feat: transfer TRUF in between network

[MicBun]

resolves: https://github.com/truflation/website/issues/3849

Summary by CodeRabbit

• New Features

  • Added bridge transfer capability: send tokens via bridge operations with automatic confirmation and returned transaction hash.

• Changes

  • Amount input validation tightened: only integer numeric strings accepted and "0" is rejected to prevent invalid transfers.

[holdex]

Time Submission Status

Member	Status	Time	Action	Last Update
MicBun	✅ Submitted	4h	Update time	May 11, 2026, 10:38 AM

---

You can submit time with the command. Example:

@holdex pr submit-time 15m

See available commands to help comply with our Guidelines.

[coderabbitai]

Warning

Rate limit exceeded

@MicBun has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 50 minutes and 1 second before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 1cffc456-79cf-4afe-b889-147cab08a28f

📥 Commits

Reviewing files that changed from the base of the PR and between 7854a6b and f1ecd20.

📒 Files selected for processing (1)

• src/contracts-api/action.ts

📝 Walkthrough

Walkthrough

Adds a bridge token transfer feature: action-level amount validation and a new Action.transfer that calls ${bridgeIdentifier}_transfer, a BaseTNClient.transfer that invokes the action and waits for mining, and public docs for the new client.transfer API including fee semantics.

Changes

Bridge Token Transfer

Layer / File(s)	Summary
Amount Validation Change src/contracts-api/action.ts	bridgeTokens validation changed to a digit-only regex and rejects "0".
Bridge Transfer Action src/contracts-api/action.ts	Adds Action.transfer(bridgeIdentifier, recipient, amount) which validates amount and executes ${bridgeIdentifier}_transfer with $to_address and $amount, returning a tx receipt response.
Client Transfer Orchestration src/client/client.ts	Adds BaseTNClient.transfer(...) that calls Action.transfer, verifies tx_hash, waits for transaction mining via waitForTx, and returns the tx_hash (wraps wait failures with "Transfer transaction failed").
Public API Documentation docs/api-reference.md	Documents client.transfer(bridgeIdentifier, recipient, amount): Promise<string> including 1-token action fee behavior, parameters, return value, and TypeScript example.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• trufnetwork/sdk-js#125: Modifies src/contracts-api/action.ts and touches Action.bridgeTokens, related to validation/bridge behavior.
• trufnetwork/sdk-js#148: Touches bridge-related Action and BaseTNClient code and uses bridgeIdentifier-based action namespaces.
• trufnetwork/sdk-js#123: Adds bridge-related methods to Action and BaseTNClient, overlapping in affected classes.

Suggested reviewers

• pr-time-tracker

Poem

🐰 I hopped through code by moonlit beams,
A bridge in sight, and token streams,
Validated hops, a tx to find,
Waited till mined, then left behind—
Hooray, the transfer crossed in dreams.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat: transfer TRUF in between network' accurately describes the main functionality added—a new transfer method for TRUF tokens across networks, reflected in the new client.transfer() and Action.transfer() methods.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch transferTRUF

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[MicBun]

@holdex pr submit-time 4h

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/contracts-api/action.ts`:
- Around line 1159-1162: The current validation uses parseFloat on the amount
string (const numAmount = parseFloat(amount); ...), which can lose precision for
large wei values; replace this check with a string-based integer validation
(e.g., ensure amount matches /^[0-9]+$/ and is not "0") and remove parseFloat
usage, throwing the same Invalid amount error when the regex fails; apply the
identical change to the bridgeTokens validation block where parseFloat is used
so both places validate positive integer strings without converting to a float.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: adf4d36d-bd86-40ed-9a08-913f9ffeee3f

📥 Commits

Reviewing files that changed from the base of the PR and between c599e1c and 0badfa0.

📒 Files selected for processing (3)

• docs/api-reference.md
• src/client/client.ts
• src/contracts-api/action.ts

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

src/contracts-api/action.ts (2)

1152-1164: ⚡ Quick win

Validate recipient address format before submitting transfer.

transfer accepts any recipient string, but docs require Ethereum address format. Fail fast in SDK to avoid avoidable chain call failures.

Suggested fix

   public async transfer(
     bridgeIdentifier: string,
     recipient: string,
     amount: string
   ): Promise<Types.GenericResponse<Types.TxReceipt>> {
+    // Fail fast on malformed destination address
+    new EthereumAddress(recipient);
+
     if (!/^[0-9]+$/.test(amount) || amount === "0") {
       throw new Error(`Invalid amount: ${amount}. Amount must be greater than 0.`);
     }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/contracts-api/action.ts` around lines 1152 - 1164, The transfer method
currently doesn't validate recipient format; add a pre-check inside transfer
(before executeWithNamedParams) to ensure recipient is a valid Ethereum address
(e.g. matches /^0x[a-fA-F0-9]{40}$/ or use an existing utility like
ethers.utils.isAddress if available) and throw a clear Error such as `Invalid
recipient address: ${recipient}` when it fails; keep the existing amount
validation and then proceed to call transfer (`transfer` method) as before if
the recipient is valid.

---

1112-1113: ⚡ Quick win

Extract shared amount guard to avoid drift between transfer flows.

bridgeTokens and transfer duplicate the same validation block; centralizing it reduces divergence risk (especially for edge-case fixes).

Suggested refactor

+  private validatePositiveWeiAmount(amount: string): void {
+    if (!/^[0-9]+$/.test(amount) || BigInt(amount) <= 0n) {
+      throw new Error(`Invalid amount: ${amount}. Amount must be greater than 0.`);
+    }
+  }

   public async bridgeTokens(
@@
-    if (!/^[0-9]+$/.test(amount) || amount === "0") {
-      throw new Error(`Invalid amount: ${amount}. Amount must be greater than 0.`);
-    }
+    this.validatePositiveWeiAmount(amount);

@@
   public async transfer(
@@
-    if (!/^[0-9]+$/.test(amount) || amount === "0") {
-      throw new Error(`Invalid amount: ${amount}. Amount must be greater than 0.`);
-    }
+    this.validatePositiveWeiAmount(amount);

Also applies to: 1157-1159

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/contracts-api/action.ts` around lines 1112 - 1113, Extract the duplicated
amount validation into a single helper (e.g., validateAmount or
ensureAmountGreaterThanZero) and replace the inline checks in both bridgeTokens
and transfer with a call to that helper; the helper should verify the string
matches /^[0-9]+$/ and is not "0" and throw the same Error(`Invalid amount:
${amount}. Amount must be greater than 0.`) to preserve behavior. Update both
call sites (the validation currently inside bridgeTokens and transfer) to use
the new function and remove the duplicated regex/zero checks so future fixes
only touch the shared helper.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/contracts-api/action.ts`:
- Around line 1112-1113: The amount check currently allows zero-equivalent
strings like "00"; update the validation in both bridgeTokens and transfer to
ensure the numeric value is positive by combining the digits-only check with a
numeric BigInt comparison—i.e., replace the existing if that tests
/^[0-9]+$/.test(amount) || amount === "0" with a guard that ensures
/^[0-9]+$/.test(amount) && BigInt(amount) > 0, and throw the same error when
that condition fails.

---

Nitpick comments:
In `@src/contracts-api/action.ts`:
- Around line 1152-1164: The transfer method currently doesn't validate
recipient format; add a pre-check inside transfer (before
executeWithNamedParams) to ensure recipient is a valid Ethereum address (e.g.
matches /^0x[a-fA-F0-9]{40}$/ or use an existing utility like
ethers.utils.isAddress if available) and throw a clear Error such as `Invalid
recipient address: ${recipient}` when it fails; keep the existing amount
validation and then proceed to call transfer (`transfer` method) as before if
the recipient is valid.
- Around line 1112-1113: Extract the duplicated amount validation into a single
helper (e.g., validateAmount or ensureAmountGreaterThanZero) and replace the
inline checks in both bridgeTokens and transfer with a call to that helper; the
helper should verify the string matches /^[0-9]+$/ and is not "0" and throw the
same Error(`Invalid amount: ${amount}. Amount must be greater than 0.`) to
preserve behavior. Update both call sites (the validation currently inside
bridgeTokens and transfer) to use the new function and remove the duplicated
regex/zero checks so future fixes only touch the shared helper.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e65cce41-24fd-43a3-8bb5-2e8922ee8b27

📥 Commits

Reviewing files that changed from the base of the PR and between 0badfa0 and 7854a6b.

📒 Files selected for processing (1)

• src/contracts-api/action.ts