bittensor-core e2es#2850
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
🛡️ AI Review — Skeptic (security review)VERDICT: SAFE VERY HIGH scrutiny: 8-day-old account with no public repositories; mitigated by repository write access, matching author/committer identity, and no Gittensor association found. Static analysis found no malicious behavior, dependency tampering, runtime changes, or modifications to trusted AI-review instructions. The transaction-policy fields are now private, arbitrary calls fail closed, and trusted semantics can only be assigned by operation-specific constructors. FindingsNo findings. Prior-comment reconciliation
ConclusionThe previously reported policy bypass is fixed, and no new security vulnerabilities were found. 📜 Previous run (superseded)
🔍 AI Review — Auditor (domain review)VERDICT: 👍 UNKNOWN gittensor association; newer contributor with repository write access, so the large SDK surface received heightened static scrutiny. PR body was empty/trivial; the Auditor has auto-filled it. Please review. This adds a metadata-driven Rust chain client, semantic transaction planning and policy enforcement, and 113 manifest-backed localnet E2E cases. The workflow now compiles the E2E binary once, verifies manifest completeness, and runs each case independently against the generated localnet image. No runtime or pallet code changes are present. The nonstandard base branch has no applicable spec-version check. Overlap with #2846 and #2841 is limited to the workflow and reflects the stacked SDK/consolidation work rather than a competing implementation. No runtime confirmation was needed for a specific finding. FindingsNo findings. ConclusionThe implementation is internally consistent, fail-closed at the transaction-policy boundary, and backed by broad E2E coverage. No substantive merge-blocking issue was identified. |
|
🔄 AI review updated — Skeptic: VULNERABLE |
|
🔄 AI review updated — Skeptic: SAFE Auditor: 👍 |
Motivation
Provide native Rust coverage for the
bittensor-coreSDK and migrate the Bittensor end-to-end suite to a metadata-driven Rust harness. This validates chain reads, transaction construction, policy enforcement, submission outcomes, and higher-level SDK behavior against the repository's localnet image.What changed
sdk/bittensor-core/src/client.rs, including pinned reads, runtime API calls, storage queries, fee estimation, signed submission, receipt decoding, snapshots, block streaming, and MEV-shielded submission.sdk/bittensor-core/src/transaction.rs.sdk/bittensor-core/tests/..github/workflows/check-bittensor-e2e-tests.ymlto verify manifest completeness, compile the Rust E2E binary once, build the localnet image, and execute each manifest case independently with one retry.Behavioral impact
The Rust SDK gains native chain access and transaction execution APIs. The E2E workflow now exercises the Rust suite rather than the prior test discovery/execution path. Runtime and pallet behavior are unchanged.
Migration and spec version
No storage migration is required. This PR does not modify runtime or pallet code, and its
bittensor-core-explorationbase has no network spec-version check, so nospec_versionbump is required.Testing
The workflow compiles
bittensor-core-py, compiles the Rust E2E target, verifies that all 113 manifest entries exactly match compiled tests, and runs each test against both fast-runtime and non-fast-runtime localnet artifacts.