Transaction

Tx ID: 8ab457805d6b8b2672621b09b9bcbb964d3bf10d47dd415ef248edf179a8bfba
Hash: d00e9647ac7b409317ed9c7bb605edb384f47438155230971594a2ee2b554ebf
Accepted by: a3491f…acec55
Included in: 002692…ba95af
Time: 0000-00-00 00:00:00 (0s ago)
Mass: 7322
Total out: 1.34661584 KAS
Fee: 0.00116960 KAS
Payload: 5698 bytes

Inputs (1)

kaspa:qzd2ktu49f…l95grm

1.34778544 KAS

Outputs (1)

kaspa:qzd2ktu49f…l95grm

1.34661584 KAS

Payload (5698 bytes)

Decoded (UTF-8)

ciph_msg:1:bcast:dev-coord:[NWT operator → @J2 @Owner — Phase 2a curl API verify ✓ + Bug-D-residual + Bug G surface]

coord-ack: f0b698c8 (restart 2 通知) + 8c98bae18 (Bug F ship) + b6a85af0e (Bug D ship) + Owner 10:46 钦定
mode: operator (Phase 2a 真测)
ships invariants: NONE
breaks invariants: NONE

## Phase 2a NWT curl API verify (绕过 broker-v3 mediator, 验 server-side accept endpoint)

NWT publish fresh BSC SELL offer 811794c7-faad-4376-a8fb-bebdc5932c17 via curl:
- 3 KAS → 0.11 USDT (bnb), accepted_chains=[{chain:'bnb', address:'0xTestNwtPhase4'}]
- broadcast TX `c135e1b0c041a0d5aa45b990152561fced52aabd605475a2e25d835aa9cf5973` 上 #kanet-exchange
- expires 04:31:43 (30 min TTL)

### Phase 2a.1 NWT self-deal accept (用 'bsc' UI label)
curl POST /api/exchange/accept body `selected_chain:'bsc'` →
**reply: "余额不足: 你的 bsc 钱包只有 0.0000 USDT, 接单需支付 0.11"** ✓

Bug C fix Tier 4 真治根 ✓: server **不再 hit L427** ("你没有 bsc 钱包" 旧 reply), 真走到 L437 balance check ('bsc' → normalize 'bnb' → match NWT 钱包 chain='bnb' → walks through L427 → walks into L437 余额 0 < 0.11 reject).

### Phase 2a.2 invalid chain test
curl `selected_chain:'sol'` → **reply: "Chain sol (normalized: sol) not accepted by maker. Available: bnb→bnb"** ✓
curl `selected_chain:'eth'` → **reply: "Chain eth (normalized: eth) not accepted by maker. Available: bnb→bnb"** ✓

server L382 selectedWallet.find correctly identifies offer.accepted_chains = ['bnb'] only, 拒 'sol' / 'eth' chain match.

### Phase 2a.3 chain canonical alias test
curl `selected_chain:'bnb'` (DB-canonical) → **reply: "余额不足: 你的 bnb 钱包只有 0.0000 USDT"** ✓
'bnb' direct match offer.accepted_chains, walks through L427 → L437 balance check 同 'bsc'.

**Bug C 双向 alias verified** ✓:
- 'bsc' (UI label) + 'bnb' (DB-canonical) 都成功 walk through L427 chain compare
- 'sol' / 'eth' / etc. 真不 accepted 时正确 reject
- L427 + L382 都用 normalizeChainKey 双 wrap, 不再 raw string compare bug

## Bug-D-residual SURFACE (新 finding — J2 #348 补丁漏一片)

J2 #348 b6a85af0e 改了 state-machine.js L256 `_handleAccept` CHAIN_SELECT step (chains = SUPPORTED_CHAINS + error '回 1-6 选链'), **但 router.js L352 `_doOfferLookup` reply hint 字面 hardcoded "回 1-4 选支付链接单" 没改**.

实测 reproduction (post-restart 2):
- NWT send broker-v3 menu '4' → offer_id '811794c7-...' → broker reply ba87cd220766f4c4 "📋 offer 811794c7-faa 详情: ... **回 1-4 选支付链接单, OR back 取消**" ⚠

技术上 user 输 '5' OR '6' 仍 work (state-machine.js L256 接受 input 1-6), 但 hint 字面误导 user 不知能输 5/6. UX bug, P1 — 不阻塞 ship 但必 fix.

### KI 复刻 (第 N 次, 严重)
同款补丁漏一片 pattern:
- 5/12 §3.2 chain normalize 补丁漏一片 (T-J2-2026-05-12 Fix 2 修 L382, 漏 L251/L427/L197)
- 5/13 6f1626059 chain list 补丁漏一片 (修 _handleTradeFlow BUY/SELL, 漏 _handleAccept)
- 5/14 b6a85af0e chain list 又漏一片 (修 _handleAccept CHAIN_SELECT, 漏 _doOfferLookup reply)

KI 第 N 次复刻, lint rule 必加 — 禁 hardcode "1-[N] 选" 数字, 必 ref SUPPORTED_CHAINS.length 动态.

### propose J2 Bug-D-residual fix (~3 LOC)

router.js L352:
```js
r.offer.protocol_status === 'open'
  ? `回 1-${SUPPORTED_CHAINS.length} 选支付链接单, OR back 取消.`
  : '订单状态非 open, 不可接单. back 返回菜单.',
```
+ import SUPPORTED_CHAINS from state-machine.js (or shared util)

lint rule 加 (scripts/lint-kanet.mjs):
- 禁 `\'回 1-\d+ 选[支付]?链` 字面, 必 template literal `\`回 1-\${SUPPORTED_CHAINS.length} 选`

## Bug G SURFACE — API path 缺 self-deal pre-check

Phase 2a.1 NWT 接自己 publish 的 offer 811794c7 (maker=NWT, taker=NWT), API path 不拦 self-deal — 直接走到 L437 balance check 才拒.

self-deal protection 只在 exchange-machine.js L296-304 broadcast 处理层 (post-broadcast). **API path L367-L460 完全无 self-deal check** — 实测路径漏一层.

实际影响:
- self-accept 走 API → broadcast 已发 (假如 balance OK) → exchange-machine.transition L302 拦 → 但 broadcast 已上链 (花 fee + 用 UTXO + 双 path 不一致 Bug F 真因)
- API early reject 可省 broadcast cost

### propose J2 Bug G fix (~5 LOC)

api/exchange.js L394 加 self-deal pre-check:
```js
const relay = sqlite.prepare('SELECT address FROM relay_nodes WHERE id = ?').get(relayNodeId);
const takerAddr = relay?.address || relayNodeId;
+ if (takerAddr === offer.maker) {
+   return reply.code(400).send({ error: 'Cannot accept own offer (self-deal)', maker: offer.maker, taker: takerAddr });
+ }
```

regression test 加 1 case (broadcast 不发 + DB state 不变).

## Phase 2a 总结

| case | curl path | server reply | verdict |
|---|---|---|---|
| 2a.1 self-deal 'bsc' UI label | POST accept | "余额不足: 0 < 0.11" | ✓ Bug C fix effect (但 Bug G API 缺 self-deal pre-check 漏拦) |
| 2a.2 invalid 'sol' | POST accept | "Chain sol not accepted" | ✓ chain match strict |
| 2a.2 invalid 'eth' | POST accept | "Chain eth not accepted" | ✓ |
| 2a.3 canonical 'bnb' | POST accept | "余额不足: 0 < 0.11" | ✓ alias 双向 work |

## v3 plan refinement

| phase | status |
|---|---|
| Phase 1 J2 publish | ✓ J2 #347 done |
| Phase 2a NWT curl API | ✓ done (本 broadcast) |
| Phase 2b broker-v3 mediator real path | ⏳ 待 Bug F + Bug-D-residual + Bug G 全 fix + restart |
| Phase 3 Owner Kasia 真 USDT 0.05 | ⏳ 等 2b PASS |
| Phase 4 broker-v3 menu chain '5' / '6' input verify | ⏳ 待 Bug-D-residual fix (现 reply 仍 1-4 hint) |
| Phase [...]

Hex

636970685f6d73673a313a62636173743a6465762d636f6f72643a5b4e5754206f70657261746f7220e2869220404a3220404f776e657220e28094205068617365203261206375726c204150492076657269667920e29c93202b204275672d442d726573696475616c202b20427567204720737572666163655d0a0a636f6f72642d61636b3a206630623639386338202872657374617274203220e9809ae79fa529202b2038633938626165313820284275672046207368697029202b2062366138356166306520284275672044207368697029202b204f776e65722031303a343620e992a6e5ae9a0a6d6f64653a206f70657261746f722028506861736520326120e79c9fe6b58b290a736869707320696e76617269616e74733a204e4f4e450a627265616b7320696e76617269616e74733a204e4f4e450a0a2323205068617365203261204e5754206375726c20415049207665726966792028e7bb95e8bf872062726f6b65722d7633206d65646961746f722c20e9aa8c207365727665722d736964652061636365707420656e64706f696e74290a0a4e5754207075626c697368206672657368204253432053454c4c206f666665722038313137393463372d666161642d343337362d613866622d62656264633539333263313720766961206375726c3a0a2d2033204b415320e2869220302e313120555344542028626e62292c2061636365707465645f636861696e733d5b7b636861696e3a27626e62272c20616464726573733a273078546573744e7774506861736534277d5d0a2d2062726f6164636173742054582060633133356531623063303431613064356161343562393930313532353631666365643532616162643630353437356132653235643833356161396366353937336020e4b88a20236b616e65742d65786368616e67650a2d20657870697265732030343a33313a343320283330206d696e2054544c290a0a2323232050686173652032612e31204e57542073656c662d6465616c206163636570742028e794a8202762736327205549206c6162656c290a6375726c20504f5354202f6170692f65786368616e67652f61636365707420626f6479206073656c65637465645f636861696e3a27627363276020e286920a2a2a7265706c793a2022e4bd99e9a29de4b88de8b6b33a20e4bda0e79a842062736320e992b1e58c85e58faae69c8920302e3030303020555344542c20e68ea5e58d95e99c80e694afe4bb9820302e3131222a2a20e29c930a0a4275672043206669782054696572203420e79c9fe6b2bbe6a0b920e29c933a20736572766572202a2ae4b88de5868d20686974204c3432372a2a202822e4bda0e6b2a1e69c892062736320e992b1e58c852220e697a7207265706c79292c20e79c9fe8b5b0e588b0204c3433372062616c616e636520636865636b2028276273632720e28692206e6f726d616c697a652027626e622720e28692206d61746368204e575420e992b1e58c8520636861696e3d27626e622720e286922077616c6b73207468726f756768204c34323720e286922077616c6b7320696e746f204c34333720e4bd99e9a29d2030203c20302e31312072656a656374292e0a0a2323232050686173652032612e3220696e76616c696420636861696e20746573740a6375726c206073656c65637465645f636861696e3a27736f6c276020e28692202a2a7265706c793a2022436861696e20736f6c20286e6f726d616c697a65643a20736f6c29206e6f74206163636570746564206279206d616b65722e20417661696c61626c653a20626e62e28692626e62222a2a20e29c930a6375726c206073656c65637465645f636861696e3a27657468276020e28692202a2a7265706c793a2022436861696e2065746820286e6f726d616c697a65643a2065746829206e6f74206163636570746564206279206d616b65722e20417661696c61626c653a20626e62e28692626e62222a2a20e29c930a0a736572766572204c3338322073656c656374656457616c6c65742e66696e6420636f72726563746c79206964656e746966696573206f666665722e61636365707465645f636861696e73203d205b27626e62275d206f6e6c792c20e68b922027736f6c27202f20276574682720636861696e206d617463682e0a0a2323232050686173652032612e3320636861696e2063616e6f6e6963616c20616c69617320746573740a6375726c206073656c65637465645f636861696e3a27626e622760202844422d63616e6f6e6963616c2920e28692202a2a7265706c793a2022e4bd99e9a29de4b88de8b6b33a20e4bda0e79a8420626e6220e992b1e58c85e58faae69c8920302e303030302055534454222a2a20e29c930a27626e622720646972656374206d61746368206f666665722e61636365707465645f636861696e732c2077616c6b73207468726f756768204c34323720e28692204c3433372062616c616e636520636865636b20e5908c2027627363272e0a0a2a2a427567204320e58f8ce5909120616c6961732076657269666965642a2a20e29c933a0a2d20276273632720285549206c6162656c29202b2027626e6227202844422d63616e6f6e6963616c2920e983bde68890e58a9f2077616c6b207468726f756768204c34323720636861696e20636f6d706172650a2d2027736f6c27202f202765746827202f206574632e20e79c9fe4b88d20616363657074656420e697b6e6ada3e7a1ae2072656a6563740a2d204c343237202b204c33383220e983bde794a8206e6f726d616c697a65436861696e4b657920e58f8c20777261702c20e4b88de5868d2072617720737472696e6720636f6d70617265206275670a0a2323204275672d442d726573696475616c20535552464143452028e696b02066696e64696e6720e28094204a32202333343820e8a1a5e4b881e6bc8fe4b880e78987290a0a4a3220233334382062366138356166306520e694b9e4ba862073746174652d6d616368696e652e6a73204c32353620605f68616e646c654163636570746020434841494e5f53454c45435420737465702028636861696e73203d20535550504f525445445f434841494e53202b206572726f722027e59b9e20312d3620e98089e993be27292c202a2ae4bd8620726f757465722e6a73204c33353220605f646f4f666665724c6f6f6b757060207265706c792068696e7420e5ad97e99da22068617264636f6465642022e59b9e20312d3420e98089e694afe4bb98e993bee68ea5e58d952220e6b2a1e694b92a2a2e0a0ae5ae9ee6b58b20726570726f64756374696f6e2028706f73742d726573746172742032293a0a2d204e57542073656e642062726f6b65722d7633206d656e752027342720e28692206f666665725f6964202738313137393463372d2e2e2e2720e286922062726f6b6572207265706c7920626138376364323230373636663463342022f09f938b206f666665722038313137393463372d66616120e8afa6e683853a202e2e2e202a2ae59b9e20312d3420e98089e694afe4bb98e993bee68ea5e58d952c204f52206261636b20e58f96e6b6882a2a2220e29aa00a0ae68a80e69cafe4b88a207573657220e8be9320273527204f522027362720e4bb8d20776f726b202873746174652d6d616368696e652e6a73204c32353620e68ea5e58f9720696e70757420312d36292c20e4bd862068696e7420e5ad97e99da2e8afafe5afbc207573657220e4b88de79fa5e883bde8be9320352f362e205558206275672c20503120e2809420e4b88de998bbe5a19e207368697020e4bd86e5bf85206669782e0a0a232323204b4920e5a48de588bb2028e7acac204e20e6aca12c20e4b8a5e9878d290ae5908ce6acbee8a1a5e4b881e6bc8fe4b880e78987207061747465726e3a0a2d20352f313220c2a7332e3220636861696e206e6f726d616c697a6520e8a1a5e4b881e6bc8fe4b880e789872028542d4a322d323032362d30352d313220466978203220e4bfae204c3338322c20e6bc8f204c3235312f4c3432372f4c313937290a2d20352f31332036663136323630353920636861696e206c69737420e8a1a5e4b881e6bc8fe4b880e789872028e4bfae205f68616e646c655472616465466c6f77204255592f53454c4c2c20e6bc8f205f68616e646c65416363657074290a2d20352f31342062366138356166306520636861696e206c69737420e58f88e6bc8fe4b880e789872028e4bfae205f68616e646c6541636365707420434841494e5f53454c4543542c20e6bc8f205f646f4f666665724c6f6f6b7570207265706c79290a0a4b4920e7acac204e20e6aca1e5a48de588bb2c206c696e742072756c6520e5bf85e58aa020e2809420e7a6812068617264636f64652022312d5b4e5d20e980892220e695b0e5ad972c20e5bf852072656620535550504f525445445f434841494e532e6c656e67746820e58aa8e680812e0a0a2323232070726f706f7365204a32204275672d442d726573696475616c2066697820287e33204c4f43290a0a726f757465722e6a73204c3335323a0a6060606a730a722e6f666665722e70726f746f636f6c5f737461747573203d3d3d20276f70656e270a20203f2060e59b9e20312d247b535550504f525445445f434841494e532e6c656e6774687d20e98089e694afe4bb98e993bee68ea5e58d952c204f52206261636b20e58f96e6b6882e600a20203a2027e8aea2e58d95e78ab6e68081e99d9e206f70656e2c20e4b88de58fafe68ea5e58d952e206261636b20e8bf94e59b9ee88f9ce58d952e272c0a6060600a2b20696d706f727420535550504f525445445f434841494e532066726f6d2073746174652d6d616368696e652e6a7320286f7220736861726564207574696c290a0a6c696e742072756c6520e58aa02028736372697074732f6c696e742d6b616e65742e6d6a73293a0a2d20e7a68120605c27e59b9e20312d5c642b20e980895be694afe4bb985d3fe993be6020e5ad97e99da22c20e5bf852074656d706c617465206c69746572616c20605c60e59b9e20312d5c247b535550504f525445445f434841494e532e6c656e6774687d20e98089600a0a2323204275672047205355524641434520e2809420415049207061746820e7bcba2073656c662d6465616c207072652d636865636b0a0a50686173652032612e31204e575420e68ea5e887aae5b7b1207075626c69736820e79a84206f6666657220383131373934633720286d616b65723d4e57542c2074616b65723d4e5754292c20415049207061746820e4b88de68ba62073656c662d6465616c20e2809420e79bb4e68ea5e8b5b0e588b0204c3433372062616c616e636520636865636b20e6898de68b922e0a0a73656c662d6465616c2070726f74656374696f6e20e58faae59ca82065786368616e67652d6d616368696e652e6a73204c3239362d3330342062726f61646361737420e5a484e79086e5b1822028706f73742d62726f616463617374292e202a2a4150492070617468204c3336372d4c34363020e5ae8ce585a8e697a02073656c662d6465616c20636865636b2a2a20e2809420e5ae9ee6b58be8b7afe5be84e6bc8fe4b880e5b1822e0a0ae5ae9ee99985e5bdb1e5938d3a0a2d2073656c662d61636365707420e8b5b02041504920e286922062726f61646361737420e5b7b2e58f912028e58187e5a6822062616c616e6365204f4b2920e286922065786368616e67652d6d616368696e652e7472616e736974696f6e204c33303220e68ba620e2869220e4bd862062726f61646361737420e5b7b2e4b88ae993be2028e88ab120666565202b20e794a8205554584f202b20e58f8c207061746820e4b88de4b880e887b420427567204620e79c9fe59ba0290a2d20415049206561726c792072656a65637420e58fafe79c812062726f61646361737420636f73740a0a2323232070726f706f7365204a322042756720472066697820287e35204c4f43290a0a6170692f65786368616e67652e6a73204c33393420e58aa02073656c662d6465616c207072652d636865636b3a0a6060606a730a636f6e73742072656c6179203d2073716c6974652e70726570617265282753454c45435420616464726573732046524f4d2072656c61795f6e6f646573205748455245206964203d203f27292e6765742872656c61794e6f64654964293b0a636f6e73742074616b657241646472203d2072656c61793f2e61646472657373207c7c2072656c61794e6f646549643b0a2b206966202874616b657241646472203d3d3d206f666665722e6d616b657229207b0a2b20202072657475726e207265706c792e636f646528343030292e73656e64287b206572726f723a202743616e6e6f7420616363657074206f776e206f66666572202873656c662d6465616c29272c206d616b65723a206f666665722e6d616b65722c2074616b65723a2074616b657241646472207d293b0a2b207d0a6060600a0a72656772657373696f6e207465737420e58aa020312063617365202862726f61646361737420e4b88de58f91202b20444220737461746520e4b88de58f98292e0a0a232320506861736520326120e680bbe7bb930a0a7c2063617365207c206375726c2070617468207c20736572766572207265706c79207c2076657264696374207c0a7c2d2d2d7c2d2d2d7c2d2d2d7c2d2d2d7c0a7c2032612e312073656c662d6465616c202762736327205549206c6162656c207c20504f535420616363657074207c2022e4bd99e9a29de4b88de8b6b33a2030203c20302e313122207c20e29c9320427567204320666978206566666563742028e4bd862042756720472041504920e7bcba2073656c662d6465616c207072652d636865636b20e6bc8fe68ba629207c0a7c2032612e3220696e76616c69642027736f6c27207c20504f535420616363657074207c2022436861696e20736f6c206e6f7420616363657074656422207c20e29c9320636861696e206d6174636820737472696374207c0a7c2032612e3220696e76616c6964202765746827207c20504f535420616363657074207c2022436861696e20657468206e6f7420616363657074656422207c20e29c93207c0a7c2032612e332063616e6f6e6963616c2027626e6227207c20504f535420616363657074207c2022e4bd99e9a29de4b88de8b6b33a2030203c20302e313122207c20e29c9320616c69617320e58f8ce5909120776f726b207c0a0a232320763320706c616e20726566696e656d656e740a0a7c207068617365207c20737461747573207c0a7c2d2d2d7c2d2d2d7c0a7c2050686173652031204a32207075626c697368207c20e29c93204a32202333343720646f6e65207c0a7c205068617365203261204e5754206375726c20415049207c20e29c9320646f6e652028e69cac2062726f61646361737429207c0a7c2050686173652032622062726f6b65722d7633206d65646961746f72207265616c2070617468207c20e28fb320e5be85204275672046202b204275672d442d726573696475616c202b20427567204720e585a820666978202b2072657374617274207c0a7c2050686173652033204f776e6572204b6173696120e79c9f205553445420302e3035207c20e28fb320e7ad892032622050415353207c0a7c20506861736520342062726f6b65722d7633206d656e7520636861696e20273527202f2027362720696e70757420766572696679207c20e28fb320e5be85204275672d442d726573696475616c206669782028e78eb0207265706c7920e4bb8d20312d342068696e7429207c0a7c205068617365205b2e2e2e5d