Releases · outputlayer/rwa_cli

08 May 23:09

v0.2.7

7594b6f

Latest

Security-focused release. Three independent hardenings on the wallet/keys path, plus a follow-up fix that keeps Jupiter Z (RFQ) and Ultra gasless flows working under the new verifier. Detailed notes in CHANGELOG.md.

Highlights

Verify Jupiter swap instructions before signing. New wallet::sign_jupiter_swap decodes the base64 transaction Jupiter returns and refuses to sign unless the on-chain instructions match the user's intent: input mint and amount, output mint, and that the wallet pubkey is among the signers. Compromised Jupiter API responses or MITM tampering on a custom RPC URL can no longer redirect funds to a third party.
Encryption-by-default. rwa keys generate and rwa keys import now write key.age (passphrase-encrypted) by default. Pass --allow-plaintext to opt out (with stderr warning). Existing key.json files remain readable; rwa keys show warns when it sees one.
Passphrase strength. Minimum 12 characters; digits-only passphrases rejected (low-entropy scrypt bypass). One-time stderr warning when RWA_PASSPHRASE is read from environment.
Gasless support. The verifier searches for the wallet pubkey across all signer slots, not just index 0. Jupiter Z (RFQ, market maker pays gas) and Ultra gasless (Jupiter pays gas) both keep working — the input-transfer authority check independently confirms the wallet authorized the actual debit, so security is preserved.

Tests

234 → 238 workspace-wide (190 on v0.2.6, +48 across security work). All paths through execute_with_retry (single buy/sell, basket buy/sell, close-all sequential/parallel) are guarded by the verifier.

Notes for users

Scripts that relied on rwa keys generate writing plaintext key.json need --allow-plaintext or should migrate to encrypted keys.
The deprecated --encrypt flag still works (hidden, with deprecation note) for backward compatibility.

Known limitations (tracked for v0.3)

ALT-resolved output ATAs use a soft static-keys check. Defense-in-depth via on-chain simulateTransaction is documented inline and planned for v0.3.
Route-mode awareness (separate strict-AMM / lenient-RFQ verifier paths) is also v0.3.

What's Changed

v0.2.7 — security hot-fix by @outputlayer in #3

Full Changelog: v0.2.6...v0.2.7

Contributors

outputlayer

Assets 8

16 Apr 01:49

outputlayer

v0.2.6

8165569

v0.2.6

Performance

rwa gm portfolio now returns in ~1.2–1.7s typical (previously 21–26s). Read-only Solana RPC calls race across all configured endpoints in parallel; first successful response wins, losers aborted mid-flight.
rwa gm balance and other read-heavy commands are faster under the same change.