From c8180a30f316d56ac53a70ea30e6265cebdbc5fb Mon Sep 17 00:00:00 2001
From: openhands <openhands@all-hands.dev>
Date: Sun, 12 Oct 2025 15:59:11 +0000
Subject: [PATCH 01/23] Add Woodpecker pipelines

---
 .woodpecker/ci.yml           |  53 +++++++++++++
 .woodpecker/contracts.yml    |  58 ++++++++++++++
 .woodpecker/e2e.yml          |  49 ++++++++++++
 .woodpecker/fuzz-nightly.yml |  35 +++++++++
 .woodpecker/release.yml      | 141 +++++++++++++++++++++++++++++++++++
 5 files changed, 336 insertions(+)
 create mode 100644 .woodpecker/ci.yml
 create mode 100644 .woodpecker/contracts.yml
 create mode 100644 .woodpecker/e2e.yml
 create mode 100644 .woodpecker/fuzz-nightly.yml
 create mode 100644 .woodpecker/release.yml

diff --git a/.woodpecker/ci.yml b/.woodpecker/ci.yml
new file mode 100644
index 0000000..0fef342
--- /dev/null
+++ b/.woodpecker/ci.yml
@@ -0,0 +1,53 @@
+kind: pipeline
+type: docker
+name: ci
+
+trigger:
+  event:
+    - push
+    - pull_request
+
+steps:
+  - name: node-quality
+    image: node:20-bullseye
+    environment:
+      CI: "true"
+    commands:
+      - set -eo pipefail
+      - npm config set fund false
+      - npm config set audit false
+      - npm ci --prefix kraiken-lib --no-audit --no-fund
+      - ./scripts/build-kraiken-lib.sh
+      - npm ci --prefix landing --no-audit --no-fund
+      - npm ci --prefix web-app --no-audit --no-fund
+      - npm ci --prefix services/ponder --no-audit --no-fund
+      - npm ci --prefix services/txnBot --no-audit --no-fund
+      - npm run lint --prefix kraiken-lib
+      - npm test --prefix kraiken-lib -- --runInBand
+      - npm run lint --prefix landing
+      - npm run build --prefix landing
+      - npm run lint --prefix web-app
+      - npm run test --prefix web-app -- --run
+      - npm run build --prefix web-app
+      - npm run lint --prefix services/ponder
+      - npm run build --prefix services/ponder
+      - npm run lint --prefix services/txnBot
+      - npm run test --prefix services/txnBot
+      - npm run build --prefix services/txnBot
+
+  - name: foundry-suite
+    image: ubuntu:22.04
+    environment:
+      FOUNDRY_DIR: /root/.foundry
+      PATH: /root/.foundry/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+    commands:
+      - set -eo pipefail
+      - apt-get update
+      - apt-get install -y curl git build-essential pkg-config libssl-dev
+      - curl -L https://foundry.paradigm.xyz | bash
+      - foundryup
+      - cd onchain
+      - forge --version
+      - forge build --sizes
+      - forge test -vvv
+      - forge snapshot
diff --git a/.woodpecker/contracts.yml b/.woodpecker/contracts.yml
new file mode 100644
index 0000000..30ed14c
--- /dev/null
+++ b/.woodpecker/contracts.yml
@@ -0,0 +1,58 @@
+kind: pipeline
+type: docker
+name: contracts-local-fork
+
+trigger:
+  event:
+    - push
+    - pull_request
+
+steps:
+  - name: forge-suite
+    image: ubuntu:22.04
+    environment:
+      FOUNDRY_DIR: /root/.foundry
+      PATH: /root/.foundry/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+      HARB_ENV: BASE_SEPOLIA_LOCAL_FORK
+    commands:
+      - set -eo pipefail
+      - apt-get update
+      - apt-get install -y curl git build-essential pkg-config libssl-dev
+      - curl -L https://foundry.paradigm.xyz | bash
+      - foundryup
+      - cd onchain
+      - forge build
+      - forge test -vv --ffi
+      - forge snapshot
+
+---
+
+kind: pipeline
+type: docker
+name: contracts-base-sepolia
+
+trigger:
+  event:
+    - push
+    - pull_request
+
+steps:
+  - name: forge-suite
+    image: ubuntu:22.04
+    environment:
+      FOUNDRY_DIR: /root/.foundry
+      PATH: /root/.foundry/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+      HARB_ENV: BASE_SEPOLIA
+      BASE_SEPOLIA_RPC:
+        from_secret: base_sepolia_rpc
+    commands:
+      - set -eo pipefail
+      - apt-get update
+      - apt-get install -y curl git build-essential pkg-config libssl-dev
+      - curl -L https://foundry.paradigm.xyz | bash
+      - foundryup
+      - cd onchain
+      - export BASE_SEPOLIA_RPC="$BASE_SEPOLIA_RPC"
+      - forge build
+      - forge test -vv --ffi
+      - forge snapshot
diff --git a/.woodpecker/e2e.yml b/.woodpecker/e2e.yml
new file mode 100644
index 0000000..8100082
--- /dev/null
+++ b/.woodpecker/e2e.yml
@@ -0,0 +1,49 @@
+kind: pipeline
+type: exec
+name: e2e
+
+node:
+  podman: "true"
+
+trigger:
+  event:
+    - push
+    - pull_request
+
+steps:
+  - name: run-e2e
+    environment:
+      HARB_ENV: BASE_SEPOLIA_LOCAL_FORK
+      SKIP_WATCH: "1"
+    commands:
+      - bash -lc '
+          set -euo pipefail
+          npm config set fund false
+          npm config set audit false
+          npm ci --prefix kraiken-lib --no-audit --no-fund
+          ./scripts/build-kraiken-lib.sh
+          npm ci --prefix landing --no-audit --no-fund
+          npm ci --prefix web-app --no-audit --no-fund
+          npm ci --prefix services/ponder --no-audit --no-fund
+          npm ci --prefix services/txnBot --no-audit --no-fund
+          npm ci --no-audit --no-fund
+          npx playwright install chromium
+          trap "./scripts/dev.sh stop || true" EXIT
+          ./scripts/dev.sh start
+          timeout 180 bash -lc "until curl -sf http://localhost:8081/api/graphql > /dev/null; do sleep 3; done"
+          npm run test:e2e
+        '
+
+  - name: collect-artifacts
+    when:
+      status:
+        - success
+        - failure
+    commands:
+      - bash -lc '
+          set -euo pipefail
+          mkdir -p artifacts
+          if [ -d playwright-report ]; then tar -czf artifacts/playwright-report.tgz playwright-report; fi
+          if [ -d test-results ]; then tar -czf artifacts/test-results.tgz test-results; fi
+          if [ -d logs ]; then tar -czf artifacts/stack-logs.tgz logs; fi
+        '
diff --git a/.woodpecker/fuzz-nightly.yml b/.woodpecker/fuzz-nightly.yml
new file mode 100644
index 0000000..578717a
--- /dev/null
+++ b/.woodpecker/fuzz-nightly.yml
@@ -0,0 +1,35 @@
+kind: pipeline
+type: docker
+name: fuzz-nightly
+
+trigger:
+  event:
+    - cron
+
+steps:
+  - name: fuzz
+    image: ubuntu:22.04
+    environment:
+      FOUNDRY_DIR: /root/.foundry
+      PATH: /root/.foundry/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+    commands:
+      - set -eo pipefail
+      - apt-get update
+      - apt-get install -y curl git build-essential bc
+      - curl -L https://foundry.paradigm.xyz | bash
+      - foundryup
+      - cd onchain
+      - forge --version
+      - ./analysis/run-fuzzing.sh BullMarketOptimizer runs=75
+
+  - name: package-results
+    image: alpine:3.20
+    when:
+      status:
+        - success
+        - failure
+    commands:
+      - set -eo pipefail
+      - apk add --no-cache tar
+      - mkdir -p artifacts
+      - if [ -d onchain/analysis ]; then tar -czf artifacts/fuzz-results.tgz onchain/analysis; fi
diff --git a/.woodpecker/release.yml b/.woodpecker/release.yml
new file mode 100644
index 0000000..a6b0783
--- /dev/null
+++ b/.woodpecker/release.yml
@@ -0,0 +1,141 @@
+kind: pipeline
+type: exec
+name: release
+
+node:
+  podman: "true"
+
+trigger:
+  event:
+    - tag
+
+steps:
+  - name: version-check
+    commands:
+      - bash -lc '
+          set -euo pipefail
+          npm config set fund false
+          npm config set audit false
+          npm ci --prefix kraiken-lib --no-audit --no-fund
+          ./scripts/build-kraiken-lib.sh
+          node <<\"NODE\"
+          import fs from \"fs\";
+
+          const sol = fs.readFileSync(\"onchain/src/Kraiken.sol\", \"utf8\");
+          const lib = fs.readFileSync(\"kraiken-lib/src/version.ts\", \"utf8\");
+
+          const contractVersionMatch = sol.match(/VERSION\\s*=\\s*(\\d+)/);
+          if (!contractVersionMatch) {
+            console.error(\"Unable to find VERSION constant in Kraiken.sol\");
+            process.exit(1);
+          }
+          const contractVersion = Number(contractVersionMatch[1]);
+
+          const libVersionMatch = lib.match(/KRAIKEN_LIB_VERSION\\s*=\\s*(\\d+)/);
+          if (!libVersionMatch) {
+            console.error(\"Unable to find KRAIKEN_LIB_VERSION in kraiken-lib/src/version.ts\");
+            process.exit(1);
+          }
+          const libVersion = Number(libVersionMatch[1]);
+
+          const compatMatch = lib.match(/COMPATIBLE_CONTRACT_VERSIONS\\s*=\\s*\\[([^\\]]*)\\]/);
+          if (!compatMatch) {
+            console.error(\"Unable to find COMPATIBLE_CONTRACT_VERSIONS in kraiken-lib/src/version.ts\");
+            process.exit(1);
+          }
+          const compatibleVersions = compatMatch[1]
+            .split(\",\")
+            .map(v => v.trim())
+            .filter(Boolean)
+            .map(Number);
+
+          if (contractVersion !== libVersion) {
+            console.error(`Contract VERSION (${contractVersion}) and KRAIKEN_LIB_VERSION (${libVersion}) differ`);
+            process.exit(1);
+          }
+          if (!compatibleVersions.includes(contractVersion)) {
+            console.error(`Contract VERSION ${contractVersion} missing from COMPATIBLE_CONTRACT_VERSIONS [${compatibleVersions.join(\", \")}]`);
+            process.exit(1);
+          }
+
+          console.log(`Version check passed for VERSION ${contractVersion}`);
+          NODE
+        '
+
+  - name: build-artifacts
+    commands:
+      - bash -lc '
+          set -euo pipefail
+          npm config set fund false
+          npm config set audit false
+          npm ci --prefix kraiken-lib --no-audit --no-fund
+          ./scripts/build-kraiken-lib.sh
+          npm ci --prefix landing --no-audit --no-fund
+          npm ci --prefix web-app --no-audit --no-fund
+          npm ci --prefix services/ponder --no-audit --no-fund
+          npm ci --prefix services/txnBot --no-audit --no-fund
+          npm ci --no-audit --no-fund
+          export PATH=\"${HOME}/.foundry/bin:${PATH}\"
+          if ! command -v forge >/dev/null 2>&1; then
+            curl -L https://foundry.paradigm.xyz | bash
+            foundryup
+          else
+            foundryup
+          fi
+          forge --version
+          (cd onchain && forge build)
+          npm run build --prefix landing
+          npm run build --prefix web-app
+          npm run build --prefix services/ponder
+          npm run build --prefix services/txnBot
+          rm -rf release
+          mkdir -p release/dist
+          cp -r onchain/out release/dist/abi
+          cp -r kraiken-lib/dist release/dist/kraiken-lib
+          cp -r landing/dist release/dist/landing
+          cp -r web-app/dist release/dist/web-app
+          cp -r services/txnBot/dist release/dist/txn-bot
+          if [ -d services/ponder/generated ]; then
+            cp -r services/ponder/generated release/dist/ponder-generated
+          fi
+          tar -czf release-bundle.tgz -C release dist
+        '
+
+  - name: podman-publish
+    environment:
+      REGISTRY_SERVER:
+        from_secret: registry_server
+      REGISTRY_NAMESPACE:
+        from_secret: registry_namespace
+      REGISTRY_USERNAME:
+        from_secret: registry_username
+      REGISTRY_PASSWORD:
+        from_secret: registry_password
+    commands:
+      - bash -lc '
+          set -euo pipefail
+          if [ -z \"${CI_COMMIT_TAG:-}\" ]; then
+            echo \"CI_COMMIT_TAG not set\" >&2
+            exit 1
+          fi
+          if [ -z \"${REGISTRY_SERVER:-}\" ] || [ -z \"${REGISTRY_NAMESPACE:-}\" ]; then
+            echo \"Registry server or namespace missing\" >&2
+            exit 1
+          fi
+          export TAG=\"${CI_COMMIT_TAG#refs/tags/}\"
+          export COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-harb}
+          podman login \"$REGISTRY_SERVER\" -u \"$REGISTRY_USERNAME\" -p \"$REGISTRY_PASSWORD\"
+          podman-compose build ponder webapp landing txn-bot
+          for service in ponder webapp landing txn-bot; do
+            image=$(podman image ls --filter \"label=com.docker.compose.project=${COMPOSE_PROJECT_NAME}\" --filter \"label=com.docker.compose.service=${service}\" --format \"{{.Repository}}:{{ .Tag }}\" | head -n1)
+            if [ -z \"$image\" ]; then
+              echo \"Unable to find built image for $service\" >&2
+              exit 1
+            fi
+            target=\"${REGISTRY_SERVER}/${REGISTRY_NAMESPACE}/${service}\"
+            podman tag \"$image\" \"${target}:${TAG}\"
+            podman push \"${target}:${TAG}\"
+            podman tag \"${target}:${TAG}\" \"${target}:latest\"
+            podman push \"${target}:latest\"
+          done
+        '

From 66cfaed35573af69b20e7f632183ee3697dffcf4 Mon Sep 17 00:00:00 2001
From: openhands <openhands@all-hands.dev>
Date: Sun, 12 Oct 2025 16:11:17 +0000
Subject: [PATCH 02/23] Refine Woodpecker e2e workflow

---
 .woodpecker/e2e.yml | 67 +++++++++++++++++++++++++++------------------
 1 file changed, 41 insertions(+), 26 deletions(-)

diff --git a/.woodpecker/e2e.yml b/.woodpecker/e2e.yml
index 8100082..d4d706d 100644
--- a/.woodpecker/e2e.yml
+++ b/.woodpecker/e2e.yml
@@ -1,8 +1,8 @@
 kind: pipeline
-type: exec
+type: docker
 name: e2e
 
-node:
+labels:
   podman: "true"
 
 trigger:
@@ -10,40 +10,55 @@ trigger:
     - push
     - pull_request
 
+environment:
+  PNPM_HOME: /root/.local/share/pnpm
+  PATH: /root/.local/share/pnpm:/root/.local/bin:/usr/local/bin:/usr/bin:/bin
+
 steps:
   - name: run-e2e
+    image: mcr.microsoft.com/playwright:v1.56.0-jammy
+    pull: true
+    privileged: true
     environment:
       HARB_ENV: BASE_SEPOLIA_LOCAL_FORK
       SKIP_WATCH: "1"
+      XDG_RUNTIME_DIR: /tmp/podman-run
     commands:
-      - bash -lc '
-          set -euo pipefail
-          npm config set fund false
-          npm config set audit false
-          npm ci --prefix kraiken-lib --no-audit --no-fund
-          ./scripts/build-kraiken-lib.sh
-          npm ci --prefix landing --no-audit --no-fund
-          npm ci --prefix web-app --no-audit --no-fund
-          npm ci --prefix services/ponder --no-audit --no-fund
-          npm ci --prefix services/txnBot --no-audit --no-fund
-          npm ci --no-audit --no-fund
-          npx playwright install chromium
-          trap "./scripts/dev.sh stop || true" EXIT
-          ./scripts/dev.sh start
-          timeout 180 bash -lc "until curl -sf http://localhost:8081/api/graphql > /dev/null; do sleep 3; done"
-          npm run test:e2e
-        '
+      - |
+        set -euo pipefail
+        export DEBIAN_FRONTEND=noninteractive
+        mkdir -p "${XDG_RUNTIME_DIR}"
+        apt-get update
+        apt-get install -y podman python3-pip curl jq ca-certificates
+        python3 -m pip install --no-cache-dir podman-compose
+        npm config set fund false
+        npm config set audit false
+        npm ci --prefix kraiken-lib --no-audit --no-fund
+        ./scripts/build-kraiken-lib.sh
+        npm ci --prefix landing --no-audit --no-fund
+        npm ci --prefix web-app --no-audit --no-fund
+        npm ci --prefix services/ponder --no-audit --no-fund
+        npm ci --prefix services/txnBot --no-audit --no-fund
+        npm ci --no-audit --no-fund
+        npx playwright install chromium
+        trap "./scripts/dev.sh stop || true" EXIT
+        ./scripts/dev.sh start
+        timeout 240 bash -c 'until curl -sf http://localhost:8081/api/graphql > /dev/null; do sleep 3; done'
+        npm run test:e2e
 
   - name: collect-artifacts
+    image: alpine:3.20
+    depends_on:
+      - run-e2e
     when:
       status:
         - success
         - failure
     commands:
-      - bash -lc '
-          set -euo pipefail
-          mkdir -p artifacts
-          if [ -d playwright-report ]; then tar -czf artifacts/playwright-report.tgz playwright-report; fi
-          if [ -d test-results ]; then tar -czf artifacts/test-results.tgz test-results; fi
-          if [ -d logs ]; then tar -czf artifacts/stack-logs.tgz logs; fi
-        '
+      - |
+        set -euo pipefail
+        apk add --no-cache tar gzip
+        mkdir -p artifacts
+        if [ -d playwright-report ]; then tar -czf artifacts/playwright-report.tgz playwright-report; fi
+        if [ -d test-results ]; then tar -czf artifacts/test-results.tgz test-results; fi
+        if [ -d logs ]; then tar -czf artifacts/stack-logs.tgz logs; fi

From 3195ab872504ee568a55ba52be90682c9de40d08 Mon Sep 17 00:00:00 2001
From: openhands <openhands@all-hands.dev>
Date: Sun, 12 Oct 2025 16:17:46 +0000
Subject: [PATCH 03/23] Use simple runtime dir expansion in e2e workflow

---
 .woodpecker/e2e.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.woodpecker/e2e.yml b/.woodpecker/e2e.yml
index d4d706d..3482276 100644
--- a/.woodpecker/e2e.yml
+++ b/.woodpecker/e2e.yml
@@ -27,7 +27,7 @@ steps:
       - |
         set -euo pipefail
         export DEBIAN_FRONTEND=noninteractive
-        mkdir -p "${XDG_RUNTIME_DIR}"
+        mkdir -p "$XDG_RUNTIME_DIR"
         apt-get update
         apt-get install -y podman python3-pip curl jq ca-certificates
         python3 -m pip install --no-cache-dir podman-compose

From f5617ad9bf2f5179adcec629205a88469ac9fafe Mon Sep 17 00:00:00 2001
From: openhands <openhands@all-hands.dev>
Date: Sun, 12 Oct 2025 16:18:58 +0000
Subject: [PATCH 04/23] Scope PATH setup to e2e step

---
 .woodpecker/e2e.yml | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/.woodpecker/e2e.yml b/.woodpecker/e2e.yml
index 3482276..0ea9c98 100644
--- a/.woodpecker/e2e.yml
+++ b/.woodpecker/e2e.yml
@@ -10,16 +10,14 @@ trigger:
     - push
     - pull_request
 
-environment:
-  PNPM_HOME: /root/.local/share/pnpm
-  PATH: /root/.local/share/pnpm:/root/.local/bin:/usr/local/bin:/usr/bin:/bin
-
 steps:
   - name: run-e2e
     image: mcr.microsoft.com/playwright:v1.56.0-jammy
     pull: true
     privileged: true
     environment:
+      PNPM_HOME: /root/.local/share/pnpm
+      PATH: /root/.local/share/pnpm:/root/.local/bin:/usr/local/bin:/usr/bin:/bin
       HARB_ENV: BASE_SEPOLIA_LOCAL_FORK
       SKIP_WATCH: "1"
       XDG_RUNTIME_DIR: /tmp/podman-run

From 31728401ce2060de950dc8e632fa6e5788a551e9 Mon Sep 17 00:00:00 2001
From: openhands <openhands@all-hands.dev>
Date: Sun, 12 Oct 2025 16:26:33 +0000
Subject: [PATCH 05/23] Remove shell brace expansions in release workflow

---
 .woodpecker/release.yml | 33 ++++++++++++++++++---------------
 1 file changed, 18 insertions(+), 15 deletions(-)

diff --git a/.woodpecker/release.yml b/.woodpecker/release.yml
index a6b0783..07d1673 100644
--- a/.woodpecker/release.yml
+++ b/.woodpecker/release.yml
@@ -50,15 +50,15 @@ steps:
             .map(Number);
 
           if (contractVersion !== libVersion) {
-            console.error(`Contract VERSION (${contractVersion}) and KRAIKEN_LIB_VERSION (${libVersion}) differ`);
+            console.error('Contract VERSION (' + contractVersion + ') and KRAIKEN_LIB_VERSION (' + libVersion + ') differ');
             process.exit(1);
           }
           if (!compatibleVersions.includes(contractVersion)) {
-            console.error(`Contract VERSION ${contractVersion} missing from COMPATIBLE_CONTRACT_VERSIONS [${compatibleVersions.join(\", \")}]`);
+            console.error('Contract VERSION ' + contractVersion + ' missing from COMPATIBLE_CONTRACT_VERSIONS [' + compatibleVersions.join(", ") + ']');
             process.exit(1);
           }
 
-          console.log(`Version check passed for VERSION ${contractVersion}`);
+          console.log('Version check passed for VERSION ' + contractVersion);
           NODE
         '
 
@@ -75,7 +75,7 @@ steps:
           npm ci --prefix services/ponder --no-audit --no-fund
           npm ci --prefix services/txnBot --no-audit --no-fund
           npm ci --no-audit --no-fund
-          export PATH=\"${HOME}/.foundry/bin:${PATH}\"
+          export PATH=\"$HOME/.foundry/bin:$PATH\"
           if ! command -v forge >/dev/null 2>&1; then
             curl -L https://foundry.paradigm.xyz | bash
             foundryup
@@ -113,29 +113,32 @@ steps:
         from_secret: registry_password
     commands:
       - bash -lc '
-          set -euo pipefail
-          if [ -z \"${CI_COMMIT_TAG:-}\" ]; then
+          set -eo pipefail
+          if [ -z \"$CI_COMMIT_TAG\" ]; then
             echo \"CI_COMMIT_TAG not set\" >&2
             exit 1
           fi
-          if [ -z \"${REGISTRY_SERVER:-}\" ] || [ -z \"${REGISTRY_NAMESPACE:-}\" ]; then
+          if [ -z \"$REGISTRY_SERVER\" ] || [ -z \"$REGISTRY_NAMESPACE\" ]; then
             echo \"Registry server or namespace missing\" >&2
             exit 1
           fi
-          export TAG=\"${CI_COMMIT_TAG#refs/tags/}\"
-          export COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-harb}
+          TAG=$(printf '%s' \"$CI_COMMIT_TAG\" | sed 's#^refs/tags/##')
+          export TAG
+          if [ -z \"$COMPOSE_PROJECT_NAME\" ]; then
+            COMPOSE_PROJECT_NAME=\"harb\"
+          fi
           podman login \"$REGISTRY_SERVER\" -u \"$REGISTRY_USERNAME\" -p \"$REGISTRY_PASSWORD\"
           podman-compose build ponder webapp landing txn-bot
           for service in ponder webapp landing txn-bot; do
-            image=$(podman image ls --filter \"label=com.docker.compose.project=${COMPOSE_PROJECT_NAME}\" --filter \"label=com.docker.compose.service=${service}\" --format \"{{.Repository}}:{{ .Tag }}\" | head -n1)
+            image=$(podman image ls --filter \"label=com.docker.compose.project=$COMPOSE_PROJECT_NAME\" --filter \"label=com.docker.compose.service=$service\" --format \"{{.Repository}}:{{ .Tag }}\" | head -n1)
             if [ -z \"$image\" ]; then
               echo \"Unable to find built image for $service\" >&2
               exit 1
             fi
-            target=\"${REGISTRY_SERVER}/${REGISTRY_NAMESPACE}/${service}\"
-            podman tag \"$image\" \"${target}:${TAG}\"
-            podman push \"${target}:${TAG}\"
-            podman tag \"${target}:${TAG}\" \"${target}:latest\"
-            podman push \"${target}:latest\"
+            target=\"$REGISTRY_SERVER/$REGISTRY_NAMESPACE/$service\"
+            podman tag \"$image\" \"$target:$TAG\"
+            podman push \"$target:$TAG\"
+            podman tag \"$target:$TAG\" \"$target:latest\"
+            podman push \"$target:latest\"
           done
         '

From 12f322d4415096c8a67d6b76e10aecba8623475e Mon Sep 17 00:00:00 2001
From: openhands <openhands@all-hands.dev>
Date: Sun, 12 Oct 2025 16:28:39 +0000
Subject: [PATCH 06/23] Run release workflow in containerized steps

---
 .woodpecker/release.yml | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/.woodpecker/release.yml b/.woodpecker/release.yml
index 07d1673..730ae20 100644
--- a/.woodpecker/release.yml
+++ b/.woodpecker/release.yml
@@ -1,8 +1,8 @@
 kind: pipeline
-type: exec
+type: docker
 name: release
 
-node:
+labels:
   podman: "true"
 
 trigger:
@@ -11,6 +11,8 @@ trigger:
 
 steps:
   - name: version-check
+    image: node:20-bullseye
+    pull: true
     commands:
       - bash -lc '
           set -euo pipefail
@@ -63,9 +65,13 @@ steps:
         '
 
   - name: build-artifacts
+    image: node:20-bullseye
+    pull: true
     commands:
       - bash -lc '
           set -euo pipefail
+          apt-get update
+          apt-get install -y curl build-essential pkg-config libssl-dev
           npm config set fund false
           npm config set audit false
           npm ci --prefix kraiken-lib --no-audit --no-fund
@@ -102,6 +108,9 @@ steps:
         '
 
   - name: podman-publish
+    image: mcr.microsoft.com/playwright:v1.56.0-jammy
+    pull: true
+    privileged: true
     environment:
       REGISTRY_SERVER:
         from_secret: registry_server
@@ -114,6 +123,10 @@ steps:
     commands:
       - bash -lc '
           set -eo pipefail
+          export DEBIAN_FRONTEND=noninteractive
+          apt-get update
+          apt-get install -y podman python3-pip curl jq ca-certificates
+          python3 -m pip install --no-cache-dir podman-compose
           if [ -z \"$CI_COMMIT_TAG\" ]; then
             echo \"CI_COMMIT_TAG not set\" >&2
             exit 1

From 06b5f6302c757326fdbaa74f02cfdba9edffe95a Mon Sep 17 00:00:00 2001
From: openhands <openhands@all-hands.dev>
Date: Sun, 12 Oct 2025 16:52:44 +0000
Subject: [PATCH 07/23] Tune release workflow filters

---
 .woodpecker/release.yml | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/.woodpecker/release.yml b/.woodpecker/release.yml
index 730ae20..0cbe85a 100644
--- a/.woodpecker/release.yml
+++ b/.woodpecker/release.yml
@@ -5,14 +5,15 @@ name: release
 labels:
   podman: "true"
 
-trigger:
-  event:
-    - tag
+when:
+  - event: tag
 
 steps:
   - name: version-check
     image: node:20-bullseye
     pull: true
+    when:
+      - event: tag
     commands:
       - bash -lc '
           set -euo pipefail
@@ -67,6 +68,10 @@ steps:
   - name: build-artifacts
     image: node:20-bullseye
     pull: true
+    depends_on:
+      - version-check
+    when:
+      - event: tag
     commands:
       - bash -lc '
           set -euo pipefail
@@ -111,6 +116,10 @@ steps:
     image: mcr.microsoft.com/playwright:v1.56.0-jammy
     pull: true
     privileged: true
+    depends_on:
+      - build-artifacts
+    when:
+      - event: tag
     environment:
       REGISTRY_SERVER:
         from_secret: registry_server

From 3915e121bde49fc06067413ea0c53f0a8569556f Mon Sep 17 00:00:00 2001
From: openhands <openhands@all-hands.dev>
Date: Sun, 12 Oct 2025 16:56:42 +0000
Subject: [PATCH 08/23] Wrap docker steps in bash shells

---
 .woodpecker/ci.yml           | 66 +++++++++++++++++++-----------------
 .woodpecker/contracts.yml    | 42 ++++++++++++-----------
 .woodpecker/fuzz-nightly.yml | 20 ++++++-----
 3 files changed, 69 insertions(+), 59 deletions(-)

diff --git a/.woodpecker/ci.yml b/.woodpecker/ci.yml
index 0fef342..d8cde3f 100644
--- a/.woodpecker/ci.yml
+++ b/.woodpecker/ci.yml
@@ -13,27 +13,29 @@ steps:
     environment:
       CI: "true"
     commands:
-      - set -eo pipefail
-      - npm config set fund false
-      - npm config set audit false
-      - npm ci --prefix kraiken-lib --no-audit --no-fund
-      - ./scripts/build-kraiken-lib.sh
-      - npm ci --prefix landing --no-audit --no-fund
-      - npm ci --prefix web-app --no-audit --no-fund
-      - npm ci --prefix services/ponder --no-audit --no-fund
-      - npm ci --prefix services/txnBot --no-audit --no-fund
-      - npm run lint --prefix kraiken-lib
-      - npm test --prefix kraiken-lib -- --runInBand
-      - npm run lint --prefix landing
-      - npm run build --prefix landing
-      - npm run lint --prefix web-app
-      - npm run test --prefix web-app -- --run
-      - npm run build --prefix web-app
-      - npm run lint --prefix services/ponder
-      - npm run build --prefix services/ponder
-      - npm run lint --prefix services/txnBot
-      - npm run test --prefix services/txnBot
-      - npm run build --prefix services/txnBot
+      - bash -lc '
+          set -euo pipefail
+          npm config set fund false
+          npm config set audit false
+          npm ci --prefix kraiken-lib --no-audit --no-fund
+          ./scripts/build-kraiken-lib.sh
+          npm ci --prefix landing --no-audit --no-fund
+          npm ci --prefix web-app --no-audit --no-fund
+          npm ci --prefix services/ponder --no-audit --no-fund
+          npm ci --prefix services/txnBot --no-audit --no-fund
+          npm run lint --prefix kraiken-lib
+          npm test --prefix kraiken-lib -- --runInBand
+          npm run lint --prefix landing
+          npm run build --prefix landing
+          npm run lint --prefix web-app
+          npm run test --prefix web-app -- --run
+          npm run build --prefix web-app
+          npm run lint --prefix services/ponder
+          npm run build --prefix services/ponder
+          npm run lint --prefix services/txnBot
+          npm run test --prefix services/txnBot
+          npm run build --prefix services/txnBot
+        '
 
   - name: foundry-suite
     image: ubuntu:22.04
@@ -41,13 +43,15 @@ steps:
       FOUNDRY_DIR: /root/.foundry
       PATH: /root/.foundry/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
     commands:
-      - set -eo pipefail
-      - apt-get update
-      - apt-get install -y curl git build-essential pkg-config libssl-dev
-      - curl -L https://foundry.paradigm.xyz | bash
-      - foundryup
-      - cd onchain
-      - forge --version
-      - forge build --sizes
-      - forge test -vvv
-      - forge snapshot
+      - bash -lc '
+          set -euo pipefail
+          apt-get update
+          apt-get install -y curl git build-essential pkg-config libssl-dev
+          curl -L https://foundry.paradigm.xyz | bash
+          foundryup
+          cd onchain
+          forge --version
+          forge build --sizes
+          forge test -vvv
+          forge snapshot
+        '
diff --git a/.woodpecker/contracts.yml b/.woodpecker/contracts.yml
index 30ed14c..9fbe96b 100644
--- a/.woodpecker/contracts.yml
+++ b/.woodpecker/contracts.yml
@@ -15,15 +15,17 @@ steps:
       PATH: /root/.foundry/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
       HARB_ENV: BASE_SEPOLIA_LOCAL_FORK
     commands:
-      - set -eo pipefail
-      - apt-get update
-      - apt-get install -y curl git build-essential pkg-config libssl-dev
-      - curl -L https://foundry.paradigm.xyz | bash
-      - foundryup
-      - cd onchain
-      - forge build
-      - forge test -vv --ffi
-      - forge snapshot
+      - bash -lc '
+          set -euo pipefail
+          apt-get update
+          apt-get install -y curl git build-essential pkg-config libssl-dev
+          curl -L https://foundry.paradigm.xyz | bash
+          foundryup
+          cd onchain
+          forge build
+          forge test -vv --ffi
+          forge snapshot
+        '
 
 ---
 
@@ -46,13 +48,15 @@ steps:
       BASE_SEPOLIA_RPC:
         from_secret: base_sepolia_rpc
     commands:
-      - set -eo pipefail
-      - apt-get update
-      - apt-get install -y curl git build-essential pkg-config libssl-dev
-      - curl -L https://foundry.paradigm.xyz | bash
-      - foundryup
-      - cd onchain
-      - export BASE_SEPOLIA_RPC="$BASE_SEPOLIA_RPC"
-      - forge build
-      - forge test -vv --ffi
-      - forge snapshot
+      - bash -lc '
+          set -euo pipefail
+          apt-get update
+          apt-get install -y curl git build-essential pkg-config libssl-dev
+          curl -L https://foundry.paradigm.xyz | bash
+          foundryup
+          cd onchain
+          export BASE_SEPOLIA_RPC="$BASE_SEPOLIA_RPC"
+          forge build
+          forge test -vv --ffi
+          forge snapshot
+        '
diff --git a/.woodpecker/fuzz-nightly.yml b/.woodpecker/fuzz-nightly.yml
index 578717a..388f908 100644
--- a/.woodpecker/fuzz-nightly.yml
+++ b/.woodpecker/fuzz-nightly.yml
@@ -13,14 +13,16 @@ steps:
       FOUNDRY_DIR: /root/.foundry
       PATH: /root/.foundry/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
     commands:
-      - set -eo pipefail
-      - apt-get update
-      - apt-get install -y curl git build-essential bc
-      - curl -L https://foundry.paradigm.xyz | bash
-      - foundryup
-      - cd onchain
-      - forge --version
-      - ./analysis/run-fuzzing.sh BullMarketOptimizer runs=75
+      - bash -lc '
+          set -euo pipefail
+          apt-get update
+          apt-get install -y curl git build-essential bc
+          curl -L https://foundry.paradigm.xyz | bash
+          foundryup
+          cd onchain
+          forge --version
+          ./analysis/run-fuzzing.sh BullMarketOptimizer runs=75
+        '
 
   - name: package-results
     image: alpine:3.20
@@ -29,7 +31,7 @@ steps:
         - success
         - failure
     commands:
-      - set -eo pipefail
+      - set -e
       - apk add --no-cache tar
       - mkdir -p artifacts
       - if [ -d onchain/analysis ]; then tar -czf artifacts/fuzz-results.tgz onchain/analysis; fi

From c2f1690b0d53c151c7e37decc467bb7aa981d07f Mon Sep 17 00:00:00 2001
From: openhands <openhands@all-hands.dev>
Date: Sun, 12 Oct 2025 16:59:55 +0000
Subject: [PATCH 09/23] Preserve multiline bash scripts in pipelines

---
 .woodpecker/ci.yml           | 6 ++++--
 .woodpecker/contracts.yml    | 6 ++++--
 .woodpecker/fuzz-nightly.yml | 3 ++-
 3 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/.woodpecker/ci.yml b/.woodpecker/ci.yml
index d8cde3f..4986b1b 100644
--- a/.woodpecker/ci.yml
+++ b/.woodpecker/ci.yml
@@ -13,7 +13,8 @@ steps:
     environment:
       CI: "true"
     commands:
-      - bash -lc '
+      - |
+        bash -lc '
           set -euo pipefail
           npm config set fund false
           npm config set audit false
@@ -43,7 +44,8 @@ steps:
       FOUNDRY_DIR: /root/.foundry
       PATH: /root/.foundry/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
     commands:
-      - bash -lc '
+      - |
+        bash -lc '
           set -euo pipefail
           apt-get update
           apt-get install -y curl git build-essential pkg-config libssl-dev
diff --git a/.woodpecker/contracts.yml b/.woodpecker/contracts.yml
index 9fbe96b..7b3b9f6 100644
--- a/.woodpecker/contracts.yml
+++ b/.woodpecker/contracts.yml
@@ -15,7 +15,8 @@ steps:
       PATH: /root/.foundry/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
       HARB_ENV: BASE_SEPOLIA_LOCAL_FORK
     commands:
-      - bash -lc '
+      - |
+        bash -lc '
           set -euo pipefail
           apt-get update
           apt-get install -y curl git build-essential pkg-config libssl-dev
@@ -48,7 +49,8 @@ steps:
       BASE_SEPOLIA_RPC:
         from_secret: base_sepolia_rpc
     commands:
-      - bash -lc '
+      - |
+        bash -lc '
           set -euo pipefail
           apt-get update
           apt-get install -y curl git build-essential pkg-config libssl-dev
diff --git a/.woodpecker/fuzz-nightly.yml b/.woodpecker/fuzz-nightly.yml
index 388f908..4132c2f 100644
--- a/.woodpecker/fuzz-nightly.yml
+++ b/.woodpecker/fuzz-nightly.yml
@@ -13,7 +13,8 @@ steps:
       FOUNDRY_DIR: /root/.foundry
       PATH: /root/.foundry/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
     commands:
-      - bash -lc '
+      - |
+        bash -lc '
           set -euo pipefail
           apt-get update
           apt-get install -y curl git build-essential bc

From 91f19539d9f24a1852d41ca9d8b8ab8461c42ce6 Mon Sep 17 00:00:00 2001
From: openhands <openhands@all-hands.dev>
Date: Sun, 12 Oct 2025 17:07:47 +0000
Subject: [PATCH 10/23] Run foundry suite before node lint

---
 .woodpecker/ci.yml | 40 ++++++++++++++++++++--------------------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/.woodpecker/ci.yml b/.woodpecker/ci.yml
index 4986b1b..6440e59 100644
--- a/.woodpecker/ci.yml
+++ b/.woodpecker/ci.yml
@@ -8,6 +8,26 @@ trigger:
     - pull_request
 
 steps:
+  - name: foundry-suite
+    image: ubuntu:22.04
+    environment:
+      FOUNDRY_DIR: /root/.foundry
+      PATH: /root/.foundry/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+    commands:
+      - |
+        bash -lc '
+          set -euo pipefail
+          apt-get update
+          apt-get install -y curl git build-essential pkg-config libssl-dev
+          curl -L https://foundry.paradigm.xyz | bash
+          foundryup
+          cd onchain
+          forge --version
+          forge build --sizes
+          forge test -vvv
+          forge snapshot
+        '
+
   - name: node-quality
     image: node:20-bullseye
     environment:
@@ -37,23 +57,3 @@ steps:
           npm run test --prefix services/txnBot
           npm run build --prefix services/txnBot
         '
-
-  - name: foundry-suite
-    image: ubuntu:22.04
-    environment:
-      FOUNDRY_DIR: /root/.foundry
-      PATH: /root/.foundry/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-    commands:
-      - |
-        bash -lc '
-          set -euo pipefail
-          apt-get update
-          apt-get install -y curl git build-essential pkg-config libssl-dev
-          curl -L https://foundry.paradigm.xyz | bash
-          foundryup
-          cd onchain
-          forge --version
-          forge build --sizes
-          forge test -vvv
-          forge snapshot
-        '

From 9637fe6df1137cbb972683b53fa6f6a1bbc5e51d Mon Sep 17 00:00:00 2001
From: openhands <openhands@all-hands.dev>
Date: Sun, 12 Oct 2025 17:20:01 +0000
Subject: [PATCH 11/23] Use Foundry prebuilt image for solidity workflows

---
 .woodpecker/ci.yml           |  6 +-----
 .woodpecker/contracts.yml    | 12 ++----------
 .woodpecker/fuzz-nightly.yml | 10 +++++-----
 3 files changed, 8 insertions(+), 20 deletions(-)

diff --git a/.woodpecker/ci.yml b/.woodpecker/ci.yml
index 6440e59..cca5980 100644
--- a/.woodpecker/ci.yml
+++ b/.woodpecker/ci.yml
@@ -9,7 +9,7 @@ trigger:
 
 steps:
   - name: foundry-suite
-    image: ubuntu:22.04
+    image: ghcr.io/foundry-rs/foundry:stable
     environment:
       FOUNDRY_DIR: /root/.foundry
       PATH: /root/.foundry/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
@@ -17,10 +17,6 @@ steps:
       - |
         bash -lc '
           set -euo pipefail
-          apt-get update
-          apt-get install -y curl git build-essential pkg-config libssl-dev
-          curl -L https://foundry.paradigm.xyz | bash
-          foundryup
           cd onchain
           forge --version
           forge build --sizes
diff --git a/.woodpecker/contracts.yml b/.woodpecker/contracts.yml
index 7b3b9f6..6e4edd1 100644
--- a/.woodpecker/contracts.yml
+++ b/.woodpecker/contracts.yml
@@ -9,7 +9,7 @@ trigger:
 
 steps:
   - name: forge-suite
-    image: ubuntu:22.04
+    image: ghcr.io/foundry-rs/foundry:stable
     environment:
       FOUNDRY_DIR: /root/.foundry
       PATH: /root/.foundry/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
@@ -18,10 +18,6 @@ steps:
       - |
         bash -lc '
           set -euo pipefail
-          apt-get update
-          apt-get install -y curl git build-essential pkg-config libssl-dev
-          curl -L https://foundry.paradigm.xyz | bash
-          foundryup
           cd onchain
           forge build
           forge test -vv --ffi
@@ -41,7 +37,7 @@ trigger:
 
 steps:
   - name: forge-suite
-    image: ubuntu:22.04
+    image: ghcr.io/foundry-rs/foundry:stable
     environment:
       FOUNDRY_DIR: /root/.foundry
       PATH: /root/.foundry/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
@@ -52,10 +48,6 @@ steps:
       - |
         bash -lc '
           set -euo pipefail
-          apt-get update
-          apt-get install -y curl git build-essential pkg-config libssl-dev
-          curl -L https://foundry.paradigm.xyz | bash
-          foundryup
           cd onchain
           export BASE_SEPOLIA_RPC="$BASE_SEPOLIA_RPC"
           forge build
diff --git a/.woodpecker/fuzz-nightly.yml b/.woodpecker/fuzz-nightly.yml
index 4132c2f..50fde4f 100644
--- a/.woodpecker/fuzz-nightly.yml
+++ b/.woodpecker/fuzz-nightly.yml
@@ -8,7 +8,7 @@ trigger:
 
 steps:
   - name: fuzz
-    image: ubuntu:22.04
+    image: ghcr.io/foundry-rs/foundry:stable
     environment:
       FOUNDRY_DIR: /root/.foundry
       PATH: /root/.foundry/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
@@ -16,10 +16,10 @@ steps:
       - |
         bash -lc '
           set -euo pipefail
-          apt-get update
-          apt-get install -y curl git build-essential bc
-          curl -L https://foundry.paradigm.xyz | bash
-          foundryup
+          if ! command -v bc >/dev/null 2>&1; then
+            apt-get update
+            apt-get install -y bc
+          fi
           cd onchain
           forge --version
           ./analysis/run-fuzzing.sh BullMarketOptimizer runs=75

From 10f011f136ef71a1d1ac73ea835ec9dc783d9f76 Mon Sep 17 00:00:00 2001
From: openhands <openhands@all-hands.dev>
Date: Sun, 12 Oct 2025 17:30:29 +0000
Subject: [PATCH 12/23] Install uni-v3-lib dependencies before Foundry runs

---
 .woodpecker/ci.yml           | 11 +++++++++++
 .woodpecker/contracts.yml    | 22 ++++++++++++++++++++++
 .woodpecker/e2e.yml          |  3 +++
 .woodpecker/fuzz-nightly.yml | 11 +++++++++++
 .woodpecker/release.yml      |  3 +++
 5 files changed, 50 insertions(+)

diff --git a/.woodpecker/ci.yml b/.woodpecker/ci.yml
index cca5980..5da1dbc 100644
--- a/.woodpecker/ci.yml
+++ b/.woodpecker/ci.yml
@@ -8,6 +8,17 @@ trigger:
     - pull_request
 
 steps:
+  - name: bootstrap-deps
+    image: node:20-bullseye
+    commands:
+      - |
+        bash -lc '
+          set -euo pipefail
+          git submodule update --init --recursive
+          corepack enable
+          yarn install --cwd onchain/lib/uni-v3-lib --frozen-lockfile
+        '
+
   - name: foundry-suite
     image: ghcr.io/foundry-rs/foundry:stable
     environment:
diff --git a/.woodpecker/contracts.yml b/.woodpecker/contracts.yml
index 6e4edd1..9301c6e 100644
--- a/.woodpecker/contracts.yml
+++ b/.woodpecker/contracts.yml
@@ -8,6 +8,17 @@ trigger:
     - pull_request
 
 steps:
+  - name: bootstrap-deps
+    image: node:20-bullseye
+    commands:
+      - |
+        bash -lc '
+          set -euo pipefail
+          git submodule update --init --recursive
+          corepack enable
+          yarn install --cwd onchain/lib/uni-v3-lib --frozen-lockfile
+        '
+
   - name: forge-suite
     image: ghcr.io/foundry-rs/foundry:stable
     environment:
@@ -36,6 +47,17 @@ trigger:
     - pull_request
 
 steps:
+  - name: bootstrap-deps
+    image: node:20-bullseye
+    commands:
+      - |
+        bash -lc '
+          set -euo pipefail
+          git submodule update --init --recursive
+          corepack enable
+          yarn install --cwd onchain/lib/uni-v3-lib --frozen-lockfile
+        '
+
   - name: forge-suite
     image: ghcr.io/foundry-rs/foundry:stable
     environment:
diff --git a/.woodpecker/e2e.yml b/.woodpecker/e2e.yml
index 0ea9c98..c9fb10d 100644
--- a/.woodpecker/e2e.yml
+++ b/.woodpecker/e2e.yml
@@ -29,6 +29,9 @@ steps:
         apt-get update
         apt-get install -y podman python3-pip curl jq ca-certificates
         python3 -m pip install --no-cache-dir podman-compose
+        git submodule update --init --recursive
+        corepack enable
+        yarn install --cwd onchain/lib/uni-v3-lib --frozen-lockfile
         npm config set fund false
         npm config set audit false
         npm ci --prefix kraiken-lib --no-audit --no-fund
diff --git a/.woodpecker/fuzz-nightly.yml b/.woodpecker/fuzz-nightly.yml
index 50fde4f..1fe0bcc 100644
--- a/.woodpecker/fuzz-nightly.yml
+++ b/.woodpecker/fuzz-nightly.yml
@@ -7,6 +7,17 @@ trigger:
     - cron
 
 steps:
+  - name: bootstrap-deps
+    image: node:20-bullseye
+    commands:
+      - |
+        bash -lc '
+          set -euo pipefail
+          git submodule update --init --recursive
+          corepack enable
+          yarn install --cwd onchain/lib/uni-v3-lib --frozen-lockfile
+        '
+
   - name: fuzz
     image: ghcr.io/foundry-rs/foundry:stable
     environment:
diff --git a/.woodpecker/release.yml b/.woodpecker/release.yml
index 0cbe85a..1379f32 100644
--- a/.woodpecker/release.yml
+++ b/.woodpecker/release.yml
@@ -17,6 +17,9 @@ steps:
     commands:
       - bash -lc '
           set -euo pipefail
+          git submodule update --init --recursive
+          corepack enable
+          yarn install --cwd onchain/lib/uni-v3-lib --frozen-lockfile
           npm config set fund false
           npm config set audit false
           npm ci --prefix kraiken-lib --no-audit --no-fund

From 861bad5b00fa61a4b2bd8dca80cb5f4537bd762b Mon Sep 17 00:00:00 2001
From: openhands <openhands@all-hands.dev>
Date: Sun, 12 Oct 2025 17:44:53 +0000
Subject: [PATCH 13/23] Raise local bytecode limit for test helpers

