sdk%feat(test): introduce bsdk-util with bspcheck verb to validate against blockchain.dat linearized chains, add git filter helper script, extend Transaction's Checkable to validate sptx

[kwvg]

Additional Information

• Depends on primitives%feat: implement {Addr,Service,NetInfo}{V1,V2}, define surrounding traits (Net{Addr,Info}), define Checkable, add synthetic vectors, correct impl. errors #12

Checklist

• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have added or updated relevant unit/integration/functional tests
• I have made corresponding changes to the documentation
• I have assigned this pull request to a milestone (for repository code-owners and collaborators only)

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Adds a git-range command runner, shared Python table utilities, a Rust bsdk-util binary with bootstrap verification, and transaction payload validation updates. It also updates linting configuration, debug-log ignores, and CodeQL policy.

Changes

Python tooling updates

Layer / File(s)	Summary
Shared table utilities and lint_all refactor contrib/common.py, contrib/lint_all.py	Adds shared ANSI constants and format_table(), then switches lint_all.py to use the shared formatter and imported status constants.
git_filter command runner contrib/git_filter.py	Adds the commit-range CLI, temporary worktree execution flow, fast-fail handling, environment overrides, and CLI entrypoint.
Lint suppressions and config .gitignore, contrib/build_docs.py, contrib/lint/lint_*.py, pyproject.toml	Adds BLE001 suppressions to broad exception handlers, captures cargo fmt output in lint_rust.py, enables Ruff BLE checks, and ignores debug log files.

bsdk-util Rust CLI

Layer / File(s)	Summary
Manifest, build script, platform, and policy pkgs/dev/Cargo.toml, pkgs/dev/build.rs, pkgs/dev/src/bin/bsdk_util/platform.rs, pkgs/dev/src/bin/bsdk_util/policy.rs	Expands the dev crate manifest with the bsdk-util binary target, feature wiring, optional dependencies, and build dependency; adds build.rs, platform utilities, and policy constants/defaults.
Application state, CLI, and logging pkgs/dev/src/bin/bsdk_util/main.rs, pkgs/dev/src/bin/bsdk_util/logging.rs	Defines the shared application state, clap command surface, runtime entrypoint, and logging helpers for banner output, message logging, and runtime formatting.
bspcheck verification flow pkgs/dev/src/bin/bsdk_util/bspcheck.rs	Defines bootstrap errors, detects chain magic, validates genesis, reads framed chunks, verifies blocks, and orchestrates parallel chunk verification with progress reporting and fast-fail behavior.
CodeQL policy update contrib/codeql/lib/policy.qll	Adds a predicate that matches types under pkgs/dev and excludes them from the checkable type set.

Transaction payload validation

Layer / File(s)	Summary
Payload error and helper updates pkgs/primitives/src/payload/mod.rs	Adds the unknown-type payload variant, formats it in Display, and adds a helper to detect unknown special payloads.
Transaction payload validation pkgs/primitives/src/transaction.rs	Extends TxInvalid with payload error variants and inserts payload decode and structural validation into Transaction::check().

Suggested reviewers

• thephez

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 58.14% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title is specific and accurately reflects the main changes, though it is a bit verbose.
Description check	✅ Passed	The description is related to the pull request and includes a valid dependency note and checklist.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 OpenGrep (1.23.0)

contrib/build_docs.py

┌──────────────┐
│ Opengrep CLI │
└──────────────┘

�[32m✔�[39m �[1mOpengrep OSS�[0m
�[32m✔�[39m Basic security coverage for first-party code vulnerabilities.

[00.16][ERROR]: unable to find a config; path .coderabbit-opengrep-fallback.yml does not exist

contrib/git_filter.py

┌──────────────┐
│ Opengrep CLI │
└──────────────┘

�[32m✔�[39m �[1mOpengrep OSS�[0m
�[32m✔�[39m Basic security coverage for first-party code vulnerabilities.

[00.20][ERROR]: unable to find a config; path .coderabbit-opengrep-fallback.yml does not exist

contrib/lint/lint_codeql.py

┌──────────────┐
│ Opengrep CLI │
└──────────────┘

�[32m✔�[39m �[1mOpengrep OSS�[0m
�[32m✔�[39m Basic security coverage for first-party code vulnerabilities.

[00.12][ERROR]: unable to find a config; path .coderabbit-opengrep-fallback.yml does not exist

• 15 others

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[github-actions]

Note

This pull request has no conflicts! 🎊 🎉 🎊

[kwvg]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@contrib/git_filter.py`:
- Around line 83-86: The list comprehension on line 85 uses
CommitResult(*line.split(" ", 1)) which assumes every log line contains both a
commit hash and a subject separated by a space. When a commit has an empty
subject, the split produces only one element, causing an unpacking error. Fix
this by modifying the unpacking logic to handle cases where the split returns
only one element, either by filtering out such lines or by ensuring a default
empty string is provided for missing subjects when constructing the CommitResult
instances.

In `@pkgs/dev/Cargo.toml`:
- Around line 24-25: The `full` feature in the Cargo.toml currently includes
both "std" and "serde", which violates the crate feature policy by implicitly
enabling serialization for all `full` consumers. Modify the `full` feature
definition to only include "std" (change `full = ["std", "serde"]` to `full =
["std"]`) and keep the `serde` feature as a separate, standalone optional
feature on its own line. This ensures that consumers who use the `full` feature
get only the standard library support and must explicitly opt into `serde` where
needed (such as directly in binary targets).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: d187709e-6389-408d-a19c-a71d2641e811

📥 Commits

Reviewing files that changed from the base of the PR and between c048988 and 56fb282.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (13)

• .gitignore
• contrib/common.py
• contrib/git_filter.py
• contrib/lint_all.py
• pkgs/dev/Cargo.toml
• pkgs/dev/build.rs
• pkgs/dev/src/bin/bsdk_util/bspcheck.rs
• pkgs/dev/src/bin/bsdk_util/logging.rs
• pkgs/dev/src/bin/bsdk_util/main.rs
• pkgs/dev/src/bin/bsdk_util/platform.rs
• pkgs/dev/src/bin/bsdk_util/policy.rs
• pkgs/primitives/src/payload/mod.rs
• pkgs/primitives/src/transaction.rs

[coderabbitai]

📐 Maintainability & Code Quality | 🟠 Major | ⚡ Quick win

Keep full as std-only to match crate feature policy.

full = ["std", "serde"] breaks the manifest contract and implicitly enables serialization for any full consumer. Keep
full = ["std"] and opt into serde explicitly where needed (for example, directly in bin).

As per coding guidelines, **/Cargo.toml: configure features with full = ["std"] and keep serde optional/separate.

Suggested diff

-full = ["std", "serde"]
+full = ["std"]
 bin = [
   "full",
+  "serde",
   "dep:chrono",
   "dep:ciborium",
   "dep:clap",

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkgs/dev/Cargo.toml` around lines 24 - 25, The `full` feature in the
Cargo.toml currently includes both "std" and "serde", which violates the crate
feature policy by implicitly enabling serialization for all `full` consumers.
Modify the `full` feature definition to only include "std" (change `full =
["std", "serde"]` to `full = ["std"]`) and keep the `serde` feature as a
separate, standalone optional feature on its own line. This ensures that
consumers who use the `full` feature get only the standard library support and
must explicitly opt into `serde` where needed (such as directly in binary
targets).

Source: Coding guidelines

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

contrib/git_filter.py (1)

236-238: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Narrow or intentionally suppress the catch-all exception.

Ruff flags Line 236 with BLE001. Prefer catching the expected operational failures, or add a targeted # noqa: BLE001 if this CLI intentionally converts all unexpected exceptions into RETCODE_ERR.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@contrib/git_filter.py` around lines 236 - 238, The broad catch-all exception
handler using `except Exception as exc:` at line 236 triggers a Ruff BLE001
warning. Either narrow the exception handling to catch only the specific
operational exceptions expected in this CLI context (such as FileNotFoundError,
ValueError, etc.) and handle each appropriately, or if the CLI intentionally
converts all unexpected exceptions to RETCODE_ERR, add a targeted `# noqa:
BLE001` comment on the except line to explicitly suppress this warning.

Source: Linters/SAST tools

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@contrib/git_filter.py`:
- Around line 205-213: The worktree is reused across multiple commits in the
loop iterating through commits, but files modified or generated by the
subprocess.run() call persist between iterations. After the subprocess.run()
execution completes and before the next _git_ok() checkout call in the commit
loop, add git reset and git clean commands using _git_ok() to clean the worktree
of any artifacts or modifications left by the previous command execution,
ensuring each commit is tested with a clean state.
- Around line 199-200: The print statement for args.env at line 200 is echoing
full K=V pairs which can leak credentials into CI logs. Instead of printing the
complete environment values, modify the logic to either print only the keys or
redact the values by showing only the key names with masked values (e.g.,
"KEY=***"). When iterating through args.env to build the output string, parse
each pair and reconstruct it with redacted values before joining and printing.

