[codex] Add metadata rendering integration guide

[punk6529]

Summary

• Adds docs/integrations/metadata-rendering.md as the INT-006 metadata rendering, cache, animation sandbox, and marketplace integration guide.
• Adds scripts/check_metadata_rendering.py and scripts/test_metadata_rendering.py, then wires the new guide into CI, make check, Bash/PowerShell wrappers, integration docs, release-readiness docs, release-artifact docs, changelog, backlog, and autonomous run state.
• Adds the guide to the release manifest governance-doc set and refreshes generated risk-register, release-manifest, bytecode-proof, and checksum artifacts.

Closes #400.

Validation

• python -m py_compile scripts\check_metadata_rendering.py scripts\test_metadata_rendering.py scripts\check_integrations_readme.py scripts\test_integrations_readme.py scripts\check_release_readiness.py scripts\test_release_readiness.py scripts\generate_release_manifest.py scripts\test_release_manifest.py
• python scripts\test_metadata_rendering.py
• python scripts\check_metadata_rendering.py
• python scripts\test_metadata_fixtures.py
• python scripts\check_metadata_fixtures.py
• python scripts\test_metadata_browser_sandbox.py
• python scripts\check_metadata_browser_sandbox.py
• python scripts\test_rehearsal_metadata_browser_sandbox.py
• python scripts\check_rehearsal_metadata_browser_sandbox.py
• python scripts\test_integrations_readme.py
• python scripts\check_integrations_readme.py
• python scripts\test_release_readiness.py
• python scripts\check_release_readiness.py
• python scripts\test_release_manifest.py
• python scripts\generate_release_manifest.py --check
• python scripts\test_bytecode_release_proof.py
• python scripts\generate_bytecode_release_proof.py --check
• python scripts\test_release_checksums.py
• python scripts\generate_release_checksums.py --check
• python scripts\test_changelog_check.py
• python scripts\check_changelog.py
• make metadata-rendering-check
• bash -n scripts/check.sh
• PowerShell parser check for scripts\check.ps1
• git diff --check
• make check
• powershell -ExecutionPolicy Bypass -File scripts\check.ps1

[punk6529]

@coderabbitai review

[coderabbitai]

Warning

Review limit reached

@punk6529, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 1 hour, 30 minutes, and 13 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 738eb5c7-41f1-40f9-8a70-20fd7af81da7

📥 Commits

Reviewing files that changed from the base of the PR and between 767390e and 75f0141.

📒 Files selected for processing (24)

• .github/workflows/ci.yml
• CHANGELOG.md
• Makefile
• docs/integrations/README.md
• docs/integrations/metadata-rendering.md
• docs/release-readiness.md
• ops/AUTONOMOUS_RUN.md
• ops/EXECUTION_BACKLOG.md
• release-artifacts/README.md
• release-artifacts/latest/SHA256SUMS
• release-artifacts/latest/bytecode-release-proof.json
• release-artifacts/latest/release-checksums.json
• release-artifacts/latest/release-manifest.json
• release-artifacts/latest/risk-register.json
• scripts/check.ps1
• scripts/check.sh
• scripts/check_integrations_readme.py
• scripts/check_metadata_rendering.py
• scripts/check_release_readiness.py
• scripts/generate_release_manifest.py
• scripts/test_integrations_readme.py
• scripts/test_metadata_rendering.py
• scripts/test_release_manifest.py
• scripts/test_release_readiness.py

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/metadata-rendering-cache-guide

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[6529bot]

6529bot general PR review - b356bfb

Verdict: Good to merge

This is a documentation-only PR (new integration guide plus the corresponding checker/test pair, gate wiring, and regenerated release artifacts). I reviewed the new Python checker, the doc, and the manifest/checksum regeneration for correctness and consistency.

Observations (no blocking findings)

• scripts/check_metadata_rendering.py:225 linked_repo_paths raises on the first label/path mismatch but only aggregates missing targets. That asymmetry is pre-existing style across the sibling checkers and is acceptable here.
• normalize_repo_path (scripts/check_metadata_rendering.py:108) correctly rejects path escapes via relative_to, and linked_repo_paths resolves relative links against the document parent before existence checks — good defensive handling for untrusted-link drift.
• Required-link/command/heading/phrase lists in the checker match the committed docs/integrations/metadata-rendering.md content, and test_metadata_rendering.py:test_accepts_committed_doc exercises the real doc, so drift in the doc will fail CI.
• Manifest/checksum regeneration is internally consistent: release-manifest.json size/hash, bytecode-release-proof.json source hash, release-checksums.json, and SHA256SUMS all move together for release-manifest.json (95261→95458) and risk-register.json. The new doc entry is added to the manifest doc list.
• Gate wiring (Makefile .PHONY + check/release-manifest/release-manifest-check, ci.yml syntax-check list and run step, check.sh/check.ps1) consistently adds the new test/check pair in the same ordering as the existing INT-005 entries.

Nice-to-have

• docs/integrations/README.md:136 is a single long unwrapped line while the surrounding INT-00x bullets are wrapped (README.md:128-135). Minor consistency nit; not worth blocking.
• The guide references several contracts/tests (e.g. smart-contracts/StreamMetadataRenderer.sol, test/StreamMetadataEvents.t.sol) as required link targets. The checker enforces these files exist at review time, but nothing keeps the described behavior (e.g. "no mint-only ERC-4906", collectionBaseURI raw concatenation) in sync with the contracts if they later change. That's an accepted limitation of doc-only gating, consistent with prior INT guides.

No correctness, security, data-integrity, or error-handling regressions found in the changed code.

[6529bot]

6529bot crypto security analysis - b356bfb

Verdict: No security findings.

This PR is documentation-only: a new metadata-rendering integration guide, a Markdown checker/test pair, Makefile/CI/shell wiring, and regenerated release-artifact checksums. No contract, wallet, auth, signature, or token-handling code is changed.

Notes on the security-relevant content I did review:

• The new docs/integrations/metadata-rendering.md guidance on animation_url handling is sound: it treats artist/dependency HTML as untrusted, recommends iframe sandbox="allow-scripts", parent-document isolation, rejection of unexpected outbound HTTP(S), and explicit Electron/private-key/IPC boundaries. No misleading claims that could induce unsafe integration.
• The ERC-4906 cache-invalidation guidance (subscribe to MetadataUpdate/BatchMetadataUpdate/CollectionFrozen/TokenBurned/transfer-to-zero; no mint-only or burn ERC-4906 emission) is consistent with the documented contract behavior and does not assert correctness it cannot prove.
• scripts/check_metadata_rendering.py runs only against committed docs. normalize_repo_path resolves and rejects path escapes outside the repo root (relative_to guard at line ~150), and link/heading/phrase checks are read-only with no shell execution or untrusted input. No injection or path-traversal exposure.
• Release-manifest, checksum, and risk-register hash updates are internally consistent across SHA256SUMS, bytecode-release-proof.json, release-checksums.json, and release-manifest.json (release-manifest sha 92c2…1869, size 95458 matches in all four files).

No realistic exploit path in the changed code.

[6529bot]

6529bot follow-up commit review - 5694d88

Verdict: No new findings

This follow-up commit set is consistent with the prior general/security reviews at head b356bfbe. The diff is unchanged in substance: same documentation-only INT-006 guide, checker/test pair, gate wiring, and regenerated release artifacts. I re-verified the items most likely to regress in a follow-up:

• Manifest/checksum/proof regeneration remains internally consistent across all four files: release-manifest.json (92c2…1869, 95458 bytes) matches in bytecode-release-proof.json, release-checksums.json, and SHA256SUMS; risk-register.json (97c0…6e3a) and CHANGELOG.md (3dfe…4a49, 31155) move together.
• The new manifest doc entry docs/integrations/metadata-rendering.md (c869…ee13, 20136) is present, and generate_release_manifest.py includes the path.
• check_metadata_rendering.py required link/command/phrase/heading lists match the committed doc, and test_metadata_rendering.py:test_accepts_committed_doc exercises the real doc, so CI catches drift.

No correctness, security, accessibility, i18n, or data-integrity regressions found in the newest commit set. The prior nice-to-have nits (unwrapped README.md:136, doc-vs-contract behavior drift) still stand but were already raised and are not blocking.