- Secure secrets: gitignored ~/pyre/.env (chmod 600) loaded into the API via
`node --env-file-if-exists`; keys never committed/logged/returned. .env.example
documents the vars. Free-first default (text=gemini, image=pollinations).
- @pyre/config: provider selection + key fields.
- @pyre/prometheus: real providers via fetch (no SDK deps) — Gemini/Anthropic/
OpenAI text, Pollinations(free)/fal/DeepInfra/Replicate image, OpenAI moderation;
`createProviders()` factory selects by config + key presence, falls back to stub.
29 tests.
- @pyre/api: /api/prometheus/generate builds providers from config; keys never logged.
Live-verified end-to-end: admin-gated generate returned a real Spawn ("Ashen
Golem"/$AGOL) with a Pollinations image on the $0 stub-text+free-image stack;
.env-loaded admin token enforced. typecheck 8/8, 150 tests.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
End-to-end burn proven on mainnet (test wallet): build → sign → broadcast →
confirm → receipt → Essence. tx 5ddbmLRz… burned a dust token, closed the
account, returned 0.00197 SOL to the user, sent the 5% (103704 lamports) to the
treasury, recorded as Essence (Round #1 = 103704). Re-scan confirms the account
is gone; treasury credited; DB row written.
Discovered + documented: the treasury must be funded to rent-exemption before
collecting fees (a fee transfer into a 0-balance account fails "insufficient
funds for rent"). Noted in .env.example + design §3.1. Tracker: Phase 3 done.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- @pyre/solana: buildCloseEmptyAccountsTx (UNSIGNED v0 tx; re-validates each
account on-chain — owner==wallet, balance==0, correct program, not
frozen/delegated, Token-2022 EMPTY_CLOSE_ONLY via §7.1; rejects whole build on
any ineligible account), simulateTransaction, decodeTransaction. Rent
destination + close authority + fee payer all pinned to the wallet.
- @pyre/api: POST /api/build/close-empty (server re-validates, 400 on ineligible)
and POST /api/receipt (on-chain verified: meta.err==null, signer==wallet, rent
from balance delta; lists only closes whose destination==wallet).
- @pyre/web: select empty accounts → build → CLIENT-SIDE decode+match (7 checks:
feePayer/all-closeAccount/dest==wallet/closed-set==selected==preview) gates
signing → sign in wallet → send → confirm → on-chain receipt w/ explorer link.
Built by 3 agents, reviewed by 2 audits (security: SOUND — no critical/high;
integration: SHIP). Applied audit fixes: receipt destination check, doc/lint
cleanup. typecheck 8/8, core 85, solana 19, web build green. Live-verified: the
API refuses to build a close tx for a non-empty account (400). buildBurnTx
remains a Phase-3 stub.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- TOKEN_CLASSIFICATION.md: ASCII decision-flow diagram updated to match the
Rev-2 prose (program → extension → lock → empty → non-empty protected → route),
no longer routes all Token-2022 to UNSUPPORTED.
- CLAUDE.md: removed stale "Token-2022 support" from out-of-scope; documents
the gated Token-2022 policy + that classifier code still skips it for now.
- status.json: Phase 1 (Wallet Scanner) marked done — app deployed live at
feedthepyre.com (app at /, tracker at /status, api at /api), scan verified
end-to-end through the public stack.
Reviewed by a doc-consistency audit agent (verdict after fixes: consistent).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Server provisioning ran successfully: nginx + PostgreSQL + Redis live, UFW
active (22/2222/80/443), TLS issued for feedthepyre.com (+www), pm2-pyre
service enabled. Status dashboard updated (Phase 0 done; infra all green).
Adds scripts/deploy-status.sh for friction-free status-page redeploys.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- scripts/phase0-provision.sh: idempotent root setup (nginx, PostgreSQL,
Redis, certbot/TLS, UFW). Opens 22/2222/80/443 before enabling UFW so SSH
and Gitea git-SSH can't be locked out. Redis/Postgres stay localhost-only.
- infra/nginx/feedthepyre.com.conf: vhost serving the status page; commented
web(:3000)/api(:4000) reverse-proxy blocks ready for app deploy.
- infra/status/: data-driven dev status dashboard (status.json + gen-status.mjs
+ prebuilt index.html), served at feedthepyre.com.
- ecosystem.config.cjs (PM2), infra/systemd/pm2-pyre.service, infra/logrotate/pyre,
scripts/backup.sh — process mgmt + ops (inert until apps are built).
Built by 4 parallel agents, reviewed by 2 audit agents; audit fixes applied
(logs dir creation, port-citation accuracy, status truthfulness). pm2 installed
user-level. Privileged steps gated on `sudo bash scripts/phase0-provision.sh`.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
