solidity-argus 0.2.0 → 0.3.2

package/src/solodit-lifecycle.ts

@@ -0,0 +1,203 @@
+import { withRetry } from "./knowledge/retry"
+import { createLogger } from "./shared/logger"
+import { checkSoloditHealth } from "./utils/solodit-health"
+
+interface SoloditChildProcess {
+  kill(signal?: number): void
+  unref(): void
+  readonly exited: Promise<number | null>
+}
+
+let soloditChild: SoloditChildProcess | null = null
+let monitorTimer: ReturnType<typeof setInterval> | null = null
+let isRestarting = false
+
+/** Whether the Solodit MCP server is currently available for tool calls. */
+export let soloditAvailable = false
+
+const DEFAULT_RESTART_SETTLE_MS = 2_000
+const DEFAULT_RETRY_BASE_DELAY_MS = 1_000
+const HEALTH_CHECK_INTERVAL_MS = 60_000
+
+let restartSettleMs = DEFAULT_RESTART_SETTLE_MS
+let retryBaseDelayMs = DEFAULT_RETRY_BASE_DELAY_MS
+
+const defaultSpawnFn = (port: number): SoloditChildProcess =>
+  Bun.spawn(["npx", "-y", "@lyuboslavlyubenov/solodit-mcp"], {
+    stdin: "ignore",
+    stdout: "ignore",
+    stderr: "ignore",
+    env: { ...process.env, PORT: String(port) },
+  })
+
+let spawnFn: (port: number) => SoloditChildProcess = defaultSpawnFn
+
+/** Override internal timing and spawn for testing. */
+export function _setTestConfig(config: {
+  restartSettleMs?: number
+  retryBaseDelayMs?: number
+  spawnFn?: (port: number) => SoloditChildProcess
+}): void {
+  if (config.restartSettleMs !== undefined) restartSettleMs = config.restartSettleMs
+  if (config.retryBaseDelayMs !== undefined) retryBaseDelayMs = config.retryBaseDelayMs
+  if (config.spawnFn !== undefined) spawnFn = config.spawnFn
+}
+
+function spawnSoloditChild(port: number): SoloditChildProcess {
+  const child = spawnFn(port)
+  child.unref()
+  return child
+}
+
+function trackChildExit(child: SoloditChildProcess): void {
+  const logger = createLogger()
+  child.exited.then((code) => {
+    if (code !== 0 && code !== null) {
+      logger.warn(`Solodit MCP exited with code ${code}`)
+    }
+    if (soloditChild === child) {
+      soloditChild = null
+    }
+  })
+}
+
+async function restartSoloditMcp(port: number): Promise<boolean> {
+  const logger = createLogger()
+
+  if (soloditChild) {
+    try {
+      soloditChild.kill()
+    } catch {
+      logger.debug("Solodit MCP process already dead")
+    }
+    soloditChild = null
+  }
+
+  try {
+    soloditChild = spawnSoloditChild(port)
+    trackChildExit(soloditChild)
+  } catch (err) {
+    logger.warn("Failed to spawn Solodit MCP:", err)
+    return false
+  }
+
+  await Bun.sleep(restartSettleMs)
+
+  const result = await withRetry(
+    async () => {
+      const health = await checkSoloditHealth(port, true)
+      if (!health.reachable) throw new Error("Solodit not reachable after restart")
+      return health
+    },
+    {
+      maxAttempts: 3,
+      baseDelayMs: retryBaseDelayMs,
+      shouldRetry: () => true,
+      onRetry: (attempt) => logger.debug(`Solodit restart health retry ${attempt}`),
+    },
+  )
+
+  if (result.success) {
+    soloditAvailable = true
+    logger.info("Solodit MCP restarted successfully")
+    return true
+  }
+
+  logger.warn("Solodit MCP restart failed — will retry next cycle")
+  return false
+}
+
+export async function _runMonitoringCycle(port: number): Promise<void> {
+  if (isRestarting) return
+  const logger = createLogger()
+  try {
+    const health = await checkSoloditHealth(port, true)
+    if (health.reachable) {
+      if (!soloditAvailable) {
+        soloditAvailable = true
+        logger.info("Solodit MCP recovered — now available")
+      }
+    } else if (soloditAvailable) {
+      soloditAvailable = false
+      logger.warn("Solodit MCP health check failed, attempting restart...")
+      isRestarting = true
+      try {
+        await restartSoloditMcp(port)
+      } finally {
+        isRestarting = false
+      }
+    }
+  } catch {
+    logger.debug("Monitoring cycle encountered an error")
+  }
+}
+
+function startMonitoring(port: number): void {
+  if (monitorTimer) return
+  monitorTimer = setInterval(() => {
+    _runMonitoringCycle(port)
+  }, HEALTH_CHECK_INTERVAL_MS)
+  if (monitorTimer && typeof (monitorTimer as NodeJS.Timeout).unref === "function") {
+    ;(monitorTimer as NodeJS.Timeout).unref()
+  }
+}
+
+/** Stop periodic health monitoring. */
+export function stopSoloditMonitoring(): void {
+  if (monitorTimer) {
+    clearInterval(monitorTimer)
+    monitorTimer = null
+  }
+}
+
+/** Reset all Solodit state — for testing only. */
+export function _resetSoloditState(): void {
+  stopSoloditMonitoring()
+  soloditAvailable = false
+  isRestarting = false
+  restartSettleMs = DEFAULT_RESTART_SETTLE_MS
+  retryBaseDelayMs = DEFAULT_RETRY_BASE_DELAY_MS
+  spawnFn = defaultSpawnFn
+  if (soloditChild) {
+    try {
+      soloditChild.kill()
+    } catch {
+      createLogger().debug("Failed to kill Solodit MCP on reset")
+    }
+    soloditChild = null
+  }
+}
+
+export async function startSoloditMcp(port: number): Promise<void> {
+  const logger = createLogger()
+
+  const health = await checkSoloditHealth(port, true)
+  if (health.reachable) {
+    logger.debug(`Solodit MCP already running on port ${port} — skipping spawn`)
+    soloditAvailable = true
+    startMonitoring(port)
+    return
+  }
+
+  soloditChild = spawnSoloditChild(port)
+  trackChildExit(soloditChild)
+
+  const deadline = AbortSignal.timeout(5000)
+  const delays = [1000, 2000]
+  for (const delay of delays) {
+    if (deadline.aborted) break
+    await Bun.sleep(delay)
+    if (deadline.aborted) break
+    const healthResult = await checkSoloditHealth(port, true)
+    if (healthResult.reachable) {
+      soloditAvailable = true
+      logger.debug(`Solodit MCP healthy on port ${port}`)
+      break
+    }
+  }
+  if (!soloditAvailable) {
+    logger.warn(`Solodit MCP not reachable after startup — monitoring will retry`)
+  }
+
+  startMonitoring(port)
+}

package/src/state/audit-state.ts

@@ -1,14 +1,14 @@
-import { randomUUID } from "crypto";
-import type { AuditState } from "./types";
-import { createFindingStore, type FindingStore } from "./finding-store";
+import { randomUUID } from "node:crypto"
+import { createFindingStore, type FindingStore } from "./finding-store"
+import type { AuditState } from "./types"
 
 /**
  * Factory function to create a new audit state instance (NOT singleton)
  * Each call creates a fresh state with a unique session ID
  */
 export function createAuditState(projectDir: string): {
-  state: AuditState;
-  store: FindingStore;
+  state: AuditState
+  store: FindingStore
 } {
   const state: AuditState = {
     sessionId: randomUUID(),
@@ -21,9 +21,9 @@ export function createAuditState(projectDir: string): {
     startTime: Date.now(),
     soloditResults: [],
     fuzzCounterexamples: [],
-  };
+  }
 
-  const store = createFindingStore(state);
+  const store = createFindingStore(state)
 
-  return { state, store };
+  return { state, store }
 }

package/src/state/finding-store.ts

@@ -1,84 +1,98 @@
-import type { Finding, FindingSeverity, AuditState } from "./types";
-import { createHash } from "crypto";
+import { createHash } from "node:crypto"
+import type { AuditState, Finding, FindingSeverity } from "./types"
 
 export interface FindingStore {
-  addFinding(finding: Omit<Finding, "id">): Finding;
-  getFindings(filter?: {
-    severity?: FindingSeverity;
-    source?: Finding["source"];
-  }): Finding[];
-  hasFinding(check: string, file: string, lines: [number, number]): boolean;
-  serialize(): string;
+  addFinding(finding: Omit<Finding, "id">): Finding
+  getFindings(filter?: { severity?: FindingSeverity; source?: Finding["source"] }): Finding[]
+  hasFinding(check: string, file: string, lines: [number, number]): boolean
+  serialize(): string
 }
 
 /**
  * Creates a finding store with deduplication by check+file+lines
  * Deduplication key: `${check}:${file}:${lines[0]}-${lines[1]}`
  */
+function isValidHydrationFinding(f: unknown): f is Finding {
+  if (typeof f !== "object" || f === null) return false
+  const obj = f as Record<string, unknown>
+  return (
+    typeof obj.check === "string" &&
+    obj.check.length > 0 &&
+    typeof obj.file === "string" &&
+    obj.file.length > 0 &&
+    Array.isArray(obj.lines) &&
+    obj.lines.length === 2 &&
+    typeof obj.lines[0] === "number" &&
+    typeof obj.lines[1] === "number"
+  )
+}
+
 export function createFindingStore(state: AuditState): FindingStore {
-  const findingMap = new Map<string, Finding>();
-
-  function generateId(
-    check: string,
-    file: string,
-    lines: [number, number]
-  ): string {
-    const key = `${check}:${file}:${lines[0]}-${lines[1]}`;
+  const findingMap = new Map<string, Finding>()
+
+  function generateId(check: string, file: string, lines: [number, number]): string {
+    const key = `${check}:${file}:${lines[0]}-${lines[1]}`
     // Use deterministic hash for stable IDs
-    return createHash("sha256").update(key).digest("hex").substring(0, 16);
+    return createHash("sha256").update(key).digest("hex").substring(0, 16)
+  }
+
+  // Hydrate findingMap from persisted state.findings
+  for (const f of state.findings) {
+    if (!isValidHydrationFinding(f)) continue
+    const id = generateId(f.check, f.file, f.lines)
+    if (!findingMap.has(id)) {
+      findingMap.set(id, { ...f, id })
+    }
   }
 
   function addFinding(finding: Omit<Finding, "id">): Finding {
-    const id = generateId(finding.check, finding.file, finding.lines);
+    const id = generateId(finding.check, finding.file, finding.lines)
 
     // Check if finding already exists (deduplication)
-    if (findingMap.has(id)) {
-      return findingMap.get(id)!;
+    const existing = findingMap.get(id)
+    if (existing) {
+      return existing
     }
 
     const newFinding: Finding = {
       ...finding,
       id,
-    };
+    }
 
-    findingMap.set(id, newFinding);
-    state.findings.push(newFinding);
+    findingMap.set(id, newFinding)
+    state.findings.push(newFinding)
 
-    return newFinding;
+    return newFinding
   }
 
   function getFindings(filter?: {
-    severity?: FindingSeverity;
-    source?: Finding["source"];
+    severity?: FindingSeverity
+    source?: Finding["source"]
   }): Finding[] {
     if (!filter) {
-      return Array.from(findingMap.values());
+      return Array.from(findingMap.values())
     }
 
     return Array.from(findingMap.values()).filter((finding) => {
       if (filter.severity && finding.severity !== filter.severity) {
-        return false;
+        return false
       }
       if (filter.source && finding.source !== filter.source) {
-        return false;
+        return false
       }
-      return true;
-    });
+      return true
+    })
   }
 
-  function hasFinding(
-    check: string,
-    file: string,
-    lines: [number, number]
-  ): boolean {
-    const id = generateId(check, file, lines);
-    return findingMap.has(id);
+  function hasFinding(check: string, file: string, lines: [number, number]): boolean {
+    const id = generateId(check, file, lines)
+    return findingMap.has(id)
   }
 
   function serialize(): string {
-    const findings = Array.from(findingMap.values());
-    const contractCount = state.contractsReviewed.length;
-    const findingCount = findings.length;
+    const findings = Array.from(findingMap.values())
+    const contractCount = state.contractsReviewed.length
+    const findingCount = findings.length
 
     // Count by severity
     const severityCounts: Record<FindingSeverity, number> = {
@@ -87,34 +101,33 @@ export function createFindingStore(state: AuditState): FindingStore {
       Medium: 0,
       Low: 0,
       Informational: 0,
-    };
+    }
 
     findings.forEach((finding) => {
-      severityCounts[finding.severity]++;
-    });
+      severityCounts[finding.severity]++
+    })
 
     // Build severity string
-    const severityParts: string[] = [];
+    const severityParts: string[] = []
     if (severityCounts.Critical > 0) {
-      severityParts.push(`${severityCounts.Critical} Critical`);
+      severityParts.push(`${severityCounts.Critical} Critical`)
     }
     if (severityCounts.High > 0) {
-      severityParts.push(`${severityCounts.High} High`);
+      severityParts.push(`${severityCounts.High} High`)
     }
     if (severityCounts.Medium > 0) {
-      severityParts.push(`${severityCounts.Medium} Medium`);
+      severityParts.push(`${severityCounts.Medium} Medium`)
     }
     if (severityCounts.Low > 0) {
-      severityParts.push(`${severityCounts.Low} Low`);
+      severityParts.push(`${severityCounts.Low} Low`)
     }
     if (severityCounts.Informational > 0) {
-      severityParts.push(`${severityCounts.Informational} Informational`);
+      severityParts.push(`${severityCounts.Informational} Informational`)
     }
 
-    const severityStr =
-      severityParts.length > 0 ? ` (${severityParts.join(", ")})` : "";
+    const severityStr = severityParts.length > 0 ? ` (${severityParts.join(", ")})` : ""
 
-    return `Contracts: ${contractCount}, Findings: ${findingCount}${severityStr}, Phase: ${state.currentPhase}`;
+    return `Contracts: ${contractCount}, Findings: ${findingCount}${severityStr}, Phase: ${state.currentPhase}`
   }
 
   return {
@@ -122,5 +135,5 @@ export function createFindingStore(state: AuditState): FindingStore {
     getFindings,
     hasFinding,
     serialize,
-  };
+  }
 }

package/src/state/types.ts

@@ -1,92 +1,113 @@
-export type FindingSeverity = "Critical" | "High" | "Medium" | "Low" | "Informational";
-export type AuditPhase = "reconnaissance" | "scanning" | "manual-review" | "attack-surface" | "research" | "testing" | "reporting" | "complete";
+export type FindingSeverity = "Critical" | "High" | "Medium" | "Low" | "Informational"
+export type AuditPhase =
+  | "reconnaissance"
+  | "scanning"
+  | "manual-review"
+  | "attack-surface"
+  | "research"
+  | "testing"
+  | "reporting"
+  | "complete"
 
 export interface Finding {
-  id: string; // unique hash: check+file+lines
-  check: string; // detector name e.g. "reentrancy-eth"
-  severity: FindingSeverity;
-  confidence: "High" | "Medium" | "Low";
-  description: string;
-  file: string; // relative file path
-  lines: [number, number]; // [start, end]
-  source: "slither" | "manual" | "pattern" | "scvd" | "solodit" | "fuzz";
-  remediation?: string;
-  exploitReference?: string;
+  id: string // unique hash: check+file+lines
+  check: string // detector name e.g. "reentrancy-eth"
+  severity: FindingSeverity
+  confidence: "High" | "Medium" | "Low"
+  description: string
+  file: string // relative file path
+  lines: [number, number] // [start, end]
+  source: "slither" | "manual" | "pattern" | "scvd" | "solodit" | "fuzz"
+  remediation?: string
+  exploitReference?: string
   provenance?: {
-    timestamp: number;
-    toolVersion?: string;
-    phase?: AuditPhase;
-  };
+    timestamp: number
+    toolVersion?: string
+    phase?: AuditPhase
+  }
 }
 
 export interface SoloditResult {
-  query: string;
-  timestamp: number;
-  resultCount: number;
+  query: string
+  timestamp: number
+  resultCount: number
   topResults: Array<{
-    title: string;
-    severity: string;
-    url: string;
-    protocol: string;
-  }>;
+    title: string
+    severity: string
+    url: string
+    protocol: string
+  }>
 }
 
 export interface FuzzCounterexample {
-  testName: string;
-  inputs: string[];
-  revertReason?: string;
-  runs: number;
-  seed?: number;
-  timestamp: number;
+  testName: string
+  inputs: string[]
+  revertReason?: string
+  runs: number
+  seed?: number
+  timestamp: number
 }
 
 export interface ContractProfile {
-  name: string;
-  filePath: string;
+  name: string
+  filePath: string
   functions: Array<{
-    name: string;
-    visibility: string;
-    mutability: string;
-    modifiers: string[];
-  }>;
+    name: string
+    visibility: string
+    mutability: string
+    modifiers: string[]
+  }>
   stateVars: Array<{
-    name: string;
-    type: string;
-    visibility: string;
-  }>;
-  inheritance: string[];
-  accessControlPattern?: "ownable" | "access-control" | "custom" | "none";
-  externalCalls: string[];
-  riskIndicators: string[];
-  error?: string;
+    name: string
+    type: string
+    visibility: string
+  }>
+  inheritance: string[]
+  accessControlPattern?: "ownable" | "access-control" | "custom" | "none"
+  externalCalls: string[]
+  riskIndicators: string[]
+  error?: string
 }
 
 export interface ToolExecution {
-  tool: string;
-  startTime: number;
-  endTime?: number;
-  success: boolean;
-  findingsCount: number;
+  tool: string
+  startTime: number
+  endTime?: number
+  success: boolean
+  findingsCount: number
 }
 
 export interface AuditState {
-  sessionId: string;
-  projectDir: string;
-  contractsReviewed: string[];
-  findings: Finding[];
-  toolsExecuted: ToolExecution[];
-  currentPhase: AuditPhase;
-  scope: string[];
-  startTime: number;
-  soloditResults?: SoloditResult[];
-  fuzzCounterexamples?: FuzzCounterexample[];
-  patternVersion?: string;
-  skillsLoaded?: string[];
-  unavailableTools?: string[];
+  sessionId: string
+  projectDir: string
+  contractsReviewed: string[]
+  findings: Finding[]
+  toolsExecuted: ToolExecution[]
+  currentPhase: AuditPhase
+  scope: string[]
+  startTime: number
+  soloditResults?: SoloditResult[]
+  fuzzCounterexamples?: FuzzCounterexample[]
+  patternVersion?: string
+  skillsLoaded?: string[]
+  unavailableTools?: string[]
+  reportGenerated?: boolean
+  knowledgeSynced?: { success: boolean; timestamp: number }
+  coverageReport?: {
+    files: Array<{
+      path: string
+      linesPct: number
+      statementsPct: number
+      branchesPct: number
+      functionsPct: number
+    }>
+  }
+  gasHotspots?: Array<{ contract: string; function: string; avgGas: number }>
+  proxyContracts?: Array<{ file: string; proxyType: string; indicators: string[] }>
 }
 
 export interface PersistentAuditState extends AuditState {
-  savedAt: number;
-  version: string;
-  filePath: string;
+  savedAt: number
+  version: string
+  filePath: string
 }

package/src/tools/argus-skill-load-tool.ts

@@ -1,6 +1,7 @@
-import { tool, type ToolContext } from "@opencode-ai/plugin"
+import { type ToolContext, tool } from "@opencode-ai/plugin"
 import { loadArgusConfig } from "../config/loader"
 import type { ArgusConfig } from "../config/types"
+import { resolveProjectDir } from "../shared/project-utils"
 import { normalizeSkillName, resolveArgusSkills } from "../skills/argus-skill-resolver"
 
 type ArgusSkillLoadArgs = {
@@ -15,9 +16,9 @@ type ArgusSkillLoadDependencies = {
 export async function executeArgusSkillLoad(
   args: ArgusSkillLoadArgs,
   context: ToolContext,
-  deps: ArgusSkillLoadDependencies = {}
+  deps: ArgusSkillLoadDependencies = {},
 ): Promise<string> {
-  const projectDir = context.directory ?? context.worktree ?? process.cwd()
+  const projectDir = resolveProjectDir(context)
   const loadConfig = deps.loadConfig ?? loadArgusConfig
   const resolveSkills = deps.resolveSkills ?? resolveArgusSkills
 
@@ -35,7 +36,7 @@ export async function executeArgusSkillLoad(
   if (!skill) {
     const available = Array.from(skills.keys()).sort().join(", ")
     throw new Error(
-      `Argus skill "${args.name}" not found (normalized: "${normalizedName}"). Available Argus skills: ${available || "none"}`
+      `Argus skill "${args.name}" not found (normalized: "${normalizedName}"). Available Argus skills: ${available || "none"}`,
     )
   }
 
@@ -44,7 +45,8 @@ export async function executeArgusSkillLoad(
   if (skill.source_url) provenanceParts.push(skill.source_url)
   if (skill.imported_at) provenanceParts.push(`Imported: ${skill.imported_at}`)
 
-  const provenanceLine = provenanceParts.length > 0 ? `[Provenance: ${provenanceParts.join(" | ")}]` : ""
+  const provenanceLine =
+    provenanceParts.length > 0 ? `[Provenance: ${provenanceParts.join(" | ")}]` : ""
 
   return [
     `## Argus Skill: ${skill.name} [Source: ${skill.source}]`,
@@ -61,11 +63,14 @@ export async function executeArgusSkillLoad(
 }
 
 export const argusSkillLoadTool = tool({
-  description: "Load Argus security skill content with OMO-compatible discovery and native fallback.",
+  description:
+    "Load Argus security skill content with OMO-compatible discovery and native fallback.",
   args: {
     name: tool.schema
       .string()
-      .describe("Skill name (e.g., reentrancy, oracle-manipulation, or vulnerability-patterns/reentrancy)."),
+      .describe(
+        "Skill name (e.g., reentrancy, oracle-manipulation, or vulnerability-patterns/reentrancy).",
+      ),
   },
   async execute(args, context) {
     return executeArgusSkillLoad(args, context)