@reinforcedai/hardhat-security-review 2511.26.1

package/package.json

@@ -0,0 +1,51 @@
+{
+  "name": "@reinforcedai/hardhat-security-review",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "type": "commonjs",
+  "version": "2511.26.1",
+  "scripts": {
+    "lint:fix": "prettier --write 'src/**/*.{js,ts}' 'test/**/*.{js,ts}' && tslint --fix --config tslint.json --project tsconfig.json",
+    "lint": "tslint --config tslint.json --project tsconfig.json",
+    "test": "mocha",
+    "clean": "rm -rf dist && cd test/fixture-projects/hardhat-project && npx hardhat clean",
+    "build": "npm run clean && npm run test && tsc",
+    "watch": "tsc -w",
+    "prepublishOnly": "npm run build"
+  },
+  "files": [
+    "dist/",
+    "src/",
+    "LICENSE"
+  ],
+  "dependencies": {
+    "eslint-plugin-mocha": "^11.1.0",
+    "nanospinner": "^1.2.2",
+    "readline-sync": "^1.4.10",
+    "tsx": "^4.7.3",
+    "tty-table": "^4.2.3"
+  },
+  "devDependencies": {
+    "@nomiclabs/hardhat-ethers": "^2.0.0",
+    "@types/chai": "5.2.2",
+    "@types/fs-extra": "11.0.4",
+    "@types/mocha": "10.0.10",
+    "@types/node": "24.0.12",
+    "@types/readline-sync": "^1.4.8",
+    "@typescript-eslint/eslint-plugin": "^8.37.0",
+    "@typescript-eslint/parser": "^8.37.0",
+    "chai": "5.2.1",
+    "eslint": "^9.31.0",
+    "hardhat": "^2.0.0",
+    "mocha": "11.7.1",
+    "prettier": "^2.2.0",
+    "ts-node": "^10.8.0",
+    "tslint": "^5.16.0",
+    "tslint-config-prettier": "^1.18.0",
+    "tslint-plugin-prettier": "^2.0.1",
+    "typescript": "5.8.3"
+  },
+  "peerDependencies": {
+    "hardhat": "^2.0.0"
+  }
+}

package/src/AutoFixManager.ts

@@ -0,0 +1,208 @@
+import * as path from 'path';
+import * as readlineSync from 'readline-sync';
+import { ContractUnflattener, VulnerabilityMapping } from './ContractUnflattener';
+import { AutoFixSelection, CodeReplacementResult, Vulnerability, VulnerabilityWithIndex } from './types';
+
+export class AutoFixManager {
+
+  constructor() {
+  }
+
+  public promptUserForVulnerabilitySelection(vulnerabilities: Vulnerability[]): AutoFixSelection[] {
+    if(vulnerabilities.length === 0) {
+      return [];
+    }
+
+    console.log('\n🔍 Found vulnerabilities that can be auto-fixed:');
+    console.log('━'.repeat(80));
+
+    const vulnerabilitiesWithIndex: VulnerabilityWithIndex[] = vulnerabilities
+      .map((vuln, index) => ({...vuln, index}))
+      .filter(vuln => vuln.fixed_lines !== null && vuln.fixed_lines.trim().length > 0);
+
+    if(vulnerabilitiesWithIndex.length === 0) {
+      console.log('ℹ️  No auto-fixable vulnerabilities found (no miner suggestions available).');
+      return [];
+    }
+
+    vulnerabilitiesWithIndex.forEach((vuln) => {
+      console.log(`\n[${vuln.index + 1}] ${vuln.vulnerability_class}`);
+
+      console.log(`    Lines ${vuln.original_from_line || vuln.from_line}-${vuln.original_to_line || vuln.to_line}${vuln.original_file ? ` in ${vuln.original_file.split('/').pop()}` : ''}`);
+      console.log(`    Miners consensus: ${vuln.miners_select_count}/${vuln.miners_participated_count}`);
+      console.log(`    Description: ${vuln.description.substring(0, 100)}...`);
+      console.log(`    Has fix: ${vuln.fixed_lines ? 'Yes' : 'No'}`);
+    });
+
+    console.log('━'.repeat(80));
+    console.log('Select vulnerabilities to auto-fix:');
+    console.log('• Enter numbers separated by commas (e.g., 1,3,5)');
+    console.log('• Enter "all" to fix all vulnerabilities');
+    console.log('• Enter "none" or press Enter to skip auto-fixing');
+
+    const userInput = readlineSync.question('\nYour selection: ').trim();
+
+    if(userInput.toLowerCase() === 'none' || userInput === '') {
+      return [];
+    }
+
+    let selectedIndices: number[] = [];
+
+    if(userInput.toLowerCase() === 'all') {
+      selectedIndices = vulnerabilitiesWithIndex.map(v => v.index);
+    } else {
+      const inputNumbers = userInput.split(',')
+        .map(s => parseInt(s.trim()))
+        .filter(n => !isNaN(n) && n >= 1 && n <= vulnerabilities.length);
+
+      selectedIndices = inputNumbers.map(n => n - 1);
+    }
+
+    const selections: AutoFixSelection[] = vulnerabilities.map((_, index) => ({
+      vulnerabilityIndex: index,
+      shouldFix: selectedIndices.includes(index) &&
+                 vulnerabilities[index].fixed_lines !== null &&
+                 vulnerabilities[index].fixed_lines!.trim().length > 0,
+    }));
+
+    const selectedCount = selections.filter(s => s.shouldFix).length;
+    console.log(`\n✅ Selected ${selectedCount} vulnerabilities for auto-fixing.`);
+
+    return selections;
+  }
+
+  public applyAutoFixes(
+    vulnerabilities: Vulnerability[],
+    selections: AutoFixSelection[],
+    sourceCode: string,
+    sourcePaths: string[],
+  ): CodeReplacementResult {
+
+    const selectedVulns = selections
+      .filter(s => s.shouldFix)
+      .map(s => ({...vulnerabilities[s.vulnerabilityIndex], index: s.vulnerabilityIndex}))
+      .sort((a, b) => b.to_line - a.to_line); // Sort by line number descending to avoid offset issues
+
+    if(selectedVulns.length === 0) {
+      return {
+        success: true,
+        appliedFixes: [],
+      };
+    }
+
+    try {
+      const unflattener = new ContractUnflattener();
+      unflattener.parseFlattened(sourceCode, sourcePaths);
+
+      const vulnerabilitiesByFile = new Map<string, Array<{
+        vulnerability: typeof selectedVulns[0],
+        mapping: VulnerabilityMapping
+      }>>();
+
+      for(const vuln of selectedVulns) {
+        const mapping = unflattener.mapVulnerabilityToOriginal(vuln.from_line, vuln.to_line);
+        if(mapping) {
+          const filePath = mapping.originalFile;
+          if(!vulnerabilitiesByFile.has(filePath)) {
+            vulnerabilitiesByFile.set(filePath, []);
+          }
+          vulnerabilitiesByFile.get(filePath)!.push({vulnerability: vuln, mapping});
+
+          vuln.original_file = filePath;
+          vuln.original_from_line = mapping.originalFromLine;
+          vuln.original_to_line = mapping.originalToLine;
+        }
+      }
+
+      if(vulnerabilitiesByFile.size === 0) {
+        return {
+          success: false,
+          error: 'Could not map vulnerabilities to original files',
+          appliedFixes: [],
+        };
+      }
+
+      const appliedFixes: number[] = [];
+      const modifiedFiles: string[] = [];
+
+      console.log('\n🔧 Applying auto-fixes to original files...');
+
+      for(const [filePath, vulnMappings] of vulnerabilitiesByFile.entries()) {
+        vulnMappings.sort((a, b) => b.mapping.originalToLine - a.mapping.originalToLine);
+
+        console.log(`  📄 Processing ${path.basename(filePath)} (${vulnMappings.length} fixes)`);
+
+        for(const {vulnerability: vuln, mapping} of vulnMappings) {
+          if(!vuln.fixed_lines) continue;
+
+          console.log(`    • Fixing ${vuln.vulnerability_class} at lines ${mapping.originalFromLine}-${mapping.originalToLine}`);
+
+          const fixResult = unflattener.applyFixToOriginalFile(mapping, vuln.fixed_lines);
+
+          if(fixResult.success) {
+            appliedFixes.push(vuln.index);
+            if(!modifiedFiles.includes(filePath)) {
+              modifiedFiles.push(filePath);
+            }
+          } else {
+            console.warn(`    ⚠️  Failed to apply fix: ${fixResult.error}`);
+          }
+        }
+      }
+
+      console.log(`✅ Applied ${appliedFixes.length} fixes to ${modifiedFiles.length} files`);
+
+      return {
+        success: true,
+        appliedFixes,
+        modifiedFiles,
+      };
+
+    } catch (error) {
+      return {
+        success: false,
+        error: error instanceof Error ? error.message : 'Unknown error',
+        appliedFixes: [],
+      };
+    }
+  }
+
+  public displayAutoFixSummary(result: CodeReplacementResult, vulnerabilities: Vulnerability[]) {
+    console.log('\n' + '='.repeat(80));
+    console.log('AUTO-FIX SUMMARY');
+    console.log('='.repeat(80));
+
+    if(!result.success) {
+      console.log(`❌ Auto-fix failed: ${result.error}`);
+      return;
+    }
+
+    if(result.appliedFixes.length === 0) {
+      console.log('ℹ️  No fixes were applied.');
+      return;
+    }
+
+    console.log(`✅ Successfully applied ${result.appliedFixes.length} auto-fixes:`);
+
+    result.appliedFixes.forEach(index => {
+      const vuln = vulnerabilities[index];
+      const originalInfo = vuln.original_file && vuln.original_from_line && vuln.original_to_line
+        ? ` in ${path.basename(vuln.original_file)} (lines ${vuln.original_from_line}-${vuln.original_to_line})`
+        : ` (lines ${vuln.from_line}-${vuln.to_line})`;
+      console.log(`  • ${vuln.vulnerability_class}${originalInfo}`);
+    });
+
+    if(result.modifiedFiles && result.modifiedFiles.length > 0) {
+      console.log('\n📄 Modified files:');
+      result.modifiedFiles.forEach(filePath => {
+        console.log(`  • ${path.basename(filePath)}`);
+      });
+    } else if(result.filePath) {
+      console.log(`\n📄 Fixed code saved to: ${path.basename(result.filePath)}`);
+    }
+
+    console.log('\n⚠️  IMPORTANT: Please review the changes carefully before deploying!');
+    console.log('   The fixes have been applied directly to your original contract files.');
+    console.log('='.repeat(80));
+  }
+}

package/src/ContractUnflattener.ts

@@ -0,0 +1,151 @@
+import * as fs from 'fs';
+import * as path from 'path';
+
+export interface FileMapping {
+  filePath: string;
+  startLine: number;
+  endLine: number;
+  originalContent: string;
+}
+
+export interface VulnerabilityMapping {
+  originalFile: string;
+  originalFromLine: number;
+  originalToLine: number;
+  flattenedFromLine: number;
+  flattenedToLine: number;
+}
+
+export class ContractUnflattener {
+  private fileMappings: FileMapping[] = [];
+
+  public parseFlattened(flattenedSource: string, sourcePaths: string[]): FileMapping[] {
+    const lines = flattenedSource.split('\n');
+    const mappings: FileMapping[] = [];
+    let currentFile: string | null = null;
+    let currentStartLine = 0;
+    let currentLines: string[] = [];
+
+    for(let i = 0; i < lines.length; i++) {
+      const line = lines[i];
+
+      const fileMarker = line.match(/^\/\/ File (.+)$/);
+
+      if(fileMarker) {
+        if(currentFile && currentLines.length > 0) {
+          const originalContent = this.findOriginalContent(currentFile);
+          mappings.push({
+            filePath: currentFile,
+            startLine: currentStartLine,
+            endLine: i - 2,
+            originalContent,
+          });
+        }
+
+        const fullPath = this.findFullPath(fileMarker[1], sourcePaths);
+
+        if(fullPath) {
+          currentFile = fullPath;
+          let nextNonEmptyLine = i + 1;
+          while(nextNonEmptyLine < lines.length && lines[nextNonEmptyLine].trim() === '') {
+            nextNonEmptyLine++;
+          }
+          currentStartLine = nextNonEmptyLine + 1;
+          currentLines = [];
+        }
+      } else if(currentFile) {
+        if(line.startsWith('// Original license:')) {
+          const group = line.match(/^\/\/ Original license:(.*)$/);
+          if(group && group[1]) {
+            currentLines.push(group[1].trim());
+          }
+        } else {
+          currentLines.push(line);
+        }
+      }
+    }
+
+    if(currentFile && currentLines.length > 0) {
+      mappings.push({
+        filePath: currentFile,
+        startLine: currentStartLine,
+        endLine: lines.length,
+        originalContent: this.findOriginalContent(currentFile),
+      });
+    }
+
+    this.fileMappings = mappings;
+    return mappings;
+  }
+
+
+  public mapVulnerabilityToOriginal(
+    flattenedFromLine: number,
+    flattenedToLine: number,
+  ): VulnerabilityMapping | null {
+    for(const mapping of this.fileMappings) {
+      if(flattenedFromLine >= mapping.startLine && flattenedToLine <= mapping.endLine) {
+        return {
+          originalFile: mapping.filePath,
+          originalFromLine: flattenedFromLine - mapping.startLine + 1,
+          originalToLine: flattenedToLine - mapping.startLine + 1,
+          flattenedFromLine,
+          flattenedToLine,
+        };
+      }
+    }
+
+    return null;
+  }
+
+
+  public applyFixToOriginalFile(
+    mapping: VulnerabilityMapping,
+    fixedLines: string,
+  ): { success: boolean; error?: string } {
+    try {
+      if(!fs.existsSync(mapping.originalFile)) {
+        return {success: false, error: `Original file not found: ${mapping.originalFile}`};
+      }
+      const originalLines = fs.readFileSync(mapping.originalFile, 'utf8').split('\n');
+
+      const startIndex = mapping.originalFromLine - 1;
+      const endIndex = mapping.originalToLine - 1;
+
+      originalLines.splice(startIndex, endIndex - startIndex + 1, ...fixedLines.split('\n'));
+
+      fs.writeFileSync(mapping.originalFile, originalLines.join('\n'));
+
+      return {success: true};
+    } catch (error) {
+      return {
+        success: false,
+        error: error instanceof Error ? error.message : 'Unknown error',
+      };
+    }
+  }
+
+  private findFullPath(relativePath: string, sourcePaths: string[]): string | null {
+    const exactMatch = sourcePaths.find(sp => sp === relativePath);
+    if(exactMatch) return exactMatch;
+
+    const byFilename = sourcePaths.find(sp => path.basename(sp) === path.basename(relativePath));
+    if(byFilename) return byFilename;
+
+    const pathMatch = sourcePaths.find(sp => sp.endsWith(relativePath));
+    if(pathMatch) return pathMatch;
+
+    return null;
+  }
+
+  private findOriginalContent(filePath: string): string {
+    try {
+      if(fs.existsSync(filePath)) {
+        return fs.readFileSync(filePath, 'utf8');
+      }
+    } catch (error) {
+      console.warn(`Could not read original content for ${filePath}:`, error);
+    }
+    return '';
+  }
+}

package/src/ReinforcedHardhatRuntimeEnvironmentField.ts

@@ -0,0 +1,155 @@
+import fs from 'fs';
+import { createSpinner } from 'nanospinner';
+import { AUDIT_URL, MAX_RETRIES, STATUS_CHECK_INTERVAL } from './consts';
+import { AuditResult, AuditStatus, HttpError, JRPCResponse, PdfReportResult } from './types';
+
+export class ReinforcedHardhatRuntimeEnvironmentField {
+  public async auditContract(sourceCode: string, apiKey: string, statusCheckInterval?: number, maxRetries?: number, reportFolder?: string): Promise<AuditResult> {
+    const taskId = await this.requestAuditWithRetry(statusCheckInterval, maxRetries, sourceCode, apiKey);
+    let spinner = null;
+    while(true) {
+      const status = await this.checkAuditStatusWithRetry(statusCheckInterval, maxRetries, taskId, apiKey);
+      if(status == 'pending' || status == 'processing') {
+        if(!spinner)
+          spinner = createSpinner('Processing...').start();
+        await sleep(statusCheckInterval ?? STATUS_CHECK_INTERVAL);
+        continue;
+      }
+      break;
+    }
+    if(spinner)
+      spinner.success();
+    const result = this.getAuditResultWithRetry(statusCheckInterval, maxRetries, taskId, apiKey);
+    fs.mkdirSync(reportFolder ?? './reinforcedai_reports', {recursive: true});
+
+    try {
+      const report = await this.getPdfReport(taskId, apiKey);
+      console.log(`📄 PDF report generated: ${report.filename} (${(report.size_bytes / 1024).toFixed(2)} KB)`);
+      const bin = Buffer.from(report.pdf_base64, 'base64');
+      if(report.size_bytes !== bin.length) {
+        console.warn(`Warning: PDF size mismatch. Expected ${report.size_bytes} bytes, but got ${bin.length} bytes.`);
+      }
+      fs.writeFileSync(`${reportFolder ?? './reinforcedai_reports'}/${report.filename}`, bin);
+    } catch (e) {
+      console.error(`Failed to generate PDF report: ${(e as Error).message}`);
+    }
+    return result;
+  }
+
+  private async checkAuditStatusWithRetry (retryDelay?: number, maxRetries?: number, ...args: Parameters<typeof this.checkAuditStatus>) {
+    return await retryHttpRequest(() => this.checkAuditStatus(...args), retryDelay, maxRetries);
+  }
+
+  private async getAuditResultWithRetry(retryDelay?: number, maxRetries?: number, ...args: Parameters<typeof this.getAuditResult>) {
+    return await retryHttpRequest(() => this.getAuditResult(...args), retryDelay, maxRetries);
+  }
+
+  private async requestAuditWithRetry(retryDelay?: number, maxRetries?: number, ...args: Parameters<typeof this.requestAudit>) {
+    return await retryHttpRequest(() => this.requestAudit(...args), retryDelay, maxRetries);
+  }
+
+  private async fetchAudit(payload: any, apiKey: string): Promise<Response> {
+    return await fetch(AUDIT_URL, {
+      method: 'POST',
+      headers: auditHeaders(apiKey),
+      body: JSON.stringify(payload),
+    });
+  }
+
+  private async requestAudit(sourceCode: string, apiKey: string): Promise<string> {
+    const payload = {
+      'jsonrpc': '2.0',
+      'method': 'audit.get',
+      'params': {'code': sourceCode},
+      'id': 1,
+    };
+    const response = await this.fetchAudit(payload, apiKey);
+    if(!response.ok) {
+      throw new HttpError(`HTTP ${response.status} ${response.statusText}`, response.status);
+    }
+    return (await response.json()).result.task_id;
+  }
+
+  private async checkAuditStatus(taskId: string, apiKey: string): Promise<AuditStatus> {
+    const payload = {
+      'jsonrpc': '2.0',
+      'method': 'task.status',
+      'params': {'task_id': taskId},
+      'id': 2,
+    };
+    const response = await this.fetchAudit(payload, apiKey);
+    if(!response.ok) {
+      throw new HttpError(`HTTP ${response.status} ${response.statusText}`, response.status);
+    }
+    const auditResponse = (await response.json()) as JRPCResponse<AuditResult>;
+    if(auditResponse.result.error_message) {
+      throw new Error(`Error on task.status ${auditResponse.result.error_message}`);
+    }
+    return auditResponse.result.status;
+  }
+
+  private async getAuditResult(taskId: string, apiKey: string): Promise<AuditResult> {
+    const payload = {
+      'jsonrpc': '2.0',
+      'method': 'task.result',
+      'params': {'task_id': taskId},
+      'id': 3,
+    };
+    const response = await this.fetchAudit(payload, apiKey);
+    if(!response.ok) {
+      throw new HttpError(`HTTP ${response.status} ${response.statusText}`, response.status);
+    }
+
+    const auditResponse = (await response.json()) as JRPCResponse<AuditResult>;
+    if(auditResponse.result.error_message) {
+      throw new Error(`Error on task.result ${auditResponse.result.error_message}`);
+    }
+    return auditResponse.result;
+  }
+
+  private async getPdfReport(taskId: string, apiKey: string): Promise<PdfReportResult> {
+    const payload = {
+      'jsonrpc': '2.0',
+      'method': 'task.generate_pdf',
+      'params': {'task_id': taskId},
+      'id': 4,
+    };
+    const response = await this.fetchAudit(payload, apiKey);
+    if(!response.ok) {
+      throw new HttpError(`HTTP ${response.status} ${response.statusText}`, response.status);
+    }
+
+    return ((await response.json()) as JRPCResponse<PdfReportResult>).result;
+  }
+}
+
+async function retryHttpRequest<T>(request: () => Promise<T>, retryDelay: number = STATUS_CHECK_INTERVAL, maxRetries: number = MAX_RETRIES): Promise<T> {
+  let attempt = 0;
+  while(true) {
+    try {
+      return await request();
+    } catch (e: unknown) {
+      attempt++;
+      if(attempt <= maxRetries && e instanceof HttpError && (e.statusCode == 429 || e.statusCode >= 500)) {
+        const base = retryDelay * 2 ** (attempt - 1);
+        const delay = Math.random() * base;
+        console.warn(`Retry #${attempt} in ${Math.round(delay)} ms`, e);
+        await sleep(delay);
+        continue;
+      } else {
+        throw e;
+      }
+    }
+  }
+}
+
+function sleep(ms: number): Promise<void> {
+  return new Promise(resolve => setTimeout(resolve, ms));
+}
+
+function auditHeaders(apiKey: string) {
+  return {
+    'Content-Type': 'application/json',
+    'X-Auth-Token': 'Bearer ' + apiKey,
+  };
+}

package/src/consts.ts

@@ -0,0 +1,3 @@
+export const STATUS_CHECK_INTERVAL = 10_000;
+export const AUDIT_URL = 'https://api.reinforced.app/jsonrpc';
+export const MAX_RETRIES = 3;

package/src/index.ts

@@ -0,0 +1,257 @@
+import * as fs from 'fs';
+import { TASK_COMPILE, TASK_COMPILE_SOLIDITY, TASK_FLATTEN_GET_FLATTENED_SOURCE } from 'hardhat/builtin-tasks/task-names';
+import { extendEnvironment, subtask, task } from 'hardhat/config';
+import { parseFullyQualifiedName } from 'hardhat/utils/contract-names';
+
+// This import is needed to let the TypeScript compiler know that it should include your type
+// extensions in your npm package's types file.
+import { HardhatRuntimeEnvironment } from 'hardhat/types';
+import Table from 'tty-table';
+import { Vulnerability } from 'types';
+import { AutoFixManager } from './AutoFixManager';
+import { ContractUnflattener } from './ContractUnflattener';
+import { ReinforcedHardhatRuntimeEnvironmentField } from './ReinforcedHardhatRuntimeEnvironmentField';
+import './type-extensions';
+
+subtask(TASK_COMPILE_SOLIDITY, async (args, hre, runSuper) => {
+  await runSuper(args); // run regular compilation first
+  if(!hre.config.reinforced?.compilationHookEnabled) {
+    console.log('Reinforced verification not enabled.');
+    return;
+  }
+  await auditAllContracts(hre);
+  console.log('✅ Audit complete before deployment.');
+});
+
+task('check-vulnerabilities', 'Run pre-deployment audit', async (_, hre) => {
+  await hre.run(TASK_COMPILE_SOLIDITY, {force: false, quiet: true});
+  await auditAllContracts(hre);
+  console.log('✅ Audit complete');
+});
+
+task('check-vulnerabilities:autofix', 'Run audit and apply auto-fixes for vulnerabilities', async (_, hre) => {
+  await hre.run(TASK_COMPILE_SOLIDITY, {force: false, quiet: true});
+  await auditAllContractsWithAutoFix(hre);
+  console.log('✅ Audit and auto-fix complete');
+});
+
+async function auditAllContractsWithAutoFix(hre: HardhatRuntimeEnvironment) {
+  const apiKey = hre.config.reinforced?.apiKey;
+  if(!apiKey) {
+    console.log('Reinforced API key not set.');
+    return;
+  }
+
+  const flatSource = await hre.run(TASK_FLATTEN_GET_FLATTENED_SOURCE, {force: false, quiet: true});
+
+  const qualifiedContractNames = await hre.artifacts.getAllFullyQualifiedNames();
+  const sourcePaths: string[] = [];
+
+  for(const qualifiedContractName of qualifiedContractNames) {
+    const {sourceName} = parseFullyQualifiedName(qualifiedContractName);
+    if(sourcePaths.includes(sourceName))
+      continue;
+    sourcePaths.push(sourceName);
+  }
+  if(sourcePaths.length > 0) {
+    try {
+      if(sourcePaths.length > 1) {
+        console.log('Auditing:');
+        for(const path of sourcePaths)
+          console.log(' ', path);
+      } else {
+        console.log('Auditing ', sourcePaths[0]);
+      }
+      const auditResult = await hre.reinforced.auditContract(flatSource, apiKey, hre.config.reinforced?.statusCheckInterval);
+      if(auditResult.error_message)
+        console.log('Error processing contract:', auditResult.error_message);
+      else if(!auditResult.result || auditResult.result.length == 0)
+        console.log('No vulnerabilities found');
+      else {
+        const enrichedVulnerabilities = enrichVulnerabilitiesWithOriginalMapping(
+          auditResult.result,
+          flatSource,
+          sourcePaths.map(sp => sp.trim()),
+        );
+        console.log(formatAuditResult(enrichedVulnerabilities, flatSource));
+
+        const autoFixManager = new AutoFixManager();
+        const selections = autoFixManager.promptUserForVulnerabilitySelection(enrichedVulnerabilities);
+
+        if(selections.some(s => s.shouldFix)) {
+          const result = autoFixManager.applyAutoFixes(
+            enrichedVulnerabilities,
+            selections,
+            flatSource,
+            sourcePaths.map(sp => sp.trim()),
+          );
+          autoFixManager.displayAutoFixSummary(result, enrichedVulnerabilities);
+        }
+      }
+    } catch (error) {
+      console.error('Error auditing contracts:', error);
+    }
+  }
+}
+
+function enrichVulnerabilitiesWithOriginalMapping(
+  vulnerabilities: Vulnerability[],
+  flattenedSource: string,
+  sourcePaths: string[],
+): Vulnerability[] {
+  const unflattener = new ContractUnflattener();
+  unflattener.parseFlattened(flattenedSource, sourcePaths);
+
+  return vulnerabilities.map(vuln => {
+    const mapping = unflattener.mapVulnerabilityToOriginal(vuln.from_line, vuln.to_line);
+    console.log('Mapping for vulnerability:', mapping);
+    if(mapping) {
+      return {
+        ...vuln,
+        original_file: mapping.originalFile,
+        original_from_line: mapping.originalFromLine,
+        original_to_line: mapping.originalToLine,
+      };
+    }
+    return vuln;
+  });
+}
+
+async function auditAllContracts(hre: HardhatRuntimeEnvironment) {
+  const apiKey = hre.config.reinforced?.apiKey;
+  if(!apiKey) {
+    console.log('Reinforced API key not set.');
+    return;
+  }
+
+  const flatSource = await hre.run(TASK_FLATTEN_GET_FLATTENED_SOURCE, {force: false, quiet: true});
+
+  const qualifiedContractNames = await hre.artifacts.getAllFullyQualifiedNames();
+  const sourcePaths: string[] = [];
+
+  for(const qualifiedContractName of qualifiedContractNames) {
+    const {sourceName} = parseFullyQualifiedName(qualifiedContractName);
+    if(sourcePaths.includes(sourceName))
+      continue;
+    sourcePaths.push(sourceName);
+  }
+  if(sourcePaths.length > 0) {
+    try {
+      if(sourcePaths.length > 1) {
+        console.log('Auditing:');
+        for(const path of sourcePaths)
+          console.log(' ', path);
+      } else {
+        console.log('Auditing ', sourcePaths[0]);
+      }
+      const auditResult = await hre.reinforced.auditContract(flatSource, apiKey, hre.config.reinforced?.statusCheckInterval);
+      if(auditResult.error_message)
+        console.log('Error processing contract:', auditResult.error_message);
+      else if(!auditResult.result || auditResult.result.length == 0)
+        console.log('No vulnerabilities found');
+      else {
+        const enrichedVulnerabilities = enrichVulnerabilitiesWithOriginalMapping(
+          auditResult.result,
+          flatSource,
+          sourcePaths.map(sp => sp.trim()),
+        );
+        console.log('Enriched vulnerabilities:', enrichedVulnerabilities);
+        console.log(formatAuditResult(enrichedVulnerabilities, flatSource));
+
+        if(hre.config.reinforced?.autoFixEnabled !== false) {
+          const autoFixManager = new AutoFixManager();
+          const selections = autoFixManager.promptUserForVulnerabilitySelection(enrichedVulnerabilities);
+
+          if(selections.some(s => s.shouldFix)) {
+            const result = autoFixManager.applyAutoFixes(
+              enrichedVulnerabilities,
+              selections,
+              flatSource,
+              sourcePaths.map(sp => sp.trim()),
+            );
+            autoFixManager.displayAutoFixSummary(result, enrichedVulnerabilities);
+          }
+        } else {
+          console.log('\n💡 Auto-fix is disabled. You can enable it by setting "autoFixEnabled: true" in your hardhat.config.ts');
+          console.log('   Or run "npx hardhat audit:autofix" to run with auto-fix enabled.');
+        }
+      }
+    } catch (error) {
+      console.error('Error auditing contracts:', error);
+    }
+  }
+}
+
+function formatAuditResult(vulnerabilities: Vulnerability[], sourceCode: string): string {
+  let output = '\n';
+  for(let i = 0; i < vulnerabilities.length; i++) {
+    const vulnerability = vulnerabilities[i];
+
+    output += `Possible vulnerability: ${vulnerability.vulnerability_class}${vulnerability.original_file ? ` in ${vulnerability.original_file.split('/').pop()}` : ''}`;
+    const headers = [{
+      value: '',
+      width: '20%',
+    },
+    {
+      value: '',
+      width: '80%',
+    }];
+
+    let affectedCode: string;
+    if(vulnerability.original_file && vulnerability.original_from_line && vulnerability.original_to_line) {
+      try {
+        const originalFileContent = fs.readFileSync(vulnerability.original_file, 'utf8');
+        affectedCode = originalFileContent.split('\n')
+          .slice(vulnerability.original_from_line - 1, vulnerability.original_to_line)
+          .map((line, index) => {
+            const lineNumber = vulnerability.original_from_line! + index;
+            return `${lineNumber.toString().padStart(4, ' ')}: ${line}`;
+          })
+          .join('\n');
+      } catch (error) {
+        affectedCode = sourceCode.split('\n')
+          .slice(vulnerability.from_line - 1, vulnerability.to_line)
+          .map((line, index) => {
+            const lineNumber = vulnerability.from_line + index;
+            return `${lineNumber.toString().padStart(4, ' ')}: ${line}`;
+          })
+          .join('\n');
+      }
+    } else {
+      affectedCode = sourceCode.split('\n')
+        .slice(vulnerability.from_line - 1, vulnerability.to_line)
+        .map((line, index) => {
+          const lineNumber = vulnerability.from_line + index;
+          return `${lineNumber.toString().padStart(4, ' ')}: ${line}`;
+        })
+        .join('\n');
+    }
+
+    const rows = [
+      ['Possibility ', `${vulnerability.miners_select_count}/${vulnerability.miners_participated_count}`],
+      ['Description ', vulnerability.description],
+      ['Affected code ', affectedCode],
+      ['Possible fix ', vulnerability.fixed_lines || 'No fix provided'],
+      ['Test case ', vulnerability.test_case || 'No test case provided'],
+      ['Is suggestion', vulnerability.is_suggestion ? 'Yes' : 'No'],
+    ];
+    const options = {
+      width: '100%',
+      borderStyle: 'solid',
+      align: 'left',
+    };
+    const table = Table(
+      headers,
+      rows,
+      options,
+    );
+
+    output += table.render();
+    output += '\n\n';
+  }
+  return output;
+}
+
+extendEnvironment((hre) => {
+  hre.reinforced = new ReinforcedHardhatRuntimeEnvironmentField();
+});

package/src/type-extensions.ts

@@ -0,0 +1,27 @@
+import { ReinforcedHardhatRuntimeEnvironmentField } from 'ReinforcedHardhatRuntimeEnvironmentField';
+import 'hardhat/types/config';
+
+export interface ReinforcedUserConfig {
+  apiKey?: string;
+  compilationHookEnabled?: boolean;
+  statusCheckInterval?: number;
+  maxRetries?: number;
+  autoFixEnabled?: boolean;
+  reportFolder?: string;
+}
+
+declare module 'hardhat/types/config' {
+  interface HardhatUserConfig {
+    reinforced?: ReinforcedUserConfig;
+  }
+
+  interface HardhatConfig {
+    reinforced?: ReinforcedUserConfig;
+  }
+}
+
+declare module 'hardhat/types/runtime' {
+  export interface HardhatRuntimeEnvironment {
+      reinforced: ReinforcedHardhatRuntimeEnvironmentField;
+  }
+}

package/src/types.ts

@@ -0,0 +1,64 @@
+export type AuditStatus = 'pending' | 'processing' | 'failed' | 'completed';
+
+export interface AuditResult {
+    error_message: string | null,
+    result: Vulnerability [] | null,
+    status: AuditStatus,
+    task_id: string
+};
+
+export interface JRPCResponse<T> {
+    id: number,
+    jsonrpc: string,
+    result: T
+}
+
+export interface PdfReportResult { 
+    task_id: string,
+    filename: string,
+    pdf_base64: string,
+    size_bytes: number
+}
+
+export interface Vulnerability {
+    description: string
+    fixed_lines: string | null,
+    from_line: number,
+    is_suggestion: boolean,
+    miners_select_count: number,
+    miners_participated_count: number,
+    prior_art: any [],
+    test_case: string | null,
+    to_line: number,
+    vulnerability_class: string,
+    original_file?: string,
+    original_from_line?: number,
+    original_to_line?: number,
+}
+
+export interface VulnerabilityWithIndex extends Vulnerability {
+    index: number;
+}
+
+export interface AutoFixSelection {
+    vulnerabilityIndex: number;
+    shouldFix: boolean;
+}
+
+export interface CodeReplacementResult {
+    success: boolean;
+    filePath?: string;
+    error?: string;
+    appliedFixes: number[];
+    modifiedFiles?: string[];
+}
+
+export class HttpError extends Error {
+  public statusCode: number;
+
+  constructor(message: string, statusCode: number) {
+    super(message);
+    this.name = 'HttpError';
+    this.statusCode = statusCode;
+  }
+}