1. Add LM_ADDRESS and POOL_ADDRESS to ponder .env.local (bootstrap.sh)
2. Discover pool address from Uniswap factory during bootstrap (bootstrap-common.sh)
3. Make ring buffer block threshold configurable via MINIMUM_BLOCKS_FOR_RINGBUFFER env var,
set to 0 for local dev so early events populate the ring buffer
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
AGENTS.md watermarks refreshed to HEAD (79a93d4).
Grooming: closed 2 prediction/actioned issues.
- #1179: /stakestake fix verified working in post-fix user-test (2026-03-27)
- #1177: fresh red-team session 2026-03-27 with 7 real attacks (floor_held)
Remaining open: #1166, #1141 (prediction/backlog, planner watching),
#857, #856, #383 (vision).
No blocked issues, no open PRs, no stale PRs.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
AGENTS.md watermarks refreshed to HEAD (7d72f40).
landing/AGENTS.md: document new pitch-deck.html (influencer outreach).
Grooming: CLEAN — 5 open issues (2 prediction/backlog, 3 vision), no
backlog issues, no blocked issues, no open PRs.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
AGENTS.md watermarks refreshed to HEAD (4dedc72). Watermark bump only —
no code changes since last gardener run.
Pending actions (3): re-queue promotion of #1155 pitch-deck to backlog
(pending actions from PR #1162 were not executed by orchestrator).
Escalate: #1158 (Phase 1 completion accuracy) — still needs planner/human decision.
Root cause: the test wallet provider's eth_accounts and getProviderState
always returned the account address regardless of connection state. This
caused wagmi to auto-connect via EIP-6963 provider discovery, skipping
the 'disconnected' status entirely. As a result, .connect-button--disconnected
never rendered and .connectors-element was never shown.
Changes:
- wallet-provider: eth_accounts returns [] when not connected (EIP-1193 compliant)
- wallet-provider: getProviderState returns empty accounts when not connected
- All wallet connection helpers: handle auto-reconnect case, increase timeout
for wagmi to settle into disconnected state (5s → 10s)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Update all AGENTS.md watermarks to HEAD (b276392)
- Clean up dust.jsonl: remove already-bundled items (601,627,739,741)
- Pending actions: promote #1099/#1100/#1101 to backlog, close stale
prediction issues #1020/#1103/#1107, comment on partial resolution
of #1022 (holdout resolved, user-test still empty)
Add formulas/AGENTS.md documenting sense vs act type distinction,
cron conventions, step ID naming rules, TOML structure skeleton,
and a how-to-add-a-new-formula walkthrough.
Add scripts/harb-evaluator/AGENTS.md covering the evaluator runtime:
directory layout, exit code convention, stack lifecycle, evidence
output, and how to add a new evaluator script.
Update root AGENTS.md directory map to link both new files.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- #864: Add comment documenting that MEMORY_FILE and REPORT_DIR both
resolve to $REPO_ROOT/tmp (intentional coupling, previously undocumented)
- #579: POOL die guard already present (added in a2f8996, issue #854)
- #775: feeDest address already corrected (fixed in 0e33d6c, issue #760)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Implement the attack catalogue loop (step 5a) in red-team.sh that was
previously a forward spec in the formula. The loop replays every *.jsonl
attack file through AttackRunner.s.sol with snapshot revert between files,
records LM total ETH before/after each attack, and injects results into
the adversarial agent prompt so it knows which strategies are already
catalogued.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add CANDIDATE env var support to bootstrap-light.sh. When set to a
.push3 file path, the script:
1. Invokes push3-transpiler to regenerate OptimizerV3Push3.sol
2. Extracts the function body into OptimizerV3Push3Lib.sol
3. Deploys contracts normally via DeployLocal.sol
4. Deploys OptimizerV3 and upgrades the UUPS proxy via upgradeTo()
Also updates formulas/run-red-team.toml to reflect the implementation.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add infrastructure.weth to deployments-local.json output in both
bootstrap-common.sh (write_deployments_json) and bootstrap-light.sh,
so non-Base local forks get the correct WETH address from the
deployment file instead of silently falling back to the Base hardcode.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add scripts/harb-evaluator/run-resources.sh: collects disk, RAM,
Anthropic API usage, and Woodpecker CI queue metrics
- Add scripts/harb-evaluator/run-protocol.sh: collects TVL, fees,
position data, and rebalance events from LiquidityManager
- Fix run-protocol.toml: positions accessed via positions(uint8) not
named getters (floorPosition/anchorPosition/discoveryPosition)
- Fix event signature: Recentered(int24,bool) not Recenter(int24,int24,int24)
Addresses review findings: missing implementation files and contract
interface mismatch.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Fixes#1066
## Changes
Done. Here's what was changed:
**`evidence/README.md`**
- Added `"candidate_commit": "abc1234"` to the red-team schema JSON example
- Added `candidate_commit | string | Git commit SHA of the optimizer under test` row to the field table
**`scripts/harb-evaluator/red-team.sh`**
- Captures `CANDIDATE_COMMIT` from `git rev-parse HEAD` at startup (alongside existing `CANDIDATE_NAME`/`OPTIMIZER_PROFILE`)
- Added a new step (9a-pre) that writes `evidence/red-team/YYYY-MM-DD.json` at the end of each run, including `candidate_commit` plus all other schema fields (`candidate`, `optimizer_profile`, `lm_eth_before`, `lm_eth_after`, `eth_extracted`, `floor_held`, `verdict`, `attacks`)
Co-authored-by: openhands <openhands@all-hands.dev>
Reviewed-on: https://codeberg.org/johba/harb/pulls/1075
Reviewed-by: Disinto_bot <disinto_bot@noreply.codeberg.org>
- Add max-iterations guard (60 polls × 5s = 5 min) to both cooldown
polling loops with explicit error on timeout
- Use LAST_RECENTER (already validated) as fallback instead of "0" for
post-seed-buy lastRecenterTime read, preventing silent cooldown skip
on transient RPC failure
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Fix positions() ABI selector: uint256 -> uint8 (Stage enum)
- Replace fixed sleeps with polling loops checking on-chain timestamps
- Add trailing period to 'amplitude not reached.' error hint
- Remove 'was never set' feeDestination scenario (always set by deploy)
- Clarify warning comment scope in bootstrap-common.sh
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add recovery procedure documentation and automated recovery script for
when the VWAP bootstrap fails partway through (e.g. second recenter
reverts due to insufficient price movement).
- Add "Recovery from failed mid-sequence bootstrap" section to
docs/mainnet-bootstrap.md with diagnosis steps and manual recovery
- Create scripts/recover-bootstrap.sh to automate diagnosis and retry
- Add warning comments in BootstrapVWAPPhase2.s.sol, DeployBase.sol,
and bootstrap-common.sh referencing the recovery procedure
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- cleanup_worktree: add `git branch -D $BRANCH` to prevent stale local
branch refs accumulating on push failure (bug fix)
- .netrc parser: replace fragile line-count awk with field-iteration
approach that handles both multi-line and single-line .netrc formats
- ETH formatting: pass values as argv to python3 instead of interpolating
into the code string, removing the injection surface
- mktemp -u: generate path without pre-creating directory; git worktree
add creates it, avoiding the "already exists" error on some git versions
- mkdir -p guard before cp to attacks destination directory
- sed portability: `s/-\+/-/g` → `s/--*/-/g` (POSIX-compliant)
- red-team.sh: capture PIPESTATUS[0] from promote-attacks pipe and emit
a distinct warning log line when promotion fails
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add scripts/harb-evaluator/promote-attacks.sh which:
- Reads tmp/red-team-attacks.jsonl after a successful red-team run
- Deduplicates by op-type fingerprint against all existing attack files
- Classifies attack type (staking, il-crystallization, fee-drain-oscillation,
floor-ratchet, lp-manipulation, floor-attack) from the op sequence
- Creates an isolated git worktree branch from origin/master
- Commits the attack file to onchain/script/backtesting/attacks/<type>-<candidate>.jsonl
- Opens a Codeberg PR with attack type, ETH extracted, and optimizer profile
Integrate into red-team.sh: when the floor breaks (ETH extracted) and an
attack export exists, promote-attacks.sh is called automatically (non-fatal).
Gracefully no-ops when CODEBERG_TOKEN / ~/.netrc are absent.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add detect_swap_router() that queries chain ID from $ANVIL_RPC and selects
the Base mainnet SwapRouter (0x2626...e481) for chain ID 8453, falling back
to Base Sepolia (0x94cC...2bc4) for all other networks. Called lazily with
idempotency from bootstrap_vwap() and seed_application_state().
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
red-team.sh produces the stream JSONL that export-attacks.py parses, so
they must agree on addresses. Update SWAP_ROUTER and NPM in red-team.sh
to Base Sepolia and fix the invariant comment in export-attacks.py.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Update SWAP_ROUTER_ADDR and NPM_ADDR in export-attacks.py from Base
mainnet addresses to the correct Base Sepolia addresses, matching
helpers/market.ts and helpers/swap.ts.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Address AI reviewer feedback on d1f75a7:
- Wrap cross_file append in try/except so a write failure never prevents
the memory trim-write from running (bug fix)
- Stamp sweep_id on pre-trim exported entries using the SWEEP_ID env var;
pass SWEEP_ID from red-team-sweep.sh so entries are attributable to a
sweep run (data-consistency fix)
- Add inline comment explaining the 3-tuple dedup key (run, ts, strategy)
and its relationship to step-4c's identity check (clarity nit)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Before trimming MEMORY_FILE to 50 entries, export any entries that would
be dropped (non-DECREASED entries outside the last 10) directly to
CROSS_PATTERNS_FILE. This ensures no entries are permanently lost before
red-team-sweep.sh step 4c reads the memory file.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace fixed \`sleep 1\` in the container teardown poll loop with exponential
backoff (100ms → 200ms → … → 2000ms cap). The 30s hard timeout is preserved.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The extract_memory regex previously matched any "lm.?eth" mention,
including mid-execution "Total LM ETH: X wei" output lines produced by
the agent's cast check commands. During a staking step these lines
reflect an intermediate chain state (ETH temporarily locked/moved)
rather than the final reverted state, causing strategies to be recorded
as DECREASED even when the runner confirmed ETH_SAFE.
Fix: narrow the capture to the structured `lm_eth_after: <value>`
label that the agent writes in its final RED-TEAM REPORT block.
Mid-execution total-ETH lines no longer match and cannot corrupt the
per-strategy result in memory or the cross-patterns file.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Move CROSS_PATTERNS_FILE from /tmp/red-team-cross-patterns.jsonl to
tools/red-team/cross-patterns.jsonl (repo-tracked path)
- Remove the reset (> file) at sweep start so patterns accumulate across runs
- Generate a SWEEP_ID (sweep-YYYYMMDD-HHMMSS) at sweep start and stamp
each new entry with sweep_id for traceability
- Deduplicate on (pattern, candidate, result): entries already present in
the file are skipped; intra-batch duplicates are also suppressed
- Create tools/red-team/ directory with .gitkeep
- Add mkdir -p guards in both scripts so the directory is created on first run
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
bootstrap-light.sh now extracts the Uniswap V3 pool address from
DeployLocal.sol deploy output and writes both Pool and V3Factory
(Base Sepolia: 0x4752ba5DBc23f44D87826276BF6Fd6b1C372aD24) into
deployments-local.json alongside the existing contract addresses.
red-team.sh now reads V3_FACTORY and POOL from deployments-local.json
instead of hardcoding the Base mainnet factory address
(0x33128a8fC17869897dcE68Ed026d694621f6FDfD), and removes the getPool()
RPC call that always failed with "contract does not have any code" on
the Sepolia fork.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
