- @pyre/solana: buildCloseEmptyAccountsTx (UNSIGNED v0 tx; re-validates each
account on-chain — owner==wallet, balance==0, correct program, not
frozen/delegated, Token-2022 EMPTY_CLOSE_ONLY via §7.1; rejects whole build on
any ineligible account), simulateTransaction, decodeTransaction. Rent
destination + close authority + fee payer all pinned to the wallet.
- @pyre/api: POST /api/build/close-empty (server re-validates, 400 on ineligible)
and POST /api/receipt (on-chain verified: meta.err==null, signer==wallet, rent
from balance delta; lists only closes whose destination==wallet).
- @pyre/web: select empty accounts → build → CLIENT-SIDE decode+match (7 checks:
feePayer/all-closeAccount/dest==wallet/closed-set==selected==preview) gates
signing → sign in wallet → send → confirm → on-chain receipt w/ explorer link.
Built by 3 agents, reviewed by 2 audits (security: SOUND — no critical/high;
integration: SHIP). Applied audit fixes: receipt destination check, doc/lint
cleanup. typecheck 8/8, core 85, solana 19, web build green. Live-verified: the
API refuses to build a close tx for a non-empty account (400). buildBurnTx
remains a Phase-3 stub.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Implements the §7.1 policy in code so Token-2022 (pump.fun) tokens are cleanable
when safe:
- @pyre/core: extensions.ts (BLOCKING/FLAGGED/SAFE sets + evaluateTokenExtensions);
classify.ts gates Token-2022 on account+mint extensions; unknown extension or
confidential-transfer/withheld-fee -> UNSUPPORTED; transfer-hook/permanent-
delegate/pausable -> cleanable+flagged. Added malformed-u64-balance guard.
- @pyre/solana: parseTokenAccounts reads account extensions + withheld fee, and
batch-fetches MINT extensions (getMultipleParsedAccounts, chunked).
SECURITY (from audit): mint-fetch failure no longer silently downgrades to
account-level-only (which could hide a mint-level blocking extension). Token-2022
accounts with unverified mints are marked extensionsVerified=false and classified
UNSUPPORTED ("unknown means skip"). Two audit agents: integration SHIP; security
found this CRITICAL -> fixed + tested.
Tests: core 85, solana 8. Live verified: the two pump.fun Token-2022 tokens now
classify INCINERATE_ONLY (were UNSUPPORTED). classic-SPL behavior unchanged.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
