fix: route approve commands through proxy wallet

[mvanhorn]

Summary

Fixes approve and ctf commands ignoring --signature-type proxy, which caused all on-chain transactions to go from the EOA instead of the proxy wallet.

Fixes #4
Related: #1, #24

Changes

File	Change
src/auth.rs	Add resolve_wallet_address() that returns EOA, proxy, or Safe address based on signature type
src/main.rs	Pass signature_type to approve and ctf commands
src/commands/approve.rs	Route approve set through Proxy Wallet Factory when signature type is proxy; fix approve check to query the correct wallet
src/commands/ctf.rs	Accept signature_type parameter for forward compatibility

How it works

approve check: Now resolves the wallet address based on --signature-type. With proxy, it queries allowances of the derived proxy wallet instead of the EOA, so users see their actual allowance status.

approve set: With --signature-type proxy, encodes USDC approve and CTF setApprovalForAll calls as calldata and routes them through the Proxy Wallet Factory at 0xaB45.... This batches both approvals per target into a single factory call, so the proxy wallet gets the approvals instead of the EOA.

ctf: Accepts --signature-type but does not yet route through proxy (marked for follow-up). This is a smaller, separable change.

Test plan

• cargo fmt --check passes
• cargo clippy -- -D warnings passes
• cargo test - all 131 tests pass
• Manual: polymarket approve check --signature-type proxy shows proxy wallet allowances
• Manual: polymarket approve set --signature-type proxy sends approvals through factory

This contribution was developed with AI assistance (Claude Code).

---

Note

Medium Risk
Changes how on-chain approval transactions are constructed and which wallet address they target (EOA vs proxy/Safe), which could lead to incorrect allowances if mis-derived or mis-routed. Impact is limited to approval flows but touches transaction encoding and contract calls.

Overview
Fixes approve workflows to correctly respect --signature-type when checking and setting allowances.

Adds auth::resolve_wallet_address() to derive the effective owner address (EOA vs derived proxy vs derived Gnosis Safe) and updates approve check to query approvals against that resolved address.

Updates approve set so proxy mode batches USDC approve + CTF setApprovalForAll into a single call via the Proxy Wallet Factory (and blocks gnosis-safe with a clear error), while keeping the existing direct-EOA transaction path for non-proxy signatures. main.rs now passes signature_type into approve and ctf (with ctf currently accepting but not using it).

^{Written by Cursor Bugbot for commit 51a4459. This will update automatically on new commits. Configure here.}

[mvanhorn]

Addressed the gnosis-safe check/set inconsistency in 09aaa7a. approve set now rejects --signature-type gnosis-safe with a clear error directing users to submit approvals through their Safe wallet interface, since the CLI can't route transactions through the Safe execution flow. This prevents the silent mismatch where set would approve on the EOA but check would query the Safe address.

Re: the proxy check comparison - this is already comparing against the literal "proxy", not against DEFAULT_SIGNATURE_TYPE, so no change needed there.

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}