Dargon789 refactor deployment scripts and update configs

.changeset/README.md

@@ -0,0 +1,8 @@
+# Changesets
+
+Hello and welcome! This folder has been automatically generated by `@changesets/cli`, a build tool that works
+with multi-package repos, or single-package repos to help you version and publish your code. You can
+find the full documentation for it [in our repository](https://github.com/changesets/changesets)
+
+We have a quick list of common questions to get you started engaging with this project in
+[our documentation](https://github.com/changesets/changesets/blob/main/docs/common-questions.md)

.changeset/config.json

@@ -0,0 +1,11 @@
+{
+  "$schema": "https://unpkg.com/@changesets/config@3.1.1/schema.json",
+  "changelog": "@changesets/cli/changelog",
+  "commit": false,
+  "fixed": [],
+  "linked": [],
+  "access": "restricted",
+  "baseBranch": "main",
+  "updateInternalDependencies": "patch",
+  "ignore": []
+}

.env.example

@@ -2,28 +2,41 @@
 # Copy this file to .env and fill in with actual values
 
 # ============================================
-# UPGRADE TESTS
+# PRIVATE KEY (Required for deployment)
 # ============================================
-UPGRADE_TEST_RPC_URL=https://base-mainnet.g.alchemy.com/v2/YOUR_API_KEY # Base
-UPGRADE_TEST_OLD_PROXY=0x7C27e3AEcbF42879B64d76f604dC3430F4886462
-UPGRADE_TEST_OLD_VERSION=0.5.10
+# NEVER commit your actual private key!
+PRIVATE_KEY=0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80
 
 # ============================================
-# DEPLOYMENT SCRIPTS
+# RPC ENDPOINTS (Required)
 # ============================================
-PRIVATE_KEY=
-
 # Format: RPC_{chainId}
 
 # Mainnet chains
 RPC_1=https://eth-mainnet.g.alchemy.com/v2/YOUR_API_KEY         # Ethereum
+RPC_42161=https://arb-mainnet.g.alchemy.com/v2/YOUR_API_KEY     # Arbitrum
+RPC_8453=https://base-mainnet.g.alchemy.com/v2/YOUR_API_KEY     # Base
 
 # Testnet chains
 RPC_11155111=https://eth-sepolia.g.alchemy.com/v2/YOUR_API_KEY  # Sepolia
 
-# Test mnemonic for funding script
-GAS_SIGNER_MNEMONIC="dash between kangaroo vacant gaze glass way sudden retire output retire evil"
-
+# Local development
+RPC_28405=https://porto-dev-paros.rpc.ithaca.xyz                         # Porto Devnet
+RPC_28406=https://porto-dev-tinos.rpc.ithaca.xyz                         # Porto Devnet
+RPC_28407=https://porto-dev-leros.rpc.ithaca.xyz                         # Porto Devnet
 
+# ============================================
+# VERIFICATION API KEYS (Optional)
+# ============================================
+# Format: VERIFICATION_KEY_{chainId}
+# Get API keys from respective block explorers
 
+VERIFICATION_KEY_1=YOUR_ETHERSCAN_API_KEY      # https://etherscan.io
+VERIFICATION_KEY_42161=YOUR_ARBISCAN_API_KEY   # https://arbiscan.io
+VERIFICATION_KEY_8453=YOUR_BASESCAN_API_KEY    # https://basescan.org
 
+# ============================================
+# CONFIGURATION
+# ============================================
+# All deployment configuration is in deploy/deploy-config.json
+# See deploy/README.md for detailed instructions

.github/workflows/ci.yaml

@@ -5,13 +5,11 @@ on:
   push:
     branches: [main]
 
-permissions:
-  contents: write
-  pull-requests: write
-
 jobs:
   test:
     name: Tests
+    permissions:
+      contents: read
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -21,31 +19,22 @@ jobs:
       - name: Install Foundry
         uses: foundry-rs/foundry-toolchain@v1
         with:
-          version: nightly
+          version: nightly 
 
       - name: Build
         run: |
           forge build
 
-      - name: Run tests
-        env:
-          UPGRADE_TEST_RPC_URL: ${{ secrets.UPGRADE_TEST_RPC_URL }}
-          UPGRADE_TEST_OLD_PROXY: ${{ secrets.UPGRADE_TEST_OLD_PROXY }}
-          UPGRADE_TEST_OLD_VERSION: ${{ secrets.UPGRADE_TEST_OLD_VERSION }}
+      - name: Check formatting
         run: |
-          forge test -vvv
+          forge fmt --check
 
-      - name: Format contracts and generate snapshots
-        if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository
+      - name: Run tests
         run: |
-          forge fmt
-          forge snapshot --isolate --match-contract Benchmark --via-ir
+          forge test --rerun -vvvvv
 
-      - name: Commit formatting and snapshot changes
-        if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository
-        uses: stefanzweifel/git-auto-commit-action@v5
-        with:
-          commit_message: "chore: fmt contracts and update gas snapshots"
-          file_pattern: "*.sol snapshots/"
-          commit_user_name: github-actions[bot]
-          commit_user_email: github-actions[bot]@users.noreply.github.com
+      - name: Snapshot main branch
+        run: git fetch origin main && git worktree prune &&rm -rf .snapshot_worktree && git worktree add .snapshot_worktree origin/main && (cd .snapshot_worktree && forge snapshot --match-contract Benchmark --snap .temp-snapshot) && cp .snapshot_worktree/.temp-snapshot gas-snapshots/.gas-snapshot-main && git worktree remove --force .snapshot_worktree && git worktree prune
+
+      - name: Compare gas snapshots
+        run: forge snapshot --match-contract Benchmark --diff gas-snapshots/.gas-snapshot-main

.github/workflows/claude-code.yml

@@ -17,6 +17,8 @@ jobs:
   check-permissions:
     name: Check permissions
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     outputs:
       has-permission: ${{ steps.check.outputs.has-permission }}
     steps:

.github/workflows/manual-deployment.yml

@@ -1,5 +1,8 @@
 name: Manual Deployment Execution
 
+permissions:
+  contents: read
+
 on:
   workflow_dispatch:
     inputs:

.github/workflows/test-infra.yml

@@ -1,4 +1,6 @@
 name: Manual Deployment Execution
+permissions:
+  contents: read
 
 on:
   workflow_dispatch:

.github/workflows/version-check.yaml

@@ -57,22 +57,31 @@ jobs:
       - name: Bump version if needed
         if: steps.check.outputs.needs_version_bump == 'true'
         run: |
+          # Configure git
+          git config --local user.email "action@github.com"
+          git config --local user.name "GitHub Action"
+
           # Get the contracts that need bumping
           CONTRACTS_TO_BUMP="${{ steps.check.outputs.contracts_to_bump }}"
-
+          
           echo "Bumping versions for contracts: $CONTRACTS_TO_BUMP"
-
+          
           # Update Solidity files using the upgrade script with specific contracts
           CONTRACTS_TO_BUMP="$CONTRACTS_TO_BUMP" node prep/update-version.js
-
-      - name: Commit version bump changes
-        if: steps.check.outputs.needs_version_bump == 'true'
-        uses: stefanzweifel/git-auto-commit-action@v5
-        with:
-          commit_message: "chore: bump contract versions due to bytecode changes - Contracts updated: ${{ steps.check.outputs.contracts_to_bump }}"
-          file_pattern: "src/*.sol"
-          commit_user_name: github-actions[bot]
-          commit_user_email: github-actions[bot]@users.noreply.github.com
+
+          # Commit changes (only Solidity files, not package.json)
+          git add src/*.sol
+          git commit -m "chore: bump contract versions due to bytecode changes - Contracts updated: $CONTRACTS_TO_BUMP"
+
+          # Pull latest changes and rebase
+          # Pull latest changes and rebase
+          if ! git pull origin ${{ github.event.pull_request.head.ref }} --rebase; then
+            echo "Failed to rebase version bump changes. Manual intervention required."
+            exit 1
+          fi
+
+          # Push to the PR branch
+          git push origin HEAD:${{ github.event.pull_request.head.ref }}
 
       - name: Create PR comment
         if: steps.check.outputs.needs_version_bump == 'true'

.gitmodules

@@ -7,6 +7,9 @@
 [submodule "lib/LayerZero-v2"]
 	path = lib/LayerZero-v2
 	url = https://github.com/LayerZero-Labs/LayerZero-v2
+[submodule "lib/devtools"]
+	path = lib/devtools
+	url = https://github.com/LayerZero-Labs/devtools
 [submodule "lib/openzeppelin-contracts"]
 	path = lib/openzeppelin-contracts
 	url = https://github.com/OpenZeppelin/openzeppelin-contracts

CHANGELOG.md

@@ -1,24 +1,5 @@
 # porto-account
 
-> Note: After v0.5.5, all changelogs will be published along with the release notes.   
-> From here on, this file is deprecated.
-
-## 0.5.5
-
-### Patch Changes
-- Update foundry config, to not include metadata in the bytecode. This ensures that the contract bytecode doesn't change because of some other change in the repository.
-
-
-## 0.5.4
-
-### Patch Changes
-
-- SimpleFunder supports multiple orchestrators instead of single immutable orchestrator
-  - Replaced immutable `ORCHESTRATOR` with `orchestrators` mapping and `setOrchestrators()` function
-  - Maintained backward compatibility with old `fund()` signature
-  - Added `supported_orchestrators` config field for deployment
-  - Version bumped to "0.1.5"
-
 ## 0.5.0
 
 ### Minor Changes

README.md

@@ -2,6 +2,10 @@
 
 [![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/ithacaxyz/account)
 
+> 🚧 **Work In Progress**  
+> This repository is under active development. Contracts are **unaudited**, and the codebase may have **breaking changes** without notice.  
+> A bug bounty is live on Base Mainnet — [details here](docs/bug-bounty.md).
+
 **All-in-one EIP-7702 powered account contract, coupled with [Porto](https://github.com/ithacaxyz/porto)**
 
 Every app needs an account, traditionally requiring separate services for auth, payments, and recovery. Doing this in a way that empowers users with control over their funds and their data is the core challenge of the crypto space. While crypto wallets have made great strides, users still face a fragmented experience - juggling private keys, managing account balances across networks,
@@ -19,24 +23,17 @@ We believe that unstoppable crypto-powered accounts should be excellent througho
 
 # Features out of the box
 
-- Secure Login: Using WebAuthN-compatible credentials like PassKeys.
-- Call Batching: Send multiple calls in 1.
-- Gas Sponsorship: Allow anyone to pay for your fees in any ERC20 or ETH.
-- Access Control: Whitelist receivers, function selectors and arguments.
-- Session Keys: Allow transactions without confirmations if they pass low-security access control policies.
-- Multi-sig Support: If a call is outside of a certain access control policy, require multiple signatures.
-- Interop: Transaction on any chain invisibly. 
-
-## Benchmarks
-
-![Benchmarks](docs/benchmarks.jpeg)
-
-Gas benchmark implementations are in the [test repository](test/Benchmark.t.sol). We currently benchmark against leading ERC-4337 accounts. To generate the benchmarks, use `forge snapshot --isolate`. 
-
-## Security
-Contracts were audited in a 2 week engagement by @MiloTruck @rholterhus @kadenzipfel
-
-We also maintain an active bug bounty program, you can find more details about it [here](https://porto.sh/contracts/security-and-bug-bounty)
+- [x] Secure Login: Using WebAuthN-compatible credentials like PassKeys.
+- [x] Call Batching: Send multiple calls in 1.
+- [x] Gas Sponsorship: Allow anyone to pay for your fees in any ERC20 or ETH.
+- [x] Access Control: Whitelist receivers, function selectors and arguments.
+- [x] Session Keys: Allow transactions without confirmations if they pass low-security access control policies.
+- [x] Multi-sig Support: If a call is outside of a certain access control policy, require multiple signatures.
+- [x] Interop: Transaction on any chain invisibly. 
+- [ ] Timelocks: Add a time delay between transaction verification and execution, for additional safety.
+- [ ] Optimized for L2: Using BLS signatures.
+- [ ] Privacy: Using stealth addresses, confidential ERC20 tokens, and privacy pool integrations.
+- [ ] Account Recovery & Identity: Using ZK {Email, OAUth, Passport} and more.
 
 ## Getting Help