recon-crypto-mcp 0.1.0

package/dist/modules/positions/uniswap.js

@@ -0,0 +1,181 @@
+import { getAddress, keccak256, encodePacked } from "viem";
+import { getClient } from "../../data/rpc.js";
+import { CONTRACTS } from "../../config/contracts.js";
+import { uniswapPositionManagerAbi } from "../../abis/uniswap-position-manager.js";
+import { uniswapPoolAbi } from "../../abis/uniswap-pool.js";
+import { erc20Abi } from "../../abis/erc20.js";
+import { getTokenPrices } from "../../data/prices.js";
+import { round, makeTokenAmount } from "../../data/format.js";
+const POOL_INIT_CODE_HASH = "0xe34f199b19b2b4f47f68442619d555527d244f78a3297ea89325f843f87b8b54";
+/** Deterministically compute the Uniswap V3 pool address from (factory, token0, token1, fee). */
+export function computePoolAddress(factory, tokenA, tokenB, fee) {
+    const [token0, token1] = tokenA.toLowerCase() < tokenB.toLowerCase() ? [tokenA, tokenB] : [tokenB, tokenA];
+    const salt = keccak256(encodePacked(["address", "address", "uint24"], [token0, token1, fee]));
+    // CREATE2: address = keccak256(0xff ++ factory ++ salt ++ keccak256(init_code))[12:]
+    const packed = `0xff${factory.slice(2)}${salt.slice(2)}${POOL_INIT_CODE_HASH.slice(2)}`;
+    const hash = keccak256(packed);
+    return getAddress(`0x${hash.slice(26)}`);
+}
+/** 1.0001^tick — price of token1 per token0 in raw (not decimal-adjusted) terms. */
+function tickToPrice(tick) {
+    return Math.pow(1.0001, tick);
+}
+/**
+ * Compute amounts of token0 / token1 held in a concentrated-liquidity position
+ * given current sqrtPrice (Q96) and the tick bounds.
+ *
+ * Reference: https://blog.uniswap.org/uniswap-v3-math-primer
+ */
+function computeAmountsFromLiquidity(liquidity, sqrtPriceX96, tickLower, tickUpper, currentTick) {
+    const Q96 = 2n ** 96n;
+    const sqrtLower = BigInt(Math.floor(Math.sqrt(tickToPrice(tickLower)) * Number(Q96)));
+    const sqrtUpper = BigInt(Math.floor(Math.sqrt(tickToPrice(tickUpper)) * Number(Q96)));
+    const sqrtP = sqrtPriceX96;
+    let amount0 = 0n;
+    let amount1 = 0n;
+    if (currentTick < tickLower) {
+        amount0 = (liquidity * (sqrtUpper - sqrtLower) * Q96) / (sqrtUpper * sqrtLower);
+    }
+    else if (currentTick >= tickUpper) {
+        amount1 = (liquidity * (sqrtUpper - sqrtLower)) / Q96;
+    }
+    else {
+        amount0 = (liquidity * (sqrtUpper - sqrtP) * Q96) / (sqrtUpper * sqrtP);
+        amount1 = (liquidity * (sqrtP - sqrtLower)) / Q96;
+    }
+    return { amount0, amount1 };
+}
+export async function getUniswapPositions(wallet, chain) {
+    try {
+        return await readUniswapPositions(wallet, chain);
+    }
+    catch {
+        // Degrade to empty — same reasoning as Aave reader. LP breakdown is decorative; it
+        // shouldn't be able to sink the whole portfolio call on a transient RPC miss.
+        return [];
+    }
+}
+async function readUniswapPositions(wallet, chain) {
+    const client = getClient(chain);
+    const npm = CONTRACTS[chain].uniswap.positionManager;
+    const factory = CONTRACTS[chain].uniswap.factory;
+    const balance = (await client.readContract({
+        address: npm,
+        abi: uniswapPositionManagerAbi,
+        functionName: "balanceOf",
+        args: [wallet],
+    }));
+    const count = Number(balance);
+    if (count === 0)
+        return [];
+    // 1) Batch fetch all tokenIds
+    const idCalls = Array.from({ length: count }, (_, i) => ({
+        address: npm,
+        abi: uniswapPositionManagerAbi,
+        functionName: "tokenOfOwnerByIndex",
+        args: [wallet, BigInt(i)],
+    }));
+    const idResults = await client.multicall({ contracts: idCalls, allowFailure: true });
+    const tokenIds = idResults
+        .map((r) => (r.status === "success" ? r.result : null))
+        .filter((x) => x !== null);
+    // 2) Batch fetch position details
+    const posCalls = tokenIds.map((id) => ({
+        address: npm,
+        abi: uniswapPositionManagerAbi,
+        functionName: "positions",
+        args: [id],
+    }));
+    const posResults = await client.multicall({ contracts: posCalls, allowFailure: true });
+    const raw = [];
+    for (let i = 0; i < posResults.length; i++) {
+        const r = posResults[i];
+        if (r.status !== "success")
+            continue;
+        const tuple = r.result;
+        // positions() returns: nonce, operator, token0, token1, fee, tickLower, tickUpper, liquidity, fgi0, fgi1, owed0, owed1
+        const [, , token0, token1, fee, tickLower, tickUpper, liquidity, , , owed0, owed1] = tuple;
+        // Skip empty positions (closed / burned)
+        if (liquidity === 0n && owed0 === 0n && owed1 === 0n)
+            continue;
+        raw.push({
+            tokenId: tokenIds[i],
+            token0,
+            token1,
+            fee: Number(fee),
+            tickLower: Number(tickLower),
+            tickUpper: Number(tickUpper),
+            liquidity,
+            tokensOwed0: owed0,
+            tokensOwed1: owed1,
+        });
+    }
+    if (raw.length === 0)
+        return [];
+    // 3) For each position, resolve pool address and fetch slot0 + token metadata
+    const poolAddrs = raw.map((p) => computePoolAddress(factory, p.token0, p.token1, p.fee));
+    const slot0Calls = poolAddrs.map((p) => ({
+        address: p,
+        abi: uniswapPoolAbi,
+        functionName: "slot0",
+    }));
+    // We also want decimals + symbol for both tokens.
+    const tokenMetaCalls = raw.flatMap((p) => [
+        { address: p.token0, abi: erc20Abi, functionName: "decimals" },
+        { address: p.token0, abi: erc20Abi, functionName: "symbol" },
+        { address: p.token1, abi: erc20Abi, functionName: "decimals" },
+        { address: p.token1, abi: erc20Abi, functionName: "symbol" },
+    ]);
+    const [slot0Results, metaResults] = await Promise.all([
+        client.multicall({ contracts: slot0Calls, allowFailure: true }),
+        client.multicall({ contracts: tokenMetaCalls, allowFailure: true }),
+    ]);
+    // 4) Batch price fetch for every token involved
+    const uniqueTokens = new Set();
+    raw.forEach((p) => {
+        uniqueTokens.add(p.token0.toLowerCase());
+        uniqueTokens.add(p.token1.toLowerCase());
+    });
+    const prices = await getTokenPrices([...uniqueTokens].map((addr) => ({ chain, address: addr })));
+    const positions = [];
+    for (let i = 0; i < raw.length; i++) {
+        const p = raw[i];
+        const slotRes = slot0Results[i];
+        if (slotRes.status !== "success")
+            continue;
+        const slot0 = slotRes.result;
+        const sqrtPriceX96 = slot0[0];
+        const currentTick = Number(slot0[1]);
+        const dec0 = Number(metaResults[i * 4]?.status === "success" ? metaResults[i * 4].result : 18);
+        const sym0 = metaResults[i * 4 + 1]?.status === "success" ? metaResults[i * 4 + 1].result : "?";
+        const dec1 = Number(metaResults[i * 4 + 2]?.status === "success" ? metaResults[i * 4 + 2].result : 18);
+        const sym1 = metaResults[i * 4 + 3]?.status === "success" ? metaResults[i * 4 + 3].result : "?";
+        const { amount0, amount1 } = computeAmountsFromLiquidity(p.liquidity, sqrtPriceX96, p.tickLower, p.tickUpper, currentTick);
+        const price0 = prices.get(`${chain}:${p.token0.toLowerCase()}`);
+        const price1 = prices.get(`${chain}:${p.token1.toLowerCase()}`);
+        const token0 = makeTokenAmount(chain, p.token0, amount0, dec0, sym0, price0);
+        const token1 = makeTokenAmount(chain, p.token1, amount1, dec1, sym1, price1);
+        const totalValueUsd = round((token0.valueUsd ?? 0) + (token1.valueUsd ?? 0), 2);
+        const fees0 = makeTokenAmount(chain, p.token0, p.tokensOwed0, dec0, sym0, price0);
+        const fees1 = makeTokenAmount(chain, p.token1, p.tokensOwed1, dec1, sym1, price1);
+        positions.push({
+            protocol: "uniswap-v3",
+            chain,
+            tokenId: p.tokenId.toString(),
+            token0,
+            token1,
+            feeTier: p.fee,
+            tickLower: p.tickLower,
+            tickUpper: p.tickUpper,
+            currentTick,
+            inRange: p.tickLower <= currentTick && currentTick < p.tickUpper,
+            liquidity: p.liquidity.toString(),
+            tokensOwedCached0: fees0,
+            tokensOwedCached1: fees1,
+            totalValueUsd,
+            valueUsdIsApproximate: true,
+        });
+    }
+    return positions;
+}
+//# sourceMappingURL=uniswap.js.map

package/dist/modules/positions/uniswap.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"uniswap.js","sourceRoot":"","sources":["../../../src/modules/positions/uniswap.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAsB,SAAS,EAAE,YAAY,EAAe,MAAM,MAAM,CAAC;AAC5F,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AACtD,OAAO,EAAE,yBAAyB,EAAE,MAAM,wCAAwC,CAAC;AACnF,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAC/C,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,KAAK,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAG9D,MAAM,mBAAmB,GAAG,oEAAoE,CAAC;AAEjG,iGAAiG;AACjG,MAAM,UAAU,kBAAkB,CAChC,OAAsB,EACtB,MAAqB,EACrB,MAAqB,EACrB,GAAW;IAEX,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GACpB,MAAM,CAAC,WAAW,EAAE,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACpF,MAAM,IAAI,GAAG,SAAS,CACpB,YAAY,CAAC,CAAC,SAAS,EAAE,SAAS,EAAE,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC,CACtE,CAAC;IACF,qFAAqF;IACrF,MAAM,MAAM,GAAG,OAAO,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC,CAAC,EAAmB,CAAC;IACzG,MAAM,IAAI,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;IAC/B,OAAO,UAAU,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,CAAkB,CAAC;AAC5D,CAAC;AAED,oFAAoF;AACpF,SAAS,WAAW,CAAC,IAAY;IAC/B,OAAO,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;AAChC,CAAC;AAED;;;;;GAKG;AACH,SAAS,2BAA2B,CAClC,SAAiB,EACjB,YAAoB,EACpB,SAAiB,EACjB,SAAiB,EACjB,WAAmB;IAEnB,MAAM,GAAG,GAAG,EAAE,IAAI,GAAG,CAAC;IACtB,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IACtF,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IACtF,MAAM,KAAK,GAAG,YAAY,CAAC;IAE3B,IAAI,OAAO,GAAG,EAAE,CAAC;IACjB,IAAI,OAAO,GAAG,EAAE,CAAC;IAEjB,IAAI,WAAW,GAAG,SAAS,EAAE,CAAC;QAC5B,OAAO,GAAG,CAAC,SAAS,GAAG,CAAC,SAAS,GAAG,SAAS,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,SAAS,GAAG,SAAS,CAAC,CAAC;IAClF,CAAC;SAAM,IAAI,WAAW,IAAI,SAAS,EAAE,CAAC;QACpC,OAAO,GAAG,CAAC,SAAS,GAAG,CAAC,SAAS,GAAG,SAAS,CAAC,CAAC,GAAG,GAAG,CAAC;IACxD,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,CAAC,SAAS,GAAG,CAAC,SAAS,GAAG,KAAK,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,SAAS,GAAG,KAAK,CAAC,CAAC;QACxE,OAAO,GAAG,CAAC,SAAS,GAAG,CAAC,KAAK,GAAG,SAAS,CAAC,CAAC,GAAG,GAAG,CAAC;IACpD,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;AAC9B,CAAC;AAqBD,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,MAAqB,EACrB,KAAqB;IAErB,IAAI,CAAC;QACH,OAAO,MAAM,oBAAoB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IACnD,CAAC;IAAC,MAAM,CAAC;QACP,mFAAmF;QACnF,8EAA8E;QAC9E,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB,CACjC,MAAqB,EACrB,KAAqB;IAErB,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAChC,MAAM,GAAG,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,eAAgC,CAAC;IACtE,MAAM,OAAO,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,OAAwB,CAAC;IAElE,MAAM,OAAO,GAAG,CAAC,MAAM,MAAM,CAAC,YAAY,CAAC;QACzC,OAAO,EAAE,GAAG;QACZ,GAAG,EAAE,yBAAyB;QAC9B,YAAY,EAAE,WAAW;QACzB,IAAI,EAAE,CAAC,MAAM,CAAC;KACf,CAAC,CAAW,CAAC;IAEd,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC;IAC9B,IAAI,KAAK,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAE3B,8BAA8B;IAC9B,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;QACvD,OAAO,EAAE,GAAG;QACZ,GAAG,EAAE,yBAAyB;QAC9B,YAAY,EAAE,qBAA8B;QAC5C,IAAI,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,CAAU;KACnC,CAAC,CAAC,CAAC;IACJ,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC;IACrF,MAAM,QAAQ,GAAG,SAAS;SACvB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAE,CAAC,CAAC,MAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;SAClE,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC;IAE1C,kCAAkC;IAClC,MAAM,QAAQ,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QACrC,OAAO,EAAE,GAAG;QACZ,GAAG,EAAE,yBAAyB;QAC9B,YAAY,EAAE,WAAoB;QAClC,IAAI,EAAE,CAAC,EAAE,CAAU;KACpB,CAAC,CAAC,CAAC;IACJ,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC;IAEvF,MAAM,GAAG,GAAkB,EAAE,CAAC;IAC9B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3C,MAAM,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;QACxB,IAAI,CAAC,CAAC,MAAM,KAAK,SAAS;YAAE,SAAS;QACrC,MAAM,KAAK,GAAG,CAAC,CAAC,MAAwI,CAAC;QACzJ,uHAAuH;QACvH,MAAM,CAAC,EAAE,AAAD,EAAG,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,AAAD,EAAG,AAAD,EAAG,KAAK,EAAE,KAAK,CAAC,GAAG,KAAK,CAAC;QAC3F,yCAAyC;QACzC,IAAI,SAAS,KAAK,EAAE,IAAI,KAAK,KAAK,EAAE,IAAI,KAAK,KAAK,EAAE;YAAE,SAAS;QAC/D,GAAG,CAAC,IAAI,CAAC;YACP,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;YACpB,MAAM;YACN,MAAM;YACN,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC;YAChB,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC;YAC5B,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC;YAC5B,SAAS;YACT,WAAW,EAAE,KAAK;YAClB,WAAW,EAAE,KAAK;SACnB,CAAC,CAAC;IACL,CAAC;IAED,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAEhC,8EAA8E;IAC9E,MAAM,SAAS,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACzF,MAAM,UAAU,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACvC,OAAO,EAAE,CAAC;QACV,GAAG,EAAE,cAAc;QACnB,YAAY,EAAE,OAAgB;KAC/B,CAAC,CAAC,CAAC;IACJ,kDAAkD;IAClD,MAAM,cAAc,GAAG,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;QACxC,EAAE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,YAAY,EAAE,UAAmB,EAAE;QACvE,EAAE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,YAAY,EAAE,QAAiB,EAAE;QACrE,EAAE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,YAAY,EAAE,UAAmB,EAAE;QACvE,EAAE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,YAAY,EAAE,QAAiB,EAAE;KACtE,CAAC,CAAC;IAEH,MAAM,CAAC,YAAY,EAAE,WAAW,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QACpD,MAAM,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,UAAU,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;QAC/D,MAAM,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,cAAc,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC;KACpE,CAAC,CAAC;IAEH,gDAAgD;IAChD,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;IACvC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE;QAChB,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;QACzC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;IACH,MAAM,MAAM,GAAG,MAAM,cAAc,CACjC,CAAC,GAAG,YAAY,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,IAAqB,EAAE,CAAC,CAAC,CAC7E,CAAC;IAEF,MAAM,SAAS,GAAiB,EAAE,CAAC;IACnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;QACjB,MAAM,OAAO,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;QAChC,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS;YAAE,SAAS;QAC3C,MAAM,KAAK,GAAG,OAAO,CAAC,MAA4E,CAAC;QACnG,MAAM,YAAY,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAC9B,MAAM,WAAW,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAErC,MAAM,IAAI,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,KAAK,SAAS,CAAC,CAAC,CAAE,WAAW,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAiB,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAC3G,MAAM,IAAI,GAAG,WAAW,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,KAAK,SAAS,CAAC,CAAC,CAAE,WAAW,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,MAAiB,CAAC,CAAC,CAAC,GAAG,CAAC;QAC5G,MAAM,IAAI,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,KAAK,SAAS,CAAC,CAAC,CAAE,WAAW,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,MAAiB,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACnH,MAAM,IAAI,GAAG,WAAW,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,KAAK,SAAS,CAAC,CAAC,CAAE,WAAW,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,MAAiB,CAAC,CAAC,CAAC,GAAG,CAAC;QAE5G,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,2BAA2B,CACtD,CAAC,CAAC,SAAS,EACX,YAAY,EACZ,CAAC,CAAC,SAAS,EACX,CAAC,CAAC,SAAS,EACX,WAAW,CACZ,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QAChE,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QAEhE,MAAM,MAAM,GAAG,eAAe,CAAC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;QAC7E,MAAM,MAAM,GAAG,eAAe,CAAC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;QAC7E,MAAM,aAAa,GAAG,KAAK,CAAC,CAAC,MAAM,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAEhF,MAAM,KAAK,GAAG,eAAe,CAAC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;QAClF,MAAM,KAAK,GAAG,eAAe,CAAC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;QAElF,SAAS,CAAC,IAAI,CAAC;YACb,QAAQ,EAAE,YAAY;YACtB,KAAK;YACL,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE;YAC7B,MAAM;YACN,MAAM;YACN,OAAO,EAAE,CAAC,CAAC,GAAG;YACd,SAAS,EAAE,CAAC,CAAC,SAAS;YACtB,SAAS,EAAE,CAAC,CAAC,SAAS;YACtB,WAAW;YACX,OAAO,EAAE,CAAC,CAAC,SAAS,IAAI,WAAW,IAAI,WAAW,GAAG,CAAC,CAAC,SAAS;YAChE,SAAS,EAAE,CAAC,CAAC,SAAS,CAAC,QAAQ,EAAE;YACjC,iBAAiB,EAAE,KAAK;YACxB,iBAAiB,EAAE,KAAK;YACxB,aAAa;YACb,qBAAqB,EAAE,IAAI;SAC5B,CAAC,CAAC;IACL,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC"}

package/dist/modules/prices/index.d.ts

@@ -0,0 +1,19 @@
+import { z } from "zod";
+import { type SupportedChain } from "../../types/index.js";
+export declare const getTokenPriceInput: z.ZodObject<{
+    chain: z.ZodEnum<[string, ...string[]]>;
+    token: z.ZodUnion<[z.ZodLiteral<"native">, z.ZodString]>;
+}, "strip", z.ZodTypeAny, {
+    chain: string;
+    token: string;
+}, {
+    chain: string;
+    token: string;
+}>;
+export type GetTokenPriceArgs = z.infer<typeof getTokenPriceInput>;
+export declare function getTokenPriceTool(args: GetTokenPriceArgs): Promise<{
+    chain: SupportedChain;
+    token: `0x${string}` | "native";
+    priceUsd: number;
+    source: "defillama";
+}>;

package/dist/modules/prices/index.js

@@ -0,0 +1,22 @@
+import { z } from "zod";
+import { getTokenPrice } from "../../data/prices.js";
+import { SUPPORTED_CHAINS } from "../../types/index.js";
+const chainEnum = z.enum(SUPPORTED_CHAINS);
+const tokenSchema = z.union([
+    z.literal("native"),
+    z.string().regex(/^0x[a-fA-F0-9]{40}$/),
+]);
+export const getTokenPriceInput = z.object({
+    chain: chainEnum,
+    token: tokenSchema,
+});
+export async function getTokenPriceTool(args) {
+    const chain = args.chain;
+    const token = args.token;
+    const priceUsd = await getTokenPrice(chain, token);
+    if (priceUsd === undefined) {
+        throw new Error(`No DefiLlama price found for ${token} on ${chain}. The token may be unlisted, illiquid, or the address may be wrong.`);
+    }
+    return { chain, token, priceUsd, source: "defillama" };
+}
+//# sourceMappingURL=index.js.map

package/dist/modules/prices/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/modules/prices/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAuB,MAAM,sBAAsB,CAAC;AAE7E,MAAM,SAAS,GAAG,CAAC,CAAC,IAAI,CAAC,gBAAoD,CAAC,CAAC;AAC/E,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC;IAC1B,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;IACnB,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,qBAAqB,CAAC;CACxC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,CAAC,MAAM,CAAC;IACzC,KAAK,EAAE,SAAS;IAChB,KAAK,EAAE,WAAW;CACnB,CAAC,CAAC;AAIH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,IAAuB;IAC7D,MAAM,KAAK,GAAG,IAAI,CAAC,KAAuB,CAAC;IAC3C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAiC,CAAC;IACrD,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IACnD,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CACb,gCAAgC,KAAK,OAAO,KAAK,qEAAqE,CACvH,CAAC;IACJ,CAAC;IACD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAoB,EAAE,CAAC;AAClE,CAAC"}

package/dist/modules/security/index.d.ts

@@ -0,0 +1,26 @@
+import type { CheckContractSecurityArgs, CheckPermissionRisksArgs, GetProtocolRiskScoreArgs } from "./schemas.js";
+import type { SupportedChain } from "../../types/index.js";
+export declare function checkContractSecurityHandler(args: CheckContractSecurityArgs): Promise<import("../../types/index.js").SecurityReport>;
+export declare function checkPermissionRisksHandler(args: CheckPermissionRisksArgs): Promise<{
+    address: `0x${string}`;
+    chain: SupportedChain;
+    roles: import("../../types/index.js").PrivilegedRole[];
+    notes: string[];
+}>;
+export declare function getProtocolRiskScoreHandler(args: GetProtocolRiskScoreArgs): Promise<{
+    protocol: string;
+    score?: number;
+    breakdown: Record<string, {
+        value: number;
+        weight: number;
+        note: string;
+    }>;
+    raw: {
+        tvlUsd?: number;
+        tvlTrend30d?: number;
+        contractAgeDays?: number;
+        hasBugBounty: boolean;
+        bountyMaxUsd?: number;
+        auditsReported?: number;
+    };
+}>;

package/dist/modules/security/index.js

@@ -0,0 +1,13 @@
+import { checkContractSecurity } from "./verification.js";
+import { checkPermissionRisks } from "./permissions.js";
+import { getProtocolRiskScore } from "./risk-score.js";
+export async function checkContractSecurityHandler(args) {
+    return checkContractSecurity(args.address, args.chain);
+}
+export async function checkPermissionRisksHandler(args) {
+    return checkPermissionRisks(args.address, args.chain);
+}
+export async function getProtocolRiskScoreHandler(args) {
+    return getProtocolRiskScore(args.protocol);
+}
+//# sourceMappingURL=index.js.map

package/dist/modules/security/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/modules/security/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AACxD,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAQvD,MAAM,CAAC,KAAK,UAAU,4BAA4B,CAAC,IAA+B;IAChF,OAAO,qBAAqB,CAAC,IAAI,CAAC,OAAwB,EAAE,IAAI,CAAC,KAAuB,CAAC,CAAC;AAC5F,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAAC,IAA8B;IAC9E,OAAO,oBAAoB,CAAC,IAAI,CAAC,OAAwB,EAAE,IAAI,CAAC,KAAuB,CAAC,CAAC;AAC3F,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAAC,IAA8B;IAC9E,OAAO,oBAAoB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AAC7C,CAAC"}

package/dist/modules/security/permissions.d.ts

@@ -0,0 +1,8 @@
+import type { PrivilegedRole, SupportedChain } from "../../types/index.js";
+/** Enumerate privileged roles on a contract (best-effort given public ABIs). */
+export declare function checkPermissionRisks(address: `0x${string}`, chain: SupportedChain): Promise<{
+    address: `0x${string}`;
+    chain: SupportedChain;
+    roles: PrivilegedRole[];
+    notes: string[];
+}>;

package/dist/modules/security/permissions.js

@@ -0,0 +1,96 @@
+import { getAddress, zeroAddress } from "viem";
+import { getClient } from "../../data/rpc.js";
+import { getContractInfo } from "../../data/apis/etherscan.js";
+import { ownableAbi, gnosisSafeAbi, timelockAbi } from "../../abis/access-control.js";
+/**
+ * Detect whether `address` is a contract.
+ * For contracts, try to detect Gnosis Safe (isMultisig) and OZ TimelockController (hasTimelock).
+ */
+async function classifyHolder(chain, holder) {
+    const client = getClient(chain);
+    const code = await client.getCode({ address: holder });
+    const isContract = !!code && code !== "0x";
+    if (!isContract) {
+        return { isContract: false, isMultisig: false, hasTimelock: false };
+    }
+    // Gnosis Safe detection
+    let isMultisig = false;
+    try {
+        const threshold = (await client.readContract({
+            address: holder,
+            abi: gnosisSafeAbi,
+            functionName: "getThreshold",
+        }));
+        isMultisig = threshold > 0n;
+    }
+    catch {
+        // Not a Safe
+    }
+    // Timelock detection — try both getMinDelay() (OZ 4.x) and delay() (older).
+    let hasTimelock = false;
+    let timelockDelaySeconds;
+    try {
+        const delay = (await client.readContract({
+            address: holder,
+            abi: timelockAbi,
+            functionName: "getMinDelay",
+        }));
+        hasTimelock = true;
+        timelockDelaySeconds = Number(delay);
+    }
+    catch {
+        try {
+            const delay = (await client.readContract({
+                address: holder,
+                abi: timelockAbi,
+                functionName: "delay",
+            }));
+            hasTimelock = true;
+            timelockDelaySeconds = Number(delay);
+        }
+        catch {
+            // Not a timelock
+        }
+    }
+    return { isContract, isMultisig, hasTimelock, timelockDelaySeconds };
+}
+/** Enumerate privileged roles on a contract (best-effort given public ABIs). */
+export async function checkPermissionRisks(address, chain) {
+    const client = getClient(chain);
+    const info = await getContractInfo(address, chain);
+    const roles = [];
+    const notes = [];
+    if (!info.isVerified) {
+        notes.push("Contract is not verified on Etherscan — limited permission visibility.");
+    }
+    // 1) Ownable.owner()
+    try {
+        const owner = (await client.readContract({
+            address,
+            abi: ownableAbi,
+            functionName: "owner",
+        }));
+        if (owner && owner !== zeroAddress) {
+            const cls = await classifyHolder(chain, owner);
+            roles.push({ role: "owner", holder: getAddress(owner), ...cls });
+        }
+    }
+    catch {
+        // Not Ownable.
+    }
+    // 2) AccessControl — detect via ABI scan for hasRole function. If present, we can at least note it.
+    if (info.abi && Array.isArray(info.abi)) {
+        const hasRoleFn = info.abi.some((item) => typeof item === "object" && item !== null &&
+            item.type === "function" &&
+            item.name === "hasRole");
+        if (hasRoleFn) {
+            notes.push("Contract uses OpenZeppelin AccessControl. Role holders can only be enumerated with specific role hashes " +
+                "(e.g. DEFAULT_ADMIN_ROLE = 0x000...). Further enumeration not implemented in MVP.");
+        }
+    }
+    if (roles.length === 0 && notes.length === 0) {
+        notes.push("No standard Ownable or AccessControl pattern detected.");
+    }
+    return { address: getAddress(address), chain, roles, notes };
+}
+//# sourceMappingURL=permissions.js.map

