Skip to content

init credible#473

Open
metanallok wants to merge 3 commits into
developfrom
credible
Open

init credible#473
metanallok wants to merge 3 commits into
developfrom
credible

Conversation

@metanallok

@metanallok metanallok commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

The numbers I'm getting are 22,663,387 total supply: 10,000,000 to ICO, 2,900,000 to liquidity, 5,230,709 to prior investors, 4,532,678 to initial team performance package.

From Proph3t

44dNkVJsWPZfh3tvRyqpnwgkoL5RYqi3cWsE1d8wfviV

From Shri

@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

Repository Guard

  • Cargo.lock: pass
  • yarn.lock (root): pass
  • yarn.lock (sdk): pass
  • Repo guard: pass

Repository Guard

Cargo dependency pinning

  • Status: pass
  • Every programs/*/Cargo.toml dep uses =x.y.z, a path = .. workspace ref, or a git dep with a 40-char rev.

Cross-program Anchor/Solana version consistency

  • Status: pass
  • anchor-lang and anchor-spl are pinned to the version declared in repo-guard.toml across every program.

solana-program crate pin

  • Status: pass
  • Every solana-program = "=X" declaration is =1.17.14 (locked to match Cargo.lock).

Anchor.toml solana_version

  • Status: pass
  • Anchor.toml declares solana_version = "1.17.34" (local-dev install for anchor test).

Crate minimum age

  • Status: pass
  • All Cargo deps changed by this PR are at least 14 days old on crates.io.

Yarn package.json pinning

  • Status: pass
  • All package.json deps use exact versions (no ^, ~, ranges).

npm minimum age

  • Status: pass
  • All npm deps changed by this PR are at least 14 days old.

Workflow toolchain consistency

  • Status: pass
  • Every workflow declares anchor-version: 0.29.0.
  • Per-file solana-cli-version values match [toolchain.workflow_solana_cli] in repo-guard.toml.

GitHub Action SHA pinning

  • Status: pass
  • Every third-party action is pinned to a SHA in [actions.sha_allowlist].

Sensitive program / config changes

  • Status: warn
  • Review hint only (CODEOWNERS is the merge gate). Lines below match heuristics for security-sensitive changes:
  • scripts/v0.7/credible/constants.ts:8 Hardcoded Solana address literal -> + "44dNkVJsWPZfh3tvRyqpnwgkoL5RYqi3cWsE1d8wfviV",
  • scripts/v0.7/credible/constants.ts:12 Hardcoded Solana address literal -> + new PublicKey("44dNkVJsWPZfh3tvRyqpnwgkoL5RYqi3cWsE1d8wfviV"),
  • scripts/v0.7/credible/constants.ts:13 Hardcoded Solana address literal -> + new PublicKey("4uhwwcipVRFczcCPCgZDkMgWaL8kGw7ht4k6HT3faw3g"),
  • scripts/v0.7/credible/constants.ts:14 Hardcoded Solana address literal -> + new PublicKey("Fhz78PivwNKJ6JjCbNRj1QKEdgutecaQW8SqV54SkbgK"),
  • scripts/v0.7/credible/constants.ts:18 Hardcoded Solana address literal -> + "44dNkVJsWPZfh3tvRyqpnwgkoL5RYqi3cWsE1d8wfviV", // Placeholder for no performance package
  • scripts/v0.7/credible/constants.ts:28 Hardcoded Solana address literal -> + "DVA4Q78r3N35gHFeKyMWEMP9jtv4f5joteDz3kMZTYjL",

Overall status: pass

Lockfile freshness (Cargo.lock + yarn.lock) is checked by the workflow directly and cannot be bypassed. The sensitive-diff section is a review hint - CODEOWNERS handles the actual merge gate.

@metanallok metanallok marked this pull request as ready for review July 8, 2026 17:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants