solidity-argus 0.1.8 → 0.3.0

package/src/utils/project-detector.ts

@@ -1,14 +1,25 @@
-import { existsSync } from "fs";
-import { join, resolve } from "path";
+import { existsSync } from "node:fs"
+import { join, resolve } from "node:path"
+import { type DependencyRisk, scanDependencyRisks } from "./dependency-scanner"
 
 export interface ProjectConfig {
-  type: "foundry" | "hardhat" | "mixed" | "unknown";
-  srcDir: string;
-  testDir: string;
-  solcVersion?: string;
-  remappings: string[];
-  viaIr: boolean;
-  rootDir: string;
+  type: "foundry" | "hardhat" | "mixed" | "unknown"
+  srcDir: string
+  testDir: string
+  solcVersion?: string
+  remappings: string[]
+  viaIr: boolean
+  rootDir: string
+  optimizer?: { enabled: boolean; runs?: number }
+  evmVersion?: string
+  profiles?: string[]
+  hasHardhat: boolean
+  hasFoundry: boolean
+  dependencies?: Record<string, string>
+  devDependencies?: Record<string, string>
+  isUpgradeable: boolean
+  outDir?: string
+  dependencyRisks: DependencyRisk[]
 }
 
 /**
@@ -17,50 +28,64 @@ export interface ProjectConfig {
  * @returns ProjectConfig with detected framework type and settings
  */
 export async function detectProject(dir: string): Promise<ProjectConfig> {
-  const rootDir = resolve(dir);
-  const foundryTomlPath = join(rootDir, "foundry.toml");
-  const hardhatConfigTsPath = join(rootDir, "hardhat.config.ts");
-  const hardhatConfigJsPath = join(rootDir, "hardhat.config.js");
+  const rootDir = resolve(dir)
+  const foundryTomlPath = join(rootDir, "foundry.toml")
+  const hardhatConfigTsPath = join(rootDir, "hardhat.config.ts")
+  const hardhatConfigJsPath = join(rootDir, "hardhat.config.js")
 
-  const hasFoundry = existsSync(foundryTomlPath);
-  const hasHardhatTs = existsSync(hardhatConfigTsPath);
-  const hasHardhatJs = existsSync(hardhatConfigJsPath);
-  const hasHardhat = hasHardhatTs || hasHardhatJs;
+  const hasFoundry = existsSync(foundryTomlPath)
+  const hasHardhatTs = existsSync(hardhatConfigTsPath)
+  const hasHardhatJs = existsSync(hardhatConfigJsPath)
+  const hasHardhat = hasHardhatTs || hasHardhatJs
 
   // Determine project type
-  let type: "foundry" | "hardhat" | "mixed" | "unknown";
+  let type: "foundry" | "hardhat" | "mixed" | "unknown"
   if (hasFoundry && hasHardhat) {
-    type = "mixed";
+    type = "mixed"
   } else if (hasFoundry) {
-    type = "foundry";
+    type = "foundry"
   } else if (hasHardhat) {
-    type = "hardhat";
+    type = "hardhat"
   } else {
-    type = "unknown";
+    type = "unknown"
   }
 
-  // Default values
-  let srcDir = "src";
-  let testDir = "test";
-  let solcVersion: string | undefined;
-  let remappings: string[] = [];
-  let viaIr = false;
+  let srcDir = "src"
+  let testDir = "test"
+  let solcVersion: string | undefined
+  let remappings: string[] = []
+  let viaIr = false
+  let optimizer: { enabled: boolean; runs?: number } | undefined
+  let evmVersion: string | undefined
+  let profiles: string[] | undefined
+  let outDir: string | undefined
 
-  // Parse Foundry config if present
   if (hasFoundry) {
-    const foundryConfig = await parseFoundryToml(foundryTomlPath);
-    srcDir = foundryConfig.srcDir || srcDir;
-    testDir = foundryConfig.testDir || testDir;
-    solcVersion = foundryConfig.solcVersion;
-    remappings = foundryConfig.remappings;
-    viaIr = foundryConfig.viaIr;
+    const foundryConfig = await parseFoundryToml(foundryTomlPath)
+    srcDir = foundryConfig.srcDir || srcDir
+    testDir = foundryConfig.testDir || testDir
+    solcVersion = foundryConfig.solcVersion
+    remappings = foundryConfig.remappings
+    viaIr = foundryConfig.viaIr
+    optimizer = foundryConfig.optimizer
+    evmVersion = foundryConfig.evmVersion
+    profiles = foundryConfig.profiles
+    outDir = foundryConfig.outDir
+  }
+
+  const remappingsFromTxt = parseRemappingsTxt(rootDir)
+  if (remappingsFromTxt.length > 0 && remappings.length === 0) {
+    remappings = remappingsFromTxt
   }
 
-  // Set Hardhat defaults if it's a Hardhat project
   if (hasHardhat && !hasFoundry) {
-    srcDir = "contracts";
+    srcDir = "contracts"
   }
 
+  const isUpgradeable = existsSync(join(rootDir, ".openzeppelin"))
+
+  const { dependencies, devDependencies } = await parsePackageJson(rootDir)
+
   return {
     type,
     srcDir,
@@ -69,77 +94,141 @@ export async function detectProject(dir: string): Promise<ProjectConfig> {
     remappings,
     viaIr,
     rootDir,
-  };
+    optimizer,
+    evmVersion,
+    profiles,
+    hasHardhat,
+    hasFoundry,
+    dependencies,
+    devDependencies,
+    isUpgradeable,
+    outDir,
+    dependencyRisks: scanDependencyRisks({ dependencies, devDependencies }),
+  }
 }
 
 /**
  * Parses foundry.toml file using regex-based parsing
  */
-async function parseFoundryToml(
-  filePath: string
-): Promise<{
-  srcDir?: string;
-  testDir?: string;
-  solcVersion?: string;
-  remappings: string[];
-  viaIr: boolean;
-}> {
-  const content = await Bun.file(filePath).text();
+interface FoundryTomlResult {
+  srcDir?: string
+  testDir?: string
+  solcVersion?: string
+  remappings: string[]
+  viaIr: boolean
+  optimizer?: { enabled: boolean; runs?: number }
+  evmVersion?: string
+  profiles?: string[]
+  outDir?: string
+}
 
-  const result = {
-    srcDir: undefined as string | undefined,
-    testDir: undefined as string | undefined,
-    solcVersion: undefined as string | undefined,
-    remappings: [] as string[],
+async function parseFoundryToml(filePath: string): Promise<FoundryTomlResult> {
+  const content = await Bun.file(filePath).text()
+
+  const result: FoundryTomlResult = {
+    srcDir: undefined,
+    testDir: undefined,
+    solcVersion: undefined,
+    remappings: [],
     viaIr: false,
-  };
+  }
+
+  const profileNames = Array.from(content.matchAll(/\[profile\.(\w+)\]/g), (m) => m[1]).filter(
+    (name): name is string => Boolean(name),
+  )
+  if (profileNames.length > 0) {
+    result.profiles = profileNames
+  }
 
-  // Extract [profile.default] section - stop at next section or EOF
-  const profileDefaultMatch = content.match(
-    /\[profile\.default\]([\s\S]*?)(?:\n\[|$)/
-  );
+  const profileDefaultMatch = content.match(/\[profile\.default\]([\s\S]*?)(?:\n\[|$)/)
   if (!profileDefaultMatch || !profileDefaultMatch[1]) {
-    return result;
+    return result
+  }
+
+  const profileSection = profileDefaultMatch[1]
+
+  const srcMatch = profileSection.match(/^\s*src\s*=\s*["']([^"']+)["']/m)
+  if (srcMatch?.[1]) {
+    result.srcDir = srcMatch[1]
   }
 
-  const profileSection = profileDefaultMatch[1];
+  const testMatch = profileSection.match(/^\s*test\s*=\s*["']([^"']+)["']/m)
+  if (testMatch?.[1]) {
+    result.testDir = testMatch[1]
+  }
+
+  const solcMatch = profileSection.match(/^\s*solc\s*=\s*["']([^"']+)["']/m)
+  if (solcMatch?.[1]) {
+    result.solcVersion = solcMatch[1]
+  }
 
-  // Parse src = "..."
-  const srcMatch = profileSection.match(/^\s*src\s*=\s*["']([^"']+)["']/m);
-  if (srcMatch && srcMatch[1]) {
-    result.srcDir = srcMatch[1];
+  const viaIrMatch = profileSection.match(/^\s*via[_-]ir\s*=\s*(true|false)/m)
+  if (viaIrMatch?.[1] === "true") {
+    result.viaIr = true
   }
 
-  // Parse test = "..."
-  const testMatch = profileSection.match(/^\s*test\s*=\s*["']([^"']+)["']/m);
-  if (testMatch && testMatch[1]) {
-    result.testDir = testMatch[1];
+  const optimizerMatch = profileSection.match(/^\s*optimizer\s*=\s*(true|false)/m)
+  if (optimizerMatch?.[1]) {
+    const enabled = optimizerMatch[1] === "true"
+    const runsMatch = profileSection.match(/^\s*optimizer_runs\s*=\s*(\d+)/m)
+    result.optimizer = {
+      enabled,
+      runs: runsMatch?.[1] ? parseInt(runsMatch[1], 10) : undefined,
+    }
   }
 
-  // Parse solc = "..."
-  const solcMatch = profileSection.match(/^\s*solc\s*=\s*["']([^"']+)["']/m);
-  if (solcMatch && solcMatch[1]) {
-    result.solcVersion = solcMatch[1];
+  const evmMatch = profileSection.match(/^\s*evm_version\s*=\s*["']([^"']+)["']/m)
+  if (evmMatch?.[1]) {
+    result.evmVersion = evmMatch[1]
   }
 
-  // Parse via_ir = true/false
-  const viaIrMatch = profileSection.match(/^\s*via[_-]ir\s*=\s*(true|false)/m);
-  if (viaIrMatch && viaIrMatch[1] === "true") {
-    result.viaIr = true;
+  const outMatch = profileSection.match(/^\s*out\s*=\s*["']([^"']+)["']/m)
+  if (outMatch?.[1]) {
+    result.outDir = outMatch[1]
   }
 
-  // Parse remappings array - handles both single line and multiline
-  const remappingsMatch = profileSection.match(
-    /remappings\s*=\s*\[([\s\S]*?)\]/
-  );
-  if (remappingsMatch && remappingsMatch[1]) {
-    const remappingsContent = remappingsMatch[1];
-    // Extract quoted strings from the array
-    const remappingMatches = remappingsContent.match(/["']([^"']+)["']/g);
+  const remappingsMatch = profileSection.match(/remappings\s*=\s*\[([\s\S]*?)\]/)
+  if (remappingsMatch?.[1]) {
+    const remappingMatches = remappingsMatch[1].match(/["']([^"']+)["']/g)
     if (remappingMatches) {
-      result.remappings = remappingMatches.map((m) => m.slice(1, -1));
+      result.remappings = remappingMatches.map((m) => m.slice(1, -1))
+    }
+  }
+
+  return result
+}
+
+async function parsePackageJson(rootDir: string): Promise<{
+  dependencies?: Record<string, string>
+  devDependencies?: Record<string, string>
+}> {
+  const pkgPath = join(rootDir, "package.json")
+  if (!existsSync(pkgPath)) {
+    return {}
+  }
+  try {
+    const content = JSON.parse(await Bun.file(pkgPath).text())
+    return {
+      dependencies: content.dependencies,
+      devDependencies: content.devDependencies,
     }
+  } catch {
+    return {}
   }
+}
 
-  return result;
+function parseRemappingsTxt(rootDir: string): string[] {
+  const remappingsPath = join(rootDir, "remappings.txt")
+  if (!existsSync(remappingsPath)) {
+    return []
+  }
+  try {
+    const content = require("node:fs").readFileSync(remappingsPath, "utf-8")
+    return content
+      .split("\n")
+      .map((line: string) => line.trim())
+      .filter((line: string) => line.length > 0)
+  } catch {
+    return []
+  }
 }

package/src/utils/solidity-parser.ts

@@ -1,22 +1,72 @@
-import type { ContractProfile } from "../state/types";
+import type { ContractProfile } from "../state/types"
 
 interface ABIFunction {
-  type: string;
-  name: string;
-  inputs?: Array<{ name: string; type: string }>;
-  outputs?: Array<{ name: string; type: string }>;
-  stateMutability?: string;
+  type: string
+  name: string
+  inputs?: Array<{ name: string; type: string }>
+  outputs?: Array<{ name: string; type: string }>
+  stateMutability?: string
 }
 
 interface StorageLayoutItem {
-  label: string;
-  type: string;
-  slot: string;
+  label: string
+  type: string
+  slot: string
 }
 
 interface StorageLayout {
-  storage: StorageLayoutItem[];
-  types: Record<string, { label: string }>;
+  storage: StorageLayoutItem[]
+  types: Record<string, { label: string }>
+}
+
+/**
+ * Extract the first JSON value from a string that may contain non-JSON
+ * prefix (e.g. forge table-format output, compilation progress).
+ * Falls back to the original string if no JSON delimiter is found.
+ */
+function extractJson(raw: string, opener: "[" | "{"): string {
+  const _closer = opener === "[" ? "]" : "}"
+  const start = raw.indexOf(opener)
+  if (start === -1) return raw
+
+  let depth = 0
+  let inString = false
+  let escaped = false
+
+  for (let i = start; i < raw.length; i++) {
+    const ch = raw.charAt(i)
+
+    if (inString) {
+      if (escaped) {
+        escaped = false
+        continue
+      }
+      if (ch === "\\") {
+        escaped = true
+        continue
+      }
+      if (ch === '"') {
+        inString = false
+      }
+      continue
+    }
+
+    if (ch === '"') {
+      inString = true
+      continue
+    }
+
+    if (ch === "{" || ch === "[") {
+      depth++
+    } else if (ch === "}" || ch === "]") {
+      depth--
+      if (depth === 0) {
+        return raw.slice(start, i + 1)
+      }
+    }
+  }
+
+  return raw
 }
 
 /**
@@ -27,7 +77,7 @@ interface StorageLayout {
  */
 export async function extractContractInfo(
   contractName: string,
-  projectDir: string
+  projectDir: string,
 ): Promise<ContractProfile> {
   const result: ContractProfile = {
     name: contractName,
@@ -38,89 +88,90 @@ export async function extractContractInfo(
     accessControlPattern: "none",
     externalCalls: [],
     riskIndicators: [],
-  };
+  }
 
   try {
     // Run forge inspect abi
-    const abiResult = Bun.spawnSync(
-      ["forge", "inspect", contractName, "abi"],
-      {
-        cwd: projectDir,
-        stdout: "pipe",
-        stderr: "pipe",
-      }
-    );
+    const abiResult = Bun.spawnSync(["forge", "inspect", contractName, "abi", "--json"], {
+      cwd: projectDir,
+      stdout: "pipe",
+      stderr: "pipe",
+      timeout: 15_000,
+    })
 
     if (!abiResult.success) {
-      const errorMsg = abiResult.stderr?.toString() || "Unknown error";
-      result.error = `Failed to inspect ABI: ${errorMsg}`;
-      return result;
+      const errorMsg = abiResult.stderr?.toString() || "Unknown error"
+      result.error = `Failed to inspect ABI: ${errorMsg}`
+      return result
     }
 
     // Run forge inspect storage-layout
     const storageResult = Bun.spawnSync(
-      ["forge", "inspect", contractName, "storage-layout"],
+      ["forge", "inspect", contractName, "storage-layout", "--json"],
       {
         cwd: projectDir,
         stdout: "pipe",
         stderr: "pipe",
-      }
-    );
+        timeout: 15_000,
+      },
+    )
 
     if (!storageResult.success) {
-      const errorMsg = storageResult.stderr?.toString() || "Unknown error";
-      result.error = `Failed to inspect storage layout: ${errorMsg}`;
-      return result;
+      const errorMsg = storageResult.stderr?.toString() || "Unknown error"
+      result.error = `Failed to inspect storage layout: ${errorMsg}`
+      return result
     }
 
     // Parse ABI
-    const abiOutput = abiResult.stdout?.toString() || "[]";
-    let abi: ABIFunction[] = [];
+    const abiRaw = abiResult.stdout?.toString() || "[]"
+    const abiOutput = extractJson(abiRaw, "[")
+    let abi: ABIFunction[] = []
     try {
-      abi = JSON.parse(abiOutput);
+      abi = JSON.parse(abiOutput)
     } catch (e) {
-      result.error = `Failed to parse ABI JSON: ${e instanceof Error ? e.message : "Unknown error"}`;
-      return result;
+      result.error = `Failed to parse ABI JSON: ${e instanceof Error ? e.message : "Unknown error"}`
+      return result
     }
 
     // Parse storage layout
-    const storageOutput = storageResult.stdout?.toString() || "{}";
-    let storageLayout: StorageLayout = { storage: [], types: {} };
+    const storageRaw = storageResult.stdout?.toString() || "{}"
+    const storageOutput = extractJson(storageRaw, "{")
+    let storageLayout: StorageLayout = { storage: [], types: {} }
     try {
-      storageLayout = JSON.parse(storageOutput);
+      storageLayout = JSON.parse(storageOutput)
     } catch (e) {
-      result.error = `Failed to parse storage layout JSON: ${e instanceof Error ? e.message : "Unknown error"}`;
-      return result;
+      result.error = `Failed to parse storage layout JSON: ${e instanceof Error ? e.message : "Unknown error"}`
+      return result
     }
 
     // Extract functions from ABI
-    const functions = abi.filter((item) => item.type === "function");
+    const functions = abi.filter((item) => item.type === "function")
     result.functions = functions.map((func) => ({
       name: func.name || "",
       visibility: mapStateMutabilityToVisibility(func.stateMutability || "nonpayable"),
       mutability: func.stateMutability || "nonpayable",
       modifiers: [],
-    }));
+    }))
 
     // Extract state variables from storage layout
     result.stateVars = storageLayout.storage.map((item) => {
-      const typeInfo = storageLayout.types[item.type];
-      const typeLabel = typeInfo?.label || item.type;
+      const typeInfo = storageLayout.types[item.type]
+      const typeLabel = typeInfo?.label || item.type
 
       return {
         name: item.label,
         type: typeLabel,
         visibility: "internal", // Default visibility for storage vars
-      };
-    });
+      }
+    })
 
     // Detect access control pattern
-    result.accessControlPattern = detectAccessControlPattern(result.functions);
+    result.accessControlPattern = detectAccessControlPattern(result.functions)
 
-    return result;
+    return result
   } catch (e) {
-    result.error = `Unexpected error: ${e instanceof Error ? e.message : "Unknown error"}`;
-    return result;
+    result.error = `Unexpected error: ${e instanceof Error ? e.message : "Unknown error"}`
+    return result
   }
 }
 
@@ -128,18 +179,16 @@ export async function extractContractInfo(
  * Map Solidity stateMutability to visibility
  * ABI doesn't directly specify visibility, so we infer from mutability
  */
-function mapStateMutabilityToVisibility(
-  stateMutability: string
-): string {
+function mapStateMutabilityToVisibility(stateMutability: string): string {
   switch (stateMutability) {
     case "pure":
     case "view":
-      return "view";
+      return "view"
     case "payable":
     case "nonpayable":
-      return "external";
+      return "external"
     default:
-      return "external";
+      return "external"
   }
 }
 
@@ -147,28 +196,24 @@ function mapStateMutabilityToVisibility(
  * Detect access control pattern from function names and signatures
  */
 function detectAccessControlPattern(
-  functions: Array<{ name: string; visibility: string; mutability: string; modifiers: string[] }>
+  functions: Array<{ name: string; visibility: string; mutability: string; modifiers: string[] }>,
 ): "ownable" | "access-control" | "custom" | "none" {
-  const functionNames = functions.map((f) => f.name.toLowerCase());
+  const functionNames = functions.map((f) => f.name.toLowerCase())
 
   // Check for Ownable pattern
   if (functionNames.includes("owner") || functionNames.includes("transferownership")) {
-    return "ownable";
+    return "ownable"
   }
 
   // Check for AccessControl pattern (OpenZeppelin)
   if (functionNames.includes("hasrole") || functionNames.includes("grantrole")) {
-    return "access-control";
+    return "access-control"
   }
 
   // Check for custom access control patterns
-  if (
-    functionNames.some((name) =>
-      name.includes("onlyadmin") || name.includes("requireadmin")
-    )
-  ) {
-    return "custom";
+  if (functionNames.some((name) => name.includes("onlyadmin") || name.includes("requireadmin"))) {
+    return "custom"
   }
 
-  return "none";
+  return "none"
 }

package/src/utils/solodit-health.ts

@@ -0,0 +1,29 @@
+export interface SoloditHealthStatus {
+  reachable: boolean
+  enabled: boolean
+  port: number
+  error?: string
+}
+
+export async function checkSoloditHealth(
+  port: number,
+  enabled: boolean,
+): Promise<SoloditHealthStatus> {
+  if (!enabled) {
+    return { reachable: false, enabled: false, port }
+  }
+
+  try {
+    const response = await fetch(`http://localhost:${port}/mcp`, {
+      signal: AbortSignal.timeout(2000),
+    })
+    return { reachable: response.ok, enabled: true, port }
+  } catch (error) {
+    return {
+      reachable: false,
+      enabled: true,
+      port,
+      error: error instanceof Error ? error.message : "Unknown error",
+    }
+  }
+}