feat: implement AITBC mesh network deployment infrastructure

✅ Phase 0: Pre-implementation checklist completed
- Environment configurations (dev/staging/production)
- Directory structure setup (logs, backups, monitoring)
- Virtual environment with dependencies

✅ Master deployment script created
- Single command deployment with validation
- Progress tracking and rollback capability
- Health checks and deployment reporting

✅ Validation script created
- Module import validation
- Basic functionality testing
- Configuration and script verification

✅ Implementation fixes
- Fixed dataclass import in consensus keys
- Fixed async function syntax in tests
- Updated deployment script for virtual environment

🚀 Ready for deployment: ./scripts/deploy-mesh-network.sh dev

apps/blockchain-node/src/aitbc_chain/contracts_backup_20260402_120608/agent_messaging_contract.py

@@ -0,0 +1,519 @@
+"""
+AITBC Agent Messaging Contract Implementation
+
+This module implements on-chain messaging functionality for agents,
+enabling forum-like communication between autonomous agents.
+"""
+
+from typing import Dict, List, Optional, Any
+from dataclasses import dataclass, field
+from datetime import datetime, timedelta
+from enum import Enum
+import json
+import hashlib
+from eth_account import Account
+from eth_utils import to_checksum_address
+
+class MessageType(Enum):
+    """Types of messages agents can send"""
+    POST = "post"
+    REPLY = "reply"
+    ANNOUNCEMENT = "announcement"
+    QUESTION = "question"
+    ANSWER = "answer"
+    MODERATION = "moderation"
+
+class MessageStatus(Enum):
+    """Status of messages in the forum"""
+    ACTIVE = "active"
+    HIDDEN = "hidden"
+    DELETED = "deleted"
+    PINNED = "pinned"
+
+@dataclass
+class Message:
+    """Represents a message in the agent forum"""
+    message_id: str
+    agent_id: str
+    agent_address: str
+    topic: str
+    content: str
+    message_type: MessageType
+    timestamp: datetime
+    parent_message_id: Optional[str] = None
+    reply_count: int = 0
+    upvotes: int = 0
+    downvotes: int = 0
+    status: MessageStatus = MessageStatus.ACTIVE
+    metadata: Dict[str, Any] = field(default_factory=dict)
+
+@dataclass
+class Topic:
+    """Represents a forum topic"""
+    topic_id: str
+    title: str
+    description: str
+    creator_agent_id: str
+    created_at: datetime
+    message_count: int = 0
+    last_activity: datetime = field(default_factory=datetime.now)
+    tags: List[str] = field(default_factory=list)
+    is_pinned: bool = False
+    is_locked: bool = False
+
+@dataclass
+class AgentReputation:
+    """Reputation system for agents"""
+    agent_id: str
+    message_count: int = 0
+    upvotes_received: int = 0
+    downvotes_received: int = 0
+    reputation_score: float = 0.0
+    trust_level: int = 1  # 1-5 trust levels
+    is_moderator: bool = False
+    is_banned: bool = False
+    ban_reason: Optional[str] = None
+    ban_expires: Optional[datetime] = None
+
+class AgentMessagingContract:
+    """Main contract for agent messaging functionality"""
+    
+    def __init__(self):
+        self.messages: Dict[str, Message] = {}
+        self.topics: Dict[str, Topic] = {}
+        self.agent_reputations: Dict[str, AgentReputation] = {}
+        self.moderation_log: List[Dict[str, Any]] = []
+        
+    def create_topic(self, agent_id: str, agent_address: str, title: str, 
+                    description: str, tags: List[str] = None) -> Dict[str, Any]:
+        """Create a new forum topic"""
+        
+        # Check if agent is banned
+        if self._is_agent_banned(agent_id):
+            return {
+                "success": False,
+                "error": "Agent is banned from posting",
+                "error_code": "AGENT_BANNED"
+            }
+        
+        # Generate topic ID
+        topic_id = f"topic_{hashlib.sha256(f'{agent_id}_{title}_{datetime.now()}'.encode()).hexdigest()[:16]}"
+        
+        # Create topic
+        topic = Topic(
+            topic_id=topic_id,
+            title=title,
+            description=description,
+            creator_agent_id=agent_id,
+            created_at=datetime.now(),
+            tags=tags or []
+        )
+        
+        self.topics[topic_id] = topic
+        
+        # Update agent reputation
+        self._update_agent_reputation(agent_id, message_count=1)
+        
+        return {
+            "success": True,
+            "topic_id": topic_id,
+            "topic": self._topic_to_dict(topic)
+        }
+    
+    def post_message(self, agent_id: str, agent_address: str, topic_id: str, 
+                    content: str, message_type: str = "post", 
+                    parent_message_id: str = None) -> Dict[str, Any]:
+        """Post a message to a forum topic"""
+        
+        # Validate inputs
+        if not self._validate_agent(agent_id, agent_address):
+            return {
+                "success": False,
+                "error": "Invalid agent credentials",
+                "error_code": "INVALID_AGENT"
+            }
+        
+        if self._is_agent_banned(agent_id):
+            return {
+                "success": False,
+                "error": "Agent is banned from posting",
+                "error_code": "AGENT_BANNED"
+            }
+        
+        if topic_id not in self.topics:
+            return {
+                "success": False,
+                "error": "Topic not found",
+                "error_code": "TOPIC_NOT_FOUND"
+            }
+        
+        if self.topics[topic_id].is_locked:
+            return {
+                "success": False,
+                "error": "Topic is locked",
+                "error_code": "TOPIC_LOCKED"
+            }
+        
+        # Validate message type
+        try:
+            msg_type = MessageType(message_type)
+        except ValueError:
+            return {
+                "success": False,
+                "error": "Invalid message type",
+                "error_code": "INVALID_MESSAGE_TYPE"
+            }
+        
+        # Generate message ID
+        message_id = f"msg_{hashlib.sha256(f'{agent_id}_{topic_id}_{content}_{datetime.now()}'.encode()).hexdigest()[:16]}"
+        
+        # Create message
+        message = Message(
+            message_id=message_id,
+            agent_id=agent_id,
+            agent_address=agent_address,
+            topic=topic_id,
+            content=content,
+            message_type=msg_type,
+            timestamp=datetime.now(),
+            parent_message_id=parent_message_id
+        )
+        
+        self.messages[message_id] = message
+        
+        # Update topic
+        self.topics[topic_id].message_count += 1
+        self.topics[topic_id].last_activity = datetime.now()
+        
+        # Update parent message if this is a reply
+        if parent_message_id and parent_message_id in self.messages:
+            self.messages[parent_message_id].reply_count += 1
+        
+        # Update agent reputation
+        self._update_agent_reputation(agent_id, message_count=1)
+        
+        return {
+            "success": True,
+            "message_id": message_id,
+            "message": self._message_to_dict(message)
+        }
+    
+    def get_messages(self, topic_id: str, limit: int = 50, offset: int = 0, 
+                    sort_by: str = "timestamp") -> Dict[str, Any]:
+        """Get messages from a topic"""
+        
+        if topic_id not in self.topics:
+            return {
+                "success": False,
+                "error": "Topic not found",
+                "error_code": "TOPIC_NOT_FOUND"
+            }
+        
+        # Get all messages for this topic
+        topic_messages = [
+            msg for msg in self.messages.values() 
+            if msg.topic == topic_id and msg.status == MessageStatus.ACTIVE
+        ]
+        
+        # Sort messages
+        if sort_by == "timestamp":
+            topic_messages.sort(key=lambda x: x.timestamp, reverse=True)
+        elif sort_by == "upvotes":
+            topic_messages.sort(key=lambda x: x.upvotes, reverse=True)
+        elif sort_by == "replies":
+            topic_messages.sort(key=lambda x: x.reply_count, reverse=True)
+        
+        # Apply pagination
+        total_messages = len(topic_messages)
+        paginated_messages = topic_messages[offset:offset + limit]
+        
+        return {
+            "success": True,
+            "messages": [self._message_to_dict(msg) for msg in paginated_messages],
+            "total_messages": total_messages,
+            "topic": self._topic_to_dict(self.topics[topic_id])
+        }
+    
+    def get_topics(self, limit: int = 50, offset: int = 0, 
+                  sort_by: str = "last_activity") -> Dict[str, Any]:
+        """Get list of forum topics"""
+        
+        # Sort topics
+        topic_list = list(self.topics.values())
+        
+        if sort_by == "last_activity":
+            topic_list.sort(key=lambda x: x.last_activity, reverse=True)
+        elif sort_by == "created_at":
+            topic_list.sort(key=lambda x: x.created_at, reverse=True)
+        elif sort_by == "message_count":
+            topic_list.sort(key=lambda x: x.message_count, reverse=True)
+        
+        # Apply pagination
+        total_topics = len(topic_list)
+        paginated_topics = topic_list[offset:offset + limit]
+        
+        return {
+            "success": True,
+            "topics": [self._topic_to_dict(topic) for topic in paginated_topics],
+            "total_topics": total_topics
+        }
+    
+    def vote_message(self, agent_id: str, agent_address: str, message_id: str, 
+                    vote_type: str) -> Dict[str, Any]:
+        """Vote on a message (upvote/downvote)"""
+        
+        # Validate inputs
+        if not self._validate_agent(agent_id, agent_address):
+            return {
+                "success": False,
+                "error": "Invalid agent credentials",
+                "error_code": "INVALID_AGENT"
+            }
+        
+        if message_id not in self.messages:
+            return {
+                "success": False,
+                "error": "Message not found",
+                "error_code": "MESSAGE_NOT_FOUND"
+            }
+        
+        if vote_type not in ["upvote", "downvote"]:
+            return {
+                "success": False,
+                "error": "Invalid vote type",
+                "error_code": "INVALID_VOTE_TYPE"
+            }
+        
+        message = self.messages[message_id]
+        
+        # Update vote counts
+        if vote_type == "upvote":
+            message.upvotes += 1
+        else:
+            message.downvotes += 1
+        
+        # Update message author reputation
+        self._update_agent_reputation(
+            message.agent_id, 
+            upvotes_received=message.upvotes,
+            downvotes_received=message.downvotes
+        )
+        
+        return {
+            "success": True,
+            "message_id": message_id,
+            "upvotes": message.upvotes,
+            "downvotes": message.downvotes
+        }
+    
+    def moderate_message(self, moderator_agent_id: str, moderator_address: str,
+                        message_id: str, action: str, reason: str = "") -> Dict[str, Any]:
+        """Moderate a message (hide, delete, pin)"""
+        
+        # Validate moderator
+        if not self._is_moderator(moderator_agent_id):
+            return {
+                "success": False,
+                "error": "Insufficient permissions",
+                "error_code": "INSUFFICIENT_PERMISSIONS"
+            }
+        
+        if message_id not in self.messages:
+            return {
+                "success": False,
+                "error": "Message not found",
+                "error_code": "MESSAGE_NOT_FOUND"
+            }
+        
+        message = self.messages[message_id]
+        
+        # Apply moderation action
+        if action == "hide":
+            message.status = MessageStatus.HIDDEN
+        elif action == "delete":
+            message.status = MessageStatus.DELETED
+        elif action == "pin":
+            message.status = MessageStatus.PINNED
+        elif action == "unpin":
+            message.status = MessageStatus.ACTIVE
+        else:
+            return {
+                "success": False,
+                "error": "Invalid moderation action",
+                "error_code": "INVALID_ACTION"
+            }
+        
+        # Log moderation action
+        self.moderation_log.append({
+            "timestamp": datetime.now(),
+            "moderator_agent_id": moderator_agent_id,
+            "message_id": message_id,
+            "action": action,
+            "reason": reason
+        })
+        
+        return {
+            "success": True,
+            "message_id": message_id,
+            "status": message.status.value
+        }
+    
+    def get_agent_reputation(self, agent_id: str) -> Dict[str, Any]:
+        """Get an agent's reputation information"""
+        
+        if agent_id not in self.agent_reputations:
+            return {
+                "success": False,
+                "error": "Agent not found",
+                "error_code": "AGENT_NOT_FOUND"
+            }
+        
+        reputation = self.agent_reputations[agent_id]
+        
+        return {
+            "success": True,
+            "agent_id": agent_id,
+            "reputation": self._reputation_to_dict(reputation)
+        }
+    
+    def search_messages(self, query: str, limit: int = 50) -> Dict[str, Any]:
+        """Search messages by content"""
+        
+        # Simple text search (in production, use proper search engine)
+        query_lower = query.lower()
+        matching_messages = []
+        
+        for message in self.messages.values():
+            if (message.status == MessageStatus.ACTIVE and 
+                query_lower in message.content.lower()):
+                matching_messages.append(message)
+        
+        # Sort by timestamp (most recent first)
+        matching_messages.sort(key=lambda x: x.timestamp, reverse=True)
+        
+        # Limit results
+        limited_messages = matching_messages[:limit]
+        
+        return {
+            "success": True,
+            "query": query,
+            "messages": [self._message_to_dict(msg) for msg in limited_messages],
+            "total_matches": len(matching_messages)
+        }
+    
+    def _validate_agent(self, agent_id: str, agent_address: str) -> bool:
+        """Validate agent credentials"""
+        # In a real implementation, this would verify the agent's signature
+        # For now, we'll do basic validation
+        return bool(agent_id and agent_address)
+    
+    def _is_agent_banned(self, agent_id: str) -> bool:
+        """Check if an agent is banned"""
+        if agent_id not in self.agent_reputations:
+            return False
+        
+        reputation = self.agent_reputations[agent_id]
+        
+        if reputation.is_banned:
+            # Check if ban has expired
+            if reputation.ban_expires and datetime.now() > reputation.ban_expires:
+                reputation.is_banned = False
+                reputation.ban_expires = None
+                reputation.ban_reason = None
+                return False
+            return True
+        
+        return False
+    
+    def _is_moderator(self, agent_id: str) -> bool:
+        """Check if an agent is a moderator"""
+        if agent_id not in self.agent_reputations:
+            return False
+        
+        return self.agent_reputations[agent_id].is_moderator
+    
+    def _update_agent_reputation(self, agent_id: str, message_count: int = 0,
+                               upvotes_received: int = 0, downvotes_received: int = 0):
+        """Update agent reputation"""
+        
+        if agent_id not in self.agent_reputations:
+            self.agent_reputations[agent_id] = AgentReputation(agent_id=agent_id)
+        
+        reputation = self.agent_reputations[agent_id]
+        
+        if message_count > 0:
+            reputation.message_count += message_count
+        
+        if upvotes_received > 0:
+            reputation.upvotes_received += upvotes_received
+        
+        if downvotes_received > 0:
+            reputation.downvotes_received += downvotes_received
+        
+        # Calculate reputation score
+        total_votes = reputation.upvotes_received + reputation.downvotes_received
+        if total_votes > 0:
+            reputation.reputation_score = (reputation.upvotes_received - reputation.downvotes_received) / total_votes
+        
+        # Update trust level based on reputation score
+        if reputation.reputation_score >= 0.8:
+            reputation.trust_level = 5
+        elif reputation.reputation_score >= 0.6:
+            reputation.trust_level = 4
+        elif reputation.reputation_score >= 0.4:
+            reputation.trust_level = 3
+        elif reputation.reputation_score >= 0.2:
+            reputation.trust_level = 2
+        else:
+            reputation.trust_level = 1
+    
+    def _message_to_dict(self, message: Message) -> Dict[str, Any]:
+        """Convert message to dictionary"""
+        return {
+            "message_id": message.message_id,
+            "agent_id": message.agent_id,
+            "agent_address": message.agent_address,
+            "topic": message.topic,
+            "content": message.content,
+            "message_type": message.message_type.value,
+            "timestamp": message.timestamp.isoformat(),
+            "parent_message_id": message.parent_message_id,
+            "reply_count": message.reply_count,
+            "upvotes": message.upvotes,
+            "downvotes": message.downvotes,
+            "status": message.status.value,
+            "metadata": message.metadata
+        }
+    
+    def _topic_to_dict(self, topic: Topic) -> Dict[str, Any]:
+        """Convert topic to dictionary"""
+        return {
+            "topic_id": topic.topic_id,
+            "title": topic.title,
+            "description": topic.description,
+            "creator_agent_id": topic.creator_agent_id,
+            "created_at": topic.created_at.isoformat(),
+            "message_count": topic.message_count,
+            "last_activity": topic.last_activity.isoformat(),
+            "tags": topic.tags,
+            "is_pinned": topic.is_pinned,
+            "is_locked": topic.is_locked
+        }
+    
+    def _reputation_to_dict(self, reputation: AgentReputation) -> Dict[str, Any]:
+        """Convert reputation to dictionary"""
+        return {
+            "agent_id": reputation.agent_id,
+            "message_count": reputation.message_count,
+            "upvotes_received": reputation.upvotes_received,
+            "downvotes_received": reputation.downvotes_received,
+            "reputation_score": reputation.reputation_score,
+            "trust_level": reputation.trust_level,
+            "is_moderator": reputation.is_moderator,
+            "is_banned": reputation.is_banned,
+            "ban_reason": reputation.ban_reason,
+            "ban_expires": reputation.ban_expires.isoformat() if reputation.ban_expires else None
+        }
+
+# Global contract instance
+messaging_contract = AgentMessagingContract()

apps/blockchain-node/src/aitbc_chain/contracts_backup_20260402_120608/agent_wallet_security.py

@@ -0,0 +1,584 @@
+"""
+AITBC Agent Wallet Security Implementation
+
+This module implements the security layer for autonomous agent wallets,
+integrating the guardian contract to prevent unlimited spending in case
+of agent compromise.
+"""
+
+from typing import Dict, List, Optional, Tuple
+from dataclasses import dataclass
+from datetime import datetime, timedelta
+import json
+from eth_account import Account
+from eth_utils import to_checksum_address
+
+from .guardian_contract import (
+    GuardianContract, 
+    SpendingLimit, 
+    TimeLockConfig, 
+    GuardianConfig,
+    create_guardian_contract,
+    CONSERVATIVE_CONFIG,
+    AGGRESSIVE_CONFIG,
+    HIGH_SECURITY_CONFIG
+)
+
+
+@dataclass
+class AgentSecurityProfile:
+    """Security profile for an agent"""
+    agent_address: str
+    security_level: str  # "conservative", "aggressive", "high_security"
+    guardian_addresses: List[str]
+    custom_limits: Optional[Dict] = None
+    enabled: bool = True
+    created_at: datetime = None
+    
+    def __post_init__(self):
+        if self.created_at is None:
+            self.created_at = datetime.utcnow()
+
+
+class AgentWalletSecurity:
+    """
+    Security manager for autonomous agent wallets
+    """
+    
+    def __init__(self):
+        self.agent_profiles: Dict[str, AgentSecurityProfile] = {}
+        self.guardian_contracts: Dict[str, GuardianContract] = {}
+        self.security_events: List[Dict] = []
+        
+        # Default configurations
+        self.configurations = {
+            "conservative": CONSERVATIVE_CONFIG,
+            "aggressive": AGGRESSIVE_CONFIG,
+            "high_security": HIGH_SECURITY_CONFIG
+        }
+    
+    def register_agent(self, 
+                      agent_address: str, 
+                      security_level: str = "conservative",
+                      guardian_addresses: List[str] = None,
+                      custom_limits: Dict = None) -> Dict:
+        """
+        Register an agent for security protection
+        
+        Args:
+            agent_address: Agent wallet address
+            security_level: Security level (conservative, aggressive, high_security)
+            guardian_addresses: List of guardian addresses for recovery
+            custom_limits: Custom spending limits (overrides security_level)
+            
+        Returns:
+            Registration result
+        """
+        try:
+            agent_address = to_checksum_address(agent_address)
+            
+            if agent_address in self.agent_profiles:
+                return {
+                    "status": "error",
+                    "reason": "Agent already registered"
+                }
+            
+            # Validate security level
+            if security_level not in self.configurations:
+                return {
+                    "status": "error",
+                    "reason": f"Invalid security level: {security_level}"
+                }
+            
+            # Default guardians if none provided
+            if guardian_addresses is None:
+                guardian_addresses = [agent_address]  # Self-guardian (should be overridden)
+            
+            # Validate guardian addresses
+            guardian_addresses = [to_checksum_address(addr) for addr in guardian_addresses]
+            
+            # Create security profile
+            profile = AgentSecurityProfile(
+                agent_address=agent_address,
+                security_level=security_level,
+                guardian_addresses=guardian_addresses,
+                custom_limits=custom_limits
+            )
+            
+            # Create guardian contract
+            config = self.configurations[security_level]
+            if custom_limits:
+                config.update(custom_limits)
+            
+            guardian_contract = create_guardian_contract(
+                agent_address=agent_address,
+                guardians=guardian_addresses,
+                **config
+            )
+            
+            # Store profile and contract
+            self.agent_profiles[agent_address] = profile
+            self.guardian_contracts[agent_address] = guardian_contract
+            
+            # Log security event
+            self._log_security_event(
+                event_type="agent_registered",
+                agent_address=agent_address,
+                security_level=security_level,
+                guardian_count=len(guardian_addresses)
+            )
+            
+            return {
+                "status": "registered",
+                "agent_address": agent_address,
+                "security_level": security_level,
+                "guardian_addresses": guardian_addresses,
+                "limits": guardian_contract.config.limits,
+                "time_lock_threshold": guardian_contract.config.time_lock.threshold,
+                "registered_at": profile.created_at.isoformat()
+            }
+            
+        except Exception as e:
+            return {
+                "status": "error",
+                "reason": f"Registration failed: {str(e)}"
+            }
+    
+    def protect_transaction(self, 
+                          agent_address: str, 
+                          to_address: str, 
+                          amount: int, 
+                          data: str = "") -> Dict:
+        """
+        Protect a transaction with guardian contract
+        
+        Args:
+            agent_address: Agent wallet address
+            to_address: Recipient address
+            amount: Amount to transfer
+            data: Transaction data
+            
+        Returns:
+            Protection result
+        """
+        try:
+            agent_address = to_checksum_address(agent_address)
+            
+            # Check if agent is registered
+            if agent_address not in self.agent_profiles:
+                return {
+                    "status": "unprotected",
+                    "reason": "Agent not registered for security protection",
+                    "suggestion": "Register agent with register_agent() first"
+                }
+            
+            # Check if protection is enabled
+            profile = self.agent_profiles[agent_address]
+            if not profile.enabled:
+                return {
+                    "status": "unprotected",
+                    "reason": "Security protection disabled for this agent"
+                }
+            
+            # Get guardian contract
+            guardian_contract = self.guardian_contracts[agent_address]
+            
+            # Initiate transaction protection
+            result = guardian_contract.initiate_transaction(to_address, amount, data)
+            
+            # Log security event
+            self._log_security_event(
+                event_type="transaction_protected",
+                agent_address=agent_address,
+                to_address=to_address,
+                amount=amount,
+                protection_status=result["status"]
+            )
+            
+            return result
+            
+        except Exception as e:
+            return {
+                "status": "error",
+                "reason": f"Transaction protection failed: {str(e)}"
+            }
+    
+    def execute_protected_transaction(self, 
+                                    agent_address: str, 
+                                    operation_id: str, 
+                                    signature: str) -> Dict:
+        """
+        Execute a previously protected transaction
+        
+        Args:
+            agent_address: Agent wallet address
+            operation_id: Operation ID from protection
+            signature: Transaction signature
+            
+        Returns:
+            Execution result
+        """
+        try:
+            agent_address = to_checksum_address(agent_address)
+            
+            if agent_address not in self.guardian_contracts:
+                return {
+                    "status": "error",
+                    "reason": "Agent not registered"
+                }
+            
+            guardian_contract = self.guardian_contracts[agent_address]
+            result = guardian_contract.execute_transaction(operation_id, signature)
+            
+            # Log security event
+            if result["status"] == "executed":
+                self._log_security_event(
+                    event_type="transaction_executed",
+                    agent_address=agent_address,
+                    operation_id=operation_id,
+                    transaction_hash=result.get("transaction_hash")
+                )
+            
+            return result
+            
+        except Exception as e:
+            return {
+                "status": "error",
+                "reason": f"Transaction execution failed: {str(e)}"
+            }
+    
+    def emergency_pause_agent(self, agent_address: str, guardian_address: str) -> Dict:
+        """
+        Emergency pause an agent's operations
+        
+        Args:
+            agent_address: Agent wallet address
+            guardian_address: Guardian address initiating pause
+            
+        Returns:
+            Pause result
+        """
+        try:
+            agent_address = to_checksum_address(agent_address)
+            guardian_address = to_checksum_address(guardian_address)
+            
+            if agent_address not in self.guardian_contracts:
+                return {
+                    "status": "error",
+                    "reason": "Agent not registered"
+                }
+            
+            guardian_contract = self.guardian_contracts[agent_address]
+            result = guardian_contract.emergency_pause(guardian_address)
+            
+            # Log security event
+            if result["status"] == "paused":
+                self._log_security_event(
+                    event_type="emergency_pause",
+                    agent_address=agent_address,
+                    guardian_address=guardian_address
+                )
+            
+            return result
+            
+        except Exception as e:
+            return {
+                "status": "error",
+                "reason": f"Emergency pause failed: {str(e)}"
+            }
+    
+    def update_agent_security(self, 
+                            agent_address: str, 
+                            new_limits: Dict, 
+                            guardian_address: str) -> Dict:
+        """
+        Update security limits for an agent
+        
+        Args:
+            agent_address: Agent wallet address
+            new_limits: New spending limits
+            guardian_address: Guardian address making the change
+            
+        Returns:
+            Update result
+        """
+        try:
+            agent_address = to_checksum_address(agent_address)
+            guardian_address = to_checksum_address(guardian_address)
+            
+            if agent_address not in self.guardian_contracts:
+                return {
+                    "status": "error",
+                    "reason": "Agent not registered"
+                }
+            
+            guardian_contract = self.guardian_contracts[agent_address]
+            
+            # Create new spending limits
+            limits = SpendingLimit(
+                per_transaction=new_limits.get("per_transaction", 1000),
+                per_hour=new_limits.get("per_hour", 5000),
+                per_day=new_limits.get("per_day", 20000),
+                per_week=new_limits.get("per_week", 100000)
+            )
+            
+            result = guardian_contract.update_limits(limits, guardian_address)
+            
+            # Log security event
+            if result["status"] == "updated":
+                self._log_security_event(
+                    event_type="security_limits_updated",
+                    agent_address=agent_address,
+                    guardian_address=guardian_address,
+                    new_limits=new_limits
+                )
+            
+            return result
+            
+        except Exception as e:
+            return {
+                "status": "error",
+                "reason": f"Security update failed: {str(e)}"
+            }
+    
+    def get_agent_security_status(self, agent_address: str) -> Dict:
+        """
+        Get security status for an agent
+        
+        Args:
+            agent_address: Agent wallet address
+            
+        Returns:
+            Security status
+        """
+        try:
+            agent_address = to_checksum_address(agent_address)
+            
+            if agent_address not in self.agent_profiles:
+                return {
+                    "status": "not_registered",
+                    "message": "Agent not registered for security protection"
+                }
+            
+            profile = self.agent_profiles[agent_address]
+            guardian_contract = self.guardian_contracts[agent_address]
+            
+            return {
+                "status": "protected",
+                "agent_address": agent_address,
+                "security_level": profile.security_level,
+                "enabled": profile.enabled,
+                "guardian_addresses": profile.guardian_addresses,
+                "registered_at": profile.created_at.isoformat(),
+                "spending_status": guardian_contract.get_spending_status(),
+                "pending_operations": guardian_contract.get_pending_operations(),
+                "recent_activity": guardian_contract.get_operation_history(10)
+            }
+            
+        except Exception as e:
+            return {
+                "status": "error",
+                "reason": f"Status check failed: {str(e)}"
+            }
+    
+    def list_protected_agents(self) -> List[Dict]:
+        """List all protected agents"""
+        agents = []
+        
+        for agent_address, profile in self.agent_profiles.items():
+            guardian_contract = self.guardian_contracts[agent_address]
+            
+            agents.append({
+                "agent_address": agent_address,
+                "security_level": profile.security_level,
+                "enabled": profile.enabled,
+                "guardian_count": len(profile.guardian_addresses),
+                "pending_operations": len(guardian_contract.pending_operations),
+                "paused": guardian_contract.paused,
+                "emergency_mode": guardian_contract.emergency_mode,
+                "registered_at": profile.created_at.isoformat()
+            })
+        
+        return sorted(agents, key=lambda x: x["registered_at"], reverse=True)
+    
+    def get_security_events(self, agent_address: str = None, limit: int = 50) -> List[Dict]:
+        """
+        Get security events
+        
+        Args:
+            agent_address: Filter by agent address (optional)
+            limit: Maximum number of events
+            
+        Returns:
+            Security events
+        """
+        events = self.security_events
+        
+        if agent_address:
+            agent_address = to_checksum_address(agent_address)
+            events = [e for e in events if e.get("agent_address") == agent_address]
+        
+        return sorted(events, key=lambda x: x["timestamp"], reverse=True)[:limit]
+    
+    def _log_security_event(self, **kwargs):
+        """Log a security event"""
+        event = {
+            "timestamp": datetime.utcnow().isoformat(),
+            **kwargs
+        }
+        self.security_events.append(event)
+    
+    def disable_agent_protection(self, agent_address: str, guardian_address: str) -> Dict:
+        """
+        Disable protection for an agent (guardian only)
+        
+        Args:
+            agent_address: Agent wallet address
+            guardian_address: Guardian address
+            
+        Returns:
+            Disable result
+        """
+        try:
+            agent_address = to_checksum_address(agent_address)
+            guardian_address = to_checksum_address(guardian_address)
+            
+            if agent_address not in self.agent_profiles:
+                return {
+                    "status": "error",
+                    "reason": "Agent not registered"
+                }
+            
+            profile = self.agent_profiles[agent_address]
+            
+            if guardian_address not in profile.guardian_addresses:
+                return {
+                    "status": "error",
+                    "reason": "Not authorized: not a guardian"
+                }
+            
+            profile.enabled = False
+            
+            # Log security event
+            self._log_security_event(
+                event_type="protection_disabled",
+                agent_address=agent_address,
+                guardian_address=guardian_address
+            )
+            
+            return {
+                "status": "disabled",
+                "agent_address": agent_address,
+                "disabled_at": datetime.utcnow().isoformat(),
+                "guardian": guardian_address
+            }
+            
+        except Exception as e:
+            return {
+                "status": "error",
+                "reason": f"Disable protection failed: {str(e)}"
+            }
+
+
+# Global security manager instance
+agent_wallet_security = AgentWalletSecurity()
+
+
+# Convenience functions for common operations
+def register_agent_for_protection(agent_address: str, 
+                                 security_level: str = "conservative",
+                                 guardians: List[str] = None) -> Dict:
+    """Register an agent for security protection"""
+    return agent_wallet_security.register_agent(
+        agent_address=agent_address,
+        security_level=security_level,
+        guardian_addresses=guardians
+    )
+
+
+def protect_agent_transaction(agent_address: str, 
+                             to_address: str, 
+                             amount: int, 
+                             data: str = "") -> Dict:
+    """Protect a transaction for an agent"""
+    return agent_wallet_security.protect_transaction(
+        agent_address=agent_address,
+        to_address=to_address,
+        amount=amount,
+        data=data
+    )
+
+
+def get_agent_security_summary(agent_address: str) -> Dict:
+    """Get security summary for an agent"""
+    return agent_wallet_security.get_agent_security_status(agent_address)
+
+
+# Security audit and monitoring functions
+def generate_security_report() -> Dict:
+    """Generate comprehensive security report"""
+    protected_agents = agent_wallet_security.list_protected_agents()
+    
+    total_agents = len(protected_agents)
+    active_agents = len([a for a in protected_agents if a["enabled"]])
+    paused_agents = len([a for a in protected_agents if a["paused"]])
+    emergency_agents = len([a for a in protected_agents if a["emergency_mode"]])
+    
+    recent_events = agent_wallet_security.get_security_events(limit=20)
+    
+    return {
+        "generated_at": datetime.utcnow().isoformat(),
+        "summary": {
+            "total_protected_agents": total_agents,
+            "active_agents": active_agents,
+            "paused_agents": paused_agents,
+            "emergency_mode_agents": emergency_agents,
+            "protection_coverage": f"{(active_agents / total_agents * 100):.1f}%" if total_agents > 0 else "0%"
+        },
+        "agents": protected_agents,
+        "recent_security_events": recent_events,
+        "security_levels": {
+            level: len([a for a in protected_agents if a["security_level"] == level])
+            for level in ["conservative", "aggressive", "high_security"]
+        }
+    }
+
+
+def detect_suspicious_activity(agent_address: str, hours: int = 24) -> Dict:
+    """Detect suspicious activity for an agent"""
+    status = agent_wallet_security.get_agent_security_status(agent_address)
+    
+    if status["status"] != "protected":
+        return {
+            "status": "not_protected",
+            "suspicious_activity": False
+        }
+    
+    spending_status = status["spending_status"]
+    recent_events = agent_wallet_security.get_security_events(agent_address, limit=50)
+    
+    # Suspicious patterns
+    suspicious_patterns = []
+    
+    # Check for rapid spending
+    if spending_status["spent"]["current_hour"] > spending_status["current_limits"]["per_hour"] * 0.8:
+        suspicious_patterns.append("High hourly spending rate")
+    
+    # Check for many small transactions (potential dust attack)
+    recent_tx_count = len([e for e in recent_events if e["event_type"] == "transaction_executed"])
+    if recent_tx_count > 20:
+        suspicious_patterns.append("High transaction frequency")
+    
+    # Check for emergency pauses
+    recent_pauses = len([e for e in recent_events if e["event_type"] == "emergency_pause"])
+    if recent_pauses > 0:
+        suspicious_patterns.append("Recent emergency pauses detected")
+    
+    return {
+        "status": "analyzed",
+        "agent_address": agent_address,
+        "suspicious_activity": len(suspicious_patterns) > 0,
+        "suspicious_patterns": suspicious_patterns,
+        "analysis_period_hours": hours,
+        "analyzed_at": datetime.utcnow().isoformat()
+    }

apps/blockchain-node/src/aitbc_chain/contracts_backup_20260402_120608/escrow.py

@@ -0,0 +1,559 @@
+"""
+Smart Contract Escrow System
+Handles automated payment holding and release for AI job marketplace
+"""
+
+import asyncio
+import time
+import json
+from typing import Dict, List, Optional, Tuple, Set
+from dataclasses import dataclass, asdict
+from enum import Enum
+from decimal import Decimal
+
+class EscrowState(Enum):
+    CREATED = "created"
+    FUNDED = "funded"
+    JOB_STARTED = "job_started"
+    JOB_COMPLETED = "job_completed"
+    DISPUTED = "disputed"
+    RESOLVED = "resolved"
+    RELEASED = "released"
+    REFUNDED = "refunded"
+    EXPIRED = "expired"
+
+class DisputeReason(Enum):
+    QUALITY_ISSUES = "quality_issues"
+    DELIVERY_LATE = "delivery_late"
+    INCOMPLETE_WORK = "incomplete_work"
+    TECHNICAL_ISSUES = "technical_issues"
+    PAYMENT_DISPUTE = "payment_dispute"
+    OTHER = "other"
+
+@dataclass
+class EscrowContract:
+    contract_id: str
+    job_id: str
+    client_address: str
+    agent_address: str
+    amount: Decimal
+    fee_rate: Decimal  # Platform fee rate
+    created_at: float
+    expires_at: float
+    state: EscrowState
+    milestones: List[Dict]
+    current_milestone: int
+    dispute_reason: Optional[DisputeReason]
+    dispute_evidence: List[Dict]
+    resolution: Optional[Dict]
+    released_amount: Decimal
+    refunded_amount: Decimal
+
+@dataclass
+class Milestone:
+    milestone_id: str
+    description: str
+    amount: Decimal
+    completed: bool
+    completed_at: Optional[float]
+    verified: bool
+
+class EscrowManager:
+    """Manages escrow contracts for AI job marketplace"""
+    
+    def __init__(self):
+        self.escrow_contracts: Dict[str, EscrowContract] = {}
+        self.active_contracts: Set[str] = set()
+        self.disputed_contracts: Set[str] = set()
+        
+        # Escrow parameters
+        self.default_fee_rate = Decimal('0.025')  # 2.5% platform fee
+        self.max_contract_duration = 86400 * 30  # 30 days
+        self.dispute_timeout = 86400 * 7  # 7 days for dispute resolution
+        self.min_dispute_evidence = 1
+        self.max_dispute_evidence = 10
+        
+        # Milestone parameters
+        self.min_milestone_amount = Decimal('0.01')
+        self.max_milestones = 10
+        self.verification_timeout = 86400  # 24 hours for milestone verification
+    
+    async def create_contract(self, job_id: str, client_address: str, agent_address: str,
+                            amount: Decimal, fee_rate: Optional[Decimal] = None,
+                            milestones: Optional[List[Dict]] = None,
+                            duration_days: int = 30) -> Tuple[bool, str, Optional[str]]:
+        """Create new escrow contract"""
+        try:
+            # Validate inputs
+            if not self._validate_contract_inputs(job_id, client_address, agent_address, amount):
+                return False, "Invalid contract inputs", None
+            
+            # Calculate fee
+            fee_rate = fee_rate or self.default_fee_rate
+            platform_fee = amount * fee_rate
+            total_amount = amount + platform_fee
+            
+            # Validate milestones
+            validated_milestones = []
+            if milestones:
+                validated_milestones = await self._validate_milestones(milestones, amount)
+                if not validated_milestones:
+                    return False, "Invalid milestones configuration", None
+            else:
+                # Create single milestone for full amount
+                validated_milestones = [{
+                    'milestone_id': 'milestone_1',
+                    'description': 'Complete job',
+                    'amount': amount,
+                    'completed': False
+                }]
+            
+            # Create contract
+            contract_id = self._generate_contract_id(client_address, agent_address, job_id)
+            current_time = time.time()
+            
+            contract = EscrowContract(
+                contract_id=contract_id,
+                job_id=job_id,
+                client_address=client_address,
+                agent_address=agent_address,
+                amount=total_amount,
+                fee_rate=fee_rate,
+                created_at=current_time,
+                expires_at=current_time + (duration_days * 86400),
+                state=EscrowState.CREATED,
+                milestones=validated_milestones,
+                current_milestone=0,
+                dispute_reason=None,
+                dispute_evidence=[],
+                resolution=None,
+                released_amount=Decimal('0'),
+                refunded_amount=Decimal('0')
+            )
+            
+            self.escrow_contracts[contract_id] = contract
+            
+            log_info(f"Escrow contract created: {contract_id} for job {job_id}")
+            return True, "Contract created successfully", contract_id
+            
+        except Exception as e:
+            return False, f"Contract creation failed: {str(e)}", None
+    
+    def _validate_contract_inputs(self, job_id: str, client_address: str, 
+                                 agent_address: str, amount: Decimal) -> bool:
+        """Validate contract creation inputs"""
+        if not all([job_id, client_address, agent_address]):
+            return False
+        
+        # Validate addresses (simplified)
+        if not (client_address.startswith('0x') and len(client_address) == 42):
+            return False
+        if not (agent_address.startswith('0x') and len(agent_address) == 42):
+            return False
+        
+        # Validate amount
+        if amount <= 0:
+            return False
+        
+        # Check for existing contract
+        for contract in self.escrow_contracts.values():
+            if contract.job_id == job_id:
+                return False  # Contract already exists for this job
+        
+        return True
+    
+    async def _validate_milestones(self, milestones: List[Dict], total_amount: Decimal) -> Optional[List[Dict]]:
+        """Validate milestone configuration"""
+        if not milestones or len(milestones) > self.max_milestones:
+            return None
+        
+        validated_milestones = []
+        milestone_total = Decimal('0')
+        
+        for i, milestone_data in enumerate(milestones):
+            # Validate required fields
+            required_fields = ['milestone_id', 'description', 'amount']
+            if not all(field in milestone_data for field in required_fields):
+                return None
+            
+            # Validate amount
+            amount = Decimal(str(milestone_data['amount']))
+            if amount < self.min_milestone_amount:
+                return None
+            
+            milestone_total += amount
+            validated_milestones.append({
+                'milestone_id': milestone_data['milestone_id'],
+                'description': milestone_data['description'],
+                'amount': amount,
+                'completed': False
+            })
+        
+        # Check if milestone amounts sum to total
+        if abs(milestone_total - total_amount) > Decimal('0.01'):  # Allow small rounding difference
+            return None
+        
+        return validated_milestones
+    
+    def _generate_contract_id(self, client_address: str, agent_address: str, job_id: str) -> str:
+        """Generate unique contract ID"""
+        import hashlib
+        content = f"{client_address}:{agent_address}:{job_id}:{time.time()}"
+        return hashlib.sha256(content.encode()).hexdigest()[:16]
+    
+    async def fund_contract(self, contract_id: str, payment_tx_hash: str) -> Tuple[bool, str]:
+        """Fund escrow contract"""
+        contract = self.escrow_contracts.get(contract_id)
+        if not contract:
+            return False, "Contract not found"
+        
+        if contract.state != EscrowState.CREATED:
+            return False, f"Cannot fund contract in {contract.state.value} state"
+        
+        # In real implementation, this would verify the payment transaction
+        # For now, assume payment is valid
+        
+        contract.state = EscrowState.FUNDED
+        self.active_contracts.add(contract_id)
+        
+        log_info(f"Contract funded: {contract_id}")
+        return True, "Contract funded successfully"
+    
+    async def start_job(self, contract_id: str) -> Tuple[bool, str]:
+        """Mark job as started"""
+        contract = self.escrow_contracts.get(contract_id)
+        if not contract:
+            return False, "Contract not found"
+        
+        if contract.state != EscrowState.FUNDED:
+            return False, f"Cannot start job in {contract.state.value} state"
+        
+        contract.state = EscrowState.JOB_STARTED
+        
+        log_info(f"Job started for contract: {contract_id}")
+        return True, "Job started successfully"
+    
+    async def complete_milestone(self, contract_id: str, milestone_id: str, 
+                               evidence: Dict = None) -> Tuple[bool, str]:
+        """Mark milestone as completed"""
+        contract = self.escrow_contracts.get(contract_id)
+        if not contract:
+            return False, "Contract not found"
+        
+        if contract.state not in [EscrowState.JOB_STARTED, EscrowState.JOB_COMPLETED]:
+            return False, f"Cannot complete milestone in {contract.state.value} state"
+        
+        # Find milestone
+        milestone = None
+        for ms in contract.milestones:
+            if ms['milestone_id'] == milestone_id:
+                milestone = ms
+                break
+        
+        if not milestone:
+            return False, "Milestone not found"
+        
+        if milestone['completed']:
+            return False, "Milestone already completed"
+        
+        # Mark as completed
+        milestone['completed'] = True
+        milestone['completed_at'] = time.time()
+        
+        # Add evidence if provided
+        if evidence:
+            milestone['evidence'] = evidence
+        
+        # Check if all milestones are completed
+        all_completed = all(ms['completed'] for ms in contract.milestones)
+        if all_completed:
+            contract.state = EscrowState.JOB_COMPLETED
+        
+        log_info(f"Milestone {milestone_id} completed for contract: {contract_id}")
+        return True, "Milestone completed successfully"
+    
+    async def verify_milestone(self, contract_id: str, milestone_id: str, 
+                             verified: bool, feedback: str = "") -> Tuple[bool, str]:
+        """Verify milestone completion"""
+        contract = self.escrow_contracts.get(contract_id)
+        if not contract:
+            return False, "Contract not found"
+        
+        # Find milestone
+        milestone = None
+        for ms in contract.milestones:
+            if ms['milestone_id'] == milestone_id:
+                milestone = ms
+                break
+        
+        if not milestone:
+            return False, "Milestone not found"
+        
+        if not milestone['completed']:
+            return False, "Milestone not completed yet"
+        
+        # Set verification status
+        milestone['verified'] = verified
+        milestone['verification_feedback'] = feedback
+        
+        if verified:
+            # Release milestone payment
+            await self._release_milestone_payment(contract_id, milestone_id)
+        else:
+            # Create dispute if verification fails
+            await self._create_dispute(contract_id, DisputeReason.QUALITY_ISSUES, 
+                                    f"Milestone {milestone_id} verification failed: {feedback}")
+        
+        log_info(f"Milestone {milestone_id} verification: {verified} for contract: {contract_id}")
+        return True, "Milestone verification processed"
+    
+    async def _release_milestone_payment(self, contract_id: str, milestone_id: str):
+        """Release payment for verified milestone"""
+        contract = self.escrow_contracts.get(contract_id)
+        if not contract:
+            return
+        
+        # Find milestone
+        milestone = None
+        for ms in contract.milestones:
+            if ms['milestone_id'] == milestone_id:
+                milestone = ms
+                break
+        
+        if not milestone:
+            return
+        
+        # Calculate payment amount (minus platform fee)
+        milestone_amount = Decimal(str(milestone['amount']))
+        platform_fee = milestone_amount * contract.fee_rate
+        payment_amount = milestone_amount - platform_fee
+        
+        # Update released amount
+        contract.released_amount += payment_amount
+        
+        # In real implementation, this would trigger actual payment transfer
+        log_info(f"Released {payment_amount} for milestone {milestone_id} in contract {contract_id}")
+    
+    async def release_full_payment(self, contract_id: str) -> Tuple[bool, str]:
+        """Release full payment to agent"""
+        contract = self.escrow_contracts.get(contract_id)
+        if not contract:
+            return False, "Contract not found"
+        
+        if contract.state != EscrowState.JOB_COMPLETED:
+            return False, f"Cannot release payment in {contract.state.value} state"
+        
+        # Check if all milestones are verified
+        all_verified = all(ms.get('verified', False) for ms in contract.milestones)
+        if not all_verified:
+            return False, "Not all milestones are verified"
+        
+        # Calculate remaining payment
+        total_milestone_amount = sum(Decimal(str(ms['amount'])) for ms in contract.milestones)
+        platform_fee_total = total_milestone_amount * contract.fee_rate
+        remaining_payment = total_milestone_amount - contract.released_amount - platform_fee_total
+        
+        if remaining_payment > 0:
+            contract.released_amount += remaining_payment
+        
+        contract.state = EscrowState.RELEASED
+        self.active_contracts.discard(contract_id)
+        
+        log_info(f"Full payment released for contract: {contract_id}")
+        return True, "Payment released successfully"
+    
+    async def create_dispute(self, contract_id: str, reason: DisputeReason, 
+                           description: str, evidence: List[Dict] = None) -> Tuple[bool, str]:
+        """Create dispute for contract"""
+        return await self._create_dispute(contract_id, reason, description, evidence)
+    
+    async def _create_dispute(self, contract_id: str, reason: DisputeReason, 
+                           description: str, evidence: List[Dict] = None):
+        """Internal dispute creation method"""
+        contract = self.escrow_contracts.get(contract_id)
+        if not contract:
+            return False, "Contract not found"
+        
+        if contract.state == EscrowState.DISPUTED:
+            return False, "Contract already disputed"
+        
+        if contract.state not in [EscrowState.FUNDED, EscrowState.JOB_STARTED, EscrowState.JOB_COMPLETED]:
+            return False, f"Cannot dispute contract in {contract.state.value} state"
+        
+        # Validate evidence
+        if evidence and (len(evidence) < self.min_dispute_evidence or len(evidence) > self.max_dispute_evidence):
+            return False, f"Invalid evidence count: {len(evidence)}"
+        
+        # Create dispute
+        contract.state = EscrowState.DISPUTED
+        contract.dispute_reason = reason
+        contract.dispute_evidence = evidence or []
+        contract.dispute_created_at = time.time()
+        
+        self.disputed_contracts.add(contract_id)
+        
+        log_info(f"Dispute created for contract: {contract_id} - {reason.value}")
+        return True, "Dispute created successfully"
+    
+    async def resolve_dispute(self, contract_id: str, resolution: Dict) -> Tuple[bool, str]:
+        """Resolve dispute with specified outcome"""
+        contract = self.escrow_contracts.get(contract_id)
+        if not contract:
+            return False, "Contract not found"
+        
+        if contract.state != EscrowState.DISPUTED:
+            return False, f"Contract not in disputed state: {contract.state.value}"
+        
+        # Validate resolution
+        required_fields = ['winner', 'client_refund', 'agent_payment']
+        if not all(field in resolution for field in required_fields):
+            return False, "Invalid resolution format"
+        
+        winner = resolution['winner']
+        client_refund = Decimal(str(resolution['client_refund']))
+        agent_payment = Decimal(str(resolution['agent_payment']))
+        
+        # Validate amounts
+        total_refund = client_refund + agent_payment
+        if total_refund > contract.amount:
+            return False, "Refund amounts exceed contract amount"
+        
+        # Apply resolution
+        contract.resolution = resolution
+        contract.state = EscrowState.RESOLVED
+        
+        # Update amounts
+        contract.released_amount += agent_payment
+        contract.refunded_amount += client_refund
+        
+        # Remove from disputed contracts
+        self.disputed_contracts.discard(contract_id)
+        self.active_contracts.discard(contract_id)
+        
+        log_info(f"Dispute resolved for contract: {contract_id} - Winner: {winner}")
+        return True, "Dispute resolved successfully"
+    
+    async def refund_contract(self, contract_id: str, reason: str = "") -> Tuple[bool, str]:
+        """Refund contract to client"""
+        contract = self.escrow_contracts.get(contract_id)
+        if not contract:
+            return False, "Contract not found"
+        
+        if contract.state in [EscrowState.RELEASED, EscrowState.REFUNDED, EscrowState.EXPIRED]:
+            return False, f"Cannot refund contract in {contract.state.value} state"
+        
+        # Calculate refund amount (minus any released payments)
+        refund_amount = contract.amount - contract.released_amount
+        
+        if refund_amount <= 0:
+            return False, "No amount available for refund"
+        
+        contract.state = EscrowState.REFUNDED
+        contract.refunded_amount = refund_amount
+        
+        self.active_contracts.discard(contract_id)
+        self.disputed_contracts.discard(contract_id)
+        
+        log_info(f"Contract refunded: {contract_id} - Amount: {refund_amount}")
+        return True, "Contract refunded successfully"
+    
+    async def expire_contract(self, contract_id: str) -> Tuple[bool, str]:
+        """Mark contract as expired"""
+        contract = self.escrow_contracts.get(contract_id)
+        if not contract:
+            return False, "Contract not found"
+        
+        if time.time() < contract.expires_at:
+            return False, "Contract has not expired yet"
+        
+        if contract.state in [EscrowState.RELEASED, EscrowState.REFUNDED, EscrowState.EXPIRED]:
+            return False, f"Contract already in final state: {contract.state.value}"
+        
+        # Auto-refund if no work has been done
+        if contract.state == EscrowState.FUNDED:
+            return await self.refund_contract(contract_id, "Contract expired")
+        
+        # Handle other states based on work completion
+        contract.state = EscrowState.EXPIRED
+        self.active_contracts.discard(contract_id)
+        self.disputed_contracts.discard(contract_id)
+        
+        log_info(f"Contract expired: {contract_id}")
+        return True, "Contract expired successfully"
+    
+    async def get_contract_info(self, contract_id: str) -> Optional[EscrowContract]:
+        """Get contract information"""
+        return self.escrow_contracts.get(contract_id)
+    
+    async def get_contracts_by_client(self, client_address: str) -> List[EscrowContract]:
+        """Get contracts for specific client"""
+        return [
+            contract for contract in self.escrow_contracts.values()
+            if contract.client_address == client_address
+        ]
+    
+    async def get_contracts_by_agent(self, agent_address: str) -> List[EscrowContract]:
+        """Get contracts for specific agent"""
+        return [
+            contract for contract in self.escrow_contracts.values()
+            if contract.agent_address == agent_address
+        ]
+    
+    async def get_active_contracts(self) -> List[EscrowContract]:
+        """Get all active contracts"""
+        return [
+            self.escrow_contracts[contract_id] 
+            for contract_id in self.active_contracts
+            if contract_id in self.escrow_contracts
+        ]
+    
+    async def get_disputed_contracts(self) -> List[EscrowContract]:
+        """Get all disputed contracts"""
+        return [
+            self.escrow_contracts[contract_id]
+            for contract_id in self.disputed_contracts
+            if contract_id in self.escrow_contracts
+        ]
+    
+    async def get_escrow_statistics(self) -> Dict:
+        """Get escrow system statistics"""
+        total_contracts = len(self.escrow_contracts)
+        active_count = len(self.active_contracts)
+        disputed_count = len(self.disputed_contracts)
+        
+        # State distribution
+        state_counts = {}
+        for contract in self.escrow_contracts.values():
+            state = contract.state.value
+            state_counts[state] = state_counts.get(state, 0) + 1
+        
+        # Financial statistics
+        total_amount = sum(contract.amount for contract in self.escrow_contracts.values())
+        total_released = sum(contract.released_amount for contract in self.escrow_contracts.values())
+        total_refunded = sum(contract.refunded_amount for contract in self.escrow_contracts.values())
+        total_fees = total_amount - total_released - total_refunded
+        
+        return {
+            'total_contracts': total_contracts,
+            'active_contracts': active_count,
+            'disputed_contracts': disputed_count,
+            'state_distribution': state_counts,
+            'total_amount': float(total_amount),
+            'total_released': float(total_released),
+            'total_refunded': float(total_refunded),
+            'total_fees': float(total_fees),
+            'average_contract_value': float(total_amount / total_contracts) if total_contracts > 0 else 0
+        }
+
+# Global escrow manager
+escrow_manager: Optional[EscrowManager] = None
+
+def get_escrow_manager() -> Optional[EscrowManager]:
+    """Get global escrow manager"""
+    return escrow_manager
+
+def create_escrow_manager() -> EscrowManager:
+    """Create and set global escrow manager"""
+    global escrow_manager
+    escrow_manager = EscrowManager()
+    return escrow_manager

apps/blockchain-node/src/aitbc_chain/contracts_backup_20260402_120608/guardian_config_fixed.py

@@ -0,0 +1,405 @@
+"""
+Fixed Guardian Configuration with Proper Guardian Setup
+Addresses the critical vulnerability where guardian lists were empty
+"""
+
+from typing import Dict, List, Optional, Tuple
+from dataclasses import dataclass
+from datetime import datetime, timedelta
+import json
+from eth_account import Account
+from eth_utils import to_checksum_address, keccak
+
+from .guardian_contract import (
+    SpendingLimit, 
+    TimeLockConfig, 
+    GuardianConfig,
+    GuardianContract
+)
+
+
+@dataclass
+class GuardianSetup:
+    """Guardian setup configuration"""
+    primary_guardian: str      # Main guardian address
+    backup_guardians: List[str] # Backup guardian addresses
+    multisig_threshold: int     # Number of signatures required
+    emergency_contacts: List[str] # Additional emergency contacts
+
+
+class SecureGuardianManager:
+    """
+    Secure guardian management with proper initialization
+    """
+    
+    def __init__(self):
+        self.guardian_registrations: Dict[str, GuardianSetup] = {}
+        self.guardian_contracts: Dict[str, GuardianContract] = {}
+    
+    def create_guardian_setup(
+        self, 
+        agent_address: str,
+        owner_address: str,
+        security_level: str = "conservative",
+        custom_guardians: Optional[List[str]] = None
+    ) -> GuardianSetup:
+        """
+        Create a proper guardian setup for an agent
+        
+        Args:
+            agent_address: Agent wallet address
+            owner_address: Owner of the agent
+            security_level: Security level (conservative, aggressive, high_security)
+            custom_guardians: Optional custom guardian addresses
+            
+        Returns:
+            Guardian setup configuration
+        """
+        agent_address = to_checksum_address(agent_address)
+        owner_address = to_checksum_address(owner_address)
+        
+        # Determine guardian requirements based on security level
+        if security_level == "conservative":
+            required_guardians = 3
+            multisig_threshold = 2
+        elif security_level == "aggressive":
+            required_guardians = 2
+            multisig_threshold = 2
+        elif security_level == "high_security":
+            required_guardians = 5
+            multisig_threshold = 3
+        else:
+            raise ValueError(f"Invalid security level: {security_level}")
+        
+        # Build guardian list
+        guardians = []
+        
+        # Always include the owner as primary guardian
+        guardians.append(owner_address)
+        
+        # Add custom guardians if provided
+        if custom_guardians:
+            for guardian in custom_guardians:
+                guardian = to_checksum_address(guardian)
+                if guardian not in guardians:
+                    guardians.append(guardian)
+        
+        # Generate backup guardians if needed
+        while len(guardians) < required_guardians:
+            # Generate a deterministic backup guardian based on agent address
+            # In production, these would be trusted service addresses
+            backup_index = len(guardians) - 1  # -1 because owner is already included
+            backup_guardian = self._generate_backup_guardian(agent_address, backup_index)
+            
+            if backup_guardian not in guardians:
+                guardians.append(backup_guardian)
+        
+        # Create setup
+        setup = GuardianSetup(
+            primary_guardian=owner_address,
+            backup_guardians=[g for g in guardians if g != owner_address],
+            multisig_threshold=multisig_threshold,
+            emergency_contacts=guardians.copy()
+        )
+        
+        self.guardian_registrations[agent_address] = setup
+        
+        return setup
+    
+    def _generate_backup_guardian(self, agent_address: str, index: int) -> str:
+        """
+        Generate deterministic backup guardian address
+        
+        In production, these would be pre-registered trusted guardian addresses
+        """
+        # Create a deterministic address based on agent address and index
+        seed = f"{agent_address}_{index}_backup_guardian"
+        hash_result = keccak(seed.encode())
+        
+        # Use the hash to generate a valid address
+        address_bytes = hash_result[-20:]  # Take last 20 bytes
+        address = "0x" + address_bytes.hex()
+        
+        return to_checksum_address(address)
+    
+    def create_secure_guardian_contract(
+        self, 
+        agent_address: str,
+        security_level: str = "conservative",
+        custom_guardians: Optional[List[str]] = None
+    ) -> GuardianContract:
+        """
+        Create a guardian contract with proper guardian configuration
+        
+        Args:
+            agent_address: Agent wallet address
+            security_level: Security level
+            custom_guardians: Optional custom guardian addresses
+            
+        Returns:
+            Configured guardian contract
+        """
+        # Create guardian setup
+        setup = self.create_guardian_setup(
+            agent_address=agent_address,
+            owner_address=agent_address,  # Agent is its own owner initially
+            security_level=security_level,
+            custom_guardians=custom_guardians
+        )
+        
+        # Get security configuration
+        config = self._get_security_config(security_level, setup)
+        
+        # Create contract
+        contract = GuardianContract(agent_address, config)
+        
+        # Store contract
+        self.guardian_contracts[agent_address] = contract
+        
+        return contract
+    
+    def _get_security_config(self, security_level: str, setup: GuardianSetup) -> GuardianConfig:
+        """Get security configuration with proper guardian list"""
+        
+        # Build guardian list
+        all_guardians = [setup.primary_guardian] + setup.backup_guardians
+        
+        if security_level == "conservative":
+            return GuardianConfig(
+                limits=SpendingLimit(
+                    per_transaction=1000,
+                    per_hour=5000,
+                    per_day=20000,
+                    per_week=100000
+                ),
+                time_lock=TimeLockConfig(
+                    threshold=5000,
+                    delay_hours=24,
+                    max_delay_hours=168
+                ),
+                guardians=all_guardians,
+                pause_enabled=True,
+                emergency_mode=False,
+                multisig_threshold=setup.multisig_threshold
+            )
+        
+        elif security_level == "aggressive":
+            return GuardianConfig(
+                limits=SpendingLimit(
+                    per_transaction=5000,
+                    per_hour=25000,
+                    per_day=100000,
+                    per_week=500000
+                ),
+                time_lock=TimeLockConfig(
+                    threshold=20000,
+                    delay_hours=12,
+                    max_delay_hours=72
+                ),
+                guardians=all_guardians,
+                pause_enabled=True,
+                emergency_mode=False,
+                multisig_threshold=setup.multisig_threshold
+            )
+        
+        elif security_level == "high_security":
+            return GuardianConfig(
+                limits=SpendingLimit(
+                    per_transaction=500,
+                    per_hour=2000,
+                    per_day=8000,
+                    per_week=40000
+                ),
+                time_lock=TimeLockConfig(
+                    threshold=2000,
+                    delay_hours=48,
+                    max_delay_hours=168
+                ),
+                guardians=all_guardians,
+                pause_enabled=True,
+                emergency_mode=False,
+                multisig_threshold=setup.multisig_threshold
+            )
+        
+        else:
+            raise ValueError(f"Invalid security level: {security_level}")
+    
+    def test_emergency_pause(self, agent_address: str, guardian_address: str) -> Dict:
+        """
+        Test emergency pause functionality
+        
+        Args:
+            agent_address: Agent address
+            guardian_address: Guardian attempting pause
+            
+        Returns:
+            Test result
+        """
+        if agent_address not in self.guardian_contracts:
+            return {
+                "status": "error",
+                "reason": "Agent not registered"
+            }
+        
+        contract = self.guardian_contracts[agent_address]
+        return contract.emergency_pause(guardian_address)
+    
+    def verify_guardian_authorization(self, agent_address: str, guardian_address: str) -> bool:
+        """
+        Verify if a guardian is authorized for an agent
+        
+        Args:
+            agent_address: Agent address
+            guardian_address: Guardian address to verify
+            
+        Returns:
+            True if guardian is authorized
+        """
+        if agent_address not in self.guardian_registrations:
+            return False
+        
+        setup = self.guardian_registrations[agent_address]
+        all_guardians = [setup.primary_guardian] + setup.backup_guardians
+        
+        return to_checksum_address(guardian_address) in [
+            to_checksum_address(g) for g in all_guardians
+        ]
+    
+    def get_guardian_summary(self, agent_address: str) -> Dict:
+        """
+        Get guardian setup summary for an agent
+        
+        Args:
+            agent_address: Agent address
+            
+        Returns:
+            Guardian summary
+        """
+        if agent_address not in self.guardian_registrations:
+            return {"error": "Agent not registered"}
+        
+        setup = self.guardian_registrations[agent_address]
+        contract = self.guardian_contracts.get(agent_address)
+        
+        return {
+            "agent_address": agent_address,
+            "primary_guardian": setup.primary_guardian,
+            "backup_guardians": setup.backup_guardians,
+            "total_guardians": len(setup.backup_guardians) + 1,
+            "multisig_threshold": setup.multisig_threshold,
+            "emergency_contacts": setup.emergency_contacts,
+            "contract_status": contract.get_spending_status() if contract else None,
+            "pause_functional": contract is not None and len(setup.backup_guardians) > 0
+        }
+
+
+# Fixed security configurations with proper guardians
+def get_fixed_conservative_config(agent_address: str, owner_address: str) -> GuardianConfig:
+    """Get fixed conservative configuration with proper guardians"""
+    return GuardianConfig(
+        limits=SpendingLimit(
+            per_transaction=1000,
+            per_hour=5000,
+            per_day=20000,
+            per_week=100000
+        ),
+        time_lock=TimeLockConfig(
+            threshold=5000,
+            delay_hours=24,
+            max_delay_hours=168
+        ),
+        guardians=[owner_address],  # At least the owner
+        pause_enabled=True,
+        emergency_mode=False
+    )
+
+
+def get_fixed_aggressive_config(agent_address: str, owner_address: str) -> GuardianConfig:
+    """Get fixed aggressive configuration with proper guardians"""
+    return GuardianConfig(
+        limits=SpendingLimit(
+            per_transaction=5000,
+            per_hour=25000,
+            per_day=100000,
+            per_week=500000
+        ),
+        time_lock=TimeLockConfig(
+            threshold=20000,
+            delay_hours=12,
+            max_delay_hours=72
+        ),
+        guardians=[owner_address],  # At least the owner
+        pause_enabled=True,
+        emergency_mode=False
+    )
+
+
+def get_fixed_high_security_config(agent_address: str, owner_address: str) -> GuardianConfig:
+    """Get fixed high security configuration with proper guardians"""
+    return GuardianConfig(
+        limits=SpendingLimit(
+            per_transaction=500,
+            per_hour=2000,
+            per_day=8000,
+            per_week=40000
+        ),
+        time_lock=TimeLockConfig(
+            threshold=2000,
+            delay_hours=48,
+            max_delay_hours=168
+        ),
+        guardians=[owner_address],  # At least the owner
+        pause_enabled=True,
+        emergency_mode=False
+    )
+
+
+# Global secure guardian manager
+secure_guardian_manager = SecureGuardianManager()
+
+
+# Convenience function for secure agent registration
+def register_agent_with_guardians(
+    agent_address: str,
+    owner_address: str,
+    security_level: str = "conservative",
+    custom_guardians: Optional[List[str]] = None
+) -> Dict:
+    """
+    Register an agent with proper guardian configuration
+    
+    Args:
+        agent_address: Agent wallet address
+        owner_address: Owner address
+        security_level: Security level
+        custom_guardians: Optional custom guardians
+        
+    Returns:
+        Registration result
+    """
+    try:
+        # Create secure guardian contract
+        contract = secure_guardian_manager.create_secure_guardian_contract(
+            agent_address=agent_address,
+            security_level=security_level,
+            custom_guardians=custom_guardians
+        )
+        
+        # Get guardian summary
+        summary = secure_guardian_manager.get_guardian_summary(agent_address)
+        
+        return {
+            "status": "registered",
+            "agent_address": agent_address,
+            "security_level": security_level,
+            "guardian_count": summary["total_guardians"],
+            "multisig_threshold": summary["multisig_threshold"],
+            "pause_functional": summary["pause_functional"],
+            "registered_at": datetime.utcnow().isoformat()
+        }
+        
+    except Exception as e:
+        return {
+            "status": "error",
+            "reason": f"Registration failed: {str(e)}"
+        }

apps/blockchain-node/src/aitbc_chain/contracts_backup_20260402_120608/guardian_contract.py

@@ -0,0 +1,682 @@
+"""
+AITBC Guardian Contract - Spending Limit Protection for Agent Wallets
+
+This contract implements a spending limit guardian that protects autonomous agent
+wallets from unlimited spending in case of compromise. It provides:
+- Per-transaction spending limits
+- Per-period (daily/hourly) spending caps
+- Time-lock for large withdrawals
+- Emergency pause functionality
+- Multi-signature recovery for critical operations
+"""
+
+from typing import Dict, List, Optional, Tuple
+from dataclasses import dataclass
+from datetime import datetime, timedelta
+import json
+import os
+import sqlite3
+from pathlib import Path
+from eth_account import Account
+from eth_utils import to_checksum_address, keccak
+
+
+@dataclass
+class SpendingLimit:
+    """Spending limit configuration"""
+    per_transaction: int  # Maximum per transaction
+    per_hour: int         # Maximum per hour
+    per_day: int          # Maximum per day
+    per_week: int         # Maximum per week
+    
+@dataclass
+class TimeLockConfig:
+    """Time lock configuration for large withdrawals"""
+    threshold: int       # Amount that triggers time lock
+    delay_hours: int     # Delay period in hours
+    max_delay_hours: int # Maximum delay period
+
+
+@dataclass
+class GuardianConfig:
+    """Complete guardian configuration"""
+    limits: SpendingLimit
+    time_lock: TimeLockConfig
+    guardians: List[str]  # Guardian addresses for recovery
+    pause_enabled: bool = True
+    emergency_mode: bool = False
+
+
+class GuardianContract:
+    """
+    Guardian contract implementation for agent wallet protection
+    """
+    
+    def __init__(self, agent_address: str, config: GuardianConfig, storage_path: str = None):
+        self.agent_address = to_checksum_address(agent_address)
+        self.config = config
+        
+        # CRITICAL SECURITY FIX: Use persistent storage instead of in-memory
+        if storage_path is None:
+            storage_path = os.path.join(os.path.expanduser("~"), ".aitbc", "guardian_contracts")
+        
+        self.storage_dir = Path(storage_path)
+        self.storage_dir.mkdir(parents=True, exist_ok=True)
+        
+        # Database file for this contract
+        self.db_path = self.storage_dir / f"guardian_{self.agent_address}.db"
+        
+        # Initialize persistent storage
+        self._init_storage()
+        
+        # Load state from storage
+        self._load_state()
+        
+        # In-memory cache for performance (synced with storage)
+        self.spending_history: List[Dict] = []
+        self.pending_operations: Dict[str, Dict] = {}
+        self.paused = False
+        self.emergency_mode = False
+        
+        # Contract state
+        self.nonce = 0
+        self.guardian_approvals: Dict[str, bool] = {}
+        
+        # Load data from persistent storage
+        self._load_spending_history()
+        self._load_pending_operations()
+        
+    def _init_storage(self):
+        """Initialize SQLite database for persistent storage"""
+        with sqlite3.connect(self.db_path) as conn:
+            conn.execute('''
+                CREATE TABLE IF NOT EXISTS spending_history (
+                    id INTEGER PRIMARY KEY AUTOINCREMENT,
+                    operation_id TEXT UNIQUE,
+                    agent_address TEXT,
+                    to_address TEXT,
+                    amount INTEGER,
+                    data TEXT,
+                    timestamp TEXT,
+                    executed_at TEXT,
+                    status TEXT,
+                    nonce INTEGER,
+                    created_at DATETIME DEFAULT CURRENT_TIMESTAMP
+                )
+            ''')
+            
+            conn.execute('''
+                CREATE TABLE IF NOT EXISTS pending_operations (
+                    operation_id TEXT PRIMARY KEY,
+                    agent_address TEXT,
+                    operation_data TEXT,
+                    status TEXT,
+                    created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+                    updated_at DATETIME DEFAULT CURRENT_TIMESTAMP
+                )
+            ''')
+            
+            conn.execute('''
+                CREATE TABLE IF NOT EXISTS contract_state (
+                    agent_address TEXT PRIMARY KEY,
+                    nonce INTEGER DEFAULT 0,
+                    paused BOOLEAN DEFAULT 0,
+                    emergency_mode BOOLEAN DEFAULT 0,
+                    last_updated DATETIME DEFAULT CURRENT_TIMESTAMP
+                )
+            ''')
+            
+            conn.commit()
+    
+    def _load_state(self):
+        """Load contract state from persistent storage"""
+        with sqlite3.connect(self.db_path) as conn:
+            cursor = conn.execute(
+                'SELECT nonce, paused, emergency_mode FROM contract_state WHERE agent_address = ?',
+                (self.agent_address,)
+            )
+            row = cursor.fetchone()
+            
+            if row:
+                self.nonce, self.paused, self.emergency_mode = row
+            else:
+                # Initialize state for new contract
+                conn.execute(
+                    'INSERT INTO contract_state (agent_address, nonce, paused, emergency_mode) VALUES (?, ?, ?, ?)',
+                    (self.agent_address, 0, False, False)
+                )
+                conn.commit()
+    
+    def _save_state(self):
+        """Save contract state to persistent storage"""
+        with sqlite3.connect(self.db_path) as conn:
+            conn.execute(
+                'UPDATE contract_state SET nonce = ?, paused = ?, emergency_mode = ?, last_updated = CURRENT_TIMESTAMP WHERE agent_address = ?',
+                (self.nonce, self.paused, self.emergency_mode, self.agent_address)
+            )
+            conn.commit()
+    
+    def _load_spending_history(self):
+        """Load spending history from persistent storage"""
+        with sqlite3.connect(self.db_path) as conn:
+            cursor = conn.execute(
+                'SELECT operation_id, to_address, amount, data, timestamp, executed_at, status, nonce FROM spending_history WHERE agent_address = ? ORDER BY timestamp DESC',
+                (self.agent_address,)
+            )
+            
+            self.spending_history = []
+            for row in cursor:
+                self.spending_history.append({
+                    "operation_id": row[0],
+                    "to": row[1],
+                    "amount": row[2],
+                    "data": row[3],
+                    "timestamp": row[4],
+                    "executed_at": row[5],
+                    "status": row[6],
+                    "nonce": row[7]
+                })
+    
+    def _save_spending_record(self, record: Dict):
+        """Save spending record to persistent storage"""
+        with sqlite3.connect(self.db_path) as conn:
+            conn.execute(
+                '''INSERT OR REPLACE INTO spending_history 
+                   (operation_id, agent_address, to_address, amount, data, timestamp, executed_at, status, nonce) 
+                   VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)''',
+                (
+                    record["operation_id"],
+                    self.agent_address,
+                    record["to"],
+                    record["amount"],
+                    record.get("data", ""),
+                    record["timestamp"],
+                    record.get("executed_at", ""),
+                    record["status"],
+                    record["nonce"]
+                )
+            )
+            conn.commit()
+    
+    def _load_pending_operations(self):
+        """Load pending operations from persistent storage"""
+        with sqlite3.connect(self.db_path) as conn:
+            cursor = conn.execute(
+                'SELECT operation_id, operation_data, status FROM pending_operations WHERE agent_address = ?',
+                (self.agent_address,)
+            )
+            
+            self.pending_operations = {}
+            for row in cursor:
+                operation_data = json.loads(row[1])
+                operation_data["status"] = row[2]
+                self.pending_operations[row[0]] = operation_data
+    
+    def _save_pending_operation(self, operation_id: str, operation: Dict):
+        """Save pending operation to persistent storage"""
+        with sqlite3.connect(self.db_path) as conn:
+            conn.execute(
+                '''INSERT OR REPLACE INTO pending_operations 
+                   (operation_id, agent_address, operation_data, status, updated_at) 
+                   VALUES (?, ?, ?, ?, CURRENT_TIMESTAMP)''',
+                (operation_id, self.agent_address, json.dumps(operation), operation["status"])
+            )
+            conn.commit()
+    
+    def _remove_pending_operation(self, operation_id: str):
+        """Remove pending operation from persistent storage"""
+        with sqlite3.connect(self.db_path) as conn:
+            conn.execute(
+                'DELETE FROM pending_operations WHERE operation_id = ? AND agent_address = ?',
+                (operation_id, self.agent_address)
+            )
+            conn.commit()
+        
+    def _get_period_key(self, timestamp: datetime, period: str) -> str:
+        """Generate period key for spending tracking"""
+        if period == "hour":
+            return timestamp.strftime("%Y-%m-%d-%H")
+        elif period == "day":
+            return timestamp.strftime("%Y-%m-%d")
+        elif period == "week":
+            # Get week number (Monday as first day)
+            week_num = timestamp.isocalendar()[1]
+            return f"{timestamp.year}-W{week_num:02d}"
+        else:
+            raise ValueError(f"Invalid period: {period}")
+    
+    def _get_spent_in_period(self, period: str, timestamp: datetime = None) -> int:
+        """Calculate total spent in given period"""
+        if timestamp is None:
+            timestamp = datetime.utcnow()
+            
+        period_key = self._get_period_key(timestamp, period)
+        
+        total = 0
+        for record in self.spending_history:
+            record_time = datetime.fromisoformat(record["timestamp"])
+            record_period = self._get_period_key(record_time, period)
+            
+            if record_period == period_key and record["status"] == "completed":
+                total += record["amount"]
+                
+        return total
+    
+    def _check_spending_limits(self, amount: int, timestamp: datetime = None) -> Tuple[bool, str]:
+        """Check if amount exceeds spending limits"""
+        if timestamp is None:
+            timestamp = datetime.utcnow()
+            
+        # Check per-transaction limit
+        if amount > self.config.limits.per_transaction:
+            return False, f"Amount {amount} exceeds per-transaction limit {self.config.limits.per_transaction}"
+        
+        # Check per-hour limit
+        spent_hour = self._get_spent_in_period("hour", timestamp)
+        if spent_hour + amount > self.config.limits.per_hour:
+            return False, f"Hourly spending {spent_hour + amount} would exceed limit {self.config.limits.per_hour}"
+        
+        # Check per-day limit
+        spent_day = self._get_spent_in_period("day", timestamp)
+        if spent_day + amount > self.config.limits.per_day:
+            return False, f"Daily spending {spent_day + amount} would exceed limit {self.config.limits.per_day}"
+        
+        # Check per-week limit
+        spent_week = self._get_spent_in_period("week", timestamp)
+        if spent_week + amount > self.config.limits.per_week:
+            return False, f"Weekly spending {spent_week + amount} would exceed limit {self.config.limits.per_week}"
+        
+        return True, "Spending limits check passed"
+    
+    def _requires_time_lock(self, amount: int) -> bool:
+        """Check if amount requires time lock"""
+        return amount >= self.config.time_lock.threshold
+    
+    def _create_operation_hash(self, operation: Dict) -> str:
+        """Create hash for operation identification"""
+        operation_str = json.dumps(operation, sort_keys=True)
+        return keccak(operation_str.encode()).hex()
+    
+    def initiate_transaction(self, to_address: str, amount: int, data: str = "") -> Dict:
+        """
+        Initiate a transaction with guardian protection
+        
+        Args:
+            to_address: Recipient address
+            amount: Amount to transfer
+            data: Transaction data (optional)
+            
+        Returns:
+            Operation result with status and details
+        """
+        # Check if paused
+        if self.paused:
+            return {
+                "status": "rejected",
+                "reason": "Guardian contract is paused",
+                "operation_id": None
+            }
+        
+        # Check emergency mode
+        if self.emergency_mode:
+            return {
+                "status": "rejected", 
+                "reason": "Emergency mode activated",
+                "operation_id": None
+            }
+        
+        # Validate address
+        try:
+            to_address = to_checksum_address(to_address)
+        except Exception:
+            return {
+                "status": "rejected",
+                "reason": "Invalid recipient address",
+                "operation_id": None
+            }
+        
+        # Check spending limits
+        limits_ok, limits_reason = self._check_spending_limits(amount)
+        if not limits_ok:
+            return {
+                "status": "rejected",
+                "reason": limits_reason,
+                "operation_id": None
+            }
+        
+        # Create operation
+        operation = {
+            "type": "transaction",
+            "to": to_address,
+            "amount": amount,
+            "data": data,
+            "timestamp": datetime.utcnow().isoformat(),
+            "nonce": self.nonce,
+            "status": "pending"
+        }
+        
+        operation_id = self._create_operation_hash(operation)
+        operation["operation_id"] = operation_id
+        
+        # Check if time lock is required
+        if self._requires_time_lock(amount):
+            unlock_time = datetime.utcnow() + timedelta(hours=self.config.time_lock.delay_hours)
+            operation["unlock_time"] = unlock_time.isoformat()
+            operation["status"] = "time_locked"
+            
+            # Store for later execution
+            self.pending_operations[operation_id] = operation
+            
+            return {
+                "status": "time_locked",
+                "operation_id": operation_id,
+                "unlock_time": unlock_time.isoformat(),
+                "delay_hours": self.config.time_lock.delay_hours,
+                "message": f"Transaction requires {self.config.time_lock.delay_hours}h time lock"
+            }
+        
+        # Immediate execution for smaller amounts
+        self.pending_operations[operation_id] = operation
+        
+        return {
+            "status": "approved",
+            "operation_id": operation_id,
+            "message": "Transaction approved for execution"
+        }
+    
+    def execute_transaction(self, operation_id: str, signature: str) -> Dict:
+        """
+        Execute a previously approved transaction
+        
+        Args:
+            operation_id: Operation ID from initiate_transaction
+            signature: Transaction signature from agent
+            
+        Returns:
+            Execution result
+        """
+        if operation_id not in self.pending_operations:
+            return {
+                "status": "error",
+                "reason": "Operation not found"
+            }
+        
+        operation = self.pending_operations[operation_id]
+        
+        # Check if operation is time locked
+        if operation["status"] == "time_locked":
+            unlock_time = datetime.fromisoformat(operation["unlock_time"])
+            if datetime.utcnow() < unlock_time:
+                return {
+                    "status": "error",
+                    "reason": f"Operation locked until {unlock_time.isoformat()}"
+                }
+            
+            operation["status"] = "ready"
+        
+        # Verify signature (simplified - in production, use proper verification)
+        try:
+            # In production, verify the signature matches the agent address
+            # For now, we'll assume signature is valid
+            pass
+        except Exception as e:
+            return {
+                "status": "error",
+                "reason": f"Invalid signature: {str(e)}"
+            }
+        
+        # Record the transaction
+        record = {
+            "operation_id": operation_id,
+            "to": operation["to"],
+            "amount": operation["amount"],
+            "data": operation.get("data", ""),
+            "timestamp": operation["timestamp"],
+            "executed_at": datetime.utcnow().isoformat(),
+            "status": "completed",
+            "nonce": operation["nonce"]
+        }
+        
+        # CRITICAL SECURITY FIX: Save to persistent storage
+        self._save_spending_record(record)
+        self.spending_history.append(record)
+        self.nonce += 1
+        self._save_state()
+        
+        # Remove from pending storage
+        self._remove_pending_operation(operation_id)
+        if operation_id in self.pending_operations:
+            del self.pending_operations[operation_id]
+        
+        return {
+            "status": "executed",
+            "operation_id": operation_id,
+            "transaction_hash": f"0x{keccak(f'{operation_id}{signature}'.encode()).hex()}",
+            "executed_at": record["executed_at"]
+        }
+    
+    def emergency_pause(self, guardian_address: str) -> Dict:
+        """
+        Emergency pause function (guardian only)
+        
+        Args:
+            guardian_address: Address of guardian initiating pause
+            
+        Returns:
+            Pause result
+        """
+        if guardian_address not in self.config.guardians:
+            return {
+                "status": "rejected",
+                "reason": "Not authorized: guardian address not recognized"
+            }
+        
+        self.paused = True
+        self.emergency_mode = True
+        
+        # CRITICAL SECURITY FIX: Save state to persistent storage
+        self._save_state()
+        
+        return {
+            "status": "paused",
+            "paused_at": datetime.utcnow().isoformat(),
+            "guardian": guardian_address,
+            "message": "Emergency pause activated - all operations halted"
+        }
+    
+    def emergency_unpause(self, guardian_signatures: List[str]) -> Dict:
+        """
+        Emergency unpause function (requires multiple guardian signatures)
+        
+        Args:
+            guardian_signatures: Signatures from required guardians
+            
+        Returns:
+            Unpause result
+        """
+        # In production, verify all guardian signatures
+        required_signatures = len(self.config.guardians)
+        if len(guardian_signatures) < required_signatures:
+            return {
+                "status": "rejected",
+                "reason": f"Requires {required_signatures} guardian signatures, got {len(guardian_signatures)}"
+            }
+        
+        # Verify signatures (simplified)
+        # In production, verify each signature matches a guardian address
+        
+        self.paused = False
+        self.emergency_mode = False
+        
+        # CRITICAL SECURITY FIX: Save state to persistent storage
+        self._save_state()
+        
+        return {
+            "status": "unpaused",
+            "unpaused_at": datetime.utcnow().isoformat(),
+            "message": "Emergency pause lifted - operations resumed"
+        }
+    
+    def update_limits(self, new_limits: SpendingLimit, guardian_address: str) -> Dict:
+        """
+        Update spending limits (guardian only)
+        
+        Args:
+            new_limits: New spending limits
+            guardian_address: Address of guardian making the change
+            
+        Returns:
+            Update result
+        """
+        if guardian_address not in self.config.guardians:
+            return {
+                "status": "rejected",
+                "reason": "Not authorized: guardian address not recognized"
+            }
+        
+        old_limits = self.config.limits
+        self.config.limits = new_limits
+        
+        return {
+            "status": "updated",
+            "old_limits": old_limits,
+            "new_limits": new_limits,
+            "updated_at": datetime.utcnow().isoformat(),
+            "guardian": guardian_address
+        }
+    
+    def get_spending_status(self) -> Dict:
+        """Get current spending status and limits"""
+        now = datetime.utcnow()
+        
+        return {
+            "agent_address": self.agent_address,
+            "current_limits": self.config.limits,
+            "spent": {
+                "current_hour": self._get_spent_in_period("hour", now),
+                "current_day": self._get_spent_in_period("day", now),
+                "current_week": self._get_spent_in_period("week", now)
+            },
+            "remaining": {
+                "current_hour": self.config.limits.per_hour - self._get_spent_in_period("hour", now),
+                "current_day": self.config.limits.per_day - self._get_spent_in_period("day", now),
+                "current_week": self.config.limits.per_week - self._get_spent_in_period("week", now)
+            },
+            "pending_operations": len(self.pending_operations),
+            "paused": self.paused,
+            "emergency_mode": self.emergency_mode,
+            "nonce": self.nonce
+        }
+    
+    def get_operation_history(self, limit: int = 50) -> List[Dict]:
+        """Get operation history"""
+        return sorted(self.spending_history, key=lambda x: x["timestamp"], reverse=True)[:limit]
+    
+    def get_pending_operations(self) -> List[Dict]:
+        """Get all pending operations"""
+        return list(self.pending_operations.values())
+
+
+# Factory function for creating guardian contracts
+def create_guardian_contract(
+    agent_address: str,
+    per_transaction: int = 1000,
+    per_hour: int = 5000,
+    per_day: int = 20000,
+    per_week: int = 100000,
+    time_lock_threshold: int = 10000,
+    time_lock_delay: int = 24,
+    guardians: List[str] = None
+) -> GuardianContract:
+    """
+    Create a guardian contract with default security parameters
+    
+    Args:
+        agent_address: The agent wallet address to protect
+        per_transaction: Maximum amount per transaction
+        per_hour: Maximum amount per hour
+        per_day: Maximum amount per day
+        per_week: Maximum amount per week
+        time_lock_threshold: Amount that triggers time lock
+        time_lock_delay: Time lock delay in hours
+        guardians: List of guardian addresses (REQUIRED for security)
+        
+    Returns:
+        Configured GuardianContract instance
+        
+    Raises:
+        ValueError: If no guardians are provided or guardians list is insufficient
+    """
+    # CRITICAL SECURITY FIX: Require proper guardians, never default to agent address
+    if guardians is None or not guardians:
+        raise ValueError(
+            "❌ CRITICAL: Guardians are required for security. "
+            "Provide at least 3 trusted guardian addresses different from the agent address."
+        )
+    
+    # Validate that guardians are different from agent address
+    agent_checksum = to_checksum_address(agent_address)
+    guardian_checksums = [to_checksum_address(g) for g in guardians]
+    
+    if agent_checksum in guardian_checksums:
+        raise ValueError(
+            "❌ CRITICAL: Agent address cannot be used as guardian. "
+            "Guardians must be independent trusted addresses."
+        )
+    
+    # Require minimum number of guardians for security
+    if len(guardian_checksums) < 3:
+        raise ValueError(
+            f"❌ CRITICAL: At least 3 guardians required for security, got {len(guardian_checksums)}. "
+            "Consider using a multi-sig wallet or trusted service providers."
+        )
+    
+    limits = SpendingLimit(
+        per_transaction=per_transaction,
+        per_hour=per_hour,
+        per_day=per_day,
+        per_week=per_week
+    )
+    
+    time_lock = TimeLockConfig(
+        threshold=time_lock_threshold,
+        delay_hours=time_lock_delay,
+        max_delay_hours=168  # 1 week max
+    )
+    
+    config = GuardianConfig(
+        limits=limits,
+        time_lock=time_lock,
+        guardians=[to_checksum_address(g) for g in guardians]
+    )
+    
+    return GuardianContract(agent_address, config)
+
+
+# Example usage and security configurations
+CONSERVATIVE_CONFIG = {
+    "per_transaction": 100,    # $100 per transaction
+    "per_hour": 500,          # $500 per hour
+    "per_day": 2000,          # $2,000 per day
+    "per_week": 10000,        # $10,000 per week
+    "time_lock_threshold": 1000,  # Time lock over $1,000
+    "time_lock_delay": 24     # 24 hour delay
+}
+
+AGGRESSIVE_CONFIG = {
+    "per_transaction": 1000,   # $1,000 per transaction
+    "per_hour": 5000,         # $5,000 per hour
+    "per_day": 20000,         # $20,000 per day
+    "per_week": 100000,       # $100,000 per week
+    "time_lock_threshold": 10000,  # Time lock over $10,000
+    "time_lock_delay": 12     # 12 hour delay
+}
+
+HIGH_SECURITY_CONFIG = {
+    "per_transaction": 50,     # $50 per transaction
+    "per_hour": 200,          # $200 per hour
+    "per_day": 1000,          # $1,000 per day
+    "per_week": 5000,         # $5,000 per week
+    "time_lock_threshold": 500,   # Time lock over $500
+    "time_lock_delay": 48     # 48 hour delay
+}

apps/blockchain-node/src/aitbc_chain/contracts_backup_20260402_120608/optimization.py

@@ -0,0 +1,351 @@
+"""
+Gas Optimization System
+Optimizes gas usage and fee efficiency for smart contracts
+"""
+
+import asyncio
+import time
+import json
+from typing import Dict, List, Optional, Tuple
+from dataclasses import dataclass
+from enum import Enum
+from decimal import Decimal
+
+class OptimizationStrategy(Enum):
+    BATCH_OPERATIONS = "batch_operations"
+    LAZY_EVALUATION = "lazy_evaluation"
+    STATE_COMPRESSION = "state_compression"
+    EVENT_FILTERING = "event_filtering"
+    STORAGE_OPTIMIZATION = "storage_optimization"
+
+@dataclass
+class GasMetric:
+    contract_address: str
+    function_name: str
+    gas_used: int
+    gas_limit: int
+    execution_time: float
+    timestamp: float
+    optimization_applied: Optional[str]
+
+@dataclass
+class OptimizationResult:
+    strategy: OptimizationStrategy
+    original_gas: int
+    optimized_gas: int
+    gas_savings: int
+    savings_percentage: float
+    implementation_cost: Decimal
+    net_benefit: Decimal
+
+class GasOptimizer:
+    """Optimizes gas usage for smart contracts"""
+    
+    def __init__(self):
+        self.gas_metrics: List[GasMetric] = []
+        self.optimization_results: List[OptimizationResult] = []
+        self.optimization_strategies = self._initialize_strategies()
+        
+        # Optimization parameters
+        self.min_optimization_threshold = 1000  # Minimum gas to consider optimization
+        self.optimization_target_savings = 0.1  # 10% minimum savings
+        self.max_optimization_cost = Decimal('0.01')  # Maximum cost per optimization
+        self.metric_retention_period = 86400 * 7  # 7 days
+        
+        # Gas price tracking
+        self.gas_price_history: List[Dict] = []
+        self.current_gas_price = Decimal('0.001')
+    
+    def _initialize_strategies(self) -> Dict[OptimizationStrategy, Dict]:
+        """Initialize optimization strategies"""
+        return {
+            OptimizationStrategy.BATCH_OPERATIONS: {
+                'description': 'Batch multiple operations into single transaction',
+                'potential_savings': 0.3,  # 30% potential savings
+                'implementation_cost': Decimal('0.005'),
+                'applicable_functions': ['transfer', 'approve', 'mint']
+            },
+            OptimizationStrategy.LAZY_EVALUATION: {
+                'description': 'Defer expensive computations until needed',
+                'potential_savings': 0.2,  # 20% potential savings
+                'implementation_cost': Decimal('0.003'),
+                'applicable_functions': ['calculate', 'validate', 'process']
+            },
+            OptimizationStrategy.STATE_COMPRESSION: {
+                'description': 'Compress state data to reduce storage costs',
+                'potential_savings': 0.4,  # 40% potential savings
+                'implementation_cost': Decimal('0.008'),
+                'applicable_functions': ['store', 'update', 'save']
+            },
+            OptimizationStrategy.EVENT_FILTERING: {
+                'description': 'Filter events to reduce emission costs',
+                'potential_savings': 0.15,  # 15% potential savings
+                'implementation_cost': Decimal('0.002'),
+                'applicable_functions': ['emit', 'log', 'notify']
+            },
+            OptimizationStrategy.STORAGE_OPTIMIZATION: {
+                'description': 'Optimize storage patterns and data structures',
+                'potential_savings': 0.25,  # 25% potential savings
+                'implementation_cost': Decimal('0.006'),
+                'applicable_functions': ['set', 'add', 'remove']
+            }
+        }
+    
+    async def record_gas_usage(self, contract_address: str, function_name: str,
+                              gas_used: int, gas_limit: int, execution_time: float,
+                              optimization_applied: Optional[str] = None):
+        """Record gas usage metrics"""
+        metric = GasMetric(
+            contract_address=contract_address,
+            function_name=function_name,
+            gas_used=gas_used,
+            gas_limit=gas_limit,
+            execution_time=execution_time,
+            timestamp=time.time(),
+            optimization_applied=optimization_applied
+        )
+        
+        self.gas_metrics.append(metric)
+        
+        # Limit history size
+        if len(self.gas_metrics) > 10000:
+            self.gas_metrics = self.gas_metrics[-5000]
+        
+        # Trigger optimization analysis if threshold met
+        if gas_used >= self.min_optimization_threshold:
+            asyncio.create_task(self._analyze_optimization_opportunity(metric))
+    
+    async def _analyze_optimization_opportunity(self, metric: GasMetric):
+        """Analyze if optimization is beneficial"""
+        # Get historical average for this function
+        historical_metrics = [
+            m for m in self.gas_metrics
+            if m.function_name == metric.function_name and
+            m.contract_address == metric.contract_address and
+            not m.optimization_applied
+        ]
+        
+        if len(historical_metrics) < 5:  # Need sufficient history
+            return
+        
+        avg_gas = sum(m.gas_used for m in historical_metrics) / len(historical_metrics)
+        
+        # Test each optimization strategy
+        for strategy, config in self.optimization_strategies.items():
+            if self._is_strategy_applicable(strategy, metric.function_name):
+                potential_savings = avg_gas * config['potential_savings']
+                
+                if potential_savings >= self.min_optimization_threshold:
+                    # Calculate net benefit
+                    gas_price = self.current_gas_price
+                    gas_savings_value = potential_savings * gas_price
+                    net_benefit = gas_savings_value - config['implementation_cost']
+                    
+                    if net_benefit > 0:
+                        # Create optimization result
+                        result = OptimizationResult(
+                            strategy=strategy,
+                            original_gas=int(avg_gas),
+                            optimized_gas=int(avg_gas - potential_savings),
+                            gas_savings=int(potential_savings),
+                            savings_percentage=config['potential_savings'],
+                            implementation_cost=config['implementation_cost'],
+                            net_benefit=net_benefit
+                        )
+                        
+                        self.optimization_results.append(result)
+                        
+                        # Keep only recent results
+                        if len(self.optimization_results) > 1000:
+                            self.optimization_results = self.optimization_results[-500]
+                        
+                        log_info(f"Optimization opportunity found: {strategy.value} for {metric.function_name} - Potential savings: {potential_savings} gas")
+    
+    def _is_strategy_applicable(self, strategy: OptimizationStrategy, function_name: str) -> bool:
+        """Check if optimization strategy is applicable to function"""
+        config = self.optimization_strategies.get(strategy, {})
+        applicable_functions = config.get('applicable_functions', [])
+        
+        # Check if function name contains any applicable keywords
+        for applicable in applicable_functions:
+            if applicable.lower() in function_name.lower():
+                return True
+        
+        return False
+    
+    async def apply_optimization(self, contract_address: str, function_name: str,
+                               strategy: OptimizationStrategy) -> Tuple[bool, str]:
+        """Apply optimization strategy to contract function"""
+        try:
+            # Validate strategy
+            if strategy not in self.optimization_strategies:
+                return False, "Unknown optimization strategy"
+            
+            # Check applicability
+            if not self._is_strategy_applicable(strategy, function_name):
+                return False, "Strategy not applicable to this function"
+            
+            # Get optimization result
+            result = None
+            for res in self.optimization_results:
+                if (res.strategy == strategy and 
+                    res.strategy in self.optimization_strategies):
+                    result = res
+                    break
+            
+            if not result:
+                return False, "No optimization analysis available"
+            
+            # Check if net benefit is positive
+            if result.net_benefit <= 0:
+                return False, "Optimization not cost-effective"
+            
+            # Apply optimization (in real implementation, this would modify contract code)
+            success = await self._implement_optimization(contract_address, function_name, strategy)
+            
+            if success:
+                # Record optimization
+                await self.record_gas_usage(
+                    contract_address, function_name, result.optimized_gas,
+                    result.optimized_gas, 0.0, strategy.value
+                )
+                
+                log_info(f"Optimization applied: {strategy.value} to {function_name}")
+                return True, f"Optimization applied successfully. Gas savings: {result.gas_savings}"
+            else:
+                return False, "Optimization implementation failed"
+                
+        except Exception as e:
+            return False, f"Optimization error: {str(e)}"
+    
+    async def _implement_optimization(self, contract_address: str, function_name: str,
+                                    strategy: OptimizationStrategy) -> bool:
+        """Implement the optimization strategy"""
+        try:
+            # In real implementation, this would:
+            # 1. Analyze contract bytecode
+            # 2. Apply optimization patterns
+            # 3. Generate optimized bytecode
+            # 4. Deploy optimized version
+            # 5. Verify functionality
+            
+            # Simulate implementation
+            await asyncio.sleep(2)  # Simulate optimization time
+            
+            return True
+            
+        except Exception as e:
+            log_error(f"Optimization implementation error: {e}")
+            return False
+    
+    async def update_gas_price(self, new_price: Decimal):
+        """Update current gas price"""
+        self.current_gas_price = new_price
+        
+        # Record price history
+        self.gas_price_history.append({
+            'price': float(new_price),
+            'timestamp': time.time()
+        })
+        
+        # Limit history size
+        if len(self.gas_price_history) > 1000:
+            self.gas_price_history = self.gas_price_history[-500]
+        
+        # Re-evaluate optimization opportunities with new price
+        asyncio.create_task(self._reevaluate_optimizations())
+    
+    async def _reevaluate_optimizations(self):
+        """Re-evaluate optimization opportunities with new gas price"""
+        # Clear old results and re-analyze
+        self.optimization_results.clear()
+        
+        # Re-analyze recent metrics
+        recent_metrics = [
+            m for m in self.gas_metrics
+            if time.time() - m.timestamp < 3600  # Last hour
+        ]
+        
+        for metric in recent_metrics:
+            if metric.gas_used >= self.min_optimization_threshold:
+                await self._analyze_optimization_opportunity(metric)
+    
+    async def get_optimization_recommendations(self, contract_address: Optional[str] = None,
+                                             limit: int = 10) -> List[Dict]:
+        """Get optimization recommendations"""
+        recommendations = []
+        
+        for result in self.optimization_results:
+            if contract_address and result.strategy.value not in self.optimization_strategies:
+                continue
+            
+            if result.net_benefit > 0:
+                recommendations.append({
+                    'strategy': result.strategy.value,
+                    'function': 'contract_function',  # Would map to actual function
+                    'original_gas': result.original_gas,
+                    'optimized_gas': result.optimized_gas,
+                    'gas_savings': result.gas_savings,
+                    'savings_percentage': result.savings_percentage,
+                    'net_benefit': float(result.net_benefit),
+                    'implementation_cost': float(result.implementation_cost)
+                })
+        
+        # Sort by net benefit
+        recommendations.sort(key=lambda x: x['net_benefit'], reverse=True)
+        
+        return recommendations[:limit]
+    
+    async def get_gas_statistics(self) -> Dict:
+        """Get gas usage statistics"""
+        if not self.gas_metrics:
+            return {
+                'total_transactions': 0,
+                'average_gas_used': 0,
+                'total_gas_used': 0,
+                'gas_efficiency': 0,
+                'optimization_opportunities': 0
+            }
+        
+        total_transactions = len(self.gas_metrics)
+        total_gas_used = sum(m.gas_used for m in self.gas_metrics)
+        average_gas_used = total_gas_used / total_transactions
+        
+        # Calculate efficiency (gas used vs gas limit)
+        efficiency_scores = [
+            m.gas_used / m.gas_limit for m in self.gas_metrics
+            if m.gas_limit > 0
+        ]
+        avg_efficiency = sum(efficiency_scores) / len(efficiency_scores) if efficiency_scores else 0
+        
+        # Optimization opportunities
+        optimization_count = len([
+            result for result in self.optimization_results
+            if result.net_benefit > 0
+        ])
+        
+        return {
+            'total_transactions': total_transactions,
+            'average_gas_used': average_gas_used,
+            'total_gas_used': total_gas_used,
+            'gas_efficiency': avg_efficiency,
+            'optimization_opportunities': optimization_count,
+            'current_gas_price': float(self.current_gas_price),
+            'total_optimizations_applied': len([
+                m for m in self.gas_metrics
+                if m.optimization_applied
+            ])
+        }
+
+# Global gas optimizer
+gas_optimizer: Optional[GasOptimizer] = None
+
+def get_gas_optimizer() -> Optional[GasOptimizer]:
+    """Get global gas optimizer"""
+    return gas_optimizer
+
+def create_gas_optimizer() -> GasOptimizer:
+    """Create and set global gas optimizer"""
+    global gas_optimizer
+    gas_optimizer = GasOptimizer()
+    return gas_optimizer

apps/blockchain-node/src/aitbc_chain/contracts_backup_20260402_120608/persistent_spending_tracker.py

@@ -0,0 +1,470 @@
+"""
+Persistent Spending Tracker - Database-Backed Security
+Fixes the critical vulnerability where spending limits were lost on restart
+"""
+
+from typing import Dict, List, Optional, Tuple
+from dataclasses import dataclass
+from datetime import datetime, timedelta
+from sqlalchemy import create_engine, Column, String, Integer, Float, DateTime, Index
+from sqlalchemy.ext.declarative import declarative_base
+from sqlalchemy.orm import sessionmaker, Session
+from eth_utils import to_checksum_address
+import json
+
+Base = declarative_base()
+
+
+class SpendingRecord(Base):
+    """Database model for spending tracking"""
+    __tablename__ = "spending_records"
+    
+    id = Column(String, primary_key=True)
+    agent_address = Column(String, index=True)
+    period_type = Column(String, index=True)  # hour, day, week
+    period_key = Column(String, index=True)
+    amount = Column(Float)
+    transaction_hash = Column(String)
+    timestamp = Column(DateTime, default=datetime.utcnow)
+    
+    # Composite indexes for performance
+    __table_args__ = (
+        Index('idx_agent_period', 'agent_address', 'period_type', 'period_key'),
+        Index('idx_timestamp', 'timestamp'),
+    )
+
+
+class SpendingLimit(Base):
+    """Database model for spending limits"""
+    __tablename__ = "spending_limits"
+    
+    agent_address = Column(String, primary_key=True)
+    per_transaction = Column(Float)
+    per_hour = Column(Float)
+    per_day = Column(Float)
+    per_week = Column(Float)
+    time_lock_threshold = Column(Float)
+    time_lock_delay_hours = Column(Integer)
+    updated_at = Column(DateTime, default=datetime.utcnow)
+    updated_by = Column(String)  # Guardian who updated
+
+
+class GuardianAuthorization(Base):
+    """Database model for guardian authorizations"""
+    __tablename__ = "guardian_authorizations"
+    
+    id = Column(String, primary_key=True)
+    agent_address = Column(String, index=True)
+    guardian_address = Column(String, index=True)
+    is_active = Column(Boolean, default=True)
+    added_at = Column(DateTime, default=datetime.utcnow)
+    added_by = Column(String)
+
+
+@dataclass
+class SpendingCheckResult:
+    """Result of spending limit check"""
+    allowed: bool
+    reason: str
+    current_spent: Dict[str, float]
+    remaining: Dict[str, float]
+    requires_time_lock: bool
+    time_lock_until: Optional[datetime] = None
+
+
+class PersistentSpendingTracker:
+    """
+    Database-backed spending tracker that survives restarts
+    """
+    
+    def __init__(self, database_url: str = "sqlite:///spending_tracker.db"):
+        self.engine = create_engine(database_url)
+        Base.metadata.create_all(self.engine)
+        self.SessionLocal = sessionmaker(bind=self.engine)
+    
+    def get_session(self) -> Session:
+        """Get database session"""
+        return self.SessionLocal()
+    
+    def _get_period_key(self, timestamp: datetime, period: str) -> str:
+        """Generate period key for spending tracking"""
+        if period == "hour":
+            return timestamp.strftime("%Y-%m-%d-%H")
+        elif period == "day":
+            return timestamp.strftime("%Y-%m-%d")
+        elif period == "week":
+            # Get week number (Monday as first day)
+            week_num = timestamp.isocalendar()[1]
+            return f"{timestamp.year}-W{week_num:02d}"
+        else:
+            raise ValueError(f"Invalid period: {period}")
+    
+    def get_spent_in_period(self, agent_address: str, period: str, timestamp: datetime = None) -> float:
+        """
+        Get total spent in given period from database
+        
+        Args:
+            agent_address: Agent wallet address
+            period: Period type (hour, day, week)
+            timestamp: Timestamp to check (default: now)
+            
+        Returns:
+            Total amount spent in period
+        """
+        if timestamp is None:
+            timestamp = datetime.utcnow()
+        
+        period_key = self._get_period_key(timestamp, period)
+        agent_address = to_checksum_address(agent_address)
+        
+        with self.get_session() as session:
+            total = session.query(SpendingRecord).filter(
+                SpendingRecord.agent_address == agent_address,
+                SpendingRecord.period_type == period,
+                SpendingRecord.period_key == period_key
+            ).with_entities(SpendingRecord.amount).all()
+            
+            return sum(record.amount for record in total)
+    
+    def record_spending(self, agent_address: str, amount: float, transaction_hash: str, timestamp: datetime = None) -> bool:
+        """
+        Record a spending transaction in the database
+        
+        Args:
+            agent_address: Agent wallet address
+            amount: Amount spent
+            transaction_hash: Transaction hash
+            timestamp: Transaction timestamp (default: now)
+            
+        Returns:
+            True if recorded successfully
+        """
+        if timestamp is None:
+            timestamp = datetime.utcnow()
+        
+        agent_address = to_checksum_address(agent_address)
+        
+        try:
+            with self.get_session() as session:
+                # Record for all periods
+                periods = ["hour", "day", "week"]
+                
+                for period in periods:
+                    period_key = self._get_period_key(timestamp, period)
+                    
+                    record = SpendingRecord(
+                        id=f"{transaction_hash}_{period}",
+                        agent_address=agent_address,
+                        period_type=period,
+                        period_key=period_key,
+                        amount=amount,
+                        transaction_hash=transaction_hash,
+                        timestamp=timestamp
+                    )
+                    
+                    session.add(record)
+                
+                session.commit()
+                return True
+                
+        except Exception as e:
+            print(f"Failed to record spending: {e}")
+            return False
+    
+    def check_spending_limits(self, agent_address: str, amount: float, timestamp: datetime = None) -> SpendingCheckResult:
+        """
+        Check if amount exceeds spending limits using persistent data
+        
+        Args:
+            agent_address: Agent wallet address
+            amount: Amount to check
+            timestamp: Timestamp for check (default: now)
+            
+        Returns:
+            Spending check result
+        """
+        if timestamp is None:
+            timestamp = datetime.utcnow()
+        
+        agent_address = to_checksum_address(agent_address)
+        
+        # Get spending limits from database
+        with self.get_session() as session:
+            limits = session.query(SpendingLimit).filter(
+                SpendingLimit.agent_address == agent_address
+            ).first()
+            
+            if not limits:
+                # Default limits if not set
+                limits = SpendingLimit(
+                    agent_address=agent_address,
+                    per_transaction=1000.0,
+                    per_hour=5000.0,
+                    per_day=20000.0,
+                    per_week=100000.0,
+                    time_lock_threshold=5000.0,
+                    time_lock_delay_hours=24
+                )
+                session.add(limits)
+                session.commit()
+        
+        # Check each limit
+        current_spent = {}
+        remaining = {}
+        
+        # Per-transaction limit
+        if amount > limits.per_transaction:
+            return SpendingCheckResult(
+                allowed=False,
+                reason=f"Amount {amount} exceeds per-transaction limit {limits.per_transaction}",
+                current_spent=current_spent,
+                remaining=remaining,
+                requires_time_lock=False
+            )
+        
+        # Per-hour limit
+        spent_hour = self.get_spent_in_period(agent_address, "hour", timestamp)
+        current_spent["hour"] = spent_hour
+        remaining["hour"] = limits.per_hour - spent_hour
+        
+        if spent_hour + amount > limits.per_hour:
+            return SpendingCheckResult(
+                allowed=False,
+                reason=f"Hourly spending {spent_hour + amount} would exceed limit {limits.per_hour}",
+                current_spent=current_spent,
+                remaining=remaining,
+                requires_time_lock=False
+            )
+        
+        # Per-day limit
+        spent_day = self.get_spent_in_period(agent_address, "day", timestamp)
+        current_spent["day"] = spent_day
+        remaining["day"] = limits.per_day - spent_day
+        
+        if spent_day + amount > limits.per_day:
+            return SpendingCheckResult(
+                allowed=False,
+                reason=f"Daily spending {spent_day + amount} would exceed limit {limits.per_day}",
+                current_spent=current_spent,
+                remaining=remaining,
+                requires_time_lock=False
+            )
+        
+        # Per-week limit
+        spent_week = self.get_spent_in_period(agent_address, "week", timestamp)
+        current_spent["week"] = spent_week
+        remaining["week"] = limits.per_week - spent_week
+        
+        if spent_week + amount > limits.per_week:
+            return SpendingCheckResult(
+                allowed=False,
+                reason=f"Weekly spending {spent_week + amount} would exceed limit {limits.per_week}",
+                current_spent=current_spent,
+                remaining=remaining,
+                requires_time_lock=False
+            )
+        
+        # Check time lock requirement
+        requires_time_lock = amount >= limits.time_lock_threshold
+        time_lock_until = None
+        
+        if requires_time_lock:
+            time_lock_until = timestamp + timedelta(hours=limits.time_lock_delay_hours)
+        
+        return SpendingCheckResult(
+            allowed=True,
+            reason="Spending limits check passed",
+            current_spent=current_spent,
+            remaining=remaining,
+            requires_time_lock=requires_time_lock,
+            time_lock_until=time_lock_until
+        )
+    
+    def update_spending_limits(self, agent_address: str, new_limits: Dict, guardian_address: str) -> bool:
+        """
+        Update spending limits for an agent
+        
+        Args:
+            agent_address: Agent wallet address
+            new_limits: New spending limits
+            guardian_address: Guardian making the change
+            
+        Returns:
+            True if updated successfully
+        """
+        agent_address = to_checksum_address(agent_address)
+        guardian_address = to_checksum_address(guardian_address)
+        
+        # Verify guardian authorization
+        if not self.is_guardian_authorized(agent_address, guardian_address):
+            return False
+        
+        try:
+            with self.get_session() as session:
+                limits = session.query(SpendingLimit).filter(
+                    SpendingLimit.agent_address == agent_address
+                ).first()
+                
+                if limits:
+                    limits.per_transaction = new_limits.get("per_transaction", limits.per_transaction)
+                    limits.per_hour = new_limits.get("per_hour", limits.per_hour)
+                    limits.per_day = new_limits.get("per_day", limits.per_day)
+                    limits.per_week = new_limits.get("per_week", limits.per_week)
+                    limits.time_lock_threshold = new_limits.get("time_lock_threshold", limits.time_lock_threshold)
+                    limits.time_lock_delay_hours = new_limits.get("time_lock_delay_hours", limits.time_lock_delay_hours)
+                    limits.updated_at = datetime.utcnow()
+                    limits.updated_by = guardian_address
+                else:
+                    limits = SpendingLimit(
+                        agent_address=agent_address,
+                        per_transaction=new_limits.get("per_transaction", 1000.0),
+                        per_hour=new_limits.get("per_hour", 5000.0),
+                        per_day=new_limits.get("per_day", 20000.0),
+                        per_week=new_limits.get("per_week", 100000.0),
+                        time_lock_threshold=new_limits.get("time_lock_threshold", 5000.0),
+                        time_lock_delay_hours=new_limits.get("time_lock_delay_hours", 24),
+                        updated_at=datetime.utcnow(),
+                        updated_by=guardian_address
+                    )
+                    session.add(limits)
+                
+                session.commit()
+                return True
+                
+        except Exception as e:
+            print(f"Failed to update spending limits: {e}")
+            return False
+    
+    def add_guardian(self, agent_address: str, guardian_address: str, added_by: str) -> bool:
+        """
+        Add a guardian for an agent
+        
+        Args:
+            agent_address: Agent wallet address
+            guardian_address: Guardian address
+            added_by: Who added this guardian
+            
+        Returns:
+            True if added successfully
+        """
+        agent_address = to_checksum_address(agent_address)
+        guardian_address = to_checksum_address(guardian_address)
+        added_by = to_checksum_address(added_by)
+        
+        try:
+            with self.get_session() as session:
+                # Check if already exists
+                existing = session.query(GuardianAuthorization).filter(
+                    GuardianAuthorization.agent_address == agent_address,
+                    GuardianAuthorization.guardian_address == guardian_address
+                ).first()
+                
+                if existing:
+                    existing.is_active = True
+                    existing.added_at = datetime.utcnow()
+                    existing.added_by = added_by
+                else:
+                    auth = GuardianAuthorization(
+                        id=f"{agent_address}_{guardian_address}",
+                        agent_address=agent_address,
+                        guardian_address=guardian_address,
+                        is_active=True,
+                        added_at=datetime.utcnow(),
+                        added_by=added_by
+                    )
+                    session.add(auth)
+                
+                session.commit()
+                return True
+                
+        except Exception as e:
+            print(f"Failed to add guardian: {e}")
+            return False
+    
+    def is_guardian_authorized(self, agent_address: str, guardian_address: str) -> bool:
+        """
+        Check if a guardian is authorized for an agent
+        
+        Args:
+            agent_address: Agent wallet address
+            guardian_address: Guardian address
+            
+        Returns:
+            True if authorized
+        """
+        agent_address = to_checksum_address(agent_address)
+        guardian_address = to_checksum_address(guardian_address)
+        
+        with self.get_session() as session:
+            auth = session.query(GuardianAuthorization).filter(
+                GuardianAuthorization.agent_address == agent_address,
+                GuardianAuthorization.guardian_address == guardian_address,
+                GuardianAuthorization.is_active == True
+            ).first()
+            
+            return auth is not None
+    
+    def get_spending_summary(self, agent_address: str) -> Dict:
+        """
+        Get comprehensive spending summary for an agent
+        
+        Args:
+            agent_address: Agent wallet address
+            
+        Returns:
+            Spending summary
+        """
+        agent_address = to_checksum_address(agent_address)
+        now = datetime.utcnow()
+        
+        # Get current spending
+        current_spent = {
+            "hour": self.get_spent_in_period(agent_address, "hour", now),
+            "day": self.get_spent_in_period(agent_address, "day", now),
+            "week": self.get_spent_in_period(agent_address, "week", now)
+        }
+        
+        # Get limits
+        with self.get_session() as session:
+            limits = session.query(SpendingLimit).filter(
+                SpendingLimit.agent_address == agent_address
+            ).first()
+            
+            if not limits:
+                return {"error": "No spending limits set"}
+        
+        # Calculate remaining
+        remaining = {
+            "hour": limits.per_hour - current_spent["hour"],
+            "day": limits.per_day - current_spent["day"],
+            "week": limits.per_week - current_spent["week"]
+        }
+        
+        # Get authorized guardians
+        with self.get_session() as session:
+            guardians = session.query(GuardianAuthorization).filter(
+                GuardianAuthorization.agent_address == agent_address,
+                GuardianAuthorization.is_active == True
+            ).all()
+        
+        return {
+            "agent_address": agent_address,
+            "current_spending": current_spent,
+            "remaining_spending": remaining,
+            "limits": {
+                "per_transaction": limits.per_transaction,
+                "per_hour": limits.per_hour,
+                "per_day": limits.per_day,
+                "per_week": limits.per_week
+            },
+            "time_lock": {
+                "threshold": limits.time_lock_threshold,
+                "delay_hours": limits.time_lock_delay_hours
+            },
+            "authorized_guardians": [g.guardian_address for g in guardians],
+            "last_updated": limits.updated_at.isoformat() if limits.updated_at else None
+        }
+
+
+# Global persistent tracker instance
+persistent_tracker = PersistentSpendingTracker()

apps/blockchain-node/src/aitbc_chain/contracts_backup_20260402_120608/upgrades.py

@@ -0,0 +1,542 @@
+"""
+Contract Upgrade System
+Handles safe contract versioning and upgrade mechanisms
+"""
+
+import asyncio
+import time
+import json
+from typing import Dict, List, Optional, Tuple, Set
+from dataclasses import dataclass
+from enum import Enum
+from decimal import Decimal
+
+class UpgradeStatus(Enum):
+    PROPOSED = "proposed"
+    APPROVED = "approved"
+    REJECTED = "rejected"
+    EXECUTED = "executed"
+    FAILED = "failed"
+    ROLLED_BACK = "rolled_back"
+
+class UpgradeType(Enum):
+    PARAMETER_CHANGE = "parameter_change"
+    LOGIC_UPDATE = "logic_update"
+    SECURITY_PATCH = "security_patch"
+    FEATURE_ADDITION = "feature_addition"
+    EMERGENCY_FIX = "emergency_fix"
+
+@dataclass
+class ContractVersion:
+    version: str
+    address: str
+    deployed_at: float
+    total_contracts: int
+    total_value: Decimal
+    is_active: bool
+    metadata: Dict
+
+@dataclass
+class UpgradeProposal:
+    proposal_id: str
+    contract_type: str
+    current_version: str
+    new_version: str
+    upgrade_type: UpgradeType
+    description: str
+    changes: Dict
+    voting_deadline: float
+    execution_deadline: float
+    status: UpgradeStatus
+    votes: Dict[str, bool]
+    total_votes: int
+    yes_votes: int
+    no_votes: int
+    required_approval: float
+    created_at: float
+    proposer: str
+    executed_at: Optional[float]
+    rollback_data: Optional[Dict]
+
+class ContractUpgradeManager:
+    """Manages contract upgrades and versioning"""
+    
+    def __init__(self):
+        self.contract_versions: Dict[str, List[ContractVersion]] = {}  # contract_type -> versions
+        self.active_versions: Dict[str, str] = {}  # contract_type -> active version
+        self.upgrade_proposals: Dict[str, UpgradeProposal] = {}
+        self.upgrade_history: List[Dict] = []
+        
+        # Upgrade parameters
+        self.min_voting_period = 86400 * 3  # 3 days
+        self.max_voting_period = 86400 * 7  # 7 days
+        self.required_approval_rate = 0.6  # 60% approval required
+        self.min_participation_rate = 0.3  # 30% minimum participation
+        self.emergency_upgrade_threshold = 0.8  # 80% for emergency upgrades
+        self.rollback_timeout = 86400 * 7  # 7 days to rollback
+        
+        # Governance
+        self.governance_addresses: Set[str] = set()
+        self.stake_weights: Dict[str, Decimal] = {}
+        
+        # Initialize governance
+        self._initialize_governance()
+    
+    def _initialize_governance(self):
+        """Initialize governance addresses"""
+        # In real implementation, this would load from blockchain state
+        # For now, use default governance addresses
+        governance_addresses = [
+            "0xgovernance1111111111111111111111111111111111111",
+            "0xgovernance2222222222222222222222222222222222222",
+            "0xgovernance3333333333333333333333333333333333333"
+        ]
+        
+        for address in governance_addresses:
+            self.governance_addresses.add(address)
+            self.stake_weights[address] = Decimal('1000')  # Equal stake weights initially
+    
+    async def propose_upgrade(self, contract_type: str, current_version: str, new_version: str,
+                            upgrade_type: UpgradeType, description: str, changes: Dict,
+                            proposer: str, emergency: bool = False) -> Tuple[bool, str, Optional[str]]:
+        """Propose contract upgrade"""
+        try:
+            # Validate inputs
+            if not all([contract_type, current_version, new_version, description, changes, proposer]):
+                return False, "Missing required fields", None
+            
+            # Check proposer authority
+            if proposer not in self.governance_addresses:
+                return False, "Proposer not authorized", None
+            
+            # Check current version
+            active_version = self.active_versions.get(contract_type)
+            if active_version != current_version:
+                return False, f"Current version mismatch. Active: {active_version}, Proposed: {current_version}", None
+            
+            # Validate new version format
+            if not self._validate_version_format(new_version):
+                return False, "Invalid version format", None
+            
+            # Check for existing proposal
+            for proposal in self.upgrade_proposals.values():
+                if (proposal.contract_type == contract_type and
+                    proposal.new_version == new_version and
+                    proposal.status in [UpgradeStatus.PROPOSED, UpgradeStatus.APPROVED]):
+                    return False, "Proposal for this version already exists", None
+            
+            # Generate proposal ID
+            proposal_id = self._generate_proposal_id(contract_type, new_version)
+            
+            # Set voting deadlines
+            current_time = time.time()
+            voting_period = self.min_voting_period if not emergency else self.min_voting_period // 2
+            voting_deadline = current_time + voting_period
+            execution_deadline = voting_deadline + 86400  # 1 day after voting
+            
+            # Set required approval rate
+            required_approval = self.emergency_upgrade_threshold if emergency else self.required_approval_rate
+            
+            # Create proposal
+            proposal = UpgradeProposal(
+                proposal_id=proposal_id,
+                contract_type=contract_type,
+                current_version=current_version,
+                new_version=new_version,
+                upgrade_type=upgrade_type,
+                description=description,
+                changes=changes,
+                voting_deadline=voting_deadline,
+                execution_deadline=execution_deadline,
+                status=UpgradeStatus.PROPOSED,
+                votes={},
+                total_votes=0,
+                yes_votes=0,
+                no_votes=0,
+                required_approval=required_approval,
+                created_at=current_time,
+                proposer=proposer,
+                executed_at=None,
+                rollback_data=None
+            )
+            
+            self.upgrade_proposals[proposal_id] = proposal
+            
+            # Start voting process
+            asyncio.create_task(self._manage_voting_process(proposal_id))
+            
+            log_info(f"Upgrade proposal created: {proposal_id} - {contract_type} {current_version} -> {new_version}")
+            return True, "Upgrade proposal created successfully", proposal_id
+            
+        except Exception as e:
+            return False, f"Failed to create proposal: {str(e)}", None
+    
+    def _validate_version_format(self, version: str) -> bool:
+        """Validate semantic version format"""
+        try:
+            parts = version.split('.')
+            if len(parts) != 3:
+                return False
+            
+            major, minor, patch = parts
+            int(major) and int(minor) and int(patch)
+            return True
+        except ValueError:
+            return False
+    
+    def _generate_proposal_id(self, contract_type: str, new_version: str) -> str:
+        """Generate unique proposal ID"""
+        import hashlib
+        content = f"{contract_type}:{new_version}:{time.time()}"
+        return hashlib.sha256(content.encode()).hexdigest()[:12]
+    
+    async def _manage_voting_process(self, proposal_id: str):
+        """Manage voting process for proposal"""
+        proposal = self.upgrade_proposals.get(proposal_id)
+        if not proposal:
+            return
+        
+        try:
+            # Wait for voting deadline
+            await asyncio.sleep(proposal.voting_deadline - time.time())
+            
+            # Check voting results
+            await self._finalize_voting(proposal_id)
+            
+        except Exception as e:
+            log_error(f"Error in voting process for {proposal_id}: {e}")
+            proposal.status = UpgradeStatus.FAILED
+    
+    async def _finalize_voting(self, proposal_id: str):
+        """Finalize voting and determine outcome"""
+        proposal = self.upgrade_proposals[proposal_id]
+        
+        # Calculate voting results
+        total_stake = sum(self.stake_weights.get(voter, Decimal('0')) for voter in proposal.votes.keys())
+        yes_stake = sum(self.stake_weights.get(voter, Decimal('0')) for voter, vote in proposal.votes.items() if vote)
+        
+        # Check minimum participation
+        total_governance_stake = sum(self.stake_weights.values())
+        participation_rate = float(total_stake / total_governance_stake) if total_governance_stake > 0 else 0
+        
+        if participation_rate < self.min_participation_rate:
+            proposal.status = UpgradeStatus.REJECTED
+            log_info(f"Proposal {proposal_id} rejected due to low participation: {participation_rate:.2%}")
+            return
+        
+        # Check approval rate
+        approval_rate = float(yes_stake / total_stake) if total_stake > 0 else 0
+        
+        if approval_rate >= proposal.required_approval:
+            proposal.status = UpgradeStatus.APPROVED
+            log_info(f"Proposal {proposal_id} approved with {approval_rate:.2%} approval")
+            
+            # Schedule execution
+            asyncio.create_task(self._execute_upgrade(proposal_id))
+        else:
+            proposal.status = UpgradeStatus.REJECTED
+            log_info(f"Proposal {proposal_id} rejected with {approval_rate:.2%} approval")
+    
+    async def vote_on_proposal(self, proposal_id: str, voter_address: str, vote: bool) -> Tuple[bool, str]:
+        """Cast vote on upgrade proposal"""
+        proposal = self.upgrade_proposals.get(proposal_id)
+        if not proposal:
+            return False, "Proposal not found"
+        
+        # Check voting authority
+        if voter_address not in self.governance_addresses:
+            return False, "Not authorized to vote"
+        
+        # Check voting period
+        if time.time() > proposal.voting_deadline:
+            return False, "Voting period has ended"
+        
+        # Check if already voted
+        if voter_address in proposal.votes:
+            return False, "Already voted"
+        
+        # Cast vote
+        proposal.votes[voter_address] = vote
+        proposal.total_votes += 1
+        
+        if vote:
+            proposal.yes_votes += 1
+        else:
+            proposal.no_votes += 1
+        
+        log_info(f"Vote cast on proposal {proposal_id} by {voter_address}: {'YES' if vote else 'NO'}")
+        return True, "Vote cast successfully"
+    
+    async def _execute_upgrade(self, proposal_id: str):
+        """Execute approved upgrade"""
+        proposal = self.upgrade_proposals[proposal_id]
+        
+        try:
+            # Wait for execution deadline
+            await asyncio.sleep(proposal.execution_deadline - time.time())
+            
+            # Check if still approved
+            if proposal.status != UpgradeStatus.APPROVED:
+                return
+            
+            # Prepare rollback data
+            rollback_data = await self._prepare_rollback_data(proposal)
+            
+            # Execute upgrade
+            success = await self._perform_upgrade(proposal)
+            
+            if success:
+                proposal.status = UpgradeStatus.EXECUTED
+                proposal.executed_at = time.time()
+                proposal.rollback_data = rollback_data
+                
+                # Update active version
+                self.active_versions[proposal.contract_type] = proposal.new_version
+                
+                # Record in history
+                self.upgrade_history.append({
+                    'proposal_id': proposal_id,
+                    'contract_type': proposal.contract_type,
+                    'from_version': proposal.current_version,
+                    'to_version': proposal.new_version,
+                    'executed_at': proposal.executed_at,
+                    'upgrade_type': proposal.upgrade_type.value
+                })
+                
+                log_info(f"Upgrade executed: {proposal_id} - {proposal.contract_type} {proposal.current_version} -> {proposal.new_version}")
+                
+                # Start rollback window
+                asyncio.create_task(self._manage_rollback_window(proposal_id))
+            else:
+                proposal.status = UpgradeStatus.FAILED
+                log_error(f"Upgrade execution failed: {proposal_id}")
+                
+        except Exception as e:
+            proposal.status = UpgradeStatus.FAILED
+            log_error(f"Error executing upgrade {proposal_id}: {e}")
+    
+    async def _prepare_rollback_data(self, proposal: UpgradeProposal) -> Dict:
+        """Prepare data for potential rollback"""
+        return {
+            'previous_version': proposal.current_version,
+            'contract_state': {},  # Would capture current contract state
+            'migration_data': {},  # Would store migration data
+            'timestamp': time.time()
+        }
+    
+    async def _perform_upgrade(self, proposal: UpgradeProposal) -> bool:
+        """Perform the actual upgrade"""
+        try:
+            # In real implementation, this would:
+            # 1. Deploy new contract version
+            # 2. Migrate state from old contract
+            # 3. Update contract references
+            # 4. Verify upgrade integrity
+            
+            # Simulate upgrade process
+            await asyncio.sleep(10)  # Simulate upgrade time
+            
+            # Create new version record
+            new_version = ContractVersion(
+                version=proposal.new_version,
+                address=f"0x{proposal.contract_type}_{proposal.new_version}",  # New address
+                deployed_at=time.time(),
+                total_contracts=0,
+                total_value=Decimal('0'),
+                is_active=True,
+                metadata={
+                    'upgrade_type': proposal.upgrade_type.value,
+                    'proposal_id': proposal.proposal_id,
+                    'changes': proposal.changes
+                }
+            )
+            
+            # Add to version history
+            if proposal.contract_type not in self.contract_versions:
+                self.contract_versions[proposal.contract_type] = []
+            
+            # Deactivate old version
+            for version in self.contract_versions[proposal.contract_type]:
+                if version.version == proposal.current_version:
+                    version.is_active = False
+                    break
+            
+            # Add new version
+            self.contract_versions[proposal.contract_type].append(new_version)
+            
+            return True
+            
+        except Exception as e:
+            log_error(f"Upgrade execution error: {e}")
+            return False
+    
+    async def _manage_rollback_window(self, proposal_id: str):
+        """Manage rollback window after upgrade"""
+        proposal = self.upgrade_proposals[proposal_id]
+        
+        try:
+            # Wait for rollback timeout
+            await asyncio.sleep(self.rollback_timeout)
+            
+            # Check if rollback was requested
+            if proposal.status == UpgradeStatus.EXECUTED:
+                # No rollback requested, finalize upgrade
+                await self._finalize_upgrade(proposal_id)
+                
+        except Exception as e:
+            log_error(f"Error in rollback window for {proposal_id}: {e}")
+    
+    async def _finalize_upgrade(self, proposal_id: str):
+        """Finalize upgrade after rollback window"""
+        proposal = self.upgrade_proposals[proposal_id]
+        
+        # Clear rollback data to save space
+        proposal.rollback_data = None
+        
+        log_info(f"Upgrade finalized: {proposal_id}")
+    
+    async def rollback_upgrade(self, proposal_id: str, reason: str) -> Tuple[bool, str]:
+        """Rollback upgrade to previous version"""
+        proposal = self.upgrade_proposals.get(proposal_id)
+        if not proposal:
+            return False, "Proposal not found"
+        
+        if proposal.status != UpgradeStatus.EXECUTED:
+            return False, "Can only rollback executed upgrades"
+        
+        if not proposal.rollback_data:
+            return False, "Rollback data not available"
+        
+        # Check rollback window
+        if time.time() - proposal.executed_at > self.rollback_timeout:
+            return False, "Rollback window has expired"
+        
+        try:
+            # Perform rollback
+            success = await self._perform_rollback(proposal)
+            
+            if success:
+                proposal.status = UpgradeStatus.ROLLED_BACK
+                
+                # Restore previous version
+                self.active_versions[proposal.contract_type] = proposal.current_version
+                
+                # Update version records
+                for version in self.contract_versions[proposal.contract_type]:
+                    if version.version == proposal.new_version:
+                        version.is_active = False
+                    elif version.version == proposal.current_version:
+                        version.is_active = True
+                
+                log_info(f"Upgrade rolled back: {proposal_id} - Reason: {reason}")
+                return True, "Rollback successful"
+            else:
+                return False, "Rollback execution failed"
+                
+        except Exception as e:
+            log_error(f"Rollback error for {proposal_id}: {e}")
+            return False, f"Rollback failed: {str(e)}"
+    
+    async def _perform_rollback(self, proposal: UpgradeProposal) -> bool:
+        """Perform the actual rollback"""
+        try:
+            # In real implementation, this would:
+            # 1. Restore previous contract state
+            # 2. Update contract references back
+            # 3. Verify rollback integrity
+            
+            # Simulate rollback process
+            await asyncio.sleep(5)  # Simulate rollback time
+            
+            return True
+            
+        except Exception as e:
+            log_error(f"Rollback execution error: {e}")
+            return False
+    
+    async def get_proposal(self, proposal_id: str) -> Optional[UpgradeProposal]:
+        """Get upgrade proposal"""
+        return self.upgrade_proposals.get(proposal_id)
+    
+    async def get_proposals_by_status(self, status: UpgradeStatus) -> List[UpgradeProposal]:
+        """Get proposals by status"""
+        return [
+            proposal for proposal in self.upgrade_proposals.values()
+            if proposal.status == status
+        ]
+    
+    async def get_contract_versions(self, contract_type: str) -> List[ContractVersion]:
+        """Get all versions for a contract type"""
+        return self.contract_versions.get(contract_type, [])
+    
+    async def get_active_version(self, contract_type: str) -> Optional[str]:
+        """Get active version for contract type"""
+        return self.active_versions.get(contract_type)
+    
+    async def get_upgrade_statistics(self) -> Dict:
+        """Get upgrade system statistics"""
+        total_proposals = len(self.upgrade_proposals)
+        
+        if total_proposals == 0:
+            return {
+                'total_proposals': 0,
+                'status_distribution': {},
+                'upgrade_types': {},
+                'average_execution_time': 0,
+                'success_rate': 0
+            }
+        
+        # Status distribution
+        status_counts = {}
+        for proposal in self.upgrade_proposals.values():
+            status = proposal.status.value
+            status_counts[status] = status_counts.get(status, 0) + 1
+        
+        # Upgrade type distribution
+        type_counts = {}
+        for proposal in self.upgrade_proposals.values():
+            up_type = proposal.upgrade_type.value
+            type_counts[up_type] = type_counts.get(up_type, 0) + 1
+        
+        # Execution statistics
+        executed_proposals = [
+            proposal for proposal in self.upgrade_proposals.values()
+            if proposal.status == UpgradeStatus.EXECUTED
+        ]
+        
+        if executed_proposals:
+            execution_times = [
+                proposal.executed_at - proposal.created_at
+                for proposal in executed_proposals
+                if proposal.executed_at
+            ]
+            avg_execution_time = sum(execution_times) / len(execution_times) if execution_times else 0
+        else:
+            avg_execution_time = 0
+        
+        # Success rate
+        successful_upgrades = len(executed_proposals)
+        success_rate = successful_upgrades / total_proposals if total_proposals > 0 else 0
+        
+        return {
+            'total_proposals': total_proposals,
+            'status_distribution': status_counts,
+            'upgrade_types': type_counts,
+            'average_execution_time': avg_execution_time,
+            'success_rate': success_rate,
+            'total_governance_addresses': len(self.governance_addresses),
+            'contract_types': len(self.contract_versions)
+        }
+
+# Global upgrade manager
+upgrade_manager: Optional[ContractUpgradeManager] = None
+
+def get_upgrade_manager() -> Optional[ContractUpgradeManager]:
+    """Get global upgrade manager"""
+    return upgrade_manager
+
+def create_upgrade_manager() -> ContractUpgradeManager:
+    """Create and set global upgrade manager"""
+    global upgrade_manager
+    upgrade_manager = ContractUpgradeManager()
+    return upgrade_manager