chore(release): bump version to 0.1.6 [skip-line-limit]

[hmzakhalid]

Summary by CodeRabbit

• New Features

  • Added HonkVerifier and CRISPProgram deployments.
  • Publish flow formats repository before commit and supports --no-verify.
  • CI init now runs in verbose mode.

• Bug Fixes / Behavior

  • CRISP verification uses intended Merkle-tree depth.
  • Ciphernode build uses upstream v0.1.6.

• Chores

  • Bumped workspace/packages to 0.1.6 and added repository metadata.
  • Updated deployed contract records, proxy/address mappings, and changelog entries.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
crisp	Ready	Preview	Comment	Dec 10, 2025 4:05pm
enclave-docs	Ready	Preview	Comment	Dec 10, 2025 4:05pm

[coderabbitai]

Walkthrough

Version bumps to 0.1.6 across manifests; deployed contract manifests updated with new addresses, proxyRecords and added mock/CRISP contracts; minor build/script tweaks (docker-compose upstream version, prettier pre-commit step, publish no-verify); one contract artifact buildInfoId changed and CRISPProgram verify call adjusted.

Changes

Cohort / File(s)	Summary
Version bumps & package metadata Cargo.toml, package.json, crates/wasm/package.json, packages/enclave-config/package.json, packages/enclave-contracts/package.json, packages/enclave-react/package.json, packages/enclave-sdk/package.json	Workspace/package and individual package versions updated from 0.1.5 → 0.1.6; repository fields added to several package.json files; workspace dependency versions in Cargo.toml bumped to 0.1.6.
Deployment records examples/CRISP/packages/crisp-contracts/deployed_contracts.json, packages/enclave-contracts/deployed_contracts.json	Many deployed contract entries updated with new block numbers/addresses; added/updated proxyRecords (initData, proxyAddress, proxyAdminAddress, implementationAddress); renamed/refactored entries (e.g., EnclaveToken → Enclave); new contracts added (HonkVerifier, CRISPProgram, CiphernodeRegistryOwnable, MockComputeProvider, MockDecryptionVerifier, MockE3Program, MockRISC0Verifier); token/registry references realigned.
Docker / Build args dappnode/docker-compose.yml	UPSTREAM_VERSION build arg for ciphernode updated from 0.1.5 → 0.1.6.
Build artifact metadata packages/enclave-contracts/artifacts/contracts/interfaces/ICiphernodeRegistry.sol/ICiphernodeRegistry.json	buildInfoId updated (compiler build metadata changed); no ABI/source changes.
Changelog CHANGELOG.md	Added 0.1.6 release entries (duplicated 0.1.6 sections across multiple dates).
Script updates examples/CRISP/scripts/publish.ts, scripts/bump-versions.ts	PublishOptions gains optional noVerify?: boolean; added repo-root pnpm prettier --write . step before git operations (non-fatal on failure); commit can include --no-verify and is run from CRISP package dir; commit message simplified.
Smart contract logic examples/CRISP/packages/crisp-contracts/contracts/CRISPProgram.sol	In verify, inputRoot now computed via _root(TREE_DEPTH) instead of _root(), changing Merkle root derivation.
CI workflow .github/workflows/ci.yml, .github/workflows/releases.yml, .github/scripts/prepareForNpmPublishing.ts	CI enclave init call now includes --verbose; release workflow adds pnpm prepare-publish step; new prepare-publish script updates workspace: deps to actual versions before npm publish.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Areas needing extra attention:
  • deployed_contracts.json — verify proxyRecords.initData encodings and cross-file consistency.
  • examples/CRISP/packages/crisp-contracts/contracts/CRISPProgram.sol — confirm _root(TREE_DEPTH) semantics and related tests.
  • .github/scripts/prepareForNpmPublishing.ts and scripts/bump-versions.ts — ensure replacement logic and prettier step align with publishing CI expectations.
  • CHANGELOG.md — deduplicate repeated 0.1.6 entries.

Possibly related PRs

• chore: verify proxy and implementation contracts #1005 — related deployed manifest and proxyRecords updates including CiphernodeRegistryOwnable changes.
• Enclave contracts deployment Sepolia #400 — overlaps on Sepolia contract deployment updates and mock/CRISP contract additions.
• chore: add script to bump versions and release workflows #764 — related release/versioning tooling and workspace/package version bump changes.

Suggested labels

sdk

Suggested reviewers

• cedoor

"I hopped from five to six with cheer,
Prettier brushed the tree so dear,
Proxies rattled, mocks took stage,
Honk and CRISP now join the page,
A rabbit cheers — release is here! 🐇"

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the primary objective of the pull request: a version bump from 0.1.5 to 0.1.6 across the entire codebase.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/release-v.0.1.6

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

CHANGELOG.md (1)

108-108: Apply compound adjective hyphenation.

Line 108 contains "production ready sets" which should use a hyphen as a compound modifier before the noun.

- add production ready sets for trbfv and bfv
+ add production-ready sets for trbfv and bfv

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4af29b0 and 12a748a.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (14)

• CHANGELOG.md (1 hunks)
• Cargo.toml (1 hunks)
• crates/wasm/package.json (1 hunks)
• dappnode/docker-compose.yml (1 hunks)
• examples/CRISP/packages/crisp-contracts/deployed_contracts.json (2 hunks)
• package.json (1 hunks)
• packages/enclave-config/package.json (1 hunks)
• packages/enclave-contracts/artifacts/contracts/interfaces/IBondingRegistry.sol/IBondingRegistry.json (1 hunks)
• packages/enclave-contracts/artifacts/contracts/interfaces/ICiphernodeRegistry.sol/ICiphernodeRegistry.json (1 hunks)
• packages/enclave-contracts/artifacts/contracts/interfaces/IEnclave.sol/IEnclave.json (1 hunks)
• packages/enclave-contracts/deployed_contracts.json (2 hunks)
• packages/enclave-contracts/package.json (1 hunks)
• packages/enclave-react/package.json (1 hunks)
• packages/enclave-sdk/package.json (1 hunks)

🧰 Additional context used

🧠 Learnings (5)

📚 Learning: 2025-11-05T14:12:57.814Z

Learnt from: ctrlc03
Repo: gnosisguild/enclave PR: 963
File: examples/CRISP/client/package.json:25-25
Timestamp: 2025-11-05T14:12:57.814Z
Learning: In the Enclave/CRISP codebase, `enclave-e3/sdk` and `crisp-e3/sdk` are different packages: `enclave-e3/sdk` is the general Enclave SDK, while `crisp-e3/sdk` is the CRISP-specific SDK. The CRISP client (`examples/CRISP/client`) intentionally depends on `enclave-e3/sdk`, not `crisp-e3/sdk`.

Applied to files:

• packages/enclave-react/package.json
• packages/enclave-sdk/package.json
• package.json
• Cargo.toml

📚 Learning: 2025-09-19T11:16:53.825Z

Learnt from: cedoor
Repo: gnosisguild/enclave PR: 752
File: packages/enclave-contracts/contracts/Enclave.sol:15-17
Timestamp: 2025-09-19T11:16:53.825Z
Learning: The Enclave contract in the gnosisguild/enclave repository has not been deployed yet as of September 2025, so storage layout considerations for upgradeable contracts don't apply to current changes.

Applied to files:

• packages/enclave-contracts/artifacts/contracts/interfaces/IEnclave.sol/IEnclave.json
• CHANGELOG.md
• packages/enclave-contracts/package.json
• packages/enclave-contracts/deployed_contracts.json
• examples/CRISP/packages/crisp-contracts/deployed_contracts.json

📚 Learning: 2025-08-25T10:28:56.174Z

Learnt from: ctrlc03
Repo: gnosisguild/enclave PR: 657
File: Cargo.toml:32-34
Timestamp: 2025-08-25T10:28:56.174Z
Learning: The examples/CRISP directory has its own Cargo.toml workspace configuration with members like "server", "wasm-crypto", "program/core", "program/client", etc. The root workspace intentionally excludes "examples/CRISP/server", "examples/CRISP/program", and "examples/CRISP/wasm-crypto" to prevent double workspace membership, which is the correct approach for self-contained example workspaces.

Applied to files:

• Cargo.toml

📚 Learning: 2024-10-22T02:36:01.448Z

Learnt from: ryardley
Repo: gnosisguild/enclave PR: 145
File: packages/ciphernode/data/Cargo.toml:0-0
Timestamp: 2024-10-22T02:36:01.448Z
Learning: In `packages/ciphernode/data/Cargo.toml`, `actix-rt` is only used in tests and should remain in `[dev-dependencies]`.

Applied to files:

• Cargo.toml

📚 Learning: 2025-11-12T10:08:30.720Z

Learnt from: ctrlc03
Repo: gnosisguild/enclave PR: 996
File: examples/CRISP/packages/crisp-contracts/contracts/CRISPProgram.sol:144-169
Timestamp: 2025-11-12T10:08:30.720Z
Learning: In the CRISP program (examples/CRISP/packages/crisp-contracts/contracts/CRISPProgram.sol), there are plans to move the merkle tree from the Enclave contract to the program contract itself in the future, which would allow direct calls to validateInput to be stored in the merkle tree.

Applied to files:

• CHANGELOG.md
• examples/CRISP/packages/crisp-contracts/deployed_contracts.json

🪛 Gitleaks (8.30.0)

packages/enclave-contracts/deployed_contracts.json

[high] 23-23: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

[high] 41-41: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

[high] 42-42: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

[high] 81-81: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

examples/CRISP/packages/crisp-contracts/deployed_contracts.json

[high] 23-23: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

[high] 41-41: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

[high] 42-42: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

[high] 81-81: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🪛 LanguageTool

CHANGELOG.md

[uncategorized] ~108-~108: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...a375cdd3e35058eb7bc93ae3df3a2e7)) - add production ready sets for trbfv and bfv ([#942](https:...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: rust_integration
• GitHub Check: build_ciphernode_image
• GitHub Check: integration_prebuild
• GitHub Check: rust_unit
• GitHub Check: build_enclave_cli

🔇 Additional comments (15)

packages/enclave-contracts/artifacts/contracts/interfaces/IBondingRegistry.sol/IBondingRegistry.json (1)

854-854: Auto-generated artifact update; no interface changes.

The buildInfoId reflects a recompilation of the contract during the version bump. The ABI and all interface definitions remain identical—no breaking changes to the contract interface.

packages/enclave-contracts/artifacts/contracts/interfaces/IEnclave.sol/IEnclave.json (1)

927-927: Auto-generated artifact update; no interface changes.

The buildInfoId reflects a recompilation during the version bump. All event definitions, functions, and ABI structure remain unchanged—no breaking changes to the contract interface.

packages/enclave-contracts/artifacts/contracts/interfaces/ICiphernodeRegistry.sol/ICiphernodeRegistry.json (1)

538-538: Auto-generated artifact update; no interface changes.

The buildInfoId reflects a recompilation during the version bump. All event definitions, functions, and ABI structure remain unchanged—no breaking changes to the contract interface.

examples/CRISP/packages/crisp-contracts/deployed_contracts.json (1)

1-125: Address cross-references are consistent and configuration structure looks sound.

I've verified that all inter-contract address references are correctly updated:

• BondingRegistry (lines 41-42): Token references updated to point to new EnclaveTicketToken and EnclaveToken addresses ✓
• Enclave (lines 79-81): Registry/bonding references and feeToken all point to correct updated addresses ✓
• CRISPProgram (lines 118-120): Constructor args reference the correct Enclave proxy, MockRISC0Verifier, and HonkVerifier addresses ✓

Block numbers follow a logical progression within a single deployment batch (9761309–9761359), and all proxy configurations have been properly enriched with explicit proxyAddress, proxyAdminAddress, and implementationAddress fields.

The new HonkVerifier and CRISPProgram entries (lines 112–123) follow the expected patterns and include appropriate constructor arguments.

Note on static analysis warnings: Gitleaks flagged "Generic API Key" at lines 23, 41, 42, and 81. These are false positives—the flagged strings are Ethereum addresses and hex-encoded function calls, which is expected noise when scanning blockchain configuration files.

packages/enclave-contracts/package.json (1)

4-4: Version bump is consistent with workspace release.

Clean version increment from 0.1.5 to 0.1.6 across this package manifest.

packages/enclave-config/package.json (1)

3-3: Version bump is consistent with workspace release.

Clean version increment from 0.1.5 to 0.1.6 across this configuration package.

crates/wasm/package.json (1)

3-3: Version bump is consistent with workspace release.

Clean version increment from 0.1.5 to 0.1.6. Build tooling dependencies remain stable.

packages/enclave-react/package.json (1)

3-3: Version bump is consistent with workspace release.

Clean version increment from 0.1.5 to 0.1.6 across this React package.

package.json (1)

4-4: Version bump is consistent with workspace release.

Clean version increment from 0.1.5 to 0.1.6 at the workspace root.

dappnode/docker-compose.yml (1)

7-7: Upstream version is correctly aligned with release.

Build argument updated from 0.1.5 to 0.1.6, properly scoped within the ciphernode service build context.

packages/enclave-sdk/package.json (1)

3-3: Version bump is consistent with workspace release.

Clean version increment from 0.1.5 to 0.1.6 across the SDK package. Core dependencies remain stable.

Cargo.toml (1)

58-93: Workspace version and all internal crate dependencies are consistently updated.

Version incremented from 0.1.5 to 0.1.6 in workspace.package and all 29 workspace.dependencies. External third-party dependencies remain properly pinned. Coordinated and comprehensive.

CHANGELOG.md (1)

1-1: Verify the version comparison range in the CHANGELOG header.

Line 1 shows the version tag comparison as v0.1.2...v0.1.6, but the previous release (v0.1.5) was on 2025-10-13 (line 214). For a minor/patch release, the comparison should typically be v0.1.5...v0.1.6 to show only incremental changes since the last release. The current range may inadvertently include older commits.

Is the v0.1.2 base intentional, or should this be updated to v0.1.5...v0.1.6?

packages/enclave-contracts/deployed_contracts.json (2)

23-23: Gitleaks alerts are false positives; no security concern.

The Gitleaks scanner flagged Ethereum contract addresses (lines 23, 41, 42, 81) as "Generic API Keys." These are public contract addresses on the sepolia testnet, not sensitive credentials. Ethereum addresses are publicly visible on-chain and pose no security risk in this context.

Also applies to: 41-42, 81-81

---

60-96: Deployment artifact updates are consistent with version bump.

The additions and restructuring of deployment records—including new mock contracts (CiphernodeRegistryOwnable, Enclave, MockComputeProvider, MockDecryptionVerifier, MockE3Program, MockRISC0Verifier, HonkVerifier, CRISPProgram)—align well with the CHANGELOG entries for v0.1.6. ProxyRecords and initialization data are properly structured for transparent proxy deployments.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between aa10051 and 87494c6.

⛔ Files ignored due to path filters (2)

• Cargo.lock is excluded by !**/*.lock
• templates/default/Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (14)

• CHANGELOG.md (1 hunks)
• Cargo.toml (1 hunks)
• crates/wasm/package.json (1 hunks)
• dappnode/docker-compose.yml (1 hunks)
• examples/CRISP/packages/crisp-contracts/deployed_contracts.json (2 hunks)
• examples/CRISP/scripts/publish.ts (4 hunks)
• package.json (1 hunks)
• packages/enclave-config/package.json (1 hunks)
• packages/enclave-contracts/artifacts/contracts/interfaces/ICiphernodeRegistry.sol/ICiphernodeRegistry.json (1 hunks)
• packages/enclave-contracts/deployed_contracts.json (2 hunks)
• packages/enclave-contracts/package.json (1 hunks)
• packages/enclave-react/package.json (1 hunks)
• packages/enclave-sdk/package.json (1 hunks)
• scripts/bump-versions.ts (1 hunks)

✅ Files skipped from review due to trivial changes (2)

• crates/wasm/package.json
• packages/enclave-config/package.json

🚧 Files skipped from review as they are similar to previous changes (7)

• package.json
• packages/enclave-contracts/artifacts/contracts/interfaces/ICiphernodeRegistry.sol/ICiphernodeRegistry.json
• dappnode/docker-compose.yml
• packages/enclave-contracts/package.json
• packages/enclave-sdk/package.json
• examples/CRISP/scripts/publish.ts
• packages/enclave-react/package.json

🧰 Additional context used

🧠 Learnings (5)

📚 Learning: 2025-08-25T10:28:56.174Z

Learnt from: ctrlc03
Repo: gnosisguild/enclave PR: 657
File: Cargo.toml:32-34
Timestamp: 2025-08-25T10:28:56.174Z
Learning: The examples/CRISP directory has its own Cargo.toml workspace configuration with members like "server", "wasm-crypto", "program/core", "program/client", etc. The root workspace intentionally excludes "examples/CRISP/server", "examples/CRISP/program", and "examples/CRISP/wasm-crypto" to prevent double workspace membership, which is the correct approach for self-contained example workspaces.

Applied to files:

• Cargo.toml

📚 Learning: 2024-10-22T02:36:01.448Z

Learnt from: ryardley
Repo: gnosisguild/enclave PR: 145
File: packages/ciphernode/data/Cargo.toml:0-0
Timestamp: 2024-10-22T02:36:01.448Z
Learning: In `packages/ciphernode/data/Cargo.toml`, `actix-rt` is only used in tests and should remain in `[dev-dependencies]`.

Applied to files:

• Cargo.toml

📚 Learning: 2025-11-05T14:12:57.814Z

Learnt from: ctrlc03
Repo: gnosisguild/enclave PR: 963
File: examples/CRISP/client/package.json:25-25
Timestamp: 2025-11-05T14:12:57.814Z
Learning: In the Enclave/CRISP codebase, `enclave-e3/sdk` and `crisp-e3/sdk` are different packages: `enclave-e3/sdk` is the general Enclave SDK, while `crisp-e3/sdk` is the CRISP-specific SDK. The CRISP client (`examples/CRISP/client`) intentionally depends on `enclave-e3/sdk`, not `crisp-e3/sdk`.

Applied to files:

• Cargo.toml

📚 Learning: 2025-09-19T11:16:53.825Z

Learnt from: cedoor
Repo: gnosisguild/enclave PR: 752
File: packages/enclave-contracts/contracts/Enclave.sol:15-17
Timestamp: 2025-09-19T11:16:53.825Z
Learning: The Enclave contract in the gnosisguild/enclave repository has not been deployed yet as of September 2025, so storage layout considerations for upgradeable contracts don't apply to current changes.

Applied to files:

• CHANGELOG.md
• packages/enclave-contracts/deployed_contracts.json
• examples/CRISP/packages/crisp-contracts/deployed_contracts.json

📚 Learning: 2025-11-12T10:08:30.720Z

Learnt from: ctrlc03
Repo: gnosisguild/enclave PR: 996
File: examples/CRISP/packages/crisp-contracts/contracts/CRISPProgram.sol:144-169
Timestamp: 2025-11-12T10:08:30.720Z
Learning: In the CRISP program (examples/CRISP/packages/crisp-contracts/contracts/CRISPProgram.sol), there are plans to move the merkle tree from the Enclave contract to the program contract itself in the future, which would allow direct calls to validateInput to be stored in the merkle tree.

Applied to files:

• examples/CRISP/packages/crisp-contracts/deployed_contracts.json

🪛 Gitleaks (8.30.0)

packages/enclave-contracts/deployed_contracts.json

[high] 23-23: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

[high] 41-41: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

[high] 42-42: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

[high] 81-81: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

examples/CRISP/packages/crisp-contracts/deployed_contracts.json

[high] 23-23: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

[high] 41-41: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

[high] 42-42: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

[high] 81-81: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🪛 markdownlint-cli2 (0.18.1)

CHANGELOG.md

222-222: Multiple headings with the same content

(MD024, no-duplicate-heading)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (12)

• GitHub Check: Build Binaries (linux-x86_64)
• GitHub Check: Publish NPM Packages
• GitHub Check: Build Binaries (macos-aarch64)
• GitHub Check: Build & Push ciphernode (release)
• GitHub Check: integration_prebuild
• GitHub Check: build_sdk
• GitHub Check: build_enclave_cli
• GitHub Check: crisp_unit
• GitHub Check: rust_integration
• GitHub Check: test_contracts
• GitHub Check: test_net
• GitHub Check: rust_unit

🔇 Additional comments (4)

scripts/bump-versions.ts (1)

170-181: Good addition: Prettier formatting before commit.

Running Prettier before git operations helps avoid pre-commit hook failures. The error handling is appropriate—it logs a warning but continues, which is the right behavior for a formatting step.

Cargo.toml (1)

59-94: LGTM: Consistent version bump to 0.1.6.

All workspace package versions and dependencies are updated consistently from 0.1.5 to 0.1.6. The changes align with the repository-wide version bump.

examples/CRISP/packages/crisp-contracts/deployed_contracts.json (1)

4-123: Contract deployment updates look correct.

The updated addresses and block numbers reflect a new deployment to Sepolia testnet. New contracts (HonkVerifier, CRISPProgram) have been added with appropriate constructor arguments.

Note: The Gitleaks warnings flagging Ethereum addresses as "Generic API Keys" are false positives—these are public testnet addresses and pose no security risk.

packages/enclave-contracts/deployed_contracts.json (1)

4-123: Deployment records updated consistently.

The contract deployments are updated with new addresses, block numbers, and proxy configurations. The changes align with the CRISP deployment updates and add necessary mock contracts for testing.

The Gitleaks warnings are false positives (Ethereum addresses are not API keys).

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

examples/CRISP/scripts/publish.ts (1)

422-423: Document the --no-verify option in help text.

The CLI correctly parses the --no-verify flag, but the help text in the showHelp() function doesn't document this option. Users won't discover this feature without reading the source code.

Add documentation for the option:

 Options:
   --tag <name>        npm dist-tag (default: 'latest' for releases, 'next' for pre-releases)
   --skip-git          Skip all git operations (no commit)
   --dry-run           Show what would be done without making changes
+  --no-verify         Skip git commit hooks when committing
   --help, -h          Show this help message

🧹 Nitpick comments (1)

.github/scripts/prepareForNpmPublishing.ts (1)

30-36: Consider dynamic package discovery.

The hardcoded package list could become stale if packages are added or removed. Consider discovering packages dynamically by reading the workspace configuration or using a glob pattern to find all package.json files with workspace dependencies.

Example approach:

// Dynamically discover packages from pnpm-workspace.yaml or by finding package.json files
const glob = await import('glob')
const packagePaths = glob.sync('packages/*/package.json', { cwd: WORKSPACE_ROOT })

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e77ac12 and 9157bc8.

⛔ Files ignored due to path filters (2)

• Cargo.lock is excluded by !**/*.lock
• templates/default/Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (17)

• .github/scripts/prepareForNpmPublishing.ts (1 hunks)
• .github/workflows/ci.yml (1 hunks)
• .github/workflows/releases.yml (1 hunks)
• Cargo.toml (1 hunks)
• crates/wasm/package.json (2 hunks)
• dappnode/docker-compose.yml (1 hunks)
• examples/CRISP/packages/crisp-contracts/contracts/CRISPProgram.sol (1 hunks)
• examples/CRISP/packages/crisp-contracts/deployed_contracts.json (2 hunks)
• examples/CRISP/scripts/publish.ts (4 hunks)
• package.json (2 hunks)
• packages/enclave-config/package.json (2 hunks)
• packages/enclave-contracts/artifacts/contracts/interfaces/ICiphernodeRegistry.sol/ICiphernodeRegistry.json (1 hunks)
• packages/enclave-contracts/deployed_contracts.json (2 hunks)
• packages/enclave-contracts/package.json (1 hunks)
• packages/enclave-react/package.json (1 hunks)
• packages/enclave-sdk/package.json (2 hunks)
• scripts/bump-versions.ts (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (5)

• packages/enclave-contracts/artifacts/contracts/interfaces/ICiphernodeRegistry.sol/ICiphernodeRegistry.json
• packages/enclave-contracts/package.json
• crates/wasm/package.json
• scripts/bump-versions.ts
• packages/enclave-react/package.json

🧰 Additional context used

🧠 Learnings (5)

📚 Learning: 2025-11-12T10:08:30.720Z

Learnt from: ctrlc03
Repo: gnosisguild/enclave PR: 996
File: examples/CRISP/packages/crisp-contracts/contracts/CRISPProgram.sol:144-169
Timestamp: 2025-11-12T10:08:30.720Z
Learning: In the CRISP program (examples/CRISP/packages/crisp-contracts/contracts/CRISPProgram.sol), there are plans to move the merkle tree from the Enclave contract to the program contract itself in the future, which would allow direct calls to validateInput to be stored in the merkle tree.

Applied to files:

• examples/CRISP/packages/crisp-contracts/contracts/CRISPProgram.sol
• examples/CRISP/packages/crisp-contracts/deployed_contracts.json

📚 Learning: 2025-11-05T14:12:57.814Z

Learnt from: ctrlc03
Repo: gnosisguild/enclave PR: 963
File: examples/CRISP/client/package.json:25-25
Timestamp: 2025-11-05T14:12:57.814Z
Learning: In the Enclave/CRISP codebase, `enclave-e3/sdk` and `crisp-e3/sdk` are different packages: `enclave-e3/sdk` is the general Enclave SDK, while `crisp-e3/sdk` is the CRISP-specific SDK. The CRISP client (`examples/CRISP/client`) intentionally depends on `enclave-e3/sdk`, not `crisp-e3/sdk`.

Applied to files:

• packages/enclave-sdk/package.json
• Cargo.toml
• package.json

📚 Learning: 2025-08-25T10:28:56.174Z

Learnt from: ctrlc03
Repo: gnosisguild/enclave PR: 657
File: Cargo.toml:32-34
Timestamp: 2025-08-25T10:28:56.174Z
Learning: The examples/CRISP directory has its own Cargo.toml workspace configuration with members like "server", "wasm-crypto", "program/core", "program/client", etc. The root workspace intentionally excludes "examples/CRISP/server", "examples/CRISP/program", and "examples/CRISP/wasm-crypto" to prevent double workspace membership, which is the correct approach for self-contained example workspaces.

Applied to files:

• Cargo.toml

📚 Learning: 2024-10-22T02:36:01.448Z

Learnt from: ryardley
Repo: gnosisguild/enclave PR: 145
File: packages/ciphernode/data/Cargo.toml:0-0
Timestamp: 2024-10-22T02:36:01.448Z
Learning: In `packages/ciphernode/data/Cargo.toml`, `actix-rt` is only used in tests and should remain in `[dev-dependencies]`.

Applied to files:

• Cargo.toml

📚 Learning: 2025-09-19T11:16:53.825Z

Learnt from: cedoor
Repo: gnosisguild/enclave PR: 752
File: packages/enclave-contracts/contracts/Enclave.sol:15-17
Timestamp: 2025-09-19T11:16:53.825Z
Learning: The Enclave contract in the gnosisguild/enclave repository has not been deployed yet as of September 2025, so storage layout considerations for upgradeable contracts don't apply to current changes.

Applied to files:

• examples/CRISP/packages/crisp-contracts/deployed_contracts.json
• packages/enclave-contracts/deployed_contracts.json

🪛 Gitleaks (8.30.0)

examples/CRISP/packages/crisp-contracts/deployed_contracts.json

[high] 23-23: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

[high] 41-41: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

[high] 42-42: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

[high] 81-81: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (10)

• GitHub Check: build_e3_support_dev
• GitHub Check: build_sdk
• GitHub Check: crisp_unit
• GitHub Check: build_enclave_cli
• GitHub Check: integration_prebuild
• GitHub Check: test_net
• GitHub Check: rust_integration
• GitHub Check: build_ciphernode_image
• GitHub Check: rust_unit
• GitHub Check: test_contracts

🔇 Additional comments (15)

.github/workflows/ci.yml (1)

795-802: The --verbose flag is supported and will work correctly.

The flag is properly defined as a global argument in the CLI framework (crates/cli/src/cli.rs) and is correctly passed to the init command handler (crates/cli/src/init.rs). The workflow change is valid and will function as intended.

dappnode/docker-compose.yml (1)

7-7: LGTM!

Version bump correctly aligned with the overall 0.1.6 release.

packages/enclave-sdk/package.json (1)

3-3: LGTM!

Version bump and repository metadata addition are correct and follow npm best practices.

Also applies to: 22-26

package.json (1)

4-4: LGTM!

Version bump, repository metadata, and new prepare-publish script correctly support the enhanced publishing workflow.

Also applies to: 11-14, 65-65

packages/enclave-config/package.json (1)

3-3: LGTM!

Version bump and repository metadata are correctly applied.

Also applies to: 17-21

.github/scripts/prepareForNpmPublishing.ts (1)

58-73: LGTM!

The workspace dependency replacement logic is correct. Using caret ranges (^) for published packages follows npm conventions and allows compatible updates.

.github/workflows/releases.yml (1)

279-281: LGTM!

The new preparation step is correctly placed in the workflow sequence (after build, before publish) and properly executes the prepare-publish script.

examples/CRISP/scripts/publish.ts (1)

243-256: LGTM!

Running Prettier from the repository root before committing is a good practice to ensure consistent formatting. The non-fatal error handling (continue on failure) prevents blocking the publish flow if Prettier encounters issues.

Cargo.toml (1)

59-59: LGTM!

Workspace version and all workspace dependencies are correctly and consistently bumped to 0.1.6.

Also applies to: 66-94

examples/CRISP/packages/crisp-contracts/contracts/CRISPProgram.sol (1)

195-195: LGTM! LazyIMT API update correctly applied.

The addition of the TREE_DEPTH parameter to the _root() call correctly addresses the LazyIMT 2.0.0-beta.12 API requirement.

examples/CRISP/packages/crisp-contracts/deployed_contracts.json (2)

112-123: LGTM! New deployment entries are properly configured.

The new HonkVerifier and CRISPProgram entries are correctly configured with valid addresses and constructor arguments that properly reference the deployed contract addresses.

---

1-125: Static analysis warnings are false positives.

The Gitleaks warnings about "Generic API Key" are false positives. The flagged values are Ethereum addresses and contract deployment metadata, not API keys.

packages/enclave-contracts/deployed_contracts.json (3)

50-56: LGTM! Proxy records properly configured.

The proxyRecords additions for upgradeable contracts follow the standard proxy pattern with correct structure and internally consistent addresses.

Also applies to: 66-72, 87-93

---

97-111: LGTM! Mock contract entries are properly documented.

The new mock contract deployments are correctly recorded with their addresses and block numbers for the Sepolia testnet.

---

115-123: LGTM! CRISPProgram constructor arguments correctly reference deployed contracts.

The CRISPProgram deployment correctly references the addresses of Enclave, MockRISC0Verifier, and HonkVerifier contracts that are defined elsewhere in the manifest.

[ryardley]

Looks like this broke the enclave init test

[ctrlc03]

Looks like this broke the enclave init test

@ryardley yes we fixed in the next release (for context we had to publish with npm to support the new tokenless publishing with trusted publishers, but npm does not resolve workspace:* automatically so packages were published without dependencies being resolved)