brainblast 0.6.3 → 0.7.0

package/dist/cli.js

@@ -2,27 +2,36 @@
 import {
   analyzeCosts,
   applyDiffToFile,
-  buildTrustGraph,
-  cacheSize,
-  defaultCachePath,
   initPack,
   isTelemetryEnabled,
-  isValidSolanaAddress,
-  loadProgramCache,
   parseDiff,
   recordGraduationEvents,
   renderCostReportMd,
-  renderTrustGraphMd,
   startWatch,
   submitTelemetry,
   telemetryFilePath,
   validatePack
-} from "./chunk-ZZ6LBZV5.js";
+} from "./chunk-34VXOLJF.js";
+import {
+  renderTrustGraphMd
+} from "./chunk-2UZGWXIX.js";
+import {
+  buildTrustGraph,
+  cacheSize,
+  defaultCachePath,
+  loadProgramCache
+} from "./chunk-SVSVVW6U.js";
 import {
   audit,
   getChangedRanges,
   resolveRules
-} from "./chunk-A56IF3UX.js";
+} from "./chunk-CRYFCQYM.js";
+import "./chunk-2XJORJPQ.js";
+import "./chunk-O5Z4ZJHC.js";
+import "./chunk-XSVQSK53.js";
+import {
+  isValidSolanaAddress
+} from "./chunk-VG5FMOLW.js";
 import "./chunk-3RG5ZIWI.js";
 
 // src/cli.ts
@@ -119,7 +128,7 @@ if (args[0] === "drift") {
   process.exit(0);
 }
 if (args[0] === "mcp") {
-  const { startMcpServer } = await import("./mcp-AFYJQ7K6.js");
+  const { startMcpServer } = await import("./mcp-ML2X44WE.js");
   await startMcpServer();
   process.exit(0);
 }
@@ -143,6 +152,57 @@ if (args[0] === "watch") {
   await new Promise(() => {
   });
 }
+if (args[0] === "watch-chain") {
+  const rest = args.slice(1);
+  const programId = rest.find((a) => !a.startsWith("--"));
+  if (!programId) {
+    console.error("usage: brainblast watch-chain <program-id> [--rpc URL] [--interval <seconds>] [--limit N]");
+    console.error("  Poll a deployed program for new activity and upgrade-authority changes. Emits NDJSON.");
+    process.exit(2);
+  }
+  const { startChainWatch } = await import("./watchChain-F6INXAPA.js");
+  const rpcIdx = rest.indexOf("--rpc");
+  const rpcUrl = rpcIdx >= 0 ? rest[rpcIdx + 1] : void 0;
+  const intIdx = rest.indexOf("--interval");
+  const intervalMs = intIdx >= 0 ? parseInt(rest[intIdx + 1], 10) * 1e3 : void 0;
+  const limIdx = rest.indexOf("--limit");
+  const limit = limIdx >= 0 ? parseInt(rest[limIdx + 1], 10) : void 0;
+  const handle = startChainWatch(programId, { rpcUrl, intervalMs, limit });
+  process.on("SIGINT", () => {
+    handle.stop();
+    process.exit(0);
+  });
+  process.on("SIGTERM", () => {
+    handle.stop();
+    process.exit(0);
+  });
+  await new Promise(() => {
+  });
+}
+if (args[0] === "rico") {
+  await runRico(args.slice(1));
+  process.exit(0);
+}
+if (args[0] === "firewall") {
+  await runFirewall(args.slice(1));
+  process.exit(0);
+}
+if (args[0] === "idl-rules") {
+  await runIdlRules(args.slice(1));
+  process.exit(0);
+}
+if (args[0] === "score") {
+  await runScore(args.slice(1));
+  process.exit(0);
+}
+if (args[0] === "pump-check") {
+  await runPumpCheck(args.slice(1));
+  process.exit(0);
+}
+if (args[0] === "batch") {
+  await runBatch(args.slice(1));
+  process.exit(0);
+}
 if (args[0] === "fix") {
   await runFix(args.slice(1));
   process.exit(0);
@@ -510,7 +570,7 @@ async function runDiff(argv) {
     console.error("  e.g.: brainblast diff lodash@4.17.20 lodash@4.17.21");
     process.exit(2);
   }
-  const { diffVersions, renderDiffText, renderDiffMd, riskScore } = await import("./diff-KIR4PCBC.js");
+  const { diffVersions, renderDiffText, renderDiffMd: _renderDiffMd, riskScore } = await import("./diff-KIR4PCBC.js");
   let result;
   try {
     result = await diffVersions(ecosystem, pkgName, fromVersion, toVersion);
@@ -538,3 +598,254 @@ Risk profile unchanged (${result.unchanged.length} advisory${result.unchanged.le
     console.log("\nNo known advisories for either version.");
   }
 }
+async function runRico(argv) {
+  const { analyzeToken, renderRicoText } = await import("./ricomaps-WTMWBBOY.js");
+  const { verifyTokenIdentity } = await import("./tokenRegistry-CYIUZHAZ.js");
+  const mint = argv.find((a) => !a.startsWith("--"));
+  if (!mint) {
+    console.error("usage: brainblast rico <mint> [--expect SYMBOL] [--api-key KEY] [--fail-on SCORE] [--offline] [--json]");
+    process.exit(2);
+  }
+  const expectIdx = argv.indexOf("--expect");
+  const expectSymbol = expectIdx >= 0 ? argv[expectIdx + 1] : void 0;
+  const apiKeyIdx = argv.indexOf("--api-key");
+  let apiKey = apiKeyIdx >= 0 ? argv[apiKeyIdx + 1] : void 0;
+  const failOnIdx = argv.indexOf("--fail-on");
+  const failOn = failOnIdx >= 0 ? parseInt(argv[failOnIdx + 1], 10) : 70;
+  const offline = argv.includes("--offline");
+  const jsonOut = argv.includes("--json");
+  let ricoResult = null;
+  if (!offline) {
+    ricoResult = await analyzeToken(mint, { apiKey });
+    if (!ricoResult.ok && ricoResult.kind === "auth") {
+      const readline = await import("readline");
+      const rl = readline.createInterface({ input: process.stdin, output: process.stderr });
+      const answer = await new Promise((resolve) => {
+        rl.question(
+          "\nRico Maps API key missing or invalid.\n  [s] Skip quality scan\n  [k] Enter API key\nChoice: ",
+          resolve
+        );
+      });
+      rl.close();
+      if (answer.trim().toLowerCase().startsWith("k")) {
+        const rl2 = readline.createInterface({ input: process.stdin, output: process.stderr });
+        apiKey = await new Promise((resolve) => {
+          rl2.question("API key: ", resolve);
+        });
+        rl2.close();
+        ricoResult = await analyzeToken(mint, { apiKey });
+      } else {
+        ricoResult = null;
+      }
+    }
+  }
+  const claimedSymbol = ricoResult?.ok ? ricoResult.result.symbol : void 0;
+  const identity = await verifyTokenIdentity(mint, { expectSymbol, claimedSymbol, offline });
+  if (jsonOut) {
+    console.log(JSON.stringify({ identity, quality: ricoResult?.ok ? ricoResult.result : null }, null, 2));
+  } else {
+    const impTag = identity.impersonation ? " \u26A0 IMPERSONATION" : "";
+    const expectTag = identity.expectMismatch ? " \u26A0 EXPECT MISMATCH" : "";
+    console.log(`
+Identity  [${identity.status}]${impTag}${expectTag}`);
+    if (identity.symbol) console.log(`  Symbol:  ${identity.symbol}`);
+    if (identity.name) console.log(`  Name:    ${identity.name}`);
+    console.log(`  Source:  ${identity.source}`);
+    if (identity.impersonation && identity.canonicalMint) {
+      console.log(`  Canonical ${identity.symbol} mint: ${identity.canonicalMint}`);
+      console.log(`  This token: ${mint}`);
+    }
+    if (identity.detail) console.log(`  Note:    ${identity.detail}`);
+    if (ricoResult === null) {
+      console.log("\nQuality   [skipped]");
+    } else if (!ricoResult.ok) {
+      console.log(`
+Quality   [error: ${ricoResult.kind}] ${ricoResult.error}`);
+      if (ricoResult.kind === "rate-limit" && ricoResult.retryAfterMs) {
+        console.log(`  Retry after: ${Math.ceil(ricoResult.retryAfterMs / 1e3)}s`);
+      }
+    } else {
+      console.log(`
+${renderRicoText(ricoResult.result)}`);
+    }
+    console.log("");
+  }
+  const highRisk = ricoResult?.ok && ricoResult.result.riskScore >= failOn;
+  if (identity.impersonation || identity.expectMismatch || highRisk) {
+    process.exit(1);
+  }
+}
+async function runFirewall(argv) {
+  const { inspectTransaction, renderFirewallText } = await import("./firewall-HN5XJLGC.js");
+  const tx = argv.find((a) => !a.startsWith("--"));
+  if (!tx) {
+    console.error("usage: brainblast firewall <base64-tx> [--rpc URL] [--no-simulate] [--message-only] [--strict] [--json]");
+    console.error("  Inspect a serialized Solana transaction before an agent signs it.");
+    console.error("  Exit 1 on BLOCK verdict (or any WARN with --strict).");
+    process.exit(2);
+  }
+  const rpcIdx = argv.indexOf("--rpc");
+  const rpcUrl = rpcIdx >= 0 ? argv[rpcIdx + 1] : void 0;
+  const noSimulate = argv.includes("--no-simulate");
+  const messageOnly = argv.includes("--message-only");
+  const strict2 = argv.includes("--strict");
+  const jsonOut = argv.includes("--json");
+  let report2;
+  try {
+    report2 = await inspectTransaction(tx, { rpcUrl, simulate: !noSimulate, messageOnly });
+  } catch (e) {
+    console.error(`brainblast firewall: ${e?.message ?? String(e)}`);
+    process.exit(2);
+  }
+  if (jsonOut) {
+    console.log(JSON.stringify(report2, null, 2));
+  } else {
+    console.log(renderFirewallText(report2));
+  }
+  if (report2.verdict === "block" || strict2 && report2.verdict === "warn") {
+    process.exit(1);
+  }
+}
+async function runIdlRules(argv) {
+  const { readFileSync: readFileSync2, writeFileSync: writeFileSync3, mkdirSync: mkdirSync3 } = await import("fs");
+  const { join: join3 } = await import("path");
+  const { parseIdl, generateRulesFromIdl, renderRulesYaml } = await import("./idlRules-3KZML4NL.js");
+  const idlPath = argv.find((a) => !a.startsWith("--"));
+  if (!idlPath) {
+    console.error("usage: brainblast idl-rules <idl.json> [--out <dir>] [--json]");
+    console.error("  Generate brainblast rules from an Anchor IDL's account constraints.");
+    process.exit(2);
+  }
+  const outIdx = argv.indexOf("--out");
+  const outDir2 = outIdx >= 0 ? argv[outIdx + 1] : void 0;
+  const jsonOut = argv.includes("--json");
+  let idl;
+  try {
+    idl = parseIdl(JSON.parse(readFileSync2(idlPath, "utf8")));
+  } catch (e) {
+    console.error(`brainblast idl-rules: ${e?.message ?? String(e)}`);
+    process.exit(2);
+  }
+  const rules2 = generateRulesFromIdl(idl);
+  if (rules2.length === 0) {
+    console.error("brainblast idl-rules: IDL produced no rules (no instructions?)");
+    process.exit(1);
+  }
+  if (jsonOut) {
+    console.log(JSON.stringify(rules2, null, 2));
+    return;
+  }
+  const yaml = renderRulesYaml(rules2);
+  if (outDir2) {
+    mkdirSync3(outDir2, { recursive: true });
+    const file = join3(outDir2, `${rules2[0].id}.yaml`);
+    writeFileSync3(file, yaml);
+    console.log(`Generated ${rules2.length} rule(s) \u2192 ${file}`);
+    console.log(`  Run against your program:  npx brainblast <program-dir> --packs <pack-with-this-rule>`);
+  } else {
+    console.log(yaml);
+  }
+}
+async function runScore(argv) {
+  const { scoreProgram, renderScoreText, gradeAtLeast } = await import("./score-VLKER37D.js");
+  const { isValidSolanaAddress: isValidSolanaAddress2 } = await import("./trustGraph-4SSJOQKT.js");
+  const programId = argv.find((a) => !a.startsWith("--"));
+  if (!programId) {
+    console.error("usage: brainblast score <program-id> [--rpc URL] [--no-probe] [--min A|B|C|D|F] [--json]");
+    console.error("  Compute a 0-100 trust score + A-F grade for a deployed Solana program.");
+    process.exit(2);
+  }
+  if (!isValidSolanaAddress2(programId)) {
+    console.error(`brainblast score: not a valid Solana address: ${programId}`);
+    process.exit(2);
+  }
+  const rpcIdx = argv.indexOf("--rpc");
+  const rpcUrl = rpcIdx >= 0 ? argv[rpcIdx + 1] : void 0;
+  const noProbe = argv.includes("--no-probe");
+  const minIdx = argv.indexOf("--min");
+  const min = minIdx >= 0 ? argv[minIdx + 1] : void 0;
+  const jsonOut = argv.includes("--json");
+  let result;
+  try {
+    result = await scoreProgram(programId, { rpcUrl, probeRpc: !noProbe });
+  } catch (e) {
+    console.error(`brainblast score: ${e?.message ?? String(e)}`);
+    process.exit(1);
+  }
+  if (jsonOut) {
+    console.log(JSON.stringify(result, null, 2));
+  } else {
+    console.log(renderScoreText(result));
+  }
+  if (min && !gradeAtLeast(result.grade, min)) {
+    process.exit(1);
+  }
+}
+async function runPumpCheck(argv) {
+  const { pumpPreflight, renderPreflightText } = await import("./pumpCheck-K2ESOBNU.js");
+  const mint = argv.find((a) => !a.startsWith("--"));
+  if (!mint) {
+    console.error("usage: brainblast pump-check <mint> [--rpc URL] [--api-key KEY] [--fail-on SCORE] [--offline] [--json]");
+    console.error("  Launch pre-flight: mint/freeze authority, identity, and Rico Maps forensics \u2192 GO/CAUTION/NO-GO.");
+    process.exit(2);
+  }
+  const rpcIdx = argv.indexOf("--rpc");
+  const rpcUrl = rpcIdx >= 0 ? argv[rpcIdx + 1] : void 0;
+  const keyIdx = argv.indexOf("--api-key");
+  const apiKey = keyIdx >= 0 ? argv[keyIdx + 1] : void 0;
+  const failIdx = argv.indexOf("--fail-on");
+  const failOnRisk = failIdx >= 0 ? parseInt(argv[failIdx + 1], 10) : void 0;
+  const offline = argv.includes("--offline");
+  const jsonOut = argv.includes("--json");
+  let report2;
+  try {
+    report2 = await pumpPreflight(mint, { rpcUrl, apiKey, failOnRisk, offline });
+  } catch (e) {
+    console.error(`brainblast pump-check: ${e?.message ?? String(e)}`);
+    process.exit(2);
+  }
+  if (jsonOut) {
+    console.log(JSON.stringify(report2, null, 2));
+  } else {
+    console.log(renderPreflightText(report2));
+  }
+  if (report2.verdict === "NO-GO") process.exit(1);
+}
+async function runBatch(argv) {
+  const { readFileSync: readFileSync2 } = await import("fs");
+  const { batchScan, parseMintList, renderBatchText } = await import("./batchScan-JR2G5JCF.js");
+  const file = argv.find((a) => !a.startsWith("--"));
+  if (!file) {
+    console.error("usage: brainblast batch <file> [--concurrency N] [--api-key KEY] [--fail-on SCORE] [--offline] [--json]");
+    console.error("  Risk-rank a list of contract addresses (newline-separated or JSON array).");
+    process.exit(2);
+  }
+  let mints;
+  try {
+    mints = parseMintList(readFileSync2(file, "utf8"));
+  } catch (e) {
+    console.error(`brainblast batch: ${e?.message ?? String(e)}`);
+    process.exit(2);
+  }
+  if (mints.length === 0) {
+    console.error("brainblast batch: no addresses found in file");
+    process.exit(2);
+  }
+  const concIdx = argv.indexOf("--concurrency");
+  const concurrency = concIdx >= 0 ? parseInt(argv[concIdx + 1], 10) : void 0;
+  const keyIdx = argv.indexOf("--api-key");
+  const apiKey = keyIdx >= 0 ? argv[keyIdx + 1] : void 0;
+  const failIdx = argv.indexOf("--fail-on");
+  const failOnRisk = failIdx >= 0 ? parseInt(argv[failIdx + 1], 10) : void 0;
+  const offline = argv.includes("--offline");
+  const jsonOut = argv.includes("--json");
+  const result = await batchScan(mints, { concurrency, apiKey, failOnRisk, offline });
+  if (jsonOut) {
+    console.log(JSON.stringify(result, null, 2));
+  } else {
+    console.log(renderBatchText(result));
+  }
+  if (result.summary.impersonators > 0 || result.summary.highRisk > 0) {
+    process.exit(1);
+  }
+}

package/dist/firewall-HN5XJLGC.js

@@ -0,0 +1,18 @@
+import {
+  KNOWN_PROGRAMS,
+  analyzeInstructions,
+  decodeTransaction,
+  inspectTransaction,
+  parseCpiPrograms,
+  renderFirewallText
+} from "./chunk-HL7NVANZ.js";
+import "./chunk-VG5FMOLW.js";
+import "./chunk-3RG5ZIWI.js";
+export {
+  KNOWN_PROGRAMS,
+  analyzeInstructions,
+  decodeTransaction,
+  inspectTransaction,
+  parseCpiPrograms,
+  renderFirewallText
+};

package/dist/idlRules-3KZML4NL.js

@@ -0,0 +1,17 @@
+import {
+  buildConstraintParams,
+  generateRulesFromIdl,
+  idlProgramName,
+  parseIdl,
+  renderRulesYaml,
+  toSnakeCase
+} from "./chunk-O5Z4ZJHC.js";
+import "./chunk-3RG5ZIWI.js";
+export {
+  buildConstraintParams,
+  generateRulesFromIdl,
+  idlProgramName,
+  parseIdl,
+  renderRulesYaml,
+  toSnakeCase
+};