feat: add sepolia task

Makefile

@@ -110,13 +110,7 @@ forge-deps:
 .PHONY: checkout-base-contracts-commit
 checkout-base-contracts-commit:
 	[ -n "$(BASE_CONTRACTS_COMMIT)" ] || (echo "BASE_CONTRACTS_COMMIT must be set in .env" && exit 1)
-	rm -rf lib/base-contracts
-	mkdir -p lib/base-contracts
-	cd lib/base-contracts; \
-	git init; \
-	git remote add origin https://github.com/base/contracts.git; \
-	git fetch --depth=1 origin $(BASE_CONTRACTS_COMMIT); \
-	git reset --hard FETCH_HEAD
+	forge install --no-git github.com/base/contracts@$(BASE_CONTRACTS_COMMIT)
 
 ##
 # Task Signer Tool

sepolia/2026-02-19-superchain-separation/.env

@@ -0,0 +1,96 @@
+# ==============================================================================
+# Environment Configuration
+# ==============================================================================
+# This file contains all environment variables required for the Superchain
+# separation contract deployment and upgrade scripts.
+# ==============================================================================
+
+# ==============================================================================
+# DEPENDENCY VERSIONS
+# ==============================================================================
+# Git commits for library dependencies checked out during `make deps`
+
+# Base contracts repository commit hash (base/contracts)
+# Used for: MultisigScript and other base-specific utilities
+BASE_CONTRACTS_COMMIT=be7c7a642e430fa64b04b63203839f8c81f48466
+
+# ==============================================================================
+# SAFE ADDRESSES - L1 (Ethereum)
+# ==============================================================================
+# Gnosis Safe multisig addresses on L1 for governance and operations
+
+# Main owner Safe that controls the ProxyAdmin
+# Used by: DeploySuperchainConfigAndSystemConfig, UpdateProxyAdminOwnerSigners, UpgradeSystemConfig
+OWNER_SAFE=0x0fe884546476dDd290eC46318785046ef68a0BA9
+
+# Coinbase signer Safe (will have EOA signers after UpdateCBSafeSigners)
+# Used by: UpdateCBSafeSigners (as the target Safe being updated)
+CB_SIGNER_SAFE_ADDR=0x646132A1667ca7aD00d36616AFBA1A28116C770A
+
+# Coinbase nested Safe (contains EOAs that will become direct signers)
+# Used by: UpdateCBSafeSigners, UpgradeFeeDisburser
+CB_NESTED_SAFE_ADDR=0x5dfEB066334B67355A15dc9b67317fD2a2e1f77f
+
+# Coinbase Security Council Safe
+# Used by: UpdateCBSafeSigners, UpdateProxyAdminOwnerSigners
+CB_SC_SAFE_ADDR=0x6AF0674791925f767060Dd52f7fB20984E8639d8
+
+# Optimism Foundation signer Safe (mainnet only - to be replaced by SC)
+# Used by: UpdateProxyAdminOwnerSigners
+OP_SIGNER_SAFE_ADDR=0x6AF0674791925f767060Dd52f7fB20984E8639d8
+
+# Incident response multisig (guardian for SuperchainConfig)
+# Used by: DeploySuperchainConfigAndSystemConfig
+INCIDENT_MULTISIG=0x5dfEB066334B67355A15dc9b67317fD2a2e1f77f
+
+# ==============================================================================
+# DeployFeeDisburser.s.sol
+# ==============================================================================
+# Configuration for deploying the FeeDisburser contract on L2
+
+# L1 address that receives bridged fees from L2 FeeVaults
+# This is typically the BalanceTracker contract address
+BALANCE_TRACKER=0x8D1b5e5614300F5c7ADA01fFA4ccF8F1752D9A57
+
+# Minimum time in seconds between fee disbursements (must be >= 86400 / 24 hours)
+FEE_DISBURSEMENT_INTERVAL=604800
+
+# ==============================================================================
+# UpgradeSystemConfig.s.sol
+# ==============================================================================
+# Configuration for upgrading the SystemConfig proxy
+
+# ProxyAdmin contract that manages the SystemConfig proxy
+PROXY_ADMIN=0x0389E59Aa0a41E4A413Ae70f0008e76CAA34b1F3
+
+# Current SystemConfig proxy address to be upgraded
+SYSTEM_CONFIG=0xf272670eb55e895584501d564AfEB048bEd26194
+
+# New SystemConfig implementation address (deployed by DeploySuperchainConfigAndSystemConfig)
+SYSTEM_CONFIG_IMPLEMENTATION=0xEE364DE73E1827F5e31a18C70A40F1F78c075b84
+
+# New SuperchainConfig proxy address (deployed by DeploySuperchainConfigAndSystemConfig)
+# This replaces the OP Superchain's SuperchainConfig with Base's own
+NEW_SUPERCHAIN_CONFIG=0xE4401EB53AE90a5335a51fe1828d7BeCf7a63508
+
+# ==============================================================================
+# UpgradeFeeDisburser.s.sol
+# ==============================================================================
+# Configuration for upgrading the FeeDisburser proxy on L2 via deposit transaction
+
+# OptimismPortal2 contract address on L1
+OPTIMISM_PORTAL_ADDR=0x49f53e41452C74589E85cA1677426Ba426459e85
+
+# FeeDisburser proxy contract address on L2
+FEE_DISBURSER_ADDR=0x76355A67fCBCDE6F9a69409A8EAd5EaA9D8d875d
+
+# New FeeDisburser implementation address on L2
+FEE_DISBURSER_IMPL_ADDR=0xa2FF1EdA0A2c5A757CCfcc52f3255C16347Ead03
+
+# ==============================================================================
+# MULTISIG OPERATIONS (runtime variables)
+# ==============================================================================
+# These variables are typically passed at runtime during signing/approval
+
+# Required for the task signer tool to work properly
+RECORD_STATE_DIFF=true

sepolia/2026-02-19-superchain-separation/FACILITATORS.md

@@ -0,0 +1,134 @@
+# Facilitator Instructions
+
+This document describes how to execute the Superchain separation sepolia transactions after collecting signatures.
+
+## Prerequisites
+
+### 1. Update repo and install dependencies
+
+```bash
+cd contract-deployments
+git pull
+cd sepolia/2026-02-19-superchain-separation
+make deps
+```
+
+## General Procedure
+
+1. Collect outputs from all participating signers.
+2. Concatenate all signatures and export as the `SIGNATURES` environment variable:
+   `export SIGNATURES="[SIGNATURE1][SIGNATURE2]..."`
+3. Run the appropriate `make approve-*` command(s) for each nested Safe.
+4. Run the appropriate `make execute-*` command to execute the transaction.
+
+## Important: Execution Order
+
+**Transactions MUST be executed in order (Part 1 → Part 2 → Part 3)** due to nonce dependencies:
+
+1. CB Nested Safe: Approve CBSafeSigners
+2. SC Safe: Approve CBSafeSigners
+3. CB Parent Safe: Execute CBSafeSigners
+4. CB Parent Safe: Approve UpgradeSystemConfig
+5. SC Safe: Approve UpgradeSystemConfig
+6. ProxyAdminOwner: Execute UpgradeSystemConfig
+7. CB Nested Safe: Execute UpgradeFeeDisburser
+
+### Example Signature Output
+
+If the quorum is 3 and you receive the following outputs:
+
+```shell
+Data:  0xDEADBEEF
+Signer: 0xC0FFEE01
+Signature: AAAA
+```
+
+```shell
+Data:  0xDEADBEEF
+Signer: 0xC0FFEE02
+Signature: BBBB
+```
+
+```shell
+Data:  0xDEADBEEF
+Signer: 0xC0FFEE03
+Signature: CCCC
+```
+
+Concatenate: `SIGNATURES=AAAABBBBCCCC`
+
+---
+
+## Part 1: UpdateCBSafeSigners (CB + SC)
+
+Updates the signers on the Coinbase Safe.
+
+### Approve
+
+Coinbase facilitator (with CB signer signatures):
+
+```bash
+SIGNATURES=<CB_SIGNATURES> make approve-cbsafesigners-cb
+```
+
+Coinbase facilitator (with SC signer signatures):
+
+```bash
+SIGNATURES=<SC_SIGNATURES> make approve-cbsafesigners-sc
+```
+
+### Execute
+
+Once all approvals are submitted:
+
+```bash
+make execute-cbsafesigners
+```
+
+---
+
+## Part 2: UpgradeSystemConfig (CB + SC)
+
+Upgrades the SystemConfig contract with the new SuperchainConfig.
+
+### Approve
+
+Coinbase facilitator (with CB signer signatures):
+
+```bash
+SIGNATURES=<CB_SIGNATURES> make approve-systemconfig-cb
+```
+
+Coinbase facilitator (with SC signer signatures):
+
+```bash
+SIGNATURES=<SC_SIGNATURES> make approve-systemconfig-sc
+```
+
+### Execute
+
+Once all approvals are submitted:
+
+```bash
+make execute-systemconfig
+```
+
+---
+
+## Part 3: UpgradeFeeDisburser (CB only)
+
+Upgrades the FeeDisburser contract via a deposit transaction on L1.
+
+> **Note:** This must be executed AFTER Part 1 (execute-cbsafesigners) due to nonce dependencies on `CB_NESTED_SAFE_ADDR`.
+
+### Approve (if using nested safe)
+
+```bash
+SIGNATURES=<CB_SIGNATURES> make approve-feedisburser
+```
+
+### Execute
+
+```bash
+SIGNATURES=<CB_SIGNATURES> make execute-feedisburser
+```