Near Protocol setup

[SergeyG-Solicy]

PR Type

Enhancement

---

Description

• Update NEAR RPC endpoints to use FastNEAR service

• Add NEAR chain support to pay operation handler

• Enhance hex string validation in Uint8Array utility

---

Diagram Walkthrough

flowchart LR
  A["NEAR RPC Config"] -->|"Update endpoints"| B["FastNEAR RPC"]
  C["Pay Operation Handler"] -->|"Add NEAR case"| D["genericJsonRpcPay"]
  E["Uint8Array Validator"] -->|"Support hex strings"| F["Buffer conversion"]

Loading

File Walkthrough

	Relevant files
Configuration changes	chainProviders.ts Update NEAR RPC endpoints to FastNEAR                                        sdk/localsdk/multichain/configs/chainProviders.ts Replace NEAR mainnet RPC endpoint from rpc.near.org to rpc.fastnear.com Replace NEAR testnet RPC endpoint from rpc.testnet.near.org to test.rpc.fastnear.com +2/-2
Enhancement	pay.ts Add NEAR chain payment execution support                                  src/features/multichain/routines/executors/pay.ts Add NEAR case handler in payment operation switch statement Call genericJsonRpcPay with multichain.NEAR and RPC URL for NEAR transactions +4/-0      validateUint8Array.ts Support hex string to Uint8Array conversion                            src/utilities/validateUint8Array.ts Add hex string detection and conversion logic Convert valid hex strings to Uint8Array using Buffer.from(input, "hex") Validate hex string format with regex and even length requirement +5/-0

---

Summary by CodeRabbit

• Improvements
  • Updated NEAR mainnet and testnet network endpoints
• New Features
  • Added NEAR blockchain support to payment processing

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[tcsenpai]

Your trial has ended! 😢

To keep getting reviews, activate your plan here.

Got questions about plans or want to see if we can extend your trial? Talk to our founders here.😎

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

Updates NEAR network RPC endpoints to use fastnear.com providers and adds NEAR blockchain support to the non-EVM payment executor by implementing a new case that delegates to the generic JSON-RPC pay handler.

Changes

Cohort / File(s)	Summary
NEAR Provider Configuration sdk/localsdk/multichain/configs/chainProviders.ts	Updated mainnet RPC endpoint from rpc.near.org to rpc.fastnear.com and testnet endpoint from rpc.testnet.near.org to test.rpc.fastnear.com
NEAR Payment Executor Support src/features/multichain/routines/executors/pay.ts	Added "near" case in non-EVM pay switch statement that delegates to genericJsonRpcPay using multichain.NEAR, mirroring existing ton and btc implementations

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• Near Protocol setup #523: Identical updates to NEAR RPC endpoints and non-EVM pay executor NEAR case handling
• Added ATOM (Cosmos Hub) chain support for transaction broadcasting #526: Same modifications to chainProviders.ts and pay.ts files with NEAR chain support

Poem

🐰 FastNEAR hops into place,
RPC endpoints find their grace,
Pay executor's arms spread wide,
NEAR blockchain joins the ride! ✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Near Protocol setup' accurately reflects the main changes: integrating Near chain support across the codebase including chain provider endpoints, payment execution, and utility updates.

---

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 0a92ce8 and 1ed58f5.

📒 Files selected for processing (2)

• sdk/localsdk/multichain/configs/chainProviders.ts
• src/features/multichain/routines/executors/pay.ts

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
⚪	Unbounded input conversion Description: Unvalidated hex-to-bytes conversion may allow excessively large or attacker-controlled inputs to be turned into Buffer objects, risking memory exhaustion or downstream misuse if the resulting bytes are used in cryptographic or transactional contexts without size limits. validateUint8Array.ts [8-10] Referred Code if (typeof input === "string" && /^[0-9a-fA-F]+$/.test(input) && input.length % 2 === 0) { return Buffer.from(input, "hex") }
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Missing audit logs: The new NEAR payment path performs a critical action without any visible auditing or logging of actor, action, and outcome. Referred Code case "near": result = await genericJsonRpcPay(multichain.NEAR, rpcUrl, operation) break case "btc": result = await genericJsonRpcPay(multichain.BTC, rpcUrl, operation) break Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Hex input edge cases: Hex string conversion lacks explicit error handling for odd-length, 0x-prefixed, or very large inputs and does not surface actionable error context. Referred Code // Handle hex string - convert back to Uint8Array if (typeof input === "string" && /^[0-9a-fA-F]+$/.test(input) && input.length % 2 === 0) { return Buffer.from(input, "hex") } Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Unprefixed hex only: The validator accepts only unprefixed hex and converts directly to Buffer without length limits or normalization, which may allow unexpected inputs or resource misuse depending on upstream trust boundaries. Referred Code // Handle hex string - convert back to Uint8Array if (typeof input === "string" && /^[0-9a-fA-F]+$/.test(input) && input.length % 2 === 0) { return Buffer.from(input, "hex") } Learn more about managing compliance generic rules or creating your own custom rules
Update

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-code-review]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	✅ Refine hex string detection logic Suggestion Impact: The commit updated the hex-string handling to only convert when the input string starts with "0x", then validates the remaining characters and even length before calling Buffer.from(..., "hex"), preventing conversion of numeric strings without the prefix. code diff: - // Handle hex string - convert back to Uint8Array - if (typeof input === "string" && /^[0-9a-fA-F]+$/.test(input) && input.length % 2 === 0) { - return Buffer.from(input, "hex") + // Handle hex strings + if (typeof input === "string" && input.startsWith("0x")) { + const hexString = input.slice(2) // Remove "0x" prefix + // Validate hex string before conversion + if (hexString.length % 2 === 0 && /^[0-9a-fA-F]*$/.test(hexString)) { + return Buffer.from(hexString, "hex") + } + + return input } Refine the hex string detection logic to prevent misinterpreting numeric strings as hex. Require a "0x" prefix for a string to be converted from hex to a Uint8Array. src/utilities/validateUint8Array.ts [7-10] // Handle hex string - convert back to Uint8Array -if (typeof input === "string" && /^[0-9a-fA-F]+$/.test(input) && input.length % 2 === 0) { - return Buffer.from(input, "hex") +if (typeof input === "string" && input.startsWith("0x")) { + const hex = input.substring(2); + if (/^[0-9a-fA-F]*$/.test(hex) && hex.length % 2 === 0) { + return Buffer.from(hex, "hex"); + } } [Suggestion processed] Suggestion importance[1-10]: 8 __ Why: The suggestion correctly identifies a potential bug where a numeric string like "1234" would be incorrectly converted to a hex buffer. Enforcing a 0x prefix makes the conversion explicit and prevents this class of errors.	Medium
Update

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

src/utilities/validateUint8Array.ts (1)

7-10: Hex-string handling is correct; be explicit about the accepted format

The new branch cleanly supports naked hex strings (no 0x prefix, [0-9a-fA-F]+, even length) and returns a Buffer/Uint8Array, which fits the existing use of Buffer.from later in the function.

Two behavioral nuances to be aware of:

• Any input that happens to be an even-length hex-only string will now be converted to bytes instead of passed through as a string.
• Hex strings with a 0x prefix or embedded whitespace will not be converted and will still flow through unchanged.

If upstream payloads might use 0x-prefixed hex or if there are other hex-looking string fields that should remain strings, consider:

• Adding tests that lock in the desired behavior for those shapes, and
• Optionally normalizing (e.g., stripping 0x) inside this branch if that matches how callers encode payloads.

sdk/localsdk/multichain/configs/chainProviders.ts (1)

37-38: NEAR RPC endpoints update is consistent with existing mapping

Switching NEAR mainnet/testnet to the fastnear URLs is consistent with how other chains are wired here (hardcoded, public RPC endpoints). From a code perspective this looks fine.

Given these are third‑party RPCs, you may want (later) to:

• Keep the domain in config/env so it’s easy to rotate if limits or availability change.
• Ensure any monitoring/alerts you have around RPC health include these new hosts.

src/features/multichain/routines/executors/pay.ts (1)

87-89: NEAR routing mirrors existing non‑EVM JSON‑RPC chains

The new "near" case cleanly follows the existing pattern (egld/ibc/solana/ton/btc), reusing genericJsonRpcPay with multichain.NEAR and the precomputed rpcUrl. That keeps the branching logic consistent and leverages the shared send path, including validateIfUint8Array for the payload.

It’d be good to add at least one NEAR path test (or e2e/integration check) alongside the other non‑EVM chains to ensure:

• operation.chain / operation.subchain values line up with the new chainProviders.near entries, and
• multichain.NEAR.create(rpcUrl) + sendTransaction behave as expected with the converted payload shape.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 435c0fa and 0a92ce8.

📒 Files selected for processing (3)

• sdk/localsdk/multichain/configs/chainProviders.ts (1 hunks)
• src/features/multichain/routines/executors/pay.ts (1 hunks)
• src/utilities/validateUint8Array.ts (1 hunks)

[tcsenpai]

Your trial has ended! 😢

To keep getting reviews, activate your plan here.

Got questions about plans or want to see if we can extend your trial? Talk to our founders here.😎

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud