nebula-ai-plugin-onchain 0.1.0

package/src/policy.ts

@@ -0,0 +1,213 @@
+/**
+ * Deterministic on-chain policy engine — Nebula's "verifiable autonomy" core.
+ *
+ * The project rule (CLAUDE.md): the AI is advisory; fund controls are enforced
+ * in deterministic code, NOT by the model. Every write is checked here BEFORE
+ * it is simulated/broadcast. The verdict is a pure function of (action, policy)
+ * — no network, no model — so it is fully unit-testable and auditable.
+ *
+ * Order of the write pipeline: policy → simulate → (approval) → execute → receipt.
+ */
+
+/** Address normalization for case-insensitive comparison. */
+const lc = (a: string): string => a.toLowerCase()
+
+export interface OnchainPolicy {
+  /** Reject every write (read-only treasury). */
+  readOnly?: boolean
+  /** Hard cap on native MNT per tx, in wei. */
+  maxNativeWeiPerTx?: bigint
+  /** Per-token hard cap in raw units, keyed by lowercased token address. */
+  maxTokenRawPerTx?: Record<string, bigint>
+  /** If set, only these token addresses (lowercased) may be moved/swapped. 'native' allowed by default. */
+  tokenAllowlist?: string[]
+  /** If set, transfers may only go to these recipient addresses. */
+  recipientAllowlist?: string[]
+  /** Max swap slippage tolerance, in basis points. */
+  maxSlippageBps?: number
+  /**
+   * Autonomy tier:
+   *  - 'auto'     execute within caps without asking
+   *  - 'confirm'  every write needs human approval
+   *  - 'readonly' alias for readOnly=true
+   * A native send above `autoMaxNativeWeiPerTx` always escalates to approval.
+   */
+  autonomy?: 'auto' | 'confirm' | 'readonly'
+  /** Native amount (wei) at/under which 'auto' tier executes without approval. */
+  autoMaxNativeWeiPerTx?: bigint
+}
+
+export interface PolicyAction {
+  kind: 'transfer' | 'swap'
+  /** 'native' or a token contract address. For a swap: the INPUT asset. */
+  asset: 'native' | string
+  /** Amount in raw units (wei for native). */
+  amountRaw: bigint
+  /** Recipient (transfers only). */
+  to?: string
+  /** Swap OUTPUT asset ('native' or token address) — checked against the token allowlist. */
+  toAsset?: 'native' | string
+  /** Swap slippage tolerance in bps. */
+  slippageBps?: number
+}
+
+export interface PolicyVerdict {
+  /** Hard policy violations — if non-empty the action is BLOCKED. */
+  violations: string[]
+  /** True when the action is permitted to proceed (no violations). */
+  allowed: boolean
+  /** True when a permitted action still needs human approval before execution. */
+  requiresApproval: boolean
+}
+
+/**
+ * Evaluate a proposed on-chain action against the policy. Pure + deterministic.
+ */
+export function evaluatePolicy(action: PolicyAction, policy: OnchainPolicy): PolicyVerdict {
+  const violations: string[] = []
+  const readOnly = policy.readOnly || policy.autonomy === 'readonly'
+  if (readOnly) violations.push('policy is read-only: all writes are blocked')
+
+  const isNative = action.asset === 'native'
+  const asset = isNative ? 'native' : lc(action.asset)
+
+  // Token allowlist (native is always permitted unless 'native' is excluded).
+  // Checks the input asset AND, for swaps, the OUTPUT asset — otherwise the
+  // agent could swap an allowed token INTO an arbitrary one, defeating the list.
+  if (policy.tokenAllowlist) {
+    const allowed = policy.tokenAllowlist.map(lc)
+    if (!isNative && !allowed.includes(asset)) {
+      violations.push(`token ${action.asset} is not in the token allowlist`)
+    }
+    if (
+      action.kind === 'swap' &&
+      action.toAsset !== undefined &&
+      action.toAsset !== 'native' &&
+      !allowed.includes(lc(action.toAsset))
+    ) {
+      violations.push(`swap output token ${action.toAsset} is not in the token allowlist`)
+    }
+  }
+
+  // Recipient allowlist (transfers).
