dexe-mcp 0.8.2 → 0.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +104 -0
- package/README.md +5 -4
- package/dist/bootstrap.d.ts +14 -0
- package/dist/bootstrap.d.ts.map +1 -1
- package/dist/bootstrap.js +24 -2
- package/dist/bootstrap.js.map +1 -1
- package/dist/diag/checks.d.ts.map +1 -1
- package/dist/diag/checks.js +5 -4
- package/dist/diag/checks.js.map +1 -1
- package/dist/lib/amount.d.ts +23 -0
- package/dist/lib/amount.d.ts.map +1 -0
- package/dist/lib/amount.js +30 -0
- package/dist/lib/amount.js.map +1 -0
- package/dist/lib/broadcastGuards.d.ts +10 -0
- package/dist/lib/broadcastGuards.d.ts.map +1 -1
- package/dist/lib/broadcastGuards.js +11 -1
- package/dist/lib/broadcastGuards.js.map +1 -1
- package/dist/lib/dangerousSelectors.d.ts +18 -0
- package/dist/lib/dangerousSelectors.d.ts.map +1 -0
- package/dist/lib/dangerousSelectors.js +80 -0
- package/dist/lib/dangerousSelectors.js.map +1 -0
- package/dist/lib/decoders.d.ts +20 -0
- package/dist/lib/decoders.d.ts.map +1 -1
- package/dist/lib/decoders.js +52 -0
- package/dist/lib/decoders.js.map +1 -1
- package/dist/lib/ipfs.d.ts +14 -0
- package/dist/lib/ipfs.d.ts.map +1 -1
- package/dist/lib/ipfs.js +31 -1
- package/dist/lib/ipfs.js.map +1 -1
- package/dist/lib/markdownToSlate.d.ts +9 -0
- package/dist/lib/markdownToSlate.d.ts.map +1 -1
- package/dist/lib/markdownToSlate.js +24 -0
- package/dist/lib/markdownToSlate.js.map +1 -1
- package/dist/lib/multicall.d.ts.map +1 -1
- package/dist/lib/multicall.js +12 -2
- package/dist/lib/multicall.js.map +1 -1
- package/dist/lib/protocolAdvisories.d.ts +26 -0
- package/dist/lib/protocolAdvisories.d.ts.map +1 -0
- package/dist/lib/protocolAdvisories.js +39 -0
- package/dist/lib/protocolAdvisories.js.map +1 -0
- package/dist/lib/redact.d.ts +36 -0
- package/dist/lib/redact.d.ts.map +1 -0
- package/dist/lib/redact.js +72 -0
- package/dist/lib/redact.js.map +1 -0
- package/dist/lib/sanitize.d.ts +31 -0
- package/dist/lib/sanitize.d.ts.map +1 -0
- package/dist/lib/sanitize.js +51 -0
- package/dist/lib/sanitize.js.map +1 -0
- package/dist/lib/signer.d.ts +11 -0
- package/dist/lib/signer.d.ts.map +1 -1
- package/dist/lib/signer.js +16 -0
- package/dist/lib/signer.js.map +1 -1
- package/dist/lib/subgraph.d.ts +7 -0
- package/dist/lib/subgraph.d.ts.map +1 -1
- package/dist/lib/subgraph.js +24 -2
- package/dist/lib/subgraph.js.map +1 -1
- package/dist/rpc.d.ts.map +1 -1
- package/dist/rpc.js +2 -1
- package/dist/rpc.js.map +1 -1
- package/dist/tools/dao.d.ts.map +1 -1
- package/dist/tools/dao.js +2 -1
- package/dist/tools/dao.js.map +1 -1
- package/dist/tools/flow.d.ts +6 -0
- package/dist/tools/flow.d.ts.map +1 -1
- package/dist/tools/flow.js +59 -13
- package/dist/tools/flow.js.map +1 -1
- package/dist/tools/getConfig.d.ts.map +1 -1
- package/dist/tools/getConfig.js +2 -1
- package/dist/tools/getConfig.js.map +1 -1
- package/dist/tools/gov.d.ts.map +1 -1
- package/dist/tools/gov.js +41 -11
- package/dist/tools/gov.js.map +1 -1
- package/dist/tools/otc.d.ts +12 -0
- package/dist/tools/otc.d.ts.map +1 -1
- package/dist/tools/otc.js +31 -18
- package/dist/tools/otc.js.map +1 -1
- package/dist/tools/proposalBuild.d.ts.map +1 -1
- package/dist/tools/proposalBuild.js +11 -1
- package/dist/tools/proposalBuild.js.map +1 -1
- package/dist/tools/proposalBuildComplex.d.ts.map +1 -1
- package/dist/tools/proposalBuildComplex.js +38 -10
- package/dist/tools/proposalBuildComplex.js.map +1 -1
- package/dist/tools/proposalBuildMore.d.ts.map +1 -1
- package/dist/tools/proposalBuildMore.js +6 -1
- package/dist/tools/proposalBuildMore.js.map +1 -1
- package/dist/tools/read.d.ts +1 -0
- package/dist/tools/read.d.ts.map +1 -1
- package/dist/tools/read.js +61 -18
- package/dist/tools/read.js.map +1 -1
- package/dist/tools/safe.d.ts.map +1 -1
- package/dist/tools/safe.js +13 -0
- package/dist/tools/safe.js.map +1 -1
- package/dist/tools/txSend.d.ts +6 -0
- package/dist/tools/txSend.d.ts.map +1 -1
- package/dist/tools/txSend.js +26 -3
- package/dist/tools/txSend.js.map +1 -1
- package/dist/tools/voteBuild.d.ts.map +1 -1
- package/dist/tools/voteBuild.js +26 -23
- package/dist/tools/voteBuild.js.map +1 -1
- package/package.json +1 -1
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Neutralize attacker-controlled strings before they are interpolated into a
|
|
3
|
+
* human/LLM-visible tool result (`content[].text`).
|
|
4
|
+
*
|
|
5
|
+
* On-chain `descriptionURL`, ERC20 `symbol()`, and IPFS-JSON values are fully
|
|
6
|
+
* attacker-controlled. Rendered verbatim they enable:
|
|
7
|
+
* - prompt-injection (H-13): instructions smuggled into the model context;
|
|
8
|
+
* - structural forgery (W24/H-13): an unescaped newline in `symbol()` paints
|
|
9
|
+
* a fake treasury line with an attacker-chosen address;
|
|
10
|
+
* - homoglyph / look-alike spoofing: Cyrillic/zero-width chars that read as a
|
|
11
|
+
* trusted token but are not.
|
|
12
|
+
*
|
|
13
|
+
* `sanitizeUntrusted` NFKC-normalizes, escapes C0/C1 control chars (so newlines
|
|
14
|
+
* can't forge lines), and drops zero-width / bidi-override / BOM characters.
|
|
15
|
+
* `renderUntrusted` additionally length-caps and appends a non-ASCII flag so an
|
|
16
|
+
* automated approver doesn't trust a look-alike. Regexes are character-class
|
|
17
|
+
* only (no host matching, no backtracking) to stay clear of ReDoS, and are
|
|
18
|
+
* built from escaped ASCII strings so the source stays free of literal control
|
|
19
|
+
* bytes.
|
|
20
|
+
*/
|
|
21
|
+
/** NFKC-normalize, escape control chars to visible `\xNN`, drop invisible chars. */
|
|
22
|
+
export declare function sanitizeUntrusted(raw: unknown): string;
|
|
23
|
+
/** True if the string contains any non-printable-ASCII char (homoglyph risk). */
|
|
24
|
+
export declare function hasNonAscii(s: string): boolean;
|
|
25
|
+
/**
|
|
26
|
+
* Render an attacker-controlled value for a single-line human/LLM context:
|
|
27
|
+
* sanitized, length-capped, and tagged `<non-ASCII>` when it contains non-ASCII
|
|
28
|
+
* characters (possible homoglyph) so a look-alike token isn't silently trusted.
|
|
29
|
+
*/
|
|
30
|
+
export declare function renderUntrusted(raw: unknown, maxLen?: number): string;
|
|
31
|
+
//# sourceMappingURL=sanitize.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sanitize.d.ts","sourceRoot":"","sources":["../../src/lib/sanitize.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAaH,oFAAoF;AACpF,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,OAAO,GAAG,MAAM,CAKtD;AAED,iFAAiF;AACjF,wBAAgB,WAAW,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAE9C;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,OAAO,EAAE,MAAM,SAAM,GAAG,MAAM,CAMlE"}
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Neutralize attacker-controlled strings before they are interpolated into a
|
|
3
|
+
* human/LLM-visible tool result (`content[].text`).
|
|
4
|
+
*
|
|
5
|
+
* On-chain `descriptionURL`, ERC20 `symbol()`, and IPFS-JSON values are fully
|
|
6
|
+
* attacker-controlled. Rendered verbatim they enable:
|
|
7
|
+
* - prompt-injection (H-13): instructions smuggled into the model context;
|
|
8
|
+
* - structural forgery (W24/H-13): an unescaped newline in `symbol()` paints
|
|
9
|
+
* a fake treasury line with an attacker-chosen address;
|
|
10
|
+
* - homoglyph / look-alike spoofing: Cyrillic/zero-width chars that read as a
|
|
11
|
+
* trusted token but are not.
|
|
12
|
+
*
|
|
13
|
+
* `sanitizeUntrusted` NFKC-normalizes, escapes C0/C1 control chars (so newlines
|
|
14
|
+
* can't forge lines), and drops zero-width / bidi-override / BOM characters.
|
|
15
|
+
* `renderUntrusted` additionally length-caps and appends a non-ASCII flag so an
|
|
16
|
+
* automated approver doesn't trust a look-alike. Regexes are character-class
|
|
17
|
+
* only (no host matching, no backtracking) to stay clear of ReDoS, and are
|
|
18
|
+
* built from escaped ASCII strings so the source stays free of literal control
|
|
19
|
+
* bytes.
|
|
20
|
+
*/
|
|
21
|
+
// C0 controls (incl. \n \r \t), DEL, and C1 controls.
|
|
22
|
+
const CONTROL_RE = new RegExp("[\\u0000-\\u001F\\u007F-\\u009F]", "g");
|
|
23
|
+
// Zero-width + bidi marks, bidi embeddings/overrides, word-joiner/invisible
|
|
24
|
+
// math range, bidi isolates, and the BOM — all usable for visual spoofing.
|
|
25
|
+
const INVISIBLE_RE = new RegExp("[\\u200B-\\u200F\\u202A-\\u202E\\u2060-\\u2064\\u2066-\\u2069\\uFEFF]", "g");
|
|
26
|
+
// Anything outside printable ASCII (space..tilde).
|
|
27
|
+
const NON_ASCII_RE = new RegExp("[^\\u0020-\\u007E]");
|
|
28
|
+
/** NFKC-normalize, escape control chars to visible `\xNN`, drop invisible chars. */
|
|
29
|
+
export function sanitizeUntrusted(raw) {
|
|
30
|
+
const s = (typeof raw === "string" ? raw : String(raw)).normalize("NFKC");
|
|
31
|
+
return s
|
|
32
|
+
.replace(CONTROL_RE, (c) => "\\x" + (c.codePointAt(0) ?? 0).toString(16).padStart(2, "0"))
|
|
33
|
+
.replace(INVISIBLE_RE, "");
|
|
34
|
+
}
|
|
35
|
+
/** True if the string contains any non-printable-ASCII char (homoglyph risk). */
|
|
36
|
+
export function hasNonAscii(s) {
|
|
37
|
+
return NON_ASCII_RE.test(s);
|
|
38
|
+
}
|
|
39
|
+
/**
|
|
40
|
+
* Render an attacker-controlled value for a single-line human/LLM context:
|
|
41
|
+
* sanitized, length-capped, and tagged `<non-ASCII>` when it contains non-ASCII
|
|
42
|
+
* characters (possible homoglyph) so a look-alike token isn't silently trusted.
|
|
43
|
+
*/
|
|
44
|
+
export function renderUntrusted(raw, maxLen = 200) {
|
|
45
|
+
const s = sanitizeUntrusted(raw);
|
|
46
|
+
// Flag on the actual content, not the (ASCII) truncation marker.
|
|
47
|
+
const flagged = hasNonAscii(s);
|
|
48
|
+
const capped = s.length > maxLen ? s.slice(0, maxLen) + "..." : s;
|
|
49
|
+
return flagged ? `${capped} <non-ASCII>` : capped;
|
|
50
|
+
}
|
|
51
|
+
//# sourceMappingURL=sanitize.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sanitize.js","sourceRoot":"","sources":["../../src/lib/sanitize.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,sDAAsD;AACtD,MAAM,UAAU,GAAG,IAAI,MAAM,CAAC,kCAAkC,EAAE,GAAG,CAAC,CAAC;AACvE,4EAA4E;AAC5E,2EAA2E;AAC3E,MAAM,YAAY,GAAG,IAAI,MAAM,CAC7B,uEAAuE,EACvE,GAAG,CACJ,CAAC;AACF,mDAAmD;AACnD,MAAM,YAAY,GAAG,IAAI,MAAM,CAAC,oBAAoB,CAAC,CAAC;AAEtD,oFAAoF;AACpF,MAAM,UAAU,iBAAiB,CAAC,GAAY;IAC5C,MAAM,CAAC,GAAG,CAAC,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAC1E,OAAO,CAAC;SACL,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SACzF,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;AAC/B,CAAC;AAED,iFAAiF;AACjF,MAAM,UAAU,WAAW,CAAC,CAAS;IACnC,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAC9B,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAAC,GAAY,EAAE,MAAM,GAAG,GAAG;IACxD,MAAM,CAAC,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC;IACjC,iEAAiE;IACjE,MAAM,OAAO,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;IAC/B,MAAM,MAAM,GAAG,CAAC,CAAC,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAClE,OAAO,OAAO,CAAC,CAAC,CAAC,GAAG,MAAM,cAAc,CAAC,CAAC,CAAC,MAAM,CAAC;AACpD,CAAC"}
|
package/dist/lib/signer.d.ts
CHANGED
|
@@ -7,6 +7,8 @@ import { type EnvGuardResult } from "./requireEnv.js";
|
|
|
7
7
|
*/
|
|
8
8
|
export declare class SignerManager {
|
|
9
9
|
private readonly cache;
|
|
10
|
+
/** Per-chain broadcast serialization queue (H-12 nonce guard). */
|
|
11
|
+
private readonly broadcastQueues;
|
|
10
12
|
private readonly key;
|
|
11
13
|
private readonly config;
|
|
12
14
|
constructor(config: DexeConfig);
|
|
@@ -30,6 +32,15 @@ export declare class SignerManager {
|
|
|
30
32
|
* instead of a thrown stack trace.
|
|
31
33
|
*/
|
|
32
34
|
trySigner(chainId?: number): EnvGuardResult<Wallet>;
|
|
35
|
+
/**
|
|
36
|
+
* Serialize broadcasts per chain. Concurrent `dexe_tx_send` / composite-flow
|
|
37
|
+
* calls that share this signer would otherwise invoke `sendTransaction` at
|
|
38
|
+
* the same time, both read the same pending nonce, and one transaction is
|
|
39
|
+
* silently dropped (or hangs until timeout) — H-12. Each task runs only after
|
|
40
|
+
* the previous one for the same chain has settled; task failures are isolated
|
|
41
|
+
* so the queue keeps flowing.
|
|
42
|
+
*/
|
|
43
|
+
withBroadcastLock<T>(chainId: number, task: () => Promise<T>): Promise<T>;
|
|
33
44
|
private failNoKey;
|
|
34
45
|
}
|
|
35
46
|
//# sourceMappingURL=signer.d.ts.map
|
package/dist/lib/signer.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"signer.d.ts","sourceRoot":"","sources":["../../src/lib/signer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAmB,MAAM,EAAE,MAAM,QAAQ,CAAC;AACjD,OAAO,EAAgB,KAAK,UAAU,EAAE,MAAM,cAAc,CAAC;AAC7D,OAAO,EAAW,KAAK,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAE/D;;;GAGG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,KAAK,CAA6B;IACnD,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAqB;IACzC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAa;gBAExB,MAAM,EAAE,UAAU;IAK9B,SAAS,IAAI,OAAO;IAIpB,wFAAwF;IACxF,SAAS,IAAI,UAAU;IAIvB;;;OAGG;IACH,UAAU,IAAI,MAAM;IAKpB;;;OAGG;IACH,aAAa,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,MAAM;IAYvC;;;;;OAKG;IACH,SAAS,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,cAAc,CAAC,MAAM,CAAC;IAWnD,OAAO,CAAC,SAAS;CAMlB"}
|
|
1
|
+
{"version":3,"file":"signer.d.ts","sourceRoot":"","sources":["../../src/lib/signer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAmB,MAAM,EAAE,MAAM,QAAQ,CAAC;AACjD,OAAO,EAAgB,KAAK,UAAU,EAAE,MAAM,cAAc,CAAC;AAC7D,OAAO,EAAW,KAAK,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAE/D;;;GAGG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,KAAK,CAA6B;IACnD,kEAAkE;IAClE,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAuC;IACvE,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAqB;IACzC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAa;gBAExB,MAAM,EAAE,UAAU;IAK9B,SAAS,IAAI,OAAO;IAIpB,wFAAwF;IACxF,SAAS,IAAI,UAAU;IAIvB;;;OAGG;IACH,UAAU,IAAI,MAAM;IAKpB;;;OAGG;IACH,aAAa,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,MAAM;IAYvC;;;;;OAKG;IACH,SAAS,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,cAAc,CAAC,MAAM,CAAC;IAWnD;;;;;;;OAOG;IACG,iBAAiB,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC;IAgB/E,OAAO,CAAC,SAAS;CAMlB"}
|
package/dist/lib/signer.js
CHANGED
|
@@ -7,6 +7,8 @@ import { hintFor } from "./requireEnv.js";
|
|
|
7
7
|
*/
|
|
8
8
|
export class SignerManager {
|
|
9
9
|
cache = new Map();
|
|
10
|
+
/** Per-chain broadcast serialization queue (H-12 nonce guard). */
|
|
11
|
+
broadcastQueues = new Map();
|
|
10
12
|
key;
|
|
11
13
|
config;
|
|
12
14
|
constructor(config) {
|
|
@@ -62,6 +64,20 @@ export class SignerManager {
|
|
|
62
64
|
};
|
|
63
65
|
}
|
|
64
66
|
}
|
|
67
|
+
/**
|
|
68
|
+
* Serialize broadcasts per chain. Concurrent `dexe_tx_send` / composite-flow
|
|
69
|
+
* calls that share this signer would otherwise invoke `sendTransaction` at
|
|
70
|
+
* the same time, both read the same pending nonce, and one transaction is
|
|
71
|
+
* silently dropped (or hangs until timeout) — H-12. Each task runs only after
|
|
72
|
+
* the previous one for the same chain has settled; task failures are isolated
|
|
73
|
+
* so the queue keeps flowing.
|
|
74
|
+
*/
|
|
75
|
+
async withBroadcastLock(chainId, task) {
|
|
76
|
+
const prev = this.broadcastQueues.get(chainId) ?? Promise.resolve();
|
|
77
|
+
const run = prev.then(() => task(), () => task());
|
|
78
|
+
this.broadcastQueues.set(chainId, run.then(() => undefined, () => undefined));
|
|
79
|
+
return run;
|
|
80
|
+
}
|
|
65
81
|
failNoKey() {
|
|
66
82
|
const dexeEnvKeys = Object.keys(process.env).filter(k => k.startsWith("DEXE_")).join(", ");
|
|
67
83
|
throw new Error(`DEXE_PRIVATE_KEY not set. Available DEXE_* env vars: [${dexeEnvKeys}]. Configure it in MCP server env to enable transaction signing.`);
|
package/dist/lib/signer.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"signer.js","sourceRoot":"","sources":["../../src/lib/signer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AACjD,OAAO,EAAE,YAAY,EAAmB,MAAM,cAAc,CAAC;AAC7D,OAAO,EAAE,OAAO,EAAuB,MAAM,iBAAiB,CAAC;AAE/D;;;GAGG;AACH,MAAM,OAAO,aAAa;IACP,KAAK,GAAG,IAAI,GAAG,EAAkB,CAAC;
|
|
1
|
+
{"version":3,"file":"signer.js","sourceRoot":"","sources":["../../src/lib/signer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AACjD,OAAO,EAAE,YAAY,EAAmB,MAAM,cAAc,CAAC;AAC7D,OAAO,EAAE,OAAO,EAAuB,MAAM,iBAAiB,CAAC;AAE/D;;;GAGG;AACH,MAAM,OAAO,aAAa;IACP,KAAK,GAAG,IAAI,GAAG,EAAkB,CAAC;IACnD,kEAAkE;IACjD,eAAe,GAAG,IAAI,GAAG,EAA4B,CAAC;IACtD,GAAG,CAAqB;IACxB,MAAM,CAAa;IAEpC,YAAY,MAAkB;QAC5B,IAAI,CAAC,GAAG,GAAG,MAAM,CAAC,UAAU,CAAC;QAC7B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,SAAS;QACP,OAAO,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;IACpB,CAAC;IAED,wFAAwF;IACxF,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED;;;OAGG;IACH,UAAU;QACR,IAAI,CAAC,IAAI,CAAC,GAAG;YAAE,IAAI,CAAC,SAAS,EAAE,CAAC;QAChC,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC;IACtC,CAAC;IAED;;;OAGG;IACH,aAAa,CAAC,OAAgB;QAC5B,IAAI,CAAC,IAAI,CAAC,GAAG;YAAE,IAAI,CAAC,SAAS,EAAE,CAAC;QAChC,MAAM,KAAK,GAAG,YAAY,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACjD,IAAI,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC3C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,QAAQ,GAAG,IAAI,eAAe,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YACnD,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;YACxC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACxC,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;;;OAKG;IACH,SAAS,CAAC,OAAgB;QACxB,IAAI,CAAC;YACH,OAAO,EAAE,EAAE,EAAE,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO;gBACL,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;gBACvD,WAAW,EAAE,OAAO,CAAC,CAAC,kBAAkB,CAAC,CAAC;aAC3C,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,iBAAiB,CAAI,OAAe,EAAE,IAAsB;QAChE,MAAM,IAAI,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpE,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CACnB,GAAG,EAAE,CAAC,IAAI,EAAE,EACZ,GAAG,EAAE,CAAC,IAAI,EAAE,CACb,CAAC;QACF,IAAI,CAAC,eAAe,CAAC,GAAG,CACtB,OAAO,EACP,GAAG,CAAC,IAAI,CACN,GAAG,EAAE,CAAC,SAAS,EACf,GAAG,EAAE,CAAC,SAAS,CAChB,CACF,CAAC;QACF,OAAO,GAAG,CAAC;IACb,CAAC;IAEO,SAAS;QACf,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3F,MAAM,IAAI,KAAK,CACb,yDAAyD,WAAW,kEAAkE,CACvI,CAAC;IACJ,CAAC;CACF"}
|
package/dist/lib/subgraph.d.ts
CHANGED
|
@@ -15,6 +15,13 @@ export interface GqlResponse<T> {
|
|
|
15
15
|
* embed a key (e.g. `…/api/subgraphs/id/<id>` — Bearer-only style).
|
|
16
16
|
*/
|
|
17
17
|
export declare function extractGraphApiKey(endpoint: string): string | undefined;
|
|
18
|
+
/**
|
|
19
|
+
* Trusted hosts for The Graph's decentralized gateway / Studio. The Graph API
|
|
20
|
+
* key is only meaningful for these; we refuse to attach it as a Bearer to any
|
|
21
|
+
* other configured endpoint so a hostile `DEXE_SUBGRAPH_*_URL` can't harvest
|
|
22
|
+
* the operator's key (W21 companion / L-6).
|
|
23
|
+
*/
|
|
24
|
+
export declare function isTrustedGraphHost(endpoint: string): boolean;
|
|
18
25
|
export declare function gqlRequest<T>(endpoint: string, query: string, variables?: Record<string, unknown>, apiKey?: string): Promise<T>;
|
|
19
26
|
/** Ported from frontend gov-pools subgraph `proposalInteractions` query. */
|
|
20
27
|
export declare const PROPOSAL_INTERACTIONS_QUERY = "\n query ProposalInteractions($proposalId: String!, $first: Int!, $skip: Int!) {\n proposalInteractions(\n where: { proposal: $proposalId }\n first: $first\n skip: $skip\n orderBy: timestamp\n orderDirection: desc\n ) {\n id\n hash\n timestamp\n interactionType\n totalVote\n voter {\n id\n voter {\n id\n }\n }\n }\n }\n";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"subgraph.d.ts","sourceRoot":"","sources":["../../src/lib/subgraph.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,MAAM,WAAW,WAAW,CAAC,CAAC;IAC5B,IAAI,CAAC,EAAE,CAAC,CAAC;IACT,MAAM,CAAC,EAAE,KAAK,CAAC;QAAE,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACrC;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAGvE;AAED,wBAAsB,UAAU,CAAC,CAAC,EAChC,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,EACb,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACnC,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,CAAC,CAAC,
|
|
1
|
+
{"version":3,"file":"subgraph.d.ts","sourceRoot":"","sources":["../../src/lib/subgraph.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,MAAM,WAAW,WAAW,CAAC,CAAC;IAC5B,IAAI,CAAC,EAAE,CAAC,CAAC;IACT,MAAM,CAAC,EAAE,KAAK,CAAC;QAAE,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACrC;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAGvE;AAED;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAO5D;AAED,wBAAsB,UAAU,CAAC,CAAC,EAChC,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,EACb,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACnC,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,CAAC,CAAC,CA4BZ;AAED,4EAA4E;AAC5E,eAAO,MAAM,2BAA2B,2aAsBvC,CAAC"}
|
package/dist/lib/subgraph.js
CHANGED
|
@@ -7,11 +7,33 @@ export function extractGraphApiKey(endpoint) {
|
|
|
7
7
|
const m = endpoint.match(/\/api\/([0-9a-f]{32,})\/subgraphs\//i);
|
|
8
8
|
return m ? m[1] : undefined;
|
|
9
9
|
}
|
|
10
|
+
/**
|
|
11
|
+
* Trusted hosts for The Graph's decentralized gateway / Studio. The Graph API
|
|
12
|
+
* key is only meaningful for these; we refuse to attach it as a Bearer to any
|
|
13
|
+
* other configured endpoint so a hostile `DEXE_SUBGRAPH_*_URL` can't harvest
|
|
14
|
+
* the operator's key (W21 companion / L-6).
|
|
15
|
+
*/
|
|
16
|
+
export function isTrustedGraphHost(endpoint) {
|
|
17
|
+
try {
|
|
18
|
+
const host = new URL(endpoint).hostname.toLowerCase();
|
|
19
|
+
return host === "thegraph.com" || host.endsWith(".thegraph.com");
|
|
20
|
+
}
|
|
21
|
+
catch {
|
|
22
|
+
return false;
|
|
23
|
+
}
|
|
24
|
+
}
|
|
10
25
|
export async function gqlRequest(endpoint, query, variables, apiKey) {
|
|
11
26
|
const headers = { "Content-Type": "application/json" };
|
|
12
|
-
const
|
|
13
|
-
|
|
27
|
+
const extracted = extractGraphApiKey(endpoint);
|
|
28
|
+
const key = apiKey ?? process.env.DEXE_GRAPH_API_KEY?.trim() ?? extracted;
|
|
29
|
+
// W21/L-6: only attach the key as a Bearer when the endpoint is a trusted
|
|
30
|
+
// Graph host, or when the key is already embedded in the endpoint URL
|
|
31
|
+
// (sending it back to the same URL leaks nothing new). A hostile
|
|
32
|
+
// DEXE_SUBGRAPH_*_URL must not receive the operator's separate Graph API key.
|
|
33
|
+
const keyAlreadyInUrl = extracted !== undefined && key === extracted;
|
|
34
|
+
if (key && (keyAlreadyInUrl || isTrustedGraphHost(endpoint))) {
|
|
14
35
|
headers["Authorization"] = `Bearer ${key}`;
|
|
36
|
+
}
|
|
15
37
|
const res = await fetch(endpoint, {
|
|
16
38
|
method: "POST",
|
|
17
39
|
headers,
|
package/dist/lib/subgraph.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"subgraph.js","sourceRoot":"","sources":["../../src/lib/subgraph.ts"],"names":[],"mappings":"AAUA;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,QAAgB;IACjD,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;IACjE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AAC9B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,QAAgB,EAChB,KAAa,EACb,SAAmC,EACnC,MAAe;IAEf,MAAM,OAAO,GAA2B,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC;IAC/E,MAAM,GAAG,GAAG,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,kBAAkB,EAAE,IAAI,EAAE,IAAI,kBAAkB,CAAC,QAAQ,CAAC,CAAC
|
|
1
|
+
{"version":3,"file":"subgraph.js","sourceRoot":"","sources":["../../src/lib/subgraph.ts"],"names":[],"mappings":"AAUA;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,QAAgB;IACjD,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;IACjE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AAC9B,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,kBAAkB,CAAC,QAAgB;IACjD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QACtD,OAAO,IAAI,KAAK,cAAc,IAAI,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;IACnE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,QAAgB,EAChB,KAAa,EACb,SAAmC,EACnC,MAAe;IAEf,MAAM,OAAO,GAA2B,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC;IAC/E,MAAM,SAAS,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC;IAC/C,MAAM,GAAG,GAAG,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,kBAAkB,EAAE,IAAI,EAAE,IAAI,SAAS,CAAC;IAC1E,0EAA0E;IAC1E,sEAAsE;IACtE,iEAAiE;IACjE,8EAA8E;IAC9E,MAAM,eAAe,GAAG,SAAS,KAAK,SAAS,IAAI,GAAG,KAAK,SAAS,CAAC;IACrE,IAAI,GAAG,IAAI,CAAC,eAAe,IAAI,kBAAkB,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;QAC7D,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,GAAG,EAAE,CAAC;IAC7C,CAAC;IAED,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;QAChC,MAAM,EAAE,MAAM;QACd,OAAO;QACP,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;KAC3C,CAAC,CAAC;IACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QAChD,MAAM,IAAI,KAAK,CAAC,iBAAiB,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,UAAU,GAAG,MAAM,CAAC,CAAC,CAAC,MAAM,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAChH,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAmB,CAAC;IAClD,IAAI,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,oBAAoB,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACtF,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,IAAI;QAAE,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;IAChE,OAAO,IAAI,CAAC,IAAI,CAAC;AACnB,CAAC;AAED,4EAA4E;AAC5E,MAAM,CAAC,MAAM,2BAA2B,GAAG,aAAa,CAAC;;;;;;;;;;;;;;;;;;;;;;CAsBxD,CAAC"}
|
package/dist/rpc.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rpc.d.ts","sourceRoot":"","sources":["../src/rpc.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,QAAQ,CAAC;AACzC,OAAO,EAAgB,KAAK,UAAU,EAAE,MAAM,aAAa,CAAC;AAC5D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;
|
|
1
|
+
{"version":3,"file":"rpc.d.ts","sourceRoot":"","sources":["../src/rpc.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,QAAQ,CAAC;AACzC,OAAO,EAAgB,KAAK,UAAU,EAAE,MAAM,aAAa,CAAC;AAC5D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAG1D;;;;;;;GAOG;AACH,qBAAa,WAAW;IAGV,OAAO,CAAC,QAAQ,CAAC,MAAM;IAFnC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAsC;gBAE/B,MAAM,EAAE,UAAU;IAE/C,eAAe,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,eAAe;IAUlD;;;;;OAKG;IACH,WAAW,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,cAAc,CAAC,eAAe,CAAC;IAa9D,yEAAyE;IACzE,cAAc,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,MAAM;CAGzC"}
