@elytrasec/engine 0.3.0 → 0.3.1

package/dist/index.d.ts

@@ -1291,4 +1291,31 @@ interface DiscoverOptions {
  */
 declare function discoverFiles(targetPath: string, opts?: DiscoverOptions): DiscoveredFile[];
 
-export { AIClient, type AICompleteParams, type AICompleteResult, type AIMessage, type AIProvider, type AnalyzeCodeParams, type AnalyzeFileParams, type AnalyzeParams, AnthropicProvider, type ApplyFixesResult, type AuditIssue, type AuditReport, CWE_OWASP_MAP, type Chain, type ChangeType, type CreateProviderOptions, type CweOwaspEntry, type DepInfo, type DepVulnerability, type DependencyReport, type DiffChange, type DiffChunk, type DiffFile, type DiffHunk, type DiscoverOptions, type DiscoveredFile, type Ecosystem, type ElytraConfig, type FileClassification, type FileFixInput, type FileFixResult, type FileStatus, type FileTransform, type Finding, FindingSchema, type Framework, type FullScanParams, type GitHubReviewComment, type HardenResult, type HardenSuggestion, type IssueCategory, type Language, MockProvider, OllamaProvider, OpenAIProvider, type ParsedDiff, type PatternRule, type ProjectFile, type ProjectSummary, type ReportOptions, type ReviewResult, ReviewResultSchema, type RewriteResult, type Rule, type SecurityScore, type SecurityScoreOutput, SecurityScoreSchema, type Severity, SeveritySchema, type StaticAnalysisOptions, type StaticAnalysisResult, type StaticFinding, type ToolRunner, type ToolRunnerOptions, type TransformResult, type UpgradeItem, type UpgradeOptions, type UpgradePlan, type UpgradeResult, type UpgradeType, ALL_RULES as _ALL_RULES, scanFile as _scanFile, analyze, analyzeDependencies, analyzeFullScan, apiRules, applyFixes, applyHardenFix, auditCodebase, authRules, bestPracticeRules, classifyFile, complexityRules, computeScore, createProvider, deadCodeRules, dedupeFindings, discoverFiles, filterByConfig, formatAsReviewComments, formatStaticFindingsForAI, gasRules, generalRules, generateFallbackPlan, generateMarkdownReport, generateUpgradePlan, getAllRules, getCweOwasp, getRulesForChains, getSystemPrompt, gitleaksRunner, ingestRepo, injectionRules, loadConfig, logger, namingRules, parseDiff, patternScannerRunner, readRepoFile, readRepoFiles, reconRules, rewriteFile, rewriteFiles, runHarden, runStaticAnalysis, runUpgrade, semgrepRunner, slitherRunner, solidityRules, splitIntoChunks, transformFiles, validateFixedSyntax };
+/**
+ * Agentic PoC generator.
+ *
+ * Given a Finding from our scanner and the vulnerable contract source,
+ * asks Claude to write a Foundry exploit test, then tries to run it
+ * against an Anvil fork to confirm the vulnerability is actually exploitable.
+ *
+ * Returns a PocResult indicating whether the finding was confirmed, along
+ * with the generated test and execution output.
+ *
+ * Degrades gracefully when forge/anvil are not installed — the PoC code
+ * is still generated, status is "generated" rather than "confirmed".
+ */
+
+type PocStatus = "confirmed" | "not-exploitable" | "generated" | "error";
+interface PocResult {
+    status: PocStatus;
+    pocCode: string;
+    output: string;
+    rpcUrl?: string;
+}
+declare class PocGenerator {
+    private provider;
+    constructor(provider: AIProvider);
+    generate(finding: Finding, contractSource: string, rpcUrl?: string): Promise<PocResult>;
+}
+
+export { AIClient, type AICompleteParams, type AICompleteResult, type AIMessage, type AIProvider, type AnalyzeCodeParams, type AnalyzeFileParams, type AnalyzeParams, AnthropicProvider, type ApplyFixesResult, type AuditIssue, type AuditReport, CWE_OWASP_MAP, type Chain, type ChangeType, type CreateProviderOptions, type CweOwaspEntry, type DepInfo, type DepVulnerability, type DependencyReport, type DiffChange, type DiffChunk, type DiffFile, type DiffHunk, type DiscoverOptions, type DiscoveredFile, type Ecosystem, type ElytraConfig, type FileClassification, type FileFixInput, type FileFixResult, type FileStatus, type FileTransform, type Finding, FindingSchema, type Framework, type FullScanParams, type GitHubReviewComment, type HardenResult, type HardenSuggestion, type IssueCategory, type Language, MockProvider, OllamaProvider, OpenAIProvider, type ParsedDiff, type PatternRule, PocGenerator, type PocResult, type PocStatus, type ProjectFile, type ProjectSummary, type ReportOptions, type ReviewResult, ReviewResultSchema, type RewriteResult, type Rule, type SecurityScore, type SecurityScoreOutput, SecurityScoreSchema, type Severity, SeveritySchema, type StaticAnalysisOptions, type StaticAnalysisResult, type StaticFinding, type ToolRunner, type ToolRunnerOptions, type TransformResult, type UpgradeItem, type UpgradeOptions, type UpgradePlan, type UpgradeResult, type UpgradeType, ALL_RULES as _ALL_RULES, scanFile as _scanFile, analyze, analyzeDependencies, analyzeFullScan, apiRules, applyFixes, applyHardenFix, auditCodebase, authRules, bestPracticeRules, classifyFile, complexityRules, computeScore, createProvider, deadCodeRules, dedupeFindings, discoverFiles, filterByConfig, formatAsReviewComments, formatStaticFindingsForAI, gasRules, generalRules, generateFallbackPlan, generateMarkdownReport, generateUpgradePlan, getAllRules, getCweOwasp, getRulesForChains, getSystemPrompt, gitleaksRunner, ingestRepo, injectionRules, loadConfig, logger, namingRules, parseDiff, patternScannerRunner, readRepoFile, readRepoFiles, reconRules, rewriteFile, rewriteFiles, runHarden, runStaticAnalysis, runUpgrade, semgrepRunner, slitherRunner, solidityRules, splitIntoChunks, transformFiles, validateFixedSyntax };

package/dist/index.js

@@ -4603,6 +4603,112 @@ var iacRules = [
     pathPattern: /\.github[/\\]workflows[/\\]/
   }
 ];
+var eip7702Rules = [
+  {
+    id: "cp-sol-7702-unguarded-init",
+    title: "EIP-7702 delegation: unguarded initializer",
+    description: "Contracts used as EIP-7702 delegation targets must guard initializers \u2014 constructors don't run on delegated EOAs. An unguarded `initialize()` can be front-run, letting an attacker take ownership of the delegated account.",
+    suggestion: "Add an `initializer` modifier (OpenZeppelin) or an `initialized` flag checked at the top of every init function. Ensure no init path is callable twice.",
+    pattern: /function\s+initialize\s*\([^)]*\)\s*(?:external|public)(?!\s+\w*[Ii]nitializer)/,
+    severity: "critical",
+    category: "solidity",
+    confidence: "medium",
+    languages: SOL
+  },
+  {
+    id: "cp-sol-7702-nonce-race",
+    title: "EIP-7702 delegation: nonce race condition",
+    description: "EIP-7702 authorization tuples share the EOA nonce space with regular transactions. A pending delegation can be invalidated or front-run by submitting a regular transaction that increments the nonce before the authorization is mined.",
+    suggestion: "Always set `nonce` explicitly in authorization tuples. Do not rely on mempool ordering for security-sensitive delegations \u2014 use a commit-reveal or atomic multicall pattern.",
+    pattern: /authorization\s*=\s*\{[^}]*nonce\s*:\s*0[^x]/i,
+    severity: "high",
+    category: "solidity",
+    confidence: "medium",
+    languages: SOL
+  }
+];
+var tstoreRules = [
+  {
+    id: "cp-sol-tstore-reentrancy",
+    title: "Transient storage (TSTORE) used \u2014 verify reentrancy safety",
+    description: "Transient storage (EIP-1153, live since Cancun) does not impose the 2300 gas minimum of SSTORE-based guards. If this contract also uses `transfer()` or `send()` for ETH, those calls are no longer reentrancy-safe \u2014 the callee has enough gas to re-enter via TLOAD/TSTORE paths.",
+    suggestion: 'Audit every ETH transfer in this contract. Replace `transfer()`/`send()` with `call{value:}("")` + explicit reentrancy check. Ensure TSTORE lock is written before any external call.',
+    pattern: /assembly\s*\{[^}]*tstore\s*\(|TransientSlot|tstore\s*\(/i,
+    severity: "high",
+    category: "solidity",
+    confidence: "medium",
+    languages: SOL
+  },
+  {
+    id: "cp-sol-tstore-lock-pattern",
+    title: "Transient storage lock: verify all entry points are guarded",
+    description: "TSTORE-based reentrancy locks reset at transaction end (not call end). A lock set in `functionA` does NOT protect `functionB` called in a separate transaction, and a lock set mid-call does NOT protect earlier entry points in the same call chain.",
+    suggestion: "Apply the TSTORE lock modifier to every external/public function that modifies state, not just the function that initiates the ETH transfer.",
+    pattern: /assembly\s*\{[^}]*tload\s*\([^}]*\)[^}]*tstore\s*\(/is,
+    severity: "medium",
+    category: "solidity",
+    confidence: "low",
+    languages: SOL
+  }
+];
+var uniswapV4Rules = [
+  {
+    id: "cp-sol-v4hook-missing-sender-check",
+    title: "Uniswap v4 hook: missing PoolManager sender validation",
+    description: "Hook callbacks (`beforeSwap`, `afterSwap`, `beforeAddLiquidity`, etc.) must verify `msg.sender == address(poolManager)`. Without this check, any address can call the hook directly and manipulate its state.",
+    suggestion: 'Add `require(msg.sender == address(poolManager), "not PoolManager");` as the first line of every hook callback, or inherit from `BaseHook` which enforces this automatically.',
+    pattern: /function\s+(?:before|after)(?:Swap|AddLiquidity|RemoveLiquidity|Initialize|Donate)\s*\(/,
+    severity: "critical",
+    category: "solidity",
+    confidence: "medium",
+    languages: SOL
+  },
+  {
+    id: "cp-sol-v4hook-reentrancy-callback",
+    title: "Uniswap v4 hook: external call inside hook callback",
+    description: "Making external calls from within a hook callback (beforeSwap, afterSwap, etc.) while the PoolManager lock is held can trigger reentrancy into the pool. The singleton PoolManager uses a transient-storage lock that is bypassable via hooks that call back into the pool.",
+    suggestion: "Avoid external calls in hook callbacks. If you must call out, use the `unlockCallback` pattern to queue actions and execute them after the current lock cycle completes.",
+    pattern: /function\s+(?:before|after)(?:Swap|AddLiquidity|RemoveLiquidity|Initialize|Donate)[\s\S]{0,500}?\.call\s*\{/,
+    multilinePattern: /function\s+(before|after)(Swap|AddLiquidity|RemoveLiquidity|Initialize|Donate)\s*\([^)]*\)[^{]*\{[\s\S]{0,800}?(?:\.call\s*\{|\.transfer\s*\(|\.send\s*\()/gm,
+    severity: "critical",
+    category: "solidity",
+    confidence: "medium",
+    languages: SOL
+  },
+  {
+    id: "cp-sol-v4hook-delta-not-consumed",
+    title: "Uniswap v4 hook: BalanceDelta returned without settle/take",
+    description: "Hooks that return a modified `BalanceDelta` must ensure the delta is fully consumed (settled or taken) within the same unlock cycle. An unconsumed delta causes `CurrencyNotSettled` revert; partial consumption can silently strand tokens.",
+    suggestion: "Ensure `poolManager.settle()` or `poolManager.take()` is called for both currency0 and currency1 before returning from the unlock callback.",
+    pattern: /returns\s*\([^)]*BalanceDelta[^)]*\)(?![\s\S]{0,800}?(?:settle|\.take)\s*\()/,
+    severity: "high",
+    category: "solidity",
+    confidence: "low",
+    languages: SOL
+  },
+  {
+    id: "cp-sol-v4hook-unrestricted-permissions",
+    title: "Uniswap v4 hook: overly broad hook permissions",
+    description: "Hook permissions are set at deployment via the address bit-flags and cannot be changed. Requesting permissions you don't need (e.g. `BEFORE_SWAP_RETURNS_DELTA` when you never return a delta) increases attack surface and gas costs for every pool interaction.",
+    suggestion: "Return only the minimum required `Hooks.Permissions` from `getHookPermissions()`. Audit each permission flag against your actual callback implementations.",
+    pattern: /getHookPermissions\s*\(\s*\)\s*(?:public|external|override)[^{]*\{[\s\S]{0,300}?true/,
+    severity: "medium",
+    category: "solidity",
+    confidence: "low",
+    languages: SOL
+  },
+  {
+    id: "cp-sol-v4hook-sqrt-price-manipulation",
+    title: "Uniswap v4 hook: spot sqrtPriceX96 used for pricing without limit",
+    description: "Using spot `sqrtPriceX96` read from pool state inside a hook callback for pricing decisions without a `sqrtPriceLimitX96` bound is sandwich-attackable. The price reflects post-swap state which may be manipulated.",
+    suggestion: "Pass `sqrtPriceLimitX96` to all swap calls from hooks. Use a TWAP oracle for pricing rather than spot price.",
+    pattern: /sqrtPriceX96\s*[*/+-]\s*\w|sqrtPriceX96\s*=\s*(?!.*[Ll]imit)/,
+    severity: "high",
+    category: "solidity",
+    confidence: "low",
+    languages: SOL
+  }
+];
 var ALL_RULES2 = [
   ...securityRules,
   ...solidityRules2,
@@ -4613,7 +4719,10 @@ var ALL_RULES2 = [
   ...performanceRules,
   ...cleaningRules,
   ...reactRules,
-  ...iacRules
+  ...iacRules,
+  ...eip7702Rules,
+  ...tstoreRules,
+  ...uniswapV4Rules
 ];
 
 // src/static/pattern-scanner.ts
@@ -7914,6 +8023,175 @@ function buildSummary2(findings, fileCount, toolsRan) {
   }
   return summary;
 }
+
+// src/ai/poc-generator.ts
+import { execFile as execFile7 } from "child_process";
+import { writeFile as writeFile2, mkdir as mkdir2 } from "fs/promises";
+import { promisify as promisify7 } from "util";
+import { tmpdir } from "os";
+import { join as join4 } from "path";
+import { randomBytes } from "crypto";
+var exec7 = promisify7(execFile7);
+var SYSTEM_PROMPT = `You are an expert smart contract security researcher who writes Foundry (forge) exploit tests to demonstrate vulnerabilities.
+
+Given a security finding and the vulnerable contract source code, write a minimal Foundry test that:
+1. Deploys the vulnerable contract (or a minimal reproduction of the vulnerable pattern)
+2. Demonstrates the exploit in a test function named test_exploit()
+3. Uses vm.expectRevert() or assertions to show the vulnerability is real
+4. Includes a brief comment explaining the attack vector
+
+Rules:
+- Use Solidity ^0.8.20 and Foundry's Test base
+- Import only from forge-std (available: Test, console, Vm, StdCheats)
+- If the contract needs an RPC fork (e.g. for on-chain state), emit a // @fork-required comment on line 1
+- Keep it minimal \u2014 prove the bug, nothing else
+- Return ONLY valid Solidity, no markdown fences, no explanation outside comments
+
+Format:
+\`\`\`solidity
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.20;
+
+import "forge-std/Test.sol";
+
+contract ExploitTest is Test {
+    // ...setup...
+
+    function test_exploit() public {
+        // ...exploit...
+    }
+}
+\`\`\``;
+function buildUserMessage(finding, contractSource) {
+  return `## Vulnerability Finding
+
+Rule ID: ${finding.ruleId}
+Title: ${finding.title}
+Severity: ${finding.severity}
+File: ${finding.filePath} (lines ${finding.startLine}\u2013${finding.endLine})
+Description: ${finding.description}
+
+Vulnerable code snippet:
+\`\`\`solidity
+${finding.codeSnippet}
+\`\`\`
+
+Fix suggestion: ${finding.suggestion}
+
+## Full Contract Source
+
+\`\`\`solidity
+${contractSource}
+\`\`\`
+
+Write the Foundry exploit test now.`;
+}
+function extractSolidity(text) {
+  const fenceMatch = text.match(/```(?:solidity)?\s*([\s\S]*?)```/);
+  if (fenceMatch) return fenceMatch[1].trim();
+  return text.trim();
+}
+async function forgeAvailable() {
+  try {
+    await exec7("forge", ["--version"], { timeout: 5e3 });
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function runForgeTest(pocCode, rpcUrl) {
+  const id = randomBytes(6).toString("hex");
+  const dir = join4(tmpdir(), `elytra-poc-${id}`);
+  const srcDir = join4(dir, "src");
+  const testDir = join4(dir, "test");
+  const libDir = join4(dir, "lib");
+  try {
+    await mkdir2(srcDir, { recursive: true });
+    await mkdir2(testDir, { recursive: true });
+    await mkdir2(libDir, { recursive: true });
+    await writeFile2(
+      join4(dir, "foundry.toml"),
+      `[profile.default]
+src = "src"
+out = "out"
+libs = ["lib"]
+`
+    );
+    const testFile = join4(testDir, "Exploit.t.sol");
+    await writeFile2(testFile, pocCode);
+    const args = ["test", "--match-contract", "ExploitTest", "--no-match-coverage", "-vv"];
+    if (rpcUrl) {
+      args.push("--fork-url", rpcUrl);
+    }
+    const { stdout, stderr } = await exec7("forge", args, {
+      cwd: dir,
+      timeout: 6e4,
+      env: { ...process.env, FOUNDRY_PROFILE: "default" }
+    });
+    const output = [stdout, stderr].filter(Boolean).join("\n");
+    const passed = output.includes("PASS") || output.includes("ok");
+    return { success: passed, output };
+  } catch (err) {
+    const output = err.stdout ?? err.stderr ?? String(err);
+    return { success: false, output };
+  } finally {
+    exec7("rm", ["-rf", dir]).catch(() => {
+    });
+  }
+}
+var PocGenerator = class {
+  provider;
+  constructor(provider) {
+    this.provider = provider;
+  }
+  async generate(finding, contractSource, rpcUrl) {
+    if (finding.category !== "solidity" && !finding.ruleId.startsWith("cp-sol")) {
+      return {
+        status: "error",
+        pocCode: "",
+        output: "PoC generation only supported for Solidity findings"
+      };
+    }
+    let pocCode = "";
+    try {
+      const response = await this.provider.complete({
+        messages: [
+          { role: "system", content: SYSTEM_PROMPT },
+          { role: "user", content: buildUserMessage(finding, contractSource) }
+        ],
+        maxTokens: 4096
+      });
+      pocCode = extractSolidity(response.text);
+      if (!pocCode) {
+        return { status: "error", pocCode: "", output: "AI returned empty response" };
+      }
+    } catch (err) {
+      logger.error(`PocGenerator: AI call failed: ${err}`);
+      return { status: "error", pocCode: "", output: String(err) };
+    }
+    const hasForge = await forgeAvailable();
+    if (!hasForge) {
+      logger.info("PocGenerator: forge not available, returning generated code only");
+      return {
+        status: "generated",
+        pocCode,
+        output: "forge not installed \u2014 PoC generated but not executed",
+        rpcUrl
+      };
+    }
+    const forkRequired = pocCode.includes("@fork-required");
+    const { success, output } = await runForgeTest(
+      pocCode,
+      forkRequired ? rpcUrl : void 0
+    );
+    return {
+      status: success ? "confirmed" : "not-exploitable",
+      pocCode,
+      output,
+      rpcUrl: forkRequired ? rpcUrl : void 0
+    };
+  }
+};
 export {
   AIClient,
   AnthropicProvider,
@@ -7922,6 +8200,7 @@ export {
   MockProvider,
   OllamaProvider,
   OpenAIProvider,
+  PocGenerator,
   ReviewResultSchema,
   SecurityScoreSchema,
   SeveritySchema,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@elytrasec/engine",
-  "version": "0.3.0",
+  "version": "0.3.1",
   "description": "Core analysis engine for Elytra — 120+ detection rules, static + AI scanning, scoring",
   "license": "MIT",
   "author": "ElytraSec <hello@elytrasec.io>",