package/dist/modules/security/permissions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"permissions.js","sourceRoot":"","sources":["../../../src/modules/security/permissions.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,MAAM,CAAC;AAC/C,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC/D,OAAO,EAAE,UAAU,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAGtF;;;GAGG;AACH,KAAK,UAAU,cAAc,CAC3B,KAAqB,EACrB,MAAqB;IAErB,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAChC,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;IACvD,MAAM,UAAU,GAAG,CAAC,CAAC,IAAI,IAAI,IAAI,KAAK,IAAI,CAAC;IAC3C,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,WAAW,EAAE,KAAK,EAAE,CAAC;IACtE,CAAC;IAED,wBAAwB;IACxB,IAAI,UAAU,GAAG,KAAK,CAAC;IACvB,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,CAAC,MAAM,MAAM,CAAC,YAAY,CAAC;YAC3C,OAAO,EAAE,MAAM;YACf,GAAG,EAAE,aAAa;YAClB,YAAY,EAAE,cAAc;SAC7B,CAAC,CAAW,CAAC;QACd,UAAU,GAAG,SAAS,GAAG,EAAE,CAAC;IAC9B,CAAC;IAAC,MAAM,CAAC;QACP,aAAa;IACf,CAAC;IAED,4EAA4E;IAC5E,IAAI,WAAW,GAAG,KAAK,CAAC;IACxB,IAAI,oBAAwC,CAAC;IAC7C,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,CAAC,MAAM,MAAM,CAAC,YAAY,CAAC;YACvC,OAAO,EAAE,MAAM;YACf,GAAG,EAAE,WAAW;YAChB,YAAY,EAAE,aAAa;SAC5B,CAAC,CAAW,CAAC;QACd,WAAW,GAAG,IAAI,CAAC;QACnB,oBAAoB,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IACvC,CAAC;IAAC,MAAM,CAAC;QACP,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,CAAC,MAAM,MAAM,CAAC,YAAY,CAAC;gBACvC,OAAO,EAAE,MAAM;gBACf,GAAG,EAAE,WAAW;gBAChB,YAAY,EAAE,OAAO;aACtB,CAAC,CAAW,CAAC;YACd,WAAW,GAAG,IAAI,CAAC;YACnB,oBAAoB,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;QACvC,CAAC;QAAC,MAAM,CAAC;YACP,iBAAiB;QACnB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,WAAW,EAAE,oBAAoB,EAAE,CAAC;AACvE,CAAC;AAED,gFAAgF;AAChF,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,OAAsB,EACtB,KAAqB;IAErB,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAChC,MAAM,IAAI,GAAG,MAAM,eAAe,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACnD,MAAM,KAAK,GAAqB,EAAE,CAAC;IACnC,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;QACrB,KAAK,CAAC,IAAI,CAAC,wEAAwE,CAAC,CAAC;IACvF,CAAC;IAED,qBAAqB;IACrB,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,CAAC,MAAM,MAAM,CAAC,YAAY,CAAC;YACvC,OAAO;YACP,GAAG,EAAE,UAAU;YACf,YAAY,EAAE,OAAO;SACtB,CAAC,CAAkB,CAAC;QACrB,IAAI,KAAK,IAAI,KAAK,KAAK,WAAW,EAAE,CAAC;YACnC,MAAM,GAAG,GAAG,MAAM,cAAc,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;YAC/C,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,UAAU,CAAC,KAAK,CAAkB,EAAE,GAAG,GAAG,EAAE,CAAC,CAAC;QACpF,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,eAAe;IACjB,CAAC;IAED,oGAAoG;IACpG,IAAI,IAAI,CAAC,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACxC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAC7B,CAAC,IAAI,EAAE,EAAE,CACP,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI;YACxC,IAAyC,CAAC,IAAI,KAAK,UAAU;YAC7D,IAA0B,CAAC,IAAI,KAAK,SAAS,CACjD,CAAC;QACF,IAAI,SAAS,EAAE,CAAC;YACd,KAAK,CAAC,IAAI,CACR,0GAA0G;gBACxG,mFAAmF,CACtF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7C,KAAK,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC;IACvE,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC,OAAO,CAAkB,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;AAChF,CAAC"}

package/dist/modules/security/risk-score.d.ts

@@ -0,0 +1,18 @@
+/** Compute a 0-100 risk score. Higher = safer. Returns undefined if we have no data. */
+export declare function getProtocolRiskScore(protocol: string): Promise<{
+    protocol: string;
+    score?: number;
+    breakdown: Record<string, {
+        value: number;
+        weight: number;
+        note: string;
+    }>;
+    raw: {
+        tvlUsd?: number;
+        tvlTrend30d?: number;
+        contractAgeDays?: number;
+        hasBugBounty: boolean;
+        bountyMaxUsd?: number;
+        auditsReported?: number;
+    };
+}>;

package/dist/modules/security/risk-score.js

@@ -0,0 +1,116 @@
+import { cache } from "../../data/cache.js";
+import { CACHE_TTL } from "../../config/cache.js";
+import { round } from "../../data/format.js";
+// Hardcoded Immunefi bounty data for MVP-covered protocols.
+// Source: Immunefi program pages (https://immunefi.com/explore/).
+const IMMUNEFI_BOUNTIES = {
+    aave: { program: "Aave", maxBountyUsd: 1_000_000 },
+    uniswap: { program: "Uniswap", maxBountyUsd: 15_500_000 }, // Uniswap has a leading program
+    lido: { program: "Lido", maxBountyUsd: 2_000_000 },
+    eigenlayer: { program: "EigenLayer", maxBountyUsd: 2_000_000 },
+};
+async function fetchLlamaProtocol(slug) {
+    const key = `risk:llama:${slug.toLowerCase()}`;
+    return cache.remember(key, CACHE_TTL.PROTOCOL_RISK, async () => {
+        try {
+            const res = await fetch(`https://api.llama.fi/protocol/${encodeURIComponent(slug)}`);
+            if (!res.ok)
+                return null;
+            return (await res.json());
+        }
+        catch {
+            return null;
+        }
+    });
+}
+/** Compute a 0-100 risk score. Higher = safer. Returns undefined if we have no data. */
+export async function getProtocolRiskScore(protocol) {
+    const slug = protocol.toLowerCase();
+    const data = await fetchLlamaProtocol(slug);
+    const raw = { hasBugBounty: false };
+    if (data) {
+        raw.tvlUsd = data.tvl ?? undefined;
+        if (data.tvlHistory && data.tvlHistory.length > 30) {
+            const now = data.tvlHistory[data.tvlHistory.length - 1]?.[1];
+            const then = data.tvlHistory[data.tvlHistory.length - 31]?.[1];
+            if (now && then)
+                raw.tvlTrend30d = round((now - then) / then, 4);
+        }
+        if (data.listedAt) {
+            raw.contractAgeDays = Math.floor((Date.now() / 1000 - data.listedAt) / 86400);
+        }
+        if (data.audit_links)
+            raw.auditsReported = data.audit_links.length;
+    }
+    const bounty = IMMUNEFI_BOUNTIES[slug];
+    if (bounty) {
+        raw.hasBugBounty = true;
+        raw.bountyMaxUsd = bounty.maxBountyUsd;
+    }
+    // Scoring:
+    //   TVL size      : up to 30 points (log scale, 30 @ $10B+)
+    //   TVL trend     : 10 points (positive or stable), penalty if -30%+
+    //   Contract age  : 20 points (10 @ 1 year, 20 @ 3 years)
+    //   Bug bounty    : 20 points if active
+    //   Audits        : 20 points (2 @ each, cap 20)
+    const breakdown = {};
+    let tvlPoints = 0;
+    if (raw.tvlUsd) {
+        tvlPoints = Math.min(30, Math.max(0, Math.log10(raw.tvlUsd / 1e6) * 10));
+    }
+    breakdown.tvl = {
+        value: round(tvlPoints, 2),
+        weight: 30,
+        note: raw.tvlUsd ? `TVL $${(raw.tvlUsd / 1e6).toFixed(1)}M` : "no TVL data",
+    };
+    let trendPoints = 0;
+    if (raw.tvlTrend30d !== undefined) {
+        if (raw.tvlTrend30d >= 0)
+            trendPoints = 10;
+        else if (raw.tvlTrend30d >= -0.3)
+            trendPoints = 5;
+        else
+            trendPoints = 0;
+    }
+    breakdown.tvlTrend = {
+        value: trendPoints,
+        weight: 10,
+        note: raw.tvlTrend30d !== undefined ? `30d change ${(raw.tvlTrend30d * 100).toFixed(1)}%` : "no trend data",
+    };
+    let agePoints = 0;
+    if (raw.contractAgeDays !== undefined) {
+        if (raw.contractAgeDays >= 1095)
+            agePoints = 20;
+        else if (raw.contractAgeDays >= 365)
+            agePoints = 10;
+        else
+            agePoints = 5;
+    }
+    breakdown.age = {
+        value: agePoints,
+        weight: 20,
+        note: raw.contractAgeDays !== undefined ? `listed ${raw.contractAgeDays}d ago` : "no listing date",
+    };
+    breakdown.bounty = {
+        value: raw.hasBugBounty ? 20 : 0,
+        weight: 20,
+        note: raw.hasBugBounty ? `Immunefi bounty up to $${(raw.bountyMaxUsd ?? 0).toLocaleString()}` : "no Immunefi bounty registered",
+    };
+    let auditPoints = 0;
+    if (raw.auditsReported !== undefined)
+        auditPoints = Math.min(20, raw.auditsReported * 2);
+    breakdown.audits = {
+        value: auditPoints,
+        weight: 20,
+        note: raw.auditsReported !== undefined ? `${raw.auditsReported} audits linked on DefiLlama` : "no audit links",
+    };
+    const haveAnyData = data !== null || bounty !== undefined;
+    const total = tvlPoints + trendPoints + agePoints + breakdown.bounty.value + auditPoints;
+    return {
+        protocol,
+        score: haveAnyData ? Math.round(total) : undefined,
+        breakdown,
+        raw,
+    };
+}
+//# sourceMappingURL=risk-score.js.map

package/dist/modules/security/risk-score.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"risk-score.js","sourceRoot":"","sources":["../../../src/modules/security/risk-score.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAC;AAC5C,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAClD,OAAO,EAAE,KAAK,EAAE,MAAM,sBAAsB,CAAC;AAa7C,4DAA4D;AAC5D,kEAAkE;AAClE,MAAM,iBAAiB,GAA8D;IACnF,IAAI,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,SAAS,EAAE;IAClD,OAAO,EAAE,EAAE,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,UAAU,EAAE,EAAE,gCAAgC;IAC3F,IAAI,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,SAAS,EAAE;IAClD,UAAU,EAAE,EAAE,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,SAAS,EAAE;CAC/D,CAAC;AAEF,KAAK,UAAU,kBAAkB,CAAC,IAAY;IAC5C,MAAM,GAAG,GAAG,cAAc,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;IAC/C,OAAO,KAAK,CAAC,QAAQ,CAAC,GAAG,EAAE,SAAS,CAAC,aAAa,EAAE,KAAK,IAAI,EAAE;QAC7D,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,iCAAiC,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACrF,IAAI,CAAC,GAAG,CAAC,EAAE;gBAAE,OAAO,IAAI,CAAC;YACzB,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAkB,CAAC;QAC7C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED,wFAAwF;AACxF,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,QAAgB;IAazD,MAAM,IAAI,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;IACpC,MAAM,IAAI,GAAG,MAAM,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAE5C,MAAM,GAAG,GAOL,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC;IAE5B,IAAI,IAAI,EAAE,CAAC;QACT,GAAG,CAAC,MAAM,GAAG,IAAI,CAAC,GAAG,IAAI,SAAS,CAAC;QACnC,IAAI,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YACnD,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YAC7D,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YAC/D,IAAI,GAAG,IAAI,IAAI;gBAAE,GAAG,CAAC,WAAW,GAAG,KAAK,CAAC,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,CAAC;QACnE,CAAC;QACD,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,GAAG,CAAC,eAAe,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC;QAChF,CAAC;QACD,IAAI,IAAI,CAAC,WAAW;YAAE,GAAG,CAAC,cAAc,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC;IACrE,CAAC;IAED,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACvC,IAAI,MAAM,EAAE,CAAC;QACX,GAAG,CAAC,YAAY,GAAG,IAAI,CAAC;QACxB,GAAG,CAAC,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC;IACzC,CAAC;IAED,WAAW;IACX,4DAA4D;IAC5D,qEAAqE;IACrE,0DAA0D;IAC1D,wCAAwC;IACxC,iDAAiD;IACjD,MAAM,SAAS,GAAoE,EAAE,CAAC;IAEtF,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;QACf,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;IAC3E,CAAC;IACD,SAAS,CAAC,GAAG,GAAG;QACd,KAAK,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC;QAC1B,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,aAAa;KAC5E,CAAC;IAEF,IAAI,WAAW,GAAG,CAAC,CAAC;IACpB,IAAI,GAAG,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;QAClC,IAAI,GAAG,CAAC,WAAW,IAAI,CAAC;YAAE,WAAW,GAAG,EAAE,CAAC;aACtC,IAAI,GAAG,CAAC,WAAW,IAAI,CAAC,GAAG;YAAE,WAAW,GAAG,CAAC,CAAC;;YAC7C,WAAW,GAAG,CAAC,CAAC;IACvB,CAAC;IACD,SAAS,CAAC,QAAQ,GAAG;QACnB,KAAK,EAAE,WAAW;QAClB,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,GAAG,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,WAAW,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,eAAe;KAC5G,CAAC;IAEF,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,IAAI,GAAG,CAAC,eAAe,KAAK,SAAS,EAAE,CAAC;QACtC,IAAI,GAAG,CAAC,eAAe,IAAI,IAAI;YAAE,SAAS,GAAG,EAAE,CAAC;aAC3C,IAAI,GAAG,CAAC,eAAe,IAAI,GAAG;YAAE,SAAS,GAAG,EAAE,CAAC;;YAC/C,SAAS,GAAG,CAAC,CAAC;IACrB,CAAC;IACD,SAAS,CAAC,GAAG,GAAG;QACd,KAAK,EAAE,SAAS;QAChB,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,GAAG,CAAC,eAAe,KAAK,SAAS,CAAC,CAAC,CAAC,UAAU,GAAG,CAAC,eAAe,OAAO,CAAC,CAAC,CAAC,iBAAiB;KACnG,CAAC;IAEF,SAAS,CAAC,MAAM,GAAG;QACjB,KAAK,EAAE,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAChC,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,0BAA0B,CAAC,GAAG,CAAC,YAAY,IAAI,CAAC,CAAC,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC,CAAC,+BAA+B;KAChI,CAAC;IAEF,IAAI,WAAW,GAAG,CAAC,CAAC;IACpB,IAAI,GAAG,CAAC,cAAc,KAAK,SAAS;QAAE,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,cAAc,GAAG,CAAC,CAAC,CAAC;IACzF,SAAS,CAAC,MAAM,GAAG;QACjB,KAAK,EAAE,WAAW;QAClB,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,GAAG,CAAC,cAAc,KAAK,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,cAAc,6BAA6B,CAAC,CAAC,CAAC,gBAAgB;KAC/G,CAAC;IAEF,MAAM,WAAW,GAAG,IAAI,KAAK,IAAI,IAAI,MAAM,KAAK,SAAS,CAAC;IAC1D,MAAM,KAAK,GACT,SAAS,GAAG,WAAW,GAAG,SAAS,GAAG,SAAS,CAAC,MAAM,CAAC,KAAK,GAAG,WAAW,CAAC;IAE7E,OAAO;QACL,QAAQ;QACR,KAAK,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS;QAClD,SAAS;QACT,GAAG;KACJ,CAAC;AACJ,CAAC"}

package/dist/modules/security/schemas.d.ts

@@ -0,0 +1,31 @@
+import { z } from "zod";
+export declare const checkContractSecurityInput: z.ZodObject<{
+    address: z.ZodString;
+    chain: z.ZodEnum<[string, ...string[]]>;
+}, "strip", z.ZodTypeAny, {
+    address: string;
+    chain: string;
+}, {
+    address: string;
+    chain: string;
+}>;
+export declare const checkPermissionRisksInput: z.ZodObject<{
+    address: z.ZodString;
+    chain: z.ZodEnum<[string, ...string[]]>;
+}, "strip", z.ZodTypeAny, {
+    address: string;
+    chain: string;
+}, {
+    address: string;
+    chain: string;
+}>;
+export declare const getProtocolRiskScoreInput: z.ZodObject<{
+    protocol: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    protocol: string;
+}, {
+    protocol: string;
+}>;
+export type CheckContractSecurityArgs = z.infer<typeof checkContractSecurityInput>;
+export type CheckPermissionRisksArgs = z.infer<typeof checkPermissionRisksInput>;
+export type GetProtocolRiskScoreArgs = z.infer<typeof getProtocolRiskScoreInput>;

package/dist/modules/security/schemas.js

@@ -0,0 +1,16 @@
+import { z } from "zod";
+import { SUPPORTED_CHAINS } from "../../types/index.js";
+const chainEnum = z.enum(SUPPORTED_CHAINS);
+const addressSchema = z.string().regex(/^0x[a-fA-F0-9]{40}$/);
+export const checkContractSecurityInput = z.object({
+    address: addressSchema,
+    chain: chainEnum,
+});
+export const checkPermissionRisksInput = z.object({
+    address: addressSchema,
+    chain: chainEnum,
+});
+export const getProtocolRiskScoreInput = z.object({
+    protocol: z.string().min(1),
+});
+//# sourceMappingURL=schemas.js.map

package/dist/modules/security/schemas.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"schemas.js","sourceRoot":"","sources":["../../../src/modules/security/schemas.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAExD,MAAM,SAAS,GAAG,CAAC,CAAC,IAAI,CAAC,gBAAoD,CAAC,CAAC;AAC/E,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;AAE9D,MAAM,CAAC,MAAM,0BAA0B,GAAG,CAAC,CAAC,MAAM,CAAC;IACjD,OAAO,EAAE,aAAa;IACtB,KAAK,EAAE,SAAS;CACjB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChD,OAAO,EAAE,aAAa;IACtB,KAAK,EAAE,SAAS;CACjB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChD,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;CAC5B,CAAC,CAAC"}

package/dist/modules/security/verification.d.ts

@@ -0,0 +1,4 @@
+import type { SecurityReport, SupportedChain } from "../../types/index.js";
+/** Scan an ABI for dangerous function signatures. */
+export declare function scanAbiForDangerousFunctions(abi: unknown[] | undefined): string[];
+export declare function checkContractSecurity(address: `0x${string}`, chain: SupportedChain): Promise<SecurityReport>;