szhygulin/recon-crypto-mcp

Highlights

• Adversarial-smoke-test invariant batch — coordinated with skill v0.6.0. New agent-side invariants: outer dispatch-target allowlist (#1.a), chain-must-be-explicit refusal (#2.5), Tier-1 bridge facet decoder (#6b), set-level intent verification (#14), durable-binding source-of-truth (#15), §8 message-signing hardening (byte fingerprint + drainer-template refusal), §12.5 mandatory second-LLM hard-trigger ops, forward-looking §16 EIP-7702 refuse-all + §1b/#2b typed-data (skill v9 will populate when MCP surface ships). MCP companion: [SET-LEVEL ENUMERATION] block on get_token_allowances, assertCanonicalDispatchTarget helper, sentinel pin bump v7→v8 (#480, closes #450, #451 Tier-1, #452, #453, #454, #455 forward-looking, #460, #461).
• Earlier skill pin bumps — multi-step BTC combine_btc_psbts + prepare_btc_rbf_bump re-decode (Inv #13, skill v0.5.0, MCP #465 closes #463); Inv #2 framed as corroborating-not-load-bearing (skill v0.5.1, MCP #468 closes #462).
• Health-alerts multi-protocol expansion — get_health_alerts now monitors Compound V3, Morpho Blue, MarginFi, and Kamino alongside Aave V3 (#466, closes #427).
• Demo-mode followups (#449) — markdown-rendered simulation envelope, --demo CLI alias, persona-affinity-aware refusal messages, weekly persona rotation watcher CI job, README + CONTRIBUTING docs for the post-#380 demo model.
• Update-available notice + get_update_command tool — install-path-aware update flow that detects whether the user is on the npm CLI / pkg-bundled binary / source clone and emits the right one-liner (#457).
• Solana NFT portfolio — get_nft_portfolio covers Solana via Helius DAS getAssetsByOwner (#478, closes #433).
• Dry-run / unsigned-bytes mode for prepare_* — agents can inspect prepared txs end-to-end without entering the signing path (#477, closes #446).
• Lido stETH ↔ wstETH wrap/unwrap — prepare_lido_wrap / prepare_lido_unwrap (#467, closes #442).
• Incident report v1 — build_incident_report produces a redacted, sign-anchored bundle for adversarial-event triage (#426, closes #425).
• MEV-protection hint on EVM swaps — sandwich-MEV warning when slippage × notional crosses the mainnet threshold (#472, closes #445); L2 expansion deferred to roadmap.
• Contacts without Ledger — first-run users can label addresses before pairing via in-memory store (#471, closes #428).
• BTC RBF + fee priority — prepare_btc_rbf_bump for replace-by-fee, smarter mempool-fee defaults (#473, closes #435).
• Demo persona contacts pre-loaded — friendly labels in demo without manual contact entry (#406).
• Aave V3 frozen-market hardening — clearer error surface when a market is paused/frozen (#419).

Included PRs

• #406 feat(demo): pre-load demo persona contacts
• #407 ci: drop redundant binary smoke from PR runs (kept in release-binaries.yml)
• #408 fix(demo): decouple restart-required from demo framing in error prose (#415)
• #410 fix(solana): proactive Helius nudge + broaden public-RPC throttle detection (#423)
• #409 fix(demo): one-shot state-precondition hint on prepare_* failures (#422)
• #411 fix: protocol-routing edge-case in lending-positions (#421)
• #413 fix(allowances): error surface tightening (#416)
• #414 fix(preflight): pin block format edge case (#417)
• #418 chore(claude-md): always branch from main, never stack PRs
• #419 fix(aave): frozen-market error path
• #420 feat(demo): enrich personas with rehearsable-flows + flow-gaps metadata
• #422 (link via #409)
• #423 (link via #410)
• #424 chore(release): orphan 0.11.1 bump (subsumed into 0.12.0)
• #426 feat: incident-report v1 (#425)
• #427 (link via #466)
• #428 (link via #471)
• #433 (link via #478)
• #435 (link via #473)
• #442 (link via #467)
• #445 (link via #472)
• #446 (link via #477)
• #449 feat(demo): demo-saga followups bundle (#3-#7 from plan)
• #450 closed by skill v0.6.0 + MCP #480
• #451 Tier-1 closed by skill v0.6.0; Tier-2 deferred to roadmap
• #452 closed by skill v0.6.0
• #453 forward-looking closed by skill v0.6.0
• #454 closed by skill v0.6.0
• #455 forward-looking closed by skill v0.6.0; impl tracked at #481
• #457 feat: install-path-aware update flow + get_update_command tool
• #458 chore(release): orphan 0.11.1 retag (subsumed into 0.12.0)
• #459 ci: auto-triage agent (subsequently reverted, see #464)
• #460 closed by skill v0.6.0 + MCP #480
• #461 closed by skill v0.6.0 + MCP #480
• #462 closed by skill v0.5.1 + MCP #468
• #463 closed by skill v0.5.0 + MCP #465
• #464 chore: revert auto-triage workflow (#459)
• #465 fix(skill-pin): bump to v6 for Inv #13 multi-step BTC
• #466 fix(health-alerts): extend coverage to Compound V3 / Morpho / MarginFi / Kamino
• #467 feat(lido): prepare_lido_wrap / prepare_lido_unwrap (stETH ↔ wstETH)
• #468 fix(skill-pin): bump to v7 for Inv #2 framing
• #469 chore(roadmap): defer #443 (separate compare_yields adapter expansion)
• #470 chore(roadmap): defer Aptos / Sui chain support to roadmap
• #471 fix(contacts): in-memory store for first-run / no-Ledger users
• #472 feat(swap): sandwich-MEV hint on mainnet swaps + slippage × notional threshold
• #473 fix(btc): RBF bump + improved fee-priority defaults
• #477 feat: dry-run / unsigned-bytes mode for prepare_*
• #478 feat(nft): Solana NFT portfolio via Helius DAS
• #480 feat(skill-v8): pin bump + SET-LEVEL ENUMERATION + Inv #1.a allowlist mirror
• #484 docs: roadmap entry for Tier-2 bridge facet decoders
• #485 docs: full reflection of skill v0.6.0 + MCP companion in README + SECURITY
• #486 chore(release): bump to 0.12.0

Deliberately deferred

• Tier-2 bridge facet decoders (deBridge / DLN, Stargate composeMsg, Hop, Symbiosis) — Tier-1 (Wormhole / Mayan / NEAR Intents / Across V3) shipped under skill Inv #6b in v0.6.0. Tier-2 routes fall back to mandatory second-LLM (Inv #12.5) until shipped. Plan: claude-work/plan-bridge-facet-decoder-tier2.md, README roadmap entry in #484.
• EIP-7702 prepare_eip7702_authorization builder — skill v0.6.0 §16 refuses 7702 setCode unconditionally. Implementation paired with skill v9 allowlist tracked at #481.
• Per-EVM-chain contact tag — companion to skill Inv #2.5 chain-must-be-explicit. Current contacts schema is per-chain-family (btc | evm | solana | tron); per-EVM-chain extension tracked at #482. Skill-side rule remains the load-bearing defense.
• Per-handler wiring of assertCanonicalDispatchTarget — helper module shipped in this release (src/security/canonical-dispatch.ts) with regression tests, but not yet called from individual prepare_* flows (different tx-chain shapes need per-flow review). Tracked at #483. Skill-side Inv #1.a remains the load-bearing defense.
• Aptos / Sui chain support — large surface (Move VM, separate signing primitives). Roadmap entry added in #470.
• Auto-triage agent for issues — experimented in #459, reverted in #464 to preserve manual triage.
• Sandwich-MEV hint on L2s — mainnet ships in #472; per-chain L2 thresholds + ordering-model wording deferred (claude-work/plan-mev-hint-l2-expansion.md).

Companion releases

• vaultpilot-security-skill v0.5.0 — Inv #13 multi-step BTC flows
• vaultpilot-security-skill v0.5.1 — Inv #2 framing: corroborating, not load-bearing
• vaultpilot-security-skill v0.6.0 — adversarial-smoke-test invariant batch (paired with this release's #480)