diff --git a/.cargo/audit.toml b/.cargo/audit.toml index 76d2d8df83..8690df36b1 100644 --- a/.cargo/audit.toml +++ b/.cargo/audit.toml @@ -5,14 +5,6 @@ [advisories] # Known vulnerabilities that are tracked in https://github.com/cowprotocol/services/issues/3338 ignore = [ - # idna - Punycode label vulnerability (RUSTSEC-2024-0421) - # Needs upgrade to 1.0.0+ (transitive dependency) - "RUSTSEC-2024-0421", - - # protobuf - Uncontrolled recursion (RUSTSEC-2024-0437) - # Needs upgrade to 3.7.2+ (transitive dependency) - "RUSTSEC-2024-0437", - # rsa - Marvin Attack timing sidechannel (RUSTSEC-2023-0071) # No patch available yet (cryptography vulnerability) "RUSTSEC-2023-0071", diff --git a/.claude/commands/debug-order.md b/.claude/commands/debug-order.md index 92708aadc9..359648cf0a 100644 --- a/.claude/commands/debug-order.md +++ b/.claude/commands/debug-order.md @@ -8,11 +8,21 @@ Read and follow the instructions in ./docs/COW_ORDER_DEBUG_SKILL.md to investiga Key steps: 1. Parse the order UID and network from arguments (default: mainnet) -2. Fetch order data from API to get status and details -3. Check order_events in DB for lifecycle events -4. Search Victoria Logs for the order UID +2. **Start with the debug endpoint** — fetch the comprehensive debug report first: + ```bash + source .env.claude && curl -s -H "X-API-Key: $COW_DEBUG_API_KEY" "https://partners.cow.fi/$NETWORK/restricted/api/v1/debug/order/$ORDER_UID" | jq . + ``` + This returns order details, lifecycle events, auction participation, proposed solutions, executions, trades, and settlement attempts — all in one call. +3. Analyze the debug report — key event meanings: + - `ready` = order made it into an auction (was sent to solvers) + - `considered` = a solver included this order in a solution but that solution didn't win + - `executing` = order is in the winning solution, being submitted on-chain + - `traded` = order was settled on-chain + - `filtered` / `invalid` = order was excluded (check the `reason` field) +4. Search Victoria Logs for additional context (filter reasons, error details, solver logs) - For finding discarded solutions where the order UID appears in calldata, use regex: `.*ORDER_UID_WITHOUT_0X.*` plus `discarded` -5. Identify root cause and report findings with evidence -6. If you haven't found anything go wild and try all SQL / log searches / codebase searches you can think of +5. Use DB queries or API calls only if the debug report is missing info or you need deeper investigation +6. Identify root cause and report findings with evidence +7. If you haven't found anything go wild and try all SQL / log searches / codebase searches you can think of Always show your evidence (log lines, DB results, API responses) when presenting findings. diff --git a/CLAUDE.md b/CLAUDE.md index a03abd0c06..45269b7fd2 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -105,6 +105,7 @@ User signs order → Orderbook validates → Autopilot includes in auction - Spot format: `cargo +nightly fmt -- ` (never call stable `cargo fmt`) - Lint: `cargo clippy --locked --workspace --all-features --all-targets -- -D warnings` - Check format: `cargo +nightly fmt --all -- --check` +- Only format **after** as a final step! — i.e. after checking compilation, running tests, etc. ### Local Development Environment - Start local PostgreSQL: `docker compose up -d` @@ -181,26 +182,55 @@ Databases: `mainnet`, `arbitrum-one`, `base`, `linea`, `polygon`, `xdai`, `sepol Use `$ETH_MAINNET_RPC` from `.env.claude` for mainnet. Use `cast` or whatever tools you want freely. -## Grafana Logs Access +## Victoria Logs Access -Use the `scripts/vlogs` wrapper to query Victoria Logs. +Use the `CoW-Prod` MCP tools to query Victoria Logs directly. -**IMPORTANT**: When running `scripts/vlogs`, do NOT use bash comments before the command (e.g., `# comment\nscripts/vlogs ...`) as this causes unnecessary permission prompts. Just run the command directly. +**Timestamps**: MCP requires RFC3339 format (e.g., `2026-04-09T00:00:00Z`). Compute absolute timestamps from the current date rather than using relative time. -**IMPORTANT**: Order UIDs and other structured fields (like `quote_id`, `auction_id`) live inside the `all` field in Victoria Logs. You MUST prefix them with `all:` to match. Plain text terms (like `order created`, `filtered`) match the log message directly and don't need the prefix. +**IMPORTANT**: Order UIDs and other structured fields (like `quote_id`, `auction_id`) live inside the `all` field in Victoria Logs. You MUST prefix them with `all:` to match. Plain text terms (like `order created`, `filtered`) match the log message directly and don't need the prefix. You can also use parsed fields directly (e.g., `parsed.fields.order_uid:0x...`) for more precise matching. -```bash -scripts/vlogs "" [--from