feat(ts): re-implement verifiedBuild using OtterSec registry

[eteen12]

Closes #4435

Problem

verifiedBuild was removed in #4425 because it pointed at api.apr.dev, which is defunct.

Changes

• Re-implements verifiedBuild(programId) in ts/packages/anchor/src/utils/registry.ts using the OtterSec registry (https://verify.osec.io/status/{programId})
• Exports a VerifiedBuild type matching the /status/{programId} response shape
• Returns null when the program is not verified or the request fails

API comparison

	Old (apr.dev)	New (verify.osec.io)
Staleness check	slot number comparison	is_verified flag (registry re-checks every 24h)
Signature	verifiedBuild(connection, programId, limit?)	verifiedBuild(programId)
Connection needed	Yes (to fetch on-chain slot)	No

[vercel]

@eteen12 is attempting to deploy a commit to the Solana Foundation Team on Vercel.

A member of the Team first needs to authorize it.

[greptile-apps]

Greptile Summary

This PR re-introduces verifiedBuild(programId) using the OtterSec registry (verify.osec.io) after the previous apr.dev-backed implementation was removed, and separately restores silent-fail behaviour in the IDL build's CrateContext::parse path so that crates using post-2022 Rust syntax no longer break --features idl-build.

• registry.ts: Adds verifiedBuild(programId) and a VerifiedBuild export type; the function returns null on HTTP error or when is_verified is false, but does not catch thrown exceptions from network failures or JSON parse errors, contradicting the stated "returns null on failure" contract.
• defined.rs: Converts CRATE_DATA_CACHE from Result to Option and wraps the lookup block with a labeled break, so a syn-1.x parse failure now silently falls through rather than surfacing as a hard error.
• CHANGELOG.md: Two entries added for the feature and the IDL fix.

Confidence Score: 3/5

The TypeScript change re-introduces a useful feature but has a gap between its documented and actual behavior for error cases that should be closed before merging.

The verifiedBuild function promises to return null on request failure, but neither fetch() nor resp.json() is wrapped in a try-catch. Any network outage or malformed response from the OtterSec registry will throw an unhandled exception to the caller instead. Additionally, several fields in the exported VerifiedBuild type (commit, signer, is_frozen) are typed as required but do not appear in the API's documented response example, leaving consumers exposed to silent undefined values at runtime.

ts/packages/anchor/src/utils/registry.ts needs a try-catch around the fetch call, and the VerifiedBuild type fields should be cross-checked against the live API response.

Important Files Changed

Filename	Overview
ts/packages/anchor/src/utils/registry.ts	Re-implements verifiedBuild() via the OtterSec registry; missing try-catch means network/parse errors throw rather than returning null as documented, and several VerifiedBuild type fields (commit, signer, is_frozen) are not confirmed by API docs and are typed as required rather than optional.
lang/syn/src/idl/defined.rs	Converts CRATE_DATA_CACHE from Result to Option and wraps the parse block in a labeled break, restoring silent-fail behavior when syn 1.x cannot parse modern Rust syntax; logic looks correct and well-commented.
CHANGELOG.md	Two changelog entries added for the verifiedBuild re-implementation and the IDL build silent-fail fix; no issues.

Sequence Diagram

sequenceDiagram
    participant Caller
    participant verifiedBuild
    participant OtterSecAPI as verify.osec.io

    Caller->>verifiedBuild: verifiedBuild(programId)
    verifiedBuild->>OtterSecAPI: "GET /status/{programId}"
    alt HTTP error (4xx/5xx)
        OtterSecAPI-->>verifiedBuild: !resp.ok
        verifiedBuild-->>Caller: null
    else Network / parse failure
        OtterSecAPI-->>verifiedBuild: throws Error
        verifiedBuild-->>Caller: unhandled exception (no try-catch)
    else 200 OK, is_verified: false
        OtterSecAPI-->>verifiedBuild: "{ is_verified: false, ... }"
        verifiedBuild-->>Caller: null
    else 200 OK, is_verified: true
        OtterSecAPI-->>verifiedBuild: "{ is_verified: true, ... }"
        verifiedBuild-->>Caller: VerifiedBuild object
    end

Loading

_{Reviews (1): Last reviewed commit: "feat(ts): re-implement verifiedBuild usi..." | Re-trigger Greptile}

[Copilot]

Pull request overview

Reintroduces TypeScript verified-build lookup by querying the OtterSec verification registry, and adjusts Rust IDL-build parsing behavior to avoid hard failures when syn v1 cannot parse newer Rust syntax.

Changes:

• ts: Add verifiedBuild(programId) that fetches verification status from https://verify.osec.io/status/{programId} and introduces a VerifiedBuild response type.
• lang: Restore “silent fail” behavior when CrateContext::parse fails during IDL type generation (to avoid breaking --features idl-build on newer Rust syntax).
• docs: Add changelog entries for the above TS feature and Rust fix.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File	Description
ts/packages/anchor/src/utils/registry.ts	Adds OtterSec-backed verifiedBuild + VerifiedBuild type.
lang/syn/src/idl/defined.rs	Changes crate parsing cache to fall back instead of erroring when parsing fails.
CHANGELOG.md	Documents the TS registry feature and the Rust IDL-build fix.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.