Refactor worker to env-driven config(IRMA-12)

[verxonLabs]

The worker was hardwired to one pool (the old IRMA/devUSDT pair, with stale pre-Phase-1 addresses). Now everything comes from environment variables, so the same
code can be deployed 6 times — once per pool — with only config differing. That's the foundation IRMA-14 (the 6-environment wrangler.toml) builds on.

• config.js — all constants deleted; now just documents the env vars each deployment needs (POOL_ADDRESS, RESERVE_SYMBOL, RESERVE_MINT_STR, IRMA_MINT_STR,
  TARGET_INFLATION_RATE, ENABLE_TEST_SCAFFOLDING, plus the existing secrets).
• dlmm.js — the big one. Both cSwap and checkShiftPriceRanges previously passed ~24 hardcoded devUSDT account addresses (positions, bin arrays, vaults, oracle…).
  I replaced those lists with a new buildRemainingAccounts() that derives everything live: positions and bin arrays are fetched from the pool on-chain,
  vaults/authority/oracle come from the loaded pool state, ATAs are derived from the env-configured mints, and the Anchor event-authority PDA is computed. This is
  safe because the on-chain program looks accounts up by pubkey, not by position in the list (verified in meteora_integration.rs — it filters remaining_accounts by
  key), so a deduplicated superset works for any pool.
• process_rebalance.js — reads pool/mint/symbol from env; the stale hardcoded lists are gone.
• worker.js — TARGET_INFLATION_RATE and ENABLE_TEST_SCAFFOLDING now read from env (scaffolding is the string "true", since Cloudflare vars are strings).
• wrangler.jsonc — default vars point at the current devUSDT pool (BCvW192j...) and the new IRMA mint (EwotD7KQ...); the old config had the pre-Phase-1 addresses,
  so this also fixes a latent staleness bug.
• package.json — added @solana/spl-token explicitly (was only resolving through hoisting).
  What's verified vs. not: the bundle compiles and syntax-checks pass, but the dynamic account derivation has only been validated against the program's
  account-lookup logic, not a live transaction. Real verification needs a devnet deploy and a triggered swap — worth doing after you review, and note
  ADMIN_PRIVATE_KEY must be set as a Cloudflare secret first

[Copilot]

Pull request overview

Refactors the Cloudflare swap worker to be deployable per-pool via environment-driven configuration (pool address, reserve symbol/mint, IRMA mint, inflation threshold, scaffolding toggle), removing hardwired devUSDT-era addresses and shifting DLMM “remaining accounts” construction to on-chain-derived state.

Changes:

• Moved pool/token config from config.js constants to Worker env vars (with updated defaults in wrangler.jsonc).
• Updated the worker + rebalance pipeline to use env-provided pool/symbol and to pass the DLMM pool/env into cSwap() / check_shift_price_ranges.
• Added buildRemainingAccounts() to derive required Meteora/DLMM accounts dynamically; added explicit @solana/spl-token dependency.

Reviewed changes

Copilot reviewed 6 out of 7 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
irma/cloudflareworker_swap/wrangler.jsonc	Adds default env vars for pool/mints and documents required secrets/vars.
irma/cloudflareworker_swap/src/worker.js	Reads pool config + inflation threshold + scaffolding flag from env instead of constants.
irma/cloudflareworker_swap/src/process_rebalance.js	Removes hardcoded config usage; wires dlmmPool/env through to cSwap() and uses derived remaining accounts for shift checks.
irma/cloudflareworker_swap/src/dlmm.js	Introduces buildRemainingAccounts() and switches cSwap() to use dynamically derived remaining accounts.
irma/cloudflareworker_swap/src/config.js	Replaces exported constants with documentation of required environment variables.
irma/cloudflareworker_swap/package.json	Adds explicit @solana/spl-token dependency.
irma/cloudflareworker_swap/package-lock.json	Locks @solana/spl-token dependency addition.

Files not reviewed (1)

• irma/cloudflareworker_swap/package-lock.json: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[verxonLabs]

IRMA-12 Live Devnet Verification — Results

Deployed and tested the worker on devnet. Here's what was verified and what's blocked:

✅ Verified

• npx wrangler deploy succeeds with all 7 env vars bound (Workers Admin role required — Workers Editor is insufficient for Wrangler 4.x)
• ADMIN_PRIVATE_KEY and HELIUS_API_KEY secrets set and accepted
• ?action=health — worker responding correctly
• ?action=fetch-inflation — Truflation proxy returning 2.1% inflation rate end-to-end
• ?action=update-mint-price — on-chain transaction confirmed, mint price updated to 1.001

curl "https://irma-client.rock-stable.workers.dev/?action=health"
# {"status":"ok","endpoints":[...]}

curl "https://irma-client.rock-stable.workers.dev/?action=fetch-inflation"
# {"success":true,"inflationRate":2.1,"message":"Current inflation rate: 2.1%"}

curl "https://irma-client.rock-stable.workers.dev/?action=update-mint-price"
# {"success":true,"message":"Mint price updated successfully","inflation_rate":2.1,"quote_token_price_usd":1,"new_mint_price":1.001,"transaction":"F1z6QnL8Dzz1SAxC711hkdYk1qjTB54LAuQkQ2MUVGV3bEv4GRjvJ9fisi5yErd678FdDCi4J5ecPE5T7uU7uA9"}

❌ Blocked — buildRemainingAccounts() not yet verified

The ?action=rebalance-bins endpoint (which would exercise buildRemainingAccounts() and check_shift_price_range_worker) is commented out in worker.js (line 326) and references a non-existent function manualRebalanceBins. The actual function is check_shift_price_range_worker from process_rebalance.js.

curl "https://irma-client.rock-stable.workers.dev/?action=rebalance-bins"
# Unknown action

The rebalancing path is currently only reachable via the scheduled cron (6am UTC) or a live Helius webhook — neither of which can be triggered manually for testing.

Request: Can you uncomment and fix the rebalance-bins handler to call check_shift_price_range_worker? Once that's deployed we can complete verification of the dynamic account derivation.