Skip to content

#800 Add provenance metadata checks for generated Soroban deployment …#847

Merged
edehvictor merged 1 commit into
edehvictor:mainfrom
Kappa16:#800-Add-provenance-metadata-checks-for-generated-Soroban-deployment-manifests-FIX
Jul 2, 2026
Merged

#800 Add provenance metadata checks for generated Soroban deployment …#847
edehvictor merged 1 commit into
edehvictor:mainfrom
Kappa16:#800-Add-provenance-metadata-checks-for-generated-Soroban-deployment-manifests-FIX

Conversation

@Kappa16

@Kappa16 Kappa16 commented Jun 25, 2026

Copy link
Copy Markdown
Contributor

Description
Adds structured provenance metadata to generated deployment manifests so maintainers can verify where manifests came from and which network/source inputs produced them.

Implemented changes include:

  • Added a provenance block to generated deployment manifests.
  • Recorded source input metadata for deployed.json, including SHA-256 hash.
  • Recorded registry input metadata for contracts/registry.json, including SHA-256 hash when available.
  • Recorded network provenance:
    • network name
    • RPC URL
    • network passphrase
  • Recorded git provenance:
    • commit SHA
    • branch
    • remote URL
  • Recorded CI/local execution context:
    • provider
    • run ID
    • workflow
    • actor
  • Added validation in verify-manifest.js so missing or malformed provenance causes verification failure.
  • Added tests for generated provenance and malformed/missing provenance validation.
  • Updated example manifest and documentation explaining how maintainers should interpret the metadata.

Fixes #

Type of Change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update

Verification Commands

  • npm run lint / npm run test (Frontend/Backend)

Verified with:

cd contracts
npm test

Result:

Test Files  3 passed (3)
Tests       34 passed (34)

Also ran:

npm run validate-workspace

Result:

All checks passed.

And build checks:

npm run build --if-present
cd contracts && npm run build --if-present

Result:

Exit code: 0
  • cargo fmt / cargo clippy / cargo test (Smart Contracts)

Not run because this change only updates JavaScript manifest tooling, tests, examples, and documentation. No Rust smart contract logic was changed.

Contract Security (if contracts/ changed)

  • Storage schema changes documented or migration provided

N/A — no smart contract storage schema changes.

  • All entry points have authorization checks

N/A — no smart contract entry points changed or added.

  • Arithmetic uses checked operations

N/A — no smart contract arithmetic changed.

  • New entry points have unit tests including unauthorized callers

N/A — no new smart contract entry points added.

  • No new admin roles without governance proposal

N/A — no admin roles or governance permissions changed.

UI Snapshot Checklist

  • Screenshots provided for Desktop (1024px+)
  • Screenshots provided for Mobile (375px)
  • No visual changes.

CLOSE #800

@Kappa16 Kappa16 requested a review from edehvictor as a code owner June 25, 2026 18:10
@vercel

vercel Bot commented Jun 25, 2026

Copy link
Copy Markdown

@Kappa16 is attempting to deploy a commit to the Edeh Victor's projects Team on Vercel.

A member of the Team first needs to authorize it.

@drips-wave

drips-wave Bot commented Jun 25, 2026

Copy link
Copy Markdown

@Kappa16 Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

@edehvictor edehvictor left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice implementation!

@edehvictor edehvictor merged commit 7b04f66 into edehvictor:main Jul 2, 2026
1 check failed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add provenance metadata checks for generated Soroban deployment manifests

2 participants