---

Nitpick comments:
In `@contrib/git_filter.py`:
- Around line 236-238: The broad catch-all exception handler using `except
Exception as exc:` at line 236 triggers a Ruff BLE001 warning. Either narrow the
exception handling to catch only the specific operational exceptions expected in
this CLI context (such as FileNotFoundError, ValueError, etc.) and handle each
appropriately, or if the CLI intentionally converts all unexpected exceptions to
RETCODE_ERR, add a targeted `# noqa: BLE001` comment on the except line to
explicitly suppress this warning.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: d3a3c397-d33f-4e84-8c17-9d8f1fdd6487

📥 Commits

Reviewing files that changed from the base of the PR and between 56fb282 and 170c62b.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (14)

• .gitignore
• contrib/codeql/lib/policy.qll
• contrib/common.py
• contrib/git_filter.py
• contrib/lint_all.py
• pkgs/dev/Cargo.toml
• pkgs/dev/build.rs
• pkgs/dev/src/bin/bsdk_util/bspcheck.rs
• pkgs/dev/src/bin/bsdk_util/logging.rs
• pkgs/dev/src/bin/bsdk_util/main.rs
• pkgs/dev/src/bin/bsdk_util/platform.rs
• pkgs/dev/src/bin/bsdk_util/policy.rs
• pkgs/primitives/src/payload/mod.rs
• pkgs/primitives/src/transaction.rs

✅ Files skipped from review due to trivial changes (1)

• .gitignore

🚧 Files skipped from review as they are similar to previous changes (11)

• pkgs/dev/src/bin/bsdk_util/platform.rs
• pkgs/dev/build.rs
• pkgs/dev/src/bin/bsdk_util/policy.rs
• pkgs/dev/Cargo.toml
• pkgs/primitives/src/transaction.rs
• contrib/lint_all.py
• pkgs/primitives/src/payload/mod.rs
• pkgs/dev/src/bin/bsdk_util/logging.rs
• pkgs/dev/src/bin/bsdk_util/main.rs
• contrib/common.py
• pkgs/dev/src/bin/bsdk_util/bspcheck.rs

[kwvg]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@contrib/codeql/lib/policy.qll`:
- Around line 118-124: The `not isPrivateCrate(t)` condition placed in the
shared `isCheckableType` predicate is overly broad and suppresses both serde
derivation findings and derive-required checks for private crates. Remove `not
isPrivateCrate(t)` from the `isCheckableType` predicate to keep it as a general
eligibility check. Instead, apply the private crate condition specifically in
the missing-required-traits code path within the downstream
`contrib/codeql/attrib.ql` file where derive-only suppression is actually
needed, ensuring that only derive-required checks are gated for private crates
while serde derivation findings remain active.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 6b0eb282-bcf9-4bb2-8436-f9290d73014a

📥 Commits

Reviewing files that changed from the base of the PR and between 39f0d32 and f7dd2fc.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (20)

• .gitignore
• contrib/build_docs.py
• contrib/codeql/lib/policy.qll
• contrib/git_filter.py
• contrib/lint/lint_codeql.py
• contrib/lint/lint_javascript.py
• contrib/lint/lint_markdown.py
• contrib/lint/lint_python.py
• contrib/lint/lint_rust.py
• contrib/lint/lint_semgrep.py
• pkgs/dev/Cargo.toml
• pkgs/dev/build.rs
• pkgs/dev/src/bin/bsdk_util/bspcheck.rs
• pkgs/dev/src/bin/bsdk_util/logging.rs
• pkgs/dev/src/bin/bsdk_util/main.rs
• pkgs/dev/src/bin/bsdk_util/platform.rs
• pkgs/dev/src/bin/bsdk_util/policy.rs
• pkgs/primitives/src/payload/mod.rs
• pkgs/primitives/src/transaction.rs
• pyproject.toml

✅ Files skipped from review due to trivial changes (8)

• contrib/lint/lint_markdown.py
• pyproject.toml
• contrib/lint/lint_python.py
• contrib/build_docs.py
• .gitignore
• contrib/lint/lint_semgrep.py
• contrib/lint/lint_codeql.py
• contrib/lint/lint_javascript.py

🚧 Files skipped from review as they are similar to previous changes (9)

• pkgs/dev/build.rs
• pkgs/dev/src/bin/bsdk_util/policy.rs
• pkgs/dev/src/bin/bsdk_util/platform.rs
• pkgs/dev/src/bin/bsdk_util/logging.rs
• pkgs/primitives/src/transaction.rs
• pkgs/primitives/src/payload/mod.rs
• pkgs/dev/Cargo.toml
• pkgs/dev/src/bin/bsdk_util/main.rs
• pkgs/dev/src/bin/bsdk_util/bspcheck.rs

[kwvg]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[kwvg]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

♻️ Duplicate comments (1)

contrib/git_filter.py (1)

81-88: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Handle empty commit subjects without crashing.

This same parsing hazard is still present: %H %s plus .strip() can leave only the hash for an empty-subject commit, so CommitResult(*line.split(" ", 1)) raises before any command runs.

Proposed fix

 def _enumerate_commits(base: str, tip: str, cwd: str) -> list[CommitResult]:
   """List commits in base..tip order (oldest first)."""
-  out = _git_ok("log", "--reverse", "--format=%H %s", f"{base}..{tip}", cwd=cwd)
+  out = _git_ok("log", "--reverse", "--format=%H%x00%s", f"{base}..{tip}", cwd=cwd)
   return [
-    CommitResult(*line.split(" ", 1))
+    CommitResult(commit_hash, subject)
     for line in out.splitlines()
     if line.strip()
+    for commit_hash, _, subject in [line.partition("\x00")]
   ]

#!/bin/bash
# Verify Git emits a parseable record for an empty-subject commit.
set -eu

tmp="$(mktemp -d)"
trap 'rm -rf "$tmp"' EXIT

git -C "$tmp" init -q
git -C "$tmp" config user.email test@example.invalid
git -C "$tmp" config user.name tester
git -C "$tmp" commit --allow-empty --allow-empty-message -m "" -q

git -C "$tmp" log --reverse --format='%H %s' HEAD~1..HEAD | python3 - <<'PY'
import sys
for line in sys.stdin.read().strip().splitlines():
    print(line.split(" ", 1))
PY

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@contrib/git_filter.py` around lines 81 - 88, The commit parsing in
_enumerate_commits is still unsafe for empty-subject commits because using "%H
%s" with strip() can reduce a record to just the hash and make
CommitResult(*line.split(" ", 1)) fail. Update the parsing in _enumerate_commits
to handle missing subjects explicitly, preserving the hash and treating an empty
subject as an empty string instead of splitting blindly; keep the fix localized
to the CommitResult construction path.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In `@contrib/git_filter.py`:
- Around line 81-88: The commit parsing in _enumerate_commits is still unsafe
for empty-subject commits because using "%H %s" with strip() can reduce a record
to just the hash and make CommitResult(*line.split(" ", 1)) fail. Update the
parsing in _enumerate_commits to handle missing subjects explicitly, preserving
the hash and treating an empty subject as an empty string instead of splitting
blindly; keep the fix localized to the CommitResult construction path.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: ca300668-1f51-4652-8f26-29648d1682ba

📥 Commits

Reviewing files that changed from the base of the PR and between f7dd2fc and 1392167.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (22)

• .gitignore
• contrib/build_docs.py
• contrib/codeql/lib/policy.qll
• contrib/common.py
• contrib/git_filter.py
• contrib/lint/lint_codeql.py
• contrib/lint/lint_javascript.py
• contrib/lint/lint_markdown.py
• contrib/lint/lint_python.py
• contrib/lint/lint_rust.py
• contrib/lint/lint_semgrep.py
• contrib/lint_all.py
• pkgs/dev/Cargo.toml
• pkgs/dev/build.rs
• pkgs/dev/src/bin/bsdk_util/bspcheck.rs
• pkgs/dev/src/bin/bsdk_util/logging.rs
• pkgs/dev/src/bin/bsdk_util/main.rs
• pkgs/dev/src/bin/bsdk_util/platform.rs
• pkgs/dev/src/bin/bsdk_util/policy.rs
• pkgs/primitives/src/payload/mod.rs
• pkgs/primitives/src/transaction.rs
• pyproject.toml

✅ Files skipped from review due to trivial changes (7)

• pyproject.toml
• contrib/lint/lint_javascript.py
• contrib/lint/lint_markdown.py
• contrib/lint/lint_python.py
• contrib/lint/lint_codeql.py
• .gitignore
• contrib/build_docs.py

🚧 Files skipped from review as they are similar to previous changes (14)

• pkgs/dev/build.rs
• contrib/lint/lint_semgrep.py
• pkgs/dev/src/bin/bsdk_util/platform.rs
• contrib/codeql/lib/policy.qll
• pkgs/dev/src/bin/bsdk_util/policy.rs
• contrib/lint/lint_rust.py
• contrib/lint_all.py
• pkgs/primitives/src/payload/mod.rs
• pkgs/dev/Cargo.toml
• pkgs/primitives/src/transaction.rs
• pkgs/dev/src/bin/bsdk_util/main.rs
• contrib/common.py
• pkgs/dev/src/bin/bsdk_util/bspcheck.rs
• pkgs/dev/src/bin/bsdk_util/logging.rs