dankgrinder 6.37.0 → 6.42.0

package/lib/commands/beg.js

@@ -1,17 +1,20 @@
 /**
  * Beg command handler.
  * Simple command: send "pls beg", parse coins from response.
+ * Detects: positive coins, Life Saver drops, negative (no coins).
  */
 
 const { LOG, c, getFullText, parseCoins, logMsg, isHoldTight, getHoldTightReason, sleep } = require('./utils');
 
 const RE_NEWLINE = /\n/g;
+const RE_LIFE_SAVER = /life\s*saver/i;
+const RE_BEG_COINS = /you\s+received\s*:\s*[\s\S]{0,200}?([\d,]+)/i;
 
 /**
  * @param {object} opts
  * @param {object} opts.channel
  * @param {function} opts.waitForDankMemer
- * @returns {Promise<{result: string, coins: number}>}
+ * @returns {Promise<{result: string, coins: number, lifeSaver?: boolean}>}
  */
 async function runBeg({ channel, waitForDankMemer }) {
   LOG.cmd(`${c.white}${c.bold}pls beg${c.reset}`);
@@ -33,11 +36,30 @@ async function runBeg({ channel, waitForDankMemer }) {
 
   logMsg(response, 'beg');
   const text = getFullText(response);
-  const coins = parseCoins(text);
+
+  // Extract coins: prefer "You received" pattern for beg responses
+  let coins = 0;
+  const begMatch = text.match(RE_BEG_COINS);
+  if (begMatch) {
+    coins = parseInt(begMatch[1].replace(/,/g, ''), 10) || 0;
+  }
+  // Fallback to general parseCoins
+  if (coins === 0) {
+    coins = parseCoins(text);
+  }
+
+  // Detect Life Saver drops
+  const lifeSaver = RE_LIFE_SAVER.test(text);
 
   if (coins > 0) {
-    LOG.coin(`[beg] ${c.green}+⏣ ${coins.toLocaleString()}${c.reset}`);
-    return { result: `beg → ${c.green}+⏣ ${coins.toLocaleString()}${c.reset}`, coins };
+    const lsNote = lifeSaver ? ` + ${c.cyan}Life Saver${c.reset}` : '';
+    LOG.coin(`[beg] ${c.green}+⏣ ${coins.toLocaleString()}${lsNote}${c.reset}`);
+    return { result: `beg → ${c.green}+⏣ ${coins.toLocaleString()}${lifeSaver ? ' + Life Saver' : ''}${c.reset}`, coins, lifeSaver };
+  }
+
+  if (lifeSaver) {
+    LOG.coin(`[beg] ${c.cyan}Life Saver${c.reset} (no coins)`);
+    return { result: 'beg → Life Saver', coins: 0, lifeSaver };
   }
 
   LOG.info(`[beg] ${text.substring(0, 80).replace(RE_NEWLINE, ' ')}`);

package/lib/commands/farm.js

@@ -68,11 +68,30 @@ function parseFarmCooldownSec(text) {
   const hasCooldownContext = /easy tiger|slow it down|already farmed|farm again|cooldown|can be used again|on cooldown/.test(lower);
   if (!hasCooldownContext) return null;
 
-  const ts = clean.match(RE_TS);
-  if (ts) {
-    const diff = parseInt(ts[1], 10) - Math.floor(Date.now() / 1000);
-    if (diff > 0) return diff;
+  // Handle all Discord timestamp formats: :R, :f, :F, :T, :t, :d, :D
+  // :R = relative seconds from now (already seconds since epoch difference)
+  // :f/:F = absolute datetime → diff from now
+  // :T/:t/:d/:D = not useful for cooldowns (no time component)
+  const RE_TS_ALL = /<t:(\d+):([tTdDfFR])>/g;
+  const now = Math.floor(Date.now() / 1000);
+  let best = null;
+  for (const m of clean.matchAll(RE_TS_ALL)) {
+    const ts = parseInt(m[1], 10);
+    const fmt = m[2];
+    if (!Number.isFinite(ts)) continue;
+    let diff;
+    if (fmt === 'R') {
+      diff = ts - now; // :R is already relative seconds
+    } else if (fmt === 'f' || fmt === 'F' || fmt === 'T') {
+      diff = ts - now; // :f/:F/:T are absolute → diff gives seconds remaining
+    } else {
+      // :t/:d/:D don't have enough info for cooldown calc — skip
+      continue;
+    }
+    if (diff > 0 && (best === null || diff < best)) best = diff;
   }
+  if (best !== null) return Math.max(5, best);
+
   const mm = clean.match(RE_MIN);
   if (mm) return parseInt(mm[1], 10) * 60;
   const hh = clean.match(RE_HR);
@@ -1589,16 +1608,23 @@ async function runFarm({ channel, waitForDankMemer, client, redis, accountId })
     LOG.coin(`[farm] ${c.green}+⏣ ${coins.toLocaleString()}${c.reset}`);
     // After a harvest, Dank Memer auto-plants new crops. Record harvest time
     // in Redis so the next run knows when crops should be ready.
-    // Also: if the farm shows "empty" or "manage" state (no grow timestamp),
-    // set a short re-check window instead of trusting a potentially stale grow queue.
+    // Only force a short 30s re-check if there is NO known grow queue timer.
+    // If growReadyEnd is set (e.g. "ready in 26m"), that takes priority.
     const afterHarvestState = analyzeFarmState({ msg: cycleResponse, text });
     const farmIsHarvested = afterHarvestState.stage === 'overview'
       || /seems? pretty empty|empty\.{0,3}|hoe|water|plant|harvest/i.test(text);
     if (farmIsHarvested) {
-      // Farm was harvested and is back to manage/empty state.
-      // Re-check in 30s to start the next cycle (hoe→water→plant→harvest).
-      nextCd = Math.min(nextCd, 30);
-      LOG.info(`[farm] harvest complete (+⏣ ${coins.toLocaleString()}), farm is ${afterHarvestState.stage} — re-checking in 30s`);
+      const hasGrowTimer = Number.isFinite(growReadyEnd) && growReadyEnd > 0;
+      if (hasGrowTimer) {
+        // Crops were planted and a grow queue timer exists (e.g. "ready in 26m").
+        // Respect that timer — the 30s cap should NOT override it.
+        LOG.info(`[farm] harvest complete (+⏣ ${coins.toLocaleString()}), farm is ${afterHarvestState.stage}, grow in ${Math.ceil(growReadyEnd / 60)}m — waiting for grow queue`);
+      } else {
+        // No grow queue timer visible (farm is truly empty or manage menu without timestamp).
+        // Short re-check to start the next hoe→water→plant→harvest cycle.
+        nextCd = Math.min(nextCd, 30);
+        LOG.info(`[farm] harvest complete (+⏣ ${coins.toLocaleString()}), farm is ${afterHarvestState.stage} — re-checking in 30s`);
+      }
     }
     // Record in Redis for cross-instance awareness
     let growDurMs = null;

package/lib/commands/fishVision.js

@@ -11,10 +11,27 @@ const sharp = require('sharp');
 const https = require('https');
 const http = require('http');
 
+// Allowed CDN hostnames for image downloads (prevents SSRF).
+const ALLOWED_IMAGE_HOSTS = new Set([
+  'cdn.discordapp.com',
+  'media.discordapp.net',
+  'images.discordapp.net',
+]);
+
+const MAX_IMAGE_BYTES = 5 * 1024 * 1024; // 5 MB cap — prevents memory exhaustion
+
 /**
  * Download an image from a URL and return as Buffer.
+ * Only allows Discord CDN URLs and enforces a max size limit.
  */
 function downloadImage(url) {
+  // ── SSRF check ──────────────────────────────────────────────
+  let hostname;
+  try { hostname = new URL(url).hostname; } catch { return Promise.reject(new Error('invalid URL')); }
+  if (!ALLOWED_IMAGE_HOSTS.has(hostname)) {
+    return Promise.reject(new Error(`disallowed host: ${hostname}`));
+  }
+
   return new Promise((resolve, reject) => {
     const proto = url.startsWith('https') ? https : http;
     const req = proto.get(url, res => {
@@ -22,7 +39,16 @@ function downloadImage(url) {
         return downloadImage(res.headers.location).then(resolve, reject);
       }
       const chunks = [];
-      res.on('data', c => chunks.push(c));
+      let bytesReceived = 0;
+      res.on('data', c => {
+        bytesReceived += c.length;
+        if (bytesReceived > MAX_IMAGE_BYTES) {
+          req.destroy();
+          reject(new Error(`image too large: ${bytesReceived} bytes (max ${MAX_IMAGE_BYTES})`));
+          return;
+        }
+        chunks.push(c);
+      });
       res.on('end', () => resolve(Buffer.concat(chunks)));
       res.on('error', reject);
     });

package/lib/commands/index.js

@@ -13,7 +13,6 @@ const { runHunt } = require('./hunt');
 const { runDig } = require('./dig');
 const { runFish, sellAllFish } = require('./fish');
 const { runPostMemes } = require('./postmemes');
-const { runScratch } = require('./scratch');
 const { runBlackjack } = require('./blackjack');
 const { runTrivia, triviaDB } = require('./trivia');
 const { runWorkShift } = require('./work');
@@ -23,7 +22,7 @@ const { runGeneric, runAlert } = require('./generic');
 const { runStream } = require('./stream');
 const { runDrops } = require('./drops');
 const { buyItem, ITEM_COSTS } = require('./shop');
-const { getPlayerLevel, meetsLevelRequirement } = require('./profile');
+const { getPlayerLevel, meetsLevelRequirement, runProfile } = require('./profile');
 const { runInventory, fetchItemValues, enrichItems, getCachedInventory, getAllInventories, updateInventoryItem, deleteInventoryItem } = require('./inventory');
 
 module.exports = {
@@ -39,7 +38,6 @@ module.exports = {
   runFish,
   sellAllFish,
   runPostMemes,
-  runScratch,
   runBlackjack,
   runTrivia,
   runWorkShift,
@@ -66,6 +64,7 @@ module.exports = {
   // Profile / Level
   getPlayerLevel,
   meetsLevelRequirement,
+  runProfile,
 
   // Constants
   SAFE_SEARCH_LOCATIONS,

package/lib/commands/profile.js

@@ -1,49 +1,170 @@
+"use strict";
+
 /**
- * Profile level checker.
- * Send "pls profile", parse level, cache in Redis.
- * Used to gate commands like scratch (requires level 25).
+ * Profile command — parses Dank Memer `pls profile` responses.
+ * Extracts: level, XP, badges (emoji IDs), wallet/bank/net, items, commands, pets, showcase.
  */
 
 const {
-  LOG, c, getFullText, logMsg, isHoldTight, sleep,
+  LOG, c, getFullText, logMsg, isHoldTight, sleep, stripAnsi,
 } = require('./utils');
 
-// In-memory cache: { accountId: { level: number, checkedAt: timestamp } }
-const levelCache = {};
 const CACHE_TTL = 10 * 60 * 1000; // 10 minutes
 
-const RE_PROFILE_LEVEL = /(?:level|lvl)\s*:?\s*`?(\d+)`?/i;
-const RE_PROFILE_PRESTIGE_LEVEL = /prestige\s+\d+\s+level\s+`?(\d+)`?/i;
+// ── Regex patterns for each profile field ────────────────────────────────────
 
