dexe-mcp 0.8.2 → 0.9.0

package/dist/lib/decoders.d.ts

@@ -10,6 +10,14 @@ export interface DecodedCall {
     args: Record<string, unknown>;
     /** Raw positional args — useful for agents that want the tuple directly. */
     argsArray: unknown[];
+    /** True if this selector is a C-2-class privileged accounting function. */
+    privileged?: boolean;
+    /**
+     * Calls discovered inside this call's calldata args — e.g. the inner calls of
+     * a `multicall(bytes[])`, or the actions of a nested `createProposal`. Lets a
+     * reviewer see hidden privileged calls instead of just the wrapper (C-1).
+     */
+    nested?: DecodedCall[];
 }
 export interface DecodedProposalAction {
     side: "for" | "against";
@@ -28,10 +36,22 @@ export declare class CalldataDecoder {
      * is tried. Otherwise every artifact whose selector matches is tried in
      * turn; the first successful parse wins (with alternatives in `.alternatives`).
      */
+    static readonly MAX_NEST_DEPTH = 4;
+    /**
+     * Decode calldata and recursively unwrap any well-formed nested calldata
+     * found in its arguments — `multicall(bytes[])`, a nested `createProposal`'s
+     * `ProposalAction[]`, `tryExecute`, etc. The decoded `primary` carries a
+     * `privileged` flag for C-2-class selectors and a `nested` tree so a reviewer
+     * reading the text sees hidden inner calls, not just the wrapper (C-1).
+     */
     decodeCalldata(data: string, contractName?: string): {
         primary: DecodedCall | null;
         alternatives: DecodedCall[];
     };
+    private decodeEnriched;
+    /** Walk decoded args; recurse into any value that is itself well-formed calldata. */
+    private collectNested;
+    private decodeOnce;
     /**
      * Given a ProposalAction tuple, find the executor contract and decode `data`
      * against its ABI. Strategy: try to find an artifact whose runtime bytecode

package/dist/lib/decoders.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"decoders.d.ts","sourceRoot":"","sources":["../../src/lib/decoders.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAEpD,MAAM,WAAW,WAAW;IAC1B,iGAAiG;IACjG,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,mGAAmG;IACnG,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9B,4EAA4E;IAC5E,SAAS,EAAE,OAAO,EAAE,CAAC;CACtB;AAED,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,KAAK,GAAG,SAAS,CAAC;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,4EAA4E;IAC5E,OAAO,EAAE,WAAW,GAAG,IAAI,CAAC;CAC7B;AAED,qBAAa,eAAe;IAExB,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,SAAS;gBADT,SAAS,EAAE,SAAS,EACpB,SAAS,EAAE,aAAa;IAG3C;;;;OAIG;IACH,cAAc,CACZ,IAAI,EAAE,MAAM,EACZ,YAAY,CAAC,EAAE,MAAM,GACpB;QAAE,OAAO,EAAE,WAAW,GAAG,IAAI,CAAC;QAAC,YAAY,EAAE,WAAW,EAAE,CAAA;KAAE;IA4C/D;;;;;;;;OAQG;IACH,oBAAoB,CAAC,MAAM,EAAE;QAC3B,QAAQ,EAAE,MAAM,CAAC;QACjB,KAAK,EAAE,MAAM,CAAC;QACd,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,KAAK,GAAG,SAAS,CAAC;KACzB,GAAG,qBAAqB;CAU1B"}
+{"version":3,"file":"decoders.d.ts","sourceRoot":"","sources":["../../src/lib/decoders.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAGpD,MAAM,WAAW,WAAW;IAC1B,iGAAiG;IACjG,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,mGAAmG;IACnG,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9B,4EAA4E;IAC5E,SAAS,EAAE,OAAO,EAAE,CAAC;IACrB,2EAA2E;IAC3E,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB;;;;OAIG;IACH,MAAM,CAAC,EAAE,WAAW,EAAE,CAAC;CACxB;AAED,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,KAAK,GAAG,SAAS,CAAC;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,4EAA4E;IAC5E,OAAO,EAAE,WAAW,GAAG,IAAI,CAAC;CAC7B;AAED,qBAAa,eAAe;IAExB,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,SAAS;gBADT,SAAS,EAAE,SAAS,EACpB,SAAS,EAAE,aAAa;IAG3C;;;;OAIG;IACH,MAAM,CAAC,QAAQ,CAAC,cAAc,KAAK;IAEnC;;;;;;OAMG;IACH,cAAc,CACZ,IAAI,EAAE,MAAM,EACZ,YAAY,CAAC,EAAE,MAAM,GACpB;QAAE,OAAO,EAAE,WAAW,GAAG,IAAI,CAAC;QAAC,YAAY,EAAE,WAAW,EAAE,CAAA;KAAE;IAI/D,OAAO,CAAC,cAAc;IAiBtB,qFAAqF;IACrF,OAAO,CAAC,aAAa;IAarB,OAAO,CAAC,UAAU;IA+ClB;;;;;;;;OAQG;IACH,oBAAoB,CAAC,MAAM,EAAE;QAC3B,QAAQ,EAAE,MAAM,CAAC;QACjB,KAAK,EAAE,MAAM,CAAC;QACd,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,KAAK,GAAG,SAAS,CAAC;KACzB,GAAG,qBAAqB;CAU1B"}

package/dist/lib/decoders.js

@@ -1,4 +1,5 @@
 import { Interface } from "ethers";
+import { findForbiddenSelector } from "./dangerousSelectors.js";
 export class CalldataDecoder {
     artifacts;
     selectors;
@@ -11,7 +12,46 @@ export class CalldataDecoder {
      * is tried. Otherwise every artifact whose selector matches is tried in
      * turn; the first successful parse wins (with alternatives in `.alternatives`).
      */
+    static MAX_NEST_DEPTH = 4;
+    /**
+     * Decode calldata and recursively unwrap any well-formed nested calldata
+     * found in its arguments — `multicall(bytes[])`, a nested `createProposal`'s
+     * `ProposalAction[]`, `tryExecute`, etc. The decoded `primary` carries a
+     * `privileged` flag for C-2-class selectors and a `nested` tree so a reviewer
+     * reading the text sees hidden inner calls, not just the wrapper (C-1).
+     */
     decodeCalldata(data, contractName) {
+        return this.decodeEnriched(data, contractName, 0);
+    }
+    decodeEnriched(data, contractName, depth) {
+        const res = this.decodeOnce(data, contractName);
+        if (res.primary) {
+            res.primary.privileged = findForbiddenSelector(res.primary.selector) != null;
+            if (depth < CalldataDecoder.MAX_NEST_DEPTH) {
+                const nested = [];
+                this.collectNested(res.primary.argsArray, depth + 1, nested);
+                if (nested.length > 0)
+                    res.primary.nested = nested;
+            }
+        }
+        return res;
+    }
+    /** Walk decoded args; recurse into any value that is itself well-formed calldata. */
+    collectNested(value, depth, out) {
+        if (typeof value === "string") {
+            if (looksLikeCalldata(value)) {
+                const r = this.decodeEnriched(value, undefined, depth);
+                if (r.primary)
+                    out.push(r.primary);
+            }
+            return;
+        }
+        if (Array.isArray(value)) {
+            for (const el of value)
+                this.collectNested(el, depth, out);
+        }
+    }
+    decodeOnce(data, contractName) {
         if (!data || data.length < 10 || !data.startsWith("0x")) {
             return { primary: null, alternatives: [] };
         }
@@ -119,4 +159,16 @@ function normalize(v) {
     }
     return v;
 }
+/**
+ * Heuristic: does `v` look like ABI calldata (a 4-byte selector followed by
+ * whole 32-byte words)? This filters out addresses (20 bytes), bytes32 hashes,
+ * and arbitrary blobs, so recursion only follows real nested calls.
+ */
+function looksLikeCalldata(v) {
+    if (!/^0x[0-9a-fA-F]+$/.test(v))
+        return false;
+    if (v.length < 10)
+        return false; // need at least the 4-byte selector
+    return (v.length - 10) % 64 === 0; // selector + N 32-byte words
+}
 //# sourceMappingURL=decoders.js.map

