solidity-argus 0.1.0

package/src/state/types.ts

@@ -0,0 +1,61 @@
+export type FindingSeverity = "Critical" | "High" | "Medium" | "Low" | "Informational";
+export type AuditPhase = "reconnaissance" | "scanning" | "manual-review" | "attack-surface" | "research" | "testing" | "reporting" | "complete";
+
+export interface Finding {
+  id: string; // unique hash: check+file+lines
+  check: string; // detector name e.g. "reentrancy-eth"
+  severity: FindingSeverity;
+  confidence: "High" | "Medium" | "Low";
+  description: string;
+  file: string; // relative file path
+  lines: [number, number]; // [start, end]
+  source: "slither" | "manual" | "pattern" | "scvd";
+  remediation?: string;
+  exploitReference?: string;
+}
+
+export interface ContractProfile {
+  name: string;
+  filePath: string;
+  functions: Array<{
+    name: string;
+    visibility: string;
+    mutability: string;
+    modifiers: string[];
+  }>;
+  stateVars: Array<{
+    name: string;
+    type: string;
+    visibility: string;
+  }>;
+  inheritance: string[];
+  accessControlPattern?: "ownable" | "access-control" | "custom" | "none";
+  externalCalls: string[];
+  riskIndicators: string[];
+  error?: string;
+}
+
+export interface ToolExecution {
+  tool: string;
+  startTime: number;
+  endTime?: number;
+  success: boolean;
+  findingsCount: number;
+}
+
+export interface AuditState {
+  sessionId: string;
+  projectDir: string;
+  contractsReviewed: string[];
+  findings: Finding[];
+  toolsExecuted: ToolExecution[];
+  currentPhase: AuditPhase;
+  scope: string[];
+  startTime: number;
+}
+
+export interface PersistentAuditState extends AuditState {
+  savedAt: number;
+  version: string;
+  filePath: string;
+}

package/src/tools/contract-analyzer-tool.ts

@@ -0,0 +1,184 @@
+import { dirname, basename, join } from "node:path";
+import { existsSync } from "node:fs";
+import { tool, type ToolContext } from "@opencode-ai/plugin";
+import { extractContractInfo } from "../utils/solidity-parser";
+import type { ContractProfile } from "../state/types";
+
+type ContractAnalyzerArgs = {
+  file_path: string;
+  project_dir?: string;
+};
+
+type ExtractContractInfoFn = (
+  contractName: string,
+  projectDir: string
+) => Promise<ContractProfile>;
+
+type ContractAnalyzerDependencies = {
+  extractInfo: ExtractContractInfoFn;
+};
+
+const DEFAULT_DEPENDENCIES: ContractAnalyzerDependencies = {
+  extractInfo: extractContractInfo,
+};
+
+function createFailureProfile(contractName: string, filePath: string, error: string): ContractProfile {
+  return {
+    name: contractName,
+    filePath,
+    functions: [],
+    stateVars: [],
+    inheritance: [],
+    accessControlPattern: "none",
+    externalCalls: [],
+    riskIndicators: [],
+    error,
+  };
+}
+
+function findFoundryProjectDir(fromPath: string): string {
+  let current = dirname(fromPath);
+
+  while (true) {
+    if (existsSync(join(current, "foundry.toml"))) {
+      return current;
+    }
+
+    const parent = dirname(current);
+    if (parent === current) {
+      return dirname(fromPath);
+    }
+    current = parent;
+  }
+}
+
+function addIndicator(indicators: Set<string>, source: string, indicator: string): void {
+  if (source.includes(indicator.split("uses-")[1] ?? "")) {
+    indicators.add(indicator);
+  }
+}
+
+function collectRiskIndicators(source: string, existing: string[]): string[] {
+  const indicators = new Set(existing);
+  const normalized = source.toLowerCase();
+
+  addIndicator(indicators, normalized, "uses-delegatecall");
+  addIndicator(indicators, normalized, "uses-selfdestruct");
+  if (/\bassembly\b/.test(normalized)) {
+    indicators.add("uses-assembly");
+  }
+  if (/\btx\.origin\b/.test(normalized)) {
+    indicators.add("uses-tx-origin");
+  }
+
+  const importLines = source
+    .split("\n")
+    .map((line) => line.trim())
+    .filter((line) => line.startsWith("import "));
+  const importText = importLines.join("\n");
+
+  const ozChecks: Array<{ pattern: RegExp; indicator: string }> = [
+    { pattern: /\bReentrancyGuard\b/, indicator: "uses-oz-reentrancy-guard" },
+    { pattern: /\bAccessControl\b/, indicator: "uses-oz-access-control" },
+    { pattern: /\bOwnable\b/, indicator: "uses-oz-ownable" },
+    { pattern: /\bPausable\b/, indicator: "uses-oz-pausable" },
+  ];
+
+  for (const check of ozChecks) {
+    if (check.pattern.test(importText)) {
+      indicators.add(check.indicator);
+    }
+  }
+
+  return [...indicators];
+}
+
+function withAbort<T>(signal: AbortSignal, operation: Promise<T>): Promise<T> {
+  if (signal.aborted) {
+    return Promise.reject(new DOMException("Aborted", "AbortError"));
+  }
+
+  return new Promise<T>((resolve, reject) => {
+    const onAbort = () => {
+      reject(new DOMException("Aborted", "AbortError"));
+    };
+
+    signal.addEventListener("abort", onAbort, { once: true });
+    operation.then(
+      (value) => {
+        signal.removeEventListener("abort", onAbort);
+        resolve(value);
+      },
+      (error) => {
+        signal.removeEventListener("abort", onAbort);
+        reject(error);
+      }
+    );
+  });
+}
+
+export async function executeContractAnalyzer(
+  args: ContractAnalyzerArgs,
+  context: ToolContext,
+  dependencies: ContractAnalyzerDependencies = DEFAULT_DEPENDENCIES
+): Promise<ContractProfile> {
+  const filePath = args.file_path;
+  const contractName = basename(filePath, ".sol");
+
+  context.metadata({ title: `Analyze contract: ${contractName}` });
+
+  if (!existsSync(filePath)) {
+    return createFailureProfile(contractName, filePath, `Contract file not found: ${filePath}`);
+  }
+
+  const projectDir = args.project_dir ?? findFoundryProjectDir(filePath);
+
+  try {
+    const [contractProfile, sourceText] = await withAbort(
+      context.abort,
+      Promise.all([
+        dependencies.extractInfo(contractName, projectDir),
+        Bun.file(filePath).text(),
+      ])
+    );
+
+    if (context.abort.aborted) {
+      return createFailureProfile(contractName, filePath, "contract analysis aborted");
+    }
+
+    return {
+      ...contractProfile,
+      name: contractProfile.name || contractName,
+      filePath,
+      riskIndicators: collectRiskIndicators(sourceText, contractProfile.riskIndicators),
+    };
+  } catch (error) {
+    if (context.abort.aborted || (error instanceof DOMException && error.name === "AbortError")) {
+      return createFailureProfile(contractName, filePath, "contract analysis aborted");
+    }
+
+    const maybeError = error as Error & { code?: string };
+    if (maybeError.code === "ENOENT") {
+      return createFailureProfile(
+        contractName,
+        filePath,
+        "Foundry not found. Install: curl -L https://foundry.paradigm.xyz | bash"
+      );
+    }
+
+    const message = maybeError.message || "contract analysis failed";
+    return createFailureProfile(contractName, filePath, message);
+  }
+}
+
+export const contractAnalyzerTool = tool({
+  description: "Analyze a Solidity contract and return a normalized ContractProfile.",
+  args: {
+    file_path: tool.schema.string(),
+    project_dir: tool.schema.string().optional(),
+  },
+  async execute(args, context) {
+    const contractProfile = await executeContractAnalyzer(args, context);
+    return JSON.stringify(contractProfile);
+  },
+});

package/src/tools/forge-fuzz-tool.ts

@@ -0,0 +1,311 @@
+import { tool, type ToolContext } from "@opencode-ai/plugin";
+
+type ForgeFuzzArgs = {
+  target?: string;
+  match_test?: string;
+  runs?: number;
+  seed?: number;
+  fork_url?: string;
+};
+
+type NormalizedForgeFuzzArgs = {
+  target: string;
+  match_test?: string;
+  runs: number;
+  seed?: number;
+  fork_url?: string;
+};
+
+type ForgeFuzzResultItem = {
+  testName: string;
+  status: "pass" | "fail";
+  runs: number;
+  gas: number;
+};
+
+type ForgeFuzzCounterexample = {
+  testName: string;
+  inputs: Record<string, string>;
+  revertReason?: string;
+};
+
+type ForgeFuzzResult = {
+  success: boolean;
+  results: ForgeFuzzResultItem[];
+  counterexamples: ForgeFuzzCounterexample[];
+  totalRuns: number;
+  executionTime: number;
+  error?: string;
+};
+
+export type ForgeFuzzCommandResult = {
+  stdout: string;
+  stderr: string;
+  exitCode: number;
+};
+
+type RunForgeFuzzCommand = (
+  command: string[],
+  signal: AbortSignal,
+  cwd: string,
+  env: Record<string, string>
+) => Promise<ForgeFuzzCommandResult>;
+
+function normalizeArgs(args: ForgeFuzzArgs): NormalizedForgeFuzzArgs {
+  const requestedRuns = typeof args.runs === "number" && Number.isFinite(args.runs) ? args.runs : 256;
+  const clampedRuns = Math.max(1, Math.min(10000, Math.floor(requestedRuns)));
+
+  return {
+    target: args.target ?? ".",
+    match_test: args.match_test,
+    runs: clampedRuns,
+    seed: args.seed,
+    fork_url: args.fork_url,
+  };
+}
+
+function buildForgeFuzzCommand(args: NormalizedForgeFuzzArgs): string[] {
+  const command = ["forge", "test", "--fuzz-runs", String(args.runs)];
+
+  if (args.match_test) {
+    command.push("--match-test", args.match_test);
+  }
+  if (typeof args.seed === "number" && Number.isFinite(args.seed)) {
+    command.push("--fuzz-seed", String(Math.floor(args.seed)));
+  }
+  if (args.fork_url) {
+    command.push("--fork-url", args.fork_url);
+  }
+
+  command.push("-v");
+  return command;
+}
+
+function parseNumber(input?: string): number {
+  if (!input) {
+    return 0;
+  }
+  const normalized = input.replaceAll("_", "").trim();
+  const value = Number.parseInt(normalized, 10);
+  return Number.isFinite(value) ? value : 0;
+}
+
+function splitArgsList(input: string): string[] {
+  const values: string[] = [];
+  let current = "";
+  let depth = 0;
+
+  for (let i = 0; i < input.length; i += 1) {
+    const ch = input[i] ?? "";
+    if (ch === "(" || ch === "[" || ch === "{") {
+      depth += 1;
+      current += ch;
+      continue;
+    }
+    if (ch === ")" || ch === "]" || ch === "}") {
+      depth = Math.max(0, depth - 1);
+      current += ch;
+      continue;
+    }
+    if (ch === "," && depth === 0) {
+      values.push(current.trim());
+      current = "";
+      continue;
+    }
+    current += ch;
+  }
+
+  if (current.trim().length > 0) {
+    values.push(current.trim());
+  }
+
+  return values.filter((value) => value.length > 0);
+}
+
+function parseInputsFromArgs(argsBlob: string): Record<string, string> {
+  const values = splitArgsList(argsBlob.trim());
+  const inputs: Record<string, string> = {};
+
+  values.forEach((value, index) => {
+    inputs[`arg${index}`] = value;
+  });
+
+  return inputs;
+}
+
+function parseResultLine(line: string): ForgeFuzzResultItem | undefined {
+  const match = line.match(
+    /^\[(PASS|FAIL)[^\]]*\]\s*(.+?)\s*\(runs:\s*([\d_]+)(?:,\s*(?:\u03bc|mean):\s*([\d_]+))?/i
+  );
+  if (!match) {
+    return undefined;
+  }
+
+  const status = match[1]?.toUpperCase() === "PASS" ? "pass" : "fail";
+  return {
+    testName: (match[2] ?? "unknown-test").trim(),
+    status,
+    runs: parseNumber(match[3]),
+    gas: parseNumber(match[4]),
+  };
+}
+
+function parseCounterexampleLine(line: string):
+  | {
+      testName?: string;
+      inputs: Record<string, string>;
+    }
+  | undefined {
+  if (!line.includes("Counterexample:")) {
+    return undefined;
+  }
+
+  const argsMatch = line.match(/Counterexample:\s*.*?args=\((.*?)\)\]/);
+  if (!argsMatch) {
+    return undefined;
+  }
+
+  const trailing = line.match(/\]\s*(.+)$/);
+  const possibleTest = trailing?.[1]?.replace(/\s*\(runs:.*$/, "").trim();
+
+  return {
+    testName: possibleTest && possibleTest.length > 0 ? possibleTest : undefined,
+    inputs: parseInputsFromArgs(argsMatch[1] ?? ""),
+  };
+}
+
+const runForgeFuzzCommand: RunForgeFuzzCommand = async (command, signal, cwd, env) => {
+  const child = Bun.spawn(command, {
+    cwd,
+    stdout: "pipe",
+    stderr: "pipe",
+    signal,
+    env,
+  });
+
+  const [exitCode, stdout, stderr] = await Promise.all([
+    child.exited,
+    new Response(child.stdout).text(),
+    new Response(child.stderr).text(),
+  ]);
+
+  return {
+    stdout,
+    stderr,
+    exitCode,
+  };
+};
+
+export async function executeForgeFuzz(
+  args: ForgeFuzzArgs,
+  context: ToolContext,
+  runCommand: RunForgeFuzzCommand = runForgeFuzzCommand
+): Promise<ForgeFuzzResult> {
+  const startedAt = Date.now();
+  const normalized = normalizeArgs(args);
+  context.metadata({ title: `Run forge fuzz: ${normalized.target}` });
+
+  const fail = (error: string): ForgeFuzzResult => ({
+    success: false,
+    results: [],
+    counterexamples: [],
+    totalRuns: 0,
+    executionTime: Date.now() - startedAt,
+    error,
+  });
+
+  try {
+    const env = {
+      ...Bun.env,
+      FOUNDRY_FUZZ_RUNS: String(normalized.runs),
+    };
+
+    const runResult = await runCommand(
+      buildForgeFuzzCommand(normalized),
+      context.abort,
+      normalized.target,
+      env
+    );
+
+    const lines = `${runResult.stdout}\n${runResult.stderr}`
+      .split(/\r?\n/)
+      .map((line) => line.trim())
+      .filter((line) => line.length > 0);
+
+    const results: ForgeFuzzResultItem[] = [];
+    const counterexamples: ForgeFuzzCounterexample[] = [];
+    let lastTestName: string | undefined;
+
+    for (let i = 0; i < lines.length; i += 1) {
+      const line = lines[i] ?? "";
+      const parsedResult = parseResultLine(line);
+      if (parsedResult) {
+        results.push(parsedResult);
+        lastTestName = parsedResult.testName;
+      }
+
+      const parsedCounterexample = parseCounterexampleLine(line);
+      if (!parsedCounterexample) {
+        continue;
+      }
+
+      const fallbackName = parsedCounterexample.testName ?? lastTestName ?? "unknown-test";
+      const nextLine = lines[i + 1] ?? "";
+      const reasonMatch = nextLine.match(/^(?:Reason|Error):\s*(.+)$/i);
+      counterexamples.push({
+        testName: fallbackName,
+        inputs: parsedCounterexample.inputs,
+        ...(reasonMatch?.[1] ? { revertReason: reasonMatch[1].trim() } : {}),
+      });
+    }
+
+    const totalRuns = results.reduce((sum, item) => sum + item.runs, 0);
+    const failedCount = results.filter((item) => item.status === "fail").length;
+    const output: ForgeFuzzResult = {
+      success: runResult.exitCode === 0 && failedCount === 0,
+      results,
+      counterexamples,
+      totalRuns,
+      executionTime: Date.now() - startedAt,
+    };
+
+    if (runResult.exitCode !== 0 && failedCount === 0) {
+      output.error = runResult.stderr.trim() || `forge fuzz exited with code ${runResult.exitCode}`;
+    }
+
+    return output;
+  } catch (error) {
+    if (context.abort.aborted || (error instanceof DOMException && error.name === "AbortError")) {
+      return fail("forge fuzz aborted");
+    }
+
+    const maybeError = error as Error & { code?: string };
+    if (maybeError.code === "ENOENT") {
+      return fail("Foundry not found. Install: curl -L https://foundry.paradigm.xyz | bash");
+    }
+    if (
+      maybeError.code === "ETIMEDOUT" ||
+      maybeError.message.toLowerCase().includes("timed out")
+    ) {
+      return fail("forge fuzz timed out");
+    }
+
+    return fail(maybeError.message || "forge fuzz failed");
+  }
+}
+
+export const forgeFuzzTool = tool({
+  description:
+    "Run Foundry fuzz tests, parse test runs, and extract counterexamples from verbose output.",
+  args: {
+    target: tool.schema.string().default("."),
+    match_test: tool.schema.string().optional(),
+    runs: tool.schema.number().min(1).max(10000).default(256),
+    seed: tool.schema.number().optional(),
+    fork_url: tool.schema.string().optional(),
+  },
+  async execute(args, context) {
+    const result = await executeForgeFuzz(args, context);
+    return JSON.stringify(result);
+  },
+});