dexe-mcp 0.8.3 → 0.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +156 -12
- package/README.md +6 -5
- package/dist/bootstrap.d.ts +14 -0
- package/dist/bootstrap.d.ts.map +1 -1
- package/dist/bootstrap.js +24 -2
- package/dist/bootstrap.js.map +1 -1
- package/dist/config.d.ts +22 -0
- package/dist/config.d.ts.map +1 -1
- package/dist/config.js +30 -0
- package/dist/config.js.map +1 -1
- package/dist/diag/checks.d.ts.map +1 -1
- package/dist/diag/checks.js +5 -4
- package/dist/diag/checks.js.map +1 -1
- package/dist/env/schema.d.ts +21 -0
- package/dist/env/schema.d.ts.map +1 -1
- package/dist/env/schema.js +21 -0
- package/dist/env/schema.js.map +1 -1
- package/dist/lib/amount.d.ts +23 -0
- package/dist/lib/amount.d.ts.map +1 -0
- package/dist/lib/amount.js +30 -0
- package/dist/lib/amount.js.map +1 -0
- package/dist/lib/broadcastGuards.d.ts +10 -0
- package/dist/lib/broadcastGuards.d.ts.map +1 -1
- package/dist/lib/broadcastGuards.js +11 -1
- package/dist/lib/broadcastGuards.js.map +1 -1
- package/dist/lib/controllingVoters.d.ts +44 -0
- package/dist/lib/controllingVoters.d.ts.map +1 -0
- package/dist/lib/controllingVoters.js +152 -0
- package/dist/lib/controllingVoters.js.map +1 -0
- package/dist/lib/dangerousSelectors.d.ts +1 -1
- package/dist/lib/dangerousSelectors.d.ts.map +1 -1
- package/dist/lib/dangerousSelectors.js +12 -22
- package/dist/lib/dangerousSelectors.js.map +1 -1
- package/dist/lib/decoders.d.ts +20 -0
- package/dist/lib/decoders.d.ts.map +1 -1
- package/dist/lib/decoders.js +52 -0
- package/dist/lib/decoders.js.map +1 -1
- package/dist/lib/govProposalView.d.ts +37 -0
- package/dist/lib/govProposalView.d.ts.map +1 -0
- package/dist/lib/govProposalView.js +42 -0
- package/dist/lib/govProposalView.js.map +1 -0
- package/dist/lib/ipfs.d.ts +14 -0
- package/dist/lib/ipfs.d.ts.map +1 -1
- package/dist/lib/ipfs.js +31 -1
- package/dist/lib/ipfs.js.map +1 -1
- package/dist/lib/markdownToSlate.d.ts +9 -0
- package/dist/lib/markdownToSlate.d.ts.map +1 -1
- package/dist/lib/markdownToSlate.js +24 -0
- package/dist/lib/markdownToSlate.js.map +1 -1
- package/dist/lib/multicall.d.ts.map +1 -1
- package/dist/lib/multicall.js +12 -2
- package/dist/lib/multicall.js.map +1 -1
- package/dist/lib/protocolAdvisories.d.ts +25 -0
- package/dist/lib/protocolAdvisories.d.ts.map +1 -0
- package/dist/lib/protocolAdvisories.js +46 -0
- package/dist/lib/protocolAdvisories.js.map +1 -0
- package/dist/lib/quorumRisk.d.ts +92 -0
- package/dist/lib/quorumRisk.d.ts.map +1 -0
- package/dist/lib/quorumRisk.js +159 -0
- package/dist/lib/quorumRisk.js.map +1 -0
- package/dist/lib/redact.d.ts +36 -0
- package/dist/lib/redact.d.ts.map +1 -0
- package/dist/lib/redact.js +72 -0
- package/dist/lib/redact.js.map +1 -0
- package/dist/lib/sanitize.d.ts +31 -0
- package/dist/lib/sanitize.d.ts.map +1 -0
- package/dist/lib/sanitize.js +51 -0
- package/dist/lib/sanitize.js.map +1 -0
- package/dist/lib/signer.d.ts +11 -0
- package/dist/lib/signer.d.ts.map +1 -1
- package/dist/lib/signer.js +16 -0
- package/dist/lib/signer.js.map +1 -1
- package/dist/lib/subgraph.d.ts +7 -0
- package/dist/lib/subgraph.d.ts.map +1 -1
- package/dist/lib/subgraph.js +24 -2
- package/dist/lib/subgraph.js.map +1 -1
- package/dist/rpc.d.ts.map +1 -1
- package/dist/rpc.js +2 -1
- package/dist/rpc.js.map +1 -1
- package/dist/tools/dao.d.ts.map +1 -1
- package/dist/tools/dao.js +2 -1
- package/dist/tools/dao.js.map +1 -1
- package/dist/tools/daoDeploy.d.ts.map +1 -1
- package/dist/tools/daoDeploy.js +32 -0
- package/dist/tools/daoDeploy.js.map +1 -1
- package/dist/tools/flow.d.ts +6 -0
- package/dist/tools/flow.d.ts.map +1 -1
- package/dist/tools/flow.js +149 -14
- package/dist/tools/flow.js.map +1 -1
- package/dist/tools/getConfig.d.ts.map +1 -1
- package/dist/tools/getConfig.js +2 -1
- package/dist/tools/getConfig.js.map +1 -1
- package/dist/tools/gov.d.ts.map +1 -1
- package/dist/tools/gov.js +41 -11
- package/dist/tools/gov.js.map +1 -1
- package/dist/tools/index.d.ts.map +1 -1
- package/dist/tools/index.js +2 -0
- package/dist/tools/index.js.map +1 -1
- package/dist/tools/otc.d.ts +32 -0
- package/dist/tools/otc.d.ts.map +1 -1
- package/dist/tools/otc.js +217 -74
- package/dist/tools/otc.js.map +1 -1
- package/dist/tools/proposalBuild.d.ts.map +1 -1
- package/dist/tools/proposalBuild.js +20 -5
- package/dist/tools/proposalBuild.js.map +1 -1
- package/dist/tools/proposalBuildComplex.d.ts.map +1 -1
- package/dist/tools/proposalBuildComplex.js +50 -11
- package/dist/tools/proposalBuildComplex.js.map +1 -1
- package/dist/tools/proposalBuildMore.d.ts.map +1 -1
- package/dist/tools/proposalBuildMore.js +12 -4
- package/dist/tools/proposalBuildMore.js.map +1 -1
- package/dist/tools/read.d.ts +1 -0
- package/dist/tools/read.d.ts.map +1 -1
- package/dist/tools/read.js +61 -18
- package/dist/tools/read.js.map +1 -1
- package/dist/tools/risk.d.ts +4 -0
- package/dist/tools/risk.d.ts.map +1 -0
- package/dist/tools/risk.js +255 -0
- package/dist/tools/risk.js.map +1 -0
- package/dist/tools/safe.d.ts.map +1 -1
- package/dist/tools/safe.js +13 -0
- package/dist/tools/safe.js.map +1 -1
- package/dist/tools/subgraph.d.ts.map +1 -1
- package/dist/tools/subgraph.js +19 -15
- package/dist/tools/subgraph.js.map +1 -1
- package/dist/tools/txSend.d.ts +6 -0
- package/dist/tools/txSend.d.ts.map +1 -1
- package/dist/tools/txSend.js +26 -3
- package/dist/tools/txSend.js.map +1 -1
- package/dist/tools/voteBuild.d.ts.map +1 -1
- package/dist/tools/voteBuild.js +40 -25
- package/dist/tools/voteBuild.js.map +1 -1
- package/package.json +2 -2
|
@@ -0,0 +1,159 @@
|
|
|
1
|
+
import { id, Interface } from "ethers";
|
|
2
|
+
import { selectorOf } from "./dangerousSelectors.js";
|
|
3
|
+
/** Worst (most dangerous) of a set of risk levels. Empty → SAFE. */
|
|
4
|
+
export function worstRisk(...levels) {
|
|
5
|
+
if (levels.includes("DANGER"))
|
|
6
|
+
return "DANGER";
|
|
7
|
+
if (levels.includes("CAUTION"))
|
|
8
|
+
return "CAUTION";
|
|
9
|
+
return "SAFE";
|
|
10
|
+
}
|
|
11
|
+
// ─── quorum units ──────────────────────────────────────────────────────────
|
|
12
|
+
// DeXe stores quorum as a fraction of PERCENTAGE_100 = 1e27 (so 50% = 5e26).
|
|
13
|
+
// The on-chain getProposalRequiredQuorum(id) instead returns an ABSOLUTE
|
|
14
|
+
// token-weight (pct × totalVoteWeight already applied) — never pass that here.
|
|
15
|
+
const PERCENTAGE_100 = 10n ** 27n;
|
|
16
|
+
/** Convert a raw quorum setting (pct × 1e25) to a human percentage. 5e26 → 50. */
|
|
17
|
+
export function quorumPctFromRaw(raw) {
|
|
18
|
+
let v;
|
|
19
|
+
try {
|
|
20
|
+
v = typeof raw === "bigint" ? raw : BigInt(raw);
|
|
21
|
+
}
|
|
22
|
+
catch {
|
|
23
|
+
return NaN;
|
|
24
|
+
}
|
|
25
|
+
// 2-decimal precision via integer math (avoids float drift on 1e27-scale ints).
|
|
26
|
+
return Number((v * 10000n) / PERCENTAGE_100) / 100;
|
|
27
|
+
}
|
|
28
|
+
/** SAFE ≥ floor; CAUTION ≥ 0.8×floor; DANGER below. NaN → DANGER (unparseable). */
|
|
29
|
+
export function judgeQuorum(pct, floorPct) {
|
|
30
|
+
if (!Number.isFinite(pct))
|
|
31
|
+
return "DANGER";
|
|
32
|
+
if (pct >= floorPct)
|
|
33
|
+
return "SAFE";
|
|
34
|
+
if (pct >= 0.8 * floorPct)
|
|
35
|
+
return "CAUTION";
|
|
36
|
+
return "DANGER";
|
|
37
|
+
}
|
|
38
|
+
/**
|
|
39
|
+
* Value-moving / allowance-granting selectors. ERC20 `transferFrom` and ERC721
|
|
40
|
+
* `transferFrom` share selector 0x23b872dd → classified as `transferFrom`; the
|
|
41
|
+
* ERC721-only `safeTransferFrom` overloads classify as `nftTransfer`.
|
|
42
|
+
*/
|
|
43
|
+
const TREASURY_SELECTORS = new Map([
|
|
44
|
+
{ kind: "approve", sig: "approve(address,uint256)", recipientArg: 0, amountArg: 1 },
|
|
45
|
+
{ kind: "transfer", sig: "transfer(address,uint256)", recipientArg: 0, amountArg: 1 },
|
|
46
|
+
{ kind: "transferFrom", sig: "transferFrom(address,address,uint256)", recipientArg: 1, amountArg: 2 },
|
|
47
|
+
{ kind: "increaseAllowance", sig: "increaseAllowance(address,uint256)", recipientArg: 0, amountArg: 1 },
|
|
48
|
+
{ kind: "nftTransfer", sig: "safeTransferFrom(address,address,uint256)", recipientArg: 1, amountArg: 2 },
|
|
49
|
+
{ kind: "nftTransfer", sig: "safeTransferFrom(address,address,uint256,bytes)", recipientArg: 1, amountArg: 2 },
|
|
50
|
+
].map((e) => [id(e.sig).slice(0, 10).toLowerCase(), e]));
|
|
51
|
+
/** Decimal selectors of every treasury-touching function (for docs/tests). */
|
|
52
|
+
export function treasurySelectors() {
|
|
53
|
+
return [...TREASURY_SELECTORS.keys()];
|
|
54
|
+
}
|
|
55
|
+
/**
|
|
56
|
+
* Scan a proposal's actions and report every one that moves treasury value or
|
|
57
|
+
* grants an allowance. Best-effort recipient/amount decode — NEVER throws.
|
|
58
|
+
* A single action can yield two hits (native value + an ERC20 call).
|
|
59
|
+
*/
|
|
60
|
+
export function classifyTreasuryActions(actions) {
|
|
61
|
+
const hits = [];
|
|
62
|
+
actions.forEach((a, index) => {
|
|
63
|
+
const sel = selectorOf(a.data);
|
|
64
|
+
// Native coin transfer (value > 0) is a treasury movement regardless of data.
|
|
65
|
+
try {
|
|
66
|
+
if (a.value && BigInt(a.value) > 0n) {
|
|
67
|
+
hits.push({
|
|
68
|
+
index,
|
|
69
|
+
executor: a.executor,
|
|
70
|
+
selector: sel,
|
|
71
|
+
kind: "nativeValue",
|
|
72
|
+
recipient: a.executor,
|
|
73
|
+
amount: String(a.value),
|
|
74
|
+
});
|
|
75
|
+
}
|
|
76
|
+
}
|
|
77
|
+
catch {
|
|
78
|
+
/* non-numeric value — ignore */
|
|
79
|
+
}
|
|
80
|
+
if (sel === null)
|
|
81
|
+
return;
|
|
82
|
+
const match = TREASURY_SELECTORS.get(sel);
|
|
83
|
+
if (!match)
|
|
84
|
+
return;
|
|
85
|
+
let recipient = null;
|
|
86
|
+
let amount = null;
|
|
87
|
+
try {
|
|
88
|
+
const iface = new Interface([`function ${match.sig}`]);
|
|
89
|
+
const decoded = iface.decodeFunctionData(match.sig, a.data);
|
|
90
|
+
recipient = String(decoded[match.recipientArg]);
|
|
91
|
+
amount = decoded[match.amountArg].toString();
|
|
92
|
+
}
|
|
93
|
+
catch {
|
|
94
|
+
/* undecodable — leave null, never throw */
|
|
95
|
+
}
|
|
96
|
+
hits.push({ index, executor: a.executor, selector: sel, kind: match.kind, recipient, amount });
|
|
97
|
+
});
|
|
98
|
+
return hits;
|
|
99
|
+
}
|
|
100
|
+
/**
|
|
101
|
+
* Estimate the share of token supply required to meet a proposal's quorum.
|
|
102
|
+
* Prefers the on-chain `requiredWeight` (getProposalRequiredQuorum); otherwise
|
|
103
|
+
* derives it from `quorumPct × totalVoteWeight`. When the percentage cannot be
|
|
104
|
+
* computed the verdict is CAUTION (unknown is never SAFE).
|
|
105
|
+
*/
|
|
106
|
+
export function quorumConcentration(args) {
|
|
107
|
+
const floorPct = args.floorPct ?? 50;
|
|
108
|
+
let requiredWeight = args.requiredWeight ?? null;
|
|
109
|
+
if (requiredWeight === null && args.totalVoteWeight !== undefined && Number.isFinite(args.quorumPct)) {
|
|
110
|
+
// quorumPct% of totalVoteWeight, 2-decimal precision via integer math.
|
|
111
|
+
const bps = BigInt(Math.round(args.quorumPct * 100)); // pct → basis points
|
|
112
|
+
requiredWeight = (args.totalVoteWeight * bps) / 10000n;
|
|
113
|
+
}
|
|
114
|
+
const totalSupply = args.totalSupply ?? null;
|
|
115
|
+
let pctOfSupplyForQuorum = null;
|
|
116
|
+
if (requiredWeight !== null && totalSupply !== null && totalSupply > 0n) {
|
|
117
|
+
pctOfSupplyForQuorum = Number((requiredWeight * 10000n) / totalSupply) / 100;
|
|
118
|
+
}
|
|
119
|
+
const verdict = pctOfSupplyForQuorum === null ? "CAUTION" : judgeQuorum(pctOfSupplyForQuorum, floorPct);
|
|
120
|
+
return { requiredWeight, totalSupply, pctOfSupplyForQuorum, verdict };
|
|
121
|
+
}
|
|
122
|
+
// ─── advisory strings (tone mirrors protocolAdvisories.ts) ────────────────────
|
|
123
|
+
const ADVISORY_TAG = "[governance-safety advisory]";
|
|
124
|
+
/** Flag a below-floor quorum SETTING (deploy / change-voting-settings). */
|
|
125
|
+
export function lowQuorumAdvisory(pct, floorPct) {
|
|
126
|
+
const shown = Number.isFinite(pct) ? `${pct}%` : "unparseable";
|
|
127
|
+
return (`⚠ quorum=${shown} is below the ${floorPct}% safe floor (DEXE_MIN_SAFE_QUORUM_PCT). ` +
|
|
128
|
+
`Low quorum reduces the participation required to pass a proposal. For a DAO that holds ` +
|
|
129
|
+
`treasury assets, set quorum ≥50% (51%+ recommended) and verify stakeholder participation ` +
|
|
130
|
+
`before executing treasury-moving proposals; the safe value is DAO-specific. ${ADVISORY_TAG}`);
|
|
131
|
+
}
|
|
132
|
+
/** Flag a treasury-touching proposal at build time (static, no RPC needed). */
|
|
133
|
+
export const TREASURY_RISK_ADVISORY = `⚠ This proposal moves treasury value (ERC20 approve/transfer/transferFrom or native value). ` +
|
|
134
|
+
`Confirm the DAO's quorum is adequate (≥50%) and that key stakeholders have participated before ` +
|
|
135
|
+
`executing. Run dexe_proposal_risk_assess for a full readout. ${ADVISORY_TAG}`;
|
|
136
|
+
/**
|
|
137
|
+
* Build-time advisory for any builder whose actions move treasury value.
|
|
138
|
+
* Returns the static advisory string when there is at least one treasury hit
|
|
139
|
+
* and the guard is enabled, else null. Build-time is WARN-only — it never
|
|
140
|
+
* blocks (refusing would just route users to hand-crafted custom_abi).
|
|
141
|
+
*/
|
|
142
|
+
export function buildTimeTreasuryAdvisory(actions, guard) {
|
|
143
|
+
if (guard === "off")
|
|
144
|
+
return null;
|
|
145
|
+
return classifyTreasuryActions(actions).length > 0 ? TREASURY_RISK_ADVISORY : null;
|
|
146
|
+
}
|
|
147
|
+
/**
|
|
148
|
+
* Advisory message for the vote_and_execute treasury alert. `reasons` are the
|
|
149
|
+
* failing checks (below-floor quorum, no controlling-member participation).
|
|
150
|
+
* Advisory ONLY — the guard never blocks; it surfaces this and proceeds. The
|
|
151
|
+
* durable control is an adequate on-chain quorum threshold configured per DAO.
|
|
152
|
+
*/
|
|
153
|
+
export function treasuryExecuteAdvisory(reasons) {
|
|
154
|
+
return (`⚠ Treasury-safety advisory: this proposal moves treasury value AND ${reasons.join("; ")}. ` +
|
|
155
|
+
`Verify adequate quorum and stakeholder participation before executing — ` +
|
|
156
|
+
`responsibility for executing rests with whoever broadcasts it. Run dexe_proposal_risk_assess for a full ` +
|
|
157
|
+
`readout. ${ADVISORY_TAG}`);
|
|
158
|
+
}
|
|
159
|
+
//# sourceMappingURL=quorumRisk.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"quorumRisk.js","sourceRoot":"","sources":["../../src/lib/quorumRisk.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACvC,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AAcrD,oEAAoE;AACpE,MAAM,UAAU,SAAS,CAAC,GAAG,MAAmB;IAC9C,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,QAAQ,CAAC;IAC/C,IAAI,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC;QAAE,OAAO,SAAS,CAAC;IACjD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,8EAA8E;AAC9E,6EAA6E;AAC7E,yEAAyE;AACzE,+EAA+E;AAC/E,MAAM,cAAc,GAAG,GAAG,IAAI,GAAG,CAAC;AAElC,kFAAkF;AAClF,MAAM,UAAU,gBAAgB,CAAC,GAAoB;IACnD,IAAI,CAAS,CAAC;IACd,IAAI,CAAC;QACH,CAAC,GAAG,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAClD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,GAAG,CAAC;IACb,CAAC;IACD,gFAAgF;IAChF,OAAO,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,GAAG,cAAc,CAAC,GAAG,GAAG,CAAC;AACrD,CAAC;AAED,mFAAmF;AACnF,MAAM,UAAU,WAAW,CAAC,GAAW,EAAE,QAAgB;IACvD,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,QAAQ,CAAC;IAC3C,IAAI,GAAG,IAAI,QAAQ;QAAE,OAAO,MAAM,CAAC;IACnC,IAAI,GAAG,IAAI,GAAG,GAAG,QAAQ;QAAE,OAAO,SAAS,CAAC;IAC5C,OAAO,QAAQ,CAAC;AAClB,CAAC;AAmCD;;;;GAIG;AACH,MAAM,kBAAkB,GAAsC,IAAI,GAAG,CAEjE;IACE,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,EAAE,0BAA0B,EAAE,YAAY,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE;IACnF,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,EAAE,2BAA2B,EAAE,YAAY,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE;IACrF,EAAE,IAAI,EAAE,cAAc,EAAE,GAAG,EAAE,uCAAuC,EAAE,YAAY,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE;IACrG,EAAE,IAAI,EAAE,mBAAmB,EAAE,GAAG,EAAE,oCAAoC,EAAE,YAAY,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE;IACvG,EAAE,IAAI,EAAE,aAAa,EAAE,GAAG,EAAE,2CAA2C,EAAE,YAAY,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE;IACxG,EAAE,IAAI,EAAE,aAAa,EAAE,GAAG,EAAE,iDAAiD,EAAE,YAAY,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE;CAEjH,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,CAAU,CAAC,CACjE,CAAC;AAEF,8EAA8E;AAC9E,MAAM,UAAU,iBAAiB;IAC/B,OAAO,CAAC,GAAG,kBAAkB,CAAC,IAAI,EAAE,CAAC,CAAC;AACxC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,uBAAuB,CACrC,OAA4D;IAE5D,MAAM,IAAI,GAAkB,EAAE,CAAC;IAC/B,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE;QAC3B,MAAM,GAAG,GAAG,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAE/B,8EAA8E;QAC9E,IAAI,CAAC;YACH,IAAI,CAAC,CAAC,KAAK,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,CAAC;gBACpC,IAAI,CAAC,IAAI,CAAC;oBACR,KAAK;oBACL,QAAQ,EAAE,CAAC,CAAC,QAAQ;oBACpB,QAAQ,EAAE,GAAG;oBACb,IAAI,EAAE,aAAa;oBACnB,SAAS,EAAE,CAAC,CAAC,QAAQ;oBACrB,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;iBACxB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,gCAAgC;QAClC,CAAC;QAED,IAAI,GAAG,KAAK,IAAI;YAAE,OAAO;QACzB,MAAM,KAAK,GAAG,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC1C,IAAI,CAAC,KAAK;YAAE,OAAO;QAEnB,IAAI,SAAS,GAAkB,IAAI,CAAC;QACpC,IAAI,MAAM,GAAkB,IAAI,CAAC;QACjC,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,IAAI,SAAS,CAAC,CAAC,YAAY,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;YACvD,MAAM,OAAO,GAAG,KAAK,CAAC,kBAAkB,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;YAC5D,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC;YAChD,MAAM,GAAI,OAAO,CAAC,KAAK,CAAC,SAAS,CAAY,CAAC,QAAQ,EAAE,CAAC;QAC3D,CAAC;QAAC,MAAM,CAAC;YACP,2CAA2C;QAC7C,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,QAAQ,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC;IACjG,CAAC,CAAC,CAAC;IACH,OAAO,IAAI,CAAC;AACd,CAAC;AAmBD;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CAAC,IAMnC;IACC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,EAAE,CAAC;IAErC,IAAI,cAAc,GAAkB,IAAI,CAAC,cAAc,IAAI,IAAI,CAAC;IAChE,IAAI,cAAc,KAAK,IAAI,IAAI,IAAI,CAAC,eAAe,KAAK,SAAS,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;QACrG,uEAAuE;QACvE,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,qBAAqB;QAC3E,cAAc,GAAG,CAAC,IAAI,CAAC,eAAe,GAAG,GAAG,CAAC,GAAG,MAAM,CAAC;IACzD,CAAC;IAED,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC;IAC7C,IAAI,oBAAoB,GAAkB,IAAI,CAAC;IAC/C,IAAI,cAAc,KAAK,IAAI,IAAI,WAAW,KAAK,IAAI,IAAI,WAAW,GAAG,EAAE,EAAE,CAAC;QACxE,oBAAoB,GAAG,MAAM,CAAC,CAAC,cAAc,GAAG,MAAM,CAAC,GAAG,WAAW,CAAC,GAAG,GAAG,CAAC;IAC/E,CAAC;IAED,MAAM,OAAO,GACX,oBAAoB,KAAK,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,oBAAoB,EAAE,QAAQ,CAAC,CAAC;IAE1F,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,oBAAoB,EAAE,OAAO,EAAE,CAAC;AACxE,CAAC;AAED,iFAAiF;AAEjF,MAAM,YAAY,GAAG,8BAA8B,CAAC;AAEpD,2EAA2E;AAC3E,MAAM,UAAU,iBAAiB,CAAC,GAAW,EAAE,QAAgB;IAC7D,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC,aAAa,CAAC;IAC/D,OAAO,CACL,YAAY,KAAK,iBAAiB,QAAQ,2CAA2C;QACrF,yFAAyF;QACzF,2FAA2F;QAC3F,+EAA+E,YAAY,EAAE,CAC9F,CAAC;AACJ,CAAC;AAED,+EAA+E;AAC/E,MAAM,CAAC,MAAM,sBAAsB,GACjC,8FAA8F;IAC9F,iGAAiG;IACjG,gEAAgE,YAAY,EAAE,CAAC;AAEjF;;;;;GAKG;AACH,MAAM,UAAU,yBAAyB,CACvC,OAA4D,EAC5D,KAAqB;IAErB,IAAI,KAAK,KAAK,KAAK;QAAE,OAAO,IAAI,CAAC;IACjC,OAAO,uBAAuB,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,IAAI,CAAC;AACrF,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,uBAAuB,CAAC,OAAiB;IACvD,OAAO,CACL,sEAAsE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI;QAC5F,0EAA0E;QAC1E,0GAA0G;QAC1G,YAAY,YAAY,EAAE,CAC3B,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Secret-redaction helpers for any text that reaches an LLM-visible tool
|
|
3
|
+
* result (`content[].text`) or `structuredContent`.
|
|
4
|
+
*
|
|
5
|
+
* W36: a credentialed RPC URL (Alchemy/Infura/QuickNode key, or a
|
|
6
|
+
* `user:pass@host` form) is appended to ethers v6 `err.message` on any
|
|
7
|
+
* non-2xx provider response (401/429/5xx — routine under load) and was
|
|
8
|
+
* emitted verbatim, leaking the operator's provider API key into the model
|
|
9
|
+
* context and transcript.
|
|
10
|
+
*
|
|
11
|
+
* - `safeErrorMessage(err)` — prefer ethers' `shortMessage` (which stays
|
|
12
|
+
* URL-free) over the verbose `message`, then redact as a backstop. Use this
|
|
13
|
+
* wherever a caught error is surfaced to the user.
|
|
14
|
+
* - `redactUrlCredentials(text)` — mask every URL found in arbitrary text
|
|
15
|
+
* (path + query + userinfo), so any embedded API key is removed regardless
|
|
16
|
+
* of provider.
|
|
17
|
+
* - `maskUrl(url)` — mask a single configured URL for deliberate display
|
|
18
|
+
* (e.g. `dexe_get_config`, `dexe_doctor`).
|
|
19
|
+
*
|
|
20
|
+
* The masking is provider-agnostic and structural (no host allowlist), so it
|
|
21
|
+
* covers any RPC vendor and cannot be bypassed by an unrecognized host.
|
|
22
|
+
*/
|
|
23
|
+
/**
|
|
24
|
+
* Mask a single URL: keep scheme + host, drop userinfo, and replace any
|
|
25
|
+
* path/query (which may carry the API key) with `***`. Never throws.
|
|
26
|
+
*/
|
|
27
|
+
export declare function maskUrl(raw: string): string;
|
|
28
|
+
/** Mask credentials/keys in every URL found in `text`. Best-effort, never throws. */
|
|
29
|
+
export declare function redactUrlCredentials(text: string): string;
|
|
30
|
+
/**
|
|
31
|
+
* Turn a caught error into a user-safe message. Prefers ethers'
|
|
32
|
+
* `shortMessage` (URL-free), falls back to `message`/`String(err)`, then
|
|
33
|
+
* redacts any residual URL credentials.
|
|
34
|
+
*/
|
|
35
|
+
export declare function safeErrorMessage(err: unknown): string;
|
|
36
|
+
//# sourceMappingURL=redact.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"redact.d.ts","sourceRoot":"","sources":["../../src/lib/redact.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAQH;;;GAGG;AACH,wBAAgB,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAW3C;AAED,qFAAqF;AACrF,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAEzD;AAED;;;;GAIG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,OAAO,GAAG,MAAM,CAerD"}
|
|
@@ -0,0 +1,72 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Secret-redaction helpers for any text that reaches an LLM-visible tool
|
|
3
|
+
* result (`content[].text`) or `structuredContent`.
|
|
4
|
+
*
|
|
5
|
+
* W36: a credentialed RPC URL (Alchemy/Infura/QuickNode key, or a
|
|
6
|
+
* `user:pass@host` form) is appended to ethers v6 `err.message` on any
|
|
7
|
+
* non-2xx provider response (401/429/5xx — routine under load) and was
|
|
8
|
+
* emitted verbatim, leaking the operator's provider API key into the model
|
|
9
|
+
* context and transcript.
|
|
10
|
+
*
|
|
11
|
+
* - `safeErrorMessage(err)` — prefer ethers' `shortMessage` (which stays
|
|
12
|
+
* URL-free) over the verbose `message`, then redact as a backstop. Use this
|
|
13
|
+
* wherever a caught error is surfaced to the user.
|
|
14
|
+
* - `redactUrlCredentials(text)` — mask every URL found in arbitrary text
|
|
15
|
+
* (path + query + userinfo), so any embedded API key is removed regardless
|
|
16
|
+
* of provider.
|
|
17
|
+
* - `maskUrl(url)` — mask a single configured URL for deliberate display
|
|
18
|
+
* (e.g. `dexe_get_config`, `dexe_doctor`).
|
|
19
|
+
*
|
|
20
|
+
* The masking is provider-agnostic and structural (no host allowlist), so it
|
|
21
|
+
* covers any RPC vendor and cannot be bypassed by an unrecognized host.
|
|
22
|
+
*/
|
|
23
|
+
/** Userinfo in a URL: `scheme://user:pass@` (used only in the parse fallback). */
|
|
24
|
+
const USERINFO_RE = /([a-zA-Z][a-zA-Z0-9+.-]*:\/\/)[^/?#\s@]+@/g;
|
|
25
|
+
/** Any http(s) URL token, bounded by whitespace / common punctuation. */
|
|
26
|
+
const URL_RE = /\bhttps?:\/\/[^\s'"`)<>\]},;]+/gi;
|
|
27
|
+
/**
|
|
28
|
+
* Mask a single URL: keep scheme + host, drop userinfo, and replace any
|
|
29
|
+
* path/query (which may carry the API key) with `***`. Never throws.
|
|
30
|
+
*/
|
|
31
|
+
export function maskUrl(raw) {
|
|
32
|
+
try {
|
|
33
|
+
const u = new URL(raw);
|
|
34
|
+
const path = u.pathname && u.pathname !== "/" ? "/***" : "";
|
|
35
|
+
const query = u.search ? "?***" : "";
|
|
36
|
+
// u.host excludes userinfo, so credentials in `user:pass@` are dropped.
|
|
37
|
+
return `${u.protocol}//${u.host}${path}${query}`;
|
|
38
|
+
}
|
|
39
|
+
catch {
|
|
40
|
+
// Non-parseable token: strip userinfo without recursing.
|
|
41
|
+
return raw.replace(USERINFO_RE, "$1***@");
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
/** Mask credentials/keys in every URL found in `text`. Best-effort, never throws. */
|
|
45
|
+
export function redactUrlCredentials(text) {
|
|
46
|
+
return text.replace(URL_RE, (m) => maskUrl(m));
|
|
47
|
+
}
|
|
48
|
+
/**
|
|
49
|
+
* Turn a caught error into a user-safe message. Prefers ethers'
|
|
50
|
+
* `shortMessage` (URL-free), falls back to `message`/`String(err)`, then
|
|
51
|
+
* redacts any residual URL credentials.
|
|
52
|
+
*/
|
|
53
|
+
export function safeErrorMessage(err) {
|
|
54
|
+
let msg;
|
|
55
|
+
if (err && typeof err === "object") {
|
|
56
|
+
const e = err;
|
|
57
|
+
if (typeof e.shortMessage === "string" && e.shortMessage.length > 0) {
|
|
58
|
+
msg = e.shortMessage;
|
|
59
|
+
}
|
|
60
|
+
else if (typeof e.message === "string") {
|
|
61
|
+
msg = e.message;
|
|
62
|
+
}
|
|
63
|
+
else {
|
|
64
|
+
msg = String(err);
|
|
65
|
+
}
|
|
66
|
+
}
|
|
67
|
+
else {
|
|
68
|
+
msg = String(err);
|
|
69
|
+
}
|
|
70
|
+
return redactUrlCredentials(msg);
|
|
71
|
+
}
|
|
72
|
+
//# sourceMappingURL=redact.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"redact.js","sourceRoot":"","sources":["../../src/lib/redact.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAEH,kFAAkF;AAClF,MAAM,WAAW,GAAG,4CAA4C,CAAC;AAEjE,yEAAyE;AACzE,MAAM,MAAM,GAAG,kCAAkC,CAAC;AAElD;;;GAGG;AACH,MAAM,UAAU,OAAO,CAAC,GAAW;IACjC,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QACvB,MAAM,IAAI,GAAG,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,QAAQ,KAAK,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QAC5D,MAAM,KAAK,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QACrC,wEAAwE;QACxE,OAAO,GAAG,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,IAAI,GAAG,IAAI,GAAG,KAAK,EAAE,CAAC;IACnD,CAAC;IAAC,MAAM,CAAC;QACP,yDAAyD;QACzD,OAAO,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAC5C,CAAC;AACH,CAAC;AAED,qFAAqF;AACrF,MAAM,UAAU,oBAAoB,CAAC,IAAY;IAC/C,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;AACjD,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,gBAAgB,CAAC,GAAY;IAC3C,IAAI,GAAW,CAAC;IAChB,IAAI,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QACnC,MAAM,CAAC,GAAG,GAAoD,CAAC;QAC/D,IAAI,OAAO,CAAC,CAAC,YAAY,KAAK,QAAQ,IAAI,CAAC,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpE,GAAG,GAAG,CAAC,CAAC,YAAY,CAAC;QACvB,CAAC;aAAM,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;YACzC,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC;QAClB,CAAC;aAAM,CAAC;YACN,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;QACpB,CAAC;IACH,CAAC;SAAM,CAAC;QACN,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;IACpB,CAAC;IACD,OAAO,oBAAoB,CAAC,GAAG,CAAC,CAAC;AACnC,CAAC"}
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Neutralize attacker-controlled strings before they are interpolated into a
|
|
3
|
+
* human/LLM-visible tool result (`content[].text`).
|
|
4
|
+
*
|
|
5
|
+
* On-chain `descriptionURL`, ERC20 `symbol()`, and IPFS-JSON values are fully
|
|
6
|
+
* attacker-controlled. Rendered verbatim they enable:
|
|
7
|
+
* - prompt-injection (H-13): instructions smuggled into the model context;
|
|
8
|
+
* - structural forgery (W24/H-13): an unescaped newline in `symbol()` paints
|
|
9
|
+
* a fake treasury line with an attacker-chosen address;
|
|
10
|
+
* - homoglyph / look-alike spoofing: Cyrillic/zero-width chars that read as a
|
|
11
|
+
* trusted token but are not.
|
|
12
|
+
*
|
|
13
|
+
* `sanitizeUntrusted` NFKC-normalizes, escapes C0/C1 control chars (so newlines
|
|
14
|
+
* can't forge lines), and drops zero-width / bidi-override / BOM characters.
|
|
15
|
+
* `renderUntrusted` additionally length-caps and appends a non-ASCII flag so an
|
|
16
|
+
* automated approver doesn't trust a look-alike. Regexes are character-class
|
|
17
|
+
* only (no host matching, no backtracking) to stay clear of ReDoS, and are
|
|
18
|
+
* built from escaped ASCII strings so the source stays free of literal control
|
|
19
|
+
* bytes.
|
|
20
|
+
*/
|
|
21
|
+
/** NFKC-normalize, escape control chars to visible `\xNN`, drop invisible chars. */
|
|
22
|
+
export declare function sanitizeUntrusted(raw: unknown): string;
|
|
23
|
+
/** True if the string contains any non-printable-ASCII char (homoglyph risk). */
|
|
24
|
+
export declare function hasNonAscii(s: string): boolean;
|
|
25
|
+
/**
|
|
26
|
+
* Render an attacker-controlled value for a single-line human/LLM context:
|
|
27
|
+
* sanitized, length-capped, and tagged `<non-ASCII>` when it contains non-ASCII
|
|
28
|
+
* characters (possible homoglyph) so a look-alike token isn't silently trusted.
|
|
29
|
+
*/
|
|
30
|
+
export declare function renderUntrusted(raw: unknown, maxLen?: number): string;
|
|
31
|
+
//# sourceMappingURL=sanitize.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sanitize.d.ts","sourceRoot":"","sources":["../../src/lib/sanitize.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAaH,oFAAoF;AACpF,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,OAAO,GAAG,MAAM,CAKtD;AAED,iFAAiF;AACjF,wBAAgB,WAAW,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAE9C;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,OAAO,EAAE,MAAM,SAAM,GAAG,MAAM,CAMlE"}
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Neutralize attacker-controlled strings before they are interpolated into a
|
|
3
|
+
* human/LLM-visible tool result (`content[].text`).
|
|
4
|
+
*
|
|
5
|
+
* On-chain `descriptionURL`, ERC20 `symbol()`, and IPFS-JSON values are fully
|
|
6
|
+
* attacker-controlled. Rendered verbatim they enable:
|
|
7
|
+
* - prompt-injection (H-13): instructions smuggled into the model context;
|
|
8
|
+
* - structural forgery (W24/H-13): an unescaped newline in `symbol()` paints
|
|
9
|
+
* a fake treasury line with an attacker-chosen address;
|
|
10
|
+
* - homoglyph / look-alike spoofing: Cyrillic/zero-width chars that read as a
|
|
11
|
+
* trusted token but are not.
|
|
12
|
+
*
|
|
13
|
+
* `sanitizeUntrusted` NFKC-normalizes, escapes C0/C1 control chars (so newlines
|
|
14
|
+
* can't forge lines), and drops zero-width / bidi-override / BOM characters.
|
|
15
|
+
* `renderUntrusted` additionally length-caps and appends a non-ASCII flag so an
|
|
16
|
+
* automated approver doesn't trust a look-alike. Regexes are character-class
|
|
17
|
+
* only (no host matching, no backtracking) to stay clear of ReDoS, and are
|
|
18
|
+
* built from escaped ASCII strings so the source stays free of literal control
|
|
19
|
+
* bytes.
|
|
20
|
+
*/
|
|
21
|
+
// C0 controls (incl. \n \r \t), DEL, and C1 controls.
|
|
22
|
+
const CONTROL_RE = new RegExp("[\\u0000-\\u001F\\u007F-\\u009F]", "g");
|
|
23
|
+
// Zero-width + bidi marks, bidi embeddings/overrides, word-joiner/invisible
|
|
24
|
+
// math range, bidi isolates, and the BOM — all usable for visual spoofing.
|
|
25
|
+
const INVISIBLE_RE = new RegExp("[\\u200B-\\u200F\\u202A-\\u202E\\u2060-\\u2064\\u2066-\\u2069\\uFEFF]", "g");
|
|
26
|
+
// Anything outside printable ASCII (space..tilde).
|
|
27
|
+
const NON_ASCII_RE = new RegExp("[^\\u0020-\\u007E]");
|
|
28
|
+
/** NFKC-normalize, escape control chars to visible `\xNN`, drop invisible chars. */
|
|
29
|
+
export function sanitizeUntrusted(raw) {
|
|
30
|
+
const s = (typeof raw === "string" ? raw : String(raw)).normalize("NFKC");
|
|
31
|
+
return s
|
|
32
|
+
.replace(CONTROL_RE, (c) => "\\x" + (c.codePointAt(0) ?? 0).toString(16).padStart(2, "0"))
|
|
33
|
+
.replace(INVISIBLE_RE, "");
|
|
34
|
+
}
|
|
35
|
+
/** True if the string contains any non-printable-ASCII char (homoglyph risk). */
|
|
36
|
+
export function hasNonAscii(s) {
|
|
37
|
+
return NON_ASCII_RE.test(s);
|
|
38
|
+
}
|
|
39
|
+
/**
|
|
40
|
+
* Render an attacker-controlled value for a single-line human/LLM context:
|
|
41
|
+
* sanitized, length-capped, and tagged `<non-ASCII>` when it contains non-ASCII
|
|
42
|
+
* characters (possible homoglyph) so a look-alike token isn't silently trusted.
|
|
43
|
+
*/
|
|
44
|
+
export function renderUntrusted(raw, maxLen = 200) {
|
|
45
|
+
const s = sanitizeUntrusted(raw);
|
|
46
|
+
// Flag on the actual content, not the (ASCII) truncation marker.
|
|
47
|
+
const flagged = hasNonAscii(s);
|
|
48
|
+
const capped = s.length > maxLen ? s.slice(0, maxLen) + "..." : s;
|
|
49
|
+
return flagged ? `${capped} <non-ASCII>` : capped;
|
|
50
|
+
}
|
|
51
|
+
//# sourceMappingURL=sanitize.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sanitize.js","sourceRoot":"","sources":["../../src/lib/sanitize.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,sDAAsD;AACtD,MAAM,UAAU,GAAG,IAAI,MAAM,CAAC,kCAAkC,EAAE,GAAG,CAAC,CAAC;AACvE,4EAA4E;AAC5E,2EAA2E;AAC3E,MAAM,YAAY,GAAG,IAAI,MAAM,CAC7B,uEAAuE,EACvE,GAAG,CACJ,CAAC;AACF,mDAAmD;AACnD,MAAM,YAAY,GAAG,IAAI,MAAM,CAAC,oBAAoB,CAAC,CAAC;AAEtD,oFAAoF;AACpF,MAAM,UAAU,iBAAiB,CAAC,GAAY;IAC5C,MAAM,CAAC,GAAG,CAAC,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAC1E,OAAO,CAAC;SACL,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SACzF,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;AAC/B,CAAC;AAED,iFAAiF;AACjF,MAAM,UAAU,WAAW,CAAC,CAAS;IACnC,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAC9B,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAAC,GAAY,EAAE,MAAM,GAAG,GAAG;IACxD,MAAM,CAAC,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC;IACjC,iEAAiE;IACjE,MAAM,OAAO,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;IAC/B,MAAM,MAAM,GAAG,CAAC,CAAC,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAClE,OAAO,OAAO,CAAC,CAAC,CAAC,GAAG,MAAM,cAAc,CAAC,CAAC,CAAC,MAAM,CAAC;AACpD,CAAC"}
|
package/dist/lib/signer.d.ts
CHANGED
|
@@ -7,6 +7,8 @@ import { type EnvGuardResult } from "./requireEnv.js";
|
|
|
7
7
|
*/
|
|
8
8
|
export declare class SignerManager {
|
|
9
9
|
private readonly cache;
|
|
10
|
+
/** Per-chain broadcast serialization queue (H-12 nonce guard). */
|
|
11
|
+
private readonly broadcastQueues;
|
|
10
12
|
private readonly key;
|
|
11
13
|
private readonly config;
|
|
12
14
|
constructor(config: DexeConfig);
|
|
@@ -30,6 +32,15 @@ export declare class SignerManager {
|
|
|
30
32
|
* instead of a thrown stack trace.
|
|
31
33
|
*/
|
|
32
34
|
trySigner(chainId?: number): EnvGuardResult<Wallet>;
|
|
35
|
+
/**
|
|
36
|
+
* Serialize broadcasts per chain. Concurrent `dexe_tx_send` / composite-flow
|
|
37
|
+
* calls that share this signer would otherwise invoke `sendTransaction` at
|
|
38
|
+
* the same time, both read the same pending nonce, and one transaction is
|
|
39
|
+
* silently dropped (or hangs until timeout) — H-12. Each task runs only after
|
|
40
|
+
* the previous one for the same chain has settled; task failures are isolated
|
|
41
|
+
* so the queue keeps flowing.
|
|
42
|
+
*/
|
|
43
|
+
withBroadcastLock<T>(chainId: number, task: () => Promise<T>): Promise<T>;
|
|
33
44
|
private failNoKey;
|
|
34
45
|
}
|
|
35
46
|
//# sourceMappingURL=signer.d.ts.map
|
package/dist/lib/signer.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"signer.d.ts","sourceRoot":"","sources":["../../src/lib/signer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAmB,MAAM,EAAE,MAAM,QAAQ,CAAC;AACjD,OAAO,EAAgB,KAAK,UAAU,EAAE,MAAM,cAAc,CAAC;AAC7D,OAAO,EAAW,KAAK,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAE/D;;;GAGG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,KAAK,CAA6B;IACnD,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAqB;IACzC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAa;gBAExB,MAAM,EAAE,UAAU;IAK9B,SAAS,IAAI,OAAO;IAIpB,wFAAwF;IACxF,SAAS,IAAI,UAAU;IAIvB;;;OAGG;IACH,UAAU,IAAI,MAAM;IAKpB;;;OAGG;IACH,aAAa,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,MAAM;IAYvC;;;;;OAKG;IACH,SAAS,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,cAAc,CAAC,MAAM,CAAC;IAWnD,OAAO,CAAC,SAAS;CAMlB"}
|
|
1
|
+
{"version":3,"file":"signer.d.ts","sourceRoot":"","sources":["../../src/lib/signer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAmB,MAAM,EAAE,MAAM,QAAQ,CAAC;AACjD,OAAO,EAAgB,KAAK,UAAU,EAAE,MAAM,cAAc,CAAC;AAC7D,OAAO,EAAW,KAAK,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAE/D;;;GAGG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,KAAK,CAA6B;IACnD,kEAAkE;IAClE,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAuC;IACvE,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAqB;IACzC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAa;gBAExB,MAAM,EAAE,UAAU;IAK9B,SAAS,IAAI,OAAO;IAIpB,wFAAwF;IACxF,SAAS,IAAI,UAAU;IAIvB;;;OAGG;IACH,UAAU,IAAI,MAAM;IAKpB;;;OAGG;IACH,aAAa,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,MAAM;IAYvC;;;;;OAKG;IACH,SAAS,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,cAAc,CAAC,MAAM,CAAC;IAWnD;;;;;;;OAOG;IACG,iBAAiB,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC;IAgB/E,OAAO,CAAC,SAAS;CAMlB"}
|
package/dist/lib/signer.js
CHANGED
|
@@ -7,6 +7,8 @@ import { hintFor } from "./requireEnv.js";
|
|
|
7
7
|
*/
|
|
8
8
|
export class SignerManager {
|
|
9
9
|
cache = new Map();
|
|
10
|
+
/** Per-chain broadcast serialization queue (H-12 nonce guard). */
|
|
11
|
+
broadcastQueues = new Map();
|
|
10
12
|
key;
|
|
11
13
|
config;
|
|
12
14
|
constructor(config) {
|
|
@@ -62,6 +64,20 @@ export class SignerManager {
|
|
|
62
64
|
};
|
|
63
65
|
}
|
|
64
66
|
}
|
|
67
|
+
/**
|
|
68
|
+
* Serialize broadcasts per chain. Concurrent `dexe_tx_send` / composite-flow
|
|
69
|
+
* calls that share this signer would otherwise invoke `sendTransaction` at
|
|
70
|
+
* the same time, both read the same pending nonce, and one transaction is
|
|
71
|
+
* silently dropped (or hangs until timeout) — H-12. Each task runs only after
|
|
72
|
+
* the previous one for the same chain has settled; task failures are isolated
|
|
73
|
+
* so the queue keeps flowing.
|
|
74
|
+
*/
|
|
75
|
+
async withBroadcastLock(chainId, task) {
|
|
76
|
+
const prev = this.broadcastQueues.get(chainId) ?? Promise.resolve();
|
|
77
|
+
const run = prev.then(() => task(), () => task());
|
|
78
|
+
this.broadcastQueues.set(chainId, run.then(() => undefined, () => undefined));
|
|
79
|
+
return run;
|
|
80
|
+
}
|
|
65
81
|
failNoKey() {
|
|
66
82
|
const dexeEnvKeys = Object.keys(process.env).filter(k => k.startsWith("DEXE_")).join(", ");
|
|
67
83
|
throw new Error(`DEXE_PRIVATE_KEY not set. Available DEXE_* env vars: [${dexeEnvKeys}]. Configure it in MCP server env to enable transaction signing.`);
|
package/dist/lib/signer.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"signer.js","sourceRoot":"","sources":["../../src/lib/signer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AACjD,OAAO,EAAE,YAAY,EAAmB,MAAM,cAAc,CAAC;AAC7D,OAAO,EAAE,OAAO,EAAuB,MAAM,iBAAiB,CAAC;AAE/D;;;GAGG;AACH,MAAM,OAAO,aAAa;IACP,KAAK,GAAG,IAAI,GAAG,EAAkB,CAAC;
|
|
1
|
+
{"version":3,"file":"signer.js","sourceRoot":"","sources":["../../src/lib/signer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AACjD,OAAO,EAAE,YAAY,EAAmB,MAAM,cAAc,CAAC;AAC7D,OAAO,EAAE,OAAO,EAAuB,MAAM,iBAAiB,CAAC;AAE/D;;;GAGG;AACH,MAAM,OAAO,aAAa;IACP,KAAK,GAAG,IAAI,GAAG,EAAkB,CAAC;IACnD,kEAAkE;IACjD,eAAe,GAAG,IAAI,GAAG,EAA4B,CAAC;IACtD,GAAG,CAAqB;IACxB,MAAM,CAAa;IAEpC,YAAY,MAAkB;QAC5B,IAAI,CAAC,GAAG,GAAG,MAAM,CAAC,UAAU,CAAC;QAC7B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,SAAS;QACP,OAAO,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;IACpB,CAAC;IAED,wFAAwF;IACxF,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED;;;OAGG;IACH,UAAU;QACR,IAAI,CAAC,IAAI,CAAC,GAAG;YAAE,IAAI,CAAC,SAAS,EAAE,CAAC;QAChC,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC;IACtC,CAAC;IAED;;;OAGG;IACH,aAAa,CAAC,OAAgB;QAC5B,IAAI,CAAC,IAAI,CAAC,GAAG;YAAE,IAAI,CAAC,SAAS,EAAE,CAAC;QAChC,MAAM,KAAK,GAAG,YAAY,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACjD,IAAI,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC3C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,QAAQ,GAAG,IAAI,eAAe,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YACnD,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;YACxC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACxC,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;;;OAKG;IACH,SAAS,CAAC,OAAgB;QACxB,IAAI,CAAC;YACH,OAAO,EAAE,EAAE,EAAE,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO;gBACL,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;gBACvD,WAAW,EAAE,OAAO,CAAC,CAAC,kBAAkB,CAAC,CAAC;aAC3C,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,iBAAiB,CAAI,OAAe,EAAE,IAAsB;QAChE,MAAM,IAAI,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpE,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CACnB,GAAG,EAAE,CAAC,IAAI,EAAE,EACZ,GAAG,EAAE,CAAC,IAAI,EAAE,CACb,CAAC;QACF,IAAI,CAAC,eAAe,CAAC,GAAG,CACtB,OAAO,EACP,GAAG,CAAC,IAAI,CACN,GAAG,EAAE,CAAC,SAAS,EACf,GAAG,EAAE,CAAC,SAAS,CAChB,CACF,CAAC;QACF,OAAO,GAAG,CAAC;IACb,CAAC;IAEO,SAAS;QACf,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3F,MAAM,IAAI,KAAK,CACb,yDAAyD,WAAW,kEAAkE,CACvI,CAAC;IACJ,CAAC;CACF"}
|
package/dist/lib/subgraph.d.ts
CHANGED
|
@@ -15,6 +15,13 @@ export interface GqlResponse<T> {
|
|
|
15
15
|
* embed a key (e.g. `…/api/subgraphs/id/<id>` — Bearer-only style).
|
|
16
16
|
*/
|
|
17
17
|
export declare function extractGraphApiKey(endpoint: string): string | undefined;
|
|
18
|
+
/**
|
|
19
|
+
* Trusted hosts for The Graph's decentralized gateway / Studio. The Graph API
|
|
20
|
+
* key is only meaningful for these; we refuse to attach it as a Bearer to any
|
|
21
|
+
* other configured endpoint so a hostile `DEXE_SUBGRAPH_*_URL` can't harvest
|
|
22
|
+
* the operator's key (W21 companion / L-6).
|
|
23
|
+
*/
|
|
24
|
+
export declare function isTrustedGraphHost(endpoint: string): boolean;
|
|
18
25
|
export declare function gqlRequest<T>(endpoint: string, query: string, variables?: Record<string, unknown>, apiKey?: string): Promise<T>;
|
|
19
26
|
/** Ported from frontend gov-pools subgraph `proposalInteractions` query. */
|
|
20
27
|
export declare const PROPOSAL_INTERACTIONS_QUERY = "\n query ProposalInteractions($proposalId: String!, $first: Int!, $skip: Int!) {\n proposalInteractions(\n where: { proposal: $proposalId }\n first: $first\n skip: $skip\n orderBy: timestamp\n orderDirection: desc\n ) {\n id\n hash\n timestamp\n interactionType\n totalVote\n voter {\n id\n voter {\n id\n }\n }\n }\n }\n";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"subgraph.d.ts","sourceRoot":"","sources":["../../src/lib/subgraph.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,MAAM,WAAW,WAAW,CAAC,CAAC;IAC5B,IAAI,CAAC,EAAE,CAAC,CAAC;IACT,MAAM,CAAC,EAAE,KAAK,CAAC;QAAE,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACrC;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAGvE;AAED,wBAAsB,UAAU,CAAC,CAAC,EAChC,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,EACb,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACnC,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,CAAC,CAAC,
|
|
1
|
+
{"version":3,"file":"subgraph.d.ts","sourceRoot":"","sources":["../../src/lib/subgraph.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,MAAM,WAAW,WAAW,CAAC,CAAC;IAC5B,IAAI,CAAC,EAAE,CAAC,CAAC;IACT,MAAM,CAAC,EAAE,KAAK,CAAC;QAAE,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACrC;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAGvE;AAED;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAO5D;AAED,wBAAsB,UAAU,CAAC,CAAC,EAChC,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,EACb,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACnC,MAAM,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,CAAC,CAAC,CA4BZ;AAED,4EAA4E;AAC5E,eAAO,MAAM,2BAA2B,2aAsBvC,CAAC"}
|
package/dist/lib/subgraph.js
CHANGED
|
@@ -7,11 +7,33 @@ export function extractGraphApiKey(endpoint) {
|
|
|
7
7
|
const m = endpoint.match(/\/api\/([0-9a-f]{32,})\/subgraphs\//i);
|
|
8
8
|
return m ? m[1] : undefined;
|
|
9
9
|
}
|
|
10
|
+
/**
|
|
11
|
+
* Trusted hosts for The Graph's decentralized gateway / Studio. The Graph API
|
|
12
|
+
* key is only meaningful for these; we refuse to attach it as a Bearer to any
|
|
13
|
+
* other configured endpoint so a hostile `DEXE_SUBGRAPH_*_URL` can't harvest
|
|
14
|
+
* the operator's key (W21 companion / L-6).
|
|
15
|
+
*/
|
|
16
|
+
export function isTrustedGraphHost(endpoint) {
|
|
17
|
+
try {
|
|
18
|
+
const host = new URL(endpoint).hostname.toLowerCase();
|
|
19
|
+
return host === "thegraph.com" || host.endsWith(".thegraph.com");
|
|
20
|
+
}
|
|
21
|
+
catch {
|
|
22
|
+
return false;
|
|
23
|
+
}
|
|
24
|
+
}
|
|
10
25
|
export async function gqlRequest(endpoint, query, variables, apiKey) {
|
|
11
26
|
const headers = { "Content-Type": "application/json" };
|
|
12
|
-
const
|
|
13
|
-
|
|
27
|
+
const extracted = extractGraphApiKey(endpoint);
|
|
28
|
+
const key = apiKey ?? process.env.DEXE_GRAPH_API_KEY?.trim() ?? extracted;
|
|
29
|
+
// W21/L-6: only attach the key as a Bearer when the endpoint is a trusted
|
|
30
|
+
// Graph host, or when the key is already embedded in the endpoint URL
|
|
31
|
+
// (sending it back to the same URL leaks nothing new). A hostile
|
|
32
|
+
// DEXE_SUBGRAPH_*_URL must not receive the operator's separate Graph API key.
|
|
33
|
+
const keyAlreadyInUrl = extracted !== undefined && key === extracted;
|
|
34
|
+
if (key && (keyAlreadyInUrl || isTrustedGraphHost(endpoint))) {
|
|
14
35
|
headers["Authorization"] = `Bearer ${key}`;
|
|
36
|
+
}
|
|
15
37
|
const res = await fetch(endpoint, {
|
|
16
38
|
method: "POST",
|
|
17
39
|
headers,
|
package/dist/lib/subgraph.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"subgraph.js","sourceRoot":"","sources":["../../src/lib/subgraph.ts"],"names":[],"mappings":"AAUA;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,QAAgB;IACjD,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;IACjE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AAC9B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,QAAgB,EAChB,KAAa,EACb,SAAmC,EACnC,MAAe;IAEf,MAAM,OAAO,GAA2B,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC;IAC/E,MAAM,GAAG,GAAG,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,kBAAkB,EAAE,IAAI,EAAE,IAAI,kBAAkB,CAAC,QAAQ,CAAC,CAAC
|
|
1
|
+
{"version":3,"file":"subgraph.js","sourceRoot":"","sources":["../../src/lib/subgraph.ts"],"names":[],"mappings":"AAUA;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,QAAgB;IACjD,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;IACjE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AAC9B,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,kBAAkB,CAAC,QAAgB;IACjD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QACtD,OAAO,IAAI,KAAK,cAAc,IAAI,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;IACnE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,QAAgB,EAChB,KAAa,EACb,SAAmC,EACnC,MAAe;IAEf,MAAM,OAAO,GAA2B,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC;IAC/E,MAAM,SAAS,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC;IAC/C,MAAM,GAAG,GAAG,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,kBAAkB,EAAE,IAAI,EAAE,IAAI,SAAS,CAAC;IAC1E,0EAA0E;IAC1E,sEAAsE;IACtE,iEAAiE;IACjE,8EAA8E;IAC9E,MAAM,eAAe,GAAG,SAAS,KAAK,SAAS,IAAI,GAAG,KAAK,SAAS,CAAC;IACrE,IAAI,GAAG,IAAI,CAAC,eAAe,IAAI,kBAAkB,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;QAC7D,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,GAAG,EAAE,CAAC;IAC7C,CAAC;IAED,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;QAChC,MAAM,EAAE,MAAM;QACd,OAAO;QACP,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;KAC3C,CAAC,CAAC;IACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QAChD,MAAM,IAAI,KAAK,CAAC,iBAAiB,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,UAAU,GAAG,MAAM,CAAC,CAAC,CAAC,MAAM,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAChH,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAmB,CAAC;IAClD,IAAI,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,oBAAoB,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACtF,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,IAAI;QAAE,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;IAChE,OAAO,IAAI,CAAC,IAAI,CAAC;AACnB,CAAC;AAED,4EAA4E;AAC5E,MAAM,CAAC,MAAM,2BAA2B,GAAG,aAAa,CAAC;;;;;;;;;;;;;;;;;;;;;;CAsBxD,CAAC"}
|
package/dist/rpc.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rpc.d.ts","sourceRoot":"","sources":["../src/rpc.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,QAAQ,CAAC;AACzC,OAAO,EAAgB,KAAK,UAAU,EAAE,MAAM,aAAa,CAAC;AAC5D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;
|
|
1
|
+
{"version":3,"file":"rpc.d.ts","sourceRoot":"","sources":["../src/rpc.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,QAAQ,CAAC;AACzC,OAAO,EAAgB,KAAK,UAAU,EAAE,MAAM,aAAa,CAAC;AAC5D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAG1D;;;;;;;GAOG;AACH,qBAAa,WAAW;IAGV,OAAO,CAAC,QAAQ,CAAC,MAAM;IAFnC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAsC;gBAE/B,MAAM,EAAE,UAAU;IAE/C,eAAe,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,eAAe;IAUlD;;;;;OAKG;IACH,WAAW,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,cAAc,CAAC,eAAe,CAAC;IAa9D,yEAAyE;IACzE,cAAc,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,MAAM;CAGzC"}
|
package/dist/rpc.js
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { JsonRpcProvider } from "ethers";
|
|
2
2
|
import { resolveChain } from "./config.js";
|
|
3
|
+
import { safeErrorMessage } from "./lib/redact.js";
|
|
3
4
|
/**
|
|
4
5
|
* Lazy ethers v6 provider factory. Gov tools that need an RPC endpoint call
|
|
5
6
|
* `requireProvider(chainId?)`; tools that don't (decode_calldata,
|
|
@@ -35,7 +36,7 @@ export class RpcProvider {
|
|
|
35
36
|
}
|
|
36
37
|
catch (err) {
|
|
37
38
|
return {
|
|
38
|
-
error:
|
|
39
|
+
error: safeErrorMessage(err),
|
|
39
40
|
remediation: "Set DEXE_RPC_URL_TESTNET / DEXE_RPC_URL_MAINNET / DEXE_RPC_URL_<chainId> in .env, " +
|
|
40
41
|
"then restart the MCP server (Claude Code: quit + relaunch). Run dexe_doctor to verify.",
|
|
41
42
|
};
|
package/dist/rpc.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rpc.js","sourceRoot":"","sources":["../src/rpc.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,QAAQ,CAAC;AACzC,OAAO,EAAE,YAAY,EAAmB,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"rpc.js","sourceRoot":"","sources":["../src/rpc.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,QAAQ,CAAC;AACzC,OAAO,EAAE,YAAY,EAAmB,MAAM,aAAa,CAAC;AAE5D,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAEnD;;;;;;;GAOG;AACH,MAAM,OAAO,WAAW;IAGO;IAFZ,KAAK,GAAG,IAAI,GAAG,EAA2B,CAAC;IAE5D,YAA6B,MAAkB;QAAlB,WAAM,GAAN,MAAM,CAAY;IAAG,CAAC;IAEnD,eAAe,CAAC,OAAgB;QAC9B,MAAM,KAAK,GAAG,YAAY,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACjD,IAAI,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC7C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,QAAQ,GAAG,IAAI,eAAe,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAC7C,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAC1C,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;;;;OAKG;IACH,WAAW,CAAC,OAAgB;QAC1B,IAAI,CAAC;YACH,OAAO,EAAE,EAAE,EAAE,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;QAC/C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO;gBACL,KAAK,EAAE,gBAAgB,CAAC,GAAG,CAAC;gBAC5B,WAAW,EACT,oFAAoF;oBACpF,wFAAwF;aAC3F,CAAC;QACJ,CAAC;IACH,CAAC;IAED,yEAAyE;IACzE,cAAc,CAAC,OAAgB;QAC7B,OAAO,YAAY,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,OAAO,CAAC;IACpD,CAAC;CACF"}
|
package/dist/tools/dao.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dao.d.ts","sourceRoot":"","sources":["../../src/tools/dao.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACzE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"dao.d.ts","sourceRoot":"","sources":["../../src/tools/dao.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACzE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AA0BhD,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,SAAS,EAAE,GAAG,EAAE,WAAW,GAAG,IAAI,CAkB1E"}
|
package/dist/tools/dao.js
CHANGED
|
@@ -3,6 +3,7 @@ import { Contract, Interface, isAddress } from "ethers";
|
|
|
3
3
|
import { RpcProvider } from "../rpc.js";
|
|
4
4
|
import { AddressBook, CONTRACT_NAMES } from "../lib/addresses.js";
|
|
5
5
|
import { multicall } from "../lib/multicall.js";
|
|
6
|
+
import { renderUntrusted } from "../lib/sanitize.js";
|
|
6
7
|
const POOL_FACTORY_ABI = [
|
|
7
8
|
"function predictGovAddresses(address deployer, string poolName) view returns (tuple(address govPool, address govTokenSale, address govToken, address distributionProposal, address expertNft, address nftMultiplier))",
|
|
8
9
|
];
|
|
@@ -231,7 +232,7 @@ function registerDaoInfo(server, ctx, rpc, requireBook) {
|
|
|
231
232
|
validatorsCount,
|
|
232
233
|
};
|
|
233
234
|
const text = `GovPool ${govPool}\n` +
|
|
234
|
-
` descriptionURL: ${descriptionURL
|
|
235
|
+
` descriptionURL: ${descriptionURL != null ? renderUntrusted(descriptionURL) : "(none)"}\n` +
|
|
235
236
|
` validators: ${validatorsCount ?? "?"}\n\n` +
|
|
236
237
|
`Helpers:\n` +
|
|
237
238
|
` settings : ${helpers.settings}\n` +
|
package/dist/tools/dao.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dao.js","sourceRoot":"","sources":["../../src/tools/dao.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AAGxD,OAAO,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AACxC,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAClE,OAAO,EAAE,SAAS,EAAa,MAAM,qBAAqB,CAAC;
|
|
1
|
+
{"version":3,"file":"dao.js","sourceRoot":"","sources":["../../src/tools/dao.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AAGxD,OAAO,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AACxC,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAClE,OAAO,EAAE,SAAS,EAAa,MAAM,qBAAqB,CAAC;AAE3D,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAErD,MAAM,gBAAgB,GAAG;IACvB,uNAAuN;CAC/M,CAAC;AAEX,MAAM,iBAAiB,GAAG;IACxB,+DAA+D;CACvD,CAAC;AAEX,MAAM,YAAY,GAAG;IACnB,gJAAgJ;IAChJ,yHAAyH;IACzH,iDAAiD;IACjD,uCAAuC;CAC/B,CAAC;AAEX,MAAM,kBAAkB,GAAG;IACzB,mDAAmD;CAC3C,CAAC;AAEX,MAAM,UAAU,gBAAgB,CAAC,MAAiB,EAAE,GAAgB;IAClE,MAAM,GAAG,GAAG,IAAI,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAExC,SAAS,WAAW;QAClB,MAAM,EAAE,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;QAC7B,IAAI,OAAO,IAAI,EAAE;YAAE,OAAO,EAAE,CAAC;QAC7B,OAAO;YACL,EAAE,EAAE,IAAI,WAAW,CAAC;gBAClB,QAAQ,EAAE,EAAE,CAAC,EAAE;gBACf,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,OAAO;gBAC3B,gBAAgB,EAAE,GAAG,CAAC,MAAM,CAAC,gBAAgB;aAC9C,CAAC;SACH,CAAC;IACJ,CAAC;IAED,wBAAwB,CAAC,MAAM,EAAE,GAAG,EAAE,WAAW,CAAC,CAAC;IACnD,sBAAsB,CAAC,MAAM,EAAE,GAAG,EAAE,WAAW,CAAC,CAAC;IACjD,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,WAAW,CAAC,CAAC;AACjD,CAAC;AAED,SAAS,WAAW,CAAC,OAAe;IAClC,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAChF,CAAC;AAED,mDAAmD;AAEnD,SAAS,wBAAwB,CAC/B,MAAiB,EACjB,GAAgB,EAChB,WAA8C;IAE9C,MAAM,CAAC,YAAY,CACjB,4BAA4B,EAC5B;QACE,KAAK,EAAE,+CAA+C;QACtD,WAAW,EACT,6PAA6P;QAC/P,WAAW,EAAE;YACX,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,yDAAyD,CAAC;YACxF,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6CAA6C,CAAC;SAC7E;QACD,YAAY,EAAE;YACZ,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;YACnB,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;YACxB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;YACpB,oBAAoB,EAAE,CAAC,CAAC,MAAM,EAAE;YAChC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;YACrB,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE;SAC1B;KACF,EACD,KAAK,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE,EAAE,EAAE;QAC/B,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC;YAAE,OAAO,WAAW,CAAC,6BAA6B,QAAQ,EAAE,CAAC,CAAC;QACtF,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,WAAW,CAAC,4BAA4B,CAAC,CAAC;QAEzF,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,WAAW,EAAE,CAAC;YACzB,IAAI,OAAO,IAAI,EAAE;gBAAE,OAAO,WAAW,CAAC,GAAG,EAAE,CAAC,KAAK,KAAK,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;YACxE,MAAM,IAAI,GAAG,EAAE,CAAC,EAAE,CAAC;YACnB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;YACpE,MAAM,OAAO,GAAG,IAAI,QAAQ,CAAC,WAAW,EAAE,gBAAgB,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC3E,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,qBAAqB,CAAC,CAAC,UAAU,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;YAC5F,MAAM,UAAU,GAAG;gBACjB,OAAO,EAAE,GAAG,CAAC,OAAiB;gBAC9B,YAAY,EAAE,GAAG,CAAC,YAAsB;gBACxC,QAAQ,EAAE,GAAG,CAAC,QAAkB;gBAChC,oBAAoB,EAAE,GAAG,CAAC,oBAA8B;gBACxD,SAAS,EAAE,GAAG,CAAC,SAAmB;gBAClC,aAAa,EAAE,GAAG,CAAC,aAAuB;aAC3C,CAAC;YACF,MAAM,IAAI,GACR,iCAAiC,QAAQ,iBAAiB,QAAQ,KAAK;gBACvE,4BAA4B,UAAU,CAAC,OAAO,IAAI;gBAClD,4BAA4B,UAAU,CAAC,YAAY,IAAI;gBACvD,4BAA4B,UAAU,CAAC,QAAQ,IAAI;gBACnD,4BAA4B,UAAU,CAAC,oBAAoB,IAAI;gBAC/D,4BAA4B,UAAU,CAAC,SAAS,IAAI;gBACpD,4BAA4B,UAAU,CAAC,aAAa,EAAE,CAAC;YACzD,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,CAAC;gBAC1C,iBAAiB,EAAE,UAAU;aAC9B,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,WAAW,CAChB,gCAAgC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CACnF,CAAC;QACJ,CAAC;IACH,CAAC,CACF,CAAC;AACJ,CAAC;AAED,iDAAiD;AAEjD,SAAS,sBAAsB,CAC7B,MAAiB,EACjB,GAAgB,EAChB,WAA8C;IAE9C,MAAM,CAAC,YAAY,CACjB,0BAA0B,EAC1B;QACE,KAAK,EAAE,4CAA4C;QACnD,WAAW,EACT,gIAAgI;QAClI,WAAW,EAAE;YACX,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,2BAA2B,CAAC;SAC1D;QACD,YAAY,EAAE;YACZ,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;YACnB,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE;YACtB,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;YACxB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;SACpB;KACF,EACD,KAAK,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE;QACpB,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;YAAE,OAAO,WAAW,CAAC,oBAAoB,OAAO,EAAE,CAAC,CAAC;QAC3E,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,WAAW,EAAE,CAAC;YACzB,IAAI,OAAO,IAAI,EAAE;gBAAE,OAAO,WAAW,CAAC,GAAG,EAAE,CAAC,KAAK,KAAK,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;YACxE,MAAM,IAAI,GAAG,EAAE,CAAC,EAAE,CAAC;YACnB,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC;YACtE,MAAM,GAAG,GAAG,IAAI,QAAQ,CAAC,YAAY,EAAE,iBAAiB,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;YACzE,MAAM,KAAK,GAAY,MAAM,GAAG,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;YAC9E,MAAM,UAAU,GAAG;gBACjB,OAAO;gBACP,SAAS,EAAE,KAAK;gBAChB,YAAY,EAAE,YAAY;gBAC1B,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,OAAO;aAC5B,CAAC;YACF,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAe;wBACrB,IAAI,EAAE,GAAG,OAAO,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,yBAAyB,GAAG,CAAC,MAAM,CAAC,OAAO,kBAAkB,YAAY,IAAI;qBACzH;iBACF;gBACD,iBAAiB,EAAE,UAAU;aAC9B,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,WAAW,CAChB,2BAA2B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAC9E,CAAC;QACJ,CAAC;IACH,CAAC,CACF,CAAC;AACJ,CAAC;AAED,sCAAsC;AAEtC,SAAS,eAAe,CACtB,MAAiB,EACjB,GAAgB,EAChB,GAAgB,EAChB,WAA8C;IAE9C,MAAM,CAAC,YAAY,CACjB,eAAe,EACf;QACE,KAAK,EAAE,wDAAwD;QAC/D,WAAW,EACT,iNAAiN;QACnN,WAAW,EAAE;YACX,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,0BAA0B,CAAC;SACzD;QACD,YAAY,EAAE;YACZ,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;YACnB,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;YACrC,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC;gBAChB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;gBACpB,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE;gBACtB,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE;gBACtB,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;gBACxB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;aACtB,CAAC;YACF,YAAY,EAAE,CAAC,CAAC,MAAM,CAAC;gBACrB,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE;gBACzB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;gBACrB,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE;gBACzB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;aACjB,CAAC;YACF,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;SACvC;KACF,EACD,KAAK,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE;QACpB,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;YAAE,OAAO,WAAW,CAAC,4BAA4B,OAAO,EAAE,CAAC,CAAC;QACnF,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;YAC7B,IAAI,OAAO,IAAI,EAAE;gBAAE,OAAO,WAAW,CAAC,GAAG,EAAE,CAAC,KAAK,KAAK,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;YACxE,MAAM,QAAQ,GAAG,EAAE,CAAC,EAAE,CAAC;YACvB,MAAM,OAAO,GAAG,IAAI,SAAS,CAAC,YAAmC,CAAC,CAAC;YACnE,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC,kBAAyC,CAAC,CAAC;YAExE,oDAAoD;YACpD,MAAM,MAAM,GAAW;gBACrB,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,oBAAoB,EAAE,IAAI,EAAE,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE;gBAC/F,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,iBAAiB,EAAE,IAAI,EAAE,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE;gBAC5F,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,gBAAgB,EAAE,IAAI,EAAE,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE;aAC5F,CAAC;YACF,MAAM,CAAC,QAAQ,EAAE,IAAI,EAAE,KAAK,CAAC,GAAG,MAAM,SAAS,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;YAElE,IAAI,CAAC,QAAQ,EAAE,OAAO,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC;gBACzC,OAAO,WAAW,CAChB,WAAW,OAAO,wHAAwH,CAC3I,CAAC;YACJ,CAAC;YAED,MAAM,EAAE,GAAG,QAAQ,CAAC,KAMnB,CAAC;YACF,MAAM,EAAE,GAAG,IAAI,CAAC,KAKf,CAAC;YACF,MAAM,OAAO,GAAG;gBACd,QAAQ,EAAE,EAAE,CAAC,QAAQ;gBACrB,UAAU,EAAE,EAAE,CAAC,UAAU;gBACzB,UAAU,EAAE,EAAE,CAAC,UAAU;gBACzB,YAAY,EAAE,EAAE,CAAC,YAAY;gBAC7B,SAAS,EAAE,EAAE,CAAC,SAAS;aACxB,CAAC;YACF,MAAM,YAAY,GAAG;gBACnB,aAAa,EAAE,EAAE,CAAC,aAAa;gBAC/B,SAAS,EAAE,EAAE,CAAC,SAAS;gBACvB,aAAa,EAAE,EAAE,CAAC,aAAa;gBAC/B,IAAI,EAAE,EAAE,CAAC,IAAI;aACd,CAAC;YAEF,sDAAsD;YACtD,IAAI,eAAe,GAAkB,IAAI,CAAC;YAC1C,IAAI,OAAO,CAAC,UAAU,IAAI,SAAS,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;gBACxD,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,SAAS,CAAC,QAAQ,EAAE;oBACtC;wBACE,MAAM,EAAE,OAAO,CAAC,UAAU;wBAC1B,KAAK,EAAE,MAAM;wBACb,MAAM,EAAE,iBAAiB;wBACzB,IAAI,EAAE,EAAE;wBACR,YAAY,EAAE,IAAI;qBACnB;iBACF,CAAC,CAAC;gBACH,IAAI,GAAG,EAAE,OAAO,IAAI,GAAG,CAAC,KAAK,IAAI,IAAI,EAAE,CAAC;oBACtC,eAAe,GAAI,GAAG,CAAC,KAAgB,CAAC,QAAQ,EAAE,CAAC;gBACrD,CAAC;YACH,CAAC;YAED,MAAM,cAAc,GAClB,KAAK,EAAE,OAAO,IAAI,OAAO,KAAK,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAE,KAAK,CAAC,KAAgB,CAAC,CAAC,CAAC,IAAI,CAAC;YAErF,wEAAwE;YACxE,uDAAuD;YACvD,MAAM,OAAO,GAAG,WAAW,EAAE,CAAC;YAC9B,IAAI,OAAO,IAAI,OAAO;gBAAE,OAAO,WAAW,CAAC,GAAG,OAAO,CAAC,KAAK,KAAK,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;YAEvF,MAAM,UAAU,GAAG;gBACjB,OAAO;gBACP,cAAc;gBACd,OAAO;gBACP,YAAY;gBACZ,eAAe;aAChB,CAAC;YACF,MAAM,IAAI,GACR,WAAW,OAAO,IAAI;gBACtB,qBAAqB,cAAc,IAAI,IAAI,CAAC,CAAC,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI;gBAC5F,iBAAiB,eAAe,IAAI,GAAG,MAAM;gBAC7C,YAAY;gBACZ,oBAAoB,OAAO,CAAC,QAAQ,IAAI;gBACxC,oBAAoB,OAAO,CAAC,UAAU,IAAI;gBAC1C,oBAAoB,OAAO,CAAC,UAAU,IAAI;gBAC1C,oBAAoB,OAAO,CAAC,YAAY,IAAI;gBAC5C,oBAAoB,OAAO,CAAC,SAAS,MAAM;gBAC3C,kBAAkB;gBAClB,qBAAqB,YAAY,CAAC,aAAa,IAAI;gBACnD,qBAAqB,YAAY,CAAC,SAAS,IAAI;gBAC/C,qBAAqB,YAAY,CAAC,aAAa,IAAI;gBACnD,qBAAqB,YAAY,CAAC,IAAI,EAAE,CAAC;YAC3C,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,CAAC;gBAC1C,iBAAiB,EAAE,UAAU;aAC9B,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,WAAW,CAChB,oBAAoB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CACvE,CAAC;QACJ,CAAC;IACH,CAAC,CACF,CAAC;AACJ,CAAC"}
|