Merge branch 'master' into 7-bug-release-workflow-failed

Author: googleworkspace-bot

.gitattributes

@@ -4,6 +4,7 @@ testdata/cheats/Vm.sol linguist-generated
 # See <https://git-scm.com/docs/gitattributes#_defining_a_custom_hunk_header>
 *.rs diff=rust
 crates/lint/testdata/* text eol=lf
+crates/lint/testdata/*.stderr whitespace=-blank-at-eof
 testdata/fixtures/**/* eol=lf
 
 dprint.json linguist-language=JSON-with-Comments

.github/CODEOWNERS

@@ -1 +1 @@
-* @danipopes @mattsse @grandizzy @zerosnacks @0xrusowsky @mablr @figtracer @stevencartavia
+* @danipopes @mattsse @grandizzy @0xrusowsky @mablr @figtracer @stevencartavia

.github/scripts/tempo-check.sh

@@ -6,8 +6,8 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 
 # Non-verification tempo checks: local tests, fork tests, cast commands, DEX operations
 
-# Hardfork version, defaults to T3 (latest features)
-HARDFORK="${TEMPO_HARDFORK:-T3}"
+# Hardfork version, defaults to T5.
+HARDFORK="${TEMPO_HARDFORK:-T5}"
 
 # Fee token address, defaults to native fee token
 FEE_TOKEN="${TEMPO_FEE_TOKEN:-0x20c0000000000000000000000000000000000000}"
@@ -48,6 +48,12 @@ fund_and_wait() {
   done
 }
 
+wallet_json_field() {
+  local wallet_json="$1"
+  local field="$2"
+  jq -r --arg field "$field" '(.data // .)[0][$field]' <<<"$wallet_json"
+}
+
 echo -e "\n=== INIT TEMPO PROJECT ==="
 tmp_dir=$(mktemp -d)
 cd "$tmp_dir"
@@ -76,8 +82,8 @@ forge script ${FEE_TOKEN_ARG[@]+"${FEE_TOKEN_ARG[@]}"} script/Mail.s.sol --sig "
 
 echo -e "\n=== CREATE AND FUND ADDRESS ==="
 wallet_json="$(cast wallet new --json)"
-ADDR="$(jq -r '.[0].address' <<<"$wallet_json")"
-PK="$(jq -r '.[0].private_key' <<<"$wallet_json")"
+ADDR="$(wallet_json_field "$wallet_json" address)"
+PK="$(wallet_json_field "$wallet_json" private_key)"
 printf "address: %s\nprivate_key: %s\n" "$ADDR" "$PK"
 fund_and_wait "$ADDR"
 
@@ -158,8 +164,8 @@ cast send ${FEE_TOKEN_ARG[@]+"${FEE_TOKEN_ARG[@]}"} --rpc-url "$ETH_RPC_URL" 0x8
 echo -e "\n=== SETUP ACCESS KEY ==="
 # Create an access key for testing
 access_wallet_json="$(cast wallet new --json)"
-ACCESS_KEY="$(jq -r '.[0].private_key' <<<"$access_wallet_json")"
-ACCESS_KEY_ADDR="$(jq -r '.[0].address' <<<"$access_wallet_json")"
+ACCESS_KEY="$(wallet_json_field "$access_wallet_json" private_key)"
+ACCESS_KEY_ADDR="$(wallet_json_field "$access_wallet_json" address)"
 printf "Access key address: %s\n" "$ACCESS_KEY_ADDR"
 
 # Authorize the access key on-chain first (required for gas estimation)
@@ -198,8 +204,8 @@ cast send ${FEE_TOKEN_ARG[@]+"${FEE_TOKEN_ARG[@]}"} --rpc-url "$ETH_RPC_URL" 0x8
 
 echo -e "\n=== CAST KEYCHAIN: AUTHORIZE ==="
 kc_wallet_json="$(cast wallet new --json)"
-KC_KEY_PK="$(jq -r '.[0].private_key' <<<"$kc_wallet_json")"
-KC_KEY_ADDR="$(jq -r '.[0].address' <<<"$kc_wallet_json")"
+KC_KEY_PK="$(wallet_json_field "$kc_wallet_json" private_key)"
+KC_KEY_ADDR="$(wallet_json_field "$kc_wallet_json" address)"
 printf "Keychain key address: %s\n" "$KC_KEY_ADDR"
 
 cast keychain auth "$KC_KEY_ADDR" secp256k1 1893456000 \
@@ -212,11 +218,11 @@ echo "$KC_INFO" | grep -q "secp256k1"
 
 echo -e "\n=== CAST KEYCHAIN: KEY-INFO --json ==="
 KC_INFO_JSON=$(cast keychain info "$ADDR" "$KC_KEY_ADDR" --rpc-url "$ETH_RPC_URL" --json)
-echo "$KC_INFO_JSON" | jq -e '.signatureType == "secp256k1"'
+echo "$KC_INFO_JSON" | jq -e '.data.signatureType == "secp256k1"'
 
 echo -e "\n=== CAST KEYCHAIN: AUTHORIZE WITH LIMIT ==="
 kc_limited_json="$(cast wallet new --json)"
-KC_LIMITED_ADDR="$(jq -r '.[0].address' <<<"$kc_limited_json")"
+KC_LIMITED_ADDR="$(wallet_json_field "$kc_limited_json" address)"
 cast keychain auth "$KC_LIMITED_ADDR" secp256k1 1893456000 \
   --limit "$FEE_TOKEN:1000000000" \
   --rpc-url "$ETH_RPC_URL" --private-key "$PK" ${FEE_TOKEN_ARG[@]+"${FEE_TOKEN_ARG[@]}"}
@@ -272,8 +278,8 @@ echo "OK: duplicate authorize correctly rejected"
 if [[ "$HARDFORK" == "T3" ]]; then
   echo -e "\n=== CAST KEYCHAIN: AUTHORIZE WITH --scope (ADDRESS ONLY, UNRESTRICTED) ==="
   kc_scoped_json="$(cast wallet new --json)"
-  KC_SCOPED_PK="$(jq -r '.[0].private_key' <<<"$kc_scoped_json")"
-  KC_SCOPED_ADDR="$(jq -r '.[0].address' <<<"$kc_scoped_json")"
+  KC_SCOPED_PK="$(wallet_json_field "$kc_scoped_json" private_key)"
+  KC_SCOPED_ADDR="$(wallet_json_field "$kc_scoped_json" address)"
   cast keychain auth "$KC_SCOPED_ADDR" secp256k1 1893456000 \
     --scope 0x86A2EE8FAf9A840F7a2c64CA3d51209F9A02081D \
     --rpc-url "$ETH_RPC_URL" --private-key "$PK" ${FEE_TOKEN_ARG[@]+"${FEE_TOKEN_ARG[@]}"}
@@ -296,8 +302,8 @@ if [[ "$HARDFORK" == "T3" ]]; then
 
   echo -e "\n=== CAST KEYCHAIN: AUTHORIZE WITH --scope + SELECTORS ==="
   kc_sel_json="$(cast wallet new --json)"
-  KC_SEL_PK="$(jq -r '.[0].private_key' <<<"$kc_sel_json")"
-  KC_SEL_ADDR="$(jq -r '.[0].address' <<<"$kc_sel_json")"
+  KC_SEL_PK="$(wallet_json_field "$kc_sel_json" private_key)"
+  KC_SEL_ADDR="$(wallet_json_field "$kc_sel_json" address)"
   cast keychain auth "$KC_SEL_ADDR" secp256k1 1893456000 \
     --scope "$FEE_TOKEN:transfer,approve" \
     --rpc-url "$ETH_RPC_URL" --private-key "$PK" ${FEE_TOKEN_ARG[@]+"${FEE_TOKEN_ARG[@]}"}
@@ -313,15 +319,15 @@ if [[ "$HARDFORK" == "T3" ]]; then
 
   echo -e "\n=== CAST KEYCHAIN: AUTHORIZE WITH --scopes JSON ==="
   kc_json_json="$(cast wallet new --json)"
-  KC_JSON_ADDR="$(jq -r '.[0].address' <<<"$kc_json_json")"
+  KC_JSON_ADDR="$(wallet_json_field "$kc_json_json" address)"
   cast keychain auth "$KC_JSON_ADDR" secp256k1 1893456000 \
     --scopes "[{\"target\":\"$FEE_TOKEN\",\"selectors\":[\"transfer\"]},{\"target\":\"0x86A2EE8FAf9A840F7a2c64CA3d51209F9A02081D\"}]" \
     --rpc-url "$ETH_RPC_URL" --private-key "$PK" ${FEE_TOKEN_ARG[@]+"${FEE_TOKEN_ARG[@]}"}
   echo "OK: authorized key with --scopes JSON"
 
   echo -e "\n=== CAST KEYCHAIN: AUTHORIZE WITH MULTIPLE LIMITS ==="
   kc_multi_json="$(cast wallet new --json)"
-  KC_MULTI_ADDR="$(jq -r '.[0].address' <<<"$kc_multi_json")"
+  KC_MULTI_ADDR="$(wallet_json_field "$kc_multi_json" address)"
   cast keychain auth "$KC_MULTI_ADDR" secp256k1 1893456000 \
     --limit "$FEE_TOKEN:1000000" \
     --limit "0x20C0000000000000000000000000000000000001:2000000" \
@@ -336,8 +342,8 @@ if [[ "$HARDFORK" == "T3" ]]; then
 
   echo -e "\n=== CAST KEYCHAIN: AUTHORIZE WITH RAW HEX SELECTOR ==="
   kc_hex_json="$(cast wallet new --json)"
-  KC_HEX_PK="$(jq -r '.[0].private_key' <<<"$kc_hex_json")"
-  KC_HEX_ADDR="$(jq -r '.[0].address' <<<"$kc_hex_json")"
+  KC_HEX_PK="$(wallet_json_field "$kc_hex_json" private_key)"
+  KC_HEX_ADDR="$(wallet_json_field "$kc_hex_json" address)"
   # increment() selector = 0xd09de08a
   cast keychain auth "$KC_HEX_ADDR" secp256k1 1893456000 \
     --scope "0x86A2EE8FAf9A840F7a2c64CA3d51209F9A02081D:0xd09de08a" \
@@ -354,8 +360,8 @@ if [[ "$HARDFORK" == "T3" ]]; then
   echo -e "\n=== CAST KEYCHAIN: SET-SCOPE ==="
   # Create a new unrestricted key, then add scope restrictions via set-scope
   kc_ss_json="$(cast wallet new --json)"
-  KC_SS_PK="$(jq -r '.[0].private_key' <<<"$kc_ss_json")"
-  KC_SS_ADDR="$(jq -r '.[0].address' <<<"$kc_ss_json")"
+  KC_SS_PK="$(wallet_json_field "$kc_ss_json" private_key)"
+  KC_SS_ADDR="$(wallet_json_field "$kc_ss_json" address)"
   cast keychain auth "$KC_SS_ADDR" secp256k1 1893456000 \
     --rpc-url "$ETH_RPC_URL" --private-key "$PK" ${FEE_TOKEN_ARG[@]+"${FEE_TOKEN_ARG[@]}"}
 
