glamsterdam-compat-lab 0.2.2

package/CONTRIBUTING.md

@@ -0,0 +1,59 @@
+# Contributing
+
+Thanks for helping improve Glamsterdam Compatibility Lab.
+
+This project is intentionally data-driven. When adding a detector, keep protocol assumptions in `data/eips/glamsterdam.json` or another data file where possible, and keep detector code focused on evidence found in the input.
+
+## Local workflow
+
+```sh
+pnpm install
+pnpm test
+pnpm build
+```
+
+When report wording or JSON structure changes intentionally, update golden snapshots:
+
+```sh
+pnpm test:update
+```
+
+## Release workflow
+
+Releases are published from semver tags. After CI is green on `main`, create the GitHub release tag, then run the manual `Publish npm` workflow from `main` with the release tag as `release_tag`.
+
+Start with `dry_run=true`. For a real publish, prefer npm Trusted Publishing: configure `glamsterdam-compat-lab` on npm with the GitHub repository `CruzMolina/glamsterdam-compat-lab` and workflow file `npm-publish.yml`, then rerun the workflow with `dry_run=false`. If Trusted Publishing is not available yet, configure the repository `NPM_TOKEN` secret with an npm token that can publish `glamsterdam-compat-lab`.
+
+The workflow checks out the requested semver tag, verifies that `package.json` matches the tag, installs dependencies, runs tests, builds, and then runs `npm publish --provenance`.
+
+See `docs/release.md` for the full release checklist and npm troubleshooting notes.
+
+## Detector guidelines
+
+- Use conservative language. Prefer "review" or "replay representative transactions" over claims that something will break.
+- Include actionable recommendations in every finding.
+- Add fixtures and tests for each new detector.
+- Do not guess client compatibility. Add explicit, sourced client metadata to a user-editable compatibility matrix instead.
+- Keep JSON and Markdown report outputs deterministic.
+- Keep detector thresholds in `data/detectors/thresholds.json` unless there is a strong reason to hardcode a parser invariant.
+
+## Registry updates
+
+The Glamsterdam fork scope may change. Update `data/eips/glamsterdam.json` with source links, status, detector modules, and a `lastUpdated` date whenever assumptions change.
+
+Detector thresholds live in `data/detectors/thresholds.json`. Treat them as signal-quality heuristics, not protocol gas constants.
+
+Additional threshold profiles live next to the default thresholds. Use `thresholds.research.json` for broad signal collection and `thresholds.ci.json` for lower-noise automation.
+
+## Fixture contributions
+
+See `docs/fixtures.md` before submitting real-world bytecode, traces, indexer configs, validator configs, or compatibility metadata. Fixtures must be safe to publish, clearly licensed, and stripped of secrets or validator-sensitive details.
+
+## Pull requests
+
+Please include:
+
+- A short description of the compatibility risk being detected.
+- The data source or rationale for any EIP/client metadata changes.
+- New or updated fixtures.
+- Tests showing the expected report output.

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Glamsterdam Compatibility Lab contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,187 @@
+# Glamsterdam Compatibility Lab
+
+Glamsterdam Compatibility Lab is an open-source CLI and TypeScript library for deterministic compatibility checks around Ethereum's upcoming Glamsterdam upgrade.
+
+It helps smart-contract teams, dapp teams, indexers, explorers, infrastructure teams, and validator operators produce human-readable and machine-readable readiness reports from bytecode, traces, indexer configs, and local operator configs.
+
+This is community open-source tooling. It is not official Ethereum Foundation tooling or an endorsement by the Ethereum Foundation.
+
+## Why this exists
+
+The Ethereum Foundation Ecosystem Support Program has a Glamsterdam-focused wishlist that calls out developer tooling, impact analysis, explorer/indexer support, validator tooling, monitoring tooling, and data-driven research. Glamsterdam planning currently includes scheduled work around Block-Level Access Lists and ePBS, plus considered work around gas repricing, native ETH transfer logs, contract-size changes, state creation costs, calldata costs, and related areas.
+
+The final Glamsterdam scope and exact parameters may change. This project keeps assumptions in a versioned EIP registry so detector behavior can be updated without rewriting every scanner.
+
+Useful anchors:
+
+- [ESP Wishlist](https://esp.ethereum.foundation/applicants/wishlist)
+- [EIP-7773: Hardfork Meta - Glamsterdam](https://eips.ethereum.org/EIPS/eip-7773)
+- [ethereum.org Glamsterdam roadmap](https://ethereum.org/roadmap/glamsterdam/)
+- [Protocol priorities update for 2026](https://blog.ethereum.org/2026/02/18/protocol-priorities-update-2026)
+- [Soldogn interop recap](https://blog.ethereum.org/2026/05/02/soldogn-interop-recap)
+
+## Install and run
+
+For local development from a clone:
+
+```sh
+pnpm install
+pnpm test
+pnpm test:integration # requires ETH_RPC_URL and ETH_RPC_TX_HASH or ETH_RPC_TX
+pnpm build
+pnpm glamsterdam eips
+pnpm glamsterdam scan-bytecode fixtures/bytecode/storage-heavy.hex
+```
+
+The package is configured as `glamsterdam-compat-lab` in `package.json`, but npm registry publication is still pending package-owner authentication. Until npm shows `glamsterdam-compat-lab@0.2.2`, the current installable release artifact is the v0.2.2 GitHub release tarball:
+
+```sh
+npm install -g https://github.com/CruzMolina/glamsterdam-compat-lab/releases/download/v0.2.2/glamsterdam-compat-lab-0.2.2.tgz
+```
+
+See [docs/release.md](docs/release.md) for npm publication status and maintainer release checks.
+
+The default output format is Markdown. Use `--format json` for machine-readable reports.
+
+## CLI commands
+
+```sh
+pnpm glamsterdam eips
+pnpm glamsterdam scan-bytecode fixtures/bytecode/storage-heavy.hex --format markdown
+pnpm glamsterdam scan-traces fixtures/traces/storage-heavy-trace.json --format json
+ETH_RPC_URL=https://your-execution-rpc.example pnpm glamsterdam scan-tx --tx 0x0000000000000000000000000000000000000000000000000000000000000000 --format markdown
+pnpm glamsterdam scan-indexer fixtures/indexers/subgraph.yaml --format markdown
+pnpm glamsterdam scan-validator --config fixtures/validator/operator-config.yaml --format markdown
+pnpm glamsterdam report report-a.json report-b.json --format markdown
+```
+
+Each scanner accepts `--registry <path>` and `--thresholds <path>` so EIP metadata and detector thresholds can be updated without editing detector code.
+
+## What the scanners can detect
+
+`scan-bytecode` normalizes EVM bytecode, disassembles opcodes while skipping PUSH data, counts relevant opcodes, and reports conservative risks around contract size, storage/account access, CREATE/CREATE2 usage, calldata copying, logs, and manual-review limits.
+
+`scan-traces` accepts either this project's normalized trace shape:
+
+```json
+{
+  "format": "glamsterdam-normalized-trace-v0",
+  "steps": [
+    { "op": "SLOAD", "depth": 1 },
+    { "op": "SSTORE", "depth": 1 }
+  ]
+}
+```
+
+It also accepts common `debug_traceTransaction`-style objects with `structLogs`, JSON-RPC result wrappers, simple arrays of steps, Foundry/Hardhat-style JSON trace exports, Besu/Nethermind/geth-style struct logs, Erigon/parity-style action traces, and call-tracer-like trees with `calls` or `children`.
+
+`scan-tx` fetches a transaction trace from an execution RPC endpoint that supports `debug_traceTransaction`, then runs the same deterministic trace scanner:
+
+```sh
+ETH_RPC_URL=https://your-execution-rpc.example \
+  pnpm glamsterdam scan-tx \
+  --tx 0x0000000000000000000000000000000000000000000000000000000000000000 \
+  --tracer structLogs \
+  --trace-out traces/tx.json \
+  --format markdown
+
+pnpm glamsterdam scan-tx \
+  --rpc-url https://your-execution-rpc.example \
+  --tx 0x0000000000000000000000000000000000000000000000000000000000000000 \
+  --tracer callTracer \
+  --format json
+```
+
+RPC URLs are not included in report targets or evidence. Do not paste private RPC URLs or credentials into issues, fixtures, or reports.
+
+Use `--trace-out <path>` to save the fetched JSON-RPC trace response while also printing a compatibility report. This is the preferred way to turn a live RPC call into a reusable local fixture. Real-RPC integration tests are gated and skipped unless `ETH_RPC_URL` and `ETH_RPC_TX_HASH` or `ETH_RPC_TX` are set.
+
+`scan-indexer` parses JSON and YAML, including `subgraph.yaml`-style configs. It flags event-only indexing assumptions, missing fork/EIP compatibility metadata, missing replay or testnet plans, missing BAL review metadata, and native ETH transfer log readiness as heuristic findings.
+
+`scan-validator` parses JSON and YAML operator configs. It checks for execution, consensus, validator, builder/API, monitoring, and testnet/devnet metadata. It compares client names and versions against `data/client-compat/clients.example.json` or a user-provided matrix, but it does not guess compatibility.
+
+## Report model
+
+Each scanner returns a `CompatibilityReport`:
+
+```json
+{
+  "toolVersion": "0.2.2",
+  "fork": "glamsterdam",
+  "target": {
+    "kind": "bytecode",
+    "name": "fixtures/bytecode/storage-heavy.hex"
+  },
+  "summary": {
+    "risk": "medium",
+    "findingCount": 1,
+    "highCount": 0,
+    "mediumCount": 1,
+    "lowCount": 0,
+    "unknownCount": 0
+  },
+  "findings": [],
+  "assumptions": [],
+  "limitations": []
+}
+```
+
+Severity means:
+
+- `high`: likely requires action before fork or testnet readiness
+- `medium`: likely requires review or testing
+- `low`: informational or easy follow-up
+- `unknown`: insufficient information; manual review needed
+
+Confidence means:
+
+- `high`: direct evidence from the input
+- `medium`: strong heuristic
+- `low`: weak heuristic or incomplete input
+
+## Updating the EIP registry
+
+Edit `data/eips/glamsterdam.json`.
+
+Each entry includes an ID, name, status, domain, detector modules, and notes. Keep uncertain protocol details in the registry notes and external data files. Detector code should not invent exact gas deltas or final fork behavior.
+
+## Updating detector thresholds
+
+Edit `data/detectors/thresholds.json`.
+
+Thresholds are conservative scanner heuristics, not protocol parameters. The default profile is `data/detectors/thresholds.json`; `data/detectors/thresholds.research.json` is more sensitive for broad data collection, and `data/detectors/thresholds.ci.json` is less sensitive for low-noise automation. When changing thresholds, add or update fixtures and run:
+
+```sh
+pnpm test:update
+pnpm test
+pnpm build
+```
+
+The golden report snapshots in `test/__snapshots__` are intentional review artifacts. Update them when report wording or JSON structure changes on purpose.
+
+## Adding detectors
+
+1. Add or update registry entries in `data/eips/glamsterdam.json`.
+2. Implement detector logic in `src/detectors`.
+3. Call the detector from a scanner in `src/scanners`.
+4. Add a fixture that demonstrates the evidence.
+5. Add a Vitest test.
+6. Keep report language practical and humble.
+
+## Contributing fixtures
+
+Real-world and real-world-shaped fixtures are welcome when they are safe to publish. See [docs/fixtures.md](docs/fixtures.md) for redaction, licensing, metadata, and snapshot expectations.
+
+## CI and issue triage
+
+The GitHub Actions workflow runs install, tests, build, and an npm publish dry run from the package directory. Issue templates are included for detector requests, fixture contributions, registry updates, and false-positive/false-negative reports.
+
+Release publishing notes live in [docs/release.md](docs/release.md).
+
+## Roadmap
+
+See [ROADMAP.md](ROADMAP.md) for planned phases. Phase 0 is released as `v0.1.0`; `v0.2.0` starts Phase 1 with RPC transaction trace ingestion and broader trace fixture coverage.
+
+## Disclaimer
+
+Glamsterdam scope and gas parameters may change. Reports are compatibility prompts, not predictions of breakage. Always replay representative transactions against a relevant devnet, testnet, local fork configuration, or client release when available.

package/ROADMAP.md

@@ -0,0 +1,76 @@
+# Roadmap
+
+This roadmap is intentionally practical. Glamsterdam scope and parameters may change, so the project should keep protocol assumptions in data files and make detector output easy to update.
+
+## Phase 0: MVP CLI
+
+Status: released as `v0.1.0`.
+
+- Bytecode, trace, indexer, and validator scanners
+- EIP registry
+- Detector thresholds in data
+- Markdown and JSON reports
+- Fixtures, tests, and golden report snapshots
+- CI, CodeQL, Dependabot, and issue templates
+
+## Phase 0.1: Launch Stabilization
+
+Status: released as `v0.1.1`.
+
+- Triage initial dependency automation
+- Collect real-world fixture submissions
+- Add contribution paths for detector requests, registry updates, and signal-quality reports
+- Add fixture contribution guidance and issue forms
+- Keep README focused on usage while roadmap and planning live here
+
+## Phase 1: Trace Replay Support
+
+Status: started in `v0.2.0`; trace capture support added in `v0.2.1`.
+
+Goal: make trace scanning useful for contract teams using common development tools.
+
+- Add Foundry, Hardhat, geth `structLogs`, Erigon-style action trace, and call-tracer fixtures
+- Add Besu and Nethermind-shaped trace fixtures
+- Normalize common call, opcode, gas, input, explicit log, and log opcode fields
+- Keep golden report snapshots for representative trace formats
+- Add RPC-based `debug_traceTransaction` fetching with `scan-tx`
+- Add `scan-tx --trace-out` and gated real-RPC integration tests
+- Add default, research, and CI threshold profiles
+- Compare current baseline traces with Glamsterdam-aware client or fork configs when available
+
+## Phase 1.1: Baseline Comparison
+
+Target release: `v0.3.0`.
+
+Goal: compare compatibility reports across profiles and, later, across current-client and Glamsterdam-aware traces.
+
+- Compare one trace against multiple threshold profiles
+- Emit report deltas for findings added, removed, or changed in severity
+- Keep comparisons deterministic and JSON-friendly
+- Defer fork-specific gas deltas until they are present in explicit data files or client configs
+
+## Phase 2: Public Dataset
+
+Goal: publish reproducible compatibility research.
+
+- Scan popular contracts and protocol surfaces
+- Publish deterministic report artifacts
+- Generate aggregate risk statistics
+- Add CSV/notebook/export workflows for researchers
+
+## Phase 3: Devnet Integration
+
+Goal: track moving client and spec readiness without hardcoding guesses.
+
+- Ingest public devnet and client compatibility metadata
+- Track spec/client changes against registry entries
+- Expand validator/operator compatibility matrix workflows
+
+## Phase 4: Dashboard
+
+Goal: make reports discoverable once the CLI and dataset are trustworthy.
+
+- Static generated site
+- Searchable reports
+- Machine-readable exports
+- Links back to source fixtures, registry data, and detector versions

package/SECURITY.md

@@ -0,0 +1,19 @@
+# Security Policy
+
+## Supported versions
+
+This project is pre-1.0 compatibility tooling. Security fixes will target the default branch until release branches exist.
+
+## Reporting a vulnerability
+
+Please use GitHub private vulnerability reporting if it is enabled on the repository. If private reporting is unavailable, open a minimal issue that avoids exposing exploit details and ask for a maintainer contact path.
+
+Do not include private keys, RPC credentials, validator secrets, production endpoint credentials, or non-public trace data in issues, pull requests, fixtures, or screenshots.
+
+The `scan-tx` command accepts RPC URLs through `--rpc-url` or `ETH_RPC_URL`. Reports intentionally omit the RPC URL, but shell history, CI logs, and issue text may not. Prefer environment variables or local secret management for private endpoints.
+
+When using `scan-tx --trace-out`, review the saved trace before sharing or committing it. Execution traces can contain calldata, addresses, storage keys, revert data, and other sensitive operational context.
+
+## Scanner output
+
+Compatibility reports are advisory and deterministic. They are not security audits and should not be treated as proof that a contract, indexer, or validator setup is safe.

package/data/client-compat/clients.example.json

@@ -0,0 +1,42 @@
+{
+  "fork": "glamsterdam",
+  "lastUpdated": "2026-05-08",
+  "sources": [
+    "Replace with client release notes, devnet pages, or operator-maintained compatibility sources."
+  ],
+  "clients": [
+    {
+      "name": "example-execution-client",
+      "role": "execution",
+      "versions": [
+        {
+          "version": "0.0.0-example",
+          "status": "unknown",
+          "notes": "Placeholder only. Replace with a sourced compatibility statement before relying on this matrix."
+        }
+      ]
+    },
+    {
+      "name": "example-consensus-client",
+      "role": "consensus",
+      "versions": [
+        {
+          "version": "0.0.0-example",
+          "status": "unknown",
+          "notes": "Placeholder only. Replace with a sourced compatibility statement before relying on this matrix."
+        }
+      ]
+    },
+    {
+      "name": "example-validator-client",
+      "role": "validator",
+      "versions": [
+        {
+          "version": "0.0.0-example",
+          "status": "unknown",
+          "notes": "Placeholder only. Replace with a sourced compatibility statement before relying on this matrix."
+        }
+      ]
+    }
+  ]
+}

package/data/detectors/thresholds.ci.json

@@ -0,0 +1,33 @@
+{
+  "schemaVersion": 1,
+  "profile": "ci",
+  "lastUpdated": "2026-05-09",
+  "notes": [
+    "CI profile: intentionally less sensitive than the default profile.",
+    "Use this when teams want fewer compatibility prompts in automated gates."
+  ],
+  "bytecode": {
+    "contractSize": {
+      "currentRuntimeLimitBytes": 24576,
+      "nearCurrentLimitBytes": 23000
+    },
+    "stateAccountOpcodeExposure": {
+      "mediumSensitiveOpcodeCount": 16,
+      "lowSensitiveOpcodeCount": 6
+    },
+    "storagePattern": {
+      "mediumStorageOpcodeCount": 16
+    }
+  },
+  "trace": {
+    "stateHeavyExecution": {
+      "highStorageOps": 80,
+      "highSensitiveOpcodeCount": 160,
+      "mediumStorageOps": 24,
+      "mediumSensitiveOpcodeCount": 48
+    },
+    "calldataHeavy": {
+      "mediumCalldataBytes": 8192
+    }
+  }
+}

package/data/detectors/thresholds.json

@@ -0,0 +1,33 @@
+{
+  "schemaVersion": 1,
+  "profile": "default",
+  "lastUpdated": "2026-05-09",
+  "notes": [
+    "Thresholds are conservative MVP heuristics, not protocol gas parameters.",
+    "Tune these values with fixture evidence and keep detector code free of final-fork assumptions."
+  ],
+  "bytecode": {
+    "contractSize": {
+      "currentRuntimeLimitBytes": 24576,
+      "nearCurrentLimitBytes": 20000
+    },
+    "stateAccountOpcodeExposure": {
+      "mediumSensitiveOpcodeCount": 8,
+      "lowSensitiveOpcodeCount": 3
+    },
+    "storagePattern": {
+      "mediumStorageOpcodeCount": 8
+    }
+  },
+  "trace": {
+    "stateHeavyExecution": {
+      "highStorageOps": 40,
+      "highSensitiveOpcodeCount": 80,
+      "mediumStorageOps": 10,
+      "mediumSensitiveOpcodeCount": 20
+    },
+    "calldataHeavy": {
+      "mediumCalldataBytes": 4096
+    }
+  }
+}

package/data/detectors/thresholds.research.json

@@ -0,0 +1,33 @@
+{
+  "schemaVersion": 1,
+  "profile": "research",
+  "lastUpdated": "2026-05-09",
+  "notes": [
+    "Research profile: intentionally more sensitive than the default profile.",
+    "Use this for broad signal collection and aggregate studies, not low-noise CI gating."
+  ],
+  "bytecode": {
+    "contractSize": {
+      "currentRuntimeLimitBytes": 24576,
+      "nearCurrentLimitBytes": 18000
+    },
+    "stateAccountOpcodeExposure": {
+      "mediumSensitiveOpcodeCount": 4,
+      "lowSensitiveOpcodeCount": 1
+    },
+    "storagePattern": {
+      "mediumStorageOpcodeCount": 4
+    }
+  },
+  "trace": {
+    "stateHeavyExecution": {
+      "highStorageOps": 20,
+      "highSensitiveOpcodeCount": 40,
+      "mediumStorageOps": 4,
+      "mediumSensitiveOpcodeCount": 8
+    },
+    "calldataHeavy": {
+      "mediumCalldataBytes": 1024
+    }
+  }
+}

package/data/eips/glamsterdam.json

@@ -0,0 +1,85 @@
+{
+  "fork": "glamsterdam",
+  "lastUpdated": "2026-05-08",
+  "sources": [
+    "https://eips.ethereum.org/EIPS/eip-7773",
+    "https://ethereum.org/roadmap/glamsterdam/",
+    "https://esp.ethereum.foundation/applicants/wishlist",
+    "https://blog.ethereum.org/2026/05/02/soldogn-interop-recap",
+    "https://blog.ethereum.org/2026/02/18/protocol-priorities-update-2026"
+  ],
+  "eips": [
+    {
+      "id": "EIP-7928",
+      "name": "Block-Level Access Lists",
+      "status": "scheduled",
+      "domain": ["execution", "indexer", "monitoring"],
+      "detectors": ["balDetectors"],
+      "notes": "Used for BAL-related indexer and monitoring readiness checks. Do not hardcode final behavior in detector code."
+    },
+    {
+      "id": "EIP-7732",
+      "name": "Enshrined Proposer-Builder Separation",
+      "status": "scheduled",
+      "domain": ["consensus", "validator", "builder"],
+      "detectors": ["epbsDetectors"],
+      "notes": "Used for validator and operator readiness checks around builder/API metadata."
+    },
+    {
+      "id": "EIP-7708",
+      "name": "ETH transfers emit a log",
+      "status": "considered",
+      "domain": ["execution", "indexer", "monitoring"],
+      "detectors": ["nativeEthTransferLogDetectors"],
+      "notes": "Used for native ETH transfer visibility checks. Treat as considered until status changes."
+    },
+    {
+      "id": "EIP-7904",
+      "name": "General Repricing",
+      "status": "considered",
+      "domain": ["execution", "contracts"],
+      "detectors": ["gasRepricingDetectors"],
+      "notes": "Broad repricing candidate. Exact gas deltas must come from data, not hardcoded detector logic."
+    },
+    {
+      "id": "EIP-7954",
+      "name": "Increase Maximum Contract Size",
+      "status": "considered",
+      "domain": ["execution", "contracts"],
+      "detectors": ["contractSizeDetectors"],
+      "notes": "Used only to flag contract-size review areas. Final limits may change."
+    },
+    {
+      "id": "EIP-7976",
+      "name": "Increase Calldata Floor Cost",
+      "status": "considered",
+      "domain": ["execution", "contracts"],
+      "detectors": ["gasRepricingDetectors"],
+      "notes": "Used for calldata-heavy trace and bytecode review prompts when calldata evidence is visible."
+    },
+    {
+      "id": "EIP-8037",
+      "name": "State Creation Gas Cost Increase",
+      "status": "considered",
+      "domain": ["execution", "contracts"],
+      "detectors": ["stateCreationDetectors"],
+      "notes": "Used for CREATE and CREATE2 review prompts. Do not infer exact cost changes."
+    },
+    {
+      "id": "EIP-8038",
+      "name": "State-access gas cost increase",
+      "status": "considered",
+      "domain": ["execution", "contracts"],
+      "detectors": ["gasRepricingDetectors"],
+      "notes": "Used for storage/account access review prompts. Do not infer exact cost changes."
+    },
+    {
+      "id": "GAS-REPRICING",
+      "name": "Glamsterdam gas repricing candidates",
+      "status": "considered",
+      "domain": ["execution", "contracts"],
+      "detectors": ["gasRepricingDetectors", "stateCreationDetectors"],
+      "notes": "Umbrella entry for broad heuristics until exact final EIPs and parameters are confirmed."
+    }
+  ]
+}

package/dist/cli.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};