Skip to content

Upgrades/docs#2964

Open
Kushmanmb wants to merge 220 commits intobase:masterfrom
kushmanmb-org:master
Open

Upgrades/docs#2964
Kushmanmb wants to merge 220 commits intobase:masterfrom
kushmanmb-org:master

Conversation

@Kushmanmb
Copy link

@Kushmanmb Kushmanmb commented Feb 26, 2026

This pull request introduces a comprehensive set of improvements to the repository's CI/CD, code quality, and repository management practices. The changes focus on standardizing and documenting workflows, enforcing best practices for branch protection, enhancing dependency management, and improving code linting rules. Below are the most important updates grouped by theme.

CI/CD Pipeline Enhancements:

  • Refactored the Buildkite pipeline to use make commands for build, lint, test, and audit steps, added emoji labels for clarity, and introduced new steps for unit tests, security audit (soft fail), and a build summary. Also improved parallelism and failure handling.

Repository & Workflow Management:

  • Added extensive documentation for GitHub Actions best practices, including action versioning, permissions, concurrency, timeouts, and workflow structure, along with guidelines for creating new workflows and security considerations in .github/WORKFLOWS_BEST_PRACTICES.md.
  • Introduced a reusable composite action .github/actions/setup-node-yarn/action.yml to standardize Node.js and Yarn setup with Corepack and dependency installation.
  • Added a Dependabot configuration for automated dependency and GitHub Actions updates, including grouping strategies and reviewer assignments.

Branch Protection & Rulesets:

  • Added detailed documentation for applying branch protection rulesets via the GitHub UI, CLI, and Terraform, including troubleshooting and maintenance guidelines in .github/rulesets/APPLY_RULESETS.md.
  • Provided a README in .github/rulesets/README.md describing the ruleset files, application methods, and maintenance practices.

Code Quality & Linting:

  • Updated ESLint configuration to disallow console statements except for warn and info, enforcing cleaner logging practices.

Other Improvements:

  • Added a .gitattributes file to mark lock files, large data files, and generated files as linguist-generated, ensuring accurate language statistics on GitHub.
  • Updated .copilotignore to explicitly include Solidity files (*.sol).What changed? Why?

Notes to reviewers

How has it been tested?

Have you tested the following pages?

BaseWeb

  • [] base.org
  • [] base.org/names
  • [] base.org/builders
  • [] base.org/ecosystem
  • [] base.org/name/jesse
  • [] base.org/manage-names
  • [] base.org/resources

Copilot AI and others added 30 commits December 29, 2025 00:37
Initial plan
94f6a09
@Kushmanmb
Merge pull request #1 from Kushmanmb/copilot/install-yarn-dependencies
2174874
Initial plan
7e3ee1b
@Kushmanmb
Merge pull request #2 from Kushmanmb/copilot/add-transfer-filter-hook
c3460d0 
[WIP] Add transfer filtering hook with pagination
Initial plan
5713754
@Kushmanmb
Merge pull request #4 from Kushmanmb/copilot/fetch-etherscan-api-data
40d6a1e
Initial plan
f88c2ae
@Kushmanmb
Add user registration form with validation and API endpoint
e6930cd 
Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
Fix linting errors in registration form and API route
3970789 
Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
Address code review feedback: add autocomplete, fix validation, use L…
3b2ed23 
…ink component

Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
Merge pull request #11 from Kushmanmb/copilot/add-user-registration-form
4f1d18a 
Add user registration form with client and server validation
Initial plan
1ced356
@Kushmanmb
Fix critical blockchain code errors - add error logging and validation
92ce8a7 
Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
Fix remaining console.error to use logger for consistency
3bb3273 
Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
Add contract address validation in useRegisterNameCallback
9e8dcf6 
Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
Add comprehensive blockchain audit report
df55fb5 
Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
Update apps/web/src/hooks/useRegisterNameCallback.ts
2ee3ec7 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@Kushmanmb
Merge pull request #12 from Kushmanmb/copilot/audit-blockchain-code-e…
9f7a5c6 
…rrors

Fix silent failures and missing validation in blockchain transaction flows
Initial plan
1b8470d
@Kushmanmb
Optimize performance: Fix O(n²) deduplication, improve DOM polling, a…
eac5e4e 
…dd memoization

Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
Fix ESLint warning: Add memoized functions to dependency array
1deaf26 
Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
Use useCallback instead of useMemo for function memoization
2f101ed 
Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
Address code review feedback: Remove redundant check, clarify comment
4e2f25f 
Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
Merge pull request #15 from Kushmanmb/copilot/improve-slow-code-effic…
3806ccc 
…iency

Optimize transaction deduplication, DOM polling, and category lookups
Initial plan
7e9b409
@Kushmanmb
Refactor API decorators to remove duplication
7cf5c81 
Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
Refactor proof API routes to eliminate duplication
ea895f9 
Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
Refactor attestation hooks to eliminate duplication
ee31de0 
Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
Address code review feedback for attestation factory
778cd50 
Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
Merge pull request #16 from Kushmanmb/copilot/refactor-duplicated-code
e69a80e 
Refactor duplicated code patterns in API routes and attestation hooks
Copilot AI and others added 22 commits February 25, 2026 23:01
@Kushmanmb
Implement claim function with Merkle proof verification
780e86b 
Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
Address code review feedback: clarify reentrancy protection and third…
56ad775 
…-party claiming

Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
Add documentation for modern ETH transfer pattern using call instead …
5b27319 
…of transfer

Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
Add comprehensive implementation summary documentation
5ce20c2 
Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
Set owner to kushmanmb.eth / yaketh.eth address
df460cc 
Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
Add comprehensive contract deployment infrastructure and documentation
3193a03 
Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
Add deployment summary and update README with contract deployment sec…
ad119b2 
…tion

Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
Merge pull request #78 from kushmanmb-org/copilot/update-claim-function
bb10cdd 
Add deployment infrastructure for MyContract.sol
Initial plan
ec37c24
@Kushmanmb
Add authorized address functionality with only-authorized functions
573e126 
Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
Fix: Only owner can update authorized address (security improvement)
53e42d1 
Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
Merge pull request #79 from kushmanmb-org/copilot/add-only-owner-func…
cdce4d2 
…tion

Add delegated value setter for authorized address
Initial plan
23a485a
Initial plan
ddf3c21
@Kushmanmb
Fix private key exposure and add secure environment variable validation
2c3dce8 
- Remove exported private key constants (trustedSignerPKey, cdpKeySecret)
- Add getTrustedSignerPrivateKey() function with validation
- Add getCdpKeySecret() function with validation
- Add CDP_KEY_SECRET to .env.local.example
- Add security warnings in deployment scripts
- Remove hardcoded wallet addresses from documentation

Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
Add comprehensive blockchain security improvements documentation
2a22259 
Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
Add 0x gasless quote API route with comprehensive tests
bab3846 
Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
Merge pull request #80 from kushmanmb-org/copilot/fix-blockchain-erro…
daea20d 
…r-safeguards

[WIP] Fix blockchain error handling with key management best practices
@Kushmanmb
Fix linting issues in gasless quote API route
b91fa32 
Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
Address code review feedback: use URLSearchParams for proper encoding
6ece5ab 
Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
Add API documentation for gasless quote endpoint
d1d6820 
Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
Merge pull request #81 from kushmanmb-org/copilot/add-gasless-quote-r…
c05cbf2 
…equest

Add 0x gasless quote API proxy endpoint
@vercel
Copy link

vercel bot commented Feb 26, 2026

@Kushmanmb is attempting to deploy a commit to the Coinbase Team on Vercel.

A member of the Team first needs to authorize it.

@cb-heimdall
Copy link
Collaborator

cb-heimdall commented Feb 26, 2026
edited
Loading

🟡 Heimdall Review Status

Requirement Status More Info
Reviews 🟡 0/1
Denominator calculation
Show calculation
1 if user is bot 0
1 if user is external 0
2 if repo is sensitive 0
From .codeflow.yml 1
Additional review requirements
Show calculation
Max 0
0
From CODEOWNERS 0
Global minimum 0
Max 1
1
1 if commit is unverified 0
Sum 1

Copilot AI and others added 6 commits February 26, 2026 01:10
Initial plan
bfb7590
@dependabot
chore(deps): bump the npm_and_yarn group across 1 directory with 14 u…
e7feeab 
…pdates

Bumps the npm_and_yarn group with 14 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [next](https://github.com/vercel/next.js) | `15.5.7` | `15.5.10` |
| [cloudinary](https://github.com/cloudinary/cloudinary_npm) | `2.5.1` | `2.7.0` |
| [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) | `7.26.9` | `7.28.6` |
| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` |
| [diff](https://github.com/kpdecker/jsdiff) | `4.0.2` | `4.0.4` |
| [form-data](https://github.com/form-data/form-data) | `4.0.2` | `4.0.5` |
| [h3](https://github.com/h3js/h3) | `1.15.1` | `1.15.5` |
| [hono](https://github.com/honojs/hono) | `4.8.5` | `4.11.9` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |
| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |
| [mdast-util-to-hast](https://github.com/syntax-tree/mdast-util-to-hast) | `13.2.0` | `13.2.1` |
| [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.11` | `2.4.12` |
| [tmp](https://github.com/raszi/node-tmp) | `0.2.3` | `0.2.5` |
| [undici](https://github.com/nodejs/undici) | `5.28.5` | `5.29.0` |



Updates `next` from 15.5.7 to 15.5.10
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v15.5.7...v15.5.10)

Updates `cloudinary` from 2.5.1 to 2.7.0
- [Release notes](https://github.com/cloudinary/cloudinary_npm/releases)
- [Changelog](https://github.com/cloudinary/cloudinary_npm/blob/master/CHANGELOG.md)
- [Commits](cloudinary/cloudinary_npm@2.5.1...2.7.0)

Updates `@babel/helpers` from 7.26.9 to 7.28.6
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.28.6/packages/babel-helpers)

Updates `brace-expansion` from 1.1.11 to 1.1.12
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12)

Updates `diff` from 4.0.2 to 4.0.4
- [Changelog](https://github.com/kpdecker/jsdiff/blob/master/release-notes.md)
- [Commits](kpdecker/jsdiff@v4.0.2...v4.0.4)

Updates `form-data` from 4.0.2 to 4.0.5
- [Release notes](https://github.com/form-data/form-data/releases)
- [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md)
- [Commits](form-data/form-data@v4.0.2...v4.0.5)

Updates `h3` from 1.15.1 to 1.15.5
- [Release notes](https://github.com/h3js/h3/releases)
- [Changelog](https://github.com/h3js/h3/blob/v1.15.5/CHANGELOG.md)
- [Commits](h3js/h3@v1.15.1...v1.15.5)

Updates `hono` from 4.8.5 to 4.11.9
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.8.5...v4.11.9)

Updates `js-yaml` from 3.14.1 to 3.14.2
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@3.14.1...3.14.2)

Updates `jws` from 3.2.2 to 3.2.3
- [Release notes](https://github.com/brianloveswords/node-jws/releases)
- [Changelog](https://github.com/auth0/node-jws/blob/master/CHANGELOG.md)
- [Commits](auth0/node-jws@v3.2.2...v3.2.3)

Updates `mdast-util-to-hast` from 13.2.0 to 13.2.1
- [Release notes](https://github.com/syntax-tree/mdast-util-to-hast/releases)
- [Commits](syntax-tree/mdast-util-to-hast@13.2.0...13.2.1)

Updates `sha.js` from 2.4.11 to 2.4.12
- [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md)
- [Commits](browserify/sha.js@v2.4.11...v2.4.12)

Updates `tmp` from 0.2.3 to 0.2.5
- [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md)
- [Commits](raszi/node-tmp@v0.2.3...v0.2.5)

Updates `undici` from 5.28.5 to 5.29.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v5.28.5...v5.29.0)

Updates `next` from 15.5.7 to 15.5.12
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v15.5.7...v15.5.10)

---
updated-dependencies:
- dependency-name: next
  dependency-version: 15.5.10
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: cloudinary
  dependency-version: 2.7.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@babel/helpers"
  dependency-version: 7.28.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: diff
  dependency-version: 4.0.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: form-data
  dependency-version: 4.0.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: h3
  dependency-version: 1.15.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: hono
  dependency-version: 4.11.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 3.14.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: jws
  dependency-version: 3.2.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: mdast-util-to-hast
  dependency-version: 13.2.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: sha.js
  dependency-version: 2.4.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tmp
  dependency-version: 0.2.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: undici
  dependency-version: 5.29.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: next
  dependency-version: 15.5.12
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
Incorporate rebased dependabot dependency updates
f9dc3d0
@Kushmanmb
Add rebase summary documentation
cbb0183 
Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
Fix hono version in documentation
61d4a4c 
Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
@Kushmanmb
Merge pull request #82 from kushmanmb-org/copilot/rebase-dependabot-b…
1bac533 
…ranch

Rebase Dependabot PR #30 onto latest master
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Kushmanmb @cb-heimdall