package/dist/lib/decoders.js.map

@@ -1 +1 @@
-{"version":3,"file":"decoders.js","sourceRoot":"","sources":["../../src/lib/decoders.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAe,MAAM,QAAQ,CAAC;AAyBhD,MAAM,OAAO,eAAe;IAEP;IACA;IAFnB,YACmB,SAAoB,EACpB,SAAwB;QADxB,cAAS,GAAT,SAAS,CAAW;QACpB,cAAS,GAAT,SAAS,CAAe;IACxC,CAAC;IAEJ;;;;OAIG;IACH,cAAc,CACZ,IAAY,EACZ,YAAqB;QAErB,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACxD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC;QAC7C,CAAC;QACD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QAEjD,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC;YACnD,IAAI,CAAC,MAAM;gBAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC;YACxD,MAAM,GAAG,GAAG,aAAa,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YAC5C,IAAI,GAAG,EAAE,CAAC;gBACR,OAAO;oBACL,OAAO,EAAE;wBACP,QAAQ,EAAE,MAAM,CAAC,YAAY;wBAC7B,UAAU,EAAE,MAAM,CAAC,UAAU;wBAC7B,GAAG,GAAG;qBACP;oBACD,YAAY,EAAE,EAAE;iBACjB,CAAC;YACJ,CAAC;YACD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC;QAC7C,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC;QACtF,MAAM,OAAO,GAAkB,EAAE,CAAC;QAClC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;QAC/B,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;YAC9B,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC;gBAAE,SAAS;YACtC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACxB,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAClD,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;gBACxB,MAAM,GAAG,GAAG,aAAa,CAAC,CAAC,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;gBACvC,IAAI,GAAG,EAAE,CAAC;oBACR,OAAO,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,YAAY,EAAE,UAAU,EAAE,CAAC,CAAC,UAAU,EAAE,GAAG,GAAG,EAAE,CAAC,CAAC;oBAC7E,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;QACD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC;QAC7C,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAE,EAAE,YAAY,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;IAClE,CAAC;IAED;;;;;;;;OAQG;IACH,oBAAoB,CAAC,MAKpB;QACC,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAChD,OAAO;YACL,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,QAAQ,EAAE;YAC9B,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,OAAO,EAAE,MAAM,CAAC,OAAO;SACxB,CAAC;IACJ,CAAC;CACF;AAED,SAAS,aAAa,CAAC,GAAuB,EAAE,IAAY;IAC1D,IAAI,KAAgB,CAAC;IACrB,IAAI,CAAC;QACH,KAAK,GAAG,IAAI,SAAS,CAAC,GAAkD,CAAC,CAAC;IAC5E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,KAAK,CAAC,gBAAgB,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QAChD,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QACzB,OAAO;YACL,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC;YAC5C,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,IAAI,EAAE,cAAc,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YAC5E,SAAS,EAAE,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC;SAC3C,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,MAAc,EAAE,KAAwB;IAC9D,MAAM,GAAG,GAA4B,EAAE,CAAC;IACxC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;QACjE,GAAG,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAClC,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,SAAS,CAAC,CAAU;IAC3B,IAAI,OAAO,CAAC,KAAK,QAAQ;QAAE,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;IAC/C,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;QAAE,OAAO,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAC9C,IAAI,CAAC,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;QAC/B,kFAAkF;QAClF,MAAM,QAAQ,GAAG,CAAW,CAAC;QAC7B,IAAI,OAAO,QAAQ,CAAC,OAAO,KAAK,UAAU,EAAE,CAAC;YAC3C,OAAO,QAAQ,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC"}
+{"version":3,"file":"decoders.js","sourceRoot":"","sources":["../../src/lib/decoders.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAe,MAAM,QAAQ,CAAC;AAGhD,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AA+BhE,MAAM,OAAO,eAAe;IAEP;IACA;IAFnB,YACmB,SAAoB,EACpB,SAAwB;QADxB,cAAS,GAAT,SAAS,CAAW;QACpB,cAAS,GAAT,SAAS,CAAe;IACxC,CAAC;IAEJ;;;;OAIG;IACH,MAAM,CAAU,cAAc,GAAG,CAAC,CAAC;IAEnC;;;;;;OAMG;IACH,cAAc,CACZ,IAAY,EACZ,YAAqB;QAErB,OAAO,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC;IACpD,CAAC;IAEO,cAAc,CACpB,IAAY,EACZ,YAAgC,EAChC,KAAa;QAEb,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;QAChD,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;YAChB,GAAG,CAAC,OAAO,CAAC,UAAU,GAAG,qBAAqB,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC;YAC7E,IAAI,KAAK,GAAG,eAAe,CAAC,cAAc,EAAE,CAAC;gBAC3C,MAAM,MAAM,GAAkB,EAAE,CAAC;gBACjC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,KAAK,GAAG,CAAC,EAAE,MAAM,CAAC,CAAC;gBAC7D,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC;oBAAE,GAAG,CAAC,OAAO,CAAC,MAAM,GAAG,MAAM,CAAC;YACrD,CAAC;QACH,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED,qFAAqF;IAC7E,aAAa,CAAC,KAAc,EAAE,KAAa,EAAE,GAAkB;QACrE,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,IAAI,iBAAiB,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC7B,MAAM,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;gBACvD,IAAI,CAAC,CAAC,OAAO;oBAAE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;YACrC,CAAC;YACD,OAAO;QACT,CAAC;QACD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,KAAK,MAAM,EAAE,IAAI,KAAK;gBAAE,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IAEO,UAAU,CAChB,IAAY,EACZ,YAAqB;QAErB,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACxD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC;QAC7C,CAAC;QACD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QAEjD,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC;YACnD,IAAI,CAAC,MAAM;gBAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC;YACxD,MAAM,GAAG,GAAG,aAAa,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YAC5C,IAAI,GAAG,EAAE,CAAC;gBACR,OAAO;oBACL,OAAO,EAAE;wBACP,QAAQ,EAAE,MAAM,CAAC,YAAY;wBAC7B,UAAU,EAAE,MAAM,CAAC,UAAU;wBAC7B,GAAG,GAAG;qBACP;oBACD,YAAY,EAAE,EAAE;iBACjB,CAAC;YACJ,CAAC;YACD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC;QAC7C,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC;QACtF,MAAM,OAAO,GAAkB,EAAE,CAAC;QAClC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;QAC/B,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;YAC9B,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC;gBAAE,SAAS;YACtC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACxB,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAClD,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;gBACxB,MAAM,GAAG,GAAG,aAAa,CAAC,CAAC,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;gBACvC,IAAI,GAAG,EAAE,CAAC;oBACR,OAAO,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,YAAY,EAAE,UAAU,EAAE,CAAC,CAAC,UAAU,EAAE,GAAG,GAAG,EAAE,CAAC,CAAC;oBAC7E,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;QACD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC;QAC7C,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAE,EAAE,YAAY,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;IAClE,CAAC;IAED;;;;;;;;OAQG;IACH,oBAAoB,CAAC,MAKpB;QACC,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAChD,OAAO;YACL,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,QAAQ,EAAE;YAC9B,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,OAAO,EAAE,MAAM,CAAC,OAAO;SACxB,CAAC;IACJ,CAAC;;AAGH,SAAS,aAAa,CAAC,GAAuB,EAAE,IAAY;IAC1D,IAAI,KAAgB,CAAC;IACrB,IAAI,CAAC;QACH,KAAK,GAAG,IAAI,SAAS,CAAC,GAAkD,CAAC,CAAC;IAC5E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,KAAK,CAAC,gBAAgB,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QAChD,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QACzB,OAAO;YACL,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC;YAC5C,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,IAAI,EAAE,cAAc,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YAC5E,SAAS,EAAE,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC;SAC3C,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,MAAc,EAAE,KAAwB;IAC9D,MAAM,GAAG,GAA4B,EAAE,CAAC;IACxC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;QACjE,GAAG,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAClC,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,SAAS,CAAC,CAAU;IAC3B,IAAI,OAAO,CAAC,KAAK,QAAQ;QAAE,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;IAC/C,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;QAAE,OAAO,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAC9C,IAAI,CAAC,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;QAC/B,kFAAkF;QAClF,MAAM,QAAQ,GAAG,CAAW,CAAC;QAC7B,IAAI,OAAO,QAAQ,CAAC,OAAO,KAAK,UAAU,EAAE,CAAC;YAC3C,OAAO,QAAQ,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED;;;;GAIG;AACH,SAAS,iBAAiB,CAAC,CAAS;IAClC,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IAC9C,IAAI,CAAC,CAAC,MAAM,GAAG,EAAE;QAAE,OAAO,KAAK,CAAC,CAAC,oCAAoC;IACrE,OAAO,CAAC,CAAC,CAAC,MAAM,GAAG,EAAE,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC,6BAA6B;AAClE,CAAC"}

package/dist/lib/ipfs.d.ts

@@ -1,3 +1,4 @@
+import { CID } from "multiformats/cid";
 /**
  * Public IPFS gateways (dweb.link, ipfs.io, cf-ipfs.com, …) are unreliable —
  * frequent 502s, rate limits, and extended outages in 2025/2026. We do NOT
@@ -21,8 +22,21 @@ export interface IpfsFetchResult {
     json: unknown | null;
     /** Total attempts made (including failures before success). */
     attempts: number;
+    /**
+     * True if the bytes were hash-verified against the requested CID (raw/json
+     * codecs). False when the codec (dag-pb / unixfs) can't be cheaply verified
+     * without full DAG reconstruction — content-addressing was NOT confirmed.
+     */
+    verified: boolean;
 }
 export declare function fetchIpfs(cid: string, cfg: IpfsFetchConfig): Promise<IpfsFetchResult>;
+/**
+ * W20 content-address check. Returns "verified" when sha256(bytes) reproduces
+ * the requested CID, "mismatch" when it doesn't (tampered / MitM gateway), and
+ * "unverifiable" for codecs whose CID is over a DAG rather than the raw bytes
+ * (dag-pb / unixfs) — those need full DAG reconstruction we don't perform here.
+ */
+export declare function verifyCidBytes(parsedCid: CID, bytes: Uint8Array): Promise<"verified" | "mismatch" | "unverifiable">;
 export interface CidInfo {
     cid: string;
     version: 0 | 1;

package/dist/lib/ipfs.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"ipfs.d.ts","sourceRoot":"","sources":["../../src/lib/ipfs.ts"],"names":[],"mappings":"AAOA;;;;;;;GAOG;AACH,eAAO,MAAM,mBAAmB,EAAE,SAAS,MAAM,EAAO,CAAC;AAEzD,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,SAAS,MAAM,EAAE,CAAC;IAC5B,2CAA2C;IAC3C,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,UAAU,CAAC;IAClB,gEAAgE;IAChE,IAAI,EAAE,OAAO,GAAG,IAAI,CAAC;IACrB,+DAA+D;IAC/D,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,wBAAsB,SAAS,CAC7B,GAAG,EAAE,MAAM,EACX,GAAG,EAAE,eAAe,GACnB,OAAO,CAAC,eAAe,CAAC,CAkD1B;AAID,MAAM,WAAW,OAAO;IACtB,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,CAAC,GAAG,CAAC,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,8FAA8F;IAC9F,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED,wBAAgB,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAoB/C;AAED,wBAAgB,eAAe,CAAC,CAAC,EAAE,MAAM,GAAG,MAAM,CAEjD;AAED;;;;GAIG;AACH,wBAAgB,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAK7C;AAED,iEAAiE;AACjE,wBAAsB,UAAU,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAIhE;AAED,iEAAiE;AACjE,wBAAsB,WAAW,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAGpE;AAyBD,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,qBAAa,YAAY;IACX,OAAO,CAAC,QAAQ,CAAC,GAAG;gBAAH,GAAG,EAAE,MAAM;IAIxC,4DAA4D;IACtD,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAOrB,OAAO,CACX,OAAO,EAAE,OAAO,EAChB,IAAI,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;KAAE,GAC3D,OAAO,CAAC,eAAe,CAAC;IA0BrB,OAAO,CACX,KAAK,EAAE,UAAU,EACjB,IAAI,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,iBAAiB,CAAC,EAAE,OAAO,CAAA;KAAE,GAC7F,OAAO,CAAC,eAAe,CAAC;CAiC5B"}
+{"version":3,"file":"ipfs.d.ts","sourceRoot":"","sources":["../../src/lib/ipfs.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,kBAAkB,CAAC;AAOvC;;;;;;;GAOG;AACH,eAAO,MAAM,mBAAmB,EAAE,SAAS,MAAM,EAAO,CAAC;AAEzD,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,SAAS,MAAM,EAAE,CAAC;IAC5B,2CAA2C;IAC3C,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,UAAU,CAAC;IAClB,gEAAgE;IAChE,IAAI,EAAE,OAAO,GAAG,IAAI,CAAC;IACrB,+DAA+D;IAC/D,QAAQ,EAAE,MAAM,CAAC;IACjB;;;;OAIG;IACH,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED,wBAAsB,SAAS,CAC7B,GAAG,EAAE,MAAM,EACX,GAAG,EAAE,eAAe,GACnB,OAAO,CAAC,eAAe,CAAC,CAiE1B;AAED;;;;;GAKG;AACH,wBAAsB,cAAc,CAClC,SAAS,EAAE,GAAG,EACd,KAAK,EAAE,UAAU,GAChB,OAAO,CAAC,UAAU,GAAG,UAAU,GAAG,cAAc,CAAC,CAMnD;AAID,MAAM,WAAW,OAAO;IACtB,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,CAAC,GAAG,CAAC,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,8FAA8F;IAC9F,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED,wBAAgB,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAoB/C;AAED,wBAAgB,eAAe,CAAC,CAAC,EAAE,MAAM,GAAG,MAAM,CAEjD;AAED;;;;GAIG;AACH,wBAAgB,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAK7C;AAED,iEAAiE;AACjE,wBAAsB,UAAU,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAIhE;AAED,iEAAiE;AACjE,wBAAsB,WAAW,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAGpE;AAyBD,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,qBAAa,YAAY;IACX,OAAO,CAAC,QAAQ,CAAC,GAAG;gBAAH,GAAG,EAAE,MAAM;IAIxC,4DAA4D;IACtD,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAOrB,OAAO,CACX,OAAO,EAAE,OAAO,EAChB,IAAI,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;KAAE,GAC3D,OAAO,CAAC,eAAe,CAAC;IA0BrB,OAAO,CACX,KAAK,EAAE,UAAU,EACjB,IAAI,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,iBAAiB,CAAC,EAAE,OAAO,CAAA;KAAE,GAC7F,OAAO,CAAC,eAAe,CAAC;CAiC5B"}

package/dist/lib/ipfs.js

@@ -52,7 +52,22 @@ export async function fetchIpfs(cid, cfg) {
                     // not JSON — that's fine
                 }
             }
-            return { cid: cidStr, gateway: gw, contentType, bytes, json: parsedJson, attempts };
+            const verdict = await verifyCidBytes(parsed, bytes);
+            if (verdict === "mismatch") {
+                // W20: a hostile / MitM gateway returned bytes that don't hash to the
+                // requested CID. Don't trust it — try the next gateway.
+                errors.push(`${gw} → content-hash mismatch for ${cidStr}`);
+                continue;
+            }
+            return {
+                cid: cidStr,
+                gateway: gw,
+                contentType,
+                bytes,
+                json: parsedJson,
+                attempts,
+                verified: verdict === "verified",
+            };
         }
         catch (err) {
             errors.push(`${gw} → ${err instanceof Error ? err.message : String(err)}`);
@@ -63,6 +78,21 @@ export async function fetchIpfs(cid, cfg) {
     }
     throw new Error(`IPFS fetch failed for ${cidStr} across ${attempts} gateway(s): ${errors.join("; ")}`);
 }
+/**
+ * W20 content-address check. Returns "verified" when sha256(bytes) reproduces
+ * the requested CID, "mismatch" when it doesn't (tampered / MitM gateway), and
+ * "unverifiable" for codecs whose CID is over a DAG rather than the raw bytes
+ * (dag-pb / unixfs) — those need full DAG reconstruction we don't perform here.
+ */
+export async function verifyCidBytes(parsedCid, bytes) {
+    if (parsedCid.multihash.code !== sha256.code)
+        return "unverifiable";
+    if (parsedCid.code !== raw.code && parsedCid.code !== json.code)
+        return "unverifiable";
+    const digest = await sha256.digest(bytes);
+    const expected = CID.create(parsedCid.version, parsedCid.code, digest);
+    return expected.equals(parsedCid) ? "verified" : "mismatch";
+}
 export function parseCid(input) {
     const s = stripIpfsPrefix(input);
     const cid = CID.parse(s);

package/dist/lib/ipfs.js.map

@@ -1 +1 @@
-{"version":3,"file":"ipfs.js","sourceRoot":"","sources":["../../src/lib/ipfs.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,kBAAkB,CAAC;AACvC,OAAO,KAAK,IAAI,MAAM,0BAA0B,CAAC;AACjD,OAAO,KAAK,GAAG,MAAM,yBAAyB,CAAC;AAC/C,OAAO,EAAE,MAAM,EAAE,MAAM,0BAA0B,CAAC;AAClD,OAAO,EAAE,MAAM,EAAE,MAAM,2BAA2B,CAAC;AACnD,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AAEtD;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAsB,EAAE,CAAC;AAmBzD,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,GAAW,EACX,GAAoB;IAEpB,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC;IAC/C,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;IACjC,MAAM,OAAO,GAAG,GAAG,CAAC,mBAAmB,IAAI,IAAI,CAAC;IAChD,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,QAAQ,GAAG,CAAC,CAAC;IAEjB,MAAM,kBAAkB,GAAG,OAAO,CAAC,GAAG,CAAC,yBAAyB,EAAE,IAAI,EAAE,CAAC;IACzE,KAAK,MAAM,EAAE,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;QAC9B,QAAQ,EAAE,CAAC;QACX,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QAC3D,MAAM,GAAG,GAAG,GAAG,IAAI,SAAS,MAAM,EAAE,CAAC;QACrC,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,CAAC,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,OAAO,CAAC,CAAC;QACxD,sEAAsE;QACtE,wEAAwE;QACxE,oEAAoE;QACpE,yEAAyE;QACzE,2DAA2D;QAC3D,MAAM,OAAO,GAA2B,EAAE,CAAC;QAC3C,IAAI,kBAAkB,IAAI,0BAA0B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAChE,OAAO,CAAC,wBAAwB,CAAC,GAAG,kBAAkB,CAAC;QACzD,CAAC;QACD,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;YACrE,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACZ,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,WAAW,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;gBAC1C,SAAS;YACX,CAAC;YACD,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,0BAA0B,CAAC;YAClF,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;YACtD,IAAI,UAAU,GAAmB,IAAI,CAAC;YACtC,IAAI,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBACjE,IAAI,CAAC;oBACH,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;gBAC3D,CAAC;gBAAC,MAAM,CAAC;oBACP,yBAAyB;gBAC3B,CAAC;YACH,CAAC;YACD,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,CAAC;QACtF,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC7E,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAED,MAAM,IAAI,KAAK,CACb,yBAAyB,MAAM,WAAW,QAAQ,gBAAgB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACtF,CAAC;AACJ,CAAC;AAaD,MAAM,UAAU,QAAQ,CAAC,KAAa;IACpC,MAAM,CAAC,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACjC,MAAM,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACzB,MAAM,OAAO,GAAG,GAAG,CAAC,OAAgB,CAAC;IACrC,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAClC,MAAM,SAAS,GAAG,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAEjE,IAAI,SAAS,GAAkB,IAAI,CAAC;IACpC,IAAI,CAAC;QACH,IAAI,OAAO,KAAK,CAAC,EAAE,CAAC;YAClB,SAAS,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC1C,CAAC;aAAM,IAAI,OAAO,KAAK,CAAC,IAAI,GAAG,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;YAC9C,6CAA6C;YAC7C,SAAS,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC,QAAQ,EAAE,CAAC;QACpC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,SAAS,GAAG,IAAI,CAAC;IACnB,CAAC;IAED,OAAO,EAAE,GAAG,EAAE,GAAG,CAAC,QAAQ,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;AACvE,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,CAAS;IACvC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;AAC/D,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,OAAO,CAAC,KAAa;IACnC,MAAM,CAAC,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACjC,MAAM,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACzB,IAAI,GAAG,CAAC,OAAO,KAAK,CAAC;QAAE,OAAO,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACnD,OAAO,GAAG,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AACrC,CAAC;AAED,iEAAiE;AACjE,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,KAAc;IAC7C,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACjC,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACxC,OAAO,GAAG,CAAC,MAAM,CAAC,CAAC,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AACzD,CAAC;AAED,iEAAiE;AACjE,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,KAAiB;IACjD,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACxC,OAAO,GAAG,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AACxD,CAAC;AAED,SAAS,SAAS,CAAC,IAAY;IAC7B,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,IAAI;YACP,OAAO,KAAK,CAAC;QACf,KAAK,IAAI;YACP,OAAO,QAAQ,CAAC;QAClB,KAAK,IAAI;YACP,OAAO,UAAU,CAAC;QACpB,KAAK,MAAM;YACT,OAAO,MAAM,CAAC;QAChB,KAAK,MAAM;YACT,OAAO,UAAU,CAAC;QACpB;YACE,OAAO,KAAK,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;IACpC,CAAC;AACH,CAAC;AAED,sCAAsC;AAEtC,MAAM,mBAAmB,GAAG,gDAAgD,CAAC;AAC7E,MAAM,mBAAmB,GAAG,gDAAgD,CAAC;AAC7E,MAAM,eAAe,GAAG,kDAAkD,CAAC;AAQ3E,MAAM,OAAO,YAAY;IACM;IAA7B,YAA6B,GAAW;QAAX,QAAG,GAAH,GAAG,CAAQ;QACtC,IAAI,CAAC,GAAG;YAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;IACtD,CAAC;IAED,4DAA4D;IAC5D,KAAK,CAAC,IAAI;QACR,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,eAAe,EAAE;YACvC,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,IAAI,CAAC,GAAG,EAAE,EAAE;SACjD,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,GAAG,CAAC,MAAM,IAAI,MAAM,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IAC7F,CAAC;IAED,KAAK,CAAC,OAAO,CACX,OAAgB,EAChB,IAA4D;QAE5D,MAAM,IAAI,GAAG;YACX,aAAa,EAAE,OAAO;YACtB,cAAc,EAAE,IAAI,EAAE,IAAI,IAAI,IAAI,EAAE,SAAS;gBAC3C,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE;gBAClD,CAAC,CAAC,SAAS;SACd,CAAC;QACF,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,mBAAmB,EAAE;YAC3C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,IAAI,CAAC,GAAG,EAAE;gBACnC,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;SAC3B,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,+BAA+B,GAAG,CAAC,MAAM,IAAI,MAAM,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QACnF,CAAC;QACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAI7B,CAAC;QACF,OAAO,EAAE,GAAG,EAAE,IAAI,CAAC,QAAQ,EAAE,IAAI,EAAE,IAAI,CAAC,OAAO,EAAE,QAAQ,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC;IAC9E,CAAC;IAED,KAAK,CAAC,OAAO,CACX,KAAiB,EACjB,IAA8F;QAE9F,MAAM,IAAI,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC5B,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,CAAC,KAAK,CAAC,EAAE;YAC7B,IAAI,EAAE,IAAI,EAAE,WAAW,IAAI,0BAA0B;SACtD,CAAC,CAAC;QACH,wEAAwE;QACxE,wEAAwE;QACxE,yEAAyE;QACzE,qEAAqE;QACrE,0EAA0E;QAC1E,MAAM,IAAI,GAAG,IAAI,EAAE,iBAAiB,IAAI,IAAI,CAAC;QAC7C,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,IAAI,MAAM,CAAC,CAAC;QACpD,IAAI,IAAI,EAAE,IAAI,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QACrE,CAAC;QACD,IAAI,IAAI,EAAE,CAAC;YACT,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,iBAAiB,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAC5E,CAAC;QACD,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,mBAAmB,EAAE;YAC3C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,IAAI,CAAC,GAAG,EAAE,EAAE;YAChD,IAAI,EAAE,IAAI;SACX,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,+BAA+B,GAAG,CAAC,MAAM,IAAI,MAAM,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QACnF,CAAC;QACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAI7B,CAAC;QACF,OAAO,EAAE,GAAG,EAAE,IAAI,CAAC,QAAQ,EAAE,IAAI,EAAE,IAAI,CAAC,OAAO,EAAE,QAAQ,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC;IAC9E,CAAC;CACF"}
+{"version":3,"file":"ipfs.js","sourceRoot":"","sources":["../../src/lib/ipfs.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,kBAAkB,CAAC;AACvC,OAAO,KAAK,IAAI,MAAM,0BAA0B,CAAC;AACjD,OAAO,KAAK,GAAG,MAAM,yBAAyB,CAAC;AAC/C,OAAO,EAAE,MAAM,EAAE,MAAM,0BAA0B,CAAC;AAClD,OAAO,EAAE,MAAM,EAAE,MAAM,2BAA2B,CAAC;AACnD,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AAEtD;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAsB,EAAE,CAAC;AAyBzD,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,GAAW,EACX,GAAoB;IAEpB,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC;IAC/C,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;IACjC,MAAM,OAAO,GAAG,GAAG,CAAC,mBAAmB,IAAI,IAAI,CAAC;IAChD,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,QAAQ,GAAG,CAAC,CAAC;IAEjB,MAAM,kBAAkB,GAAG,OAAO,CAAC,GAAG,CAAC,yBAAyB,EAAE,IAAI,EAAE,CAAC;IACzE,KAAK,MAAM,EAAE,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;QAC9B,QAAQ,EAAE,CAAC;QACX,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QAC3D,MAAM,GAAG,GAAG,GAAG,IAAI,SAAS,MAAM,EAAE,CAAC;QACrC,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,CAAC,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,OAAO,CAAC,CAAC;QACxD,sEAAsE;QACtE,wEAAwE;QACxE,oEAAoE;QACpE,yEAAyE;QACzE,2DAA2D;QAC3D,MAAM,OAAO,GAA2B,EAAE,CAAC;QAC3C,IAAI,kBAAkB,IAAI,0BAA0B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAChE,OAAO,CAAC,wBAAwB,CAAC,GAAG,kBAAkB,CAAC;QACzD,CAAC;QACD,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;YACrE,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACZ,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,WAAW,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;gBAC1C,SAAS;YACX,CAAC;YACD,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,0BAA0B,CAAC;YAClF,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;YACtD,IAAI,UAAU,GAAmB,IAAI,CAAC;YACtC,IAAI,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBACjE,IAAI,CAAC;oBACH,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;gBAC3D,CAAC;gBAAC,MAAM,CAAC;oBACP,yBAAyB;gBAC3B,CAAC;YACH,CAAC;YACD,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;YACpD,IAAI,OAAO,KAAK,UAAU,EAAE,CAAC;gBAC3B,sEAAsE;gBACtE,wDAAwD;gBACxD,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,gCAAgC,MAAM,EAAE,CAAC,CAAC;gBAC3D,SAAS;YACX,CAAC;YACD,OAAO;gBACL,GAAG,EAAE,MAAM;gBACX,OAAO,EAAE,EAAE;gBACX,WAAW;gBACX,KAAK;gBACL,IAAI,EAAE,UAAU;gBAChB,QAAQ;gBACR,QAAQ,EAAE,OAAO,KAAK,UAAU;aACjC,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC7E,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAED,MAAM,IAAI,KAAK,CACb,yBAAyB,MAAM,WAAW,QAAQ,gBAAgB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACtF,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,SAAc,EACd,KAAiB;IAEjB,IAAI,SAAS,CAAC,SAAS,CAAC,IAAI,KAAK,MAAM,CAAC,IAAI;QAAE,OAAO,cAAc,CAAC;IACpE,IAAI,SAAS,CAAC,IAAI,KAAK,GAAG,CAAC,IAAI,IAAI,SAAS,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI;QAAE,OAAO,cAAc,CAAC;IACvF,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC1C,MAAM,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,SAAS,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACvE,OAAO,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC;AAC9D,CAAC;AAaD,MAAM,UAAU,QAAQ,CAAC,KAAa;IACpC,MAAM,CAAC,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACjC,MAAM,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACzB,MAAM,OAAO,GAAG,GAAG,CAAC,OAAgB,CAAC;IACrC,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAClC,MAAM,SAAS,GAAG,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAEjE,IAAI,SAAS,GAAkB,IAAI,CAAC;IACpC,IAAI,CAAC;QACH,IAAI,OAAO,KAAK,CAAC,EAAE,CAAC;YAClB,SAAS,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC1C,CAAC;aAAM,IAAI,OAAO,KAAK,CAAC,IAAI,GAAG,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;YAC9C,6CAA6C;YAC7C,SAAS,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC,QAAQ,EAAE,CAAC;QACpC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,SAAS,GAAG,IAAI,CAAC;IACnB,CAAC;IAED,OAAO,EAAE,GAAG,EAAE,GAAG,CAAC,QAAQ,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;AACvE,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,CAAS;IACvC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;AAC/D,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,OAAO,CAAC,KAAa;IACnC,MAAM,CAAC,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACjC,MAAM,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACzB,IAAI,GAAG,CAAC,OAAO,KAAK,CAAC;QAAE,OAAO,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACnD,OAAO,GAAG,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AACrC,CAAC;AAED,iEAAiE;AACjE,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,KAAc;IAC7C,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACjC,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACxC,OAAO,GAAG,CAAC,MAAM,CAAC,CAAC,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AACzD,CAAC;AAED,iEAAiE;AACjE,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,KAAiB;IACjD,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACxC,OAAO,GAAG,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AACxD,CAAC;AAED,SAAS,SAAS,CAAC,IAAY;IAC7B,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,IAAI;YACP,OAAO,KAAK,CAAC;QACf,KAAK,IAAI;YACP,OAAO,QAAQ,CAAC;QAClB,KAAK,IAAI;YACP,OAAO,UAAU,CAAC;QACpB,KAAK,MAAM;YACT,OAAO,MAAM,CAAC;QAChB,KAAK,MAAM;YACT,OAAO,UAAU,CAAC;QACpB;YACE,OAAO,KAAK,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;IACpC,CAAC;AACH,CAAC;AAED,sCAAsC;AAEtC,MAAM,mBAAmB,GAAG,gDAAgD,CAAC;AAC7E,MAAM,mBAAmB,GAAG,gDAAgD,CAAC;AAC7E,MAAM,eAAe,GAAG,kDAAkD,CAAC;AAQ3E,MAAM,OAAO,YAAY;IACM;IAA7B,YAA6B,GAAW;QAAX,QAAG,GAAH,GAAG,CAAQ;QACtC,IAAI,CAAC,GAAG;YAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;IACtD,CAAC;IAED,4DAA4D;IAC5D,KAAK,CAAC,IAAI;QACR,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,eAAe,EAAE;YACvC,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,IAAI,CAAC,GAAG,EAAE,EAAE;SACjD,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,GAAG,CAAC,MAAM,IAAI,MAAM,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IAC7F,CAAC;IAED,KAAK,CAAC,OAAO,CACX,OAAgB,EAChB,IAA4D;QAE5D,MAAM,IAAI,GAAG;YACX,aAAa,EAAE,OAAO;YACtB,cAAc,EAAE,IAAI,EAAE,IAAI,IAAI,IAAI,EAAE,SAAS;gBAC3C,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE;gBAClD,CAAC,CAAC,SAAS;SACd,CAAC;QACF,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,mBAAmB,EAAE;YAC3C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,IAAI,CAAC,GAAG,EAAE;gBACnC,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;SAC3B,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,+BAA+B,GAAG,CAAC,MAAM,IAAI,MAAM,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QACnF,CAAC;QACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAI7B,CAAC;QACF,OAAO,EAAE,GAAG,EAAE,IAAI,CAAC,QAAQ,EAAE,IAAI,EAAE,IAAI,CAAC,OAAO,EAAE,QAAQ,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC;IAC9E,CAAC;IAED,KAAK,CAAC,OAAO,CACX,KAAiB,EACjB,IAA8F;QAE9F,MAAM,IAAI,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC5B,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,CAAC,KAAK,CAAC,EAAE;YAC7B,IAAI,EAAE,IAAI,EAAE,WAAW,IAAI,0BAA0B;SACtD,CAAC,CAAC;QACH,wEAAwE;QACxE,wEAAwE;QACxE,yEAAyE;QACzE,qEAAqE;QACrE,0EAA0E;QAC1E,MAAM,IAAI,GAAG,IAAI,EAAE,iBAAiB,IAAI,IAAI,CAAC;QAC7C,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,IAAI,MAAM,CAAC,CAAC;QACpD,IAAI,IAAI,EAAE,IAAI,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QACrE,CAAC;QACD,IAAI,IAAI,EAAE,CAAC;YACT,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,iBAAiB,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAC5E,CAAC;QACD,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,mBAAmB,EAAE;YAC3C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,IAAI,CAAC,GAAG,EAAE,EAAE;YAChD,IAAI,EAAE,IAAI;SACX,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,+BAA+B,GAAG,CAAC,MAAM,IAAI,MAAM,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QACnF,CAAC;QACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAI7B,CAAC;QACF,OAAO,EAAE,GAAG,EAAE,IAAI,CAAC,QAAQ,EAAE,IAAI,EAAE,IAAI,CAAC,OAAO,EAAE,QAAQ,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC;IAC9E,CAAC;CACF"}

package/dist/lib/markdownToSlate.d.ts

@@ -25,6 +25,15 @@
  *   inlineCode           → wrapped in code-inline element
  *   delete               → { strikethrough: true }
  */
+/**
+ * Default cap on markdown input length (H-3 CPU-DoS guard). The parser is
+ * synchronous and super-linear in input size — ~16 KB blocks the single
+ * event loop for ~24 s, and unbounded input freezes the whole server. 16 KB is
+ * the documented threshold; operators in shared/untrusted environments should
+ * lower it via DEXE_MAX_DESCRIPTION_LEN.
+ */
+export declare const DEFAULT_MAX_MARKDOWN_LEN = 16384;
+export declare function maxMarkdownLen(): number;
 /**
  * Convert a Markdown string to a Slate `SlateDescendant[]` array compatible
  * with the DeXe investing-dashboard frontend.

package/dist/lib/markdownToSlate.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"markdownToSlate.d.ts","sourceRoot":"","sources":["../../src/lib/markdownToSlate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AA6IH;;;;;;;;;GASG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,EAAE,CAuB3D"}
+{"version":3,"file":"markdownToSlate.d.ts","sourceRoot":"","sources":["../../src/lib/markdownToSlate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAqIH;;;;;;GAMG;AACH,eAAO,MAAM,wBAAwB,QAAS,CAAC;AAE/C,wBAAgB,cAAc,IAAI,MAAM,CAOvC;AAUD;;;;;;;;;GASG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,EAAE,CAiC3D"}

package/dist/lib/markdownToSlate.js

@@ -135,6 +135,23 @@ const overrides = {
 };
 /** The default empty Slate document the frontend uses. */
 const SLATE_DEFAULT = [{ type: "paragraph", children: [{ text: "" }] }];
+/**
+ * Default cap on markdown input length (H-3 CPU-DoS guard). The parser is
+ * synchronous and super-linear in input size — ~16 KB blocks the single
+ * event loop for ~24 s, and unbounded input freezes the whole server. 16 KB is
+ * the documented threshold; operators in shared/untrusted environments should
+ * lower it via DEXE_MAX_DESCRIPTION_LEN.
+ */
+export const DEFAULT_MAX_MARKDOWN_LEN = 16_384;
+export function maxMarkdownLen() {
+    const raw = process.env.DEXE_MAX_DESCRIPTION_LEN?.trim();
+    if (raw && /^[0-9]+$/.test(raw)) {
+        const n = Number(raw);
+        if (n > 0)
+            return n;
+    }
+    return DEFAULT_MAX_MARKDOWN_LEN;
+}
 /**
  * Unified processor configured with our overrides.
  */
@@ -156,6 +173,13 @@ export function markdownToSlate(markdown) {
     if (!markdown || markdown.trim().length === 0) {
         return SLATE_DEFAULT;
     }
+    // H-3: reject oversize input BEFORE the synchronous super-linear parse so a
+    // large/adversarial description can't freeze the single-threaded server.
+    const max = maxMarkdownLen();
+    if (markdown.length > max) {
+        throw new Error(`Description too long for markdown conversion: ${markdown.length} chars exceeds the ${max}-char ` +
+            `limit (set DEXE_MAX_DESCRIPTION_LEN to adjust). Shorten it, or upload the long form as a file/CID.`);
+    }
     try {
         const result = processor.processSync(markdown);
         const nodes = result.result;

package/dist/lib/markdownToSlate.js.map

@@ -1 +1 @@
-{"version":3,"file":"markdownToSlate.js","sourceRoot":"","sources":["../../src/lib/markdownToSlate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,WAAW,MAAM,cAAc,CAAC;AACvC,OAAO,SAAS,MAAM,YAAY,CAAC;AACnC,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAMzD;;;GAGG;AACH,MAAM,SAAS,GAAmF;IAChG,mEAAmE;IACnE,OAAO,CAAC,IAAI,EAAE,IAAI;QAChB,MAAM,QAAQ,GAA2B;YACvC,CAAC,EAAE,aAAa;YAChB,CAAC,EAAE,aAAa;YAChB,CAAC,EAAE,eAAe;SACnB,CAAC;QACF,OAAO;YACL,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAe,CAAC,IAAI,eAAe;YACvD,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC;SAC9B,CAAC;IACJ,CAAC;IAED,qEAAqE;IACrE,+DAA+D;IAC/D,SAAS,CAAC,IAAI,EAAE,IAAI;QAClB,OAAO;YACL,IAAI,EAAE,WAAW;YACjB,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC;SAC9B,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,IAAI,EAAE,IAAI;QACb,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,eAAe,CAAC;QAC9D,OAAO;YACL,IAAI;YACJ,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC;SAC9B,CAAC;IACJ,CAAC;IAED,QAAQ,CAAC,IAAI,EAAE,IAAI;QACjB,qEAAqE;QACrE,mEAAmE;QACnE,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAgB,CAAC;QACrD,wDAAwD;QACxD,MAAM,QAAQ,GACZ,SAAS,CAAC,MAAM,KAAK,CAAC;YACtB,SAAS,CAAC,CAAC,CAAC;YACX,SAAS,CAAC,CAAC,CAAS,CAAC,IAAI,KAAK,WAAW;YACxC,CAAC,CAAG,SAAS,CAAC,CAAC,CAAS,CAAC,QAAwB;YACjD,CAAC,CAAC,SAAS,CAAC;QAChB,OAAO;YACL,IAAI,EAAE,WAAW;YACjB,QAAQ;SACT,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,IAAI;QACP,0CAA0C;QAC1C,OAAO;YACL,IAAI,EAAE,YAAY;YAClB,QAAQ,EAAG,IAAI,CAAC,IAAe,IAAI,EAAE;YACrC,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,KAAe,EAAE,CAAC;SAC3C,CAAC;IACJ,CAAC;IAED,UAAU,CAAC,IAAI,EAAE,IAAI;QACnB,kEAAkE;QAClE,sDAAsD;QACtD,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAgB,CAAC;QACpD,OAAO,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;IACpD,CAAC;IAED,aAAa;QACX,2CAA2C;QAC3C,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;IAC5D,CAAC;IAED,mEAAmE;IACnE,IAAI,CAAC,IAAI,EAAE,IAAI;QACb,OAAO;YACL,IAAI,EAAE,MAAM;YACZ,GAAG,EAAE,IAAI,CAAC,GAAa;YACvB,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC;SAC9B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,IAAI;QACR,OAAO;YACL,IAAI,EAAE,OAAO;YACb,GAAG,EAAE,IAAI,CAAC,GAAa;YACvB,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAG,IAAI,CAAC,GAAc,IAAI,EAAE,EAAE,CAAC;SACjD,CAAC;IACJ,CAAC;IAED,mEAAmE;IACnE,iEAAiE;IACjE,sEAAsE;IAEtE,MAAM,CAAC,IAAI,EAAE,IAAI;QACf,wCAAwC;QACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAgB,CAAC;QACpD,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAC7D,CAAC;IAED,QAAQ,CAAC,IAAI,EAAE,IAAI;QACjB,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAgB,CAAC;QACpD,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAC/D,CAAC;IAED,MAAM,CAAC,IAAI,EAAE,IAAI;QACf,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAgB,CAAC;QACpD,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,KAAK,EAAE,aAAa,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;IACxE,CAAC;IAED,UAAU,CAAC,IAAI;QACb,4DAA4D;QAC5D,OAAO;YACL,IAAI,EAAE,aAAa;YACnB,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,KAAe,EAAE,CAAC;SAC3C,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,0DAA0D;AAC1D,MAAM,aAAa,GAAG,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;AAExE;;GAEG;AACH,MAAM,SAAS,GAAG,OAAO,EAAE;KACxB,GAAG,CAAC,WAAW,CAAC;KAChB,GAAG,CAAC,SAAS,CAAC,CAAE,wDAAwD;KACxE,GAAG,CAAC,aAAa,EAAE,EAAE,SAAS,EAAS,CAAC,CAAC;AAE5C;;;;;;;;;GASG;AACH,MAAM,UAAU,eAAe,CAAC,QAAgB;IAC9C,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9C,OAAO,aAAa,CAAC;IACvB,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,SAAS,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAC/C,MAAM,KAAK,GAAG,MAAM,CAAC,MAAmB,CAAC;QAEzC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAChD,OAAO,aAAa,CAAC;QACvB,CAAC;QAED,wEAAwE;QACxE,2DAA2D;QAC3D,OAAO,iBAAiB,CAAC,KAAK,CAAC,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,qEAAqE;QACrE,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAC/D,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC;YACrB,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;YAC1E,CAAC,CAAC,aAAa,CAAC;IACpB,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAS,iBAAiB,CAAC,KAAgB;IACzC,MAAM,MAAM,GAAc,EAAE,CAAC;IAC7B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YACxB,MAAM,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC;QAC1C,CAAC;aAAM,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC5C,MAAM,CAAC,GAAG,IAA+B,CAAC;YAC1C,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC9B,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC,EAAE,QAAQ,EAAE,iBAAiB,CAAC,CAAC,CAAC,QAAqB,CAAC,EAAE,CAAC,CAAC;YAC9E,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACjB,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpB,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC"}
+{"version":3,"file":"markdownToSlate.js","sourceRoot":"","sources":["../../src/lib/markdownToSlate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,WAAW,MAAM,cAAc,CAAC;AACvC,OAAO,SAAS,MAAM,YAAY,CAAC;AACnC,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAMzD;;;GAGG;AACH,MAAM,SAAS,GAAmF;IAChG,mEAAmE;IACnE,OAAO,CAAC,IAAI,EAAE,IAAI;QAChB,MAAM,QAAQ,GAA2B;YACvC,CAAC,EAAE,aAAa;YAChB,CAAC,EAAE,aAAa;YAChB,CAAC,EAAE,eAAe;SACnB,CAAC;QACF,OAAO;YACL,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAe,CAAC,IAAI,eAAe;YACvD,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC;SAC9B,CAAC;IACJ,CAAC;IAED,qEAAqE;IACrE,+DAA+D;IAC/D,SAAS,CAAC,IAAI,EAAE,IAAI;QAClB,OAAO;YACL,IAAI,EAAE,WAAW;YACjB,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC;SAC9B,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,IAAI,EAAE,IAAI;QACb,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,eAAe,CAAC;QAC9D,OAAO;YACL,IAAI;YACJ,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC;SAC9B,CAAC;IACJ,CAAC;IAED,QAAQ,CAAC,IAAI,EAAE,IAAI;QACjB,qEAAqE;QACrE,mEAAmE;QACnE,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAgB,CAAC;QACrD,wDAAwD;QACxD,MAAM,QAAQ,GACZ,SAAS,CAAC,MAAM,KAAK,CAAC;YACtB,SAAS,CAAC,CAAC,CAAC;YACX,SAAS,CAAC,CAAC,CAAS,CAAC,IAAI,KAAK,WAAW;YACxC,CAAC,CAAG,SAAS,CAAC,CAAC,CAAS,CAAC,QAAwB;YACjD,CAAC,CAAC,SAAS,CAAC;QAChB,OAAO;YACL,IAAI,EAAE,WAAW;YACjB,QAAQ;SACT,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,IAAI;QACP,0CAA0C;QAC1C,OAAO;YACL,IAAI,EAAE,YAAY;YAClB,QAAQ,EAAG,IAAI,CAAC,IAAe,IAAI,EAAE;YACrC,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,KAAe,EAAE,CAAC;SAC3C,CAAC;IACJ,CAAC;IAED,UAAU,CAAC,IAAI,EAAE,IAAI;QACnB,kEAAkE;QAClE,sDAAsD;QACtD,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAgB,CAAC;QACpD,OAAO,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;IACpD,CAAC;IAED,aAAa;QACX,2CAA2C;QAC3C,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;IAC5D,CAAC;IAED,mEAAmE;IACnE,IAAI,CAAC,IAAI,EAAE,IAAI;QACb,OAAO;YACL,IAAI,EAAE,MAAM;YACZ,GAAG,EAAE,IAAI,CAAC,GAAa;YACvB,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC;SAC9B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,IAAI;QACR,OAAO;YACL,IAAI,EAAE,OAAO;YACb,GAAG,EAAE,IAAI,CAAC,GAAa;YACvB,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAG,IAAI,CAAC,GAAc,IAAI,EAAE,EAAE,CAAC;SACjD,CAAC;IACJ,CAAC;IAED,mEAAmE;IACnE,iEAAiE;IACjE,sEAAsE;IAEtE,MAAM,CAAC,IAAI,EAAE,IAAI;QACf,wCAAwC;QACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAgB,CAAC;QACpD,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAC7D,CAAC;IAED,QAAQ,CAAC,IAAI,EAAE,IAAI;QACjB,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAgB,CAAC;QACpD,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAC/D,CAAC;IAED,MAAM,CAAC,IAAI,EAAE,IAAI;QACf,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAgB,CAAC;QACpD,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,KAAK,EAAE,aAAa,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;IACxE,CAAC;IAED,UAAU,CAAC,IAAI;QACb,4DAA4D;QAC5D,OAAO;YACL,IAAI,EAAE,aAAa;YACnB,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,KAAe,EAAE,CAAC;SAC3C,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,0DAA0D;AAC1D,MAAM,aAAa,GAAG,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;AAExE;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG,MAAM,CAAC;AAE/C,MAAM,UAAU,cAAc;IAC5B,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,IAAI,EAAE,CAAC;IACzD,IAAI,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QAChC,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;QACtB,IAAI,CAAC,GAAG,CAAC;YAAE,OAAO,CAAC,CAAC;IACtB,CAAC;IACD,OAAO,wBAAwB,CAAC;AAClC,CAAC;AAED;;GAEG;AACH,MAAM,SAAS,GAAG,OAAO,EAAE;KACxB,GAAG,CAAC,WAAW,CAAC;KAChB,GAAG,CAAC,SAAS,CAAC,CAAE,wDAAwD;KACxE,GAAG,CAAC,aAAa,EAAE,EAAE,SAAS,EAAS,CAAC,CAAC;AAE5C;;;;;;;;;GASG;AACH,MAAM,UAAU,eAAe,CAAC,QAAgB;IAC9C,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9C,OAAO,aAAa,CAAC;IACvB,CAAC;IAED,4EAA4E;IAC5E,yEAAyE;IACzE,MAAM,GAAG,GAAG,cAAc,EAAE,CAAC;IAC7B,IAAI,QAAQ,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CACb,iDAAiD,QAAQ,CAAC,MAAM,sBAAsB,GAAG,QAAQ;YAC/F,oGAAoG,CACvG,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,SAAS,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAC/C,MAAM,KAAK,GAAG,MAAM,CAAC,MAAmB,CAAC;QAEzC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAChD,OAAO,aAAa,CAAC;QACvB,CAAC;QAED,wEAAwE;QACxE,2DAA2D;QAC3D,OAAO,iBAAiB,CAAC,KAAK,CAAC,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,qEAAqE;QACrE,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAC/D,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC;YACrB,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;YAC1E,CAAC,CAAC,aAAa,CAAC;IACpB,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAS,iBAAiB,CAAC,KAAgB;IACzC,MAAM,MAAM,GAAc,EAAE,CAAC;IAC7B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YACxB,MAAM,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC;QAC1C,CAAC;aAAM,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC5C,MAAM,CAAC,GAAG,IAA+B,CAAC;YAC1C,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC9B,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC,EAAE,QAAQ,EAAE,iBAAiB,CAAC,CAAC,CAAC,QAAqB,CAAC,EAAE,CAAC,CAAC;YAC9E,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACjB,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpB,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/lib/multicall.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"multicall.d.ts","sourceRoot":"","sources":["../../src/lib/multicall.ts"],"names":[],"mappings":"AAAA,OAAO,EAAY,SAAS,EAAE,eAAe,EAAE,MAAM,QAAQ,CAAC;AAE9D;;;GAGG;AACH,eAAO,MAAM,kBAAkB,+CAA+C,CAAC;AAM/E,MAAM,WAAW,IAAI;IACnB,+BAA+B;IAC/B,MAAM,EAAE,MAAM,CAAC;IACf,wDAAwD;IACxD,KAAK,EAAE,SAAS,CAAC;IACjB,qCAAqC;IACrC,MAAM,EAAE,MAAM,CAAC;IACf,6CAA6C;IAC7C,IAAI,EAAE,SAAS,OAAO,EAAE,CAAC;IACzB,0EAA0E;IAC1E,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,UAAU,CAAC,CAAC,GAAG,OAAO;IACrC,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,CAAC,GAAG,IAAI,CAAC;IAChB,mCAAmC;IACnC,GAAG,EAAE,MAAM,CAAC;IACZ,2EAA2E;IAC3E,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;GAIG;AACH,wBAAsB,SAAS,CAC7B,QAAQ,EAAE,eAAe,EACzB,KAAK,EAAE,IAAI,EAAE,GACZ,OAAO,CAAC,UAAU,EAAE,CAAC,CAgCvB"}
+{"version":3,"file":"multicall.d.ts","sourceRoot":"","sources":["../../src/lib/multicall.ts"],"names":[],"mappings":"AAAA,OAAO,EAAY,SAAS,EAAE,eAAe,EAAE,MAAM,QAAQ,CAAC;AAG9D;;;GAGG;AACH,eAAO,MAAM,kBAAkB,+CAA+C,CAAC;AAM/E,MAAM,WAAW,IAAI;IACnB,+BAA+B;IAC/B,MAAM,EAAE,MAAM,CAAC;IACf,wDAAwD;IACxD,KAAK,EAAE,SAAS,CAAC;IACjB,qCAAqC;IACrC,MAAM,EAAE,MAAM,CAAC;IACf,6CAA6C;IAC7C,IAAI,EAAE,SAAS,OAAO,EAAE,CAAC;IACzB,0EAA0E;IAC1E,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,UAAU,CAAC,CAAC,GAAG,OAAO;IACrC,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,CAAC,GAAG,IAAI,CAAC;IAChB,mCAAmC;IACnC,GAAG,EAAE,MAAM,CAAC;IACZ,2EAA2E;IAC3E,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;GAIG;AACH,wBAAsB,SAAS,CAC7B,QAAQ,EAAE,eAAe,EACzB,KAAK,EAAE,IAAI,EAAE,GACZ,OAAO,CAAC,UAAU,EAAE,CAAC,CAuCvB"}

package/dist/lib/multicall.js

@@ -1,4 +1,5 @@
 import { Contract } from "ethers";
+import { safeErrorMessage } from "./redact.js";
 /**
  * Multicall3 — deployed at the same address on ~every EVM chain.
  * https://www.multicall3.com
@@ -21,7 +22,16 @@ export async function multicall(provider, calls) {
         allowFailure: c.allowFailure ?? false,
         callData: c.iface.encodeFunctionData(c.method, c.args),
     }));
-    const results = await mc.getFunction("aggregate3").staticCall(payload);
+    let results;
+    try {
+        results = await mc.getFunction("aggregate3").staticCall(payload);
+    }
+    catch (err) {
+        // Central W36 redaction: a keyed RPC URL rides in ethers' err.message on
+        // any non-2xx provider response. Rethrow with a credential-free message so
+        // no downstream catch block can leak it into an LLM-visible tool result.
+        throw new Error(safeErrorMessage(err));
+    }
     return results.map((r, i) => {
         const c = calls[i];
         if (!r.success) {
@@ -38,7 +48,7 @@ export async function multicall(provider, calls) {
                 success: false,
                 value: null,
                 raw: r.returnData,
-                error: err instanceof Error ? err.message : String(err),
+                error: safeErrorMessage(err),
             };
         }
     });

package/dist/lib/multicall.js.map

@@ -1 +1 @@
-{"version":3,"file":"multicall.js","sourceRoot":"","sources":["../../src/lib/multicall.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAA8B,MAAM,QAAQ,CAAC;AAE9D;;;GAGG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,4CAA4C,CAAC;AAE/E,MAAM,cAAc,GAAG;IACrB,kJAAkJ;CAC1I,CAAC;AAwBX;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,QAAyB,EACzB,KAAa;IAEb,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAClC,MAAM,EAAE,GAAG,IAAI,QAAQ,CAAC,kBAAkB,EAAE,cAAc,EAAE,QAAQ,CAAC,CAAC;IAEtE,MAAM,OAAO,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAChC,MAAM,EAAE,CAAC,CAAC,MAAM;QAChB,YAAY,EAAE,CAAC,CAAC,YAAY,IAAI,KAAK;QACrC,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC;KACvD,CAAC,CAAC,CAAC;IAEJ,MAAM,OAAO,GACX,MAAM,EAAE,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAEzD,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAC1B,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QACpB,IAAI,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;YACf,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC,UAAU,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC;QACpF,CAAC;QACD,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,CAAC,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,UAAU,CAAC,CAAC;YACrE,uDAAuD;YACvD,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;YAC1D,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC;QACrD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,IAAI;gBACX,GAAG,EAAE,CAAC,CAAC,UAAU;gBACjB,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aACxD,CAAC;QACJ,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC"}
+{"version":3,"file":"multicall.js","sourceRoot":"","sources":["../../src/lib/multicall.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAA8B,MAAM,QAAQ,CAAC;AAC9D,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAE/C;;;GAGG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,4CAA4C,CAAC;AAE/E,MAAM,cAAc,GAAG;IACrB,kJAAkJ;CAC1I,CAAC;AAwBX;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,QAAyB,EACzB,KAAa;IAEb,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAClC,MAAM,EAAE,GAAG,IAAI,QAAQ,CAAC,kBAAkB,EAAE,cAAc,EAAE,QAAQ,CAAC,CAAC;IAEtE,MAAM,OAAO,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAChC,MAAM,EAAE,CAAC,CAAC,MAAM;QAChB,YAAY,EAAE,CAAC,CAAC,YAAY,IAAI,KAAK;QACrC,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC;KACvD,CAAC,CAAC,CAAC;IAEJ,IAAI,OAAwD,CAAC;IAC7D,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,EAAE,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IACnE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,yEAAyE;QACzE,2EAA2E;QAC3E,yEAAyE;QACzE,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC;IACzC,CAAC;IAED,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAC1B,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QACpB,IAAI,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;YACf,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC,UAAU,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC;QACpF,CAAC;QACD,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,CAAC,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,UAAU,CAAC,CAAC;YACrE,uDAAuD;YACvD,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;YAC1D,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC;QACrD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,IAAI;gBACX,GAAG,EAAE,CAAC,CAAC,UAAU;gBACjB,KAAK,EAAE,gBAAgB,CAAC,GAAG,CAAC;aAC7B,CAAC;QACJ,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/lib/protocolAdvisories.d.ts

@@ -0,0 +1,26 @@
+/**
+ * Advisory warnings for proposal configurations whose root cause is a DeXe
+ * *contract* property the MCP cannot fix — it can only flag them (the full
+ * write-up for the protocol team is docs/ESCALATION-DEXE.md). These surface in
+ * the relevant builder's human-readable output so a reviewer/agent doesn't
+ * unknowingly ship a degraded-governance configuration.
+ */
+/** Seconds. A validator phase beyond this is almost certainly a mistake — and freezes deposits (H-11). */
+export declare const DURATION_VALIDATORS_SANITY_CAP = 2592000n;
+/**
+ * Flag degraded-governance GovSettings: zero-delay execution (no timelock),
+ * auto-defeating validator quorum, and an unbounded validator phase that
+ * freezes every voter's deposit. All three are unfixable in the MCP — the
+ * deployed contracts enforce no such bounds (H-11, executionDelay=0).
+ */
+export declare function settingsAdvisories(s: {
+    validatorsVote: boolean;
+    durationValidators: string;
+    executionDelay: string;
+    quorumValidators: string;
+}): string[];
+/** changeVotePower swaps the DAO's vote-power math contract — a privileged, governance-wide change. */
+export declare const CHANGE_VOTE_POWER_ADVISORY = "\u26A0 changeVotePower swaps the DAO's entire vote-power math contract \u2014 a privileged, governance-wide change (reversible only by another passed proposal). Verify the new VotePower address before proposing. [protocol-property \u2014 see docs/ESCALATION-DEXE.md]";
+/** custom_abi can encode ANY call; the C-2 surface is privileged selectors routed via DEFAULT. */
+export declare const CUSTOM_ABI_DEFAULT_ROUTING_ADVISORY = "\u26A0 custom_abi encodes an arbitrary call with no semantic validation. If the LAST proposal action routes to an unregistered executor (settingsId=DEFAULT), the INTERNAL allowlist is skipped for ALL earlier actions \u2014 the C-2 amplifier. (Privileged GovUserKeeper selectors are hard-refused by the C-2 guard.) Keep the last action's executor a registered one. [protocol-property \u2014 see docs/ESCALATION-DEXE.md]";
+//# sourceMappingURL=protocolAdvisories.d.ts.map

package/dist/lib/protocolAdvisories.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"protocolAdvisories.d.ts","sourceRoot":"","sources":["../../src/lib/protocolAdvisories.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH,0GAA0G;AAC1G,eAAO,MAAM,8BAA8B,WAAa,CAAC;AAEzD;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,CAAC,EAAE;IACpC,cAAc,EAAE,OAAO,CAAC;IACxB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;CAC1B,GAAG,MAAM,EAAE,CAqBX;AAED,uGAAuG;AACvG,eAAO,MAAM,0BAA0B,+QACwN,CAAC;AAEhQ,kGAAkG;AAClG,eAAO,MAAM,mCAAmC,uaACuW,CAAC"}

package/dist/lib/protocolAdvisories.js

@@ -0,0 +1,39 @@
+/**
+ * Advisory warnings for proposal configurations whose root cause is a DeXe
+ * *contract* property the MCP cannot fix — it can only flag them (the full
+ * write-up for the protocol team is docs/ESCALATION-DEXE.md). These surface in
+ * the relevant builder's human-readable output so a reviewer/agent doesn't
+ * unknowingly ship a degraded-governance configuration.
+ */
+function toBig(s) {
+    return /^[0-9]+$/.test(s) ? BigInt(s) : null;
+}
+/** Seconds. A validator phase beyond this is almost certainly a mistake — and freezes deposits (H-11). */
+export const DURATION_VALIDATORS_SANITY_CAP = 2592000n; // 30 days
+/**
+ * Flag degraded-governance GovSettings: zero-delay execution (no timelock),
+ * auto-defeating validator quorum, and an unbounded validator phase that
+ * freezes every voter's deposit. All three are unfixable in the MCP — the
+ * deployed contracts enforce no such bounds (H-11, executionDelay=0).
+ */
+export function settingsAdvisories(s) {
+    const out = [];
+    if (toBig(s.executionDelay) === 0n) {
+        out.push("executionDelay=0 → no timelock: a passed proposal executes immediately, leaving no window to react to a malicious-but-passed action (amplifies C-2). DeXe contracts enforce no minimum — set a non-zero delay.");
+    }
+    if (s.validatorsVote) {
+        if (toBig(s.quorumValidators) === 0n) {
+            out.push("quorumValidators=0 with validatorsVote=true → every validator proposal auto-defeats (governance DoS). DeXe contracts enforce no lower bound.");
+        }
+        const dv = toBig(s.durationValidators);
+        if (dv !== null && dv > DURATION_VALIDATORS_SANITY_CAP) {
+            out.push(`durationValidators=${s.durationValidators}s (> 30 days) → GovSettings has NO upper bound and deposits stay LOCKED for the whole validator phase (GovPoolUnlock excludes ValidatorVoting), so a huge value freezes every voter's funds (H-11).`);
+        }
+    }
+    return out;
+}
+/** changeVotePower swaps the DAO's vote-power math contract — a privileged, governance-wide change. */
+export const CHANGE_VOTE_POWER_ADVISORY = "⚠ changeVotePower swaps the DAO's entire vote-power math contract — a privileged, governance-wide change (reversible only by another passed proposal). Verify the new VotePower address before proposing. [protocol-property — see docs/ESCALATION-DEXE.md]";
+/** custom_abi can encode ANY call; the C-2 surface is privileged selectors routed via DEFAULT. */
+export const CUSTOM_ABI_DEFAULT_ROUTING_ADVISORY = "⚠ custom_abi encodes an arbitrary call with no semantic validation. If the LAST proposal action routes to an unregistered executor (settingsId=DEFAULT), the INTERNAL allowlist is skipped for ALL earlier actions — the C-2 amplifier. (Privileged GovUserKeeper selectors are hard-refused by the C-2 guard.) Keep the last action's executor a registered one. [protocol-property — see docs/ESCALATION-DEXE.md]";
+//# sourceMappingURL=protocolAdvisories.js.map

package/dist/lib/protocolAdvisories.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"protocolAdvisories.js","sourceRoot":"","sources":["../../src/lib/protocolAdvisories.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,SAAS,KAAK,CAAC,CAAS;IACtB,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AAC/C,CAAC;AAED,0GAA0G;AAC1G,MAAM,CAAC,MAAM,8BAA8B,GAAG,QAAU,CAAC,CAAC,UAAU;AAEpE;;;;;GAKG;AACH,MAAM,UAAU,kBAAkB,CAAC,CAKlC;IACC,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,IAAI,KAAK,CAAC,CAAC,CAAC,cAAc,CAAC,KAAK,EAAE,EAAE,CAAC;QACnC,GAAG,CAAC,IAAI,CACN,gNAAgN,CACjN,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,CAAC,cAAc,EAAE,CAAC;QACrB,IAAI,KAAK,CAAC,CAAC,CAAC,gBAAgB,CAAC,KAAK,EAAE,EAAE,CAAC;YACrC,GAAG,CAAC,IAAI,CACN,8IAA8I,CAC/I,CAAC;QACJ,CAAC;QACD,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC;QACvC,IAAI,EAAE,KAAK,IAAI,IAAI,EAAE,GAAG,8BAA8B,EAAE,CAAC;YACvD,GAAG,CAAC,IAAI,CACN,sBAAsB,CAAC,CAAC,kBAAkB,qMAAqM,CAChP,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,uGAAuG;AACvG,MAAM,CAAC,MAAM,0BAA0B,GACrC,6PAA6P,CAAC;AAEhQ,kGAAkG;AAClG,MAAM,CAAC,MAAM,mCAAmC,GAC9C,qZAAqZ,CAAC"}

package/dist/lib/redact.d.ts

@@ -0,0 +1,36 @@
+/**
+ * Secret-redaction helpers for any text that reaches an LLM-visible tool
+ * result (`content[].text`) or `structuredContent`.
+ *
+ * W36: a credentialed RPC URL (Alchemy/Infura/QuickNode key, or a
+ * `user:pass@host` form) is appended to ethers v6 `err.message` on any
+ * non-2xx provider response (401/429/5xx — routine under load) and was
+ * emitted verbatim, leaking the operator's provider API key into the model
+ * context and transcript.
+ *
+ * - `safeErrorMessage(err)` — prefer ethers' `shortMessage` (which stays
+ *   URL-free) over the verbose `message`, then redact as a backstop. Use this
+ *   wherever a caught error is surfaced to the user.
+ * - `redactUrlCredentials(text)` — mask every URL found in arbitrary text
+ *   (path + query + userinfo), so any embedded API key is removed regardless
+ *   of provider.
+ * - `maskUrl(url)` — mask a single configured URL for deliberate display
+ *   (e.g. `dexe_get_config`, `dexe_doctor`).
+ *
+ * The masking is provider-agnostic and structural (no host allowlist), so it
+ * covers any RPC vendor and cannot be bypassed by an unrecognized host.
+ */
+/**
+ * Mask a single URL: keep scheme + host, drop userinfo, and replace any
+ * path/query (which may carry the API key) with `***`. Never throws.
+ */
+export declare function maskUrl(raw: string): string;
+/** Mask credentials/keys in every URL found in `text`. Best-effort, never throws. */
+export declare function redactUrlCredentials(text: string): string;
+/**
+ * Turn a caught error into a user-safe message. Prefers ethers'
+ * `shortMessage` (URL-free), falls back to `message`/`String(err)`, then
+ * redacts any residual URL credentials.
+ */
+export declare function safeErrorMessage(err: unknown): string;
+//# sourceMappingURL=redact.d.ts.map

package/dist/lib/redact.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redact.d.ts","sourceRoot":"","sources":["../../src/lib/redact.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAQH;;;GAGG;AACH,wBAAgB,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAW3C;AAED,qFAAqF;AACrF,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAEzD;AAED;;;;GAIG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,OAAO,GAAG,MAAM,CAerD"}

package/dist/lib/redact.js

@@ -0,0 +1,72 @@
+/**
+ * Secret-redaction helpers for any text that reaches an LLM-visible tool
+ * result (`content[].text`) or `structuredContent`.
+ *
+ * W36: a credentialed RPC URL (Alchemy/Infura/QuickNode key, or a
+ * `user:pass@host` form) is appended to ethers v6 `err.message` on any
+ * non-2xx provider response (401/429/5xx — routine under load) and was
+ * emitted verbatim, leaking the operator's provider API key into the model
+ * context and transcript.
+ *
+ * - `safeErrorMessage(err)` — prefer ethers' `shortMessage` (which stays
+ *   URL-free) over the verbose `message`, then redact as a backstop. Use this
+ *   wherever a caught error is surfaced to the user.
+ * - `redactUrlCredentials(text)` — mask every URL found in arbitrary text
+ *   (path + query + userinfo), so any embedded API key is removed regardless
+ *   of provider.
+ * - `maskUrl(url)` — mask a single configured URL for deliberate display
+ *   (e.g. `dexe_get_config`, `dexe_doctor`).
+ *
+ * The masking is provider-agnostic and structural (no host allowlist), so it
+ * covers any RPC vendor and cannot be bypassed by an unrecognized host.
+ */
+/** Userinfo in a URL: `scheme://user:pass@` (used only in the parse fallback). */
+const USERINFO_RE = /([a-zA-Z][a-zA-Z0-9+.-]*:\/\/)[^/?#\s@]+@/g;
+/** Any http(s) URL token, bounded by whitespace / common punctuation. */
+const URL_RE = /\bhttps?:\/\/[^\s'"`)<>\]},;]+/gi;
+/**
+ * Mask a single URL: keep scheme + host, drop userinfo, and replace any
+ * path/query (which may carry the API key) with `***`. Never throws.
+ */
+export function maskUrl(raw) {
+    try {
+        const u = new URL(raw);
+        const path = u.pathname && u.pathname !== "/" ? "/***" : "";
+        const query = u.search ? "?***" : "";
+        // u.host excludes userinfo, so credentials in `user:pass@` are dropped.
+        return `${u.protocol}//${u.host}${path}${query}`;
+    }
+    catch {
+        // Non-parseable token: strip userinfo without recursing.
+        return raw.replace(USERINFO_RE, "$1***@");
+    }
+}
+/** Mask credentials/keys in every URL found in `text`. Best-effort, never throws. */
+export function redactUrlCredentials(text) {
+    return text.replace(URL_RE, (m) => maskUrl(m));
+}
+/**
+ * Turn a caught error into a user-safe message. Prefers ethers'
+ * `shortMessage` (URL-free), falls back to `message`/`String(err)`, then
+ * redacts any residual URL credentials.
+ */
+export function safeErrorMessage(err) {
+    let msg;
+    if (err && typeof err === "object") {
+        const e = err;
+        if (typeof e.shortMessage === "string" && e.shortMessage.length > 0) {
+            msg = e.shortMessage;
+        }
+        else if (typeof e.message === "string") {
+            msg = e.message;
+        }
+        else {
+            msg = String(err);
+        }
+    }
+    else {
+        msg = String(err);
+    }
+    return redactUrlCredentials(msg);
+}
+//# sourceMappingURL=redact.js.map

package/dist/lib/redact.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"redact.js","sourceRoot":"","sources":["../../src/lib/redact.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAEH,kFAAkF;AAClF,MAAM,WAAW,GAAG,4CAA4C,CAAC;AAEjE,yEAAyE;AACzE,MAAM,MAAM,GAAG,kCAAkC,CAAC;AAElD;;;GAGG;AACH,MAAM,UAAU,OAAO,CAAC,GAAW;IACjC,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QACvB,MAAM,IAAI,GAAG,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,QAAQ,KAAK,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QAC5D,MAAM,KAAK,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QACrC,wEAAwE;QACxE,OAAO,GAAG,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,IAAI,GAAG,IAAI,GAAG,KAAK,EAAE,CAAC;IACnD,CAAC;IAAC,MAAM,CAAC;QACP,yDAAyD;QACzD,OAAO,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAC5C,CAAC;AACH,CAAC;AAED,qFAAqF;AACrF,MAAM,UAAU,oBAAoB,CAAC,IAAY;IAC/C,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;AACjD,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,gBAAgB,CAAC,GAAY;IAC3C,IAAI,GAAW,CAAC;IAChB,IAAI,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QACnC,MAAM,CAAC,GAAG,GAAoD,CAAC;QAC/D,IAAI,OAAO,CAAC,CAAC,YAAY,KAAK,QAAQ,IAAI,CAAC,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpE,GAAG,GAAG,CAAC,CAAC,YAAY,CAAC;QACvB,CAAC;aAAM,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;YACzC,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC;QAClB,CAAC;aAAM,CAAC;YACN,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;QACpB,CAAC;IACH,CAAC;SAAM,CAAC;QACN,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;IACpB,CAAC;IACD,OAAO,oBAAoB,CAAC,GAAG,CAAC,CAAC;AACnC,CAAC"}