TRON integration

[SergeyG-Solicy]

PR Type

Enhancement

---

Description

• Add TRON blockchain network support with mainnet and testnet endpoints

• Integrate TRON into pay operation handler using generic JSON-RPC

• Register TRON chain in identity manager with mainnet-only validation

• Improve Uint8Array validation to skip TRON transaction serialization

---

Diagram Walkthrough

flowchart LR
  A["TRON Chain Config"] -->|"mainnet, testnet endpoints"| B["Chain Providers"]
  C["Pay Operation Handler"] -->|"genericJsonRpcPay"| D["TRON Support"]
  E["Identity Manager"] -->|"register TRON chain"| F["Mainnet-only Validation"]
  G["Uint8Array Validator"] -->|"skip TX serialization"| H["TRON TX Objects"]

Loading

File Walkthrough

	Relevant files
Configuration changes	chainProviders.ts Add TRON network provider endpoints                                            sdk/localsdk/multichain/configs/chainProviders.ts Added TRON network configuration with mainnet, testnet, shasta, and nile endpoints Configured TRONGrid API endpoints for different network environments +7/-1
Enhancement	pay.ts Integrate TRON into pay operation handler                                src/features/multichain/routines/executors/pay.ts Added TRON case handler in pay operation switch statement Integrated generic JSON-RPC payment execution for TRON chain +4/-0      identityManager.ts Register TRON in identity manager with validation                src/libs/blockchain/gcr/gcr_routines/identityManager.ts Imported TRON chain from demosdk library Registered TRON in chains mapping dictionary Refactored mainnet-only validation to support both Solana and TRON Updated comment to reflect multi-chain mainnet-only requirement +6/-3
Bug fix	validateUint8Array.ts Skip Uint8Array conversion for TRON transactions                  src/utilities/validateUint8Array.ts Added detection logic for TRON serialized transaction objects Skip Uint8Array conversion for objects with signature, txID, and raw_data properties Prevents incorrect transformation of TRON transaction data structures +6/-0

---

Summary by CodeRabbit

• New Features

  • Added support for TRON blockchain (mainnet, testnet, shasta, nile)
  • Enabled TRON payment transaction execution
  • Integrated TRON into identity management with mainnet-only address validation

• Bug Fixes

  • Improved transaction validation to bypass conversion for already-serialized transactions

[tcsenpai]

Your trial has ended! 😢

To keep getting reviews, activate your plan here.

Got questions about plans or want to see if we can extend your trial? Talk to our founders here.😎

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 2261b7da-3e60-46fd-9ad0-52de9584c82d

📥 Commits

Reviewing files that changed from the base of the PR and between b669042 and 0e0f245.

📒 Files selected for processing (1)

• src/features/multichain/routines/executors/pay.ts

✅ Files skipped from review due to trivial changes (1)

• src/features/multichain/routines/executors/pay.ts

---

Walkthrough

Adds TRON support across the codebase: network endpoints, payment execution via JSON‑RPC, chain registry entry with mainnet-only identity enforcement, and a validation shortcut for serialized TRON transactions.

Changes

Cohort / File(s)	Summary
Chain Configuration sdk/localsdk/multichain/configs/chainProviders.ts	Added tron provider entry with mainnet, testnet, shasta, and nile endpoints.
Payment Executor src/features/multichain/routines/executors/pay.ts	Added "tron" case to non‑EVM pay switch, delegating to genericJsonRpcPay(multichain.TRON, rpcUrl, operation).
Chain Registry & Identity src/libs/blockchain/gcr/gcr_routines/identityManager.ts	Imported TRON; added tron to public chains map; replaced Solana-only mainnet check with mainnetOnlyChains = ["solana","tron"].
Transaction Validation src/utilities/validateUint8Array.ts	Added guard to detect serialized transaction objects (presence of signature, txID, raw_data) and return input unchanged, bypassing Uint8Array conversion.

Sequence Diagram(s)

sequenceDiagram
  participant Client as Client
  participant Executor as PayExecutor
  participant Identity as IdentityManager
  participant RPC as TRON_RPC
  Client->>Executor: submit pay operation (chain: tron)
  Executor->>Identity: validate identity / check mainnetOnly
  Identity-->>Executor: validation result
  Executor->>RPC: genericJsonRpcPay -> send serialized tx / RPC call
  RPC-->>Executor: tx response
  Executor-->>Client: operation result

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Added ATOM (Cosmos Hub) chain support for transaction broadcasting #526 — Adds another non‑EVM chain using the same pattern (chainProviders + pay executor + identity manager).
• Feature/xrp send implementation #535 — Modifies pay.ts executor flow for non‑EVM chains; related to transaction submission logic.
• Fixed udIdentityManager issues #530 — Changes identityManager.ts exports/registry and identity handling; overlaps with chain registry changes.

Poem

🐰 I hopped a path of code today,
TRON springs up in config and play,
RPC whispers send the pay,
Mainnet guards keep tests at bay,
Serialized hops safe on their way 🥕✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title "TRON integration" accurately summarizes the main objective of the PR—adding support for the TRON blockchain across configuration, payment, identity, and validation layers.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feature/tron-integration

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Missing audit logging: The newly added TRON pay execution path calls genericJsonRpcPay without any visible audit logging context (e.g., user ID, action, outcome), so it is unclear whether pay actions are fully captured in audit trails. Referred Code case "tron": result = await genericJsonRpcPay(multichain.TRON, rpcUrl, operation) break Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Unhandled RPC failures: The new tron case invokes genericJsonRpcPay without any local error handling or validation of prerequisites (e.g., rpcUrl presence), so runtime RPC/network failures may bubble up without chain-specific context. Referred Code case "tron": result = await genericJsonRpcPay(multichain.TRON, rpcUrl, operation) break Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Weak TRON detection: The new isSerializedTx check bypasses Uint8Array conversion for any object containing signature, txID, and raw_data keys without validating expected types/shapes, which may allow crafted inputs to skip validation/conversion unintentionally. Referred Code // Skip conversion for transaction objects that are not meant to be Uint8Arrays const isSerializedTx = 'signature' in input && 'txID' in input && 'raw_data' in input if (isSerializedTx) { return input } Learn more about managing compliance generic rules or creating your own custom rules
Update

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[qodo-code-review]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Initialize Tron RPC URL properly Fix a bug in the tron case by correctly initializing the rpcUrl using the chainProviders.tron configuration before calling genericJsonRpcPay. src/features/multichain/routines/executors/pay.ts [101-103] case "tron": + const rpcUrl = chainProviders.tron[operation.subchain] || chainProviders.tron.mainnet result = await genericJsonRpcPay(multichain.TRON, rpcUrl, operation) break Apply / Chat Suggestion importance[1-10]: 10 __ Why: This suggestion identifies and fixes a critical bug where the tron case would use an incorrect rpcUrl from a different chain, causing the operation to fail.	High
	Improve TRON transaction detection logic To improve TRON transaction detection, add a check to verify that the raw_data property is an object and contains a contract property, making the validation more specific and robust. src/utilities/validateUint8Array.ts [20-24] // Skip conversion for transaction objects that are not meant to be Uint8Arrays -const isSerializedTx = 'signature' in input && 'txID' in input && 'raw_data' in input -if (isSerializedTx) { - return input +const isTronTx = + 'signature' in input && + 'txID' in input && + 'raw_data' in input && + typeof (input as { raw_data: unknown }).raw_data === 'object' && + (input as { raw_data: object }).raw_data !== null && + 'contract' in (input as { raw_data: object }).raw_data; + +if (isTronTx) { + return input; } Apply / Chat Suggestion importance[1-10]: 7 __ Why: The suggestion correctly identifies that the check for a TRON transaction is too generic and proposes a more robust validation by checking for nested properties, which prevents potential future bugs.	Medium
Update

[coderabbitai]

Actionable comments posted: 1

Fix all issues with AI Agents 🤖

In @src/utilities/validateUint8Array.ts:
- Around line 20-24: The duck-typing guard in validateUint8Array.ts (the
isSerializedTx check inside the function handling input) is too fragile; update
it to explicitly document that it targets TRON serialized transaction objects
and strengthen it by validating types for 'signature' (e.g., Array or
Uint8Array), 'txID' (string), and 'raw_data' (object) rather than just checking
property presence, so the function only returns input when it confidently
matches a TRON tx and avoids false positives for other chains.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/libs/blockchain/gcr/gcr_routines/identityManager.ts (1)

146-154: Address inconsistency between identity validation and payment execution for mainnet-only chains.

The mainnet-only validation is a good improvement, but it creates an architectural inconsistency: identityManager.ts restricts both TRON and Solana to mainnet only (lines 146-154), yet pay.ts line 50 can access testnet/shasta/nile endpoints for TRON via chainProviders[operation.chain][operation.subchain]. This means users cannot register testnet identities, but the payment system can process testnet transactions.

Additionally, with both chains restricted to mainnet and no test files in the codebase, the testing strategy for identity flows is unclear. Consider either:

• Enforcing the mainnet-only policy consistently by restricting chainProviders access in payment execution, or
• Allowing testnet identities by removing the restriction and documenting why certain chains require mainnet only

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between db55486 and b669042.

📒 Files selected for processing (4)

• sdk/localsdk/multichain/configs/chainProviders.ts
• src/features/multichain/routines/executors/pay.ts
• src/libs/blockchain/gcr/gcr_routines/identityManager.ts
• src/utilities/validateUint8Array.ts

🔇 Additional comments (4)

src/libs/blockchain/gcr/gcr_routines/identityManager.ts (2)

16-16: LGTM! TRON import added.

The TRON import is correctly added alongside other chain SDKs.

---

46-46: LGTM! TRON chain registration added.

TRON has been properly registered in the chains map, consistent with other supported chains.

sdk/localsdk/multichain/configs/chainProviders.ts (1)

53-58: TRON endpoint configuration is correct.

Verification confirms all endpoints are accurate:

• Mainnet (https://api.trongrid.io), Shasta testnet (https://api.shasta.trongrid.io), and Nile testnet (https://nile.trongrid.io) match official TronGrid documentation.
• testnet and shasta intentionally share the same URL because Shasta is TRON's designated testnet.
• The nile endpoint correctly uses the https://nile.trongrid.io URL pattern without the /api prefix, per official specification.

No changes needed.

src/features/multichain/routines/executors/pay.ts (1)

101-103: LGTM! The TRON case correctly follows the established pattern.

The implementation is consistent with other JSON RPC chains (Solana, TON, NEAR, BTC) and properly uses genericJsonRpcPay with multichain.TRON which is correctly exported from the SDK.

[coderabbitai]

🛠️ Refactor suggestion | 🟠 Major

Make the transaction object detection more explicit and robust.

The current guard uses duck typing to identify serialized transaction objects, which is fragile and could match unintended objects. Consider:

1. The check doesn't validate that the properties have the expected types
2. There's no documentation indicating this is TRON-specific
3. Other chains might have similar property names, causing false positives

🔎 Proposed improvements

-        // Skip conversion for transaction objects that are not meant to be Uint8Arrays
-        const isSerializedTx = 'signature' in input && 'txID' in input && 'raw_data' in input
-        if (isSerializedTx) {
-            return input
-        }
+        // Skip conversion for TRON serialized transaction objects
+        // TRON transactions contain signature (array), txID (string), and raw_data (object)
+        const isTronSerializedTx = 
+            'signature' in input && 
+            'txID' in input && 
+            'raw_data' in input &&
+            Array.isArray((input as any).signature) &&
+            typeof (input as any).txID === 'string' &&
+            typeof (input as any).raw_data === 'object'
+        if (isTronSerializedTx) {
+            return input
+        }

This adds:

• Explicit documentation that this is for TRON transactions
• Type validation for the three properties to reduce false positives
• Clear intent for future maintainers

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	// Skip conversion for transaction objects that are not meant to be Uint8Arrays
	const isSerializedTx = 'signature' in input && 'txID' in input && 'raw_data' in input
	if (isSerializedTx) {
	return input
	}
	// Skip conversion for TRON serialized transaction objects
	// TRON transactions contain signature (array), txID (string), and raw_data (object)
	const isTronSerializedTx =
	'signature' in input &&
	'txID' in input &&
	'raw_data' in input &&
	Array.isArray((input as any).signature) &&
	typeof (input as any).txID === 'string' &&
	typeof (input as any).raw_data === 'object'
	if (isTronSerializedTx) {
	return input
	}

🤖 Prompt for AI Agents

In @src/utilities/validateUint8Array.ts around lines 20-24, The duck-typing
guard in validateUint8Array.ts (the isSerializedTx check inside the function
handling input) is too fragile; update it to explicitly document that it targets
TRON serialized transaction objects and strengthen it by validating types for
'signature' (e.g., Array or Uint8Array), 'txID' (string), and 'raw_data'
(object) rather than just checking property presence, so the function only
returns input when it confidently matches a TRON tx and avoids false positives
for other chains.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud