coinbase · Dargon789 · Mar 26, 2025 · Mar 26, 2025 · Apr 12, 2025 · Apr 13, 2025
diff --git a/.circleci/ci-foundry.yml b/.circleci/ci-foundry.yml
@@ -0,0 +1,25 @@
+# Use the latest 2.1 version of CircleCI pipeline process engine.
+# See: https://circleci.com/docs/configuration-reference
+
+version: 2.1
+executors:
+  my-custom-executor:
+    docker:
+      - image: cimg/base:stable
+        auth:
+          # ensure you have first added these secrets
+          # visit app.circleci.com/settings/project/github/Dargon789/foundry/environment-variables
+          username: $DOCKER_HUB_USER
+          password: $DOCKER_HUB_PASSWORD
+jobs:
+  web3-defi-game-project:
+
+    executor: my-custom-executor
+    steps:
+      - checkout
+      - run: echo "Build started"
+
+workflows:
+  my-custom-workflow:
+    jobs:
+      - web3-defi-game-project
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -0,0 +1,31 @@
+# Use the latest 2.1 version of CircleCI pipeline process engine.
+# See: https://circleci.com/docs/configuration-reference
+version: 2.1
+
+# Define a job to be invoked later in a workflow.
+# See: https://circleci.com/docs/jobs-steps/#jobs-overview & https://circleci.com/docs/configuration-reference/#jobs
+jobs:
+  say-hello:
+    # Specify the execution environment. You can specify an image from Docker Hub or use one of our convenience images from CircleCI's Developer Hub.
+    # See: https://circleci.com/docs/executor-intro/ & https://circleci.com/docs/configuration-reference/#executor-job
+    docker:
+      # Specify the version you desire here
+      # See: https://circleci.com/developer/images/image/cimg/base
+      - image: cimg/base:current
+
+    # Add steps to the job
+    # See: https://circleci.com/docs/jobs-steps/#steps-overview & https://circleci.com/docs/configuration-reference/#steps
+    steps:
+      # Checkout the code as the first step.
+      - checkout
+      - run:
+          name: "Say hello"
+          command: "echo Hello, World!"
+
+# Orchestrate jobs using workflows
+# See: https://circleci.com/docs/workflows/ & https://circleci.com/docs/configuration-reference/#workflows
+workflows:
+  say-hello-workflow: # This is the name of the workflow, feel free to change it to better match your workflow.
+    # Inside the workflow, you define the jobs you want to run.
+    jobs:
+      - say-hello
diff --git a/.github/workflows/cli-minikit.yml b/.github/workflows/cli-minikit.yml
@@ -0,0 +1,60 @@
+name: "cli: build & install minikit"
+
+on:
+  pull_request:
+    branches:
+      - main
+      - alpha
+    paths:
+      - 'packages/create-onchain/**'
+  push:
+    branches:
+      - changeset-release/main
+
+jobs:
+  test:
+    if: github.head_ref != 'alpha'
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node-version: [22.x]
+        # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
+
+    steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
+        with:
+          egress-policy: audit
+
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: 'Setup'
+        uses: ./.github/actions/setup
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@f4d14e03ff726c06358e5557344e1da148b56cf7 # v1.2.2
+        with:
+          bun-version: latest
+
+      - name: Install dependencies
+        run: pnpm f:create install
+
+      - name: Build CLI
+        run: pnpm f:create build
+
+      - name: Make CLI executable
+        run: chmod +x ./packages/create-onchain/dist/esm/cli.js
+
+      - name: Create test project
+        run: |
+          mkdir test-project
+          cd test-project
+
+          (sleep 1; echo ""; sleep 1; echo ""; sleep 1; echo -e "\033[D\n"; sleep 1; echo -e "\033[D\n") | ../packages/create-onchain/dist/esm/cli.js --mini
+
+      - name: Install & Build test project
+        working-directory: ./test-project/my-onchainkit-app
+        run: |
+          npm install
+          npm run build
diff --git a/.github/workflows/cli-verify-minikit-template.yml b/.github/workflows/cli-verify-minikit-template.yml
@@ -13,6 +13,7 @@ on:
 
 jobs:
   test:
+    if: github.head_ref != 'alpha'
     runs-on: ubuntu-latest
     strategy:
       matrix:

diff --git a/.github/workflows/cli-verify-onchainkit-template.yml b/.github/workflows/cli-verify-onchainkit-template.yml
@@ -13,6 +13,7 @@ on:
 
 jobs:
   test:
+    if: github.head_ref != 'alpha'
     runs-on: ubuntu-latest
     strategy:
       matrix:
@@ -49,10 +50,11 @@ jobs:
         run: |
           mkdir test-project
           cd test-project
+
           (sleep 1; echo ""; sleep 1; echo ""; sleep 1; echo ""; sleep 1; echo -e "\033[D\n") | ../packages/create-onchain/dist/esm/cli.js
 
       - name: Install & Build test project
         working-directory: ./test-project/my-onchainkit-app
         run: |
           npm install
-          npm run build
+          npm run build
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -0,0 +1,39 @@
+# Dependency Review Action
+#
+# This Action will scan dependency manifest files that change as part of a Pull Request,
+# surfacing known-vulnerable versions of the packages declared or updated in the PR.
+# Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable
+# packages will be blocked from merging.
+#
+# Source repository: https://github.com/actions/dependency-review-action
+# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
+name: 'Dependency review'
+on:
+  pull_request:
+    branches: [ "main" ]
+
+# If using a dependency submission action in this workflow this permission will need to be set to:
+#
+# permissions:
+#   contents: write
+#
+# https://docs.github.com/en/enterprise-cloud@latest/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api
+permissions:
+  contents: read
+  # Write permissions for pull-requests are required for using the `comment-summary-in-pr` option, comment out if you aren't using this option
+  pull-requests: write
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout repository'
+        uses: actions/checkout@v4
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@v4
+        # Commonly enabled options, see https://github.com/actions/dependency-review-action#configuration-options for all available options.
+        with:
+          comment-summary-in-pr: always
+        #   fail-on-severity: moderate
+        #   deny-licenses: GPL-1.0-or-later, LGPL-2.0-or-later
+        #   retry-on-snapshot-warnings: true
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
@@ -0,0 +1,27 @@
+# This workflow warns and then closes issues and PRs that have had no activity for a specified amount of time.
+#
+# You can adjust the behavior by modifying this file.
+# For more information, see:
+# https://github.com/actions/stale
+name: Mark stale issues and pull requests
+
+on:
+  schedule:
+  - cron: '29 4 * * *'
+
+jobs:
+  stale:
+
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+
+    steps:
+    - uses: actions/stale@v5
+      with:
+        repo-token: ${{ secrets.GITHUB_TOKEN }}
+        stale-issue-message: 'Stale issue message'
+        stale-pr-message: 'Stale pull request message'
+        stale-issue-label: 'no-issue-activity'
+        stale-pr-label: 'no-pr-activity'
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,21 @@
+# Security Policy
+
+## Supported Versions
+
+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 5.1.x   | :white_check_mark: |
+| 5.0.x   | :x:                |
+| 4.0.x   | :white_check_mark: |
+| < 4.0   | :x:                |
+
+## Reporting a Vulnerability
+
+Use this section to tell people how to report a vulnerability.
+
+Tell them where to go, how often they can expect to get an update on a
+reported vulnerability, what to expect if the vulnerability is accepted or
+declined, etc.
diff --git a/examples/minikit-example/lib/notification-client.ts b/examples/minikit-example/lib/notification-client.ts
@@ -0,0 +1,83 @@
+import {
+  FrameNotificationDetails,
+  type SendNotificationRequest,
+  sendNotificationResponseSchema,
+} from "@farcaster/frame-sdk";
+import { getUserNotificationDetails } from "@/lib/notification";
+
+const appUrl = process.env.NEXT_PUBLIC_URL || "";
+
+type SendFrameNotificationResult =
+  | {
+      state: "error";
+      error: unknown;
+    }
+  | { state: "no_token" }
+  | { state: "rate_limit" }
+  | { state: "success" };
+
+export async function sendFrameNotification({
+  fid,
+  title,
+  body,
+  notificationDetails,
+}: {
+  fid: number;
+  title: string;
+  body: string;
+  notificationDetails?: FrameNotificationDetails | null;
+}): Promise<SendFrameNotificationResult> {
+  if (!notificationDetails) {
+    notificationDetails = await getUserNotificationDetails(fid);
+  }
+  if (!notificationDetails) {
+    return { state: "no_token" };
+  }
+
+  // Define a strict allowlist of hostnames and paths
+  const allowedHostnames = ["api.coinbase.com"];
+  const allowedPaths = ["/api/notification"]; // change/add allowed paths as needed
+  const url = new URL(notificationDetails.url);
+
+  // Validate the URL scheme, hostname, port, and pathname
+  if (
+    url.protocol !== "https:" ||
+    !allowedHostnames.includes(url.hostname) ||
+    (url.port && url.port !== "443") ||
+    !allowedPaths.includes(url.pathname) ||
+    url.search || url.hash // optionally disallow query/fragment, remove this if queries are needed
+  ) {
+    return { state: "error", error: "Invalid or unsafe notification URL" };
+  }
+
+  const response = await fetch(notificationDetails.url, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+    },
+    body: JSON.stringify({
+      notificationId: crypto.randomUUID(),
+      title,
+      body,
+      targetUrl: appUrl,
+      tokens: [notificationDetails.token],
+    } satisfies SendNotificationRequest),
+  });
+
+  const responseJson = await response.json();
+
+  if (response.status === 200) {
+    const responseBody = sendNotificationResponseSchema.safeParse(responseJson);
+    if (responseBody.success === false) {
+      return { state: "error", error: responseBody.error.errors };
+    }
+
+    if (responseBody.data.result.rateLimitedTokens.length) {
+      return { state: "rate_limit" };
+    }
+
+    return { state: "success" };
+  }
+
+  return { state: "error", error: responseJson };
+}
diff --git a/examples/minikit-example/package.json b/examples/minikit-example/package.json
@@ -15,7 +15,7 @@
     "@mantine/core": "^8.2.5",
     "@mantine/hooks": "^8.2.5",
     "@tanstack/react-query": "^5.81.5",
-    "next": "15.3.6",
+    "next": "15.4.10",
     "react": "^19.0.0",
     "react-dom": "^19.0.0",
     "viem": "^2.31.6",
-Original file line number
+Diff line change
@@ Expand Up / @@ -13,6 +13,7 @@ on: @@
     jobs:
       test:
+        if: github.head_ref != 'alpha'
         runs-on: ubuntu-latest
         strategy:
           matrix:
@@ Expand Down @@