dexe-mcp 0.19.0 → 0.20.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -1,5 +1,65 @@
1
1
  # Changelog
2
2
 
3
+ ## 0.20.1 — 2026-07-06
4
+
5
+ ### Composite flows render the WalletConnect QR inline
6
+
7
+ The v0.18.0 "instant QR" only covered `dexe_wc_connect` / `dexe_tx_send` /
8
+ `dexe_wc_status` — those return the QR as real MCP content blocks (ASCII +
9
+ `image/png`), which clients render inline. The composite write flows
10
+ (`dexe_proposal_create`, `dexe_proposal_vote_and_execute`, `dexe_dao_create`,
11
+ OTC buy/claim/open-sale) buried the pairing QR inside the JSON `pairing`
12
+ field instead, so no client could render it and assistants fell back to
13
+ hand-rolled PNG files and deep-link strings.
14
+
15
+ - `sendOrCollect`'s no-signer branch now also returns ready-to-attach QR
16
+ content blocks; all six composite return sites prepend them via a shared
17
+ `attachPairingQr` helper — identical presentation to `dexe_wc_connect`.
18
+ - New `wcQrBlocks()` in `src/lib/qr.ts` (the scannable blocks without the
19
+ JSON envelope); `wcPairingContent()` now composes it.
20
+ - The JSON `pairing` field stays for programmatic callers but drops the
21
+ escaped `ascii` dump in favour of `qrFallbackUrl` + an accurate `renderHint`.
22
+ - `dexe_otc_dao_open_sale` re-parses the proposal_create envelope from the
23
+ last text block (it may now lead with QR blocks) and preserves them.
24
+
25
+ ## 0.20.0 — 2026-07-06
26
+
27
+ ### Avatars: real JPEG generation + magic-byte validation (bug #34)
28
+
29
+ `dexe_dao_generate_avatar` pinned **SVG bytes under an `avatar.jpeg` name**.
30
+ The DeXe serving chain makes that unrenderable: the Go `ipfs-cache` service
31
+ copies avatar bytes to R2 as `<descCid>.jpeg` with a hardcoded `image/jpeg`
32
+ content-type (no byte inspection), the app.dexe.io `<img>` has no error
33
+ fallback after a successful GET, and browsers never content-sniff SVG — so
34
+ every generated avatar showed as a permanently broken image (hit live on the
35
+ Generative Collective DAO, `0x3910…d622`).
36
+
37
+ - **`dexe_dao_generate_avatar` now renders a real JPEG** (`src/lib/avatarImage.ts`):
38
+ pixel initials (embedded 8x8 font, public-domain font8x8) over the same
39
+ hash-coloured diagonal gradient, encoded with `jpeg-js` (pure JS, no native
40
+ deps). Colour hash unchanged (djb2), so re-generated avatars keep their
41
+ palette. Deterministic: same `daoName` → byte-identical file.
42
+ - **Magic-byte validation on every avatar upload path**
43
+ (`src/lib/imageSniff.ts`): only real rasters — JPEG/PNG/WebP/GIF — are
44
+ accepted; SVG, HTML, and unrecognized bytes are rejected with an actionable
45
+ error. Applied to `dexe_ipfs_upload_avatar` (which now also pins with the
46
+ *sniffed* MIME, not the caller's claim, and returns `detectedFormat`) and to
47
+ `dexe_ipfs_upload_file` on its `.jpeg`-normalized (avatar-contract) path —
48
+ `normalizeImageExt: false` is the escape hatch for generic image attachments
49
+ (e.g. a legitimate SVG logo pinned as `image/svg+xml`).
50
+ - **By-reference avatar CIDs are validated too.** `dexe_ipfs_upload_dao_metadata`,
51
+ `dexe_ipfs_update_dao_metadata`, and `dexe_dao_create` accept an `avatarCID`
52
+ pinned elsewhere; they now fetch the first KB of `<cid>/<fileName>` off the
53
+ gateway chain and sniff it — confirmed non-raster bytes hard-block, an
54
+ unreachable pin (fresh, not yet propagated) proceeds with a warning.
55
+ - Docs: `docs/PROFILE.md` gains a troubleshooting entry for the
56
+ "HTTP 200 but broken image" case; `docs/TOOLS.md` rows updated.
57
+ - New dep: `jpeg-js@0.4.4`. Tool count unchanged.
58
+
59
+ Existing DAOs with an SVG avatar stay broken until rotated: re-generate with
60
+ v0.20.0+, then `dexe_ipfs_update_dao_metadata` → `modify_dao_profile`
61
+ proposal → vote + execute.
62
+
3
63
  ## 0.19.0 — 2026-07-06
4
64
 
5
65
  ### DAO creation: governance coherence guards + frontend parity
package/README.md CHANGED
@@ -1,6 +1,6 @@
1
1
  <p align="center">
2
2
  <a href="https://www.npmjs.com/package/dexe-mcp">
3
- <img src="./assets/hero.svg" alt="dexe-mcp — the runtime for autonomous DAOs" width="100%"/>
3
+ <img src="./assets/hero.svg" alt="dexe-mcp" width="100%"/>
4
4
  </a>
5
5
  </p>
6
6
 
@@ -9,133 +9,60 @@
9
9
  <a href="https://nodejs.org"><img alt="node" src="https://img.shields.io/node/v/dexe-mcp.svg?style=flat-square&labelColor=0b0f1e&color=E07AFF"></a>
10
10
  <a href="https://github.com/edward-arinin-web-dev/dexe-mcp/blob/main/LICENSE"><img alt="license" src="https://img.shields.io/npm/l/dexe-mcp.svg?style=flat-square&labelColor=0b0f1e&color=FFC878"></a>
11
11
  <a href="https://modelcontextprotocol.io"><img alt="MCP-compatible" src="https://img.shields.io/badge/MCP-compatible-9BB4FF?style=flat-square&labelColor=0b0f1e"></a>
12
- <a href="https://github.com/edward-arinin-web-dev/dexe-mcp"><img alt="tools" src="https://img.shields.io/badge/tools-159-7CF2D1?style=flat-square&labelColor=0b0f1e"></a>
13
- <a href="https://github.com/edward-arinin-web-dev/dexe-mcp"><img alt="proposal types" src="https://img.shields.io/badge/proposal--types-33-E07AFF?style=flat-square&labelColor=0b0f1e"></a>
14
12
  </p>
15
13
 
16
- <h2 align="center">Governance, as a function call.</h2>
14
+ # dexe-mcp
17
15
 
