brainblast 0.4.1 → 0.4.3

package/README.md

@@ -12,6 +12,8 @@ npx brainblast .            # scan the repo, write .agent-research/report.json
 npx brainblast . --ci       # exit 1 if a confirmed FAIL remains
 npx brainblast . --ci --strict   # also fail on CANT_TELL (can't statically prove)
 npx brainblast . --since origin/main   # diff-aware: only audit what changed
+npx brainblast fix .                   # dry run: list mechanical fixes
+npx brainblast fix . --apply           # write fixes, re-audit RED -> GREEN
 ```
 
 Exit codes: **0** clean · **1** a confirmed FAIL · CANT_TELL is a warning by
@@ -58,6 +60,22 @@ git work tree). This is the integration point for an agent daemon — tail
 stdout for structured findings instead of polling `.agent-research/report.json`.
 Exit with Ctrl-C / SIGTERM.
 
+### Auto-fix (`brainblast fix`)
+
+```sh
+npx brainblast fix .            # dry run: list available mechanical fixes
+npx brainblast fix . --apply    # write each fix.diff to disk, then re-audit
+npx brainblast fix . --apply --branch   # also commit to brainblast/auto-fix-<ts>
+```
+
+Every confirmed FAIL that ships a mechanical `fix.diff` (e.g. Stripe raw-body,
+Privy `audience`/`issuer`) can be applied directly. `--apply` writes each diff,
+then re-runs the audit to confirm the finding now passes (RED -> GREEN) — any
+fix that doesn't take is reported, not silently dropped. Findings with only a
+`suggestion` (structural fixes brainblast won't auto-synthesize) are listed as
+guidance, not applied. `--branch` additionally creates a new branch and commits
+the applied changes.
+
 ## What it catches
 
 ### Web2 / Node.js
@@ -81,6 +99,8 @@ Exit with Ctrl-C / SIGTERM.
 | Rule | What's wrong | Consequence |
 |------|--------------|-------------|
 | `env-secrets-committed` | A `.env*` file (not `.env.example`/`.sample`/`.template`) is tracked by git and contains a secret-shaped key (`SECRET`, `*_PRIVATE_KEY`, `*_API_KEY`, `*_TOKEN`, `*_PASSWORD`, etc.) with a real-looking (non-placeholder) value | Anyone with read access to the repo — including forks of a public repo — can read the live credential |
+| `env-secret-leaked-to-sink` | A secret-shaped `process.env.X` value flows — directly, via a local variable, forward through helper functions (same-file or imported from another file), or backward into a function that's called elsewhere in the project with a tainted argument — into `console.log`/`res.json`/`res.send`/etc., up to 2 hops across the whole project | Credentials end up in logs, error trackers, or API responses — readable by anyone with log/response access |
+| `request-input-command-injection` | Untrusted `req.body`/`req.query`/`req.params`/`req.headers` data flows — directly or across files — into `exec`/`execSync`/`spawn`/`spawnSync`/`execFile`/`execFileSync` | A malicious request can run arbitrary shell commands on the server |
 
 Each finding lands in `.agent-research/report.json` (stable `schemaVersion: "1.0"`)
 with a `checks[]` array a CI gate can read. Each confirmed FAIL ships a
@@ -164,7 +184,7 @@ All types are exported: `Rule`, `CheckResult`, `CostReport`, `AccountFlow`,
 
 ```sh
 npm install
-npm test         # unit suite (164 tests)
+npm test         # unit suite (180 tests)
 npm run prove    # end-to-end: generated tests RED on vulnerable, GREEN on fixed
 npm run build    # produce dist/ (the published artifact)
 ```

package/dist/{chunk-P7K7NRVN.js → chunk-XQUQOBXZ.js}

@@ -487,6 +487,181 @@ var envSecretsCommitted = (c, p) => {
   return { result: "pass", detail: p.passDetail ?? "No committed secret-looking values found." };
 };
 
+// src/checkers/taintToSink.ts
+import { SyntaxKind as SyntaxKind7 } from "ts-morph";
+function calleeName(call) {
+  const exp = call.getExpression();
+  if (exp.getKind() === SyntaxKind7.Identifier) return exp.getText();
+  if (exp.getKind() === SyntaxKind7.PropertyAccessExpression) {
+    return exp.asKind(SyntaxKind7.PropertyAccessExpression).getName();
+  }
+  return "";
+}
+function calleeIdentifierName(call) {
+  const exp = call.getExpression();
+  return exp.getKind() === SyntaxKind7.Identifier ? exp.getText() : void 0;
+}
+function wordIn(text, name) {
+  return new RegExp(`\\b${name.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")}\\b`).test(text);
+}
+function matchesSource(text, sourceRes) {
+  return sourceRes.some((re) => re.test(text));
+}
+function localTaintedNames(fn, sourceRes) {
+  const names = /* @__PURE__ */ new Set();
+  for (const decl of fn.getDescendantsOfKind(SyntaxKind7.VariableDeclaration)) {
+    const init = decl.getInitializer();
+    if (init && matchesSource(init.getText(), sourceRes)) names.add(decl.getName());
+  }
+  return names;
+}
+function findDirectLeak(fn, sinkCalls, sourceRes, taintedNames) {
+  for (const call of fn.getDescendantsOfKind(SyntaxKind7.CallExpression)) {
+    const name = calleeName(call);
+    if (!sinkCalls.has(name)) continue;
+    for (const arg of call.getArguments()) {
+      const text = arg.getText();
+      if (matchesSource(text, sourceRes)) {
+        return `'${text}' is passed directly to ${name}(...) \u2014 tainted values must not reach this sink.`;
+      }
+      for (const tv of taintedNames) {
+        if (wordIn(text, tv)) {
+          return `'${tv}' (a tainted value) is passed to ${name}(...) \u2014 tainted values must not reach this sink.`;
+        }
+      }
+    }
+  }
+  return void 0;
+}
+function resolveFunction(sourceFile, name) {
+  const local = sourceFile.getFunction(name);
+  if (local) return { fn: local, sf: sourceFile };
+  for (const imp of sourceFile.getImportDeclarations()) {
+    const named2 = imp.getNamedImports().find((ni) => (ni.getAliasNode()?.getText() ?? ni.getName()) === name);
+    if (!named2) continue;
+    const targetSf = imp.getModuleSpecifierSourceFile();
+    if (!targetSf) continue;
+    const targetFn = targetSf.getFunction(named2.getName());
+    if (targetFn) return { fn: targetFn, sf: targetSf };
+  }
+  return void 0;
+}
+function findForwardLeak(fn, rootName, sinkCalls, sourceRes, taintedNames, hopsLeft, visited) {
+  if (hopsLeft <= 0) return void 0;
+  for (const call of fn.getDescendantsOfKind(SyntaxKind7.CallExpression)) {
+    const name = calleeIdentifierName(call);
+    if (!name || name === rootName) continue;
+    const args = call.getArguments();
+    const taintedArgIndices = [];
+    args.forEach((arg, i) => {
+      const text = arg.getText();
+      if (matchesSource(text, sourceRes)) {
+        taintedArgIndices.push(i);
+        return;
+      }
+      for (const tv of taintedNames) {
+        if (wordIn(text, tv)) {
+          taintedArgIndices.push(i);
+          return;
+        }
+      }
+    });
+    if (taintedArgIndices.length === 0) continue;
+    const resolved = resolveFunction(fn.getSourceFile(), name);
+    if (!resolved) continue;
+    const key = `${resolved.sf.getFilePath()}::${name}`;
+    if (visited.has(key)) continue;
+    visited.add(key);
+    const params = resolved.fn.getParameters().map((pr) => pr.getName());
+    const calleeTainted = new Set(
+      taintedArgIndices.map((i) => params[i]).filter((x) => !!x)
+    );
+    if (calleeTainted.size === 0) continue;
+    const direct = findDirectLeak(resolved.fn, sinkCalls, sourceRes, calleeTainted);
+    if (direct) {
+      const where = resolved.sf === fn.getSourceFile() ? "" : ` (in ${resolved.sf.getFilePath()})`;
+      return `A tainted value flows into '${name}(...)'${where}, where ${direct}`;
+    }
+    const deeper = findForwardLeak(resolved.fn, rootName, sinkCalls, sourceRes, calleeTainted, hopsLeft - 1, visited);
+    if (deeper) return `via '${name}(...)': ${deeper}`;
+  }
+  return void 0;
+}
+function paramsUsedInSink(fn, sinkCalls) {
+  const params = new Set(fn.getParameters().map((p) => p.getName()));
+  const sinked = /* @__PURE__ */ new Set();
+  for (const call of fn.getDescendantsOfKind(SyntaxKind7.CallExpression)) {
+    if (!sinkCalls.has(calleeName(call))) continue;
+    for (const arg of call.getArguments()) {
+      const text = arg.getText();
+      for (const p of params) {
+        if (wordIn(text, p)) sinked.add(p);
+      }
+    }
+  }
+  return sinked;
+}
+function enclosingFunction(node) {
+  return node.getFirstAncestor(
+    (a) => a.getKind() === SyntaxKind7.FunctionDeclaration || a.getKind() === SyntaxKind7.ArrowFunction
+  );
+}
+function findBackwardLeak(candidateFn, fnName, candidateFile, params, sinkedParams, sourceRes) {
+  const project = candidateFn.getProject();
+  for (const sf of project.getSourceFiles()) {
+    for (const call of sf.getDescendantsOfKind(SyntaxKind7.CallExpression)) {
+      if (calleeIdentifierName(call) !== fnName) continue;
+      if (call.getFirstAncestor((a) => a === candidateFn)) continue;
+      const args = call.getArguments();
+      for (const pname of sinkedParams) {
+        const idx = params.indexOf(pname);
+        const arg = args[idx];
+        if (!arg) continue;
+        const text = arg.getText();
+        if (matchesSource(text, sourceRes)) {
+          return `'${fnName}' is called from ${sf.getFilePath()}:${call.getStartLineNumber()} with '${text}' as '${pname}', which this function passes to a sink.`;
+        }
+        if (arg.getKind() === SyntaxKind7.Identifier) {
+          const callerFn = enclosingFunction(arg);
+          if (callerFn) {
+            const callerTainted = localTaintedNames(callerFn, sourceRes);
+            if (callerTainted.has(text)) {
+              return `'${fnName}' is called from ${sf.getFilePath()}:${call.getStartLineNumber()} with '${text}' (a tainted value) as '${pname}', which this function passes to a sink.`;
+            }
+          }
+        }
+      }
+    }
+  }
+  return void 0;
+}
+var taintToSink = (c, p) => {
+  const sourceRes = p.sources.map((s) => new RegExp(s.pattern));
+  const sinkCalls = new Set(p.sinkCalls ?? []);
+  const maxHops = p.maxHops ?? 2;
+  const fn = c.fn;
+  const taintedNames = localTaintedNames(fn, sourceRes);
+  const direct = findDirectLeak(fn, sinkCalls, sourceRes, taintedNames);
+  if (direct) return { result: "fail", detail: direct };
+  const forward = findForwardLeak(fn, c.fnName, sinkCalls, sourceRes, taintedNames, maxHops, /* @__PURE__ */ new Set([
+    `${fn.getSourceFile().getFilePath()}::${c.fnName}`
+  ]));
+  if (forward) return { result: "fail", detail: forward };
+  const sinkedParams = paramsUsedInSink(fn, sinkCalls);
+  if (sinkedParams.size > 0) {
+    const backward = findBackwardLeak(
+      fn,
+      c.fnName,
+      c.filePath,
+      fn.getParameters().map((pr) => pr.getName()),
+      sinkedParams,
+      sourceRes
+    );
+    if (backward) return { result: "fail", detail: backward };
+  }
+  return { result: "pass", detail: "No tracked source value flows to a sink within the analyzed call graph." };
+};
+
 // src/checkers/index.ts
 var registry = {
   "positional-arg-identity": positionalArgIdentity,
@@ -495,7 +670,8 @@ var registry = {
   "arg-equals-constant-identifier": argEqualsConstantIdentifier,
   "object-arg-property-literal-equals": objectArgPropertyLiteralEquals,
   "anchor-init-if-needed-guarded": anchorInitIfNeededGuarded,
-  "env-secrets-committed": envSecretsCommitted
+  "env-secrets-committed": envSecretsCommitted,
+  "taint-to-sink": taintToSink
 };
 function runChecker(kind, c, params) {
   const fn = registry[kind];
@@ -711,7 +887,7 @@ function findRustCandidates(targetDir, rule) {
 }
 
 // src/fixers/positionalArgIdentity.ts
-import { SyntaxKind as SyntaxKind7 } from "ts-morph";
+import { SyntaxKind as SyntaxKind8 } from "ts-morph";
 
 // src/fixers/diffUtil.ts
 function buildDiff(node, replacement) {
@@ -736,9 +912,9 @@ function buildDiff(node, replacement) {
 // src/fixers/positionalArgIdentity.ts
 var fixPositionalArgIdentity = (c, p, outcome) => {
   if (outcome.result !== "fail") return void 0;
-  const calls = c.fn.getDescendantsOfKind(SyntaxKind7.CallExpression).filter((call) => {
+  const calls = c.fn.getDescendantsOfKind(SyntaxKind8.CallExpression).filter((call) => {
     const exp = call.getExpression();
-    return exp.getKind() === SyntaxKind7.PropertyAccessExpression && exp.asKind(SyntaxKind7.PropertyAccessExpression).getName() === p.call;
+    return exp.getKind() === SyntaxKind8.PropertyAccessExpression && exp.asKind(SyntaxKind8.PropertyAccessExpression).getName() === p.call;
   });
   if (calls.length === 0) {
     const wantParam2 = c.params[p.paramIndex] ?? "<rawBodyParam>";
@@ -753,7 +929,7 @@ Do not call JSON.parse() on the body before this verification step.`
   }
   const arg = calls[0].getArguments()[p.argIndex];
   const wantParam = c.params[p.paramIndex];
-  if (arg && wantParam && arg.getKind() === SyntaxKind7.CallExpression) {
+  if (arg && wantParam && arg.getKind() === SyntaxKind8.CallExpression) {
     return {
       summary: `Pass the raw body parameter '${wantParam}' to ${p.call} instead of a parsed value`,
       diff: buildDiff(arg, wantParam)
@@ -763,12 +939,12 @@ Do not call JSON.parse() on the body before this verification step.`
 };
 
 // src/fixers/requiredCallWithOptions.ts
-import { SyntaxKind as SyntaxKind8 } from "ts-morph";
+import { SyntaxKind as SyntaxKind9 } from "ts-morph";
 function callName4(call) {
   const exp = call.getExpression();
-  if (exp.getKind() === SyntaxKind8.Identifier) return exp.getText();
-  if (exp.getKind() === SyntaxKind8.PropertyAccessExpression) {
-    return exp.asKind(SyntaxKind8.PropertyAccessExpression).getName();
+  if (exp.getKind() === SyntaxKind9.Identifier) return exp.getText();
+  if (exp.getKind() === SyntaxKind9.PropertyAccessExpression) {
+    return exp.asKind(SyntaxKind9.PropertyAccessExpression).getName();
   }
   return "";
 }
@@ -786,15 +962,15 @@ function placeholderFor(propName) {
 }
 var fixRequiredCallWithOptions = (c, p, outcome) => {
   if (outcome.result !== "fail") return void 0;
-  const calls = c.fn.getDescendantsOfKind(SyntaxKind8.CallExpression);
+  const calls = c.fn.getDescendantsOfKind(SyntaxKind9.CallExpression);
   const verify = calls.filter((x) => p.verifyCalls.includes(callName4(x)));
   if (verify.length > 0) {
     const call = verify[0];
     const args = call.getArguments();
     const lastArg = args[args.length - 1];
-    const obj = lastArg?.asKind(SyntaxKind8.ObjectLiteralExpression);
+    const obj = lastArg?.asKind(SyntaxKind9.ObjectLiteralExpression);
     const presentNames = obj ? obj.getProperties().map((pr) => {
-      const pa = pr.asKind(SyntaxKind8.PropertyAssignment) ?? pr.asKind(SyntaxKind8.ShorthandPropertyAssignment);
+      const pa = pr.asKind(SyntaxKind9.PropertyAssignment) ?? pr.asKind(SyntaxKind9.ShorthandPropertyAssignment);
       return pa?.getName() ?? "";
     }) : [];
     const missingGroups = p.requiredProps.filter(
@@ -1730,7 +1906,7 @@ function renderTrustGraphMd(g) {
 }
 
 // src/costAnalysis.ts
-import { Project as Project2, SyntaxKind as SyntaxKind9 } from "ts-morph";
+import { Project as Project2, SyntaxKind as SyntaxKind10 } from "ts-morph";
 var LAMPORTS_PER_BYTE_YEAR = 3480;
 var EXEMPTION_THRESHOLD = 2;
 var OVERHEAD_BYTES = 128;
@@ -1811,11 +1987,11 @@ var KNOWN_FLOWS = [
   }
 ];
 var LOOP_NODE_KINDS = /* @__PURE__ */ new Set([
-  SyntaxKind9.ForStatement,
-  SyntaxKind9.ForOfStatement,
-  SyntaxKind9.ForInStatement,
-  SyntaxKind9.WhileStatement,
-  SyntaxKind9.DoStatement
+  SyntaxKind10.ForStatement,
+  SyntaxKind10.ForOfStatement,
+  SyntaxKind10.ForInStatement,
+  SyntaxKind10.WhileStatement,
+  SyntaxKind10.DoStatement
 ]);
 var ARRAY_METHOD_LOOPS = /* @__PURE__ */ new Set(["map", "forEach", "flatMap", "reduce", "filter"]);
 function isInsideLoop(node) {
@@ -1823,12 +1999,12 @@ function isInsideLoop(node) {
   while (cur) {
     const k = cur.getKind?.();
     if (k !== void 0 && LOOP_NODE_KINDS.has(k)) {
-      return { scalable: true, note: `call is inside a ${SyntaxKind9[k]} \u2014 cost scales with loop iterations` };
+      return { scalable: true, note: `call is inside a ${SyntaxKind10[k]} \u2014 cost scales with loop iterations` };
     }
-    if (k === SyntaxKind9.CallExpression) {
+    if (k === SyntaxKind10.CallExpression) {
       const expr = cur.getExpression?.();
-      if (expr?.getKind?.() === SyntaxKind9.PropertyAccessExpression) {
-        const name = expr.asKind?.(SyntaxKind9.PropertyAccessExpression)?.getName?.();
+      if (expr?.getKind?.() === SyntaxKind10.PropertyAccessExpression) {
+        const name = expr.asKind?.(SyntaxKind10.PropertyAccessExpression)?.getName?.();
         if (name && ARRAY_METHOD_LOOPS.has(name)) {
           return { scalable: true, note: `call is inside .${name}() \u2014 cost scales with array length` };
         }
@@ -1842,7 +2018,7 @@ function detectPriorityFee(targetDir) {
   const project = new Project2({ skipAddingFilesFromTsConfig: true });
   for (const file of walk(targetDir)) {
     const sf = project.addSourceFileAtPath(file);
-    const calls = sf.getDescendantsOfKind(SyntaxKind9.CallExpression);
+    const calls = sf.getDescendantsOfKind(SyntaxKind10.CallExpression);
     for (const ce of calls) {
       const expr = ce.getExpression();
       const text = expr.getText();
@@ -1870,13 +2046,13 @@ function detectAccountFlows(targetDir) {
     const importedModules = new Set(
       sf.getImportDeclarations().map((d) => d.getModuleSpecifierValue())
     );
-    for (const ce of sf.getDescendantsOfKind(SyntaxKind9.CallExpression)) {
+    for (const ce of sf.getDescendantsOfKind(SyntaxKind10.CallExpression)) {
       const expr = ce.getExpression();
       let callName5 = null;
-      if (expr.getKind() === SyntaxKind9.Identifier) {
+      if (expr.getKind() === SyntaxKind10.Identifier) {
         callName5 = expr.getText();
-      } else if (expr.getKind() === SyntaxKind9.PropertyAccessExpression) {
-        callName5 = expr.asKind(SyntaxKind9.PropertyAccessExpression).getName();
+      } else if (expr.getKind() === SyntaxKind10.PropertyAccessExpression) {
+        callName5 = expr.asKind(SyntaxKind10.PropertyAccessExpression).getName();
       }
       if (!callName5) continue;
       const known = callIndex.get(callName5);
@@ -2029,6 +2205,34 @@ function startWatch(targetDir, opts = {}) {
   };
 }
 
+// src/fixers/applyDiff.ts
+import { readFileSync as readFileSync7, writeFileSync as writeFileSync2 } from "fs";
+function parseDiff(diff) {
+  const lines = diff.split("\n");
+  const fileLine = lines.find((l) => l.startsWith("+++ b"));
+  if (!fileLine) throw new Error("parseDiff: no '+++ b<path>' line found");
+  const filePath = fileLine.slice("+++ b".length);
+  const hunkLine = lines.find((l) => l.startsWith("@@"));
+  if (!hunkLine) throw new Error("parseDiff: no hunk header found");
+  const m = hunkLine.match(/^@@ -(\d+),(\d+) \+\d+,\d+ @@/);
+  if (!m) throw new Error(`parseDiff: unrecognized hunk header '${hunkLine}'`);
+  const oldStart = Number(m[1]);
+  const oldCount = Number(m[2]);
+  const newLines = lines.filter((l) => l.startsWith("+") && !l.startsWith("+++")).map((l) => l.slice(1));
+  return { filePath, oldStart, oldCount, newLines };
+}
+function applyDiffToFile(diff) {
+  const { filePath, oldStart, oldCount, newLines } = parseDiff(diff);
+  const content = readFileSync7(filePath, "utf8");
+  const fileLines = content.split("\n");
+  const removedLines = diff.split("\n").filter((l) => l.startsWith("-") && !l.startsWith("---")).map((l) => l.slice(1));
