npm - solidity-argus - Versions diffs - 0.1.8 → 0.3.0 - Mend

solidity-argus 0.1.8 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (178) hide show

package/AGENTS.md +3 -3
package/README.md +229 -13
package/package.json +37 -8
package/skills/INVENTORY.md +88 -57
package/skills/README.md +72 -6
package/skills/case-studies/beanstalk-governance/SKILL.md +52 -0
package/skills/case-studies/bzx-flash-loan/SKILL.md +53 -0
package/skills/case-studies/cream-finance/SKILL.md +52 -0
package/skills/case-studies/curve-reentrancy/SKILL.md +52 -0
package/skills/case-studies/dao-hack/SKILL.md +51 -0
package/skills/case-studies/euler-finance/SKILL.md +52 -0
package/skills/case-studies/harvest-finance/SKILL.md +52 -0
package/skills/case-studies/level-finance/SKILL.md +51 -0
package/skills/case-studies/mango-markets/SKILL.md +53 -0
package/skills/case-studies/nomad-bridge/SKILL.md +51 -0
package/skills/case-studies/parity-multisig/SKILL.md +55 -0
package/skills/case-studies/poly-network/SKILL.md +51 -0
package/skills/case-studies/rari-fuse/SKILL.md +51 -0
package/skills/case-studies/ronin-bridge/SKILL.md +52 -0
package/skills/case-studies/wormhole-bridge/SKILL.md +51 -0
package/skills/checklists/cyfrin-defi-core/SKILL.md +3 -0
package/skills/manifests/cyfrin.json +16 -0
package/skills/manifests/defifofum.json +25 -0
package/skills/manifests/kadenzipfel.json +48 -0
package/skills/manifests/scvd.json +9 -0
package/skills/manifests/smartbugs.json +9 -0
package/skills/manifests/solodit.json +9 -0
package/skills/manifests/sunweb3sec.json +9 -0
package/skills/manifests/trailofbits.json +9 -0
package/skills/methodology/audit-workflow/SKILL.md +3 -0
package/skills/protocol-patterns/amm-dex/SKILL.md +3 -0
package/skills/references/exploit-reference/SKILL.md +3 -0
package/skills/vulnerability-patterns/access-control/SKILL.md +27 -0
package/skills/vulnerability-patterns/arbitrary-storage-location/SKILL.md +13 -1
package/skills/vulnerability-patterns/assert-violation/SKILL.md +8 -1
package/skills/vulnerability-patterns/asserting-contract-from-code-size/SKILL.md +12 -1
package/skills/vulnerability-patterns/authorization-txorigin/SKILL.md +8 -1
package/skills/vulnerability-patterns/cross-chain-bridge-vulnerabilities/SKILL.md +217 -0
package/skills/vulnerability-patterns/default-visibility/SKILL.md +13 -1
package/skills/vulnerability-patterns/delegatecall-untrusted-callee/SKILL.md +8 -1
package/skills/vulnerability-patterns/dos-gas-limit/SKILL.md +8 -1
package/skills/vulnerability-patterns/dos-revert/SKILL.md +14 -1
package/skills/vulnerability-patterns/erc4626-exchange-rate-manipulation/SKILL.md +64 -0
package/skills/vulnerability-patterns/fee-on-transfer-tokens/SKILL.md +93 -0
package/skills/vulnerability-patterns/flash-loan-attacks/SKILL.md +13 -0
package/skills/vulnerability-patterns/floating-pragma/SKILL.md +8 -1
package/skills/vulnerability-patterns/front-running-attacks/SKILL.md +209 -0
package/skills/vulnerability-patterns/gas-optimization-patterns/SKILL.md +203 -0
package/skills/vulnerability-patterns/governance-attacks/SKILL.md +208 -0
package/skills/vulnerability-patterns/hash-collision/SKILL.md +8 -1
package/skills/vulnerability-patterns/inadherence-to-standards/SKILL.md +12 -1
package/skills/vulnerability-patterns/incorrect-constructor/SKILL.md +8 -1
package/skills/vulnerability-patterns/incorrect-inheritance-order/SKILL.md +8 -1
package/skills/vulnerability-patterns/insufficient-gas-griefing/SKILL.md +12 -1
package/skills/vulnerability-patterns/lack-of-precision/SKILL.md +7 -1
package/skills/vulnerability-patterns/logic-errors/SKILL.md +10 -0
package/skills/vulnerability-patterns/missing-parameter-bounds/SKILL.md +44 -0
package/skills/vulnerability-patterns/missing-protection-signature-replay/SKILL.md +17 -1
package/skills/vulnerability-patterns/msgvalue-loop/SKILL.md +12 -1
package/skills/vulnerability-patterns/off-by-one/SKILL.md +7 -1
package/skills/vulnerability-patterns/oracle-manipulation/SKILL.md +22 -0
package/skills/vulnerability-patterns/outdated-compiler-version/SKILL.md +8 -1
package/skills/vulnerability-patterns/overflow-underflow/SKILL.md +11 -1
package/skills/vulnerability-patterns/proxy-vulnerabilities/SKILL.md +209 -0
package/skills/vulnerability-patterns/reentrancy/SKILL.md +22 -0
package/skills/vulnerability-patterns/shadowing-state-variables/SKILL.md +8 -1
package/skills/vulnerability-patterns/share-accounting-desynchronization/SKILL.md +44 -0
package/skills/vulnerability-patterns/signature-malleability/SKILL.md +11 -1
package/skills/vulnerability-patterns/stateful-parameter-update-drift/SKILL.md +44 -0
package/skills/vulnerability-patterns/unbounded-return-data/SKILL.md +12 -1
package/skills/vulnerability-patterns/unchecked-return-values/SKILL.md +13 -1
package/skills/vulnerability-patterns/unencrypted-private-data-on-chain/SKILL.md +8 -1
package/skills/vulnerability-patterns/unexpected-ecrecover-null-address/SKILL.md +8 -1
package/skills/vulnerability-patterns/uninitialized-storage-pointer/SKILL.md +8 -1
package/skills/vulnerability-patterns/unsafe-erc20-transfers/SKILL.md +132 -0
package/skills/vulnerability-patterns/unsafe-low-level-call/SKILL.md +12 -1
package/skills/vulnerability-patterns/unsecure-signatures/SKILL.md +12 -1
package/skills/vulnerability-patterns/unsupported-opcodes/SKILL.md +11 -1
package/skills/vulnerability-patterns/unused-variables/SKILL.md +8 -1
package/skills/vulnerability-patterns/use-of-deprecated-functions/SKILL.md +8 -1
package/skills/vulnerability-patterns/weak-sources-randomness/SKILL.md +8 -1
package/skills/vulnerability-patterns/weird-tokens/SKILL.md +10 -0
package/skills/vulnerability-patterns/zero-address-misconfiguration/SKILL.md +48 -0
package/src/agents/argus-prompt.ts +27 -10
package/src/agents/pythia-prompt.ts +7 -8
package/src/agents/scribe-prompt.ts +10 -5
package/src/agents/sentinel-prompt.ts +36 -7
package/src/cli/cli-output.ts +16 -0
package/src/cli/cli-program.ts +29 -22
package/src/cli/commands/check-skills.ts +135 -0
package/src/cli/commands/doctor.ts +303 -23
package/src/cli/commands/init.ts +8 -6
package/src/cli/commands/install.ts +10 -8
package/src/cli/commands/lint-skills.ts +118 -0
package/src/cli/index.ts +5 -5
package/src/cli/tui-prompts.ts +4 -2
package/src/cli/types.ts +3 -3
package/src/config/index.ts +1 -1
package/src/config/loader.ts +4 -6
package/src/config/schema.ts +6 -5
package/src/config/types.ts +2 -2
package/src/constants/defaults.ts +2 -0
package/src/create-hooks.ts +225 -29
package/src/create-managers.ts +10 -8
package/src/create-tools.ts +14 -8
package/src/features/background-agent/background-manager.ts +93 -87
package/src/features/background-agent/index.ts +1 -1
package/src/features/context-monitor/context-monitor.ts +3 -3
package/src/features/context-monitor/index.ts +2 -2
package/src/features/error-recovery/session-recovery.ts +2 -4
package/src/features/error-recovery/tool-error-recovery.ts +79 -19
package/src/features/index.ts +5 -5
package/src/features/persistent-state/audit-state-manager.ts +158 -52
package/src/features/persistent-state/global-run-index.ts +38 -0
package/src/features/persistent-state/index.ts +1 -1
package/src/features/persistent-state/run-journal.ts +86 -0
package/src/hooks/agent-tracker.ts +53 -0
package/src/hooks/compaction-hook.ts +46 -37
package/src/hooks/config-handler.ts +31 -11
package/src/hooks/context-budget.ts +42 -0
package/src/hooks/event-hook.ts +48 -23
package/src/hooks/hook-system.ts +4 -4
package/src/hooks/index.ts +5 -5
package/src/hooks/knowledge-sync-hook.ts +19 -21
package/src/hooks/recon-context-builder.ts +66 -0
package/src/hooks/safe-create-hook.ts +9 -11
package/src/hooks/system-prompt-hook.ts +128 -0
package/src/hooks/tool-tracking-hook.ts +162 -29
package/src/hooks/types.ts +2 -1
package/src/index.ts +23 -13
package/src/knowledge/retry.ts +53 -0
package/src/knowledge/scvd-client.ts +103 -83
package/src/knowledge/scvd-errors.ts +89 -0
package/src/knowledge/scvd-index.ts +110 -62
package/src/knowledge/scvd-sync.ts +223 -47
package/src/knowledge/source-manifest.ts +102 -0
package/src/managers/index.ts +1 -1
package/src/managers/types.ts +19 -14
package/src/plugin-interface.ts +19 -8
package/src/shared/binary-utils.ts +44 -34
package/src/shared/deep-merge.ts +55 -36
package/src/shared/file-utils.ts +21 -19
package/src/shared/index.ts +11 -5
package/src/shared/jsonc-parser.ts +123 -28
package/src/shared/logger.ts +91 -17
package/src/shared/project-utils.ts +30 -0
package/src/skills/analysis/cluster.ts +414 -0
package/src/skills/analysis/gates.ts +227 -0
package/src/skills/analysis/index.ts +33 -0
package/src/skills/analysis/normalize.ts +217 -0
package/src/skills/analysis/similarity.ts +224 -0
package/src/skills/argus-skill-resolver.ts +237 -0
package/src/skills/skill-schema.ts +99 -0
package/src/solodit-lifecycle.ts +202 -0
package/src/state/audit-state.ts +10 -8
package/src/state/finding-store.ts +68 -55
package/src/state/types.ts +96 -44
package/src/tools/argus-skill-load-tool.ts +78 -0
package/src/tools/contract-analyzer-tool.ts +60 -77
package/src/tools/forge-coverage-tool.ts +226 -0
package/src/tools/forge-fuzz-tool.ts +127 -127
package/src/tools/forge-test-tool.ts +153 -157
package/src/tools/gas-analysis-tool.ts +264 -0
package/src/tools/pattern-checker-tool.ts +206 -167
package/src/tools/pattern-loader.ts +77 -0
package/src/tools/pattern-schema.ts +51 -0
package/src/tools/proxy-detection-tool.ts +224 -0
package/src/tools/report-generator-tool.ts +333 -142
package/src/tools/slither-tool.ts +300 -210
package/src/tools/solodit-search-tool.ts +255 -80
package/src/tools/sync-knowledge-tool.ts +7 -11
package/src/utils/audit-artifact-detector.ts +118 -0
package/src/utils/dependency-scanner.ts +93 -0
package/src/utils/project-detector.ts +175 -86
package/src/utils/solidity-parser.ts +112 -67
package/src/utils/solodit-health.ts +29 -0
package/src/hooks/event-hook-v2.ts +0 -99
package/src/state/plugin-state.ts +0 -14

package/src/hooks/context-budget.ts ADDED Viewed

@@ -0,0 +1,42 @@
+/**
+ * Context budget allocation for Argus agents.
+ *
+ * Provides per-agent token budgets for system-prompt injection sizing.
+ * Under context pressure (>70%), budgets are reduced by 50% to prevent
+ * context window overflow during long audits.
+ *
+ * Decoupled from system-prompt-hook.ts — consumed by the hook when available.
+ */
+const ARGUS_BUDGET = 2000
+const SUBAGENT_BUDGET = 1000
+const PRESSURE_THRESHOLD = 0.7
+const PRESSURE_REDUCTION = 0.5
+const ARGUS_AGENTS = new Set(["argus"])
+const SUBAGENTS = new Set(["sentinel", "pythia", "scribe"])
+/**
+ * Returns the token budget for a given agent, adjusted for context pressure.
+ *
+ * @param agent - Agent name (e.g. "argus", "sentinel", "pythia", "scribe")
+ * @param contextPressure - Current context usage ratio (0.0–1.0), from ContextMonitor
+ * @returns Token budget in tokens. 0 for non-Argus agents.
+ */
+export function getTokenBudgetForAgent(agent: string, contextPressure: number = 0): number {
+  let budget: number
+  if (ARGUS_AGENTS.has(agent)) {
+    budget = ARGUS_BUDGET
+  } else if (SUBAGENTS.has(agent)) {
+    budget = SUBAGENT_BUDGET
+  } else {
+    return 0
+  }
+  if (contextPressure > PRESSURE_THRESHOLD) {
+    budget = Math.floor(budget * PRESSURE_REDUCTION)
+  }
+  return budget
+}

package/src/hooks/event-hook.ts CHANGED Viewed

@@ -1,32 +1,45 @@
-import type { AuditState } from "../state/types"
+import { createLogger } from "../shared/logger"
 import { createAuditState } from "../state/audit-state"
+import type { AuditState } from "../state/types"
+export type AuditEventType =
+  | "session.created"
+  | "session.idle"
+  | "session.error"
+  | "session.deleted"
+  | "audit.phase-changed"
+  | "audit.finding-added"
+  | "audit.complete"
 export type EventHookFn = (input: {
-  event: { type: string; sessionId?: string }
+  event: { type: string; sessionId?: string; properties?: Record<string, unknown> }
+}) => Promise<void>
+export type EventSubHandler = (event: {
+  type: string
+  sessionId?: string
+  auditState: AuditState | null
+  setAuditState: (state: AuditState | null) => void
 }) => Promise<void>
-/**
- * Creates a session lifecycle event hook that manages audit state.
- *
- * Returns the hook function plus accessors for reading/writing the
- * closure-held audit state. Other hooks (compaction, tool tracking,
- * system prompt) share the same state instance via these accessors.
- */
-export function createEventHook(projectDir?: string): {
+export function createEventHook(
+  projectDir?: string,
+  subHandlers: EventSubHandler[] = [],
+): {
   hook: EventHookFn
   getAuditState: () => AuditState | null
   setAuditState: (state: AuditState | null) => void
 } {
+  const logger = createLogger()
   let currentAuditState: AuditState | null = null
   const getAuditState = (): AuditState | null => currentAuditState
   const setAuditState = (state: AuditState | null): void => {
     currentAuditState = state
   }
   const hook: EventHookFn = async (input): Promise<void> => {
-    const { type } = input.event
+    const { type, sessionId } = input.event
     switch (type) {
       case "session.created": {
@@ -37,23 +50,23 @@ export function createEventHook(projectDir?: string): {
       }
       case "session.idle": {
-         if (currentAuditState) {
-           console.error(
-             `[argus-state] Session idle — phase: ${currentAuditState.currentPhase}, findings: ${currentAuditState.findings.length}, contracts: ${currentAuditState.contractsReviewed.length}`
-           )
-         }
-         break
-       }
+        if (currentAuditState) {
+          logger.debug(
+            `Session idle — phase: ${currentAuditState.currentPhase}, findings: ${currentAuditState.findings.length}`,
+          )
+        }
+        break
+      }
       case "session.error": {
         if (currentAuditState) {
-          console.error(
-            `[argus-error] Session error — state snapshot: ${JSON.stringify({
+          logger.error(
+            `Session error — state snapshot: ${JSON.stringify({
               sessionId: currentAuditState.sessionId,
               phase: currentAuditState.currentPhase,
               findingsCount: currentAuditState.findings.length,
               contractsReviewed: currentAuditState.contractsReviewed,
-            })}`
+            })}`,
           )
         }
         break
@@ -64,10 +77,22 @@ export function createEventHook(projectDir?: string): {
         break
       }
-      // Unknown events: no-op — never throw
       default:
         break
     }
+    for (const handler of subHandlers) {
+      try {
+        await handler({
+          type,
+          sessionId,
+          auditState: currentAuditState,
+          setAuditState,
+        })
+      } catch (error) {
+        logger.error(`Sub-handler failed for event ${type}:`, error)
+      }
+    }
   }
   return { hook, getAuditState, setAuditState }

package/src/hooks/hook-system.ts CHANGED Viewed

@@ -1,9 +1,9 @@
-import type { HookName } from "./types";
+import type { HookName } from "./types"
 export function createHookGuard(disabledHooks: string[]) {
-  const disabledSet = new Set(disabledHooks);
+  const disabledSet = new Set(disabledHooks)
   return function isHookEnabled(name: HookName): boolean {
-    return !disabledSet.has(name);
-  };
+    return !disabledSet.has(name)
+  }
 }

package/src/hooks/index.ts CHANGED Viewed

@@ -1,5 +1,5 @@
-export { createHookGuard } from "./hook-system";
-export { safeCreateHook } from "./safe-create-hook";
-export { createEventHookV2 } from "./event-hook-v2";
-export type { HookName } from "./types";
-export type { EventHookV2Fn, AuditEventType, EventSubHandler } from "./event-hook-v2";
+export type { AuditEventType, EventHookFn, EventSubHandler } from "./event-hook"
+export { createEventHook } from "./event-hook"
+export { createHookGuard } from "./hook-system"
+export { safeCreateHook } from "./safe-create-hook"
+export type { HookName } from "./types"

package/src/hooks/knowledge-sync-hook.ts CHANGED Viewed

@@ -1,8 +1,9 @@
 import os from "node:os"
 import path from "node:path"
-import { ScvdClient } from "../knowledge/scvd-client"
-import { syncIncremental, type SyncResult } from "../knowledge/scvd-sync"
 import type { ArgusConfig } from "../config/types"
+import { ScvdClient } from "../knowledge/scvd-client"
+import { type SyncResult, syncIncremental } from "../knowledge/scvd-sync"
+import { createLogger } from "../shared/logger"
 export type KnowledgeSyncDependencies = {
   createClient?: (apiUrl: string) => unknown
@@ -18,14 +19,14 @@ function defaultDependencies(): Required<KnowledgeSyncDependencies> {
     syncIncrementalFn: async (client: unknown, indexPath: string) =>
       syncIncremental(client as ScvdClient, indexPath),
     log: (message: string) => {
-       console.error(message)
-     },
+      createLogger().info(message)
+    },
   }
 }
 export function createKnowledgeSyncHook(
   argusConfig: ArgusConfig,
-  deps: KnowledgeSyncDependencies = {}
+  deps: KnowledgeSyncDependencies = {},
 ): () => void {
   const dependencies = { ...defaultDependencies(), ...deps }
@@ -35,23 +36,20 @@ export function createKnowledgeSyncHook(
     }
     const apiUrl = argusConfig.knowledge?.scvd?.apiUrl ?? DEFAULT_SCVD_API_URL
-    const indexPath = path.join(
-      os.homedir(),
-      ".cache",
-      "solidity-argus",
-      "scvd-index.json"
-    )
+    const indexPath = path.join(os.homedir(), ".cache", "solidity-argus", "scvd-index.json")
     Promise.resolve().then(async () => {
-       try {
-         const client = dependencies.createClient(apiUrl)
-         const result = await dependencies.syncIncrementalFn(client, indexPath)
-         if (result.newFindings > 0) {
-           dependencies.log(
-             `[argus] SCVD index updated: ${result.newFindings} new findings (total: ${result.totalIndexed})`
-           )
-         }
-       } catch (_e) { /* non-critical: sync errors are logged above */ }
-     })
+      try {
+        const client = dependencies.createClient(apiUrl)
+        const result = await dependencies.syncIncrementalFn(client, indexPath)
+        if (result.newFindings > 0) {
+          dependencies.log(
+            `[argus] SCVD index updated: ${result.newFindings} new findings (total: ${result.totalIndexed})`,
+          )
+        }
+      } catch (_e) {
+        createLogger().debug("Knowledge sync failed during auto-sync")
+      }
+    })
   }
 }

package/src/hooks/recon-context-builder.ts ADDED Viewed

@@ -0,0 +1,66 @@
+import type { AuditArtifact } from "../utils/audit-artifact-detector"
+import type { DependencyRisk } from "../utils/dependency-scanner"
+import type { ProjectConfig } from "../utils/project-detector"
+export interface ReconContext {
+  projectConfig: ProjectConfig | null
+  dependencyRisks: DependencyRisk[]
+  auditArtifacts: AuditArtifact[]
+}
+/**
+ * Builds an XML-like reconnaissance context block from project data.
+ * Returns null if no data is available (all fields empty/null).
+ *
+ * The block is injected into compaction output so Argus agents retain
+ * project intelligence across context window compressions.
+ */
+export function buildReconContextBlock(recon: ReconContext): string | null {
+  if (
+    !recon.projectConfig &&
+    recon.dependencyRisks.length === 0 &&
+    recon.auditArtifacts.length === 0
+  ) {
+    return null
+  }
+  const lines: string[] = ["<argus-recon>"]
+  if (recon.projectConfig) {
+    const frameworks: string[] = []
+    if (recon.projectConfig.hasFoundry) frameworks.push("Foundry")
+    if (recon.projectConfig.hasHardhat) frameworks.push("Hardhat")
+    if (frameworks.length > 0) {
+      lines.push(`Framework: ${frameworks.join(", ")}`)
+    }
+    if (recon.projectConfig.optimizer) {
+      lines.push(`Optimizer: runs=${recon.projectConfig.optimizer.runs}`)
+    }
+    if (recon.projectConfig.evmVersion) {
+      lines.push(`EVM Version: ${recon.projectConfig.evmVersion}`)
+    }
+    if (recon.projectConfig.isUpgradeable) {
+      lines.push(`Upgradeable: yes`)
+    }
+    if (recon.projectConfig.profiles && recon.projectConfig.profiles.length > 0) {
+      lines.push(`Profiles: ${recon.projectConfig.profiles.join(", ")}`)
+    }
+  }
+  if (recon.dependencyRisks.length > 0) {
+    lines.push("Dependency Risks:")
+    for (const risk of recon.dependencyRisks.slice(0, 5)) {
+      lines.push(`  - ${risk.package}@${risk.version}: ${risk.risk}`)
+    }
+  }
+  if (recon.auditArtifacts.length > 0) {
+    lines.push("Existing Audit Artifacts:")
+    for (const artifact of recon.auditArtifacts.slice(0, 5)) {
+      lines.push(`  - ${artifact.type}: ${artifact.path}`)
+    }
+  }
+  lines.push("</argus-recon>")
+  return lines.join("\n")
+}

package/src/hooks/safe-create-hook.ts CHANGED Viewed

@@ -1,15 +1,13 @@
-export function safeCreateHook<T>(
-  factory: () => T,
-  hookName: string
-): T | undefined {
+import { createLogger } from "../shared/logger"
+export function safeCreateHook<T>(factory: () => T, hookName: string): T | undefined {
   try {
-    return factory();
+    return factory()
   } catch (error) {
-    console.error(
-      `[argus-hook-error] Failed to create hook "${hookName}": ${
-        error instanceof Error ? error.message : String(error)
-      }`
-    );
-    return undefined;
+    const logger = createLogger()
+    logger.error(
+      `Failed to create hook "${hookName}": ${error instanceof Error ? error.message : String(error)}`,
+    )
+    return undefined
   }
 }

package/src/hooks/system-prompt-hook.ts ADDED Viewed

@@ -0,0 +1,128 @@
+import type { AuditState, FindingSeverity } from "../state/types"
+const DEFAULT_TOKEN_BUDGET = 2000
+const TOKENS_PER_CHAR = 4
+export interface SystemPromptHookDeps {
+  getAuditState: () => AuditState | null
+  getAgentForSession: (sessionID: string) => string | undefined
+  isArgusAgent: (sessionID: string) => boolean
+  getContextPressure?: (systemText: string) => number
+  getTokenBudget?: (agent: string, contextPressure: number) => number
+  getEnforcerReminder?: (state: AuditState) => string | null
+  getReconBlock?: () => string | null
+}
+const FALLBACK_DIRECTIVES: Record<string, string> = {
+  slither:
+    "DO NOT re-attempt argus_slither_analyze. Use `argus_analyze_contract` and `argus_check_patterns` instead. Note limitation in report.",
+  forge:
+    "DO NOT re-attempt argus_forge_test or argus_forge_fuzz. Verify findings via manual code tracing. Note limitation in report.",
+  solodit:
+    "DO NOT re-attempt argus_solodit_search. Use `argus_check_patterns` with local rules. Note limitation in report.",
+}
+export function buildFallbackDirectives(unavailableTools: string[]): string[] {
+  const directives: string[] = []
+  for (const tool of unavailableTools) {
+    const directive = FALLBACK_DIRECTIVES[tool]
+    if (directive) directives.push(directive)
+  }
+  return directives
+}
+export function estimateTokens(text: string): number {
+  return Math.ceil(text.length / TOKENS_PER_CHAR)
+}
+export function buildDynamicContext(
+  auditState: AuditState,
+  agent: string,
+  tokenBudget: number = DEFAULT_TOKEN_BUDGET,
+): string {
+  const severityCounts: Record<FindingSeverity, number> = {
+    Critical: 0,
+    High: 0,
+    Medium: 0,
+    Low: 0,
+    Informational: 0,
+  }
+  for (const finding of auditState.findings) {
+    severityCounts[finding.severity]++
+  }
+  const tools = auditState.toolsExecuted.map((tool) => tool.tool).join(", ") || "none"
+  const unavailable = auditState.unavailableTools ?? []
+  const lines: string[] = [
+    `<argus-context agent="${agent}">`,
+    `Phase: ${auditState.currentPhase}`,
+    `Contracts: ${auditState.contractsReviewed.length} reviewed`,
+    `Findings: Critical=${severityCounts.Critical} High=${severityCounts.High} Medium=${severityCounts.Medium} Low=${severityCounts.Low} Info=${severityCounts.Informational}`,
+    `Tools: ${tools}`,
+  ]
+  if (unavailable.length > 0) {
+    lines.push(`Unavailable: ${unavailable.join(", ")}`)
+    lines.push(...buildFallbackDirectives(unavailable))
+  }
+  lines.push("</argus-context>")
+  let summary = lines.join("\n")
+  if (estimateTokens(summary) > tokenBudget) {
+    summary = [
+      `<argus-context agent="${agent}">`,
+      `Phase: ${auditState.currentPhase} | Findings: ${auditState.findings.length} | Contracts: ${auditState.contractsReviewed.length}`,
+      "</argus-context>",
+    ].join("\n")
+  }
+  return summary
+}
+export function createSystemPromptHook(deps: SystemPromptHookDeps) {
+  return async (
+    input: { sessionID?: string; model: unknown },
+    output: { system: string[] },
+  ): Promise<void> => {
+    if (!input.sessionID) {
+      return
+    }
+    if (!deps.isArgusAgent(input.sessionID)) {
+      return
+    }
+    const auditState = deps.getAuditState()
+    if (!auditState) {
+      return
+    }
+    const agent = deps.getAgentForSession(input.sessionID)
+    if (!agent) {
+      return
+    }
+    const currentSystem = output.system.join("\n")
+    const pressure = deps.getContextPressure?.(currentSystem) ?? 0
+    const budget = deps.getTokenBudget?.(agent, pressure) ?? DEFAULT_TOKEN_BUDGET
+    output.system.push(buildDynamicContext(auditState, agent, budget))
+    if (deps.getReconBlock) {
+      const reconBlock = deps.getReconBlock()
+      if (reconBlock && estimateTokens(reconBlock) <= budget) {
+        output.system.push(reconBlock)
+      }
+    }
+    if (agent === "argus" && deps.getEnforcerReminder) {
+      const reminder = deps.getEnforcerReminder(auditState)
+      if (reminder) {
+        output.system.push(reminder)
+      }
+    }
+  }
+}