Add coin spend notifications by aqk · Pull Request #302 · Chia-Network/chia-gaming

aqk · 2026-02-24T14:16:16Z

No description provided.

Drop vestigial MAKE_MOVE tag in handler returns

…moved

to not false assert

…rking

… naming and debug output - Rewrite calpoker_factory to use the new game negotiation API (calpoker_make_proposal for initiator, calpoker_parser for responder) instead of the removed calpoker_template - Fix handler naming from rebase: driver_a -> handler_a in make_proposal and parser, driver_e -> handler_e with restored pre_state parameter - Fix calpoker_parser argument: (li (li bet_size)) -> bet_size - Truncate verbose debug output that was printing entire handler programs - Add structured factory/handler diagnostics with compact summaries Co-authored-by: Cursor <cursoragent@cursor.com>

…alpoker_factory Rust now calls calpoker_make_proposal and calpoker_parser directly instead of going through the calpoker_factory wrapper in Chialisp. GameFactory gains an optional parser_program field for the responder path. Also: cache yarn downloads in Docker builds, tighten verbose debug logging.

…r layer caching

Added guides for LLMs to understand the codebase

… README

…outs

… tests passing

…ave rewinding. Got all tests passing.

socket-security · 2026-02-24T14:17:07Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Package	Supply Chain Security	Quality
npm/@typescript-eslint/parser@8.56.1
npm/typescript-eslint@8.56.1
npm/@tailwindcss/cli@4.2.1
npm/@typescript-eslint/eslint-plugin@8.56.1
npm/tailwindcss@4.2.1
npm/tailwind-merge@3.4.1 ⏵ 3.5.0	⁺¹	⁺¹
npm/eslint@9.39.3
npm/css-loader@7.1.4
npm/@eslint/js@9.39.3
npm/framer-motion@12.34.0 ⏵ 12.34.3
pypi/chialisp@0.4.1

View full report

socket-security · 2026-02-24T14:17:09Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		License policy violation: npm `caniuse-lite` under CC-BY-4.0 License: CC-BY-4.0 - the applicable license policy does not allow this license (4) (npm metadata) License: CC-BY-4.0 - the applicable license policy does not allow this license (4) (package/LICENSE) License: CC-BY-4.0 - the applicable license policy does not allow this license (4) (package/package.json) From: `?` → `npm/css-minimizer-webpack-plugin@7.0.4` → `npm/autoprefixer@10.4.24` → `npm/@babel/preset-env@7.29.0` → `npm/@babel/core@7.29.0` → `npm/webpack@5.105.2` → `npm/caniuse-lite@1.0.30001774` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/caniuse-lite@1.0.30001774`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Native binaries present: pypi `chialisp` Location: Package overview From: python/uv.lock → `pypi/chialisp@0.4.1` ℹ Read more on: This package \| This alert \| Why is native code a concern? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Verify that the inclusion of native code is expected and necessary for this package's functionality. If it is unnecessary or unexpected, consider using alternative packages without native code to mitigate potential risks. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore pypi/chialisp@0.4.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Potential code anomaly (AI signal): npm `ajv` is 100.0% likely to have a medium risk anomaly Notes: The code augments a meta-schema to permit remote dereferencing of keyword schemas via a hardcoded data.json resource. This introduces network dependency and potential changes to validation semantics at runtime. While not inherently malicious, the remote reference constitutes a notable security and reliability risk that should be mitigated with local fallbacks, input validation, and explicit remote-resource governance. Confidence: 1.00 Severity: 0.60 From: `?` → `npm/eslint@9.39.3` → `npm/file-loader@6.2.0` → `npm/url-loader@4.1.1` → `npm/ajv@6.14.0` ℹ Read more on: This package \| This alert \| What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/ajv@6.14.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Potential code anomaly (AI signal): npm `ajv` is 100.0% likely to have a medium risk anomaly Notes: The code is a straightforward build script to bundle and minify a specified package using Browserify and UglifyJS. The primary security concern is potential path manipulation: json.main is used to form a require path without validating that it stays within the target package directory. If a malicious or misconfigured package.json includes an absolute path or traversal outside the package, the script could bundle unintended files. Otherwise, the script does not perform network access, data exfiltration, or backdoor actions, and there is no hard-coded secrets or dynamic code execution beyond standard bundling/minification. Confidence: 1.00 Severity: 0.60 From: `?` → `npm/eslint@9.39.3` → `npm/file-loader@6.2.0` → `npm/url-loader@4.1.1` → `npm/ajv@6.14.0` ℹ Read more on: This package \| This alert \| What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/ajv@6.14.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Ignoring alerts on:

