feat: add --dry-run for tx/onchain/mapped writes

feat: add --dry-run for tx/onchain/mapped writes

Author: cinnabarhorse

CHANGELOG.md

@@ -1,5 +1,20 @@
 # Changelog
 
+## 0.2.1 - 2026-02-27
+
+### Added
+
+- `--dry-run` mode for write surfaces:
+  - `ag tx send --dry-run`
+  - `ag onchain send --dry-run`
+  - mapped writes (for example `ag token approve --dry-run`)
+- `scripts/smoke-write-dryrun.sh` and npm script `smoke:write-dryrun` for automated write-path smoke checks without broadcasting.
+
+### Changed
+
+- Dry-run execution now returns `status: "simulated"` with simulation details and skips journal mutation and transaction submission.
+- `--dry-run` is explicitly blocked with `--wait` / `--confirm`.
+
 ## 0.2.0 - 2026-02-27
 
 ### Added

README.md

@@ -55,6 +55,26 @@ Planned domain namespaces are stubbed for parity tracking:
 Many Base-era write flows are already executable as mapped aliases in those namespaces (internally routed through `onchain send`).
 Example: `ag lending create --abi-file ./abis/GotchiLendingFacet.json --address 0x... --args-json '[...]' --json`
 
+## Dry-run writes
+
+Use `--dry-run` on write commands to run full preflight without broadcasting:
+
+- runs simulation (`eth_call`)
+- runs gas + fee estimation
+- enforces policy checks
+- resolves nonce
+- returns `status: \"simulated\"` with simulation details
+
+Supported write surfaces:
+
+- `tx send --dry-run`
+- `onchain send --dry-run`
+- mapped write aliases (for example: `token approve --dry-run`)
+
+Safety rule:
+
+- `--dry-run` cannot be combined with `--wait` / `--confirm`
+
 ## Subgraph sources and endpoint policy
 
 Canonical source aliases:
@@ -186,5 +206,12 @@ npm run typecheck
 npm test
 npm run build
 npm run parity:check
+npm run smoke:write-dryrun
 npm run ag -- help
 ```
+
+Write dry-run smoke test notes:
+
+- `npm run smoke:write-dryrun` validates write paths without broadcasting any transaction.
+- To run against an installed binary instead of local source:
+  - `AG_BIN=/absolute/path/to/ag npm run smoke:write-dryrun`

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "aavegotchi-cli",
-  "version": "0.2.0",
+  "version": "0.2.1",
   "description": "Agent-first CLI for automating Aavegotchi app and onchain workflows",
   "license": "MIT",
   "repository": {
@@ -30,6 +30,7 @@
     "test": "vitest run",
     "test:watch": "vitest",
     "parity:check": "node scripts/check-parity.mjs",
+    "smoke:write-dryrun": "bash scripts/smoke-write-dryrun.sh",
     "ag": "tsx src/index.ts",
     "prepack": "npm run build",
     "bootstrap:smoke": "AGCLI_HOME=/tmp/agcli-smoke tsx src/index.ts bootstrap --mode agent --profile smoke --chain base --signer readonly --json"

package.json

@@ -0,0 +1,118 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+cd "$ROOT_DIR"
+
+AGCLI_HOME="${AGCLI_HOME:-/tmp/agcli-write-dryrun-smoke}"
+AG_BIN="${AG_BIN:-}"
+TMP_DIR="${AGCLI_SMOKE_TMP:-/tmp/agcli-write-dryrun-run}"
+PROFILE_NAME="${AGCLI_PROFILE:-smoke-write}"
+PRIVATE_KEY_ENV="${AGCLI_PRIVATE_KEY_ENV:-AGCLI_PRIVATE_KEY}"
+GHST_TOKEN="${AGCLI_GHST_TOKEN:-0xcd2f22236dd9dfe2356d7c543161d4d260fd9bcb}"
+
+rm -rf "$TMP_DIR"
+mkdir -p "$TMP_DIR"
+
+if [[ -n "$AG_BIN" ]]; then
+    AG_CMD=("$AG_BIN")
+else
+    AG_CMD=(npx tsx src/index.ts)
+fi
+
+if [[ -z "${!PRIVATE_KEY_ENV:-}" ]]; then
+    printf -v "$PRIVATE_KEY_ENV" "%s" "0x1111111111111111111111111111111111111111111111111111111111111111"
+    export "$PRIVATE_KEY_ENV"
+fi
+
+pass=0
+fail=0
+LAST_OUT="$TMP_DIR/last.json"
+LAST_ERR="$TMP_DIR/last.err"
+
+run_json() {
+    local name="$1"
+    shift
+
+    echo "--- $name"
+    if AGCLI_HOME="$AGCLI_HOME" "${AG_CMD[@]}" "$@" --json >"$LAST_OUT" 2>"$LAST_ERR"; then
+        if node -e 'const fs=require("fs");const p=process.argv[1];const d=JSON.parse(fs.readFileSync(p,"utf8"));if(d.status!=="ok"){process.exit(1)}' "$LAST_OUT"; then
+            echo "PASS"
+            pass=$((pass + 1))
+            return 0
+        fi
+    fi
+
+    echo "FAIL"
+    cat "$LAST_ERR" || true
+    cat "$LAST_OUT" || true
+    fail=$((fail + 1))
+    return 1
+}
+
+run_expect_error() {
+    local name="$1"
+    local expected_code="$2"
+    shift 2
+
+    echo "--- $name"
+    if AGCLI_HOME="$AGCLI_HOME" "${AG_CMD[@]}" "$@" --json >"$LAST_OUT" 2>"$LAST_ERR"; then
+        echo "FAIL (expected error $expected_code but command succeeded)"
+        cat "$LAST_OUT" || true
+        fail=$((fail + 1))
+        return 1
+    fi
+
+    if node -e 'const fs=require("fs");const p=process.argv[1];const expected=process.argv[2];const d=JSON.parse(fs.readFileSync(p,"utf8"));if(d.status!=="error"||d.error?.code!==expected){process.exit(1)}' "$LAST_ERR" "$expected_code"; then
+        echo "PASS"
+        pass=$((pass + 1))
+        return 0
+    fi
+
+    echo "FAIL (unexpected error payload)"
+    cat "$LAST_ERR" || true
+    fail=$((fail + 1))
+    return 1
+}
+
+extract_json() {
+    local path="$1"
+    local expr="$2"
+    node -e "const fs=require('fs'); const d=JSON.parse(fs.readFileSync(process.argv[1],'utf8')); const v=(${expr}); if(v===undefined||v===null){process.exit(1)} process.stdout.write(String(v));" "$path"
+}
+
+APPROVE_ABI="$TMP_DIR/approve.json"
+cat >"$APPROVE_ABI" <<'JSON'
+[
+  {
+    "type": "function",
+    "name": "approve",
+    "stateMutability": "nonpayable",
+    "inputs": [
+      { "name": "spender", "type": "address" },
+      { "name": "amount", "type": "uint256" }
+    ],
+    "outputs": [
+      { "name": "", "type": "bool" }
+    ]
+  }
+]
+JSON
+
+run_json "bootstrap env signer profile" bootstrap --mode agent --profile "$PROFILE_NAME" --chain base --signer "env:$PRIVATE_KEY_ENV"
+run_json "signer check" signer check --profile "$PROFILE_NAME"
+cp "$LAST_OUT" "$TMP_DIR/signer-check.json"
+SIGNER_ADDRESS="$(extract_json "$TMP_DIR/signer-check.json" 'd.data?.signer?.address')"
+
+run_json "tx send dry-run" tx send --profile "$PROFILE_NAME" --to "$SIGNER_ADDRESS" --value-wei 0 --dry-run
+run_expect_error "tx send dry-run + wait" "INVALID_ARGUMENT" tx send --profile "$PROFILE_NAME" --to "$SIGNER_ADDRESS" --value-wei 0 --dry-run --wait
+
+run_json "onchain send dry-run (approve)" onchain send --profile "$PROFILE_NAME" --abi-file "$APPROVE_ABI" --address "$GHST_TOKEN" --function approve --args-json "[\"$SIGNER_ADDRESS\",\"1\"]" --dry-run
+run_expect_error "onchain send dry-run + wait" "INVALID_ARGUMENT" onchain send --profile "$PROFILE_NAME" --abi-file "$APPROVE_ABI" --address "$GHST_TOKEN" --function approve --args-json "[\"$SIGNER_ADDRESS\",\"1\"]" --dry-run --wait
+
+run_json "mapped token approve dry-run" token approve --profile "$PROFILE_NAME" --abi-file "$APPROVE_ABI" --address "$GHST_TOKEN" --args-json "[\"$SIGNER_ADDRESS\",\"1\"]" --dry-run
+
+echo "RESULT pass=$pass fail=$fail"
+if [[ "$fail" -ne 0 ]]; then
+    exit 1
+fi

scripts/smoke-write-dryrun.sh

@@ -189,6 +189,11 @@ export async function runOnchainSendWithFunction(
     }
 
     const waitForReceipt = getFlagBoolean(ctx.args.flags, "wait");
+    const dryRun = getFlagBoolean(ctx.args.flags, "dry-run");
+
+    if (dryRun && waitForReceipt) {
+        throw new CliError("INVALID_ARGUMENT", "--dry-run cannot be combined with --wait.", 2);
+    }
 
     const intent: TxIntent = {
         idempotencyKey: getFlagString(ctx.args.flags, "idempotency-key"),
@@ -203,6 +208,7 @@ export async function runOnchainSendWithFunction(
         noncePolicy: noncePolicyRaw as TxIntent["noncePolicy"],
         nonce,
         waitForReceipt,
+        dryRun,
         timeoutMs: parseTimeoutMs(getFlagString(ctx.args.flags, "timeout-ms")),
         command: commandOverride || `onchain send ${functionName}`,
     };

src/commands/onchain.ts

@@ -93,12 +93,17 @@ export async function runTxSendCommand(ctx: CommandContext): Promise<JsonValue>
     const nonceValue = getFlagString(ctx.args.flags, "nonce");
     const nonce = nonceValue ? parseNumberFlag(nonceValue, "--nonce", 0) : undefined;
     const waitForReceipt = getFlagBoolean(ctx.args.flags, "wait") || getFlagBoolean(ctx.args.flags, "confirm");
+    const dryRun = getFlagBoolean(ctx.args.flags, "dry-run");
     const timeoutMs = parseNumberFlag(getFlagString(ctx.args.flags, "timeout-ms"), "--timeout-ms", 120000);
 
     if (noncePolicy === "manual" && nonce === undefined) {
         throw new CliError("MISSING_NONCE", "--nonce is required when --nonce-policy=manual.", 2);
     }
 
+    if (dryRun && waitForReceipt) {
+        throw new CliError("INVALID_ARGUMENT", "--dry-run cannot be combined with --wait/--confirm.", 2);
+    }
+
     const intent: TxIntent = {
         idempotencyKey,
         profileName: profile.name,
@@ -112,6 +117,7 @@ export async function runTxSendCommand(ctx: CommandContext): Promise<JsonValue>
         noncePolicy,
         nonce,
         waitForReceipt,
+        dryRun,
         timeoutMs,
         command: "tx send",
     };