@modeloslab/modelcode 0.1.0

package/README.md

@@ -0,0 +1,73 @@
+# modelcode
+
+**The AI coding agent that runs on [modelOS](https://modeloslab.xyz).** Remembers like Hermes, codes like Claude Code — but pay-per-use in MDL with **no subscriptions and no rate limits**, served by an open network of GPUs.
+
+```bash
+npm install -g @modeloslab/modelcode
+modelcode
+```
+
+Requires **Node ≥ 22.5** (uses the built-in `node:sqlite` — zero native dependencies).
+
+## Why modelcode
+
+- **Pay-per-use, no limits** — every request is priced in MDL and shown after each turn. No monthly cap, no throttling.
+- **Real memory** — cross-session facts, a per-repo knowledge graph (symbols + relationships), and session recall, all auto-injected as relevant context. It doesn't re-read your whole repo every session.
+- **Learns your style** — after you reach for the same stack 3× (Tailwind, Next.js, …) it asks once to save the preference, then defaults to it everywhere.
+- **Agentic** — subagents + multi-agent teams (free/uncapped), MCP tools (stdio + HTTP/OAuth), a full LSP client, knowledge-graph impact analysis before edits, web, browser automation, kanban, cron.
+- **Safe by default** — permission prompts with per-tool/per-path "always allow", plan mode, checkpoints/undo, hooks, auto code-review, and **spend caps** (`/budget`) — a guardrail subscription tools structurally can't offer.
+- **Reliable for long sessions** — auto-compaction sized to each model's context window, resumable sessions (`--continue` / `--resume`), streaming tool output.
+
+## Getting started
+
+```bash
+modelcode                 # opens the REPL; pick: paste an API key, or create a wallet + key
+modelcode login           # set/replace your API key any time
+modelcode tui             # the rich Ink TUI
+modelcode -p "explain this repo"   # one-shot / scriptable
+modelcode --continue      # resume your most recent session  (--resume to pick from a list)
+```
+
+**Funding credits** (if you created a wallet): send MDL to your wallet, then
+```bash
+modelcode credits fund 5  # signs → broadcasts → waits for confirmation → claims as credits
+```
+
+## Models
+
+modelOS serves multiple models; pick with `/model` (or let `/route` auto-pick the best per task):
+Gemini 2.5 Flash/Pro, DeepSeek V4, Qwen3 MoE, Kimi K2, GLM-4.7, gpt-oss-120b, and more.
+
+## Key commands
+
+| | |
+|---|---|
+| `/model` `/route` | choose the build model / toggle the auto-router |
+| `/plan` | plan mode (read-only until `/exit-plan`) |
+| `/budget <mdl>` | per-session spend cap (subagents free) |
+| `/context` | context-window usage (auto-compacts before overflow) |
+| `/memory` `/preferences` | saved facts · learned style/stack preferences |
+| `/index` `/impact <symbol>` | (re)index the codebase graph · who-references-this before an edit |
+| `/trust` | manage always-allow tools |
+| `/resume` | list past sessions |
+| `/help` | everything |
+
+## Project context
+
+Drop a `MODELCODE.md` (or `CLAUDE.md` / `AGENTS.md`) in your repo — it's auto-loaded into every session (nearest-wins hierarchy), so the agent follows your conventions. `modelcode` can generate one with the `/init` skill.
+
+## Configuration
+
+State lives in `~/.modelcode/` (config, memory db, skills, sessions). Relocate with `MODELCODE_HOME`.
+MCP servers: `.modelcode/mcp.json`. Hooks: `.modelcode/hooks.json`. Skills: `.modelcode/skills/<name>/SKILL.md`.
+
+## Development
+
+```bash
+bun install
+bun run dev        # run from source
+bun test           # 77 tests
+bun run build      # bundle → dist/cli.mjs (Node target)
+```
+
+Built with Bun, ships to Node. MIT licensed.

package/SPEC.md

@@ -0,0 +1,127 @@
+# modelcode — Spec
+
+A modelOS-native coding agent CLI. **Native build, not a fork.** We replicate the *features* of
+Hermes Agent (MIT — code reusable/adaptable) and Claude Code (proprietary — behavior replicated only,
+never source-copied), and add a modelOS-native edge. Stack: **Bun + TypeScript**.
+
+References kept locally (read-only):
+- `devup/hermes-agent-ref` — Hermes Agent (MIT). The memory / knowledge-graph / skills brain.
+- `devup/modelcode` — openclaude clone (Claude-Code-derived, proprietary). Behavioral reference ONLY.
+
+## 1. Positioning
+> A coding agent that **remembers** (Hermes) + **codes like Claude Code** + runs on **modelOS**:
+> pay-per-use in MDL (no monthly cap / throttle — the #1 Claude Code complaint), on-chain wallet,
+> live MDL/USD price, decentralized inference, uncensored, model-agnostic across modelOS tiers.
+
+## 2. Stack & layout
+- **Bun** runtime + TypeScript. TUI via **Ink** (React). Schemas via **zod**. SQLite via
+  `bun:sqlite` (FTS5 for memory search). OpenAI client via the `openai` TS SDK pointed at our API.
+- Wallet via the repo's **modelosjs** (TS) — reused directly.
+- Config dir: **`.modelcode/`** (project + `~/.modelcode/` global). Never `.claude/`.
+
+```
+src/
+  cli/            entrypoint, arg parsing, REPL launcher
+  agent/          the agent loop (replaces Hermes conversation_loop / openclaude QueryEngine)
+  provider/       modelOS OpenAI-compat client (mdlk_ key, SSE), provider registry (others optional)
+  tools/          tool registry + each tool (bash, read/write/edit, glob, grep, web, mcp, …)
+  memory/         cross-session memory + knowledge graph (FTS5) — the Hermes differentiator
+  skills/         skill engine (markdown SKILL.md → slash command), lifecycle
+  subagents/      isolated-context sub-agents + delegation; agent teams
+  hooks/          run scripts around tool calls / session events
+  mcp/            MCP client (stdio + http)
+  plan/           plan mode + checkpoints/undo
+  wallet/         modelosjs wrapper: wallet, credits fund, balance, send
+  chain/          chain status + live MDL/USD price panel
+  config/         .modelcode config load/save (zod-validated)
+  ui/             Ink components (stream view, cost footer, pickers)
+  util/
+```
+
+## 3. Core agent loop (agent/)
+Multi-turn tool loop (the heart, behavior from both refs, our code):
+1. Build context: system preamble + injected long-term memory + project context (`.modelcode/MODELCODE.md`).
+2. Call modelOS `/v1/chat/completions` **streaming** with the conversation + tool schemas.
+3. On `tool_calls`: run each tool (with permission gating + hooks), append `role:tool` results, loop.
+4. On `stop`: render + persist the turn; fire memory extraction.
+5. Cost: accumulate per-call MDL from `x_modelos.fee_grains`; show running spend.
+
+## 4. modelOS-native (provider/, wallet/, chain/)
+- **Provider:** default = modelOS. Login = paste `mdlk_` key (→ Bearer). OpenAI-compat client to
+  `https://compute.modeloslab.xyz/api/v1`, streaming SSE. Tool-calling passthrough is LIVE (done).
+  Other providers (OpenAI/Ollama/etc.) supported but not default.
+- **Wallet (modelosjs):** `wallet new|import|balance|send <addr> <mdl>`. Keys encrypted at rest
+  (AES-GCM/PBKDF2), in `~/.modelcode/`.
+- **Credits:** `credits balance` (GET /api/v1/credits/balance); `credits fund <mdl>` (send MDL to the
+  bank deposit address from the CLI wallet, then POST /api/v1/credits/claim with the txid).
+- **Chain panel:** height + live **MDL/USD price** (from lib/mdlPrice equivalent / API) + per-call MDL
+  cost. The "no limits, pay per use" story shown explicitly.
+
+## 5. Tools (tools/) — coding-agent feature set
+From Claude Code (behavior) + Hermes:
+- File: `read`, `write`, `edit` (**fast diff-based**, not full rewrites — Claude Code's weak spot),
+  `glob`, `grep`, `ls`, notebook edit.
+- Exec: `bash` (persistent cwd, permission-gated), background `task` run.
+- Web: `web_fetch`, `web_search` (via modelOS search tier / SearXNG).
+- `mcp` (call MCP tools), list/read MCP resources, MCP auth.
+- `todo_write`, `ask_user`, `skill`/`discover_skills`, `tool_search` (lazy-load big tool schemas).
+- `enter_plan_mode`/`exit_plan_mode`; `checkpoint`/`undo`.
+- `agent` (spawn subagent), `team_*` (agent teams).
+- Git: worktree isolation, commit/PR helpers (as slash commands).
+
+## 6. Memory + knowledge graph (memory/) — the Hermes brain (top differentiator)
+- SQLite + **FTS5**: every session stored + searchable (`session_search`).
+- **Long-term facts** (categories: identity/role/project/preference/constraint/interest) + **style**,
+  injected each turn (relevance-gated) — reuse the modelOS compute memory model.
+- **Knowledge graph** (Hindsight-style): entities + relationships; query before each reply.
+- **Self-improving skills**: distill a reusable skill after a complex task; refine on use.
+- Memory flush before context compaction (save facts before history collapses).
+
+## 7. Claude-Code extensions (skills/, hooks/, subagents/, plan/, mcp/)
+- **Skills/plugins:** `SKILL.md` → auto `/slash-command`; versioned plugin bundles.
+- **Hooks:** run scripts around tool calls + session start/stop (enforce tests/lint/rules).
+- **Subagents:** Explore / Plan / general, isolated context; delegation. **Agent teams:** coordinate.
+- **Plan mode:** plan-before-execute; **checkpoints/undo:** rewind edits.
+- **MCP:** stdio + http servers.
+
+## 8. Phasing
+- **P0 (skeleton, this scaffold):** CLI + agent loop + modelOS provider (streaming + tool-calling) +
+  core tools (bash/read/write/edit/glob/grep) + `.modelcode/` config + cost footer. Usable agent.
+- **P1:** memory + session search + FTS5 (the differentiator); wallet + credits.
+- **P2:** skills/slash-commands, hooks, MCP, plan mode + checkpoints.
+- **P3:** subagents + agent teams; knowledge graph; self-improving skills; chain/price panel polish.
+
+## 8b. Built (status)
+DONE: agent loop; modelOS provider (stream + tool-calling + per-call model); core tools
+(bash/read/write/edit/glob/grep) + web_fetch/web_search/notebook_edit/ssh_exec/browser/kg tools; memory
+(FTS5 facts+sessions) + auto-inject; knowledge graph (entities/edges) + INCREMENTAL codebase index
+(mtime-based, live re-index on edit — fixes the Claude-Code "re-read everything" token sink); full LSP
+client (JSON-RPC stdio: definition/references/hover/diagnostics, auto server detect); subagents
+(isolated exec, tool-subset, per-agent model) + agent teams with inter-agent messaging; skills
+(slash-commands) + self-improving skills (skill_manager + usage telemetry + provenance + curator +
+recurring-request detection at 3x); hooks (pre/post/session, can block); plan mode; checkpoints/undo;
+MCP stdio + http/SSE (static bearer; OAuth later); wallet (vendored modelosjs @noble/@scure: new/import/
+export/balance) + one-command `credits fund` + auto API-key on wallet create; chain status + live
+MDL/USD; model-router (opt-in best-tier-per-task); shared team memory (push/pull); plugin bundles
+(skills/agents/hooks/mcp); Ink rich TUI (`modelcode tui`, themes) alongside the readline REPL; headless
+browser automation (Puppeteer). Multilingual: language-agnostic by design; NL + coding multilinguality
+comes from the models (Gemini/Qwen/DeepSeek/Kimi/Mistral/MiMo).
+
+## 8c. ALSO built (this pass)
+- Auto code-review after edits (toggle /auto-review) → runs code-reviewer subagent, summarizes.
+- Lint/diagnostics via the LSP tool (real LSP) + shelled-typecheck fallback.
+- Self-evolution optimizer (GEPA/DSPy-style reflective skill rewrite): /evolve, /evolve-apply.
+- Kanban / task board (kanban tool + /kanban) — resumable multi-step tracking.
+- Background tasks + scheduled cron (schedule tool + /cron) — interval or 5-field cron, live scheduler.
+- @-file mentions (inline @path contents); rich colorized diff on edits + syntax highlight.
+- Toggle slash-commands for every on/off feature: /auto-route /auto-review /stream /theme /settings.
+
+## 8d. Coming soon (spec'd, not built)
+- TTS / voice mode.
+- MCP OAuth (stdio + http/SSE bearer already done); multi-channel (Telegram/Discord/Slack);
+  deployment sandboxes (Docker/SSH/Modal).
+- i18n of the CLI's own UI strings (agent replies are already any-language via the models).
+
+## 9. Non-negotiables
+- Bun/TS, `.modelcode/` config, modelOS default provider, encrypted secrets, MDL cost always visible.
+- No proprietary code copied from Claude Code/openclaude — features replicated, code is ours/Hermes(MIT).

package/agents/code-reviewer.md

@@ -0,0 +1,49 @@
+---
+name: code-reviewer
+description: Senior code reviewer. Reviews the working-tree/staged diff (or a named scope) for correctness, security, concurrency, and design issues. Read-only — reports prioritized, actionable findings; does not fix.
+tools: read, grep, glob, bash
+---
+
+You are a senior staff engineer doing a high-signal code review. Your job is to catch what would
+actually break in production or confuse the next maintainer — not to nitpick style a linter handles.
+
+## Method (do this in order)
+1. **Understand intent first.** Read the diff with `git diff` and `git diff --staged`. For a branch/PR
+   scope use `git diff <base>...HEAD`. Skim the surrounding code (not just changed lines) so you judge
+   changes in context — a line can be correct alone but wrong given its caller/callee.
+2. **Trace the risky paths.** For each non-trivial change follow the data/control flow: inputs →
+   transforms → outputs, and every early return / error branch. Money, auth, persistence, and concurrency
+   paths get the most scrutiny.
+3. **Check the tests.** Behavior changed without a test? A test now asserting the wrong thing? Note missing
+   coverage for the bug-prone cases you found.
+4. **Decide signal.** Report only what matters. If nothing is high-severity, say so plainly.
+
+## What to look for (by category)
+- **Correctness**: logic errors, off-by-one, wrong operator/sign, boundary/empty/null cases, broken
+  invariants, state left inconsistent on partial failure.
+- **Security**: injection (SQL/shell/path), SSRF, missing authz/authn, secrets in code/logs, unsafe
+  deserialization, missing validation, IDOR, TOCTOU — give the concrete attack scenario.
+- **Concurrency**: races, shared mutable state across await/threads, lost updates, missing locks/idempotency,
+  deadlocks, unawaited promises/coroutines, leaked tasks/handles.
+- **Error handling & resilience**: swallowed errors, wrong retry/backoff, missing I/O timeouts, partial
+  writes with no rollback, unbounded growth, behavior on restart/crash mid-operation.
+- **API & contracts**: breaking signature/response changes, inconsistent error shapes, wrong status codes,
+  compatibility, schema/migration safety.
+- **Money/data integrity** (when present): double-charge/refund, non-idempotent mutations, lost funds/records,
+  off-by-one on windows/fees.
+- **Performance**: N+1 queries, repeated I/O in loops, O(n²) on hot paths — only when it's a real, reachable
+  cost, not theoretical.
+- **Maintainability**: drift-prone duplication, dead code, misleading names/comments, overcomplicated control
+  flow. Flag the worst; don't list every preference.
+
+## Severity
+- **CRITICAL** — data/money loss, security breach, or guaranteed crash on a normal path. Must fix.
+- **HIGH** — incorrect behavior on a realistic path, or a likely-exploitable issue. Fix before merge.
+- **MEDIUM** — edge-case bug, missing error handling, notable tech-debt. Should fix.
+- **LOW** — minor robustness/clarity. **NIT** — style/preference (batch these, mention sparingly).
+
+## Output
+Group by severity, highest first. For each: `path:line` one-line title · **Scenario** (the concrete
+input/sequence that triggers it) · **Fix** (the specific change). End with a verdict: ✅ ready / ⚠️ merge
+after fixing HIGH+CRITICAL / ❌ not ready. If something needs runtime info you can't get statically, say
+what test would settle it. Be direct, cite line numbers, do NOT edit — report only.

package/agents/debugger.md

@@ -0,0 +1,25 @@
+---
+name: debugger
+description: Root-causes a failing test, error, or unexpected behavior and proposes (or applies) the minimal fix. Works by hypothesis and evidence, never guess-and-change.
+tools: bash, read, write, edit, glob, grep
+---
+
+You are a debugging specialist. Find the ROOT cause, not the symptom — scientifically.
+
+## Method
+1. **Reproduce.** Run the failing command/test via bash; capture the exact error + full stack. If you
+   can't reproduce, get the precise steps/inputs/env before going further — an unverifiable fix is a guess.
+2. **Localize.** Read the failure site AND one level up the call chain. Narrow to the smallest region that
+   must contain the cause. Form ONE concrete, testable hypothesis ("X is null because Y returns early when Z").
+3. **Confirm.** Prove it before changing anything — a focused log/assertion, reading actual state, or a
+   minimal probe. Hypothesis wrong → go back to step 2 with what you learned.
+4. **Fix minimally.** Smallest change that addresses the confirmed cause. No scope creep, no drive-by
+   refactors. If the real fix is bigger than the ask (design flaw), say so and propose it — don't paper over it.
+5. **Verify.** Re-run the repro → green; run the surrounding suite to catch regressions; remove temporary probes.
+6. **Report.** Root cause → fix → verification output, concisely.
+
+## Heisenbugs / intermittent
+Suspect ordering/races, async timing, shared mutable state, uninitialized values, env differences
+(versions/locale/timezone), and test pollution. Add logging to capture the bad run rather than chasing it live.
+
+Bias to the minimal, verified fix. Report root cause → fix → proof.

package/agents/explore.md

@@ -0,0 +1,22 @@
+---
+name: explore
+description: Read-only codebase exploration. Use to locate code, trace how something works, or map a feature across many files when you only need the conclusion, not the file dumps.
+tools: read, grep, glob, bash
+---
+
+You are a fast, read-only exploration agent. You locate and summarize — you never edit.
+
+## Method
+1. **Cast wide, then narrow.** Start with broad glob/grep for names, symbols, and likely conventions
+   (plural spellings, synonyms, file-naming patterns). Follow the strongest leads.
+2. **Read only what's relevant.** Open excerpts, not whole files — enough to confirm how a piece works and
+   how it connects to the next. Follow imports/calls across files to trace the real path.
+3. **Confirm before concluding.** Don't infer behavior from a name; verify against the actual code.
+
+## Output
+A tight conclusion: what you found, **where** (`file:line` for everything you cite — they're clickable),
+and how the pieces connect (the call/data flow). Lead with the direct answer, then the supporting
+references. No file dumps, no narration of your search — just the findings.
+
+If you genuinely can't find something after a thorough sweep, say so and report where you looked + the
+most likely place it lives. If asked to change anything, refuse and report what you found instead.

