mpp32-mcp-server 1.5.0 → 1.7.0

package/CHANGELOG.md

@@ -4,6 +4,73 @@ All notable changes to `mpp32-mcp-server` are documented here. The format
 follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) and the
 project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.7.0] - 2026-06-07
+
+### Changed
+
+* **Supply-chain cleanup.** Dropped three direct dependencies that were
+  driving Socket.dev alerts on the published package:
+  * `tweetnacl` (unmaintained since 2020): the 32-byte-seed → 64-byte
+    keypair derivation now uses
+    `@solana/kit`'s `createKeyPairSignerFromPrivateKeyBytes` directly
+    via WebCrypto Ed25519.
+  * `cheerio` (and its 21 transitives, including the deprecated
+    `whatwg-encoding@3.1.1`): `get_pivx_dao_intelligence` now calls the
+    MPP32 backend's `/api/governance` endpoint instead of scraping
+    `pivx.org` client-side. Same payload; the backend has served it since
+    1.4.0.
+  * `bs58` + `base-x`: replaced with the already-in-tree `@scure/base`
+    `base58` codec.
+  Net effect: published install drops from 181 to ~155 transitive
+  packages, zero deprecated, zero unmaintained-since-2020.
+* **All direct dependencies pinned to exact versions** (no `^` ranges).
+* **`engines.node` raised to `>=20.10.0`** (Node 18 reached end-of-life
+  in April 2025; WebCrypto Ed25519 is native on 20.10+).
+
+### Added
+
+* **npm provenance.** Releases now ship with an [npm provenance
+  attestation](https://docs.npmjs.com/generating-provenance-statements)
+  linking the tarball to the exact GitHub Actions run that built it.
+  Verify with `npm audit signatures`.
+* **`SECURITY.md` included in the published tarball**, describing
+  runtime behavior, the env vars the server reads, and the egress
+  allow-list.
+* **`docs/EGRESS.md`** (repo) enumerates every outbound host the MCP
+  server reaches and why.
+* **`socket.yml`** (repo) documents the small set of behavior alerts we
+  consciously accept (`envVars`, `networkAccess`, `hasBin`) with links
+  to where each behavior is implemented.
+
+### Removed
+
+* `pivx-provider.ts` (the cheerio-based client-side scraper). Replaced
+  by a 25-line wrapper around `${MPP32_API_URL}/api/governance`.
+
+### Security
+
+* No code-level vulnerability fixed; this release exists to eliminate
+  supply-chain-risk surface area on the published package.
+
+## [1.6.0] - 2026-06-02
+
+### Added
+
+* **Auto Sign In With Solana (SIWS) at startup.** When both `MPP32_AGENT_KEY`
+  and `MPP32_SOLANA_PRIVATE_KEY` are configured, the MCP server proves wallet
+  ownership to the MPP32 backend on the first run and activates M32 holder
+  pricing on every subsequent paid query for the rest of the process lifetime.
+  The signed message is the canonical SIWS structure (single use nonce, five
+  minute expiry, domain bound to mpp32.org). Holders pay $0.0048 per
+  Intelligence Oracle query at the 1M tier and $0.0064 at the 250K tier with
+  zero extra setup beyond the Solana key already used for x402 payments.
+
+### Changed
+
+* **`get_mpp32_diagnostics` output adds an "M32 holder pricing" capability
+  row** showing the verified wallet, the tier, and the active discount once
+  SIWS has run.
+
 ## [1.5.0] - 2026-06-01
 
 ### Added

package/SECURITY.md

@@ -0,0 +1,77 @@
+# Security Policy — `mpp32-mcp-server`
+
+## Reporting a vulnerability
+
+Report security issues privately to **`security@mpp32.org`**.
+
+Include:
+
+- A description of the issue, including the affected version of
+  `mpp32-mcp-server`.
+- Steps to reproduce, or a minimal proof of concept.
+- The Node.js version, OS, and MCP host (Claude Desktop, Cursor,
+  Windsurf, …) you tested against.
+- Your name or handle if you'd like credit in the fix release.
+
+We aim to acknowledge reports within **3 business days** and provide a
+remediation timeline within **10 business days**. Please do not file public
+GitHub issues for security vulnerabilities until a fix has shipped.
+
+## Supported versions
+
+| Version  | Supported  |
+|:---------|:-----------|
+| `1.7.x`  | ✅ current  |
+| `1.6.x`  | High-severity only |
+| `< 1.6`  | ❌          |
+
+## What this package does at runtime
+
+Understanding the package's behavior is the first step in any audit. The
+MCP server is a stdio process. It:
+
+1. **Reads three environment variables** for authentication and signing:
+   `MPP32_AGENT_KEY`, `MPP32_PRIVATE_KEY` (EVM), and
+   `MPP32_SOLANA_PRIVATE_KEY`. Values are never logged, transmitted as
+   plaintext to third parties, or written to disk. See
+   `src/index.ts` for the exact validation rules.
+2. **Makes outbound HTTPS requests** to a small, fixed set of hosts
+   needed to discover services and settle x402 payments. The complete
+   egress allow-list is documented in [`docs/EGRESS.md`](../docs/EGRESS.md).
+3. **Signs Solana and EVM payment payloads locally** using
+   `@solana/kit` (WebCrypto Ed25519) and `viem` (secp256k1) inside the
+   user's Node process. Private keys never leave the machine.
+
+There is no install script, no native code, no filesystem write, no
+shell execution, and no dynamic `require`/`eval` in this package.
+
+## Provenance
+
+Starting with `1.7.0`, npm releases are published from a GitHub Actions
+workflow using OIDC and include an [npm provenance attestation][prov]
+linking the published tarball to the exact commit and workflow run that
+produced it. Verify with:
+
+```sh
+npm audit signatures
+```
+
+[prov]: https://docs.npmjs.com/generating-provenance-statements
+
+## Hardening already in place (backend)
+
+The MCP server depends on a backend at `mpp32.org` for the federated
+catalog and `/api/agent/execute`. Backend-side hardening is documented
+in the [root SECURITY.md](../SECURITY.md):
+
+- Production refuses to boot when `MPP_SECRET_KEY` is missing or matches
+  a committed default.
+- All outbound URLs from user submissions and agent execute calls run
+  through an SSRF guard.
+- Agent session API keys are hashed at rest with SHA-256.
+
+## Disclosure
+
+We follow coordinated disclosure. Reporters who act in good faith and
+follow this policy will not be subject to legal action for their
+research.

package/dist/index.js

@@ -3,7 +3,7 @@ import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
 import { z } from "zod";
 import { signX402Payment } from "./x402-signers.js";
-const SERVER_VERSION = "1.5.0";
+const SERVER_VERSION = "1.7.0";
 // ── Env loading: trim and sanitize aggressively ─────────────────────────────
 // Copy-paste from Claude Desktop / Cursor / Windsurf JSON config UIs frequently
 // adds trailing \n, \r, NBSP, BOM, or wraps the value in literal quotes. Any
@@ -251,6 +251,7 @@ server.tool("get_mpp32_diagnostics", "Report what the mpp32-mcp-server detected
         `- Federated service execution: ${AGENT_KEY ? "yes" : "no — set MPP32_AGENT_KEY"}`,
         `- x402 (USDC on Solana) payment: ${SOLANA_PRIVATE_KEY ? "yes" : "no — set MPP32_SOLANA_PRIVATE_KEY"}`,
         `- x402 (USDC on Base/EVM) payment: ${PRIVATE_KEY ? "yes" : "no — set MPP32_PRIVATE_KEY"}`,
+        `- M32 holder pricing (SIWS verified): ${siwsVerifiedAddress ? `yes — ${siwsTier} tier, ${siwsDiscountPercent}% off every paid query` : (AGENT_KEY && SOLANA_PRIVATE_KEY ? "pending — auto verification runs once at startup" : "no — set MPP32_AGENT_KEY + MPP32_SOLANA_PRIVATE_KEY")}`,
         ``,
         `**Ready to pay end-to-end:** ${readyToPay ? "YES — try `get_solana_token_intelligence` with token=\"M32\" to confirm." : "NO — see the missing items above. Meanwhile, you can still call `try_solana_token_intelligence_free` (10/min/IP, no keys required) to evaluate the oracle."}`,
         ``,
@@ -631,11 +632,25 @@ server.tool("scan_portfolio_m32", "M32-gated full wallet portfolio scan. Discove
         return { content: [{ type: "text", text: `Error: ${err instanceof Error ? err.message : String(err)}` }] };
     }
 });
-// ── Tool 7: get_pivx_dao_intelligence ─────────────────────────────────────
-// Self-contained: scrapes pivx.org/proposals + Chainz CryptoID directly.
-// Does NOT depend on any backend endpoint — works for every npm user out of the box.
-import { fetchPivxGovernance } from "./pivx-provider.js";
-server.tool("get_pivx_dao_intelligence", "Get real-time PIVX DAO governance intelligence. Returns active budget proposals with masternode voting tallies (Yes/No counts, net yes percentages), budget allocation status, network deflation metrics (unallocated treasury PIV that are never minted), and masternode network health. PIVX is a fully community-governed cryptocurrency where Masternode owners vote on budget proposals every ~30 days (43,200 blocks per superblock cycle, 432,000 PIV max monthly budget). Data scraped live from pivx.org/proposals and the PIVX blockchain via Chainz CryptoID. Cached for 5 minutes. Free — no payment or API key required.", {
+async function fetchPivxGovernance() {
+    const res = await fetchWithTimeout(`${API_URL}/api/governance`, {
+        timeoutMs: 15_000,
+        headers: { Accept: "application/json" },
+    });
+    if (!res.ok) {
+        throw new Error(`MPP32 governance endpoint returned HTTP ${res.status}`);
+    }
+    const { data } = (await res.json());
+    return {
+        proposals: data.proposals,
+        network: data.network,
+        deflation: data.deflation,
+        timestamp: data.meta.timestamp,
+        source: data.meta.source,
+        cacheHit: data.meta.cacheHit,
+    };
+}
+server.tool("get_pivx_dao_intelligence", "Get real-time PIVX DAO governance intelligence. Returns active budget proposals with masternode voting tallies (Yes/No counts, net yes percentages), budget allocation status, network deflation metrics (unallocated treasury PIV that are never minted), and masternode network health. PIVX is a fully community-governed cryptocurrency where Masternode owners vote on budget proposals every ~30 days (43,200 blocks per superblock cycle, 432,000 PIV max monthly budget). Data is served by the MPP32 backend, which aggregates pivx.org/proposals and the PIVX blockchain via Chainz CryptoID, and caches for 5 minutes. Free — no payment or API key required.", {
     filter: z
         .enum(["all", "passing", "failing"])
         .default("all")
@@ -712,7 +727,7 @@ server.tool("get_pivx_dao_intelligence", "Get real-time PIVX DAO governance inte
         return {
             content: [{
                     type: "text",
-                    text: `Failed to fetch PIVX governance data: ${err instanceof Error ? err.message : String(err)}. The tool scrapes pivx.org/proposals directly — the site may be temporarily unreachable.`,
+                    text: `Failed to fetch PIVX governance data: ${err instanceof Error ? err.message : String(err)}. The tool calls ${API_URL}/api/governance — the MPP32 backend or its upstream sources (pivx.org, chainz.cryptoid.info) may be temporarily unreachable.`,
                 }],
         };
     }
@@ -1521,6 +1536,95 @@ async function completeX402Payment(paymentRequiredHeader, keys) {
         protocolUsed: result.protocolUsed,
     };
 }
+// ── Auto SIWS bootstrap ─────────────────────────────────────────────────────
+// When both MPP32_AGENT_KEY and MPP32_SOLANA_PRIVATE_KEY are configured the
+// MCP server proves wallet ownership to the MPP32 backend at startup, which
+// activates M32 holder pricing on every subsequent paid query for the rest of
+// the process lifetime. No user action required.
+let siwsVerifiedAddress = null;
+let siwsTier = null;
+let siwsDiscountPercent = 0;
+async function tryAutoSiws() {
+    if (!AGENT_KEY || !SOLANA_PRIVATE_KEY)
+        return;
+    try {
+        // Lazy import to keep startup fast when only catalog browsing is needed.
+        const [kitMod, scureBase] = await Promise.all([
+            import("@solana/kit"),
+            import("@scure/base"),
+        ]);
+        const { base58 } = scureBase;
+        const { createKeyPairFromBytes, createKeyPairFromPrivateKeyBytes, getAddressFromPublicKey, signBytes, } = kitMod;
+        // Decode the private key. Supports JSON byte array, hex, and base58.
+        let bytes;
+        if (SOLANA_PRIVATE_KEY.startsWith("[")) {
+            bytes = new Uint8Array(JSON.parse(SOLANA_PRIVATE_KEY));
+        }
+        else if (/^[0-9a-fA-F]+$/.test(SOLANA_PRIVATE_KEY) && SOLANA_PRIVATE_KEY.length % 2 === 0) {
+            bytes = new Uint8Array(Buffer.from(SOLANA_PRIVATE_KEY, "hex"));
+        }
+        else {
+            bytes = base58.decode(SOLANA_PRIVATE_KEY);
+        }
+        let keyPair;
+        if (bytes.length === 32) {
+            keyPair = await createKeyPairFromPrivateKeyBytes(bytes);
+        }
+        else if (bytes.length === 64) {
+            keyPair = await createKeyPairFromBytes(bytes);
+        }
+        else {
+            console.error(`[mpp32] SIWS skipped: Solana key has unexpected length ${bytes.length}`);
+            return;
+        }
+        const walletAddress = await getAddressFromPublicKey(keyPair.publicKey);
+        // Step 1: request a nonce bound to our existing agent session.
+        const nonceRes = await fetchWithTimeout(`${API_URL}/api/auth/siws/nonce`, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({ wallet: walletAddress, agentKey: AGENT_KEY }),
+            timeoutMs: 8_000,
+        });
+        if (!nonceRes.ok) {
+            const text = await nonceRes.text().catch(() => "");
+            console.error(`[mpp32] SIWS nonce request failed: HTTP ${nonceRes.status} ${text.slice(0, 200)}`);
+            return;
+        }
+        const nonceBody = (await nonceRes.json());
+        const message = nonceBody.data?.message;
+        if (!message) {
+            console.error("[mpp32] SIWS nonce response missing message");
+            return;
+        }
+        // Step 2: sign the canonical message bytes via WebCrypto Ed25519.
+        const signatureBytes = await signBytes(keyPair.privateKey, new TextEncoder().encode(message));
+        const signature = base58.encode(signatureBytes);
+        // Step 3: verify with the backend. Backend marks session walletVerified=true.
+        const verifyRes = await fetchWithTimeout(`${API_URL}/api/auth/siws/verify`, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({ wallet: walletAddress, signature, agentKey: AGENT_KEY }),
+            timeoutMs: 8_000,
+        });
+        if (!verifyRes.ok) {
+            const text = await verifyRes.text().catch(() => "");
+            console.error(`[mpp32] SIWS verify failed: HTTP ${verifyRes.status} ${text.slice(0, 200)}`);
+            return;
+        }
+        const verifyBody = (await verifyRes.json());
+        siwsVerifiedAddress = verifyBody.data?.walletAddress ?? walletAddress;
+        siwsTier = verifyBody.data?.tier ?? "none";
+        siwsDiscountPercent = verifyBody.data?.discountPercent ?? 0;
+        const tierLabel = siwsDiscountPercent > 0
+            ? `${siwsTier} tier (${siwsDiscountPercent}% off every paid query)`
+            : "no holder tier (wallet holds zero M32, verification still active)";
+        const shortAddr = `${siwsVerifiedAddress.slice(0, 6)}…${siwsVerifiedAddress.slice(-4)}`;
+        console.error(`[mpp32] SIWS verified for ${shortAddr}: ${tierLabel}`);
+    }
+    catch (err) {
+        console.error(`[mpp32] SIWS bootstrap error: ${err instanceof Error ? err.message : String(err)}`);
+    }
+}
 // ── Start ───────────────────────────────────────────────────────────────────
 async function main() {
     const transport = new StdioServerTransport();
@@ -1533,6 +1637,9 @@ async function main() {
         .filter(Boolean)
         .join(", ") || "no keys (catalog-only legacy mode)";
     console.error(`[mpp32] MCP server v${SERVER_VERSION} on stdio. API ${API_URL}. Configured: ${features}. Timeout ${TIMEOUT_MS}ms.`);
+    // Auto SIWS in the background. Does not block startup — if it fails the user
+    // simply pays the standard rate instead of the holder rate.
+    void tryAutoSiws();
     // Per-variable status so a user staring at this log can immediately see
     // whether their env vars made it through. Values are fingerprinted.
     const fp = (v) => !v ? "NOT SET" : v.length <= 12 ? `SET (${v.length}c)` : `SET (${v.slice(0, 6)}…${v.slice(-4)}, ${v.length}c)`;

package/dist/x402-signers.js

@@ -18,12 +18,11 @@
 //   { x402Version: 1, scheme: "exact", network, payload: <scheme payload> }
 // base64-encoded into the `X-Payment` HTTP header.
 async function loadSvmDeps() {
-    const [kit, tokenProgram, computeBudgetProgram, bs58Mod, naclMod] = await Promise.all([
+    const [kit, tokenProgram, computeBudgetProgram, scureBase] = await Promise.all([
         import("@solana/kit"),
         import("@solana-program/token"),
         import("@solana-program/compute-budget"),
-        import("bs58"),
-        import("tweetnacl"),
+        import("@scure/base"),
     ]).catch((err) => {
         const msg = err instanceof Error ? err.message : String(err);
         throw new Error(`Could not load Solana signing libraries: ${msg}. ` +
@@ -33,6 +32,7 @@ async function loadSvmDeps() {
     return {
         address: kit.address,
         createKeyPairSignerFromBytes: kit.createKeyPairSignerFromBytes,
+        createKeyPairSignerFromPrivateKeyBytes: kit.createKeyPairSignerFromPrivateKeyBytes,
         createSolanaRpc: kit.createSolanaRpc,
         createTransactionMessage: kit.createTransactionMessage,
         setTransactionMessageFeePayer: kit.setTransactionMessageFeePayer,
@@ -46,8 +46,7 @@ async function loadSvmDeps() {
         TOKEN_PROGRAM_ADDRESS: tokenProgram.TOKEN_PROGRAM_ADDRESS,
         getSetComputeUnitLimitInstruction: computeBudgetProgram.getSetComputeUnitLimitInstruction,
         getSetComputeUnitPriceInstruction: computeBudgetProgram.getSetComputeUnitPriceInstruction,
-        bs58: bs58Mod.default ?? bs58Mod,
-        nacl: naclMod.default ?? naclMod,
+        base58: scureBase.base58,
     };
 }
 async function loadEvmDeps() {
@@ -94,20 +93,19 @@ function decodeSolanaSecret(raw, deps) {
     if (/^[0-9a-fA-F]+$/.test(raw) && raw.length % 2 === 0) {
         return new Uint8Array(Buffer.from(raw, "hex"));
     }
-    return deps.bs58.decode(raw);
+    return deps.base58.decode(raw);
 }
 async function buildSolanaSigner(rawKey, deps) {
-    let bytes = decodeSolanaSecret(rawKey, deps);
+    const bytes = decodeSolanaSecret(rawKey, deps);
     if (bytes.length === 32) {
-        // 32-byte seed — kit's createKeyPairSignerFromBytes wants the 64-byte
-        // expanded key. Derive via tweetnacl.
-        const kp = deps.nacl.sign.keyPair.fromSeed(bytes);
-        bytes = kp.secretKey;
+        // 32-byte seed — kit derives the public key via WebCrypto Ed25519.
+        return await deps.createKeyPairSignerFromPrivateKeyBytes(bytes);
     }
-    else if (bytes.length !== 64) {
-        throw new Error(`Solana private key must be a 32-byte seed or a 64-byte expanded key; got ${bytes.length} bytes.`);
+    if (bytes.length === 64) {
+        // 64-byte expanded key (seed || publicKey) — kit's standard path.
+        return await deps.createKeyPairSignerFromBytes(bytes);
     }
-    return await deps.createKeyPairSignerFromBytes(bytes);
+    throw new Error(`Solana private key must be a 32-byte seed or a 64-byte expanded key; got ${bytes.length} bytes.`);
 }
 // ── SVM signer ──────────────────────────────────────────────────────────────
 const DEFAULT_SOLANA_RPC = "https://api.mainnet-beta.solana.com";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mpp32-mcp-server",
-  "version": "1.5.0",
+  "version": "1.7.0",
   "mcpName": "io.github.MPP32/mpp32-mcp-server",
   "description": "Payment layer for AI agents. One MCP, five protocols, thousands of paid APIs your agent can call.",
   "type": "module",
@@ -20,7 +20,8 @@
     "dist/**/*.d.ts",
     "README.md",
     "CHANGELOG.md",
-    "LICENSE"
+    "LICENSE",
+    "SECURITY.md"
   ],
   "sideEffects": false,
   "scripts": {
@@ -67,19 +68,21 @@
   "bugs": {
     "url": "https://github.com/MPP32/MPP32/issues"
   },
+  "funding": "https://mpp32.org",
   "engines": {
-    "node": ">=18.0.0"
+    "node": ">=20.10.0"
+  },
+  "publishConfig": {
+    "access": "public"
   },
   "dependencies": {
-    "@modelcontextprotocol/sdk": "^1.12.0",
-    "@solana-program/compute-budget": "^0.15.0",
-    "@solana-program/token": "^0.13.0",
-    "@solana/kit": "^6.9.0",
-    "bs58": "^6.0.0",
-    "cheerio": "^1.2.0",
-    "tweetnacl": "^1.0.3",
-    "viem": "^2.48.11",
-    "zod": "^3.23.0"
+    "@modelcontextprotocol/sdk": "1.29.0",
+    "@scure/base": "1.2.6",
+    "@solana-program/compute-budget": "0.15.0",
+    "@solana-program/token": "0.13.0",
+    "@solana/kit": "6.9.0",
+    "viem": "2.52.2",
+    "zod": "3.25.76"
   },
   "peerDependencies": {
     "mppx": ">=0.4.0"
@@ -90,7 +93,7 @@
     }
   },
   "devDependencies": {
-    "@types/node": "^22.0.0",
-    "typescript": "^5.7.0"
+    "@types/node": "22.19.18",
+    "typescript": "5.9.3"
   }
 }

package/dist/pivx-provider.d.ts

@@ -1,42 +0,0 @@
-export interface PivxProposal {
-    name: string;
-    url: string;
-    status: "passing" | "failing";
-    funded: boolean;
-    netYesPercent: number;
-    yesVotes: number;
-    noVotes: number;
-    monthlyPaymentPiv: number;
-    monthlyPaymentUsd: number;
-    totalPaymentPiv: number;
-    installmentsRemaining: number;
-    totalInstallments: number;
-    budgetPercent: number;
-}
-export interface PivxNetworkStats {
-    masternodeCount: number;
-    passingThreshold: number;
-    monthlyBudgetPiv: number;
-    monthlyBudgetUsd: number;
-    budgetAllocatedPiv: number;
-    budgetAllocatedUsd: number;
-    budgetAllocatedPercent: number;
-    blockHeight: number;
-    totalSupply: number;
-    circulatingSupply: number;
-}
-export interface PivxGovernanceData {
-    proposals: PivxProposal[];
-    network: PivxNetworkStats;
-    deflation: {
-        unallocatedPivPerCycle: number;
-        unallocatedPercent: number;
-        annualUnallocatedPiv: number;
-        proposalFeeBurnPiv: number;
-        effectiveInflationReduction: string;
-    };
-    timestamp: string;
-    source: string;
-    cacheHit: boolean;
-}
-export declare function fetchPivxGovernance(): Promise<PivxGovernanceData>;

package/dist/pivx-provider.js

@@ -1,232 +0,0 @@
-import * as cheerio from "cheerio";
-// 5-minute cache
-const CACHE_TTL_MS = 5 * 60 * 1000;
-let cachedData = null;
-let cacheTimestamp = 0;
-const CHAINZ_BASE = "https://chainz.cryptoid.info/pivx/api.dws";
-async function chainzFetch(query) {
-    const res = await fetch(`${CHAINZ_BASE}?q=${query}`, {
-        signal: AbortSignal.timeout(8000),
-    });
-    if (!res.ok)
-        throw new Error(`Chainz API ${query}: HTTP ${res.status}`);
-    return (await res.text()).trim();
-}
-async function fetchNetworkStats() {
-    const [masternodeCount, blockHeight, totalSupply, circulating] = await Promise.allSettled([
-        chainzFetch("masternodecount"),
-        chainzFetch("getblockcount"),
-        chainzFetch("totalcoins"),
-        chainzFetch("circulating"),
-    ]);
-    const mn = masternodeCount.status === "fulfilled"
-        ? parseInt(masternodeCount.value, 10)
-        : 0;
-    const bh = blockHeight.status === "fulfilled"
-        ? parseInt(blockHeight.value, 10)
-        : 0;
-    const ts = totalSupply.status === "fulfilled"
-        ? parseFloat(totalSupply.value)
-        : 0;
-    const cs = circulating.status === "fulfilled"
-        ? parseFloat(circulating.value)
-        : 0;
-    return {
-        masternodeCount: isNaN(mn) ? 0 : mn,
-        blockHeight: isNaN(bh) ? 0 : bh,
-        totalSupply: isNaN(ts) ? 0 : ts,
-        circulatingSupply: isNaN(cs) ? 0 : cs,
-        passingThreshold: isNaN(mn) ? 0 : Math.ceil(mn * 0.1),
-    };
-}
-function parseNumber(text) {
-    const cleaned = text.replace(/[^0-9.\-]/g, "");
-    const num = parseFloat(cleaned);
-    return isNaN(num) ? 0 : num;
-}
-async function scrapePivxProposals() {
-    const res = await fetch("https://pivx.org/proposals", {
-        signal: AbortSignal.timeout(15000),
-        headers: {
-            "User-Agent": "MPP32-Governance-Oracle/1.0 (+https://mpp32.org)",
-            Accept: "text/html",
-        },
-    });
-    if (!res.ok)
-        throw new Error(`pivx.org/proposals returned HTTP ${res.status}`);
-    const html = await res.text();
-    const $ = cheerio.load(html);
-    const pageText = $("body").text();
-    let monthlyBudgetPiv = 432000;
-    let monthlyBudgetUsd = 0;
-    let budgetAllocatedPiv = 0;
-    let budgetAllocatedUsd = 0;
-    let masternodeCount = 0;
-    let passingThreshold = 0;
-    const budgetMatch = pageText.match(/Monthly\s*Budget[:\s]*([\d,]+)\s*PIV/i);
-    if (budgetMatch?.[1])
-        monthlyBudgetPiv = parseNumber(budgetMatch[1]);
-    const budgetUsdMatch = pageText.match(/Monthly\s*Budget[^$]*US?\$([\d,.]+)/i);
-    if (budgetUsdMatch?.[1])
-        monthlyBudgetUsd = parseNumber(budgetUsdMatch[1]);
-    const allocatedMatch = pageText.match(/Budget\s*Allocated[:\s]*([\d,]+)\s*PIV/i);
-    if (allocatedMatch?.[1])
-        budgetAllocatedPiv = parseNumber(allocatedMatch[1]);
-    const allocatedUsdMatch = pageText.match(/Budget\s*Allocated[^$]*US?\$([\d,.]+)/i);
-    if (allocatedUsdMatch?.[1])
-        budgetAllocatedUsd = parseNumber(allocatedUsdMatch[1]);
-    const mnMatch = pageText.match(/([\d,]+)\s*masternodes?\s*online/i);
-    if (mnMatch?.[1])
-        masternodeCount = parseNumber(mnMatch[1]);
-    const thresholdMatch = pageText.match(/Positive\s*votes\s*required[^:]*:\s*(\d+)/i);
-    if (thresholdMatch?.[1])
-        passingThreshold = parseInt(thresholdMatch[1], 10);
-    const proposals = [];
-    const seenHashes = new Set();
-    $("table#js_table tbody tr[data-hash]").each((_i, el) => {
-        const $row = $(el);
-        const hash = $row.attr("data-hash") || "";
-        if (!hash || seenHashes.has(hash))
-            return;
-        seenHashes.add(hash);
-        const name = ($row.attr("data-title") || "").trim();
-        if (!name)
-            return;
-        const cells = $row.find("td");
-        if (cells.length < 5)
-            return;
-        const statusCell = $(cells[0]);
-        const statusText = statusCell.text();
-        const isPassing = /passing/i.test(statusText);
-        const funded = /funded/i.test(statusText);
-        let netYesPercent = 0;
-        const netYesMatch = statusText.match(/([-\d.]+)%/);
-        if (netYesMatch?.[1])
-            netYesPercent = parseFloat(netYesMatch[1]);
-        const nameCell = $(cells[1]);
-        const link = nameCell.find("a").first();
-        const url = link.attr("href") || "";
-        const paymentCell = $(cells[2]);
-        const monthlyPaymentPiv = parseNumber(paymentCell.attr("data-piv") || paymentCell.attr("data-order") || "0");
-        const budgetPercent = parseFloat(paymentCell.attr("data-percent") || "0");
-        let monthlyPaymentUsd = 0;
-        const usdSpan = paymentCell.find(".curr-prefix").parent();
-        if (usdSpan.length) {
-            const usdText = usdSpan.text();
-            const usdMatch = usdText.match(/US?\$\s*([\d,]+(?:\.\d+)?)/i);
-            if (usdMatch?.[1])
-                monthlyPaymentUsd = parseNumber(usdMatch[1]);
-        }
-        let installmentsRemaining = 1;
-        const longLine = paymentCell.find(".long-line");
-        if (longLine.length) {
-            const installB = longLine.find("b").first();
-            if (installB.length) {
-                const n = parseInt(installB.text().trim(), 10);
-                if (!isNaN(n))
-                    installmentsRemaining = n;
-            }
-        }
-        let totalPaymentPiv = monthlyPaymentPiv;
-        if (longLine.length) {
-            const totalB = longLine.find("b").last();
-            if (totalB.length) {
-                const totalText = totalB.text();
-                const totalMatch = totalText.match(/([\d,]+(?:\.\d+)?)\s*PIV/i);
-                if (totalMatch?.[1])
-                    totalPaymentPiv = parseNumber(totalMatch[1]);
-            }
-        }
-        const voteCell = $(cells[4]);
-        const voteText = voteCell.text();
-        let yesVotes = 0;
-        let noVotes = 0;
-        const voteMatch = voteText.match(/(\d+)\s*\/\s*(\d+)/);
-        if (voteMatch?.[1] && voteMatch[2]) {
-            yesVotes = parseInt(voteMatch[1], 10);
-            noVotes = parseInt(voteMatch[2], 10);
-        }
-        proposals.push({
-            name,
-            url,
-            status: isPassing ? "passing" : "failing",
-            funded,
-            netYesPercent,
-            yesVotes,
-            noVotes,
-            monthlyPaymentPiv,
-            monthlyPaymentUsd,
-            totalPaymentPiv,
-            installmentsRemaining,
-            totalInstallments: installmentsRemaining,
-            budgetPercent,
-        });
-    });
-    return {
-        proposals,
-        budgetSummary: {
-            monthlyBudgetPiv,
-            monthlyBudgetUsd,
-            budgetAllocatedPiv,
-            budgetAllocatedUsd,
-            masternodeCount,
-            passingThreshold,
-        },
-    };
-}
-export async function fetchPivxGovernance() {
-    if (cachedData && Date.now() - cacheTimestamp < CACHE_TTL_MS) {
-        return { ...cachedData, cacheHit: true };
-    }
-    const [scrapeResult, networkStats] = await Promise.allSettled([
-        scrapePivxProposals(),
-        fetchNetworkStats(),
-    ]);
-    const scraped = scrapeResult.status === "fulfilled" ? scrapeResult.value : null;
-    const chainzStats = networkStats.status === "fulfilled" ? networkStats.value : {};
-    if (!scraped) {
-        throw new Error(`Failed to fetch PIVX governance data: ${scrapeResult.status === "rejected" ? scrapeResult.reason : "unknown"}`);
-    }
-    const budgetAllocatedPercent = scraped.budgetSummary.monthlyBudgetPiv > 0
-        ? Math.round((scraped.budgetSummary.budgetAllocatedPiv /
-            scraped.budgetSummary.monthlyBudgetPiv) *
-            10000) / 100
-        : 0;
-    const network = {
-        masternodeCount: scraped.budgetSummary.masternodeCount ||
-            chainzStats.masternodeCount ||
-            0,
-        passingThreshold: scraped.budgetSummary.passingThreshold ||
-            chainzStats.passingThreshold ||
-            0,
-        monthlyBudgetPiv: scraped.budgetSummary.monthlyBudgetPiv,
-        monthlyBudgetUsd: scraped.budgetSummary.monthlyBudgetUsd,
-        budgetAllocatedPiv: scraped.budgetSummary.budgetAllocatedPiv,
-        budgetAllocatedUsd: scraped.budgetSummary.budgetAllocatedUsd,
-        budgetAllocatedPercent,
-        blockHeight: chainzStats.blockHeight || 0,
-        totalSupply: chainzStats.totalSupply || 0,
-        circulatingSupply: chainzStats.circulatingSupply || 0,
-    };
-    const unallocatedPivPerCycle = network.monthlyBudgetPiv - network.budgetAllocatedPiv;
-    const annualUnallocatedPiv = unallocatedPivPerCycle * 12;
-    const data = {
-        proposals: scraped.proposals,
-        network,
-        deflation: {
-            unallocatedPivPerCycle,
-            unallocatedPercent: 100 - budgetAllocatedPercent,
-            annualUnallocatedPiv,
-            proposalFeeBurnPiv: 50,
-            effectiveInflationReduction: network.totalSupply > 0
-                ? `${((annualUnallocatedPiv / network.totalSupply) * 100).toFixed(3)}%`
-                : "N/A",
-        },
-        timestamp: new Date().toISOString(),
-        source: "pivx.org/proposals + chainz.cryptoid.info",
-        cacheHit: false,
-    };
-    cachedData = data;
-    cacheTimestamp = Date.now();
-    return data;
-}