+  if (policy.recipientAllowlist && action.to) {
+    const allowed = policy.recipientAllowlist.map(lc)
+    if (!allowed.includes(lc(action.to))) {
+      violations.push(`recipient ${action.to} is not in the recipient allowlist`)
+    }
+  }
+
+  // Per-tx amount caps.
+  if (
+    isNative &&
+    policy.maxNativeWeiPerTx !== undefined &&
+    action.amountRaw > policy.maxNativeWeiPerTx
+  ) {
+    violations.push(
+      `native amount ${action.amountRaw} wei exceeds per-tx cap ${policy.maxNativeWeiPerTx} wei`,
+    )
+  }
+  if (!isNative && policy.maxTokenRawPerTx) {
+    const cap = policy.maxTokenRawPerTx[asset]
+    if (cap !== undefined && action.amountRaw > cap) {
+      violations.push(`amount ${action.amountRaw} exceeds per-tx cap ${cap} for token ${asset}`)
+    }
+  }
+
+  // Slippage cap (swaps).
+  if (
+    action.slippageBps !== undefined &&
+    policy.maxSlippageBps !== undefined &&
+    action.slippageBps > policy.maxSlippageBps
+  ) {
+    violations.push(`slippage ${action.slippageBps} bps exceeds max ${policy.maxSlippageBps} bps`)
+  }
+
+  const allowed = violations.length === 0
+
+  // Approval gate: 'confirm' tier always needs approval; 'auto' escalates only
+  // when a native send is above the auto ceiling (material risk).
+  let requiresApproval = false
+  if (allowed) {
+    if (policy.autonomy === 'confirm') {
+      requiresApproval = true
+    } else if (
+      isNative &&
+      policy.autoMaxNativeWeiPerTx !== undefined &&
+      action.amountRaw > policy.autoMaxNativeWeiPerTx
+    ) {
+      requiresApproval = true
+    }
+  }
+
+  return { violations, allowed, requiresApproval }
+}
+
+/**
+ * Build a policy from environment variables (operator opt-in). Returns
+ * undefined when no policy env is set (no enforcement, back-compat).
+ *   NEBULA_POLICY_READONLY=1
+ *   NEBULA_POLICY_MAX_NATIVE_MNT=1.5
+ *   NEBULA_POLICY_AUTO_MAX_NATIVE_MNT=0.1
+ *   NEBULA_POLICY_MAX_SLIPPAGE_BPS=100
+ *   NEBULA_POLICY_AUTONOMY=auto|confirm|readonly
+ *   NEBULA_POLICY_RECIPIENT_ALLOWLIST=0xabc...,0xdef...
+ *   NEBULA_POLICY_TOKEN_ALLOWLIST=0x...,0x...
+ */
+export function policyFromEnv(
+  env: Record<string, string | undefined> = process.env,
+): OnchainPolicy | undefined {
+  const toWei = (mnt?: string): bigint | undefined => {
+    if (!mnt) return undefined
+    const n = Number(mnt)
+    if (!Number.isFinite(n) || n < 0) return undefined
+    return BigInt(Math.round(n * 1e9)) * 1_000_000_000n // mnt -> wei, 9+9 to avoid float loss
+  }
+  const list = (s?: string): string[] | undefined =>
+    s
+      ? s
+          .split(',')
+          .map(x => x.trim())
+          .filter(Boolean)
+      : undefined
+
+  const policy: OnchainPolicy = {}
+  let any = false
+  if (env.NEBULA_POLICY_READONLY === '1') {
+    policy.readOnly = true
+    any = true
+  }
+  const maxNative = toWei(env.NEBULA_POLICY_MAX_NATIVE_MNT)
+  if (maxNative !== undefined) {
+    policy.maxNativeWeiPerTx = maxNative
+    any = true
+  }
+  const autoMax = toWei(env.NEBULA_POLICY_AUTO_MAX_NATIVE_MNT)
+  if (autoMax !== undefined) {
+    policy.autoMaxNativeWeiPerTx = autoMax
+    any = true
+  }
+  if (env.NEBULA_POLICY_MAX_SLIPPAGE_BPS) {
+    const bps = Number(env.NEBULA_POLICY_MAX_SLIPPAGE_BPS)
+    if (Number.isFinite(bps) && bps >= 0) {
+      policy.maxSlippageBps = bps
+      any = true
+    }
+  }
+  const autonomy = env.NEBULA_POLICY_AUTONOMY
+  if (autonomy === 'auto' || autonomy === 'confirm' || autonomy === 'readonly') {
+    policy.autonomy = autonomy
+    any = true
+  }
+  const recip = list(env.NEBULA_POLICY_RECIPIENT_ALLOWLIST)
+  if (recip) {
+    policy.recipientAllowlist = recip
+    any = true
+  }
+  const toks = list(env.NEBULA_POLICY_TOKEN_ALLOWLIST)
+  if (toks) {
+    policy.tokenAllowlist = toks
+    any = true
+  }
+  return any ? policy : undefined
+}

package/src/quoter.ts

@@ -0,0 +1,87 @@
+/**
+ * AGNI 3-tier quote scan via Factory.getPool + Quoter V1.
+ *
+ * Critical gotcha (verified May 1 2026 cast probes): AGNI Quoter is V1 (5
+ * flat args), NOT V2 (single struct). V2 ABI silently mis-encodes and the
+ * call reverts. Pinned via the vendored testnet artifact whose bytecode is
+ * equivalent to mainnet.
+ */
+
+import { type Address, type PublicClient, decodeFunctionResult, encodeFunctionData } from 'viem'
+import { FACTORY_ABI, MULTICALL3_ABI, QUOTER_ABI } from './abis'
+import { AGNI_BY_NETWORK, FEE_TIERS, type FeeTier, MULTICALL3, requireMainnet } from './constants'
+
+const ZERO_ADDRESS = '0x0000000000000000000000000000000000000000' as Address
+
+export interface QuoteResult {
+  fee: FeeTier
+  amountOut: bigint
+  pool: Address
+}
+
+/**
+ * Iterate the 3 fee tiers, batch-call factory.getPool via multicall3.
+ * For non-zero pools, call quoter.quoteExactInputSingle one at a time
+ * (the quoter's revert behavior on zero-liquidity pools makes batching
+ * unsafe — a single missing quote would tank the whole multicall).
+ *
+ * Returns the tier with the highest amountOut, or null if no AGNI pool exists
+ * across any tier.
+ */
+export async function quoteAcrossTiers(opts: {
+  client: PublicClient
+  network: 'mantle-mainnet'
+  tokenIn: Address
+  tokenOut: Address
+  amountIn: bigint
+}): Promise<QuoteResult | null> {
+  const { client, network, tokenIn, tokenOut, amountIn } = opts
+  requireMainnet(network)
+  const agni = AGNI_BY_NETWORK[network]!
+  // Step 1: batch-fetch all 3 pool addresses
+  const poolCalls = FEE_TIERS.map(fee => ({
+    target: agni.factory,
+    allowFailure: false,
+    callData: encodeFunctionData({
+      abi: FACTORY_ABI,
+      functionName: 'getPool',
+      args: [tokenIn, tokenOut, fee],
+    }),
+  }))
+  const poolResults = (await client.readContract({
+    address: MULTICALL3,
+    abi: MULTICALL3_ABI,
+    functionName: 'aggregate3',
+    args: [poolCalls],
+  })) as ReadonlyArray<{ success: boolean; returnData: `0x${string}` }>
+  const pools = FEE_TIERS.map((fee, i) => {
+    const r = poolResults[i]
+    if (!r?.success) return { fee, pool: ZERO_ADDRESS }
+    const addr = decodeFunctionResult({
+      abi: FACTORY_ABI,
+      functionName: 'getPool',
+      data: r.returnData,
+    }) as Address
+    return { fee, pool: addr }
+  }).filter(p => p.pool.toLowerCase() !== ZERO_ADDRESS.toLowerCase())
+  if (pools.length === 0) return null
+  // Step 2: quote each non-zero pool sequentially
+  const candidates: QuoteResult[] = []
+  for (const p of pools) {
+    try {
+      const amountOut = (await client.readContract({
+        address: agni.quoter,
+        abi: QUOTER_ABI,
+        functionName: 'quoteExactInputSingle',
+        args: [tokenIn, tokenOut, p.fee, amountIn, 0n],
+      })) as bigint
+      if (amountOut > 0n) {
+        candidates.push({ fee: p.fee, amountOut, pool: p.pool })
+      }
+    } catch {
+      // pool exists but no liquidity at this size; skip
+    }
+  }
+  if (candidates.length === 0) return null
+  return candidates.reduce((best, c) => (c.amountOut > best.amountOut ? c : best))
+}

package/src/raw-logs.ts

@@ -0,0 +1,49 @@
+/**
+ * Raw `eth_getLogs` wrapper that bypasses viem's `getLogs` topic-stripping.
+ *
+ * viem v2's `getLogs({topics: [t0, null, t1]})` reorders/strips topic slots
+ * when no `event` parsed input is supplied, leaving the RPC with `topics:[]`
+ * (verified May 1 2026 against Mantle mainnet RPC). The Mantle RPC then rejects with
+ * "result set exceeds max limit of 10000 logs" because the broad query
+ * matches every Transfer on chain.
+ *
+ * This helper sends the JSON-RPC payload verbatim, preserving sparse topic
+ * filtering exactly as the user wrote it.
+ */
+
+import { type PublicClient, numberToHex } from 'viem'
+
+export interface RawLog {
+  address: `0x${string}`
+  blockNumber: `0x${string}`
+  blockHash: `0x${string}`
+  transactionHash: `0x${string}`
+  transactionIndex: `0x${string}`
+  logIndex: `0x${string}`
+  data: `0x${string}`
+  topics: `0x${string}`[]
+}
+
+export interface RawLogsArgs {
+  client: PublicClient
+  address?: `0x${string}` | `0x${string}`[]
+  topics: Array<`0x${string}` | null | `0x${string}`[]>
+  fromBlock: bigint
+  toBlock: bigint
+}
+
+export async function rawGetLogs(args: RawLogsArgs): Promise<RawLog[]> {
+  const { client, address, topics, fromBlock, toBlock } = args
+  const params: Record<string, unknown> = {
+    topics,
+    fromBlock: numberToHex(fromBlock),
+    toBlock: numberToHex(toBlock),
+  }
+  if (address !== undefined) params.address = address
+  // biome-ignore lint/suspicious/noExplicitAny: viem PublicClient lacks .request in TS, but it exists
+  const result = await (client as any).request({
+    method: 'eth_getLogs',
+    params: [params],
+  })
+  return (result as RawLog[]) ?? []
+}

package/src/risk.ts

@@ -0,0 +1,79 @@
+/**
+ * Token risk assessment — the pre-trade "is this safe to hold or swap into?"
+ * read a treasury manager wants before touching an asset.
+ *
+ * The verdict is a PURE function of signals the tool gathers (tradeability
+ * across venues, liquidity depth, restricted-RWA flag), so the risk rubric is
+ * fully unit-testable; the tool layer fetches the signals.
+ */
+
+export interface TokenRiskInputs {
+  /** False when the symbol/address could not be resolved to a real token. */
+  resolved: boolean
+  symbol: string
+  /** CLAUDE.md restricted product (USDY/MI4/mUSD) — needs eligibility. */
+  restricted: boolean
+  /** Human venue labels that returned a live quote (can exit there). */
+  tradeableVenues: string[]
+  /** Largest DeFiLlama pool TVL the token appears in, or null if none. */
+  maxPoolTvlUsd: number | null
+  /** True when the address has contract code (not an EOA / typo). */
+  isContract: boolean
+}
+
+export type RiskLevel = 'low' | 'elevated' | 'high'
+
+export interface TokenRiskVerdict {
+  level: RiskLevel
+  /** Plain-language reasons behind the level (ordered most → least severe). */
+  reasons: string[]
+  tradeable: boolean
+}
+
+const THIN_LIQUIDITY_USD = 50_000
+
+/** Compose a risk verdict from the gathered signals. Pure + deterministic. */
+export function assessTokenRisk(i: TokenRiskInputs): TokenRiskVerdict {
+  const reasons: string[] = []
+  const tradeable = i.tradeableVenues.length > 0
+
+  if (!i.resolved) {
+    return {
+      level: 'high',
+      reasons: ['could not resolve this token (unknown symbol/address) — do not trade'],
+      tradeable: false,
+    }
+  }
+  if (!i.isContract) {
+    reasons.push('address has no contract code (likely a typo or non-token) — do not trade')
+  }
+  if (!tradeable) {
+    reasons.push('no swap route on Agni or Merchant Moe — you could not exit this position')
+  }
+  if (i.restricted) {
+    reasons.push(
+      `${i.symbol} is a restricted product (RWA) — confirm eligibility before entering; do not auto-trade`,
+    )
+  }
+  if (i.maxPoolTvlUsd !== null && i.maxPoolTvlUsd < THIN_LIQUIDITY_USD) {
+    reasons.push(
+      `thin on-chain liquidity (max pool TVL ~$${Math.round(i.maxPoolTvlUsd).toLocaleString()}) — expect slippage and exit risk`,
+    )
+  }
+  if (tradeable && i.tradeableVenues.length === 1) {
+    reasons.push(`only one venue (${i.tradeableVenues[0]}) quotes it — concentrated liquidity`)
+  }
+
+  // Level: hard blockers → high; soft concerns → elevated; clean → low.
+  let level: RiskLevel
+  if (!i.isContract || !tradeable) {
+    level = 'high'
+  } else if (i.restricted || (i.maxPoolTvlUsd !== null && i.maxPoolTvlUsd < THIN_LIQUIDITY_USD)) {
+    level = 'elevated'
+  } else {
+    level = 'low'
+    reasons.push('tradeable and reasonably liquid')
+  }
+
+  return { level, reasons, tradeable }
+}

package/src/simulate.ts

@@ -0,0 +1,121 @@
+/**
+ * Simulate-before-write guard.
+ *
+ * Nebula's core safety rule (project thesis): every state-changing transaction
+ * is dry-run against the live chain BEFORE it is broadcast, so reverts and
+ * insufficient-funds are caught pre-flight and surfaced to the operator instead
+ * of burning gas on a doomed tx. Read-only — no transaction is sent here.
+ */
+
+import {
+  type Abi,
+  type Address,
+  BaseError,
+  ContractFunctionRevertedError,
+  type PublicClient,
+} from 'viem'
+
+export interface SimOk {
+  ok: true
+  /** Estimated gas for the (validated) transaction. */
+  gas: bigint
+}
+export interface SimFail {
+  ok: false
+  /** Decoded revert reason or node error (truncated). */
+  reason: string
+}
+export type SimResult = SimOk | SimFail
+
+/** Pull a human revert reason out of a viem error chain. */
+function extractRevert(e: unknown): string {
+  if (e instanceof BaseError) {
+    const reverted = e.walk(err => err instanceof ContractFunctionRevertedError)
+    if (reverted instanceof ContractFunctionRevertedError) {
+      return reverted.reason ?? reverted.shortMessage ?? 'reverted'
+    }
+    return e.shortMessage ?? e.message.slice(0, 200)
+  }
+  return (e as Error)?.message?.slice(0, 200) ?? 'unknown simulation error'
+}
+
+/**
+ * Dry-run a native-value send. `estimateGas` both validates the call and
+ * catches insufficient-funds (`gas * price + value > balance`).
+ */
+export async function simulateNativeSend(
+  client: PublicClient,
+  args: { account: Address; to: Address; value: bigint },
+): Promise<SimResult> {
+  try {
+    const gas = await client.estimateGas({
+      account: args.account,
+      to: args.to,
+      value: args.value,
+    })
+    return { ok: true, gas }
+  } catch (e) {
+    return { ok: false, reason: extractRevert(e) }
+  }
+}
+
+/**
+ * Dry-run an arbitrary tx by raw calldata (e.g. a composed DEX multicall).
+ * `estimateGas` executes the call at the node, so reverts and funding
+ * shortfalls surface here without broadcasting.
+ */
+export async function simulateRawTx(
+  client: PublicClient,
+  args: { account: Address; to: Address; data?: `0x${string}`; value?: bigint },
+): Promise<SimResult> {
+  try {
+    const gas = await client.estimateGas({
+      account: args.account,
+      to: args.to,
+      ...(args.data !== undefined ? { data: args.data } : {}),
+      ...(args.value !== undefined ? { value: args.value } : {}),
+    })
+    return { ok: true, gas }
+  } catch (e) {
+    return { ok: false, reason: extractRevert(e) }
+  }
+}
+
+/**
+ * Dry-run a contract write (e.g. ERC-20 transfer, a DEX swap). `simulateContract`
+ * decodes custom-error/`require` reverts; `estimateContractGas` adds the gas
+ * figure and catches funding shortfalls.
+ */
+export async function simulateContractWrite(
+  client: PublicClient,
+  args: {
+    account: Address
+    address: Address
+    abi: Abi
+    functionName: string
+    args: readonly unknown[]
+    value?: bigint
+  },
+): Promise<SimResult> {
+  try {
+    await client.simulateContract({
+      account: args.account,
+      address: args.address,
+      abi: args.abi,
+      functionName: args.functionName,
+      args: args.args,
+      ...(args.value !== undefined ? { value: args.value } : {}),
+    })
+    const gas = await client.estimateContractGas({
+      account: args.account,
+      address: args.address,
+      abi: args.abi,
+      functionName: args.functionName,
+      args: args.args,
+      ...(args.value !== undefined ? { value: args.value } : {}),
+    })
+    return { ok: true, gas }
+  } catch (e) {
+    return { ok: false, reason: extractRevert(e) }
+  }
+}

package/src/swap.ts

@@ -0,0 +1,108 @@
+/**
+ * Swap calldata builder + multicall composer for AGNI.
+ *
+ * Three native-handling cases (verified live on mainnet May 1):
+ *   1. native IN  → multicall([exactInputSingle(tokenIn=WMNT, ...), refundETH()])
+ *      with msg.value=amountIn
+ *   2. native OUT → multicall([exactInputSingle(recipient=router, ...), unwrapWETH9(min, recipient)])
+ *   3. ERC-20 ↔ ERC-20 → direct exactInputSingle (recipient=agent)
+ *
+ * The router is the OLD SwapRouter (NOT SwapRouter02). Struct includes
+ * `deadline: uint256`. Vendored ABI in abis/swap-router.json.
+ */
+
+import { type Address, encodeFunctionData } from 'viem'
+import { SWAP_ROUTER_ABI } from './abis'
+
+export interface ExactInputSingleParams {
+  tokenIn: Address
+  tokenOut: Address
+  fee: number
+  recipient: Address
+  deadline: bigint
+  amountIn: bigint
+  amountOutMinimum: bigint
+  sqrtPriceLimitX96: bigint
+}
+
+export function encodeExactInputSingle(params: ExactInputSingleParams): `0x${string}` {
+  return encodeFunctionData({
+    abi: SWAP_ROUTER_ABI,
+    functionName: 'exactInputSingle',
+    args: [params],
+  })
+}
+
+export function encodeRefundETH(): `0x${string}` {
+  return encodeFunctionData({
+    abi: SWAP_ROUTER_ABI,
+    functionName: 'refundETH',
+    args: [],
+  })
+}
+
+export function encodeUnwrapWETH9(amountMin: bigint, recipient: Address): `0x${string}` {
+  return encodeFunctionData({
+    abi: SWAP_ROUTER_ABI,
+    functionName: 'unwrapWETH9',
+    args: [amountMin, recipient],
+  })
+}
+
+export interface ComposeArgs {
+  params: ExactInputSingleParams
+  nativeIn: boolean
+  nativeOut: boolean
+  router: Address
+}
+
+export interface ComposedCall {
+  to: Address
+  data: `0x${string}`
+  value: bigint
+}
+
+/**
+ * Produce the (to, data, value) for a single swap tx, handling native
+ * in/out via multicall composition.
+ */
+export function composeSwap({ params, nativeIn, nativeOut, router }: ComposeArgs): ComposedCall {
+  if (nativeIn && nativeOut) {
+    throw new Error('nativeIn AND nativeOut not supported (use chain.wrap/unwrap)')
+  }
+  if (nativeIn) {
+    const calls = [encodeExactInputSingle(params), encodeRefundETH()]
+    return {
+      to: router,
+      data: encodeFunctionData({
+        abi: SWAP_ROUTER_ABI,
+        functionName: 'multicall',
+        args: [calls],
+      }),
+      value: params.amountIn,
+    }
+  }
+  if (nativeOut) {
+    // Inner exactInputSingle's recipient must be the router so it holds WMNT
+    // for the unwrap step. Outer unwrap sends native to the agent.
+    const innerParams: ExactInputSingleParams = { ...params, recipient: router }
+    const calls = [
+      encodeExactInputSingle(innerParams),
+      encodeUnwrapWETH9(params.amountOutMinimum, params.recipient),
+    ]
+    return {
+      to: router,
+      data: encodeFunctionData({
+        abi: SWAP_ROUTER_ABI,
+        functionName: 'multicall',
+        args: [calls],
+      }),
+      value: 0n,
+    }
+  }
+  return {
+    to: router,
+    data: encodeExactInputSingle(params),
+    value: 0n,
+  }
+}