Real exploit classes
Stripe webhook verification, JWT auth bypasses, command injection, secret leaks, and Solana misconfigurations.
Open-source security auditor
Security knowledge that proves itself in code.
brainblast runs deterministic checks against codebases, applies mechanical fixes for confirmed issues, and is opening a rule-pack economy where experts earn $BRAIN when their security knowledge helps real teams fix real bugs.
Deterministic by design
No hallucinated security theater. Checks that know what failure looks like.
brainblast is a tireless reviewer for codebases. It does not merely suggest that something might be wrong. It runs concrete rules, points to the exact location, and tells you how to fix the issue before it ships.
Project-wide taint tracking
Follow a secret from an environment variable across files and functions into logs, responses, or other unsafe sinks.
Fixes must prove out
npx brainblast fix . --apply applies mechanical fixes and re-checks that the bug moved from RED to GREEN.
$BRAIN flywheel
A marketplace for security knowledge, paid only when it works.
The people who know a protocol's footguns are rarely the people maintaining a general-purpose scanner. brainblast flips that: domain experts publish rule packs, users unlock premium packs, and $BRAIN moves value toward rules that produce confirmed fixes.
Stake to publish
Rule authors stake $BRAIN to list packs. Severity sets the deposit size, and every pack must pass the prove gate first.
Prove RED -> GREEN
A pack has to catch its own test cases before entering the registry. Junk rules do not get a free lane.
Earn on fixes
Rules become bounty-eligible only after five users, on five repos, accept a working fix --apply.
Compound the pool
Premium pack payments split between authors and the bounty pool, so useful security knowledge funds more useful rules.
Security knowledge economy
$BRAIN is the unit of account for verified security value.
The system does not pay for noisy findings. It rewards fixes that real teams accept and that brainblast confirms. Trust stays merit-ranked: sponsored placement can buy discovery, but it cannot buy the default list.
USD-equivalent $BRAIN stake by severity, with a 2% registry tax flowing into the bounty pool.
Paid per confirmed fix after the five-user, five-repo graduation threshold.
Or about $200/org/year, split 50/50 between the pack author and the bounty pool.
Install and run
Start with the open-source auditor. Keep the rule economy in view.
Install the v0.4.3 agent workflow, scan repos with the npm CLI, and use the auditor/fix loop as rule packs expand. The same product surface becomes the on-ramp for community-written security rules.
curl -fsSL https://raw.githubusercontent.com/DSB-117/brainblast/v0.4.3/install.sh | sh
Install brainblast by running:
curl -fsSL https://raw.githubusercontent.com/DSB-117/brainblast/v0.4.3/install.sh | sh
Then run /brainblast requirements.md before implementation and
npx brainblast . in CI to audit the code that got written.
npx brainblast .
npx brainblast fix . --apply
Quality control
The registry is designed to reject noise.
Rules with a terrible detected-to-fixed ratio get flagged and paused from earning until they are tightened. Bounty eligibility comes from demonstrated utility, not raw alert volume.
Stake discourages spam.
Prove gate blocks junk.
Fixes beat findings.
Merit ranking stays protected.
Get big brain energy
$BRAIN is on BAGS.
Creator trading fees help bootstrap the bounty pool while premium rule packs grow the self-funding security knowledge economy.
CA: 5wxVBRmjaRLw71SE7nNFzTioEtQdzM5EkdP5k1BDBAGS