[codex] Add integrations entrypoint

[punk6529]

Summary

Adds INT-001: a checked integration entrypoint for frontend, mobile, Electron, indexer, operator UI, and backend signing service teams.

• Adds docs/integrations/README.md with canonical source-of-truth links for ABIs, address books, deployment manifests, release manifests, event topic catalog, interface IDs, metadata/signing/deployment docs, readiness evidence, risk register, and checksum artifacts.
• Adds scripts/check_integrations_readme.py and scripts/test_integrations_readme.py, then wires them into Makefile, Bash, PowerShell, and CI gates.
• Links the entrypoint from README, release-readiness, and release-artifacts docs, and includes it in release-manifest/checksum coverage.
• Updates durable roadmap/run-state/backlog records after PR [codex] Add release risk register #389 and folds the reviewer-rebaseline context into the active INT-001 execution path.

Readiness Boundary

This is documentation/tooling only. It does not claim public beta, production, audit, live marketplace/indexer, or live deployment readiness. The new entrypoint explicitly says the repo remains pre-audit and not production-ready, and that local evidence does not replace fork/testnet/live evidence.

Validation

• python scripts/test_integrations_readme.py
• python scripts/check_integrations_readme.py
• python scripts/test_release_readiness.py
• python scripts/check_release_readiness.py
• python scripts/test_release_manifest.py
• python scripts/generate_release_manifest.py --check
• python scripts/test_bytecode_release_proof.py
• python scripts/generate_bytecode_release_proof.py --check
• python scripts/test_release_checksums.py
• python scripts/generate_release_checksums.py --check
• python scripts/test_risk_register.py
• python scripts/check_risk_register.py
• python scripts/generate_risk_register.py --check
• python scripts/check_changelog.py
• python -m py_compile scripts/check_integrations_readme.py scripts/test_integrations_readme.py
• git diff --check
• Full Windows gate: $env:Path="$HOME\.foundry\bin;$env:Path"; powershell -NoProfile -ExecutionPolicy Bypass -File scripts\check.ps1

Closes #390

[coderabbitai]

Warning

Review limit reached

@punk6529, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 1 hour, 47 minutes, and 48 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: a9756f25-b62b-48ae-b8a7-5289bc693722

📥 Commits

Reviewing files that changed from the base of the PR and between 9aafee7 and 9bb27e3.

📒 Files selected for processing (22)

• .github/workflows/ci.yml
• CHANGELOG.md
• Makefile
• README.md
• docs/integrations/README.md
• docs/release-readiness.md
• ops/AUTONOMOUS_RUN.md
• ops/EXECUTION_BACKLOG.md
• ops/ROADMAP.md
• release-artifacts/README.md
• release-artifacts/latest/SHA256SUMS
• release-artifacts/latest/bytecode-release-proof.json
• release-artifacts/latest/release-checksums.json
• release-artifacts/latest/release-manifest.json
• release-artifacts/latest/risk-register.json
• scripts/check.ps1
• scripts/check.sh
• scripts/check_integrations_readme.py
• scripts/check_release_readiness.py
• scripts/generate_release_manifest.py
• scripts/test_integrations_readme.py
• scripts/test_release_readiness.py

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/integrations-entrypoint

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[punk6529]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[6529bot]

6529bot crypto security analysis - de5f291

Verdict: No security findings.

This PR adds a documentation entrypoint (docs/integrations/README.md), a Python checker/test pair, CI/Makefile wiring, and regenerated release-manifest/checksum artifacts. No Solidity, wallet, auth, signature, or token logic is touched.

I checked the one piece of new executable code with security relevance — the Markdown link path handling in scripts/check_integrations_readme.py:

• normalize_repo_path (scripts/check_integrations_readme.py:108-114) correctly rejects path escapes via relative_to, and linked_repo_paths resolves links relative to the document and validates existence before accepting them. This is a CI-only doc checker with no untrusted input at runtime, so the surface is negligible.
• normalized_link_target (scripts/check_integrations_readme.py:127-138) properly skips external schemes (://, mailto:) and anchors, so it does not follow remote URLs — no SSRF risk in this tooling.

The doc content itself consistently states the pre-audit/not-production-ready boundary and avoids overclaiming readiness, which is the correct posture for an integrations entrypoint pointing at signing/EIP-712/ERC-1271 material.

Checksum/manifest churn (release-manifest.json, release-checksums.json, SHA256SUMS, bytecode-release-proof.json, risk-register.json) is consistent and self-referential as expected from regeneration; nothing here affects on-chain or signing behavior.

[6529bot]

6529bot general PR review - de5f291

Verdict: Good to merge

This is a documentation/tooling-only PR (new integrations entrypoint plus a checker/test pair). No Solidity or runtime code changes. The checker, tests, gate wiring, and regenerated artifacts are internally consistent and the path-escape guard plus link-existence checks are sensibly implemented.

Nice-to-have

• scripts/check_integrations_readme.py:233 — parse_args(argv or []) collapses a falsy-but-meaningful empty list the same as None, which is harmless here since both mean "no args," but main passes argv or [] again at the call site, so an explicit empty argv already works. No change needed; just noting the double or [] is redundant.
• REQUIRED_COMMANDS substring matching (scripts/check_integrations_readme.py:201) is order-insensitive and will pass even if commands appear outside the fenced code block. That's an acceptable tradeoff for a doc gate, but if you later want stricter guarantees, anchor on the ```sh block.
• The REQUIRED_PHRASES list (case-insensitive substring) means a phrase like production will always match inside not production-ready, so the standalone production / public beta entries are effectively redundant. Not a bug, just dead weight that's easy to misread as enforcing distinct content.

No correctness, security, or data-integrity issues found. The regenerated checksums in SHA256SUMS, release-checksums.json, release-manifest.json, bytecode-release-proof.json, and risk-register.json are consistent with the doc additions, and the release-manifest / release-manifest-check targets correctly added integrations-readme-check as a dependency.

[punk6529]

Autonomous merge decision for INT-001:

• CI is green on latest head 9bb27e3761746f3c524c7e0cf1c06956325a84fb:
  • Windows PowerShell wrapper: success
  • Foundry smoke: success
• CodeRabbit status is success. The CodeRabbit comment includes a rate-limit banner but no review threads or actionable findings; the command reply reports review finished.
• 6529bot security review reports no security findings.
• 6529bot general review verdict is "Good to merge" and lists only nice-to-have/non-blocking notes. I am accepting those as non-blocking because the checker is intentionally lightweight, tests cover the current behavior, and no correctness/security/data-integrity issue was identified.
• No unresolved review threads are present.

Proceeding with squash merge.