Fix text record resolution and enhance CCIP-Read handling

[Douglasacost]

This pull request introduces a new signed-gateway UniversalResolver integration for ENS offchain resolution, adding a /resolve endpoint that supports CCIP-Read (ERC-3668) with EIP-712 signatures, and refactors deployment scripts and configuration to support the new model. The changes include new resolver logic, EIP-712 signing, configuration wiring, and a simplified deployment script.

New ENS Gateway Resolution Functionality:

• Added /resolve route that implements the CCIP-Read (ERC-3668) callback endpoint, decoding ENS resolution requests, routing them to the correct L2 NameService, and returning EIP-712 signed responses for use with the L1 UniversalResolver. [1] [2] [3]
• Implemented resolveFromL2 utility to parse DNS-encoded ENS names, support addr, addr-multichain, and text lookups, and return ABI-encoded results.
• Added signResolutionResponse for EIP-712 signing of resolution results, matching the L1 UniversalResolver contract.

Configuration and Setup Updates:

• Extended setup.ts to wire up the new resolver signer, L1 resolver address, and signature TTL, and export them for use in the new route. [1] [2] [3] [4]
• Updated the ENS NameService interface to include the getTextRecord function needed by the gateway.

Deployment Script Changes:

• Refactored the L1 deployment script to support the new signed-gateway UniversalResolver, removing the StorageProofVerifier/SparseMerkleTree logic and adding support for setting the ENS resolver in a single broadcast if desired. [1] [2] [3]

These changes collectively enable secure, offchain ENS resolution via a gateway that signs responses for L1 verification, modernizing the resolver infrastructure and deployment flow.

[github-actions]

LCOV of commit bba7616 during checks #663

Summary coverage rate:
  lines......: 30.6% (771 of 2517 lines)
  functions..: 26.9% (105 of 390 functions)
  branches...: 35.5% (140 of 394 branches)

Files changed coverage rate:
                                                  |Lines       |Functions  |Branches    
  Filename                                        |Rate     Num|Rate    Num|Rate     Num
  ======================================================================================
  script/DeployL1Ens.s.sol                        | 0.0%     25| 0.0%     1| 0.0%      4
  src/nameservice/SignedUniversalResolver.sol     | 0.0%    102| 0.0%    13| 0.0%     22

[Copilot]

Pull request overview

This PR migrates ENS offchain resolution to a signed-gateway CCIP-Read (ERC-3668) model: the L1 UniversalResolver reverts with OffchainLookup, the gateway resolves against L2 NameService, then returns an EIP-712 signed payload that the L1 resolver verifies.

Changes:

• Replaced storage-proof based verification in UniversalResolver with EIP-712 signature verification and trusted signer rotation.
• Added a new gateway /resolve endpoint plus L2 resolution + signing utilities to support addr, addr-multichain, and text.
• Added protocol documentation and a Foundry test suite covering core success/failure paths and signer rotation.

Reviewed changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 11 comments.

Show a summary per file

File	Description
src/nameservice/UniversalResolver.sol	Switches resolver to CCIP-Read + EIP-712 signed responses; adds trusted signers and URL rotation.
clk-gateway/src/routes/resolve.ts	Implements the CCIP-Read callback endpoint (/resolve) that decodes (name,data), resolves via L2, and signs responses.
clk-gateway/src/resolver/resolveFromL2.ts	Adds L2 resolution dispatcher for addr, addr-multichain, and text and returns ABI-encoded results.
clk-gateway/src/resolver/signResolution.ts	Adds EIP-712 signing for Resolution(name,data,result,expiresAt) and ABI-encodes the callback response payload.
clk-gateway/src/setup.ts	Wires env/config for resolver signer, L1 resolver address, chainId, and signature TTL.
clk-gateway/src/index.ts	Extends JSON parsing to accept text/plain and registers the new /resolve router.
clk-gateway/src/interfaces.ts	Extends NameService interface with getTextRecord.
script/DeployL1Ens.s.sol	Refactors deployment for signed-gateway resolver model and adds optional ENS setResolver step.
test/nameservice/UniversalResolver.t.sol	Adds Foundry tests for signature verification, TTL bounds, signer rotation, and interface support.
src/nameservice/doc/signed-resolver-protocol.md	Adds RFC-style protocol specification for the signed-gateway resolver model.

[aliXsed]

Consolidated inline review — 10 items across the changeset, ordered by priority.

[aliXsed]

Tracking issue for evaluating a trustless alternative to the signed-gateway interim solution: NodleCode/meta#169 — Evaluate Unruggable Gateways ZkSync support as replacement for trusted signed-gateway.

The signed-gateway model in this PR is standards-compliant (ERC-3668, ENSIP-10) and matches what Coinbase/Uniswap/ENS reference use in production. However, Unruggable Gateways already has ZkSync support (ZKSyncRollup + ZKSyncProver + ZKSyncVerifierHooks) and could potentially restore the trustless verification model we had before the ZkSync proof format break.