Skip to content

fix(miner): reject invalid since cursors in event ledger reads#2897

Merged
gittensory-orb[bot] merged 1 commit into
JSONbored:mainfrom
jony376:fix/miner-event-ledger-invalid-since
Jul 4, 2026
Merged

fix(miner): reject invalid since cursors in event ledger reads#2897
gittensory-orb[bot] merged 1 commit into
JSONbored:mainfrom
jony376:fix/miner-event-ledger-invalid-since

Conversation

@jony376

@jony376 jony376 commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Validate the since seq cursor in readEvents so polling rejects non-integer, negative, and non-finite values.
  • Prevents corrupted cursors (e.g. NaN from bad arithmetic) from silently reaching SQLite.

Scope

  • The PR title follows type(scope): short summary Conventional Commit format.
  • Focused on event-ledger readEvents filtering only — no unrelated miner CLI or UI changes.

Validation

  • npm run test:ci locally — CI will run the full gate on push.
  • Unit tests cover valid since filtering and rejection of NaN, Infinity, negative, and fractional cursors.

Safety

  • No secrets, wallet details, hotkeys, or private scoring output in code or PR text.
  • Deterministic, read/write-local only: no network calls.

UI Evidence

Not applicable — miner library only.

Validate readEvents since as a non-negative integer so NaN and other corrupted polling cursors fail loudly instead of reaching SQLite.

Co-authored-by: Cursor <cursoragent@cursor.com>
@codecov

codecov Bot commented Jul 4, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 96.03%. Comparing base (a1ad1ac) to head (3b9fb58).
⚠️ Report is 6 commits behind head on main.

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #2897   +/-   ##
=======================================
  Coverage   96.03%   96.03%           
=======================================
  Files         259      259           
  Lines       28393    28393           
  Branches    10326    10326           
=======================================
  Hits        27266    27266           
  Misses        491      491           
  Partials      636      636           
🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@gittensory-orb gittensory-orb Bot added the gittensor:bug Gittensor-scored bug fix — scores a 0.05x multiplier. label Jul 4, 2026
@gittensory-orb

gittensory-orb Bot commented Jul 4, 2026

Copy link
Copy Markdown

Warning

🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨🟨

⏸️ Gittensory review result - manual review recommended

Review updated: 2026-07-04 05:03:16 UTC

2 files · 1 AI reviewer · no blockers · readiness 73/100 · CI green · clean

⏸️ Suggested Action - Manual Review

Review summary
The change correctly moves `readEvents` from silently passing bad numeric cursors through to SQLite into an explicit normalization step that rejects NaN, Infinity, negative, and fractional values before query selection. The helper is local, exercised by the new unit test, and preserves the existing valid `since` behavior including strict `seq > since` filtering and repo-scoped reads. The visible diff is narrow and consistent with the PR description.

Nits — 5 non-blocking
  • nit: `test/unit/miner-event-ledger.test.ts` does not directly cover the new non-number rejection branch in `normalizeOptionalSince`, even though the implementation now changes strings/null from ignored cursors into `invalid_since` errors.
  • nit: `packages/gittensory-miner/lib/event-ledger.js` accepts any integer `number`, so an unsafe integer cursor can still cross the API boundary; consider `Number.isSafeInteger` if cursors are ever persisted or round-tripped through JSON clients.
  • Add one assertion such as `expect(() => ledger.readEvents({ since: "1" as never })).toThrow("invalid_since")` in `test/unit/miner-event-ledger.test.ts` to pin the changed non-number contract.
  • If the ledger contract is meant to reject precision-loss cursors too, change `normalizeOptionalSince` in `packages/gittensory-miner/lib/event-ledger.js` to use `Number.isSafeInteger(since)` instead of `Number.isInteger(since)`.
  • Readiness score is below the configured threshold — Use the readiness panel as advisory maintainer context; the score does not block this PR.
Signal Result Evidence
Code review ✅ No blockers 1 reviewer
Linked issue ⚠️ Missing No linked issue or no-issue rationale found.
Related work ✅ No active overlap found No same-issue or scoped active PR overlap found.
Change scope ✅ 20/20 Low review scope from cached public metadata (no linked issue context).
Validation posture ❌ 5/25 Preflight is holding this PR: the review lane is unavailable, so it is not ready for automated review.
Contributor workload ✅ 10/10 Author activity: 906 registered-repo PR(s), 642 merged, 38 issue(s).
Contributor context ✅ Confirmed Gittensor contributor jony376; Gittensor profile; 906 PR(s), 38 issue(s).
Gate result ✅ Passing No configured blocker found.
Review context
  • Author: jony376
  • Role context: outside_contributor
  • Public audience mode: oss maintainer
  • Lane context: Repository registration is not available in the local Gittensory cache.
  • Public profile languages: not available
  • Official Gittensor activity: 906 PR(s), 38 issue(s).
  • PR-specific overlap: none found.
Contributor next steps
  • Explain no-issue PR.
  • Await review-lane availability.
  • Refresh registry data or choose a registered active repo.
  • Link the issue being solved, or explicitly explain why this is a no-issue PR.
Signal definitions
  • Related work = same linked issue, overlapping active PRs, or title/path similarity.
  • Change scope = cached public metadata such as size labels, draft state, and review-burden hints.
  • Validation posture = whether the PR provides enough public validation/test evidence for maintainer review.
  • Contributor workload = public contributor activity and cleanup pressure, not a repo-wide quality failure.
  • Contributor context = public GitHub/Gittensor identity context; non-Gittensor status is not a blocker.

🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed


💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →.

Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.

  • Re-run Gittensory review

@gittensory-orb gittensory-orb Bot added the gittensor Gittensor contributor context label Jul 4, 2026

@gittensory-orb gittensory-orb Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Gittensory approves — the gate is satisfied and CI is green.

@gittensory-orb gittensory-orb Bot merged commit f81b385 into JSONbored:main Jul 4, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

gittensor:bug Gittensor-scored bug fix — scores a 0.05x multiplier. gittensor Gittensor contributor context

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant