Skip to content

TRON integration #556

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
SergeyG-Solicy wants to merge 1 commit into
base: testnet
Choose a base branch
from
Open

TRON integration #556

SergeyG-Solicy wants to merge 1 commit into from

Conversation

@SergeyG-Solicy
Copy link
Contributor

@SergeyG-Solicy SergeyG-Solicy commented Jan 5, 2026
edited by coderabbitai bot
Loading

PR Type

Enhancement

Description

  • Add TRON blockchain network support with mainnet and testnet endpoints

  • Integrate TRON into pay operation handler using generic JSON-RPC

  • Register TRON chain in identity manager with mainnet-only validation

  • Improve Uint8Array validation to skip TRON transaction serialization

Diagram Walkthrough

flowchart LR
  A["TRON Chain Config"] -->|"mainnet, testnet endpoints"| B["Chain Providers"]
  C["Pay Operation Handler"] -->|"genericJsonRpcPay"| D["TRON Support"]
  E["Identity Manager"] -->|"register TRON chain"| F["Mainnet-only Validation"]
  G["Uint8Array Validator"] -->|"skip TX serialization"| H["TRON TX Objects"]
Loading

File Walkthrough
Relevant files
Configuration changes
chainProviders.ts
Add TRON network provider endpoints                                           

sdk/localsdk/multichain/configs/chainProviders.ts

  • Added TRON network configuration with mainnet, testnet, shasta, and
    nile endpoints
  • Configured TRONGrid API endpoints for different network environments
 +7/-1     
Enhancement
pay.ts
Integrate TRON into pay operation handler                               

src/features/multichain/routines/executors/pay.ts

  • Added TRON case handler in pay operation switch statement
  • Integrated generic JSON-RPC payment execution for TRON chain
 +4/-0     
identityManager.ts
Register TRON in identity manager with validation               

src/libs/blockchain/gcr/gcr_routines/identityManager.ts

  • Imported TRON chain from demosdk library
  • Registered TRON in chains mapping dictionary
  • Refactored mainnet-only validation to support both Solana and TRON
  • Updated comment to reflect multi-chain mainnet-only requirement
 +6/-3     
Bug fix
validateUint8Array.ts
Skip Uint8Array conversion for TRON transactions                 

src/utilities/validateUint8Array.ts

  • Added detection logic for TRON serialized transaction objects
  • Skip Uint8Array conversion for objects with signature, txID, and
    raw_data properties
  • Prevents incorrect transformation of TRON transaction data structures
 +6/-0     

Summary by CodeRabbit

  • New Features

    • Added support for TRON blockchain with configuration for mainnet, testnet, shasta, and nile networks
    • Enabled TRON payment transaction execution
    • Integrated TRON into identity management with mainnet-only address validation

  • Bug Fixes

    • Improved transaction validation to properly handle serialized transactions

✏️ Tip: You can customize this high-level summary in your review settings.

@tcsenpai
Copy link
Contributor

tcsenpai commented Jan 5, 2026

Your trial has ended! 😢

To keep getting reviews, activate your plan here.

Got questions about plans or want to see if we can extend your trial? Talk to our founders here.😎

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jan 5, 2026
edited
Loading

Walkthrough

The pull request adds TRON blockchain network support across the SDK and application layer. Changes include configuring TRON network endpoints, implementing TRON payment handling via JSON-RPC, adding TRON to the chain registry, enforcing mainnet-only identity checks for TRON and Solana, and adding special validation for TRON serialized transaction objects.

Changes

Cohort / File(s) Summary
Chain Configuration
sdk/localsdk/multichain/configs/chainProviders.ts		 Added TRON provider entry with mainnet, testnet, shasta, and nile network endpoints.
Feature Implementation
src/features/multichain/routines/executors/pay.ts		 Added "tron" case to pay executor switch statement that invokes genericJsonRpcPay with multichain.TRON.
Chain Registry & Validation
src/libs/blockchain/gcr/gcr_routines/identityManager.ts		 Imported TRON from SDK; added tron entry to public chains map; replaced hardcoded Solana mainnet check with generalized mainnetOnlyChains array ("solana", "tron") to enforce mainnet-only identity support for these chains.
Transaction Validation
src/utilities/validateUint8Array.ts		 Added guard clause to detect serialized TRON transactions (presence of signature, txID, raw_data) and bypass Uint8Array conversion, returning original input unchanged.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

Suggested labels

Review effort 2/5

Poem

🐰 A new chain hops into our SDK today,
TRON's networks in config find their way,
JSON-RPC payments flow with grace,
Mainnet guards keep safety in place,
Transactions serialized, handled just right! 🌟

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'TRON integration' directly and clearly summarizes the main objective of the changeset, which adds comprehensive TRON blockchain support across multiple components.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch feature/tron-integration

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@qodo-code-review
Copy link
Contributor

qodo-code-review bot commented Jan 5, 2026

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢
No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
🎫 No ticket provided
  • Create ticket/issue
Codebase Duplication Compliance
Codebase context is not defined

Follow the guide to enable codebase context checks.

Custom Compliance
🟢
Generic: Meaningful Naming and Self-Documenting Code

Objective: Ensure all identifiers clearly express their purpose and intent, making code
self-documenting

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Error Handling

Objective: To prevent the leakage of sensitive system information through error messages while
providing sufficient detail for internal debugging.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Logging Practices

Objective: To ensure logs are useful for debugging and auditing without exposing sensitive
information like PII, PHI, or cardholder data.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Comprehensive Audit Trails

Objective: To create a detailed and reliable record of critical system actions for security analysis
and compliance.

Status:
Missing audit logging: The newly added TRON pay execution path calls genericJsonRpcPay without any visible audit
logging context (e.g., user ID, action, outcome), so it is unclear whether pay actions are
fully captured in audit trails.

Referred Code 
case "tron":
    result = await genericJsonRpcPay(multichain.TRON, rpcUrl, operation)
    break

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Robust Error Handling and Edge Case Management

Objective: Ensure comprehensive error handling that provides meaningful context and graceful
degradation

Status:
Unhandled RPC failures: The new tron case invokes genericJsonRpcPay without any local error handling or validation
of prerequisites (e.g., rpcUrl presence), so runtime RPC/network failures may bubble up
without chain-specific context.

Referred Code 
case "tron":
    result = await genericJsonRpcPay(multichain.TRON, rpcUrl, operation)
    break

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Security-First Input Validation and Data Handling

Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent
vulnerabilities

Status:
Weak TRON detection: The new isSerializedTx check bypasses Uint8Array conversion for any object containing
signature, txID, and raw_data keys without validating expected types/shapes, which may
allow crafted inputs to skip validation/conversion unintentionally.

Referred Code 
// Skip conversion for transaction objects that are not meant to be Uint8Arrays
const isSerializedTx = 'signature' in input && 'txID' in input && 'raw_data' in input
if (isSerializedTx) {
    return input
}

Learn more about managing compliance generic rules or creating your own custom rules
Compliance status legend 🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

@sonarqubecloud
Copy link

sonarqubecloud bot commented Jan 5, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@qodo-code-review
Copy link
Contributor

qodo-code-review bot commented Jan 5, 2026

PR Code Suggestions ✨

Explore these optional code suggestions:

CategorySuggestion                                                                                                                                    Impact
Possible issue
Initialize Tron RPC URL properly

Fix a bug in the tron case by correctly initializing the rpcUrl using the
chainProviders.tron configuration before calling genericJsonRpcPay.

src/features/multichain/routines/executors/pay.ts [101-103]

 case "tron":
+    const rpcUrl = chainProviders.tron[operation.subchain] || chainProviders.tron.mainnet
     result = await genericJsonRpcPay(multichain.TRON, rpcUrl, operation)
     break
  • Apply / Chat
Suggestion importance[1-10]: 10

__

Why: This suggestion identifies and fixes a critical bug where the tron case would use an incorrect rpcUrl from a different chain, causing the operation to fail.

High
Improve TRON transaction detection logic

To improve TRON transaction detection, add a check to verify that the raw_data
property is an object and contains a contract property, making the validation
more specific and robust.

src/utilities/validateUint8Array.ts [20-24]

 // Skip conversion for transaction objects that are not meant to be Uint8Arrays
-const isSerializedTx = 'signature' in input && 'txID' in input && 'raw_data' in input
-if (isSerializedTx) {
-    return input
+const isTronTx =
+    'signature' in input &&
+    'txID' in input &&
+    'raw_data' in input &&
+    typeof (input as { raw_data: unknown }).raw_data === 'object' &&
+    (input as { raw_data: object }).raw_data !== null &&
+    'contract' in (input as { raw_data: object }).raw_data;
+
+if (isTronTx) {
+    return input;
 }
  • Apply / Chat
Suggestion importance[1-10]: 7

__

Why: The suggestion correctly identifies that the check for a TRON transaction is too generic and proposes a more robust validation by checking for nested properties, which prevents potential future bugs.

Medium
  • More

coderabbitai[bot]
coderabbitai bot reviewed Jan 5, 2026
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

Fix all issues with AI Agents 🤖 
In @src/utilities/validateUint8Array.ts:
- Around line 20-24: The duck-typing guard in validateUint8Array.ts (the
isSerializedTx check inside the function handling input) is too fragile; update
it to explicitly document that it targets TRON serialized transaction objects
and strengthen it by validating types for 'signature' (e.g., Array or
Uint8Array), 'txID' (string), and 'raw_data' (object) rather than just checking
property presence, so the function only returns input when it confidently
matches a TRON tx and avoids false positives for other chains.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
src/libs/blockchain/gcr/gcr_routines/identityManager.ts (1)

146-154: Address inconsistency between identity validation and payment execution for mainnet-only chains.

The mainnet-only validation is a good improvement, but it creates an architectural inconsistency: identityManager.ts restricts both TRON and Solana to mainnet only (lines 146-154), yet pay.ts line 50 can access testnet/shasta/nile endpoints for TRON via chainProviders[operation.chain][operation.subchain]. This means users cannot register testnet identities, but the payment system can process testnet transactions.

Additionally, with both chains restricted to mainnet and no test files in the codebase, the testing strategy for identity flows is unclear. Consider either:

  • Enforcing the mainnet-only policy consistently by restricting chainProviders access in payment execution, or
  • Allowing testnet identities by removing the restriction and documenting why certain chains require mainnet only
📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

  • Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between db55486 and b669042.

📒 Files selected for processing (4)
  • sdk/localsdk/multichain/configs/chainProviders.ts
  • src/features/multichain/routines/executors/pay.ts
  • src/libs/blockchain/gcr/gcr_routines/identityManager.ts
  • src/utilities/validateUint8Array.ts
🔇 Additional comments (4)
src/libs/blockchain/gcr/gcr_routines/identityManager.ts (2)

16-16: LGTM! TRON import added.

The TRON import is correctly added alongside other chain SDKs.

46-46: LGTM! TRON chain registration added.

TRON has been properly registered in the chains map, consistent with other supported chains.

sdk/localsdk/multichain/configs/chainProviders.ts (1)

53-58: TRON endpoint configuration is correct.

Verification confirms all endpoints are accurate:

  • Mainnet (https://api.trongrid.io), Shasta testnet (https://api.shasta.trongrid.io), and Nile testnet (https://nile.trongrid.io) match official TronGrid documentation.
  • testnet and shasta intentionally share the same URL because Shasta is TRON's designated testnet.
  • The nile endpoint correctly uses the https://nile.trongrid.io URL pattern without the /api prefix, per official specification.

No changes needed.

src/features/multichain/routines/executors/pay.ts (1)

101-103: LGTM! The TRON case correctly follows the established pattern.

The implementation is consistent with other JSON RPC chains (Solana, TON, NEAR, BTC) and properly uses genericJsonRpcPay with multichain.TRON which is correctly exported from the SDK.

src/utilities/validateUint8Array.ts
Comment on lines +20 to +24
// Skip conversion for transaction objects that are not meant to be Uint8Arrays
const isSerializedTx = 'signature' in input && 'txID' in input && 'raw_data' in input
if (isSerializedTx) {
return input
}
Copy link
Contributor

@coderabbitai coderabbitai bot Jan 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion | 🟠 Major

Make the transaction object detection more explicit and robust.

The current guard uses duck typing to identify serialized transaction objects, which is fragile and could match unintended objects. Consider:

  1. The check doesn't validate that the properties have the expected types
  2. There's no documentation indicating this is TRON-specific
  3. Other chains might have similar property names, causing false positives
🔎 Proposed improvements 
-        // Skip conversion for transaction objects that are not meant to be Uint8Arrays
-        const isSerializedTx = 'signature' in input && 'txID' in input && 'raw_data' in input
-        if (isSerializedTx) {
-            return input
-        }
+        // Skip conversion for TRON serialized transaction objects
+        // TRON transactions contain signature (array), txID (string), and raw_data (object)
+        const isTronSerializedTx = 
+            'signature' in input && 
+            'txID' in input && 
+            'raw_data' in input &&
+            Array.isArray((input as any).signature) &&
+            typeof (input as any).txID === 'string' &&
+            typeof (input as any).raw_data === 'object'
+        if (isTronSerializedTx) {
+            return input
+        }

This adds:

  • Explicit documentation that this is for TRON transactions
  • Type validation for the three properties to reduce false positives
  • Clear intent for future maintainers
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
// Skip conversion for transaction objects that are not meant to be Uint8Arrays
const isSerializedTx = 'signature' in input && 'txID' in input && 'raw_data' in input
if (isSerializedTx) {
return input
}
// Skip conversion for TRON serialized transaction objects
// TRON transactions contain signature (array), txID (string), and raw_data (object)
const isTronSerializedTx =
'signature' in input &&
'txID' in input &&
'raw_data' in input &&
Array.isArray((input as any).signature) &&
typeof (input as any).txID === 'string' &&
typeof (input as any).raw_data === 'object'
if (isTronSerializedTx) {
return input
}
🤖 Prompt for AI Agents 
In @src/utilities/validateUint8Array.ts around lines 20-24, The duck-typing
guard in validateUint8Array.ts (the isSerializedTx check inside the function
handling input) is too fragile; update it to explicitly document that it targets
TRON serialized transaction objects and strengthen it by validating types for
'signature' (e.g., Array or Uint8Array), 'txID' (string), and 'raw_data'
(object) rather than just checking property presence, so the function only
returns input when it confidently matches a TRON tx and avoids false positives
for other chains.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

Review effort 2/5

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@SergeyG-Solicy @tcsenpai