solidity-argus 0.1.7 → 0.1.8

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "solidity-argus",
-  "version": "0.1.7",
+  "version": "0.1.8",
   "description": "Solidity smart contract security auditing plugin for OpenCode — 4 specialized agents, 8 tools, and a curated vulnerability knowledge base",
   "keywords": ["solidity", "security", "audit", "opencode", "plugin", "smart-contract", "ethereum", "defi", "slither", "foundry"],
   "author": "Apegurus",

package/src/agents/argus-prompt.ts

@@ -272,14 +272,14 @@ Your subagents have access to these specialized tools. Know when to delegate eac
 You have access to OpenCode Skills through the \`skill\` tool. Skills are specialized knowledge modules and must be used proactively when they improve audit accuracy.
 
 - **Curated skill map (load these first)**:
-  - **Reconnaissance**: \`protocol-patterns/amm-dex\`, \`protocol-patterns/lending-borrowing\`, \`protocol-patterns/bridges-cross-chain\`
-  - **Manual Review**: \`vulnerability-patterns/reentrancy\`, \`vulnerability-patterns/oracle-manipulation\`, \`vulnerability-patterns/access-control\`
-  - **Verification**: \`checklists/cyfrin-defi-core\`, \`methodology/severity-classification\`, \`methodology/report-template\`
+   - **Reconnaissance**: \`amm-dex\`, \`lending-borrowing\`, \`bridges-cross-chain\`
+   - **Manual Review**: \`reentrancy\`, \`oracle-manipulation\`, \`access-control\`
+   - **Verification**: \`cyfrin-defi-core\`, \`severity-classification\`, \`report-template\`
 
 - **Deterministic trigger rules**:
-  - If the protocol uses AMM reserves or pool math, load \`protocol-patterns/amm-dex\` before Attack Surface Mapping.
-  - If price feeds or spot prices influence critical state changes, load \`vulnerability-patterns/oracle-manipulation\` before severity assessment.
-  - If proxy/upgrade patterns are present, load \`checklists/cyfrin-best-practices-upgrades\` before final recommendations.
+   - If the protocol uses AMM reserves or pool math, load \`amm-dex\` before Attack Surface Mapping.
+   - If price feeds or spot prices influence critical state changes, load \`oracle-manipulation\` before severity assessment.
+   - If proxy/upgrade patterns are present, load \`cyfrin-best-practices-upgrades\` before final recommendations.
 
 - **Trail of Bits skills**:
   - For pre-audit deep context modeling and attack-surface grounding: \`audit-context-building\`

package/src/agents/pythia-prompt.ts

@@ -91,20 +91,20 @@ OpenCode has a powerful **Skills** system that allows you to load specialized kn
 
 **How to use**:
 - Load a relevant skill before deep research when protocol context is non-trivial.
-- Prioritize \`vulnerability-patterns/*\`, \`protocol-patterns/*\`, and \`references/*\` skills for exploit precedent mapping.
+- Prioritize vulnerability pattern skills, protocol pattern skills, and reference skills for exploit precedent mapping.
 - Use the \`skill\` tool directly when available to load the exact skill you need.
 - **Curated skill map**:
-  - \`vulnerability-patterns/reentrancy\`, \`vulnerability-patterns/oracle-manipulation\`, \`vulnerability-patterns/flash-loan-attacks\`
-  - \`protocol-patterns/lending-borrowing\`, \`protocol-patterns/amm-dex\`
-  - \`references/exploit-reference\`
+   - \`reentrancy\`, \`oracle-manipulation\`, \`flash-loan-attacks\`
+   - \`lending-borrowing\`, \`amm-dex\`
+   - \`exploit-reference\`
 - **Deterministic trigger rules**:
-  - If you investigate spot-price dependencies, load \`vulnerability-patterns/oracle-manipulation\` first.
-  - If capital-efficient attacks or same-block loops are plausible, load \`vulnerability-patterns/flash-loan-attacks\` first.
-  - If the protocol integrates arbitrary ERC20s, load ToB \`token-integration-analyzer\` (building-secure-contracts plugin) before recommendation drafting.
+   - If you investigate spot-price dependencies, load \`oracle-manipulation\` first.
+   - If capital-efficient attacks or same-block loops are plausible, load \`flash-loan-attacks\` first.
+   - If the protocol integrates arbitrary ERC20s, load ToB \`token-integration-analyzer\` (building-secure-contracts plugin) before recommendation drafting.
 - **Examples**:
-  - "I am loading \`reentrancy\` to cross-reference known exploit patterns and missed edge cases."
-  - "I am loading \`lending-borrowing\` to map lending-specific oracle and liquidation failure modes."
-  - "I am loading \`audit-context-building\` (Trail of Bits) to build a line-by-line system model before vulnerability hypothesis generation."
+   - "I am loading \`reentrancy\` to cross-reference known exploit patterns and missed edge cases."
+   - "I am loading \`lending-borrowing\` to map lending-specific oracle and liquidation failure modes."
+   - "I am loading \`audit-context-building\` (Trail of Bits) to build a line-by-line system model before vulnerability hypothesis generation."
 - You are a generalist researcher. Use Skills to become a specialist on demand.
 
 ## OUTPUT FORMAT

package/src/agents/scribe-prompt.ts

@@ -65,12 +65,12 @@ Before generating the report, verify:
 Use the \`skill\` tool when needed to improve report quality and consistency.
 
 - **Curated skill map**:
-  - \`methodology/report-template\`, \`methodology/severity-classification\`
-  - \`checklists/cyfrin-defi-core\`
-  - \`references/exploit-reference\`
+   - \`report-template\`, \`severity-classification\`
+   - \`cyfrin-defi-core\`
+   - \`exploit-reference\`
 - **Deterministic trigger rules**:
-  - If severity wording drifts, load \`methodology/severity-classification\` before publishing.
-  - If recommendation quality is generic, load \`checklists/cyfrin-defi-core\` before final edits.
+   - If severity wording drifts, load \`severity-classification\` before publishing.
+   - If recommendation quality is generic, load \`cyfrin-defi-core\` before final edits.
 
 ## OUTPUT FORMAT
 

package/src/agents/sentinel-prompt.ts

@@ -92,13 +92,13 @@ You have access to a specific set of tools. Use them effectively.
 Use the \`skill\` tool to load specialized skills before deep verification work.
 
 - **Curated skill map**:
-  - \`vulnerability-patterns/reentrancy\`, \`vulnerability-patterns/access-control\`, \`vulnerability-patterns/oracle-manipulation\`
-  - \`checklists/cyfrin-defi-integrations\`, \`methodology/severity-classification\`
-  - Trail of Bits: \`property-based-testing\`, \`variant-analysis\`
+   - \`reentrancy\`, \`access-control\`, \`oracle-manipulation\`
+   - \`cyfrin-defi-integrations\`, \`severity-classification\`
+   - Trail of Bits: \`property-based-testing\`, \`variant-analysis\`
 - **Deterministic trigger rules**:
-  - If external calls and mutable state interleave, load \`vulnerability-patterns/reentrancy\` before writing PoCs.
-  - If privileged flows are central to the finding, load \`vulnerability-patterns/access-control\` before severity scoring.
-  - If fuzzing strategy is unclear, load ToB \`property-based-testing\` before selecting invariants.
+   - If external calls and mutable state interleave, load \`reentrancy\` before writing PoCs.
+   - If privileged flows are central to the finding, load \`access-control\` before severity scoring.
+   - If fuzzing strategy is unclear, load ToB \`property-based-testing\` before selecting invariants.
 
 ## OUTPUT FORMAT
 

package/src/create-hooks.ts

@@ -2,13 +2,14 @@ import type { Hooks as PluginHooks } from "@opencode-ai/plugin"
 import type { ArgusConfig } from "./config/types"
 import type { Managers } from "./managers/types"
 import type { HookName } from "./hooks/types"
-import { createAuditState } from "./state/audit-state"
 import { createConfigHandler } from "./hooks/config-handler"
-import { createSystemPromptHook } from "./hooks/system-prompt-hook"
 import { createCompactionHook } from "./hooks/compaction-hook"
 import { createToolTrackingHook } from "./hooks/tool-tracking-hook"
 import { createEventHookV2 } from "./hooks/event-hook-v2"
 import { safeCreateHook } from "./hooks/safe-create-hook"
+import { createToolOutputTruncator } from "./features/context-monitor"
+import { createSessionRecoveryHandler } from "./features/error-recovery"
+import { createToolErrorRecoveryHandler } from "./features/error-recovery"
 
 export type Hooks = Pick<
   PluginHooks,
@@ -25,49 +26,62 @@ export function createHooks(args: {
   projectDir: string
   isHookEnabled: (name: HookName) => boolean
 }): Hooks {
-  const { config, projectDir, isHookEnabled } = args
+  const { config, managers, projectDir, isHookEnabled } = args
+  const { auditStateManager, backgroundManager } = managers
 
-  const { state: auditState, store: findingStore } = createAuditState(projectDir)
-  const { hook: eventHook, getAuditState, setAuditState } = createEventHookV2(projectDir)
-  setAuditState(auditState)
+   const sessionRecoveryHandler = createSessionRecoveryHandler(auditStateManager)
+   const toolErrorRecoveryHandler = createToolErrorRecoveryHandler()
+   const outputTruncator = createToolOutputTruncator()
 
-  const systemPromptHook = isHookEnabled("system-prompt")
-    ? safeCreateHook(
-        () =>
-          createSystemPromptHook(getAuditState, {
-            argusConfig: config,
-            projectDir,
-          }),
-        "system-prompt"
-      )
-    : undefined
+  const { hook: eventHook, getAuditState, setAuditState } = createEventHookV2(projectDir, [
+    async ({ type, auditState, setAuditState: setState }) => {
+      if (type === "session.created") {
+        const recoveredState = await auditStateManager.load()
+        if (recoveredState) {
+          setState(recoveredState)
+        }
+        return
+      }
+
+      if (type === "session.idle" && auditState) {
+        await auditStateManager.save(auditState)
+        return
+      }
+
+      if (type === "session.deleted") {
+        await auditStateManager.reset()
+      }
+    },
+    async ({ type, sessionId, setAuditState: setState }) => {
+      await sessionRecoveryHandler({ type, sessionId, setAuditState: setState })
+    },
+    async ({ type }) => {
+      if (type === "session.idle") {
+        backgroundManager.getActiveCount()
+      }
+    },
+  ])
 
-  const compactionHook = isHookEnabled("compaction")
+   const initialState = auditStateManager.get()
+   if (initialState) {
+     setAuditState(initialState)
+   }
+
+   const compactionHook = isHookEnabled("compaction")
     ? safeCreateHook(() => createCompactionHook(getAuditState), "compaction")
     : undefined
 
   const toolTrackingHook = isHookEnabled("tool-tracking")
-    ? safeCreateHook(
-        () => createToolTrackingHook(auditState, findingStore),
-        "tool-tracking"
-      )
+    ? safeCreateHook(() => createToolTrackingHook(getAuditState), "tool-tracking")
     : undefined
 
   const safeEventHook = isHookEnabled("event")
     ? safeCreateHook(() => eventHook, "event")
     : undefined
 
-  return {
-    config: createConfigHandler(config, projectDir),
-    "experimental.chat.system.transform": systemPromptHook
-      ? async (_input, output) => {
-          const block = await systemPromptHook({
-            system: output.system.join("\n\n"),
-            cwd: projectDir,
-          })
-          if (block) output.system.push(block)
-        }
-      : undefined,
+   return {
+     config: createConfigHandler(config, projectDir),
+     "experimental.chat.system.transform": undefined,
     "experimental.session.compacting": compactionHook
       ? async (_input, output) => {
           const block = await compactionHook({ summary: output.context.join("\n") })
@@ -76,11 +90,21 @@ export function createHooks(args: {
       : undefined,
     "tool.execute.after": toolTrackingHook
       ? async (input, output) => {
+          const recoveryHint = toolErrorRecoveryHandler({
+            tool: input.tool,
+            result: output.output,
+          })
+
           await toolTrackingHook({
             tool: input.tool,
             args: input.args,
             result: output.output,
           })
+
+          const outputWithHint = recoveryHint
+            ? `${output.output}${recoveryHint}`
+            : output.output
+          output.output = outputTruncator(outputWithHint)
         }
       : undefined,
     event: safeEventHook,

package/src/features/error-recovery/session-recovery.ts

@@ -1,3 +1,4 @@
+import type { AuditState } from "../../state/types"
 import type { AuditStateManager } from "../../managers/types"
 import { createLogger } from "../../shared/logger"
 
@@ -6,7 +7,11 @@ export function createSessionRecoveryHandler(
 ) {
   const logger = createLogger()
 
-  return async (event: { type: string; sessionId?: string }): Promise<void> => {
+  return async (event: {
+    type: string
+    sessionId?: string
+    setAuditState?: (state: AuditState | null) => void
+  }): Promise<void> => {
     if (event.type !== "session.error") return
 
     logger.info("Session error detected, attempting state recovery...")
@@ -14,6 +19,7 @@ export function createSessionRecoveryHandler(
     try {
       const recovered = await auditStateManager.load()
       if (recovered) {
+        event.setAuditState?.(recovered)
         logger.info(
           `State recovered: phase=${recovered.currentPhase}, findings=${recovered.findings.length}`,
         )

package/src/hooks/config-handler.ts

@@ -1,7 +1,6 @@
 import { resolve, join } from "node:path"
 import { existsSync, readdirSync } from "node:fs"
 import { homedir } from "node:os"
-import { execSync } from "node:child_process"
 import type { Config } from "@opencode-ai/sdk/v2"
 import type { ArgusConfig } from "../config/types"
 import { DEFAULT_MODELS } from "../constants/defaults"
@@ -13,6 +12,7 @@ import { SCRIBE_PROMPT } from "../agents/scribe-prompt"
 
 const TOB_CACHE_DIR = join(homedir(), ".cache", "solidity-argus", "trailofbits-skills")
 const TOB_REPO_URL = "https://github.com/trailofbits/skills.git"
+let tobCloneInFlight = false
 
 function getTrailOfBitsSkillsPaths(rootDir: string): string[] {
   const pluginsDir = join(rootDir, "plugins")
@@ -33,16 +33,26 @@ function getTrailOfBitsSkillsPaths(rootDir: string): string[] {
 }
 
 function ensureTrailOfBitsSkills(): string[] {
-  if (existsSync(TOB_CACHE_DIR)) return getTrailOfBitsSkillsPaths(TOB_CACHE_DIR)
-  try {
-    execSync(`git clone --depth 1 ${TOB_REPO_URL} "${TOB_CACHE_DIR}"`, {
-      stdio: "ignore",
-      timeout: 30_000,
-    })
+  if (existsSync(TOB_CACHE_DIR)) {
     return getTrailOfBitsSkillsPaths(TOB_CACHE_DIR)
-  } catch (_e) {
-    return []
   }
+
+  if (!tobCloneInFlight) {
+    tobCloneInFlight = true
+    const cloneProcess = Bun.spawn(
+      ["git", "clone", "--depth", "1", TOB_REPO_URL, TOB_CACHE_DIR],
+      {
+        stdin: "ignore",
+        stdout: "ignore",
+        stderr: "ignore",
+      },
+    )
+    cloneProcess.exited.finally(() => {
+      tobCloneInFlight = false
+    })
+  }
+
+    return []
 }
 
 export function createConfigHandler(

package/src/hooks/event-hook-v2.ts

@@ -1,4 +1,4 @@
-import type { AuditState, AuditPhase } from "../state/types"
+import type { AuditState } from "../state/types"
 import { createAuditState } from "../state/audit-state"
 import { createLogger } from "../shared/logger"
 
@@ -19,6 +19,7 @@ export type EventSubHandler = (event: {
   type: string
   sessionId?: string
   auditState: AuditState | null
+  setAuditState: (state: AuditState | null) => void
 }) => Promise<void>
 
 export function createEventHookV2(
@@ -82,7 +83,12 @@ export function createEventHookV2(
 
     for (const handler of subHandlers) {
       try {
-        await handler({ type, sessionId, auditState: currentAuditState })
+        await handler({
+          type,
+          sessionId,
+          auditState: currentAuditState,
+          setAuditState,
+        })
       } catch (error) {
         logger.error(`Sub-handler failed for event ${type}:`, error)
       }

package/src/hooks/tool-tracking-hook.ts

@@ -1,5 +1,6 @@
 import type { AuditState, FindingSeverity } from "../state/types"
 import type { FindingStore } from "../state/finding-store"
+import { createFindingStore } from "../state/finding-store"
 
 type ToolHookInput = {
   tool: string
@@ -193,14 +194,33 @@ function recordToolExecution(
  * Findings are deduplicated via the FindingStore (by check+file+lines).
  */
 export function createToolTrackingHook(
-  auditState: AuditState,
-  store: FindingStore
+  getAuditState: () => AuditState | null
 ): (input: ToolHookInput) => Promise<void> {
+  const storesByState = new WeakMap<AuditState, FindingStore>()
+
+  function resolveStateAndStore(): { state: AuditState; store: FindingStore } | null {
+    const state = getAuditState()
+    if (!state) return null
+
+    let store = storesByState.get(state)
+    if (!store) {
+      store = createFindingStore(state)
+      storesByState.set(state, store)
+    }
+
+    return { state, store }
+  }
+
   return async (input: ToolHookInput): Promise<void> => {
     if (!input.tool.startsWith("argus_")) {
       return
     }
 
+    const resolved = resolveStateAndStore()
+    if (!resolved) return
+
+    const { state: auditState, store } = resolved
+
     let parsed: unknown
     try {
       parsed = JSON.parse(input.result)

package/src/hooks/types.ts

@@ -4,7 +4,6 @@
  */
 
 export type HookName =
-  | "system-prompt"
   | "compaction"
   | "tool-tracking"
   | "event"

package/src/index.ts

@@ -1,5 +1,4 @@
 import type { Plugin } from "@opencode-ai/plugin"
-import { spawn } from "node:child_process"
 import { loadArgusConfig } from "./config/loader"
 import { createHookGuard } from "./hooks/hook-system"
 import { createTools } from "./create-tools"
@@ -8,13 +7,13 @@ import { createManagers } from "./create-managers"
 import { createPluginInterface } from "./plugin-interface"
 
 function startSoloditMcp(port: number): void {
-  const child = spawn("npx", ["-y", "@lyuboslavlyubenov/solodit-mcp"], {
-    stdio: "ignore",
-    detached: false,
+  const child = Bun.spawn(["npx", "-y", "@lyuboslavlyubenov/solodit-mcp"], {
+    stdin: "ignore",
+    stdout: "ignore",
+    stderr: "ignore",
     env: { ...process.env, PORT: String(port) },
   })
   child.unref()
-  child.on("error", () => {})
 }
 
 const ArgusPlugin: Plugin = async (ctx) => {

package/src/plugin-interface.ts

@@ -11,17 +11,12 @@ export function createPluginInterface(args: {
 }): PluginReturn {
   const { tools, hooks } = args
 
-  const result: PluginReturn = {
-    tool: tools,
-    config: hooks.config,
-  }
-
-  if (hooks["experimental.chat.system.transform"]) {
-    result["experimental.chat.system.transform"] =
-      hooks["experimental.chat.system.transform"]
-  }
+   const result: PluginReturn = {
+     tool: tools,
+     config: hooks.config,
+   }
 
-  if (hooks["experimental.session.compacting"]) {
+   if (hooks["experimental.session.compacting"]) {
     result["experimental.session.compacting"] =
       hooks["experimental.session.compacting"]
   }

package/src/hooks/system-prompt-hook.ts

@@ -1,257 +0,0 @@
-import { existsSync, readdirSync } from "node:fs";
-import { homedir } from "node:os";
-import { join, resolve } from "node:path";
-import type { ArgusConfig } from "../config/types";
-import type { AuditState, FindingSeverity } from "../state/types";
-
-interface SystemPromptInput {
-  system: string;
-  cwd: string;
-}
-
-interface SkillIndexEntry {
-  count: number;
-  sample: string[];
-}
-
-interface SkillIndexSnapshot {
-  bundled: SkillIndexEntry;
-  trailOfBits: SkillIndexEntry;
-  custom: SkillIndexEntry;
-}
-
-const TOB_CACHE_DIR = join(homedir(), ".cache", "solidity-argus", "trailofbits-skills");
-
-/**
- * Checks if the given directory contains a Solidity project
- * by looking for foundry.toml or hardhat.config.{js,ts}
- */
-async function isSolidityProject(cwd: string): Promise<boolean> {
-  const checks = [
-    Bun.file(join(cwd, "foundry.toml")).exists(),
-    Bun.file(join(cwd, "hardhat.config.js")).exists(),
-    Bun.file(join(cwd, "hardhat.config.ts")).exists(),
-  ];
-
-  const results = await Promise.all(checks);
-  return results.some(Boolean);
-}
-
-/**
- * Counts findings by severity from the audit state
- */
-function countFindingsBySeverity(
-  findings: AuditState["findings"]
-): Record<FindingSeverity, number> {
-  const counts: Record<FindingSeverity, number> = {
-    Critical: 0,
-    High: 0,
-    Medium: 0,
-    Low: 0,
-    Informational: 0,
-  };
-
-  for (const finding of findings) {
-    counts[finding.severity]++;
-  }
-
-  return counts;
-}
-
-/**
- * Builds the audit state summary section for the injected context
- */
-function buildAuditStateSummary(state: AuditState | null): string {
-  if (!state) {
-    return "No active audit session. Use @argus to start an audit.";
-  }
-
-  const counts = countFindingsBySeverity(state.findings);
-  const scopeList =
-    state.scope.length > 0 ? state.scope.join(", ") : "not defined";
-  const reviewedList =
-    state.contractsReviewed.length > 0
-      ? state.contractsReviewed.join(", ")
-      : "none yet";
-
-  return [
-    `Phase: ${state.currentPhase}`,
-    `Scope: ${scopeList}`,
-    `Contracts reviewed: ${reviewedList}`,
-    `Findings: ${state.findings.length} total — Critical: ${counts.Critical}, High: ${counts.High}, Medium: ${counts.Medium}, Low: ${counts.Low}, Info: ${counts.Informational}`,
-  ].join("\n");
-}
-
-function collectSkillNamesFromRoot(rootPath: string): string[] {
-  if (!existsSync(rootPath)) {
-    return [];
-  }
-
-  const rootEntries = readdirSync(rootPath, { withFileTypes: true });
-  const names = new Set<string>();
-
-  for (const rootEntry of rootEntries) {
-    if (!rootEntry.isDirectory()) continue;
-
-    const directSkill = join(rootPath, rootEntry.name, "SKILL.md");
-    if (existsSync(directSkill)) {
-      names.add(rootEntry.name);
-      continue;
-    }
-
-    const categoryDir = join(rootPath, rootEntry.name);
-    const categoryEntries = readdirSync(categoryDir, { withFileTypes: true });
-
-    for (const categoryEntry of categoryEntries) {
-      if (!categoryEntry.isDirectory()) continue;
-      const categorySkill = join(categoryDir, categoryEntry.name, "SKILL.md");
-      if (existsSync(categorySkill)) {
-        names.add(`${rootEntry.name}/${categoryEntry.name}`);
-      }
-    }
-  }
-
-  return Array.from(names).sort();
-}
-
-function getTrailOfBitsSkillRoots(): string[] {
-  const pluginsDir = join(TOB_CACHE_DIR, "plugins");
-  if (!existsSync(pluginsDir)) {
-    return [];
-  }
-
-  const pluginEntries = readdirSync(pluginsDir, { withFileTypes: true });
-  const roots: string[] = [];
-
-  for (const pluginEntry of pluginEntries) {
-    if (!pluginEntry.isDirectory()) continue;
-    const pluginSkillsRoot = join(pluginsDir, pluginEntry.name, "skills");
-    if (existsSync(pluginSkillsRoot)) {
-      roots.push(pluginSkillsRoot);
-    }
-  }
-
-  return roots;
-}
-
-function toSkillIndexEntry(skillNames: string[]): SkillIndexEntry {
-  return {
-    count: skillNames.length,
-    sample: skillNames.slice(0, 3),
-  };
-}
-
-function buildSkillIndexSnapshot(args: {
-  argusConfig?: ArgusConfig;
-  projectDir?: string;
-}): SkillIndexSnapshot {
-  const bundledRoot = resolve(import.meta.dir, "../../skills");
-  const bundledSkills = collectSkillNamesFromRoot(bundledRoot);
-
-  const trailOfBitsSkills = new Set<string>();
-  for (const tobRoot of getTrailOfBitsSkillRoots()) {
-    for (const name of collectSkillNamesFromRoot(tobRoot)) {
-      trailOfBitsSkills.add(name);
-    }
-  }
-
-  const customDir = args.argusConfig?.knowledge?.customSkillsDir;
-  const customRoot = customDir
-    ? customDir.startsWith("/")
-      ? customDir
-      : resolve(args.projectDir ?? process.cwd(), customDir)
-    : undefined;
-  const customSkills = customRoot ? collectSkillNamesFromRoot(customRoot) : [];
-
-  return {
-    bundled: toSkillIndexEntry(bundledSkills),
-    trailOfBits: toSkillIndexEntry(Array.from(trailOfBitsSkills).sort()),
-    custom: toSkillIndexEntry(customSkills),
-  };
-}
-
-function formatSkillSample(entry: SkillIndexEntry): string {
-  return entry.sample.length > 0 ? entry.sample.join(", ") : "none";
-}
-
-/**
- * Builds the full audit context block to inject into the system prompt.
- * Designed to be concise (500-800 tokens).
- */
-function buildAuditContextBlock(
-  state: AuditState | null,
-  skillIndex: SkillIndexSnapshot
-): string {
-  return `
-<argus-context>
-## Solidity Audit Context
-
-### Severity Classification
-- **Critical**: Direct theft/freezing of funds, unauthorized admin access, contract destruction
-- **High**: Indirect fund loss, business logic manipulation, DoS on critical functions
-- **Medium**: Degraded functionality, edge-case bugs, partial DoS, poor validation
-- **Low**: Code quality issues, suboptimal patterns, missing events, minor logic issues
-- **Informational**: Gas optimizations, style suggestions, best practices, non-security notes
-
-### Available Argus Tools
-- \`argus_slither_analyze\`: Run Slither static analysis on Solidity codebase
-- \`argus_forge_test\`: Execute Foundry/Forge tests for vulnerability verification
-- \`argus_forge_fuzz\`: Fuzz specific functions to discover edge cases
-- \`argus_analyze_contract\`: Generate deep structural profile of a contract
-- \`argus_check_patterns\`: Scan code against known vulnerability pattern library
-- \`argus_solodit_search\`: Search real-world audit reports and known vulnerabilities
-- \`argus_generate_report\`: Compile findings into structured audit report
-- \`argus_sync_knowledge\`: Update local vulnerability database (SCVD)
-
-### Available Skills
-- \`vulnerability-patterns/*\`: 35+ exploit classes (reentrancy, oracle manipulation, flash loans)
-- \`protocol-patterns/*\`: AMM/DEX, lending, bridges, governance, staking-specific heuristics
-- \`methodology/*\`: audit workflow, severity calibration, and report structure guidance
-- \`checklists/*\`: structured review checklists for upgrades, integrations, and DeFi best practices
-- \`references/*\`: exploit references and vulnerable examples for historical precedent
-- Trail of Bits skills include both audit-relevant and general engineering skills; prioritize security-audit-oriented skills
-
-### Skill Index Snapshot
-- Bundled skills: ${skillIndex.bundled.count} (examples: ${formatSkillSample(skillIndex.bundled)})
-- Trail of Bits skills: ${skillIndex.trailOfBits.count} (examples: ${formatSkillSample(skillIndex.trailOfBits)})
-- Custom project skills: ${skillIndex.custom.count} (examples: ${formatSkillSample(skillIndex.custom)})
-- Use the \`skill\` tool with exact skill names from the catalog
-
-### Audit State
-${buildAuditStateSummary(state)}
-
-### Quick Reference
-Use @argus for full audits, @sentinel for testing, @pythia for research, @scribe for reports.
-Severity must follow classification above. Do not inflate severity.
-</argus-context>`.trim();
-}
-
-/**
- * Factory function that creates a system prompt transform hook.
- * The hook injects Solidity audit context when working in a Solidity project.
- *
- * @param getAuditState - Accessor function for current audit state (may return null)
- * @returns Async transform function compatible with OpenCode's experimental.chat.system.transform
- */
-export function createSystemPromptHook(
-  getAuditState: () => AuditState | null,
-  options?: { argusConfig?: ArgusConfig; projectDir?: string }
-): (input: SystemPromptInput) => Promise<string | null> {
-  const skillIndex = buildSkillIndexSnapshot({
-    argusConfig: options?.argusConfig,
-    projectDir: options?.projectDir,
-  });
-
-  return async (input: SystemPromptInput): Promise<string | null> => {
-    const isSolidity = await isSolidityProject(input.cwd);
-
-    if (!isSolidity) {
-      return null;
-    }
-
-    const auditState = getAuditState();
-    return buildAuditContextBlock(auditState, skillIndex);
-  };
-}
-
-export default createSystemPromptHook;