Update OZ solhint custom rules

[gonzaotc]

1. Removes interface-names custom rule which is now covered by solhint's already included interface-starts-with-i
2. Adds interface-only-external-functions rule.
3. Prevents leading underscore in constants and immutables, which was previously only prevented in private constants
4. Prevents leading underscore in public and external functions.
5. Prevents external virtual functions.

Note that 2, 3, and 4 require breaking changes that can be potential candidates for 6.0

Ideally I would like to add another rule to verify that Interfaces can only import other interfaces

[changeset-bot]

⚠️ No Changeset found

Latest commit: b73b564

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[Amxx]

For reference, there is already this PR that deals with linter rules: #5497

[Amxx]

Ideally I would like to add another rule to verify that Interfaces can only import other interfaces

AFAIK, this is already something solidity enforces. We don't need the linter to check taht if the compiler rejects it anyway.

Edit: that is true of "inheritance", importing is a different thing.

[Amxx]

How efficient/explicit is /^_/.test(node.name) compared to node.name.startsWith('_')

[ernestognw]

I'm curious about the external -> public changes. So far I thought we already made all functions public when needed, so I would assume they were intentional, can we confirm reviewing the history to make sure we're not missing a deliberate decision?

[ernestognw]

If I remember correctly, this is purposely external since it doesn't have an internal use. Users could just call the functions they want directly

[Amxx]

By default, all public facing functions should be public so that overrides can call super.

If we have exceptions, the questions we need to answer are:

1. is there any reason we think overrides won't need to call super?
2. is there any risks in making that internally callable?

I'm not sure what override we would want to do, but I'd say calling super would be reasonnable here ... so really the question that remains is 2.

If function A internally calls multicall(...) (instead of doing this.multicall(...)) that would allow arbitrary function execution with the same caller as A's initial context. That is also what we would achieve by directly calling the corresponding function (assuming they are public and not external).

But yes, let review all the external->public changes, and we can disable the rule selectivelly if we have a good reason to keep the functions externals

[coderabbitai]

Walkthrough

This change set primarily updates function visibility from external to public across multiple contracts (Governor, TimelockController, GovernorTimelockCompound, GovernorTimelockControl, GovernorVotesQuorumFraction, UUPSUpgradeable, ERC20Permit, Multicall, and a mock). It also renames internal constants to drop leading underscores in TimelockController and ERC2771Forwarder, updating references and tests accordingly. The solhint custom rules are reworked: new require-based reporting, renamed interface rule to interface-only-external-functions, added no-external-virtual, tightened private-variables policy, and refined leading-underscore handling. Tests are adjusted to the new FORWARD_REQUEST_TYPEHASH constant usage.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The PR title "Update OZ solhint custom rules" is concise and accurately summarizes the primary change (updates to the solhint custom rules in scripts/solhint-custom/index.js) and aligns with the PR objectives and file-level changes; it is specific and clear for a teammate scanning history.
Description Check	✅ Passed	The PR description enumerates the solhint rule changes (removal of interface-names, addition of interface-only-external-functions, new leading-underscore restrictions, and disallowing external virtual functions), notes breaking-change considerations, and matches the PR objectives and the modified script file, so it is directly related to the changeset.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2e5d1eb and a9560bc.

📒 Files selected for processing (12)

• contracts/governance/Governor.sol (1 hunks)
• contracts/governance/TimelockController.sol (4 hunks)
• contracts/governance/extensions/GovernorTimelockCompound.sol (2 hunks)
• contracts/governance/extensions/GovernorTimelockControl.sol (1 hunks)
• contracts/governance/extensions/GovernorVotesQuorumFraction.sol (1 hunks)
• contracts/metatx/ERC2771Forwarder.sol (2 hunks)
• contracts/mocks/proxy/UUPSUpgradeableMock.sol (1 hunks)
• contracts/proxy/utils/UUPSUpgradeable.sol (1 hunks)
• contracts/token/ERC20/extensions/ERC20Permit.sol (1 hunks)
• contracts/utils/Multicall.sol (1 hunks)
• scripts/solhint-custom/index.js (3 hunks)
• test/metatx/ERC2771Forwarder.t.sol (1 hunks)

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: Amxx
PR: OpenZeppelin/openzeppelin-contracts#5904
File: contracts/crosschain/ERC7786Recipient.sol:22-31
Timestamp: 2025-08-29T13:17:07.068Z
Learning: In OpenZeppelin contracts, virtual functions that implement interfaces should use `public` visibility instead of `external`, even for calldata-heavy functions. This is because external functions cannot be called with `super` in derived contracts, which would limit extensibility. OpenZeppelin has strong guidelines to keep all public-facing virtual functions as `public` to maintain inheritance flexibility.

📚 Learning: 2025-08-29T13:17:07.068Z

Learnt from: Amxx
PR: OpenZeppelin/openzeppelin-contracts#5904
File: contracts/crosschain/ERC7786Recipient.sol:22-31
Timestamp: 2025-08-29T13:17:07.068Z
Learning: In OpenZeppelin contracts, virtual functions that implement interfaces should use `public` visibility instead of `external`, even for calldata-heavy functions. This is because external functions cannot be called with `super` in derived contracts, which would limit extensibility. OpenZeppelin has strong guidelines to keep all public-facing virtual functions as `public` to maintain inheritance flexibility.

Applied to files:

• contracts/utils/Multicall.sol

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (9)

• GitHub Check: Redirect rules - solidity-contracts
• GitHub Check: Header rules - solidity-contracts
• GitHub Check: halmos
• GitHub Check: Pages changed - solidity-contracts
• GitHub Check: coverage
• GitHub Check: tests-foundry
• GitHub Check: slither
• GitHub Check: tests-upgradeable
• GitHub Check: tests

🔇 Additional comments (13)

contracts/metatx/ERC2771Forwarder.sol (1)

64-64: Constant renamed appropriately.

The rename from _FORWARD_REQUEST_TYPEHASH to FORWARD_REQUEST_TYPEHASH aligns with the updated linting rules that now prevent leading underscores in constants. The typehash value remains unchanged, maintaining backward compatibility.

contracts/governance/TimelockController.sol (1)

29-29: Constant renamed consistently with linting rules.

The rename from _DONE_TIMESTAMP to DONE_TIMESTAMP follows the updated convention of removing leading underscores from constants.

test/metatx/ERC2771Forwarder.t.sol (1)

30-30: Test correctly updated for constant rename.

The test now uses FORWARD_REQUEST_TYPEHASH without the leading underscore, properly reflecting the change in the main contract.

scripts/solhint-custom/index.js (5)

17-21: Good refactoring of error reporting.

The new require helper method consolidates error reporting logic and makes the code more readable by following an assertion-style pattern.

---

26-32: Interface rule correctly enforces external visibility.

The renamed rule interface-only-external-functions properly enforces that interface functions must be external, which is a Solidity requirement.

---

38-45: State variable visibility rule properly tightened.

The updated rule now correctly enforces that state variables must be either private, constant, or immutable, which aligns with OpenZeppelin's coding standards for encapsulation.

---

52-96: Comprehensive leading underscore enforcement.

The rule now provides granular control over leading underscore usage across different visibility levels and variable types, properly enforcing the convention that:

• Constants should not have leading underscores
• Private/internal state variables and functions must have leading underscores (except library internals)
• Public/external members should not have leading underscores

---

99-111: New rule aligns with PR objectives.

The no-external-virtual rule correctly prevents functions from being both external and virtual (except for receive/fallback), which aligns with OpenZeppelin's guidelines for inheritance flexibility. This is why various functions in this PR were changed from external to public.

contracts/proxy/utils/UUPSUpgradeable.sol (1)

74-76: Make proxiableUUID public to allow super-calls — good change.

Extensibility improves, ABI remains externally callable, and notDelegated still blocks proxy context. Note: this is source‑level breaking for downstream overrides declared external; ensure it’s captured in release notes.

contracts/governance/extensions/GovernorTimelockCompound.sol (2)

139-141: Updated solhint directive name — correct.

Switch to openzeppelin/leading_underscore is consistent with the new ruleset.

---

157-159: updateTimelock made public — aligns with “no external virtual” and enables super-calls.

Behavior unchanged under onlyGovernance. This can break downstream contracts overriding with external; flag in the changelog/upgrade guide.

contracts/mocks/proxy/UUPSUpgradeableMock.sol (1)

32-34: Override visibility synced to base — OK.

Matches the base’s public visibility and keeps the mock semantics intact.

contracts/governance/extensions/GovernorTimelockControl.sol (1)

149-151: updateTimelock made public — consistent and safe.

No external behavior change; onlyGovernance still gates it. Document potential break for downstream external overrides.

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[arr00]

Isn't this enforced by the compiler?

[Amxx]

indeed it is already checked.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​solhint@​6.0.0 ⏵ 6.0.1	+1			+6

View full report

[socket-security]

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report

[arr00]

should we require screaming snake case?

[Amxx]

There is already a const-name-snakecase in solhint. See line 5 of solhint.config.js

[Amxx]

If we want to do immutable snakecase, there is also a immutable-vars-naming we could enable.