npm - glamsterdam-compat-lab - Versions diffs - 0.3.1 → 0.3.2 - Mend

glamsterdam-compat-lab 0.3.1 → 0.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (80) hide show

package/README.md CHANGED Viewed

@@ -36,14 +36,14 @@ pnpm glamsterdam scan-bytecode fixtures/bytecode/storage-heavy.hex
 Install the published CLI from npm:
 ```sh
-npm install -g glamsterdam-compat-lab@0.3.1
+npm install -g glamsterdam-compat-lab@0.3.2
 glamsterdam eips
 ```
-The v0.3.1 GitHub release tarball remains available as a reproducible release artifact:
+The v0.3.2 GitHub release tarball remains available as a reproducible release artifact:
 ```sh
-npm install -g https://github.com/CruzMolina/glamsterdam-compat-lab/releases/download/v0.3.1/glamsterdam-compat-lab-0.3.1.tgz
+npm install -g https://github.com/CruzMolina/glamsterdam-compat-lab/releases/download/v0.3.2/glamsterdam-compat-lab-0.3.2.tgz
 ```
 See [docs/release.md](docs/release.md) for maintainer release checks and npm publishing notes.
@@ -72,7 +72,7 @@ Each scanner accepts `--registry <path>` and `--thresholds <path>` so EIP metada
 ## Public dataset seed
-Fixture provenance lives in [fixtures/provenance.json](fixtures/provenance.json). The first deterministic dataset seed lives in [datasets/public-seed](datasets/public-seed) and includes generated JSON reports plus default-vs-research threshold comparisons for bytecode and trace fixtures.
+Fixture provenance lives in [fixtures/provenance.json](fixtures/provenance.json). The first deterministic dataset seed lives in [datasets/public-seed](datasets/public-seed) and includes generated JSON reports, default-vs-research threshold comparisons for bytecode and trace fixtures, a `summary.json` file with aggregate counts, and CSV exports (`reports.csv`, `findings.csv`, `summary.csv`) for spreadsheet and warehouse import.
 Regenerate it with:
@@ -131,7 +131,7 @@ Each scanner returns a `CompatibilityReport`:
 ```json
 {
-  "toolVersion": "0.3.1",
+  "toolVersion": "0.3.2",
   "fork": "glamsterdam",
   "target": {
     "kind": "bytecode",
@@ -219,7 +219,7 @@ Release publishing notes live in [docs/release.md](docs/release.md).
 ## Roadmap
-See [ROADMAP.md](ROADMAP.md) for planned phases. Phase 0 is released as `v0.1.0`; `v0.2.0` starts Phase 1 with RPC transaction trace ingestion and broader trace fixture coverage; `v0.3.0` adds baseline comparison reports; `v0.3.1` expands public-safe fixture and dataset coverage.
+See [ROADMAP.md](ROADMAP.md) for planned phases. Phase 0 is released as `v0.1.0`; `v0.2.0` starts Phase 1 with RPC transaction trace ingestion and broader trace fixture coverage; `v0.3.0` adds baseline comparison reports; `v0.3.1` expands public-safe fixture and dataset coverage; `v0.3.2` adds packaged CSV dataset exports.
 ## Disclaimer

package/ROADMAP.md CHANGED Viewed

@@ -52,7 +52,7 @@ Goal: compare compatibility reports across profiles and, later, across current-c
 ## Phase 2: Public Dataset
-Status: seeded after `v0.3.0`; expanded with public-safe trace, indexer, and validator fixture coverage in `v0.3.1`.
+Status: seeded after `v0.3.0`; expanded with public-safe trace, indexer, and validator fixture coverage in `v0.3.1`; packaged CSV exports added in `v0.3.2`.
 Goal: publish reproducible compatibility research.

package/datasets/public-seed/README.md CHANGED Viewed

@@ -7,6 +7,10 @@ The seed is intentionally small. It is meant to prove the dataset workflow, not
 ## Contents
 - `manifest.json`: index of generated reports, comparisons, source fixtures, threshold profiles, and limitations.
+- `summary.json`: aggregate counts by fixture kind, source type, report risk, threshold profile, and finding ID.
+- `reports.csv`: flat index of generated reports for spreadsheet and warehouse import.
+- `findings.csv`: one row per generated report finding, including severity, confidence, domains, and related EIPs.
+- `summary.csv`: flattened aggregate totals and counts from `summary.json`.
 - `reports/`: JSON compatibility reports generated from source fixtures.
 - `comparisons/`: JSON comparison reports for default-vs-research threshold profiles on bytecode and trace fixtures.

package/datasets/public-seed/comparisons/bytecode-ens-registry-mainnet-runtime--default-vs-research.json ADDED Viewed

@@ -0,0 +1,136 @@
+{
+  "toolVersion": "0.3.2",
+  "fork": "glamsterdam",
+  "comparison": {
+    "baseline": {
+      "toolVersion": "0.3.2",
+      "fork": "glamsterdam",
+      "target": {
+        "kind": "bytecode",
+        "name": "fixtures/bytecode/ens-registry-mainnet-runtime.hex"
+      },
+      "summary": {
+        "risk": "medium",
+        "findingCount": 4,
+        "highCount": 0,
+        "mediumCount": 2,
+        "lowCount": 1,
+        "unknownCount": 1
+      }
+    },
+    "candidate": {
+      "toolVersion": "0.3.2",
+      "fork": "glamsterdam",
+      "target": {
+        "kind": "bytecode",
+        "name": "fixtures/bytecode/ens-registry-mainnet-runtime.hex"
+      },
+      "summary": {
+        "risk": "medium",
+        "findingCount": 4,
+        "highCount": 0,
+        "mediumCount": 2,
+        "lowCount": 1,
+        "unknownCount": 1
+      }
+    }
+  },
+  "summary": {
+    "riskChange": {
+      "from": "medium",
+      "to": "medium",
+      "direction": "unchanged"
+    },
+    "findingCount": {
+      "baseline": 4,
+      "candidate": 4,
+      "delta": 0
+    },
+    "addedCount": 0,
+    "removedCount": 0,
+    "changedCount": 0,
+    "unchangedCount": 4,
+    "severityIncreasedCount": 0,
+    "severityDecreasedCount": 0,
+    "severityChangedCount": 0,
+    "confidenceIncreasedCount": 0,
+    "confidenceDecreasedCount": 0,
+    "confidenceChangedCount": 0
+  },
+  "changes": {
+    "added": [],
+    "removed": [],
+    "changed": [],
+    "unchanged": [
+      {
+        "key": "bytecode.log-opcodes-present",
+        "id": "bytecode.log-opcodes-present",
+        "title": "Log opcodes are present",
+        "severity": "low",
+        "confidence": "medium",
+        "domain": [
+          "contracts",
+          "indexer",
+          "monitoring"
+        ],
+        "relatedEips": [
+          "EIP-7708"
+        ]
+      },
+      {
+        "key": "bytecode.manual-review-required",
+        "id": "bytecode.manual-review-required",
+        "title": "Manual review is still required for runtime behavior",
+        "severity": "unknown",
+        "confidence": "low",
+        "domain": [
+          "contracts",
+          "execution"
+        ],
+        "relatedEips": [
+          "GAS-REPRICING"
+        ]
+      },
+      {
+        "key": "bytecode.state-account-opcode-exposure",
+        "id": "bytecode.state-account-opcode-exposure",
+        "title": "State and account access opcodes are prominent in bytecode",
+        "severity": "medium",
+        "confidence": "medium",
+        "domain": [
+          "contracts",
+          "execution"
+        ],
+        "relatedEips": [
+          "GAS-REPRICING",
+          "EIP-7904",
+          "EIP-8038",
+          "EIP-7976"
+        ]
+      },
+      {
+        "key": "bytecode.storage-heavy-pattern",
+        "id": "bytecode.storage-heavy-pattern",
+        "title": "Storage-related opcodes appear frequently",
+        "severity": "medium",
+        "confidence": "medium",
+        "domain": [
+          "contracts",
+          "execution"
+        ],
+        "relatedEips": [
+          "GAS-REPRICING",
+          "EIP-8038"
+        ]
+      }
+    ]
+  },
+  "assumptions": [
+    "Reports were compared by finding id. Repeated finding ids are disambiguated with deterministic occurrence suffixes.",
+    "Severity and confidence changes are structural report changes, not protocol gas estimates."
+  ],
+  "limitations": [
+    "The comparison does not infer exact gas deltas, final Glamsterdam parameters, or current-vs-Glamsterdam client behavior unless those values are already present in the input reports.",
+    "Added and removed findings can reflect threshold profile differences, fixture coverage changes, registry updates, or detector changes; review the source reports before treating a diff as a protocol risk change."
+  ]
+}

package/datasets/public-seed/comparisons/bytecode-multicall3-mainnet-runtime--default-vs-research.json ADDED Viewed

@@ -0,0 +1,139 @@
+{
+  "toolVersion": "0.3.2",
+  "fork": "glamsterdam",
+  "comparison": {
+    "baseline": {
+      "toolVersion": "0.3.2",
+      "fork": "glamsterdam",
+      "target": {
+        "kind": "bytecode",
+        "name": "fixtures/bytecode/multicall3-mainnet-runtime.hex"
+      },
+      "summary": {
+        "risk": "low",
+        "findingCount": 3,
+        "highCount": 0,
+        "mediumCount": 0,
+        "lowCount": 2,
+        "unknownCount": 1
+      }
+    },
+    "candidate": {
+      "toolVersion": "0.3.2",
+      "fork": "glamsterdam",
+      "target": {
+        "kind": "bytecode",
+        "name": "fixtures/bytecode/multicall3-mainnet-runtime.hex"
+      },
+      "summary": {
+        "risk": "low",
+        "findingCount": 4,
+        "highCount": 0,
+        "mediumCount": 0,
+        "lowCount": 3,
+        "unknownCount": 1
+      }
+    }
+  },
+  "summary": {
+    "riskChange": {
+      "from": "low",
+      "to": "low",
+      "direction": "unchanged"
+    },
+    "findingCount": {
+      "baseline": 3,
+      "candidate": 4,
+      "delta": 1
+    },
+    "addedCount": 1,
+    "removedCount": 0,
+    "changedCount": 0,
+    "unchangedCount": 3,
+    "severityIncreasedCount": 0,
+    "severityDecreasedCount": 0,
+    "severityChangedCount": 0,
+    "confidenceIncreasedCount": 0,
+    "confidenceDecreasedCount": 0,
+    "confidenceChangedCount": 0
+  },
+  "changes": {
+    "added": [
+      {
+        "key": "bytecode.state-account-opcode-presence",
+        "id": "bytecode.state-account-opcode-presence",
+        "title": "State and account access opcodes are present",
+        "severity": "low",
+        "confidence": "medium",
+        "domain": [
+          "contracts",
+          "execution"
+        ],
+        "relatedEips": [
+          "GAS-REPRICING",
+          "EIP-7904",
+          "EIP-8038",
+          "EIP-7976"
+        ]
+      }
+    ],
+    "removed": [],
+    "changed": [],
+    "unchanged": [
+      {
+        "key": "bytecode.calldata-copy-exposure",
+        "id": "bytecode.calldata-copy-exposure",
+        "title": "Calldata copy opcode is present",
+        "severity": "low",
+        "confidence": "medium",
+        "domain": [
+          "contracts",
+          "execution"
+        ],
+        "relatedEips": [
+          "GAS-REPRICING",
+          "EIP-7976",
+          "EIP-7904",
+          "EIP-8038"
+        ]
+      },
+      {
+        "key": "bytecode.log-opcodes-present",
+        "id": "bytecode.log-opcodes-present",
+        "title": "Log opcodes are present",
+        "severity": "low",
+        "confidence": "medium",
+        "domain": [
+          "contracts",
+          "indexer",
+          "monitoring"
+        ],
+        "relatedEips": [
+          "EIP-7708"
+        ]
+      },
+      {
+        "key": "bytecode.manual-review-required",
+        "id": "bytecode.manual-review-required",
+        "title": "Manual review is still required for runtime behavior",
+        "severity": "unknown",
+        "confidence": "low",
+        "domain": [
+          "contracts",
+          "execution"
+        ],
+        "relatedEips": [
+          "GAS-REPRICING"
+        ]
+      }
+    ]
+  },
+  "assumptions": [
+    "Reports were compared by finding id. Repeated finding ids are disambiguated with deterministic occurrence suffixes.",
+    "Severity and confidence changes are structural report changes, not protocol gas estimates."
+  ],
+  "limitations": [
+    "The comparison does not infer exact gas deltas, final Glamsterdam parameters, or current-vs-Glamsterdam client behavior unless those values are already present in the input reports.",
+    "Added and removed findings can reflect threshold profile differences, fixture coverage changes, registry updates, or detector changes; review the source reports before treating a diff as a protocol risk change."
+  ]
+}

package/datasets/public-seed/comparisons/bytecode-storage-heavy--default-vs-research.json CHANGED Viewed

@@ -1,9 +1,9 @@
 {
-  "toolVersion": "0.3.1",
+  "toolVersion": "0.3.2",
   "fork": "glamsterdam",
   "comparison": {
     "baseline": {
-      "toolVersion": "0.3.1",
+      "toolVersion": "0.3.2",
       "fork": "glamsterdam",
       "target": {
         "kind": "bytecode",
@@ -19,7 +19,7 @@
       }
     },
     "candidate": {
-      "toolVersion": "0.3.1",
+      "toolVersion": "0.3.2",
       "fork": "glamsterdam",
       "target": {
         "kind": "bytecode",

package/datasets/public-seed/comparisons/bytecode-uniswap-v2-factory-mainnet-runtime--default-vs-research.json ADDED Viewed

@@ -0,0 +1,168 @@
+{
+  "toolVersion": "0.3.2",
+  "fork": "glamsterdam",
+  "comparison": {
+    "baseline": {
+      "toolVersion": "0.3.2",
+      "fork": "glamsterdam",
+      "target": {
+        "kind": "bytecode",
+        "name": "fixtures/bytecode/uniswap-v2-factory-mainnet-runtime.hex"
+      },
+      "summary": {
+        "risk": "medium",
+        "findingCount": 6,
+        "highCount": 0,
+        "mediumCount": 3,
+        "lowCount": 2,
+        "unknownCount": 1
+      }
+    },
+    "candidate": {
+      "toolVersion": "0.3.2",
+      "fork": "glamsterdam",
+      "target": {
+        "kind": "bytecode",
+        "name": "fixtures/bytecode/uniswap-v2-factory-mainnet-runtime.hex"
+      },
+      "summary": {
+        "risk": "medium",
+        "findingCount": 6,
+        "highCount": 0,
+        "mediumCount": 3,
+        "lowCount": 2,
+        "unknownCount": 1
+      }
+    }
+  },
+  "summary": {
+    "riskChange": {
+      "from": "medium",
+      "to": "medium",
+      "direction": "unchanged"
+    },
+    "findingCount": {
+      "baseline": 6,
+      "candidate": 6,
+      "delta": 0
+    },
+    "addedCount": 0,
+    "removedCount": 0,
+    "changedCount": 0,
+    "unchangedCount": 6,
+    "severityIncreasedCount": 0,
+    "severityDecreasedCount": 0,
+    "severityChangedCount": 0,
+    "confidenceIncreasedCount": 0,
+    "confidenceDecreasedCount": 0,
+    "confidenceChangedCount": 0
+  },
+  "changes": {
+    "added": [],
+    "removed": [],
+    "changed": [],
+    "unchanged": [
+      {
+        "key": "bytecode.calldata-copy-exposure",
+        "id": "bytecode.calldata-copy-exposure",
+        "title": "Calldata copy opcode is present",
+        "severity": "low",
+        "confidence": "medium",
+        "domain": [
+          "contracts",
+          "execution"
+        ],
+        "relatedEips": [
+          "GAS-REPRICING",
+          "EIP-7976",
+          "EIP-7904",
+          "EIP-8038"
+        ]
+      },
+      {
+        "key": "bytecode.contract-creation-opcodes",
+        "id": "bytecode.contract-creation-opcodes",
+        "title": "Contract creation opcodes are present",
+        "severity": "medium",
+        "confidence": "high",
+        "domain": [
+          "contracts",
+          "execution"
+        ],
+        "relatedEips": [
+          "GAS-REPRICING",
+          "EIP-8037"
+        ]
+      },
+      {
+        "key": "bytecode.log-opcodes-present",
+        "id": "bytecode.log-opcodes-present",
+        "title": "Log opcodes are present",
+        "severity": "low",
+        "confidence": "medium",
+        "domain": [
+          "contracts",
+          "indexer",
+          "monitoring"
+        ],
+        "relatedEips": [
+          "EIP-7708"
+        ]
+      },
+      {
+        "key": "bytecode.manual-review-required",
+        "id": "bytecode.manual-review-required",
+        "title": "Manual review is still required for runtime behavior",
+        "severity": "unknown",
+        "confidence": "low",
+        "domain": [
+          "contracts",
+          "execution"
+        ],
+        "relatedEips": [
+          "GAS-REPRICING"
+        ]
+      },
+      {
+        "key": "bytecode.state-account-opcode-exposure",
+        "id": "bytecode.state-account-opcode-exposure",
+        "title": "State and account access opcodes are prominent in bytecode",
+        "severity": "medium",
+        "confidence": "medium",
+        "domain": [
+          "contracts",
+          "execution"
+        ],
+        "relatedEips": [
+          "GAS-REPRICING",
+          "EIP-7904",
+          "EIP-8038",
+          "EIP-7976"
+        ]
+      },
+      {
+        "key": "bytecode.storage-heavy-pattern",
+        "id": "bytecode.storage-heavy-pattern",
+        "title": "Storage-related opcodes appear frequently",
+        "severity": "medium",
+        "confidence": "medium",
+        "domain": [
+          "contracts",
+          "execution"
+        ],
+        "relatedEips": [
+          "GAS-REPRICING",
+          "EIP-8038"
+        ]
+      }
+    ]
+  },
+  "assumptions": [
+    "Reports were compared by finding id. Repeated finding ids are disambiguated with deterministic occurrence suffixes.",
+    "Severity and confidence changes are structural report changes, not protocol gas estimates."
+  ],
+  "limitations": [
+    "The comparison does not infer exact gas deltas, final Glamsterdam parameters, or current-vs-Glamsterdam client behavior unless those values are already present in the input reports.",
+    "Added and removed findings can reflect threshold profile differences, fixture coverage changes, registry updates, or detector changes; review the source reports before treating a diff as a protocol risk change."
+  ]
+}

package/datasets/public-seed/comparisons/bytecode-usdc-proxy-mainnet-runtime--default-vs-research.json ADDED Viewed

@@ -0,0 +1,154 @@
+{
+  "toolVersion": "0.3.2",
+  "fork": "glamsterdam",
+  "comparison": {
+    "baseline": {
+      "toolVersion": "0.3.2",
+      "fork": "glamsterdam",
+      "target": {
+        "kind": "bytecode",
+        "name": "fixtures/bytecode/usdc-proxy-mainnet-runtime.hex"
+      },
+      "summary": {
+        "risk": "medium",
+        "findingCount": 4,
+        "highCount": 0,
+        "mediumCount": 1,
+        "lowCount": 2,
+        "unknownCount": 1
+      }
+    },
+    "candidate": {
+      "toolVersion": "0.3.2",
+      "fork": "glamsterdam",
+      "target": {
+        "kind": "bytecode",
+        "name": "fixtures/bytecode/usdc-proxy-mainnet-runtime.hex"
+      },
+      "summary": {
+        "risk": "medium",
+        "findingCount": 5,
+        "highCount": 0,
+        "mediumCount": 2,
+        "lowCount": 2,
+        "unknownCount": 1
+      }
+    }
+  },
+  "summary": {
+    "riskChange": {
+      "from": "medium",
+      "to": "medium",
+      "direction": "unchanged"
+    },
+    "findingCount": {
+      "baseline": 4,
+      "candidate": 5,
+      "delta": 1
+    },
+    "addedCount": 1,
+    "removedCount": 0,
+    "changedCount": 0,
+    "unchangedCount": 4,
+    "severityIncreasedCount": 0,
+    "severityDecreasedCount": 0,
+    "severityChangedCount": 0,
+    "confidenceIncreasedCount": 0,
+    "confidenceDecreasedCount": 0,
+    "confidenceChangedCount": 0
+  },
+  "changes": {
+    "added": [
+      {
+        "key": "bytecode.storage-heavy-pattern",
+        "id": "bytecode.storage-heavy-pattern",
+        "title": "Storage-related opcodes appear frequently",
+        "severity": "medium",
+        "confidence": "medium",
+        "domain": [
+          "contracts",
+          "execution"
+        ],
+        "relatedEips": [
+          "GAS-REPRICING",
+          "EIP-8038"
+        ]
+      }
+    ],
+    "removed": [],
+    "changed": [],
+    "unchanged": [
+      {
+        "key": "bytecode.calldata-copy-exposure",
+        "id": "bytecode.calldata-copy-exposure",
+        "title": "Calldata copy opcode is present",
+        "severity": "low",
+        "confidence": "medium",
+        "domain": [
+          "contracts",
+          "execution"
+        ],
+        "relatedEips": [
+          "GAS-REPRICING",
+          "EIP-7976",
+          "EIP-7904",
+          "EIP-8038"
+        ]
+      },
+      {
+        "key": "bytecode.log-opcodes-present",
+        "id": "bytecode.log-opcodes-present",
+        "title": "Log opcodes are present",
+        "severity": "low",
+        "confidence": "medium",
+        "domain": [
+          "contracts",
+          "indexer",
+          "monitoring"
+        ],
+        "relatedEips": [
+          "EIP-7708"
+        ]
+      },
+      {
+        "key": "bytecode.manual-review-required",
+        "id": "bytecode.manual-review-required",
+        "title": "Manual review is still required for runtime behavior",
+        "severity": "unknown",
+        "confidence": "low",
+        "domain": [
+          "contracts",
+          "execution"
+        ],
+        "relatedEips": [
+          "GAS-REPRICING"
+        ]
+      },
+      {
+        "key": "bytecode.state-account-opcode-exposure",
+        "id": "bytecode.state-account-opcode-exposure",
+        "title": "State and account access opcodes are prominent in bytecode",
+        "severity": "medium",
+        "confidence": "medium",
+        "domain": [
+          "contracts",
+          "execution"
+        ],
+        "relatedEips": [
+          "GAS-REPRICING",
+          "EIP-7904",
+          "EIP-8038",
+          "EIP-7976"
+        ]
+      }
+    ]
+  },
+  "assumptions": [
+    "Reports were compared by finding id. Repeated finding ids are disambiguated with deterministic occurrence suffixes.",
+    "Severity and confidence changes are structural report changes, not protocol gas estimates."
+  ],
+  "limitations": [
+    "The comparison does not infer exact gas deltas, final Glamsterdam parameters, or current-vs-Glamsterdam client behavior unless those values are already present in the input reports.",
+    "Added and removed findings can reflect threshold profile differences, fixture coverage changes, registry updates, or detector changes; review the source reports before treating a diff as a protocol risk change."
+  ]
+}