feat: automatically config enclave.config.yaml

[ctrlc03]

fix #1011

Summary by CodeRabbit

• New Features

  • Added three npm scripts to simplify contract deployment workflows.
  • Deployment now updates enclave YAML configuration automatically after contracts are deployed.

• Refactor

  • Removed an unused import to clean up code.

• Chores

  • Added YAML parsing support and corresponding dependency entries.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
crisp	Ready	Preview	Comment	Nov 15, 2025 3:09pm
enclave-docs	Ready	Preview	Comment	Nov 15, 2025 3:09pm

[coderabbitai]

Walkthrough

Adds an updateE3Config utility to read/modify enclave.config.yaml and wires it into the CRISP deploy flow to record deployed contract addresses; adds js-yaml dependency; removes an unused import; and introduces three npm deploy scripts in examples/CRISP/package.json.

Changes

Cohort / File(s)	Summary
CRISP npm scripts examples/CRISP/package.json	Added three npm scripts: deploy:contracts:full:mock, deploy:contracts:mock, and deploy:contracts that delegate to pnpm -C packages/crisp-contracts deploy commands.
CRISP deploy flow examples/CRISP/packages/crisp-contracts/deploy/deploy.ts, examples/CRISP/packages/crisp-contracts/deploy/crisp.ts	deploy.ts now imports updateE3Config, derives __dirname, captures active chain from hre.globalOptions.network, and calls updateE3Config(chain, pathToEnclaveConfig, contractMapping, rpcUrl?) after deployments. crisp.ts removed an unused execSync import.
Enclave config utilities & deps packages/enclave-contracts/scripts/utils.ts, packages/enclave-contracts/package.json	Added js-yaml dependency and @types/js-yaml devDep; added EnclaveConfig interface and exported updateE3Config(chainToConfig, pathToConfigFile, contractMapping, rpcUrl?) which reads enclave.config.yaml, ensures/creates the chain entry, fills contract addresses and deploy_block from artifacts, and writes the YAML back.
crisp-contracts package.json (no-op) examples/CRISP/packages/crisp-contracts/package.json	Temporary devDependency edits were added then removed in the diff; net effect: no dependency changes.

Sequence Diagram(s)

sequenceDiagram
    participant CLI as CRISP npm script
    participant DeployScript as crisp-contracts deploy.ts
    participant HRE as Hardhat (hre)
    participant Deployer as deployment tasks (crisp.ts & artifacts)
    participant Updater as updateE3Config
    participant YAML as enclave.config.yaml

    CLI->>DeployScript: invoke deploy (captures env)
    DeployScript->>HRE: read active network / hre.globalOptions.network
    DeployScript->>Deployer: run contract deployments
    Deployer-->>DeployScript: return deployed addresses & metadata

    rect rgb(235,245,255)
      Note over DeployScript,Updater: Config update phase (NEW)
      DeployScript->>Updater: call updateE3Config(chain, configPath, mapping, rpcUrl?)
      Updater->>YAML: read enclave.config.yaml
      Updater->>Updater: parse & find/create chain entry
      Updater->>Updater: populate contracts' address & deploy_block (from artifacts)
      Updater->>YAML: write updated YAML (no-wrap)
      YAML-->>Updater: persisted
    end

    Updater-->>DeployScript: return success / logs
    DeployScript-->>CLI: finish

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Pay extra attention to:
  • YAML parsing/serialization and safe handling of missing files in packages/enclave-contracts/scripts/utils.ts.
  • Correct resolution of paths/__dirname in examples/CRISP/packages/crisp-contracts/deploy/deploy.ts.
  • The mapping between deployed artifact names and enclave config keys passed into updateE3Config.

Possibly related PRs

• chore: allow mock input validator in CRISP #782 — related changes to CRISP deployment flow and contract address handling; likely overlaps with the mapping/update logic.
• chore: new crisp folder structure #895 — prior CRISP workspace/deploy script changes; related to the added example npm scripts and package layout.
• fix: contracts exports #732 — touches scripts/exports in enclave-contracts and may relate to introducing/consuming the utils export.

Poem

🐰 I hopped through builds beneath the moonlit logs,

I stitched each address into YAML bogs.
Blocks tucked in pockets, configs neat and prim,
A hop, a write, deploys all bright and trim. 🥕

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely describes the main feature added: automatic configuration of enclave.config.yaml during deployment.
Linked Issues check	✅ Passed	The PR implements the core requirement from issue #1011: automatically populating enclave.config.yaml during contract deployment via the updateE3Config function.
Out of Scope Changes check	✅ Passed	All changes are directly related to implementing automatic enclave.config.yaml configuration: deploy script integration, utility functions, and supporting dependencies.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/automatically-config-enclave-yml

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (3)

examples/CRISP/packages/crisp-contracts/deploy/deploy.ts (1)

39-41: Consider removing debug logging and adding error handling.

A few improvements for this section:

• The console.log on line 40 appears to be debug code
• The path computation using multiple ".." is fragile and depends on the execution context (as the comment notes)
• No error handling around the updateE3Config call

Consider this refactor:

-    // this expects you to run it from CRISP's root
-    console.log("path:", path.join(__dirname, "..", "..", "..", "enclave.config.yaml"));
-    updateE3Config(chain, path.join(__dirname, "..", "..", "..", "enclave.config.yaml"), contractMapping);
+    // Config path relative to CRISP root
+    const configPath = path.join(__dirname, "..", "..", "..", "enclave.config.yaml");
+    
+    try {
+        updateE3Config(chain, configPath, contractMapping);
+    } catch (error) {
+        console.error("Failed to update enclave.config.yaml:", error);
+        throw error;
+    }

packages/enclave-contracts/scripts/utils.ts (2)

177-178: Consider adding runtime validation for the loaded config.

The YAML is loaded and cast to EnclaveConfig without runtime validation. While this is acceptable for a trusted local config file, runtime validation could catch config format issues early.

Consider adding a validation function:

function validateEnclaveConfig(config: unknown): config is EnclaveConfig {
    const c = config as EnclaveConfig;
    return (
        c &&
        typeof c === 'object' &&
        Array.isArray(c.chains) &&
        c.chains.every(chain => 
            chain.name && 
            chain.rpc_url && 
            typeof chain.contracts === 'object'
        )
    );
}

// Then use it:
const config = yaml.load(fileContent);
if (!validateEnclaveConfig(config)) {
    throw new Error('Invalid enclave.config.yaml format');
}

---

222-230: Consider adding error handling for file write operations.

The file write operation (line 228) could fail due to permissions, disk space, or other I/O issues. While the deployment script may have broader error handling, adding specific error handling here would provide clearer diagnostics.

Consider wrapping the write operation:

-  fs.writeFileSync(pathToConfigFile, yamlStr, "utf8");
-  console.log("\n✓ enclave.config.yaml updated successfully!");
+  try {
+    fs.writeFileSync(pathToConfigFile, yamlStr, "utf8");
+    console.log("\n✓ enclave.config.yaml updated successfully!");
+  } catch (error) {
+    console.error(`Failed to write config file: ${error}`);
+    throw error;
+  }

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 059b50c and 9cd8d59.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (6)

• examples/CRISP/package.json (1 hunks)
• examples/CRISP/packages/crisp-contracts/deploy/crisp.ts (0 hunks)
• examples/CRISP/packages/crisp-contracts/deploy/deploy.ts (1 hunks)
• examples/CRISP/packages/crisp-contracts/package.json (1 hunks)
• packages/enclave-contracts/package.json (2 hunks)
• packages/enclave-contracts/scripts/utils.ts (3 hunks)

💤 Files with no reviewable changes (1)

• examples/CRISP/packages/crisp-contracts/deploy/crisp.ts

🧰 Additional context used

🧠 Learnings (5)

📓 Common learnings

Learnt from: cedoor
Repo: gnosisguild/enclave PR: 752
File: packages/enclave-contracts/contracts/Enclave.sol:15-17
Timestamp: 2025-09-19T11:16:53.825Z
Learning: The Enclave contract in the gnosisguild/enclave repository has not been deployed yet as of September 2025, so storage layout considerations for upgradeable contracts don't apply to current changes.

📚 Learning: 2025-11-05T14:12:57.814Z

Learnt from: ctrlc03
Repo: gnosisguild/enclave PR: 963
File: examples/CRISP/client/package.json:25-25
Timestamp: 2025-11-05T14:12:57.814Z
Learning: In the Enclave/CRISP codebase, `enclave-e3/sdk` and `crisp-e3/sdk` are different packages: `enclave-e3/sdk` is the general Enclave SDK, while `crisp-e3/sdk` is the CRISP-specific SDK. The CRISP client (`examples/CRISP/client`) intentionally depends on `enclave-e3/sdk`, not `crisp-e3/sdk`.

Applied to files:

• examples/CRISP/packages/crisp-contracts/deploy/deploy.ts
• examples/CRISP/packages/crisp-contracts/package.json

📚 Learning: 2025-09-19T11:16:53.825Z

Learnt from: cedoor
Repo: gnosisguild/enclave PR: 752
File: packages/enclave-contracts/contracts/Enclave.sol:15-17
Timestamp: 2025-09-19T11:16:53.825Z
Learning: The Enclave contract in the gnosisguild/enclave repository has not been deployed yet as of September 2025, so storage layout considerations for upgradeable contracts don't apply to current changes.

Applied to files:

• examples/CRISP/packages/crisp-contracts/deploy/deploy.ts
• packages/enclave-contracts/scripts/utils.ts

📚 Learning: 2025-09-11T13:09:03.800Z

Learnt from: ctrlc03
Repo: gnosisguild/enclave PR: 677
File: packages/enclave-contracts/scripts/deployAndSave/naiveRegistryFilter.ts:30-31
Timestamp: 2025-09-11T13:09:03.800Z
Learning: In Hardhat v3 deployment scripts, use `(await signer.provider?.getNetwork())?.name ?? "localhost"` instead of `hre.globalOptions.network` to reliably get the network name, as `hre.globalOptions.network` can be undefined in some contexts.

Applied to files:

• examples/CRISP/packages/crisp-contracts/deploy/deploy.ts

📚 Learning: 2025-08-25T10:28:56.174Z

Learnt from: ctrlc03
Repo: gnosisguild/enclave PR: 657
File: Cargo.toml:32-34
Timestamp: 2025-08-25T10:28:56.174Z
Learning: The examples/CRISP directory has its own Cargo.toml workspace configuration with members like "server", "wasm-crypto", "program/core", "program/client", etc. The root workspace intentionally excludes "examples/CRISP/server", "examples/CRISP/program", and "examples/CRISP/wasm-crypto" to prevent double workspace membership, which is the correct approach for self-contained example workspaces.

Applied to files:

• examples/CRISP/packages/crisp-contracts/package.json

🧬 Code graph analysis (1)

examples/CRISP/packages/crisp-contracts/deploy/deploy.ts (3)

packages/enclave-contracts/scripts/deployEnclave.ts (1)

• deployEnclave (22-208)

examples/CRISP/packages/crisp-contracts/deploy/crisp.ts (1)

• deployCRISPContracts (18-111)

packages/enclave-contracts/scripts/utils.ts (1)

• updateE3Config (171-230)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: integration_prebuild
• GitHub Check: build_sdk
• GitHub Check: test_net
• GitHub Check: test_contracts
• GitHub Check: build_enclave_cli
• GitHub Check: rust_unit
• GitHub Check: rust_integration

🔇 Additional comments (6)

examples/CRISP/package.json (1)

21-23: LGTM!

The new deployment scripts follow the existing pattern and provide clear options for different deployment scenarios (full with mocks, just mocks, and standard deployment).

examples/CRISP/packages/crisp-contracts/deploy/deploy.ts (1)

6-6: LGTM!

The new imports and constants are well-structured. The ES module pattern for deriving __dirname is correct, and the contractMapping provides a clear mapping between contract names and config keys.

Also applies to: 8-8, 10-11, 14-20, 23-24

packages/enclave-contracts/scripts/utils.ts (3)

30-48: LGTM!

The EnclaveConfig interface appropriately models the YAML structure. Using optional properties for contracts and unknown for irrelevant fields is a good approach.

---

184-203: Default RPC URL may require manual updates.

The function creates a new chain entry with a default RPC URL of ws://localhost:8545 when one isn't provided (line 197). While the warning on lines 190-192 alerts the user, this default may not be appropriate for non-local chains. This is acceptable for development but users should be aware they need to update it manually for testnet/mainnet deployments.

---

207-220: No action required—blockNumber is consistently captured.

Verification confirms that all deployment scripts (poseidonT3.ts, mockStableToken.ts, mockProgram.ts, etc.) properly obtain blockNumber via ethers.provider.getBlockNumber() before storing it. The fallback to 1 at line 214 serves as appropriate defensive programming for edge cases where deployment is not found or blockNumber is unexpectedly null, and is not a practical concern.

packages/enclave-contracts/package.json (1)

91-91: No action required—js-yaml dependencies are secure and up-to-date.

The specified versions are current: js-yaml@4.1.1 is the latest release, and all known vulnerabilities in js-yaml (Code Injection, Denial of Service, Deserialization Code Execution) affect only versions < 3.13.1 from 2019 or earlier. Version 4.1.1 is not affected.

[coderabbitai]

Actionable comments posted: 3

♻️ Duplicate comments (1)

packages/enclave-contracts/scripts/utils.ts (1)

165-170: Fix typo in JSDoc comment.

Line 166 contains a typo: "enclave" is misspelled in the function description.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9cd8d59 and b2785f2.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (6)

• examples/CRISP/package.json (1 hunks)
• examples/CRISP/packages/crisp-contracts/deploy/crisp.ts (0 hunks)
• examples/CRISP/packages/crisp-contracts/deploy/deploy.ts (1 hunks)
• examples/CRISP/packages/crisp-contracts/package.json (1 hunks)
• packages/enclave-contracts/package.json (2 hunks)
• packages/enclave-contracts/scripts/utils.ts (3 hunks)

💤 Files with no reviewable changes (1)

• examples/CRISP/packages/crisp-contracts/deploy/crisp.ts

🚧 Files skipped from review as they are similar to previous changes (2)

• examples/CRISP/packages/crisp-contracts/deploy/deploy.ts
• examples/CRISP/package.json

🧰 Additional context used

🧠 Learnings (4)

📓 Common learnings

Learnt from: ctrlc03
Repo: gnosisguild/enclave PR: 963
File: examples/CRISP/client/package.json:25-25
Timestamp: 2025-11-05T14:12:57.814Z
Learning: In the Enclave/CRISP codebase, `enclave-e3/sdk` and `crisp-e3/sdk` are different packages: `enclave-e3/sdk` is the general Enclave SDK, while `crisp-e3/sdk` is the CRISP-specific SDK. The CRISP client (`examples/CRISP/client`) intentionally depends on `enclave-e3/sdk`, not `crisp-e3/sdk`.

Learnt from: cedoor
Repo: gnosisguild/enclave PR: 752
File: packages/enclave-contracts/contracts/Enclave.sol:15-17
Timestamp: 2025-09-19T11:16:53.825Z
Learning: The Enclave contract in the gnosisguild/enclave repository has not been deployed yet as of September 2025, so storage layout considerations for upgradeable contracts don't apply to current changes.

📚 Learning: 2025-11-05T14:12:57.814Z

Learnt from: ctrlc03
Repo: gnosisguild/enclave PR: 963
File: examples/CRISP/client/package.json:25-25
Timestamp: 2025-11-05T14:12:57.814Z
Learning: In the Enclave/CRISP codebase, `enclave-e3/sdk` and `crisp-e3/sdk` are different packages: `enclave-e3/sdk` is the general Enclave SDK, while `crisp-e3/sdk` is the CRISP-specific SDK. The CRISP client (`examples/CRISP/client`) intentionally depends on `enclave-e3/sdk`, not `crisp-e3/sdk`.

Applied to files:

• examples/CRISP/packages/crisp-contracts/package.json

📚 Learning: 2025-08-25T10:28:56.174Z

Learnt from: ctrlc03
Repo: gnosisguild/enclave PR: 657
File: Cargo.toml:32-34
Timestamp: 2025-08-25T10:28:56.174Z
Learning: The examples/CRISP directory has its own Cargo.toml workspace configuration with members like "server", "wasm-crypto", "program/core", "program/client", etc. The root workspace intentionally excludes "examples/CRISP/server", "examples/CRISP/program", and "examples/CRISP/wasm-crypto" to prevent double workspace membership, which is the correct approach for self-contained example workspaces.

Applied to files:

• examples/CRISP/packages/crisp-contracts/package.json

📚 Learning: 2025-09-19T11:16:53.825Z

Learnt from: cedoor
Repo: gnosisguild/enclave PR: 752
File: packages/enclave-contracts/contracts/Enclave.sol:15-17
Timestamp: 2025-09-19T11:16:53.825Z
Learning: The Enclave contract in the gnosisguild/enclave repository has not been deployed yet as of September 2025, so storage layout considerations for upgradeable contracts don't apply to current changes.

Applied to files:

• packages/enclave-contracts/scripts/utils.ts

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)

• GitHub Check: test_net
• GitHub Check: build_e3_support_dev
• GitHub Check: build_sdk
• GitHub Check: integration_prebuild
• GitHub Check: build_enclave_cli
• GitHub Check: rust_unit
• GitHub Check: test_contracts
• GitHub Check: rust_integration

🔇 Additional comments (4)

packages/enclave-contracts/package.json (1)

91-91: LGTM! YAML dependencies correctly added.

The addition of js-yaml and its type definitions properly supports the new YAML configuration handling in scripts/utils.ts.

Also applies to: 177-177

packages/enclave-contracts/scripts/utils.ts (2)

7-7: LGTM! YAML import correctly added.

The import statement properly brings in the js-yaml library to support YAML parsing and serialization.

---

30-48: LGTM! Well-structured config interface.

The EnclaveConfig interface appropriately models the YAML structure with optional contract fields and proper typing. Using unknown for unused fields (program, nodes) is a pragmatic approach.

examples/CRISP/packages/crisp-contracts/package.json (1)

49-50: Both dependencies are actively imported and used—no action needed.

Verification confirms @crisp-e3/sdk and @crisp-e3/zk-inputs are imported in tests/crisp.contracts.test.ts:

• @crisp-e3/zk-inputs is used for ZKInputsGenerator
• @crisp-e3/sdk is used for encryptVoteAndGenerateCRISPInputs, generateProof, MESSAGE, generateMerkleProof, and hashLeaf

These are legitimate dependencies, not temporary or merge artifacts.

[cedoor]

utACK

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

examples/CRISP/packages/crisp-contracts/deploy/deploy.ts (1)

30-30: Handle potential undefined network value.

hre.globalOptions.network can be undefined in some contexts. This issue has been previously flagged - please apply the suggested fix from the existing review comment.

🧹 Nitpick comments (1)

examples/CRISP/packages/crisp-contracts/deploy/deploy.ts (1)

39-40: Consider more robust path resolution.

The relative path construction (.., .., ..) is fragile and relies on the script being executed from a specific location. If the undefined network issue on line 30 is fixed with a fallback, consider whether a default/fallback path might also be needed, or document the execution requirements more prominently.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b2785f2 and 22ecd36.

📒 Files selected for processing (1)

• examples/CRISP/packages/crisp-contracts/deploy/deploy.ts (1 hunks)

🧰 Additional context used

🧠 Learnings (4)

📚 Learning: 2025-09-11T13:09:03.800Z

Learnt from: ctrlc03
Repo: gnosisguild/enclave PR: 677
File: packages/enclave-contracts/scripts/deployAndSave/naiveRegistryFilter.ts:30-31
Timestamp: 2025-09-11T13:09:03.800Z
Learning: In Hardhat v3 deployment scripts, use `(await signer.provider?.getNetwork())?.name ?? "localhost"` instead of `hre.globalOptions.network` to reliably get the network name, as `hre.globalOptions.network` can be undefined in some contexts.

Applied to files:

• examples/CRISP/packages/crisp-contracts/deploy/deploy.ts

📚 Learning: 2025-09-11T13:09:03.800Z

Learnt from: ctrlc03
Repo: gnosisguild/enclave PR: 677
File: packages/enclave-contracts/scripts/deployAndSave/naiveRegistryFilter.ts:30-31
Timestamp: 2025-09-11T13:09:03.800Z
Learning: In Hardhat v3, hre.network.name is not available anymore. Use hre.globalOptions.network to get the network name instead.

Applied to files:

• examples/CRISP/packages/crisp-contracts/deploy/deploy.ts

📚 Learning: 2025-11-05T14:12:57.814Z

Learnt from: ctrlc03
Repo: gnosisguild/enclave PR: 963
File: examples/CRISP/client/package.json:25-25
Timestamp: 2025-11-05T14:12:57.814Z
Learning: In the Enclave/CRISP codebase, `enclave-e3/sdk` and `crisp-e3/sdk` are different packages: `enclave-e3/sdk` is the general Enclave SDK, while `crisp-e3/sdk` is the CRISP-specific SDK. The CRISP client (`examples/CRISP/client`) intentionally depends on `enclave-e3/sdk`, not `crisp-e3/sdk`.

Applied to files:

• examples/CRISP/packages/crisp-contracts/deploy/deploy.ts

📚 Learning: 2025-09-19T11:16:53.825Z

Learnt from: cedoor
Repo: gnosisguild/enclave PR: 752
File: packages/enclave-contracts/contracts/Enclave.sol:15-17
Timestamp: 2025-09-19T11:16:53.825Z
Learning: The Enclave contract in the gnosisguild/enclave repository has not been deployed yet as of September 2025, so storage layout considerations for upgradeable contracts don't apply to current changes.

Applied to files:

• examples/CRISP/packages/crisp-contracts/deploy/deploy.ts

🧬 Code graph analysis (1)

examples/CRISP/packages/crisp-contracts/deploy/deploy.ts (3)

packages/enclave-contracts/scripts/deployEnclave.ts (1)

• deployEnclave (22-208)

examples/CRISP/packages/crisp-contracts/deploy/crisp.ts (1)

• deployCRISPContracts (18-111)

packages/enclave-contracts/scripts/utils.ts (1)

• updateE3Config (171-230)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)

• GitHub Check: build_sdk
• GitHub Check: build_e3_support_dev
• GitHub Check: build_enclave_cli
• GitHub Check: integration_prebuild
• GitHub Check: test_net
• GitHub Check: test_contracts
• GitHub Check: rust_integration
• GitHub Check: rust_unit

🔇 Additional comments (3)

examples/CRISP/packages/crisp-contracts/deploy/deploy.ts (3)

6-11: LGTM!

The imports are appropriate for the new configuration update functionality.

---

22-24: LGTM!

The ES module path utilities are correctly implemented.

---

13-20: Contract names are correctly mapped to deployment storage.

Verification confirms that all contract names in the mapping match their corresponding deployment storage names:

• CRISPProgram → stored as "CRISPProgram" (crisp.ts:93)
• Enclave → stored as "Enclave" (enclave.ts:218)
• MockUSDC → stored as "MockUSDC" (mockStableToken.ts:68)
• CiphernodeRegistryOwnable → stored as "CiphernodeRegistryOwnable" (ciphernodeRegistryOwnable.ts:119, 215)
• BondingRegistry → stored as "BondingRegistry" (bondingRegistry.ts:147, 241)

The mapping values (e3_program, enclave, etc.) are config keys from the enclave configuration file, which are intentionally mapped for config reading—not storage names. No changes needed.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (2)

packages/enclave-contracts/scripts/utils.ts (1)

171-230: Harden updateE3Config against malformed config and weak defaults.

A few robustness issues here that are worth addressing:

• config.chains is assumed to exist and be an array; if the YAML is missing or has a different shape, config.chains.find(...) will throw. A defensive check with a clear error (or initializing config.chains = []) would make this much safer.
• configChain.contracts[configKey as keyof typeof configChain.contracts] relies on an unsafe cast; if a future caller passes an unknown configKey, you silently write an unexpected property. Using a narrowed ContractConfigKey type (as suggested above) plus a runtime guard (e.g. if (!(configKey in configChain.contracts)) { warn & continue; }) would avoid this.
• Defaulting deploy_block to 1 when deployment.blockNumber is missing can cause indexers to scan from genesis on non-local networks. At minimum, log a strong warning and consider either:
  • making blockNumber required in DeploymentArgs, or
  • treating a missing block as an error rather than silently using 1.

These changes would make the deployment flow fail fast on real misconfigurations instead of producing surprising config files.

examples/CRISP/packages/crisp-contracts/deploy/deploy.ts (1)

29-41: Guard against undefined Hardhat network and clarify config path assumption.

const chain = hre.globalOptions.network; can be undefined in Hardhat v3, which would then propagate into updateE3Config and your deployments (producing an "undefined" chain name in files). Based on learnings, it’s safer to add a fallback or derive the actual network name from the provider, e.g.:

const chain = hre.globalOptions.network ?? "localhost";
// or derive from provider if you need the real chain name

Also, the comment “this expects you to run it from CRISP's root” isn’t strictly accurate anymore: the enclave.config.yaml path is resolved relative to __dirname, so it will work regardless of the current working directory as long as the file lives at examples/CRISP/enclave.config.yaml.

Based on learnings.

🧹 Nitpick comments (2)

packages/enclave-contracts/scripts/utils.ts (1)

7-48: Tighten types for config keys to avoid silent mismatches.

EnclaveConfig’s contracts shape is clear, but contractMapping: Record<string, string> (used downstream) allows arbitrary strings that don’t have to match these keys. To prevent typos and reduce the need for unsafe casts later, consider extracting a dedicated key type and using it in both places, for example:

type ContractConfigKey =
  keyof EnclaveConfig["chains"][number]["contracts"];

const contractMapping: Record<string, ContractConfigKey> = {
  // ...
};

This keeps EnclaveConfig as the single source of truth for valid contract slots and removes a whole class of runtime misconfigurations.

examples/CRISP/packages/crisp-contracts/deploy/deploy.ts (1)

6-24: Align contractMapping type with EnclaveConfig contract keys.

contractMapping: Record<string, string> gives no compile-time guarantee that values match the valid keys in EnclaveConfig["chains"][number]["contracts"]. To catch typos like "bonding_regsitry", consider:

type ContractConfigKey =
  keyof EnclaveConfig["chains"][number]["contracts"]; // from the utils module

const contractMapping: Record<string, ContractConfigKey> = {
  CRISPProgram: "e3_program",
  Enclave: "enclave",
  CiphernodeRegistryOwnable: "ciphernode_registry",
  BondingRegistry: "bonding_registry",
  MockUSDC: "fee_token",
};

This keeps the mapping and config schema in sync at the type level.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 22ecd36 and 37e68ad.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (6)

• examples/CRISP/package.json (1 hunks)
• examples/CRISP/packages/crisp-contracts/deploy/crisp.ts (0 hunks)
• examples/CRISP/packages/crisp-contracts/deploy/deploy.ts (1 hunks)
• examples/CRISP/packages/crisp-contracts/package.json (1 hunks)
• packages/enclave-contracts/package.json (2 hunks)
• packages/enclave-contracts/scripts/utils.ts (3 hunks)

💤 Files with no reviewable changes (1)

• examples/CRISP/packages/crisp-contracts/deploy/crisp.ts

🚧 Files skipped from review as they are similar to previous changes (3)

• examples/CRISP/package.json
• examples/CRISP/packages/crisp-contracts/package.json
• packages/enclave-contracts/package.json

🧰 Additional context used

🧠 Learnings (7)

📚 Learning: 2025-09-11T13:02:56.353Z

Learnt from: ctrlc03
Repo: gnosisguild/enclave PR: 677
File: packages/enclave-contracts/scripts/deployAndSave/mockComputeProvider.ts:6-6
Timestamp: 2025-09-11T13:02:56.353Z
Learning: In Hardhat v3, the import path "hardhat/types/hre" may be valid for importing HardhatRuntimeEnvironment, unlike in Hardhat v2 where the standard path was "hardhat/types".

Applied to files:

• examples/CRISP/packages/crisp-contracts/deploy/deploy.ts

📚 Learning: 2025-09-11T13:02:56.353Z

Learnt from: ctrlc03
Repo: gnosisguild/enclave PR: 677
File: packages/enclave-contracts/scripts/deployAndSave/mockComputeProvider.ts:6-6
Timestamp: 2025-09-11T13:02:56.353Z
Learning: In Hardhat v3, the import path "hardhat/types/hre" is valid for importing HardhatRuntimeEnvironment, which is different from Hardhat v2 where "hardhat/types" was the standard path.

Applied to files:

• examples/CRISP/packages/crisp-contracts/deploy/deploy.ts

📚 Learning: 2025-09-11T13:02:56.353Z

Learnt from: ctrlc03
Repo: gnosisguild/enclave PR: 677
File: packages/enclave-contracts/scripts/deployAndSave/mockComputeProvider.ts:6-6
Timestamp: 2025-09-11T13:02:56.353Z
Learning: In Hardhat v3, the correct import path for HardhatRuntimeEnvironment is "hardhat/types/hre", not "hardhat/types" as it was in Hardhat v2. The import structure has changed between major versions.

Applied to files:

• examples/CRISP/packages/crisp-contracts/deploy/deploy.ts

📚 Learning: 2025-09-11T13:09:03.800Z

Learnt from: ctrlc03
Repo: gnosisguild/enclave PR: 677
File: packages/enclave-contracts/scripts/deployAndSave/naiveRegistryFilter.ts:30-31
Timestamp: 2025-09-11T13:09:03.800Z
Learning: In Hardhat v3 deployment scripts, use `(await signer.provider?.getNetwork())?.name ?? "localhost"` instead of `hre.globalOptions.network` to reliably get the network name, as `hre.globalOptions.network` can be undefined in some contexts.

Applied to files:

• examples/CRISP/packages/crisp-contracts/deploy/deploy.ts

📚 Learning: 2025-09-11T13:09:03.800Z

Learnt from: ctrlc03
Repo: gnosisguild/enclave PR: 677
File: packages/enclave-contracts/scripts/deployAndSave/naiveRegistryFilter.ts:30-31
Timestamp: 2025-09-11T13:09:03.800Z
Learning: In Hardhat v3, hre.network.name is not available anymore. Use hre.globalOptions.network to get the network name instead.

Applied to files:

• examples/CRISP/packages/crisp-contracts/deploy/deploy.ts

📚 Learning: 2025-11-05T14:12:57.814Z

Learnt from: ctrlc03
Repo: gnosisguild/enclave PR: 963
File: examples/CRISP/client/package.json:25-25
Timestamp: 2025-11-05T14:12:57.814Z
Learning: In the Enclave/CRISP codebase, `enclave-e3/sdk` and `crisp-e3/sdk` are different packages: `enclave-e3/sdk` is the general Enclave SDK, while `crisp-e3/sdk` is the CRISP-specific SDK. The CRISP client (`examples/CRISP/client`) intentionally depends on `enclave-e3/sdk`, not `crisp-e3/sdk`.

Applied to files:

• examples/CRISP/packages/crisp-contracts/deploy/deploy.ts

📚 Learning: 2025-09-19T11:16:53.825Z

Learnt from: cedoor
Repo: gnosisguild/enclave PR: 752
File: packages/enclave-contracts/contracts/Enclave.sol:15-17
Timestamp: 2025-09-19T11:16:53.825Z
Learning: The Enclave contract in the gnosisguild/enclave repository has not been deployed yet as of September 2025, so storage layout considerations for upgradeable contracts don't apply to current changes.

Applied to files:

• examples/CRISP/packages/crisp-contracts/deploy/deploy.ts
• packages/enclave-contracts/scripts/utils.ts

🧬 Code graph analysis (1)

examples/CRISP/packages/crisp-contracts/deploy/deploy.ts (3)

packages/enclave-contracts/scripts/deployEnclave.ts (1)

• deployEnclave (22-208)

examples/CRISP/packages/crisp-contracts/deploy/crisp.ts (1)

• deployCRISPContracts (18-111)

packages/enclave-contracts/scripts/utils.ts (1)

• updateE3Config (171-230)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)

• GitHub Check: rust_unit
• GitHub Check: rust_integration
• GitHub Check: integration_prebuild
• GitHub Check: build_e3_support_dev
• GitHub Check: test_net
• GitHub Check: build_sdk
• GitHub Check: build_enclave_cli
• GitHub Check: test_contracts

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

examples/CRISP/packages/crisp-contracts/deploy/deploy.ts (1)

30-30: Handle potential undefined network value.

hre.globalOptions.network can be undefined in some contexts. This was flagged in a previous review and needs to be addressed with a safe fallback.

Apply this diff to add a safe fallback:

-    const chain = hre.globalOptions.network;
+    const chain = hre.globalOptions.network ?? "localhost";

Based on learnings

🧹 Nitpick comments (1)

examples/CRISP/packages/crisp-contracts/deploy/deploy.ts (1)

39-40: Consider providing RPC URL for non-localhost deployments.

While the rpcUrl parameter is optional, omitting it means new chain entries will default to ws://localhost:8545, requiring manual configuration for non-localhost networks. Consider extracting the RPC URL from the network configuration when available.

You can obtain the RPC URL from the provider:

// Get RPC URL from network
const { ethers } = await hre.network.connect();
const [signer] = await ethers.getSigners();
const provider = signer.provider;
const networkUrl = provider?._getConnection()?.url;

// this expects you to run it from CRISP's root
updateE3Config(
    chain, 
    path.join(__dirname, "..", "..", "..", "enclave.config.yaml"), 
    contractMapping,
    networkUrl
);

Note: This improvement depends on fixing the undefined chain issue on line 30.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 37e68ad and c5be06e.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (6)

• examples/CRISP/package.json (1 hunks)
• examples/CRISP/packages/crisp-contracts/deploy/crisp.ts (0 hunks)
• examples/CRISP/packages/crisp-contracts/deploy/deploy.ts (1 hunks)
• examples/CRISP/packages/crisp-contracts/package.json (1 hunks)
• packages/enclave-contracts/package.json (2 hunks)
• packages/enclave-contracts/scripts/utils.ts (3 hunks)

💤 Files with no reviewable changes (1)

• examples/CRISP/packages/crisp-contracts/deploy/crisp.ts

✅ Files skipped from review due to trivial changes (1)

• examples/CRISP/packages/crisp-contracts/package.json

🚧 Files skipped from review as they are similar to previous changes (2)

• packages/enclave-contracts/package.json
• packages/enclave-contracts/scripts/utils.ts

🧰 Additional context used

🧠 Learnings (4)

📚 Learning: 2025-09-11T13:09:03.800Z

Learnt from: ctrlc03
Repo: gnosisguild/enclave PR: 677
File: packages/enclave-contracts/scripts/deployAndSave/naiveRegistryFilter.ts:30-31
Timestamp: 2025-09-11T13:09:03.800Z
Learning: In Hardhat v3 deployment scripts, use `(await signer.provider?.getNetwork())?.name ?? "localhost"` instead of `hre.globalOptions.network` to reliably get the network name, as `hre.globalOptions.network` can be undefined in some contexts.

Applied to files:

• examples/CRISP/packages/crisp-contracts/deploy/deploy.ts

📚 Learning: 2025-09-11T13:09:03.800Z

Learnt from: ctrlc03
Repo: gnosisguild/enclave PR: 677
File: packages/enclave-contracts/scripts/deployAndSave/naiveRegistryFilter.ts:30-31
Timestamp: 2025-09-11T13:09:03.800Z
Learning: In Hardhat v3, hre.network.name is not available anymore. Use hre.globalOptions.network to get the network name instead.

Applied to files:

• examples/CRISP/packages/crisp-contracts/deploy/deploy.ts

📚 Learning: 2025-11-05T14:12:57.814Z

Learnt from: ctrlc03
Repo: gnosisguild/enclave PR: 963
File: examples/CRISP/client/package.json:25-25
Timestamp: 2025-11-05T14:12:57.814Z
Learning: In the Enclave/CRISP codebase, `enclave-e3/sdk` and `crisp-e3/sdk` are different packages: `enclave-e3/sdk` is the general Enclave SDK, while `crisp-e3/sdk` is the CRISP-specific SDK. The CRISP client (`examples/CRISP/client`) intentionally depends on `enclave-e3/sdk`, not `crisp-e3/sdk`.

Applied to files:

• examples/CRISP/packages/crisp-contracts/deploy/deploy.ts

📚 Learning: 2025-09-19T11:16:53.825Z

Learnt from: cedoor
Repo: gnosisguild/enclave PR: 752
File: packages/enclave-contracts/contracts/Enclave.sol:15-17
Timestamp: 2025-09-19T11:16:53.825Z
Learning: The Enclave contract in the gnosisguild/enclave repository has not been deployed yet as of September 2025, so storage layout considerations for upgradeable contracts don't apply to current changes.

Applied to files:

• examples/CRISP/packages/crisp-contracts/deploy/deploy.ts

🧬 Code graph analysis (1)

examples/CRISP/packages/crisp-contracts/deploy/deploy.ts (3)

packages/enclave-contracts/scripts/deployEnclave.ts (1)

• deployEnclave (22-208)

examples/CRISP/packages/crisp-contracts/deploy/crisp.ts (1)

• deployCRISPContracts (18-111)

packages/enclave-contracts/scripts/utils.ts (1)

• updateE3Config (171-230)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)

• GitHub Check: build_e3_support_dev
• GitHub Check: build_sdk
• GitHub Check: build_enclave_cli
• GitHub Check: test_net
• GitHub Check: rust_integration
• GitHub Check: test_contracts
• GitHub Check: integration_prebuild
• GitHub Check: rust_unit

🔇 Additional comments (4)

examples/CRISP/package.json (1)

21-23: LGTM! Deployment scripts follow established patterns.

The new deployment scripts properly delegate to the crisp-contracts package and follow the existing naming conventions.

examples/CRISP/packages/crisp-contracts/deploy/deploy.ts (3)

6-11: LGTM! Imports are appropriate for ES module path handling.

The new imports correctly support the config update functionality and follow the standard ES module pattern for path resolution.

---

22-24: LGTM! Correct ES module __dirname pattern.

The use of fileURLToPath(import.meta.url) and path.dirname() is the standard approach for obtaining the directory path in ES modules.

---

14-20: Contract name mismatch: CRISPProgram vs MockE3Program.

The deployment stores the mock program contract under "MockE3Program" (see mockProgram.ts line 54), but the contractMapping at line 17 expects "CRISPProgram". This mismatch will cause updateE3Config to fail when looking up the CRISPProgram deployment.

Update line 16 to match the actual stored contract name:

CRISPProgram: "MockE3Program",

Or alternatively, update the deployment storage in mockProgram.ts to use "CRISPProgram" instead of "MockE3Program".

⛔ Skipped due to learnings

Learnt from: ctrlc03
Repo: gnosisguild/enclave PR: 996
File: examples/CRISP/packages/crisp-contracts/contracts/CRISPProgram.sol:144-169
Timestamp: 2025-11-12T10:08:30.720Z
Learning: In the CRISP program (examples/CRISP/packages/crisp-contracts/contracts/CRISPProgram.sol), there are plans to move the merkle tree from the Enclave contract to the program contract itself in the future, which would allow direct calls to validateInput to be stored in the merkle tree.

Learnt from: ryardley
Repo: gnosisguild/enclave PR: 173
File: packages/ciphernode/config/src/app_config.rs:13-21
Timestamp: 2024-11-05T06:48:58.177Z
Learning: In the `packages/ciphernode/config/src/app_config.rs` file, for the `Contract` enum, the team prefers to use `String` type for `address` fields, relying on parsing to handle validation, instead of using the `Address` type.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

packages/enclave-contracts/scripts/utils.ts (1)

177-230: Past review concerns remain unaddressed.

The following issues previously identified in this function are still present:

1. Missing error handling (lines 177-178, 228): File read/write and YAML parse operations lack try-catch blocks for failure scenarios
2. Unsafe type assertion (line 212): configKey as keyof typeof configChain.contracts could fail if contractMapping contains invalid keys
3. Problematic default deploy_block (line 214): Defaulting to block 1 when blockNumber is missing will cause indexers to scan from genesis, leading to severe performance issues on mainnets

Please address the error handling and type safety concerns raised in previous reviews.

🧹 Nitpick comments (1)

packages/enclave-contracts/scripts/utils.ts (1)

197-197: Consider the default RPC URL protocol.

The default RPC URL uses WebSocket (ws://localhost:8545). Verify this is intentional, as some deployments may expect HTTP RPC endpoints instead.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c5be06e and db4171f.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (6)

• examples/CRISP/package.json (1 hunks)
• examples/CRISP/packages/crisp-contracts/deploy/crisp.ts (0 hunks)
• examples/CRISP/packages/crisp-contracts/deploy/deploy.ts (1 hunks)
• examples/CRISP/packages/crisp-contracts/package.json (1 hunks)
• packages/enclave-contracts/package.json (2 hunks)
• packages/enclave-contracts/scripts/utils.ts (3 hunks)

💤 Files with no reviewable changes (1)

• examples/CRISP/packages/crisp-contracts/deploy/crisp.ts

🚧 Files skipped from review as they are similar to previous changes (3)

• examples/CRISP/packages/crisp-contracts/package.json
• examples/CRISP/packages/crisp-contracts/deploy/deploy.ts
• packages/enclave-contracts/package.json

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: cedoor
Repo: gnosisguild/enclave PR: 752
File: packages/enclave-contracts/contracts/Enclave.sol:15-17
Timestamp: 2025-09-19T11:16:53.825Z
Learning: The Enclave contract in the gnosisguild/enclave repository has not been deployed yet as of September 2025, so storage layout considerations for upgradeable contracts don't apply to current changes.

📚 Learning: 2025-09-19T11:16:53.825Z

Learnt from: cedoor
Repo: gnosisguild/enclave PR: 752
File: packages/enclave-contracts/contracts/Enclave.sol:15-17
Timestamp: 2025-09-19T11:16:53.825Z
Learning: The Enclave contract in the gnosisguild/enclave repository has not been deployed yet as of September 2025, so storage layout considerations for upgradeable contracts don't apply to current changes.

Applied to files:

• packages/enclave-contracts/scripts/utils.ts

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: build_enclave_cli
• GitHub Check: build_sdk
• GitHub Check: integration_prebuild
• GitHub Check: test_net
• GitHub Check: test_contracts
• GitHub Check: rust_integration
• GitHub Check: rust_unit

🔇 Additional comments (3)

examples/CRISP/package.json (1)

21-23: LGTM! Clean script delegation.

The new deployment scripts properly delegate to the crisp-contracts package using pnpm workspace commands.

packages/enclave-contracts/scripts/utils.ts (2)

30-48: LGTM! Well-structured config interface.

The EnclaveConfig interface correctly models the enclave.config.yaml structure with optional contract fields and typed chain configurations.

---

7-7: Dependencies properly installed.

The js-yaml package (v^4.1.1) and @types/js-yaml (v^4.0.9) are correctly declared in packages/enclave-contracts/package.json. The import statement is valid and compatible with the installed version.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (3)

packages/enclave-contracts/scripts/utils.ts (3)

177-230: Critical: Add comprehensive error handling for file operations and YAML parsing.

The function lacks error handling for multiple failure scenarios:

• File existence/read failures (line 177)
• YAML parse errors (line 178)
• Invalid config structure (line 182: accessing config.chains without validation)
• File write failures (line 228)

This issue was flagged in a previous review but remains unaddressed.

Wrap the operations in try-catch and validate the config structure:

 export const updateE3Config = (
   chainToConfig: string,
   pathToConfigFile: string,
   contractMapping: Record<string, string>,
   rpcUrl?: string,
 ): void => {
+  try {
+    if (!fs.existsSync(pathToConfigFile)) {
+      throw new Error(`Config file not found: ${pathToConfigFile}`);
+    }
+
     const fileContent = fs.readFileSync(pathToConfigFile, "utf8");
     const config = yaml.load(fileContent) as EnclaveConfig;
+
+    if (!config || typeof config !== 'object') {
+      throw new Error("Invalid config: expected an object");
+    }
+
+    if (!config.chains || !Array.isArray(config.chains)) {
+      throw new Error("Invalid config structure: missing or invalid 'chains' array");
+    }

   // Find the hardhat chain config
   // Find the chain config or create it
   let configChain = config.chains.find((chain) => chain.name === chainToConfig);
   
   // ... rest of function ...

     fs.writeFileSync(pathToConfigFile, yamlStr + "\n", "utf8");
     console.log("\n✓ enclave.config.yaml updated successfully!");
+  } catch (error) {
+    console.error("Failed to update enclave.config.yaml:", error);
+    throw error;
+  }
 };

---

212-212: Major: Unsafe type assertion may cause runtime errors.

The type assertion configKey as keyof typeof configChain.contracts is unsafe because contractMapping is typed as Record<string, string>, allowing any string key. If an invalid key is passed, this could lead to runtime type mismatches.

This issue was flagged in a previous review but remains unaddressed.

Add runtime validation before the assignment:

+  const validContractKeys = ['e3_program', 'enclave', 'ciphernode_registry', 'bonding_registry', 'fee_token'] as const;
+  type ValidContractKey = typeof validContractKeys[number];
+
   // Update contract addresses and deploy blocks
   for (const [contractName, configKey] of Object.entries(contractMapping)) {
     const deployment = readDeploymentArgs(contractName, chainToConfig);

     if (deployment) {
+      if (!validContractKeys.includes(configKey as ValidContractKey)) {
+        console.warn(`⚠️  Warning: Unknown config key "${configKey}" - skipping`);
+        continue;
+      }
+
-      configChain.contracts[configKey as keyof typeof configChain.contracts] = {
+      configChain.contracts[configKey as ValidContractKey] = {
         address: deployment.address,
         deploy_block: deployment.blockNumber ?? 1,
       };

---

214-214: Major: Default deploy_block of 1 will cause performance issues.

Using 1 as the fallback when blockNumber is missing could cause severe performance problems. Event listeners or indexers would scan from block 1 on mainnet, which could take hours or days.

This issue was flagged in a previous review but remains unaddressed.

Consider these alternatives:

1. Make blockNumber required in the deployment flow
2. Use the current block number as fallback
3. Throw an error if missing

At minimum, add a warning:

       configChain.contracts[configKey as keyof typeof configChain.contracts] = {
         address: deployment.address,
         deploy_block: deployment.blockNumber ?? 1,
       };
+      if (!deployment.blockNumber) {
+        console.warn(
+          `⚠️  Warning: No block number for ${configKey}, defaulting to 1. This may cause slow indexing.`
+        );
+      }
       console.log(
         `✓ Updated ${configKey}: ${deployment.address} (block ${deployment.blockNumber ?? 1})`,
       );

🧹 Nitpick comments (1)

packages/enclave-contracts/scripts/utils.ts (1)

30-48: Consider extracting the contract shape to reduce duplication.

The contract properties (e3_program, enclave, ciphernode_registry, etc.) all share the same structure with address and deploy_block. Consider extracting this into a reusable type.

+/**
+ * Common shape for contract entries in the config
+ */
+export interface ContractEntry {
+  address: string;
+  deploy_block: number;
+}
+
 /**
  * Defines the Enclave.config.yaml structure
  */
 export interface EnclaveConfig {
   chains: Array<{
     name: string;
     rpc_url: string;
     contracts: {
-      e3_program?: { address: string; deploy_block: number };
-      enclave?: { address: string; deploy_block: number };
-      ciphernode_registry?: { address: string; deploy_block: number };
-      bonding_registry?: { address: string; deploy_block: number };
-      fee_token?: { address: string; deploy_block: number };
+      e3_program?: ContractEntry;
+      enclave?: ContractEntry;
+      ciphernode_registry?: ContractEntry;
+      bonding_registry?: ContractEntry;
+      fee_token?: ContractEntry;
     };
   }>;
   // we don't care about the below fields
   program: unknown;
   nodes: unknown;
 }

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between db4171f and 27ab504.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (6)

• examples/CRISP/package.json (1 hunks)
• examples/CRISP/packages/crisp-contracts/deploy/crisp.ts (0 hunks)
• examples/CRISP/packages/crisp-contracts/deploy/deploy.ts (1 hunks)
• examples/CRISP/packages/crisp-contracts/package.json (1 hunks)
• packages/enclave-contracts/package.json (2 hunks)
• packages/enclave-contracts/scripts/utils.ts (3 hunks)

💤 Files with no reviewable changes (1)

• examples/CRISP/packages/crisp-contracts/deploy/crisp.ts

✅ Files skipped from review due to trivial changes (1)

• examples/CRISP/packages/crisp-contracts/package.json

🚧 Files skipped from review as they are similar to previous changes (2)

• examples/CRISP/package.json
• examples/CRISP/packages/crisp-contracts/deploy/deploy.ts

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: ctrlc03
Repo: gnosisguild/enclave PR: 963
File: examples/CRISP/client/package.json:25-25
Timestamp: 2025-11-05T14:12:57.814Z
Learning: In the Enclave/CRISP codebase, `enclave-e3/sdk` and `crisp-e3/sdk` are different packages: `enclave-e3/sdk` is the general Enclave SDK, while `crisp-e3/sdk` is the CRISP-specific SDK. The CRISP client (`examples/CRISP/client`) intentionally depends on `enclave-e3/sdk`, not `crisp-e3/sdk`.

📚 Learning: 2025-09-19T11:16:53.825Z

Learnt from: cedoor
Repo: gnosisguild/enclave PR: 752
File: packages/enclave-contracts/contracts/Enclave.sol:15-17
Timestamp: 2025-09-19T11:16:53.825Z
Learning: The Enclave contract in the gnosisguild/enclave repository has not been deployed yet as of September 2025, so storage layout considerations for upgradeable contracts don't apply to current changes.

Applied to files:

• packages/enclave-contracts/scripts/utils.ts

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)

• GitHub Check: build_sdk
• GitHub Check: test_contracts
• GitHub Check: integration_prebuild
• GitHub Check: test_net
• GitHub Check: build_e3_support_dev
• GitHub Check: build_enclave_cli
• GitHub Check: rust_integration
• GitHub Check: rust_unit

🔇 Additional comments (1)

packages/enclave-contracts/package.json (1)

91-91: No issues found—both dependencies are current and secure.

The latest version of @types/js-yaml is 4.0.9, which matches the package.json specification. The latest version of js-yaml is 4.1.1, which includes a security patch for prototype pollution published November 14, 2025 and is correctly specified in your package.json. All detected vulnerabilities are patched in version 4.1.1, and the type definitions have no known security vulnerabilities.