-/**
- * Parse level from profile response text.
- * Looks for patterns like "Level 25", "Lvl 25", "level: 25"
- */
-function parseLevelFromText(text) {
-  const match = text.match(RE_PROFILE_LEVEL);
-  if (match) return parseInt(match[1]);
-  const presMatch = text.match(RE_PROFILE_PRESTIGE_LEVEL);
-  if (presMatch) return parseInt(presMatch[1]);
-  return null;
+// "Level: `73`" or "Level: Level: `73`"
+const RE_LEVEL = /(?:global\s+)?level[:\s]+[`'"]?(\d+)[`'"]?/i;
+
+// "Experience: `69/100`"
+const RE_XP = /experience[:\s]+`?(\d+)\s*\/\s*(\d+)`?/i;
+
+// Badges: "<:PB1C:123456789>..." (custom Discord emojis)
+const RE_BADGE = /<a?:(\w+):(\d+)>/g;
+
+// "Wallet: `⏣ 3.2M`"
+const RE_WALLET = /wallet[:\s]+[`⏣]?\s*([\d,.KMB]+(?:[KMB])?(?:\.\d+[KMB])?)/i;
+const RE_BANK   = /bank[:\s]+[`⏣]?\s*([\d,.KMB]+(?:[KMB])?(?:\.\d+[KMB])?)/i;
+const RE_NET    = /net[:\s]+[`⏣]?\s*([\d,.KMB]+(?:[KMB])?(?:\.\d+[KMB])?)/i;
+
+// "Items: Unique: `70`\nTotal: `766`\nWorth: `⏣ 31M`"
+const RE_ITEMS_UNIQUE  = /unique[:\s]+[`']?(\d+)[`']?/i;
+const RE_ITEMS_TOTAL   = /total[:\s]+[`']?(\d+)[`']?/i;
+const RE_ITEMS_WORTH   = /worth[:\s]+[`⏣]?\s*([\d,.KMB]+(?:[KMB])?(?:\.\d+[KMB])?)/i;
+
+// "Commands: Total: `5.1K`\nFavorite: `hunt`"
+const RE_CMDS_TOTAL    = /(?:total\s+)?commands?[:\s]+[`']?([\d,.KMB]+(?:[KMB])?(?:\.\d+[KMB])?)[`']?/i;
+const RE_FAVORITE      = /favorite[:\s]+[`']?(\w+)[`']?/i;
+
+// Pets: "Pets: <:Rock:861584585250308106> **Rock**\n`Level 1 Rock`"
+const RE_PET_BLOCK = /pets[:\s]*((?:<a?:\w+:\d+>\s*\*+\*?\*?\*?\s*(?:[\w ]+)\*+\s*`[^`]+`\s*)+)/gi;
+const RE_PET_ENTRY = /<a?:(\w+):(\d+)>[\s\*]*([\w ]+?)[\s\*]*`([^`]+)`/gi;
+
+// Showcase: "Showcase: ..." or "Showcase: No showcase"
+const RE_SHOWCASE = /showcase[:\s]*(.+?)(?:\n|$)/i;
+
+// ── Coin number parser ───────────────────────────────────────────────────────
+
+function parseCoinNum(str) {
+  if (!str) return 0;
+  str = str.replace(/[⏣,\s]/g, '').toUpperCase();
+  const m = parseFloat(str);
+  if (isNaN(m)) return 0;
+  if (str.includes('B')) return Math.round(m * 1_000_000_000);
+  if (str.includes('M')) return Math.round(m * 1_000_000);
+  if (str.includes('K')) return Math.round(m * 1_000);
+  return Math.round(m);
 }
 
+// ── Badge extraction ──────────────────────────────────────────────────────────
+
+function parseBadges(text) {
+  const badges = [];
+  let m;
+  const re = /<a?:([^>]+):(\d+)>/g;
+  while ((m = re.exec(text)) !== null) {
+    badges.push({ name: m[1], emojiId: m[2] });
+  }
+  return badges;
+}
+
+// ── Pet extraction ────────────────────────────────────────────────────────────
+
+function parsePets(text) {
+  const pets = [];
+  let m;
+  // Match: emoji + bold name + level line
+  // e.g. "<:Rock:861584585250308106> **Rock**\n`Level 1 Rock`"
+  const re = /<a?:(\w+):(\d+)>\s*\*\*([^\*]+)\*\*\s*`([^`]+)`/gi;
+  while ((m = re.exec(text)) !== null) {
+    pets.push({
+      emojiName: m[1],
+      emojiId: m[2],
+      name: m[3].trim(),
+      level: m[4].trim(),
+    });
+  }
+  return pets;
+}
+
+// ── Main parse function ──────────────────────────────────────────────────────
+
 /**
- * Check player level. Returns cached value if fresh, otherwise sends "pls profile".
- * @param {object} opts
- * @param {object} opts.channel
- * @param {function} opts.waitForDankMemer
- * @param {string} [opts.accountId] - for cache key
- * @param {object} [opts.redis] - Redis client for persistent cache
- * @returns {Promise<number|null>} Level number or null if can't determine
+ * Parse all profile fields from Dank Memer `pls profile` response.
+ * @param {object} msg - Discord message (or partial with embeds)
+ * @returns {object} Parsed profile data
  */
+function parseProfile(msg) {
+  const text = getFullText(msg);
+
+  // Level
+  let level = null;
+  const levelMatch = text.match(RE_LEVEL);
+  if (levelMatch) level = parseInt(levelMatch[1], 10);
+
+  // XP
+  let xpCurrent = null, xpMax = null;
+  const xpMatch = text.match(RE_XP);
+  if (xpMatch) {
+    xpCurrent = parseInt(xpMatch[1], 10);
+    xpMax = parseInt(xpMatch[2], 10);
+  }
+
+  // Coins
+  const wallet = parseCoinNum((text.match(RE_WALLET) || [])[1]);
+  const bank   = parseCoinNum((text.match(RE_BANK)   || [])[1]);
+  const net    = parseCoinNum((text.match(RE_NET)    || [])[1]);
+
+  // Items
+  const itemsUnique = parseInt((text.match(RE_ITEMS_UNIQUE) || [])[1], 10) || 0;
+  const itemsTotal  = parseInt((text.match(RE_ITEMS_TOTAL)  || [])[1], 10) || 0;
+  const itemsWorth = parseCoinNum((text.match(RE_ITEMS_WORTH) || [])[1]);
+
+  // Commands
+  const cmdsTotal  = (text.match(RE_CMDS_TOTAL) || [])[1] || '0';
+  const favorite   = ((text.match(RE_FAVORITE) || [])[1] || '').trim().toLowerCase();
+
+  // Badges
+  const badges = parseBadges(text);
+
+  // Pets
+  const pets = parsePets(text);
+
+  // Showcase
+  const showcaseRaw = (text.match(RE_SHOWCASE) || [])[1] || '';
+  const showcase = showcaseRaw.toLowerCase().includes('no showcase')
+    ? []
+    : showcaseRaw.split('\n').filter(l => l.trim()).map(l => l.trim().replace(/^\*\*|\*\*$/g, ''));
+
+  return {
+    level,
+    xpCurrent,
+    xpMax,
+    wallet,
+    bank,
+    net,
+    itemsUnique,
+    itemsTotal,
+    itemsWorth,
+    cmdsTotal,
+    favorite,
+    badges,
+    pets,
+    showcase,
+    rawText: text.substring(0, 2000),
+    parsedAt: Date.now(),
+  };
+}
+
+// ── In-memory cache ─────────────────────────────────────────────────────────
+
+const levelCache = {};
+
 async function getPlayerLevel({ channel, waitForDankMemer, accountId = 'default', redis }) {
-  // Check in-memory cache first
   const cached = levelCache[accountId];
   if (cached && (Date.now() - cached.checkedAt) < CACHE_TTL) {
     return cached.level;
   }
-
-  // Check Redis cache
   if (redis) {
     try {
       const redisLevel = await redis.get(`dkg:level:${accountId}`);
@@ -54,48 +175,75 @@ async function getPlayerLevel({ channel, waitForDankMemer, accountId = 'default'
       }
     } catch {}
   }
-
-  // Fetch from Discord
-  LOG.debug('[profile] Checking level...');
   await channel.send('pls profile');
   const response = await waitForDankMemer(8000);
+  if (!response) { LOG.warn('[profile] No response'); return null; }
+  if (isHoldTight(response)) { await sleep(5000); return null; }
+  logMsg(response, 'profile');
+  const parsed = parseProfile(response);
+  if (parsed.level !== null) {
+    levelCache[accountId] = { level: parsed.level, checkedAt: Date.now() };
+    if (redis) {
+      const ttl = parsed.level >= 25 ? 2592000 : 600;
+      try { await redis.set(`dkg:level:${accountId}`, String(parsed.level), 'EX', ttl); } catch {}
+    }
+  }
+  return parsed.level;
+}
 
+/**
+ * Run full profile check, parse all fields, and return structured data.
+ * @param {object} opts
+ * @param {object} opts.channel
+ * @param {function} opts.waitForDankMemer
+ * @param {string} [opts.accountId]
+ * @param {object} [opts.redis]
+ * @returns {Promise<object>} Parsed profile data
+ */
+async function runProfile({ channel, waitForDankMemer, accountId = 'default', redis }) {
+  LOG.cmd(`${c.white}${c.bold}pls profile${c.reset}`);
+  await channel.send('pls profile');
+  const response = await waitForDankMemer(8000);
   if (!response) {
     LOG.warn('[profile] No response');
-    return null;
+    return { error: 'no_response' };
   }
-
   if (isHoldTight(response)) {
-    await sleep(5000);
-    return null;
+    LOG.warn('[profile] Hold Tight');
+    await sleep(30000);
+    return { error: 'hold_tight' };
   }
-
   logMsg(response, 'profile');
-  const text = getFullText(response);
-  const level = parseLevelFromText(text);
+  const parsed = parseProfile(response);
 
