@t2000/engine 0.52.0 → 0.53.1

package/dist/index.d.ts

@@ -247,6 +247,19 @@ interface GuardConfig {
      * quote requirement.
      */
     swapPreview?: boolean;
+    /**
+     * Root-cause fix for "user asks about a watched address (`0x40cd…`)
+     * and the LLM calls `balance_check` / `portfolio_analysis` /
+     * `transaction_history` without passing `address`, returning the
+     * signed-in user's own data instead". The default-to-self behavior is
+     * correct when no address is mentioned, but silently wrong when the
+     * user names a third-party wallet. When enabled (default), the guard
+     * inspects recent user messages for full Sui addresses and blocks
+     * any read tool that targets the user's own wallet (or omits
+     * `address`) when a different address was named. Disable only if the
+     * host has its own equivalent address-resolution layer.
+     */
+    addressScope?: boolean;
 }
 declare const DEFAULT_GUARD_CONFIG: GuardConfig;
 declare class BalanceTracker {
@@ -2020,8 +2033,8 @@ declare const ratesInfoTool: Tool<{
 
 declare const transactionHistoryTool: Tool<{
     action?: "send" | "swap" | "transaction" | "lending" | undefined;
-    date?: string | undefined;
     address?: string | undefined;
+    date?: string | undefined;
     limit?: number | undefined;
     direction?: "out" | "in" | undefined;
     counterparty?: string | undefined;
@@ -2179,8 +2192,8 @@ declare const voloStatsTool: Tool<{}, {
 }>;
 
 declare const saveContactTool: Tool<{
-    name: string;
     address: string;
+    name: string;
 }, {
     saved: boolean;
     name: string;
@@ -2452,6 +2465,6 @@ declare function fetchAudricHistory(address: string, opts: {
     limit?: number;
 }, env?: Record<string, string>, signal?: AbortSignal): Promise<AudricHistoryRecord[] | null>;
 
-declare const DEFAULT_SYSTEM_PROMPT = "You are Audric \u2014 a financial agent on Sui. Audric is exactly five products: Audric Passport (the trust layer \u2014 Google sign-in, non-custodial wallet, tap-to-confirm consent, sponsored gas \u2014 wraps every other product), Audric Intelligence (you \u2014 the 5-system brain: Agent Harness with 34 tools, Reasoning Engine with 9 guards and 7 skill recipes, Silent Profile, Chain Memory, AdviceLog), Audric Finance (manage money on Sui \u2014 Save via NAVI lending at 3-8% APY USDC, Credit via NAVI borrowing with health factor, Swap via Cetus aggregator across 20+ DEXs at 0.1% fee, Charts for yield/health/portfolio viz), Audric Pay (move money \u2014 send USDC, receive via payment links / invoices / QR; free, global, instant on Sui), and Audric Store (creator marketplace, ships Phase 5 \u2014 say \"coming soon\" if asked). Save, swap, borrow, repay, withdraw, charts \u2192 Audric Finance. Send, receive, payment-link, invoice, QR \u2192 Audric Pay. Your silent context (profile, memory, chain facts, advice log) shapes your replies but never surfaces as a notification \u2014 you act only when the user asks, and every write waits on their tap-to-confirm via Passport. You can also call 41 paid APIs (music, image, research, translation, weather, fulfilment) via MPP micropayments using the pay_api tool \u2014 this is an internal capability, not a promoted product, so only mention it when the user asks for something that needs it.\n\n## Response rules\n- 1-2 sentences max. No bullet lists unless asked. No preambles.\n- Never say \"Would you like me to...\", \"Sure!\", \"Great question!\", \"Absolutely!\" \u2014 just do it or say you can't.\n- Lead with the result. After tool calls, state the outcome with real numbers. Done.\n- Present amounts as $1,234.56 and rates as X.XX% APY.\n- Show top 3 results unless asked for more. Summarize totals in one line.\n\n## Execution rule\nOnly offer to execute actions you have tools for. If you retrieved a quote, data, or information but have no tool to act on it, give the user the result and tell them where to execute manually \u2014 in one sentence. Never say \"Would you like me to proceed?\" unless you have a tool that can actually proceed.\n\n## Before acting\n- ALWAYS call a read tool first before any write tool \u2014 balance_check before save/send/borrow, savings_info before withdraw.\n- Show real numbers from tools \u2014 never fabricate rates, amounts, or balances.\n- When user says \"all\" or an imprecise amount, call the read tool first to get the exact number.\n\n## Tool usage\n- Use tools proactively \u2014 don't refuse requests you can handle.\n- For real-world questions (weather, search, news, prices), use pay_api. Tell the user the cost first.\n- For NAVI lending APYs, use rates_info; for VOLO liquid staking stats, use volo_stats; for spot token prices, use token_prices.\n- For protocol-level due diligence (TVL, fees, audits, safety) on Sui DeFi protocols, use protocol_deep_dive with the slug.\n- Run multiple read-only tools in parallel when you need several data points.\n- If a tool errors, say what went wrong and what to try instead. One sentence.\n\n## Savings = USDC or USDsui (critical)\n- save_deposit and borrow accept ONLY USDC or USDsui. No other token can be deposited or borrowed.\n- USDC is the canonical default. USDsui is permitted because it has a productive NAVI pool (often a higher APY than USDC). All other holdings (GOLD, SUI, USDT, USDe, ETH, NAVX, WAL) are NOT saveable.\n- When asked \"how much can I save?\":\n  - Report saveableUsdc from balance_check (the user's USDC wallet balance \u2014 canonical saveable).\n  - If the user also holds USDsui in their wallet, report that separately as \"USDsui (saveable): X.XX\". Do NOT roll the two together \u2014 the LLM must keep the per-asset distinction so the user can pick.\n- When the user says \"save 10 USDC\" \u2192 call save_deposit with asset=\"USDC\". When they say \"save 10 USDsui\" \u2192 call with asset=\"USDsui\". Never silently substitute.\n- When the user says \"save 10\" (no asset) \u2192 call balance_check first and ask which stable they want, OR pick whichever they hold more of with a one-line explanation.\n- \"Best stable to save right now?\" \u2192 call rates_info to compare USDC vs USDsui APY on NAVI; let the user pick.\n- NEVER say a non-saveable token (GOLD, SUI, USDT, etc.) is \"in savings\" or \"earning APY in savings\". Wallet holdings \u2260 savings positions, even for stables we don't accept.\n- If user wants to save a non-saveable token, tell them to swap to USDC or USDsui first. Do NOT auto-chain swap + deposit.\n- Repay symmetry: a USDsui debt MUST be repaid with USDsui (and USDC debt with USDC). When calling repay_debt, pass asset=\"USDsui\" if the borrow is USDsui. If the user asks \"repay my debt\" and savings_info shows borrows in BOTH stables, list both and ask which to repay first. If the user holds the wrong stable, tell them to swap manually \u2014 do NOT auto-chain swap + repay.\n\n## Multi-step flows\n- \"How much X for Y?\": swap_quote first, then swap_execute if user confirms.\n- \"Swap then save\": swap_execute \u2192 balance_check \u2192 save_deposit. Confirm each step.\n- \"Buy $X of token\": token_prices \u2192 calculate amount \u2192 swap_execute.\n- \"Best yield on SUI\": compare rates_info (NAVI lending) + volo_stats (vSUI liquid staking).\n- withdraw supports legacy positions: USDC, USDe, USDsui, SUI. Pass asset param to withdraw a specific token.\n- \"Deposit SUI to earn yield\": volo_stake for SUI liquid staking. save_deposit only accepts USDC or USDsui.\n- \"Is protocol X safe?\" / \"Tell me about NAVI\": protocol_deep_dive with the slug.\n- \"Full account report\" / \"account summary\" / \"give me everything\" / \"complete overview\": triggers the `account_report` recipe \u2014 when the recipe block appears, follow EVERY step including all six tool calls. Each step renders a distinct rich card; skipping a step means a missing card.\n\n## Safety\n- Never encourage risky financial behavior.\n- Warn when health factor < 1.5.\n- All amounts in USDC unless stated otherwise.";
+declare const DEFAULT_SYSTEM_PROMPT = "You are Audric \u2014 a financial agent on Sui. Audric is exactly five products: Audric Passport (the trust layer \u2014 Google sign-in, non-custodial wallet, tap-to-confirm consent, sponsored gas \u2014 wraps every other product), Audric Intelligence (you \u2014 the 5-system brain: Agent Harness with 34 tools, Reasoning Engine with 9 guards and 7 skill recipes, Silent Profile, Chain Memory, AdviceLog), Audric Finance (manage money on Sui \u2014 Save via NAVI lending at 3-8% APY USDC, Credit via NAVI borrowing with health factor, Swap via Cetus aggregator across 20+ DEXs at 0.1% fee, Charts for yield/health/portfolio viz), Audric Pay (move money \u2014 send USDC, receive via payment links / invoices / QR; free, global, instant on Sui), and Audric Store (creator marketplace, ships Phase 5 \u2014 say \"coming soon\" if asked). Save, swap, borrow, repay, withdraw, charts \u2192 Audric Finance. Send, receive, payment-link, invoice, QR \u2192 Audric Pay. Your silent context (profile, memory, chain facts, advice log) shapes your replies but never surfaces as a notification \u2014 you act only when the user asks, and every write waits on their tap-to-confirm via Passport. You can also call 41 paid APIs (music, image, research, translation, weather, fulfilment) via MPP micropayments using the pay_api tool \u2014 this is an internal capability, not a promoted product, so only mention it when the user asks for something that needs it.\n\n## Response rules\n- 1-2 sentences max. No bullet lists unless asked. No preambles.\n- Never say \"Would you like me to...\", \"Sure!\", \"Great question!\", \"Absolutely!\" \u2014 just do it or say you can't.\n- Present amounts as $1,234.56 and rates as X.XX% APY.\n- Show top 3 results unless asked for more. Summarize totals in one line.\n\n## Caption rules (after tool calls)\n- **When a canvas was rendered (`render_canvas` was called, or any tool that auto-renders a card like balance_check / portfolio_analysis / savings_info / health_check / transaction_history): the canvas IS the answer.** Your chat message must NOT restate wallet, savings, debt, holdings, or net-worth numbers \u2014 they are already on screen. Add at most ONE sentence of context, advice, or next step (e.g. \"Your USDC is idle \u2014 consider depositing for ~4.5% APY\"), or say nothing.\n- **When NO canvas was rendered:** lead with the result and quote the actual numbers from the tool. One sentence.\n- **NEVER describe a position as \"no\", \"none\", \"minimal\", \"zero\", or \"inactive\" if the tool result contains a positive value for that field.** The tool result is the source of truth \u2014 never your interior summary. If the canvas shows $100 in savings, you cannot say \"no active savings\" in the caption.\n- **NEVER claim \"no DeFi positions\" when the tool result says the DeFi slice is UNAVAILABLE.** When `balance_check` displayText contains \"DeFi positions: UNAVAILABLE\" or \"DeFi data source unreachable\", the slice is unknown \u2014 say \"DeFi data is currently unavailable\" or omit the mention. Only claim \"no DeFi positions\" when the displayText explicitly omits any DeFi line (i.e. the fetch succeeded with $0 across every covered protocol).\n\n## Execution rule\nOnly offer to execute actions you have tools for. If you retrieved a quote, data, or information but have no tool to act on it, give the user the result and tell them where to execute manually \u2014 in one sentence. Never say \"Would you like me to proceed?\" unless you have a tool that can actually proceed.\n\n## Before acting\n- ALWAYS call a read tool first before any write tool \u2014 balance_check before save/send/borrow, savings_info before withdraw.\n- Show real numbers from tools \u2014 never fabricate rates, amounts, or balances.\n- When user says \"all\" or an imprecise amount, call the read tool first to get the exact number.\n\n## Tool usage\n- Use tools proactively \u2014 don't refuse requests you can handle.\n- For real-world questions (weather, search, news, prices), use pay_api. Tell the user the cost first.\n- For NAVI lending APYs, use rates_info; for VOLO liquid staking stats, use volo_stats; for spot token prices, use token_prices.\n- For protocol-level due diligence (TVL, fees, audits, safety) on Sui DeFi protocols, use protocol_deep_dive with the slug.\n- Run multiple read-only tools in parallel when you need several data points.\n- If a tool errors, say what went wrong and what to try instead. One sentence.\n\n## Savings = USDC or USDsui (critical)\n- save_deposit and borrow accept ONLY USDC or USDsui. No other token can be deposited or borrowed.\n- USDC is the canonical default. USDsui is permitted because it has a productive NAVI pool (often a higher APY than USDC). All other holdings (GOLD, SUI, USDT, USDe, ETH, NAVX, WAL) are NOT saveable.\n- When asked \"how much can I save?\":\n  - Report saveableUsdc from balance_check (the user's USDC wallet balance \u2014 canonical saveable).\n  - If the user also holds USDsui in their wallet, report that separately as \"USDsui (saveable): X.XX\". Do NOT roll the two together \u2014 the LLM must keep the per-asset distinction so the user can pick.\n- When the user says \"save 10 USDC\" \u2192 call save_deposit with asset=\"USDC\". When they say \"save 10 USDsui\" \u2192 call with asset=\"USDsui\". Never silently substitute.\n- When the user says \"save 10\" (no asset) \u2192 call balance_check first and ask which stable they want, OR pick whichever they hold more of with a one-line explanation.\n- \"Best stable to save right now?\" \u2192 call rates_info to compare USDC vs USDsui APY on NAVI; let the user pick.\n- NEVER say a non-saveable token (GOLD, SUI, USDT, etc.) is \"in savings\" or \"earning APY in savings\". Wallet holdings \u2260 savings positions, even for stables we don't accept.\n- If user wants to save a non-saveable token, tell them to swap to USDC or USDsui first. Do NOT auto-chain swap + deposit.\n- Repay symmetry: a USDsui debt MUST be repaid with USDsui (and USDC debt with USDC). When calling repay_debt, pass asset=\"USDsui\" if the borrow is USDsui. If the user asks \"repay my debt\" and savings_info shows borrows in BOTH stables, list both and ask which to repay first. If the user holds the wrong stable, tell them to swap manually \u2014 do NOT auto-chain swap + repay.\n\n## Multi-step flows\n- \"How much X for Y?\": swap_quote first, then swap_execute if user confirms.\n- \"Swap then save\": swap_execute \u2192 balance_check \u2192 save_deposit. Confirm each step.\n- \"Buy $X of token\": token_prices \u2192 calculate amount \u2192 swap_execute.\n- \"Best yield on SUI\": compare rates_info (NAVI lending) + volo_stats (vSUI liquid staking).\n- withdraw supports legacy positions: USDC, USDe, USDsui, SUI. Pass asset param to withdraw a specific token.\n- \"Deposit SUI to earn yield\": volo_stake for SUI liquid staking. save_deposit only accepts USDC or USDsui.\n- \"Is protocol X safe?\" / \"Tell me about NAVI\": protocol_deep_dive with the slug.\n- \"Full account report\" / \"account summary\" / \"give me everything\" / \"complete overview\": triggers the `account_report` recipe \u2014 when the recipe block appears, follow EVERY step including all six tool calls. Each step renders a distinct rich card; skipping a step means a missing card.\n\n## Safety\n- Never encourage risky financial behavior.\n- Warn when health factor < 1.5.\n- All amounts in USDC unless stated otherwise.";
 
 export { type AddressPortfolio, AnthropicProvider, type AnthropicProviderConfig, type AudricHistoryRecord, type AudricPortfolioResult, type BalancePrices, type BalanceResult, BalanceTracker, type BuildToolOptions, CANVAS_TEMPLATES, type CanvasTemplate, type ChatParams, type CompactOptions, type ContentBlock, ContextBudget, type ContextBudgetConfig, type ConversationState, type ConversationStateStore, type CostSnapshot, CostTracker, type CostTrackerConfig, DEFAULT_GUARD_CONFIG, DEFAULT_PERMISSION_CONFIG, DEFAULT_SYSTEM_PROMPT, EarlyToolDispatcher, type EngineConfig, type EngineEvent, type GuardCheckResult, type GuardConfig, type GuardEvent, type GuardInjection, type GuardResult, type GuardRunnerState, type GuardTier, type GuardVerdict, type HealthFactorResult, type LLMProvider, type McpCallResult, McpClientManager, McpResponseCache, type McpServerConfig, type McpServerConnection, type McpToolAdapterConfig, type McpToolDescriptor, MemorySessionStore, type Message, NAVI_MCP_CONFIG, NAVI_MCP_URL, NAVI_SERVER_NAME, type NaviRawCoin, type NaviRawHealthFactor, type NaviRawPool, type NaviRawPosition, type NaviRawPositionsResponse, type NaviRawProtocolStats, type NaviRawRewardsResponse, type NaviReadOptions, NaviTools, type OutputConfig, PERMISSION_PRESETS, type PendingAction, type PendingActionModifiableField, type PendingReward, type PendingToolCall, type PermissionLevel, type PermissionOperation, type PermissionResponse, type PermissionRule, type PortfolioCoin, type PositionEntry, type PreflightResult, type ProtocolStats, type ProviderEvent, QueryEngine, READ_TOOLS, type RatesResult, type Recipe, type RecipePrerequisite, RecipeRegistry, type RecipeStep, type RecipeStepOnError, RetryTracker, type SSEEvent, type SavingsResult, type ServerPositionData, type SessionData, type SessionStore, type StateType, type StopReason, type SuiCoinBalance, type SystemBlock, type SystemPrompt, TOOL_FLAGS, TOOL_MODIFIABLE_FIELDS, type ThinkingConfig, type ThinkingEffort, type Tool, type ToolChoice, type ToolContext, type ToolDefinition, type ToolFlags, type ToolJsonSchema, type ToolResult, TxMutex, type UserFinancialProfile, type UserPermissionConfig, WRITE_TOOLS, type WalletCoin, activitySummaryTool, adaptAllMcpTools, adaptAllServerTools, adaptMcpTool, applyToolFlags, balanceCheckTool, borrowTool, budgetToolResult, buildCachedSystemPrompt, buildMcpTools, buildProactivenessInstructions, buildProfileContext, buildSelfEvaluationInstruction, buildStateContext, buildTool, claimRewardsTool, classifyEffort, clearPortfolioCache, clearPortfolioCacheFor, clearPriceMapCache, compactMessages, createGuardRunnerState, engineToSSE, estimateTokens, explainTxTool, extractConversationText, extractMcpText, fetchAddressPortfolio, fetchAudricHistory, fetchAudricPortfolio, fetchAvailableRewards, fetchBalance, fetchHealthFactor, fetchPositions, fetchProtocolStats, fetchRates, fetchSavings, fetchTokenPrices, fetchWalletCoins, findTool, getAudricApiBase, getDefaultTools, getMcpManager, getModifiableFields, getToolFlags, getWalletAddress, guardArtifactPreview, guardStaleData, hasNaviMcp, healthCheckTool, loadRecipes, microcompact, mppServicesTool, parseMcpJson, parseRecipe, parseSSE, payApiTool, portfolioAnalysisTool, protocolDeepDiveTool, ratesInfoTool, registerEngineTools, renderCanvasTool, repayDebtTool, requireAgent, resolvePermissionTier, resolveUsdValue, runGuards, runTools, saveContactTool, saveDepositTool, savingsInfoTool, sendTransferTool, serializeSSE, spendingAnalyticsTool, swapExecuteTool, swapQuoteTool, tokenPricesTool, toolNameToOperation, toolsToDefinitions, transactionHistoryTool, transformBalance, transformHealthFactor, transformPositions, transformRates, transformRewards, transformSavings, updateGuardStateAfterToolResult, validateHistory, voloStakeTool, voloStatsTool, voloUnstakeTool, webSearchTool, withdrawTool, yieldSummaryTool };

package/dist/index.js

@@ -738,8 +738,15 @@ var WAL_TYPE_FULL = "0x356a26eb9e012a68958082340d4c4116e7f55615cf27affcff209cf0a
 var NS_TYPE_FULL = "0x5145494a5f5100e645e4b0aa950fa6b68f614e8c59e17bc5ded3495123a79178::ns::NS";
 var defiCache = /* @__PURE__ */ new Map();
 var defiInflight = /* @__PURE__ */ new Map();
+var warnedMissingApiKey = false;
 async function fetchAddressDefiPortfolio(address, apiKey, priceHints = {}) {
   if (!apiKey || apiKey.trim().length === 0) {
+    if (!warnedMissingApiKey) {
+      warnedMissingApiKey = true;
+      console.warn(
+        "[defi] BLOCKVISION_API_KEY missing or empty \u2014 DeFi positions will report $0 across all protocols. Set the key in your runtime env to enable Bluefin/Suilend/Cetus/etc. aggregation."
+      );
+    }
     return { totalUsd: 0, perProtocol: {}, pricedAt: Date.now(), source: "degraded" };
   }
   const now = Date.now();
@@ -1395,7 +1402,19 @@ var balanceCheckTool = buildTool({
       };
       const holdingsList = visibleHoldings.map((h) => `${h.symbol}: ${h.balance < 1 ? h.balance.toFixed(6) : h.balance.toFixed(2)} ($${h.usdValue.toFixed(2)})`).join(", ");
       const subjectPrefix = isSelfQuery ? "Balance" : `Balance for ${address.slice(0, 6)}\u2026${address.slice(-4)}`;
-      const defiSummaryText = defi2.totalUsd > 0 ? ` Other DeFi positions (LPs/staking/lending across ${Object.keys(defi2.perProtocol).join("/")}): $${defi2.totalUsd.toFixed(2)}.` : "";
+      const defiSummaryText = (() => {
+        if (defi2.source === "degraded") {
+          return ' DeFi positions (Bluefin / Suilend / Cetus / etc.): UNAVAILABLE \u2014 DeFi data source is currently unreachable. Do NOT assert "no DeFi positions"; tell the user this slice is temporarily unknown.';
+        }
+        if (defi2.totalUsd > 0) {
+          const partialNote = defi2.source === "partial" ? " (partial \u2014 one or more protocols failed; value may under-count)" : "";
+          return ` Other DeFi positions (LPs/staking/lending across ${Object.keys(defi2.perProtocol).join("/")}): $${defi2.totalUsd.toFixed(2)}${partialNote}.`;
+        }
+        if (defi2.source === "partial") {
+          return " DeFi positions: $0 across the protocols that responded, but at least one protocol failed \u2014 caveat that the picture may be incomplete.";
+        }
+        return "";
+      })();
       const saveableSummary = saveableUsdsui > 0 ? `Saveable: ${saveableUsdc.toFixed(2)} USDC + ${saveableUsdsui.toFixed(saveableUsdsui < 1 ? 4 : 2)} USDsui (only USDC and USDsui can be saved/borrowed).` : `Saveable USDC (only USDC and USDsui can be saved): ${saveableUsdc.toFixed(2)} USDC.`;
       return {
         data: bal,
@@ -1430,7 +1449,19 @@ var balanceCheckTool = buildTool({
     const sdkSaveableUsdc = usdcHolding ? usdcHolding.balance ?? 0 : 0;
     const usdsuiHolding = holdingsArr.find((h) => h.symbol === "USDsui");
     const sdkSaveableUsdsui = usdsuiHolding ? usdsuiHolding.balance ?? 0 : 0;
-    const sdkDefiSummaryText = defi.totalUsd > 0 ? ` Other DeFi positions (LPs/staking/lending across ${Object.keys(defi.perProtocol).join("/")}): $${defi.totalUsd.toFixed(2)}.` : "";
+    const sdkDefiSummaryText = (() => {
+      if (defi.source === "degraded") {
+        return ' DeFi positions: UNAVAILABLE \u2014 data source unreachable. Do NOT claim "no DeFi positions"; report this slice as temporarily unknown.';
+      }
+      if (defi.totalUsd > 0) {
+        const partialNote = defi.source === "partial" ? " (partial \u2014 one or more protocols failed; value may under-count)" : "";
+        return ` Other DeFi positions (LPs/staking/lending across ${Object.keys(defi.perProtocol).join("/")}): $${defi.totalUsd.toFixed(2)}${partialNote}.`;
+      }
+      if (defi.source === "partial") {
+        return " DeFi positions: $0 across the protocols that responded, but at least one protocol failed \u2014 caveat that the picture may be incomplete.";
+      }
+      return "";
+    })();
     const sdkTotal = balance.total + defi.totalUsd;
     return {
       data: {
@@ -4226,10 +4257,15 @@ var DEFAULT_SYSTEM_PROMPT = `You are Audric \u2014 a financial agent on Sui. Aud
 ## Response rules
 - 1-2 sentences max. No bullet lists unless asked. No preambles.
 - Never say "Would you like me to...", "Sure!", "Great question!", "Absolutely!" \u2014 just do it or say you can't.
-- Lead with the result. After tool calls, state the outcome with real numbers. Done.
 - Present amounts as $1,234.56 and rates as X.XX% APY.
 - Show top 3 results unless asked for more. Summarize totals in one line.
 
+## Caption rules (after tool calls)
+- **When a canvas was rendered (\`render_canvas\` was called, or any tool that auto-renders a card like balance_check / portfolio_analysis / savings_info / health_check / transaction_history): the canvas IS the answer.** Your chat message must NOT restate wallet, savings, debt, holdings, or net-worth numbers \u2014 they are already on screen. Add at most ONE sentence of context, advice, or next step (e.g. "Your USDC is idle \u2014 consider depositing for ~4.5% APY"), or say nothing.
+- **When NO canvas was rendered:** lead with the result and quote the actual numbers from the tool. One sentence.
+- **NEVER describe a position as "no", "none", "minimal", "zero", or "inactive" if the tool result contains a positive value for that field.** The tool result is the source of truth \u2014 never your interior summary. If the canvas shows $100 in savings, you cannot say "no active savings" in the caption.
+- **NEVER claim "no DeFi positions" when the tool result says the DeFi slice is UNAVAILABLE.** When \`balance_check\` displayText contains "DeFi positions: UNAVAILABLE" or "DeFi data source unreachable", the slice is unknown \u2014 say "DeFi data is currently unavailable" or omit the mention. Only claim "no DeFi positions" when the displayText explicitly omits any DeFi line (i.e. the fetch succeeded with $0 across every covered protocol).
+
 ## Execution rule
 Only offer to execute actions you have tools for. If you retrieved a quote, data, or information but have no tool to act on it, give the user the result and tell them where to execute manually \u2014 in one sentence. Never say "Would you like me to proceed?" unless you have a tool that can actually proceed.
 
@@ -4345,7 +4381,8 @@ var DEFAULT_GUARD_CONFIG = {
   inputValidation: true,
   addressSource: true,
   assetIntent: true,
-  swapPreview: true
+  swapPreview: true,
+  addressScope: true
 };
 var BalanceTracker = class {
   lastBalanceAt = 0;
@@ -4650,6 +4687,48 @@ function guardAddressSource(tool, call, userText, contacts, walletAddress) {
     message: `Safety check failed: the recipient address "${rawTo}" was not provided by the user (no saved contact matches, address is not the user's own wallet, and it does not appear verbatim in the user's recent messages). For safety, addresses must be supplied directly by the user \u2014 never reconstructed from memory or partial recall. Ask the user to paste the destination address again exactly.`
   };
 }
+var READ_TOOLS_WITH_ADDRESS_PARAM = /* @__PURE__ */ new Set([
+  "balance_check",
+  "portfolio_analysis",
+  "transaction_history",
+  "savings_info",
+  "health_check",
+  "spending_analytics",
+  "yield_summary",
+  "activity_summary",
+  "explain_tx"
+]);
+var SUI_ADDRESS_IN_TEXT_REGEX = /0x[a-fA-F0-9]{60,64}/g;
+function guardAddressScope(tool, call, userText, walletAddress) {
+  if (!READ_TOOLS_WITH_ADDRESS_PARAM.has(tool.name)) {
+    return { verdict: "pass", gate: "address_scope", tier: "safety" };
+  }
+  const matches = userText.match(SUI_ADDRESS_IN_TEXT_REGEX);
+  if (!matches || matches.length === 0) {
+    return { verdict: "pass", gate: "address_scope", tier: "safety" };
+  }
+  const ownWallet = walletAddress ? normalizeAddress(walletAddress) : null;
+  const thirdPartyAddresses = Array.from(
+    new Set(matches.map(normalizeAddress).filter((a) => a !== ownWallet))
+  );
+  if (thirdPartyAddresses.length === 0) {
+    return { verdict: "pass", gate: "address_scope", tier: "safety" };
+  }
+  const input = call.input;
+  const callAddress = typeof input.address === "string" && input.address.length > 0 ? normalizeAddress(input.address) : null;
+  if (callAddress && thirdPartyAddresses.includes(callAddress)) {
+    return { verdict: "pass", gate: "address_scope", tier: "safety" };
+  }
+  const target = thirdPartyAddresses[0];
+  const omittedHint = callAddress ? `with address: "${callAddress}"` : "without an `address` field (which defaults to the signed-in user)";
+  const mentionedHint = thirdPartyAddresses.length === 1 ? `address ${target}` : `${thirdPartyAddresses.length} third-party addresses (first: ${target})`;
+  return {
+    verdict: "block",
+    gate: "address_scope",
+    tier: "safety",
+    message: `Address-scope mismatch: the user's recent messages mention ${mentionedHint} but ${tool.name} was called ${omittedHint}. Re-issue ${tool.name} with \`address: "${target}"\` to inspect the wallet the user actually asked about. Never default to the signed-in user when the user named a different wallet.`
+  };
+}
 function guardArtifactPreview(result) {
   if (!result || typeof result !== "object") return null;
   const r = result;
@@ -4733,6 +4812,16 @@ function runGuards(tool, call, state, config, conversationContext, onGuardFired,
   if (config.assetIntent !== false) {
     results.push(guardAssetIntent(tool, call, conversationContext.recentUserText));
   }
+  if (config.addressScope !== false) {
+    results.push(
+      guardAddressScope(
+        tool,
+        call,
+        conversationContext.recentUserText,
+        identity?.walletAddress
+      )
+    );
+  }
   if (config.swapPreview !== false) {
     results.push(guardSwapPreview(tool, call, state.swapQuoteTracker));
   }
@@ -6389,8 +6478,20 @@ function validateHistory(messages) {
       merged.push({ role: msg.role, content: [...msg.content] });
     }
   }
-  while (merged.length > 0 && merged[0].role !== "user") {
-    merged.shift();
+  while (merged.length > 0) {
+    if (merged[0].role !== "user") {
+      merged.shift();
+      continue;
+    }
+    const cleaned = merged[0].content.filter((b) => b.type !== "tool_result");
+    if (cleaned.length === 0) {
+      merged.shift();
+      continue;
+    }
+    if (cleaned.length !== merged[0].content.length) {
+      merged[0] = { role: "user", content: cleaned };
+    }
+    break;
   }
   return merged;
 }