solidity-argus 0.2.0 → 0.3.0

package/src/tools/solodit-search-tool.ts

@@ -1,43 +1,47 @@
-import { tool, type ToolContext } from "@opencode-ai/plugin";
+import type { ToolDefinition } from "@opencode-ai/plugin"
+import { type ToolContext, tool } from "@opencode-ai/plugin"
+import { createLogger } from "../shared/logger"
 
-const SOLODIT_MCP_SERVER = "solodit-mcp";
-const SOLODIT_MCP_TOOL = "search_findings";
-const DEFAULT_LIMIT = 10;
-const DEFAULT_SOLODIT_PORT = 3000;
-const SOLODIT_HTTP_TIMEOUT_MS = 10_000;
+const logger = createLogger()
+
+const SOLODIT_MCP_SERVER = "solodit-mcp"
+const SOLODIT_MCP_TOOLS = ["search", "search_findings"] as const
+const DEFAULT_LIMIT = 10
+const DEFAULT_SOLODIT_PORT = 3000
+const SOLODIT_HTTP_TIMEOUT_MS = 10_000
 
 type SoloditSearchArgs = {
-  query: string;
-  severity?: string[];
-  limit?: number;
-};
+  query: string
+  severity?: string[]
+  limit?: number
+}
 
 type SoloditFinding = {
-  title: string;
-  severity: string;
-  description: string;
-  protocol: string;
-  url: string;
-  remediation: string;
-};
+  title: string
+  severity: string
+  description: string
+  protocol: string
+  url: string
+  remediation: string
+}
 
 export type SoloditSearchResult = {
-  results: SoloditFinding[];
-  totalFound: number;
-  query: string;
-  error?: string;
-};
+  results: SoloditFinding[]
+  totalFound: number
+  query: string
+  error?: string
+}
 
 export type CallMcpTool = (
   server: string,
   tool: string,
-  args: Record<string, unknown>
-) => Promise<unknown>;
+  args: Record<string, unknown>,
+) => Promise<unknown>
 
-type McpCapableContext = ToolContext & { callMcpTool: CallMcpTool };
+type McpCapableContext = ToolContext & { callMcpTool: CallMcpTool }
 
 function hasMcpCapability(ctx: ToolContext): ctx is McpCapableContext {
-  return "callMcpTool" in ctx;
+  return "callMcpTool" in ctx
 }
 
 function parseFinding(raw: unknown): SoloditFinding {
@@ -49,161 +53,254 @@ function parseFinding(raw: unknown): SoloditFinding {
       protocol: "",
       url: "",
       remediation: "",
-    };
+    }
   }
 
-  const obj = raw as Record<string, unknown>;
+  const obj = raw as Record<string, unknown>
   return {
-    title: typeof obj["title"] === "string" ? obj["title"] : "",
-    severity: typeof obj["severity"] === "string" ? obj["severity"] : "",
-    description: typeof obj["description"] === "string" ? obj["description"] : "",
-    protocol: typeof obj["protocol"] === "string" ? obj["protocol"] : "",
-    url: typeof obj["url"] === "string" ? obj["url"] : "",
-    remediation: typeof obj["remediation"] === "string" ? obj["remediation"] : "",
-  };
+    title: typeof obj.title === "string" ? obj.title : "",
+    severity: typeof obj.severity === "string" ? obj.severity : "",
+    description: typeof obj.description === "string" ? obj.description : "",
+    protocol: typeof obj.protocol === "string" ? obj.protocol : "",
+    url: typeof obj.url === "string" ? obj.url : "",
+    remediation: typeof obj.remediation === "string" ? obj.remediation : "",
+  }
 }
 
 function parseFindings(response: unknown): SoloditFinding[] {
   if (!Array.isArray(response)) {
-    return [];
+    return []
+  }
+  return response.map(parseFinding)
+}
+
+function parseFindingsFromAnyResponse(response: unknown): SoloditFinding[] {
+  const direct = parseFindings(response)
+  if (direct.length > 0) return direct
+
+  if (typeof response === "object" && response !== null) {
+    const findings = (response as Record<string, unknown>).findings
+    if (Array.isArray(findings)) return findings.map(parseFinding)
+  }
+
+  return extractFindingsFromMcpResponse(response)
+}
+
+function hasMcpError(response: unknown): boolean {
+  if (typeof response !== "object" || response === null) return false
+  const obj = response as Record<string, unknown>
+  return "error" in obj
+}
+
+function normalizeImpacts(
+  severity?: string[],
+): Array<"HIGH" | "MEDIUM" | "LOW" | "GAS"> | undefined {
+  if (!severity || severity.length === 0) return undefined
+  const allowed = new Set(["HIGH", "MEDIUM", "LOW", "GAS"] as const)
+  const impacts = severity
+    .map((s) => s.toUpperCase())
+    .filter((s): s is "HIGH" | "MEDIUM" | "LOW" | "GAS" =>
+      allowed.has(s as "HIGH" | "MEDIUM" | "LOW" | "GAS"),
+    )
+  return impacts.length > 0 ? impacts : undefined
+}
+
+function buildMcpArgs(
+  toolName: (typeof SOLODIT_MCP_TOOLS)[number],
+  query: string,
+  limit: number,
+  severity?: string[],
+): Record<string, unknown> {
+  if (toolName === "search") {
+    return { keywords: query }
+  }
+
+  const impact = normalizeImpacts(severity)
+  return {
+    keywords: query,
+    ...(impact ? { impact } : {}),
+    pageSize: limit,
   }
-  return response.map(parseFinding);
+}
+
+function filterFindingsBySeverity(
+  findings: SoloditFinding[],
+  severities?: string[],
+): SoloditFinding[] {
+  if (!severities || severities.length === 0) return findings
+
+  const allowed = new Set(severities.map((s) => s.toLowerCase()))
+  return findings.filter((finding) => allowed.has(finding.severity.toLowerCase()))
 }
 
 function parseSseData(body: string): unknown {
   for (const line of body.split("\n")) {
     if (line.startsWith("data: ")) {
       try {
-        return JSON.parse(line.slice(6));
-      } catch {
-        continue;
-      }
+        return JSON.parse(line.slice(6))
+      } catch {}
     }
   }
   try {
-    return JSON.parse(body);
+    return JSON.parse(body)
   } catch {
-    return null;
+    return null
   }
 }
 
 function extractFindingsFromMcpResponse(envelope: unknown): SoloditFinding[] {
-  if (typeof envelope !== "object" || envelope === null) return [];
-  const result = (envelope as Record<string, unknown>).result;
-  if (typeof result !== "object" || result === null) return [];
+  if (typeof envelope !== "object" || envelope === null) return []
+  const result = (envelope as Record<string, unknown>).result
+  if (typeof result !== "object" || result === null) return []
 
-  const structured = (result as Record<string, unknown>).structuredContent;
+  const structured = (result as Record<string, unknown>).structuredContent
   const reportsJson =
     typeof structured === "object" && structured !== null
       ? (structured as Record<string, unknown>).reportsJSON
-      : undefined;
+      : undefined
 
   if (typeof reportsJson === "string") {
     try {
-      const parsed = JSON.parse(reportsJson);
-      if (Array.isArray(parsed)) return parsed.map(parseFinding);
-    } catch { /* fall through */ }
+      const parsed = JSON.parse(reportsJson)
+      if (Array.isArray(parsed)) return parsed.map(parseFinding)
+    } catch {
+      logger.debug("Failed to parse Solodit structured response")
+    }
   }
 
-  const content = (result as Record<string, unknown>).content;
+  const content = (result as Record<string, unknown>).content
   if (Array.isArray(content) && content.length > 0) {
-    const first = content[0] as Record<string, unknown> | undefined;
+    const first = content[0] as Record<string, unknown> | undefined
     if (typeof first?.text === "string") {
       try {
-        const parsed = JSON.parse(first.text);
-        if (Array.isArray(parsed)) return parsed.map(parseFinding);
-      } catch { /* fall through */ }
+        const parsed = JSON.parse(first.text)
+        if (Array.isArray(parsed)) return parsed.map(parseFinding)
+      } catch {
+        logger.debug("Failed to parse Solodit content text")
+      }
     }
   }
 
-  return [];
+  return []
 }
 
 async function callSoloditHttp(
   query: string,
   limit: number,
+  severities?: string[],
   port: number = DEFAULT_SOLODIT_PORT,
 ): Promise<SoloditSearchResult> {
-  try {
-    const response = await fetch(`http://localhost:${port}/mcp`, {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        Accept: "application/json, text/event-stream",
-      },
-      body: JSON.stringify({
-        jsonrpc: "2.0",
-        method: "tools/call",
-        params: { name: "search", arguments: { keywords: query } },
-        id: 1,
-      }),
-      signal: AbortSignal.timeout(SOLODIT_HTTP_TIMEOUT_MS),
-    });
-
-    if (!response.ok) {
-      return { results: [], totalFound: 0, query, error: `Solodit HTTP ${response.status}` };
-    }
+  let lastError: string | undefined
+
+  for (const toolName of SOLODIT_MCP_TOOLS) {
+    try {
+      const response = await fetch(`http://localhost:${port}/mcp`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          Accept: "application/json, text/event-stream",
+        },
+        body: JSON.stringify({
+          jsonrpc: "2.0",
+          method: "tools/call",
+          params: { name: toolName, arguments: buildMcpArgs(toolName, query, limit, severities) },
+          id: 1,
+        }),
+        signal: AbortSignal.timeout(SOLODIT_HTTP_TIMEOUT_MS),
+      })
 
-    const body = await response.text();
-    const envelope = parseSseData(body);
-    const findings = extractFindingsFromMcpResponse(envelope);
+      if (!response.ok) {
+        lastError = `Solodit HTTP ${response.status}`
+        continue
+      }
+
+      const body = await response.text()
+      const envelope = parseSseData(body)
+
+      if (hasMcpError(envelope)) {
+        continue
+      }
 
-    return { results: findings.slice(0, limit), totalFound: findings.length, query };
-  } catch (error) {
-    const message = error instanceof Error ? error.message : "Unknown error";
-    return { results: [], totalFound: 0, query, error: `Solodit MCP unreachable: ${message}` };
+      const findings = filterFindingsBySeverity(parseFindingsFromAnyResponse(envelope), severities)
+
+      return { results: findings.slice(0, limit), totalFound: findings.length, query }
+    } catch (error) {
+      const message = error instanceof Error ? error.message : "Unknown error"
+      lastError = `Solodit MCP unreachable: ${message}`
+    }
   }
+
+  return { results: [], totalFound: 0, query, error: lastError ?? "Solodit MCP call failed" }
 }
 
 export async function executeSoloditSearch(
   args: SoloditSearchArgs,
   context: ToolContext,
-  callMcpTool?: CallMcpTool
+  callMcpTool?: CallMcpTool,
+  port: number = DEFAULT_SOLODIT_PORT,
 ): Promise<SoloditSearchResult> {
-  const { query } = args;
-  const limit = args.limit ?? DEFAULT_LIMIT;
+  const { query } = args
+  const limit = args.limit ?? DEFAULT_LIMIT
 
-  context.metadata({ title: `Solodit search: ${query}` });
+  context.metadata({ title: `Solodit search: ${query}` })
 
-  const mcpCaller =
-    callMcpTool ?? (hasMcpCapability(context) ? context.callMcpTool : undefined);
+  const mcpCaller = callMcpTool ?? (hasMcpCapability(context) ? context.callMcpTool : undefined)
 
   if (!mcpCaller) {
-    return callSoloditHttp(query, limit);
+    return callSoloditHttp(query, limit, args.severity, port)
   }
 
-  try {
-    const mcpArgs: Record<string, unknown> = { query, limit };
+  let hadMcpError = false
+  for (const toolName of SOLODIT_MCP_TOOLS) {
+    try {
+      const response = await mcpCaller(
+        SOLODIT_MCP_SERVER,
+        toolName,
+        buildMcpArgs(toolName, query, limit, args.severity),
+      )
 
-    if (args.severity && args.severity.length > 0) {
-      mcpArgs.filters = { severity: args.severity };
-    }
+      if (hasMcpError(response)) {
+        hadMcpError = true
+        continue
+      }
 
-    const response = await mcpCaller(SOLODIT_MCP_SERVER, SOLODIT_MCP_TOOL, mcpArgs);
-    const findings = parseFindings(response);
+      const findings = filterFindingsBySeverity(
+        parseFindingsFromAnyResponse(response),
+        args.severity,
+      )
 
-    return {
-      results: findings,
-      totalFound: findings.length,
-      query,
-    };
-  } catch {
-    // MCP bridge failed (upstream crash, connection error, etc.)
-    // Fall through to HTTP fallback before giving up
-    return callSoloditHttp(query, limit);
+      return {
+        results: findings.slice(0, limit),
+        totalFound: findings.length,
+        query,
+      }
+    } catch {
+      hadMcpError = true
+    }
+  }
+
+  const fallback = await callSoloditHttp(query, limit, args.severity, port)
+  if (fallback.error || hadMcpError) {
+    return fallback
   }
+
+  return fallback
+}
+
+export function createSoloditSearchTool(port: number = DEFAULT_SOLODIT_PORT): ToolDefinition {
+  return tool({
+    description:
+      "Search Solodit audit findings database for known vulnerabilities and past audit results via the Solodit MCP server.",
+    args: {
+      query: tool.schema.string(),
+      severity: tool.schema.array(tool.schema.string()).optional(),
+      limit: tool.schema.number().optional(),
+    },
+    async execute(args, context) {
+      const result = await executeSoloditSearch(args, context, undefined, port)
+      return JSON.stringify(result)
+    },
+  })
 }
 
-export const soloditSearchTool = tool({
-  description:
-    "Search Solodit audit findings database for known vulnerabilities and past audit results via the Solodit MCP server.",
-  args: {
-    query: tool.schema.string(),
-    severity: tool.schema.array(tool.schema.string()).optional(),
-    limit: tool.schema.number().optional(),
-  },
-  async execute(args, context) {
-    const result = await executeSoloditSearch(args, context);
-    return JSON.stringify(result);
-  },
-});
+export const soloditSearchTool = createSoloditSearchTool()

package/src/tools/sync-knowledge-tool.ts

@@ -1,10 +1,11 @@
 import os from "node:os"
 import path from "node:path"
-import { tool, type ToolContext } from "@opencode-ai/plugin"
-import { ScvdClient } from "../knowledge/scvd-client"
-import { syncAll, syncIncremental, type SyncResult } from "../knowledge/scvd-sync"
+import { type ToolContext, tool } from "@opencode-ai/plugin"
 import { loadArgusConfig } from "../config/loader"
 import type { ArgusConfig } from "../config/types"
+import { ScvdClient } from "../knowledge/scvd-client"
+import { type SyncResult, syncAll, syncIncremental } from "../knowledge/scvd-sync"
+import { resolveProjectDir } from "../shared/project-utils"
 
 type SyncKnowledgeArgs = {
   force?: boolean
@@ -62,14 +63,14 @@ function toErrorMessage(error: unknown): string {
 export async function executeSyncKnowledge(
   args: SyncKnowledgeArgs,
   context: ToolContext,
-  deps: SyncKnowledgeDependencies = {}
+  deps: SyncKnowledgeDependencies = {},
 ): Promise<SyncKnowledgeResult> {
   const dependencies = { ...defaultDependencies(), ...deps }
 
   context.metadata({ title: "Syncing SCVD knowledge index..." })
 
   try {
-    const projectDir = context.directory ?? context.worktree ?? process.cwd()
+    const projectDir = resolveProjectDir(context)
     const argusConfig = dependencies.loadConfig(projectDir)
 
     if (!argusConfig.knowledge?.scvd?.enabled) {
@@ -81,12 +82,7 @@ export async function executeSyncKnowledge(
     }
 
     const apiUrl = argusConfig.knowledge?.scvd?.apiUrl ?? DEFAULT_SCVD_API_URL
-    const indexPath = path.join(
-      os.homedir(),
-      ".cache",
-      "solidity-argus",
-      "scvd-index.json"
-    )
+    const indexPath = path.join(os.homedir(), ".cache", "solidity-argus", "scvd-index.json")
 
     const client = dependencies.createClient(apiUrl, context.abort)
     const result = args.force

package/src/utils/audit-artifact-detector.ts

@@ -1,10 +1,13 @@
-import { existsSync, readdirSync } from "fs";
-import { join } from "path";
+import { existsSync, readdirSync } from "node:fs"
+import { join } from "node:path"
+import { createLogger } from "../shared/logger"
+
+const logger = createLogger()
 
 export interface AuditArtifact {
-  type: "audit-report" | "slither-output" | "deployment-artifact" | "security-tool-output";
-  path: string;
-  name: string;
+  type: "audit-report" | "slither-output" | "deployment-artifact" | "security-tool-output"
+  path: string
+  name: string
 }
 
 /**
@@ -13,17 +16,17 @@ export interface AuditArtifact {
  * @returns Array of detected audit artifacts
  */
 export function detectAuditArtifacts(projectDir: string): AuditArtifact[] {
-  const artifacts: AuditArtifact[] = [];
+  const artifacts: AuditArtifact[] = []
 
   if (!existsSync(projectDir)) {
-    return artifacts;
+    return artifacts
   }
 
   try {
-    const entries = readdirSync(projectDir, { withFileTypes: true });
+    const entries = readdirSync(projectDir, { withFileTypes: true })
 
     for (const entry of entries) {
-      const fullPath = join(projectDir, entry.name);
+      const fullPath = join(projectDir, entry.name)
 
       // Check directories
       if (entry.isDirectory()) {
@@ -33,8 +36,8 @@ export function detectAuditArtifacts(projectDir: string): AuditArtifact[] {
             type: "audit-report",
             path: fullPath,
             name: entry.name,
-          });
-          continue;
+          })
+          continue
         }
 
         // Deployment artifact directories
@@ -43,28 +46,28 @@ export function detectAuditArtifacts(projectDir: string): AuditArtifact[] {
             type: "deployment-artifact",
             path: fullPath,
             name: entry.name,
-          });
-          continue;
+          })
+          continue
         }
 
         // docs/audit* directories
         if (entry.name === "docs") {
           try {
-            const docsEntries = readdirSync(fullPath, { withFileTypes: true });
+            const docsEntries = readdirSync(fullPath, { withFileTypes: true })
             for (const docsEntry of docsEntries) {
               if (docsEntry.isDirectory() && docsEntry.name.startsWith("audit")) {
                 artifacts.push({
                   type: "audit-report",
                   path: join(fullPath, docsEntry.name),
                   name: docsEntry.name,
-                });
+                })
               }
             }
           } catch {
-            // Ignore errors reading docs directory
+            logger.debug("Failed to read docs directory for audit artifacts")
           }
         }
-        continue;
+        continue
       }
 
       // Check files
@@ -78,8 +81,8 @@ export function detectAuditArtifacts(projectDir: string): AuditArtifact[] {
             type: "audit-report",
             path: fullPath,
             name: entry.name,
-          });
-          continue;
+          })
+          continue
         }
 
         // Slither output files
@@ -92,28 +95,24 @@ export function detectAuditArtifacts(projectDir: string): AuditArtifact[] {
             type: "slither-output",
             path: fullPath,
             name: entry.name,
-          });
-          continue;
+          })
+          continue
         }
 
         // Security tool output files
-        if (
-          /^mythril-report.*/.test(entry.name) ||
-          /^securify-report.*/.test(entry.name)
-        ) {
+        if (/^mythril-report.*/.test(entry.name) || /^securify-report.*/.test(entry.name)) {
           artifacts.push({
             type: "security-tool-output",
             path: fullPath,
             name: entry.name,
-          });
-          continue;
+          })
         }
       }
     }
   } catch {
     // Return empty array if directory cannot be read
-    return [];
+    return []
   }
 
-  return artifacts;
+  return artifacts
 }