Use r.Context() for DB query timeouts so client disconnects cancel in-flight block lookups instead of running against a detached background context.
Co-authored-by: Cursor <cursoragent@cursor.com>
Surfaces /ho-liquidity from the Operations dropdown, site footer, and institutional quick paths; use formatTimestamp on the HO liquidity page for consistent audit timestamps.
Co-authored-by: Cursor <cursoragent@cursor.com>
Add a three-line TokenLiquidityStack with Fineract audit freshness and a token-detail HoBackingSummaryCard fed by token-aggregation market-batch HO metrics.
Co-authored-by: Cursor <cursoragent@cursor.com>
Defer heavy getServerSideProps on home, operator, addresses, and wallet to cut TTFB; centralize locale-safe formatters with client-only relative times; add compact ops UX, bridge/operator relay pagination, and Playwright route/scroll smoke in deploy.
Co-authored-by: Cursor <cursoragent@cursor.com>
Add Chain 138 wallet network metadata and stats coin-price enrichment; sync frontend explorer SPA, command center, and address/token pages with backend config.
Co-authored-by: Cursor <cursoragent@cursor.com>
Probe LINK balances on CCIP bridge contracts, expose proof-transfer metadata on bridge status, and render funded/unfunded lane health on /bridge with extended smoke coverage.
Co-authored-by: Cursor <cursoragent@cursor.com>
Expose mission-control mode on home/bridge/analytics, quiet-chain freshness copy, and a canonical-first indexed token list with WETH9 metadata override and non-canonical warnings.
Co-authored-by: Cursor <cursoragent@cursor.com>
Align CCIP catalog UX with 11-lane config-ready routes, document the no-key public API decision, and enable browser WalletConnect pairing with backend session registration and deploy-time project ID wiring.
Co-authored-by: Cursor <cursoragent@cursor.com>
Close the 1024–1279px nav dead zone, align ops/footer labels, split homepage quick links, route successful wallet connect to /wallet with inline errors, add WETH to ops sub-nav, and demote legacy SPA with noindex plus banner.
Co-authored-by: Cursor <cursoragent@cursor.com>
Live API check confirms walletconnect config; dual-domain verifier now covers the deployed endpoint by default.
Co-authored-by: Cursor <cursoragent@cursor.com>
Align backend EIP-191 auth message with the DBIS Explorer text the frontend and legacy SPA already sign, instead of the stale SolaceScan string.
Co-authored-by: Cursor <cursoragent@cursor.com>
Publish walletconnect config endpoints, Track 3/4 notes on analytics/operator pages, legacy SPA at /legacy/index.html with root redirect, and a parity verifier for explorer.d-bis.org vs blockscout.defi-oracle.io.
Co-authored-by: Cursor <cursoragent@cursor.com>
Operations pages get collapsible surface navigation on small screens and a shared action-card accordion; the footer surfaces read-only JSON endpoints with e2e coverage.
Co-authored-by: Cursor <cursoragent@cursor.com>
Move extended token-list label to the operations intro, wait for network idle
before asserting, and clear conflicting NO_COLOR/FORCE_COLOR in Playwright config.
Co-authored-by: Cursor <cursoragent@cursor.com>
Unify wallet/catalog/extended token-list policy, add contract verification CTA,
trim the homepage dashboard with status strip and recent activity, and add Playwright smoke coverage.
Co-authored-by: Cursor <cursoragent@cursor.com>
The health check stopped after two non-empty lines and missed the data line that follows event: ping on mission-control streams.
Co-authored-by: Cursor <cursoragent@cursor.com>
Align wallet SSR with report token-list, dedupe featured v1 tokens, refresh home and wallet snapshots on a 60s cadence, and drive vanilla SPA chain add/watch from API metadata. Add shared pagination/tabs for address, token, and transaction pages, extend token aggregation helpers, and harden stats API with tests and health checks.
Co-authored-by: Cursor <cursoragent@cursor.com>
- Add TokenSigningSurfaceCard: ABI flags, eip712Domain eth_call decode, verification metadata
- Pass contract profile into GRU standards detection on token page
- Table layout=tabular for Top Holders column layout at all breakpoints
- Fallback provenance name/symbol; show signing card when token API empty
- eip712Domain.ts: decode ERC-5267 tuple return data
Co-authored-by: Cursor <cursoragent@cursor.com>
Corrections per 2026-04 institutional review:
- MLFO reclassified as Global Family Office (was incorrectly labeled central bank)
- BIS Innovation Hub reclassified as Standards Body (does not hold observer seat)
- Added missing entities: ICCC, SAID, PANDA, Order of Hospitallers (XOM)
- Added BRICS founding + expanded member central banks (10 entries)
New institutional tier taxonomy (7 tiers):
sovereign_central_bank, global_family_office, settlement_member,
infrastructure_operator, oversight_judicial, delegated_authority,
standards_body
Backend changes:
- New auth/membership.go: tier types, DefaultTrackForTier mapping,
MembershipStore with DB queries for member directory
- New migration 0017: institutional_members + institutional_member_wallets
tables with seed data for all corrected members
- Updated wallet_auth.go getUserTrack(): now resolves institutional
membership (via wallet junction table) before defaulting to Track 1
- WalletAuthResponse now includes institutional_tier and institution_name
- New REST endpoints: GET /api/v1/membership/{tiers,members,members/:slug}
- Added TrackLabel() helper in featureflags
Frontend changes:
- Added InstitutionalTier type and label map to access.ts
- WalletAccessSession extended with institutionalTier/institutionName
- Navbar getAccessTier() now displays institutional tier label when present
- Session summary shows institution name
Co-Authored-By: Nakamoto, S <defi@defi-oracle.io>
Two small follow-ups to the out-of-band git-history rewrite that
purged L@ker$2010 / L@kers2010 / L@ker\$2010 from every branch and
tag:
.gitleaks.toml:
- Regex was L@kers?\$?2010 which catches the expanded form but
NOT the shell-escaped form (L@ker\$2010) that slipped past PR #3
in scripts/setup-database.sh. PR #13 fixed the live leak but did
not tighten the detector. New regex L@kers?\\?\$?2010 catches
both forms so future pastes of either form fail CI.
- Description rewritten without the literal password (the previous
description was redacted by the history rewrite itself and read
'Legacy hardcoded ... (***REDACTED-LEGACY-PW*** / ***REDACTED-LEGACY-PW***)'
which was cryptic).
docs/SECURITY.md:
- New 'History-purge audit trail' section recording what was done,
how it was verified (0 literal password matches in any blob or
commit message; 0 legacy-password findings from a post-rewrite
gitleaks scan), and what operator cleanup is still required on
the Gitea host to drop the 13 refs/pull/*/head refs that still
pin the pre-rewrite commits (the update hook declined those refs
over HTTPS, so only an admin on the Gitea VM can purge them via
'git update-ref -d' + 'git gc --prune=now' in the bare repo).
- New 'Re-introduction guard' subsection pointing at the tightened
regex and commit 78e1ff5.
Verification:
gitleaks detect --no-git --source . --config .gitleaks.toml # 0 legacy hits
git log --all -p | grep -cE 'L@ker\$2010|L@kers2010' # 0