@@ -403,8 +409,8 @@ if [[ "$HARDFORK" == "T3" ]]; then
 
   echo -e "\n=== CAST KEYCHAIN: AUTHORIZE WITH RECIPIENT RESTRICTION ==="
   kc_recip_json="$(cast wallet new --json)"
-  KC_RECIP_PK="$(jq -r '.[0].private_key' <<<"$kc_recip_json")"
-  KC_RECIP_ADDR="$(jq -r '.[0].address' <<<"$kc_recip_json")"
+  KC_RECIP_PK="$(wallet_json_field "$kc_recip_json" private_key)"
+  KC_RECIP_ADDR="$(wallet_json_field "$kc_recip_json" address)"
   # Only allow transfer to a specific recipient
   ALLOWED_RECIPIENT="0x4ef5DFf69C1514f4Dbf85aA4F9D95F804F64275F"
   cast keychain auth "$KC_RECIP_ADDR" secp256k1 1893456000 \
@@ -422,7 +428,7 @@ if [[ "$HARDFORK" == "T3" ]]; then
 
   echo -e "\n=== CAST KEYCHAIN: --scopes JSON WITH RECIPIENTS ==="
   kc_jsonr_json="$(cast wallet new --json)"
-  KC_JSONR_ADDR="$(jq -r '.[0].address' <<<"$kc_jsonr_json")"
+  KC_JSONR_ADDR="$(wallet_json_field "$kc_jsonr_json" address)"
   cast keychain auth "$KC_JSONR_ADDR" secp256k1 1893456000 \
     --scopes "[{\"target\":\"$FEE_TOKEN\",\"selectors\":[{\"selector\":\"transfer\",\"recipients\":[\"$ALLOWED_RECIPIENT\"]}]},{\"target\":\"0x86A2EE8FAf9A840F7a2c64CA3d51209F9A02081D\"}]" \
     --rpc-url "$ETH_RPC_URL" --private-key "$PK" ${FEE_TOKEN_ARG[@]+"${FEE_TOKEN_ARG[@]}"}
@@ -434,8 +440,8 @@ fi # end T3-only scope tests
 echo -e "\n=== SETUP SPONSOR ==="
 # Create a sponsor wallet for testing sponsored (gasless) transactions
 sponsor_wallet_json="$(cast wallet new --json)"
-SPONSOR_PK="$(jq -r '.[0].private_key' <<<"$sponsor_wallet_json")"
-SPONSOR_ADDR="$(jq -r '.[0].address' <<<"$sponsor_wallet_json")"
+SPONSOR_PK="$(wallet_json_field "$sponsor_wallet_json" private_key)"
+SPONSOR_ADDR="$(wallet_json_field "$sponsor_wallet_json" address)"
 printf "Sponsor address: %s\n" "$SPONSOR_ADDR"
 
 # Fund the sponsor address (sponsor pays gas)
@@ -802,8 +808,8 @@ echo -e "\n=== ANVIL FORK TESTS ==="
 # Use a fresh wallet for fork tests to avoid fee token exhaustion from prior devnet tests
 echo -e "\n=== ANVIL FORK: CREATE AND FUND FRESH WALLET ==="
 fork_wallet_json="$(cast wallet new --json)"
-FORK_ADDR="$(jq -r '.[0].address' <<<"$fork_wallet_json")"
-FORK_PK="$(jq -r '.[0].private_key' <<<"$fork_wallet_json")"
+FORK_ADDR="$(wallet_json_field "$fork_wallet_json" address)"
+FORK_PK="$(wallet_json_field "$fork_wallet_json" private_key)"
 printf "Fork test address: %s\n" "$FORK_ADDR"
 fund_and_wait "$FORK_ADDR"
 

.github/scripts/tempo-deploy.sh

@@ -24,6 +24,12 @@ fi
 
 echo -e "\n=== USING FEE TOKEN: $FEE_TOKEN ==="
 
+wallet_json_field() {
+  local wallet_json="$1"
+  local field="$2"
+  jq -r --arg field "$field" '(.data // .)[0][$field]' <<<"$wallet_json"
+}
+
 echo -e "\n=== INIT TEMPO PROJECT ==="
 tmp_dir=$(mktemp -d)
 cd "$tmp_dir"
@@ -38,8 +44,8 @@ if [[ -n "${PRIVATE_KEY:-}" ]]; then
 else
   echo -e "\n=== CREATE AND FUND ADDRESS ==="
   wallet_json="$(cast wallet new --json)"
-  ADDR="$(jq -r '.[0].address' <<<"$wallet_json")"
-  PK="$(jq -r '.[0].private_key' <<<"$wallet_json")"
+  ADDR="$(wallet_json_field "$wallet_json" address)"
+  PK="$(wallet_json_field "$wallet_json" private_key)"
 
   for i in {1..100}; do
     OUT=$(cast rpc tempo_fundAddress "$ADDR" --rpc-url "$ETH_RPC_URL" 2>&1 || true)

