From 6311d46e86afacd0e0cfe47e4cb3d3739434be0b Mon Sep 17 00:00:00 2001 From: Warisu Date: Fri, 26 Jun 2026 12:14:08 +0100 Subject: [PATCH 1/3] ci(workflow): build nightly cargo-deny, cargo-audit, and mutants pipelines (#650) --- .github/workflows/nightly-security-audit.yml | 76 ++++++++++++++++++++ deny.toml | 14 ++++ project_modern_ui_ux_gpt3 | 1 + 3 files changed, 91 insertions(+) create mode 100644 .github/workflows/nightly-security-audit.yml create mode 160000 project_modern_ui_ux_gpt3 diff --git a/.github/workflows/nightly-security-audit.yml b/.github/workflows/nightly-security-audit.yml new file mode 100644 index 00000000..53814fdd --- /dev/null +++ b/.github/workflows/nightly-security-audit.yml @@ -0,0 +1,76 @@ +name: Nightly Security & Mutation Audit + +on: + schedule: + # Triggers every single night at 02:00 UTC + - cron: '0 2 * * *' + workflow_dispatch: # Allows manual trigger for verification + +permissions: + contents: write + +jobs: + audit: + name: Run Security and Mutation Suite + runs-on: ubuntu-latest + + steps: + - name: Checkout Code Repository + uses: actions/checkout@v4 + + - name: Install Rust Toolchain (Nightly) + uses: dtolnay/rust-toolchain@nightly + + - name: Cache Cargo Dependencies + uses: actions/cache@v4 + with: + path: | + ~/.cargo/bin/ + ~/.cargo/registry/index/ + ~/.cargo/registry/cache/ + ~/.cargo/git/db/ + target/ + key: ${{ runner.os }}-cargo-nightly-${{ hashFiles('**/Cargo.lock') }} + + - name: Install Utility Tooling Engines + run: | + cargo install cargo-deny --locked || true + cargo install cargo-audit --locked || true + cargo install cargo-mutants --locked || true + + - name: Initialize or Clear Audit Log File + run: | + echo "# 🛡️ Automated Security & Mutation Audit Log" > AUDIT_LOG.md + echo "Generated on: $(date -u)" >> AUDIT_LOG.md + echo "---" >> AUDIT_LOG.md + + - name: Execute Cargo Deny Checks + run: | + echo "## 📦 Dependency License & Advisory Checks (cargo-deny)" >> AUDIT_LOG.md + echo "\`\`\`text" >> AUDIT_LOG.md + cargo deny check licenses bans sources 2>&1 >> AUDIT_LOG.md || echo "cargo-deny failed or flagged warnings" >> AUDIT_LOG.md + echo "\`\`\`" >> AUDIT_LOG.md + echo "---" >> AUDIT_LOG.md + + - name: Execute Cargo Audit Sweeps + run: | + echo "## 🔍 Vulnerability Advisory Scans (cargo-audit)" >> AUDIT_LOG.md + echo "\`\`\`text" >> AUDIT_LOG.md + cargo audit 2>&1 >> AUDIT_LOG.md || echo "cargo-audit detected critical vulnerability markers" >> AUDIT_LOG.md + echo "\`\`\`" >> AUDIT_LOG.md + echo "---" >> AUDIT_LOG.md + + - name: Execute Cargo Mutants Quality Runs + run: | + echo "## 🧬 Mutation Testing Resilience Analytics (cargo-mutants)" >> AUDIT_LOG.md + echo "\`\`\`text" >> AUDIT_LOG.md + cargo mutants --all-features 2>&1 >> AUDIT_LOG.md || echo "cargo-mutants flagged missed mutant structures" >> AUDIT_LOG.md + echo "\`\`\`" >> AUDIT_LOG.md + + - name: Commit and Push Security Results to Repo + run: | + git config --global user.name "github-actions[bot]" + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git add AUDIT_LOG.md + git diff-index --quiet HEAD || git commit -m "chore(ci): update nightly AUDIT_LOG.md validation tracking profiles [skip ci]" + git push origin HEAD:${{ github.ref }} \ No newline at end of file diff --git a/deny.toml b/deny.toml index 2c09b63b..0c0409a6 100644 --- a/deny.toml +++ b/deny.toml @@ -14,3 +14,17 @@ unknown-git = "warn" allow-registry = ["https://github.com/rust-lang/crates.io-index"] allow-git = [] +[licenses] +unlicensed = "deny" +allow = [ + "MIT", + "Apache-2.0", + "BSD-3-Clause", +] + +[bans] +multiple-versions = "warn" + +[sources] +unknown-registry = "deny" +unknown-git = "deny" \ No newline at end of file diff --git a/project_modern_ui_ux_gpt3 b/project_modern_ui_ux_gpt3 new file mode 160000 index 00000000..a201ed1b --- /dev/null +++ b/project_modern_ui_ux_gpt3 @@ -0,0 +1 @@ +Subproject commit a201ed1b248d94cc22110591b7f4ef61c456f0c8 From 02560f686bf4c37b8ef5650b64b00f6392ea5777 Mon Sep 17 00:00:00 2001 From: Warisu Date: Fri, 26 Jun 2026 12:22:04 +0100 Subject: [PATCH 2/3] ci(workflow): restore fundamental smoke verification pipeline on all PRs (#651) --- .github/workflows/smoke-ci.yml | 46 ++++++++++++++++++++++++++++++++++ cv-project | 1 + 2 files changed, 47 insertions(+) create mode 100644 .github/workflows/smoke-ci.yml create mode 160000 cv-project diff --git a/.github/workflows/smoke-ci.yml b/.github/workflows/smoke-ci.yml new file mode 100644 index 00000000..4010891e --- /dev/null +++ b/.github/workflows/smoke-ci.yml @@ -0,0 +1,46 @@ +name: Smoke CI Gate + +on: + push: + branches: [ main, master, develop ] + pull_request: + branches: [ main, master, develop ] + +permissions: + contents: read + +jobs: + smoke-test: + name: Code Quality & Testing Suite + runs-on: ubuntu-latest + + steps: + - name: Checkout Code Repository + uses: actions/checkout@v4 + + - name: Install Stable Rust Toolchain + uses: dtolnay/rust-toolchain@stable + with: + components: rustfmt, clippy + + - name: Cache Cargo Build Artifacts + uses: actions/cache@v4 + with: + path: | + ~/.cargo/bin/ + ~/.cargo/registry/index/ + ~/.cargo/registry/cache/ + ~/.cargo/git/db/ + target/ + key: ${{ runner.os }}-cargo-smoke-${{ hashFiles('**/Cargo.lock') }} + restore-keys: | + ${{ runner.os }}-cargo-smoke- + + - name: Check Code Formatting Style (fmt) + run: cargo fmt --check + + - name: Execute Static Analysis Compiler Lints (clippy) + run: cargo clippy --all-targets --all-features -- -D warnings + + - name: Run Core Verification Tests (test) + run: cargo test --all-features --workspace \ No newline at end of file diff --git a/cv-project b/cv-project new file mode 160000 index 00000000..a3e7ec5d --- /dev/null +++ b/cv-project @@ -0,0 +1 @@ +Subproject commit a3e7ec5d44e489119381ac12aeedaea7ad084e4c From babc4a85e63b8b179c884f05f805c0b854f5e0b1 Mon Sep 17 00:00:00 2001 From: Warisu Date: Fri, 26 Jun 2026 12:29:58 +0100 Subject: [PATCH 3/3] ci(workflow): restore fundamental smoke verification pipeline on all PRS --- scripts/playground.sh | 75 ++++++++++++++++++++++++++++++++++++++----- 1 file changed, 67 insertions(+), 8 deletions(-) diff --git a/scripts/playground.sh b/scripts/playground.sh index ee3ea75c..7cc9c517 100755 --- a/scripts/playground.sh +++ b/scripts/playground.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -# PropChain Contract Interaction Playground +# PropChain Contract Interaction Playground & Scenario Generator # # Interactive CLI for exercising the most common contract calls against a # deployed PropChain stack (property registration, escrow, staking, @@ -11,7 +11,10 @@ # scripts/deploy.sh (deployments//.json), so run # deploy.sh first (or pass an address manually when prompted). # -# Addresses issue #517. +# Automatically captures trace outputs to compile self-contained scenario +# scripts compatible with the IDE playground (docs/playground.html). +# +# Addresses issue #517 and issue #652. set -euo pipefail @@ -63,6 +66,8 @@ declare -A DEFAULT_ACCOUNTS=( SURI="${SURI:-${DEFAULT_ACCOUNTS[$NETWORK]:-}}" DEPLOYMENTS_DIR="$WORKSPACE_ROOT/deployments/$NETWORK" +OUTPUT_SCENARIO="$WORKSPACE_ROOT/docs/playground_scenario.json" +INTERACTION_LOG_TMP="/tmp/propchain_playground_session.log" # Menu option -> contract directory under contracts/ declare -A CONTRACT_DIR=( @@ -73,6 +78,10 @@ declare -A CONTRACT_DIR=( [5]="insurance" ) +# Initialize/clear temp telemetry buffer for scenario tracking +mkdir -p "$(dirname "$OUTPUT_SCENARIO")" +: > "$INTERACTION_LOG_TMP" + # --------------------------------------------------------------------------- # Usage # --------------------------------------------------------------------------- @@ -246,12 +255,53 @@ show_addresses() { local f="$DEPLOYMENTS_DIR/$dir.json" if [[ -f "$f" ]]; then echo " $dir: $(jq -r '.address' "$f")" - else + | else echo " $dir: (not deployed on $NETWORK)" fi done } +# --------------------------------------------------------------------------- +# Scenario Script Generator Pipeline (#652) +# --------------------------------------------------------------------------- +generate_playground_scenario() { + section "Compiling Playground Scenario Metadata File" + + if [ ! -s "$INTERACTION_LOG_TMP" ]; then + log_warning "No runtime interaction traces were captured during this playground session. Skipping scenario export." + return 0 + fi + + log_info "Extracting trace execution matrices..." + + # Isolate cross-contract invocations and event elements + local contract_calls + local emitted_events + contract_calls=$(grep -E "invoking|called contract|Calling" "$INTERACTION_LOG_TMP" || echo "[]") + emitted_events=$(grep -E "event|emitted|Event" "$INTERACTION_LOG_TMP" || echo "[]") + + log_info "Writing playground configuration to: $OUTPUT_SCENARIO" + + cat << EOF > "$OUTPUT_SCENARIO" +{ + "meta": { + "generator": "scripts/playground.sh", + "timestamp": "$(date -u)", + "targetEnvironment": "PropChain Interactive Engine Stack" + }, + "scenarioState": { + "network": "$NETWORK", + "signingUri": "$SURI", + "capturedTraces": { + "calls": $(echo "$contract_calls" | jq -R -s -c 'split("\n") | map(select(length > 0))' || echo "[]"), + "events": $(echo "$emitted_events" | jq -R -s -c 'split("\n") | map(select(length > 0))' || echo "[]") + } + } +} +EOF + log_success "Scenario generation complete. Compatible with docs/playground.html." +} + # --------------------------------------------------------------------------- # Contract call runner # --------------------------------------------------------------------------- @@ -274,16 +324,19 @@ run_call() { cargo contract call \ --contract "$address" \ --message "$message" \ - "${args[@]}" \ --url "${NETWORKS[$NETWORK]}" \ --suri "$SURI" \ --execute \ - --skip-confirm 2>&1 + --skip-confirm \ + "${args[@]}" 2>&1 ) local status=$? set -e echo "$output" + # Append to runtime trace log for downstream #652 generation logic + echo "--- Call Step: $message on $contract_dir ($address) ---" >> "$INTERACTION_LOG_TMP" + echo "$output" >> "$INTERACTION_LOG_TMP" if [[ $status -ne 0 ]]; then log_error "Call to $message failed (exit code $status). See output above for details." @@ -423,7 +476,7 @@ main() { echo " 4) Vote on Proposal" echo " 5) Create Insurance Policy" echo " 6) Show resolved contract addresses" - echo " 0) Exit" + echo " 0) Exit & Export Scenario" echo local choice read -r -p "Select an option: " choice @@ -435,10 +488,16 @@ main() { 4) action_vote_on_proposal ;; 5) action_create_insurance_policy ;; 6) show_addresses ;; - 0) log_info "Bye!"; exit 0 ;; + 0) + log_info "Terminating session loop..." + generate_playground_scenario + rm -f "$INTERACTION_LOG_TMP" + log_info "Bye!" + exit 0 + ;; *) log_warning "Unknown option: $choice" ;; esac done } -main "$@" +main "$@" \ No newline at end of file