release: 1.9.7

Author: iJaack

README.md

@@ -5,13 +5,13 @@ Avalanche-first agent wallet and execution SDK for AI agents, with multi-EVM sup
 <!-- GENERATED:release-summary:start -->
 ## Current Release
 
-- Latest release: [v1.9.2](docs/releases/RELEASE_NOTES_1.9.2.md)
-- Published package: `evalanche@1.9.2`
+- Latest release: [v1.9.7](docs/releases/RELEASE_NOTES_1.9.7.md)
+- Published package: `evalanche@1.9.7`
 - Current package surface:
-  - Added macOS Keychain fallback for agent credentials, so Mony and other local agents can resolve the `EvaWallet` / `EvaMain` sovereign wallet after OpenClaw secrets and env vars and before the encrypted keystore path
-  - Made Polymarket orderbook handling deterministic by sorting visible bids highest-first and asks lowest-first before pricing, preflight, and sell-fill estimation
-  - Preserved the `v1.9.0` Polymarket withdrawal flow while promoting the Mony-tested Evalanche runtime fixes into the public release line
-  - Added focused regression coverage for keychain credential resolution and unsorted CLOB orderbook arrays
+  - Hardened MCP HTTP mode so it now requires an explicit bearer token, binds to loopback by default, enforces request timeouts, and rejects oversized request bodies before parsing.
+  - Routed high-risk execution helpers through active spending-policy checks, including approve-and-call, UUPS proxy upgrades, Li.Fi bridge/swap execution, and Gas.zip funding.
+  - Tightened x402 paid-service hosting so settled endpoints require a settlement verifier by default, while preserving explicit `signed-intent` mode for trusted peer flows and tests.
+  - Fixed Polymarket collateral normalization for live pUSD spender allowances, and made `pm_approve` / `pm_deposit` sync both wallet USDC.e -> CLOB approval and Polygon pUSD spender approvals.
 - Docs:
   - [Release notes](docs/releases/README.md)
   - [Roadmap](ROADMAP.md)
@@ -45,6 +45,11 @@ npx evalanche-mcp
 ```
 
 Evalanche ships an MCP server for wallet actions, holdings discovery, DeFi, bridge and swap flows, Polymarket, and perpetual venues.
+The default MCP transport is stdio. HTTP mode is available for local automation, but requires an explicit bearer token:
+
+```bash
+EVALANCHE_MCP_HTTP_TOKEN="$(openssl rand -hex 32)" npx evalanche-mcp --http --port 3402
+```
 
 ## What It Does
 

RELEASING.md

@@ -5,8 +5,8 @@ Evalanche uses a tag-driven GitHub Actions release workflow.
 <!-- GENERATED:release-process:start -->
 ## Current Release Automation
 
-- Current release line: `v1.9.2`
-- Release notes path: `docs/releases/RELEASE_NOTES_1.9.2.md`
+- Current release line: `v1.9.7`
+- Release notes path: `docs/releases/RELEASE_NOTES_1.9.7.md`
 - Required workflow checks:
   - release integrity and notes coverage
   - `npm test`

ROADMAP.md

@@ -5,12 +5,12 @@ This is the active roadmap for the repository.
 <!-- GENERATED:roadmap-release:start -->
 ## Latest Shipped Release
 
-- Latest release: [v1.9.2](docs/releases/RELEASE_NOTES_1.9.2.md)
-- Shipped in `v1.9.2`:
-  - Added macOS Keychain fallback for agent credentials, so Mony and other local agents can resolve the `EvaWallet` / `EvaMain` sovereign wallet after OpenClaw secrets and env vars and before the encrypted keystore path
-  - Made Polymarket orderbook handling deterministic by sorting visible bids highest-first and asks lowest-first before pricing, preflight, and sell-fill estimation
-  - Preserved the `v1.9.0` Polymarket withdrawal flow while promoting the Mony-tested Evalanche runtime fixes into the public release line
-  - Added focused regression coverage for keychain credential resolution and unsorted CLOB orderbook arrays
+- Latest release: [v1.9.7](docs/releases/RELEASE_NOTES_1.9.7.md)
+- Shipped in `v1.9.7`:
+  - Hardened MCP HTTP mode so it now requires an explicit bearer token, binds to loopback by default, enforces request timeouts, and rejects oversized request bodies before parsing.
+  - Routed high-risk execution helpers through active spending-policy checks, including approve-and-call, UUPS proxy upgrades, Li.Fi bridge/swap execution, and Gas.zip funding.
+  - Tightened x402 paid-service hosting so settled endpoints require a settlement verifier by default, while preserving explicit `signed-intent` mode for trusted peer flows and tests.
+  - Fixed Polymarket collateral normalization for live pUSD spender allowances, and made `pm_approve` / `pm_deposit` sync both wallet USDC.e -> CLOB approval and Polygon pUSD spender approvals.
 
 ## Current Focus
 

VULN_NOTES.md

@@ -5,8 +5,8 @@ This file is a short current-state security posture note, not a historical remed
 <!-- GENERATED:vuln-snapshot:start -->
 ## Current Release Snapshot
 
-- Current release: `1.9.2`
-- `npm audit --omit=dev`: `5 critical`, `3 high`, `12 low`
+- Current release: `1.9.7`
+- `npm audit --omit=dev`: `5 critical`, `4 high`, `12 low`
 
 ## Active Overrides
 

docs/releases/README.md

@@ -4,6 +4,8 @@ Versioned release notes live in this folder.
 
 Latest releases:
 
+- [v1.9.7](RELEASE_NOTES_1.9.7.md)
+- [v1.9.4](RELEASE_NOTES_1.9.4.md)
 - [v1.9.2](RELEASE_NOTES_1.9.2.md)
 - [v1.9.0](RELEASE_NOTES_1.9.0.md)
 - [v1.8.9](RELEASE_NOTES_1.8.9.md)

docs/releases/RELEASE_NOTES_1.9.4.md

@@ -0,0 +1,20 @@
+## Highlights
+
+- Hardened MCP HTTP mode so it requires an explicit bearer token, binds to loopback by default, enforces request timeouts, and rejects oversized request bodies.
+- Routed high-risk helper execution through the active spending policy, including generic approve-and-call, UUPS proxy upgrade, Li.Fi bridge/swap execution, and Gas.zip funding.
+- Made MCP policy removal explicit with `remove=true` and `confirm="remove"` instead of treating an empty policy payload as removal.
+- Changed x402 service hosting so paid endpoints require a settlement verifier by default, while preserving explicit `signed-intent` mode for trusted peer demos and tests.
+- Added an adversarial threat model documenting resolved threats, residual risks, and focus paths for future AppSec review.
+
+## Validation
+
+- `npm run typecheck`
+- `npm run test -- test/mcp/server.test.ts test/economy/service.test.ts`
+- `npm run test`
+- `npm run build`
+
+## Notes
+
+- HTTP MCP users must now set `EVALANCHE_MCP_HTTP_TOKEN` or pass `startHTTP({ authToken })`.
+- `v1.9.3` was intentionally skipped; `v1.9.4` is the next published patch after `v1.9.2`.
+- Remaining follow-up work is tracked in the updated threat model: scoped MCP tokens, production x402 settlement verifier adapters, semantic quote invariant checks, and dependency reachability triage.

docs/releases/RELEASE_NOTES_1.9.7.md

@@ -0,0 +1,18 @@
+## Highlights
+
+- Hardened MCP HTTP mode so it now requires an explicit bearer token, binds to loopback by default, enforces request timeouts, and rejects oversized request bodies before parsing.
+- Routed high-risk execution helpers through active spending-policy checks, including approve-and-call, UUPS proxy upgrades, Li.Fi bridge/swap execution, and Gas.zip funding.
+- Tightened x402 paid-service hosting so settled endpoints require a settlement verifier by default, while preserving explicit `signed-intent` mode for trusted peer flows and tests.
+- Fixed Polymarket collateral normalization for live pUSD spender allowances, and made `pm_approve` / `pm_deposit` sync both wallet USDC.e -> CLOB approval and Polygon pUSD spender approvals.
+
+## Validation
+
+- `npm test`
+- `npm run typecheck`
+- `npm run build`
+
+## Notes
+
+- HTTP MCP users must now set `EVALANCHE_MCP_HTTP_TOKEN` or pass `startHTTP({ authToken })`.
+- Polymarket venue balance reads now prefer live pUSD spender approvals over the stale single-allowance assumption, with wallet-side USDC.e -> CLOB approval retained as fallback.
+- This release folds the previously prepared 1.9.4/1.9.5 hardening work together with the pending Polymarket allowance fix into one clean public release line: `v1.9.7`.