Skip to content

Add solana-token-extensions: tested Token-2022 skill + mint inspector (CLI/MCP)#28

Open
Andy00L wants to merge 22 commits into
solanabr:mainfrom
Andy00L:add-solana-token-extensions
Open

Add solana-token-extensions: tested Token-2022 skill + mint inspector (CLI/MCP)#28
Andy00L wants to merge 22 commits into
solanabr:mainfrom
Andy00L:add-solana-token-extensions

Conversation

@Andy00L

@Andy00L Andy00L commented Jun 21, 2026

Copy link
Copy Markdown

Closes #12.

A tested Token-2022 (Token Extensions) skill, wired as a submodule under .claude/skills/ext/solana-token-extensions with one routing line in the hub. It is the deeper, tested companion to token-2022.md (kept as the quick reference) and delegates core program work to ext/solana-dev.

What it does. Makes an agent fluent across the full Token-2022 surface (choosing and combining extensions, mints, transfer hooks, migration, wallet/DEX/CEX integration, hook security) and ships a read-only mint inspector as a CLI and five MCP tools: inspect_mint, inspect_many, check_extension_compatibility, scaffold_mint, generate_hook_transfer.

What sets it apart.

  • Second-hop hook analysis: when a transfer hook is active, it follows the pointer to the hook program and flags whether the bytecode is immutable or upgradeable, naming the upgrade authority. An upgradeable hook can be swapped for a sell-blocker after an audit; no other entry surfaces it (run live, it flags BNDRG's WNS hook as upgradeable).
  • Conditional-severity risk engine: a fund-loss extension scores high only while its authority is live (the live-versus-renounced model Jupiter and Neodyme use), with a value-aware fee model (a near-100% fee is a honeypot even when the rate is locked) and a renounce-to-remediate projection.
  • Complete decode: names every extension code 0 to 28, including ones the @solana/spl-token enum omits (PYUSD's confidential transfer fee, code 16); confidential-transfer status current to 2026-06-04 (re-enabled on mainnet).

Quality. 129 offline, deterministic checks, reproducible with no validator: a native Rust transfer hook (cargo build-sbf, 22 tests), a LiteSVM multi-extension mint (7 tests plus an end-to-end hook scenario), and the inspector (99 tests, including a 21-case scored eval over 11 real mainnet mints). Errors as values, no type suppression; THREAT_MODEL.md maps each adversarial test to the threat it closes. Read-only by design, and it scores capability, not intent (a regulated issuer like PYUSD reads CRITICAL too).

Changes in this PR: .gitmodules (add the submodule) and one routing line in .claude/skills/SKILL.md.

Verify:

git submodule update --init .claude/skills/ext/solana-token-extensions
cd .claude/skills/ext/solana-token-extensions/examples && make verify   # 129/129

Repo: https://github.com/Andy00L/solana-token-extensions-skill (MIT).

@vercel

vercel Bot commented Jun 21, 2026

Copy link
Copy Markdown

@Andy00L is attempting to deploy a commit to the STBR TRUE Team on Vercel.

A member of the Team first needs to authorize it.

Andy00L added 18 commits June 24, 2026 02:29
Confidential transfers re-enabled (2026-06-04), value-aware fee engine, scaffold_mint (4th MCP tool), threat model, CI live smoke + e2e; make verify 102 checks.
Confidential re-enabled (2026-06-04), value-aware fees, scaffold_mint, hook codegen, threat model, CI live smoke + e2e; 110 checks.
Fifth MCP tool generate_hook_transfer; batched inspect_many; 111 checks.
…t-framed README, second-hop demo, scope limits)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[feat] Add full Token Extension skill suite skill

1 participant