feat(common): add QA-facing upgrade report

[Eikix]

Summary

• extract the upgrade version check into a shared helper without changing the existing CI entrypoint
• add a small ci/list-upgrades.ts command that prints which upgradeable contracts changed, their reinitializer signature, and whether upgrade args/defaults need attention
• keep a tiny maintained hints file for rollout notes that cannot be inferred mechanically

Why

QA and release still have to reconstruct the existing CI plumbing by hand to answer a simple question: which contracts need upgrades for a given release delta, and do any of them need extra attention.

This keeps the existing checker as the source of truth and adds one human-facing wrapper on top.

Validation

• A/B checked old vs new ci/check-upgrade-versions.ts locally on identical prepared inputs for both host-contracts and gateway-contracts; outputs matched exactly
• ran:
  • bun ci/list-upgrades.ts --from v0.11.1 --to elias/prepare-upgrade-fhevm-executor --package host-contracts
  • bun ci/list-upgrades.ts --from v0.11.1 --to elias/prepare-upgrade-fhevm-executor --package gateway-contracts

[Eikix]

@claude /pr-review

[claude]

Claude finished @Eikix's request. — View run

[claude]

[AUTOMATED]

Code Review

Summary

This PR cleanly extracts the core upgrade-version-check logic from ci/check-upgrade-versions.ts into a reusable library (ci/upgrade-version-check-lib.ts), and adds a new QA-facing ci/list-upgrades.ts CLI tool on top of it. A small upgrade-report-hints.ts data file is added for rollout notes that can't be inferred mechanically.

Files Reviewed

File	Assessment
.github/workflows/contracts-upgrade-version-check.yml	✅ Correctly adds the new lib to the path filter for both packages
ci/check-upgrade-versions.ts	✅ Clean refactor — delegates to the shared library while preserving all CI behavior
ci/upgrade-version-check-lib.ts	✅ Well-structured extraction; logic faithfully preserves all original checks
ci/list-upgrades.ts	✅ Clean CLI tool with proper arg parsing, worktree management, and cleanup
ci/upgrade-report-hints.ts	✅ Simple, typed data file

Review Results

Checked for: bugs, security issues, error handling, and architectural consistency.

No blocking issues found. The refactoring is behavior-preserving and well-structured. Specific observations:

1. Logic preservation — I traced through the old inline logic vs. the new collectUpgradeVersionResults library and confirmed that all error conditions (missing baseline, missing target, parse failures, compilation failures, version/bytecode mismatch checks, reinitializer function naming) are correctly preserved.

2. The reinitializeV{N-1} convention — The -1 offset in the expected function name (REINITIALIZER_VERSION=N → reinitializeV{N-1}) is preserved from the original code and is the project's existing naming convention.

3. Worktree cleanup — The finally block in list-upgrades.ts correctly removes the temp directory first (rmSync), then prunes stale worktree bookkeeping (git worktree prune). The empty catch {} around prune is acceptable since it's best-effort cleanup.

4. Typed interfaces — Good use of ContractCheckResult, ReinitializerInfo, and ContractVersions interfaces to make the library's contract explicit and self-documenting.

Nit: The getReinitializer regex expects the visibility modifier (public|external|internal|private) immediately after the closing parenthesis. If a Solidity function has other modifiers (e.g., reinitializer(N)) between the params and visibility, the regex won't match. This mirrors the old code's approach so it's not a regression, but worth noting for future hardening.

No issues found. LGTM ✅

[claude]

The review has been posted. Here's a summary of the review:

Review Complete ✅

PR #2157: feat(common): add QA-facing upgrade report

I ran 4 specialized review agents in parallel (2× Bug Hunter on opus, Error Handling Auditor, and Guideline Compliance on sonnet) to thoroughly analyze the 5 changed files (379 additions, 114 deletions).

Findings

• No blocking issues found
• The refactoring cleanly extracts logic into upgrade-version-check-lib.ts while preserving all original CI behavior
• One potential concern about reinitializer function naming (reinitializeV{N-1}) was validated as the existing project convention preserved from the original code
• Error handling patterns are consistent with the pre-existing codebase
• One minor nit noted about the getReinitializer regex's sensitivity to Solidity modifier ordering (non-blocking, not a regression)

Review comment posted: #2157 (comment)

[Eikix]

@Mergifyio queue

[mergify]

Merge Queue Status

• ✅ Entered queue — 2026-03-25 10:03 UTC · Rule: main
• ✅ Checks started · on draft merge queue: embarking main (bfc89a5) and [#2119 + #2157] together #2171
• 🚫 Left the queue — 2026-03-26 00:37 UTC · at ddd6ae0f7c043eeb8483d684fe78e3f2546a28cc

This pull request spent 14 hours 34 minutes 23 seconds in the queue, including 12 hours 1 minute 30 seconds running CI.

Reason

The merge conditions cannot be satisfied due to failing checks

Hint

You may have to fix your CI before adding the pull request to the queue again.
If you update this pull request, to fix the CI, it will automatically be requeued once the queue conditions match again.
If you think this was a flaky issue instead, you can requeue the pull request, without updating it, by posting a @mergifyio queue comment.

[Eikix]

@Mergifyio dequeue

[Eikix]

@Mergifyio refresh

[Eikix]

@Mergifyio rebase

[mergify]

dequeue

☑️ The pull request is not queued

[mergify]

refresh

✅ Pull request refreshed

[mergify]

rebase

✅ Branch has been successfully rebased

[Eikix]

@Mergifyio queue

[mergify]

Merge Queue Status

• 🟠 Waiting for queue conditions
• ⏳ Enter queue
• ⏳ Run checks
• ⏳ Merge

Required conditions to enter a queue

• -closed [📌 queue requirement]
• -conflict [📌 queue requirement]
• -draft [📌 queue requirement]
• any of [📌 queue -> configuration change requirements]:
  • -mergify-configuration-changed
  • check-success = Configuration changed
• any of [🔀 queue conditions]:
  • all of [📌 queue conditions of queue rule main]:
    • #approved-reviews-by >= 1 [🛡 GitHub branch protection]
    • #changes-requested-reviews-by = 0 [🛡 GitHub branch protection]
    • #review-threads-unresolved = 0 [🛡 GitHub branch protection]
    • base = main
    • branch-protection-review-decision = APPROVED [🛡 GitHub branch protection]
    • label!=do-not-merge
    • any of [🛡 GitHub branch protection]:
      • check-success = common-pull-request/lint (bpr)
      • check-neutral = common-pull-request/lint (bpr)
      • check-skipped = common-pull-request/lint (bpr)
    • any of [🛡 GitHub branch protection]:
      • check-skipped = coprocessor-cargo-test/cargo-tests (bpr)
      • check-neutral = coprocessor-cargo-test/cargo-tests (bpr)
      • check-success = coprocessor-cargo-test/cargo-tests (bpr)
    • any of [🛡 GitHub branch protection]:
      • check-skipped = coprocessor-dependency-analysis/dependencies-check (bpr)
      • check-neutral = coprocessor-dependency-analysis/dependencies-check (bpr)
      • check-success = coprocessor-dependency-analysis/dependencies-check (bpr)
    • any of [🛡 GitHub branch protection]:
      • check-skipped = gateway-contracts-deployment-tests/sc-deploy (bpr)
      • check-neutral = gateway-contracts-deployment-tests/sc-deploy (bpr)
      • check-success = gateway-contracts-deployment-tests/sc-deploy (bpr)
    • any of [🛡 GitHub branch protection]:
      • check-skipped = kms-connector-tests/test-connector (bpr)
      • check-neutral = kms-connector-tests/test-connector (bpr)
      • check-success = kms-connector-tests/test-connector (bpr)

[mergify]

Merge Queue Status

• ✅ Entered queue — 2026-03-26 08:29 UTC · Rule: main
• ✅ Checks passed · on draft merge queue: embarking main (04bd48a), #2174 and #2157 together #2177
• ✅ Merged — 2026-03-26 11:10 UTC · at 1f722381c5a85846ef6e5fac8b3918797ef3b4f6

This pull request spent 2 hours 40 minutes 23 seconds in the queue, including 1 hour 39 minutes 27 seconds running CI.

Required conditions to merge

• #approved-reviews-by >= 1 [🛡 GitHub branch protection]
  • feat(common): add QA-facing upgrade report #2157
• #changes-requested-reviews-by = 0 [🛡 GitHub branch protection]
  • feat(common): add QA-facing upgrade report #2157
• #review-threads-unresolved = 0 [🛡 GitHub branch protection]
  • feat(common): add QA-facing upgrade report #2157
• branch-protection-review-decision = APPROVED [🛡 GitHub branch protection]
  • feat(common): add QA-facing upgrade report #2157
• check-success = run-e2e-tests / fhevm-e2e-test
• any of [🛡 GitHub branch protection]:
  • check-success = common-pull-request/lint (bpr)
  • check-neutral = common-pull-request/lint (bpr)
  • check-skipped = common-pull-request/lint (bpr)
• any of [🛡 GitHub branch protection]:
  • check-success = coprocessor-cargo-test/cargo-tests (bpr)
  • check-neutral = coprocessor-cargo-test/cargo-tests (bpr)
  • check-skipped = coprocessor-cargo-test/cargo-tests (bpr)
• any of [🛡 GitHub branch protection]:
  • check-skipped = coprocessor-dependency-analysis/dependencies-check (bpr)
  • check-neutral = coprocessor-dependency-analysis/dependencies-check (bpr)
  • check-success = coprocessor-dependency-analysis/dependencies-check (bpr)
• any of [🛡 GitHub branch protection]:
  • check-skipped = gateway-contracts-deployment-tests/sc-deploy (bpr)
  • check-neutral = gateway-contracts-deployment-tests/sc-deploy (bpr)
  • check-success = gateway-contracts-deployment-tests/sc-deploy (bpr)
• any of [🛡 GitHub branch protection]:
  • check-skipped = kms-connector-tests/test-connector (bpr)
  • check-neutral = kms-connector-tests/test-connector (bpr)
  • check-success = kms-connector-tests/test-connector (bpr)