feat(phase1): wallet scanner — scan API, classifier, token fetch, web UI
- @pyre/core: conservative classifier (classifyTokenAccount) + types + risk constants. EMPTY only when truly empty + classic-SPL + not frozen/delegated; Token-2022/unknown → UNSUPPORTED; frozen/delegated/NFT/valuable/over-threshold → PROTECTED_SKIP; TRANSMUTABLE only via explicit route hook (none in MVP). 43 unit tests incl. a "never says safe" assertion. - @pyre/solana: parseTokenAccounts (SPL + Token-2022 detection, NFT heuristic, rent, defensive owner cross-check) + tests. Tx builders remain Phase-2 stubs. - @pyre/config: loadConfig() from env. - @pyre/api: POST /api/scan — validates pubkey, recomputes classification server-side, CORS + rate-limit; DB persistence deferred. Live-RPC smoke OK. - @pyre/web: wallet-connect (Wallet Standard) + grouped scan UI, ember theme, trust wording (no "safe"); next.config transpiles @pyre/core; prod build OK. Built by 4 agents on a locked core contract; 2 audit agents (security: SOUND; build: 1 blocker → fixed). Stripped .js import extensions in @pyre/core so Turbopack resolves the source package. All typecheck + tests + build green. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -12,6 +12,7 @@
|
||||
"test": "echo \"test: ok (placeholder)\""
|
||||
},
|
||||
"devDependencies": {
|
||||
"@types/node": "^22.10.0",
|
||||
"typescript": "^5.7.2"
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/**
|
||||
* @pyre/config — shared config & environment loading (SKELETON).
|
||||
* @pyre/config — shared config & environment loading.
|
||||
*
|
||||
* Responsibilities (§13): shared config and environment loading. Variables mirror
|
||||
* `.env.example` at the repo root.
|
||||
@@ -61,12 +61,88 @@ export interface Env {
|
||||
}
|
||||
|
||||
/**
|
||||
* Load and validate configuration from the process environment.
|
||||
*
|
||||
* TODO: read from `process.env` (mapping the variables in `.env.example`),
|
||||
* validate/coerce types, apply defaults, and fail fast on missing required
|
||||
* values. Never hardcode secrets. There is intentionally no private-key var.
|
||||
* The strongly-typed application configuration consumed by apps (`@pyre/api`,
|
||||
* `@pyre/worker`, etc.). This is the subset of {@link Env} that the runtime
|
||||
* code actually depends on; it is a structural superset-friendly alias so
|
||||
* callers can `loadConfig()` and read exactly the fields they need.
|
||||
*/
|
||||
export function loadConfig(): Env {
|
||||
throw new Error("not implemented");
|
||||
export interface AppConfig {
|
||||
/** Solana JSON-RPC HTTP endpoint. */
|
||||
solanaRpcUrl: string;
|
||||
/** Solana cluster the RPC endpoint targets. */
|
||||
solanaCluster: SolanaCluster;
|
||||
/** PostgreSQL connection string. */
|
||||
databaseUrl: string;
|
||||
/** Redis connection string (queues, cache, rate limiting). */
|
||||
redisUrl: string;
|
||||
/** HTTP port the API listens on. */
|
||||
apiPort: number;
|
||||
/** Public origin of the web app — used for CORS. */
|
||||
webPublicUrl: string;
|
||||
/** Bearer token protecting admin endpoints (empty when unset). */
|
||||
adminApiToken: string;
|
||||
/** Max /api/scan requests per wallet/IP per minute. */
|
||||
rateLimitScanPerMin: number;
|
||||
/** Skip non-empty tokens valued above this many USD. */
|
||||
protectedUsdThreshold: number;
|
||||
}
|
||||
|
||||
/** A minimal env-shaped record. `process.env` satisfies this. */
|
||||
export type EnvSource = Record<string, string | undefined>;
|
||||
|
||||
const VALID_CLUSTERS: ReadonlySet<string> = new Set([
|
||||
"mainnet-beta",
|
||||
"devnet",
|
||||
"testnet",
|
||||
]);
|
||||
|
||||
/**
|
||||
* Parse a value as a finite, non-negative integer, falling back to `fallback`
|
||||
* when the value is missing, blank, or not a valid number.
|
||||
*/
|
||||
function parseIntSafe(value: string | undefined, fallback: number): number {
|
||||
if (value == null) return fallback;
|
||||
const trimmed = value.trim();
|
||||
if (trimmed === "") return fallback;
|
||||
const n = Number(trimmed);
|
||||
return Number.isFinite(n) ? n : fallback;
|
||||
}
|
||||
|
||||
/** Read a string env var, trimming and falling back to a default. */
|
||||
function str(value: string | undefined, fallback: string): string {
|
||||
if (value == null) return fallback;
|
||||
const trimmed = value.trim();
|
||||
return trimmed === "" ? fallback : trimmed;
|
||||
}
|
||||
|
||||
/** Coerce a cluster string to the supported union, defaulting to mainnet-beta. */
|
||||
function parseCluster(value: string | undefined): SolanaCluster {
|
||||
const v = str(value, "mainnet-beta");
|
||||
return (VALID_CLUSTERS.has(v) ? v : "mainnet-beta") as SolanaCluster;
|
||||
}
|
||||
|
||||
/**
|
||||
* Load and validate application configuration from the process environment.
|
||||
*
|
||||
* Maps the variables documented in `.env.example`, coerces numeric fields
|
||||
* safely, and applies sensible defaults that match `.env.example`. Never
|
||||
* hardcodes secrets, and there is intentionally no private-key variable.
|
||||
*
|
||||
* @param env - environment source (defaults to `process.env`).
|
||||
*/
|
||||
export function loadConfig(env: EnvSource = process.env): AppConfig {
|
||||
return {
|
||||
solanaRpcUrl: str(env.SOLANA_RPC_URL, "https://api.mainnet-beta.solana.com"),
|
||||
solanaCluster: parseCluster(env.SOLANA_CLUSTER),
|
||||
databaseUrl: str(
|
||||
env.DATABASE_URL,
|
||||
"postgresql://pyre:pyre@localhost:5432/pyre",
|
||||
),
|
||||
redisUrl: str(env.REDIS_URL, "redis://localhost:6379"),
|
||||
apiPort: parseIntSafe(env.API_PORT, 4000),
|
||||
webPublicUrl: str(env.WEB_PUBLIC_URL, "http://localhost:3000"),
|
||||
adminApiToken: str(env.ADMIN_API_TOKEN, ""),
|
||||
rateLimitScanPerMin: parseIntSafe(env.RATE_LIMIT_SCAN_PER_MIN, 10),
|
||||
protectedUsdThreshold: parseIntSafe(env.PROTECTED_USD_THRESHOLD, 50),
|
||||
};
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user