fix(polymarket): v0.5.1 QA bugs + GEN-001 structured errors

[GeoGu360]

Summary

QA pass on PR okx#366 (against okx/plugin-store:main) found 13 bugs and a partial GEN-001 audit. This PR fixes all of them and broadens structured error output across the remaining 14 commands so external agents can parse and act on every failure.

Aimed at your submit/polymarket-v0.5.1-v2 branch — happy to drop / squash / cherry-pick whatever subset you want before you ship to upstream.

Bug fixes (commit 1: `c970830e`)

#	Where	Issue
1	`onchainos.rs:1819`	lib unit test `test_ctf_redeem_positions_selector` referenced non-existent `build_redeem_positions_calldata` → `cargo test` would not compile. Extracted `build_ctf_redeem_positions_calldata` as a pure helper; `ctf_redeem_positions` now reuses it.
2	`get_ctf_balance`	Posted to `Urls::POLYGON_RPC` (const) instead of `Urls::polygon_rpc()` (helper that respects the `POLYMARKET_TEST_POLYGON_RPC` env var). `test_get_ctf_balance_positive` would silently hit production RPC and assert `0 == 50_000_000`.
3	`setup_proxy::ensure_proxy_approvals`	Group probe: V1's first allowance was treated as proxy for "all 6 V1 set"; same for V2's first → V2's three. A partial failure (tx 1 succeeds, tx 3 times out) was permanent: retry skipped tx 2-6 forever. Replaced with per-pair check using existing `get_usdc_allowance` / `get_pusd_allowance` / `is_ctf_approved_for_all`.
4	`get_pusd_allowance`	Same RPC URL bug as #2.
5	`redeem.rs:184`	`get_ctf_balance(...).unwrap_or(0)` ate RPC errors and told users their winning tokens didn't exist when the node was just unreachable. Now propagates with `with_context` (knowledge-base EVM-012).
6	`setup_proxy.rs` allowance reads	Same `unwrap_or(0)` pattern: a transient RPC blip → "all 10 missing" → resubmit ≈ $0.01 wasted POL on an already-configured wallet. Now propagates.
7	setup-proxy status field	"already_configured" was returned even after just submitting top-up approvals. Distinguished into `already_configured` / `approvals_topped_up` / `mode_switched` / `recovered` / `deployed_inline`.
8	setup-proxy mode atomicity	`creds.mode = PolyProxy` was saved BEFORE `ensure_proxy_approvals`. If approvals failed, the next buy went through proxy without allowances → revert. Now mode is saved only after all approvals confirm; the proxy_wallet is saved earlier so retry doesn't redeploy.
9	SKILL.md	`get-series` had no H3 documentation section despite being a real, callable command (referenced by `buy --token-id`'s description). Added one.

Branch B / new-user post-V2 cutover hardening (also commit 1)

Probing setup-proxy with a fresh creds file revealed 4 more issues that would degrade the brand-new-user 2026-04-28+ flow:

#	Issue
D	`get_existing_proxy` had no RPC fallback — single drpc.org call. Added the same drpc → publicnode pattern used by `get_proxy_address_from_tx`.
A+B	`find_create_in_trace` returns `Some(addr)` for BOTH cases — proxies that exist (CALL trace) AND proxies that don't (CREATE2 trace shows the deterministic destination). Old code blindly trusted the trace as "exists". Now `get_existing_proxy` returns `Option<(addr, code_present)>` (uses `eth_getCode` to discriminate). setup-proxy reports `recovered` (already deployed) vs `deployed_inline` (will deploy atomically with first approve tx, hash surfaced as new `deploy_tx` field).
C	Branch 5 (explicit `create_proxy_wallet` + `get_proxy_address_from_tx`) was dead — `find_create_in_trace` always returns Some, so we never fell through. Removed `create_proxy_wallet`, `get_proxy_address_from_tx`, `verify_eip1167_proxy`, and the unused `compute_create_address` (~120 lines). The "deploy + first approve in one tx" path that the factory pattern handles natively is now the only path.
dry-run	Old Branch B dry-run dumped the static all-10 label list. Now uses `ensure_proxy_approvals(.., dry_run=true)` in BOTH cached-creds and on-chain-probe paths, so the agent gets the precise "would_set" list.

`redeem.rs::discover_uncached_proxy` and `quickstart.rs` were updated to filter the new tuple by `exists == true` so they don't surface fake un-deployed proxy addresses to users.

GEN-001 audit (commit 2: `fb196d06`)

Per knowledge-base GEN-001: every command should emit `{ok:false, error, error_code, suggestion}` to stdout on a business-logic failure, not bail to stderr with exit 1. External agents can only read stdout.

Before: `redeem` / `setup_proxy` / `create_readonly_key` / `list_5m` (4 of 19) had structured output. The other 14 surfaced `anyhow` errors via `?` propagation.

This commit:

1. Broadens `commands::mod::classify_error` from 6 redeem-focused rules to 22 patterns: network (RPC_UNAVAILABLE / NETWORK_UNREACHABLE / REGION_RESTRICTED), auth (STALE_CREDENTIALS / NO_WALLET), funds (INSUFFICIENT_POL_GAS / INSUFFICIENT_BALANCE / INSUFFICIENT_ALLOWANCE), order sizing (ORDER_TOO_SMALL_DIVISIBILITY / ORDER_BELOW_SHARE_MINIMUM / SLIPPAGE_OR_LIQUIDITY), tx lifecycle (SIMULATION_REVERTED / TX_NOT_CONFIRMED / TX_REVERTED), domain (NO_REDEEMABLE_POSITIONS / NEG_RISK_PROXY_NOT_SUPPORTED / PROXY_RPC_INDETERMINATE / PROXY_ADDRESS_INVALID / ALLOWANCE_CHECK_FAILED), plus 19 per-command fallback `{CMD}_FAILED`.
2. Wraps 14 commands in a `run / run_inner` pattern: outer `run` catches anything from `run_inner` → prints `error_response` to stdout → exits 0. Wrapped: balance, buy, cancel (×3), create_readonly_key, deposit, get_market, get_positions, get_series, list_5m, list_markets, orders, quickstart, rfq, sell, switch_mode, watch, withdraw.

`switch_mode --mode garbage` is intentionally left as clap's stderr error — that's a CLI usage error caught before `main` dispatches.

Test plan

• `cargo build`: clean (21 warnings, 0 errors)
• `cargo test`: lib unit tests 0 → 32 passed, rpc_mocks 9 / 1 fail → 10 passed, subprocess_mocks 6 → 6 passed. Net: 48 passed, 0 failed.
• Live verification on a Korean-IP test wallet:
  • `check-access`: ok
  • `balance`: V1, EOA + proxy USDC.e / pUSD / POL all returned correctly
  • `list-markets`, `list-5m`, `get-market`, `get-series`, `get-positions`, `orders`: ok
  • `buy --market-id btc-updown-5m-1777302000 --outcome up --amount 1 --order-type FOK`: matched, 1.928 shares (10% fee) of Up @ 0.5, USDC.e proxy balance moved $2.77 → $1.77, POL untouched (POLY_PROXY relayer paid gas).
  • `setup-proxy --dry-run` from cached creds (Branch A): 8 `pre_existing`, 2 `would_set` (V2 / pUSD → Neg Risk CTF Exchange V2 + Neg Risk Adapter — these were missing on the test wallet, hidden by the old group probe).
  • `setup-proxy --dry-run` with creds.proxy_wallet temporarily removed (Branch B, new path): probed PROXY_FACTORY → `eth_getCode` confirmed exists → same precise 8/2 split, `status: would_top_up`, `proxy_exists_on_chain: true`.
• Error-path smoke test:
  • `get-market 0xdeadbeef` → `GET_MARKET_FAILED` structured JSON
  • `list-5m --coin XYZ` → `LIST_5M_FAILED` structured JSON

Notes

• Version stays at v0.5.1 since this is a co-authored fix to the same PR — no separate release.
• 22 files changed, +805 / -374 (net +431).
• No `api_calls` change; no SKILL.md flag-name regressions (`--help` ↔ docs validated).

🤖 Generated with Claude Code