@lawrenceliang-btc/atel-sdk 1.2.13 → 1.2.15

package/bin/notification-action-helpers.mjs

@@ -1,3 +1,26 @@
+export function explainDirectExecutionSkip(eventType, recommendedActions, payload = {}, policy = {}) {
+  if (eventType !== 'order_created') return '';
+  if (!Array.isArray(recommendedActions) || recommendedActions.length === 0) return 'missing_recommended_actions';
+  const hasAcceptAction = recommendedActions.some((action) =>
+    action?.type === 'cli' &&
+    action?.action === 'accept' &&
+    Array.isArray(action.command) &&
+    action.command[0] === 'atel'
+  );
+  if (!hasAcceptAction) return 'missing_accept_action';
+  const amount = Number(payload?.priceAmount || 0);
+  const autoPolicy = policy?.autoPolicy || {};
+  const acceptMaxAmount = Number(autoPolicy.acceptMaxAmount || 0);
+  if (amount <= 0) {
+    if (policy?.taskMode !== 'auto') return 'task_mode_not_auto';
+    if (policy?.autoAcceptPlatform !== true) return 'auto_accept_platform_disabled';
+    return '';
+  }
+  if (autoPolicy.acceptOrders !== true) return 'paid_auto_accept_disabled';
+  if (acceptMaxAmount > 0 && amount > acceptMaxAmount) return 'price_exceeds_accept_max';
+  return '';
+}
+
 export function getDirectExecutableActions(eventType, recommendedActions, payload = {}, policy = {}) {
   if (!Array.isArray(recommendedActions) || recommendedActions.length === 0) return [];
 
@@ -34,11 +57,13 @@ export function shouldSkipAgentHook(eventType, directExecutionSucceeded) {
   return eventType === 'order_accepted' && directExecutionSucceeded;
 }
 
+const EXECUTOR_MILESTONE_EVENTS = new Set(['milestone_plan_confirmed', 'milestone_verified', 'milestone_rejected']);
+
 export function shouldUseGatewaySession(eventType) {
-  // Keep gateway sub-sessions only for explicit P2P task execution.
-  // Milestone automation must not depend on gateway callback health; use the
-  // local structured fallback so order progression cannot stall on subagent I/O.
-  return eventType === 'p2p_task';
+  // Use isolated gateway sub-sessions for milestone executor turns so each
+  // order+milestone attempt runs in a clean room instead of sharing the main
+  // agent runtime context.
+  return eventType === 'p2p_task' || EXECUTOR_MILESTONE_EVENTS.has(eventType);
 }
 
 export function normalizeGatewayBind(bind) {
@@ -58,6 +83,44 @@ function normalizeResult(value) {
   return value.trim();
 }
 
+function normalizeOrderId(value) {
+  return typeof value === 'string' ? value.trim() : '';
+}
+
+function extractForeignOrderId(text, expectedOrderId) {
+  const current = normalizeOrderId(expectedOrderId);
+  if (!current) return '';
+  const found = Array.from(String(text || '').matchAll(/ord-[a-f0-9-]+/g)).map((m) => m[0]);
+  return found.find((item) => item !== current) || '';
+}
+
+function validateExecutorMilestoneBody(eventType, payload, body) {
+  if (!EXECUTOR_MILESTONE_EVENTS.has(eventType)) return { ok: true };
+  const expectedOrderId = normalizeOrderId(payload?.orderId);
+  if (!expectedOrderId) return { ok: false, error: 'missing_order_id' };
+  const actualOrderId = normalizeOrderId(body?.orderId);
+  if (!actualOrderId) return { ok: false, error: 'missing_result_order_id' };
+  if (actualOrderId !== expectedOrderId) return { ok: false, error: 'mismatched_result_order_id' };
+
+  const expectedIndex = eventType === 'milestone_plan_confirmed'
+    ? normalizeIndex(payload?.milestoneIndex, 0)
+    : normalizeIndex(payload?.currentMilestone ?? payload?.milestoneIndex, 0);
+  if (!Number.isFinite(Number(body?.milestoneIndex))) return { ok: false, error: 'missing_result_milestone_index' };
+  const actualIndex = normalizeIndex(body?.milestoneIndex, -1);
+  if (actualIndex !== expectedIndex) return { ok: false, error: 'mismatched_result_milestone_index' };
+
+  const result = normalizeResult(body?.result || body?.summary);
+  if (!result) return { ok: false, error: 'missing_result' };
+  const lowered = result.toLowerCase();
+  if (lowered.includes('invalid_cross_order_reference')) return { ok: false, error: 'invalid_cross_order_reference' };
+  if (lowered.includes('context overflow')) return { ok: false, error: 'context_overflow_output' };
+  if (lowered.includes('plugin register() called') || lowered.includes('plugin registration complete')) return { ok: false, error: 'plugin_noise_output' };
+  if (lowered.includes('session file locked') || lowered.includes('session locked')) return { ok: false, error: 'session_locked_output' };
+  const foreign = extractForeignOrderId(result, expectedOrderId);
+  if (foreign) return { ok: false, error: 'foreign_order_reference_detected' };
+  return { ok: true, result, orderId: expectedOrderId, milestoneIndex: expectedIndex };
+}
+
 export function buildAgentCallbackAction(eventType, payload, body) {
   if (eventType === 'p2p_task') {
     const taskId = payload?.taskId;
@@ -79,44 +142,41 @@ export function buildAgentCallbackAction(eventType, payload, body) {
   if (!orderId) return { ok: false, error: 'missing_order_id' };
 
   if (eventType === 'milestone_plan_confirmed') {
-    const result = normalizeResult(body?.result || body?.summary);
-    if (!result) return { ok: false, error: 'missing_result' };
-    const index = normalizeIndex(payload?.milestoneIndex, 0);
+    const validated = validateExecutorMilestoneBody(eventType, payload, body);
+    if (!validated.ok) return validated;
     return {
       ok: true,
       action: {
         type: 'cli',
         action: 'submit_milestone',
-        command: ['atel', 'milestone-submit', orderId, String(index), '--result', result],
+        command: ['atel', 'milestone-submit', orderId, String(validated.milestoneIndex), '--result', validated.result],
       },
     };
   }
 
   if (eventType === 'milestone_verified') {
     if (payload?.allComplete) return { ok: false, skipped: true, reason: 'all_complete' };
-    const result = normalizeResult(body?.result || body?.summary);
-    if (!result) return { ok: false, error: 'missing_result' };
-    const index = normalizeIndex(payload?.currentMilestone, 0);
+    const validated = validateExecutorMilestoneBody(eventType, payload, body);
+    if (!validated.ok) return validated;
     return {
       ok: true,
       action: {
         type: 'cli',
         action: 'submit_milestone',
-        command: ['atel', 'milestone-submit', orderId, String(index), '--result', result],
+        command: ['atel', 'milestone-submit', orderId, String(validated.milestoneIndex), '--result', validated.result],
       },
     };
   }
 
   if (eventType === 'milestone_rejected') {
-    const result = normalizeResult(body?.result || body?.summary);
-    if (!result) return { ok: false, error: 'missing_result' };
-    const index = normalizeIndex(payload?.milestoneIndex, 0);
+    const validated = validateExecutorMilestoneBody(eventType, payload, body);
+    if (!validated.ok) return validated;
     return {
       ok: true,
       action: {
         type: 'cli',
         action: 'resubmit',
-        command: ['atel', 'milestone-submit', orderId, String(index), '--result', result],
+        command: ['atel', 'milestone-submit', orderId, String(validated.milestoneIndex), '--result', validated.result],
       },
     };
   }

package/dist/anchor/index.d.ts

@@ -5,11 +5,11 @@
  * (proof_id, trace_root, etc.) on public blockchains for tamper-evident
  * timestamping and auditability.
  *
- * Supported chains: Base (EVM), BSC (EVM), Solana.
+ * Supported chains: Base (EVM) and BSC (EVM).
  * A MockAnchorProvider is included for testing without real chain access.
  */
 /** Supported chain identifiers */
-export type ChainId = 'base' | 'solana' | 'bsc' | 'mock';
+export type ChainId = 'base' | 'bsc' | 'mock';
 /**
  * A record of a hash anchored on-chain.
  */
@@ -169,5 +169,4 @@ export declare class AnchorManager {
 export { EvmAnchorProvider, type EvmAnchorConfig, type EvmAnchorMemoV2 } from './evm.js';
 export { BaseAnchorProvider } from './base.js';
 export { BSCAnchorProvider } from './bsc.js';
-export { SolanaAnchorProvider, type SolanaAnchorConfig, type AnchorMemoV2 } from './solana.js';
 export { MockAnchorProvider } from './mock.js';

package/dist/anchor/index.js

@@ -5,7 +5,7 @@
  * (proof_id, trace_root, etc.) on public blockchains for tamper-evident
  * timestamping and auditability.
  *
- * Supported chains: Base (EVM), BSC (EVM), Solana.
+ * Supported chains: Base (EVM) and BSC (EVM).
  * A MockAnchorProvider is included for testing without real chain access.
  */
 // ─── AnchorManager ───────────────────────────────────────────────
@@ -161,5 +161,4 @@ export class AnchorManager {
 export { EvmAnchorProvider } from './evm.js';
 export { BaseAnchorProvider } from './base.js';
 export { BSCAnchorProvider } from './bsc.js';
-export { SolanaAnchorProvider } from './solana.js';
 export { MockAnchorProvider } from './mock.js';

package/dist/endpoint/index.d.ts

@@ -55,7 +55,6 @@ export interface EndpointConfig {
     rateLimit?: RateLimitConfig;
     /** Wallet addresses for on-chain trust verification during handshake */
     wallets?: {
-        solana?: string;
         base?: string;
         bsc?: string;
     };
@@ -124,7 +123,6 @@ export declare class AgentClient {
      * Establishes both identity verification and E2E encryption.
      */
     handshake(remoteEndpoint: string, handshakeManager: HandshakeManager, remoteDid: string, wallets?: {
-        solana?: string;
         base?: string;
         bsc?: string;
     }): Promise<import('../handshake/index.js').Session>;

package/dist/handshake/index.d.ts

@@ -16,7 +16,6 @@ import { EncryptionManager } from '../crypto/index.js';
 /** Wallet addresses with DID-signed proof of ownership */
 export interface WalletBundle {
     addresses: {
-        solana?: string;
         base?: string;
         bsc?: string;
     };
@@ -32,7 +31,6 @@ export interface HandshakeInitPayload {
     capabilities?: string[];
     /** Wallet addresses for on-chain trust verification */
     wallets?: {
-        solana?: string;
         base?: string;
         bsc?: string;
     };
@@ -49,7 +47,6 @@ export interface HandshakeAckPayload {
     capabilities?: string[];
     /** Wallet addresses for on-chain trust verification */
     wallets?: {
-        solana?: string;
         base?: string;
         bsc?: string;
     };
@@ -76,7 +73,6 @@ export interface Session {
     remoteCapabilities?: string[];
     /** Remote agent's wallet addresses (if provided) */
     remoteWallets?: {
-        solana?: string;
         base?: string;
         bsc?: string;
     };
@@ -103,7 +99,6 @@ export declare class HandshakeError extends Error {
 }
 /** Create a signed wallet bundle proving DID ownership of wallet addresses */
 export declare function createWalletBundle(addresses: {
-    solana?: string;
     base?: string;
     bsc?: string;
 }, secretKey: Uint8Array): WalletBundle;
@@ -131,7 +126,6 @@ export declare class HandshakeManager {
      * Create a handshake_init message (Step 1).
      */
     createInit(remoteDid: string, wallets?: {
-        solana?: string;
         base?: string;
         bsc?: string;
     }): ATELMessage<HandshakeInitPayload>;
@@ -146,7 +140,6 @@ export declare class HandshakeManager {
      * Process a handshake_init message and create handshake_ack (Step 2).
      */
     processInit(initMessage: ATELMessage<HandshakeInitPayload>, wallets?: {
-        solana?: string;
         base?: string;
         bsc?: string;
     }): ATELMessage<HandshakeAckPayload>;
@@ -154,7 +147,6 @@ export declare class HandshakeManager {
      * Process a handshake_confirm message (Step 3, responder side).
      */
     processConfirm(confirmMessage: ATELMessage<HandshakeConfirmPayload>, initiatorPublicKey: Uint8Array, initiatorCapabilities?: string[], initiatorWallets?: {
-        solana?: string;
         base?: string;
         bsc?: string;
     }, initiatorWalletBundle?: WalletBundle): Session;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lawrenceliang-btc/atel-sdk",
-  "version": "1.2.13",
+  "version": "1.2.15",
   "description": "ATEL Protocol SDK - Agent Trust & Exchange Layer",
   "repository": {
     "type": "git",
@@ -49,7 +49,6 @@
     "prepublishOnly": "npm run clean && npm run build && npm test"
   },
   "dependencies": {
-    "@solana/web3.js": "^1.98.4",
     "ajv": "^8.17.1",
     "ajv-formats": "^3.0.1",
     "bs58": "^6.0.0",

package/skill/atel-agent/SKILL.md

@@ -523,7 +523,7 @@ atel withdraw 5 crypto_bsc <外部钱包地址>  # 提现到用户的外部钱
 atel transactions                      # 交易记录
 ```
 
-支持的充值渠道：`crypto_solana`、`crypto_base`、`crypto_bsc`、`stripe`、`alipay`、`manual`
+支持的充值渠道：`crypto_base`、`crypto_bsc`、`stripe`、`alipay`、`manual`
 
 ### 提现流程
 

package/skill/references/commercial.md

@@ -33,27 +33,16 @@ Minimum commission: 0.5%. Free orders (price=0) have no commission.
 ## Payment Channels
 
 - `manual` — Transfer and contact admin for confirmation
-- `crypto_solana` — Solana on-chain deposit (auto-verified)
 - `crypto_base` — Base chain deposit (auto-verified)
 - `crypto_bsc` — BSC deposit (auto-verified)
 
-### Solana deposit warning
-
-If guiding the owner to deposit USDC on Solana, explicitly tell them the transfer must use **`transferChecked`**.
-Do not describe plain `transfer` as acceptable for Solana USDC deposits.
-
-Operational rule:
-- when suggesting or explaining Solana USDC deposit steps, explicitly state that `transferChecked` is required
-- if a Solana deposit is pending but not recognized, check whether the user sent USDC with `transfer` instead of `transferChecked`
-- if the owner cannot ensure `transferChecked`, prefer recommending `crypto_base` or `crypto_bsc` instead of giving risky Solana instructions
-
 ### Deposit Info API
 
 Get platform deposit addresses (no auth required):
 
 ```bash
 curl https://api.atelai.org/account/v1/deposit-info
-# Returns: { "chains": [{ "chain": "solana", "address": "...", "minAmount": 5 }, ...] }
+# Returns: { "chains": [{ "chain": "base", "address": "...", "minAmount": 5 }, ...] }
 ```
 
 ## Marketplace
@@ -139,8 +128,8 @@ Agents can withdraw funds from their platform balance:
 # Withdraw to Base wallet (instant on-chain transfer)
 atel withdraw 50 crypto_base 0xYOUR_WALLET_ADDRESS
 
-# Withdraw to Solana wallet (instant on-chain transfer)
-atel withdraw 50 crypto_solana YOUR_SOLANA_ADDRESS
+# Withdraw to Base wallet (instant on-chain transfer)
+atel withdraw 50 crypto_base YOUR_BASE_ADDRESS
 
 # Withdraw to BSC wallet (instant on-chain transfer)
 atel withdraw 50 crypto_bsc YOUR_BSC_ADDRESS

package/skill/references/executor.md

@@ -355,7 +355,7 @@ and pay gas). You do not need to configure any chain private key to receive
 paid orders.
 
 Legacy V1 behaviour (opt-in only, not recommended): if `atel anchor config` was
-run, the SDK will also detect `ATEL_SOLANA_PRIVATE_KEY`, `ATEL_BASE_PRIVATE_KEY`,
+run, the SDK will also detect `ATEL_BASE_PRIVATE_KEY`,
 `ATEL_BSC_PRIVATE_KEY` environment variables and set `preferredChain` in the
 registry metadata as a marketplace hint. This is purely cosmetic — it does not
 affect whether you can execute a paid order.

package/skill/references/onchain.md

@@ -5,9 +5,13 @@ Every completed task generates a cryptographic proof (ExecutionTrace → Merkle
 ## Setup
 
 ```bash
-# Solana (primary, ~$0.001/tx)
-export ATEL_SOLANA_PRIVATE_KEY=<base58-private-key>
-export ATEL_SOLANA_RPC_URL=https://api.mainnet-beta.solana.com
+# Base (primary)
+export ATEL_BASE_PRIVATE_KEY=<hex-private-key>
+export ATEL_BASE_RPC_URL=https://mainnet.base.org
+
+# BSC (secondary)
+export ATEL_BSC_PRIVATE_KEY=<hex-private-key>
+export ATEL_BSC_RPC_URL=https://bsc-dataseed.binance.org
 
 # Base (optional)
 export ATEL_BASE_PRIVATE_KEY=<hex-key-with-0x>

package/skill/references/quickstart.md

@@ -61,7 +61,7 @@ Always ask before deciding any of the following:
 anchors on behalf of agents using its own registered executor wallets and pays
 gas. The user's smart wallet (AA) is automatically derived from the ATEL
 identity key — no separate chain key is ever required to send or receive paid
-orders. Any prompt asking for a "Base / BSC / Solana private key" is a legacy
+orders. Any prompt asking for a "Base / BSC private key" is a legacy
 V1 flow and should be declined.
 
 Rules:
@@ -92,10 +92,6 @@ If the owner's preferred language is known, use the owner's language instead.
 
 Do not spam the owner with every retry or low-level infrastructure event.
 
-## Solana deposit caution
-
-If guiding the owner to deposit USDC on Solana, tell them the transfer must use `transferChecked`.
-Do not describe plain `transfer` as acceptable for Solana USDC deposits.
 
 ## Verify after upgrade
 

package/skill/references/security.md

@@ -80,7 +80,7 @@ Agents below the threshold for a given risk level are rejected. Chain-verified p
 # Local-only (default, uses .atel/trust-history.json)
 atel check <did> medium
 
-# Chain-verified (queries Solana/Base/BSC RPC)
+# Chain-verified (queries Base/BSC RPC)
 atel check <did> medium --chain
 ```
 

package/skill/references/workflows.md

@@ -13,7 +13,7 @@ This includes:
 **Do NOT ask the owner for any on-chain private key.** In V2 the Platform
 anchors on behalf of agents using its own registered executor wallets and
 pays gas. The user's smart wallet (AA) is automatically derived from the
-ATEL identity key — no separate Base/BSC/Solana key is ever required to
+ATEL identity key — no separate Base/BSC key is ever required to
 send or receive paid orders. Any prompt asking for a raw chain private key
 is a legacy V1 flow and should be declined.
 

package/dist/anchor/solana.d.ts

@@ -1,95 +0,0 @@
-/**
- * Solana Anchor Provider.
- *
- * Anchors hashes on Solana using the official Memo Program
- * (`MemoSq4gqABAXKb96qnH8TysNcWxMyWCqXgDLGmfcHr`).
- *
- * The memo content is formatted as `ATEL_ANCHOR:<hash>` so anchored
- * transactions are easily identifiable.
- *
- * @remarks
- * ⚠️ SECURITY: The `privateKey` (Base58-encoded) is used to sign
- * transactions. Never hard-code it — use environment variables or a vault.
- */
-import type { AnchorProvider, AnchorRecord, AnchorVerification } from './index.js';
-/** Configuration for the Solana anchor provider */
-export interface SolanaAnchorConfig {
-    /** Solana JSON-RPC endpoint URL */
-    rpcUrl: string;
-    /**
-     * Base58-encoded private key for signing transactions.
-     * Optional — if omitted the provider can only verify / lookup.
-     *
-     * ⚠️ SECURITY: Keep this value secret.
-     */
-    privateKey?: string;
-}
-/** Structured anchor metadata for v2 memo */
-export interface AnchorMemoV2 {
-    version: 1;
-    executorDid: string;
-    requesterDid: string;
-    taskId: string;
-    traceRoot: string;
-}
-/**
- * Anchor provider for the Solana blockchain.
- */
-export declare class SolanaAnchorProvider implements AnchorProvider {
-    readonly name = "Solana";
-    readonly chain = "solana";
-    /** Solana RPC connection */
-    private readonly connection;
-    /** Keypair for signing (undefined when no private key is supplied) */
-    private readonly keypair?;
-    /** Default Solana mainnet-beta RPC URL */
-    static readonly DEFAULT_RPC_URL = "https://api.mainnet-beta.solana.com";
-    /**
-     * @param config - RPC URL and optional private key.
-     *   If `rpcUrl` is omitted, the Solana mainnet-beta default is used.
-     */
-    constructor(config?: Partial<SolanaAnchorConfig>);
-    /**
-     * Encode a hash into the memo data buffer (v2 structured format).
-     * Falls back to legacy format if no metadata provided.
-     */
-    static encodeMemo(hash: string, meta?: {
-        executorDid?: string;
-        requesterDid?: string;
-        taskId?: string;
-    }): Buffer;
-    /**
-     * Decode a hash from memo data. Supports both v2 structured and legacy format.
-     *
-     * @returns The decoded hash, or `null` if the data doesn't match.
-     */
-    static decodeMemo(data: Buffer | Uint8Array | string): string | null;
-    /**
-     * Decode full structured memo (v2 only).
-     * Returns null for legacy format memos.
-     */
-    static decodeMemoV2(data: Buffer | Uint8Array | string): AnchorMemoV2 | null;
-    /** @inheritdoc */
-    anchor(hash: string, metadata?: Record<string, unknown>): Promise<AnchorRecord>;
-    /** @inheritdoc */
-    verify(hash: string, txHash: string): Promise<AnchorVerification>;
-    /** @inheritdoc */
-    lookup(hash: string): Promise<AnchorRecord[]>;
-    /** @inheritdoc */
-    isAvailable(): Promise<boolean>;
-    /**
-     * Query all ATEL anchor transactions for a given wallet address.
-     * Parses v2 structured memos to extract DID and task info.
-     *
-     * @param walletAddress - Solana wallet public key (base58)
-     * @param options - limit (default 100), filterDid (only return records involving this DID)
-     * @returns Array of parsed anchor memos with tx info
-     */
-    queryByWallet(walletAddress: string, options?: {
-        limit?: number;
-        filterDid?: string;
-    }): Promise<Array<AnchorMemoV2 & {
-        txHash: string;
-        blockTime?: number;
-    }>>;
-}