feat(proto): publish protos on BSR and npmjs

[Vritra4]

Description

to publish proto definitions on BSR and npmjs.com

---

Author Checklist

All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.

I have...

• included the correct type prefix in the PR title, you can find examples of the prefixes below:
• confirmed ! in the type prefix if API or client breaking change
• targeted the correct branch
• provided a link to the relevant issue or specification
• reviewed "Files changed" and left comments if necessary
• included the necessary unit and integration tests
• updated the relevant documentation or specification, including comments for documenting Go code
• confirmed all CI checks have passed

Reviewers Checklist

All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.

I have...

• confirmed the correct type prefix in the PR title
• confirmed all author checklist items have been addressed
• reviewed state machine logic, API design and naming, documentation is accurate, tests and test coverage

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 2 package(s) with unknown licenses.

See the Details below.

License Issues

.github/workflows/proto.yml

Package	Version	License	Issue Type
actions/checkout	6.*.*	Null	Unknown License
bufbuild/buf-action	1.*.*	Null	Unknown License

Allowed Licenses:

Apache-2.0, MIT, BSD-2-Clause, BSD-3-Clause, ISC, Unlicense, CC0-1.0, Zlib, MIT-0, PostgreSQL, BSL-1.0, MPL-2.0, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-3.0-only, LGPL-3.0-or-later, LicenseRef-scancode-google-patent-license-golang

Excluded from license check:

pkg:golang/github.com/initia-labs/store, pkg:golang/github.com/initia-labs/store/memiavl, pkg:golang/github.com/initia-labs/store/versiondb

OpenSSF Scorecard

Package	Version	Score	Details
actions/actions/checkout	6.*.*	🟢 5.9	Details Check Score Reason Maintained ⚠️ 2 3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2 Code-Review 🟢 10 all changesets reviewed Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Packaging ⚠️ -1 packaging workflow not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Security-Policy 🟢 9 security policy file detected Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches SAST 🟢 8 SAST tool detected but not run on all commits
actions/bufbuild/buf-action	1.*.*	Unknown	Unknown

Scanned Files

• .github/workflows/proto.yml

[github-actions]

The latest Buf updates on your PR. Results from workflow Protobuf / buf-build (pull_request).

Build	Format	Lint	Breaking	Updated (UTC)
✅ passed	✅ passed	✅ passed	✅ passed	Mar 16, 2026, 10:06 AM

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)

• .github/workflows/proto.yml is excluded by !**/*.yml

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 3d49b27b-3e7a-4bd2-8e89-9916df69e1e5

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Adds an npm package section to proto docs and a .gitignore; removes unused imports and reorders one import; adds a comment and formatting refinements in several proto files. No public message/service signatures or runtime behavior changed.

Changes

Cohort / File(s)	Summary
Docs & npm packaging proto/buf.md	Adds an "npm Package" section describing publishing and installation of TypeScript definitions under @initia/initia-proto, usage examples, and peer-dependency note for @bufbuild/protobuf v2.
npm ignore proto/npm/.gitignore	Adds .gitignore to exclude node_modules/, package-lock.json, generated protoc outputs (*.js, *.d.ts), and various protobuf ecosystem directories (amino/, cosmos/, gogoproto/, google/, ibc/, initia/, tendermint/).
Import removals proto/ibc/applications/nft_transfer/v1/packet.proto, proto/initia/dynamicfee/v1/query.proto	Removes unused imports: gogoproto/gogo.proto from NFT packet proto; removes amino/amino.proto and cosmos/base/query/v1beta1/pagination.proto from dynamicfee query proto. No message or RPC signature changes.
Minor proto edits proto/initia/dynamicfee/v1/types.proto, proto/initia/reward/v1/tx.proto	Adds a descriptive comment above Params in types.proto; reorders import placement of cosmos/msg/v1/msg.proto in reward tx proto.
Formatting only proto/initia/abcipp/mempool/v1/query.proto	Whitespace and formatting adjustments: standardized RPC spacing and collapsed HTTP option blocks to single-line bindings. No semantic changes to RPCs or messages.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐇 I hopped through protos, trimmed a stray line,
Wrote npm notes, and cleaned the design,
Ignored the clutter, tidied each part,
Small careful hops from the rabbit-heart,
Now packages nestle, neat and fine.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'feat(proto): publish protos on BSR and npmjs' accurately describes the main changes: adding npm package documentation, .gitignore for npm artifacts, and import reorganizations to support proto publishing.
Description check	✅ Passed	The description provides relevant context about publishing proto definitions on BSR and npmjs.com, which relates to the changeset's additions of npm package documentation and gitignore file.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/proto-npm-publish

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

You can customize the tone of the review comments and chat replies.

Configure the tone_instructions setting to customize the tone of the review comments and chat replies. For example, you can set the tone to Act like a strict teacher, Act like a pirate and more.

[coderabbitai]

🧹 Nitpick comments (1)

proto/npm/.gitignore (1)

1-5: Consider whether to ignore package-lock.json.

For published npm packages (as opposed to applications), ignoring the lockfile is a valid choice since consumers will use their own lockfile. However, if you want reproducible builds in CI for the proto generation/publishing workflow, you may want to commit it instead. This is a stylistic choice depending on your workflow preferences.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@proto/npm/.gitignore` around lines 1 - 5, The .gitignore currently excludes
package-lock.json; decide whether this repo should track package-lock.json for
reproducible CI builds or ignore it because this is a published npm package;
then update the .gitignore so package-lock.json is removed from the ignore list
if you choose to commit the lockfile (or leave it if you intentionally want
consumers to manage locks). Ensure the change addresses the proto
generation/publishing workflow by committing package-lock.json when reproducible
installs are required, otherwise keep the existing ignore entry for
package-lock.json.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@proto/npm/.gitignore`:
- Around line 1-5: The .gitignore currently excludes package-lock.json; decide
whether this repo should track package-lock.json for reproducible CI builds or
ignore it because this is a published npm package; then update the .gitignore so
package-lock.json is removed from the ignore list if you choose to commit the
lockfile (or leave it if you intentionally want consumers to manage locks).
Ensure the change addresses the proto generation/publishing workflow by
committing package-lock.json when reproducible installs are required, otherwise
keep the existing ignore entry for package-lock.json.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 6ed21889-924f-4e3b-a217-bc692d4719b1

📥 Commits

Reviewing files that changed from the base of the PR and between 32f9842 and 7459e31.

⛔ Files ignored due to path filters (4)

• .github/workflows/proto.yml is excluded by !**/*.yml
• proto/buf.gen.es.yaml is excluded by !**/*.yaml
• proto/buf.yaml is excluded by !**/*.yaml
• proto/npm/package.json is excluded by !**/*.json

📒 Files selected for processing (7)

• proto/buf.md
• proto/ibc/applications/nft_transfer/v1/packet.proto
• proto/initia/abcipp/mempool/v1/query.proto
• proto/initia/dynamicfee/v1/query.proto
• proto/initia/dynamicfee/v1/types.proto
• proto/initia/reward/v1/tx.proto
• proto/npm/.gitignore

💤 Files with no reviewable changes (2)

• proto/ibc/applications/nft_transfer/v1/packet.proto
• proto/initia/dynamicfee/v1/query.proto

[coderabbitai]

🧹 Nitpick comments (1)

proto/npm/.gitignore (1)

4-5: Scope wildcard ignores to generated outputs only.

*.js and *.d.ts are broad and can accidentally suppress future hand-written files in proto/npm. Prefer narrowing these to known generated paths/patterns.

Suggested refinement

-*.js
-*.d.ts
+# generated outputs only (adjust path/pattern to your generator output layout)
+**/*_pb.js
+**/*_pb.d.ts

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@proto/npm/.gitignore` around lines 4 - 5, The .gitignore currently uses broad
patterns (*.js and *.d.ts) that may hide handwritten files; replace these with
targeted ignore entries that match only generated outputs (e.g.,
generator-specific filenames or directories such as generated JS/TS artifacts or
protobuf output like *.pb.js and *.pb.d.ts or a dedicated generated/ or dist/
directory). In the proto/npm/.gitignore update the rules that reference "*.js"
and "*.d.ts" to narrowly-scoped patterns matching your generator output (or a
generated/ or dist/ directory) so handwritten files in proto/npm are not
accidentally ignored while still excluding build artifacts.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@proto/npm/.gitignore`:
- Around line 4-5: The .gitignore currently uses broad patterns (*.js and
*.d.ts) that may hide handwritten files; replace these with targeted ignore
entries that match only generated outputs (e.g., generator-specific filenames or
directories such as generated JS/TS artifacts or protobuf output like *.pb.js
and *.pb.d.ts or a dedicated generated/ or dist/ directory). In the
proto/npm/.gitignore update the rules that reference "*.js" and "*.d.ts" to
narrowly-scoped patterns matching your generator output (or a generated/ or
dist/ directory) so handwritten files in proto/npm are not accidentally ignored
while still excluding build artifacts.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: f431a3eb-0b68-410d-b910-4098c83bb6ee

📥 Commits

Reviewing files that changed from the base of the PR and between 7459e31 and 6af9c45.

⛔ Files ignored due to path filters (2)

• .github/workflows/proto.yml is excluded by !**/*.yml
• proto/npm/package.json is excluded by !**/*.json

📒 Files selected for processing (1)

• proto/npm/.gitignore

[beer-1]

LGTM