brainblast 0.6.4 → 0.7.0

package/dist/{chunk-2Y6UILTZ.js → chunk-CRYFCQYM.js}

@@ -1,6 +1,9 @@
 import {
   CANONICAL_MINTS
 } from "./chunk-2XJORJPQ.js";
+import {
+  toSnakeCase
+} from "./chunk-O5Z4ZJHC.js";
 
 // src/finder.ts
 import { Project, SyntaxKind } from "ts-morph";
@@ -852,6 +855,64 @@ var solanaMintIdentity = (c, _params) => {
   return { result: "cant_tell", detail: "No symbol-named mint constants found" };
 };
 
+// src/checkers/anchorIdlAccount.ts
+function fieldIsSigner(f) {
+  if (/\bSigner\s*</.test(f.typeName)) return true;
+  if (/\bsigner\b/.test(f.attrText)) return true;
+  return false;
+}
+function fieldIsMut(f) {
+  if (/\bmut\b/.test(f.attrText)) return true;
+  if (/\binit\b/.test(f.attrText)) return true;
+  if (f.hasInitIfNeeded) return true;
+  return false;
+}
+function anchorIdlAccount(c, params) {
+  const handlerName = toSnakeCase(c.fnName);
+  const spec = params?.instructions?.find((i) => i.name === handlerName);
+  if (!spec) {
+    return {
+      result: "cant_tell",
+      detail: `Handler '${c.fnName}' is not declared in the ${params?.idlName ?? "IDL"}; constraint rule does not apply.`
+    };
+  }
+  if (spec.signers.length === 0 && spec.mutable.length === 0) {
+    return {
+      result: "cant_tell",
+      detail: `Instruction '${spec.name}' declares no signer or mutable accounts in the IDL; nothing to verify.`
+    };
+  }
+  const byName = /* @__PURE__ */ new Map();
+  for (const f of c.accountFields) byName.set(toSnakeCase(f.name), f);
+  const violations = [];
+  for (const acct of spec.signers) {
+    const f = byName.get(acct);
+    if (!f) {
+      violations.push(`'${acct}' (IDL signer) is not present in the Accounts struct`);
+    } else if (!fieldIsSigner(f)) {
+      violations.push(`'${acct}' must be a Signer (IDL marks it isSigner) but the Rust field has no signer constraint`);
+    }
+  }
+  for (const acct of spec.mutable) {
+    const f = byName.get(acct);
+    if (!f) {
+      violations.push(`'${acct}' (IDL mutable) is not present in the Accounts struct`);
+    } else if (!fieldIsMut(f)) {
+      violations.push(`'${acct}' must be mutable (IDL marks it isMut) but the Rust field has no mut/init constraint`);
+    }
+  }
+  if (violations.length > 0) {
+    return {
+      result: "fail",
+      detail: `Handler '${c.fnName}' diverges from the ${params.idlName} IDL: ` + violations.join("; ") + ". A missing signer/mut constraint is a silent authorization hole."
+    };
+  }
+  return {
+    result: "pass",
+    detail: `Handler '${c.fnName}' declares all ${spec.signers.length} signer and ${spec.mutable.length} mutable account(s) the ${params.idlName} IDL requires.`
+  };
+}
+
 // src/checkers/index.ts
 var registry = {
   "positional-arg-identity": positionalArgIdentity,
@@ -865,7 +926,8 @@ var registry = {
   "taint-to-sink": taintToSink,
   "literal-multiplier-wrong-constant": literalMultiplierWrongConstant,
   "forbidden-call-replacement": forbiddenCallReplacement,
-  "solana-mint-identity-mismatch": solanaMintIdentity
+  "solana-mint-identity-mismatch": solanaMintIdentity,
+  "anchor-account-matches-idl": anchorIdlAccount
 };
 function runChecker(kind, c, params) {
   const fn = registry[kind];

package/dist/chunk-DQ4KAYKQ.js

@@ -0,0 +1,111 @@
+import {
+  DEFAULT_RPC,
+  probeUpgradeAuthority
+} from "./chunk-XSVQSK53.js";
+
+// src/watchChain.ts
+async function getSignaturesForAddress(programId, until, opts) {
+  const url = opts.rpcUrl ?? DEFAULT_RPC;
+  const fetchImpl = opts.fetchImpl ?? fetch;
+  const params = [programId, { limit: opts.limit ?? 25 }];
+  if (until) params[1].until = until;
+  const ac = new AbortController();
+  const t = setTimeout(() => ac.abort(), opts.timeoutMs ?? 1e4);
+  try {
+    const res = await fetchImpl(url, {
