Pr/923

.github/workflows/ai-security-audit.yml

@@ -0,0 +1,186 @@
+name: AI Security Audit
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  ai-security-audit:
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Check ANTHROPIC_API_KEY
+        env:
+          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
+        run: |
+          if [ -z "$ANTHROPIC_API_KEY" ]; then
+            echo "::error::ANTHROPIC_API_KEY is not configured. Please add it to your repository secrets (Settings > Secrets and variables > Actions > New repository secret). The AI security audit cannot run without this key."
+            exit 1
+          fi
+
+      - name: Get PR diff
+        id: diff
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          gh pr diff ${{ github.event.pull_request.number }} > pr_diff.txt
+          echo "diff_size=$(wc -c < pr_diff.txt | tr -d ' ')" >> "$GITHUB_OUTPUT"
+
+      - name: Check diff size
+        id: check
+        run: |
+          if [ "${{ steps.diff.outputs.diff_size }}" -eq 0 ]; then
+            echo "skip=true" >> "$GITHUB_OUTPUT"
+            echo "No diff found, skipping audit."
+          elif [ "${{ steps.diff.outputs.diff_size }}" -gt 200000 ]; then
+            echo "skip=true" >> "$GITHUB_OUTPUT"
+            echo "Diff too large (>200KB), skipping AI audit."
+          else
+            echo "skip=false" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Install Claude Code
+        if: steps.check.outputs.skip != 'true'
+        run: npm install -g @anthropic-ai/claude-code
+
+      - name: Run AI security audit
+        if: steps.check.outputs.skip != 'true'
+        id: audit
+        env:
+          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
+        run: |
+          PROMPT=$(cat <<'AUDIT_PROMPT'
+          You are a senior security engineer performing a security audit on a pull request diff.
+          Analyze the following code diff and provide a structured security audit report.
+
+          Focus on these areas:
+          1. **Critical Vulnerabilities**: SQL injection, command injection, XSS, SSRF, deserialization flaws, path traversal
+          2. **Authentication & Authorization**: Broken auth, missing access controls, credential exposure
+          3. **Cryptography Issues**: Weak algorithms, hardcoded keys/secrets, improper random number generation
+          4. **Data Exposure**: Sensitive data leaks, PII exposure, excessive logging of secrets
+          5. **Dependency Risks**: Known vulnerable patterns, unsafe deserialization
+          6. **Blockchain-Specific**: Private key handling, transaction signing flaws, smart contract interaction risks, address validation
+          7. **Input Validation**: Missing or insufficient validation, type confusion, buffer issues
+          8. **Configuration & Infrastructure**: Insecure defaults, debug mode in production, permissive CORS
+
+          Output format (use GitHub-flavored Markdown):
+
+          ## AI Security Audit Report
+
+          ### Summary
+          [One-paragraph overall assessment with risk level: CRITICAL / HIGH / MEDIUM / LOW / CLEAN]
+
+          ### Findings
+
+          For each finding:
+          #### [SEVERITY] Finding Title
+          - **File**: `filename:line_number`
+          - **Category**: [category from above]
+          - **Description**: What the issue is
+          - **Impact**: What could go wrong
+          - **Recommendation**: How to fix it
+
+          If no security issues are found, state that the code appears clean and list what was checked.
+
+          ### Statistics
+          - Files analyzed: X
+          - Issues found: X (critical: X, high: X, medium: X, low: X)
+
+          ---
+          *This report was generated by AI security audit. Please verify findings manually.*
+
+          Here is the diff to audit:
+          AUDIT_PROMPT
+          )
+
+          DIFF_CONTENT=$(cat pr_diff.txt)
+          FULL_PROMPT="${PROMPT}
+          \`\`\`diff
+          ${DIFF_CONTENT}
+          \`\`\`"
+
+          # Run claude and capture output
+          AUDIT_RESULT=$(echo "$FULL_PROMPT" | claude -p --output-format text 2>&1) || true
+
+          # Save result to file (avoid shell escaping issues)
+          echo "$AUDIT_RESULT" > audit_result.md
+
+      - name: Post audit comment
+        if: steps.check.outputs.skip != 'true'
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          # Build comment body
+          {
+            echo "<!-- ai-security-audit -->"
+            echo ""
+            cat audit_result.md
+          } > comment_body.md
+
+          PR_NUMBER=${{ github.event.pull_request.number }}
+
+          # Delete previous audit comment if exists
+          EXISTING_COMMENT_ID=$(gh api \
+            "repos/${{ github.repository }}/issues/${PR_NUMBER}/comments" \
+            --jq '.[] | select(.body | contains("<!-- ai-security-audit -->")) | .id' \
+            | head -1)
+
+          if [ -n "$EXISTING_COMMENT_ID" ]; then
+            gh api \
+              --method DELETE \
+              "repos/${{ github.repository }}/issues/comments/${EXISTING_COMMENT_ID}" \
+              || true
+          fi
+
+          # Post new comment
+          gh pr comment "$PR_NUMBER" --body-file comment_body.md
+
+      - name: Fail if critical issues found
+        if: steps.check.outputs.skip != 'true'
+        run: |
+          if grep -qi '\[CRITICAL\]' audit_result.md; then
+            CRITICAL_COUNT=$(grep -ci '\[CRITICAL\]' audit_result.md)
+            echo "::error::AI security audit found ${CRITICAL_COUNT} CRITICAL issue(s). Please fix them before merging."
+            exit 1
+          fi
+
+      - name: Post skip comment
+        if: steps.check.outputs.skip == 'true'
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          PR_NUMBER=${{ github.event.pull_request.number }}
+          REASON="No diff found"
+          if [ "${{ steps.diff.outputs.diff_size }}" -gt 200000 ]; then
+            REASON="Diff too large (>200KB) for AI audit"
+          fi
+
+          BODY="<!-- ai-security-audit -->
+          ## AI Security Audit Report
+          **Skipped**: ${REASON}.
+          Please perform a manual security review."
+
+          # Delete previous audit comment if exists
+          EXISTING_COMMENT_ID=$(gh api \
+            "repos/${{ github.repository }}/issues/${PR_NUMBER}/comments" \
+            --jq '.[] | select(.body | contains("<!-- ai-security-audit -->")) | .id' \
+            | head -1)
+
+          if [ -n "$EXISTING_COMMENT_ID" ]; then
+            gh api \
+              --method DELETE \
+              "repos/${{ github.repository }}/issues/comments/${EXISTING_COMMENT_ID}" \
+              || true
+          fi
+
+          gh pr comment "$PR_NUMBER" --body "$BODY"

.gitignore

@@ -11,6 +11,12 @@ src/genjs
 src/gen
 tools
 src/main/resources/static/js/tronjs/tron-protoc.js
+logs/
+FileTest/
+bin/
+*.class
+build/
+
 logs
 docs
 !docs/

README.md

@@ -1,17 +1,22 @@
 # Wallet-cli
 
-Welcome to use the Wallet-cli.  
+[![Build Status](https://travis-ci.org/tronprotocol/wallet-cli.svg?branch=master)](https://travis-ci.org/tronprotocol/wallet-cli)
 
-Wallet-cli now supports [GasFree](https://gasfree.io) addresses, enable users to transfer tokens without paying gas fees. For more details, please check the [GasFree](#Gas-Free-Support) section below.
+Welcome to the TRON Wallet-cli. This tool allows you to interact with the TRON network via the command line.
 
-The underlying implementation of all Wallet-cli gRPC APIs has all migrated to the [Trident SDK](https://github.com/tronprotocol/trident). This strategic move consolidates the underlying implementation of the Wallet-cli's remote procedure calls, standardizing them under the robust and optimized Trident framework. 
+[Gitter Chat](https://gitter.im/tronprotocol/wallet-cli) | [Telegram Support](https://t.me/TronOfficialDevelopersGroupEn)
 
-If you need any help, please join the [Telegram](https://t.me/TronOfficialDevelopersGroupEn).
+---
 
-## Get started
+## Strategic Update
+The underlying implementation of all Wallet-cli gRPC APIs has migrated to the [Trident SDK](https://github.com/tronprotocol/trident). This move standardizes the remote procedure calls under the robust Trident framework.
 
-### Download Wallet-cli
+## Get Started
 
+### 1. Download Wallet-cli
+```bash
+git clone [https://github.com/tronprotocol/wallet-cli.git](https://github.com/tronprotocol/wallet-cli.git)
+cd wallet-cli
     git clone https://github.com/tronprotocol/wallet-cli.git
 
 ### Edit config.conf in src/main/resources
@@ -2172,9 +2177,7 @@ View transaction history. You can configure the maximum number of records that `
 Example:
 ```console
 wallet> ViewTransactionHistory
-====================================
         TRANSACTION VIEWER
-====================================
 
 MAIN MENU:
 1. View all transactions
@@ -2667,9 +2670,7 @@ Example:
 ```console
 wallet> EncodingConverter
 
-==============================
   Encoding Converter (CLI)
-==============================
 1) TRON - EVM Address
 2) Base64 Encode / Decode
 3) Base58Check Encode / Decode
@@ -2722,4 +2723,4 @@ wallet> getPaginatedNowWitnessList 0 2
 		}
 	]
 }
-```
+```

build.gradle

@@ -15,9 +15,8 @@ buildscript {
 }
 
 plugins {
-    id 'com.github.johnrengelman.shadow' version '7.1.2'
+    id 'com.gradleup.shadow' version '8.3.0'
 }
-
 group 'Tron'
 version '1.0-SNAPSHOT'
 

gradle/wrapper/gradle-wrapper.properties

@@ -1,5 +1,5 @@
+#Tue Apr 28 14:39:24 PDT 2026
 distributionBase=GRADLE_USER_HOME
-distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-7.6-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.9-bin.zip
 zipStoreBase=GRADLE_USER_HOME
-zipStorePath=wrapper/dists
+zipStorePath=wrapper/dists