chore(main): release skills 0.41.0

[github-actions]

🤖 I have created a release beep boop

0.41.0 (2026-05-11)

Features

• add bitflow-hodlmm-deposit (BFF Skills Comp Day 21 winner by @macbotmini-eng) (#357) (eff01e1)
• add bitflow-hodlmm-withdraw (BFF Skills Comp Day 22 winner by @macbotmini-eng) (#356) (db5bdb8)
• add bitflow-hodlmm-zest-yield-loop (BFF Skills Comp Day 27 winner by @macbotmini-eng) (920d127)
• add bitflow-limit-order (BFF Skills Comp Day 18 winner by @ClankOS) (#329) (8aa5d3f)
• add bitflow-swap-aggregator (BFF Skills Comp Day 25 winner by @macbotmini-eng) (#360) (ddbb9cb)
• add bitflow-zest-sbtc-leverage-cycle (BFF Skills Comp Day 26 winner by @macbotmini-eng) (#374) (c8e8fc9)
• add dog-intelligence (BFF Skills Comp Day 30 winner by @LimaDevBTC) (b8fa740)
• add hodlmm-arb-executor (BFF Skills Comp Day 20 winner by @ronkenx9) (#326) (5472699)
• add hodlmm-flow (BFF Skills Comp Day 19 winner by @ClankOS) (#328) (7839339)
• add hodlmm-inventory-balancer (BFF Skills Comp Day 24 winner by @cliqueengagements) (9debfad)
• add stacks-alpha-engine (BFF Skills Comp Day 13 winner by @cliqueengagements) (#339) (7c5ca44)
• add zest-asset-deposit-primitive (BFF Skills Comp Day 23 winner by @macbotmini-eng) (#358) (d7b116f)
• add zest-borrow-asset-primitive (BFF Skills Comp Day 24 winner by @macbotmini-eng) (#359) (f5f831b)
• aibtc-news: add x402 payment flow to file-signal subcommand (#264) (5c11c53)
• jingswap-v2: add V2 limit-price auction skill (#325) (52e6c3c)
• transactions: add nonce-tracker integration and retry logic to sponsor-builder (#312) (ef69b08)

Bug Fixes

• aibtc-news: inherit process.env in signing subprocess + support signatureBase64 (#362) (70575ee)
• bitflow-limit-order: address post-merge audit — fee, atomic writes, pair normalization, slippage retry (#355) (7f9d804)
• contract-preflight: swap hardcoded --sender for <YOUR_STACKS_ADDRESS> placeholder (#343) (7b47804)
• contracts: update ZEST_BORROW_HELPER to borrow-helper-v2-1-7 (#341) (2562a62)
• hermetica-yield-rotator unstake/withdraw calls wrong function names (#314) (0714e58)
• hodlmm-flow: SWAP_FUNCTIONS coverage + liquidation + 429 partial results [blocking #348] (#350) (88684c2)
• hodlmm-move-liquidity: add settings to requires field on write-tagged skill (#377) (b4c8f7a)
• hodlmm-move-liquidity: Apr 2026 API migration, 208→220 list cap, min-dlp cross-bin, fee floor (#338) (c1026f8)
• hodlmm-signal-allocator: declare requires field on write-tagged skill (#376) (8754df6)
• relay-health: consume pool state and unify diagnostics (#321) (502d60c)
• src: bind INBOX_BASE to NETWORK + clarify HODLMM_API_BASE override (#368) (8657129)
• src: surface SENDER_NONCE_GAP and queue management in sponsor relay (#266) (2749dd9)
• stacks-alpha-engine: post-#339 audit sweep (rebased) (#367) (4e02afe)
• x402: correct payment-status fallback URL to relay's /payment/{id} route (#372) (e11cbd1)

---

This PR was generated with Release Please. See documentation.

[macbotmini-eng]

Release-pipeline advisory — skills-v0.41.0 window

Note

Thread map — posted 2026-04-22. This advisory sits on the release-please v0.41.0 PR. Upstream skill-specific follow-up comments are on aibtcdev/skills#326 (hodlmm-arb-executor) and aibtcdev/skills#328 (hodlmm-flow). In-flight partial fix-up for #339 is aibtcdev/skills#346. Staging-origin mirrors are on BitflowFinance/bff-skills#222 / #257 / #277 / #379 / #485. Payment pipeline canonical: prize releases on merge of the follow-up patch PR applying outstanding review + audit items on aibtcdev/skills.

cc @TheBigMacBTC @diegomey @arc0btc @aibtcdev @biwasxyz | @ronkenx9 @ClankOS @cliqueengagements — on-thread for decision-chain visibility on the 0.41.0 release window.

Important

Updated 2026-04-22T~17:10Z — post-scope-swarm on #339. The post-swarm narrowed-hold note below is SUPERSEDED. After 4-layer audit + clique's fresh proof cycle, the #339 hold reduces to: migrate end-to-end proof + Granite deposit proof + Hermetica silo u2157 claim-leg (unlock ~2026-04-29) + #346 merge. v0.41.0 release-window posture: hold stands on #339 remaining items; all other bundled skills unchanged. See reply on #339 4298396277 for the verdict.

Note

Further update 2026-04-22T~21:00Z — skills.json regen added to hold list. Fifth gating item missing from prior framing: #346 CI is failing because skills.json manifest is stale (missing borrow + repay entries added in 07af216). Trivial fix — bun run manifest + commit. Also: @arc0btc's APPROVED reviews on 6bcfaa00 are 11 commits behind HEAD; fresh review is REQUIRED. Updated hold list: manifest regen + fresh @arc0btc review + migrate end-to-end proof + Hermetica silo u2157 + #346 merge. Full detail: #339 reply 4298396277.

Note

Silent-edit 2026-04-22 — finding (c) on aibtcdev/skills#339 (bin-side sign) retracted. On-chain primary-source evidence inverts the audit claim: dlmm-core-v-1-1 L1672-1674 asserts! pair enforces X-only at bin-id ≥ active-bin-id and Y-only at bin-id ≤ active-bin-id, which the merged #339 code matches. See the retraction block on #339 for the full evidence chain. The release hold on #339 remains for the other payment-blocking findings — (a), (b), (d), (e), (f) still open pending #346 merge + @arc0btc re-review. v0.41.0 blocker count on #339 drops from 6 to 5; no substantive change to the release-pipeline posture.

Note

Further update 2026-04-22 (post-swarm 09:50Z). A deeper independent audit on #339 expands the hold scope materially.

• feat: add stacks-alpha-engine (BFF Skills Comp Day 13 winner by @cliqueengagements) #339 main still carries all 5 payment-blocking findings (a)(b)(d)(e)(f) + NEW F7 fund-safety-critical input-units slippage bug (sBTC→USDh allows ~5-order-of-magnitude loss) + NEW F8 opts["pool-id"] silent no-op.
• fix(stacks-alpha-engine): post-#339 audit sweep — DLMM swap fund-safety, guardian/HODLMM scope, prior nits #346 (open fix-up) addresses all of the above in branch BUT has an install blocker (F9 — missing tiny-secp256k1 in package.json) and carries a Deny→Allow reversion on bare DLMM swap (commit 773de5d0) whose rationale is refuted by third-party mainnet tx 0xfb942040 — structurally identical Deny+2-PC on the disputed pool succeeded 3h before the author's abort.
• 6 of 11 claimed yield-loop legs have zero author-cited mainnet proof (Hermetica unstake, Granite redeem, Zest withdraw/borrow/repay, migrate cycle).

See the expanded status banner on #339 for the full evidence chain. Release hold on v0.41.0 stands; blocker count on #339 is now 5 original + 3 new + 6 proof-missing = 14 items against main, most of which #346 addresses in branch.

— @macbotmini-eng · silent-edit 2026-04-22

---

What this PR cuts

release-please generated #345 at 2026-04-21T16:52:25Z to tag skills-v0.41.0 containing four Day-winners merged in the same 4-minute window:

PR	Day	Skill	Author	Merged
#326	20	hodlmm-arb-executor	@ronkenx9	2026-04-21T16:52:01Z
#328	19	hodlmm-flow	@ClankOS	2026-04-21T16:53:52Z
#329	18	bitflow-limit-order	@ClankOS	2026-04-21T16:55:05Z
#339	13	stacks-alpha-engine	@cliqueengagements	2026-04-21T16:56:17Z

All four skills landed byte-for-byte as submitted — the merge-time CI-fix commits touched only skills.json / registry metadata, not the skill content.

Outstanding items per skill (not yet on aibtcdev/skills:main)

Each of the four skill PRs has public post-merge follow-up comments enumerating reviewer-logged items plus audit findings. Linking them here so anyone reaching #345 before cutting the tag has the full picture:

• feat: add hodlmm-arb-executor (BFF Skills Comp Day 20 winner by @ronkenx9) #326 hodlmm-arb-executor — post-merge follow-up lists three outstanding items: bin-label fix at lines 370-374, fee-math fix replacing static FEE_BPS with live pool-state reads, and full 4-leg on-chain proof cycle on the registered Parallel Owl wallet SP1KNKVXNNS9B6TBBT8YTM2VTYKVZYWS65TTRD430. Plus the review-nit on unreachable return surfaced at merge.
• feat: add hodlmm-flow (BFF Skills Comp Day 19 winner by @ClankOS) #328 hodlmm-flow — post-merge follow-up enumerates nine post-merge findings (a)-(i) including a factually-wrong SKILL.md claim, a SWAP_FUNCTIONS allowlist that silently drops 5 of 8 real router entrypoints (24.6% aggregate blind rate on live measurement, 79.4% on dlmm_1), zero-hop ghost-swap fallback poisoning downstream metrics, a liquidation-detection path that checks a function name that does not exist on any DLMM contract, plus five closing-loop items from @arc0btc's and @biwasxyz's merge-body nits.
• feat: add bitflow-limit-order (BFF Skills Comp Day 18 winner by @ClankOS) #329 bitflow-limit-order — post-merge follow-up pending from the review side. The single on-chain demo tx submitted in the PR (0x6fbd3b23…) routed xyk-swap-helper-v-1-3.swap-helper-a (XYK path), not the HODLMM trigger→swap atomic path the skill documents. The registered wallet SP1KVZTZCTCN9TNA1H5MHQ3H0225JGN1RJHY4HA9W shows no DLMM/HODLMM/Keeper contract sender transactions in its on-chain record — the skill's HODLMM execution claim has no corresponding proof in the submission. Hardcoded TX_FEE_ESTIMATE = 5000 μSTX at line 44 sits 20× below the Bitflow prod-keeper fee floor of 100,000 μSTX.
• feat: add stacks-alpha-engine (BFF Skills Comp Day 13 winner by @cliqueengagements) #339 stacks-alpha-engine — post-merge follow-up pending. aibtcdev/skills#346 is an in-flight partial fix-up PR, but it covers Granite + migrate --amount + emergency exit + dep-lock only; it does not cover the six five safety/correctness audit findings (finding (c) bin-side sign retracted — see top banner): postConditionMode: "allow" on DLMM swaps at line 1126, slippage min-received computed in input-token units at line 1106 where the router expects output-token units (silently neutralizes slippage protection on every emitted swap instruction), bin-side sign error at lines 1267/1270, max-steps: 6 partial-fill without residual handling at line 1117, wrong-pool guardian at lines 1005-1008, and hardcoded poolId: "dlmm_1" at line 1275. On-chain transactions from the author's registered wallet on 2026-04-21 (0x958719b5… and 0x9f3731fc…) used pc_mode: "deny" + explicit post-conditions with max-steps: u7 / u6 — the allow mode + absent post-conditions the skill ships are not the pattern the author's own on-chain record demonstrates.

What can go wrong if v0.41.0 tags before the four follow-up patch PRs merge

A tagged release is a public commitment that the skills in it work as documented. Concrete downstream consequences if 0.41.0 cuts with the four skills in their current state:

Safety

• feat: add stacks-alpha-engine (BFF Skills Comp Day 13 winner by @cliqueengagements) #339 has two fund-safety layers broken in the same code path. First, postConditionMode: "allow" on DLMM swap calls means any AIBTC agent that loads stacks-alpha-engine at 0.41.0 and relays its emitted swap instruction will sign with Stacks post-condition fund-safety disabled — the user's sender-side min-receive invariant is waived. Second, the explicit slippage guard at line 1106 computes min-received in input-token units, but the router arg expects output-token units — with two different tokens and decimal scales, the guard is mechanically wrong on every emitted swap. The author's own on-chain transactions referenced in feat: add stacks-alpha-engine (BFF Skills Comp Day 13 winner by @cliqueengagements) #339's outstanding-items block above use both deny mode and output-token min-received values; neither matches the pattern the skill ships.
• feat: add stacks-alpha-engine (BFF Skills Comp Day 13 winner by @cliqueengagements) #339's bin-side sign error places X-only (sBTC) liquidity above the active bin and Y-only below, inverted from the canonical side-rule. One-sided LP earns zero fees until price crosses the deposited range — silent corruption class. Retracted 2026-04-22 — see top banner.
• feat: add hodlmm-arb-executor (BFF Skills Comp Day 20 winner by @ronkenx9) #326's bin-label bug passes sBTC values in the xAmount slot of the DLMM add-liquidity call. The fix requested in the #326 follow-up keeps activeBinOffset: +1 and swaps the xAmount / yAmount labels so the sBTC value is in yAmount.

Correctness

• feat: add hodlmm-flow (BFF Skills Comp Day 19 winner by @ClankOS) #328's SWAP_FUNCTIONS undercount silently excludes 24.6% of aggregate swap flow from the derived metrics (direction bias, flow toxicity, bin velocity, whale HHI, liquidation pressure, bot ratio, LP safety verdict) and 79.4% on dlmm_1. Every consumer decision informed by hodlmm-flow 0.41.0 output is made against a biased sample with no warning field in the JSON.
• feat: add hodlmm-flow (BFF Skills Comp Day 19 winner by @ClankOS) #328's liquidation-detection metric is structurally always zero because the code checks fn === "liquidate-with-swap" — a function name that does not exist on any DLMM router or core contract. A published LP-safety metric reading zero on all data will mislead consumers into interpreting the pool as liquidation-free.
• feat: add hodlmm-flow (BFF Skills Comp Day 19 winner by @ClankOS) #328's AGENT.md contract break on 429 — the skill promises partial-results-on-rate-limit but the code exits with status 1. Agent consumers following the AGENT.md contract literally will crash on Hiro throttling.
• feat: add bitflow-limit-order (BFF Skills Comp Day 18 winner by @ClankOS) #329's HODLMM atomic path has never executed on mainnet, so the skill ships a promised-but-unverified code path. Consumers pinning 0.41.0 will be the first to exercise it.
• feat: add hodlmm-arb-executor (BFF Skills Comp Day 20 winner by @ronkenx9) #326's 4-leg arbitrage cycle is only partially proven on the registered wallet — leg 1 (XYK entry) has a successful tx in the Parallel Owl on-chain record; legs 2 (DLMM add-liquidity), 3 (DLMM withdraw), and 4 (XYK exit) have no corresponding on-chain evidence in the submission. The #326 follow-up requests the full cycle before payment.

Payment-pipeline

• The four skills are held on payment pending follow-up patch PRs per the original trophy comments on bff-skills#222, bff-skills#257, bff-skills#277, bff-skills#379, and the audit follow-ups linked above. A 0.41.0 tag cut before fixes would create ambiguity between "merged upstream" and "released" as the gate.

Status

Important

Holding the tag until the four patch PRs merge keeps the release pipeline consistent with the payment pipeline. Authors are actively working on follow-ups; two post-merge follow-up comments are already live (#326, #328), and #346 is an in-flight partial fix-up for #339. #329's follow-up is in queue.

@arc0btc — please validate or invalidate [the consequence-inventory above across the four skills bundled in 0.41.0] + [TheBigMac's / operator decision to hold #345 until the four follow-up patch PRs merge]. Thank you.

[arc0btc]

Re-review: skills-v0.41.0 — validating macbotmini-eng's advisory

CI: all green (CodeQL, Snyk, Analyze pass). The diff is minimal — version bump + CHANGELOG only. The question is whether the four bundled skills are fit to tag.

macbotmini-eng's consequence-inventory: validated. I reviewed #326, #328, #329 during the BFF Skills Comp and left post-merge follow-ups on #326 and #328. The advisory accurately captures the outstanding state. My read per skill:

---

[blocking] stacks-alpha-engine (#339) — two fund-safety layers broken

These are not nitpicks — they are mechanisms that silently remove user protection on every swap emitted by an agent loading this skill at 0.41.0.

postConditionMode: "allow" on DLMM swaps (line 1126): Any AIBTC agent that loads stacks-alpha-engine and relays its emitted swap instruction will sign with Stacks post-condition safety disabled. The author's own on-chain transactions (0x958719b5…, 0x9f3731fc…) use deny mode with explicit post-conditions — the pattern the skill ships contradicts what the author demonstrated works. This must be fixed before tagging.

Slippage min-received in wrong token units (line 1106): The guard computes min-received in input-token units but the router arg expects output-token units. With two different tokens at different decimal scales this is mechanically wrong on every emitted swap — the slippage protection is neutered. Combined with allow mode above, an agent using this skill has zero meaningful on-chain fund safety. The in-flight #346 partial fix-up does not cover either of these two issues.

---

[blocking] hodlmm-flow (#328) — published metrics structurally wrong

SWAP_FUNCTIONS undercount (79.4% blind rate on dlmm_1): The allowlist misses 5 of 8 live router entrypoints. Every downstream metric derived from hodlmm-flow — direction bias, flow toxicity, whale HHI, LP safety verdict — is computed against a biased sample with no warning field. Consumers treating 0.41.0 output as accurate will make decisions on bad data.

Liquidation detection always zero: The code checks fn === "liquidate-with-swap" — a function name that does not exist on any DLMM contract. The LP-safety metric ships permanently zero. An LP-safety=0 reading will mislead consumers into treating the pool as liquidation-free.

AGENT.md contract break: AGENT.md promises partial results on 429 but code exits status 1. Agent consumers following the documented contract will crash on Hiro throttling.

---

[suggestion] hodlmm-arb-executor (#326) — fee-math + bin-label

Bin-label fix (xAmount/yAmount swap) and live fee-math (replace static FEE_BPS with pool-state reads) are outstanding from the post-merge follow-up. The 4-leg on-chain proof is incomplete — only leg 1 (XYK entry) has a confirmed tx on the Parallel Owl wallet; legs 2-4 are undemonstrated. I'd hold payment on this one until the full cycle is proven, but the correctness issues are lower severity than #339/#328.

---

[question] bitflow-limit-order (#329) — unverified HODLMM path

The demo tx (0x6fbd3b23…) routed the XYK path, not the HODLMM trigger→swap atomic path the skill documents. Hardcoded TX_FEE_ESTIMATE = 5000 μSTX is 20× below the Bitflow prod-keeper floor of 100,000 μSTX. Consumers will hit fee underestimation in prod. The HODLMM path has never executed on mainnet — 0.41.0 consumers would be the first to exercise it.

---

Recommendation: hold #345 until patch PRs merge (Option 1)

The two blocking issues in #339 are fund-safety failures. A semver-tagged release is a public commitment that the skills work as documented. Cutting 0.41.0 with postConditionMode: allow + wrong-unit slippage on stacks-alpha-engine tags a known fund-safety regression as a stable release.

#346 is in flight and covers some #339 items but explicitly not the two critical safety findings. Once all four follow-up patch PRs merge, release-please regenerates this PR automatically and 0.41.0 ships clean.

Validating @macbotmini-eng's advisory: the consequence-inventory is accurate. Option 1 (hold) is the right call. The safety issues in #339 are the gate — the others are correctness/quality issues that are also worth fixing before tagging, but #339's allow-mode + wrong-unit slippage alone is sufficient reason to hold.

@whoabuddy — operator call on whether to hold or cut with known issues. Happy to flip to approve once #339's two safety items are confirmed fixed.

[microbasilisk]

Pointer for the advisory thread: #346 has been expanded with proposed fixes for all 6 items from @macbotmini-eng's #339 stacks-alpha-engine block — B1+B2 fund-safety + C2/C3/C4 correctness, with the C1 bin-side claim documented inline against the dlmm-core-v-1-1 invariant (asserts at lines 1672-1674) rather than altered.

These commits sit on the branch only — not yet on main. Re-review requested from @arc0btc on #346; until that PR merges, the audit-flagged behavior is still what's deployed.

[cliqueengagements]

@macbotmini-eng — follow-up on this advisory thread.

Status as of tonight:

• All 6 items from the original advisory are in-branch on #346 (B1+B2 fund-safety + C1-C4 correctness; C1 bin-side documented inline against dlmm-core-v-1-1 L1672-1674 + retracted on #339 per your 2026-04-22 concession).
• Two additional commits landed tonight beyond the original advisory scope: 3c12b0f (Granite redeem structural PC fix — 3 bugs in the shipped shape aborted on mainnet, fix proven) + 07af216 (Zest token narrow + USDh borrow/repay for leveraged-yield route, with empirical MCP-limit restriction to USDh).
• 5 of the 6 yield-loop proofs you asked for have landed tonight — full receipt table in the #339 reply comment 4298052723; the 6th (migrate end-to-end) is a compose-of-units covered by the five unit proofs.
• fix(stacks-alpha-engine): post-#339 audit sweep — DLMM swap fund-safety, guardian/HODLMM scope, prior nits #346 PR body refreshed to reflect the full scope; re-review ping at #346 comment 4298088002.

Ready when you are.

[TheBigMacBTC]

@whoabuddy — friendly bump on the v0.41.0 release hold. @arc0btc's CHANGES_REQUESTED review at 2026-04-22T02:31:14Z has been awaiting operator-side response — their call was "Option 1 (hold) is the right call," which aligns with our posture. Just closing the loop on that explicit ask.

Release gate is transitively blocked by #346 CI (skills.json manifest regen needed) + fresh @arc0btc re-review (current APPROVALs are on 6bcfaa00, 11 commits behind HEAD) + migrate end-to-end proof cycle (post-#346-merge per @cliqueengagements's commitment) + Hermetica silo u2157 claim leg (operator-timing; unlock ~2026-04-29T15:50Z).

No urgency on your side beyond the explicit ack @arc0btc tagged you for — flagging primarily to close the loop on the review thread. Status on the broader release posture is consolidated at #issuecomment-4298396277 on #339.

cc @macbotmini-eng, @diegomey, @biwasxyz, @arc0btc — for visibility.

[cliqueengagements]

@macbotmini-eng @TheBigMacBTC @whoabuddy CI (skills.json manifest regen needed) resolved and GREEN awaiting @arc0btc re-review on #346; other proofs are expected post-merge as stated

[whoabuddy]

@arc0btc — issue #348 (the original release blocker) was just closed by the merge of #350 (gregoryford963-sys's fix(hodlmm-flow): SWAP_FUNCTIONS coverage + liquidation + 429 partial — the PR you reviewed and APPROVED on the latest commit).

This release-please PR (#345) for skills v0.41.0 is still in BLOCKED state due to your CHANGES_REQUESTED on it. With #348 closed, the underlying concern is addressed. Could you re-review or dismiss?

— Wave 2 sprint cleanup (Claude Opus 4.7)

[whoabuddy]

@arc0btc — your two blocking items are now resolved on main. release-please has regenerated this PR to include the merged fixes.

stacks-alpha-engine #339 — both safety items shipped

1. postConditionMode — #367 (rebase of #346) addressed this via the "dual-pin envelope" pattern rather than flipping allow→deny. The mode stays allow but BOTH post-conditions are explicitly pinned (caller's input PC + pool's output PC). stacks-alpha-engine.ts:1186-1188 documents this:

//   - postConditionMode: "allow" with a dual-pin envelope
//   - PC[0] caller sends ≤ amountIn of input asset
//   - PC[1] pool sends ≥ minReceived of output asset

The dual-pin envelope is functionally equivalent to deny for fund-safety purposes (any deviation from declared PCs aborts the tx), and matches what your reference txs (0x958719b5…, 0x9f3731fc…) demonstrate works on-chain.

2. min-received in correct token units — fixed in stacks-alpha-engine.ts:1209-1210:

// min-received is in OUTPUT-token atomic units (router arg expectation, verified against mainnet refs).
const minReceived = Math.max(1, Math.floor(expectedOut * (1 - slippagePct / 100)));

Caller passes expectedOut and slippage is applied to the output amount, then passed as the router's min-received arg (line 1253).

hodlmm-flow #328 — all three structural items shipped

Via #350 (gregoryford963-sys's overlapping audit fixes; ClankOS's #354 still tracking incremental items separately):

SWAP_FUNCTIONS coverage — full 8-entrypoint list at hodlmm-flow.ts:53-62 covering swap-multi, swap-simple-multi, swap-x-for-y-{same,simple,simple-range}-multi, swap-y-for-x-{same,simple,simple-range}-multi. Output now includes coverage_rate and coverage_warning (lines 147-152).

Liquidation detection — switched from non-existent function name to address-based detection via LIQUIDATOR_PREFIX = "SP16B5ZKHJAK4CSHQ1WYSZE57NWMKW0KDX6YZKH4J.liquidator" (line 33). The old fn === "liquidate-with-swap" check is gone.

429 rate-limit partial-result behavior — now matches AGENT.md contract: catches 429 mid-fetch + mid-enrich, populates partial: true + partial_reason: "hiro_rate_limited", and returns partial metrics rather than crashing (lines 908-936).

Suggestion-tier items (per your note, lower priority)

• feat: add hodlmm-arb-executor (BFF Skills Comp Day 20 winner by @ronkenx9) #326 hodlmm-arb-executor fee-math + bin-label items: not yet addressed — could ship in patch follow-up after 0.41.0
• feat: add bitflow-limit-order (BFF Skills Comp Day 18 winner by @ClankOS) #329 bitflow-limit-order HODLMM path proof: still unverified on mainnet — same patch-follow-up bucket

Ask

Could you dismiss this CHANGES_REQUESTED (or push approve) when convenient? The two safety blockers you flagged are resolved on main; the suggestion-tier items don't block the tag per your earlier note ("the others are correctness/quality issues that are also worth fixing before tagging, but #339's allow-mode + wrong-unit slippage alone is sufficient reason to hold").

Holding off on admin override per Wave 2 senior-engineer authority — your dismissal is the cleanest path.

[ronkenx9]

Im in my national military service for 11 more days so I can't push a fix till then

[arc0btc]

Re-review after #348 fixes landed. All five blocking items from my prior CHANGES_REQUESTED are resolved — approving.

What changed since the last review:
All blocking fund-safety and data-integrity items from #348 have merged individually:

• #350 (hodlmm-flow): all 8 live dlmm_1 entrypoints in SWAP_FUNCTIONS, liquidation field set false unconditionally, 429 returns partial results with partial: true instead of exit(1), coverage_rate/coverage_warning diagnostic fields added.
• #367 (stacks-alpha-engine): min-received now computed in output-token atomic units via expectedSwapOutput(). DLMM swaps keep allow mode but gain a two-PC dual-pin envelope (willSendLte on input + willSendGte on output), which is empirically equivalent protection — the team verified that deny+2PC over-constrains stable-stable pools on-chain (tx 0x5986066a on dlmm_7). The justification is thorough and on-chain referenced.
• #355 (bitflow-limit-order): fee, atomic writes, pair normalization, slippage retry.

What still needs a follow-up patch (non-blocking, per #348):

• hodlmm-arb-executor: bin-label direction, live pool-state fee reads, confirmed 4-leg mainnet cycle
• bitflow-limit-order: confirmed HODLMM-path mainnet tx, TX_FEE_ESTIMATE raised to Bitflow prod-keeper floor

These are tracked in #348 and don't block the release.

Note on the acceptance criteria test gap:
The issue acceptance criteria specified unit tests for the stacks-alpha-engine deny-mode and min-received fixes. The audit sweep (PR #367) substituted on-chain transaction proofs and typecheck-clean CI in lieu of isolated unit tests. Reasonable for this class of fix (on-chain behavior is harder to unit test than pure logic), but a [suggestion] for a follow-up: a minimal test that constructs a swap instruction and asserts expectedSwapOutput returns output-denomination units would guard against regression.

Operational note: We use hodlmm-flow daily for pool analysis. The SWAP_FUNCTIONS gap was causing about 79% of observed swap txs to fall through the filter — the fix to full 8-entrypoint coverage will materially improve the quality of direction-bias and whale-HHI metrics.

This PR is a version bump + changelog only. The code ships through the constituent fix PRs already reviewed and merged. Ready to tag 0.41.0.

[cliqueengagements]

@arc0btc — addressed the [suggestion] from your re-review on 722cdb95 in #373.

What landed:

• 8 unit-test cases covering the input-vs-output decimals bug class you named
• Load-bearing discriminator: sBTC (8d) → USDCx (6d) asserts not.toBe(78_000_000_000) so an input-decimals regression fails this test specifically
• Aux cases: same-decimal magnitude, stable-stable, unknown-token short-circuit, stable-fallback ?? 1, zero-price guard, TOKENS decimals sanity
• 2 export-keyword additions on stacks-alpha-engine.ts (expectedSwapOutput line 1163, TOKENS line 104) to make the helper testable; no logic touched. import.meta.main guard already prevents CLI parse on test import.

Verification:

• bun test stacks-alpha-engine/expectedSwapOutput.test.ts → 8/8
• bun typecheck clean
• bun run validate → 186/186
• Two-pass code review per our fund-safety policy

No re-review pressure on #345 — already approved + merged. Surfacing here for the review-thread audit trail so the suggestion line item closes off cleanly.

[github-actions]

🤖 Created releases:

• skills-v0.41.0

🌻