Cairo add security contract field

.changeset/whole-buses-call.md

@@ -0,0 +1,6 @@
+---
+'@openzeppelin/wizard-cairo': patch
+---
+
+Add security contact in contract info
+

packages/core/cairo/src/contract.test.ts

@@ -3,6 +3,7 @@ import test from 'ava';
 import type { BaseFunction, BaseImplementedTrait, Component } from './contract';
 import { ContractBuilder } from './contract';
 import { printContract } from './print';
+import { TAG_SECURITY_CONTACT } from './set-info';
 
 const FOO_COMPONENT: Component = {
   name: 'FooComponent',
@@ -106,3 +107,9 @@ test('contract with sorted use clauses', t => {
   Foo.addUseClause('another::library', 'Foo', { alias: 'Custom1' });
   t.snapshot(printContract(Foo));
 });
+
+test('contract with info', t => {
+  const Foo = new ContractBuilder('Foo');
+  Foo.addDocumentationTag(TAG_SECURITY_CONTACT, '[email protected]');
+  t.snapshot(printContract(Foo));
+});

packages/core/cairo/src/contract.test.ts.md

@@ -231,3 +231,19 @@ Generated by [AVA](https://avajs.dev).
         }␊
     }␊
     `
+
+## contract with info
+
+> Snapshot 1
+
+    `// SPDX-License-Identifier: MIT␊
+    // Compatible with OpenZeppelin Contracts for Cairo ^1.0.0␊
+    ␊
+    /// @custom:security-contact [email protected]␊
+    #[starknet::contract]␊
+    mod Foo {␊
+        #[storage]␊
+        struct Storage {␊
+        }␊
+    }␊
+    `

packages/core/cairo/src/contract.ts

@@ -2,6 +2,7 @@ import { toIdentifier } from './utils/convert-strings';
 
 export interface Contract {
   license: string;
+  documentationTags: DocumentationTag[];
   name: string;
   account: boolean;
   useClauses: UseClause[];
@@ -97,12 +98,19 @@ export interface Argument {
   type?: string;
 }
 
+export interface DocumentationTag {
+  key: string;
+  value: string;
+}
+
 export class ContractBuilder implements Contract {
   readonly name: string;
   readonly account: boolean;
   license = 'MIT';
   upgradeable = false;
 
+  readonly documentationTags: DocumentationTag[] = [];
+
   readonly constructorArgs: Argument[] = [];
   readonly constructorCode: string[] = [];
 
@@ -298,4 +306,10 @@ export class ContractBuilder implements Contract {
   addInterfaceFlag(flag: string): void {
     this.interfaceFlagsSet.add(flag);
   }
+
+  addDocumentationTag(key: string, value: string) {
+    // eslint-disable-next-line no-useless-escape
+    if (!/^(@custom:)?[a-z][a-z\-]*$/.exec(key)) throw new Error(`Invalid documentation key: ${key}`);
+    this.documentationTags.push({ key, value });
+  }
 }

packages/core/cairo/src/print.ts

@@ -7,6 +7,7 @@ import type {
   ContractFunction,
   ImplementedTrait,
   UseClause,
+  DocumentationTag,
 } from './contract';
 
 import { formatLines, spaceBetween } from './utils/format-lines';
@@ -29,6 +30,7 @@ export function printContract(contract: Contract): string {
       ],
       printSuperVariables(contract),
       [
+        ...printDocumentationTags(contract.documentationTags),
         `${contractAttribute}`,
         `mod ${contract.name} {`,
         spaceBetween(
@@ -427,3 +429,7 @@ function printArgument(arg: Argument): string {
     return `${arg.name}`;
   }
 }
+
+function printDocumentationTags(tags: DocumentationTag[]): string[] {
+  return tags.map(({ key, value }) => `/// ${key} ${value}`);
+}

packages/core/cairo/src/set-info.ts

@@ -1,15 +1,22 @@
 import type { ContractBuilder } from './contract';
 
+export const TAG_SECURITY_CONTACT = `@custom:security-contact`;
+
 export const infoOptions = [{}, { license: 'WTFPL' }] as const;
 
 export const defaults: Info = { license: 'MIT' };
 
 export type Info = {
   license?: string;
+  securityContact?: string;
 };
 
 export function setInfo(c: ContractBuilder, info: Info): void {
-  const { license } = info;
+  const { securityContact, license } = info;
+
+  if (securityContact) {
+    c.addDocumentationTag(TAG_SECURITY_CONTACT, securityContact);
+  }
 
   if (license) {
     c.license = license;

packages/core/cairo_alpha/src/contract.test.ts

@@ -3,6 +3,7 @@ import test from 'ava';
 import type { BaseFunction, BaseImplementedTrait, Component } from './contract';
 import { ContractBuilder } from './contract';
 import { printContract } from './print';
+import { TAG_SECURITY_CONTACT } from './set-info';
 
 const FOO_COMPONENT: Component = {
   name: 'FooComponent',
@@ -106,3 +107,9 @@ test('contract with sorted use clauses', t => {
   Foo.addUseClause('another::library', 'Foo', { alias: 'Custom1' });
   t.snapshot(printContract(Foo));
 });
+
+test('contract with info', t => {
+  const Foo = new ContractBuilder('Foo');
+  Foo.addDocumentationTag(TAG_SECURITY_CONTACT, '[email protected]');
+  t.snapshot(printContract(Foo));
+});

packages/core/cairo_alpha/src/contract.test.ts.md

@@ -231,3 +231,19 @@ Generated by [AVA](https://avajs.dev).
         }␊
     }␊
     `
+
+## contract with info
+
+> Snapshot 1
+
+    `// SPDX-License-Identifier: MIT␊
+    // Compatible with OpenZeppelin Contracts for Cairo ^2.0.0-alpha.1␊
+    ␊
+    /// @custom:security-contact [email protected]␊
+    #[starknet::contract]␊
+    mod Foo {␊
+        #[storage]␊
+        struct Storage {␊
+        }␊
+    }␊
+    `

packages/core/cairo_alpha/src/contract.ts

@@ -2,6 +2,7 @@ import { toIdentifier } from './utils/convert-strings';
 
 export interface Contract {
   license: string;
+  documentationTags: DocumentationTag[];
   name: string;
   account: boolean;
   useClauses: UseClause[];
@@ -97,12 +98,19 @@ export interface Argument {
   type?: string;
 }
 
+export interface DocumentationTag {
+  key: string;
+  value: string;
+}
+
 export class ContractBuilder implements Contract {
   readonly name: string;
   readonly account: boolean;
   license = 'MIT';
   upgradeable = false;
 
+  readonly documentationTags: DocumentationTag[] = [];
+
   readonly constructorArgs: Argument[] = [];
   readonly constructorCode: string[] = [];
 
@@ -298,4 +306,10 @@ export class ContractBuilder implements Contract {
   addInterfaceFlag(flag: string): void {
     this.interfaceFlagsSet.add(flag);
   }
+
+  addDocumentationTag(key: string, value: string) {
+    // eslint-disable-next-line no-useless-escape
+    if (!/^(@custom:)?[a-z][a-z\-]*$/.exec(key)) throw new Error(`Invalid documentation key: ${key}`);
+    this.documentationTags.push({ key, value });
+  }
 }

packages/core/cairo_alpha/src/print.ts

@@ -7,6 +7,7 @@ import type {
   ContractFunction,
   ImplementedTrait,
   UseClause,
+  DocumentationTag,
 } from './contract';
 
 import { formatLines, spaceBetween } from './utils/format-lines';
@@ -29,6 +30,7 @@ export function printContract(contract: Contract): string {
       ],
       printSuperVariables(contract),
       [
+        ...printDocumentationTags(contract.documentationTags),
         `${contractAttribute}`,
         `mod ${contract.name} {`,
         spaceBetween(
@@ -427,3 +429,7 @@ function printArgument(arg: Argument): string {
     return `${arg.name}`;
   }
 }
+
+function printDocumentationTags(tags: DocumentationTag[]): string[] {
+  return tags.map(({ key, value }) => `/// ${key} ${value}`);
+}

packages/core/cairo_alpha/src/set-info.ts

@@ -1,15 +1,22 @@
 import type { ContractBuilder } from './contract';
 
+export const TAG_SECURITY_CONTACT = `@custom:security-contact`;
+
 export const infoOptions = [{}, { license: 'WTFPL' }] as const;
 
 export const defaults: Info = { license: 'MIT' };
 
 export type Info = {
   license?: string;
+  securityContact?: string;
 };
 
 export function setInfo(c: ContractBuilder, info: Info): void {
-  const { license } = info;
+  const { securityContact, license } = info;
+
+  if (securityContact) {
+    c.addDocumentationTag(TAG_SECURITY_CONTACT, securityContact);
+  }
 
   if (license) {
     c.license = license;

packages/core/cairo_alpha/src/utils/version.ts

@@ -14,4 +14,4 @@ export const scarbVersion = '2.11.4';
 /**
  * Semantic version string representing of the minimum compatible version of Contracts to display in output.
  */
-export const compatibleContractsSemver = '2.0.0-alpha.1';
+export const compatibleContractsSemver = '^2.0.0-alpha.1';

packages/ui/api/ai-assistant/function-definitions/cairo-alpha-shared.ts

@@ -11,6 +11,12 @@ const commonContractFunctionDescription = {
     type: 'object',
     description: 'Metadata about the contract and author',
     properties: {
+      securityContact: {
+        type: 'string',
+        description:
+          'Email where people can contact you to report security issues. Will only be visible if contract metadata is verified.',
+      },
+
       license: {
         type: 'string',
         description: 'The license used by the contract, default is "MIT"',

packages/ui/api/ai-assistant/function-definitions/cairo-shared.ts

@@ -11,6 +11,12 @@ const commonContractFunctionDescription = {
     type: 'object',
     description: 'Metadata about the contract and author',
     properties: {
+      securityContact: {
+        type: 'string',
+        description:
+          'Email where people can contact you to report security issues. Will only be visible if contract metadata is verified.',
+      },
+
       license: {
         type: 'string',
         description: 'The license used by the contract, default is "MIT"',

packages/ui/src/cairo/InfoSection.svelte

@@ -1,6 +1,7 @@
 <script lang="ts">
   import type { Info } from '@openzeppelin/wizard-cairo';
   import { infoDefaults } from '@openzeppelin/wizard-cairo';
+  import HelpTooltip from '../common/HelpTooltip.svelte';
 
   export let info: Info;
 </script>
@@ -13,6 +14,16 @@
     </label>
   </h1>
 
+  <label class="labeled-input">
+    <span class="flex justify-between pr-2">
+      Security Contact
+      <HelpTooltip>
+        Where people can contact you to report security issues. Will only be visible if contract metadata is verified.
+      </HelpTooltip>
+    </span>
+    <input bind:value={info.securityContact} placeholder="[email protected]" />
+  </label>
+
   <label class="labeled-input">
     <span>License</span>
     <input bind:value={info.license} placeholder={infoDefaults.license} />