brainblast 0.6.3 → 0.7.0

package/dist/chunk-UWE6HAGS.js

@@ -0,0 +1,176 @@
+import {
+  buildTrustGraph
+} from "./chunk-SVSVVW6U.js";
+
+// src/score.ts
+var W_AUTHORITY = 35;
+var W_VERIFIED = 25;
+var W_AUDITS = 20;
+var W_CURATION = 10;
+var W_PARITY = 10;
+function scoreAuthority(ua) {
+  let points;
+  let detail;
+  switch (ua.kind) {
+    case "renounced":
+      points = W_AUTHORITY;
+      detail = "Upgrade authority renounced \u2014 program code is frozen forever.";
+      break;
+    case "dao":
+      points = 30;
+      detail = "Upgrade authority held by a governance program (DAO).";
+      break;
+    case "multisig":
+      points = 26;
+      detail = "Upgrade authority held by a multisig.";
+      break;
+    case "unknown":
+      if (ua.address) {
+        points = 12;
+        detail = `Upgrade authority present but unclassified (${ua.address}). Could be a single hot key.`;
+      } else {
+        points = 10;
+        detail = "Upgrade authority could not be determined.";
+      }
+      break;
+    case "single-key":
+    default:
+      points = 8;
+      detail = "Upgrade authority is a single key \u2014 it can replace the program's code at any time.";
+      break;
+  }
+  return { name: "Upgrade authority", weight: W_AUTHORITY, points, detail };
+}
+function scoreVerified(vb) {
+  let points;
+  let detail;
+  switch (vb.state) {
+    case "verified":
+      points = W_VERIFIED;
+      detail = `On-chain bytecode matches a published source build (${vb.registryUrl}).`;
+      break;
+    case "unverified":
+      points = 2;
+      detail = "Not present in any verified-build registry we trust.";
+      break;
+    case "unknown":
+    default:
+      points = 8;
+      detail = "Verified-build status not checked.";
+      break;
+  }
+  return { name: "Verified build", weight: W_VERIFIED, points, detail };
+}
+function scoreAudits(audits) {
+  let points = 0;
+  let detail = "No audits on record.";
+  if (audits.length >= 2) {
+    points = W_AUDITS;
+    detail = `${audits.length} audits on record (${audits.map((a) => a.firm).join(", ")}).`;
+  } else if (audits.length === 1) {
+    points = 16;
+    detail = `One audit on record (${audits[0].firm}, ${audits[0].date}).`;
+  }
+  return { name: "Audits", weight: W_AUDITS, points, detail };
+}
+function scoreCuration(program) {
+  const curated = program.upgradeAuthority.source === "directory" || !!program.provenance?.directoryFile;
+  return {
+    name: "Curation",
+    weight: W_CURATION,
+    points: curated ? W_CURATION : 0,
+    detail: curated ? "Listed in the curated program directory (known entity)." : "Not in the curated directory \u2014 identity is not independently corroborated."
+  };
+}
+function scoreParity(parity) {
+  let points;
+  let detail;
+  switch (parity.mainnet) {
+    case "present":
+      points = W_PARITY;
+      detail = "Deployed on mainnet as expected.";
+      break;
+    case "unknown":
+      points = 5;
+      detail = "Cross-cluster parity not checked.";
+      break;
+    default:
+      points = 0;
+      detail = `Mainnet deployment is '${parity.mainnet}' \u2014 possible devnet-only or address mismatch.`;
+      break;
+  }
+  return { name: "Cluster parity", weight: W_PARITY, points, detail };
+}
+function gradeForScore(score) {
+  if (score >= 90) return "A";
+  if (score >= 75) return "B";
+  if (score >= 60) return "C";
+  if (score >= 40) return "D";
+  return "F";
+}
+function scoreFromProgram(program) {
+  const factors = [
+    scoreAuthority(program.upgradeAuthority),
+    scoreVerified(program.verifiedBuild),
+    scoreAudits(program.audits ?? []),
+    scoreCuration(program),
+    scoreParity(program.parity ?? { mainnet: "unknown", devnet: "unknown" })
+  ];
+  const score = factors.reduce((s, f) => s + f.points, 0);
+  const grade = gradeForScore(score);
+  return {
+    programId: program.programId,
+    resolved: true,
+    score,
+    grade,
+    factors,
+    program,
+    summary: `${program.name} \u2014 grade ${grade} (${score}/100). ` + factors.find((f) => f.name === "Upgrade authority").detail
+  };
+}
+async function scoreProgram(programId, opts = {}) {
+  const graph = await buildTrustGraph([programId], opts);
+  const program = graph.programs.find((p) => p.programId === programId);
+  if (!program) {
+    const reason = graph.unresolved.find((u) => u.programId === programId)?.reason ?? "not resolved";
+    return {
+      programId,
+      resolved: false,
+      score: null,
+      grade: "unrated",
+      factors: [],
+      summary: `Could not resolve program ${programId}: ${reason}`,
+      unresolvedReason: reason
+    };
+  }
+  return scoreFromProgram(program);
+}
+function renderScoreText(s) {
+  if (!s.resolved) {
+    return `Trust score  [unrated]
+  ${s.summary}`;
+  }
+  const lines = [];
+  lines.push(`Trust score  [${s.grade}]  ${s.score}/100`);
+  lines.push(`  Program: ${s.program?.name ?? s.programId}`);
+  lines.push(`  Address: ${s.programId}`);
+  lines.push("");
+  lines.push("  Factors:");
+  for (const f of s.factors) {
+    lines.push(`    ${f.points}/${f.weight}  ${f.name} \u2014 ${f.detail}`);
+  }
+  return lines.join("\n");
+}
+function gradeAtLeast(grade, min) {
+  const order = { F: 0, D: 1, C: 2, B: 3, A: 4 };
+  if (grade === "unrated") return false;
+  return order[grade] >= order[min];
+}
+
+export {
+  gradeForScore,
+  scoreFromProgram,
+  scoreProgram,
+  renderScoreText,
+  gradeAtLeast
+};

package/dist/chunk-VG5FMOLW.js

@@ -0,0 +1,61 @@
+// src/trustGraph/base58.ts
+var ALPHA = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+var MAP = {};
+for (let i = 0; i < ALPHA.length; i++) MAP[ALPHA[i]] = i;
+function base58Encode(bytes) {
+  let zeros = 0;
+  while (zeros < bytes.length && bytes[zeros] === 0) zeros++;
+  const buf = Array.from(bytes);
+  const out = [];
+  let start = zeros;
+  while (start < buf.length) {
+    let rem = 0;
+    for (let i = start; i < buf.length; i++) {
+      const acc = rem * 256 + buf[i];
+      buf[i] = Math.floor(acc / 58);
+      rem = acc % 58;
+    }
+    out.push(rem);
+    if (buf[start] === 0) start++;
+  }
+  let s = "";
+  for (let i = 0; i < zeros; i++) s += "1";
+  for (let i = out.length - 1; i >= 0; i--) s += ALPHA[out[i]];
+  return s;
+}
+function base58Decode(s) {
+  let zeros = 0;
+  while (zeros < s.length && s[zeros] === "1") zeros++;
+  const buf = [];
+  for (let i = zeros; i < s.length; i++) {
+    const v = MAP[s[i]];
+    if (v === void 0) throw new Error(`base58: invalid char '${s[i]}' at ${i}`);
+    let carry = v;
+    for (let j = 0; j < buf.length; j++) {
+      const acc = buf[j] * 58 + carry;
+      buf[j] = acc & 255;
+      carry = acc >>> 8;
+    }
+    while (carry > 0) {
+      buf.push(carry & 255);
+      carry >>>= 8;
+    }
+  }
+  const out = new Uint8Array(zeros + buf.length);
+  for (let i = 0; i < buf.length; i++) out[zeros + buf.length - 1 - i] = buf[i];
+  return out;
+}
+function isValidSolanaAddress(s) {
+  if (typeof s !== "string" || s.length < 32 || s.length > 44) return false;
+  try {
+    return base58Decode(s).length === 32;
+  } catch {
+    return false;
+  }
+}
+
+export {
+  base58Encode,
+  base58Decode,
+  isValidSolanaAddress
+};

package/dist/chunk-VI2JBH2T.js

@@ -0,0 +1,79 @@
+import {
+  CANONICAL_BY_MINT,
+  CANONICAL_MINTS
+} from "./chunk-2XJORJPQ.js";
+
+// src/tokenRegistry.ts
+async function jupiterLookup(mint, baseUrl) {
+  const url = `${baseUrl ?? "https://tokens.jup.ag"}/token/${mint}`;
+  try {
+    const res = await fetch(url, { signal: AbortSignal.timeout(1e4) });
+    if (res.status === 404) return null;
+    if (!res.ok) return null;
+    return await res.json();
+  } catch {
+    return null;
+  }
+}
+function detectImpersonation(resolvedSymbol) {
+  if (!resolvedSymbol) return { impersonation: false };
+  const upper = resolvedSymbol.toUpperCase();
+  const canonical = CANONICAL_MINTS[upper];
+  if (!canonical) return { impersonation: false };
+  return { impersonation: true, canonicalMint: canonical.mint };
+}
+async function verifyTokenIdentity(mint, opts = {}) {
+  const bundled = CANONICAL_BY_MINT[mint];
+  if (bundled) {
+    const expectMismatch2 = opts.expectSymbol ? opts.expectSymbol.toUpperCase() !== bundled.symbol.toUpperCase() : void 0;
+    return {
+      mint,
+      status: "verified-canonical",
+      symbol: bundled.symbol,
+      name: bundled.name,
+      source: "bundled",
+      impersonation: false,
+      expectMismatch: expectMismatch2 ?? void 0
+    };
+  }
+  if (opts.offline) {
+    const { impersonation: impersonation2, canonicalMint: canonicalMint2 } = detectImpersonation(opts.claimedSymbol);
+    return {
+      mint,
+      status: "unverified",
+      source: "none",
+      impersonation: impersonation2,
+      canonicalMint: canonicalMint2,
+      detail: "offline mode \u2014 Jupiter lookup skipped"
+    };
+  }
+  const jup = await jupiterLookup(mint, opts.baseUrl);
+  if (!jup) {
+    const { impersonation: impersonation2, canonicalMint: canonicalMint2 } = detectImpersonation(opts.claimedSymbol);
+    return {
+      mint,
+      status: "unknown",
+      source: "none",
+      impersonation: impersonation2,
+      canonicalMint: canonicalMint2
+    };
+  }
+  const resolvedSymbol = jup.symbol ?? opts.claimedSymbol;
+  const { impersonation, canonicalMint } = detectImpersonation(resolvedSymbol);
+  const expectMismatch = opts.expectSymbol ? opts.expectSymbol.toUpperCase() !== (resolvedSymbol ?? "").toUpperCase() : void 0;
+  const status = impersonation ? "unverified" : "verified";
+  return {
+    mint,
+    status,
+    symbol: jup.symbol,
+    name: jup.name,
+    source: "jupiter",
+    impersonation,
+    canonicalMint,
+    expectMismatch: expectMismatch ?? void 0
+  };
+}
+
+export {
+  verifyTokenIdentity
+};

package/dist/chunk-WX3IR7LK.js

@@ -0,0 +1,148 @@
+import {
+  analyzeToken
+} from "./chunk-FQA5BYWW.js";
+import {
+  verifyTokenIdentity
+} from "./chunk-VI2JBH2T.js";
+import {
+  getAccountInfo
+} from "./chunk-XSVQSK53.js";
+import {
+  base58Encode
+} from "./chunk-VG5FMOLW.js";
+
+// src/pumpCheck.ts
+function readU32LE(d, o) {
+  return d[o] | d[o + 1] << 8 | d[o + 2] << 16 | d[o + 3] << 24;
+}
+function readU64LE(d, o) {
+  let v = 0n;
+  for (let i = 7; i >= 0; i--) v = v << 8n | BigInt(d[o + i]);
+  return v;
+}
+function parseMintAccount(data) {
+  if (data.length < 82) throw new Error(`not an SPL mint account (got ${data.length} bytes, need \u226582)`);
+  const mintAuthOption = readU32LE(data, 0);
+  const freezeAuthOption = readU32LE(data, 46);
+  return {
+    mintAuthorityRevoked: mintAuthOption === 0,
+    freezeAuthorityRevoked: freezeAuthOption === 0,
+    mintAuthority: mintAuthOption === 1 ? base58Encode(data.subarray(4, 36)) : null,
+    freezeAuthority: freezeAuthOption === 1 ? base58Encode(data.subarray(50, 82)) : null,
+    supply: readU64LE(data, 36).toString(),
+    decimals: data[44],
+    isInitialized: data[45] === 1
+  };
+}
+function verdictFrom(checks) {
+  if (checks.some((c) => c.status === "fail")) return "NO-GO";
+  if (checks.some((c) => c.status === "warn")) return "CAUTION";
+  return "GO";
+}
+async function pumpPreflight(mint, opts = {}) {
+  const failOnRisk = opts.failOnRisk ?? 70;
+  const checks = [];
+  const report = { mint, verdict: "GO", checks };
+  try {
+    const acct = await getAccountInfo(mint, opts);
+    if (!acct) {
+      checks.push({ id: "mint-exists", label: "Mint account exists", status: "fail", detail: "No account found at this address on the selected cluster." });
+    } else {
+      const info = parseMintAccount(acct.data);
+      report.mintInfo = info;
+      checks.push({
+        id: "mint-authority-revoked",
+        label: "Mint authority revoked",
+        status: info.mintAuthorityRevoked ? "pass" : "fail",
+        detail: info.mintAuthorityRevoked ? "Mint authority is revoked \u2014 total supply is fixed." : `Mint authority is LIVE (${info.mintAuthority}). The holder can mint unlimited new supply and dilute every holder.`
+      });
+      checks.push({
+        id: "freeze-authority-revoked",
+        label: "Freeze authority revoked",
+        status: info.freezeAuthorityRevoked ? "pass" : "warn",
+        detail: info.freezeAuthorityRevoked ? "Freeze authority is revoked \u2014 token accounts cannot be frozen." : `Freeze authority is LIVE (${info.freezeAuthority}). The holder can freeze any user's token account.`
+      });
+    }
+  } catch (e) {
+    checks.push({ id: "mint-read", label: "Read mint account", status: "skip", detail: `Could not read mint account: ${e?.message ?? String(e)}` });
+  }
+  try {
+    const identity = await verifyTokenIdentity(mint, { baseUrl: opts.jupBaseUrl, offline: opts.offline });
+    report.identity = identity;
+    checks.push({
+      id: "identity",
+      label: "Token identity",
+      status: identity.impersonation ? "fail" : "pass",
+      detail: identity.impersonation ? `Impersonation: claims symbol '${identity.symbol}' but the canonical mint is ${identity.canonicalMint}.` : `Identity: ${identity.status}${identity.symbol ? ` (${identity.symbol})` : ""}.`
+    });
+  } catch (e) {
+    checks.push({ id: "identity", label: "Token identity", status: "skip", detail: `Identity check failed: ${e?.message ?? String(e)}` });
+  }
+  if (!opts.offline) {
+    const outcome = await analyzeToken(mint, { apiKey: opts.apiKey, baseUrl: opts.ricoBaseUrl });
+    if (outcome.ok) {
+      const q = outcome.result;
+      report.quality = q;
+      checks.push({
+        id: "risk-score",
+        label: "Rico risk score",
+        status: q.riskScore >= failOnRisk ? "fail" : q.riskScore >= 40 ? "warn" : "pass",
+        detail: `Rico risk score ${q.riskScore}/100 (threshold ${failOnRisk}).`
+      });
+      checks.push({
+        id: "snipers",
+        label: "Sniper activity",
+        status: q.snipersDetected ? "warn" : "pass",
+        detail: q.snipersDetected ? `Snipers detected (${(q.sniperPct * 100).toFixed(1)}% of holders).` : "No snipers detected."
+      });
+      checks.push({
+        id: "bundle-clusters",
+        label: "Bundle clusters",
+        status: q.bundleClustersDetected ? "warn" : "pass",
+        detail: q.bundleClustersDetected ? "Bundle launch clusters detected." : "No bundle clusters detected."
+      });
+      checks.push({
+        id: "holders",
+        label: "Holder distribution",
+        status: q.totalHolders < 50 ? "warn" : "pass",
+        detail: `${q.totalHolders} holders${q.cabalCount ? `, ${q.cabalCount} cabal wallet(s)` : ""}.`
+      });
+      if (q.deployerFlags.length) {
+        checks.push({
+          id: "deployer-flags",
+          label: "Deployer flags",
+          status: "warn",
+          detail: `Deployer flags: ${q.deployerFlags.join(", ")}.`
+        });
+      }
+    } else {
+      checks.push({
+        id: "rico-scan",
+        label: "Rico Maps scan",
+        status: "skip",
+        detail: `Quality scan skipped (${outcome.kind}): ${outcome.error}.`
+      });
+    }
+  } else {
+    checks.push({ id: "rico-scan", label: "Rico Maps scan", status: "skip", detail: "Offline mode \u2014 quality scan skipped." });
+  }
+  report.verdict = verdictFrom(checks);
+  return report;
+}
+var STATUS_ICON = { pass: "\u2713", warn: "\u26A0", fail: "\u2717", skip: "\xB7" };
+function renderPreflightText(r) {
+  const lines = [];
+  lines.push(`Launch pre-flight  [${r.verdict}]  ${r.mint}`);
+  if (r.mintInfo) lines.push(`  Supply: ${r.mintInfo.supply}  Decimals: ${r.mintInfo.decimals}`);
+  lines.push("");
+  for (const c of r.checks) {
+    lines.push(`  ${STATUS_ICON[c.status]} ${c.label} \u2014 ${c.detail}`);
+  }
+  return lines.join("\n");
+}
+
+export {
+  parseMintAccount,
+  pumpPreflight,
+  renderPreflightText
+};

package/dist/chunk-XSVQSK53.js

@@ -0,0 +1,100 @@
+import {
+  base58Encode,
+  isValidSolanaAddress
+} from "./chunk-VG5FMOLW.js";
+
+// src/trustGraph/rpc.ts
+var BPF_UPGRADEABLE_LOADER = "BPFLoaderUpgradeab1e11111111111111111111111";
+var BPF_LOADER_2 = "BPFLoader2111111111111111111111111111111111";
+var NATIVE_LOADER = "NativeLoader1111111111111111111111111111111";
+var DEFAULT_RPC = "https://api.mainnet-beta.solana.com";
+async function rpc(method, params, opts) {
+  const url = opts.rpcUrl ?? DEFAULT_RPC;
+  const fetchImpl = opts.fetchImpl ?? fetch;
+  const ac = new AbortController();
+  const t = setTimeout(() => ac.abort(), opts.timeoutMs ?? 1e4);
+  try {
+    const res = await fetchImpl(url, {
+      method: "POST",
+      headers: { "content-type": "application/json" },
+      body: JSON.stringify({ jsonrpc: "2.0", id: 1, method, params }),
+      signal: ac.signal
+    });
+    if (!res.ok) throw new Error(`rpc ${method}: HTTP ${res.status}`);
+    const body = await res.json();
+    if (body.error) throw new Error(`rpc ${method}: ${body.error.message}`);
+    if (body.result === void 0) throw new Error(`rpc ${method}: empty result`);
+    return body.result;
+  } finally {
+    clearTimeout(t);
+  }
+}
+async function getAccountInfo(address, opts = {}) {
+  if (!isValidSolanaAddress(address)) throw new Error(`invalid Solana address: ${address}`);
+  const result = await rpc(
+    "getAccountInfo",
+    [address, { encoding: "base64", commitment: "confirmed" }],
+    opts
+  );
+  if (!result || !result.value) return null;
+  const v = result.value;
+  const [b64] = v.data;
+  return {
+    owner: v.owner,
+    data: Buffer.from(b64, "base64"),
+    executable: v.executable,
+    lamports: v.lamports
+  };
+}
+async function probeUpgradeAuthority(programId, opts = {}) {
+  const acct = await getAccountInfo(programId, opts);
+  if (!acct) {
+    return {
+      kind: "unknown",
+      address: null,
+      source: "rpc",
+      checkedAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+  }
+  if (acct.owner === BPF_LOADER_2 || acct.owner === NATIVE_LOADER) {
+    return {
+      kind: "renounced",
+      address: null,
+      source: "rpc",
+      checkedAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+  }
+  if (acct.owner !== BPF_UPGRADEABLE_LOADER) {
+    throw new Error(
+      `program ${programId} is owned by ${acct.owner}, not a known loader; not a deployed program?`
+    );
+  }
+  if (acct.data.length < 36) throw new Error(`program account too small: ${acct.data.length}`);
+  const tag = acct.data[0] | acct.data[1] << 8 | acct.data[2] << 16 | acct.data[3] << 24;
+  if (tag !== 2) throw new Error(`expected Program (tag=2) state, got tag=${tag}`);
+  const programDataAddr = base58Encode(acct.data.subarray(4, 36));
+  const pd = await getAccountInfo(programDataAddr, opts);
+  if (!pd) {
+    throw new Error(`program ${programId} ProgramData ${programDataAddr} not found`);
+  }
+  if (pd.data.length < 45) throw new Error(`ProgramData account too small: ${pd.data.length}`);
+  const pdTag = pd.data[0] | pd.data[1] << 8 | pd.data[2] << 16 | pd.data[3] << 24;
+  if (pdTag !== 3) throw new Error(`expected ProgramData (tag=3), got tag=${pdTag}`);
+  const optionTag = pd.data[12];
+  const checkedAt = (/* @__PURE__ */ new Date()).toISOString();
+  if (optionTag === 0) {
+    return { kind: "renounced", address: null, source: "rpc", checkedAt };
+  }
+  if (optionTag !== 1) throw new Error(`unexpected Option tag in ProgramData: ${optionTag}`);
+  const authority = base58Encode(pd.data.subarray(13, 45));
+  return { kind: "unknown", address: authority, source: "rpc", checkedAt };
+}
+
+export {
+  BPF_UPGRADEABLE_LOADER,
+  BPF_LOADER_2,
+  NATIVE_LOADER,
+  DEFAULT_RPC,
+  getAccountInfo,
+  probeUpgradeAuthority
+};