safehands-pharos 1.4.0 → 1.5.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "safehands-pharos",
-  "version": "1.4.0",
+  "version": "1.5.0",
   "description": "Pharos Skill Engine-compatible transaction safety firewall for AI agents.",
   "type": "module",
   "main": "dist/index.js",
@@ -14,11 +14,8 @@
   "files": [
     "dist",
     "contracts",
-    "examples",
-    "skill",
     "README.md",
     ".env.example",
-    "docs",
     "LICENSE"
   ],
   "scripts": {
@@ -26,12 +23,6 @@
     "start": "node dist/index.js",
     "dev": "tsx src/index.ts",
     "x402-server": "tsx src/x402Server.ts",
-    "test:rpc": "tsx src/lib/testRpc.ts",
-    "test:rpc:live": "tsx src/lib/testRpcLive.ts",
-    "test:all": "tsx src/lib/testTools.ts",
-    "test:live:safehands": "tsx src/lib/testLiveSafehands.ts",
-    "test:x402:live": "tsx src/lib/testX402Live.ts",
-    "test:dodo:live": "tsx src/lib/testDodoLive.ts",
     "demo": "tsx src/demo.ts"
   },
   "keywords": [
@@ -65,18 +56,17 @@
   },
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.12.1",
-    "@types/express": "^5.0.6",
-    "@x402/core": "^2.14.0",
-    "@x402/evm": "^2.14.0",
-    "@x402/express": "^2.14.0",
-    "@x402/fetch": "^2.14.0",
+    "@x402/core": "^2.15.0",
+    "@x402/evm": "^2.15.0",
+    "@x402/express": "^2.15.0",
+    "@x402/fetch": "^2.15.0",
     "express": "^5.2.1",
     "viem": "^2.31.3",
     "zod": "^3.25.67"
   },
   "devDependencies": {
+    "@types/express": "^5.0.6",
     "@types/node": "^22.15.0",
-    "solc": "^0.8.28",
     "tsx": "^4.20.3",
     "typescript": "^5.8.3"
   }

package/examples/dashboard/index.html

@@ -1,337 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>SafeHands Pharos | Threat Radar</title>
-    <style>
-        :root {
-            --bg-color: #0b0c10;
-            --surface-color: rgba(31, 40, 51, 0.7);
-            --border-color: rgba(69, 162, 158, 0.2);
-            --text-main: #c5c6c7;
-            --text-accent: #66fcf1;
-            --danger: #ff4b4b;
-            --success: #4caf50;
-            --warning: #ffc107;
-        }
-
-        * {
-            margin: 0;
-            padding: 0;
-            box-sizing: border-box;
-            font-family: 'Inter', -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Helvetica, Arial, sans-serif;
-        }
-
-        body {
-            background-color: var(--bg-color);
-            color: var(--text-main);
-            min-height: 100vh;
-            background-image: 
-                radial-gradient(circle at 15% 50%, rgba(102, 252, 241, 0.08) 0%, transparent 50%),
-                radial-gradient(circle at 85% 30%, rgba(255, 75, 75, 0.05) 0%, transparent 50%);
-            overflow-x: hidden;
-        }
-
-        .container {
-            max-width: 1200px;
-            margin: 0 auto;
-            padding: 2rem;
-        }
-
-        header {
-            display: flex;
-            justify-content: space-between;
-            align-items: center;
-            margin-bottom: 3rem;
-            border-bottom: 1px solid var(--border-color);
-            padding-bottom: 1.5rem;
-        }
-
-        .logo {
-            font-size: 1.8rem;
-            font-weight: 800;
-            letter-spacing: -1px;
-            background: linear-gradient(90deg, #fff, var(--text-accent));
-            -webkit-background-clip: text;
-            -webkit-text-fill-color: transparent;
-            display: flex;
-            align-items: center;
-            gap: 10px;
-        }
-
-        .badge {
-            background: rgba(102, 252, 241, 0.1);
-            color: var(--text-accent);
-            padding: 0.4rem 1rem;
-            border-radius: 50px;
-            font-size: 0.85rem;
-            font-weight: 600;
-            border: 1px solid rgba(102, 252, 241, 0.3);
-            box-shadow: 0 0 10px rgba(102, 252, 241, 0.1);
-        }
-
-        .dashboard-grid {
-            display: grid;
-            grid-template-columns: 1fr 2fr;
-            gap: 2rem;
-        }
-
-        .card {
-            background: var(--surface-color);
-            backdrop-filter: blur(16px);
-            border: 1px solid var(--border-color);
-            border-radius: 16px;
-            padding: 1.5rem;
-            box-shadow: 0 8px 32px rgba(0, 0, 0, 0.3);
-            transition: transform 0.3s ease, border-color 0.3s ease;
-        }
-
-        .card:hover {
-            transform: translateY(-5px);
-            border-color: rgba(102, 252, 241, 0.4);
-        }
-
-        .card-header {
-            font-size: 1.1rem;
-            font-weight: 600;
-            margin-bottom: 1.5rem;
-            color: #fff;
-            display: flex;
-            justify-content: space-between;
-        }
-
-        .metric {
-            font-size: 3rem;
-            font-weight: 700;
-            color: var(--text-accent);
-            margin-bottom: 0.5rem;
-        }
-
-        .metric-label {
-            font-size: 0.9rem;
-            color: #888;
-        }
-
-        /* Table Styles */
-        .table-container {
-            width: 100%;
-            overflow-x: auto;
-        }
-
-        table {
-            width: 100%;
-            border-collapse: collapse;
-        }
-
-        th {
-            text-align: left;
-            padding: 1rem;
-            font-size: 0.85rem;
-            text-transform: uppercase;
-            letter-spacing: 1px;
-            color: #888;
-            border-bottom: 1px solid var(--border-color);
-        }
-
-        td {
-            padding: 1rem;
-            font-size: 0.95rem;
-            border-bottom: 1px solid rgba(255,255,255,0.05);
-        }
-
-        tr:last-child td {
-            border-bottom: none;
-        }
-
-        tr:hover td {
-            background: rgba(255, 255, 255, 0.02);
-        }
-
-        .hash {
-            font-family: 'Courier New', Courier, monospace;
-            color: #888;
-        }
-
-        .status {
-            padding: 0.3rem 0.8rem;
-            border-radius: 4px;
-            font-size: 0.8rem;
-            font-weight: 600;
-        }
-
-        .status.blocked {
-            background: rgba(255, 75, 75, 0.1);
-            color: var(--danger);
-            border: 1px solid rgba(255, 75, 75, 0.3);
-        }
-
-        .status.allowed {
-            background: rgba(76, 175, 80, 0.1);
-            color: var(--success);
-            border: 1px solid rgba(76, 175, 80, 0.3);
-        }
-
-        .status.warn {
-            background: rgba(255, 193, 7, 0.1);
-            color: var(--warning);
-            border: 1px solid rgba(255, 193, 7, 0.3);
-        }
-
-        .live-indicator {
-            display: inline-block;
-            width: 8px;
-            height: 8px;
-            background-color: var(--danger);
-            border-radius: 50%;
-            margin-right: 8px;
-            box-shadow: 0 0 8px var(--danger);
-            animation: pulse 1.5s infinite;
-        }
-
-        @keyframes pulse {
-            0% { transform: scale(0.95); opacity: 0.8; }
-            50% { transform: scale(1.2); opacity: 1; }
-            100% { transform: scale(0.95); opacity: 0.8; }
-        }
-
-        /* Pulse animation for new rows */
-        @keyframes highlightRow {
-            0% { background-color: rgba(255, 75, 75, 0.2); }
-            100% { background-color: transparent; }
-        }
-
-        .new-row {
-            animation: highlightRow 2s ease-out;
-        }
-    </style>
-    <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;700;800&display=swap" rel="stylesheet">
-</head>
-<body>
-    <div style="background: rgba(255, 193, 7, 0.12); border-bottom: 1px solid rgba(255, 193, 7, 0.4); padding: 0.6rem 2rem; font-size: 0.85rem; color: #ffc107; text-align: center; letter-spacing: 0.02em;">
-        ⚠️ <strong>Demo visualization only.</strong> All data shown is simulated — this dashboard does not connect to a live MCP server or RiskRegistry contract.
-    </div>
-    <div class="container">
-        <header>
-            <div class="logo">
-                <svg width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
-                    <path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z"></path>
-                </svg>
-                SafeHands
-            </div>
-            <div class="badge">Pharos Atlantic Testnet (688689)</div>
-        </header>
-
-        <div class="dashboard-grid">
-            <div class="column-left">
-                <div class="card" style="margin-bottom: 2rem;">
-                    <div class="card-header">Threats Blocked</div>
-                    <div class="metric" id="threatCount">1,248</div>
-                    <div class="metric-label">+12 in the last hour</div>
-                </div>
-
-                <div class="card">
-                    <div class="card-header">Top Blocked Vectors</div>
-                    <ul style="list-style: none; margin-top: 1rem;">
-                        <li style="margin-bottom: 1rem; display: flex; justify-content: space-between;">
-                            <span>Unlimited Approvals</span>
-                            <span style="color: var(--danger);">68%</span>
-                        </li>
-                        <li style="margin-bottom: 1rem; display: flex; justify-content: space-between;">
-                            <span>SSRF (Localhost) x402</span>
-                            <span style="color: var(--warning);">22%</span>
-                        </li>
-                        <li style="display: flex; justify-content: space-between;">
-                            <span>Mainnet Leakage</span>
-                            <span style="color: #888;">10%</span>
-                        </li>
-                    </ul>
-                </div>
-            </div>
-
-            <div class="column-right">
-                <div class="card" style="height: 100%;">
-                    <div class="card-header">
-                        <div><span class="live-indicator"></span> Agent Preflight Log (Simulated)</div>
-                        <span style="font-size: 0.8rem; color: #888;">Demo data — not live</span>
-                    </div>
-                    <div class="table-container">
-                        <table>
-                            <thead>
-                                <tr>
-                                    <th>Action</th>
-                                    <th>Target / Details</th>
-                                    <th>Decision</th>
-                                    <th>Risk Reason</th>
-                                </tr>
-                            </thead>
-                            <tbody id="logTable">
-                                <!-- Populated by JS -->
-                            </tbody>
-                        </table>
-                    </div>
-                </div>
-            </div>
-        </div>
-    </div>
-
-    <script>
-        const initialLogs = [
-            { action: "approve_token", target: "0xBadActor...9812", decision: "BLOCK", reason: "Unlimited approval requested" },
-            { action: "x402_pay", target: "http://127.0.0.1/admin", decision: "BLOCK", reason: "SSRF_BLOCKED (Localhost)" },
-            { action: "send_payment", target: "0xAgentB...4411 (0.001 PHRS)", decision: "ALLOW", reason: "Low risk testnet payment" },
-            { action: "execute_swap", target: "Unverified Token Pool", decision: "WARN", reason: "Custom Token Non-Registry" },
-            { action: "approve_token", target: "0xSkillEngine...4321", decision: "ALLOW", reason: "Limited approval (50 USDC)" }
-        ];
-
-        const logTable = document.getElementById('logTable');
-
-        function createRow(log, isNew = false) {
-            const tr = document.createElement('tr');
-            if (isNew) tr.classList.add('new-row');
-            
-            let statusClass = 'allowed';
-            if (log.decision === 'BLOCK') statusClass = 'blocked';
-            if (log.decision === 'WARN') statusClass = 'warn';
-
-            tr.innerHTML = `
-                <td style="font-weight: 600;">${log.action}</td>
-                <td class="hash">${log.target}</td>
-                <td><span class="status ${statusClass}">${log.decision}</span></td>
-                <td style="color: #aaa; font-size: 0.85rem;">${log.reason}</td>
-            `;
-            return tr;
-        }
-
-        // Init table
-        initialLogs.forEach(log => logTable.appendChild(createRow(log)));
-
-        // Simulate live incoming threats
-        const newThreats = [
-            { action: "x402_pay", target: "http://192.168.1.1/config", decision: "BLOCK", reason: "SSRF_BLOCKED (Private IP)" },
-            { action: "custom_call", target: "Mainnet Router (Chain 1)", decision: "BLOCK", reason: "Mainnet execution blocked" },
-            { action: "send_payment", target: "0xUnknown...9999 (1000 PHRS)", decision: "BLOCK", reason: "Payment exceeds 0.01 limit" }
-        ];
-
-        let count = parseInt(document.getElementById('threatCount').innerText.replace(',', ''));
-        
-        let threatIndex = 0;
-        setInterval(() => {
-            if(threatIndex >= newThreats.length) threatIndex = 0; // loop for demo
-            
-            const log = newThreats[threatIndex];
-            const row = createRow(log, true);
-            
-            logTable.insertBefore(row, logTable.firstChild);
-            if(logTable.children.length > 6) {
-                logTable.removeChild(logTable.lastChild);
-            }
-            
-            count++;
-            document.getElementById('threatCount').innerText = count.toLocaleString();
-            
-            threatIndex++;
-        }, 4000); // New log every 4 seconds
-    </script>
-</body>
-</html>

package/examples/pharos-skill-engine/SKILL.safehands.md

@@ -1,85 +0,0 @@
----
-name: safehands-guard
-version: 1.0.0
-description: Transaction Safety Firewall / Guardrail Skill for Pharos Skill Engine on Pharos Atlantic Testnet.
-author: SZtch
-chain: pharos-atlantic-testnet
-tags: [pharos, skill-engine, guardrail, transaction-safety, x402, risk, ai-agent]
----
-
-# SafeHands Guard
-
-SafeHands Guard is a **Transaction Safety Firewall / Guardrail Skill** for Pharos Skill Engine. It checks whether an AI agent action, token approval, x402 payment, swap, wallet action, or token interaction is safe before execution on Pharos Atlantic Testnet.
-
-Use this skill when the user wants to check whether an AI agent action, transaction, token approval, x402 payment, swap, wallet action, or token interaction is safe before execution on Pharos Atlantic Testnet.
-
-SafeHands complements Pharos Skill Engine. It is not a replacement for Pharos Skill Engine and should not be used as a generic Web3 toolbox.
-
-```text
-User intent
-→ SafeHands preflight
-→ ALLOW / WARN / BLOCK / REQUIRE_CONFIRMATION
-→ Pharos Skill Engine or MCP execution
-→ SafeHands risk report
-```
-
-## When to use this skill
-
-Use SafeHands when:
-
-- The user or agent is about to send PHRS, approve tokens, swap assets, call a custom contract, publish risk data, or pay an x402 endpoint.
-- The user asks if a token address is canonical, custom, non-registry, unknown, or invalid.
-- The user asks why an action was blocked, warned, or requires confirmation.
-- The agent needs a wallet readiness check before an on-chain or x402 action.
-
-## When not to use this skill
-
-Do not use SafeHands as the primary execution engine for generic Web3 tasks. If the user only wants to deploy a contract, write Solidity, or perform a normal Pharos Skill Engine tutorial flow, use the appropriate Pharos Skill Engine capability first and add SafeHands only as the preflight guardrail.
-
-## Pharos Atlantic Testnet context
-
-| Field | Value |
-|---|---|
-| Environment | `atlantic-testnet` |
-| Chain ID | `688689` |
-| Mainnet | `false` |
-| Default write tools | disabled |
-| Safety posture | testnet-only guardrail |
-
-## Capability Index
-
-| User wants to... | Capability | Reference |
-|---|---|---|
-| Check whether an on-chain action is safe before execution | SafeHands Preflight Check | references/safehands.md#safehands-preflight-check |
-| Check whether an x402 paid endpoint is safe to pay | SafeHands x402 Preflight | references/safehands.md#safehands-x402-preflight |
-| Check whether an agent wallet is ready to act | SafeHands Wallet Health | references/safehands.md#safehands-wallet-health |
-| Check whether a token address is canonical or custom | Token Registry Status | references/safehands.md#token-registry-status |
-| Explain why an action was blocked or warned | Explain Risk | references/safehands.md#explain-risk |
-| Generate a human-readable safety report | SafeHands Risk Report | references/safehands.md#safehands-risk-report |
-
-## Natural language examples
-
-- "Check if this token approval is safe before execution."
-- "Run SafeHands preflight before paying this x402 endpoint."
-- "Explain why this action was blocked."
-- "Check whether this token is canonical on Pharos Atlantic Testnet."
-- "Tell me if this wallet is ready for x402 payment."
-
-## Agent behavior guidelines
-
-1. Always run `safehands_preflight_check` before any write action.
-2. If `decision` is `BLOCK`, do not execute the action.
-3. If `decision` is `WARN`, explain the risk and ask for user confirmation.
-4. If `decision` is `REQUIRE_CONFIRMATION`, ask for explicit user approval.
-5. If `decision` is `REQUIRE_FUNDING`, ask the user to fund the testnet wallet before continuing.
-6. If `decision` is `REQUIRE_TOKEN_REVIEW`, ask the user to verify the exact token contract.
-7. If `decision` is `ALLOW`, the action may continue through Pharos Skill Engine or MCP execution.
-8. Never silently replace a user-provided token address.
-9. Never request or reveal private keys in the conversation.
-10. Treat SafeHands output as a safety decision, not a guarantee that external contracts are audited.
-
-## Safety disclaimer
-
-SafeHands is built for Pharos Atlantic Testnet hackathon workflows. It is not audited for mainnet production use. Write tools are disabled by default and require explicit configuration. Managed wallet storage is testnet-grade only.
-
-For command templates, parameters, output parsing, and error handling, see [`references/safehands.md`](references/safehands.md).

package/examples/pharos-skill-engine/assets/safehands/example-actions.json

@@ -1,49 +0,0 @@
-{
-  "safeApproval": {
-    "actionType": "approve_token",
-    "chainId": 688689,
-    "isMainnet": false,
-    "tokenAddress": "0xcfC8330f4BCAB529c625D12781b1C19466A9Fc8B",
-    "spender": "0x000000000000000000000000000000000000dEaD",
-    "approvalAmount": "1"
-  },
-  "blockedUnlimitedApproval": {
-    "actionType": "approve_token",
-    "chainId": 688689,
-    "isMainnet": false,
-    "tokenAddress": "0xcfC8330f4BCAB529c625D12781b1C19466A9Fc8B",
-    "spender": "0x000000000000000000000000000000000000dEaD",
-    "approvalAmount": "max"
-  },
-  "x402FreeEndpoint": {
-    "url": "https://example.com/health",
-    "paymentAmountUsdc": "0",
-    "probeEndpoint": false
-  },
-  "x402PaidEndpoint": {
-    "url": "https://example.com/assess-risk",
-    "paymentAmountUsdc": "0.001",
-    "probeEndpoint": false
-  },
-  "mainnetBlockedAction": {
-    "actionType": "send_payment",
-    "chainId": 1,
-    "isMainnet": true,
-    "recipient": "0x000000000000000000000000000000000000dEaD",
-    "amount": "0.001"
-  },
-  "chainIdMismatch": {
-    "actionType": "send_payment",
-    "chainId": 688688,
-    "isMainnet": false,
-    "recipient": "0x000000000000000000000000000000000000dEaD",
-    "amount": "0.001"
-  },
-  "customTokenWarning": {
-    "actionType": "execute_swap",
-    "chainId": 688689,
-    "isMainnet": false,
-    "tokenAddress": "0x000000000000000000000000000000000000dEaD",
-    "amount": "1"
-  }
-}

package/examples/pharos-skill-engine/assets/safehands/policy-defaults.json

@@ -1,11 +0,0 @@
-{
-  "environment": "atlantic-testnet",
-  "chainId": 688689,
-  "isMainnet": false,
-  "writeToolsEnabledByDefault": false,
-  "allowUnlimitedApprovalByDefault": false,
-  "maxTxAmountPHRS": "0.1",
-  "maxX402PaymentUSDC": "0.01",
-  "maxApprovalAmountUSDC": "10",
-  "maxDailySpendUSD": "10"
-}