Added scriptable tokens support

[tcsenpai]

Delivers a “ship-it” token feature package by combining:

• A reproducible multi-node devnet test harness (better_testing/) that validates token correctness and cross-node convergence.
• A suite of complex token-script scenarios (branchy logic, dynamic policy updates, vesting/lockup via internal state, escrow-like state machine) to stress determinism and state handling.
• Comprehensive token documentation (storage model, ACL, RPC read APIs, scripting execution model) with diagrams.
• A consolidated test-results page with the exact RUN_IDs we executed + where to find artifacts.

Highlights

Complex scripting is now exercised beyond simple hooks:

• deny/allow lists, quotas, fee bookkeeping
• in-band admin policy updates through “command” transfers
• vesting/lockup enforced via script state (admin-controlled unlocks)
• escrow-style state machine with deterministic rejects and cross-node convergence
• Documentation added to make tokens reviewable without spelunking the codebase.
• Test runs are traceable via RUN_IDs and on-disk artifacts (better_testing/runs/<RUN_ID>/).

Summary by CodeRabbit

Release Notes

• New Features

  • Added Beadspace: interactive dashboard for viewing and managing issues with search, filtering, and analytics.
  • Introduced Better Testing framework: comprehensive load generation and scenario testing for token operations, consensus, and ACL management.
  • Enabled Token Scripting System: support for custom hooks, view functions, and complex policy execution on tokens.
  • Added GitHub Pages automation: automatic deployment of Beadspace to GitHub Pages on repository updates.

• Documentation

  • Updated architectural and codebase documentation with streamlined guides.
  • Added comprehensive testing and load generation documentation.

• Configuration

  • Updated project configuration and ignore patterns to support new testing infrastructure.

[qodo-code-review]

Persistent review updated to latest commit ed9c402

[github-actions]

⚠️ MCP Memory Files Detected

This PR modifies .serena/ files. After merge, these changes will be automatically reverted to preserve branch-specific MCP memories.

Files that will be reverted:

• .serena/memories/arch_hook_system.md
• .serena/memories/arch_scripting_module_structure.md
• .serena/memories/feature_scripting_custom_methods.md
• .serena/memories/feature_scripting_system_complete.md
• .serena/memories/feature_scripting_system_overview.md
• .serena/memories/feature_scripting_system_phase2.md
• .serena/memories/feature_scripting_validation_rules.md
• .serena/memories/feature_scripting_view_functions.md
• .serena/memories/pattern_scripting_types_sdk_vs_node.md
• .serena/project.yml

[github-actions]

⚠️ Beads Issue Tracking Files Detected

This PR modifies .beads/ issue tracking files. After merge, these changes will be automatically reverted to preserve branch-specific issue tracking.

Files that will be reverted:

• .beads/deletions.jsonl
• .beads/issues.jsonl
• .beads/metadata.json

[tcsenpai]

Resolved remaining review blockers with new commits on :\n\n- Unsafe script VM: disabled string codegen, blocked Date.now/Math.random, bounded compiled cache (src/libs/scripting/index.ts).\n- Non-deterministic timestamps/prevBlockHash: removed Date.now fallbacks and empty prevBlockHash in token contexts; ACL/script upgrade timestamps now use tx timestamp (src/libs/blockchain/gcr/gcr_routines/GCRTokenRoutines.ts).\n- Simulate rollback persistence: propagate simulate flag into rollback so validation cannot persist (src/libs/blockchain/gcr/handleGCR.ts).\n- Finalization atomicity: apply token edits + insert block in one DB transaction; Chain.insertBlock supports reuse of outer transaction (src/libs/consensus/v2/PoRBFT.ts, src/libs/blockchain/chain.ts).\n- Nonce/security/datasource: removed nonce bypass (assignNonce), added optional rate limiting (disabled unless SECURITY_RATE_LIMIT_ENABLED=true), and disabled TypeORM synchronize by default in production (TYPEORM_SYNCHRONIZE override) (src/libs/blockchain/routines/validateTransaction.ts, src/libs/network/securityModule.ts, src/model/datasource.ts).\n

[tcsenpai]

Resolved remaining review blockers with new commits on tokens:

• Unsafe script VM: disabled string codegen, blocked Date.now/Math.random, bounded compiled cache (src/libs/scripting/index.ts).
• Non-deterministic timestamps/prevBlockHash: removed Date.now fallbacks and empty prevBlockHash in token contexts; ACL/script upgrade timestamps now use tx timestamp (src/libs/blockchain/gcr/gcr_routines/GCRTokenRoutines.ts).
• Simulate rollback persistence: propagate simulate flag into rollback so validation cannot persist (src/libs/blockchain/gcr/handleGCR.ts).
• Finalization atomicity: apply token edits + insert block in one DB transaction; Chain.insertBlock supports reuse of outer transaction (src/libs/consensus/v2/PoRBFT.ts, src/libs/blockchain/chain.ts).
• Nonce/security/datasource: removed nonce bypass (assignNonce), added optional rate limiting (disabled unless SECURITY_RATE_LIMIT_ENABLED=true), and disabled TypeORM synchronize by default in production (TYPEORM_SYNCHRONIZE override) (src/libs/blockchain/routines/validateTransaction.ts, src/libs/network/securityModule.ts, src/model/datasource.ts).

[github-actions]

⚠️ Beads Issue Tracking Files Detected

This PR modifies .beads/ issue tracking files. After merge, these changes will be automatically reverted to preserve branch-specific issue tracking.

Files that will be reverted:

• .beads/deletions.jsonl
• .beads/issues.jsonl
• .beads/metadata.json

[github-actions]

⚠️ MCP Memory Files Detected

This PR modifies .serena/ files. After merge, these changes will be automatically reverted to preserve branch-specific MCP memories.

Files that will be reverted:

• .serena/memories/arch_hook_system.md
• .serena/memories/arch_scripting_module_structure.md
• .serena/memories/feature_scripting_custom_methods.md
• .serena/memories/feature_scripting_system_complete.md
• .serena/memories/feature_scripting_system_overview.md
• .serena/memories/feature_scripting_system_phase2.md
• .serena/memories/feature_scripting_validation_rules.md
• .serena/memories/feature_scripting_view_functions.md
• .serena/memories/pattern_scripting_types_sdk_vs_node.md
• .serena/project.yml

[tcsenpai]

Addressed the remaining CodeRabbit review summary note about by converting it to JSONL and removing the file (commit ).

[tcsenpai]

Addressed the remaining CodeRabbit review summary note about .beads/backup/backup_state.json by converting it to JSONL and removing the .json file (commit d34dda81).

[tcsenpai]

/agentic_review

[qodo-code-review]

Persistent review updated to latest commit d34dda8

[github-actions]

⚠️ Beads Issue Tracking Files Detected

This PR modifies .beads/ issue tracking files. After merge, these changes will be automatically reverted to preserve branch-specific issue tracking.

Files that will be reverted:

• .beads/deletions.jsonl
• .beads/issues.jsonl
• .beads/metadata.json

[github-actions]

⚠️ MCP Memory Files Detected

This PR modifies .serena/ files. After merge, these changes will be automatically reverted to preserve branch-specific MCP memories.

Files that will be reverted:

• .serena/memories/arch_hook_system.md
• .serena/memories/arch_scripting_module_structure.md
• .serena/memories/feature_scripting_custom_methods.md
• .serena/memories/feature_scripting_system_complete.md
• .serena/memories/feature_scripting_system_overview.md
• .serena/memories/feature_scripting_system_phase2.md
• .serena/memories/feature_scripting_validation_rules.md
• .serena/memories/feature_scripting_view_functions.md
• .serena/memories/pattern_scripting_types_sdk_vs_node.md
• .serena/project.yml

[tcsenpai]

New Qodo review round addressed on tokens:

• Phase checklist in .serena doc: removed the in-repo phase/progress checklist; doc is now informational only (commit 68ce2be5).
• Uninitialized datasource access in token nodeCalls: replaced direct dataSource.getRepository(...) with await Datasource.getInstance()-backed repositories (commit d24ded16).
• Token caller spoofing: reject token edits when edit.account != tx.content.from (commit b740e965).
• Sync script context drift: apply GCR/token edits before Chain.insertBlock() during sync/batch sync so scripts see correct prevBlockHash; also ensure tx.blockNumber is set (commit 62065733).

[github-actions]

⚠️ Beads Issue Tracking Files Detected

This PR modifies .beads/ issue tracking files. After merge, these changes will be automatically reverted to preserve branch-specific issue tracking.

Files that will be reverted:

• .beads/deletions.jsonl
• .beads/issues.jsonl
• .beads/metadata.json

[github-actions]

⚠️ MCP Memory Files Detected

This PR modifies .serena/ files. After merge, these changes will be automatically reverted to preserve branch-specific MCP memories.

Files that will be reverted:

• .serena/memories/arch_hook_system.md
• .serena/memories/arch_scripting_module_structure.md
• .serena/memories/feature_scripting_custom_methods.md
• .serena/memories/feature_scripting_system_complete.md
• .serena/memories/feature_scripting_system_overview.md
• .serena/memories/feature_scripting_system_phase2.md
• .serena/memories/feature_scripting_validation_rules.md
• .serena/memories/feature_scripting_view_functions.md
• .serena/memories/pattern_scripting_types_sdk_vs_node.md
• .serena/project.yml

[sonarqubecloud]

Quality Gate failed

Failed conditions
45 Security Hotspots
9.1% Duplication on New Code (required ≤ 3%)
D Reliability Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE