev, add canary to evidence-manifest trigger, fix inputs context, fix wait-port, add pull_request_target comments, add Docker layer caching.
* feat(contracts): migrate AttestedSettlementVerifier to EIP-712
Replace hybrid EIP-191 pattern with standard EIP-712 typed data signing. Expose settlementDigest() for off-chain signers. Add NatSpec on proof encoding and contextHash. 71 tests pass.
* chore: improve gitignore coverage
Add .env/.env.*/*.env and supersim-logs/ to root gitignore. Add coverage/ to contracts gitignore.
* fix(ci): reliability and correctness fixes
Add timeout-minutes:15 to stuck jobs, replace rg with grep -Eo in smoke script, pin slither==0.11.5 in Makefile, add explicit invariant runs=256 to foundry.toml.
* chore(deps): ignore transitive alerts from super-cli
Ignore @hono/node-server, drizzle-orm, @stablelib/ed25519 scoped to vulnerable versions — all transitive from super-cli dev tool, no upstream fix available.
* docs: add SECURITY.md
Reporting channel, scope, response SLA, and supported versions.
* chore(deps): bump @types/node from 22.13.1 to 25.6.1
Type definitions update.
* chore(deps): bump typescript from 5.7.3 to 6.0.3
Add ignoreDeprecations:6.0 for baseUrl deprecation warning.
* chore(deps): bump frontend-minor-patch group
viem, debug, and other minor/patch updates.
* chore(deps): bump docker/setup-buildx-action from 3 to 4
Node 24 runtime update.
* chore(deps): bump frontend-minor-patch group
Minor/patch frontend dependency updates.
* fix: stale references and check name mismatches
Remove chainId double-encoding from AttestedSettlementVerifier, fix stale iap/mark URLs, fix governance script check names to match actual CI output.
* test(contracts): add bridge integration test against supersim
Exercises MARKBridgeAdapter against live SuperchainTokenBridge on two supersim forks. Verifies cross-chain token transfer and rate limit enforcement.
* test(contracts): add bridge adapter invariant fuzz tests
Three invariants covering rate limiting: daily cap never exceeded, accumulator consistent with cap, zero address never holds operator role. 74 tests pass.
* fix(governance): sync check lists and fix ruleset condition
Fix ruleset condition bug (canary/main now covered), sync apply-governance.sh and verify-governance.sh with live branch protection, fix frontend check name prefix in docs.
* chore(governance): document new ruleset structure
Two focused rulesets: branch-protection (CodeQL alert gate) and tag-protection (v* tags). Replaces the broken develop ruleset.
* feat(token): rename RYLA display name to 'RYLA Credits'
name() returns 'RYLA Credits', symbol stays 'RYLA'. Test and verification script updated.
* test
Documents key roles and trust assumptions, attester key rotation
procedure, break-glass procedure, production mode implications,
and key storage recommendations for auditors and operators.
* fix(ci): use matrix language as CodeQL job name
Produces consistent check name 'Analyze (javascript-typescript)' matching branch protection requirements.
* chore(config): harden staging profile and document environment setup
Remove PRIVATE_KEY from staging.env, fix bridge destination to OP Sepolia, add key separation docs, fix env guard and drift guard for CI validation.
* feat(frontend): replace dev dashboard with protocol info page
Protocol info page with pre-production status, contract descriptions, and resource links. Providers updated to optimism/optimismSepolia.
* chore(docs): cleanup and NatSpec improvements
Fix README clone URL and naming, remove stale date from CONTRIBUTING.md, add eip712Domain NatSpec and no-pause design decision docs.
* fix(contracts): document setVerifier interface check limitation
Add @dev comment explaining code.length check rejects EOAs but not non-conforming contracts.
* docs: add protocol philosophy to README
Code is a rule. No DAO, no drama. Don't Trust, Verify.
* fix(ci): add working-directory override to pre-checkout branch enforcement steps
Fixes pre-checkout branch check failing with 'No such file or directory' in staging and production workflows.
* fix(ops): enable post-deploy in rehearse-production-lock
Enable MARK_RELEASE_RUN_POSTDEPLOY so activateProductionMode() is called during rehearsal.
* fix(ops): export deployed verifier address to env before PostDeployMARKSetup
Fixes VerifierRequiredWhenProofEnabled during staging rehearsal.
* fix(ci): exclude Anvil default key from secrets drift guard
Syncs Anvil key exclusion to dev.
* test
THREAT_MODEL.md: trust boundaries, role compromise impact, external
dependencies, invariants, and explicit out-of-scope items.
KNOWN_ISSUES.md: six accepted design decisions with rationale —
attested verifier as ZK placeholder, no-pause design, setVerifier
interface check limitation, counter overflow analysis, timestamp
epoch manipulation, and transitive dep alerts.
* fix(docs): correct two inaccurate invariants in THREAT_MODEL.md
consumedIntents is set after proof validation, not before. Module balance invariant is per-operation, not absolute zero.
* fix(contracts): move consumedIntents assignment before external call (CEI)
Follows CEI pattern — marks intent consumed before external verifier call. No behaviour change for current view verifier.
* chore(governance): set canary to 0 required approvals for solo maintainer
Solo dev cannot self-approve. CI checks are the gate. Restore to 1 when second team member joins.
* docs(contracts): add NatSpec to settleMint and settleBurn
Documents pre-approval requirement for settleBurn.
* fix(ops): wait for tx confirmation in staging rehearsal
Add --slow to forge script broadcast so Foundry waits for each transaction receipt before the verify step runs.
* fix(governance): set all branches to 0 required approvals
Solo maintainer cannot approve own PRs. CI gates are the enforcement mechanism. Removes MAIN_REVIEW_COUNT/DEV_REVIEW_COUNT vars, adds approval count verification to verify-governance.sh.
* fix(governance): restrict direct pushes to trade/maintainers team
Restricts direct pushes on all branches to trade/maintainers team. Removes unused helper functions. verify-governance.sh now checks push restriction team slug.
* fix(deps): update drizzle-orm dependabot ignore rule to 0.38.4
drizzle-orm@0.38.4 is transitive from @eth-optimism/super-cli. Updated ignore rule to match installed version. All four Dependabot alerts dismissed as tolerable risk.
* feat(contracts): add Groth16SettlementVerifier
Adds Groth16SettlementVerifier implementing IUTXOSettlementVerifier via swappable IGroth16Verifier. 12 unit tests passing. AttestedSettlementVerifier remains active production verifier.
* feat(circuits): add UTXOSettlement circom circuit
Adds UTXOSettlement circom circuit. Poseidon-based UTXO ownership proof. 602 constraints, 6 witness tests passing.
* feat(contracts): add MARKPool ZK UTXO pool domain
Adds MARKPool shielded RYLA transfer pool. 88 unit tests passing.
* fix(contracts): rewrite MARKPool for MARK's 4-signal circuit
Rewrites MARKPool from scratch for MARK's own UTXOSettlement circuit. UTXOVerifier.sol regenerated from MARK's own trusted setup. 84 unit tests passing.
* fix(circuits): add range constraints and isMint burn path
Range constraints on recipient/chainId/settlementModule/amount. isMint burn path in MARKPool. Trusted setup rerun. 84 tests passing.
* feat(pool): add MARKPool ZK UTXO pool domain (#100)
* feat(pool): add MARKPool ZK UTXO pool domain
Introduces the full pool domain for private RYLA transfers:
Contracts:
- MARKPool: ZK UTXO pool with Merkle tree, fee policy, bridge-out/in,
withdraw binding, AccessManaged access control
- MARKWithdrawAdapter: EIP-712 signature-based withdrawal adapter
- RYLACreditLedger: ICreditLedger adapter bridging MARKPool to RYLA
mint/burn; restricted to pool caller only (onlyPool)
- PoolFeePolicy, PoolPublicInputs, PoolValidation: pool support libraries
- MARKPoolVerifier: Groth16 verifier generated from MARKPool circuit
(13 public signals, pot15 trusted setup)
Interfaces: ICreditLedger, IVerifier, IPoolBridge, IPoolNullifier
Crypto: MerkleTree (Poseidon, depth-20), ProofUtils, PoseidonT3
Circuit:
- circuits/mark/MARKPool.circom: MARK-native UTXO circuit (depth=20,
2-in/2-out, 13 public signals); renamed from prototype utxo.circom,
domain constants documented as permanent, hardcoded fee policy removed
- circuits/setup.mjs: trusted setup script (pot15)
- circuits/test/MARKPool.test.mjs: 13 witness tests
CI: circuits-ci.yml runs witness tests on every PR
Tests: MARKPool.t.sol (22), MARKWithdrawAdapter.t.sol (9),
RYLACreditLedger.t.sol (8)
* fix(pool): fix PoolErrors, domain separators, remove dead code
- PoolErrors.sol: rewrite to match Pool.sol, PoolValidation.sol, and
MerkleTree.sol — adds 25 missing errors (build was broken), removes
18 errors only used by the old MARKPool prototype
- MARKPool.sol: rename domain separator Pool.WithdrawBinding.v1 to
MARKPool.WithdrawBinding.v1 (permanent, must be set before deploy)
- MARKWithdrawAdapter.sol: rename domain separator
WithdrawAdapter.Intent.v1 to MARKWithdrawAdapter.Intent.v1
- UTXOVerifier.sol: delete (built for old 4-signal circuit, wrong
interface, superseded by MARKPoolVerifier.sol)
- IUTXOVerifier.sol: delete (superseded by IVerifier.sol)
- UTXOSettlement.circom: delete (superseded by MARKPool.circom)
- Groth16SettlementVerifier.sol: update stale comment
- KNOWN_ISSUES.md: add KI-7 (two-circuit architecture), KI-8 (pool
domain access control model)
- foundry.toml: via_ir = true for pool domain compilation
* fix(pool): immutable naming, deploy script, docs, invariants, arch guard
- MARKPool, MARKWithdrawAdapter: rename immutables to SCREAMING_SNAKE_CASE
(assetLedger->ASSET_LEDGER, proofPool->PROOF_POOL)
- MARKPool: remove _assetLedger from constructor; add setAssetLedger()
one-time restricted setter to break circular deploy dependency with
RYLACreditLedger
- DeployMARKPool.s.sol: full deployment script for pool domain
(AccessManager, MARKPool, RYLACreditLedger, MARKWithdrawAdapter)
- MARKPool.sol: add withdrawal flow NatSpec (burn-to-claim model)
- ARCHITECTURE.md: add pool/withdraw domains, dependency rules, and
withdrawal flow section
- MARKPoolInvariants.t.sol: 3 invariants (nullifiers never unspent,
withdraw bindings immutable, root queue only grows)
- architecture-guard.sh: add pool->settlement/bridge and
withdraw->settlement/bridge isolation rules
* fix(pool): fix deploy script role grant and ASSET_LEDGER null guard
- DeployMARKPool.s.sol: grant POOL_ADMIN_ROLE to deployer during setup
so setAssetLedger/setIntentSigner calls succeed when deployer != owner;
revoke deployer role after setup completes
- MARKPool._applyFee: revert InvalidAssetLedger if ASSET_LEDGER is not
set and a non-zero fee is applied (prevents silent call to address(0))
* fix(ci): compile circuit before running witness tests
circuits/build/ is gitignored so the WASM and witness_calculator.js
are not in the repo. Add circom install and npm run build steps before
npm test so CI compiles the circuit fresh on each run.
* fix(ci): create build dir before circom compile
* refactor(pool): pre-merge improvements
- Rename immutables to SCREAMING_SNAKE_CASE: assetLedger->ASSET_LEDGER,
proofPool->PROOF_POOL (MARKPool.sol, MARKWithdrawAdapter.sol)
- MARKPool: remove _assetLedger from constructor, add setAssetLedger()
one-time restricted setter to break circular deploy dependency with
RYLACreditLedger
- MARKPool: add withdrawal flow documentation to contract NatSpec
- ARCHITECTURE.md: add pool/withdraw domains, dependency rules, and
withdrawal flow explanation
- DeployMARKPool.s.sol: deployment script for MARKPool, RYLACreditLedger,
MARKWithdrawAdapter with AccessManager configuration
- MARKPoolInvariants.t.sol: 3 invariants (nullifiers never unspent,
withdraw bindings immutable, root queue only grows)
- architecture-guard.sh: add pool and withdraw domain isolation rules
* chore(pool): update circuits CI, setup, and pool errors
- circuits-ci.yml: updated to run MARKPool witness tests
- circuits/package.json: build/test scripts point to MARKPool.circom
- circuits/setup.mjs: updated for MARKPool.circom trusted setup
- circuits/test/MARKPool.test.mjs: cleaned up test file
- contracts/KNOWN_ISSUES.md: updated KI-7 for current two-circuit state
- contracts/src/pool/errors/PoolErrors.sol: add missing blank line
* fix(pool): address CodeRabbit review findings
- circuits-ci.yml: fix circom install permissions (use sudo mv to
/usr/local/bin instead of direct write which fails on GH Actions)
- PoolErrors.sol: add clarifying comment to FixedFeePolicy explaining
it fires when minFee > 1 (not a fee-rate policy, a range guard)
- MARKWithdrawAdapter.sol: document personal_sign intent on
computeWithdrawIntentDigest (EIP-191 is intentional, not EIP-712)
bridgeIn replay protection finding: already fixed in current code
(processedBridgeMessages mapping + check at line 390) — stale finding.
* fix(pool): address second round CodeRabbit findings
- setup.mjs: use crypto.randomBytes for ceremony entropy (Date.now is
predictable), add mkdirSync for build/, fix EJS template loading to
use readFileSync instead of dynamic import with assert (unsupported
in Node 20/22/24 ESM)
- circuits-ci.yml: pin circom to v2.2.3 instead of latest, add version
verification step
- KNOWN_ISSUES.md: fix misleading 'settlement-specific verifier' wording
— MARKPoolVerifier is a shared pool verifier, not settlement-specific
- MARKPool.sol: fix NatSpec EIP-712 reference to EIP-191 (personal_sign)
* feat(pool): add pool E2E test, fix RYLACreditLedger caller model
RYLACreditLedger:
- Separate credit (pool-only) and debit (adapter-only) callers
- Add setAdapter() one-time setter to break circular deploy dependency
(adapter constructor needs ledger, ledger needs adapter address)
- Add AdapterAlreadySet error
DeployMARKPool.s.sol:
- Call ledger.setAdapter(adapter) after adapter deployment
Tests:
- RYLACreditLedger.t.sol: updated for new caller model, 11 tests
- MARKWithdrawAdapter.t.sol: add setAdapter call in setUp
- MARKPoolE2E.t.sol: full withdrawal flow E2E test (3 tests)
- testFullWithdrawalFlow: mint RYLA -> transactWithWithdrawBinding
-> withdrawWithSig -> verify RYLA burned, ETH received
- testNullifierReplayRejected
- testBindingMismatchRejected
134/134 tests pass
* feat(pool): add ReleasePool.s.sol orchestrator and pool env vars
- ReleasePool.s.sol: release orchestrator for pool stack following the
same pattern as ReleaseMARK.s.sol — preflight checks, deploy via
DeployMARKPool, post-deploy verification (wiring checks + RYLA roles),
JSON artifact write
- .env.example: add pool stack env vars (MARK_POOL_VERIFIER,
MARK_POOL_OWNER, MARK_POOL_INTENT_SIGNER, release flags, artifact
path, post-deploy verify addresses)
* fix(pool): security fixes and dead code removal
RYLACreditLedger:
- Add OWNER immutable (set to msg.sender in constructor)
- Restrict setAdapter to OWNER to prevent front-running between
deployment and the setAdapter call in the release script
- Add testSetAdapterRevertsForNonOwner test
- Add clarifying NatSpec to totalCreditsOutstanding explaining it
tracks only flows through this ledger, not total RYLA supply
MARKWithdrawAdapter:
- Move ETH transfer before ASSET_LEDGER.debit — if ETH transfer
fails, RYLA is no longer burned (was a loss-of-funds bug)
MARKPool:
- Remove dead _seedRoot function (defined but never called)
- Add NatSpec to computePublicInputsWithWithdraw clarifying
chainId vs dstChainId semantics
* fix(test): fix nullifier replay test to use fresh signatures
testNullifierReplayRejected was reusing signatures computed for nonce N
in the second withdrawWithSig call with nonce N+1, causing a NonceMismatch
revert instead of exercising nullifier replay protection. Now recomputes
the intent hash and signs with the updated nonce so the revert is caused
by NullifierAlreadyClaimed as intended.
* fix(pool): guard totalCreditsOutstanding against underflow
* feat(pool): add pool release CI check and deploy script tests
contracts-ci.yml:
- Add pool release dry-run and execute smoke steps to the
contracts-release-check job, reusing the Anvil instance and
RYLA token deployed by the settlement release step
- Assert pool release artifact schema (pool, ledger, adapter addresses)
MARKPoolDeployScripts.t.sol:
- testDeployMARKPoolWiresAllContracts: verifies all contract wiring
(pool<->ledger, ledger<->adapter, RYLA roles)
- testDeployMARKPoolSetsIntentSignerWhenProvided: verifies intent signer
is configured when MARK_POOL_INTENT_SIGNER is set
- testDeployMARKPoolRevertsWhenMissingTokenAdmin: verifies preflight
check rejects deployer without RYLA admin role
138/138 tests pass
* fix(pool): address final CodeRabbit findings
- contracts-ci.yml: remove '|| true' from pool release dry-run step;
use the deployed settlement module address as verifier (a real contract)
so the preflight code.length check passes without masking failures
- RYLACreditLedger.sol: fix NatSpec on totalCreditsOutstanding to
accurately describe accounting scope — _totalBurned can exceed
_totalMinted if RYLA is burned via other paths (e.g. settlement module)
* fix(ci): fix pool release CI failure and address CodeRabbit finding
contracts-ci.yml:
- Add --skip-simulation to pool release broadcast — PoseidonT3 (55,856
bytes) exceeds EIP-170 limit and cannot be deployed without refactoring
to a linked library; --skip-simulation tests script orchestration only
- Fix jq assertion to use regex validation instead of zero-address check,
rejecting null values and validating hex address format
KNOWN_ISSUES.md:
- Add KI-8 documenting PoseidonT3 contract size issue and required fix
before mainnet (deploy as standalone contract, call via interface)
* fix(ci): remove pool execute smoke, fix jq assertion, fix KI-7 wording
contracts-ci.yml:
- Remove pool release execute smoke step — MARKPool (24,841 bytes) and
PoseidonT3 (55,856 bytes) exceed EIP-170 limit and cannot be broadcast
to Anvil; pool deploy requires PoseidonT3 refactor (KI-8) first
- Keep pool release dry-run only (validates script logic and preflight)
- Remove the now-unused artifact assertion step
KNOWN_ISSUES.md:
- Fix KI-7: both pool and settlement systems use the same MARKPool
circuit — remove implication of distinct circuit designs
* fix(pool): add code.length checks to RYLACreditLedger constructor and setAdapter
Prevents EOAs from being set as TOKEN, POOL, or ADAPTER.
Adds InvalidContract error. 3 new tests cover the EOA rejection cases.
setUp uses vm.etch to give mock addresses contract bytecode.
* fix(contracts): harden settlement verifier flow and CI reliability
* fix(review): address open CI and pool verifier feedback
* refactor(pool): rename min fee guard error for clarity
* fix(pool,settlement): replace require strings and wrong errors with custom errors
PoolFeePolicy:
- Replace require(maxFeeBurnBps != 0, string) and require(feeBurnBps <= maxFeeBurnBps, string)
with custom error FeePolicyInvalidBps() — consistent with codebase style, lower gas
Groth16SettlementVerifier:
- Replace ZeroAddress() with VerifierNotAContract() for verifierContract code.length check
- Replace ZeroAddress() with SettlementModuleNotAContract() for settlementModule code.length check
- ZeroAddress was semantically wrong for non-zero addresses that have no code
* ci: trigger fresh CI run
* docs(pool): correct KI-8 — MARKPool itself is over EIP-170 size limit
Investigation: MARKPool is 24,960 bytes (over 24,576 limit) even without
PoseidonT3 inlining. via_ir=true already prevents PoseidonT3 from being
inlined. The fix requires splitting MARKPool into smaller contracts, not
just extracting PoseidonT3 as a standalone contract. Both are required.
* fix(pool): reduce MARKPool below EIP-170 size limit (24200 < 24576 bytes)
Size reductions (24961 -> 24200 bytes, -761 bytes):
- Remove redundant verifierAddr.code.length check in _verifyAndConsume
(already validated in setVerifier, cannot change after deployment)
- Remove redundant tail != rootQueueTail guard in _insertCommitmentsValidated
(always true after inserting 2 commitments)
- Inline _requireCommitmentsValid wrapper (single-line delegation)
- Inline _insertCommitments wrapper (only called from bridgeIn)
- Remove computePublicInputs and computePublicInputsWithWithdraw public
view functions from MARKPool — _buildPublicInputs now calls
PoolPublicInputs.build directly; off-chain callers use PoolPublicInputs
Bug fixes:
- PoolValidation: move NullifierDuplicate check before the loop so
duplicate nullifiers get the precise error, not NullifierUsed
- MARKPool.pause(): document that unpause() does NOT auto-restore
withdrawals (intentional asymmetry, requires explicit unpauseWithdrawals)
* fix: address CodeRabbit findings (circuits, Makefile, architecture-guard)
circuits/test/MARKPool.test.mjs:
- Remove unused buildMerklePath helper (tests use buildTwoLeafRoot)
circuits/setup.mjs:
- Add r1cs existence check before trusted setup with clear error message
contracts/Makefile:
- Restore test-core to exclude invariant tests (--no-match-path)
so ci-fast remains fast as documented
contracts/script/ci/architecture-guard.sh:
- Tighten all four import regexes to handle optional leading whitespace
and any number of ../ segments (prevents bypass via indented imports
or deeper relative paths)
* fix: address remaining CodeRabbit findings
contracts/src/pool/MARKPool.sol:
- setVerifier: add code.length check (consistent with constructor)
circuits/test/MARKPool.test.mjs:
- expectFail: only treat constraint/assertion failures as PASS;
rethrow other errors so regressions surface
contracts/KNOWN_ISSUES.md:
- KI-7: separate design capability from configuration state for
settlement system wording
* fix(circuits): lowercase error message comparison in expectFail
* docs(deployment): add Groth16SettlementVerifier wiring step (Step 18)
Documents the two post-deploy calls required to activate ZK-based
settlement: setSettlementModule and setVerifierContract on
Groth16SettlementVerifier, then setVerifier on MARKSettlementModule.
AttestedSettlementVerifier remains the fallback until wiring is complete.
* fix(settlement): return false on malformed proof in Groth16SettlementVerifier (#101)
abi.decode reverts on malformed/short proof bytes, which propagated
through MARKSettlementModule as a raw error instead of VerificationFailed.
Fix: check proof.length == 672 before decoding (fixed ABI encoding size:
uint256[2]+uint256[2][2]+uint256[2]+uint256[13] = 64+128+64+416 = 672).
Malformed proofs now return false cleanly.
Tests: testVerifySettlementReturnsFalseForMalformedProof,
testVerifySettlementReturnsFalseForEmptyProof
* fix(ci): exclude integration tests from test-core target (#102)
test-core was running integration tests (which require supersim on port 9545)
because --no-match-path on the command line overrides foundry.toml's
no_match_path setting rather than adding to it.
Use brace glob to exclude both invariant and integration tests.
* fix(test): remove unverifiable cross-chain assertion from integration test (#103)
testBridgeToTransfersTokensCrossChain switched to fork B and checked the
recipient balance, but Foundry fork tests cannot simulate supersim's async
message relay — the contract simply doesn't exist on the other fork.
Fix: assert only the source-chain burn (which is fully verifiable in a fork
test). Add a NatSpec note explaining the relay limitation.
* docs(pool): correct KI-8 — PoseidonT3 inlined via via_ir, MARKPool deployable (#104)
* docs(pool): correct KI-8 — PoseidonT3 is inlined via via_ir, MARKPool is deployable
via_ir=true causes the compiler to inline PoseidonT3 into MARKPool rather
than deploying it as a linked library. MARKPool has no link references and
is 24,298 bytes (278 bytes under EIP-170). KI-8 was based on an earlier
state where MARKPool exceeded the limit.
Updated KI-8 to reflect accurate current state and note the tight margin.
* refactor(crypto): use >>= 1 instead of /= 2 in MerkleTree insert
* security: harden pool domain before testnet (#105)
* security: harden pool domain before testnet
- Add pool/withdraw/Groth16 contracts to slither-core scope
- Document all slither exclusion rationale in Makefile
- RYLACreditLedger: add Credit/Debit events, move before external calls (CEI)
- MARKWithdrawAdapter: add test for recipient zero-check (existing check, missing test)
- THREAT_MODEL.md: add pool stack overview, trust boundaries, role compromise
impact, and 3 new invariants (nullifier replay, withdraw binding, debit approval)
* fix(ci): use per-contract slither exclusions instead of global
CodeRabbit correctly noted that global exclusions could suppress actionable
findings in newly added contracts. Refactored slither-core to apply only
the relevant exclusions per contract. Also added arbitrary-send-erc20 to
MARKSettlementModule and RYLACreditLedger (both use safeTransferFrom with
prior approval — not arbitrary).
* fix(ci): add set -e to slither-core, fix preflight to use python3 -m slither
Without set -e, a failing early slither invocation would be masked if the
final command succeeds. Also align the preflight check with the actual
invocation (python3 -m slither, not command -v slither).
* ci: fix 4 workflow issues pre-testnet (#106)
* ci: fix 4 workflow issues pre-testnet
1. Sync _reusable-contracts-slither.yml with Makefile
- Delegate to 'make slither-core' (single source of truth)
- Now covers all 8 contracts with per-contract exclusions
- Previously only scanned 4 settlement contracts with global exclusions
2. Enable pool execute smoke in contracts-ci.yml
- KI-8 resolved: via_ir inlines PoseidonT3, MARKPool is 24,298 bytes
- Pool broadcast to Anvil now works; remove stale blocker comment
3. Fix integration test readiness check
- Wait on ports 9545/9546 (actual RPC ports) not 8420 (admin port)
- Use nc loop consistent with anvil readiness pattern
4. Pin foundry-rs/foundry-toolchain to v1.8.0 commit SHA
- Floating @v1 could silently break on Foundry breaking changes
- Pinned: c7450ba673e133f5ee30098b3b54f444d3a2ca2d (v1.8.0)
* fix(ci): remove foundry version input from reusable slither workflow
The version input was passed as 'v1.8.0' to the action's 'version' input
which expects a Foundry binary tag (e.g. 'stable', 'nightly'), not the
action version. This caused foundryup to fail extracting the tar archive.
Use the action's default Foundry version instead.
* fix(ci): revert pool execute smoke — Foundry rejects PoseidonT3 artifact size
forge create/broadcast checks all library artifacts for EIP-170 compliance.
PoseidonT3 is 55,856 bytes as a standalone artifact even though via_ir inlines
it into MARKPool at compile time. The broadcast is blocked before deployment.
Keep dry-run only. Update KI-8 with the precise diagnosis.
* fix(pool): resolve PoseidonT3 deployment blocker via external interface (#107)
PoseidonT3 is a Solidity library with a public function — it gets deployed
as a separate linked contract (55,856 bytes) which exceeds EIP-170 (24,576).
This blocked all pool deployments.
Fix: replace the library call with an external interface (IPoseidonT3).
MerkleTree now stores the Poseidon contract address in the Tree struct and
calls it via DELEGATECALL-free external call. MARKPool constructor accepts
a _poseidon address parameter.
Default deployment address: 0xB43122Ecb241DD50062641f089876679fd06599a
This is Semaphore's PoseidonT3 (PSE/Ethereum Foundation), deployed at the
same address on all EVM networks via CREATE2. Verified compatible with our
implementation: hash([0,0]) and hash([1,2]) produce identical outputs.
MARKPool now has zero link references and is fully self-contained.
MARKPool size: 24,231 bytes (345 bytes margin under EIP-170).
Tests: deployCode('PoseidonT3.sol:PoseidonT3') in test setUp bypasses
EIP-170 (Foundry test runner does not enforce the limit).
* chore(circuits): remove stale UTXOSettlement artifacts (#108)
* chore(circuits): remove stale UTXOSettlement artifacts
UTXOSettlement circuit is superseded by MARKPool.circom.
Remove the stale test file and old verification key artifact.
The utxo/ source and build/ artifacts are already gitignored.
* ci: trigger Release Gate Container for circuits-only PRs
Add circuits/** to path filter so the required check runs and passes
when only circuit files change (no contracts affected).
* ci: add circuits/** to push paths for consistency
* ci: remove path filter from release gate pull_request trigger
* ci: add circuits/** to CodeQL path filter to unblock circuits-only PRs
* fix: address codebase review findings (#109)
Bug: RYLACreditLedger.debit() — move _totalBurned update before
safeTransferFrom to follow CEI pattern. Previously the state update
happened after the external call, creating a reentrancy window where
_totalBurned was not yet incremented during the transfer callback.
Docs: KNOWN_ISSUES.md KI-8 — update stale size figures and description.
MARKPool is now 24,231 bytes (345 bytes margin). PoseidonT3 is no longer
inlined via via_ir; MerkleTree calls it via IPoseidonT3 interface at
0xB43122... (Semaphore, same address on all EVM networks).
Tests: add testConstructorRevertsOnZeroPoseidon and
testConstructorRevertsOnEOAPoseidon to MARKPool.t.sol — the _poseidon
constructor parameter added in PR #107 had no test coverage.
* ci: pin action-shellcheck to commit SHA (#110)
* ci: pin action-shellcheck to commit SHA
ludeeus/action-shellcheck@2.0.0 was pinned by version tag only.
Tags are mutable — a compromised tag could point to malicious code.
Pin to the immutable commit SHA (00cae50) for supply chain safety.
* ci: trigger CodeQL for all .github/workflows/** changes
* chore(deps): bump actions/dependency-review-action from 4 to 5 (#90)
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4 to 5.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](https://github.com/actions/dependency-review-action/compare/v4...v5)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump the frontend-minor-patch group across 1 directory with 21 updates (#91)
Bumps the frontend-minor-patch group with 6 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [@tailwindcss/vite](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite) | `4.2.4` | `4.3.0` |
| [tailwind-merge](https://github.com/dcastil/tailwind-merge) | `3.5.0` | `3.6.0` |
| [tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss) | `4.2.4` | `4.3.0` |
| [baseline-browser-mapping](https://github.com/web-platform-dx/baseline-browser-mapping) | `2.10.27` | `2.10.29` |
| [electron-to-chromium](https://github.com/Kilian/electron-to-chromium) | `1.5.352` | `1.5.353` |
| [get-east-asian-width](https://github.com/sindresorhus/get-east-asian-width) | `1.5.0` | `1.6.0` |
Updates `@tailwindcss/vite` from 4.2.4 to 4.3.0
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/packages/@tailwindcss-vite)
Updates `tailwind-merge` from 3.5.0 to 3.6.0
- [Release notes](https://github.com/dcastil/tailwind-merge/releases)
- [Commits](https://github.com/dcastil/tailwind-merge/compare/v3.5.0...v3.6.0)
Updates `tailwindcss` from 4.2.4 to 4.3.0
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/packages/tailwindcss)
Updates `@tailwindcss/node` from 4.2.4 to 4.3.0
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/packages/@tailwindcss-node)
Updates `@tailwindcss/oxide-android-arm64` from 4.2.4 to 4.3.0
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/crates/node/npm/android-arm64)
Updates `@tailwindcss/oxide-darwin-arm64` from 4.2.4 to 4.3.0
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/crates/node/npm/darwin-arm64)
Updates `@tailwindcss/oxide-darwin-x64` from 4.2.4 to 4.3.0
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/crates/node/npm/darwin-x64)
Updates `@tailwindcss/oxide-freebsd-x64` from 4.2.4 to 4.3.0
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/crates/node/npm/freebsd-x64)
Updates `@tailwindcss/oxide-linux-arm-gnueabihf` from 4.2.4 to 4.3.0
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/crates/node/npm/linux-arm-gnueabihf)
Updates `@tailwindcss/oxide-linux-arm64-gnu` from 4.2.4 to 4.3.0
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/crates/node/npm/linux-arm64-gnu)
Updates `@tailwindcss/oxide-linux-arm64-musl` from 4.2.4 to 4.3.0
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/crates/node/npm/linux-arm64-musl)
Updates `@tailwindcss/oxide-linux-x64-gnu` from 4.2.4 to 4.3.0
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/crates/node/npm/linux-x64-gnu)
Updates `@tailwindcss/oxide-linux-x64-musl` from 4.2.4 to 4.3.0
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/crates/node/npm/linux-x64-musl)
Updates `@tailwindcss/oxide-wasm32-wasi` from 4.2.4 to 4.3.0
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/crates/node)
Updates `@tailwindcss/oxide-win32-arm64-msvc` from 4.2.4 to 4.3.0
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/crates/node/npm/win32-arm64-msvc)
Updates `@tailwindcss/oxide-win32-x64-msvc` from 4.2.4 to 4.3.0
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/crates/node/npm/win32-x64-msvc)
Updates `@tailwindcss/oxide` from 4.2.4 to 4.3.0
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/crates/node)
Updates `baseline-browser-mapping` from 2.10.27 to 2.10.29
- [Release notes](https://github.com/web-platform-dx/baseline-browser-mapping/releases)
- [Commits](https://github.com/web-platform-dx/baseline-browser-mapping/compare/v2.10.27...v2.10.29)
Updates `electron-to-chromium` from 1.5.352 to 1.5.353
- [Changelog](https://github.com/Kilian/electron-to-chromium/blob/main/CHANGELOG.md)
- [Commits](https://github.com/Kilian/electron-to-chromium/compare/v1.5.352...v1.5.353)
Updates `enhanced-resolve` from 5.21.1 to 5.21.2
- [Release notes](https://github.com/webpack/enhanced-resolve/releases)
- [Changelog](https://github.com/webpack/enhanced-resolve/blob/main/CHANGELOG.md)
- [Commits](https://github.com/webpack/enhanced-resolve/compare/v5.21.1...v5.21.2)
Updates `get-east-asian-width` from 1.5.0 to 1.6.0
- [Release notes](https://github.com/sindresorhus/get-east-asian-width/releases)
- [Commits](https://github.com/sindresorhus/get-east-asian-width/compare/v1.5.0...v1.6.0)
---
updated-dependencies:
- dependency-name: "@tailwindcss/node"
dependency-version: 4.3.0
dependency-type: indirect
update-type: version-update:semver-minor
dependency-group: frontend-minor-patch
- dependency-name: "@tailwindcss/oxide"
dependency-version: 4.3.0
dependency-type: indirect
update-type: version-update:semver-minor
dependency-group: frontend-minor-patch
- dependency-name: "@tailwindcss/oxide-android-arm64"
dependency-version: 4.3.0
dependency-type: indirect
update-type: version-update:semver-minor
dependency-group: frontend-minor-patch
- dependency-name: "@tailwindcss/oxide-darwin-arm64"
dependency-version: 4.3.0
dependency-type: indirect
update-type: version-update:semver-minor
dependency-group: frontend-minor-patch
- dependency-name: "@tailwindcss/oxide-darwin-x64"
dependency-version: 4.3.0
dependency-type: indirect
update-type: version-update:semver-minor
dependency-group: frontend-minor-patch
- dependency-name: "@tailwindcss/oxide-freebsd-x64"
dependency-version: 4.3.0
dependency-type: indirect
update-type: version-update:semver-minor
dependency-group: frontend-minor-patch
- dependency-name: "@tailwindcss/oxide-linux-arm-gnueabihf"
dependency-version: 4.3.0
dependency-type: indirect
update-type: version-update:semver-minor
dependency-group: frontend-minor-patch
- dependency-name: "@tailwindcss/oxide-linux-arm64-gnu"
dependency-version: 4.3.0
dependency-type: indirect
update-type: version-update:semver-minor
dependency-group: frontend-minor-patch
- dependency-name: "@tailwindcss/oxide-linux-arm64-musl"
dependency-version: 4.3.0
dependency-type: indirect
update-type: version-update:semver-minor
dependency-group: frontend-minor-patch
- dependency-name: "@tailwindcss/oxide-linux-x64-gnu"
dependency-version: 4.3.0
dependency-type: indirect
update-type: version-update:semver-minor
dependency-group: frontend-minor-patch
- dependency-name: "@tailwindcss/oxide-linux-x64-musl"
dependency-version: 4.3.0
dependency-type: indirect
update-type: version-update:semver-minor
dependency-group: frontend-minor-patch
- dependency-name: "@tailwindcss/oxide-wasm32-wasi"
dependency-version: 4.3.0
dependency-type: indirect
update-type: version-update:semver-minor
dependency-group: frontend-minor-patch
- dependency-name: "@tailwindcss/oxide-win32-arm64-msvc"
dependency-version: 4.3.0
dependency-type: indirect
update-type: version-update:semver-minor
dependency-group: frontend-minor-patch
- dependency-name: "@tailwindcss/oxide-win32-x64-msvc"
dependency-version: 4.3.0
dependency-type: indirect
update-type: version-update:semver-minor
dependency-group: frontend-minor-patch
- dependency-name: "@tailwindcss/vite"
dependency-version: 4.3.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: frontend-minor-patch
- dependency-name: baseline-browser-mapping
dependency-version: 2.10.29
dependency-type: indirect
update-type: version-update:semver-patch
dependency-group: frontend-minor-patch
- dependency-name: electron-to-chromium
dependency-version: 1.5.353
dependency-type: indirect
update-type: version-update:semver-patch
dependency-group: frontend-minor-patch
- dependency-name: enhanced-resolve
dependency-version: 5.21.2
dependency-type: indirect
update-type: version-update:semver-patch
dependency-group: frontend-minor-patch
- dependency-name: get-east-asian-width
dependency-version: 1.6.0
dependency-type: indirect
update-type: version-update:semver-minor
dependency-group: frontend-minor-patch
- dependency-name: tailwind-merge
dependency-version: 3.6.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: frontend-minor-patch
- dependency-name: tailwindcss
dependency-version: 4.3.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: frontend-minor-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Iko <6572003+iap@users.noreply.github.com>
* chore: update LICENSE copyright to Trade 2026 (#111)
* chore: update LICENSE copyright to Trade 2026
The project was scaffolded from an Optimism template but is original work.
Update copyright holder from Optimism to Trade and year to 2026.
* ci: remove path filter from CodeQL pull_request trigger
CodeQL is a required check for all PRs. With a path filter, PRs that
only touch files outside the filter (e.g. LICENSE, README) are blocked
indefinitely waiting for CodeQL results that never come.
Remove the pull_request path filter so CodeQL always runs on PRs.
Keep the push path filter to avoid unnecessary runs on branch pushes.
* chore: remove stale deploy-contracts step from mprocs.yaml (#112)
deploy:supersim and deploy:counter-incrementer:supersim are template
artifacts from the original Optimism scaffold. They no longer exist.
Remove the stale deploy-contracts proc.
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Update copyright holder from
Optimism(template artifact) toTradeand year to2026. The MARK Protocol codebase is original work.Summary by CodeRabbit