chore: add signature cta bot

[tomiir]

Description

• Adds Copyright Transfer Agreement (CTA) workflow to require external contributors to sign an agreement when submitting changes

Type of change

• Chore (non-breaking change that addresses non-functional tasks, maintenance, or code quality improvements)
• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)

[changeset-bot]

⚠️ No Changeset found

Latest commit: 2d33b3b

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
appkit-basic-html	Ready	Preview	Comment	Sep 10, 2025 4:04pm
appkit-demo	Ready	Preview	Comment	Sep 10, 2025 4:04pm
appkit-gallery	Ready	Preview	Comment	Sep 10, 2025 4:04pm
appkit-laboratory	Ready	Preview	Comment	Sep 10, 2025 4:04pm

10 Skipped Deployments

Project	Deployment	Preview	Comments	Updated (UTC)
appkit-basic-example	Ignored			Sep 10, 2025 4:04pm
appkit-basic-sign-client-example	Ignored			Sep 10, 2025 4:04pm
appkit-basic-up-example	Ignored			Sep 10, 2025 4:04pm
appkit-ethers5-bera	Ignored			Sep 10, 2025 4:04pm
appkit-nansen-demo	Ignored			Sep 10, 2025 4:04pm
appkit-vue-solana	Ignored			Sep 10, 2025 4:04pm
appkit-wagmi-cdn-example	Ignored			Sep 10, 2025 4:04pm
ethereum-provider-wagmi-example	Ignored			Sep 10, 2025 4:04pm
next-wagmi-solana-bitcoin-example	Ignored			Sep 10, 2025 4:04pm
vue-wagmi-example	Ignored			Sep 10, 2025 4:04pm

[Copilot]

Pull Request Overview

This PR adds a Copyright Transfer Agreement (CTA) workflow to automate the signature process for external contributors. The workflow ensures that contributors sign a legal agreement before their changes can be merged.

• Adds automated CTA signature checking for pull requests and issue comments
• Configures necessary permissions for the bot to manage PR statuses and comments
• Uses the WalletConnect CTA assistant action for implementation

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[cursor]

Bug: Unpinned Master Branch Vulnerability

Using an unpinned @master branch reference for the third-party action, combined with the pull_request_target trigger and write permissions, creates a security vulnerability. If the upstream action's master branch is compromised, malicious code could execute with write access to this repository.

 

[github-actions]

	Warnings
⚠️	Workflow file .github/workflows/cta.yml has been modified

Generated by 🚫 dangerJS against 2d33b3b

[github-actions]

Coverage Report

Status	Category	Percentage	Covered / Total
🔵	Lines	78.32%	35264 / 45023
🔵	Statements	78.32%	35264 / 45023
🔵	Functions	75.98%	3875 / 5100
🔵	Branches	86.56%	8348 / 9644

File Coverage

No changed files found.

Generated in workflow #14987 for commit 2d33b3b by the Vitest Coverage Report Action