+  const actual = fileLines.slice(oldStart - 1, oldStart - 1 + oldCount);
+  if (JSON.stringify(actual) !== JSON.stringify(removedLines)) return false;
+  fileLines.splice(oldStart - 1, oldCount, ...newLines);
+  writeFileSync2(filePath, fileLines.join("\n"));
+  return true;
+}
+
 export {
   findCandidates,
   findConfigCandidates,
@@ -2065,5 +2269,7 @@ export {
   analyzeCosts,
   renderCostReportMd,
   runIncrementalScan,
-  startWatch
+  startWatch,
+  parseDiff,
+  applyDiffToFile
 };

package/dist/cli.js

@@ -1,6 +1,7 @@
 #!/usr/bin/env node
 import {
   analyzeCosts,
+  applyDiffToFile,
   audit,
   buildTrustGraph,
   cacheSize,
@@ -8,11 +9,12 @@ import {
   getChangedRanges,
   isValidSolanaAddress,
   loadProgramCache,
+  parseDiff,
   renderCostReportMd,
   renderTrustGraphMd,
   resolveRules,
   startWatch
-} from "./chunk-P7K7NRVN.js";
+} from "./chunk-XQUQOBXZ.js";
 
 // src/cli.ts
 import { writeFileSync as writeFileSync2, mkdirSync as mkdirSync2 } from "fs";
@@ -90,6 +92,7 @@ function updateMemory(memory, checks2, now = /* @__PURE__ */ new Date()) {
 }
 
 // src/cli.ts
+import { execFileSync } from "child_process";
 var args = process.argv.slice(2);
 if (args[0] === "trust-graph") {
   await runTrustGraph(args.slice(1));
@@ -103,6 +106,10 @@ if (args[0] === "watch") {
   await new Promise(() => {
   });
 }
+if (args[0] === "fix") {
+  await runFix(args.slice(1));
+  process.exit(0);
+}
 var ci = args.includes("--ci");
 var strict = args.includes("--strict");
 var sinceIdx = args.indexOf("--since");
@@ -237,3 +244,78 @@ async function runTrustGraph(argv) {
     console.error(`  program-cache: ${count} entries  (${cp})`);
   }
 }
+async function runFix(argv) {
+  const apply = argv.includes("--apply");
+  const branch = argv.includes("--branch");
+  const targetDir2 = argv.find((a) => !a.startsWith("--")) ?? process.cwd();
+  const rules2 = resolveRules(targetDir2);
+  const { checks: before } = audit(targetDir2, rules2);
+  const fixable = before.filter((c) => c.result === "fail" && c.fix?.diff);
+  if (fixable.length === 0) {
+    console.log("brainblast fix: no mechanical fixes available (no FAIL ships a fix.diff).");
+    const others = before.filter((c) => c.result === "fail" && c.fix?.suggestion);
+    for (const c of others) {
+      console.log(`  [GUIDANCE] ${c.ruleId}  ${c.file}:${c.line}`);
+      console.log(`             ${c.fix.summary}`);
+    }
+    return;
+  }
+  console.log(`brainblast fix: ${fixable.length} mechanical fix(es) found.`);
+  for (const c of fixable) {
+    console.log(`  [${apply ? "APPLY" : "DRY-RUN"}] ${c.ruleId}  ${c.file}:${c.line} \u2014 ${c.fix.summary}`);
+  }
+  if (!apply) {
+    console.log("\nRe-run with --apply to write these changes to disk.");
+    return;
+  }
+  const byFile = /* @__PURE__ */ new Map();
+  for (const c of fixable) {
+    const file = parseDiff(c.fix.diff).filePath;
+    byFile.set(file, [...byFile.get(file) ?? [], c]);
+  }
+  let applied = 0;
+  let skipped = 0;
+  for (const [, group] of byFile) {
+    const sorted = [...group].sort((a, b) => parseDiff(b.fix.diff).oldStart - parseDiff(a.fix.diff).oldStart);
+    for (const c of sorted) {
+      const ok = applyDiffToFile(c.fix.diff);
+      if (ok) applied++;
+      else {
+        skipped++;
+        console.log(`  [SKIP] ${c.ruleId}  ${c.file}:${c.line} \u2014 file no longer matches the fix's expected range`);
+      }
+    }
+  }
+  console.log(`
+Applied ${applied} fix(es)${skipped ? `, skipped ${skipped}` : ""}.`);
+  const { checks: after } = audit(targetDir2, rules2);
+  const stillFailing = fixable.filter((c) => {
+    const a = after.find((x) => x.ruleId === c.ruleId && x.file === c.file && x.exportName === c.exportName);
+    return a?.result === "fail";
+  });
+  if (stillFailing.length > 0) {
+    console.log(`
+Warning: ${stillFailing.length} fix(es) applied but the rule still fails:`);
+    for (const c of stillFailing) console.log(`  ${c.ruleId}  ${c.file}:${c.line}`);
+  } else if (applied > 0) {
+    console.log("All applied fixes now pass (or cant_tell) on re-audit. \u2713");
+  }
+  if (branch && applied > 0) {
+    const ts = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
+    const branchName = `brainblast/auto-fix-${ts}`;
+    try {
+      execFileSync("git", ["checkout", "-b", branchName], { cwd: targetDir2, stdio: "ignore" });
+      execFileSync("git", ["add", "-A"], { cwd: targetDir2, stdio: "ignore" });
+      execFileSync(
+        "git",
+        ["commit", "-q", "-m", `brainblast fix: apply ${applied} mechanical fix(es)`],
+        { cwd: targetDir2, stdio: "ignore" }
+      );
+      console.log(`
+Committed to new branch '${branchName}'.`);
+    } catch (e) {
+      console.error(`
+Warning: could not create branch/commit: ${e.message ?? e}`);
+    }
+  }
+}

package/dist/index.d.ts

@@ -276,6 +276,15 @@ declare function startWatch(targetDir: string, opts?: WatchOptions): {
     close: () => void;
 };
 
+interface ParsedDiff {
+    filePath: string;
+    oldStart: number;
+    oldCount: number;
+    newLines: string[];
+}
+declare function parseDiff(diff: string): ParsedDiff;
+declare function applyDiffToFile(diff: string): boolean;
+
 type UpgradeAuthorityKind = "renounced" | "single-key" | "multisig" | "dao" | "unknown";
 type UpgradeAuthoritySource = "directory" | "rpc" | "research";
 interface UpgradeAuthority {
@@ -405,4 +414,4 @@ declare function isEntryExpired(entry: ProgramCacheEntry, ttlHoursOverride?: num
  */
 declare function cacheSize(cache: ProgramCache, ttlHoursOverride?: number): number;
 
-export { type AccountFlow, type AuditRef, type BuildOpts, type Candidate, type ChangedRanges, type CheckOutcome, type CheckResult, type CheckResultKind, type Checker, type ConfigCandidate, type ConfigChecker, type CostReport, DEFAULT_TTL_HOURS, type OnChainProgram, type ParityNote, type PriorityFeePosture, type ProgramCache, type ProgramCacheEntry, type Recoverability, type Rule, type RustAccountField, type RustCandidate, type RustChecker, type Severity, type TrustGraph, type UpgradeAuthority, type UpgradeAuthorityKind, type UpgradeAuthoritySource, type VerifiedBuildState, type WatchEvent, type WatchOptions, analyzeCosts, audit, auditWithRule, base58Decode, base58Encode, buildTrustGraph, rules as bundledRules, cacheSize, checkerKinds, defaultCachePath, fileChanged, findCandidates, findConfigCandidates, generateTestForResult, getCacheEntry, getCacheEntryMeta, getChangedRanges, getWorkingTreeChanges, isEntryExpired, isValidSolanaAddress, lamportsToSol, loadDirectory, loadProgramCache, loadRules, putCacheEntry, rangeChanged, renderCostReportMd, renderTest, renderTrustGraphMd, rentExemptMinimum, resolveRules, runChecker, runIncrementalScan, saveProgramCache, startWatch, testKinds };
+export { type AccountFlow, type AuditRef, type BuildOpts, type Candidate, type ChangedRanges, type CheckOutcome, type CheckResult, type CheckResultKind, type Checker, type ConfigCandidate, type ConfigChecker, type CostReport, DEFAULT_TTL_HOURS, type OnChainProgram, type ParityNote, type ParsedDiff, type PriorityFeePosture, type ProgramCache, type ProgramCacheEntry, type Recoverability, type Rule, type RustAccountField, type RustCandidate, type RustChecker, type Severity, type TrustGraph, type UpgradeAuthority, type UpgradeAuthorityKind, type UpgradeAuthoritySource, type VerifiedBuildState, type WatchEvent, type WatchOptions, analyzeCosts, applyDiffToFile, audit, auditWithRule, base58Decode, base58Encode, buildTrustGraph, rules as bundledRules, cacheSize, checkerKinds, defaultCachePath, fileChanged, findCandidates, findConfigCandidates, generateTestForResult, getCacheEntry, getCacheEntryMeta, getChangedRanges, getWorkingTreeChanges, isEntryExpired, isValidSolanaAddress, lamportsToSol, loadDirectory, loadProgramCache, loadRules, parseDiff, putCacheEntry, rangeChanged, renderCostReportMd, renderTest, renderTrustGraphMd, rentExemptMinimum, resolveRules, runChecker, runIncrementalScan, saveProgramCache, startWatch, testKinds };

package/dist/index.js

@@ -1,6 +1,7 @@
 import {
   DEFAULT_TTL_HOURS,
   analyzeCosts,
+  applyDiffToFile,
   audit,
   auditWithRule,
   base58Decode,
@@ -22,6 +23,7 @@ import {
   loadDirectory,
   loadProgramCache,
   loadRules,
+  parseDiff,
   putCacheEntry,
   rangeChanged,
   renderCostReportMd,
@@ -35,7 +37,7 @@ import {
   saveProgramCache,
   startWatch,
   testKinds
-} from "./chunk-P7K7NRVN.js";
+} from "./chunk-XQUQOBXZ.js";
 
 // src/generate.ts
 import { writeFileSync, mkdirSync } from "fs";
@@ -53,6 +55,7 @@ function generateTestForResult(result, rule, outPath) {
 export {
   DEFAULT_TTL_HOURS,
   analyzeCosts,
+  applyDiffToFile,
   audit,
   auditWithRule,
   base58Decode,
@@ -76,6 +79,7 @@ export {
   loadDirectory,
   loadProgramCache,
   loadRules,
+  parseDiff,
   putCacheEntry,
   rangeChanged,
   renderCostReportMd,

package/dist/rules/env-secret-leaked-to-sink.yaml

@@ -0,0 +1,47 @@
+# Pure-data rule (facts). Binds to vetted templates by `check.kind`/`test.kind`.
+id: env-secret-leaked-to-sink
+severity: high
+title: Secret-shaped environment value flows to a logging/response sink
+component:
+  name: Environment configuration
+  type: Config
+  version: unversioned
+  sourceUrl: https://12factor.net/config
+detect:
+  lang: typescript
+  modules: []
+  # Never matches by name alone — only the triggerCalls (sink calls) below
+  # select candidates. Keeps this from firing on every function in a repo.
+  nameRegex: "(?!)"
+  triggerCalls:
+    - log
+    - error
+    - warn
+    - info
+    - debug
+    - json
+    - send
+    - write
+    - end
+  requiresImport: false
+check:
+  kind: taint-to-sink
+  params:
+    sources:
+      - name: env-secret
+        # Secret-shaped process.env.X reads.
+        pattern: "process\\.env\\.[A-Za-z0-9_]*(SECRET|PRIVATE_KEY|API_KEY|ACCESS_KEY|TOKEN|PASSWORD|CREDENTIAL)[A-Za-z0-9_]*"
+    sinkCalls:
+      - log
+      - error
+      - warn
+      - info
+      - debug
+      - json
+      - send
+      - write
+      - end
+    # Same-file or imported-module hops to follow before/after the candidate.
+    maxHops: 2
+test:
+  kind: none

package/dist/rules/request-input-command-injection.yaml

@@ -0,0 +1,42 @@
+# Pure-data rule (facts). Binds to vetted templates by `check.kind`/`test.kind`.
+id: request-input-command-injection
+severity: critical
+title: Untrusted request input flows into a shell command
+component:
+  name: Node.js child_process
+  type: API
+  version: unversioned
+  sourceUrl: https://nodejs.org/api/child_process.html
+detect:
+  lang: typescript
+  modules: []
+  # Never matches by name alone — only the triggerCalls (sink calls) below
+  # select candidates.
+  nameRegex: "(?!)"
+  triggerCalls:
+    - exec
+    - execSync
+    - spawn
+    - spawnSync
+    - execFile
+    - execFileSync
+  requiresImport: false
+check:
+  kind: taint-to-sink
+  params:
+    sources:
+      - name: request-input
+        # req.body / req.query / req.params / req.headers (any object named
+        # req/request) — the canonical "untrusted user input" surface for an
+        # HTTP handler.
+        pattern: "\\b(req|request)\\.(body|query|params|headers)\\b"
+    sinkCalls:
+      - exec
+      - execSync
+      - spawn
+      - spawnSync
+      - execFile
+      - execFileSync
+    maxHops: 2
+test:
+  kind: none

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "brainblast",
-  "version": "0.4.1",
+  "version": "0.4.3",
   "type": "module",
   "description": "Deterministic auditor for catastrophic AI-integration bugs: scan a repo, find the silent money/auth traps, and generate the behavioral test that proves they're fixed.",
   "keywords": [