18
- <p align="center">
19
- <code>dexe-mcp</code> turns the entire DeXe Protocol — every DAO, every proposal type, every read, every write — into <b>one Model Context Protocol server</b>.<br/>
20
- Plug it into Claude, Cursor, ChatGPT, or any tool-using LLM and watch your agent <b>deploy DAOs, draft proposals, vote, delegate, execute, claim</b> straight from natural language.<br/>
21
- <sub>Calldata-first by default: keys stay in your wallet. Broadcast mode? One env var.</sub>
22
- </p>
16
+ An MCP (Model Context Protocol) server for [DeXe Protocol](https://dexe.io) governance on BNB Chain, with an additional generic surface for OpenZeppelin and Compound-Bravo Governor DAOs (Uniswap, Compound, Optimism).
17
+
18
+ It exposes 159 typed tools in 19 groups: DAO deployment, all 33 DeXe proposal types, voting, delegation, execution, OTC token sales, treasury and subgraph reads, IPFS metadata, transaction simulation, and diagnostics. Any MCP client can use it — Claude Code, Claude Desktop, Cursor, or a custom agent.
19
+
20
+ Writes are calldata-first: tools return a `{ to, data, value, chainId }` payload for your own wallet to sign. Broadcasting from the server is opt-in, either through WalletConnect (transactions are approved on your phone; no key on disk) or a private key you explicitly configure.
23
21
 
24
22
  <p align="center">
25
- <a href="#install-in-claude-code-no-terminal"><b>Install</b></a> &nbsp;·&nbsp;
26
- <a href="#quickstart">Quickstart</a> &nbsp;·&nbsp;
27
- <a href="#what-you-can-build">What you can build</a> &nbsp;·&nbsp;
28
- <a href="#built-for-whats-next">Built for what's next</a> &nbsp;·&nbsp;
29
- <a href="#tool-catalog">Tool catalog</a> &nbsp;·&nbsp;
30
- <a href="#swarm-test-harness">Swarm tests</a> &nbsp;·&nbsp;
23
+ <a href="#install-in-claude-code">Install</a> ·
24
+ <a href="#quickstart-other-mcp-clients">Quickstart</a> ·
25
+ <a href="#tool-catalog">Tool catalog</a> ·
26
+ <a href="#environment-variables">Environment</a> ·
31
27
  <a href="https://github.com/edward-arinin-web-dev/dexe-mcp/tree/main/docs">Docs</a>
32
28
  </p>
33
29
 
34
30
  ---
35
31
 
36
- ## Install in Claude Code (no terminal)
32
+ ## Install in Claude Code
37
33
 
38
- Two lines, typed inside Claude Code. No npm, no JSON to edit, no keys:
34
+ Two commands, typed inside Claude Code:
39
35
 
40
36
  ```
41
37
  /plugin marketplace add edward-arinin-web-dev/dexe-mcp
42
38
  /plugin install dexe@dexe-mcp
43
39
  ```
44
40
 
45
- Then just ask:
46
-
47
- > *"Show the treasury of `0x…` on BSC."*
48
-
49
- Reads work with **zero setup** — on-chain data, subgraphs, the DeXe backend, and IPFS all run on public defaults out of the box, and WalletConnect signing is available immediately (connect a wallet with `dexe_wc_connect`). The governance skills (create DAO, create proposal, vote & execute, OTC) install with the plugin.
50
-
51
- **Want to create DAOs or proposals, or broadcast transactions?** Type **`/dexe-setup`** and Claude walks you through adding your keys (a Pinata token for IPFS, a wallet for signing) — one guided step, nothing to hand-edit.
41
+ Then ask:
52
42
 
53
- > Using **Cursor, ChatGPT, or another MCP client**, or prefer the terminal? → [**docs/INSTALL.md**](./docs/INSTALL.md)
43
+ > "Show the treasury of `0x…` on BSC."
54
44
 
55
- ---
56
-
57
- ## The shift
58
-
59
- For a decade, DAOs lived behind dashboards. Every action was a click. Every read was a tab. Every coordination loop needed a human at the keyboard.
60
-
61
- That era is ending.
45
+ Reads work with no configuration: on-chain data, subgraphs, the DeXe backend, and IPFS all have public defaults, and WalletConnect signing is available immediately (`dexe_wc_connect`). The governance skills (create DAO, create proposal, vote and execute, OTC) install with the plugin.
62
46
 
63
- LLMs can now reason about voting power, weigh proposals against a mandate, draft calldata, simulate execution, and ask your wallet to sign **continuously, across every DAO you care about, all at once.** What was a UI is becoming a conversation. What was a treasurer's spreadsheet is becoming an always-on agent.
47
+ To create DAOs or proposals, or to broadcast transactions, run `/dexe-setup`it walks through the two keys that unlock those paths (a Pinata token for IPFS uploads, a signer) and writes them to `.env` for you.
64
48
 
65
- **`dexe-mcp` is the substrate that makes it real for the DeXe stack — and now for external OpenZeppelin Governor DAOs as well.** One MCP server. 159 typed tools across 19 groups. Every flow the DeXe frontend exposes — plus a generic `dexe_gov_*` surface targeting Uniswap, Compound, and Optimism.
66
-
67
- | | What you get |
68
- |-----|------|
69
- | **Total protocol coverage** | All **33 proposal types**. Validator chamber. Expert delegation. OTC multi-tier sales with merkle whitelists. Internal config. Off-chain backend. Nothing hand-rolled. Nothing missing. |
70
- | **Key-safe by default** | Every write returns `TxPayload = { to, data, value, chainId }`. Your wallet — MetaMask, Safe, Ledger, anything — signs. **No keys touch the MCP unless you explicitly set `DEXE_PRIVATE_KEY`.** |
71
- | **Battle-tested on-chain** | **57 swarm-test scenarios** running on BSC testnet against real fixture DAOs. Every builder validated end-to-end — draft → IPFS → propose → vote → execute. Latest pass: 2026-05-12. |
72
- | **AI-native, model-agnostic** | Tool names, argument schemas, and return shapes are tuned for LLM chaining. Works with Claude, GPT, Gemini, Mistral, Llama — anything that can call MCP tools. |
73
- | **Open source, no middleman** | MIT. Your RPC. Your wallet. Your keys. Your rules. No telemetry. No SaaS gatekeeper. No rate limits. Run it on your laptop or behind your agent fleet. |
74
-
75
- ---
49
+ Using Cursor, ChatGPT, another MCP client, or the terminal? See [docs/INSTALL.md](./docs/INSTALL.md).
76
50
 
77
- ## What you can build
51
+ ## Quickstart (other MCP clients)
78
52
 
79
- > **One MCP server. Dozens of products that didn't exist a year ago.**
53
+ Reads need no environment at all. The steps below set up uploads and signing.
80
54
 
81
- - **Governance copilots in chat** — *"Show every proposal I haven't voted on across all my DAOs, ranked by deadline."* The agent fans out `dexe_user_inbox`, ranks results, drafts your votes. You hit sign.
82
- - **Intent-driven proposal drafting** — *"Stream 50,000 USDT from treasury to the dev fund, vesting linearly over six months."* The agent picks the right builder (`_token_distribution`), assembles nested calldata, pins metadata to IPFS, returns one signable payload. What used to be a 14-field form is now a sentence.
83
- - **AI delegates that reason** — agents that read every proposal, weigh it against a written mandate, vote, and publish their reasoning on-chain. Real accountability for delegated power.
84
- - **24/7 autonomous treasury bots** — policy expressed as code, executed as proposals. Market triggers, runway thresholds, vesting schedules — all enforced without a human in the loop, every action a signed on-chain decision.
85
- - **Multi-DAO coalition orchestration** — one agent coordinating votes across allied protocols, tracking quorums, building coalitions, executing in lockstep.
86
- - **Conversational DAO frontends** — apps where there *is* no UI. The MCP server is the backend. The chat is the dashboard. The wallet is the only button.
87
- - **Adversarial governance simulators** — spin up swarms of AI proposers, voters, and validators to red-team a parameter change *before* it hits mainnet. The swarm harness ships with this already (see [Swarm tests](#swarm-test-harness)).
88
- - **OTC sale autopilots** — open multi-tier sales with merkle whitelists, manage buyer flows, fulfill vested payouts — all without a sale-management UI.
89
- - **Forensics and compliance** — `dexe_decode_proposal` + `_decode_calldata` make any historic on-chain proposal human-readable. Agents narrate every governance decision for audits, postmortems, and research.
90
-
91
- If you can describe a DeXe governance operation in a sentence, `dexe-mcp` has the tool.
92
-
93
- ---
94
-
95
- ## Built for what's next
96
-
97
- The next generation of DAOs will be **operated by language, not by clicks.**
98
-
99
- - **AI delegates will outvote human ones.** They read every proposal. They show their reasoning. They never miss a deadline.
100
- - **Treasuries will defend themselves.** Policy bots react to market moves, rebalance, claim, redelegate — all through governance, never around it.
101
- - **Cross-DAO coordination will be ambient.** Coalitions form in seconds via agent-to-agent negotiation, ratified by on-chain votes.
102
- - **Governance frontends will collapse into chat.** The dashboard moves into the conversation. The UI is the prompt.
103
- - **Every proposal will be simulated first.** Adversarial AI swarms stress-test changes before they reach mainnet.
104
- - **Audit will run continuously.** Compliance agents decode and narrate every historical decision in real time.
105
-
106
- `dexe-mcp` is the connective tissue. Bring your model. Bring your wallet. Bring your DAO.
107
-
108
- ---
109
-
110
- ## Quickstart
111
-
112
- > **In Claude Code?** Skip this — use the [two-line plugin install](#install-in-claude-code-no-terminal) above. The steps below are for **other MCP clients** (Cursor, ChatGPT, custom agents) and terminal/manual setups. Reads need no env at all; env is only for IPFS uploads and broadcasting.
113
-
114
- **Fastest path — wizard + diagnostic:**
55
+ **Wizard path:**
115
56
 
116
57
  ```bash
117
58
  npm install -g dexe-mcp
118
- npx dexe-mcp init # interactive setup (network, Pinata, signer mode)
119
- npx dexe-mcp doctor # verify (RPC + Pinata + IPFS gateway + subgraph)
59
+ dexe-mcp init # interactive setup: network, Pinata, signer mode
60
+ dexe-mcp doctor # verifies RPC, Pinata, IPFS gateway, subgraph
120
61
  ```
121
62
 
122
- The wizard writes `.env` at the repo root and prints a `~/.claude.json`
123
- snippet to paste. Then `doctor` walks every recognized `DEXE_*` var and
124
- returns a pass/warn/fail report with paste-ready remediation hints. See
125
- [`docs/SETUP.md`](./docs/SETUP.md) for the full runbook,
126
- [`docs/DOCTOR.md`](./docs/DOCTOR.md) for the check reference, and
127
- [`docs/MIGRATION.md`](./docs/MIGRATION.md) if you are upgrading from
128
- 0.7.x.
129
-
130
- **Manual path:**
63
+ `init` writes `.env` and prints a client-config snippet to paste. `doctor` checks every recognized `DEXE_*` variable and reports pass/warn/fail with remediation hints. Full runbook: [docs/SETUP.md](./docs/SETUP.md); check reference: [docs/DOCTOR.md](./docs/DOCTOR.md); upgrade notes: [docs/MIGRATION.md](./docs/MIGRATION.md).
131
64
 
132
- **1.** Install:
133
-
134
- ```bash
135
- npm install -g dexe-mcp
136
- ```
137
-
138
- **2.** Register with your MCP client (`.mcp.json`, `claude_desktop_config.json`, Cursor settings, etc.):
65
+ **Manual path** — register with your MCP client (`.mcp.json`, `claude_desktop_config.json`, Cursor settings):
139
66
 
140
67
  ```json
141
68
  {
@@ -143,30 +70,29 @@ npm install -g dexe-mcp
143
70
  "dexe": {
144
71
  "command": "dexe-mcp",
145
72
  "env": {
146
- "DEXE_RPC_URL": "https://bsc-dataseed.binance.org",
147
- "DEXE_CHAIN_ID": "56"
73
+ "DEXE_RPC_URL_MAINNET": "https://bsc-dataseed.binance.org"
148
74
  }
149
75
  }
150
76
  }
151
77
  }
152
78
  ```
153
79
 
154
- > **Windows note:** if your MCP client can't resolve the `dexe-mcp` shim on PATH, point it at the installed script directly:
155
- > ```json
156
- > { "command": "node", "args": ["<npm root -g>/dexe-mcp/dist/index.js"] }
157
- > ```
158
- > (Run `npm root -g` to get the absolute path.)
80
+ The `env` block is optional without it the server falls back to a public BSC RPC, which is rate-limited and suitable for evaluation; set your own endpoint for production use.
81
+
82
+ > **Windows:** if your MCP client can't resolve the `dexe-mcp` shim on PATH, point it at the script directly:
83
+ > `{ "command": "node", "args": ["<npm root -g>/dexe-mcp/dist/index.js"] }`
159
84
 
160
- **3.** Ask your agent something governance-shaped:
85
+ **Example calls:**
161
86
 
162
87
  ```jsonc
163
- // Discover every proposal type your DAO can run
88
+ // Enumerate every proposal type the server can build
164
89
  dexe_proposal_catalog({ category: "all", implementedOnly: true })
165
90
 
166
- // Snapshot a DAO treasury, voters, settings, validators, everything
91
+ // Resolve a DAO's contract layout: settings/userKeeper/validators addresses,
92
+ // NFT contracts, metadata CID, validator count
167
93
  dexe_dao_info({ govPool: "0x..." })
168
94
 
169
- // Draft a token-transfer proposal (returns ready-to-sign calldata)
95
+ // Build a token-transfer proposal; returns ready-to-sign calldata
170
96
  dexe_proposal_build_token_transfer({
171
97
  govPool: "0x...",
172
98
  token: "0x...",
@@ -175,127 +101,108 @@ dexe_proposal_build_token_transfer({
175
101
  })
176
102
  ```
177
103
 
178
- The agent gets back a `TxPayload`. Pass it to your wallet. Sign. Submit. Done.
104
+ Each write tool returns a `TxPayload` you pass to your wallet. To let the server broadcast instead, connect a wallet over WalletConnect (`dexe_wc_connect`) or set `DEXE_PRIVATE_KEY`; that enables the composite flows `dexe_proposal_create`, `dexe_proposal_vote_and_execute`, and `dexe_tx_send`.
179
105
 
180
- **Want the MCP to broadcast too?** Set `DEXE_PRIVATE_KEY` and unlock the composite signing flow (`dexe_proposal_create`, `dexe_proposal_vote_and_execute`, `dexe_tx_send`, `dexe_tx_status`). Strictly opt-in — default stays calldata-only.
106
+ ## Requirements
181
107
 
182
- ---
108
+ - Node.js ≥ 20 with a working `npm`.
109
+ - Git — only for the optional dev toolset (`dexe_compile` / `dexe_test` / `dexe_lint`), which shallow-clones DeXe-Protocol on first use. Set `DEXE_PROTOCOL_PATH` to use an existing checkout. Reads, builders, and deploys do not use it.
183
110
 
184
- ## Prerequisites
111
+ ## Features
185
112
 
186
- - **Node.js 20** with a working `npm` (`node --version` and `npm --version` must both succeed).
187
- - **Git** — needed the first time a build tool (`dexe_compile` / `dexe_test` / `dexe_lint`) runs, to shallow-clone DeXe-Protocol. Skippable if you set `DEXE_PROTOCOL_PATH` to an existing checkout.
113
+ - DeXe governance coverage: the 33 proposal types (24 external, 4 internal validator, 5 off-chain), validator chamber, expert delegation, multi-tier OTC sales with merkle whitelists.
114
+ - Calldata-first key model: no private key is required for any build tool. Broadcasting is a separate, explicit opt-in.
115
+ - Zero-config reads: public RPC, subgraph, backend, and IPFS gateway defaults let read tools work out of the box.
116
+ - External Governor support: 18 `dexe_gov_*` tools read, build, simulate, and decode against OpenZeppelin and Bravo Governors; new DAOs are a config entry.
117
+ - Tested on-chain: a 59-scenario multi-agent harness exercises the builders against BSC-testnet fixture DAOs — build-only checks for all proposal types, full propose → vote → execute lifecycles for the broadcast paths.
118
+ - MIT-licensed, no telemetry, no hosted dependency — requests go only to endpoints you configure.
188
119
 
189
- ## First run
120
+ ## Example applications
190
121
 
191
- The MCP server starts instantly. On the first build-tool call, dexe-mcp shallow-clones DeXe-Protocol into a platform cache directory and runs `npm install` there once. Most tools never need that checkout — reads, proposal builders, vote tools, and deploy only need an RPC URL.
122
+ - A governance copilot that lists unvoted proposals across your DAOs (`dexe_user_inbox`), summarizes them, and drafts votes for you to sign.
123
+ - Proposal drafting from intent: "transfer 50k USDT from treasury to the dev fund" resolves to a builder call, pinned metadata, and one signable payload.
124
+ - Delegate agents that read every proposal, vote according to a written mandate, and record their reasoning.
125
+ - Treasury automation: recurring claims, vesting, and rebalancing executed as governance proposals.
126
+ - Pre-mainnet rehearsal: simulate a proposal (`dexe_sim_proposal`) or replay a parameter change on a testnet fixture DAO before it goes live.
192
127
 
193
- ---
128
+ ## Tool catalog
129
+
130
+ 159 tools in 19 groups. Full per-tool reference with required env vars: [docs/TOOLS.md](https://github.com/edward-arinin-web-dev/dexe-mcp/blob/main/docs/TOOLS.md).
131
+
132
+ A default session loads the `core,proposals` profile (~72 tools) to keep the MCP tool list small. Set `DEXE_TOOLSETS=full` for everything, or add profiles (`read`, `vote`, `governor`, `dev`) as needed — see [Toolset profiles](https://github.com/edward-arinin-web-dev/dexe-mcp/blob/main/docs/TOOLS.md#toolset-profiles). Call `dexe_context` first in a session: it returns the signer, active chain, env readiness, and DAOs/proposals recorded in prior sessions.
133
+
134
+ | Group | Tools | Summary |
135
+ |-------|-------|---------|
136
+ | Dev tooling | 4 | Hardhat lifecycle for the DeXe-Protocol workspace: `dexe_compile`, `_test`, `_coverage`, `_lint`. |
137
+ | Contract introspection | 10 | List contracts, fetch ABIs, look up selectors, read NatSpec and source, decode calldata and proposal payloads. |
138
+ | DAO reads | 30 | DAO info, proposal state/list/voters, voting power, treasury, settings, validators, staking, distributions, risk assessment, plus subgraph queries (DAO list, members, experts, delegation map, user activity). |
139
+ | IPFS | 9 | Pinata uploads for files, avatars, and DAO/proposal metadata; metadata updates; JPEG avatar generation; gateway-fallback fetch; local CID computation. |
140
+ | DAO deploy | 2 | `dexe_dao_create` (one-call composite with pre-flight revert guards) and `dexe_dao_build_deploy` (full `deployGovPool` struct encoder). |
141
+ | Proposal catalog and primitives | 5 | `dexe_proposal_catalog` plus generic `_build_external`, `_build_internal`, `_build_custom_abi`, `_build_offchain`. |
142
+ | External proposal wrappers | 20 | Named builders: token transfer/distribution/sale, treasury withdraw, validators, experts, staking tiers, blacklist, profile changes, voting settings, and more. |
143
+ | Internal validator wrappers | 4 | Validator-chamber proposals: balances, settings, monthly withdraw, off-chain internal. |
144
+ | Off-chain wrappers and auth | 8 | DeXe backend integration: SIWE login, off-chain proposal creation and voting. |
145
+ | Vote, stake, delegate, execute, claim builders | 26 | Direct EOA writes on `GovPool` and `Validators`: deposit, vote, delegate, execute, claim, staking, token-sale buy/claim, multicall. |
146
+ | Composite signing flows | 6 | `dexe_proposal_create`, `dexe_proposal_vote_and_execute`, `dexe_tx_send`, `dexe_tx_status`, `dexe_get_config`, `dexe_context`. |
147
+ | Merkle utility | 2 | `dexe_merkle_build` and `dexe_merkle_proof`, compatible with OZ `StandardMerkleTree`. |
148
+ | OTC composites | 4 | Open a multi-tier sale, check buyer status, buy (native or with merkle proof), claim vested payouts. [docs/OTC.md](./docs/OTC.md) |
149
+ | Safe multisig | 2 | Queue transactions in the Safe Transaction Service instead of broadcasting. [docs/SAFE.md](./docs/SAFE.md) |
150
+ | Simulator | 3 | `eth_call` preflight with decoded revert reasons: `_sim_calldata`, `_sim_proposal`, `_sim_buy`. [docs/SIMULATOR.md](./docs/SIMULATOR.md) |
151
+ | Multi-DAO inbox + forecast | 2 | Pending items across N DAOs (`dexe_user_inbox`) and quorum-projection pass-rate forecasts. [docs/INBOX.md](./docs/INBOX.md) |
152
+ | External Governor DAOs | 18 | `dexe_gov_*`: family-aware propose/vote/queue/execute/delegate, dry-runs, vote receipts, decoding for OZ and Bravo Governors. [docs/GOVERNOR.md](./docs/GOVERNOR.md) |
153
+ | WalletConnect | 3 | `dexe_wc_connect` (pairing QR), `dexe_wc_status`, `dexe_wc_disconnect`. Transactions sign on your phone. [docs/WALLETCONNECT.md](./docs/WALLETCONNECT.md) |
154
+ | Diagnostics | 1 | `dexe_doctor`: runs reachability checks across the configured environment and prints remediation hints. |
194
155
 
195
156
  ## Environment variables
196
157
 
197
- All optional. Tools that need a missing variable fail with a clear, actionable message pointing at exactly what to set. Full matrix [`docs/ENVIRONMENT.md`](https://github.com/edward-arinin-web-dev/dexe-mcp/blob/main/docs/ENVIRONMENT.md).
198
-
199
- | Variable | Required for | Purpose |
200
- |----------|--------------|---------|
201
- | `DEXE_PROTOCOL_PATH` | dev tooling (optional) | Use an existing DeXe-Protocol checkout; disables auto clone/install |
202
- | `DEXE_RPC_URL` | reads / predict / deploy | JSON-RPC endpoint (BSC or any EVM chain where DeXe is deployed) |
203
- | `DEXE_CHAIN_ID` | reads | Defaults to `56` (BSC mainnet). Override for other chains |
204
- | `DEXE_CONTRACTS_REGISTRY` | reads (optional) | Override the ContractsRegistry root; defaults to the known per-chain address |
205
- | `DEXE_PINATA_JWT` | IPFS uploads | Pinata JWT for pinning proposal/DAO metadata |
206
- | `DEXE_IPFS_GATEWAY` | IPFS fetch | **Dedicated** gateway URL (Pinata, Filebase, Quicknode, self-hosted). Public gateways are unreliable and NOT defaulted |
207
- | `DEXE_IPFS_GATEWAYS_FALLBACK` | IPFS fetch (optional) | Comma-separated public gateways tried sequentially after the primary |
208
- | `DEXE_SUBGRAPH_POOLS_URL` | `dexe_read_dao_list`, `_dao_members`, `_delegation_map`, `_dao_experts`, `_user_inbox`, `_proposal_voters`, `_dao_predict_addresses` | The Graph endpoint for the DeXe pools subgraph |
209
- | `DEXE_SUBGRAPH_VALIDATORS_URL` | `dexe_read_validator_list` | The Graph endpoint for the DeXe validators subgraph |
210
- | `DEXE_SUBGRAPH_INTERACTIONS_URL` | `dexe_read_user_activity` | The Graph endpoint for the DeXe interactions subgraph |
211
- | `DEXE_GRAPH_API_KEY` | subgraph reads (optional) | Bearer token for `gateway.thegraph.com`. Required only when the URL doesn't embed the key. Auto-extracted from `/api/<key>/...` URLs |
212
- | `DEXE_BACKEND_API_URL` | off-chain proposals | DeXe backend (e.g. `https://api.dexe.io`) |
213
- | `DEXE_PRIVATE_KEY` | broadcast mode (opt-in) | Enables `_tx_send`, `_tx_status`, and the broadcast branch of composite flows. Default stays calldata-only |
214
-
215
- ---
158
+ No variable is required to start the server; tools that need a missing one fail with a message naming what to set. Full matrix: [docs/ENVIRONMENT.md](./docs/ENVIRONMENT.md).
159
+
160
+ | Variable | Used for | Notes |
161
+ |----------|----------|-------|
162
+ | `DEXE_RPC_URL_MAINNET` / `DEXE_RPC_URL_TESTNET` / `DEXE_RPC_URL_<chainId>` | all on-chain tools | Per-chain JSON-RPC endpoints. Without any, a public BSC RPC is used (rate-limited). `DEXE_RPC_URL` still works as a legacy single-chain alias. |
163
+ | `DEXE_DEFAULT_CHAIN_ID` | chain selection | Default `56` (BSC mainnet); `97` for testnet. |
164
+ | `DEXE_DISABLE_PUBLIC_RPC` | hardening | Set `1` to turn off the public RPC fallback. |
165
+ | `DEXE_PINATA_JWT` | IPFS uploads | Required for DAO/proposal creation (metadata pinning). |
166
+ | `DEXE_IPFS_GATEWAY` | IPFS reads | Dedicated gateway (Pinata, Filebase, self-hosted). Without one, public gateways (ipfs.io, dweb.link) are used. |
167
+ | `DEXE_PINATA_GATEWAY_TOKEN` | IPFS reads | Gateway key for restricted Pinata dedicated gateways. |
168
+ | `DEXE_IPFS_DISABLE_PUBLIC_FALLBACK` | hardening | Set `1` to disable public gateway fallback. |
169
+ | `DEXE_WALLETCONNECT_PROJECT_ID` | WalletConnect signing | A shared default ships; set your own project ID for production use. |
170
+ | `DEXE_PRIVATE_KEY` | broadcast mode | Hot-key signing. Opt-in; prefer WalletConnect. Never required for build tools. |
171
+ | `DEXE_TOOLSETS` | tool gating | Comma list of profiles; default `core,proposals`. |
172
+ | `DEXE_SUBGRAPH_POOLS_URL` / `_VALIDATORS_URL` / `_INTERACTIONS_URL` | subgraph reads | The Graph endpoints; defaults target the decentralized network. |
173
+ | `DEXE_GRAPH_API_KEY` | subgraph reads | Only when the URL doesn't embed the key. |
174
+ | `DEXE_BACKEND_API_URL` | off-chain proposals | DeXe backend, e.g. `https://api.dexe.io`. |
175
+ | `DEXE_STATE_PATH` | persistence | Overrides the session-state file (`~/.dexe-mcp/state.json`). |
176
+ | `DEXE_PROTOCOL_PATH` | dev toolset | Existing DeXe-Protocol checkout; disables auto-clone. |
216
177
 