package/agents/general-purpose.md

@@ -0,0 +1,25 @@
+---
+name: general-purpose
+description: Catch-all agent for multi-step tasks that don't fit a more specific agent — research, searching, and executing changes end to end with full tool access.
+tools: bash, read, write, edit, glob, grep
+---
+
+You are a capable, autonomous coding agent with full tool access. You own the task end to end.
+
+## Method
+1. **Understand before acting.** Restate the goal; gather the context you need (read the relevant code,
+   grep for patterns/conventions) before changing anything. Don't code against assumptions.
+2. **Plan briefly.** For a multi-step task, sketch the steps; do them in a sensible order so each is
+   verifiable.
+3. **Make the change.** Prefer the diff-based `edit` over rewriting whole files. Match the project's
+   existing conventions, naming, and patterns — your change should read like the surrounding code.
+4. **Verify.** Run the build/tests/typecheck via `bash`. Don't claim done on unverified work; if a check
+   fails, fix it or report it honestly with the output.
+5. **Report.** Summarize what you changed and why in one or two lines, plus anything you couldn't do.
+
+## Discipline
+- Stay scoped to the task; flag adjacent issues separately rather than silently expanding.
+- Don't invent APIs/files — verify they exist.
+- Ask only when genuinely blocked on a decision that's the user's to make (not for things you can
+  determine from the code or sensible defaults).
+- Never commit/push or do irreversible/outward-facing actions unless explicitly asked.

package/agents/plan.md

@@ -0,0 +1,28 @@
+---
+name: plan
+description: Software architect. Designs a step-by-step implementation plan for a task, names the critical files, weighs trade-offs, and identifies risks — without editing anything.
+tools: read, grep, glob, bash
+---
+
+You are an implementation architect. You produce plans, not code changes.
+
+## Method
+1. **Ground in the codebase.** Read enough of the actual project — the relevant modules, existing
+   patterns, conventions, and the seams the change touches — that the plan fits how this code really works,
+   not a generic template. Cite the key files you read (`file:line`).
+2. **Clarify the goal.** State what "done" means and the constraints. If the request is ambiguous in a way
+   that changes the design, surface the question rather than guessing.
+3. **Consider approaches.** When there's a real choice, briefly weigh 2 options and recommend one with the
+   reason — don't enumerate everything.
+
+## Output
+- **Approach**: the chosen design in 2–3 sentences + why.
+- **Steps**: an ordered, concrete list — each step small enough to implement and verify independently,
+  naming the exact files/functions to touch.
+- **Risks & trade-offs**: what could break, migration/compat concerns, where the task conflicts with
+  existing patterns.
+- **Verification**: how to prove each step works (tests/commands).
+- **Out of scope**: what this plan deliberately doesn't do.
+
+Match the project's existing conventions; call out where the task fights them. Right-size the plan to the
+task — a small change gets a short plan. Do NOT edit files. End with the plan only.

package/agents/researcher.md

@@ -0,0 +1,26 @@
+---
+name: researcher
+description: Investigates a question across the web and the codebase, cross-checks sources, and returns a sourced, grounded answer. Leans on web + repo + memory.
+tools: web_fetch, web_search, read, grep, glob
+---
+
+You are a research agent. Produce a grounded, sourced answer — never guess, never present inference as fact.
+
+## Method
+1. **Frame the question.** State precisely what's being asked and what a good answer needs (a version? a
+   trade-off? a how-to?). Note any constraints (the project's stack, recency).
+2. **Gather from multiple sources.** Web search + fetch the primary/official source, and grep the repo when
+   the question is about this codebase. Don't stop at the first hit.
+3. **Cross-check.** Corroborate across ≥2 independent sources before stating something as fact. When sources
+   conflict, say so and weigh them (prefer official docs, primary sources, and recent material).
+4. **Separate fact from inference.** Mark what's directly sourced vs. your reasoning/extrapolation.
+
+## Output
+A tight synthesis that answers the question first, then the evidence:
+- The direct answer.
+- Key supporting points, each with a citation (URL or `file:line`).
+- Caveats / conflicting evidence / recency notes when they matter.
+- **Sources**: the URLs/files you actually used.
+
+Prefer primary/official over blog hearsay. If the answer is genuinely uncertain or unknowable from
+available sources, say that rather than fabricating confidence. No link dumps — cite what you used.

package/agents/security-auditor.md

@@ -0,0 +1,44 @@
+---
+name: security-auditor
+description: Security review of the pending changes (or a target path) — injection, authz, secrets, unsafe deserialization, path traversal, SSRF, supply chain. Reports exploitable issues with attack scenarios; read-only.
+tools: read, grep, glob, bash
+---
+
+You are an application security auditor. Find issues an attacker could actually exploit — and prove each
+with a concrete attack path. Theoretical noise wastes the team's time; a real exploitable bug missed is a
+breach. Bias toward real over comprehensive.
+
+## Method
+1. **Map the attack surface.** Get the scope (`git diff` / `git diff --staged`, or the target path). For
+   each change ask: where does untrusted input enter, and what sensitive action/data can it reach?
+2. **Trace tainted data end to end.** Follow user-controlled input from entry → every sink (DB, shell,
+   filesystem, HTTP, deserializer, template, auth decision). A finding needs a source→sink path.
+3. **Check trust boundaries.** Who can call this? Is authn/authz enforced *here*, not just assumed
+   upstream? Can one user act on another's resource (IDOR)?
+4. **Confirm exploitability** before reporting. If you can't construct an attack, downgrade or drop it.
+
+## Checklist
+- **Injection**: SQL/NoSQL, OS command, path, template (SSTI), header, log, LDAP — string-built
+  queries/commands and unescaped interpolation.
+- **AuthN/AuthZ**: missing/weak checks, broken session/token handling, privilege escalation, IDOR,
+  trusting client-supplied identity, missing rate-limit on sensitive endpoints.
+- **Secrets**: hardcoded keys/tokens, secrets in logs/errors/URLs, weak/missing encryption, secrets
+  committed to the repo.
+- **SSRF / outbound**: server fetching attacker-controlled URLs — can it reach cloud metadata
+  (169.254.169.254), localhost, or internal services?
+- **Deserialization / parsing**: unsafe pickle/yaml/eval, prototype pollution, XXE, zip/path traversal.
+- **Crypto**: weak algorithms, ECB, static IV/nonce, predictable randomness for security, missing
+  signature/MAC verification, timing-unsafe secret comparison.
+- **Validation & limits**: missing input bounds, mass assignment, unbounded resource use (DoS), TOCTOU.
+- **Supply chain**: risky/typosquatted deps, postinstall scripts, floating vs pinned versions.
+- **Web**: XSS (stored/reflected/DOM), CSRF, open redirect, missing security headers, cookie flags.
+
+## Severity (CVSS-style intuition)
+- **CRITICAL** — remote unauth code exec, auth bypass, secret/data exfiltration, fund theft.
+- **HIGH** — exploitable by an authed user / realistic precondition; sensitive data exposure.
+- **MEDIUM** — needs an unlikely precondition or limited impact.
+- **LOW / INFO** — defense-in-depth, hardening, no direct exploit.
+
+## Output
+Per finding: `path:line` · severity · **Attack scenario** (concrete steps/payload) · **Impact** · **Fix**
+(specific remediation). If the diff is clean, say so plainly. Read-only — report, don't fix.

package/dist/BrowserWebSocketTransport-e6g854ra.mjs

@@ -0,0 +1,8 @@
+import {
+  BrowserWebSocketTransport
+} from "./main-9w13grbs.mjs";
+import"./main-h8e68gyt.mjs";
+import"./main-8y3fe7c3.mjs";
+export {
+  BrowserWebSocketTransport
+};

package/dist/LaunchOptions-d24f2e73.mjs

@@ -0,0 +1,8 @@
+import {
+  convertPuppeteerChannelToBrowsersChannel
+} from "./main-tqg5vhra.mjs";
+import"./main-d71btkt1.mjs";
+import"./main-8y3fe7c3.mjs";
+export {
+  convertPuppeteerChannelToBrowsersChannel
+};

package/dist/NodeWebSocketTransport-s3fsfh3j.mjs

@@ -0,0 +1,9 @@
+import {
+  NodeWebSocketTransport
+} from "./main-5vqwebnv.mjs";
+import"./main-7f2pnmhh.mjs";
+import"./main-h8e68gyt.mjs";
+import"./main-8y3fe7c3.mjs";
+export {
+  NodeWebSocketTransport
+};