Skip to content

bittensor-core e2es#2850

Open
UnArbosSix wants to merge 21 commits into
bittensor-core-explorationfrom
bittensor-core-e2es
Open

bittensor-core e2es#2850
UnArbosSix wants to merge 21 commits into
bittensor-core-explorationfrom
bittensor-core-e2es

Conversation

@UnArbosSix

@UnArbosSix UnArbosSix commented Jul 10, 2026

Copy link
Copy Markdown
Collaborator

Motivation

Provide native Rust chain access and transaction coverage for bittensor-core, and migrate the chain-facing SDK end-to-end suite from Python to a metadata-driven Rust harness. This validates reads, transaction construction, policy enforcement, submission outcomes, and higher-level SDK behavior against the repository's fast-runtime localnet image.

What changed

  • Added a blocking, metadata-driven chain client in sdk/bittensor-core/src/client.rs, including metadata refresh, pinned reads, runtime API calls, storage queries, fee estimation, signed submission, reorg-safe receipt decoding, snapshots, block streaming, and MEV-shielded submission.
  • Added semantic transaction intents, coldkey and hotkey roles, fail-closed policy checks, spend and subnet restrictions, batching, planning, and execution in sdk/bittensor-core/src/transaction.rs.
  • Extended shared, Python, and WASM error handling and the supporting codec, keyfile, digest, and timelock functionality required by the native client and test suite.
  • Added a 113-case E2E manifest, Rust E2E suite, disposable localnet harness, and fast-runtime Docker image under sdk/bittensor-core/tests/.
  • Updated .github/workflows/check-bittensor-e2e-tests.yml to verify manifest completeness, compile the Rust E2E binary once, build the localnet image once, and execute every manifest case independently with one retry.
  • Removed the superseded Python localnet E2E suite and pytest wiring, updated the SDK and testing documentation, and refined CI path filtering so SDK-only changes do not unnecessarily run runtime-clone or TypeScript zombienet checks.

Behavioral impact

The Rust SDK gains native chain access and policy-aware transaction execution APIs. Chain-facing SDK coverage now runs through the Rust suite, while the Python test tree remains offline-only. Runtime and pallet behavior are unchanged.

Migration and spec version

No storage migration is required. This PR does not modify runtime or pallet behavior, and its bittensor-core-exploration base has no network spec-version check, so no spec_version bump is required.

Testing

CI checks the Python binding against the updated shared error surface, compiles the Rust E2E target, verifies that all 113 manifest entries exactly match the compiled tests, and runs each case against the fast-runtime localnet image. Existing SDK offline checks and runtime metadata-drift checks continue to run when their corresponding inputs change.

@vercel

vercel Bot commented Jul 10, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
subtensor Ready Ready Preview, Comment Jul 12, 2026 7:55pm

Request Review

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment thread sdk/bittensor-core/src/transaction.rs Outdated
@github-actions

github-actions Bot commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

🛡️ AI Review — Skeptic (security review)

VERDICT: SAFE

VERY HIGH scrutiny: 10-day-old account with no public repos; repository write access mitigates risk, no Gittensor association was found, and one commit uses a second similarly named identity. Branch: bittensor-core-e2es → bittensor-core-exploration.

Static analysis found no runtime changes, suspicious dependency additions, trusted AI-review instruction modifications, or evidence of malicious intent. The signing paths now fail closed and bind signatures to the runtime metadata digest through CheckMetadataHash.

Findings

No findings.

Prior-comment reconciliation

  • 4aa7b7ad: addressed — The Rust signing path now requires CheckMetadataHash, computes the RFC-0078 metadata digest, and sets metadata_hash: Some(metadata_hash) before signing.

Conclusion

The previously reported metadata-signing vulnerability is fixed, and no new security vulnerability or malicious behavior was found.


📜 Previous run (superseded)
Sev File Finding Status
HIGH sdk/bittensor-core/src/client.rs:525 Signed calls do not authenticate RPC-supplied metadata ✅ Addressed
The Rust signing path now requires CheckMetadataHash, computes the RFC-0078 metadata digest, and sets metadata_hash: Some(metadata_hash) before signing.

🔍 AI Review — Auditor (domain review)

VERDICT: 👍

UNKNOWN gittensor association; very new contributor with repository write access, so the large SDK and CI surface received heightened scrutiny.

The latest update correctly enables RFC-0078 metadata-hash signing using the runtime’s baked TAO/9 chain constants and adds focused golden-vector coverage. The substantive PR description remains accurate; no spec-version bump or auto-fix applies. Static checks found no whitespace errors and confirmed 113 unique manifest cases. Focused test execution was unavailable because rustup could not write to its read-only toolchain directory.

Findings

No findings.

Conclusion

No actionable correctness or domain issues were found. The PR remains ready for merge.

@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: VULNERABLE

@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment thread sdk/bittensor-core/src/client.rs Outdated
@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👎

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment thread .github/workflows/check-bittensor-e2e-tests.yml Outdated
@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: VULNERABLE

@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment thread .github/workflows/check-bittensor-e2e-tests.yml

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment thread .github/workflows/typescript-e2e.yml
@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

The stake-sdk shard still invoked pytest against sdk/python/tests/e2e/,
which this branch deletes, so the job failed with "file or directory not
found". Chain-facing SDK e2e coverage now lives in the Rust suite run by
check-bittensor-e2e-tests.yml; the shard keeps the metadata drift gate.

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment thread sdk/bittensor-core/src/client.rs Outdated
@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: VULNERABLE

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment thread sdk/bittensor-core/src/client.rs Outdated
@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: VULNERABLE

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment thread sdk/bittensor-core/src/client.rs Outdated
@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: VULNERABLE

@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants