v2.0.0 — Full rewrite for npm publishing under @aigen-protocol scope

.gitignore

@@ -0,0 +1,6 @@
+node_modules/
+dist/
+*.log
+.DS_Store
+.env
+.npmrc

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Aigen-Protocol
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -1,41 +1,93 @@
-# @elizaos/plugin-safeagent
+# safeagent-elizaos-plugin
 
-Token safety oracle for ElizaOS agents. Prevents buying honeypots, rug pulls, and scam tokens.
+ElizaOS plugin: token safety oracle for AI agents trading crypto.
+
+- Honeypot detection via real DEX swap simulation
+- 27 scam pattern checks across 6 EVM chains (Base, Ethereum, Arbitrum, Optimism, Polygon, BSC)
+- Push-based wallet monitoring with HMAC-SHA256 signed webhook alerts
+- On-chain `SafeRouter` (Base) for atomic swap protection — unsafe swaps revert with structured custom error
 
 ## Install
 
 ```bash
-npm install Aigen-Protocol/erc-token-safety-score
+npm install safeagent-elizaos-plugin
 ```
 
 ## Usage
 
 ```typescript
-import safeAgentPlugin from "@elizaos/plugin-safeagent";
+import safeAgentPlugin from "safeagent-elizaos-plugin";
+import { AgentRuntime } from "@elizaos/core";
 
 const agent = new AgentRuntime({
   plugins: [safeAgentPlugin],
-  // ...
+  // ...rest of your runtime config
 });
 ```
 
 ## Actions
 
-### CHECK_TOKEN_SAFETY
-Triggered when a user asks about token safety:
-- "Is 0x... safe on base?"
-- "Check this token for honeypots"
-- "Scan 0x... on ethereum"
+| Action | What it does |
+|---|---|
+| `SHIELD` | Pre-trade safety check (HTTP). Returns `GO`/`CAUTION`/`BLOCKED` with score, honeypot test result, scam-pattern flags. |
+| `WATCH_WALLET` | Register a wallet for continuous monitoring. AIGEN POSTs HMAC-signed webhooks when a held token's score drops 20+ pts or a new risky holding is detected. |
+| `SAFE_CHECK` | View-only on-chain verdict from `SafeRouter` (Base). No gas. Use BEFORE building a swap. |
+| `SAFE_SWAP_CALLDATA` | Build calldata for `SafeRouter.safeSwap`. Returns `{ to, data, gas_estimate }`. The agent retains custody — it signs and broadcasts itself. |
+
+## Triggers
+
+The plugin auto-detects:
+- `0x` token addresses in the user's message
+- Chain hints (base, ethereum, arbitrum, optimism, polygon, bsc) — defaults to `base`
+- Callback URLs for `WATCH_WALLET`
+
+Examples that route to `SHIELD`:
+- "Buy 0x4ed4E862860beD51a9570b96d89aF5E1B0Efefed on base"
+- "Is 0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913 safe?"
+- "Check token 0x... for honeypots"
+
+## Webhook signature verification
+
+Each `WATCH_WALLET` alert is signed:
+
+```typescript
+import crypto from "node:crypto";
+
+function verify(payload: any, secret: Buffer): boolean {
+  const { signature, ...rest } = payload;
+  const canonical = JSON.stringify(rest, Object.keys(rest).sort());
+  const expected = crypto.createHmac("sha256", secret).update(canonical).digest("hex");
+  return crypto.timingSafeEqual(Buffer.from(signature, "hex"), Buffer.from(expected, "hex"));
+}
+```
+
+Public-key fingerprint to pin: `GET https://cryptogenesis.duckdns.org/watch/public-key`
+
+## On-chain contracts (Base)
+
+| Component | Address |
+|---|---|
+| SafeRouter V2 | `0xF6EFc5D5902d1a0ce58D9ab1715Cf30f077D8f6e` |
+| SafeRouter V1 | `0xb200357a35C7e96A81190C53631BC5Beca84A8FA` |
+| Safety oracle (ERC-7913) | `0x37b9e9B8789181f1AaaD1cD51A5f00A887fa9b8e` |
+| Aerodrome router (wrapped) | `0xcf77a3ba9a5ca399b7c97c74d54e5b1beb874e43` |
+
+When `SAFE_SWAP_CALLDATA` is executed and the output token scores < 40 on the oracle, the swap reverts atomically with `TokenUnsafe(token, score, flags, minRequired)` — a structured custom error the agent can decode without string parsing.
+
+First swap proof: [basescan.org/tx/0x83a0384a...](https://basescan.org/tx/0x83a0384af90362b4ac7aaccc46436646c42832833d6be59d5c39c852d8c09cab)
+
+Block path proof: [basescan.org/tx/0xc68b1ef6...](https://basescan.org/tx/0xc68b1ef67c45f0164683b336cf2b593c1f0ae05f02cc3336f9cddc6f5f2bc8f8)
+
+## Cost
+
+Free during beta. No auth required. Stats endpoint: https://cryptogenesis.duckdns.org/stats
+
+## License
 
-### PRE_TRADE_SAFETY_CHECK
-Automatically blocks trades on dangerous tokens (score < 40) and warns on risky ones (score < 70).
+MIT — see [LICENSE](./LICENSE).
 
-## Detection
-- Honeypot simulation (real DEX swap test)
-- 17 scam pattern checks
-- LP lock verification
-- Owner analysis
-- 6 chains: Base, Ethereum, Arbitrum, Optimism, Polygon, BSC
+## Source
 
-## Standard
-Implements [ERC Token Safety Score](https://github.com/Aigen-Protocol/erc-token-safety-score).
+- Plugin: https://github.com/Aigen-Protocol/plugin-safeagent
+- AIGEN Protocol: https://github.com/Aigen-Protocol/aigen-protocol
+- Safety oracle (Solidity): https://github.com/Aigen-Protocol/safeguard