-  if (level !== null) {
-    LOG.info(`[profile] Level: ${c.bold}${level}${c.reset}`);
-    levelCache[accountId] = { level, checkedAt: Date.now() };
-    // Persist to Redis — longer TTL for higher levels since they only go up
+  if (parsed.level !== null) {
+    levelCache[accountId] = { level: parsed.level, checkedAt: Date.now() };
     if (redis) {
-      const ttl = level >= 25 ? 2592000 : 600; // 30 days if ≥25, 10 min otherwise
-      try { await redis.set(`dkg:level:${accountId}`, String(level), 'EX', ttl); } catch {}
+      const ttl = parsed.level >= 25 ? 2592000 : 600;
+      try { await redis.set(`dkg:level:${accountId}`, String(parsed.level), 'EX', ttl); } catch {}
+      try {
+        await redis.set(`dkg:profile:${accountId}`, JSON.stringify(parsed), 'EX', CACHE_TTL / 1000);
+      } catch {}
     }
-  } else {
-    LOG.warn(`[profile] Could not parse level from: ${text.substring(0, 100)}`);
   }
 
-  return level;
+  LOG.info(`[profile] Level ${parsed.level} · ⏣ ${parsed.wallet?.toLocaleString() || 0} wallet · ⏣ ${parsed.net?.toLocaleString() || 0} net`);
+  return parsed;
 }
 
-/**
- * Check if player meets minimum level requirement.
- */
 async function meetsLevelRequirement(opts, minLevel) {
   const level = await getPlayerLevel(opts);
-  if (level === null) return false; // can't determine, skip
+  if (level === null) return false;
   return level >= minLevel;
 }
 
-module.exports = { getPlayerLevel, meetsLevelRequirement, parseLevelFromText };
+module.exports = {
+  getPlayerLevel,
+  meetsLevelRequirement,
+  parseLevelFromText: (text) => parseProfile({ content: text, embeds: [] }).level,
+  runProfile,
+  parseProfile,
+  parseCoinNum,
+  parseBadges,
+  parsePets,
+};

package/lib/commands/stream.js

@@ -206,7 +206,7 @@ async function runStream({ channel, waitForDankMemer, client }) {
 
   if (isHoldTight(response)) {
     const reason = getHoldTightReason(response);
-    return { result: `hold tight (${reason || 'unknown'})`, coins: 0, holdTightReason: reason };
+    return { result: `hold tight (${reason || 'unknown'})`, coins: 0, holdTightReason: reason, nextCooldownSec: 30 };
   }
 
   await hydrate(response);

package/lib/commands/utils.js

@@ -558,7 +558,8 @@ async function clickCV2Button(msg, customId) {
   const gId = msg.guildId || msg.guild?.id;
   if (!token) throw new Error('No token for CV2 click');
   const sessionId = msg.client?.ws?.shards?.first?.()?.sessionId;
-  const nonce = `${BigInt(Date.now() - 1420070400000) << 22n}`;
+  const { randomUUID } = require('crypto');
+  const nonce = randomUUID();
   const payloadObj = {
     type: 3,
     application_id: String(msg.applicationId || DANK_MEMER_ID),
@@ -603,7 +604,8 @@ async function clickCV2SelectMenu(msg, customId, values = []) {
   const gId = msg.guildId || msg.guild?.id;
   if (!token) throw new Error('No token for CV2 select');
   const sessionId = msg.client?.ws?.shards?.first?.()?.sessionId;
-  const nonce = `${BigInt(Date.now() - 1420070400000) << 22n}`;
+  const { randomUUID } = require('crypto');
+  const nonce = randomUUID();
   const payloadObj = {
     type: 3,
     application_id: String(msg.applicationId || DANK_MEMER_ID),

package/lib/commands/work.js

@@ -418,7 +418,7 @@ async function runWorkShift({ channel, waitForDankMemer }) {
     const reason = getHoldTightReason(current);
     LOG.warn(`[work] Hold Tight${reason ? ` (reason: /${reason})` : ''} — waiting 30s`);
     await sleep(30000);
-    return { result: `hold tight (${reason || 'unknown'})`, coins: 0, holdTightReason: reason };
+    return { result: `hold tight (${reason || 'unknown'})`, coins: 0, holdTightReason: reason, nextCooldownSec: 30 };
   }
 
   if (isCV2(current)) await ensureCV2(current);