fix(meteora): replace solana-sdk with lightweight individual crates (v0.3.2)

[GeoGu360]

Summary

• Replace solana-sdk { features = ["full"] } with 4 minimal individual crates: solana-pubkey, solana-hash, solana-instruction, solana-message
• Removes openssl and libsecp256k1 from the dependency tree entirely
• Total dependencies cut from 401 → 204 (49% reduction)
• build_tx_b58 now hand-serializes unsigned transactions (compact_u16 + zero-filled sigs + bincode message) instead of pulling in solana-transaction + solana-signature

Why

solana-sdk { features = ["full"] } pulls in solana-keypair → ed25519-dalek and solana-secp256k1-recover → openssl + libsecp256k1. These C-library dependencies block the CI publish workflow's cross-compilation for 9 target platforms (arm Linux, Windows MSVC, macOS arm64/x86_64). The meteora skill only uses Solana data types for transaction construction — no local signing — so the full SDK was never needed.

Test plan

• cargo build --release succeeds on macOS (v0.3.2)
• openssl and libsecp256k1 absent from Cargo.lock
• All 7 commands (--help) intact
• Version bumped to 0.3.2 across all 4 files (plugin.yaml, SKILL.md, Cargo.toml, plugin.json)
• git diff upstream/main --name-only shows only meteora files

🤖 Generated with Claude Code

[github-actions]

🔨 Phase 2: Build Verification — ✅ PASSED

Plugin: meteora | Language: rust
Source: @

Compiled from developer source code by our CI. Users install our build artifacts.

Build succeeded. Compiled artifact uploaded as workflow artifact.

---

Source integrity: commit SHA `` is the content fingerprint.

[github-actions]

Phase 4: Summary + Pre-flight for meteora

Review below. AI Code Review is in a separate check.

---

SUMMARY.md

meteora

Meteora DLMM plugin for searching pools, getting swap quotes, checking positions, executing swaps, and adding liquidity on Solana.

Highlights

• Search and filter Meteora DLMM liquidity pools by TVL, APY, volume, and token pairs
• Get real-time swap quotes using onchainos DEX aggregator on Solana
• View user LP positions with token amounts, bin ranges, and unclaimed fees
• Execute token swaps with price impact warnings and slippage protection
• Add liquidity using SpotBalanced strategy across 70-bin positions
• Remove liquidity with optional position closure to reclaim rent
• Native Rust implementation with direct API integration
• Comprehensive risk warnings for high price impact and APY pools

SKILL_SUMMARY.md

meteora -- Skill Summary

Overview

The meteora skill provides comprehensive access to Meteora's Dynamic Liquidity Market Maker (DLMM) protocol on Solana. It enables users to search liquidity pools, obtain swap quotes, manage LP positions, execute token swaps, and add/remove liquidity. The skill combines read-only operations via REST APIs with transaction execution through the onchainos infrastructure, offering both portfolio management and active trading capabilities for DeFi users.

Usage

Install the meteora binary and use commands like meteora get-pools to search pools, meteora swap to execute trades, or meteora add-liquidity to provide liquidity. All transaction operations require user confirmation and support dry-run mode for previewing.

Commands

Command	Description
meteora get-pools	Search and list DLMM pools with filtering and sorting
meteora get-pool-detail	Get detailed information for a specific pool
meteora get-swap-quote	Get swap quotes for token pairs
meteora get-user-positions	View user's LP positions and unclaimed fees
meteora swap	Execute token swaps with slippage protection
meteora add-liquidity	Add liquidity to pools using SpotBalanced strategy
meteora remove-liquidity	Remove liquidity from positions with optional closure

Triggers

Activate this skill when users want to trade tokens on Solana, provide liquidity to earn fees, check their DeFi positions, or explore high-yield farming opportunities on Meteora DLMM. Use for both research (pool discovery, quote comparison) and execution (swaps, liquidity management).

Auto-injected Pre-flight

## Pre-flight Dependencies (auto-injected by Plugin Store CI)

> Run once per session before first use. These checks ensure required tools are installed.

### Install onchainos CLI + Skills (auto-injected)

```bash
# 1. Install onchainos CLI
onchainos --version 2>/dev/null || curl -fsSL https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh | sh

# 2. Install onchainos skills (enables AI agent to use onchainos commands)
npx skills add okx/onchainos-skills --yes --global

# 3. Install plugin-store skills (enables plugin discovery and management)
npx skills add okx/plugin-store --skill plugin-store --yes --global

Install meteora binary (auto-injected)

if ! command -v meteora >/dev/null 2>&1; then
  OS=$(uname -s | tr A-Z a-z)
  ARCH=$(uname -m)
  EXT=""
  case "${OS}_${ARCH}" in
    darwin_arm64)  TARGET="aarch64-apple-darwin" ;;
    darwin_x86_64) TARGET="x86_64-apple-darwin" ;;
    linux_x86_64)  TARGET="x86_64-unknown-linux-gnu" ;;
    linux_i686)    TARGET="i686-unknown-linux-gnu" ;;
    linux_aarch64) TARGET="aarch64-unknown-linux-gnu" ;;
    linux_armv7l)  TARGET="armv7-unknown-linux-gnueabihf" ;;
    mingw*_x86_64|msys*_x86_64|cygwin*_x86_64)   TARGET="x86_64-pc-windows-msvc"; EXT=".exe" ;;
    mingw*_i686|msys*_i686|cygwin*_i686)           TARGET="i686-pc-windows-msvc"; EXT=".exe" ;;
    mingw*_aarch64|msys*_aarch64|cygwin*_aarch64)  TARGET="aarch64-pc-windows-msvc"; EXT=".exe" ;;
  esac
  mkdir -p ~/.local/bin
  curl -fsSL "https://github.com/okx/plugin-store/releases/download/plugins/meteora@0.3.2/meteora-${TARGET}${EXT}" -o ~/.local/bin/meteora${EXT}
  chmod +x ~/.local/bin/meteora${EXT}
fi

Report install (auto-injected, runs once)

REPORT_FLAG="$HOME/.plugin-store/reported/meteora"
if [ ! -f "$REPORT_FLAG" ]; then
  mkdir -p "$HOME/.plugin-store/reported"
  # Device fingerprint → SHA256 → 32-char device ID
  DEV_RAW="$(hostname):$(uname -s):$(uname -m):$HOME"
  DEV_ID=$(echo -n "$DEV_RAW" | shasum -a 256 | head -c 32)
  # HMAC signature (obfuscated key, same as CLI binary)
  _K=$(echo 'OE9nNWFRUFdfSVJkektrMExOV2RNeTIzV2JibXo3ZWNTbExJUDFIWnVoZw==' | base64 -d 2>/dev/null || echo 'OE9nNWFRUFdfSVJkektrMExOV2RNeTIzV2JibXo3ZWNTbExJUDFIWnVoZw==' | openssl base64 -d)
  HMAC_SIG=$(echo -n "${_K}${DEV_ID}" | shasum -a 256 | head -c 8)
  DIV_ID="${DEV_ID}${HMAC_SIG}"
  unset _K
  # Report to Vercel stats
  curl -s -X POST "https://plugin-store-dun.vercel.app/install" \
    -H "Content-Type: application/json" \
    -d '{"name":"meteora","version":"0.3.2"}' >/dev/null 2>&1 || true
  # Report to OKX API (with HMAC-signed device token)
  curl -s -X POST "https://www.okx.com/priapi/v1/wallet/plugins/download/report" \
    -H "Content-Type: application/json" \
    -d '{"pluginName":"meteora","divId":"'"$DIV_ID"'"}' >/dev/null 2>&1 || true
  touch "$REPORT_FLAG"
fi

---

</details>

---
*Generated by Plugin Store CI after maintainer approval.*

[github-actions]

✅ Phase 1: Structure Validation — PASSED

Linting skills/meteora...


✓ Plugin 'meteora' passed all checks!

→ Proceeding to Phase 2: Build Verification