brainblast 0.7.4 → 0.7.6

package/dist/{chunk-5VYTURTO.js → chunk-A3U6JDMN.js}

@@ -7,7 +7,7 @@ import {
   loadPack,
   resolveRules,
   walk
-} from "./chunk-5H5JQXXU.js";
+} from "./chunk-Q5DMQN67.js";
 
 // src/costAnalysis.ts
 import { Project, SyntaxKind } from "ts-morph";
@@ -521,12 +521,62 @@ function validatePack(dir) {
   return { manifest, rules, ruleResults, ok };
 }
 
+// src/bundledPacks.ts
+import { existsSync as existsSync2, readdirSync, statSync, readFileSync as readFileSync2 } from "fs";
+import { join as join2 } from "path";
+import { fileURLToPath } from "url";
+import { parse } from "yaml";
+function packsRoot() {
+  const here = fileURLToPath(new URL(".", import.meta.url));
+  const candidates = [
+    join2(here, "packs"),
+    // dist/packs (npm — copied by postbuild)
+    join2(here, "..", "..", "..", "packs"),
+    // src/../../../packs (dev — repo root)
+    join2(here, "..", "packs")
+    // fallback
+  ];
+  return candidates.find((p) => existsSync2(p)) ?? null;
+}
+function listBundledPacks() {
+  const root = packsRoot();
+  if (!root) return [];
+  const out = [];
+  for (const entry of readdirSync(root)) {
+    const dir = join2(root, entry);
+    const manifestPath = join2(dir, PACK_MANIFEST_FILE);
+    let isDir = false;
+    try {
+      isDir = statSync(dir).isDirectory();
+    } catch {
+      continue;
+    }
+    if (!isDir || !existsSync2(manifestPath)) continue;
+    try {
+      const manifest = parse(readFileSync2(manifestPath, "utf8"));
+      if (manifest?.id) out.push({ id: manifest.id, dir, manifest });
+    } catch {
+    }
+  }
+  return out.sort((a, b) => a.id.localeCompare(b.id));
+}
+function resolveBundledPackToken(token) {
+  const packs = listBundledPacks();
+  const exact = packs.find((p) => p.id === token);
+  if (exact) return exact.dir;
+  const lead = packs.filter((p) => p.id === token || p.id.startsWith(token + "-"));
+  if (lead.length === 1) return lead[0].dir;
+  const sub = packs.filter((p) => p.id.includes(token));
+  if (sub.length === 1) return sub[0].dir;
+  return null;
+}
+
 // src/telemetry.ts
 import { createHash, randomUUID } from "crypto";
-import { appendFileSync, existsSync as existsSync2, mkdirSync as mkdirSync2, readFileSync as readFileSync2, writeFileSync as writeFileSync3 } from "fs";
+import { appendFileSync, existsSync as existsSync3, mkdirSync as mkdirSync2, readFileSync as readFileSync3, writeFileSync as writeFileSync3 } from "fs";
 import { execFileSync } from "child_process";
 import { homedir } from "os";
-import { dirname, join as join2, resolve } from "path";
+import { dirname, join as join3, resolve } from "path";
 function sha256Hex(s) {
   return createHash("sha256").update(s).digest("hex");
 }
@@ -534,20 +584,20 @@ function isTelemetryEnabled(targetDir) {
   const env = process.env.BRAINBLAST_TELEMETRY;
   if (env === "1" || env === "true") return true;
   if (env === "0" || env === "false") return false;
-  const configPath = join2(targetDir, ".agent-research", "config.json");
-  if (!existsSync2(configPath)) return false;
+  const configPath = join3(targetDir, ".agent-research", "config.json");
+  if (!existsSync3(configPath)) return false;
   try {
-    const cfg = JSON.parse(readFileSync2(configPath, "utf8"));
+    const cfg = JSON.parse(readFileSync3(configPath, "utf8"));
     return cfg?.telemetry === true;
   } catch {
     return false;
   }
 }
 function getUserHash() {
-  const idPath = join2(homedir(), ".brainblast", "telemetry-id");
+  const idPath = join3(homedir(), ".brainblast", "telemetry-id");
   let id;
-  if (existsSync2(idPath)) {
-    id = readFileSync2(idPath, "utf8").trim();
+  if (existsSync3(idPath)) {
+    id = readFileSync3(idPath, "utf8").trim();
   } else {
     id = randomUUID();
     mkdirSync2(dirname(idPath), { recursive: true });
@@ -569,15 +619,15 @@ function getRepoHash(targetDir) {
   return sha256Hex(key).slice(0, 16);
 }
 function telemetryFilePath(targetDir) {
-  return join2(targetDir, ".agent-research", "telemetry.ndjson");
+  return join3(targetDir, ".agent-research", "telemetry.ndjson");
 }
 var DEFAULT_REGISTRY_URL = "https://registry.brainblast.tech";
 async function submitTelemetry(targetDir, registryUrl = process.env.BRAINBLAST_REGISTRY_URL || DEFAULT_REGISTRY_URL) {
   const file = telemetryFilePath(targetDir);
-  if (!existsSync2(file)) {
+  if (!existsSync3(file)) {
     return { submitted: 0, accepted: 0, rejected: 0, graduations: [] };
   }
-  const events = readFileSync2(file, "utf8").trim().split("\n").filter(Boolean).map((line) => JSON.parse(line));
+  const events = readFileSync3(file, "utf8").trim().split("\n").filter(Boolean).map((line) => JSON.parse(line));
   if (events.length === 0) {
     return { submitted: 0, accepted: 0, rejected: 0, graduations: [] };
   }
@@ -622,6 +672,8 @@ export {
   applyDiffToFile,
   initPack,
   validatePack,
+  listBundledPacks,
+  resolveBundledPackToken,
   isTelemetryEnabled,
   getUserHash,
   getRepoHash,

package/dist/chunk-CSYGLMZR.js

@@ -0,0 +1,129 @@
+// src/feeConfigs.ts
+var FEE_CONFIGS = [
+  {
+    id: "metaplex-seller-fee",
+    category: "royalty",
+    sdk: "Metaplex Token Metadata",
+    call: "createV1 / createNft / createFungible",
+    field: "sellerFeeBasisPoints",
+    whatZeroMeans: "Omitted \u2192 defaults to 0. Creators earn no royalty on any secondary sale, permanently \u2014 the token mints fine and looks correct on-chain.",
+    fix: "Set sellerFeeBasisPoints explicitly at mint time (e.g. 500 = 5%). There is no after-the-fact migration once minted.",
+    ruleId: "metaplex-seller-fee-zero",
+    status: "enforced",
+    docsUrl: "https://developers.metaplex.com/token-metadata/mint"
+  },
+  {
+    id: "bags-fee-share-creator",
+    category: "fee",
+    sdk: "Bags",
+    call: "createBagsFeeShareConfig",
+    field: "feeClaimers[].userBps (creator inclusion)",
+    whatZeroMeans: "The creator wallet omitted from feeClaimers, or the userBps not summing to 10000 \u2192 the creator's share of trading fees is silently zero. This is the original Bags trap.",
+    fix: "Include the creator wallet as a feeClaimers entry and ensure every userBps sums to 10000.",
+    ruleId: "bags-fee-share-creator-included",
+    status: "enforced",
+    docsUrl: "https://bags.fm"
+  },
+  {
+    id: "token2022-transfer-fee",
+    category: "fee",
+    sdk: "SPL Token-2022 (Transfer Fee extension)",
+    call: "createInitializeTransferFeeConfigInstruction",
+    field: "transferFeeBasisPoints",
+    whatZeroMeans: "Initializing the transfer-fee extension with 0 basis points \u2192 no fee is ever withheld on transfers. The extension is 'configured' but collects nothing.",
+    fix: "Pass a non-zero transferFeeBasisPoints (and a sensible maximumFee) when initializing the extension.",
+    // Positional-argument call — not an object-literal field, so the bundled
+    // object-field checker doesn't cover it yet. Advisory until a positional
+    // variant ships.
+    ruleId: null,
+    status: "advisory",
+    docsUrl: "https://www.solana-program.com/docs/token-2022/extensions#transfer-fee"
+  },
+  {
+    id: "reward-rate-zero",
+    category: "reward",
+    sdk: "Staking / LP reward distributors (generic)",
+    call: "initialize / configureReward (varies)",
+    field: "rewardRate / emissionsPerSecond",
+    whatZeroMeans: "A reward-rate or emissions field omitted/zeroed \u2192 stakers and LPs accrue nothing while the pool looks live. A silent, ongoing zero-yield misconfiguration.",
+    fix: "Set the reward-rate field explicitly and assert it is non-zero in your deploy script; add a project-local fee-configs-zero-or-missing rule for your SDK's call shape.",
+    ruleId: null,
+    status: "advisory"
+  }
+];
+function getFeeConfig(id) {
+  return FEE_CONFIGS.find((e) => e.id === id || e.ruleId === id);
+}
+function feeConfigsByCategory(cat) {
+  return FEE_CONFIGS.filter((e) => e.category === cat);
+}
+function enforcedCount(patterns = FEE_CONFIGS) {
+  return patterns.filter((e) => e.status === "enforced").length;
+}
+var CATEGORY_LABEL = {
+  royalty: "Royalties",
+  fee: "Fees",
+  reward: "Reward distribution"
+};
+function renderFeeConfigsMd(patterns = FEE_CONFIGS) {
+  const L = ["## Fee Configs \u2014 silent zero-revenue class\n"];
+  L.push(
+    "The Bags exploit generalized: a revenue-bearing field that, if omitted or zeroed, silently collects nothing \u2014 forever. Watch these across every protocol that touches fees, royalties, or rewards.\n"
+  );
+  L.push("| Category | SDK | Field | Status | Rule |");
+  L.push("|----------|-----|-------|--------|------|");
+  for (const e of patterns) {
+    const status = e.status === "enforced" ? "\u2705 enforced" : "\u26A0\uFE0F advisory";
+    L.push(`| ${CATEGORY_LABEL[e.category]} | ${e.sdk} | \`${e.field}\` | ${status} | ${e.ruleId ? `\`${e.ruleId}\`` : "\u2014"} |`);
+  }
+  L.push("");
+  L.push(`**${enforcedCount(patterns)} of ${patterns.length} enforced by a bundled rule; the rest are advisories (grep targets / project-local rule candidates).**
+`);
+  for (const e of patterns) {
+    L.push(`### ${e.sdk} \u2014 \`${e.field}\` (${CATEGORY_LABEL[e.category]})
+`);
+    L.push(`- **Call:** \`${e.call}\``);
+    L.push(`- **Zero/omitted means:** ${e.whatZeroMeans}`);
+    L.push(`- **Fix:** ${e.fix}`);
+    L.push(`- **Detection:** ${e.ruleId ? `\`${e.ruleId}\` (bundled)` : "advisory \u2014 no bundled rule yet"}`);
+    if (e.docsUrl) L.push(`- **Docs:** ${e.docsUrl}`);
+    L.push("");
+  }
+  return L.join("\n");
+}
+function renderFeeConfigsText(patterns = FEE_CONFIGS) {
+  const L = [];
+  L.push("\u2500\u2500 Fee Configs \u2014 silent zero-revenue class \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500");
+  L.push("  fields that default to zero and silently collect nothing");
+  L.push("");
+  for (const e of patterns) {
+    const status = e.status === "enforced" ? "[enforced]" : "[advisory]";
+    L.push(`  ${status} ${CATEGORY_LABEL[e.category]}: ${e.sdk} \xB7 ${e.field}`);
+    L.push(`    ${e.whatZeroMeans}`);
+    if (e.ruleId) L.push(`    rule: ${e.ruleId}`);
+    L.push("");
+  }
+  L.push(`  ${enforcedCount(patterns)}/${patterns.length} enforced by a bundled rule`);
+  return L.join("\n");
+}
+function renderFeeConfigDetailText(e) {
+  const L = [];
+  L.push(`\u2500\u2500 ${e.sdk} \u2014 ${e.field} \u2500\u2500`);
+  L.push(`  category:    ${CATEGORY_LABEL[e.category]}`);
+  L.push(`  call:        ${e.call}`);
+  L.push(`  zero means:  ${e.whatZeroMeans}`);
+  L.push(`  fix:         ${e.fix}`);
+  L.push(`  detection:   ${e.ruleId ? `${e.ruleId} (bundled rule)` : "advisory \u2014 no bundled rule yet"}`);
+  if (e.docsUrl) L.push(`  docs:        ${e.docsUrl}`);
+  return L.join("\n");
+}
+
+export {
+  FEE_CONFIGS,
+  getFeeConfig,
+  feeConfigsByCategory,
+  enforcedCount,
+  renderFeeConfigsMd,
+  renderFeeConfigsText,
+  renderFeeConfigDetailText
+};

package/dist/{chunk-5H5JQXXU.js → chunk-Q5DMQN67.js}

@@ -430,6 +430,19 @@ var objectArgPropertyLiteralEquals = (c, p) => {
 
 // src/checkers/objectArgPropertyForbiddenLiteral.ts
 import { SyntaxKind as SyntaxKind7 } from "ts-morph";
+function isBnWrappedZero(init) {
+  const isNewOrCall = init.getKind() === SyntaxKind7.NewExpression || init.getKind() === SyntaxKind7.CallExpression;
+  if (!isNewOrCall) return false;
+  const calleeText = init.getExpression?.()?.getText?.() ?? "";
+  if (!/(^|\.)bn$/i.test(calleeText)) return false;
+  const args = init.getArguments?.() ?? [];
+  if (args.length !== 1) return false;
+  const a = args[0];
+  const k = a.getKind();
+  if (k === SyntaxKind7.NumericLiteral) return Number(a.getLiteralValue()) === 0;
+  if (k === SyntaxKind7.StringLiteral) return a.getLiteralValue() === "0";
+  return false;
+}
 var objectArgPropertyForbiddenLiteral = (c, p) => {
   const calls = c.fn.getDescendantsOfKind(SyntaxKind7.CallExpression).filter((ce2) => {
     const expr = ce2.getExpression();
@@ -469,7 +482,8 @@ var objectArgPropertyForbiddenLiteral = (c, p) => {
   const kind = init.getKind();
   const text = init.getText();
   const forbidden = JSON.stringify(p.forbiddenValue);
-  const isForbidden = (kind === SyntaxKind7.NumericLiteral || kind === SyntaxKind7.StringLiteral) && (text === forbidden || text === String(p.forbiddenValue));
+  const isLiteralForbidden = (kind === SyntaxKind7.NumericLiteral || kind === SyntaxKind7.StringLiteral) && (text === forbidden || text === String(p.forbiddenValue));
+  const isForbidden = isLiteralForbidden || p.forbiddenValue === 0 && isBnWrappedZero(init);
   if (isForbidden) {
     return {
       result: "fail",
@@ -1050,6 +1064,75 @@ function anchorCpiUnverifiedProgram(c, p) {
   };
 }
 
