feat(bindings/go): add Go bindings#166
feat(bindings/go): add Go bindings#166okwn wants to merge 2 commits intoopen-wallet-standard:mainfrom
Conversation
|
@okwn is attempting to deploy a commit to the MoonPay Team on Vercel. A member of the Team first needs to authorize it. |
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 3 potential issues.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| return nil | ||
| } | ||
| return &Error{Code: code, Message: C.GoString(C.ows_go_get_last_error())} | ||
| } |
There was a problem hiding this comment.
Thread-local error state breaks with Go goroutine scheduling
High Severity
The lastError() function reads Rust thread-local error state across multiple separate CGO calls (ows_go_get_last_error_code then ows_go_get_last_error). Go goroutines can migrate between OS threads between any two CGO calls, so after an FFI function sets an error on thread A, the goroutine may be rescheduled to thread B before lastError() runs. This can cause silent error swallowing (returning nil, nil), mismatched error codes/messages, or a segfault if C.GoString receives a NULL pointer from a thread with no error set. No runtime.LockOSThread call is present anywhere in the package.
Additional Locations (1)
| write!(&mut json, r#""created_at":"{}""#, info.created_at).unwrap(); | ||
| json.push('}'); | ||
| json | ||
| } |
There was a problem hiding this comment.
Manual JSON serialization lacks character escaping
Medium Severity
wallet_info_to_json uses Rust's write! with {} format specifier to interpolate user-controlled strings (wallet name, addresses, etc.) directly into JSON. This does not escape JSON special characters like ", \, or control characters. A wallet name containing a double quote produces malformed JSON that fails to parse on the Go side, causing the operation to return a misleading parse error even though the wallet was successfully created.
Additional Locations (1)
| unsafe { CStr::from_ptr(s) }.to_str().unwrap_or(""), | ||
| )) | ||
| } | ||
| } |
There was a problem hiding this comment.
Empty vault path string bypasses default path resolution
Medium Severity
The Go API documents that passing "" for vaultPath uses the default vault (~/.ows), but opt_path only maps NULL pointers to None — a Go empty string becomes C.CString(""), a non-null pointer, which produces Some(Path::new("")) in Rust. The underlying resolve_vault_path treats Some("") as an explicit (empty) path rather than None, so wallets get created relative to the working directory instead of the documented default location.
Additional Locations (1)
|
could you resolve or fix or push-back on cursor bug-bot comments before requesting review |
2 participants
Summary
This PR adds Go bindings under
bindings/gofor the Open Wallet Standard.The initial Go surface is intentionally small and focused:
The binding is implemented as a thin Go layer over a Rust FFI crate and includes Go tests, example usage, CI coverage, and platform-specific build notes for CGO on Windows.
What’s included
bindings/goCreateWalletListWalletsSignMessageSignTxuint32-aligned account index handling across the Go API and FFI contractIndexNoneDesign notes
uint32, includingIndexNone.bindings/go/**and excludes unrelated simulation-first work.Validation
Validated locally in the dedicated Go binding worktree with:
cargo test -p ows-gocargo build --release -p ows-gogo build ./ows/...go vet ./ows/...go test -v ./ows/...cargo build -p ows-nodeNotes
The following issues are unrelated to this PR and were observed as pre-existing or environment-specific on this Windows machine:
cargo clippy --workspace -- -D warningshas an unrelated Windowsdead_codefailure in the base workspacecargo test --workspacehas unrelated Windows executable-policy test failures inows-libcargo build -p ows-pythonis blocked locally by Python 3.14 vs PyO3 0.24.2 compatibilityNote
Medium Risk
Adds a new cross-language (Rust↔Go) FFI surface plus CGO linking and CI across Linux/Windows/macOS; ABI/memory-handling and platform loader differences are the main risk areas despite a small public API and test coverage.
Overview
Introduces a new
bindings/gomodule that exposes a minimal Go API (CreateWallet,ListWallets,SignMessage,SignTx) backed by a RustcdylibFFI layer returning JSON and a thread-local last-error code/message contract.Adds comprehensive Go tests and a runnable demo, plus a dedicated GitHub Actions workflow to build the Rust library, run clippy, and execute Go fmt/vet/tests on Linux/Windows/macOS with the required CGO linker/runtime environment setup.
Written by Cursor Bugbot for commit 8476a12. This will update automatically on new commits. Configure here.