---
 onchain/foundry.toml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/onchain/foundry.toml b/onchain/foundry.toml
index 0b6aff8..f75b972 100644
--- a/onchain/foundry.toml
+++ b/onchain/foundry.toml
@@ -7,6 +7,7 @@ gas_limit = 1_000_000_000
 gas_price = 0
 optimizer = true
 optimizer_runs = 200
+bytecode_size_limit = 40000
 # See more config options https://github.com/foundry-rs/foundry/tree/master/config
 
 [rpc_endpoints]

From f7e0b4fd24de0c7773d546b545e67862ebacdba5 Mon Sep 17 00:00:00 2001
From: openhands <openhands@all-hands.dev>
Date: Sun, 12 Oct 2025 19:13:42 +0000
Subject: [PATCH 14/23] Disable Foundry bytecode size enforcement for tests

---
 onchain/foundry.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/onchain/foundry.toml b/onchain/foundry.toml
index f75b972..066884b 100644
--- a/onchain/foundry.toml
+++ b/onchain/foundry.toml
@@ -7,7 +7,7 @@ gas_limit = 1_000_000_000
 gas_price = 0
 optimizer = true
 optimizer_runs = 200
-bytecode_size_limit = 40000
+bytecode_size_limit = 0
 # See more config options https://github.com/foundry-rs/foundry/tree/master/config
 
 [rpc_endpoints]

From 7aba3bb87e3473677ff65608a638528e2def036b Mon Sep 17 00:00:00 2001
From: openhands <openhands@all-hands.dev>
Date: Sun, 12 Oct 2025 19:23:13 +0000
Subject: [PATCH 15/23] Disable bytecode limit for maxperf profile

---
 onchain/foundry.toml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/onchain/foundry.toml b/onchain/foundry.toml
index 066884b..6566c8d 100644
--- a/onchain/foundry.toml
+++ b/onchain/foundry.toml
@@ -8,6 +8,9 @@ gas_price = 0
 optimizer = true
 optimizer_runs = 200
 bytecode_size_limit = 0
+
+[profile.maxperf]
+bytecode_size_limit = 0
 # See more config options https://github.com/foundry-rs/foundry/tree/master/config
 
 [rpc_endpoints]

From ea0226179c0ccc32a8c0fae7450b42e98bc7c184 Mon Sep 17 00:00:00 2001
From: openhands <openhands@all-hands.dev>
Date: Sun, 12 Oct 2025 19:27:23 +0000
Subject: [PATCH 16/23] Drop forge size check in CI

---
 .woodpecker/ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.woodpecker/ci.yml b/.woodpecker/ci.yml
index 5da1dbc..f8d6a0f 100644
--- a/.woodpecker/ci.yml
+++ b/.woodpecker/ci.yml
@@ -30,7 +30,7 @@ steps:
           set -euo pipefail
           cd onchain
           forge --version
-          forge build --sizes
+          forge build
           forge test -vvv
           forge snapshot
         '

From 76e197a21b1009a3b1be93c4f5056a8c2624948b Mon Sep 17 00:00:00 2001
From: openhands <openhands@all-hands.dev>
Date: Sun, 12 Oct 2025 19:54:02 +0000
Subject: [PATCH 17/23] Fix npm workspaces in CI

---
 .woodpecker/ci.yml | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/.woodpecker/ci.yml b/.woodpecker/ci.yml
index f8d6a0f..bb78275 100644
--- a/.woodpecker/ci.yml
+++ b/.woodpecker/ci.yml
@@ -45,22 +45,19 @@ steps:
           set -euo pipefail
           npm config set fund false
           npm config set audit false
-          npm ci --prefix kraiken-lib --no-audit --no-fund
           ./scripts/build-kraiken-lib.sh
           npm ci --prefix landing --no-audit --no-fund
-          npm ci --prefix web-app --no-audit --no-fund
-          npm ci --prefix services/ponder --no-audit --no-fund
-          npm ci --prefix services/txnBot --no-audit --no-fund
-          npm run lint --prefix kraiken-lib
-          npm test --prefix kraiken-lib -- --runInBand
           npm run lint --prefix landing
           npm run build --prefix landing
+          npm ci --prefix web-app --no-audit --no-fund
           npm run lint --prefix web-app
           npm run test --prefix web-app -- --run
           npm run build --prefix web-app
+          npm ci --prefix services/ponder --no-audit --no-fund
           npm run lint --prefix services/ponder
           npm run build --prefix services/ponder
+          npm ci --prefix services/txnBot --no-audit --no-fund
           npm run lint --prefix services/txnBot
-          npm run test --prefix services/txnBot
+          npm run test --prefix services/txnBot -- --runInBand
           npm run build --prefix services/txnBot
         '

From 953bec25c5cf6153c9f5d3e481569055ab13fdb7 Mon Sep 17 00:00:00 2001
From: openhands <openhands@all-hands.dev>
Date: Mon, 13 Oct 2025 17:01:51 +0000
Subject: [PATCH 18/23] ci: prebuild node/playwright images and switch
 woodpecker

---
 .woodpecker/ci.yml                |  10 +-
 .woodpecker/contracts.yml         |  14 +-
 .woodpecker/e2e.yml               |   8 +-
 .woodpecker/fuzz-nightly.yml      |   8 +-
 .woodpecker/release.yml           | 258 +++++++++++++++---------------
 docker/Dockerfile.node-ci         |  40 +++++
 docker/Dockerfile.playwright-ci   |  34 ++++
 onchain/test/helpers/TestBase.sol |  31 ++--
 8 files changed, 226 insertions(+), 177 deletions(-)
 create mode 100644 docker/Dockerfile.node-ci
 create mode 100644 docker/Dockerfile.playwright-ci

diff --git a/.woodpecker/ci.yml b/.woodpecker/ci.yml
index bb78275..cb717a7 100644
--- a/.woodpecker/ci.yml
+++ b/.woodpecker/ci.yml
@@ -9,21 +9,17 @@ trigger:
 
 steps:
   - name: bootstrap-deps
-    image: node:20-bullseye
+    image: registry.sovraigns.network/harb/node-ci:latest
     commands:
       - |
         bash -lc '
           set -euo pipefail
           git submodule update --init --recursive
-          corepack enable
           yarn install --cwd onchain/lib/uni-v3-lib --frozen-lockfile
         '
 
   - name: foundry-suite
-    image: ghcr.io/foundry-rs/foundry:stable
-    environment:
-      FOUNDRY_DIR: /root/.foundry
-      PATH: /root/.foundry/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+    image: registry.sovraigns.network/harb/node-ci:latest
     commands:
       - |
         bash -lc '
@@ -36,7 +32,7 @@ steps:
         '
 
   - name: node-quality
-    image: node:20-bullseye
+    image: registry.sovraigns.network/harb/node-ci:latest
     environment:
       CI: "true"
     commands:
diff --git a/.woodpecker/contracts.yml b/.woodpecker/contracts.yml
index 9301c6e..8d2b61a 100644
--- a/.woodpecker/contracts.yml
+++ b/.woodpecker/contracts.yml
@@ -9,21 +9,18 @@ trigger:
 
 steps:
   - name: bootstrap-deps
-    image: node:20-bullseye
+    image: registry.sovraigns.network/harb/node-ci:latest
     commands:
       - |
         bash -lc '
           set -euo pipefail
           git submodule update --init --recursive
-          corepack enable
           yarn install --cwd onchain/lib/uni-v3-lib --frozen-lockfile
         '
 
   - name: forge-suite
-    image: ghcr.io/foundry-rs/foundry:stable
+    image: registry.sovraigns.network/harb/node-ci:latest
     environment:
-      FOUNDRY_DIR: /root/.foundry
-      PATH: /root/.foundry/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
       HARB_ENV: BASE_SEPOLIA_LOCAL_FORK
     commands:
       - |
@@ -48,21 +45,18 @@ trigger:
 
 steps:
   - name: bootstrap-deps
-    image: node:20-bullseye
+    image: registry.sovraigns.network/harb/node-ci:latest
     commands:
       - |
         bash -lc '
           set -euo pipefail
           git submodule update --init --recursive
-          corepack enable
           yarn install --cwd onchain/lib/uni-v3-lib --frozen-lockfile
         '
 
   - name: forge-suite
-    image: ghcr.io/foundry-rs/foundry:stable
+    image: registry.sovraigns.network/harb/node-ci:latest
     environment:
-      FOUNDRY_DIR: /root/.foundry
-      PATH: /root/.foundry/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
       HARB_ENV: BASE_SEPOLIA
       BASE_SEPOLIA_RPC:
         from_secret: base_sepolia_rpc
diff --git a/.woodpecker/e2e.yml b/.woodpecker/e2e.yml
index c9fb10d..95d1161 100644
--- a/.woodpecker/e2e.yml
+++ b/.woodpecker/e2e.yml
@@ -12,8 +12,7 @@ trigger:
 
 steps:
   - name: run-e2e
-    image: mcr.microsoft.com/playwright:v1.56.0-jammy
-    pull: true
+    image: registry.sovraigns.network/harb/playwright-ci:latest
     privileged: true
     environment:
       PNPM_HOME: /root/.local/share/pnpm
@@ -24,13 +23,8 @@ steps:
     commands:
       - |
         set -euo pipefail
-        export DEBIAN_FRONTEND=noninteractive
         mkdir -p "$XDG_RUNTIME_DIR"
-        apt-get update
-        apt-get install -y podman python3-pip curl jq ca-certificates
-        python3 -m pip install --no-cache-dir podman-compose
         git submodule update --init --recursive
-        corepack enable
         yarn install --cwd onchain/lib/uni-v3-lib --frozen-lockfile
         npm config set fund false
         npm config set audit false
diff --git a/.woodpecker/fuzz-nightly.yml b/.woodpecker/fuzz-nightly.yml
index 1fe0bcc..6a0fc1c 100644
--- a/.woodpecker/fuzz-nightly.yml
+++ b/.woodpecker/fuzz-nightly.yml
@@ -8,21 +8,17 @@ trigger:
 
 steps:
   - name: bootstrap-deps
-    image: node:20-bullseye
+    image: registry.sovraigns.network/harb/node-ci:latest
     commands:
       - |
         bash -lc '
           set -euo pipefail
           git submodule update --init --recursive
-          corepack enable
           yarn install --cwd onchain/lib/uni-v3-lib --frozen-lockfile
         '
 
   - name: fuzz
-    image: ghcr.io/foundry-rs/foundry:stable
-    environment:
-      FOUNDRY_DIR: /root/.foundry
-      PATH: /root/.foundry/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+    image: registry.sovraigns.network/harb/node-ci:latest
     commands:
       - |
         bash -lc '
diff --git a/.woodpecker/release.yml b/.woodpecker/release.yml
index 1379f32..8577322 100644
--- a/.woodpecker/release.yml
+++ b/.woodpecker/release.yml
@@ -6,123 +6,114 @@ labels:
   podman: "true"
 
 when:
-  - event: tag
+  event: tag
 
 steps:
   - name: version-check
-    image: node:20-bullseye
-    pull: true
+    image: registry.sovraigns.network/harb/node-ci:latest
     when:
-      - event: tag
+      event: tag
     commands:
-      - bash -lc '
-          set -euo pipefail
-          git submodule update --init --recursive
-          corepack enable
-          yarn install --cwd onchain/lib/uni-v3-lib --frozen-lockfile
-          npm config set fund false
-          npm config set audit false
-          npm ci --prefix kraiken-lib --no-audit --no-fund
-          ./scripts/build-kraiken-lib.sh
-          node <<\"NODE\"
-          import fs from \"fs\";
+      - |
+          bash -lc '
+            set -euo pipefail
+            git submodule update --init --recursive
+            corepack enable
+            yarn install --cwd onchain/lib/uni-v3-lib --frozen-lockfile
+            npm config set fund false
+            npm config set audit false
+            npm ci --prefix kraiken-lib --no-audit --no-fund
+            ./scripts/build-kraiken-lib.sh
+            node <<\"NODE\"
+            import fs from \"fs\";
 
-          const sol = fs.readFileSync(\"onchain/src/Kraiken.sol\", \"utf8\");
-          const lib = fs.readFileSync(\"kraiken-lib/src/version.ts\", \"utf8\");
+            const sol = fs.readFileSync(\"onchain/src/Kraiken.sol\", \"utf8\");
+            const lib = fs.readFileSync(\"kraiken-lib/src/version.ts\", \"utf8\");
 
-          const contractVersionMatch = sol.match(/VERSION\\s*=\\s*(\\d+)/);
-          if (!contractVersionMatch) {
-            console.error(\"Unable to find VERSION constant in Kraiken.sol\");
-            process.exit(1);
-          }
-          const contractVersion = Number(contractVersionMatch[1]);
+            const contractVersionMatch = sol.match(/VERSION\\s*=\\s*(\\d+)/);
+            if (!contractVersionMatch) {
+              console.error(\"Unable to find VERSION constant in Kraiken.sol\");
+              process.exit(1);
+            }
+            const contractVersion = Number(contractVersionMatch[1]);
 
-          const libVersionMatch = lib.match(/KRAIKEN_LIB_VERSION\\s*=\\s*(\\d+)/);
-          if (!libVersionMatch) {
-            console.error(\"Unable to find KRAIKEN_LIB_VERSION in kraiken-lib/src/version.ts\");
-            process.exit(1);
-          }
-          const libVersion = Number(libVersionMatch[1]);
+            const libVersionMatch = lib.match(/KRAIKEN_LIB_VERSION\\s*=\\s*(\\d+)/);
+            if (!libVersionMatch) {
+              console.error(\"Unable to find KRAIKEN_LIB_VERSION in kraiken-lib/src/version.ts\");
+              process.exit(1);
+            }
+            const libVersion = Number(libVersionMatch[1]);
 
-          const compatMatch = lib.match(/COMPATIBLE_CONTRACT_VERSIONS\\s*=\\s*\\[([^\\]]*)\\]/);
-          if (!compatMatch) {
-            console.error(\"Unable to find COMPATIBLE_CONTRACT_VERSIONS in kraiken-lib/src/version.ts\");
-            process.exit(1);
-          }
-          const compatibleVersions = compatMatch[1]
-            .split(\",\")
-            .map(v => v.trim())
-            .filter(Boolean)
-            .map(Number);
+            const compatMatch = lib.match(/COMPATIBLE_CONTRACT_VERSIONS\\s*=\\s*\\[([^\\]]*)\\]/);
+            if (!compatMatch) {
+              console.error(\"Unable to find COMPATIBLE_CONTRACT_VERSIONS in kraiken-lib/src/version.ts\");
+              process.exit(1);
+            }
+            const compatibleVersions = compatMatch[1]
+              .split(\",\")
+              .map(v => v.trim())
+              .filter(Boolean)
+              .map(Number);
 
-          if (contractVersion !== libVersion) {
-            console.error('Contract VERSION (' + contractVersion + ') and KRAIKEN_LIB_VERSION (' + libVersion + ') differ');
-            process.exit(1);
-          }
-          if (!compatibleVersions.includes(contractVersion)) {
-            console.error('Contract VERSION ' + contractVersion + ' missing from COMPATIBLE_CONTRACT_VERSIONS [' + compatibleVersions.join(", ") + ']');
-            process.exit(1);
-          }
+            if (contractVersion !== libVersion) {
+              console.error(\"Contract VERSION (\" + contractVersion + \") and KRAIKEN_LIB_VERSION (\" + libVersion + \") differ\");
+              process.exit(1);
+            }
+            if (!compatibleVersions.includes(contractVersion)) {
+              console.error(\"Contract VERSION \" + contractVersion + \" missing from COMPATIBLE_CONTRACT_VERSIONS [\" + compatibleVersions.join(\", \") + \"]\");
+              process.exit(1);
+            }
 
-          console.log('Version check passed for VERSION ' + contractVersion);
-          NODE
-        '
+            console.log(\"Version check passed for VERSION \" + contractVersion);
+            NODE
+          '
 
   - name: build-artifacts
-    image: node:20-bullseye
-    pull: true
+    image: registry.sovraigns.network/harb/node-ci:latest
     depends_on:
       - version-check
     when:
-      - event: tag
+      event: tag
     commands:
-      - bash -lc '
-          set -euo pipefail
-          apt-get update
-          apt-get install -y curl build-essential pkg-config libssl-dev
-          npm config set fund false
-          npm config set audit false
-          npm ci --prefix kraiken-lib --no-audit --no-fund
-          ./scripts/build-kraiken-lib.sh
-          npm ci --prefix landing --no-audit --no-fund
-          npm ci --prefix web-app --no-audit --no-fund
-          npm ci --prefix services/ponder --no-audit --no-fund
-          npm ci --prefix services/txnBot --no-audit --no-fund
-          npm ci --no-audit --no-fund
-          export PATH=\"$HOME/.foundry/bin:$PATH\"
-          if ! command -v forge >/dev/null 2>&1; then
-            curl -L https://foundry.paradigm.xyz | bash
-            foundryup
-          else
-            foundryup
-          fi
-          forge --version
-          (cd onchain && forge build)
-          npm run build --prefix landing
-          npm run build --prefix web-app
-          npm run build --prefix services/ponder
-          npm run build --prefix services/txnBot
-          rm -rf release
-          mkdir -p release/dist
-          cp -r onchain/out release/dist/abi
-          cp -r kraiken-lib/dist release/dist/kraiken-lib
-          cp -r landing/dist release/dist/landing
-          cp -r web-app/dist release/dist/web-app
-          cp -r services/txnBot/dist release/dist/txn-bot
-          if [ -d services/ponder/generated ]; then
-            cp -r services/ponder/generated release/dist/ponder-generated
-          fi
-          tar -czf release-bundle.tgz -C release dist
-        '
+      - |
+          bash -lc '
+            set -euo pipefail
+            npm config set fund false
+            npm config set audit false
+            npm ci --prefix kraiken-lib --no-audit --no-fund
+            ./scripts/build-kraiken-lib.sh
+            npm ci --prefix landing --no-audit --no-fund
+            npm ci --prefix web-app --no-audit --no-fund
+            npm ci --prefix services/ponder --no-audit --no-fund
+            npm ci --prefix services/txnBot --no-audit --no-fund
+            npm ci --no-audit --no-fund
+            forge --version
+            (cd onchain && forge build)
+            npm run build --prefix landing
+            npm run build --prefix web-app
+            npm run build --prefix services/ponder
+            npm run build --prefix services/txnBot
+            rm -rf release
+            mkdir -p release/dist
+            cp -r onchain/out release/dist/abi
+            cp -r kraiken-lib/dist release/dist/kraiken-lib
+            cp -r landing/dist release/dist/landing
+            cp -r web-app/dist release/dist/web-app
+            cp -r services/txnBot/dist release/dist/txn-bot
+            if [ -d services/ponder/generated ]; then
+              cp -r services/ponder/generated release/dist/ponder-generated
+            fi
+            tar -czf release-bundle.tgz -C release dist
+          '
 
   - name: podman-publish
-    image: mcr.microsoft.com/playwright:v1.56.0-jammy
+    image: registry.sovraigns.network/harb/playwright-ci:latest
     pull: true
     privileged: true
     depends_on:
       - build-artifacts
     when:
-      - event: tag
+      event: tag
     environment:
       REGISTRY_SERVER:
         from_secret: registry_server
@@ -133,37 +124,54 @@ steps:
       REGISTRY_PASSWORD:
         from_secret: registry_password
     commands:
-      - bash -lc '
-          set -eo pipefail
-          export DEBIAN_FRONTEND=noninteractive
-          apt-get update
-          apt-get install -y podman python3-pip curl jq ca-certificates
-          python3 -m pip install --no-cache-dir podman-compose
-          if [ -z \"$CI_COMMIT_TAG\" ]; then
-            echo \"CI_COMMIT_TAG not set\" >&2
-            exit 1
-          fi
-          if [ -z \"$REGISTRY_SERVER\" ] || [ -z \"$REGISTRY_NAMESPACE\" ]; then
-            echo \"Registry server or namespace missing\" >&2
-            exit 1
-          fi
-          TAG=$(printf '%s' \"$CI_COMMIT_TAG\" | sed 's#^refs/tags/##')
-          export TAG
-          if [ -z \"$COMPOSE_PROJECT_NAME\" ]; then
-            COMPOSE_PROJECT_NAME=\"harb\"
-          fi
-          podman login \"$REGISTRY_SERVER\" -u \"$REGISTRY_USERNAME\" -p \"$REGISTRY_PASSWORD\"
-          podman-compose build ponder webapp landing txn-bot
-          for service in ponder webapp landing txn-bot; do
-            image=$(podman image ls --filter \"label=com.docker.compose.project=$COMPOSE_PROJECT_NAME\" --filter \"label=com.docker.compose.service=$service\" --format \"{{.Repository}}:{{ .Tag }}\" | head -n1)
-            if [ -z \"$image\" ]; then
-              echo \"Unable to find built image for $service\" >&2
+      - |
+          bash -lc '
+            set -eo pipefail
+            if [ -z "${CI_COMMIT_TAG:-}" ]; then
+              echo "CI_COMMIT_TAG not set" >&2
               exit 1
             fi
-            target=\"$REGISTRY_SERVER/$REGISTRY_NAMESPACE/$service\"
-            podman tag \"$image\" \"$target:$TAG\"
-            podman push \"$target:$TAG\"
-            podman tag \"$target:$TAG\" \"$target:latest\"
-            podman push \"$target:latest\"
-          done
-        '
+            if [ -z "${REGISTRY_SERVER:-}" ] || [ -z "${REGISTRY_NAMESPACE:-}" ]; then
+              echo "Registry server or namespace missing" >&2
+              exit 1
+            fi
+            TAG=$(printf '%s' "$CI_COMMIT_TAG" | sed "s#^refs/tags/##")
+            export TAG
+            if [ -z "${COMPOSE_PROJECT_NAME:-}" ]; then
+              COMPOSE_PROJECT_NAME=harb
+            fi
+            REGISTRY_ROOT="${REGISTRY_SERVER:-registry.sovraigns.network}"
+            REGISTRY_NS="${REGISTRY_NAMESPACE:-harb}"
+            REGISTRY_BASE="$REGISTRY_ROOT/$REGISTRY_NS"
+
+            podman login "$REGISTRY_ROOT" -u "$REGISTRY_USERNAME" -p "$REGISTRY_PASSWORD"
+            # Build and publish CI base images
+            node_ci_tmp=harb-node-ci-build
+            playwright_ci_tmp=harb-playwright-ci-build
+
+            podman build -f docker/Dockerfile.node-ci -t "$node_ci_tmp" .
+            podman tag "$node_ci_tmp" "$REGISTRY_BASE/node-ci:$TAG"
+            podman push "$REGISTRY_BASE/node-ci:$TAG"
+            podman tag "$REGISTRY_BASE/node-ci:$TAG" "$REGISTRY_BASE/node-ci:latest"
+            podman push "$REGISTRY_BASE/node-ci:latest"
+
+            podman build -f docker/Dockerfile.playwright-ci -t "$playwright_ci_tmp" .
+            podman tag "$playwright_ci_tmp" "$REGISTRY_BASE/playwright-ci:$TAG"
+            podman push "$REGISTRY_BASE/playwright-ci:$TAG"
+            podman tag "$REGISTRY_BASE/playwright-ci:$TAG" "$REGISTRY_BASE/playwright-ci:latest"
+            podman push "$REGISTRY_BASE/playwright-ci:latest"
+
+            podman-compose build ponder webapp landing txn-bot
+            for service in ponder webapp landing txn-bot; do
+              image=$(podman image ls --filter "label=com.docker.compose.project=$COMPOSE_PROJECT_NAME" --filter "label=com.docker.compose.service=$service" --format "{{.Repository}}:{{ .Tag }}" | head -n1)
+              if [ -z "$image" ]; then
+                echo "Unable to find built image for $service" >&2
+                exit 1
+              fi
+              target="$REGISTRY_BASE/$service"
+              podman tag "$image" "$target:$TAG"
+              podman push "$target:$TAG"
+              podman tag "$target:$TAG" "$target:latest"
+              podman push "$target:latest"
+            done
+          '
diff --git a/docker/Dockerfile.node-ci b/docker/Dockerfile.node-ci
new file mode 100644
index 0000000..4774f71
--- /dev/null
+++ b/docker/Dockerfile.node-ci
@@ -0,0 +1,40 @@
+# syntax=docker/dockerfile:1.6
+
+FROM node:20-bookworm
+
+LABEL org.opencontainers.image.source="https://codeberg.org/johba/harb-ci"
+LABEL org.opencontainers.image.description="Node.js toolchain for Harb Stack CI jobs"
+
+ENV DEBIAN_FRONTEND=noninteractive \
+    PNPM_HOME=/root/.local/share/pnpm \
+    PATH=/root/.local/share/pnpm:/root/.local/bin:/root/.foundry/bin:$PATH
+
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked \
+    apt-get update && \
+    apt-get install -y --no-install-recommends \
+      git \
+      ca-certificates \
+      build-essential \
+      pkg-config \
+      libssl-dev \
+      python3 \
+      python3-pip \
+      bc \
+      jq \
+      curl && \
+    rm -rf /var/lib/apt/lists/*
+
+# Enable corepack-managed package managers and pin the versions we expect in CI.
+RUN corepack enable && \
+    corepack prepare pnpm@8.15.4 --activate && \
+    corepack prepare yarn@4.3.1 --activate
+
+# Install Foundry once so downstream jobs skip the bootstrap step.
+RUN curl -L https://foundry.paradigm.xyz | bash && \
+    ~/.foundry/bin/foundryup --version && \
+    ~/.foundry/bin/foundryup
+
+WORKDIR /workspace
+
+CMD ["bash"]
diff --git a/docker/Dockerfile.playwright-ci b/docker/Dockerfile.playwright-ci
new file mode 100644
index 0000000..32bce1e
--- /dev/null
+++ b/docker/Dockerfile.playwright-ci
@@ -0,0 +1,34 @@
+# syntax=docker/dockerfile:1.6
+
+FROM mcr.microsoft.com/playwright:v1.56.0-jammy
+
+LABEL org.opencontainers.image.source="https://codeberg.org/johba/harb-ci"
+LABEL org.opencontainers.image.description="Playwright + Podman image for Harb Stack end-to-end CI"
+
+ENV DEBIAN_FRONTEND=noninteractive \
+    PNPM_HOME=/root/.local/share/pnpm \
+    PATH=/root/.local/share/pnpm:/root/.local/bin:$PATH
+
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked \
+    apt-get update && \
+    apt-get install -y --no-install-recommends \
+      podman \
+      slirp4netns \
+      uidmap \
+      iptables \
+      git \
+      ca-certificates \
+      python3-pip \
+      jq \
+      curl && \
+    rm -rf /var/lib/apt/lists/*
+
+RUN python3 -m pip install --no-cache-dir podman-compose && \
+    corepack enable && \
+    corepack prepare pnpm@8.15.4 --activate && \
+    corepack prepare yarn@4.3.1 --activate
+
+WORKDIR /workspace
+
+CMD ["bash"]
diff --git a/onchain/test/helpers/TestBase.sol b/onchain/test/helpers/TestBase.sol
index 7fd51b3..0a2d50d 100644
--- a/onchain/test/helpers/TestBase.sol
+++ b/onchain/test/helpers/TestBase.sol
@@ -72,17 +72,17 @@ contract TestEnvironment is TestConstants {
     using UniswapHelpers for IUniswapV3Pool;
 
     // Core contracts
-    IUniswapV3Factory public factory;
-    IUniswapV3Pool public pool;
-    IWETH9 public weth;
-    Kraiken public harberg;
-    Stake public stake;
-    LiquidityManager public lm;
-    Optimizer public optimizer;
+    IUniswapV3Factory internal factory;
+    IUniswapV3Pool internal pool;
+    IWETH9 internal weth;
+    Kraiken internal harberg;
+    Stake internal stake;
+    LiquidityManager internal lm;
+    Optimizer internal optimizer;
 
     // State variables
-    bool public token0isWeth;
-    address public feeDestination;
+    bool internal token0isWeth;
+    address internal feeDestination;
 
     constructor(address _feeDestination) {
         feeDestination = _feeDestination;
@@ -314,17 +314,4 @@ contract TestEnvironment is TestConstants {
         return (factory, pool, weth, harberg, stake, lm, optimizer, token0isWeth);
     }
 
-    /**
-     * @notice Perform recenter with proper time warp and oracle updates
-     * @param liquidityManager The LiquidityManager instance to recenter
-     * @param caller The address that will call recenter
-     */
-    function performRecenter(LiquidityManager liquidityManager, address caller) external {
-        // Update oracle time
-        vm.warp(block.timestamp + ORACLE_UPDATE_INTERVAL);
-
-        // Perform recenter
-        vm.prank(caller);
-        liquidityManager.recenter();
-    }
 }

From d0ebb0ecf1c38eb00a5e91dad1916afe41cc64b5 Mon Sep 17 00:00:00 2001
From: openhands <openhands@all-hands.dev>
Date: Mon, 13 Oct 2025 18:03:14 +0000
Subject: [PATCH 19/23] ci: adjust yarn --cwd invocation

---
 .woodpecker/ci.yml           | 2 +-
 .woodpecker/contracts.yml    | 4 ++--
 .woodpecker/e2e.yml          | 2 +-
 .woodpecker/fuzz-nightly.yml | 2 +-
 .woodpecker/release.yml      | 2 +-
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.woodpecker/ci.yml b/.woodpecker/ci.yml
index cb717a7..10eed9b 100644
--- a/.woodpecker/ci.yml
+++ b/.woodpecker/ci.yml
@@ -15,7 +15,7 @@ steps:
         bash -lc '
           set -euo pipefail
           git submodule update --init --recursive
-          yarn install --cwd onchain/lib/uni-v3-lib --frozen-lockfile
+          yarn --cwd onchain/lib/uni-v3-lib install --frozen-lockfile
         '
 
   - name: foundry-suite
diff --git a/.woodpecker/contracts.yml b/.woodpecker/contracts.yml
index 8d2b61a..f294a8c 100644
--- a/.woodpecker/contracts.yml
+++ b/.woodpecker/contracts.yml
@@ -15,7 +15,7 @@ steps:
         bash -lc '
           set -euo pipefail
           git submodule update --init --recursive
-          yarn install --cwd onchain/lib/uni-v3-lib --frozen-lockfile
+          yarn --cwd onchain/lib/uni-v3-lib install --frozen-lockfile
         '
 
   - name: forge-suite
@@ -51,7 +51,7 @@ steps:
         bash -lc '
           set -euo pipefail
           git submodule update --init --recursive
-          yarn install --cwd onchain/lib/uni-v3-lib --frozen-lockfile
+          yarn --cwd onchain/lib/uni-v3-lib install --frozen-lockfile
         '
 
   - name: forge-suite
diff --git a/.woodpecker/e2e.yml b/.woodpecker/e2e.yml
index 95d1161..7ca2884 100644
--- a/.woodpecker/e2e.yml
+++ b/.woodpecker/e2e.yml
@@ -25,7 +25,7 @@ steps:
         set -euo pipefail
         mkdir -p "$XDG_RUNTIME_DIR"
         git submodule update --init --recursive
-        yarn install --cwd onchain/lib/uni-v3-lib --frozen-lockfile
+        yarn --cwd onchain/lib/uni-v3-lib install --frozen-lockfile
         npm config set fund false
         npm config set audit false
         npm ci --prefix kraiken-lib --no-audit --no-fund
diff --git a/.woodpecker/fuzz-nightly.yml b/.woodpecker/fuzz-nightly.yml
index 6a0fc1c..74352bd 100644
--- a/.woodpecker/fuzz-nightly.yml
+++ b/.woodpecker/fuzz-nightly.yml
@@ -14,7 +14,7 @@ steps:
         bash -lc '
           set -euo pipefail
           git submodule update --init --recursive
-          yarn install --cwd onchain/lib/uni-v3-lib --frozen-lockfile
+          yarn --cwd onchain/lib/uni-v3-lib install --frozen-lockfile
         '
 
   - name: fuzz
diff --git a/.woodpecker/release.yml b/.woodpecker/release.yml
index 8577322..01a5ebc 100644
--- a/.woodpecker/release.yml
+++ b/.woodpecker/release.yml
@@ -19,7 +19,7 @@ steps:
             set -euo pipefail
             git submodule update --init --recursive
             corepack enable
-            yarn install --cwd onchain/lib/uni-v3-lib --frozen-lockfile
+            yarn --cwd onchain/lib/uni-v3-lib install --frozen-lockfile
             npm config set fund false
             npm config set audit false
             npm ci --prefix kraiken-lib --no-audit --no-fund

From d351acde786bd5142a1b69ef9235ab5d1cba1e98 Mon Sep 17 00:00:00 2001
From: openhands <openhands@all-hands.dev>
Date: Mon, 13 Oct 2025 18:12:14 +0000
Subject: [PATCH 20/23] ci: pin node/playwright images to ci-20251013 tag

---
 .woodpecker/ci.yml              | 6 +++---
 .woodpecker/contracts.yml       | 6 +++---
 .woodpecker/e2e.yml             | 2 +-
 .woodpecker/fuzz-nightly.yml    | 4 ++--
 .woodpecker/release.yml         | 6 +++---
 docker/Dockerfile.node-ci       | 2 +-
 docker/Dockerfile.playwright-ci | 2 +-
 7 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/.woodpecker/ci.yml b/.woodpecker/ci.yml
index 10eed9b..8ab9786 100644
--- a/.woodpecker/ci.yml
+++ b/.woodpecker/ci.yml
@@ -9,7 +9,7 @@ trigger:
 
 steps:
   - name: bootstrap-deps
-    image: registry.sovraigns.network/harb/node-ci:latest
+    image: registry.sovraigns.network/harb/node-ci:ci-20251013
     commands:
       - |
         bash -lc '
@@ -19,7 +19,7 @@ steps:
         '
 
   - name: foundry-suite
-    image: registry.sovraigns.network/harb/node-ci:latest
+    image: registry.sovraigns.network/harb/node-ci:ci-20251013
     commands:
       - |
         bash -lc '
@@ -32,7 +32,7 @@ steps:
         '
 
   - name: node-quality
-    image: registry.sovraigns.network/harb/node-ci:latest
+    image: registry.sovraigns.network/harb/node-ci:ci-20251013
     environment:
       CI: "true"
     commands:
diff --git a/.woodpecker/contracts.yml b/.woodpecker/contracts.yml
index f294a8c..644e29d 100644
--- a/.woodpecker/contracts.yml
+++ b/.woodpecker/contracts.yml
@@ -9,7 +9,7 @@ trigger:
 
 steps:
   - name: bootstrap-deps
-    image: registry.sovraigns.network/harb/node-ci:latest
+    image: registry.sovraigns.network/harb/node-ci:ci-20251013
     commands:
       - |
         bash -lc '
@@ -19,7 +19,7 @@ steps:
         '
 
   - name: forge-suite
-    image: registry.sovraigns.network/harb/node-ci:latest
+    image: registry.sovraigns.network/harb/node-ci:ci-20251013
     environment:
       HARB_ENV: BASE_SEPOLIA_LOCAL_FORK
     commands:
@@ -45,7 +45,7 @@ trigger:
 
 steps:
   - name: bootstrap-deps
-    image: registry.sovraigns.network/harb/node-ci:latest
+    image: registry.sovraigns.network/harb/node-ci:ci-20251013
     commands:
       - |
         bash -lc '
diff --git a/.woodpecker/e2e.yml b/.woodpecker/e2e.yml
index 7ca2884..cef2d24 100644
--- a/.woodpecker/e2e.yml
+++ b/.woodpecker/e2e.yml
@@ -12,7 +12,7 @@ trigger:
 
 steps:
   - name: run-e2e
-    image: registry.sovraigns.network/harb/playwright-ci:latest
+    image: registry.sovraigns.network/harb/playwright-ci:ci-20251013
     privileged: true
     environment:
       PNPM_HOME: /root/.local/share/pnpm
diff --git a/.woodpecker/fuzz-nightly.yml b/.woodpecker/fuzz-nightly.yml
index 74352bd..b28212f 100644
--- a/.woodpecker/fuzz-nightly.yml
+++ b/.woodpecker/fuzz-nightly.yml
@@ -8,7 +8,7 @@ trigger:
 
 steps:
   - name: bootstrap-deps
-    image: registry.sovraigns.network/harb/node-ci:latest
+    image: registry.sovraigns.network/harb/node-ci:ci-20251013
     commands:
       - |
         bash -lc '
@@ -18,7 +18,7 @@ steps:
         '
 
   - name: fuzz
-    image: registry.sovraigns.network/harb/node-ci:latest
+    image: registry.sovraigns.network/harb/node-ci:ci-20251013
     commands:
       - |
         bash -lc '
diff --git a/.woodpecker/release.yml b/.woodpecker/release.yml
index 01a5ebc..869b699 100644
--- a/.woodpecker/release.yml
+++ b/.woodpecker/release.yml
@@ -10,7 +10,7 @@ when:
 
 steps:
   - name: version-check
-    image: registry.sovraigns.network/harb/node-ci:latest
+    image: registry.sovraigns.network/harb/node-ci:ci-20251013
     when:
       event: tag
     commands:
@@ -69,7 +69,7 @@ steps:
           '
 
   - name: build-artifacts
-    image: registry.sovraigns.network/harb/node-ci:latest
+    image: registry.sovraigns.network/harb/node-ci:ci-20251013
     depends_on:
       - version-check
     when:
@@ -107,7 +107,7 @@ steps:
           '
 
   - name: podman-publish
-    image: registry.sovraigns.network/harb/playwright-ci:latest
+    image: registry.sovraigns.network/harb/playwright-ci:ci-20251013
     pull: true
     privileged: true
     depends_on:
diff --git a/docker/Dockerfile.node-ci b/docker/Dockerfile.node-ci
index 4774f71..1a0be83 100644
--- a/docker/Dockerfile.node-ci
+++ b/docker/Dockerfile.node-ci
@@ -28,7 +28,7 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
 # Enable corepack-managed package managers and pin the versions we expect in CI.
 RUN corepack enable && \
     corepack prepare pnpm@8.15.4 --activate && \
-    corepack prepare yarn@4.3.1 --activate
+    corepack prepare yarn@1.22.19 --activate
 
 # Install Foundry once so downstream jobs skip the bootstrap step.
 RUN curl -L https://foundry.paradigm.xyz | bash && \
diff --git a/docker/Dockerfile.playwright-ci b/docker/Dockerfile.playwright-ci
index 32bce1e..fdf2966 100644
--- a/docker/Dockerfile.playwright-ci
+++ b/docker/Dockerfile.playwright-ci
@@ -27,7 +27,7 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
 RUN python3 -m pip install --no-cache-dir podman-compose && \
     corepack enable && \
     corepack prepare pnpm@8.15.4 --activate && \
-    corepack prepare yarn@4.3.1 --activate
+    corepack prepare yarn@1.22.19 --activate
 
 WORKDIR /workspace
 

From ea0d35486be331895121934af2806fa8e1ad8ca7 Mon Sep 17 00:00:00 2001
From: openhands <openhands@all-hands.dev>
Date: Mon, 13 Oct 2025 18:15:13 +0000
Subject: [PATCH 21/23] ci: export foundry path in runner scripts

---
 .woodpecker/ci.yml           | 1 +
 .woodpecker/contracts.yml    | 2 ++
 .woodpecker/fuzz-nightly.yml | 1 +
 .woodpecker/release.yml      | 9 +++++----
 4 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/.woodpecker/ci.yml b/.woodpecker/ci.yml
index 8ab9786..c08ab33 100644
--- a/.woodpecker/ci.yml
+++ b/.woodpecker/ci.yml
@@ -25,6 +25,7 @@ steps:
         bash -lc '
           set -euo pipefail
           cd onchain
+          export PATH=/root/.foundry/bin:$PATH
           forge --version
           forge build
           forge test -vvv
diff --git a/.woodpecker/contracts.yml b/.woodpecker/contracts.yml
index 644e29d..6c368bb 100644
--- a/.woodpecker/contracts.yml
+++ b/.woodpecker/contracts.yml
@@ -27,6 +27,7 @@ steps:
         bash -lc '
           set -euo pipefail
           cd onchain
+          export PATH=/root/.foundry/bin:$PATH
           forge build
           forge test -vv --ffi
           forge snapshot
@@ -66,6 +67,7 @@ steps:
           set -euo pipefail
           cd onchain
           export BASE_SEPOLIA_RPC="$BASE_SEPOLIA_RPC"
+          export PATH=/root/.foundry/bin:$PATH
           forge build
           forge test -vv --ffi
           forge snapshot
diff --git a/.woodpecker/fuzz-nightly.yml b/.woodpecker/fuzz-nightly.yml
index b28212f..93efae6 100644
--- a/.woodpecker/fuzz-nightly.yml
+++ b/.woodpecker/fuzz-nightly.yml
@@ -28,6 +28,7 @@ steps:
             apt-get install -y bc
           fi
           cd onchain
+          export PATH=/root/.foundry/bin:$PATH
           forge --version
           ./analysis/run-fuzzing.sh BullMarketOptimizer runs=75
         '
diff --git a/.woodpecker/release.yml b/.woodpecker/release.yml
index 869b699..0448aa9 100644
--- a/.woodpecker/release.yml
+++ b/.woodpecker/release.yml
@@ -85,10 +85,11 @@ steps:
             npm ci --prefix landing --no-audit --no-fund
             npm ci --prefix web-app --no-audit --no-fund
             npm ci --prefix services/ponder --no-audit --no-fund
-            npm ci --prefix services/txnBot --no-audit --no-fund
-            npm ci --no-audit --no-fund
-            forge --version
-            (cd onchain && forge build)
+          npm ci --prefix services/txnBot --no-audit --no-fund
+          npm ci --no-audit --no-fund
+          export PATH=/root/.foundry/bin:$PATH
+          forge --version
+          (cd onchain && forge build)
             npm run build --prefix landing
             npm run build --prefix web-app
             npm run build --prefix services/ponder

From d2c1f9c84f17f04d214e3b17d9f137c549c6e5ff Mon Sep 17 00:00:00 2001
From: openhands <openhands@all-hands.dev>
Date: Mon, 13 Oct 2025 18:20:47 +0000
Subject: [PATCH 22/23] ci: switch npm ci to npm install for workspace deps

---
 .woodpecker/ci.yml      |  8 ++++----
 .woodpecker/e2e.yml     | 12 ++++++------
 .woodpecker/release.yml | 16 ++++++++--------
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/.woodpecker/ci.yml b/.woodpecker/ci.yml
index c08ab33..6a22e3e 100644
--- a/.woodpecker/ci.yml
+++ b/.woodpecker/ci.yml
@@ -43,17 +43,17 @@ steps:
           npm config set fund false
           npm config set audit false
           ./scripts/build-kraiken-lib.sh
-          npm ci --prefix landing --no-audit --no-fund
+          npm install --prefix landing --no-audit --no-fund
           npm run lint --prefix landing
           npm run build --prefix landing
-          npm ci --prefix web-app --no-audit --no-fund
+          npm install --prefix web-app --no-audit --no-fund
           npm run lint --prefix web-app
           npm run test --prefix web-app -- --run
           npm run build --prefix web-app
-          npm ci --prefix services/ponder --no-audit --no-fund
+          npm install --prefix services/ponder --no-audit --no-fund
           npm run lint --prefix services/ponder
           npm run build --prefix services/ponder
-          npm ci --prefix services/txnBot --no-audit --no-fund
+          npm install --prefix services/txnBot --no-audit --no-fund
           npm run lint --prefix services/txnBot
           npm run test --prefix services/txnBot -- --runInBand
           npm run build --prefix services/txnBot
diff --git a/.woodpecker/e2e.yml b/.woodpecker/e2e.yml
index cef2d24..83b92b5 100644
--- a/.woodpecker/e2e.yml
+++ b/.woodpecker/e2e.yml
@@ -28,13 +28,13 @@ steps:
         yarn --cwd onchain/lib/uni-v3-lib install --frozen-lockfile
         npm config set fund false
         npm config set audit false
-        npm ci --prefix kraiken-lib --no-audit --no-fund
+        npm install --prefix kraiken-lib --no-audit --no-fund
         ./scripts/build-kraiken-lib.sh
-        npm ci --prefix landing --no-audit --no-fund
-        npm ci --prefix web-app --no-audit --no-fund
-        npm ci --prefix services/ponder --no-audit --no-fund
-        npm ci --prefix services/txnBot --no-audit --no-fund
-        npm ci --no-audit --no-fund
+        npm install --prefix landing --no-audit --no-fund
+        npm install --prefix web-app --no-audit --no-fund
+        npm install --prefix services/ponder --no-audit --no-fund
+        npm install --prefix services/txnBot --no-audit --no-fund
+        npm install --no-audit --no-fund
         npx playwright install chromium
         trap "./scripts/dev.sh stop || true" EXIT
         ./scripts/dev.sh start
diff --git a/.woodpecker/release.yml b/.woodpecker/release.yml
index 0448aa9..8776a6d 100644
--- a/.woodpecker/release.yml
+++ b/.woodpecker/release.yml
@@ -22,7 +22,7 @@ steps:
             yarn --cwd onchain/lib/uni-v3-lib install --frozen-lockfile
             npm config set fund false
             npm config set audit false
-            npm ci --prefix kraiken-lib --no-audit --no-fund
+            npm install --prefix kraiken-lib --no-audit --no-fund
             ./scripts/build-kraiken-lib.sh
             node <<\"NODE\"
             import fs from \"fs\";
@@ -80,13 +80,13 @@ steps:
             set -euo pipefail
             npm config set fund false
             npm config set audit false
-            npm ci --prefix kraiken-lib --no-audit --no-fund
-            ./scripts/build-kraiken-lib.sh
-            npm ci --prefix landing --no-audit --no-fund
-            npm ci --prefix web-app --no-audit --no-fund
-            npm ci --prefix services/ponder --no-audit --no-fund
-          npm ci --prefix services/txnBot --no-audit --no-fund
-          npm ci --no-audit --no-fund
+          npm install --prefix kraiken-lib --no-audit --no-fund
+          ./scripts/build-kraiken-lib.sh
+          npm install --prefix landing --no-audit --no-fund
+          npm install --prefix web-app --no-audit --no-fund
+          npm install --prefix services/ponder --no-audit --no-fund
+          npm install --prefix services/txnBot --no-audit --no-fund
+          npm install --no-audit --no-fund
           export PATH=/root/.foundry/bin:$PATH
           forge --version
           (cd onchain && forge build)

From ce87847f4ea98aa563891b54839db966589f662c Mon Sep 17 00:00:00 2001
From: openhands <openhands@all-hands.dev>
Date: Mon, 13 Oct 2025 19:05:15 +0000
Subject: [PATCH 23/23] web-app: move env declaration into src and guard
 pipefail

---
 .woodpecker/e2e.yml        | 3 ++-
 web-app/{ => src}/env.d.ts | 4 ++--
 web-app/tsconfig.app.json  | 2 +-
 3 files changed, 5 insertions(+), 4 deletions(-)
 rename web-app/{ => src}/env.d.ts (81%)

diff --git a/.woodpecker/e2e.yml b/.woodpecker/e2e.yml
index 83b92b5..1414848 100644
--- a/.woodpecker/e2e.yml
+++ b/.woodpecker/e2e.yml
@@ -22,7 +22,8 @@ steps:
       XDG_RUNTIME_DIR: /tmp/podman-run
     commands:
       - |
-        set -euo pipefail
+        set -eu
+        set -o pipefail 2>/dev/null || true
         mkdir -p "$XDG_RUNTIME_DIR"
         git submodule update --init --recursive
         yarn --cwd onchain/lib/uni-v3-lib install --frozen-lockfile
diff --git a/web-app/env.d.ts b/web-app/src/env.d.ts
similarity index 81%
rename from web-app/env.d.ts
rename to web-app/src/env.d.ts
index 1a00442..87b9490 100644
--- a/web-app/env.d.ts
+++ b/web-app/src/env.d.ts
@@ -6,8 +6,8 @@ declare global {
   interface Window {
     ethereum?: EIP1193Provider;
   }
+
+  const __APP_VERSION__: string;
 }
 
-declare const __APP_VERSION__: string;
-
 export {};
diff --git a/web-app/tsconfig.app.json b/web-app/tsconfig.app.json
index 3272419..3a76366 100644
--- a/web-app/tsconfig.app.json
+++ b/web-app/tsconfig.app.json
@@ -1,6 +1,6 @@
 {
   "extends": "@vue/tsconfig/tsconfig.dom.json",
-  "include": ["env.d.ts", "src/**/*", "src/**/*.vue"],
+  "include": ["src/env.d.ts", "src/**/*", "src/**/*.vue"],
   "exclude": ["src/**/__tests__/*"],
   "compilerOptions": {
     "tsBuildInfoFile": "./node_modules/.tmp/tsconfig.app.tsbuildinfo",