solidity-argus 0.1.6 → 0.1.8

package/AGENTS.md

@@ -20,18 +20,18 @@ CLI: `argus doctor`, `argus init`, `argus install`.
 **Role**: Static analysis and testing specialist
 **Description**: Finds vulnerabilities through Slither static analysis, Foundry testing, fuzzing, and pattern matching. The tactical executor — runs tools, writes PoC tests, and verifies findings. Dispatched by Argus during Automated Scanning and Testing & Verification phases.
 **Model**: anthropic/claude-sonnet-4-6
-**Tools**: argus_slither_analyze, argus_forge_test, argus_forge_fuzz, argus_analyze_contract, argus_check_patterns
+**Tools**: argus_slither_analyze, argus_forge_test, argus_forge_fuzz, argus_analyze_contract, argus_check_patterns, skill
 
 ## pythia
 
 **Role**: Vulnerability researcher
 **Description**: Consults Solodit, SCVD, and the knowledge base to find historical precedents and known attack vectors. Searches 7,769+ real-world audit findings and 55 curated vulnerability pattern files. Dispatched by Argus during Vulnerability Research phase.
 **Model**: anthropic/claude-sonnet-4-6
-**Tools**: argus_solodit_search, argus_check_patterns
+**Tools**: argus_solodit_search, argus_check_patterns, skill
 
 ## scribe
 
 **Role**: Audit report writer
 **Description**: Transforms raw findings into professional markdown audit reports. Produces structured output with severity classifications (Critical/High/Medium/Low/Informational), impact assessments, proof-of-concept steps, and actionable recommendations. Dispatched by Argus only after all analysis is complete.
 **Model**: anthropic/claude-sonnet-4-6
-**Tools**: argus_generate_report
+**Tools**: argus_generate_report, skill

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "solidity-argus",
-  "version": "0.1.6",
+  "version": "0.1.8",
   "description": "Solidity smart contract security auditing plugin for OpenCode — 4 specialized agents, 8 tools, and a curated vulnerability knowledge base",
   "keywords": ["solidity", "security", "audit", "opencode", "plugin", "smart-contract", "ethereum", "defi", "slither", "foundry"],
   "author": "Apegurus",

package/src/agents/argus-prompt.ts

@@ -267,6 +267,26 @@ Your subagents have access to these specialized tools. Know when to delegate eac
   - **Purpose**: Updates the local vulnerability database (SCVD).
   - **Note**: Run if you suspect your knowledge base is stale or if the tool reports it's offline.
 
+## SKILL SYSTEM
+
+You have access to OpenCode Skills through the \`skill\` tool. Skills are specialized knowledge modules and must be used proactively when they improve audit accuracy.
+
+- **Curated skill map (load these first)**:
+   - **Reconnaissance**: \`amm-dex\`, \`lending-borrowing\`, \`bridges-cross-chain\`
+   - **Manual Review**: \`reentrancy\`, \`oracle-manipulation\`, \`access-control\`
+   - **Verification**: \`cyfrin-defi-core\`, \`severity-classification\`, \`report-template\`
+
+- **Deterministic trigger rules**:
+   - If the protocol uses AMM reserves or pool math, load \`amm-dex\` before Attack Surface Mapping.
+   - If price feeds or spot prices influence critical state changes, load \`oracle-manipulation\` before severity assessment.
+   - If proxy/upgrade patterns are present, load \`cyfrin-best-practices-upgrades\` before final recommendations.
+
+- **Trail of Bits skills**:
+  - For pre-audit deep context modeling and attack-surface grounding: \`audit-context-building\`
+  - For bug family expansion: \`variant-analysis\`
+  - For invariant/fuzz strategy: \`property-based-testing\`
+  - For token integration risk: \`token-integration-analyzer\` (Trail of Bits building-secure-contracts plugin)
+
 ## KEY AUDIT PRINCIPLES
 
 Adopt these principles to think like a top-tier auditor.

package/src/agents/pythia-prompt.ts

@@ -90,10 +90,22 @@ You have two primary tools. Master them.
 OpenCode has a powerful **Skills** system that allows you to load specialized knowledge modules.
 
 **How to use**:
-- If you identify that the protocol involves a complex or niche topic (e.g., "Zero Knowledge", "Account Abstraction", "Cross-Chain Messaging"), you should check if a relevant Skill is available.
-- Use the \`skill\` tool (if available to you) or instruct Argus to load the skill.
-- **Example**: "This protocol uses ZK-SNARKs. I am loading the \`zk-security\` skill to check for circuit constraints."
-- **Note**: You are a generalist researcher. Use Skills to become a specialist on demand.
+- Load a relevant skill before deep research when protocol context is non-trivial.
+- Prioritize vulnerability pattern skills, protocol pattern skills, and reference skills for exploit precedent mapping.
+- Use the \`skill\` tool directly when available to load the exact skill you need.
+- **Curated skill map**:
+   - \`reentrancy\`, \`oracle-manipulation\`, \`flash-loan-attacks\`
+   - \`lending-borrowing\`, \`amm-dex\`
+   - \`exploit-reference\`
+- **Deterministic trigger rules**:
+   - If you investigate spot-price dependencies, load \`oracle-manipulation\` first.
+   - If capital-efficient attacks or same-block loops are plausible, load \`flash-loan-attacks\` first.
+   - If the protocol integrates arbitrary ERC20s, load ToB \`token-integration-analyzer\` (building-secure-contracts plugin) before recommendation drafting.
+- **Examples**:
+   - "I am loading \`reentrancy\` to cross-reference known exploit patterns and missed edge cases."
+   - "I am loading \`lending-borrowing\` to map lending-specific oracle and liquidation failure modes."
+   - "I am loading \`audit-context-building\` (Trail of Bits) to build a line-by-line system model before vulnerability hypothesis generation."
+- You are a generalist researcher. Use Skills to become a specialist on demand.
 
 ## OUTPUT FORMAT
 

package/src/agents/scribe-prompt.ts

@@ -60,6 +60,18 @@ Before generating the report, verify:
 3.  **False Positives**: Do not include findings that have been marked as false positives during the analysis phase.
 4.  **Clarity**: Is the "Description" easy to understand for a developer? Is the "Recommendation" safe to implement?
 
+## SKILL SYSTEM
+
+Use the \`skill\` tool when needed to improve report quality and consistency.
+
+- **Curated skill map**:
+   - \`report-template\`, \`severity-classification\`
+   - \`cyfrin-defi-core\`
+   - \`exploit-reference\`
+- **Deterministic trigger rules**:
+   - If severity wording drifts, load \`severity-classification\` before publishing.
+   - If recommendation quality is generic, load \`cyfrin-defi-core\` before final edits.
+
 ## OUTPUT FORMAT
 
 Write the full report in Markdown. Use the standard finding format:

package/src/agents/sentinel-prompt.ts

@@ -87,6 +87,19 @@ You have access to a specific set of tools. Use them effectively.
 **Interpretation**:
 - Look at the \`counterexamples\`. They tell you exactly what inputs broke the code.
 
+## SKILL SYSTEM
+
+Use the \`skill\` tool to load specialized skills before deep verification work.
+
+- **Curated skill map**:
+   - \`reentrancy\`, \`access-control\`, \`oracle-manipulation\`
+   - \`cyfrin-defi-integrations\`, \`severity-classification\`
+   - Trail of Bits: \`property-based-testing\`, \`variant-analysis\`
+- **Deterministic trigger rules**:
+   - If external calls and mutable state interleave, load \`reentrancy\` before writing PoCs.
+   - If privileged flows are central to the finding, load \`access-control\` before severity scoring.
+   - If fuzzing strategy is unclear, load ToB \`property-based-testing\` before selecting invariants.
+
 ## OUTPUT FORMAT
 
 Return your findings to Argus in this structured Markdown format. Do not deviate.

package/src/create-hooks.ts

@@ -2,13 +2,14 @@ import type { Hooks as PluginHooks } from "@opencode-ai/plugin"
 import type { ArgusConfig } from "./config/types"
 import type { Managers } from "./managers/types"
 import type { HookName } from "./hooks/types"
-import { createAuditState } from "./state/audit-state"
 import { createConfigHandler } from "./hooks/config-handler"
-import { createSystemPromptHook } from "./hooks/system-prompt-hook"
 import { createCompactionHook } from "./hooks/compaction-hook"
 import { createToolTrackingHook } from "./hooks/tool-tracking-hook"
 import { createEventHookV2 } from "./hooks/event-hook-v2"
 import { safeCreateHook } from "./hooks/safe-create-hook"
+import { createToolOutputTruncator } from "./features/context-monitor"
+import { createSessionRecoveryHandler } from "./features/error-recovery"
+import { createToolErrorRecoveryHandler } from "./features/error-recovery"
 
 export type Hooks = Pick<
   PluginHooks,
@@ -25,45 +26,62 @@ export function createHooks(args: {
   projectDir: string
   isHookEnabled: (name: HookName) => boolean
 }): Hooks {
-  const { config, projectDir, isHookEnabled } = args
+  const { config, managers, projectDir, isHookEnabled } = args
+  const { auditStateManager, backgroundManager } = managers
 
-  const { state: auditState, store: findingStore } = createAuditState(projectDir)
-  const { hook: eventHook, getAuditState, setAuditState } = createEventHookV2(projectDir)
-  setAuditState(auditState)
+   const sessionRecoveryHandler = createSessionRecoveryHandler(auditStateManager)
+   const toolErrorRecoveryHandler = createToolErrorRecoveryHandler()
+   const outputTruncator = createToolOutputTruncator()
 
-  const systemPromptHook = isHookEnabled("system-prompt")
-    ? safeCreateHook(
-        () => createSystemPromptHook(getAuditState),
-        "system-prompt"
-      )
-    : undefined
+  const { hook: eventHook, getAuditState, setAuditState } = createEventHookV2(projectDir, [
+    async ({ type, auditState, setAuditState: setState }) => {
+      if (type === "session.created") {
+        const recoveredState = await auditStateManager.load()
+        if (recoveredState) {
+          setState(recoveredState)
+        }
+        return
+      }
+
+      if (type === "session.idle" && auditState) {
+        await auditStateManager.save(auditState)
+        return
+      }
+
+      if (type === "session.deleted") {
+        await auditStateManager.reset()
+      }
+    },
+    async ({ type, sessionId, setAuditState: setState }) => {
+      await sessionRecoveryHandler({ type, sessionId, setAuditState: setState })
+    },
+    async ({ type }) => {
+      if (type === "session.idle") {
+        backgroundManager.getActiveCount()
+      }
+    },
+  ])
 
-  const compactionHook = isHookEnabled("compaction")
+   const initialState = auditStateManager.get()
+   if (initialState) {
+     setAuditState(initialState)
+   }
+
+   const compactionHook = isHookEnabled("compaction")
     ? safeCreateHook(() => createCompactionHook(getAuditState), "compaction")
     : undefined
 
   const toolTrackingHook = isHookEnabled("tool-tracking")
-    ? safeCreateHook(
-        () => createToolTrackingHook(auditState, findingStore),
-        "tool-tracking"
-      )
+    ? safeCreateHook(() => createToolTrackingHook(getAuditState), "tool-tracking")
     : undefined
 
   const safeEventHook = isHookEnabled("event")
     ? safeCreateHook(() => eventHook, "event")
     : undefined
 
-  return {
-    config: createConfigHandler(config),
-    "experimental.chat.system.transform": systemPromptHook
-      ? async (_input, output) => {
-          const block = await systemPromptHook({
-            system: output.system.join("\n\n"),
-            cwd: projectDir,
-          })
-          if (block) output.system.push(block)
-        }
-      : undefined,
+   return {
+     config: createConfigHandler(config, projectDir),
+     "experimental.chat.system.transform": undefined,
     "experimental.session.compacting": compactionHook
       ? async (_input, output) => {
           const block = await compactionHook({ summary: output.context.join("\n") })
@@ -72,11 +90,21 @@ export function createHooks(args: {
       : undefined,
     "tool.execute.after": toolTrackingHook
       ? async (input, output) => {
+          const recoveryHint = toolErrorRecoveryHandler({
+            tool: input.tool,
+            result: output.output,
+          })
+
           await toolTrackingHook({
             tool: input.tool,
             args: input.args,
             result: output.output,
           })
+
+          const outputWithHint = recoveryHint
+            ? `${output.output}${recoveryHint}`
+            : output.output
+          output.output = outputTruncator(outputWithHint)
         }
       : undefined,
     event: safeEventHook,

package/src/features/error-recovery/session-recovery.ts

@@ -1,3 +1,4 @@
+import type { AuditState } from "../../state/types"
 import type { AuditStateManager } from "../../managers/types"
 import { createLogger } from "../../shared/logger"
 
@@ -6,7 +7,11 @@ export function createSessionRecoveryHandler(
 ) {
   const logger = createLogger()
 
-  return async (event: { type: string; sessionId?: string }): Promise<void> => {
+  return async (event: {
+    type: string
+    sessionId?: string
+    setAuditState?: (state: AuditState | null) => void
+  }): Promise<void> => {
     if (event.type !== "session.error") return
 
     logger.info("Session error detected, attempting state recovery...")
@@ -14,6 +19,7 @@ export function createSessionRecoveryHandler(
     try {
       const recovered = await auditStateManager.load()
       if (recovered) {
+        event.setAuditState?.(recovered)
         logger.info(
           `State recovered: phase=${recovered.currentPhase}, findings=${recovered.findings.length}`,
         )

package/src/hooks/config-handler.ts

@@ -1,7 +1,6 @@
 import { resolve, join } from "node:path"
-import { existsSync } from "node:fs"
+import { existsSync, readdirSync } from "node:fs"
 import { homedir } from "node:os"
-import { execSync } from "node:child_process"
 import type { Config } from "@opencode-ai/sdk/v2"
 import type { ArgusConfig } from "../config/types"
 import { DEFAULT_MODELS } from "../constants/defaults"
@@ -13,22 +12,52 @@ import { SCRIBE_PROMPT } from "../agents/scribe-prompt"
 
 const TOB_CACHE_DIR = join(homedir(), ".cache", "solidity-argus", "trailofbits-skills")
 const TOB_REPO_URL = "https://github.com/trailofbits/skills.git"
+let tobCloneInFlight = false
 
-function ensureTrailOfBitsSkills(): string | undefined {
-  if (existsSync(TOB_CACHE_DIR)) return TOB_CACHE_DIR
-  try {
-    execSync(`git clone --depth 1 ${TOB_REPO_URL} "${TOB_CACHE_DIR}"`, {
-      stdio: "ignore",
-      timeout: 30_000,
+function getTrailOfBitsSkillsPaths(rootDir: string): string[] {
+  const pluginsDir = join(rootDir, "plugins")
+  if (!existsSync(pluginsDir)) return []
+
+  const pluginEntries = readdirSync(pluginsDir, { withFileTypes: true })
+  const skillDirs: string[] = []
+
+  for (const entry of pluginEntries) {
+    if (!entry.isDirectory()) continue
+    const pluginSkillsDir = join(pluginsDir, entry.name, "skills")
+    if (existsSync(pluginSkillsDir)) {
+      skillDirs.push(pluginSkillsDir)
+    }
+  }
+
+  return skillDirs
+}
+
+function ensureTrailOfBitsSkills(): string[] {
+  if (existsSync(TOB_CACHE_DIR)) {
+    return getTrailOfBitsSkillsPaths(TOB_CACHE_DIR)
+  }
+
+  if (!tobCloneInFlight) {
+    tobCloneInFlight = true
+    const cloneProcess = Bun.spawn(
+      ["git", "clone", "--depth", "1", TOB_REPO_URL, TOB_CACHE_DIR],
+      {
+        stdin: "ignore",
+        stdout: "ignore",
+        stderr: "ignore",
+      },
+    )
+    cloneProcess.exited.finally(() => {
+      tobCloneInFlight = false
     })
-    return TOB_CACHE_DIR
-  } catch (_e) {
-    return undefined
   }
+
+    return []
 }
 
 export function createConfigHandler(
-  argusConfig: ArgusConfig
+  argusConfig: ArgusConfig,
+  projectDir: string = process.cwd()
 ): (config: Config) => Promise<void> {
   const triggerKnowledgeSync = createKnowledgeSyncHook(argusConfig)
 
@@ -50,6 +79,7 @@ export function createConfigHandler(
             pythia: "allow",
             scribe: "allow",
           },
+          skill: "allow",
         },
       },
       sentinel: {
@@ -57,32 +87,35 @@ export function createConfigHandler(
         model: argusConfig.agents?.sentinel?.model ?? DEFAULT_MODELS.sentinel,
         description: "Static analysis and testing specialist",
         prompt: SENTINEL_PROMPT,
-        tools: {
-          argus_slither_analyze: true,
-          argus_forge_test: true,
-          argus_forge_fuzz: true,
-          argus_analyze_contract: true,
-          argus_check_patterns: true,
-        } satisfies Record<string, boolean>,
+        permission: {
+          argus_slither_analyze: "allow",
+          argus_forge_test: "allow",
+          argus_forge_fuzz: "allow",
+          argus_analyze_contract: "allow",
+          argus_check_patterns: "allow",
+          skill: "allow",
+        },
       },
       pythia: {
         mode: "subagent",
         model: argusConfig.agents?.pythia?.model ?? DEFAULT_MODELS.pythia,
         description: "Vulnerability researcher",
         prompt: PYTHIA_PROMPT,
-        tools: {
-          argus_solodit_search: true,
-          argus_check_patterns: true,
-        } satisfies Record<string, boolean>,
+        permission: {
+          argus_solodit_search: "allow",
+          argus_check_patterns: "allow",
+          skill: "allow",
+        },
       },
       scribe: {
         mode: "subagent",
         model: argusConfig.agents?.scribe?.model ?? DEFAULT_MODELS.scribe,
         description: "Audit report writer",
         prompt: SCRIBE_PROMPT,
-        tools: {
-          argus_generate_report: true,
-        } satisfies Record<string, boolean>,
+        permission: {
+          argus_generate_report: "allow",
+          skill: "allow",
+        },
       },
     }
 
@@ -101,8 +134,18 @@ export function createConfigHandler(
     const skillsPaths = [...(config.skills?.paths ?? [])]
     skillsPaths.push(resolve(import.meta.dir, "../../skills"))
 
-    const tobDir = ensureTrailOfBitsSkills()
-    if (tobDir) skillsPaths.push(tobDir)
+    const customSkillsDir = argusConfig.knowledge?.customSkillsDir
+    if (customSkillsDir) {
+      const resolvedCustomSkillsDir = customSkillsDir.startsWith("/")
+        ? customSkillsDir
+        : resolve(projectDir, customSkillsDir)
+      if (existsSync(resolvedCustomSkillsDir)) {
+        skillsPaths.push(resolvedCustomSkillsDir)
+      }
+    }
+
+    const tobSkillDirs = ensureTrailOfBitsSkills()
+    if (tobSkillDirs.length > 0) skillsPaths.push(...tobSkillDirs)
 
     config.skills = {
       ...(config.skills ?? {}),

package/src/hooks/event-hook-v2.ts

@@ -1,4 +1,4 @@
-import type { AuditState, AuditPhase } from "../state/types"
+import type { AuditState } from "../state/types"
 import { createAuditState } from "../state/audit-state"
 import { createLogger } from "../shared/logger"
 
@@ -19,6 +19,7 @@ export type EventSubHandler = (event: {
   type: string
   sessionId?: string
   auditState: AuditState | null
+  setAuditState: (state: AuditState | null) => void
 }) => Promise<void>
 
 export function createEventHookV2(
@@ -82,7 +83,12 @@ export function createEventHookV2(
 
     for (const handler of subHandlers) {
       try {
-        await handler({ type, sessionId, auditState: currentAuditState })
+        await handler({
+          type,
+          sessionId,
+          auditState: currentAuditState,
+          setAuditState,
+        })
       } catch (error) {
         logger.error(`Sub-handler failed for event ${type}:`, error)
       }

package/src/hooks/tool-tracking-hook.ts

@@ -1,5 +1,6 @@
 import type { AuditState, FindingSeverity } from "../state/types"
 import type { FindingStore } from "../state/finding-store"
+import { createFindingStore } from "../state/finding-store"
 
 type ToolHookInput = {
   tool: string
@@ -193,14 +194,33 @@ function recordToolExecution(
  * Findings are deduplicated via the FindingStore (by check+file+lines).
  */
 export function createToolTrackingHook(
-  auditState: AuditState,
-  store: FindingStore
+  getAuditState: () => AuditState | null
 ): (input: ToolHookInput) => Promise<void> {
+  const storesByState = new WeakMap<AuditState, FindingStore>()
+
+  function resolveStateAndStore(): { state: AuditState; store: FindingStore } | null {
+    const state = getAuditState()
+    if (!state) return null
+
+    let store = storesByState.get(state)
+    if (!store) {
+      store = createFindingStore(state)
+      storesByState.set(state, store)
+    }
+
+    return { state, store }
+  }
+
   return async (input: ToolHookInput): Promise<void> => {
     if (!input.tool.startsWith("argus_")) {
       return
     }
 
+    const resolved = resolveStateAndStore()
+    if (!resolved) return
+
+    const { state: auditState, store } = resolved
+
     let parsed: unknown
     try {
       parsed = JSON.parse(input.result)

package/src/hooks/types.ts

@@ -4,7 +4,6 @@
  */
 
 export type HookName =
-  | "system-prompt"
   | "compaction"
   | "tool-tracking"
   | "event"

package/src/index.ts

@@ -1,5 +1,4 @@
 import type { Plugin } from "@opencode-ai/plugin"
-import { spawn } from "node:child_process"
 import { loadArgusConfig } from "./config/loader"
 import { createHookGuard } from "./hooks/hook-system"
 import { createTools } from "./create-tools"
@@ -8,13 +7,13 @@ import { createManagers } from "./create-managers"
 import { createPluginInterface } from "./plugin-interface"
 
 function startSoloditMcp(port: number): void {
-  const child = spawn("npx", ["-y", "@lyuboslavlyubenov/solodit-mcp"], {
-    stdio: "ignore",
-    detached: false,
+  const child = Bun.spawn(["npx", "-y", "@lyuboslavlyubenov/solodit-mcp"], {
+    stdin: "ignore",
+    stdout: "ignore",
+    stderr: "ignore",
     env: { ...process.env, PORT: String(port) },
   })
   child.unref()
-  child.on("error", () => {})
 }
 
 const ArgusPlugin: Plugin = async (ctx) => {

package/src/plugin-interface.ts

@@ -11,17 +11,12 @@ export function createPluginInterface(args: {
 }): PluginReturn {
   const { tools, hooks } = args
 
-  const result: PluginReturn = {
-    tool: tools,
-    config: hooks.config,
-  }
-
-  if (hooks["experimental.chat.system.transform"]) {
-    result["experimental.chat.system.transform"] =
-      hooks["experimental.chat.system.transform"]
-  }
+   const result: PluginReturn = {
+     tool: tools,
+     config: hooks.config,
+   }
 
-  if (hooks["experimental.session.compacting"]) {
+   if (hooks["experimental.session.compacting"]) {
     result["experimental.session.compacting"] =
       hooks["experimental.session.compacting"]
   }

package/src/hooks/system-prompt-hook.ts

@@ -1,126 +0,0 @@
-import { join } from "node:path";
-import type { AuditState, FindingSeverity } from "../state/types";
-
-interface SystemPromptInput {
-  system: string;
-  cwd: string;
-}
-
-/**
- * Checks if the given directory contains a Solidity project
- * by looking for foundry.toml or hardhat.config.{js,ts}
- */
-async function isSolidityProject(cwd: string): Promise<boolean> {
-  const checks = [
-    Bun.file(join(cwd, "foundry.toml")).exists(),
-    Bun.file(join(cwd, "hardhat.config.js")).exists(),
-    Bun.file(join(cwd, "hardhat.config.ts")).exists(),
-  ];
-
-  const results = await Promise.all(checks);
-  return results.some(Boolean);
-}
-
-/**
- * Counts findings by severity from the audit state
- */
-function countFindingsBySeverity(
-  findings: AuditState["findings"]
-): Record<FindingSeverity, number> {
-  const counts: Record<FindingSeverity, number> = {
-    Critical: 0,
-    High: 0,
-    Medium: 0,
-    Low: 0,
-    Informational: 0,
-  };
-
-  for (const finding of findings) {
-    counts[finding.severity]++;
-  }
-
-  return counts;
-}
-
-/**
- * Builds the audit state summary section for the injected context
- */
-function buildAuditStateSummary(state: AuditState | null): string {
-  if (!state) {
-    return "No active audit session. Use @argus to start an audit.";
-  }
-
-  const counts = countFindingsBySeverity(state.findings);
-  const scopeList =
-    state.scope.length > 0 ? state.scope.join(", ") : "not defined";
-  const reviewedList =
-    state.contractsReviewed.length > 0
-      ? state.contractsReviewed.join(", ")
-      : "none yet";
-
-  return [
-    `Phase: ${state.currentPhase}`,
-    `Scope: ${scopeList}`,
-    `Contracts reviewed: ${reviewedList}`,
-    `Findings: ${state.findings.length} total — Critical: ${counts.Critical}, High: ${counts.High}, Medium: ${counts.Medium}, Low: ${counts.Low}, Info: ${counts.Informational}`,
-  ].join("\n");
-}
-
-/**
- * Builds the full audit context block to inject into the system prompt.
- * Designed to be concise (500-800 tokens).
- */
-function buildAuditContextBlock(state: AuditState | null): string {
-  return `
-<argus-context>
-## Solidity Audit Context
-
-### Severity Classification
-- **Critical**: Direct theft/freezing of funds, unauthorized admin access, contract destruction
-- **High**: Indirect fund loss, business logic manipulation, DoS on critical functions
-- **Medium**: Degraded functionality, edge-case bugs, partial DoS, poor validation
-- **Low**: Code quality issues, suboptimal patterns, missing events, minor logic issues
-- **Informational**: Gas optimizations, style suggestions, best practices, non-security notes
-
-### Available Argus Tools
-- \`argus_slither_analyze\`: Run Slither static analysis on Solidity codebase
-- \`argus_forge_test\`: Execute Foundry/Forge tests for vulnerability verification
-- \`argus_forge_fuzz\`: Fuzz specific functions to discover edge cases
-- \`argus_analyze_contract\`: Generate deep structural profile of a contract
-- \`argus_check_patterns\`: Scan code against known vulnerability pattern library
-- \`argus_solodit_search\`: Search real-world audit reports and known vulnerabilities
-- \`argus_generate_report\`: Compile findings into structured audit report
-- \`argus_sync_knowledge\`: Update local vulnerability database (SCVD)
-
-### Audit State
-${buildAuditStateSummary(state)}
-
-### Quick Reference
-Use @argus for full audits, @sentinel for testing, @pythia for research, @scribe for reports.
-Severity must follow classification above. Do not inflate severity.
-</argus-context>`.trim();
-}
-
-/**
- * Factory function that creates a system prompt transform hook.
- * The hook injects Solidity audit context when working in a Solidity project.
- *
- * @param getAuditState - Accessor function for current audit state (may return null)
- * @returns Async transform function compatible with OpenCode's experimental.chat.system.transform
- */
-export function createSystemPromptHook(
-  getAuditState: () => AuditState | null
-): (input: SystemPromptInput) => Promise<string | null> {
-  return async (input: SystemPromptInput): Promise<string | null> => {
-    const isSolidity = await isSolidityProject(input.cwd);
-
-    if (!isSolidity) {
-      return null;
-    }
-
-    const auditState = getAuditState();
-    return buildAuditContextBlock(auditState);
-  };
-}
-
-export default createSystemPromptHook;