feat: migrate to soldeer + bump rainix to rainlanguage/rainix main

[thedavidmeister]

Two related changes bundled together:

1. Submodules → Soldeer (a6c3cf7)

Replaces the `lib/rain.interpreter.interface` submodule with Soldeer deps. `rain-math-float` is also declared since the imports reference it directly.

• foundry.toml: `libs = ['dependencies']`, `[dependencies]` pinning `rain-interpreter-interface = "0.1.0"`, `rain-math-float = "0.1.1"`, `forge-std = "1.16.1"`, `[soldeer]` section.
• Custom remappings preserve the existing `rain.interpreter.interface/…` and `rain.math.float/…` import paths so .sol source doesn't switch to versioned-folder paths.
• Three .sol files (`src/interface/IRaindexV6.sol`, `src/interface/deprecated/v4/IOrderBookV4.sol`, `src/interface/deprecated/v5/IOrderBookV5.sol`) had old relative-path imports (`"../../rain.interpreter.interface/…"`); rewritten to use the remap.
• `soldeer.lock` + `remappings.txt` committed.
• `.gitmodules` + `lib/` deleted.
• `.gitignore` adds `dependencies`, `cache`, `out`, `.env`, `.pre-commit-config.yaml`.
• Adds `.github/workflows/publish-soldeer.yaml` so `v*` tags publish to Soldeer.

2. rainix bump + CI restructure (bff6a97)

• `flake.nix`: `rainix.url` switched from `github:rainprotocol/rainix` (old org, 2025-09 pin) to `github:rainlanguage/rainix` (current org, 2026-05-19 HEAD at d444279bc).
• `flake.lock` re-locked.
• `.github/workflows/rainix.yaml` was a matrix calling removed devShell tasks (`rainix-sol-test`, `rainix-sol-static`, `rainix-sol-legal` — all removed in the newer rainix). Replaced with a thin caller of `rainlanguage/rainix/.github/workflows/rainix-sol.yaml@main`, matching the pattern in rain.deploy, rain.factory, rain.vats.

Why combined

The soldeer migration unblocks the parent raindex soldeer migration, and the rainix bump unblocks raindex's own rainix bump (raindex#2579). Doing them in one PR avoids the interim "soldeer but old rainix" state.

`forge build` passes locally on the resulting tree.

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Restructured dependency management system from local libraries to a dedicated dependencies directory
  • Consolidated CI/CD workflows with standardized reusable workflow templates
  • Updated build configuration and import path resolution for external packages
  • Enhanced code quality and analysis configurations

[coderabbitai]

Warning

Rate limit exceeded

@thedavidmeister has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 46 minutes and 19 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: e4c474fd-7c55-4890-9ccb-c88a85905865

📥 Commits

Reviewing files that changed from the base of the PR and between b1f3f7b and b7ffa9f.

📒 Files selected for processing (5)

• src/interface/IRaindexV6.sol
• src/interface/deprecated/v3/IOrderBookV3.sol
• src/interface/deprecated/v4/IOrderBookV4.sol
• src/interface/deprecated/v5/IOrderBookV5.sol
• src/interface/deprecated/v5/IOrderBookV5ArbOrderTaker.sol

Walkthrough

Dependency management is migrated from git submodules to a Soldeer-style dependencies/ layout: foundry remappings and remappings.txt added, imports rewritten to package paths, CI/flake inputs updated to rainlanguage/rainix, Slither/REUSE configs adjusted, and a tag-triggered publish workflow was added.

Changes

Soldeer Dependency Migration

Layer / File(s)	Summary
Build configuration and dependency resolution foundry.toml, remappings.txt, .gitignore, REUSE.toml, slither.config.json	Foundry libs switches from lib to dependencies, remappings point to dependencies/<pkg>/<version>/, remappings.txt added, .gitignore excludes dependencies and related artifacts, REUSE annotations updated, and Slither filter/detectors extended.
Solidity import path updates src/interface/IRaindexV6.sol, src/interface/deprecated/v4/IOrderBookV4.sol, src/interface/deprecated/v5/IOrderBookV5.sol	Interface files update imports for IInterpreterCallerV3/V4 from relative lib/... vendored paths to package-style rain.interpreter.interface/... paths; no public API signatures changed.
CI wrapper and flake input update .github/workflows/rainix.yaml, flake.nix	The CI workflow is replaced by a thin wrapper that reuses rainlanguage/rainix reusable workflow; flake.nix now pulls rainix from rainlanguage/rainix and adjusts the outputs signature.
Publishing workflow for Soldeer releases .github/workflows/publish-soldeer.yaml	Added a workflow that runs on tag pushes v* and reuses the rainlanguage/rainix publish workflow with secrets: inherit.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related issues

• chore: bump pinned rainix to latest raindex#2575: Changes update the rainix flake/workflow references to rainlanguage/rainix, matching requests to bump/pin rainix inputs.
• Replace git submodules with Soldeer for Solidity dependencies raindex#2578: Implements migration from git submodules to Soldeer-style dependencies (removals/rewrites of lib paths, remappings, and publish workflow).
• Migrate dependency management from git submodules to soldeer rain.math.saturating#9: Mirrors the soldeer migration steps—removing submodules and switching remappings/dependencies.
• Migrate dependency management from git submodules to soldeer rain.solmem#32: Implements the same soldeer migration pattern (remappings, dependencies layout, publish workflow).
• Migrate dependency management from git submodules to soldeer rain.math.binary#10: Applies the git-submodule → Soldeer migration pattern used across package repos.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately summarizes both main changes: migrating from Git submodules to Soldeer package management and updating rainix to the rainlanguage/rainix repository.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch 2026-05-20-soldeer-migration

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/publish-soldeer.yaml:
- Line 9: The workflow currently uses "secrets: inherit" which exposes all repo
secrets to the external workflow; replace this by either pinning the referenced
external workflow (use a commit SHA in the uses: reference) and then explicitly
listing only the needed secrets (e.g., with "secrets: { MY_SECRET: ${{
secrets.MY_SECRET }}, OTHER_SECRET: ${{ secrets.OTHER_SECRET }} }") instead of
"secrets: inherit", or if you cannot pin yet, remove inherit and explicitly pass
only the required secret names; update the step that contains "secrets: inherit"
to the explicit secrets mapping and pin the external workflow reference in the
uses: field.
- Line 8: Update the reusable workflow reference that currently reads "uses:
rainlanguage/rainix/.github/workflows/publish-soldeer.yaml@main" to pin to a
specific commit SHA instead of `@main`: locate the uses entry in
.github/workflows/publish-soldeer.yaml and replace the branch suffix (`@main`)
with the full commit hash from the rainlanguage/rainix repo (e.g.,
@<commit-sha>) so the workflow uses an immutable, reviewable version.

In `@src/interface/deprecated/v4/IOrderBookV4.sol`:
- Line 14: You've modified a deprecated interface file (IOrderBookV4.sol) by
changing the import to IInterpreterCallerV3; revert that edit and do not change
any files under src/interface/deprecated/v4 (or any **/interface/deprecated/**)
in this migration. Instead, if you need the new import/behavior, add a new
non-deprecated interface or migration file (e.g., create a new interface named
IOrderBookV4New or place changes under a non-deprecated path) and update callers
to use that new symbol; ensure the original IOrderBookV4 and its import
reference to IInterpreterCallerV2 remain untouched to preserve deprecation
immutability.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: c6583498-d0cf-4784-bf41-7082c920d15c

📥 Commits

Reviewing files that changed from the base of the PR and between 9e2da33 and a6c3cf7.

⛔ Files ignored due to path filters (1)

• soldeer.lock is excluded by !**/*.lock

📒 Files selected for processing (9)

• .github/workflows/publish-soldeer.yaml
• .gitignore
• .gitmodules
• foundry.toml
• lib/rain.interpreter.interface
• remappings.txt
• src/interface/IRaindexV6.sol
• src/interface/deprecated/v4/IOrderBookV4.sol
• src/interface/deprecated/v5/IOrderBookV5.sol

💤 Files with no reviewable changes (2)

• lib/rain.interpreter.interface
• .gitmodules

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Pin the reusable workflow to a specific commit hash.

The workflow reference uses @main instead of a commit SHA. Static analysis flags this as violating a blanket policy and enabling supply chain attacks. If the external workflow is modified (maliciously or accidentally), this workflow will automatically use the new version without review.

🔒 Recommended fix

-    uses: rainlanguage/rainix/.github/workflows/publish-soldeer.yaml@main
+    uses: rainlanguage/rainix/.github/workflows/publish-soldeer.yaml@<commit-sha>

Replace <commit-sha> with the full commit hash of the desired version from rainlanguage/rainix. You can find this by visiting the repository and copying the commit SHA of the workflow file you want to use.

🧰 Tools

🪛 zizmor (1.25.2)

[error] 8-8: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)

(unpinned-uses)

---

[warning] 8-8: secrets unconditionally inherited by called workflow (secrets-inherit): this reusable workflow

(secrets-inherit)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/publish-soldeer.yaml at line 8, Update the reusable
workflow reference that currently reads "uses:
rainlanguage/rainix/.github/workflows/publish-soldeer.yaml@main" to pin to a
specific commit SHA instead of `@main`: locate the uses entry in
.github/workflows/publish-soldeer.yaml and replace the branch suffix (`@main`)
with the full commit hash from the rainlanguage/rainix repo (e.g.,
@<commit-sha>) so the workflow uses an immutable, reviewable version.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Consider restricting inherited secrets.

secrets: inherit passes all repository secrets to the external workflow. Combined with the unpinned workflow reference on line 8, this increases the risk surface—any change to the external workflow immediately gains access to all secrets.

Once the workflow is pinned to a commit hash, this pattern may be acceptable depending on organizational standards. Alternatively, explicitly pass only required secrets.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/publish-soldeer.yaml at line 9, The workflow currently
uses "secrets: inherit" which exposes all repo secrets to the external workflow;
replace this by either pinning the referenced external workflow (use a commit
SHA in the uses: reference) and then explicitly listing only the needed secrets
(e.g., with "secrets: { MY_SECRET: ${{ secrets.MY_SECRET }}, OTHER_SECRET: ${{
secrets.OTHER_SECRET }} }") instead of "secrets: inherit", or if you cannot pin
yet, remove inherit and explicitly pass only the required secret names; update
the step that contains "secrets: inherit" to the explicit secrets mapping and
pin the external workflow reference in the uses: field.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

Do not edit deprecated v1-v5 interfaces in-place.

Line 14 modifies a file under src/interface/deprecated/v4/, which breaks the repository deprecation immutability policy. This migration should avoid touching deprecated interfaces unless this PR is explicitly undeprecating them.

As per coding guidelines **/interface/deprecated/**/*.sol: Do not modify deprecated interfaces (v1-v5) in src/interface/deprecated/ unless undeprecating.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/interface/deprecated/v4/IOrderBookV4.sol` at line 14, You've modified a
deprecated interface file (IOrderBookV4.sol) by changing the import to
IInterpreterCallerV3; revert that edit and do not change any files under
src/interface/deprecated/v4 (or any **/interface/deprecated/**) in this
migration. Instead, if you need the new import/behavior, add a new
non-deprecated interface or migration file (e.g., create a new interface named
IOrderBookV4New or place changes under a non-deprecated path) and update callers
to use that new symbol; ensure the original IOrderBookV4 and its import
reference to IInterpreterCallerV2 remain untouched to preserve deprecation
immutability.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/rainix.yaml:
- Line 5: Replace the mutable reusable workflow reference that uses
"rainlanguage/rainix/.github/workflows/rainix-sol.yaml@main" with an immutable
commit SHA; locate the "uses:
rainlanguage/rainix/.github/workflows/rainix-sol.yaml@main" entry in
.github/workflows/rainix.yaml (and the analogous "uses: ...@main" entry in
.github/workflows/publish-soldeer.yaml), get the correct full commit SHA from
the rainlanguage/rainix repository, and update the "uses:" value to
"rainlanguage/rainix/.github/workflows/rainix-sol.yaml@<COMMIT_SHA>" (and
similarly replace the other `@main`) so the workflow is pinned to that exact
commit.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: e8a81b36-3dbe-4205-8244-05a9ef54a99a

📥 Commits

Reviewing files that changed from the base of the PR and between a6c3cf7 and b1f3f7b.

⛔ Files ignored due to path filters (1)

• flake.lock is excluded by !**/*.lock

📒 Files selected for processing (4)

• .github/workflows/rainix.yaml
• REUSE.toml
• flake.nix
• slither.config.json

[coderabbitai]

⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

ls -la .github/workflows || true
sed -n '1,120p' .github/workflows/rainix.yaml
echo "----"
rg -n --hidden --no-ignore -S "uses:\s*rainlanguage/rainix/\.github/workflows/.*@[^[:space:]]+" .github/workflows/rainix.yaml || true
rg -n --hidden --no-ignore -S "uses:\s*rainlanguage/rainix/\.github/workflows/.*@[^[:space:]]+" .github/workflows || true

Repository: rainlanguage/rain.raindex.interface

Length of output: 807

---

Pin the reusable workflow reference(s) to an immutable commit SHA
.github/workflows/rainix.yaml references rainlanguage/rainix/.github/workflows/rainix-sol.yaml@main, making CI behavior mutable. Pin it to a full commit SHA instead of @main (same @main pattern exists in .github/workflows/publish-soldeer.yaml).

Suggested fix

-    uses: rainlanguage/rainix/.github/workflows/rainix-sol.yaml@main
+    uses: rainlanguage/rainix/.github/workflows/rainix-sol.yaml@<full_commit_sha>

🧰 Tools

🪛 zizmor (1.25.2)

[error] 5-5: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)

(unpinned-uses)

---

[warning] 5-5: secrets unconditionally inherited by called workflow (secrets-inherit): this reusable workflow

(secrets-inherit)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/rainix.yaml at line 5, Replace the mutable reusable
workflow reference that uses
"rainlanguage/rainix/.github/workflows/rainix-sol.yaml@main" with an immutable
commit SHA; locate the "uses:
rainlanguage/rainix/.github/workflows/rainix-sol.yaml@main" entry in
.github/workflows/rainix.yaml (and the analogous "uses: ...@main" entry in
.github/workflows/publish-soldeer.yaml), get the correct full commit SHA from
the rainlanguage/rainix repository, and update the "uses:" value to
"rainlanguage/rainix/.github/workflows/rainix-sol.yaml@<COMMIT_SHA>" (and
similarly replace the other `@main`) so the workflow is pinned to that exact
commit.

[github-actions]

@coderabbitai assess this PR size classification for the totality of the PR with the following criterias and report it in your comment:

S/M/L PR Classification Guidelines:

This guide helps classify merged pull requests by effort and complexity rather than just line count. The goal is to assess the difficulty and scope of changes after they have been completed.

Small (S)

Characteristics:

• Simple bug fixes, typos, or minor refactoring
• Single-purpose changes affecting 1-2 files
• Documentation updates
• Configuration tweaks
• Changes that require minimal context to review

Review Effort: Would have taken 5-10 minutes

Examples:

• Fix typo in variable name
• Update README with new instructions
• Adjust configuration values
• Simple one-line bug fixes
• Import statement cleanup

Medium (M)

Characteristics:

• Feature additions or enhancements
• Refactoring that touches multiple files but maintains existing behavior
• Breaking changes with backward compatibility
• Changes requiring some domain knowledge to review

Review Effort: Would have taken 15-30 minutes

Examples:

• Add new feature or component
• Refactor common utility functions
• Update dependencies with minor breaking changes
• Add new component with tests
• Performance optimizations
• More complex bug fixes

Large (L)

Characteristics:

• Major feature implementations
• Breaking changes or API redesigns
• Complex refactoring across multiple modules
• New architectural patterns or significant design changes
• Changes requiring deep context and multiple review rounds

Review Effort: Would have taken 45+ minutes

Examples:

• Complete new feature with frontend/backend changes
• Protocol upgrades or breaking changes
• Major architectural refactoring
• Framework or technology upgrades

Additional Factors to Consider

When deciding between sizes, also consider:

• Test coverage impact: More comprehensive test changes lean toward larger classification
• Risk level: Changes to critical systems bump up a size category
• Team familiarity: Novel patterns or technologies increase complexity

Notes:

• the assessment must be for the totality of the PR, that means comparing the base branch to the last commit of the PR
• the assessment output must be exactly one of: S, M or L (single-line comment) in format of: SIZE={S/M/L}
• do not include any additional text, only the size classification
• your assessment comment must not include tips or additional sections
• do NOT tag me or anyone else on your comment

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

SIZE=M