@mik3fly-lab/risk-flags

Single source of truth for RektRadar's risk-flag catalogue: the ~125 signals contract-analyzer can raise on an Ethereum token, with EN/FR copy, severity, analyzer category and emission status (active vs upcoming).

Why

The catalogue used to be copy-pasted in two repos (rektradar-site for the /signals/<slug> SEO pages, rektradar-app for /api/signals + token-example validation). The two drifted: app knew 53 slugs, site 126, so the 73 extra slugs returned 404 flag_not_found on /api/signals/<slug>/tokens. This package makes the slug set and the copy impossible to desync.

Usage

import { FLAGS, FLAG_BY_SLUG, ALL_FLAG_SLUGS, getFlagField } from "@mik3fly-lab/risk-flags";
import type { FlagDefinition, Analyzer, FlagSeverity, FlagStatus } from "@mik3fly-lab/risk-flags";

// Active flags only (emitted by the live pipeline):
const active = FLAGS.filter((f) => f.status !== "upcoming");

Exports

• FLAGS - the full catalogue (active + upcoming).
• FLAG_BY_SLUG - O(1) lookup map.
• ALL_FLAG_SLUGS - slug list (sitemaps / validation).
• getFlagField(flag, field, lang) - EN/FR-aware field accessor.
• Types: FlagDefinition, FlagSeverity, Analyzer, FlagStatus, FlagFrOverride, Lang.

Status field

• active (or omitted): emitted today, real data in token_analysis.risk_flags.
• upcoming: documented but not yet emitted (analyzer not wired / data source missing). Consumers render these in a separate "roadmap" section and must not count them as live signals.

Releasing

npm version <patch|minor|major> then push the tag; CI publishes to npm. Consumers bump their dependency. The data-integrity test (vitest) guards against duplicate slugs, missing fields, and the active/upcoming split.