Skip to content
This repository was archived by the owner on Mar 17, 2026. It is now read-only.

Upgrades/docs#2964

Open
Kushmanmb wants to merge 233 commits intobase:masterfrom
kushmanmb-org:master
Open

Upgrades/docs#2964
Kushmanmb wants to merge 233 commits intobase:masterfrom
kushmanmb-org:master

Conversation

@Kushmanmb
Copy link
Copy Markdown

@Kushmanmb Kushmanmb commented Feb 26, 2026

This pull request introduces a comprehensive set of improvements to the repository's CI/CD, code quality, and repository management practices. The changes focus on standardizing and documenting workflows, enforcing best practices for branch protection, enhancing dependency management, and improving code linting rules. Below are the most important updates grouped by theme.

CI/CD Pipeline Enhancements:

  • Refactored the Buildkite pipeline to use make commands for build, lint, test, and audit steps, added emoji labels for clarity, and introduced new steps for unit tests, security audit (soft fail), and a build summary. Also improved parallelism and failure handling.

Repository & Workflow Management:

  • Added extensive documentation for GitHub Actions best practices, including action versioning, permissions, concurrency, timeouts, and workflow structure, along with guidelines for creating new workflows and security considerations in .github/WORKFLOWS_BEST_PRACTICES.md.
  • Introduced a reusable composite action .github/actions/setup-node-yarn/action.yml to standardize Node.js and Yarn setup with Corepack and dependency installation.
  • Added a Dependabot configuration for automated dependency and GitHub Actions updates, including grouping strategies and reviewer assignments.

Branch Protection & Rulesets:

  • Added detailed documentation for applying branch protection rulesets via the GitHub UI, CLI, and Terraform, including troubleshooting and maintenance guidelines in .github/rulesets/APPLY_RULESETS.md.
  • Provided a README in .github/rulesets/README.md describing the ruleset files, application methods, and maintenance practices.

Code Quality & Linting:

  • Updated ESLint configuration to disallow console statements except for warn and info, enforcing cleaner logging practices.

Other Improvements:

  • Added a .gitattributes file to mark lock files, large data files, and generated files as linguist-generated, ensuring accurate language statistics on GitHub.
  • Updated .copilotignore to explicitly include Solidity files (*.sol).What changed? Why?

Notes to reviewers

How has it been tested?

Have you tested the following pages?

BaseWeb

  • [] base.org
  • [] base.org/names
  • [] base.org/builders
  • [] base.org/ecosystem
  • [] base.org/name/jesse
  • [] base.org/manage-names
  • [] base.org/resources

Copilot AI and others added 30 commits December 29, 2025 00:37
Initial plan
94f6a09
@Kushmanmb
Merge pull request #1 from Kushmanmb/copilot/install-yarn-dependencies
2174874
Initial plan
7e3ee1b
@Kushmanmb
Merge pull request #2 from Kushmanmb/copilot/add-transfer-filter-hook
c3460d0 
[WIP] Add transfer filtering hook with pagination
Initial plan
5713754
@Kushmanmb
Merge pull request #4 from Kushmanmb/copilot/fetch-etherscan-api-data
40d6a1e
Initial plan
f88c2ae
@Kushmanmb
Add user registration form with validation and API endpoint
e6930cd 
Co-authored-by: Kushmanmb <[email protected]>
@Kushmanmb
Fix linting errors in registration form and API route
3970789 
Co-authored-by: Kushmanmb <[email protected]>
@Kushmanmb
Address code review feedback: add autocomplete, fix validation, use L…
3b2ed23 
…ink component

Co-authored-by: Kushmanmb <[email protected]>
@Kushmanmb
Merge pull request #11 from Kushmanmb/copilot/add-user-registration-form
4f1d18a 
Add user registration form with client and server validation
Initial plan
1ced356
@Kushmanmb
Fix critical blockchain code errors - add error logging and validation
92ce8a7 
Co-authored-by: Kushmanmb <[email protected]>
@Kushmanmb
Fix remaining console.error to use logger for consistency
3bb3273 
Co-authored-by: Kushmanmb <[email protected]>
@Kushmanmb
Add contract address validation in useRegisterNameCallback
9e8dcf6 
Co-authored-by: Kushmanmb <[email protected]>
@Kushmanmb
Add comprehensive blockchain audit report
df55fb5 
Co-authored-by: Kushmanmb <[email protected]>
@Kushmanmb
Update apps/web/src/hooks/useRegisterNameCallback.ts
2ee3ec7 
Co-authored-by: Copilot <[email protected]>
@Kushmanmb
Merge pull request #12 from Kushmanmb/copilot/audit-blockchain-code-e…
9f7a5c6 
…rrors

Fix silent failures and missing validation in blockchain transaction flows
Initial plan
1b8470d
@Kushmanmb
Optimize performance: Fix O(n²) deduplication, improve DOM polling, a…
eac5e4e 
…dd memoization

Co-authored-by: Kushmanmb <[email protected]>
@Kushmanmb
Fix ESLint warning: Add memoized functions to dependency array
1deaf26 
Co-authored-by: Kushmanmb <[email protected]>
@Kushmanmb
Use useCallback instead of useMemo for function memoization
2f101ed 
Co-authored-by: Kushmanmb <[email protected]>
@Kushmanmb
Address code review feedback: Remove redundant check, clarify comment
4e2f25f 
Co-authored-by: Kushmanmb <[email protected]>
@Kushmanmb
Merge pull request #15 from Kushmanmb/copilot/improve-slow-code-effic…
3806ccc 
…iency

Optimize transaction deduplication, DOM polling, and category lookups
Initial plan
7e9b409
@Kushmanmb
Refactor API decorators to remove duplication
7cf5c81 
Co-authored-by: Kushmanmb <[email protected]>
@Kushmanmb
Refactor proof API routes to eliminate duplication
ea895f9 
Co-authored-by: Kushmanmb <[email protected]>
@Kushmanmb
Refactor attestation hooks to eliminate duplication
ee31de0 
Co-authored-by: Kushmanmb <[email protected]>
@Kushmanmb
Address code review feedback for attestation factory
778cd50 
Co-authored-by: Kushmanmb <[email protected]>
@Kushmanmb
Merge pull request #16 from Kushmanmb/copilot/refactor-duplicated-code
e69a80e 
Refactor duplicated code patterns in API routes and attestation hooks
Copilot AI and others added 9 commits February 26, 2026 00:27
Initial plan
ddf3c21
@Kushmanmb
Fix private key exposure and add secure environment variable validation
2c3dce8 
- Remove exported private key constants (trustedSignerPKey, cdpKeySecret)
- Add getTrustedSignerPrivateKey() function with validation
- Add getCdpKeySecret() function with validation
- Add CDP_KEY_SECRET to .env.local.example
- Add security warnings in deployment scripts
- Remove hardcoded wallet addresses from documentation

Co-authored-by: Kushmanmb <[email protected]>
@Kushmanmb
Add comprehensive blockchain security improvements documentation
2a22259 
Co-authored-by: Kushmanmb <[email protected]>
@Kushmanmb
Add 0x gasless quote API route with comprehensive tests
bab3846 
Co-authored-by: Kushmanmb <[email protected]>
@Kushmanmb
Merge pull request #80 from kushmanmb-org/copilot/fix-blockchain-erro…
daea20d 
…r-safeguards

[WIP] Fix blockchain error handling with key management best practices
@Kushmanmb
Fix linting issues in gasless quote API route
b91fa32 
Co-authored-by: Kushmanmb <[email protected]>
@Kushmanmb
Address code review feedback: use URLSearchParams for proper encoding
6ece5ab 
Co-authored-by: Kushmanmb <[email protected]>
@Kushmanmb
Add API documentation for gasless quote endpoint
d1d6820 
Co-authored-by: Kushmanmb <[email protected]>
@Kushmanmb
Merge pull request #81 from kushmanmb-org/copilot/add-gasless-quote-r…
c05cbf2 
…equest

Add 0x gasless quote API proxy endpoint
@vercel
Copy link
Copy Markdown

vercel bot commented Feb 26, 2026

@Kushmanmb is attempting to deploy a commit to the Coinbase Team on Vercel.

A member of the Team first needs to authorize it.

