Add onchor.xyz to whitelist

[sosa782]

What

Add *.onchor.xyz to the whitelist.

About Onchor

Onchor is an API marketplace for AI agents on Solana. Agents register, fund their account with USDC, and consume APIs through our gateway.

• Live site: https://onchor.xyz
• API: https://api.onchor.xyz
• Anchor Program: 5MQrpUZtAQgVfhbkwPmmug1ruYVttvieEqX8DwKPPmiw (Solana mainnet)
• npm CLI: https://www.npmjs.com/package/onchor
• Open source skill: https://clawhub.ai/sosa782/onchor

All transactions are USDC deposits to PDA-controlled vaults. No token swaps, no risky approvals.

Summary by CodeRabbit

• Chores
  • Updated domain whitelist configuration to restore nftplus.io and add *.onchor.xyz domain pattern.

[coderabbitai]

📝 Walkthrough

Walkthrough

The pull request modifies the whitelist configuration file by re-adding a previously removed nftplus.io entry and introducing a new wildcard pattern entry for *.onchor.xyz, resulting in a net change of two additions and one removal.

Changes

Cohort / File(s)	Summary
Whitelist Configuration whitelist.yaml	Re-adds nftplus.io entry and adds new wildcard domain pattern *.onchor.xyz to the whitelist.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Add onchor.xyz to whitelist' directly and accurately summarizes the main change in the pull request, which adds *.onchor.xyz to the whitelist.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

CodeRabbit can use Trivy to scan for security misconfigurations and secrets in Infrastructure as Code files.

Add a .trivyignore file to your project to customize which findings Trivy reports.

[coderabbitai]

🧹 Nitpick comments (1)

whitelist.yaml (1)

34-34: Consider adding apex onchor.xyz alongside the wildcard.

Line 34 adds *.onchor.xyz, which commonly matches subdomains only. If the goal is to whitelist the main site too, add a separate onchor.xyz entry to avoid matcher-dependent behavior.

Proposed change

   - url: nftplus.io
+  - url: onchor.xyz
   - url: "*.onchor.xyz"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@whitelist.yaml` at line 34, The whitelist currently contains the wildcard
entry "*.onchor.xyz" which may not match the apex domain; update the whitelist
to include a separate apex entry by adding "onchor.xyz" alongside the existing
"*.onchor.xyz" entry so the main site is explicitly whitelisted (refer to the
existing wildcard entry "*.onchor.xyz" in whitelist.yaml and add a new line with
"onchor.xyz").

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@whitelist.yaml`:
- Line 34: The whitelist currently contains the wildcard entry "*.onchor.xyz"
which may not match the apex domain; update the whitelist to include a separate
apex entry by adding "onchor.xyz" alongside the existing "*.onchor.xyz" entry so
the main site is explicitly whitelisted (refer to the existing wildcard entry
"*.onchor.xyz" in whitelist.yaml and add a new line with "onchor.xyz").

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 0f25b79e-571c-42ec-b8cb-db3dcee3d93c

📥 Commits

Reviewing files that changed from the base of the PR and between f0e8ff9 and 0591262.

📒 Files selected for processing (1)

• whitelist.yaml