|
package/dist/rpc.js
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { JsonRpcProvider } from "ethers";
|
|
2
2
|
import { resolveChain } from "./config.js";
|
|
3
|
+
import { safeErrorMessage } from "./lib/redact.js";
|
|
3
4
|
/**
|
|
4
5
|
* Lazy ethers v6 provider factory. Gov tools that need an RPC endpoint call
|
|
5
6
|
* `requireProvider(chainId?)`; tools that don't (decode_calldata,
|
|
@@ -35,7 +36,7 @@ export class RpcProvider {
|
|
|
35
36
|
}
|
|
36
37
|
catch (err) {
|
|
37
38
|
return {
|
|
38
|
-
error:
|
|
39
|
+
error: safeErrorMessage(err),
|
|
39
40
|
remediation: "Set DEXE_RPC_URL_TESTNET / DEXE_RPC_URL_MAINNET / DEXE_RPC_URL_<chainId> in .env, " +
|
|
40
41
|
"then restart the MCP server (Claude Code: quit + relaunch). Run dexe_doctor to verify.",
|
|
41
42
|
};
|
package/dist/rpc.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rpc.js","sourceRoot":"","sources":["../src/rpc.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,QAAQ,CAAC;AACzC,OAAO,EAAE,YAAY,EAAmB,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"rpc.js","sourceRoot":"","sources":["../src/rpc.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,QAAQ,CAAC;AACzC,OAAO,EAAE,YAAY,EAAmB,MAAM,aAAa,CAAC;AAE5D,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAEnD;;;;;;;GAOG;AACH,MAAM,OAAO,WAAW;IAGO;IAFZ,KAAK,GAAG,IAAI,GAAG,EAA2B,CAAC;IAE5D,YAA6B,MAAkB;QAAlB,WAAM,GAAN,MAAM,CAAY;IAAG,CAAC;IAEnD,eAAe,CAAC,OAAgB;QAC9B,MAAM,KAAK,GAAG,YAAY,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACjD,IAAI,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC7C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,QAAQ,GAAG,IAAI,eAAe,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAC7C,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAC1C,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;;;;OAKG;IACH,WAAW,CAAC,OAAgB;QAC1B,IAAI,CAAC;YACH,OAAO,EAAE,EAAE,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;QAC/C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO;gBACL,KAAK,EAAE,gBAAgB,CAAC,GAAG,CAAC;gBAC5B,WAAW,EACT,oFAAoF;oBACpF,wFAAwF;aAC3F,CAAC;QACJ,CAAC;IACH,CAAC;IAED,yEAAyE;IACzE,cAAc,CAAC,OAAgB;QAC7B,OAAO,YAAY,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,OAAO,CAAC;IACpD,CAAC;CACF"}
|
package/dist/tools/dao.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dao.d.ts","sourceRoot":"","sources":["../../src/tools/dao.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACzE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"dao.d.ts","sourceRoot":"","sources":["../../src/tools/dao.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACzE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AA0BhD,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,SAAS,EAAE,GAAG,EAAE,WAAW,GAAG,IAAI,CAkB1E"}
|
package/dist/tools/dao.js
CHANGED
|
@@ -3,6 +3,7 @@ import { Contract, Interface, isAddress } from "ethers";
|
|
|
3
3
|
import { RpcProvider } from "../rpc.js";
|
|
4
4
|
import { AddressBook, CONTRACT_NAMES } from "../lib/addresses.js";
|
|
5
5
|
import { multicall } from "../lib/multicall.js";
|
|
6
|
+
import { renderUntrusted } from "../lib/sanitize.js";
|
|
6
7
|
const POOL_FACTORY_ABI = [
|
|
7
8
|
"function predictGovAddresses(address deployer, string poolName) view returns (tuple(address govPool, address govTokenSale, address govToken, address distributionProposal, address expertNft, address nftMultiplier))",
|
|
8
9
|
];
|
|
@@ -231,7 +232,7 @@ function registerDaoInfo(server, ctx, rpc, requireBook) {
|
|
|
231
232
|
validatorsCount,
|
|
232
233
|
};
|
|
233
234
|
const text = `GovPool ${govPool}\n` +
|
|
234
|
-
` descriptionURL: ${descriptionURL
|
|
235
|
+
` descriptionURL: ${descriptionURL != null ? renderUntrusted(descriptionURL) : "(none)"}\n` +
|
|
235
236
|
` validators: ${validatorsCount ?? "?"}\n\n` +
|
|
236
237
|
`Helpers:\n` +
|
|
237
238
|
` settings : ${helpers.settings}\n` +
|
package/dist/tools/dao.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dao.js","sourceRoot":"","sources":["../../src/tools/dao.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AAGxD,OAAO,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AACxC,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAClE,OAAO,EAAE,SAAS,EAAa,MAAM,qBAAqB,CAAC;
|
|
1
|
+
{"version":3,"file":"dao.js","sourceRoot":"","sources":["../../src/tools/dao.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AAGxD,OAAO,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AACxC,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAClE,OAAO,EAAE,SAAS,EAAa,MAAM,qBAAqB,CAAC;AAE3D,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAErD,MAAM,gBAAgB,GAAG;IACvB,uNAAuN;CAC/M,CAAC;AAEX,MAAM,iBAAiB,GAAG;IACxB,+DAA+D;CACvD,CAAC;AAEX,MAAM,YAAY,GAAG;IACnB,gJAAgJ;IAChJ,yHAAyH;IACzH,iDAAiD;IACjD,uCAAuC;CAC/B,CAAC;AAEX,MAAM,kBAAkB,GAAG;IACzB,mDAAmD;CAC3C,CAAC;AAEX,MAAM,UAAU,gBAAgB,CAAC,MAAiB,EAAE,GAAgB;IAClE,MAAM,GAAG,GAAG,IAAI,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAExC,SAAS,WAAW;QAClB,MAAM,EAAE,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;QAC7B,IAAI,OAAO,IAAI,EAAE;YAAE,OAAO,EAAE,CAAC;QAC7B,OAAO;YACL,EAAE,EAAE,IAAI,WAAW,CAAC;gBAClB,QAAQ,EAAE,EAAE,CAAC,EAAE;gBACf,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,OAAO;gBAC3B,gBAAgB,EAAE,GAAG,CAAC,MAAM,CAAC,gBAAgB;aAC9C,CAAC;SACH,CAAC;IACJ,CAAC;IAED,wBAAwB,CAAC,MAAM,EAAE,GAAG,EAAE,WAAW,CAAC,CAAC;IACnD,sBAAsB,CAAC,MAAM,EAAE,GAAG,EAAE,WAAW,CAAC,CAAC;IACjD,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,WAAW,CAAC,CAAC;AACjD,CAAC;AAED,SAAS,WAAW,CAAC,OAAe;IAClC,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAChF,CAAC;AAED,mDAAmD;AAEnD,SAAS,wBAAwB,CAC/B,MAAiB,EACjB,GAAgB,EAChB,WAA8C;IAE9C,MAAM,CAAC,YAAY,CACjB,4BAA4B,EAC5B;QACE,KAAK,EAAE,+CAA+C;QACtD,WAAW,EACT,6PAA6P;QAC/P,WAAW,EAAE;YACX,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,yDAAyD,CAAC;YACxF,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6CAA6C,CAAC;SAC7E;QACD,YAAY,EAAE;YACZ,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;YACnB,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;YACxB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;YACpB,oBAAoB,EAAE,CAAC,CAAC,MAAM,EAAE;YAChC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;YACrB,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE;SAC1B;KACF,EACD,KAAK,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE,EAAE,EAAE;QAC/B,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC;YAAE,OAAO,WAAW,CAAC,6BAA6B,QAAQ,EAAE,CAAC,CAAC;QACtF,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,WAAW,CAAC,4BAA4B,CAAC,CAAC;QAEzF,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,WAAW,EAAE,CAAC;YACzB,IAAI,OAAO,IAAI,EAAE;gBAAE,OAAO,WAAW,CAAC,GAAG,EAAE,CAAC,KAAK,KAAK,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;YACxE,MAAM,IAAI,GAAG,EAAE,CAAC,EAAE,CAAC;YACnB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;YACpE,MAAM,OAAO,GAAG,IAAI,QAAQ,CAAC,WAAW,EAAE,gBAAgB,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC3E,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,qBAAqB,CAAC,CAAC,UAAU,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;YAC5F,MAAM,UAAU,GAAG;gBACjB,OAAO,EAAE,GAAG,CAAC,OAAiB;gBAC9B,YAAY,EAAE,GAAG,CAAC,YAAsB;gBACxC,QAAQ,EAAE,GAAG,CAAC,QAAkB;gBAChC,oBAAoB,EAAE,GAAG,CAAC,oBAA8B;gBACxD,SAAS,EAAE,GAAG,CAAC,SAAmB;gBAClC,aAAa,EAAE,GAAG,CAAC,aAAuB;aAC3C,CAAC;YACF,MAAM,IAAI,GACR,iCAAiC,QAAQ,iBAAiB,QAAQ,KAAK;gBACvE,4BAA4B,UAAU,CAAC,OAAO,IAAI;gBAClD,4BAA4B,UAAU,CAAC,YAAY,IAAI;gBACvD,4BAA4B,UAAU,CAAC,QAAQ,IAAI;gBACnD,4BAA4B,UAAU,CAAC,oBAAoB,IAAI;gBAC/D,4BAA4B,UAAU,CAAC,SAAS,IAAI;gBACpD,4BAA4B,UAAU,CAAC,aAAa,EAAE,CAAC;YACzD,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,CAAC;gBAC1C,iBAAiB,EAAE,UAAU;aAC9B,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,WAAW,CAChB,gCAAgC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CACnF,CAAC;QACJ,CAAC;IACH,CAAC,CACF,CAAC;AACJ,CAAC;AAED,iDAAiD;AAEjD,SAAS,sBAAsB,CAC7B,MAAiB,EACjB,GAAgB,EAChB,WAA8C;IAE9C,MAAM,CAAC,YAAY,CACjB,0BAA0B,EAC1B;QACE,KAAK,EAAE,4CAA4C;QACnD,WAAW,EACT,gIAAgI;QAClI,WAAW,EAAE;YACX,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,2BAA2B,CAAC;SAC1D;QACD,YAAY,EAAE;YACZ,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;YACnB,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE;YACtB,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;YACxB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;SACpB;KACF,EACD,KAAK,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE;QACpB,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;YAAE,OAAO,WAAW,CAAC,oBAAoB,OAAO,EAAE,CAAC,CAAC;QAC3E,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,WAAW,EAAE,CAAC;YACzB,IAAI,OAAO,IAAI,EAAE;gBAAE,OAAO,WAAW,CAAC,GAAG,EAAE,CAAC,KAAK,KAAK,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;YACxE,MAAM,IAAI,GAAG,EAAE,CAAC,EAAE,CAAC;YACnB,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC;YACtE,MAAM,GAAG,GAAG,IAAI,QAAQ,CAAC,YAAY,EAAE,iBAAiB,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;YACzE,MAAM,KAAK,GAAY,MAAM,GAAG,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;YAC9E,MAAM,UAAU,GAAG;gBACjB,OAAO;gBACP,SAAS,EAAE,KAAK;gBAChB,YAAY,EAAE,YAAY;gBAC1B,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,OAAO;aAC5B,CAAC;YACF,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAe;wBACrB,IAAI,EAAE,GAAG,OAAO,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,yBAAyB,GAAG,CAAC,MAAM,CAAC,OAAO,kBAAkB,YAAY,IAAI;qBACzH;iBACF;gBACD,iBAAiB,EAAE,UAAU;aAC9B,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,WAAW,CAChB,2BAA2B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAC9E,CAAC;QACJ,CAAC;IACH,CAAC,CACF,CAAC;AACJ,CAAC;AAED,sCAAsC;AAEtC,SAAS,eAAe,CACtB,MAAiB,EACjB,GAAgB,EAChB,GAAgB,EAChB,WAA8C;IAE9C,MAAM,CAAC,YAAY,CACjB,eAAe,EACf;QACE,KAAK,EAAE,wDAAwD;QAC/D,WAAW,EACT,iNAAiN;QACnN,WAAW,EAAE;YACX,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,0BAA0B,CAAC;SACzD;QACD,YAAY,EAAE;YACZ,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;YACnB,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;YACrC,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC;gBAChB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;gBACpB,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE;gBACtB,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE;gBACtB,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;gBACxB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;aACtB,CAAC;YACF,YAAY,EAAE,CAAC,CAAC,MAAM,CAAC;gBACrB,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE;gBACzB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;gBACrB,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE;gBACzB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;aACjB,CAAC;YACF,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;SACvC;KACF,EACD,KAAK,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE;QACpB,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;YAAE,OAAO,WAAW,CAAC,4BAA4B,OAAO,EAAE,CAAC,CAAC;QACnF,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;YAC7B,IAAI,OAAO,IAAI,EAAE;gBAAE,OAAO,WAAW,CAAC,GAAG,EAAE,CAAC,KAAK,KAAK,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;YACxE,MAAM,QAAQ,GAAG,EAAE,CAAC,EAAE,CAAC;YACvB,MAAM,OAAO,GAAG,IAAI,SAAS,CAAC,YAAmC,CAAC,CAAC;YACnE,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC,kBAAyC,CAAC,CAAC;YAExE,oDAAoD;YACpD,MAAM,MAAM,GAAW;gBACrB,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,oBAAoB,EAAE,IAAI,EAAE,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE;gBAC/F,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,iBAAiB,EAAE,IAAI,EAAE,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE;gBAC5F,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,gBAAgB,EAAE,IAAI,EAAE,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE;aAC5F,CAAC;YACF,MAAM,CAAC,QAAQ,EAAE,IAAI,EAAE,KAAK,CAAC,GAAG,MAAM,SAAS,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;YAElE,IAAI,CAAC,QAAQ,EAAE,OAAO,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC;gBACzC,OAAO,WAAW,CAChB,WAAW,OAAO,wHAAwH,CAC3I,CAAC;YACJ,CAAC;YAED,MAAM,EAAE,GAAG,QAAQ,CAAC,KAMnB,CAAC;YACF,MAAM,EAAE,GAAG,IAAI,CAAC,KAKf,CAAC;YACF,MAAM,OAAO,GAAG;gBACd,QAAQ,EAAE,EAAE,CAAC,QAAQ;gBACrB,UAAU,EAAE,EAAE,CAAC,UAAU;gBACzB,UAAU,EAAE,EAAE,CAAC,UAAU;gBACzB,YAAY,EAAE,EAAE,CAAC,YAAY;gBAC7B,SAAS,EAAE,EAAE,CAAC,SAAS;aACxB,CAAC;YACF,MAAM,YAAY,GAAG;gBACnB,aAAa,EAAE,EAAE,CAAC,aAAa;gBAC/B,SAAS,EAAE,EAAE,CAAC,SAAS;gBACvB,aAAa,EAAE,EAAE,CAAC,aAAa;gBAC/B,IAAI,EAAE,EAAE,CAAC,IAAI;aACd,CAAC;YAEF,sDAAsD;YACtD,IAAI,eAAe,GAAkB,IAAI,CAAC;YAC1C,IAAI,OAAO,CAAC,UAAU,IAAI,SAAS,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;gBACxD,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,SAAS,CAAC,QAAQ,EAAE;oBACtC;wBACE,MAAM,EAAE,OAAO,CAAC,UAAU;wBAC1B,KAAK,EAAE,MAAM;wBACb,MAAM,EAAE,iBAAiB;wBACzB,IAAI,EAAE,EAAE;wBACR,YAAY,EAAE,IAAI;qBACnB;iBACF,CAAC,CAAC;gBACH,IAAI,GAAG,EAAE,OAAO,IAAI,GAAG,CAAC,KAAK,IAAI,IAAI,EAAE,CAAC;oBACtC,eAAe,GAAI,GAAG,CAAC,KAAgB,CAAC,QAAQ,EAAE,CAAC;gBACrD,CAAC;YACH,CAAC;YAED,MAAM,cAAc,GAClB,KAAK,EAAE,OAAO,IAAI,OAAO,KAAK,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAE,KAAK,CAAC,KAAgB,CAAC,CAAC,CAAC,IAAI,CAAC;YAErF,wEAAwE;YACxE,uDAAuD;YACvD,MAAM,OAAO,GAAG,WAAW,EAAE,CAAC;YAC9B,IAAI,OAAO,IAAI,OAAO;gBAAE,OAAO,WAAW,CAAC,GAAG,OAAO,CAAC,KAAK,KAAK,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;YAEvF,MAAM,UAAU,GAAG;gBACjB,OAAO;gBACP,cAAc;gBACd,OAAO;gBACP,YAAY;gBACZ,eAAe;aAChB,CAAC;YACF,MAAM,IAAI,GACR,WAAW,OAAO,IAAI;gBACtB,qBAAqB,cAAc,IAAI,IAAI,CAAC,CAAC,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI;gBAC5F,iBAAiB,eAAe,IAAI,GAAG,MAAM;gBAC7C,YAAY;gBACZ,oBAAoB,OAAO,CAAC,QAAQ,IAAI;gBACxC,oBAAoB,OAAO,CAAC,UAAU,IAAI;gBAC1C,oBAAoB,OAAO,CAAC,UAAU,IAAI;gBAC1C,oBAAoB,OAAO,CAAC,YAAY,IAAI;gBAC5C,oBAAoB,OAAO,CAAC,SAAS,MAAM;gBAC3C,kBAAkB;gBAClB,qBAAqB,YAAY,CAAC,aAAa,IAAI;gBACnD,qBAAqB,YAAY,CAAC,SAAS,IAAI;gBAC/C,qBAAqB,YAAY,CAAC,aAAa,IAAI;gBACnD,qBAAqB,YAAY,CAAC,IAAI,EAAE,CAAC;YAC3C,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,CAAC;gBAC1C,iBAAiB,EAAE,UAAU;aAC9B,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,WAAW,CAChB,oBAAoB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CACvE,CAAC;QACJ,CAAC;IACH,CAAC,CACF,CAAC;AACJ,CAAC"}
|
package/dist/tools/flow.d.ts
CHANGED
|
@@ -10,6 +10,12 @@ interface FlowStep {
|
|
|
10
10
|
txHash?: string;
|
|
11
11
|
payload?: TxPayload;
|
|
12
12
|
}
|
|
13
|
+
/**
|
|
14
|
+
* W10 refusal decision: a definitive `isGovPool === false` aborts the flow; a
|
|
15
|
+
* `true` or `null` (could-not-verify) proceeds (the exact-amount approve bounds
|
|
16
|
+
* the residual risk).
|
|
17
|
+
*/
|
|
18
|
+
export declare function refuseIfNotGovPool(govPool: string, isGovPool: boolean | null): void;
|
|
13
19
|
export declare function sendOrCollect(signer: SignerManager, payloads: TxPayload[], opts?: {
|
|
14
20
|
dryRun?: boolean;
|
|
15
21
|
chainId?: number;
|
package/dist/tools/flow.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"flow.d.ts","sourceRoot":"","sources":["../../src/tools/flow.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACzE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AAGxC,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;
|
|
1
|
+
{"version":3,"file":"flow.d.ts","sourceRoot":"","sources":["../../src/tools/flow.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACzE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AAGxC,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAqCjD,UAAU,QAAQ;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,SAAS,CAAC;CACrB;AAyCD;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,GAAG,IAAI,GAAG,IAAI,CAQnF;AAyGD,wBAAsB,aAAa,CACjC,MAAM,EAAE,aAAa,EACrB,QAAQ,EAAE,SAAS,EAAE,EACrB,IAAI,CAAC,EAAE;IAAE,MAAM,CAAC,EAAE,OAAO,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,GAC5C,OAAO,CAAC;IAAE,IAAI,EAAE,UAAU,GAAG,UAAU,GAAG,QAAQ,CAAC;IAAC,KAAK,EAAE,QAAQ,EAAE,CAAA;CAAE,CAAC,CAyD1E;AAID,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,MAAM,CAAC;IAChB,4DAA4D;IAC5D,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,oBAAoB,GAAG,QAAQ,CAAC;IAC/C,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,cAAc,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC;IACpC,YAAY,CAAC,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;IACpE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,qBAAqB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,2EAA2E;IAC3E,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,kBAAkB;IACjC,GAAG,EAAE,WAAW,CAAC;IACjB,MAAM,EAAE,aAAa,CAAC;IACtB,GAAG,EAAE,WAAW,CAAC;CAClB;AAED;;;;;GAKG;AACH,wBAAsB,iBAAiB,CACrC,QAAQ,EAAE,mBAAmB,EAC7B,IAAI,EAAE,kBAAkB;;;;;GAiRzB;AAID,wBAAgB,iBAAiB,CAC/B,MAAM,EAAE,SAAS,EACjB,GAAG,EAAE,WAAW,EAChB,MAAM,EAAE,aAAa,GACpB,IAAI,CA6NN"}
|
package/dist/tools/flow.js
CHANGED
|
@@ -1,11 +1,12 @@
|
|
|
1
1
|
import { z } from "zod";
|
|
2
|
-
import {
|
|
2
|
+
import { Contract, Interface } from "ethers";
|
|
3
3
|
import { RpcProvider } from "../rpc.js";
|
|
4
4
|
import { multicall } from "../lib/multicall.js";
|
|
5
5
|
import { PinataClient, fetchIpfs } from "../lib/ipfs.js";
|
|
6
6
|
import { markdownToSlate } from "../lib/markdownToSlate.js";
|
|
7
7
|
import { resolveChain } from "../config.js";
|
|
8
8
|
import { runBroadcastGuards } from "../lib/broadcastGuards.js";
|
|
9
|
+
import { AddressBook, CONTRACT_NAMES } from "../lib/addresses.js";
|
|
9
10
|
// ---------- ABI fragments ----------
|
|
10
11
|
const ERC20_ABI = new Interface([
|
|
11
12
|
"function balanceOf(address) view returns (uint256)",
|
|
@@ -51,11 +52,51 @@ function makeTxPayload(to, iface, method, args, chainId, description, value) {
|
|
|
51
52
|
description,
|
|
52
53
|
};
|
|
53
54
|
}
|
|
54
|
-
|
|
55
|
+
const POOL_REGISTRY_ISGOV_ABI = ["function isGovPool(address) view returns (bool)"];
|
|
56
|
+
/**
|
|
57
|
+
* W10 refusal decision: a definitive `isGovPool === false` aborts the flow; a
|
|
58
|
+
* `true` or `null` (could-not-verify) proceeds (the exact-amount approve bounds
|
|
59
|
+
* the residual risk).
|
|
60
|
+
*/
|
|
61
|
+
export function refuseIfNotGovPool(govPool, isGovPool) {
|
|
62
|
+
if (isGovPool === false) {
|
|
63
|
+
throw new Error(`Refusing: ${govPool} is not a registered DeXe GovPool (PoolRegistry.isGovPool == false). ` +
|
|
64
|
+
`A fake govPool returns attacker-controlled helper addresses and would route the ` +
|
|
65
|
+
`auto-approve to an attacker contract (W10). Double-check the govPool address.`);
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
/**
|
|
69
|
+
* W10: verify `govPool` is a registered DeXe GovPool against the CANONICAL
|
|
70
|
+
* PoolRegistry for the chain — never the helper addresses the pool itself
|
|
71
|
+
* reports (an attacker fully controls those for a fake "govPool", and the
|
|
72
|
+
* composite flow would then auto-approve the attacker's keeper). A definitive
|
|
73
|
+
* `isGovPool == false` aborts the flow; if the registry can't be resolved on
|
|
74
|
+
* this chain we proceed, since the exact-amount approve still bounds the risk.
|
|
75
|
+
*/
|
|
76
|
+
async function assertRegisteredGovPool(provider, rpc, config, chainId, govPool) {
|
|
77
|
+
let isGov;
|
|
78
|
+
try {
|
|
79
|
+
const book = new AddressBook({
|
|
80
|
+
provider,
|
|
81
|
+
chainId: rpc.resolveChainId(chainId),
|
|
82
|
+
registryOverride: config.registryOverride,
|
|
83
|
+
});
|
|
84
|
+
const registryAddr = await book.resolve(CONTRACT_NAMES.POOL_REGISTRY);
|
|
85
|
+
const reg = new Contract(registryAddr, POOL_REGISTRY_ISGOV_ABI, provider);
|
|
86
|
+
isGov = (await reg.getFunction("isGovPool").staticCall(govPool));
|
|
87
|
+
}
|
|
88
|
+
catch {
|
|
89
|
+
return; // registry unresolvable / call failed — cannot verify, proceed
|
|
90
|
+
}
|
|
91
|
+
refuseIfNotGovPool(govPool, isGov);
|
|
92
|
+
}
|
|
93
|
+
async function resolvePrereqs(rpc, govPool, user, config, chainId) {
|
|
55
94
|
const pr = rpc.tryProvider(chainId);
|
|
56
95
|
if ("error" in pr)
|
|
57
96
|
throw new Error(`${pr.error}\n${pr.remediation}`);
|
|
58
97
|
const provider = pr.ok;
|
|
98
|
+
// W10: refuse a fake govPool before reading its helpers / auto-approving.
|
|
99
|
+
await assertRegisteredGovPool(provider, rpc, config, chainId, govPool);
|
|
59
100
|
// Batch 1: get helper addresses
|
|
60
101
|
const batch1 = [
|
|
61
102
|
{ target: govPool, iface: GOV_POOL_ABI, method: "getHelperContracts", args: [] },
|
|
@@ -144,12 +185,12 @@ export async function sendOrCollect(signer, payloads, opts) {
|
|
|
144
185
|
chainId: Number(p.chainId),
|
|
145
186
|
from: wallet.address,
|
|
146
187
|
}, cfg, { skipSimulation: true });
|
|
147
|
-
const tx = await wallet.sendTransaction({
|
|
188
|
+
const tx = await signer.withBroadcastLock(Number(p.chainId), () => wallet.sendTransaction({
|
|
148
189
|
to: p.to,
|
|
149
190
|
data: p.data,
|
|
150
191
|
value: BigInt(p.value),
|
|
151
192
|
chainId: BigInt(p.chainId),
|
|
152
|
-
});
|
|
193
|
+
}));
|
|
153
194
|
const receipt = await tx.wait(1);
|
|
154
195
|
steps.push({
|
|
155
196
|
label: p.description,
|
|
@@ -186,7 +227,7 @@ export async function runProposalCreate(inputRaw, deps) {
|
|
|
186
227
|
// Step 1: resolve prerequisites
|
|
187
228
|
let prereqs;
|
|
188
229
|
try {
|
|
189
|
-
prereqs = await resolvePrereqs(rpc, govPool, user, chainId);
|
|
230
|
+
prereqs = await resolvePrereqs(rpc, govPool, user, ctx.config, chainId);
|
|
190
231
|
}
|
|
191
232
|
catch (e) {
|
|
192
233
|
return err(`Failed to resolve prerequisites: ${e instanceof Error ? e.message : String(e)}`);
|
|
@@ -352,7 +393,10 @@ export async function runProposalCreate(inputRaw, deps) {
|
|
|
352
393
|
}
|
|
353
394
|
// Approve (if needed)
|
|
354
395
|
if (needDeposit > 0n && prereqs.currentAllowance < needDeposit) {
|
|
355
|
-
|
|
396
|
+
// W10: approve exactly what the deposit needs, never MAX_UINT256 — a
|
|
397
|
+
// residual unlimited allowance to a (possibly attacker-supplied) keeper
|
|
398
|
+
// is the drain primitive.
|
|
399
|
+
payloads.push(makeTxPayload(prereqs.tokenAddress, ERC20_ABI, "approve", [prereqs.userKeeper, needDeposit], chainId, `ERC20.approve(${prereqs.userKeeper}, ${needDeposit})`));
|
|
356
400
|
}
|
|
357
401
|
else {
|
|
358
402
|
skippedSteps.push({ label: "ERC20.approve", skipped: true, reason: "Allowance sufficient" });
|
|
@@ -473,6 +517,7 @@ export function registerFlowTools(server, ctx, signer) {
|
|
|
473
517
|
voteNftIds: z.array(z.string()).default([]),
|
|
474
518
|
depositFirst: z.boolean().default(false).describe("Deposit wallet tokens before voting"),
|
|
475
519
|
autoExecute: z.boolean().default(true).describe("Attempt execute if proposal passes after vote"),
|
|
520
|
+
dryRun: z.boolean().default(false).describe("If true, return ordered TxPayloads even when DEXE_PRIVATE_KEY is set (preview without broadcasting)."),
|
|
476
521
|
user: z.string().optional().describe("User address. Required when DEXE_PRIVATE_KEY not set."),
|
|
477
522
|
}, async (input) => {
|
|
478
523
|
const user = input.user ?? (signer.hasSigner() ? signer.getAddress() : undefined);
|
|
@@ -505,7 +550,7 @@ export function registerFlowTools(server, ctx, signer) {
|
|
|
505
550
|
if ((stateNum === 4 || stateNum === 5 || stateNum === 6) && input.autoExecute) {
|
|
506
551
|
const execResult = await sendOrCollect(signer, [
|
|
507
552
|
makeTxPayload(govPool, GOV_POOL_ABI, "execute", [proposalId], chainId, `GovPool.execute(${proposalId})`),
|
|
508
|
-
], { chainId });
|
|
553
|
+
], { dryRun: input.dryRun, chainId });
|
|
509
554
|
return ok({
|
|
510
555
|
mode: execResult.mode,
|
|
511
556
|
proposalId,
|
|
@@ -514,7 +559,7 @@ export function registerFlowTools(server, ctx, signer) {
|
|
|
514
559
|
{ label: "GovPool.vote", skipped: true, reason: `Proposal already in "${stateName}" — no vote needed` },
|
|
515
560
|
...execResult.steps,
|
|
516
561
|
],
|
|
517
|
-
executed:
|
|
562
|
+
executed: execResult.mode === "executed",
|
|
518
563
|
});
|
|
519
564
|
}
|
|
520
565
|
if (stateNum !== 0) {
|
|
@@ -523,7 +568,7 @@ export function registerFlowTools(server, ctx, signer) {
|
|
|
523
568
|
// Step 2: resolve prereqs for deposit check
|
|
524
569
|
let prereqs;
|
|
525
570
|
if (input.depositFirst) {
|
|
526
|
-
prereqs = await resolvePrereqs(rpc, govPool, user, chainId);
|
|
571
|
+
prereqs = await resolvePrereqs(rpc, govPool, user, ctx.config, chainId);
|
|
527
572
|
}
|
|
528
573
|
const payloads = [];
|
|
529
574
|
const skippedSteps = [];
|
|
@@ -531,7 +576,8 @@ export function registerFlowTools(server, ctx, signer) {
|
|
|
531
576
|
if (input.depositFirst && prereqs && prereqs.walletBalance > 0n) {
|
|
532
577
|
// Approve if needed
|
|
533
578
|
if (prereqs.currentAllowance < prereqs.walletBalance) {
|
|
534
|
-
|
|
579
|
+
// W10: exact-amount approve, never MAX_UINT256.
|
|
580
|
+
payloads.push(makeTxPayload(prereqs.tokenAddress, ERC20_ABI, "approve", [prereqs.userKeeper, prereqs.walletBalance], chainId, `ERC20.approve(${prereqs.userKeeper}, ${prereqs.walletBalance})`));
|
|
535
581
|
}
|
|
536
582
|
// Deposit
|
|
537
583
|
payloads.push(makeTxPayload(govPool, GOV_POOL_ABI, "deposit", [prereqs.walletBalance, []], chainId, `GovPool.deposit(${prereqs.walletBalance})`));
|
|
@@ -546,14 +592,14 @@ export function registerFlowTools(server, ctx, signer) {
|
|
|
546
592
|
// Check minVotesForVoting threshold
|
|
547
593
|
if (!prereqs && !input.voteAmount) {
|
|
548
594
|
// Need prereqs to validate threshold — fetch them
|
|
549
|
-
prereqs = await resolvePrereqs(rpc, govPool, user, chainId);
|
|
595
|
+
prereqs = await resolvePrereqs(rpc, govPool, user, ctx.config, chainId);
|
|
550
596
|
}
|
|
551
597
|
if (prereqs && prereqs.minVotesForVoting > 0n && voteAmt < prereqs.minVotesForVoting) {
|
|
552
598
|
return err(`Insufficient voting power. Need ${prereqs.minVotesForVoting} but voting with ${voteAmt}.`);
|
|
553
599
|
}
|
|
554
600
|
payloads.push(makeTxPayload(govPool, GOV_POOL_ABI, "vote", [proposalId, input.isVoteFor, voteAmt, input.voteNftIds.map(id => BigInt(id))], chainId, `GovPool.vote(${proposalId}, ${input.isVoteFor}, ${voteAmt})`));
|
|
555
601
|
// Step 5: send or collect
|
|
556
|
-
const result = await sendOrCollect(signer, payloads, { chainId });
|
|
602
|
+
const result = await sendOrCollect(signer, payloads, { dryRun: input.dryRun, chainId });
|
|
557
603
|
// Step 6: auto-execute (only in executed mode)
|
|
558
604
|
let executed = false;
|
|
559
605
|
if (input.autoExecute && result.mode === "executed") {
|
|
@@ -567,7 +613,7 @@ export function registerFlowTools(server, ctx, signer) {
|
|
|
567
613
|
// SucceededFor or SucceededAgainst — execute
|
|
568
614
|
const execResult = await sendOrCollect(signer, [
|
|
569
615
|
makeTxPayload(govPool, GOV_POOL_ABI, "execute", [proposalId], chainId, `GovPool.execute(${proposalId})`),
|
|
570
|
-
], { chainId });
|
|
616
|
+
], { dryRun: input.dryRun, chainId });
|
|
571
617
|
result.steps.push(...execResult.steps);
|
|
572
618
|
executed = true;
|
|
573
619
|
}
|