- Update @aitbc/aitbc-sdk from 0.2.0 to 0.2.3
- Update @aitbc/aitbc-token from 0.1.0 to 0.2.3
- Aligns with AITBC v0.2.3 release notes
- Major AI intelligence and agent transformation release
- Includes security fixes and economic intelligence features
- Update Solidity contracts Node.js requirement from >=18.0.0 to >=24.14.0
- Aligns with JS SDK engine requirement for consistency
- Ensures compatibility across all AITBC packages
- Update JS SDK vitest from 1.6.0 to 4.1.2 (fixes esbuild vulnerability)
- Update Solidity contracts solidity-coverage from 0.8.17 to 0.8.4
- Apply npm audit fix --force to resolve breaking changes
- Reduced total vulnerabilities from 48 to 29
- JS SDK now has 0 vulnerabilities (previously 4 moderate)
- Solidity contracts reduced from 41 to 29 vulnerabilities
- Remaining 29 are mostly legacy ethers v5 dependencies in Hardhat ecosystem
Security improvements:
- Fixed esbuild development server vulnerability
- Fixed serialize-javascript RCE and DoS vulnerabilities
- Updated lodash and other vulnerable dependencies
- Python dependencies remain secure (0 vulnerabilities)
aitbc-agent-sdk (package-tests.yml):
- Add AITBCAgent convenience class matching test expectations
- Fix test_agent_sdk.py: was importing nonexistent AITBCAgent, now tests
the real API (Agent.create, AgentCapabilities, to_dict) plus AITBCAgent
- Fix 3 remaining mypy errors: supported_models Optional coercion (line 64),
missing return types on _submit_to_marketplace/_update_marketplace_offer
- Run black on all 5 src files — zero mypy errors, zero black warnings
- All 6 tests pass
python-tests.yml:
- Add pynacl to pip install (aitbc-crypto and aitbc-sdk import nacl)
- Add pynacl>=1.5.0 to root requirements.txt
Service readiness (api-endpoint-tests.yml, integration-tests.yml):
- Replace curl -sf with curl http_code check — -sf fails on 404 responses
but port 8006 (blockchain RPC) returns 404 on / while being healthy
- Blockchain RPC uses REST /rpc/* endpoints, not JSON-RPC POST to /
Fix test_api_endpoints.py to test /health, /rpc/head, /rpc/info, /rpc/supply
- Remove dead test_rpc() function, add blockchain RPC to perf tests
- All 4 services now pass: coordinator, exchange, wallet, blockchain_rpc
- Integration-tests: check is-active before systemctl start to avoid
spurious warnings for already-running services
Hardhat compile (smart-contract-tests.yml, package-tests.yml):
- Relax engines field from >=24.14.0 to >=18.0.0 (CI has v24.13.0)
- Remove 2>/dev/null from hardhat compile/test so errors are visible
- Remove 2>/dev/null from npm run build/test in package-tests JS section
Service health checks:
- Exchange API uses /api/health not /health — updated test script
and workflow wait loops to check /api/health as fallback
- Increased wait time to 2s intervals, 15 retries for service readiness
- Performance tests now hit /health endpoints (not root /)
Hardhat compilation:
- aitbc-token was missing peer deps for @nomicfoundation/hardhat-toolbox
- Installed all 11 required peer packages (ethers, typechain, etc.)
- Contracts now compile (19 Solidity files) and all 17 tests pass
Rust workflow:
- Fixed HOME mismatch: gitea-runner HOME=/opt/gitea-runner vs
euid root HOME=/root — explicitly set HOME=/root in all steps
- Set RUSTUP_HOME and CARGO_HOME for consistent toolchain location
Mypy type annotations (aitbc-agent-sdk):
- agent.py: narrow key types to RSA (isinstance check before sign/verify),
fix supported_models Optional type, add __post_init__ return type
- compute_provider.py: add return types to all methods, declare
pricing_model/dynamic_pricing attrs, rename register→create_provider
to avoid signature conflict with parent, fix Optional safety
- swarm_coordinator.py: add return types to all 8 untyped methods
- Change file mode from 644 to 755 for all project files
- Add chain_id parameter to get_balance RPC endpoint with default "ait-devnet"
- Rename Miner.extra_meta_data to extra_metadata for consistency
