fix: support crate contract path

[hmzakhalid]

Closes #1036

Summary by CodeRabbit

• Chores
  • Move generated artifacts into a dedicated enclave directory and set broad read/write permissions
  • Update container mounts and CI permissions to use the generated artifact locations
  • Include generated artifact directory in contract source discovery for builds
  • Increase short Git SHA length used in builds for clearer identification
• New Features
  • Deployment now dynamically reads image metadata from generated artifacts instead of a hard-coded constant

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
crisp	Ready	Preview	Comment	Nov 20, 2025 11:06pm
enclave-docs	Ready	Preview	Comment	Nov 20, 2025 11:06pm

[coderabbitai]

Walkthrough

Project now uses a generated enclave artifact directory (.enclave/generated/) for contracts and tests, updates container mounts and CI permissions to that path, extends Hardhat sources to include generated contracts, changes build git short-hash length, and makes IMAGE_ID dynamic by extracting it from the generated ImageID.sol file at runtime.

Changes

Cohort / File(s)	Summary
Container infra & CI crates/support-scripts/ctl/container, .github/workflows/ci.yml	Create .enclave/generated/{contracts,tests} and set permissions (chmod -R 777 .enclave/generated); update container volume mounts and CI chmod steps to use .enclave/generated/... paths (e.g., .enclave/generated/contracts:/app/contracts:rw).
Dev / build scripts crates/support/scripts/dev.sh, crates/support/scripts/build.sh	dev.sh: change Docker mounts from $(pwd)/contracts and $(pwd)/tests to $(pwd)/.enclave/generated/contracts and $(pwd)/.enclave/generated/tests. build.sh: derive GIT_SHA with git rev-parse --short=9 HEAD.
Hardhat config templates/default/hardhat.config.ts	Add paths.sources: ['./contracts','./.enclave/generated/contracts'] to HardhatUserConfig so generated contracts are included as sources.
Deployment code examples/CRISP/packages/crisp-contracts/deploy/crisp.ts	Replace hardcoded IMAGE_ID with runtime extraction: read .enclave/generated/contracts/ImageID.sol, regex-match the bytes32 PROGRAM_ID value, assign or throw if not found; use extracted IMAGE_ID in deploy/store logic.

Sequence Diagram(s)

sequenceDiagram
    participant Deployer as CRISP Deployer
    participant FS as FileSystem (.enclave/generated)
    participant Factory as crispFactory

    rect rgb(235,245,255)
    Note over Deployer,FS: New runtime IMAGE_ID extraction
    Deployer->>FS: read "ImageID.sol"
    alt ImageID found
        FS-->>Deployer: return bytes32 IMAGE_ID
        Deployer->>Factory: crispFactory.deploy(IMAGE_ID)
        Factory-->>Deployer: address / success
    else ImageID missing
        FS-->>Deployer: not found
        Deployer-->>Deployer: throw / abort deployment
    end
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Extra attention:
  • examples/CRISP/.../crisp.ts — validate regex, file-read path, and error handling.
  • crates/support-scripts/ctl/container & .github/workflows/ci.yml — confirm intentionality and risks of chmod -R 777.
  • Ensure all path references to .enclave/generated are consistent and don't leave old mounts/paths.

Possibly related PRs

• fix: contracts exports #732 — modifies scripts and contract script imports; overlaps with generated artifact handling and script paths.
• fix: risc0 dev mode env var #810 — updates ImageID.sol PROGRAM_ID and locations; directly affects runtime IMAGE_ID extraction used here.
• chore: new crisp folder structure #895 — touches CRISP packaging/deployment paths and may overlap with deployment/path changes in this PR.

Suggested reviewers

• cedoor

Poem

🐰
I hop through .enclave/generated with glee,
Contracts found where files now roam free,
IMAGE_ID plucked from text, not stone,
Volumes mounted, permissions known,
Deployments hum — a tidy rabbit's plea.

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix: support crate contract path' directly relates to the main changes: updating contract paths from hard-coded locations to generated directory paths (.enclave/generated/contracts).
Linked Issues check	✅ Passed	The PR addresses issue #1036 by fixing broken hard-coded contract paths through coordinated updates across build scripts, container setup, and configuration files to use .enclave/generated paths.
Out of Scope Changes check	✅ Passed	All changes are scoped to fixing contract path issues: build script modifications, volume mounts, Hardhat config updates, and CI workflow adjustments. One minor change updates git hash length in build.sh which is tangentially related but reasonable for the same build context.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/support-start

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5c15bcf and 54d48d3.

📒 Files selected for processing (1)

• .github/workflows/ci.yml (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/ci.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (10)

• GitHub Check: integration_prebuild
• GitHub Check: build_e3_support_dev
• GitHub Check: rust_integration
• GitHub Check: build_sdk
• GitHub Check: build_enclave_cli
• GitHub Check: test_net
• GitHub Check: test_contracts
• GitHub Check: crisp_rust_unit
• GitHub Check: rust_unit
• GitHub Check: Build & Push Image

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (2)

crates/support/scripts/dev.sh (1)

11-12: LGTM! Volume mounts correctly updated to generated artifact paths.

The volume mount changes align with the PR's migration to the .enclave/generated/ directory structure.

Optional: Quote all $(pwd) expansions for safety.

While not introduced by this PR, Shellcheck correctly identifies that all $(pwd) expansions throughout the file (lines 5-14) should be quoted to handle paths with spaces. Consider applying this improvement to the entire file:

-  -v $(pwd)/.enclave/generated/contracts:/app/contracts \
-  -v $(pwd)/.enclave/generated/tests:/app/tests \
+  -v "$(pwd)/.enclave/generated/contracts:/app/contracts" \
+  -v "$(pwd)/.enclave/generated/tests:/app/tests" \

And similarly for all other volume mounts.

examples/CRISP/packages/crisp-contracts/deploy/crisp.ts (1)

18-20: Enhance error message with actionable guidance.

The error message could be more helpful by indicating where the file should be located or how to generate it.

 if (!IMAGE_ID) {
-  throw new Error('IMAGE_ID not found')
+  throw new Error(
+    'IMAGE_ID not found in .enclave/generated/contracts/ImageID.sol. ' +
+    'Ensure the enclave build has completed and generated the ImageID.sol file.'
+  )
 }

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between dc83321 and fafd6a8.

⛔ Files ignored due to path filters (2)

• examples/CRISP/.enclave/generated/contracts/ImageID.sol is excluded by !**/generated/**
• templates/default/.enclave/generated/contracts/ImageID.sol is excluded by !**/generated/**

📒 Files selected for processing (5)

• crates/support-scripts/ctl/container (2 hunks)
• crates/support/scripts/build.sh (1 hunks)
• crates/support/scripts/dev.sh (1 hunks)
• examples/CRISP/packages/crisp-contracts/deploy/crisp.ts (1 hunks)
• templates/default/hardhat.config.ts (1 hunks)

🧰 Additional context used

🧠 Learnings (4)

📓 Common learnings

Learnt from: cedoor
Repo: gnosisguild/enclave PR: 752
File: packages/enclave-contracts/contracts/Enclave.sol:15-17
Timestamp: 2025-09-19T11:16:53.825Z
Learning: The Enclave contract in the gnosisguild/enclave repository has not been deployed yet as of September 2025, so storage layout considerations for upgradeable contracts don't apply to current changes.

📚 Learning: 2025-09-19T11:16:53.825Z

Learnt from: cedoor
Repo: gnosisguild/enclave PR: 752
File: packages/enclave-contracts/contracts/Enclave.sol:15-17
Timestamp: 2025-09-19T11:16:53.825Z
Learning: The Enclave contract in the gnosisguild/enclave repository has not been deployed yet as of September 2025, so storage layout considerations for upgradeable contracts don't apply to current changes.

Applied to files:

• crates/support-scripts/ctl/container
• examples/CRISP/packages/crisp-contracts/deploy/crisp.ts

📚 Learning: 2025-09-11T13:02:56.353Z

Learnt from: ctrlc03
Repo: gnosisguild/enclave PR: 677
File: packages/enclave-contracts/scripts/deployAndSave/mockComputeProvider.ts:6-6
Timestamp: 2025-09-11T13:02:56.353Z
Learning: In Hardhat v3, the import path "hardhat/types/hre" may be valid for importing HardhatRuntimeEnvironment, unlike in Hardhat v2 where the standard path was "hardhat/types".

Applied to files:

• templates/default/hardhat.config.ts

📚 Learning: 2025-09-11T13:02:56.353Z

Learnt from: ctrlc03
Repo: gnosisguild/enclave PR: 677
File: packages/enclave-contracts/scripts/deployAndSave/mockComputeProvider.ts:6-6
Timestamp: 2025-09-11T13:02:56.353Z
Learning: In Hardhat v3, the import path "hardhat/types/hre" is valid for importing HardhatRuntimeEnvironment, which is different from Hardhat v2 where "hardhat/types" was the standard path.

Applied to files:

• templates/default/hardhat.config.ts

🪛 Shellcheck (0.11.0)

crates/support/scripts/dev.sh

[warning] 11-11: Quote this to prevent word splitting.

(SC2046)

---

[warning] 12-12: Quote this to prevent word splitting.

(SC2046)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (9)

• GitHub Check: build_sdk
• GitHub Check: integration_prebuild
• GitHub Check: test_net
• GitHub Check: build_enclave_cli
• GitHub Check: rust_unit
• GitHub Check: test_contracts
• GitHub Check: rust_integration
• GitHub Check: crisp_rust_unit
• GitHub Check: Build & Push Image

🔇 Additional comments (4)

crates/support/scripts/build.sh (1)

3-3: LGTM! Fixed-length hash improves consistency.

Specifying --short=9 ensures a consistent 9-character hash across all environments, which is better than relying on git's default --short behavior that can vary.

templates/default/hardhat.config.ts (1)

78-80: LGTM! Correctly extends contract sources to include generated artifacts.

The paths configuration properly includes both user contracts and the generated artifacts directory, enabling Hardhat to discover and compile contracts from both locations.

crates/support-scripts/ctl/container (1)

59-59: LGTM! Volume mount correctly updated to generated contracts path.

The volume mount change aligns with the PR's migration to the .enclave/generated/ directory structure.

examples/CRISP/packages/crisp-contracts/deploy/crisp.ts (1)

70-70: LGTM! Dynamic IMAGE_ID extraction improves maintainability.

Using the dynamically extracted IMAGE_ID eliminates the need for manual updates and reduces the risk of using stale or incorrect values.

[cedoor]

nice utACK 👍🏽

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fafd6a8 and 5c15bcf.

📒 Files selected for processing (1)

• .github/workflows/ci.yml (1 hunks)

🧰 Additional context used

🧠 Learnings (1)

📓 Common learnings

Learnt from: 0xjei
Repo: gnosisguild/enclave PR: 830
File: templates/default/README.md:123-128
Timestamp: 2025-10-10T12:56:40.538Z
Learning: In the Enclave repository, the hard-coded Hardhat development private key `0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80` is acceptable in template README files and documentation for local testing/interaction purposes.

Learnt from: cedoor
Repo: gnosisguild/enclave PR: 752
File: packages/enclave-contracts/contracts/Enclave.sol:15-17
Timestamp: 2025-09-19T11:16:53.825Z
Learning: The Enclave contract in the gnosisguild/enclave repository has not been deployed yet as of September 2025, so storage layout considerations for upgradeable contracts don't apply to current changes.

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (10)

• GitHub Check: build_e3_support_dev
• GitHub Check: build_enclave_cli
• GitHub Check: integration_prebuild
• GitHub Check: test_net
• GitHub Check: build_sdk
• GitHub Check: rust_unit
• GitHub Check: test_contracts
• GitHub Check: rust_integration
• GitHub Check: crisp_rust_unit
• GitHub Check: Build & Push Image