Skip to content

docs: fix "fill or kill type or order" typo in allow_partial doc comments#2875

Merged
IntiTechnologies merged 39 commits into
mainfrom
fix-fill-or-kill-doc-typo
Jul 13, 2026
Merged

docs: fix "fill or kill type or order" typo in allow_partial doc comments#2875
IntiTechnologies merged 39 commits into
mainfrom
fix-fill-or-kill-doc-typo

Conversation

@unarbos

@unarbos unarbos commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

Summary

Test plan

  • try-runtime devnet/testnet/mainnet restore v-named snapshots from the freshly dispatched producer run (expected minutes, not a 30-min live scrape)
  • All four clone-upgrade shards and the Sudo-upgrade gate green

Made with Cursor

…ents

Co-authored-by: Cursor <cursoragent@cursor.com>
@vercel

vercel Bot commented Jul 12, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
subtensor Ready Ready Preview, Comment Jul 13, 2026 3:24pm

Request Review

@github-actions

github-actions Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

🛡️ AI Review — Skeptic (security review)

VERDICT: VULNERABLE

MEDIUM scrutiny — 118-day-old contributor with repository write access and substantial history; no Gittensor association; fix-fill-or-kill-doc-typo → main.

The PR is no longer doc-only: it includes the merged runtime-upgrade signing and CI changes. The previously identified signing trust-boundary issue remains.

Findings

Sev File Finding
HIGH sdk/python/bittensor/cli/commands/upgrade.py:447 Require an independently built runtime before signing inline

Prior-comment reconciliation

  • a8e52f97: not addressed — The command still proceeds after merely warning that the runtime came from the release rather than a local build.

Conclusion

The change appears legitimate, but the signing command still permits mainnet approval without independently verifying the runtime bytes.


📜 Previous run (superseded)
Sev File Finding Status
HIGH sdk/python/bittensor/cli/commands/upgrade.py:447 Require an independently built runtime before signing ➡️ Carried forward to current findings
The command still proceeds after merely warning that the runtime came from the release rather than a local build.

🔍 AI Review — Auditor (domain review)

VERDICT: 👍

UNKNOWN Gittensor association; established high-volume contributor with repository write access.

The changes are non-runtime and require neither tests nor a spec_version bump.

Description discrepancy: the PR body calls this a doc-comment-only change, but the branch also changes Docker-pull retry behavior and adds a scoped deprecation allowance to a migration test. The body should mention those ancillary changes.

Findings

Sev File Finding
LOW pallets/subtensor/src/macros/dispatches.rs:1393 Replacement remains grammatically awkward inline

Prior-comment reconciliation

  • e930e934: not addressed — The wording remains “fill or kill type of order”; the standard phrasing is “a fill-or-kill order.”

Conclusion

The PR is safe to merge, though the remaining awkward wording should be corrected consistently before or during merge.


📜 Previous run (superseded)
Sev File Finding Status
LOW pallets/subtensor/src/macros/dispatches.rs:1393 Replacement remains grammatically awkward ➡️ Carried forward to current findings
The wording remains “fill or kill type of order”; the standard phrasing is “a fill-or-kill order.”

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment on lines 1392 to +1393
/// * `allow_partial`: Allows partial execution of the amount. If set to false, this becomes
/// fill or kill type or order.
/// fill or kill type of order.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[LOW] Replacement remains grammatically awkward

“Fill-or-kill” is the established compound adjective; “fill or kill type of order” remains ungrammatical. Use the clearer wording below consistently across all five changed comments.

Suggested change
/// * `allow_partial`: Allows partial execution of the amount. If set to false, this becomes
/// fill or kill type or order.
/// fill or kill type of order.
/// * `allow_partial`: Allows partial execution of the amount. If set to false, this becomes
/// a fill-or-kill order.

@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

…ration test

The doc comment typo fix propagates into runtime metadata, so the generated
Python calls.py must be regenerated to keep the metadata drift gate green.
Also silence clippy::deprecated on the LastTxBlockDelegateTake migration test,
which intentionally exercises the deprecated storage aliases.

Co-authored-by: Cursor <cursoragent@cursor.com>

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

///
/// * `allow_partial`: Allows partial execution of the amount. If set to false, this becomes
/// fill or kill type or order.
/// fill or kill type of order.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[LOW] Replacement remains grammatically awkward

“Fill or kill type of order” is still unnatural. Use the standard compound term “a fill-or-kill order,” and apply the same wording to the other source and generated occurrences in this PR.

Suggested change
/// fill or kill type of order.
/// a fill-or-kill order.

@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

…ials

With ~120 parallel e2e jobs pulling the same localnet image, GHCR
occasionally returns a spurious permission_denied. Retry with backoff
instead of failing the shard on the first attempt.

Co-authored-by: Cursor <cursoragent@cursor.com>

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

///
/// * `allow_partial`: Allows partial execution of the amount. If set to false, this becomes
/// fill or kill type or order.
/// fill or kill type of order.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[LOW] Replacement remains grammatically awkward

“Fill or kill type of order” is still unnatural and does not use the standard term. Use “a fill-or-kill order” here and in every corresponding source/generated occurrence.

Suggested change
/// fill or kill type of order.
/// a fill-or-kill order.

@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: SAFE Auditor: 👍

UnArbosFive and others added 3 commits July 13, 2026 17:01
…eleases)

The release train now publishes each mainnet upgrade proposal as a
pre-release v<spec> whose page URL is the single thing to share with
signers: it carries the signer instructions and the artifacts
(proxy_proxy_blob.hex, subtensor.wasm, digest, upgrade-manifest.json)
as stable-URL assets. The mainnet watcher promotes the pre-release to
the final release once the upgrade executes instead of creating a new
one.

On the signer side, a new `btcli upgrade` command group replaces the
manual prod-approval.js flow: `pending` discovers proposals purely from
chain state (sudo.key() -> SudoUncheckedSetCode proxy -> pending
multisig ops), `check` verifies the call data end to end (exact
structural re-encoding against live metadata, srtool digest, live sudo
key, on-chain call hash — with --wasm pinning it to a self-built
runtime), and `sign` runs every check then auto-detects the
first/interior/final signer position from chain state and submits the
matching approval. `btcli multisig pending` surfaces pending upgrades
when the multisig is the chain's sudo key.

Co-authored-by: Cursor <cursoragent@cursor.com>

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment on lines +443 to +447
if bundle.wasm_source != "local":
app_ctx.output.message(
"[yellow]note:[/yellow] the runtime was taken from the release, not a local "
"srtool build — anyone reproducing the build should pass --wasm"
)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[HIGH] Require an independently built runtime before signing

This warning still allows signing when both the proposal blob and WASM came from the release. Those artifacts share the CI/GitHub trust domain that submitted the on-chain proposal, so their byte equality does not independently establish that the runtime corresponds to reviewed source. If CI, its credentials, or release publication is compromised, the recommended btcli upgrade sign --url ... flow lets triumvirate members approve arbitrary structurally valid runtime code. Preserve the multisig’s independent security boundary by refusing to sign unless --wasm supplies a locally reproduced build.

Suggested change
if bundle.wasm_source != "local":
app_ctx.output.message(
"[yellow]note:[/yellow] the runtime was taken from the release, not a local "
"srtool build — anyone reproducing the build should pass --wasm"
)
if bundle.wasm_source != "local":
app_ctx.output.error(
"refusing to sign without an independently built runtime; pass --wasm "
"with the byte-identical srtool build produced from reviewed source"
)
raise typer.Exit(1)

@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: VULNERABLE

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AI review — see the sticky summary comment for the verdict and the inline comments below for specific findings.

Comment on lines +443 to +447
if bundle.wasm_source != "local":
app_ctx.output.message(
"[yellow]note:[/yellow] the runtime was taken from the release, not a local "
"srtool build — anyone reproducing the build should pass --wasm"
)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[HIGH] Require an independently built runtime before signing

This remains only a warning, so every triumvirate signer can approve runtime bytes supplied by the same CI/release trust domain that proposed them. If that domain is compromised, all documented checks can agree on malicious bytes without any signer independently deriving the runtime from source. Refuse signing unless --wasm supplied a locally reproduced build.

Suggested change
if bundle.wasm_source != "local":
app_ctx.output.message(
"[yellow]note:[/yellow] the runtime was taken from the release, not a local "
"srtool build — anyone reproducing the build should pass --wasm"
)
if bundle.wasm_source != "local":
app_ctx.output.error(
"refusing to sign without an independently built runtime",
help="build the tagged source with srtool and pass the result with --wasm",
)
raise typer.Exit(1)

@github-actions

Copy link
Copy Markdown
Contributor

🔄 AI review updated — Skeptic: VULNERABLE

@IntiTechnologies IntiTechnologies merged commit 7b41d53 into main Jul 13, 2026
175 of 177 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants