proxmox/scripts/verify/build-engine-x-audit-manifest.sh

#!/usr/bin/env bash
set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "${SCRIPT_DIR}/../.." && pwd)"

# shellcheck source=/home/intlc/projects/proxmox/scripts/lib/load-project-env.sh
source "${PROJECT_ROOT}/scripts/lib/load-project-env.sh"

OUT_DIR="${OUT_DIR:-reports/status}"
MANIFEST_JSON="${MANIFEST_JSON:-${OUT_DIR}/engine-x-audit-manifest-latest.json}"
MANIFEST_MD="${MANIFEST_MD:-${OUT_DIR}/engine-x-audit-manifest-latest.md}"
mkdir -p "${PROJECT_ROOT}/${OUT_DIR}"

V2_ABI="${OUT_DIR}/engine-x-v2-vault-abi-latest.json"
INDEXED_ABI="${OUT_DIR}/engine-x-indexed-liquidity-vault-abi-latest.json"
BORROWER_ABI="${OUT_DIR}/engine-x-flash-proof-borrower-abi-latest.json"

pushd "${PROJECT_ROOT}/smom-dbis-138" >/dev/null
forge inspect contracts/flash/DBISEngineXVirtualBatchVault.sol:DBISEngineXVirtualBatchVault abi >"${PROJECT_ROOT}/${V2_ABI}"
forge inspect contracts/flash/DBISEngineXIndexedLiquidityVault.sol:DBISEngineXIndexedLiquidityVault abi >"${PROJECT_ROOT}/${INDEXED_ABI}"
forge inspect contracts/flash/DBISEngineXFlashProofBorrower.sol:DBISEngineXFlashProofBorrower abi >"${PROJECT_ROOT}/${BORROWER_ABI}"
popd >/dev/null

python3 - "${PROJECT_ROOT}" "${MANIFEST_JSON}" "${MANIFEST_MD}" "${V2_ABI}" "${INDEXED_ABI}" "${BORROWER_ABI}" <<'PY'
import hashlib
import json
from pathlib import Path
import sys
from datetime import datetime, timezone

root = Path(sys.argv[1])
manifest_json = root / sys.argv[2]
manifest_md = root / sys.argv[3]
abi_paths = [Path(p) for p in sys.argv[4:]]

def sha256(path: Path) -> str:
    return "0x" + hashlib.sha256((root / path).read_bytes()).hexdigest()

contracts = [
    {
        "name": "DBISEngineXVirtualBatchVault",
        "source": "smom-dbis-138/contracts/flash/DBISEngineXVirtualBatchVault.sol",
        "abi": str(abi_paths[0]),
        "abiSha256": sha256(abi_paths[0]),
        "constructorArgs": [
            "cWUSDC",
            "USDC",
            "XAUt",
            "owner",
            "surplusReceiver",
            "xautUsdPrice6",
            "ltvBps",
            "maxRoundTripLossBps",
        ],
    },
    {
        "name": "DBISEngineXIndexedLiquidityVault",
        "source": "smom-dbis-138/contracts/flash/DBISEngineXIndexedLiquidityVault.sol",
        "abi": str(abi_paths[1]),
        "abiSha256": sha256(abi_paths[1]),
        "constructorArgs": [
            "cWUSDC",
            "USDC",
            "uniV3Pool",
            "owner",
            "maxAbsTick",
            "minLiquidity",
            "maxProofSwapAmount",
        ],
    },
    {
        "name": "DBISEngineXFlashProofBorrower",
        "source": "smom-dbis-138/contracts/flash/DBISEngineXFlashProofBorrower.sol",
        "abi": str(abi_paths[2]),
        "abiSha256": sha256(abi_paths[2]),
        "constructorArgs": ["lender", "USDC", "owner"],
    },
]

payload = {
    "schema": "engine-x-audit-manifest/v1",
    "generatedAt": datetime.now(timezone.utc).isoformat(),
    "contracts": contracts,
    "operatorScripts": [
        "scripts/deployment/deploy-engine-x-v2-mainnet.sh",
        "scripts/deployment/migrate-engine-x-vault-to-mainnet-cwusdc-usdc-univ3.sh",
        "scripts/deployment/deploy-engine-x-indexed-liquidity-vault-mainnet.sh",
        "scripts/deployment/run-engine-x-univ3-public-swap-proof.sh",
        "scripts/deployment/record-engine-x-indexed-liquidity-proof.sh",
        "scripts/deployment/retire-engine-x-legacy-vault.sh",
        "scripts/verify/check-engine-x-public-indexed-readiness.sh",
    ],
    "reports": [
        "reports/status/mainnet-engine-x-indexed-liquidity-upgrade-plan-20260507.md",
        "reports/status/mainnet-cwusdc-cross-protocol-public-lp-proof-plan-20260507.md",
        "reports/status/engine-x-public-indexed-readiness-latest.json",
    ],
    "proofRequirements": [
        "verified deployed source",
        "constructor args",
        "public UniV3 liquidity tx hash",
        "actual public cWUSDC/USDC swap tx hash",
        "pre/post pool slot0 and liquidity",
        "ISO 20022-style hash",
        "audit envelope hash",
        "peg proof hash",
    ],
}

manifest_json.write_text(json.dumps(payload, indent=2) + "\n")
lines = [
    "# Engine X Audit Manifest",
    "",
    f"- Generated: `{payload['generatedAt']}`",
    "",
    "## Contracts",
]
for c in contracts:
    lines.append(f"- `{c['name']}`: `{c['source']}` ABI `{c['abi']}` hash `{c['abiSha256']}`")
lines.extend(["", "## Operator Scripts"])
lines.extend(f"- `{s}`" for s in payload["operatorScripts"])
lines.extend(["", "## Proof Requirements"])
lines.extend(f"- {r}" for r in payload["proofRequirements"])
manifest_md.write_text("\n".join(lines) + "\n")
print(manifest_json)
print(manifest_md)
PY