2026 03 12 solc

.github/workflows/check-shell.yml

@@ -39,4 +39,5 @@ jobs:
       - run: nix develop --command graph --version
       - run: nix develop --command goldsky --version
       - run: nix develop --command yq --version
+      - run: nix develop --command default-shell-test
       - run: nix develop .#tauri-shell --command tauri-shellhook-test

CLAUDE.md

@@ -42,7 +42,7 @@ All tasks are Nix packages run via `nix run`. From a consuming repo use `..#` (e
 ## Pinned Versions
 
 - Rust: 1.94.0 (with `wasm32-unknown-unknown` target)
-- Solidity: solc 0.8.19
+- Solidity: solc 0.8.25
 - Foundry: via foundry.nix
 - Graph CLI: 0.69.2
 - Goldsky CLI: 8.6.6

README.md

@@ -0,0 +1,65 @@
+# Rainix
+
+Nix flake providing development environments and build tasks for the [Rain Protocol](https://rainprotocol.xyz) ecosystem.
+
+Rainix is shared infrastructure consumed by other Rain repos — the actual project code lives in downstream consumers.
+
+## Usage
+
+Add Rainix as a flake input:
+
+```nix
+{
+  inputs.rainix.url = "github:rainlanguage/rainix";
+}
+```
+
+### Dev Shells
+
+Requires Nix with flakes enabled.
+
+```sh
+nix develop        # default shell (Solidity + Rust + Node + subgraph tools)
+nix develop .#tauri-shell  # Tauri desktop app development
+```
+
+The default shell auto-sources `.env` if present and runs `npm ci --ignore-scripts` if `package.json` exists.
+
+### Build Tasks
+
+All tasks are Nix packages run via `nix run`. From a consuming repo:
+
+#### Solidity
+- `nix run ..#rainix-sol-prelude` — forge install + build
+- `nix run ..#rainix-sol-test` — forge test
+- `nix run ..#rainix-sol-static` — slither + forge fmt check
+- `nix run ..#rainix-sol-legal` — REUSE/DCL-1.0 license compliance
+- `nix run ..#rainix-sol-artifacts` — deploy to testnet
+
+#### Rust
+- `nix run ..#rainix-rs-prelude` — environment prep (currently no-op)
+- `nix run ..#rainix-rs-test` — cargo test
+- `nix run ..#rainix-rs-static` — cargo fmt + clippy
+- `nix run ..#rainix-rs-artifacts` — cargo build --release
+
+### Reusable Outputs
+
+Downstream flakes can compose their own tasks and shells using:
+
+- `pkgs` — nixpkgs with all overlays applied
+- `rust-toolchain` — pinned Rust toolchain
+- `rust-build-inputs`, `sol-build-inputs`, `node-build-inputs` — dependency lists
+- `mkTask` — create Nix derivations wrapping shell scripts with dependencies on PATH
+- `network-list` — supported network names
+
+## Pinned Versions
+
+- Rust: 1.94.0
+- Solidity: solc 0.8.25
+- Foundry: via foundry.nix
+- Graph CLI: 0.69.2
+- Goldsky CLI: 8.6.6
+
+## License
+
+DecentraLicense 1.0 — enforced via `reuse lint`.

REUSE.toml

@@ -8,6 +8,7 @@ path = [
   ".gitmodules",
   "REUSE.toml",
   "CLAUDE.md",
+  "README.md",
   ".coderabbit.yaml",
   ".github/**/",
   ".vscode/**/",

audit/2026-03-12-01/triage.md

@@ -13,28 +13,28 @@ No LOW+ findings.
 ## Pass 2: Test Coverage
 | ID | Severity | Title | Status |
 |----|----------|-------|--------|
-| A01-1-p2 | LOW | No test for increment overflow behavior | PENDING |
-| A01-2-p2 | LOW | No test for consecutive increments | PENDING |
-| A02-1-p2 | LOW | No CI coverage for subgraph tasks | PENDING |
-| A02-2-p2 | LOW | Default dev shell not tested in check-shell.yml | PENDING |
+| A01-1-p2 | LOW | No test for increment overflow behavior | FIXED |
+| A01-2-p2 | LOW | No test for consecutive increments | DISMISSED |
+| A02-1-p2 | LOW | No CI coverage for subgraph tasks | DISMISSED |
+| A02-2-p2 | LOW | Default dev shell not tested in check-shell.yml | FIXED |
 
 ## Pass 3: Documentation
 | ID | Severity | Title | Status |
 |----|----------|-------|--------|
-| A01-1-p3 | LOW | No README.md exists | PENDING |
-| A01-2-p3 | LOW | No comments on exported reusable outputs in flake.nix | PENDING |
+| A01-1-p3 | LOW | No README.md exists | FIXED |
+| A01-2-p3 | LOW | No comments on exported reusable outputs in flake.nix | FIXED |
 
 ## Pass 4: Code Quality
 | ID | Severity | Title | Status |
 |----|----------|-------|--------|
-| A01-1-p4 | LOW | Pragma version mismatch between source and test | PENDING |
-| A02-1-p4 | LOW | Unused import: console2 | PENDING |
-| A03-1-p4 | LOW | Pragma version mismatch — Deploy.sol | PENDING |
-| A04-1-p4 | LOW | goldsky SHA256 identical for x86_64-darwin and aarch64-darwin | PENDING |
+| A01-1-p4 | LOW | Pragma version mismatch between source and test | FIXED |
+| A02-1-p4 | LOW | Unused import: console2 | FIXED |
+| A03-1-p4 | LOW | Pragma version mismatch — Deploy.sol | FIXED |
+| A04-1-p4 | LOW | goldsky SHA256 identical for x86_64-darwin and aarch64-darwin | DISMISSED |
 
 ## Pass 5: Correctness
 | ID | Severity | Title | Status |
 |----|----------|-------|--------|
-| A03-1-p5 | LOW | Deploy.run() broadcasts nothing | PENDING |
+| A03-1-p5 | LOW | Deploy.run() broadcasts nothing | FIXED |
 | A04-1-p5 | MEDIUM | rainix-rs-prelude is a no-op but CI runs it | DOCUMENTED |
-| A04-2-p5 | LOW | CLAUDE.md documents no-op but flake has no comment | PENDING |
+| A04-2-p5 | LOW | CLAUDE.md documents no-op but flake has no comment | FIXED |

flake.nix

@@ -49,7 +49,7 @@
           pkgs.git
           pkgs.foundry-bin
           pkgs.slither-analyzer
-          pkgs.solc_0_8_19
+          pkgs.solc_0_8_25
           pkgs.reuse
         ];
 
@@ -342,6 +342,14 @@
           fi
         '';
 
+        default-shell-test = mkTask {
+          name = "default-shell-test";
+          body = ''
+            bats test/bats/devshell/default/solc.test.bats
+          '';
+          additionalBuildInputs = [ pkgs.bats ];
+        };
+
         tauri-shellhook-test = mkTask {
           name = "tauri-shellhook-test";
           # only run this test for darwin
@@ -354,12 +362,16 @@
         };
 
       in {
+        # Reusable outputs for downstream Rain flakes to compose their own
+        # dev shells and build tasks.
         pkgs = pkgs;
         old-pkgs = old-pkgs;
         rust-toolchain = rust-toolchain;
         rust-build-inputs = rust-build-inputs;
         sol-build-inputs = sol-build-inputs;
         node-build-inputs = node-build-inputs;
+        # mkTask { name, body, additionalBuildInputs? } — creates a Nix
+        # derivation wrapping a shell script with its dependencies on PATH.
         mkTask = mkTask;
         network-list = network-list;
 
@@ -373,7 +385,7 @@
         devShells.default = pkgs.mkShell {
           buildInputs = sol-build-inputs ++ rust-build-inputs
             ++ node-build-inputs ++ rainix-tasks ++ subgraph-tasks
-            ++ [ the-graph goldsky pkgs.sqlite pkgs.yq-go ];
+            ++ [ the-graph goldsky pkgs.sqlite pkgs.yq-go default-shell-test ];
           shellHook = ''
             ${source-dotenv}
 

test/bats/devshell/default/solc.test.bats

@@ -0,0 +1,5 @@
+@test "solc-0.8.25 should be available on PATH" {
+  run solc-0.8.25 --version
+  [ "$status" -eq 0 ]
+  [[ "$output" == *"0.8.25"* ]]
+}

test/fixture/foundry.lock

@@ -0,0 +1,5 @@
+{
+  "lib/forge-std": {
+    "rev": "36c303b7ffdd842d06b1ec2744c9b9b5fb3083f3"
+  }
+}

test/fixture/script/Deploy.sol

@@ -1,13 +1,15 @@
 // SPDX-License-Identifier: LicenseRef-DCL-1.0
 // SPDX-FileCopyrightText: Copyright (c) 2020 thedavidmeister
-pragma solidity ^0.8.13;
+pragma solidity ^0.8.25;
 
 import {Script} from "forge-std/Script.sol";
+import {Counter} from "../src/Counter.sol";
 
 contract Deploy is Script {
     function setUp() public {}
 
     function run() public {
         vm.broadcast();
+        new Counter();
     }
 }

test/fixture/test/Counter.t.sol

@@ -1,8 +1,8 @@
 // SPDX-License-Identifier: LicenseRef-DCL-1.0
 // SPDX-FileCopyrightText: Copyright (c) 2020 thedavidmeister
-pragma solidity ^0.8.13;
+pragma solidity ^0.8.25;
 
-import {Test, console2} from "forge-std/Test.sol";
+import {Test} from "forge-std/Test.sol";
 import {Counter} from "../src/Counter.sol";
 
 contract CounterTest is Test {