v4-hook-generator

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

v4 Hook Generator

v4 Hook生成器

Generate Uniswap v4 hook contracts via the OpenZeppelin Contracts Wizard MCP tool. This skill guides you through selecting the right hook type, configuring permissions and utilities, assembling the canonical MCP JSON, and invoking the MCP tool to produce ready-to-compile Solidity code.

Security companion: Generated hook code touches fund-handling contracts. Always apply the
v4-security-foundations
skill immediately after generation to audit permissions, delta accounting, and access control before deploying to any network.

通过OpenZeppelin合约向导MCP工具生成Uniswap v4 hook合约。本技能会引导你选择合适的hook类型、配置权限和工具库、组装标准MCP JSON，再调用MCP工具生成可直接编译的Solidity代码。

安全提示：生成的hook代码涉及资金处理合约，在部署到任何网络之前，务必在生成代码后立即使用
v4-security-foundations
技能审计权限、delta记账和访问控制。

When to Use This Skill

何时使用本技能

Use this skill when you need to:

Scaffold a new Uniswap v4 hook contract from scratch
Select the right base hook type for a specific use case (fees, MEV protection, oracles, etc.)
Configure hook permissions, utility libraries, shares, and access control
Produce the canonical MCP tool call JSON to invoke the OpenZeppelin Contracts Wizard
Understand trade-offs between hook configuration options before committing to an implementation

Prerequisite / companion skill:

v4-security-foundations

— run it before writing custom logic and again before deployment. Hook misconfiguration can drain user funds.

当你需要完成以下操作时使用本技能：

从零搭建新的Uniswap v4 hook合约脚手架
为特定使用场景选择合适的基础hook类型（手续费、MEV防护、预言机等）
配置hook权限、工具库、份额和访问控制
生成标准MCP工具调用JSON来调用OpenZeppelin合约向导
在确定实现方案前了解不同hook配置选项的权衡

前置/配套技能：

v4-security-foundations

—— 在编写自定义逻辑前和部署前都需要运行该技能。hook配置错误可能导致用户资金被盗。

Hook Type Decision Table

Hook类型决策表

Choose the base hook type that matches your primary goal. If your hook has multiple goals, choose the type that covers the most critical concern and layer additional logic on top.

Goal	Use Hook
Custom swap logic	`BaseHook`
Async/delayed swaps	`BaseAsyncSwap`
Hook-owned liquidity	`BaseCustomAccounting`
Custom curve	`BaseCustomCurve`
Dynamic LP fees	`BaseDynamicFee`
Dynamic swap fees	`BaseOverrideFee`
Post-swap fees	`BaseDynamicAfterFee`
Fixed hook fees	`BaseHookFee`
MEV protection	`AntiSandwichHook`
JIT protection	`LiquidityPenaltyHook`
Limit orders	`LimitOrderHook`
Yield on idle	`ReHypothecationHook`
Oracle	`BaseOracleHook`
V3-compatible oracle	`OracleHookWithV3Adapters`

Selection tips:

```
BaseHook
```
is the general-purpose starting point — choose a specialized type only when the built-in logic provides concrete value.
```
BaseCustomCurve
```
replaces the entire AMM math; only use it if you are implementing a novel pricing algorithm.
```
AntiSandwichHook
```
and
```
LiquidityPenaltyHook
```
both address MEV but target different actors (traders vs. JIT LPs). Clarify which attack vector you are mitigating.
```
OracleHookWithV3Adapters
```
is appropriate when downstream integrations expect a Uniswap v3
```
IUniswapV3Pool
```
-compatible oracle interface.

选择匹配你核心目标的基础hook类型。如果你的hook有多个目标，选择覆盖最核心需求的类型，再在其基础上叠加其他逻辑。

目标	使用的Hook
自定义兑换逻辑	`BaseHook`
异步/延迟兑换	`BaseAsyncSwap`
Hook所有的流动性	`BaseCustomAccounting`
自定义曲线	`BaseCustomCurve`
动态LP手续费	`BaseDynamicFee`
动态兑换手续费	`BaseOverrideFee`
兑换后手续费	`BaseDynamicAfterFee`
固定hook手续费	`BaseHookFee`
MEV防护	`AntiSandwichHook`
JIT防护	`LiquidityPenaltyHook`
限价单	`LimitOrderHook`
闲置资金收益	`ReHypothecationHook`
预言机	`BaseOracleHook`
兼容V3的预言机	`OracleHookWithV3Adapters`

选择提示：

```
BaseHook
```
是通用的开发起点——只有当特定类型的内置逻辑能提供明确价值时再选择专用类型。
```
BaseCustomCurve
```
会替换整套AMM计算逻辑；只有当你要实现全新的定价算法时再使用它。
```
AntiSandwichHook
```
和
```
LiquidityPenaltyHook
```
都用于解决MEV问题，但针对的是不同的参与方（交易者vs JIT LP），你需要明确要缓解的攻击向量。
当下游集成需要兼容Uniswap v3
```
IUniswapV3Pool
```
预言机接口时，适合使用
```
OracleHookWithV3Adapters
```
。

Minimal Decision Checklist

最低决策检查清单

Before calling the MCP tool, confirm all six decisions:

Hook type — chosen from the decision table above
Permissions to enable — only the callbacks your logic actually uses (
```
beforeSwap
```
,
```
afterSwap
```
, etc.)
Utility libraries —
```
currencySettler
```
,
```
safeCast
```
,
```
transientStorage
```
as needed
Shares —
```
false
```
,
```
ERC20
```
,
```
ERC6909
```
, or
```
ERC1155
```
Access control —
```
ownable
```
,
```
roles
```
, or
```
managed
```
Hook inputs —
```
blockNumberOffset
```
,
```
maxAbsTickDelta
```
(only for hook types that use them)

调用MCP工具前，确认以下6项决策都已完成：

Hook类型 —— 从上方决策表中选择
要启用的权限 —— 仅开启你的逻辑实际需要的回调（
```
beforeSwap
```
、
```
afterSwap
```
等）
工具库 —— 根据需要选择
```
currencySettler
```
、
```
safeCast
```
、
```
transientStorage
```
份额 ——
```
false
```
、
```
ERC20
```
、
```
ERC6909
```
或
```
ERC1155
```
访问控制 ——
```
ownable
```
、
```
roles
```
或
```
managed
```
Hook入参 ——
```
blockNumberOffset
```
、
```
maxAbsTickDelta
```
（仅对应类型的hook需要）

Permission Configuration

权限配置

All 14 permission flags with guidance on when to enable each. Start with all flags

false

and enable only what your hook logic requires. Every enabled permission increases the hook's attack surface and requires a specific bit to be set in the hook's deployed address (see address encoding note below).

Permission Flag	Enable When	Risk
`beforeInitialize`	You need to validate or restrict pool creation params	LOW
`afterInitialize`	You need to set up state after a pool is created	LOW
`beforeAddLiquidity`	You need to gate or transform LP deposits	MEDIUM
`afterAddLiquidity`	You track LP positions or distribute rewards	LOW
`beforeRemoveLiquidity`	You need lock-up periods or fee-on-exit logic	HIGH
`afterRemoveLiquidity`	You track position removals for accounting	LOW
`beforeSwap`	You modify swap behavior, apply dynamic fees, or block	HIGH
`afterSwap`	You observe final swap state for oracles or accounting	MEDIUM
`beforeDonate`	You restrict who may donate to the pool	LOW
`afterDonate`	You track donation events	LOW
`beforeSwapReturnDelta`	You implement custom AMM curves or JIT liquidity (CRITICAL: NoOp attack vector — see `v4-security-foundations` )	CRITICAL
`afterSwapReturnDelta`	You extract a hook fee from swap output	HIGH
`afterAddLiquidityReturnDelta`	You adjust LP token amounts on deposit	HIGH
`afterRemoveLiquidityReturnDelta`	You adjust withdrawal amounts	HIGH

Address encoding note: Permissions are encoded as bits in the hook contract's deployed address. The address must have the correct bits set at deployment time or the PoolManager will revert. Use

HookMiner

(from

v4-periphery

) to mine a salt that produces an address with the correct bit pattern. Never change permissions after deployment — the address is immutable.

以下是全部14个权限标记，以及启用时机的指引。初始时所有标记都设为

false

，仅启用你的hook逻辑需要的权限。每多启用一个权限都会扩大hook的攻击面，且需要在hook的部署地址中设置对应的位（见下方地址编码说明）。

权限标记	启用时机	风险等级
`beforeInitialize`	你需要验证或限制池子创建参数	低
`afterInitialize`	你需要在池子创建后设置状态	低
`beforeAddLiquidity`	你需要限制或转换LP存款	中
`afterAddLiquidity`	你需要跟踪LP头寸或分发奖励	低
`beforeRemoveLiquidity`	你需要实现锁定期或退出收费逻辑	高
`afterRemoveLiquidity`	你需要跟踪头寸移除操作用于记账	低
`beforeSwap`	你需要修改兑换行为、应用动态手续费或拦截兑换	高
`afterSwap`	你需要获取最终兑换状态用于预言机或记账	中
`beforeDonate`	你需要限制谁可以向池子捐款	低
`afterDonate`	你需要跟踪捐款事件	低
`beforeSwapReturnDelta`	你要实现自定义AMM曲线或JIT流动性（CRITICAL：存在NoOp攻击向量——参考 `v4-security-foundations` ）	极高
`afterSwapReturnDelta`	你要从兑换输出中提取hook手续费	高
`afterAddLiquidityReturnDelta`	你要在存款时调整LP token数量	高
`afterRemoveLiquidityReturnDelta`	你要调整提现金额	高

地址编码说明：权限会被编码为hook合约部署地址中的比特位。部署时地址必须设置正确的比特位，否则PoolManager会回滚交易。使用

v4-periphery

中的

HookMiner

来生成盐值，从而得到比特位符合要求的地址。部署后永远不要修改权限——地址是不可变的。

Utility Library Selection

工具库选择

Three optional utility libraries can be included in the generated hook. Include only what your hook logic uses.

Library	Include When
`currencySettler`	Your hook moves tokens between itself and the PoolManager (e.g., custom accounting, fee collection)
`safeCast`	Your hook performs arithmetic that could overflow when casting between integer types
`transientStorage`	Your hook needs to pass data between callbacks within a single transaction without persisting to storage (requires EVM Cancun or later, Solidity >= 0.8.24)

Guidance:

currencySettler

is almost always needed when

beforeSwapReturnDelta

afterSwapReturnDelta

afterAddLiquidityReturnDelta

, or

afterRemoveLiquidityReturnDelta

are enabled — it provides

settle

and

take

helpers that implement the correct

sync → transfer → settle

sequence.

```
transientStorage
```
is a gas-efficient alternative to storage slots for intra-transaction state. Use it to pass a flag or value from
```
beforeSwap
```
to
```
afterSwap
```
without paying 20k gas for a cold SSTORE.
```
safeCast
```
is advisable whenever you compute amounts derived from
```
int256
```
/
```
uint256
```
conversions, especially for fee calculations.

生成hook时可以引入三个可选的工具库，仅引入你的hook逻辑需要的库即可。

库名称	引入时机
`currencySettler`	你的hook需要在自身和PoolManager之间转移token（例如自定义记账、手续费收取）
`safeCast`	你的hook需要执行整数类型转换，可能存在溢出风险
`transientStorage`	你的hook需要在同一笔交易的多个回调之间传递数据，且不需要持久化存储（要求EVM Cancun及以上版本，Solidity >= 0.8.24）

指引：

当启用了

beforeSwapReturnDelta

、

afterSwapReturnDelta

、

afterAddLiquidityReturnDelta

或

afterRemoveLiquidityReturnDelta

时，几乎都需要引入

currencySettler

——它提供了

settle

和

take

辅助方法，实现了正确的

sync → transfer → settle

流程。

对于交易内的状态传递，
```
transientStorage
```
是比存储槽更省gas的方案。你可以用它在
```
beforeSwap
```
和
```
afterSwap
```
之间传递标记或数值，不需要为冷SSTORE支付20k gas。
当你需要基于
```
int256
```
/
```
uint256
```
转换计算金额，尤其是手续费计算时，建议使用
```
safeCast
```
。

Shares Configuration

份额配置

The

shares

option controls whether the generated hook issues a token representing user shares (e.g., LP positions in hook-owned liquidity pools).

Option	Description	Use When
`false`	No share token — hook does not track ownership of deposited assets	Simple hooks that do not hold user funds
`ERC20`	Fungible share token — one token represents proportional ownership of all hook-held assets	Hook-managed liquidity pools with interchangeable shares
`ERC6909`	Multi-token (minimal) — one contract manages many token IDs with lower overhead than ERC1155	Hook manages multiple distinct asset classes efficiently
`ERC1155`	Multi-token (standard) — full ERC1155 with metadata URI support	Hook needs broad wallet and marketplace compatibility

Trade-offs:

```
false
```
: smallest bytecode, no share accounting overhead; appropriate for fee hooks and oracles.
```
ERC20
```
: simplest fungible share; good DeFi composability (e.g., used as collateral).
```
ERC6909
```
: gas-efficient multi-token with a minimal interface; preferred for new protocol designs.
```
ERC1155
```
: widest ecosystem support (wallets, explorers, NFT marketplaces); higher gas cost per transfer than ERC6909.

shares

选项控制生成的hook是否发行代表用户份额的token（例如hook所有的流动性池中的LP头寸）。

选项	说明	使用场景
`false`	无份额token —— hook不跟踪存入资产的所有权	不持有用户资金的简单hook
`ERC20`	同质化份额token —— 一枚token代表对hook持有所有资产的比例所有权	hook管理的流动性池，份额可互换
`ERC6909`	极简多token标准 —— 单个合约管理多个token ID，开销比ERC1155更低	hook需要高效管理多个不同的资产类别
`ERC1155`	标准多token标准 —— 完整的ERC1155实现，支持metadata URI	hook需要兼容广泛的钱包和市场

权衡：

```
false
```
：字节码最小，无份额记账开销；适合手续费hook和预言机。
```
ERC20
```
：最简单的同质化份额实现；DeFi composability好（例如可作为抵押品）。
```
ERC6909
```
：省gas的多token实现，接口极简；新协议设计的首选。
```
ERC1155
```
：生态支持最广泛（钱包、浏览器、NFT市场）；转账gas成本比ERC6909高。

Access Control Options

访问控制选项

The

access

option shapes the constructor and administrative interface of the generated hook.

Option	Constructor Shape	Use When
`ownable`	`constructor(IPoolManager, address initialOwner)`	Single owner controls all admin functions
`roles`	`constructor(IPoolManager, address admin)`	Multiple roles with granular permissions (OpenZeppelin AccessControl)
`managed`	`constructor(IPoolManager, address authority)`	External authority contract governs permissions (OpenZeppelin AccessManaged)

Guidance:

```
ownable
```
is the simplest — one address can perform all privileged operations. Suitable for early-stage hooks and personal tools.
```
roles
```
adds
```
ADMIN_ROLE
```
,
```
PAUSER_ROLE
```
, etc. via OpenZeppelin
```
AccessControl
```
. Use when different team members need different privileges (e.g., a keeper bot that can update fees but cannot upgrade the contract).
```
managed
```
delegates all permission checks to a separate
```
AccessManager
```
contract. Use when you need a unified governance layer across multiple contracts or want timelocked admin actions.

Note: Changing the
access
option changes the constructor signature. Update deployment scripts and initialization logic accordingly. When using
ownable
, ensure the
initialOwner
is not the zero address — OpenZeppelin's
Ownable
reverts on zero address since v5.

access

选项决定生成的hook的构造函数和管理接口形式。

选项	构造函数结构	使用场景
`ownable`	`constructor(IPoolManager, address initialOwner)`	单个所有者控制所有管理功能
`roles`	`constructor(IPoolManager, address admin)`	多角色粒度权限控制（基于OpenZeppelin AccessControl）
`managed`	`constructor(IPoolManager, address authority)`	外部权限合约管理权限（基于OpenZeppelin AccessManaged）

指引：

```
ownable
```
是最简单的方案——单个地址可执行所有特权操作。适合早期阶段的hook和个人工具。
```
roles
```
基于OpenZeppelin
```
AccessControl
```
实现，提供
```
ADMIN_ROLE
```
、
```
PAUSER_ROLE
```
等角色。当不同团队成员需要不同权限时使用（例如运维机器人可以更新手续费，但不能升级合约）。
```
managed
```
将所有权限校验委托给独立的
```
AccessManager
```
合约。当你需要在多个合约之间使用统一的治理层，或者需要管理员操作带时间锁时使用。

注意：修改
access
选项会改变构造函数签名，请相应更新部署脚本和初始化逻辑。使用
ownable
时，确保
initialOwner
不是零地址——OpenZeppelin的
Ownable
从v5开始遇到零地址会回滚。

Hook Inputs Reference

Hook入参参考

Some hook types accept numeric configuration inputs that tune behavior. These are passed as the

inputs

object in the MCP tool call.

Input	Type	Used By	Description
`blockNumberOffset`	`uint256`	`AntiSandwichHook` , `LiquidityPenaltyHook`	Number of blocks before sandwich/JIT detection window opens
`maxAbsTickDelta`	`int24`	`AntiSandwichHook`	Maximum tick movement allowed per block before MEV protection triggers

For hook types that do not use these inputs, omit the

inputs

field or pass an empty object

{}

. Passing unsupported inputs to the MCP tool will not cause an error but the values will be ignored.

部分hook类型支持数值配置入参来调整行为，这些参数会作为MCP工具调用的

inputs

对象传递。

入参	类型	被哪些hook使用	说明
`blockNumberOffset`	`uint256`	`AntiSandwichHook` , `LiquidityPenaltyHook`	三明治/JIT检测窗口开启前的区块数
`maxAbsTickDelta`	`int24`	`AntiSandwichHook`	触发MEV防护前每个区块允许的最大tick变动

对于不需要这些入参的hook类型，省略

inputs

字段或者传入空对象

{}

即可。向MCP工具传递不支持的入参不会导致错误，但参数值会被忽略。

MCP Tool Call (Canonical)

MCP工具调用（标准格式）

The OpenZeppelin Contracts Wizard exposes a

generate_hook

MCP tool. The following is the canonical JSON schema — populate each field according to your decisions from the sections above, then pass this object as the tool's argument.

json

{
  "hook": "BaseHook",
  "name": "MyHook",
  "pausable": false,
  "currencySettler": true,
  "safeCast": true,
  "transientStorage": false,
  "shares": { "options": false },
  "permissions": {
    "beforeInitialize": false,
    "afterInitialize": false,
    "beforeAddLiquidity": false,
    "beforeRemoveLiquidity": false,
    "afterAddLiquidity": false,
    "afterRemoveLiquidity": false,
    "beforeSwap": true,
    "afterSwap": false,
    "beforeDonate": false,
    "afterDonate": false,
    "beforeSwapReturnDelta": false,
    "afterSwapReturnDelta": false,
    "afterAddLiquidityReturnDelta": false,
    "afterRemoveLiquidityReturnDelta": false
  },
  "inputs": {
    "blockNumberOffset": 1,
    "maxAbsTickDelta": 100
  },
  "access": "ownable",
  "info": { "license": "MIT" }
}

Field notes:

```
hook
```
: string — one of the 14 hook types from the decision table
```
name
```
: string — the Solidity contract name (PascalCase, no spaces)
```
pausable
```
: boolean — wraps the hook in OpenZeppelin
```
Pausable
```
; adds
```
pause()
```
/
```
unpause()
```
admin functions

shares.options

false

"ERC20"

"ERC6909"

"ERC1155"

```
access
```
:
```
"ownable"
```
|
```
"roles"
```
|
```
"managed"
```
```
info.license
```
: SPDX license identifier — use
```
"MIT"
```
for open-source hooks
```
inputs
```
: omit or pass
```
{}
```
for hook types that do not use
```
blockNumberOffset
```
/
```
maxAbsTickDelta
```

OpenZeppelin合约向导提供了

generate_hook

MCP工具，以下是标准JSON schema——根据你在上文各节的决策填充每个字段，然后将该对象作为工具的入参传递。

json

{
  "hook": "BaseHook",
  "name": "MyHook",
  "pausable": false,
  "currencySettler": true,
  "safeCast": true,
  "transientStorage": false,
  "shares": { "options": false },
  "permissions": {
    "beforeInitialize": false,
    "afterInitialize": false,
    "beforeAddLiquidity": false,
    "beforeRemoveLiquidity": false,
    "afterAddLiquidity": false,
    "afterRemoveLiquidity": false,
    "beforeSwap": true,
    "afterSwap": false,
    "beforeDonate": false,
    "afterDonate": false,
    "beforeSwapReturnDelta": false,
    "afterSwapReturnDelta": false,
    "afterAddLiquidityReturnDelta": false,
    "afterRemoveLiquidityReturnDelta": false
  },
  "inputs": {
    "blockNumberOffset": 1,
    "maxAbsTickDelta": 100
  },
  "access": "ownable",
  "info": { "license": "MIT" }
}

字段说明：

```
hook
```
：字符串 —— 决策表中14种hook类型之一
```
name
```
：字符串 —— Solidity合约名称（大驼峰命名，无空格）
```
pausable
```
：布尔值 —— 为hook添加OpenZeppelin
```
Pausable
```
能力；新增
```
pause()
```
/
```
unpause()
```
管理功能

shares.options

：

false

"ERC20"

"ERC6909"

"ERC1155"

```
access
```
：
```
"ownable"
```
|
```
"roles"
```
|
```
"managed"
```
```
info.license
```
：SPDX许可证标识符 —— 开源hook使用
```
"MIT"
```
```
inputs
```
：如果hook类型不需要
```
blockNumberOffset
```
/
```
maxAbsTickDelta
```
则省略或传入
```
{}
```

Workflow: Gather → Configure → Generate → Secure

工作流：需求收集 → 配置 → 生成 → 安全审计

Follow these steps in order every time you use this skill.

每次使用本技能时都按顺序执行以下步骤：

Step 1: Gather Requirements

步骤1：收集需求

Ask the user (or infer from context):

What is the hook's primary goal? (Map to the decision table.)
Which lifecycle events does the hook need to intercept? (Map to permissions.)
Does the hook hold or move user funds? (Determines
```
currencySettler
```
and
```
shares
```
.)
Who administers the hook? (Single owner, role-based team, or external governance?)
Does the hook need to pass state between callbacks within a single transaction?
Is this for a chain with EVM Cancun support? (Required for
```
transientStorage
```
.)

询问用户（或从上下文推断）：

Hook的核心目标是什么？（匹配决策表）
Hook需要拦截哪些生命周期事件？（匹配权限）
Hook是否持有或转移用户资金？（决定
```
currencySettler
```
和
```
shares
```
配置）
谁来管理hook？（单个所有者、基于角色的团队、还是外部治理？）
Hook是否需要在同一笔交易的多个回调之间传递状态？
部署的链是否支持EVM Cancun？（使用
```
transientStorage
```
的必要条件）

Step 2: Select Hook Type

步骤2：选择Hook类型

Using the decision table, identify the single best hook type. If the user's goal maps to multiple types, explain the trade-offs and ask them to confirm. Document the chosen type and the reasoning.

使用决策表确定最合适的单一hook类型。如果用户的目标对应多个类型，说明不同方案的权衡并请用户确认。记录选择的类型和理由。

Step 3: Configure All Six Decisions

步骤3：完成全部6项决策配置

Work through the minimal decision checklist:

Set
```
hook
```
to the chosen type.
Set each permission flag — default
```
false
```
, enable only what the logic requires.
Set
```
currencySettler
```
,
```
safeCast
```
,
```
transientStorage
```
based on utility library guidance.
Set
```
shares.options
```
based on shares guidance.
Set
```
access
```
based on access control guidance.
Set
```
inputs
```
only if the hook type uses
```
blockNumberOffset
```
or
```
maxAbsTickDelta
```
.

对照最低决策检查清单完成配置：

将
```
hook
```
设为选择的类型。
设置每个权限标记 —— 默认
```
false
```
，仅启用逻辑需要的权限。
根据工具库指引设置
```
currencySettler
```
、
```
safeCast
```
、
```
transientStorage
```
。
根据份额指引设置
```
shares.options
```
。
根据访问控制指引设置
```
access
```
。
仅当hook类型需要时设置
```
blockNumberOffset
```
或
```
maxAbsTickDelta
```
。

Step 4: Assemble and Call the MCP Tool

步骤4：组装并调用MCP工具

Construct the JSON object from Step 3 and call the OpenZeppelin Contracts Wizard MCP tool with it. The tool returns Solidity source code — it does not write files automatically.

After receiving the generated code:

Display the code to the user.
Explain the key generated sections (constructor,
```
getHookPermissions
```
, enabled callbacks).
Note any manual steps required (HookMiner for address mining, deployment script updates for constructor args if
```
access
```
is
```
roles
```
or
```
managed
```
).

基于步骤3的配置构建JSON对象，用它调用OpenZeppelin合约向导MCP工具。工具会返回Solidity源代码——不会自动写入文件。

收到生成的代码后：

向用户展示代码。
说明生成的核心部分（构造函数、
```
getHookPermissions
```
、启用的回调）。
说明需要手动完成的步骤（用HookMiner生成地址、如果
```
access
```
是
```
roles
```
或
```
managed
```
需要更新部署脚本的构造函数参数）。

Step 5: Apply Security Foundations

步骤5：应用安全基础检查

Always remind the user — and invoke

v4-security-foundations

— before the code is deployed:

Verify all enabled callbacks check
```
msg.sender == address(poolManager)
```
.
Review any enabled
```
*ReturnDelta
```
permissions for NoOp attack exposure.
Confirm delta accounting sums to zero for every execution path.
Run the full pre-deployment audit checklist from
```
v4-security-foundations
```
.

务必提醒用户——代码部署前调用

v4-security-foundations

：

验证所有启用的回调都检查
```
msg.sender == address(poolManager)
```
。
检查所有启用的
```
*ReturnDelta
```
权限是否存在NoOp攻击风险。
确认所有执行路径的delta记账总和为0。
执行
```
v4-security-foundations
```
中的完整部署前审计检查清单。

Important Notes

重要说明

Access control changes constructor shape: Choosing
```
ownable
```
adds an
```
initialOwner
```
parameter;
```
roles
```
adds an
```
admin
```
parameter;
```
managed
```
adds an
```
authority
```
parameter. Update deployment scripts and factory contracts accordingly.
Permissions encode in the hook address: Each enabled permission flag corresponds to a specific bit in the lower bytes of the hook's deployed address. The PoolManager validates these bits on every callback. Use
```
HookMiner
```
from
```
v4-periphery
```
to mine a deployment salt that produces a matching address.
MCP returns code only — it does not write files: The generated Solidity is returned as a string. You must write it to disk yourself (e.g.,
```
packages/contracts/src/hooks/MyHook.sol
```
).

访问控制会修改构造函数结构：选择
```
ownable
```
会新增
```
initialOwner
```
参数；
```
roles
```
会新增
```
admin
```
参数；
```
managed
```
会新增
```
authority
```
参数。请相应更新部署脚本和工厂合约。
权限编码在hook地址中：每个启用的权限标记对应hook部署地址低字节中的特定比特位。PoolManager会在每次回调时校验这些比特位。使用
```
v4-periphery
```
中的
```
HookMiner
```
生成部署盐值，得到匹配的地址。
MCP仅返回代码——不会写入文件：生成的Solidity代码以字符串形式返回，你需要手动写入磁盘（例如
```
packages/contracts/src/hooks/MyHook.sol
```
）。