+// src/checkers/feeConfigsZeroOrMissing.ts
+import { SyntaxKind as SyntaxKind12 } from "ts-morph";
+function callName6(call) {
+  const exp = call.getExpression();
+  if (exp.getKind() === SyntaxKind12.Identifier) return exp.getText();
+  if (exp.getKind() === SyntaxKind12.PropertyAccessExpression) {
+    return exp.asKind(SyntaxKind12.PropertyAccessExpression).getName();
+  }
+  return "";
+}
+function unwrap(expr) {
+  let e = expr;
+  while (e) {
+    const k = e.getKind();
+    if (k === SyntaxKind12.AsExpression || k === SyntaxKind12.ParenthesizedExpression || k === SyntaxKind12.TypeAssertionExpression || k === SyntaxKind12.NonNullExpression) {
+      e = e.getExpression();
+    } else break;
+  }
+  return e;
+}
+function isLiteralZero(expr) {
+  const u = unwrap(expr);
+  if (!u) return false;
+  const num = u.asKind(SyntaxKind12.NumericLiteral);
+  if (num) return Number(num.getLiteralValue()) === 0;
+  const big = u.asKind(SyntaxKind12.BigIntLiteral);
+  if (big) return /^0n?$/.test(big.getText().replace(/_/g, ""));
+  return false;
+}
+var feeConfigsZeroOrMissing = (c, p) => {
+  const names = Array.isArray(p.calls) ? p.calls : [p.calls];
+  const field = p.field;
+  const calls = c.fn.getDescendantsOfKind(SyntaxKind12.CallExpression).filter((x) => names.includes(callName6(x)));
+  if (calls.length === 0) {
+    return {
+      result: "cant_tell",
+      detail: p.absentDetail ?? `No call to ${names.join("/")} in '${c.fnName}'; fee-configs check does not apply.`
+    };
+  }
+  for (const call of calls) {
+    const obj = call.getArguments().map((a) => unwrap(a)?.asKind(SyntaxKind12.ObjectLiteralExpression)).find((o) => !!o);
+    if (!obj) continue;
+    const member = obj.getProperty(field);
+    if (!member) {
+      return {
+        result: "fail",
+        detail: p.omittedDetail ?? `'${field}' is omitted from the ${callName6(call)} config \u2014 it defaults to zero. This is a permanent, silent zero-revenue misconfiguration: the call succeeds and no value is ever collected. Set '${field}' explicitly.`
+      };
+    }
+    const pa = member.asKind(SyntaxKind12.PropertyAssignment);
+    const shorthand = member.asKind(SyntaxKind12.ShorthandPropertyAssignment);
+    const init = pa?.getInitializer() ?? shorthand?.getNameNode();
+    if (isLiteralZero(init)) {
+      return {
+        result: "fail",
+        detail: p.zeroDetail ?? `'${field}' is set to a literal 0 in the ${callName6(call)} config \u2014 zero revenue will ever be collected. If intentional, this is a footgun; otherwise set a non-zero value.`
+      };
+    }
+    return {
+      result: "pass",
+      detail: p.passDetail ?? `'${field}' is set to a non-zero value in the ${callName6(call)} config.`
+    };
+  }
+  return {
+    result: "cant_tell",
+    detail: p.absentDetail ?? `Call to ${names.join("/")} found but its config argument isn't an object literal; can't validate '${field}'.`
+  };
+};
+
 // src/checkers/index.ts
 var registry = {
   "positional-arg-identity": positionalArgIdentity,
@@ -1068,7 +1151,8 @@ var registry = {
   "anchor-account-missing-constraint": anchorAccountMissingConstraint,
   "anchor-forbidden-account-type": anchorForbiddenAccountType,
   "anchor-body-call-pattern": anchorBodyCallPattern,
-  "anchor-cpi-unverified-program": anchorCpiUnverifiedProgram
+  "anchor-cpi-unverified-program": anchorCpiUnverifiedProgram,
+  "fee-configs-zero-or-missing": feeConfigsZeroOrMissing
 };
 function runChecker(kind, c, params) {
   const fn = registry[kind];
@@ -1284,7 +1368,7 @@ function findRustCandidates(targetDir, rule) {
 }
 
 // src/fixers/positionalArgIdentity.ts
-import { SyntaxKind as SyntaxKind12 } from "ts-morph";
+import { SyntaxKind as SyntaxKind13 } from "ts-morph";
 
 // src/fixers/diffUtil.ts
 function buildDiff(node, replacement) {
@@ -1309,9 +1393,9 @@ function buildDiff(node, replacement) {
 // src/fixers/positionalArgIdentity.ts
 var fixPositionalArgIdentity = (c, p, outcome) => {
   if (outcome.result !== "fail") return void 0;
-  const calls = c.fn.getDescendantsOfKind(SyntaxKind12.CallExpression).filter((call) => {
+  const calls = c.fn.getDescendantsOfKind(SyntaxKind13.CallExpression).filter((call) => {
     const exp = call.getExpression();
-    return exp.getKind() === SyntaxKind12.PropertyAccessExpression && exp.asKind(SyntaxKind12.PropertyAccessExpression).getName() === p.call;
+    return exp.getKind() === SyntaxKind13.PropertyAccessExpression && exp.asKind(SyntaxKind13.PropertyAccessExpression).getName() === p.call;
   });
   if (calls.length === 0) {
     const wantParam2 = c.params[p.paramIndex] ?? "<rawBodyParam>";
@@ -1326,7 +1410,7 @@ Do not call JSON.parse() on the body before this verification step.`
   }
   const arg = calls[0].getArguments()[p.argIndex];
   const wantParam = c.params[p.paramIndex];
-  if (arg && wantParam && arg.getKind() === SyntaxKind12.CallExpression) {
+  if (arg && wantParam && arg.getKind() === SyntaxKind13.CallExpression) {
     return {
       summary: `Pass the raw body parameter '${wantParam}' to ${p.call} instead of a parsed value`,
       diff: buildDiff(arg, wantParam)
@@ -1336,12 +1420,12 @@ Do not call JSON.parse() on the body before this verification step.`
 };
 
 // src/fixers/requiredCallWithOptions.ts
-import { SyntaxKind as SyntaxKind13 } from "ts-morph";
-function callName6(call) {
+import { SyntaxKind as SyntaxKind14 } from "ts-morph";
+function callName7(call) {
   const exp = call.getExpression();
-  if (exp.getKind() === SyntaxKind13.Identifier) return exp.getText();
-  if (exp.getKind() === SyntaxKind13.PropertyAccessExpression) {
-    return exp.asKind(SyntaxKind13.PropertyAccessExpression).getName();
+  if (exp.getKind() === SyntaxKind14.Identifier) return exp.getText();
+  if (exp.getKind() === SyntaxKind14.PropertyAccessExpression) {
+    return exp.asKind(SyntaxKind14.PropertyAccessExpression).getName();
   }
   return "";
 }
@@ -1359,15 +1443,15 @@ function placeholderFor(propName) {
 }
 var fixRequiredCallWithOptions = (c, p, outcome) => {
   if (outcome.result !== "fail") return void 0;
-  const calls = c.fn.getDescendantsOfKind(SyntaxKind13.CallExpression);
-  const verify = calls.filter((x) => p.verifyCalls.includes(callName6(x)));
+  const calls = c.fn.getDescendantsOfKind(SyntaxKind14.CallExpression);
+  const verify = calls.filter((x) => p.verifyCalls.includes(callName7(x)));
   if (verify.length > 0) {
     const call = verify[0];
     const args = call.getArguments();
     const lastArg = args[args.length - 1];
-    const obj = lastArg?.asKind(SyntaxKind13.ObjectLiteralExpression);
+    const obj = lastArg?.asKind(SyntaxKind14.ObjectLiteralExpression);
     const presentNames = obj ? obj.getProperties().map((pr) => {
-      const pa = pr.asKind(SyntaxKind13.PropertyAssignment) ?? pr.asKind(SyntaxKind13.ShorthandPropertyAssignment);
+      const pa = pr.asKind(SyntaxKind14.PropertyAssignment) ?? pr.asKind(SyntaxKind14.ShorthandPropertyAssignment);
       return pa?.getName() ?? "";
     }) : [];
     const missingGroups = p.requiredProps.filter(
@@ -1375,7 +1459,7 @@ var fixRequiredCallWithOptions = (c, p, outcome) => {
     );
     if (missingGroups.length === 0) return void 0;
     const newProps = missingGroups.map((g) => placeholderFor(g[0])).join(", ");
-    const summary = `Add ${missingGroups.map((g) => g[0]).join(" and ")} to the ${callName6(call)} call`;
+    const summary = `Add ${missingGroups.map((g) => g[0]).join(" and ")} to the ${callName7(call)} call`;
     if (obj) {
       const inner = obj.getText().slice(1, -1).trim();
       const newText = inner.length > 0 ? `{ ${inner}, ${newProps} }` : `{ ${newProps} }`;
@@ -1387,7 +1471,7 @@ var fixRequiredCallWithOptions = (c, p, outcome) => {
     }
     return {
       summary,
-      suggestion: `Add an options object ({ ${newProps} }) as an argument to ${callName6(call)}.`
+      suggestion: `Add an options object ({ ${newProps} }) as an argument to ${callName7(call)}.`
     };
   }
   return {
@@ -1401,22 +1485,22 @@ JWKS must come from Privy's published JWKS endpoint for your app.`
 };
 
 // src/fixers/literalMultiplierWrongConstant.ts
-import { SyntaxKind as SyntaxKind14 } from "ts-morph";
-function callName7(call) {
+import { SyntaxKind as SyntaxKind15 } from "ts-morph";
+function callName8(call) {
   const exp = call.getExpression();
-  if (exp.getKind() === SyntaxKind14.Identifier) return exp.getText();
-  if (exp.getKind() === SyntaxKind14.PropertyAccessExpression) {
-    return exp.asKind(SyntaxKind14.PropertyAccessExpression).getName();
+  if (exp.getKind() === SyntaxKind15.Identifier) return exp.getText();
+  if (exp.getKind() === SyntaxKind15.PropertyAccessExpression) {
+    return exp.asKind(SyntaxKind15.PropertyAccessExpression).getName();
   }
   return "";
 }
 function findIdentifier(node, name) {
-  if (node.getKind() === SyntaxKind14.Identifier && node.getText() === name) return node;
-  return node.getDescendantsOfKind(SyntaxKind14.Identifier).find((id) => id.getText() === name);
+  if (node.getKind() === SyntaxKind15.Identifier && node.getText() === name) return node;
+  return node.getDescendantsOfKind(SyntaxKind15.Identifier).find((id) => id.getText() === name);
 }
 var fixLiteralMultiplierWrongConstant = (c, p, outcome) => {
   if (outcome.result !== "fail") return void 0;
-  const calls = c.fn.getDescendantsOfKind(SyntaxKind14.CallExpression).filter((call) => callName7(call) === p.call);
+  const calls = c.fn.getDescendantsOfKind(SyntaxKind15.CallExpression).filter((call) => callName8(call) === p.call);
   if (calls.length === 0) return void 0;
   const arg = calls[0].getArguments()[p.argIndex];
   if (!arg) return void 0;

package/dist/cli.js

@@ -7,6 +7,7 @@ import {
   initPack,
   isTelemetryEnabled,
   lamportsToSol,
+  listBundledPacks,
   parseDiff,
   recordGraduationEvents,
   renderCostReportMd,
@@ -14,11 +15,12 @@ import {
   renderExploitsMd,
   renderExploitsText,
   rentExemptMinimum,
+  resolveBundledPackToken,
   startWatch,
   submitTelemetry,
   telemetryFilePath,
   validatePack
-} from "./chunk-5VYTURTO.js";
+} from "./chunk-A3U6JDMN.js";
 import {
   renderTrustGraphMd
 } from "./chunk-QMJEZ6NO.js";
@@ -32,7 +34,7 @@ import {
   audit,
   getChangedRanges,
   resolveRules
-} from "./chunk-5H5JQXXU.js";
+} from "./chunk-Q5DMQN67.js";
 import "./chunk-2XJORJPQ.js";
 import "./chunk-O5Z4ZJHC.js";
 import "./chunk-XSVQSK53.js";
@@ -42,7 +44,7 @@ import {
 import "./chunk-3RG5ZIWI.js";
 
 // src/cli.ts
-import { writeFileSync as writeFileSync2, mkdirSync as mkdirSync2 } from "fs";
+import { writeFileSync as writeFileSync2, mkdirSync as mkdirSync2, existsSync as existsSync3 } from "fs";
 import { join as join3 } from "path";
 
 // src/memory.ts
@@ -469,7 +471,16 @@ function parsePackDirs(argv) {
   if (idx < 0) return [];
   const value = argv[idx + 1];
   if (!value || value.startsWith("--")) return [];
-  return value.split(",").map((s) => s.trim()).filter(Boolean);
+  const tokens = value.split(",").map((s) => s.trim()).filter(Boolean);
+  return tokens.map((t) => {
+    if (existsSync3(join3(t, "brainblast-pack.yaml"))) return t;
+    const resolved = resolveBundledPackToken(t);
+    if (resolved) return resolved;
+    console.error(
+      `brainblast: --packs '${t}' is not a known bundled pack or a pack directory. Run 'brainblast packs' to list bundled packs.`
+    );
+    process.exit(2);
+  });
 }
 if (args[0] === "diff") {
   await runDiff(args.slice(1));
@@ -480,7 +491,7 @@ if (args[0] === "drift") {
   process.exit(0);
 }
 if (args[0] === "mcp") {
-  const { startMcpServer } = await import("./mcp-EOTWSQK7.js");
+  const { startMcpServer } = await import("./mcp-O45PSOVU.js");
   await startMcpServer();
   process.exit(0);
 }
@@ -492,6 +503,10 @@ if (args[0] === "pack") {
   runPack(args.slice(1));
   process.exit(0);
 }
+if (args[0] === "packs") {
+  runPacks(args.slice(1));
+  process.exit(0);
+}
 if (args[0] === "telemetry") {
   await runTelemetry(args.slice(1));
   process.exit(0);
@@ -567,6 +582,10 @@ if (args[0] === "oracle") {
   await runOracle(args.slice(1));
   process.exit(0);
 }
+if (args[0] === "fee-configs") {
+  await runFeeConfigs(args.slice(1));
+  process.exit(0);
+}
 if (args[0] === "fix") {
   await runFix(args.slice(1));
   process.exit(0);
@@ -704,6 +723,45 @@ function runDeployPlan(argv) {
   writeFileSync2(mdPath, renderDeployPlanMd(plan));
   console.log(`  deploy plan: ${mdPath}`);
 }
+async function runFeeConfigs(argv) {
+  const {
+    FEE_CONFIGS,
+    getFeeConfig,
+    renderFeeConfigsText,
+    renderFeeConfigsMd,
+    renderFeeConfigDetailText
+  } = await import("./feeConfigs-S4E5GQ7Q.js");
+  if (argv.includes("--help") || argv.includes("-h")) {
+    console.log("usage: brainblast fee-configs [id] [--json]");
+    console.log("  Fee Config Validator: the silent zero-revenue class (fees, royalties,");
+    console.log("  rewards) \u2014 fields that default to zero and quietly collect nothing. Pass an");
+    console.log("  id to see one in detail. Known ids:");
+    console.log(`    ${FEE_CONFIGS.map((e) => e.id).join(", ")}`);
+    process.exit(0);
+  }
+  const json = argv.includes("--json");
+  const id = argv.find((a) => !a.startsWith("--"));
+  if (id) {
+    const e = getFeeConfig(id);
+    if (!e) {
+      console.error(`error: no fee-config '${id}'. Known: ${FEE_CONFIGS.map((x) => x.id).join(", ")}`);
+      process.exit(2);
+    }
+    if (json) console.log(JSON.stringify(e, null, 2));
+    else console.log(renderFeeConfigDetailText(e));
+    return;
+  }
+  if (json) {
+    console.log(JSON.stringify(FEE_CONFIGS, null, 2));
+    return;
+  }
+  console.log(renderFeeConfigsText());
+  const outDir2 = join3(process.cwd(), ".agent-research");
+  mkdirSync2(outDir2, { recursive: true });
+  writeFileSync2(join3(outDir2, "fee-configs.md"), renderFeeConfigsMd());
+  console.log(`
+  catalog: ${join3(outDir2, "fee-configs.md")}`);
+}
 async function runOracle(argv) {
   if (argv.includes("--help") || argv.includes("-h") || argv.filter((a) => !a.startsWith("--")).length === 0) {
     console.log("usage: brainblast oracle <account> [--rpc URL] [--max-staleness-slots N | --max-staleness-seconds N] [--json]");
@@ -779,6 +837,27 @@ function runExploits(argv) {
   console.log(`
   database: ${mdPath}`);
 }
+function runPacks(argv) {
+  const packs = listBundledPacks();
+  if (argv.includes("--json")) {
+    console.log(JSON.stringify(packs.map((p) => ({ ...p.manifest, dir: p.dir })), null, 2));
+    return;
+  }
+  if (packs.length === 0) {
+    console.log("No bundled protocol packs found.");
+    return;
+  }
+  console.log("Protocol Pack Library \u2014 opt into the exact stack you build on:\n");
+  console.log("  brainblast --packs <name>[,<name>...] .\n");
+  for (const p of packs) {
+    const lead = p.id.split("-")[0];
+    const shortName = resolveBundledPackToken(lead) === p.dir ? lead : p.id;
+    console.log(`  ${shortName.padEnd(12)} ${p.manifest.name}`);
+    if (p.manifest.description) console.log(`  ${" ".repeat(12)} ${p.manifest.description}`);
+    console.log("");
+  }
+  console.log(`${packs.length} pack(s). Each ships RED\u2192GREEN fixtures; run 'brainblast pack validate <dir>' to verify.`);
+}
 function runPack(argv) {
   const sub = argv[0];
   if (sub === "init") {

package/dist/feeConfigs-S4E5GQ7Q.js

@@ -0,0 +1,19 @@
+import {
+  FEE_CONFIGS,
+  enforcedCount,
+  feeConfigsByCategory,
+  getFeeConfig,
+  renderFeeConfigDetailText,
+  renderFeeConfigsMd,
+  renderFeeConfigsText
+} from "./chunk-CSYGLMZR.js";
+import "./chunk-3RG5ZIWI.js";
+export {
+  FEE_CONFIGS,
+  enforcedCount,
+  feeConfigsByCategory,
+  getFeeConfig,
+  renderFeeConfigDetailText,
+  renderFeeConfigsMd,
+  renderFeeConfigsText
+};