+      method: "POST",
+      headers: { "content-type": "application/json" },
+      body: JSON.stringify({ jsonrpc: "2.0", id: 1, method: "getSignaturesForAddress", params }),
+      signal: ac.signal
+    });
+    if (!res.ok) throw new Error(`getSignaturesForAddress: HTTP ${res.status}`);
+    const body = await res.json();
+    if (body.error) throw new Error(`getSignaturesForAddress: ${body.error.message}`);
+    return body.result ?? [];
+  } finally {
+    clearTimeout(t);
+  }
+}
+async function pollChainOnce(programId, state, opts = {}) {
+  const events = [];
+  const ts = () => (/* @__PURE__ */ new Date()).toISOString();
+  let sigs;
+  try {
+    sigs = await getSignaturesForAddress(programId, state.lastSignature, opts);
+  } catch (e) {
+    events.push({ type: "poll_error", programId, message: e?.message ?? String(e), ts: ts() });
+    return { events, state };
+  }
+  const probe = opts.probeAuthority ?? ((id, o) => probeUpgradeAuthority(id, o).then((ua) => ({ address: ua.address })));
+  let currentAuthority = state.baselineAuthority;
+  try {
+    const ua = await probe(programId, opts);
+    currentAuthority = ua.address;
+  } catch (e) {
+    events.push({ type: "poll_error", programId, message: `authority probe: ${e?.message ?? String(e)}`, ts: ts() });
+  }
+  if (!state.initialized) {
+    const head = sigs[0]?.signature ?? null;
+    events.push({ type: "watch_started", programId, headSignature: head, baselineAuthority: currentAuthority, ts: ts() });
+    return {
+      events,
+      state: { lastSignature: head, baselineAuthority: currentAuthority, initialized: true }
+    };
+  }
+  if (sigs.length > 0) {
+    events.push({
+      type: "new_activity",
+      programId,
+      newCount: sigs.length,
+      signatures: sigs.slice(0, 10).map((s) => s.signature),
+      ts: ts()
+    });
+  }
+  if (currentAuthority !== state.baselineAuthority) {
+    events.push({
+      type: "authority_changed",
+      programId,
+      from: state.baselineAuthority,
+      to: currentAuthority,
+      ts: ts()
+    });
+  }
+  return {
+    events,
+    state: {
+      lastSignature: sigs[0]?.signature ?? state.lastSignature,
+      baselineAuthority: currentAuthority,
+      initialized: true
+    }
+  };
+}
+function initialChainWatchState() {
+  return { lastSignature: null, baselineAuthority: null, initialized: false };
+}
+function startChainWatch(programId, opts = {}) {
+  const emit = opts.emit ?? ((e) => process.stdout.write(JSON.stringify(e) + "\n"));
+  const intervalMs = opts.intervalMs ?? 3e4;
+  let state = initialChainWatchState();
+  let stopped = false;
+  let timer;
+  const tick = async () => {
+    if (stopped) return;
+    const { events, state: next } = await pollChainOnce(programId, state, opts);
+    state = next;
+    for (const e of events) emit(e);
+    if (!stopped) timer = setTimeout(tick, intervalMs);
+  };
+  void tick();
+  return {
+    stop: () => {
+      stopped = true;
+      if (timer) clearTimeout(timer);
+    }
+  };
+}
+
+export {
+  pollChainOnce,
+  initialChainWatchState,
+  startChainWatch
+};

package/dist/chunk-HL7NVANZ.js

@@ -0,0 +1,331 @@
+import {
+  base58Encode
+} from "./chunk-VG5FMOLW.js";
+
+// src/firewall.ts
+var KNOWN_PROGRAMS = {
+  "11111111111111111111111111111111": "System Program",
+  TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA: "SPL Token",
+  TokenzQdBNbLqP5VEhdkAS6EPFLC1PHnBqCXEpPxuEb: "SPL Token-2022",
+  ATokenGPvbdGVxr1b2hvZbsiqW5xWH25efTNsLJA8knL: "Associated Token Account",
+  metaqbxxUerdq28cj1RbAWkYQm3ybzjb6a8bt518x1s: "Metaplex Token Metadata",
+  MemoSq4gqABAXKb96qnH8TysNcWxMyWCqXgDLGmfcHr: "SPL Memo",
+  ComputeBudget111111111111111111111111111111: "Compute Budget",
+  AddressLookupTab1e1111111111111111111111111: "Address Lookup Table",
+  BPFLoaderUpgradeab1e11111111111111111111111: "BPF Upgradeable Loader",
+  // Blue-chip DeFi / launch programs
+  JUP6LkbZbjS1jKKwapdHNy74zcZ3tLUZoi5QNyVTaV4: "Jupiter Aggregator v6",
+  "675kPX9MHTjS2zt1qfr1NYHuzeLXfQM9H24wFSUt1Mp8": "Raydium AMM v4",
+  whirLbMiicVdio4qvUfM5KAg6Ct8VwpYzGff3uctyCc: "Orca Whirlpools",
+  "6EF8rrecthR5Dkzon8Nwu78hRvfCKubJ14M5uBEwF6P": "pump.fun",
+  pAMMBay6oceH9fJKBRHGP5D4bD4sWpmSwMn52FMfXEA: "PumpSwap AMM"
+};
+var SPL_TOKEN_PROGRAMS = /* @__PURE__ */ new Set([
+  "TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA",
+  "TokenzQdBNbLqP5VEhdkAS6EPFLC1PHnBqCXEpPxuEb"
+]);
+var BPF_UPGRADEABLE_LOADER = "BPFLoaderUpgradeab1e11111111111111111111111";
+function readCompactU16(buf, offset) {
+  let value = 0;
+  let shift = 0;
+  let o = offset;
+  for (; ; ) {
+    const byte = buf[o++];
+    value |= (byte & 127) << shift;
+    if ((byte & 128) === 0) break;
+    shift += 7;
+    if (shift > 21) throw new Error("compact-u16 too long");
+  }
+  return [value, o];
+}
+function decodeTransaction(base64, opts = {}) {
+  const bytes = new Uint8Array(Buffer.from(base64, "base64"));
+  if (bytes.length < 35) throw new Error("transaction too short to be valid");
+  let o = 0;
+  if (!opts.messageOnly) {
+    const [sigCount, afterCount] = readCompactU16(bytes, 0);
+    o = afterCount + sigCount * 64;
+    if (o >= bytes.length) throw new Error("signature array overruns buffer");
+  }
+  const msg = bytes.subarray(o);
+  let mo = 0;
+  let version = "legacy";
+  if ((msg[0] & 128) !== 0) {
+    version = msg[0] & 127;
+    mo = 1;
+  }
+  const numRequiredSignatures = msg[mo++];
+  const numReadonlySigned = msg[mo++];
+  const numReadonlyUnsigned = msg[mo++];
+  const [acctCount, afterAccts] = readCompactU16(msg, mo);
+  mo = afterAccts;
+  const staticAccountKeys = [];
+  for (let i = 0; i < acctCount; i++) {
+    staticAccountKeys.push(base58Encode(msg.subarray(mo, mo + 32)));
+    mo += 32;
+  }
+  const recentBlockhash = base58Encode(msg.subarray(mo, mo + 32));
+  mo += 32;
+  const [ixCount, afterIxCount] = readCompactU16(msg, mo);
+  mo = afterIxCount;
+  const instructions = [];
+  for (let i = 0; i < ixCount; i++) {
+    const programIdIndex = msg[mo++];
+    const [naccts, afterNaccts] = readCompactU16(msg, mo);
+    mo = afterNaccts;
+    const accountIndexes = [];
+    for (let j = 0; j < naccts; j++) accountIndexes.push(msg[mo++]);
+    const [datalen, afterDatalen] = readCompactU16(msg, mo);
+    mo = afterDatalen;
+    const data = msg.subarray(mo, mo + datalen);
+    mo += datalen;
+    instructions.push({
+      programIdIndex,
+      programId: staticAccountKeys[programIdIndex] ?? `#${programIdIndex}`,
+      accountIndexes,
+      data
+    });
+  }
+  const addressTableLookups = [];
+  if (version !== "legacy") {
+    const [altCount, afterAlt] = readCompactU16(msg, mo);
+    mo = afterAlt;
+    for (let i = 0; i < altCount; i++) {
+      const accountKey = base58Encode(msg.subarray(mo, mo + 32));
+      mo += 32;
+      const [wlen, afterW] = readCompactU16(msg, mo);
+      mo = afterW + wlen;
+      const [rlen, afterR] = readCompactU16(msg, mo);
+      mo = afterR + rlen;
+      addressTableLookups.push({ accountKey, writableCount: wlen, readonlyCount: rlen });
+    }
+  }
+  return {
+    version,
+    numRequiredSignatures,
+    numReadonlySigned,
+    numReadonlyUnsigned,
+    staticAccountKeys,
+    recentBlockhash,
+    instructions,
+    addressTableLookups
+  };
+}
+function splTokenFinding(disc) {
+  switch (disc) {
+    case 4:
+    // Approve
+    case 13:
+      return {
+        severity: "warn",
+        kind: "token-delegate-approval",
+        detail: "Approves a delegate over a token account \u2014 a common drain vector. Verify the delegate is trusted."
+      };
+    case 6:
+      return {
+        severity: "critical",
+        kind: "token-set-authority",
+        detail: "Changes a mint/account authority (SetAuthority). This can hand control of a token to another party."
+      };
+    case 9:
+      return {
+        severity: "info",
+        kind: "token-close-account",
+        detail: "Closes a token account and reclaims its rent to the destination."
+      };
+    default:
+      return null;
+  }
+}
+function bpfLoaderFinding(disc) {
+  if (disc === 3)
+    return {
+      severity: "critical",
+      kind: "program-upgrade",
+      detail: "Upgrades a deployed program (BPF Upgradeable Loader Upgrade). Replaces on-chain code."
+    };
+  if (disc === 4 || disc === 6)
+    return {
+      severity: "critical",
+      kind: "program-set-authority",
+      detail: "Changes a program's upgrade authority (BPF Loader SetAuthority)."
+    };
+  return null;
+}
+function analyzeInstructions(decoded, known) {
+  const findings = [];
+  for (const ix of decoded.instructions) {
+    const pid = ix.programId;
+    if (SPL_TOKEN_PROGRAMS.has(pid) && ix.data.length >= 1) {
+      const f = splTokenFinding(ix.data[0]);
+      if (f) findings.push(f);
+    }
+    if (pid === BPF_UPGRADEABLE_LOADER && ix.data.length >= 4) {
+      const disc = ix.data[0] | ix.data[1] << 8 | ix.data[2] << 16 | ix.data[3] << 24;
+      const f = bpfLoaderFinding(disc);
+      if (f) findings.push(f);
+    }
+    if (!(pid in known)) {
+      findings.push({
+        severity: "warn",
+        kind: "unknown-program",
+        detail: `Top-level instruction invokes an unrecognized program: ${pid}. Verify it is a program you intend to call.`
+      });
+    }
+  }
+  if (decoded.addressTableLookups.length > 0) {
+    findings.push({
+      severity: "info",
+      kind: "address-lookup-tables",
+      detail: `Transaction uses ${decoded.addressTableLookups.length} address lookup table(s); some accounts are resolved off-message and not statically visible.`
+    });
+  }
+  return findings;
+}
+function parseCpiPrograms(logs) {
+  const programs = /* @__PURE__ */ new Set();
+  for (const line of logs) {
+    const m = line.match(/^Program (\S+) invoke \[\d+\]$/);
+    if (m) programs.add(m[1]);
+  }
+  return [...programs];
+}
+async function simulate(base64, opts) {
+  const { DEFAULT_RPC } = await import("./rpc-W5F4KXS2.js");
+  const url = opts.rpcUrl ?? DEFAULT_RPC;
+  const fetchImpl = opts.fetchImpl ?? fetch;
+  const ac = new AbortController();
+  const t = setTimeout(() => ac.abort(), opts.timeoutMs ?? 1e4);
+  try {
+    const res = await fetchImpl(url, {
+      method: "POST",
+      headers: { "content-type": "application/json" },
+      body: JSON.stringify({
+        jsonrpc: "2.0",
+        id: 1,
+        method: "simulateTransaction",
+        params: [base64, { encoding: "base64", sigVerify: false, replaceRecentBlockhash: true, commitment: "confirmed" }]
+      }),
+      signal: ac.signal
+    });
+    if (!res.ok) throw new Error(`simulateTransaction: HTTP ${res.status}`);
+    const body = await res.json();
+    if (body.error) throw new Error(`simulateTransaction: ${body.error.message}`);
+    const v = body.result?.value ?? {};
+    return { err: v.err ?? null, logs: v.logs ?? null, unitsConsumed: v.unitsConsumed };
+  } finally {
+    clearTimeout(t);
+  }
+}
+function worstSeverity(findings) {
+  if (findings.some((f) => f.severity === "critical")) return "block";
+  if (findings.some((f) => f.severity === "warn")) return "warn";
+  return "allow";
+}
+async function inspectTransaction(base64, opts = {}) {
+  const known = { ...KNOWN_PROGRAMS, ...opts.knownPrograms ?? {} };
+  const decoded = decodeTransaction(base64, { messageOnly: opts.messageOnly });
+  const findings = analyzeInstructions(decoded, known);
+  const topLevelIds = new Set(decoded.instructions.map((ix) => ix.programId));
+  const programs = [...topLevelIds].map((id) => ({
+    id,
+    label: known[id] ?? null,
+    known: id in known,
+    topLevel: true
+  }));
+  const report = {
+    version: decoded.version,
+    feePayer: decoded.staticAccountKeys[0] ?? "(none)",
+    numSigners: decoded.numRequiredSignatures,
+    staticAccounts: decoded.staticAccountKeys.length,
+    programs,
+    usesAddressLookupTables: decoded.addressTableLookups.length > 0,
+    simulation: { ran: false },
+    findings,
+    verdict: "allow"
+  };
+  if (opts.simulate !== false) {
+    try {
+      const sim = await simulate(base64, opts);
+      const cpiPrograms = sim.logs ? parseCpiPrograms(sim.logs) : [];
+      report.simulation = {
+        ran: true,
+        ok: sim.err === null,
+        err: sim.err ?? void 0,
+        unitsConsumed: sim.unitsConsumed,
+        logsCount: sim.logs?.length,
+        cpiPrograms
+      };
+      for (const pid of cpiPrograms) {
+        if (!(pid in known) && !topLevelIds.has(pid)) {
+          findings.push({
+            severity: "warn",
+            kind: "unknown-cpi-program",
+            detail: `Cross-program invocation to an unrecognized program: ${pid}.`
+          });
+          report.programs.push({ id: pid, label: null, known: false, topLevel: false });
+        }
+      }
+      if (sim.err !== null) {
+        findings.push({
+          severity: "warn",
+          kind: "simulation-failed",
+          detail: `Transaction simulation returned an error: ${JSON.stringify(sim.err)}. Signing it would likely fail on-chain.`
+        });
+      }
+    } catch (e) {
+      report.simulation = { ran: false };
+      findings.push({
+        severity: "info",
+        kind: "simulation-unavailable",
+        detail: `Could not simulate (static analysis only): ${e?.message ?? String(e)}`
+      });
+    }
+  }
+  report.verdict = worstSeverity(findings);
+  return report;
+}
+var SEV_ICON = { critical: "\u26D4", warn: "\u26A0 ", info: "\xB7 " };
+var VERDICT_BANNER = {
+  allow: "ALLOW \u2014 no dangerous patterns detected",
+  warn: "WARN \u2014 review before signing",
+  block: "BLOCK \u2014 dangerous pattern detected, do not sign blind"
+};
+function renderFirewallText(r) {
+  const lines = [];
+  lines.push(`Transaction firewall  [${VERDICT_BANNER[r.verdict]}]`);
+  lines.push("");
+  lines.push(`  Version:     ${r.version}`);
+  lines.push(`  Fee payer:   ${r.feePayer}`);
+  lines.push(`  Signers:     ${r.numSigners}`);
+  lines.push(`  Accounts:    ${r.staticAccounts}${r.usesAddressLookupTables ? " (+ lookup tables)" : ""}`);
+  lines.push(`  Programs:`);
+  for (const p of r.programs) {
+    const tag = p.known ? p.label : "UNKNOWN";
+    lines.push(`    ${p.known ? "\u2713" : "?"} ${p.id}  ${tag}${p.topLevel ? "" : " (via CPI)"}`);
+  }
+  if (r.simulation.ran) {
+    lines.push(`  Simulation:  ${r.simulation.ok ? "ok" : "FAILED"}${r.simulation.unitsConsumed != null ? ` (${r.simulation.unitsConsumed} CU)` : ""}`);
+  } else {
+    lines.push(`  Simulation:  not run`);
+  }
+  lines.push("");
+  if (r.findings.length === 0) {
+    lines.push("  No findings.");
+  } else {
+    lines.push("  Findings:");
+    for (const f of r.findings) {
+      lines.push(`    ${SEV_ICON[f.severity]} [${f.kind}] ${f.detail}`);
+    }
+  }
+  return lines.join("\n");
+}
+
+export {
+  KNOWN_PROGRAMS,
+  decodeTransaction,
+  analyzeInstructions,
+  parseCpiPrograms,
+  inspectTransaction,
+  renderFirewallText
+};

package/dist/chunk-O5Z4ZJHC.js

@@ -0,0 +1,89 @@
+// src/idlRules.ts
+import { stringify as yamlStringify } from "yaml";
+function toSnakeCase(s) {
+  return s.replace(/([a-z0-9])([A-Z])/g, "$1_$2").replace(/[\s-]+/g, "_").toLowerCase();
+}
+function idlProgramName(idl) {
+  return idl.metadata?.name ?? idl.name ?? "anchor-program";
+}
+function flattenAccounts(accounts) {
+  const out = [];
+  for (const a of accounts) {
+    if (a.accounts && a.accounts.length > 0) {
+      out.push(...flattenAccounts(a.accounts));
+    } else {
+      out.push(a);
+    }
+  }
+  return out;
+}
+function parseIdl(json) {
+  if (!json || typeof json !== "object") throw new Error("IDL is not an object");
+  const idl = json;
+  if (!Array.isArray(idl.instructions)) throw new Error("IDL has no instructions array");
+  for (const ix of idl.instructions) {
+    if (!ix.name || !Array.isArray(ix.accounts)) {
+      throw new Error(`IDL instruction missing name/accounts: ${JSON.stringify(ix).slice(0, 80)}`);
+    }
+  }
+  return idl;
+}
+function buildConstraintParams(idl) {
+  const instructions = idl.instructions.map((ix) => {
+    const leaves = flattenAccounts(ix.accounts);
+    return {
+      name: toSnakeCase(ix.name),
+      signers: leaves.filter((a) => a.isSigner).map((a) => toSnakeCase(a.name)),
+      mutable: leaves.filter((a) => a.isMut).map((a) => toSnakeCase(a.name))
+    };
+  });
+  return { idlName: idlProgramName(idl), instructions };
+}
+function generateRulesFromIdl(idl) {
+  const params = buildConstraintParams(idl);
+  const handlerNames = params.instructions.map((i) => i.name).filter(Boolean);
+  if (handlerNames.length === 0) return [];
+  const nameRegex = `^(${handlerNames.map(escapeRegex).join("|")})$`;
+  const progName = params.idlName;
+  const rule = {
+    id: `idl-${toKebab(progName)}-account-constraints`,
+    severity: "critical",
+    title: `Anchor accounts match the ${progName} IDL signer/mut constraints`,
+    component: {
+      name: progName,
+      type: "Anchor program",
+      version: idl.metadata?.version ?? idl.version ?? "unversioned",
+      sourceUrl: "https://www.anchor-lang.com/docs/the-accounts-struct"
+    },
+    detect: {
+      lang: "rust",
+      modules: ["@coral-xyz/anchor", "@project-serum/anchor"],
+      nameRegex,
+      triggerCalls: []
+    },
+    check: {
+      kind: "anchor-account-matches-idl",
+      params
+    },
+    test: { kind: "none" }
+  };
+  return [rule];
+}
+function escapeRegex(s) {
+  return s.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+function toKebab(s) {
+  return toSnakeCase(s).replace(/_/g, "-");
+}
+function renderRulesYaml(rules) {
+  return rules.map((r) => yamlStringify(r)).join("\n---\n");
+}
+
+export {
+  toSnakeCase,
+  idlProgramName,
+  parseIdl,
+  buildConstraintParams,
+  generateRulesFromIdl,
+  renderRulesYaml
+};