.github/scripts/tempo-wallet.sh

@@ -44,10 +44,16 @@ fund_and_wait() {
   done
 }
 
+wallet_json_field() {
+  local wallet_json="$1"
+  local field="$2"
+  jq -r --arg field "$field" '(.data // .)[0][$field]' <<<"$wallet_json"
+}
+
 echo -e "\n=== CREATE DIRECT-MODE WALLET ==="
 wallet_json="$(cast wallet new --json)"
-WALLET_ADDR="$(jq -r '.[0].address' <<<"$wallet_json")"
-WALLET_PK="$(jq -r '.[0].private_key' <<<"$wallet_json")"
+WALLET_ADDR="$(wallet_json_field "$wallet_json" address)"
+WALLET_PK="$(wallet_json_field "$wallet_json" private_key)"
 printf "address: %s\n" "$WALLET_ADDR"
 
 echo -e "\n=== WRITE keys.toml ==="

.github/workflows/ci-mpp.yml

@@ -41,7 +41,7 @@ jobs:
       # Build and install binaries
       - name: Build and install Foundry binaries
         run: |
-          cargo build --profile dev --locked -p forge -p cast -p anvil -p chisel
+          cargo build --profile dev --locked --bin forge --bin cast --bin anvil --bin chisel
           echo "${{ github.workspace }}/target/debug" >> "$GITHUB_PATH"
 
       - name: Run MPP e2e test

.github/workflows/ci-tempo.yml

@@ -43,7 +43,7 @@ jobs:
     if: |
       github.event_name != 'pull_request' ||
       github.event.pull_request.head.repo.full_name == github.repository
-    runs-on: depot-ubuntu-latest
+    runs-on: depot-ubuntu-latest-16
     timeout-minutes: 60
     permissions:
       contents: read
@@ -62,7 +62,7 @@ jobs:
       # Build and install binaries
       - name: Build and install Foundry binaries
         run: |
-          cargo build --profile dev --locked -p forge -p cast -p anvil -p chisel
+          cargo build --profile dev --locked --bin forge --bin cast --bin anvil --bin chisel
           echo "${{ github.workspace }}/target/debug" >> "$GITHUB_PATH"
 
       - name: Check Tempo fork schedule compatibility

CONTRIBUTING.md

@@ -135,6 +135,17 @@ If you would like to test the binaries built from your change, see [foundryup](h
 
 If you would like to use a debugger with breakpoints to debug a patch you might be working on, keep in mind we currently strip debug info for faster builds, which is _not_ the default. Therefore, to use a debugger, you need to enable it on the workspace [`Cargo.toml`'s `dev` profile](https://github.com/foundry-rs/foundry/tree/HEAD/Cargo.toml#L15-L18).
 
+#### Output channels (stdout vs. stderr)
+
+Foundry CLIs follow a strict output-channel contract: **stdout is the command's
+machine-readable result; stderr is everything else** (warnings, errors,
+progress, status prose, prompts). When adding or modifying user-facing output,
+read [`docs/dev/output-channels.md`](docs/dev/output-channels.md) and use the
+`sh_*` macros from `foundry_common::io` (`sh_println!`, `sh_status!`,
+`sh_progress!`, `sh_warn!`, `sh_err!`). A workspace-wide clippy
+`disallowed-macros` lint (see [`clippy.toml`](clippy.toml)) forbids
+`std::print*` and `std::eprint*`; use the `sh_*` macros instead.
+
 #### Adding tests
 
 If the change being proposed alters code, it is either adding new functionality to Foundry, or fixing existing, broken functionality.