Add Solana wallet-aware rule (cipher-starter)#259
Add Solana wallet-aware rule (cipher-starter)#259cryptomotifs wants to merge 2 commits intoPatrickJS:mainfrom
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
✅ Files skipped from review due to trivial changes (1)
📝 WalkthroughWalkthroughAdds a new documentation file specifying Solana wallet-security rules: three-tier hot/warm/cold wallet architecture, strict key-handling and signer isolation, MEV defenses (Jito/oracle-gating/illiquidity blocklist), transaction-safety invariants, Canadian NI 31-103 signal-selling constraints, paper-trading gates, SR&ED logbook guidance, and a free-tier infra list. Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (2)
rules-new/solana-wallet-aware.mdc (2)
46-51: Consider adding a legal disclaimer.The Canadian NI 31-103 compliance guidance provides specific regulatory interpretation. While derived from cipher-starter, consider adding a brief disclaimer that this doesn't constitute professional legal advice and readers should consult qualified attorneys for regulatory compliance.
📋 Suggested disclaimer
## Canadian NI 31-103 compliance (if selling signals) +*Note: This guidance is informational only and does not constitute legal advice. Consult qualified legal counsel for regulatory compliance.* + - Never use the word "recommend" in any user-facing output. Use "quantitative research" or "market-data analysis."🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@rules-new/solana-wallet-aware.mdc` around lines 46 - 51, Add a short legal disclaimer to the "Canadian NI 31-103 compliance (if selling signals)" section clarifying that the guidance is informational only and does not constitute legal or professional advice, and recommend consulting qualified attorneys for compliance questions; insert one or two concise sentences immediately after the four bulleted rules (or at the end of that subsection) referencing the section title to locate the spot. Ensure the language is explicit ("not legal advice", "consult a qualified attorney") and brief so it reads as a clear disclaimer rather than an expanded interpretation.
53-55: Consider adding a tax disclaimer.The SR&ED guidance provides specific Canadian tax credit information. Similar to the compliance section, consider adding a brief disclaimer that this is informational only and readers should consult qualified tax professionals.
📋 Suggested disclaimer
## SR&ED R&D credit (Canadian solo devs) +*Note: This guidance is informational only and does not constitute tax advice. Consult qualified tax professionals for SR&ED claims.* + Start an R&D logbook on Day 1 of any Solana build. Every design doc, every commit message that references a "technical uncertainty," every rejected-architecture write-up counts as evidence for a 35–43% refundable SR&ED claim on your imputed founder-salary rate. For 4-6 months of solo work a plausible claim is CAD $3k–$10k as a sole proprietor.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@rules-new/solana-wallet-aware.mdc` around lines 53 - 55, Add a short tax-disclaimer under the "SR&ED R&D credit (Canadian solo devs)" section clarifying the content is informational and not professional tax advice; mirror the tone and placement used in the existing compliance section, stating readers should consult a qualified tax professional or accountant for personalized guidance and include a brief note that rules/change by jurisdiction and time. Place the disclaimer directly after the section header or before the first paragraph so it’s clearly associated with the SR&ED guidance.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@rules-new/solana-wallet-aware.mdc`:
- Around line 28-36: The OpenBook v2 program ID in the ALLOWED_PROGRAMS Set is
wrong; update the entry inside ALLOWED_PROGRAMS (the string currently
"srmqPvymJeFKQ4zGQed1GFppgkRHL9kaELCbyksJtPX") to the correct mainnet program ID
"opnb2LAfJYbRMAHHvqjCwQxanZn7ReEHp1k81EohpZb" so the allowlist correctly
authorizes OpenBook v2.
---
Nitpick comments:
In `@rules-new/solana-wallet-aware.mdc`:
- Around line 46-51: Add a short legal disclaimer to the "Canadian NI 31-103
compliance (if selling signals)" section clarifying that the guidance is
informational only and does not constitute legal or professional advice, and
recommend consulting qualified attorneys for compliance questions; insert one or
two concise sentences immediately after the four bulleted rules (or at the end
of that subsection) referencing the section title to locate the spot. Ensure the
language is explicit ("not legal advice", "consult a qualified attorney") and
brief so it reads as a clear disclaimer rather than an expanded interpretation.
- Around line 53-55: Add a short tax-disclaimer under the "SR&ED R&D credit
(Canadian solo devs)" section clarifying the content is informational and not
professional tax advice; mirror the tone and placement used in the existing
compliance section, stating readers should consult a qualified tax professional
or accountant for personalized guidance and include a brief note that
rules/change by jurisdiction and time. Place the disclaimer directly after the
section header or before the first paragraph so it’s clearly associated with the
SR&ED guidance.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 79cc82a7-ca30-413d-8b00-037e7e1e1f83
📒 Files selected for processing (1)
rules-new/solana-wallet-aware.mdc
The allowlist previously listed the deprecated Serum v3 program ID (srmqPvymJeFKQ4zGQed1GFppgkRHL9kaELCbyksJtPX). OpenBook v2's current mainnet deployment uses opnb2LAfJYbRMAHHvqjCwQxanZn7ReEHp1k81EohpZb. Flagged by CodeRabbit in PR review. Verified against Solscan and the official openbook-dex/openbook-v2 repo.
|
Thanks for the catch, @coderabbitai. You're right — the allowlist was using the deprecated Serum v3 program ID. Fixed in |
|
Tip For best results, initiate chat on the files or code changes.
If you found this review helpful, would you consider giving us a shout-out on X? Thank you for using CodeRabbit! |
Adding a new rule file at rules-new/solana-wallet-aware.mdc.
What it covers: Solana-native code with wallet-security awareness. Three-tier wallet architecture, KMS envelope encryption, isolated signer subprocesses with program allowlists, MEV defense via Jito bundles + oracle gating, transaction-safety invariants, Canadian NI 31-103 compliance hygiene, SR&ED R&D credit guidance, and the 30-day paper-trade gate before live capital.
Derived from cipher-starter (https://github.com/cryptomotifs/cipher-starter) - a public 150-page solo-dev playbook (MIT) for building Solana signal engines + autonomous trading bots on $0/mo infrastructure.
Globs cover TypeScript/JavaScript, Python, and Rust files. Happy to adjust format, globs, or content per the style guide.
Summary by CodeRabbit