cargo/target-lexicon@0.12.16

View full report

aqk · 2026-02-24T17:06:35Z

@SocketSecurity ignore cargo/target-lexicon@0.12.16

bramcohen and others added 30 commits February 4, 2026 15:35

Rename driver terminology to handler

5e7233c

Drop vestigial MAKE_MOVE tag in handler returns

California Poker cleanups

414271e

Moved off-chain assertion to more intuitive place

68a33c7

removed diagnostics from c

bd8b044

including handler cleanups missed in prior commits

6a8c3f0

Merge remote-tracking branch 'origin/main' into calpoker_cleanups_3

da86eed

rustfmt

f1b9142

removed diagnostic prints

1fd71a4

Added state parameter passed in to my turn handlers

810405f

Added prestate parameter passed in to their turn handlers

7c34728

Revert v0 hex files

d4863a6

revert changes in v0 handlers

e7244a5

Undo more A.I. assisted changes.

e28139c

Merge branch 'calpoker_cleanups_3' into calpoker_cleanups_4

9377f6d

fixed debug game

0e8fa7a

enable backtrace in rust test failures

cdd08e9

enable backtrace

659b1c7

Minor cleanups, documentation improved, todos added, and hex files re…

67fd872

…moved

display moves for test_play_calpoker_happy_path

63edb62

commit hex files

a342a19

minor cleanups

9ee2c3b

Made UX take mod 52 format cards

cea2132

Made handler use mod 52 card representation internally

6ad8236

Changed all communications between handler and UX to use cards

6239549

Made UX do everything internally with cards instead of indices

4586966

cleaned up todo items

b8707ec

Merge branch 'run-all-tests' into calpoker_cleanups_3

7d6d663

simplification

9fa0bc1

push a guess

4f56103

Adding file missed before

7d17253

aqk and others added 27 commits February 13, 2026 10:54

Merge branch 'calpoker_cleanups_3' into calpoker_cleanups_4

51129e3

Merge branch 'calpoker_cleanups_4' into calpoker_cleanups_5

b0f1a81

Merge branch 'calpoker_cleanups_5' into calpoker_cleanups_6

02ef1c6

Bug fixes and test enhancements. Now passing happy path tests

ada135e

Bug fixes and test harness improvements. Got everything merged.

0060e1e

Tightened up going on chain behavior during tests and fixed tests

7980777

to not false assert

Made tests more strict, still passing

401ba0e

Made tests stricter

0cfa7eb

Changing API for making new games in service of game negotiation rewo…

2b283e9

…rking

Simplify v1 card type to mod-52, add endgame data test, improve Docke…

04bb0b7

…r layer caching

Remove v0 entirely, promote v1 to be the sole unversioned implementation

18473c9

Added guides for LLMs to understand the codebase

Update remaining test/frontend code for unified calpoker API, rewrite…

130cf90

… README

Reenabled slashing test and got it passing

f96953b

Refactored Rust code to use return values for effects instead of call…

bcb0724

…outs

Improved teardown logic

a8a98da

Ported tests from Python to Rust. Added notifications to UX. Got some…

a4b7e1d

… tests passing

Added tests and tightened them. Rewrote unroll handling code to not h…

346b89a

…ave rewinding. Got all tests passing.

Got all tests passing

59c3dbf

Merge branch 'main' into refactor-borrows

d8a15a3

Improved tests and got passing

18376d1

Added missing files and culled diagnostics

4019d1b

update clvmr

5f3eebc

Merge branch 'refactor-borrows' into add-coin-spend-notifications

aad8168

fix some call-sites

1e0afa9

Tidy the hex files

31f9ef6

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add coin spend notifications#302

Add coin spend notifications#302
aqk wants to merge 59 commits intomainfrom
add-coin-spend-notifications

aqk commented Feb 24, 2026

socket-security bot commented Feb 24, 2026 •

edited

Loading

socket-security bot commented Feb 24, 2026 •

edited

Loading

aqk commented Feb 24, 2026

Labels

2 participants

Conversation

aqk commented Feb 24, 2026

socket-security bot commented Feb 24, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

socket-security bot commented Feb 24, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

aqk commented Feb 24, 2026

Labels

2 participants

socket-security bot commented Feb 24, 2026 •

edited

Loading

socket-security bot commented Feb 24, 2026 •

edited

Loading