217
178
  ## Documentation
218
179
 
219
- Full docs in [`docs/`](https://github.com/edward-arinin-web-dev/dexe-mcp/tree/main/docs):
220
-
221
- - [**`docs/TOOLS.md`**](https://github.com/edward-arinin-web-dev/dexe-mcp/blob/main/docs/TOOLS.md) — complete catalog of all 159 tools, grouped, with one-line descriptions and required envs.
222
- - [**`docs/SKILLS.md`**](https://github.com/edward-arinin-web-dev/dexe-mcp/blob/main/docs/SKILLS.md) — shipped Claude Code skills (create-dao / create-proposal / vote-execute / otc / setup) and how `npx dexe-mcp init` installs them.
223
- - [**`docs/GOVERNOR.md`**](https://github.com/edward-arinin-web-dev/dexe-mcp/blob/main/docs/GOVERNOR.md) external OpenZeppelin / Bravo Governor surface (Uniswap, Compound, Optimism). Family branching, fixture map, paste-able JSON examples, Tally parity harness.
224
- - [**`docs/WALLETCONNECT.md`**](https://github.com/edward-arinin-web-dev/dexe-mcp/blob/main/docs/WALLETCONNECT.md) — `walletconnect` signer mode: phone-approved broadcast with no hot key. Phase A (config) + Phase B (live relay, `dexe_wc_connect` / `dexe_wc_disconnect`, per-tx phone approval) shipped in v0.7.0, validated end-to-end with a live MetaMask-mobile round-trip on BSC testnet.
225
- - [**`docs/USAGE.md`**](https://github.com/edward-arinin-web-dev/dexe-mcp/blob/main/docs/USAGE.md) — 10 worked examples (deploy DAO, create/vote/execute proposals, delegate, validator chamber, decode calldata, off-chain proposals, multicall batching). Copy-pasteable JSON.
226
- - [**`docs/ENVIRONMENT.md`**](https://github.com/edward-arinin-web-dev/dexe-mcp/blob/main/docs/ENVIRONMENT.md) — env-var reference: minimum block to get started, per-category requirements, calldata vs signer mode, chain config, IPFS gateway rationale, subgraph migration, swarm-harness envs, common pitfalls.
227
- - [**`docs/OTC.md`**](https://github.com/edward-arinin-web-dev/dexe-mcp/blob/main/docs/OTC.md) — multi-tier OTC sale flows (project-owner and buyer paths).
228
- - [**`docs/SIMULATOR.md`**](https://github.com/edward-arinin-web-dev/dexe-mcp/blob/main/docs/SIMULATOR.md) — `eth_call`-based preflight with revert-reason decoding.
229
- - [**`docs/INBOX.md`**](https://github.com/edward-arinin-web-dev/dexe-mcp/blob/main/docs/INBOX.md) — cross-DAO inbox and proposal forecast.
230
-
231
- ---
232
-
233
- ## Tool catalog
234
-
235
- **159 tools, 19 groups.** Run `dexe_proposal_catalog` at runtime for the live proposal-type map. Full per-tool reference → [`docs/TOOLS.md`](https://github.com/edward-arinin-web-dev/dexe-mcp/blob/main/docs/TOOLS.md).
236
-
237
- > **Toolset profiles (v0.13.0):** a default session loads a slim **~72 tools** (`DEXE_TOOLSETS=core,proposals`), not all 159 — cutting `tools/list` ~46%. Add profiles (`read`, `vote`, `governor`, `dev`) or set `DEXE_TOOLSETS=full` to restore everything; `DEXE_TOOLSETS=core` is the deepest cut (~76%). `dexe_doctor` shows the active profile. See [TOOLS.md § Toolset profiles](https://github.com/edward-arinin-web-dev/dexe-mcp/blob/main/docs/TOOLS.md#toolset-profiles).
238
- >
239
- > **Persistent context (v0.14.0):** `dexe_context` (call first) returns your signer, active chain, env readiness, and the DAOs/proposals recorded in prior sessions (state at `~/.dexe-mcp/state.json`, override `DEXE_STATE_PATH`).
240
-
241
- | Group | # | What it gives you |
242
- |-------|---|------|
243
- | **Dev tooling** | 4 | One-command Hardhat lifecycle for the DeXe-Protocol monorepo — `dexe_compile`, `_test`, `_coverage`, `_lint`. Auto-clones the repo on first call. |
244
- | **Contract introspection** | 10 | Ask the protocol about itself — list contracts, fetch ABIs, look up selectors, read NatSpec, view source, decode arbitrary calldata or full proposal payloads. The agent's reverse-engineer toolkit. |
245
- | **DAO reads** | 20 | Everything you'd see on a DAO dashboard, returned as JSON — `dao_info`, predicted helper addresses, proposal state/list/voters, voting power, treasury, settings, validators, staking, distributions, privacy policy, plus `dexe_proposal_risk_assess` (treasury-safety risk readout). |
246
- | **IPFS** | 9 | Pinata uploads for files / avatars / DAO + proposal metadata, smart metadata updates, deterministic identicon generation, gateway-fallback fetch, CID computation without uploading. |
247
- | **DAO deploy** | 2 | `dexe_dao_create` — one-call composite: DAO profile → IPFS → deploy with the four revert-guards pre-flighted, signs when configured. `dexe_dao_build_deploy` — the lower-level encoder for the full nested `PoolFactory.deployGovPool` struct with predicted helper addresses pre-wired. |
248
- | **Proposal catalog + primitives** | 5 | `dexe_proposal_catalog` enumerates **all 33** proposal types with metadata + gating. Primitives `_build_external`, `_build_internal`, `_build_custom_abi`, `_build_offchain` cover anything not in a named wrapper. |
249
- | **External proposal wrappers** | 20 | Named builders for every common action: token transfer / distribution / sale (single + multi-tier), treasury withdraw, validators, experts, staking tier, math model, blacklist, reward multiplier, apply to DAO, modify profile, change voting settings, new proposal type, whitelist, and more. |
250
- | **Internal validator wrappers** | 4 | Validator-chamber proposals: `_change_validator_balances`, `_change_validator_settings`, `_monthly_withdraw`, `_offchain_internal_proposal`. |
251
- | **Off-chain backend** | 8 | Full DeXe-backend integration — nonce + SIWE login, off-chain proposal creation (single-option / multi-option / for-against / settings), off-chain vote + cancel. |
252
- | **Vote / stake / delegate / execute / claim** | 26 | Every direct EOA write on `GovPool` and `Validators` — deposit, vote, delegate, undelegate, execute, claim rewards, micropool rewards, staking flows, token-sale buy/claim/vesting, distribution claim, NFT multiplier lock/unlock, privacy policy signing, multicall. |
253
- | **Composite flows + diagnostics** | 7 | High-level flows + orientation: `_context` (call first — signer/chain/known-DAOs from prior sessions), `_proposal_create`, `_proposal_vote_and_execute`, `_tx_send`, `_tx_status`, `_get_config`, `_doctor`. Signing tools opt-in via `DEXE_PRIVATE_KEY`. |
254
- | **Subgraph reads** | 7 | The Graph queries: DAO list, members, experts, validator list, user activity, delegation map, OTC sale tiers. Decentralized-network endpoints + RPC fallback. |
255
- | **Merkle utility** | 2 | `dexe_merkle_build`, `dexe_merkle_proof` — OZ `StandardMerkleTree`-compatible. For whitelisted sales and airdrops. |
256
- | **OTC composites** | 4 | Full project-owner + buyer flows over `TokenSaleProposal`: open multi-tier sale, check buyer status, buy native or with merkle proof, claim vested payouts. See [`docs/OTC.md`](https://github.com/edward-arinin-web-dev/dexe-mcp/blob/main/docs/OTC.md). |
257
- | **Safe multisig** | 2 | Queue a tx in the Safe Transaction Service for owners to co-sign instead of broadcasting — `dexe_safe_info` (on-chain nonce/threshold/owners + endpoint), `dexe_safe_propose_tx` (compute `safeTxHash`, sign as owner, POST to the queue; dry-run by default). See [`docs/SAFE.md`](https://github.com/edward-arinin-web-dev/dexe-mcp/blob/main/docs/SAFE.md). |
258
- | **WalletConnect** | 3 | `dexe_wc_status` (resolved config + live session state), `dexe_wc_connect` (start a session, returns a pairing URI to scan as a QR), `dexe_wc_disconnect` (tear down). Broadcast convenience without a hot key — every tx is signed and broadcast on the operator's phone, the key never enters the MCP. See [`docs/WALLETCONNECT.md`](https://github.com/edward-arinin-web-dev/dexe-mcp/blob/main/docs/WALLETCONNECT.md). |
259
- | **Simulator** | 3 | `eth_call`-based preflight with decoded revert reasons — `_sim_calldata`, `_sim_proposal`, `_sim_buy`. Catch reverts before you pay gas. See [`docs/SIMULATOR.md`](https://github.com/edward-arinin-web-dev/dexe-mcp/blob/main/docs/SIMULATOR.md). |
260
- | **Multi-DAO inbox + forecast** | 2 | `dexe_user_inbox` aggregates pending items (unvoted proposals, claimable rewards, locked deposits) across N DAOs. `_proposal_forecast` predicts pass rate with quorum projection + risk flags. See [`docs/INBOX.md`](https://github.com/edward-arinin-web-dev/dexe-mcp/blob/main/docs/INBOX.md). |
261
- | **External Governor DAOs** | 18 | `dexe_gov_*` — read, build, simulate, and decode against OpenZeppelin Governor + Compound Bravo DAOs. Tier-1: Uniswap, Compound, Optimism. Config-only addition for new DAOs. Family-aware (OZ vs Bravo) propose / castVote / queue / execute / cancel / delegate. Eth-call dry-run + vote-impact projection. vote-receipt check (family-aware) + state + hashProposal + decode + descriptionHash utilities. Tally state-enum parity harness. See [`docs/GOVERNOR.md`](https://github.com/edward-arinin-web-dev/dexe-mcp/blob/main/docs/GOVERNOR.md). |
262
-
263
- ---
180
+ - [docs/TOOLS.md](./docs/TOOLS.md) — all 159 tools, grouped, with one-line descriptions and required env vars.
181
+ - [docs/USAGE.md](./docs/USAGE.md) — ten worked examples with copy-pasteable JSON.
182
+ - [docs/ENVIRONMENT.md](./docs/ENVIRONMENT.md) — full env-var reference and common pitfalls.
183
+ - [docs/INSTALL.md](./docs/INSTALL.md) — install instructions per MCP client.
184
+ - [docs/SETUP.md](./docs/SETUP.md) / [docs/DOCTOR.md](./docs/DOCTOR.md) setup wizard and diagnostic reference.
185
+ - [docs/SKILLS.md](./docs/SKILLS.md) — the Claude Code skills shipped with the package.
186
+ - [docs/GOVERNOR.md](./docs/GOVERNOR.md) — the external OZ/Bravo Governor surface.
187
+ - [docs/WALLETCONNECT.md](./docs/WALLETCONNECT.md) — phone-approved signing without a hot key.
188
+ - [docs/OTC.md](./docs/OTC.md) — multi-tier OTC sale flows for owners and buyers.
189
+ - [docs/PROFILE.md](./docs/PROFILE.md) — DAO profile and avatar pipeline.
190
+ - [docs/SIMULATOR.md](./docs/SIMULATOR.md) — preflight simulation with revert decoding.
191
+ - [docs/INBOX.md](./docs/INBOX.md) — cross-DAO inbox and proposal forecast.
192
+ - [docs/MIGRATION.md](./docs/MIGRATION.md) — per-version upgrade notes.
264
193
 
265
194
  ## Swarm test harness
266
195
 
267
- [`tests/swarm/`](https://github.com/edward-arinin-web-dev/dexe-mcp/tree/main/tests/swarm) is a multi-agent DAO testing harness that runs every `dexe-mcp` tool against real BSC-testnet DAOs. Scenarios are JSON specs; the orchestrator resolves agent wallets and runs each step through either an inline ethers dispatcher or the dexe-mcp stdio bridge.
268
-
269
- It's also a reference implementation of one of the futures we described above — **adversarial AI agents stress-testing a DAO before it ships.**
270
-
271
- **57 scenarios shipped.** Coverage:
272
-
273
- - **Reset + delegation chains** — S00, S01, S06, S14
274
- - **Validator chamber** — pass / veto / full lifecycle (S02, S03, S07)
275
- - **Read-only snapshots** — expert state, participation, validators, cross-DAO, catalog, multi-proposal state, user activity (S04, S05, S09–S15)
276
- - **Cancel-vote + decode-and-introspect** — S08, S12
277
- - **Build-only sanity for every proposal type** in `dexe_proposal_catalog` — token transfer, blacklist, withdraw treasury, apply to DAO, token distribution, token sale + recover, manage validators, change validator balances/settings, monthly withdraw, add/remove expert (local + global), delegate/revoke from expert, reward multiplier (4 modes), change voting settings, new proposal type, change math model, custom ABI, manual calldata, create staking tier, off-chain validator + for/against + settings (S16–S40)
278
- - **OTC multi-tier sale flows** — open sale, buyer buy native + merkle (S41–S46)
279
- - **Simulator + inbox + per-DAO reads** — S47, S48, S50, S51
280
- - **Broadcast lifecycle (v0.5.6 builder rewrites)** — `withdraw_treasury`, `apply_to_dao`, `reward_multiplier mint` (S52–S54)
281
- - **Broadcast lifecycle (most-used proposal types)** — `token_transfer`, `blacklist`, `add_expert` (S55–S57)
196
+ [`tests/swarm/`](./tests/swarm) is a multi-agent harness that exercises the tool surface against real BSC-testnet DAOs: 59 JSON scenarios covering delegation chains, the validator chamber, build-only checks for every proposal type, OTC flows, and full broadcast lifecycles. The orchestrator resolves agent wallets and runs each step through an inline ethers dispatcher or the dexe-mcp stdio bridge.
282
197
 
283
198
  ```bash
284
- # 1) generate 9 wallets (8 agents + funder), fund the funder from your wallet
285
- # 2) deploy fixture DAOs via dexe_dao_build_deploy (one 50% quorum + one with validators)
286
- # 3) configure SWARM_DAOS_TESTNET / SWARM_TOKENS_TESTNET / SWARM_RPC_URL_TESTNET
287
-
288
- npm run swarm:preflight # red/green table per wallet
289
- npm run swarm:fund -- --confirm # broadcast top-ups from funder
290
- npm run swarm:run # full sweep, all scenarios
291
- npm run swarm:run -- --scenarios=S00-reset,S01-delegation-chain-3hop --dry-run
199
+ npm run swarm:preflight # per-wallet readiness table
200
+ npm run swarm:fund -- --confirm # top up agent wallets from the funder
201
+ npm run swarm:run # full sweep
202
+ npm run swarm:run -- --scenarios=S00-reset --dry-run
292
203
  ```
293
204
 
294
- - Setup runbook [`tests/swarm/README.md`](https://github.com/edward-arinin-web-dev/dexe-mcp/blob/main/tests/swarm/README.md)
295
- - Scenario schema → [`tests/swarm/scenarios/_schema.md`](https://github.com/edward-arinin-web-dev/dexe-mcp/blob/main/tests/swarm/scenarios/_schema.md)
296
- - Per-role agent prompts → [`tests/swarm/prompts/`](https://github.com/edward-arinin-web-dev/dexe-mcp/tree/main/tests/swarm/prompts)
297
-
298
- ---
205
+ Setup runbook: [tests/swarm/README.md](./tests/swarm/README.md) · scenario schema: [tests/swarm/scenarios/_schema.md](./tests/swarm/scenarios/_schema.md) · agent prompts: [tests/swarm/prompts/](./tests/swarm/prompts).
299
206
 
300
207
  ## Contributing
301
208
 
@@ -304,36 +211,27 @@ git clone https://github.com/edward-arinin-web-dev/dexe-mcp.git
304
211
  cd dexe-mcp
305
212
  npm install
306
213
  npm run build
307
- npm run typecheck
214
+ npm test
308
215
  npm run dev # watch mode
309
216
  ```
310
217
 
311
- Issues, PRs, and proposal-type requests welcome → [GitHub issues](https://github.com/edward-arinin-web-dev/dexe-mcp/issues).
218
+ Issues, PRs, and proposal-type requests: [GitHub issues](https://github.com/edward-arinin-web-dev/dexe-mcp/issues).
312
219
 
313
220
  ## Security
314
221
 
315
- Supply-chain hardening is enforced in CI. See [SECURITY.md](SECURITY.md) for the full policy, threat model, and how to report a vulnerability. Highlights:
316
-
317
- - **Signed release tags.** Every release tag is GPG-signed and `release.yml` runs `git verify-tag` before publishing — an unsigned or untrusted tag aborts the release. Verify any tag yourself after cloning:
318
-
319
- ```bash
320
- gpg --recv-keys <MAINTAINER_KEY_ID> # import maintainer key once
321
- git verify-tag v0.5.9 # or the shorthand: git tag -v v0.5.9
322
- ```
222
+ See [SECURITY.md](./SECURITY.md) for the threat model, policy, and how to report a vulnerability. In short:
323
223
 
324
- A `Good signature` line is the only acceptable result; `no signature found` or `No public key` means do not trust the tag.
325
- - **npm provenance.** Releases publish with `npm publish --provenance`; verify with `npm audit signatures` against an installed copy.
326
- - **Reproducible installs.** A `verify-lockfile` CI job installs strictly from the committed `package-lock.json` and fails on any drift.
327
- - **Continuous scanning.** CodeQL (SAST) runs on every PR and weekly; OSSF Scorecard runs weekly and on push to `main`; Dependency Review runs on every PR.
328
- - **Audit remediation (v0.9.0).** Closes the MCP-fixable findings from an independent red-team audit — numeric-input guards, RPC-key redaction, untrusted-data sanitization, recursive decode, exact-amount approvals, per-chain nonce serialization, IPFS content-hash verification, and an `--ignore-scripts` bootstrap. Per-finding detail in [`CHANGELOG.md`](https://github.com/edward-arinin-web-dev/dexe-mcp/blob/main/CHANGELOG.md).
224
+ - Release tags are GPG-signed; `release.yml` runs `git verify-tag` before publishing. Verify locally with `git verify-tag <tag>` (e.g. `v0.19.0`) after importing the maintainer key.
225
+ - npm releases publish with `--provenance`; verify with `npm audit signatures`.
226
+ - CI installs strictly from the committed lockfile and fails on drift.
227
+ - CodeQL, OSSF Scorecard, and Dependency Review run on PRs and on a schedule.
329
228
 
330
229
  ## License
331
230
 
332
- MIT. See [LICENSE](https://github.com/edward-arinin-web-dev/dexe-mcp/blob/main/LICENSE).
231
+ MIT. See [LICENSE](./LICENSE).
333
232
 
334
233
  ---
335
234
 
336
235
  <p align="center">
337
- <b>The runtime for autonomous DAOs.</b><br/>
338
- <sub>Built for the DeXe Protocol governance stack on BNB Chain. Not affiliated with DeXe Network — independent open-source integration.</sub>
236
+ <sub>Independent open-source integration for the DeXe Protocol governance stack. Not affiliated with DeXe Network.</sub>
339
237
  </p>
@@ -48,7 +48,9 @@ asking.
48
48
  DAOs you already deployed.
49
49
  1. **Env:** ensure the target chain is 97 and `DEXE_PINATA_JWT` is set (metadata).
50
50
  2. **(Optional) avatar:** `dexe_dao_generate_avatar` / `dexe_ipfs_upload_avatar`
51
- → pass the `cid` as `avatarCID` (a real JPEG, not SVG named `.jpeg`).
51
+ → pass the `cid` as `avatarCID`. Since v0.20.0 both enforce real raster
52
+ bytes (generate renders a true JPEG; upload rejects SVG/HTML by magic-byte
53
+ check), so any CID they return is safe to use.
52
54
  3. **Preview:** call `dexe_dao_create` with just the essentials:
53
55
 
54
56
  ```jsonc
@@ -0,0 +1,22 @@
1
+ /**
2
+ * Deterministic raster avatar renderer.
3
+ *
4
+ * Replaces the old SVG identicon: the DeXe serving chain (Go ipfs-cache →
5
+ * R2 `<descCid>.jpeg` with hardcoded image/jpeg) only renders real raster
6
+ * bytes, so we rasterize the same design — 1–2 initials over a hash-coloured
7
+ * diagonal gradient — and encode an actual JPEG. Pure JS: RGBA buffer +
8
+ * embedded 8x8 bitmap font + jpeg-js. No canvas, no native deps.
9
+ *
10
+ * Same daoName → byte-identical output (all constants fixed, no randomness).
11
+ */
12
+ /** djb2-style hash → unsigned 32-bit. Kept identical to the legacy SVG identicon so re-generated avatars keep their colours. */
13
+ export declare function hashString(s: string): number;
14
+ /** First 1–2 alphanumeric characters of the DAO name, uppercased ("?" fallback). */
15
+ export declare function avatarInitials(daoName: string): string;
16
+ /**
17
+ * Render the avatar and encode as JPEG. `size` is the output square in px.
18
+ * Renders at 2x and box-downscales, so glyph edges pick up light smoothing
19
+ * when the pixel scale is odd.
20
+ */
21
+ export declare function renderAvatarJpeg(daoName: string, size?: number): Buffer;
22
+ //# sourceMappingURL=avatarImage.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"avatarImage.d.ts","sourceRoot":"","sources":["../../src/lib/avatarImage.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAIH,gIAAgI;AAChI,wBAAgB,UAAU,CAAC,CAAC,EAAE,MAAM,GAAG,MAAM,CAI5C;AAED,oFAAoF;AACpF,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAGtD;AAqED;;;;GAIG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,SAAM,GAAG,MAAM,CAqGpE"}