@cb-heimdall
Copy link
Copy Markdown
Collaborator

cb-heimdall commented Feb 26, 2026
edited
Loading

🟡 Heimdall Review Status

Requirement Status More Info
Reviews 🟡 0/1
Denominator calculation
Show calculation
1 if user is bot 0
1 if user is external 0
2 if repo is sensitive 0
From .codeflow.yml 1
Additional review requirements
Show calculation
Max 0
0
From CODEOWNERS 0
Global minimum 0
Max 1
1
1 if commit is unverified 0
Sum 1

Copilot AI and others added 19 commits February 26, 2026 01:10
Initial plan
bfb7590
@dependabot
chore(deps): bump the npm_and_yarn group across 1 directory with 14 u…
e7feeab 
…pdates

Bumps the npm_and_yarn group with 14 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [next](https://github.com/vercel/next.js) | `15.5.7` | `15.5.10` |
| [cloudinary](https://github.com/cloudinary/cloudinary_npm) | `2.5.1` | `2.7.0` |
| [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) | `7.26.9` | `7.28.6` |
| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.12` |
| [diff](https://github.com/kpdecker/jsdiff) | `4.0.2` | `4.0.4` |
| [form-data](https://github.com/form-data/form-data) | `4.0.2` | `4.0.5` |
| [h3](https://github.com/h3js/h3) | `1.15.1` | `1.15.5` |
| [hono](https://github.com/honojs/hono) | `4.8.5` | `4.11.9` |
| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |
| [jws](https://github.com/brianloveswords/node-jws) | `3.2.2` | `3.2.3` |
| [mdast-util-to-hast](https://github.com/syntax-tree/mdast-util-to-hast) | `13.2.0` | `13.2.1` |
| [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.11` | `2.4.12` |
| [tmp](https://github.com/raszi/node-tmp) | `0.2.3` | `0.2.5` |
| [undici](https://github.com/nodejs/undici) | `5.28.5` | `5.29.0` |



Updates `next` from 15.5.7 to 15.5.10
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v15.5.7...v15.5.10)

Updates `cloudinary` from 2.5.1 to 2.7.0
- [Release notes](https://github.com/cloudinary/cloudinary_npm/releases)
- [Changelog](https://github.com/cloudinary/cloudinary_npm/blob/master/CHANGELOG.md)
- [Commits](cloudinary/cloudinary_npm@2.5.1...2.7.0)

Updates `@babel/helpers` from 7.26.9 to 7.28.6
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.28.6/packages/babel-helpers)

Updates `brace-expansion` from 1.1.11 to 1.1.12
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](juliangruber/brace-expansion@1.1.11...v1.1.12)

Updates `diff` from 4.0.2 to 4.0.4
- [Changelog](https://github.com/kpdecker/jsdiff/blob/master/release-notes.md)
- [Commits](kpdecker/jsdiff@v4.0.2...v4.0.4)

Updates `form-data` from 4.0.2 to 4.0.5
- [Release notes](https://github.com/form-data/form-data/releases)
- [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md)
- [Commits](form-data/form-data@v4.0.2...v4.0.5)

Updates `h3` from 1.15.1 to 1.15.5
- [Release notes](https://github.com/h3js/h3/releases)
- [Changelog](https://github.com/h3js/h3/blob/v1.15.5/CHANGELOG.md)
- [Commits](h3js/h3@v1.15.1...v1.15.5)

Updates `hono` from 4.8.5 to 4.11.9
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.8.5...v4.11.9)

Updates `js-yaml` from 3.14.1 to 3.14.2
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@3.14.1...3.14.2)

Updates `jws` from 3.2.2 to 3.2.3
- [Release notes](https://github.com/brianloveswords/node-jws/releases)
- [Changelog](https://github.com/auth0/node-jws/blob/master/CHANGELOG.md)
- [Commits](auth0/node-jws@v3.2.2...v3.2.3)

Updates `mdast-util-to-hast` from 13.2.0 to 13.2.1
- [Release notes](https://github.com/syntax-tree/mdast-util-to-hast/releases)
- [Commits](syntax-tree/mdast-util-to-hast@13.2.0...13.2.1)

Updates `sha.js` from 2.4.11 to 2.4.12
- [Changelog](https://github.com/browserify/sha.js/blob/master/CHANGELOG.md)
- [Commits](browserify/sha.js@v2.4.11...v2.4.12)

Updates `tmp` from 0.2.3 to 0.2.5
- [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md)
- [Commits](raszi/node-tmp@v0.2.3...v0.2.5)

Updates `undici` from 5.28.5 to 5.29.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v5.28.5...v5.29.0)

Updates `next` from 15.5.7 to 15.5.12
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v15.5.7...v15.5.10)

---
updated-dependencies:
- dependency-name: next
  dependency-version: 15.5.10
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: cloudinary
  dependency-version: 2.7.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@babel/helpers"
  dependency-version: 7.28.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: brace-expansion
  dependency-version: 1.1.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: diff
  dependency-version: 4.0.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: form-data
  dependency-version: 4.0.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: h3
  dependency-version: 1.15.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: hono
  dependency-version: 4.11.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: js-yaml
  dependency-version: 3.14.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: jws
  dependency-version: 3.2.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: mdast-util-to-hast
  dependency-version: 13.2.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: sha.js
  dependency-version: 2.4.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tmp
  dependency-version: 0.2.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: undici
  dependency-version: 5.29.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: next
  dependency-version: 15.5.12
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
Incorporate rebased dependabot dependency updates
f9dc3d0
@Kushmanmb
Add rebase summary documentation
cbb0183 
Co-authored-by: Kushmanmb <[email protected]>
@Kushmanmb
Fix hono version in documentation
61d4a4c 
Co-authored-by: Kushmanmb <[email protected]>
@Kushmanmb
Merge pull request #82 from kushmanmb-org/copilot/rebase-dependabot-b…
1bac533 
…ranch

Rebase Dependabot PR #30 onto latest master
Initial plan
84facc3
@Kushmanmb
Add onlyOwner restriction to claim function in MyContract.sol
3a5a6d7 
Co-authored-by: Kushmanmb <[email protected]>
@dependabot
chore(deps): bump tar from 7.5.7 to 7.5.11
f233ce7 
Bumps [tar](https://github.com/isaacs/node-tar) from 7.5.7 to 7.5.11.
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v7.5.7...v7.5.11)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.11
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@Kushmanmb
Merge pull request #87 from kushmanmb-org/copilot/add-only-owner-rest…
915233a 
…riction

Restrict `claim` function to owner only
@Kushmanmb
Merge pull request #89 from kushmanmb-org/dependabot/npm_and_yarn/tar…
07d792a 
…-7.5.11

chore(deps): bump tar from 7.5.7 to 7.5.11
Initial plan
ee666a3
@Kushmanmb
Update E2E hardfork from cancun to prague
2c2046c 
Co-authored-by: Kushmanmb <[email protected]>
Agent-Logs-Url: https://github.com/kushmanmb-org/base/sessions/3fca94e2-fd2c-47ca-a00f-f1fa5acd9967
@Kushmanmb
Merge pull request #100 from kushmanmb-org/copilot/run-hard-fork-base
00ddbac
Initial plan
410d2b5
@Kushmanmb
Add node.reset() afterEach hook in testFixture for blockchain state i…
52e9887 
…solation

Agent-Logs-Url: https://github.com/kushmanmb-org/base/sessions/fec8cb4c-eafc-4d69-a818-995b8a4472e6

Co-authored-by: Kushmanmb <[email protected]>
@Kushmanmb
Merge pull request #105 from kushmanmb-org/copilot/node-reset
ff3c3a2 
Add node reset after each E2E test for chain state isolation
@Kushmanmb
Update package.json: remove contributors script and reset node version
09e2867 
Agent-Logs-Url: https://github.com/kushmanmb-org/base/sessions/035174a1-00b1-484b-937d-a96b0fa79e4b

Co-authored-by: Kushmanmb <[email protected]>
@Kushmanmb
Merge pull request #106 from kushmanmb-org/copilot/update-package-jso…
aebd369 
…n-remove-contributors

Remove contributors tooling and relax node version constraint
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Kushmanmb @cb-heimdall