Generate deployment manifests

[punk6529]

Summary

Closes #95.

This PR adds deterministic deployment-manifest generation for the local Gate E/G Anvil baseline:

• adds scripts/generate_deployment_manifest.py to generate deployment manifests from committed inputs
• adds deployments/config/anvil-6529stream-v0.1.0-001.json as the source input for the generated local example
• fills contract ABI hashes and runtime bytecode hashes from release-artifacts/latest/abi-checksums.json
• writes deterministic release_artifacts.manifest_sha256 by hashing canonical manifest JSON with that checksum field normalized to sha256: plus 64 zeroes
• adds focused generator tests for hash injection, checksum behavior, drift detection, and contract-set validation
• wires deployment-manifest drift checks into make check, Linux/Windows wrappers, and CI
• updates README, deployment/tooling/status docs, roadmap, and autonomous run state

Validation

• python scripts\test_deployment_manifest.py
• python scripts\generate_deployment_manifest.py --check
• python scripts\test_release_artifacts.py
• python scripts\generate_release_artifacts.py --check
• python -m py_compile scripts\generate_release_artifacts.py scripts\test_release_artifacts.py scripts\generate_deployment_manifest.py scripts\test_deployment_manifest.py
• JSON parsing for deployment manifest config, generated example, and schema
• bash -n scripts/check.sh
• PowerShell parser validation for scripts\check.ps1
• make check
• powershell -ExecutionPolicy Bypass -File scripts\check.ps1
• git diff --check

Notes

This remains a local Anvil manifest baseline. Fork/testnet broadcast parsing, verified live bytecode replacement, signed checksum files, address books, and production deployment manifests remain follow-up Gate E/G work.

Summary by CodeRabbit

Release Notes

• New Features

  • Introduced deterministic deployment manifest generation and validation system ensuring consistency between deployment configurations and release artifacts
  • Automated manifest verification to detect configuration drift

• Chores

  • Enhanced CI/CD workflows with deployment manifest verification checks
  • Updated documentation with deployment manifest generation procedures and usage guidelines

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

_{Tip: disable this comment in your organization's Code Review settings.}

[punk6529]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[punk6529]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Walkthrough

This PR implements a deterministic deployment manifest generator that reads committed config inputs and release artifacts, validates contract sets, populates ABI/runtime hashes, computes a deterministic checksum, and detects drift via --check mode. Integration into CI, Make, and check scripts enables automated manifest validation as part of the release gate.

Changes

Deployment Manifest Generator and Validation

Layer / File(s)	Summary
Manifest generator utilities and checksum infrastructure scripts/generate_deployment_manifest.py (lines 1–91)	Module introduces ManifestError, JSON utilities (load_json, write_json), deterministic canonicalization (canonical_json_bytes), SHA-256 helpers, schema validators (require_string/dict/list), and checksum normalization to prevent self-referential hashing of the checksum field itself.
Release artifact loading and contract set validation scripts/generate_deployment_manifest.py (lines 93–178)	Generator loads ABI and runtime bytecode hashes from abi-checksums.json, validates the configured contract set (no duplicates, all contracts have matching hashes), and assembles per-contract manifest entries with address, constructor args, verification status, and injected hashes.
Manifest construction and deterministic checksum computation scripts/generate_deployment_manifest.py (lines 180–302)	Assembles full manifest from config and release artifacts, validates schema version, populates protocol/deployment/lifecycle/network/git/toolchain fields, computes release_artifacts.manifest_sha256 deterministically by normalizing the checksum field to zero before hashing, and provides generate_manifest and check_manifest flows with CLI wiring.
Deployment manifest test suite scripts/test_deployment_manifest.py	Test module synthesizes deterministic release artifacts and manifest configs, validates generator fills hashes and checksums, detects drift when generated manifest is mutated (returns exit code 1 on difference), and verifies contract set validation rejects unknown contracts.
Manifest config input and generated example deployments/config/anvil-6529stream-v0.1.0-001.json (159 lines), deployments/examples/anvil-6529stream-v0.1.0-001.json	Input config specifies deployment metadata, network (anvil, chain 31337), Foundry toolchain (v1.7.1, Solidity 0.8.19), contract addresses and constructor arguments, admin ceremony roles, external dependencies, and release artifact reference. Generated example contains the same structure with populated ABI/runtime hashes and computed SHA-256 checksum; formatting updated for multi-line arrays.
Check script and Makefile integration .github/workflows/ci.yml, Makefile, scripts/check.sh, scripts/check.ps1	CI "Repository hygiene" step extended to compile new Python scripts. Makefile adds .PHONY targets deployment-manifests and deployment-manifest-check; check target now depends on deployment-manifest-check. Check scripts invoke test_deployment_manifest.py and generate_deployment_manifest.py --check.
User and developer documentation README.md, deployments/README.md, docs/deployment.md, docs/status.md, docs/tooling.md	Documentation explains manifest generation from committed config inputs, checksum determinism via normalized field hashing, ABI/runtime bytecode hash population from release artifacts, drift detection via --check mode, and local Anvil example validation. Updated smoke-check and release-artifact regeneration sequences include manifest steps.
Roadmap and autonomous run tracking ops/AUTONOMOUS_RUN.md, ops/ROADMAP.md	Autonomous run state reflects Queue Item 49 (deployment manifest generator) as active following PR #94 merge. Roadmap documents P1-DEPLOY-003 as deployment manifest generation and checking from committed inputs, Gate E updated to require local manifest generation before public beta, and test matrix updated to include manifest schema/parsing and checksum drift coverage.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related issues

• 6529-Collections/6529Stream#95: This PR directly implements the acceptance criteria for P1-DEPLOY-003, adding deterministic manifest generation from committed config inputs, ABI/runtime hash injection, checksum computation, drift detection, and documentation.

Possibly related PRs

• 6529-Collections/6529Stream#4: Establishes reproducible Foundry baseline and CI/check workflow plumbing that this PR extends with deployment-manifest validation.
• 6529-Collections/6529Stream#5: Adds "Repository hygiene" Python syntax-check step in CI that this PR extends to compile the new manifest generator and test modules.
• 6529-Collections/6529Stream#92: Introduces deployment-manifest schema, example, and test setup for Gate E rehearsal that this PR builds upon with automated generation and drift checking.

Poem

🐰 A manifest spawns from config so neat,
With hashes injected and checksums complete,
No drift shall pass through the --check gate,
Determinism blooms at release date! 🎉

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Generate deployment manifests' directly and clearly summarizes the main change: adding deployment manifest generation functionality via the new script and committed config.
Linked Issues check	✅ Passed	The PR successfully implements all core requirements from issue #95: deterministic manifest generator, committed config input, ABI/runtime hash population, checksum insertion, --check mode, drift detection wiring, and documentation updates.
Out of Scope Changes check	✅ Passed	All changes are directly within scope of issue #95: manifest generation infrastructure, documentation, CI integration, and roadmap updates. Follow-up work (fork/testnet/prod manifests) is appropriately deferred.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/deployment-manifest-generator

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}