fix: deploy risc0verifier with hardhat

[ctrlc03]

Summary by CodeRabbit

• New Features

  • Added a new mock contract for RiscZeroGroth16Verifier.

• Refactor

  • Updated deployment process to use ethers.js instead of Forge-based scripts.
  • Updated OpenZeppelin package dependency path resolution to use node_modules instead of library symlinks.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments

Project	Deployment	Preview	Comments	Updated (UTC)
crisp	Skipped			Oct 24, 2025 9:46pm
enclave-docs	Skipped			Oct 24, 2025 9:46pm

[coderabbitai]

Walkthrough

Introduces a new Solidity mock contract RiscZeroGroth16Verifier for testing, replaces Forge-based deployment in the TypeScript deployment script with ethers.js, and updates OpenZeppelin package remappings to reference node_modules instead of a library path.

Changes

Cohort / File(s)	Summary
New Mock Contract examples/CRISP/packages/crisp-contracts/contracts/Mocks/RiscZeroGroth16Verifier.sol	Adds new mock contract extending RiscZeroGroth16Verifier with constructor wiring CONTROL_ROOT and BN254_CONTROL_ID constants
Deployment Script Refactor examples/CRISP/packages/crisp-contracts/deploy/crisp.ts	Replaces Forge-based deployment flow with ethers.js-based contract factory and deployment using immediate address retrieval
Package Remappings examples/CRISP/packages/crisp-contracts/remappings.txt	Updates OpenZeppelin package mapping from lib/risc0-ethereum/lib/openzeppelin-contracts/ to node_modules/@openzeppelin/

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

• Deployment script change: Verify ethers.js deployment logic correctly mirrors Forge behavior and handles async operations appropriately
• Remappings update: Confirm OpenZeppelin resolution paths work correctly in build system and no dependency conflicts arise

Suggested reviewers

• cedoor

Poem

🐰 A hop and a skip, the verifier's in place,
Ethers now deploys with a much swifter pace,
Mock contracts and mappings all lined up just right,
The CRISP contracts now shine in the light! ✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The pull request title "fix: deploy risc0verifier with hardhat" is clearly related to the main changes in the changeset. The title accurately identifies that the pull request is addressing a deployment mechanism change: it involves updating the deployment approach for the RiscZeroGroth16Verifier contract to work with hardhat. The actual changes support this intent by adding the mock RiscZeroGroth16Verifier contract, replacing the Forge-based deployment with an ethers.js-based deployment (which is compatible with hardhat), and updating package remappings to use node_modules paths that align with hardhat/ethers.js workflows. The title is specific and concise enough that a teammate reviewing the history would understand the primary change relates to fixing deployment configuration.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/risc0

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

examples/CRISP/contracts/Mocks/RiscZeroGroth16Verifier.sol (1)

1-16: Consider relocating this wrapper contract.

The contract is placed in the Mocks directory but appears to be a production wrapper rather than a mock. This placement may confuse developers about its intended usage.

Consider moving it to a more appropriate location such as:

• contracts/Wrappers/RiscZeroGroth16Verifier.sol
• contracts/Verifiers/RiscZeroGroth16Verifier.sol
• Or update the directory name from Mocks to Wrappers or Adapters if this pattern is used elsewhere

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 82c09ea and 35a2863.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (6)

• examples/CRISP/contracts/Mocks/RiscZeroGroth16Verifier.sol (1 hunks)
• examples/CRISP/deploy/Deploy.s.sol (0 hunks)
• examples/CRISP/deploy/crisp.ts (1 hunks)
• examples/CRISP/foundry.toml (0 hunks)
• examples/CRISP/package.json (1 hunks)
• examples/CRISP/remappings.txt (1 hunks)

💤 Files with no reviewable changes (2)

• examples/CRISP/foundry.toml
• examples/CRISP/deploy/Deploy.s.sol

🧰 Additional context used

🧬 Code graph analysis (1)

examples/CRISP/deploy/crisp.ts (1)

packages/enclave-contracts/scripts/utils.ts (1)

• storeDeploymentArgs (34-66)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)

• GitHub Check: build_sdk
• GitHub Check: build_e3_support_dev
• GitHub Check: rust_unit
• GitHub Check: integration_prebuild
• GitHub Check: build_enclave_cli
• GitHub Check: rust_integration
• GitHub Check: test_contracts
• GitHub Check: test_net

🔇 Additional comments (3)

examples/CRISP/package.json (1)

37-38: LGTM! Dependency placement is now correct.

Moving @openzeppelin/contracts from devDependencies to dependencies aligns with its runtime usage in the contracts and the updated remappings configuration.

examples/CRISP/remappings.txt (1)

7-7: LGTM! Remapping correctly updated.

The OpenZeppelin remapping now points to the installed npm package, consistent with the dependency change in package.json and matching the pattern of other node_modules-based remappings.

examples/CRISP/deploy/crisp.ts (1)

110-120: Setup-dependent verification required.

The wrapper contract code is correctly structured and the risc0 import remappings are properly configured in remappings.txt. However, the lib/risc0-ethereum directory is currently empty because the development setup script (pnpm install via dev:setup) has not been run—this is expected behavior for an uninitialized repository state in the sandbox.

The refactored deployment logic will compile successfully once the environment is properly initialized. Ensure that:

1. You run pnpm install at the repository root to populate dependencies
2. The risc0/=lib/risc0-ethereum/contracts/src/ remapping in remappings.txt is respected by Forge during compilation
3. pnpm compile (which runs forge compile) completes without errors locally before merging

[cedoor]

LGTM, just needs a merge

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

examples/CRISP/packages/crisp-contracts/deploy/crisp.ts (1)

11-11: Remove unused import.

The execSync import from child_process appears to be unused after migrating from Forge to ethers.js deployment.

-import { execSync } from "child_process";

🧹 Nitpick comments (1)

examples/CRISP/packages/crisp-contracts/contracts/Mocks/RiscZeroGroth16Verifier.sol (1)

11-16: Consider renaming to avoid contract resolution ambiguity.

The mock contract shares the same name as its parent RiscZeroGroth16Verifier. While the Solidity code handles this via aliasing (RiscZero), the TypeScript deployment script calling ethers.getContractFactory("RiscZeroGroth16Verifier") may encounter ambiguity in resolving which contract artifact to use.

Consider one of these approaches:

Option 1: Rename the mock contract to be more explicit:

-contract RiscZeroGroth16Verifier is RiscZero {
+contract RiscZeroGroth16VerifierMock is RiscZero {

Option 2: Use fully qualified name in the deployment script:

await ethers.getContractFactory("contracts/Mocks/RiscZeroGroth16Verifier.sol:RiscZeroGroth16Verifier")

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 35a2863 and d4eb5f1.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (3)

• examples/CRISP/packages/crisp-contracts/contracts/Mocks/RiscZeroGroth16Verifier.sol (1 hunks)
• examples/CRISP/packages/crisp-contracts/deploy/crisp.ts (1 hunks)
• examples/CRISP/packages/crisp-contracts/remappings.txt (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

examples/CRISP/packages/crisp-contracts/deploy/crisp.ts (1)

packages/enclave-contracts/scripts/utils.ts (1)

• storeDeploymentArgs (34-66)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: build_sdk
• GitHub Check: rust_integration
• GitHub Check: integration_prebuild
• GitHub Check: test_net
• GitHub Check: rust_unit
• GitHub Check: test_contracts
• GitHub Check: build_enclave_cli

🔇 Additional comments (3)

examples/CRISP/packages/crisp-contracts/remappings.txt (1)

7-7: LGTM! Clean migration to node_modules.

The OpenZeppelin remapping correctly points to the npm package location, aligning with the broader shift from git submodules to npm-based dependencies.

examples/CRISP/packages/crisp-contracts/contracts/Mocks/RiscZeroGroth16Verifier.sol (1)

13-14: Verify hardcoded constants are appropriate for this mock verifier's intended test scenarios.

These hardcoded constants—CONTROL_ROOT (Merkle root of allowed control IDs) and BN254_CONTROL_ID (control ID as BN254 scalar)—are critical for Groth16 proof verification. Since this is a mock verifier, ensure the hardcoded values match the test receipts/programs you intend to verify.

examples/CRISP/packages/crisp-contracts/deploy/crisp.ts (1)

110-120: Contract resolution verified—no ambiguity exists.

The local RiscZeroGroth16Verifier contract in contracts/Mocks/RiscZeroGroth16Verifier.sol is the only contract with this name in the codebase. Since:

• Hardhat's sources path is configured to ./contracts (includes the Mocks directory)
• The risc0 library is not included in npmFilesToBuild
• Only one matching artifact will be generated during compilation

The call to ethers.getContractFactory("RiscZeroGroth16Verifier") will correctly resolve to the local mock contract without ambiguity. The deployment code is sound.

[cedoor]

utACK