Skip to content

feat: typed currency units through runtime metadata and SDK#2867

Merged
IntiTechnologies merged 30 commits into
mainfrom
bittensor-core-typed-units
Jul 12, 2026
Merged

feat: typed currency units through runtime metadata and SDK#2867
IntiTechnologies merged 30 commits into
mainfrom
bittensor-core-typed-units

Conversation

@unarbos

@unarbos unarbos commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

Summary

Omnibus branch for the next merge into main. Contains:

Typed currency units (WIP, still being iterated)

  • TypeInfo derived on TaoBalance / AlphaBalance / NetUid so type identity survives into runtime metadata; SDKs can generate distinct unit types instead of bare integers.
  • SDK transport IR carries per-call-arg and per-storage type identities (CallArgIR, StorageIR), threaded through bittensor-core(-py/-wasm) and the Python codec, intents, hyperparams, and CLI.
  • Website refresh riding along from the same working tree.

CI fixes (mirrors #2865)

  • Vercel deploys run from the repo root (Deploy Docs was failing with ENOENT on every main push).
  • try-runtime create-snapshot argument order (all three snapshot jobs failed on first dispatch).
  • gittensor indexer on Python 3.12 (pinned package requires >=3.12).

Merged PRs

Test plan

  • CI wave green (codegen drift gate will need a regeneration pass once the runtime metadata shape settles)
  • Regenerate sdk/python/bittensor/_generated against spec 429
  • Mark ready for review once the typed-units work lands its final state

loom-agent and others added 12 commits July 11, 2026 20:59
`write_pulse` is an unsigned, feeless extrinsic whose only round gate was
`pulse.round > last_stored_round`, with no upper bound. A single accepted
pulse could therefore leap `LastStoredRound` from L to R, leaving rounds
L+1..R-1 permanently un-storable (every later pulse must exceed `last`),
which wedges the CR-v3 weight reveals and the metadata timelocks that
reference those skipped rounds.

Bound the advance at two layers:

- dispatch (`write_pulse`): once a baseline is anchored, require
  `pulse.round == last_stored_round + 1`. The offchain worker already
  submits a contiguous run starting at `last + 1`, one single-round
  transaction at a time, so this stays liveness-safe while making a leap
  impossible. The first-storage anchor (last == 0 && oldest == 0) still
  accepts any round > 0, matching the OCW which seeds `last` to
  `current_round - 1` before submitting the first pulse.
- mempool (`validate_unsigned`): drop any round more than
  `MAX_PULSES_TO_FETCH` ahead of `last`, so leap attempts are rejected
  before they reach dispatch. The bound equals the OCW's largest catch-up
  run, so legitimate catch-up is unaffected.

spec_version bumped to 426 for the dispatchable behavior change.

Refs #2794
---
updated-dependencies:
- dependency-name: turbo
  dependency-version: 2.10.4
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [tar](https://github.com/isaacs/node-tar) from 7.4.3 to 7.5.20.
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v7.4.3...v7.5.20)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.20
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 3.14.1 to 3.15.0.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@3.14.1...3.15.0)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 3.15.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [fast-uri](https://github.com/fastify/fast-uri) from 3.0.6 to 3.1.3.
- [Release notes](https://github.com/fastify/fast-uri/releases)
- [Commits](fastify/fast-uri@v3.0.6...v3.1.3)

---
updated-dependencies:
- dependency-name: fast-uri
  dependency-version: 3.1.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) from 7.25.9 to 7.29.7.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs)

---
updated-dependencies:
- dependency-name: "@babel/plugin-transform-modules-systemjs"
  dependency-version: 7.29.7
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.26.9 to 7.29.7.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-core)

---
updated-dependencies:
- dependency-name: "@babel/core"
  dependency-version: 7.29.7
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
The Vercel project root directory (website/apps/bittensor-website) is resolved against the CLI cwd, so running from website/ doubles the path and vercel build fails with ENOENT.
--uri is variadic in try-runtime-cli, so a trailing positional snapshot path is consumed as a second URI value and fails validation. All three try-runtime snapshot jobs failed this way on the first dispatch.
The pinned gittensor commit declares requires-python >=3.12, so every scheduled run fails at pip install under the 3.11 setup.
…refresh

Snapshot of in-progress work: TypeInfo derived on TaoBalance/AlphaBalance/
NetUid so type identity survives into runtime metadata; SDK codec/IR carries
per-arg and per-storage type identities; typed-unit handling through the
Python SDK intents, hyperparams, and CLI; assorted website updates.
@vercel

vercel Bot commented Jul 12, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
subtensor Ready Ready Preview, Comment Jul 12, 2026 7:48pm

Request Review

@github-actions

github-actions Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

🛡️ AI Review — Skeptic (security review)

VERDICT: SAFE

Baseline scrutiny: established contributor with repository write access and no detected Gittensor association; branch targets the permitted main trunk.

The prefetched patch was empty despite 267 reported files, so the review used the exact locally available base and head commit objects. Static analysis found no malicious behavior, dependency backdoor, origin bypass, or newly introduced runtime panic path. The runtime change includes a spec_version bump, and the PR-side trusted review files exactly match the supplied trusted copies.

Findings

No findings.

Prior-comment reconciliation

  • 620f20b6: no longer applies — The trusted branch policy identifies main as the trunk and permits feature PRs to target it.
  • fb2f430f: no longer applies — The PR-side .github/ai-review/common.md exactly matches the supplied trusted version.

Conclusion

No security vulnerability or evidence of malicious intent was found.


📜 Previous run (superseded)
Sev File Finding Status
HIGH PR metadata (baseRefName) PR targets an unauthorized base branch ⏭️ No longer applies
The trusted branch policy identifies main as the trunk and permits feature PRs to target it.
HIGH .github/ai-review/common.md:17 PR rewrites its own trusted branch-review policy ⏭️ No longer applies
The PR-side .github/ai-review/common.md exactly matches the supplied trusted version.

🔍 AI Review — Auditor (domain review)

VERDICT: 👍

Gittensor association UNKNOWN; author has repository write access and substantial recent contributions, warranting established-contributor calibration.

PR #2867 is already merged, and origin/main contains the reviewed head. Consequently, the supplied PR patch and current three-dot diff are empty, leaving no remaining changes to audit or actionable findings to raise.

Findings

No findings.

Prior-comment reconciliation

  • f1473196: no longer applies — The PR is already merged, so its target branch can no longer be changed and the prior pre-merge concern is no longer actionable.

Conclusion

No outstanding review action remains because the PR has already merged into main.


📜 Previous run (superseded)
Sev File Finding Status
HIGH PR metadata PR bypasses the required branch promotion flow ⏭️ No longer applies
The PR is already merged, so its target branch can no longer be changed and the prior pre-merge concern is no longer actionable.

@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: VULNERABLE

unarbos and others added 10 commits July 12, 2026 12:29
Co-authored-by: Cursor <cursoragent@cursor.com>
…js-yaml-3.15.0' into bittensor-core-typed-units
…fast-uri-3.1.3' into bittensor-core-typed-units
…babel/core-7.29.7' into bittensor-core-typed-units
…babel/plugin-transform-modules-systemjs-7.29.7' into bittensor-core-typed-units
…turbo-2.10.4' into bittensor-core-typed-units
Co-authored-by: Cursor <cursoragent@cursor.com>
@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: VULNERABLE

@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👎

…tion

Best-head polling now skips the canonical-hash lookup until the head number
advances, and the finalized path skips the header fetch while
chain_getFinalizedHead is unchanged. The poll interval derives from the
chain's detected block time (a quarter slot, clamped 50ms..3s) instead of a
fixed 50ms, so an idle mainnet follower costs ~one cheap call every 3s while
fast-blocks chains keep sub-slot latency.

Co-authored-by: Cursor <cursoragent@cursor.com>
…units

Co-authored-by: Cursor <cursoragent@cursor.com>

# Conflicts:
#	.github/workflows/build-core-wheels.yml
@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👎

…low — devnet/testnet/mainnet are CI-managed mirrors, not PR targets, so integration-branch PRs stop tripping a false VULNERABLE verdict

Co-authored-by: Cursor <cursoragent@cursor.com>

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment on lines +15 to +17
- `main` is the trunk. PRs target `main`, or a feature integration branch (e.g. a consolidation branch) that itself has an open PR into `main`.
- Deployment is automated, not PR-driven: merges to `main` ride the release train, which deploys devnet → testnet → mainnet via on-chain `setCode` (see `docs/internals/release-process.mdx`).
- `devnet`, `testnet`, and `mainnet` are CI-managed mirror branches recording what each network currently runs. They are ruleset-locked; only the release train updates them. A PR targeting any of them is illegitimate.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[HIGH] PR rewrites its own trusted branch-review policy

This replaces the base branch’s trusted review rule with a policy that legitimizes this PR’s main target. Review instructions must not be changed within the same code PR whose acceptability they determine; restore the trusted policy and submit any governance change separately for dedicated review.

Suggested change
- `main` is the trunk. PRs target `main`, or a feature integration branch (e.g. a consolidation branch) that itself has an open PR into `main`.
- Deployment is automated, not PR-driven: merges to `main` ride the release train, which deploys devnet → testnet → mainnet via on-chain `setCode` (see `docs/internals/release-process.mdx`).
- `devnet`, `testnet`, and `mainnet` are CI-managed mirror branches recording what each network currently runs. They are ruleset-locked; only the release train updates them. A PR targeting any of them is illegitimate.
- All non-deployment PRs must target `devnet`.
- Deployment-only flow: `devnet``testnet``mainnet`.
- A PR targeting `mainnet` directly is only legitimate if it is a hotfix or a deployment PR.
- `testnet` and `mainnet` may only receive promotion merges from the branch directly upstream of them.

@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: VULNERABLE

…o-tests indexer bindings track the Vec<PerU16> storage types, clippy doc indentation, rustfmt

Co-authored-by: Cursor <cursoragent@cursor.com>
@github-actions

Copy link
Copy Markdown
Contributor

eco-tests changed — indexer review required

This PR modifies files under eco-tests/. and may affect downstream indexing.
cc @evgeny-s — please review manually

Changed files
  • eco-tests/src/tests_mentat_indexer.rs
  • eco-tests/src/tests_taocom_indexer.rs

@github-actions github-actions Bot requested a review from evgeny-s July 12, 2026 19:45

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment on lines +15 to +17
- `main` is the trunk. PRs target `main`, or a feature integration branch (e.g. a consolidation branch) that itself has an open PR into `main`.
- Deployment is automated, not PR-driven: merges to `main` ride the release train, which deploys devnet → testnet → mainnet via on-chain `setCode` (see `docs/internals/release-process.mdx`).
- `devnet`, `testnet`, and `mainnet` are CI-managed mirror branches recording what each network currently runs. They are ruleset-locked; only the release train updates them. A PR targeting any of them is illegitimate.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[HIGH] PR rewrites its own trusted branch-review policy

This PR changes .github/ai-review/*, and the supplied trusted instructions require such modifications to be flagged at least HIGH. It also replaces the trusted branch rules with rules that legitimize this PR's main target. Keep security-review policy changes isolated and reviewed against the trusted base version.

Suggested change
- `main` is the trunk. PRs target `main`, or a feature integration branch (e.g. a consolidation branch) that itself has an open PR into `main`.
- Deployment is automated, not PR-driven: merges to `main` ride the release train, which deploys devnet → testnet → mainnet via on-chain `setCode` (see `docs/internals/release-process.mdx`).
- `devnet`, `testnet`, and `mainnet` are CI-managed mirror branches recording what each network currently runs. They are ruleset-locked; only the release train updates them. A PR targeting any of them is illegitimate.
- All non-deployment PRs must target `devnet`.
- Deployment-only flow: `devnet``testnet``mainnet`.
- A PR targeting `mainnet` directly is only legitimate if it is a hotfix or a deployment PR.
- `testnet` and `mainnet` may only receive promotion merges from the branch directly upstream of them.

@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: VULNERABLE

@IntiTechnologies IntiTechnologies marked this pull request as ready for review July 12, 2026 19:56
@IntiTechnologies IntiTechnologies merged commit ff1e1ed into main Jul 12, 2026
172 of 176 checks passed
@unarbos unarbos deleted the bittensor-core-typed-units branch July 12, 2026 19:59
@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants