fix: remove mock contracts from production

[RishabhS7]

Prevents mock contracts from being shipped or published by:

• Whitelisting only required contract sources in package.json files.
• Using a production build that strips mock artifacts.
• Adding a CI/pack-time assertion to fail if any mock artifacts slip through.

Summary by CodeRabbit

• Chores
  • Enhanced the build process with automated validation to prevent mock code from appearing in production artifacts
  • Refined the package exports to explicitly declare contract files and directories
  • Added production artifact integrity checks to ensure clean, reliable builds

[coderabbitai]

Walkthrough

Package.json is updated to expand the files list from a single "contracts" entry to explicit subdirectories and specific contract files, add a new ci:assert:no-mocks script, integrate it into the build pipeline, and remove mock artifacts during the build. A new assertNoMocks.js script is added to validate that production artifacts do not contain mock code.

Changes

Cohort / File(s)	Summary
Build configuration updates package.json	Expanded "files" array to explicit contract directories (contracts/base, contracts/interfaces, contracts/presets, contracts/utils, contracts/lib) and specific contract files. Updated "build:artifacts:copy" to remove dist/artifacts/contracts/mocks. Chained "build" script to invoke ci:assert:no-mocks. Added new "ci:assert:no-mocks" script invoking node scripts/assertNoMocks.js.
Mock enforcement script scripts/assertNoMocks.js	New Node.js script that validates production artifacts do not contain mock code by checking for mocksDir existence and scanning artifactsDir for file paths containing "/mocks/". Aggregates errors and exits with code 1 if mocks are detected; otherwise logs success.

Sequence Diagram(s)

sequenceDiagram
    actor Dev
    Dev->>Build: npm run build
    Build->>Build: existing build steps
    Build->>ArtifactsCopy: build:artifacts:copy
    ArtifactsCopy->>FS: copy artifacts
    ArtifactsCopy->>FS: rm ./dist/artifacts/contracts/mocks
    Build->>AssertScript: ci:assert:no-mocks
    AssertScript->>FS: check mocksDir exists?
    alt mocks found
        AssertScript->>AssertScript: aggregate errors
        AssertScript->>Dev: exit(1) + error log
    else no mocks
        AssertScript->>Dev: success message
        Build->>Dev: build complete ✓
    end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• assertNoMocks.js script logic: Clear and straightforward file system checks with consistent error handling pattern
• package.json changes: Straightforward configuration updates; verify the new files array completeness against actual contract structure

Poem

🐰 The build now stands guard with a watchful eye,
No mocks shall slip through—we've caught them dry!
With scripts that check and files that list,
Our artifacts clean—no tricks we've missed. ✨

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The pull request description explains the changes made but does not follow the required template structure with Summary, Changes, Issues, and Releases sections.	Restructure the description to match the template: add a Summary section explaining background, organize changes into a Changes section with bullet points, specify related Issues, and include Releases information with channels and ETA.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'fix: remove mock contracts from production' directly and clearly summarizes the main change: preventing mock contracts from being included in production builds.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/mock-contracts-presets

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

⚠️ [eslint] <no-console> _{reported by reviewdog 🐶}
Unexpected console statement.

[github-actions]

⚠️ [eslint] <no-console> _{reported by reviewdog 🐶}
Unexpected console statement.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 02ec052 and 9b2752f.

📒 Files selected for processing (2)

• ARCHITECTURE.md (1 hunks)
• package.json (3 hunks)

🧰 Additional context used

🪛 Gitleaks (8.29.0)

ARCHITECTURE.md

[high] 180-180: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🪛 LanguageTool

ARCHITECTURE.md

[grammar] ~249-~249: Ensure spelling is correct
Context: ...l relevant methods (remarkLengthLimit modifers in registry and escrow) - burn requir...

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

🔇 Additional comments (4)

ARCHITECTURE.md (1)

1-284: Excellent architecture documentation—fills an important knowledge gap.

This is comprehensive, well-organized, and provides exactly the kind of reference developers need to navigate the repository. The structure (overview → tech stack → layout → core contracts → SDK → tasks → workflows) is logical and maintains good cross-references to key files and concepts.

package.json (3)

16-26: Approve: explicit whitelisting prevents mock contracts from npm package.

The expanded files array now explicitly lists required contract source directories and core contract files while omitting contracts/mocks. This is a more maintainable and intent-clear approach than a catch-all "contracts" entry.

---

54-54: Approve: build:artifacts:copy cleanup tightens production artifact handling.

The script now removes debug artifacts (.dbg.json files) and explicitly deletes the mock artifacts directory. This provides a good cleanup layer independent of the npm files array configuration.

---

56-56: ci:assert:no-mocks validation confirmed — implementation is correct.

All verification items have been confirmed:

1. ✓ scripts/assertNoMocks.js exists and is included in the PR
2. ✓ The script correctly detects and rejects mock artifacts via two methods: direct directory check for dist/artifacts/contracts/mocks and recursive path traversal checking for /mocks/ in artifact paths
3. ✓ The script runs after build:artifacts:copy completes (line 56 shows correct pipeline order) and exits with code 1 on mock detection, properly failing the build

The implementation provides a solid production integrity gate.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

package.json (1)

71-73: Confirm the new ci:assert:no-mocks script is comprehensive.

The new "ci:assert:no-mocks" script is correctly added with a trailing comma on the "coverage" line. However, this script references scripts/assertNoMocks.js, which is not included in the files for review.

Please provide scripts/assertNoMocks.js so I can verify:

• The assertion logic is comprehensive (checks for mock artifacts in all expected locations)
• The error messaging is clear for debugging
• No false positives or incomplete coverage

Alternatively, if you would like me to review the script once it's provided, I can assess its robustness and suggest improvements.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9b2752f and 027346e.

📒 Files selected for processing (1)

• package.json (3 hunks)

🔇 Additional comments (3)

package.json (3)

56-56: Verify the build pipeline ordering and script execution.

The ci:assert:no-mocks script is now chained at the end of the build pipeline. This ordering is correct—the assertion runs after artifacts are cleaned. However, the assertNoMocks.js script itself is not provided for review, so I cannot verify what it actually checks.

The following questions need confirmation:

• Does assertNoMocks.js check ./dist/artifacts/contracts for mock references?
• Does it search for both directory presence and file contents (in case mocks are conditionally imported)?
• Will it fail the build with a clear error message if mocks are detected?
• Are there any false positive risks (e.g., the word "mock" in comments or strings)?

Please provide the scripts/assertNoMocks.js file for review.

---

54-54: No action needed—the artifact cleanup is correctly implemented.

The mocks directory is confirmed to be generated during the hardhat compile step (as evidenced by the assertNoMocks.js validation script), and the rm -rf ./dist/artifacts/contracts/mocks command correctly removes it from the distribution. The -f flag makes it idempotent, and the path is correct relative to the project root where npm scripts execute. The removal is further validated by the ci:assert:no-mocks step that runs after build:artifacts:copy.

---

16-26: Mock exclusion strategy is properly implemented across three defensive layers.

Verification confirms the "files" list correctly excludes contracts/mocks, and only one mocks directory exists (./contracts/mocks, which will be excluded). The build process adds two additional safeguards: the build:artifacts:copy script explicitly removes mocks artifacts with rm -rf ./dist/artifacts/contracts/mocks, and the ci:assert:no-mocks script validates post-build that no mock files remain in dist via both directory checks and deep path scanning. The assertion script exits with code 1 on failure, preventing release of builds containing mocks.

[github-actions]

🎉 This PR is included in version 5.5.1 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