XRP send functionality implementation

[SergeyG-Solicy]

PR Type

Enhancement

---

Description

• Refactored XRP transaction error handling with explicit prefix checks

• Removed complex payload format detection logic

• Improved error messages with specific XRPL result code categories

• Simplified transaction result extraction and validation logic

---

Diagram Walkthrough

flowchart LR
  A["Transaction Submission"] --> B["Extract Result Code"]
  B --> C["Check tesSUCCESS"]
  C -->|Success| D["Return Success"]
  C -->|Failure| E["Check Error Prefix"]
  E -->|tec| F["Fee Charged Error"]
  E -->|tem| G["Malformed Error"]
  E -->|ter| H["Provisional Error"]
  E -->|tef| I["Rejected Error"]
  E -->|Unknown| J["Unknown Error"]
  F --> K["Return Error with Code"]
  G --> K
  H --> K
  I --> K
  J --> K

Loading

File Walkthrough

Relevant files

Enhancement

pay.ts Simplify XRP error handling with explicit code checks        src/features/multichain/routines/executors/pay.ts Removed complex payload format detection (string vs object handling) Simplified transaction result extraction by directly accessing TransactionResult or engine_result Replaced dictionary-based error prefix lookup with explicit startsWith() checks for each XRPL code category Added structured error responses with extra field containing transaction code and validation status Changed error handling in catch block to use error.toString() instead of conditional message extraction +39/-44

---

Summary by CodeRabbit

• Bug Fixes

  • Improved validation and clearer, more specific error messages for payment transactions, giving better insight into transaction outcomes and failures.

• Refactor

  • Consolidated and simplified the payment submission flow into a single, more reliable path with streamlined result handling for consistent user-facing responses.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[tcsenpai]

Your trial has ended! 😢

To keep getting reviews, activate your plan here.

Got questions about plans or want to see if we can extend your trial? Talk to our founders here.😎

[coderabbitai]

Walkthrough

Removes prior signedPayloads validation and multi-path submission for XRPL; uses a single submission flow that extracts tx_blob, submits via provider, and handles results by transaction-result-prefix (tesSUCCESS, tec*, tem*, ter*, tef*), with adjusted error messaging and catch behavior.

Changes

Cohort / File(s)	Summary
XRPL Pay Executor Refactor src/features/multichain/routines/executors/pay.ts	Removes pre-checks and multi-path tx_blob handling; accepts string or { tx_blob }, validates tx_blob, submits via single flow, and implements prefix-based result handling (tesSUCCESS, tec*, tem*, ter*, tef*). Updates error message extraction and catch -> toString() conversion.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Near Protocol setup #523: Edits the same pay executor and adds a NEAR case; changes may overlap in the executor switch handling.
• Feature/xrp send implementation #535: Refactors XRPL path in the same pay executor to use submitAndWait and prefix-based result handling similar to this change.

Suggested labels

Review effort 3/5

Poem

🐇 I hopped through blobs and prefixed codes,
Submitting once where the old path strode.
tesSUCCESS — a cheerful thump,
tec/tem/ter/tef — a puzzled bump.
🥕 Cheers, the rabbit guards the node.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'XRP send functionality implementation' is vague and overly broad, not clearly reflecting the actual changes which involve refactoring error handling, simplifying payload format detection, and improving result extraction.	Consider a more specific title that captures the primary change, such as 'Refactor XRP transaction error handling with explicit prefix checks' or 'Simplify XRP payment error handling and result extraction'.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/add-xrp

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
⚪	Error detail exposure Description: The catch block returns error.toString() directly to callers, which can leak internal/system details (e.g., provider URLs, stack/context, upstream error strings) and should be sanitized/mapped to a safe, user-facing message while logging full details server-side. pay.ts [298-303] Referred Code } catch (error) { console.log("[XMScript Parser] Ripple Pay: error:", error) return { result: "error", error: error.toString(), }
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
🔴	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Missing input checks: The new code dereferences operation.task.signedPayloads[0] and signedTx.tx_blob without validating presence/type, which can throw at runtime and results in non-graceful failure paths. Referred Code const signedTx = operation.task.signedPayloads[0] // Submit transaction and wait for validation const res = await xrplInstance.provider.submitAndWait(signedTx.tx_blob) const txResult = res.result.meta?.TransactionResult || res.result.engine_result const txHash = res.result.hash Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Error details exposed: The catch block returns error.toString() to the caller which may expose internal error details from dependencies/network/client libraries to end users. Referred Code } catch (error) { console.log("[XMScript Parser] Ripple Pay: error:", error) return { result: "error", error: error.toString(), } Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Unsanitized external input: The PR removes validation of signedPayloads and tx_blob and directly submits signedTx.tx_blob to the XRPL provider without ensuring it is present, non-empty, and a string. Referred Code const signedTx = operation.task.signedPayloads[0] // Submit transaction and wait for validation const res = await xrplInstance.provider.submitAndWait(signedTx.tx_blob) Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Missing audit context: The new XRPL payment submission path does not add an audit log including actor/user context and outcome for this critical action, but existing auditing may be implemented outside this diff. Referred Code // Submit transaction and wait for validation const res = await xrplInstance.provider.submitAndWait(signedTx.tx_blob) const txResult = res.result.meta?.TransactionResult || res.result.engine_result const txHash = res.result.hash const resultMessage = res.result.engine_result_message || '' // Only tesSUCCESS indicates actual success if (txResult === 'tesSUCCESS') { return { result: "success", hash: txHash, } } // tec* codes: Transaction failed but fee was charged // The transaction was applied to ledger but did not achieve its intended purpose // Example: tecUNFUNDED_PAYMENT, tecINSUF_FEE, tecPATH_DRY if (txResult?.startsWith('tec')) { return { result: "error", ... (clipped 45 lines) Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Potential sensitive logging: The added error-return behavior and existing console.log usage around XRPL operations should be verified to ensure no sensitive payloads/identifiers are emitted and that production logging is structured, but this cannot be confirmed from the diff alone. Referred Code console.log("[XMScript Parser] Ripple Pay: connected to the XRP network") try { const signedTx = operation.task.signedPayloads[0] // Submit transaction and wait for validation const res = await xrplInstance.provider.submitAndWait(signedTx.tx_blob) const txResult = res.result.meta?.TransactionResult || res.result.engine_result const txHash = res.result.hash const resultMessage = res.result.engine_result_message || '' // Only tesSUCCESS indicates actual success if (txResult === 'tesSUCCESS') { return { result: "success", hash: txHash, } } // tec* codes: Transaction failed but fee was charged ... (clipped 56 lines) Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-code-review]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Add validation for signed transaction payload Restore validation for operation.task.signedPayloads to prevent a potential TypeError if the payload is missing, empty, or malformed. Check that it is a non-empty array and its first element contains a tx_blob string. src/features/multichain/routines/executors/pay.ts [230-233] +if (!operation.task.signedPayloads || operation.task.signedPayloads.length === 0) { + return { + result: "error", + error: `Missing signed payloads for XRPL operation (${operation.chain}.${operation.subchain})`, + } +} const signedTx = operation.task.signedPayloads[0] + +if (!signedTx || typeof signedTx.tx_blob !== 'string' || !signedTx.tx_blob) { + return { + result: "error", + error: `Invalid signed payload format for XRPL operation (${operation.chain}.${operation.subchain}). Expected an object with a non-empty tx_blob string.`, + } +} // Submit transaction and wait for validation const res = await xrplInstance.provider.submitAndWait(signedTx.tx_blob) Apply / Chat Suggestion importance[1-10]: 9 __ Why: The suggestion correctly identifies a critical bug introduced by the PR, where removing payload validation could lead to a runtime TypeError. Re-introducing these checks is essential for application stability.	High
General	Normalize validated flag Ensure the validated field in the response is always a boolean by wrapping res.result.validated with Boolean(). src/features/multichain/routines/executors/pay.ts [296] -extra: { code: txResult, validated: res.result.validated } +extra: { code: txResult, validated: Boolean(res.result.validated) } Apply / Chat Suggestion importance[1-10]: 4 __ Why: This suggestion improves response consistency by ensuring the validated field is always a boolean, which is good practice for API design. However, it's a minor improvement as downstream consumers can often handle undefined values.	Low
More

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/features/multichain/routines/executors/pay.ts (1)

203-227: Missing XRPL connection cleanup.

The XRPL instance establishes a WebSocket connection at line 204 but is never disconnected after the transaction completes. This can lead to resource leaks, especially if this function is called repeatedly. Consider adding cleanup in a finally block.

🔎 Suggested fix with cleanup

     try {
         const signedTx = operation.task.signedPayloads[0]
         // ... existing transaction logic ...
     } catch (error) {
         console.log("[XMScript Parser] Ripple Pay: error:", error)
         return {
             result: "error",
             error: error instanceof Error ? error.message : String(error),
         }
+    } finally {
+        try {
+            await xrplInstance.disconnect()
+        } catch (disconnectError) {
+            console.log("[XMScript Parser] Ripple Pay: disconnect error:", disconnectError)
+        }
     }

Note: Verify that xrplInstance exposes a disconnect() method. The xrpl.js library typically provides this on the Client class.

🧹 Nitpick comments (3)

src/features/multichain/routines/executors/pay.ts (3)

230-237: Add defensive check for tx_blob property.

If signedPayloads[0] doesn't contain a tx_blob property (e.g., different payload format, corrupted data), this will pass undefined to submitAndWait, potentially causing an unclear error. Consider validating the payload structure before submission.

🔎 Suggested defensive check

         const signedTx = operation.task.signedPayloads[0]
+
+        if (!signedTx?.tx_blob) {
+            return {
+                result: "error",
+                error: "Invalid signed payload: missing tx_blob",
+            }
+        }

         // Submit transaction and wait for validation
         const res = await xrplInstance.provider.submitAndWait(signedTx.tx_blob)

---

292-297: Handle undefined txResult more gracefully.

If both meta?.TransactionResult and engine_result are undefined, the error message will read "Unknown transaction result: undefined". Consider providing a more informative message for this edge case.

🔎 Suggested improvement

         return {
             result: "error",
-            error: `Unknown transaction result: ${txResult} - ${resultMessage}`,
+            error: txResult 
+                ? `Unknown transaction result: ${txResult} - ${resultMessage}`
+                : `Transaction result unavailable in response`,
             hash: txHash,
             extra: { code: txResult, validated: res.result.validated }
         }

---

298-304: Consider safer error stringification.

The error.toString() call could fail if error is null or undefined. A safer pattern handles edge cases:

🔎 Suggested improvement

     } catch (error) {
         console.log("[XMScript Parser] Ripple Pay: error:", error)
         return {
             result: "error",
-            error: error.toString(),
+            error: error instanceof Error ? error.message : String(error),
         }
     }

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between db55486 and b3e7364.

📒 Files selected for processing (1)

• src/features/multichain/routines/executors/pay.ts

🔇 Additional comments (2)

src/features/multichain/routines/executors/pay.ts (2)

239-245: LGTM!

Correctly treating only tesSUCCESS as a successful transaction is the right approach for XRPL.

---

247-290: No action needed. The TransactionResponse interface (from sdk/localsdk/multichain/types/multichain.ts) explicitly supports the extra?: { [key: string]: any } field with documentation stating it's for "Extra optional data about the transaction extracted from the response. Currently available for XRPL transactions." The return statements in lines 247-290 are fully compatible with the type definition.

[sonarqubecloud]

Quality Gate failed

Failed conditions
90.7% Duplication on New Code (required ≤ 3%)

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

src/features/multichain/routines/executors/pay.ts (1)

320-325: Add type guard for safer error handling.

Calling error.toString() directly on an untyped caught exception can fail if error is null or undefined. Consider using a type guard or String(error) for robustness.

♻️ Suggested fix

     } catch (error) {
         console.log("[XMScript Parser] Ripple Pay: error:", error)
         return {
             result: "error",
-            error: error.toString(),
+            error: error instanceof Error ? error.message : String(error),
         }
     }

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between b3e7364 and 17fd8ec.

📒 Files selected for processing (1)

• src/features/multichain/routines/executors/pay.ts

🔇 Additional comments (2)

src/features/multichain/routines/executors/pay.ts (2)

256-259: LGTM!

The result extraction logic handles both validated transaction responses (meta.TransactionResult) and pending/initial responses (engine_result) correctly. The optional chaining and fallback pattern is appropriate for XRPL's varying response structures.

---

269-319: Well-structured XRPL error categorization.

The prefix-based error handling provides clear, actionable error messages for each XRPL result code category. Including code and validated in the extra field enables callers to implement custom handling logic if needed. The inline comments documenting each category are helpful.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Consider differentiating ter* provisional results from actual errors.

The comment correctly notes that ter* codes are "provisional/retryable" and "not final," yet the code returns result: "error". For terQUEUED or similar codes, the transaction may still succeed in a future ledger. Treating this as an error could mislead callers into thinking the transaction definitively failed.

Consider returning a distinct status (e.g., result: "pending") or documenting that callers should handle ter* codes specially.