Skip to content

Ithaca#104

Open
Dargon789 wants to merge 25 commits into
mainfrom
Ithaca
Open

Ithaca#104
Dargon789 wants to merge 25 commits into
mainfrom
Ithaca

Conversation

@Dargon789

@Dargon789 Dargon789 commented May 6, 2026

Copy link
Copy Markdown
Owner

Summary by Sourcery

Restrict GitHub Actions workflows to read-only repository contents permissions for manual deployment, test infrastructure, and permission-check jobs.

CI:

  • Set explicit read-only contents permissions for the manual deployment workflow.
  • Set explicit read-only contents permissions for the Claude code permission-check job.
  • Set explicit read-only contents permissions for the test infrastructure workflow.

github-actions Bot and others added 25 commits August 5, 2025 22:58
Add testERC20TransferViaPortoOrchestratorWithPasskey() benchmark to isolate
passkey authentication costs from spend limit enforcement costs.

- Uses secp256k1 passkey for transaction signing
- Sets execution permissions for ERC20 transfers
- Requires spend limits (set to max) for passkey operations
- Gas cost: 116,094 (vs 97,030 without passkey, 117,083 with restrictive limits)
- Provides clean measurement of passkey overhead (~19k gas)

Resolves ithacaxyz#272

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-authored-by: Tanishk Goyal <legion2002@users.noreply.github.com>
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Remove executable bit from deploy/execute_config.sh, deploy/verify_config.sh, and prep/check-bytecode-changes.js (mode 100755 → 100644). Update lib/forge-std submodule from commit c2cf7017d27c1d20e74ace4dacb6c5ce4bbbe899 to 07853315f998f94dc724e464b1bab1270888ee64. No other content changes.
* feat: add merkle sigs natively into the account

* fix: tests

* test: add more sophisticated fuzz test

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* pre-commit

* deploy execute_config.sh

* Update forge-std

* Normalize file modes and update forge-std submodule

Remove executable bit from deploy/execute_config.sh, deploy/verify_config.sh, and prep/check-bytecode-changes.js (mode 100755 → 100644). Update lib/forge-std submodule from commit c2cf7017d27c1d20e74ace4dacb6c5ce4bbbe899 to 07853315f998f94dc724e464b1bab1270888ee64. No other content changes.

* Update LayerZero-v2

* Update LayerZero-v2

---------

Co-authored-by: Tanishk Goyal <goyaltanishk02@gmail.com>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com>
* feat: add merkle sigs natively into the account

* fix: tests

* test: add more sophisticated fuzz test

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* Add .circleci/config.yml (#1)

Add CircleCI configuration file to set up a basic pipeline with a say-hello job and workflow

CI:

Add .circleci/config.yml to define a say-hello job that checks out the code and prints a greeting using the cimg/base Docker image
Add a workflow to orchestrate the say-hello job under the CircleCI 2.1 engine

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Create CNAME

* Revert "Merge branch 'master'"

This reverts commit 6c02fbf, reversing
changes made to a317ddb.

* Create CNAME (#9)

* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Create CNAME

* Revert "Merge branch 'master'"

This reverts commit 6c02fbf, reversing
changes made to a317ddb.

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Delete .circleci directory (#27)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* test: add tests for getContextKeyHash in Account.t.sol (ithacaxyz#412)

* Normalize file modes and update forge-std submodule

Remove executable bit from deploy/execute_config.sh, deploy/verify_config.sh, and prep/check-bytecode-changes.js (mode 100755 → 100644). Update lib/forge-std submodule from commit c2cf7017d27c1d20e74ace4dacb6c5ce4bbbe899 to 07853315f998f94dc724e464b1bab1270888ee64. No other content changes.

* Update LayerZero-v2

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Tanishk Goyal <goyaltanishk02@gmail.com>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com>
* feat: add merkle sigs natively into the account

* fix: tests

* test: add more sophisticated fuzz test

* chore: bump contract versions due to bytecode changes - Contracts updated: IthacaAccount

* Add .circleci/config.yml (#1)

Add CircleCI configuration file to set up a basic pipeline with a say-hello job and workflow

CI:

Add .circleci/config.yml to define a say-hello job that checks out the code and prints a greeting using the cimg/base Docker image
Add a workflow to orchestrate the say-hello job under the CircleCI 2.1 engine

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Create CNAME

* Revert "Merge branch 'master'"

This reverts commit 6c02fbf, reversing
changes made to a317ddb.

* Create CNAME (#9)

* Update ci.yaml (#2)

CI:
Update Forge test command to use --rerun and increase verbosity to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#4)

Enhance the CI test step to automatically rerun failed tests and increase verbosity in Forge.
CI:
Enable the --rerun flag for Forge tests to retry failures automatically
Increase Forge test verbosity from -vvv to -vvvvv
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml (#5)

Change Forge test invocation from "forge test --rerun -vvvvv" to "forge test -vvv"
Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Update ci.yaml

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Create CNAME

* Revert "Merge branch 'master'"

This reverts commit 6c02fbf, reversing
changes made to a317ddb.

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* Delete .circleci directory (#27)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>

* pre-commit

* deploy execute_config.sh

* Update forge-std

* test: add tests for getContextKeyHash in Account.t.sol (ithacaxyz#412)

* Normalize file modes and update forge-std submodule

Remove executable bit from deploy/execute_config.sh, deploy/verify_config.sh, and prep/check-bytecode-changes.js (mode 100755 → 100644). Update lib/forge-std submodule from commit c2cf7017d27c1d20e74ace4dacb6c5ce4bbbe899 to 07853315f998f94dc724e464b1bab1270888ee64. No other content changes.

* Update LayerZero-v2

* Update LayerZero-v2

---------

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Tanishk Goyal <goyaltanishk02@gmail.com>
Co-authored-by: GitHub Action <action@github.com>
Co-authored-by: googleworkspace-bot <googleworkspace-bot@google.com>
…n permissions (#66)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
…n permissions (#67)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
…n permissions (#68)

Signed-off-by: Dargon789 <64915515+Dargon789@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@vercel

vercel Bot commented May 6, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
legion Ready Ready Preview, Comment May 6, 2026 3:03pm

@gemini-code-assist

Copy link
Copy Markdown

Note

Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported.

@sourcery-ai

sourcery-ai Bot commented May 6, 2026

Copy link
Copy Markdown
Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Configures explicit, least-privilege GitHub Actions permissions for selected workflows by granting read-only access to repository contents where needed.

Flow diagram for claude-code workflow permissioned job

flowchart TD
  A["workflow_dispatch or trigger for claude-code.yml"] --> B["Job check-permissions"]
  B --> C["permissions: contents read"]
  C --> D["Step check computes has-permission output"]
  D --> E["Job outputs has-permission used by downstream jobs"]
Loading

File-Level Changes

Change Details Files
Add explicit read-only contents permissions to the manual deployment workflow.
  • Introduce a top-level permissions block in the workflow.
  • Set contents permission to read to align with GitHub Actions fine-grained permissions model.
.github/workflows/manual-deployment.yml
Restrict the claude-code workflow check-permissions job to read-only contents access.
  • Add a permissions section under the check-permissions job.
  • Set contents permission to read to follow least-privilege best practices.
.github/workflows/claude-code.yml
Add explicit read-only contents permissions to the test-infra manual deployment workflow.
  • Define a top-level permissions block in the workflow.
  • Set contents permission to read to ensure the workflow can access repository contents under the fine-grained permissions model.
.github/workflows/test-infra.yml

Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@snyk-io

snyk-io Bot commented May 6, 2026

Copy link
Copy Markdown

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've reviewed your changes and they look great!


Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants