typescript sdk#2853
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
🛡️ AI Review — Skeptic (security review)VERDICT: SAFE VERY HIGH scrutiny: 11-day-old account with minimal public history; tempered by repository write permission, consistent authorship, and no known Gittensor association; bittensor-core-typescript-sdk → main. Static analysis covered the full SDK and workflow diff, with emphasis on build-time execution, CI credentials, dependency pinning, key material, signing, metadata validation, nonce handling, RPC trust boundaries, and transaction submission. The sole commit after the prior SAFE review is a semantics-preserving options-struct/clippy refactor. Protected AI-review instructions are unchanged. FindingsNo findings. ConclusionNo malicious payload or security vulnerability was identified in the current revision. 🔍 AI Review — Auditor (domain review)VERDICT: 👍 Gittensor association UNKNOWN; 11-day-old contributor with repository write access, warranting heightened scrutiny. The implementation remains consistent with the substantive PR description and has broad package, browser, binding-parity, and dev-chain coverage. The only commit since the prior Auditor review is a semantics-preserving options-struct/clippy refactor. Overlapping PR #2850 is stacked/complementary rather than competing; other overlaps are incidental. Description correction: FindingsNo findings. ConclusionNo correctness or domain issue was found that should block merge. |
|
🔄 AI review updated — Skeptic: VULNERABLE |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👍 |
|
🔄 AI review updated — Skeptic: VULNERABLE |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👍 |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👎 |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👎 |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👍 |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👍 |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👍 |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👍 |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👍 |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👍 |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👍 |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👍 |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👍 |
Motivation
Add a first-party TypeScript SDK backed by the shared Rust
bittensor-coreimplementation. This avoids reimplementing key handling, SCALE/runtime operations, signed extrinsics, timelock cryptography, metadata proofs, Ledger support, and MEV-shield primitives in JavaScript while providing idiomatic TypeScript chain APIs.Changes
sdk/bittensor-tsas@bittensor/sdk, with CommonJS, ESM, native, browser, and TypeScript declaration entry points.bittensor-corefor keys and keyfiles, runtime metadata and SCALE operations, signed extrinsics, timelock operations, ML-KEM, metadata proofs, and Ledger support.bittensor-core-wasm, without Node native addons,Buffer, filesystem access, or native HID.Files of interest
sdk/bittensor-ts/native/— Node-API binding layersdk/bittensor-ts/src/— TypeScript client, wallet, runtime, and compatibility APIssdk/bittensor-ts/src/browser.ts— browser/WASM entry pointsdk/bittensor-ts/test/basic.test.cjs— package-level teststs-tests/suites/dev/sdk/test-bittensor-ts.ts— chain integration test.github/workflows/bittensor-ts-e2e.yml— SDK build and e2e integrationBehavioral impact
TypeScript consumers can use the shared Rust implementation through
@bittensor/sdk, with a native Node.js API and a portable browser/WASM subset. Existing TypeScript e2e helpers now use the SDK for key, address, balance, and transaction operations. This PR does not change on-chain runtime behavior.Migration and spec version
No storage migration is required. No runtime spec-version bump is required because the runtime is unchanged and the target branch has no network spec-version check.
Testing
CI type-checks and builds the native and browser SDKs, verifies binding parity, runs package and browser tests on the minimum supported Node version, submits and verifies a signed dev-chain transaction, and runs the dev and zombienet TypeScript e2e suites using the built SDK artifact.