Add fork runner

[pkoch]

Summary by CodeRabbit

• Chores
  • Enhanced local environment setup and testing infrastructure to support demonstration scenarios.

[coderabbitai]

Warning

Rate limit exceeded

@pkoch has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 3 minutes and 49 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 3abfe01 and 1b43555.

📒 Files selected for processing (1)

• script/initial-distribution/fork-run.sh

📝 Walkthrough

Walkthrough

A new Bash script is added to orchestrate a local Arbitrum fork demonstration. The script initializes an Anvil fork, deploys an ArbSys mock contract, patches CCA contract parameters, funds and validates disburser addresses with ETH and IDOS tokens, and executes npm scripts against the fork's RPC endpoint.

Changes

Cohort / File(s)	Summary
Fork Orchestration Script script/initial-distribution/fork-run.sh	New Bash script implementing a complete workflow for local Arbitrum fork setup, including Anvil fork initialization, ArbSys contract mocking, CCA contract patching, disburser address discovery and funding, IDOS token balance assignment, private key validation, and npm script execution against the fork RPC.

Sequence Diagram

sequenceDiagram
    participant Script as fork-run.sh
    participant Anvil as Anvil Fork
    participant ArbSys as ArbSys Contract
    participant CCA as CCA Contract
    participant Disburser as Disburser Addresses
    participant IDOS as IDOS Token
    participant NPM as NPM Scripts

    Script->>Anvil: Start fork
    Script->>Anvil: Wait for readiness
    Script->>ArbSys: Deploy mock ArbSys
    Script->>CCA: Patch endBlock/claimBlock
    Script->>Disburser: Discover addresses
    Script->>Disburser: Fund with ETH
    Script->>IDOS: Assign token balance to TDE disburser
    Script->>Disburser: Validate private keys
    Script->>NPM: Run claim-all-bids
    Script->>NPM: Run cca

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 A fork in the road, oh what a sight!
With Anvil we run, from morning to night,
ArbSys and CCA, patched just right,
Disbursers funded, keys shining bright,
Now tests can hop along, all through the night! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Add fork runner' directly describes the main change in the pull request—a new Bash script that orchestrates a local Arbitrum fork demo. It is concise and clearly summarizes the primary addition.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/fork-runner

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 3abfe01114

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[pkoch]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@script/initial-distribution/fork-run.sh`:
- Around line 85-90: After setting the storage slot and reading BALANCE via
`cast call "$IDOS_TOKEN" "balanceOf(address)(uint256)" "$TDE_DISBURSER"`, add a
hard check that compares BALANCE against the expected amount produced earlier
(use the same `cast to-wei 100000000` value or `TOKEN_AMOUNT_HEX` converted to
decimal) and if they differ print a clear error mentioning
IDOS_TOKEN/TDE_DISBURSER and exit non‑zero; this ensures the script fails fast
on storage-layout drift instead of continuing to `pnpm` steps when the funding
didn’t apply.
- Around line 30-34: The readiness loop using "until cast block-number --rpc-url
\"$ANVIL_RPC\"" can hang if Anvil dies, so add a timeout and a process-liveness
guard: record a start time (or use SECONDS), set a max wait (e.g.,
ANVIL_WAIT_TIMEOUT), and inside the loop check both that elapsed < timeout and
that the Anvil process is alive via "kill -0 $ANVIL_PID" (or equivalent); if
kill -0 fails or timeout is exceeded, print an error including $ANVIL_PID and
$ANVIL_PORT and exit nonzero; otherwise continue sleeping and retry the cast
call until success. Ensure you update the block that references ANVIL_RPC,
ANVIL_PID, and ANVIL_PORT.
- Around line 57-63: The code currently formats immutables as 8-byte hex
("%016x") causing potential collisions; change the printf calls that set
END_HEX, CLAIM_HEX, and PAST_HEX to use 32-byte/64-hex format ("%064x") so
immutables are patched as full uint256 words, and after formatting validate each
hex variable length == 64 (or exit with an error) before running the sed
replacement; keep the sed replacement and cast calls (cast code "$CCA" ... | sed
"s/$CLAIM_HEX/$PAST_HEX/g; s/$END_HEX/$PAST_HEX/g" and cast rpc anvil_setCode
"$CCA" ...) but only after ensuring END_HEX/CLAIM_HEX/PAST_HEX are full 64-hex
strings to avoid accidental partial matches.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7c2c51c and 3abfe01.

📒 Files selected for processing (1)

• script/initial-distribution/fork-run.sh

📜 Review details

🧰 Additional context used

🧠 Learnings (1)

📓 Common learnings

Learnt from: pkoch
Repo: idos-network/contracts PR: 18
File: script/initial-disbursement/src/vesting.ts:18-29
Timestamp: 2026-02-28T13:02:09.339Z
Learning: In the idos-network/contracts repository, the team uses their own Arbitrum node for RPC calls in scripts, so concurrent Promise.all patterns for multicalls are acceptable and rate-limiting concerns do not apply.

🪛 Gitleaks (8.30.0)

script/initial-distribution/fork-run.sh

[high] 21-21: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🔇 Additional comments (3)

script/initial-distribution/fork-run.sh (3)

1-22: Solid bootstrap and safety defaults.

set -euo pipefail, explicit constants, and clear section comments make this runner predictable and easy to operate.

---

96-112: Good preflight key-to-address validation.

These checks are a strong safeguard against running disbursement flows with the wrong signer keys.

---

114-122: Scoped RPC_URL usage is clean.

Overriding RPC_URL per command keeps the fork endpoint local to this run and avoids leaking environment changes.