Changelog

Internal Document

This page records significant changes to the dappTerminal architecture, security posture, and plugin system. It is intended for maintainers, not end users.

2026-03-05 — v0.2.5 CLI Output Animation

Source: commit 2de4501

Bumped project version to 0.2.5.
Added ASCII/typewriter-style animation for CLI output rendering.

2026-03-05 — Sequential Pipeline Plan Added

Source: sequential-command-implementation-plan.md

Added v1 implementation plan for sequential command execution (&&, => $name, $name.field, $_).
Defined pipeline execution constraints: abort-on-failure semantics, fiber isolation, post-transaction step gating.
Added rollout milestones and feature-flag strategy (sequentialPipelines).
Positioned EIP-7702 integration as Phase 2 on top of the same executor.

2026-03-04 — Parser/Validation Hardening Finalized

Source: CLI-PARSER-PLAN.md

Parser diagnostics standardized as warnings and prepended to output.
Removed dead parser exception path (ParserError) in favor of non-throwing diagnostics.
Added shared contract mapping helpers and removed unused strict-mode contract flag.
Corrected schema map heuristic to use positional arity (parsed.positionals.length === 0) instead of fragile flag checks.

2026-03-03 — CLI Parser + Validation Architecture Landed

Source: CLI-PARSER-PLAN.md

Landed parser module + contract validation module with dispatch boundary: raw input -> parse -> rho resolve -> applyContract -> run.
Validation now runs before execution try-block, clearly separating parsing/validation/execution failures.
Added parser + schema test coverage (56 tests documented in implementation notes).
Expanded schema coverage across core and protocol commands (swap, bridge, faucet, 1inch, stargate, wormhole, uniswap-v4, aave-v3 borrow/repay).

2026-02-26 — Intent Handler Contract Introduced

Source: intent-system.md

Updated handler contract to CommandHandler<T> -> Promise<Intent | void>.
Added IntentHandler<T> subtype for on-chain commands returning confirm-before-execute plans.
Formalized pendingIntent lifecycle in CLI (confirm / cancel / step status updates).

2026-02-14 — CLI Hardening Audit

Source: notes_feb14.md

Identified 5 blockers preventing safe pipeline DSL rollout.
Established Phase 0 hardening plan: HandlerResult, unified context update, per-tab FIFO queue, ExecutionEngine extraction, typed event model.
Defined target architecture: headless execution kernel + CLI/GUI adapters.
Pipeline DSL rollout deferred until Phase 0 complete.

2026-02-13 — Core Plugin Integration Audit

Source: CORE_PLUGIN_INTEGRATION_AUDIT.md, review_overview_feb13.md

Identified 10 tracked issues across critical/high/medium/low risk tiers.
Critical findings: alias resolution mismatch, missing LiFi execute handler.
High findings: plugin lifecycle vs. per-tab context boundary, handler path history bypass.
Medium findings: unload does not deregister, hybrid core/plugin model, broken typecheck pipeline.
See Known Issues for full tracking.

2026-02-01 — Plugin System Audit

Source: PLUGIN_SYSTEM_AUDIT.md

First structured audit of the plugin system's fiber isolation model.
Confirmed addCommandToFiber scope validation is present but incomplete.
Noted repeated loadPlugin() calls across tab creation.
Identified hybrid core/plugin boundary issue with CoinPaprika and Faucet.

2025-10-24 — Production Security Audit — Implementation

Source: AUDIT_IMPLEMENTATION_SUMMARY.md, SECURITY_FIXES.md

Added src/lib/auth.ts — authenticateRequest utility with x-api-key validation.
Added src/lib/rate-limit.ts — in-memory per-IP rate limiter.
Added src/lib/chains.ts — centralized chain config with 7 chains and protocol mappings.
Secured /api/1inch/eth_rpc, /api/lifi/routes, /api/1inch/gas with auth + rate limiting.
Added 14-method RPC allowlist to /api/1inch/eth_rpc; write methods return 403.
Fixed stale closure state management in cli.tsx (4+ setTabs calls).
Added plugin loading state and command queue to prevent silent failures on startup.
Gated production logging to NODE_ENV === 'development' in 4 API routes.
Added .env.example and deployment checklist.

Open items from this audit: Analytics endpoints, 1inch proxy routes, faucet IP spoofing, in-memory rate limiter — see Security Findings.

2025-09-XX — Fibered Monoid Spec Formalized

Source: FIBERED-MONOID-SPEC.md

Formal specification of the fibered monoid algebraic model.
Defined: command monoid (M, ∘, e), protocol submonoids M_P, command scopes (G_core, G_alias, G_p).
Specified: resolution operators π, σ, ρ, ρ_f with typed contracts.
Defined: fiber isolation invariant, partition invariant, associativity laws.
Added: proof sketches for monoid laws, implementation compliance tables.

2025-09-XX — Initial Architecture

Source: ARCHITECTURE.md

Established 4-layer architecture: core monoid / plugin system / Next.js API layer / React frontend.
Initial protocol integrations: 1inch DEX aggregator, LiFi bridge, Wormhole bridge, Stargate bridge.
Client-side signing model via wagmi; API routes handle secrets server-side.
CoinPaprika as the default fallback price provider (56K+ coins).
Faucet system with Prisma-backed rate limiting and server-side signing.

2026-03-05 — v0.2.5 CLI Output Animation​

2026-03-05 — Sequential Pipeline Plan Added​

2026-03-04 — Parser/Validation Hardening Finalized​

2026-03-03 — CLI Parser + Validation Architecture Landed​

2026-02-26 — Intent Handler Contract Introduced​

2026-02-14 — CLI Hardening Audit​

2026-02-13 — Core Plugin Integration Audit​

2026-02-01 — Plugin System Audit​

2025-10-24 — Production Security Audit — Implementation​

2025-09-XX — Fibered Monoid Spec Formalized​

2025-09-XX — Initial Architecture​