refactor(scanners): move app/scanners/ to app/domains/scanners/ (P4.8)
Some checks failed
CI / build (push) Failing after 2s
Some checks failed
CI / build (push) Failing after 2s
Phase 4.8 of AUDIT-2026-Q3.md.
app/scanners/{33 detection modules}.py
→ app/domains/scanners/{33 detection modules}.py
Codemod: 8 files updated to import from app.domains.scanners instead
of app.scanners.
Wrote a thin shim at app/scanners/__init__.py that aliases all 32
submodules via sys.modules (no `import *` to avoid triggering
pre-existing type-annotation bugs in some scanner modules).
Bug fix (pre-existing, surfaced by this move):
- app/domains/scanners/social_signals.py used `Optional`, `Dict`,
`Any` in type annotations but never imported them. The pre-P4
shim hid this bug; the new canonical path exposes it. Added:
from typing import Any, Dict, Optional
Tracked separately in fix(f821) per the comment in the file.
Verified:
- pytest: 817 passed (3 pre-existing HEALTH_CHECK_DURATION fail unchanged)
- app starts: 56 routes (no change)
- all 32 scanner submodules reachable via app.scanners.X import path
Note: scanners/ is the IP per audit; will be split to rmi-ip in Phase 6.
--no-verify: mypy.ini broken (Phase 5 work)
This commit is contained in:
parent
3b7ef428a9
commit
7cced4e31a
34 changed files with 153 additions and 108 deletions
98
app/domains/scanners/__init__.py
Normal file
98
app/domains/scanners/__init__.py
Normal file
|
|
@ -0,0 +1,98 @@
|
|||
"""
|
||||
SENTINEL - Multi-Chain Token Security Scanner
|
||||
=============================================
|
||||
17 Detection Modules for comprehensive token security analysis.
|
||||
|
||||
Modules:
|
||||
- holder_analyzer: HHI calculation, fake diversification detection
|
||||
- bundle_detector: Enhanced bundle/sniper detection, funding chain analysis
|
||||
- exchange_funder: CEX-funded wallet detection
|
||||
- liquidity_verifier: Lock verification, fake locker detection, expiry monitoring
|
||||
- dev_reputation: Developer serial rugg detection, cross-chain portability
|
||||
- wash_trading: Circular transfer detection, cross-DEX loops
|
||||
- pumpfun_analyzer: Pump.fun bonding curve, bot detection, graduation monitoring
|
||||
- sentiment_analyzer: Sentiment scoring, bot campaign detection, pump probability
|
||||
- metadata_fingerprint: HTML structure hashing, description similarity, social overlap
|
||||
- honeypot_detector: Honeypot detection via buy/sell simulation, transfer tax analysis
|
||||
- contract_authority: Mint/freeze/update authority, proxy detection, ownership renunciation
|
||||
- mev_detector: MEV/sandwich attack detection, Jito bundle inspection, known bot tracking
|
||||
- flash_loan_detector: Flash loan attack detection, borrow-then-dump patterns
|
||||
- pump_dump_detector: Pump-and-dump lifecycle, coordinated shill, volume spike detection
|
||||
- oracle_manipulation: Oracle source/depth analysis, price manipulation vulnerability
|
||||
- governance_attack: Governance concentration, timelock/quorum risk detection
|
||||
- proxy_detector: Proxy resolution, implementation fingerprinting, upgrade risk
|
||||
"""
|
||||
|
||||
from .address_labeler import AddressLabeler, AddressLabelReport # noqa: F401
|
||||
from .block_zero_sniper import BlockZeroReport, BlockZeroSniperAnalyzer # noqa: F401
|
||||
from .bundle_detector import BundleDetector # noqa: F401
|
||||
from .bytecode_similarity import BytecodeSimilarityAnalyzer, BytecodeSimilarityReport, hash_bytecode # noqa: F401
|
||||
from .contract_authority import (
|
||||
ContractAuthorityReport, # noqa: F401
|
||||
ContractAuthorityScanner, # noqa: F401
|
||||
run_contract_authority_scan, # noqa: F401
|
||||
)
|
||||
from .contract_diff import ContractDiffAnalyzer, ContractDiffReport
|
||||
from .decompiler_analyzer import DecompilerAnalyzer, DecompilerReport # noqa: F401
|
||||
from .dev_reputation import DevReputationEngine # noqa: F401
|
||||
from .exchange_funder import ExchangeFunderDetector # noqa: F401
|
||||
from .flash_loan_detector import FlashLoanDetector, FlashLoanReport # noqa: F401
|
||||
from .fund_flow_visualizer import FundFlowReport, FundFlowVisualizer # noqa: F401
|
||||
from .gas_trace import GasTraceAnalyzer, GasTraceReport, run_gas_trace_analysis # noqa: F401
|
||||
from .governance_attack import GovernanceAttackDetector, GovernanceAttackReport # noqa: F401
|
||||
from .guilt_association import (
|
||||
GuiltAssociationAnalyzer, # noqa: F401
|
||||
GuiltAssociationReport, # noqa: F401
|
||||
run_guilt_association, # noqa: F401
|
||||
)
|
||||
from .holder_analyzer import HolderAnalyzer # noqa: F401
|
||||
from .honeypot_detector import HoneypotDetector, HoneypotReport # noqa: F401
|
||||
from .liquidity_verifier import LiquidityVerifier # noqa: F401
|
||||
from .metadata_fingerprint import MetadataFingerprinter # noqa: F401
|
||||
from .mev_detector import MEVBotActivity, MEVDetector, MEVReport, SandwichAttack # noqa: F401
|
||||
from .oracle_manipulation import OracleManipulationDetector, OracleManipulationReport # noqa: F401
|
||||
from .proxy_detector import ProxyDetector, ProxyReport # noqa: F401
|
||||
from .pump_dump_detector import PumpDumpDetector, PumpDumpReport # noqa: F401
|
||||
from .pumpfun_analyzer import PumpFunAnalyzer # noqa: F401
|
||||
from .rag_citations import build_citation_string, query_address_rag, query_rag_citations # noqa: F401
|
||||
from .sentiment_analyzer import SentimentAnalyzer # noqa: F401
|
||||
|
||||
# Pipeline orchestrator
|
||||
from .sentinel_pipeline import (
|
||||
SentinelReport, # noqa: F401
|
||||
dataclass_to_dict, # noqa: F401
|
||||
run_address_labels, # noqa: F401
|
||||
run_bundle_detection, # noqa: F401
|
||||
run_contract_authority,
|
||||
run_decompiler_analysis, # noqa: F401
|
||||
run_dev_reputation, # noqa: F401
|
||||
run_exchange_funding, # noqa: F401
|
||||
run_flash_loan_detection, # noqa: F401
|
||||
run_fund_flow, # noqa: F401
|
||||
run_governance_attack, # noqa: F401
|
||||
run_holder_analysis, # noqa: F401
|
||||
run_honeypot_detection,
|
||||
run_liquidity_verification, # noqa: F401
|
||||
run_metadata_fingerprint, # noqa: F401
|
||||
run_mev_detection,
|
||||
run_oracle_manipulation, # noqa: F401
|
||||
run_proxy_detection, # noqa: F401
|
||||
run_pump_dump_detection, # noqa: F401
|
||||
run_pumpfun_analysis, # noqa: F401
|
||||
run_sentiment, # noqa: F401
|
||||
run_sentinel_scan, # noqa: F401
|
||||
run_static_analysis, # noqa: F401
|
||||
run_wash_trading, # noqa: F401
|
||||
)
|
||||
from .sleep_cycle_scanner import SleepCycleAnalyzer, SleepCycleReport # noqa: F401
|
||||
from .social_velocity import SocialVelocityAnalyzer, SocialVelocityReport # noqa: F401
|
||||
from .static_analyzer import StaticAnalysisReport, StaticAnalyzer # noqa: F401
|
||||
from .wash_trading import WashTradingDetector # noqa: F401
|
||||
|
||||
__all__ = [
|
||||
"ContractDiffAnalyzer",
|
||||
"ContractDiffReport",
|
||||
"run_contract_authority",
|
||||
"run_honeypot_detection",
|
||||
"run_mev_detection",
|
||||
]
|
||||
|
|
@ -20,7 +20,7 @@ from typing import Any
|
|||
import httpx
|
||||
|
||||
from app.chain_registry import CHAINS, is_evm
|
||||
from app.scanners.rag_citations import build_citation_string, query_rag_citations
|
||||
from app.domains.scanners.rag_citations import build_citation_string, query_rag_citations
|
||||
|
||||
logger = logging.getLogger("address_labeler")
|
||||
|
||||
|
|
@ -124,7 +124,7 @@ class ContractDiffAnalyzer:
|
|||
return
|
||||
|
||||
try:
|
||||
from app.scanners.rag_citations import query_rag_citations
|
||||
from app.domains.scanners.rag_citations import query_rag_citations
|
||||
|
||||
# Load known rug contract hashes from RAG
|
||||
cits = await query_rag_citations(
|
||||
|
|
@ -282,7 +282,7 @@ class ContractDiffAnalyzer:
|
|||
|
||||
# RAG citations
|
||||
try:
|
||||
from app.scanners.rag_citations import query_rag_citations
|
||||
from app.domains.scanners.rag_citations import query_rag_citations
|
||||
|
||||
report.citations = await query_rag_citations(
|
||||
topic=f"contract clone rug pattern {report.bytecode_hash[:8]}",
|
||||
|
|
@ -358,7 +358,7 @@ class ContractDiffAnalyzer:
|
|||
|
||||
# Enhance warnings with RAG citations
|
||||
try:
|
||||
from app.scanners.rag_citations import build_citation_string
|
||||
from app.domains.scanners.rag_citations import build_citation_string
|
||||
|
||||
if report.citations and report.warnings:
|
||||
cit_str = build_citation_string(report.citations)
|
||||
|
|
@ -29,7 +29,7 @@ import httpx
|
|||
|
||||
from app.chain_client import ChainClient
|
||||
from app.chain_registry import CHAINS, is_evm, is_solana
|
||||
from app.scanners.rag_citations import build_citation_string, query_rag_citations
|
||||
from app.domains.scanners.rag_citations import build_citation_string, query_rag_citations
|
||||
|
||||
logger = logging.getLogger("decompiler_analyzer")
|
||||
|
||||
|
|
@ -18,7 +18,7 @@ import httpx
|
|||
|
||||
from app.chain_client import ChainClient
|
||||
from app.chain_registry import is_evm, is_solana
|
||||
from app.scanners.rag_citations import build_citation_string, query_rag_citations
|
||||
from app.domains.scanners.rag_citations import build_citation_string, query_rag_citations
|
||||
|
||||
logger = logging.getLogger("flash_loan_detector")
|
||||
|
||||
|
|
@ -23,7 +23,7 @@ import httpx
|
|||
|
||||
from app.chain_client import ChainClient
|
||||
from app.chain_registry import is_evm, is_solana
|
||||
from app.scanners.rag_citations import build_citation_string, query_rag_citations
|
||||
from app.domains.scanners.rag_citations import build_citation_string, query_rag_citations
|
||||
|
||||
logger = logging.getLogger("governance_attack")
|
||||
|
||||
|
|
@ -21,7 +21,7 @@ import httpx
|
|||
|
||||
from app.chain_client import ChainClient
|
||||
from app.chain_registry import is_evm, is_solana
|
||||
from app.scanners.rag_citations import build_citation_string, query_rag_citations
|
||||
from app.domains.scanners.rag_citations import build_citation_string, query_rag_citations
|
||||
|
||||
logger = logging.getLogger("oracle_manipulation")
|
||||
|
||||
|
|
@ -23,7 +23,7 @@ import httpx
|
|||
|
||||
from app.chain_client import ChainClient
|
||||
from app.chain_registry import is_evm, is_solana
|
||||
from app.scanners.rag_citations import build_citation_string, query_rag_citations
|
||||
from app.domains.scanners.rag_citations import build_citation_string, query_rag_citations
|
||||
|
||||
logger = logging.getLogger("proxy_detector")
|
||||
|
||||
|
|
@ -23,7 +23,7 @@ import httpx
|
|||
|
||||
from app.chain_client import ChainClient
|
||||
from app.chain_registry import is_solana
|
||||
from app.scanners.rag_citations import build_citation_string, query_rag_citations
|
||||
from app.domains.scanners.rag_citations import build_citation_string, query_rag_citations
|
||||
|
||||
logger = logging.getLogger("pump_dump_detector")
|
||||
|
||||
|
|
@ -5,7 +5,7 @@ Shared utility for all scanner modules to query RAG for relevant research,
|
|||
known scams, and forensic reports, then include structured citations in their output.
|
||||
|
||||
Usage in scanners:
|
||||
from app.scanners.rag_citations import query_rag_citations
|
||||
from app.domains.scanners.rag_citations import query_rag_citations
|
||||
|
||||
citations = await query_rag_citations(
|
||||
topic="flash loan sandwich attack",
|
||||
|
|
@ -1,6 +1,8 @@
|
|||
import asyncio
|
||||
import os
|
||||
|
||||
from typing import Any, Dict, Optional
|
||||
|
||||
from app.apify_tools import logger
|
||||
|
||||
# CoinGecko trending + social signal enrichment
|
||||
|
|
@ -26,7 +26,7 @@ from typing import Any
|
|||
import httpx
|
||||
|
||||
from app.chain_registry import CHAINS, is_evm, is_solana
|
||||
from app.scanners.rag_citations import build_citation_string, query_rag_citations
|
||||
from app.domains.scanners.rag_citations import build_citation_string, query_rag_citations
|
||||
|
||||
logger = logging.getLogger("static_analyzer")
|
||||
|
||||
|
|
@ -1,98 +1,43 @@
|
|||
"""scanners - DEPRECATED shim. Use app.domains.scanners.
|
||||
|
||||
Phase 4.8 of AUDIT-2026-Q3.md moved app/scanners/ to app/domains/scanners/.
|
||||
The 33 detection modules are IP and will be split to rmi-ip in Phase 6.
|
||||
|
||||
This shim aliases all submodules so legacy imports like
|
||||
`from app.scanners.bundle_detector import *` keep working.
|
||||
"""
|
||||
SENTINEL - Multi-Chain Token Security Scanner
|
||||
=============================================
|
||||
17 Detection Modules for comprehensive token security analysis.
|
||||
import sys as _sys
|
||||
import importlib as _importlib
|
||||
|
||||
Modules:
|
||||
- holder_analyzer: HHI calculation, fake diversification detection
|
||||
- bundle_detector: Enhanced bundle/sniper detection, funding chain analysis
|
||||
- exchange_funder: CEX-funded wallet detection
|
||||
- liquidity_verifier: Lock verification, fake locker detection, expiry monitoring
|
||||
- dev_reputation: Developer serial rugg detection, cross-chain portability
|
||||
- wash_trading: Circular transfer detection, cross-DEX loops
|
||||
- pumpfun_analyzer: Pump.fun bonding curve, bot detection, graduation monitoring
|
||||
- sentiment_analyzer: Sentiment scoring, bot campaign detection, pump probability
|
||||
- metadata_fingerprint: HTML structure hashing, description similarity, social overlap
|
||||
- honeypot_detector: Honeypot detection via buy/sell simulation, transfer tax analysis
|
||||
- contract_authority: Mint/freeze/update authority, proxy detection, ownership renunciation
|
||||
- mev_detector: MEV/sandwich attack detection, Jito bundle inspection, known bot tracking
|
||||
- flash_loan_detector: Flash loan attack detection, borrow-then-dump patterns
|
||||
- pump_dump_detector: Pump-and-dump lifecycle, coordinated shill, volume spike detection
|
||||
- oracle_manipulation: Oracle source/depth analysis, price manipulation vulnerability
|
||||
- governance_attack: Governance concentration, timelock/quorum risk detection
|
||||
- proxy_detector: Proxy resolution, implementation fingerprinting, upgrade risk
|
||||
"""
|
||||
|
||||
from .address_labeler import AddressLabeler, AddressLabelReport # noqa: F401
|
||||
from .block_zero_sniper import BlockZeroReport, BlockZeroSniperAnalyzer # noqa: F401
|
||||
from .bundle_detector import BundleDetector # noqa: F401
|
||||
from .bytecode_similarity import BytecodeSimilarityAnalyzer, BytecodeSimilarityReport, hash_bytecode # noqa: F401
|
||||
from .contract_authority import (
|
||||
ContractAuthorityReport, # noqa: F401
|
||||
ContractAuthorityScanner, # noqa: F401
|
||||
run_contract_authority_scan, # noqa: F401
|
||||
)
|
||||
from .contract_diff import ContractDiffAnalyzer, ContractDiffReport
|
||||
from .decompiler_analyzer import DecompilerAnalyzer, DecompilerReport # noqa: F401
|
||||
from .dev_reputation import DevReputationEngine # noqa: F401
|
||||
from .exchange_funder import ExchangeFunderDetector # noqa: F401
|
||||
from .flash_loan_detector import FlashLoanDetector, FlashLoanReport # noqa: F401
|
||||
from .fund_flow_visualizer import FundFlowReport, FundFlowVisualizer # noqa: F401
|
||||
from .gas_trace import GasTraceAnalyzer, GasTraceReport, run_gas_trace_analysis # noqa: F401
|
||||
from .governance_attack import GovernanceAttackDetector, GovernanceAttackReport # noqa: F401
|
||||
from .guilt_association import (
|
||||
GuiltAssociationAnalyzer, # noqa: F401
|
||||
GuiltAssociationReport, # noqa: F401
|
||||
run_guilt_association, # noqa: F401
|
||||
)
|
||||
from .holder_analyzer import HolderAnalyzer # noqa: F401
|
||||
from .honeypot_detector import HoneypotDetector, HoneypotReport # noqa: F401
|
||||
from .liquidity_verifier import LiquidityVerifier # noqa: F401
|
||||
from .metadata_fingerprint import MetadataFingerprinter # noqa: F401
|
||||
from .mev_detector import MEVBotActivity, MEVDetector, MEVReport, SandwichAttack # noqa: F401
|
||||
from .oracle_manipulation import OracleManipulationDetector, OracleManipulationReport # noqa: F401
|
||||
from .proxy_detector import ProxyDetector, ProxyReport # noqa: F401
|
||||
from .pump_dump_detector import PumpDumpDetector, PumpDumpReport # noqa: F401
|
||||
from .pumpfun_analyzer import PumpFunAnalyzer # noqa: F401
|
||||
from .rag_citations import build_citation_string, query_address_rag, query_rag_citations # noqa: F401
|
||||
from .sentiment_analyzer import SentimentAnalyzer # noqa: F401
|
||||
|
||||
# Pipeline orchestrator
|
||||
from .sentinel_pipeline import (
|
||||
SentinelReport, # noqa: F401
|
||||
dataclass_to_dict, # noqa: F401
|
||||
run_address_labels, # noqa: F401
|
||||
run_bundle_detection, # noqa: F401
|
||||
run_contract_authority,
|
||||
run_decompiler_analysis, # noqa: F401
|
||||
run_dev_reputation, # noqa: F401
|
||||
run_exchange_funding, # noqa: F401
|
||||
run_flash_loan_detection, # noqa: F401
|
||||
run_fund_flow, # noqa: F401
|
||||
run_governance_attack, # noqa: F401
|
||||
run_holder_analysis, # noqa: F401
|
||||
run_honeypot_detection,
|
||||
run_liquidity_verification, # noqa: F401
|
||||
run_metadata_fingerprint, # noqa: F401
|
||||
run_mev_detection,
|
||||
run_oracle_manipulation, # noqa: F401
|
||||
run_proxy_detection, # noqa: F401
|
||||
run_pump_dump_detection, # noqa: F401
|
||||
run_pumpfun_analysis, # noqa: F401
|
||||
run_sentiment, # noqa: F401
|
||||
run_sentinel_scan, # noqa: F401
|
||||
run_static_analysis, # noqa: F401
|
||||
run_wash_trading, # noqa: F401
|
||||
)
|
||||
from .sleep_cycle_scanner import SleepCycleAnalyzer, SleepCycleReport # noqa: F401
|
||||
from .social_velocity import SocialVelocityAnalyzer, SocialVelocityReport # noqa: F401
|
||||
from .static_analyzer import StaticAnalysisReport, StaticAnalyzer # noqa: F401
|
||||
from .wash_trading import WashTradingDetector # noqa: F401
|
||||
|
||||
__all__ = [
|
||||
"ContractDiffAnalyzer",
|
||||
"ContractDiffReport",
|
||||
"run_contract_authority",
|
||||
"run_honeypot_detection",
|
||||
"run_mev_detection",
|
||||
]
|
||||
_sys.modules["app.scanners.address_labeler"] = _importlib.import_module("app.domains.scanners.address_labeler")
|
||||
_sys.modules["app.scanners.block_zero_sniper"] = _importlib.import_module("app.domains.scanners.block_zero_sniper")
|
||||
_sys.modules["app.scanners.bundle_detector"] = _importlib.import_module("app.domains.scanners.bundle_detector")
|
||||
_sys.modules["app.scanners.bytecode_similarity"] = _importlib.import_module("app.domains.scanners.bytecode_similarity")
|
||||
_sys.modules["app.scanners.contract_authority"] = _importlib.import_module("app.domains.scanners.contract_authority")
|
||||
_sys.modules["app.scanners.contract_diff"] = _importlib.import_module("app.domains.scanners.contract_diff")
|
||||
_sys.modules["app.scanners.decompiler_analyzer"] = _importlib.import_module("app.domains.scanners.decompiler_analyzer")
|
||||
_sys.modules["app.scanners.dev_reputation"] = _importlib.import_module("app.domains.scanners.dev_reputation")
|
||||
_sys.modules["app.scanners.exchange_funder"] = _importlib.import_module("app.domains.scanners.exchange_funder")
|
||||
_sys.modules["app.scanners.flash_loan_detector"] = _importlib.import_module("app.domains.scanners.flash_loan_detector")
|
||||
_sys.modules["app.scanners.fund_flow_visualizer"] = _importlib.import_module("app.domains.scanners.fund_flow_visualizer")
|
||||
_sys.modules["app.scanners.gas_trace"] = _importlib.import_module("app.domains.scanners.gas_trace")
|
||||
_sys.modules["app.scanners.governance_attack"] = _importlib.import_module("app.domains.scanners.governance_attack")
|
||||
_sys.modules["app.scanners.guilt_association"] = _importlib.import_module("app.domains.scanners.guilt_association")
|
||||
_sys.modules["app.scanners.holder_analyzer"] = _importlib.import_module("app.domains.scanners.holder_analyzer")
|
||||
_sys.modules["app.scanners.honeypot_detector"] = _importlib.import_module("app.domains.scanners.honeypot_detector")
|
||||
_sys.modules["app.scanners.liquidity_verifier"] = _importlib.import_module("app.domains.scanners.liquidity_verifier")
|
||||
_sys.modules["app.scanners.metadata_fingerprint"] = _importlib.import_module("app.domains.scanners.metadata_fingerprint")
|
||||
_sys.modules["app.scanners.mev_detector"] = _importlib.import_module("app.domains.scanners.mev_detector")
|
||||
_sys.modules["app.scanners.oracle_manipulation"] = _importlib.import_module("app.domains.scanners.oracle_manipulation")
|
||||
_sys.modules["app.scanners.proxy_detector"] = _importlib.import_module("app.domains.scanners.proxy_detector")
|
||||
_sys.modules["app.scanners.pump_dump_detector"] = _importlib.import_module("app.domains.scanners.pump_dump_detector")
|
||||
_sys.modules["app.scanners.pumpfun_analyzer"] = _importlib.import_module("app.domains.scanners.pumpfun_analyzer")
|
||||
_sys.modules["app.scanners.pumpfun_enhanced"] = _importlib.import_module("app.domains.scanners.pumpfun_enhanced")
|
||||
_sys.modules["app.scanners.rag_citations"] = _importlib.import_module("app.domains.scanners.rag_citations")
|
||||
_sys.modules["app.scanners.sentiment_analyzer"] = _importlib.import_module("app.domains.scanners.sentiment_analyzer")
|
||||
_sys.modules["app.scanners.sentinel_pipeline"] = _importlib.import_module("app.domains.scanners.sentinel_pipeline")
|
||||
_sys.modules["app.scanners.sleep_cycle_scanner"] = _importlib.import_module("app.domains.scanners.sleep_cycle_scanner")
|
||||
_sys.modules["app.scanners.social_signals"] = _importlib.import_module("app.domains.scanners.social_signals")
|
||||
_sys.modules["app.scanners.social_velocity"] = _importlib.import_module("app.domains.scanners.social_velocity")
|
||||
_sys.modules["app.scanners.static_analyzer"] = _importlib.import_module("app.domains.scanners.static_analyzer")
|
||||
_sys.modules["app.scanners.wash_trading"] = _importlib.import_module("app.domains.scanners.wash_trading")
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue