Skip to content

feat: dependabot weekly schedule, getting-started tutorial, ADRs, and VS Code quick-fix actions#1074

Merged
Gbangbolaoluwagbemiga merged 1 commit into
HyperSafeD:mainfrom
meshackyaro:feature/oss-contributions-issues-1037-1041-1044-1048
Jun 29, 2026
Merged

feat: dependabot weekly schedule, getting-started tutorial, ADRs, and VS Code quick-fix actions#1074
Gbangbolaoluwagbemiga merged 1 commit into
HyperSafeD:mainfrom
meshackyaro:feature/oss-contributions-issues-1037-1041-1044-1048

Conversation

@meshackyaro

Copy link
Copy Markdown
Contributor

Closes #1037, Closes #1041, Closes #1044, Closes #1048

Summary

  • [ci] Add dependency update bot: Dependabot for npm, Cargo, and GitHub Actions #1037 — Dependabot configuration: Updated .github/dependabot.yml to use weekly schedules (monday) for all ecosystems (cargo, npm, github-actions), added reviewers and labels per ecosystem, and added .github/workflows/dependabot-auto-merge.yml to auto-merge patch and minor Dependabot PRs via gh pr merge --auto.

  • [docs] Write a Getting Started tutorial: scan your first Soroban contract in 5 minutes #1041 — Getting Started tutorial: Expanded docs/getting-started.md into a full 5-minute tutorial: install via cargo install sanctifier-cli, create a minimal Soroban contract with three intentional findings, run sanctifier analyze, interpret the output, fix each finding (S001/S002/S003), and re-run to confirm a clean report. Added an asciinema recording note and updated the README to feature the tutorial as the primary call to action.

  • [docs] Add architecture decision records (ADRs) for major technical choices #1044 — Architecture Decision Records: Added four new ADRs in docs/adr/ using the MADR format, each covering context, decision, alternatives considered, and consequences:

    • 006-z3-formal-verification.md — why Z3 over Kani or Creusot
    • 007-syn-ast-parser.md — why syn over tree-sitter or a custom parser
    • 008-sarif-output-format.md — why SARIF 2.1.0 over custom JSON or Checkstyle
    • 009-soroban-wasm-target.md — why Soroban/WASM over EVM or CosmWasm
  • [vscode] Add inline code actions (quick-fix lightbulbs) for Sanctifier findings #1048 — VS Code quick-fix lightbulbs: Implemented SanctifierCodeActionProvider in vscode-extension/src/code-actions.ts, registered in extension.ts. Pure fix helpers (buildRequireAuthInsertLine, buildUnwrapFix, buildCheckedArithFix) added to analyzer.ts. Lightbulbs appear for:

    • S001: "Insert address.require_auth();" after the function opening brace
    • S006 / S002: "Replace .unwrap() with ?" when an .unwrap() call is on the flagged line
    • S003: "Use checked_add" / "Use checked_sub" to replace unchecked arithmetic
    • 21 new tests added; all 138 tests pass (npm test).

Test plan

  • cd vscode-extension && npm test — all 138 tests pass
  • Merge Dependabot PR once it appears (within 7 days on monday) to verify auto-merge workflow
  • Open a Soroban .rs file with S001/S003/S006 findings in VS Code — lightbulb should appear; applying fix should insert/replace correct code
  • Follow docs/getting-started.md end-to-end on a fresh machine to validate the tutorial
  • Review the 4 new ADRs for accuracy against the codebase

… VS Code quick-fix actions

- HyperSafeD#1037: update dependabot.yml to weekly intervals with labels, reviewers, and add
  auto-merge workflow for patch/minor Dependabot PRs
- HyperSafeD#1041: expand docs/getting-started.md with a 5-minute tutorial covering minimal
  contract creation, first scan, fixing findings, and clean re-run; update README
  primary CTA to feature the tutorial
- HyperSafeD#1044: add ADRs 006-009 documenting rationale for Z3, syn AST parser, SARIF
  output format, and Soroban/WASM target selection
- HyperSafeD#1048: implement SanctifierCodeActionProvider (VS Code quick-fix lightbulbs) for
  S001/S002/S003/S006 findings; add pure fix helpers to analyzer.ts; register
  provider in extension.ts; 21 new tests, all passing
@vercel

vercel Bot commented Jun 29, 2026

Copy link
Copy Markdown

@bbjiggy is attempting to deploy a commit to the gbangbolaoluwagbemiga's projects Team on Vercel.

A member of the Team first needs to authorize it.

@drips-wave

drips-wave Bot commented Jun 29, 2026

Copy link
Copy Markdown

@meshackyaro Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

@Gbangbolaoluwagbemiga Gbangbolaoluwagbemiga merged commit 339a36a into HyperSafeD:main Jun 29, 2026
13 of 34 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment