feat: light token kit by sergeytimoshin · Pull Request #2289 · Lightprotocol/light-protocol

sergeytimoshin · 2026-02-14T15:21:55Z

No description provided.

coderabbitai · 2026-02-14T15:22:02Z

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

🔍 Trigger review

✨ Finishing touches

🧪 Generate unit tests (beta)

Create PR with unit tests
Post copyable unit tests in a comment
Commit unit tests in branch sergey/feat-light-token-kit

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

.github/workflows/token-kit.yml

+    name: token-kit-tests
+    if: github.event.pull_request.draft == false
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v6
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "22"
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: 9
+          run_install: false
+
+      - name: Install just
+        uses: extractions/setup-just@v2
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Build token-sdk
+        run: cd js/token-sdk && pnpm build
+
+      - name: Run token-sdk unit tests
+        run: just js test-token-sdk
+
+      - name: Run token-client unit tests
+        run: just js test-token-client
+
+      - name: Lint token-sdk
+        run: just js lint-token-kit


In general, fix this by explicitly declaring a minimal permissions block either at the workflow root (applies to all jobs) or on the specific job. Since this workflow only checks out code and runs local build/test/lint commands, it only needs read access to repository contents. We can safely set permissions: contents: read for the job (or at the top level) without changing any existing behavior.

The single best fix here is to add a permissions block to the token-kit-tests job definition in .github/workflows/token-kit.yml, just under the job name (or runs-on) and before steps. Concretely, we will insert:

permissions: contents: read

This does not require any imports or additional methods, and it keeps the change localized to the shown snippet. No other files or sections need modification.

ananas-block and others added 4 commits February 13, 2026 11:02

feat: ts token sdk + idl

964808a

stash separated token client

b53bcba

wip

a0a96a8

wip

089b430

github-advanced-security bot found potential problems Feb 14, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: light token kit#2289

feat: light token kit#2289
sergeytimoshin wants to merge 4 commits intomainfrom
sergey/feat-light-token-kit

sergeytimoshin commented Feb 14, 2026

Uh oh!

coderabbitai bot commented Feb 14, 2026

Review skipped

Uh oh!

Check warning

Copilot Autofix

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

sergeytimoshin commented Feb 14, 2026

Uh oh!

coderabbitai bot commented Feb 14, 2026

Review skipped

Uh oh!

Check warning

Copilot Autofix

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants