fix(pr971): resolve CodeRabbit review follow-ups#1004
Merged
mswilkison merged 2 commits intoJul 2, 2026
Merged
Conversation
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Plus Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
…wer, docs, NatSpec) Follow-ups on PR #971 (extraction/frost-mirror-2026-05-26). Per-item status: 1. .github/workflows/ci-pr.yml (SHA-pin actions + persist-credentials): SKIPPED — file does not exist in PR #971 or on branch extraction/frost-mirror-2026-05-26; nothing to pin. 2. .github/workflows/nightly-formal-invariants.yml (same treatment): SKIPPED — file does not exist in PR #971 or on the branch. 3. docs/rfc/frost-migration/audit-prep-findings-2026-05-25.md: FIXED — normalized non-canonical repo paths in the scope summary (and the L32 plan-doc reference) to the canonical layout (solidity/contracts/..., solidity/test/..., docs/rfc/frost-migration/). 4. docs/rfc/frost-migration/b1-implementation-plan.md: FIXED — deploy-script filename made consistent with on-disk solidity/deploy/48_deploy_frost_wallet_registry.ts (46_ -> 48_). 5. services/watchtower/src/FileBackedP2TRWatchtowerChallengeRecordPersistence.ts: FIXED — saveChallengeRecords now maps through the existing normalizeSerializedRecord validator before JSON.stringify, mirroring the load path; atomic-write behavior preserved. 6. solidity/contracts/bridge/BridgeGovernance.sol: FIXED — NatSpec on the migrateLegacyFraudChallenges forwarder now states the target Bridge helper is intentionally stubbed and always reverts (MigrateLegacyFraudChallengesNotImplemented) until a future upgrade; function retained. 7. solidity/contracts/bridge/IBridgeLifecycleRouter.sol: FIXED — interface docs aligned with the shipped Bridge ABI: point implementers to frostLifecycleContext(walletPubKeyHash); note the absence of separate lifecycleRouter/frostWalletRegistry/ walletIDByWalletPubKeyHash getters. One-shot setLifecycleRouter note was already present and accurate. 8. services/watchtower/src/P2TRSignatureFraudWatchtowerLoop.ts: FIXED — abortableDelay stores the handler in const onAbort and removes the abort listener in the timeout path too, preventing listener leaks across loop iterations; clearTimeout kept in the abort path. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…sistence Addresses CodeRabbit findings 1 & 2 on the real workflow file introduced by PR #971 (services-watchtower.yml), rather than the non-existent ci-pr.yml / nightly-formal-invariants.yml the findings named. - Add `with: persist-credentials: false` to both `actions/checkout` steps. - Pin every `uses:` to a full 40-hex commit SHA (major version unchanged): - actions/checkout@v3 -> f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - dorny/paths-filter@v2 -> 4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 - pnpm/action-setup@v4 -> b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4.3.0 - actions/setup-node@v3 -> 3235b876344d2a9aa001b8d1453c930bba69e610 # v3.9.1 SHAs resolved via `git ls-remote` against each action repo's tags (the annotated pnpm/action-setup tag pinned to its peeled commit). Scope limited to services-watchtower.yml (the workflow this PR introduces); pre-existing repo workflows are left untouched. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
e3976f6 to
a60b49b
Compare
4b32995
into
extraction/frost-mirror-2026-05-26
51 checks passed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR stacks on top of #971 (
extraction/frost-mirror-2026-05-26) and addresses its open CodeRabbit review threads. It is based on the PR #971 head branch, notmain.CodeRabbit follow-ups
ci-pr.ymlandnightly-formal-invariants.yml, which do not exist in this repo. The real workflow PR feat(frost): mirror FROST/Schnorr extraction from tBTC monorepo #971 introduces is.github/workflows/services-watchtower.yml, and it had the exact issue those findings describe (unpinned actions, nopersist-credentials). Hardened there instead:with: persist-credentials: falseto bothactions/checkoutsteps.uses:to a full 40-hex commit SHA with a# vX.Y.Zcomment (major versions unchanged):actions/checkout@v3→f43a0e5ff2bd294095638e18286ca9a3d1956744# v3.6.0dorny/paths-filter@v2→4512585405083f25c027a35db413c2b3b9006d50# v2.11.1pnpm/action-setup@v4→b906affcce14559ad1aafd4ab0e942779e9f58b1# v4.3.0 (annotated tag, pinned to peeled commit)actions/setup-node@v3→3235b876344d2a9aa001b8d1453c930bba69e610# v3.9.1services-watchtower.yml(the workflow this PR introduces); pre-existing repo workflows are intentionally left untouched — repo-wide pinning is a separate effort.docs/rfc/frost-migration/audit-prep-findings-2026-05-25.md— canonical paths. Normalized the scope-summary roots (and the L32 plan-doc reference) tosolidity/contracts/...,solidity/test/..., anddocs/rfc/frost-migration/.docs/rfc/frost-migration/b1-implementation-plan.md— deploy-script filename. The on-disk script issolidity/deploy/48_deploy_frost_wallet_registry.ts; corrected the stale46_mention to48_(the other mention was already48_).services/watchtower/src/FileBackedP2TRWatchtowerChallengeRecordPersistence.ts— validate on save.saveChallengeRecordsnow maps records through the existingnormalizeSerializedRecordvalidator beforeJSON.stringify, mirroring the load path so invalid state can't be written. Atomic-write behavior is unchanged.solidity/contracts/bridge/BridgeGovernance.sol— forwarder NatSpec.Bridge.migrateLegacyFraudChallengesis stubbed to alwaysrevert MigrateLegacyFraudChallengesNotImplemented(). Updated the forwarder NatSpec to state it is intentionally non-operational and reverts until a future Bridge upgrade lands. Function retained.solidity/contracts/bridge/IBridgeLifecycleRouter.sol— interface docs vs. shipped ABI. The Bridge exposes a singlefrostLifecycleContext(walletPubKeyHash)view and does not expose separatelifecycleRouter/frostWalletRegistry/walletIDByWalletPubKeyHashgetters. Updated the doc to point implementers atfrostLifecycleContext(...)and to state those getters are absent. The one-shotsetLifecycleRouternote was already present and accurate.services/watchtower/src/P2TRSignatureFraudWatchtowerLoop.ts— listener leak.abortableDelaynow stores the handler inconst onAbortand removes the abort listener in the timeout path too (signal?.removeEventListener("abort", onAbort)), keepingclearTimeoutin the abort path. Fixes the leak of abort listeners across loop iterations.Validation
services-watchtower.ymlpassprettier@2.3.2(@keep-network/prettier-config-keep, i.e.{ semi: false }).services-watchtower.ymlparses as valid YAML (ruby -ryaml).🤖 Generated with Claude Code