Guiding Principles:
- Fix all known security vulnerabilities in ic-py
- Modernize and complete the Candid type system
- Maintain feature-and-schedule alignment with agent-rs long-term
-
Endpoint upgrade
- Issue: ic-py is still pointing at legacy endpoints and needs to switch to v3
- References:
- Solution: Update ic-py’s default endpoints to the latest BN v3 addresses and maintain them as the roadmap evolves
-
Timeouts & error classification
- IC certificate verification
- Issue:
request_status_rawandrequest_status_raw_asyncdo not verify certificates, allowing a malicious node to tamper with update responses - References:
- DFINITY forum: Unmaintained IC agents containing vulnerabilities
- GitHub issue #109
- PR #56 • issue #76
- Solution:
- Mirror agent-rs’s certificate-checking logic (see agent-rs implementation)
- Resolve Python–BLS compatibility by invoking the Rust BLS crate via FFI or another bridging approach
- Issue:
- Candid type-system enhancements
- Issue: Missing support for the latest Candid features (e.g. composite queries, new primitives)
- References:
- Solution:
- Update ic-py’s Candid parser/generator with all missing types per the official spec
- Add a test suite to validate correctness against the canonical Candid reference
-
Dynamic HTTP provider & routing
- Implement latency-based, adaptive routing between boundary nodes
- Support more flexible selection of endpoints at runtime
-
Expanded API surface
- High-level wrappers for ICRC-compliant ledgers (ckBTC, ckETH, ckUSDc, etc.)
- Out-of-the-box helpers for interacting with Bitcoin, Ethereum, and other canisters
-
Ongoing alignment & optimization
- Keep pace with agent-rs’s feature roadmap
- Targeted performance tuning, stricter type checks
- Define additional milestones once Milestones 1–3 are complete
- Precision of returned data
- Issue #107 – floating-point vs. integer handling