feat: typed currency units through runtime metadata and SDK#2867
Conversation
`write_pulse` is an unsigned, feeless extrinsic whose only round gate was `pulse.round > last_stored_round`, with no upper bound. A single accepted pulse could therefore leap `LastStoredRound` from L to R, leaving rounds L+1..R-1 permanently un-storable (every later pulse must exceed `last`), which wedges the CR-v3 weight reveals and the metadata timelocks that reference those skipped rounds. Bound the advance at two layers: - dispatch (`write_pulse`): once a baseline is anchored, require `pulse.round == last_stored_round + 1`. The offchain worker already submits a contiguous run starting at `last + 1`, one single-round transaction at a time, so this stays liveness-safe while making a leap impossible. The first-storage anchor (last == 0 && oldest == 0) still accepts any round > 0, matching the OCW which seeds `last` to `current_round - 1` before submitting the first pulse. - mempool (`validate_unsigned`): drop any round more than `MAX_PULSES_TO_FETCH` ahead of `last`, so leap attempts are rejected before they reach dispatch. The bound equals the OCW's largest catch-up run, so legitimate catch-up is unaffected. spec_version bumped to 426 for the dispatchable behavior change. Refs #2794
--- updated-dependencies: - dependency-name: turbo dependency-version: 2.10.4 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [tar](https://github.com/isaacs/node-tar) from 7.4.3 to 7.5.20. - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v7.4.3...v7.5.20) --- updated-dependencies: - dependency-name: tar dependency-version: 7.5.20 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 3.14.1 to 3.15.0. - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@3.14.1...3.15.0) --- updated-dependencies: - dependency-name: js-yaml dependency-version: 3.15.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [fast-uri](https://github.com/fastify/fast-uri) from 3.0.6 to 3.1.3. - [Release notes](https://github.com/fastify/fast-uri/releases) - [Commits](fastify/fast-uri@v3.0.6...v3.1.3) --- updated-dependencies: - dependency-name: fast-uri dependency-version: 3.1.3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) from 7.25.9 to 7.29.7. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs) --- updated-dependencies: - dependency-name: "@babel/plugin-transform-modules-systemjs" dependency-version: 7.29.7 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.26.9 to 7.29.7. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-core) --- updated-dependencies: - dependency-name: "@babel/core" dependency-version: 7.29.7 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
# Conflicts: # runtime/src/lib.rs
The Vercel project root directory (website/apps/bittensor-website) is resolved against the CLI cwd, so running from website/ doubles the path and vercel build fails with ENOENT.
--uri is variadic in try-runtime-cli, so a trailing positional snapshot path is consumed as a second URI value and fails validation. All three try-runtime snapshot jobs failed this way on the first dispatch.
The pinned gittensor commit declares requires-python >=3.12, so every scheduled run fails at pip install under the 3.11 setup.
…refresh Snapshot of in-progress work: TypeInfo derived on TaoBalance/AlphaBalance/ NetUid so type identity survives into runtime metadata; SDK codec/IR carries per-arg and per-storage type identities; typed-unit handling through the Python SDK intents, hyperparams, and CLI; assorted website updates.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
🛡️ AI Review — Skeptic (security review)VERDICT: SAFE Baseline scrutiny: established contributor with repository write access and no detected Gittensor association; branch targets the permitted The prefetched patch was empty despite 267 reported files, so the review used the exact locally available base and head commit objects. Static analysis found no malicious behavior, dependency backdoor, origin bypass, or newly introduced runtime panic path. The runtime change includes a FindingsNo findings. Prior-comment reconciliation
ConclusionNo security vulnerability or evidence of malicious intent was found. 📜 Previous run (superseded)
🔍 AI Review — Auditor (domain review)VERDICT: 👍 Gittensor association UNKNOWN; author has repository write access and substantial recent contributions, warranting established-contributor calibration. PR #2867 is already merged, and FindingsNo findings. Prior-comment reconciliation
ConclusionNo outstanding review action remains because the PR has already merged into 📜 Previous run (superseded)
|
|
🔄 AI review updated — Skeptic: VULNERABLE |
Co-authored-by: Cursor <cursoragent@cursor.com>
… bittensor-core-typed-units
…tar-7.5.20' into bittensor-core-typed-units
…js-yaml-3.15.0' into bittensor-core-typed-units
…fast-uri-3.1.3' into bittensor-core-typed-units
…babel/core-7.29.7' into bittensor-core-typed-units
…babel/plugin-transform-modules-systemjs-7.29.7' into bittensor-core-typed-units
…turbo-2.10.4' into bittensor-core-typed-units
Co-authored-by: Cursor <cursoragent@cursor.com>
…gent/subtensor into bittensor-core-typed-units
|
🔄 AI review updated — Skeptic: VULNERABLE |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👎 |
…tion Best-head polling now skips the canonical-hash lookup until the head number advances, and the finalized path skips the header fetch while chain_getFinalizedHead is unchanged. The poll interval derives from the chain's detected block time (a quarter slot, clamped 50ms..3s) instead of a fixed 50ms, so an idle mainnet follower costs ~one cheap call every 3s while fast-blocks chains keep sub-slot latency. Co-authored-by: Cursor <cursoragent@cursor.com>
…units Co-authored-by: Cursor <cursoragent@cursor.com> # Conflicts: # .github/workflows/build-core-wheels.yml
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👎 |
…low — devnet/testnet/mainnet are CI-managed mirrors, not PR targets, so integration-branch PRs stop tripping a false VULNERABLE verdict Co-authored-by: Cursor <cursoragent@cursor.com>
| - `main` is the trunk. PRs target `main`, or a feature integration branch (e.g. a consolidation branch) that itself has an open PR into `main`. | ||
| - Deployment is automated, not PR-driven: merges to `main` ride the release train, which deploys devnet → testnet → mainnet via on-chain `setCode` (see `docs/internals/release-process.mdx`). | ||
| - `devnet`, `testnet`, and `mainnet` are CI-managed mirror branches recording what each network currently runs. They are ruleset-locked; only the release train updates them. A PR targeting any of them is illegitimate. |
There was a problem hiding this comment.
[HIGH] PR rewrites its own trusted branch-review policy
This replaces the base branch’s trusted review rule with a policy that legitimizes this PR’s main target. Review instructions must not be changed within the same code PR whose acceptability they determine; restore the trusted policy and submit any governance change separately for dedicated review.
| - `main` is the trunk. PRs target `main`, or a feature integration branch (e.g. a consolidation branch) that itself has an open PR into `main`. | |
| - Deployment is automated, not PR-driven: merges to `main` ride the release train, which deploys devnet → testnet → mainnet via on-chain `setCode` (see `docs/internals/release-process.mdx`). | |
| - `devnet`, `testnet`, and `mainnet` are CI-managed mirror branches recording what each network currently runs. They are ruleset-locked; only the release train updates them. A PR targeting any of them is illegitimate. | |
| - All non-deployment PRs must target `devnet`. | |
| - Deployment-only flow: `devnet` → `testnet` → `mainnet`. | |
| - A PR targeting `mainnet` directly is only legitimate if it is a hotfix or a deployment PR. | |
| - `testnet` and `mainnet` may only receive promotion merges from the branch directly upstream of them. |
|
🔄 AI review updated — Skeptic: VULNERABLE |
…o-tests indexer bindings track the Vec<PerU16> storage types, clippy doc indentation, rustfmt Co-authored-by: Cursor <cursoragent@cursor.com>
eco-tests changed — indexer review requiredThis PR modifies files under Changed files
|
| - `main` is the trunk. PRs target `main`, or a feature integration branch (e.g. a consolidation branch) that itself has an open PR into `main`. | ||
| - Deployment is automated, not PR-driven: merges to `main` ride the release train, which deploys devnet → testnet → mainnet via on-chain `setCode` (see `docs/internals/release-process.mdx`). | ||
| - `devnet`, `testnet`, and `mainnet` are CI-managed mirror branches recording what each network currently runs. They are ruleset-locked; only the release train updates them. A PR targeting any of them is illegitimate. |
There was a problem hiding this comment.
[HIGH] PR rewrites its own trusted branch-review policy
This PR changes .github/ai-review/*, and the supplied trusted instructions require such modifications to be flagged at least HIGH. It also replaces the trusted branch rules with rules that legitimize this PR's main target. Keep security-review policy changes isolated and reviewed against the trusted base version.
| - `main` is the trunk. PRs target `main`, or a feature integration branch (e.g. a consolidation branch) that itself has an open PR into `main`. | |
| - Deployment is automated, not PR-driven: merges to `main` ride the release train, which deploys devnet → testnet → mainnet via on-chain `setCode` (see `docs/internals/release-process.mdx`). | |
| - `devnet`, `testnet`, and `mainnet` are CI-managed mirror branches recording what each network currently runs. They are ruleset-locked; only the release train updates them. A PR targeting any of them is illegitimate. | |
| - All non-deployment PRs must target `devnet`. | |
| - Deployment-only flow: `devnet` → `testnet` → `mainnet`. | |
| - A PR targeting `mainnet` directly is only legitimate if it is a hotfix or a deployment PR. | |
| - `testnet` and `mainnet` may only receive promotion merges from the branch directly upstream of them. |
|
🔄 AI review updated — Skeptic: VULNERABLE |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👍 |
Summary
Omnibus branch for the next merge into main. Contains:
Typed currency units (WIP, still being iterated)
TypeInfoderived onTaoBalance/AlphaBalance/NetUidso type identity survives into runtime metadata; SDKs can generate distinct unit types instead of bare integers.CallArgIR,StorageIR), threaded throughbittensor-core(-py/-wasm) and the Python codec, intents, hyperparams, and CLI.CI fixes (mirrors #2865)
create-snapshotargument order (all three snapshot jobs failed on first dispatch).Merged PRs
Test plan
sdk/python/bittensor/_generatedagainst spec 429