typescript sdk#2853
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
🛡️ AI Review — Skeptic (security review)VERDICT: SAFE VERY HIGH scrutiny: 10-day-old account with no public repositories, mitigated by repository write permission, consistent commit authorship, and no known Gittensor association; bittensor-core-typescript-sdk → bittensor-core-exploration. No protected AI-review or Copilot instruction files were modified. Static analysis found no malicious behavior or security vulnerability in the SDK, native key-handling boundaries, locked dependencies, build scripts, or fork-gated CI execution. FindingsNo findings. ConclusionThe prior wasm-pack supply-chain concern remains resolved, and the current diff introduces no new security findings. 🔍 AI Review — Auditor (domain review)VERDICT: 👍 Gittensor association UNKNOWN; very new contributor with repository write access, so the large SDK received heightened scrutiny. The description matches the implementation. No spec-version bump applies to this non-network base branch, and overlapping PRs are complementary rather than duplicates. No runtime confirmation was needed for this unchanged rerun. FindingsNo findings. ConclusionThe SDK implementation, compatibility layers, and focused tests remain coherent. No substantive domain issues block merge. |
|
🔄 AI review updated — Skeptic: VULNERABLE |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👍 |
|
🔄 AI review updated — Skeptic: VULNERABLE |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👍 |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👎 |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👎 |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👍 |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👍 |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👍 |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👍 |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👍 |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👍 |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👍 |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👍 |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👍 |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👍 |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👍 |
Motivation
Add a first-party TypeScript SDK backed by the shared Rust
bittensor-coreimplementation. This avoids reimplementing key handling, SCALE/runtime operations, signed extrinsics, timelock cryptography, metadata proofs, Ledger support, and MEV-shield primitives in JavaScript while providing idiomatic TypeScript chain APIs.Changes
sdk/bittensor-tsas@bittensor/sdk, with CommonJS, ESM, native, browser, and TypeScript declaration entry points.bittensor-corefor keys and keyfiles, runtime metadata and SCALE operations, signed extrinsics, timelock operations, ML-KEM, metadata proofs, and Ledger support.bittensor-core-wasm, without Node native addons,Buffer, filesystem access, or native HID.Files of interest
sdk/bittensor-ts/native/— Node-API binding layersdk/bittensor-ts/src/— TypeScript client, wallet, runtime, and compatibility APIssdk/bittensor-ts/src/browser.ts— browser/WASM entry pointsdk/bittensor-ts/test/basic.test.cjs— package-level teststs-tests/suites/dev/sdk/test-bittensor-ts.ts— chain integration test.github/workflows/bittensor-ts-e2e.yml— SDK build and e2e integrationBehavioral impact
TypeScript consumers can use the shared Rust implementation through
@bittensor/sdk, with a native Node.js API and a portable browser/WASM subset. Existing TypeScript e2e helpers now use the SDK for key, address, balance, and transaction operations. This PR does not change on-chain runtime behavior.Migration and spec version
No storage migration is required. No runtime spec-version bump is required because the runtime is unchanged and the target branch has no network spec-version check.
Testing
CI type-checks and builds the native and browser SDKs, verifies binding parity, runs package and browser tests on the minimum supported Node version, submits and verifies a signed dev-chain transaction, and runs the dev and zombienet TypeScript e2e suites using the built SDK artifact.