glamsterdam-compat-lab 0.2.2

package/dist/utils/bytecode.js

@@ -0,0 +1,140 @@
+const opcodeNames = new Map([
+    [0x00, "STOP"],
+    [0x01, "ADD"],
+    [0x02, "MUL"],
+    [0x03, "SUB"],
+    [0x04, "DIV"],
+    [0x05, "SDIV"],
+    [0x06, "MOD"],
+    [0x07, "SMOD"],
+    [0x08, "ADDMOD"],
+    [0x09, "MULMOD"],
+    [0x0a, "EXP"],
+    [0x0b, "SIGNEXTEND"],
+    [0x10, "LT"],
+    [0x11, "GT"],
+    [0x12, "SLT"],
+    [0x13, "SGT"],
+    [0x14, "EQ"],
+    [0x15, "ISZERO"],
+    [0x16, "AND"],
+    [0x17, "OR"],
+    [0x18, "XOR"],
+    [0x19, "NOT"],
+    [0x1a, "BYTE"],
+    [0x1b, "SHL"],
+    [0x1c, "SHR"],
+    [0x1d, "SAR"],
+    [0x20, "SHA3"],
+    [0x30, "ADDRESS"],
+    [0x31, "BALANCE"],
+    [0x32, "ORIGIN"],
+    [0x33, "CALLER"],
+    [0x34, "CALLVALUE"],
+    [0x35, "CALLDATALOAD"],
+    [0x36, "CALLDATASIZE"],
+    [0x37, "CALLDATACOPY"],
+    [0x38, "CODESIZE"],
+    [0x39, "CODECOPY"],
+    [0x3a, "GASPRICE"],
+    [0x3b, "EXTCODESIZE"],
+    [0x3c, "EXTCODECOPY"],
+    [0x3d, "RETURNDATASIZE"],
+    [0x3e, "RETURNDATACOPY"],
+    [0x3f, "EXTCODEHASH"],
+    [0x40, "BLOCKHASH"],
+    [0x41, "COINBASE"],
+    [0x42, "TIMESTAMP"],
+    [0x43, "NUMBER"],
+    [0x44, "PREVRANDAO"],
+    [0x45, "GASLIMIT"],
+    [0x46, "CHAINID"],
+    [0x47, "SELFBALANCE"],
+    [0x48, "BASEFEE"],
+    [0x49, "BLOBHASH"],
+    [0x4a, "BLOBBASEFEE"],
+    [0x50, "POP"],
+    [0x51, "MLOAD"],
+    [0x52, "MSTORE"],
+    [0x53, "MSTORE8"],
+    [0x54, "SLOAD"],
+    [0x55, "SSTORE"],
+    [0x56, "JUMP"],
+    [0x57, "JUMPI"],
+    [0x58, "PC"],
+    [0x59, "MSIZE"],
+    [0x5a, "GAS"],
+    [0x5b, "JUMPDEST"],
+    [0x5f, "PUSH0"],
+    [0xf0, "CREATE"],
+    [0xf1, "CALL"],
+    [0xf2, "CALLCODE"],
+    [0xf3, "RETURN"],
+    [0xf4, "DELEGATECALL"],
+    [0xf5, "CREATE2"],
+    [0xfa, "STATICCALL"],
+    [0xfd, "REVERT"],
+    [0xfe, "INVALID"],
+    [0xff, "SELFDESTRUCT"]
+]);
+for (let opcode = 0x60; opcode <= 0x7f; opcode += 1) {
+    opcodeNames.set(opcode, `PUSH${opcode - 0x5f}`);
+}
+for (let opcode = 0x80; opcode <= 0x8f; opcode += 1) {
+    opcodeNames.set(opcode, `DUP${opcode - 0x7f}`);
+}
+for (let opcode = 0x90; opcode <= 0x9f; opcode += 1) {
+    opcodeNames.set(opcode, `SWAP${opcode - 0x8f}`);
+}
+for (let opcode = 0xa0; opcode <= 0xa4; opcode += 1) {
+    opcodeNames.set(opcode, `LOG${opcode - 0xa0}`);
+}
+export function normalizeBytecode(input) {
+    const compact = input.replace(/\s+/g, "").toLowerCase();
+    const withoutPrefix = compact.startsWith("0x") ? compact.slice(2) : compact;
+    if (withoutPrefix.length === 0) {
+        return "0x";
+    }
+    if (!/^[0-9a-f]+$/.test(withoutPrefix)) {
+        throw new Error("Input is not valid hexadecimal bytecode");
+    }
+    const evenHex = withoutPrefix.length % 2 === 0 ? withoutPrefix : `0${withoutPrefix}`;
+    return `0x${evenHex}`;
+}
+export function byteLength(bytecode) {
+    const normalized = normalizeBytecode(bytecode);
+    return (normalized.length - 2) / 2;
+}
+export function disassembleBytecode(bytecode) {
+    const normalized = normalizeBytecode(bytecode).slice(2);
+    const bytes = normalized.match(/.{1,2}/g)?.map((hex) => Number.parseInt(hex, 16)) ?? [];
+    const opcodes = [];
+    for (let pc = 0; pc < bytes.length; pc += 1) {
+        const code = bytes[pc] ?? 0;
+        const name = opcodeNames.get(code) ?? `UNKNOWN_0x${code.toString(16).padStart(2, "0")}`;
+        if (code >= 0x60 && code <= 0x7f) {
+            const pushBytes = code - 0x5f;
+            const dataStart = pc + 1;
+            const dataEnd = Math.min(dataStart + pushBytes, bytes.length);
+            const pushData = bytes.slice(dataStart, dataEnd).map(toHexByte).join("");
+            opcodes.push({ pc, code, name, pushData });
+            pc += pushBytes;
+            continue;
+        }
+        opcodes.push({ pc, code, name });
+    }
+    return opcodes;
+}
+export function countOpcodeNames(opcodes) {
+    return opcodes.reduce((counts, opcode) => {
+        counts[opcode.name] = (counts[opcode.name] ?? 0) + 1;
+        return counts;
+    }, {});
+}
+export function opcodeCount(counts, names) {
+    return names.reduce((total, name) => total + (counts[name] ?? 0), 0);
+}
+function toHexByte(value) {
+    return value.toString(16).padStart(2, "0");
+}
+//# sourceMappingURL=bytecode.js.map

package/dist/utils/bytecode.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"bytecode.js","sourceRoot":"","sources":["../../src/utils/bytecode.ts"],"names":[],"mappings":"AAOA,MAAM,WAAW,GAAG,IAAI,GAAG,CAAiB;IAC1C,CAAC,IAAI,EAAE,MAAM,CAAC;IACd,CAAC,IAAI,EAAE,KAAK,CAAC;IACb,CAAC,IAAI,EAAE,KAAK,CAAC;IACb,CAAC,IAAI,EAAE,KAAK,CAAC;IACb,CAAC,IAAI,EAAE,KAAK,CAAC;IACb,CAAC,IAAI,EAAE,MAAM,CAAC;IACd,CAAC,IAAI,EAAE,KAAK,CAAC;IACb,CAAC,IAAI,EAAE,MAAM,CAAC;IACd,CAAC,IAAI,EAAE,QAAQ,CAAC;IAChB,CAAC,IAAI,EAAE,QAAQ,CAAC;IAChB,CAAC,IAAI,EAAE,KAAK,CAAC;IACb,CAAC,IAAI,EAAE,YAAY,CAAC;IACpB,CAAC,IAAI,EAAE,IAAI,CAAC;IACZ,CAAC,IAAI,EAAE,IAAI,CAAC;IACZ,CAAC,IAAI,EAAE,KAAK,CAAC;IACb,CAAC,IAAI,EAAE,KAAK,CAAC;IACb,CAAC,IAAI,EAAE,IAAI,CAAC;IACZ,CAAC,IAAI,EAAE,QAAQ,CAAC;IAChB,CAAC,IAAI,EAAE,KAAK,CAAC;IACb,CAAC,IAAI,EAAE,IAAI,CAAC;IACZ,CAAC,IAAI,EAAE,KAAK,CAAC;IACb,CAAC,IAAI,EAAE,KAAK,CAAC;IACb,CAAC,IAAI,EAAE,MAAM,CAAC;IACd,CAAC,IAAI,EAAE,KAAK,CAAC;IACb,CAAC,IAAI,EAAE,KAAK,CAAC;IACb,CAAC,IAAI,EAAE,KAAK,CAAC;IACb,CAAC,IAAI,EAAE,MAAM,CAAC;IACd,CAAC,IAAI,EAAE,SAAS,CAAC;IACjB,CAAC,IAAI,EAAE,SAAS,CAAC;IACjB,CAAC,IAAI,EAAE,QAAQ,CAAC;IAChB,CAAC,IAAI,EAAE,QAAQ,CAAC;IAChB,CAAC,IAAI,EAAE,WAAW,CAAC;IACnB,CAAC,IAAI,EAAE,cAAc,CAAC;IACtB,CAAC,IAAI,EAAE,cAAc,CAAC;IACtB,CAAC,IAAI,EAAE,cAAc,CAAC;IACtB,CAAC,IAAI,EAAE,UAAU,CAAC;IAClB,CAAC,IAAI,EAAE,UAAU,CAAC;IAClB,CAAC,IAAI,EAAE,UAAU,CAAC;IAClB,CAAC,IAAI,EAAE,aAAa,CAAC;IACrB,CAAC,IAAI,EAAE,aAAa,CAAC;IACrB,CAAC,IAAI,EAAE,gBAAgB,CAAC;IACxB,CAAC,IAAI,EAAE,gBAAgB,CAAC;IACxB,CAAC,IAAI,EAAE,aAAa,CAAC;IACrB,CAAC,IAAI,EAAE,WAAW,CAAC;IACnB,CAAC,IAAI,EAAE,UAAU,CAAC;IAClB,CAAC,IAAI,EAAE,WAAW,CAAC;IACnB,CAAC,IAAI,EAAE,QAAQ,CAAC;IAChB,CAAC,IAAI,EAAE,YAAY,CAAC;IACpB,CAAC,IAAI,EAAE,UAAU,CAAC;IAClB,CAAC,IAAI,EAAE,SAAS,CAAC;IACjB,CAAC,IAAI,EAAE,aAAa,CAAC;IACrB,CAAC,IAAI,EAAE,SAAS,CAAC;IACjB,CAAC,IAAI,EAAE,UAAU,CAAC;IAClB,CAAC,IAAI,EAAE,aAAa,CAAC;IACrB,CAAC,IAAI,EAAE,KAAK,CAAC;IACb,CAAC,IAAI,EAAE,OAAO,CAAC;IACf,CAAC,IAAI,EAAE,QAAQ,CAAC;IAChB,CAAC,IAAI,EAAE,SAAS,CAAC;IACjB,CAAC,IAAI,EAAE,OAAO,CAAC;IACf,CAAC,IAAI,EAAE,QAAQ,CAAC;IAChB,CAAC,IAAI,EAAE,MAAM,CAAC;IACd,CAAC,IAAI,EAAE,OAAO,CAAC;IACf,CAAC,IAAI,EAAE,IAAI,CAAC;IACZ,CAAC,IAAI,EAAE,OAAO,CAAC;IACf,CAAC,IAAI,EAAE,KAAK,CAAC;IACb,CAAC,IAAI,EAAE,UAAU,CAAC;IAClB,CAAC,IAAI,EAAE,OAAO,CAAC;IACf,CAAC,IAAI,EAAE,QAAQ,CAAC;IAChB,CAAC,IAAI,EAAE,MAAM,CAAC;IACd,CAAC,IAAI,EAAE,UAAU,CAAC;IAClB,CAAC,IAAI,EAAE,QAAQ,CAAC;IAChB,CAAC,IAAI,EAAE,cAAc,CAAC;IACtB,CAAC,IAAI,EAAE,SAAS,CAAC;IACjB,CAAC,IAAI,EAAE,YAAY,CAAC;IACpB,CAAC,IAAI,EAAE,QAAQ,CAAC;IAChB,CAAC,IAAI,EAAE,SAAS,CAAC;IACjB,CAAC,IAAI,EAAE,cAAc,CAAC;CACvB,CAAC,CAAC;AAEH,KAAK,IAAI,MAAM,GAAG,IAAI,EAAE,MAAM,IAAI,IAAI,EAAE,MAAM,IAAI,CAAC,EAAE,CAAC;IACpD,WAAW,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,MAAM,GAAG,IAAI,EAAE,CAAC,CAAC;AAClD,CAAC;AAED,KAAK,IAAI,MAAM,GAAG,IAAI,EAAE,MAAM,IAAI,IAAI,EAAE,MAAM,IAAI,CAAC,EAAE,CAAC;IACpD,WAAW,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,MAAM,GAAG,IAAI,EAAE,CAAC,CAAC;AACjD,CAAC;AAED,KAAK,IAAI,MAAM,GAAG,IAAI,EAAE,MAAM,IAAI,IAAI,EAAE,MAAM,IAAI,CAAC,EAAE,CAAC;IACpD,WAAW,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,MAAM,GAAG,IAAI,EAAE,CAAC,CAAC;AAClD,CAAC;AAED,KAAK,IAAI,MAAM,GAAG,IAAI,EAAE,MAAM,IAAI,IAAI,EAAE,MAAM,IAAI,CAAC,EAAE,CAAC;IACpD,WAAW,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,MAAM,GAAG,IAAI,EAAE,CAAC,CAAC;AACjD,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,KAAa;IAC7C,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IACxD,MAAM,aAAa,GAAG,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;IAE5E,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC;QACvC,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;IAC7D,CAAC;IAED,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,aAAa,EAAE,CAAC;IACrF,OAAO,KAAK,OAAO,EAAE,CAAC;AACxB,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,QAAgB;IACzC,MAAM,UAAU,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAC/C,OAAO,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;AACrC,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,QAAgB;IAClD,MAAM,UAAU,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACxD,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACxF,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,KAAK,IAAI,EAAE,GAAG,CAAC,EAAE,EAAE,GAAG,KAAK,CAAC,MAAM,EAAE,EAAE,IAAI,CAAC,EAAE,CAAC;QAC5C,MAAM,IAAI,GAAG,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;QAC5B,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,aAAa,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC;QAExF,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,EAAE,CAAC;YACjC,MAAM,SAAS,GAAG,IAAI,GAAG,IAAI,CAAC;YAC9B,MAAM,SAAS,GAAG,EAAE,GAAG,CAAC,CAAC;YACzB,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,GAAG,SAAS,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;YAC9D,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACzE,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;YAC3C,EAAE,IAAI,SAAS,CAAC;YAChB,SAAS;QACX,CAAC;QAED,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;IACnC,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,OAAiB;IAChD,OAAO,OAAO,CAAC,MAAM,CAAyB,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE;QAC/D,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QACrD,OAAO,MAAM,CAAC;IAChB,CAAC,EAAE,EAAE,CAAC,CAAC;AACT,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,MAA8B,EAAE,KAAe;IACzE,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AACvE,CAAC;AAED,SAAS,SAAS,CAAC,KAAa;IAC9B,OAAO,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;AAC7C,CAAC"}

package/dist/utils/files.d.ts

@@ -0,0 +1,10 @@
+export declare function isReadableFile(value: string): boolean;
+export declare function readPathOrValue(pathOrValue: string): {
+    text: string;
+    name: string;
+    isFile: boolean;
+};
+export declare function readTextFile(filePath: string): string;
+export declare function loadStructuredFile(filePath: string): unknown;
+export declare function parseStructuredText(text: string, sourceName?: string): unknown;
+export declare function resolveFromCwd(pathLike: string): string;

package/dist/utils/files.js

@@ -0,0 +1,51 @@
+import { existsSync, readFileSync, statSync } from "node:fs";
+import { extname, resolve } from "node:path";
+import YAML from "yaml";
+export function isReadableFile(value) {
+    try {
+        return existsSync(value) && statSync(value).isFile();
+    }
+    catch {
+        return false;
+    }
+}
+export function readPathOrValue(pathOrValue) {
+    if (!isReadableFile(pathOrValue)) {
+        return {
+            text: pathOrValue,
+            name: "inline-bytecode",
+            isFile: false
+        };
+    }
+    return {
+        text: readFileSync(pathOrValue, "utf8"),
+        name: pathOrValue,
+        isFile: true
+    };
+}
+export function readTextFile(filePath) {
+    return readFileSync(filePath, "utf8");
+}
+export function loadStructuredFile(filePath) {
+    const text = readTextFile(filePath);
+    return parseStructuredText(text, filePath);
+}
+export function parseStructuredText(text, sourceName = "input") {
+    const ext = extname(sourceName).toLowerCase();
+    if (ext === ".yaml" || ext === ".yml") {
+        return YAML.parse(text) ?? {};
+    }
+    if (ext === ".json") {
+        return JSON.parse(text);
+    }
+    try {
+        return JSON.parse(text);
+    }
+    catch {
+        return YAML.parse(text) ?? {};
+    }
+}
+export function resolveFromCwd(pathLike) {
+    return resolve(process.cwd(), pathLike);
+}
+//# sourceMappingURL=files.js.map

package/dist/utils/files.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"files.js","sourceRoot":"","sources":["../../src/utils/files.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC7D,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,MAAM,UAAU,cAAc,CAAC,KAAa;IAC1C,IAAI,CAAC;QACH,OAAO,UAAU,CAAC,KAAK,CAAC,IAAI,QAAQ,CAAC,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC;IACvD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,WAAmB;IACjD,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,EAAE,CAAC;QACjC,OAAO;YACL,IAAI,EAAE,WAAW;YACjB,IAAI,EAAE,iBAAiB;YACvB,MAAM,EAAE,KAAK;SACd,CAAC;IACJ,CAAC;IAED,OAAO;QACL,IAAI,EAAE,YAAY,CAAC,WAAW,EAAE,MAAM,CAAC;QACvC,IAAI,EAAE,WAAW;QACjB,MAAM,EAAE,IAAI;KACb,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,QAAgB;IAC3C,OAAO,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;AACxC,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,QAAgB;IACjD,MAAM,IAAI,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IACpC,OAAO,mBAAmB,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;AAC7C,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,IAAY,EAAE,UAAU,GAAG,OAAO;IACpE,MAAM,GAAG,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC,WAAW,EAAE,CAAC;IAE9C,IAAI,GAAG,KAAK,OAAO,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;QACtC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;IAChC,CAAC;IAED,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;QACpB,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAED,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;IAChC,CAAC;AACH,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,QAAgB;IAC7C,OAAO,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,QAAQ,CAAC,CAAC;AAC1C,CAAC"}

package/dist/utils/severity.d.ts

@@ -0,0 +1,2 @@
+import type { Severity } from "../reports/reportTypes.js";
+export declare function highestSeverity(values: Severity[]): Severity;

package/dist/utils/severity.js

@@ -0,0 +1,13 @@
+const severityRank = {
+    unknown: 0,
+    low: 1,
+    medium: 2,
+    high: 3
+};
+export function highestSeverity(values) {
+    if (values.length === 0) {
+        return "low";
+    }
+    return values.reduce((highest, current) => severityRank[current] > severityRank[highest] ? current : highest);
+}
+//# sourceMappingURL=severity.js.map

package/dist/utils/severity.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"severity.js","sourceRoot":"","sources":["../../src/utils/severity.ts"],"names":[],"mappings":"AAEA,MAAM,YAAY,GAA6B;IAC7C,OAAO,EAAE,CAAC;IACV,GAAG,EAAE,CAAC;IACN,MAAM,EAAE,CAAC;IACT,IAAI,EAAE,CAAC;CACR,CAAC;AAEF,MAAM,UAAU,eAAe,CAAC,MAAkB;IAChD,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CACxC,YAAY,CAAC,OAAO,CAAC,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAClE,CAAC;AACJ,CAAC"}

package/docs/fixtures.md

@@ -0,0 +1,60 @@
+# Fixture Contributions
+
+Fixtures are how Glamsterdam Compatibility Lab learns which scanner signals are useful. Prefer small, reviewable examples that exercise one behavior clearly.
+
+## What to Share
+
+- EVM runtime bytecode or init code with enough context to know which one it is.
+- Transaction traces from tools such as geth `debug_traceTransaction`, Besu, Nethermind, Foundry, Hardhat, Erigon, or call tracers.
+- Indexer and explorer configs, including subgraphs, event/call/block handlers, and replay settings.
+- Validator or operator configs with client, builder/API, monitoring, and testnet/devnet metadata.
+- Compatibility matrices that are explicitly sourced from client release notes, devnet docs, or maintainer statements.
+
+## Redaction Rules
+
+Remove private keys, seed phrases, auth tokens, RPC credentials, validator keys, fee recipient secrets, internal hostnames, private endpoints, and non-public incident details.
+
+For public-chain examples, addresses and transaction hashes are usually fine if they are already public. For private or internal examples, replace addresses, hashes, hostnames, and organization names with deterministic placeholders.
+
+## Minimum Metadata
+
+When possible, include:
+
+- Source type: synthetic, public-chain, public repo, anonymized internal, or generated example.
+- Tool or client name and version.
+- Command or API used to produce the fixture.
+- Trace mode or tracer name, such as `structLogs` or `callTracer`.
+- Network, chain ID, or devnet name.
+- Whether the fixture is complete or intentionally partial.
+- Expected scanner behavior, including findings that should or should not appear.
+
+## Licensing
+
+Only contribute fixtures that can be published under this repository's license. If a fixture came from another project, include the source URL and license. When in doubt, open a fixture contribution issue before opening a pull request.
+
+## Snapshot Expectations
+
+If a fixture changes report wording or JSON structure, update golden report snapshots with:
+
+```sh
+pnpm test:update
+pnpm test
+pnpm build
+```
+
+Snapshots are part of the product. They protect report language from accidental drift.
+
+## Capturing RPC Traces
+
+Use `scan-tx --trace-out` when you have an execution RPC endpoint that supports `debug_traceTransaction`:
+
+```sh
+ETH_RPC_URL=https://your-execution-rpc.example \
+  pnpm glamsterdam scan-tx \
+  --tx 0x0000000000000000000000000000000000000000000000000000000000000000 \
+  --trace-out fixtures/traces/example-real-trace.json
+```
+
+Review the saved file before committing it. Remove credentials, internal hostnames, private transaction data, and anything that is not safe to publish.
+
+`fixtures/traces/drpc-call-tracer-real.json` is an example of this flow. It was captured from a public Ethereum transaction using a public dRPC endpoint with `--tracer callTracer`; the fixture is public-chain data and should be treated as a normalization sample, not as an endorsement of any RPC provider.

package/docs/release.md

@@ -0,0 +1,132 @@
+# Release Runbook
+
+This project publishes GitHub releases and npm packages separately. A release is not complete until both the GitHub release exists and npm shows the expected package version.
+
+## Current npm target
+
+- Package: `glamsterdam-compat-lab`
+- Current release tag: `v0.2.2`
+- Expected npm version: `0.2.2`
+- Publish workflow: `.github/workflows/npm-publish.yml`
+
+## Preflight
+
+Run these checks before publishing:
+
+```sh
+pnpm test
+pnpm build
+pnpm pack:dry-run
+pnpm release:check-pack
+```
+
+`pnpm release:check-pack` packs the current build, installs the tarball into a temporary global prefix, verifies the `glamsterdam` bin, and confirms the real public trace fixture is included.
+
+Confirm the package is not already published at the target version:
+
+```sh
+npm view glamsterdam-compat-lab version --json
+```
+
+You can also run the release readiness helper, which checks the npm registry, local npm login state, local `NPM_TOKEN` or `NODE_AUTH_TOKEN` environment presence, GitHub `NPM_TOKEN` secret presence, and the publish workflow's OIDC shape:
+
+```sh
+pnpm release:check-npm
+```
+
+## Preferred path: npm Trusted Publishing
+
+npm Trusted Publishing uses GitHub Actions OIDC instead of a long-lived npm token. The `Publish npm` workflow is configured for this path with a GitHub-hosted runner, Node 24, `id-token: write`, `actions/setup-node` registry setup for `https://registry.npmjs.org`, and `npm publish --provenance`.
+
+The default OIDC path does not require an npm token secret. If `NPM_TOKEN` is present, the workflow writes a temporary `.npmrc` only for that token fallback.
+
+Configure npm with:
+
+- Provider: GitHub Actions
+- Owner or organization: `CruzMolina`
+- Repository: `glamsterdam-compat-lab`
+- Workflow file: `npm-publish.yml`
+- Environment: `npm-publish`
+
+The workflow uses the GitHub Environment `npm-publish`, which is restricted to protected branches. If you require manual approval or environment-scoped secrets for publishing, configure them on that environment.
+
+If your local npm session has package write access, the equivalent CLI setup is:
+
+```sh
+npx --yes npm@11.14.0 trust github glamsterdam-compat-lab \
+  --repo CruzMolina/glamsterdam-compat-lab \
+  --file npm-publish.yml \
+  --env npm-publish
+```
+
+npm documents `npm trust` as the command-line equivalent of managing trusted publisher configurations on npmjs.com. It requires npm 11.10.0 or newer, an npm owner or publisher login, write permission on the package, and 2FA when the account requires it. If the command fails with `E401` and says you must be logged in to publish packages, authenticate with the npm owner or publisher account before retrying. For a first publish of this unscoped package, use an npm owner or publisher session to try the CLI or npmjs.com setup. If npm does not allow the trusted publisher to be configured before the first publish, use the `NPM_TOKEN` fallback below for the first publish and switch back to Trusted Publishing afterward.
+
+Trusted Publishing also validates repository metadata during publish. Keep `package.json` `repository.url` aligned with `git+https://github.com/CruzMolina/glamsterdam-compat-lab.git`.
+
+You can verify the trusted-publisher shape without writing to npm:
+
+```sh
+npx --yes npm@11.14.0 trust github glamsterdam-compat-lab \
+  --repo CruzMolina/glamsterdam-compat-lab \
+  --file npm-publish.yml \
+  --env npm-publish \
+  --dry-run --json
+```
+
+Then run the workflow from `main`:
+
+```sh
+gh workflow run npm-publish.yml \
+  --ref main \
+  -f release_tag=v0.2.2 \
+  -f dry_run=true \
+  -f tag=latest
+```
+
+If the dry run passes, run the real publish:
+
+```sh
+gh workflow run npm-publish.yml \
+  --ref main \
+  -f release_tag=v0.2.2 \
+  -f dry_run=false \
+  -f tag=latest
+```
+
+If the real publish fails with `ENEEDAUTH`, verify the npm Trusted Publishing configuration first. The workflow filename and repository fields are case-sensitive.
+
+If the logs show `Signed provenance statement` followed by `npm error 404 Not Found - PUT`, OIDC/provenance is working, but npm has not authorized this workflow or account to publish the package name. Verify the Trusted Publishing package grant. If npm does not allow Trusted Publishing to be configured before the first publish of this unscoped package, use the token fallback below for the first publish, then switch the package to Trusted Publishing afterward.
+
+## Fallback path: npm token
+
+Create a granular npm access token with read/write package permission for `glamsterdam-compat-lab` or all packages the npm owner can publish. If the npm account or package requires 2FA, enable the token's bypass-2FA option for non-interactive CI publishing. Then add the token as the `NPM_TOKEN` secret on the `npm-publish` environment or as a repository secret.
+
+If the token is available in your shell as `NPM_TOKEN` or `NODE_AUTH_TOKEN`, set the environment secret without printing the token value:
+
+```sh
+NPM_TOKEN="${NPM_TOKEN:-${NODE_AUTH_TOKEN:-}}"
+test -n "${NPM_TOKEN:-}" || { echo "Set NPM_TOKEN or NODE_AUTH_TOKEN first"; exit 1; }
+gh secret set NPM_TOKEN --repo CruzMolina/glamsterdam-compat-lab --env npm-publish --body "$NPM_TOKEN"
+```
+
+When this secret is present, the workflow exports it as `NODE_AUTH_TOKEN` and writes a temporary npm user config for the publish step. When the secret is absent, the workflow leaves token auth unset and relies on Trusted Publishing/OIDC.
+
+Rerun the same workflow:
+
+```sh
+gh workflow run npm-publish.yml \
+  --ref main \
+  -f release_tag=v0.2.2 \
+  -f dry_run=false \
+  -f tag=latest
+```
+
+After a successful token-based publish, configure Trusted Publishing for future releases and revoke unused publish tokens.
+
+## Done criteria
+
+The npm release is done when all of these are true:
+
+- The `Publish npm` workflow completed successfully for `release_tag=v0.2.2`.
+- `npm view glamsterdam-compat-lab version --json` returns `"0.2.2"`.
+- Issue #17 is closed with the successful workflow run link.

package/examples/storage-heavy-bytecode.md

@@ -0,0 +1,57 @@
+# Example: storage-heavy bytecode report
+
+Command:
+
+```sh
+pnpm glamsterdam scan-bytecode fixtures/bytecode/storage-heavy.hex --format markdown
+```
+
+Output excerpt:
+
+```md
+# Glamsterdam Compatibility Report
+
+Target: bytecode fixtures/bytecode/storage-heavy.hex
+Tool version: 0.1.0
+Fork registry: glamsterdam
+
+## Summary
+
+Overall risk: MEDIUM
+Findings: 6 total, 0 high, 3 medium, 2 low, 1 unknown
+
+## Findings
+
+### 1. State and account access opcodes are prominent in bytecode
+
+Severity: MEDIUM
+Confidence: medium
+Domains: contracts, execution
+Related EIPs: GAS-REPRICING, EIP-7904, EIP-8038, EIP-7976
+
+This bytecode contains multiple storage, account, or hashing opcodes. Glamsterdam gas repricing candidates may change the cost profile of state-heavy execution, but static bytecode does not prove those paths are hot.
+
+Recommendation: Replay representative transactions and benchmark hot paths once a Glamsterdam client/devnet or local fork configuration is available.
+
+### 3. Contract creation opcodes are present
+
+Severity: MEDIUM
+Confidence: high
+Domains: contracts, execution
+Related EIPs: GAS-REPRICING, EIP-8037
+
+CREATE or CREATE2 appears in the bytecode. State-creation repricing candidates may affect factory, clone, deployment, or account-creation-heavy paths depending on final Glamsterdam scope.
+
+Recommendation: Identify representative deployment/factory transactions and add them to fork-readiness replay tests.
+
+### 6. Manual review is still required for runtime behavior
+
+Severity: UNKNOWN
+Confidence: low
+Domains: contracts, execution
+Related EIPs: GAS-REPRICING
+
+The scanner found static opcode evidence, but exact fork impact depends on executed paths, calldata, storage warmness, account state, compiler output, and final Glamsterdam parameters.
+
+Recommendation: Use this report to choose transactions for trace replay and benchmark them under current and Glamsterdam configurations.
+```

package/fixtures/bytecode/storage-heavy.hex

@@ -0,0 +1 @@
+0x600054600055600154600155600254600255600354600355600454600455600060006000f06000600060006000f5313b3f3760006000a100

package/fixtures/indexers/balance-diff-indexer.json

@@ -0,0 +1,15 @@
+{
+  "name": "balance-diff-indexer",
+  "pipeline": {
+    "nativeEthTransfers": {
+      "source": "balanceDiff",
+      "description": "Synthetic fixture that models native ETH transfer handling through balance diff logic."
+    }
+  },
+  "compatibility": {
+    "glamsterdam": {
+      "reviewedEips": ["EIP-7708"],
+      "replayPlan": "Run replay against a Glamsterdam devnet when available."
+    }
+  }
+}

package/fixtures/indexers/subgraph.yaml

@@ -0,0 +1,24 @@
+specVersion: 1.0.0
+schema:
+  file: ./schema.graphql
+dataSources:
+  - kind: ethereum/contract
+    name: ExampleToken
+    network: mainnet
+    source:
+      address: "0x0000000000000000000000000000000000000000"
+      abi: ExampleToken
+      startBlock: 1
+    mapping:
+      kind: ethereum/events
+      apiVersion: 0.0.9
+      language: wasm/assemblyscript
+      entities:
+        - Transfer
+      abis:
+        - name: ExampleToken
+          file: ./abis/ExampleToken.json
+      eventHandlers:
+        - event: Transfer(indexed address,indexed address,uint256)
+          handler: handleTransfer
+      file: ./src/example-token.ts

package/fixtures/traces/besu-debug-structlogs.json

@@ -0,0 +1,18 @@
+{
+  "format": "besu-debug-structlogs-fixture-v0",
+  "source": "Synthetic fixture shaped like a Besu debug_traceTransaction structLogs response.",
+  "jsonrpc": "2.0",
+  "id": 1,
+  "result": {
+    "gas": "0x33450",
+    "failed": false,
+    "returnValue": "0x",
+    "structLogs": [
+      { "pc": 0, "op": "PUSH1", "depth": 1, "gas": 210000, "gasCost": 3 },
+      { "pc": 2, "op": "SLOAD", "depth": 1, "gas": 209997, "gasCost": 100 },
+      { "pc": 3, "op": "SSTORE", "depth": 1, "gas": 209897, "gasCost": 2900 },
+      { "pc": 4, "op": "CALL", "depth": 2, "gas": 206997, "gasCost": 700, "calldataBytes": 256 },
+      { "pc": 5, "op": "LOG1", "depth": 1, "gas": 206297, "gasCost": 375 }
+    ]
+  }
+}

package/fixtures/traces/call-tracer-tree.json

@@ -0,0 +1,27 @@
+{
+  "type": "CALL",
+  "from": "0x0000000000000000000000000000000000000001",
+  "to": "0x0000000000000000000000000000000000000002",
+  "input": "0x12345678",
+  "logs": [{}],
+  "calls": [
+    {
+      "type": "CREATE2",
+      "from": "0x0000000000000000000000000000000000000002",
+      "input": "0x60006000"
+    },
+    {
+      "type": "CALL",
+      "from": "0x0000000000000000000000000000000000000002",
+      "to": "0x0000000000000000000000000000000000000003",
+      "input": "0xabcdef",
+      "calls": [
+        {
+          "type": "STATICCALL",
+          "to": "0x0000000000000000000000000000000000000004",
+          "input": "0x01"
+        }
+      ]
+    }
+  ]
+}