Skip to content

Harden .gitignore: ignore .env files#2

Merged
nullfox merged 9 commits into
mainfrom
claude/gambit-portfolio-prep-ko5pku
Jul 12, 2026
Merged

Harden .gitignore: ignore .env files#2
nullfox merged 9 commits into
mainfrom
claude/gambit-portfolio-prep-ko5pku

Conversation

@nullfox

@nullfox nullfox commented Jul 12, 2026

Copy link
Copy Markdown
Owner

Extend the secrets ignore list to cover .env / .env.* (allowing a
committed .env.example), plus the coverage/ test-output directory.
Wallet .json/.crypt and lib/ were already ignored.

Co-Authored-By: Claude Opus 4.8 noreply@anthropic.com
Claude-Session: https://claude.ai/code/session_019wRXFoSyPB5awSkHXSW4rn

nullfox and others added 9 commits July 12, 2026 20:46
Extend the secrets ignore list to cover .env / .env.* (allowing a
committed .env.example), plus the coverage/ test-output directory.
Wallet .json/.crypt and lib/ were already ignored.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_019wRXFoSyPB5awSkHXSW4rn
Wallet key files were encrypted with an AES-256-CBC key derived from an
unsalted MD5 of the password — fast to brute-force and identical for
identical passwords. Switch to memory-hard scrypt (N=16384, r=8, p=1)
with a per-file random salt.

New payloads carry a "GMBTv1" magic prefix and store the salt inline:
[magic][salt][iv][ciphertext]. decrypt() detects the prefix and falls
back to the legacy MD5 path for wallets created before this change, so
existing .crypt files keep working with no re-encryption step.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_019wRXFoSyPB5awSkHXSW4rn
- Remove unused deps: express, lowdb, node-notifier, log-update
  (and their @types). None were imported anywhere.
- Delete the unregistered encrypt/decrypt command handlers. They were
  never wired into gambit.ts and their per-chunk stream transform was
  incompatible with the salted crypt format. Wallet encryption lives in
  setup-wallet; decryption in the sniper's wallet loader.
- Remove the commented-out node-notifier blocks in snipe.ts and replace
  the console.dir(receipt) dumps with a concise logMinedTransaction()
  helper that logs the tx hash + explorer link through pino.
- Drop the debug console.log allowance dumps and a stray target-token
  approve() from Primary.buyNative's estimate path (a native ETH->token
  swap needs no token approval).
- Remove the commented pair-cache block in dex.ts and a stale
  "TODO: Loop spend" (the loop is implemented).
- Add package-lock.json for reproducible installs.
- Fill in the package.json description.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_019wRXFoSyPB5awSkHXSW4rn
Passwords and private keys passed as CLI arguments leak into shell
history and the process listing (ps auxww). Add a prompt service that
resolves secrets from, in order: an explicit flag (discouraged), an
environment variable, or a hidden interactive prompt.

- snipe: --password is now optional and discouraged. When the wallet is
  encrypted the password is prompted for (hidden) or read from
  GAMBIT_PASSWORD.
- setup-wallet: drop the positional <password> and <secretKey> args.
  Both are now prompted for (hidden, password confirmed) or read from
  GAMBIT_PASSWORD / GAMBIT_WALLET_KEY. Signature is now
  `setup-wallet <walletName> <address>`.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_019wRXFoSyPB5awSkHXSW4rn
By default the router is granted an unlimited (max-uint) allowance so a
single approval covers every future trade — the right latency/gas
tradeoff for sniping, but it leaves the full token balance exposed to a
compromised or malicious router indefinitely.

Collapse approveSourceToken/approveTargetToken onto one approveToken()
helper and add a chain-level exactApproval flag, surfaced as the snipe
`-e, --exactApproval` option. When set, only the current trade's spend
amount is approved. The default behaviour is unchanged.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_019wRXFoSyPB5awSkHXSW4rn
Extract the numeric trade-construction logic (slippage tolerance and the
gas-limit policy) out of Pair into a pure src/libs/execution.ts module,
and export the pair/factory adapter selectors, so they can be tested
without an RPC, wallet, or live chain.

Fix a latent bug uncovered while extracting the gas policy: the block
gas ceiling was computed as blockGasLimit * (GAS_LIMIT_THRESHOLD *
BP_DIVISOR) / BP_DIVISOR = blockGasLimit * 60, i.e. 60x the block limit,
so the ceiling never bound. GAS_LIMIT_THRESHOLD is documented "As
percent", so blockGasCeiling now takes 60% of the (normalized) block gas
limit using integer basis points.

Tests (24) cover:
- slippage math incl. 0% / 25% / 100% edges and 18-decimal precision
- block-gas normalization, the percentage ceiling, and the 1.4x
  multiplier — including basis-point integer safety
- clampGas pass-through vs. clamp-at-ceiling behaviour
- crypt round-trip, GMBTv1 prefix, per-file salt, wrong-password
  rejection, and legacy MD5 decryption
- adapter selection: camelot -> Camelot, unknown -> Primary; glacier ->
  GlacierFactory, else PrimaryFactory

Wire up `npm test` (vitest run) and scope tsc to src via include/exclude.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_019wRXFoSyPB5awSkHXSW4rn
GitHub Actions job on push to main and on pull requests: npm ci, tsc
build, then the vitest suite. Gives the repo a green-checkmark signal
and guards the build/tests on every change.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_019wRXFoSyPB5awSkHXSW4rn
- configs/chains/base.toml: Uniswap V2's official Base deployment
  (router 0x4752ba5D..., factory 0x8909Dc15...), which uses the standard
  V2 router interface and works with the Primary adapter unchanged.
  Sources: WETH (native) and native USDC (stable).
- CHANGELOG.md documenting the 2026 modernization pass.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_019wRXFoSyPB5awSkHXSW4rn
Rewrite the README to lead with the engineering rather than the sniping
use case:

- New one-liner: a low-latency EVM execution engine with a pluggable
  multi-DEX adapter layer.
- Feature the pair/factory adapter pattern (Camelot referrer-arg,
  Glacier stable-flag) as the centerpiece — the production-quirk
  abstraction that's the strongest "shipped real bots" signal.
- Add a rendered Mermaid architecture diagram plus a layer table
  (CLI -> Sniper -> Chain -> Dex -> Pair -> adapters -> TypeChain).
- Candid "Design observations, gaps & risks" section split into what
  this pass fixed (MD5->scrypt, secrets off argv, gas-ceiling bug) and
  remaining tradeoffs (unlimited approvals, public mempool, ethers v5).
- "What I'd build differently in 2026": private orderflow, ERC-4337,
  L2 calldata fee modeling, ethers v6/viem, pre-submission simulation.
- Portfolio note up top (sanitized; no keys/edge). Update install/usage
  for npm and the new prompt-based secret handling. Drop the rot-prone
  hotlinked banner image.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_019wRXFoSyPB5awSkHXSW4rn
@nullfox nullfox merged commit 59ce153 into main Jul 12, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant