solidity-argus 0.1.7 → 0.2.0

package/README.md

@@ -111,10 +111,105 @@ The plugin ships with **55 curated SKILL.md files** organized into 5 categories:
 
 **Sources:** Trail of Bits, Cyfrin, DeFiFoFum, kadenzipfel, SunWeb3Sec, smartbugs
 
+### Pattern Packs
+
+Pattern packs are YAML files containing collections of regular expression patterns used for vulnerability detection. These packs allow Argus to scan code for known security flaws without requiring full static analysis tools.
+
+- **Location:** `skills/patterns/`
+- **Available Packs:**
+  - `access-control.yaml` — Ownership and permission checks
+  - `erc4626.yaml` — Vault standard security patterns
+  - `flash-loan.yaml` — Flash loan attack vectors
+  - `oracle.yaml` — Price manipulation and staleness checks
+  - `proxy.yaml` — Upgradeability and initialization flaws
+  - `reentrancy.yaml` — State change and external call ordering
+  - `signature.yaml` — Malleability and replay protection
+
+#### Custom Pattern Packs
+
+You can create custom pattern packs by adding YAML files to your configured `customSkillsDir`. Each pack must follow this structure:
+
+```yaml
+pack_name: "My Custom Pack"
+pack_version: "1.0"
+patterns:
+  - name: "Insecure Transfer"
+    category: "access-control"
+    severity: "High"
+    regex: "transfer\\(msg\\.sender, .+\\)"
+    description: "Detects potentially insecure transfers to the caller"
+```
+
 **SCVD Integration:** The plugin connects to [api.scvd.dev](https://api.scvd.dev) for 7,769+ real-world audit findings. Sync with `argus_sync_knowledge` or configure `knowledge.autoSync: true`.
 
 ---
 
+## Knowledge Ingestion Contract
+
+All ingested knowledge sources must conform to a standardized metadata contract to ensure traceability, freshness, and compliance:
+
+### Required Metadata Fields
+
+Every knowledge source ingested into Argus must include:
+
+- **`source`** — Human-readable source name (e.g., "Cyfrin", "Trail of Bits", "SCVD")
+- **`url`** — Canonical URL to the source repository or API endpoint
+- **`license`** — SPDX license identifier (e.g., "MIT", "Apache-2.0", "CC0")
+- **`retrievedAt`** — ISO 8601 timestamp of when the knowledge was last fetched
+- **`hash`** — SHA-256 hash of the ingested content for integrity verification
+- **`version`** — Semantic version of the knowledge source (e.g., "1.2.3")
+- **`provenance`** — Trust tier and source verification metadata
+
+### Trust Tiers
+
+Argus classifies knowledge sources into three trust tiers:
+
+- **`bundled`** — Built-in skills and patterns. Highest trust, always available.
+- **`companion`** — Installed separately (e.g., Trail of Bits). Medium trust.
+- **`custom`** — User-provided skills in `customSkillsDir`. Lower trust, validated on load.
+
+### Freshness Policy
+
+Knowledge freshness is monitored automatically:
+
+- **SCVD local index** — Stale if not synced within 7 days. `argus doctor` will warn if stale and suggest running `argus_sync_knowledge`.
+- **Pattern packs** — Versioned via `PATTERN_PACK_VERSION` and updated on package release.
+- **Baked-in curated skills** — Updated only on package release; no automatic refresh.
+- **On-demand live sources** — Retrieved per-request; never cached locally.
+
+`argus doctor` reports the staleness of all indexed sources.
+
+### Three Operating Modes
+
+Argus supports three distinct knowledge ingestion patterns:
+
+#### 1. Baked-in Curated
+**Sources:** Cyfrin audit checklists, kadenzipfel vulnerability patterns, DeFiFoFum protocol guides
+
+- Bundled directly with the plugin package
+- Updated only on package release (via npm/bun)
+- No network calls required; instant availability
+- Example: `skills/checklists/cyfrin-defi-core.md`
+
+#### 2. On-Demand Live
+**Sources:** Solodit audit reports, SCVD real-time queries
+
+- Retrieved per-request from external APIs
+- Never cached locally; always fresh
+- Network-dependent; graceful fallback if unavailable
+- Example: `argus_solodit_search` queries Solodit's database on each call
+
+#### 3. Hybrid Indexed
+**Sources:** SCVD local index, Trail of Bits companion skills
+
+- Local index synced periodically via `argus_sync_knowledge`
+- Cached locally in `~/.cache/opencode-argus/scvd-index.json`
+- Refreshed on-demand when `knowledge.autoSync: true`
+- Trail of Bits skills git-cloned on install and updated via companion plugin
+- Example: SCVD findings indexed locally, queried without network latency
+
+---
+
 ## Configuration
 
 Create `.opencode/solidity-argus.jsonc` in your project root:
@@ -136,7 +231,8 @@ Create `.opencode/solidity-argus.jsonc` in your project root:
   "knowledge": {
     "scvd": { "enabled": true, "apiUrl": "https://api.scvd.dev" },
     "autoSync": true,
-    "customSkillsDir": "./my-custom-skills"
+    "customSkillsDir": "./my-custom-skills",
+    "skillPrecedence": "bundled-first"
   },
 
   "reporting": {
@@ -160,6 +256,67 @@ Create `.opencode/solidity-argus.jsonc` in your project root:
 
 ---
 
+## Context Delivery Architecture
+
+Argus uses a **three-channel context delivery system** to inject dynamic audit state, methodology, and knowledge into agents at runtime. Each channel serves a distinct purpose:
+
+### Decision Matrix: When to Use Each Channel
+
+| Channel | Mechanism | Use Case | Scope | Mutability |
+|---------|-----------|----------|-------|-----------|
+| **Prompt** | Static agent identity files (`src/agents/*-prompt.ts`) | Methodology, personality, tool instructions, audit framework | Agent-specific | Never changes at runtime |
+| **Hook** | `experimental.chat.system.transform` (agent-gated injection) | Audit progress, findings count, current phase, session state | Per-session | Changes every turn |
+| **Skill-load** | `argus_skill_load` tool (on-demand) | Vulnerability patterns, protocol-specific knowledge, historical exploits | On-demand | Loaded when agent requests |
+
+### Prompt Channel (Static Identity)
+
+Each of the 4 Argus agents has a static prompt file defining its role, methodology, and tool instructions:
+
+- `src/agents/argus-prompt.ts` — Orchestrator methodology (7-step audit framework)
+- `src/agents/sentinel-prompt.ts` — Static analysis & testing instructions
+- `src/agents/pythia-prompt.ts` — Vulnerability research methodology
+- `src/agents/scribe-prompt.ts` — Report generation format and structure
+
+These prompts **never change at runtime** and establish the agent's core identity and decision-making framework.
+
+### Hook Channel (Dynamic State Injection)
+
+The `experimental.chat.system.transform` hook injects dynamic audit state into the system context on every turn. This includes:
+
+- Current audit phase (Reconnaissance, Automated Scanning, etc.)
+- Findings discovered so far (count, severity distribution)
+- Tools executed and their results
+- Session-specific audit state (contract under review, scope, etc.)
+
+**Critical Rule:** This hook is **Argus-family gated**. Only agents in `{argus, sentinel, pythia, scribe}` receive injected context. All other agents receive `undefined` (no injection).
+
+**Session→Agent Mapping Pattern:**
+1. `chat.params` hook captures `(sessionID, agentName)` pairs during each turn
+2. `system.transform` hook looks up the agent by sessionID
+3. If agent is in the Argus family, inject audit state; otherwise, return `undefined`
+
+This prevents context pollution and ensures non-audit agents operate independently.
+
+### Skill-Load Channel (On-Demand Knowledge)
+
+Agents load specialized knowledge on-demand via the `argus_skill_load` tool:
+
+- **Vulnerability Patterns** — 38 SKILL.md files covering reentrancy, oracle manipulation, flash loans, etc.
+- **Protocol Patterns** — 5 files for AMM/DEX, bridges, governance, lending, staking
+- **Methodology** — 3 files for audit workflow, report templates, severity classification
+- **Checklists** — 6 Cyfrin audit checklists
+- **References** — 2 files for exploit index and vulnerable contract examples
+
+This channel is **lazy-loaded** — agents request skills only when needed, reducing context overhead.
+
+### Implementation Notes
+
+- **Phase 1 (Current):** `system.transform` is `undefined` (line 84 in `src/create-hooks.ts`). Agent-gated injection will replace this in Phase 2.
+- **Global transforms forbidden:** No global system context injection unless agent-gated and minimal. Prevents context window overflow.
+- **Audit state persistence:** State is saved to `.opencode/argus-state.json` and restored on session restart (see `Persistent Audit State` section).
+
+---
+
 ## New in v2: Modular Architecture
 
 This release restructures solidity-argus into a modular factory-based architecture with several new infrastructure features:
@@ -175,6 +332,9 @@ argus doctor
 # Generate a starter .opencode/solidity-argus.jsonc config
 argus init
 
+# Validate SKILL.md files against schema
+argus lint-skills
+
 # Install optional dependencies (Slither, Foundry)
 argus install
 ```

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "solidity-argus",
-  "version": "0.1.7",
+  "version": "0.2.0",
   "description": "Solidity smart contract security auditing plugin for OpenCode — 4 specialized agents, 8 tools, and a curated vulnerability knowledge base",
   "keywords": ["solidity", "security", "audit", "opencode", "plugin", "smart-contract", "ethereum", "defi", "slither", "foundry"],
   "author": "Apegurus",
@@ -26,6 +26,7 @@
     "init": "bun src/cli/index.ts init"
   },
   "dependencies": {
+    "yaml": "^2.8.2",
     "zod": "^4.3.6"
   },
   "peerDependencies": {
@@ -40,5 +41,7 @@
     "type": "git",
     "url": "https://github.com/Apegurus/solidity-argus"
   },
-  "engines": { "bun": ">=1.0.0" }
+  "engines": {
+    "bun": ">=1.0.0"
+  }
 }

package/skills/README.md

@@ -21,6 +21,12 @@ OpenCode Skills System
 
 ## Source Attribution
 
+All sources in the table below must include the following metadata in their SKILL.md frontmatter or index entry:
+- **Source name** — Human-readable identifier (e.g., "Cyfrin", "Trail of Bits")
+- **URL** — Canonical link to the source repository or API endpoint
+- **License identifier** — SPDX license code (e.g., "MIT", "Apache-2.0", "CC0")
+- **Last-verified date** — ISO 8601 timestamp of when the source was last checked for updates
+
 | Source | License | URL | What Was Imported |
 |--------|---------|-----|-------------------|
 | DeFiFoFum/fofum-solidity-skills | MIT | https://github.com/DeFiFoFum/fofum-solidity-skills | 15 SKILL.md files: methodology, vulnerability patterns, protocol patterns |
@@ -38,6 +44,16 @@ Contributors can add custom skills using this format:
 ---
 name: topic-name          # Must match parent directory name
 description: One sentence description (1-1024 chars)
+version: 1.0.0            # Optional semver
+category: vulnerability-pattern # methodology, protocol-pattern, checklist, reference
+provenance:
+  source: "Author Name"
+  license: "MIT"
+  lastVerified: "2024-01-01"
+detection_rules:
+  - regex: "pattern here"
+    severity: "High"
+    description: "What this detects"
 ---
 <!-- Source: Author/repo (License) -->
 
@@ -51,6 +67,53 @@ description: One sentence description (1-1024 chars)
 
 To add your own skills, use the `knowledge.customSkillsDir` configuration option in your `opencode-argus.jsonc` file. Point this to a directory containing your custom `SKILL.md` files organized into subdirectories.
 
+### Skill Overrides
+
+By default, built-in skills take priority. You can change this behavior using the `skillPrecedence` option:
+
+```jsonc
+"knowledge": {
+  "skillPrecedence": "custom-first"
+}
+```
+
+When set to `custom-first`, skills in your `customSkillsDir` will override built-in skills with the same name. All custom skills must have valid frontmatter with at least `name` and `description` fields.
+
+## Pattern Pack Authoring
+
+Pattern packs are YAML files that define collections of regex-based vulnerability detectors.
+
+### Structure
+
+```yaml
+pack_name: "My Security Pack"
+pack_version: "1.1"
+patterns:
+  - name: "Unprotected Selfdestruct"
+    category: "access-control"
+    severity: "Critical"
+    regex: "selfdestruct\\("
+    description: "Detects use of selfdestruct which may be unprotected"
+    swc: "SWC-106"
+```
+
+### Available Categories
+
+- `reentrancy`
+- `oracle-manipulation`
+- `flash-loan`
+- `access-control`
+- `erc4626`
+- `proxy`
+- `signature`
+- `dos`
+- `front-running`
+- `governance`
+- `token-standard`
+- `gas-optimization`
+- `logic-error`
+- `delegatecall`
+
 ## Inventory
 
 See [INVENTORY.md](./INVENTORY.md) for a complete listing of all 55 SKILL.md files currently bundled with Argus.

package/skills/checklists/cyfrin-defi-core/SKILL.md

@@ -1,6 +1,9 @@
 ---
 name: cyfrin-defi-core
 description: Cyfrin DeFi checklist covering attacker mindset and protocol-level DeFi primitives
+source_url: https://github.com/Cyfrin/audit-checklist
+source_license: unspecified
+imported_at: "2025-01-15T00:00:00Z"
 ---
 <!-- Source: Cyfrin/audit-checklist -->
 <!-- Auto-generated from https://github.com/Cyfrin/audit-checklist -->

package/skills/manifests/cyfrin.json

@@ -0,0 +1,16 @@
+{
+  "name": "cyfrin",
+  "mode": "baked-in",
+  "url": "https://github.com/Cyfrin/audit-checklist",
+  "license": "unspecified",
+  "updateCadence": "per-release",
+  "lastVerified": "2026-02-19",
+  "files": [
+    "checklists/cyfrin-best-practices-runtime/SKILL.md",
+    "checklists/cyfrin-best-practices-upgrades/SKILL.md",
+    "checklists/cyfrin-defi-core/SKILL.md",
+    "checklists/cyfrin-defi-integrations/SKILL.md",
+    "checklists/cyfrin-gas/SKILL.md",
+    "checklists/general-audit/SKILL.md"
+  ]
+}

package/skills/manifests/defifofum.json

@@ -0,0 +1,25 @@
+{
+  "name": "defifofum",
+  "mode": "baked-in",
+  "url": "https://github.com/DeFiFoFum/fofum-solidity-skills",
+  "license": "MIT",
+  "updateCadence": "per-release",
+  "lastVerified": "2026-02-19",
+  "files": [
+    "vulnerability-patterns/access-control/SKILL.md",
+    "vulnerability-patterns/flash-loan-attacks/SKILL.md",
+    "vulnerability-patterns/logic-errors/SKILL.md",
+    "vulnerability-patterns/oracle-manipulation/SKILL.md",
+    "vulnerability-patterns/reentrancy/SKILL.md",
+    "vulnerability-patterns/weird-tokens/SKILL.md",
+    "methodology/audit-workflow/SKILL.md",
+    "methodology/report-template/SKILL.md",
+    "methodology/severity-classification/SKILL.md",
+    "protocol-patterns/amm-dex/SKILL.md",
+    "protocol-patterns/bridges-cross-chain/SKILL.md",
+    "protocol-patterns/dao-governance/SKILL.md",
+    "protocol-patterns/lending-borrowing/SKILL.md",
+    "protocol-patterns/staking-vesting/SKILL.md",
+    "checklists/general-audit/SKILL.md"
+  ]
+}

package/skills/manifests/kadenzipfel.json

@@ -0,0 +1,48 @@
+{
+  "name": "kadenzipfel",
+  "mode": "baked-in",
+  "url": "https://github.com/kadenzipfel/smart-contract-vulnerabilities",
+  "license": "MIT",
+  "updateCadence": "per-release",
+  "lastVerified": "2026-02-19",
+  "files": [
+    "vulnerability-patterns/access-control/SKILL.md",
+    "vulnerability-patterns/arbitrary-storage-location/SKILL.md",
+    "vulnerability-patterns/assert-violation/SKILL.md",
+    "vulnerability-patterns/asserting-contract-from-code-size/SKILL.md",
+    "vulnerability-patterns/authorization-txorigin/SKILL.md",
+    "vulnerability-patterns/default-visibility/SKILL.md",
+    "vulnerability-patterns/delegatecall-untrusted-callee/SKILL.md",
+    "vulnerability-patterns/dos-gas-limit/SKILL.md",
+    "vulnerability-patterns/dos-revert/SKILL.md",
+    "vulnerability-patterns/flash-loan-attacks/SKILL.md",
+    "vulnerability-patterns/floating-pragma/SKILL.md",
+    "vulnerability-patterns/hash-collision/SKILL.md",
+    "vulnerability-patterns/inadherence-to-standards/SKILL.md",
+    "vulnerability-patterns/incorrect-constructor/SKILL.md",
+    "vulnerability-patterns/incorrect-inheritance-order/SKILL.md",
+    "vulnerability-patterns/insufficient-gas-griefing/SKILL.md",
+    "vulnerability-patterns/lack-of-precision/SKILL.md",
+    "vulnerability-patterns/logic-errors/SKILL.md",
+    "vulnerability-patterns/missing-protection-signature-replay/SKILL.md",
+    "vulnerability-patterns/msgvalue-loop/SKILL.md",
+    "vulnerability-patterns/off-by-one/SKILL.md",
+    "vulnerability-patterns/oracle-manipulation/SKILL.md",
+    "vulnerability-patterns/outdated-compiler-version/SKILL.md",
+    "vulnerability-patterns/overflow-underflow/SKILL.md",
+    "vulnerability-patterns/reentrancy/SKILL.md",
+    "vulnerability-patterns/shadowing-state-variables/SKILL.md",
+    "vulnerability-patterns/signature-malleability/SKILL.md",
+    "vulnerability-patterns/unbounded-return-data/SKILL.md",
+    "vulnerability-patterns/unchecked-return-values/SKILL.md",
+    "vulnerability-patterns/unencrypted-private-data-on-chain/SKILL.md",
+    "vulnerability-patterns/unexpected-ecrecover-null-address/SKILL.md",
+    "vulnerability-patterns/uninitialized-storage-pointer/SKILL.md",
+    "vulnerability-patterns/unsafe-low-level-call/SKILL.md",
+    "vulnerability-patterns/unsecure-signatures/SKILL.md",
+    "vulnerability-patterns/unsupported-opcodes/SKILL.md",
+    "vulnerability-patterns/unused-variables/SKILL.md",
+    "vulnerability-patterns/use-of-deprecated-functions/SKILL.md",
+    "vulnerability-patterns/weak-sources-randomness/SKILL.md"
+  ]
+}

package/skills/manifests/scvd.json

@@ -0,0 +1,9 @@
+{
+  "name": "scvd",
+  "mode": "hybrid",
+  "url": "https://api.scvd.dev",
+  "license": "CC0",
+  "updateCadence": "on-sync",
+  "lastVerified": "2026-02-19",
+  "files": []
+}

package/skills/manifests/smartbugs.json

@@ -0,0 +1,11 @@
+{
+  "name": "smartbugs",
+  "mode": "baked-in",
+  "url": "https://github.com/smartbugs/smartbugs-curated",
+  "license": "Apache-2.0",
+  "updateCadence": "per-release",
+  "lastVerified": "2026-02-19",
+  "files": [
+    "references/smartbugs-examples/SKILL.md"
+  ]
+}

package/skills/manifests/solodit.json

@@ -0,0 +1,9 @@
+{
+  "name": "solodit",
+  "mode": "on-demand",
+  "url": "https://solodit.xyz",
+  "license": "varies",
+  "updateCadence": "per-request",
+  "lastVerified": "2026-02-19",
+  "files": []
+}

package/skills/manifests/sunweb3sec.json

@@ -0,0 +1,11 @@
+{
+  "name": "sunweb3sec",
+  "mode": "baked-in",
+  "url": "https://github.com/SunWeb3Sec/DeFiHackLabs",
+  "license": "reference-only",
+  "updateCadence": "per-release",
+  "lastVerified": "2026-02-19",
+  "files": [
+    "references/exploit-reference/SKILL.md"
+  ]
+}

package/skills/manifests/trailofbits.json

@@ -0,0 +1,9 @@
+{
+  "name": "trailofbits",
+  "mode": "hybrid",
+  "url": "https://github.com/trailofbits/solidity-security-research",
+  "license": "varies",
+  "updateCadence": "on-install",
+  "lastVerified": "2026-02-19",
+  "files": []
+}

package/skills/methodology/audit-workflow/SKILL.md

@@ -1,6 +1,9 @@
 ---
 name: audit-workflow
 description: Five-phase Solidity audit workflow covering recon, static analysis, manual review, verification, and reporting.
+source_url: https://github.com/DeFiFoFum/fofum-solidity-skills
+source_license: MIT
+imported_at: "2025-01-15T00:00:00Z"
 ---
 <!-- Source: DeFiFoFum/fofum-solidity-skills (MIT) -->
 

package/skills/patterns/access-control.yaml

@@ -0,0 +1,31 @@
+pack_name: access-control
+pack_version: "1.0"
+patterns:
+  - name: missing-access-modifier
+    category: access-control
+    severity: High
+    swc: SWC-105
+    confidence: Low
+    version: "1.0"
+    regex: 'function\s+\w+\s*\([^)]*\)\s+(external|public)'
+    description: External or public function — verify appropriate access control modifiers (onlyOwner, onlyRole, require(msg.sender)) are applied
+    remediation: Add access control modifiers to sensitive functions; use OpenZeppelin AccessControl or Ownable patterns
+
+  - name: unprotected-initialize
+    category: access-control
+    severity: Critical
+    confidence: High
+    version: "1.0"
+    regex: 'function\s+initialize'
+    description: Initializer function detected — if missing initializer modifier, anyone can call and take ownership of the contract
+    remediation: Use OpenZeppelin Initializable with initializer modifier; call _disableInitializers() in constructor for implementation contracts
+
+  - name: default-visibility
+    category: access-control
+    severity: Medium
+    swc: SWC-100
+    confidence: Low
+    version: "1.0"
+    regex: 'function\s+\w+\s*\([^)]*\)\s*\{'
+    description: Function without explicit visibility specifier — defaults to public in older Solidity versions, potentially exposing internal logic
+    remediation: Always specify visibility (external, public, internal, private) explicitly for every function

package/skills/patterns/erc4626.yaml

@@ -0,0 +1,29 @@
+pack_name: erc4626
+pack_version: "1.0"
+patterns:
+  - name: inflation-attack
+    category: erc4626
+    severity: Critical
+    confidence: High
+    version: "1.0"
+    regex: 'deposit.*totalSupply.*==.*0|convertToShares.*totalSupply'
+    description: ERC-4626 vault first-depositor inflation attack — attacker can donate assets to vault before first deposit to manipulate share price and steal subsequent deposits
+    remediation: Mint dead shares on first deposit (e.g., 10**3 to address(0)); use virtual offset in share calculation; set minimum deposit amount
+
+  - name: donation-attack
+    category: erc4626
+    severity: High
+    confidence: Medium
+    version: "1.0"
+    regex: 'balanceOf.*address.*this.*totalAssets|asset\.balanceOf'
+    description: Vault totalAssets derived from balanceOf — vulnerable to donation attack where attacker sends assets directly to inflate share price
+    remediation: Use internal accounting for totalAssets instead of balanceOf; track deposits and withdrawals explicitly
+
+  - name: rounding-error
+    category: erc4626
+    severity: Medium
+    confidence: Medium
+    version: "1.0"
+    regex: 'mulDiv|roundUp|roundDown|FullMath'
+    description: Custom rounding math in vault share calculations — potential rounding errors that favor attacker (round down on deposit, round up on withdraw)
+    remediation: Round against the user (down on deposit/mint, up on withdraw/redeem); use OpenZeppelin Math.mulDiv with explicit rounding direction

package/skills/patterns/flash-loan.yaml

@@ -0,0 +1,20 @@
+pack_name: flash-loan
+pack_version: "1.0"
+patterns:
+  - name: unchecked-flash-return
+    category: flash-loan
+    severity: High
+    confidence: Medium
+    version: "1.0"
+    regex: 'flashLoan|flashBorrow'
+    description: Flash loan invocation without verified return — borrowed funds may not be repaid if return value is not checked
+    remediation: Verify flash loan callback returns expected success value; check token balance after repayment; use established flash loan receiver interfaces
+
+  - name: balance-inflation
+    category: flash-loan
+    severity: Medium
+    confidence: Medium
+    version: "1.0"
+    regex: 'balanceOf\(address\(this\)\)'
+    description: Contract reads its own token balance — vulnerable to donation/inflation attacks where attacker sends tokens directly to manipulate balance-dependent logic
+    remediation: Track balances via internal accounting instead of balanceOf(address(this)); use shares-based accounting for vaults

package/skills/patterns/oracle.yaml

@@ -0,0 +1,30 @@
+pack_name: oracle-manipulation
+pack_version: "1.0"
+patterns:
+  - name: stale-price-check
+    category: oracle-manipulation
+    severity: High
+    swc: SWC-120
+    confidence: High
+    version: "1.0"
+    regex: 'latestRoundData|getPrice'
+    description: Oracle price feed usage — verify staleness checks (updatedAt, roundId) are enforced to prevent using outdated prices
+    remediation: Add require(updatedAt > block.timestamp - MAX_STALENESS) after latestRoundData calls; check answeredInRound >= roundId
+
+  - name: twap-manipulation
+    category: oracle-manipulation
+    severity: Medium
+    confidence: Medium
+    version: "1.0"
+    regex: 'observe\(|consult\('
+    description: TWAP oracle usage — time-weighted average prices can be manipulated via sustained trading pressure within the observation window
+    remediation: Use sufficiently long TWAP windows (30+ minutes); combine with spot price deviation checks; add circuit breakers
+
+  - name: price-feed-decimals
+    category: oracle-manipulation
+    severity: Medium
+    confidence: Medium
+    version: "1.0"
+    regex: 'priceFeed|oracle.*decimals'
+    description: Oracle price feed with decimal handling — potential decimal mismatch between oracle feed (8 decimals) and token (18 decimals)
+    remediation: Normalize oracle response to consistent decimals; use oracle.decimals() dynamically rather than hardcoded values

package/skills/patterns/proxy.yaml

@@ -0,0 +1,30 @@
+pack_name: proxy
+pack_version: "1.0"
+patterns:
+  - name: storage-collision
+    category: proxy
+    severity: Critical
+    swc: SWC-112
+    confidence: Medium
+    version: "1.0"
+    regex: 'delegatecall|IMPLEMENTATION_SLOT'
+    description: Delegatecall or implementation slot usage — potential storage collision between proxy and implementation contracts if storage layouts diverge
+    remediation: Use EIP-1967 standard storage slots; use OpenZeppelin TransparentUpgradeableProxy or UUPS; verify storage layout compatibility on upgrades
+
+  - name: uninitialized-proxy
+    category: proxy
+    severity: High
+    confidence: Medium
+    version: "1.0"
+    regex: '_disableInitializers|initializer'
+    description: Proxy initialization pattern detected — verify implementation contract calls _disableInitializers() in constructor and proxy calls initialize()
+    remediation: Call _disableInitializers() in implementation constructor; ensure initialize() is called atomically during proxy deployment
+
+  - name: selector-clash
+    category: proxy
+    severity: Medium
+    confidence: Low
+    version: "1.0"
+    regex: 'fallback\(\)|receive\(\).*delegatecall'
+    description: Fallback or receive function with delegatecall — risk of function selector clash between proxy admin functions and implementation functions
+    remediation: Use TransparentUpgradeableProxy pattern to separate admin and user call paths; verify no selector collisions with implementation ABI

package/skills/patterns/reentrancy.yaml

@@ -0,0 +1,30 @@
+pack_name: reentrancy
+pack_version: "1.0"
+patterns:
+  - name: reentrancy-eth-transfer
+    category: reentrancy
+    severity: High
+    swc: SWC-107
+    confidence: High
+    version: "1.0"
+    regex: '\.call\{value:'
+    description: ETH transfer via low-level call — classic reentrancy vector where external call is made before state updates
+    remediation: Apply checks-effects-interactions pattern; use ReentrancyGuard; update state before external calls
+
+  - name: reentrancy-erc20
+    category: reentrancy
+    severity: Medium
+    confidence: Medium
+    version: "1.0"
+    regex: '\.(transfer|transferFrom)\('
+    description: ERC-20 token transfer that may precede state changes — potential reentrancy via token callback hooks (ERC-777, ERC-1155)
+    remediation: Update state variables before token transfers; use ReentrancyGuard for functions with external token interactions
+
+  - name: cross-function-reentrancy
+    category: reentrancy
+    severity: High
+    confidence: Low
+    version: "1.0"
+    regex: '(external|public)\s.*\{[^}]*\.call'
+    description: Public or external function containing a low-level call — potential cross-function reentrancy if shared state is read by other functions
+    remediation: Use ReentrancyGuard on all functions sharing mutable state; apply checks-effects-interactions across the contract